# (cg) Certain binaries build in this package are no longer wanted or are now # provided by other packages (e.g. coreutils, util-linux or passwd) %define unwanted chfn chsh expiry groups login passwd porttime su suauth faillog logoutd nologin chgpasswd getspnam # (cg) Some localised man pages are provided by the man-pages package rather # than here so kill them off # (Question: why?? See "urpmf share.*man.*/XXXX\\." where XXXX is one of the below) %define unwanted_i18n_mans sg shadow Name: shadow-utils Version: 4.2.1 %define subrel 1 Release: %mkrel 6 Epoch: 2 Summary: Utilities for managing shadow password files and user/group accounts License: BSD Group: System/Base URL: http://pkg-shadow.alioth.debian.org/ Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz Source1: shadow-970616.login.defs Source2: shadow-970616.useradd Source3: adduser.8 Source4: pwunconv.8 Source5: grpconv.8 Source6: grpunconv.8 Source8: user-group-mod.pamd Source9: chpasswd-newusers.pamd Source10: chage-chfn-chsh.pamd Patch2: shadow-4.1.5.1-rpmsave.patch Patch4: shadow-4.1.4.2-dotinname.patch Patch7: shadow-4.1.4.2-avx-owl-crypt_gensalt.patch # (cg) This patch is disabled for now as newer shadow-utils seems or provide it's # own tcb support.... Source1000: shadow-4.1.4.2-avx-owl-tcb.patch Patch9: shadow-4.1.5.1-shadow_perms.patch Patch10: shadow-4.1.5.1-tcb-build.patch Patch11: shadow-4.2.1_suse_CVE-2016-6251_6252.patch Patch14: shadow-4.4-CVE-2017-12424.patch BuildRequires: gettext-devel BuildRequires: automake BuildRequires: pam-devel BuildRequires: tcb-devel BuildRequires: glibc-crypt_blowfish-devel BuildRequires: pam_userpass-devel Requires: tcb Requires: setup >= 2.7.12-2 Requires: pam_userpass Obsoletes: adduser, newgrp Provides: adduser, newgrp Provides: /usr/sbin/useradd Provides: /usr/sbin/groupadd Provides: /usr/sbin/userdel Provides: /usr/sbin/groupdel Conflicts: msec < 0.47 Conflicts: util-linux-ng < 2.13.1-6 %description The shadow-utils package includes the necessary programs for converting UNIX password files to the shadow password format, plus programs for managing user and group accounts. The pwconv command converts passwords to the shadow password format. The pwunconv command unconverts shadow passwords and generates an npasswd file (a standard UNIX password file). The pwck command checks the integrity of password and shadow files. The lastlog command prints out the last login times for all users. The useradd, userdel and usermod commands are used for managing user accounts. The groupadd, groupdel and groupmod commands are used for managing group accounts. %prep %setup -q -n shadow-%{version} %autopatch -p1 %build libtoolize --copy --force; aclocal; autoconf; automake --add-missing %serverbuild CFLAGS="%{optflags} -DSHADOWTCB -DEXTRA_CHECK_HOME_DIR" \ %configure \ --disable-shared \ --with-libpam \ --without-libcrack \ --with-group-name-max-length=32 %make_build # because of the extra po file added manually make -C po update-gmo %install %make_install gnulocaledir=%{buildroot}/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs install -d -m 750 %{buildroot}%{_sysconfdir}/default install -m 0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/login.defs install -m 0600 %{SOURCE2} %{buildroot}%{_sysconfdir}/default/useradd ln -s useradd %{buildroot}%_sbindir/adduser install -m644 %SOURCE3 %{buildroot}%_mandir/man8/ install -m644 %SOURCE4 %{buildroot}%_mandir/man8/ install -m644 %SOURCE5 %{buildroot}%_mandir/man8/ install -m644 %SOURCE6 %{buildroot}%_mandir/man8/ perl -pi -e "s/encrpted/encrypted/g" %{buildroot}%{_mandir}/man8/newusers.8 # add pam support files rm -rf %{buildroot}/etc/pam.d/ mkdir -p %{buildroot}/etc/pam.d/ install -m 0600 %{SOURCE8} %{buildroot}/etc/pam.d/user-group-mod install -m 0600 %{SOURCE9} %{buildroot}/etc/pam.d/chpasswd-newusers install -m 0600 %{SOURCE10} %{buildroot}/etc/pam.d/chage-chfn-chsh pushd %{buildroot}/etc/pam.d for f in chpasswd newusers; do ln -s chpasswd-newusers ${f} done for f in chage; do # chfn and chsh are built without pam support in util-linux-ng ln -s chage-chfn-chsh ${f} done for f in groupadd groupdel groupmod useradd userdel usermod; do ln -s user-group-mod ${f} done popd # (cg) Remove unwanted binaries (and their corresponding man pages) for unwanted in %{unwanted}; do rm -f %{buildroot}{%{_bindir},%{_sbindir}}/$unwanted rm -f %{buildroot}%{_mandir}/{,{??,??_??}/}man*/$unwanted.[[:digit:]]* done # (cg) Remove man pages provided by the "man-pages" package... for unwanted in %{unwanted_i18n_mans}; do rm -f %{buildroot}%{_mandir}/{??,??_??}/man*/$unwanted.[[:digit:]]* done # (cg) Find all localised man pages find %{buildroot}%{_mandir} -depth -type d -empty -delete %find_lang shadow for dir in $(ls -1d %{buildroot}%{_mandir}/{??,??_??}) ; do dir=$(echo $dir | sed -e "s|^%{buildroot}||") lang=$(basename $dir) echo "%%lang($lang) $dir/man*/*" >> shadow.lang done %clean rm -rf %{buildroot} rm -rf build-$RPM_ARCH %files -f shadow.lang %doc doc/HOWTO NEWS %doc doc/WISHLIST doc/README.platforms %attr(0640,root,shadow) %config(noreplace) %{_sysconfdir}/login.defs %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/default/useradd %{_bindir}/sg %attr(2711,root,shadow) %{_bindir}/chage %attr(4711,root,root) %{_bindir}/gpasswd %attr(4711,root,root) %{_bindir}/newgidmap %attr(4711,root,root) %{_bindir}/newgrp %attr(4711,root,root) %{_bindir}/newuidmap %{_bindir}/lastlog %{_sbindir}/adduser %{_sbindir}/user* %{_sbindir}/group* %{_sbindir}/grpck %{_sbindir}/pwck %{_sbindir}/*conv %{_sbindir}/chpasswd %{_sbindir}/newusers %{_sbindir}/vipw %{_sbindir}/vigr %{_mandir}/man1/chage.1* %{_mandir}/man1/newgidmap.1* %{_mandir}/man1/newgrp.1* %{_mandir}/man1/newuidmap.1* %{_mandir}/man1/sg.1* %{_mandir}/man1/gpasswd.1* %{_mandir}/man3/shadow.3* %{_mandir}/man5/gshadow.5* %{_mandir}/man5/login.defs.5* %{_mandir}/man5/shadow.5* %{_mandir}/man5/subgid.5* %{_mandir}/man5/subuid.5* %{_mandir}/man8/adduser.8* %{_mandir}/man8/group*.8* %{_mandir}/man8/user*.8* %{_mandir}/man8/pwck.8* %{_mandir}/man8/grpck.8* %{_mandir}/man8/chpasswd.8* %{_mandir}/man8/newusers.8* %{_mandir}/man8/vipw.8* %{_mandir}/man8/vigr.8* %{_mandir}/man8/*conv.8* %{_mandir}/man8/lastlog.8* %attr(640,root,shadow) %config(noreplace) /etc/pam.d/chage-chfn-chsh /etc/pam.d/chage %attr(640,root,shadow) %config(noreplace) /etc/pam.d/chpasswd-newusers /etc/pam.d/chpasswd /etc/pam.d/newusers %attr(640,root,shadow) %config(noreplace) /etc/pam.d/user-group-mod /etc/pam.d/useradd /etc/pam.d/userdel /etc/pam.d/usermod /etc/pam.d/groupadd /etc/pam.d/groupdel /etc/pam.d/groupmod %changelog * Thu Dec 21 2017 mrambo3501 <mrambo3501> 2:4.2.1-6.1.mga5 + Revision: 1183661 - add upstream patch to fix CVE-2017-12424 mga#22010 - add suse patch to fix CVE-2016-6251 and CVE-2016-6252 - modify default umask per bugs 18984 and 618 * Wed Oct 15 2014 umeabot <umeabot> 2:4.2.1-5.mga5 + Revision: 741584 - Second Mageia 5 Mass Rebuild * Tue Sep 16 2014 umeabot <umeabot> 2:4.2.1-4.mga5 + Revision: 689130 - Mageia 5 Mass Rebuild * Tue Sep 02 2014 colin <colin> 2:4.2.1-3.mga5 + Revision: 670860 - Increase the group name length check from 16->32 (matches fedora) * Sun Jul 27 2014 colin <colin> 2:4.2.1-2.mga5 + Revision: 657627 - Switch system uid boundary to 1000+ * Wed May 14 2014 luigiwalser <luigiwalser> 2:4.2.1-1.mga5 + Revision: 622794 - 4.2.1 - fix source URL - explicitly list (and tighten) gpasswd permissions due to SUID - add newgidmap and newuidmap commands to files list - add newgidmap, newuidmap, subgid, and subuid man pages to files list * Wed May 14 2014 luigiwalser <luigiwalser> 2:4.1.5.1-7.mga5 + Revision: 622783 - do not accidentally delete login.defs man page (mga#13377) * Fri Oct 18 2013 umeabot <umeabot> 2:4.1.5.1-6.mga4 + Revision: 518318 - Mageia 4 Mass Rebuild * Mon Jan 14 2013 umeabot <umeabot> 2:4.1.5.1-5.mga3 + Revision: 381957 - Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild * Thu Dec 06 2012 rtp <rtp> 2:4.1.5.1-4.mga3 + Revision: 327373 - change chpasswd pam configuration to make it work again. Main point is to remove the pam_userpass line which has no chance to work since pam_userpass is not supported by chpasswd. * Sat Dec 01 2012 lmenut <lmenut> 2:4.1.5.1-3.mga3 + Revision: 324062 - Change and unify default paths: - remove /(s)bin after UsrMove - add /usr/local/(s)bin * Tue Nov 20 2012 lmenut <lmenut> 2:4.1.5.1-2.mga3 + Revision: 319884 - Change and unify default paths: - remove /(s)bin after UsrMove - add /usr/local/(s)bin * Tue Jul 17 2012 colin <colin> 2:4.1.5.1-1.mga3 + Revision: 271844 - Promote from testing to main repository * Thu Jul 12 2012 colin <colin> 2:4.1.5.1-0.1.mga3 + Revision: 270393 - New version: 4.1.5.1 - Drop outdated local Dutch translation - Drop binaries we do not want that are shipped elsewhere - Package manpages from all locales - Rediff patches - Drop TCB patch in favour of upstream TCB support now included - Write patch to fix upstream TCB build problems - Drop upstream applied patch (groupmod-username) * Sun Jan 09 2011 tmb <tmb> 2:4.1.4.2-9.mga1 + Revision: 3733 - imported package shadow-utils * Sun Jan 9 2011 Thomas Backlund <tmb@mageia.org> 2:4.1.4.2-9.mga1 - initial mageia import - drop rpm tags * Mon Jan 03 2011 Oden Eriksson <oeriksson@mandriva.com> 2:4.1.4.2-8mdv2011.0 + Revision: 627716 - don't force the usage of automake1.7 * Fri Dec 03 2010 Oden Eriksson <oeriksson@mandriva.com> 2:4.1.4.2-7mdv2011.0 + Revision: 607535 - rebuild * Thu Mar 25 2010 Pascal Terjan <pterjan@mandriva.org> 2:4.1.4.2-6mdv2010.1 + Revision: 527508 - Fix group renaming (#57190, patch from gentoo) * Mon Mar 15 2010 Oden Eriksson <oeriksson@mandriva.com> 2:4.1.4.2-5mdv2010.1 + Revision: 519983 - rebuilt against audit-2 libs * Sun Nov 29 2009 Pascal Terjan <pterjan@mandriva.org> 2:4.1.4.2-4mdv2010.1 + Revision: 471566 - Fix login.defs * Thu Nov 26 2009 Pascal Terjan <pterjan@mandriva.org> 2:4.1.4.2-3mdv2010.1 + Revision: 470346 - Update login.defs * Tue Nov 24 2009 Pascal Terjan <pterjan@mandriva.org> 2:4.1.4.2-2mdv2010.1 + Revision: 469496 - Update to /release as nothing seems too obviously broken * Tue Nov 24 2009 Pascal Terjan <pterjan@mandriva.org> 2:4.1.4.2-1mdv2010.1 + Revision: 469403 - Update tcb patch - Drop shadow-4.0.11.1-no-syslog-setlocale.patch as it is 9 years old and there is no explanation on why we should disable this workaround - Update to 4.1.4.2 o Drop patches that are now upstream: * shadow-4.0.12-nscd.patch * shadow-4.0.12-unlock.patch * shadow-4.0.12-do-copy-skel-if-home-directory-exists-but-is-empty.patch * shadow-4.0.12-avx-owl-crypt_gensalt.patch o Update other patches - Update URL, we are missing a lot of releases * Thu Sep 03 2009 Christophe Fergeau <cfergeau@mandriva.com> 2:4.0.12-20mdv2010.0 + Revision: 427122 - rebuild * Mon Mar 09 2009 Oden Eriksson <oeriksson@mandriva.com> 2:4.0.12-19mdv2009.1 + Revision: 353187 - P10: security fix for CVE-2008-5394 - rediffed one fuzzy patch (P2) + Antoine Ginies <aginies@mandriva.com> - rebuild * Wed Aug 27 2008 Vincent Danen <vdanen@mandriva.com> 2:4.0.12-17mdv2009.0 + Revision: 276627 - add shadow_perms patch so pwconv creates /etc/shadow mode 0440 and owned root:shadow * Thu Aug 07 2008 Thierry Vignaud <tv@mandriva.org> 2:4.0.12-16mdv2009.0 + Revision: 265694 - rebuild early 2009.0 package (before pixel changes) * Sat May 31 2008 Frederik Himpe <fhimpe@mandriva.org> 2:4.0.12-15mdv2009.0 + Revision: 213823 - Add conflicts to fix upgrade from 2008.1 (files vipw and vigr were moved) * Wed May 21 2008 Vincent Danen <vdanen@mandriva.com> 2:4.0.12-14mdv2009.0 + Revision: 209785 - PASS_MIN_LEN seems no longer valid for some reason, so comment it out to get rid of warning messages when creating new users * Tue May 20 2008 Vincent Danen <vdanen@mandriva.com> 2:4.0.12-13mdv2009.0 + Revision: 209280 - package the pam.d files * Mon May 19 2008 Vincent Danen <vdanen@mandriva.com> 2:4.0.12-12mdv2009.0 + Revision: 209190 - requires pam_userpass * Mon May 19 2008 Vincent Danen <vdanen@mandriva.com> 2:4.0.12-11mdv2009.0 + Revision: 209077 - add pam support files now that we build with pam support * Sun May 18 2008 Vincent Danen <vdanen@mandriva.com> 2:4.0.12-10mdv2009.0 + Revision: 208800 - add crypt_gensalt.patch from Annvix to allow setting which crypt method to use for passwords via login.defs - add tcb.patch to provide support for TCB - buildrequires pam-devel, tcb-devel, glibc-crypt_blowfish-devel, pam_userpass-devel - requires tcb - update login.defs to add CRYPT_PREFIX, CRYPT_ROUNDS, USE_TCB, TCB_AUTH_GROUP, and TCB_SYMLINKS - vipw and vigr belong here now, not util-linux-ng - require setup 2.7.12-2mdv or newer as it supplies the auth, chkpwd, and shadow groups * Wed Mar 05 2008 Oden Eriksson <oeriksson@mandriva.com> 2:4.0.12-9mdv2008.1 + Revision: 179504 - rebuild + Olivier Blin <oblin@mandriva.com> - restore BuildRoot + Thierry Vignaud <tv@mandriva.org> - kill re-definition of %%buildroot on Pixel's request * Mon Sep 17 2007 Andreas Hasenack <andreas@mandriva.com> 2:4.0.12-8mdv2008.0 + Revision: 89134 - fixed groupadd manpage synopsis (#33533) * Mon Jul 02 2007 Andreas Hasenack <andreas@mandriva.com> 2:4.0.12-7mdv2008.0 + Revision: 47132 - updated nl po file (#27082) * Wed Jun 27 2007 Andreas Hasenack <andreas@mandriva.com> 2:4.0.12-6mdv2008.0 + Revision: 45099 - using serverbuild macro (-fstack-protector-all) * Tue Jun 12 2007 Pixel <pixel@mandriva.com> 2:4.0.12-5mdv2008.0 + Revision: 38108 - allow adduser to copy skel directory if the home directory exists but is empty (#29009) * Mon Mar 19 2007 Andreas Hasenack <andreas@mandriva.com> 4.0.12-4mdv2007.1 + Revision: 146707 - don't leave lock files lying around (#29221) + Pixel <pixel@mandriva.com> - Import shadow-utils * Thu Jun 15 2006 Guillaume Rousse <guillomovitch@mandriva.org> 2:4.0.12-3mdv2007.0 - /etc/default doesn't belong to this package - some spec cleanup * Sat Jun 10 2006 Rafael Garcia-Suarez <rgarciasuarez@mandriva.com> 2:4.0.12-2mdv2007.0 - Add patch 4: allow dots and capitals in usernames (Rawhide) - Remove provide itself with larger version; increased epoch instead - Uncompressed patches * Wed Sep 14 2005 Warly <warly@mandriva.com> 1:4.0.12-mdk - new version, fix a bug which overwrite user config in conectiva upgrade * Mon Aug 15 2005 Thierry Vignaud <tvignaud@mandriva.com> 4.0.11.1-4mdk - NEWS is more usefull than ChangeLog * Sat Aug 13 2005 Frederic Lepied <flepied@mandriva.com> 4.0.11.1-3mdk - Conflicts with msec < 0.47 * Fri Aug 12 2005 Nicolas Lécureuil <neoclust@mandriva.org> 4.0.11.1-2mdk - Remove packager tag - mkrel * Sat Aug 06 2005 Cris <cris@mandrive.com> 1:4.0.11.1-1mdk - New version - Drop all unused patches - Clean up spec file - Respin some patches based on fedora core 4 4.0.7 versions * Tue Mar 22 2005 Warly <warly@mandrakesoft.com> 1:4.0.3-8mdk - Fix the nscd patch to refer to the right pid file (bug 14840) * Tue Jun 15 2004 Per Ãyvind Karlsen <peroyvind@linux-mandrake.com> 4.0.3-8mdk - fix gcc-3.4 build (P501) - use %%make and %%makeinstall_std macro - work around problem with mkinstalldirs - drop prefix tag