Gregor Best wrote: > Hi people, > > On Fri, May 06, 2016 at 03:03:52PM +0100, Stuart Henderson wrote: > > [...] > > Feel free to investigate the ports I mentioned then. Diffs to > > ports@ please - you can test that they work using tedu's diff > > that will avoid filling in pw_passwd in the struct, it's usually > > just a case of s/(getpwuid|getpwnam)/\1_shadow/. > > [...] > > The attached patch fixes x11/xscreensaver to work with the new > shadow-only pwd. I think the patch is straightforward, but given the > sensitive nature of xscreensaver, it'd probably be good if more than one > other person could test this before it gets applied.
looks about right. as sthen says, these should be pretty easy. and when in doubt, adding the shadow extension is safe-ish. at worst, unnecessary use of shadow will result in the same behavior as 5.9. you're unlikely to actually introduce a vulnerability.
