[Pkg-shadow-devel] Bug#1042828: Bug#1042828: manpage: obsolete reference in the shadow(5) man page

2023-10-15 Thread Bálint Réczey 
Hi Andreas,

I hope this explanation is satisfactory and you agree that it is not a
bug to mention crypt(3).
Alejandro, thank you for the explanation.

I'm closing this bug, since it seems to be invalid.

Cheers,
Balint

Alejandro Colomar  ezt írta (időpont: 2023. aug. 1., K, 16:30):
>
> [CC += Tobias, Marcos]
>
> Hi Andreas,
>
> On 2023-08-01 16:14, Andreas Schwarz wrote:
> > Package: passwd
> > Version: 1:4.13+dfsg1-1+b1
> > Severity: minor
> > X-Debbugs-Cc: andreas.schw...@noris.de
> >
> > Dear Maintainer,
> >
> > The manpage shadow(5) refers to crypt(3), but this no longer exists.
> >
> > This manpage was part of the manpages-dev package, as far as I can see 
> > crypt(3) was last included in "Debian buster".
>
> I'm on Debian Sid and see this:
>
> $ apt-file find -x 'man/man3/crypt\.3\b'
> libcrypt-dev: /usr/share/man/man3/crypt.3.gz
> $ apt-file find -x 'man/man5/shadow\.5\b'
> passwd: /usr/share/man/man5/shadow.5.gz
>
> The Linux man-pages project has a crypt(3) page, but it is removed in the 
> Debian
> packaging due to a conflict with libcrypt-dev.  The commit where that happened
> is the following one:
>
>
> commit c56791e95a0759d58ded54150466f207c7cf3322
> Author: Dr. Tobias Quathamer 
> Date:   Tue Jul 9 20:12:48 2019 +0200
>
> Update list of conflicting manpages
>
> diff --git a/debian/rules b/debian/rules
> index f38c428f7..5f963d152 100755
> --- a/debian/rules
> +++ b/debian/rules
> @@ -22,6 +22,8 @@ override_dh_installman:
> rm -f debian/manpages/usr/share/man/man4/sk98lin.4
> # Start of automatically added files by debian/check-conflicts
> rm -f debian/manpages/usr/share/man/man1/time.1
> +   rm -f debian/manpages-dev/usr/share/man/man3/crypt.3
> +   rm -f debian/manpages-dev/usr/share/man/man3/crypt_r.3
> rm -f debian/manpages-dev/usr/share/man/man3/pthread_atfork.3
> rm -f 
> debian/manpages-dev/usr/share/man/man3/pthread_mutexattr_destroy.3
> rm -f debian/manpages-dev/usr/share/man/man3/pthread_mutexattr_init.3
>
>
> $ git describe --contains c56791e95a
> debian/5.01-1~2
>
>
> manpages-dev 5.01 first appeared in Bullseye, so Buster still shipped crypt(3)
> in manpages-dev, as you experience.  The solution for you will be to install
> libcrypt-dev, or complain to the manpages-dev Debian team.  :)
>
> Cheers,
> Alex
>
>
> >
> > -- System Information:
> > Debian Release: 12.0
> >   APT prefers stable-security
> >   APT policy: (500, 'stable-security'), (500, 'stable')
> > Architecture: amd64 (x86_64)
> >
> > Kernel: Linux 6.1.0-10-amd64 (SMP w/8 CPU threads; PREEMPT)
> > Kernel taint flags: TAINT_WARN
> > Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE 
> > not set
> > Shell: /bin/sh linked to /usr/bin/dash
> > Init: systemd (via /run/systemd/system)
> > LSM: AppArmor: enabled
> >
> > Versions of packages passwd depends on:
> > ii  libaudit1   1:3.0.9-1
> > ii  libc6   2.36-9
> > ii  libcrypt1   1:4.4.33-2
> > ii  libpam-modules  1.5.2-6
> > ii  libpam0g1.5.2-6
> > ii  libselinux1 3.4-1+b6
> > ii  libsemanage23.4-1+b5
> >
> > Versions of packages passwd recommends:
> > ii  sensible-utils  0.0.17+nmu1
> >
> > passwd suggests no packages.
> >
> > -- no debconf information
> >
> > ___
> > Pkg-shadow-devel mailing list
> > Pkg-shadow-devel@alioth-lists.debian.net
> > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel
>
> --
> 
> GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#1028917: Bug#1028917: passwd package missing dependency

2023-10-15 Thread Bálint Réczey 
Please reopen the bug if there is an actual problem and add more detail.

Vincent Lefevre  ezt írta (időpont: 2023. jan.
15., V, 0:57):
>
> On 2023-01-14 16:55:08 -0500, Jeffrey Walton wrote:
> > As reported at https://lists.debian.org/debian-user/2023/01/msg00319.html :
> >
> > Package: passwd (1:4.8.1-1) does not work without libpam-ldap , being
> > a library which is not listed on the dependency section of the page
> > dedicated to the package passwd
>
> This message doesn't mention any issue.
>
> On my bullseye machine, libpam-ldap is not installed, and everything
> works fine.
>
> --
> Vincent Lefèvre  - Web: 
> 100% accessible validated (X)HTML - Blog: 
> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
>
> ___
> Pkg-shadow-devel mailing list
> Pkg-shadow-devel@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#1034563: Bug#1034563: login: "su" doesn't put /sbin and /usr/sbin to PATH

2023-09-25 Thread Bálint Réczey 
Control: tags -1 confirmed wontfix

Hi Askar,

Askar Safin  ezt írta (időpont: 2023. ápr. 18., K, 13:15):
>
> Package: login
> Version: 1:4.13+dfsg1-1
> Severity: normal
> X-Debbugs-Cc: safinas...@gmail.com
>
> Steps to reproduce:
>
> 
> user@92fe0070d0e9:~$ echo $PATH
> /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
> user@92fe0070d0e9:~$ su
> Password:
> root@92fe0070d0e9:/home/user# echo $PATH
> /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
> 
>

Su shipped in Debian is built from the util-linux source package for some time:
root@sid:~# dpkg -S /bin/su
util-linux: /bin/su


This bug is a duplicate of https://bugs.debian.org/918754 , but I keep
it open here to let people find it and prevent them from filing new
duplicates.

Cheers,
Balin

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

Re: [Pkg-shadow-devel] /var/log/ default file permissions

2023-03-13 Thread Bálint Réczey 
Hi Craig,

Craig Andrews  ezt írta (időpont: 2023.
márc. 8., Sze, 22:29):
>
> I'm working on evaluating Debian against STIGs and CIS benchmarks and
> one of the findings reported is:
>
> Verify permissions of log files:
> http://static.open-scap.org/ssg-guides/ssg-ubuntu2004-guide-stig.html#xccdf_org.ssgproject.content_rule_permissions_local_var_log
>
> This rule ensure that files in /var/log have 640 permissions.
>
> The shadow package seems to create/own a number of the files in /var/log
> and it sets the file permissions to 644.
>
> 640 makes more sense to me - there doesn't seem to be any reason for a
> regular user to read these logs.

Well, triaging problems without having to become root is comfortable
and this the status quo.

> Could Debian consider using the more restrictive 640 permissions for the
> /var/log/ files, improving security by default?

Technically yes, but at the moment I don't see a need for the change.

Please discuss the topic with the Debian Security Team and if they are
on board with the change it may be implemented.
https://security-team.debian.org/contact.html

I see you raised the same topic upstream, too. While I share
upstream's view Debian can have different defaults and I respect the
Security Team's opinion.

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#1032393: Bug#1032393: [PATCH v2 2/2] debian/control: Add libbsd-dev and pkg-config

2023-03-12 Thread Bálint Réczey 
Hi Alejandro,

Alejandro Colomar  ezt írta (időpont: 2023.
márc. 12., V, 16:52):
>
> Hi Bálint,
>
> On 3/12/23 16:38, Bálint Réczey wrote:
> >> 142 lines of a function definition are not something I'd consider easy to
> >> maintain.  Is it a big deal to add another dependency?  I'd say it's a
> >> bigger deal to copy verbatim so many lines of code, and sync them from
> >> time to time from libbsd (or OpenBSD) just to bring in any bugfixes they
> >> apply.  That's exactly the purpose of libbsd, so I think relying on them
> >> should be fine.
> >
> > The function does not change often. It changed two times in the last 13 
> > years:
> > https://gitlab.freedesktop.org/libbsd/libbsd/-/commits/main/src/readpassphrase.c
> >
> > I'd be happy to add a GitHub Action job or an autopkgtest in Debian to
> > check if shadow's local copy needs an update.
> >
> > Depending on libbsd would pull the library into every single docker
> > container image increasing their size and would make libbsd part of
> > the pseudo-essential set, thus I prefer not depending on it for a few
> > lines of code.
>
> libbsd0 is only ~ 200 kB (installed size).  That should be
> insignificant compared to a Debian docker image, or even to the
> shadow packages.
>
> libsubid4 is ~ 300 kB
> uidmap is~ 300 kB
> login is ~ 2.6 MB
> passwd is~ 2.8 kB
>
> And the unstable-slim Debian Docker image is around 28 MB
> (compressed size).

Yes, and libsubid4 and uidmap are not present in the docker images.

>
> Moreover, having this libbsd part of the pseudo-essential set would
> allow many other packages to rely on it, thus deduplicating the
> copies that some projects currently do to avoid depending on it,
> so the total distribution size could even shrink in the long term.

Developers of Debian are expected to be very conservative regarding
expanding the (pseudo-) essential set:
https://www.debian.org/doc/debian-policy/ch-binary.html#essential-packages

I value keeping the essential set minimal above providing one more
shared library for potential reverse dependencies, too.
I'd like to hear more people's opinion from the shadow project and if
the project insists on adding the libbsd dependency I will bring the
topic to debian-devel following the spirit of the Debian Policy
offering to either carry a copy of readpassphrase.c as a patch in the
Debian package or adding the libbsd dependency.

Cheers,
Balint

> Cheers,
>
> Alex
>
> --
> <http://www.alejandro-colomar.es/>
> GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#1032393: Bug#1032393: [PATCH v2 2/2] debian/control: Add libbsd-dev and pkg-config

2023-03-12 Thread Bálint Réczey 
Hi Alejandro,

Alejandro Colomar  ezt írta (időpont: 2023.
márc. 11., Szo, 1:08):
>
> Hi Bálint,
>
> On 3/10/23 21:34, Bálint Réczey wrote:
> [...]
>
> >> I didn't have the time to look into that, but we should really
> >> check if we need to add some error checking.  With strlcpy(3),
> >> at least we can do it, contrary to strncpy(3), which doesn't
> >> really help detecting truncation (except that you can check
> >> the last byte _before_ overwriting it with the '\0', which is
> >> really cumbersome).
> >
> > I did not find setting the last '\0' that cumbersome,
>
> It's not just setting '\0', but also checking truncation.  As I
> said, strncpy(3) is not suited for that, but memcpy(3) could be
> used.  However, using memcpy(3) for copying strings with truncation
> and detecting truncation is:
>
> memcpy(dst, src, sizeof(dst) - 1)
> if (strlen(src) >= sizeof(dst))
> goto trunc;
> dst[sizeof(dst) - 1] = '\0';
>
> There are a few things I don't like:
>
> -  setting '\0' is in a separate line.  Just a minor thing.
> -  Two '-1', which are likely to produce off-by-one errors
>at some point (I've already fixed a few of them, IIRC).  At
>least they didn't seem bad, since we had then on the good
>side (we were just wasting one byte).
>
> But the behavior is indeed what we want.  Here's the definition of
> stpecpy(), which basically does that (I call strnlen(3) for optimizing):
>
> $ grepc -tfd stpecpy
> ./lib/stpecpy.h:67:
> inline char *
> stpecpy(char *dst, char *end, const char *restrict src)
> {
> booltrunc;
> char*p;
> size_t  dsize, dlen, slen;
>
> if (dst == end)
> return end;
> if (dst == NULL)
> return NULL;
>
> dsize = end - dst;
> slen = strnlen(src, dsize);
> trunc = (slen == dsize);
> dlen = slen - trunc;
>
> p = mempcpy(dst, src, dlen);
> *p = '\0';
>
> return p + trunc;
> }
>
>
> > but I'd be OK
> > with any implementation that's correct and uses only glibc symbols
> > including strcpy() and memcpy().
>
> Okay, stpecpy() would be enough.
>
> >> But we can't trivially replace readpassphrase(3bsd).  We could try
> >> to reimplement it ourselves, but I don't see avoiding libbsd-dev
> >> as a strong-enough reason.
> >
> > Indeed, readpassphrase() is the most problematic, but looking at its
> > implementation in libbsd it could be just copied to shadow. I'm not a
> > fan of such copies, but it seems this function has been copied
> > extensively already:
> > https://codesearch.debian.net/search?q=readpassphrase%28const+char&literal=1
>
> I'm not a fan either; rather the opposite.  I'd vote against doing so.
>
> >
> > readpassphrase.c's ISC license allows that, too, and I think copying
> > would not be a ton of work.
>
> Copying it, probably not.  Maintaining it, maybe yes.  I mean, just look
> at it:
>
> $ grepc -tfd readpassphrase | wc -l
> 142
>
>
> 142 lines of a function definition are not something I'd consider easy to
> maintain.  Is it a big deal to add another dependency?  I'd say it's a
> bigger deal to copy verbatim so many lines of code, and sync them from
> time to time from libbsd (or OpenBSD) just to bring in any bugfixes they
> apply.  That's exactly the purpose of libbsd, so I think relying on them
> should be fine.

The function does not change often. It changed two times in the last 13 years:
https://gitlab.freedesktop.org/libbsd/libbsd/-/commits/main/src/readpassphrase.c

I'd be happy to add a GitHub Action job or an autopkgtest in Debian to
check if shadow's local copy needs an update.

Depending on libbsd would pull the library into every single docker
container image increasing their size and would make libbsd part of
the pseudo-essential set, thus I prefer not depending on it for a few
lines of code.

Cheers,
Balint


> Cheers,
>
> Alex
> --
> <http://www.alejandro-colomar.es/>
> GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#1032393: Bug#1032393: [PATCH v2 2/2] debian/control: Add libbsd-dev and pkg-config

2023-03-10 Thread Bálint Réczey 
Hi Alejandro,

Alejandro Colomar  ezt írta (időpont: 2023.
márc. 8., Sze, 13:55):
>
> Hi Bálint,
>
> [I reordered some quotes for my reply]
> [CC Paul, since he's been mentioned, and I'm curious to know
> if he has any comments]
>
> On 3/8/23 11:59, Bálint Réczey wrote:
> > Hi Alejandro,
> >
> > Alejandro Colomar  ezt írta (időpont: 2023.
> > márc. 5., V, 20:44):
> >>
> >> Package: passwd
> >> Source: shadow
> >> Tags: patch
> >> X-Debbugs-CC: Bálint Réczey 
> >> X-Debbugs-CC: Iker Pedrosa 
> >> X-Debbugs-CC: Serge Hallyn 
> >>
> >> These dependencies were added upstream recently.
> >>
> >> Signed-off-by: Alejandro Colomar 
> >> Cc: Iker Pedrosa 
> >> Cc: Serge Hallyn 
> >> ---
> >>  debian/control | 2 ++
> >>  1 file changed, 2 insertions(+)
> >>
> >> diff --git a/debian/control b/debian/control
> >> index 3cc66f8d..75015c35 100644
> >> --- a/debian/control
> >> +++ b/debian/control
> >> @@ -11,11 +11,13 @@ Build-Depends: bison,
> >> gettext,
> >> itstool,
> >> libaudit-dev [linux-any],
> >> +   libbsd-dev,
> >
> > I checked out recent changes in shadow's master and I'm very happy
> > about many of the fixes for memory allocation problems,
>
> Thanks! :-)
>
> > but wearing my maintainer hat I believe linking to a new library for a
> > few functions which are not very different from their glibc
> > counterpart is not worth it.
>
> We added it with strlcpy(3) in mind, but I agree with you that
> it's not a critical reason, and we could live without it; in fact
> I introduced a similar (and IMO superior) function, stpecpy(),
> which could replace strlcpy(3) in all 6 calls.
>
> But we didn't really add it for it; we already had the libbsd-dev
> dependency before adding strlcpy(3).  libbsd-dev was added for
> readpassphrase(3bsd), which has nothing similar in glibc, and I don't
> want to be rewriting it in terms of glibc stuff, since it's not
> trivial.
>
> It was added in this patch set:
>
> * 2a5b8810 - Mon, 21 Nov 2022 14:00:13 +0100 (4 months ago)
> |   agetpass: Hook into build-system - Guillem Jover
> * ab91ec10 - Wed, 28 Sep 2022 23:09:19 +0200 (5 months ago)
> |   Hide [[gnu::malloc(deallocator)]] in a macro - Alejandro Colomar
> * 554f86ba - Tue, 27 Sep 2022 21:21:35 +0200 (5 months ago)
> |   Replace the deprecated getpass(3) by our agetpass() - Alejandro 
> Colomar
> * 155c9421 - Mon, 26 Sep 2022 22:22:24 +0200 (5 months ago)
> |   libmisc: agetpass(), erase_pass(): Add functions for getting 
> passwords safely - Alex Colomar
> * 8cce4557 - Wed, 28 Sep 2022 00:03:46 +0200 (5 months ago)
> |   Don't 'else' after a 'noreturn' call - Alex Colomar
> * 99ce21a3 - Tue, 22 Nov 2022 14:35:06 +0100 (4 months ago)
> |   CI: add libbsd and pkg-config dependencies - Iker Pedrosa
>
> >
> > Freezero() also provides little extra benefit over memset() and free()
> > and is used only 4 times in the code.
>
> Use of freezero(3bsd) was added later to erase_pass() for one reason:
> that API pair --agetpass(), erase_pass()-- already strongly depends on a
> libbsd-dev function --readpassphrase(3bsd)--, so depending on two of them
> doesn't add any issues.  Anyway, freezero(3) is easy to implement if we
> had a need.
>
>
>
> > There are reasons for strlcpy() not being provided by glibc [1]:
> >
> > "Reactions among core glibc contributors on the topic of including
> > strlcpy() and strlcat() have been varied over the years. Christoph
> > Hellwig's early patch was rejected in the then-primary maintainer's
> > inimitable style (1 and 2). But reactions from other glibc developers
> > have been more nuanced, indicating, for example, some willingness to
> > accept the functions. Perhaps most insightfully, Paul Eggert notes
> > that even when these functions are provided (as an add-on packaged
> > with the application), projects such as OpenSSH, where security is of
> > paramount concern, still manage to either misuse the functions
> > (silently truncating data) or use them unnecessarily (i.e., the
> > traditional strcpy() and strcat() could equally have been used without
> > harm); such a state of affairs does not constitute a strong argument
> > for including the functions in glibc. "
> >
> > I agree with their position and the 6 cases where strlcpy() is used in
> > shadow&#

[Pkg-shadow-devel] Bug#1032393: Bug#1032393: [PATCH v2 0/2] Update Build-Depends

2023-03-08 Thread Bálint Réczey 
Hi Alejandro,

Alejandro Colomar  ezt írta (időpont: 2023.
márc. 8., Sze, 13:59):
>
> Hi Bálint,
>
> On 3/8/23 13:11, Bálint Réczey wrote:
> > Hi Serge,
> >
> > Serge E. Hallyn  ezt írta (időpont: 2023. márc. 6., H, 
> > 21:30):
>
> [...]
>
> >>
> >> Hi Balint,
> >>
> >> right now shadow is not depending on either one.  Alex is adding
> >> the pkgconf one.  This diff is between Alex's two diffs, showing
> >> that his first diff had added pkg-config, while v2 is instead doing
> >> pkgconf.
> >
> > Yes, and I'd still depend on the more mature pkg-config variant if one
> > variant is added until the archive-wide transition to pkgconf is
> > completed.
>
> Didn't the transition already happen?  I thought it had.  This is what
> I see:
>
>
> $ apt-cache show pkg-config
> Package: pkg-config
> Source: pkgconf
> [...]
> Depends: pkgconf (>= 1.8.0-7~)
> Description-en: manage compile and link flags for libraries (transitional 
> package)
>  pkgconf is an implementation of the pkg-config system, which helps to 
> configure
>  compiler and linker flags for development frameworks.
>  .
>  pkgconf is a replacement for pkg-config, providing additional functionality
>  while also maintaining compatibility.
>  .
>  This package only provides a dependency link to the pkgconf package to help
>  with package upgrades. It can be safely removed.
> [...]
> Homepage: http://pkgconf.org/
> [...]
> Filename: pool/main/p/pkgconf/pkg-config_1.8.1-1_amd64.deb
> [...]

Oh, it already happened. I mistakenly checked that in my system's
changelog, not in unstable's.
Then I'd prefer the pkgconfig build dependency, too.

Thanks,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#1032393: Bug#1032393: [PATCH v2 0/2] Update Build-Depends

2023-03-08 Thread Bálint Réczey 
Hi Serge,

Serge E. Hallyn  ezt írta (időpont: 2023. márc. 6., H, 21:30):
>
> On Mon, Mar 06, 2023 at 08:41:15PM +0100, Bálint Réczey wrote:
> > Hi Alejandro,
> >
> >
> > Alejandro Colomar  ezt írta (időpont: 2023.
> > márc. 5., V, 20:38):
> > >
> > > Package: passwd
> > > Source: shadow
> > > Tags: patch
> > > X-Debbugs-CC: Bálint Réczey 
> > > X-Debbugs-CC: Iker Pedrosa 
> > > X-Debbugs-CC: Serge Hallyn 
> > > To: sub...@bugs.debian.org
> > >
> > > Hi Balint,
> > >
> > > This is my first patch set sent to Debbugs.  Let's see if I do it
> > > correctly :).
> > >
> > > I can't open a MR in Salsa, since my account is still to be approved
> > > (I opened it yesterday).  BTW, if you have any contacts there, please
> > > have a look at it; the identifier is 'alx' and the associated email is
> > > .  I sent a mail to the Salsa admin a week ago but
> > > received no response (but I guess they might be busy).
> > >
> > > Cheers,
> > >
> > > Alex
> > >
> > > ---
> > >
> > > Alejandro Colomar (2):
> > >   debian/control: Sort alphabetically package lists
> > >   debian/control: Add libbsd-dev and pkg-config
> > >
> > >  debian/control | 26 ++
> > >  1 file changed, 14 insertions(+), 12 deletions(-)
> > >
> > > Range-diff against v1:
> > > -:   > 1:  3d079bd9 debian/control: Sort alphabetically package 
> > > lists
> > > 1:  48ac3d10 ! 2:  9e323b50 debian/control: Add libbsd-dev and pkg-config
> > > @@ debian/control: Build-Depends: bison,
> > >  libselinux1-dev [linux-any],
> > >  libsemanage-dev [linux-any],
> > >  libxml2-utils,
> > > -+   pkg-config,
> > > ++   pkgconf,
> >
> > Thank you for the good intention, but this change won't be needed
> > because pkgconf will provide pkg-config according to the plan:
> >
> > https://lists.debian.org/debian-devel/2022/07/msg00252.html
> >
> > Cheers,
> > Balint
>
> Hi Balint,
>
> right now shadow is not depending on either one.  Alex is adding
> the pkgconf one.  This diff is between Alex's two diffs, showing
> that his first diff had added pkg-config, while v2 is instead doing
> pkgconf.

Yes, and I'd still depend on the more mature pkg-config variant if one
variant is added until the archive-wide transition to pkgconf is
completed.

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#1032393: Bug#1032393: [PATCH v2 2/2] debian/control: Add libbsd-dev and pkg-config

2023-03-08 Thread Bálint Réczey 
Hi Alejandro,

Alejandro Colomar  ezt írta (időpont: 2023.
márc. 5., V, 20:44):
>
> Package: passwd
> Source: shadow
> Tags: patch
> X-Debbugs-CC: Bálint Réczey 
> X-Debbugs-CC: Iker Pedrosa 
> X-Debbugs-CC: Serge Hallyn 
>
> These dependencies were added upstream recently.
>
> Signed-off-by: Alejandro Colomar 
> Cc: Iker Pedrosa 
> Cc: Serge Hallyn 
> ---
>  debian/control | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/debian/control b/debian/control
> index 3cc66f8d..75015c35 100644
> --- a/debian/control
> +++ b/debian/control
> @@ -11,11 +11,13 @@ Build-Depends: bison,
> gettext,
> itstool,
> libaudit-dev [linux-any],
> +   libbsd-dev,

I checked out recent changes in shadow's master and I'm very happy
about many of the fixes for memory allocation problems,
but wearing my maintainer hat I believe linking to a new library for a
few functions which are not very different from their glibc
counterpart is not worth it.
There are reasons for strlcpy() not being provided by glibc [1]:

"Reactions among core glibc contributors on the topic of including
strlcpy() and strlcat() have been varied over the years. Christoph
Hellwig's early patch was rejected in the then-primary maintainer's
inimitable style (1 and 2). But reactions from other glibc developers
have been more nuanced, indicating, for example, some willingness to
accept the functions. Perhaps most insightfully, Paul Eggert notes
that even when these functions are provided (as an add-on packaged
with the application), projects such as OpenSSH, where security is of
paramount concern, still manage to either misuse the functions
(silently truncating data) or use them unnecessarily (i.e., the
traditional strcpy() and strcat() could equally have been used without
harm); such a state of affairs does not constitute a strong argument
for including the functions in glibc. "

I agree with their position and the 6 cases where strlcpy() is used in
shadow's current master could be implemented with strncpy() as safely
as with strlcpy().

Freezero() also provides little extra benefit over memset() and free()
and is used only 4 times in the code.

Could you please return to using functions provided by glibc instead
of pulling in libbsd in the next upstream release?
That way there would be no need for pkg-config or pkgconf either.

Cheers,
Balint

[1] https://lwn.net/Articles/507319/

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#1032393: Bug#1032393: [PATCH v2 1/2] debian/control: Sort alphabetically package lists

2023-03-07 Thread Bálint Réczey 
Hi Alejandro,

Alejandro Colomar  ezt írta (időpont: 2023.
márc. 5., V, 20:44):
>
> Package: passwd
> Source: shadow
> Tags: patch
> X-Debbugs-CC: Bálint Réczey 
> X-Debbugs-CC: Iker Pedrosa 
> X-Debbugs-CC: Serge Hallyn 
>
> Signed-off-by: Alejandro Colomar 
> Cc: Iker Pedrosa 
> Cc: Serge Hallyn 
> ---
>  debian/control | 24 
>  1 file changed, 12 insertions(+), 12 deletions(-)
>
> diff --git a/debian/control b/debian/control
> index 88198468..3cc66f8d 100644
> --- a/debian/control
> +++ b/debian/control
> @@ -4,20 +4,20 @@ Uploaders: Balint Reczey ,
> Serge Hallyn 
>  Section: admin
>  Priority: required
> -Build-Depends: debhelper-compat (= 13),
> -   gettext,
> -   libcrypt-dev,
> -   libpam0g-dev,
> -   quilt,
> -   xsltproc,
> +Build-Depends: bison,
> +   debhelper-compat (= 13),
> docbook-xsl,
> docbook-xml,

I guess this sorting was done manually, because docbook-xsl and
docbook-xml are not sorted alphabetically.
There is a handy tool wrap-and-sort(1) if you would like to tidy up
Debian package control files.

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#1032393: [PATCH v2 0/2] Update Build-Depends

2023-03-06 Thread Bálint Réczey 
Hi Alejandro,


Alejandro Colomar  ezt írta (időpont: 2023.
márc. 5., V, 20:38):
>
> Package: passwd
> Source: shadow
> Tags: patch
> X-Debbugs-CC: Bálint Réczey 
> X-Debbugs-CC: Iker Pedrosa 
> X-Debbugs-CC: Serge Hallyn 
> To: sub...@bugs.debian.org
>
> Hi Balint,
>
> This is my first patch set sent to Debbugs.  Let's see if I do it
> correctly :).
>
> I can't open a MR in Salsa, since my account is still to be approved
> (I opened it yesterday).  BTW, if you have any contacts there, please
> have a look at it; the identifier is 'alx' and the associated email is
> .  I sent a mail to the Salsa admin a week ago but
> received no response (but I guess they might be busy).
>
> Cheers,
>
> Alex
>
> ---
>
> Alejandro Colomar (2):
>   debian/control: Sort alphabetically package lists
>   debian/control: Add libbsd-dev and pkg-config
>
>  debian/control | 26 ++
>  1 file changed, 14 insertions(+), 12 deletions(-)
>
> Range-diff against v1:
> -:   > 1:  3d079bd9 debian/control: Sort alphabetically package lists
> 1:  48ac3d10 ! 2:  9e323b50 debian/control: Add libbsd-dev and pkg-config
> @@ debian/control: Build-Depends: bison,
>  libselinux1-dev [linux-any],
>  libsemanage-dev [linux-any],
>  libxml2-utils,
> -+   pkg-config,
> ++   pkgconf,

Thank you for the good intention, but this change won't be needed
because pkgconf will provide pkg-config according to the plan:

https://lists.debian.org/debian-devel/2022/07/msg00252.html

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

Re: [Pkg-shadow-devel] [PATCH v1 0/2] Update Build-Depends

2023-03-05 Thread Bálint Réczey 
Hi Serge,

Serge Hallyn  ezt írta (időpont: 2023. márc. 5., V, 2:24):
>
> On Sat, Mar 04, 2023 at 08:22:18PM +0100, Alejandro Colomar wrote:
> > Hi Serge,
> >
> > I'm not sure if the pkg-shadow-devel@ list is restricted to subscribers.
>
> Hm.  pkg-shadow-devel@ should definitely not be subscriber-only, else
> why is it listed as Maintainer in debian/control?
>
> Balint, do you know?

The mailing list is in the Maintainer field to show that the package
is intended to be team maintained, while I did almost all uploads in
the past years.
Since we touched that topic, co-maintainers are welcome! :-)

The list is subscriber-only, because it used to forward a lot of spam
and I believe this is a reasonable configuration.

Anyone can submit patches and bugs through the BTS
(https://www.debian.org/Bugs/Reporting) without registration.
Even the Salsa repository accepts MR-s:
https://salsa.debian.org/debian/shadow/-/merge_requests

@all: Please prefer those methods instead of sending patches privately
or via the mailing list.

Cheers,
Balint


> > If so, please forward this patch set.  You may also want to add a few
> > more packages to Build-Depends (I don't yet know the build system
> > enough to do so).
> >
> > Cheers,
> >
> > Alex
> >
> > Alejandro Colomar (2):
> >   debian/control: Sort alphabetically package lists
> >   debian/control: Add libbsd-dev and pkg-config
> >
> >  debian/control | 26 ++
> >  1 file changed, 14 insertions(+), 12 deletions(-)
> >
> > Range-diff against v0:
> > -:   > 1:  3d079bd9 debian/control: Sort alphabetically package 
> > lists
> > -:   > 2:  48ac3d10 debian/control: Add libbsd-dev and pkg-config
> > --
> > 2.39.2

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#778950: Fixed in Upstream

2022-10-05 Thread Bálint Réczey 
Hi Jeff,

On Mon, 3 Oct 2022 09:10:33 -0500 Jeffrey Hawkins
 wrote:
> It appears the CVE-2013-4235 has been fixed in the upstream project,
> Release:  4.11.  Is there any intent by Debian to backport the fix?
> https://github.com/shadow-maint/shadow/releases/tag/v4.11

Not really. This marked as an unimportant issue by the Security Team.
https://security-tracker.debian.org/tracker/source-package/shadow

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#1004710: Bug#1004710: passwd: 4.11.1 breaks mmdebstrap testsuite by empty directories in /var/mail and /var/spool/mail

2022-02-10 Thread Bálint Réczey 
Control: reassign -1 adduser 3.118
Control: retitle -1 adduser: Please pass "-r" to useradd when creating
system users
Control: tags -1 patch

Hi Johannes,

Johannes Schauer Marin Rodrigues  ezt írta (időpont:
2022. febr. 10., Cs, 8:39):
>
> Hi Bálint,
>
> Quoting Bálint Réczey (2022-02-02 00:10:00)
> > > Is the creation of these empty directories intended?
> >
> > I'm not sure yet.
> >
> > > Do you have an explanation why they are only created with debootstrap?
> >
> > Not yet, but thank you for the bug report.
>
> thank you for looking into it! Did you already find out something? The
> mmdebstrap autopkgtests have now been broken for 10 days.

Sorry for the delay, I tried bumping the severity to buy myself some time.

It seems this is an adduser bug and the following patch fixes it:
--- adduser.orig2018-09-15 21:12:39.0 +0200
+++ adduser2022-02-10 22:27:05.759922091 +0100
@@ -434,7 +434,7 @@
 $shell = $special_shell || '/usr/sbin/nologin';
 $undouser = $new_name;
 my $useradd = &which('useradd');
-&systemcall($useradd, '-d', $home_dir, '-g', $ingroup_name, '-s',
+&systemcall($useradd, '-r', '-d', $home_dir, '-g', $ingroup_name, '-s',
 $shell, '-u', $new_uid, $new_name);
 if(!$disabled_login) {
 my $usermod = &which('usermod');

Apparently useradd correctly guessed system user ranges in the past,
but this is not something to rely on.

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#1004710: Bug#1004710: passwd: 4.11.1 breaks mmdebstrap testsuite by empty directories in /var/mail and /var/spool/mail

2022-02-01 Thread Bálint Réczey 
Control: severity -1 serious


Hi Johannes,

Johannes Schauer Marin Rodrigues  ezt írta (időpont:
2022. febr. 1., K, 0:39):
>
> Package: passwd
> Version: 1:4.11.1+dfsg1-1
> Severity: normal
> X-Debbugs-Cc: jo...@debian.org
> Control: affects -1 mmdebstrap
>
> Hi,
>
> steps to reproduce:
>
> $ sudo debootstrap unstable debian-unstable-good 
> https://snapshot.debian.org/archive/debian/20220131T090427Z/
> $ sudo debootstrap unstable debian-unstable-bad 
> https://snapshot.debian.org/archive/debian/20220131T160201Z/
>
> when diffing both directories one sees:
>
> Only in debian-unstable-bad/var/mail: _apt
> Only in debian-unstable-bad/var/mail: systemd-network
> Only in debian-unstable-bad/var/mail: systemd-resolve
> Only in debian-unstable-bad/var/spool/mail: _apt
> Only in debian-unstable-bad/var/spool/mail: systemd-network
> Only in debian-unstable-bad/var/spool/mail: systemd-resolve
>
> The only packages that differ between both chroots are the versions of
> login and passwd, hence I'm filing this bug here.
>
> The problem is, that this breaks the testsuite and autopkgtest of
> mmdebstrap. Notably, a chroot created with mmdebstrap does not include
> these directories.
>
> Is this change indeed related to passwd?

I'm raising the severity to look into that.

> Is the creation of these empty directories intended?

I'm not sure yet.

> Do you have an explanation why they are only created with debootstrap?

Not yet, but thank you for the bug report.

Cheers,
Balint


> Thanks!
>
> cheers, josch

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#949862: Bug#949862: passwd: Translation error in help output

2022-01-31 Thread Bálint Réczey 
Control: fixed -1 1:4.11.1+dfsg1-1

Hi Tollef,

Bálint Réczey  ezt írta (időpont: 2021. nov.
14., V, 12:55):
>
> Control: forwarded -1 https://github.com/shadow-maint/shadow/pull/442
> Control: tags -1 upstream
>
> Hi Tollef,
>
> Tollef Fog Heen  ezt írta (időpont: 2020. jan. 26., V, 9:09):
> >
> > Package: passwd
> > Version: 1:4.8-1
> > Severity: minor
> >
> > It seems like there's an inconsistency between the Norwegian and
> > untranslated help texts:
> >
> > $ LANG=C sudo passwd --help
> > Usage: passwd [options] [LOGIN]
> >
> > Options:
> > […]
> >   -l, --locklock the password of the named account
> >
> > $ LANG=nb_NO.UTF-8 sudo passwd --help
> > Bruk: passwd [valg] [BRUKER]
> >
> > Valg:
> > […]
> >   -L, --lock  lås passord for den valgt konto
> >
> > Note -l vs -L there.
>
> Yes, this is definitely wrong.

And now it is fixed in the latest upload.

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#762356: passwd: [INTL:de] Update for German shadow-man-pages

2022-01-31 Thread Bálint Réczey 
Control: fixed -1 1:4.11.1+dfsg1-1

Hi Simon,

On Sun, 21 Sep 2014 16:06:03 +0200 Simon Brandmair  wrote:
> Package: passwd
> Version: 1:4.1.5.1-1
> Severity: wishlist
> Tags: l10n patch
>
> I attached an update of the German translation of the shadow
> manpages. It is proofread by debian-l10n-german mailing list. It would
> be great if it could be included in the jessie release.

I'm sorry that this particular translation update hasn't been picked
up, but several updates have taken place since then improving the
translation and this patch does not apply.

Thanks,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#759110: Bug#759110: [i18n] Allow translation of new strings by adding new files to POTFILES.in

2022-01-31 Thread Bálint Réczey 
Control: fixed -1 1:4.11.1+dfsg1-1

Hi Miroslav,

On Sun, 24 Aug 2014 18:07:33 +0200 Christian PERRIER  wrote:
> Quoting Miroslav Kure (ku...@upcase.inf.upol.cz):
> > Package: shadow
> > Severity: wishlist
> > Tags: l10n, patch
> >
> > Hi Christian,
> >
> > I have noticed some strings from newer shadow utilities (newuidmap,
> > newgidmap) do not appear in shadow.pot and therefore can't be
> > translated.
> >
> > This is caused by obsolete po/POTFILES.in which does not reference the
> > new .c files.
> >
> > Please commit the attached POTFILES.in which includes references to
> > the new files and also the regenerated shadow.pot.
>
>
> Thanks. I'll try to go through the various pending bugs for upstream
> shadow in the upcoming months.
>
> Sadly, most of them might be kinda "blind" commits of mine as I'm
> unsure I have the expertise to check what is a right fix and what is
> not.
>
> (that's not the case here : for i18n, I think I have the expertise...:-))

POTFILES.in has been updated a few times since then, the last time in
1:4.11.1+dfsg1-1.

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#865319: Bug#865319: Bug#865319: passwd: Partial man French l10n: 1 untranslated sentence

2022-01-31 Thread Bálint Réczey 
Control: notfound -1 1:4.4-4.1

Hi David,

Christian PERRIER  ezt írta (időpont: 2017. jún.
21., Sze, 6:42):
>
> Quoting David Guyot (david.gu...@web-eci.com):
> > Package: passwd
> > Version: 1:4.4-4.1
> > Severity: minor
> > Tags: l10n
> >
> > Dear Maintainer,
> >
> > Reading the French passwd(1) man, I noticed that there was a remaining 
> > English
> > sentence: "You can find advice on how to choose a strong password on
> > http://en.wikipedia.org/wiki/Password_strength";. In French, that would
> > translate to: "Vous trouverez des conseils concernant la robustesse d’un 
> > mot de
> > passe à l’adresse https://en.wikipedia.org/wiki/Password_strength (en)".
> >
> > I did not pick the page from the French Wikipedia, as it is currently way 
> > too
> > concise and useless, and I didn't know which other source I could use there.
> > Regarding the translation, French being my first language, I'm rather 
> > confident
> > that it is good, but feel free to not take my word for it ;)
>
>
> This is common practice in gettext-based translation work. Doing so
> allows to keep the part that have been translated *and* avoid dropping
> additional English parts.

Yes, this is the case.

> I do not consider this a bug but a feature that helps in keeping alive
> translation work even when nobody works on updating it.
>
> Would I still be the package maintainer, I would consider closing the
> bug report.

Christian, you are still welcome to respond to bugs and tag/close them
when you feel appropriate. :-)

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#953422: Bug#953422: shadow: [INTL:nl] Dutch po file for the shadow package

2022-01-31 Thread Bálint Réczey 
Control: fixed -1 1:4.11.1+dfsg1-1

Hi Frans,

Frans Spiesschaert  ezt írta (időpont:
2020. márc. 9., H, 17:18):
>
>
>
> Package: shadow
> Severity: wishlist
> Tags: l10n patch
>
>
>
> Dear Maintainer,
>
>
> Please find attached the updated Dutch po file for the shadow package.
> It has been submitted for review to the debian-l10n-dutch mailing list.
> Please add it to your next package revision.
> It should be put as "po/nl.po" in your package build tree.
>
> I've also filed a merge request (#230) to shadow-maint/shadow at github and
> it has been pulled into master.
>
>
> --
> Kind regards,
> Frans Spiesschaert

Thanks for the translation and for also submitting the upstream PR!

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#829001: Bug#829001: /etc/login.defs: Documentation is wrong about default value of SUB_[UG]ID_COUNT

2022-01-31 Thread Bálint Réczey 
Control: fixed -1 1:4.11.1+dfsg1-1

Hi,

On Fri, 29 Jul 2016 23:33:11 -0500 "Serge E. Hallyn"  wrote:
> Thanks, indeed those should be in sync.  I believe the best is to change
> the documentation to read the larger value, as it is a useful range for
> containers to use.  I'll aim to get that fix into the next release.

Thanks, now the login.defs shipped in Debian has the right defaults, too.

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#1004242: Bug#1004242: shadow:[INTL:fr] updated French man page translation

2022-01-26 Thread Bálint Réczey 
Control: forwarded -1 https://github.com/shadow-maint/shadow/pull/499
Control: tags -1 upstream

Hi,

 ezt írta (időpont: 2022. jan. 23., V, 13:06):
>
> Package: shadow
> Version:4.0.18
> Severity: wishlist
> Tags: patch l10n
>
> Dear mainteners,
> Hello, please find the updated french translation for shadow attached,
> proofread by the debian-l10n-french mailing list contributors.
>
> This file should be put as debian/po/fr.po in your package build tree.

As I see this should be applied upstream, thus I've forwarded it with
a few fixes.

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#998694: Bug#998694: Don't timeout if you haven't asked for password yet

2021-11-14 Thread Bálint Réczey 
Control: tags -1 wontfix

Hi Dan,

積丹尼 Dan Jacobson  ezt írta (időpont: 2021. nov.
6., Szo, 19:00):
>
> Package: login
> Version: 1:4.8.1-1.1
>
> (/usr/share/doc/login/copyright says
> This is Debian GNU/Linux's prepackaged version of the shadow utilities.
>
> It was downloaded from: .
> As of May 2007, this site is no longer available.)

The Homepage: https://github.com/shadow-maint/shadow info is up to
date, but the copyright file should be updated, I agree.

> OK, I'll report the bug here:
>
> Let's say the system is so overloaded that...
>
> Login: root
>
> Login timed out after 60 seconds
>
> Yes, that's right, even before the password prompt appeared!
>
> So that timeout will prevent access to the whole system!
>
> So: at least don't timeout if you haven't asked for password yet!

The timer is set right before calling pam_start() in login.c, thus it
would not be easy to delay that. If you have a system unable to show
password prompt for 1 minute it is unlikely that you can get in even
with a timeout started later.

Cheers,
Balint

> Thanks.
>
> ___
> Pkg-shadow-devel mailing list
> Pkg-shadow-devel@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#949862: Bug#949862: passwd: Translation error in help output

2021-11-14 Thread Bálint Réczey 
Control: forwarded -1 https://github.com/shadow-maint/shadow/pull/442
Control: tags -1 upstream

Hi Tollef,

Tollef Fog Heen  ezt írta (időpont: 2020. jan. 26., V, 9:09):
>
> Package: passwd
> Version: 1:4.8-1
> Severity: minor
>
> It seems like there's an inconsistency between the Norwegian and
> untranslated help texts:
>
> $ LANG=C sudo passwd --help
> Usage: passwd [options] [LOGIN]
>
> Options:
> […]
>   -l, --locklock the password of the named account
>
> $ LANG=nb_NO.UTF-8 sudo passwd --help
> Bruk: passwd [valg] [BRUKER]
>
> Valg:
> […]
>   -L, --lock  lås passord for den valgt konto
>
> Note -l vs -L there.

Yes, this is definitely wrong.

> (it should also read «lås passordet for den valgte kontoen»; though
> shouldn't it just be «lock the named account»?)

No, please see the man page for details.

Cheers,
Balint

> --
> Tollef Fog Heen
> UNIX is user friendly, it's just picky about who its friends are

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#812127: Bug#812127: login: wrong German error message

2021-11-14 Thread Bálint Réczey 
Control: tags -1 upstream l10n

Hi Holger,

I'm sorry for keeping this hanging for so long. I'm packaging 4.9 and
the translation has been updated upstream in the meantime:
https://github.com/shadow-maint/shadow/blob/master/po/de.po

Are the new strings OK, or do they still need updating?

Cheers,
Balint


Holger Wansing  ezt írta (időpont: 2017.
febr. 6., H, 22:12):
>
> Hi,
>
> Bálint Réczey  wrote:
> > >> > As stated, I (rather firmly) believe
> > >> >> Under no cirumstance work is possible without effective root.
> > >>
> > >> IMO this is the correct interpretation.
> > >>
> > >> The place where the message is emitted is here:
> > >> http://sources.debian.net/src/shadow/1:4.4-3/src/login.c/?hl=567#L567
> > >
> > > So you should probably change the phrase in English too, to ensure it
> > > is understood correctly? (Maybe other translators have misinterpreted it
> > > too?)
> >
> > The freeze is not a great time for making changes to the original strings. 
> > :-)
> > Let's defer the resolution of this bug after Stretch is released.
> >
> > Login may be provided by util-linux per #833256 and in that case I don't 
> > wan't
> > to ask l10n teams to update a string in every language before that string 
> > goes
> > away.
>
> Attached is an updated po file for German.
>
> I have applied the proposal by Helge, and updated the other fuzzies and
> untranslated strings as well.
>
>
> Probably you can still get it into Stretch ...
>
> So long
> Holger
>
> --
> 
> Created with Sylpheed 3.5.0 under
> D E B I A N   L I N U X   8 . 0   " J E S S I E " .
>
> Registered Linux User #311290 - https://linuxcounter.net/
> 
> ___
> Pkg-shadow-devel mailing list
> pkg-shadow-de...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-shadow-devel

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#942680: Bug#942680: passwd: vipw does not resume properly when suspended

2021-11-14 Thread Bálint Réczey 
Control: fixed -1 4.8-1
Control: forwarded -1 https://github.com/shadow-maint/shadow/issues/185
Control: upstream

Todd C. Miller  ezt írta (időpont: 2019. nov. 4.,
H, 19:15):
>
> On Sat, 26 Oct 2019 07:49:33 -0500, "Serge E. Hallyn" wrote:
>
> > second option sounds nicer but sure is a lot more code.  So I'm
> > leaning towards the first.  Do you  mind creating a github issue
> > at github.com/shadow-maint/shadow for this, or would you prefer that
> > I do it?
>
> I opened a github issue and attached the patches:
> https://github.com/shadow-maint/shadow/issues/185
>
>  - todd
>

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#999464: Bug#999464: shadow: FTBFS on non linux-architectures

2021-11-11 Thread Bálint Réczey 
Control: tags -1 help

Hi Laurent,

Laurent Bigonville  ezt írta (időpont: 2021. nov.
11., Cs, 14:03):
>
> Source: shadow
> Version: 1:4.7-1
> Severity: important
> Tags: ftbfs
> Justification: fails to build from source (but built successfully in the past)
>
> Hello,
>
> Since version 1:4.7-1 shadow FTBFS on non-linux architectures with the
> following error:
>
> idmapping.c:39:10: fatal error: sys/prctl.h: No such file or directory
>39 | #include 
>   |  ^
> compilation terminated.
> make[3]: *** [Makefile:555: idmapping.o] Error 1
>
> Apparently prctl() and sys/prctl.h is linux only

Inded. Patches are welcome for the affected architectures.

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#922945: Bug#922945: /var/log/lastlog is a 110 TByte sparse file, seriously affecting backup

2021-04-16 Thread Bálint Réczey 
Control: severity -1 wishlist
Control: tags -1 confirmed upstream

Hi Sam,

Sam Morris  ezt írta (időpont: 2021. ápr. 13., K, 19:45):
>
> On Tue, 2021-04-13 at 15:26 +0200, Chris Hofstaedtler wrote:
> > This will then silently hide login failures from userids larger than
> > this ID? Given the original submitter has a user with uid 37940,
> > why whould this not be logged?
> >
> > If they didn't want those uids to be used, maybe dont assign them?
> >
> > Chris
>
> I think login.defs(5) says it best:
>
> "As higher user IDs are usually tracked by remote user identity and
> authentication services there is no need to create a huge sparse
> lastlog file for them."
>
> The design of the lastlog format means you either have an apparantly
> huge (sparse) file, which causes problems for badly written backup
> software, or you don't record information for users with high UIDs in
> this file at all.
>
> In any case, it looks like OpenSSH has its own code to read/write to
> /var/log/lastlog, rather than using pam_lastlog, so in any case
> changing login.defs wouldn't be sufficient.

Lastlog format is stable for a very long time and I don't think it
would be wise to change it and as Chris pointed out shipping a default
low
LASTLOG_UID_MAX would hide login failures which is also not desired as
a default.

Rsync (3.1.3-8) may be optimized to handle sparse files better, please
open a bug against rsync if you agree:

rbalint@zen:~$ fallocate -l 40 test-sparse-file
rbalint@zen:~$ fallocate -p -l 40 test-sparse-file
rbalint@zen:~$ time rsync -vS test-sparse-file test-sparse-file-copy
test-sparse-file

sent 4,000,976,652 bytes  received 35 bytes  533,463,558.27 bytes/sec
total size is 4,000,000,000  speedup is 1.00

real0m6.454s
user0m10.036s
sys0m1.952s
rbalint@zen:~$ ls -s test-sparse-file*
4 test-sparse-file  0 test-sparse-file-copy
rbalint@zen:~$ ls -lh test-sparse-file*
-rw-rw-r-- 1 rbalint rbalint 3.8G Apr 16 13:27 test-sparse-file
-rw-rw-r-- 1 rbalint rbalint 3.8G Apr 16 13:28 test-sparse-file-copy

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#932458: Couldn't open /etc/securetty: No such file or directory

2021-04-05 Thread Bálint Réczey 
Control: reassign -1 pam 1.3.1-5
Control: fixed -1 pam 1.4.0-1

Hi Chris,

Chris Hofstaedtler  ezt írta (időpont: 2020. dec.
31., Cs, 0:56):
>
> Hey,
>
> * Bálint Réczey  [201230 23:53]:
> > Bálint Réczey  ezt írta (időpont: 2019. nov.
> > 7., Cs, 20:45):
> > > Thorsten Glaser  ezt írta (időpont: 2019. nov. 6.,
> > > Sze, 23:08):
> > > >
> > > > Hi everyone,
> > > >
> > > > when will something happen to not fill syslog with these messages
> > > > (unless deserved, such as if there is really something to warn about)?
> > > >
> > > > It’s not even stated yet whether the suggested change to the config
> > > > is safe to apply…
> > >
> > > I'm waiting for Steve's position on this. I believe the change to
> > > shadow was OK and all we need is removing the message in PAM.
> > > Since it is a trivial change I have not prepared a patch but I'm happy
> > > to if Steve prefers that.
> >
> > I asked upstream if they just want to silence the notice, but they
> > don't want to:
> > https://github.com/linux-pam/linux-pam/pull/158
> >
> > It leaves us with disabling it using configuration files. IMO the
> > proposed patch of removing nullok_secure is safe and the desired
> > solution.
> > However it is up to the maintainers, Steve, or Sam, to accept the
> > patch unless someone NMUs it.
> > I don't plan NMU-ing it myself, but since the general NMU rules apply
> > any DD can NMU it via DELAYED/10.
>
> Given not much has happened so far, maybe login should remove
> pam_securetty from its default PAM configuration instead?
>
> Thats nothing that needs to be coordinated with the PAM maintainers,
> AFAICT.

It seems this is fixed in pam.

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#894996: Bug#894996: Bug#894996: Give the path of the directory you are talking about

2020-02-06 Thread Bálint Réczey 
Control: fixed -1 1:4.8-1

積丹尼 Dan Jacobson  ezt írta (időpont: 2018. ápr.
9., H, 16:11):
>
> OK, made
> https://github.com/shadow-maint/shadow/issues/105 ,
> https://github.com/shadow-maint/shadow/issues/106 .
>
> ___
> Pkg-shadow-devel mailing list
> pkg-shadow-de...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-shadow-devel

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#888590: /usr/share/man/man8/vigr.8.gz is wrongly in GERMAN

2019-12-29 Thread Bálint Réczey 
Control: fixed -1 1:4.8-1

Michelle Konzack  ezt írta (időpont:
2018. jan. 27., Szo, 15:24):
>
> Package: passwd
> Version: 1:4.4-4.1
> Release: Stretch
>
> Hello Maintainer,
>
> I just checked some packages and discovered, that this package has a
> GERMAN manpage instead of the ENGLISH one in /usr/share/man/man8/.
>
> I assume, it was wrongly copied, while building the package.

This is now fixed in the latest version.

Cheers,
Balint

>
> -- System Information:
> Debian Release: 9.3
>   APT prefers stable-updates
>   APT policy: (500, 'stable-updates'), (500, 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 4.9.0-5-amd64 (SMP w/2 CPU cores)
> Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8),
> LANGUAGE=de_DE:de (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: sysvinit (via /sbin/init)
>
>
> --
> Michelle KonzackMiila ITSystems @ TDnet
> GNU/Linux Developer 00372-54541400
>

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#892097: passwd: useradd -D -s /bin/bash has no effect on Jessie

2019-12-27 Thread Bálint Réczey 
Control: fixed -1 1:4.5-1

Hi Martin,

Martin Steigerwald  ezt írta (időpont:
2018. márc. 5., H, 14:39):
>
> Package: passwd
> Version: 1:4.4-4.1
> Severity: normal
>
> Dear maintainers,
>
> On Debian Jessie useradd -D -s /bin/bash has no effect. In Debian Sid
> with passwd 1:4.5-1 this works again, so this is likely an upstream issue.

Marking as fixed per the original observation. Since this is not a
high severity but it is not likely that it will be fixed in Jessie
which is now oldstable.

Thanks,
Balint

>
> I have:
>
> % useradd -D
> GROUP=100
> HOME=/home
> INACTIVE=-1
> EXPIRE=
> SHELL=/bin/sh
> SKEL=/etc/skel
> CREATE_MAIL_SPOOL=no
>
> I do:
>
> % useradd -D -s /bin/bash
> (no output)
>
> I still have:
>
> % useradd -D
> GROUP=100
> HOME=/home
> INACTIVE=-1
> EXPIRE=
> SHELL=/bin/sh
> SKEL=/etc/skel
> CREATE_MAIL_SPOOL=no
>
> % grep SHELL /etc/default/useradd
> # The SHELL variable specifies the default login shell on your
> SHELL=/bin/sh
>
> Workaround is to edit /etc/default/useradd:
>
> % grep SHELL /etc/default/useradd
> # The SHELL variable specifies the default login shell on your
> SHELL=/bin/bash
>
> % useradd -D
> GROUP=100
> HOME=/home
> INACTIVE=-1
> EXPIRE=
> SHELL=/bin/bash
> SKEL=/etc/skel
> CREATE_MAIL_SPOOL=no
>
> Thanks,
> Martin
>
>
>
> -- System Information:
> Debian Release: 9.3
>   APT prefers stable-updates
>   APT policy: (500, 'stable-updates'), (500, 'stable')
> Architecture: i386 (x86_64)
> Foreign Architectures: amd64
>
> Kernel: Linux 4.9.0-6-amd64 (SMP w/1 CPU core)
> Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), 
> LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
>
> Versions of packages passwd depends on:
> ii  libaudit1   1:2.6.7-2
> ii  libc6   2.24-11+deb9u1
> ii  libpam-modules  1.1.8-3.6
> ii  libpam0g1.1.8-3.6
> ii  libselinux1 2.6-3+b3
> ii  libsemanage12.6-2
>
> passwd recommends no packages.
>
> passwd suggests no packages.
>
> -- Configuration Files:
> /etc/default/useradd [Errno 13] Keine Berechtigung: '/etc/default/useradd'
>
> -- debconf information:
>   passwd/password-empty:
>   passwd/user-uid:
>   passwd/user-fullname:
>   passwd/md5: false
>   passwd/username:
>   passwd/username-bad:
> * passwd/make-user: false
>   passwd/title:
>   passwd/shadow: true
>   passwd/password-mismatch:
>

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#946608: shadow: [INTL:nl] Dutch po file for the shadow package

2019-12-20 Thread Bálint Réczey 
Control: tags -1 confirmed upstream moreinfo

Hi Frans,

On Wed, Dec 11, 2019, 8:45 PM Frans Spiesschaert <
frans.spiesscha...@yucom.be> wrote:

>
> Package: shadow
> Severity: wishlist
> Tags: l10n patch
>
>
> Dear Maintainer,
>
> Please find attached the Dutch po file for the shadow package.
> It should be put as "po/nl.po" in your package build tree.
> The translation is updated to the 2019-06-13 templates (pot) file
> (shadow_1_4.7-2).
> In addition, the translation was also adapted to the guidelinesof the
> Translation Project for translating man pages into Dutch.
>

Thank you for the translation. I'm about to update shadow to 4.8 which
needs further translation updates. Could you please refresh the translation
for it or possibly forward it upstream?

Thanks,
Balint


> --
> Kind regards,
> Frans Spiesschaert
>
>
___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#932458: Couldn't open /etc/securetty: No such file or directory

2019-12-17 Thread Bálint Réczey 
Hi,

Bálint Réczey  ezt írta (időpont: 2019. nov.
7., Cs, 20:45):
>
> Hi,
>
> Thorsten Glaser  ezt írta (időpont: 2019. nov. 6.,
> Sze, 23:08):
> >
> > Hi everyone,
> >
> > when will something happen to not fill syslog with these messages
> > (unless deserved, such as if there is really something to warn about)?
> >
> > It’s not even stated yet whether the suggested change to the config
> > is safe to apply…
>
> I'm waiting for Steve's position on this. I believe the change to
> shadow was OK and all we need is removing the message in PAM.
> Since it is a trivial change I have not prepared a patch but I'm happy
> to if Steve prefers that.

I asked upstream if they just want to silence the notice, but they
don't want to:
https://github.com/linux-pam/linux-pam/pull/158

It leaves us with disabling it using configuration files. IMO the
proposed patch of removing nullok_secure is safe and the desired
solution.
However it is up to the maintainers, Steve, or Sam, to accept the
patch unless someone NMUs it.
I don't plan NMU-ing it myself, but since the general NMU rules apply
any DD can NMU it via DELAYED/10.

https://www.debian.org/doc/manuals/developers-reference/pkgs.html#when-and-how-to-do-an-nmu

Cheers,
Balint

>
> Cheers,
> Balint
>
> > Thanks in advance,
> > //mirabilos
> > --
> > tarent solutions GmbH
> > Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
> > Tel: +49 228 54881-393 • Fax: +49 228 54881-235
> > HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
> > Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander 
> > Steeg
>

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#881889: Bug#881889: shadow: Please switch from gnome-doc-utils to pure gettext

2019-12-12 Thread Bálint Réczey 
Hi,

Andreas Henriksson  ezt írta (időpont: 2019. dec.
12., Cs, 11:00):
>
> Hello,
>
> I've prepared an updated shadow package a few days ago at:
> https://salsa.debian.org/ah/shadow/activity
>
> This update fixes #881889
>
> (The result has so far only been build-tested.)
>
> Would be great to hear something from maintainers soon!

I'll give it some testing and release it in the next few days.

Thanks,
Balint

>
> Regards,
> Andreas Henriksson
>
> ___
> Pkg-shadow-devel mailing list
> Pkg-shadow-devel@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#892098: Bug#892098: passwd: useradd in Jessie creates user with empty string as shell)

2019-11-18 Thread Bálint Réczey 
Control: fixed -1 1:4.5-1.1

Hi Martin,

Martin Steigerwald  ezt írta (időpont:
2018. márc. 26., H, 10:12):
>
> reopen 892098
> thanks
>
> Hello Bálint,
>
> Debian Bug Tracking System - 23.03.18, 14:09:
> > > Package: passwd
> > > Version: 1:4.4-4.1
> > > Severity: normal
> […]
> > > useradd in Jessie creates user with empty string as shell:
> > >
> > > % useradd -m emptyshell
> > > % getent passwd | grep emptyshell
> > > emptyshell:x:4001:4002::/home/emptyshell:
> > >
> > > % useradd -D
> > > GROUP=100
> > > HOME=/home
> > > INACTIVE=-1
> > > EXPIRE=
> > > SHELL=/bin/bash
> > > SKEL=/etc/skel
> > > CREATE_MAIL_SPOOL=no
> > >
> > > useradd from passwd 1:4.5-1 in Debian Sid works correctly.
> >
> > Just like the one in Jessie.
>
> Nope. At least not on my Debian Stretch systems including templates with
> minimal installation and customization.
>
> > > passwd suggests no packages.
> > >
> > > -- Configuration Files:
> > > /etc/default/useradd [Errno 13] Keine Berechtigung: '/etc/default/useradd'
> >
> > /etc/default/useradd is missing, it would set SHELL for adduser.
>
> No, its not. "Keine Berechtigung" means "permission denied". Which is due to
> me running reportbug as a user, not as root and /etc/default/useradd being
> restricted to root:
>
> root@debiantest:~# LANG=C ls -l /etc/default/useradd
> -rw--- 1 root root 1195 Mar 26 10:00 /etc/default/useradd
>
>
> I just tried again on a minimal template:
>
> root@debiantest:~# useradd -m test
> root@debiantest:~# getent passwd | grep test
> test:x:1001:1001::/home/test:
>
> root@debiantest:~# grep -v "^#" /etc/default/useradd
> SHELL=/bin/sh
>
> From your other mail:
> > I mean for useradd, but using adduser is recommended anyway.
>
> Sure is, still, useradd is supposed to work as well and also its the
> distribution agnostic way to add users.


Thanks, I could reproduce the issue in stretch in LXC but not in buster in LXC:

root@stretch:~# useradd -m test
root@stretch:~# getent passwd | grep test
test:x:1001:1001::/home/test:

root@buster:~# useradd -m test
root@buster:~# getent passwd | grep test
test:x:1000:1000::/home/test:/bin/sh

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#864736: Bug#864736: Bug#864736: shadow: [INTL:nl] Dutch po file for the shadow package

2019-11-11 Thread Bálint Réczey 
Control: fixed - 1 1:4.7.1-1

Serge E. Hallyn  ezt írta (időpont: 2017. júl. 16., V, 23:51):
>
> On Sat, Jul 15, 2017 at 11:42:22AM +0200, Frans Spiesschaert wrote:
> > Serge E. Hallyn schreef op vr 14-07-2017 om 14:06 [-0500]:
> > > Thanks, I see it went through some review at
> > >
> > > https://lists.debian.org/debian-l10n-dutch/2017/06/msg00055.html
> > >
> > > so happy to take it in the upstream package.  Would you like to
> > > post a pull request at github.com/shadow-maint/shadow,
> >
> > > or would
> > > you prefer that I post the file for you?
> >
> > yes, I would be grateful if you would be willing to do so.
>
> Thanks, done upstream.

Thank you, also shipped in the package.

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#918754: Bug#918754: bash: $PATH in bash does not include /sbin and /usr/sbin

2019-11-11 Thread Bálint Réczey 
Control: reassign -1 util-linux 2.32-0.2

Stefan Tauner  ezt írta (időpont: 2019. szept.
23., H, 15:30):
>
> On Wed, 11 Sep 2019 14:18:32 + "Jakubith, Boris"
>  wrote:
>
> > I think this no _not_ a good idea. The semantics of 'su' is correct. The
> > only error is that many users up to day count on the wrong behaviour.
> > […]
> >
> > You can set 'ALWAYS_SET_PATH yes' for your installation, but generally - in
> > a default install - this would be sooo wrong, especially because there many
> > alternatives.
>
> I can't argue with that, however I want to point out that the root
> terminal (at least on Mate) as described in the Debian wiki[1] is
> executed via "gksu /usr/bin/x-terminal-emulator"
> that lacks the correct (PATH) environment too (I did an upgrade so maybe
> this is a relic).
> Changing the command to use gksudo instead sets up the right
> directories AFAICT. This definitely looks like a bug to me. Can anybody
> confirm the behavior (of launching a root terminal in a desktop
> environment and not having the sbin directories in PATH) on a fresh
> Gnome and/or Mate install? If this is deemed a bug shall we repurpose
> this one or create a new one?
>
> Sidenote: It is also no longer possible to launch X applications from
> such a (root) terminal which used to work (can't remember if I had to
> persuade it to do so with some configuration files though).
>
> 1: https://wiki.debian.org/Root

It was a decision of util-linux maintainers to change the behaviour
and /etc/default/su would be a better place to revert to the old
behaviour which should be shipped by su.

Cheers,
Balint

> --
> Kind regards/Mit freundlichen Grüßen, Stefan Tauner
>
> ___
> Pkg-shadow-devel mailing list
> Pkg-shadow-devel@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#859749: Bug#859749: groupmems(8): non-localized manual page unavaliable

2019-11-11 Thread Bálint Réczey 
Control: fixed -1 1:4.7-1

Ivan Shmakov  ezt írta (időpont: 2017. ápr. 6., Cs, 21:48):
>
> Package: passwd
> Version: 1:4.4-4
> Tags:patch
>
> As it seems, when /usr/sbin/groupmems was added to the package
> this January, the /usr/share/man/man8/groupmems.8.gz
> (non-localized) manual page somehow didn’t make it into
> debian/passwd.install.
>
> Please thus consider the patch MIMEd.
>
> PS.  I guess that the file /does/ get built, albeit I didn’t actually
> check it.

Thanks, I fixed this but forgot following up here.

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#857805: Bug#857805: shadow: please run the testsuite

2019-11-11 Thread Bálint Réczey 
Hi Chris,

Chris Lamb  ezt írta (időpont: 2019. nov. 11., H, 16:15):
>
> Hi Bálint,
>
> > I have started experimenting with the tests but they are failing.
> > Maybe with upstream's help we can enable them for later upstream releases.
>
> Good shout. I wonder if it would be helpful to mark them as "known
> failing" in some way ("|| true" or equivalent...) just so we have the
> [failing] logs to point upstream at?

Upstream dropped the tests from the 4.7 release tarball, but this is
where we are heading.
I added a link to the failing pipelines.

Cheers,
Balint

>
>
> Regards,
>
> --
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org chris-lamb.co.uk
>`-

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#905564: Bug#905564: login: shows error about "ALWAYS_SET_PATH" which is supported by "su" from "util-linux"

2019-11-11 Thread Bálint Réczey 
Control: reassign -1 util-linux 2.32-0.2

Josep Lladonosa  ezt írta (időpont: 2018. aug.
20., H, 20:54):
>
> I can confirm bug just shown from a text console when trying to login (with 
> username different than root).
>
> I would like to suggest that, if old behaviour is kept by adding
> "ALWAYS_SET_PATH yes" in /etc/login.defs, it would be nice to have this line 
> already added in the file.

It was a decision of util-linux maintainers to change the behaviour
and /etc/default/su would be a better place to revert to the old
behaviour which should be shipped by su.

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#857805: Bug#857805: shadow: please run the testsuite

2019-11-11 Thread Bálint Réczey 
Control: forwarded -1 https://github.com/shadow-maint/shadow/issues/168

Hi Chris,

Chris Lamb  ezt írta (időpont: 2017. márc. 15., Sze, 11:45):
>
> Package: shadow
> Version: 1:4.4-4
> Severity: wishlist
>
> Hi,
>
> I notice that we aren't currently running shadow's testsuite as
> part of the package build. This seems a little risky given it's
> such a security-sensitive (!) package.
>
> I did notice the following warning in tests/README:
>
> This testsuite is NOT SECURE: it will temporarily change your
> passwords file with known passwords.
>
> You should run it on a chroot, or on a secured dedicated system.
>
> ... so it's fair enough that we are not running it as part of the
> Debian package build. However, this seems like a perfect use-case
> for ci.debian.net / autopkgtest.

I have started experimenting with the tests but they are failing.
Maybe with upstream's help we can enable them for later upstream releases.

Cheers,
Balint


>
> Regards,
>
> --
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-
>
> ___
> Pkg-shadow-devel mailing list
> pkg-shadow-de...@lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-shadow-devel

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#932458: Couldn't open /etc/securetty: No such file or directory

2019-11-07 Thread Bálint Réczey 
Hi,

Thorsten Glaser  ezt írta (időpont: 2019. nov. 6.,
Sze, 23:08):
>
> Hi everyone,
>
> when will something happen to not fill syslog with these messages
> (unless deserved, such as if there is really something to warn about)?
>
> It’s not even stated yet whether the suggested change to the config
> is safe to apply…

I'm waiting for Steve's position on this. I believe the change to
shadow was OK and all we need is removing the message in PAM.
Since it is a trivial change I have not prepared a patch but I'm happy
to if Steve prefers that.

Cheers,
Balint

> Thanks in advance,
> //mirabilos
> --
> tarent solutions GmbH
> Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
> Tel: +49 228 54881-393 • Fax: +49 228 54881-235
> HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
> Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#932458: pam_unix complains about removal of /etc/securetty

2019-07-26 Thread Bálint Réczey 
Control: tags -1 moreinfo

Hi,

Steve Langasek  ezt írta (időpont: 2019. júl. 19., P, 22:45):
>
> On Fri, Jul 19, 2019 at 03:45:32PM +0200, Laurent Bigonville wrote:
> > Source: shadow
> > Version: 1:4.7-1
> > Severity: normal
>
> > Since 1:4.7-1, /etc/securetty is not present on the system anymore and
> > since then pam_unix complains that the file is missing:
>
> > sudo[11488]: pam_unix(sudo:auth): Couldn't open /etc/securetty: Aucun 
> > fichier ou dossier de ce type
>
> > Was this removal coordinated with PAM package?
>
> It was not.

It is true that I did not give a heads-up for the change.

I believe this complaint and other implications such as nullok_secure
stopping to work without adding /etc/securetty are really minor issues
and should not have delayed the change in login.

Dropping securetty support in PAM  is also tracked at #674857 and Sven
recently raised the issue of the complaint there, too.

Steve, would you like me to do something more in login to help users?
I believed that the short NEWS entry would be enough, but if you would
like to have something else mentioned I'm happy to add that:
https://salsa.debian.org/debian/shadow/blob/master/debian/NEWS

Cheers,
Balint

>
> --
> Steve Langasek   Give me a lever long enough and a Free OS
> Debian Developer   to set it on, and I can move the world.
> Ubuntu Developer   https://www.debian.org/
> slanga...@ubuntu.com vor...@debian.org

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#906304: Bug#906304: login: Failure to load desktop after login

2019-07-16 Thread Bálint Réczey 
Control: notfound -1 1:4.4-4.1

Closing per submitter's request, please reopen if the issue shows up again.


on Mon, Jul 15, 2019, 23:02 Bálint Réczey  wrote:
>
> Control: tags -1 moreinfo
>
> Hi Cody,
>
> Cody Jackson  ezt írta (időpont: 2018. aug. 16.,
> Cs, 21:57):
> >
> > Package: login
> > Version: 1:4.4-4.1
> > Severity: important
> >
> > Dear Maintainer,
> >
> >* What led up to the situation?
> > Updating kernal from 4.9.0-6 to 4.9.0-7 using apt-get dist-upgrade
> >
> >* What exactly did you do (or not do) that was effective (or
> >  ineffective)?
> > My once per month apt-get dist-upgrade
> >
> >
> >
> >* What was the outcome of this action?
> >
> > When I started the OS with the new kernal. I was able to login, but then 
> > the screen went blank indefinitely. I tried shutting down and updating 
> > again. I also submitted a bug report to the kernal team, but it wasn't the 
> > right package.
> >* What outcome did you expect instead?
> >
> > The new kernal version to let me log in and use the desktop.
>
> Well, I believe the linux package would have still been better than
> login, which is for _console_ logins, but please tell if your issue
> was resolved because then we can close this bug instead of reassigning
> it.
>
> Thanks,
> Balint
>

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#919317: Bug#919317: shadow: French documentation translation update

2019-07-15 Thread Bálint Réczey 
Control: fixed -1 1:4.7-1

Alban Vidal  ezt írta (időpont: 2019. febr.
11., H, 7:33):
>
> Control: tag -1 |upstream|
> Control: tag -1 |pending|
>
> ---
>
> Dear Maintainer,
>
> Merge request sended in upstream project:
> https://github.com/shadow-maint/shadow/pull/153
>
> Regards,
>
> Alban
>
>

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#801981: Fixed upstream

2019-07-15 Thread Bálint Réczey 
Control: fixed -1 1:4.7-1

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#917773: Bug#917773: shadow: doesn't respect SOURCE_DATE_EPOCH

2019-07-15 Thread Bálint Réczey 
Control: fixed -1 1:4.7-1

Chris Lamb  ezt írta (időpont: 2019. jan. 2., Sze, 19:21):
>
> forwarded 917773 https://github.com/shadow-maint/shadow/pull/146
> thanks
>
> Hi josch,
>
> > the /etc/shadow as created by debootstrap does not respect the
> > SOURCE_DATE_EPOCH environment variable anymore. This bug was formerly
> > fixed in #857803.
>
> I have attempted to fix this upstream here:
>
>   https://github.com/shadow-maint/shadow/pull/146

Thanks!

Cheers,
Balint

>
>
> Best wishes,
>
> --
>   ,''`.
>  : :'  : Chris Lamb
>  `. `'`  la...@debian.org / chris-lamb.co.uk
>`-
>
> ___
> Pkg-shadow-devel mailing list
> Pkg-shadow-devel@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#922935: Run without cron or is cron job still needed?

2019-07-15 Thread Bálint Réczey 
Control: fixed -1 1:4.7-1

Bálint Réczey  ezt írta (időpont: 2019. máj.
14., K, 16:42):
>
> Hi Bryan,
>
> Bryan Quigley  ezt írta (időpont: 2019.
> febr. 22., P, 2:03):
> >
> > Package: passwd
> > Version: 1:4.5-1.1
> >
> > This is regards to passwd.cron.daily which backups 
> > passwd/group/shadow/gshadow daily, which AFAICT is not upstream, but may 
> > have been in the past.
> >
> > I'm looking at what it takes to run systems without cron and following the 
> > example of other packages like logrotate:
> >
> > They add this bit to the cron script:
> > # skip in favour of systemd timer
> > if [ -d /run/systemd/system ]; then
> > exit 0
> > fi
> >
> > and then create a systemd service/timer.  Happy to do the work to make a 
> > patch if the above is the preferred solution.
>
> Thank you for the offer. It is indeed a good solution and a patch is welcome.
>
> Cheers,
> Balint
>
> >
> > ___
> >
> > Alternatively, I have also wondered if the cron job functionality is still 
> > needed or if the built-in generated backups are enough - /etc/group- etc.
> >
> > On my machine the /etc/group- backup would have been much more useful then 
> > the one replaced daily by the cron job in /var/backups.
> >
> > Thanks!

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#906304: Bug#906304: login: Failure to load desktop after login

2019-07-15 Thread Bálint Réczey 
Control: tags -1 moreinfo

Hi Cody,

Cody Jackson  ezt írta (időpont: 2018. aug. 16.,
Cs, 21:57):
>
> Package: login
> Version: 1:4.4-4.1
> Severity: important
>
> Dear Maintainer,
>
>* What led up to the situation?
> Updating kernal from 4.9.0-6 to 4.9.0-7 using apt-get dist-upgrade
>
>* What exactly did you do (or not do) that was effective (or
>  ineffective)?
> My once per month apt-get dist-upgrade
>
>
>
>* What was the outcome of this action?
>
> When I started the OS with the new kernal. I was able to login, but then the 
> screen went blank indefinitely. I tried shutting down and updating again. I 
> also submitted a bug report to the kernal team, but it wasn't the right 
> package.
>* What outcome did you expect instead?
>
> The new kernal version to let me log in and use the desktop.

Well, I believe the linux package would have still been better than
login, which is for _console_ logins, but please tell if your issue
was resolved because then we can close this bug instead of reassigning
it.

Thanks,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#923160: Bug#923160: /usr/sbin/groupadd: Fail to add user pulse to group bluetooth.

2019-07-15 Thread Bálint Réczey 
Control: notfound -1 1:4.4-4.1

Corcodel Marian  ezt írta (időpont: 2019.
febr. 24., V, 16:39):
>
> Package: passwd
> Version: 1:4.4-4.1
> Severity: important
> File: /usr/sbin/groupadd
>
> Run from terminal as root
>  root@debian:/home/as# useradd -g bluetooth pulse
> useradd: user 'pulse' already exists
> Inspect file etc/group but not see user pulse together with another
> usersseparate by semicolon , as manual group.

I believe you wanted to do:

usermod -g bluetooth pulse

Cheers,
Balint

>
>
>
> -- System Information:
> Debian Release: 9.8
>   APT prefers stable
>   APT policy: (500, 'stable')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 5.0.0-rc6+ (SMP w/2 CPU cores)
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
> LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
>
> Versions of packages passwd depends on:
> ii  libaudit1   1:2.6.7-2
> ii  libc6   2.24-11+deb9u4
> ii  libpam-modules  1.1.8-3.6
> ii  libpam0g1.1.8-3.6
> ii  libselinux1 2.6-3+b3
> ii  libsemanage12.6-2
>
> passwd recommends no packages.
>
> passwd suggests no packages.
>
> -- no debconf information
>
> ___
> Pkg-shadow-devel mailing list
> Pkg-shadow-devel@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#914957: Bug#914957: login: removal of pts/* from /etc/securetty wasn't applied in stretch

2019-07-15 Thread Bálint Réczey 
Hi Michael,

Michael Biebl  ezt írta (időpont: 2018. dec. 9., V, 0:37):
>
> On Sat, 8 Dec 2018 21:57:11 +0100 =?UTF-8?B?QsOhbGludCBSw6ljemV5?=
>  wrote:
> > While I believe securetty should be disabled by default
>
> Fwiw, I agree that securetty is a bad idea and should be removed from
> the default pam configuration.
> There is a login-standing bug report, documenting that securetty breaks
> "machinectl login" [1] fwiw.
>
> Can we please revisit this and drop securetty from /etc/pam.d/login for
> buster?

Unfortunately this missed Buster, but it is at least done for Bullseye
and later.

Cheers,
Balint

>
> Regards,
> Michael
>
>
> [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771675#20
> --
> Why is it that all of the instruments seeking intelligent life in the
> universe are pointed away from Earth?
>

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#890557: shadow: CVE-2018-7169: unprivileged user can drop supplementary groups

2019-07-15 Thread Bálint Réczey 
Control: fixed -1 1:4.7-1

Salvatore Bonaccorso  ezt írta (időpont: 2018.
febr. 15., Cs, 22:33):
>
> Source: shadow
> Version: 1:4.5-1
> Severity: important
> Tags: security upstream
>
> Hi,
>
> the following vulnerability was published for shadow.
>
> CVE-2018-7169[0]:
> | An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is
> | setuid and allows an unprivileged user to be placed in a user namespace
> | where setgroups(2) is permitted. This allows an attacker to remove
> | themselves from a supplementary group, which may allow access to
> | certain filesystem paths if the administrator has used "group
> | blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This
> | flaw effectively reverts a security feature in the kernel (in
> | particular, the /proc/self/setgroups knob) to prevent this sort of
> | privilege escalation.
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2018-7169
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7169
> [1] https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
>
>
> Please adjust the affected versions in the BTS as needed.
>
> Regards,
> Salvatore
>

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#731656: Bug#731656: /etc/securetty used in buster systemd-containers

2019-07-15 Thread Bálint Réczey 
Hi Arne,

arne  ezt írta (időpont: 2019. júl. 13., Szo, 15:09):
>
> I had to modify /etc/securetty in buster systemd-containers
> in order to be able to log in as root.
>
> systemd-container still uses this file.
>
> I added
>
> # systemd containers
> pts/0
> pts/1
> pts/2
> pts/3
> pts/4
> pts/5
> pts/6
> pts/7
> pts/8
> pts/9
>
> to /etc/securetty in my containers

I followed https://wiki.debian.org/nspawn and could log in:

  153  sudo env http_proxy=http://10.84.73.1:8000 debootstrap buster
$CDIR-buster
  155  sudo systemd-nspawn -D $CDIR-buster  --machine FreedomBox-buster
  156  history
test@sid-vm-test:~$ sudo systemd-nspawn -D $CDIR-buster  --machine
FreedomBox-buster
Spawning container FreedomBox-buster on /var/lib/machines/freedombox-buster.
Press ^] three times within 1s to kill container.
root@FreedomBox-buster:~#

Buster is not fixed anyway.

Cheers,
Balint

>
> ___
> Pkg-shadow-devel mailing list
> Pkg-shadow-devel@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#731656: shadow: pam_unix requires securetty

2019-07-15 Thread Bálint Réczey 
Hi,

 ezt írta (időpont: 2019. júl. 15., H, 15:24):
>
> Package: login
> Version: 1:4.7-1
> Followup-For: Bug #731656
>
> Dear Maintainer,
>
> Today i installed a newer version of login on my debian bullseye. After 
> instalation
> i noticed a error message in /var/log/auth.log stating that pam_unix.so 
> cannot find
> file /etc/securetty. I think this is relevant to this package in some way, 
> because
> this bug report started the removal of file /etc/securetty. Also the code of 
> pam_unix.so
> should be modified to not expect existence of /etc/securetty. Currently im 
> not sure
> how this may affect the pam_unix.so module and services using it.

The complaint is tracked at the pam package:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674857#25

Thanks,
Balint

>
> Thank you
>
> Have a nice day
>
> -- System Information:
> Debian Release: bullseye/sid
>   APT prefers testing
>   APT policy: (500, 'testing')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 4.19.0-5-amd64 (SMP w/1 CPU core)
> Kernel taint flags: TAINT_CRAP
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
> LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
>
> Versions of packages login depends on:
> ii  libaudit1   1:2.8.4-3
> ii  libc6   2.28-10
> ii  libpam-modules  1.3.1-5
> ii  libpam-runtime  1.3.1-5
> ii  libpam0g1.3.1-5
>
> login recommends no packages.
>
> login suggests no packages.
>
> -- no debconf information
>

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#922935: Run without cron or is cron job still needed?

2019-05-14 Thread Bálint Réczey 
Hi Bryan,

Bryan Quigley  ezt írta (időpont: 2019.
febr. 22., P, 2:03):
>
> Package: passwd
> Version: 1:4.5-1.1
>
> This is regards to passwd.cron.daily which backups 
> passwd/group/shadow/gshadow daily, which AFAICT is not upstream, but may have 
> been in the past.
>
> I'm looking at what it takes to run systems without cron and following the 
> example of other packages like logrotate:
>
> They add this bit to the cron script:
> # skip in favour of systemd timer
> if [ -d /run/systemd/system ]; then
> exit 0
> fi
>
> and then create a systemd service/timer.  Happy to do the work to make a 
> patch if the above is the preferred solution.

Thank you for the offer. It is indeed a good solution and a patch is welcome.

Cheers,
Balint

>
> ___
>
> Alternatively, I have also wondered if the cron job functionality is still 
> needed or if the built-in generated backups are enough - /etc/group- etc.
>
> On my machine the /etc/group- backup would have been much more useful then 
> the one replaced daily by the cron job in /var/backups.
>
> Thanks!

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#620898: Moving bash from essential/required to important

2019-03-12 Thread Bálint Réczey 
Hi Dmitry,

Dmitry Bogatov  ezt írta (időpont: 2019. márc.
10., V, 20:13):
>
>
> [2017-01-21 20:54] Balint Reczey 
> > Control: tags -1 confirmed
> >
> > Hi,
> >
> > On Sat, 27 Sep 2014 21:14:46 -0500 Troy Benjegerdes  wrote:
> > > So can we have a prerm script for bash that sets the root
> > > shell back to /bin/sh, or at least asks the admin if they want
> > > zsh or tcsh, and warns about any other users?
> > >
> > > Any of this stuff of trying to have login figure out the
> > > right shell seems like a new remote exploit in the making.
> >
> > It is too late for making changes related to this bug in Stretch. :-(
> > In the next cycle we will evaluate switching to login implementatiln in
> > util-linux per #833256. This bug may be solved by the switch or later in
> > util-linux.
>
> Hi! What is the current state of bug? There was fine (IMO) proposal,

Only su moved to util-linux due to lack of time. :-(

>
> So can we have a prerm script for bash that sets the root
> shell back to /bin/sh, or at least asks the admin if they want
> zsh or tcsh, and warns about any other users?
>
> but as bash=5.0-2 it did not make its way. What is missing? Should I
> submit patch, implementing this proposal?

I think submitting the patch against bash makes sense, but the timing
is unfortunate again, since the full freeze is about to start.
It bash gets patched after the release we can make it happen for Buster+1.

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#914957: Bug#914957: login: removal of pts/* from /etc/securetty wasn't applied in stretch

2018-12-08 Thread Bálint Réczey 
Control: block -1 by 877374

Hi,

Salvatore Bonaccorso  ezt írta (időpont: 2018. nov.
29., Cs, 6:11):
>
> Control: fixed -1 1:4.5-1
>
> Hi,
>
> [disclaimer: not the maintainer here]
>
> On Thu, Nov 29, 2018 at 02:15:18PM +1100, russm wrote:
> > Package: login
> > Version: 1:4.4-4.1
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> >
> > The addition of pts/* to /etc/securetty was reverted in 1:4.5-1 but
> > *not* in packages installed to stretch. Please backport this fix to
> > 1:4.4-*
>
> The stretch update part of this is requested here:
> https://bugs.debian.org/877374

While I believe securetty should be disabled by default and nullok is
a bad practice I offered the backport in #877374 and this is the most
I can do as the maintainer.

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

Re: [Pkg-shadow-devel] Bug in login?

2018-07-31 Thread Bálint Réczey 
Hi,

2018-07-31 15:02 GMT+08:00 R S Chakravarti :
> Hi,
>
> For the last few days, root's path doesn't include /sbin or /usr/sbin.
> Some commands like apt-get and update-grub don't work.
>
> I don't know whether this is a bug, and if so, in what package. But my
> guess is login (part of shadow).
>
> If it is a bug, please fix it.

You may be facing the following issue:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904988

If you don't use su, just log in and you still esperience the issue
with a fully updated system please open a bug against login.

Thanks,
Balint

>
> Thanks.
>
> RSC
> ___
> Pkg-shadow-devel mailing list
> Pkg-shadow-devel@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

Re: [Pkg-shadow-devel] Changes in su behaviour?

2018-07-30 Thread Bálint Réczey 
Hi Norbert,

2018-07-30 14:30 GMT+08:00 Norbert Preining :
> Dear all,
>
> I have the feeling that there was a change in su behaviour at some
> point. Now, when I do
> su
> I get the user path instead of the system's root path. I don't remember
> that I always used
> su -
> before, though.
>
> I checked the changelogs, but couldn't see anything relevant, though.

Su is shipped by util-linux from now using util-linux's su implementation.
(see #833256)

The changelog mentions that, but it is a NEWSworthy change thus
util-linux will ship a NEWS file as well. Due to the lock-step upgrade
users of the login package will see it as well.



shadow (1:4.5-1.1) unstable; urgency=medium

  * Non-maintainer upload (greetings from DebCamp/DebConf Taiwan).
  * Stop shipping su and break old util-linux version. (See #833256)
- Breaks on old version to force lockstep upgrade, which should
  really be a depends-new-version (and can be switched around
  together with util-linux once the transition is finished).
  Using Breaks/Depends the 'wrong' way around is to make apt
  unpack things in the 'right' order (avoiding any gaps where
  /bin/su is not available during the upgrade phase).

 -- Andreas Henriksson   Fri, 27 Jul 2018 10:07:37 +0200

---

util-linux (2.32-0.3) unstable; urgency=medium

  * Non-maintainer upload (greetings from DebCamp/DebConf Taiwan).

  [ Andreas Henriksson ]
  * Revert "Disable pristine-tar"
- needs pristine-tar >= 1.43
  * Install su(1) manpage (Closes: #904837)
  * Actually install su and su-l pam configs (Closes: #904832)

  [ Samuel Thibault ]
  * Add patches from upstream that should fix build on hurd
- debian/patches/fix-hurd.patch (Closes: #891812)

 -- Andreas Henriksson   Sat, 28 Jul 2018 20:21:05 +0200

util-linux (2.32-0.2) unstable; urgency=medium

  * Non-maintainer upload (greetings from DebCamp/DebConf Taiwan).

  [ Laurent Bigonville ]
  * debian/libfdisk1.shlibs: Bump shlibs version as well

  [ Andreas Henriksson ]
  * Mark rfkill as linux-any in debian/control
  * Demote rfkill package to optional again
  * Mark util-linux-locales as M-A foreign
- as suggested by Multiarch hinter on tracker.debian.org
  * Take over /bin/su from login/src:shadow (See #833256)
- depends on new login package (rather than breaking old) as an
  attempt to make apt unpack new u-l before new login to avoid
  any gaps where /bin/su is not available.
  The Depends/Breaks relationship between u-l and login can
  be switched around (in both packages at the same time) once
  the transition is fully done (after next stable or lts release).

 -- Andreas Henriksson   Fri, 27 Jul 2018 10:01:46 +0200

Cheers,
Balint

>
> Thanks for any explanation
>
> Norbert
>
> --
> PREINING Norbert   http://www.preining.info
> Accelia Inc. +JAIST +TeX Live +Debian Developer
> GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13
>
> ___
> Pkg-shadow-devel mailing list
> Pkg-shadow-devel@alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel

[Pkg-shadow-devel] Bug#904775: Bug#904775: Broken dependencies

2018-07-28 Thread Bálint Réczey 
Hi Sven,

2018-07-28 12:36 GMT+08:00 Sven Joachim :
> On 2018-07-27 21:36 +0200, Alf Gaida wrote:
>
>> Package: login
>> Version: 1:4.5-1
>> Severity: grave
>>
>> Dear Maintainer,
>> please don't break util-linux that is not even released. At least _one_ 
>> valid util-linux
>> should be available.
>
> Why was util-linux 2.32-0.2 not uploaded along shadow 1:4.5-1.1 to avoid
> this breakage?

There were issues with the util-linux upload but now it is building on
the buildds and should fix the breakage soon. I keep the RC bug open
till we are confident that everything went fine.

Sorry for the temporary inconvenience.

Cheers,
Balint

___
Pkg-shadow-devel mailing list
Pkg-shadow-devel@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-shadow-devel