diff options
| author | Patrick J Volkerding <volkerdi@slackware.com> | 2019-04-02 20:30:22 +0000 |
|---|---|---|
| committer | Eric Hameleers <alien@slackware.com> | 2019-04-03 08:59:45 +0200 |
| commit | caa5f28b83340fe23012ab27244a288449b26b26 (patch) | |
| tree | 70102860b8f3df20347f25125b7ea065340cd1d5 /source/a/shadow | |
| parent | df86158dc598141c63689a86c2f247053e616719 (diff) | |
| download | current-caa5f28b83340fe23012ab27244a288449b26b26.tar.gz | |
Tue Apr 2 20:30:22 UTC 201920190402203022
a/hwdata-0.322-noarch-1.txz: Upgraded.
a/kernel-firmware-20190402_67b7579-noarch-1.txz: Upgraded.
a/shadow-4.6-x86_64-2.txz: Rebuilt.
adduser: reprompt on invalid user input. Thanks to ttk.
ap/ghostscript-9.26-x86_64-2.txz: Rebuilt.
Fixes security issues:
A specially crafted PostScript file could have access to the file system
outside of the constrains imposed by -dSAFER.
Transient procedures can allow access to system operators, leading to
remote code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6116
(* Security fix *)
d/vala-0.44.2-x86_64-1.txz: Upgraded.
l/glib-networking-2.60.1-x86_64-1.txz: Upgraded.
l/imagemagick-6.9.10_36-x86_64-1.txz: Upgraded.
l/python-pillow-6.0.0-x86_64-1.txz: Upgraded.
n/wget-1.20.2-x86_64-1.txz: Upgraded.
Fixed an unspecified buffer overflow vulnerability.
(* Security fix *)
Diffstat (limited to 'source/a/shadow')
| -rw-r--r-- | source/a/shadow/adduser | 31 | ||||
| -rwxr-xr-x | source/a/shadow/shadow.SlackBuild | 2 |
2 files changed, 20 insertions, 13 deletions
diff --git a/source/a/shadow/adduser b/source/a/shadow/adduser index 482cb750..49c11f87 100644 --- a/source/a/shadow/adduser +++ b/source/a/shadow/adduser @@ -36,6 +36,9 @@ ########################################################################## # History # ########### +# v1.17 - 2019-04-01 +# * Re-invoking input requests when human error causes failure. <ttk> +# qv: https://www.linuxquestions.org/questions/slackware-14/adduser-shell-script-error-4175650984/ # v1.16 - 2018-07-22 # * Added input group. <pjv> # v1.15 - 2012-09-13 @@ -128,7 +131,7 @@ fi # This setting enables the 'recycling' of older unused UIDs. # When you userdel a user, it removes it from passwd and shadow but it will # never get used again unless you specify it expliticly -- useradd (appears to) just -# look at the last line in passwd and increment the uid. I like the idea of +# look at the last line in passwd and increment the uid. I like the idea of # recycling uids but you may have very good reasons not to (old forgotten # confidential files still on the system could then be owned by this new user). # We'll set this to no because this is what the original adduser shell script @@ -185,7 +188,7 @@ function check_group () { #: Read the login name for the new user :# # # Remember that most Mail Transfer Agents are case independant, so having -# 'uSer' and 'user' may cause confusion/things to break. Because of this, +# 'uSer' and 'user' may cause confusion/things to break. Because of this, # useradd from shadow-4.0.3 no longer accepts usernames containing uppercase, # and we must reject them, too. @@ -195,7 +198,9 @@ LOGIN="$1" needinput=yes while [ ! -z $needinput ]; do if [ -z "$LOGIN" ]; then - while [ -z "$LOGIN" ]; do LOGIN="$(get_input "Login name for new user []:")" ; done + while [ -z "$LOGIN" ]; do + LOGIN="$(get_input "Login name for new user []:")" + done fi grep "^${LOGIN}:" $pfile >/dev/null 2>&1 # ensure it's not already used if [ $? -eq 0 ]; then @@ -415,7 +420,7 @@ if [ $? -gt 0 ]; then exit 1 fi -# chown the home dir ? We can only do this once the useradd has +# chown the home dir? We can only do this once the useradd has # completed otherwise the user name doesn't exist. if [ ! -z "${CHOWNHOMEDIR}" ]; then chown "$LOGIN"."$( echo $GID | awk '{print $2}')" "${CHOWNHOMEDIR}" @@ -423,17 +428,19 @@ fi # Set the finger information $chfn "$LOGIN" -if [ $? -gt 0 ]; then - echo "- Warning: an error occurred while setting finger information" -fi +while [ $? -gt 0 ]; do + echo "- Warning: an error occurred while setting finger information." + echo " Please try again." + $chfn "$LOGIN" +done # Set a password $passwd "$LOGIN" -if [ $? -gt 0 ]; then - echo "* WARNING: An error occured while setting the password for" - echo " this account. Please manually investigate this *" - exit 1 -fi +while [ $? -gt 0 ]; do + echo "- Warning: An error occured while setting the password for" + echo " this account. Please try again." + $passwd "$LOGIN" +done # If it was created (it should have been!), set the permissions for that user's dir HME="$(echo "$HME" | awk '{print $2}')" # We have to remove the -g prefix diff --git a/source/a/shadow/shadow.SlackBuild b/source/a/shadow/shadow.SlackBuild index c227b0f1..6fcb3f27 100755 --- a/source/a/shadow/shadow.SlackBuild +++ b/source/a/shadow/shadow.SlackBuild @@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd) PKGNAM=shadow VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)} -BUILD=${BUILD:-1} +BUILD=${BUILD:-2} # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then |