Fri May 8 21:25:24 UTC 202020200508212524

a/shadow-4.8.1-x86_64-6.txz:  Rebuilt.
  Include manpages for sulogin(8).
a/util-linux-2.35.1-x86_64-5.txz:  Rebuilt.
ap/sysstat-12.3.3-x86_64-1.txz:  Upgraded.
d/bison-3.6-x86_64-1.txz:  Upgraded.
l/jansson-2.13.1-x86_64-1.txz:  Upgraded.
n/NetworkManager-1.24.0-x86_64-1.txz:  Upgraded.
n/fetchmail-6.4.5-x86_64-1.txz:  Upgraded.
testing/packages/PAM/shadow-4.8.1-x86_64-6_pam.txz:  Rebuilt.
  Include manpages for sulogin(8).
  Use this version of /bin/su.
testing/packages/PAM/util-linux-2.35.1-x86_64-5_pam.txz:  Rebuilt.
  Don't use this version of /bin/su.

4 files changed, 40 insertions, 7 deletions

diff --git a/source/a/shadow/doinst.sh b/source/a/shadow/doinst.sh
index 98c8a92c5..28d3a436e 100644
--- a/source/a/shadow/doinst.sh
+++ b/source/a/shadow/doinst.sh
@@ -34,7 +34,7 @@ rm -f var/log/faillog.new
 if [ -r etc/login.access.new ]; then
   config etc/login.access.new
 fi
-for configfile in chage.new chgpasswd.new chpasswd.new groupadd.new groupdel.new groupmems.new groupmod.new newusers.new other.new passwd.new postlogin.new system-auth.new useradd.new userdel.new usermod.new ; do
+for configfile in chage.new chgpasswd.new chpasswd.new groupadd.new groupdel.new groupmems.new groupmod.new newusers.new other.new passwd.new postlogin.new su.new su-l.new system-auth.new useradd.new userdel.new usermod.new ; do
   if [ -r etc/pam.d/$configfile ]; then
     config etc/pam.d/$configfile
   fi
diff --git a/source/a/shadow/pam.d-su/su b/source/a/shadow/pam.d-su/su
new file mode 100644
index 000000000..c28a252ad
--- /dev/null
+++ b/source/a/shadow/pam.d-su/su
@@ -0,0 +1,11 @@
+#%PAM-1.0
+auth            sufficient      pam_rootok.so
+# Uncomment the following line to implicitly trust users in the "wheel" group.
+#auth           sufficient      pam_wheel.so trust use_uid
+# Uncomment the following line to require a user to be in the "wheel" group.
+#auth           required        pam_wheel.so use_uid
+auth            include         system-auth
+account         include         system-auth
+password        include         system-auth
+session         include         system-auth
+session         optional        pam_xauth.so
diff --git a/source/a/shadow/pam.d-su/su-l b/source/a/shadow/pam.d-su/su-l
new file mode 100644
index 000000000..654dc24ed
--- /dev/null
+++ b/source/a/shadow/pam.d-su/su-l
@@ -0,0 +1,6 @@
+#%PAM-1.0
+auth            include         su
+account         include         su
+password        include         su
+session         optional        pam_keyinit.so force revoke
+session         include         su
diff --git a/source/a/shadow/shadow.SlackBuild b/source/a/shadow/shadow.SlackBuild
index bf399b27a..c7c33a836 100755
--- a/source/a/shadow/shadow.SlackBuild
+++ b/source/a/shadow/shadow.SlackBuild
@@ -24,7 +24,7 @@ cd $(dirname $0) ; CWD=$(pwd)
 
 PKGNAM=shadow
 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.xz | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-5}
+BUILD=${BUILD:-6}
 
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
@@ -74,9 +74,13 @@ cd shadow-$VERSION
 if [ -L /lib${LIBDIRSUFFIX}/libpam.so.? ]; then
   PAM_OPTIONS="--with-libpam"
   unset SHADOW_OPTIONS
+  # By default, use the shadow version of /bin/su:
+  SHIP_SU=${SHIP_SU:-YES}
 else
   unset PAM_OPTIONS
   SHADOW_OPTIONS="--enable-shadowgrp --without-libcrack"
+  # By default, use the shadow version of /bin/su:
+  SHIP_SU=${SHIP_SU:-YES}
 fi
 
 # Apply some patches taken from the svn trunk that
@@ -151,12 +155,9 @@ mv $PKG/usr/sbin/nologin $PKG/sbin/nologin
 
 if [ ! -z "$PAM_OPTIONS" ]; then
   # Don't ship the login utilities. We'll be using the ones from util-linux:
-  for file in /bin/login /bin/su /sbin/runuser /usr/bin/chfn /usr/bin/chsh \
+  for file in /bin/login /sbin/runuser /usr/bin/chfn /usr/bin/chsh \
     /usr/man/man1/chfn.1.gz /usr/man/man1/chsh.1.gz /usr/man/man1/login.1.gz \
-    /usr/man/man1/runuser.1.gz /usr/man/man1/su.1.gz \
-    /usr/share/bash-completion/completions/chfn \
-    /usr/share/bash-completion/completions/chsh \
-    /usr/share/bash-completion/completions/su ; do
+    /usr/man/man1/runuser.1.gz ; do
     rm -f $PKG${file}
   done
   # Install config files in /etc/pam.d/. We'll use our own copies... I'm not
@@ -166,6 +167,9 @@ if [ ! -z "$PAM_OPTIONS" ]; then
   for file in $CWD/pam.d/* ; do
     cp -a ${file} $PKG/etc/pam.d/
   done
+  if [ "$SHIP_SU" = "YES" ]; then
+    cp -a $CWD/pam.d-su/* $PKG/etc/pam.d/
+  fi
   # Ensure correct perms/ownership on files in /etc/pam.d/:
   chown root:root $PKG/etc/pam.d/*
   chmod 644 $PKG/etc/pam.d/*
@@ -181,6 +185,13 @@ else # not using PAM
   zcat $CWD/login.defs.shadow.gz > $PKG/etc/login.defs.new
 fi
 
+# If we	aren't using this version of su, remove the files:
+if [ "$SHIP_SU" = "NO" ]; then
+  rm $PKG/bin/su
+  find $PKG/usr/man -name su.1 | xargs rm
+  find $PKG/usr/man -name suauth.5 | xargs rm
+fi
+
 # /bin/groups is provided by coreutils.
 rm -f $PKG/bin/groups
 find $PKG -name groups.1 -exec rm {} \+
@@ -196,6 +207,11 @@ chmod 0755 $PKG/usr/sbin/adduser
 # Add sulogin to the package:
 cp -a src/sulogin $PKG/sbin
 ( cd $PKG/bin ; ln -s ../sbin/sulogin )
+cp -a ./man/zh_CN/man8/sulogin.8 $PKG/usr/man/zh_CN/man8/sulogin.8 || exit 1
+cp -a ./man/ru/man8/sulogin.8 $PKG/usr/man/ru/man8/sulogin.8 || exit 1
+cp -a ./man/de/man8/sulogin.8 $PKG/usr/man/de/man8/sulogin.8 || exit 1
+cp -a ./man/ja/man8/sulogin.8 $PKG/usr/man/ja/man8/sulogin.8 || exit 1
+cp -a ./man/man8/sulogin.8 $PKG/usr/man/man8/sulogin.8 || exit 1
 
 # Add the empty faillog log file:
 mkdir -p $PKG/var/log