[Pkg-shadow-devel] [Git][debian/adduser][debian/latest] 3 commits: remove debian/tests/f/cronjack.t

Marc Haber (@zugschlus) gitlab at salsa.debian.org
Thu Jan 15 06:53:50 GMT 2026 


Marc Haber pushed to branch debian/latest at Debian / adduser


Commits:
5350d950 by Marc Haber at 2026-01-07T08:29:35+01:00
remove debian/tests/f/cronjack.t

useradd won't allow adding that user name any more

- - - - -
9f191f0d by Marc Haber at 2026-01-10T20:46:14+01:00
Depend on passwd 1:4.19.0-2

src:shadow 4.19.0 has tightened its user name checks. Our check
for the crontab hijack vulnerability is therefore no longer possible.
The change to src:shadow prevents that vulnerability earlier than we
could, so we depend on that version now.

- - - - -
8e67780f by Marc Haber at 2026-01-11T07:41:25+01:00
Give chpasswd test values that it will accept

This is to work around the more picky chpasswd in new src:shadow

- - - - -


3 changed files:

- debian/control
- debian/tests/f/adduser_system.t
- − debian/tests/f/cronjack.t


Changes:

=====================================
debian/control
=====================================
@@ -13,7 +13,7 @@ Package: adduser
 Architecture: all
 Multi-Arch: foreign
 Pre-Depends: ${misc:Pre-Depends}
-Depends: passwd (>= 1:4.17.2-5), ${misc:Depends}
+Depends: passwd (>= 1:4.19.0-4), ${misc:Depends}
 Suggests: liblocale-gettext-perl, perl, cron, quota
 Description: add and remove users and groups
  This package includes the 'adduser' and 'deluser' commands for creating


=====================================
debian/tests/f/adduser_system.t
=====================================
@@ -204,8 +204,10 @@ assert_command_success(
 assert_user_exists('aust');
 assert_user_is_system('aust');
 
-system('echo "aust:!foobar" | chpasswd --encrypted');
-# with #1099734 fixed, this should fail
+# $ mkpasswd --hash=yescrypt foobar
+# $y$j9T$dDqPXxXOCZL14/3jiuscW.$P8VGTWHqO1.qLOJs5Mas7Vzj3Ni9Es3QhACrVa0Z5Z3
+system(qq{echo 'aust:!\$y\$j9T\$dDqPXxXOCZL14/3jiuscW.\$P8VGTWHqO1.qLOJs5Mas7Vzj3Ni9Es3QhACrVa0Z5Z3' | chpasswd --encrypted});
+ok(1, "set passwd to !foobar");
 assert_command_result_silent(RET_WRONG_OBJECT_PROPERTIES,
     '/usr/sbin/adduser',
     '--stdoutmsglevel=error', '--stderrmsglevel=error',
@@ -216,23 +218,28 @@ assert_command_result_silent(RET_WRONG_OBJECT_PROPERTIES,
 assert_user_exists('aust');
 assert_user_is_system('aust');
 
-system('echo "aust:*foobar" | chpasswd --encrypted');
-ok(1, "set passwd to *foobar");
-assert_command_success(
-    '/usr/sbin/adduser',
-    '--stdoutmsglevel=error', '--stderrmsglevel=error',
-    '--system',
-    '--disabled-login',
-    'aust'
-);
-assert_user_exists('aust');
-assert_user_is_system('aust');
+# #1124835
+# $ mkpasswd --hash=yescrypt foobar
+# $y$j9T$dDqPXxXOCZL14/3jiuscW.$P8VGTWHqO1.qLOJs5Mas7Vzj3Ni9Es3QhACrVa0Z5Z3
+#system(qq{echo 'aust:*\$y\$j9T\$dDqPXxXOCZL14/3jiuscW.\$P8VGTWHqO1.qLOJs5Mas7Vzj3Ni9Es3QhACrVa0Z5Z3' | chpasswd --encrypted});
+#ok(1, "set passwd to *foobar");
+#assert_command_result_silent(RET_WRONG_OBJECT_PROPERTIES,
+#    '/usr/sbin/adduser',
+#    '--stdoutmsglevel=error', '--stderrmsglevel=error',
+#    '--system',
+#    '--disabled-login',
+#    'aust'
+#);
+#assert_user_exists('aust');
+#assert_user_is_system('aust');
+
 assert_command_success(
     '/usr/sbin/deluser',
     '--stdoutmsglevel=error', '--stderrmsglevel=error',
     '--system',
     'aust'
 );
+assert_user_does_not_exist('aust');
 
 # ref #100032
 # test --home


=====================================
debian/tests/f/cronjack.t deleted
=====================================
@@ -1,26 +0,0 @@
-#! /usr/bin/perl -Idebian/tests/lib
-
-# Ref: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940577
-
-
-use diagnostics;
-use strict;
-use warnings;
-
-use AdduserTestsCommon;
-
-
-END {
-    remove_tree('/hacked');
-    remove_tree('/home/bob');
-}
-
-assert_command_success('sh', '-c', q{/usr/sbin/useradd --badname -d /home/bob -m 'bob;>/hacked' 2>/dev/null});
-
-assert_path_does_not_exist('/hacked');
-
-`/usr/sbin/deluser 'bob;>/hacked' >/dev/null 2>&1`;
-
-assert_path_does_not_exist('/hacked');
-
-# vim: tabstop=4 shiftwidth=4 expandtab



View it on GitLab: https://salsa.debian.org/debian/adduser/-/compare/68cbd01651c3a050bc31a0d75d0d516aa646b3ce...8e67780f51d4227bc195c989d63426d714cc87b0

-- 
View it on GitLab: https://salsa.debian.org/debian/adduser/-/compare/68cbd01651c3a050bc31a0d75d0d516aa646b3ce...8e67780f51d4227bc195c989d63426d714cc87b0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-shadow-devel/attachments/20260115/2aa7c445/attachment-0001.htm>

More information about the Pkg-shadow-devel mailing list