Sync from SUSE:SLFO:Main shadow revision ec840a648f1196d69aa16c9d7155066b

2025-02-07 18:44:16 +01:00 · 2025-02-07 18:44:16 +01:00 · 4eab277ff2
commit 4eab277ff2
parent 6a4d22a32d
7 changed files with 126 additions and 38 deletions
--- a/shadow-4.15.1.tar.xz
+++ b/shadow-4.15.1.tar.xz
--- a/shadow-4.15.1.tar.xz.asc
+++ b/shadow-4.15.1.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEflbiwT+nfOMVWa3JfcJMNsM0HSAFAmX/ahcACgkQfcJMNsM0
-HSBW5BAAwtMZjHRGfS7R7SnydwSaW7sDP+QOl1108a6rDk0vuu5jCqCcenN66Bwb
-CfR9wmFXUtnnfVSj+z/ESsZOdp1gBkEj6updIQXHK+V2AKmCfe2U7Nuci5Yk1I2E
-6bBAIETHV1YijZMTHSeMWQEmqmOXbF6xhHjbKscqBA4KvnasFuE6hn3Omw/TNCSg
-uwVxapgtUv3RJ/nkQq4OIODKgyeQA4r4LkAQLbtAYmUnEhDQqeEa7tsIJATFYKNK
-7xDyZrqRHb8Rzd9pKRJtYTkYOD18hmOr/vZidZPBhZ0Am1QaYsiRbjuxc9iF/AeE
-pI+WeGKmAvHG1F6hRmjiLmH4gsozL9tZ7OGDWGSrVDGeraIiEYRguwdy6Fe96v0V
-EkwhtcwIl9z8Elo6bIHPiSweOH+e00yHTiBqnkdwpFuOahWsNvcXTigKAEv6KAfR
-bp1BacPRFuO5tgb2/S+Miyb+Fzim5E7Ch77fH2ggtHRNtqff/PqlznX0CchtAplE
-pgI/BGNlnpCecnS/vu8M+SFuES34kh+pz7x4hWL2JICsTVZnJz2SB1tL+Z6p0y0G
-Jt78+LdoJ4U6SKl2s+42RVqrvR0QU01IbWDEFdaQ2lkK1ecGQWNfoOYwzweJiG2M
-RNfUX179KTEbQ4edhY2GmiZif8JUbp+amv9u5qUPrS3ZEgwrYUw=
-=1W4Z
-----END PGP SIGNATURE-----
--- a/shadow-4.17.2.tar.xz
+++ b/shadow-4.17.2.tar.xz
--- a/shadow-4.17.2.tar.xz.asc
+++ b/shadow-4.17.2.tar.xz.asc
@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEqb0/8XByttt4D8+UNXDaFycKziQFAmeCkssACgkQNXDaFycK
+ziQhuwf/bcEJKV+x66isorvoeGbqdtW7oGz3ueu8501X2lO5OZgxo6oseq27ynfc
+xG6RBMnvkm94pjw3iCqEjYwyJ30js+HVWd6cN7T6GyAGdeYRMvHEfpww7IR1Py3n
+6ZgYR4hcLu0T6zVg3bwUNtn29QCINo1SdS7PtsCBBDkwm8WeR+xHsSU+eV3kvNF8
+CID4wvwMW7lCBetADbI+ZvbKBvDkfUBAkJWm/a/wLJrztwTw307xOvyR5P5QjoIn
+ZMtmcmsWL+5Y13OoUccdUm9jDOTPILYtC7Y7y2Nolh0qOsCnMKzD0D11KDIoPlfc
+Rymwesu4+adiSYUfKvqabkb3c/GrbA==
+=lu9c
+-----END PGP SIGNATURE-----
--- a/shadow-login_defs-suse.patch
+++ b/shadow-login_defs-suse.patch
@ -82,7 +82,7 @@ Index: etc/login.defs
 # System accounts
 -SYS_UID_MIN		  101
 -SYS_UID_MAX		  999
-+SYS_UID_MIN		  100
+SYS_UID_MIN		  201
 +SYS_UID_MAX		  499
 # Extra per user uids
 SUB_UID_MIN		   100000
@ -93,7 +93,7 @@ Index: etc/login.defs
 # System accounts
 -SYS_GID_MIN		  101
 -SYS_GID_MAX		  999
-+SYS_GID_MIN		  100
+SYS_GID_MIN		  201
 +SYS_GID_MAX		  499
 # Extra per user group ids
 SUB_GID_MIN		   100000
@ -137,7 +137,7 @@ Index: etc/login.defs
 
 #
 # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
-@@ -322,7 +316,7 @@ USERGROUPS_ENAB yes
+@@ -299,7 +293,7 @@ USERGROUPS_ENAB yes
 # This option is overridden with the -M or -m flags on the useradd(8)
 # command-line.
 #
--- a/shadow.changes
+++ b/shadow.changes
@ -1,3 +1,97 @@
+-------------------------------------------------------------------
+Mon Jan 20 10:20:31 UTC 2025 - Michael Vetter <mvetter@suse.com>
+
+- bsc#1235453: Set SYS_{UID,GID}_MIN to 201:
+  After repeated similar requests to change the ID ranges we set the
+  above mentioned value to 201. The max value will stay at 499.
+  This range should be sufficient and will give us leeway for the
+  future.
+  It's not straightforward to find out which static UIDs/GIDs are
+  used in all packages.
+  Update shadow-login_defs-suse.patch
+
+-------------------------------------------------------------------
+Sat Jan 11 16:37:07 UTC 2025 - Michael Vetter <mvetter@suse.com>
+
+- Update to 4.17.2:
+  * src/login_nopam.c: Fix compiler warnings #1170
+  * lib/chkname.c: Put limits for LOGIN_NAME_MAX and sysconf(_SC_LOGIN_NAME_MAX) #1169
+  * Use HTTPS in link to Wikipedia article on password strength #1164
+  * lib/attr.h: use C23 attributes only with gcc >= 10 #1172
+  * login: Fix no-pam authorization regression #1174
+  * man: Add Portuguese translation #1178
+  * Update French translation #1177
+  * Add cheap defense mechanisms #1171
+  * Add Romanian translation #1176
+
+-------------------------------------------------------------------
+Tue Dec 31 19:41:57 UTC 2024 - Michael Vetter <mvetter@suse.com>
+
+- Update to 4.17.1:
+  * Fix `su -` regression #1163
+
+-------------------------------------------------------------------
+Fri Dec 27 16:06:45 UTC 2024 - Michael Vetter <mvetter@suse.com>
+
+- Update to 4.17.0:
+  * Fix the lower part of the domain of csrand_uniform()
+  * Fix use of volatile pointer
+  * Use 'dist-hook' to clean up <tests/unit/Makefile>
+  * Use str2[u]l() instead of atoi(3)
+  * Use a2i() in various places
+  * Fix const correctness
+  * Use uid_t for holding UIDs (and GIDs)
+  * Move all sprintf(3)-like APIs to a subdirectory
+  * Move all copying APIs to a subdirectory
+  * Fix forever loop on ENOMEM
+  * Fix REALLOC() nmemb calculation
+  * Remove id(1)
+  * Remove groups(1)
+  * Use local time for human-readable dates
+  * Use %F instead of %Y-%m-%d with strftime(3)
+  * is_valid{user,group}_name(): Set errno to distinguish the reasons
+  * Recommend --badname only if it is useful
+  * Add fmkomstemp() to fix mode of </etc/default/useradd>
+  * Fix use-after-free bug in sgetgrent()
+  * Update Catalan translation
+  * Remove references to cppw, cpgr
+  * groupadd, groupmod: Update gshadow file with -U
+  * Added option -a for listing active users only, optimized using if aflg,return
+  * Added information in lastlog man page for new option '-a'
+  * Plenty of code cleanup and clarifications
+
+-------------------------------------------------------------------
+Fri Dec  6 08:56:10 UTC 2024 - Michael Vetter <mvetter@suse.com>
+
+- Update to 4.17.0 RC1:
+  Pre-release without changelog
+
+-------------------------------------------------------------------
+Mon Jul  8 11:13:17 UTC 2024 - Samuel Cabrero <scabrero@suse.de>
+
+- Disable flushing sssd caches. The sssd's files provider is no
+  longer available.
+
+-------------------------------------------------------------------
+Mon Jun 24 13:02:56 UTC 2024 - Michael Vetter <mvetter@suse.com>
+
+- bsc#1226850: Drop incorrect econf patch (until time to fix it)
+  Drop shadow-4.16.0-econf.patch
+
+-------------------------------------------------------------------
+Wed Jun 19 06:51:45 UTC 2024 - Michael Vetter <mvetter@suse.com>
+
+- Update to 4.16.0:
+  * The shadow implementations of id(1) and groups(1) are deprecated
+    in favor of the GNU coreutils and binutils versions.
+    They will be removed in 4.17.0.
+  * The rlogind implementation has been removed.
+  * The libsubid major version has been bumped, since it now requires
+    specification of the module's free() implementation.
+- Update shadow-login_defs-suse.patch
+- Add shadow-4.16.0-econf.patch:
+  Replace deprecated econf_readDirs with econf_readConfig
+
 -------------------------------------------------------------------
 Sun Mar 24 09:06:48 UTC 2024 - Michael Vetter <mvetter@suse.com>

--- a/shadow.spec
+++ b/shadow.spec
@ -1,7 +1,7 @@
 #
 # spec file for package shadow
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -22,7 +22,7 @@
  %define no_config 1
 %endif
 Name:           shadow
-Version:        4.15.1
+Version:        4.17.2
 Release:        0
 Summary:        Utilities to Manage User and Group Accounts
 License:        BSD-3-Clause AND GPL-2.0-or-later
@ -91,20 +91,20 @@ BuildArch:      noarch
 This package contains the default login.defs configuration file
 as used by util-linux, pam and shadow.

-%package -n libsubid4
+%package -n libsubid5
 Summary:        A library to manage subordinate uid and gid ranges
 Group:          System/Base

-%description -n libsubid4
+%description -n libsubid5
 Utility library that provides a way to manage subid ranges.

 %package -n libsubid-devel
-Summary:        Development files for libsubid4
+Summary:        Development files for libsubid5
 Group:          System/Base
-Requires:       libsubid4 = %{version}
+Requires:       libsubid5 = %{version}

 %description -n libsubid-devel
-Development files for libsubid4.
+Development files for libsubid5.

 %prep
 %setup -q -a 1
@ -117,7 +117,7 @@ Development files for libsubid4.
 %patch -P 5 -p1
 %endif

-iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
+iconv -c -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
 mv -v doc/HOWTO.utf8 doc/HOWTO

 %build
@ -125,6 +125,7 @@ export CFLAGS="%{optflags} -fpie"
 export LDFLAGS="-pie"

 autoreconf -fvi
+# SSSD files provider is deprecated since 2.9.0, but still enabled in openSUSE Leap 15.6 and SLE 15 SP6
 %configure \
  --enable-shadowgrp \
  --enable-account-tools-setuid \
@ -137,6 +138,9 @@ autoreconf -fvi
  --with-selinux \
  --without-libcrack \
  --without-libbsd \
+%if 0%{?suse_version} >= 1600
+  --without-sssd \
+%endif
  --with-group-name-max-length=32 \
  --enable-vendordir=%{_distconfdir}
 %make_build
@ -154,11 +158,6 @@ install -Dm644 %{SOURCE5} %{buildroot}%{_unitdir}/shadow.timer
 touch %{buildroot}/%{_sysconfdir}/subuid
 touch %{buildroot}/%{_sysconfdir}/subgid

-# Remove binaries we don't use.
-rm %{buildroot}/%{_bindir}/groups
-rm %{buildroot}/%{_mandir}/man1/groups.*
-rm %{buildroot}/%{_mandir}/*/man1/groups.*
-
 rm %{buildroot}/%{_sbindir}/grpconv
 rm %{buildroot}/%{_mandir}/man8/grpconv.*
 rm %{buildroot}/%{_mandir}/*/man8/grpconv.*
@ -276,8 +275,8 @@ done
 # - Migration to /usr/etc (after SLE15 and Leap 15)
 test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpmsave %{_sysconfdir}/login.defs ||:

-%post -n libsubid4 -p /sbin/ldconfig
-%postun -n libsubid4 -p /sbin/ldconfig
+%post -n libsubid5 -p /sbin/ldconfig
+%postun -n libsubid5 -p /sbin/ldconfig

 %files -f shadow.lang
 %license COPYING
@ -377,7 +376,7 @@ test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpm
 %endif
 %{_mandir}/man5/login.defs.5%{?ext_man}

-%files -n libsubid4
+%files -n libsubid5
 %{_libdir}/libsubid.so.*

 %files -n libsubid-devel