diff --git a/shadow-4.15.1.tar.xz b/shadow-4.15.1.tar.xz deleted file mode 100644 index e1fc389..0000000 --- a/shadow-4.15.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bb5f70639a0581f9d626f227ce45b31ac137daa7c451c0f672ce14f2731a96ee -size 1782816 diff --git a/shadow-4.15.1.tar.xz.asc b/shadow-4.15.1.tar.xz.asc deleted file mode 100644 index 9eb5a8d..0000000 --- a/shadow-4.15.1.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEflbiwT+nfOMVWa3JfcJMNsM0HSAFAmX/ahcACgkQfcJMNsM0 -HSBW5BAAwtMZjHRGfS7R7SnydwSaW7sDP+QOl1108a6rDk0vuu5jCqCcenN66Bwb -CfR9wmFXUtnnfVSj+z/ESsZOdp1gBkEj6updIQXHK+V2AKmCfe2U7Nuci5Yk1I2E -6bBAIETHV1YijZMTHSeMWQEmqmOXbF6xhHjbKscqBA4KvnasFuE6hn3Omw/TNCSg -uwVxapgtUv3RJ/nkQq4OIODKgyeQA4r4LkAQLbtAYmUnEhDQqeEa7tsIJATFYKNK -7xDyZrqRHb8Rzd9pKRJtYTkYOD18hmOr/vZidZPBhZ0Am1QaYsiRbjuxc9iF/AeE -pI+WeGKmAvHG1F6hRmjiLmH4gsozL9tZ7OGDWGSrVDGeraIiEYRguwdy6Fe96v0V -EkwhtcwIl9z8Elo6bIHPiSweOH+e00yHTiBqnkdwpFuOahWsNvcXTigKAEv6KAfR -bp1BacPRFuO5tgb2/S+Miyb+Fzim5E7Ch77fH2ggtHRNtqff/PqlznX0CchtAplE -pgI/BGNlnpCecnS/vu8M+SFuES34kh+pz7x4hWL2JICsTVZnJz2SB1tL+Z6p0y0G -Jt78+LdoJ4U6SKl2s+42RVqrvR0QU01IbWDEFdaQ2lkK1ecGQWNfoOYwzweJiG2M -RNfUX179KTEbQ4edhY2GmiZif8JUbp+amv9u5qUPrS3ZEgwrYUw= -=1W4Z ------END PGP SIGNATURE----- diff --git a/shadow-4.17.2.tar.xz b/shadow-4.17.2.tar.xz new file mode 100644 index 0000000..216f5ee --- /dev/null +++ b/shadow-4.17.2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a21cf0d34bffc4314cede01cff258689174fab30ca494ae8f45784d3d56c9849 +size 2320492 diff --git a/shadow-4.17.2.tar.xz.asc b/shadow-4.17.2.tar.xz.asc new file mode 100644 index 0000000..b30a5f3 --- /dev/null +++ b/shadow-4.17.2.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEqb0/8XByttt4D8+UNXDaFycKziQFAmeCkssACgkQNXDaFycK +ziQhuwf/bcEJKV+x66isorvoeGbqdtW7oGz3ueu8501X2lO5OZgxo6oseq27ynfc +xG6RBMnvkm94pjw3iCqEjYwyJ30js+HVWd6cN7T6GyAGdeYRMvHEfpww7IR1Py3n +6ZgYR4hcLu0T6zVg3bwUNtn29QCINo1SdS7PtsCBBDkwm8WeR+xHsSU+eV3kvNF8 +CID4wvwMW7lCBetADbI+ZvbKBvDkfUBAkJWm/a/wLJrztwTw307xOvyR5P5QjoIn +ZMtmcmsWL+5Y13OoUccdUm9jDOTPILYtC7Y7y2Nolh0qOsCnMKzD0D11KDIoPlfc +Rymwesu4+adiSYUfKvqabkb3c/GrbA== +=lu9c +-----END PGP SIGNATURE----- diff --git a/shadow-login_defs-suse.patch b/shadow-login_defs-suse.patch index 58e5805..f99b850 100644 --- a/shadow-login_defs-suse.patch +++ b/shadow-login_defs-suse.patch @@ -82,7 +82,7 @@ Index: etc/login.defs # System accounts -SYS_UID_MIN 101 -SYS_UID_MAX 999 -+SYS_UID_MIN 100 ++SYS_UID_MIN 201 +SYS_UID_MAX 499 # Extra per user uids SUB_UID_MIN 100000 @@ -93,7 +93,7 @@ Index: etc/login.defs # System accounts -SYS_GID_MIN 101 -SYS_GID_MAX 999 -+SYS_GID_MIN 100 ++SYS_GID_MIN 201 +SYS_GID_MAX 499 # Extra per user group ids SUB_GID_MIN 100000 @@ -137,7 +137,7 @@ Index: etc/login.defs # # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. -@@ -322,7 +316,7 @@ USERGROUPS_ENAB yes +@@ -299,7 +293,7 @@ USERGROUPS_ENAB yes # This option is overridden with the -M or -m flags on the useradd(8) # command-line. # diff --git a/shadow.changes b/shadow.changes index 47b0a13..647c17e 100644 --- a/shadow.changes +++ b/shadow.changes @@ -1,3 +1,97 @@ +------------------------------------------------------------------- +Mon Jan 20 10:20:31 UTC 2025 - Michael Vetter + +- bsc#1235453: Set SYS_{UID,GID}_MIN to 201: + After repeated similar requests to change the ID ranges we set the + above mentioned value to 201. The max value will stay at 499. + This range should be sufficient and will give us leeway for the + future. + It's not straightforward to find out which static UIDs/GIDs are + used in all packages. + Update shadow-login_defs-suse.patch + +------------------------------------------------------------------- +Sat Jan 11 16:37:07 UTC 2025 - Michael Vetter + +- Update to 4.17.2: + * src/login_nopam.c: Fix compiler warnings #1170 + * lib/chkname.c: Put limits for LOGIN_NAME_MAX and sysconf(_SC_LOGIN_NAME_MAX) #1169 + * Use HTTPS in link to Wikipedia article on password strength #1164 + * lib/attr.h: use C23 attributes only with gcc >= 10 #1172 + * login: Fix no-pam authorization regression #1174 + * man: Add Portuguese translation #1178 + * Update French translation #1177 + * Add cheap defense mechanisms #1171 + * Add Romanian translation #1176 + +------------------------------------------------------------------- +Tue Dec 31 19:41:57 UTC 2024 - Michael Vetter + +- Update to 4.17.1: + * Fix `su -` regression #1163 + +------------------------------------------------------------------- +Fri Dec 27 16:06:45 UTC 2024 - Michael Vetter + +- Update to 4.17.0: + * Fix the lower part of the domain of csrand_uniform() + * Fix use of volatile pointer + * Use 'dist-hook' to clean up + * Use str2[u]l() instead of atoi(3) + * Use a2i() in various places + * Fix const correctness + * Use uid_t for holding UIDs (and GIDs) + * Move all sprintf(3)-like APIs to a subdirectory + * Move all copying APIs to a subdirectory + * Fix forever loop on ENOMEM + * Fix REALLOC() nmemb calculation + * Remove id(1) + * Remove groups(1) + * Use local time for human-readable dates + * Use %F instead of %Y-%m-%d with strftime(3) + * is_valid{user,group}_name(): Set errno to distinguish the reasons + * Recommend --badname only if it is useful + * Add fmkomstemp() to fix mode of + * Fix use-after-free bug in sgetgrent() + * Update Catalan translation + * Remove references to cppw, cpgr + * groupadd, groupmod: Update gshadow file with -U + * Added option -a for listing active users only, optimized using if aflg,return + * Added information in lastlog man page for new option '-a' + * Plenty of code cleanup and clarifications + +------------------------------------------------------------------- +Fri Dec 6 08:56:10 UTC 2024 - Michael Vetter + +- Update to 4.17.0 RC1: + Pre-release without changelog + +------------------------------------------------------------------- +Mon Jul 8 11:13:17 UTC 2024 - Samuel Cabrero + +- Disable flushing sssd caches. The sssd's files provider is no + longer available. + +------------------------------------------------------------------- +Mon Jun 24 13:02:56 UTC 2024 - Michael Vetter + +- bsc#1226850: Drop incorrect econf patch (until time to fix it) + Drop shadow-4.16.0-econf.patch + +------------------------------------------------------------------- +Wed Jun 19 06:51:45 UTC 2024 - Michael Vetter + +- Update to 4.16.0: + * The shadow implementations of id(1) and groups(1) are deprecated + in favor of the GNU coreutils and binutils versions. + They will be removed in 4.17.0. + * The rlogind implementation has been removed. + * The libsubid major version has been bumped, since it now requires + specification of the module's free() implementation. +- Update shadow-login_defs-suse.patch +- Add shadow-4.16.0-econf.patch: + Replace deprecated econf_readDirs with econf_readConfig + ------------------------------------------------------------------- Sun Mar 24 09:06:48 UTC 2024 - Michael Vetter diff --git a/shadow.spec b/shadow.spec index e6756b4..ae26e54 100644 --- a/shadow.spec +++ b/shadow.spec @@ -1,7 +1,7 @@ # # spec file for package shadow # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ %define no_config 1 %endif Name: shadow -Version: 4.15.1 +Version: 4.17.2 Release: 0 Summary: Utilities to Manage User and Group Accounts License: BSD-3-Clause AND GPL-2.0-or-later @@ -91,20 +91,20 @@ BuildArch: noarch This package contains the default login.defs configuration file as used by util-linux, pam and shadow. -%package -n libsubid4 +%package -n libsubid5 Summary: A library to manage subordinate uid and gid ranges Group: System/Base -%description -n libsubid4 +%description -n libsubid5 Utility library that provides a way to manage subid ranges. %package -n libsubid-devel -Summary: Development files for libsubid4 +Summary: Development files for libsubid5 Group: System/Base -Requires: libsubid4 = %{version} +Requires: libsubid5 = %{version} %description -n libsubid-devel -Development files for libsubid4. +Development files for libsubid5. %prep %setup -q -a 1 @@ -117,7 +117,7 @@ Development files for libsubid4. %patch -P 5 -p1 %endif -iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 +iconv -c -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 mv -v doc/HOWTO.utf8 doc/HOWTO %build @@ -125,6 +125,7 @@ export CFLAGS="%{optflags} -fpie" export LDFLAGS="-pie" autoreconf -fvi +# SSSD files provider is deprecated since 2.9.0, but still enabled in openSUSE Leap 15.6 and SLE 15 SP6 %configure \ --enable-shadowgrp \ --enable-account-tools-setuid \ @@ -137,6 +138,9 @@ autoreconf -fvi --with-selinux \ --without-libcrack \ --without-libbsd \ +%if 0%{?suse_version} >= 1600 + --without-sssd \ +%endif --with-group-name-max-length=32 \ --enable-vendordir=%{_distconfdir} %make_build @@ -154,11 +158,6 @@ install -Dm644 %{SOURCE5} %{buildroot}%{_unitdir}/shadow.timer touch %{buildroot}/%{_sysconfdir}/subuid touch %{buildroot}/%{_sysconfdir}/subgid -# Remove binaries we don't use. -rm %{buildroot}/%{_bindir}/groups -rm %{buildroot}/%{_mandir}/man1/groups.* -rm %{buildroot}/%{_mandir}/*/man1/groups.* - rm %{buildroot}/%{_sbindir}/grpconv rm %{buildroot}/%{_mandir}/man8/grpconv.* rm %{buildroot}/%{_mandir}/*/man8/grpconv.* @@ -276,8 +275,8 @@ done # - Migration to /usr/etc (after SLE15 and Leap 15) test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpmsave %{_sysconfdir}/login.defs ||: -%post -n libsubid4 -p /sbin/ldconfig -%postun -n libsubid4 -p /sbin/ldconfig +%post -n libsubid5 -p /sbin/ldconfig +%postun -n libsubid5 -p /sbin/ldconfig %files -f shadow.lang %license COPYING @@ -377,7 +376,7 @@ test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpm %endif %{_mandir}/man5/login.defs.5%{?ext_man} -%files -n libsubid4 +%files -n libsubid5 %{_libdir}/libsubid.so.* %files -n libsubid-devel