Sync from SUSE:SLFO:1.1 shadow revision ab29753a2cb22265ff261735245b461c

2025-04-16 03:50:23 +02:00
9 changed files with 44 additions and 169 deletions
--- a/shadow-4.15.1.tar.xz
+++ b/shadow-4.15.1.tar.xz
--- a/shadow-4.15.1.tar.xz.asc
+++ b/shadow-4.15.1.tar.xz.asc
@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEflbiwT+nfOMVWa3JfcJMNsM0HSAFAmX/ahcACgkQfcJMNsM0
+HSBW5BAAwtMZjHRGfS7R7SnydwSaW7sDP+QOl1108a6rDk0vuu5jCqCcenN66Bwb
+CfR9wmFXUtnnfVSj+z/ESsZOdp1gBkEj6updIQXHK+V2AKmCfe2U7Nuci5Yk1I2E
+6bBAIETHV1YijZMTHSeMWQEmqmOXbF6xhHjbKscqBA4KvnasFuE6hn3Omw/TNCSg
+uwVxapgtUv3RJ/nkQq4OIODKgyeQA4r4LkAQLbtAYmUnEhDQqeEa7tsIJATFYKNK
+7xDyZrqRHb8Rzd9pKRJtYTkYOD18hmOr/vZidZPBhZ0Am1QaYsiRbjuxc9iF/AeE
+pI+WeGKmAvHG1F6hRmjiLmH4gsozL9tZ7OGDWGSrVDGeraIiEYRguwdy6Fe96v0V
+EkwhtcwIl9z8Elo6bIHPiSweOH+e00yHTiBqnkdwpFuOahWsNvcXTigKAEv6KAfR
+bp1BacPRFuO5tgb2/S+Miyb+Fzim5E7Ch77fH2ggtHRNtqff/PqlznX0CchtAplE
+pgI/BGNlnpCecnS/vu8M+SFuES34kh+pz7x4hWL2JICsTVZnJz2SB1tL+Z6p0y0G
+Jt78+LdoJ4U6SKl2s+42RVqrvR0QU01IbWDEFdaQ2lkK1ecGQWNfoOYwzweJiG2M
+RNfUX179KTEbQ4edhY2GmiZif8JUbp+amv9u5qUPrS3ZEgwrYUw=
+=1W4Z
+-----END PGP SIGNATURE-----
--- a/shadow-4.17.2.tar.xz
+++ b/shadow-4.17.2.tar.xz
--- a/shadow-4.17.2.tar.xz.asc
+++ b/shadow-4.17.2.tar.xz.asc
@@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEqb0/8XByttt4D8+UNXDaFycKziQFAmeCkssACgkQNXDaFycK
-ziQhuwf/bcEJKV+x66isorvoeGbqdtW7oGz3ueu8501X2lO5OZgxo6oseq27ynfc
-xG6RBMnvkm94pjw3iCqEjYwyJ30js+HVWd6cN7T6GyAGdeYRMvHEfpww7IR1Py3n
-6ZgYR4hcLu0T6zVg3bwUNtn29QCINo1SdS7PtsCBBDkwm8WeR+xHsSU+eV3kvNF8
-CID4wvwMW7lCBetADbI+ZvbKBvDkfUBAkJWm/a/wLJrztwTw307xOvyR5P5QjoIn
-ZMtmcmsWL+5Y13OoUccdUm9jDOTPILYtC7Y7y2Nolh0qOsCnMKzD0D11KDIoPlfc
-Rymwesu4+adiSYUfKvqabkb3c/GrbA==
-=lu9c
-----END PGP SIGNATURE-----
--- a/shadow-login_defs-check.sh
+++ b/shadow-login_defs-check.sh
@@ -33,18 +33,14 @@ if ! test -f openSUSE:Factory/util-linux/BUILD/*/configure.ac ; then
 		osc co openSUSE:Factory util-linux
 	fi
 	cd openSUSE:Factory/util-linux
-# BEGIN HACK
-# quilt does not understand our util-linux.spec.
-	sed -i s/@BUILD_FLAVOR@// util-linux.spec
-# END HACK
 	quilt setup -d BUILD util-linux.spec
-	cd $(ls -1d BUILD/* | sed /SPECPARTS/d)
+	cd BUILD/*
 	quilt push -a
 	cd ../../../..
 fi

 echo "Extracting variables from util-linux..."
-cd $(ls -1d openSUSE:Factory/util-linux/BUILD/* | sed /SPECPARTS/d)
+cd openSUSE:Factory/util-linux/BUILD/*
 (
 	grep -rh getlogindefs . |
 		sed -n 's/^.*getlogindefs[a-z_]*("\([A-Z0-9_]*\)".*$/\1/p'
@@ -72,13 +68,13 @@ if ! test -f openSUSE:Factory/pam/BUILD/*/configure.ac ; then
 	fi
 	cd openSUSE:Factory/pam
 	quilt setup -d BUILD pam.spec
-	cd $(ls -1d BUILD/* | sed /SPECPARTS/d)
+	cd BUILD/*
 	quilt push -a
 	cd ../../../..
 fi

 echo "Extracting variables from pam..."
-cd $(ls -1d openSUSE:Factory/pam/BUILD/* | sed /SPECPARTS/d)
+cd openSUSE:Factory/pam/BUILD/*
 grep -rh LOGIN_DEFS . |
 	sed -n 's/CRYPTO_KEY/\"HMAC_CRYPTO_ALGO\"/g;s/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' |
 	LC_ALL=C sort -u >../../../../shadow-login_defs-check-pam.lst
--- a/shadow-login_defs-suse.patch
+++ b/shadow-login_defs-suse.patch
@@ -82,7 +82,7 @@ Index: etc/login.defs
 # System accounts
 -SYS_UID_MIN		  101
 -SYS_UID_MAX		  999
-+SYS_UID_MIN		  201
+SYS_UID_MIN		  100
 +SYS_UID_MAX		  499
 # Extra per user uids
 SUB_UID_MIN		   100000
@@ -93,7 +93,7 @@ Index: etc/login.defs
 # System accounts
 -SYS_GID_MIN		  101
 -SYS_GID_MAX		  999
-+SYS_GID_MIN		  201
+SYS_GID_MIN		  100
 +SYS_GID_MAX		  499
 # Extra per user group ids
 SUB_GID_MIN		   100000
@@ -137,7 +137,7 @@ Index: etc/login.defs
 
 #
 # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
-@@ -299,7 +293,7 @@ USERGROUPS_ENAB yes
+@@ -322,7 +316,7 @@ USERGROUPS_ENAB yes
 # This option is overridden with the -M or -m flags on the useradd(8)
 # command-line.
 #
--- a/shadow-util-linux.patch
+++ b/shadow-util-linux.patch
@@ -122,7 +122,7 @@ Index: etc/login.defs
 # Max time in seconds for login(1)
 #
 LOGIN_TIMEOUT		60
-@@ -285,14 +305,6 @@ USERGROUPS_ENAB yes
+@@ -315,14 +335,6 @@ CHARACTER_CLASS         [ABCDEFGHIJKLMNO
 #GRANT_AUX_GROUP_SUBIDS yes
 
 #
@@ -137,26 +137,3 @@ Index: etc/login.defs
 # Select the HMAC cryptography algorithm.
 # Used in pam_timestamp module to calculate the keyed-hash message
 # authentication code.
-@@ -301,3 +313,10 @@ PREVENT_NO_AUTH superuser
- # that are available in your system.
- #
- #HMAC_CRYPTO_ALGO SHA512
-+
-+# Forces login to protect the specified environment variables if -p is not
-+# used. The string value is a comma-separated list of variable names. For
-+# example: "LANG,LC_MESSAGES,LC_COLLATE".  The safelist is ignored for the
-+# environment variables HOME, SHELL and USER.
-+#LOGIN_ENV_SAFELIST
-+
-Index: lib/getdef.c
-===================================================================
--- lib/getdef.c.orig
-+++ lib/getdef.c
-@@ -76,6 +76,7 @@ struct itemdef {
- #define FOREIGNDEFS				\
- 	{"ALWAYS_SET_PATH", NULL},		\
- 	{"ENV_ROOTPATH", NULL},			\
-+	{"LOGIN_ENV_SAFELIST", NULL},		\
- 	{"LOGIN_KEEP_USERNAME", NULL},		\
- 	{"LOGIN_PLAIN_PROMPT", NULL},		\
- 	{"MOTD_FIRSTONLY", NULL},		\
--- a/shadow.changes
+++ b/shadow.changes
@@ -1,107 +1,3 @@
-------------------------------------------------------------------
-Wed Apr  9 00:05:49 UTC 2025 - Stanislav Brabec <sbrabec@suse.com>
-
- shadow-util-linux.patch: util-linux-2.41 introduced new variable:
-  LOGIN_ENV_SAFELIST. Recognize it and update dependencies. The
-  patch includes gh/shadow-maint/shadow/pull#1248.
- shadow-login_defs-check-login_defs.lst: Make the util-linux.spec
-  multibuild file compatible with quilt. Make it working with new
-  quilt.
-
-------------------------------------------------------------------
-Mon Jan 20 10:20:31 UTC 2025 - Michael Vetter <mvetter@suse.com>
-
- bsc#1235453: Set SYS_{UID,GID}_MIN to 201:
-  After repeated similar requests to change the ID ranges we set the
-  above mentioned value to 201. The max value will stay at 499.
-  This range should be sufficient and will give us leeway for the
-  future.
-  It's not straightforward to find out which static UIDs/GIDs are
-  used in all packages.
-  Update shadow-login_defs-suse.patch
-
-------------------------------------------------------------------
-Sat Jan 11 16:37:07 UTC 2025 - Michael Vetter <mvetter@suse.com>
-
- Update to 4.17.2:
-  * src/login_nopam.c: Fix compiler warnings #1170
-  * lib/chkname.c: Put limits for LOGIN_NAME_MAX and sysconf(_SC_LOGIN_NAME_MAX) #1169
-  * Use HTTPS in link to Wikipedia article on password strength #1164
-  * lib/attr.h: use C23 attributes only with gcc >= 10 #1172
-  * login: Fix no-pam authorization regression #1174
-  * man: Add Portuguese translation #1178
-  * Update French translation #1177
-  * Add cheap defense mechanisms #1171
-  * Add Romanian translation #1176
-
-------------------------------------------------------------------
-Tue Dec 31 19:41:57 UTC 2024 - Michael Vetter <mvetter@suse.com>
-
- Update to 4.17.1:
-  * Fix `su -` regression #1163
-
-------------------------------------------------------------------
-Fri Dec 27 16:06:45 UTC 2024 - Michael Vetter <mvetter@suse.com>
-
- Update to 4.17.0:
-  * Fix the lower part of the domain of csrand_uniform()
-  * Fix use of volatile pointer
-  * Use 'dist-hook' to clean up <tests/unit/Makefile>
-  * Use str2[u]l() instead of atoi(3)
-  * Use a2i() in various places
-  * Fix const correctness
-  * Use uid_t for holding UIDs (and GIDs)
-  * Move all sprintf(3)-like APIs to a subdirectory
-  * Move all copying APIs to a subdirectory
-  * Fix forever loop on ENOMEM
-  * Fix REALLOC() nmemb calculation
-  * Remove id(1)
-  * Remove groups(1)
-  * Use local time for human-readable dates
-  * Use %F instead of %Y-%m-%d with strftime(3)
-  * is_valid{user,group}_name(): Set errno to distinguish the reasons
-  * Recommend --badname only if it is useful
-  * Add fmkomstemp() to fix mode of </etc/default/useradd>
-  * Fix use-after-free bug in sgetgrent()
-  * Update Catalan translation
-  * Remove references to cppw, cpgr
-  * groupadd, groupmod: Update gshadow file with -U
-  * Added option -a for listing active users only, optimized using if aflg,return
-  * Added information in lastlog man page for new option '-a'
-  * Plenty of code cleanup and clarifications
-
-------------------------------------------------------------------
-Fri Dec  6 08:56:10 UTC 2024 - Michael Vetter <mvetter@suse.com>
-
- Update to 4.17.0 RC1:
-  Pre-release without changelog
-
-------------------------------------------------------------------
-Mon Jul  8 11:13:17 UTC 2024 - Samuel Cabrero <scabrero@suse.de>
-
- Disable flushing sssd caches. The sssd's files provider is no
-  longer available.
-
-------------------------------------------------------------------
-Mon Jun 24 13:02:56 UTC 2024 - Michael Vetter <mvetter@suse.com>
-
- bsc#1226850: Drop incorrect econf patch (until time to fix it)
-  Drop shadow-4.16.0-econf.patch
-
-------------------------------------------------------------------
-Wed Jun 19 06:51:45 UTC 2024 - Michael Vetter <mvetter@suse.com>
-
- Update to 4.16.0:
-  * The shadow implementations of id(1) and groups(1) are deprecated
-    in favor of the GNU coreutils and binutils versions.
-    They will be removed in 4.17.0.
-  * The rlogind implementation has been removed.
-  * The libsubid major version has been bumped, since it now requires
-    specification of the module's free() implementation.
- Update shadow-login_defs-suse.patch
- Add shadow-4.16.0-econf.patch:
-  Replace deprecated econf_readDirs with econf_readConfig
-
 -------------------------------------------------------------------
 Sun Mar 24 09:06:48 UTC 2024 - Michael Vetter <mvetter@suse.com>

--- a/shadow.spec
+++ b/shadow.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package shadow
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +22,7 @@
  %define no_config 1
 %endif
 Name:           shadow
-Version:        4.17.2
+Version:        4.15.1
 Release:        0
 Summary:        Utilities to Manage User and Group Accounts
 License:        BSD-3-Clause AND GPL-2.0-or-later
@@ -84,27 +84,27 @@ Summary:        The login.defs configuration file
 # Call shadow-login_defs-check.sh before!
 Group:          System/Base
 Provides:       login_defs-support-for-pam = 1.5.2
-Provides:       login_defs-support-for-util-linux = 2.41
+Provides:       login_defs-support-for-util-linux = 2.37
 BuildArch:      noarch

 %description -n login_defs
 This package contains the default login.defs configuration file
 as used by util-linux, pam and shadow.

-%package -n libsubid5
+%package -n libsubid4
 Summary:        A library to manage subordinate uid and gid ranges
 Group:          System/Base

-%description -n libsubid5
+%description -n libsubid4
 Utility library that provides a way to manage subid ranges.

 %package -n libsubid-devel
-Summary:        Development files for libsubid5
+Summary:        Development files for libsubid4
 Group:          System/Base
-Requires:       libsubid5 = %{version}
+Requires:       libsubid4 = %{version}

 %description -n libsubid-devel
-Development files for libsubid5.
+Development files for libsubid4.

 %prep
 %setup -q -a 1
@@ -117,7 +117,7 @@ Development files for libsubid5.
 %patch -P 5 -p1
 %endif

-iconv -c -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
+iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
 mv -v doc/HOWTO.utf8 doc/HOWTO

 %build
@@ -125,7 +125,6 @@ export CFLAGS="%{optflags} -fpie"
 export LDFLAGS="-pie"

 autoreconf -fvi
-# SSSD files provider is deprecated since 2.9.0, but still enabled in openSUSE Leap 15.6 and SLE 15 SP6
 %configure \
  --enable-shadowgrp \
  --enable-account-tools-setuid \
@@ -138,9 +137,6 @@ autoreconf -fvi
  --with-selinux \
  --without-libcrack \
  --without-libbsd \
-%if 0%{?suse_version} >= 1600
-  --without-sssd \
-%endif
  --with-group-name-max-length=32 \
  --enable-vendordir=%{_distconfdir}
 %make_build
@@ -158,6 +154,11 @@ install -Dm644 %{SOURCE5} %{buildroot}%{_unitdir}/shadow.timer
 touch %{buildroot}/%{_sysconfdir}/subuid
 touch %{buildroot}/%{_sysconfdir}/subgid

+# Remove binaries we don't use.
+rm %{buildroot}/%{_bindir}/groups
+rm %{buildroot}/%{_mandir}/man1/groups.*
+rm %{buildroot}/%{_mandir}/*/man1/groups.*
+
 rm %{buildroot}/%{_sbindir}/grpconv
 rm %{buildroot}/%{_mandir}/man8/grpconv.*
 rm %{buildroot}/%{_mandir}/*/man8/grpconv.*
@@ -275,8 +276,8 @@ done
 # - Migration to /usr/etc (after SLE15 and Leap 15)
 test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpmsave %{_sysconfdir}/login.defs ||:

-%post -n libsubid5 -p /sbin/ldconfig
-%postun -n libsubid5 -p /sbin/ldconfig
+%post -n libsubid4 -p /sbin/ldconfig
+%postun -n libsubid4 -p /sbin/ldconfig

 %files -f shadow.lang
 %license COPYING
@@ -376,7 +377,7 @@ test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpm
 %endif
 %{_mandir}/man5/login.defs.5%{?ext_man}

-%files -n libsubid5
+%files -n libsubid4
 %{_libdir}/libsubid.so.*

 %files -n libsubid-devel