Accepting request 536398 from Base:System

- Revert accidentalied prerequisites.
  Use PreReq for permissions
- Prequire group(shadow), group(root), user(root)
- bsc#1061838:
  Add Requires for group(mail)
- boo#1048645:
  Set suid bit for newuidmap and newgimap
- Revert the changes for bsc#1023895 back
  Pulls in too many deps into ring0.
  Next version of shadow plans to have no conditional man pages.
- run spec-cleaner
- bsc#1023895:
  man page contained invalid options because they depend
  on compile flags and we shipped pre built ones.
  New BuildRequires: docbook-xsl-stylesheets docbook_4 xml2po
  xsltproc
- Adjust requires (we need user/group root instead of aaa_base now)
- New upstream version 4.5
- Refreshed patches:
  * shadow-login_defs.patch
  * chkname-regex.patch
  * getdef-new-defs.patch
  * useradd-mkdirs.patch
- Upstreamed patches:
  * shadow-4.1.5.1-manfix.patch
  * shadow-4.1.5.1-errmsg.patch
  * shadow-4.1.5.1-backup-mode.patch
  * shadow-4.1.5.1-audit-owner.patch
  * shadow-4.2.1-defs-chroot.patch
  * shadow-4.2.1-merge-group.patch
  * Fix-user-busy-errors-at-userdel.patch
  * useradd-clear-tallylog.patch
- shadow-4.1.5.1-pam_group.patch
  dynamically added users via pam_group are not listed in groups
  databases but are still valid
- shadow.keyring: update keyring with current maintainer's keyid
  only - Serge Hallyn 'F1D08DB778185BF784002DFFE9FEEA06A85E3F9D'
- disable_new_audit_function.patch:
  Disable newer libaudit functionality for older distributions
- useradd: call external program "/sbin/pam_tally2" to reset
  failed login counter in "/var/log/tallylog"
  (bsc#980486, useradd-clear-tallylog.patch)
- add keyring, three public keys from https://pkg-shadow.alioth.debian.org/download.php
- bsc#1002975: Use permissions according to permissions package
  and dont try to manipulate them in %files section.
- boo#994486: Include shadow.5 manpage
  Previously this was provided by man-pages package in
  the man-pages-addons tarball which got removed later on.
- Add package dependency for aaa_base, fixing bnc#899409
  (was done by tbehrens@suse.com but not submitted to Factory)
- shadow 4.2.1 requested by fate#320422
- bsc#979069: Dont include shadow-4.1.5.1-bug935203-manpage.patch
- Dont set SUID bit yet. Once bsc#979282 is through, which will adapt the permissions package, we can enable the SUID bits.
  Remove the files used to circumvent the check.
- Remove:
    * shadow-rpmlintrc
    * shadow-subids
    * shadow-subids.easy
    * shadow-subids.secure
    * shadow-subids.paranoid
- Update to shadow-4.2.1:
  - add support for subuids/subgids via newuidmap/newgidmap
- Rename chkname-regex.diff to chkname-regex.patch
- Rename encryption_method_nis.diff to encryption_method_nis.patch
- Rename getdef-new-defs.diff to getdef-new-defs.patch
- Rename shadow-login_defs.diff to shadow-login_defs.patch
- Rename userdel-scripts.diff to userdel-script.patch
- Rename useradd-script.diff to useradd-script.patch
- Rename useradd-default.diff to useradd-default.patch
- Rename useradd-mkdirs.diff to useradd-mkdirs.patch
- Add fixes from Red Hat/Fedora:
  - shadow-4.1.5.1-audit-owner.patch.patch:
    - log owner changes for home directory
  - shadow-4.1.5.1-userdel-helpfix.patch.patch:
    - give a hint about what happens when you force the removal of a user
  - shadow-4.2.1-defs-chroot.patch.patch:
    - initialize uid_t uid_min and uid_t uid_max not before we need them
  - shadow-4.2.1-merge-group.patch.patch:
    - simplify by using a single call to snprintf()
- Add upstream fix
  - Fix-user-busy-errors-at-userdel.patch:
    - call sub_uid_close()
- Moved call from %verifyscript into %post:
  * Caused call to %service_add_post shadow.service shadow.timer
    during rpm -qV shadow
- Add systemd unit files to continuously check password & groupfile integrity
  * Idea from Arch Linux
  * pending request to systemd-presets-branding-openSUSE to enable by default
- Add patch useradd-mkdirs.diff: fix for bnc#865563, create all parts
  of the path
- Stop any systemd user manager instance in case a user entry will
  be deleted (bnc#849870).  Nevertheless a running process requires
  the option --force for the userdel command.
- Add ENCRYPT_METHOD_NIS for pam_unix.so (encryption_method_nis.diff)
- Add some fixes from Fedora:
  - shadow-4.1.5.1-backup-mode.patch: open backup file with correct
    permissions.
  - shadow-4.1.5.1-logmsg.patch: fix error message
  - shadow-4.1.5.1-errmsg.patch: print error reason
  - shadow-4.1.5.1-manfix.patch: fix manual page
- Cleanup login.defs and enable ENCRYPT_METHOD [bnc#802006]
- Fix getdef default variables (getdef-new-defs.diff)
- Fix default group value in /etc/default/useradd 
  (useradd-default.diff)
- Implement CHARACTER_CLASS support
  (chkname-regex.diff)
- Add support for useradd.local
  (useradd-script.diff)
- Fix spec file
- Adjust login.defs
  (shadow-login_defs.diff)
- Add userdel*.local script support and scrips
  (userdel-scripts.diff)
- Initial package [FATE#314473]

OBS-URL: https://build.opensuse.org/request/show/536398
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=23

shadow.changes

@@ -2,6 +2,7 @@
 Fri Oct 13 15:44:28 UTC 2017 - adam.majer@suse.de
 
 - Revert accidentalied prerequisites.
+  Use PreReq for permissions
 
 -------------------------------------------------------------------
 Thu Oct 12 08:59:28 UTC 2017 - schwab@suse.de