- Update to 4.8:

* Initial optional bcrypt support.
  * Make build/install of 'su' optional.
  * Fix for vipw not resuming correctly when suspended
  * Sync password field descriptions in manpages
  * Check for valid shell argument in useradd
  * Allow translation of new strings through POTFILES.in
  * Migrate to itstool for translations
  * Migrate to new SELinux api
  * Support --enable-vendordir
  * pwck: Only check homedir if set and not a system user
  * Support nonstandard usernames
  * sget{pw,gr}ent: check for data at EOL
  * Add YYY-MM-DD support in chage
  * Fix failing chmod calls for suidubins
  * Fix --sbindir and --bindir for binary installations
  * Fix LASTLOG_UID_MAX in login.defs
  * Fix configure error with dash
- Remove because upstreamed:
  * libeconf.patch
  * shadow-usermod-variable.patch
- Rebase:
  * shadow-login_defs-unused-by-pam.patch
  * chkname-regex.patch
  * shadow-util-linux.patch
  * shadow-login_defs-comments.patch
- Add shadow-4.8-selinux-include.patch
  See https://github.com/shadow-maint/shadow/pull/200

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=81
This commit is contained in:
Michael Vetter 2019-12-17 12:44:46 +00:00 committed by Git OBS Bridge
parent 6511638aa9
commit 93639b1c76
11 changed files with 104 additions and 72 deletions

View File

@ -2,7 +2,7 @@ Index: etc/login.defs
===================================================================
--- etc/login.defs.orig
+++ etc/login.defs
@@ -274,3 +274,11 @@ USERGROUPS_ENAB yes
@@ -299,3 +299,11 @@ USERGROUPS_ENAB yes
# missing.
#
#FORCE_SHADOW yes
@ -18,7 +18,7 @@ Index: lib/getdef.c
===================================================================
--- lib/getdef.c.orig
+++ lib/getdef.c
@@ -77,6 +77,7 @@ struct itemdef {
@@ -80,6 +80,7 @@ struct itemdef {
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
static struct itemdef def_table[] = {
@ -30,7 +30,7 @@ Index: libmisc/chkname.c
===================================================================
--- libmisc/chkname.c.orig
+++ libmisc/chkname.c
@@ -43,30 +43,57 @@
@@ -43,8 +43,11 @@
#ident "$Id$"
#include <ctype.h>
@ -40,13 +40,15 @@ Index: libmisc/chkname.c
+#include "getdef.h"
+#include <stdio.h>
static bool is_valid_name (const char *name)
{
int allow_bad_names = false;
@@ -54,24 +57,46 @@ static bool is_valid_name (const char *n
return true;
}
- /*
- * User/group names must match [a-z_][a-z0-9_-]*[$]
- */
- if (('\0' == *name) ||
- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
+ const char *class;
+ regex_t reg;
+ int result;
@ -79,7 +81,9 @@ Index: libmisc/chkname.c
+ fprintf (stderr, _("Can't compile regular expression: %s\n"),
+ buffer);
+ } */
+
- if (('\0' == *name) ||
- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
+ regfree(&reg);
return false;
}
@ -98,7 +102,4 @@ Index: libmisc/chkname.c
+ return false;
}
+ regfree(&reg);
return true;
}

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e5e196a4a7e3b228c812f3163d368be3e932e6eaa4e616677a148d9ec921e16c
size 1624340

View File

@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAl0CfrYACgkQ6f7qBqhe
P50xqQgAgmeu46zmQ7A+8nzcna8aaKQ5aftc9QVCQuPg94DvkXNuUjz384os1PBa
9DM5ukiDiDWhkmoKDCro9d/JVfKg0v0W2Ee29JvaZRhpUFlk3xWZAM55Na22ywbv
JYIF94wLfH0+AZQvjTpJmlJgeCK5K0L2LvAsPoEsHNuAKjpz7tFGJgqBKgK2+xAv
csmBhPRShZypXH3tQ/jcMT8itPSRBGt4W55zuNUT2OKc5ioXxc1TJ5jn0YX8AsOQ
5ZkBbGHL416QRonhiKfWsntB3RnmJQMcL8R72MpemKjVw+q+QYnnKIE/Fta7J0+N
EkUBRYdbbiAsUNW3syN/Q2o+DF00aw==
=dbPQ
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,12 @@
Index: shadow-4.8/lib/selinux.c
===================================================================
--- shadow-4.8.orig/lib/selinux.c
+++ shadow-4.8/lib/selinux.c
@@ -31,6 +31,7 @@
#ifdef WITH_SELINUX
+#include <stdio.h>
#include "defines.h"
#include <selinux/selinux.h>

3
shadow-4.8.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:64b46683b9c1f35b2cd2da9fa87a1383917666e85a56b35e081c7257d10dac64
size 1609060

11
shadow-4.8.tar.xz.asc Normal file
View File

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAl3j/d0ACgkQ6f7qBqhe
P5185Qf9E2/IuxNWXdL30l+rA9w5WAIiQ61UHf/Z4HXPaVQnSmjGruHeuCbEDhyF
Lcqqmhfi84CdFSJe3F+0JrpgFQ1wfc+j/n1jPjrtpjtje7cuuwFTTVx8LDL+hULl
ylQKneQdDfX1vZnmcD5Us8YifG+eiTOHsLnk+HpgRekMpr6mIzJm8SkyJiVp8kAO
Rfp60+XlCW4Q0bExQ9Ig4ElEagQTODwQ6xPxM5pHvc/pEvJyH/2fq9BzSfDRMU8q
h9pO3gDgXp0A7hmkBlQVPsG9vXCwNuvrAj4p7TTYqdn03uTTcknFqhoECuQjJ+BM
z2WaKWY2NAn53AWzABsoaPW6t8Y+cg==
=4/Ig
-----END PGP SIGNATURE-----

View File

@ -13,7 +13,7 @@ Index: etc/login.defs
#
# Delay in seconds before being allowed another attempt after a login failure
@@ -32,6 +30,15 @@ CONSOLE /etc/securetty
@@ -47,6 +45,15 @@ CONSOLE /etc/securetty
#CONSOLE console:tty01:tty02:tty03:tty04
#
@ -29,7 +29,7 @@ Index: etc/login.defs
# If defined, all su(1) activity is logged to this file.
#
#SULOG_FILE /var/log/sulog
@@ -79,11 +86,14 @@ ENV_PATH /bin:/usr/bin
@@ -94,11 +101,14 @@ ENV_PATH /bin:/usr/bin
ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin
#ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin
@ -46,7 +46,7 @@ Index: etc/login.defs
ALWAYS_SET_PATH no
#
@@ -123,6 +133,11 @@ PASS_WARN_AGE 7
@@ -138,6 +148,11 @@ PASS_WARN_AGE 7
#
# Min/max values for automatic uid selection in useradd(8)
#
@ -58,7 +58,7 @@ Index: etc/login.defs
UID_MIN 1000
UID_MAX 60000
# System accounts
@@ -136,6 +151,11 @@ SUB_UID_COUNT 65536
@@ -151,6 +166,11 @@ SUB_UID_COUNT 65536
#
# Min/max values for automatic gid selection in groupadd(8)
#
@ -70,7 +70,7 @@ Index: etc/login.defs
GID_MIN 1000
GID_MAX 60000
# System accounts
@@ -165,7 +185,6 @@ LOGIN_TIMEOUT 60
@@ -180,7 +200,6 @@ LOGIN_TIMEOUT 60
CHFN_RESTRICT rwh
#
@ -78,7 +78,7 @@ Index: etc/login.defs
# If set to "yes", new passwords will be encrypted using the MD5-based
# algorithm compatible with the one used by recent releases of FreeBSD.
# It supports passwords of unlimited length and longer salt strings.
@@ -180,7 +199,6 @@ CHFN_RESTRICT rwh
@@ -195,7 +214,6 @@ CHFN_RESTRICT rwh
#MD5_CRYPT_ENAB no
#
@ -86,14 +86,3 @@ Index: etc/login.defs
# If set to MD5, MD5-based algorithm will be used for encrypting password
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
@@ -208,8 +226,8 @@ CHFN_RESTRICT rwh
# If only one of the MIN or MAX values is set, then this value will be used.
# If MIN > MAX, the highest value will be used.
#
-# SHA_CRYPT_MIN_ROUNDS 5000
-# SHA_CRYPT_MAX_ROUNDS 5000
+#SHA_CRYPT_MIN_ROUNDS 5000
+#SHA_CRYPT_MAX_ROUNDS 5000
#
# Should login be allowed if we can't cd to the home directory?

View File

@ -20,7 +20,7 @@ Index: etc/login.defs
# Enable display of unknown usernames when login(1) failures are recorded.
#
LOG_UNKFAIL_ENAB no
@@ -27,34 +22,6 @@ LOG_UNKFAIL_ENAB no
@@ -27,11 +22,6 @@ LOG_UNKFAIL_ENAB no
LOG_OK_LOGINS no
#
@ -29,6 +29,13 @@ Index: etc/login.defs
-LASTLOG_ENAB yes
-
-#
# Limit the highest user ID number for which the lastlog entries should
# be updated.
#
@@ -41,29 +31,6 @@ LASTLOG_ENAB yes
#LASTLOG_UID_MAX
#
-# Enable checking and display of mailbox status upon login.
-#
-# Disable if the shell startup files already check for mail
@ -55,7 +62,7 @@ Index: etc/login.defs
# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
#
@@ -82,46 +49,12 @@ MOTD_FILE /etc/motd
@@ -91,46 +58,12 @@ MOTD_FILE /etc/motd
#MOTD_FILE /etc/motd:/usr/lib/news/news-motd
#
@ -102,7 +109,7 @@ Index: etc/login.defs
# If defined, file which inhibits all the usual chatter during the login
# sequence. If a full pathname, then hushed mode will be enabled if the
# user's name or shell are found in the file. If not a full pathname, then
@@ -131,21 +64,6 @@ HUSHLOGIN_FILE .hushlogin
@@ -140,21 +73,6 @@ HUSHLOGIN_FILE .hushlogin
#HUSHLOGIN_FILE /etc/hushlogins
#
@ -124,7 +131,7 @@ Index: etc/login.defs
# *REQUIRED* The default PATH settings, for superuser and normal users.
#
# (they are minimal, add the rest in the shell startup files)
@@ -171,17 +89,13 @@ TTYPERM 0600
@@ -180,17 +98,13 @@ TTYPERM 0600
#
# ERASECHAR Terminal ERASE character ('\010' = backspace).
# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
@ -142,7 +149,7 @@ Index: etc/login.defs
# Default initial "umask" value used by login(1) on non-PAM enabled systems.
# Default "umask" value for pam_umask(8) on PAM enabled systems.
@@ -197,28 +111,13 @@ UMASK 022
@@ -206,28 +120,13 @@ UMASK 022
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
# PASS_MIN_DAYS Minimum number of days allowed between password changes.
@ -171,7 +178,7 @@ Index: etc/login.defs
# Min/max values for automatic uid selection in useradd(8)
#
UID_MIN 1000
@@ -255,28 +154,6 @@ LOGIN_RETRIES 5
@@ -264,28 +163,6 @@ LOGIN_RETRIES 5
LOGIN_TIMEOUT 60
#
@ -200,7 +207,7 @@ Index: etc/login.defs
# Which fields may be changed by regular users using chfn(1) - use
# any combination of letters "frwh" (full name, room number, work
# phone, home phone). If not defined, no changes are allowed.
@@ -285,13 +162,6 @@ CHFN_AUTH yes
@@ -294,13 +171,6 @@ CHFN_AUTH yes
CHFN_RESTRICT rwh
#
@ -214,8 +221,8 @@ Index: etc/login.defs
# Only works if compiled with MD5_CRYPT defined:
# If set to "yes", new passwords will be encrypted using the MD5-based
# algorithm compatible with the one used by recent releases of FreeBSD.
@@ -336,29 +206,12 @@ CHFN_RESTRICT rwh
# SHA_CRYPT_MAX_ROUNDS 5000
@@ -361,29 +231,12 @@ CHFN_RESTRICT rwh
#BCRYPT_MAX_ROUNDS 13
#
-# List of groups to add to the user's supplementary group set

View File

@ -16,7 +16,7 @@ Index: etc/login.defs
#
# $Id$
#
@@ -17,15 +19,8 @@ FAIL_DELAY 3
@@ -17,9 +19,8 @@ FAIL_DELAY 3
LOG_UNKFAIL_ENAB no
#
@ -24,16 +24,10 @@ Index: etc/login.defs
+# Enable "syslog" logging of newgrp(1) and sg(1) activity.
#
-LOG_OK_LOGINS no
-
-#
-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
-#
-SYSLOG_SU_ENAB yes
SYSLOG_SG_ENAB yes
#
@@ -63,12 +58,33 @@ MOTD_FILE /etc/motd
# Limit the highest user ID number for which the lastlog entries should
@@ -72,12 +73,33 @@ MOTD_FILE /etc/motd
HUSHLOGIN_FILE .hushlogin
#HUSHLOGIN_FILE /etc/hushlogins
@ -69,7 +63,7 @@ Index: etc/login.defs
#
# Terminal permissions
@@ -84,19 +100,6 @@ ENV_PATH PATH=/bin:/usr/bin
@@ -93,19 +115,6 @@ ENV_PATH PATH=/bin:/usr/bin
TTYGROUP tty
TTYPERM 0600
@ -93,7 +87,7 @@ Index: lib/getdef.c
===================================================================
--- lib/getdef.c.orig
+++ lib/getdef.c
@@ -77,6 +77,7 @@ struct itemdef {
@@ -80,6 +80,7 @@ struct itemdef {
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0]))
static struct itemdef def_table[] = {
@ -101,7 +95,7 @@ Index: lib/getdef.c
{"CHARACTER_CLASS", NULL},
{"CHFN_RESTRICT", NULL},
{"CONSOLE_GROUPS", NULL},
@@ -85,6 +86,7 @@ static struct itemdef def_table[] = {
@@ -88,6 +89,7 @@ static struct itemdef def_table[] = {
{"DEFAULT_HOME", NULL},
{"ENCRYPT_METHOD", NULL},
{"ENV_PATH", NULL},
@ -109,7 +103,7 @@ Index: lib/getdef.c
{"ENV_SUPATH", NULL},
{"ERASECHAR", NULL},
{"FAIL_DELAY", NULL},
@@ -95,6 +97,7 @@ static struct itemdef def_table[] = {
@@ -98,6 +100,7 @@ static struct itemdef def_table[] = {
{"KILLCHAR", NULL},
{"LASTLOG_UID_MAX", NULL},
{"LOGIN_RETRIES", NULL},

View File

@ -1,3 +1,35 @@
-------------------------------------------------------------------
Tue Dec 17 12:43:01 UTC 2019 - Michael Vetter <mvetter@suse.com>
- Update to 4.8:
* Initial optional bcrypt support.
* Make build/install of 'su' optional.
* Fix for vipw not resuming correctly when suspended
* Sync password field descriptions in manpages
* Check for valid shell argument in useradd
* Allow translation of new strings through POTFILES.in
* Migrate to itstool for translations
* Migrate to new SELinux api
* Support --enable-vendordir
* pwck: Only check homedir if set and not a system user
* Support nonstandard usernames
* sget{pw,gr}ent: check for data at EOL
* Add YYY-MM-DD support in chage
* Fix failing chmod calls for suidubins
* Fix --sbindir and --bindir for binary installations
* Fix LASTLOG_UID_MAX in login.defs
* Fix configure error with dash
- Remove because upstreamed:
* libeconf.patch
* shadow-usermod-variable.patch
- Rebase:
* shadow-login_defs-unused-by-pam.patch
* chkname-regex.patch
* shadow-util-linux.patch
* shadow-login_defs-comments.patch
- Add shadow-4.8-selinux-include.patch
See https://github.com/shadow-maint/shadow/pull/200
-------------------------------------------------------------------
Mon Oct 7 09:50:30 CEST 2019 - kukuk@suse.de

View File

@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@ -23,7 +23,7 @@
%endif
Name: shadow
Version: 4.7
Version: 4.8
Release: 0
Summary: Utilities to Manage User and Group Accounts
License: BSD-3-Clause AND GPL-2.0-or-later
@ -61,12 +61,10 @@ Patch7: shadow-4.1.5.1-logmsg.patch
Patch13: shadow-login_defs-comments.patch
# PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs.
Patch14: shadow-login_defs-suse.patch
# PATCH-FIX-UPSTREAM shadow-4.8-selinux-include.patch mvetter@suse.com -- https://github.com/shadow-maint/shadow/pull/200
Patch15: shadow-4.8-selinux-include.patch
# PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
Patch20: disable_new_audit_function.patch
# PATCH-FIX-UPSTREAM shadow-usermod-variable.patch https://github.com/shadow-maint/shadow/pull/170 sbrabec@suse.com -- Fix variable name.
Patch21: shadow-usermod-variable.patch
# PATCH-FEATURE-UPSTREAM libeconf.patch https://github.com/shadow-maint/shadow/pull/180 kukuk@suse.com -- Add support for a vendor directory and libeconf
Patch22: libeconf.patch
BuildRequires: audit-devel > 2.3
BuildRequires: autoconf
BuildRequires: automake
@ -110,11 +108,10 @@ group accounts.
%patch7
%patch13
%patch14
%patch15 -p1
%if 0%{?suse_version} < 1330
%patch20 -p1
%endif
%patch21 -p1
%patch22 -p1
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
mv -v doc/HOWTO.utf8 doc/HOWTO