Commit Graph

71 Commits

Author SHA256 Message Date
Michael Vetter
8f871cae62 - Fix shadow-login_defs-check.sh:
In the last update we switched from calling make to %make_build
  macro. Using sed to adapt the spec file now.

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=108
2021-09-07 15:09:34 +00:00
Michael Vetter
c8f7c173d8 Accepting request 912922 from home:kukuk:tiu
- libsubid-devel: add missing requires for libsubid3
- Remove README.changes-pwdutils, all distros you can upgrade from
  use already shadow
- login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to
  be compatible with other Linux distros and the other tools
  creating user accounts in use on openSUSE. Set HOME_MODE to 700
  for security reasons and compatibility. [bsc#1189139]

OBS-URL: https://build.opensuse.org/request/show/912922
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=107
2021-08-18 17:54:07 +00:00
Michael Vetter
3317029e04 Accepting request 912915 from home:jubalh:branches:Base:System
- Update to 4.9:
  * Updated translations
  * Major salt updates
  * Various coverity and cleanup fixes
  * Consistently use 0 to disable PASS_MIN_DAYS in man
  * Implement NSS support for subids and a libsubid
  * setfcap: retain setfcap when mapping uid 0
  * login.defs: include HMAC_CRYPTO_ALGO key
  * selinux fixes
  * Fix path prefix path handling
  * Manpage updates
  * Treat an empty passwd field as invalid(Haelwenn Monnier)
  * newxidmap: allow running under alternative gid
  * usermod: check that shell is executable
  * Add yescript support
  * useradd memleak fixes
  * useradd: use built-in settings by default
  * getdefs: add foreign
  * buffer overflow fixes
  * Adding run-parts style for pre and post useradd/del
- Refresh:
  * shadow-login_defs-unused-by-pam.patch
  * userdel-script.patch
  * useradd-script.patch
  * chkname-regex.patch
  * useradd-default.patch: bbf4b79 stopped shipping default file.
    change group in code now.
  * shadow-login_defs-suse.patch
  * useradd-userkeleton.patch
- Remove because upstreamed:

OBS-URL: https://build.opensuse.org/request/show/912915
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=106
2021-08-18 14:25:29 +00:00
Michael Vetter
e27cf8c34f Accepting request 903400 from home:kukuk:branches:Base:System
- login.defs/MOTD_FILE: Use "" instead of blank entry [bsc#1187536]
- Add /etc/login.defs.d directory

OBS-URL: https://build.opensuse.org/request/show/903400
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=105
2021-07-02 06:52:55 +00:00
Michael Vetter
faf07ff787 Accepting request 897717 from home:mauriziogalli:branches:Base:System
- Enable shadowgrp so that we can set more secure group passwords 
  using shadow.

OBS-URL: https://build.opensuse.org/request/show/897717
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=104
2021-06-08 06:39:30 +00:00
Michael Vetter
b6e8d920e2 Accepting request 897344 from home:kukuk:tiu
- Disable MOTD_FILE to allow the use of pam_motd to unify motd
  message output [bsc#1185897]. Else motd entries of e.g. cockpit
  will not be shown.

OBS-URL: https://build.opensuse.org/request/show/897344
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=103
2021-06-08 06:36:00 +00:00
Michael Vetter
451a55ed1d Accepting request 871006 from home:sbrabec:branches:distconfdir-fix
No change in code. Integrate changes in SLE/Leap branch into older changelog entries in Factory.

OBS-URL: https://build.opensuse.org/request/show/871006
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=101
2021-02-15 09:45:08 +00:00
1b82897569 Accepting request 867612 from home:sbrabec:branches:distconfdir-fix
- Do not require libeconf-devel on products without /usr/etc.

OBS-URL: https://build.opensuse.org/request/show/867612
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=100
2021-01-30 08:05:35 +00:00
Michael Vetter
a4ea6b15c3 Accepting request 865245 from home:kukuk:branches:Base:System
- Split login.defs configuration file into own sub-package, which
  allows to install util-linux or pam on small embedded/edge
  systems or container without the need to pull in the full shadow
  suite.

OBS-URL: https://build.opensuse.org/request/show/865245
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=99
2021-01-21 08:48:53 +00:00
Dr. Werner Fink
ff3f23e669 Accepting request 848094 from home:favogt:boo1178296
- Amend patches/useradd-userkeleton.patch to also write into
  existing directories and prefer files from /etc

OBS-URL: https://build.opensuse.org/request/show/848094
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=98
2020-11-12 10:32:46 +00:00
Dr. Werner Fink
cf082dac01 Add support for /usr/etc/skel to useradd binary its self
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=97
2020-11-11 11:39:56 +00:00
Dr. Werner Fink
5d3b7a8e02 bsc#1178296
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=95
2020-11-02 15:56:45 +00:00
Dr. Werner Fink
6ffcde29a4 boo#1173321
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=93
2020-10-09 13:16:40 +00:00
Michael Vetter
0b9efbf5e4 Accepting request 840138 from home:sbrabec:branches:util-linux-multibuild
- shadow-login_defs-check.sh: Fix the regexp to get a real variable
  list (boo#1164274).

OBS-URL: https://build.opensuse.org/request/show/840138
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=92
2020-10-08 20:42:21 +00:00
Michael Vetter
a52384dc01 Accepting request 833343 from home:sbrabec:branches:util-linux-multibuild
- login.defs: Add support for new util-linux-2.36 login variable
  MOTD_FIRSTONLY (shadow-util-linux.patch).
- shadow-login_defs-comments.patch: Remove duplicated
  LASTLOG_UID_MAX.
- shadow-login_defs-check.sh: Update for new build system.
- shadow-util-linux.patch: Restore lost chunk: SYSLOG_SU_ENAB is
  not used in SUSE Linux.
- Refresh shadow-login_defs-suse.patch and
  shadow-login_defs-comments.patch.

OBS-URL: https://build.opensuse.org/request/show/833343
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=90
2020-09-15 07:22:16 +00:00
Michael Vetter
57f8487ce4 Accepting request 808197 from home:favogt:branches:Base:System
- Use pure #!/bin/sh in:
  * useradd.local
  * userdel-post.local
  * userdel-pre.local

OBS-URL: https://build.opensuse.org/request/show/808197
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=88
2020-05-27 20:51:02 +00:00
Michael Vetter
1600e1cd6f - Update to 4.8.1:
* selinux: include stdio
  * man: don't suggest making groupmems user-writeable
  * Makefile: bail out on error in for loops
  * Adding logging of SSH_ORIGINAL_COMMAND to nologin
  * add new HOME_MODE login.defs option
  * Add tty logging to useradd
  * Useradd: make non-executable shell check only a warning
  * Update Dutch translation
  * user_busy: Do not mistake a regular user process for a namespaced one
  * Revert "Honor --sbindir and --bindir for binary installation"
- Remove shadow-4.8-shell-check.patch: included
- Remove shadow-4.8-selinux-include.patch: upstreamed

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=86
2020-01-26 08:10:24 +00:00
Michael Vetter
66751a06ed - Set 0755 for chpasswd, groupadd, groupdel, groupmod, newusers,
useradd, userdel, usermod explicitly.

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=84
2020-01-20 10:38:01 +00:00
Michael Vetter
50741a7c13 - bsc#1160729: Make valid shell check only a warning
* Add shadow-4.8-shell-check.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=83
2020-01-16 13:01:03 +00:00
Michael Vetter
9b62b0468b OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=82 2019-12-17 12:46:08 +00:00
Michael Vetter
93639b1c76 - Update to 4.8:
* Initial optional bcrypt support.
  * Make build/install of 'su' optional.
  * Fix for vipw not resuming correctly when suspended
  * Sync password field descriptions in manpages
  * Check for valid shell argument in useradd
  * Allow translation of new strings through POTFILES.in
  * Migrate to itstool for translations
  * Migrate to new SELinux api
  * Support --enable-vendordir
  * pwck: Only check homedir if set and not a system user
  * Support nonstandard usernames
  * sget{pw,gr}ent: check for data at EOL
  * Add YYY-MM-DD support in chage
  * Fix failing chmod calls for suidubins
  * Fix --sbindir and --bindir for binary installations
  * Fix LASTLOG_UID_MAX in login.defs
  * Fix configure error with dash
- Remove because upstreamed:
  * libeconf.patch
  * shadow-usermod-variable.patch
- Rebase:
  * shadow-login_defs-unused-by-pam.patch
  * chkname-regex.patch
  * shadow-util-linux.patch
  * shadow-login_defs-comments.patch
- Add shadow-4.8-selinux-include.patch
  See https://github.com/shadow-maint/shadow/pull/200

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=81
2019-12-17 12:44:46 +00:00
Michael Vetter
6511638aa9 Accepting request 735615 from home:kukuk:etc
- libeconf.patch: Add support for libeconf and /usr/etc for
  login.defs.
- Move first configuration files and pam config files to /usr/etc

OBS-URL: https://build.opensuse.org/request/show/735615
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=79
2019-10-09 08:44:59 +00:00
Michael Vetter
2d8b6fc024 Accepting request 727985 from home:jubalh:branches:Base:System
- bsc#1144060: Add pam_keyinit.so to /etc/pam.d configuration files
  to support kernel keyring feature
- Update pamd.tar.bz2 with pam configuration files accordingly

OBS-URL: https://build.opensuse.org/request/show/727985
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=77
2019-09-03 11:21:48 +00:00
Michael Vetter
477b858b57 Accepting request 724580 from home:kukuk:branches:Base:System
- encryption_method_nis.patch: drop, DES should really not be used
  anymore anywhere, even with NIS
- shadow-login_defs-suse.patch: remove encryption NIS entry

OBS-URL: https://build.opensuse.org/request/show/724580
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=76
2019-08-20 13:09:49 +00:00
Michael Vetter
1b97de0f5f Accepting request 719010 from home:sbrabec:branches:util-linux-2.34
- Fix incorrect variable name in usermod
  (shadow-usermod-variable.patch).
- shadow-login_defs-comments.patch:
  * Drop SHA_CRYPT_*_ROUNDS that are in the upstream login.defs.
  * Add missing LASTLOG_UID_MAX.
  * Refresh shadow-login_defs-suse.patch.
- Port shadow-login_defs-check.sh to match the current spec file
  and login.defs.

OBS-URL: https://build.opensuse.org/request/show/719010
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=74
2019-07-29 05:36:59 +00:00
Michael Vetter
934d6edc81 Accepting request 718763 from home:kukuk:container
- Provide "useradd_or_adduser_dep" for sysuser-shadow

OBS-URL: https://build.opensuse.org/request/show/718763
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=73
2019-07-26 08:31:05 +00:00
Michael Vetter
7e24d2adf7 Accepting request 718317 from home:sbrabec:branches:Base:System
- shadow-login_defs-suse.patch: Set ALWAYS_SET_PATH default to
  "yes" (bsc#353876#c7).
And fix patch name in older changes entry:
  * shadow-util-linux.patch

OBS-URL: https://build.opensuse.org/request/show/718317
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=72
2019-07-25 08:37:25 +00:00
Michael Vetter
f88d9bfee4 - Fix comment about patch in spec file
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=71
2019-07-19 10:20:29 +00:00
Michael Vetter
7313beaf68 Accepting request 716648 from home:sbrabec:branches:Base:System
Structured comment typo fix that should be part of Tue Apr 30 22:27:14 CEST 2019 change.
If you want changes entry for that, feel free to reject.

OBS-URL: https://build.opensuse.org/request/show/716648
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=70
2019-07-19 10:00:36 +00:00
Michael Vetter
36577fca4e - Update to 4.7:
* Spawn: don't loop forever on ECHILD
  * Do not fail locking if there is a stale lockfile (Tomas Mraz)
  * Use lckpwdf if prefix not set (Tomas Mraz)
  * Build: check correct DocBook version (Jan Tojnar)
  * Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn)
  * Add support for btrfs subvolumes for home (Adam Majer)
  * Fix chpasswd long line handling (Nathan Ruiz)
  * Use secure_getenv for gettime (Chris Lamb)
  * Make sp_lstchg reproducible (Chris Lamb)
  * Do not crash commonio_close if db file is not open (Tomas Mraz)
  * Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
  * French manpage update (Alban VIDAL)
  * Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
  * Sync po files from shadow.pot (Alban VIDAL)
  * Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
  * Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
  * new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
  * Fix segfault in useradd (Tomas Mraz)
  * Coverity issues (Tomas Mraz)
  * Flush sssd caches (Jakub Hrozek)
  * Log UID in nologin (Vladimir Ivanov)
  * run pam_getenvlist after setup_env in su.c (Michael Vogt)
  * Support systems with only utmpx (A. Wilcox)
  * Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
  * Update po/zh_CN translation (Lion Yang)
  * Create parent dirs for useradd -m (Michael Vetter)
  * Prevent usermod segv
  * Fix usermod crash (fariouche)
- Remove btrfs-subvolumes.patch (fate#316134):

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=68
2019-06-14 07:41:25 +00:00
Michael Vetter
b149187807 Accepting request 706498 from home:pluskalm:branches:Base:System
- Make building more verbose
- Use spec-cleaner

OBS-URL: https://build.opensuse.org/request/show/706498
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=66
2019-05-31 06:00:55 +00:00
Michael Vetter
92db561161 Accepting request 705901 from home:lnussel:branches:Base:System
- don't specify MOTD_FILE in login.defs but fall back to built in
  defaults of login (boo#1133929)

OBS-URL: https://build.opensuse.org/request/show/705901
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=65
2019-05-28 13:04:19 +00:00
Michael Vetter
4e43c817a1 Accepting request 700494 from home:sbrabec:branches:util-linux-2.33.1
- Split shadow-login_defs.patch hunks to its logical components
  (bsc#1121197):
  * shadow-login_defs-unused-by-pam.patch
  * shadow-login_defs-comments.patch
  * shadow-login_defs-util-linux.patch
  * shadow-login_defs-suse.patch
  * Move appropriate hunks to chkname-regex.patch and
    encryption_method_nis.patch
  * Remove GROUPADD_CMD that is not supported (bsc#1121197#c14).
- Split getdef-new-defs.patch hunks to its logical components
  (bsc#1121197):
  * encryption_method_nis.patch
  * chkname-regex.patch
  * shadow-util-linux.patch
    Add support for login: ALWAYS_SET_PATH and LOGIN_PLAIN_PROMPT.
  * useradd-script.patch, userdel-script.patch
  * Remove duplicated definitions of MOTD_FILE and ENV_PATH.
- Add shadow-login_defs-unused-check.sh to allow verification of
  login.defs variable usage (bsc#1121197).
- Add virtual symbols for login.defs compatibility (bsc#1121197).

OBS-URL: https://build.opensuse.org/request/show/700494
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=63
2019-05-06 07:58:15 +00:00
Michael Vetter
999ade1779 Additionally changed in that patch (bsc#1106914):
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=61
2019-01-24 10:49:43 +00:00
93bc90d0de Fix option parsing, broken by accident
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=60
2019-01-23 17:20:23 +00:00
981192bf42 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=59 2019-01-23 15:51:22 +00:00
e9204025f7 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=58 2019-01-23 12:44:35 +00:00
f87c80c5df OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=57 2019-01-23 12:36:46 +00:00
Michael Vetter
1592d69ca0 Accepting request 667981 from home:adamm:branches:Base:System
- btrfs-subvolumes.patch: implement support for creating user home
  directories on btrfs subvolumes (fate#316134)

OBS-URL: https://build.opensuse.org/request/show/667981
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=56
2019-01-23 11:16:47 +00:00
Michael Vetter
ef0b03d80a Accepting request 645756 from home:vrothberg:branches:Base:System
- Add empty /etc/sub{u,g}id files. useradd and usermod add entries for users
  only when those files exist. Having those entries is a requirement to create
  user namespaces, for instance, when running podman as a non-root user.

OBS-URL: https://build.opensuse.org/request/show/645756
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=54
2018-11-02 11:24:14 +00:00
Michael Vetter
60780ba34c - Update to 4.6:
* Newgrp: avoid unnecessary lookups
  * Make language less binary
  * Add error when turning off man switch
  * Spelling fixes
  * Make userdel work with -R
  * newgidmap: enforce setgroups=deny if self-mapping a group
  * Norwegian bokmål translation
  * pwck: prevent crash by not passing O_CREAT
  * WITH_TCB fixes from Mandriva
  * Fix pwconv and grpconv entry skips
  * Fix -- slurping in su
  * add --prefix option
- Remove CVE-2018-7169.patch: upstreamed
- Remove shadow-4.1.5.1-pam_group.patch: upstreamed
- Update userdel-script.patch: change due to prefix
- Update useradd-mkdirs.patch: change due to prefix
  Additionally changed in that patch:
  * Test for strdup() failure
  * Directory to 0755 instead 0777
- Add shadow-4.6.0-fix-usermod-prefix-crash.patch:
  Fixes crash in usermod when called with --prefix.
  See https://github.com/shadow-maint/shadow/issues/110

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=52
2018-05-16 14:26:18 +00:00
Michael Vetter
59e14c5bc5 Accepting request 580122 from home:favogt:licensetag
Use %license (boo#1082318). Please forward to SLE, if possible

OBS-URL: https://build.opensuse.org/request/show/580122
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=50
2018-02-26 09:59:29 +00:00
Michael Vetter
225b0ce1da Accepting request 577189 from home:kbabioch:branches:Base:System
- Added CVE-2018-7169.patch: Fixed an privilege escalation in newgidmap,
  which allowed an unprivileged user to be placed in a user namespace where
  setgroups(2) is allowed. (CVE-2018-7169 bsc#1081294)

OBS-URL: https://build.opensuse.org/request/show/577189
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=48
2018-02-16 10:33:22 +00:00
Michael Vetter
3fa4eb033a - bsc#1061838:
Revert: Requires: group(mail)
  Introduced circular dependency

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=46
2017-11-08 12:41:51 +00:00
Michael Vetter
e2885781a8 Use PreReq for permissions
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=44
2017-10-23 15:29:51 +00:00
2bfc1c3004 Accepting request 533974 from home:adamm:branches:Base:System
- Revert accidentalied prerequisites.

OBS-URL: https://build.opensuse.org/request/show/533974
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=42
2017-10-16 14:25:24 +00:00
786e66108a Accepting request 533614 from home:Andreas_Schwab:Factory
- Prequire group(shadow), group(root), user(root)

OBS-URL: https://build.opensuse.org/request/show/533614
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=41
2017-10-12 09:42:41 +00:00
Michael Vetter
56e78a5480 - bsc#1061838:
Add Requires for group(mail)

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=40
2017-10-09 18:40:05 +00:00
Michael Vetter
e81ef12b85 - boo#1048645:
Set suid bit for newuidmap and newgimap

- Revert the changes for bsc#1023895 back
  Pulls in too many deps into ring0.
  Next version of shadow plans to have no conditional man pages.

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=38
2017-09-14 08:23:12 +00:00
Michael Vetter
e4491e0a36 Accepting request 522286 from home:jubalh:shadow-man
- run spec-cleaner
- bsc#1023895:
  man page contained invalid options because they depend
  on compile flags and we shipped pre built ones.
  New BuildRequires: docbook-xsl-stylesheets docbook_4 xml2po
  xsltproc

OBS-URL: https://build.opensuse.org/request/show/522286
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=37
2017-09-08 11:44:56 +00:00