- bsc#1235453: Set SYS_{UID,GID}_MIN to 201:
After repeated similar requests to change the ID ranges we set the
above mentioned value to 201. The max value will stay at 499.
This range should be sufficient and will give us leeway for the
future.
It's not straightforward to find out which static UIDs/GIDs are
used in all packages.
Update shadow-login_defs-suse.patch
OBS-URL: https://build.opensuse.org/request/show/1238984
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=74
After repeated similar requests to change the ID ranges we set the
above mentioned value to 201. The max value will stay at 499.
This range should be sufficient and will give us leeway for the
future.
It's not straightforward to find out which static UIDs/GIDs are
used in all packages.
Update shadow-login_defs-suse.patch
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=191
* src/login_nopam.c: Fix compiler warnings #1170
* lib/chkname.c: Put limits for LOGIN_NAME_MAX and sysconf(_SC_LOGIN_NAME_MAX) #1169
* Use HTTPS in link to Wikipedia article on password strength #1164
* lib/attr.h: use C23 attributes only with gcc >= 10 #1172
* login: Fix no-pam authorization regression #1174
* man: Add Portuguese translation #1178
* Update French translation #1177
* Add cheap defense mechanisms #1171
* Add Romanian translation #1176
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=189
- Update to 4.17.0:
* Fix the lower part of the domain of csrand_uniform()
* Fix use of volatile pointer
* Use 'dist-hook' to clean up <tests/unit/Makefile>
* Use str2[u]l() instead of atoi(3)
* Use a2i() in various places
* Fix const correctness
* Use uid_t for holding UIDs (and GIDs)
* Move all sprintf(3)-like APIs to a subdirectory
* Move all copying APIs to a subdirectory
* Fix forever loop on ENOMEM
* Fix REALLOC() nmemb calculation
* Remove id(1)
* Remove groups(1)
* Use local time for human-readable dates
* Use %F instead of %Y-%m-%d with strftime(3)
* is_valid{user,group}_name(): Set errno to distinguish the reasons
* Recommend --badname only if it is useful
* Add fmkomstemp() to fix mode of </etc/default/useradd>
* Fix use-after-free bug in sgetgrent()
* Update Catalan translation
* Remove references to cppw, cpgr
* groupadd, groupmod: Update gshadow file with -U
* Added option -a for listing active users only, optimized using if aflg,return
* Added information in lastlog man page for new option '-a'
* Plenty of code cleanup and clarifications
- Update to 4.17.0 RC1:
Pre-release without changelog
OBS-URL: https://build.opensuse.org/request/show/1233577
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=71
* Fix the lower part of the domain of csrand_uniform()
* Fix use of volatile pointer
* Use 'dist-hook' to clean up <tests/unit/Makefile>
* Use str2[u]l() instead of atoi(3)
* Use a2i() in various places
* Fix const correctness
* Use uid_t for holding UIDs (and GIDs)
* Move all sprintf(3)-like APIs to a subdirectory
* Move all copying APIs to a subdirectory
* Fix forever loop on ENOMEM
* Fix REALLOC() nmemb calculation
* Remove id(1)
* Remove groups(1)
* Use local time for human-readable dates
* Use %F instead of %Y-%m-%d with strftime(3)
* is_valid{user,group}_name(): Set errno to distinguish the reasons
* Recommend --badname only if it is useful
* Add fmkomstemp() to fix mode of </etc/default/useradd>
* Fix use-after-free bug in sgetgrent()
* Update Catalan translation
* Remove references to cppw, cpgr
* groupadd, groupmod: Update gshadow file with -U
* Added option -a for listing active users only, optimized using if aflg,return
* Added information in lastlog man page for new option '-a'
* Plenty of code cleanup and clarifications
- Update to 4.17.0 RC1:
Pre-release without changelog
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=184
- Update to 4.16.0:
* The shadow implementations of id(1) and groups(1) are deprecated
in favor of the GNU coreutils and binutils versions.
They will be removed in 4.17.0.
* The rlogind implementation has been removed.
* The libsubid major version has been bumped, since it now requires
specification of the module's free() implementation.
- Update shadow-login_defs-suse.patch
- Add shadow-4.16.0-econf.patch:
Replace deprecated econf_readDirs with econf_readConfig
OBS-URL: https://build.opensuse.org/request/show/1181876
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=68
* The shadow implementations of id(1) and groups(1) are deprecated
in favor of the GNU coreutils and binutils versions.
They will be removed in 4.17.0.
* The rlogind implementation has been removed.
* The libsubid major version has been bumped, since it now requires
specification of the module's free() implementation.
- Update shadow-login_defs-suse.patch
- Add shadow-4.16.0-econf.patch:
Replace deprecated econf_readDirs with econf_readConfig
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=176
- Add shadow-4.15.0-fix-definition.patch:
Fix error messages about config options.
See gh/shadow-maint/shadow#967
- Update to 4.15.0
* libshadow:
+ Use utmpx instead of utmp. This fixes a regression introduced
in 4.14.0.
+ Fix build error (parameter name omitted).
* Build system:
+ Link correctly with libdl.
+ Install pam configs for chpasswd(8) and newusers(8) when using
./configure --with-libpam --disable-account-tools-setuid.
+ Merge libshadow and libmisc into a single libshadow. This fixes
problems in the linker, which were reported at least in Gentoo.
+ Fix build with musl libc.
+ Support out of tree builds
* useradd(8):
+ Set proper SELinux labels for def_usrtemplate
- Update Serge Hallyns GPG key
- Update shadow-login_defs-unused-by-pam.patch
OBS-URL: https://build.opensuse.org/request/show/1159987
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=66
* libshadow:
+ Use utmpx instead of utmp. This fixes a regression introduced
in 4.14.0.
+ Fix build error (parameter name omitted).
* Build system:
+ Link correctly with libdl.
+ Install pam configs for chpasswd(8) and newusers(8) when using
./configure --with-libpam --disable-account-tools-setuid.
+ Merge libshadow and libmisc into a single libshadow. This fixes
problems in the linker, which were reported at least in Gentoo.
+ Fix build with musl libc.
+ Support out of tree builds
* useradd(8):
+ Set proper SELinux labels for def_usrtemplate
- Update Serge Hallyns GPG key
- Update shadow-login_defs-unused-by-pam.patch
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=171
- Update to 4.14.6:
* login(1):
+ Fix off-by-one bugs.
* passwd(1):
+ Don't silently truncate passwords of length >= 200 characters.
Instead, accept a length of PASS_MAX, and reject longer ones.
* libshadow:
+ Fix calculation in strtoday(), which caused a wrong half-day
offset in some cases (bsc#1176006)
+ Fix parsing of dates in get_date() (bsc#1176006)
+ Use utmpx instead of utmp. This fixes a regression introduced in
4.14.0.
OBS-URL: https://build.opensuse.org/request/show/1154375
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=65
* login(1):
+ Fix off-by-one bugs.
* passwd(1):
+ Don't silently truncate passwords of length >= 200 characters.
Instead, accept a length of PASS_MAX, and reject longer ones.
* libshadow:
+ Fix calculation in strtoday(), which caused a wrong half-day
offset in some cases (bsc#1176006)
+ Fix parsing of dates in get_date() (bsc#1176006)
+ Use utmpx instead of utmp. This fixes a regression introduced in
4.14.0.
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=169
- Update to 4.14.5:
* Build system:
+ Fix regression introduced in 4.14.4, due to a typo. chgpasswd had
been deleted from a Makefile variable, but it should have been
chpasswd.
- Remove shadow-4.14.4-chgpasswd-typo.patch
- Update to 4.14.4:
* Build system:
+ Link correctly with libdl.
+ Install pam configs for chpasswd(8) and newusers(8) when using
./configure --with-libpam --disable-account-tools-setuid.
* libshadow:
+ Fix build error (parameter name omitted).
+ Fix off-by-one bug.
+ Remove warning.
- Add shadow-4.14.4-chgpasswd-typo.patch: to fix build. See #926
- Update patch macro `patchN` -> `patch -P N`
OBS-URL: https://build.opensuse.org/request/show/1146473
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=64
- Remove dependency on libbsd:
On Tumbleweed we have glibc 2.38 already thus string functions
like strlcpy will be present and won't be needed from libbsd.
`readpassphrase()` is then the only function from libbsd not present.
Upstream shadow has an in tree copy of it, that is used when the
`--without-libbsd` flag is passed along.
By relying on glibc 2.38 we don't need to add libbsd and libmd
to our ring0 but can't easily upgrade on SLE.
- Update to 4.14.0:
* configure: add with-libbsd option
* Code cleanup
* Replace utmp interface #757
* new option enable-logind #674
* shadow userdel: add the adaptation to the busybox ps in 01-kill_user_procs.sh
* chsh: warn if root sets a shell not listed in /etc/shells #535
* newgrp: fix potential string injection
* lastlog: fix alignment of Latest header
* Fix yescrypt support #748
* chgpasswd: Fix segfault in command-line options
* gpasswd: Fix password leak
* Add --prefix to passwd, chpasswd and chage #714 (bsc#1206627)
* usermod: fix off-by-one issues #701
* ch(g)passwd: Check selinux permissions upon startup #675
* sub_[ug]id_{add,remove}: fix return values
* chsh: Verify that login shell path is absolute #730
* process_prefix_flag: Drop privileges
* run_parts for groupadd and groupdel #706
* newgrp/useradd: always set SIGCHLD to default
* useradd/usermod: add --selinux-range argument #698
OBS-URL: https://build.opensuse.org/request/show/1104351
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=58
On Tumbleweed we have glibc 2.38 already thus string functions
like strlcpy will be present and won't be needed from libbsd.
`readpassphrase()` is then the only function from libbsd not present.
Upstream shadow has an in tree copy of it, that is used when the
`--without-libbsd` flag is passed along.
By relying on glibc 2.38 we don't need to add libbsd and libmd
to our ring0 but can't easily upgrade on SLE.
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=153
* Code cleanup
* Replace utmp interface #757
* new option enable-logind #674
* shadow userdel: add the adaptation to the busybox ps in 01-kill_user_procs.sh
* chsh: warn if root sets a shell not listed in /etc/shells #535
* newgrp: fix potential string injection
* lastlog: fix alignment of Latest header
* Fix yescrypt support #748
* chgpasswd: Fix segfault in command-line options
* gpasswd: Fix password leak
* Add --prefix to passwd, chpasswd and chage #714 (bsc#1206627)
* usermod: fix off-by-one issues #701
* ch(g)passwd: Check selinux permissions upon startup #675
* sub_[ug]id_{add,remove}: fix return values
* chsh: Verify that login shell path is absolute #730
* process_prefix_flag: Drop privileges
* run_parts for groupadd and groupdel #706
* newgrp/useradd: always set SIGCHLD to default
* useradd/usermod: add --selinux-range argument #698
* sssd: skip flushing if executable does not exist #699
* semanage: Do not set default SELinux range #676
* Add control character check #687
* usermod: respect --prefix for --gid option
* Fix null dereference in basename
* newuidmap and newgidmap: support passing pid as fd
* Prevent out of boundary access #633
* Explicitly override only newlines #633
* Correctly handle illegal system file in tz #633
* Supporting vendor given -shells- configuration file #599
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=151
