07c8036169
Accepting request 1328142 from Base:System
Ana Guerrero2026-01-20 20:02:15 +00:00
f31fbeed04
- Update to 4.19.2: Regression fixes usermod(8): * Revert an incorrect commit. See #1509 and #1510.
Michael Vetter2026-01-19 19:06:27 +00:00
937573c02a
- Update to 4.19.0: Breaking changes: * Remove support for escaped newlines in configuration files. It never worked correctly. b0a7ce5 (2025-12-05; "lib/, po/: Remove fgetsx() and fputsx()") * Some user names and group names are too dangerous and are rejected, even with --badname. 25aea74 (2025-12-25; "lib/chkname.c, src/: Strictly disallow really bad names") Future breaking changes: * SHA512 and SHA256 will be supported unconditionally in the next release. The build-time flag '--with-sha-crypt' will be removed. See #1452. Support: * Several years ago, there were talks about deprecating su(1) and login(1), back when this project was maintained as part of Debian. However, nothing was clearly stated, and there were doubts about the status of these programs. Let's clarify them now. * Our implementations of su(1) and login(1) are fully supported, and we don't have any plans to remove them. They are NOT deprecated. See #464. Deprecations: * groupmems(8) The program will be removed in a future release. See #1343. * logoutd(8) The program will be removed in the next release. See #999, and #1344. * DES This hashing algorithm has been deprecated for a long time,
Michael Vetter2025-12-31 11:09:29 +00:00
6d3bdef110
Accepting request 1322917 from Base:System
Ana Guerrero2025-12-16 14:49:29 +00:00
66fba9ae5e
Accepting request 1322908 from home:kukuk:no_new_privs
Michael Vetter2025-12-15 08:13:18 +00:00
e2b898695f
Accepting request 1320966 from Base:System
Ana Guerrero2025-12-04 10:21:00 +00:00
642d6386e6
Accepting request 1320941 from home:kukuk:no_new_privs
Michael Vetter2025-12-03 10:45:08 +00:00
48c772df8d
Accepting request 1288422 from Base:System
Ana Guerrero2025-06-26 09:34:23 +00:00
10a1dcc006
Accepting request 1288422 from Base:System
Ana Guerrero2025-06-26 09:34:23 +00:00
7a9d94585a
- Update to 4.18.0: * CI: purge man-db #1241 * passwd: document exit code when PAM has errored #1244 * Man patches #1175 * Quick fix: define E_PAM_ERR in lib/pam_pass.c #1245 * Accept /usr/sbin/nologin as an alternate to /sbin/nologin #1246 * Add LOGIN_ENV_SAFELIST to FOREIGNDEFS #1248 * ci: add gawk as a fedora dependency #1252 * man/useradd.8.xml: fix the CREATE_HOME description #1251 * lib/getdate.y: Restrict the date formats that we support #1238 * newuidmap: better error logging on failure #1254 * Extend basic test cases to check shadow and gshadow entries #1237 * lib/sizeof.h: Make sure STRLEN() only accepts string literals #1260 * Add strprefix(), and use it instead of its pattern #1152 * src/: Simplify, using strpbrk(3) #1167 * lib/string/strdup/: STRNDUPA(): Reimplement in terms of strndupa(3) #1189 * Remove dead beef #1230 * lib/atoi/a2i/: Simplify these macros #1137 * strtolower(): Add API, and use it instead of its pattern #1211 * lib/: sget*ent(): Simplify #1146 * fields #1150 * yacc(1) is a dead language; bury it deep in the ground #1217 * Test expiration date #1233 * [scp] Add strcaseprefix(), and use it instead of its pattern #1262 * valid_field(): Improve readability #1208 * lib/, src/, tests/: Use the standard countof() instead of our NITEMS() #1259 * lib/fs/mkstemp/, src/: Move fmkomstemp() to separate files under lib/fs/mkstemp/, and split into mkomstemp() #1139 * [x][v]aprintf(): Add APIs, and use them instead of [x][v]asprintf(3) #1168 * lib/get_pid.c: pid_t is a signed integer #1264Michael Vetter2025-06-25 04:31:06 +00:00
3d641d62fb
- Update to 4.18.0: * CI: purge man-db #1241 * passwd: document exit code when PAM has errored #1244 * Man patches #1175 * Quick fix: define E_PAM_ERR in lib/pam_pass.c #1245 * Accept /usr/sbin/nologin as an alternate to /sbin/nologin #1246 * Add LOGIN_ENV_SAFELIST to FOREIGNDEFS #1248 * ci: add gawk as a fedora dependency #1252 * man/useradd.8.xml: fix the CREATE_HOME description #1251 * lib/getdate.y: Restrict the date formats that we support #1238 * newuidmap: better error logging on failure #1254 * Extend basic test cases to check shadow and gshadow entries #1237 * lib/sizeof.h: Make sure STRLEN() only accepts string literals #1260 * Add strprefix(), and use it instead of its pattern #1152 * src/: Simplify, using strpbrk(3) #1167 * lib/string/strdup/: STRNDUPA(): Reimplement in terms of strndupa(3) #1189 * Remove dead beef #1230 * lib/atoi/a2i/: Simplify these macros #1137 * strtolower(): Add API, and use it instead of its pattern #1211 * lib/: sget*ent(): Simplify #1146 * fields #1150 * yacc(1) is a dead language; bury it deep in the ground #1217 * Test expiration date #1233 * [scp] Add strcaseprefix(), and use it instead of its pattern #1262 * valid_field(): Improve readability #1208 * lib/, src/, tests/: Use the standard countof() instead of our NITEMS() #1259 * lib/fs/mkstemp/, src/: Move fmkomstemp() to separate files under lib/fs/mkstemp/, and split into mkomstemp() #1139 * [x][v]aprintf(): Add APIs, and use them instead of [x][v]asprintf(3) #1168 * lib/get_pid.c: pid_t is a signed integer #1264Michael Vetter2025-06-25 04:31:06 +00:00
8f059276ec
Accepting request 1268156 from Base:System
Ana Guerrero2025-04-10 19:57:13 +00:00
ef2726a1af
Accepting request 1268156 from Base:System
Ana Guerrero2025-04-10 19:57:13 +00:00
3923fba5ed
Accepting request 1268137 from home:sbrabec:branches:util-linux-2.41
Michael Vetter2025-04-09 12:16:52 +00:00
69b0472a77
- shadow-util-linux.patch: util-linux-2.41 introduced new variable: LOGIN_ENV_SAFELIST. Recognize it and update dependencies. The patch includes gh/shadow-maint/shadow/pull#1248. - shadow-login_defs-check-login_defs.lst: Make the util-linux.spec multibuild file compatible with quilt. Make it working with new quilt.
Michael Vetter2025-04-09 12:16:52 +00:00
664abeea0e
Accepting request 1254773 from Base:System
Ana Guerrero2025-03-24 12:25:33 +00:00
9499fa5aa4
Accepting request 1254773 from Base:System
Ana Guerrero2025-03-24 12:25:33 +00:00
ed26e9a0ec
- Update o 4.17.4: * Revert "lib/, src/: Use local time for human-readable dates" * lib/getdate.y: Ignore time-zone information and use UTC * src/chfn.c: Partially revert "lib/, src/: Use strsep(3) instead of its pattern" * src/chfn.c: Use stpsep() instead of its pattern * src/chfn.c: Add local variable to refer to the separated field * src/chfn.c: copy_field(): Rename local variable * lib/commonio.c: Rely on the POSIX.1-2008 behavior of realpath(3) * lib/fs/readlink/: readlinknul(): Use ssize_t to simplify * autogen.sh: Promote -Wsign-compare to an error * lib/sizeof.h: ssizeof(): Add signed variant of sizeof * src/lastlog.c: Use ssizeof() to avoid a -Wsign-compare diagnostic * tests/unit/test_xasprintf.c: Fix sign-mismatch diagnostic * configure.ac: stop checking for utmp location * configure.ac: be deterministic about passwd location * lib/, src/: update audit messages * lib/: audit function for groups * src/: update group audit messages * doc/: Remove list of distributions
Michael Vetter2025-03-20 06:54:14 +00:00
98317afee4
- Update o 4.17.4: * Revert "lib/, src/: Use local time for human-readable dates" * lib/getdate.y: Ignore time-zone information and use UTC * src/chfn.c: Partially revert "lib/, src/: Use strsep(3) instead of its pattern" * src/chfn.c: Use stpsep() instead of its pattern * src/chfn.c: Add local variable to refer to the separated field * src/chfn.c: copy_field(): Rename local variable * lib/commonio.c: Rely on the POSIX.1-2008 behavior of realpath(3) * lib/fs/readlink/: readlinknul(): Use ssize_t to simplify * autogen.sh: Promote -Wsign-compare to an error * lib/sizeof.h: ssizeof(): Add signed variant of sizeof * src/lastlog.c: Use ssizeof() to avoid a -Wsign-compare diagnostic * tests/unit/test_xasprintf.c: Fix sign-mismatch diagnostic * configure.ac: stop checking for utmp location * configure.ac: be deterministic about passwd location * lib/, src/: update audit messages * lib/: audit function for groups * src/: update group audit messages * doc/: Remove list of distributions
Michael Vetter2025-03-20 06:54:14 +00:00
54d509c4d9
- Update to 4.17.3: * chsh: do not warn about blank shell * lib/: Use strisdigit() instead of its pattern * lib/string/ctype/strisascii/: strisdigit(): Add function * lib/string/: Add comments expanding the letter-soup API names * lib/basename.c: Basename(): Use stprcspn() instead of its pattern * lib/string/strspn/, lib/, src/: stprspn(), strrspn_(): Split API into function and macro * lib/string/strspn/, lib/, src/: Move *spn() APIs to separate subdir * lib/string/strchr/: strrcspn(), stprcspn(): Add function and macro * src/useradd.c: Use !strcaseeq() instead of its pattern * lib/, src/: Use strcaseeq() instead of its pattern * lib/string/strcmp/: strcaseeq(): Add function * man/useradd.8.xml: Document new exit code 19 (E_BAD_NAME) * src/useradd.c: E_BAD_NAME: Use a different error code for bad login names * src/useradd.c: create_home(): Use !streq() instead of its pattern * lib/chkname.c: is_valid_name(): Use streq() instead of its pattern * configure.ac, lib/: Use __has_include(<gshadow.h>) instead of HAVE_GSHADOW_H * configure.ac: Remove unused AC_CHECK_HEADERS() checks * configure.ac, lib/: Use __has_include(<sys/capability.h>) instead of HAVE_SYS_CAPABILITY_H * lib/idmapping.c: Unconditionally include <sys/prctl.h> * lib/: Use __has_include(<security/openpam.h>) instead of HAVE_SECURITY_OPENPAM_H * lib/: Use __has_include(<security/pam_misc.h>) instead of HAVE_SECURITY_PAM_MISC_H * configure.ac, lib/: Use __has_include(<sys/random.h>) instead of HAVE_SYS_RANDOM_H * configure.ac, lib/: Use __has_include(<crypt.h>) instead of HAVE_CRYPT_H * lib/, src/: motd(): Report errors instead of exiting from library code * lib/motd.c: motd(): Invert logic to reduce indentation * lib/, src/, doc/: Remove pw_auth()'s $3 as dead code * lib/pwauth.*: PW_{ADD,CHANGE,DELETE,FTP,REXEC}: Remove dead code * lib/, src/, doc/: Remove dead code * src/vipw.c: Restore the original terminal pgrp after editing
Michael Vetter2025-02-24 17:47:40 +00:00
420307f9ea
- Update to 4.17.3: * chsh: do not warn about blank shell * lib/: Use strisdigit() instead of its pattern * lib/string/ctype/strisascii/: strisdigit(): Add function * lib/string/: Add comments expanding the letter-soup API names * lib/basename.c: Basename(): Use stprcspn() instead of its pattern * lib/string/strspn/, lib/, src/: stprspn(), strrspn_(): Split API into function and macro * lib/string/strspn/, lib/, src/: Move *spn() APIs to separate subdir * lib/string/strchr/: strrcspn(), stprcspn(): Add function and macro * src/useradd.c: Use !strcaseeq() instead of its pattern * lib/, src/: Use strcaseeq() instead of its pattern * lib/string/strcmp/: strcaseeq(): Add function * man/useradd.8.xml: Document new exit code 19 (E_BAD_NAME) * src/useradd.c: E_BAD_NAME: Use a different error code for bad login names * src/useradd.c: create_home(): Use !streq() instead of its pattern * lib/chkname.c: is_valid_name(): Use streq() instead of its pattern * configure.ac, lib/: Use __has_include(<gshadow.h>) instead of HAVE_GSHADOW_H * configure.ac: Remove unused AC_CHECK_HEADERS() checks * configure.ac, lib/: Use __has_include(<sys/capability.h>) instead of HAVE_SYS_CAPABILITY_H * lib/idmapping.c: Unconditionally include <sys/prctl.h> * lib/: Use __has_include(<security/openpam.h>) instead of HAVE_SECURITY_OPENPAM_H * lib/: Use __has_include(<security/pam_misc.h>) instead of HAVE_SECURITY_PAM_MISC_H * configure.ac, lib/: Use __has_include(<sys/random.h>) instead of HAVE_SYS_RANDOM_H * configure.ac, lib/: Use __has_include(<crypt.h>) instead of HAVE_CRYPT_H * lib/, src/: motd(): Report errors instead of exiting from library code * lib/motd.c: motd(): Invert logic to reduce indentation * lib/, src/, doc/: Remove pw_auth()'s $3 as dead code * lib/pwauth.*: PW_{ADD,CHANGE,DELETE,FTP,REXEC}: Remove dead code * lib/, src/, doc/: Remove dead code * src/vipw.c: Restore the original terminal pgrp after editing
Michael Vetter2025-02-24 17:47:40 +00:00
071dc2cc97
Accepting request 1238984 from Base:System
Ana Guerrero2025-01-21 20:09:56 +00:00
faf7390363
Accepting request 1238984 from Base:System
Ana Guerrero2025-01-21 20:09:56 +00:00
909648104e
- bsc#1235453: Set SYS_{UID,GID}_MIN to 201: After repeated similar requests to change the ID ranges we set the above mentioned value to 201. The max value will stay at 499. This range should be sufficient and will give us leeway for the future. It's not straightforward to find out which static UIDs/GIDs are used in all packages. Update shadow-login_defs-suse.patch
Michael Vetter2025-01-20 10:26:02 +00:00
e6d68f710a
- bsc#1235453: Set SYS_{UID,GID}_MIN to 201: After repeated similar requests to change the ID ranges we set the above mentioned value to 201. The max value will stay at 499. This range should be sufficient and will give us leeway for the future. It's not straightforward to find out which static UIDs/GIDs are used in all packages. Update shadow-login_defs-suse.patch
Michael Vetter2025-01-20 10:26:02 +00:00
a714415b8b
Accepting request 1237059 from Base:System
Ana Guerrero2025-01-14 15:21:06 +00:00
a70f8202f6
Accepting request 1237059 from Base:System
Ana Guerrero2025-01-14 15:21:06 +00:00
64bc01ef02
- Update to 4.17.2: * src/login_nopam.c: Fix compiler warnings #1170 * lib/chkname.c: Put limits for LOGIN_NAME_MAX and sysconf(_SC_LOGIN_NAME_MAX) #1169 * Use HTTPS in link to Wikipedia article on password strength #1164 * lib/attr.h: use C23 attributes only with gcc >= 10 #1172 * login: Fix no-pam authorization regression #1174 * man: Add Portuguese translation #1178 * Update French translation #1177 * Add cheap defense mechanisms #1171 * Add Romanian translation #1176Michael Vetter2025-01-11 16:38:29 +00:00
b485849e2a
- Update to 4.17.2: * src/login_nopam.c: Fix compiler warnings #1170 * lib/chkname.c: Put limits for LOGIN_NAME_MAX and sysconf(_SC_LOGIN_NAME_MAX) #1169 * Use HTTPS in link to Wikipedia article on password strength #1164 * lib/attr.h: use C23 attributes only with gcc >= 10 #1172 * login: Fix no-pam authorization regression #1174 * man: Add Portuguese translation #1178 * Update French translation #1177 * Add cheap defense mechanisms #1171 * Add Romanian translation #1176Michael Vetter2025-01-11 16:38:29 +00:00
3b2a7e1c97
Accepting request 1234180 from Base:System
Ana Guerrero2025-01-02 18:19:11 +00:00
3fe1d7e250
Accepting request 1234180 from Base:System
Ana Guerrero2025-01-02 18:19:11 +00:00
f6ddbc4afa
Accepting request 1233577 from Base:System
Ana Guerrero2024-12-30 11:50:27 +00:00
1d046b70cc
Accepting request 1233577 from Base:System
Ana Guerrero2024-12-30 11:50:27 +00:00
142f171b39
- Update to 4.17.0: * Fix the lower part of the domain of csrand_uniform() * Fix use of volatile pointer * Use 'dist-hook' to clean up <tests/unit/Makefile> * Use str2[u]l() instead of atoi(3) * Use a2i() in various places * Fix const correctness * Use uid_t for holding UIDs (and GIDs) * Move all sprintf(3)-like APIs to a subdirectory * Move all copying APIs to a subdirectory * Fix forever loop on ENOMEM * Fix REALLOC() nmemb calculation * Remove id(1) * Remove groups(1) * Use local time for human-readable dates * Use %F instead of %Y-%m-%d with strftime(3) * is_valid{user,group}_name(): Set errno to distinguish the reasons * Recommend --badname only if it is useful * Add fmkomstemp() to fix mode of </etc/default/useradd> * Fix use-after-free bug in sgetgrent() * Update Catalan translation * Remove references to cppw, cpgr * groupadd, groupmod: Update gshadow file with -U * Added option -a for listing active users only, optimized using if aflg,return * Added information in lastlog man page for new option '-a' * Plenty of code cleanup and clarifications
Michael Vetter2024-12-27 16:21:20 +00:00
2ad7a94d8c
- Update to 4.17.0: * Fix the lower part of the domain of csrand_uniform() * Fix use of volatile pointer * Use 'dist-hook' to clean up <tests/unit/Makefile> * Use str2[u]l() instead of atoi(3) * Use a2i() in various places * Fix const correctness * Use uid_t for holding UIDs (and GIDs) * Move all sprintf(3)-like APIs to a subdirectory * Move all copying APIs to a subdirectory * Fix forever loop on ENOMEM * Fix REALLOC() nmemb calculation * Remove id(1) * Remove groups(1) * Use local time for human-readable dates * Use %F instead of %Y-%m-%d with strftime(3) * is_valid{user,group}_name(): Set errno to distinguish the reasons * Recommend --badname only if it is useful * Add fmkomstemp() to fix mode of </etc/default/useradd> * Fix use-after-free bug in sgetgrent() * Update Catalan translation * Remove references to cppw, cpgr * groupadd, groupmod: Update gshadow file with -U * Added option -a for listing active users only, optimized using if aflg,return * Added information in lastlog man page for new option '-a' * Plenty of code cleanup and clarifications
Michael Vetter2024-12-27 16:21:20 +00:00
fda1547d69
- Update to 4.16.0: * The shadow implementations of id(1) and groups(1) are deprecated in favor of the GNU coreutils and binutils versions. They will be removed in 4.17.0. * The rlogind implementation has been removed. * The libsubid major version has been bumped, since it now requires specification of the module's free() implementation. - Update shadow-login_defs-suse.patch - Add shadow-4.16.0-econf.patch: Replace deprecated econf_readDirs with econf_readConfig
Michael Vetter2024-06-19 07:13:11 +00:00
826df7f957
- Update to 4.16.0: * The shadow implementations of id(1) and groups(1) are deprecated in favor of the GNU coreutils and binutils versions. They will be removed in 4.17.0. * The rlogind implementation has been removed. * The libsubid major version has been bumped, since it now requires specification of the module's free() implementation. - Update shadow-login_defs-suse.patch - Add shadow-4.16.0-econf.patch: Replace deprecated econf_readDirs with econf_readConfig
Michael Vetter2024-06-19 07:13:11 +00:00
f1d532ee0e
Accepting request 1161093 from Base:System
Ana Guerrero2024-03-25 20:06:06 +00:00
467ea622d2
Accepting request 1161093 from Base:System
Ana Guerrero2024-03-25 20:06:06 +00:00
3845df21f7
- Update to 4.15.1: * Fix a bug that caused spurious error messages about unknown login.defs configuration options #967 * Adding checks for fd omission #964 * Use temporary stat buffer #974 * Fix wrong french translation #975 - Drop shadow-4.15.0-fix-definition.patch
Michael Vetter2024-03-24 09:13:40 +00:00
57303d29a0
- Update to 4.15.1: * Fix a bug that caused spurious error messages about unknown login.defs configuration options #967 * Adding checks for fd omission #964 * Use temporary stat buffer #974 * Fix wrong french translation #975 - Drop shadow-4.15.0-fix-definition.patch
Michael Vetter2024-03-24 09:13:40 +00:00
6fec30fb4b
Accepting request 1159987 from Base:System
Ana Guerrero2024-03-22 14:15:59 +00:00
85fe6a4a20
Accepting request 1159987 from Base:System
Ana Guerrero2024-03-22 14:15:59 +00:00
af67870d47
- Add shadow-4.15.0-fix-definition.patch: Fix error messages about config options. See gh/shadow-maint/shadow#967
Michael Vetter2024-03-21 06:39:57 +00:00
0f42921987
- Add shadow-4.15.0-fix-definition.patch: Fix error messages about config options. See gh/shadow-maint/shadow#967
Michael Vetter2024-03-21 06:39:57 +00:00
f0bae16e8c
- Update to 4.15.0 * libshadow: + Use utmpx instead of utmp. This fixes a regression introduced in 4.14.0. + Fix build error (parameter name omitted). * Build system: + Link correctly with libdl. + Install pam configs for chpasswd(8) and newusers(8) when using ./configure --with-libpam --disable-account-tools-setuid. + Merge libshadow and libmisc into a single libshadow. This fixes problems in the linker, which were reported at least in Gentoo. + Fix build with musl libc. + Support out of tree builds * useradd(8): + Set proper SELinux labels for def_usrtemplate - Update Serge Hallyns GPG key - Update shadow-login_defs-unused-by-pam.patch
Michael Vetter2024-03-10 07:16:34 +00:00
413dcfbcf9
- Update to 4.15.0 * libshadow: + Use utmpx instead of utmp. This fixes a regression introduced in 4.14.0. + Fix build error (parameter name omitted). * Build system: + Link correctly with libdl. + Install pam configs for chpasswd(8) and newusers(8) when using ./configure --with-libpam --disable-account-tools-setuid. + Merge libshadow and libmisc into a single libshadow. This fixes problems in the linker, which were reported at least in Gentoo. + Fix build with musl libc. + Support out of tree builds * useradd(8): + Set proper SELinux labels for def_usrtemplate - Update Serge Hallyns GPG key - Update shadow-login_defs-unused-by-pam.patch
Michael Vetter2024-03-10 07:16:34 +00:00
aa9ac13351
Accepting request 1154375 from Base:System
Ana Guerrero2024-03-04 20:24:37 +00:00
de9c0c0e13
Accepting request 1154375 from Base:System
Ana Guerrero2024-03-04 20:24:37 +00:00
48489118df
- Update to 4.14.6: * login(1): + Fix off-by-one bugs. * passwd(1): + Don't silently truncate passwords of length >= 200 characters. Instead, accept a length of PASS_MAX, and reject longer ones. * libshadow: + Fix calculation in strtoday(), which caused a wrong half-day offset in some cases (bsc#1176006) + Fix parsing of dates in get_date() (bsc#1176006) + Use utmpx instead of utmp. This fixes a regression introduced in 4.14.0.
Michael Vetter2024-03-03 06:16:59 +00:00
a62399592e
- Update to 4.14.6: * login(1): + Fix off-by-one bugs. * passwd(1): + Don't silently truncate passwords of length >= 200 characters. Instead, accept a length of PASS_MAX, and reject longer ones. * libshadow: + Fix calculation in strtoday(), which caused a wrong half-day offset in some cases (bsc#1176006) + Fix parsing of dates in get_date() (bsc#1176006) + Use utmpx instead of utmp. This fixes a regression introduced in 4.14.0.
Michael Vetter2024-03-03 06:16:59 +00:00
f39c0c23f5
Accepting request 1146473 from Base:System
Ana Guerrero2024-02-16 20:45:28 +00:00
Ana Guerrero
Michael Vetter
Adrian Schröter
Dominique Leuenberger