8c1e3ce264
* useradd.8: fix default group ID * Revert drop of subid_init() * Georgian translation * useradd: Avoid taking unneeded space: do not reset non-existent data in lastlog * relax username restrictions * selinux: check MLS enabled before setting serange * copy_tree: use fchmodat instead of chmod * copy_tree: don't block on FIFOs * add shell linter * copy_tree: carefully treat permissions * lib/commonio: make lock failures more detailed * lib: use strzero and memzero where applicable * Update Dutch translation * Don't test for NULL before calling free * Use libc MAX() and MIN() * chage: Fix regression in print_date * usermod: report error if homedir does not exist * libmisc: minimum id check for system accounts * fix usermod -rG x y wrongly adding a group * man: add missing space in useradd.8.xml * lastlog: check for localtime() return value * Raise limit for passwd and shadow entry length * Remove adduser-old.c * useradd: Fix buffer overflow when using a prefix * Don't warn when failed to open /etc/nsswitch.conf - Remove patches we took from upstream pre-release: * shadow-copytree-usermod-fifo.patch * shadow-chage-format.patch OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=133
933 lines
35 KiB
Plaintext
933 lines
35 KiB
Plaintext
-------------------------------------------------------------------
|
|
Tue Nov 8 21:15:44 UTC 2022 - Michael Vetter <mvetter@suse.com>
|
|
|
|
- Update to 4.13:
|
|
* useradd.8: fix default group ID
|
|
* Revert drop of subid_init()
|
|
* Georgian translation
|
|
* useradd: Avoid taking unneeded space: do not reset non-existent data
|
|
in lastlog
|
|
* relax username restrictions
|
|
* selinux: check MLS enabled before setting serange
|
|
* copy_tree: use fchmodat instead of chmod
|
|
* copy_tree: don't block on FIFOs
|
|
* add shell linter
|
|
* copy_tree: carefully treat permissions
|
|
* lib/commonio: make lock failures more detailed
|
|
* lib: use strzero and memzero where applicable
|
|
* Update Dutch translation
|
|
* Don't test for NULL before calling free
|
|
* Use libc MAX() and MIN()
|
|
* chage: Fix regression in print_date
|
|
* usermod: report error if homedir does not exist
|
|
* libmisc: minimum id check for system accounts
|
|
* fix usermod -rG x y wrongly adding a group
|
|
* man: add missing space in useradd.8.xml
|
|
* lastlog: check for localtime() return value
|
|
* Raise limit for passwd and shadow entry length
|
|
* Remove adduser-old.c
|
|
* useradd: Fix buffer overflow when using a prefix
|
|
* Don't warn when failed to open /etc/nsswitch.conf
|
|
- Remove patches we took from upstream pre-release:
|
|
* shadow-copytree-usermod-fifo.patch
|
|
* shadow-chage-format.patch
|
|
* shadow-prefix-overflow.patch
|
|
- Remove chkname-regex.patch:
|
|
Upstream now also relaxed the usernames requirements.
|
|
They don't use regex for this but the result is similar.
|
|
Plus they also check that the name is less than 32 characters long.
|
|
- Rebase useradd-userkeleton.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 7 11:20:36 UTC 2022 - Michael Vetter <mvetter@suse.com>
|
|
|
|
- Add shadow-copytree-usermod-fifo.patch:
|
|
Fix regression that prevented `usermod -m` to work when their
|
|
home directory contained at least one fifo
|
|
See https://github.com/shadow-maint/shadow/pull/565
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 2 10:59:16 UTC 2022 - Michael Vetter <mvetter@suse.com>
|
|
|
|
- bsc#1204811: Fix chage date format string regression
|
|
* Add shadow-chage-format.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 24 22:04:41 UTC 2022 - Michael Vetter <mvetter@suse.com>
|
|
|
|
- Add shadow-prefix-overflow.patch:
|
|
Fix buffer overflow when calling useradd with --prefix
|
|
See https://github.com/shadow-maint/shadow/pull/588
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 22 13:59:35 UTC 2022 - Michael Vetter <mvetter@suse.com>
|
|
|
|
- Update to 4.12.3:
|
|
Revert removal of subid_init, which should have bumped soname.
|
|
So note that 4.12 through 4.12.2 were broken for subid users.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 19 06:32:28 UTC 2022 - Michael Vetter <mvetter@suse.com>
|
|
|
|
- Update to 4.12.2:
|
|
* Address CVE-2013-4235 (TOCTTOU when copying directories) [bsc#916845]
|
|
- Refresh useradd-userkeleton.patch:
|
|
LSTAT() was removed with https://github.com/shadow-maint/shadow/pull/545
|
|
Let's use fstatat() now.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 15 17:42:01 UTC 2022 - Michael Vetter <mvetter@suse.com>
|
|
|
|
- Update to 4.12.1:
|
|
* Fix uk manpages
|
|
- Remove shadow-4.12-remove-uk.patch: fixed upstream
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 12 06:05:35 UTC 2022 - Michael Vetter <mvetter@suse.com>
|
|
|
|
- Update to 4.12:
|
|
* Add absolute path hint to --root
|
|
* Various cleanups
|
|
* Fix Ubuntu release used in CI tests
|
|
* add -F options to userad
|
|
* useradd manpage updates
|
|
* Check for ownerid (not just username) in subid ranges
|
|
* Declare file local functions static
|
|
* Use strict prototypes
|
|
* Do not drop const qualifier for Basename
|
|
* Constify various pointers
|
|
* Don't return uninitialized memory
|
|
* Don't let compiler optimize away memory cleaning
|
|
* Remove many obsolete compatibility checks and defines
|
|
* Modify ID range check in useradd
|
|
* Use "extern "C"" to make libsubid easier to use from C++
|
|
* French translation updates
|
|
* Fix s/with-pam/with-libpam/
|
|
* Spanish translation updates
|
|
* French translation fixes
|
|
* Default max group name length to 32
|
|
* Fix PAM service files without-selinux
|
|
* Improve manpages
|
|
- groupadd, useradd, usermod
|
|
- groups and id
|
|
- pwck
|
|
* Add fedora to CI builds
|
|
* Fix condition under which pw_dir check happens
|
|
* logoutd: switch to strncat
|
|
* AUTHORS: improve markdown output
|
|
* Handle ERANGE errors correctly
|
|
* Check for fopen NULL return
|
|
* Split get_salt() into its own fn juyin)
|
|
* Get salt before chroot to ensure /dev/urandom.
|
|
* Chpasswd code cleanup
|
|
* Work around git safe.directory enforcement
|
|
* Alphabetize order in usermod help
|
|
* Erase password copy on error branches
|
|
* Suggest using --badname if needed
|
|
* Update translation files
|
|
* Correct badnames option to badname
|
|
* configure: replace obsolete autoconf macros
|
|
* tests: replace egrep with grep -E
|
|
* Update Ukrainian translations
|
|
* Cleanups
|
|
- Remove redeclared variable
|
|
- Remove commented out code and FIXMEs
|
|
- Add header guards
|
|
- Initialize local variables
|
|
* CI updates
|
|
- Create github workflow to install dependencies
|
|
- Enable CodeQL
|
|
- Update actions version
|
|
* libmisc: use /dev/urandom as fallback if other methods fail
|
|
- Add shadow-4.12-remove-uk.patch:
|
|
Disable non working Ukranian translation for now
|
|
https://github.com/shadow-maint/shadow/issues/547
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 9 06:29:07 UTC 2022 - Thorsten Kukuk <kukuk@suse.com>
|
|
|
|
- Remove duplicate pam.d/useradd entry
|
|
- Provide /etc/login.defs.d on SLE15 since we support and use it
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 8 13:00:46 UTC 2022 - Thorsten Kukuk <kukuk@suse.com>
|
|
|
|
- Use %_pam_vendordir macro
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 12 16:52:39 UTC 2022 - Stanislav Brabec <sbrabec@suse.com>
|
|
|
|
- The legacy code does not support /etc/login.defs.d used by YaST.
|
|
Enable libeconf to read it (bsc#1192954).
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 3 10:36:15 UTC 2022 - Michael Vetter <mvetter@suse.com>
|
|
|
|
- Update to 4.11.1:
|
|
* build: include lib/shadowlog_internal.h in dist tarballs
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 3 10:35:30 UTC 2022 - Michael Vetter <mvetter@suse.com>
|
|
|
|
- Update to 4.11:
|
|
* Handle possible TOCTTOU issues in usermod/userdel
|
|
- (CVE-2013-4235)
|
|
- Use O_NOFOLLOW when copying file
|
|
- Kill all user tasks in userdel
|
|
* Fix useradd -D segfault
|
|
* Clean up obsolete libc feature-check ifdefs
|
|
* Fix -fno-common build breaks due to duplicate Prog declarations
|
|
* Have single date_to_str definition
|
|
* Fix libsubid SONAME version
|
|
* Clarify licensing info, use SPDX.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 3 10:29:39 UTC 2022 - Michael Vetter <mvetter@suse.com>
|
|
|
|
- Update to 4.10:
|
|
* From this release forward, su from this package should be
|
|
considered deprecated. Please replace any users of it with su
|
|
from util-linux
|
|
* libsubid fixes
|
|
* Rename the test program list_subid_ranges to getsubids, write
|
|
a manpage, so distros can ship it.
|
|
* Add libeconf dep for new*idmap
|
|
* Allow all group types with usermod -G
|
|
* Avoid useradd generating empty subid range
|
|
* Handle NULL pw_passwd
|
|
* Fix default value SHA_get_salt_rounds
|
|
* Use https where possible in README
|
|
* Update content and format of README
|
|
* Translation updates
|
|
* Switch from xml2po to itstool in 'make dist'
|
|
* Fix double frees
|
|
* Add LOG_INIT configurable to useradd
|
|
* Add CREATE_MAIL_SPOOL documentation
|
|
* Create a security.md
|
|
* Fix su never being SIGKILLd when trapping TERM
|
|
* Fix wrong SELinux labels in several possible cases
|
|
* Fix missing chmod in chadowtb_move
|
|
* Handle malformed hushlogins entries
|
|
* Fix groupdel segv when passwd does not exist
|
|
* Fix covscan-found newgrp segfault
|
|
* Remove trailing slash on hoedir
|
|
* Fix passwd -l message - it does not change expirey
|
|
* Fix SIGCHLD handling bugs in su and vipw
|
|
* Remove special case for "" in usermod
|
|
* Implement usermod -rG to remove a specific group
|
|
* call pam_end() after fork in child path for su and login
|
|
* useradd: In absence of /etc/passwd, assume 0 == root
|
|
* lib: check NULL before freeing data
|
|
* Fix pwck segfault
|
|
- Remove because upstreamed:
|
|
* shadow-4.9-pwck-segfault.patch
|
|
* shadow-4.9-newgrp-segfault.patch
|
|
* shadow-4.9-useradd-subuid.patch
|
|
* shadow-4.9-sgent-free.patch
|
|
* shadow-passwd-handle-null.patch
|
|
* shadow-fix-sigabrt.patch
|
|
* shadow-libeconf-include.patch
|
|
* libsubid-build-fix.patch
|
|
- Refreshed:
|
|
* shadow-util-linux.patch
|
|
* shadow.changes
|
|
* shadow.keyring
|
|
* shadow.spec
|
|
* useradd-script.patch
|
|
* useradd-userkeleton.patch
|
|
* userdel-script.patch
|
|
- Update shadow.keyring:
|
|
* Serge Hallyn serge@hallyn.com (B175CFA98F192AF2)
|
|
* Christian Brauner christian@brauner.io (4880B8C9BD0E5106FC070F4F7B3C391EFEA93624)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 30 17:12:40 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
|
|
|
|
- Really enable USERGROUPS_ENAB [bsc#1189139].
|
|
Did go lost during merges.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 18 13:46:03 UTC 2021 - Michael Vetter <mvetter@suse.com>
|
|
|
|
- Fix segfaults in newgrp and pwck
|
|
* Add shadow-4.9-newgrp-segfault.patch
|
|
https://github.com/shadow-maint/shadow/pull/437
|
|
* Add shadow-4.9-pwck-segfault.patch
|
|
https://github.com/shadow-maint/shadow/pull/445
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 16 15:58:46 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
|
|
|
|
- Added hardening to systemd service(s) (bsc#1181400). Modified:
|
|
* shadow.service
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 9 01:39:44 UTC 2021 - Stanislav Brabec <sbrabec@suse.com>
|
|
|
|
- shadow-util-linux.patch:
|
|
* Remove the section patching lib/getdef.c in favor of the
|
|
upstream FOREIGNDEFS.
|
|
* Add LOGIN_KEEP_USERNAME to login.defs.
|
|
* Remove PREVENT_NO_AUTH from login.defs. Only used by the
|
|
unpackaged login and su.
|
|
- shadow-login_defs-unused-by-pam.patch:
|
|
* Remove variables BCRYPT_MIN_ROUNDS, BCRYPT_MAX_ROUNDS,
|
|
YESCRYPT_COST_FACTOR, not supported by the current
|
|
configuratiton.
|
|
- Update login_defs-support-for-pam symbol to version 1.5.2
|
|
(support for new variable HMAC_CRYPTO_ALGO).
|
|
- Update login_defs-support-for-util-linux to version 2.37
|
|
(support for new variable LOGIN_KEEP_USERNAME).
|
|
- Refresh shadow-login_defs-comments.patch and
|
|
shadow-login_defs-suse.patch.
|
|
- Improve shadow-login_defs-check.sh:
|
|
* Add helper to import local new version in the parent dir.
|
|
* Fix spec editing sed expression.
|
|
* Add PREVENT_NO_AUTH to known unused variables.
|
|
* Update pam sed expression to find HMAC_CRYPTO_ALGO.
|
|
* Add more sanity checks.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 20 09:43:41 UTC 2021 - Michael Vetter <mvetter@suse.com>
|
|
|
|
- bsc#1190146: Fix empty subid range
|
|
Add shadow-4.9-useradd-subuid.patch
|
|
https://github.com/shadow-maint/shadow/pull/399
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 20 09:09:13 UTC 2021 - Michael Vetter <mvetter@suse.com>
|
|
|
|
- bsc#1190145: Fix double free in gpasswd:
|
|
Add shadow-4.9-sgent-free.patch upstreamed as
|
|
https://github.com/shadow-maint/shadow/pull/417
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 7 15:08:19 UTC 2021 - Michael Vetter <mvetter@suse.com>
|
|
|
|
- Fix shadow-login_defs-check.sh:
|
|
In the last update we switched from calling make to %make_build
|
|
macro. Using sed to adapt the spec file now.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 18 15:17:52 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
|
|
|
|
- libsubid-devel: add missing requires for libsubid3
|
|
- Remove README.changes-pwdutils, all distros you can upgrade from
|
|
use already shadow
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 18 14:59:15 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
|
|
|
|
- login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to
|
|
be compatible with other Linux distros and the other tools
|
|
creating user accounts in use on openSUSE. Set HOME_MODE to 700
|
|
for security reasons and compatibility. [bsc#1189139] [bsc#1182850]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 17 15:08:09 UTC 2021 - Michael Vetter <mvetter@suse.com>
|
|
|
|
- Update to 4.9:
|
|
* Updated translations
|
|
* Major salt updates
|
|
* Various coverity and cleanup fixes
|
|
* Consistently use 0 to disable PASS_MIN_DAYS in man
|
|
* Implement NSS support for subids and a libsubid
|
|
* setfcap: retain setfcap when mapping uid 0
|
|
* login.defs: include HMAC_CRYPTO_ALGO key
|
|
* selinux fixes
|
|
* Fix path prefix path handling
|
|
* Manpage updates
|
|
* Treat an empty passwd field as invalid(Haelwenn Monnier)
|
|
* newxidmap: allow running under alternative gid
|
|
* usermod: check that shell is executable
|
|
* Add yescript support
|
|
* useradd memleak fixes
|
|
* useradd: use built-in settings by default
|
|
* getdefs: add foreign
|
|
* buffer overflow fixes
|
|
* Adding run-parts style for pre and post useradd/del
|
|
- Refresh:
|
|
* shadow-login_defs-unused-by-pam.patch
|
|
* userdel-script.patch
|
|
* useradd-script.patch
|
|
* chkname-regex.patch
|
|
* useradd-default.patch: bbf4b79 stopped shipping default file.
|
|
change group in code now.
|
|
* shadow-login_defs-suse.patch
|
|
* useradd-userkeleton.patch
|
|
- Remove because upstreamed:
|
|
* shadow-4.1.5.1-userdel-helpfix.patch
|
|
* shadow-4.1.5.1-logmsg.patch
|
|
- Add libsubid-build-fix.patch:
|
|
See https://github.com/shadow-maint/shadow/issues/387
|
|
- Add shadow-libeconf-include.patch:
|
|
See c6847011e8b656adacd9a0d2a78418cad0de34cb
|
|
- Add shadow-fix-sigabrt.patch:
|
|
See https://github.com/shadow-maint/shadow/issues/394
|
|
- Add shadow-passwd-handle-null.patch [bsc#1188307]:
|
|
See https://github.com/shadow-maint/shadow/pull/398
|
|
- Remove %{_sysconfdir}/default/useradd: file not shipped anymore
|
|
- Remove --disable-shared: Dont need it anymore
|
|
See https://github.com/shadow-maint/shadow/issues/336
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 1 11:51:39 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
|
|
|
|
- login.defs/MOTD_FILE: Use "" instead of blank entry [bsc#1187536]
|
|
- Add /etc/login.defs.d directory
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jun 5 13:38:52 UTC 2021 - Maurizio Galli <maurizio.galli@gmail.com>
|
|
|
|
- Enable shadowgrp so that we can set more secure group passwords
|
|
using shadow.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 4 07:46:34 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
|
|
|
|
- Disable MOTD_FILE to allow the use of pam_motd to unify motd
|
|
message output [bsc#1185897]. Else motd entries of e.g. cockpit
|
|
will not be shown.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 28 22:28:02 UTC 2021 - Stanislav Brabec <sbrabec@suse.com>
|
|
|
|
- Do not require libeconf-devel on products without /usr/etc.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 21 06:52:30 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
|
|
|
|
- Split login.defs configuration file into own sub-package, which
|
|
allows to install util-linux or pam on small embedded/edge
|
|
systems or container without the need to pull in the full shadow
|
|
suite.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 11 14:38:13 UTC 2020 - Fabian Vogt <fvogt@suse.com>
|
|
|
|
- Amend patches/useradd-userkeleton.patch to also write into
|
|
existing directories and prefer files from /etc
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 11 11:28:09 UTC 2020 - Dr. Werner Fink <werner@suse.de>
|
|
|
|
- Add patch useradd-userkeleton.patch to extend original C code
|
|
of useradd to handle /usr/etc/skel (boo#1173321)
|
|
- Remove /usr/etc/skel support in useradd.local script
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 2 15:54:02 UTC 2020 - Dr. Werner Fink <werner@suse.de>
|
|
|
|
- Change again useradd.local script to let it work even for system
|
|
accounts and work together with SELinux (bsc#1178296)
|
|
- Change patch useradd-script.patch to support the four arguments
|
|
used by the useradd.local script (bsc#1178296)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 9 13:12:11 UTC 2020 - Dr. Werner Fink <werner@suse.de>
|
|
|
|
- Add support for /usr/etc/skel to useradd.local script (boo#1173321)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 8 03:16:58 UTC 2020 - Stanislav Brabec <sbrabec@suse.com>
|
|
|
|
- shadow-login_defs-check.sh: Fix the regexp to get a real variable
|
|
list (boo#1164274).
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 8 00:56:37 UTC 2020 - Stanislav Brabec <sbrabec@suse.com>
|
|
|
|
- login.defs: Add support for new util-linux-2.36 login variable
|
|
MOTD_FIRSTONLY (shadow-util-linux.patch).
|
|
- shadow-login_defs-comments.patch: Remove duplicated
|
|
LASTLOG_UID_MAX.
|
|
- shadow-login_defs-check.sh: Update for new build system.
|
|
- shadow-util-linux.patch: Restore lost chunk: SYSLOG_SU_ENAB is
|
|
not used in SUSE Linux.
|
|
- Refresh shadow-login_defs-suse.patch and
|
|
shadow-login_defs-comments.patch.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 22 11:21:15 UTC 2020 - Fabian Vogt <fvogt@suse.com>
|
|
|
|
- Use pure #!/bin/sh in:
|
|
* useradd.local
|
|
* userdel-post.local
|
|
* userdel-pre.local
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 24 08:09:23 UTC 2020 - Michael Vetter <mvetter@suse.com>
|
|
|
|
- Update to 4.8.1:
|
|
* selinux: include stdio
|
|
* man: don't suggest making groupmems user-writeable
|
|
* Makefile: bail out on error in for loops
|
|
* Adding logging of SSH_ORIGINAL_COMMAND to nologin
|
|
* add new HOME_MODE login.defs option
|
|
* Add tty logging to useradd
|
|
* Useradd: make non-executable shell check only a warning
|
|
* Update Dutch translation
|
|
* user_busy: Do not mistake a regular user process for a namespaced one
|
|
* Revert "Honor --sbindir and --bindir for binary installation"
|
|
- Remove shadow-4.8-shell-check.patch: included
|
|
- Remove shadow-4.8-selinux-include.patch: upstreamed
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 20 10:36:20 UTC 2020 - Michael Vetter <mvetter@suse.com>
|
|
|
|
- Set 0755 for chpasswd, groupadd, groupdel, groupmod, newusers,
|
|
useradd, userdel, usermod explicitly.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 16 12:54:39 UTC 2020 - Michael Vetter <mvetter@suse.com>
|
|
|
|
- bsc#1160729: Make valid shell check only a warning
|
|
* Add shadow-4.8-shell-check.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 17 12:43:01 UTC 2019 - Michael Vetter <mvetter@suse.com>
|
|
|
|
- Update to 4.8:
|
|
* Initial optional bcrypt support.
|
|
* Make build/install of 'su' optional.
|
|
* Fix for vipw not resuming correctly when suspended
|
|
* Sync password field descriptions in manpages
|
|
* Check for valid shell argument in useradd
|
|
* Allow translation of new strings through POTFILES.in
|
|
* Migrate to itstool for translations
|
|
* Migrate to new SELinux api
|
|
* Support --enable-vendordir
|
|
* pwck: Only check homedir if set and not a system user
|
|
* Support nonstandard usernames
|
|
* sget{pw,gr}ent: check for data at EOL
|
|
* Add YYY-MM-DD support in chage
|
|
* Fix failing chmod calls for suidubins
|
|
* Fix --sbindir and --bindir for binary installations
|
|
* Fix LASTLOG_UID_MAX in login.defs
|
|
* Fix configure error with dash
|
|
- Remove because upstreamed:
|
|
* libeconf.patch
|
|
* shadow-usermod-variable.patch
|
|
- Rebase:
|
|
* shadow-login_defs-unused-by-pam.patch
|
|
* chkname-regex.patch
|
|
* shadow-util-linux.patch
|
|
* shadow-login_defs-comments.patch
|
|
- Add shadow-4.8-selinux-include.patch
|
|
See https://github.com/shadow-maint/shadow/pull/200
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 7 09:50:30 CEST 2019 - kukuk@suse.de
|
|
|
|
- libeconf.patch: Add support for libeconf and /usr/etc for
|
|
login.defs.
|
|
- Move first configuration files and pam config files to /usr/etc
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 2 11:12:59 UTC 2019 - mvetter@suse.com
|
|
|
|
- bsc#1144060: Add pam_keyinit.so to /etc/pam.d configuration files
|
|
to support kernel keyring feature
|
|
- Update pamd.tar.bz2 with pam configuration files accordingly
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 19 14:50:02 CEST 2019 - kukuk@suse.de
|
|
|
|
- encryption_method_nis.patch: drop, DES should really not be used
|
|
anymore anywhere, even with NIS
|
|
- shadow-login_defs-suse.patch: remove encryption NIS entry
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 26 23:44:56 CEST 2019 - sbrabec@suse.com
|
|
|
|
- Fix incorrect variable name in usermod
|
|
(shadow-usermod-variable.patch).
|
|
- shadow-login_defs-comments.patch:
|
|
* Drop SHA_CRYPT_*_ROUNDS that are in the upstream login.defs.
|
|
* Add missing LASTLOG_UID_MAX.
|
|
* Refresh shadow-login_defs-suse.patch.
|
|
- Port shadow-login_defs-check.sh to match the current spec file
|
|
and login.defs.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 25 15:27:15 CEST 2019 - kukuk@suse.de
|
|
|
|
- Provide "useradd_or_adduser_dep" for sysuser-shadow
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jul 20 02:11:10 CEST 2019 - sbrabec@suse.com
|
|
|
|
- shadow-login_defs-suse.patch: Set ALWAYS_SET_PATH default to
|
|
"yes" (bsc#353876#c7).
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 19 10:19:44 UTC 2019 - sbrabec@suse.com
|
|
|
|
- Fix comment about patch in spec file
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 14 06:20:46 UTC 2019 - mvetter@suse.com
|
|
|
|
- Update to 4.7:
|
|
* Spawn: don't loop forever on ECHILD
|
|
* Do not fail locking if there is a stale lockfile (Tomas Mraz)
|
|
* Use lckpwdf if prefix not set (Tomas Mraz)
|
|
* Build: check correct DocBook version (Jan Tojnar)
|
|
* Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn)
|
|
* Add support for btrfs subvolumes for home (Adam Majer)
|
|
* Fix chpasswd long line handling (Nathan Ruiz)
|
|
* Use secure_getenv for gettime (Chris Lamb)
|
|
* Make sp_lstchg reproducible (Chris Lamb)
|
|
* Do not crash commonio_close if db file is not open (Tomas Mraz)
|
|
* Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
|
|
* French manpage update (Alban VIDAL)
|
|
* Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
|
|
* Sync po files from shadow.pot (Alban VIDAL)
|
|
* Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
|
|
* Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
|
|
* new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
|
|
* Fix segfault in useradd (bsc#1141113, Tomas Mraz)
|
|
* Coverity issues (Tomas Mraz)
|
|
* Flush sssd caches (Jakub Hrozek)
|
|
* Log UID in nologin (Vladimir Ivanov)
|
|
* run pam_getenvlist after setup_env in su.c (Michael Vogt)
|
|
* Support systems with only utmpx (A. Wilcox)
|
|
* Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
|
|
* Update po/zh_CN translation (Lion Yang)
|
|
* Create parent dirs for useradd -m (Michael Vetter)
|
|
* Prevent usermod segv
|
|
* Fix usermod crash (fariouche)
|
|
- Remove btrfs-subvolumes.patch (fate#316134):
|
|
upstreamed: https://github.com/shadow-maint/shadow/pull/149
|
|
- Remove useradd-mkdirs.patch (bsc#865563):
|
|
upstreamed https://github.com/shadow-maint/shadow/pull/112
|
|
- Remove shadow-4.6.0-fix-usermod-prefix-crash.patch
|
|
upstreamed https://github.com/shadow-maint/shadow/issues/110
|
|
- Remove shadow-4.6-bsc1141113-useradd-segfault.patch
|
|
(SLE15 SP3 and openSUSE Leap 15.3 only)
|
|
upstreamed https://github.com/shadow-maint/shadow/issues/125
|
|
- Rebase userdel-script.patch
|
|
- Rebase useradd-script.patch
|
|
- Rebase shadow-util-linux.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 30 11:15:49 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
|
|
|
|
- Make building more verbose
|
|
- Use spec-cleaner
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 2 09:45:48 UTC 2019 - lnussel@suse.de
|
|
|
|
- don't specify MOTD_FILE in login.defs but fall back to built in
|
|
defaults of login (boo#1133929)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 30 22:27:14 CEST 2019 - sbrabec@suse.com
|
|
|
|
- Split shadow-login_defs.patch hunks to its logical components
|
|
(bsc#1121197):
|
|
* shadow-login_defs-unused-by-pam.patch
|
|
* shadow-login_defs-comments.patch
|
|
* shadow-util-linux.patch
|
|
* shadow-login_defs-suse.patch
|
|
* Move appropriate hunks to chkname-regex.patch and
|
|
encryption_method_nis.patch
|
|
* Remove GROUPADD_CMD that is not supported (bsc#1121197#c14).
|
|
- Split getdef-new-defs.patch hunks to its logical components
|
|
(bsc#1121197):
|
|
* encryption_method_nis.patch
|
|
* chkname-regex.patch
|
|
* shadow-util-linux.patch
|
|
Add support for login: ALWAYS_SET_PATH and LOGIN_PLAIN_PROMPT.
|
|
* useradd-script.patch, userdel-script.patch
|
|
* Remove duplicated definitions of MOTD_FILE and ENV_PATH.
|
|
- Add shadow-login_defs-unused-check.sh to allow verification of
|
|
login.defs variable usage (bsc#1121197).
|
|
- Add virtual symbols for login.defs compatibility (bsc#1121197).
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 23 09:35:01 UTC 2019 - adam.majer@suse.de
|
|
|
|
- btrfs-subvolumes.patch: implement support for creating user home
|
|
directories on btrfs subvolumes (fate#316134)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 31 14:17:29 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
|
|
|
|
- Add empty /etc/sub{u,g}id files. useradd and usermod add entries for users
|
|
only when those files exist. Having those entries is a requirement to create
|
|
user namespaces, for instance, when running podman as a non-root user.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 14 12:45:42 UTC 2018 - mvetter@suse.com
|
|
|
|
- Update to 4.6:
|
|
* Newgrp: avoid unnecessary lookups
|
|
* Make language less binary
|
|
* Add error when turning off man switch
|
|
* Spelling fixes
|
|
* Make userdel work with -R
|
|
* newgidmap: enforce setgroups=deny if self-mapping a group
|
|
* Norwegian bokmål translation
|
|
* pwck: prevent crash by not passing O_CREAT
|
|
* WITH_TCB fixes from Mandriva
|
|
* Fix pwconv and grpconv entry skips
|
|
* Fix -- slurping in su
|
|
* add --prefix option
|
|
- Remove CVE-2018-7169.patch: upstreamed
|
|
- Remove shadow-4.1.5.1-pam_group.patch: upstreamed
|
|
- Update userdel-script.patch: change due to prefix
|
|
- Update useradd-mkdirs.patch: change due to prefix
|
|
Additionally changed in that patch (bsc#1106914):
|
|
* Test for strdup() failure
|
|
* Directory to 0755 instead 0777
|
|
- Add shadow-4.6.0-fix-usermod-prefix-crash.patch:
|
|
Fixes crash in usermod when called with --prefix.
|
|
See https://github.com/shadow-maint/shadow/issues/110
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 22 15:10:45 UTC 2018 - fvogt@suse.com
|
|
|
|
- Use %license (boo#1082318)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 16 08:39:08 UTC 2018 - kbabioch@suse.com
|
|
|
|
- Added CVE-2018-7169.patch: Fixed an privilege escalation in newgidmap,
|
|
which allowed an unprivileged user to be placed in a user namespace where
|
|
setgroups(2) is allowed. (CVE-2018-7169 bsc#1081294)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 8 12:39:12 UTC 2017 - mvetter@suse.com
|
|
|
|
- bsc#1061838:
|
|
Revert: Requires: group(mail)
|
|
Introduced circular dependency
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 13 15:44:28 UTC 2017 - adam.majer@suse.de
|
|
|
|
- Revert accidentalied prerequisites.
|
|
Use PreReq for permissions
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 12 08:59:28 UTC 2017 - schwab@suse.de
|
|
|
|
- Prequire group(shadow), group(root), user(root)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 9 11:53:44 UTC 2017 - mvetter@suse.com
|
|
|
|
- bsc#1061838:
|
|
Add Requires for group(mail)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 14 08:18:27 UTC 2017 - mvetter@suse.com
|
|
|
|
- boo#1048645:
|
|
Set suid bit for newuidmap and newgimap
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 14 08:17:08 UTC 2017 - mvetter@suse.com
|
|
|
|
- Revert the changes for bsc#1023895 back
|
|
Pulls in too many deps into ring0.
|
|
Next version of shadow plans to have no conditional man pages.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 8 11:41:13 UTC 2017 - mvetter@suse.com
|
|
|
|
- run spec-cleaner
|
|
- bsc#1023895:
|
|
man page contained invalid options because they depend
|
|
on compile flags and we shipped pre built ones.
|
|
New BuildRequires: docbook-xsl-stylesheets docbook_4 xml2po
|
|
xsltproc
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 8 17:00:57 CEST 2017 - kukuk@suse.de
|
|
|
|
- Adjust requires (we need user/group root instead of aaa_base now)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 22 13:31:25 UTC 2017 - adam.majer@suse.de
|
|
|
|
- New upstream version 4.5
|
|
- Refreshed patches:
|
|
* shadow-login_defs.patch
|
|
* chkname-regex.patch
|
|
* getdef-new-defs.patch
|
|
* useradd-mkdirs.patch
|
|
- Upstreamed patches:
|
|
* shadow-4.1.5.1-manfix.patch
|
|
* shadow-4.1.5.1-errmsg.patch
|
|
* shadow-4.1.5.1-backup-mode.patch
|
|
* shadow-4.1.5.1-audit-owner.patch
|
|
* shadow-4.2.1-defs-chroot.patch
|
|
* shadow-4.2.1-merge-group.patch
|
|
* Fix-user-busy-errors-at-userdel.patch
|
|
* useradd-clear-tallylog.patch
|
|
- shadow-4.1.5.1-pam_group.patch
|
|
dynamically added users via pam_group are not listed in groups
|
|
databases but are still valid
|
|
- shadow.keyring: update keyring with current maintainer's keyid
|
|
only - Serge Hallyn 'F1D08DB778185BF784002DFFE9FEEA06A85E3F9D'
|
|
- disable_new_audit_function.patch:
|
|
Disable newer libaudit functionality for older distributions
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 20 07:28:24 UTC 2017 - josef.moellers@suse.com
|
|
|
|
- useradd: call external program "/sbin/pam_tally2" to reset
|
|
failed login counter in "/var/log/tallylog"
|
|
(bsc#980486, useradd-clear-tallylog.patch)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 2 07:41:51 UTC 2016 - meissner@suse.com
|
|
|
|
- add keyring, three public keys from https://pkg-shadow.alioth.debian.org/download.php
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 18 15:55:43 UTC 2016 - mvetter@suse.com
|
|
|
|
- bsc#1002975: Use permissions according to permissions package
|
|
and dont try to manipulate them in %files section.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 14 07:46:33 UTC 2016 - mvetter@suse.com
|
|
|
|
- boo#994486: Include shadow.5 manpage
|
|
Previously this was provided by man-pages package in
|
|
the man-pages-addons tarball which got removed later on.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue May 31 06:48:41 UTC 2016 - mvetter@suse.com
|
|
|
|
- Add package dependency for aaa_base, fixing bnc#899409
|
|
(was done by tbehrens@suse.com but not submitted to Factory)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 30 09:41:55 UTC 2016 - mvetter@suse.com
|
|
|
|
- shadow 4.2.1 requested by fate#320422
|
|
- bsc#979069: Dont include shadow-4.1.5.1-bug935203-manpage.patch
|
|
- Dont set SUID bit yet. Once bsc#979282 is through, which will adapt the permissions package, we can enable the SUID bits.
|
|
Remove the files used to circumvent the check.
|
|
- Remove:
|
|
* shadow-rpmlintrc
|
|
* shadow-subids
|
|
* shadow-subids.easy
|
|
* shadow-subids.secure
|
|
* shadow-subids.paranoid
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 19 12:28:47 UTC 2016 - christian.brauner@mailbox.org
|
|
|
|
- Update to shadow-4.2.1:
|
|
- add support for subuids/subgids via newuidmap/newgidmap
|
|
- Rename chkname-regex.diff to chkname-regex.patch
|
|
- Rename encryption_method_nis.diff to encryption_method_nis.patch
|
|
- Rename getdef-new-defs.diff to getdef-new-defs.patch
|
|
- Rename shadow-login_defs.diff to shadow-login_defs.patch
|
|
- Rename userdel-scripts.diff to userdel-script.patch
|
|
- Rename useradd-script.diff to useradd-script.patch
|
|
- Rename useradd-default.diff to useradd-default.patch
|
|
- Rename useradd-mkdirs.diff to useradd-mkdirs.patch
|
|
- Add fixes from Red Hat/Fedora:
|
|
- shadow-4.1.5.1-audit-owner.patch.patch:
|
|
- log owner changes for home directory
|
|
- shadow-4.1.5.1-userdel-helpfix.patch.patch:
|
|
- give a hint about what happens when you force the removal of a user
|
|
- shadow-4.2.1-defs-chroot.patch.patch:
|
|
- initialize uid_t uid_min and uid_t uid_max not before we need them
|
|
- shadow-4.2.1-merge-group.patch.patch:
|
|
- simplify by using a single call to snprintf()
|
|
- Add upstream fix
|
|
- Fix-user-busy-errors-at-userdel.patch:
|
|
- call sub_uid_close()
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 15 11:08:29 UTC 2016 - fvogt@suse.com
|
|
|
|
- Moved call from %verifyscript into %post:
|
|
* Caused call to %service_add_post shadow.service shadow.timer
|
|
during rpm -qV shadow
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 15 13:25:11 UTC 2015 - jkeil@suse.de
|
|
|
|
- Add systemd unit files to continuously check password & groupfile integrity
|
|
* Idea from Arch Linux
|
|
* pending request to systemd-presets-branding-openSUSE to enable by default
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 31 22:00:00 UTC 2014 - tbehrens@suse.com
|
|
|
|
- Add patch useradd-mkdirs.diff: fix for bnc#865563, create all parts
|
|
of the path
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Nov 22 10:15:25 UTC 2013 - werner@suse.de
|
|
|
|
- Stop any systemd user manager instance in case a user entry will
|
|
be deleted (bnc#849870). Nevertheless a running process requires
|
|
the option --force for the userdel command.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 12 14:47:30 CET 2013 - kukuk@suse.de
|
|
|
|
- Add ENCRYPT_METHOD_NIS for pam_unix.so (encryption_method_nis.diff)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 17 14:56:44 CEST 2013 - kukuk@suse.de
|
|
|
|
- Add some fixes from Fedora:
|
|
- shadow-4.1.5.1-backup-mode.patch: open backup file with correct
|
|
permissions.
|
|
- shadow-4.1.5.1-logmsg.patch: fix error message
|
|
- shadow-4.1.5.1-errmsg.patch: print error reason
|
|
- shadow-4.1.5.1-manfix.patch: fix manual page
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 5 13:19:46 CET 2013 - kukuk@suse.de
|
|
|
|
- Cleanup login.defs and enable ENCRYPT_METHOD [bnc#802006]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 13 17:31:50 CET 2012 - kukuk@suse.de
|
|
|
|
- Fix getdef default variables (getdef-new-defs.diff)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 13 10:36:28 CET 2012 - kukuk@suse.de
|
|
|
|
- Fix default group value in /etc/default/useradd
|
|
(useradd-default.diff)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 27 15:20:44 CEST 2012 - kukuk@suse.de
|
|
|
|
- Implement CHARACTER_CLASS support
|
|
(chkname-regex.diff)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 26 15:20:06 CEST 2012 - kukuk@suse.de
|
|
|
|
- Add support for useradd.local
|
|
(useradd-script.diff)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 25 16:22:18 CEST 2012 - kukuk@suse.de
|
|
|
|
- Fix spec file
|
|
- Adjust login.defs
|
|
(shadow-login_defs.diff)
|
|
- Add userdel*.local script support and scrips
|
|
(userdel-scripts.diff)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 24 16:04:03 CEST 2012 - kukuk@suse.de
|
|
|
|
- Initial package [FATE#314473]
|