SHA256
1
0
forked from pool/shadow
Commit Graph

107 Commits

Author SHA256 Message Date
Michael Vetter
89d6ca85a0 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=154 2023-08-17 10:24:51 +00:00
Michael Vetter
2745f98eaf - Remove dependency on libbsd:
On Tumbleweed we have glibc 2.38 already thus string functions
  like strlcpy will be present and won't be needed from libbsd.
  `readpassphrase()` is then the only function from libbsd not present.
  Upstream shadow has an in tree copy of it, that is used when the
  `--without-libbsd` flag is passed along.
  By relying on glibc 2.38 we don't need to add libbsd and libmd
  to our ring0 but can't easily upgrade on SLE.

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=153
2023-08-17 10:17:53 +00:00
Michael Vetter
1108d9a8b3 - This release depends either on libbsd or on glibc >= 2.38
which only recently got released. libbsd (and libmd) would be
  new packages in our ring0

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=152
2023-08-17 07:07:20 +00:00
Michael Vetter
87279e85bb * configure: add with-libbsd option
* Code cleanup
  * Replace utmp interface #757 
  * new option enable-logind #674
  * shadow userdel: add the adaptation to the busybox ps in 01-kill_user_procs.sh
  * chsh: warn if root sets a shell not listed in /etc/shells #535
  * newgrp: fix potential string injection
  * lastlog: fix alignment of Latest header
  * Fix yescrypt support #748
  * chgpasswd: Fix segfault in command-line options
  * gpasswd: Fix password leak
  * Add --prefix to passwd, chpasswd and chage #714 (bsc#1206627)
  * usermod: fix off-by-one issues #701
  * ch(g)passwd: Check selinux permissions upon startup #675
  * sub_[ug]id_{add,remove}: fix return values
  * chsh: Verify that login shell path is absolute #730
  * process_prefix_flag: Drop privileges
  * run_parts for groupadd and groupdel #706
  * newgrp/useradd: always set SIGCHLD to default
  * useradd/usermod: add --selinux-range argument #698
  * sssd: skip flushing if executable does not exist #699
  * semanage: Do not set default SELinux range #676
  * Add control character check #687
  * usermod: respect --prefix for --gid option
  * Fix null dereference in basename
  * newuidmap and newgidmap: support passing pid as fd
  * Prevent out of boundary access #633
  * Explicitly override only newlines #633
  * Correctly handle illegal system file in tz #633
  * Supporting vendor given -shells- configuration file #599

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=151
2023-08-17 07:04:09 +00:00
Michael Vetter
d8c5f764fa - Dont build lastlog (lastlog.legacy) anymore since we
use lastlog2 by default now.

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=150
2023-08-14 13:58:58 +00:00
Michael Vetter
51ee267bd3 - Update to 4.14.0:
- Refresh useradd-default.patch
- Remove upstreamed patches:
  * useradd-userkeleton.patch
  * shadow-audit-no-id.patch
  * shadow-fix-print-login-timeout.patch
  * shadow-CVE-2023-29383.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=149
2023-08-04 15:48:26 +00:00
Michael Vetter
de2ffbd8a7 - bsc#1210507 (CVE-2023-29383):
Check for control characters
- Add shadow-CVE-2023-29383.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=147
2023-04-18 16:15:03 +00:00
Michael Vetter
c13dad9ccc Accepting request 1078648 from home:kukuk:branches:Base:System
- Rename lastlog to lastlog.legacy to be able to switch to
  Y2038 safe lastlog2 as default [jsc#PED-3144]

OBS-URL: https://build.opensuse.org/request/show/1078648
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=145
2023-04-13 09:15:30 +00:00
Michael Vetter
cdd1d85c79 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=143 2023-02-17 07:53:56 +00:00
Michael Vetter
c963e461dd - Reorder source files and patches
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=142
2023-02-16 11:42:49 +00:00
Michael Vetter
4ed74d809a - Update shadow-fix-print-login-timeout.patch
- Reorder source files

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=141
2023-02-16 11:35:29 +00:00
Michael Vetter
3a9edf4780 - Remove scripts that claim to be config but are in /usr (boo#1191578)
* userdel-script.patch
  * useradd-script.patch
  * useradd.local
  * userdel-post.local
  * userdel-pre.local

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=140
2023-02-16 09:24:10 +00:00
Michael Vetter
e2af94b0ed Accepting request 1065945 from home:lnussel:branches:Base:System
- remove scripts that claim to be config but are in /usr (boo#1191578)

OBS-URL: https://build.opensuse.org/request/show/1065945
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=139
2023-02-16 09:21:12 +00:00
Michael Vetter
4c6bdfaa5d - Add shadow-fix-print-login-timeout.patch:
Fix printing full login timeout message
  See gh/shadow-maint/shadow#621
  See gh/shadow-maint/shadow#606

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=137
2023-01-13 08:24:43 +00:00
Michael Vetter
5ee66f6a14 - bsc#1205502: Fix useradd audit event logging of ID field
* Add shadow-audit-no-id.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=135
2022-12-16 10:10:32 +00:00
Michael Vetter
8c1e3ce264 - Update to 4.13:
* useradd.8: fix default group ID
  * Revert drop of subid_init()
  * Georgian translation
  * useradd: Avoid taking unneeded space: do not reset non-existent data
    in lastlog
  * relax username restrictions
  * selinux: check MLS enabled before setting serange
  * copy_tree: use fchmodat instead of chmod
  * copy_tree: don't block on FIFOs
  * add shell linter
  * copy_tree: carefully treat permissions
  * lib/commonio: make lock failures more detailed
  * lib: use strzero and memzero where applicable
  * Update Dutch translation
  * Don't test for NULL before calling free
  * Use libc MAX() and MIN()
  * chage: Fix regression in print_date
  * usermod: report error if homedir does not exist
  * libmisc: minimum id check for system accounts
  * fix usermod -rG x y wrongly adding a group
  * man: add missing space in useradd.8.xml
  * lastlog: check for localtime() return value
  * Raise limit for passwd and shadow entry length
  * Remove adduser-old.c
  * useradd: Fix buffer overflow when using a prefix
  * Don't warn when failed to open /etc/nsswitch.conf
- Remove patches we took from upstream pre-release:
  * shadow-copytree-usermod-fifo.patch
  * shadow-chage-format.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=133
2022-11-09 13:35:08 +00:00
Michael Vetter
91f075eb3d - Add shadow-copytree-usermod-fifo.patch:
Fix regression that prevented `usermod -m` to work when their
  home directory contained at least one fifo
  See https://github.com/shadow-maint/shadow/pull/565

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=131
2022-11-07 11:26:02 +00:00
Michael Vetter
ec972ebebd - bsc#1204811: Fix chage date format string regression
* Add shadow-chage-format.patch

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=129
2022-11-02 11:01:13 +00:00
Michael Vetter
30472fc2d8 - Add shadow-prefix-overflow.patch:
Fix buffer overflow when calling useradd with --prefix
  See https://github.com/shadow-maint/shadow/pull/588

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=127
2022-10-24 22:07:29 +00:00
Michael Vetter
2fcb52ebdf OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=125 2022-08-24 14:58:41 +00:00
Michael Vetter
b7b2971a9a - Update to 4.12.3:
Revert removal of subid_init, which should have bumped soname.
  So note that 4.12 through 4.12.2 were broken for subid users.

- Update to 4.12.2:
  * Address CVE-2013-4235 (TOCTTOU when copying directories) [bsc#916845]
- Refresh useradd-userkeleton.patch:
  LSTAT() was removed with https://github.com/shadow-maint/shadow/pull/545
  Let's use fstatat() now.

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=124
2022-08-22 14:01:13 +00:00
Michael Vetter
c714985a2e - Update to 4.12.1:
* Fix uk manpages
- Remove shadow-4.12-remove-uk.patch: fixed upstream

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=123
2022-08-15 17:45:21 +00:00
Michael Vetter
ccb51bf365 - Update to 4.12:
* Add absolute path hint to --root
  * Various cleanups
  * Fix Ubuntu release used in CI tests
  * add -F options to userad
  * useradd manpage updates
  * Check for ownerid (not just username) in subid ranges
  * Declare file local functions static
  * Use strict prototypes
  * Do not drop const qualifier for Basename
  * Constify various pointers
  * Don't return uninitialized memory
  * Don't let compiler optimize away memory cleaning
  * Remove many obsolete compatibility checks  and defines
  * Modify ID range check in useradd
  * Use "extern "C"" to make libsubid easier to use from C++
  * French translation updates
  * Fix s/with-pam/with-libpam/
  * Spanish translation updates
  * French translation fixes
  * Default max group name length to 32
  * Fix PAM service files without-selinux
  * Improve manpages
    - groupadd, useradd, usermod
    - groups and id
    - pwck
  * Add fedora to CI builds
  * Fix condition under which pw_dir check happens
  * logoutd: switch to strncat
  * AUTHORS: improve markdown output

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=122
2022-08-12 06:09:36 +00:00
Michael Vetter
0ca771d496 Accepting request 993912 from home:kukuk:branches:Base:System
- Remove duplicate pam.d/useradd entry
- Provide /etc/login.defs.d on SLE15 since we support and use it
- Use %_pam_vendordir macro

OBS-URL: https://build.opensuse.org/request/show/993912
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=121
2022-08-09 09:45:37 +00:00
Michael Vetter
a4f7b923a4 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=120 2022-01-14 17:43:13 +00:00
Michael Vetter
123ea0a422 Accepting request 945900 from home:sbrabec:branches:shadow-j23399
This is submitted just to sync with SLE/Leap. It has no effect for Factory.
- The legacy code does not support /etc/login.defs.d used by YaST.
  Enable libeconf to read it (bsc#1192954).

OBS-URL: https://build.opensuse.org/request/show/945900
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=119
2022-01-14 17:26:54 +00:00
Michael Vetter
bba5d5413c - Update to 4.11.1:
* build: include lib/shadowlog_internal.h in dist tarballs

- Update to 4.11:
  * Handle possible TOCTTOU issues in usermod/userdel
  	- (CVE-2013-4235)
  	- Use O_NOFOLLOW when copying file
  	- Kill all user tasks in userdel
  * Fix useradd -D segfault
  * Clean up obsolete libc feature-check ifdefs
  * Fix -fno-common build breaks due to duplicate Prog declarations
  * Have single date_to_str definition
  * Fix libsubid SONAME version
  * Clarify licensing info, use SPDX.

- Update to 4.10:
  * From this release forward, su from this package should be
    considered deprecated. Please replace any users of it with su
	from util-linux
  * libsubid fixes
  * Rename the test program list_subid_ranges to getsubids, write
    a manpage, so distros can ship it.
  * Add libeconf dep for new*idmap
  * Allow all group types with usermod -G
  * Avoid useradd generating empty subid range
  * Handle NULL pw_passwd
  * Fix default value SHA_get_salt_rounds
  * Use https where possible in README
  * Update content and format of README
  * Translation updates

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=118
2022-01-03 12:19:45 +00:00
Michael Vetter
87fcc1bbed Accepting request 934763 from home:kukuk:branches:Base:System
- Really enable USERGROUPS_ENAB [bsc#1189139].
  Did go lost during merges.

OBS-URL: https://build.opensuse.org/request/show/934763
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=117
2021-12-02 13:01:23 +00:00
Michael Vetter
9d0c114d24 - Fix segfaults in newgrp and pwck
* Add shadow-4.9-newgrp-segfault.patch 
    https://github.com/shadow-maint/shadow/pull/437
  * Add shadow-4.9-pwck-segfault.patch
    https://github.com/shadow-maint/shadow/pull/445

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=116
2021-11-18 13:50:59 +00:00
Michael Vetter
815e18bc02 Accepting request 932180 from home:jsegitz:branches:systemdhardening:Base:System
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

OBS-URL: https://build.opensuse.org/request/show/932180
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=115
2021-11-18 13:38:29 +00:00
Michael Vetter
2204667d89 Accepting request 931937 from home:sbrabec:branches:Base:System
- shadow-util-linux.patch:
  * Remove the section patching lib/getdef.c in favor of the
    upstream FOREIGNDEFS.
  * Add LOGIN_KEEP_USERNAME to login.defs.
  * Remove PREVENT_NO_AUTH from login.defs. Only used by the
    unpackaged login and su.
- shadow-login_defs-unused-by-pam.patch:
  * Remove variables BCRYPT_MIN_ROUNDS, BCRYPT_MAX_ROUNDS,
    YESCRYPT_COST_FACTOR, not supported by the current
    configuratiton.
- Update login_defs-support-for-pam symbol to version 1.5.2
  (support for new variable HMAC_CRYPTO_ALGO).
- Update login_defs-support-for-util-linux to version 2.37
  (support for new variable LOGIN_KEEP_USERNAME).
- Refresh shadow-login_defs-comments.patch and
  shadow-login_defs-suse.patch.
- Improve shadow-login_defs-check.sh:
  * Add helper to import local new version in the parent dir.
  * Fix spec editing sed expression.
  * Add PREVENT_NO_AUTH to known unused variables.
  * Update pam sed expression to find HMAC_CRYPTO_ALGO.
  * Add more sanity checks.

OBS-URL: https://build.opensuse.org/request/show/931937
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=114
2021-11-17 16:18:12 +00:00
Michael Vetter
c9c98a79f2 - bsc#1190146: Fix empty subid range
Add shadow-4.9-useradd-subuid.patch
  https://github.com/shadow-maint/shadow/pull/399

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=113
2021-09-20 09:46:44 +00:00
Michael Vetter
c08b0a69cc OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=112 2021-09-20 09:36:14 +00:00
Michael Vetter
1864140f9d - bsc#1190145: Fix double free in gpasswd:
Add shadow-4.9-sgent-free.patch upstreamed as
  https://github.com/shadow-maint/shadow/pull/417

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=111
2021-09-20 09:10:46 +00:00
Michael Vetter
c47e0f3e3c for security reasons and compatibility. [bsc#1189139] [bsc#1182850]
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=110
2021-09-16 10:24:51 +00:00
Michael Vetter
31b62a4fb1 - Add shadow-passwd-handle-null.patch [bsc#1188307]:
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=109
2021-09-16 10:15:59 +00:00
Michael Vetter
8f871cae62 - Fix shadow-login_defs-check.sh:
In the last update we switched from calling make to %make_build
  macro. Using sed to adapt the spec file now.

OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=108
2021-09-07 15:09:34 +00:00
Michael Vetter
c8f7c173d8 Accepting request 912922 from home:kukuk:tiu
- libsubid-devel: add missing requires for libsubid3
- Remove README.changes-pwdutils, all distros you can upgrade from
  use already shadow
- login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to
  be compatible with other Linux distros and the other tools
  creating user accounts in use on openSUSE. Set HOME_MODE to 700
  for security reasons and compatibility. [bsc#1189139]

OBS-URL: https://build.opensuse.org/request/show/912922
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=107
2021-08-18 17:54:07 +00:00
Michael Vetter
3317029e04 Accepting request 912915 from home:jubalh:branches:Base:System
- Update to 4.9:
  * Updated translations
  * Major salt updates
  * Various coverity and cleanup fixes
  * Consistently use 0 to disable PASS_MIN_DAYS in man
  * Implement NSS support for subids and a libsubid
  * setfcap: retain setfcap when mapping uid 0
  * login.defs: include HMAC_CRYPTO_ALGO key
  * selinux fixes
  * Fix path prefix path handling
  * Manpage updates
  * Treat an empty passwd field as invalid(Haelwenn Monnier)
  * newxidmap: allow running under alternative gid
  * usermod: check that shell is executable
  * Add yescript support
  * useradd memleak fixes
  * useradd: use built-in settings by default
  * getdefs: add foreign
  * buffer overflow fixes
  * Adding run-parts style for pre and post useradd/del
- Refresh:
  * shadow-login_defs-unused-by-pam.patch
  * userdel-script.patch
  * useradd-script.patch
  * chkname-regex.patch
  * useradd-default.patch: bbf4b79 stopped shipping default file.
    change group in code now.
  * shadow-login_defs-suse.patch
  * useradd-userkeleton.patch
- Remove because upstreamed:

OBS-URL: https://build.opensuse.org/request/show/912915
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=106
2021-08-18 14:25:29 +00:00
Michael Vetter
e27cf8c34f Accepting request 903400 from home:kukuk:branches:Base:System
- login.defs/MOTD_FILE: Use "" instead of blank entry [bsc#1187536]
- Add /etc/login.defs.d directory

OBS-URL: https://build.opensuse.org/request/show/903400
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=105
2021-07-02 06:52:55 +00:00
Michael Vetter
faf07ff787 Accepting request 897717 from home:mauriziogalli:branches:Base:System
- Enable shadowgrp so that we can set more secure group passwords 
  using shadow.

OBS-URL: https://build.opensuse.org/request/show/897717
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=104
2021-06-08 06:39:30 +00:00
Michael Vetter
b6e8d920e2 Accepting request 897344 from home:kukuk:tiu
- Disable MOTD_FILE to allow the use of pam_motd to unify motd
  message output [bsc#1185897]. Else motd entries of e.g. cockpit
  will not be shown.

OBS-URL: https://build.opensuse.org/request/show/897344
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=103
2021-06-08 06:36:00 +00:00
Michael Vetter
451a55ed1d Accepting request 871006 from home:sbrabec:branches:distconfdir-fix
No change in code. Integrate changes in SLE/Leap branch into older changelog entries in Factory.

OBS-URL: https://build.opensuse.org/request/show/871006
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=101
2021-02-15 09:45:08 +00:00
1b82897569 Accepting request 867612 from home:sbrabec:branches:distconfdir-fix
- Do not require libeconf-devel on products without /usr/etc.

OBS-URL: https://build.opensuse.org/request/show/867612
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=100
2021-01-30 08:05:35 +00:00
Michael Vetter
a4ea6b15c3 Accepting request 865245 from home:kukuk:branches:Base:System
- Split login.defs configuration file into own sub-package, which
  allows to install util-linux or pam on small embedded/edge
  systems or container without the need to pull in the full shadow
  suite.

OBS-URL: https://build.opensuse.org/request/show/865245
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=99
2021-01-21 08:48:53 +00:00
Dr. Werner Fink
ff3f23e669 Accepting request 848094 from home:favogt:boo1178296
- Amend patches/useradd-userkeleton.patch to also write into
  existing directories and prefer files from /etc

OBS-URL: https://build.opensuse.org/request/show/848094
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=98
2020-11-12 10:32:46 +00:00
Dr. Werner Fink
cf082dac01 Add support for /usr/etc/skel to useradd binary its self
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=97
2020-11-11 11:39:56 +00:00
Dr. Werner Fink
5d3b7a8e02 bsc#1178296
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=95
2020-11-02 15:56:45 +00:00
Dr. Werner Fink
6ffcde29a4 boo#1173321
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=93
2020-10-09 13:16:40 +00:00
Michael Vetter
0b9efbf5e4 Accepting request 840138 from home:sbrabec:branches:util-linux-multibuild
- shadow-login_defs-check.sh: Fix the regexp to get a real variable
  list (boo#1164274).

OBS-URL: https://build.opensuse.org/request/show/840138
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=92
2020-10-08 20:42:21 +00:00