* login(1):
+ Fix off-by-one bugs.
* passwd(1):
+ Don't silently truncate passwords of length >= 200 characters.
Instead, accept a length of PASS_MAX, and reject longer ones.
* libshadow:
+ Fix calculation in strtoday(), which caused a wrong half-day
offset in some cases (bsc#1176006)
+ Fix parsing of dates in get_date() (bsc#1176006)
+ Use utmpx instead of utmp. This fixes a regression introduced in
4.14.0.
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=169
On Tumbleweed we have glibc 2.38 already thus string functions
like strlcpy will be present and won't be needed from libbsd.
`readpassphrase()` is then the only function from libbsd not present.
Upstream shadow has an in tree copy of it, that is used when the
`--without-libbsd` flag is passed along.
By relying on glibc 2.38 we don't need to add libbsd and libmd
to our ring0 but can't easily upgrade on SLE.
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=153
* Code cleanup
* Replace utmp interface #757
* new option enable-logind #674
* shadow userdel: add the adaptation to the busybox ps in 01-kill_user_procs.sh
* chsh: warn if root sets a shell not listed in /etc/shells #535
* newgrp: fix potential string injection
* lastlog: fix alignment of Latest header
* Fix yescrypt support #748
* chgpasswd: Fix segfault in command-line options
* gpasswd: Fix password leak
* Add --prefix to passwd, chpasswd and chage #714 (bsc#1206627)
* usermod: fix off-by-one issues #701
* ch(g)passwd: Check selinux permissions upon startup #675
* sub_[ug]id_{add,remove}: fix return values
* chsh: Verify that login shell path is absolute #730
* process_prefix_flag: Drop privileges
* run_parts for groupadd and groupdel #706
* newgrp/useradd: always set SIGCHLD to default
* useradd/usermod: add --selinux-range argument #698
* sssd: skip flushing if executable does not exist #699
* semanage: Do not set default SELinux range #676
* Add control character check #687
* usermod: respect --prefix for --gid option
* Fix null dereference in basename
* newuidmap and newgidmap: support passing pid as fd
* Prevent out of boundary access #633
* Explicitly override only newlines #633
* Correctly handle illegal system file in tz #633
* Supporting vendor given -shells- configuration file #599
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=151
* useradd.8: fix default group ID
* Revert drop of subid_init()
* Georgian translation
* useradd: Avoid taking unneeded space: do not reset non-existent data
in lastlog
* relax username restrictions
* selinux: check MLS enabled before setting serange
* copy_tree: use fchmodat instead of chmod
* copy_tree: don't block on FIFOs
* add shell linter
* copy_tree: carefully treat permissions
* lib/commonio: make lock failures more detailed
* lib: use strzero and memzero where applicable
* Update Dutch translation
* Don't test for NULL before calling free
* Use libc MAX() and MIN()
* chage: Fix regression in print_date
* usermod: report error if homedir does not exist
* libmisc: minimum id check for system accounts
* fix usermod -rG x y wrongly adding a group
* man: add missing space in useradd.8.xml
* lastlog: check for localtime() return value
* Raise limit for passwd and shadow entry length
* Remove adduser-old.c
* useradd: Fix buffer overflow when using a prefix
* Don't warn when failed to open /etc/nsswitch.conf
- Remove patches we took from upstream pre-release:
* shadow-copytree-usermod-fifo.patch
* shadow-chage-format.patch
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=133
* Add absolute path hint to --root
* Various cleanups
* Fix Ubuntu release used in CI tests
* add -F options to userad
* useradd manpage updates
* Check for ownerid (not just username) in subid ranges
* Declare file local functions static
* Use strict prototypes
* Do not drop const qualifier for Basename
* Constify various pointers
* Don't return uninitialized memory
* Don't let compiler optimize away memory cleaning
* Remove many obsolete compatibility checks and defines
* Modify ID range check in useradd
* Use "extern "C"" to make libsubid easier to use from C++
* French translation updates
* Fix s/with-pam/with-libpam/
* Spanish translation updates
* French translation fixes
* Default max group name length to 32
* Fix PAM service files without-selinux
* Improve manpages
- groupadd, useradd, usermod
- groups and id
- pwck
* Add fedora to CI builds
* Fix condition under which pw_dir check happens
* logoutd: switch to strncat
* AUTHORS: improve markdown output
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=122
* build: include lib/shadowlog_internal.h in dist tarballs
- Update to 4.11:
* Handle possible TOCTTOU issues in usermod/userdel
- (CVE-2013-4235)
- Use O_NOFOLLOW when copying file
- Kill all user tasks in userdel
* Fix useradd -D segfault
* Clean up obsolete libc feature-check ifdefs
* Fix -fno-common build breaks due to duplicate Prog declarations
* Have single date_to_str definition
* Fix libsubid SONAME version
* Clarify licensing info, use SPDX.
- Update to 4.10:
* From this release forward, su from this package should be
considered deprecated. Please replace any users of it with su
from util-linux
* libsubid fixes
* Rename the test program list_subid_ranges to getsubids, write
a manpage, so distros can ship it.
* Add libeconf dep for new*idmap
* Allow all group types with usermod -G
* Avoid useradd generating empty subid range
* Handle NULL pw_passwd
* Fix default value SHA_get_salt_rounds
* Use https where possible in README
* Update content and format of README
* Translation updates
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=118
- shadow-util-linux.patch:
* Remove the section patching lib/getdef.c in favor of the
upstream FOREIGNDEFS.
* Add LOGIN_KEEP_USERNAME to login.defs.
* Remove PREVENT_NO_AUTH from login.defs. Only used by the
unpackaged login and su.
- shadow-login_defs-unused-by-pam.patch:
* Remove variables BCRYPT_MIN_ROUNDS, BCRYPT_MAX_ROUNDS,
YESCRYPT_COST_FACTOR, not supported by the current
configuratiton.
- Update login_defs-support-for-pam symbol to version 1.5.2
(support for new variable HMAC_CRYPTO_ALGO).
- Update login_defs-support-for-util-linux to version 2.37
(support for new variable LOGIN_KEEP_USERNAME).
- Refresh shadow-login_defs-comments.patch and
shadow-login_defs-suse.patch.
- Improve shadow-login_defs-check.sh:
* Add helper to import local new version in the parent dir.
* Fix spec editing sed expression.
* Add PREVENT_NO_AUTH to known unused variables.
* Update pam sed expression to find HMAC_CRYPTO_ALGO.
* Add more sanity checks.
OBS-URL: https://build.opensuse.org/request/show/931937
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=114
- libsubid-devel: add missing requires for libsubid3
- Remove README.changes-pwdutils, all distros you can upgrade from
use already shadow
- login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to
be compatible with other Linux distros and the other tools
creating user accounts in use on openSUSE. Set HOME_MODE to 700
for security reasons and compatibility. [bsc#1189139]
OBS-URL: https://build.opensuse.org/request/show/912922
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=107
- Update to 4.9:
* Updated translations
* Major salt updates
* Various coverity and cleanup fixes
* Consistently use 0 to disable PASS_MIN_DAYS in man
* Implement NSS support for subids and a libsubid
* setfcap: retain setfcap when mapping uid 0
* login.defs: include HMAC_CRYPTO_ALGO key
* selinux fixes
* Fix path prefix path handling
* Manpage updates
* Treat an empty passwd field as invalid(Haelwenn Monnier)
* newxidmap: allow running under alternative gid
* usermod: check that shell is executable
* Add yescript support
* useradd memleak fixes
* useradd: use built-in settings by default
* getdefs: add foreign
* buffer overflow fixes
* Adding run-parts style for pre and post useradd/del
- Refresh:
* shadow-login_defs-unused-by-pam.patch
* userdel-script.patch
* useradd-script.patch
* chkname-regex.patch
* useradd-default.patch: bbf4b79 stopped shipping default file.
change group in code now.
* shadow-login_defs-suse.patch
* useradd-userkeleton.patch
- Remove because upstreamed:
OBS-URL: https://build.opensuse.org/request/show/912915
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=106