- Update to 4.16.0:
* The shadow implementations of id(1) and groups(1) are deprecated
in favor of the GNU coreutils and binutils versions.
They will be removed in 4.17.0.
* The rlogind implementation has been removed.
* The libsubid major version has been bumped, since it now requires
specification of the module's free() implementation.
- Update shadow-login_defs-suse.patch
- Add shadow-4.16.0-econf.patch:
Replace deprecated econf_readDirs with econf_readConfig
OBS-URL: https://build.opensuse.org/request/show/1181876
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=68
* The shadow implementations of id(1) and groups(1) are deprecated
in favor of the GNU coreutils and binutils versions.
They will be removed in 4.17.0.
* The rlogind implementation has been removed.
* The libsubid major version has been bumped, since it now requires
specification of the module's free() implementation.
- Update shadow-login_defs-suse.patch
- Add shadow-4.16.0-econf.patch:
Replace deprecated econf_readDirs with econf_readConfig
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=176
- Add shadow-4.15.0-fix-definition.patch:
Fix error messages about config options.
See gh/shadow-maint/shadow#967
- Update to 4.15.0
* libshadow:
+ Use utmpx instead of utmp. This fixes a regression introduced
in 4.14.0.
+ Fix build error (parameter name omitted).
* Build system:
+ Link correctly with libdl.
+ Install pam configs for chpasswd(8) and newusers(8) when using
./configure --with-libpam --disable-account-tools-setuid.
+ Merge libshadow and libmisc into a single libshadow. This fixes
problems in the linker, which were reported at least in Gentoo.
+ Fix build with musl libc.
+ Support out of tree builds
* useradd(8):
+ Set proper SELinux labels for def_usrtemplate
- Update Serge Hallyns GPG key
- Update shadow-login_defs-unused-by-pam.patch
OBS-URL: https://build.opensuse.org/request/show/1159987
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=66
* libshadow:
+ Use utmpx instead of utmp. This fixes a regression introduced
in 4.14.0.
+ Fix build error (parameter name omitted).
* Build system:
+ Link correctly with libdl.
+ Install pam configs for chpasswd(8) and newusers(8) when using
./configure --with-libpam --disable-account-tools-setuid.
+ Merge libshadow and libmisc into a single libshadow. This fixes
problems in the linker, which were reported at least in Gentoo.
+ Fix build with musl libc.
+ Support out of tree builds
* useradd(8):
+ Set proper SELinux labels for def_usrtemplate
- Update Serge Hallyns GPG key
- Update shadow-login_defs-unused-by-pam.patch
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=171
- Update to 4.14.6:
* login(1):
+ Fix off-by-one bugs.
* passwd(1):
+ Don't silently truncate passwords of length >= 200 characters.
Instead, accept a length of PASS_MAX, and reject longer ones.
* libshadow:
+ Fix calculation in strtoday(), which caused a wrong half-day
offset in some cases (bsc#1176006)
+ Fix parsing of dates in get_date() (bsc#1176006)
+ Use utmpx instead of utmp. This fixes a regression introduced in
4.14.0.
OBS-URL: https://build.opensuse.org/request/show/1154375
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=65
* login(1):
+ Fix off-by-one bugs.
* passwd(1):
+ Don't silently truncate passwords of length >= 200 characters.
Instead, accept a length of PASS_MAX, and reject longer ones.
* libshadow:
+ Fix calculation in strtoday(), which caused a wrong half-day
offset in some cases (bsc#1176006)
+ Fix parsing of dates in get_date() (bsc#1176006)
+ Use utmpx instead of utmp. This fixes a regression introduced in
4.14.0.
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=169
- Update to 4.14.5:
* Build system:
+ Fix regression introduced in 4.14.4, due to a typo. chgpasswd had
been deleted from a Makefile variable, but it should have been
chpasswd.
- Remove shadow-4.14.4-chgpasswd-typo.patch
- Update to 4.14.4:
* Build system:
+ Link correctly with libdl.
+ Install pam configs for chpasswd(8) and newusers(8) when using
./configure --with-libpam --disable-account-tools-setuid.
* libshadow:
+ Fix build error (parameter name omitted).
+ Fix off-by-one bug.
+ Remove warning.
- Add shadow-4.14.4-chgpasswd-typo.patch: to fix build. See #926
- Update patch macro `patchN` -> `patch -P N`
OBS-URL: https://build.opensuse.org/request/show/1146473
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=64
- Remove dependency on libbsd:
On Tumbleweed we have glibc 2.38 already thus string functions
like strlcpy will be present and won't be needed from libbsd.
`readpassphrase()` is then the only function from libbsd not present.
Upstream shadow has an in tree copy of it, that is used when the
`--without-libbsd` flag is passed along.
By relying on glibc 2.38 we don't need to add libbsd and libmd
to our ring0 but can't easily upgrade on SLE.
- Update to 4.14.0:
* configure: add with-libbsd option
* Code cleanup
* Replace utmp interface #757
* new option enable-logind #674
* shadow userdel: add the adaptation to the busybox ps in 01-kill_user_procs.sh
* chsh: warn if root sets a shell not listed in /etc/shells #535
* newgrp: fix potential string injection
* lastlog: fix alignment of Latest header
* Fix yescrypt support #748
* chgpasswd: Fix segfault in command-line options
* gpasswd: Fix password leak
* Add --prefix to passwd, chpasswd and chage #714 (bsc#1206627)
* usermod: fix off-by-one issues #701
* ch(g)passwd: Check selinux permissions upon startup #675
* sub_[ug]id_{add,remove}: fix return values
* chsh: Verify that login shell path is absolute #730
* process_prefix_flag: Drop privileges
* run_parts for groupadd and groupdel #706
* newgrp/useradd: always set SIGCHLD to default
* useradd/usermod: add --selinux-range argument #698
OBS-URL: https://build.opensuse.org/request/show/1104351
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=58
On Tumbleweed we have glibc 2.38 already thus string functions
like strlcpy will be present and won't be needed from libbsd.
`readpassphrase()` is then the only function from libbsd not present.
Upstream shadow has an in tree copy of it, that is used when the
`--without-libbsd` flag is passed along.
By relying on glibc 2.38 we don't need to add libbsd and libmd
to our ring0 but can't easily upgrade on SLE.
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=153
* Code cleanup
* Replace utmp interface #757
* new option enable-logind #674
* shadow userdel: add the adaptation to the busybox ps in 01-kill_user_procs.sh
* chsh: warn if root sets a shell not listed in /etc/shells #535
* newgrp: fix potential string injection
* lastlog: fix alignment of Latest header
* Fix yescrypt support #748
* chgpasswd: Fix segfault in command-line options
* gpasswd: Fix password leak
* Add --prefix to passwd, chpasswd and chage #714 (bsc#1206627)
* usermod: fix off-by-one issues #701
* ch(g)passwd: Check selinux permissions upon startup #675
* sub_[ug]id_{add,remove}: fix return values
* chsh: Verify that login shell path is absolute #730
* process_prefix_flag: Drop privileges
* run_parts for groupadd and groupdel #706
* newgrp/useradd: always set SIGCHLD to default
* useradd/usermod: add --selinux-range argument #698
* sssd: skip flushing if executable does not exist #699
* semanage: Do not set default SELinux range #676
* Add control character check #687
* usermod: respect --prefix for --gid option
* Fix null dereference in basename
* newuidmap and newgidmap: support passing pid as fd
* Prevent out of boundary access #633
* Explicitly override only newlines #633
* Correctly handle illegal system file in tz #633
* Supporting vendor given -shells- configuration file #599
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=151
- Update to 4.13:
* useradd.8: fix default group ID
* Revert drop of subid_init()
* Georgian translation
* useradd: Avoid taking unneeded space: do not reset non-existent data
in lastlog
* relax username restrictions
* selinux: check MLS enabled before setting serange
* copy_tree: use fchmodat instead of chmod
* copy_tree: don't block on FIFOs
* add shell linter
* copy_tree: carefully treat permissions
* lib/commonio: make lock failures more detailed
* lib: use strzero and memzero where applicable
* Update Dutch translation
* Don't test for NULL before calling free
* Use libc MAX() and MIN()
* chage: Fix regression in print_date
* usermod: report error if homedir does not exist
* libmisc: minimum id check for system accounts
* fix usermod -rG x y wrongly adding a group
* man: add missing space in useradd.8.xml
* lastlog: check for localtime() return value
* Raise limit for passwd and shadow entry length
* Remove adduser-old.c
* useradd: Fix buffer overflow when using a prefix
* Don't warn when failed to open /etc/nsswitch.conf
- Remove patches we took from upstream pre-release:
* shadow-copytree-usermod-fifo.patch
* shadow-chage-format.patch
OBS-URL: https://build.opensuse.org/request/show/1034857
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=52
* useradd.8: fix default group ID
* Revert drop of subid_init()
* Georgian translation
* useradd: Avoid taking unneeded space: do not reset non-existent data
in lastlog
* relax username restrictions
* selinux: check MLS enabled before setting serange
* copy_tree: use fchmodat instead of chmod
* copy_tree: don't block on FIFOs
* add shell linter
* copy_tree: carefully treat permissions
* lib/commonio: make lock failures more detailed
* lib: use strzero and memzero where applicable
* Update Dutch translation
* Don't test for NULL before calling free
* Use libc MAX() and MIN()
* chage: Fix regression in print_date
* usermod: report error if homedir does not exist
* libmisc: minimum id check for system accounts
* fix usermod -rG x y wrongly adding a group
* man: add missing space in useradd.8.xml
* lastlog: check for localtime() return value
* Raise limit for passwd and shadow entry length
* Remove adduser-old.c
* useradd: Fix buffer overflow when using a prefix
* Don't warn when failed to open /etc/nsswitch.conf
- Remove patches we took from upstream pre-release:
* shadow-copytree-usermod-fifo.patch
* shadow-chage-format.patch
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=133
- Update to 4.12.3:
Revert removal of subid_init, which should have bumped soname.
So note that 4.12 through 4.12.2 were broken for subid users.
- Update to 4.12.2:
* Address CVE-2013-4235 (TOCTTOU when copying directories) [bsc#916845]
- Refresh useradd-userkeleton.patch:
LSTAT() was removed with https://github.com/shadow-maint/shadow/pull/545
Let's use fstatat() now.
- Update to 4.12.1:
* Fix uk manpages
- Remove shadow-4.12-remove-uk.patch: fixed upstream
- Update to 4.12:
* Add absolute path hint to --root
* Various cleanups
* Fix Ubuntu release used in CI tests
* add -F options to userad
* useradd manpage updates
* Check for ownerid (not just username) in subid ranges
* Declare file local functions static
* Use strict prototypes
* Do not drop const qualifier for Basename
* Constify various pointers
* Don't return uninitialized memory
* Don't let compiler optimize away memory cleaning
* Remove many obsolete compatibility checks and defines
* Modify ID range check in useradd
* Use "extern "C"" to make libsubid easier to use from C++
OBS-URL: https://build.opensuse.org/request/show/999092
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=48
* Add absolute path hint to --root
* Various cleanups
* Fix Ubuntu release used in CI tests
* add -F options to userad
* useradd manpage updates
* Check for ownerid (not just username) in subid ranges
* Declare file local functions static
* Use strict prototypes
* Do not drop const qualifier for Basename
* Constify various pointers
* Don't return uninitialized memory
* Don't let compiler optimize away memory cleaning
* Remove many obsolete compatibility checks and defines
* Modify ID range check in useradd
* Use "extern "C"" to make libsubid easier to use from C++
* French translation updates
* Fix s/with-pam/with-libpam/
* Spanish translation updates
* French translation fixes
* Default max group name length to 32
* Fix PAM service files without-selinux
* Improve manpages
- groupadd, useradd, usermod
- groups and id
- pwck
* Add fedora to CI builds
* Fix condition under which pw_dir check happens
* logoutd: switch to strncat
* AUTHORS: improve markdown output
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=122
- The legacy code does not support /etc/login.defs.d used by YaST.
Enable libeconf to read it (bsc#1192954).
- Update to 4.11.1:
* build: include lib/shadowlog_internal.h in dist tarballs
- Update to 4.11:
* Handle possible TOCTTOU issues in usermod/userdel
- (CVE-2013-4235)
- Use O_NOFOLLOW when copying file
- Kill all user tasks in userdel
* Fix useradd -D segfault
* Clean up obsolete libc feature-check ifdefs
* Fix -fno-common build breaks due to duplicate Prog declarations
* Have single date_to_str definition
* Fix libsubid SONAME version
* Clarify licensing info, use SPDX.
- Update to 4.10:
* From this release forward, su from this package should be
considered deprecated. Please replace any users of it with su
from util-linux
* libsubid fixes
* Rename the test program list_subid_ranges to getsubids, write
a manpage, so distros can ship it.
* Add libeconf dep for new*idmap
* Allow all group types with usermod -G
* Avoid useradd generating empty subid range
* Handle NULL pw_passwd
* Fix default value SHA_get_salt_rounds
OBS-URL: https://build.opensuse.org/request/show/946483
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=47
* build: include lib/shadowlog_internal.h in dist tarballs
- Update to 4.11:
* Handle possible TOCTTOU issues in usermod/userdel
- (CVE-2013-4235)
- Use O_NOFOLLOW when copying file
- Kill all user tasks in userdel
* Fix useradd -D segfault
* Clean up obsolete libc feature-check ifdefs
* Fix -fno-common build breaks due to duplicate Prog declarations
* Have single date_to_str definition
* Fix libsubid SONAME version
* Clarify licensing info, use SPDX.
- Update to 4.10:
* From this release forward, su from this package should be
considered deprecated. Please replace any users of it with su
from util-linux
* libsubid fixes
* Rename the test program list_subid_ranges to getsubids, write
a manpage, so distros can ship it.
* Add libeconf dep for new*idmap
* Allow all group types with usermod -G
* Avoid useradd generating empty subid range
* Handle NULL pw_passwd
* Fix default value SHA_get_salt_rounds
* Use https where possible in README
* Update content and format of README
* Translation updates
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=118
- Fix segfaults in newgrp and pwck
* Add shadow-4.9-newgrp-segfault.patch
https://github.com/shadow-maint/shadow/pull/437
* Add shadow-4.9-pwck-segfault.patch
https://github.com/shadow-maint/shadow/pull/445
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* shadow.service
- shadow-util-linux.patch:
* Remove the section patching lib/getdef.c in favor of the
upstream FOREIGNDEFS.
* Add LOGIN_KEEP_USERNAME to login.defs.
* Remove PREVENT_NO_AUTH from login.defs. Only used by the
unpackaged login and su.
- shadow-login_defs-unused-by-pam.patch:
* Remove variables BCRYPT_MIN_ROUNDS, BCRYPT_MAX_ROUNDS,
YESCRYPT_COST_FACTOR, not supported by the current
configuratiton.
- Update login_defs-support-for-pam symbol to version 1.5.2
(support for new variable HMAC_CRYPTO_ALGO).
- Update login_defs-support-for-util-linux to version 2.37
(support for new variable LOGIN_KEEP_USERNAME).
- Refresh shadow-login_defs-comments.patch and
shadow-login_defs-suse.patch.
- Improve shadow-login_defs-check.sh:
* Add helper to import local new version in the parent dir.
* Fix spec editing sed expression.
* Add PREVENT_NO_AUTH to known unused variables.
* Update pam sed expression to find HMAC_CRYPTO_ALGO.
OBS-URL: https://build.opensuse.org/request/show/932263
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=45
- shadow-util-linux.patch:
* Remove the section patching lib/getdef.c in favor of the
upstream FOREIGNDEFS.
* Add LOGIN_KEEP_USERNAME to login.defs.
* Remove PREVENT_NO_AUTH from login.defs. Only used by the
unpackaged login and su.
- shadow-login_defs-unused-by-pam.patch:
* Remove variables BCRYPT_MIN_ROUNDS, BCRYPT_MAX_ROUNDS,
YESCRYPT_COST_FACTOR, not supported by the current
configuratiton.
- Update login_defs-support-for-pam symbol to version 1.5.2
(support for new variable HMAC_CRYPTO_ALGO).
- Update login_defs-support-for-util-linux to version 2.37
(support for new variable LOGIN_KEEP_USERNAME).
- Refresh shadow-login_defs-comments.patch and
shadow-login_defs-suse.patch.
- Improve shadow-login_defs-check.sh:
* Add helper to import local new version in the parent dir.
* Fix spec editing sed expression.
* Add PREVENT_NO_AUTH to known unused variables.
* Update pam sed expression to find HMAC_CRYPTO_ALGO.
* Add more sanity checks.
OBS-URL: https://build.opensuse.org/request/show/931937
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=114
- bsc#1190146: Fix empty subid range
Add shadow-4.9-useradd-subuid.patch
https://github.com/shadow-maint/shadow/pull/399
- bsc#1190145: Fix double free in gpasswd:
Add shadow-4.9-sgent-free.patch upstreamed as
https://github.com/shadow-maint/shadow/pull/417
- Fix shadow-login_defs-check.sh:
In the last update we switched from calling make to %make_build
macro. Using sed to adapt the spec file now.
- libsubid-devel: add missing requires for libsubid3
- Remove README.changes-pwdutils, all distros you can upgrade from
use already shadow
- login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to
be compatible with other Linux distros and the other tools
creating user accounts in use on openSUSE. Set HOME_MODE to 700
for security reasons and compatibility. [bsc#1189139] [bsc#1182850]
- Update to 4.9:
* Updated translations
* Major salt updates
* Various coverity and cleanup fixes
* Consistently use 0 to disable PASS_MIN_DAYS in man
* Implement NSS support for subids and a libsubid
* setfcap: retain setfcap when mapping uid 0
* login.defs: include HMAC_CRYPTO_ALGO key
* selinux fixes
OBS-URL: https://build.opensuse.org/request/show/920286
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=44
- libsubid-devel: add missing requires for libsubid3
- Remove README.changes-pwdutils, all distros you can upgrade from
use already shadow
- login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to
be compatible with other Linux distros and the other tools
creating user accounts in use on openSUSE. Set HOME_MODE to 700
for security reasons and compatibility. [bsc#1189139]
OBS-URL: https://build.opensuse.org/request/show/912922
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=107
- Update to 4.9:
* Updated translations
* Major salt updates
* Various coverity and cleanup fixes
* Consistently use 0 to disable PASS_MIN_DAYS in man
* Implement NSS support for subids and a libsubid
* setfcap: retain setfcap when mapping uid 0
* login.defs: include HMAC_CRYPTO_ALGO key
* selinux fixes
* Fix path prefix path handling
* Manpage updates
* Treat an empty passwd field as invalid(Haelwenn Monnier)
* newxidmap: allow running under alternative gid
* usermod: check that shell is executable
* Add yescript support
* useradd memleak fixes
* useradd: use built-in settings by default
* getdefs: add foreign
* buffer overflow fixes
* Adding run-parts style for pre and post useradd/del
- Refresh:
* shadow-login_defs-unused-by-pam.patch
* userdel-script.patch
* useradd-script.patch
* chkname-regex.patch
* useradd-default.patch: bbf4b79 stopped shipping default file.
change group in code now.
* shadow-login_defs-suse.patch
* useradd-userkeleton.patch
- Remove because upstreamed:
OBS-URL: https://build.opensuse.org/request/show/912915
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=106
- login.defs: Add support for new util-linux-2.36 login variable
MOTD_FIRSTONLY (shadow-util-linux.patch).
- shadow-login_defs-comments.patch: Remove duplicated
LASTLOG_UID_MAX.
- shadow-login_defs-check.sh: Update for new build system.
- shadow-util-linux.patch: Restore lost chunk: SYSLOG_SU_ENAB is
not used in SUSE Linux.
- Refresh shadow-login_defs-suse.patch and
shadow-login_defs-comments.patch.
OBS-URL: https://build.opensuse.org/request/show/833343
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=90
- Update to 4.8.1:
* selinux: include stdio
* man: don't suggest making groupmems user-writeable
* Makefile: bail out on error in for loops
* Adding logging of SSH_ORIGINAL_COMMAND to nologin
* add new HOME_MODE login.defs option
* Add tty logging to useradd
* Useradd: make non-executable shell check only a warning
* Update Dutch translation
* user_busy: Do not mistake a regular user process for a namespaced one
* Revert "Honor --sbindir and --bindir for binary installation"
- Remove shadow-4.8-shell-check.patch: included
- Remove shadow-4.8-selinux-include.patch: upstreamed
OBS-URL: https://build.opensuse.org/request/show/767297
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=37
* selinux: include stdio
* man: don't suggest making groupmems user-writeable
* Makefile: bail out on error in for loops
* Adding logging of SSH_ORIGINAL_COMMAND to nologin
* add new HOME_MODE login.defs option
* Add tty logging to useradd
* Useradd: make non-executable shell check only a warning
* Update Dutch translation
* user_busy: Do not mistake a regular user process for a namespaced one
* Revert "Honor --sbindir and --bindir for binary installation"
- Remove shadow-4.8-shell-check.patch: included
- Remove shadow-4.8-selinux-include.patch: upstreamed
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=86
- Set 0755 for chpasswd, groupadd, groupdel, groupmod, newusers,
useradd, userdel, usermod explicitly.
- bsc#1160729: Make valid shell check only a warning
* Add shadow-4.8-shell-check.patch
- Update to 4.8:
* Initial optional bcrypt support.
* Make build/install of 'su' optional.
* Fix for vipw not resuming correctly when suspended
* Sync password field descriptions in manpages
* Check for valid shell argument in useradd
* Allow translation of new strings through POTFILES.in
* Migrate to itstool for translations
* Migrate to new SELinux api
* Support --enable-vendordir
* pwck: Only check homedir if set and not a system user
* Support nonstandard usernames
* sget{pw,gr}ent: check for data at EOL
* Add YYY-MM-DD support in chage
* Fix failing chmod calls for suidubins
* Fix --sbindir and --bindir for binary installations
* Fix LASTLOG_UID_MAX in login.defs
* Fix configure error with dash
- Remove because upstreamed:
* libeconf.patch
* shadow-usermod-variable.patch
- Rebase:
* shadow-login_defs-unused-by-pam.patch
* chkname-regex.patch
OBS-URL: https://build.opensuse.org/request/show/765745
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=36
* Initial optional bcrypt support.
* Make build/install of 'su' optional.
* Fix for vipw not resuming correctly when suspended
* Sync password field descriptions in manpages
* Check for valid shell argument in useradd
* Allow translation of new strings through POTFILES.in
* Migrate to itstool for translations
* Migrate to new SELinux api
* Support --enable-vendordir
* pwck: Only check homedir if set and not a system user
* Support nonstandard usernames
* sget{pw,gr}ent: check for data at EOL
* Add YYY-MM-DD support in chage
* Fix failing chmod calls for suidubins
* Fix --sbindir and --bindir for binary installations
* Fix LASTLOG_UID_MAX in login.defs
* Fix configure error with dash
- Remove because upstreamed:
* libeconf.patch
* shadow-usermod-variable.patch
- Rebase:
* shadow-login_defs-unused-by-pam.patch
* chkname-regex.patch
* shadow-util-linux.patch
* shadow-login_defs-comments.patch
- Add shadow-4.8-selinux-include.patch
See https://github.com/shadow-maint/shadow/pull/200
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=81
- Update to 4.7:
* Spawn: don't loop forever on ECHILD
* Do not fail locking if there is a stale lockfile (Tomas Mraz)
* Use lckpwdf if prefix not set (Tomas Mraz)
* Build: check correct DocBook version (Jan Tojnar)
* Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn)
* Add support for btrfs subvolumes for home (Adam Majer)
* Fix chpasswd long line handling (Nathan Ruiz)
* Use secure_getenv for gettime (Chris Lamb)
* Make sp_lstchg reproducible (Chris Lamb)
* Do not crash commonio_close if db file is not open (Tomas Mraz)
* Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
* French manpage update (Alban VIDAL)
* Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
* Sync po files from shadow.pot (Alban VIDAL)
* Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
* Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
* new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
* Fix segfault in useradd (Tomas Mraz)
* Coverity issues (Tomas Mraz)
* Flush sssd caches (Jakub Hrozek)
* Log UID in nologin (Vladimir Ivanov)
* run pam_getenvlist after setup_env in su.c (Michael Vogt)
* Support systems with only utmpx (A. Wilcox)
* Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
* Update po/zh_CN translation (Lion Yang)
* Create parent dirs for useradd -m (Michael Vetter)
* Prevent usermod segv
* Fix usermod crash (fariouche)
- Remove btrfs-subvolumes.patch (fate#316134):
OBS-URL: https://build.opensuse.org/request/show/709907
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=32
* Spawn: don't loop forever on ECHILD
* Do not fail locking if there is a stale lockfile (Tomas Mraz)
* Use lckpwdf if prefix not set (Tomas Mraz)
* Build: check correct DocBook version (Jan Tojnar)
* Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn)
* Add support for btrfs subvolumes for home (Adam Majer)
* Fix chpasswd long line handling (Nathan Ruiz)
* Use secure_getenv for gettime (Chris Lamb)
* Make sp_lstchg reproducible (Chris Lamb)
* Do not crash commonio_close if db file is not open (Tomas Mraz)
* Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
* French manpage update (Alban VIDAL)
* Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
* Sync po files from shadow.pot (Alban VIDAL)
* Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
* Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
* new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
* Fix segfault in useradd (Tomas Mraz)
* Coverity issues (Tomas Mraz)
* Flush sssd caches (Jakub Hrozek)
* Log UID in nologin (Vladimir Ivanov)
* run pam_getenvlist after setup_env in su.c (Michael Vogt)
* Support systems with only utmpx (A. Wilcox)
* Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
* Update po/zh_CN translation (Lion Yang)
* Create parent dirs for useradd -m (Michael Vetter)
* Prevent usermod segv
* Fix usermod crash (fariouche)
- Remove btrfs-subvolumes.patch (fate#316134):
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=68
- Update to 4.6:
* Newgrp: avoid unnecessary lookups
* Make language less binary
* Add error when turning off man switch
* Spelling fixes
* Make userdel work with -R
* newgidmap: enforce setgroups=deny if self-mapping a group
* Norwegian bokmål translation
* pwck: prevent crash by not passing O_CREAT
* WITH_TCB fixes from Mandriva
* Fix pwconv and grpconv entry skips
* Fix -- slurping in su
* add --prefix option
- Remove CVE-2018-7169.patch: upstreamed
- Remove shadow-4.1.5.1-pam_group.patch: upstreamed
- Update userdel-script.patch: change due to prefix
- Update useradd-mkdirs.patch: change due to prefix
Additionally changed in that patch:
* Test for strdup() failure
* Directory to 0755 instead 0777
- Add shadow-4.6.0-fix-usermod-prefix-crash.patch:
Fixes crash in usermod when called with --prefix.
See https://github.com/shadow-maint/shadow/issues/110
OBS-URL: https://build.opensuse.org/request/show/609804
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=27
* Newgrp: avoid unnecessary lookups
* Make language less binary
* Add error when turning off man switch
* Spelling fixes
* Make userdel work with -R
* newgidmap: enforce setgroups=deny if self-mapping a group
* Norwegian bokmål translation
* pwck: prevent crash by not passing O_CREAT
* WITH_TCB fixes from Mandriva
* Fix pwconv and grpconv entry skips
* Fix -- slurping in su
* add --prefix option
- Remove CVE-2018-7169.patch: upstreamed
- Remove shadow-4.1.5.1-pam_group.patch: upstreamed
- Update userdel-script.patch: change due to prefix
- Update useradd-mkdirs.patch: change due to prefix
Additionally changed in that patch:
* Test for strdup() failure
* Directory to 0755 instead 0777
- Add shadow-4.6.0-fix-usermod-prefix-crash.patch:
Fixes crash in usermod when called with --prefix.
See https://github.com/shadow-maint/shadow/issues/110
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=52
- Revert accidentalied prerequisites.
Use PreReq for permissions
- Prequire group(shadow), group(root), user(root)
- bsc#1061838:
Add Requires for group(mail)
- boo#1048645:
Set suid bit for newuidmap and newgimap
- Revert the changes for bsc#1023895 back
Pulls in too many deps into ring0.
Next version of shadow plans to have no conditional man pages.
- run spec-cleaner
- bsc#1023895:
man page contained invalid options because they depend
on compile flags and we shipped pre built ones.
New BuildRequires: docbook-xsl-stylesheets docbook_4 xml2po
xsltproc
- Adjust requires (we need user/group root instead of aaa_base now)
- New upstream version 4.5
- Refreshed patches:
* shadow-login_defs.patch
* chkname-regex.patch
* getdef-new-defs.patch
* useradd-mkdirs.patch
- Upstreamed patches:
* shadow-4.1.5.1-manfix.patch
* shadow-4.1.5.1-errmsg.patch
* shadow-4.1.5.1-backup-mode.patch
* shadow-4.1.5.1-audit-owner.patch
* shadow-4.2.1-defs-chroot.patch
* shadow-4.2.1-merge-group.patch
* Fix-user-busy-errors-at-userdel.patch
* useradd-clear-tallylog.patch
- shadow-4.1.5.1-pam_group.patch
dynamically added users via pam_group are not listed in groups
databases but are still valid
- shadow.keyring: update keyring with current maintainer's keyid
only - Serge Hallyn 'F1D08DB778185BF784002DFFE9FEEA06A85E3F9D'
- disable_new_audit_function.patch:
Disable newer libaudit functionality for older distributions
- useradd: call external program "/sbin/pam_tally2" to reset
failed login counter in "/var/log/tallylog"
(bsc#980486, useradd-clear-tallylog.patch)
- add keyring, three public keys from https://pkg-shadow.alioth.debian.org/download.php
- bsc#1002975: Use permissions according to permissions package
and dont try to manipulate them in %files section.
- boo#994486: Include shadow.5 manpage
Previously this was provided by man-pages package in
the man-pages-addons tarball which got removed later on.
- Add package dependency for aaa_base, fixing bnc#899409
(was done by tbehrens@suse.com but not submitted to Factory)
- shadow 4.2.1 requested by fate#320422
- bsc#979069: Dont include shadow-4.1.5.1-bug935203-manpage.patch
- Dont set SUID bit yet. Once bsc#979282 is through, which will adapt the permissions package, we can enable the SUID bits.
Remove the files used to circumvent the check.
- Remove:
* shadow-rpmlintrc
* shadow-subids
* shadow-subids.easy
* shadow-subids.secure
* shadow-subids.paranoid
- Update to shadow-4.2.1:
- add support for subuids/subgids via newuidmap/newgidmap
- Rename chkname-regex.diff to chkname-regex.patch
- Rename encryption_method_nis.diff to encryption_method_nis.patch
- Rename getdef-new-defs.diff to getdef-new-defs.patch
- Rename shadow-login_defs.diff to shadow-login_defs.patch
- Rename userdel-scripts.diff to userdel-script.patch
- Rename useradd-script.diff to useradd-script.patch
- Rename useradd-default.diff to useradd-default.patch
- Rename useradd-mkdirs.diff to useradd-mkdirs.patch
- Add fixes from Red Hat/Fedora:
- shadow-4.1.5.1-audit-owner.patch.patch:
- log owner changes for home directory
- shadow-4.1.5.1-userdel-helpfix.patch.patch:
- give a hint about what happens when you force the removal of a user
- shadow-4.2.1-defs-chroot.patch.patch:
- initialize uid_t uid_min and uid_t uid_max not before we need them
- shadow-4.2.1-merge-group.patch.patch:
- simplify by using a single call to snprintf()
- Add upstream fix
- Fix-user-busy-errors-at-userdel.patch:
- call sub_uid_close()
- Moved call from %verifyscript into %post:
* Caused call to %service_add_post shadow.service shadow.timer
during rpm -qV shadow
- Add systemd unit files to continuously check password & groupfile integrity
* Idea from Arch Linux
* pending request to systemd-presets-branding-openSUSE to enable by default
- Add patch useradd-mkdirs.diff: fix for bnc#865563, create all parts
of the path
- Stop any systemd user manager instance in case a user entry will
be deleted (bnc#849870). Nevertheless a running process requires
the option --force for the userdel command.
- Add ENCRYPT_METHOD_NIS for pam_unix.so (encryption_method_nis.diff)
- Add some fixes from Fedora:
- shadow-4.1.5.1-backup-mode.patch: open backup file with correct
permissions.
- shadow-4.1.5.1-logmsg.patch: fix error message
- shadow-4.1.5.1-errmsg.patch: print error reason
- shadow-4.1.5.1-manfix.patch: fix manual page
- Cleanup login.defs and enable ENCRYPT_METHOD [bnc#802006]
- Fix getdef default variables (getdef-new-defs.diff)
- Fix default group value in /etc/default/useradd
(useradd-default.diff)
- Implement CHARACTER_CLASS support
(chkname-regex.diff)
- Add support for useradd.local
(useradd-script.diff)
- Fix spec file
- Adjust login.defs
(shadow-login_defs.diff)
- Add userdel*.local script support and scrips
(userdel-scripts.diff)
- Initial package [FATE#314473]
OBS-URL: https://build.opensuse.org/request/show/536398
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=23
- boo#1048645:
Set suid bit for newuidmap and newgimap
- Revert the changes for bsc#1023895 back
Pulls in too many deps into ring0.
Next version of shadow plans to have no conditional man pages.
- run spec-cleaner
- bsc#1023895:
man page contained invalid options because they depend
on compile flags and we shipped pre built ones.
New BuildRequires: docbook-xsl-stylesheets docbook_4 xml2po
xsltproc
OBS-URL: https://build.opensuse.org/request/show/526022
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=21
