From 1b97de0f5fd59759fae043bd899fb1d2ecd28e44c88cedd0781e3722a7ec7d2e Mon Sep 17 00:00:00 2001
From: Michael Vetter <jubalh@iodoru.org>
Date: Mon, 29 Jul 2019 05:36:59 +0000
Subject: [PATCH] Accepting request 719010 from
 home:sbrabec:branches:util-linux-2.34

- Fix incorrect variable name in usermod
  (shadow-usermod-variable.patch).
- shadow-login_defs-comments.patch:
  * Drop SHA_CRYPT_*_ROUNDS that are in the upstream login.defs.
  * Add missing LASTLOG_UID_MAX.
  * Refresh shadow-login_defs-suse.patch.
- Port shadow-login_defs-check.sh to match the current spec file
  and login.defs.

OBS-URL: https://build.opensuse.org/request/show/719010
OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=74
---
 shadow-login_defs-check.sh       |  8 +++---
 shadow-login_defs-comments.patch | 48 ++++++++++++++++++++------------
 shadow-login_defs-suse.patch     | 26 ++++++++---------
 shadow-usermod-variable.patch    | 28 +++++++++++++++++++
 shadow.changes                   | 12 ++++++++
 shadow.spec                      |  3 ++
 6 files changed, 90 insertions(+), 35 deletions(-)
 create mode 100644 shadow-usermod-variable.patch

diff --git a/shadow-login_defs-check.sh b/shadow-login_defs-check.sh
index 2b4fa26..21b74c1 100644
--- a/shadow-login_defs-check.sh
+++ b/shadow-login_defs-check.sh
@@ -69,9 +69,9 @@ if ! test -f shadow-login_defs-check-build/stamp ; then
 		patch <<EOF
 --- shadow.spec
 +++ shadow.spec
-@@ -131,1 +131,1 @@
--make
-+make V=1 -k CPPFLAGS="-E"
+@@ -133,1 +133,1 @@
+-make %{?_smp_mflags} V=1
++make %{?_smp_mflags} V=1 -k CPPFLAGS="-E"
 EOF
 	fi
 
@@ -99,7 +99,7 @@ cd shadow-login_defs-check-build/shadow-*
 
 echo "Extracting variables from etc/login.defs..."
 # Extract variables referenced in login.defs, both active and commented out.
-sed -n "s/^#//;s/\([A-Z0-9_]*\)[[:space:]].*$/\1/p" <etc/login.defs | sed '/^$/d' | uniq | sed '/^$/d' >../../shadow-login_defs-check-login_defs.lst
+sed -n "s/^#//;s/\([A-Z0-9_]*\)\([[:space:]].*\|\)$/\1/p" <etc/login.defs | sed '/^$/d' | uniq | sed '/^$/d' >../../shadow-login_defs-check-login_defs.lst
 LC_ALL=C sort -u ../../shadow-login_defs-check-login_defs.lst >../../shadow-login_defs-check-login_defs-sorted.lst
 
 echo "Extracting variables from lib/getdef.c..."
diff --git a/shadow-login_defs-comments.patch b/shadow-login_defs-comments.patch
index 87ffead..31c190e 100644
--- a/shadow-login_defs-comments.patch
+++ b/shadow-login_defs-comments.patch
@@ -13,7 +13,23 @@ Index: etc/login.defs
  
  #
  # Delay in seconds before being allowed another attempt after a login failure
-@@ -79,11 +77,14 @@ ENV_PATH	/bin:/usr/bin
+@@ -32,6 +30,15 @@ CONSOLE		/etc/securetty
+ #CONSOLE	console:tty01:tty02:tty03:tty04
+ 
+ #
++# Limit the highest user ID number for which the lastlog entries should
++# be updated.
++#
++# No LASTLOG_UID_MAX means that there is no user ID limit for writing
++# lastlog entries.
++#
++#LASTLOG_UID_MAX
++
++#
+ # If defined, all su(1) activity is logged to this file.
+ #
+ #SULOG_FILE	/var/log/sulog
+@@ -79,11 +86,14 @@ ENV_PATH	/bin:/usr/bin
  ENV_ROOTPATH	/sbin:/bin:/usr/sbin:/usr/bin
  #ENV_SUPATH	/sbin:/bin:/usr/sbin:/usr/bin
  
@@ -30,7 +46,7 @@ Index: etc/login.defs
  ALWAYS_SET_PATH	no
  
  #
-@@ -123,6 +124,11 @@ PASS_WARN_AGE	7
+@@ -123,6 +133,11 @@ PASS_WARN_AGE	7
  #
  # Min/max values for automatic uid selection in useradd(8)
  #
@@ -42,7 +58,7 @@ Index: etc/login.defs
  UID_MIN			 1000
  UID_MAX			60000
  # System accounts
-@@ -136,6 +142,11 @@ SUB_UID_COUNT		    65536
+@@ -136,6 +151,11 @@ SUB_UID_COUNT		    65536
  #
  # Min/max values for automatic gid selection in groupadd(8)
  #
@@ -54,7 +70,7 @@ Index: etc/login.defs
  GID_MIN			 1000
  GID_MAX			60000
  # System accounts
-@@ -165,7 +176,6 @@ LOGIN_TIMEOUT		60
+@@ -165,7 +185,6 @@ LOGIN_TIMEOUT		60
  CHFN_RESTRICT		rwh
  
  #
@@ -62,7 +78,7 @@ Index: etc/login.defs
  # If set to "yes", new passwords will be encrypted using the MD5-based
  # algorithm compatible with the one used by recent releases of FreeBSD.
  # It supports passwords of unlimited length and longer salt strings.
-@@ -180,7 +190,6 @@ CHFN_RESTRICT		rwh
+@@ -180,7 +199,6 @@ CHFN_RESTRICT		rwh
  #MD5_CRYPT_ENAB	no
  
  #
@@ -70,18 +86,14 @@ Index: etc/login.defs
  # If set to MD5, MD5-based algorithm will be used for encrypting password
  # If set to SHA256, SHA256-based algorithm will be used for encrypting password
  # If set to SHA512, SHA512-based algorithm will be used for encrypting password
-@@ -196,6 +205,14 @@ CHFN_RESTRICT		rwh
- #ENCRYPT_METHOD_NIS DES
+@@ -208,8 +226,8 @@ CHFN_RESTRICT		rwh
+ # If only one of the MIN or MAX values is set, then this value will be used.
+ # If MIN > MAX, the highest value will be used.
+ #
+-# SHA_CRYPT_MIN_ROUNDS 5000
+-# SHA_CRYPT_MAX_ROUNDS 5000
++#SHA_CRYPT_MIN_ROUNDS 5000
++#SHA_CRYPT_MAX_ROUNDS 5000
  
  #
-+# Number of rounds for salt.
-+# Default values:
-+# Minimum number of rounds.
-+#SHA_CRYPT_MIN_ROUNDS 1000
-+# Maximum number of rounds.
-+#SHA_CRYPT_MAX_ROUNDS 999999999
-+
-+#
- # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
- #
- # Define the number of SHA rounds.
+ # Should login be allowed if we can't cd to the home directory?
diff --git a/shadow-login_defs-suse.patch b/shadow-login_defs-suse.patch
index 646a317..961c3a5 100644
--- a/shadow-login_defs-suse.patch
+++ b/shadow-login_defs-suse.patch
@@ -14,7 +14,7 @@ Index: etc/login.defs
  
  #
  # Delay in seconds before being allowed another attempt after a login failure
-@@ -38,8 +41,7 @@ CONSOLE		/etc/securetty
+@@ -47,8 +50,7 @@ CONSOLE		/etc/securetty
  # If defined, ":" delimited list of "message of the day" files to
  # be displayed upon login.
  #
@@ -24,7 +24,7 @@ Index: etc/login.defs
  
  #
  # If defined, file which maps tty line to TERM environment parameter.
-@@ -53,8 +55,8 @@ MOTD_FILE	/etc/motd
+@@ -62,8 +64,8 @@ MOTD_FILE	/etc/motd
  # user's name or shell are found in the file.  If not a full pathname, then
  # hushed mode will be enabled if the file exists in the user's home directory.
  #
@@ -35,7 +35,7 @@ Index: etc/login.defs
  
  # If this variable is set to "yes", hostname will be suppressed in the
  # login: prompt.
-@@ -73,9 +75,9 @@ HUSHLOGIN_FILE	.hushlogin
+@@ -82,9 +84,9 @@ HUSHLOGIN_FILE	.hushlogin
  # ENV_SUPATH is an ENV_ROOTPATH override for su and runuser
  # (and falback for login).
  #
@@ -48,7 +48,7 @@ Index: etc/login.defs
  
  # If this variable is set to "yes" (default is "no"), su will always set
  # path. every su call will overwrite the PATH variable.
-@@ -85,7 +87,7 @@ ENV_ROOTPATH	/sbin:/bin:/usr/sbin:/usr/b
+@@ -94,7 +96,7 @@ ENV_ROOTPATH	/sbin:/bin:/usr/sbin:/usr/b
  # The recommended value is "yes". The default "no" behavior could have
  # a security implication in applications that use commands without path.
  #
@@ -57,7 +57,7 @@ Index: etc/login.defs
  
  #
  # Terminal permissions
-@@ -99,7 +101,7 @@ ALWAYS_SET_PATH	no
+@@ -108,7 +110,7 @@ ALWAYS_SET_PATH	no
  # set TTYPERM to either 622 or 600.
  #
  TTYGROUP	tty
@@ -66,7 +66,7 @@ Index: etc/login.defs
  
  # Default initial "umask" value used by login(1) on non-PAM enabled systems.
  # Default "umask" value for pam_umask(8) on PAM enabled systems.
-@@ -132,8 +134,8 @@ PASS_WARN_AGE	7
+@@ -141,8 +143,8 @@ PASS_WARN_AGE	7
  UID_MIN			 1000
  UID_MAX			60000
  # System accounts
@@ -77,7 +77,7 @@ Index: etc/login.defs
  # Extra per user uids
  SUB_UID_MIN		   100000
  SUB_UID_MAX		600100000
-@@ -150,8 +152,8 @@ SUB_UID_COUNT		    65536
+@@ -159,8 +161,8 @@ SUB_UID_COUNT		    65536
  GID_MIN			 1000
  GID_MAX			60000
  # System accounts
@@ -88,7 +88,7 @@ Index: etc/login.defs
  # Extra per user group ids
  SUB_GID_MIN		   100000
  SUB_GID_MAX		600100000
-@@ -160,7 +162,7 @@ SUB_GID_COUNT		    65536
+@@ -169,7 +171,7 @@ SUB_GID_COUNT		    65536
  #
  # Max number of login(1) retries if password is bad
  #
@@ -97,7 +97,7 @@ Index: etc/login.defs
  
  #
  # Max time in seconds for login(1)
-@@ -176,18 +178,9 @@ LOGIN_TIMEOUT		60
+@@ -185,18 +187,9 @@ LOGIN_TIMEOUT		60
  CHFN_RESTRICT		rwh
  
  #
@@ -118,7 +118,7 @@ Index: etc/login.defs
  
  #
  # If set to MD5, MD5-based algorithm will be used for encrypting password
-@@ -201,8 +194,8 @@ CHFN_RESTRICT		rwh
+@@ -210,8 +203,8 @@ CHFN_RESTRICT		rwh
  # Note: If you use PAM, it is recommended to use a value consistent with
  # the PAM modules configuration.
  #
@@ -128,8 +128,8 @@ Index: etc/login.defs
 +ENCRYPT_METHOD_NIS DES
  
  #
- # Number of rounds for salt.
-@@ -271,7 +264,7 @@ USERDEL_POSTCMD         /usr/sbin/userde
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+@@ -272,7 +265,7 @@ USERDEL_POSTCMD         /usr/sbin/userde
  #
  # This also enables userdel(8) to remove user groups if no members exist.
  #
@@ -138,7 +138,7 @@ Index: etc/login.defs
  
  #
  # If set to a non-zero number, the shadow utilities will make sure that
-@@ -290,13 +283,13 @@ USERGROUPS_ENAB yes
+@@ -291,13 +284,13 @@ USERGROUPS_ENAB yes
  # This option is overridden with the -M or -m flags on the useradd(8)
  # command-line.
  #
diff --git a/shadow-usermod-variable.patch b/shadow-usermod-variable.patch
new file mode 100644
index 0000000..2ccf3a9
--- /dev/null
+++ b/shadow-usermod-variable.patch
@@ -0,0 +1,28 @@
+From fc0ed79e5d700b4a730235fe88e60951717edc6e Mon Sep 17 00:00:00 2001
+From: Stanislav Brabec <sbrabec@suse.cz>
+Date: Fri, 26 Jul 2019 21:39:42 +0200
+Subject: [PATCH] usermod.c: Fix invalid variable name
+
+Fix invalid LASTLOG_MAX_UID variable name to correct LASTLOG_UID_MAX.
+
+Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
+---
+ src/usermod.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/usermod.c b/src/usermod.c
+index c3718864..0ae50e34 100644
+--- a/src/usermod.c
++++ b/src/usermod.c
+@@ -1879,7 +1879,7 @@ static void update_lastlog (void)
+ 		return;
+ 	}
+ 
+-	max_uid = (uid_t) getdef_ulong ("LASTLOG_MAX_UID", 0xFFFFFFFFUL);
++	max_uid = (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL);
+ 	if (user_newid > max_uid) {
+ 		/* do not touch lastlog for large uids */
+ 		return;
+-- 
+2.22.0
+
diff --git a/shadow.changes b/shadow.changes
index e87c725..67f8157 100644
--- a/shadow.changes
+++ b/shadow.changes
@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Fri Jul 26 23:44:56 CEST 2019 - sbrabec@suse.com
+
+- Fix incorrect variable name in usermod
+  (shadow-usermod-variable.patch).
+- shadow-login_defs-comments.patch:
+  * Drop SHA_CRYPT_*_ROUNDS that are in the upstream login.defs.
+  * Add missing LASTLOG_UID_MAX.
+  * Refresh shadow-login_defs-suse.patch.
+- Port shadow-login_defs-check.sh to match the current spec file
+  and login.defs.
+
 -------------------------------------------------------------------
 Thu Jul 25 15:27:15 CEST 2019 - kukuk@suse.de
 
diff --git a/shadow.spec b/shadow.spec
index 42d4799..f3ca36e 100644
--- a/shadow.spec
+++ b/shadow.spec
@@ -59,6 +59,8 @@ Patch13:        shadow-login_defs-comments.patch
 Patch14:        shadow-login_defs-suse.patch
 # PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
 Patch20:        disable_new_audit_function.patch
+# PATCH-FIX-UPSTREAM shadow-usermod-variable.patch https://github.com/shadow-maint/shadow/pull/170 sbrabec@suse.com -- Fix variable name.
+Patch21:        shadow-usermod-variable.patch
 BuildRequires:  audit-devel > 2.3
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -105,6 +107,7 @@ group accounts.
 %if 0%{?suse_version} < 1330
 %patch20 -p1
 %endif
+%patch21 -p1
 
 iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
 mv -v doc/HOWTO.utf8 doc/HOWTO