- Update to 4.8:

* Initial optional bcrypt support. * Make build/install of 'su' optional. * Fix for vipw not resuming correctly when suspended * Sync password field descriptions in manpages * Check for valid shell argument in useradd * Allow translation of new strings through POTFILES.in * Migrate to itstool for translations * Migrate to new SELinux api * Support --enable-vendordir * pwck: Only check homedir if set and not a system user * Support nonstandard usernames * sget{pw,gr}ent: check for data at EOL * Add YYY-MM-DD support in chage * Fix failing chmod calls for suidubins * Fix --sbindir and --bindir for binary installations * Fix LASTLOG_UID_MAX in login.defs * Fix configure error with dash - Remove because upstreamed: * libeconf.patch * shadow-usermod-variable.patch - Rebase: * shadow-login_defs-unused-by-pam.patch * chkname-regex.patch * shadow-util-linux.patch * shadow-login_defs-comments.patch - Add shadow-4.8-selinux-include.patch See https://github.com/shadow-maint/shadow/pull/200 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=81
2019-12-17 12:44:46 +00:00 · 2019-12-17 12:44:46 +00:00 · 93639b1c76
commit 93639b1c76
parent 6511638aa9
11 changed files with 104 additions and 72 deletions
--- a/chkname-regex.patch
+++ b/chkname-regex.patch
@ -2,7 +2,7 @@ Index: etc/login.defs
 ===================================================================
 --- etc/login.defs.orig
 +++ etc/login.defs
-@@ -274,3 +274,11 @@ USERGROUPS_ENAB yes
+@@ -299,3 +299,11 @@ USERGROUPS_ENAB yes
 # missing.
 #
 #FORCE_SHADOW    yes
@ -18,7 +18,7 @@ Index: lib/getdef.c
 ===================================================================
 --- lib/getdef.c.orig
 +++ lib/getdef.c
-@@ -77,6 +77,7 @@ struct itemdef {
+@@ -80,6 +80,7 @@ struct itemdef {
 
 #define NUMDEFS	(sizeof(def_table)/sizeof(def_table[0]))
 static struct itemdef def_table[] = {
@ -30,7 +30,7 @@ Index: libmisc/chkname.c
 ===================================================================
 --- libmisc/chkname.c.orig
 +++ libmisc/chkname.c
-@@ -43,30 +43,57 @@
+@@ -43,8 +43,11 @@
 #ident "$Id$"
 
 #include <ctype.h>
@ -40,13 +40,15 @@ Index: libmisc/chkname.c
 +#include "getdef.h"
 +#include <stdio.h>
 
- static bool is_valid_name (const char *name)
- {
+ int allow_bad_names = false;
+ 
+@@ -54,24 +57,46 @@ static bool is_valid_name (const char *n
+ 		return true;
+ 	}
+ 
 -	/*
 -	 * User/group names must match [a-z_][a-z0-9_-]*[$]
 -	 */
-	if (('\0' == *name) ||
-	    !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
 +	const char *class;
 +	regex_t reg;
 +	int result;
@ -79,7 +81,9 @@ Index: libmisc/chkname.c
 +		   fprintf (stderr, _("Can't compile regular expression: %s\n"),
 +		   buffer);
 +		   } */
-+
+ 
+-	if (('\0' == *name) ||
+-	    !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
 +		regfree(&reg);
 		return false;
 	}
@ -98,7 +102,4 @@ Index: libmisc/chkname.c
 +		return false;
 	}
 
-+	regfree(&reg);
 	return true;
- }
- 
--- a/shadow-4.7.tar.xz
+++ b/shadow-4.7.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e5e196a4a7e3b228c812f3163d368be3e932e6eaa4e616677a148d9ec921e16c
-size 1624340
--- a/shadow-4.7.tar.xz.asc
+++ b/shadow-4.7.tar.xz.asc
@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAl0CfrYACgkQ6f7qBqhe
-P50xqQgAgmeu46zmQ7A+8nzcna8aaKQ5aftc9QVCQuPg94DvkXNuUjz384os1PBa
-9DM5ukiDiDWhkmoKDCro9d/JVfKg0v0W2Ee29JvaZRhpUFlk3xWZAM55Na22ywbv
-JYIF94wLfH0+AZQvjTpJmlJgeCK5K0L2LvAsPoEsHNuAKjpz7tFGJgqBKgK2+xAv
-csmBhPRShZypXH3tQ/jcMT8itPSRBGt4W55zuNUT2OKc5ioXxc1TJ5jn0YX8AsOQ
-5ZkBbGHL416QRonhiKfWsntB3RnmJQMcL8R72MpemKjVw+q+QYnnKIE/Fta7J0+N
-EkUBRYdbbiAsUNW3syN/Q2o+DF00aw==
-=dbPQ
-----END PGP SIGNATURE-----
--- a/shadow-4.8-selinux-include.patch
+++ b/shadow-4.8-selinux-include.patch
@ -0,0 +1,12 @@
+Index: shadow-4.8/lib/selinux.c
+===================================================================
+--- shadow-4.8.orig/lib/selinux.c
+++ shadow-4.8/lib/selinux.c
+@@ -31,6 +31,7 @@
+ 
+ #ifdef WITH_SELINUX
+ 
+#include <stdio.h>
+ #include "defines.h"
+ 
+ #include <selinux/selinux.h>
--- a/shadow-4.8.tar.xz
+++ b/shadow-4.8.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:64b46683b9c1f35b2cd2da9fa87a1383917666e85a56b35e081c7257d10dac64
+size 1609060
--- a/shadow-4.8.tar.xz.asc
+++ b/shadow-4.8.tar.xz.asc
@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAl3j/d0ACgkQ6f7qBqhe
+P5185Qf9E2/IuxNWXdL30l+rA9w5WAIiQ61UHf/Z4HXPaVQnSmjGruHeuCbEDhyF
+Lcqqmhfi84CdFSJe3F+0JrpgFQ1wfc+j/n1jPjrtpjtje7cuuwFTTVx8LDL+hULl
+ylQKneQdDfX1vZnmcD5Us8YifG+eiTOHsLnk+HpgRekMpr6mIzJm8SkyJiVp8kAO
+Rfp60+XlCW4Q0bExQ9Ig4ElEagQTODwQ6xPxM5pHvc/pEvJyH/2fq9BzSfDRMU8q
+h9pO3gDgXp0A7hmkBlQVPsG9vXCwNuvrAj4p7TTYqdn03uTTcknFqhoECuQjJ+BM
+z2WaKWY2NAn53AWzABsoaPW6t8Y+cg==
+=4/Ig
+-----END PGP SIGNATURE-----
--- a/shadow-login_defs-comments.patch
+++ b/shadow-login_defs-comments.patch
@ -13,7 +13,7 @@ Index: etc/login.defs
 
 #
 # Delay in seconds before being allowed another attempt after a login failure
-@@ -32,6 +30,15 @@ CONSOLE		/etc/securetty
+@@ -47,6 +45,15 @@ CONSOLE		/etc/securetty
 #CONSOLE	console:tty01:tty02:tty03:tty04
 
 #
@ -29,7 +29,7 @@ Index: etc/login.defs
 # If defined, all su(1) activity is logged to this file.
 #
 #SULOG_FILE	/var/log/sulog
-@@ -79,11 +86,14 @@ ENV_PATH	/bin:/usr/bin
+@@ -94,11 +101,14 @@ ENV_PATH	/bin:/usr/bin
 ENV_ROOTPATH	/sbin:/bin:/usr/sbin:/usr/bin
 #ENV_SUPATH	/sbin:/bin:/usr/sbin:/usr/bin
 
@ -46,7 +46,7 @@ Index: etc/login.defs
 ALWAYS_SET_PATH	no
 
 #
-@@ -123,6 +133,11 @@ PASS_WARN_AGE	7
+@@ -138,6 +148,11 @@ PASS_WARN_AGE	7
 #
 # Min/max values for automatic uid selection in useradd(8)
 #
@ -58,7 +58,7 @@ Index: etc/login.defs
 UID_MIN			 1000
 UID_MAX			60000
 # System accounts
-@@ -136,6 +151,11 @@ SUB_UID_COUNT		    65536
+@@ -151,6 +166,11 @@ SUB_UID_COUNT		    65536
 #
 # Min/max values for automatic gid selection in groupadd(8)
 #
@ -70,7 +70,7 @@ Index: etc/login.defs
 GID_MIN			 1000
 GID_MAX			60000
 # System accounts
-@@ -165,7 +185,6 @@ LOGIN_TIMEOUT		60
+@@ -180,7 +200,6 @@ LOGIN_TIMEOUT		60
 CHFN_RESTRICT		rwh
 
 #
@ -78,7 +78,7 @@ Index: etc/login.defs
 # If set to "yes", new passwords will be encrypted using the MD5-based
 # algorithm compatible with the one used by recent releases of FreeBSD.
 # It supports passwords of unlimited length and longer salt strings.
-@@ -180,7 +199,6 @@ CHFN_RESTRICT		rwh
+@@ -195,7 +214,6 @@ CHFN_RESTRICT		rwh
 #MD5_CRYPT_ENAB	no
 
 #
@ -86,14 +86,3 @@ Index: etc/login.defs
 # If set to MD5, MD5-based algorithm will be used for encrypting password
 # If set to SHA256, SHA256-based algorithm will be used for encrypting password
 # If set to SHA512, SHA512-based algorithm will be used for encrypting password
-@@ -208,8 +226,8 @@ CHFN_RESTRICT		rwh
- # If only one of the MIN or MAX values is set, then this value will be used.
- # If MIN > MAX, the highest value will be used.
- #
-# SHA_CRYPT_MIN_ROUNDS 5000
-# SHA_CRYPT_MAX_ROUNDS 5000
-+#SHA_CRYPT_MIN_ROUNDS 5000
-+#SHA_CRYPT_MAX_ROUNDS 5000
- 
- #
- # Should login be allowed if we can't cd to the home directory?
--- a/shadow-login_defs-unused-by-pam.patch
+++ b/shadow-login_defs-unused-by-pam.patch
@ -20,7 +20,7 @@ Index: etc/login.defs
 # Enable display of unknown usernames when login(1) failures are recorded.
 #
 LOG_UNKFAIL_ENAB	no
-@@ -27,34 +22,6 @@ LOG_UNKFAIL_ENAB	no
+@@ -27,11 +22,6 @@ LOG_UNKFAIL_ENAB	no
 LOG_OK_LOGINS		no
 
 #
@ -29,6 +29,13 @@ Index: etc/login.defs
 -LASTLOG_ENAB		yes
 -
 -#
+ # Limit the highest user ID number for which the lastlog entries should
+ # be updated.
+ #
+@@ -41,29 +31,6 @@ LASTLOG_ENAB		yes
+ #LASTLOG_UID_MAX
+ 
+ #
 -# Enable checking and display of mailbox status upon login.
 -#
 -# Disable if the shell startup files already check for mail
@ -55,7 +62,7 @@ Index: etc/login.defs
 # Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
 # SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
 #
-@@ -82,46 +49,12 @@ MOTD_FILE	/etc/motd
+@@ -91,46 +58,12 @@ MOTD_FILE	/etc/motd
 #MOTD_FILE	/etc/motd:/usr/lib/news/news-motd
 
 #
@ -102,7 +109,7 @@ Index: etc/login.defs
 # If defined, file which inhibits all the usual chatter during the login
 # sequence.  If a full pathname, then hushed mode will be enabled if the
 # user's name or shell are found in the file.  If not a full pathname, then
-@@ -131,21 +64,6 @@ HUSHLOGIN_FILE	.hushlogin
+@@ -140,21 +73,6 @@ HUSHLOGIN_FILE	.hushlogin
 #HUSHLOGIN_FILE	/etc/hushlogins
 
 #
@ -124,7 +131,7 @@ Index: etc/login.defs
 # *REQUIRED*  The default PATH settings, for superuser and normal users.
 #
 # (they are minimal, add the rest in the shell startup files)
-@@ -171,17 +89,13 @@ TTYPERM		0600
+@@ -180,17 +98,13 @@ TTYPERM		0600
 #
 #	ERASECHAR	Terminal ERASE character ('\010' = backspace).
 #	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
@ -142,7 +149,7 @@ Index: etc/login.defs
 
 # Default initial "umask" value used by login(1) on non-PAM enabled systems.
 # Default "umask" value for pam_umask(8) on PAM enabled systems.
-@@ -197,28 +111,13 @@ UMASK		022
+@@ -206,28 +120,13 @@ UMASK		022
 #
 #	PASS_MAX_DAYS	Maximum number of days a password may be used.
 #	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
@ -171,7 +178,7 @@ Index: etc/login.defs
 # Min/max values for automatic uid selection in useradd(8)
 #
 UID_MIN			 1000
-@@ -255,28 +154,6 @@ LOGIN_RETRIES		5
+@@ -264,28 +163,6 @@ LOGIN_RETRIES		5
 LOGIN_TIMEOUT		60
 
 #
@ -200,7 +207,7 @@ Index: etc/login.defs
 # Which fields may be changed by regular users using chfn(1) - use
 # any combination of letters "frwh" (full name, room number, work
 # phone, home phone).  If not defined, no changes are allowed.
-@@ -285,13 +162,6 @@ CHFN_AUTH		yes
+@@ -294,13 +171,6 @@ CHFN_AUTH		yes
 CHFN_RESTRICT		rwh
 
 #
@ -214,8 +221,8 @@ Index: etc/login.defs
 # Only works if compiled with MD5_CRYPT defined:
 # If set to "yes", new passwords will be encrypted using the MD5-based
 # algorithm compatible with the one used by recent releases of FreeBSD.
-@@ -336,29 +206,12 @@ CHFN_RESTRICT		rwh
- # SHA_CRYPT_MAX_ROUNDS 5000
+@@ -361,29 +231,12 @@ CHFN_RESTRICT		rwh
+ #BCRYPT_MAX_ROUNDS 13
 
 #
 -# List of groups to add to the user's supplementary group set
--- a/shadow-util-linux.patch
+++ b/shadow-util-linux.patch
@ -16,7 +16,7 @@ Index: etc/login.defs
 #
 #	$Id$
 #
-@@ -17,15 +19,8 @@ FAIL_DELAY		3
+@@ -17,9 +19,8 @@ FAIL_DELAY		3
 LOG_UNKFAIL_ENAB	no
 
 #
@ -24,16 +24,10 @@ Index: etc/login.defs
 +# Enable "syslog" logging of  newgrp(1) and sg(1) activity.
 #
 -LOG_OK_LOGINS		no
-
-#
-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
-#
-SYSLOG_SU_ENAB		yes
- SYSLOG_SG_ENAB		yes
 
 #
-@@ -63,12 +58,33 @@ MOTD_FILE	/etc/motd
+ # Limit the highest user ID number for which the lastlog entries should
+@@ -72,12 +73,33 @@ MOTD_FILE	/etc/motd
 HUSHLOGIN_FILE	.hushlogin
 #HUSHLOGIN_FILE	/etc/hushlogins
 
@ -69,7 +63,7 @@ Index: etc/login.defs
 
 #
 # Terminal permissions
-@@ -84,19 +100,6 @@ ENV_PATH	PATH=/bin:/usr/bin
+@@ -93,19 +115,6 @@ ENV_PATH	PATH=/bin:/usr/bin
 TTYGROUP	tty
 TTYPERM		0600
 
@ -93,7 +87,7 @@ Index: lib/getdef.c
 ===================================================================
 --- lib/getdef.c.orig
 +++ lib/getdef.c
-@@ -77,6 +77,7 @@ struct itemdef {
+@@ -80,6 +80,7 @@ struct itemdef {
 
 #define NUMDEFS	(sizeof(def_table)/sizeof(def_table[0]))
 static struct itemdef def_table[] = {
@ -101,7 +95,7 @@ Index: lib/getdef.c
 	{"CHARACTER_CLASS", NULL},
 	{"CHFN_RESTRICT", NULL},
 	{"CONSOLE_GROUPS", NULL},
-@@ -85,6 +86,7 @@ static struct itemdef def_table[] = {
+@@ -88,6 +89,7 @@ static struct itemdef def_table[] = {
 	{"DEFAULT_HOME", NULL},
 	{"ENCRYPT_METHOD", NULL},
 	{"ENV_PATH", NULL},
@ -109,7 +103,7 @@ Index: lib/getdef.c
 	{"ENV_SUPATH", NULL},
 	{"ERASECHAR", NULL},
 	{"FAIL_DELAY", NULL},
-@@ -95,6 +97,7 @@ static struct itemdef def_table[] = {
+@@ -98,6 +100,7 @@ static struct itemdef def_table[] = {
 	{"KILLCHAR", NULL},
 	{"LASTLOG_UID_MAX", NULL},
 	{"LOGIN_RETRIES", NULL},
--- a/shadow.changes
+++ b/shadow.changes
@ -1,3 +1,35 @@
+-------------------------------------------------------------------
+Tue Dec 17 12:43:01 UTC 2019 - Michael Vetter <mvetter@suse.com>
+
+- Update to 4.8:
+  * Initial optional bcrypt support.
+  * Make build/install of 'su' optional.
+  * Fix for vipw not resuming correctly when suspended
+  * Sync password field descriptions in manpages
+  * Check for valid shell argument in useradd
+  * Allow translation of new strings through POTFILES.in
+  * Migrate to itstool for translations
+  * Migrate to new SELinux api
+  * Support --enable-vendordir
+  * pwck: Only check homedir if set and not a system user
+  * Support nonstandard usernames
+  * sget{pw,gr}ent: check for data at EOL
+  * Add YYY-MM-DD support in chage
+  * Fix failing chmod calls for suidubins
+  * Fix --sbindir and --bindir for binary installations
+  * Fix LASTLOG_UID_MAX in login.defs
+  * Fix configure error with dash
+- Remove because upstreamed:
+  * libeconf.patch
+  * shadow-usermod-variable.patch
+- Rebase:
+  * shadow-login_defs-unused-by-pam.patch
+  * chkname-regex.patch
+  * shadow-util-linux.patch
+  * shadow-login_defs-comments.patch
+- Add shadow-4.8-selinux-include.patch
+  See https://github.com/shadow-maint/shadow/pull/200
+
 -------------------------------------------------------------------
 Mon Oct  7 09:50:30 CEST 2019 - kukuk@suse.de

--- a/shadow.spec
+++ b/shadow.spec
@ -12,7 +12,7 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #


@ -23,7 +23,7 @@
 %endif

 Name:           shadow
-Version:        4.7
+Version:        4.8
 Release:        0
 Summary:        Utilities to Manage User and Group Accounts
 License:        BSD-3-Clause AND GPL-2.0-or-later
@ -61,12 +61,10 @@ Patch7:         shadow-4.1.5.1-logmsg.patch
 Patch13:        shadow-login_defs-comments.patch
 # PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs.
 Patch14:        shadow-login_defs-suse.patch
+# PATCH-FIX-UPSTREAM shadow-4.8-selinux-include.patch mvetter@suse.com -- https://github.com/shadow-maint/shadow/pull/200
+Patch15:        shadow-4.8-selinux-include.patch
 # PATCH-FIX-SUSE disable_new_audit_function.patch adam.majer@suse.de -- Disable newer libaudit functionality for older distributions.
 Patch20:        disable_new_audit_function.patch
-# PATCH-FIX-UPSTREAM shadow-usermod-variable.patch https://github.com/shadow-maint/shadow/pull/170 sbrabec@suse.com -- Fix variable name.
-Patch21:        shadow-usermod-variable.patch
-# PATCH-FEATURE-UPSTREAM libeconf.patch https://github.com/shadow-maint/shadow/pull/180 kukuk@suse.com -- Add support for a vendor directory and libeconf
-Patch22:        libeconf.patch
 BuildRequires:  audit-devel > 2.3
 BuildRequires:  autoconf
 BuildRequires:  automake
@ -110,11 +108,10 @@ group accounts.
 %patch7
 %patch13
 %patch14
+%patch15 -p1
 %if 0%{?suse_version} < 1330
 %patch20 -p1
 %endif
-%patch21 -p1
-%patch22 -p1

 iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
 mv -v doc/HOWTO.utf8 doc/HOWTO