Accepting request 1248228 from Base:System

- Update to 4.17.3:
  * chsh: do not warn about blank shell
  * lib/: Use strisdigit() instead of its pattern
  * lib/string/ctype/strisascii/: strisdigit(): Add function
  * lib/string/: Add comments expanding the letter-soup API names
  * lib/basename.c: Basename(): Use stprcspn() instead of its pattern
  * lib/string/strspn/, lib/, src/: stprspn(), strrspn_(): Split API into function and macro
  * lib/string/strspn/, lib/, src/: Move *spn() APIs to separate subdir
  * lib/string/strchr/: strrcspn(), stprcspn(): Add function and macro
  * src/useradd.c: Use !strcaseeq() instead of its pattern
  * lib/, src/: Use strcaseeq() instead of its pattern
  * lib/string/strcmp/: strcaseeq(): Add function
  * man/useradd.8.xml: Document new exit code 19 (E_BAD_NAME)
  * src/useradd.c: E_BAD_NAME: Use a different error code for bad login names
  * src/useradd.c: create_home(): Use !streq() instead of its pattern
  * lib/chkname.c: is_valid_name(): Use streq() instead of its pattern
  * configure.ac, lib/: Use __has_include(<gshadow.h>) instead of HAVE_GSHADOW_H
  * configure.ac: Remove unused AC_CHECK_HEADERS() checks
  * configure.ac, lib/: Use __has_include(<sys/capability.h>) instead of HAVE_SYS_CAPABILITY_H
  * lib/idmapping.c: Unconditionally include <sys/prctl.h>
  * lib/: Use __has_include(<security/openpam.h>) instead of HAVE_SECURITY_OPENPAM_H
  * lib/: Use __has_include(<security/pam_misc.h>) instead of HAVE_SECURITY_PAM_MISC_H
  * configure.ac, lib/: Use __has_include(<sys/random.h>) instead of HAVE_SYS_RANDOM_H
  * configure.ac, lib/: Use __has_include(<crypt.h>) instead of HAVE_CRYPT_H
  * lib/, src/: motd(): Report errors instead of exiting from library code
  * lib/motd.c: motd(): Invert logic to reduce indentation
  * lib/, src/, doc/: Remove pw_auth()'s $3 as dead code
  * lib/pwauth.*: PW_{ADD,CHANGE,DELETE,FTP,REXEC}: Remove dead code
  * lib/, src/, doc/: Remove dead code
  * src/vipw.c: Restore the original terminal pgrp after editing

OBS-URL: https://build.opensuse.org/request/show/1248228
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=75

shadow-4.16.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b78e3921a95d53282a38e90628880624736bf6235e36eea50c50835f59a3530b
-size 2204832

shadow-4.16.0.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEflbiwT+nfOMVWa3JfcJMNsM0HSAFAmZyBfQACgkQfcJMNsM0
-HSA4PxAA57RSvccAbXTTmp2sHMZVPbzizydThuGgqY/4F9egRvywUUlNy0vz/QAA
-e0u8ja+paKhLjXg4HvA/Ejy+gtAE5NuvNCr/ihL8Xii6s/GH6OaW8EDcL0509j7L
-PchWYkHYSqwdqdjLoy6NroaaEEllAzVEeNp2UzN9F7jllteF8gDjqY2j8SLqrkmm
-Xb15kzk6mbqk5BxAOoZmgoRRDw+YRCBA2EzN0ztwR0h1rjwoCjebQk3E/qV+fM1t
-pKKYVTnLRmb9E2tvPR1Oibzercisi/+6Z7br+Xh1Gz/mfZ++4CiOQrJndUTBj9zU
-v7GEHMEdV8qz/Qzvh1eyxA7KX5zZqbXT3I/+kRvX01CJtI64MVdEOOqSeup794fr
-QlaptfoAfe+ZS6exe1SwY2tZkoX4qXeeUNQXRBo8GJlG9auMA46U2CjtRGgyK6BK
-cf/YkzUr9aTWExL3d2tZJzvEX80AHSR+MF2kW8UzIQI8hch1Pncp8an6NfLFbmsl
-nyz5+GqrSuc1gNe7wnz5Lkxk3q4epmvdPcyrb16XDr42k3dP0IWZE50c8Caf05Nq
-9zJC+It75nX7PFbGcZnNgE6sjsc6MB28O2wUb4Z51IU+s8hzthk2P4v0gq30TgrZ
-vKTXxIYwp+yLii1sSTWUdE8a6vNK93cQki5uuB3R6VeNVBMZJA0=
-=bB1D
------END PGP SIGNATURE-----

shadow-4.17.3.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:09e896c7b01c97ba4be2d6be332c55a3e478b4893cd3c3466d8224e622bd4943
+size 2327984

shadow-4.17.3.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEqb0/8XByttt4D8+UNXDaFycKziQFAme8gVkACgkQNXDaFycK
+ziRkVwf6Ahy0Da0tlS1sUFes+5I9Vx0VVbjTZVMF7rTmhIDPE+3iCDSeXzeD2I+O
+zOdZFfsQndWLowIcaRap6qmvq0HltH5+eQYKAuRulYS914DCoXJ4R14+e+SCVmMs
+Zy/yRTu45vIp6PkM2tcGS/QCFpu883L3LrAJIHoq+uoccLC6NqfI68Hhxm5RhQHZ
+NwdGEDTJrfaR+f8G57oFjCWkIfCh1hFKJPFzwIOWWLjwUG3Glp4LYCSmq9BYacOq
+JMjCgLeJUwGZ/Kj1xttO19LO6+imUgL01Tz73rNcQSEg98JiPF9pa467BcXf8Yd5
+I2aRTr9TncOHyd9SO8cToeeGwoPI9A==
+=/pR6
+-----END PGP SIGNATURE-----

shadow-login_defs-suse.patch

@@ -82,7 +82,7 @@ Index: etc/login.defs
  # System accounts
 -SYS_UID_MIN		  101
 -SYS_UID_MAX		  999
-+SYS_UID_MIN		  100
++SYS_UID_MIN		  201
 +SYS_UID_MAX		  499
  # Extra per user uids
  SUB_UID_MIN		   100000
@@ -93,7 +93,7 @@ Index: etc/login.defs
  # System accounts
 -SYS_GID_MIN		  101
 -SYS_GID_MAX		  999
-+SYS_GID_MIN		  100
++SYS_GID_MIN		  201
 +SYS_GID_MAX		  499
  # Extra per user group ids
  SUB_GID_MIN		   100000

shadow.changes

@@ -1,3 +1,153 @@
+-------------------------------------------------------------------
+Mon Feb 24 15:52:45 UTC 2025 - Michael Vetter <mvetter@suse.com>
+
+- Update to 4.17.3:
+  * chsh: do not warn about blank shell
+  * lib/: Use strisdigit() instead of its pattern
+  * lib/string/ctype/strisascii/: strisdigit(): Add function
+  * lib/string/: Add comments expanding the letter-soup API names
+  * lib/basename.c: Basename(): Use stprcspn() instead of its pattern
+  * lib/string/strspn/, lib/, src/: stprspn(), strrspn_(): Split API into function and macro
+  * lib/string/strspn/, lib/, src/: Move *spn() APIs to separate subdir
+  * lib/string/strchr/: strrcspn(), stprcspn(): Add function and macro
+  * src/useradd.c: Use !strcaseeq() instead of its pattern
+  * lib/, src/: Use strcaseeq() instead of its pattern
+  * lib/string/strcmp/: strcaseeq(): Add function
+  * man/useradd.8.xml: Document new exit code 19 (E_BAD_NAME)
+  * src/useradd.c: E_BAD_NAME: Use a different error code for bad login names
+  * src/useradd.c: create_home(): Use !streq() instead of its pattern
+  * lib/chkname.c: is_valid_name(): Use streq() instead of its pattern
+  * configure.ac, lib/: Use __has_include(<gshadow.h>) instead of HAVE_GSHADOW_H
+  * configure.ac: Remove unused AC_CHECK_HEADERS() checks
+  * configure.ac, lib/: Use __has_include(<sys/capability.h>) instead of HAVE_SYS_CAPABILITY_H
+  * lib/idmapping.c: Unconditionally include <sys/prctl.h>
+  * lib/: Use __has_include(<security/openpam.h>) instead of HAVE_SECURITY_OPENPAM_H
+  * lib/: Use __has_include(<security/pam_misc.h>) instead of HAVE_SECURITY_PAM_MISC_H
+  * configure.ac, lib/: Use __has_include(<sys/random.h>) instead of HAVE_SYS_RANDOM_H
+  * configure.ac, lib/: Use __has_include(<crypt.h>) instead of HAVE_CRYPT_H
+  * lib/, src/: motd(): Report errors instead of exiting from library code
+  * lib/motd.c: motd(): Invert logic to reduce indentation
+  * lib/, src/, doc/: Remove pw_auth()'s $3 as dead code
+  * lib/pwauth.*: PW_{ADD,CHANGE,DELETE,FTP,REXEC}: Remove dead code
+  * lib/, src/, doc/: Remove dead code
+  * src/vipw.c: Restore the original terminal pgrp after editing
+  * lib/, src/: Use agetgroups() instead of its pattern
+  * lib/shadow/grp/: agetgroups(): Add function
+  * configure.ac, lib/, src/: Use gid_t instead of GETGROUPS_T
+  * lib/adds.h: addslN(): Use QSORT() instead of its pattern
+  * lib/search/sort/: QSORT(): Add macro
+  * lib/addgrps.c: add_groups(): Remove arbitrary limit
+  * lib/, src/: Rename variables
+  * lib/addgrps.c: add_groups(): Reallocate at once
+  * lib/string/strchr/: strchrscnt(): Add function
+  * lib/addgrps.c: add_groups(): Split variable to avoid sign-mismatch diagnostics
+  * lib/, src/: Use LSEARCH() instead of its pattern
+  * lib/search/l/: LSEARCH(): Add macro
+  * lib/, src/: Replace redundant checks by actual error handling
+  * lib/, src/: Unconditionally call setgroups(2)
+  * lib/addgrps.c: add_groups(): Simplify redundant code with a goto
+  * lib/addgrps.c: add_groups(): Allocate earlier
+  * lib/addgrps.c: add_groups(): Remove useless cast
+  * lib/, src/: Use LFIND() instead of open-coded search loops
+  * lib/search/l/: LFIND(): Add macro
+  * lib/search/cmp/, lib/, tests/: CMP(), cmp_*(): Add macro and functions
+  * lib/, src/: Simplify allocation of buffer
+  * lib/, src/: Un-spageticize code
+  * lib/, src/: Reduce scope of variables
+  * lib/gshadow_.h: Fix compatibility with libc's struct sgrp
+  * configure.ac, lib/gshadow.c: Presume working shadow group support in libc
+  * lib/: Include <gshadow.h> if it's available
+  * configure.ac, lib/: Assume initgroups(3) exists
+  * configure.ac, lib/, src/: Assume setgroups(2) exists
+  * lib/, src/: Turn error counters into flags
+  * src/gpasswd: Use correct preprocessor definition
+  * src/gpasswd: Clear password in more cases
+  * lib/encrypt.c: Do not exit in error case
+  * man/useradd.8.xml: wfix
+  * src/login_nopam.c: list_match(): Use iteration instead of recursion
+  * src/login_nopam.c: list_match(): Remove local variable
+  * src/login_nopam.c: list_match(): Move code around
+  * src/login_nopam.c: list_match(): '(match)' is always true here
+  * src/login_nopam.c: list_match(): Add superfluous else
+  * src/login_nopam.c: list_match(): Refactor conditional
+  * man/passwd.1.xml: -P disables PAM support
+  * chage: Drop PAM support
+  * src/newusers.c: Turn nusers into size_t
+  * src/: Make line number overflows less likely
+  * man/: Install suauth.5 only if feature exists
+  * add and use a login.defs.test with CREATE_HOME set
+  * Revert "etc/login.defs: enable CREATE_HOME"
+  * etc/login.defs: enable CREATE_HOME
+  * Tests: implement system test framework
+
+-------------------------------------------------------------------
+Mon Jan 20 10:20:31 UTC 2025 - Michael Vetter <mvetter@suse.com>
+
+- bsc#1235453: Set SYS_{UID,GID}_MIN to 201:
+  After repeated similar requests to change the ID ranges we set the
+  above mentioned value to 201. The max value will stay at 499.
+  This range should be sufficient and will give us leeway for the
+  future.
+  It's not straightforward to find out which static UIDs/GIDs are
+  used in all packages.
+  Update shadow-login_defs-suse.patch
+
+-------------------------------------------------------------------
+Sat Jan 11 16:37:07 UTC 2025 - Michael Vetter <mvetter@suse.com>
+
+- Update to 4.17.2:
+  * src/login_nopam.c: Fix compiler warnings #1170
+  * lib/chkname.c: Put limits for LOGIN_NAME_MAX and sysconf(_SC_LOGIN_NAME_MAX) #1169
+  * Use HTTPS in link to Wikipedia article on password strength #1164
+  * lib/attr.h: use C23 attributes only with gcc >= 10 #1172
+  * login: Fix no-pam authorization regression #1174
+  * man: Add Portuguese translation #1178
+  * Update French translation #1177
+  * Add cheap defense mechanisms #1171
+  * Add Romanian translation #1176
+
+-------------------------------------------------------------------
+Tue Dec 31 19:41:57 UTC 2024 - Michael Vetter <mvetter@suse.com>
+
+- Update to 4.17.1:
+  * Fix `su -` regression #1163
+
+-------------------------------------------------------------------
+Fri Dec 27 16:06:45 UTC 2024 - Michael Vetter <mvetter@suse.com>
+
+- Update to 4.17.0:
+  * Fix the lower part of the domain of csrand_uniform()
+  * Fix use of volatile pointer
+  * Use 'dist-hook' to clean up <tests/unit/Makefile>
+  * Use str2[u]l() instead of atoi(3)
+  * Use a2i() in various places
+  * Fix const correctness
+  * Use uid_t for holding UIDs (and GIDs)
+  * Move all sprintf(3)-like APIs to a subdirectory
+  * Move all copying APIs to a subdirectory
+  * Fix forever loop on ENOMEM
+  * Fix REALLOC() nmemb calculation
+  * Remove id(1)
+  * Remove groups(1)
+  * Use local time for human-readable dates
+  * Use %F instead of %Y-%m-%d with strftime(3)
+  * is_valid{user,group}_name(): Set errno to distinguish the reasons
+  * Recommend --badname only if it is useful
+  * Add fmkomstemp() to fix mode of </etc/default/useradd>
+  * Fix use-after-free bug in sgetgrent()
+  * Update Catalan translation
+  * Remove references to cppw, cpgr
+  * groupadd, groupmod: Update gshadow file with -U
+  * Added option -a for listing active users only, optimized using if aflg,return
+  * Added information in lastlog man page for new option '-a'
+  * Plenty of code cleanup and clarifications
+
+-------------------------------------------------------------------
+Fri Dec  6 08:56:10 UTC 2024 - Michael Vetter <mvetter@suse.com>
+
+- Update to 4.17.0 RC1:
+  Pre-release without changelog
+
 -------------------------------------------------------------------
 Mon Jul  8 11:13:17 UTC 2024 - Samuel Cabrero <scabrero@suse.de>
 

shadow.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package shadow
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +22,7 @@
   %define no_config 1
 %endif
 Name:           shadow
-Version:        4.16.0
+Version:        4.17.3
 Release:        0
 Summary:        Utilities to Manage User and Group Accounts
 License:        BSD-3-Clause AND GPL-2.0-or-later
@@ -158,11 +158,6 @@ install -Dm644 %{SOURCE5} %{buildroot}%{_unitdir}/shadow.timer
 touch %{buildroot}/%{_sysconfdir}/subuid
 touch %{buildroot}/%{_sysconfdir}/subgid
 
-# Remove binaries we don't use.
-rm %{buildroot}/%{_bindir}/groups
-rm %{buildroot}/%{_mandir}/man1/groups.*
-rm %{buildroot}/%{_mandir}/*/man1/groups.*
-
 rm %{buildroot}/%{_sbindir}/grpconv
 rm %{buildroot}/%{_mandir}/man8/grpconv.*
 rm %{buildroot}/%{_mandir}/*/man8/grpconv.*
@@ -183,8 +178,6 @@ rm %{buildroot}%{_sysconfdir}/pam.d/login
 rm %{buildroot}/%{_bindir}/su
 rm %{buildroot}/%{_mandir}/man1/su.*
 rm %{buildroot}/%{_mandir}/*/man1/su.*
-rm %{buildroot}/%{_mandir}/man5/suauth.*
-rm %{buildroot}/%{_mandir}/*/man5/suauth.*
 rm %{buildroot}%{_sysconfdir}/pam.d/su
 
 rm %{buildroot}/%{_bindir}/faillog
@@ -229,7 +222,7 @@ mkdir -p %{buildroot}%{_sysconfdir}/login.defs.d
 
 %pre
 %service_add_pre shadow.service shadow.timer
-for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
+for i in pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
   test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
 done
 
@@ -269,7 +262,7 @@ test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpm
 %posttrans
 %if %{defined no_config}
 # Migration to /usr/etc
-for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
+for i in pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
   test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
 done
 %endif
@@ -289,7 +282,6 @@ test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpm
 %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subuid
 %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subgid
 %if %{defined no_config}
-%{_pam_vendordir}/chage
 %{_pam_vendordir}/chfn
 %{_pam_vendordir}/chsh
 %{_pam_vendordir}/passwd
@@ -302,7 +294,6 @@ test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpm
 %{_pam_vendordir}/userdel
 %{_pam_vendordir}/usermod
 %else
-%config %{_sysconfdir}/pam.d/chage
 %config %{_sysconfdir}/pam.d/chfn
 %config %{_sysconfdir}/pam.d/chsh
 %config %{_sysconfdir}/pam.d/passwd