Accepting request 1288422 from Base:System

- Update to 4.18.0:
  * CI: purge man-db #1241
  * passwd: document exit code when PAM has errored #1244
  * Man patches #1175
  * Quick fix: define E_PAM_ERR in lib/pam_pass.c #1245
  * Accept /usr/sbin/nologin as an alternate to /sbin/nologin #1246
  * Add LOGIN_ENV_SAFELIST to FOREIGNDEFS #1248
  * ci: add gawk as a fedora dependency #1252
  * man/useradd.8.xml: fix the CREATE_HOME description #1251
  * lib/getdate.y: Restrict the date formats that we support #1238
  * newuidmap: better error logging on failure #1254
  * Extend basic test cases to check shadow and gshadow entries #1237
  * lib/sizeof.h: Make sure STRLEN() only accepts string literals #1260
  * Add strprefix(), and use it instead of its pattern #1152
  * src/: Simplify, using strpbrk(3) #1167
  * lib/string/strdup/: STRNDUPA(): Reimplement in terms of strndupa(3) #1189
  * Remove dead beef #1230
  * lib/atoi/a2i/: Simplify these macros #1137
  * strtolower(): Add API, and use it instead of its pattern #1211
  * lib/: sget*ent(): Simplify #1146
  * fields #1150
  * yacc(1) is a dead language; bury it deep in the ground #1217
  * Test expiration date #1233
  * [scp] Add strcaseprefix(), and use it instead of its pattern #1262
  * valid_field(): Improve readability #1208
  * lib/, src/, tests/: Use the standard countof() instead of our NITEMS() #1259
  * lib/fs/mkstemp/, src/: Move fmkomstemp() to separate files under
    lib/fs/mkstemp/, and split into mkomstemp() #1139
  * [x][v]aprintf(): Add APIs, and use them instead of [x][v]asprintf(3) #1168
  * lib/get_pid.c: pid_t is a signed integer #1264

OBS-URL: https://build.opensuse.org/request/show/1288422
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=78

shadow-4.16.0.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:b78e3921a95d53282a38e90628880624736bf6235e36eea50c50835f59a3530b
-size 2204832

shadow-4.16.0.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEflbiwT+nfOMVWa3JfcJMNsM0HSAFAmZyBfQACgkQfcJMNsM0
-HSA4PxAA57RSvccAbXTTmp2sHMZVPbzizydThuGgqY/4F9egRvywUUlNy0vz/QAA
-e0u8ja+paKhLjXg4HvA/Ejy+gtAE5NuvNCr/ihL8Xii6s/GH6OaW8EDcL0509j7L
-PchWYkHYSqwdqdjLoy6NroaaEEllAzVEeNp2UzN9F7jllteF8gDjqY2j8SLqrkmm
-Xb15kzk6mbqk5BxAOoZmgoRRDw+YRCBA2EzN0ztwR0h1rjwoCjebQk3E/qV+fM1t
-pKKYVTnLRmb9E2tvPR1Oibzercisi/+6Z7br+Xh1Gz/mfZ++4CiOQrJndUTBj9zU
-v7GEHMEdV8qz/Qzvh1eyxA7KX5zZqbXT3I/+kRvX01CJtI64MVdEOOqSeup794fr
-QlaptfoAfe+ZS6exe1SwY2tZkoX4qXeeUNQXRBo8GJlG9auMA46U2CjtRGgyK6BK
-cf/YkzUr9aTWExL3d2tZJzvEX80AHSR+MF2kW8UzIQI8hch1Pncp8an6NfLFbmsl
-nyz5+GqrSuc1gNe7wnz5Lkxk3q4epmvdPcyrb16XDr42k3dP0IWZE50c8Caf05Nq
-9zJC+It75nX7PFbGcZnNgE6sjsc6MB28O2wUb4Z51IU+s8hzthk2P4v0gq30TgrZ
-vKTXxIYwp+yLii1sSTWUdE8a6vNK93cQki5uuB3R6VeNVBMZJA0=
-=bB1D
------END PGP SIGNATURE-----

shadow-4.18.0.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:add4604d3bc410344433122a819ee4154b79dd8316a56298c60417e637c07608
+size 2347912

shadow-4.18.0.tar.xz.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEqb0/8XByttt4D8+UNXDaFycKziQFAmhbDFQACgkQNXDaFycK
+ziQBNQgAzFSwyCM6MpR9au15EeF3dw0auq6iI9ibL2ZLfZQII+tT0Mzv+LY5ioLR
+qf4DVDqCyZWz3FMfmM93aXtKg+Vb8ukkhmhIFmWZjJDb2yZIh4bQOo+rVlQa+GBk
+kCMftuNPE/58AhH030nt917EXE6Yz4JkyX0UDcJkqWKdTPWfl9OjHQfiFXuGHlsr
+HJT4OVZSkAOKtZtKvjqD00dEvSsQ0GpeCTLgtQ2RgWS1Sfwvmrsc2nIHQXhkWmKx
+sTfhiHGL10v9rDHgtK3KccdfkqtSdPqDDO6T0DQVg0gwqawB7b0WhixVqrGxGAfh
+aOVD1Sy9qcQlSBT8kJIuXyAotTB75w==
+=FJBB
+-----END PGP SIGNATURE-----

shadow-login_defs-check.sh

@@ -33,14 +33,18 @@ if ! test -f openSUSE:Factory/util-linux/BUILD/*/configure.ac ; then
 		osc co openSUSE:Factory util-linux
 	fi
 	cd openSUSE:Factory/util-linux
+# BEGIN HACK
+# quilt does not understand our util-linux.spec.
+	sed -i s/@BUILD_FLAVOR@// util-linux.spec
+# END HACK
 	quilt setup -d BUILD util-linux.spec
-	cd BUILD/*
+	cd $(ls -1d BUILD/* | sed /SPECPARTS/d)
 	quilt push -a
 	cd ../../../..
 fi
 
 echo "Extracting variables from util-linux..."
-cd openSUSE:Factory/util-linux/BUILD/*
+cd $(ls -1d openSUSE:Factory/util-linux/BUILD/* | sed /SPECPARTS/d)
 (
 	grep -rh getlogindefs . |
 		sed -n 's/^.*getlogindefs[a-z_]*("\([A-Z0-9_]*\)".*$/\1/p'
@@ -68,13 +72,13 @@ if ! test -f openSUSE:Factory/pam/BUILD/*/configure.ac ; then
 	fi
 	cd openSUSE:Factory/pam
 	quilt setup -d BUILD pam.spec
-	cd BUILD/*
+	cd $(ls -1d BUILD/* | sed /SPECPARTS/d)
 	quilt push -a
 	cd ../../../..
 fi
 
 echo "Extracting variables from pam..."
-cd openSUSE:Factory/pam/BUILD/*
+cd $(ls -1d openSUSE:Factory/pam/BUILD/* | sed /SPECPARTS/d)
 grep -rh LOGIN_DEFS . |
 	sed -n 's/CRYPTO_KEY/\"HMAC_CRYPTO_ALGO\"/g;s/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' |
 	LC_ALL=C sort -u >../../../../shadow-login_defs-check-pam.lst

shadow-login_defs-suse.patch

@@ -82,7 +82,7 @@ Index: etc/login.defs
  # System accounts
 -SYS_UID_MIN		  101
 -SYS_UID_MAX		  999
-+SYS_UID_MIN		  100
++SYS_UID_MIN		  201
 +SYS_UID_MAX		  499
  # Extra per user uids
  SUB_UID_MIN		   100000
@@ -93,7 +93,7 @@ Index: etc/login.defs
  # System accounts
 -SYS_GID_MIN		  101
 -SYS_GID_MAX		  999
-+SYS_GID_MIN		  100
++SYS_GID_MIN		  201
 +SYS_GID_MAX		  499
  # Extra per user group ids
  SUB_GID_MIN		   100000

shadow-util-linux.patch

@@ -122,7 +122,7 @@ Index: etc/login.defs
  # Max time in seconds for login(1)
  #
  LOGIN_TIMEOUT		60
-@@ -315,14 +335,6 @@ CHARACTER_CLASS         [ABCDEFGHIJKLMNO
+@@ -285,14 +305,6 @@ USERGROUPS_ENAB yes
  #GRANT_AUX_GROUP_SUBIDS yes
  
  #
@@ -137,3 +137,14 @@ Index: etc/login.defs
  # Select the HMAC cryptography algorithm.
  # Used in pam_timestamp module to calculate the keyed-hash message
  # authentication code.
+@@ -301,3 +313,10 @@ PREVENT_NO_AUTH superuser
+ # that are available in your system.
+ #
+ #HMAC_CRYPTO_ALGO SHA512
++
++# Forces login to protect the specified environment variables if -p is not
++# used. The string value is a comma-separated list of variable names. For
++# example: "LANG,LC_MESSAGES,LC_COLLATE".  The safelist is ignored for the
++# environment variables HOME, SHELL and USER.
++#LOGIN_ENV_SAFELIST
++

shadow.changes

@@ -1,3 +1,230 @@
+-------------------------------------------------------------------
+Wed Jun 25 04:20:14 UTC 2025 - Michael Vetter <mvetter@suse.com>
+
+- Update to 4.18.0:
+  * CI: purge man-db #1241
+  * passwd: document exit code when PAM has errored #1244
+  * Man patches #1175
+  * Quick fix: define E_PAM_ERR in lib/pam_pass.c #1245
+  * Accept /usr/sbin/nologin as an alternate to /sbin/nologin #1246
+  * Add LOGIN_ENV_SAFELIST to FOREIGNDEFS #1248
+  * ci: add gawk as a fedora dependency #1252
+  * man/useradd.8.xml: fix the CREATE_HOME description #1251
+  * lib/getdate.y: Restrict the date formats that we support #1238
+  * newuidmap: better error logging on failure #1254
+  * Extend basic test cases to check shadow and gshadow entries #1237
+  * lib/sizeof.h: Make sure STRLEN() only accepts string literals #1260
+  * Add strprefix(), and use it instead of its pattern #1152
+  * src/: Simplify, using strpbrk(3) #1167
+  * lib/string/strdup/: STRNDUPA(): Reimplement in terms of strndupa(3) #1189
+  * Remove dead beef #1230
+  * lib/atoi/a2i/: Simplify these macros #1137
+  * strtolower(): Add API, and use it instead of its pattern #1211
+  * lib/: sget*ent(): Simplify #1146
+  * fields #1150
+  * yacc(1) is a dead language; bury it deep in the ground #1217
+  * Test expiration date #1233
+  * [scp] Add strcaseprefix(), and use it instead of its pattern #1262
+  * valid_field(): Improve readability #1208
+  * lib/, src/, tests/: Use the standard countof() instead of our NITEMS() #1259
+  * lib/fs/mkstemp/, src/: Move fmkomstemp() to separate files under
+    lib/fs/mkstemp/, and split into mkomstemp() #1139
+  * [x][v]aprintf(): Add APIs, and use them instead of [x][v]asprintf(3) #1168
+  * lib/get_pid.c: pid_t is a signed integer #1264
+  * src/newusers.c: Fix off-by-one benign bug in array declaration #1266
+  * Add some wrappers for usual loops around strsep(3) #1155
+  * lib/fs/readlink/areadlink.h: areadlink(): Avoid inconditionally using PATH_MAX #1222
+  * configure: Fix typo #1268
+  * Pre-release 4.18.0-rc1 #1270
+  * Update man pages for chage, shadow, passwd #1243
+  * contrib/: Burn it all #1274
+  * Pre-release 4.18.0-rc2 #1275
+  * Release 4.18.0 #1277
+- Update shadow-util-linux.patch: See #1248
+
+-------------------------------------------------------------------
+Wed Apr  9 00:05:49 UTC 2025 - Stanislav Brabec <sbrabec@suse.com>
+
+- shadow-util-linux.patch: util-linux-2.41 introduced new variable:
+  LOGIN_ENV_SAFELIST. Recognize it and update dependencies. The
+  patch includes gh/shadow-maint/shadow/pull#1248.
+- shadow-login_defs-check-login_defs.lst: Make the util-linux.spec
+  multibuild file compatible with quilt. Make it working with new
+  quilt.
+
+-------------------------------------------------------------------
+Thu Mar 20 06:48:16 UTC 2025 - Michael Vetter <mvetter@suse.com>
+
+- Update to 4.17.4:
+  * Revert "lib/, src/: Use local time for human-readable dates"
+  * lib/getdate.y: Ignore time-zone information and use UTC
+  * src/chfn.c: Partially revert "lib/, src/: Use strsep(3) instead of its pattern"
+  * src/chfn.c: Use stpsep() instead of its pattern
+  * src/chfn.c: Add local variable to refer to the separated field
+  * src/chfn.c: copy_field(): Rename local variable
+  * lib/commonio.c: Rely on the POSIX.1-2008 behavior of realpath(3)
+  * lib/fs/readlink/: readlinknul(): Use ssize_t to simplify
+  * autogen.sh: Promote -Wsign-compare to an error
+  * lib/sizeof.h: ssizeof(): Add signed variant of sizeof
+  * src/lastlog.c: Use ssizeof() to avoid a -Wsign-compare diagnostic
+  * tests/unit/test_xasprintf.c: Fix sign-mismatch diagnostic
+  * configure.ac: stop checking for utmp location
+  * configure.ac: be deterministic about passwd location
+  * lib/, src/: update audit messages
+  * lib/: audit function for groups
+  * src/: update group audit messages
+  * doc/: Remove list of distributions
+
+-------------------------------------------------------------------
+Mon Feb 24 15:52:45 UTC 2025 - Michael Vetter <mvetter@suse.com>
+
+- Update to 4.17.3:
+  * chsh: do not warn about blank shell
+  * lib/: Use strisdigit() instead of its pattern
+  * lib/string/ctype/strisascii/: strisdigit(): Add function
+  * lib/string/: Add comments expanding the letter-soup API names
+  * lib/basename.c: Basename(): Use stprcspn() instead of its pattern
+  * lib/string/strspn/, lib/, src/: stprspn(), strrspn_(): Split API into function and macro
+  * lib/string/strspn/, lib/, src/: Move *spn() APIs to separate subdir
+  * lib/string/strchr/: strrcspn(), stprcspn(): Add function and macro
+  * src/useradd.c: Use !strcaseeq() instead of its pattern
+  * lib/, src/: Use strcaseeq() instead of its pattern
+  * lib/string/strcmp/: strcaseeq(): Add function
+  * man/useradd.8.xml: Document new exit code 19 (E_BAD_NAME)
+  * src/useradd.c: E_BAD_NAME: Use a different error code for bad login names
+  * src/useradd.c: create_home(): Use !streq() instead of its pattern
+  * lib/chkname.c: is_valid_name(): Use streq() instead of its pattern
+  * configure.ac, lib/: Use __has_include(<gshadow.h>) instead of HAVE_GSHADOW_H
+  * configure.ac: Remove unused AC_CHECK_HEADERS() checks
+  * configure.ac, lib/: Use __has_include(<sys/capability.h>) instead of HAVE_SYS_CAPABILITY_H
+  * lib/idmapping.c: Unconditionally include <sys/prctl.h>
+  * lib/: Use __has_include(<security/openpam.h>) instead of HAVE_SECURITY_OPENPAM_H
+  * lib/: Use __has_include(<security/pam_misc.h>) instead of HAVE_SECURITY_PAM_MISC_H
+  * configure.ac, lib/: Use __has_include(<sys/random.h>) instead of HAVE_SYS_RANDOM_H
+  * configure.ac, lib/: Use __has_include(<crypt.h>) instead of HAVE_CRYPT_H
+  * lib/, src/: motd(): Report errors instead of exiting from library code
+  * lib/motd.c: motd(): Invert logic to reduce indentation
+  * lib/, src/, doc/: Remove pw_auth()'s $3 as dead code
+  * lib/pwauth.*: PW_{ADD,CHANGE,DELETE,FTP,REXEC}: Remove dead code
+  * lib/, src/, doc/: Remove dead code
+  * src/vipw.c: Restore the original terminal pgrp after editing
+  * lib/, src/: Use agetgroups() instead of its pattern
+  * lib/shadow/grp/: agetgroups(): Add function
+  * configure.ac, lib/, src/: Use gid_t instead of GETGROUPS_T
+  * lib/adds.h: addslN(): Use QSORT() instead of its pattern
+  * lib/search/sort/: QSORT(): Add macro
+  * lib/addgrps.c: add_groups(): Remove arbitrary limit
+  * lib/, src/: Rename variables
+  * lib/addgrps.c: add_groups(): Reallocate at once
+  * lib/string/strchr/: strchrscnt(): Add function
+  * lib/addgrps.c: add_groups(): Split variable to avoid sign-mismatch diagnostics
+  * lib/, src/: Use LSEARCH() instead of its pattern
+  * lib/search/l/: LSEARCH(): Add macro
+  * lib/, src/: Replace redundant checks by actual error handling
+  * lib/, src/: Unconditionally call setgroups(2)
+  * lib/addgrps.c: add_groups(): Simplify redundant code with a goto
+  * lib/addgrps.c: add_groups(): Allocate earlier
+  * lib/addgrps.c: add_groups(): Remove useless cast
+  * lib/, src/: Use LFIND() instead of open-coded search loops
+  * lib/search/l/: LFIND(): Add macro
+  * lib/search/cmp/, lib/, tests/: CMP(), cmp_*(): Add macro and functions
+  * lib/, src/: Simplify allocation of buffer
+  * lib/, src/: Un-spageticize code
+  * lib/, src/: Reduce scope of variables
+  * lib/gshadow_.h: Fix compatibility with libc's struct sgrp
+  * configure.ac, lib/gshadow.c: Presume working shadow group support in libc
+  * lib/: Include <gshadow.h> if it's available
+  * configure.ac, lib/: Assume initgroups(3) exists
+  * configure.ac, lib/, src/: Assume setgroups(2) exists
+  * lib/, src/: Turn error counters into flags
+  * src/gpasswd: Use correct preprocessor definition
+  * src/gpasswd: Clear password in more cases
+  * lib/encrypt.c: Do not exit in error case
+  * man/useradd.8.xml: wfix
+  * src/login_nopam.c: list_match(): Use iteration instead of recursion
+  * src/login_nopam.c: list_match(): Remove local variable
+  * src/login_nopam.c: list_match(): Move code around
+  * src/login_nopam.c: list_match(): '(match)' is always true here
+  * src/login_nopam.c: list_match(): Add superfluous else
+  * src/login_nopam.c: list_match(): Refactor conditional
+  * man/passwd.1.xml: -P disables PAM support
+  * chage: Drop PAM support
+  * src/newusers.c: Turn nusers into size_t
+  * src/: Make line number overflows less likely
+  * man/: Install suauth.5 only if feature exists
+  * add and use a login.defs.test with CREATE_HOME set
+  * Revert "etc/login.defs: enable CREATE_HOME"
+  * etc/login.defs: enable CREATE_HOME
+  * Tests: implement system test framework
+
+-------------------------------------------------------------------
+Mon Jan 20 10:20:31 UTC 2025 - Michael Vetter <mvetter@suse.com>
+
+- bsc#1235453: Set SYS_{UID,GID}_MIN to 201:
+  After repeated similar requests to change the ID ranges we set the
+  above mentioned value to 201. The max value will stay at 499.
+  This range should be sufficient and will give us leeway for the
+  future.
+  It's not straightforward to find out which static UIDs/GIDs are
+  used in all packages.
+  Update shadow-login_defs-suse.patch
+
+-------------------------------------------------------------------
+Sat Jan 11 16:37:07 UTC 2025 - Michael Vetter <mvetter@suse.com>
+
+- Update to 4.17.2:
+  * src/login_nopam.c: Fix compiler warnings #1170
+  * lib/chkname.c: Put limits for LOGIN_NAME_MAX and sysconf(_SC_LOGIN_NAME_MAX) #1169
+  * Use HTTPS in link to Wikipedia article on password strength #1164
+  * lib/attr.h: use C23 attributes only with gcc >= 10 #1172
+  * login: Fix no-pam authorization regression #1174
+  * man: Add Portuguese translation #1178
+  * Update French translation #1177
+  * Add cheap defense mechanisms #1171
+  * Add Romanian translation #1176
+
+-------------------------------------------------------------------
+Tue Dec 31 19:41:57 UTC 2024 - Michael Vetter <mvetter@suse.com>
+
+- Update to 4.17.1:
+  * Fix `su -` regression #1163
+
+-------------------------------------------------------------------
+Fri Dec 27 16:06:45 UTC 2024 - Michael Vetter <mvetter@suse.com>
+
+- Update to 4.17.0:
+  * Fix the lower part of the domain of csrand_uniform()
+  * Fix use of volatile pointer
+  * Use 'dist-hook' to clean up <tests/unit/Makefile>
+  * Use str2[u]l() instead of atoi(3)
+  * Use a2i() in various places
+  * Fix const correctness
+  * Use uid_t for holding UIDs (and GIDs)
+  * Move all sprintf(3)-like APIs to a subdirectory
+  * Move all copying APIs to a subdirectory
+  * Fix forever loop on ENOMEM
+  * Fix REALLOC() nmemb calculation
+  * Remove id(1)
+  * Remove groups(1)
+  * Use local time for human-readable dates
+  * Use %F instead of %Y-%m-%d with strftime(3)
+  * is_valid{user,group}_name(): Set errno to distinguish the reasons
+  * Recommend --badname only if it is useful
+  * Add fmkomstemp() to fix mode of </etc/default/useradd>
+  * Fix use-after-free bug in sgetgrent()
+  * Update Catalan translation
+  * Remove references to cppw, cpgr
+  * groupadd, groupmod: Update gshadow file with -U
+  * Added option -a for listing active users only, optimized using if aflg,return
+  * Added information in lastlog man page for new option '-a'
+  * Plenty of code cleanup and clarifications
+
+-------------------------------------------------------------------
+Fri Dec  6 08:56:10 UTC 2024 - Michael Vetter <mvetter@suse.com>
+
+- Update to 4.17.0 RC1:
+  Pre-release without changelog
+
 -------------------------------------------------------------------
 Mon Jul  8 11:13:17 UTC 2024 - Samuel Cabrero <scabrero@suse.de>
 

shadow.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package shadow
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -22,7 +22,7 @@
   %define no_config 1
 %endif
 Name:           shadow
-Version:        4.16.0
+Version:        4.18.0
 Release:        0
 Summary:        Utilities to Manage User and Group Accounts
 License:        BSD-3-Clause AND GPL-2.0-or-later
@@ -84,7 +84,7 @@ Summary:        The login.defs configuration file
 # Call shadow-login_defs-check.sh before!
 Group:          System/Base
 Provides:       login_defs-support-for-pam = 1.5.2
-Provides:       login_defs-support-for-util-linux = 2.37
+Provides:       login_defs-support-for-util-linux = 2.41
 BuildArch:      noarch
 
 %description -n login_defs
@@ -158,11 +158,6 @@ install -Dm644 %{SOURCE5} %{buildroot}%{_unitdir}/shadow.timer
 touch %{buildroot}/%{_sysconfdir}/subuid
 touch %{buildroot}/%{_sysconfdir}/subgid
 
-# Remove binaries we don't use.
-rm %{buildroot}/%{_bindir}/groups
-rm %{buildroot}/%{_mandir}/man1/groups.*
-rm %{buildroot}/%{_mandir}/*/man1/groups.*
-
 rm %{buildroot}/%{_sbindir}/grpconv
 rm %{buildroot}/%{_mandir}/man8/grpconv.*
 rm %{buildroot}/%{_mandir}/*/man8/grpconv.*
@@ -183,8 +178,6 @@ rm %{buildroot}%{_sysconfdir}/pam.d/login
 rm %{buildroot}/%{_bindir}/su
 rm %{buildroot}/%{_mandir}/man1/su.*
 rm %{buildroot}/%{_mandir}/*/man1/su.*
-rm %{buildroot}/%{_mandir}/man5/suauth.*
-rm %{buildroot}/%{_mandir}/*/man5/suauth.*
 rm %{buildroot}%{_sysconfdir}/pam.d/su
 
 rm %{buildroot}/%{_bindir}/faillog
@@ -229,7 +222,7 @@ mkdir -p %{buildroot}%{_sysconfdir}/login.defs.d
 
 %pre
 %service_add_pre shadow.service shadow.timer
-for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
+for i in pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
   test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
 done
 
@@ -269,7 +262,7 @@ test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpm
 %posttrans
 %if %{defined no_config}
 # Migration to /usr/etc
-for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
+for i in pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do
   test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
 done
 %endif
@@ -289,7 +282,6 @@ test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpm
 %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subuid
 %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subgid
 %if %{defined no_config}
-%{_pam_vendordir}/chage
 %{_pam_vendordir}/chfn
 %{_pam_vendordir}/chsh
 %{_pam_vendordir}/passwd
@@ -302,7 +294,6 @@ test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpm
 %{_pam_vendordir}/userdel
 %{_pam_vendordir}/usermod
 %else
-%config %{_sysconfdir}/pam.d/chage
 %config %{_sysconfdir}/pam.d/chfn
 %config %{_sysconfdir}/pam.d/chsh
 %config %{_sysconfdir}/pam.d/passwd