diff --git a/shadow-4.16.0.tar.xz b/shadow-4.16.0.tar.xz deleted file mode 100644 index 99c6692..0000000 --- a/shadow-4.16.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b78e3921a95d53282a38e90628880624736bf6235e36eea50c50835f59a3530b -size 2204832 diff --git a/shadow-4.16.0.tar.xz.asc b/shadow-4.16.0.tar.xz.asc deleted file mode 100644 index 68f476d..0000000 --- a/shadow-4.16.0.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEflbiwT+nfOMVWa3JfcJMNsM0HSAFAmZyBfQACgkQfcJMNsM0 -HSA4PxAA57RSvccAbXTTmp2sHMZVPbzizydThuGgqY/4F9egRvywUUlNy0vz/QAA -e0u8ja+paKhLjXg4HvA/Ejy+gtAE5NuvNCr/ihL8Xii6s/GH6OaW8EDcL0509j7L -PchWYkHYSqwdqdjLoy6NroaaEEllAzVEeNp2UzN9F7jllteF8gDjqY2j8SLqrkmm -Xb15kzk6mbqk5BxAOoZmgoRRDw+YRCBA2EzN0ztwR0h1rjwoCjebQk3E/qV+fM1t -pKKYVTnLRmb9E2tvPR1Oibzercisi/+6Z7br+Xh1Gz/mfZ++4CiOQrJndUTBj9zU -v7GEHMEdV8qz/Qzvh1eyxA7KX5zZqbXT3I/+kRvX01CJtI64MVdEOOqSeup794fr -QlaptfoAfe+ZS6exe1SwY2tZkoX4qXeeUNQXRBo8GJlG9auMA46U2CjtRGgyK6BK -cf/YkzUr9aTWExL3d2tZJzvEX80AHSR+MF2kW8UzIQI8hch1Pncp8an6NfLFbmsl -nyz5+GqrSuc1gNe7wnz5Lkxk3q4epmvdPcyrb16XDr42k3dP0IWZE50c8Caf05Nq -9zJC+It75nX7PFbGcZnNgE6sjsc6MB28O2wUb4Z51IU+s8hzthk2P4v0gq30TgrZ -vKTXxIYwp+yLii1sSTWUdE8a6vNK93cQki5uuB3R6VeNVBMZJA0= -=bB1D ------END PGP SIGNATURE----- diff --git a/shadow-4.18.0.tar.xz b/shadow-4.18.0.tar.xz new file mode 100644 index 0000000..3b86d9f --- /dev/null +++ b/shadow-4.18.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:add4604d3bc410344433122a819ee4154b79dd8316a56298c60417e637c07608 +size 2347912 diff --git a/shadow-4.18.0.tar.xz.asc b/shadow-4.18.0.tar.xz.asc new file mode 100644 index 0000000..8ff4aac --- /dev/null +++ b/shadow-4.18.0.tar.xz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEqb0/8XByttt4D8+UNXDaFycKziQFAmhbDFQACgkQNXDaFycK +ziQBNQgAzFSwyCM6MpR9au15EeF3dw0auq6iI9ibL2ZLfZQII+tT0Mzv+LY5ioLR +qf4DVDqCyZWz3FMfmM93aXtKg+Vb8ukkhmhIFmWZjJDb2yZIh4bQOo+rVlQa+GBk +kCMftuNPE/58AhH030nt917EXE6Yz4JkyX0UDcJkqWKdTPWfl9OjHQfiFXuGHlsr +HJT4OVZSkAOKtZtKvjqD00dEvSsQ0GpeCTLgtQ2RgWS1Sfwvmrsc2nIHQXhkWmKx +sTfhiHGL10v9rDHgtK3KccdfkqtSdPqDDO6T0DQVg0gwqawB7b0WhixVqrGxGAfh +aOVD1Sy9qcQlSBT8kJIuXyAotTB75w== +=FJBB +-----END PGP SIGNATURE----- diff --git a/shadow-login_defs-check.sh b/shadow-login_defs-check.sh index 2e0377f..282087a 100644 --- a/shadow-login_defs-check.sh +++ b/shadow-login_defs-check.sh @@ -33,14 +33,18 @@ if ! test -f openSUSE:Factory/util-linux/BUILD/*/configure.ac ; then osc co openSUSE:Factory util-linux fi cd openSUSE:Factory/util-linux +# BEGIN HACK +# quilt does not understand our util-linux.spec. + sed -i s/@BUILD_FLAVOR@// util-linux.spec +# END HACK quilt setup -d BUILD util-linux.spec - cd BUILD/* + cd $(ls -1d BUILD/* | sed /SPECPARTS/d) quilt push -a cd ../../../.. fi echo "Extracting variables from util-linux..." -cd openSUSE:Factory/util-linux/BUILD/* +cd $(ls -1d openSUSE:Factory/util-linux/BUILD/* | sed /SPECPARTS/d) ( grep -rh getlogindefs . | sed -n 's/^.*getlogindefs[a-z_]*("\([A-Z0-9_]*\)".*$/\1/p' @@ -68,13 +72,13 @@ if ! test -f openSUSE:Factory/pam/BUILD/*/configure.ac ; then fi cd openSUSE:Factory/pam quilt setup -d BUILD pam.spec - cd BUILD/* + cd $(ls -1d BUILD/* | sed /SPECPARTS/d) quilt push -a cd ../../../.. fi echo "Extracting variables from pam..." -cd openSUSE:Factory/pam/BUILD/* +cd $(ls -1d openSUSE:Factory/pam/BUILD/* | sed /SPECPARTS/d) grep -rh LOGIN_DEFS . | sed -n 's/CRYPTO_KEY/\"HMAC_CRYPTO_ALGO\"/g;s/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' | LC_ALL=C sort -u >../../../../shadow-login_defs-check-pam.lst diff --git a/shadow-login_defs-suse.patch b/shadow-login_defs-suse.patch index 10e059e..f99b850 100644 --- a/shadow-login_defs-suse.patch +++ b/shadow-login_defs-suse.patch @@ -82,7 +82,7 @@ Index: etc/login.defs # System accounts -SYS_UID_MIN 101 -SYS_UID_MAX 999 -+SYS_UID_MIN 100 ++SYS_UID_MIN 201 +SYS_UID_MAX 499 # Extra per user uids SUB_UID_MIN 100000 @@ -93,7 +93,7 @@ Index: etc/login.defs # System accounts -SYS_GID_MIN 101 -SYS_GID_MAX 999 -+SYS_GID_MIN 100 ++SYS_GID_MIN 201 +SYS_GID_MAX 499 # Extra per user group ids SUB_GID_MIN 100000 diff --git a/shadow-util-linux.patch b/shadow-util-linux.patch index 96ea5ae..ef74692 100644 --- a/shadow-util-linux.patch +++ b/shadow-util-linux.patch @@ -122,7 +122,7 @@ Index: etc/login.defs # Max time in seconds for login(1) # LOGIN_TIMEOUT 60 -@@ -315,14 +335,6 @@ CHARACTER_CLASS [ABCDEFGHIJKLMNO +@@ -285,14 +305,6 @@ USERGROUPS_ENAB yes #GRANT_AUX_GROUP_SUBIDS yes # @@ -137,3 +137,14 @@ Index: etc/login.defs # Select the HMAC cryptography algorithm. # Used in pam_timestamp module to calculate the keyed-hash message # authentication code. +@@ -301,3 +313,10 @@ PREVENT_NO_AUTH superuser + # that are available in your system. + # + #HMAC_CRYPTO_ALGO SHA512 ++ ++# Forces login to protect the specified environment variables if -p is not ++# used. The string value is a comma-separated list of variable names. For ++# example: "LANG,LC_MESSAGES,LC_COLLATE". The safelist is ignored for the ++# environment variables HOME, SHELL and USER. ++#LOGIN_ENV_SAFELIST ++ diff --git a/shadow.changes b/shadow.changes index 99d4180..6affe8f 100644 --- a/shadow.changes +++ b/shadow.changes @@ -1,3 +1,230 @@ +------------------------------------------------------------------- +Wed Jun 25 04:20:14 UTC 2025 - Michael Vetter + +- Update to 4.18.0: + * CI: purge man-db #1241 + * passwd: document exit code when PAM has errored #1244 + * Man patches #1175 + * Quick fix: define E_PAM_ERR in lib/pam_pass.c #1245 + * Accept /usr/sbin/nologin as an alternate to /sbin/nologin #1246 + * Add LOGIN_ENV_SAFELIST to FOREIGNDEFS #1248 + * ci: add gawk as a fedora dependency #1252 + * man/useradd.8.xml: fix the CREATE_HOME description #1251 + * lib/getdate.y: Restrict the date formats that we support #1238 + * newuidmap: better error logging on failure #1254 + * Extend basic test cases to check shadow and gshadow entries #1237 + * lib/sizeof.h: Make sure STRLEN() only accepts string literals #1260 + * Add strprefix(), and use it instead of its pattern #1152 + * src/: Simplify, using strpbrk(3) #1167 + * lib/string/strdup/: STRNDUPA(): Reimplement in terms of strndupa(3) #1189 + * Remove dead beef #1230 + * lib/atoi/a2i/: Simplify these macros #1137 + * strtolower(): Add API, and use it instead of its pattern #1211 + * lib/: sget*ent(): Simplify #1146 + * fields #1150 + * yacc(1) is a dead language; bury it deep in the ground #1217 + * Test expiration date #1233 + * [scp] Add strcaseprefix(), and use it instead of its pattern #1262 + * valid_field(): Improve readability #1208 + * lib/, src/, tests/: Use the standard countof() instead of our NITEMS() #1259 + * lib/fs/mkstemp/, src/: Move fmkomstemp() to separate files under + lib/fs/mkstemp/, and split into mkomstemp() #1139 + * [x][v]aprintf(): Add APIs, and use them instead of [x][v]asprintf(3) #1168 + * lib/get_pid.c: pid_t is a signed integer #1264 + * src/newusers.c: Fix off-by-one benign bug in array declaration #1266 + * Add some wrappers for usual loops around strsep(3) #1155 + * lib/fs/readlink/areadlink.h: areadlink(): Avoid inconditionally using PATH_MAX #1222 + * configure: Fix typo #1268 + * Pre-release 4.18.0-rc1 #1270 + * Update man pages for chage, shadow, passwd #1243 + * contrib/: Burn it all #1274 + * Pre-release 4.18.0-rc2 #1275 + * Release 4.18.0 #1277 +- Update shadow-util-linux.patch: See #1248 + +------------------------------------------------------------------- +Wed Apr 9 00:05:49 UTC 2025 - Stanislav Brabec + +- shadow-util-linux.patch: util-linux-2.41 introduced new variable: + LOGIN_ENV_SAFELIST. Recognize it and update dependencies. The + patch includes gh/shadow-maint/shadow/pull#1248. +- shadow-login_defs-check-login_defs.lst: Make the util-linux.spec + multibuild file compatible with quilt. Make it working with new + quilt. + +------------------------------------------------------------------- +Thu Mar 20 06:48:16 UTC 2025 - Michael Vetter + +- Update to 4.17.4: + * Revert "lib/, src/: Use local time for human-readable dates" + * lib/getdate.y: Ignore time-zone information and use UTC + * src/chfn.c: Partially revert "lib/, src/: Use strsep(3) instead of its pattern" + * src/chfn.c: Use stpsep() instead of its pattern + * src/chfn.c: Add local variable to refer to the separated field + * src/chfn.c: copy_field(): Rename local variable + * lib/commonio.c: Rely on the POSIX.1-2008 behavior of realpath(3) + * lib/fs/readlink/: readlinknul(): Use ssize_t to simplify + * autogen.sh: Promote -Wsign-compare to an error + * lib/sizeof.h: ssizeof(): Add signed variant of sizeof + * src/lastlog.c: Use ssizeof() to avoid a -Wsign-compare diagnostic + * tests/unit/test_xasprintf.c: Fix sign-mismatch diagnostic + * configure.ac: stop checking for utmp location + * configure.ac: be deterministic about passwd location + * lib/, src/: update audit messages + * lib/: audit function for groups + * src/: update group audit messages + * doc/: Remove list of distributions + +------------------------------------------------------------------- +Mon Feb 24 15:52:45 UTC 2025 - Michael Vetter + +- Update to 4.17.3: + * chsh: do not warn about blank shell + * lib/: Use strisdigit() instead of its pattern + * lib/string/ctype/strisascii/: strisdigit(): Add function + * lib/string/: Add comments expanding the letter-soup API names + * lib/basename.c: Basename(): Use stprcspn() instead of its pattern + * lib/string/strspn/, lib/, src/: stprspn(), strrspn_(): Split API into function and macro + * lib/string/strspn/, lib/, src/: Move *spn() APIs to separate subdir + * lib/string/strchr/: strrcspn(), stprcspn(): Add function and macro + * src/useradd.c: Use !strcaseeq() instead of its pattern + * lib/, src/: Use strcaseeq() instead of its pattern + * lib/string/strcmp/: strcaseeq(): Add function + * man/useradd.8.xml: Document new exit code 19 (E_BAD_NAME) + * src/useradd.c: E_BAD_NAME: Use a different error code for bad login names + * src/useradd.c: create_home(): Use !streq() instead of its pattern + * lib/chkname.c: is_valid_name(): Use streq() instead of its pattern + * configure.ac, lib/: Use __has_include() instead of HAVE_GSHADOW_H + * configure.ac: Remove unused AC_CHECK_HEADERS() checks + * configure.ac, lib/: Use __has_include() instead of HAVE_SYS_CAPABILITY_H + * lib/idmapping.c: Unconditionally include + * lib/: Use __has_include() instead of HAVE_SECURITY_OPENPAM_H + * lib/: Use __has_include() instead of HAVE_SECURITY_PAM_MISC_H + * configure.ac, lib/: Use __has_include() instead of HAVE_SYS_RANDOM_H + * configure.ac, lib/: Use __has_include() instead of HAVE_CRYPT_H + * lib/, src/: motd(): Report errors instead of exiting from library code + * lib/motd.c: motd(): Invert logic to reduce indentation + * lib/, src/, doc/: Remove pw_auth()'s $3 as dead code + * lib/pwauth.*: PW_{ADD,CHANGE,DELETE,FTP,REXEC}: Remove dead code + * lib/, src/, doc/: Remove dead code + * src/vipw.c: Restore the original terminal pgrp after editing + * lib/, src/: Use agetgroups() instead of its pattern + * lib/shadow/grp/: agetgroups(): Add function + * configure.ac, lib/, src/: Use gid_t instead of GETGROUPS_T + * lib/adds.h: addslN(): Use QSORT() instead of its pattern + * lib/search/sort/: QSORT(): Add macro + * lib/addgrps.c: add_groups(): Remove arbitrary limit + * lib/, src/: Rename variables + * lib/addgrps.c: add_groups(): Reallocate at once + * lib/string/strchr/: strchrscnt(): Add function + * lib/addgrps.c: add_groups(): Split variable to avoid sign-mismatch diagnostics + * lib/, src/: Use LSEARCH() instead of its pattern + * lib/search/l/: LSEARCH(): Add macro + * lib/, src/: Replace redundant checks by actual error handling + * lib/, src/: Unconditionally call setgroups(2) + * lib/addgrps.c: add_groups(): Simplify redundant code with a goto + * lib/addgrps.c: add_groups(): Allocate earlier + * lib/addgrps.c: add_groups(): Remove useless cast + * lib/, src/: Use LFIND() instead of open-coded search loops + * lib/search/l/: LFIND(): Add macro + * lib/search/cmp/, lib/, tests/: CMP(), cmp_*(): Add macro and functions + * lib/, src/: Simplify allocation of buffer + * lib/, src/: Un-spageticize code + * lib/, src/: Reduce scope of variables + * lib/gshadow_.h: Fix compatibility with libc's struct sgrp + * configure.ac, lib/gshadow.c: Presume working shadow group support in libc + * lib/: Include if it's available + * configure.ac, lib/: Assume initgroups(3) exists + * configure.ac, lib/, src/: Assume setgroups(2) exists + * lib/, src/: Turn error counters into flags + * src/gpasswd: Use correct preprocessor definition + * src/gpasswd: Clear password in more cases + * lib/encrypt.c: Do not exit in error case + * man/useradd.8.xml: wfix + * src/login_nopam.c: list_match(): Use iteration instead of recursion + * src/login_nopam.c: list_match(): Remove local variable + * src/login_nopam.c: list_match(): Move code around + * src/login_nopam.c: list_match(): '(match)' is always true here + * src/login_nopam.c: list_match(): Add superfluous else + * src/login_nopam.c: list_match(): Refactor conditional + * man/passwd.1.xml: -P disables PAM support + * chage: Drop PAM support + * src/newusers.c: Turn nusers into size_t + * src/: Make line number overflows less likely + * man/: Install suauth.5 only if feature exists + * add and use a login.defs.test with CREATE_HOME set + * Revert "etc/login.defs: enable CREATE_HOME" + * etc/login.defs: enable CREATE_HOME + * Tests: implement system test framework + +------------------------------------------------------------------- +Mon Jan 20 10:20:31 UTC 2025 - Michael Vetter + +- bsc#1235453: Set SYS_{UID,GID}_MIN to 201: + After repeated similar requests to change the ID ranges we set the + above mentioned value to 201. The max value will stay at 499. + This range should be sufficient and will give us leeway for the + future. + It's not straightforward to find out which static UIDs/GIDs are + used in all packages. + Update shadow-login_defs-suse.patch + +------------------------------------------------------------------- +Sat Jan 11 16:37:07 UTC 2025 - Michael Vetter + +- Update to 4.17.2: + * src/login_nopam.c: Fix compiler warnings #1170 + * lib/chkname.c: Put limits for LOGIN_NAME_MAX and sysconf(_SC_LOGIN_NAME_MAX) #1169 + * Use HTTPS in link to Wikipedia article on password strength #1164 + * lib/attr.h: use C23 attributes only with gcc >= 10 #1172 + * login: Fix no-pam authorization regression #1174 + * man: Add Portuguese translation #1178 + * Update French translation #1177 + * Add cheap defense mechanisms #1171 + * Add Romanian translation #1176 + +------------------------------------------------------------------- +Tue Dec 31 19:41:57 UTC 2024 - Michael Vetter + +- Update to 4.17.1: + * Fix `su -` regression #1163 + +------------------------------------------------------------------- +Fri Dec 27 16:06:45 UTC 2024 - Michael Vetter + +- Update to 4.17.0: + * Fix the lower part of the domain of csrand_uniform() + * Fix use of volatile pointer + * Use 'dist-hook' to clean up + * Use str2[u]l() instead of atoi(3) + * Use a2i() in various places + * Fix const correctness + * Use uid_t for holding UIDs (and GIDs) + * Move all sprintf(3)-like APIs to a subdirectory + * Move all copying APIs to a subdirectory + * Fix forever loop on ENOMEM + * Fix REALLOC() nmemb calculation + * Remove id(1) + * Remove groups(1) + * Use local time for human-readable dates + * Use %F instead of %Y-%m-%d with strftime(3) + * is_valid{user,group}_name(): Set errno to distinguish the reasons + * Recommend --badname only if it is useful + * Add fmkomstemp() to fix mode of + * Fix use-after-free bug in sgetgrent() + * Update Catalan translation + * Remove references to cppw, cpgr + * groupadd, groupmod: Update gshadow file with -U + * Added option -a for listing active users only, optimized using if aflg,return + * Added information in lastlog man page for new option '-a' + * Plenty of code cleanup and clarifications + +------------------------------------------------------------------- +Fri Dec 6 08:56:10 UTC 2024 - Michael Vetter + +- Update to 4.17.0 RC1: + Pre-release without changelog + ------------------------------------------------------------------- Mon Jul 8 11:13:17 UTC 2024 - Samuel Cabrero diff --git a/shadow.spec b/shadow.spec index 6ebf7bf..13d5551 100644 --- a/shadow.spec +++ b/shadow.spec @@ -1,7 +1,7 @@ # # spec file for package shadow # -# Copyright (c) 2024 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ %define no_config 1 %endif Name: shadow -Version: 4.16.0 +Version: 4.18.0 Release: 0 Summary: Utilities to Manage User and Group Accounts License: BSD-3-Clause AND GPL-2.0-or-later @@ -84,7 +84,7 @@ Summary: The login.defs configuration file # Call shadow-login_defs-check.sh before! Group: System/Base Provides: login_defs-support-for-pam = 1.5.2 -Provides: login_defs-support-for-util-linux = 2.37 +Provides: login_defs-support-for-util-linux = 2.41 BuildArch: noarch %description -n login_defs @@ -158,11 +158,6 @@ install -Dm644 %{SOURCE5} %{buildroot}%{_unitdir}/shadow.timer touch %{buildroot}/%{_sysconfdir}/subuid touch %{buildroot}/%{_sysconfdir}/subgid -# Remove binaries we don't use. -rm %{buildroot}/%{_bindir}/groups -rm %{buildroot}/%{_mandir}/man1/groups.* -rm %{buildroot}/%{_mandir}/*/man1/groups.* - rm %{buildroot}/%{_sbindir}/grpconv rm %{buildroot}/%{_mandir}/man8/grpconv.* rm %{buildroot}/%{_mandir}/*/man8/grpconv.* @@ -183,8 +178,6 @@ rm %{buildroot}%{_sysconfdir}/pam.d/login rm %{buildroot}/%{_bindir}/su rm %{buildroot}/%{_mandir}/man1/su.* rm %{buildroot}/%{_mandir}/*/man1/su.* -rm %{buildroot}/%{_mandir}/man5/suauth.* -rm %{buildroot}/%{_mandir}/*/man5/suauth.* rm %{buildroot}%{_sysconfdir}/pam.d/su rm %{buildroot}/%{_bindir}/faillog @@ -229,7 +222,7 @@ mkdir -p %{buildroot}%{_sysconfdir}/login.defs.d %pre %service_add_pre shadow.service shadow.timer -for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do +for i in pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: done @@ -269,7 +262,7 @@ test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpm %posttrans %if %{defined no_config} # Migration to /usr/etc -for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do +for i in pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: done %endif @@ -289,7 +282,6 @@ test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpm %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subuid %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subgid %if %{defined no_config} -%{_pam_vendordir}/chage %{_pam_vendordir}/chfn %{_pam_vendordir}/chsh %{_pam_vendordir}/passwd @@ -302,7 +294,6 @@ test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpm %{_pam_vendordir}/userdel %{_pam_vendordir}/usermod %else -%config %{_sysconfdir}/pam.d/chage %config %{_sysconfdir}/pam.d/chfn %config %{_sysconfdir}/pam.d/chsh %config %{_sysconfdir}/pam.d/passwd