- Remove duplicate pam.d/useradd entry
- Provide /etc/login.defs.d on SLE15 since we support and use it
- Use %_pam_vendordir macro

• Files Changed
• Browse Source

• Files Changed
• Browse Source

This is submitted just to sync with SLE/Leap. It has no effect for Factory.
- The legacy code does not support /etc/login.defs.d used by YaST.
  Enable libeconf to read it (bsc#1192954).

• Files Changed
• Browse Source

- Update to 4.11.1:
  * build: include lib/shadowlog_internal.h in dist tarballs

- Update to 4.11:
  * Handle possible TOCTTOU issues in usermod/userdel
  	- (CVE-2013-4235)
  	- Use O_NOFOLLOW when copying file
  	- Kill all user tasks in userdel
  * Fix useradd -D segfault
  * Clean up obsolete libc feature-check ifdefs
  * Fix -fno-common build breaks due to duplicate Prog declarations
  * Have single date_to_str definition
  * Fix libsubid SONAME version
  * Clarify licensing info, use SPDX.

- Update to 4.10:
  * From this release forward, su from this package should be
    considered deprecated. Please replace any users of it with su
	from util-linux
  * libsubid fixes
  * Rename the test program list_subid_ranges to getsubids, write
    a manpage, so distros can ship it.
  * Add libeconf dep for new*idmap
  * Allow all group types with usermod -G
  * Avoid useradd generating empty subid range
  * Handle NULL pw_passwd
  * Fix default value SHA_get_salt_rounds
  * Use https where possible in README
  * Update content and format of README
  * Translation updates

• Files Changed
• Browse Source

- Really enable USERGROUPS_ENAB [bsc#1189139].
  Did go lost during merges.

• Files Changed
• Browse Source

- Fix segfaults in newgrp and pwck
  * Add shadow-4.9-newgrp-segfault.patch 
    https://github.com/shadow-maint/shadow/pull/437
  * Add shadow-4.9-pwck-segfault.patch
    https://github.com/shadow-maint/shadow/pull/445

• Files Changed
• Browse Source

Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort

• Files Changed
• Browse Source

- shadow-util-linux.patch:
  * Remove the section patching lib/getdef.c in favor of the
    upstream FOREIGNDEFS.
  * Add LOGIN_KEEP_USERNAME to login.defs.
  * Remove PREVENT_NO_AUTH from login.defs. Only used by the
    unpackaged login and su.
- shadow-login_defs-unused-by-pam.patch:
  * Remove variables BCRYPT_MIN_ROUNDS, BCRYPT_MAX_ROUNDS,
    YESCRYPT_COST_FACTOR, not supported by the current
    configuratiton.
- Update login_defs-support-for-pam symbol to version 1.5.2
  (support for new variable HMAC_CRYPTO_ALGO).
- Update login_defs-support-for-util-linux to version 2.37
  (support for new variable LOGIN_KEEP_USERNAME).
- Refresh shadow-login_defs-comments.patch and
  shadow-login_defs-suse.patch.
- Improve shadow-login_defs-check.sh:
  * Add helper to import local new version in the parent dir.
  * Fix spec editing sed expression.
  * Add PREVENT_NO_AUTH to known unused variables.
  * Update pam sed expression to find HMAC_CRYPTO_ALGO.
  * Add more sanity checks.

• Files Changed
• Browse Source

- bsc#1190146: Fix empty subid range
  Add shadow-4.9-useradd-subuid.patch
  https://github.com/shadow-maint/shadow/pull/399

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- bsc#1190145: Fix double free in gpasswd:
  Add shadow-4.9-sgent-free.patch upstreamed as
  https://github.com/shadow-maint/shadow/pull/417

• Files Changed
• Browse Source

  for security reasons and compatibility. [bsc#1189139] [bsc#1182850]

• Files Changed
• Browse Source

- Add shadow-passwd-handle-null.patch [bsc#1188307]:

• Files Changed
• Browse Source

- Fix shadow-login_defs-check.sh:
  In the last update we switched from calling make to %make_build
  macro. Using sed to adapt the spec file now.

• Files Changed
• Browse Source

- libsubid-devel: add missing requires for libsubid3
- Remove README.changes-pwdutils, all distros you can upgrade from
  use already shadow
- login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to
  be compatible with other Linux distros and the other tools
  creating user accounts in use on openSUSE. Set HOME_MODE to 700
  for security reasons and compatibility. [bsc#1189139]

• Files Changed
• Browse Source

- Update to 4.9:
  * Updated translations
  * Major salt updates
  * Various coverity and cleanup fixes
  * Consistently use 0 to disable PASS_MIN_DAYS in man
  * Implement NSS support for subids and a libsubid
  * setfcap: retain setfcap when mapping uid 0
  * login.defs: include HMAC_CRYPTO_ALGO key
  * selinux fixes
  * Fix path prefix path handling
  * Manpage updates
  * Treat an empty passwd field as invalid(Haelwenn Monnier)
  * newxidmap: allow running under alternative gid
  * usermod: check that shell is executable
  * Add yescript support
  * useradd memleak fixes
  * useradd: use built-in settings by default
  * getdefs: add foreign
  * buffer overflow fixes
  * Adding run-parts style for pre and post useradd/del
- Refresh:
  * shadow-login_defs-unused-by-pam.patch
  * userdel-script.patch
  * useradd-script.patch
  * chkname-regex.patch
  * useradd-default.patch: bbf4b79 stopped shipping default file.
    change group in code now.
  * shadow-login_defs-suse.patch
  * useradd-userkeleton.patch
- Remove because upstreamed:

• Files Changed
• Browse Source

- login.defs/MOTD_FILE: Use "" instead of blank entry [bsc#1187536]
- Add /etc/login.defs.d directory

• Files Changed
• Browse Source

- Enable shadowgrp so that we can set more secure group passwords 
  using shadow.

• Files Changed
• Browse Source

- Disable MOTD_FILE to allow the use of pam_motd to unify motd
  message output [bsc#1185897]. Else motd entries of e.g. cockpit
  will not be shown.

• Files Changed
• Browse Source

baserev update by copy to link target

• Files Changed
• Browse Source