Revisions of shadow
- Remove duplicate pam.d/useradd entry - Provide /etc/login.defs.d on SLE15 since we support and use it - Use %_pam_vendordir macro
This is submitted just to sync with SLE/Leap. It has no effect for Factory. - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954).
- Update to 4.11.1: * build: include lib/shadowlog_internal.h in dist tarballs - Update to 4.11: * Handle possible TOCTTOU issues in usermod/userdel - (CVE-2013-4235) - Use O_NOFOLLOW when copying file - Kill all user tasks in userdel * Fix useradd -D segfault * Clean up obsolete libc feature-check ifdefs * Fix -fno-common build breaks due to duplicate Prog declarations * Have single date_to_str definition * Fix libsubid SONAME version * Clarify licensing info, use SPDX. - Update to 4.10: * From this release forward, su from this package should be considered deprecated. Please replace any users of it with su from util-linux * libsubid fixes * Rename the test program list_subid_ranges to getsubids, write a manpage, so distros can ship it. * Add libeconf dep for new*idmap * Allow all group types with usermod -G * Avoid useradd generating empty subid range * Handle NULL pw_passwd * Fix default value SHA_get_salt_rounds * Use https where possible in README * Update content and format of README * Translation updates
- Really enable USERGROUPS_ENAB [bsc#1189139]. Did go lost during merges.
- Fix segfaults in newgrp and pwck * Add shadow-4.9-newgrp-segfault.patch https://github.com/shadow-maint/shadow/pull/437 * Add shadow-4.9-pwck-segfault.patch https://github.com/shadow-maint/shadow/pull/445
Automatic systemd hardening effort by the security team. This has not been tested. For details please see https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
- shadow-util-linux.patch: * Remove the section patching lib/getdef.c in favor of the upstream FOREIGNDEFS. * Add LOGIN_KEEP_USERNAME to login.defs. * Remove PREVENT_NO_AUTH from login.defs. Only used by the unpackaged login and su. - shadow-login_defs-unused-by-pam.patch: * Remove variables BCRYPT_MIN_ROUNDS, BCRYPT_MAX_ROUNDS, YESCRYPT_COST_FACTOR, not supported by the current configuratiton. - Update login_defs-support-for-pam symbol to version 1.5.2 (support for new variable HMAC_CRYPTO_ALGO). - Update login_defs-support-for-util-linux to version 2.37 (support for new variable LOGIN_KEEP_USERNAME). - Refresh shadow-login_defs-comments.patch and shadow-login_defs-suse.patch. - Improve shadow-login_defs-check.sh: * Add helper to import local new version in the parent dir. * Fix spec editing sed expression. * Add PREVENT_NO_AUTH to known unused variables. * Update pam sed expression to find HMAC_CRYPTO_ALGO. * Add more sanity checks.
- bsc#1190146: Fix empty subid range Add shadow-4.9-useradd-subuid.patch https://github.com/shadow-maint/shadow/pull/399
- bsc#1190145: Fix double free in gpasswd: Add shadow-4.9-sgent-free.patch upstreamed as https://github.com/shadow-maint/shadow/pull/417
for security reasons and compatibility. [bsc#1189139] [bsc#1182850]
- Add shadow-passwd-handle-null.patch [bsc#1188307]:
- Fix shadow-login_defs-check.sh: In the last update we switched from calling make to %make_build macro. Using sed to adapt the spec file now.
- libsubid-devel: add missing requires for libsubid3 - Remove README.changes-pwdutils, all distros you can upgrade from use already shadow - login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to be compatible with other Linux distros and the other tools creating user accounts in use on openSUSE. Set HOME_MODE to 700 for security reasons and compatibility. [bsc#1189139]
- Update to 4.9: * Updated translations * Major salt updates * Various coverity and cleanup fixes * Consistently use 0 to disable PASS_MIN_DAYS in man * Implement NSS support for subids and a libsubid * setfcap: retain setfcap when mapping uid 0 * login.defs: include HMAC_CRYPTO_ALGO key * selinux fixes * Fix path prefix path handling * Manpage updates * Treat an empty passwd field as invalid(Haelwenn Monnier) * newxidmap: allow running under alternative gid * usermod: check that shell is executable * Add yescript support * useradd memleak fixes * useradd: use built-in settings by default * getdefs: add foreign * buffer overflow fixes * Adding run-parts style for pre and post useradd/del - Refresh: * shadow-login_defs-unused-by-pam.patch * userdel-script.patch * useradd-script.patch * chkname-regex.patch * useradd-default.patch: bbf4b79 stopped shipping default file. change group in code now. * shadow-login_defs-suse.patch * useradd-userkeleton.patch - Remove because upstreamed:
- login.defs/MOTD_FILE: Use "" instead of blank entry [bsc#1187536] - Add /etc/login.defs.d directory
- Enable shadowgrp so that we can set more secure group passwords using shadow.
- Disable MOTD_FILE to allow the use of pam_motd to unify motd message output [bsc#1185897]. Else motd entries of e.g. cockpit will not be shown.
buildservice-autocommit
accepted
request 872327
from
Michael Vetter (jubalh)
(revision 102)
baserev update by copy to link target
Displaying revisions 61 - 80 of 181