Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:bmwiedemann:reproducible:distribution:ring0rb
shadow
shadow.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File shadow.changes of Package shadow
------------------------------------------------------------------- Mon Jun 24 13:02:56 UTC 2024 - Michael Vetter <mvetter@suse.com> - bsc#1226850: Drop incorrect econf patch (until time to fix it) Drop shadow-4.16.0-econf.patch ------------------------------------------------------------------- Wed Jun 19 06:51:45 UTC 2024 - Michael Vetter <mvetter@suse.com> - Update to 4.16.0: * The shadow implementations of id(1) and groups(1) are deprecated in favor of the GNU coreutils and binutils versions. They will be removed in 4.17.0. * The rlogind implementation has been removed. * The libsubid major version has been bumped, since it now requires specification of the module's free() implementation. - Update shadow-login_defs-suse.patch - Add shadow-4.16.0-econf.patch: Replace deprecated econf_readDirs with econf_readConfig ------------------------------------------------------------------- Sun Mar 24 09:06:48 UTC 2024 - Michael Vetter <mvetter@suse.com> - Update to 4.15.1: * Fix a bug that caused spurious error messages about unknown login.defs configuration options #967 * Adding checks for fd omission #964 * Use temporary stat buffer #974 * Fix wrong french translation #975 - Drop shadow-4.15.0-fix-definition.patch ------------------------------------------------------------------- Thu Mar 21 06:37:27 UTC 2024 - Michael Vetter <mvetter@suse.com> - Add shadow-4.15.0-fix-definition.patch: Fix error messages about config options. See gh/shadow-maint/shadow#967 ------------------------------------------------------------------- Sun Mar 10 07:02:35 UTC 2024 - Michael Vetter <mvetter@suse.com> - Update to 4.15.0 * libshadow: + Use utmpx instead of utmp. This fixes a regression introduced in 4.14.0. + Fix build error (parameter name omitted). * Build system: + Link correctly with libdl. + Install pam configs for chpasswd(8) and newusers(8) when using ./configure --with-libpam --disable-account-tools-setuid. + Merge libshadow and libmisc into a single libshadow. This fixes problems in the linker, which were reported at least in Gentoo. + Fix build with musl libc. + Support out of tree builds * useradd(8): + Set proper SELinux labels for def_usrtemplate - Update Serge Hallyns GPG key - Update shadow-login_defs-unused-by-pam.patch ------------------------------------------------------------------- Sun Mar 3 06:03:25 UTC 2024 - Michael Vetter <mvetter@suse.com> - Update to 4.14.6: * login(1): + Fix off-by-one bugs. * passwd(1): + Don't silently truncate passwords of length >= 200 characters. Instead, accept a length of PASS_MAX, and reject longer ones. * libshadow: + Fix calculation in strtoday(), which caused a wrong half-day offset in some cases (bsc#1176006) + Fix parsing of dates in get_date() (bsc#1176006) + Use utmpx instead of utmp. This fixes a regression introduced in 4.14.0. ------------------------------------------------------------------- Tue Feb 13 18:33:26 UTC 2024 - Michael Vetter <mvetter@suse.com> - Update to 4.14.5: * Build system: + Fix regression introduced in 4.14.4, due to a typo. chgpasswd had been deleted from a Makefile variable, but it should have been chpasswd. - Remove shadow-4.14.4-chgpasswd-typo.patch ------------------------------------------------------------------- Mon Feb 12 19:37:52 UTC 2024 - Michael Vetter <mvetter@suse.com> - Update to 4.14.4: * Build system: + Link correctly with libdl. + Install pam configs for chpasswd(8) and newusers(8) when using ./configure --with-libpam --disable-account-tools-setuid. * libshadow: + Fix build error (parameter name omitted). + Fix off-by-one bug. + Remove warning. - Add shadow-4.14.4-chgpasswd-typo.patch: to fix build. See #926 - Update patch macro `patchN` -> `patch -P N` ------------------------------------------------------------------- Tue Jan 16 06:57:35 UTC 2024 - Michael Vetter <mvetter@suse.com> - Update to 4.14.3: * libshadow: + Avoid null pointer dereference (#904) ------------------------------------------------------------------- Tue Jan 9 12:51:12 UTC 2024 - Michael Vetter <mvetter@suse.com> - bsc#1199026 bsc#1203823: Remove pam_keyinit from PAM configuration. This was introduced for bsc#1144060. ------------------------------------------------------------------- Mon Oct 30 07:20:29 UTC 2023 - Michael Vetter <mvetter@suse.com> - Update to 4.14.2: * libshadow: + Fix build with musl libc. + Avoid NULL dereference. + Update utmp at an initial login * useradd(8): + Set proper SELinux labels for def_usrtemplate * Manual: + Document --prefix in chage(1), chpasswd(8), and passwd(1) - Drop upstreamed shadow-4.14.0-selinux-labels.patch ------------------------------------------------------------------- Fri Oct 6 08:32:09 UTC 2023 - Michael Vetter <mvetter@suse.com> - Update to 4.14.1: Build system: Merge libshadow and libmisc into a single libshadow. This fixes problems in the linker, which were reported at least in Gentoo. #791 - Add Alejandro Colomar (new stable branch maintainer) to shadow.keyring ------------------------------------------------------------------- Tue Sep 26 13:20:59 UTC 2023 - Johannes Segitz <jsegitz@suse.com> - Add shadow-4.14.0-selinux-labels.patch: Set proper SELinux labels for new homedirs. See gh/shadow-maint/shadow#812. ------------------------------------------------------------------- Thu Aug 17 10:14:14 UTC 2023 - Michael Vetter <mvetter@suse.com> - Remove dependency on libbsd: On Tumbleweed we have glibc 2.38 already thus string functions like strlcpy will be present and won't be needed from libbsd. `readpassphrase()` is then the only function from libbsd not present. Upstream shadow has an in tree copy of it, that is used when the `--without-libbsd` flag is passed along. By relying on glibc 2.38 we don't need to add libbsd and libmd to our ring0 but can't easily upgrade on SLE. ------------------------------------------------------------------- Thu Aug 17 06:43:38 UTC 2023 - Michael Vetter <mvetter@suse.com> - Update to 4.14.0: * configure: add with-libbsd option * Code cleanup * Replace utmp interface #757 * new option enable-logind #674 * shadow userdel: add the adaptation to the busybox ps in 01-kill_user_procs.sh * chsh: warn if root sets a shell not listed in /etc/shells #535 * newgrp: fix potential string injection * lastlog: fix alignment of Latest header * Fix yescrypt support #748 * chgpasswd: Fix segfault in command-line options * gpasswd: Fix password leak * Add --prefix to passwd, chpasswd and chage #714 (bsc#1206627) * usermod: fix off-by-one issues #701 * ch(g)passwd: Check selinux permissions upon startup #675 * sub_[ug]id_{add,remove}: fix return values * chsh: Verify that login shell path is absolute #730 * process_prefix_flag: Drop privileges * run_parts for groupadd and groupdel #706 * newgrp/useradd: always set SIGCHLD to default * useradd/usermod: add --selinux-range argument #698 * sssd: skip flushing if executable does not exist #699 * semanage: Do not set default SELinux range #676 * Add control character check #687 * usermod: respect --prefix for --gid option * Fix null dereference in basename * newuidmap and newgidmap: support passing pid as fd * Prevent out of boundary access #633 * Explicitly override only newlines #633 * Correctly handle illegal system file in tz #633 * Supporting vendor given -shells- configuration file #599 * Warn if failed to read existing /etc/nsswitch.conf * chfn: new_fields: fix wrong fields printed * Allow supplementary groups to be added via config file #586 * useradd: check if subid range exists for user #592 (rh#2012929) - Refresh useradd-default.patch - Remove upstreamed patches: * useradd-userkeleton.patch * shadow-audit-no-id.patch * shadow-fix-print-login-timeout.patch * shadow-CVE-2023-29383.patch - Dont build lastlog (lastlog.legacy) anymore since we use lastlog2 by default now. - This release depends either on libbsd or on glibc >= 2.38 which only recently got released. libbsd (and libmd) would be new packages in our ring0 ------------------------------------------------------------------- Tue Apr 18 15:39:47 UTC 2023 - Michael Vetter <mvetter@suse.com> - bsc#1210507 (CVE-2023-29383): Check for control characters - Add shadow-CVE-2023-29383.patch ------------------------------------------------------------------- Wed Apr 12 12:08:43 UTC 2023 - Thorsten Kukuk <kukuk@suse.com> - Rename lastlog to lastlog.legacy to be able to switch to Y2038 safe lastlog2 as default [jsc#PED-3144] ------------------------------------------------------------------- Thu Feb 16 11:31:33 UTC 2023 - Michael Vetter <mvetter@suse.com> - Update shadow-fix-print-login-timeout.patch - Reorder source files and patches ------------------------------------------------------------------- Wed Feb 15 10:49:33 UTC 2023 - Ludwig Nussel <lnussel@suse.de> - Remove scripts that claim to be config but are in /usr (boo#1191578) * userdel-script.patch * useradd-script.patch * useradd.local * userdel-post.local * userdel-pre.local ------------------------------------------------------------------- Fri Jan 13 08:21:46 UTC 2023 - Michael Vetter <mvetter@suse.com> - Add shadow-fix-print-login-timeout.patch: Fix printing full login timeout message See gh/shadow-maint/shadow#621 ------------------------------------------------------------------- Fri Dec 16 10:04:44 UTC 2022 - Michael Vetter <mvetter@suse.com> - bsc#1205502: Fix useradd audit event logging of ID field * Add shadow-audit-no-id.patch See gh/shadow-maint/shadow#606 ------------------------------------------------------------------- Tue Nov 8 21:15:44 UTC 2022 - Michael Vetter <mvetter@suse.com> - Update to 4.13: * useradd.8: fix default group ID * Revert drop of subid_init() * Georgian translation * useradd: Avoid taking unneeded space: do not reset non-existent data in lastlog * relax username restrictions * selinux: check MLS enabled before setting serange * copy_tree: use fchmodat instead of chmod * copy_tree: don't block on FIFOs * add shell linter * copy_tree: carefully treat permissions * lib/commonio: make lock failures more detailed * lib: use strzero and memzero where applicable * Update Dutch translation * Don't test for NULL before calling free * Use libc MAX() and MIN() * chage: Fix regression in print_date * usermod: report error if homedir does not exist * libmisc: minimum id check for system accounts * fix usermod -rG x y wrongly adding a group * man: add missing space in useradd.8.xml * lastlog: check for localtime() return value * Raise limit for passwd and shadow entry length * Remove adduser-old.c * useradd: Fix buffer overflow when using a prefix * Don't warn when failed to open /etc/nsswitch.conf - Remove patches we took from upstream pre-release: * shadow-copytree-usermod-fifo.patch * shadow-chage-format.patch * shadow-prefix-overflow.patch - Remove chkname-regex.patch: Upstream now also relaxed the usernames requirements. They don't use regex for this but the result is similar. Plus they also check that the name is less than 32 characters long. - Rebase useradd-userkeleton.patch ------------------------------------------------------------------- Mon Nov 7 11:20:36 UTC 2022 - Michael Vetter <mvetter@suse.com> - Add shadow-copytree-usermod-fifo.patch: Fix regression that prevented `usermod -m` to work when their home directory contained at least one fifo See https://github.com/shadow-maint/shadow/pull/565 ------------------------------------------------------------------- Wed Nov 2 10:59:16 UTC 2022 - Michael Vetter <mvetter@suse.com> - bsc#1204811: Fix chage date format string regression * Add shadow-chage-format.patch ------------------------------------------------------------------- Mon Oct 24 22:04:41 UTC 2022 - Michael Vetter <mvetter@suse.com> - Add shadow-prefix-overflow.patch: Fix buffer overflow when calling useradd with --prefix See https://github.com/shadow-maint/shadow/pull/588 ------------------------------------------------------------------- Mon Aug 22 13:59:35 UTC 2022 - Michael Vetter <mvetter@suse.com> - Update to 4.12.3: Revert removal of subid_init, which should have bumped soname. So note that 4.12 through 4.12.2 were broken for subid users. ------------------------------------------------------------------- Fri Aug 19 06:32:28 UTC 2022 - Michael Vetter <mvetter@suse.com> - Update to 4.12.2: * Address CVE-2013-4235 (TOCTTOU when copying directories) [bsc#916845] - Refresh useradd-userkeleton.patch: LSTAT() was removed with https://github.com/shadow-maint/shadow/pull/545 Let's use fstatat() now. ------------------------------------------------------------------- Mon Aug 15 17:42:01 UTC 2022 - Michael Vetter <mvetter@suse.com> - Update to 4.12.1: * Fix uk manpages - Remove shadow-4.12-remove-uk.patch: fixed upstream ------------------------------------------------------------------- Fri Aug 12 06:05:35 UTC 2022 - Michael Vetter <mvetter@suse.com> - Update to 4.12: * Add absolute path hint to --root * Various cleanups * Fix Ubuntu release used in CI tests * add -F options to userad * useradd manpage updates * Check for ownerid (not just username) in subid ranges * Declare file local functions static * Use strict prototypes * Do not drop const qualifier for Basename * Constify various pointers * Don't return uninitialized memory * Don't let compiler optimize away memory cleaning * Remove many obsolete compatibility checks and defines * Modify ID range check in useradd * Use "extern "C"" to make libsubid easier to use from C++ * French translation updates * Fix s/with-pam/with-libpam/ * Spanish translation updates * French translation fixes * Default max group name length to 32 * Fix PAM service files without-selinux * Improve manpages - groupadd, useradd, usermod - groups and id - pwck * Add fedora to CI builds * Fix condition under which pw_dir check happens * logoutd: switch to strncat * AUTHORS: improve markdown output * Handle ERANGE errors correctly * Check for fopen NULL return * Split get_salt() into its own fn juyin) * Get salt before chroot to ensure /dev/urandom. * Chpasswd code cleanup * Work around git safe.directory enforcement * Alphabetize order in usermod help * Erase password copy on error branches * Suggest using --badname if needed * Update translation files * Correct badnames option to badname * configure: replace obsolete autoconf macros * tests: replace egrep with grep -E * Update Ukrainian translations * Cleanups - Remove redeclared variable - Remove commented out code and FIXMEs - Add header guards - Initialize local variables * CI updates - Create github workflow to install dependencies - Enable CodeQL - Update actions version * libmisc: use /dev/urandom as fallback if other methods fail - Add shadow-4.12-remove-uk.patch: Disable non working Ukranian translation for now https://github.com/shadow-maint/shadow/issues/547 ------------------------------------------------------------------- Tue Aug 9 06:29:07 UTC 2022 - Thorsten Kukuk <kukuk@suse.com> - Remove duplicate pam.d/useradd entry - Provide /etc/login.defs.d on SLE15 since we support and use it ------------------------------------------------------------------- Mon Aug 8 13:00:46 UTC 2022 - Thorsten Kukuk <kukuk@suse.com> - Use %_pam_vendordir macro ------------------------------------------------------------------- Wed Jan 12 16:52:39 UTC 2022 - Stanislav Brabec <sbrabec@suse.com> - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954). ------------------------------------------------------------------- Mon Jan 3 10:36:15 UTC 2022 - Michael Vetter <mvetter@suse.com> - Update to 4.11.1: * build: include lib/shadowlog_internal.h in dist tarballs ------------------------------------------------------------------- Mon Jan 3 10:35:30 UTC 2022 - Michael Vetter <mvetter@suse.com> - Update to 4.11: * Handle possible TOCTTOU issues in usermod/userdel - (CVE-2013-4235) - Use O_NOFOLLOW when copying file - Kill all user tasks in userdel * Fix useradd -D segfault * Clean up obsolete libc feature-check ifdefs * Fix -fno-common build breaks due to duplicate Prog declarations * Have single date_to_str definition * Fix libsubid SONAME version * Clarify licensing info, use SPDX. ------------------------------------------------------------------- Mon Jan 3 10:29:39 UTC 2022 - Michael Vetter <mvetter@suse.com> - Update to 4.10: * From this release forward, su from this package should be considered deprecated. Please replace any users of it with su from util-linux * libsubid fixes * Rename the test program list_subid_ranges to getsubids, write a manpage, so distros can ship it. * Add libeconf dep for new*idmap * Allow all group types with usermod -G * Avoid useradd generating empty subid range * Handle NULL pw_passwd * Fix default value SHA_get_salt_rounds * Use https where possible in README * Update content and format of README * Translation updates * Switch from xml2po to itstool in 'make dist' * Fix double frees * Add LOG_INIT configurable to useradd * Add CREATE_MAIL_SPOOL documentation * Create a security.md * Fix su never being SIGKILLd when trapping TERM * Fix wrong SELinux labels in several possible cases * Fix missing chmod in chadowtb_move * Handle malformed hushlogins entries * Fix groupdel segv when passwd does not exist * Fix covscan-found newgrp segfault * Remove trailing slash on hoedir * Fix passwd -l message - it does not change expirey * Fix SIGCHLD handling bugs in su and vipw * Remove special case for "" in usermod * Implement usermod -rG to remove a specific group * call pam_end() after fork in child path for su and login * useradd: In absence of /etc/passwd, assume 0 == root * lib: check NULL before freeing data * Fix pwck segfault - Remove because upstreamed: * shadow-4.9-pwck-segfault.patch * shadow-4.9-newgrp-segfault.patch * shadow-4.9-useradd-subuid.patch * shadow-4.9-sgent-free.patch * shadow-passwd-handle-null.patch * shadow-fix-sigabrt.patch * shadow-libeconf-include.patch * libsubid-build-fix.patch - Refreshed: * shadow-util-linux.patch * shadow.changes * shadow.keyring * shadow.spec * useradd-script.patch * useradd-userkeleton.patch * userdel-script.patch - Update shadow.keyring: * Serge Hallyn serge@hallyn.com (B175CFA98F192AF2) * Christian Brauner christian@brauner.io (4880B8C9BD0E5106FC070F4F7B3C391EFEA93624) ------------------------------------------------------------------- Tue Nov 30 17:12:40 UTC 2021 - Thorsten Kukuk <kukuk@suse.com> - Really enable USERGROUPS_ENAB [bsc#1189139]. Did go lost during merges. ------------------------------------------------------------------- Thu Nov 18 13:46:03 UTC 2021 - Michael Vetter <mvetter@suse.com> - Fix segfaults in newgrp and pwck * Add shadow-4.9-newgrp-segfault.patch https://github.com/shadow-maint/shadow/pull/437 * Add shadow-4.9-pwck-segfault.patch https://github.com/shadow-maint/shadow/pull/445 ------------------------------------------------------------------- Tue Nov 16 15:58:46 UTC 2021 - Johannes Segitz <jsegitz@suse.com> - Added hardening to systemd service(s) (bsc#1181400). Modified: * shadow.service ------------------------------------------------------------------- Tue Nov 9 01:39:44 UTC 2021 - Stanislav Brabec <sbrabec@suse.com> - shadow-util-linux.patch: * Remove the section patching lib/getdef.c in favor of the upstream FOREIGNDEFS. * Add LOGIN_KEEP_USERNAME to login.defs. * Remove PREVENT_NO_AUTH from login.defs. Only used by the unpackaged login and su. - shadow-login_defs-unused-by-pam.patch: * Remove variables BCRYPT_MIN_ROUNDS, BCRYPT_MAX_ROUNDS, YESCRYPT_COST_FACTOR, not supported by the current configuratiton. - Update login_defs-support-for-pam symbol to version 1.5.2 (support for new variable HMAC_CRYPTO_ALGO). - Update login_defs-support-for-util-linux to version 2.37 (support for new variable LOGIN_KEEP_USERNAME). - Refresh shadow-login_defs-comments.patch and shadow-login_defs-suse.patch. - Improve shadow-login_defs-check.sh: * Add helper to import local new version in the parent dir. * Fix spec editing sed expression. * Add PREVENT_NO_AUTH to known unused variables. * Update pam sed expression to find HMAC_CRYPTO_ALGO. * Add more sanity checks. ------------------------------------------------------------------- Mon Sep 20 09:43:41 UTC 2021 - Michael Vetter <mvetter@suse.com> - bsc#1190146: Fix empty subid range Add shadow-4.9-useradd-subuid.patch https://github.com/shadow-maint/shadow/pull/399 ------------------------------------------------------------------- Mon Sep 20 09:09:13 UTC 2021 - Michael Vetter <mvetter@suse.com> - bsc#1190145: Fix double free in gpasswd: Add shadow-4.9-sgent-free.patch upstreamed as https://github.com/shadow-maint/shadow/pull/417 ------------------------------------------------------------------- Tue Sep 7 15:08:19 UTC 2021 - Michael Vetter <mvetter@suse.com> - Fix shadow-login_defs-check.sh: In the last update we switched from calling make to %make_build macro. Using sed to adapt the spec file now. ------------------------------------------------------------------- Wed Aug 18 15:17:52 UTC 2021 - Thorsten Kukuk <kukuk@suse.com> - libsubid-devel: add missing requires for libsubid3 - Remove README.changes-pwdutils, all distros you can upgrade from use already shadow ------------------------------------------------------------------- Wed Aug 18 14:59:15 UTC 2021 - Thorsten Kukuk <kukuk@suse.com> - login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to be compatible with other Linux distros and the other tools creating user accounts in use on openSUSE. Set HOME_MODE to 700 for security reasons and compatibility. [bsc#1189139] [bsc#1182850] ------------------------------------------------------------------- Tue Aug 17 15:08:09 UTC 2021 - Michael Vetter <mvetter@suse.com> - Update to 4.9: * Updated translations * Major salt updates * Various coverity and cleanup fixes * Consistently use 0 to disable PASS_MIN_DAYS in man * Implement NSS support for subids and a libsubid * setfcap: retain setfcap when mapping uid 0 * login.defs: include HMAC_CRYPTO_ALGO key * selinux fixes * Fix path prefix path handling * Manpage updates * Treat an empty passwd field as invalid(Haelwenn Monnier) * newxidmap: allow running under alternative gid * usermod: check that shell is executable * Add yescript support * useradd memleak fixes * useradd: use built-in settings by default * getdefs: add foreign * buffer overflow fixes * Adding run-parts style for pre and post useradd/del - Refresh: * shadow-login_defs-unused-by-pam.patch * userdel-script.patch * useradd-script.patch * chkname-regex.patch * useradd-default.patch: bbf4b79 stopped shipping default file. change group in code now. * shadow-login_defs-suse.patch * useradd-userkeleton.patch - Remove because upstreamed: * shadow-4.1.5.1-userdel-helpfix.patch * shadow-4.1.5.1-logmsg.patch - Add libsubid-build-fix.patch: See https://github.com/shadow-maint/shadow/issues/387 - Add shadow-libeconf-include.patch: See c6847011e8b656adacd9a0d2a78418cad0de34cb - Add shadow-fix-sigabrt.patch: See https://github.com/shadow-maint/shadow/issues/394 - Add shadow-passwd-handle-null.patch [bsc#1188307]: See https://github.com/shadow-maint/shadow/pull/398 - Remove %{_sysconfdir}/default/useradd: file not shipped anymore - Remove --disable-shared: Dont need it anymore See https://github.com/shadow-maint/shadow/issues/336 ------------------------------------------------------------------- Thu Jul 1 11:51:39 UTC 2021 - Thorsten Kukuk <kukuk@suse.com> - login.defs/MOTD_FILE: Use "" instead of blank entry [bsc#1187536] - Add /etc/login.defs.d directory ------------------------------------------------------------------- Sat Jun 5 13:38:52 UTC 2021 - Maurizio Galli <maurizio.galli@gmail.com> - Enable shadowgrp so that we can set more secure group passwords using shadow. ------------------------------------------------------------------- Fri Jun 4 07:46:34 UTC 2021 - Thorsten Kukuk <kukuk@suse.com> - Disable MOTD_FILE to allow the use of pam_motd to unify motd message output [bsc#1185897]. Else motd entries of e.g. cockpit will not be shown. ------------------------------------------------------------------- Thu Jan 28 22:28:02 UTC 2021 - Stanislav Brabec <sbrabec@suse.com> - Do not require libeconf-devel on products without /usr/etc. ------------------------------------------------------------------- Thu Jan 21 06:52:30 UTC 2021 - Thorsten Kukuk <kukuk@suse.com> - Split login.defs configuration file into own sub-package, which allows to install util-linux or pam on small embedded/edge systems or container without the need to pull in the full shadow suite. ------------------------------------------------------------------- Wed Nov 11 14:38:13 UTC 2020 - Fabian Vogt <fvogt@suse.com> - Amend patches/useradd-userkeleton.patch to also write into existing directories and prefer files from /etc ------------------------------------------------------------------- Wed Nov 11 11:28:09 UTC 2020 - Dr. Werner Fink <werner@suse.de> - Add patch useradd-userkeleton.patch to extend original C code of useradd to handle /usr/etc/skel (boo#1173321) - Remove /usr/etc/skel support in useradd.local script ------------------------------------------------------------------- Mon Nov 2 15:54:02 UTC 2020 - Dr. Werner Fink <werner@suse.de> - Change again useradd.local script to let it work even for system accounts and work together with SELinux (bsc#1178296) - Change patch useradd-script.patch to support the four arguments used by the useradd.local script (bsc#1178296) ------------------------------------------------------------------- Fri Oct 9 13:12:11 UTC 2020 - Dr. Werner Fink <werner@suse.de> - Add support for /usr/etc/skel to useradd.local script (boo#1173321) ------------------------------------------------------------------- Thu Oct 8 03:16:58 UTC 2020 - Stanislav Brabec <sbrabec@suse.com> - shadow-login_defs-check.sh: Fix the regexp to get a real variable list (boo#1164274). ------------------------------------------------------------------- Tue Sep 8 00:56:37 UTC 2020 - Stanislav Brabec <sbrabec@suse.com> - login.defs: Add support for new util-linux-2.36 login variable MOTD_FIRSTONLY (shadow-util-linux.patch). - shadow-login_defs-comments.patch: Remove duplicated LASTLOG_UID_MAX. - shadow-login_defs-check.sh: Update for new build system. - shadow-util-linux.patch: Restore lost chunk: SYSLOG_SU_ENAB is not used in SUSE Linux. - Refresh shadow-login_defs-suse.patch and shadow-login_defs-comments.patch. ------------------------------------------------------------------- Fri May 22 11:21:15 UTC 2020 - Fabian Vogt <fvogt@suse.com> - Use pure #!/bin/sh in: * useradd.local * userdel-post.local * userdel-pre.local ------------------------------------------------------------------- Fri Jan 24 08:09:23 UTC 2020 - Michael Vetter <mvetter@suse.com> - Update to 4.8.1: * selinux: include stdio * man: don't suggest making groupmems user-writeable * Makefile: bail out on error in for loops * Adding logging of SSH_ORIGINAL_COMMAND to nologin * add new HOME_MODE login.defs option * Add tty logging to useradd * Useradd: make non-executable shell check only a warning * Update Dutch translation * user_busy: Do not mistake a regular user process for a namespaced one * Revert "Honor --sbindir and --bindir for binary installation" - Remove shadow-4.8-shell-check.patch: included - Remove shadow-4.8-selinux-include.patch: upstreamed ------------------------------------------------------------------- Mon Jan 20 10:36:20 UTC 2020 - Michael Vetter <mvetter@suse.com> - Set 0755 for chpasswd, groupadd, groupdel, groupmod, newusers, useradd, userdel, usermod explicitly. ------------------------------------------------------------------- Thu Jan 16 12:54:39 UTC 2020 - Michael Vetter <mvetter@suse.com> - bsc#1160729: Make valid shell check only a warning * Add shadow-4.8-shell-check.patch ------------------------------------------------------------------- Tue Dec 17 12:43:01 UTC 2019 - Michael Vetter <mvetter@suse.com> - Update to 4.8: * Initial optional bcrypt support. * Make build/install of 'su' optional. * Fix for vipw not resuming correctly when suspended * Sync password field descriptions in manpages * Check for valid shell argument in useradd * Allow translation of new strings through POTFILES.in * Migrate to itstool for translations * Migrate to new SELinux api * Support --enable-vendordir * pwck: Only check homedir if set and not a system user * Support nonstandard usernames * sget{pw,gr}ent: check for data at EOL * Add YYY-MM-DD support in chage * Fix failing chmod calls for suidubins * Fix --sbindir and --bindir for binary installations * Fix LASTLOG_UID_MAX in login.defs * Fix configure error with dash - Remove because upstreamed: * libeconf.patch * shadow-usermod-variable.patch - Rebase: * shadow-login_defs-unused-by-pam.patch * chkname-regex.patch * shadow-util-linux.patch * shadow-login_defs-comments.patch - Add shadow-4.8-selinux-include.patch See https://github.com/shadow-maint/shadow/pull/200 ------------------------------------------------------------------- Mon Oct 7 09:50:30 CEST 2019 - kukuk@suse.de - libeconf.patch: Add support for libeconf and /usr/etc for login.defs. - Move first configuration files and pam config files to /usr/etc ------------------------------------------------------------------- Mon Sep 2 11:12:59 UTC 2019 - mvetter@suse.com - bsc#1144060: Add pam_keyinit.so to /etc/pam.d configuration files to support kernel keyring feature - Update pamd.tar.bz2 with pam configuration files accordingly ------------------------------------------------------------------- Mon Aug 19 14:50:02 CEST 2019 - kukuk@suse.de - encryption_method_nis.patch: drop, DES should really not be used anymore anywhere, even with NIS - shadow-login_defs-suse.patch: remove encryption NIS entry ------------------------------------------------------------------- Fri Jul 26 23:44:56 CEST 2019 - sbrabec@suse.com - Fix incorrect variable name in usermod (shadow-usermod-variable.patch). - shadow-login_defs-comments.patch: * Drop SHA_CRYPT_*_ROUNDS that are in the upstream login.defs. * Add missing LASTLOG_UID_MAX. * Refresh shadow-login_defs-suse.patch. - Port shadow-login_defs-check.sh to match the current spec file and login.defs. ------------------------------------------------------------------- Thu Jul 25 15:27:15 CEST 2019 - kukuk@suse.de - Provide "useradd_or_adduser_dep" for sysuser-shadow ------------------------------------------------------------------- Sat Jul 20 02:11:10 CEST 2019 - sbrabec@suse.com - shadow-login_defs-suse.patch: Set ALWAYS_SET_PATH default to "yes" (bsc#353876#c7). ------------------------------------------------------------------- Fri Jul 19 10:19:44 UTC 2019 - sbrabec@suse.com - Fix comment about patch in spec file ------------------------------------------------------------------- Fri Jun 14 06:20:46 UTC 2019 - mvetter@suse.com - Update to 4.7: * Spawn: don't loop forever on ECHILD * Do not fail locking if there is a stale lockfile (Tomas Mraz) * Use lckpwdf if prefix not set (Tomas Mraz) * Build: check correct DocBook version (Jan Tojnar) * Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn) * Add support for btrfs subvolumes for home (Adam Majer) * Fix chpasswd long line handling (Nathan Ruiz) * Use secure_getenv for gettime (Chris Lamb) * Make sp_lstchg reproducible (Chris Lamb) * Do not crash commonio_close if db file is not open (Tomas Mraz) * Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez) * French manpage update (Alban VIDAL) * Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz) * Sync po files from shadow.pot (Alban VIDAL) * Usermod: guard against unsafe chown of homedir contents (Tomas Mraz) * Add LASTLOG_UID_MAX to login.defs (Tomas Mraz) * new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner) * Fix segfault in useradd (bsc#1141113, Tomas Mraz) * Coverity issues (Tomas Mraz) * Flush sssd caches (Jakub Hrozek) * Log UID in nologin (Vladimir Ivanov) * run pam_getenvlist after setup_env in su.c (Michael Vogt) * Support systems with only utmpx (A. Wilcox) * Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal)) * Update po/zh_CN translation (Lion Yang) * Create parent dirs for useradd -m (Michael Vetter) * Prevent usermod segv * Fix usermod crash (fariouche) - Remove btrfs-subvolumes.patch (fate#316134): upstreamed: https://github.com/shadow-maint/shadow/pull/149 - Remove useradd-mkdirs.patch (bsc#865563): upstreamed https://github.com/shadow-maint/shadow/pull/112 - Remove shadow-4.6.0-fix-usermod-prefix-crash.patch upstreamed https://github.com/shadow-maint/shadow/issues/110 - Remove shadow-4.6-bsc1141113-useradd-segfault.patch (SLE15 SP3 and openSUSE Leap 15.3 only) upstreamed https://github.com/shadow-maint/shadow/issues/125 - Rebase userdel-script.patch - Rebase useradd-script.patch - Rebase shadow-util-linux.patch ------------------------------------------------------------------- Thu May 30 11:15:49 UTC 2019 - Martin Pluskal <mpluskal@suse.com> - Make building more verbose - Use spec-cleaner ------------------------------------------------------------------- Thu May 2 09:45:48 UTC 2019 - lnussel@suse.de - don't specify MOTD_FILE in login.defs but fall back to built in defaults of login (boo#1133929) ------------------------------------------------------------------- Tue Apr 30 22:27:14 CEST 2019 - sbrabec@suse.com - Split shadow-login_defs.patch hunks to its logical components (bsc#1121197): * shadow-login_defs-unused-by-pam.patch * shadow-login_defs-comments.patch * shadow-util-linux.patch * shadow-login_defs-suse.patch * Move appropriate hunks to chkname-regex.patch and encryption_method_nis.patch * Remove GROUPADD_CMD that is not supported (bsc#1121197#c14). - Split getdef-new-defs.patch hunks to its logical components (bsc#1121197): * encryption_method_nis.patch * chkname-regex.patch * shadow-util-linux.patch Add support for login: ALWAYS_SET_PATH and LOGIN_PLAIN_PROMPT. * useradd-script.patch, userdel-script.patch * Remove duplicated definitions of MOTD_FILE and ENV_PATH. - Add shadow-login_defs-unused-check.sh to allow verification of login.defs variable usage (bsc#1121197). - Add virtual symbols for login.defs compatibility (bsc#1121197). ------------------------------------------------------------------- Wed Jan 23 09:35:01 UTC 2019 - adam.majer@suse.de - btrfs-subvolumes.patch: implement support for creating user home directories on btrfs subvolumes (fate#316134) ------------------------------------------------------------------- Wed Oct 31 14:17:29 UTC 2018 - Valentin Rothberg <vrothberg@suse.com> - Add empty /etc/sub{u,g}id files. useradd and usermod add entries for users only when those files exist. Having those entries is a requirement to create user namespaces, for instance, when running podman as a non-root user. ------------------------------------------------------------------- Mon May 14 12:45:42 UTC 2018 - mvetter@suse.com - Update to 4.6: * Newgrp: avoid unnecessary lookups * Make language less binary * Add error when turning off man switch * Spelling fixes * Make userdel work with -R * newgidmap: enforce setgroups=deny if self-mapping a group * Norwegian bokmål translation * pwck: prevent crash by not passing O_CREAT * WITH_TCB fixes from Mandriva * Fix pwconv and grpconv entry skips * Fix -- slurping in su * add --prefix option - Remove CVE-2018-7169.patch: upstreamed - Remove shadow-4.1.5.1-pam_group.patch: upstreamed - Update userdel-script.patch: change due to prefix - Update useradd-mkdirs.patch: change due to prefix Additionally changed in that patch (bsc#1106914): * Test for strdup() failure * Directory to 0755 instead 0777 - Add shadow-4.6.0-fix-usermod-prefix-crash.patch: Fixes crash in usermod when called with --prefix. See https://github.com/shadow-maint/shadow/issues/110 ------------------------------------------------------------------- Thu Feb 22 15:10:45 UTC 2018 - fvogt@suse.com - Use %license (boo#1082318) ------------------------------------------------------------------- Fri Feb 16 08:39:08 UTC 2018 - kbabioch@suse.com - Added CVE-2018-7169.patch: Fixed an privilege escalation in newgidmap, which allowed an unprivileged user to be placed in a user namespace where setgroups(2) is allowed. (CVE-2018-7169 bsc#1081294) ------------------------------------------------------------------- Wed Nov 8 12:39:12 UTC 2017 - mvetter@suse.com - bsc#1061838: Revert: Requires: group(mail) Introduced circular dependency ------------------------------------------------------------------- Fri Oct 13 15:44:28 UTC 2017 - adam.majer@suse.de - Revert accidentalied prerequisites. Use PreReq for permissions ------------------------------------------------------------------- Thu Oct 12 08:59:28 UTC 2017 - schwab@suse.de - Prequire group(shadow), group(root), user(root) ------------------------------------------------------------------- Mon Oct 9 11:53:44 UTC 2017 - mvetter@suse.com - bsc#1061838: Add Requires for group(mail) ------------------------------------------------------------------- Thu Sep 14 08:18:27 UTC 2017 - mvetter@suse.com - boo#1048645: Set suid bit for newuidmap and newgimap ------------------------------------------------------------------- Thu Sep 14 08:17:08 UTC 2017 - mvetter@suse.com - Revert the changes for bsc#1023895 back Pulls in too many deps into ring0. Next version of shadow plans to have no conditional man pages. ------------------------------------------------------------------- Fri Sep 8 11:41:13 UTC 2017 - mvetter@suse.com - run spec-cleaner - bsc#1023895: man page contained invalid options because they depend on compile flags and we shipped pre built ones. New BuildRequires: docbook-xsl-stylesheets docbook_4 xml2po xsltproc ------------------------------------------------------------------- Thu Jun 8 17:00:57 CEST 2017 - kukuk@suse.de - Adjust requires (we need user/group root instead of aaa_base now) ------------------------------------------------------------------- Mon May 22 13:31:25 UTC 2017 - adam.majer@suse.de - New upstream version 4.5 - Refreshed patches: * shadow-login_defs.patch * chkname-regex.patch * getdef-new-defs.patch * useradd-mkdirs.patch - Upstreamed patches: * shadow-4.1.5.1-manfix.patch * shadow-4.1.5.1-errmsg.patch * shadow-4.1.5.1-backup-mode.patch * shadow-4.1.5.1-audit-owner.patch * shadow-4.2.1-defs-chroot.patch * shadow-4.2.1-merge-group.patch * Fix-user-busy-errors-at-userdel.patch * useradd-clear-tallylog.patch - shadow-4.1.5.1-pam_group.patch dynamically added users via pam_group are not listed in groups databases but are still valid - shadow.keyring: update keyring with current maintainer's keyid only - Serge Hallyn 'F1D08DB778185BF784002DFFE9FEEA06A85E3F9D' - disable_new_audit_function.patch: Disable newer libaudit functionality for older distributions ------------------------------------------------------------------- Mon Feb 20 07:28:24 UTC 2017 - josef.moellers@suse.com - useradd: call external program "/sbin/pam_tally2" to reset failed login counter in "/var/log/tallylog" (bsc#980486, useradd-clear-tallylog.patch) ------------------------------------------------------------------- Wed Nov 2 07:41:51 UTC 2016 - meissner@suse.com - add keyring, three public keys from https://pkg-shadow.alioth.debian.org/download.php ------------------------------------------------------------------- Tue Oct 18 15:55:43 UTC 2016 - mvetter@suse.com - bsc#1002975: Use permissions according to permissions package and dont try to manipulate them in %files section. ------------------------------------------------------------------- Wed Sep 14 07:46:33 UTC 2016 - mvetter@suse.com - boo#994486: Include shadow.5 manpage Previously this was provided by man-pages package in the man-pages-addons tarball which got removed later on. ------------------------------------------------------------------- Tue May 31 06:48:41 UTC 2016 - mvetter@suse.com - Add package dependency for aaa_base, fixing bnc#899409 (was done by tbehrens@suse.com but not submitted to Factory) ------------------------------------------------------------------- Mon May 30 09:41:55 UTC 2016 - mvetter@suse.com - shadow 4.2.1 requested by fate#320422 - bsc#979069: Dont include shadow-4.1.5.1-bug935203-manpage.patch - Dont set SUID bit yet. Once bsc#979282 is through, which will adapt the permissions package, we can enable the SUID bits. Remove the files used to circumvent the check. - Remove: * shadow-rpmlintrc * shadow-subids * shadow-subids.easy * shadow-subids.secure * shadow-subids.paranoid ------------------------------------------------------------------- Thu May 19 12:28:47 UTC 2016 - christian.brauner@mailbox.org - Update to shadow-4.2.1: - add support for subuids/subgids via newuidmap/newgidmap - Rename chkname-regex.diff to chkname-regex.patch - Rename encryption_method_nis.diff to encryption_method_nis.patch - Rename getdef-new-defs.diff to getdef-new-defs.patch - Rename shadow-login_defs.diff to shadow-login_defs.patch - Rename userdel-scripts.diff to userdel-script.patch - Rename useradd-script.diff to useradd-script.patch - Rename useradd-default.diff to useradd-default.patch - Rename useradd-mkdirs.diff to useradd-mkdirs.patch - Add fixes from Red Hat/Fedora: - shadow-4.1.5.1-audit-owner.patch.patch: - log owner changes for home directory - shadow-4.1.5.1-userdel-helpfix.patch.patch: - give a hint about what happens when you force the removal of a user - shadow-4.2.1-defs-chroot.patch.patch: - initialize uid_t uid_min and uid_t uid_max not before we need them - shadow-4.2.1-merge-group.patch.patch: - simplify by using a single call to snprintf() - Add upstream fix - Fix-user-busy-errors-at-userdel.patch: - call sub_uid_close() ------------------------------------------------------------------- Fri Jan 15 11:08:29 UTC 2016 - fvogt@suse.com - Moved call from %verifyscript into %post: * Caused call to %service_add_post shadow.service shadow.timer during rpm -qV shadow ------------------------------------------------------------------- Wed Jul 15 13:25:11 UTC 2015 - jkeil@suse.de - Add systemd unit files to continuously check password & groupfile integrity * Idea from Arch Linux * pending request to systemd-presets-branding-openSUSE to enable by default ------------------------------------------------------------------- Mon Mar 31 22:00:00 UTC 2014 - tbehrens@suse.com - Add patch useradd-mkdirs.diff: fix for bnc#865563, create all parts of the path ------------------------------------------------------------------- Fri Nov 22 10:15:25 UTC 2013 - werner@suse.de - Stop any systemd user manager instance in case a user entry will be deleted (bnc#849870). Nevertheless a running process requires the option --force for the userdel command. ------------------------------------------------------------------- Tue Nov 12 14:47:30 CET 2013 - kukuk@suse.de - Add ENCRYPT_METHOD_NIS for pam_unix.so (encryption_method_nis.diff) ------------------------------------------------------------------- Tue Sep 17 14:56:44 CEST 2013 - kukuk@suse.de - Add some fixes from Fedora: - shadow-4.1.5.1-backup-mode.patch: open backup file with correct permissions. - shadow-4.1.5.1-logmsg.patch: fix error message - shadow-4.1.5.1-errmsg.patch: print error reason - shadow-4.1.5.1-manfix.patch: fix manual page ------------------------------------------------------------------- Tue Feb 5 13:19:46 CET 2013 - kukuk@suse.de - Cleanup login.defs and enable ENCRYPT_METHOD [bnc#802006] ------------------------------------------------------------------- Tue Nov 13 17:31:50 CET 2012 - kukuk@suse.de - Fix getdef default variables (getdef-new-defs.diff) ------------------------------------------------------------------- Tue Nov 13 10:36:28 CET 2012 - kukuk@suse.de - Fix default group value in /etc/default/useradd (useradd-default.diff) ------------------------------------------------------------------- Thu Sep 27 15:20:44 CEST 2012 - kukuk@suse.de - Implement CHARACTER_CLASS support (chkname-regex.diff) ------------------------------------------------------------------- Wed Sep 26 15:20:06 CEST 2012 - kukuk@suse.de - Add support for useradd.local (useradd-script.diff) ------------------------------------------------------------------- Tue Sep 25 16:22:18 CEST 2012 - kukuk@suse.de - Fix spec file - Adjust login.defs (shadow-login_defs.diff) - Add userdel*.local script support and scrips (userdel-scripts.diff) ------------------------------------------------------------------- Mon Sep 24 16:04:03 CEST 2012 - kukuk@suse.de - Initial package [FATE#314473]
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor