Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2021-09-22 22:12:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shadow" Wed Sep 22 22:12:46 2021 rev:44 rq:920286 version:4.9 Changes: -------- --- /work/SRC/openSUSE:Factory/shadow/shadow.changes 2021-07-06 23:30:01.112714588 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new.1899/shadow.changes 2021-09-22 22:12:47.508314781 +0200 @@ -1,0 +2,83 @@ +Mon Sep 20 09:43:41 UTC 2021 - Michael Vetter <[email protected]> + +- bsc#1190146: Fix empty subid range + Add shadow-4.9-useradd-subuid.patch + https://github.com/shadow-maint/shadow/pull/399 + +------------------------------------------------------------------- +Mon Sep 20 09:09:13 UTC 2021 - Michael Vetter <[email protected]> + +- bsc#1190145: Fix double free in gpasswd: + Add shadow-4.9-sgent-free.patch upstreamed as + https://github.com/shadow-maint/shadow/pull/417 + +------------------------------------------------------------------- +Tue Sep 7 15:08:19 UTC 2021 - Michael Vetter <[email protected]> + +- Fix shadow-login_defs-check.sh: + In the last update we switched from calling make to %make_build + macro. Using sed to adapt the spec file now. + +------------------------------------------------------------------- +Wed Aug 18 15:17:52 UTC 2021 - Thorsten Kukuk <[email protected]> + +- libsubid-devel: add missing requires for libsubid3 +- Remove README.changes-pwdutils, all distros you can upgrade from + use already shadow + +------------------------------------------------------------------- +Wed Aug 18 14:59:15 UTC 2021 - Thorsten Kukuk <[email protected]> + +- login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to + be compatible with other Linux distros and the other tools + creating user accounts in use on openSUSE. Set HOME_MODE to 700 + for security reasons and compatibility. [bsc#1189139] [bsc#1182850] + +------------------------------------------------------------------- +Tue Aug 17 15:08:09 UTC 2021 - Michael Vetter <[email protected]> + +- Update to 4.9: + * Updated translations + * Major salt updates + * Various coverity and cleanup fixes + * Consistently use 0 to disable PASS_MIN_DAYS in man + * Implement NSS support for subids and a libsubid + * setfcap: retain setfcap when mapping uid 0 + * login.defs: include HMAC_CRYPTO_ALGO key + * selinux fixes + * Fix path prefix path handling + * Manpage updates + * Treat an empty passwd field as invalid(Haelwenn Monnier) + * newxidmap: allow running under alternative gid + * usermod: check that shell is executable + * Add yescript support + * useradd memleak fixes + * useradd: use built-in settings by default + * getdefs: add foreign + * buffer overflow fixes + * Adding run-parts style for pre and post useradd/del +- Refresh: + * shadow-login_defs-unused-by-pam.patch + * userdel-script.patch + * useradd-script.patch + * chkname-regex.patch + * useradd-default.patch: bbf4b79 stopped shipping default file. + change group in code now. + * shadow-login_defs-suse.patch + * useradd-userkeleton.patch +- Remove because upstreamed: + * shadow-4.1.5.1-userdel-helpfix.patch + * shadow-4.1.5.1-logmsg.patch +- Add libsubid-build-fix.patch: + See https://github.com/shadow-maint/shadow/issues/387 +- Add shadow-libeconf-include.patch: + See c6847011e8b656adacd9a0d2a78418cad0de34cb +- Add shadow-fix-sigabrt.patch: + See https://github.com/shadow-maint/shadow/issues/394 +- Add shadow-passwd-handle-null.patch [bsc#1188307]: + See https://github.com/shadow-maint/shadow/pull/398 +- Remove %{_sysconfdir}/default/useradd: file not shipped anymore +- Remove --disable-shared: Dont need it anymore + See https://github.com/shadow-maint/shadow/issues/336 + +------------------------------------------------------------------- Old: ---- README.changes-pwdutils shadow-4.1.5.1-logmsg.patch shadow-4.1.5.1-userdel-helpfix.patch shadow-4.8.1.tar.xz shadow-4.8.1.tar.xz.asc New: ---- libsubid-build-fix.patch shadow-4.9-sgent-free.patch shadow-4.9-useradd-subuid.patch shadow-4.9.tar.xz shadow-4.9.tar.xz.asc shadow-fix-sigabrt.patch shadow-libeconf-include.patch shadow-passwd-handle-null.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shadow.spec ++++++ --- /var/tmp/diff_new_pack.y3ZWGv/_old 2021-09-22 22:12:48.668315745 +0200 +++ /var/tmp/diff_new_pack.y3ZWGv/_new 2021-09-22 22:12:48.672315749 +0200 @@ -21,23 +21,21 @@ %else %define no_config 1 %endif - Name: shadow -Version: 4.8.1 +Version: 4.9 Release: 0 Summary: Utilities to Manage User and Group Accounts License: BSD-3-Clause AND GPL-2.0-or-later Group: System/Base URL: https://github.com/shadow-maint/shadow -Source: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz +Source: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz Source1: pamd.tar.bz2 -Source2: README.changes-pwdutils Source3: useradd.local Source4: userdel-pre.local Source5: userdel-post.local Source6: shadow.service Source7: shadow.timer -Source42: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc +Source42: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz.asc Source43: %{name}.keyring # SOURCE-FEATURE-SUSE shadow-login_defs-check.sh [email protected] -- Supplementary script that verifies coverage of variables in shadow-login_defs-unused-by-pam.patch and other patches. Source44: shadow-login_defs-check.sh @@ -53,40 +51,48 @@ Patch4: useradd-default.patch # PATCH-FEATURE-SUSE shadow-util-linux.patch [email protected] -- Add support for util-linux specific variables, delete shadow login, su runuser specific. Patch5: shadow-util-linux.patch -# PATCH-FEATURE-FEDORA shadow-4.1.5.1-userdel-helpfix.patch [email protected] -- Give a hint about what happens when you force the removal of a user. -Patch6: shadow-4.1.5.1-userdel-helpfix.patch -# PATCH-FIX-FEDORA shadow-4.1.5.1-logmsg.patch [email protected] -- Fix error message. -Patch7: shadow-4.1.5.1-logmsg.patch # PATCH-FEATURE-SUSE shadow-login_defs-comments.patch [email protected] -- Adjust login.defs comments. -Patch13: shadow-login_defs-comments.patch +Patch6: shadow-login_defs-comments.patch # PATCH-FEATURE-SUSE shadow-login_defs-suse.patch [email protected] -- Customize login.defs. -Patch14: shadow-login_defs-suse.patch +Patch7: shadow-login_defs-suse.patch # PATCH-FEATURE-SUSE Copy also skeleton files from /usr/etc/skel (boo#1173321) -Patch15: useradd-userkeleton.patch +Patch8: useradd-userkeleton.patch # PATCH-FIX-SUSE disable_new_audit_function.patch [email protected] -- Disable newer libaudit functionality for older distributions. -Patch20: disable_new_audit_function.patch +Patch9: disable_new_audit_function.patch +# PATCH-FIX-UPSTREAM libsubid-build-fix.patch [email protected] -- Fix build with libsubid (f4a84e, 537b8c, fa986b) +Patch10: libsubid-build-fix.patch +# PATCH-FIX-UPSTREAM shadow-libeconf-include.patch [email protected] -- Include libeconf to new*idmap (c68470) +Patch11: shadow-libeconf-include.patch +# PATCH-FIX-UPSTREAM shadow-fix-sigabrt.patch [email protected] -- Fix SIGABRT https://github.com/shadow-maint/shadow/issues/394 +Patch12: shadow-fix-sigabrt.patch +# PATCH-FIX-UPSTREAM shadow-passwd-handle-null.patch [email protected] -- Fix passwd NULL handling https://github.com/shadow-maint/shadow/pull/398 +Patch13: shadow-passwd-handle-null.patch +# PATCH-FIX-UPSTREAM shadow-4.9-sgent-free.patch [email protected] -- Fix double free (boo#1190145) +Patch14: shadow-4.9-sgent-free.patch +# PATCH-FIX-UPSTREAM shadow-4.9-useradd-subuid.patch [email protected] -- Fix generating empty subid range and undeclared subid_count (boo#1190146) +Patch15: shadow-4.9-useradd-subuid.patch BuildRequires: audit-devel > 2.3 BuildRequires: autoconf BuildRequires: automake BuildRequires: libacl-devel BuildRequires: libattr-devel -# It should be %%if %%{defined no_config}, but OBS cannot handle it: -%if 0%{?suse_version} >= 1550 -BuildRequires: libeconf-devel -%endif BuildRequires: libselinux-devel BuildRequires: libsemanage-devel BuildRequires: libtool BuildRequires: pam-devel BuildRequires: xz +Requires: login_defs >= %{version} Requires(pre): group(root) Requires(pre): group(shadow) Requires(pre): permissions Requires(pre): user(root) Provides: pwdutils = 3.2.20 Obsoletes: pwdutils <= 3.2.19 -Requires: login_defs >= %{version} Provides: useradd_or_adduser_dep +# It should be %%if %%{defined no_config}, but OBS cannot handle it: +%if 0%{?suse_version} >= 1550 +BuildRequires: libeconf-devel +%endif %description This package includes the necessary programs for converting plain @@ -94,21 +100,36 @@ group accounts. %package -n login_defs -Summary: login.defs configuration file -Group: System/Base -BuildArch: noarch +Summary: The login.defs configuration file # Virtual provides for supported variables in login.defs. # It prevents references to unknown variables. # Upgrade them only if shadow-util-linux.patch or # encryption_method_nis.patch has to be ported! # Call shadow-login_defs-check.sh before! +Group: System/Base Provides: login_defs-support-for-pam = 1.3.1 Provides: login_defs-support-for-util-linux = 2.36 +BuildArch: noarch %description -n login_defs This package contains the default login.defs configuration file as used by util-linux, pam and shadow. +%package -n libsubid3 +Summary: A library to manage subordinate uid and gid ranges +Group: System/Base + +%description -n libsubid3 +Utility library that provides a way to manage subid ranges. + +%package -n libsubid-devel +Summary: Development files for libsubid3 +Group: System/Base +Requires: libsubid3 = %{version} + +%description -n libsubid-devel +Development files for libsubid3. + %prep %setup -q -a 1 %patch0 @@ -119,12 +140,16 @@ %patch5 %patch6 %patch7 -%patch13 -%patch14 -%patch15 +%patch8 %if 0%{?suse_version} < 1330 -%patch20 -p1 +%patch9 -p1 %endif +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 mv -v doc/HOWTO.utf8 doc/HOWTO @@ -145,14 +170,15 @@ --with-nscd \ --with-selinux \ --without-libcrack \ - --disable-shared \ --with-group-name-max-length=32 \ --enable-vendordir=%{_distconfdir} -make %{?_smp_mflags} V=1 +%make_build +# --disable-shared \ currently doesn't build with this. See https://github.com/shadow-maint/shadow/issues/336 %install -cp %{SOURCE2} . %make_install gnulocaledir=%{buildroot}/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs +# Separate call to install man pages. See https://github.com/shadow-maint/shadow/issues/389 +%make_install -C man install-man # install useradd.local, userdel.local, ... install -m 0755 %{SOURCE3} %{buildroot}/%{_sbindir}/ @@ -221,6 +247,8 @@ rm -rf %{buildroot}%{_mandir}/{??,??_??} +rm %{buildroot}/%{_libdir}/libsubid.la + # Move /etc to /usr/etc if [ ! -d %{buildroot}%{_distconfdir} ]; then mkdir -p %{buildroot}%{_distconfdir} @@ -233,11 +261,11 @@ %pre %service_add_pre shadow.service shadow.timer for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do - test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i}.rpmsave.old ||: + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: done %pre -n login_defs -test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs.rpmsave.old ||: +test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpmsave %{_sysconfdir}/login.defs.rpmsave.old ||: %post %set_permissions %{_bindir}/chage @@ -273,7 +301,7 @@ %if %{defined no_config} # Migration to /usr/etc for i in pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do - test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||: + test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||: done %endif @@ -281,12 +309,14 @@ # rpmsave file can be created by # - change of owning package (SLE15 SP2->SP3, Leap 15.2->15.3) # - Migration to /usr/etc (after SLE15 and Leap 15) -test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs ||: +test -f %{_sysconfdir}/login.defs.rpmsave && mv -v %{_sysconfdir}/login.defs.rpmsave %{_sysconfdir}/login.defs ||: + +%post -n libsubid3 -p /sbin/ldconfig +%postun -n libsubid3 -p /sbin/ldconfig %files -f shadow.lang %license COPYING -%doc NEWS doc/HOWTO README README.changes-pwdutils -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/default/useradd +%doc NEWS doc/HOWTO README %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subuid %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subgid %if %{defined no_config} @@ -308,7 +338,6 @@ %config %{_sysconfdir}/pam.d/chfn %config %{_sysconfdir}/pam.d/chsh %config %{_sysconfdir}/pam.d/passwd -%config %{_sysconfdir}/pam.d/useradd %config %{_sysconfdir}/pam.d/chpasswd %config %{_sysconfdir}/pam.d/groupadd %config %{_sysconfdir}/pam.d/groupdel @@ -380,11 +409,19 @@ %files -n login_defs %if %{defined no_config} -%dir /etc/login.defs.d +%dir %{_sysconfdir}/login.defs.d %attr(0644,root,root) %{_distconfdir}/login.defs %else %attr(0644,root,root) %config %{_sysconfdir}/login.defs %endif %{_mandir}/man5/login.defs.5%{?ext_man} +%files -n libsubid3 +%{_libdir}/libsubid.so.* + +%files -n libsubid-devel +%dir %{_includedir}/shadow +%{_includedir}/shadow/subid.h +%{_libdir}/libsubid.so + %changelog ++++++ chkname-regex.patch ++++++ --- /var/tmp/diff_new_pack.y3ZWGv/_old 2021-09-22 22:12:48.704315775 +0200 +++ /var/tmp/diff_new_pack.y3ZWGv/_new 2021-09-22 22:12:48.704315775 +0200 @@ -2,23 +2,25 @@ =================================================================== --- etc/login.defs.orig +++ etc/login.defs -@@ -299,3 +299,11 @@ USERGROUPS_ENAB yes - # missing. +@@ -329,6 +329,13 @@ USERGROUPS_ENAB yes # #FORCE_SHADOW yes -+ -+# + +# User/group names must match the following regex expression. +# The default is [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\?, +# but be aware that the result could depend on the locale settings. +# +#CHARACTER_CLASS [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\? +CHARACTER_CLASS [ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\? ++ + # + # Allow newuidmap and newgidmap when running under an alternative + # primary group. Index: lib/getdef.c =================================================================== --- lib/getdef.c.orig +++ lib/getdef.c -@@ -80,6 +80,7 @@ struct itemdef { +@@ -91,6 +91,7 @@ struct itemdef { #define NUMDEFS (sizeof(def_table)/sizeof(def_table[0])) static struct itemdef def_table[] = { ++++++ libsubid-build-fix.patch ++++++ Fix build fails for libsubid (libtool: error: cannot find name of link library for '../libsubid/libsubid.la'). Consisting of following upstream commits: * f4a84efb468b8be21be124700ce35159c444e9d6 * 537b8cd90be7b47b45c45cfd27765ef85eb0ebf1 * fa986b1d73605ecca54a4f19249227aeab827bf6 Index: shadow-4.9/configure.ac =================================================================== --- shadow-4.9.orig/configure.ac +++ shadow-4.9/configure.ac @@ -321,6 +321,8 @@ if test "$with_sha_crypt" = "yes"; then AC_DEFINE(USE_SHA_CRYPT, 1, [Define to allow the SHA256 and SHA512 password encryption algorithms]) fi +AM_CONDITIONAL(ENABLE_SHARED, test "x$enable_shared" = "xyes") + AM_CONDITIONAL(USE_BCRYPT, test "x$with_bcrypt" = "xyes") if test "$with_bcrypt" = "yes"; then AC_DEFINE(USE_BCRYPT, 1, [Define to allow the bcrypt password encryption algorithm]) Index: shadow-4.9/lib/Makefile.am =================================================================== --- shadow-4.9.orig/lib/Makefile.am +++ shadow-4.9/lib/Makefile.am @@ -10,6 +10,8 @@ if HAVE_VENDORDIR libshadow_la_CPPFLAGS += -DVENDORDIR=\"$(VENDORDIR)\" endif +libshadow_la_CPPFLAGS += -I$(top_srcdir) + libshadow_la_SOURCES = \ commonio.c \ commonio.h \ Index: shadow-4.9/libmisc/Makefile.am =================================================================== --- shadow-4.9.orig/libmisc/Makefile.am +++ shadow-4.9/libmisc/Makefile.am @@ -1,7 +1,7 @@ EXTRA_DIST = .indent.pro xgetXXbyYY.c -AM_CPPFLAGS = -I$(top_srcdir)/lib $(ECONF_CPPFLAGS) +AM_CPPFLAGS = -I$(top_srcdir)/lib -I$(top_srcdir) $(ECONF_CPPFLAGS) noinst_LTLIBRARIES = libmisc.la Index: shadow-4.9/libsubid/Makefile.am =================================================================== --- shadow-4.9.orig/libsubid/Makefile.am +++ shadow-4.9/libsubid/Makefile.am @@ -1,6 +1,8 @@ lib_LTLIBRARIES = libsubid.la +if ENABLE_SHARED libsubid_la_LDFLAGS = -Wl,-soname,libsubid.so.@LIBSUBID_ABI@ \ -shared -version-info @LIBSUBID_ABI_MAJOR@ +endif libsubid_la_SOURCES = api.c pkginclude_HEADERS = subid.h @@ -16,11 +18,12 @@ MISCLIBS = \ $(LIBCRYPT) \ $(LIBACL) \ $(LIBATTR) \ - $(LIBTCB) + $(LIBTCB) \ + $(LIBPAM) libsubid_la_LIBADD = \ - $(top_srcdir)/lib/libshadow.la \ - $(top_srcdir)/libmisc/libmisc.la \ + $(top_builddir)/lib/libshadow.la \ + $(top_builddir)/libmisc/libmisc.la \ $(MISCLIBS) -ldl AM_CPPFLAGS = \ Index: shadow-4.9/src/Makefile.am =================================================================== --- shadow-4.9.orig/src/Makefile.am +++ shadow-4.9/src/Makefile.am @@ -10,6 +10,7 @@ sgidperms = 2755 AM_CPPFLAGS = \ -I${top_srcdir}/lib \ -I$(top_srcdir)/libmisc \ + -I$(top_srcdir) \ -DLOCALEDIR=\"$(datadir)/locale\" # XXX why are login and su in /bin anyway (other than for @@ -183,6 +184,7 @@ list_subid_ranges_LDADD = \ list_subid_ranges_CPPFLAGS = \ -I$(top_srcdir)/lib \ -I$(top_srcdir)/libmisc \ + -I$(top_srcdir) \ -I$(top_srcdir)/libsubid get_subid_owners_LDADD = \ @@ -194,11 +196,13 @@ get_subid_owners_LDADD = \ get_subid_owners_CPPFLAGS = \ -I$(top_srcdir)/lib \ -I$(top_srcdir)/libmisc \ + -I$(top_srcdir) \ -I$(top_srcdir)/libsubid new_subid_range_CPPFLAGS = \ -I$(top_srcdir)/lib \ -I$(top_srcdir)/libmisc \ + -I$(top_srcdir) \ -I$(top_srcdir)/libsubid new_subid_range_LDADD = \ @@ -210,6 +214,7 @@ new_subid_range_LDADD = \ free_subid_range_CPPFLAGS = \ -I$(top_srcdir)/lib \ -I$(top_srcdir)/libmisc \ + -I$(top_srcdir) \ -I$(top_srcdir)/libsubid free_subid_range_LDADD = \ @@ -220,6 +225,7 @@ free_subid_range_LDADD = \ check_subid_range_CPPFLAGS = \ -I$(top_srcdir)/lib \ + -I$(top_srcdir) \ -I$(top_srcdir)/libmisc check_subid_range_LDADD = \ ++++++ shadow-4.9-sgent-free.patch ++++++ Index: shadow-4.9/src/gpasswd.c =================================================================== --- shadow-4.9.orig/src/gpasswd.c +++ shadow-4.9/src/gpasswd.c @@ -1207,11 +1207,13 @@ int main (int argc, char **argv) sssd_flush_cache (SSSD_DB_GROUP); #ifdef SHADOWGRP - if (sgent.sg_adm) { - xfree(sgent.sg_adm); - } - if (sgent.sg_mem) { - xfree(sgent.sg_mem); + if(is_shadowgrp) { + if (sgent.sg_adm) { + xfree(sgent.sg_adm); + } + if (sgent.sg_mem) { + xfree(sgent.sg_mem); + } } #endif if (grent.gr_mem) { ++++++ shadow-4.9-useradd-subuid.patch ++++++ This patch contains: https://github.com/shadow-maint/shadow/commit/9dd720a28578eef5be8171697aae0906e4c53249#diff-9a7a2bfccabec64213bd054801b9efca8ad55636afbc49e0107714c0f8ffabbe and https://github.com/shadow-maint/shadow/commit/049b08481acc2040e2079ae06e64d0bb36326528# Index: shadow-4.9/src/useradd.c =================================================================== --- shadow-4.9.orig/src/useradd.c +++ shadow-4.9/src/useradd.c @@ -146,9 +146,7 @@ static bool is_sub_gid = false; static bool sub_uid_locked = false; static bool sub_gid_locked = false; static uid_t sub_uid_start; /* New subordinate uid range */ -static unsigned long sub_uid_count; static gid_t sub_gid_start; /* New subordinate gid range */ -static unsigned long sub_gid_count; #endif /* ENABLE_SUBIDS */ static bool pw_locked = false; static bool gr_locked = false; @@ -239,7 +237,7 @@ static void open_shadow (void); static void faillog_reset (uid_t); static void lastlog_reset (uid_t); static void tallylog_reset (const char *); -static void usr_update (void); +static void usr_update (unsigned long subuid_count, unsigned long subgid_count); static void create_home (void); static void create_mail (void); static void check_uid_range(int rflg, uid_t user_id); @@ -2118,7 +2116,7 @@ static void tallylog_reset (const char * * usr_update() creates the password file entries for this user * and will update the group entries if required. */ -static void usr_update (void) +static void usr_update (unsigned long subuid_count, unsigned long subgid_count) { struct passwd pwent; struct spwd spent; @@ -2181,14 +2179,14 @@ static void usr_update (void) } #ifdef ENABLE_SUBIDS if (is_sub_uid && - (sub_uid_add(user_name, sub_uid_start, sub_uid_count) == 0)) { + (sub_uid_add(user_name, sub_uid_start, subuid_count) == 0)) { fprintf (stderr, _("%s: failed to prepare the new %s entry\n"), Prog, sub_uid_dbname ()); fail_exit (E_SUB_UID_UPDATE); } if (is_sub_gid && - (sub_gid_add(user_name, sub_gid_start, sub_gid_count) == 0)) { + (sub_gid_add(user_name, sub_gid_start, subgid_count) == 0)) { fprintf (stderr, _("%s: failed to prepare the new %s entry\n"), Prog, sub_uid_dbname ()); @@ -2484,9 +2482,9 @@ int main (int argc, char **argv) #ifdef ENABLE_SUBIDS uid_t uid_min; uid_t uid_max; +#endif unsigned long subuid_count; unsigned long subgid_count; -#endif /* * Get my name so that I can use it to report errors. @@ -2688,16 +2686,16 @@ int main (int argc, char **argv) } #ifdef ENABLE_SUBIDS - if (is_sub_uid && sub_uid_count != 0) { - if (find_new_sub_uids(&sub_uid_start, &sub_uid_count) < 0) { + if (is_sub_uid && subuid_count != 0) { + if (find_new_sub_uids(&sub_uid_start, &subuid_count) < 0) { fprintf (stderr, _("%s: can't create subordinate user IDs\n"), Prog); fail_exit(E_SUB_UID_UPDATE); } } - if (is_sub_gid && sub_gid_count != 0) { - if (find_new_sub_gids(&sub_gid_start, &sub_gid_count) < 0) { + if (is_sub_gid && subgid_count != 0) { + if (find_new_sub_gids(&sub_gid_start, &subgid_count) < 0) { fprintf (stderr, _("%s: can't create subordinate group IDs\n"), Prog); @@ -2706,7 +2704,7 @@ int main (int argc, char **argv) } #endif /* ENABLE_SUBIDS */ - usr_update (); + usr_update (subuid_count, subgid_count); if (mflg) { create_home (); ++++++ shadow-4.8.1.tar.xz -> shadow-4.9.tar.xz ++++++ ++++ 95293 lines of diff (skipped) ++++++ shadow-fix-sigabrt.patch ++++++ Upstream commit 4624e9fca1b02b64e25e8b2280a0186182ab73ba To fix SIGABRT: https://github.com/shadow-maint/shadow/issues/394 Index: shadow-4.9/src/useradd.c =================================================================== --- shadow-4.9.orig/src/useradd.c +++ shadow-4.9/src/useradd.c @@ -420,7 +420,6 @@ static void get_defaults (void) } else { def_group = grp->gr_gid; def_gname = xstrdup (grp->gr_name); - gr_free(grp); } } ++++++ shadow-libeconf-include.patch ++++++ Include libeconf to newuidmap and newgidmap Upstream commit: c6847011e8b656adacd9a0d2a78418cad0de34cb Index: shadow-4.9/src/Makefile.am =================================================================== --- shadow-4.9.orig/src/Makefile.am +++ shadow-4.9/src/Makefile.am @@ -96,8 +96,8 @@ LIBCRYPT_NOPAM = $(LIBCRYPT) endif chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF) -newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl -newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) -ldl +newuidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl +newgidmap_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCAP) $(LIBECONF) -ldl chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) $(LIBECONF) chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) $(LIBECONF) ++++++ shadow-login_defs-check.sh ++++++ --- /var/tmp/diff_new_pack.y3ZWGv/_old 2021-09-22 22:12:49.552316480 +0200 +++ /var/tmp/diff_new_pack.y3ZWGv/_new 2021-09-22 22:12:49.556316484 +0200 @@ -66,13 +66,7 @@ # In case of shadow, variables extraction is more complicated. The list # depends on configure options, so we have to perform a fake build and # extract variables from prepreocessed sources. - patch <<EOF ---- shadow.spec -+++ shadow.spec -@@ -133,1 +133,1 @@ --make %{?_smp_mflags} V=1 -+make %{?_smp_mflags} V=1 -k CPPFLAGS="-E" -EOF + sed -i '/^%make_build/i\_smp_mpflags="%{?_smp_mpflags} -k CPPFLAGS=\\"-E\\""' shadow.spec fi osc build "$@" || : ++++++ shadow-login_defs-suse.patch ++++++ --- /var/tmp/diff_new_pack.y3ZWGv/_old 2021-09-22 22:12:49.564316490 +0200 +++ /var/tmp/diff_new_pack.y3ZWGv/_new 2021-09-22 22:12:49.568316494 +0200 @@ -14,7 +14,7 @@ # # Delay in seconds before being allowed another attempt after a login failure -@@ -62,8 +65,8 @@ CONSOLE /etc/securetty +@@ -52,8 +55,8 @@ CONSOLE /etc/securetty # If defined, ":" delimited list of "message of the day" files to # be displayed upon login. # @@ -25,7 +25,7 @@ # # If set to "yes", login stops display content specified by MOTD_FILE after -@@ -83,8 +85,8 @@ MOTD_FILE /etc/motd +@@ -73,8 +76,8 @@ MOTD_FILE /etc/motd # user's name or shell are found in the file. If not a full pathname, then # hushed mode will be enabled if the file exists in the user's home directory. # @@ -36,7 +36,7 @@ # If this variable is set to "yes", hostname will be suppressed in the # login: prompt. -@@ -103,9 +105,9 @@ HUSHLOGIN_FILE .hushlogin +@@ -93,9 +96,9 @@ HUSHLOGIN_FILE .hushlogin # ENV_SUPATH is an ENV_ROOTPATH override for su and runuser # (and falback for login). # @@ -49,7 +49,7 @@ # If this variable is set to "yes" (default is "no"), su will always set # path. every su call will overwrite the PATH variable. -@@ -115,7 +117,7 @@ ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/b +@@ -105,7 +108,7 @@ ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/b # The recommended value is "yes". The default "no" behavior could have # a security implication in applications that use commands without path. # @@ -58,7 +58,7 @@ # # Terminal permissions -@@ -129,7 +131,7 @@ ALWAYS_SET_PATH no +@@ -119,7 +122,7 @@ ALWAYS_SET_PATH no # set TTYPERM to either 622 or 600. # TTYGROUP tty @@ -67,7 +67,16 @@ # Default initial "umask" value used by login(1) on non-PAM enabled systems. # Default "umask" value for pam_umask(8) on PAM enabled systems. -@@ -167,8 +169,8 @@ PASS_WARN_AGE 7 +@@ -125,7 +128,7 @@ + # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new + # home directories. + # If HOME_MODE is not set, the value of UMASK is used to create the mode. +-#HOME_MODE 0700 ++HOME_MODE 0700 + + # + # Password aging controls: +@@ -157,8 +160,8 @@ PASS_WARN_AGE 7 UID_MIN 1000 UID_MAX 60000 # System accounts @@ -78,7 +87,7 @@ # Extra per user uids SUB_UID_MIN 100000 SUB_UID_MAX 600100000 -@@ -185,8 +187,8 @@ SUB_UID_COUNT 65536 +@@ -175,8 +178,8 @@ SUB_UID_COUNT 65536 GID_MIN 1000 GID_MAX 60000 # System accounts @@ -89,7 +98,7 @@ # Extra per user group ids SUB_GID_MIN 100000 SUB_GID_MAX 600100000 -@@ -195,7 +197,7 @@ SUB_GID_COUNT 65536 +@@ -185,7 +188,7 @@ SUB_GID_COUNT 65536 # # Max number of login(1) retries if password is bad # @@ -98,7 +107,7 @@ # # Max time in seconds for login(1) -@@ -211,18 +213,9 @@ LOGIN_TIMEOUT 60 +@@ -201,18 +204,9 @@ LOGIN_TIMEOUT 60 CHFN_RESTRICT rwh # @@ -119,7 +128,7 @@ # # If set to MD5, MD5-based algorithm will be used for encrypting password -@@ -235,7 +228,7 @@ CHFN_RESTRICT rwh +@@ -227,7 +221,7 @@ CHFN_RESTRICT rwh # Note: If you use PAM, it is recommended to use a value consistent with # the PAM modules configuration. # @@ -128,7 +137,7 @@ # # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. -@@ -311,7 +304,7 @@ USERDEL_POSTCMD /usr/sbin/userde +@@ -325,7 +319,7 @@ USERDEL_POSTCMD /usr/sbin/userde # # This also enables userdel(8) to remove user groups if no members exist. # @@ -137,19 +146,13 @@ # # If set to a non-zero number, the shadow utilities will make sure that -@@ -330,13 +323,13 @@ USERGROUPS_ENAB yes +@@ -344,7 +338,7 @@ USERGROUPS_ENAB yes # This option is overridden with the -M or -m flags on the useradd(8) # command-line. # -#CREATE_HOME yes -+CREATE_HOME no ++CREATE_HOME yes # # Force use shadow, even if shadow passwd & shadow group files are - # missing. - # --#FORCE_SHADOW yes -+FORCE_SHADOW no - - # - # User/group names must match the following regex expression. + ++++++ shadow-login_defs-unused-by-pam.patch ++++++ --- /var/tmp/diff_new_pack.y3ZWGv/_old 2021-09-22 22:12:49.576316500 +0200 +++ /var/tmp/diff_new_pack.y3ZWGv/_new 2021-09-22 22:12:49.576316500 +0200 @@ -149,7 +149,7 @@ # Default initial "umask" value used by login(1) on non-PAM enabled systems. # Default "umask" value for pam_umask(8) on PAM enabled systems. -@@ -206,28 +120,13 @@ UMASK 022 +@@ -211,28 +125,13 @@ UMASK 022 # # PASS_MAX_DAYS Maximum number of days a password may be used. # PASS_MIN_DAYS Minimum number of days allowed between password changes. @@ -178,7 +178,7 @@ # Min/max values for automatic uid selection in useradd(8) # UID_MIN 1000 -@@ -264,28 +163,6 @@ LOGIN_RETRIES 5 +@@ -269,28 +168,6 @@ LOGIN_RETRIES 5 LOGIN_TIMEOUT 60 # @@ -207,7 +207,7 @@ # Which fields may be changed by regular users using chfn(1) - use # any combination of letters "frwh" (full name, room number, work # phone, home phone). If not defined, no changes are allowed. -@@ -294,13 +171,6 @@ CHFN_AUTH yes +@@ -299,13 +176,6 @@ CHFN_AUTH yes CHFN_RESTRICT rwh # @@ -221,8 +221,8 @@ # Only works if compiled with MD5_CRYPT defined: # If set to "yes", new passwords will be encrypted using the MD5-based # algorithm compatible with the one used by recent releases of FreeBSD. -@@ -361,29 +231,12 @@ CHFN_RESTRICT rwh - #BCRYPT_MAX_ROUNDS 13 +@@ -382,17 +252,6 @@ CHFN_RESTRICT rwh + #YESCRYPT_COST_FACTOR 5 # -# List of groups to add to the user's supplementary group set @@ -239,7 +239,8 @@ # Should login be allowed if we can't cd to the home directory? # Default is no. # - DEFAULT_HOME yes +@@ -407,12 +266,6 @@ DEFAULT_HOME yes + NONEXISTENT /nonexistent # -# If this file exists and is readable, login environment will be ++++++ shadow-passwd-handle-null.patch ++++++ Upstream commit: adb83f779618674e5e96e27e3d48559d62e2c410 To fix: https://github.com/shadow-maint/shadow/pull/398 Index: shadow-4.9/src/passwd.c =================================================================== --- shadow-4.9.orig/src/passwd.c +++ shadow-4.9/src/passwd.c @@ -490,9 +490,12 @@ static void print_status (const struct p ((long long)sp->sp_max * SCALE) / DAY, ((long long)sp->sp_warn * SCALE) / DAY, ((long long)sp->sp_inact * SCALE) / DAY); - } else { + } else if (NULL != pw->pw_passwd) { (void) printf ("%s %s\n", - pw->pw_name, pw_status (pw->pw_passwd)); + pw->pw_name, pw_status (pw->pw_passwd)); + } else { + (void) fprintf(stderr, _("%s: malformed password data obtained for user %s\n"), + Prog, pw->pw_name); } } ++++++ shadow-util-linux.patch ++++++ --- /var/tmp/diff_new_pack.y3ZWGv/_old 2021-09-22 22:12:49.592316514 +0200 +++ /var/tmp/diff_new_pack.y3ZWGv/_new 2021-09-22 22:12:49.592316514 +0200 @@ -113,7 +113,7 @@ =================================================================== --- lib/getdef.c.orig +++ lib/getdef.c -@@ -66,6 +66,7 @@ struct itemdef { +@@ -67,6 +67,7 @@ struct itemdef { {"LOGIN_STRING", NULL}, \ {"MAIL_CHECK_ENAB", NULL}, \ {"MOTD_FILE", NULL}, \ @@ -121,7 +121,7 @@ {"NOLOGINS_FILE", NULL}, \ {"OBSCURE_CHECKS_ENAB", NULL}, \ {"PASS_ALWAYS_WARN", NULL}, \ -@@ -80,6 +81,7 @@ struct itemdef { +@@ -91,6 +92,7 @@ struct itemdef { #define NUMDEFS (sizeof(def_table)/sizeof(def_table[0])) static struct itemdef def_table[] = { @@ -129,7 +129,7 @@ {"CHARACTER_CLASS", NULL}, {"CHFN_RESTRICT", NULL}, {"CONSOLE_GROUPS", NULL}, -@@ -88,6 +90,7 @@ static struct itemdef def_table[] = { +@@ -99,6 +101,7 @@ static struct itemdef def_table[] = { {"DEFAULT_HOME", NULL}, {"ENCRYPT_METHOD", NULL}, {"ENV_PATH", NULL}, @@ -137,7 +137,7 @@ {"ENV_SUPATH", NULL}, {"ERASECHAR", NULL}, {"FAIL_DELAY", NULL}, -@@ -99,6 +102,7 @@ static struct itemdef def_table[] = { +@@ -110,6 +113,7 @@ static struct itemdef def_table[] = { {"KILLCHAR", NULL}, {"LASTLOG_UID_MAX", NULL}, {"LOGIN_RETRIES", NULL}, ++++++ useradd-default.patch ++++++ --- /var/tmp/diff_new_pack.y3ZWGv/_old 2021-09-22 22:12:49.636316550 +0200 +++ /var/tmp/diff_new_pack.y3ZWGv/_new 2021-09-22 22:12:49.636316550 +0200 @@ -1,9 +1,13 @@ ---- etc/useradd -+++ etc/useradd -@@ -1,5 +1,5 @@ - # useradd defaults file --GROUP=1000 -+GROUP=100 - HOME=/home - INACTIVE=-1 - EXPIRE= +Index: src/useradd.c +=================================================================== +--- src/useradd.c.orig ++++ src/useradd.c +@@ -101,7 +101,7 @@ FILE *shadow_logfd = NULL; + /* + * These defaults are used if there is no defaults file. + */ +-static gid_t def_group = 1000; ++static gid_t def_group = 100; + static const char *def_gname = "other"; + static const char *def_home = "/home"; + static const char *def_shell = "/bin/bash"; ++++++ useradd-script.patch ++++++ --- /var/tmp/diff_new_pack.y3ZWGv/_old 2021-09-22 22:12:49.648316560 +0200 +++ /var/tmp/diff_new_pack.y3ZWGv/_new 2021-09-22 22:12:49.648316560 +0200 @@ -4,10 +4,12 @@ src/useradd.c | 41 ++++++++++++++++++++++++++++++++++++++++- 3 files changed, 48 insertions(+), 1 deletion(-) ---- etc/login.defs -+++ etc/login.defs 2020-10-30 12:54:38.117849829 +0000 -@@ -242,6 +242,13 @@ CHFN_RESTRICT rwh - DEFAULT_HOME yes +Index: etc/login.defs +=================================================================== +--- etc/login.defs.orig ++++ etc/login.defs +@@ -266,6 +266,13 @@ DEFAULT_HOME yes + NONEXISTENT /nonexistent # +# If defined, this command is run when adding a user. @@ -20,9 +22,11 @@ # If defined, this command is run when removing a user. # It should remove any at/cron/print jobs etc. owned by # the user to be removed (passed as the first argument). ---- lib/getdef.c -+++ lib/getdef.c 2020-10-30 12:54:38.117849829 +0000 -@@ -134,6 +134,7 @@ static struct itemdef def_table[] = { +Index: lib/getdef.c +=================================================================== +--- lib/getdef.c.orig ++++ lib/getdef.c +@@ -149,6 +149,7 @@ static struct itemdef def_table[] = { {"UID_MAX", NULL}, {"UID_MIN", NULL}, {"UMASK", NULL}, @@ -30,11 +34,13 @@ {"USERDEL_CMD", NULL}, {"USERDEL_PRECMD", NULL}, {"USERDEL_POSTCMD", NULL}, ---- src/useradd.c -+++ src/useradd.c 2020-10-30 13:08:17.378336989 +0000 -@@ -2238,6 +2238,44 @@ static void create_mail (void) - } +Index: src/useradd.c +=================================================================== +--- src/useradd.c.orig ++++ src/useradd.c +@@ -2398,6 +2398,44 @@ static void check_uid_range(int rflg, ui + } /* + * call_script - call a script to do some work + * @@ -77,7 +83,7 @@ * main - useradd command */ int main (int argc, char **argv) -@@ -2514,6 +2552,7 @@ int main (int argc, char **argv) +@@ -2691,6 +2729,7 @@ int main (int argc, char **argv) nscd_flush_cache ("group"); sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP); ++++++ useradd-userkeleton.patch ++++++ --- /var/tmp/diff_new_pack.y3ZWGv/_old 2021-09-22 22:12:49.656316566 +0200 +++ /var/tmp/diff_new_pack.y3ZWGv/_new 2021-09-22 22:12:49.656316566 +0200 @@ -5,21 +5,11 @@ src/useradd.c | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) -Index: etc/useradd -=================================================================== ---- etc/useradd.orig -+++ etc/useradd -@@ -5,4 +5,5 @@ INACTIVE=-1 - EXPIRE= - SHELL=/bin/bash - SKEL=/etc/skel -+USRSKEL=/usr/etc/skel - CREATE_MAIL_SPOOL=yes Index: src/useradd.c =================================================================== --- src/useradd.c.orig +++ src/useradd.c -@@ -78,6 +78,9 @@ +@@ -82,6 +82,9 @@ #ifndef SKEL_DIR #define SKEL_DIR "/etc/skel" #endif @@ -29,15 +19,15 @@ #ifndef USER_DEFAULTS_FILE #define USER_DEFAULTS_FILE "/etc/default/useradd" #define NEW_USER_FILE "/etc/default/nuaddXXXXXX" -@@ -101,6 +104,7 @@ static const char *def_gname = "other"; +@@ -106,6 +109,7 @@ static const char *def_gname = "other"; static const char *def_home = "/home"; - static const char *def_shell = ""; + static const char *def_shell = "/bin/bash"; static const char *def_template = SKEL_DIR; +static const char *def_usrtemplate = USRSKELDIR; - static const char *def_create_mail_spool = "no"; + static const char *def_create_mail_spool = "yes"; static long def_inactive = -1; -@@ -202,6 +206,7 @@ static bool home_added = false; +@@ -208,6 +212,7 @@ static bool home_added = false; #define DINACT "INACTIVE=" #define DEXPIRE "EXPIRE=" #define DSKEL "SKEL=" @@ -45,7 +35,7 @@ #define DCREATE_MAIL_SPOOL "CREATE_MAIL_SPOOL=" /* local function prototypes */ -@@ -469,6 +474,29 @@ static void get_defaults (void) +@@ -481,6 +486,29 @@ static void get_defaults (void) } /* @@ -75,7 +65,7 @@ * Create by default user mail spool or not ? */ else if (MATCH (buf, DCREATE_MAIL_SPOOL)) { -@@ -500,6 +528,7 @@ static void show_defaults (void) +@@ -512,6 +540,7 @@ static void show_defaults (void) printf ("EXPIRE=%s\n", def_expire); printf ("SHELL=%s\n", def_shell); printf ("SKEL=%s\n", def_template); @@ -83,7 +73,7 @@ printf ("CREATE_MAIL_SPOOL=%s\n", def_create_mail_spool); } -@@ -526,6 +555,7 @@ static int set_defaults (void) +@@ -538,6 +567,7 @@ static int set_defaults (void) bool out_expire = false; bool out_shell = false; bool out_skel = false; @@ -91,7 +81,7 @@ bool out_create_mail_spool = false; size_t len; int ret = -1; -@@ -620,6 +650,9 @@ static int set_defaults (void) +@@ -632,6 +662,9 @@ static int set_defaults (void) } else if (!out_skel && MATCH (buf, DSKEL)) { fprintf (ofp, DSKEL "%s\n", def_template); out_skel = true; @@ -101,7 +91,7 @@ } else if (!out_create_mail_spool && MATCH (buf, DCREATE_MAIL_SPOOL)) { fprintf (ofp, -@@ -649,6 +682,8 @@ static int set_defaults (void) +@@ -661,6 +694,8 @@ static int set_defaults (void) fprintf (ofp, DSHELL "%s\n", def_shell); if (!out_skel) fprintf (ofp, DSKEL "%s\n", def_template); @@ -110,7 +100,7 @@ if (!out_create_mail_spool) fprintf (ofp, DCREATE_MAIL_SPOOL "%s\n", def_create_mail_spool); -@@ -2507,6 +2542,8 @@ int main (int argc, char **argv) +@@ -2679,6 +2714,8 @@ int main (int argc, char **argv) if (home_added) { copy_tree (def_template, prefix_user_home, false, false, (uid_t)-1, user_id, (gid_t)-1, user_gid); ++++++ userdel-script.patch ++++++ --- /var/tmp/diff_new_pack.y3ZWGv/_old 2021-09-22 22:12:49.680316587 +0200 +++ /var/tmp/diff_new_pack.y3ZWGv/_new 2021-09-22 22:12:49.680316587 +0200 @@ -2,7 +2,7 @@ =================================================================== --- lib/getdef.c.orig +++ lib/getdef.c -@@ -127,6 +127,8 @@ static struct itemdef def_table[] = { +@@ -150,6 +150,8 @@ static struct itemdef def_table[] = { {"UID_MIN", NULL}, {"UMASK", NULL}, {"USERDEL_CMD", NULL}, @@ -15,7 +15,7 @@ =================================================================== --- etc/login.defs.orig +++ etc/login.defs -@@ -216,9 +216,25 @@ DEFAULT_HOME yes +@@ -270,9 +270,25 @@ NONEXISTENT /nonexistent # It should remove any at/cron/print jobs etc. owned by # the user to be removed (passed as the first argument). # @@ -45,7 +45,7 @@ =================================================================== --- src/userdel.c.orig +++ src/userdel.c -@@ -126,7 +126,7 @@ static void close_files (void); +@@ -131,7 +131,7 @@ static void close_files (void); static void fail_exit (int); static void open_files (void); static void update_user (void); @@ -54,7 +54,7 @@ #ifdef EXTRA_CHECK_HOME_DIR static bool path_prefix (const char *, const char *); -@@ -768,13 +768,13 @@ static void update_user (void) +@@ -774,13 +774,13 @@ static void update_user (void) * cron, at, or print jobs. */ @@ -70,7 +70,7 @@ if (NULL == cmd) { return; } -@@ -1214,9 +1214,10 @@ int main (int argc, char **argv) +@@ -1225,9 +1225,10 @@ int main (int argc, char **argv) } /* @@ -83,7 +83,7 @@ open_files (); update_user (); update_groups (); -@@ -1337,7 +1338,7 @@ int main (int argc, char **argv) +@@ -1348,7 +1349,7 @@ int main (int argc, char **argv) * the entry from /etc/passwd. */ if(prefix[0] == '\0') @@ -91,8 +91,8 @@ + call_script ("USERDEL_CMD", user_name); close_files (); - #ifdef WITH_TCB -@@ -1348,6 +1349,9 @@ int main (int argc, char **argv) + if (run_parts ("/etc/shadow-maint/userdel-post.d", user_name, "userdel")) { +@@ -1363,6 +1364,9 @@ int main (int argc, char **argv) nscd_flush_cache ("group"); sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
