Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2017-06-02 10:29:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shadow" Fri Jun 2 10:29:42 2017 rev:19 rq:497756 version:4.5 Changes: -------- --- /work/SRC/openSUSE:Factory/shadow/shadow.changes 2017-03-05 17:48:34.322870500 +0100 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2017-06-02 10:29:47.441930336 +0200 @@ -1,0 +2,26 @@ +Mon May 22 13:31:25 UTC 2017 - adam.ma...@suse.de + +- New upstream version 4.5 +- Refreshed patches: + * shadow-login_defs.patch + * chkname-regex.patch + * getdef-new-defs.patch + * useradd-mkdirs.patch +- Upstreamed patches: + * shadow-4.1.5.1-manfix.patch + * shadow-4.1.5.1-errmsg.patch + * shadow-4.1.5.1-backup-mode.patch + * shadow-4.1.5.1-audit-owner.patch + * shadow-4.2.1-defs-chroot.patch + * shadow-4.2.1-merge-group.patch + * Fix-user-busy-errors-at-userdel.patch + * useradd-clear-tallylog.patch +- shadow-4.1.5.1-pam_group.patch + dynamically added users via pam_group are not listed in groups + databases but are still valid +- shadow.keyring: update keyring with current maintainer's keyid + only - Serge Hallyn 'F1D08DB778185BF784002DFFE9FEEA06A85E3F9D' +- disable_new_audit_function.patch: + Disable newer libaudit functionality for older distributions + +------------------------------------------------------------------- Old: ---- Fix-user-busy-errors-at-userdel.patch shadow-4.1.5.1-audit-owner.patch shadow-4.1.5.1-backup-mode.patch shadow-4.1.5.1-errmsg.patch shadow-4.1.5.1-manfix.patch shadow-4.2.1-defs-chroot.patch shadow-4.2.1-merge-group.patch shadow-4.2.1.tar.xz shadow-4.2.1.tar.xz.sig useradd-clear-tallylog.patch New: ---- disable_new_audit_function.patch shadow-4.1.5.1-pam_group.patch shadow-4.5.tar.xz shadow-4.5.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shadow.spec ++++++ --- /var/tmp/diff_new_pack.hlWUo4/_old 2017-06-02 10:29:48.369799229 +0200 +++ /var/tmp/diff_new_pack.hlWUo4/_new 2017-06-02 10:29:48.373798663 +0200 @@ -1,7 +1,7 @@ # # spec file for package shadow # -# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,11 +20,11 @@ License: BSD-3-Clause and GPL-2.0+ Group: System/Base Name: shadow -Version: 4.2.1 +Version: 4.5 Release: 0 -Url: http://pkg-shadow.alioth.debian.org/ -Source: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz -Source42: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz.sig +Url: https://github.com/shadow-maint/shadow +Source: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz +Source42: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc Source43: %name.keyring Source1: pamd.tar.bz2 Source2: README.changes-pwdutils @@ -39,26 +39,21 @@ Patch3: chkname-regex.patch Patch4: useradd-default.patch Patch5: getdef-new-defs.patch -Patch6: shadow-4.1.5.1-manfix.patch +Patch6: shadow-4.1.5.1-userdel-helpfix.patch Patch7: shadow-4.1.5.1-logmsg.patch -Patch8: shadow-4.1.5.1-errmsg.patch -Patch9: shadow-4.1.5.1-backup-mode.patch Patch10: encryption_method_nis.patch Patch11: useradd-mkdirs.patch -Patch12: shadow-4.1.5.1-audit-owner.patch -Patch13: shadow-4.1.5.1-userdel-helpfix.patch -Patch14: shadow-4.2.1-defs-chroot.patch -Patch15: shadow-4.2.1-merge-group.patch -Patch16: Fix-user-busy-errors-at-userdel.patch -Patch17: useradd-clear-tallylog.patch +Patch18: shadow-4.1.5.1-pam_group.patch +Patch20: disable_new_audit_function.patch Requires: aaa_base -BuildRequires: audit-devel +BuildRequires: audit-devel > 2.3 BuildRequires: libacl-devel BuildRequires: libattr-devel BuildRequires: libselinux-devel BuildRequires: libsemanage-devel BuildRequires: pam-devel +BuildRequires: xz BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: permissions Provides: pwdutils = 3.2.20 @@ -79,16 +74,12 @@ %patch5 -p0 %patch6 -p0 %patch7 -p0 -%patch8 -p0 -%patch9 -p0 %patch10 -p0 %patch11 -p0 -%patch12 -p0 -%patch13 -p0 -%patch14 -p0 -%patch15 -p0 -%patch16 -p0 -%patch17 -p1 +%patch18 -p1 +%if 0%{?suse_version} < 1330 +%patch20 -p1 +%endif iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 mv -v doc/HOWTO.utf8 doc/HOWTO ++++++ chkname-regex.patch ++++++ --- /var/tmp/diff_new_pack.hlWUo4/_old 2017-06-02 10:29:48.425791316 +0200 +++ /var/tmp/diff_new_pack.hlWUo4/_new 2017-06-02 10:29:48.425791316 +0200 @@ -1,6 +1,8 @@ ---- lib/getdef.c +Index: lib/getdef.c +=================================================================== +--- lib/getdef.c.orig +++ lib/getdef.c -@@ -51,6 +51,7 @@ struct itemdef { +@@ -77,6 +77,7 @@ struct itemdef { #define NUMDEFS (sizeof(def_table)/sizeof(def_table[0])) static struct itemdef def_table[] = { @@ -8,7 +10,9 @@ {"CHFN_RESTRICT", NULL}, {"CONSOLE_GROUPS", NULL}, {"CONSOLE", NULL}, ---- libmisc/chkname.c +Index: libmisc/chkname.c +=================================================================== +--- libmisc/chkname.c.orig +++ libmisc/chkname.c @@ -43,30 +43,57 @@ #ident "$Id$" @@ -81,3 +85,4 @@ + regfree(®); return true; } + ++++++ disable_new_audit_function.patch ++++++ Index: shadow-4.5/src/lastlog.c =================================================================== --- shadow-4.5.orig/src/lastlog.c +++ shadow-4.5/src/lastlog.c @@ -221,12 +221,15 @@ static void update_one (/*@null@*/const strcpy (ll.ll_host, "localhost"); #endif strcpy (ll.ll_line, "lastlog"); +/* #ifdef WITH_AUDIT audit_logger (AUDIT_ACCT_UNLOCK, Prog, "clearing-lastlog", pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS); #endif +*/ } +/* #ifdef WITH_AUDIT else { audit_logger (AUDIT_ACCT_UNLOCK, Prog, @@ -234,6 +237,7 @@ static void update_one (/*@null@*/const pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS); } #endif +*/ if (fwrite (&ll, sizeof(ll), 1, lastlogfile) != 1) { fprintf (stderr, ++++++ getdef-new-defs.patch ++++++ --- /var/tmp/diff_new_pack.hlWUo4/_old 2017-06-02 10:29:48.437789621 +0200 +++ /var/tmp/diff_new_pack.hlWUo4/_new 2017-06-02 10:29:48.437789621 +0200 @@ -1,6 +1,8 @@ ---- lib/getdef.c +Index: lib/getdef.c +=================================================================== +--- lib/getdef.c.orig +++ lib/getdef.c -@@ -65,6 +65,7 @@ static struct itemdef def_table[] = { +@@ -91,6 +91,7 @@ static struct itemdef def_table[] = { {"FAKE_SHELL", NULL}, {"GID_MAX", NULL}, {"GID_MIN", NULL}, @@ -8,7 +10,7 @@ {"HUSHLOGIN_FILE", NULL}, {"KILLCHAR", NULL}, {"LOGIN_RETRIES", NULL}, -@@ -100,7 +101,10 @@ static struct itemdef def_table[] = { +@@ -126,7 +127,10 @@ static struct itemdef def_table[] = { {"UID_MAX", NULL}, {"UID_MIN", NULL}, {"UMASK", NULL}, @@ -18,10 +20,10 @@ + {"USERDEL_POSTCMD", NULL}, {"USERGROUPS_ENAB", NULL}, #ifndef USE_PAM - {"CHFN_AUTH", NULL}, -@@ -136,6 +140,10 @@ static struct itemdef def_table[] = { - {"TCB_SYMLINKS", NULL}, - {"USE_TCB", NULL}, + PAMDEFS +@@ -149,6 +153,10 @@ static struct itemdef knowndef_table[] = + #ifdef USE_PAM + PAMDEFS #endif + /* Used by /bin/login */ + {"MOTD_FILE", NULL}, ++++++ shadow-4.1.5.1-pam_group.patch ++++++ Date: Thu Apr 6 16:04:17 CEST 2017 Bug: bnc#1031643 Upstream: https://github.com/shadow-maint/shadow/pull/74 dynamically added users via pam_group are not listed in groups databases but are still valid. Index: shadow-4.1.5.1/src/newgrp.c =================================================================== --- shadow-4.1.5.1.orig/src/newgrp.c +++ shadow-4.1.5.1/src/newgrp.c @@ -372,6 +372,7 @@ int main (int argc, char **argv) { bool initflag = false; int i; + bool is_member = false; bool cflag = false; int err = 0; gid_t gid; @@ -610,6 +611,18 @@ int main (int argc, char **argv) goto failure; } +#ifdef HAVE_SETGROUPS + /* when using pam_group, she will not be listed in the groups + * database. However getgroups() will return the group. So + * if she is listed there already it is ok to grant membership. + */ + for (i = 0; i < ngroups; i++) { + if (grp->gr_gid == grouplist[i]) { + is_member = true; + break; + } + } +#endif /* HAVE_SETGROUPS */ /* * For splitted groups (due to limitations of NIS), check all * groups of the same GID like the requested group for @@ -638,7 +651,9 @@ int main (int argc, char **argv) /* * Check if the user is allowed to access this group. */ - check_perms (grp, pwd, group); + if (!is_member) { + check_perms (grp, pwd, group); + } /* * all successful validations pass through this point. The group id ++++++ shadow-4.2.1.tar.xz -> shadow-4.5.tar.xz ++++++ ++++ 83483 lines of diff (skipped) ++++++ shadow-login_defs.patch ++++++ --- /var/tmp/diff_new_pack.hlWUo4/_old 2017-06-02 10:29:49.313665861 +0200 +++ /var/tmp/diff_new_pack.hlWUo4/_new 2017-06-02 10:29:49.313665861 +0200 @@ -1,4 +1,6 @@ ---- etc/login.defs +Index: etc/login.defs +=================================================================== +--- etc/login.defs.orig +++ etc/login.defs @@ -1,8 +1,5 @@ # @@ -333,12 +335,19 @@ # # If set to a non-zero number, the shadow utilities will make sure that -@@ -391,5 +255,40 @@ USERGROUPS_ENAB yes +@@ -391,10 +255,47 @@ USERGROUPS_ENAB yes # This option is overridden with the -M or -m flags on the useradd(8) # command-line. # -#CREATE_HOME yes +CREATE_HOME no + + # + # Force use shadow, even if shadow passwd & shadow group files are + # missing. + # +-#FORCE_SHADOW yes ++FORCE_SHADOW no + +# +# User/group names must match the following regex expression. @@ -347,7 +356,7 @@ +# +#CHARACTER_CLASS [A-Za-z_][A-Za-z0-9_.-]*[A-Za-z0-9_.$-]\? +CHARACTER_CLASS [ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz_][ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.-]*[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_.$-]\? - ++ +# +# If defined, this command is run when adding a group. +# It should rebuild any NIS database etc. to add the @@ -375,3 +384,4 @@ +# account from it. +# +USERDEL_POSTCMD /usr/sbin/userdel-post.local ++ ++++++ shadow.keyring ++++++ ++++ 24407 lines (skipped) ++++ between shadow.keyring ++++ and /work/SRC/openSUSE:Factory/.shadow.new/shadow.keyring ++++++ useradd-mkdirs.patch ++++++ --- /var/tmp/diff_new_pack.hlWUo4/_old 2017-06-02 10:29:49.397653993 +0200 +++ /var/tmp/diff_new_pack.hlWUo4/_new 2017-06-02 10:29:49.397653993 +0200 @@ -1,6 +1,8 @@ ---- src/useradd.c +Index: src/useradd.c +=================================================================== +--- src/useradd.c.orig +++ src/useradd.c -@@ -1894,6 +1894,13 @@ static void usr_update (void) +@@ -1943,6 +1943,13 @@ static void usr_update (void) static void create_home (void) { if (access (user_home, F_OK) != 0) { @@ -13,8 +15,8 @@ + #ifdef WITH_SELINUX if (set_selinux_file_context (user_home) != 0) { - fprintf (stderr, -@@ -1902,19 +1909,42 @@ static void create_home (void) + fprintf (stderr, +@@ -1951,19 +1958,42 @@ static void create_home (void) fail_exit (E_HOMEDIR); } #endif