Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2020-01-25 13:22:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new.26092 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shadow" Sat Jan 25 13:22:40 2020 rev:36 rq:765745 version:4.8 Changes: -------- --- /work/SRC/openSUSE:Factory/shadow/shadow.changes 2019-10-22 15:36:46.617125426 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new.26092/shadow.changes 2020-01-25 13:22:44.679999340 +0100 @@ -1,0 +2,44 @@ +Mon Jan 20 10:36:20 UTC 2020 - Michael Vetter <[email protected]> + +- Set 0755 for chpasswd, groupadd, groupdel, groupmod, newusers, + useradd, userdel, usermod explicitly. + +------------------------------------------------------------------- +Thu Jan 16 12:54:39 UTC 2020 - Michael Vetter <[email protected]> + +- bsc#1160729: Make valid shell check only a warning + * Add shadow-4.8-shell-check.patch + +------------------------------------------------------------------- +Tue Dec 17 12:43:01 UTC 2019 - Michael Vetter <[email protected]> + +- Update to 4.8: + * Initial optional bcrypt support. + * Make build/install of 'su' optional. + * Fix for vipw not resuming correctly when suspended + * Sync password field descriptions in manpages + * Check for valid shell argument in useradd + * Allow translation of new strings through POTFILES.in + * Migrate to itstool for translations + * Migrate to new SELinux api + * Support --enable-vendordir + * pwck: Only check homedir if set and not a system user + * Support nonstandard usernames + * sget{pw,gr}ent: check for data at EOL + * Add YYY-MM-DD support in chage + * Fix failing chmod calls for suidubins + * Fix --sbindir and --bindir for binary installations + * Fix LASTLOG_UID_MAX in login.defs + * Fix configure error with dash +- Remove because upstreamed: + * libeconf.patch + * shadow-usermod-variable.patch +- Rebase: + * shadow-login_defs-unused-by-pam.patch + * chkname-regex.patch + * shadow-util-linux.patch + * shadow-login_defs-comments.patch +- Add shadow-4.8-selinux-include.patch + See https://github.com/shadow-maint/shadow/pull/200 + +------------------------------------------------------------------- Old: ---- libeconf.patch shadow-4.7.tar.xz shadow-4.7.tar.xz.asc shadow-usermod-variable.patch New: ---- shadow-4.8-selinux-include.patch shadow-4.8-shell-check.patch shadow-4.8.tar.xz shadow-4.8.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shadow.spec ++++++ --- /var/tmp/diff_new_pack.6mRroD/_old 2020-01-25 13:22:46.656000205 +0100 +++ /var/tmp/diff_new_pack.6mRroD/_new 2020-01-25 13:22:46.656000205 +0100 @@ -1,7 +1,7 @@ # # spec file for package shadow # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -23,7 +23,7 @@ %endif Name: shadow -Version: 4.7 +Version: 4.8 Release: 0 Summary: Utilities to Manage User and Group Accounts License: BSD-3-Clause AND GPL-2.0-or-later @@ -61,12 +61,12 @@ Patch13: shadow-login_defs-comments.patch # PATCH-FEATURE-SUSE shadow-login_defs-suse.patch [email protected] -- Customize login.defs. Patch14: shadow-login_defs-suse.patch +# PATCH-FIX-UPSTREAM shadow-4.8-selinux-include.patch [email protected] -- https://github.com/shadow-maint/shadow/pull/200 +Patch15: shadow-4.8-selinux-include.patch +# PATCH-FEATURE [email protected] -- bsc#1160729 https://github.com/shadow-maint/shadow/pull/210 +Patch16: shadow-4.8-shell-check.patch # PATCH-FIX-SUSE disable_new_audit_function.patch [email protected] -- Disable newer libaudit functionality for older distributions. Patch20: disable_new_audit_function.patch -# PATCH-FIX-UPSTREAM shadow-usermod-variable.patch https://github.com/shadow-maint/shadow/pull/170 [email protected] -- Fix variable name. -Patch21: shadow-usermod-variable.patch -# PATCH-FEATURE-UPSTREAM libeconf.patch https://github.com/shadow-maint/shadow/pull/180 [email protected] -- Add support for a vendor directory and libeconf -Patch22: libeconf.patch BuildRequires: audit-devel > 2.3 BuildRequires: autoconf BuildRequires: automake @@ -110,11 +110,11 @@ %patch7 %patch13 %patch14 +%patch15 -p1 +%patch16 -p1 %if 0%{?suse_version} < 1330 %patch20 -p1 %endif -%patch21 -p1 -%patch22 -p1 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 mv -v doc/HOWTO.utf8 doc/HOWTO @@ -312,18 +312,18 @@ %verify(not mode) %attr(4755,root,shadow) %{_bindir}/newuidmap %{_bindir}/lastlog %{_bindir}/sg -%{_sbindir}/groupadd -%{_sbindir}/groupdel -%{_sbindir}/groupmod +%attr(0755,root,root) %{_sbindir}/groupadd +%attr(0755,root,root) %{_sbindir}/groupdel +%attr(0755,root,root) %{_sbindir}/groupmod %{_sbindir}/grpck %{_sbindir}/pwck -%{_sbindir}/useradd -%{_sbindir}/userdel -%{_sbindir}/usermod +%attr(0755,root,root) %{_sbindir}/useradd +%attr(0755,root,root) %{_sbindir}/userdel +%attr(0755,root,root) %{_sbindir}/usermod %{_sbindir}/pwconv %{_sbindir}/pwunconv -%{_sbindir}/chpasswd -%{_sbindir}/newusers +%attr(0755,root,root) %{_sbindir}/chpasswd +%attr(0755,root,root) %{_sbindir}/newusers %{_sbindir}/vipw %{_sbindir}/vigr %verify(not md5 size mtime) %config(noreplace) %{_sbindir}/useradd.local ++++++ chkname-regex.patch ++++++ --- /var/tmp/diff_new_pack.6mRroD/_old 2020-01-25 13:22:46.696000223 +0100 +++ /var/tmp/diff_new_pack.6mRroD/_new 2020-01-25 13:22:46.696000223 +0100 @@ -2,7 +2,7 @@ =================================================================== --- etc/login.defs.orig +++ etc/login.defs -@@ -274,3 +274,11 @@ USERGROUPS_ENAB yes +@@ -299,3 +299,11 @@ USERGROUPS_ENAB yes # missing. # #FORCE_SHADOW yes @@ -18,7 +18,7 @@ =================================================================== --- lib/getdef.c.orig +++ lib/getdef.c -@@ -77,6 +77,7 @@ struct itemdef { +@@ -80,6 +80,7 @@ struct itemdef { #define NUMDEFS (sizeof(def_table)/sizeof(def_table[0])) static struct itemdef def_table[] = { @@ -30,7 +30,7 @@ =================================================================== --- libmisc/chkname.c.orig +++ libmisc/chkname.c -@@ -43,30 +43,57 @@ +@@ -43,8 +43,11 @@ #ident "$Id$" #include <ctype.h> @@ -40,13 +40,15 @@ +#include "getdef.h" +#include <stdio.h> - static bool is_valid_name (const char *name) - { + int allow_bad_names = false; + +@@ -54,24 +57,46 @@ static bool is_valid_name (const char *n + return true; + } + - /* - * User/group names must match [a-z_][a-z0-9_-]*[$] - */ -- if (('\0' == *name) || -- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) { + const char *class; + regex_t reg; + int result; @@ -79,7 +81,9 @@ + fprintf (stderr, _("Can't compile regular expression: %s\n"), + buffer); + } */ -+ + +- if (('\0' == *name) || +- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) { + regfree(®); return false; } @@ -98,7 +102,4 @@ + return false; } -+ regfree(®); return true; - } - ++++++ shadow-4.8-selinux-include.patch ++++++ Index: shadow-4.8/lib/selinux.c =================================================================== --- shadow-4.8.orig/lib/selinux.c +++ shadow-4.8/lib/selinux.c @@ -31,6 +31,7 @@ #ifdef WITH_SELINUX +#include <stdio.h> #include "defines.h" #include <selinux/selinux.h> ++++++ shadow-4.8-shell-check.patch ++++++ >From 4ed08824e511fa5247006c71490b0440e1c17319 Mon Sep 17 00:00:00 2001 From: Tomas Mraz <[email protected]> Date: Thu, 16 Jan 2020 12:55:30 +0100 Subject: [PATCH] Make the check for non-executable shell only a warning. Although it is a good idea to check for an inadvertent typo in the shell name it is possible that the shell might not be present on the system yet when the user is added. --- src/useradd.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/useradd.c b/src/useradd.c index c29ae949..a679392d 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -1328,15 +1328,22 @@ static void process_flags (int argc, char **argv) if ( ( !VALID (optarg) ) || ( ('\0' != optarg[0]) && ('/' != optarg[0]) - && ('*' != optarg[0]) ) - || (stat(optarg, &st) != 0) - || (S_ISDIR(st.st_mode)) - || (access(optarg, X_OK) != 0)) { + && ('*' != optarg[0]) )) { fprintf (stderr, _("%s: invalid shell '%s'\n"), Prog, optarg); exit (E_BAD_ARG); } + if ( '\0' != optarg[0] + && '*' != optarg[0] + && strcmp(optarg, "/sbin/nologin") != 0 + && ( stat(optarg, &st) != 0 + || S_ISDIR(st.st_mode) + || access(optarg, X_OK) != 0)) { + fprintf (stderr, + _("%s: Warning: missing or non-executable shell '%s'\n"), + Prog, optarg); + } user_shell = optarg; def_shell = optarg; sflg = true; ++++++ shadow-4.7.tar.xz -> shadow-4.8.tar.xz ++++++ ++++ 87807 lines of diff (skipped) ++++++ shadow-login_defs-comments.patch ++++++ --- /var/tmp/diff_new_pack.6mRroD/_old 2020-01-25 13:22:47.456000556 +0100 +++ /var/tmp/diff_new_pack.6mRroD/_new 2020-01-25 13:22:47.456000556 +0100 @@ -13,7 +13,7 @@ # # Delay in seconds before being allowed another attempt after a login failure -@@ -32,6 +30,15 @@ CONSOLE /etc/securetty +@@ -47,6 +45,15 @@ CONSOLE /etc/securetty #CONSOLE console:tty01:tty02:tty03:tty04 # @@ -29,7 +29,7 @@ # If defined, all su(1) activity is logged to this file. # #SULOG_FILE /var/log/sulog -@@ -79,11 +86,14 @@ ENV_PATH /bin:/usr/bin +@@ -94,11 +101,14 @@ ENV_PATH /bin:/usr/bin ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin #ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin @@ -46,7 +46,7 @@ ALWAYS_SET_PATH no # -@@ -123,6 +133,11 @@ PASS_WARN_AGE 7 +@@ -138,6 +148,11 @@ PASS_WARN_AGE 7 # # Min/max values for automatic uid selection in useradd(8) # @@ -58,7 +58,7 @@ UID_MIN 1000 UID_MAX 60000 # System accounts -@@ -136,6 +151,11 @@ SUB_UID_COUNT 65536 +@@ -151,6 +166,11 @@ SUB_UID_COUNT 65536 # # Min/max values for automatic gid selection in groupadd(8) # @@ -70,7 +70,7 @@ GID_MIN 1000 GID_MAX 60000 # System accounts -@@ -165,7 +185,6 @@ LOGIN_TIMEOUT 60 +@@ -180,7 +200,6 @@ LOGIN_TIMEOUT 60 CHFN_RESTRICT rwh # @@ -78,7 +78,7 @@ # If set to "yes", new passwords will be encrypted using the MD5-based # algorithm compatible with the one used by recent releases of FreeBSD. # It supports passwords of unlimited length and longer salt strings. -@@ -180,7 +199,6 @@ CHFN_RESTRICT rwh +@@ -195,7 +214,6 @@ CHFN_RESTRICT rwh #MD5_CRYPT_ENAB no # @@ -86,14 +86,3 @@ # If set to MD5, MD5-based algorithm will be used for encrypting password # If set to SHA256, SHA256-based algorithm will be used for encrypting password # If set to SHA512, SHA512-based algorithm will be used for encrypting password -@@ -208,8 +226,8 @@ CHFN_RESTRICT rwh - # If only one of the MIN or MAX values is set, then this value will be used. - # If MIN > MAX, the highest value will be used. - # --# SHA_CRYPT_MIN_ROUNDS 5000 --# SHA_CRYPT_MAX_ROUNDS 5000 -+#SHA_CRYPT_MIN_ROUNDS 5000 -+#SHA_CRYPT_MAX_ROUNDS 5000 - - # - # Should login be allowed if we can't cd to the home directory? ++++++ shadow-login_defs-unused-by-pam.patch ++++++ --- /var/tmp/diff_new_pack.6mRroD/_old 2020-01-25 13:22:47.468000561 +0100 +++ /var/tmp/diff_new_pack.6mRroD/_new 2020-01-25 13:22:47.468000561 +0100 @@ -20,7 +20,7 @@ # Enable display of unknown usernames when login(1) failures are recorded. # LOG_UNKFAIL_ENAB no -@@ -27,34 +22,6 @@ LOG_UNKFAIL_ENAB no +@@ -27,11 +22,6 @@ LOG_UNKFAIL_ENAB no LOG_OK_LOGINS no # @@ -29,6 +29,13 @@ -LASTLOG_ENAB yes - -# + # Limit the highest user ID number for which the lastlog entries should + # be updated. + # +@@ -41,29 +31,6 @@ LASTLOG_ENAB yes + #LASTLOG_UID_MAX + + # -# Enable checking and display of mailbox status upon login. -# -# Disable if the shell startup files already check for mail @@ -55,7 +62,7 @@ # Enable "syslog" logging of su(1) activity - in addition to sulog file logging. # SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1). # -@@ -82,46 +49,12 @@ MOTD_FILE /etc/motd +@@ -91,46 +58,12 @@ MOTD_FILE /etc/motd #MOTD_FILE /etc/motd:/usr/lib/news/news-motd # @@ -102,7 +109,7 @@ # If defined, file which inhibits all the usual chatter during the login # sequence. If a full pathname, then hushed mode will be enabled if the # user's name or shell are found in the file. If not a full pathname, then -@@ -131,21 +64,6 @@ HUSHLOGIN_FILE .hushlogin +@@ -140,21 +73,6 @@ HUSHLOGIN_FILE .hushlogin #HUSHLOGIN_FILE /etc/hushlogins # @@ -124,7 +131,7 @@ # *REQUIRED* The default PATH settings, for superuser and normal users. # # (they are minimal, add the rest in the shell startup files) -@@ -171,17 +89,13 @@ TTYPERM 0600 +@@ -180,17 +98,13 @@ TTYPERM 0600 # # ERASECHAR Terminal ERASE character ('\010' = backspace). # KILLCHAR Terminal KILL character ('\025' = CTRL/U). @@ -142,7 +149,7 @@ # Default initial "umask" value used by login(1) on non-PAM enabled systems. # Default "umask" value for pam_umask(8) on PAM enabled systems. -@@ -197,28 +111,13 @@ UMASK 022 +@@ -206,28 +120,13 @@ UMASK 022 # # PASS_MAX_DAYS Maximum number of days a password may be used. # PASS_MIN_DAYS Minimum number of days allowed between password changes. @@ -171,7 +178,7 @@ # Min/max values for automatic uid selection in useradd(8) # UID_MIN 1000 -@@ -255,28 +154,6 @@ LOGIN_RETRIES 5 +@@ -264,28 +163,6 @@ LOGIN_RETRIES 5 LOGIN_TIMEOUT 60 # @@ -200,7 +207,7 @@ # Which fields may be changed by regular users using chfn(1) - use # any combination of letters "frwh" (full name, room number, work # phone, home phone). If not defined, no changes are allowed. -@@ -285,13 +162,6 @@ CHFN_AUTH yes +@@ -294,13 +171,6 @@ CHFN_AUTH yes CHFN_RESTRICT rwh # @@ -214,8 +221,8 @@ # Only works if compiled with MD5_CRYPT defined: # If set to "yes", new passwords will be encrypted using the MD5-based # algorithm compatible with the one used by recent releases of FreeBSD. -@@ -336,29 +206,12 @@ CHFN_RESTRICT rwh - # SHA_CRYPT_MAX_ROUNDS 5000 +@@ -361,29 +231,12 @@ CHFN_RESTRICT rwh + #BCRYPT_MAX_ROUNDS 13 # -# List of groups to add to the user's supplementary group set ++++++ shadow-util-linux.patch ++++++ --- /var/tmp/diff_new_pack.6mRroD/_old 2020-01-25 13:22:47.480000567 +0100 +++ /var/tmp/diff_new_pack.6mRroD/_new 2020-01-25 13:22:47.480000567 +0100 @@ -16,7 +16,7 @@ # # $Id$ # -@@ -17,15 +19,8 @@ FAIL_DELAY 3 +@@ -17,9 +19,8 @@ FAIL_DELAY 3 LOG_UNKFAIL_ENAB no # @@ -24,16 +24,10 @@ +# Enable "syslog" logging of newgrp(1) and sg(1) activity. # -LOG_OK_LOGINS no -- --# --# Enable "syslog" logging of su(1) activity - in addition to sulog file logging. --# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1). --# --SYSLOG_SU_ENAB yes - SYSLOG_SG_ENAB yes # -@@ -63,12 +58,33 @@ MOTD_FILE /etc/motd + # Limit the highest user ID number for which the lastlog entries should +@@ -72,12 +73,33 @@ MOTD_FILE /etc/motd HUSHLOGIN_FILE .hushlogin #HUSHLOGIN_FILE /etc/hushlogins @@ -69,7 +63,7 @@ # # Terminal permissions -@@ -84,19 +100,6 @@ ENV_PATH PATH=/bin:/usr/bin +@@ -93,19 +115,6 @@ ENV_PATH PATH=/bin:/usr/bin TTYGROUP tty TTYPERM 0600 @@ -93,7 +87,7 @@ =================================================================== --- lib/getdef.c.orig +++ lib/getdef.c -@@ -77,6 +77,7 @@ struct itemdef { +@@ -80,6 +80,7 @@ struct itemdef { #define NUMDEFS (sizeof(def_table)/sizeof(def_table[0])) static struct itemdef def_table[] = { @@ -101,7 +95,7 @@ {"CHARACTER_CLASS", NULL}, {"CHFN_RESTRICT", NULL}, {"CONSOLE_GROUPS", NULL}, -@@ -85,6 +86,7 @@ static struct itemdef def_table[] = { +@@ -88,6 +89,7 @@ static struct itemdef def_table[] = { {"DEFAULT_HOME", NULL}, {"ENCRYPT_METHOD", NULL}, {"ENV_PATH", NULL}, @@ -109,7 +103,7 @@ {"ENV_SUPATH", NULL}, {"ERASECHAR", NULL}, {"FAIL_DELAY", NULL}, -@@ -95,6 +97,7 @@ static struct itemdef def_table[] = { +@@ -98,6 +100,7 @@ static struct itemdef def_table[] = { {"KILLCHAR", NULL}, {"LASTLOG_UID_MAX", NULL}, {"LOGIN_RETRIES", NULL},
