commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2020-11-07 21:00:53 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new.11331 (New) Package is "shadow" Sat Nov 7 21:00:53 2020 rev:41 rq:845486 version:4.8.1 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2020-10-15 13:43:50.525139908 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new.11331/shadow.changes 2020-11-07 21:01:12.750041863 +0100 @@ -1,0 +2,8 @@ +Mon Nov 2 15:54:02 UTC 2020 - Dr. Werner Fink + +- Change again useradd.local script to let it work even for system + accounts and work together with SELinux (bsc#1178296) +- Change patch useradd-script.patch to support the four arguments + used by the useradd.local script (bsc#1178296) + +--- Other differences: -- ++ useradd-script.patch ++ --- /var/tmp/diff_new_pack.jJLpK3/_old 2020-11-07 21:01:14.394039353 +0100 +++ /var/tmp/diff_new_pack.jJLpK3/_new 2020-11-07 21:01:14.394039353 +0100 @@ -1,8 +1,12 @@ -Index: etc/login.defs -=== etc/login.defs.orig -+++ etc/login.defs -@@ -212,6 +212,13 @@ CHFN_RESTRICT rwh +--- + etc/login.defs |7 +++ + lib/getdef.c |1 + + src/useradd.c | 41 - + 3 files changed, 48 insertions(+), 1 deletion(-) + +--- etc/login.defs etc/login.defs 2020-10-30 12:54:38.117849829 + +@@ -242,6 +242,13 @@ CHFN_RESTRICT rwh DEFAULT_HOME yes # @@ -16,11 +20,9 @@ # If defined, this command is run when removing a user. # It should remove any at/cron/print jobs etc. owned by # the user to be removed (passed as the first argument). -Index: lib/getdef.c -=== lib/getdef.c.orig -+++ lib/getdef.c -@@ -126,6 +126,7 @@ static struct itemdef def_table[] = { +--- lib/getdef.c lib/getdef.c 2020-10-30 12:54:38.117849829 + +@@ -134,6 +134,7 @@ static struct itemdef def_table[] = { {"UID_MAX", NULL}, {"UID_MIN", NULL}, {"UMASK", NULL}, @@ -28,11 +30,9 @@ {"USERDEL_CMD", NULL}, {"USERDEL_PRECMD", NULL}, {"USERDEL_POSTCMD", NULL}, -Index: src/useradd.c -=== src/useradd.c.orig -+++ src/useradd.c -@@ -2216,6 +2216,30 @@ static void create_mail (void) +--- src/useradd.c src/useradd.c 2020-10-30 13:08:17.378336989 + +@@ -2238,6 +2238,44 @@ static void create_mail (void) } /* @@ -42,20 +42,34 @@ + * account. + */ + -+static void call_script (const char *user) ++static void call_script (const char *user, const uid_t uid, const gid_t gid, const char *home) +{ +const char *cmd; -+const char *argv[3]; ++const char *argv[6]; ++char *strgid, *struid; +int status; + +cmd = getdef_str ("USERADD_CMD"); +if (NULL == cmd) { +return; +} ++if (asprintf(, "%lu", (long unsigned)uid) < 0) { ++(void) fprintf (stderr, _("%s: out of memory\n"), Prog); ++exit(1); ++} ++if (asprintf(, "%lu", (long unsigned)gid) < 0) { ++(void) fprintf (stderr, _("%s: out of memory\n"), Prog); ++exit(1); ++} +argv[0] = cmd; +argv[1] = user; -+argv[2] = (char *)0; ++argv[2] = struid; ++argv[3] = strgid; ++argv[4] = home; ++argv[5] = (char *)0; +(void) run_command (cmd, argv, NULL, ); ++free(strgid); ++free(struid); +} + + @@ -63,11 +77,11 @@ * main - useradd command */ int main (int argc, char **argv) -@@ -2492,6 +2516,7 @@ int main (int argc, char **argv) +@@ -2514,6 +2552,7 @@ int main (int argc, char **argv) nscd_flush_cache ("group"); sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP); -+ call_script (user_name); ++ call_script (user_name, user_id, user_gid, user_home); + return E_SUCCESS; } ++ useradd.local ++ --- /var/tmp/diff_new_pack.jJLpK3/_old 2020-11-07 21:01:14.414039323 +0100 +++ /var/tmp/diff_new_pack.jJLpK3/_new 2020-11-07 21:01:14.418039316 +0100 @@ -21,44 +21,43 @@ exit 1 fi -# definition of "root" $HOME for users -. /etc/default/useradd - USER=$1 -GID=$(id -g $USER) -HOMEDIR=$HOME/$USER -if [ $# -lt 4 ]; then - HOMEDIR=$HOME/$USER -else +if [ $# -eq 4 ]; then + GID=$3 HOMEDIR=$4 +else + GID=$(id -g $USER) + HOMEDIR=$(grep -E "^${USER}:" /etc/passwd| cut
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2020-10-15 13:43:47 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new.3486 (New) Package is "shadow" Thu Oct 15 13:43:47 2020 rev:40 rq:840431 version:4.8.1 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2020-09-23 18:39:21.181263452 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new.3486/shadow.changes 2020-10-15 13:43:50.525139908 +0200 @@ -1,0 +2,11 @@ +Fri Oct 9 13:12:11 UTC 2020 - Dr. Werner Fink + +- Add support for /usr/etc/skel to useradd.local script (boo#1173321) + +--- +Thu Oct 8 03:16:58 UTC 2020 - Stanislav Brabec + +- shadow-login_defs-check.sh: Fix the regexp to get a real variable + list (boo#1164274). + +--- Other differences: -- ++ shadow-login_defs-check.sh ++ --- /var/tmp/diff_new_pack.aN7AB0/_old 2020-10-15 13:43:51.561140312 +0200 +++ /var/tmp/diff_new_pack.aN7AB0/_new 2020-10-15 13:43:51.565140314 +0200 @@ -54,7 +54,7 @@ echo "Extracting variables from pam..." cd openSUSE:Factory/pam/BUILD/* grep -rh LOGIN_DEFS . | - sed -n 's/^.*search_key *("\([A-Z0-9_]*\)", *LOGIN_DEFS).*$/\1/p' | + sed -n 's/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' | LC_ALL=C sort -u >../../../../shadow-login_defs-check-pam.lst cd ../../../.. ++ useradd.local ++ --- /var/tmp/diff_new_pack.aN7AB0/_old 2020-10-15 13:43:51.625140338 +0200 +++ /var/tmp/diff_new_pack.aN7AB0/_new 2020-10-15 13:43:51.625140338 +0200 @@ -21,6 +21,19 @@ exit 1 fi +# definition of "root" $HOME for users +. /etc/default/useradd + +USER=$1 +GID=$(id -g $USER) +HOMEDIR=$HOME/$USER + +if [ $# -lt 4 ]; then + HOMEDIR=$HOME/$USER +else + HOMEDIR=$4 +fi + # Update NIS database # make -C /var/yp @@ -29,16 +42,23 @@ if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled ; then test -x /sbin/restorecon || exit 2 - if [ $# -lt 4 ]; then -home_dir=/home/$1 - else -home_dir=$4 - fi - - if [ -d $home_dir ]; then - /sbin/restorecon -R $home_dir + if [ -d $HOMEDIR ]; then + /sbin/restorecon -R $HOMEDIR fi fi +# +# Copy also skeleton files from /usr/etc/skel (boo#1173321) +# + +USRSKELDIR=/usr/etc/skel +for file in $(ls -A $USRSKELDIR); do + # Only copy if not exist yet, i.e. does *not* exist in /etc/skel, which is still + # being preferred ... + test -e $HOMEDIR/$file && continue + cp -a $USRSKELDIR/$file $HOMEDIR + chown -R $USER.$GID $HOMEDIR/$file +done + # All done. exit 0
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2020-09-23 18:38:48 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new.4249 (New) Package is "shadow" Wed Sep 23 18:38:48 2020 rev:39 rq:834532 version:4.8.1 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2020-06-11 14:37:10.163997009 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new.4249/shadow.changes 2020-09-23 18:39:21.181263452 +0200 @@ -1,0 +2,13 @@ +Tue Sep 8 00:56:37 UTC 2020 - Stanislav Brabec + +- login.defs: Add support for new util-linux-2.36 login variable + MOTD_FIRSTONLY (shadow-util-linux.patch). +- shadow-login_defs-comments.patch: Remove duplicated + LASTLOG_UID_MAX. +- shadow-login_defs-check.sh: Update for new build system. +- shadow-util-linux.patch: Restore lost chunk: SYSLOG_SU_ENAB is + not used in SUSE Linux. +- Refresh shadow-login_defs-suse.patch and + shadow-login_defs-comments.patch. + +--- Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.xHmzeo/_old 2020-09-23 18:39:23.341265440 +0200 +++ /var/tmp/diff_new_pack.xHmzeo/_new 2020-09-23 18:39:23.341265440 +0200 @@ -86,7 +86,7 @@ # encryption_method_nis.patch has to be ported! # Call shadow-login_defs-check.sh before! Provides: login_defs-support-for-pam = 1.3.1 -Provides: login_defs-support-for-util-linux = 2.33.1 +Provides: login_defs-support-for-util-linux = 2.36 Provides: useradd_or_adduser_dep %description ++ shadow-login_defs-check.sh ++ --- /var/tmp/diff_new_pack.xHmzeo/_old 2020-09-23 18:39:23.421265513 +0200 +++ /var/tmp/diff_new_pack.xHmzeo/_new 2020-09-23 18:39:23.421265513 +0200 @@ -104,7 +104,7 @@ echo "Extracting variables from lib/getdef.c..." # Extract variables referenced in lib/getdef.c using current defines. -sed -n 's/^\(},\|\) {"\([A-Z0-9_]*\)", /\2/p' ../../shadow-login_defs-check-getdef.lst +sed -n 's/^\(},\|\) {"\([A-Z0-9_]*\)", /\2/p' ../../shadow-login_defs-check-getdef.lst LC_ALL=C sort -u ../../shadow-login_defs-check-getdef.lst >../../shadow-login_defs-check-getdef-sorted.lst echo "Extracting variables from shadow..." ++ shadow-login_defs-comments.patch ++ --- /var/tmp/diff_new_pack.xHmzeo/_old 2020-09-23 18:39:23.433265524 +0200 +++ /var/tmp/diff_new_pack.xHmzeo/_new 2020-09-23 18:39:23.437265528 +0200 @@ -13,7 +13,23 @@ # # Delay in seconds before being allowed another attempt after a login failure -@@ -47,6 +45,15 @@ CONSOLE /etc/securetty +@@ -23,15 +21,6 @@ LOG_UNKFAIL_ENABno + # + + # +-# Limit the highest user ID number for which the lastlog entries should +-# be updated. +-# +-# No LASTLOG_UID_MAX means that there is no user ID limit for writing +-# lastlog entries. +-# +-#LASTLOG_UID_MAX +- +-# + # Enable "syslog" logging of newgrp(1) and sg(1) activity - in addition + # to sulog file logging. + # +@@ -46,6 +35,15 @@ CONSOLE /etc/securetty #CONSOLE console:tty01:tty02:tty03:tty04 # @@ -29,7 +45,7 @@ # If defined, all su(1) activity is logged to this file. # #SULOG_FILE /var/log/sulog -@@ -94,11 +101,14 @@ ENV_PATH /bin:/usr/bin +@@ -99,11 +97,14 @@ ENV_PATH /bin:/usr/bin ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin #ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin @@ -46,7 +62,7 @@ ALWAYS_SET_PATH no # -@@ -138,6 +148,11 @@ PASS_WARN_AGE 7 +@@ -148,6 +149,11 @@ PASS_WARN_AGE 7 # # Min/max values for automatic uid selection in useradd(8) # @@ -58,7 +74,7 @@ UID_MIN1000 UID_MAX 6 # System accounts -@@ -151,6 +166,11 @@ SUB_UID_COUNT 65536 +@@ -161,6 +167,11 @@ SUB_UID_COUNT 65536 # # Min/max values for automatic gid selection in groupadd(8) # @@ -70,7 +86,7 @@ GID_MIN1000 GID_MAX 6 # System accounts -@@ -180,7 +200,6 @@ LOGIN_TIMEOUT 60 +@@ -190,7 +201,6 @@ LOGIN_TIMEOUT 60 CHFN_RESTRICT rwh # @@ -78,7 +94,7 @@ # If set to "yes", new passwords will be encrypted using the MD5-based # algorithm compatible with the one used by recent releases of FreeBSD. # It supports passwords of unlimited length and longer salt strings. -@@ -195,7 +214,6 @@ CHFN_RESTRICT rwh +@@ -205,7 +215,6 @@ CHFN_RESTRICT rwh #MD5_CRYPT_ENAB no # ++ shadow-login_defs-suse.patch ++ --- /var/tmp/diff_new_pack.xHmzeo/_old 2020-09-23 18:39:23.449265538 +0200 +++ /var/tmp/diff_new_pack.xHmzeo/_new 2020-09-23 18:39:23.449265538 +0200
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2020-06-11 14:37:08 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new.3606 (New) Package is "shadow" Thu Jun 11 14:37:08 2020 rev:38 rq:809695 version:4.8.1 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2020-02-04 19:51:01.945240381 +0100 +++ /work/SRC/openSUSE:Factory/.shadow.new.3606/shadow.changes 2020-06-11 14:37:10.163997009 +0200 @@ -1,0 +2,8 @@ +Fri May 22 11:21:15 UTC 2020 - Fabian Vogt + +- Use pure #!/bin/sh in: + * useradd.local + * userdel-post.local + * userdel-pre.local + +--- Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.3w6hbu/_old 2020-06-11 14:37:10.975999369 +0200 +++ /var/tmp/diff_new_pack.3w6hbu/_new 2020-06-11 14:37:10.97382 +0200 @@ -1,7 +1,7 @@ # # spec file for package shadow # -# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++ useradd.local ++ --- /var/tmp/diff_new_pack.3w6hbu/_old 2020-06-11 14:37:11.11789 +0200 +++ /var/tmp/diff_new_pack.3w6hbu/_new 2020-06-11 14:37:11.11789 +0200 @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # # Here you can add your own stuff, that should be done for every user who # was new created. ++ userdel-post.local ++ --- /var/tmp/diff_new_pack.3w6hbu/_old 2020-06-11 14:37:11.131999824 +0200 +++ /var/tmp/diff_new_pack.3w6hbu/_new 2020-06-11 14:37:11.131999824 +0200 @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # # Here you can add your own stuff, that should be done for every user # which we deleted. ++ userdel-pre.local ++ --- /var/tmp/diff_new_pack.3w6hbu/_old 2020-06-11 14:37:11.143999859 +0200 +++ /var/tmp/diff_new_pack.3w6hbu/_new 2020-06-11 14:37:11.143999859 +0200 @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh # # Here you can add your own stuff, that should be done for every user # who will be deleted.
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2020-02-04 19:50:58 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new.26092 (New) Package is "shadow" Tue Feb 4 19:50:58 2020 rev:37 rq:767297 version:4.8.1 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2020-01-25 13:22:44.67340 +0100 +++ /work/SRC/openSUSE:Factory/.shadow.new.26092/shadow.changes 2020-02-04 19:51:01.945240381 +0100 @@ -1,0 +2,17 @@ +Fri Jan 24 08:09:23 UTC 2020 - Michael Vetter + +- Update to 4.8.1: + * selinux: include stdio + * man: don't suggest making groupmems user-writeable + * Makefile: bail out on error in for loops + * Adding logging of SSH_ORIGINAL_COMMAND to nologin + * add new HOME_MODE login.defs option + * Add tty logging to useradd + * Useradd: make non-executable shell check only a warning + * Update Dutch translation + * user_busy: Do not mistake a regular user process for a namespaced one + * Revert "Honor --sbindir and --bindir for binary installation" +- Remove shadow-4.8-shell-check.patch: included +- Remove shadow-4.8-selinux-include.patch: upstreamed + +--- Old: shadow-4.8-selinux-include.patch shadow-4.8-shell-check.patch shadow-4.8.tar.xz shadow-4.8.tar.xz.asc New: shadow-4.8.1.tar.xz shadow-4.8.1.tar.xz.asc Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.B0lStT/_old 2020-02-04 19:51:03.949241550 +0100 +++ /var/tmp/diff_new_pack.B0lStT/_new 2020-02-04 19:51:03.973241564 +0100 @@ -23,7 +23,7 @@ %endif Name: shadow -Version:4.8 +Version:4.8.1 Release:0 Summary:Utilities to Manage User and Group Accounts License:BSD-3-Clause AND GPL-2.0-or-later @@ -61,10 +61,6 @@ Patch13:shadow-login_defs-comments.patch # PATCH-FEATURE-SUSE shadow-login_defs-suse.patch ku...@suse.com -- Customize login.defs. Patch14:shadow-login_defs-suse.patch -# PATCH-FIX-UPSTREAM shadow-4.8-selinux-include.patch mvet...@suse.com -- https://github.com/shadow-maint/shadow/pull/200 -Patch15:shadow-4.8-selinux-include.patch -# PATCH-FEATURE mvet...@suse.com -- bsc#1160729 https://github.com/shadow-maint/shadow/pull/210 -Patch16:shadow-4.8-shell-check.patch # PATCH-FIX-SUSE disable_new_audit_function.patch adam.ma...@suse.de -- Disable newer libaudit functionality for older distributions. Patch20:disable_new_audit_function.patch BuildRequires: audit-devel > 2.3 @@ -110,8 +106,6 @@ %patch7 %patch13 %patch14 -%patch15 -p1 -%patch16 -p1 %if 0%{?suse_version} < 1330 %patch20 -p1 %endif ++ shadow-4.8.tar.xz -> shadow-4.8.1.tar.xz ++ 35441 lines of diff (skipped)
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2020-01-25 13:22:40 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new.26092 (New) Package is "shadow" Sat Jan 25 13:22:40 2020 rev:36 rq:765745 version:4.8 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2019-10-22 15:36:46.617125426 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new.26092/shadow.changes 2020-01-25 13:22:44.67340 +0100 @@ -1,0 +2,44 @@ +Mon Jan 20 10:36:20 UTC 2020 - Michael Vetter + +- Set 0755 for chpasswd, groupadd, groupdel, groupmod, newusers, + useradd, userdel, usermod explicitly. + +--- +Thu Jan 16 12:54:39 UTC 2020 - Michael Vetter + +- bsc#1160729: Make valid shell check only a warning + * Add shadow-4.8-shell-check.patch + +--- +Tue Dec 17 12:43:01 UTC 2019 - Michael Vetter + +- Update to 4.8: + * Initial optional bcrypt support. + * Make build/install of 'su' optional. + * Fix for vipw not resuming correctly when suspended + * Sync password field descriptions in manpages + * Check for valid shell argument in useradd + * Allow translation of new strings through POTFILES.in + * Migrate to itstool for translations + * Migrate to new SELinux api + * Support --enable-vendordir + * pwck: Only check homedir if set and not a system user + * Support nonstandard usernames + * sget{pw,gr}ent: check for data at EOL + * Add YYY-MM-DD support in chage + * Fix failing chmod calls for suidubins + * Fix --sbindir and --bindir for binary installations + * Fix LASTLOG_UID_MAX in login.defs + * Fix configure error with dash +- Remove because upstreamed: + * libeconf.patch + * shadow-usermod-variable.patch +- Rebase: + * shadow-login_defs-unused-by-pam.patch + * chkname-regex.patch + * shadow-util-linux.patch + * shadow-login_defs-comments.patch +- Add shadow-4.8-selinux-include.patch + See https://github.com/shadow-maint/shadow/pull/200 + +--- Old: libeconf.patch shadow-4.7.tar.xz shadow-4.7.tar.xz.asc shadow-usermod-variable.patch New: shadow-4.8-selinux-include.patch shadow-4.8-shell-check.patch shadow-4.8.tar.xz shadow-4.8.tar.xz.asc Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.6mRroD/_old 2020-01-25 13:22:46.656000205 +0100 +++ /var/tmp/diff_new_pack.6mRroD/_new 2020-01-25 13:22:46.656000205 +0100 @@ -1,7 +1,7 @@ # # spec file for package shadow # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -23,7 +23,7 @@ %endif Name: shadow -Version:4.7 +Version:4.8 Release:0 Summary:Utilities to Manage User and Group Accounts License:BSD-3-Clause AND GPL-2.0-or-later @@ -61,12 +61,12 @@ Patch13:shadow-login_defs-comments.patch # PATCH-FEATURE-SUSE shadow-login_defs-suse.patch ku...@suse.com -- Customize login.defs. Patch14:shadow-login_defs-suse.patch +# PATCH-FIX-UPSTREAM shadow-4.8-selinux-include.patch mvet...@suse.com -- https://github.com/shadow-maint/shadow/pull/200 +Patch15:shadow-4.8-selinux-include.patch +# PATCH-FEATURE mvet...@suse.com -- bsc#1160729 https://github.com/shadow-maint/shadow/pull/210 +Patch16:shadow-4.8-shell-check.patch # PATCH-FIX-SUSE disable_new_audit_function.patch adam.ma...@suse.de -- Disable newer libaudit functionality for older distributions. Patch20:disable_new_audit_function.patch -# PATCH-FIX-UPSTREAM shadow-usermod-variable.patch https://github.com/shadow-maint/shadow/pull/170 sbra...@suse.com -- Fix variable name. -Patch21:shadow-usermod-variable.patch -# PATCH-FEATURE-UPSTREAM libeconf.patch https://github.com/shadow-maint/shadow/pull/180 ku...@suse.com -- Add support for a vendor directory and libeconf -Patch22:libeconf.patch BuildRequires: audit-devel > 2.3 BuildRequires: autoconf BuildRequires: automake @@ -110,11 +110,11 @@ %patch7 %patch13 %patch14 +%patch15 -p1 +%patch16 -p1 %if 0%{?suse_version} < 1330 %patch20 -p1 %endif -%patch21
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2019-10-22 15:36:45 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new.2352 (New) Package is "shadow" Tue Oct 22 15:36:45 2019 rev:35 rq:736424 version:4.7 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2019-09-07 11:27:10.406481166 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new.2352/shadow.changes 2019-10-22 15:36:46.617125426 +0200 @@ -1,0 +2,7 @@ +Mon Oct 7 09:50:30 CEST 2019 - ku...@suse.de + +- libeconf.patch: Add support for libeconf and /usr/etc for + login.defs. +- Move first configuration files and pam config files to /usr/etc + +--- New: libeconf.patch Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.KoCbsM/_old 2019-10-22 15:36:47.417126310 +0200 +++ /var/tmp/diff_new_pack.KoCbsM/_new 2019-10-22 15:36:47.421126314 +0200 @@ -16,6 +16,12 @@ # +%if ! %{defined _distconfdir} + %define _distconfdir %{_sysconfdir} +%else + %define no_config 1 +%endif + Name: shadow Version:4.7 Release:0 @@ -59,11 +65,14 @@ Patch20:disable_new_audit_function.patch # PATCH-FIX-UPSTREAM shadow-usermod-variable.patch https://github.com/shadow-maint/shadow/pull/170 sbra...@suse.com -- Fix variable name. Patch21:shadow-usermod-variable.patch +# PATCH-FEATURE-UPSTREAM libeconf.patch https://github.com/shadow-maint/shadow/pull/180 ku...@suse.com -- Add support for a vendor directory and libeconf +Patch22:libeconf.patch BuildRequires: audit-devel > 2.3 BuildRequires: autoconf BuildRequires: automake BuildRequires: libacl-devel BuildRequires: libattr-devel +BuildRequires: libeconf-devel BuildRequires: libselinux-devel BuildRequires: libsemanage-devel BuildRequires: libtool @@ -105,6 +114,7 @@ %patch20 -p1 %endif %patch21 -p1 +%patch22 -p1 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 mv -v doc/HOWTO.utf8 doc/HOWTO @@ -126,7 +136,8 @@ --with-selinux \ --without-libcrack \ --disable-shared \ - --with-group-name-max-length=32 + --with-group-name-max-length=32 \ + --enable-vendordir=%{_distconfdir} make %{?_smp_mflags} V=1 %install @@ -200,10 +211,19 @@ rm -rf %{buildroot}%{_mandir}/{??,??_??} +# Move /etc to /usr/etc +if [ ! -d %{buildroot}%{_distconfdir} ]; then +mkdir -p %{buildroot}%{_distconfdir} +mv %{buildroot}%{_sysconfdir}/{login.defs,pam.d} %{buildroot}%{_distconfdir} +fi + %find_lang shadow %pre %service_add_pre shadow.service shadow.timer +for i in login.defs pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do + test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i}.rpmsave.old ||: +done %post %set_permissions %{_bindir}/chage @@ -235,13 +255,38 @@ %postun %service_del_postun shadow.service shadow.timer +%posttrans +# Migration to /usr/etc +for i in login.defs pam.d/chage pam.d/chfn pam.d/chpasswd pam.d/chsh pam.d/groupadd pam.d/groupdel pam.d/groupmod pam.d/newusers pam.d/passwd pam.d/useradd pam.d/userdel pam.d/usermod; do + test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||: +done + %files -f shadow.lang %license COPYING %doc NEWS doc/HOWTO README README.changes-pwdutils +%if %{defined no_config} +%attr(0644,root,root) %{_distconfdir}/login.defs +%else %attr(0644,root,root) %config %{_sysconfdir}/login.defs +%endif %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/default/useradd %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subuid %verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subgid +%if %{defined no_config} +%{_distconfdir}/pam.d/chage +%{_distconfdir}/pam.d/chfn +%{_distconfdir}/pam.d/chsh +%{_distconfdir}/pam.d/passwd +%{_distconfdir}/pam.d/useradd +%{_distconfdir}/pam.d/chpasswd +%{_distconfdir}/pam.d/groupadd +%{_distconfdir}/pam.d/groupdel +%{_distconfdir}/pam.d/groupmod +%{_distconfdir}/pam.d/newusers +%{_distconfdir}/pam.d/useradd +%{_distconfdir}/pam.d/userdel +%{_distconfdir}/pam.d/usermod +%else %config %{_sysconfdir}/pam.d/chage %config %{_sysconfdir}/pam.d/chfn %config %{_sysconfdir}/pam.d/chsh @@ -255,6 +300,7 @@ %config %{_sysconfdir}/pam.d/useradd %config %{_sysconfdir}/pam.d/userdel %config %{_sysconfdir}/pam.d/usermod +%endif %verify(not mode) %attr(2755,root,shadow) %{_bindir}/chage %verify(not mode) %attr(4755,root,shadow) %{_bindir}/chfn %verify(not mode) %attr(4755,root,shadow) %{_bindir}/chsh ++ libeconf.patch ++ >From
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2019-09-07 11:27:09 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new.7948 (New) Package is "shadow" Sat Sep 7 11:27:09 2019 rev:34 rq:727986 version:4.7 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2019-08-05 11:18:33.518506694 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new.7948/shadow.changes 2019-09-07 11:27:10.406481166 +0200 @@ -1,0 +2,14 @@ +Mon Sep 2 11:12:59 UTC 2019 - mvet...@suse.com + +- bsc#1144060: Add pam_keyinit.so to /etc/pam.d configuration files + to support kernel keyring feature +- Update pamd.tar.bz2 with pam configuration files accordingly + +--- +Mon Aug 19 14:50:02 CEST 2019 - ku...@suse.de + +- encryption_method_nis.patch: drop, DES should really not be used + anymore anywhere, even with NIS +- shadow-login_defs-suse.patch: remove encryption NIS entry + +--- Old: encryption_method_nis.patch Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.Tmfwn4/_old 2019-09-07 11:27:11.130481076 +0200 +++ /var/tmp/diff_new_pack.Tmfwn4/_new 2019-09-07 11:27:11.134481075 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -51,8 +51,6 @@ Patch6: shadow-4.1.5.1-userdel-helpfix.patch # PATCH-FIX-FEDORA shadow-4.1.5.1-logmsg.patch ku...@suse.com -- Fix error message. Patch7: shadow-4.1.5.1-logmsg.patch -# PATCH-FEATURE-SUSE encryption_method_nis.patch ku...@suse.com -- Add support for ENCRYPT_METHOD_NIS used by SUSE patch in pam (pam_unix). -Patch10:encryption_method_nis.patch # PATCH-FEATURE-SUSE shadow-login_defs-comments.patch ku...@suse.com -- Adjust login.defs comments. Patch13:shadow-login_defs-comments.patch # PATCH-FEATURE-SUSE shadow-login_defs-suse.patch ku...@suse.com -- Customize login.defs. @@ -101,7 +99,6 @@ %patch5 %patch6 %patch7 -%patch10 %patch13 %patch14 %if 0%{?suse_version} < 1330 ++ pamd.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/etc/pam.d/chage new/etc/pam.d/chage --- old/etc/pam.d/chage 2012-02-01 14:30:28.0 +0100 +++ new/etc/pam.d/chage 2019-09-03 13:12:38.521810064 +0200 @@ -3,4 +3,5 @@ authincludecommon-auth account includecommon-account password include common-password +session optional pam_keyinit.so revoke session includecommon-session diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/etc/pam.d/chfn new/etc/pam.d/chfn --- old/etc/pam.d/chfn 2012-09-21 15:10:04.0 +0200 +++ new/etc/pam.d/chfn 2019-09-03 13:12:38.521810064 +0200 @@ -3,5 +3,6 @@ auth includecommon-auth account includecommon-account password includecommon-password +session optional pam_keyinit.so revoke session includecommon-session diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/etc/pam.d/chpasswd new/etc/pam.d/chpasswd --- old/etc/pam.d/chpasswd 2012-09-21 15:10:08.0 +0200 +++ new/etc/pam.d/chpasswd 2019-09-03 13:12:38.521810064 +0200 @@ -3,5 +3,6 @@ auth includecommon-auth account includecommon-account password includecommon-password +session optional pam_keyinit.so revoke session includecommon-session diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/etc/pam.d/chsh new/etc/pam.d/chsh --- old/etc/pam.d/chsh 2012-09-21 15:10:11.0 +0200 +++ new/etc/pam.d/chsh 2019-09-03 13:12:38.521810064 +0200 @@ -3,5 +3,6 @@ auth includecommon-auth account includecommon-account password includecommon-password +session optional pam_keyinit.so revoke session includecommon-session diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/etc/pam.d/groupadd new/etc/pam.d/groupadd --- old/etc/pam.d/groupadd 2012-02-01 14:30:28.0 +0100 +++ new/etc/pam.d/groupadd 2019-09-03 13:12:38.521810064 +0200 @@ -3,4 +3,5 @@ auth required pam_permit.so account required pam_permit.so password required pam_permit.so +session optional pam_keyinit.so
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2019-08-05 11:18:32 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new.4126 (New) Package is "shadow" Mon Aug 5 11:18:32 2019 rev:33 rq:719471 version:4.7 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2019-07-13 13:33:10.879355040 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new.4126/shadow.changes 2019-08-05 11:18:33.518506694 +0200 @@ -1,0 +2,28 @@ +Fri Jul 26 23:44:56 CEST 2019 - sbra...@suse.com + +- Fix incorrect variable name in usermod + (shadow-usermod-variable.patch). +- shadow-login_defs-comments.patch: + * Drop SHA_CRYPT_*_ROUNDS that are in the upstream login.defs. + * Add missing LASTLOG_UID_MAX. + * Refresh shadow-login_defs-suse.patch. +- Port shadow-login_defs-check.sh to match the current spec file + and login.defs. + +--- +Thu Jul 25 15:27:15 CEST 2019 - ku...@suse.de + +- Provide "useradd_or_adduser_dep" for sysuser-shadow + +--- +Sat Jul 20 02:11:10 CEST 2019 - sbra...@suse.com + +- shadow-login_defs-suse.patch: Set ALWAYS_SET_PATH default to + "yes" (bsc#353876#c7). + +--- +Fri Jul 19 10:19:44 UTC 2019 - sbra...@suse.com + +- Fix comment about patch in spec file + +--- @@ -62 +90 @@ - * shadow-login_defs-util-linux.patch + * shadow-util-linux.patch New: shadow-usermod-variable.patch Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.aLhSZv/_old 2019-08-05 11:18:34.254506392 +0200 +++ /var/tmp/diff_new_pack.aLhSZv/_new 2019-08-05 11:18:34.254506392 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -49,7 +49,7 @@ Patch5: shadow-util-linux.patch # PATCH-FEATURE-FEDORA shadow-4.1.5.1-userdel-helpfix.patch christian.brau...@mailbox.org -- Give a hint about what happens when you force the removal of a user. Patch6: shadow-4.1.5.1-userdel-helpfix.patch -# PATCH-FIX-FEDORA shadow-4.1.5.1-userdel-helpfix.patch ku...@suse.com -- Fix error message. +# PATCH-FIX-FEDORA shadow-4.1.5.1-logmsg.patch ku...@suse.com -- Fix error message. Patch7: shadow-4.1.5.1-logmsg.patch # PATCH-FEATURE-SUSE encryption_method_nis.patch ku...@suse.com -- Add support for ENCRYPT_METHOD_NIS used by SUSE patch in pam (pam_unix). Patch10:encryption_method_nis.patch @@ -59,6 +59,8 @@ Patch14:shadow-login_defs-suse.patch # PATCH-FIX-SUSE disable_new_audit_function.patch adam.ma...@suse.de -- Disable newer libaudit functionality for older distributions. Patch20:disable_new_audit_function.patch +# PATCH-FIX-UPSTREAM shadow-usermod-variable.patch https://github.com/shadow-maint/shadow/pull/170 sbra...@suse.com -- Fix variable name. +Patch21:shadow-usermod-variable.patch BuildRequires: audit-devel > 2.3 BuildRequires: autoconf BuildRequires: automake @@ -82,6 +84,7 @@ # Call shadow-login_defs-check.sh before! Provides: login_defs-support-for-pam = 1.3.1 Provides: login_defs-support-for-util-linux = 2.33.1 +Provides: useradd_or_adduser_dep %description This package includes the necessary programs for converting plain @@ -104,6 +107,7 @@ %if 0%{?suse_version} < 1330 %patch20 -p1 %endif +%patch21 -p1 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 mv -v doc/HOWTO.utf8 doc/HOWTO ++ shadow-login_defs-check.sh ++ --- /var/tmp/diff_new_pack.aLhSZv/_old 2019-08-05 11:18:34.330506362 +0200 +++ /var/tmp/diff_new_pack.aLhSZv/_new 2019-08-05 11:18:34.334506360 +0200 @@ -69,9 +69,9 @@ patch <../../shadow-login_defs-check-login_defs.lst +sed -n "s/^#//;s/\([A-Z0-9_]*\)\([[:space:]].*\|\)$/\1/p" ../../shadow-login_defs-check-login_defs.lst LC_ALL=C sort -u ../../shadow-login_defs-check-login_defs.lst >../../shadow-login_defs-check-login_defs-sorted.lst echo "Extracting variables from lib/getdef.c..." ++ shadow-login_defs-comments.patch ++ --- /var/tmp/diff_new_pack.aLhSZv/_old 2019-08-05 11:18:34.342506357 +0200 +++ /var/tmp/diff_new_pack.aLhSZv/_new 2019-08-05 11:18:34.346506355 +0200 @@ -13,7 +13,23 @@ # # Delay in seconds before being allowed another attempt after a login failure -@@ -79,11 +77,14 @@ ENV_PATH /bin:/usr/bin +@@
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2019-07-13 13:33:06 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new.4615 (New) Package is "shadow" Sat Jul 13 13:33:06 2019 rev:32 rq:709907 version:4.7 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2019-06-12 13:05:27.061204960 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new.4615/shadow.changes 2019-07-13 13:33:10.879355040 +0200 @@ -1,0 +2,42 @@ +Fri Jun 14 06:20:46 UTC 2019 - mvet...@suse.com + +- Update to 4.7: + * Spawn: don't loop forever on ECHILD + * Do not fail locking if there is a stale lockfile (Tomas Mraz) + * Use lckpwdf if prefix not set (Tomas Mraz) + * Build: check correct DocBook version (Jan Tojnar) + * Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn) + * Add support for btrfs subvolumes for home (Adam Majer) + * Fix chpasswd long line handling (Nathan Ruiz) + * Use secure_getenv for gettime (Chris Lamb) + * Make sp_lstchg reproducible (Chris Lamb) + * Do not crash commonio_close if db file is not open (Tomas Mraz) + * Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez) + * French manpage update (Alban VIDAL) + * Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz) + * Sync po files from shadow.pot (Alban VIDAL) + * Usermod: guard against unsafe chown of homedir contents (Tomas Mraz) + * Add LASTLOG_UID_MAX to login.defs (Tomas Mraz) + * new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner) + * Fix segfault in useradd (Tomas Mraz) + * Coverity issues (Tomas Mraz) + * Flush sssd caches (Jakub Hrozek) + * Log UID in nologin (Vladimir Ivanov) + * run pam_getenvlist after setup_env in su.c (Michael Vogt) + * Support systems with only utmpx (A. Wilcox) + * Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal)) + * Update po/zh_CN translation (Lion Yang) + * Create parent dirs for useradd -m (Michael Vetter) + * Prevent usermod segv + * Fix usermod crash (fariouche) +- Remove btrfs-subvolumes.patch (fate#316134): + upstreamed: https://github.com/shadow-maint/shadow/pull/149 +- Remove useradd-mkdirs.patch (bsc#865563): + upstreamed https://github.com/shadow-maint/shadow/pull/112 +- Remove shadow-4.6.0-fix-usermod-prefix-crash.patch + upstreamed https://github.com/shadow-maint/shadow/issues/110 +- Rebase userdel-script.patch +- Rebase useradd-script.patch +- Rebase shadow-util-linux.patch + +--- Old: btrfs-subvolumes.patch shadow-4.6.0-fix-usermod-prefix-crash.patch shadow-4.6.tar.xz shadow-4.6.tar.xz.asc useradd-mkdirs.patch New: shadow-4.7.tar.xz shadow-4.7.tar.xz.asc Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.hPFZRo/_old 2019-07-13 13:33:13.063354489 +0200 +++ /var/tmp/diff_new_pack.hPFZRo/_new 2019-07-13 13:33:13.063354489 +0200 @@ -12,12 +12,12 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: shadow -Version:4.6 +Version:4.7 Release:0 Summary:Utilities to Manage User and Group Accounts License:BSD-3-Clause AND GPL-2.0-or-later @@ -53,18 +53,12 @@ Patch7: shadow-4.1.5.1-logmsg.patch # PATCH-FEATURE-SUSE encryption_method_nis.patch ku...@suse.com -- Add support for ENCRYPT_METHOD_NIS used by SUSE patch in pam (pam_unix). Patch10:encryption_method_nis.patch -# PATCH-FIX-SUSE useradd-mkdirs.patch bnc865563 tbehr...@suse.com -- Create all parts of the path. -Patch11:useradd-mkdirs.patch -# PATCH-FIX-SUSE shadow-4.6.0-fix-usermod-prefix-crash.patch https://github.com/shadow-maint/shadow/issues/110 mvet...@suse.com -- Fixes crash in usermod when called with --prefix. -Patch12:shadow-4.6.0-fix-usermod-prefix-crash.patch # PATCH-FEATURE-SUSE shadow-login_defs-comments.patch ku...@suse.com -- Adjust login.defs comments. Patch13:shadow-login_defs-comments.patch # PATCH-FEATURE-SUSE shadow-login_defs-suse.patch ku...@suse.com -- Customize login.defs. Patch14:shadow-login_defs-suse.patch # PATCH-FIX-SUSE disable_new_audit_function.patch adam.ma...@suse.de -- Disable newer libaudit functionality for older distributions. Patch20:disable_new_audit_function.patch -# PATCH-FEATURE-SUSE btrfs-subvolumes.patch fate316134 adam.ma...@suse.de -- Add support for btrfs subvolumes for user homes. -Patch21:btrfs-subvolumes.patch
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2019-06-12 13:05:24 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new.4811 (New) Package is "shadow" Wed Jun 12 13:05:24 2019 rev:31 rq:706602 version:4.6 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2019-05-12 11:31:37.497558369 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new.4811/shadow.changes 2019-06-12 13:05:27.061204960 +0200 @@ -1,0 +2,12 @@ +Thu May 30 11:15:49 UTC 2019 - Martin Pluskal + +- Make building more verbose +- Use spec-cleaner + +--- +Thu May 2 09:45:48 UTC 2019 - lnus...@suse.de + +- don't specify MOTD_FILE in login.defs but fall back to built in + defaults of login (boo#1133929) + +--- Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.WLrSNi/_old 2019-06-12 13:05:28.393204401 +0200 +++ /var/tmp/diff_new_pack.WLrSNi/_new 2019-06-12 13:05:28.397204399 +0200 @@ -22,7 +22,7 @@ Summary:Utilities to Manage User and Group Accounts License:BSD-3-Clause AND GPL-2.0-or-later Group: System/Base -Url:https://github.com/shadow-maint/shadow +URL:https://github.com/shadow-maint/shadow Source: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz Source1:pamd.tar.bz2 Source2:README.changes-pwdutils @@ -77,8 +77,8 @@ BuildRequires: xz Requires(pre): group(root) Requires(pre): group(shadow) +Requires(pre): permissions Requires(pre): user(root) -PreReq: permissions Provides: pwdutils = 3.2.20 Obsoletes: pwdutils <= 3.2.19 # Virtual provides for supported variables in login.defs. @@ -135,11 +135,11 @@ --without-libcrack \ --disable-shared \ --with-group-name-max-length=32 -make +make %{?_smp_mflags} V=1 %install cp %{SOURCE2} . -make install DESTDIR=%{buildroot} gnulocaledir=%{buildroot}/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs +%make_install gnulocaledir=%{buildroot}/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs # install useradd.local, userdel.local, ... install -m 0755 %{SOURCE3} %{buildroot}/%{_sbindir}/ @@ -291,36 +291,36 @@ %verify(not md5 size mtime) %config(noreplace) %{_sbindir}/useradd.local %verify(not md5 size mtime) %config(noreplace) %{_sbindir}/userdel-pre.local %verify(not md5 size mtime) %config(noreplace) %{_sbindir}/userdel-post.local -%{_mandir}/man1/chage.1* -%{_mandir}/man1/chfn.1* -%{_mandir}/man1/chsh.1* -%{_mandir}/man1/expiry.1* -%{_mandir}/man1/gpasswd.1* -%{_mandir}/man1/newgrp.1* -%{_mandir}/man1/passwd.1* -%{_mandir}/man1/sg.1* -%{_mandir}/man3/shadow.3* -%{_mandir}/man5/login.defs.5* -%{_mandir}/man5/shadow.5* -%{_mandir}/man8/chpasswd.8* -%{_mandir}/man8/groupadd.8* -%{_mandir}/man8/groupdel.8* -%{_mandir}/man8/groupmod.8* -%{_mandir}/man8/grpck.8* -%{_mandir}/man8/lastlog.8* -%{_mandir}/man8/newusers.8* -%{_mandir}/man8/pwck.8* -%{_mandir}/man8/pwconv.8* -%{_mandir}/man8/pwunconv.8* -%{_mandir}/man8/useradd.8* -%{_mandir}/man8/userdel.8* -%{_mandir}/man8/usermod.8* -%{_mandir}/man8/vigr.8* -%{_mandir}/man8/vipw.8* -%{_mandir}/man5/subuid.5* -%{_mandir}/man5/subgid.5* -%{_mandir}/man1/newgidmap.1* -%{_mandir}/man1/newuidmap.1* +%{_mandir}/man1/chage.1%{?ext_man} +%{_mandir}/man1/chfn.1%{?ext_man} +%{_mandir}/man1/chsh.1%{?ext_man} +%{_mandir}/man1/expiry.1%{?ext_man} +%{_mandir}/man1/gpasswd.1%{?ext_man} +%{_mandir}/man1/newgrp.1%{?ext_man} +%{_mandir}/man1/passwd.1%{?ext_man} +%{_mandir}/man1/sg.1%{?ext_man} +%{_mandir}/man3/shadow.3%{?ext_man} +%{_mandir}/man5/login.defs.5%{?ext_man} +%{_mandir}/man5/shadow.5%{?ext_man} +%{_mandir}/man8/chpasswd.8%{?ext_man} +%{_mandir}/man8/groupadd.8%{?ext_man} +%{_mandir}/man8/groupdel.8%{?ext_man} +%{_mandir}/man8/groupmod.8%{?ext_man} +%{_mandir}/man8/grpck.8%{?ext_man} +%{_mandir}/man8/lastlog.8%{?ext_man} +%{_mandir}/man8/newusers.8%{?ext_man} +%{_mandir}/man8/pwck.8%{?ext_man} +%{_mandir}/man8/pwconv.8%{?ext_man} +%{_mandir}/man8/pwunconv.8%{?ext_man} +%{_mandir}/man8/useradd.8%{?ext_man} +%{_mandir}/man8/userdel.8%{?ext_man} +%{_mandir}/man8/usermod.8%{?ext_man} +%{_mandir}/man8/vigr.8%{?ext_man} +%{_mandir}/man8/vipw.8%{?ext_man} +%{_mandir}/man5/subuid.5%{?ext_man} +%{_mandir}/man5/subgid.5%{?ext_man} +%{_mandir}/man1/newgidmap.1%{?ext_man} +%{_mandir}/man1/newuidmap.1%{?ext_man} %{_unitdir}/* ++ shadow-login_defs-suse.patch ++ --- /var/tmp/diff_new_pack.WLrSNi/_old 2019-06-12 13:05:28.477204365 +0200 +++
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2019-05-12 11:31:35 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new.5148 (New) Package is "shadow" Sun May 12 11:31:35 2019 rev:30 rq:700977 version:4.6 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2019-01-29 14:40:13.119420021 +0100 +++ /work/SRC/openSUSE:Factory/.shadow.new.5148/shadow.changes 2019-05-12 11:31:37.497558369 +0200 @@ -1,0 +2,24 @@ +Tue Apr 30 22:27:14 CEST 2019 - sbra...@suse.com + +- Split shadow-login_defs.patch hunks to its logical components + (bsc#1121197): + * shadow-login_defs-unused-by-pam.patch + * shadow-login_defs-comments.patch + * shadow-login_defs-util-linux.patch + * shadow-login_defs-suse.patch + * Move appropriate hunks to chkname-regex.patch and +encryption_method_nis.patch + * Remove GROUPADD_CMD that is not supported (bsc#1121197#c14). +- Split getdef-new-defs.patch hunks to its logical components + (bsc#1121197): + * encryption_method_nis.patch + * chkname-regex.patch + * shadow-util-linux.patch +Add support for login: ALWAYS_SET_PATH and LOGIN_PLAIN_PROMPT. + * useradd-script.patch, userdel-script.patch + * Remove duplicated definitions of MOTD_FILE and ENV_PATH. +- Add shadow-login_defs-unused-check.sh to allow verification of + login.defs variable usage (bsc#1121197). +- Add virtual symbols for login.defs compatibility (bsc#1121197). + +--- Old: getdef-new-defs.patch shadow-login_defs.patch New: shadow-login_defs-check.sh shadow-login_defs-comments.patch shadow-login_defs-suse.patch shadow-login_defs-unused-by-pam.patch shadow-util-linux.patch Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.xHoW0R/_old 2019-05-12 11:31:38.837562292 +0200 +++ /var/tmp/diff_new_pack.xHoW0R/_new 2019-05-12 11:31:38.837562292 +0200 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -33,18 +33,37 @@ Source7:shadow.timer Source42: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc Source43: %{name}.keyring -Patch0: shadow-login_defs.patch +# SOURCE-FEATURE-SUSE shadow-login_defs-check.sh sbra...@suse.com -- Supplementary script that verifies coverage of variables in shadow-login_defs-unused-by-pam.patch and other patches. +Source44: shadow-login_defs-check.sh +# PATCH-FIX-SUSE shadow-login_defs-unused-by-pam.patch ku...@suse.com -- Remove variables that have no use with PAM. +Patch0: shadow-login_defs-unused-by-pam.patch +# PATCH-FEATURE-SUSE userdel-script.patch ku...@suse.com -- Add support for USERDEL_PRECMD and USERDEL_POSTCMD. Patch1: userdel-script.patch +# PATCH-FEATURE-SUSE useradd-script.patch ku...@suse.com -- Add support for USERADD_CMD. Patch2: useradd-script.patch +# PATCH-FEATURE-SUSE chkname-regex.patch ku...@suse.com -- Username restriction by regex. Patch3: chkname-regex.patch +# PATCH-FEATURE-SUSE useradd-default.patch ku...@suse.com -- Change useradd defaults group to 1000. Patch4: useradd-default.patch -Patch5: getdef-new-defs.patch +# PATCH-FEATURE-SUSE shadow-util-linux.patch sbra...@suse.com -- Add support for util-linux specific variables, delete shadow login, su runuser specific. +Patch5: shadow-util-linux.patch +# PATCH-FEATURE-FEDORA shadow-4.1.5.1-userdel-helpfix.patch christian.brau...@mailbox.org -- Give a hint about what happens when you force the removal of a user. Patch6: shadow-4.1.5.1-userdel-helpfix.patch +# PATCH-FIX-FEDORA shadow-4.1.5.1-userdel-helpfix.patch ku...@suse.com -- Fix error message. Patch7: shadow-4.1.5.1-logmsg.patch +# PATCH-FEATURE-SUSE encryption_method_nis.patch ku...@suse.com -- Add support for ENCRYPT_METHOD_NIS used by SUSE patch in pam (pam_unix). Patch10:encryption_method_nis.patch +# PATCH-FIX-SUSE useradd-mkdirs.patch bnc865563 tbehr...@suse.com -- Create all parts of the path. Patch11:useradd-mkdirs.patch +# PATCH-FIX-SUSE shadow-4.6.0-fix-usermod-prefix-crash.patch https://github.com/shadow-maint/shadow/issues/110 mvet...@suse.com -- Fixes crash in usermod when called with --prefix. Patch12:shadow-4.6.0-fix-usermod-prefix-crash.patch +# PATCH-FEATURE-SUSE shadow-login_defs-comments.patch ku...@suse.com -- Adjust login.defs comments.
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2019-01-29 14:40:11 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new.28833 (New) Package is "shadow" Tue Jan 29 14:40:11 2019 rev:29 rq:668288 version:4.6 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2018-11-12 09:48:13.448573231 +0100 +++ /work/SRC/openSUSE:Factory/.shadow.new.28833/shadow.changes 2019-01-29 14:40:13.119420021 +0100 @@ -1,0 +2,6 @@ +Wed Jan 23 09:35:01 UTC 2019 - adam.ma...@suse.de + +- btrfs-subvolumes.patch: implement support for creating user home + directories on btrfs subvolumes (fate#316134) + +--- @@ -28 +34 @@ - Additionally changed in that patch: + Additionally changed in that patch (bsc#1106914): New: btrfs-subvolumes.patch Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.31ONqj/_old 2019-01-29 14:40:14.199418706 +0100 +++ /var/tmp/diff_new_pack.31ONqj/_new 2019-01-29 14:40:14.199418706 +0100 @@ -1,7 +1,7 @@ # # spec file for package shadow # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # @@ -45,11 +45,15 @@ Patch11:useradd-mkdirs.patch Patch12:shadow-4.6.0-fix-usermod-prefix-crash.patch Patch20:disable_new_audit_function.patch +Patch21:btrfs-subvolumes.patch BuildRequires: audit-devel > 2.3 +BuildRequires: autoconf +BuildRequires: automake BuildRequires: libacl-devel BuildRequires: libattr-devel BuildRequires: libselinux-devel BuildRequires: libsemanage-devel +BuildRequires: libtool BuildRequires: pam-devel BuildRequires: xz Requires(pre): group(root) @@ -80,6 +84,7 @@ %if 0%{?suse_version} < 1330 %patch20 -p1 %endif +%patch21 -p1 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 mv -v doc/HOWTO.utf8 doc/HOWTO @@ -88,6 +93,7 @@ export CFLAGS="%{optflags} -fpie" export LDFLAGS="-pie" +autoreconf -fvi %configure \ --disable-shadowgrp \ --enable-account-tools-setuid \ ++ btrfs-subvolumes.patch ++ commit 52ea836ffbfa4d6797cf89d6ada58f76bee9cf6b Author: Adam Majer Date: Wed Jan 23 16:17:05 2019 +0100 Add autotools support for BtrFS option Feature is enabled by default, if headers are available. It can be turned off explictly. commit 81ead2042afcdb8d423da855cf1528618a4e0c01 Author: Adam Majer Date: Mon Jan 21 09:32:36 2019 +0100 Add support for btrfs subvolumes for user homes new switch added to useradd command, --btrfs-subvolume-home. When specified *and* the filesystem is detected as btrfs, it will create a subvolume for user's home instead of a plain directory. This is done via `btrfs subvolume` command. Specifying the new switch while trying to create home on non-btrfs will result in an error. userdel -r will handle and remove this subvolume transparently via `btrfs subvolume` command. Previosuly this failed as you can't rmdir a subvolume. usermod, when moving user's home across devices, will detect if the home is a subvolume and issue an error messages instead of copying it. Moving user's home (as subvolume) on same btrfs works transparently. --- a/configure.ac +++ b/configure.ac @@ -256,6 +256,9 @@ AC_ARG_WITH(audit, AC_ARG_WITH(libpam, [AC_HELP_STRING([--with-libpam], [use libpam for PAM support @<:@default=yes if found@:>@])], [with_libpam=$withval], [with_libpam=maybe]) +AC_ARG_WITH(btrfs, + [AC_HELP_STRING([--with-btrfs], [add BtrFS support @<:@default=yes if found@:>@])], + [with_selinux=$withval], [with_selinux=maybe]) AC_ARG_WITH(selinux, [AC_HELP_STRING([--with-selinux], [use SELinux support @<:@default=yes if found@:>@])], [with_selinux=$withval], [with_selinux=maybe]) @@ -453,6 +456,20 @@ if test "$with_libcrack" = "yes"; then AC_DEFINE(HAVE_LIBCRACK_PW, 1, [Defined if it includes *Pw functions.])) fi +if test "$with_btrfs" != "no"; then + AC_CHECK_HEADERS([sys/statfs.h linux/magic.h linux/btrfs_tree.h], \ + [btrfs_headers="yes"], [btrfs_headers="no"]) + if test
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2018-11-12 09:48:07 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is "shadow" Mon Nov 12 09:48:07 2018 rev:28 rq:646047 version:4.6 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2018-05-22 16:57:55.489039806 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2018-11-12 09:48:13.448573231 +0100 @@ -1,0 +2,7 @@ +Wed Oct 31 14:17:29 UTC 2018 - Valentin Rothberg + +- Add empty /etc/sub{u,g}id files. useradd and usermod add entries for users + only when those files exist. Having those entries is a requirement to create + user namespaces, for instance, when running podman as a non-root user. + +--- Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.8xiFjl/_old 2018-11-12 09:48:14.452571716 +0100 +++ /var/tmp/diff_new_pack.8xiFjl/_new 2018-11-12 09:48:14.456571710 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -20,7 +20,7 @@ Version:4.6 Release:0 Summary:Utilities to Manage User and Group Accounts -License:BSD-3-Clause AND GPL-2.0+ +License:BSD-3-Clause AND GPL-2.0-or-later Group: System/Base Url:https://github.com/shadow-maint/shadow Source: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz @@ -114,6 +114,10 @@ install -Dm644 %{SOURCE6} %{buildroot}%{_unitdir}/shadow.service install -Dm644 %{SOURCE7} %{buildroot}%{_unitdir}/shadow.timer +# add empty /etc/sub{u,g}id files +touch %{buildroot}/%{_sysconfdir}/subuid +touch %{buildroot}/%{_sysconfdir}/subgid + # Remove binaries we don't use. rm %{buildroot}/%{_bindir}/groups rm %{buildroot}/%{_mandir}/man1/groups.* @@ -210,6 +214,8 @@ %doc NEWS doc/HOWTO README README.changes-pwdutils %attr(0644,root,root) %config %{_sysconfdir}/login.defs %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/default/useradd +%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subuid +%verify(not md5 size mtime) %config(noreplace) %{_sysconfdir}/subgid %config %{_sysconfdir}/pam.d/chage %config %{_sysconfdir}/pam.d/chfn %config %{_sysconfdir}/pam.d/chsh
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2018-05-22 16:57:52 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is "shadow" Tue May 22 16:57:52 2018 rev:27 rq:609804 version:4.6 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2018-02-28 19:55:38.839344797 +0100 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2018-05-22 16:57:55.489039806 +0200 @@ -1,0 +2,27 @@ +Mon May 14 12:45:42 UTC 2018 - mvet...@suse.com + +- Update to 4.6: + * Newgrp: avoid unnecessary lookups + * Make language less binary + * Add error when turning off man switch + * Spelling fixes + * Make userdel work with -R + * newgidmap: enforce setgroups=deny if self-mapping a group + * Norwegian bokmål translation + * pwck: prevent crash by not passing O_CREAT + * WITH_TCB fixes from Mandriva + * Fix pwconv and grpconv entry skips + * Fix -- slurping in su + * add --prefix option +- Remove CVE-2018-7169.patch: upstreamed +- Remove shadow-4.1.5.1-pam_group.patch: upstreamed +- Update userdel-script.patch: change due to prefix +- Update useradd-mkdirs.patch: change due to prefix + Additionally changed in that patch: + * Test for strdup() failure + * Directory to 0755 instead 0777 +- Add shadow-4.6.0-fix-usermod-prefix-crash.patch: + Fixes crash in usermod when called with --prefix. + See https://github.com/shadow-maint/shadow/issues/110 + +--- Old: CVE-2018-7169.patch shadow-4.1.5.1-pam_group.patch shadow-4.5.tar.xz shadow-4.5.tar.xz.asc New: shadow-4.6.0-fix-usermod-prefix-crash.patch shadow-4.6.tar.xz shadow-4.6.tar.xz.asc Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.Z9j8NU/_old 2018-05-22 16:57:56.289010701 +0200 +++ /var/tmp/diff_new_pack.Z9j8NU/_new 2018-05-22 16:57:56.289010701 +0200 @@ -17,7 +17,7 @@ Name: shadow -Version:4.5 +Version:4.6 Release:0 Summary:Utilities to Manage User and Group Accounts License:BSD-3-Clause AND GPL-2.0+ @@ -43,9 +43,8 @@ Patch7: shadow-4.1.5.1-logmsg.patch Patch10:encryption_method_nis.patch Patch11:useradd-mkdirs.patch -Patch18:shadow-4.1.5.1-pam_group.patch +Patch12:shadow-4.6.0-fix-usermod-prefix-crash.patch Patch20:disable_new_audit_function.patch -Patch21:CVE-2018-7169.patch BuildRequires: audit-devel > 2.3 BuildRequires: libacl-devel BuildRequires: libattr-devel @@ -68,7 +67,7 @@ %prep %setup -q -a 1 %patch0 -%patch1 +%patch1 -p1 %patch2 %patch3 %patch4 @@ -76,11 +75,10 @@ %patch6 %patch7 %patch10 -%patch11 -%patch18 -p1 +%patch11 -p1 +%patch12 -p1 %if 0%{?suse_version} < 1330 %patch20 -p1 -%patch21 -p1 %endif iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 ++ shadow-4.6.0-fix-usermod-prefix-crash.patch ++ Bug: https://github.com/shadow-maint/shadow/issues/110 Containing following two fixes. >From 73a876a05612c278da747faeaeea40c3b8d34a53 Mon Sep 17 00:00:00 2001 From: farioucheDate: Tue, 8 May 2018 21:17:46 -0500 Subject: [PATCH 1/2] Fix usermod crash Return newly allocated pointers when the caller will free them. Closes #110 --- libmisc/prefix_flag.c | 2 +- src/usermod.c | 10 ++ 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/libmisc/prefix_flag.c b/libmisc/prefix_flag.c index 6581235e..8ceffd26 100644 --- a/libmisc/prefix_flag.c +++ b/libmisc/prefix_flag.c @@ -333,7 +333,7 @@ extern struct group *prefix_getgr_nam_gid(const char *grname) && (gid == (gid_t)gid)) { return prefix_getgrgid ((gid_t) gid); } - return prefix_getgrnam (grname); + return __gr_dup(prefix_getgrnam (grname)); } else return getgr_nam_gid(grname); diff --git a/src/usermod.c b/src/usermod.c index e571426f..7355ad31 100644 --- a/src/usermod.c +++ b/src/usermod.c @@ -1251,11 +1251,13 @@ static void process_flags (int argc, char **argv) prefix_user_home = xmalloc(len); wlen = snprintf(prefix_user_home, len, "%s/%s", prefix, user_home); assert (wlen == (int) len -1); + if (user_newhome) { + len = strlen(prefix) + strlen(user_newhome) + 2; + prefix_user_newhome = xmalloc(len); + wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome); + assert (wlen == (int) len -1); + } - len =
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2018-02-28 19:55:35 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is "shadow" Wed Feb 28 19:55:35 2018 rev:26 rq:580162 version:4.5 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2018-02-23 15:27:35.819293857 +0100 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2018-02-28 19:55:38.839344797 +0100 @@ -1,0 +2,5 @@ +Thu Feb 22 15:10:45 UTC 2018 - fv...@suse.com + +- Use %license (boo#1082318) + +--- Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.GUkIIU/_old 2018-02-28 19:55:41.043265045 +0100 +++ /var/tmp/diff_new_pack.GUkIIU/_new 2018-02-28 19:55:41.051264756 +0100 @@ -208,6 +208,7 @@ %service_del_postun shadow.service shadow.timer %files -f shadow.lang +%license COPYING %doc NEWS doc/HOWTO README README.changes-pwdutils %attr(0644,root,root) %config %{_sysconfdir}/login.defs %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/default/useradd
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2018-02-23 15:27:34 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is "shadow" Fri Feb 23 15:27:34 2018 rev:25 rq:577204 version:4.5 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2017-11-15 16:49:02.971270535 +0100 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2018-02-23 15:27:35.819293857 +0100 @@ -1,0 +2,7 @@ +Fri Feb 16 08:39:08 UTC 2018 - kbabi...@suse.com + +- Added CVE-2018-7169.patch: Fixed an privilege escalation in newgidmap, + which allowed an unprivileged user to be placed in a user namespace where + setgroups(2) is allowed. (CVE-2018-7169 bsc#1081294) + +--- New: CVE-2018-7169.patch Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.O2TiMy/_old 2018-02-23 15:27:37.095247760 +0100 +++ /var/tmp/diff_new_pack.O2TiMy/_new 2018-02-23 15:27:37.099247615 +0100 @@ -1,7 +1,7 @@ # # spec file for package shadow # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -45,6 +45,7 @@ Patch11:useradd-mkdirs.patch Patch18:shadow-4.1.5.1-pam_group.patch Patch20:disable_new_audit_function.patch +Patch21:CVE-2018-7169.patch BuildRequires: audit-devel > 2.3 BuildRequires: libacl-devel BuildRequires: libattr-devel @@ -79,6 +80,7 @@ %patch18 -p1 %if 0%{?suse_version} < 1330 %patch20 -p1 +%patch21 -p1 %endif iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 ++ CVE-2018-7169.patch ++ >From fb28c99b8a66ff2605c5cb96abc0a4d975f92de0 Mon Sep 17 00:00:00 2001 From: Aleksa SaraiDate: Thu, 15 Feb 2018 23:49:40 +1100 Subject: [PATCH] newgidmap: enforce setgroups=deny if self-mapping a group This is necessary to match the kernel-side policy of "self-mapping in a user namespace is fine, but you cannot drop groups" -- a policy that was created in order to stop user namespaces from allowing trivial privilege escalation by dropping supplementary groups that were "blacklisted" from certain paths. This is the simplest fix for the underlying issue, and effectively makes it so that unless a user has a valid mapping set in /etc/subgid (which only administrators can modify) -- and they are currently trying to use that mapping -- then /proc/$pid/setgroups will be set to deny. This workaround is only partial, because ideally it should be possible to set an "allow_setgroups" or "deny_setgroups" flag in /etc/subgid to allow administrators to further restrict newgidmap(1). We also don't write anything in the "allow" case because "allow" is the default, and users may have already written "deny" even if they technically are allowed to use setgroups. And we don't write anything if the setgroups policy is already "deny". Ref: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357 Fixes: CVE-2018-7169 Reported-by: Craig Furman Signed-off-by: Aleksa Sarai --- src/newgidmap.c | 89 +++-- 1 file changed, 80 insertions(+), 9 deletions(-) diff --git a/src/newgidmap.c b/src/newgidmap.c index b1e33513..59a2e75c 100644 --- a/src/newgidmap.c +++ b/src/newgidmap.c @@ -46,32 +46,37 @@ */ const char *Prog; -static bool verify_range(struct passwd *pw, struct map_range *range) + +static bool verify_range(struct passwd *pw, struct map_range *range, bool *allow_setgroups) { /* An empty range is invalid */ if (range->count == 0) return false; - /* Test /etc/subgid */ - if (have_sub_gids(pw->pw_name, range->lower, range->count)) + /* Test /etc/subgid. If the mapping is valid then we allow setgroups. */ + if (have_sub_gids(pw->pw_name, range->lower, range->count)) { + *allow_setgroups = true; return true; + } - /* Allow a process to map its own gid */ - if ((range->count == 1) && (pw->pw_gid == range->lower)) + /* Allow a process to map its own gid. */ + if ((range->count == 1) && (pw->pw_gid == range->lower)) { + /* noop -- if setgroups is enabled already we won't disable it. */ return true; + } return false; } static void verify_ranges(struct passwd *pw, int ranges, - struct map_range *mappings) + struct map_range
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2017-11-15 16:49:00 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is "shadow" Wed Nov 15 16:49:00 2017 rev:24 rq:539856 version:4.5 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2017-10-25 17:47:34.183278867 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2017-11-15 16:49:02.971270535 +0100 @@ -1,0 +2,7 @@ +Wed Nov 8 12:39:12 UTC 2017 - mvet...@suse.com + +- bsc#1061838: + Revert: Requires: group(mail) + Introduced circular dependency + +--- Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.fdQLmy/_old 2017-11-15 16:49:03.971233894 +0100 +++ /var/tmp/diff_new_pack.fdQLmy/_new 2017-11-15 16:49:03.975233748 +0100 @@ -52,7 +52,6 @@ BuildRequires: libsemanage-devel BuildRequires: pam-devel BuildRequires: xz -Requires: group(mail) Requires(pre): group(root) Requires(pre): group(shadow) Requires(pre): user(root)
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2017-10-25 17:47:32 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is "shadow" Wed Oct 25 17:47:32 2017 rev:23 rq:536398 version:4.5 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2017-10-20 16:13:23.714664472 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2017-10-25 17:47:34.183278867 +0200 @@ -4,0 +5 @@ + Use PreReq for permissions Other differences: --
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2017-10-20 16:13:22 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is "shadow" Fri Oct 20 16:13:22 2017 rev:22 rq:534237 version:4.5 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2017-09-15 21:02:51.454864597 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2017-10-20 16:13:23.714664472 +0200 @@ -1,0 +2,16 @@ +Fri Oct 13 15:44:28 UTC 2017 - adam.ma...@suse.de + +- Revert accidentalied prerequisites. + +--- +Thu Oct 12 08:59:28 UTC 2017 - sch...@suse.de + +- Prequire group(shadow), group(root), user(root) + +--- +Mon Oct 9 11:53:44 UTC 2017 - mvet...@suse.com + +- bsc#1061838: + Add Requires for group(mail) + +--- Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.PYZnUQ/_old 2017-10-20 16:13:24.410631961 +0200 +++ /var/tmp/diff_new_pack.PYZnUQ/_new 2017-10-20 16:13:24.414631774 +0200 @@ -52,8 +52,10 @@ BuildRequires: libsemanage-devel BuildRequires: pam-devel BuildRequires: xz -Requires: group(root) -Requires: user(root) +Requires: group(mail) +Requires(pre): group(root) +Requires(pre): group(shadow) +Requires(pre): user(root) PreReq: permissions Provides: pwdutils = 3.2.20 Obsoletes: pwdutils <= 3.2.19
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2017-09-15 21:02:48 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is "shadow" Fri Sep 15 21:02:48 2017 rev:21 rq:526022 version:4.5 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2017-06-23 09:13:28.487891829 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2017-09-15 21:02:51.454864597 +0200 @@ -1,0 +2,23 @@ +Thu Sep 14 08:18:27 UTC 2017 - mvet...@suse.com + +- boo#1048645: + Set suid bit for newuidmap and newgimap + +--- +Thu Sep 14 08:17:08 UTC 2017 - mvet...@suse.com + +- Revert the changes for bsc#1023895 back + Pulls in too many deps into ring0. + Next version of shadow plans to have no conditional man pages. + +--- +Fri Sep 8 11:41:13 UTC 2017 - mvet...@suse.com + +- run spec-cleaner +- bsc#1023895: + man page contained invalid options because they depend + on compile flags and we shipped pre built ones. + New BuildRequires: docbook-xsl-stylesheets docbook_4 xml2po + xsltproc + +--- Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.i3cxfK/_old 2017-09-15 21:02:52.682692241 +0200 +++ /var/tmp/diff_new_pack.i3cxfK/_new 2017-09-15 21:02:52.682692241 +0200 @@ -16,16 +16,14 @@ # -Summary:Utilities to Manage User and Group Accounts -License:BSD-3-Clause and GPL-2.0+ -Group: System/Base Name: shadow Version:4.5 Release:0 +Summary:Utilities to Manage User and Group Accounts +License:BSD-3-Clause AND GPL-2.0+ +Group: System/Base Url:https://github.com/shadow-maint/shadow Source: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz -Source42: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc -Source43: %name.keyring Source1:pamd.tar.bz2 Source2:README.changes-pwdutils Source3:useradd.local @@ -33,7 +31,9 @@ Source5:userdel-post.local Source6:shadow.service Source7:shadow.timer -Patch: shadow-login_defs.patch +Source42: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc +Source43: %{name}.keyring +Patch0: shadow-login_defs.patch Patch1: userdel-script.patch Patch2: useradd-script.patch Patch3: chkname-regex.patch @@ -45,9 +45,6 @@ Patch11:useradd-mkdirs.patch Patch18:shadow-4.1.5.1-pam_group.patch Patch20:disable_new_audit_function.patch - -Requires: group(root) -Requires: user(root) BuildRequires: audit-devel > 2.3 BuildRequires: libacl-devel BuildRequires: libattr-devel @@ -55,7 +52,8 @@ BuildRequires: libsemanage-devel BuildRequires: pam-devel BuildRequires: xz -BuildRoot: %{_tmppath}/%{name}-%{version}-build +Requires: group(root) +Requires: user(root) PreReq: permissions Provides: pwdutils = 3.2.20 Obsoletes: pwdutils <= 3.2.19 @@ -67,16 +65,16 @@ %prep %setup -q -a 1 -%patch -p0 -%patch1 -p0 -%patch2 -p0 -%patch3 -p0 -%patch4 -p0 -%patch5 -p0 -%patch6 -p0 -%patch7 -p0 -%patch10 -p0 -%patch11 -p0 +%patch0 +%patch1 +%patch2 +%patch3 +%patch4 +%patch5 +%patch6 +%patch7 +%patch10 +%patch11 %patch18 -p1 %if 0%{?suse_version} < 1330 %patch20 -p1 @@ -86,7 +84,7 @@ mv -v doc/HOWTO.utf8 doc/HOWTO %build -export CFLAGS="$RPM_OPT_FLAGS -fpie" +export CFLAGS="%{optflags} -fpie" export LDFLAGS="-pie" %configure \ @@ -105,103 +103,100 @@ make %install -cp %SOURCE2 . -make install DESTDIR=$RPM_BUILD_ROOT gnulocaledir=$RPM_BUILD_ROOT/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs +cp %{SOURCE2} . +make install DESTDIR=%{buildroot} gnulocaledir=%{buildroot}/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs # install useradd.local, userdel.local, ... -install -m 0755 %SOURCE3 $RPM_BUILD_ROOT/%{_sbindir}/ -install -m 0755 %SOURCE4 $RPM_BUILD_ROOT/%{_sbindir}/ -install -m 0755 %SOURCE5 $RPM_BUILD_ROOT/%{_sbindir}/ -install -Dm644 %{S:6} %{buildroot}%{_unitdir}/shadow.service -install -Dm644 %{S:7} %{buildroot}%{_unitdir}/shadow.timer +install -m 0755 %{SOURCE3} %{buildroot}/%{_sbindir}/ +install -m 0755 %{SOURCE4} %{buildroot}/%{_sbindir}/ +install -m 0755 %{SOURCE5} %{buildroot}/%{_sbindir}/ +install -Dm644 %{SOURCE6} %{buildroot}%{_unitdir}/shadow.service +install
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2017-06-23 09:13:27 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is "shadow" Fri Jun 23 09:13:27 2017 rev:20 rq:502707 version:4.5 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2017-06-02 10:29:47.441930336 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2017-06-23 09:13:28.487891829 +0200 @@ -1,0 +2,5 @@ +Thu Jun 8 17:00:57 CEST 2017 - ku...@suse.de + +- Adjust requires (we need user/group root instead of aaa_base now) + +--- Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.fFAily/_old 2017-06-23 09:13:29.575738124 +0200 +++ /var/tmp/diff_new_pack.fFAily/_new 2017-06-23 09:13:29.579737559 +0200 @@ -46,7 +46,8 @@ Patch18:shadow-4.1.5.1-pam_group.patch Patch20:disable_new_audit_function.patch -Requires: aaa_base +Requires: group(root) +Requires: user(root) BuildRequires: audit-devel > 2.3 BuildRequires: libacl-devel BuildRequires: libattr-devel
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2017-06-02 10:29:42 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is "shadow" Fri Jun 2 10:29:42 2017 rev:19 rq:497756 version:4.5 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2017-03-05 17:48:34.322870500 +0100 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2017-06-02 10:29:47.441930336 +0200 @@ -1,0 +2,26 @@ +Mon May 22 13:31:25 UTC 2017 - adam.ma...@suse.de + +- New upstream version 4.5 +- Refreshed patches: + * shadow-login_defs.patch + * chkname-regex.patch + * getdef-new-defs.patch + * useradd-mkdirs.patch +- Upstreamed patches: + * shadow-4.1.5.1-manfix.patch + * shadow-4.1.5.1-errmsg.patch + * shadow-4.1.5.1-backup-mode.patch + * shadow-4.1.5.1-audit-owner.patch + * shadow-4.2.1-defs-chroot.patch + * shadow-4.2.1-merge-group.patch + * Fix-user-busy-errors-at-userdel.patch + * useradd-clear-tallylog.patch +- shadow-4.1.5.1-pam_group.patch + dynamically added users via pam_group are not listed in groups + databases but are still valid +- shadow.keyring: update keyring with current maintainer's keyid + only - Serge Hallyn 'F1D08DB778185BF784002DFFE9FEEA06A85E3F9D' +- disable_new_audit_function.patch: + Disable newer libaudit functionality for older distributions + +--- Old: Fix-user-busy-errors-at-userdel.patch shadow-4.1.5.1-audit-owner.patch shadow-4.1.5.1-backup-mode.patch shadow-4.1.5.1-errmsg.patch shadow-4.1.5.1-manfix.patch shadow-4.2.1-defs-chroot.patch shadow-4.2.1-merge-group.patch shadow-4.2.1.tar.xz shadow-4.2.1.tar.xz.sig useradd-clear-tallylog.patch New: disable_new_audit_function.patch shadow-4.1.5.1-pam_group.patch shadow-4.5.tar.xz shadow-4.5.tar.xz.asc Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.hlWUo4/_old 2017-06-02 10:29:48.369799229 +0200 +++ /var/tmp/diff_new_pack.hlWUo4/_new 2017-06-02 10:29:48.373798663 +0200 @@ -1,7 +1,7 @@ # # spec file for package shadow # -# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,11 +20,11 @@ License:BSD-3-Clause and GPL-2.0+ Group: System/Base Name: shadow -Version:4.2.1 +Version:4.5 Release:0 -Url:http://pkg-shadow.alioth.debian.org/ -Source: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz -Source42: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz.sig +Url:https://github.com/shadow-maint/shadow +Source: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz +Source42: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc Source43: %name.keyring Source1:pamd.tar.bz2 Source2:README.changes-pwdutils @@ -39,26 +39,21 @@ Patch3: chkname-regex.patch Patch4: useradd-default.patch Patch5: getdef-new-defs.patch -Patch6: shadow-4.1.5.1-manfix.patch +Patch6: shadow-4.1.5.1-userdel-helpfix.patch Patch7: shadow-4.1.5.1-logmsg.patch -Patch8: shadow-4.1.5.1-errmsg.patch -Patch9: shadow-4.1.5.1-backup-mode.patch Patch10:encryption_method_nis.patch Patch11:useradd-mkdirs.patch -Patch12:shadow-4.1.5.1-audit-owner.patch -Patch13:shadow-4.1.5.1-userdel-helpfix.patch -Patch14:shadow-4.2.1-defs-chroot.patch -Patch15:shadow-4.2.1-merge-group.patch -Patch16:Fix-user-busy-errors-at-userdel.patch -Patch17:useradd-clear-tallylog.patch +Patch18:shadow-4.1.5.1-pam_group.patch +Patch20:disable_new_audit_function.patch Requires: aaa_base -BuildRequires: audit-devel +BuildRequires: audit-devel > 2.3 BuildRequires: libacl-devel BuildRequires: libattr-devel BuildRequires: libselinux-devel BuildRequires: libsemanage-devel BuildRequires: pam-devel +BuildRequires: xz BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: permissions Provides: pwdutils = 3.2.20 @@ -79,16 +74,12 @@ %patch5 -p0 %patch6 -p0 %patch7 -p0 -%patch8 -p0 -%patch9 -p0 %patch10 -p0 %patch11 -p0 -%patch12 -p0 -%patch13 -p0 -%patch14 -p0 -%patch15 -p0 -%patch16 -p0 -%patch17 -p1 +%patch18 -p1 +%if 0%{?suse_version} < 1330
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2017-03-05 17:48:33 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is "shadow" Sun Mar 5 17:48:33 2017 rev:18 rq:459646 version:4.2.1 Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2016-11-04 20:49:39.0 +0100 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2017-03-05 17:48:34.322870500 +0100 @@ -1,0 +2,7 @@ +Mon Feb 20 07:28:24 UTC 2017 - josef.moell...@suse.com + +- useradd: call external program "/sbin/pam_tally2" to reset + failed login counter in "/var/log/tallylog" + (bsc#980486, useradd-clear-tallylog.patch) + +--- New: useradd-clear-tallylog.patch Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.ZX47is/_old 2017-03-05 17:48:35.166751061 +0100 +++ /var/tmp/diff_new_pack.ZX47is/_new 2017-03-05 17:48:35.170750495 +0100 @@ -1,7 +1,7 @@ # # spec file for package shadow # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -50,6 +50,8 @@ Patch14:shadow-4.2.1-defs-chroot.patch Patch15:shadow-4.2.1-merge-group.patch Patch16:Fix-user-busy-errors-at-userdel.patch +Patch17:useradd-clear-tallylog.patch + Requires: aaa_base BuildRequires: audit-devel BuildRequires: libacl-devel @@ -86,6 +88,7 @@ %patch14 -p0 %patch15 -p0 %patch16 -p0 +%patch17 -p1 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 mv -v doc/HOWTO.utf8 doc/HOWTO ++ useradd-clear-tallylog.patch ++ Index: shadow-4.2.1/src/useradd.c === --- shadow-4.2.1.orig/src/useradd.c +++ shadow-4.2.1/src/useradd.c @@ -51,7 +51,9 @@ #include #include #include +#include #include +#include #include "chkname.h" #include "defines.h" #include "faillog.h" @@ -213,6 +215,7 @@ static void open_files (void); static void open_shadow (void); static void faillog_reset (uid_t); static void lastlog_reset (uid_t); +static void tallylog_reset (char *); static void usr_update (void); static void create_home (void); static void create_mail (void); @@ -1789,6 +1792,52 @@ static void lastlog_reset (uid_t uid) } } +static void tallylog_reset (char *user_name) +{ + static const char pam_tally2[] = "/sbin/pam_tally2"; + const char *pname; + pid_t childpid; + int failed; + int status; + + if (access(pam_tally2, X_OK) == -1) + return; + + failed = 0; + switch (childpid = fork()) + { + case -1: /* error */ + failed = 1; + break; + case 0: /* child */ + pname = strrchr(pam_tally2, '/'); + if (pname == NULL) + pname = pam_tally2; + else + pname++;/* Skip the '/' */ + execl(pam_tally2, pname, "--user", user_name, "--reset", "--quiet", NULL); + /* If we come here, something has gone terribly wrong */ + perror(pam_tally2); + exit(42); /* don't continue, we now have 2 processe running! */ + /* NOTREACHED */ + break; + default: /* parent */ + if (waitpid(childpid, , 0) == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) + failed = 3; + break; + } + + if (failed) + { + fprintf (stderr, +_("%s: failed to reset the tallylog entry of user \"%s\"\n"), +Prog, user_name); + SYSLOG ((LOG_WARN, "failed to reset the tallylog entry of user \"%s\"", user_name)); + } + + return; +} + /* * usr_update - create the user entries * @@ -2286,6 +2335,15 @@ int main (int argc, char **argv) close_files (); + /* +* tallylog_reset needs to be able to lookup +* a valid existing user name, +* so we canot call it before close_files() +*/ + if ((!lflg) && (getpwuid (user_id) != NULL)) { + tallylog_reset (user_name); + } + #ifdef WITH_SELINUX if (Zflg) { if (set_seuser (user_name, user_selinux) != 0) {
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2016-11-04 20:49:38 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is "shadow" Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2016-10-23 12:49:52.0 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2016-11-04 20:49:39.0 +0100 @@ -1,0 +2,5 @@ +Wed Nov 2 07:41:51 UTC 2016 - meiss...@suse.com + +- add keyring, three public keys from https://pkg-shadow.alioth.debian.org/download.php + +--- New: shadow-4.2.1.tar.xz.sig shadow.keyring Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.YjAUzN/_old 2016-11-04 20:49:40.0 +0100 +++ /var/tmp/diff_new_pack.YjAUzN/_new 2016-11-04 20:49:40.0 +0100 @@ -24,6 +24,8 @@ Release:0 Url:http://pkg-shadow.alioth.debian.org/ Source: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz +Source42: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz.sig +Source43: %name.keyring Source1:pamd.tar.bz2 Source2:README.changes-pwdutils Source3:useradd.local
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2016-10-23 12:49:51 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is "shadow" Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2016-09-17 14:32:43.0 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2016-10-23 12:49:52.0 +0200 @@ -1,0 +2,6 @@ +Tue Oct 18 15:55:43 UTC 2016 - mvet...@suse.com + +- bsc#1002975: Use permissions according to permissions package + and dont try to manipulate them in %files section. + +--- Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.kCFncw/_old 2016-10-23 12:49:53.0 +0200 +++ /var/tmp/diff_new_pack.kCFncw/_new 2016-10-23 12:49:53.0 +0200 @@ -230,16 +230,16 @@ %config /etc/pam.d/useradd %config /etc/pam.d/userdel %config /etc/pam.d/usermod -%attr(4755,root,shadow) %{_bindir}/chage -%attr(4755,root,shadow) %{_bindir}/chfn -%attr(4755,root,shadow) %{_bindir}/chsh -%attr(4755,root,shadow) %{_bindir}/expiry -%attr(4755,root,shadow) %{_bindir}/gpasswd +%verify(not mode) %attr(2755,root,shadow) %{_bindir}/chage +%verify(not mode) %attr(4755,root,shadow) %{_bindir}/chfn +%verify(not mode) %attr(4755,root,shadow) %{_bindir}/chsh +%verify(not mode) %attr(4755,root,shadow) %{_bindir}/expiry +%verify(not mode) %attr(4755,root,shadow) %{_bindir}/gpasswd +%verify(not mode) %attr(4755,root,root) %{_bindir}/newgrp +%verify(not mode) %attr(4755,root,shadow) %{_bindir}/passwd +%verify(not mode) %attr(0755,root,shadow) %{_bindir}/newgidmap +%verify(not mode) %attr(0755,root,shadow) %{_bindir}/newuidmap %{_bindir}/lastlog -%attr(4755,root,root) %{_bindir}/newgrp -%attr(4755,root,shadow) %{_bindir}/passwd -%attr(0755,root,shadow) %{_bindir}/newgidmap -%attr(0755,root,shadow) %{_bindir}/newuidmap %{_bindir}/sg %{_sbindir}/groupadd %{_sbindir}/groupdel
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2016-09-17 14:32:42 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is "shadow" Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2016-07-03 12:18:22.0 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2016-09-17 14:32:43.0 +0200 @@ -1,0 +2,7 @@ +Wed Sep 14 07:46:33 UTC 2016 - mvet...@suse.com + +- boo#994486: Include shadow.5 manpage + Previously this was provided by man-pages package in + the man-pages-addons tarball which got removed later on. + +--- Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.CCOTTG/_old 2016-09-17 14:32:44.0 +0200 +++ /var/tmp/diff_new_pack.CCOTTG/_new 2016-09-17 14:32:44.0 +0200 @@ -171,8 +171,6 @@ rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/gshadow.5* rm $RPM_BUILD_ROOT/%{_mandir}/man5/passwd.5* rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/passwd.5* -rm $RPM_BUILD_ROOT/%{_mandir}/man5/shadow.5* -rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/shadow.5* rm -rf $RPM_BUILD_ROOT%{_mandir}/{??,??_??} @@ -270,6 +268,7 @@ %{_mandir}/man1/sg.1* %{_mandir}/man3/shadow.3* %{_mandir}/man5/login.defs.5* +%{_mandir}/man5/shadow.5* %{_mandir}/man8/chpasswd.8* %{_mandir}/man8/groupadd.8* %{_mandir}/man8/groupdel.8*
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2016-07-03 12:18:20 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is "shadow" Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2016-01-26 10:14:18.0 +0100 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2016-07-03 12:18:22.0 +0200 @@ -1,0 +2,46 @@ +Tue May 31 06:48:41 UTC 2016 - mvet...@suse.com + +- Add package dependency for aaa_base, fixing bnc#899409 + (was done by tbehr...@suse.com but not submitted to Factory) + +--- +Mon May 30 09:41:55 UTC 2016 - mvet...@suse.com + +- shadow 4.2.1 requested by fate#320422 +- bsc#979069: Dont include shadow-4.1.5.1-bug935203-manpage.patch +- Dont set SUID bit yet. Once bsc#979282 is through, which will adapt the permissions package, we can enable the SUID bits. + Remove the files used to circumvent the check. +- Remove: +* shadow-rpmlintrc +* shadow-subids +* shadow-subids.easy +* shadow-subids.secure +* shadow-subids.paranoid + +--- +Thu May 19 12:28:47 UTC 2016 - christian.brau...@mailbox.org + +- Update to shadow-4.2.1: + - add support for subuids/subgids via newuidmap/newgidmap +- Rename chkname-regex.diff to chkname-regex.patch +- Rename encryption_method_nis.diff to encryption_method_nis.patch +- Rename getdef-new-defs.diff to getdef-new-defs.patch +- Rename shadow-login_defs.diff to shadow-login_defs.patch +- Rename userdel-scripts.diff to userdel-script.patch +- Rename useradd-script.diff to useradd-script.patch +- Rename useradd-default.diff to useradd-default.patch +- Rename useradd-mkdirs.diff to useradd-mkdirs.patch +- Add fixes from Red Hat/Fedora: + - shadow-4.1.5.1-audit-owner.patch.patch: +- log owner changes for home directory + - shadow-4.1.5.1-userdel-helpfix.patch.patch: +- give a hint about what happens when you force the removal of a user + - shadow-4.2.1-defs-chroot.patch.patch: +- initialize uid_t uid_min and uid_t uid_max not before we need them + - shadow-4.2.1-merge-group.patch.patch: +- simplify by using a single call to snprintf() +- Add upstream fix + - Fix-user-busy-errors-at-userdel.patch: +- call sub_uid_close() + +--- Old: chkname-regex.diff encryption_method_nis.diff getdef-new-defs.diff shadow-4.1.5.1.tar.bz2 shadow-login_defs.diff useradd-default.diff useradd-mkdirs.diff useradd-script.diff userdel-scripts.diff New: Fix-user-busy-errors-at-userdel.patch chkname-regex.patch encryption_method_nis.patch getdef-new-defs.patch shadow-4.1.5.1-audit-owner.patch shadow-4.1.5.1-userdel-helpfix.patch shadow-4.2.1-defs-chroot.patch shadow-4.2.1-merge-group.patch shadow-4.2.1.tar.xz shadow-login_defs.patch useradd-default.patch useradd-mkdirs.patch useradd-script.patch userdel-script.patch Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.g70l4r/_old 2016-07-03 12:18:24.0 +0200 +++ /var/tmp/diff_new_pack.g70l4r/_new 2016-07-03 12:18:24.0 +0200 @@ -20,10 +20,10 @@ License:BSD-3-Clause and GPL-2.0+ Group: System/Base Name: shadow -Version:4.1.5.1 +Version:4.2.1 Release:0 Url:http://pkg-shadow.alioth.debian.org/ -Source: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2 +Source: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz Source1:pamd.tar.bz2 Source2:README.changes-pwdutils Source3:useradd.local @@ -31,18 +31,24 @@ Source5:userdel-post.local Source6:shadow.service Source7:shadow.timer -Patch: shadow-login_defs.diff -Patch1: userdel-scripts.diff -Patch2: useradd-script.diff -Patch3: chkname-regex.diff -Patch4: useradd-default.diff -Patch5: getdef-new-defs.diff +Patch: shadow-login_defs.patch +Patch1: userdel-script.patch +Patch2: useradd-script.patch +Patch3: chkname-regex.patch +Patch4: useradd-default.patch +Patch5: getdef-new-defs.patch Patch6: shadow-4.1.5.1-manfix.patch Patch7: shadow-4.1.5.1-logmsg.patch Patch8: shadow-4.1.5.1-errmsg.patch Patch9: shadow-4.1.5.1-backup-mode.patch -Patch10:encryption_method_nis.diff -Patch11:useradd-mkdirs.diff +Patch10:encryption_method_nis.patch +Patch11:
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2016-01-26 10:14:17 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is "shadow" Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2015-07-21 13:25:27.0 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2016-01-26 10:14:18.0 +0100 @@ -1,0 +2,7 @@ +Fri Jan 15 11:08:29 UTC 2016 - fv...@suse.com + +- Moved call from %verifyscript into %post: + * Caused call to %service_add_post shadow.service shadow.timer +during rpm -qV shadow + +--- Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.piAiPB/_old 2016-01-26 10:14:19.0 +0100 +++ /var/tmp/diff_new_pack.piAiPB/_new 2016-01-26 10:14:19.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package shadow # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -182,6 +182,8 @@ %set_permissions /usr/bin/newgrp %set_permissions /usr/bin/passwd +%service_add_post shadow.service shadow.timer + %verifyscript %verify_permissions /usr/bin/chage %verify_permissions /usr/bin/chfn @@ -191,8 +193,6 @@ %verify_permissions /usr/bin/newgrp %verify_permissions /usr/bin/passwd -%service_add_post shadow.service shadow.timer - %preun %service_del_preun shadow.service shadow.timer
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2015-07-21 13:25:20 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is shadow Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2014-04-06 09:54:15.0 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2015-07-21 13:25:27.0 +0200 @@ -1,0 +2,7 @@ +Wed Jul 15 13:25:11 UTC 2015 - jk...@suse.de + +- Add systemd unit files to continuously check password groupfile integrity + * Idea from Arch Linux + * pending request to systemd-presets-branding-openSUSE to enable by default + +--- New: shadow.service shadow.timer Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.8Oyny1/_old 2015-07-21 13:25:28.0 +0200 +++ /var/tmp/diff_new_pack.8Oyny1/_new 2015-07-21 13:25:28.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package shadow # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,6 +29,8 @@ Source3:useradd.local Source4:userdel-pre.local Source5:userdel-post.local +Source6:shadow.service +Source7:shadow.timer Patch: shadow-login_defs.diff Patch1: userdel-scripts.diff Patch2: useradd-script.diff @@ -102,6 +104,8 @@ install -m 0755 %SOURCE3 $RPM_BUILD_ROOT/%{_sbindir}/ install -m 0755 %SOURCE4 $RPM_BUILD_ROOT/%{_sbindir}/ install -m 0755 %SOURCE5 $RPM_BUILD_ROOT/%{_sbindir}/ +install -Dm644 %{S:6} %{buildroot}%{_unitdir}/shadow.service +install -Dm644 %{S:7} %{buildroot}%{_unitdir}/shadow.timer # Remove binaries we don't use. rm $RPM_BUILD_ROOT/%{_bindir}/groups @@ -166,6 +170,9 @@ %clean rm -rf $RPM_BUILD_ROOT +%pre +%service_add_pre shadow.service shadow.timer + %post %set_permissions /usr/bin/chage %set_permissions /usr/bin/chfn @@ -184,6 +191,14 @@ %verify_permissions /usr/bin/newgrp %verify_permissions /usr/bin/passwd +%service_add_post shadow.service shadow.timer + +%preun +%service_del_preun shadow.service shadow.timer + +%postun +%service_del_postun shadow.service shadow.timer + %files -f shadow.lang %defattr(-,root,root) %doc NEWS doc/HOWTO README README.changes-pwdutils @@ -254,4 +269,6 @@ %{_mandir}/man8/vigr.8* %{_mandir}/man8/vipw.8* +%{_unitdir}/* + %changelog ++ shadow.service ++ [Unit] Description=Verify integrity of password and group files [Service] Type=oneshot ExecStart=/usr/sbin/pwck -r ExecStart=/usr/sbin/grpck -r Nice=19 IOSchedulingClass=best-effort IOSchedulingPriority=7 ++ shadow.timer ++ [Unit] Description=Daily verification of password and group files [Timer] OnCalendar=daily AccuracySec=12h Persistent=true
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2014-04-06 09:54:11 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is shadow Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2013-12-13 12:01:08.0 +0100 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2014-04-06 09:54:15.0 +0200 @@ -1,0 +2,6 @@ +Mon Mar 31 22:00:00 UTC 2014 - tbehr...@suse.com + +- Add patch useradd-mkdirs.diff: fix for bnc#865563, create all parts + of the path + +--- New: useradd-mkdirs.diff Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.LWzg03/_old 2014-04-06 09:54:16.0 +0200 +++ /var/tmp/diff_new_pack.LWzg03/_new 2014-04-06 09:54:16.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package shadow # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -40,6 +40,7 @@ Patch8: shadow-4.1.5.1-errmsg.patch Patch9: shadow-4.1.5.1-backup-mode.patch Patch10:encryption_method_nis.diff +Patch11:useradd-mkdirs.diff BuildRequires: audit-devel BuildRequires: libacl-devel BuildRequires: libattr-devel @@ -69,6 +70,7 @@ %patch8 -p0 %patch9 -p1 %patch10 -p0 +%patch11 -p1 iconv -f ISO88591 -t utf-8 doc/HOWTO doc/HOWTO.utf8 mv -v doc/HOWTO.utf8 doc/HOWTO ++ useradd-mkdirs.diff ++ diff --git a/src/useradd.c b/src/useradd.c index fa93853..a9f8caa 100644 --- a/src/useradd.c +++ b/src/useradd.c @@ -1757,6 +1757,13 @@ static void usr_update (void) static void create_home (void) { if (access (user_home, F_OK) != 0) { + char path[strlen (user_home) + 2]; + char *bhome, *cp; + + path[0] = '\0'; + bhome = strdup (user_home); + ++bhome; + #ifdef WITH_SELINUX if (set_selinux_file_context (user_home) != 0) { fprintf (stderr, @@ -1765,19 +1772,42 @@ static void create_home (void) fail_exit (E_HOMEDIR); } #endif - /* XXX - create missing parent directories. --marekm */ - if (mkdir (user_home, 0) != 0) { - fprintf (stderr, -_(%s: cannot create directory %s\n), -Prog, user_home); + + /* Check for every part of the path, if the directory + exists. If not, create it with permissions 755 and + owner root:root. +*/ + cp = strtok (bhome, /); + while (cp) { + strcat (path, /); + strcat (path, cp); + if (access (path, F_OK) != 0) { + if (mkdir (path, 0) != 0) { + fprintf (stderr, +_(%s: cannot create directory %s\n), +Prog, path); #ifdef WITH_AUDIT - audit_logger (AUDIT_ADD_USER, Prog, - adding home directory, - user_name, (unsigned int) user_id, - SHADOW_AUDIT_FAILURE); + audit_logger (AUDIT_ADD_USER, Prog, + adding home directory, + user_name, (unsigned int) user_id, + SHADOW_AUDIT_FAILURE); #endif - fail_exit (E_HOMEDIR); + fail_exit (E_HOMEDIR); + } + if (chown (path, 0, 0) 0) { + fprintf (stderr, +_(%s: warning: chown on `%s' failed: %m\n), +Prog, path); + } + if (chmod (path, 0777) 0) { + fprintf (stderr, +_(%s: warning: chmod on `%s' failed: %m\n), +Prog, path); +
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2013-12-13 12:01:07 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is shadow Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2013-11-12 16:36:52.0 +0100 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2013-12-13 12:01:08.0 +0100 @@ -1,0 +2,7 @@ +Fri Nov 22 10:15:25 UTC 2013 - wer...@suse.de + +- Stop any systemd user manager instance in case a user entry will + be deleted (bnc#849870). Nevertheless a running process requires + the option --force for the userdel command. + +--- Other differences: -- ++ userdel-pre.local ++ --- /var/tmp/diff_new_pack.7d7UYA/_old 2013-12-13 12:01:09.0 +0100 +++ /var/tmp/diff_new_pack.7d7UYA/_new 2013-12-13 12:01:09.0 +0100 @@ -23,6 +23,10 @@ # Remove cron jobs test -x /usr/bin/crontab /usr/bin/crontab -r -u $1 +# Stop systemd user jobs, even this requires --force +id=$(id -u $1) +systemctl stop user@${id}.service /dev/null 21 + # All done. exit 0 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2013-11-12 16:36:51 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is shadow Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2013-09-17 16:25:49.0 +0200 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2013-11-12 16:36:52.0 +0100 @@ -1,0 +2,5 @@ +Tue Nov 12 14:47:30 CET 2013 - ku...@suse.de + +- Add ENCRYPT_METHOD_NIS for pam_unix.so (encryption_method_nis.diff) + +--- New: encryption_method_nis.diff Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.XjC3Ip/_old 2013-11-12 16:36:53.0 +0100 +++ /var/tmp/diff_new_pack.XjC3Ip/_new 2013-11-12 16:36:53.0 +0100 @@ -39,6 +39,7 @@ Patch7: shadow-4.1.5.1-logmsg.patch Patch8: shadow-4.1.5.1-errmsg.patch Patch9: shadow-4.1.5.1-backup-mode.patch +Patch10:encryption_method_nis.diff BuildRequires: audit-devel BuildRequires: libacl-devel BuildRequires: libattr-devel @@ -67,6 +68,7 @@ %patch7 -p1 %patch8 -p0 %patch9 -p1 +%patch10 -p0 iconv -f ISO88591 -t utf-8 doc/HOWTO doc/HOWTO.utf8 mv -v doc/HOWTO.utf8 doc/HOWTO ++ encryption_method_nis.diff ++ --- lib/getdef.c +++ lib/getdef.c2013/11/12 13:44:01 @@ -57,6 +57,7 @@ {CREATE_HOME, NULL}, {DEFAULT_HOME, NULL}, {ENCRYPT_METHOD, NULL}, + {ENCRYPT_METHOD_NIS, NULL}, {ENV_PATH, NULL}, {ENV_SUPATH, NULL}, {ERASECHAR, NULL}, ++ shadow-login_defs.diff ++ --- /var/tmp/diff_new_pack.XjC3Ip/_old 2013-11-12 16:36:53.0 +0100 +++ /var/tmp/diff_new_pack.XjC3Ip/_new 2013-11-12 16:36:53.0 +0100 @@ -290,12 +290,13 @@ # If set to MD5 , MD5-based algorithm will be used for encrypting password # If set to SHA256, SHA256-based algorithm will be used for encrypting password # If set to SHA512, SHA512-based algorithm will be used for encrypting password -@@ -309,7 +176,7 @@ +@@ -309,7 +176,8 @@ # Note: If you use PAM, it is recommended to use a value consistent with # the PAM modules configuration. # -#ENCRYPT_METHOD DES +ENCRYPT_METHOD SHA512 ++ENCRYPT_METHOD_NIS DES # # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2013-09-17 16:19:10 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is shadow Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2013-02-05 15:46:35.0 +0100 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2013-09-17 16:25:49.0 +0200 @@ -1,0 +2,10 @@ +Tue Sep 17 14:56:44 CEST 2013 - ku...@suse.de + +- Add some fixes from Fedora: + - shadow-4.1.5.1-backup-mode.patch: open backup file with correct +permissions. + - shadow-4.1.5.1-logmsg.patch: fix error message + - shadow-4.1.5.1-errmsg.patch: print error reason + - shadow-4.1.5.1-manfix.patch: fix manual page + +--- New: shadow-4.1.5.1-backup-mode.patch shadow-4.1.5.1-errmsg.patch shadow-4.1.5.1-logmsg.patch shadow-4.1.5.1-manfix.patch Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.MA2FXw/_old 2013-09-17 16:25:50.0 +0200 +++ /var/tmp/diff_new_pack.MA2FXw/_new 2013-09-17 16:25:50.0 +0200 @@ -35,6 +35,10 @@ Patch3: chkname-regex.diff Patch4: useradd-default.diff Patch5: getdef-new-defs.diff +Patch6: shadow-4.1.5.1-manfix.patch +Patch7: shadow-4.1.5.1-logmsg.patch +Patch8: shadow-4.1.5.1-errmsg.patch +Patch9: shadow-4.1.5.1-backup-mode.patch BuildRequires: audit-devel BuildRequires: libacl-devel BuildRequires: libattr-devel @@ -59,6 +63,10 @@ %patch3 -p0 %patch4 -p0 %patch5 -p0 +%patch6 -p1 +%patch7 -p1 +%patch8 -p0 +%patch9 -p1 iconv -f ISO88591 -t utf-8 doc/HOWTO doc/HOWTO.utf8 mv -v doc/HOWTO.utf8 doc/HOWTO ++ shadow-4.1.5.1-backup-mode.patch ++ diff -up shadow-4.1.5.1/lib/commonio.c.backup-mode shadow-4.1.5.1/lib/commonio.c --- shadow-4.1.5.1/lib/commonio.c.backup-mode 2012-05-18 21:44:54.0 +0200 +++ shadow-4.1.5.1/lib/commonio.c 2012-09-19 20:27:16.089444234 +0200 @@ -301,15 +301,12 @@ static int create_backup (const char *ba struct utimbuf ub; FILE *bkfp; int c; - mode_t mask; if (fstat (fileno (fp), sb) != 0) { return -1; } - mask = umask (077); - bkfp = fopen (backup, w); - (void) umask (mask); + bkfp = fopen_set_perms (backup, w, sb); if (NULL == bkfp) { return -1; } ++ shadow-4.1.5.1-errmsg.patch ++ --- src/useradd.c +++ src/useradd.c 2013/09/17 12:30:31 @@ -1759,6 +1759,9 @@ if (access (user_home, F_OK) != 0) { #ifdef WITH_SELINUX if (set_selinux_file_context (user_home) != 0) { + fprintf (stderr, + _(%s: cannot set SELinux context for home directory %s\n), + Prog, user_home); fail_exit (E_HOMEDIR); } #endif @@ -1788,6 +1791,9 @@ #ifdef WITH_SELINUX /* Reset SELinux to create files with default contexts */ if (reset_selinux_file_context () != 0) { + fprintf (stderr, +_(%s: cannot reset SELinux file creation context\n), +Prog); fail_exit (E_HOMEDIR); } #endif ++ shadow-4.1.5.1-logmsg.patch ++ diff -up shadow-4.1.5.1/src/useradd.c.logmsg shadow-4.1.5.1/src/useradd.c --- shadow-4.1.5.1/src/useradd.c.logmsg 2013-02-20 15:41:44.0 +0100 +++ shadow-4.1.5.1/src/useradd.c2013-03-19 18:40:04.908292810 +0100 @@ -275,7 +275,7 @@ static void fail_exit (int code) user_name, AUDIT_NO_ID, SHADOW_AUDIT_FAILURE); #endif - SYSLOG ((LOG_INFO, failed adding user '%s', data deleted, user_name)); + SYSLOG ((LOG_INFO, failed adding user '%s', exit code: %d, user_name, code)); exit (code); } ++ shadow-4.1.5.1-manfix.patch ++ diff -up shadow-4.1.5.1/man/useradd.8.xml.manfix shadow-4.1.5.1/man/useradd.8.xml --- shadow-4.1.5.1/man/useradd.8.xml.manfix 2013-06-14 15:25:44.0 +0200 +++ shadow-4.1.5.1/man/useradd.8.xml2013-07-19 07:33:53.768619759 +0200 @@ -161,7 +161,7 @@ /varlistentry varlistentry term - option-d/option, option--home/option + option-d/option, option--home-dir/option replaceableHOME_DIR/replaceable /term listitem @@ -362,7 +362,7 @@ /varlistentry varlistentry term - option-M/option + option-M/option,
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2013-02-05 15:46:33 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is shadow, Maintainer is ku...@suse.com Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2012-11-14 17:02:22.0 +0100 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2013-02-05 15:46:35.0 +0100 @@ -1,0 +2,5 @@ +Tue Feb 5 13:19:46 CET 2013 - ku...@suse.de + +- Cleanup login.defs and enable ENCRYPT_METHOD [bnc#802006] + +--- Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.GcKeiO/_old 2013-02-05 15:46:36.0 +0100 +++ /var/tmp/diff_new_pack.GcKeiO/_new 2013-02-05 15:46:36.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package shadow # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++ shadow-login_defs.diff ++ --- /var/tmp/diff_new_pack.GcKeiO/_old 2013-02-05 15:46:37.0 +0100 +++ /var/tmp/diff_new_pack.GcKeiO/_new 2013-02-05 15:46:37.0 +0100 @@ -1,5 +1,5 @@ --- etc/login.defs -+++ etc/login.defs 2012/11/13 16:30:57 etc/login.defs 2013/02/05 12:16:54 @@ -1,8 +1,6 @@ # # /etc/login.defs - Configuration control definitions for the shadow package. @@ -260,7 +260,7 @@ # Which fields may be changed by regular users using chfn - use # any combination of letters frwh (full name, room number, work # phone, home phone). If not defined, no changes are allowed. -@@ -277,13 +167,6 @@ +@@ -277,29 +167,6 @@ CHFN_RESTRICT rwh # @@ -271,10 +271,35 @@ -#LOGIN_STRING %s's Password: - -# - # Only works if compiled with MD5_CRYPT defined: - # If set to yes, new passwords will be encrypted using the MD5-based - # algorithm compatible with the one used by recent releases of FreeBSD. -@@ -345,16 +228,12 @@ +-# Only works if compiled with MD5_CRYPT defined: +-# If set to yes, new passwords will be encrypted using the MD5-based +-# algorithm compatible with the one used by recent releases of FreeBSD. +-# It supports passwords of unlimited length and longer salt strings. +-# Set to no if you need to copy encrypted passwords to other systems +-# which don't understand the new algorithm. Default is no. +-# +-# Note: If you use PAM, it is recommended to use a value consistent with +-# the PAM modules configuration. +-# +-# This variable is deprecated. You should use ENCRYPT_METHOD. +-# +-#MD5_CRYPT_ENAB no +- +-# +-# Only works if compiled with ENCRYPTMETHOD_SELECT defined: + # If set to MD5 , MD5-based algorithm will be used for encrypting password + # If set to SHA256, SHA256-based algorithm will be used for encrypting password + # If set to SHA512, SHA512-based algorithm will be used for encrypting password +@@ -309,7 +176,7 @@ + # Note: If you use PAM, it is recommended to use a value consistent with + # the PAM modules configuration. + # +-#ENCRYPT_METHOD DES ++ENCRYPT_METHOD SHA512 + + # + # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. +@@ -345,16 +212,12 @@ DEFAULT_HOME yes # @@ -293,7 +318,7 @@ #USERDEL_CMD /usr/sbin/userdel_local # -@@ -364,7 +243,7 @@ +@@ -364,7 +227,7 @@ # # This also enables userdel to remove user groups if no members exist. # @@ -302,7 +327,7 @@ # # If set to a non-nul number, the shadow utilities will make sure that -@@ -383,5 +262,41 @@ +@@ -383,5 +246,41 @@ # This option is overridden with the -M or -m flags on the useradd command # line. # -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2012-11-14 17:02:21 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is shadow, Maintainer is ku...@suse.com Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2012-11-13 17:10:29.0 +0100 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2012-11-14 17:02:22.0 +0100 @@ -1,0 +2,5 @@ +Tue Nov 13 17:31:50 CET 2012 - ku...@suse.de + +- Fix getdef default variables (getdef-new-defs.diff) + +--- New: getdef-new-defs.diff Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.6uNl8q/_old 2012-11-14 17:02:23.0 +0100 +++ /var/tmp/diff_new_pack.6uNl8q/_new 2012-11-14 17:02:23.0 +0100 @@ -34,6 +34,7 @@ Patch2: useradd-script.diff Patch3: chkname-regex.diff Patch4: useradd-default.diff +Patch5: getdef-new-defs.diff BuildRequires: audit-devel BuildRequires: libacl-devel BuildRequires: libattr-devel @@ -57,6 +58,7 @@ %patch2 -p0 %patch3 -p0 %patch4 -p0 +%patch5 -p0 iconv -f ISO88591 -t utf-8 doc/HOWTO doc/HOWTO.utf8 mv -v doc/HOWTO.utf8 doc/HOWTO ++ getdef-new-defs.diff ++ --- lib/getdef.c +++ lib/getdef.c2012/11/13 16:26:34 @@ -64,6 +64,7 @@ {FAKE_SHELL, NULL}, {GID_MAX, NULL}, {GID_MIN, NULL}, + {GROUPADD_CMD, NULL}, {HUSHLOGIN_FILE, NULL}, {KILLCHAR, NULL}, {LOGIN_RETRIES, NULL}, @@ -93,7 +94,10 @@ {UID_MAX, NULL}, {UID_MIN, NULL}, {UMASK, NULL}, + {USERADD_CMD, NULL}, {USERDEL_CMD, NULL}, + {USERDEL_PRECMD, NULL}, + {USERDEL_POSTCMD, NULL}, {USERGROUPS_ENAB, NULL}, #ifndef USE_PAM {CHFN_AUTH, NULL}, @@ -129,6 +133,10 @@ {TCB_SYMLINKS, NULL}, {USE_TCB, NULL}, #endif + /* Used by /bin/login */ + {MOTD_FILE, NULL}, + {ENV_PATH, NULL}, + {ENV_ROOTPATH, NULL}, {NULL, NULL} }; ++ shadow-login_defs.diff ++ --- /var/tmp/diff_new_pack.6uNl8q/_old 2012-11-14 17:02:23.0 +0100 +++ /var/tmp/diff_new_pack.6uNl8q/_new 2012-11-14 17:02:23.0 +0100 @@ -1,5 +1,5 @@ --- etc/login.defs -+++ etc/login.defs 2012/09/26 12:02:14 etc/login.defs 2012/11/13 16:30:57 @@ -1,8 +1,6 @@ # # /etc/login.defs - Configuration control definitions for the shadow package. @@ -166,7 +166,16 @@ # Default initial umask value used by login on non-PAM enabled systems. # Default umask value for pam_umask on PAM enabled systems. -@@ -206,40 +123,37 @@ +@@ -197,49 +114,44 @@ + # + # PASS_MAX_DAYS Maximum number of days a password may be used. + # PASS_MIN_DAYS Minimum number of days allowed between password changes. +-# PASS_MIN_LENMinimum acceptable password length. + # PASS_WARN_AGE Number of days warning given before a password expires. + # + PASS_MAX_DAYS 9 + PASS_MIN_DAYS 0 +-PASS_MIN_LEN 5 PASS_WARN_AGE 7 # @@ -222,7 +231,7 @@ # # Max time in seconds for login -@@ -247,28 +161,6 @@ +@@ -247,28 +159,6 @@ LOGIN_TIMEOUT 60 # @@ -251,7 +260,7 @@ # Which fields may be changed by regular users using chfn - use # any combination of letters frwh (full name, room number, work # phone, home phone). If not defined, no changes are allowed. -@@ -277,13 +169,6 @@ +@@ -277,13 +167,6 @@ CHFN_RESTRICT rwh # @@ -265,7 +274,7 @@ # Only works if compiled with MD5_CRYPT defined: # If set to yes, new passwords will be encrypted using the MD5-based # algorithm compatible with the one used by recent releases of FreeBSD. -@@ -345,16 +230,12 @@ +@@ -345,16 +228,12 @@ DEFAULT_HOME yes # @@ -284,7 +293,7 @@ #USERDEL_CMD /usr/sbin/userdel_local # -@@ -364,7 +245,7 @@ +@@ -364,7 +243,7 @@ # # This also enables userdel to remove user groups if no members exist. # @@ -293,7 +302,7 @@ # # If set to a non-nul number, the shadow utilities will make sure that -@@ -383,5 +264,41 @@ +@@ -383,5 +262,41 @@ # This option is overridden with the -M or -m flags on the useradd command # line. # -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit shadow for openSUSE:Factory
Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2012-11-13 17:10:27 Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new (New) Package is shadow, Maintainer is ku...@suse.com Changes: --- /work/SRC/openSUSE:Factory/shadow/shadow.changes2012-11-08 07:55:58.0 +0100 +++ /work/SRC/openSUSE:Factory/.shadow.new/shadow.changes 2012-11-13 17:10:29.0 +0100 @@ -1,0 +2,6 @@ +Tue Nov 13 10:36:28 CET 2012 - ku...@suse.de + +- Fix default group value in /etc/default/useradd + (useradd-default.diff) + +--- New: useradd-default.diff Other differences: -- ++ shadow.spec ++ --- /var/tmp/diff_new_pack.5Py9qw/_old 2012-11-13 17:10:30.0 +0100 +++ /var/tmp/diff_new_pack.5Py9qw/_new 2012-11-13 17:10:30.0 +0100 @@ -1,5 +1,5 @@ # -# spec file for package shadow-utils +# spec file for package shadow # # Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -17,11 +17,11 @@ Summary:Utilities to Manage User and Group Accounts +License:BSD-3-Clause and GPL-2.0+ +Group: System/Base Name: shadow Version:4.1.5.1 -Release:1 -License:BSD-3-Clause ; GPL-2.0+ -Group: System/Base +Release:0 Url:http://pkg-shadow.alioth.debian.org/ Source: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2 Source1: pamd.tar.bz2 @@ -33,11 +33,13 @@ Patch1:userdel-scripts.diff Patch2:useradd-script.diff Patch3:chkname-regex.diff -BuildRequires: pam-devel -BuildRequires: libselinux-devel +Patch4: useradd-default.diff BuildRequires: audit-devel +BuildRequires: libacl-devel +BuildRequires: libattr-devel +BuildRequires: libselinux-devel BuildRequires: libsemanage-devel -BuildRequires: libacl-devel libattr-devel +BuildRequires: pam-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq:permissions Provides: pwdutils = 3.2.20 @@ -54,6 +56,7 @@ %patch1 -p0 %patch2 -p0 %patch3 -p0 +%patch4 -p0 iconv -f ISO88591 -t utf-8 doc/HOWTO doc/HOWTO.utf8 mv -v doc/HOWTO.utf8 doc/HOWTO @@ -86,7 +89,6 @@ install -m 0755 %SOURCE4 $RPM_BUILD_ROOT/%{_sbindir}/ install -m 0755 %SOURCE5 $RPM_BUILD_ROOT/%{_sbindir}/ - # Remove binaries we don't use. rm $RPM_BUILD_ROOT/%{_bindir}/groups rm $RPM_BUILD_ROOT/%{_mandir}/man1/groups.* @@ -143,7 +145,6 @@ rm $RPM_BUILD_ROOT/%{_mandir}/man5/shadow.5* rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/shadow.5* - rm -rf $RPM_BUILD_ROOT%{_mandir}/{??,??_??} %find_lang shadow ++ useradd-default.diff ++ --- etc/useradd +++ etc/useradd 2012/11/13 09:29:57 @@ -1,5 +1,5 @@ # useradd defaults file -GROUP=1000 +GROUP=100 HOME=/home INACTIVE=-1 EXPIRE= -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org