Changelog for
shadow-4.8.1-150400.10.12.1.x86_64.rpm :
* Fri Sep 08 2023 mvetterAATTsuse.com- bsc#1214806 (CVE-2023-4641): Fix potential password leak- Add shadow-CVE-2023-4641.patch
* Tue Jul 11 2023 mvetterAATTsuse.com- bsc#1213189: Change lock mechanism to file locking to prevent lock files after power interruptions- Add shadow-4.8.1-lock-mechanism.patch
* Tue Jul 04 2023 mvetterAATTsuse.com- bsc#1206627: Add --prefix support to passwd, chpasswd and chage Needed for YaST- Add shadow-4.8.1-add-prefix-passwd-chpasswd-chage.patch
* Tue Apr 18 2023 mvetterAATTsuse.com- bsc#1210507 (CVE-2023-29383): Check for control characters- Add shadow-CVE-2023-29383.patch
* Fri Nov 18 2022 fstrbaAATTsuse.com- Added patch:
* shadow-4.8.1-AUDIT_NO_ID.patch + fix bsc#1205502: useradd audit event user id field cannot be interpreted
* Wed Jan 12 2022 sbrabecAATTsuse.com- The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954).
* Wed Nov 17 2021 sbrabecAATTsuse.com- shadow-util-linux.patch:
* Add support for LOGIN_KEEP_USERNAME from util-linux >= 2.37.- Refresh shadow-login_defs-suse.patch.
* Thu Jan 28 2021 sbrabecAATTsuse.com- Do not require libeconf-devel on products without /usr/etc.
* Thu Jan 21 2021 kukukAATTsuse.com- Split login.defs configuration file into own sub-package, which allows to install util-linux or pam on small embedded/edge systems or container without the need to pull in the full shadow suite.
* Wed Nov 11 2020 fvogtAATTsuse.com- Amend patches/useradd-userkeleton.patch to also write into existing directories and prefer files from /etc
* Wed Nov 11 2020 wernerAATTsuse.de- Add patch useradd-userkeleton.patch to extend original C code of useradd to handle /usr/etc/skel (boo#1173321)- Remove /usr/etc/skel support in useradd.local script
* Mon Nov 02 2020 wernerAATTsuse.de- Change again useradd.local script to let it work even for system accounts and work together with SELinux (bsc#1178296)- Change patch useradd-script.patch to support the four arguments used by the useradd.local script (bsc#1178296)
* Fri Oct 09 2020 wernerAATTsuse.de- Add support for /usr/etc/skel to useradd.local script (boo#1173321)
* Thu Oct 08 2020 sbrabecAATTsuse.com- shadow-login_defs-check.sh: Fix the regexp to get a real variable list (boo#1164274).
* Tue Sep 08 2020 sbrabecAATTsuse.com- login.defs: Add support for new util-linux-2.36 login variable MOTD_FIRSTONLY (shadow-util-linux.patch).- shadow-login_defs-comments.patch: Remove duplicated LASTLOG_UID_MAX.- shadow-login_defs-check.sh: Update for new build system.- shadow-util-linux.patch: Restore lost chunk: SYSLOG_SU_ENAB is not used in SUSE Linux.- Refresh shadow-login_defs-suse.patch and shadow-login_defs-comments.patch.
* Fri May 22 2020 fvogtAATTsuse.com- Use pure #!/bin/sh in:
* useradd.local
* userdel-post.local
* userdel-pre.local
* Fri Jan 24 2020 mvetterAATTsuse.com- Update to 4.8.1:
* selinux: include stdio
* man: don\'t suggest making groupmems user-writeable
* Makefile: bail out on error in for loops
* Adding logging of SSH_ORIGINAL_COMMAND to nologin
* add new HOME_MODE login.defs option
* Add tty logging to useradd
* Useradd: make non-executable shell check only a warning
* Update Dutch translation
* user_busy: Do not mistake a regular user process for a namespaced one
* Revert \"Honor --sbindir and --bindir for binary installation\"- Remove shadow-4.8-shell-check.patch: included- Remove shadow-4.8-selinux-include.patch: upstreamed
* Mon Jan 20 2020 mvetterAATTsuse.com- Set 0755 for chpasswd, groupadd, groupdel, groupmod, newusers, useradd, userdel, usermod explicitly.
* Thu Jan 16 2020 mvetterAATTsuse.com- bsc#1160729: Make valid shell check only a warning
* Add shadow-4.8-shell-check.patch
* Tue Dec 17 2019 mvetterAATTsuse.com- Update to 4.8:
* Initial optional bcrypt support.
* Make build/install of \'su\' optional.
* Fix for vipw not resuming correctly when suspended
* Sync password field descriptions in manpages
* Check for valid shell argument in useradd
* Allow translation of new strings through POTFILES.in
* Migrate to itstool for translations
* Migrate to new SELinux api
* Support --enable-vendordir
* pwck: Only check homedir if set and not a system user
* Support nonstandard usernames
* sget{pw,gr}ent: check for data at EOL
* Add YYY-MM-DD support in chage
* Fix failing chmod calls for suidubins
* Fix --sbindir and --bindir for binary installations
* Fix LASTLOG_UID_MAX in login.defs
* Fix configure error with dash- Remove because upstreamed:
* libeconf.patch
* shadow-usermod-variable.patch- Rebase:
* shadow-login_defs-unused-by-pam.patch
* chkname-regex.patch
* shadow-util-linux.patch
* shadow-login_defs-comments.patch- Add shadow-4.8-selinux-include.patch See https://github.com/shadow-maint/shadow/pull/200
* Mon Oct 07 2019 kukukAATTsuse.de- libeconf.patch: Add support for libeconf and /usr/etc for login.defs.- Move first configuration files and pam config files to /usr/etc
* Mon Sep 02 2019 mvetterAATTsuse.com- bsc#1144060: Add pam_keyinit.so to /etc/pam.d configuration files to support kernel keyring feature- Update pamd.tar.bz2 with pam configuration files accordingly
* Mon Aug 19 2019 kukukAATTsuse.de- encryption_method_nis.patch: drop, DES should really not be used anymore anywhere, even with NIS- shadow-login_defs-suse.patch: remove encryption NIS entry
* Fri Jul 26 2019 sbrabecAATTsuse.com- Fix incorrect variable name in usermod (shadow-usermod-variable.patch).- shadow-login_defs-comments.patch:
* Drop SHA_CRYPT_
*_ROUNDS that are in the upstream login.defs.
* Add missing LASTLOG_UID_MAX.
* Refresh shadow-login_defs-suse.patch.- Port shadow-login_defs-check.sh to match the current spec file and login.defs.
* Thu Jul 25 2019 kukukAATTsuse.de- Provide \"useradd_or_adduser_dep\" for sysuser-shadow
* Sat Jul 20 2019 sbrabecAATTsuse.com- shadow-login_defs-suse.patch: Set ALWAYS_SET_PATH default to \"yes\" (bsc#353876#c7).
* Fri Jul 19 2019 sbrabecAATTsuse.com- Fix comment about patch in spec file
* Fri Jun 14 2019 mvetterAATTsuse.com- Update to 4.7:
* Spawn: don\'t loop forever on ECHILD
* Do not fail locking if there is a stale lockfile (Tomas Mraz)
* Use lckpwdf if prefix not set (Tomas Mraz)
* Build: check correct DocBook version (Jan Tojnar)
* Usermod: Print \'no changes\' to stdout, not stderr (Serge Hallyn)
* Add support for btrfs subvolumes for home (Adam Majer)
* Fix chpasswd long line handling (Nathan Ruiz)
* Use secure_getenv for gettime (Chris Lamb)
* Make sp_lstchg reproducible (Chris Lamb)
* Do not crash commonio_close if db file is not open (Tomas Mraz)
* Don\'t flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
* French manpage update (Alban VIDAL)
* Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
* Sync po files from shadow.pot (Alban VIDAL)
* Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
* Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
* new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
* Fix segfault in useradd (bsc#1141113, Tomas Mraz)
* Coverity issues (Tomas Mraz)
* Flush sssd caches (Jakub Hrozek)
* Log UID in nologin (Vladimir Ivanov)
* run pam_getenvlist after setup_env in su.c (Michael Vogt)
* Support systems with only utmpx (A. Wilcox)
* Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
* Update po/zh_CN translation (Lion Yang)
* Create parent dirs for useradd -m (Michael Vetter)
* Prevent usermod segv
* Fix usermod crash (fariouche)- Remove btrfs-subvolumes.patch (fate#316134): upstreamed: https://github.com/shadow-maint/shadow/pull/149- Remove useradd-mkdirs.patch (bsc#865563): upstreamed https://github.com/shadow-maint/shadow/pull/112- Remove shadow-4.6.0-fix-usermod-prefix-crash.patch upstreamed https://github.com/shadow-maint/shadow/issues/110- Remove shadow-4.6-bsc1141113-useradd-segfault.patch (SLE15 SP3 and openSUSE Leap 15.3 only) upstreamed https://github.com/shadow-maint/shadow/issues/125- Rebase userdel-script.patch- Rebase useradd-script.patch- Rebase shadow-util-linux.patch
* Thu May 30 2019 mpluskalAATTsuse.com- Make building more verbose- Use spec-cleaner
* Thu May 02 2019 lnusselAATTsuse.de- don\'t specify MOTD_FILE in login.defs but fall back to built in defaults of login (boo#1133929)
* Tue Apr 30 2019 sbrabecAATTsuse.com- Split shadow-login_defs.patch hunks to its logical components (bsc#1121197):
* shadow-login_defs-unused-by-pam.patch
* shadow-login_defs-comments.patch
* shadow-util-linux.patch
* shadow-login_defs-suse.patch
* Move appropriate hunks to chkname-regex.patch and encryption_method_nis.patch
* Remove GROUPADD_CMD that is not supported (bsc#1121197#c14).- Split getdef-new-defs.patch hunks to its logical components (bsc#1121197):
* encryption_method_nis.patch
* chkname-regex.patch
* shadow-util-linux.patch Add support for login: ALWAYS_SET_PATH and LOGIN_PLAIN_PROMPT.
* useradd-script.patch, userdel-script.patch
* Remove duplicated definitions of MOTD_FILE and ENV_PATH.- Add shadow-login_defs-unused-check.sh to allow verification of login.defs variable usage (bsc#1121197).- Add virtual symbols for login.defs compatibility (bsc#1121197).
* Wed Jan 23 2019 adam.majerAATTsuse.de- btrfs-subvolumes.patch: implement support for creating user home directories on btrfs subvolumes (fate#316134)
* Wed Oct 31 2018 vrothbergAATTsuse.com- Add empty /etc/sub{u,g}id files. useradd and usermod add entries for users only when those files exist. Having those entries is a requirement to create user namespaces, for instance, when running podman as a non-root user.
* Mon May 14 2018 mvetterAATTsuse.com- Update to 4.6:
* Newgrp: avoid unnecessary lookups
* Make language less binary
* Add error when turning off man switch
* Spelling fixes
* Make userdel work with -R
* newgidmap: enforce setgroups=deny if self-mapping a group
* Norwegian bokmål translation
* pwck: prevent crash by not passing O_CREAT
* WITH_TCB fixes from Mandriva
* Fix pwconv and grpconv entry skips
* Fix -- slurping in su
* add --prefix option- Remove CVE-2018-7169.patch: upstreamed- Remove shadow-4.1.5.1-pam_group.patch: upstreamed- Update userdel-script.patch: change due to prefix- Update useradd-mkdirs.patch: change due to prefix Additionally changed in that patch (bsc#1106914):
* Test for strdup() failure
* Directory to 0755 instead 0777- Add shadow-4.6.0-fix-usermod-prefix-crash.patch: Fixes crash in usermod when called with --prefix. See https://github.com/shadow-maint/shadow/issues/110
* Thu Feb 22 2018 fvogtAATTsuse.com- Use %license (boo#1082318)
* Fri Feb 16 2018 kbabiochAATTsuse.com- Added CVE-2018-7169.patch: Fixed an privilege escalation in newgidmap, which allowed an unprivileged user to be placed in a user namespace where setgroups(2) is allowed. (CVE-2018-7169 bsc#1081294)
* Wed Nov 08 2017 mvetterAATTsuse.com- bsc#1061838: Revert: Requires: group(mail) Introduced circular dependency
* Fri Oct 13 2017 adam.majerAATTsuse.de- Revert accidentalied prerequisites. Use PreReq for permissions
* Thu Oct 12 2017 schwabAATTsuse.de- Prequire group(shadow), group(root), user(root)
* Mon Oct 09 2017 mvetterAATTsuse.com- bsc#1061838: Add Requires for group(mail)
* Thu Sep 14 2017 mvetterAATTsuse.com- boo#1048645: Set suid bit for newuidmap and newgimap
* Thu Sep 14 2017 mvetterAATTsuse.com- Revert the changes for bsc#1023895 back Pulls in too many deps into ring0. Next version of shadow plans to have no conditional man pages.
* Fri Sep 08 2017 mvetterAATTsuse.com- run spec-cleaner- bsc#1023895: man page contained invalid options because they depend on compile flags and we shipped pre built ones. New BuildRequires: docbook-xsl-stylesheets docbook_4 xml2po xsltproc
* Thu Jun 08 2017 kukukAATTsuse.de- Adjust requires (we need user/group root instead of aaa_base now)
* Mon May 22 2017 adam.majerAATTsuse.de- New upstream version 4.5- Refreshed patches:
* shadow-login_defs.patch
* chkname-regex.patch
* getdef-new-defs.patch
* useradd-mkdirs.patch- Upstreamed patches:
* shadow-4.1.5.1-manfix.patch
* shadow-4.1.5.1-errmsg.patch
* shadow-4.1.5.1-backup-mode.patch
* shadow-4.1.5.1-audit-owner.patch
* shadow-4.2.1-defs-chroot.patch
* shadow-4.2.1-merge-group.patch
* Fix-user-busy-errors-at-userdel.patch
* useradd-clear-tallylog.patch- shadow-4.1.5.1-pam_group.patch dynamically added users via pam_group are not listed in groups databases but are still valid- shadow.keyring: update keyring with current maintainer\'s keyid only - Serge Hallyn \'F1D08DB778185BF784002DFFE9FEEA06A85E3F9D\'- disable_new_audit_function.patch: Disable newer libaudit functionality for older distributions
* Mon Feb 20 2017 josef.moellersAATTsuse.com- useradd: call external program \"/sbin/pam_tally2\" to reset failed login counter in \"/var/log/tallylog\" (bsc#980486, useradd-clear-tallylog.patch)
* Wed Nov 02 2016 meissnerAATTsuse.com- add keyring, three public keys from https://pkg-shadow.alioth.debian.org/download.php
* Tue Oct 18 2016 mvetterAATTsuse.com- bsc#1002975: Use permissions according to permissions package and dont try to manipulate them in %files section.
* Wed Sep 14 2016 mvetterAATTsuse.com- boo#994486: Include shadow.5 manpage Previously this was provided by man-pages package in the man-pages-addons tarball which got removed later on.
* Tue May 31 2016 mvetterAATTsuse.com- Add package dependency for aaa_base, fixing bnc#899409 (was done by tbehrensAATTsuse.com but not submitted to Factory)
* Mon May 30 2016 mvetterAATTsuse.com- shadow 4.2.1 requested by fate#320422- bsc#979069: Dont include shadow-4.1.5.1-bug935203-manpage.patch- Dont set SUID bit yet. Once bsc#979282 is through, which will adapt the permissions package, we can enable the SUID bits. Remove the files used to circumvent the check.- Remove:
* shadow-rpmlintrc
* shadow-subids
* shadow-subids.easy
* shadow-subids.secure
* shadow-subids.paranoid
* Thu May 19 2016 christian.braunerAATTmailbox.org- Update to shadow-4.2.1: - add support for subuids/subgids via newuidmap/newgidmap- Rename chkname-regex.diff to chkname-regex.patch- Rename encryption_method_nis.diff to encryption_method_nis.patch- Rename getdef-new-defs.diff to getdef-new-defs.patch- Rename shadow-login_defs.diff to shadow-login_defs.patch- Rename userdel-scripts.diff to userdel-script.patch- Rename useradd-script.diff to useradd-script.patch- Rename useradd-default.diff to useradd-default.patch- Rename useradd-mkdirs.diff to useradd-mkdirs.patch- Add fixes from Red Hat/Fedora: - shadow-4.1.5.1-audit-owner.patch.patch: - log owner changes for home directory - shadow-4.1.5.1-userdel-helpfix.patch.patch: - give a hint about what happens when you force the removal of a user - shadow-4.2.1-defs-chroot.patch.patch: - initialize uid_t uid_min and uid_t uid_max not before we need them - shadow-4.2.1-merge-group.patch.patch: - simplify by using a single call to snprintf()- Add upstream fix - Fix-user-busy-errors-at-userdel.patch: - call sub_uid_close()
* Fri Jan 15 2016 fvogtAATTsuse.com- Moved call from %verifyscript into %post:
* Caused call to %service_add_post shadow.service shadow.timer during rpm -qV shadow
* Wed Jul 15 2015 jkeilAATTsuse.de- Add systemd unit files to continuously check password & groupfile integrity
* Idea from Arch Linux
* pending request to systemd-presets-branding-openSUSE to enable by default
