SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for shadow-4.13-6.77.x86_64.rpm :

* Thu Feb 16 2023 Michael Vetter - Update shadow-fix-print-login-timeout.patch- Reorder source files and patches
* Wed Feb 15 2023 Ludwig Nussel - Remove scripts that claim to be config but are in /usr (boo#1191578)
* userdel-script.patch
* useradd-script.patch
* useradd.local
* userdel-post.local
* userdel-pre.local
* Fri Jan 13 2023 Michael Vetter - Add shadow-fix-print-login-timeout.patch: Fix printing full login timeout message See gh/shadow-maint/shadow#621
* Fri Dec 16 2022 Michael Vetter - bsc#1205502: Fix useradd audit event logging of ID field
* Add shadow-audit-no-id.patch See gh/shadow-maint/shadow#606
* Tue Nov 08 2022 Michael Vetter - Update to 4.13:
* useradd.8: fix default group ID
* Revert drop of subid_init()
* Georgian translation
* useradd: Avoid taking unneeded space: do not reset non-existent data in lastlog
* relax username restrictions
* selinux: check MLS enabled before setting serange
* copy_tree: use fchmodat instead of chmod
* copy_tree: don\'t block on FIFOs
* add shell linter
* copy_tree: carefully treat permissions
* lib/commonio: make lock failures more detailed
* lib: use strzero and memzero where applicable
* Update Dutch translation
* Don\'t test for NULL before calling free
* Use libc MAX() and MIN()
* chage: Fix regression in print_date
* usermod: report error if homedir does not exist
* libmisc: minimum id check for system accounts
* fix usermod -rG x y wrongly adding a group
* man: add missing space in useradd.8.xml
* lastlog: check for localtime() return value
* Raise limit for passwd and shadow entry length
* Remove adduser-old.c
* useradd: Fix buffer overflow when using a prefix
* Don\'t warn when failed to open /etc/nsswitch.conf- Remove patches we took from upstream pre-release:
* shadow-copytree-usermod-fifo.patch
* shadow-chage-format.patch
* shadow-prefix-overflow.patch- Remove chkname-regex.patch: Upstream now also relaxed the usernames requirements. They don\'t use regex for this but the result is similar. Plus they also check that the name is less than 32 characters long.- Rebase useradd-userkeleton.patch
* Mon Nov 07 2022 Michael Vetter - Add shadow-copytree-usermod-fifo.patch: Fix regression that prevented `usermod -m` to work when their home directory contained at least one fifo See https://github.com/shadow-maint/shadow/pull/565
* Wed Nov 02 2022 Michael Vetter - bsc#1204811: Fix chage date format string regression
* Add shadow-chage-format.patch
* Mon Oct 24 2022 Michael Vetter - Add shadow-prefix-overflow.patch: Fix buffer overflow when calling useradd with --prefix See https://github.com/shadow-maint/shadow/pull/588
* Mon Aug 22 2022 Michael Vetter - Update to 4.12.3: Revert removal of subid_init, which should have bumped soname. So note that 4.12 through 4.12.2 were broken for subid users.
* Fri Aug 19 2022 Michael Vetter - Update to 4.12.2:
* Address CVE-2013-4235 (TOCTTOU when copying directories) [bsc#916845]- Refresh useradd-userkeleton.patch: LSTAT() was removed with https://github.com/shadow-maint/shadow/pull/545 Let\'s use fstatat() now.
* Mon Aug 15 2022 Michael Vetter - Update to 4.12.1:
* Fix uk manpages- Remove shadow-4.12-remove-uk.patch: fixed upstream
* Fri Aug 12 2022 Michael Vetter - Update to 4.12:
* Add absolute path hint to --root
* Various cleanups
* Fix Ubuntu release used in CI tests
* add -F options to userad
* useradd manpage updates
* Check for ownerid (not just username) in subid ranges
* Declare file local functions static
* Use strict prototypes
* Do not drop const qualifier for Basename
* Constify various pointers
* Don\'t return uninitialized memory
* Don\'t let compiler optimize away memory cleaning
* Remove many obsolete compatibility checks and defines
* Modify ID range check in useradd
* Use \"extern \"C\"\" to make libsubid easier to use from C++
* French translation updates
* Fix s/with-pam/with-libpam/
* Spanish translation updates
* French translation fixes
* Default max group name length to 32
* Fix PAM service files without-selinux
* Improve manpages - groupadd, useradd, usermod - groups and id - pwck
* Add fedora to CI builds
* Fix condition under which pw_dir check happens
* logoutd: switch to strncat
* AUTHORS: improve markdown output
* Handle ERANGE errors correctly
* Check for fopen NULL return
* Split get_salt() into its own fn juyin)
* Get salt before chroot to ensure /dev/urandom.
* Chpasswd code cleanup
* Work around git safe.directory enforcement
* Alphabetize order in usermod help
* Erase password copy on error branches
* Suggest using --badname if needed
* Update translation files
* Correct badnames option to badname
* configure: replace obsolete autoconf macros
* tests: replace egrep with grep -E
* Update Ukrainian translations
* Cleanups - Remove redeclared variable - Remove commented out code and FIXMEs - Add header guards - Initialize local variables
* CI updates - Create github workflow to install dependencies - Enable CodeQL - Update actions version
* libmisc: use /dev/urandom as fallback if other methods fail- Add shadow-4.12-remove-uk.patch: Disable non working Ukranian translation for now https://github.com/shadow-maint/shadow/issues/547
* Tue Aug 09 2022 Thorsten Kukuk - Remove duplicate pam.d/useradd entry- Provide /etc/login.defs.d on SLE15 since we support and use it
* Mon Aug 08 2022 Thorsten Kukuk - Use %_pam_vendordir macro
* Wed Jan 12 2022 Stanislav Brabec - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954).
* Mon Jan 03 2022 Michael Vetter - Update to 4.11.1:
* build: include lib/shadowlog_internal.h in dist tarballs
* Mon Jan 03 2022 Michael Vetter - Update to 4.11:
* Handle possible TOCTTOU issues in usermod/userdel - (CVE-2013-4235) - Use O_NOFOLLOW when copying file - Kill all user tasks in userdel
* Fix useradd -D segfault
* Clean up obsolete libc feature-check ifdefs
* Fix -fno-common build breaks due to duplicate Prog declarations
* Have single date_to_str definition
* Fix libsubid SONAME version
* Clarify licensing info, use SPDX.
* Mon Jan 03 2022 Michael Vetter - Update to 4.10:
* From this release forward, su from this package should be considered deprecated. Please replace any users of it with su from util-linux
* libsubid fixes
* Rename the test program list_subid_ranges to getsubids, write a manpage, so distros can ship it.
* Add libeconf dep for new
*idmap
* Allow all group types with usermod -G
* Avoid useradd generating empty subid range
* Handle NULL pw_passwd
* Fix default value SHA_get_salt_rounds
* Use https where possible in README
* Update content and format of README
* Translation updates
* Switch from xml2po to itstool in \'make dist\'
* Fix double frees
* Add LOG_INIT configurable to useradd
* Add CREATE_MAIL_SPOOL documentation
* Create a security.md
* Fix su never being SIGKILLd when trapping TERM
* Fix wrong SELinux labels in several possible cases
* Fix missing chmod in chadowtb_move
* Handle malformed hushlogins entries
* Fix groupdel segv when passwd does not exist
* Fix covscan-found newgrp segfault
* Remove trailing slash on hoedir
* Fix passwd -l message - it does not change expirey
* Fix SIGCHLD handling bugs in su and vipw
* Remove special case for \"\" in usermod
* Implement usermod -rG to remove a specific group
* call pam_end() after fork in child path for su and login
* useradd: In absence of /etc/passwd, assume 0 == root
* lib: check NULL before freeing data
* Fix pwck segfault- Remove because upstreamed:
* shadow-4.9-pwck-segfault.patch
* shadow-4.9-newgrp-segfault.patch
* shadow-4.9-useradd-subuid.patch
* shadow-4.9-sgent-free.patch
* shadow-passwd-handle-null.patch
* shadow-fix-sigabrt.patch
* shadow-libeconf-include.patch
* libsubid-build-fix.patch- Refreshed:
* shadow-util-linux.patch
* shadow.changes
* shadow.keyring
* shadow.spec
* useradd-script.patch
* useradd-userkeleton.patch
* userdel-script.patch- Update shadow.keyring:
* Serge Hallyn sergeAATThallyn.com (B175CFA98F192AF2)
* Christian Brauner christianAATTbrauner.io (4880B8C9BD0E5106FC070F4F7B3C391EFEA93624)
* Tue Nov 30 2021 Thorsten Kukuk - Really enable USERGROUPS_ENAB [bsc#1189139]. Did go lost during merges.
* Thu Nov 18 2021 Michael Vetter - Fix segfaults in newgrp and pwck
* Add shadow-4.9-newgrp-segfault.patch https://github.com/shadow-maint/shadow/pull/437
* Add shadow-4.9-pwck-segfault.patch https://github.com/shadow-maint/shadow/pull/445
* Tue Nov 16 2021 Johannes Segitz - Added hardening to systemd service(s) (bsc#1181400). Modified:
* shadow.service
* Tue Nov 09 2021 Stanislav Brabec - shadow-util-linux.patch:
* Remove the section patching lib/getdef.c in favor of the upstream FOREIGNDEFS.
* Add LOGIN_KEEP_USERNAME to login.defs.
* Remove PREVENT_NO_AUTH from login.defs. Only used by the unpackaged login and su.- shadow-login_defs-unused-by-pam.patch:
* Remove variables BCRYPT_MIN_ROUNDS, BCRYPT_MAX_ROUNDS, YESCRYPT_COST_FACTOR, not supported by the current configuratiton.- Update login_defs-support-for-pam symbol to version 1.5.2 (support for new variable HMAC_CRYPTO_ALGO).- Update login_defs-support-for-util-linux to version 2.37 (support for new variable LOGIN_KEEP_USERNAME).- Refresh shadow-login_defs-comments.patch and shadow-login_defs-suse.patch.- Improve shadow-login_defs-check.sh:
* Add helper to import local new version in the parent dir.
* Fix spec editing sed expression.
* Add PREVENT_NO_AUTH to known unused variables.
* Update pam sed expression to find HMAC_CRYPTO_ALGO.
* Add more sanity checks.
* Mon Sep 20 2021 Michael Vetter - bsc#1190146: Fix empty subid range Add shadow-4.9-useradd-subuid.patch https://github.com/shadow-maint/shadow/pull/399
* Mon Sep 20 2021 Michael Vetter - bsc#1190145: Fix double free in gpasswd: Add shadow-4.9-sgent-free.patch upstreamed as https://github.com/shadow-maint/shadow/pull/417
* Tue Sep 07 2021 Michael Vetter - Fix shadow-login_defs-check.sh: In the last update we switched from calling make to %make_build macro. Using sed to adapt the spec file now.
* Wed Aug 18 2021 Thorsten Kukuk - libsubid-devel: add missing requires for libsubid3- Remove README.changes-pwdutils, all distros you can upgrade from use already shadow
* Wed Aug 18 2021 Thorsten Kukuk - login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to be compatible with other Linux distros and the other tools creating user accounts in use on openSUSE. Set HOME_MODE to 700 for security reasons and compatibility. [bsc#1189139] [bsc#1182850]
* Tue Aug 17 2021 Michael Vetter - Update to 4.9:
* Updated translations
* Major salt updates
* Various coverity and cleanup fixes
* Consistently use 0 to disable PASS_MIN_DAYS in man
* Implement NSS support for subids and a libsubid
* setfcap: retain setfcap when mapping uid 0
* login.defs: include HMAC_CRYPTO_ALGO key
* selinux fixes
* Fix path prefix path handling
* Manpage updates
* Treat an empty passwd field as invalid(Haelwenn Monnier)
* newxidmap: allow running under alternative gid
* usermod: check that shell is executable
* Add yescript support
* useradd memleak fixes
* useradd: use built-in settings by default
* getdefs: add foreign
* buffer overflow fixes
* Adding run-parts style for pre and post useradd/del- Refresh:
* shadow-login_defs-unused-by-pam.patch
* userdel-script.patch
* useradd-script.patch
* chkname-regex.patch
* useradd-default.patch: bbf4b79 stopped shipping default file. change group in code now.
* shadow-login_defs-suse.patch
* useradd-userkeleton.patch- Remove because upstreamed:
* shadow-4.1.5.1-userdel-helpfix.patch
* shadow-4.1.5.1-logmsg.patch- Add libsubid-build-fix.patch: See https://github.com/shadow-maint/shadow/issues/387- Add shadow-libeconf-include.patch: See c6847011e8b656adacd9a0d2a78418cad0de34cb- Add shadow-fix-sigabrt.patch: See https://github.com/shadow-maint/shadow/issues/394- Add shadow-passwd-handle-null.patch [bsc#1188307]: See https://github.com/shadow-maint/shadow/pull/398- Remove %{_sysconfdir}/default/useradd: file not shipped anymore- Remove --disable-shared: Dont need it anymore See https://github.com/shadow-maint/shadow/issues/336
* Thu Jul 01 2021 Thorsten Kukuk - login.defs/MOTD_FILE: Use \"\" instead of blank entry [bsc#1187536]- Add /etc/login.defs.d directory
* Sat Jun 05 2021 Maurizio Galli - Enable shadowgrp so that we can set more secure group passwords using shadow.
* Fri Jun 04 2021 Thorsten Kukuk - Disable MOTD_FILE to allow the use of pam_motd to unify motd message output [bsc#1185897]. Else motd entries of e.g. cockpit will not be shown.
* Thu Jan 28 2021 Stanislav Brabec - Do not require libeconf-devel on products without /usr/etc.
* Thu Jan 21 2021 Thorsten Kukuk - Split login.defs configuration file into own sub-package, which allows to install util-linux or pam on small embedded/edge systems or container without the need to pull in the full shadow suite.
* Wed Nov 11 2020 Fabian Vogt - Amend patches/useradd-userkeleton.patch to also write into existing directories and prefer files from /etc
* Wed Nov 11 2020 Dr. Werner Fink - Add patch useradd-userkeleton.patch to extend original C code of useradd to handle /usr/etc/skel (boo#1173321)- Remove /usr/etc/skel support in useradd.local script
* Mon Nov 02 2020 Dr. Werner Fink - Change again useradd.local script to let it work even for system accounts and work together with SELinux (bsc#1178296)- Change patch useradd-script.patch to support the four arguments used by the useradd.local script (bsc#1178296)
* Fri Oct 09 2020 Dr. Werner Fink - Add support for /usr/etc/skel to useradd.local script (boo#1173321)
* Thu Oct 08 2020 Stanislav Brabec - shadow-login_defs-check.sh: Fix the regexp to get a real variable list (boo#1164274).
* Tue Sep 08 2020 Stanislav Brabec - login.defs: Add support for new util-linux-2.36 login variable MOTD_FIRSTONLY (shadow-util-linux.patch).- shadow-login_defs-comments.patch: Remove duplicated LASTLOG_UID_MAX.- shadow-login_defs-check.sh: Update for new build system.- shadow-util-linux.patch: Restore lost chunk: SYSLOG_SU_ENAB is not used in SUSE Linux.- Refresh shadow-login_defs-suse.patch and shadow-login_defs-comments.patch.
* Fri May 22 2020 Fabian Vogt - Use pure #!/bin/sh in:
* useradd.local
* userdel-post.local
* userdel-pre.local
* Fri Jan 24 2020 Michael Vetter - Update to 4.8.1:
* selinux: include stdio
* man: don\'t suggest making groupmems user-writeable
* Makefile: bail out on error in for loops
* Adding logging of SSH_ORIGINAL_COMMAND to nologin
* add new HOME_MODE login.defs option
* Add tty logging to useradd
* Useradd: make non-executable shell check only a warning
* Update Dutch translation
* user_busy: Do not mistake a regular user process for a namespaced one
* Revert \"Honor --sbindir and --bindir for binary installation\"- Remove shadow-4.8-shell-check.patch: included- Remove shadow-4.8-selinux-include.patch: upstreamed
* Mon Jan 20 2020 Michael Vetter - Set 0755 for chpasswd, groupadd, groupdel, groupmod, newusers, useradd, userdel, usermod explicitly.
* Thu Jan 16 2020 Michael Vetter - bsc#1160729: Make valid shell check only a warning
* Add shadow-4.8-shell-check.patch
  
ICM