SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for shadow-4.12.3-2.2.x86_64.rpm :

* Mon Aug 22 2022 Michael Vetter - Update to 4.12.3: Revert removal of subid_init, which should have bumped soname. So note that 4.12 through 4.12.2 were broken for subid users.
* Fri Aug 19 2022 Michael Vetter - Update to 4.12.2:
* Address CVE-2013-4235 (TOCTTOU when copying directories) [bsc#916845]- Refresh useradd-userkeleton.patch: LSTAT() was removed with https://github.com/shadow-maint/shadow/pull/545 Let\'s use fstatat() now.
* Mon Aug 15 2022 Michael Vetter - Update to 4.12.1:
* Fix uk manpages- Remove shadow-4.12-remove-uk.patch: fixed upstream
* Fri Aug 12 2022 Michael Vetter - Update to 4.12:
* Add absolute path hint to --root
* Various cleanups
* Fix Ubuntu release used in CI tests
* add -F options to userad
* useradd manpage updates
* Check for ownerid (not just username) in subid ranges
* Declare file local functions static
* Use strict prototypes
* Do not drop const qualifier for Basename
* Constify various pointers
* Don\'t return uninitialized memory
* Don\'t let compiler optimize away memory cleaning
* Remove many obsolete compatibility checks and defines
* Modify ID range check in useradd
* Use \"extern \"C\"\" to make libsubid easier to use from C++
* French translation updates
* Fix s/with-pam/with-libpam/
* Spanish translation updates
* French translation fixes
* Default max group name length to 32
* Fix PAM service files without-selinux
* Improve manpages - groupadd, useradd, usermod - groups and id - pwck
* Add fedora to CI builds
* Fix condition under which pw_dir check happens
* logoutd: switch to strncat
* AUTHORS: improve markdown output
* Handle ERANGE errors correctly
* Check for fopen NULL return
* Split get_salt() into its own fn juyin)
* Get salt before chroot to ensure /dev/urandom.
* Chpasswd code cleanup
* Work around git safe.directory enforcement
* Alphabetize order in usermod help
* Erase password copy on error branches
* Suggest using --badname if needed
* Update translation files
* Correct badnames option to badname
* configure: replace obsolete autoconf macros
* tests: replace egrep with grep -E
* Update Ukrainian translations
* Cleanups - Remove redeclared variable - Remove commented out code and FIXMEs - Add header guards - Initialize local variables
* CI updates - Create github workflow to install dependencies - Enable CodeQL - Update actions version
* libmisc: use /dev/urandom as fallback if other methods fail- Add shadow-4.12-remove-uk.patch: Disable non working Ukranian translation for now https://github.com/shadow-maint/shadow/issues/547
* Tue Aug 09 2022 Thorsten Kukuk - Remove duplicate pam.d/useradd entry- Provide /etc/login.defs.d on SLE15 since we support and use it
* Mon Aug 08 2022 Thorsten Kukuk - Use %_pam_vendordir macro
* Wed Jan 12 2022 Stanislav Brabec - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954).
* Mon Jan 03 2022 Michael Vetter - Update to 4.11.1:
* build: include lib/shadowlog_internal.h in dist tarballs
* Mon Jan 03 2022 Michael Vetter - Update to 4.11:
* Handle possible TOCTTOU issues in usermod/userdel - (CVE-2013-4235) - Use O_NOFOLLOW when copying file - Kill all user tasks in userdel
* Fix useradd -D segfault
* Clean up obsolete libc feature-check ifdefs
* Fix -fno-common build breaks due to duplicate Prog declarations
* Have single date_to_str definition
* Fix libsubid SONAME version
* Clarify licensing info, use SPDX.
* Mon Jan 03 2022 Michael Vetter - Update to 4.10:
* From this release forward, su from this package should be considered deprecated. Please replace any users of it with su from util-linux
* libsubid fixes
* Rename the test program list_subid_ranges to getsubids, write a manpage, so distros can ship it.
* Add libeconf dep for new
*idmap
* Allow all group types with usermod -G
* Avoid useradd generating empty subid range
* Handle NULL pw_passwd
* Fix default value SHA_get_salt_rounds
* Use https where possible in README
* Update content and format of README
* Translation updates
* Switch from xml2po to itstool in \'make dist\'
* Fix double frees
* Add LOG_INIT configurable to useradd
* Add CREATE_MAIL_SPOOL documentation
* Create a security.md
* Fix su never being SIGKILLd when trapping TERM
* Fix wrong SELinux labels in several possible cases
* Fix missing chmod in chadowtb_move
* Handle malformed hushlogins entries
* Fix groupdel segv when passwd does not exist
* Fix covscan-found newgrp segfault
* Remove trailing slash on hoedir
* Fix passwd -l message - it does not change expirey
* Fix SIGCHLD handling bugs in su and vipw
* Remove special case for \"\" in usermod
* Implement usermod -rG to remove a specific group
* call pam_end() after fork in child path for su and login
* useradd: In absence of /etc/passwd, assume 0 == root
* lib: check NULL before freeing data
* Fix pwck segfault- Remove because upstreamed:
* shadow-4.9-pwck-segfault.patch
* shadow-4.9-newgrp-segfault.patch
* shadow-4.9-useradd-subuid.patch
* shadow-4.9-sgent-free.patch
* shadow-passwd-handle-null.patch
* shadow-fix-sigabrt.patch
* shadow-libeconf-include.patch
* libsubid-build-fix.patch- Refreshed:
* shadow-util-linux.patch
* shadow.changes
* shadow.keyring
* shadow.spec
* useradd-script.patch
* useradd-userkeleton.patch
* userdel-script.patch- Update shadow.keyring:
* Serge Hallyn sergeAATThallyn.com (B175CFA98F192AF2)
* Christian Brauner christianAATTbrauner.io (4880B8C9BD0E5106FC070F4F7B3C391EFEA93624)
* Tue Nov 30 2021 Thorsten Kukuk - Really enable USERGROUPS_ENAB [bsc#1189139]. Did go lost during merges.
* Thu Nov 18 2021 Michael Vetter - Fix segfaults in newgrp and pwck
* Add shadow-4.9-newgrp-segfault.patch https://github.com/shadow-maint/shadow/pull/437
* Add shadow-4.9-pwck-segfault.patch https://github.com/shadow-maint/shadow/pull/445
* Tue Nov 16 2021 Johannes Segitz - Added hardening to systemd service(s) (bsc#1181400). Modified:
* shadow.service
* Tue Nov 09 2021 Stanislav Brabec - shadow-util-linux.patch:
* Remove the section patching lib/getdef.c in favor of the upstream FOREIGNDEFS.
* Add LOGIN_KEEP_USERNAME to login.defs.
* Remove PREVENT_NO_AUTH from login.defs. Only used by the unpackaged login and su.- shadow-login_defs-unused-by-pam.patch:
* Remove variables BCRYPT_MIN_ROUNDS, BCRYPT_MAX_ROUNDS, YESCRYPT_COST_FACTOR, not supported by the current configuratiton.- Update login_defs-support-for-pam symbol to version 1.5.2 (support for new variable HMAC_CRYPTO_ALGO).- Update login_defs-support-for-util-linux to version 2.37 (support for new variable LOGIN_KEEP_USERNAME).- Refresh shadow-login_defs-comments.patch and shadow-login_defs-suse.patch.- Improve shadow-login_defs-check.sh:
* Add helper to import local new version in the parent dir.
* Fix spec editing sed expression.
* Add PREVENT_NO_AUTH to known unused variables.
* Update pam sed expression to find HMAC_CRYPTO_ALGO.
* Add more sanity checks.
* Mon Sep 20 2021 Michael Vetter - bsc#1190146: Fix empty subid range Add shadow-4.9-useradd-subuid.patch https://github.com/shadow-maint/shadow/pull/399
* Mon Sep 20 2021 Michael Vetter - bsc#1190145: Fix double free in gpasswd: Add shadow-4.9-sgent-free.patch upstreamed as https://github.com/shadow-maint/shadow/pull/417
* Tue Sep 07 2021 Michael Vetter - Fix shadow-login_defs-check.sh: In the last update we switched from calling make to %make_build macro. Using sed to adapt the spec file now.
* Wed Aug 18 2021 Thorsten Kukuk - libsubid-devel: add missing requires for libsubid3- Remove README.changes-pwdutils, all distros you can upgrade from use already shadow
* Wed Aug 18 2021 Thorsten Kukuk - login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to be compatible with other Linux distros and the other tools creating user accounts in use on openSUSE. Set HOME_MODE to 700 for security reasons and compatibility. [bsc#1189139] [bsc#1182850]
* Tue Aug 17 2021 Michael Vetter - Update to 4.9:
* Updated translations
* Major salt updates
* Various coverity and cleanup fixes
* Consistently use 0 to disable PASS_MIN_DAYS in man
* Implement NSS support for subids and a libsubid
* setfcap: retain setfcap when mapping uid 0
* login.defs: include HMAC_CRYPTO_ALGO key
* selinux fixes
* Fix path prefix path handling
* Manpage updates
* Treat an empty passwd field as invalid(Haelwenn Monnier)
* newxidmap: allow running under alternative gid
* usermod: check that shell is executable
* Add yescript support
* useradd memleak fixes
* useradd: use built-in settings by default
* getdefs: add foreign
* buffer overflow fixes
* Adding run-parts style for pre and post useradd/del- Refresh:
* shadow-login_defs-unused-by-pam.patch
* userdel-script.patch
* useradd-script.patch
* chkname-regex.patch
* useradd-default.patch: bbf4b79 stopped shipping default file. change group in code now.
* shadow-login_defs-suse.patch
* useradd-userkeleton.patch- Remove because upstreamed:
* shadow-4.1.5.1-userdel-helpfix.patch
* shadow-4.1.5.1-logmsg.patch- Add libsubid-build-fix.patch: See https://github.com/shadow-maint/shadow/issues/387- Add shadow-libeconf-include.patch: See c6847011e8b656adacd9a0d2a78418cad0de34cb- Add shadow-fix-sigabrt.patch: See https://github.com/shadow-maint/shadow/issues/394- Add shadow-passwd-handle-null.patch [bsc#1188307]: See https://github.com/shadow-maint/shadow/pull/398- Remove %{_sysconfdir}/default/useradd: file not shipped anymore- Remove --disable-shared: Dont need it anymore See https://github.com/shadow-maint/shadow/issues/336
* Thu Jul 01 2021 Thorsten Kukuk - login.defs/MOTD_FILE: Use \"\" instead of blank entry [bsc#1187536]- Add /etc/login.defs.d directory
* Sat Jun 05 2021 Maurizio Galli - Enable shadowgrp so that we can set more secure group passwords using shadow.
* Fri Jun 04 2021 Thorsten Kukuk - Disable MOTD_FILE to allow the use of pam_motd to unify motd message output [bsc#1185897]. Else motd entries of e.g. cockpit will not be shown.
* Thu Jan 28 2021 Stanislav Brabec - Do not require libeconf-devel on products without /usr/etc.
* Thu Jan 21 2021 Thorsten Kukuk - Split login.defs configuration file into own sub-package, which allows to install util-linux or pam on small embedded/edge systems or container without the need to pull in the full shadow suite.
* Wed Nov 11 2020 Fabian Vogt - Amend patches/useradd-userkeleton.patch to also write into existing directories and prefer files from /etc
* Wed Nov 11 2020 Dr. Werner Fink - Add patch useradd-userkeleton.patch to extend original C code of useradd to handle /usr/etc/skel (boo#1173321)- Remove /usr/etc/skel support in useradd.local script
* Mon Nov 02 2020 Dr. Werner Fink - Change again useradd.local script to let it work even for system accounts and work together with SELinux (bsc#1178296)- Change patch useradd-script.patch to support the four arguments used by the useradd.local script (bsc#1178296)
* Fri Oct 09 2020 Dr. Werner Fink - Add support for /usr/etc/skel to useradd.local script (boo#1173321)
* Thu Oct 08 2020 Stanislav Brabec - shadow-login_defs-check.sh: Fix the regexp to get a real variable list (boo#1164274).
* Tue Sep 08 2020 Stanislav Brabec - login.defs: Add support for new util-linux-2.36 login variable MOTD_FIRSTONLY (shadow-util-linux.patch).- shadow-login_defs-comments.patch: Remove duplicated LASTLOG_UID_MAX.- shadow-login_defs-check.sh: Update for new build system.- shadow-util-linux.patch: Restore lost chunk: SYSLOG_SU_ENAB is not used in SUSE Linux.- Refresh shadow-login_defs-suse.patch and shadow-login_defs-comments.patch.
* Fri May 22 2020 Fabian Vogt - Use pure #!/bin/sh in:
* useradd.local
* userdel-post.local
* userdel-pre.local
* Fri Jan 24 2020 Michael Vetter - Update to 4.8.1:
* selinux: include stdio
* man: don\'t suggest making groupmems user-writeable
* Makefile: bail out on error in for loops
* Adding logging of SSH_ORIGINAL_COMMAND to nologin
* add new HOME_MODE login.defs option
* Add tty logging to useradd
* Useradd: make non-executable shell check only a warning
* Update Dutch translation
* user_busy: Do not mistake a regular user process for a namespaced one
* Revert \"Honor --sbindir and --bindir for binary installation\"- Remove shadow-4.8-shell-check.patch: included- Remove shadow-4.8-selinux-include.patch: upstreamed
* Mon Jan 20 2020 Michael Vetter - Set 0755 for chpasswd, groupadd, groupdel, groupmod, newusers, useradd, userdel, usermod explicitly.
* Thu Jan 16 2020 Michael Vetter - bsc#1160729: Make valid shell check only a warning
* Add shadow-4.8-shell-check.patch
* Tue Dec 17 2019 Michael Vetter - Update to 4.8:
* Initial optional bcrypt support.
* Make build/install of \'su\' optional.
* Fix for vipw not resuming correctly when suspended
* Sync password field descriptions in manpages
* Check for valid shell argument in useradd
* Allow translation of new strings through POTFILES.in
* Migrate to itstool for translations
* Migrate to new SELinux api
* Support --enable-vendordir
* pwck: Only check homedir if set and not a system user
* Support nonstandard usernames
* sget{pw,gr}ent: check for data at EOL
* Add YYY-MM-DD support in chage
* Fix failing chmod calls for suidubins
* Fix --sbindir and --bindir for binary installations
* Fix LASTLOG_UID_MAX in login.defs
* Fix configure error with dash- Remove because upstreamed:
* libeconf.patch
* shadow-usermod-variable.patch- Rebase:
* shadow-login_defs-unused-by-pam.patch
* chkname-regex.patch
* shadow-util-linux.patch
* shadow-login_defs-comments.patch- Add shadow-4.8-selinux-include.patch See https://github.com/shadow-maint/shadow/pull/200
* Mon Oct 07 2019 kukukAATTsuse.de- libeconf.patch: Add support for libeconf and /usr/etc for login.defs.- Move first configuration files and pam config files to /usr/etc
* Mon Sep 02 2019 mvetterAATTsuse.com- bsc#1144060: Add pam_keyinit.so to /etc/pam.d configuration files to support kernel keyring feature- Update pamd.tar.bz2 with pam configuration files accordingly
* Mon Aug 19 2019 kukukAATTsuse.de- encryption_method_nis.patch: drop, DES should really not be used anymore anywhere, even with NIS- shadow-login_defs-suse.patch: remove encryption NIS entry
* Fri Jul 26 2019 sbrabecAATTsuse.com- Fix incorrect variable name in usermod (shadow-usermod-variable.patch).- shadow-login_defs-comments.patch:
* Drop SHA_CRYPT_
*_ROUNDS that are in the upstream login.defs.
* Add missing LASTLOG_UID_MAX.
* Refresh shadow-login_defs-suse.patch.- Port shadow-login_defs-check.sh to match the current spec file and login.defs.
* Thu Jul 25 2019 kukukAATTsuse.de- Provide \"useradd_or_adduser_dep\" for sysuser-shadow
* Sat Jul 20 2019 sbrabecAATTsuse.com- shadow-login_defs-suse.patch: Set ALWAYS_SET_PATH default to \"yes\" (bsc#353876#c7).
* Fri Jul 19 2019 sbrabecAATTsuse.com- Fix comment about patch in spec file
* Fri Jun 14 2019 mvetterAATTsuse.com- Update to 4.7:
* Spawn: don\'t loop forever on ECHILD
* Do not fail locking if there is a stale lockfile (Tomas Mraz)
* Use lckpwdf if prefix not set (Tomas Mraz)
* Build: check correct DocBook version (Jan Tojnar)
* Usermod: Print \'no changes\' to stdout, not stderr (Serge Hallyn)
* Add support for btrfs subvolumes for home (Adam Majer)
* Fix chpasswd long line handling (Nathan Ruiz)
* Use secure_getenv for gettime (Chris Lamb)
* Make sp_lstchg reproducible (Chris Lamb)
* Do not crash commonio_close if db file is not open (Tomas Mraz)
* Don\'t flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
* French manpage update (Alban VIDAL)
* Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
* Sync po files from shadow.pot (Alban VIDAL)
* Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
* Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
* new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
* Fix segfault in useradd (bsc#1141113, Tomas Mraz)
* Coverity issues (Tomas Mraz)
* Flush sssd caches (Jakub Hrozek)
* Log UID in nologin (Vladimir Ivanov)
* run pam_getenvlist after setup_env in su.c (Michael Vogt)
* Support systems with only utmpx (A. Wilcox)
* Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
* Update po/zh_CN translation (Lion Yang)
* Create parent dirs for useradd -m (Michael Vetter)
* Prevent usermod segv
* Fix usermod crash (fariouche)- Remove btrfs-subvolumes.patch (fate#316134): upstreamed: https://github.com/shadow-maint/shadow/pull/149- Remove useradd-mkdirs.patch (bsc#865563): upstreamed https://github.com/shadow-maint/shadow/pull/112- Remove shadow-4.6.0-fix-usermod-prefix-crash.patch upstreamed https://github.com/shadow-maint/shadow/issues/110- Remove shadow-4.6-bsc1141113-useradd-segfault.patch (SLE15 SP3 and openSUSE Leap 15.3 only) upstreamed https://github.com/shadow-maint/shadow/issues/125- Rebase userdel-script.patch- Rebase useradd-script.patch- Rebase shadow-util-linux.patch
* Thu May 30 2019 Martin Pluskal - Make building more verbose- Use spec-cleaner
* Thu May 02 2019 lnusselAATTsuse.de- don\'t specify MOTD_FILE in login.defs but fall back to built in defaults of login (boo#1133929)
* Tue Apr 30 2019 sbrabecAATTsuse.com- Split shadow-login_defs.patch hunks to its logical components (bsc#1121197):
* shadow-login_defs-unused-by-pam.patch
* shadow-login_defs-comments.patch
* shadow-util-linux.patch
* shadow-login_defs-suse.patch
* Move appropriate hunks to chkname-regex.patch and encryption_method_nis.patch
* Remove GROUPADD_CMD that is not supported (bsc#1121197#c14).- Split getdef-new-defs.patch hunks to its logical components (bsc#1121197):
* encryption_method_nis.patch
* chkname-regex.patch
* shadow-util-linux.patch Add support for login: ALWAYS_SET_PATH and LOGIN_PLAIN_PROMPT.
* useradd-script.patch, userdel-script.patch
* Remove duplicated definitions of MOTD_FILE and ENV_PATH.- Add shadow-login_defs-unused-check.sh to allow verification of login.defs variable usage (bsc#1121197).- Add virtual symbols for login.defs compatibility (bsc#1121197).
* Wed Jan 23 2019 adam.majerAATTsuse.de- btrfs-subvolumes.patch: implement support for creating user home directories on btrfs subvolumes (fate#316134)
* Wed Oct 31 2018 Valentin Rothberg - Add empty /etc/sub{u,g}id files. useradd and usermod add entries for users only when those files exist. Having those entries is a requirement to create user namespaces, for instance, when running podman as a non-root user.
* Mon May 14 2018 mvetterAATTsuse.com- Update to 4.6:
* Newgrp: avoid unnecessary lookups
* Make language less binary
* Add error when turning off man switch
* Spelling fixes
* Make userdel work with -R
* newgidmap: enforce setgroups=deny if self-mapping a group
* Norwegian bokmål translation
* pwck: prevent crash by not passing O_CREAT
* WITH_TCB fixes from Mandriva
* Fix pwconv and grpconv entry skips
* Fix -- slurping in su
* add --prefix option- Remove CVE-2018-7169.patch: upstreamed- Remove shadow-4.1.5.1-pam_group.patch: upstreamed- Update userdel-script.patch: change due to prefix- Update useradd-mkdirs.patch: change due to prefix Additionally changed in that patch (bsc#1106914):
* Test for strdup() failure
* Directory to 0755 instead 0777- Add shadow-4.6.0-fix-usermod-prefix-crash.patch: Fixes crash in usermod when called with --prefix. See https://github.com/shadow-maint/shadow/issues/110
* Thu Feb 22 2018 fvogtAATTsuse.com- Use %license (boo#1082318)
* Fri Feb 16 2018 kbabiochAATTsuse.com- Added CVE-2018-7169.patch: Fixed an privilege escalation in newgidmap, which allowed an unprivileged user to be placed in a user namespace where setgroups(2) is allowed. (CVE-2018-7169 bsc#1081294)
  
ICM