Changelog for shadow-4.6-3.1.x86_64.rpm :

* Mon May 14 2018 Update to 4.6:
* Newgrp: avoid unnecessary lookups
* Make language less binary
* Add error when turning off man switch
* Spelling fixes
* Make userdel work with -R
* newgidmap: enforce setgroups=deny if self-mapping a group
* Norwegian bokmål translation
* pwck: prevent crash by not passing O_CREAT
* WITH_TCB fixes from Mandriva
* Fix pwconv and grpconv entry skips
* Fix -- slurping in su
* add --prefix option- Remove CVE-2018-7169.patch: upstreamed- Remove shadow- upstreamed- Update userdel-script.patch: change due to prefix- Update useradd-mkdirs.patch: change due to prefix Additionally changed in that patch:
* Test for strdup() failure
* Directory to 0755 instead 0777- Add shadow-4.6.0-fix-usermod-prefix-crash.patch: Fixes crash in usermod when called with --prefix. See
* Thu Feb 22 2018 Use %license (boo#1082318)
* Fri Feb 16 2018 Added CVE-2018-7169.patch: Fixed an privilege escalation in newgidmap, which allowed an unprivileged user to be placed in a user namespace where setgroups(2) is allowed. (CVE-2018-7169 bsc#1081294)
* Wed Nov 08 2017 bsc#1061838: Revert: Requires: group(mail) Introduced circular dependency
* Fri Oct 13 2017 Revert accidentalied prerequisites. Use PreReq for permissions
* Thu Oct 12 2017 Prequire group(shadow), group(root), user(root)
* Mon Oct 09 2017 bsc#1061838: Add Requires for group(mail)
* Thu Sep 14 2017 boo#1048645: Set suid bit for newuidmap and newgimap
* Thu Sep 14 2017 Revert the changes for bsc#1023895 back Pulls in too many deps into ring0. Next version of shadow plans to have no conditional man pages.
* Fri Sep 08 2017 run spec-cleaner- bsc#1023895: man page contained invalid options because they depend on compile flags and we shipped pre built ones. New BuildRequires: docbook-xsl-stylesheets docbook_4 xml2po xsltproc
* Thu Jun 08 2017 Adjust requires (we need user/group root instead of aaa_base now)
* Mon May 22 2017 New upstream version 4.5- Refreshed patches:
* shadow-login_defs.patch
* chkname-regex.patch
* getdef-new-defs.patch
* useradd-mkdirs.patch- Upstreamed patches:
* shadow-
* shadow-
* shadow-
* shadow-
* shadow-4.2.1-defs-chroot.patch
* shadow-4.2.1-merge-group.patch
* Fix-user-busy-errors-at-userdel.patch
* useradd-clear-tallylog.patch- shadow- dynamically added users via pam_group are not listed in groups databases but are still valid- shadow.keyring: update keyring with current maintainer\'s keyid only - Serge Hallyn \'F1D08DB778185BF784002DFFE9FEEA06A85E3F9D\'- disable_new_audit_function.patch: Disable newer libaudit functionality for older distributions
* Mon Feb 20 2017 useradd: call external program \"/sbin/pam_tally2\" to reset failed login counter in \"/var/log/tallylog\" (bsc#980486, useradd-clear-tallylog.patch)
* Wed Nov 02 2016 add keyring, three public keys from
* Tue Oct 18 2016 bsc#1002975: Use permissions according to permissions package and dont try to manipulate them in %files section.
* Wed Sep 14 2016 boo#994486: Include shadow.5 manpage Previously this was provided by man-pages package in the man-pages-addons tarball which got removed later on.
* Tue May 31 2016 Add package dependency for aaa_base, fixing bnc#899409 (was done by but not submitted to Factory)
* Mon May 30 2016 shadow 4.2.1 requested by fate#320422- bsc#979069: Dont include shadow- Dont set SUID bit yet. Once bsc#979282 is through, which will adapt the permissions package, we can enable the SUID bits. Remove the files used to circumvent the check.- Remove:
* shadow-rpmlintrc
* shadow-subids
* shadow-subids.easy
* shadow-subids.paranoid
* Thu May 19 2016 Update to shadow-4.2.1: - add support for subuids/subgids via newuidmap/newgidmap- Rename chkname-regex.diff to chkname-regex.patch- Rename encryption_method_nis.diff to encryption_method_nis.patch- Rename getdef-new-defs.diff to getdef-new-defs.patch- Rename shadow-login_defs.diff to shadow-login_defs.patch- Rename userdel-scripts.diff to userdel-script.patch- Rename useradd-script.diff to useradd-script.patch- Rename useradd-default.diff to useradd-default.patch- Rename useradd-mkdirs.diff to useradd-mkdirs.patch- Add fixes from Red Hat/Fedora: - shadow- - log owner changes for home directory - shadow- - give a hint about what happens when you force the removal of a user - shadow-4.2.1-defs-chroot.patch.patch: - initialize uid_t uid_min and uid_t uid_max not before we need them - shadow-4.2.1-merge-group.patch.patch: - simplify by using a single call to snprintf()- Add upstream fix - Fix-user-busy-errors-at-userdel.patch: - call sub_uid_close()
* Fri Jan 15 2016 Moved call from %verifyscript into %post:
* Caused call to %service_add_post shadow.service shadow.timer during rpm -qV shadow
* Wed Jul 15 2015 Add systemd unit files to continuously check password & groupfile integrity
* Idea from Arch Linux
* pending request to systemd-presets-branding-openSUSE to enable by default
* Mon Mar 31 2014 Add patch useradd-mkdirs.diff: fix for bnc#865563, create all parts of the path
* Fri Nov 22 2013 Stop any systemd user manager instance in case a user entry will be deleted (bnc#849870). Nevertheless a running process requires the option --force for the userdel command.
* Tue Nov 12 2013 Add ENCRYPT_METHOD_NIS for (encryption_method_nis.diff)
* Tue Sep 17 2013 Add some fixes from Fedora: - shadow- open backup file with correct permissions. - shadow- fix error message - shadow- print error reason - shadow- fix manual page
* Tue Feb 05 2013 Cleanup login.defs and enable ENCRYPT_METHOD [bnc#802006]
* Tue Nov 13 2012 Fix getdef default variables (getdef-new-defs.diff)
* Tue Nov 13 2012 Fix default group value in /etc/default/useradd (useradd-default.diff)
* Thu Sep 27 2012 Implement CHARACTER_CLASS support (chkname-regex.diff)
* Wed Sep 26 2012 Add support for useradd.local (useradd-script.diff)
* Tue Sep 25 2012 Fix spec file- Adjust login.defs (shadow-login_defs.diff)- Add userdel
*.local script support and scrips (userdel-scripts.diff)
* Mon Sep 24 2012 Initial package [FATE#314473]