- The legacy code does not support /etc/login.defs.d used by YaST.
  Enable libeconf to read it (bsc#1192954).

- Update to 4.11.1:
  * build: include lib/shadowlog_internal.h in dist tarballs

- Update to 4.11:
  * Handle possible TOCTTOU issues in usermod/userdel
  	- (CVE-2013-4235)
  	- Use O_NOFOLLOW when copying file
  	- Kill all user tasks in userdel
  * Fix useradd -D segfault
  * Clean up obsolete libc feature-check ifdefs
  * Fix -fno-common build breaks due to duplicate Prog declarations
  * Have single date_to_str definition
  * Fix libsubid SONAME version
  * Clarify licensing info, use SPDX.

- Update to 4.10:
  * From this release forward, su from this package should be
    considered deprecated. Please replace any users of it with su
	from util-linux
  * libsubid fixes
  * Rename the test program list_subid_ranges to getsubids, write
    a manpage, so distros can ship it.
  * Add libeconf dep for new*idmap
  * Allow all group types with usermod -G
  * Avoid useradd generating empty subid range
  * Handle NULL pw_passwd
  * Fix default value SHA_get_salt_rounds

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Fix segfaults in newgrp and pwck
  * Add shadow-4.9-newgrp-segfault.patch 
    https://github.com/shadow-maint/shadow/pull/437
  * Add shadow-4.9-pwck-segfault.patch
    https://github.com/shadow-maint/shadow/pull/445

- Added hardening to systemd service(s) (bsc#1181400). Modified:
  * shadow.service

- shadow-util-linux.patch:
  * Remove the section patching lib/getdef.c in favor of the
    upstream FOREIGNDEFS.
  * Add LOGIN_KEEP_USERNAME to login.defs.
  * Remove PREVENT_NO_AUTH from login.defs. Only used by the
    unpackaged login and su.
- shadow-login_defs-unused-by-pam.patch:
  * Remove variables BCRYPT_MIN_ROUNDS, BCRYPT_MAX_ROUNDS,
    YESCRYPT_COST_FACTOR, not supported by the current
    configuratiton.
- Update login_defs-support-for-pam symbol to version 1.5.2
  (support for new variable HMAC_CRYPTO_ALGO).
- Update login_defs-support-for-util-linux to version 2.37
  (support for new variable LOGIN_KEEP_USERNAME).
- Refresh shadow-login_defs-comments.patch and
  shadow-login_defs-suse.patch.
- Improve shadow-login_defs-check.sh:
  * Add helper to import local new version in the parent dir.
  * Fix spec editing sed expression.
  * Add PREVENT_NO_AUTH to known unused variables.
  * Update pam sed expression to find HMAC_CRYPTO_ALGO.

• Files Changed
• Browse Source

- bsc#1190146: Fix empty subid range
  Add shadow-4.9-useradd-subuid.patch
  https://github.com/shadow-maint/shadow/pull/399

- bsc#1190145: Fix double free in gpasswd:
  Add shadow-4.9-sgent-free.patch upstreamed as
  https://github.com/shadow-maint/shadow/pull/417

- Fix shadow-login_defs-check.sh:
  In the last update we switched from calling make to %make_build
  macro. Using sed to adapt the spec file now.

- libsubid-devel: add missing requires for libsubid3
- Remove README.changes-pwdutils, all distros you can upgrade from
  use already shadow

- login.defs: Enable USERGROUPS_ENAB and CREATE_HOME to
  be compatible with other Linux distros and the other tools
  creating user accounts in use on openSUSE. Set HOME_MODE to 700
  for security reasons and compatibility. [bsc#1189139] [bsc#1182850]

- Update to 4.9:
  * Updated translations
  * Major salt updates
  * Various coverity and cleanup fixes
  * Consistently use 0 to disable PASS_MIN_DAYS in man
  * Implement NSS support for subids and a libsubid
  * setfcap: retain setfcap when mapping uid 0
  * login.defs: include HMAC_CRYPTO_ALGO key
  * selinux fixes

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Change again useradd.local script to let it work even for system
  accounts and work together with SELinux (bsc#1178296)
- Change patch useradd-script.patch to support the four arguments
  used by the useradd.local script (bsc#1178296)

• Files Changed
• Browse Source

- Add support for /usr/etc/skel to useradd.local script (boo#1173321) 

- shadow-login_defs-check.sh: Fix the regexp to get a real variable
  list (boo#1164274).

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Update to 4.8.1:
  * selinux: include stdio
  * man: don't suggest making groupmems user-writeable
  * Makefile: bail out on error in for loops
  * Adding logging of SSH_ORIGINAL_COMMAND to nologin
  * add new HOME_MODE login.defs option
  * Add tty logging to useradd
  * Useradd: make non-executable shell check only a warning
  * Update Dutch translation
  * user_busy: Do not mistake a regular user process for a namespaced one
  * Revert "Honor --sbindir and --bindir for binary installation"
- Remove shadow-4.8-shell-check.patch: included
- Remove shadow-4.8-selinux-include.patch: upstreamed

• Files Changed
• Browse Source

- Set 0755 for chpasswd, groupadd, groupdel, groupmod, newusers,
  useradd, userdel, usermod explicitly.

- bsc#1160729: Make valid shell check only a warning
  * Add shadow-4.8-shell-check.patch

- Update to 4.8:
  * Initial optional bcrypt support.
  * Make build/install of 'su' optional.
  * Fix for vipw not resuming correctly when suspended
  * Sync password field descriptions in manpages
  * Check for valid shell argument in useradd
  * Allow translation of new strings through POTFILES.in
  * Migrate to itstool for translations
  * Migrate to new SELinux api
  * Support --enable-vendordir
  * pwck: Only check homedir if set and not a system user
  * Support nonstandard usernames
  * sget{pw,gr}ent: check for data at EOL
  * Add YYY-MM-DD support in chage
  * Fix failing chmod calls for suidubins
  * Fix --sbindir and --bindir for binary installations
  * Fix LASTLOG_UID_MAX in login.defs
  * Fix configure error with dash
- Remove because upstreamed:
  * libeconf.patch
  * shadow-usermod-variable.patch
- Rebase:
  * shadow-login_defs-unused-by-pam.patch
  * chkname-regex.patch

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Update to 4.7:
  * Spawn: don't loop forever on ECHILD
  * Do not fail locking if there is a stale lockfile (Tomas Mraz)
  * Use lckpwdf if prefix not set (Tomas Mraz)
  * Build: check correct DocBook version (Jan Tojnar)
  * Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn)
  * Add support for btrfs subvolumes for home (Adam Majer)
  * Fix chpasswd long line handling (Nathan Ruiz)
  * Use secure_getenv for gettime (Chris Lamb)
  * Make sp_lstchg reproducible (Chris Lamb)
  * Do not crash commonio_close if db file is not open (Tomas Mraz)
  * Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
  * French manpage update (Alban VIDAL)
  * Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
  * Sync po files from shadow.pot (Alban VIDAL)
  * Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
  * Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
  * new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
  * Fix segfault in useradd (Tomas Mraz)
  * Coverity issues (Tomas Mraz)
  * Flush sssd caches (Jakub Hrozek)
  * Log UID in nologin (Vladimir Ivanov)
  * run pam_getenvlist after setup_env in su.c (Michael Vogt)
  * Support systems with only utmpx (A. Wilcox)
  * Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
  * Update po/zh_CN translation (Lion Yang)
  * Create parent dirs for useradd -m (Michael Vetter)
  * Prevent usermod segv
  * Fix usermod crash (fariouche)
- Remove btrfs-subvolumes.patch (fate#316134):

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- btrfs-subvolumes.patch: implement support for creating user home
  directories on btrfs subvolumes (fate#316134)

  Additionally changed in that patch (bsc#1106914):

• Files Changed
• Browse Source

• Files Changed
• Browse Source