Request 536398 (accepted)

Overview

Request 536398 accepted

- Revert accidentalied prerequisites.
Use PreReq for permissions
- Prequire group(shadow), group(root), user(root)
- bsc#1061838:
Add Requires for group(mail)
- boo#1048645:
Set suid bit for newuidmap and newgimap
- Revert the changes for bsc#1023895 back
Pulls in too many deps into ring0.
Next version of shadow plans to have no conditional man pages.
- run spec-cleaner
- bsc#1023895:
man page contained invalid options because they depend
on compile flags and we shipped pre built ones.
New BuildRequires: docbook-xsl-stylesheets docbook_4 xml2po
xsltproc
- Adjust requires (we need user/group root instead of aaa_base now)
- New upstream version 4.5
- Refreshed patches:
* shadow-login_defs.patch
* chkname-regex.patch
* getdef-new-defs.patch
* useradd-mkdirs.patch
- Upstreamed patches:
* shadow-4.1.5.1-manfix.patch
* shadow-4.1.5.1-errmsg.patch
* shadow-4.1.5.1-backup-mode.patch
* shadow-4.1.5.1-audit-owner.patch
* shadow-4.2.1-defs-chroot.patch
* shadow-4.2.1-merge-group.patch
* Fix-user-busy-errors-at-userdel.patch
* useradd-clear-tallylog.patch
- shadow-4.1.5.1-pam_group.patch
dynamically added users via pam_group are not listed in groups
databases but are still valid
- shadow.keyring: update keyring with current maintainer's keyid
only - Serge Hallyn 'F1D08DB778185BF784002DFFE9FEEA06A85E3F9D'
- disable_new_audit_function.patch:
Disable newer libaudit functionality for older distributions
- useradd: call external program "/sbin/pam_tally2" to reset
failed login counter in "/var/log/tallylog"
(bsc#980486, useradd-clear-tallylog.patch)
- add keyring, three public keys from https://pkg-shadow.alioth.debian.org/download.php
- bsc#1002975: Use permissions according to permissions package
and dont try to manipulate them in %files section.
- boo#994486: Include shadow.5 manpage
Previously this was provided by man-pages package in
the man-pages-addons tarball which got removed later on.
- Add package dependency for aaa_base, fixing bnc#899409
(was done by tbehrens@suse.com but not submitted to Factory)
- shadow 4.2.1 requested by fate#320422
- bsc#979069: Dont include shadow-4.1.5.1-bug935203-manpage.patch
- Dont set SUID bit yet. Once bsc#979282 is through, which will adapt the permissions package, we can enable the SUID bits.
Remove the files used to circumvent the check.
- Remove:
* shadow-rpmlintrc
* shadow-subids
* shadow-subids.easy
* shadow-subids.secure
* shadow-subids.paranoid
- Update to shadow-4.2.1:
- add support for subuids/subgids via newuidmap/newgidmap
- Rename chkname-regex.diff to chkname-regex.patch
- Rename encryption_method_nis.diff to encryption_method_nis.patch
- Rename getdef-new-defs.diff to getdef-new-defs.patch
- Rename shadow-login_defs.diff to shadow-login_defs.patch
- Rename userdel-scripts.diff to userdel-script.patch
- Rename useradd-script.diff to useradd-script.patch
- Rename useradd-default.diff to useradd-default.patch
- Rename useradd-mkdirs.diff to useradd-mkdirs.patch
- Add fixes from Red Hat/Fedora:
- shadow-4.1.5.1-audit-owner.patch.patch:
- log owner changes for home directory
- shadow-4.1.5.1-userdel-helpfix.patch.patch:
- give a hint about what happens when you force the removal of a user
- shadow-4.2.1-defs-chroot.patch.patch:
- initialize uid_t uid_min and uid_t uid_max not before we need them
- shadow-4.2.1-merge-group.patch.patch:
- simplify by using a single call to snprintf()
- Add upstream fix
- Fix-user-busy-errors-at-userdel.patch:
- call sub_uid_close()
- Moved call from %verifyscript into %post:
* Caused call to %service_add_post shadow.service shadow.timer
during rpm -qV shadow
- Add systemd unit files to continuously check password & groupfile integrity
* Idea from Arch Linux
* pending request to systemd-presets-branding-openSUSE to enable by default
- Add patch useradd-mkdirs.diff: fix for bnc#865563, create all parts
of the path
- Stop any systemd user manager instance in case a user entry will
be deleted (bnc#849870). Nevertheless a running process requires
the option --force for the userdel command.
- Add ENCRYPT_METHOD_NIS for pam_unix.so (encryption_method_nis.diff)
- Add some fixes from Fedora:
- shadow-4.1.5.1-backup-mode.patch: open backup file with correct
permissions.
- shadow-4.1.5.1-logmsg.patch: fix error message
- shadow-4.1.5.1-errmsg.patch: print error reason
- shadow-4.1.5.1-manfix.patch: fix manual page
- Cleanup login.defs and enable ENCRYPT_METHOD [bnc#802006]
- Fix getdef default variables (getdef-new-defs.diff)
- Fix default group value in /etc/default/useradd
(useradd-default.diff)
- Implement CHARACTER_CLASS support
(chkname-regex.diff)
- Add support for useradd.local
(useradd-script.diff)
- Fix spec file
- Adjust login.defs
(shadow-login_defs.diff)
- Add userdel*.local script support and scrips
(userdel-scripts.diff)
- Initial package [FATE#314473]