Rebased to 4.8.1

2020-03-17 18:18:50 +01:00 · 2020-03-17 18:18:50 +01:00 · b926b118d9
parent 7309a53c2a
commit b926b118d9
7 changed files with 159 additions and 142 deletions
--- a/.gitignore
+++ b/.gitignore
@ -12,3 +12,5 @@ shadow-4.1.4.2.tar.bz2
 /shadow-4.6.tar.xz.asc
 /shadow-4.8.tar.xz
 /shadow-4.8.tar.xz.asc
+/shadow-4.8.1.tar.xz
+/shadow-4.8.1.tar.xz.asc
--- a/shadow-4.8-invalid-shell-check.patch
+++ b/shadow-4.8-invalid-shell-check.patch
@ -1,30 +0,0 @@
-diff -up shadow-4.8/src/useradd.c.invalid-shell shadow-4.8/src/useradd.c
--- shadow-4.8/src/useradd.c.invalid-shell	2020-01-16 08:47:13.841921106 +0100
-+++ shadow-4.8/src/useradd.c	2020-01-16 08:57:26.338421901 +0100
-@@ -1277,15 +1277,22 @@ static void process_flags (int argc, cha
- 				if (   ( !VALID (optarg) )
- 				    || (   ('\0' != optarg[0])
- 				        && ('/'  != optarg[0])
-				        && ('*'  != optarg[0]) )
-				    || (stat(optarg, &st) != 0)
-				    || (S_ISDIR(st.st_mode))
-				    || (access(optarg, X_OK) != 0)) {
-+				        && ('*'  != optarg[0]) )) {
- 					fprintf (stderr,
- 					         _("%s: invalid shell '%s'\n"),
- 					         Prog, optarg);
- 					exit (E_BAD_ARG);
- 				}
-+				if (    '\0' != optarg[0]
-+				     && '*'  != optarg[0]
-+				     && strcmp(optarg, "/sbin/nologin") != 0
-+				     && (   stat(optarg, &st) != 0
-+				         || S_ISDIR(st.st_mode)
-+				         || access(optarg, X_OK) != 0)) {
-+					fprintf (stderr,
-+					         _("%s: Warning: missing or non-executable shell '%s'\n"),
-+					         Prog, optarg);
-+				}
- 				user_shell = optarg;
- 				def_shell = optarg;
- 				sflg = true;
--- a/shadow-4.8.1-audit-update.patch
+++ b/shadow-4.8.1-audit-update.patch
@ -1,6 +1,6 @@
-diff -up shadow-4.8/libmisc/audit_help.c.audit-update shadow-4.8/libmisc/audit_help.c
--- shadow-4.8/libmisc/audit_help.c.audit-update	2019-07-23 17:26:08.000000000 +0200
-+++ shadow-4.8/libmisc/audit_help.c	2020-01-13 10:15:51.802073378 +0100
+diff -up shadow-4.8.1/libmisc/audit_help.c.audit-update shadow-4.8.1/libmisc/audit_help.c
+--- shadow-4.8.1/libmisc/audit_help.c.audit-update	2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8.1/libmisc/audit_help.c	2020-03-17 16:53:44.371943299 +0100
@@ -68,7 +68,7 @@ void audit_help_open (void)
  * This function will log a message to the audit system using a predefined
  * message format. Parameter usage is as follows:
@ -50,9 +50,9 @@ diff -up shadow-4.8/libmisc/audit_help.c.audit-update shadow-4.8/libmisc/audit_h
 void audit_logger_message (const char *message, shadow_audit_result result)
 {
 	if (audit_fd < 0) {
-diff -up shadow-4.8/libmisc/cleanup_group.c.audit-update shadow-4.8/libmisc/cleanup_group.c
--- shadow-4.8/libmisc/cleanup_group.c.audit-update	2019-07-23 17:26:08.000000000 +0200
-+++ shadow-4.8/libmisc/cleanup_group.c	2020-01-13 10:15:51.802073378 +0100
+diff -up shadow-4.8.1/libmisc/cleanup_group.c.audit-update shadow-4.8.1/libmisc/cleanup_group.c
+--- shadow-4.8.1/libmisc/cleanup_group.c.audit-update	2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8.1/libmisc/cleanup_group.c	2020-03-17 16:53:44.371943299 +0100
@@ -83,7 +83,7 @@ void cleanup_report_mod_group (void *cle
 	         gr_dbname (),
 	         info->action));
@ -131,9 +131,9 @@ diff -up shadow-4.8/libmisc/cleanup_group.c.audit-update shadow-4.8/libmisc/clea
 		                      SHADOW_AUDIT_FAILURE);
 #endif
 	}
-diff -up shadow-4.8/libmisc/cleanup_user.c.audit-update shadow-4.8/libmisc/cleanup_user.c
--- shadow-4.8/libmisc/cleanup_user.c.audit-update	2019-07-23 17:26:08.000000000 +0200
-+++ shadow-4.8/libmisc/cleanup_user.c	2020-01-13 10:15:51.802073378 +0100
+diff -up shadow-4.8.1/libmisc/cleanup_user.c.audit-update shadow-4.8.1/libmisc/cleanup_user.c
+--- shadow-4.8.1/libmisc/cleanup_user.c.audit-update	2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8.1/libmisc/cleanup_user.c	2020-03-17 16:53:44.371943299 +0100
@@ -65,7 +65,7 @@ void cleanup_report_mod_passwd (void *cl
 	         pw_dbname (),
 	         info->action));
@ -181,9 +181,9 @@ diff -up shadow-4.8/libmisc/cleanup_user.c.audit-update shadow-4.8/libmisc/clean
 		                      SHADOW_AUDIT_FAILURE);
 #endif
 	}
-diff -up shadow-4.8/lib/prototypes.h.audit-update shadow-4.8/lib/prototypes.h
--- shadow-4.8/lib/prototypes.h.audit-update	2020-01-13 10:15:51.785073664 +0100
-+++ shadow-4.8/lib/prototypes.h	2020-01-13 10:15:51.803073362 +0100
+diff -up shadow-4.8.1/lib/prototypes.h.audit-update shadow-4.8.1/lib/prototypes.h
+--- shadow-4.8.1/lib/prototypes.h.audit-update	2020-03-17 16:53:44.364943206 +0100
+++ shadow-4.8.1/lib/prototypes.h	2020-03-17 16:53:44.371943299 +0100
@@ -219,12 +219,21 @@ extern int audit_fd;
 extern void audit_help_open (void);
 /* Use AUDIT_NO_ID when a name is provided to audit_logger instead of an ID */
@ -206,9 +206,9 @@ diff -up shadow-4.8/lib/prototypes.h.audit-update shadow-4.8/lib/prototypes.h
 void audit_logger_message (const char *message, shadow_audit_result result);
 #endif
 
-diff -up shadow-4.8/src/chage.c.audit-update shadow-4.8/src/chage.c
--- shadow-4.8/src/chage.c.audit-update	2019-11-12 01:18:25.000000000 +0100
-+++ shadow-4.8/src/chage.c	2020-01-13 10:15:51.806073311 +0100
+diff -up shadow-4.8.1/src/chage.c.audit-update shadow-4.8.1/src/chage.c
+--- shadow-4.8.1/src/chage.c.audit-update	2019-11-12 01:18:25.000000000 +0100
+++ shadow-4.8.1/src/chage.c	2020-03-17 16:53:44.371943299 +0100
@@ -123,9 +123,10 @@ static /*@noreturn@*/void fail_exit (int
 
 #ifdef WITH_AUDIT
@ -296,9 +296,9 @@ diff -up shadow-4.8/src/chage.c.audit-update shadow-4.8/src/chage.c
 			              user_name, (unsigned int) user_uid, 1);
 		}
 #endif
-diff -up shadow-4.8/src/gpasswd.c.audit-update shadow-4.8/src/gpasswd.c
--- shadow-4.8/src/gpasswd.c.audit-update	2019-07-23 17:26:08.000000000 +0200
-+++ shadow-4.8/src/gpasswd.c	2020-01-13 10:15:51.803073362 +0100
+diff -up shadow-4.8.1/src/gpasswd.c.audit-update shadow-4.8.1/src/gpasswd.c
+--- shadow-4.8.1/src/gpasswd.c.audit-update	2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8.1/src/gpasswd.c	2020-03-17 16:53:44.371943299 +0100
@@ -138,7 +138,7 @@ static void usage (int status)
 	(void) fputs (_("  -d, --delete USER             remove USER from GROUP\n"), usageout);
 	(void) fputs (_("  -h, --help                    display this help message and exit\n"), usageout);
@ -562,9 +562,9 @@ diff -up shadow-4.8/src/gpasswd.c.audit-update shadow-4.8/src/gpasswd.c
 		              SHADOW_AUDIT_SUCCESS);
 #endif
 	}
-diff -up shadow-4.8/src/groupadd.c.audit-update shadow-4.8/src/groupadd.c
--- shadow-4.8/src/groupadd.c.audit-update	2019-07-23 17:26:08.000000000 +0200
-+++ shadow-4.8/src/groupadd.c	2020-01-13 10:15:51.804073345 +0100
+diff -up shadow-4.8.1/src/groupadd.c.audit-update shadow-4.8.1/src/groupadd.c
+--- shadow-4.8.1/src/groupadd.c.audit-update	2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8.1/src/groupadd.c	2020-03-17 16:53:44.372943312 +0100
@@ -131,6 +131,15 @@ static /*@noreturn@*/void usage (int sta
 	exit (status);
 }
@ -740,9 +740,9 @@ diff -up shadow-4.8/src/groupadd.c.audit-update shadow-4.8/src/groupadd.c
 		}
 	}
 
-diff -up shadow-4.8/src/groupdel.c.audit-update shadow-4.8/src/groupdel.c
--- shadow-4.8/src/groupdel.c.audit-update	2019-07-23 17:26:08.000000000 +0200
-+++ shadow-4.8/src/groupdel.c	2020-01-13 10:15:51.804073345 +0100
+diff -up shadow-4.8.1/src/groupdel.c.audit-update shadow-4.8.1/src/groupdel.c
+--- shadow-4.8.1/src/groupdel.c.audit-update	2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8.1/src/groupdel.c	2020-03-17 16:53:44.372943312 +0100
@@ -106,6 +106,15 @@ static /*@noreturn@*/void usage (int sta
 	exit (status);
 }
@ -912,9 +912,9 @@ diff -up shadow-4.8/src/groupdel.c.audit-update shadow-4.8/src/groupdel.c
 	}
 #endif
 
-diff -up shadow-4.8/src/groupmod.c.audit-update shadow-4.8/src/groupmod.c
--- shadow-4.8/src/groupmod.c.audit-update	2019-07-23 17:26:08.000000000 +0200
-+++ shadow-4.8/src/groupmod.c	2020-01-13 10:15:51.805073328 +0100
+diff -up shadow-4.8.1/src/groupmod.c.audit-update shadow-4.8.1/src/groupmod.c
+--- shadow-4.8.1/src/groupmod.c.audit-update	2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8.1/src/groupmod.c	2020-03-17 16:53:44.372943312 +0100
@@ -450,7 +450,7 @@ static void close_files (void)
 		exit (E_GRP_UPDATE);
 	}
@ -1118,9 +1118,9 @@ diff -up shadow-4.8/src/groupmod.c.audit-update shadow-4.8/src/groupmod.c
 
 // FIXME: add a system cleanup
 	add_cleanup (cleanup_report_mod_group, &info_group);
-diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
--- shadow-4.8/src/newgrp.c.audit-update	2019-07-23 17:26:08.000000000 +0200
-+++ shadow-4.8/src/newgrp.c	2020-01-13 10:15:51.806073311 +0100
+diff -up shadow-4.8.1/src/newgrp.c.audit-update shadow-4.8.1/src/newgrp.c
+--- shadow-4.8.1/src/newgrp.c.audit-update	2020-01-12 15:19:28.000000000 +0100
+++ shadow-4.8.1/src/newgrp.c	2020-03-17 16:53:44.372943312 +0100
@@ -206,11 +206,12 @@ static void check_perms (const struct gr
 		    strcmp (cpasswd, grp->gr_passwd) != 0) {
 #ifdef WITH_AUDIT
@ -1203,7 +1203,7 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
 			}
 #endif
 			exit (EXIT_FAILURE);
-@@ -457,7 +458,7 @@ int main (int argc, char **argv)
+@@ -458,7 +459,7 @@ int main (int argc, char **argv)
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_CHGRP_ID, Prog,
 		              "changing", NULL,
@ -1212,7 +1212,7 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
 #endif
 		SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)",
 		         (unsigned long) getuid ()));
-@@ -573,15 +574,26 @@ int main (int argc, char **argv)
+@@ -574,15 +575,26 @@ int main (int argc, char **argv)
 		perror ("getgroups");
 #ifdef WITH_AUDIT
 		if (group) {
@ -1243,7 +1243,7 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
 		}
 #endif
 		exit (EXIT_FAILURE);
-@@ -738,10 +750,10 @@ int main (int argc, char **argv)
+@@ -739,10 +751,10 @@ int main (int argc, char **argv)
 		perror ("setgid");
 #ifdef WITH_AUDIT
 		snprintf (audit_buf, sizeof(audit_buf),
@ -1256,7 +1256,7 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
 #endif
 		exit (EXIT_FAILURE);
 	}
-@@ -750,10 +762,10 @@ int main (int argc, char **argv)
+@@ -751,10 +763,10 @@ int main (int argc, char **argv)
 		perror ("setuid");
 #ifdef WITH_AUDIT
 		snprintf (audit_buf, sizeof(audit_buf),
@ -1269,7 +1269,7 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
 #endif
 		exit (EXIT_FAILURE);
 	}
-@@ -767,10 +779,10 @@ int main (int argc, char **argv)
+@@ -768,10 +780,10 @@ int main (int argc, char **argv)
 		execl (SHELL, "sh", "-c", command, (char *) 0);
 #ifdef WITH_AUDIT
 		snprintf (audit_buf, sizeof(audit_buf),
@ -1282,7 +1282,7 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
 #endif
 		perror (SHELL);
 		exit ((errno == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
-@@ -834,11 +846,11 @@ int main (int argc, char **argv)
+@@ -835,11 +847,11 @@ int main (int argc, char **argv)
 	}
 
 #ifdef WITH_AUDIT
@ -1296,7 +1296,7 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
 #endif
 	/*
 	 * Exec the login shell and go away. We are trying to get back to
-@@ -862,15 +874,24 @@ int main (int argc, char **argv)
+@@ -863,15 +875,24 @@ int main (int argc, char **argv)
 	closelog ();
 #ifdef WITH_AUDIT
 	if (NULL != group) {
@ -1325,9 +1325,9 @@ diff -up shadow-4.8/src/newgrp.c.audit-update shadow-4.8/src/newgrp.c
 	}
 #endif
 	exit (EXIT_FAILURE);
-diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
--- shadow-4.8/src/useradd.c.audit-update	2020-01-13 10:15:51.789073597 +0100
-+++ shadow-4.8/src/useradd.c	2020-01-13 10:17:30.929406913 +0100
+diff -up shadow-4.8.1/src/useradd.c.audit-update shadow-4.8.1/src/useradd.c
+--- shadow-4.8.1/src/useradd.c.audit-update	2020-03-17 16:53:44.365943219 +0100
+++ shadow-4.8.1/src/useradd.c	2020-03-17 17:03:11.614503929 +0100
@@ -233,6 +233,8 @@ static void create_mail (void);
  */
 static void fail_exit (int code)
@ -1510,7 +1510,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
 		              SHADOW_AUDIT_SUCCESS);
 #endif
 		SYSLOG ((LOG_INFO,
-@@ -1445,7 +1393,7 @@ static void process_flags (int argc, cha
+@@ -1452,7 +1400,7 @@ static void process_flags (int argc, cha
 			         Prog, user_name);
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_ADD_USER, Prog,
@ -1519,7 +1519,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
 			              user_name, AUDIT_NO_ID,
 			              SHADOW_AUDIT_FAILURE);
 #endif
-@@ -1560,7 +1508,7 @@ static void close_files (void)
+@@ -1567,7 +1515,7 @@ static void close_files (void)
 			SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_ADD_USER, Prog,
@ -1528,7 +1528,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
 			              user_name, AUDIT_NO_ID,
 			              SHADOW_AUDIT_FAILURE);
 #endif
-@@ -1573,7 +1521,7 @@ static void close_files (void)
+@@ -1580,7 +1528,7 @@ static void close_files (void)
 		SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_ADD_USER, Prog,
@ -1537,7 +1537,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
 		              user_name, AUDIT_NO_ID,
 		              SHADOW_AUDIT_FAILURE);
 #endif
-@@ -1585,7 +1533,7 @@ static void close_files (void)
+@@ -1592,7 +1540,7 @@ static void close_files (void)
 		SYSLOG ((LOG_ERR, "failed to unlock %s", gr_dbname ()));
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_ADD_USER, Prog,
@ -1546,7 +1546,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
 		              user_name, AUDIT_NO_ID,
 		              SHADOW_AUDIT_FAILURE);
 #endif
-@@ -1599,7 +1547,7 @@ static void close_files (void)
+@@ -1606,7 +1554,7 @@ static void close_files (void)
 			SYSLOG ((LOG_ERR, "failed to unlock %s", sgr_dbname ()));
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_ADD_USER, Prog,
@ -1555,7 +1555,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
 			              user_name, AUDIT_NO_ID,
 			              SHADOW_AUDIT_FAILURE);
 #endif
-@@ -1615,7 +1563,7 @@ static void close_files (void)
+@@ -1622,7 +1570,7 @@ static void close_files (void)
 			SYSLOG ((LOG_ERR, "failed to unlock %s", sub_uid_dbname ()));
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_ADD_USER, Prog,
@ -1564,7 +1564,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
 				user_name, AUDIT_NO_ID,
 				SHADOW_AUDIT_FAILURE);
 #endif
-@@ -1629,7 +1577,7 @@ static void close_files (void)
+@@ -1636,7 +1584,7 @@ static void close_files (void)
 			SYSLOG ((LOG_ERR, "failed to unlock %s", sub_gid_dbname ()));
 #ifdef WITH_AUDIT
 			audit_logger (AUDIT_ADD_USER, Prog,
@ -1573,7 +1573,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
 				user_name, AUDIT_NO_ID,
 				SHADOW_AUDIT_FAILURE);
 #endif
-@@ -1821,7 +1769,7 @@ static void grp_add (void)
+@@ -1828,7 +1776,7 @@ static void grp_add (void)
 		         Prog, gr_dbname (), grp.gr_name);
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_ADD_GROUP, Prog,
@ -1582,7 +1582,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
 		              grp.gr_name, AUDIT_NO_ID,
 		              SHADOW_AUDIT_FAILURE);
 #endif
-@@ -1837,7 +1785,7 @@ static void grp_add (void)
+@@ -1844,7 +1792,7 @@ static void grp_add (void)
 		         Prog, sgr_dbname (), sgrp.sg_name);
 #ifdef WITH_AUDIT
 		audit_logger (AUDIT_ADD_GROUP, Prog,
@ -1591,7 +1591,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
 		              grp.gr_name, AUDIT_NO_ID,
 		              SHADOW_AUDIT_FAILURE);
 #endif
-@@ -1847,7 +1795,7 @@ static void grp_add (void)
+@@ -1854,7 +1802,7 @@ static void grp_add (void)
 	SYSLOG ((LOG_INFO, "new group: name=%s, GID=%u", user_name, user_gid));
 #ifdef WITH_AUDIT
 	audit_logger (AUDIT_ADD_GROUP, Prog,
@ -1600,7 +1600,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
 	              grp.gr_name, AUDIT_NO_ID,
 	              SHADOW_AUDIT_SUCCESS);
 #endif
-@@ -2015,12 +1963,6 @@ static void usr_update (void)
+@@ -2025,12 +1973,6 @@ static void usr_update (void)
 		fprintf (stderr,
 		         _("%s: failed to prepare the new %s entry '%s'\n"),
 		         Prog, spw_dbname (), spent.sp_namp);
@ -1613,7 +1613,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
 		fail_exit (E_PW_UPDATE);
 	}
 #ifdef ENABLE_SUBIDS
-@@ -2041,9 +1983,14 @@ static void usr_update (void)
+@@ -2051,9 +1993,14 @@ static void usr_update (void)
 #endif				/* ENABLE_SUBIDS */
 
 #ifdef WITH_AUDIT
@ -1630,7 +1630,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
 	              SHADOW_AUDIT_SUCCESS);
 #endif
 	/*
-@@ -2130,12 +2077,6 @@ static void create_home (void)
+@@ -2140,12 +2087,6 @@ static void create_home (void)
 			fprintf (stderr,
 							_("%s: cannot create directory %s\n"),
 							Prog, path);
@ -1643,8 +1643,8 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
 			fail_exit (E_HOMEDIR);
 		}
 				if (chown (path, 0, 0) < 0) {
-@@ -2157,8 +2098,8 @@ static void create_home (void)
- 		       0777 & ~getdef_num ("UMASK", GETDEF_DEFAULT_UMASK));
+@@ -2168,8 +2109,8 @@ static void create_home (void)
+ 		chmod (prefix_user_home, mode);
 		home_added = true;
 #ifdef WITH_AUDIT
 -		audit_logger (AUDIT_ADD_USER, Prog,
@ -1654,7 +1654,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
 		              user_name, (unsigned int) user_id,
 		              SHADOW_AUDIT_SUCCESS);
 #endif
-@@ -2343,12 +2284,6 @@ int main (int argc, char **argv)
+@@ -2354,12 +2295,6 @@ int main (int argc, char **argv)
 	 */
 	if (prefix_getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */
 		fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name);
@ -1667,7 +1667,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
 		fail_exit (E_NAME_IN_USE);
 	}
 
-@@ -2364,12 +2299,6 @@ int main (int argc, char **argv)
+@@ -2375,12 +2310,6 @@ int main (int argc, char **argv)
 			fprintf (stderr,
 			         _("%s: group %s exists - if you want to add this user to that group, use -g.\n"),
 			         Prog, user_name);
@ -1680,7 +1680,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
 			fail_exit (E_NAME_IN_USE);
 		}
 	}
-@@ -2399,12 +2328,6 @@ int main (int argc, char **argv)
+@@ -2410,12 +2339,6 @@ int main (int argc, char **argv)
 				fprintf (stderr,
 				         _("%s: UID %lu is not unique\n"),
 				         Prog, (unsigned long) user_id);
@ -1693,7 +1693,7 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
 				fail_exit (E_UID_IN_USE);
 			}
 		}
-@@ -2478,9 +2401,10 @@ int main (int argc, char **argv)
+@@ -2489,9 +2412,10 @@ int main (int argc, char **argv)
 			         _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
 			         Prog, user_name, user_selinux);
 #ifdef WITH_AUDIT
@ -1707,9 +1707,9 @@ diff -up shadow-4.8/src/useradd.c.audit-update shadow-4.8/src/useradd.c
 #endif				/* WITH_AUDIT */
 			rv = E_SE_UPDATE;
 		    }
-diff -up shadow-4.8/src/userdel.c.audit-update shadow-4.8/src/userdel.c
--- shadow-4.8/src/userdel.c.audit-update	2020-01-13 10:15:51.797073462 +0100
-+++ shadow-4.8/src/userdel.c	2020-01-13 10:15:51.809073261 +0100
+diff -up shadow-4.8.1/src/userdel.c.audit-update shadow-4.8.1/src/userdel.c
+--- shadow-4.8.1/src/userdel.c.audit-update	2020-03-17 16:53:44.368943259 +0100
+++ shadow-4.8.1/src/userdel.c	2020-03-17 16:53:44.373943325 +0100
@@ -222,9 +222,9 @@ static void update_groups (void)
 		 * Update the DBM group file with the new entry as well.
 		 */
@ -2037,9 +2037,9 @@ diff -up shadow-4.8/src/userdel.c.audit-update shadow-4.8/src/userdel.c
 			              user_name, (unsigned int) user_id,
 			              SHADOW_AUDIT_FAILURE);
 #endif				/* WITH_AUDIT */
-diff -up shadow-4.8/src/usermod.c.audit-update shadow-4.8/src/usermod.c
--- shadow-4.8/src/usermod.c.audit-update	2020-01-13 10:15:51.800073412 +0100
-+++ shadow-4.8/src/usermod.c	2020-01-13 10:15:51.812073210 +0100
+diff -up shadow-4.8.1/src/usermod.c.audit-update shadow-4.8.1/src/usermod.c
+--- shadow-4.8.1/src/usermod.c.audit-update	2020-03-17 16:53:44.370943285 +0100
+++ shadow-4.8.1/src/usermod.c	2020-03-17 16:53:44.373943325 +0100
@@ -457,8 +457,8 @@ static char *new_pw_passwd (char *pw_pas
 
 #ifdef WITH_AUDIT
--- a/shadow-4.8.1-manfix.patch
+++ b/shadow-4.8.1-manfix.patch
@ -1,6 +1,6 @@
-diff -up shadow-4.8/man/chage.1.xml.manfix shadow-4.8/man/chage.1.xml
--- shadow-4.8/man/chage.1.xml.manfix	2019-10-05 01:28:34.000000000 +0200
-+++ shadow-4.8/man/chage.1.xml	2020-01-13 10:12:48.445155882 +0100
+diff -up shadow-4.8.1/man/chage.1.xml.manfix shadow-4.8.1/man/chage.1.xml
+--- shadow-4.8.1/man/chage.1.xml.manfix	2019-10-05 01:28:34.000000000 +0200
+++ shadow-4.8.1/man/chage.1.xml	2020-03-17 15:34:48.750414984 +0100
@@ -102,6 +102,9 @@
 	    Set the number of days since January 1st, 1970 when the password
 	    was last changed. The date may also be expressed in the format
@ -44,9 +44,9 @@ diff -up shadow-4.8/man/chage.1.xml.manfix shadow-4.8/man/chage.1.xml
     <para>The <command>chage</command> command is restricted to the root
       user, except for the <option>-l</option> option, which may be used by
       an unprivileged user to determine when their password or account is due
-diff -up shadow-4.8/man/groupadd.8.xml.manfix shadow-4.8/man/groupadd.8.xml
--- shadow-4.8/man/groupadd.8.xml.manfix	2020-01-13 10:12:48.432156100 +0100
-+++ shadow-4.8/man/groupadd.8.xml	2020-01-13 10:13:06.096859122 +0100
+diff -up shadow-4.8.1/man/groupadd.8.xml.manfix shadow-4.8.1/man/groupadd.8.xml
+--- shadow-4.8.1/man/groupadd.8.xml.manfix	2020-03-17 15:34:48.745414917 +0100
+++ shadow-4.8.1/man/groupadd.8.xml	2020-03-17 15:34:48.750414984 +0100
@@ -320,13 +320,13 @@
 	<varlistentry>
 	  <term><replaceable>4</replaceable></term>
@ -63,15 +63,15 @@ diff -up shadow-4.8/man/groupadd.8.xml.manfix shadow-4.8/man/groupadd.8.xml
 	  </listitem>
 	</varlistentry>
 	<varlistentry>
-diff -up shadow-4.8/man/groupmems.8.xml.manfix shadow-4.8/man/groupmems.8.xml
--- shadow-4.8/man/groupmems.8.xml.manfix	2019-07-23 17:26:08.000000000 +0200
-+++ shadow-4.8/man/groupmems.8.xml	2020-01-13 10:12:48.445155882 +0100
+diff -up shadow-4.8.1/man/groupmems.8.xml.manfix shadow-4.8.1/man/groupmems.8.xml
+--- shadow-4.8.1/man/groupmems.8.xml.manfix	2020-03-17 15:34:48.750414984 +0100
+++ shadow-4.8.1/man/groupmems.8.xml	2020-03-17 15:41:13.383588722 +0100
@@ -179,20 +179,10 @@
   <refsect1 id='setup'>
     <title>SETUP</title>
     <para>
 -      The <command>groupmems</command> executable should be in mode
-      <literal>2770</literal> as user <emphasis>root</emphasis> and in group
+-      <literal>2710</literal> as user <emphasis>root</emphasis> and in group
 -      <emphasis>groups</emphasis>. The system administrator can add users to
 -      group <emphasis>groups</emphasis> to allow or disallow them using the
 -      <command>groupmems</command> utility to manage their own group
@ -83,16 +83,16 @@ diff -up shadow-4.8/man/groupmems.8.xml.manfix shadow-4.8/man/groupmems.8.xml
 -
 -    <programlisting>
 -	$ groupadd -r groups
-	$ chmod 2770 groupmems
+-	$ chmod 2710 groupmems
 -	$ chown root.groups groupmems
 -	$ groupmems -g groups -a gk4
 -    </programlisting>
   </refsect1>
 
   <refsect1 id='configuration'>
-diff -up shadow-4.8/man/ja/man5/login.defs.5.manfix shadow-4.8/man/ja/man5/login.defs.5
--- shadow-4.8/man/ja/man5/login.defs.5.manfix	2019-07-23 17:26:08.000000000 +0200
-+++ shadow-4.8/man/ja/man5/login.defs.5	2020-01-13 10:12:48.445155882 +0100
+diff -up shadow-4.8.1/man/ja/man5/login.defs.5.manfix shadow-4.8.1/man/ja/man5/login.defs.5
+--- shadow-4.8.1/man/ja/man5/login.defs.5.manfix	2019-07-23 17:26:08.000000000 +0200
+++ shadow-4.8.1/man/ja/man5/login.defs.5	2020-03-17 15:34:48.750414984 +0100
@@ -147,10 +147,6 @@ 以下の参照表は、
 shadow パスワード機能のどのプログラムが
 どのパラメータを使用するかを示したものである。
@ -104,10 +104,10 @@ diff -up shadow-4.8/man/ja/man5/login.defs.5.manfix shadow-4.8/man/ja/man5/login
 .IP groupadd 12
 GID_MAX GID_MIN
 .IP newusers 12
-diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
--- shadow-4.8/man/login.defs.5.xml.manfix	2019-07-23 17:26:08.000000000 +0200
-+++ shadow-4.8/man/login.defs.5.xml	2020-01-13 10:14:10.491776547 +0100
-@@ -163,6 +163,17 @@
+diff -up shadow-4.8.1/man/login.defs.5.xml.manfix shadow-4.8.1/man/login.defs.5.xml
+--- shadow-4.8.1/man/login.defs.5.xml.manfix	2020-01-17 16:47:56.000000000 +0100
+++ shadow-4.8.1/man/login.defs.5.xml	2020-03-17 15:34:48.750414984 +0100
+@@ -164,6 +164,17 @@
       long numeric parameters is machine-dependent.
     </para>
 
@ -125,7 +125,7 @@ diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
     <para>The following configuration items are provided:</para>
 
     <variablelist remap='IP'>
-@@ -254,16 +265,6 @@
+@@ -256,16 +267,6 @@
 	</listitem>
       </varlistentry>
       <varlistentry>
@ -142,7 +142,7 @@ diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
 	<term>chgpasswd</term>
 	<listitem>
 	  <para>
-@@ -284,14 +285,6 @@
+@@ -286,14 +287,6 @@
 	  </para>
 	</listitem>
       </varlistentry>
@ -157,7 +157,7 @@ diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
       <!-- expiry: no variables (CONSOLE_GROUPS linked, but not used) -->
       <!-- faillog: no variables -->
       <varlistentry>
-@@ -357,34 +350,6 @@
+@@ -359,34 +352,6 @@
 	  <para>LASTLOG_UID_MAX</para>
 	</listitem>
       </varlistentry>
@ -192,7 +192,7 @@ diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
       <!-- logoutd: no variables -->
       <varlistentry>
 	<term>newgrp / sg</term>
-@@ -412,17 +377,6 @@
+@@ -415,17 +380,6 @@
 	</listitem>
       </varlistentry>
       <!-- nologin: no variables -->
@ -210,7 +210,7 @@ diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
       <varlistentry>
 	<term>pwck</term>
 	<listitem>
-@@ -449,32 +403,6 @@
+@@ -452,32 +406,6 @@
 	  </para>
 	</listitem>
       </varlistentry>
@ -243,9 +243,9 @@ diff -up shadow-4.8/man/login.defs.5.xml.manfix shadow-4.8/man/login.defs.5.xml
       <varlistentry>
 	<term>useradd</term>
 	<listitem>
-diff -up shadow-4.8/man/shadow.5.xml.manfix shadow-4.8/man/shadow.5.xml
--- shadow-4.8/man/shadow.5.xml.manfix	2019-12-01 17:52:32.000000000 +0100
-+++ shadow-4.8/man/shadow.5.xml	2020-01-13 10:12:48.446155865 +0100
+diff -up shadow-4.8.1/man/shadow.5.xml.manfix shadow-4.8.1/man/shadow.5.xml
+--- shadow-4.8.1/man/shadow.5.xml.manfix	2019-12-01 17:52:32.000000000 +0100
+++ shadow-4.8.1/man/shadow.5.xml	2020-03-17 15:34:48.750414984 +0100
@@ -129,7 +129,7 @@
 	<listitem>
 	  <para>
@ -275,10 +275,10 @@ diff -up shadow-4.8/man/shadow.5.xml.manfix shadow-4.8/man/shadow.5.xml
 	  </para>
 	  <para>
 	    Note that an account expiration differs from a password
-diff -up shadow-4.8/man/useradd.8.xml.manfix shadow-4.8/man/useradd.8.xml
--- shadow-4.8/man/useradd.8.xml.manfix	2020-01-13 10:12:48.432156100 +0100
-+++ shadow-4.8/man/useradd.8.xml	2020-01-13 10:12:48.446155865 +0100
-@@ -358,6 +358,11 @@
+diff -up shadow-4.8.1/man/useradd.8.xml.manfix shadow-4.8.1/man/useradd.8.xml
+--- shadow-4.8.1/man/useradd.8.xml.manfix	2020-03-17 15:34:48.745414917 +0100
+++ shadow-4.8.1/man/useradd.8.xml	2020-03-17 15:34:48.751414997 +0100
+@@ -359,6 +359,11 @@
 	    <option>CREATE_HOME</option> is not enabled, no home
 	    directories are created.
 	  </para>
@ -290,10 +290,10 @@ diff -up shadow-4.8/man/useradd.8.xml.manfix shadow-4.8/man/useradd.8.xml
 	</listitem>
       </varlistentry>
       <varlistentry>
-diff -up shadow-4.8/man/usermod.8.xml.manfix shadow-4.8/man/usermod.8.xml
--- shadow-4.8/man/usermod.8.xml.manfix	2019-10-05 03:23:58.000000000 +0200
-+++ shadow-4.8/man/usermod.8.xml	2020-01-13 10:12:48.446155865 +0100
-@@ -153,7 +153,8 @@
+diff -up shadow-4.8.1/man/usermod.8.xml.manfix shadow-4.8.1/man/usermod.8.xml
+--- shadow-4.8.1/man/usermod.8.xml.manfix	2019-12-20 06:58:23.000000000 +0100
+++ shadow-4.8.1/man/usermod.8.xml	2020-03-17 15:34:48.751414997 +0100
+@@ -143,7 +143,8 @@
 	    If the <option>-m</option>
 	    option is given, the contents of the current home directory will
 	    be moved to the new home directory, which is created if it does
@ -303,7 +303,7 @@ diff -up shadow-4.8/man/usermod.8.xml.manfix shadow-4.8/man/usermod.8.xml
 	  </para>
 	</listitem>
       </varlistentry>
-@@ -215,6 +216,12 @@
+@@ -205,6 +206,12 @@
 	    The group ownership of files outside of the user's home directory
 	    must be fixed manually.
 	  </para>
@ -316,7 +316,7 @@ diff -up shadow-4.8/man/usermod.8.xml.manfix shadow-4.8/man/usermod.8.xml
 	</listitem>
       </varlistentry>
       <varlistentry>
-@@ -277,7 +284,8 @@
+@@ -267,7 +274,8 @@
 	<listitem>
 	  <para>
 	    Move the content of the user's home directory to the new
@ -326,7 +326,7 @@ diff -up shadow-4.8/man/usermod.8.xml.manfix shadow-4.8/man/usermod.8.xml
 	  </para>
 	  <para>
 	    This option is only valid in combination with the
-@@ -391,6 +399,12 @@
+@@ -381,6 +389,12 @@
 	    must be fixed manually.
 	  </para>
 	  <para>
--- a/shadow-utils.HOME_MODE.xml
+++ b/shadow-utils.HOME_MODE.xml
@ -0,0 +1,43 @@
+<!--
+   Copyright (c) 1991 - 1993, Julianne Frances Haugh
+   Copyright (c) 1991 - 1993, Chip Rosenthal
+   Copyright (c) 2007 - 2009, Nicolas François
+   All rights reserved.
+  
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+   are met:
+   1. Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+   2. Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+   3. The name of the copyright holders or contributors may not be used to
+      endorse or promote products derived from this software without
+      specific prior written permission.
+  
+   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+   ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+   PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
+   HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+-->
+<varlistentry>
+  <term><option>HOME_MODE</option> (number)</term>
+  <listitem>
+    <para>
+      The mode for new home directories. If not specified,
+      the <option>UMASK</option> is used to create the mode.
+    </para>
+    <para>
+      <command>useradd</command> and <command>newusers</command> use this
+      to set the mode of the home directory they create.
+    </para>
+  </listitem>
+</varlistentry>
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@ -1,7 +1,7 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
-Version: 4.8
-Release: 5%{?dist}
+Version: 4.8.1
+Release: 1%{?dist}
 Epoch: 2
 URL: http://pkg-shadow.alioth.debian.org/
 Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
@ -10,6 +10,7 @@ Source2: shadow-utils.useradd
 Source3: shadow-utils.login.defs
 Source4: shadow-bsd.txt
 Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
+Source6: shadow-utils.HOME_MODE.xml
 # Misc small changes - most probably non-upstreamable
 Patch0: shadow-4.6-redhat.patch
 # Be more lenient with acceptable user/group names - non upstreamable
@ -23,7 +24,7 @@ Patch11: shadow-4.1.5.1-logmsg.patch
 # SElinux related - upstreamability unknown
 Patch14: shadow-4.1.5.1-default-range.patch
 # Misc manual page changes - only some of them could be upstreamed
-Patch15: shadow-4.8-manfix.patch
+Patch15: shadow-4.8.1-manfix.patch
 # Userdel usage message change - could be upstreamed
 Patch17: shadow-4.1.5.1-userdel-helpfix.patch
 # Date parsing improvement - could be upstreamed
@ -31,7 +32,7 @@ Patch19: shadow-4.2.1-date-parsing.patch
 # Additional error message - could be upstreamed
 Patch21: shadow-4.6-move-home.patch
 # Audit message changes - upstreamability unknown
-Patch22: shadow-4.8-audit-update.patch
+Patch22: shadow-4.8.1-audit-update.patch
 # Changes related to password unlocking - could be upstreamed
 Patch23: shadow-4.5-usermod-unlock.patch
 # Additional SElinux related changes - upstreamability unknown
@ -48,8 +49,6 @@ Patch33: shadow-4.8-long-entry.patch
 Patch38: shadow-4.6-sysugid-min-limit.patch
 # Ignore LOGIN_PLAIN_PROMPT in login.defs - upstreamability unknown
 Patch40: shadow-4.8-ignore-login-prompt.patch
-# Make the missing shell check into warning - could be upstreamed
-Patch41: shadow-4.8-invalid-shell-check.patch
 # Generate /var/spool/mail/$USER with the proper SELinux user identity - already upstreamed
 Patch42: shadow-4.8-useradd-selinux-mail.patch

@ -99,13 +98,13 @@ are used for managing group accounts.
 %patch33 -p1 -b .long-entry
 %patch38 -p1 -b .sysugid-min-limit
 %patch40 -p1 -b .login-prompt
-%patch41 -p1 -b .invalid-shell
 %patch42 -p1 -b .useradd-selinux-mail

 iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
 cp -f doc/HOWTO.utf8 doc/HOWTO

 cp -a %{SOURCE4} %{SOURCE5} .
+cp -a %{SOURCE6} man/login.defs.d/HOME_MODE.xml

 # Force regeneration of getdate.c
 rm libmisc/getdate.c
@ -255,7 +254,10 @@ done
 %{_mandir}/man8/vigr.8*

 %changelog
-* Mon Mar 17 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8-5
+* Tue Mar 17 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8.1-1
+- updated upstream to 4.8.1
+
+* Tue Mar 17 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8-5
 - synchronized login.defs with upstream file (#1261099 and #1807957)

 * Mon Feb 24 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8-4
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (shadow-4.8.tar.xz) = 1c607aec541400fc179d6cbbac7511289c618ab2ce6ee9d7c18a8bfda00421c62d4b9e58aff52b5f82d485468e7db955c186ea0faad9a08003ffc01bdf2ccece
-SHA512 (shadow-4.8.tar.xz.asc) = 200f7793e55447cc5c0d11988ee26511167c5fe23e1f6622b6b0c8cb74498052f2df855f02e351fee0da16562f6a6510ad3954b4c5e13dd9a8da0d998f8dc5e6
+SHA512 (shadow-4.8.1.tar.xz) = 780a983483d847ed3c91c82064a0fa902b6f4185225978241bc3bc03fcc3aa143975b46aee43151c6ba43efcfdb1819516b76ba7ad3d1d3c34fcc38ea42e917b
+SHA512 (shadow-4.8.1.tar.xz.asc) = ec7686263c81d3feb8ee4314c3323a9a3ada74aafaaf99f4f0d9af9b1341f8c5ff5477ecf98dd94dbb7d921f532d655b0b6a87d94c71893f35dc9bc54c84dd42