useradd: clarify the useradd -d parameter behavior in man page

Explanation: use set_selinux_file_context() and reset_selinux_file_context() for create_mail() just as is done for create_home()

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1690527

shadow-4.6-useradd-man-clarification.patch

@@ -0,0 +1,35 @@
+From 6543c600d841e4f7779269412d470e50eae25b13 Mon Sep 17 00:00:00 2001
+From: ikerexxe <ipedrosa@redhat.com>
+Date: Wed, 4 Mar 2020 14:50:04 +0100
+Subject: [PATCH] useradd: clarify the useradd -d parameter behavior in man
+ page
+
+Explanation: clarify the useradd -d parameter as it does create directory HOME_DIR if it doesn't exit.
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1677005
+
+Changelog: [serge] minor tweak to the text
+---
+ man/useradd.8.xml | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/man/useradd.8.xml b/man/useradd.8.xml
+index 03612ce8..023c0d69 100644
+--- a/man/useradd.8.xml
++++ b/man/useradd.8.xml
+@@ -181,8 +181,10 @@
+ 	    login directory. The default is to append the
+ 	    <replaceable>LOGIN</replaceable> name to
+ 	    <replaceable>BASE_DIR</replaceable> and use that as the login
+-	    directory name. The directory <replaceable>HOME_DIR</replaceable>
+-	    does not have to exist but will not be created if it is missing.
++	    directory name.  If the directory
++	    <replaceable>HOME_DIR</replaceable> does not exist, then it
++	    will be created unless the <option>-M</option> option is
++	    specified.
+ 	  </para>
+ 	</listitem>
+       </varlistentry>
+-- 
+2.25.1
+

shadow-4.6-useradd-selinux-mail.patch

@@ -0,0 +1,61 @@
+From 4dc62ebcf37d7568be1d4ca54367215eba8b8a28 Mon Sep 17 00:00:00 2001
+From: ikerexxe <ipedrosa@redhat.com>
+Date: Wed, 5 Feb 2020 15:04:39 +0100
+Subject: [PATCH] useradd: doesn't generate /var/spool/mail/$USER with the
+ proper SELinux user identity
+
+Explanation: use set_selinux_file_context() and reset_selinux_file_context() for create_mail() just as is done for create_home()
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1690527
+---
+ src/useradd.c | 20 ++++++++++++++++++++
+ 1 file changed, 20 insertions(+)
+
+diff --git a/src/useradd.c b/src/useradd.c
+index a679392d..645d4a40 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -190,6 +190,7 @@ static bool home_added = false;
+ #define E_NAME_IN_USE	9	/* username already in use */
+ #define E_GRP_UPDATE	10	/* can't update group file */
+ #define E_HOMEDIR	12	/* can't create home directory */
++#define E_MAILBOXFILE	13	/* can't create mailbox file */
+ #define E_SE_UPDATE	14	/* can't update SELinux user mapping */
+ #ifdef ENABLE_SUBIDS
+ #define E_SUB_UID_UPDATE 16	/* can't update the subordinate uid file */
+@@ -2210,6 +2211,16 @@ static void create_mail (void)
+ 			sprintf (file, "%s/%s/%s", prefix, spool, user_name);
+ 		else
+ 			sprintf (file, "%s/%s", spool, user_name);
++
++#ifdef WITH_SELINUX
++		if (set_selinux_file_context (file, NULL) != 0) {
++			fprintf (stderr,
++			         _("%s: cannot set SELinux context for mailbox file %s\n"),
++			         Prog, file);
++			fail_exit (E_MAILBOXFILE);
++		}
++#endif
++
+ 		fd = open (file, O_CREAT | O_WRONLY | O_TRUNC | O_EXCL, 0);
+ 		if (fd < 0) {
+ 			perror (_("Creating mailbox file"));
+@@ -2234,6 +2245,15 @@ static void create_mail (void)
+ 
+ 		fsync (fd);
+ 		close (fd);
++#ifdef WITH_SELINUX
++		/* Reset SELinux to create files with default contexts */
++		if (reset_selinux_file_context () != 0) {
++			fprintf (stderr,
++			         _("%s: cannot reset SELinux file creation context\n"),
++			         Prog);
++			fail_exit (E_MAILBOXFILE);
++		}
++#endif
+ 	}
+ }
+ 
+-- 
+2.24.1
+

shadow-utils.spec

@@ -1,7 +1,7 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
 Version: 4.6
-Release: 16%{?dist}
+Release: 18%{?dist}
 Epoch: 2
 URL: http://pkg-shadow.alioth.debian.org/
 Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
@@ -37,6 +37,10 @@ Patch38: shadow-4.6-sysugid-min-limit.patch
 Patch39: shadow-4.6-chgrp-guard.patch
 Patch40: shadow-4.6-ignore-login-prompt.patch
 Patch41: shadow-4.6-use-lckpwdf.patch
+# Generate /var/spool/mail/$USER with the proper SELinux user identity - already upstreamed
+Patch42: shadow-4.6-useradd-selinux-mail.patch
+# Clarify useradd man regarding "-d" parameter - already upstreamed
+Patch43: shadow-4.6-useradd-man-clarification.patch
 
 License: BSD and GPLv2+
 BuildRequires: gcc
@@ -92,6 +96,8 @@ are used for managing group accounts.
 %patch39 -p1 -b .chgrp-guard
 %patch40 -p1 -b .login-prompt
 %patch41 -p1 -b .use-lckpwdf
+%patch42 -p1 -b .useradd-selinux-mail
+%patch43 -p1 -b .useradd-man-clarification
 
 iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
 cp -f doc/HOWTO.utf8 doc/HOWTO
@@ -246,6 +252,13 @@ done
 %{_mandir}/man8/vigr.8*
 
 %changelog
+* Tue Mar 24 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-18
+- useradd: clarify the useradd -d parameter behavior in man page
+
+* Mon Feb 24 2020 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-17
+- fix useradd: doesn't generate spool mail with the proper SELinux user identity
+  (#1690527)
+
 * Mon Sep  2 2019 Tomáš Mráz <tmraz@redhat.com> - 2:4.6-16
 - fix SELinux related problem in chpasswd/chgpasswd when run with -R
   (patch by Petr Lautrbach) (#1747215)