Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package shadow for openSUSE:Factory checked in at 2025-12-16 15:49:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shadow (Old) and /work/SRC/openSUSE:Factory/.shadow.new.1939 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shadow" Tue Dec 16 15:49:29 2025 rev:80 rq:1322917 version:4.18.0 Changes: -------- --- /work/SRC/openSUSE:Factory/shadow/shadow.changes 2025-12-04 11:26:32.225642152 +0100 +++ /work/SRC/openSUSE:Factory/.shadow.new.1939/shadow.changes 2025-12-16 15:49:32.885764453 +0100 @@ -1,0 +2,6 @@ +Thu Dec 11 11:00:51 UTC 2025 - Thorsten Kukuk <[email protected]> + +- Add permissions file for shadow-pw-mgmt + [bsc#1253052#c12], [bsc#1254844] + +------------------------------------------------------------------- New: ---- shadow.permissions shadow.permissions.paranoid ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shadow.spec ++++++ --- /var/tmp/diff_new_pack.b6FHaf/_old 2025-12-16 15:49:37.241948916 +0100 +++ /var/tmp/diff_new_pack.b6FHaf/_new 2025-12-16 15:49:37.261949763 +0100 @@ -34,6 +34,8 @@ Source3: %{name}.keyring Source4: shadow.service Source5: shadow.timer +Source6: shadow.permissions +Source7: shadow.permissions.paranoid # SOURCE-FEATURE-SUSE shadow-login_defs-check.sh [email protected] -- Supplementary script that verifies coverage of variables in shadow-login_defs-unused-by-pam.patch and other patches. Source40: shadow-login_defs-check.sh # PATCH-FIX-SUSE shadow-login_defs-unused-by-pam.patch [email protected] -- Remove variables that have no use with PAM. @@ -57,6 +59,7 @@ BuildRequires: libsemanage-devel BuildRequires: libtool BuildRequires: pam-devel +BuildRequires: permissions-config BuildRequires: xz # we depend on libbsd or glibc >= 2.38 for the strlcpy() (and readpassphrase()) functions BuildRequires: glibc-devel >= 2.38 @@ -112,6 +115,7 @@ Summary: Tools to manage user account data Group: System/Base Requires: shadow +Requires(pre): permissions %description pw-mgmt This sub-package contains utilities to manage user account @@ -165,6 +169,8 @@ install -Dm644 %{SOURCE4} %{buildroot}%{_unitdir}/shadow.service install -Dm644 %{SOURCE5} %{buildroot}%{_unitdir}/shadow.timer +install -Dm644 %{SOURCE6} %{buildroot}%{_datadir}/permissions/permissions.d/shadow +install -Dm644 %{SOURCE7} %{buildroot}%{_datadir}/permissions/permissions.d/shadow.paranoid # add empty /etc/sub{u,g}id files touch %{buildroot}/%{_sysconfdir}/subuid @@ -258,6 +264,7 @@ %verifyscript %verify_permissions %{_bindir}/gpasswd +%verify_permissions %{_bindir}/newgrp %verifyscript pw-mgmt %verify_permissions %{_bindir}/chage @@ -266,6 +273,7 @@ %verify_permissions %{_bindir}/expiry %verify_permissions %{_bindir}/newgrp %verify_permissions %{_bindir}/newgidmap +%verify_permissions %{_bindir}/newuidmap %verify_permissions %{_bindir}/passwd %preun @@ -373,9 +381,11 @@ %verify(not mode) %attr(4755,root,shadow) %{_bindir}/chfn %verify(not mode) %attr(4755,root,shadow) %{_bindir}/chsh %verify(not mode) %attr(4755,root,shadow) %{_bindir}/expiry -%verify(not mode) %attr(4755,root,shadow) %{_bindir}/newgidmap -%verify(not mode) %attr(4755,root,shadow) %{_bindir}/newuidmap +%verify(not mode) %attr(4755,root,root) %{_bindir}/newgidmap +%verify(not mode) %attr(4755,root,root) %{_bindir}/newuidmap %verify(not mode) %attr(4755,root,shadow) %{_bindir}/passwd +%{_datadir}/permissions/permissions.d/shadow +%{_datadir}/permissions/permissions.d/shadow.paranoid %{_mandir}/man1/chage.1%{?ext_man} %{_mandir}/man1/chfn.1%{?ext_man} %{_mandir}/man1/chsh.1%{?ext_man} ++++++ shadow.permissions ++++++ /usr/bin/chage root:shadow 2755 /usr/bin/chfn root:shadow 4755 /usr/bin/chsh root:shadow 4755 /usr/bin/expiry root:shadow 4755 /usr/bin/passwd root:shadow 4755 # newgidmap / newuidmap (bsc#979282, bsc#1048645, bsc#1208309) /usr/bin/newgidmap root:root 0755 +capabilities cap_setgid=ep /usr/bin/newuidmap root:root 0755 +capabilities cap_setuid=ep ++++++ shadow.permissions.paranoid ++++++ /usr/bin/chage root:shadow 0755 /usr/bin/chfn root:shadow 0755 /usr/bin/chsh root:shadow 0755 /usr/bin/expiry root:shadow 0755 /usr/bin/passwd root:shadow 0755 # newgidmap / newuidmap (bsc#979282, bsc#1048645, bsc#1208309) /usr/bin/newgidmap root:root 0755 /usr/bin/newuidmap root:root 0755
