commit shadow for openSUSE:Factory

Thu, 07 May 2026 06:43:43 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package shadow for openSUSE:Factory checked 
in at 2026-05-07 15:42:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/shadow (Old)
 and      /work/SRC/openSUSE:Factory/.shadow.new.1966 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "shadow"

Thu May  7 15:42:58 2026 rev:87 rq:1350938 version:4.19.4

Changes:
--------
--- /work/SRC/openSUSE:Factory/shadow/shadow.changes    2026-03-05 
17:12:29.896041074 +0100
+++ /work/SRC/openSUSE:Factory/.shadow.new.1966/shadow.changes  2026-05-07 
15:42:59.850287746 +0200
@@ -1,0 +2,15 @@
+Tue May  5 10:38:06 UTC 2026 - Michael Vetter <[email protected]>
+
+- Use `%verify(not mode caps)` and remove setuid bit for newgidmap
+  and newuidmap.
+  Related to gh/openSUSE/post-build-checks#66
+
+-------------------------------------------------------------------
+Thu Apr 30 04:22:32 UTC 2026 - Stanislav Brabec <[email protected]>
+
+- shadow-util-linux.patch: util-linux-2.42 introduced new variable:
+  LOGIN_SHELL_FALLBACK. Recognize it and update dependencies. The
+  patch includes gh/shadow-maint/shadow/pull#1621.
+- shadow-login_defs-check.sh: Adjust for new quilt.
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ shadow.spec ++++++
--- /var/tmp/diff_new_pack.fNyG9q/_old  2026-05-07 15:43:01.938373569 +0200
+++ /var/tmp/diff_new_pack.fNyG9q/_new  2026-05-07 15:43:01.938373569 +0200
@@ -92,7 +92,7 @@
 # Call shadow-login_defs-check.sh before!
 Group:          System/Base
 Provides:       login_defs-support-for-pam = 1.5.2
-Provides:       login_defs-support-for-util-linux = 2.41
+Provides:       login_defs-support-for-util-linux = 2.42
 BuildArch:      noarch
 
 %description -n login_defs
@@ -371,8 +371,8 @@
 %verify(not mode) %attr(4755,root,shadow) %{_bindir}/chfn
 %verify(not mode) %attr(4755,root,shadow) %{_bindir}/chsh
 %verify(not mode) %attr(4755,root,shadow) %{_bindir}/expiry
-%verify(not mode) %attr(4755,root,root) %{_bindir}/newgidmap
-%verify(not mode) %attr(4755,root,root) %{_bindir}/newuidmap
+%verify(not mode caps) %attr(0755,root,root) %{_bindir}/newgidmap
+%verify(not mode caps) %attr(0755,root,root) %{_bindir}/newuidmap
 %verify(not mode) %attr(4755,root,shadow) %{_bindir}/passwd
 %{_datadir}/permissions/permissions.d/shadow
 %{_datadir}/permissions/permissions.d/shadow.paranoid


++++++ shadow-login_defs-check.sh ++++++
--- /var/tmp/diff_new_pack.fNyG9q/_old  2026-05-07 15:43:02.022377022 +0200
+++ /var/tmp/diff_new_pack.fNyG9q/_new  2026-05-07 15:43:02.030377351 +0200
@@ -38,21 +38,21 @@
        sed -i s/@BUILD_FLAVOR@// util-linux.spec
 # END HACK
        quilt setup -d BUILD util-linux.spec
-       cd $(ls -1d BUILD/* | sed /SPECPARTS/d)
+       cd $(ls -1d BUILD/* | sed /SPECPARTS/d)/util-linux-*
        quilt push -a
-       cd ../../../..
+       cd ../../../../..
 fi
 
 echo "Extracting variables from util-linux..."
-cd $(ls -1d openSUSE:Factory/util-linux/BUILD/* | sed /SPECPARTS/d)
+cd $(ls -1d openSUSE:Factory/util-linux/BUILD/* | sed 
/SPECPARTS/d)/util-linux-*
 (
        grep -rh getlogindefs . |
                sed -n 's/^.*getlogindefs[a-z_]*("\([A-Z0-9_]*\)".*$/\1/p'
        grep -rh logindefs_setenv . |
                sed -n 's/^.*logindefs_setenv*("[A-Z0-9_]*", 
"\([A-Z0-9_]*\)".*$/\1/p'
 ) |
-       LC_ALL=C sort -u >../../../../shadow-login_defs-check-util-linux.lst
-cd ../../../..
+       LC_ALL=C sort -u >../../../../../shadow-login_defs-check-util-linux.lst
+cd ../../../../..
 
 # login.defs is shared pam_unix*.so, pam_faildelay.so and pam_umask.so.
 # Extract list of referenced variables.
@@ -72,17 +72,17 @@
        fi
        cd openSUSE:Factory/pam
        quilt setup -d BUILD pam.spec
-       cd $(ls -1d BUILD/* | sed /SPECPARTS/d)
+       cd $(ls -1d BUILD/* | sed /SPECPARTS/d)/Linux-PAM-*
        quilt push -a
-       cd ../../../..
+       cd ../../../../..
 fi
 
 echo "Extracting variables from pam..."
-cd $(ls -1d openSUSE:Factory/pam/BUILD/* | sed /SPECPARTS/d)
+cd $(ls -1d openSUSE:Factory/pam/BUILD/* | sed /SPECPARTS/d)/Linux-PAM-*
 grep -rh LOGIN_DEFS . |
        sed -n 's/CRYPTO_KEY/\"HMAC_CRYPTO_ALGO\"/g;s/^.*search_key 
*([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' |
-       LC_ALL=C sort -u >../../../../shadow-login_defs-check-pam.lst
-cd ../../../..
+       LC_ALL=C sort -u >../../../../../shadow-login_defs-check-pam.lst
+cd ../../../../..
 
 if ! test -f shadow-login_defs-check-build/stamp ; then
        echo "Performing preprocessing of shadow by osc..."
@@ -116,7 +116,8 @@
        BUILD_DIR=$(osc lbl | sed -n 's/^.* cd //p' | head -n1)
        rm -rf shadow-login_defs-check-build
        mkdir shadow-login_defs-check-build
-       cp -a "$BUILD_ROOT/$BUILD_DIR"/shadow-* shadow-login_defs-check-build/
+       # Some files report "permission denied"
+       cp -a "$BUILD_ROOT/$BUILD_DIR"/shadow-* shadow-login_defs-check-build/ 
|| :
        touch shadow-login_defs-check-build/stamp
 fi
 

++++++ shadow-util-linux.patch ++++++
--- /var/tmp/diff_new_pack.fNyG9q/_old  2026-05-07 15:43:02.062378666 +0200
+++ /var/tmp/diff_new_pack.fNyG9q/_new  2026-05-07 15:43:02.066378830 +0200
@@ -137,7 +137,7 @@
  # Select the HMAC cryptography algorithm.
  # Used in pam_timestamp module to calculate the keyed-hash message
  # authentication code.
-@@ -301,3 +313,10 @@ PREVENT_NO_AUTH superuser
+@@ -301,3 +313,19 @@ PREVENT_NO_AUTH superuser
  # that are available in your system.
  #
  #HMAC_CRYPTO_ALGO SHA512
@@ -146,6 +146,27 @@
 +# used. The string value is a comma-separated list of variable names. For
 +# example: "LANG,LC_MESSAGES,LC_COLLATE".  The safelist is ignored for the
 +# environment variables HOME, SHELL and USER.
++#
 +#LOGIN_ENV_SAFELIST
 +
++# If set to "yes", login will provide a valid shell from /etc/shells when
++# the shell specified in /etc/passwd is invalid or inaccessible due to
++# administrative errors. This ensures users can still log in. However, it
++# may bypass intended shell restrictions, potentially causing unexpected
++# behavior if the fallback shell differs from the configured one.
++#
++#LOGIN_SHELL_FALLBACK no
++
+Index: lib/getdef.c
+===================================================================
+--- lib/getdef.c.orig
++++ lib/getdef.c
+@@ -79,6 +79,7 @@ struct itemdef {
+       {"LOGIN_ENV_SAFELIST", NULL},           \
+       {"LOGIN_KEEP_USERNAME", NULL},          \
+       {"LOGIN_PLAIN_PROMPT", NULL},           \
++      {"LOGIN_SHELL_FALLBACK", NULL},         \
+       {"MOTD_FIRSTONLY", NULL},               \
+ 
+

Reply via email to