change package name so "shadow-utils" won't attempt to update

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>

.gitignore

@@ -5,3 +5,8 @@ shadow-4.1.4.2.tar.bz2
 /shadow-4.1.5.1.tar.bz2.sig
 /shadow-4.2.1.tar.xz
 /shadow-4.2.1.tar.xz.sig
+/shadow-4.3.1.tar.gz
+/shadow-4.5.tar.xz
+/shadow-4.5.tar.xz.asc
+/shadow-4.6.tar.xz
+/shadow-4.6.tar.xz.asc

shadow-4.1.5-2ndskip.patch

@@ -1,100 +0,0 @@
-diff -up shadow-4.1.5/src/grpconv.c.2ndskip shadow-4.1.5/src/grpconv.c
---- shadow-4.1.5/src/grpconv.c.2ndskip	2012-06-18 13:08:34.438910815 +0200
-+++ shadow-4.1.5/src/grpconv.c	2012-06-18 13:12:51.270764552 +0200
-@@ -143,6 +143,7 @@ int main (int argc, char **argv)
- 	struct group grent;
- 	const struct sgrp *sg;
- 	struct sgrp sgent;
-+	char *np;
- 
- 	Prog = Basename (argv[0]);
- 
-@@ -184,20 +185,25 @@ int main (int argc, char **argv)
- 	 * Remove /etc/gshadow entries for groups not in /etc/group.
- 	 */
- 	(void) sgr_rewind ();
--	while ((sg = sgr_next ()) != NULL) {
--		if (gr_locate (sg->sg_name) != NULL) {
--			continue;
--		}
--
--		if (sgr_remove (sg->sg_name) == 0) {
--			/*
--			 * This shouldn't happen (the entry exists) but...
--			 */
--			fprintf (stderr,
--			         _("%s: cannot remove entry '%s' from %s\n"),
--			         Prog, sg->sg_name, sgr_dbname ());
--			fail_exit (3);
-+	sg = sgr_next ();
-+	np=NULL;
-+	while (sg != NULL) {
-+		np = strdup(sg->sg_name);
-+		sg = sgr_next ();
-+
-+		if(gr_locate (np) == NULL) {
-+			if (sgr_remove (np) == 0) {
-+				/*
-+				 * This shouldn't happen (the entry exists) but...
-+				 */
-+				fprintf (stderr,
-+					 _("%s: cannot remove entry '%s' from %s\n"),
-+					 Prog, np, sgr_dbname ());
-+				free(np);
-+				fail_exit (3);
-+			}
- 		}
-+		free(np);
- 	}
- 
- 	/*
-diff -up shadow-4.1.5/src/pwconv.c.2ndskip shadow-4.1.5/src/pwconv.c
---- shadow-4.1.5/src/pwconv.c.2ndskip	2012-06-18 11:23:33.938511797 +0200
-+++ shadow-4.1.5/src/pwconv.c	2012-06-18 12:57:18.396426194 +0200
-@@ -173,6 +173,7 @@ int main (int argc, char **argv)
- 	struct passwd pwent;
- 	const struct spwd *sp;
- 	struct spwd spent;
-+	char *np;
- 
- 	Prog = Basename (argv[0]);
- 
-@@ -223,20 +224,25 @@ int main (int argc, char **argv)
- 	 * Remove /etc/shadow entries for users not in /etc/passwd.
- 	 */
- 	(void) spw_rewind ();
--	while ((sp = spw_next ()) != NULL) {
--		if (pw_locate (sp->sp_namp) != NULL) {
--			continue;
--		}
--
--		if (spw_remove (sp->sp_namp) == 0) {
--			/*
--			 * This shouldn't happen (the entry exists) but...
--			 */
--			fprintf (stderr,
--			         _("%s: cannot remove entry '%s' from %s\n"),
--			         Prog, sp->sp_namp, spw_dbname ());
--			fail_exit (E_FAILURE);
-+	sp = spw_next ();
-+	np = NULL;
-+	while (sp != NULL) {
-+		np = strdup(sp->sp_namp);
-+		sp = spw_next ();
-+
-+		if (pw_locate (np) == NULL) {
-+			if (spw_remove (np) == 0) {
-+				/*
-+				 * This shouldn't happen (the entry exists) but...
-+				 */
-+				fprintf (stderr,
-+					 _("%s: cannot remove entry '%s' from %s\n"),
-+					 Prog, np, spw_dbname ());
-+				free(np);
-+				fail_exit (E_FAILURE);
-+			}
- 		}
-+		free(np);
- 	}
- 
- 	/*

shadow-4.1.5-uflg.patch

@@ -1,23 +0,0 @@
-diff -up shadow-4.1.5/libmisc/find_new_gid.c.uflg shadow-4.1.5/libmisc/find_new_gid.c
---- shadow-4.1.5/libmisc/find_new_gid.c.uflg	2011-07-30 01:10:27.000000000 +0200
-+++ shadow-4.1.5/libmisc/find_new_gid.c	2012-03-19 12:51:46.090554116 +0100
-@@ -68,7 +68,7 @@ int find_new_gid (bool sys_group,
- 			return -1;
- 		}
- 	} else {
--		gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
-+		gid_min = (gid_t) 1;
- 		gid_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1;
- 		gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
- 		if (gid_max < gid_min) {
-@@ -100,6 +100,10 @@ int find_new_gid (bool sys_group,
- 		return 0;
- 	}
- 
-+        /* if we did not find free preffered system gid, we start to look for
-+         * one in the range assigned to dynamic system IDs */
-+        if (sys_group)
-+                gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
- 
- 	/*
- 	 * Search the entire group file,

shadow-4.1.5.1-audit-owner.patch

@@ -1,32 +0,0 @@
-diff -up shadow-4.1.5.1/src/usermod.c.audit shadow-4.1.5.1/src/usermod.c
---- shadow-4.1.5.1/src/usermod.c.audit	2011-11-21 23:02:16.000000000 +0100
-+++ shadow-4.1.5.1/src/usermod.c	2013-06-14 14:54:20.237026550 +0200
-@@ -1513,6 +1513,14 @@ static void move_home (void)
- 			fail_exit (E_HOMEDIR);
- 		}
- 
-+#ifdef WITH_AUDIT
-+		if (uflg || gflg) {
-+			audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-+				      "changing home directory owner",
-+				      user_newname, (unsigned int) user_newid, 1);
-+		}
-+#endif
-+
- 		if (rename (user_home, user_newhome) == 0) {
- 			/* FIXME: rename above may have broken symlinks
- 			 *        pointing to the user's home directory
-@@ -1947,6 +1955,13 @@ int main (int argc, char **argv)
- 			 * ownership.
- 			 *
- 			 */
-+#ifdef WITH_AUDIT
-+			if (uflg || gflg) {
-+				audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
-+					      "changing home directory owner",
-+					      user_newname, (unsigned int) user_newid, 1);
-+			}
-+#endif
- 			if (chown_tree (dflg ? user_newhome : user_home,
- 			                user_id,
- 			                uflg ? user_newid  : (uid_t)-1,

shadow-4.1.5.1-backup-mode.patch

@@ -1,20 +0,0 @@
-diff -up shadow-4.1.5.1/lib/commonio.c.backup-mode shadow-4.1.5.1/lib/commonio.c
---- shadow-4.1.5.1/lib/commonio.c.backup-mode	2012-05-18 21:44:54.000000000 +0200
-+++ shadow-4.1.5.1/lib/commonio.c	2012-09-19 20:27:16.089444234 +0200
-@@ -301,15 +301,12 @@ static int create_backup (const char *ba
- 	struct utimbuf ub;
- 	FILE *bkfp;
- 	int c;
--	mode_t mask;
- 
- 	if (fstat (fileno (fp), &sb) != 0) {
- 		return -1;
- 	}
- 
--	mask = umask (077);
--	bkfp = fopen (backup, "w");
--	(void) umask (mask);
-+	bkfp = fopen_set_perms (backup, "w", &sb);
- 	if (NULL == bkfp) {
- 		return -1;
- 	}

shadow-4.1.5.1-default-range.patch

@@ -1,6 +1,7 @@
-diff -up shadow-4.1.5.1/lib/semanage.c.default-range shadow-4.1.5.1/lib/semanage.c
---- shadow-4.1.5.1/lib/semanage.c.default-range	2012-01-08 17:35:44.000000000 +0100
-+++ shadow-4.1.5.1/lib/semanage.c	2013-06-14 15:14:51.970237594 +0200
+Index: shadow-4.5/lib/semanage.c
+===================================================================
+--- shadow-4.5.orig/lib/semanage.c
++++ shadow-4.5/lib/semanage.c
 @@ -143,6 +143,7 @@ static int semanage_user_mod (semanage_h
  		goto done;
  	}

shadow-4.1.5.1-errmsg.patch

@@ -1,23 +0,0 @@
-diff -up shadow-4.1.5.1/src/useradd.c.logmsg shadow-4.1.5.1/src/useradd.c
---- shadow-4.1.5.1/src/useradd.c.logmsg	2013-02-20 15:41:44.000000000 +0100
-+++ shadow-4.1.5.1/src/useradd.c	2013-06-14 14:22:59.529661095 +0200
-@@ -1760,6 +1760,9 @@ static void create_home (void)
- 	if (access (user_home, F_OK) != 0) {
- #ifdef WITH_SELINUX
- 		if (set_selinux_file_context (user_home, NULL) != 0) {
-+			fprintf (stderr,
-+			         _("%s: cannot set SELinux context for home directory %s\n"),
-+			         Prog, user_home);
- 			fail_exit (E_HOMEDIR);
- 		}
- #endif
-@@ -1789,6 +1792,9 @@ static void create_home (void)
- #ifdef WITH_SELINUX
- 		/* Reset SELinux to create files with default contexts */
- 		if (reset_selinux_file_context () != 0) {
-+			fprintf (stderr,
-+			         _("%s: cannot reset SELinux file creation context\n"),
-+			         Prog);
- 			fail_exit (E_HOMEDIR);
- 		}
- #endif

shadow-4.1.5.1-info-parent-dir.patch

@@ -1,7 +1,8 @@
-diff -up shadow-4.1.5.1/man/newusers.8.xml.info-parent-dir shadow-4.1.5.1/man/newusers.8.xml
---- shadow-4.1.5.1/man/newusers.8.xml.info-parent-dir	2012-05-25 13:45:28.000000000 +0200
-+++ shadow-4.1.5.1/man/newusers.8.xml	2012-09-19 18:46:35.651613365 +0200
-@@ -216,7 +216,15 @@
+Index: shadow-4.5/man/newusers.8.xml
+===================================================================
+--- shadow-4.5.orig/man/newusers.8.xml
++++ shadow-4.5/man/newusers.8.xml
+@@ -218,7 +218,15 @@
  	  <para>
  	    If this field does not specify an existing directory, the
  	    specified directory is created, with ownership set to the

shadow-4.1.5.1-ingroup.patch

@@ -1,63 +0,0 @@
-diff -up shadow-4.1.5.1/src/newgrp.c.ingroup shadow-4.1.5.1/src/newgrp.c
---- shadow-4.1.5.1/src/newgrp.c.ingroup	2014-08-29 13:31:38.000000000 +0200
-+++ shadow-4.1.5.1/src/newgrp.c	2014-08-29 14:04:57.183849650 +0200
-@@ -83,15 +83,29 @@ static void usage (void)
- 	}
- }
- 
-+static bool ingroup(const char *name, struct group *gr)
-+{
-+	char **look;
-+	bool notfound = true;
-+
-+	look = gr->gr_mem;
-+	while (*look && notfound)
-+		notfound = strcmp (*look++, name);
-+
-+	return !notfound;
-+}
-+
- /*
-- * find_matching_group - search all groups of a given group id for
-+ * find_matching_group - search all groups of a gr's group id for
-  *                       membership of a given username
-+ *                       but check gr itself first
-  */
--static /*@null@*/struct group *find_matching_group (const char *name, gid_t gid)
-+static /*@null@*/struct group *find_matching_group (const char *name, struct group *gr)
- {
--	struct group *gr;
--	char **look;
--	bool notfound = true;
-+	gid_t gid = gr->gr_gid;
-+
-+	if (ingroup(name, gr))
-+		return gr;
- 
- 	setgrent ();
- 	while ((gr = getgrent ()) != NULL) {
-@@ -103,14 +117,8 @@ static /*@null@*/struct group *find_matc
- 		 * A group with matching GID was found.
- 		 * Test for membership of 'name'.
- 		 */
--		look = gr->gr_mem;
--		while ((NULL != *look) && notfound) {
--			notfound = (strcmp (*look, name) != 0);
--			look++;
--		}
--		if (!notfound) {
-+		if (ingroup(name, gr))
- 			break;
--		}
- 	}
- 	endgrent ();
- 	return gr;
-@@ -616,7 +624,7 @@ int main (int argc, char **argv)
- 	 * groups of the same GID like the requested group for
- 	 * membership of the current user.
- 	 */
--	grp = find_matching_group (name, grp->gr_gid);
-+	grp = find_matching_group (name, grp);
- 	if (NULL == grp) {
- 		/*
- 		 * No matching group found. As we already know that

shadow-4.1.5.1-logmsg.patch

@@ -1,7 +1,8 @@
-diff -up shadow-4.1.5.1/src/useradd.c.logmsg shadow-4.1.5.1/src/useradd.c
---- shadow-4.1.5.1/src/useradd.c.logmsg	2013-02-20 15:41:44.000000000 +0100
-+++ shadow-4.1.5.1/src/useradd.c	2013-03-19 18:40:04.908292810 +0100
-@@ -275,7 +275,7 @@ static void fail_exit (int code)
+Index: shadow-4.5/src/useradd.c
+===================================================================
+--- shadow-4.5.orig/src/useradd.c
++++ shadow-4.5/src/useradd.c
+@@ -323,7 +323,7 @@ static void fail_exit (int code)
  	              user_name, AUDIT_NO_ID,
  	              SHADOW_AUDIT_FAILURE);
  #endif

shadow-4.1.5.1-move-home.patch

@@ -1,15 +0,0 @@
-diff -up shadow-4.1.5.1/src/usermod.c.move-home shadow-4.1.5.1/src/usermod.c
---- shadow-4.1.5.1/src/usermod.c.move-home	2014-08-29 13:31:38.000000000 +0200
-+++ shadow-4.1.5.1/src/usermod.c	2014-08-29 14:14:13.860671177 +0200
-@@ -1571,6 +1571,11 @@ static void move_home (void)
- 			         Prog, user_home, user_newhome);
- 			fail_exit (E_HOMEDIR);
- 		}
-+	} else {
-+		fprintf (stderr,
-+		         _("%s: The previous home directory (%s) does "
-+		           "not exist or is inaccessible. Move cannot be completed.\n"),
-+		         Prog, user_home);
- 	}
- }
- 

shadow-4.1.5.1-selinux.patch

@@ -1,99 +0,0 @@
-diff -up shadow-4.1.5.1/lib/semanage.c.selinux shadow-4.1.5.1/lib/semanage.c
---- shadow-4.1.5.1/lib/semanage.c.selinux	2012-01-08 17:35:44.000000000 +0100
-+++ shadow-4.1.5.1/lib/semanage.c	2014-09-10 10:11:55.417506128 +0200
-@@ -294,6 +294,9 @@ int set_seuser (const char *login_name,
- 
- 	ret = 0;
- 
-+        /* drop obsolete matchpathcon cache */
-+        matchpathcon_fini();
-+
- done:
- 	semanage_seuser_key_free (key);
- 	semanage_handle_destroy (handle);
-@@ -369,6 +372,10 @@ int del_seuser (const char *login_name)
- 	}
- 
- 	ret = 0;
-+
-+        /* drop obsolete matchpathcon cache */
-+        matchpathcon_fini();
-+
- done:
- 	semanage_handle_destroy (handle);
- 	return ret;
-diff -up shadow-4.1.5.1/src/useradd.c.selinux shadow-4.1.5.1/src/useradd.c
---- shadow-4.1.5.1/src/useradd.c.selinux	2014-09-10 10:10:18.791280619 +0200
-+++ shadow-4.1.5.1/src/useradd.c	2014-09-10 10:10:18.798280781 +0200
-@@ -1850,6 +1850,7 @@ static void create_mail (void)
-  */
- int main (int argc, char **argv)
- {
-+	int rv = E_SUCCESS;
- #ifdef ACCT_TOOLS_SETUID
- #ifdef USE_PAM
- 	pam_handle_t *pamh = NULL;
-@@ -2037,10 +2038,33 @@ int main (int argc, char **argv)
- 
- 	usr_update ();
- 
-+	close_files ();
-+
-+	nscd_flush_cache ("passwd");
-+	nscd_flush_cache ("group");
-+
-+#ifdef WITH_SELINUX
-+	if (Zflg && *user_selinux) {
-+		if (is_selinux_enabled () > 0) {
-+		    if (set_seuser (user_name, user_selinux) != 0) {
-+			fprintf (stderr,
-+			         _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
-+			         Prog, user_name, user_selinux);
-+#ifdef WITH_AUDIT
-+			audit_logger (AUDIT_ADD_USER, Prog,
-+			              "adding SELinux user mapping",
-+			              user_name, (unsigned int) user_id, 0);
-+#endif				/* WITH_AUDIT */
-+			rv = E_SE_UPDATE;
-+		    }
-+		}
-+	}
-+#endif
-+
- 	if (mflg) {
- 		create_home ();
- 		if (home_added) {
--			copy_tree (def_template, user_home, false, false,
-+			copy_tree (def_template, user_home, false, true,
- 			           (uid_t)-1, user_id, (gid_t)-1, user_gid);
- 		} else {
- 			fprintf (stderr,
-@@ -2056,27 +2080,6 @@ int main (int argc, char **argv)
- 		create_mail ();
- 	}
- 
--	close_files ();
--
--#ifdef WITH_SELINUX
--	if (Zflg) {
--		if (set_seuser (user_name, user_selinux) != 0) {
--			fprintf (stderr,
--			         _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
--			         Prog, user_name, user_selinux);
--#ifdef WITH_AUDIT
--			audit_logger (AUDIT_ADD_USER, Prog,
--			              "adding SELinux user mapping",
--			              user_name, (unsigned int) user_id, 0);
--#endif				/* WITH_AUDIT */
--			fail_exit (E_SE_UPDATE);
--		}
--	}
--#endif				/* WITH_SELINUX */
--
--	nscd_flush_cache ("passwd");
--	nscd_flush_cache ("group");
--
--	return E_SUCCESS;
-+	return rv;
- }
- 

shadow-4.1.5.1-userdel-helpfix.patch

@@ -1,7 +1,8 @@
-diff -up shadow-4.1.5.1/src/userdel.c.userdel shadow-4.1.5.1/src/userdel.c
---- shadow-4.1.5.1/src/userdel.c.userdel	2012-05-25 13:51:55.000000000 +0200
-+++ shadow-4.1.5.1/src/userdel.c	2014-02-12 11:40:30.707686132 +0100
-@@ -130,8 +130,9 @@ static void usage (int status)
+Index: shadow-4.5/src/userdel.c
+===================================================================
+--- shadow-4.5.orig/src/userdel.c
++++ shadow-4.5/src/userdel.c
+@@ -143,8 +143,9 @@ static void usage (int status)
  	                  "\n"
  	                  "Options:\n"),
  	                Prog);

shadow-4.2.1-date-parsing.patch

@@ -1,6 +1,7 @@
-diff -up shadow-4.2.1/libmisc/getdate.y.date-parsing shadow-4.2.1/libmisc/getdate.y
---- shadow-4.2.1/libmisc/getdate.y.date-parsing	2014-03-01 18:50:05.000000000 +0100
-+++ shadow-4.2.1/libmisc/getdate.y	2014-11-26 14:58:21.208153924 +0100
+Index: shadow-4.5/libmisc/getdate.y
+===================================================================
+--- shadow-4.5.orig/libmisc/getdate.y
++++ shadow-4.5/libmisc/getdate.y
 @@ -152,6 +152,7 @@ static int	yyHaveDay;
  static int	yyHaveRel;
  static int	yyHaveTime;

shadow-4.2.1-defs-chroot.patch

@@ -1,24 +0,0 @@
-diff -up shadow-4.2.1/src/useradd.c.defs-chroot shadow-4.2.1/src/useradd.c
---- shadow-4.2.1/src/useradd.c.defs-chroot	2014-12-01 15:14:58.000000000 +0100
-+++ shadow-4.2.1/src/useradd.c	2015-08-27 15:46:21.935698862 +0200
-@@ -1938,8 +1938,8 @@ int main (int argc, char **argv)
- #endif				/* ACCT_TOOLS_SETUID */
- 
- 	/* Needed for userns check */
--	uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
--	uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
-+	uid_t uid_min;
-+	uid_t uid_max;
- 
- 	/*
- 	 * Get my name so that I can use it to report errors.
-@@ -1957,6 +1957,9 @@ int main (int argc, char **argv)
- 	audit_help_open ();
- #endif
- 
-+	uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
-+	uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
-+
- 	sys_ngroups = sysconf (_SC_NGROUPS_MAX);
- 	user_groups = (char **) xmalloc ((1 + sys_ngroups) * sizeof (char *));
- 	/*

shadow-4.2.1-lastlog-unexpire.patch

@@ -1,249 +0,0 @@
-diff -up shadow-4.2.1/man/lastlog.8.xml.unexpire shadow-4.2.1/man/lastlog.8.xml
---- shadow-4.2.1/man/lastlog.8.xml.unexpire	2014-03-01 19:59:51.000000000 +0100
-+++ shadow-4.2.1/man/lastlog.8.xml	2016-02-03 11:50:20.481293785 +0100
-@@ -105,6 +105,17 @@
-       </varlistentry>
-       <varlistentry>
- 	<term>
-+	  <option>-C</option>, <option>--clear</option>
-+	</term>
-+	<listitem>
-+	  <para>
-+	    Clear lastlog record of an user. This option can be used only together
-+	    with <option>-u</option> (<option>--user</option>)).
-+	  </para>
-+	</listitem>
-+      </varlistentry>
-+      <varlistentry>
-+	<term>
- 	  <option>-h</option>, <option>--help</option>
- 	</term>
- 	<listitem>
-@@ -123,6 +134,17 @@
- 	  </para>
- 	</listitem>
-       </varlistentry>
-+      <varlistentry>
-+	<term>
-+	  <option>-S</option>, <option>--set</option>
-+	</term>
-+	<listitem>
-+	  <para>
-+	    Set lastlog record of an user to the current time. This option can be
-+	    used only together with <option>-u</option> (<option>--user</option>)).
-+	  </para>
-+	</listitem>
-+      </varlistentry>
-       <varlistentry>
- 	<term>
- 	  <option>-t</option>, <option>--time</option>&nbsp;<replaceable>DAYS</replaceable>
-diff -up shadow-4.2.1/src/lastlog.c.unexpire shadow-4.2.1/src/lastlog.c
---- shadow-4.2.1/src/lastlog.c.unexpire	2014-03-01 19:59:51.000000000 +0100
-+++ shadow-4.2.1/src/lastlog.c	2016-02-03 11:35:26.971273603 +0100
-@@ -71,6 +71,8 @@ static struct stat statbuf;	/* fstat buf
- static bool uflg = false;	/* print only an user of range of users */
- static bool tflg = false;	/* print is restricted to most recent days */
- static bool bflg = false;	/* print excludes most recent days */
-+static bool Cflg = false;	/* clear record for user */
-+static bool Sflg = false;	/* set record for user */
- 
- #define	NOW	(time ((time_t *) 0))
- 
-@@ -83,8 +85,10 @@ static /*@noreturn@*/void usage (int sta
- 	                  "Options:\n"),
- 	                Prog);
- 	(void) fputs (_("  -b, --before DAYS             print only lastlog records older than DAYS\n"), usageout);
-+	(void) fputs (_("  -C, --clear                   clear lastlog record of an user (usable only with -u)\n"), usageout);
- 	(void) fputs (_("  -h, --help                    display this help message and exit\n"), usageout);
- 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
-+	(void) fputs (_("  -S, --set                     set lastlog record to current time (usable only with -u)\n"), usageout);
- 	(void) fputs (_("  -t, --time DAYS               print only lastlog records more recent than DAYS\n"), usageout);
- 	(void) fputs (_("  -u, --user LOGIN              print lastlog record of the specified LOGIN\n"), usageout);
- 	(void) fputs ("\n", usageout);
-@@ -194,6 +198,80 @@ static void print (void)
- 	}
- }
- 
-+static void update_one (/*@null@*/const struct passwd *pw)
-+{
-+	off_t offset;
-+	struct lastlog ll;
-+	int err;
-+
-+	if (NULL == pw) {
-+		return;
-+	}
-+
-+	offset = (off_t) pw->pw_uid * sizeof (ll);
-+	/* fseeko errors are not really relevant for us. */
-+	err = fseeko (lastlogfile, offset, SEEK_SET);
-+	assert (0 == err);
-+
-+	memzero (&ll, sizeof (ll));
-+
-+	if (Sflg) {
-+		ll.ll_time = NOW;
-+#ifdef HAVE_LL_HOST
-+		strcpy (ll.ll_host, "localhost");
-+#endif
-+		strcpy (ll.ll_line, "lastlog");
-+#ifdef WITH_AUDIT
-+		audit_logger (AUDIT_ACCT_UNLOCK, Prog,
-+			"clearing-lastlog",
-+			pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
-+#endif
-+	}
-+#ifdef WITH_AUDIT
-+	else {
-+		audit_logger (AUDIT_ACCT_UNLOCK, Prog,
-+			"refreshing-lastlog",
-+			pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
-+	}
-+#endif
-+
-+	if (fwrite (&ll, sizeof(ll), 1, lastlogfile) != 1) {
-+			fprintf (stderr,
-+			         _("%s: Failed to update the entry for UID %lu\n"),
-+			         Prog, (unsigned long int)pw->pw_uid);
-+			exit (EXIT_FAILURE);
-+	}
-+}
-+
-+static void update (void)
-+{
-+	const struct passwd *pwent;
-+
-+	if (!uflg) /* safety measure */
-+		return;
-+
-+	if (has_umin && has_umax && (umin == umax)) {
-+		update_one (getpwuid ((uid_t)umin));
-+	} else {
-+		setpwent ();
-+		while ( (pwent = getpwent ()) != NULL ) {
-+			if ((has_umin && (pwent->pw_uid < (uid_t)umin))
-+				|| (has_umax && (pwent->pw_uid > (uid_t)umax))) {
-+				continue;
-+			}
-+			update_one (pwent);
-+		}
-+		endpwent ();
-+	}
-+
-+	if (fflush (lastlogfile) != 0 || fsync (fileno (lastlogfile)) != 0) {
-+			fprintf (stderr,
-+			         _("%s: Failed to update the lastlog file\n"),
-+			         Prog);
-+			exit (EXIT_FAILURE);
-+	}
-+}
-+
- int main (int argc, char **argv)
- {
- 	/*
-@@ -208,18 +286,24 @@ int main (int argc, char **argv)
- 
- 	process_root_flag ("-R", argc, argv);
- 
-+#ifdef WITH_AUDIT
-+	audit_help_open ();
-+#endif
-+
- 	{
- 		int c;
- 		static struct option const longopts[] = {
- 			{"before", required_argument, NULL, 'b'},
-+			{"clear",  no_argument,       NULL, 'C'},
- 			{"help",   no_argument,       NULL, 'h'},
- 			{"root",   required_argument, NULL, 'R'},
-+			{"set",    no_argument,       NULL, 'S'},
- 			{"time",   required_argument, NULL, 't'},
- 			{"user",   required_argument, NULL, 'u'},
- 			{NULL, 0, NULL, '\0'}
- 		};
- 
--		while ((c = getopt_long (argc, argv, "b:hR:t:u:", longopts,
-+		while ((c = getopt_long (argc, argv, "b:ChR:St:u:", longopts,
- 		                         NULL)) != -1) {
- 			switch (c) {
- 			case 'b':
-@@ -235,11 +319,21 @@ int main (int argc, char **argv)
- 				bflg = true;
- 				break;
- 			}
-+			case 'C':
-+			{
-+				Cflg = true;
-+				break;
-+			}
- 			case 'h':
- 				usage (EXIT_SUCCESS);
- 				/*@notreached@*/break;
- 			case 'R': /* no-op, handled in process_root_flag () */
- 				break;
-+			case 'S':
-+			{
-+				Sflg = true;
-+				break;
-+			}
- 			case 't':
- 			{
- 				unsigned long days;
-@@ -294,9 +388,21 @@ int main (int argc, char **argv)
- 			         Prog, argv[optind]);
- 			usage (EXIT_FAILURE);
- 		}
-+		if (Cflg && Sflg) {
-+			fprintf (stderr,
-+			         _("%s: Option -C cannot be used together with option -S\n"),
-+			         Prog);
-+			usage (EXIT_FAILURE);
-+		}
-+		if ((Cflg || Sflg) && !uflg) {
-+			fprintf (stderr,
-+			         _("%s: Options -C and -S require option -u to specify the user\n"),
-+			         Prog);
-+			usage (EXIT_FAILURE);
-+		}
- 	}
- 
--	lastlogfile = fopen (LASTLOG_FILE, "r");
-+	lastlogfile = fopen (LASTLOG_FILE, (Cflg || Sflg)?"r+":"r");
- 	if (NULL == lastlogfile) {
- 		perror (LASTLOG_FILE);
- 		exit (EXIT_FAILURE);
-@@ -310,7 +416,10 @@ int main (int argc, char **argv)
- 		exit (EXIT_FAILURE);
- 	}
- 
--	print ();
-+	if (Cflg || Sflg)
-+		update ();
-+	else
-+		print ();
- 
- 	(void) fclose (lastlogfile);
- 
-diff -up shadow-4.2.1/src/Makefile.am.unexpire shadow-4.2.1/src/Makefile.am
---- shadow-4.2.1/src/Makefile.am.unexpire	2014-05-08 10:43:11.000000000 +0200
-+++ shadow-4.2.1/src/Makefile.am	2016-02-03 11:35:26.971273603 +0100
-@@ -95,6 +95,7 @@ groupmod_LDADD = $(LDADD) $(LIBPAM_SUID)
- grpck_LDADD    = $(LDADD) $(LIBSELINUX)
- grpconv_LDADD  = $(LDADD) $(LIBSELINUX)
- grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
-+lastlog_LDADD   = $(LDADD) $(LIBAUDIT)
- login_SOURCES  = \
- 	login.c \
- 	login_nopam.c
-diff -up shadow-4.2.1/src/Makefile.in.unexpire shadow-4.2.1/src/Makefile.in
---- shadow-4.2.1/src/Makefile.in.unexpire	2014-05-09 18:49:48.000000000 +0200
-+++ shadow-4.2.1/src/Makefile.in	2016-02-03 11:35:26.972273609 +0100
-@@ -197,7 +197,7 @@ id_DEPENDENCIES = $(am__DEPENDENCIES_1)
- 	$(top_builddir)/lib/libshadow.la
- lastlog_SOURCES = lastlog.c
- lastlog_OBJECTS = lastlog.$(OBJEXT)
--lastlog_LDADD = $(LDADD)
-+lastlog_LDADD = $(LDADD) $(LIBAUDIT)
- lastlog_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
- 	$(top_builddir)/libmisc/libmisc.a \
- 	$(top_builddir)/lib/libshadow.la

shadow-4.2.1-merge-group.patch

@@ -1,13 +0,0 @@
-diff -up shadow-4.2.1/lib/groupio.c.merge-group shadow-4.2.1/lib/groupio.c
---- shadow-4.2.1/lib/groupio.c.merge-group	2014-11-26 14:33:54.039581662 +0100
-+++ shadow-4.2.1/lib/groupio.c	2014-11-26 14:46:02.841852886 +0100
-@@ -335,8 +335,7 @@ static /*@null@*/struct commonio_entry *
- 		errno = ENOMEM;
- 		return NULL;
- 	}
--	snprintf(new_line, new_line_len, "%s\n%s", gr1->line, gr2->line);
--	new_line[new_line_len] = '\0';
-+	snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line);
- 
- 	/* Concatenate the 2 list of members */
- 	for (i=0; NULL != gptr1->gr_mem[i]; i++);

shadow-4.2.1-no-lock-dos.patch

@@ -1,6 +1,7 @@
-diff -up shadow-4.2.1/lib/commonio.c.no-lock-dos shadow-4.2.1/lib/commonio.c
---- shadow-4.2.1/lib/commonio.c.no-lock-dos	2015-08-27 15:09:17.101537812 +0200
-+++ shadow-4.2.1/lib/commonio.c	2015-08-27 15:11:06.643011248 +0200
+Index: shadow-4.5/lib/commonio.c
+===================================================================
+--- shadow-4.5.orig/lib/commonio.c
++++ shadow-4.5/lib/commonio.c
 @@ -140,7 +140,10 @@ static int do_lock_file (const char *fil
  	int retval;
  	char buf[32];

shadow-4.2.1-null-tm.patch

@@ -0,0 +1,91 @@
+Index: shadow-4.5/src/faillog.c
+===================================================================
+--- shadow-4.5.orig/src/faillog.c
++++ shadow-4.5/src/faillog.c
+@@ -163,10 +163,14 @@ static void print_one (/*@null@*/const s
+ 	}
+ 
+ 	tm = localtime (&fl.fail_time);
++	if (tm == NULL) {
++		cp = "(unknown)";
++	} else {
+ #ifdef HAVE_STRFTIME
+-	strftime (ptime, sizeof (ptime), "%D %H:%M:%S %z", tm);
+-	cp = ptime;
++		strftime (ptime, sizeof (ptime), "%D %H:%M:%S %z", tm);
++		cp = ptime;
+ #endif
++	}
+ 	printf ("%-9s   %5d    %5d   ",
+ 	        pw->pw_name, fl.fail_cnt, fl.fail_max);
+ 	/* FIXME: cp is not defined ifndef HAVE_STRFTIME */
+Index: shadow-4.5/src/chage.c
+===================================================================
+--- shadow-4.5.orig/src/chage.c
++++ shadow-4.5/src/chage.c
+@@ -168,6 +168,10 @@ static void date_to_str (char *buf, size
+ 	struct tm *tp;
+ 
+ 	tp = gmtime (&date);
++	if (tp == NULL) {
++		(void) snprintf (buf, maxsize, "(unknown)");
++		return;
++	}
+ #ifdef HAVE_STRFTIME
+ 	(void) strftime (buf, maxsize, "%Y-%m-%d", tp);
+ #else
+Index: shadow-4.5/src/lastlog.c
+===================================================================
+--- shadow-4.5.orig/src/lastlog.c
++++ shadow-4.5/src/lastlog.c
+@@ -158,13 +158,17 @@ static void print_one (/*@null@*/const s
+ 
+ 	ll_time = ll.ll_time;
+ 	tm = localtime (&ll_time);
++	if (tm == NULL) {
++		cp = "(unknown)";
++	} else {
+ #ifdef HAVE_STRFTIME
+-	strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
+-	cp = ptime;
++		strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
++		cp = ptime;
+ #else
+-	cp = asctime (tm);
+-	cp[24] = '\0';
++		cp = asctime (tm);
++		cp[24] = '\0';
+ #endif
++	}
+ 
+ 	if (ll.ll_time == (time_t) 0) {
+ 		cp = _("**Never logged in**\0");
+Index: shadow-4.5/src/passwd.c
+===================================================================
+--- shadow-4.5.orig/src/passwd.c
++++ shadow-4.5/src/passwd.c
+@@ -455,6 +455,9 @@ static /*@observer@*/const char *date_to
+ 	struct tm *tm;
+ 
+ 	tm = gmtime (&t);
++	if (tm == NULL) {
++		return "(unknown)";
++	}
+ #ifdef HAVE_STRFTIME
+ 	(void) strftime (buf, sizeof buf, "%m/%d/%Y", tm);
+ #else				/* !HAVE_STRFTIME */
+Index: shadow-4.5/src/usermod.c
+===================================================================
+--- shadow-4.5.orig/src/usermod.c
++++ shadow-4.5/src/usermod.c
+@@ -210,6 +210,10 @@ static void date_to_str (/*@unique@*//*@
+ 	} else {
+ 		time_t t = (time_t) date;
+ 		tp = gmtime (&t);
++		if (tp == NULL) {
++			strncpy (buf, "unknown", maxsize);
++			return;
++		}
+ #ifdef HAVE_STRFTIME
+ 		strftime (buf, maxsize, "%Y-%m-%d", tp);
+ #else

shadow-4.2.1-user-busy.patch

@@ -1,48 +0,0 @@
-From d2fa8c5d4b0b19445562daf78d3a62421fe8d6b8 Mon Sep 17 00:00:00 2001
-From: Bastian Blank <bastian.blank@credativ.de>
-Date: Tue, 17 Nov 2015 10:52:24 -0600
-Subject: [PATCH] Fix user busy errors at userdel
-
-From: Bastian Blank <bastian.blank@credativ.de>
-Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
----
- libmisc/user_busy.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/libmisc/user_busy.c b/libmisc/user_busy.c
-index db7174a..0db32c3 100644
---- a/libmisc/user_busy.c
-+++ b/libmisc/user_busy.c
-@@ -175,6 +175,9 @@ static int user_busy_processes (const char *name, uid_t uid)
- 	if (stat ("/", &sbroot) != 0) {
- 		perror ("stat (\"/\")");
- 		(void) closedir (proc);
-+#ifdef ENABLE_SUBIDS
-+		sub_uid_close();
-+#endif
- 		return 0;
- 	}
- 
-@@ -212,6 +215,9 @@ static int user_busy_processes (const char *name, uid_t uid)
- 
- 		if (check_status (name, tmp_d_name, uid) != 0) {
- 			(void) closedir (proc);
-+#ifdef ENABLE_SUBIDS
-+			sub_uid_close();
-+#endif
- 			fprintf (stderr,
- 			         _("%s: user %s is currently used by process %d\n"),
- 			         Prog, name, pid);
-@@ -232,6 +238,9 @@ static int user_busy_processes (const char *name, uid_t uid)
- 				}
- 				if (check_status (name, task_path+6, uid) != 0) {
- 					(void) closedir (proc);
-+#ifdef ENABLE_SUBIDS
-+					sub_uid_close();
-+#endif
- 					fprintf (stderr,
- 					         _("%s: user %s is currently used by process %d\n"),
- 					         Prog, name, pid);
--- 
-2.5.0
-

shadow-4.3.1-manfix.patch

@@ -1,6 +1,7 @@
-diff -up shadow-4.2.1/man/groupmems.8.xml.manfix shadow-4.2.1/man/groupmems.8.xml
---- shadow-4.2.1/man/groupmems.8.xml.manfix	2014-03-01 19:59:51.000000000 +0100
-+++ shadow-4.2.1/man/groupmems.8.xml	2015-11-06 14:21:03.013060324 +0100
+Index: shadow-4.5/man/groupmems.8.xml
+===================================================================
+--- shadow-4.5.orig/man/groupmems.8.xml
++++ shadow-4.5/man/groupmems.8.xml
 @@ -179,20 +179,10 @@
    <refsect1 id='setup'>
      <title>SETUP</title>
@@ -25,9 +26,10 @@ diff -up shadow-4.2.1/man/groupmems.8.xml.manfix shadow-4.2.1/man/groupmems.8.xm
    </refsect1>
  
    <refsect1 id='configuration'>
-diff -up shadow-4.2.1/man/chage.1.xml.manfix shadow-4.2.1/man/chage.1.xml
---- shadow-4.2.1/man/chage.1.xml.manfix	2014-03-01 19:59:51.000000000 +0100
-+++ shadow-4.2.1/man/chage.1.xml	2014-11-26 15:34:51.256978960 +0100
+Index: shadow-4.5/man/chage.1.xml
+===================================================================
+--- shadow-4.5.orig/man/chage.1.xml
++++ shadow-4.5/man/chage.1.xml
 @@ -102,6 +102,9 @@
  	    Set the number of days since January 1st, 1970 when the password
  	    was last changed. The date may also be expressed in the format
@@ -38,10 +40,25 @@ diff -up shadow-4.2.1/man/chage.1.xml.manfix shadow-4.2.1/man/chage.1.xml
  	  </para>
  	</listitem>
        </varlistentry>
-diff -up shadow-4.2.1/man/ja/man5/login.defs.5.manfix shadow-4.2.1/man/ja/man5/login.defs.5
---- shadow-4.2.1/man/ja/man5/login.defs.5.manfix	2014-03-01 19:59:51.000000000 +0100
-+++ shadow-4.2.1/man/ja/man5/login.defs.5	2016-01-08 09:58:29.591702354 +0100
-@@ -147,10 +147,6 @@ 以下の参照表は、
+@@ -119,6 +122,13 @@
+ 	    system again.
+ 	  </para>
+ 	  <para>
++	    For example the following can be used to set an account to expire
++	    in 180 days:
++	  </para>
++	  <programlisting>
++	    chage -E $(date -d +180days +%Y-%m-%d)
++	  </programlisting>
++	  <para>
+ 	    Passing the number <emphasis remap='I'>-1</emphasis> as the
+ 	    <replaceable>EXPIRE_DATE</replaceable> will remove an account
+ 	    expiration date.
+Index: shadow-4.5/man/ja/man5/login.defs.5
+===================================================================
+--- shadow-4.5.orig/man/ja/man5/login.defs.5
++++ shadow-4.5/man/ja/man5/login.defs.5
+@@ -147,10 +147,6 @@ PASS_MAX_DAYS, PASS_MIN_DAYS, PASS_WARN_
  shadow パスワード機能のどのプログラムが
  どのパラメータを使用するかを示したものである。
  .na
@@ -52,9 +69,10 @@ diff -up shadow-4.2.1/man/ja/man5/login.defs.5.manfix shadow-4.2.1/man/ja/man5/l
  .IP groupadd 12
  GID_MAX GID_MIN
  .IP newusers 12
-diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.xml
---- shadow-4.2.1/man/login.defs.5.xml.manfix	2014-03-13 06:52:55.000000000 +0100
-+++ shadow-4.2.1/man/login.defs.5.xml	2016-01-08 09:59:35.854169787 +0100
+Index: shadow-4.5/man/login.defs.5.xml
+===================================================================
+--- shadow-4.5.orig/man/login.defs.5.xml
++++ shadow-4.5/man/login.defs.5.xml
 @@ -162,6 +162,17 @@
        long numeric parameters is machine-dependent.
      </para>
@@ -73,7 +91,7 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
      <para>The following configuration items are provided:</para>
  
      <variablelist remap='IP'>
-@@ -252,26 +263,6 @@
+@@ -252,16 +263,6 @@
  	</listitem>
        </varlistentry>
        <varlistentry>
@@ -87,20 +105,10 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
 -	</listitem>
 -      </varlistentry>
 -      <varlistentry>
--	<term>chgpasswd</term>
--	<listitem>
--	  <para>
--	    ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
--	    <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
--	    SHA_CRYPT_MIN_ROUNDS</phrase>
--	  </para>
--	</listitem>
--      </varlistentry>
--      <varlistentry>
- 	<term>chpasswd</term>
+ 	<term>chgpasswd</term>
  	<listitem>
  	  <para>
-@@ -282,14 +273,6 @@
+@@ -282,14 +283,6 @@
  	  </para>
  	</listitem>
        </varlistentry>
@@ -115,7 +123,7 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
        <!-- expiry: no variables (CONSOLE_GROUPS linked, but not used) -->
        <!-- faillog: no variables -->
        <varlistentry>
-@@ -350,34 +333,6 @@
+@@ -350,34 +343,6 @@
        </varlistentry>
        <!-- id: no variables -->
        <!-- lastlog: no variables -->
@@ -150,7 +158,7 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
        <!-- logoutd: no variables -->
        <varlistentry>
  	<term>newgrp / sg</term>
-@@ -405,17 +360,6 @@
+@@ -405,17 +370,6 @@
  	</listitem>
        </varlistentry>
        <!-- nologin: no variables -->
@@ -168,7 +176,7 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
        <varlistentry>
  	<term>pwck</term>
  	<listitem>
-@@ -442,32 +386,6 @@
+@@ -442,32 +396,6 @@
  	  </para>
  	</listitem>
        </varlistentry>
@@ -201,9 +209,10 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
        <varlistentry>
  	<term>useradd</term>
  	<listitem>
-diff -up shadow-4.2.1/man/shadow.5.xml.manfix shadow-4.2.1/man/shadow.5.xml
---- shadow-4.2.1/man/shadow.5.xml.manfix	2014-03-01 19:59:51.000000000 +0100
-+++ shadow-4.2.1/man/shadow.5.xml	2015-10-27 16:54:29.304231353 +0100
+Index: shadow-4.5/man/shadow.5.xml
+===================================================================
+--- shadow-4.5.orig/man/shadow.5.xml
++++ shadow-4.5/man/shadow.5.xml
 @@ -208,8 +208,8 @@
  	  </para>
  	  <para>
@@ -215,10 +224,11 @@ diff -up shadow-4.2.1/man/shadow.5.xml.manfix shadow-4.2.1/man/shadow.5.xml
  	  </para>
  	  <para>
  	    An empty field means that there are no enforcement of an
-diff -up shadow-4.2.1/man/useradd.8.xml.manfix shadow-4.2.1/man/useradd.8.xml
---- shadow-4.2.1/man/useradd.8.xml.manfix	2014-11-26 15:34:51.234978891 +0100
-+++ shadow-4.2.1/man/useradd.8.xml	2014-11-26 15:34:51.257978963 +0100
-@@ -347,11 +347,16 @@
+Index: shadow-4.5/man/useradd.8.xml
+===================================================================
+--- shadow-4.5.orig/man/useradd.8.xml
++++ shadow-4.5/man/useradd.8.xml
+@@ -347,6 +347,11 @@
  	    <option>CREATE_HOME</option> is not enabled, no home
  	    directories are created.
  	  </para>
@@ -230,15 +240,10 @@ diff -up shadow-4.2.1/man/useradd.8.xml.manfix shadow-4.2.1/man/useradd.8.xml
  	</listitem>
        </varlistentry>
        <varlistentry>
- 	<term>
--	  <option>-M</option>
-+	  <option>-M</option>, <option>--no-create-home</option>
- 	</term>
- 	<listitem>
- 	  <para>
-diff -up shadow-4.2.1/man/usermod.8.xml.manfix shadow-4.2.1/man/usermod.8.xml
---- shadow-4.2.1/man/usermod.8.xml.manfix	2014-03-01 19:59:51.000000000 +0100
-+++ shadow-4.2.1/man/usermod.8.xml	2014-11-26 15:34:51.257978963 +0100
+Index: shadow-4.5/man/usermod.8.xml
+===================================================================
+--- shadow-4.5.orig/man/usermod.8.xml
++++ shadow-4.5/man/usermod.8.xml
 @@ -132,7 +132,8 @@
  	    If the <option>-m</option>
  	    option is given, the contents of the current home directory will

shadow-4.3.1-selinux-perms.patch

@@ -0,0 +1,277 @@
+Index: shadow-4.5/src/chgpasswd.c
+===================================================================
+--- shadow-4.5.orig/src/chgpasswd.c
++++ shadow-4.5/src/chgpasswd.c
+@@ -39,6 +39,13 @@
+ #include <pwd.h>
+ #include <stdio.h>
+ #include <stdlib.h>
++#ifdef WITH_SELINUX
++#include <selinux/selinux.h>
++#include <selinux/avc.h>
++#endif
++#ifdef WITH_LIBAUDIT
++#include <libaudit.h>
++#endif
+ #ifdef ACCT_TOOLS_SETUID
+ #ifdef USE_PAM
+ #include "pam_defs.h"
+@@ -76,6 +83,9 @@ static bool sgr_locked = false;
+ #endif
+ static bool gr_locked = false;
+ 
++/* The name of the caller */
++static char *myname = NULL;
++
+ /* local function prototypes */
+ static void fail_exit (int code);
+ static /*@noreturn@*/void usage (int status);
+@@ -300,6 +310,63 @@ static void check_perms (void)
+ #endif				/* ACCT_TOOLS_SETUID */
+ }
+ 
++#ifdef WITH_SELINUX
++static int
++log_callback (int type, const char *fmt, ...)
++{
++    int audit_fd;
++    va_list ap;
++
++    va_start(ap, fmt);
++#ifdef WITH_AUDIT
++    audit_fd = audit_open();
++
++    if (audit_fd >= 0) {
++	char *buf;
++
++	if (vasprintf (&buf, fmt, ap) < 0)
++		goto ret;
++	audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
++				   NULL, 0);
++	audit_close(audit_fd);
++	free(buf);
++	goto ret;
++    }
++
++#endif
++    vsyslog (LOG_USER | LOG_INFO, fmt, ap);
++ret:
++    va_end(ap);
++    return 0;
++}
++
++static void
++selinux_check_root (void)
++{
++    int status = -1;
++    security_context_t user_context;
++    union selinux_callback old_callback;
++
++    if (is_selinux_enabled() < 1)
++	return;
++
++    old_callback = selinux_get_callback(SELINUX_CB_LOG);
++    /* setup callbacks */
++    selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) &log_callback);
++    if ((status = getprevcon(&user_context)) < 0) {
++	selinux_set_callback(SELINUX_CB_LOG, old_callback);
++	exit(1);
++    }
++
++    status = selinux_check_access(user_context, user_context, "passwd", "passwd", NULL);
++
++    selinux_set_callback(SELINUX_CB_LOG, old_callback);
++    freecon(user_context);
++    if (status != 0 && security_getenforce() != 0)
++	exit(1);
++}
++#endif
++
+ /*
+  * open_files - lock and open the group databases
+  */
+@@ -393,6 +460,7 @@ int main (int argc, char **argv)
+ 
+ 	const struct group *gr;
+ 	struct group newgr;
++	struct passwd *pw = NULL;
+ 	int errors = 0;
+ 	int line = 0;
+ 
+@@ -408,8 +476,33 @@ int main (int argc, char **argv)
+ 
+ 	OPENLOG ("chgpasswd");
+ 
++#ifdef WITH_AUDIT
++	audit_help_open ();
++#endif
++
++	/*
++	 * Determine the name of the user that invoked this command. This
++	 * is really hit or miss because there are so many ways that command
++	 * can be executed and so many ways to trip up the routines that
++	 * report the user name.
++	 */
++	pw = get_my_pwent ();
++	if (NULL == pw) {
++		fprintf (stderr, _("%s: Cannot determine your user name.\n"),
++		         Prog);
++		SYSLOG ((LOG_WARN,
++		         "Cannot determine the user name of the caller (UID %lu)",
++		         (unsigned long) getuid ()));
++		exit (E_NOPERM);
++	}
++	myname = xstrdup (pw->pw_name);
++
+ 	check_perms ();
+ 
++#ifdef WITH_SELINUX
++	selinux_check_root ();
++#endif
++
+ #ifdef SHADOWGRP
+ 	is_shadow_grp = sgr_file_present ();
+ #endif
+@@ -536,6 +629,15 @@ int main (int argc, char **argv)
+ 			newgr.gr_passwd = cp;
+ 		}
+ 
++#ifdef WITH_AUDIT
++		{
++
++			audit_logger_with_group (AUDIT_GRP_CHAUTHTOK, Prog,
++		              "change-password",
++		              myname, AUDIT_NO_ID, gr->gr_name,
++		              SHADOW_AUDIT_SUCCESS);
++		}
++#endif
+ 		/* 
+ 		 * The updated group file entry is then put back and will
+ 		 * be written to the group file later, after all the
+Index: shadow-4.5/src/chpasswd.c
+===================================================================
+--- shadow-4.5.orig/src/chpasswd.c
++++ shadow-4.5/src/chpasswd.c
+@@ -39,6 +39,13 @@
+ #include <pwd.h>
+ #include <stdio.h>
+ #include <stdlib.h>
++#ifdef WITH_SELINUX
++#include <selinux/selinux.h>
++#include <selinux/avc.h>
++#endif
++#ifdef WITH_LIBAUDIT
++#include <libaudit.h>
++#endif
+ #ifdef USE_PAM
+ #include "pam_defs.h"
+ #endif				/* USE_PAM */
+@@ -297,6 +304,63 @@ static void check_perms (void)
+ #endif				/* USE_PAM */
+ }
+ 
++#ifdef WITH_SELINUX
++static int
++log_callback (int type, const char *fmt, ...)
++{
++    int audit_fd;
++    va_list ap;
++
++    va_start(ap, fmt);
++#ifdef WITH_AUDIT
++    audit_fd = audit_open();
++
++    if (audit_fd >= 0) {
++	char *buf;
++
++	if (vasprintf (&buf, fmt, ap) < 0)
++		goto ret;
++	audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
++				   NULL, 0);
++	audit_close(audit_fd);
++	free(buf);
++	goto ret;
++    }
++
++#endif
++    vsyslog (LOG_USER | LOG_INFO, fmt, ap);
++ret:
++    va_end(ap);
++    return 0;
++}
++
++static void
++selinux_check_root (void)
++{
++    int status = -1;
++    security_context_t user_context;
++    union selinux_callback old_callback;
++
++    if (is_selinux_enabled() < 1)
++	return;
++
++    old_callback = selinux_get_callback(SELINUX_CB_LOG);
++    /* setup callbacks */
++    selinux_set_callback(SELINUX_CB_LOG, (union selinux_callback) &log_callback);
++    if ((status = getprevcon(&user_context)) < 0) {
++	selinux_set_callback(SELINUX_CB_LOG, old_callback);
++	exit(1);
++    }
++
++    status = selinux_check_access(user_context, user_context, "passwd", "passwd", NULL);
++
++    selinux_set_callback(SELINUX_CB_LOG, old_callback);
++    freecon(user_context);
++    if (status != 0 && security_getenforce() != 0)
++	exit(1);
++}
++#endif
++
+ /*
+  * open_files - lock and open the password databases
+  */
+@@ -405,8 +469,16 @@ int main (int argc, char **argv)
+ 
+ 	OPENLOG ("chpasswd");
+ 
++#ifdef WITH_AUDIT
++	audit_help_open ();
++#endif
++
+ 	check_perms ();
+ 
++#ifdef WITH_SELINUX
++	selinux_check_root ();
++#endif
++
+ #ifdef USE_PAM
+ 	if (!use_pam)
+ #endif				/* USE_PAM */
+@@ -566,6 +638,11 @@ int main (int argc, char **argv)
+ 			newpw.pw_passwd = cp;
+ 		}
+ 
++#ifdef WITH_AUDIT
++		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
++		              "updating-password",
++		              pw->pw_name, (unsigned int) pw->pw_uid, 1);
++#endif
+ 		/* 
+ 		 * The updated password file entry is then put back and will
+ 		 * be written to the password file later, after all the
+Index: shadow-4.5/src/Makefile.am
+===================================================================
+--- shadow-4.5.orig/src/Makefile.am
++++ shadow-4.5/src/Makefile.am
+@@ -87,9 +87,9 @@ chage_LDADD    = $(LDADD) $(LIBPAM_SUID)
+ newuidmap_LDADD    = $(LDADD) $(LIBSELINUX)
+ newgidmap_LDADD    = $(LDADD) $(LIBSELINUX)
+ chfn_LDADD     = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
+-chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
++chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBAUDIT) $(LIBCRYPT)
+ chsh_LDADD     = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
+-chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
++chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBAUDIT) $(LIBCRYPT)
+ gpasswd_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
+ groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
+ groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)

shadow-4.5-crypt_h.patch

@@ -0,0 +1,41 @@
+Index: shadow-4.5/configure.ac
+===================================================================
+--- shadow-4.5.orig/configure.ac
++++ shadow-4.5/configure.ac
+@@ -32,9 +32,9 @@ AC_HEADER_STDC
+ AC_HEADER_SYS_WAIT
+ AC_HEADER_STDBOOL
+ 
+-AC_CHECK_HEADERS(errno.h fcntl.h limits.h unistd.h sys/time.h utmp.h \
+-	utmpx.h termios.h termio.h sgtty.h sys/ioctl.h syslog.h paths.h \
+-	utime.h ulimit.h sys/resource.h gshadow.h lastlog.h \
++AC_CHECK_HEADERS(crypt.h errno.h fcntl.h limits.h unistd.h sys/time.h \
++	utmp.h utmpx.h termios.h termio.h sgtty.h sys/ioctl.h syslog.h \
++	paths.h utime.h ulimit.h sys/resource.h gshadow.h lastlog.h \
+ 	locale.h rpc/key_prot.h netdb.h acl/libacl.h attr/libattr.h \
+ 	attr/error_context.h)
+ 
+Index: shadow-4.5/lib/defines.h
+===================================================================
+--- shadow-4.5.orig/lib/defines.h
++++ shadow-4.5/lib/defines.h
+@@ -4,6 +4,8 @@
+ #ifndef _DEFINES_H_
+ #define _DEFINES_H_
+ 
++#include "config.h"
++
+ #if HAVE_STDBOOL_H
+ # include <stdbool.h>
+ #else
+@@ -94,6 +96,10 @@ char *strchr (), *strrchr (), *strtok ()
+ # include <unistd.h>
+ #endif
+ 
++#if HAVE_CRYPT_H
++# include <crypt.h>		/* crypt(3) may be defined in here */
++#endif
++
+ #if TIME_WITH_SYS_TIME
+ # include <sys/time.h>
+ # include <time.h>

shadow-4.5-goodname.patch

@@ -1,7 +1,8 @@
-diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chkname.c
---- shadow-4.1.5.1/libmisc/chkname.c.goodname	2009-07-13 00:24:45.000000000 +0200
-+++ shadow-4.1.5.1/libmisc/chkname.c	2014-09-09 17:35:17.207303124 +0200
-@@ -47,27 +47,42 @@
+Index: shadow-4.5/libmisc/chkname.c
+===================================================================
+--- shadow-4.5.orig/libmisc/chkname.c
++++ shadow-4.5/libmisc/chkname.c
+@@ -47,27 +47,46 @@
  #include "chkname.h"
  
  static bool is_valid_name (const char *name)
@@ -18,16 +19,18 @@ diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chknam
 +         * as a non-POSIX, extension, allow "$" as the last char for
 +         * sake of Samba 3.x "add machine script"
 +         *
-+         * Also do not allow fully numeric names.
++         * Also do not allow fully numeric names or just "." or "..".
 +         */
 +	int numeric;
 +
-+	if ( ('\0' == *name) ||
-+             !((*name >= 'a' && *name <= 'z') ||
-+               (*name >= 'A' && *name <= 'Z') ||
-+               (*name >= '0' && *name <= '9') ||
-+               (*name == '_') || (*name == '.') 
-+	      )) {
++	if ('\0' == *name ||
++	    ('.' == *name && (('.' == name[1] && '\0' == name[2]) ||
++			      '\0' == name[1])) ||
++	    !((*name >= 'a' && *name <= 'z') ||
++	      (*name >= 'A' && *name <= 'Z') ||
++	      (*name >= '0' && *name <= '9') ||
++	      *name == '_' ||
++	      *name == '.')) {
  		return false;
  	}
  
@@ -39,13 +42,14 @@ diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chknam
 -		      ('_' == *name) ||
 -		      ('-' == *name) ||
 -		      ( ('$' == *name) && ('\0' == *(name + 1)) )
--		     )) {
-+                if (!(  (*name >= 'a' && *name <= 'z') ||
-+                        (*name >= 'A' && *name <= 'Z') ||
-+                        (*name >= '0' && *name <= '9') ||
-+                        (*name == '_') || (*name == '.') || (*name == '-') ||
-+                        (*name == '$' && *(name + 1) == '\0') 
-+                     )) {
++		if (!((*name >= 'a' && *name <= 'z') ||
++		      (*name >= 'A' && *name <= 'Z') ||
++		      (*name >= '0' && *name <= '9') ||
++		      *name == '_' ||
++		      *name == '.' ||
++		      *name == '-' ||
++		      (*name == '$' && name[1] == '\0')
+ 		     )) {
  			return false;
  		}
 +		numeric &= isdigit(*name);
@@ -56,10 +60,11 @@ diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chknam
  }
  
  bool is_valid_user_name (const char *name)
-diff -up shadow-4.1.5.1/man/groupadd.8.xml.goodname shadow-4.1.5.1/man/groupadd.8.xml
---- shadow-4.1.5.1/man/groupadd.8.xml.goodname	2012-05-25 13:45:27.000000000 +0200
-+++ shadow-4.1.5.1/man/groupadd.8.xml	2014-09-09 17:28:46.330300342 +0200
-@@ -259,12 +259,6 @@
+Index: shadow-4.5/man/groupadd.8.xml
+===================================================================
+--- shadow-4.5.orig/man/groupadd.8.xml
++++ shadow-4.5/man/groupadd.8.xml
+@@ -256,12 +256,6 @@
     <refsect1 id='caveats'>
       <title>CAVEATS</title>
       <para>
@@ -72,19 +77,11 @@ diff -up shadow-4.1.5.1/man/groupadd.8.xml.goodname shadow-4.1.5.1/man/groupadd.
         Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
       </para>
       <para>
-diff -up shadow-4.1.5.1/man/useradd.8.xml.goodname shadow-4.1.5.1/man/useradd.8.xml
---- shadow-4.1.5.1/man/useradd.8.xml.goodname	2012-05-25 13:45:29.000000000 +0200
-+++ shadow-4.1.5.1/man/useradd.8.xml	2014-09-09 17:28:46.330300342 +0200
-@@ -366,7 +366,7 @@
- 	</term>
- 	<listitem>
- 	  <para>
--	    Do no create the user's home directory, even if the system
-+	    Do not create the user's home directory, even if the system
- 	    wide setting from <filename>/etc/login.defs</filename>
- 	    (<option>CREATE_HOME</option>) is set to
- 	    <replaceable>yes</replaceable>.
-@@ -654,12 +654,6 @@
+Index: shadow-4.5/man/useradd.8.xml
+===================================================================
+--- shadow-4.5.orig/man/useradd.8.xml
++++ shadow-4.5/man/useradd.8.xml
+@@ -633,12 +633,6 @@
      </para>
  
      <para>

shadow-4.5-long-entry.patch

@@ -0,0 +1,84 @@
+diff -up shadow-4.5/lib/defines.h.long-entry shadow-4.5/lib/defines.h
+--- shadow-4.5/lib/defines.h.long-entry	2014-09-01 16:36:40.000000000 +0200
++++ shadow-4.5/lib/defines.h	2018-04-20 11:53:07.419308212 +0200
+@@ -382,4 +382,7 @@ extern char *strerror ();
+ # endif
+ #endif
+ 
++/* Maximum length of passwd entry */
++#define PASSWD_ENTRY_MAX_LENGTH 32768
++
+ #endif				/* _DEFINES_H_ */
+diff -up shadow-4.5/lib/pwio.c.long-entry shadow-4.5/lib/pwio.c
+--- shadow-4.5/lib/pwio.c.long-entry	2015-11-17 17:45:15.000000000 +0100
++++ shadow-4.5/lib/pwio.c	2018-04-20 12:10:24.400837235 +0200
+@@ -79,7 +79,10 @@ static int passwd_put (const void *ent,
+ 	    || (pw->pw_gid == (gid_t)-1)
+ 	    || (valid_field (pw->pw_gecos, ":\n") == -1)
+ 	    || (valid_field (pw->pw_dir, ":\n") == -1)
+-	    || (valid_field (pw->pw_shell, ":\n") == -1)) {
++	    || (valid_field (pw->pw_shell, ":\n") == -1)
++	    || (strlen (pw->pw_name) + strlen (pw->pw_passwd) +
++	        strlen (pw->pw_gecos) + strlen (pw->pw_dir) +
++	        strlen (pw->pw_shell) + 100 > PASSWD_ENTRY_MAX_LENGTH)) {
+ 		return -1;
+ 	}
+ 
+diff -up shadow-4.5/lib/sgetpwent.c.long-entry shadow-4.5/lib/sgetpwent.c
+--- shadow-4.5/lib/sgetpwent.c.long-entry	2014-09-01 16:36:40.000000000 +0200
++++ shadow-4.5/lib/sgetpwent.c	2018-04-20 12:16:31.911513808 +0200
+@@ -57,7 +57,7 @@
+ struct passwd *sgetpwent (const char *buf)
+ {
+ 	static struct passwd pwent;
+-	static char pwdbuf[1024];
++	static char pwdbuf[PASSWD_ENTRY_MAX_LENGTH];
+ 	register int i;
+ 	register char *cp;
+ 	char *fields[NFIELDS];
+@@ -67,8 +67,10 @@ struct passwd *sgetpwent (const char *bu
+ 	 * the password structure remain valid.
+ 	 */
+ 
+-	if (strlen (buf) >= sizeof pwdbuf)
++	if (strlen (buf) >= sizeof pwdbuf) {
++		fprintf (stderr, "Too long passwd entry encountered, file corruption?\n");
+ 		return 0;	/* fail if too long */
++	}
+ 	strcpy (pwdbuf, buf);
+ 
+ 	/*
+diff -up shadow-4.5/lib/sgetspent.c.long-entry shadow-4.5/lib/sgetspent.c
+--- shadow-4.5/lib/sgetspent.c.long-entry	2014-09-01 16:36:40.000000000 +0200
++++ shadow-4.5/lib/sgetspent.c	2018-04-20 12:16:54.505056257 +0200
+@@ -48,7 +48,7 @@
+  */
+ struct spwd *sgetspent (const char *string)
+ {
+-	static char spwbuf[1024];
++	static char spwbuf[PASSWD_ENTRY_MAX_LENGTH];
+ 	static struct spwd spwd;
+ 	char *fields[FIELDS];
+ 	char *cp;
+@@ -61,6 +61,7 @@ struct spwd *sgetspent (const char *stri
+ 	 */
+ 
+ 	if (strlen (string) >= sizeof spwbuf) {
++		fprintf (stderr, "Too long shadow entry encountered, file corruption?\n");
+ 		return 0;	/* fail if too long */
+ 	}
+ 	strcpy (spwbuf, string);
+diff -up shadow-4.5/lib/shadowio.c.long-entry shadow-4.5/lib/shadowio.c
+--- shadow-4.5/lib/shadowio.c.long-entry	2016-12-07 06:30:41.000000001 +0100
++++ shadow-4.5/lib/shadowio.c	2018-04-20 12:12:03.292171667 +0200
+@@ -79,7 +79,9 @@ static int shadow_put (const void *ent,
+ 
+ 	if (   (NULL == sp)
+ 	    || (valid_field (sp->sp_namp, ":\n") == -1)
+-	    || (valid_field (sp->sp_pwdp, ":\n") == -1)) {
++	    || (valid_field (sp->sp_pwdp, ":\n") == -1)
++	    || (strlen (sp->sp_namp) + strlen (sp->sp_pwdp) +
++	        1000 > PASSWD_ENTRY_MAX_LENGTH)) {
+ 		return -1;
+ 	}
+ 

shadow-4.5-usermod-unlock.patch

@@ -1,6 +1,7 @@
-diff -up shadow-4.2.1/src/usermod.c.unlock shadow-4.2.1/src/usermod.c
---- shadow-4.2.1/src/usermod.c.unlock	2016-02-03 11:54:14.977664838 +0100
-+++ shadow-4.2.1/src/usermod.c	2016-02-09 11:52:08.244957222 +0100
+Index: shadow-4.5/src/usermod.c
+===================================================================
+--- shadow-4.5.orig/src/usermod.c
++++ shadow-4.5/src/usermod.c
 @@ -455,14 +455,17 @@ static char *new_pw_passwd (char *pw_pas
  		strcat (buf, pw_pass);
  		pw_pass = buf;
@@ -60,4 +61,4 @@ diff -up shadow-4.2.1/src/usermod.c.unlock shadow-4.2.1/src/usermod.c
 +		fail_exit(E_PW_UPDATE);
  
  	if (pflg) {
- 		spent->sp_lstchg = (long) time ((time_t *) 0) / SCALE;
+ 		spent->sp_lstchg = (long) gettime () / SCALE;

shadow-4.6-getenforce.patch

@@ -0,0 +1,21 @@
+diff -up shadow-4.6/lib/selinux.c.getenforce shadow-4.6/lib/selinux.c
+--- shadow-4.6/lib/selinux.c.getenforce	2018-05-28 15:10:15.870315221 +0200
++++ shadow-4.6/lib/selinux.c	2018-05-28 15:10:15.894315731 +0200
+@@ -75,7 +75,7 @@ int set_selinux_file_context (const char
+ 	}
+ 	return 0;
+     error:
+-	if (security_getenforce () != 0) {
++	if (security_getenforce () > 0) {
+ 		return 1;
+ 	}
+ 	return 0;
+@@ -95,7 +95,7 @@ int reset_selinux_file_context (void)
+ 		selinux_checked = true;
+ 	}
+ 	if (selinux_enabled) {
+-		if (setfscreatecon (NULL) != 0) {
++		if (setfscreatecon (NULL) != 0 && security_getenforce () > 0) {
+ 			return 1;
+ 		}
+ 	}

shadow-4.6-move-home.patch

@@ -0,0 +1,15 @@
+diff -up shadow-4.6/src/usermod.c.move-home shadow-4.6/src/usermod.c
+--- shadow-4.6/src/usermod.c.move-home	2018-05-28 14:59:05.594076665 +0200
++++ shadow-4.6/src/usermod.c	2018-05-28 15:00:28.479837392 +0200
+@@ -1845,6 +1845,11 @@ static void move_home (void)
+ 			         Prog, prefix_user_home, prefix_user_newhome);
+ 			fail_exit (E_HOMEDIR);
+ 		}
++	} else {
++		fprintf (stderr,
++		         _("%s: The previous home directory (%s) does "
++		           "not exist or is inaccessible. Move cannot be completed.\n"),
++		         Prog, prefix_user_home);
+ 	}
+ }
+ 

shadow-4.6-orig-context.patch

@@ -1,7 +1,7 @@
-diff -up shadow-4.1.5.1/lib/commonio.c.orig-context shadow-4.1.5.1/lib/commonio.c
---- shadow-4.1.5.1/lib/commonio.c.orig-context	2012-09-19 20:27:16.000000000 +0200
-+++ shadow-4.1.5.1/lib/commonio.c	2013-02-20 15:20:55.064962324 +0100
-@@ -941,7 +941,7 @@ int commonio_close (struct commonio_db *
+diff -up shadow-4.6/lib/commonio.c.orig-context shadow-4.6/lib/commonio.c
+--- shadow-4.6/lib/commonio.c.orig-context	2018-04-29 18:42:37.000000000 +0200
++++ shadow-4.6/lib/commonio.c	2018-05-28 14:56:37.287929667 +0200
+@@ -961,7 +961,7 @@ int commonio_close (struct commonio_db *
  		snprintf (buf, sizeof buf, "%s-", db->filename);
  
  #ifdef WITH_SELINUX
@@ -10,7 +10,7 @@ diff -up shadow-4.1.5.1/lib/commonio.c.orig-context shadow-4.1.5.1/lib/commonio.
  			errors++;
  		}
  #endif
-@@ -975,7 +975,7 @@ int commonio_close (struct commonio_db *
+@@ -994,7 +994,7 @@ int commonio_close (struct commonio_db *
  	snprintf (buf, sizeof buf, "%s+", db->filename);
  
  #ifdef WITH_SELINUX
@@ -19,9 +19,9 @@ diff -up shadow-4.1.5.1/lib/commonio.c.orig-context shadow-4.1.5.1/lib/commonio.
  		errors++;
  	}
  #endif
-diff -up shadow-4.1.5.1/libmisc/copydir.c.orig-context shadow-4.1.5.1/libmisc/copydir.c
---- shadow-4.1.5.1/libmisc/copydir.c.orig-context	2012-02-13 20:16:32.000000000 +0100
-+++ shadow-4.1.5.1/libmisc/copydir.c	2013-02-20 15:19:01.495623232 +0100
+diff -up shadow-4.6/libmisc/copydir.c.orig-context shadow-4.6/libmisc/copydir.c
+--- shadow-4.6/libmisc/copydir.c.orig-context	2018-04-29 18:42:37.000000000 +0200
++++ shadow-4.6/libmisc/copydir.c	2018-05-28 14:56:37.287929667 +0200
 @@ -484,7 +484,7 @@ static int copy_dir (const char *src, co
  	 */
  
@@ -58,10 +58,10 @@ diff -up shadow-4.1.5.1/libmisc/copydir.c.orig-context shadow-4.1.5.1/libmisc/co
  		return -1;
  	}
  #endif				/* WITH_SELINUX */
-diff -up shadow-4.1.5.1/lib/prototypes.h.orig-context shadow-4.1.5.1/lib/prototypes.h
---- shadow-4.1.5.1/lib/prototypes.h.orig-context	2012-01-08 17:04:29.000000000 +0100
-+++ shadow-4.1.5.1/lib/prototypes.h	2013-02-20 15:24:17.251126575 +0100
-@@ -295,7 +295,7 @@ extern /*@observer@*/const char *crypt_m
+diff -up shadow-4.6/lib/prototypes.h.orig-context shadow-4.6/lib/prototypes.h
+--- shadow-4.6/lib/prototypes.h.orig-context	2018-04-29 18:42:37.000000000 +0200
++++ shadow-4.6/lib/prototypes.h	2018-05-28 14:56:37.287929667 +0200
+@@ -326,7 +326,7 @@ extern /*@observer@*/const char *crypt_m
  
  /* selinux.c */
  #ifdef WITH_SELINUX
@@ -70,9 +70,9 @@ diff -up shadow-4.1.5.1/lib/prototypes.h.orig-context shadow-4.1.5.1/lib/prototy
  extern int reset_selinux_file_context (void);
  #endif
  
-diff -up shadow-4.1.5.1/lib/selinux.c.orig-context shadow-4.1.5.1/lib/selinux.c
---- shadow-4.1.5.1/lib/selinux.c.orig-context	2012-01-08 17:35:44.000000000 +0100
-+++ shadow-4.1.5.1/lib/selinux.c	2013-02-20 15:16:40.383716877 +0100
+diff -up shadow-4.6/lib/selinux.c.orig-context shadow-4.6/lib/selinux.c
+--- shadow-4.6/lib/selinux.c.orig-context	2018-04-29 18:42:37.000000000 +0200
++++ shadow-4.6/lib/selinux.c	2018-05-28 14:56:37.287929667 +0200
 @@ -50,7 +50,7 @@ static bool selinux_enabled;
   *	Callers may have to Reset SELinux to create files with default
   *	contexts with reset_selinux_file_context
@@ -114,15 +114,15 @@ diff -up shadow-4.1.5.1/lib/selinux.c.orig-context shadow-4.1.5.1/lib/selinux.c
  }
  
  /*
-diff -up shadow-4.1.5.1/src/useradd.c.orig-context shadow-4.1.5.1/src/useradd.c
---- shadow-4.1.5.1/src/useradd.c.orig-context	2012-09-19 20:23:33.000000000 +0200
-+++ shadow-4.1.5.1/src/useradd.c	2013-02-20 15:19:31.221235459 +0100
-@@ -1759,7 +1759,7 @@ static void create_home (void)
+diff -up shadow-4.6/src/useradd.c.orig-context shadow-4.6/src/useradd.c
+--- shadow-4.6/src/useradd.c.orig-context	2018-05-28 14:56:37.288929688 +0200
++++ shadow-4.6/src/useradd.c	2018-05-28 14:58:02.242730903 +0200
+@@ -2020,7 +2020,7 @@ static void create_home (void)
  {
- 	if (access (user_home, F_OK) != 0) {
+ 	if (access (prefix_user_home, F_OK) != 0) {
  #ifdef WITH_SELINUX
--		if (set_selinux_file_context (user_home) != 0) {
-+		if (set_selinux_file_context (user_home, NULL) != 0) {
- 			fail_exit (E_HOMEDIR);
- 		}
- #endif
+-		if (set_selinux_file_context (prefix_user_home) != 0) {
++		if (set_selinux_file_context (prefix_user_home, NULL) != 0) {
+ 			fprintf (stderr,
+ 			         _("%s: cannot set SELinux context for home directory %s\n"),
+ 			         Prog, user_home);

shadow-4.6-redhat.patch

@@ -1,8 +1,7 @@
-diff -up shadow-4.1.5/man/useradd.8.redhat shadow-4.1.5/man/useradd.8
-diff -up shadow-4.1.5/src/useradd.c.redhat shadow-4.1.5/src/useradd.c
---- shadow-4.1.5/src/useradd.c.redhat	2011-12-09 23:23:15.000000000 +0100
-+++ shadow-4.1.5/src/useradd.c	2012-03-19 09:50:05.227588669 +0100
-@@ -93,7 +93,7 @@ const char *Prog;
+diff -up shadow-4.6/src/useradd.c.redhat shadow-4.6/src/useradd.c
+--- shadow-4.6/src/useradd.c.redhat	2018-04-29 18:42:37.000000000 +0200
++++ shadow-4.6/src/useradd.c	2018-05-28 13:37:16.695651258 +0200
+@@ -98,7 +98,7 @@ const char *Prog;
  static gid_t def_group = 100;
  static const char *def_gname = "other";
  static const char *def_home = "/home";
@@ -11,7 +10,7 @@ diff -up shadow-4.1.5/src/useradd.c.redhat shadow-4.1.5/src/useradd.c
  static const char *def_template = SKEL_DIR;
  static const char *def_create_mail_spool = "no";
  
-@@ -103,7 +103,7 @@ static const char *def_expire = "";
+@@ -108,7 +108,7 @@ static const char *def_expire = "";
  #define	VALID(s)	(strcspn (s, ":\n") == strlen (s))
  
  static const char *user_name = "";
@@ -20,19 +19,19 @@ diff -up shadow-4.1.5/src/useradd.c.redhat shadow-4.1.5/src/useradd.c
  static uid_t user_id;
  static gid_t user_gid;
  static const char *user_comment = "";
-@@ -1011,9 +1011,9 @@ static void process_flags (int argc, cha
+@@ -1114,9 +1114,9 @@ static void process_flags (int argc, cha
  		};
  		while ((c = getopt_long (argc, argv,
  #ifdef WITH_SELINUX
--		                         "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:",
-+		                         "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:s:u:UZ:",
+-		                         "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:UZ:",
++		                         "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:P:s:u:UZ:",
  #else				/* !WITH_SELINUX */
--		                         "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U",
-+		                         "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:s:u:U",
+-		                         "b:c:d:De:f:g:G:hk:K:lmMNop:rR:P:s:u:U",
++		                         "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:P:s:u:U",
  #endif				/* !WITH_SELINUX */
  		                         long_options, NULL)) != -1) {
  			switch (c) {
-@@ -1164,6 +1164,7 @@ static void process_flags (int argc, cha
+@@ -1267,6 +1267,7 @@ static void process_flags (int argc, cha
  			case 'M':
  				Mflg = true;
  				break;

shadow-4.6-selinux.patch

@@ -0,0 +1,115 @@
+diff -up shadow-4.6/lib/semanage.c.selinux shadow-4.6/lib/semanage.c
+--- shadow-4.6/lib/semanage.c.selinux	2018-04-29 18:42:37.000000000 +0200
++++ shadow-4.6/lib/semanage.c	2018-05-28 13:38:20.551008911 +0200
+@@ -294,6 +294,9 @@ int set_seuser (const char *login_name,
+ 
+ 	ret = 0;
+ 
++        /* drop obsolete matchpathcon cache */
++        matchpathcon_fini();
++
+ done:
+ 	semanage_seuser_key_free (key);
+ 	semanage_handle_destroy (handle);
+@@ -369,6 +372,10 @@ int del_seuser (const char *login_name)
+ 	}
+ 
+ 	ret = 0;
++
++        /* drop obsolete matchpathcon cache */
++        matchpathcon_fini();
++
+ done:
+ 	semanage_handle_destroy (handle);
+ 	return ret;
+diff -up shadow-4.6/src/useradd.c.selinux shadow-4.6/src/useradd.c
+--- shadow-4.6/src/useradd.c.selinux	2018-05-28 13:43:30.996748997 +0200
++++ shadow-4.6/src/useradd.c	2018-05-28 13:44:04.645486199 +0200
+@@ -2120,6 +2120,7 @@ static void create_mail (void)
+  */
+ int main (int argc, char **argv)
+ {
++	int rv = E_SUCCESS;
+ #ifdef ACCT_TOOLS_SETUID
+ #ifdef USE_PAM
+ 	pam_handle_t *pamh = NULL;
+@@ -2342,27 +2343,11 @@ int main (int argc, char **argv)
+ 
+ 	usr_update ();
+ 
+-	if (mflg) {
+-		create_home ();
+-		if (home_added) {
+-			copy_tree (def_template, prefix_user_home, false, false,
+-			           (uid_t)-1, user_id, (gid_t)-1, user_gid);
+-		} else {
+-			fprintf (stderr,
+-			         _("%s: warning: the home directory already exists.\n"
+-			           "Not copying any file from skel directory into it.\n"),
+-			         Prog);
+-		}
+-
+-	}
+-
+-	/* Do not create mail directory for system accounts */
+-	if (!rflg) {
+-		create_mail ();
+-	}
+-
+ 	close_files ();
+ 
++	nscd_flush_cache ("passwd");
++	nscd_flush_cache ("group");
++
+ 	/*
+ 	 * tallylog_reset needs to be able to lookup
+ 	 * a valid existing user name,
+@@ -2373,8 +2358,9 @@ int main (int argc, char **argv)
+ 	}
+ 
+ #ifdef WITH_SELINUX
+-	if (Zflg) {
+-		if (set_seuser (user_name, user_selinux) != 0) {
++	if (Zflg && *user_selinux) {
++		if (is_selinux_enabled () > 0) {
++		    if (set_seuser (user_name, user_selinux) != 0) {
+ 			fprintf (stderr,
+ 			         _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
+ 			         Prog, user_name, user_selinux);
+@@ -2383,14 +2369,31 @@ int main (int argc, char **argv)
+ 			              "adding SELinux user mapping",
+ 			              user_name, (unsigned int) user_id, 0);
+ #endif				/* WITH_AUDIT */
+-			fail_exit (E_SE_UPDATE);
++			rv = E_SE_UPDATE;
++		    }
+ 		}
+ 	}
+-#endif				/* WITH_SELINUX */
++#endif
+ 
+-	nscd_flush_cache ("passwd");
+-	nscd_flush_cache ("group");
++	if (mflg) {
++		create_home ();
++		if (home_added) {
++			copy_tree (def_template, prefix_user_home, false, true,
++			           (uid_t)-1, user_id, (gid_t)-1, user_gid);
++		} else {
++			fprintf (stderr,
++			         _("%s: warning: the home directory already exists.\n"
++			           "Not copying any file from skel directory into it.\n"),
++			         Prog);
++		}
++
++	}
++
++	/* Do not create mail directory for system accounts */
++	if (!rflg) {
++		create_mail ();
++	}
+ 
+-	return E_SUCCESS;
++	return rv;
+ }
+ 

shadow-4.6-usermod-crash.patch

@@ -0,0 +1,42 @@
+diff -up shadow-4.6/libmisc/prefix_flag.c.usermod-crash shadow-4.6/libmisc/prefix_flag.c
+--- shadow-4.6/libmisc/prefix_flag.c.usermod-crash	2018-04-29 18:42:37.000000000 +0200
++++ shadow-4.6/libmisc/prefix_flag.c	2018-05-28 15:14:10.642302440 +0200
+@@ -319,6 +319,7 @@ extern struct group *prefix_getgr_nam_gi
+ {
+ 	long long int gid;
+ 	char *endptr;
++	struct group *g;
+ 
+ 	if (NULL == grname) {
+ 		return NULL;
+@@ -333,7 +334,8 @@ extern struct group *prefix_getgr_nam_gi
+ 	    	&& (gid == (gid_t)gid)) {
+ 			return prefix_getgrgid ((gid_t) gid);
+ 		}
+-		return prefix_getgrnam (grname);
++		g = prefix_getgrnam (grname);
++		return g ? __gr_dup(g) : NULL;
+ 	}
+ 	else
+ 		return getgr_nam_gid(grname);
+diff -up shadow-4.6/src/usermod.c.usermod-crash shadow-4.6/src/usermod.c
+--- shadow-4.6/src/usermod.c.usermod-crash	2018-05-28 15:12:37.920332763 +0200
++++ shadow-4.6/src/usermod.c	2018-05-28 15:15:50.337422470 +0200
+@@ -1276,11 +1276,13 @@ static void process_flags (int argc, cha
+ 		prefix_user_home = xmalloc(len);
+ 		wlen = snprintf(prefix_user_home, len, "%s/%s", prefix, user_home);
+ 		assert (wlen == (int) len -1);
++		if (user_newhome) {
++			len = strlen(prefix) + strlen(user_newhome) + 2;
++			prefix_user_newhome = xmalloc(len);
++			wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
++			assert (wlen == (int) len -1);
++		}
+ 
+-		len = strlen(prefix) + strlen(user_newhome) + 2;
+-		prefix_user_newhome = xmalloc(len);
+-		wlen = snprintf(prefix_user_newhome, len, "%s/%s", prefix, user_newhome);
+-		assert (wlen == (int) len -1);
+ 	}
+ 	else {
+ 		prefix_user_home = user_home;

shadow-utils.spec

@@ -1,54 +1,55 @@
+# they warn against doing this ...
+%define _disable_source_fetch 0
+%define srcname shadow-utils
+
 Summary: Utilities for managing accounts and shadow password files
-Name: shadow-utils
-Version: 4.2.1
-Release: 8%{?dist}
+Name: %{srcname}46
+Version: 4.6
+Release: 2%{?dist}
 Epoch: 2
 URL: http://pkg-shadow.alioth.debian.org/
-Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz
-Source3: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.xz.sig
-Source1: shadow-utils.login.defs
+Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
+Source1: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz.asc
 Source2: shadow-utils.useradd
+Source3: shadow-utils.login.defs
 Source4: shadow-bsd.txt
 Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
-Patch0: shadow-4.1.5-redhat.patch
-Patch1: shadow-4.1.5.1-goodname.patch
+Patch0: shadow-4.6-redhat.patch
+Patch1: shadow-4.5-goodname.patch
 Patch2: shadow-4.1.5.1-info-parent-dir.patch
-Patch3: shadow-4.1.5-uflg.patch
-Patch6: shadow-4.1.5.1-selinux.patch
-Patch7: shadow-4.1.5-2ndskip.patch
-Patch8: shadow-4.1.5.1-backup-mode.patch
-Patch9: shadow-4.2.1-merge-group.patch
-Patch10: shadow-4.1.5.1-orig-context.patch
+Patch6: shadow-4.6-selinux.patch
+Patch10: shadow-4.6-orig-context.patch
 Patch11: shadow-4.1.5.1-logmsg.patch
-Patch12: shadow-4.1.5.1-errmsg.patch
-Patch13: shadow-4.1.5.1-audit-owner.patch
 Patch14: shadow-4.1.5.1-default-range.patch
-Patch15: shadow-4.2.1-manfix.patch
+Patch15: shadow-4.3.1-manfix.patch
 Patch17: shadow-4.1.5.1-userdel-helpfix.patch
-Patch18: shadow-4.1.5.1-id-alloc.patch
 Patch19: shadow-4.2.1-date-parsing.patch
-Patch20: shadow-4.1.5.1-ingroup.patch
-Patch21: shadow-4.1.5.1-move-home.patch
-Patch22: shadow-4.2.1-audit-update.patch
-Patch23: shadow-4.2.1-usermod-unlock.patch
+Patch21: shadow-4.6-move-home.patch
+Patch22: shadow-4.6-audit-update.patch
+Patch23: shadow-4.5-usermod-unlock.patch
 Patch24: shadow-4.2.1-no-lock-dos.patch
-Patch25: shadow-4.2.1-defs-chroot.patch
-Patch26: shadow-4.2.1-lastlog-unexpire.patch
-Patch27: shadow-4.2.1-user-busy.patch
+Patch28: shadow-4.3.1-selinux-perms.patch
+Patch29: shadow-4.2.1-null-tm.patch
+Patch31: shadow-4.6-getenforce.patch
+Patch32: shadow-4.5-crypt_h.patch
+Patch33: shadow-4.5-long-entry.patch
+Patch34: shadow-4.6-usermod-crash.patch
 
 License: BSD and GPLv2+
 Group: System Environment/Base
+BuildRequires: gcc
 BuildRequires: libselinux-devel >= 1.25.2-1
 BuildRequires: audit-libs-devel >= 1.6.5
 BuildRequires: libsemanage-devel
-BuildRequires: libacl-devel libattr-devel
-BuildRequires: bison flex gnome-doc-utils
-#BuildRequires: autoconf, automake, libtool, gettext-devel
+BuildRequires: libacl-devel, libattr-devel
+BuildRequires: bison, flex, gnome-doc-utils, docbook-style-xsl, docbook-dtds
+BuildRequires: autoconf, automake, libtool, gettext-devel
 Requires: libselinux >= 1.25.2-1
 Requires: audit-libs >= 1.6.5
 Requires: setup
 Requires(pre): coreutils
 Requires(post): coreutils
+Requires: %{name}-newxidmap = %{version}-%{release}
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 %description
@@ -63,50 +64,40 @@ for all users. The useradd, userdel, and usermod commands are used for
 managing user accounts. The groupadd, groupdel, and groupmod commands
 are used for managing group accounts.
 
+%package newxidmap
+Summary: only the newuidmapp and newgidmap from shadow-utils
+%description newxidmap
+%{summary}.
+
 %prep
 %setup -q -n shadow-%{version}
 %patch0 -p1 -b .redhat
 %patch1 -p1 -b .goodname
 %patch2 -p1 -b .info-parent-dir
-%patch3 -p1 -b .uflg
 %patch6 -p1 -b .selinux
-%patch7 -p1 -b .2ndskip
-%patch8 -p1 -b .backup-mode
-%patch9 -p1 -b .merge-group
 %patch10 -p1 -b .orig-context
 %patch11 -p1 -b .logmsg
-%patch12 -p1 -b .errmsg
-%patch13 -p1 -b .audit-owner
 %patch14 -p1 -b .default-range
 %patch15 -p1 -b .manfix
 %patch17 -p1 -b .userdel
-%patch18 -p1 -b .id-alloc
 %patch19 -p1 -b .date-parsing
-%patch20 -p1 -b .ingroup
 %patch21 -p1 -b .move-home
 %patch22 -p1 -b .audit-update
 %patch23 -p1 -b .unlock
 %patch24 -p1 -b .no-lock-dos
-%patch25 -p1 -b .defs-chroot
-%patch26 -p1 -b .unexpire
-%patch27 -p1 -b .user-busy
+%patch28 -p1 -b .selinux-perms
+%patch29 -p1 -b .null-tm
+%patch31 -p1 -b .getenforce
+%patch32 -p1 -b .crypt_h
+%patch33 -p1 -b .long-entry
+%patch34 -p1 -b .usermod-crash
 
 iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
 cp -f doc/HOWTO.utf8 doc/HOWTO
 
 cp -a %{SOURCE4} %{SOURCE5} .
 
-rm libmisc/getdate.c
-
-#rm po/*.gmo
-#rm po/stamp-po
-#aclocal
-#libtoolize --force
-#automake -a
-#autoconf
-
 %build
-
 %ifarch sparc64
 #sparc64 need big PIE
 export CFLAGS="$RPM_OPT_FLAGS -fPIE"
@@ -116,6 +107,11 @@ export CFLAGS="$RPM_OPT_FLAGS -fpie"
 export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
 %endif
 
+rm aclocal.m4
+aclocal
+libtoolize --force
+
+autoreconf
 %configure \
         --enable-shadowgrp \
         --enable-man \
@@ -126,18 +122,17 @@ export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
         --without-libpam \
         --disable-shared \
         --with-group-name-max-length=32
-make
+%make_build
 
 %install
 rm -rf $RPM_BUILD_ROOT
-make install DESTDIR=$RPM_BUILD_ROOT gnulocaledir=$RPM_BUILD_ROOT/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs
+%make_install gnulocaledir=$RPM_BUILD_ROOT/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs
 install -d -m 755 $RPM_BUILD_ROOT/%{_sysconfdir}/default
-install -p -c -m 0644 %{SOURCE1} $RPM_BUILD_ROOT/%{_sysconfdir}/login.defs
+install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/login.defs
 install -p -c -m 0600 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/default/useradd
 
 
 ln -s useradd $RPM_BUILD_ROOT%{_sbindir}/adduser
-#ln -s %{_mandir}/man8/useradd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/adduser.8
 ln -s useradd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/adduser.8
 for subdir in $RPM_BUILD_ROOT/%{_mandir}/{??,??_??,??_??.*}/man* ; do
         test -d $subdir && test -e $subdir/useradd.8 && echo ".so man8/useradd.8" > $subdir/adduser.8
@@ -156,7 +151,6 @@ rm $RPM_BUILD_ROOT/%{_sysconfdir}/login.access
 rm $RPM_BUILD_ROOT/%{_sysconfdir}/limits
 rm $RPM_BUILD_ROOT/%{_sbindir}/logoutd
 rm $RPM_BUILD_ROOT/%{_sbindir}/nologin
-rm $RPM_BUILD_ROOT/%{_sbindir}/chgpasswd
 rm $RPM_BUILD_ROOT/%{_mandir}/man1/chfn.*
 rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/chfn.*
 rm $RPM_BUILD_ROOT/%{_mandir}/man1/chsh.*
@@ -185,8 +179,6 @@ rm $RPM_BUILD_ROOT/%{_mandir}/man8/logoutd.*
 rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/logoutd.*
 rm $RPM_BUILD_ROOT/%{_mandir}/man8/nologin.*
 rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/nologin.*
-rm $RPM_BUILD_ROOT/%{_mandir}/man8/chgpasswd.*
-rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/chgpasswd.*
 rm $RPM_BUILD_ROOT/%{_mandir}/man3/getspnam.*
 rm $RPM_BUILD_ROOT/%{_mandir}/*/man3/getspnam.*
 rm $RPM_BUILD_ROOT/%{_mandir}/man5/faillog.*
@@ -204,11 +196,7 @@ for dir in $(ls -1d $RPM_BUILD_ROOT%{_mandir}/{??,??_??}) ; do
     echo "%%lang($lang) $dir/man*/*" >> shadow.lang
 done
 
-%clean
-rm -rf $RPM_BUILD_ROOT
-
 %files -f shadow.lang
-%defattr(-,root,root)
 %doc NEWS doc/HOWTO README
 %{!?_licensedir:%global license %%doc}
 %license gpl-2.0.txt shadow-bsd.txt
@@ -219,8 +207,6 @@ rm -rf $RPM_BUILD_ROOT
 %attr(4755,root,root) %{_bindir}/gpasswd
 %{_bindir}/lastlog
 %attr(4755,root,root) %{_bindir}/newgrp
-%attr(4755,root,root) %{_bindir}/newgidmap
-%attr(4755,root,root) %{_bindir}/newuidmap
 %{_sbindir}/adduser
 %attr(0755,root,root)   %{_sbindir}/user*
 %attr(0755,root,root)   %{_sbindir}/group*
@@ -228,6 +214,7 @@ rm -rf $RPM_BUILD_ROOT
 %{_sbindir}/pwck
 %{_sbindir}/*conv
 %{_sbindir}/chpasswd
+%{_sbindir}/chgpasswd
 %{_sbindir}/newusers
 %{_sbindir}/vipw
 %{_sbindir}/vigr
@@ -235,8 +222,6 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/gpasswd.1*
 %{_mandir}/man1/sg.1*
 %{_mandir}/man1/newgrp.1*
-%{_mandir}/man1/newgidmap.1*
-%{_mandir}/man1/newuidmap.1*
 %{_mandir}/man3/shadow.3*
 %{_mandir}/man5/shadow.5*
 %{_mandir}/man5/login.defs.5*
@@ -249,13 +234,80 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man8/pwck.8*
 %{_mandir}/man8/grpck.8*
 %{_mandir}/man8/chpasswd.8*
+%{_mandir}/man8/chgpasswd.8*
 %{_mandir}/man8/newusers.8*
 %{_mandir}/man8/*conv.8*
 %{_mandir}/man8/lastlog.8*
 %{_mandir}/man8/vipw.8*
 %{_mandir}/man8/vigr.8*
 
+%files newxidmap
+%attr(4755,root,root) %{_bindir}/newgidmap
+%attr(4755,root,root) %{_bindir}/newuidmap
+%{_mandir}/man1/newgidmap.1*
+%{_mandir}/man1/newuidmap.1*
+
 %changelog
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Mon May 28 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.6-1
+- update to current upstream release 4.6
+
+* Fri Apr 20 2018 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-10
+- Raise limit for passwd and shadow entry length but also prevent
+  writing longer entries (#1422497)
+
+* Tue Feb 06 2018 Björn Esser <besser82@fedoraproject.org> - 2:4.5-9
+- Add patch to include crypt.h, if present
+- Use %%make_{build,install} macros
+- Refresh other patches for proper alignment
+
+* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 2:4.5-8
+- Rebuilt for switch to libxcrypt
+
+* Mon Nov  6 2017 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-7
+- fix regression caused by the userdel-chroot patch (#1509978)
+
+* Thu Nov  2 2017 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-6
+- fix userdel in chroot (#1316168)
+- add useful chage -E example to chage manpage
+
+* Fri Sep 15 2017 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-5
+- do not allow "." and ".." user names
+
+* Mon Aug 14 2017 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-4
+- allow switching to secondary group without checking the membership
+  explicitly (patch from upstream)
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Fri Jul 21 2017 Tomáš Mráz <tmraz@redhat.com> - 2:4.5-1
+- update to current upstream release 4.5
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2:4.3.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Thu Aug 25 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.3.1-2
+- fix regression in useradd - not processing defaults properly (#1369979)
+
+* Tue Aug 23 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.3.1-1
+- new upstream release fixing low impact security issue
+
+* Tue Jun 14 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-11
+- guard for localtime() and gmtime() failure
+
+* Mon May 30 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-10
+- chpasswd, chgpasswd: open audit when starting
+
+* Thu May 26 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-9
+- chgpasswd: do not remove it
+- chpasswd, chgpasswd: add selinux_check_access call (#1336902)
+
 * Thu Mar 17 2016 Tomáš Mráz <tmraz@redhat.com> - 2:4.2.1-8
 - userdel: fix userdel -f with /etc/subuid present (#1316168)
 

sources

@@ -1,2 +0,0 @@
-2bfafe7d4962682d31b5eba65dba4fc8  shadow-4.2.1.tar.xz
-6752051fb07fc4be58c3d7b929bf2341  shadow-4.2.1.tar.xz.sig

sources.bak

@@ -0,0 +1,2 @@
+SHA512 (shadow-4.6.tar.xz) = e8eee52c649d9973f724bc2d5aeee71fa2e6a2e41ec3487cd6cf6d47af70c32e0cdf304df29b32eae2b6eb6f9066866b5f2c891add0ec87ba583bea3207b3631
+SHA512 (shadow-4.6.tar.xz.asc) = 8728bff5544db6ea123f758cce5bd5c2d346489570c33092e4e97db35c274d7aba01580018f120e4ad80b8f79cfe296a33bccbe9bf68df51bf9b2004c6bfffed

tests/sanity/Makefile

@@ -0,0 +1,77 @@
+# Copyright (c) 2006 Red Hat, Inc. All rights reserved. This copyrighted material 
+# is made available to anyone wishing to use, modify, copy, or
+# redistribute it subject to the terms and conditions of the GNU General
+# Public License v.2.
+#
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE. See the GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+#
+# Author: Jakub Hrozek
+
+#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
+# Example Makefile for RHTS                                          #
+# This example is geared towards a test for a specific package       #
+# It does most of the work for you, but may require further coding   #
+#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
+
+# The toplevel namespace within which the test lives.
+TOPLEVEL_NAMESPACE=CoreOS
+
+# The name of the package under test:
+PACKAGE_NAME=shadow-utils
+
+# The path of the test below the package:
+RELATIVE_PATH=sanity
+
+# Version of the Test. Used with make tag.
+export TESTVERSION=1.1
+
+# The combined namespace of the test.
+export TEST=/$(TOPLEVEL_NAMESPACE)/$(PACKAGE_NAME)/$(RELATIVE_PATH)
+
+# A phony target is one that is not really the name of a file.
+# It is just a name for some commands to be executed when you
+# make an explicit request. There are two reasons to use a
+# phony target: to avoid a conflict with a file of the same
+# name, and to improve performance.
+.PHONY: all install download clean
+
+# Executables to be built should be added here, they will be generated on the system under test.
+BUILT_FILES= 
+
+# Data files, .c files, scripts anything needed to either compile the test and/or run it.
+FILES=$(METADATA) Makefile PURPOSE sanity_test.py runtest.sh
+
+run: $(FILES) build
+	./runtest.sh
+
+build: $(BUILT_FILES)
+	chmod a+x ./sanity_test.py
+	chmod a+x ./runtest.sh
+
+clean:
+	rm -f *~ *.rpm $(BUILT_FILES)
+
+# Include Common Makefile
+include /usr/share/rhts/lib/rhts-make.include
+
+# Generate the testinfo.desc here:
+$(METADATA): Makefile
+	@touch $(METADATA)
+	@echo "Owner:        Jakub Hrozek <jhrozek@redhat.com>" > $(METADATA)
+	@echo "Name:         $(TEST)" >> $(METADATA)
+	@echo "Path:         $(TEST_DIR)" >> $(METADATA)
+	@echo "TestVersion:  $(TESTVERSION)" >> $(METADATA)
+	@echo "License:      GNU GPL" >> $(METADATA)
+	@echo "Description:  Basic sanity test for shadow-utils" >> $(METADATA)
+	@echo "TestTime:     5m" >> $(METADATA)
+	@echo "RunFor:       $(PACKAGE_NAME)" >> $(METADATA)
+	@echo "Requires:     $(PACKAGE_NAME)" >> $(METADATA)
+	@echo "Requires:     python" >> $(METADATA)
+	rhts-lint $(METADATA)
+

tests/sanity/PURPOSE

@@ -0,0 +1,10 @@
+This is a basic sanity test for the shadow-utils package. It is implemented
+in python on top of the unittesting.py module.
+
+Its purpose is to ensure that the binaries in the shadow-utils package behave
+as expected and its switches/options work correctly.
+
+For the most part, every binary in the shadow-utils package is represented by
+a single class named Test<BinaryName>, i.e. TestUsermod etc. There are some 
+exceptions, like TestUseraddWeirdNameTest though.
+

tests/sanity/runtest.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+. /usr/bin/rhts-environment.sh
+. /usr/share/beakerlib/beakerlib.sh || exit 1
+
+rlJournalStart
+rlFileBackup --clean /etc/default/useradd- /etc/default/useradd
+setenforce 0
+python sanity_test.py -v
+setenforce 1
+rlFileRestore
+
+EXIT=$?
+if [[ $EXIT -eq 0 ]]; then
+    RESULT="PASS"
+else
+    RESULT="FAIL"
+fi
+
+
+rlJournalEnd
+
+echo "Result: $RESULT"
+echo "Exit: $EXIT"
+report_result $TEST $RESULT $EXIT

tests/tests.yml

@@ -0,0 +1,13 @@
+---
+# This first play always runs on the local staging system
+- hosts: localhost
+  roles:
+  - role: standard-test-beakerlib
+    tags:
+    - classic
+    - atomic
+    tests:
+    - sanity
+    required_packages:
+    - shadow-utils     # sanity test needs shadow-utils
+    - python           # sanity test needs python