Tags give the ability to mark specific points in history as being important
-
4.19.4
protected115f7aa4 · ·shadow-4.19.4 - shadow-4.19.4: Regression fixes: - Build with GCC 10 and older. - shadow-4.19.3: Regression fixes: - chpasswd(8): - Don't reject hashes containing backslashes or 'n' characters (affected SHA-256, SHA-512, MD5). - shadow-4.19.2: Regression fixes: - usermod(8): - Revert an incorrect commit. See <https://github.com/shadow-maint/shadow/issues/1509> and <https://github.com/shadow-maint/shadow/pull/1510>. - shadow-4.19.1: Regression fixes: - chpasswd(8): - Don't reject leading '!' in password hashes or a hash consisting of "*". These were accidentally rejected in 4.19.0. See <https://github.com/shadow-maint/shadow/issues/1483> and <https://github.com/shadow-maint/shadow/pull/1486>. - Accept a passwordless account ("" or "!"). See <https://github.com/shadow-maint/shadow/issues/1483#issuecomment-3757398138> and <https://github.com/shadow-maint/shadow/pull/1505>. Closes: <https://github.com/shadow-maint/shadow/issues/1561> Signed-off-by: Alejandro Colomar <alx@kernel.org> -
4.19.3
protected64b4c10c · ·shadow-4.19.3 - shadow-4.19.3: Regression fixes: - chpasswd(8): - Don't reject hashes containing backslashes or 'n' characters (affected SHA-256, SHA-512, MD5). - shadow-4.19.2: Regression fixes: - usermod(8): - Revert an incorrect commit. See <https://github.com/shadow-maint/shadow/issues/1509> and <https://github.com/shadow-maint/shadow/pull/1510>. - shadow-4.19.1: Regression fixes: - chpasswd(8): - Don't reject leading '!' in password hashes or a hash consisting of "*". These were accidentally rejected in 4.19.0. See <https://github.com/shadow-maint/shadow/issues/1483> and <https://github.com/shadow-maint/shadow/pull/1486>. - Accept a passwordless account ("" or "!"). See <https://github.com/shadow-maint/shadow/issues/1483#issuecomment-3757398138> and <https://github.com/shadow-maint/shadow/pull/1505>. Closes: <https://github.com/shadow-maint/shadow/issues/1521> Signed-off-by: Alejandro Colomar <alx@kernel.org> -
4.19.2
protecteda7eca271 · ·shadow-4.19.2 Regression fixes: - usermod(8): - Revert an incorrect commit. See <https://github.com/shadow-maint/shadow/issues/1509> and <https://github.com/shadow-maint/shadow/pull/1510>. -
4.19.1
protected167a6b7a · ·shadow-4.19.1 Regression fixes: - chpasswd(8): - Don't reject leading '!' in password hashes or a hash consisting of "*". These were accidentally rejected in 4.19.0. See <https://github.com/shadow-maint/shadow/issues/1483> and <https://github.com/shadow-maint/shadow/pull/1486>. - Accept a passwordless account ("" or "!"). See <https://github.com/shadow-maint/shadow/issues/1483#issuecomment-3757398138> and <https://github.com/shadow-maint/shadow/pull/1505>. Closes: <https://github.com/shadow-maint/shadow/issues/1487> Signed-off-by: Alejandro Colomar <alx@kernel.org> -
4.19.0
protectedd7ce7e86 · ·Release 4.19.0 Breaking changes: - Remove support for escaped newlines in configuration files. It never worked correctly. b0a7ce58b924 (2025-12-05; "lib/, po/: Remove fgetsx() and fputsx()") - Some user names and group names are too dangerous and are rejected, even with --badname. 25aea7422615 (2025-12-25; "lib/chkname.c, src/: Strictly disallow really bad names") Future breaking changes: - SHA512 and SHA256 will be supported unconditionally in the next release. The build-time flag '--with-sha-crypt' will be removed. See <https://github.com/shadow-maint/shadow/pull/1452>. Support: - Several years ago, there were talks about deprecating su(1) and login(1), back when this project was maintained as part of Debian. However, nothing was clearly stated, and there were doubts about the status of these programs. Let's clarify them now. Our implementations of su(1) and login(1) are fully supported, and we don't have any plans to remove them. They are NOT deprecated. See <https://github.com/shadow-maint/shadow/issues/464>. Deprecations: - groupmems(8) The program will be removed in a future release. See <https://github.com/shadow-maint/shadow/issues/1343>. - logoutd(8) The program will be removed in the next release. See <https://github.com/shadow-maint/shadow/issues/999>, and <https://github.com/shadow-maint/shadow/pull/1344>. - DES This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <https://github.com/shadow-maint/shadow/pull/1456> - MD5 This hashing algorithm has been deprecated for a long time, and support for it will be removed in a future release. See <https://github.com/shadow-maint/shadow/pull/1457> - login.defs(5): MD_CRYPT_ENAB This feature had been deprecated for decades. It will be removed in a future release. The command-line equivalents (-m, --md5) of this feature in chpasswd(8) and chgpasswd(8) will also be removed in a future release. See <https://github.com/shadow-maint/shadow/pull/1455>. - login.defs(5): PASS_MAX_LEN This feature is ignored except for DES. Once DES is removed, it makes no sense keeping it. It may be removed in a future release. - Password aging Scientific research shows that periodic password expiration leads to predictable password patterns, and that even in a theoretical scenario where that wouldn't happen the gains in security are mathematically negligible. <https://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf> Modern security standards, such as NIST SP 800-63B-4 in the USA, prohibit periodic password expiration. <https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver> <https://pages.nist.gov/800-63-FAQ/#q-b05> <https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry> To align with these, we're deprecating the ability to periodically expire passwords. The specifics and long-term roadmap are currently being discussed, and we invite feedback from users, particularly from those in regulated environments. See <https://github.com/shadow-maint/shadow/pull/1432>. This deprecation includes the following programs and features: expiry(1) chage(1): -I,--inactive (also the interactive version) -m,--mindays (also the interactive version) -M,--maxdays (also the interactive version) -W,--warndays (also the interactive version) passwd(1): -k,--keep-tokens -n,--mindays -x,--maxdays -i,--inactive -w,--warndays useradd(8): -f,--inactive usermod(8): -f,--inactive login.defs(5): PASS_MIN_DAYS PASS_MAX_DAYS PASS_WARN_AGE /etc/default/useradd: INACTIVE shadow(5): sp_lstchg: Restrict to just the values 0 and empty. sp_min sp_max sp_warn sp_inact We recognize that many users operate in environments with regulatory or contractual requirements that still mandate password aging. To minimize disruption, these features will remain functional for a significant period. However, we encourage administrators to review their internal policies, talk to their regulators if appropriate, and participate in the roadmap discussion linked above. -
4.19.0-rc1
protected5a5b776b · ·4.19.0-rc1 (herve) Changelog: Alejandro Colomar (140): tests/unit/test_xaprintf.c: Fix test by using streq() instead of strcmp(3) lib/shadow/grp/: agetgroups(): Fix possible buffer overrun on non-Linux systems src/vipw.c: usage(): Print everything to the same stream lib/, src/: Use printf(3) instead of its pattern src/groupmod.c: --help: wfix lib/, src/: Reorder while() conditions for safety lib/agetpass.c: Pass "" instead of NULL as an ignored prompt src/chfn.c: Do not allow the 'slop' fields to appear before any non-slop gecos fields src/chfn.c: Use strsep(3) and strcpy(3) instead of its pattern src/chfn.c: Write an empty string if there's nothing in the GECOS field src/chfn.c: slop: Reduce buffer size src/chfn.c: Simplify checking for a long GECOS field src/chfn.c: Use stpeprintf() to improve readability lib/utmp.c: get_session_host(): Fix memory leak lib/subordinateio.c: list_owner_ranges(): Fix duplicate range when username matches ID src/su.c: Fix incorrect (non-matching) parentheses configure.ac, lib/, src/: Use _PATH_LASTLOG from <paths.h> configure.ac, lib/: Use _PATH_WTMP from <paths.h> lib/, src/: Use consistent style using strchr(3) in conditionals lib/string/README: Add guidelines for using strings lib/shadow/, lib/: putsgent(): Move to separate file lib/shadow/, lib/: gshadow: Move to separate file and rename lib/shadow/, lib/, src/: endsgent(): Move to separate file lib/shadow/, lib/, src/: Use _PATH_GSHADOW from <paths.h> lib/shadow/, lib/: setsgent(): Move to separate file lib/shadow/, lib/, src/: struct sgrp: Move to separate file lib/shadow/, lib/: fgetsgent(): Move to separate file lib/shadow/, lib/: sgetsgent(): Move to separate file lib/shadow/, lib/, src/: getsgnam(): Move to separate file lib/shadow/, lib/: getsgent(): Move to separate file lib/: GSHADOW: Remove unused macro lib/shadow/, lib/, po/: sgetgrent(): Move to under lib/shadow/group/ lib/shadow/, lib/, po/: sgetpwent(): Move to under lib/shadow/passwd/ lib/shadow/, lib/, po/: sgetspent(): Move to under lib/shadow/shadow/ lib/: Use libc _FILE_SHADOW from <paths.h> src/usermod.c: Remove 'no changes' informative output src/usermod.c: Remove optimizations lib/commonio.[ch]: struct commonio_ops: Add prefix 'cio_' to structure members lib/, src/: Use strncmp(3) instead of explicit byte comparisons lib/attr.h: __has_c_attribute(): Define fallback lib/attr.h: ATTR_NONSTRING: Add attribute [[gnu::nonstring]] lib/string/strcmp/: strneq(), STRNEQ(): Add APIs lib/, src/: Use STRNEQ() instead of their pattern lib/: exit_if_null(): Add macro to exit(3) on error lib/string/strdup/: xstrdup(): Reimplement xstrdup() in terms of exit_if_null() lib/alloc/x/: X*ALLOC(): Reimplement in terms of exit_if_null() lib/string/sprintf/, tests/: xaprintf(): Reimplement in terms of exit_if_null() lib/string/strdup/: XSTRNDUP(): Reimplement in terms of exit_if_null() lib/string/strdup/xstrndup.h: Add STRNDUP() lib/string/strtok/: xastrsep2ls() Reimplement in terms of exit_if_null() lib/, src/, tests/: Move x*() definitions to non-x* header files lib/utmp.c: is_my_tty(): Don't cache ttyname(3). lib/utmp.c: is_my_tty(): Rename local variable lib/utmp.c: is_my_tty(): Use ttyname_r(3) to make it re-entrant lib/utmp.c: ttyname_ra(): Add macro lib/getdef.h: Add missing includes lib/string/: strerrno(): Add macro lib/, src/: Use strerrno() instead of its pattern src/useradd.c: Remove unused variable src/gpasswd.c: Remove unused parameter $1 of check_perms() lib/copydir.c: Remove unused parameter $3 of copy_symlink() lib/copydir.c: Remove unused parameter $2 of copy_hardlink() lib/: Remove unused parameter $3 of password_check() and propagate lib/obscure.c: Remove unused parameter $1 of palindrome() lib/, src/: Remove unused parameter $3 of passwd_check() lib/defines.h: NGROUPS_MAX: Remove unused macro lib/defines.h: LOG_NOWAIT: Remove unused macro lib/, src/: Remove unused parameter $2 of audit_logger() tests/unit/: Use more generic strings and names for testing exit_if_null() tests/unit/test_exit_if_null.c: Test through XMALLOC() instead of xaprintf() lib/typetraits.h: QChar_of(): Add macro lib/atoi/: a2i(): Re-implement with a statement expression lib/atoi/, */: Move all a2i() macros to the same file lib/atoi/, */: Move all str2i() macros together with a2i() lib/attr.h: MAYBE_UNUSED: Implement with [[maybe_unused]] lib/attr.h: NORETURN: Implement with [[noreturn]] lib/attr.h: format_attr(): Use it also with Clang lib/attr.h: ATTR_ACCESS(): Use it also with Clang lib/attr.h: ATTR_ALLOC_SIZE(): Use it also with Clang lib/attr.h: ATTR_STRING(): Use it also with Clang src/: usage(): Use [[noreturn]] */: s/READLINKNUL/readlinknul_a/ */: s/SIZEOF_ARRAY/sizeof_a/ */: s/STRNDUPA/strndupa_a/ */: s/STRNDUP/strndup_a/ s/XSTRNDUP/xstrndup_a/ */: s/SNPRINTF/stprintf_a/ */: s/STRNCAT/strncat_a/ */: s/STRNCPY/strncpy_a/ */: s/STRTCPY/strtcpy_a/ */: s/MEMZERO/memzero_a/ */: s/STRFTIME/strftime_a/ */: s/STRSEP2LS/strsep2ls_a/ */: s/STRSEP2ARR/strsep2arr_a/ */: s/DAY_TO_STR/day_to_str_a/ */: s/STRNEQ/strneq_a/ lib/string/README: Document *_a() macros lib/string/: strerrno(): Use statement expression to perform lvalue conversion lib/, src/: Consistently use sizeof() as if it were a function lib/, src/: Remove useless casts in fgets(3) lib/, src/: Consistently use NULL with fgets(3) tests/unit/test_xaprintf.c: Use assert_string_equal() tests/unit/: Unname unused parameters in callbacks lib/subordinateio.c: Use REALLOCF() instead of its pattern lib/subordinateio.c: append_range(): Use reallocf(3)-like calling conventions lib/: Use simple assignment instead of memcpy(3) configure.ac, Makefile.am: Propagate ./configure flags to 'distcheck' src/usermod.c: $user_newhome: Remove all trailing '/'s lib/string/strspn/: Add missing const autogen.sh: CFLAGS: Promote -Wdiscarded-qualifiers to an error src/: Fix uninitialized flags, and use const appropriately lib/: Use a consistent name for macro arguments representing a type name lib/search/, lib/, src/: Add a type parameter to the type-safe macros lib/search/: Simplify CMP() lib/search/: Split APIs lib/sizeof.h: typeas(): Add macro lib/{alloc,search}/: Use typeas() to add support for arbitrary types src/: Unname unused parameter of main() lib/, src/ tests/: Unname unused parameters in callbacks lib/logind.c: Unname unused function parameter lib/, src/: Add [[gnu::unused]] to parameters used in conditionally-compiled code lib/prefix_flag.c: Add [[gnu::unused]] to variable used in conditionally-compiled code autogen.sh: CFLAGS: Promose some -Wunused-* to an error lib/sssd.h: sssd_flush_cache(): Define as static inline function lib/search/: Use (void)0 within _Generic(3) to avoid -Wunused-value diagnostics lib/, po/: Remove fgetsx() and fputsx() lib/: Use getline(3) instead of its pattern lib/gshadow.c: fgetsgent(): Don't use static variables lib/alloc/: reallocarray[f]_(): Add helper macros to handle n?:1 lib/: Use compound literals to avoid casts lib/alloc/: REALLOC[F](): Move _Generic(3) to separate line lib/, src/: Rename REALLOCF() => reallocf_T() lib/: Rename REALLOC() => realloc_T() lib/: Rename XREALLOC() => xrealloc_T() lib/: Rename MALLOC() => malloc_T() lib/: Rename XMALLOC() => xmalloc_T() lib/: Rename CALLOC() => calloc_T() lib/: Rename XCALLOC() => xcalloc_T() lib/search/: lsearch_T(): Don't return anything lib/tcbfuncs.c: rmdir_leading(): Constify input lib/tcbfuncs.c: rmdir_leading(): Create string just once Alexey Tikhonov (2): Make sure 'sss_cache' can get both 'U' and 'G' args pwck/grpck: only force nscd/sssd caches flush if anything was changed Anders Blomdell (2): Factor out 'want_sub[ug]ids' and rename to 'want_sub[ug]id_file' When using nss-module, avoid using '/etc/sub[ug]id' Antonio Terceiro (1): newusers: allow not passing a password Evgeny Grin (Karlson2k) (27): lib/utmp.c: check parent PID too when looking for utmp entry */: Fix including <config.h> as system header lib/utmp.c: Fixed generated strings for "ut_id" lib/utmp.c: Align generated "ut_id" with modern software lib/utmp.c: Refactoring for readability lib/utmp.c: Additional refactoring for readability lib/, src/: Fix utmp update: use initial PID src/login.c: Fix checking whether 'login' is started as 'init' configure: Remove duplicated check and unused Makefile substitution configure: Fix incorrect use of AM_CONDITIONAL configure: Unify M4 quoting configure: Move AC_ARG_ENABLE. It cannot be conditional. configure: Fix quoting of the "#" symbol Makefile.am: Fix libtool warning configure: Move helper files to 'build-aux/' configure: Unify checks for variable values configure: Fix outdated and non-portable 'test' syntax configure: Print configuration summary to the log (in addtion to stdout) configure: Document --enable-logind behaviour correctly configure.ac: Add check for value given for --enable-logind configure.ac: Improve formatting for libsystemd check configure.ac: Make sure that logind is enabled if requested, make --enable-logind default configure.ac: cosmetics - unified check for $enable_logind value lib/utmp.c: Fix umtp entry search lib/utmp.c: Fix use of last utmp entry instead of patrial-match entry lib/utmp.c: Add ATTR_MALLOC(free) attribute lib/utmp.c: Add explicit include <stdlib.h> for free() and other functions Frans Spiesschaert (1): po/nl.po: Update Georg Pfuetzenreuter (2): man/chsh: remove duplicate paragraph man/chsh: deduplicate shells text Iker Pedrosa (78): share/ansible/: fix Debian 13 build tests/system/pyproject.toml: add mypy rules tests/system/framework/: fix Python linter issues tests/system/tests/: fix Python linter issues .github/workflows/static-code-analysis.yml: add Python linters lib/: add SELinux control flag in commonio_close() lib/, src/: add SELinux control flag in pw_close() lib/, src/: add SELinux control flag in spw_close() lib/, src/: add SELinux control flag in gr_close() lib/, src/: add SELinux control flag in sgr_close() lib/, src/: add SELinux control flag in sub_uid_close() lib/, src/: add SELinux control flag in sub_gid_close() lib/: add SELinux control flag in commonio_unlock() lib/, src/: add SELinux control flag in pw_unlock() lib/, src/: add SELinux control flag in spw_unlock() lib/, src/: add SELinux control flag in gr_unlock() lib/, src/: add SELinux control flag in sgr_unlock() src/vipw.c: add SELinux control flag in unlock lib/, src/: add SELinux control flag in sub_uid_unlock() lib/, src/: add SELinux control flag in sub_gid_unlock() src/useradd.c: chroot or prefix SELinux file context src/useradd.c: SELinux file context for home and mail src/useradd.c: SELinux file context for fail_exit() src/usermod.c: chroot or prefix SELinux file context src/usermod.c: SELinux file context for fail_exit() src/userdel.c: replace global variable by flags structure src/userdel.c: chroot or prefix SELinux file context src/userdel.c: SELinux file context for fail_exit() src/newusers.c: chroot or prefix SELinux file context src/newusers.c: SELinux file context for fail_exit() lib/: add SELinux control flag in cleanup_unlock_*() src/groupadd.c: chroot or prefix SELinux file context src/groupmod.c: chroot or prefix SELinux file context src/groupdel.c: chroot or prefix SELinux file context src/chgpasswd.c: chroot or prefix SELinux file context src/chgpasswd.c: SELinux file context for fail_exit() src/groupmems.c: chroot or prefix SELinux file context src/groupmems.c: SELinux file context for fail_exit() src/grpck.c: chroot or prefix SELinux file context src/grpck.c: SELinux file context for fail_exit() src/grpconv.c: chroot or prefix SELinux file context src/grpconv.c: SELinux file context for fail_exit() src/grpunconv.c: chroot or prefix SELinux file context src/grpunconv.c: SELinux file context for fail_exit() src/chage.c: chroot or prefix SELinux file context src/chage.c: SELinux file context for fail_exit() src/chfn.c: chroot or prefix SELinux file context src/chfn.c: SELinux file context for fail_exit() src/chpasswd.c: chroot or prefix SELinux file context src/chpasswd.c: SELinux file context for fail_exit() src/chsh.c: chroot or prefix SELinux file context src/chsh.c: SELinux file context for fail_exit() src/passwd.c: chroot or prefix SELinux file context src/passwd.c: SELinux file context for fail_exit() src/pwck.c: chroot or prefix SELinux file context src/pwck.c: SELinux file context for fail_exit() src/pwconv.c: chroot or prefix SELinux file context src/pwconv.c: SELinux file context for fail_exit() src/pwunconv.c: chroot or prefix SELinux file context src/pwunconv.c: SELinux file context for fail_exit() src/gpasswd.c: chroot or prefix SELinux file context man/: update `--root` flag with no SELinux support doc/contributions/tests.md: add Python system tests doc/contributions/build_install.md: container troubleshooting doc/contributions/ci.md: document system tests doc/contributions/coding_style.md: Python code useradd: fix uninitialized flags causing aarch64 failure share/ansible/: create the newusers PAM service file tests/system/framework/roles/shadow.py: implement binding for `newusers` tests/system/tests/test_newusers.py: create multiple users from stdin tests/system/tests/test_newusers.py: create multiple users using file input share/ansible/: create the groupmems PAM service file tests/system/framework/roles/shadow.py: implement binding for `groupmems` tests/system/tests/test_groupmems.py: add user to group as root user share/ansible/: install `expect` package share/ansible/: Make sure `expect` is found in Alpine tests/system/framework/roles/shadow.py: implement binding for `newgrp` tests/system/tests/test_newgrp.py: change to new group Samuel Thibault (1): hurd: do not include sys/prctl.h when it is not available Serge Hallyn (3): Merge pull request #1258 from ikerexxe/useradd-chroot Update po and potfiles (pre-)Release 4.19.0-rc1 akshay (1): groupadd: clarify -U option help text Align wording with groupmod to reduce ambiguity in -U option description. sgakerru (5): lib/list.c: free_list(): Add function src/useradd.c: Use free_list() to free user groups list src/useradd.c: Do not automatically add supplements groups for system users useradd: fix test `69_useradd_default_GROUPS_name` useradd: tests for supplements groups vinz (1): chpasswd: Check hash before write when using -e -
-
4.18.0
protected045652a9 · ·Release 4.18.0 what's changed: CI: purge man-db by @ikerexxe in #1241 passwd: document exit code when PAM has errored by @hallyn in #1244 Man patches by @zeha in #1175 Quick fix: define E_PAM_ERR in lib/pam_pass.c by @hallyn in #1245 Accept /usr/sbin/nologin as an alternate to /sbin/nologin by @zeha in #1246 Add LOGIN_ENV_SAFELIST to FOREIGNDEFS by @stanislav-brabec in #1248 ci: add gawk as a fedora dependency by @ikerexxe in #1252 man/useradd.8.xml: fix the CREATE_HOME description by @hallyn in #1251 lib/getdate.y: Restrict the date formats that we support by @alejandro-colomar in #1238 newuidmap: better error logging on failure by @matthewhughes934 in #1254 Extend basic test cases to check shadow and gshadow entries by @ikerexxe in #1237 lib/sizeof.h: Make sure STRLEN() only accepts string literals by @alejandro-colomar in #1260 Add strprefix(), and use it instead of its pattern by @alejandro-colomar in #1152 src/: Simplify, using strpbrk(3) by @alejandro-colomar in #1167 lib/string/strdup/: STRNDUPA(): Reimplement in terms of strndupa(3) by @alejandro-colomar in #1189 Remove dead beef by @alejandro-colomar in #1230 lib/atoi/a2i/: Simplify these macros by calling a2i() by @alejandro-colomar in #1137 strtolower(): Add API, and use it instead of its pattern by @alejandro-colomar in #1211 lib/: sget*ent(): Simplify by calling strdup(3) by @alejandro-colomar in #1146 fields by @alejandro-colomar in #1150 yacc(1) is a dead language; bury it deep in the ground by @alejandro-colomar in #1217 Test expiration date by @ikerexxe in #1233 [scp] Add strcaseprefix(), and use it instead of its pattern by @alejandro-colomar in #1262 valid_field(): Improve readability by @alejandro-colomar in #1208 lib/, src/, tests/: Use the standard countof() instead of our NITEMS() by @alejandro-colomar in #1259 lib/fs/mkstemp/, src/: Move fmkomstemp() to separate files under lib/fs/mkstemp/, and split into mkomstemp() by @alejandro-colomar in #1139 [x][v]aprintf(): Add APIs, and use them instead of [x][v]asprintf(3) by @alejandro-colomar in #1168 lib/get_pid.c: pid_t is a signed integer by @alejandro-colomar in #1264 src/newusers.c: Fix off-by-one benign bug in array declaration by @alejandro-colomar in #1266 Add some wrappers for usual loops around strsep(3) by @alejandro-colomar in #1155 lib/fs/readlink/areadlink.h: areadlink(): Avoid inconditionally using PATH_MAX by @sthibaul in #1222 configure: Fix typo by @sthibaul in #1268 Pre-release 4.18.0-rc1 by @hallyn in #1270 Update man pages for chage, shadow, passwd by @domiborges in #1243 contrib/: Burn it all by @alejandro-colomar in #1274 Pre-release 4.18.0-rc2 by @hallyn in #1275 New Contributors @matthewhughes934 made their first contribution in #1254 @domiborges made their first contribution in #1243 -
-
-
-
4.17.4
protectedb23a5823 · ·Release 4.17.4 Changes since 4.17.3: Alejandro Colomar (12): Revert "lib/, src/: Use local time for human-readable dates" lib/getdate.y: Ignore time-zone information and use UTC src/chfn.c: Partially revert "lib/, src/: Use strsep(3) instead of its pattern" src/chfn.c: Use stpsep() instead of its pattern src/chfn.c: Add local variable to refer to the separated field src/chfn.c: copy_field(): Rename local variable lib/commonio.c: Rely on the POSIX.1-2008 behavior of realpath(3) lib/fs/readlink/: readlinknul(): Use ssize_t to simplify autogen.sh: Promote -Wsign-compare to an error lib/sizeof.h: ssizeof(): Add signed variant of sizeof src/lastlog.c: Use ssizeof() to avoid a -Wsign-compare diagnostic tests/unit/test_xasprintf.c: Fix sign-mismatch diagnostic Chris Hofstaedtler (2): configure.ac: stop checking for utmp location configure.ac: be deterministic about passwd location Iker Pedrosa (3): lib/, src/: update audit messages lib/: audit function for groups src/: update group audit messages Michael Vetter (1): doc/: Remove list of distributions Serge Hallyn (1): release 4.17.4 -
-
-
4.17.3
protectedd3fa0ba5 · ·Release 4.17.3 Changelog: Alejandro Colomar (59): src/login_nopam.c: list_match(): Refactor conditional src/login_nopam.c: list_match(): Add superfluous else src/login_nopam.c: list_match(): '(match)' is always true here src/login_nopam.c: list_match(): Move code around src/login_nopam.c: list_match(): Remove local variable configure.ac, lib/, src/: Assume setgroups(2) exists configure.ac, lib/: Assume initgroups(3) exists lib/: Include <gshadow.h> if it's available configure.ac, lib/gshadow.c: Presume working shadow group support in libc lib/gshadow_.h: Fix compatibility with libc's struct sgrp lib/, src/: Reduce scope of variables lib/, src/: Un-spageticize code lib/, src/: Simplify allocation of buffer lib/search/cmp/, lib/, tests/: CMP(), cmp_*(): Add macro and functions lib/search/l/: LFIND(): Add macro lib/, src/: Use LFIND() instead of open-coded search loops lib/addgrps.c: add_groups(): Remove useless cast lib/addgrps.c: add_groups(): Allocate earlier lib/addgrps.c: add_groups(): Simplify redundant code with a goto lib/, src/: Unconditionally call setgroups(2) lib/, src/: Replace redundant checks by actual error handling lib/search/l/: LSEARCH(): Add macro lib/, src/: Use LSEARCH() instead of its pattern lib/addgrps.c: add_groups(): Split variable to avoid sign-mismatch diagnostics lib/string/strchr/: strchrscnt(): Add function lib/addgrps.c: add_groups(): Reallocate at once lib/, src/: Rename variables lib/addgrps.c: add_groups(): Remove arbitrary limit lib/search/sort/: QSORT(): Add macro lib/adds.h: addslN(): Use QSORT() instead of its pattern configure.ac, lib/, src/: Use gid_t instead of GETGROUPS_T lib/shadow/grp/: agetgroups(): Add function lib/, src/: Use agetgroups() instead of its pattern lib/, src/, doc/: Remove dead code lib/pwauth.*: PW_{ADD,CHANGE,DELETE,FTP,REXEC}: Remove dead code lib/, src/, doc/: Remove pw_auth()'s $3 as dead code lib/motd.c: motd(): Invert logic to reduce indentation lib/, src/: motd(): Report errors instead of exiting from library code configure.ac, lib/: Use __has_include(<crypt.h>) instead of HAVE_CRYPT_H configure.ac, lib/: Use __has_include(<sys/random.h>) instead of HAVE_SYS_RANDOM_H lib/: Use __has_include(<security/pam_misc.h>) instead of HAVE_SECURITY_PAM_MISC_H lib/: Use __has_include(<security/openpam.h>) instead of HAVE_SECURITY_OPENPAM_H lib/idmapping.c: Unconditionally include <sys/prctl.h> configure.ac, lib/: Use __has_include(<sys/capability.h>) instead of HAVE_SYS_CAPABILITY_H configure.ac: Remove unused AC_CHECK_HEADERS() checks configure.ac, lib/: Use __has_include(<gshadow.h>) instead of HAVE_GSHADOW_H lib/chkname.c: is_valid_name(): Use streq() instead of its pattern src/useradd.c: create_home(): Use !streq() instead of its pattern src/useradd.c: E_BAD_NAME: Use a different error code for bad login names lib/string/strcmp/: strcaseeq(): Add function lib/, src/: Use strcaseeq() instead of its pattern src/useradd.c: Use !strcaseeq() instead of its pattern lib/string/strchr/: strrcspn(), stprcspn(): Add function and macro lib/string/strspn/, lib/, src/: Move *spn() APIs to separate subdir lib/string/strspn/, lib/, src/: stprspn(), strrspn_(): Split API into function and macro lib/basename.c: Basename(): Use stprcspn() instead of its pattern lib/string/: Add comments expanding the letter-soup API names lib/string/ctype/strisascii/: strisdigit(): Add function lib/: Use strisdigit() instead of its pattern Chris Hofstaedtler (1): chsh: do not warn about blank shell Iker Pedrosa (11): Tests: implement system test framework tests: basic configuration tests: basic user creation tests: recreate deleted user tests: rename user tests: delete user and homedir tests: basic group creation tests: change GID of a group tests: basic group deletion etc/login.defs: enable CREATE_HOME CI: run system tests Marc Haber (1): man/useradd.8.xml: Document new exit code 19 (E_BAD_NAME) Markus Hiereth (1): man/useradd.8.xml: wfix Michael Vetter (2): ci: add openSUSE Tumbleweed doc: fix typo Serge Hallyn (3): Revert "etc/login.defs: enable CREATE_HOME" add and use a login.defs.test with CREATE_HOME set Release 4.17.3 Tobias Stoeckmann (10): man/: Install suauth.5 only if feature exists src/: Make line number overflows less likely src/newusers.c: Turn nusers into size_t chage: Drop PAM support man/passwd.1.xml: -P disables PAM support src/login_nopam.c: list_match(): Use iteration instead of recursion lib/encrypt.c: Do not exit in error case src/gpasswd: Clear password in more cases src/gpasswd: Use correct preprocessor definition lib/, src/: Turn error counters into flags Todd C. Miller (1): src/vipw.c: Restore the original terminal pgrp after editing -
4.17.2
protected6a2ab3d7 · ·Release 4.17.2 Changelog: Alejandro Colomar (2): lib/chkname.c: login_name_max_size(): Put limits for LOGIN_NAME_MAX and sysconf(_SC_LOGIN_NAME_MAX) Release 4.17.2 Alexander Kanavin (1): lib/attr.h: use C23 attributes only with gcc >= 10 Américo Monteiro (1): man: Add Portuguese translation Remus-Gabriel Chelu (1): man/, po/: Update Romanian translation Scott Martin (1): man/: Update link to Wikipedia to use HTTPS Tobias Stoeckmann (4): src/login_nopam.c: Fix compiler warnings login: Fix no-pam authorization regression lib/: Use _exit in case of execv errors lib/: Set O_CLOEXEC for static FILE handles bubu (1): Update French translation -
-
-
-