diff --git a/SOURCES/shadow-4.3.1-manfix.patch b/SOURCES/shadow-4.3.1-manfix.patch
deleted file mode 100644
index bd1577e..0000000
--- a/SOURCES/shadow-4.3.1-manfix.patch
+++ /dev/null
@@ -1,349 +0,0 @@
-Index: shadow-4.5/man/groupmems.8.xml
-===================================================================
---- shadow-4.5.orig/man/groupmems.8.xml
-+++ shadow-4.5/man/groupmems.8.xml
-@@ -179,20 +179,10 @@
-
- SETUP
-
-- The groupmems executable should be in mode
-- 2770 as user root and in group
-- groups. The system administrator can add users to
-- group groups to allow or disallow them using the
-- groupmems utility to manage their own group
-- membership list.
-+ In this operating system the groupmems executable
-+ is not setuid and regular users cannot use it to manipulate
-+ the membership of their own group.
-
--
--
-- $ groupadd -r groups
-- $ chmod 2770 groupmems
-- $ chown root.groups groupmems
-- $ groupmems -g groups -a gk4
--
-
-
-
-Index: shadow-4.5/man/chage.1.xml
-===================================================================
---- shadow-4.5.orig/man/chage.1.xml
-+++ shadow-4.5/man/chage.1.xml
-@@ -102,6 +102,9 @@
- Set the number of days since January 1st, 1970 when the password
- was last changed. The date may also be expressed in the format
- YYYY-MM-DD (or the format more commonly used in your area).
-+ If the LAST_DAY is set to
-+ 0 the user is forced to change his password
-+ on the next log on.
-
-
-
-@@ -119,6 +122,13 @@
- system again.
-
-
-+ For example the following can be used to set an account to expire
-+ in 180 days:
-+
-+
-+ chage -E $(date -d +180days +%Y-%m-%d)
-+
-+
- Passing the number -1 as the
- EXPIRE_DATE will remove an account
- expiration date.
-@@ -233,6 +243,18 @@
- The chage program requires a shadow password file to
- be available.
-
-+
-+ The chage program will report only the information from the shadow
-+ password file. This implies that configuration from other sources
-+ (e.g. LDAP or empty password hash field from the passwd file) that
-+ affect the user's login will not be shown in the chage output.
-+
-+
-+ The chage program will also not report any
-+ inconsistency between the shadow and passwd files (e.g. missing x in
-+ the passwd file). The pwck can be used to check
-+ for this kind of inconsistencies.
-+
- The chage command is restricted to the root
- user, except for the option, which may be used by
- an unprivileged user to determine when their password or account is due
-Index: shadow-4.5/man/ja/man5/login.defs.5
-===================================================================
---- shadow-4.5.orig/man/ja/man5/login.defs.5
-+++ shadow-4.5/man/ja/man5/login.defs.5
-@@ -147,10 +147,6 @@ PASS_MAX_DAYS, PASS_MIN_DAYS, PASS_WARN_
- shadow パスワード機能のどのプログラムが
- どのパラメータを使用するかを示したものである。
- .na
--.IP chfn 12
--CHFN_AUTH CHFN_RESTRICT
--.IP chsh 12
--CHFN_AUTH
- .IP groupadd 12
- GID_MAX GID_MIN
- .IP newusers 12
-Index: shadow-4.5/man/login.defs.5.xml
-===================================================================
---- shadow-4.5.orig/man/login.defs.5.xml
-+++ shadow-4.5/man/login.defs.5.xml
-@@ -162,6 +162,17 @@
- long numeric parameters is machine-dependent.
-
-
-+
-+ Please note that the parameters in this configuration file control the
-+ behavior of the tools from the shadow-utils component. None of these
-+ tools uses the PAM mechanism, and the utilities that use PAM (such as the
-+ passwd command) should be configured elsewhere. The only values that
-+ affect PAM modules are ENCRYPT_METHOD and SHA_CRYPT_MAX_ROUNDS
-+ for pam_unix module, FAIL_DELAY for pam_faildelay module,
-+ and UMASK for pam_umask module. Refer to
-+ pam(8) for more information.
-+
-+
- The following configuration items are provided:
-
-
-@@ -252,16 +263,6 @@
-
-
-
-- chfn
--
--
-- CHFN_AUTH
-- CHFN_RESTRICT
-- LOGIN_STRING
--
--
--
--
- chgpasswd
-
-
-@@ -282,14 +283,6 @@
-
-
-
--
-- chsh
--
--
-- CHSH_AUTH LOGIN_STRING
--
--
--
-
-
-
-@@ -350,34 +343,6 @@
-
-
-
--
-- login
--
--
-- CONSOLE
-- CONSOLE_GROUPS DEFAULT_HOME
-- ENV_HZ ENV_PATH ENV_SUPATH
-- ENV_TZ ENVIRON_FILE
-- ERASECHAR FAIL_DELAY
-- FAILLOG_ENAB
-- FAKE_SHELL
-- FTMP_FILE
-- HUSHLOGIN_FILE
-- ISSUE_FILE
-- KILLCHAR
-- LASTLOG_ENAB
-- LOGIN_RETRIES
-- LOGIN_STRING
-- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
-- MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
-- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
-- QUOTAS_ENAB
-- TTYGROUP TTYPERM TTYTYPE_FILE
-- ULIMIT UMASK
-- USERGROUPS_ENAB
--
--
--
-
-
- newgrp / sg
-@@ -405,17 +370,6 @@
-
-
-
--
-- passwd
--
--
-- ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
-- PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
-- SHA_CRYPT_MAX_ROUNDS
-- SHA_CRYPT_MIN_ROUNDS
--
--
--
-
- pwck
-
-@@ -442,32 +396,6 @@
-
-
-
--
-- su
--
--
-- CONSOLE
-- CONSOLE_GROUPS DEFAULT_HOME
-- ENV_HZ ENVIRON_FILE
-- ENV_PATH ENV_SUPATH
-- ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
-- MAIL_DIR MAIL_FILE QUOTAS_ENAB
-- SULOG_FILE SU_NAME
-- SU_WHEEL_ONLY
-- SYSLOG_SU_ENAB
-- USERGROUPS_ENAB
--
--
--
--
-- sulogin
--
--
-- ENV_HZ
-- ENV_TZ
--
--
--
-
- useradd
-
-Index: shadow-4.5/man/shadow.5.xml
-===================================================================
---- shadow-4.5.orig/man/shadow.5.xml
-+++ shadow-4.5/man/shadow.5.xml
-@@ -129,7 +129,7 @@
-
-
- The date of the last password change, expressed as the number
-- of days since Jan 1, 1970.
-+ of days since Jan 1, 1970 00:00 UTC.
-
-
- The value 0 has a special meaning, which is that the user
-@@ -208,8 +208,8 @@
-
-
- After expiration of the password and this expiration period is
-- elapsed, no login is possible using the current user's
-- password. The user should contact her administrator.
-+ elapsed, no login is possible for the user.
-+ The user should contact her administrator.
-
-
- An empty field means that there are no enforcement of an
-@@ -224,7 +224,7 @@
-
-
- The date of expiration of the account, expressed as the number
-- of days since Jan 1, 1970.
-+ of days since Jan 1, 1970 00:00 UTC.
-
-
- Note that an account expiration differs from a password
-Index: shadow-4.5/man/useradd.8.xml
-===================================================================
---- shadow-4.5.orig/man/useradd.8.xml
-+++ shadow-4.5/man/useradd.8.xml
-@@ -347,6 +347,11 @@
- is not enabled, no home
- directories are created.
-
-+
-+ The directory where the user's home directory is created must
-+ exist and have proper SELinux context and permissions. Otherwise
-+ the user's home directory cannot be created or accessed.
-+
-
-
-
-Index: shadow-4.5/man/usermod.8.xml
-===================================================================
---- shadow-4.5.orig/man/usermod.8.xml
-+++ shadow-4.5/man/usermod.8.xml
-@@ -132,7 +132,8 @@
- If the
- option is given, the contents of the current home directory will
- be moved to the new home directory, which is created if it does
-- not already exist.
-+ not already exist. If the current home directory does not exist
-+ the new home directory will not be created.
-
-
-
-@@ -256,7 +257,8 @@
-
-
- Move the content of the user's home directory to the new
-- location.
-+ location. If the current home directory does not exist
-+ the new home directory will not be created.
-
-
- This option is only valid in combination with the
-diff --git a/man/login.defs.d/SUB_GID_COUNT.xml b/man/login.defs.d/SUB_GID_COUNT.xml
-index 01ace007..93fe7421 100644
---- a/man/login.defs.d/SUB_GID_COUNT.xml
-+++ b/man/login.defs.d/SUB_GID_COUNT.xml
-@@ -42,7 +42,7 @@
-
- The default values for ,
- ,
-- are respectively 100000, 600100000 and 10000.
-+ are respectively 100000, 600100000 and 65536.
-
-
-
-diff --git a/man/login.defs.d/SUB_UID_COUNT.xml b/man/login.defs.d/SUB_UID_COUNT.xml
-index 5ad812f7..516417b7 100644
---- a/man/login.defs.d/SUB_UID_COUNT.xml
-+++ b/man/login.defs.d/SUB_UID_COUNT.xml
-@@ -42,7 +42,7 @@
-
- The default values for ,
- ,
-- are respectively 100000, 600100000 and 10000.
-+ are respectively 100000, 600100000 and 65536.
-
-
-
-diff -up shadow-4.6/man/groupadd.8.xml.manfix shadow-4.6/man/groupadd.8.xml
---- shadow-4.6/man/groupadd.8.xml.manfix 2019-04-02 16:35:52.096637444 +0200
-+++ shadow-4.6/man/groupadd.8.xml 2019-06-07 14:23:57.477602106 +0200
-@@ -320,13 +320,13 @@
-
- 4
-
-- GID not unique (when not used)
-+ GID is already used (when called without )
-
-
-
- 9
-
-- group name not unique
-+ group name is already used
-
-
-
-
diff --git a/SOURCES/shadow-4.5-goodname.patch b/SOURCES/shadow-4.5-goodname.patch
deleted file mode 100644
index 2f82828..0000000
--- a/SOURCES/shadow-4.5-goodname.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-Index: shadow-4.5/libmisc/chkname.c
-===================================================================
---- shadow-4.5.orig/libmisc/chkname.c
-+++ shadow-4.5/libmisc/chkname.c
-@@ -47,27 +47,46 @@
- #include "chkname.h"
-
- static bool is_valid_name (const char *name)
--{
-+{
- /*
-- * User/group names must match [a-z_][a-z0-9_-]*[$]
-- */
-- if (('\0' == *name) ||
-- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
-+ * User/group names must match gnu e-regex:
-+ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
-+ *
-+ * as a non-POSIX, extension, allow "$" as the last char for
-+ * sake of Samba 3.x "add machine script"
-+ *
-+ * Also do not allow fully numeric names or just "." or "..".
-+ */
-+ int numeric;
-+
-+ if ('\0' == *name ||
-+ ('.' == *name && (('.' == name[1] && '\0' == name[2]) ||
-+ '\0' == name[1])) ||
-+ !((*name >= 'a' && *name <= 'z') ||
-+ (*name >= 'A' && *name <= 'Z') ||
-+ (*name >= '0' && *name <= '9') ||
-+ *name == '_' ||
-+ *name == '.')) {
- return false;
- }
-
-+ numeric = isdigit(*name);
-+
- while ('\0' != *++name) {
-- if (!(( ('a' <= *name) && ('z' >= *name) ) ||
-- ( ('0' <= *name) && ('9' >= *name) ) ||
-- ('_' == *name) ||
-- ('-' == *name) ||
-- ( ('$' == *name) && ('\0' == *(name + 1)) )
-+ if (!((*name >= 'a' && *name <= 'z') ||
-+ (*name >= 'A' && *name <= 'Z') ||
-+ (*name >= '0' && *name <= '9') ||
-+ *name == '_' ||
-+ *name == '.' ||
-+ *name == '-' ||
-+ (*name == '$' && name[1] == '\0')
- )) {
- return false;
- }
-+ numeric &= isdigit(*name);
- }
-
-- return true;
-+ return !numeric;
- }
-
- bool is_valid_user_name (const char *name)
-Index: shadow-4.5/man/groupadd.8.xml
-===================================================================
---- shadow-4.5.orig/man/groupadd.8.xml
-+++ shadow-4.5/man/groupadd.8.xml
-@@ -256,10 +256,14 @@
-
- CAVEATS
-
-- Groupnames must start with a lower case letter or an underscore,
-- followed by lower case letters, digits, underscores, or dashes.
-- They can end with a dollar sign.
-- In regular expression terms: [a-z_][a-z0-9_-]*[$]?
-+ Groupnames may contain only lower and upper case letters, digits,
-+ underscores, or dashes. They can end with a dollar sign.
-+
-+ Dashes are not allowed at the beginning of the groupname.
-+ Fully numeric groupnames and groupnames . or .. are
-+ also disallowed.
-+
-+ In regular expression terms: [a-zA-Z0-9_.][a-zA-Z0-9_.-]*[$]?
-
-
- Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
-Index: shadow-4.5/man/useradd.8.xml
-===================================================================
---- shadow-4.5.orig/man/useradd.8.xml
-+++ shadow-4.5/man/useradd.8.xml
-@@ -633,10 +633,16 @@
-
-
-
-- Usernames must start with a lower case letter or an underscore,
-- followed by lower case letters, digits, underscores, or dashes.
-- They can end with a dollar sign.
-- In regular expression terms: [a-z_][a-z0-9_-]*[$]?
-+ Usernames may contain only lower and upper case letters, digits,
-+ underscores, or dashes. They can end with a dollar sign.
-+
-+ Dashes are not allowed at the beginning of the username.
-+ Fully numeric usernames and usernames . or .. are
-+ also disallowed. It is not recommended to use usernames beginning
-+ with . character as their home directories will be hidden in
-+ the ls output.
-+
-+ In regular expression terms: [a-zA-Z0-9_.][a-zA-Z0-9_.-]*[$]?
-
-
- Usernames may only be up to 32 characters long.
diff --git a/SOURCES/shadow-4.6-goodname.patch b/SOURCES/shadow-4.6-goodname.patch
new file mode 100644
index 0000000..13b5f75
--- /dev/null
+++ b/SOURCES/shadow-4.6-goodname.patch
@@ -0,0 +1,104 @@
+diff -up shadow-4.6/libmisc/chkname.c.goodname shadow-4.6/libmisc/chkname.c
+--- shadow-4.6/libmisc/chkname.c.goodname 2020-10-23 12:50:47.202529031 +0200
++++ shadow-4.6/libmisc/chkname.c 2020-10-23 12:54:54.604692559 +0200
+@@ -49,25 +49,44 @@
+ static bool is_valid_name (const char *name)
+ {
+ /*
+- * User/group names must match [a-z_][a-z0-9_-]*[$]
+- */
+- if (('\0' == *name) ||
+- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
++ * User/group names must match gnu e-regex:
++ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
++ *
++ * as a non-POSIX, extension, allow "$" as the last char for
++ * sake of Samba 3.x "add machine script"
++ *
++ * Also do not allow fully numeric names or just "." or "..".
++ */
++ int numeric;
++
++ if ('\0' == *name ||
++ ('.' == *name && (('.' == name[1] && '\0' == name[2]) ||
++ '\0' == name[1])) ||
++ !((*name >= 'a' && *name <= 'z') ||
++ (*name >= 'A' && *name <= 'Z') ||
++ (*name >= '0' && *name <= '9') ||
++ *name == '_' ||
++ *name == '.')) {
+ return false;
+ }
+
++ numeric = isdigit(*name);
++
+ while ('\0' != *++name) {
+- if (!(( ('a' <= *name) && ('z' >= *name) ) ||
+- ( ('0' <= *name) && ('9' >= *name) ) ||
+- ('_' == *name) ||
+- ('-' == *name) ||
+- ( ('$' == *name) && ('\0' == *(name + 1)) )
++ if (!((*name >= 'a' && *name <= 'z') ||
++ (*name >= 'A' && *name <= 'Z') ||
++ (*name >= '0' && *name <= '9') ||
++ *name == '_' ||
++ *name == '.' ||
++ *name == '-' ||
++ (*name == '$' && name[1] == '\0')
+ )) {
+ return false;
+ }
++ numeric &= isdigit(*name);
+ }
+
+- return true;
++ return !numeric;
+ }
+
+ bool is_valid_user_name (const char *name)
+diff -up shadow-4.6/man/groupadd.8.xml.goodname shadow-4.6/man/groupadd.8.xml
+--- shadow-4.6/man/groupadd.8.xml.goodname 2018-04-29 18:42:37.000000000 +0200
++++ shadow-4.6/man/groupadd.8.xml 2020-10-23 12:50:47.202529031 +0200
+@@ -273,10 +273,14 @@
+
+ CAVEATS
+
+- Groupnames must start with a lower case letter or an underscore,
+- followed by lower case letters, digits, underscores, or dashes.
+- They can end with a dollar sign.
+- In regular expression terms: [a-z_][a-z0-9_-]*[$]?
++ Groupnames may begin with lower and upper case letters, digits,
++ underscores, or periods. They may continue with all the aforementioned
++ characters, or dashes. Finally, they can end with a dollar sign.
++
++ Fully numeric groupnames and groupnames containing only . or .. are
++ disallowed.
++
++ In regular expression terms: [a-zA-Z0-9_.][a-zA-Z0-9_.-]*[$]?
+
+
+ Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
+diff -up shadow-4.6/man/useradd.8.xml.goodname shadow-4.6/man/useradd.8.xml
+--- shadow-4.6/man/useradd.8.xml.goodname 2018-04-29 18:42:37.000000000 +0200
++++ shadow-4.6/man/useradd.8.xml 2020-10-23 12:50:47.202529031 +0200
+@@ -650,10 +650,16 @@
+
+
+
+- Usernames must start with a lower case letter or an underscore,
+- followed by lower case letters, digits, underscores, or dashes.
+- They can end with a dollar sign.
+- In regular expression terms: [a-z_][a-z0-9_-]*[$]?
++ Usernames may begin with lower and upper case letters, digits,
++ underscores, or periods. They may continue with all the aforementioned
++ characters, or dashes. Finally, they can end with a dollar sign.
++
++ Fully numeric usernames and usernames containing only . or .. are
++ disallowed. It is not recommended to use usernames beginning
++ with . character as their home directories will be hidden in
++ the ls output.
++
++ In regular expression terms: [a-zA-Z0-9_.][a-zA-Z0-9_.-]*[$]?
+
+
+ Usernames may only be up to 32 characters long.
diff --git a/SOURCES/shadow-4.6-manfix.patch b/SOURCES/shadow-4.6-manfix.patch
new file mode 100644
index 0000000..80ae198
--- /dev/null
+++ b/SOURCES/shadow-4.6-manfix.patch
@@ -0,0 +1,349 @@
+diff -up shadow-4.6/man/groupmems.8.xml.manfix shadow-4.6/man/groupmems.8.xml
+--- shadow-4.6/man/groupmems.8.xml.manfix 2018-04-29 18:42:37.000000000 +0200
++++ shadow-4.6/man/groupmems.8.xml 2020-10-23 13:15:24.105387634 +0200
+@@ -179,20 +179,10 @@
+
+ SETUP
+
+- The groupmems executable should be in mode
+- 2770 as user root and in group
+- groups. The system administrator can add users to
+- group groups to allow or disallow them using the
+- groupmems utility to manage their own group
+- membership list.
++ In this operating system the groupmems executable
++ is not setuid and regular users cannot use it to manipulate
++ the membership of their own group.
+
+-
+-
+- $ groupadd -r groups
+- $ chmod 2770 groupmems
+- $ chown root.groups groupmems
+- $ groupmems -g groups -a gk4
+-
+
+
+
+diff -up shadow-4.6/man/chage.1.xml.manfix shadow-4.6/man/chage.1.xml
+--- shadow-4.6/man/chage.1.xml.manfix 2018-04-29 18:42:37.000000000 +0200
++++ shadow-4.6/man/chage.1.xml 2020-10-23 13:15:24.105387634 +0200
+@@ -102,6 +102,9 @@
+ Set the number of days since January 1st, 1970 when the password
+ was last changed. The date may also be expressed in the format
+ YYYY-MM-DD (or the format more commonly used in your area).
++ If the LAST_DAY is set to
++ 0 the user is forced to change his password
++ on the next log on.
+
+
+
+@@ -119,6 +122,13 @@
+ system again.
+
+
++ For example the following can be used to set an account to expire
++ in 180 days:
++
++
++ chage -E $(date -d +180days +%Y-%m-%d)
++
++
+ Passing the number -1 as the
+ EXPIRE_DATE will remove an account
+ expiration date.
+@@ -233,6 +243,18 @@
+ The chage program requires a shadow password file to
+ be available.
+
++
++ The chage program will report only the information from the shadow
++ password file. This implies that configuration from other sources
++ (e.g. LDAP or empty password hash field from the passwd file) that
++ affect the user's login will not be shown in the chage output.
++
++
++ The chage program will also not report any
++ inconsistency between the shadow and passwd files (e.g. missing x in
++ the passwd file). The pwck can be used to check
++ for this kind of inconsistencies.
++
+ The chage command is restricted to the root
+ user, except for the option, which may be used by
+ an unprivileged user to determine when their password or account is due
+diff -up shadow-4.6/man/ja/man5/login.defs.5.manfix shadow-4.6/man/ja/man5/login.defs.5
+--- shadow-4.6/man/ja/man5/login.defs.5.manfix 2018-04-29 18:42:37.000000000 +0200
++++ shadow-4.6/man/ja/man5/login.defs.5 2020-10-23 13:15:24.106387639 +0200
+@@ -147,10 +147,6 @@ 以下の参照表は、
+ shadow パスワード機能のどのプログラムが
+ どのパラメータを使用するかを示したものである。
+ .na
+-.IP chfn 12
+-CHFN_AUTH CHFN_RESTRICT
+-.IP chsh 12
+-CHFN_AUTH
+ .IP groupadd 12
+ GID_MAX GID_MIN
+ .IP newusers 12
+diff -up shadow-4.6/man/login.defs.5.xml.manfix shadow-4.6/man/login.defs.5.xml
+--- shadow-4.6/man/login.defs.5.xml.manfix 2018-04-29 18:42:37.000000000 +0200
++++ shadow-4.6/man/login.defs.5.xml 2020-10-23 13:15:43.280475188 +0200
+@@ -162,6 +162,27 @@
+ long numeric parameters is machine-dependent.
+
+
++
++ Please note that the parameters in this configuration file control the
++ behavior of the tools from the shadow-utils component. None of these
++ tools uses the PAM mechanism, and the utilities that use PAM (such as the
++ passwd command) should be configured elsewhere. The only values that
++ affect PAM modules are ENCRYPT_METHOD and SHA_CRYPT_MAX_ROUNDS
++ for pam_unix module, FAIL_DELAY for pam_faildelay module,
++ and UMASK for pam_umask module. Refer to
++ pam(8) for more information.
++
++
++
++ Please also take into account that this man page is generic and some of
++ the options may be unsupported by currently installed tools. In case of
++ doubt check and
++ . For example see
++ login
++ 1 for login specific options such
++ as LOGIN_STRING.
++
++
+ The following configuration items are provided:
+
+
+@@ -252,16 +273,6 @@
+
+
+
+- chfn
+-
+-
+- CHFN_AUTH
+- CHFN_RESTRICT
+- LOGIN_STRING
+-
+-
+-
+-
+ chgpasswd
+
+
+@@ -282,14 +293,6 @@
+
+
+
+-
+- chsh
+-
+-
+- CHSH_AUTH LOGIN_STRING
+-
+-
+-
+
+
+
+@@ -350,34 +353,6 @@
+
+
+
+-
+- login
+-
+-
+- CONSOLE
+- CONSOLE_GROUPS DEFAULT_HOME
+- ENV_HZ ENV_PATH ENV_SUPATH
+- ENV_TZ ENVIRON_FILE
+- ERASECHAR FAIL_DELAY
+- FAILLOG_ENAB
+- FAKE_SHELL
+- FTMP_FILE
+- HUSHLOGIN_FILE
+- ISSUE_FILE
+- KILLCHAR
+- LASTLOG_ENAB
+- LOGIN_RETRIES
+- LOGIN_STRING
+- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
+- MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
+- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
+- QUOTAS_ENAB
+- TTYGROUP TTYPERM TTYTYPE_FILE
+- ULIMIT UMASK
+- USERGROUPS_ENAB
+-
+-
+-
+
+
+ newgrp / sg
+@@ -405,17 +380,6 @@
+
+
+
+-
+- passwd
+-
+-
+- ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
+- PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
+- SHA_CRYPT_MAX_ROUNDS
+- SHA_CRYPT_MIN_ROUNDS
+-
+-
+-
+
+ pwck
+
+@@ -442,32 +406,6 @@
+
+
+
+-
+- su
+-
+-
+- CONSOLE
+- CONSOLE_GROUPS DEFAULT_HOME
+- ENV_HZ ENVIRON_FILE
+- ENV_PATH ENV_SUPATH
+- ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
+- MAIL_DIR MAIL_FILE QUOTAS_ENAB
+- SULOG_FILE SU_NAME
+- SU_WHEEL_ONLY
+- SYSLOG_SU_ENAB
+- USERGROUPS_ENAB
+-
+-
+-
+-
+- sulogin
+-
+-
+- ENV_HZ
+- ENV_TZ
+-
+-
+-
+
+ useradd
+
+diff -up shadow-4.6/man/shadow.5.xml.manfix shadow-4.6/man/shadow.5.xml
+--- shadow-4.6/man/shadow.5.xml.manfix 2018-04-29 18:42:37.000000000 +0200
++++ shadow-4.6/man/shadow.5.xml 2020-10-23 13:15:24.106387639 +0200
+@@ -129,7 +129,7 @@
+
+
+ The date of the last password change, expressed as the number
+- of days since Jan 1, 1970.
++ of days since Jan 1, 1970 00:00 UTC.
+
+
+ The value 0 has a special meaning, which is that the user
+@@ -208,8 +208,8 @@
+
+
+ After expiration of the password and this expiration period is
+- elapsed, no login is possible using the current user's
+- password. The user should contact her administrator.
++ elapsed, no login is possible for the user.
++ The user should contact her administrator.
+
+
+ An empty field means that there are no enforcement of an
+@@ -224,7 +224,7 @@
+
+
+ The date of expiration of the account, expressed as the number
+- of days since Jan 1, 1970.
++ of days since Jan 1, 1970 00:00 UTC.
+
+
+ Note that an account expiration differs from a password
+diff -up shadow-4.6/man/useradd.8.xml.manfix shadow-4.6/man/useradd.8.xml
+--- shadow-4.6/man/useradd.8.xml.manfix 2020-10-23 13:15:24.100387611 +0200
++++ shadow-4.6/man/useradd.8.xml 2020-10-23 13:15:24.106387639 +0200
+@@ -347,6 +347,11 @@
+ is not enabled, no home
+ directories are created.
+
++
++ The directory where the user's home directory is created must
++ exist and have proper SELinux context and permissions. Otherwise
++ the user's home directory cannot be created or accessed.
++
+
+
+
+diff -up shadow-4.6/man/usermod.8.xml.manfix shadow-4.6/man/usermod.8.xml
+--- shadow-4.6/man/usermod.8.xml.manfix 2018-04-29 18:42:37.000000000 +0200
++++ shadow-4.6/man/usermod.8.xml 2020-10-23 13:15:24.106387639 +0200
+@@ -132,7 +132,8 @@
+ If the
+ option is given, the contents of the current home directory will
+ be moved to the new home directory, which is created if it does
+- not already exist.
++ not already exist. If the current home directory does not exist
++ the new home directory will not be created.
+
+
+
+@@ -256,7 +257,8 @@
+
+
+ Move the content of the user's home directory to the new
+- location.
++ location. If the current home directory does not exist
++ the new home directory will not be created.
+
+
+ This option is only valid in combination with the
+diff -up shadow-4.6/man/login.defs.d/SUB_GID_COUNT.xml.manfix shadow-4.6/man/login.defs.d/SUB_GID_COUNT.xml
+--- shadow-4.6/man/login.defs.d/SUB_GID_COUNT.xml.manfix 2018-04-29 18:42:37.000000000 +0200
++++ shadow-4.6/man/login.defs.d/SUB_GID_COUNT.xml 2020-10-23 13:15:24.106387639 +0200
+@@ -42,7 +42,7 @@
+
+ The default values for ,
+ ,
+- are respectively 100000, 600100000 and 10000.
++ are respectively 100000, 600100000 and 65536.
+
+
+
+diff -up shadow-4.6/man/login.defs.d/SUB_UID_COUNT.xml.manfix shadow-4.6/man/login.defs.d/SUB_UID_COUNT.xml
+--- shadow-4.6/man/login.defs.d/SUB_UID_COUNT.xml.manfix 2018-04-29 18:42:37.000000000 +0200
++++ shadow-4.6/man/login.defs.d/SUB_UID_COUNT.xml 2020-10-23 13:15:24.106387639 +0200
+@@ -42,7 +42,7 @@
+
+ The default values for ,
+ ,
+- are respectively 100000, 600100000 and 10000.
++ are respectively 100000, 600100000 and 65536.
+
+
+
+diff -up shadow-4.6/man/groupadd.8.xml.manfix shadow-4.6/man/groupadd.8.xml
+--- shadow-4.6/man/groupadd.8.xml.manfix 2020-10-23 13:15:24.100387611 +0200
++++ shadow-4.6/man/groupadd.8.xml 2020-10-23 13:15:24.106387639 +0200
+@@ -322,13 +322,13 @@
+
+ 4
+
+- GID not unique (when not used)
++ GID is already used (when called without )
+
+
+
+ 9
+
+- group name not unique
++ group name is already used
+
+
+
diff --git a/SOURCES/shadow-4.6-sssd-redirect-warning.patch b/SOURCES/shadow-4.6-sssd-redirect-warning.patch
new file mode 100644
index 0000000..c452231
--- /dev/null
+++ b/SOURCES/shadow-4.6-sssd-redirect-warning.patch
@@ -0,0 +1,59 @@
+From 87257a49a1821d67870aa9760c71b6791583709c Mon Sep 17 00:00:00 2001
+From: ikerexxe
+Date: Fri, 2 Oct 2020 16:09:42 +0200
+Subject: [PATCH] lib/sssd: redirect warning message to file
+
+Instead of printing warning in stderr print it to file. This way the
+user is not spammed with unnecessary messages when updating packages.
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1749001
+---
+ lib/sssd.c | 14 ++++++--------
+ 1 file changed, 6 insertions(+), 8 deletions(-)
+
+diff --git a/lib/sssd.c b/lib/sssd.c
+index 80e49e55..f864ce68 100644
+--- a/lib/sssd.c
++++ b/lib/sssd.c
+@@ -11,7 +11,7 @@
+ #include "prototypes.h"
+ #include "sssd.h"
+
+-#define MSG_SSSD_FLUSH_CACHE_FAILED "%s: Failed to flush the sssd cache.\n"
++#define MSG_SSSD_FLUSH_CACHE_FAILED "%s: Failed to flush the sssd cache."
+
+ int sssd_flush_cache (int dbflags)
+ {
+@@ -46,24 +46,22 @@ int sssd_flush_cache (int dbflags)
+ free(sss_cache_args);
+ if (rv != 0) {
+ /* run_command writes its own more detailed message. */
+- (void) fprintf (stderr, _(MSG_SSSD_FLUSH_CACHE_FAILED), Prog);
++ SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, Prog));
+ return -1;
+ }
+
+ code = WEXITSTATUS (status);
+ if (!WIFEXITED (status)) {
+- (void) fprintf (stderr,
+- _("%s: sss_cache did not terminate normally (signal %d)\n"),
+- Prog, WTERMSIG (status));
++ SYSLOG ((LOG_WARN, "%s: sss_cache did not terminate normally (signal %d)",
++ Prog, WTERMSIG (status)));
+ return -1;
+ } else if (code == E_CMD_NOTFOUND) {
+ /* sss_cache is not installed, or it is installed but uses an
+ interpreter that is missing. Probably the former. */
+ return 0;
+ } else if (code != 0) {
+- (void) fprintf (stderr, _("%s: sss_cache exited with status %d\n"),
+- Prog, code);
+- (void) fprintf (stderr, _(MSG_SSSD_FLUSH_CACHE_FAILED), Prog);
++ SYSLOG ((LOG_WARN, "%s: sss_cache exited with status %d", Prog, code));
++ SYSLOG ((LOG_WARN, MSG_SSSD_FLUSH_CACHE_FAILED, Prog));
+ return -1;
+ }
+
+--
+2.26.2
+
diff --git a/SOURCES/shadow-utils.login.defs b/SOURCES/shadow-utils.login.defs
index 0adfb66..12d516c 100644
--- a/SOURCES/shadow-utils.login.defs
+++ b/SOURCES/shadow-utils.login.defs
@@ -15,6 +15,20 @@
MAIL_DIR /var/spool/mail
#MAIL_FILE .mail
+# Default initial "umask" value used by login(1) on non-PAM enabled systems.
+# Default "umask" value for pam_umask(8) on PAM enabled systems.
+# UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+# home directories if HOME_MODE is not set.
+# 022 is the default value, but 027, or even 077, could be considered
+# for increased privacy. There is no One True Answer here: each sysadmin
+# must make up their mind.
+UMASK 022
+
+# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+# home directories.
+# If HOME_MODE is not set, the value of UMASK is used to create the mode.
+HOME_MODE 0700
+
# Password aging controls:
#
# PASS_MAX_DAYS Maximum number of days a password may be used.
@@ -59,10 +73,6 @@ SYS_GID_MAX 999
#
CREATE_HOME yes
-# The permission mask is initialized to this value. If not specified,
-# the permission mask will be initialized to 022.
-UMASK 077
-
# This enables userdel to remove user groups if no members exist.
#
USERGROUPS_ENAB yes
diff --git a/SPECS/shadow-utils.spec b/SPECS/shadow-utils.spec
index 24e0573..a806a39 100644
--- a/SPECS/shadow-utils.spec
+++ b/SPECS/shadow-utils.spec
@@ -1,7 +1,7 @@
Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils
Version: 4.6
-Release: 10%{?dist}
+Release: 12%{?dist}
Epoch: 2
URL: http://pkg-shadow.alioth.debian.org/
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
@@ -11,13 +11,13 @@ Source3: shadow-utils.login.defs
Source4: shadow-bsd.txt
Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
Patch0: shadow-4.6-redhat.patch
-Patch1: shadow-4.5-goodname.patch
+Patch1: shadow-4.6-goodname.patch
Patch2: shadow-4.1.5.1-info-parent-dir.patch
Patch6: shadow-4.6-selinux.patch
Patch10: shadow-4.6-orig-context.patch
Patch11: shadow-4.1.5.1-logmsg.patch
Patch14: shadow-4.1.5.1-default-range.patch
-Patch15: shadow-4.3.1-manfix.patch
+Patch15: shadow-4.6-manfix.patch
Patch17: shadow-4.1.5.1-userdel-helpfix.patch
Patch19: shadow-4.2.1-date-parsing.patch
Patch21: shadow-4.6-move-home.patch
@@ -43,6 +43,8 @@ Patch42: shadow-4.6-regular-user.patch
Patch43: shadow-4.6-home_mode-directive.patch
# Upstreamed
Patch44: shadow-4.6-check-local-groups.patch
+# https://github.com/shadow-maint/shadow/commit/e84df9e163e133eb11a2728024ff3e3440592cf8
+Patch45: shadow-4.6-sssd-redirect-warning.patch
License: BSD and GPLv2+
Group: System Environment/Base
@@ -105,6 +107,7 @@ are used for managing group accounts.
%patch42 -p1 -b .regular-user
%patch43 -p1 -b .home_mode-directive
%patch44 -p1 -b .check-local-groups
+%patch45 -p1 -b .sssd-redirect-warning
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
cp -f doc/HOWTO.utf8 doc/HOWTO
@@ -259,6 +262,14 @@ done
%{_mandir}/man8/vigr.8*
%changelog
+* Fri Oct 23 2020 Iker Pedrosa - 2:4.6-12
+- lib/sssd: redirect warning message to file (#1749001)
+- useradd: clarify valid usernames/groupnames (#1869432)
+- login.defs: link login specific information to its own package (#1804766)
+
+* Fri Aug 7 2020 Iker Pedrosa - 2:4.6-11
+- change UMASK value and add HOME_MODE in login.defs (#1777718)
+
* Tue May 5 2020 Iker Pedrosa - 2:4.6-10
- check only local groups when adding new supplementary groups to a user