diff --git a/.shadow-utils.metadata b/.shadow-utils.metadata
new file mode 100644
index 0000000..47a9646
--- /dev/null
+++ b/.shadow-utils.metadata
@@ -0,0 +1,2 @@
+81f38720b953ef9c2c100c43d02dfe19cafd6c30 SOURCES/shadow-4.1.5.1.tar.bz2
+126570e2939bf3b57f28df5197ab9309747a6b5c SOURCES/shadow-4.1.5.1.tar.bz2.sig
diff --git a/README.md b/README.md
deleted file mode 100644
index 0e7897f..0000000
--- a/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-The master branch has no content
-
-Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6
-
-If you find this file in a distro specific branch, it means that no content has been checked in yet
diff --git a/SOURCES/shadow-4.1.5-2ndskip.patch b/SOURCES/shadow-4.1.5-2ndskip.patch
new file mode 100644
index 0000000..8a9cf68
--- /dev/null
+++ b/SOURCES/shadow-4.1.5-2ndskip.patch
@@ -0,0 +1,100 @@
+diff -up shadow-4.1.5/src/grpconv.c.2ndskip shadow-4.1.5/src/grpconv.c
+--- shadow-4.1.5/src/grpconv.c.2ndskip 2012-06-18 13:08:34.438910815 +0200
++++ shadow-4.1.5/src/grpconv.c 2012-06-18 13:12:51.270764552 +0200
+@@ -143,6 +143,7 @@ int main (int argc, char **argv)
+ struct group grent;
+ const struct sgrp *sg;
+ struct sgrp sgent;
++ char *np;
+
+ Prog = Basename (argv[0]);
+
+@@ -184,20 +185,25 @@ int main (int argc, char **argv)
+ * Remove /etc/gshadow entries for groups not in /etc/group.
+ */
+ (void) sgr_rewind ();
+- while ((sg = sgr_next ()) != NULL) {
+- if (gr_locate (sg->sg_name) != NULL) {
+- continue;
+- }
+-
+- if (sgr_remove (sg->sg_name) == 0) {
+- /*
+- * This shouldn't happen (the entry exists) but...
+- */
+- fprintf (stderr,
+- _("%s: cannot remove entry '%s' from %s\n"),
+- Prog, sg->sg_name, sgr_dbname ());
+- fail_exit (3);
++ sg = sgr_next ();
++ np=NULL;
++ while (sg != NULL) {
++ np = strdup(sg->sg_name);
++ sg = sgr_next ();
++
++ if(gr_locate (np) == NULL) {
++ if (sgr_remove (np) == 0) {
++ /*
++ * This shouldn't happen (the entry exists) but...
++ */
++ fprintf (stderr,
++ _("%s: cannot remove entry '%s' from %s\n"),
++ Prog, np, sgr_dbname ());
++ free(np);
++ fail_exit (3);
++ }
+ }
++ free(np);
+ }
+
+ /*
+diff -up shadow-4.1.5/src/pwconv.c.2ndskip shadow-4.1.5/src/pwconv.c
+--- shadow-4.1.5/src/pwconv.c.2ndskip 2012-06-18 11:23:33.938511797 +0200
++++ shadow-4.1.5/src/pwconv.c 2012-06-18 12:57:18.396426194 +0200
+@@ -173,6 +173,7 @@ int main (int argc, char **argv)
+ struct passwd pwent;
+ const struct spwd *sp;
+ struct spwd spent;
++ char *np;
+
+ Prog = Basename (argv[0]);
+
+@@ -223,20 +224,25 @@ int main (int argc, char **argv)
+ * Remove /etc/shadow entries for users not in /etc/passwd.
+ */
+ (void) spw_rewind ();
+- while ((sp = spw_next ()) != NULL) {
+- if (pw_locate (sp->sp_namp) != NULL) {
+- continue;
+- }
+-
+- if (spw_remove (sp->sp_namp) == 0) {
+- /*
+- * This shouldn't happen (the entry exists) but...
+- */
+- fprintf (stderr,
+- _("%s: cannot remove entry '%s' from %s\n"),
+- Prog, sp->sp_namp, spw_dbname ());
+- fail_exit (E_FAILURE);
++ sp = spw_next ();
++ np = NULL;
++ while (sp != NULL) {
++ np = strdup(sp->sp_namp);
++ sp = spw_next ();
++
++ if (pw_locate (np) == NULL) {
++ if (spw_remove (np) == 0) {
++ /*
++ * This shouldn't happen (the entry exists) but...
++ */
++ fprintf (stderr,
++ _("%s: cannot remove entry '%s' from %s\n"),
++ Prog, np, spw_dbname ());
++ free(np);
++ fail_exit (E_FAILURE);
++ }
+ }
++ free(np);
+ }
+
+ /*
diff --git a/SOURCES/shadow-4.1.5-redhat.patch b/SOURCES/shadow-4.1.5-redhat.patch
new file mode 100644
index 0000000..a785b29
--- /dev/null
+++ b/SOURCES/shadow-4.1.5-redhat.patch
@@ -0,0 +1,42 @@
+diff -up shadow-4.1.5/man/useradd.8.redhat shadow-4.1.5/man/useradd.8
+diff -up shadow-4.1.5/src/useradd.c.redhat shadow-4.1.5/src/useradd.c
+--- shadow-4.1.5/src/useradd.c.redhat 2011-12-09 23:23:15.000000000 +0100
++++ shadow-4.1.5/src/useradd.c 2012-03-19 09:50:05.227588669 +0100
+@@ -93,7 +93,7 @@ const char *Prog;
+ static gid_t def_group = 100;
+ static const char *def_gname = "other";
+ static const char *def_home = "/home";
+-static const char *def_shell = "";
++static const char *def_shell = "/sbin/nologin";
+ static const char *def_template = SKEL_DIR;
+ static const char *def_create_mail_spool = "no";
+
+@@ -103,7 +103,7 @@ static const char *def_expire = "";
+ #define VALID(s) (strcspn (s, ":\n") == strlen (s))
+
+ static const char *user_name = "";
+-static const char *user_pass = "!";
++static const char *user_pass = "!!";
+ static uid_t user_id;
+ static gid_t user_gid;
+ static const char *user_comment = "";
+@@ -1011,9 +1011,9 @@ static void process_flags (int argc, cha
+ };
+ while ((c = getopt_long (argc, argv,
+ #ifdef WITH_SELINUX
+- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:",
++ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:s:u:UZ:",
+ #else /* !WITH_SELINUX */
+- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U",
++ "b:c:d:De:f:g:G:hk:K:lmMnNop:rR:s:u:U",
+ #endif /* !WITH_SELINUX */
+ long_options, NULL)) != -1) {
+ switch (c) {
+@@ -1164,6 +1164,7 @@ static void process_flags (int argc, cha
+ case 'M':
+ Mflg = true;
+ break;
++ case 'n':
+ case 'N':
+ Nflg = true;
+ break;
diff --git a/SOURCES/shadow-4.1.5-uflg.patch b/SOURCES/shadow-4.1.5-uflg.patch
new file mode 100644
index 0000000..f72bca3
--- /dev/null
+++ b/SOURCES/shadow-4.1.5-uflg.patch
@@ -0,0 +1,23 @@
+diff -up shadow-4.1.5/libmisc/find_new_gid.c.uflg shadow-4.1.5/libmisc/find_new_gid.c
+--- shadow-4.1.5/libmisc/find_new_gid.c.uflg 2011-07-30 01:10:27.000000000 +0200
++++ shadow-4.1.5/libmisc/find_new_gid.c 2012-03-19 12:51:46.090554116 +0100
+@@ -68,7 +68,7 @@ int find_new_gid (bool sys_group,
+ return -1;
+ }
+ } else {
+- gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
++ gid_min = (gid_t) 1;
+ gid_max = (gid_t) getdef_ulong ("GID_MIN", 1000UL) - 1;
+ gid_max = (gid_t) getdef_ulong ("SYS_GID_MAX", (unsigned long) gid_max);
+ if (gid_max < gid_min) {
+@@ -100,6 +100,10 @@ int find_new_gid (bool sys_group,
+ return 0;
+ }
+
++ /* if we did not find free preffered system gid, we start to look for
++ * one in the range assigned to dynamic system IDs */
++ if (sys_group)
++ gid_min = (gid_t) getdef_ulong ("SYS_GID_MIN", 101UL);
+
+ /*
+ * Search the entire group file,
diff --git a/SOURCES/shadow-4.1.5.1-audit-owner.patch b/SOURCES/shadow-4.1.5.1-audit-owner.patch
new file mode 100644
index 0000000..6fbbdbf
--- /dev/null
+++ b/SOURCES/shadow-4.1.5.1-audit-owner.patch
@@ -0,0 +1,32 @@
+diff -up shadow-4.1.5.1/src/usermod.c.audit shadow-4.1.5.1/src/usermod.c
+--- shadow-4.1.5.1/src/usermod.c.audit 2011-11-21 23:02:16.000000000 +0100
++++ shadow-4.1.5.1/src/usermod.c 2013-06-14 14:54:20.237026550 +0200
+@@ -1513,6 +1513,14 @@ static void move_home (void)
+ fail_exit (E_HOMEDIR);
+ }
+
++#ifdef WITH_AUDIT
++ if (uflg || gflg) {
++ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
++ "changing home directory owner",
++ user_newname, (unsigned int) user_newid, 1);
++ }
++#endif
++
+ if (rename (user_home, user_newhome) == 0) {
+ /* FIXME: rename above may have broken symlinks
+ * pointing to the user's home directory
+@@ -1947,6 +1955,13 @@ int main (int argc, char **argv)
+ * ownership.
+ *
+ */
++#ifdef WITH_AUDIT
++ if (uflg || gflg) {
++ audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
++ "changing home directory owner",
++ user_newname, (unsigned int) user_newid, 1);
++ }
++#endif
+ if (chown_tree (dflg ? user_newhome : user_home,
+ user_id,
+ uflg ? user_newid : (uid_t)-1,
diff --git a/SOURCES/shadow-4.1.5.1-backup-mode.patch b/SOURCES/shadow-4.1.5.1-backup-mode.patch
new file mode 100644
index 0000000..7366b86
--- /dev/null
+++ b/SOURCES/shadow-4.1.5.1-backup-mode.patch
@@ -0,0 +1,20 @@
+diff -up shadow-4.1.5.1/lib/commonio.c.backup-mode shadow-4.1.5.1/lib/commonio.c
+--- shadow-4.1.5.1/lib/commonio.c.backup-mode 2012-05-18 21:44:54.000000000 +0200
++++ shadow-4.1.5.1/lib/commonio.c 2012-09-19 20:27:16.089444234 +0200
+@@ -301,15 +301,12 @@ static int create_backup (const char *ba
+ struct utimbuf ub;
+ FILE *bkfp;
+ int c;
+- mode_t mask;
+
+ if (fstat (fileno (fp), &sb) != 0) {
+ return -1;
+ }
+
+- mask = umask (077);
+- bkfp = fopen (backup, "w");
+- (void) umask (mask);
++ bkfp = fopen_set_perms (backup, "w", &sb);
+ if (NULL == bkfp) {
+ return -1;
+ }
diff --git a/SOURCES/shadow-4.1.5.1-crypt-null.patch b/SOURCES/shadow-4.1.5.1-crypt-null.patch
new file mode 100644
index 0000000..fba72e7
--- /dev/null
+++ b/SOURCES/shadow-4.1.5.1-crypt-null.patch
@@ -0,0 +1,195 @@
+diff -up shadow-4.1.5.1/lib/encrypt.c.crypt-null shadow-4.1.5.1/lib/encrypt.c
+--- shadow-4.1.5.1/lib/encrypt.c.crypt-null 2010-08-22 15:05:02.000000000 +0200
++++ shadow-4.1.5.1/lib/encrypt.c 2013-07-25 12:27:30.438355782 +0200
+@@ -49,11 +49,10 @@
+ if (!cp) {
+ /*
+ * Single Unix Spec: crypt() may return a null pointer,
+- * and set errno to indicate an error. The caller doesn't
+- * expect us to return NULL, so...
++ * and set errno to indicate an error. In this case return
++ * the NULL so the caller can handle appropriately.
+ */
+- perror ("crypt");
+- exit (EXIT_FAILURE);
++ return cp;
+ }
+
+ /* The GNU crypt does not return NULL if the algorithm is not
+diff -up shadow-4.1.5.1/libmisc/valid.c.crypt-null shadow-4.1.5.1/libmisc/valid.c
+--- shadow-4.1.5.1/libmisc/valid.c.crypt-null 2010-08-22 21:14:41.000000000 +0200
++++ shadow-4.1.5.1/libmisc/valid.c 2013-07-25 12:27:30.440355847 +0200
+@@ -95,6 +95,7 @@ bool valid (const char *password, const
+ */
+
+ if ( (NULL != ent->pw_name)
++ && (NULL != encrypted)
+ && (strcmp (encrypted, ent->pw_passwd) == 0)) {
+ return true;
+ } else {
+diff -up shadow-4.1.5.1/lib/pwauth.c.crypt-null shadow-4.1.5.1/lib/pwauth.c
+--- shadow-4.1.5.1/lib/pwauth.c.crypt-null 2009-07-13 00:24:48.000000000 +0200
++++ shadow-4.1.5.1/lib/pwauth.c 2013-07-25 12:27:30.438355782 +0200
+@@ -73,6 +73,7 @@ int pw_auth (const char *cipher,
+ char prompt[1024];
+ char *clear = NULL;
+ const char *cp;
++ const char *encrypted;
+ int retval;
+
+ #ifdef SKEY
+@@ -177,7 +178,11 @@ int pw_auth (const char *cipher,
+ * the results there as well.
+ */
+
+- retval = strcmp (pw_encrypt (input, cipher), cipher);
++ encrypted = pw_encrypt (input, cipher);
++ if (encrypted!=NULL)
++ retval = strcmp (encrypted, cipher);
++ else
++ retval = -1;
+
+ #ifdef SKEY
+ /*
+diff -up shadow-4.1.5.1/src/chgpasswd.c.crypt-null shadow-4.1.5.1/src/chgpasswd.c
+--- shadow-4.1.5.1/src/chgpasswd.c.crypt-null 2011-12-09 22:31:40.000000000 +0100
++++ shadow-4.1.5.1/src/chgpasswd.c 2013-07-25 12:27:30.440355847 +0200
+@@ -469,6 +469,10 @@ int main (int argc, char **argv)
+ #endif
+ cp = pw_encrypt (newpwd,
+ crypt_make_salt (crypt_method, arg));
++ if (cp == NULL) {
++ perror ("crypt");
++ exit (EXIT_FAILURE);
++ }
+ }
+
+ /*
+diff -up shadow-4.1.5.1/src/chpasswd.c.crypt-null shadow-4.1.5.1/src/chpasswd.c
+--- shadow-4.1.5.1/src/chpasswd.c.crypt-null 2011-12-09 22:31:40.000000000 +0100
++++ shadow-4.1.5.1/src/chpasswd.c 2013-07-25 12:27:30.440355847 +0200
+@@ -492,6 +492,10 @@ int main (int argc, char **argv)
+ #endif
+ cp = pw_encrypt (newpwd,
+ crypt_make_salt(crypt_method, arg));
++ if (cp == NULL) {
++ perror ("crypt");
++ exit (EXIT_FAILURE);
++ }
+ }
+
+ /*
+diff -up shadow-4.1.5.1/src/gpasswd.c.crypt-null shadow-4.1.5.1/src/gpasswd.c
+--- shadow-4.1.5.1/src/gpasswd.c.crypt-null 2011-11-19 23:55:04.000000000 +0100
++++ shadow-4.1.5.1/src/gpasswd.c 2013-07-25 12:27:30.441355866 +0200
+@@ -939,6 +939,10 @@ static void change_passwd (struct group
+ }
+
+ cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL));
++ if (cp==NULL) {
++ perror ("crypt");
++ exit (EXIT_FAILURE);
++ }
+ memzero (pass, sizeof pass);
+ #ifdef SHADOWGRP
+ if (is_shadowgrp) {
+diff -up shadow-4.1.5.1/src/newgrp.c.crypt-null shadow-4.1.5.1/src/newgrp.c
+--- shadow-4.1.5.1/src/newgrp.c.crypt-null 2011-07-30 03:50:01.000000000 +0200
++++ shadow-4.1.5.1/src/newgrp.c 2013-07-25 12:27:30.442355881 +0200
+@@ -184,7 +184,8 @@ static void check_perms (const struct gr
+ cpasswd = pw_encrypt (cp, grp->gr_passwd);
+ strzero (cp);
+
+- if (grp->gr_passwd[0] == '\0' ||
++ if (cpasswd == NULL ||
++ grp->gr_passwd[0] == '\0' ||
+ strcmp (cpasswd, grp->gr_passwd) != 0) {
+ #ifdef WITH_AUDIT
+ snprintf (audit_buf, sizeof(audit_buf),
+diff -up shadow-4.1.5.1/src/newusers.c.crypt-null shadow-4.1.5.1/src/newusers.c
+--- shadow-4.1.5.1/src/newusers.c.crypt-null 2011-12-09 22:31:40.000000000 +0100
++++ shadow-4.1.5.1/src/newusers.c 2013-07-25 12:27:30.442355881 +0200
+@@ -387,6 +387,7 @@ static int add_user (const char *name, u
+ static void update_passwd (struct passwd *pwd, const char *password)
+ {
+ void *crypt_arg = NULL;
++ char *cp;
+ if (crypt_method != NULL) {
+ #ifdef USE_SHA_CRYPT
+ if (sflg) {
+@@ -398,9 +399,13 @@ static void update_passwd (struct passwd
+ if ((crypt_method != NULL) && (0 == strcmp(crypt_method, "NONE"))) {
+ pwd->pw_passwd = (char *)password;
+ } else {
+- pwd->pw_passwd = pw_encrypt (password,
+- crypt_make_salt (crypt_method,
+- crypt_arg));
++ cp=pw_encrypt (password, crypt_make_salt (crypt_method,
++ crypt_arg));
++ if (cp == NULL) {
++ perror ("crypt");
++ exit (EXIT_FAILURE);
++ }
++ pwd->pw_passwd = cp;
+ }
+ }
+ #endif /* !USE_PAM */
+@@ -412,6 +417,7 @@ static int add_passwd (struct passwd *pw
+ {
+ const struct spwd *sp;
+ struct spwd spent;
++ char *cp;
+
+ #ifndef USE_PAM
+ void *crypt_arg = NULL;
+@@ -448,7 +454,12 @@ static int add_passwd (struct passwd *pw
+ } else {
+ const char *salt = crypt_make_salt (crypt_method,
+ crypt_arg);
+- spent.sp_pwdp = pw_encrypt (password, salt);
++ cp = pw_encrypt (password, salt);
++ if (cp == NULL) {
++ perror ("crypt");
++ exit (EXIT_FAILURE);
++ }
++ spent.sp_pwdp = cp;
+ }
+ spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
+ if (0 == spent.sp_lstchg) {
+@@ -492,7 +503,12 @@ static int add_passwd (struct passwd *pw
+ spent.sp_pwdp = (char *)password;
+ } else {
+ const char *salt = crypt_make_salt (crypt_method, crypt_arg);
+- spent.sp_pwdp = pw_encrypt (password, salt);
++ cp = pw_encrypt (password, salt);
++ if (cp == NULL) {
++ perror ("crypt");
++ exit (EXIT_FAILURE);
++ }
++ spent.sp_pwdp = cp;
+ }
+ #else
+ /*
+diff -up shadow-4.1.5.1/src/passwd.c.crypt-null shadow-4.1.5.1/src/passwd.c
+--- shadow-4.1.5.1/src/passwd.c.crypt-null 2012-02-13 21:32:01.000000000 +0100
++++ shadow-4.1.5.1/src/passwd.c 2013-07-25 12:27:30.443355896 +0200
+@@ -242,7 +242,7 @@ static int new_password (const struct pa
+ }
+
+ cipher = pw_encrypt (clear, crypt_passwd);
+- if (strcmp (cipher, crypt_passwd) != 0) {
++ if ((cipher == NULL) || (strcmp (cipher, crypt_passwd) != 0)) {
+ strzero (clear);
+ strzero (cipher);
+ SYSLOG ((LOG_WARN, "incorrect password for %s",
+@@ -349,6 +349,10 @@ static int new_password (const struct pa
+ * Encrypt the password, then wipe the cleartext password.
+ */
+ cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL));
++ if (cp == NULL) {
++ perror ("crypt");
++ exit (EXIT_FAILURE);
++ }
+ memzero (pass, sizeof pass);
+
+ #ifdef HAVE_LIBCRACK_HIST
diff --git a/SOURCES/shadow-4.1.5.1-default-range.patch b/SOURCES/shadow-4.1.5.1-default-range.patch
new file mode 100644
index 0000000..45c677a
--- /dev/null
+++ b/SOURCES/shadow-4.1.5.1-default-range.patch
@@ -0,0 +1,35 @@
+diff -up shadow-4.1.5.1/lib/semanage.c.default-range shadow-4.1.5.1/lib/semanage.c
+--- shadow-4.1.5.1/lib/semanage.c.default-range 2012-01-08 17:35:44.000000000 +0100
++++ shadow-4.1.5.1/lib/semanage.c 2013-06-14 15:14:51.970237594 +0200
+@@ -143,6 +143,7 @@ static int semanage_user_mod (semanage_h
+ goto done;
+ }
+
++#if 0
+ ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
+ if (ret != 0) {
+ fprintf (stderr,
+@@ -150,6 +151,7 @@ static int semanage_user_mod (semanage_h
+ ret = 1;
+ goto done;
+ }
++#endif
+
+ ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
+ if (ret != 0) {
+@@ -200,6 +202,7 @@ static int semanage_user_add (semanage_h
+ goto done;
+ }
+
++#if 0
+ ret = semanage_seuser_set_mlsrange (handle, seuser, DEFAULT_SERANGE);
+ if (ret != 0) {
+ fprintf (stderr,
+@@ -208,6 +211,7 @@ static int semanage_user_add (semanage_h
+ ret = 1;
+ goto done;
+ }
++#endif
+
+ ret = semanage_seuser_set_sename (handle, seuser, seuser_name);
+ if (ret != 0) {
diff --git a/SOURCES/shadow-4.1.5.1-errmsg.patch b/SOURCES/shadow-4.1.5.1-errmsg.patch
new file mode 100644
index 0000000..6f3a1d2
--- /dev/null
+++ b/SOURCES/shadow-4.1.5.1-errmsg.patch
@@ -0,0 +1,23 @@
+diff -up shadow-4.1.5.1/src/useradd.c.logmsg shadow-4.1.5.1/src/useradd.c
+--- shadow-4.1.5.1/src/useradd.c.logmsg 2013-02-20 15:41:44.000000000 +0100
++++ shadow-4.1.5.1/src/useradd.c 2013-06-14 14:22:59.529661095 +0200
+@@ -1760,6 +1760,9 @@ static void create_home (void)
+ if (access (user_home, F_OK) != 0) {
+ #ifdef WITH_SELINUX
+ if (set_selinux_file_context (user_home, NULL) != 0) {
++ fprintf (stderr,
++ _("%s: cannot set SELinux context for home directory %s\n"),
++ Prog, user_home);
+ fail_exit (E_HOMEDIR);
+ }
+ #endif
+@@ -1789,6 +1792,9 @@ static void create_home (void)
+ #ifdef WITH_SELINUX
+ /* Reset SELinux to create files with default contexts */
+ if (reset_selinux_file_context () != 0) {
++ fprintf (stderr,
++ _("%s: cannot reset SELinux file creation context\n"),
++ Prog);
+ fail_exit (E_HOMEDIR);
+ }
+ #endif
diff --git a/SOURCES/shadow-4.1.5.1-goodname.patch b/SOURCES/shadow-4.1.5.1-goodname.patch
new file mode 100644
index 0000000..1fdd84f
--- /dev/null
+++ b/SOURCES/shadow-4.1.5.1-goodname.patch
@@ -0,0 +1,118 @@
+diff -up shadow-4.1.5.1/libmisc/chkname.c.goodname shadow-4.1.5.1/libmisc/chkname.c
+--- shadow-4.1.5.1/libmisc/chkname.c.goodname 2009-07-13 00:24:45.000000000 +0200
++++ shadow-4.1.5.1/libmisc/chkname.c 2012-09-19 18:43:53.492160653 +0200
+@@ -49,20 +49,28 @@
+ static bool is_valid_name (const char *name)
+ {
+ /*
+- * User/group names must match [a-z_][a-z0-9_-]*[$]
+- */
+- if (('\0' == *name) ||
+- !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
++ * User/group names must match gnu e-regex:
++ * [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
++ *
++ * as a non-POSIX, extension, allow "$" as the last char for
++ * sake of Samba 3.x "add machine script"
++ */
++ if ( ('\0' == *name) ||
++ !((*name >= 'a' && *name <= 'z') ||
++ (*name >= 'A' && *name <= 'Z') ||
++ (*name >= '0' && *name <= '9') ||
++ (*name == '_') || (*name == '.')
++ )) {
+ return false;
+ }
+
+ while ('\0' != *++name) {
+- if (!(( ('a' <= *name) && ('z' >= *name) ) ||
+- ( ('0' <= *name) && ('9' >= *name) ) ||
+- ('_' == *name) ||
+- ('-' == *name) ||
+- ( ('$' == *name) && ('\0' == *(name + 1)) )
+- )) {
++ if (!( (*name >= 'a' && *name <= 'z') ||
++ (*name >= 'A' && *name <= 'Z') ||
++ (*name >= '0' && *name <= '9') ||
++ (*name == '_') || (*name == '.') || (*name == '-') ||
++ (*name == '$' && *(name + 1) == '\0')
++ )) {
+ return false;
+ }
+ }
+diff -up shadow-4.1.5.1/man/groupadd.8.xml.goodname shadow-4.1.5.1/man/groupadd.8.xml
+--- shadow-4.1.5.1/man/groupadd.8.xml.goodname 2012-05-25 13:45:27.000000000 +0200
++++ shadow-4.1.5.1/man/groupadd.8.xml 2012-09-19 18:43:53.492160653 +0200
+@@ -259,12 +259,6 @@
+
+ CAVEATS
+
+- Groupnames must start with a lower case letter or an underscore,
+- followed by lower case letters, digits, underscores, or dashes.
+- They can end with a dollar sign.
+- In regular expression terms: [a-z_][a-z0-9_-]*[$]?
+-
+-
+ Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
+
+
+diff -up shadow-4.1.5.1/man/man8/groupadd.8.goodname shadow-4.1.5.1/man/man8/groupadd.8
+--- shadow-4.1.5.1/man/man8/groupadd.8.goodname 2012-05-25 13:58:40.000000000 +0200
++++ shadow-4.1.5.1/man/man8/groupadd.8 2012-09-19 18:44:42.175123079 +0200
+@@ -190,9 +190,7 @@ Shadow password suite configuration\&.
+ .RE
+ .SH "CAVEATS"
+ .PP
+-Groupnames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]?
+-.PP
+-Groupnames may only be up to 16 characters long\&.
++Groupnames may only be up to 32 characters long\&.
+ .PP
+ You may not add a NIS or LDAP group\&. This must be performed on the corresponding server\&.
+ .PP
+diff -up shadow-4.1.5.1/man/man8/useradd.8.goodname shadow-4.1.5.1/man/man8/useradd.8
+--- shadow-4.1.5.1/man/man8/useradd.8.goodname 2012-05-25 13:59:28.000000000 +0200
++++ shadow-4.1.5.1/man/man8/useradd.8 2012-09-19 18:46:09.249033949 +0200
+@@ -224,7 +224,7 @@ is not enabled, no home directories are
+ .PP
+ \fB\-M\fR
+ .RS 4
+-Do no create the user\*(Aqs home directory, even if the system wide setting from
++Do not create the user\*(Aqs home directory, even if the system wide setting from
+ /etc/login\&.defs
+ (\fBCREATE_HOME\fR) is set to
+ \fIyes\fR\&.
+@@ -430,8 +430,6 @@ Similarly, if the username already exist
+ \fBuseradd\fR
+ will deny the user account creation request\&.
+ .PP
+-Usernames must start with a lower case letter or an underscore, followed by lower case letters, digits, underscores, or dashes\&. They can end with a dollar sign\&. In regular expression terms: [a\-z_][a\-z0\-9_\-]*[$]?
+-.PP
+ Usernames may only be up to 32 characters long\&.
+ .SH "CONFIGURATION"
+ .PP
+diff -up shadow-4.1.5.1/man/useradd.8.xml.goodname shadow-4.1.5.1/man/useradd.8.xml
+--- shadow-4.1.5.1/man/useradd.8.xml.goodname 2012-05-25 13:45:29.000000000 +0200
++++ shadow-4.1.5.1/man/useradd.8.xml 2012-09-19 18:43:53.493160675 +0200
+@@ -366,7 +366,7 @@
+
+
+
+- Do no create the user's home directory, even if the system
++ Do not create the user's home directory, even if the system
+ wide setting from /etc/login.defs
+ () is set to
+ yes.
+@@ -654,12 +654,6 @@
+
+
+
+- Usernames must start with a lower case letter or an underscore,
+- followed by lower case letters, digits, underscores, or dashes.
+- They can end with a dollar sign.
+- In regular expression terms: [a-z_][a-z0-9_-]*[$]?
+-
+-
+ Usernames may only be up to 32 characters long.
+
+
diff --git a/SOURCES/shadow-4.1.5.1-info-parent-dir.patch b/SOURCES/shadow-4.1.5.1-info-parent-dir.patch
new file mode 100644
index 0000000..d2bc009
--- /dev/null
+++ b/SOURCES/shadow-4.1.5.1-info-parent-dir.patch
@@ -0,0 +1,32 @@
+diff -up shadow-4.1.5.1/man/man8/newusers.8.info-parent-dir shadow-4.1.5.1/man/man8/newusers.8
+--- shadow-4.1.5.1/man/man8/newusers.8.info-parent-dir 2012-05-25 13:59:09.000000000 +0200
++++ shadow-4.1.5.1/man/man8/newusers.8 2012-09-19 18:47:17.203525237 +0200
+@@ -99,7 +99,7 @@ This field is copied in the GECOS field
+ .RS 4
+ This field is used to define the home directory of the user\&.
+ .sp
+-If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group\&.
++If this field does not specify an existing directory, the specified directory is created, with ownership set to the user being created or updated and its primary group\&. Note that newusers does not create parent directories of the new user's home directory. The newusers command will fail to create the home directory if the parent directories do not exist, and will send a message to stderr informing the user of the failure. The newusers command will not halt or return a failure to the calling shell if it fails to create the home directory, it will continue to process the batch of new users specified\&.
+ .sp
+ If the home directory of an existing user is changed,
+ \fBnewusers\fR
+diff -up shadow-4.1.5.1/man/newusers.8.xml.info-parent-dir shadow-4.1.5.1/man/newusers.8.xml
+--- shadow-4.1.5.1/man/newusers.8.xml.info-parent-dir 2012-05-25 13:45:28.000000000 +0200
++++ shadow-4.1.5.1/man/newusers.8.xml 2012-09-19 18:46:35.651613365 +0200
+@@ -216,7 +216,15 @@
+
+ If this field does not specify an existing directory, the
+ specified directory is created, with ownership set to the
+- user being created or updated and its primary group.
++ user being created or updated and its primary group. Note
++ that newusers does not create parent directories of the new
++ user's home directory. The newusers command will fail to
++ create the home directory if the parent directories do not
++ exist, and will send a message to stderr informing the user
++ of the failure. The newusers command will not halt or return
++ a failure to the calling shell if it fails to create the home
++ directory, it will continue to process the batch of new users
++ specified.
+
+
+ If the home directory of an existing user is changed,
diff --git a/SOURCES/shadow-4.1.5.1-logmsg.patch b/SOURCES/shadow-4.1.5.1-logmsg.patch
new file mode 100644
index 0000000..7d5cbc8
--- /dev/null
+++ b/SOURCES/shadow-4.1.5.1-logmsg.patch
@@ -0,0 +1,12 @@
+diff -up shadow-4.1.5.1/src/useradd.c.logmsg shadow-4.1.5.1/src/useradd.c
+--- shadow-4.1.5.1/src/useradd.c.logmsg 2013-02-20 15:41:44.000000000 +0100
++++ shadow-4.1.5.1/src/useradd.c 2013-03-19 18:40:04.908292810 +0100
+@@ -275,7 +275,7 @@ static void fail_exit (int code)
+ user_name, AUDIT_NO_ID,
+ SHADOW_AUDIT_FAILURE);
+ #endif
+- SYSLOG ((LOG_INFO, "failed adding user '%s', data deleted", user_name));
++ SYSLOG ((LOG_INFO, "failed adding user '%s', exit code: %d", user_name, code));
+ exit (code);
+ }
+
diff --git a/SOURCES/shadow-4.1.5.1-manfix.patch b/SOURCES/shadow-4.1.5.1-manfix.patch
new file mode 100644
index 0000000..c66d7c9
--- /dev/null
+++ b/SOURCES/shadow-4.1.5.1-manfix.patch
@@ -0,0 +1,57 @@
+diff -up shadow-4.1.5.1/man/man8/useradd.8.manfix shadow-4.1.5.1/man/man8/useradd.8
+--- shadow-4.1.5.1/man/man8/useradd.8.manfix 2013-07-25 10:39:00.000000000 +0200
++++ shadow-4.1.5.1/man/man8/useradd.8 2013-10-18 16:29:41.003281715 +0200
+@@ -85,7 +85,7 @@ by default\&.
+ Any text string\&. It is generally a short description of the login, and is currently used as the field for the user\*(Aqs full name\&.
+ .RE
+ .PP
+-\fB\-d\fR, \fB\-\-home\fR \fIHOME_DIR\fR
++\fB\-d\fR, \fB\-\-home\-dir\fR \fIHOME_DIR\fR
+ .RS 4
+ The new user will be created using
+ \fIHOME_DIR\fR
+@@ -220,9 +220,13 @@ option) will be copied to the home direc
+ By default, if this option is not specified and
+ \fBCREATE_HOME\fR
+ is not enabled, no home directories are created\&.
++.sp
++The directory where the user\*(Aqs home directory is created must
++exist and have proper SELinux context and permissions\&. Otherwise
++the user\*(Aqs home directory cannot be created or accessed\&.
+ .RE
+ .PP
+-\fB\-M\fR
++\fB\-M\fR, \fB\-\-no\-create\-home\fR
+ .RS 4
+ Do not create the user\*(Aqs home directory, even if the system wide setting from
+ /etc/login\&.defs
+diff -up shadow-4.1.5.1/man/useradd.8.xml.manfix shadow-4.1.5.1/man/useradd.8.xml
+--- shadow-4.1.5.1/man/useradd.8.xml.manfix 2013-07-25 10:39:00.115637664 +0200
++++ shadow-4.1.5.1/man/useradd.8.xml 2013-10-18 16:22:13.151437562 +0200
+@@ -161,7 +161,7 @@
+
+
+
+- ,
++ ,
+ HOME_DIR
+
+
+@@ -358,11 +358,16 @@
+ is not enabled, no home
+ directories are created.
+
++
++ The directory where the user's home directory is created must
++ exist and have proper SELinux context and permissions. Otherwise
++ the user's home directory cannot be created or accessed.
++
+
+
+
+
+-
++ ,
+
+
+
diff --git a/SOURCES/shadow-4.1.5.1-merge-group.patch b/SOURCES/shadow-4.1.5.1-merge-group.patch
new file mode 100644
index 0000000..f5cea10
--- /dev/null
+++ b/SOURCES/shadow-4.1.5.1-merge-group.patch
@@ -0,0 +1,27 @@
+diff -up shadow-4.1.5.1/lib/groupio.c.merge-group shadow-4.1.5.1/lib/groupio.c
+--- shadow-4.1.5.1/lib/groupio.c.merge-group 2011-02-16 21:32:24.000000000 +0100
++++ shadow-4.1.5.1/lib/groupio.c 2013-01-29 13:56:43.049275513 +0100
+@@ -330,12 +330,12 @@ static /*@null@*/struct commonio_entry *
+
+ /* Concatenate the 2 lines */
+ new_line_len = strlen (gr1->line) + strlen (gr2->line) +1;
+- new_line = (char *)malloc ((new_line_len + 1) * sizeof(char*));
++ new_line = (char *)malloc (new_line_len + 1);
+ if (NULL == new_line) {
+ errno = ENOMEM;
+ return NULL;
+ }
+- snprintf(new_line, new_line_len, "%s\n%s", gr1->line, gr2->line);
++ snprintf(new_line, new_line_len + 1, "%s\n%s", gr1->line, gr2->line);
+ new_line[new_line_len] = '\0';
+
+ /* Concatenate the 2 list of members */
+@@ -353,7 +353,7 @@ static /*@null@*/struct commonio_entry *
+ members++;
+ }
+ }
+- new_members = (char **)malloc ( (members+1) * sizeof(char*) );
++ new_members = (char **)calloc (members+1, sizeof(char*));
+ if (NULL == new_members) {
+ free (new_line);
+ errno = ENOMEM;
diff --git a/SOURCES/shadow-4.1.5.1-orig-context.patch b/SOURCES/shadow-4.1.5.1-orig-context.patch
new file mode 100644
index 0000000..c1ddb13
--- /dev/null
+++ b/SOURCES/shadow-4.1.5.1-orig-context.patch
@@ -0,0 +1,128 @@
+diff -up shadow-4.1.5.1/lib/commonio.c.orig-context shadow-4.1.5.1/lib/commonio.c
+--- shadow-4.1.5.1/lib/commonio.c.orig-context 2012-09-19 20:27:16.000000000 +0200
++++ shadow-4.1.5.1/lib/commonio.c 2013-02-20 15:20:55.064962324 +0100
+@@ -941,7 +941,7 @@ int commonio_close (struct commonio_db *
+ snprintf (buf, sizeof buf, "%s-", db->filename);
+
+ #ifdef WITH_SELINUX
+- if (set_selinux_file_context (buf) != 0) {
++ if (set_selinux_file_context (buf, db->filename) != 0) {
+ errors++;
+ }
+ #endif
+@@ -975,7 +975,7 @@ int commonio_close (struct commonio_db *
+ snprintf (buf, sizeof buf, "%s+", db->filename);
+
+ #ifdef WITH_SELINUX
+- if (set_selinux_file_context (buf) != 0) {
++ if (set_selinux_file_context (buf, db->filename) != 0) {
+ errors++;
+ }
+ #endif
+diff -up shadow-4.1.5.1/libmisc/copydir.c.orig-context shadow-4.1.5.1/libmisc/copydir.c
+--- shadow-4.1.5.1/libmisc/copydir.c.orig-context 2012-02-13 20:16:32.000000000 +0100
++++ shadow-4.1.5.1/libmisc/copydir.c 2013-02-20 15:19:01.495623232 +0100
+@@ -484,7 +484,7 @@ static int copy_dir (const char *src, co
+ */
+
+ #ifdef WITH_SELINUX
+- if (set_selinux_file_context (dst) != 0) {
++ if (set_selinux_file_context (dst, NULL) != 0) {
+ return -1;
+ }
+ #endif /* WITH_SELINUX */
+@@ -605,7 +605,7 @@ static int copy_symlink (const char *src
+ }
+
+ #ifdef WITH_SELINUX
+- if (set_selinux_file_context (dst) != 0) {
++ if (set_selinux_file_context (dst, NULL) != 0) {
+ free (oldlink);
+ return -1;
+ }
+@@ -684,7 +684,7 @@ static int copy_special (const char *src
+ int err = 0;
+
+ #ifdef WITH_SELINUX
+- if (set_selinux_file_context (dst) != 0) {
++ if (set_selinux_file_context (dst, NULL) != 0) {
+ return -1;
+ }
+ #endif /* WITH_SELINUX */
+@@ -744,7 +744,7 @@ static int copy_file (const char *src, c
+ return -1;
+ }
+ #ifdef WITH_SELINUX
+- if (set_selinux_file_context (dst) != 0) {
++ if (set_selinux_file_context (dst, NULL) != 0) {
+ return -1;
+ }
+ #endif /* WITH_SELINUX */
+diff -up shadow-4.1.5.1/lib/prototypes.h.orig-context shadow-4.1.5.1/lib/prototypes.h
+--- shadow-4.1.5.1/lib/prototypes.h.orig-context 2012-01-08 17:04:29.000000000 +0100
++++ shadow-4.1.5.1/lib/prototypes.h 2013-02-20 15:24:17.251126575 +0100
+@@ -295,7 +295,7 @@ extern /*@observer@*/const char *crypt_m
+
+ /* selinux.c */
+ #ifdef WITH_SELINUX
+-extern int set_selinux_file_context (const char *dst_name);
++extern int set_selinux_file_context (const char *dst_name, const char *orig_name);
+ extern int reset_selinux_file_context (void);
+ #endif
+
+diff -up shadow-4.1.5.1/lib/selinux.c.orig-context shadow-4.1.5.1/lib/selinux.c
+--- shadow-4.1.5.1/lib/selinux.c.orig-context 2012-01-08 17:35:44.000000000 +0100
++++ shadow-4.1.5.1/lib/selinux.c 2013-02-20 15:16:40.383716877 +0100
+@@ -50,7 +50,7 @@ static bool selinux_enabled;
+ * Callers may have to Reset SELinux to create files with default
+ * contexts with reset_selinux_file_context
+ */
+-int set_selinux_file_context (const char *dst_name)
++int set_selinux_file_context (const char *dst_name, const char *orig_name)
+ {
+ /*@null@*/security_context_t scontext = NULL;
+
+@@ -62,19 +62,23 @@ int set_selinux_file_context (const char
+ if (selinux_enabled) {
+ /* Get the default security context for this file */
+ if (matchpathcon (dst_name, 0, &scontext) < 0) {
+- if (security_getenforce () != 0) {
+- return 1;
+- }
++ /* We could not get the default, copy the original */
++ if (orig_name == NULL)
++ goto error;
++ if (getfilecon (orig_name, &scontext) < 0)
++ goto error;
+ }
+ /* Set the security context for the next created file */
+- if (setfscreatecon (scontext) < 0) {
+- if (security_getenforce () != 0) {
+- return 1;
+- }
+- }
++ if (setfscreatecon (scontext) < 0)
++ goto error;
+ freecon (scontext);
+ }
+ return 0;
++ error:
++ if (security_getenforce () != 0) {
++ return 1;
++ }
++ return 0;
+ }
+
+ /*
+diff -up shadow-4.1.5.1/src/useradd.c.orig-context shadow-4.1.5.1/src/useradd.c
+--- shadow-4.1.5.1/src/useradd.c.orig-context 2012-09-19 20:23:33.000000000 +0200
++++ shadow-4.1.5.1/src/useradd.c 2013-02-20 15:19:31.221235459 +0100
+@@ -1759,7 +1759,7 @@ static void create_home (void)
+ {
+ if (access (user_home, F_OK) != 0) {
+ #ifdef WITH_SELINUX
+- if (set_selinux_file_context (user_home) != 0) {
++ if (set_selinux_file_context (user_home, NULL) != 0) {
+ fail_exit (E_HOMEDIR);
+ }
+ #endif
diff --git a/SOURCES/shadow-4.1.5.1-selinux.patch b/SOURCES/shadow-4.1.5.1-selinux.patch
new file mode 100644
index 0000000..773fd60
--- /dev/null
+++ b/SOURCES/shadow-4.1.5.1-selinux.patch
@@ -0,0 +1,12 @@
+diff -up shadow-4.1.5.1/src/useradd.c.selinux shadow-4.1.5.1/src/useradd.c
+--- shadow-4.1.5.1/src/useradd.c.selinux 2012-09-19 18:28:37.662060468 +0200
++++ shadow-4.1.5.1/src/useradd.c 2012-09-19 18:28:37.672060688 +0200
+@@ -2040,7 +2040,7 @@ int main (int argc, char **argv)
+ if (mflg) {
+ create_home ();
+ if (home_added) {
+- copy_tree (def_template, user_home, false, false,
++ copy_tree (def_template, user_home, false, true,
+ (uid_t)-1, user_id, (gid_t)-1, user_gid);
+ } else {
+ fprintf (stderr,
diff --git a/SOURCES/shadow-utils.login.defs b/SOURCES/shadow-utils.login.defs
new file mode 100644
index 0000000..3f27f88
--- /dev/null
+++ b/SOURCES/shadow-utils.login.defs
@@ -0,0 +1,72 @@
+#
+# Please note that the parameters in this configuration file control the
+# behavior of the tools from the shadow-utils component. None of these
+# tools uses the PAM mechanism, and the utilities that use PAM (such as the
+# passwd command) should therefore be configured elsewhere. Refer to
+# /etc/pam.d/system-auth for more information.
+#
+
+# *REQUIRED*
+# Directory where mailboxes reside, _or_ name of file, relative to the
+# home directory. If you _do_ define both, MAIL_DIR takes precedence.
+# QMAIL_DIR is for Qmail
+#
+#QMAIL_DIR Maildir
+MAIL_DIR /var/spool/mail
+#MAIL_FILE .mail
+
+# Password aging controls:
+#
+# PASS_MAX_DAYS Maximum number of days a password may be used.
+# PASS_MIN_DAYS Minimum number of days allowed between password changes.
+# PASS_MIN_LEN Minimum acceptable password length.
+# PASS_WARN_AGE Number of days warning given before a password expires.
+#
+PASS_MAX_DAYS 99999
+PASS_MIN_DAYS 0
+PASS_MIN_LEN 5
+PASS_WARN_AGE 7
+
+#
+# Min/max values for automatic uid selection in useradd
+#
+UID_MIN 1000
+UID_MAX 60000
+# System accounts
+SYS_UID_MIN 201
+SYS_UID_MAX 999
+
+#
+# Min/max values for automatic gid selection in groupadd
+#
+GID_MIN 1000
+GID_MAX 60000
+# System accounts
+SYS_GID_MIN 201
+SYS_GID_MAX 999
+
+#
+# If defined, this command is run when removing a user.
+# It should remove any at/cron/print jobs etc. owned by
+# the user to be removed (passed as the first argument).
+#
+#USERDEL_CMD /usr/sbin/userdel_local
+
+#
+# If useradd should create home directories for users by default
+# On RH systems, we do. This option is overridden with the -m flag on
+# useradd command line.
+#
+CREATE_HOME yes
+
+# The permission mask is initialized to this value. If not specified,
+# the permission mask will be initialized to 022.
+UMASK 077
+
+# This enables userdel to remove user groups if no members exist.
+#
+USERGROUPS_ENAB yes
+
+# Use SHA512 to encrypt password.
+ENCRYPT_METHOD SHA512
+
diff --git a/SOURCES/shadow-utils.useradd b/SOURCES/shadow-utils.useradd
new file mode 100644
index 0000000..4e81146
--- /dev/null
+++ b/SOURCES/shadow-utils.useradd
@@ -0,0 +1,9 @@
+# useradd defaults file
+GROUP=100
+HOME=/home
+INACTIVE=-1
+EXPIRE=
+SHELL=/bin/bash
+SKEL=/etc/skel
+CREATE_MAIL_SPOOL=yes
+
diff --git a/SPECS/shadow-utils.spec b/SPECS/shadow-utils.spec
new file mode 100644
index 0000000..cf80b64
--- /dev/null
+++ b/SPECS/shadow-utils.spec
@@ -0,0 +1,998 @@
+Summary: Utilities for managing accounts and shadow password files
+Name: shadow-utils
+Version: 4.1.5.1
+Release: 9%{?dist}
+Epoch: 2
+URL: http://pkg-shadow.alioth.debian.org/
+Source0: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2
+Source3: http://pkg-shadow.alioth.debian.org/releases/shadow-%{version}.tar.bz2.sig
+Source1: shadow-utils.login.defs
+Source2: shadow-utils.useradd
+Patch0: shadow-4.1.5-redhat.patch
+Patch1: shadow-4.1.5.1-goodname.patch
+Patch2: shadow-4.1.5.1-info-parent-dir.patch
+Patch3: shadow-4.1.5-uflg.patch
+Patch6: shadow-4.1.5.1-selinux.patch
+Patch7: shadow-4.1.5-2ndskip.patch
+Patch8: shadow-4.1.5.1-backup-mode.patch
+Patch9: shadow-4.1.5.1-merge-group.patch
+Patch10: shadow-4.1.5.1-orig-context.patch
+Patch11: shadow-4.1.5.1-logmsg.patch
+Patch12: shadow-4.1.5.1-errmsg.patch
+Patch13: shadow-4.1.5.1-audit-owner.patch
+Patch14: shadow-4.1.5.1-default-range.patch
+Patch15: shadow-4.1.5.1-manfix.patch
+Patch16: shadow-4.1.5.1-crypt-null.patch
+
+License: BSD and GPLv2+
+Group: System Environment/Base
+BuildRequires: libselinux-devel >= 1.25.2-1
+BuildRequires: audit-libs-devel >= 1.6.5
+BuildRequires: libsemanage-devel
+BuildRequires: libacl-devel libattr-devel
+#BuildRequires: autoconf, automake, libtool, gettext-devel
+Requires: libselinux >= 1.25.2-1
+Requires: audit-libs >= 1.6.5
+Requires: setup
+Requires(pre): coreutils
+Requires(post): coreutils
+Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+%description
+The shadow-utils package includes the necessary programs for
+converting UNIX password files to the shadow password format, plus
+programs for managing user and group accounts. The pwconv command
+converts passwords to the shadow password format. The pwunconv command
+unconverts shadow passwords and generates a passwd file (a standard
+UNIX password file). The pwck command checks the integrity of password
+and shadow files. The lastlog command prints out the last login times
+for all users. The useradd, userdel, and usermod commands are used for
+managing user accounts. The groupadd, groupdel, and groupmod commands
+are used for managing group accounts.
+
+%prep
+%setup -q -n shadow-%{version}
+%patch0 -p1 -b .redhat
+%patch1 -p1 -b .goodname
+%patch2 -p1 -b .info-parent-dir
+%patch3 -p1 -b .uflg
+%patch6 -p1 -b .selinux
+%patch7 -p1 -b .2ndskip
+%patch8 -p1 -b .backup-mode
+%patch9 -p1 -b .merge-group
+%patch10 -p1 -b .orig-context
+%patch11 -p1 -b .logmsg
+%patch12 -p1 -b .errmsg
+%patch13 -p1 -b .audit-owner
+%patch14 -p1 -b .default-range
+%patch15 -p1 -b .manfix
+%patch16 -p1 -b .crypt-null
+
+iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
+cp -f doc/HOWTO.utf8 doc/HOWTO
+
+#rm po/*.gmo
+#rm po/stamp-po
+#aclocal
+#libtoolize --force
+#automake -a
+#autoconf
+
+%build
+
+%ifarch sparc64
+#sparc64 need big PIE
+export CFLAGS="$RPM_OPT_FLAGS -fPIE"
+export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
+%else
+export CFLAGS="$RPM_OPT_FLAGS -fpie"
+export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now"
+%endif
+
+%configure \
+ --enable-shadowgrp \
+ --with-audit \
+ --with-sha-crypt \
+ --with-selinux \
+ --without-libcrack \
+ --without-libpam \
+ --disable-shared \
+ --with-group-name-max-length=32
+make
+
+%install
+rm -rf $RPM_BUILD_ROOT
+make install DESTDIR=$RPM_BUILD_ROOT gnulocaledir=$RPM_BUILD_ROOT/%{_datadir}/locale MKINSTALLDIRS=`pwd`/mkinstalldirs
+install -d -m 755 $RPM_BUILD_ROOT/%{_sysconfdir}/default
+install -p -c -m 0644 %{SOURCE1} $RPM_BUILD_ROOT/%{_sysconfdir}/login.defs
+install -p -c -m 0600 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/default/useradd
+
+
+ln -s useradd $RPM_BUILD_ROOT%{_sbindir}/adduser
+#ln -s %{_mandir}/man8/useradd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/adduser.8
+ln -s useradd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/adduser.8
+for subdir in $RPM_BUILD_ROOT/%{_mandir}/{??,??_??,??_??.*}/man* ; do
+ test -d $subdir && test -e $subdir/useradd.8 && echo ".so man8/useradd.8" > $subdir/adduser.8
+done
+
+# Remove binaries we don't use.
+rm $RPM_BUILD_ROOT/%{_bindir}/chfn
+rm $RPM_BUILD_ROOT/%{_bindir}/chsh
+rm $RPM_BUILD_ROOT/%{_bindir}/expiry
+rm $RPM_BUILD_ROOT/%{_bindir}/groups
+rm $RPM_BUILD_ROOT/%{_bindir}/login
+rm $RPM_BUILD_ROOT/%{_bindir}/passwd
+rm $RPM_BUILD_ROOT/%{_bindir}/su
+rm $RPM_BUILD_ROOT/%{_bindir}/faillog
+rm $RPM_BUILD_ROOT/%{_sysconfdir}/login.access
+rm $RPM_BUILD_ROOT/%{_sysconfdir}/limits
+rm $RPM_BUILD_ROOT/%{_sbindir}/logoutd
+rm $RPM_BUILD_ROOT/%{_sbindir}/nologin
+rm $RPM_BUILD_ROOT/%{_sbindir}/chgpasswd
+rm $RPM_BUILD_ROOT/%{_mandir}/man1/chfn.*
+rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/chfn.*
+rm $RPM_BUILD_ROOT/%{_mandir}/man1/chsh.*
+rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/chsh.*
+rm $RPM_BUILD_ROOT/%{_mandir}/man1/expiry.*
+rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/expiry.*
+rm $RPM_BUILD_ROOT/%{_mandir}/man1/groups.*
+rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/groups.*
+rm $RPM_BUILD_ROOT/%{_mandir}/man1/login.*
+rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/login.*
+rm $RPM_BUILD_ROOT/%{_mandir}/man1/passwd.*
+rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/passwd.*
+rm $RPM_BUILD_ROOT/%{_mandir}/man1/su.*
+rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/su.*
+rm $RPM_BUILD_ROOT/%{_mandir}/man5/limits.*
+rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/limits.*
+rm $RPM_BUILD_ROOT/%{_mandir}/man5/login.access.*
+rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/login.access.*
+rm $RPM_BUILD_ROOT/%{_mandir}/man5/passwd.*
+rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/passwd.*
+rm $RPM_BUILD_ROOT/%{_mandir}/man5/porttime.*
+rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/porttime.*
+rm $RPM_BUILD_ROOT/%{_mandir}/man5/suauth.*
+rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/suauth.*
+rm $RPM_BUILD_ROOT/%{_mandir}/man8/logoutd.*
+rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/logoutd.*
+rm $RPM_BUILD_ROOT/%{_mandir}/man8/nologin.*
+rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/nologin.*
+rm $RPM_BUILD_ROOT/%{_mandir}/man8/chgpasswd.*
+rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/chgpasswd.*
+rm $RPM_BUILD_ROOT/%{_mandir}/man3/getspnam.*
+rm $RPM_BUILD_ROOT/%{_mandir}/*/man3/getspnam.*
+rm $RPM_BUILD_ROOT/%{_mandir}/man5/faillog.*
+rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/faillog.*
+rm $RPM_BUILD_ROOT/%{_mandir}/man8/faillog.*
+rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/faillog.*
+
+find $RPM_BUILD_ROOT%{_mandir} -depth -type d -empty -delete
+%find_lang shadow
+for dir in $(ls -1d $RPM_BUILD_ROOT%{_mandir}/{??,??_??}) ; do
+ dir=$(echo $dir | sed -e "s|^$RPM_BUILD_ROOT||")
+ lang=$(basename $dir)
+# echo "%%lang($lang) $dir" >> shadow.lang
+# echo "%%lang($lang) $dir/man*" >> shadow.lang
+ echo "%%lang($lang) $dir/man*/*" >> shadow.lang
+done
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files -f shadow.lang
+%defattr(-,root,root)
+%doc NEWS doc/HOWTO README
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/login.defs
+%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/default/useradd
+%{_bindir}/sg
+%attr(4755,root,root) %{_bindir}/chage
+%attr(4755,root,root) %{_bindir}/gpasswd
+%{_bindir}/lastlog
+%attr(4755,root,root) %{_bindir}/newgrp
+%{_sbindir}/adduser
+%attr(0750,root,root) %{_sbindir}/user*
+%attr(0750,root,root) %{_sbindir}/group*
+%{_sbindir}/grpck
+%{_sbindir}/pwck
+%{_sbindir}/*conv
+%{_sbindir}/chpasswd
+%{_sbindir}/newusers
+%{_sbindir}/vipw
+%{_sbindir}/vigr
+%{_mandir}/man1/chage.1*
+%{_mandir}/man1/gpasswd.1*
+%{_mandir}/man1/sg.1*
+%{_mandir}/man1/newgrp.1*
+%{_mandir}/man3/shadow.3*
+%{_mandir}/man5/shadow.5*
+%{_mandir}/man5/login.defs.5*
+%{_mandir}/man5/gshadow.5*
+%{_mandir}/man8/adduser.8*
+%{_mandir}/man8/group*.8*
+%{_mandir}/man8/user*.8*
+%{_mandir}/man8/pwck.8*
+%{_mandir}/man8/grpck.8*
+%{_mandir}/man8/chpasswd.8*
+%{_mandir}/man8/newusers.8*
+%{_mandir}/man8/*conv.8*
+%{_mandir}/man8/lastlog.8*
+%{_mandir}/man8/vipw.8*
+%{_mandir}/man8/vigr.8*
+
+%changelog
+* Fri Oct 18 2013 Tomas Mraz - 2:4.1.5.1-9
+- document that the directory where user's home is created must exist
+
+* Thu Jul 25 2013 Tomas Mraz - 2:4.1.5.1-8
+- slightly more meaningful error messages if crypt() returns NULL (#988184)
+- explicit suid permissions
+
+* Fri Jul 19 2013 Tomas Mraz - 2:4.1.5.1-7
+- fix useradd man page bugs
+
+* Fri Jun 14 2013 Tomas Mraz - 2:4.1.5.1-6
+- report error to stdout when SELinux context for home directory
+ cannot be determined (#973647)
+- audit the changing home directory owner (#885797)
+- do not set the default SELinux MLS range (#852676)
+
+* Tue Mar 19 2013 Tomas Mraz - 2:4.1.5.1-5
+- improve the failure syslog message in useradd (#830617)
+
+* Wed Feb 20 2013 Tomas Mraz - 2:4.1.5.1-4
+- keep the original context if matchpathcon() fails (#912399)
+
+* Tue Jan 29 2013 Tomas Mraz - 2:4.1.5.1-3
+- fix bugs in merge_group_entries()
+
+* Fri Jan 11 2013 Tomas Mraz - 2:4.1.5.1-2
+- /etc/default is owned by glibc-common now (#894194)
+
+* Wed Sep 19 2012 Tomas Mraz - 2:4.1.5.1-1
+- new upstream version
+- use the original file permissions when creating backup (#853102)
+
+* Wed Jul 25 2012 Peter Vrabec - 2:4.1.5-5
+- make /etc/default/useradd world-readable (#835137)
+
+* Sat Jul 21 2012 Fedora Release Engineering - 2:4.1.5-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Mon Jun 18 2012 Peter Vrabec - 2:4.1.5-3
+- pwconv/grpconv skipped 2nd of consecutive failures (#832995)
+
+* Thu Mar 22 2012 Peter Vrabec - 2:4.1.5-2
+- fix selinux context handling
+- reset selinux context on files copied from skel
+
+* Mon Mar 19 2012 Peter Vrabec - 2:4.1.5-1
+- upgrade
+
+* Tue Feb 07 2012 Peter Vrabec - 2:4.1.4.3-14
+- compile with PIE and RELRO flags (#784349)
+
+* Sat Jan 14 2012 Fedora Release Engineering - 2:4.1.4.3-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Tue Dec 20 2011 Peter Vrabec - 2:4.1.4.3-12
+- fix leaks in .IDs patch (#734340)
+
+* Wed Nov 16 2011 Peter Vrabec - 2:4.1.4.3-11
+- free memory associated with SELinux security contexts
+
+* Wed Nov 09 2011 Peter Vrabec - 2:4.1.4.3-10
+- replace semanage call by library call
+- useradd man page (#739147)
+
+* Tue Aug 02 2011 Peter Vrabec - 2:4.1.4.3-9
+- man page adjustment (userdel -Z)
+
+* Tue Aug 02 2011 Peter Vrabec - 2:4.1.4.3-8
+- fixing semanage issue (#701355)
+
+* Fri Jul 22 2011 Miloslav Trmač - 2:4.1.4.3-7
+- Make sure /etc/login.defs is not changed on upgrades from Fedora 1[345].
+
+* Wed Jun 29 2011 Peter Vrabec - 2:4.1.4.3-6
+- man page fixes (#696213 #674878)
+
+* Tue Jun 28 2011 Peter Vrabec - 2:4.1.4.3-5
+- userdel option to remove Linux login <-> SELinux login mapping (#639900)
+- useradd special exit value if SELinux user mapping is invalid (#639975)
+- usermod special exit value if SELinux user mapping is invalid (#639976)
+
+* Mon Jun 27 2011 Peter Vrabec - 2:4.1.4.3-4
+- refer to PAM in /etc/login.defs (#629277)
+
+* Mon Jun 06 2011 Peter Vrabec - 2:4.1.4.3-3
+- fix shadow-4.1.4.2-underflow.patch
+
+* Tue May 31 2011 Peter Vrabec - 2:4.1.4.3-2
+- fix integer underflow in laslog (#706321)
+
+* Fri May 20 2011 Peter Vrabec - 2:4.1.4.3-1
+- upgrade
+- change UID/GID_MIN to #1000
+- fix find_new_uid/gid for big UID/GID_MAX
+
+* Wed Feb 09 2011 Peter Vrabec - 2:4.1.4.2-11
+- useradd man page (-m option)
+- create home directory on fs with noacl
+- remove faillog app (pam_tally.so is no longer shipped)
+ Resolves: #523265, #622320
+
+* Tue Feb 01 2011 Peter Vrabec - 2:4.1.4.2-10
+- do not use gshadow functions from glibc, there is a bug
+ in glibc sgetsgent(#674361)
+ Resolves: #674234
+
+* Wed Jan 05 2011 Peter Vrabec - 2:4.1.4.2-9
+- fix gshadow functions from shadow utils
+- make shadow utils use gshadow functions from glibc
+ Resolves: #665780
+
+* Tue Jul 20 2010 Peter Vrabec - 2:4.1.4.2-8
+- fix pwck/grpck hang
+ Resolves: #586322
+
+* Mon Jun 14 2010 Peter Vrabec - 2:4.1.4.2-7
+- fix integer underflow in faillog (#603683)
+- use preferred GID for reserved static IDs
+
+* Thu Apr 29 2010 Peter Vrabec - 2:4.1.4.2-6
+- preserve ACL's on files in /etc/skel
+ Resolves: #513055
+
+* Wed Apr 28 2010 Peter Vrabec - 2:4.1.4.2-5
+- newusers man page more informative
+- userdel should not need to run semanage
+ Resolves: #586330 #586408
+
+* Thu Apr 01 2010 Peter Vrabec - 2:4.1.4.2-4
+- fix man directories ownership (#569418)
+
+* Fri Mar 26 2010 Peter Vrabec - 2:4.1.4.2-3
+- max group name length set to 32 characters
+
+* Wed Nov 18 2009 Peter Vrabec - 2:4.1.4.2-2
+- apply patches{1,2,3}
+- enable SHA512 in /etc/login.defs
+
+* Mon Sep 07 2009 Peter Vrabec - 2:4.1.4.2-1
+- upgrade
+
+* Fri Aug 21 2009 Tomas Mraz - 2:4.1.4.1-7
+- rebuilt with new audit
+
+* Wed Aug 05 2009 Peter Vrabec 2:4.1.4.1-6
+- increase threshold for uid/gid reservations to 200 (#515667)
+
+* Sun Jul 26 2009 Fedora Release Engineering - 2:4.1.4.1-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Thu Jul 16 2009 Peter Vrabec 2:4.1.4.1-4
+- fix a list of owned directories (#510366)
+
+* Thu Jul 16 2009 Peter Vrabec 2:4.1.4.1-3
+- reduce the reuse of system IDs
+
+* Wed Jul 15 2009 Peter Vrabec 2:4.1.4.1-2
+- speed up sys users look up on LDAP boxes (#511813)
+
+* Tue Jun 16 2009 Peter Vrabec 2:4.1.4.1-1
+- upgrade
+
+* Fri May 15 2009 Peter Vrabec 2:4.1.4-1
+- upgrade
+
+* Wed Apr 22 2009 Peter Vrabec 2:4.1.3.1-2
+- lastlog fix
+
+* Fri Apr 17 2009 Peter Vrabec 2:4.1.3.1-1
+- upgrade
+
+* Tue Apr 14 2009 Peter Vrabec 2:4.1.3-2
+- get "-n" option back
+- fix selinux issues
+
+* Tue Apr 14 2009 Peter Vrabec 2:4.1.3-1
+- upgrade
+
+* Tue Mar 24 2009 Peter Vrabec 2:4.1.2-12
+- don not allow UID/GID = 4294967295 (#484040)
+
+* Mon Jan 19 2009 Peter Vrabec 2:4.1.2-11
+- fix license tag (#226416)
+- get rid of tabs in spec file (#226416)
+- convert HOWTO to UTF8 (#226416)
+
+* Mon Jan 05 2009 Peter Vrabec 2:4.1.2-10
+- Add policycoreutils as Requires, because of restorecon (#478494)
+
+* Sun Dec 21 2008 Jesse Keating - 2:4.1.2-9
+- Add setup as a Requires. Perhaps this should be a files requires. (#477529)
+
+* Wed Sep 24 2008 Peter Vrabec 2:4.1.2-8
+- groupmems: check username for valid character (#455603)
+- groupmems: don't segfault on nonexistent group (#456088)
+
+* Thu Sep 11 2008 Peter Vrabec 2:4.1.2-7
+- fix usermod SELinux user mappings change (#458766)
+
+* Tue Sep 02 2008 Peter Vrabec 2:4.1.2-6
+- audit improvements, thnx. to sgrubb@redhat.com
+
+* Tue Sep 02 2008 Peter Vrabec 2:4.1.2-5
+- fix groupmems issues (#459825)
+
+* Mon Jul 28 2008 Peter Vrabec 2:4.1.2-4
+- fix configure options (#456748)
+
+* Thu Jul 24 2008 Peter Vrabec 2:4.1.2-3
+- recreate selinux patch
+
+* Tue Jul 22 2008 Peter Vrabec 2:4.1.2-2
+- provide getspnam by man-pages
+
+* Mon May 26 2008 Peter Vrabec 2:4.1.2-1
+- upgrade
+
+* Tue May 20 2008 Peter Vrabec 2:4.1.1-2
+- fix salt size problem (#447136)
+
+* Mon Apr 07 2008 Peter Vrabec 2:4.1.1-1
+- upgrade
+
+* Fri Mar 07 2008 Peter Vrabec 2:4.1.0-5
+- improve newgrp audit patch
+
+* Mon Mar 03 2008 Peter Vrabec 2:4.1.0-4
+- fix selinux labeling (#433757)
+
+* Tue Feb 19 2008 Peter Vrabec 2:4.1.0-3
+- fix groupmems segmentation fault (#430813)
+
+* Wed Feb 13 2008 Peter Vrabec 2:4.1.0-2
+- fix newgrp audit event
+
+* Wed Dec 12 2007 Peter Vrabec 2:4.1.0-1
+- new upgrade release from new upstream
+- provide vipw and vigr
+
+* Thu Nov 29 2007 Peter Vrabec 2:4.0.18.1-20
+- do not create mail spool entries for system accounts (#402351)
+
+* Thu Oct 18 2007 Peter Vrabec 2:4.0.18.1-19
+- fix timestamps when moving home dirs to another file system (#278571)
+
+* Mon Oct 08 2007 Peter Vrabec 2:4.0.18.1-18
+- mark localized man pages with %%lang
+
+* Wed Aug 22 2007 Peter Vrabec 2:4.0.18.1-17
+- rebuild
+
+* Tue Jun 26 2007 Peter Vrabec 2:4.0.18.1-16
+- fix "CAVEATS" section of groupadd man page (#245590)
+
+* Wed Jun 06 2007 Peter Vrabec 2:4.0.18.1-15
+- fix infinitive loop if there are duplicate entries
+ in /etc/group (#240915)
+
+* Wed Jun 06 2007 Peter Vrabec 2:4.0.18.1-14
+- do not run find_new_uid() twice and use getpwuid() to check
+ UID uniqueness (#236871)
+
+* Tue Apr 10 2007 Peter Vrabec 2:4.0.18.1-13
+- fix useradd dump core when build without WITH_SELINUX (#235641)
+
+* Mon Mar 26 2007 Peter Vrabec 2:4.0.18.1-12
+- create user's mailbox file by default (#231311)
+
+* Fri Mar 16 2007 Peter Vrabec 2:4.0.18.1-11
+- assign system dynamic UID/GID from the top of available UID/GID (#190523)
+
+* Wed Feb 28 2007 Peter Vrabec 2:4.0.18.1-10
+- spec file fixes to meet fedora standarts.
+- fix useless call of restorecon(). (#222159)
+
+* Sun Jan 14 2007 Peter Vrabec 2:4.0.18.1-9
+- fix append option in usermod (#222540).
+
+* Thu Dec 21 2006 Dan Walsh 2:4.0.18.1-8
+- Fix execution and creation of Home Directories under SELinux
+- Resolves: rhbz#217441
+
+* Thu Dec 14 2006 Peter Vrabec 2:4.0.18.1-7
+- fix rpmlint issues
+
+* Wed Dec 06 2006 Peter Vrabec 2:4.0.18.1-6
+- use MD5 encryption by default (#218629).
+
+* Thu Nov 30 2006 Steve Grubb 2:4.0.18.1-5
+- Fix SELinux context on home directories created with useradd (#217441)
+
+* Tue Nov 14 2006 Peter Vrabec 2:4.0.18.1-4
+- fix chpasswd and chgpasswd stack overflow (#213052)
+
+* Sat Nov 04 2006 Peter Vrabec 2:4.0.18.1-3
+- fix "-g" and "-G" option.
+
+* Fri Nov 03 2006 Peter Vrabec 2:4.0.18.1-2
+- improve audit logging (#211659)
+- improve "-l" option. Do not reset faillog if it's used (#213450).
+
+* Wed Nov 01 2006 Peter Vrabec 2:4.0.18.1-1
+- upgrade
+
+* Wed Oct 25 2006 Peter Vrabec 2:4.0.17-7
+- add dist-tag
+
+* Wed Oct 04 2006 Peter Vrabec 2:4.0.17-6
+- fix regression. Permissions on user* group* binaries
+ should be 0750, because of CAPP/LSPP certification
+- fix groupdel man page
+
+* Fri Aug 11 2006 Peter Vrabec 2:4.0.17-5
+- fix bug introduced with UIG_GID.patch (#201991)
+
+* Sat Aug 05 2006 Peter Vrabec 2:4.0.17-4
+- fix userdel, it didn't delete user's group (#201379)
+
+* Fri Aug 04 2006 Peter Vrabec 2:4.0.17-3
+- fix UID/GID overflow in user* group* (#198920)
+
+* Fri Aug 04 2006 Peter Vrabec 2:4.0.17-2
+- do not inherit file desc. in execve(nscd)
+
+* Mon Jul 17 2006 Peter Vrabec 2:4.0.17-1
+- upgrade
+
+* Wed Jul 12 2006 Jesse Keating - 2:4.0.16-3.1
+- rebuild
+
+* Tue Jun 13 2006 Peter Vrabec 2:4.0.16-3
+- call "nscd -i" to flush nscd cache (#191464)
+
+* Sat Jun 10 2006 Peter Vrabec 2:4.0.16-2
+- "useradd -r" must create a system group (#194728)
+
+* Tue Jun 06 2006 Peter Vrabec 2:4.0.16-1
+- upgrade
+- do not replace login.defs file (#190014)
+
+* Sat Apr 08 2006 Peter Vrabec 2:4.0.15-3
+- fix typo in shadow-4.0.15-login.defs (#188263)
+
+* Tue Apr 04 2006 Peter Vrabec 2:4.0.15-2
+- properly notify nscd to flush its cache(#186803)
+
+* Mon Apr 03 2006 Peter Vrabec 2:4.0.15-1
+- upgrade
+
+* Fri Mar 10 2006 Peter Vrabec 2:4.0.14-4
+- fix lrename() function to handle relative symlinks too
+
+* Tue Mar 07 2006 Peter Vrabec 2:4.0.14-3
+- set default umask to 077 in login.defs
+
+* Mon Mar 06 2006 Peter Vrabec 2:4.0.14-2
+- use lrename() function, which follow a destination symbolic link(#181977)
+
+* Fri Feb 10 2006 Jesse Keating - 2:4.0.14-1.2
+- bump again for double-long bug on ppc(64)
+
+* Tue Feb 07 2006 Jesse Keating - 2:4.0.14-1.1
+- rebuilt for new gcc4.1 snapshot and glibc changes
+
+* Fri Jan 06 2006 Peter Vrabec 2:4.0.14-1
+- upgrade
+
+* Fri Dec 09 2005 Jesse Keating
+- rebuilt
+
+* Tue Nov 29 2005 Peter Vrabec 2:4.0.13-4
+- fix incorrect audit record in userdel (#174392)
+
+* Wed Nov 16 2005 Peter Vrabec 2:4.0.13-3
+- fix useradd segfaults (#173241)
+
+* Sat Nov 5 2005 Steve Grubb 2:4.0.13-2
+- Update audit communication to standard format messages
+
+* Fri Oct 21 2005 Peter Vrabec 2:4.0.13-1
+- upgrade
+
+* Fri Sep 23 2005 Peter Vrabec 2:4.0.12-4
+- add useradd -l option back, it was removed by mistake
+
+* Tue Sep 20 2005 Peter Vrabec 2:4.0.12-3
+- provide login.defs man page
+- adjust audit patch
+
+* Tue Aug 30 2005 Peter Vrabec 2:4.0.12-2
+- audit support
+
+* Sat Aug 27 2005 Peter Vrabec 2:4.0.12-1
+- upgrade
+
+* Sat Aug 13 2005 Dan Walsh 2:4.0.11.1-5
+- Change to use new selinux api for selinux_check_passwd_access
+
+* Tue Aug 09 2005 Peter Vrabec 2:4.0.11.1-4
+- change the password last changed field in the shadow file
+ when "usermod -p" is used (#164943)
+
+* Mon Aug 08 2005 Peter Vrabec 2:4.0.11.1-3
+- provide getspnam.3 man page(#162476)
+- fix useradd man page(#97131)
+
+* Mon Aug 08 2005 Peter Vrabec 2:4.0.11.1-2
+- do not copy files from skel directory if home directory
+ already exist (#89591,#80242)
+
+* Fri Aug 05 2005 Peter Vrabec 2:4.0.11.1-1
+- upgrade
+
+* Mon May 23 2005 Peter Vrabec 2:4.0.7-9
+- remove vigr binary
+
+* Mon May 23 2005 Peter Vrabec 2:4.0.7-8
+- fix nscd socket path
+
+* Fri Apr 29 2005 Jeremy Katz - 2:4.0.7-7
+- don't assume selinux is enabled if is_selinux_enabled() returns -1
+
+* Mon Apr 18 2005 Peter Vrabec 2:4.0.7-6
+- fix chage -l option (#109499, #137498)
+
+* Mon Apr 04 2005 Peter Vrabec 2:4.0.7-5
+- fix memory leak, and CPU spinning when grp_update() and
+ duplicate group entries in /etc/group (#151484)
+
+* Tue Mar 29 2005 Peter Vrabec 2:4.0.7-4
+- use newgrp binary
+- newgrp don't ask for password if user's default GID = group ID,
+ ask for password if there is some in /etc/gshadow
+ and in /etc/group is 'x' (#149997)
+
+* Mon Mar 14 2005 Peter Vrabec
+- gcc4 fix (#150994) 2:4.0.7-3
+
+* Mon Mar 07 2005 Peter Vrabec
+- man pages cs,es,ko,ru,zh_CN,zh_TW to UTF-8
+
+* Wed Mar 02 2005 Peter Vrabec
+- upgrade 2:4.0.7-1
+
+* Fri Feb 25 2005 Peter Vrabec 2:4.0.3-59
+- static limit on group count to dynamic (#125510, #148994, #147742)
+
+* Mon Feb 21 2005 Peter Vrabec 2:4.0.3-58
+- add "-l" option #146214
+
+* Mon Feb 14 2005 Adrian Havill
+- rebuilt
+
+* Wed Feb 9 2005 Dan Walsh 2:4.0.3-39
+- Change useradd to use matchpathcon
+
+* Thu Oct 21 2004 Dan Walsh 2:4.0.3-37
+- Add matchpathcon to create the files correctly when they do not exist.
+
+* Mon Oct 18 2004 Miloslav Trmac - 2:4.0.3-36
+- Change symlink ownership when copying from /etc/skel (#66819, patch by
+ Michael Weiser)
+
+* Fri Oct 15 2004 Adrian Havill 2:4.0.3-35
+- make the limit for the group name the same as the username (determined
+ by the header files, rather than a constant) (#56850)
+
+* Wed Oct 13 2004 Adrian Havill 2:4.0.3-33
+- allow for mixed case and dots in usernames (#135401)
+- all man pages to UTF-8, not just Japanese (#133883)
+- add Polish blurb for useradd -n man page option (#82177)
+
+* Tue Oct 12 2004 Adrian Havill 2:4.0.3-31
+- check for non-standard legacy place for ncsd HUP (/var/run/nscd.pid) and
+ then the std FHS place (/var/run/nscd.pid) (#125421)
+
+* Fri Oct 1 2004 Dan Walsh 2:4.0.3-30
+- Add checkPasswdAccess for chage in SELinux
+
+* Sun Sep 26 2004 Adrian Havill 2:4.0.3-29
+- always unlock all files on any exit (#126709)
+
+* Tue Aug 24 2004 Warren Togami 2:4.0.3-26
+- #126596 fix Req and BuildReqs
+
+* Sun Aug 1 2004 Alan Cox 4.0.3-25
+- Fix build deps etc, move to current auto* (Steve Grubb)
+
+* Sat Jul 10 2004 Alan Cox 4.0.3-24
+- Fix nscd path. This fixes various stale data caching bugs (#125421)
+
+* Thu Jun 17 2004 Dan Walsh 4.0.3-23
+- Add get_enforce checks
+- Clean up patch for potential upstream submission
+- Add removemalloc patch to get it to build on 3.4
+
+* Tue Jun 15 2004 Elliot Lee
+- rebuilt
+
+* Tue Mar 30 2004 Nalin Dahyabhai 4.0.3-21
+- rebuild
+
+* Tue Mar 30 2004 Nalin Dahyabhai 4.0.3-20
+- make /etc/default world-readable, needed for #118338
+
+* Fri Feb 13 2004 Elliot Lee
+- rebuilt
+
+* Wed Jan 21 2004 Dan Walsh 4.0.3-18
+- Fix selinux relabel of /etc/passwd file
+
+* Wed Jan 7 2004 Nalin Dahyabhai 4.0.3-17
+- fix use of uninitialized memory in useradd (#89145)
+
+* Tue Dec 16 2003 Nalin Dahyabhai 4.0.3-16
+- back to UTF-8 again
+- remove getspnam(3) man page, now conflicts with man-pages 1.64
+
+* Thu Nov 13 2003 Nalin Dahyabhai 4.0.3-15
+- don't convert man pages to UTF-8 for RHEL 3, conditionalized using macro
+- fixup dangling man page references
+
+* Mon Nov 10 2003 Nalin Dahyabhai 4.0.3-14
+- lastlog: don't pass a possibly-smaller field to localtime (#109648)
+- configure: call AC_SYS_LARGEFILE to get large file support
+
+* Fri Nov 7 2003 Dan Walsh 4.0.3-13.sel
+- turn on SELinux support
+
+* Wed Oct 22 2003 Nalin Dahyabhai 4.0.3-12
+- convert ja man pages to UTF-8 (#106051)
+- override MKINSTALLDIRS at install-time (#107476)
+
+* Mon Sep 8 2003 Dan Walsh
+- turn off SELinux support
+
+* Thu Sep 4 2003 Dan Walsh 4.0.3-11.sel
+- build with SELinux support
+
+* Mon Jul 28 2003 Dan Walsh 4.0.3-10
+- Add SELinux support
+
+* Wed Jun 04 2003 Elliot Lee
+- rebuilt
+
+* Wed Jun 4 2003 Nalin Dahyabhai 4.0.3-8
+- rebuild
+
+* Tue Jun 3 2003 Nalin Dahyabhai 4.0.3-7
+- run autoconf to generate updated configure at compile-time
+
+* Wed Feb 12 2003 Nalin Dahyabhai 4.0.3-6
+- adjust mailspool patch to complain if no group named "mail" exists, even
+ though that should never happen
+
+* Tue Feb 11 2003 Nalin Dahyabhai 4.0.3-5
+- fix perms on mailspools created by useradd to be owned by the "mail"
+ group (#59810)
+
+* Wed Jan 22 2003 Tim Powers
+- rebuilt
+
+* Mon Dec 9 2002 Nalin Dahyabhai 4.0.3-3
+- install the shadow.3 man page
+
+* Mon Nov 25 2002 Nalin Dahyabhai 4.0.3-2
+- disable use of cracklib at build-time
+- fixup reserved-account changes for useradd
+
+* Thu Nov 21 2002 Nalin Dahyabhai 4.0.3-1
+- update to 4.0.3, bumping epoch
+
+* Mon Nov 18 2002 Nalin Dahyabhai 20000902-14
+- remove man pages which conflict with the man-pages package(s)
+
+* Fri Nov 15 2002 Nalin Dahyabhai 20000902-13
+- prevent libshadow from being built more than once, to keep automake happy
+- change how md5 and md5crypt are enabled, to keep autoconf happy
+- remove unpackaged files after %%install
+
+* Thu Aug 29 2002 Nalin Dahyabhai 20000902-12
+- force .mo files to be regenerated with current gettext to flush out possible
+ problems
+- fixup non-portable encodings in translations
+- make sv translation header non-fuzzy so that it will be included (#71281)
+
+* Fri Aug 23 2002 Nalin Dahyabhai 20000902-11
+- don't apply aging parameters when creating system accounts (#67408)
+
+* Fri Jun 21 2002 Tim Powers
+- automated rebuild
+
+* Sun May 26 2002 Tim Powers
+- automated rebuild
+
+* Fri May 17 2002 Nalin Dahyabhai 20000902-8
+- rebuild in new environment
+
+* Wed Mar 27 2002 Nalin Dahyabhai 20000902-7
+- rebuild with proper defines to get support for large lastlog files (#61983)
+
+* Fri Feb 22 2002 Nalin Dahyabhai 20000902-6
+- rebuild
+
+* Fri Jan 25 2002 Nalin Dahyabhai 20000902-5
+- fix autoheader breakage and random other things autotools complain about
+
+* Mon Aug 27 2001 Nalin Dahyabhai 20000902-4
+- use -O0 instead of -O on ia64
+- build in source directory
+- don't leave lock files on the filesystem when useradd creates a group for
+ the user (#50269)
+- fix the -o option to check for duplicate UIDs instead of login names (#52187)
+
+* Thu Jul 26 2001 Bill Nottingham 20000902-3
+- build with -O on ia64
+
+* Fri Jun 08 2001 Than Ngo 20000902-2
+- fixup broken specfile
+
+* Tue May 22 2001 Bernhard Rosenkraenzer 20000902-1
+- Create an empty mailspool when creating a user so non-setuid/non-setgid
+ MDAs (postfix+procmail) can deliver mail (#41811)
+- 20000902
+- adapt patches
+
+* Fri Mar 9 2001 Nalin Dahyabhai
+- don't overwrite user dot files in useradd (#19982)
+- truncate new files when moving overwriting files with the contents of other
+ files while moving directories (keeps files from looking weird later on)
+- configure using %%{_prefix} as the prefix
+
+* Fri Feb 23 2001 Trond Eivind Glomsrxd
+- langify
+
+* Wed Aug 30 2000 Bernhard Rosenkraenzer
+- Fix up chage behavior (Bug #15883)
+
+* Wed Aug 30 2000 Bernhard Rosenkraenzer
+- 20000826
+- Fix up useradd man page (Bug #17036)
+
+* Tue Aug 8 2000 Bernhard Rosenkraenzer
+- check for vipw lock before adding or deleting users (Bug #6489)
+
+* Mon Aug 7 2000 Nalin Dahyabhai
+- take LOG_CONS out of the openlog() call so that we don't litter the
+ screen during text-mode upgrades
+
+* Tue Jul 18 2000 Bernhard Rosenkraenzer
+- Remove a fixed-size buffer that caused problems when adding a huge number
+ of users to a group (>8192 bytes) (Bugs #3809, #11930)
+
+* Tue Jul 18 2000 Bernhard Rosenkraenzer
+- remove dependency on util-linux because it causes prereq loops
+
+* Tue Jul 18 2000 Nalin Dahyabhai
+- change symlinked man pages to includers
+- require /usr/bin/newgrp (util-linux) so that /usr/bin/sg isn't left dangling
+
+* Wed Jul 12 2000 Prospector
+- automatic rebuild
+
+* Sun Jun 18 2000 Matt Wilson
+- use mandir for FHS
+- added patches in src/ and po/ to honor DESTDIR
+- use make install DESTDIR=$RPM_BUILD_ROOT
+
+* Wed Feb 16 2000 Bernhard Rosenkraenzer
+- Fix up usermod's symlink behavior (Bug #5458)
+
+* Fri Feb 11 2000 Cristian Gafton
+- get rid of mkpasswd
+
+* Mon Feb 7 2000 Nalin Dahyabhai
+- fix usermod patch to check for shadow before doing any shadow-specific stuff
+ and merge it into the pwlock patch
+
+* Sat Feb 5 2000 Bernhard Rosenkraenzer
+- fix man symlinks
+
+* Wed Feb 2 2000 Nalin Dahyabhai
+- make -p only change shadow password (bug #8923)
+
+* Mon Jan 31 2000 Cristian Gafton
+- rebuild to fix dependeencies
+- man pages are compressed
+
+* Wed Jan 19 2000 Bernhard Rosenkraenzer
+- Fix a security bug (adduser could overwrite previously existing
+ groups, Bug #8609)
+
+* Sun Jan 9 2000 Bernhard Rosenkraenzer
+- unset LINGUAS before building
+- Fix typo in newusers manpage (Bug #8258)
+- libtoolize
+
+* Wed Sep 22 1999 Cristian Gafton
+- fix segfault for userdel when the primary group for the user is not
+ defined
+
+* Tue Sep 21 1999 Cristian Gafton
+- Serial: 1 because now we are using 19990827 (why the heck can't they have
+ a normal version just like everybody else?!)
+- ported all patches to the new code base
+
+* Thu Apr 15 1999 Bill Nottingham
+- SIGHUP nscd from usermod, too
+
+* Fri Apr 09 1999 Michael K. Johnson
+- added usermod password locking from Chris Adams
+
+* Thu Apr 08 1999 Bill Nottingham
+- have things that modify users/groups SIGHUP nscd on exit
+
+* Wed Mar 31 1999 Michael K. Johnson
+- have userdel remove user private groups when it is safe to do so
+- allow -f to force user removal even when user appears busy in utmp
+
+* Tue Mar 23 1999 Preston Brown
+- edit out unused CHFN fields from login.defs.
+
+* Sun Mar 21 1999 Cristian Gafton
+- auto rebuild in the new build environment (release 7)
+
+* Wed Jan 13 1999 Bill Nottingham
+- configure fix for arm
+
+* Wed Dec 30 1998 Cristian Gafton
+- build against glibc 2.1
+
+* Fri Aug 21 1998 Jeff Johnson
+- Note that /usr/sbin/mkpasswd conflicts with /usr/bin/mkpasswd;
+ one of these (I think /usr/sbin/mkpasswd but other opinions are valid)
+ should probably be renamed. In any case, mkpasswd.8 from this package
+ needs to be installed. (problem #823)
+
+* Fri May 08 1998 Prospector System
+- translations modified for de, fr, tr
+
+* Tue Apr 21 1998 Cristian Gafton
+- updated to 980403
+- redid the patches
+
+* Tue Dec 30 1997 Cristian Gafton
+- updated the spec file
+- updated the patch so that new accounts created on shadowed system won't
+ confuse pam_pwdb anymore ('!!' default password instead on '!')
+- fixed a bug that made useradd -G segfault
+- the check for the ut_user is now patched into configure
+
+* Thu Nov 13 1997 Erik Troan
+- added patch for XOPEN oddities in glibc headers
+- check for ut_user before checking for ut_name -- this works around some
+ confusion on glibc 2.1 due to the utmpx header not defining the ut_name
+ compatibility stuff. I used a gross sed hack here because I couldn't make
+ automake work properly on the sparc (this could be a glibc 2.0.99 problem
+ though). The utuser patch works fine, but I don't apply it.
+- sleep after running autoconf
+
+* Thu Nov 06 1997 Cristian Gafton
+- added forgot lastlog command to the spec file
+
+* Mon Oct 27 1997 Cristian Gafton
+- obsoletes adduser
+
+* Thu Oct 23 1997 Cristian Gafton
+- modified groupadd; updated the patch
+
+* Fri Sep 12 1997 Cristian Gafton
+- updated to 970616
+- changed useradd to meet RH specs
+- fixed some bugs
+
+* Tue Jun 17 1997 Erik Troan
+- built against glibc