login_defs-4.8.1-150400.3.3.1 >  A d Xp9|ACY,bMl=V.X-BHys,XpuEc9I&KcJ"DZ8+B-_NjUE8>p????d   > .:agn    j lt~,(8292:2=;nF;vG;H;I;X;Y;\;];^<b<"c<d=|e=f=l=u=v=z>->=?&?0?4?:?|Clogin_defs4.8.1150400.3.3.1login.defs configuration fileThis package contains the default login.defs configuration file as used by util-linux, pam and shadow.d 9h03-ch2bCSUSE Linux Enterprise 15SUSE LLC BSD-3-Clause AND GPL-2.0-or-laterhttps://www.suse.com/System/Basehttps://github.com/shadow-maint/shadowlinuxnoarchtest -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs.rpmsave.old ||:'d 7d 77a6cdc2ecb8acf969dd0bb1d4d2d6c9af7ad24c79669615bda4c5bf0481be61904ad0f765fefc657cac5d4ffb41790f38aa5ed7e8b52639f70553ddc41edcb8frootrootrootrootshadow-4.8.1-150400.3.3.1.src.rpmconfig(login_defs)login_defslogin_defs-support-for-pamlogin_defs-support-for-util-linux     /bin/sh/bin/shconfig(login_defs)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)4.8.1-150400.3.3.13.0.4-14.6.0-14.0-15.2-14.14.3d aa`@` l_@_@__P_~@_Wr@^Ǿ^*@^%@^ P@]@](]m@]Z@]:@]9]3@]1]@\\\8\HW@[ٙ@Zz@ZZZYYY@YdYo@Yo@Y@Y9<@Y"X@X@XW;WM|WL+@W=V@UK@mvetter@suse.comsbrabec@suse.comsbrabec@suse.comsbrabec@suse.comkukuk@suse.comfvogt@suse.comwerner@suse.dewerner@suse.dewerner@suse.desbrabec@suse.comsbrabec@suse.comfvogt@suse.commvetter@suse.commvetter@suse.commvetter@suse.commvetter@suse.comkukuk@suse.demvetter@suse.comkukuk@suse.desbrabec@suse.comkukuk@suse.desbrabec@suse.comsbrabec@suse.commvetter@suse.commpluskal@suse.comlnussel@suse.desbrabec@suse.comadam.majer@suse.devrothberg@suse.commvetter@suse.comfvogt@suse.comkbabioch@suse.commvetter@suse.comadam.majer@suse.deschwab@suse.demvetter@suse.commvetter@suse.commvetter@suse.commvetter@suse.comkukuk@suse.deadam.majer@suse.dejosef.moellers@suse.commeissner@suse.commvetter@suse.commvetter@suse.commvetter@suse.commvetter@suse.comchristian.brauner@mailbox.orgfvogt@suse.comjkeil@suse.de- bsc#1214806 (CVE-2023-4641): Fix potential password leak - Add shadow-CVE-2023-4641.patch- The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954).- shadow-util-linux.patch: * Add support for LOGIN_KEEP_USERNAME from util-linux >= 2.37. - Refresh shadow-login_defs-suse.patch.- Do not require libeconf-devel on products without /usr/etc.- Split login.defs configuration file into own sub-package, which allows to install util-linux or pam on small embedded/edge systems or container without the need to pull in the full shadow suite.- Amend patches/useradd-userkeleton.patch to also write into existing directories and prefer files from /etc- Add patch useradd-userkeleton.patch to extend original C code of useradd to handle /usr/etc/skel (boo#1173321) - Remove /usr/etc/skel support in useradd.local script- Change again useradd.local script to let it work even for system accounts and work together with SELinux (bsc#1178296) - Change patch useradd-script.patch to support the four arguments used by the useradd.local script (bsc#1178296)- Add support for /usr/etc/skel to useradd.local script (boo#1173321)- shadow-login_defs-check.sh: Fix the regexp to get a real variable list (boo#1164274).- login.defs: Add support for new util-linux-2.36 login variable MOTD_FIRSTONLY (shadow-util-linux.patch). - shadow-login_defs-comments.patch: Remove duplicated LASTLOG_UID_MAX. - shadow-login_defs-check.sh: Update for new build system. - shadow-util-linux.patch: Restore lost chunk: SYSLOG_SU_ENAB is not used in SUSE Linux. - Refresh shadow-login_defs-suse.patch and shadow-login_defs-comments.patch.- Use pure #!/bin/sh in: * useradd.local * userdel-post.local * userdel-pre.local- Update to 4.8.1: * selinux: include stdio * man: don't suggest making groupmems user-writeable * Makefile: bail out on error in for loops * Adding logging of SSH_ORIGINAL_COMMAND to nologin * add new HOME_MODE login.defs option * Add tty logging to useradd * Useradd: make non-executable shell check only a warning * Update Dutch translation * user_busy: Do not mistake a regular user process for a namespaced one * Revert "Honor --sbindir and --bindir for binary installation" - Remove shadow-4.8-shell-check.patch: included - Remove shadow-4.8-selinux-include.patch: upstreamed- Set 0755 for chpasswd, groupadd, groupdel, groupmod, newusers, useradd, userdel, usermod explicitly.- bsc#1160729: Make valid shell check only a warning * Add shadow-4.8-shell-check.patch- Update to 4.8: * Initial optional bcrypt support. * Make build/install of 'su' optional. * Fix for vipw not resuming correctly when suspended * Sync password field descriptions in manpages * Check for valid shell argument in useradd * Allow translation of new strings through POTFILES.in * Migrate to itstool for translations * Migrate to new SELinux api * Support --enable-vendordir * pwck: Only check homedir if set and not a system user * Support nonstandard usernames * sget{pw,gr}ent: check for data at EOL * Add YYY-MM-DD support in chage * Fix failing chmod calls for suidubins * Fix --sbindir and --bindir for binary installations * Fix LASTLOG_UID_MAX in login.defs * Fix configure error with dash - Remove because upstreamed: * libeconf.patch * shadow-usermod-variable.patch - Rebase: * shadow-login_defs-unused-by-pam.patch * chkname-regex.patch * shadow-util-linux.patch * shadow-login_defs-comments.patch - Add shadow-4.8-selinux-include.patch See https://github.com/shadow-maint/shadow/pull/200- libeconf.patch: Add support for libeconf and /usr/etc for login.defs. - Move first configuration files and pam config files to /usr/etc- bsc#1144060: Add pam_keyinit.so to /etc/pam.d configuration files to support kernel keyring feature - Update pamd.tar.bz2 with pam configuration files accordingly- encryption_method_nis.patch: drop, DES should really not be used anymore anywhere, even with NIS - shadow-login_defs-suse.patch: remove encryption NIS entry- Fix incorrect variable name in usermod (shadow-usermod-variable.patch). - shadow-login_defs-comments.patch: * Drop SHA_CRYPT_*_ROUNDS that are in the upstream login.defs. * Add missing LASTLOG_UID_MAX. * Refresh shadow-login_defs-suse.patch. - Port shadow-login_defs-check.sh to match the current spec file and login.defs.- Provide "useradd_or_adduser_dep" for sysuser-shadow- shadow-login_defs-suse.patch: Set ALWAYS_SET_PATH default to "yes" (bsc#353876#c7).- Fix comment about patch in spec file- Update to 4.7: * Spawn: don't loop forever on ECHILD * Do not fail locking if there is a stale lockfile (Tomas Mraz) * Use lckpwdf if prefix not set (Tomas Mraz) * Build: check correct DocBook version (Jan Tojnar) * Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn) * Add support for btrfs subvolumes for home (Adam Majer) * Fix chpasswd long line handling (Nathan Ruiz) * Use secure_getenv for gettime (Chris Lamb) * Make sp_lstchg reproducible (Chris Lamb) * Do not crash commonio_close if db file is not open (Tomas Mraz) * Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez) * French manpage update (Alban VIDAL) * Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz) * Sync po files from shadow.pot (Alban VIDAL) * Usermod: guard against unsafe chown of homedir contents (Tomas Mraz) * Add LASTLOG_UID_MAX to login.defs (Tomas Mraz) * new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner) * Fix segfault in useradd (bsc#1141113, Tomas Mraz) * Coverity issues (Tomas Mraz) * Flush sssd caches (Jakub Hrozek) * Log UID in nologin (Vladimir Ivanov) * run pam_getenvlist after setup_env in su.c (Michael Vogt) * Support systems with only utmpx (A. Wilcox) * Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal)) * Update po/zh_CN translation (Lion Yang) * Create parent dirs for useradd -m (Michael Vetter) * Prevent usermod segv * Fix usermod crash (fariouche) - Remove btrfs-subvolumes.patch (fate#316134): upstreamed: https://github.com/shadow-maint/shadow/pull/149 - Remove useradd-mkdirs.patch (bsc#865563): upstreamed https://github.com/shadow-maint/shadow/pull/112 - Remove shadow-4.6.0-fix-usermod-prefix-crash.patch upstreamed https://github.com/shadow-maint/shadow/issues/110 - Remove shadow-4.6-bsc1141113-useradd-segfault.patch (SLE15 SP3 and openSUSE Leap 15.3 only) upstreamed https://github.com/shadow-maint/shadow/issues/125 - Rebase userdel-script.patch - Rebase useradd-script.patch - Rebase shadow-util-linux.patch- Make building more verbose - Use spec-cleaner- don't specify MOTD_FILE in login.defs but fall back to built in defaults of login (boo#1133929)- Split shadow-login_defs.patch hunks to its logical components (bsc#1121197): * shadow-login_defs-unused-by-pam.patch * shadow-login_defs-comments.patch * shadow-util-linux.patch * shadow-login_defs-suse.patch * Move appropriate hunks to chkname-regex.patch and encryption_method_nis.patch * Remove GROUPADD_CMD that is not supported (bsc#1121197#c14). - Split getdef-new-defs.patch hunks to its logical components (bsc#1121197): * encryption_method_nis.patch * chkname-regex.patch * shadow-util-linux.patch Add support for login: ALWAYS_SET_PATH and LOGIN_PLAIN_PROMPT. * useradd-script.patch, userdel-script.patch * Remove duplicated definitions of MOTD_FILE and ENV_PATH. - Add shadow-login_defs-unused-check.sh to allow verification of login.defs variable usage (bsc#1121197). - Add virtual symbols for login.defs compatibility (bsc#1121197).- btrfs-subvolumes.patch: implement support for creating user home directories on btrfs subvolumes (fate#316134)- Add empty /etc/sub{u,g}id files. useradd and usermod add entries for users only when those files exist. Having those entries is a requirement to create user namespaces, for instance, when running podman as a non-root user.- Update to 4.6: * Newgrp: avoid unnecessary lookups * Make language less binary * Add error when turning off man switch * Spelling fixes * Make userdel work with -R * newgidmap: enforce setgroups=deny if self-mapping a group * Norwegian bokmål translation * pwck: prevent crash by not passing O_CREAT * WITH_TCB fixes from Mandriva * Fix pwconv and grpconv entry skips * Fix -- slurping in su * add --prefix option - Remove CVE-2018-7169.patch: upstreamed - Remove shadow-4.1.5.1-pam_group.patch: upstreamed - Update userdel-script.patch: change due to prefix - Update useradd-mkdirs.patch: change due to prefix Additionally changed in that patch (bsc#1106914): * Test for strdup() failure * Directory to 0755 instead 0777 - Add shadow-4.6.0-fix-usermod-prefix-crash.patch: Fixes crash in usermod when called with --prefix. See https://github.com/shadow-maint/shadow/issues/110- Use %license (boo#1082318)- Added CVE-2018-7169.patch: Fixed an privilege escalation in newgidmap, which allowed an unprivileged user to be placed in a user namespace where setgroups(2) is allowed. (CVE-2018-7169 bsc#1081294)- bsc#1061838: Revert: Requires: group(mail) Introduced circular dependency- Revert accidentalied prerequisites. Use PreReq for permissions- Prequire group(shadow), group(root), user(root)- bsc#1061838: Add Requires for group(mail)- boo#1048645: Set suid bit for newuidmap and newgimap- Revert the changes for bsc#1023895 back Pulls in too many deps into ring0. Next version of shadow plans to have no conditional man pages.- run spec-cleaner - bsc#1023895: man page contained invalid options because they depend on compile flags and we shipped pre built ones. New BuildRequires: docbook-xsl-stylesheets docbook_4 xml2po xsltproc- Adjust requires (we need user/group root instead of aaa_base now)- New upstream version 4.5 - Refreshed patches: * shadow-login_defs.patch * chkname-regex.patch * getdef-new-defs.patch * useradd-mkdirs.patch - Upstreamed patches: * shadow-4.1.5.1-manfix.patch * shadow-4.1.5.1-errmsg.patch * shadow-4.1.5.1-backup-mode.patch * shadow-4.1.5.1-audit-owner.patch * shadow-4.2.1-defs-chroot.patch * shadow-4.2.1-merge-group.patch * Fix-user-busy-errors-at-userdel.patch * useradd-clear-tallylog.patch - shadow-4.1.5.1-pam_group.patch dynamically added users via pam_group are not listed in groups databases but are still valid - shadow.keyring: update keyring with current maintainer's keyid only - Serge Hallyn 'F1D08DB778185BF784002DFFE9FEEA06A85E3F9D' - disable_new_audit_function.patch: Disable newer libaudit functionality for older distributions- useradd: call external program "/sbin/pam_tally2" to reset failed login counter in "/var/log/tallylog" (bsc#980486, useradd-clear-tallylog.patch)- add keyring, three public keys from https://pkg-shadow.alioth.debian.org/download.php- bsc#1002975: Use permissions according to permissions package and dont try to manipulate them in %files section.- boo#994486: Include shadow.5 manpage Previously this was provided by man-pages package in the man-pages-addons tarball which got removed later on.- Add package dependency for aaa_base, fixing bnc#899409 (was done by tbehrens@suse.com but not submitted to Factory)- shadow 4.2.1 requested by fate#320422 - bsc#979069: Dont include shadow-4.1.5.1-bug935203-manpage.patch - Dont set SUID bit yet. Once bsc#979282 is through, which will adapt the permissions package, we can enable the SUID bits. Remove the files used to circumvent the check. - Remove: * shadow-rpmlintrc * shadow-subids * shadow-subids.easy * shadow-subids.secure * shadow-subids.paranoid- Update to shadow-4.2.1: - add support for subuids/subgids via newuidmap/newgidmap - Rename chkname-regex.diff to chkname-regex.patch - Rename encryption_method_nis.diff to encryption_method_nis.patch - Rename getdef-new-defs.diff to getdef-new-defs.patch - Rename shadow-login_defs.diff to shadow-login_defs.patch - Rename userdel-scripts.diff to userdel-script.patch - Rename useradd-script.diff to useradd-script.patch - Rename useradd-default.diff to useradd-default.patch - Rename useradd-mkdirs.diff to useradd-mkdirs.patch - Add fixes from Red Hat/Fedora: - shadow-4.1.5.1-audit-owner.patch.patch: - log owner changes for home directory - shadow-4.1.5.1-userdel-helpfix.patch.patch: - give a hint about what happens when you force the removal of a user - shadow-4.2.1-defs-chroot.patch.patch: - initialize uid_t uid_min and uid_t uid_max not before we need them - shadow-4.2.1-merge-group.patch.patch: - simplify by using a single call to snprintf() - Add upstream fix - Fix-user-busy-errors-at-userdel.patch: - call sub_uid_close()- Moved call from %verifyscript into %post: * Caused call to %service_add_post shadow.service shadow.timer during rpm -qV shadow- Add systemd unit files to continuously check password & groupfile integrity * Idea from Arch Linux * pending request to systemd-presets-branding-openSUSE to enable by default/bin/shh03-ch2b 16941734974.8.1-150400.3.3.14.8.1-150400.3.3.11.3.12.37login.defslogin.defs.5.gz/etc//usr/share/man/man5/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:30603/SUSE_SLE-15-SP4_Update_Products_Micro54_Update/6cba024205e3013b70dd415a6877326d-shadow.SUSE_SLE-15-SP4_Update_Products_Micro54_Updatecpioxz5x86_64-suse-linuxAlgol 68 source, ASCII texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)پ+;ivڟ\# rpmsave file can be created by # - change of owning package (SLE15 SP2->SP3, Leap 15.2->15.3) # - Migration to /usr/etc (after SLE15 and Leap 15) test -f /etc/login.defs.rpmsave && mv -v /etc/login.defs.rpmsave /etc/login.defs ||:/bin/shutf-8ca3a03023f3bc4746444437223b3bfa6edbbb27419167f6fc790535175366398?7zXZ !t/E7+] crv(vX0-ﻓSо'.[U LN?rds.ڄ\Q_b|8g\TRJu$./(^:6JXz3N~rbՂw@jhtv[|' {;{Sb@dmF~o;&-nIEo$~tR_vh7#Ԭ',0ȧj0vawbEMMc9cu)?,.GOot|#4 JYfL˶*%ËKf|qa|u| 5P ʻ[&)U3 R*8 3IoߛgՄlsc4::AZX4R}~ #'`Ov6yg~op>EId*`j%[؆bу% Bspm_|b2 )C:مwX@Uj-G;5={B龂jKgf Cng&fO*Z81 # cηt F94k' C_1Q(D@hDj.4c+K4exZn| |' BM.qU)[椌b:tů2Qq_׍妦HpɂEtE{eqx\[h`"jK.>9,:daћ}npv,6͞D6svv-iQt߮+\8ϚxL+_ xWþlzc;ܾ̾)4v >x&!jcd}M%uqL{cr DێgF0p{g8Ss>B<]\9+Y_uN kȤ[K4@L5ݙ  WLaAdch"4̈́1Hv^{x8$7VzA-j~X'nIώsfāP$|R4u;RI ۢiT]{d=wyȻ9^D`\Qm_4> v+|׽ d6}%y9~EehHi ;'@kA@3{6F%5'Pݻ ?0(܂_u*b $X[86_)u.RAuu{rx$ez"k;JHltKSf1Bu[)`S_'Tv O@(*.;0&%4 .EoY+7 K+[a*5/H9hlO) yk~[}-Uf?gSJ2Q?dGn5>/l譾. c[ t4zm21Ef[ KBl'@uDOAE//_4r?{Ay|$dž沲zo)ȅ;'2-bEyqB9 j$O9Z dK?kefno jKl̥7]@di0Bo#M1+ϫ>XT:h,vYq #Cpi{uIZDg]7f_딳gBC3@'jJi*m6!a#p"pb3wQ\jx€!#`dI# St[6FkI 秆i"3E);/€Yp+>-r ,!@3q̪` ` {pG-TD>Vݰ勼1P,~O<)P@8>DH0c؜64)EOE ?{¨O7WZ8Z`KJ? @9.Ee p,V8#m%H@Dr K[<_bwptu@ =Kmq᝴:)]vG$'wB;YI 1=*\_ IF2ncԘP?(MӹsyȾ,FIzDnMLI#O}Yc!h$`r1?(~^6(ÁZ6/{FglI,["iۛ8Iˋ9!Kl)gqCOE2s%VtňUyinOk/Ov|Boן%_&Ö"jvm6A^ئ@fhR. Y*"d ]S_/%㯯Z-Gꄷ AM+L72*;b'Wֈ\l' 2h:IȚҎ/;ƚ7&Ij?d T,7  {cq3Mp#" ]Jop*V_m +YWRc e`) 6cH:oa Lh7IyJsS3+$k6u2^(bX:ZF@X*8 D0iNht~`ayd ?>u[n6l}!Q=Mja>$8AA&gk/XrezZzPR{&v"63'x-Y4<,~ UZ;(-fGCt#T﹊+ ݧ8$ S q[ {@̌CK"2@j2Tt7)KW0#?ax쀓oޚ,m %޲񋋤4_113aA6d\}T$J9B Ew+ۖ ID[,;Û+n?$LmFUoqU K}iGJ7Z61_eU kt|\Bo[ YB;ׁ<fs5M~L4T)ٔvwpN0-E=dyoG%Crgm! ӷIa`*=~9#אָ.|~:1يۤt2sen.d"oٻ;nÙ@n!sM*5waߗch C匜BFe&!H,0J 8g a K(RۇM^n|rg&Yجr@t}(brAvj4G&:- 9*X>[RۦRpg}R~,\Dh-cl>:uw:<~, :n9.HCʊӮ_YEhlH6;3Qԅ},ϱȫ].-H Y#Inp1\-Bd:esOJ8m gоl׻5j P-yF1u|||Hb= /vu+0,˓N$Ņ,JQ"ʳ^z<66=BZ+OWEſ ŕc| Xq}^JW}L,P8L̇+gߗ's2XpB0qggMj_5>$N+sn=58?qeƌu͢!g,ASkfw׸\^|bJ0*Urbk^OվV|u TJBFsPf\HBE`Y{DPkx~3{uCއ69v <o~iT&uO]E T4#;tF=`8L)35-**\ϗ3VNeGvLlÓz#((*T!՜uVJa񢥲yTjͿ8w8â5oihvl/ m&2D@hE?}N Y.NEJ'`}p(7=|Jy|s_>~FAr7/`zF^?4̦bpciOFrf g'lc_5h>ףvJd*Ys=#B*b5ٻ xjRBʃCm%&Vi{z֌SOCf&#r0whyE j[2| dwA"*TS?wvy1XUJ>8YŪfo[=j._4&_:KqGSJEn\jBNߑ  ibؑl(5EuJ\5@K@Nٲo1rXUr b%e nˇ)>/^Oc+ܰɬ ֺ3I7<[~]vђa=HC#tL 8f99`@xpU#d0%rȘ.{Sd^~ )7J}6f<"- o%=0moC8ބ(7C -QcV ɀ'1FE_>_JBiXqG6x~xjXv{oq2m"κ 3d*l;>4F'&`{<&v)Vs>i˜e4ik e5'0$aZs5ϛ^u1]z~soxҎQxi3A\h[ɠ/T3!Lvt(oU Ij78&QF(6)"Q(Y٥_EЊ7QERVUIͶ YZ