Re: [PR PATCH] [Updated] shadow: update to 4.14.5.

[dataCobra <dataCobra@users.noreply.github.com>]

[-- Attachment #1: Type: text/plain, Size: 674 bytes --]

There is an updated pull request by dataCobra against master on the void-packages repository

https://github.com/dataCobra/void-packages shadow
https://github.com/void-linux/void-packages/pull/48813

shadow: update to 4.14.5.
#### Testing the changes
- I tested the changes in this PR: **YES**

#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - x86_64-musl
  - i686

I welcome everyone to test this version. Maybe also on a new installation.

A patch file from https://github.com/void-linux/void-packages/pull/48813.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-shadow-48813.patch --]
[-- Type: text/x-diff, Size: 52790 bytes --]

From d3597add34e7fe5b36fedf4bcbd5f19169e40347 Mon Sep 17 00:00:00 2001
From: dataCobra <datacobra@thinkbot.de>
Date: Fri, 22 Mar 2024 20:09:16 +0100
Subject: [PATCH] shadow: update to 4.15.0.

---
 common/shlibs                                 |   1 +
 srcpkgs/shadow/files/login.defs               |  87 ---
 ...pt-login.defs-for-PAM-and-util-linux.patch | 694 +++++++++++++++++
 ...-tools-their-man-pages-and-PAM-integ.patch | 721 ++++++++++++++++++
 srcpkgs/shadow/patches/disable-ruserok.patch  |  12 +
 .../shadow/patches/shadow-strncpy-usage.patch |  23 -
 srcpkgs/shadow/patches/useradd-defaults.patch |  21 +
 .../void-linux-defaults-for-login.defs.patch  |  43 ++
 srcpkgs/shadow/patches/xstrdup.patch          |   9 -
 srcpkgs/shadow/template                       |  55 +-
 10 files changed, 1519 insertions(+), 147 deletions(-)
 delete mode 100644 srcpkgs/shadow/files/login.defs
 create mode 100644 srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch
 create mode 100644 srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch
 create mode 100644 srcpkgs/shadow/patches/disable-ruserok.patch
 delete mode 100644 srcpkgs/shadow/patches/shadow-strncpy-usage.patch
 create mode 100644 srcpkgs/shadow/patches/useradd-defaults.patch
 create mode 100644 srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch
 delete mode 100644 srcpkgs/shadow/patches/xstrdup.patch

diff --git a/common/shlibs b/common/shlibs
index 9ca4502a01c4a7..19cfecbfc45cdf 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -4302,3 +4302,4 @@ libunicode_loader.so.0.4 libunicode-0.4.0_1
 force-stage.so.0.1 void-force-stage-0.1_1
 libliftoff.so.0 libliftoff-0.4.1_1
 libscfg.so libscfg-0.1.1_1
+libsubid.so.4 shadow-4.14.5_1
diff --git a/srcpkgs/shadow/files/login.defs b/srcpkgs/shadow/files/login.defs
deleted file mode 100644
index 350764846af4b0..00000000000000
--- a/srcpkgs/shadow/files/login.defs
+++ /dev/null
@@ -1,87 +0,0 @@
-# Configuration file for login(1). For more information see
-# login.defs(5).
-
-# Directory where mailboxes reside, _or_ name of file, relative to the
-# home directory. If you do define both, MAIL_DIR takes precedence.
-#
-MAIL_DIR 		/var/mail
-#MAIL_FILE 		.mail
-
-# Password aging controls:
-#
-#	PASS_MAX_DAYS	Maximum number of days a password may be used.
-#	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
-#	PASS_MIN_LEN	Minimum acceptable password length.
-#	PASS_WARN_AGE	Number of days warning given before a password expires.
-PASS_MAX_DAYS 		99999
-PASS_MIN_DAYS 		0
-PASS_WARN_AGE		7
-
-# Min/max values for automatic uid selection in useradd
-UID_MIN 		1000
-UID_MAX 		60000
-# System accounts
-SYS_UID_MIN 		100
-SYS_UID_MAX 		999
-
-# Min/max values for automatic gid selection in groupadd
-GID_MIN 		1000
-GID_MAX 		60000
-# System accounts
-SYS_GID_MIN		100
-SYS_GID_MAX		999
-
-# If useradd should create home directories for users by default
-CREATE_HOME		yes
-
-# This enables userdel to remove user groups if no members exist.
-USERGROUPS_ENAB		yes
-
-# Disable MOTD_FILE (empty); use pam_motd(8) instead.
-MOTD_FILE
-
-
-# If defined, either full pathname of a file containing device names or
-# a ":" delimited list of device names.  Root logins will be allowed only
-# upon these devices.
-#
-CONSOLE 		/etc/securetty
-
-# Terminal permissions
-#
-#	TTYGROUP	Login tty will be assigned this group ownership.
-#	TTYPERM		Login tty will be set to this permission.
-#
-# If you have a "write" program which is "setgid" to a special group
-# which owns the terminals, define TTYGROUP to the group number and
-# TTYPERM to 0620.  Otherwise leave TTYGROUP commented out and assign
-# TTYPERM to either 622 or 600.
-#
-TTYGROUP 		tty
-TTYPERM 		0600
-
-# Login configuration initializations:
-#
-#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
-#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
-#	UMASK		Default "umask" value.
-#
-# The ERASECHAR and KILLCHAR are used only on System V machines.
-# The ULIMIT is used only if the system supports it.
-# (now it works with setrlimit too; ulimit is in 512-byte units)
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
-ERASECHAR 		0177
-KILLCHAR 		025
-UMASK			022
-HOME_MODE		0700
-
-# Max number of login retries if password is bad
-#
-LOGIN_RETRIES 		5
-
-#
-# Max time in seconds for login
-#
-LOGIN_TIMEOUT 		60
diff --git a/srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch b/srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch
new file mode 100644
index 00000000000000..3a0e99134c533d
--- /dev/null
+++ b/srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch
@@ -0,0 +1,694 @@
+etc/login.defs:
+Remove unused login.defs options, that are either irrelevant due to the
+use of PAM or because the util-linux version of a binary does not
+support them.
+Modify all options that are ignored when using PAM, but are supported by
+util-linux.
+
+Removed options because they are part of PAMDEFS (options in PAMDEFS are
+options silently ignored by shadow when built with PAM enabled):
+* CHFN_AUTH
+* CRACKLIB_DICTPATH
+* ENV_HZ
+* ENVIRON_FILE
+* ENV_TZ
+* FAILLOG_ENAB
+* FTMP_FILE
+* ISSUE_FILE
+* LASTLOG_ENAB
+* LOGIN_STRING
+* MAIL_CHECK_ENAB
+* NOLOGINS_FILE
+* OBSCURE_CHECKS_ENAB
+* PASS_ALWAYS_WARN
+* PASS_CHANGE_TRIES
+* PASS_MAX_LEN
+* PASS_MIN_LEN
+* PORTTIME_CHECKS_ENAB
+* QUOTAS_ENAB
+* SU_WHEEL_ONLY
+* SYSLOG_SU_ENAB
+* ULIMIT
+
+Removed options because they are not availablbe with PAM enabled:
+* BCRYPT_MIN_ROUNDS
+* BCRYPT_MAX_ROUNDS
+* CONSOLE_GROUPS
+* CONSOLE
+* MD5_CRYPT_ENAB
+* PREVENT_NO_AUTH
+
+Removed encryption methods (`ENCRYPT_METHOD`), because they are unsafe
+or not available with PAM:
+* BCRYPT
+* MD5
+
+Removed options because they are not supported by login from util-linux:
+* ERASECHAR
+* KILLCHAR
+* LOG_OK_LOGINS
+* TTYTYPE_FILE
+
+Removed options because they are not supported by su from util-linux:
+* SULOG_FILE
+* SU_NAME
+
+Adapted options because they are in PAMDEFS but are supported by login
+from util-linux:
+* MOTD_FILE
+
+man/login.defs.5.xml:
+Remove unavailable options from man 5 login.defs.
+---
+ etc/login.defs       | 223 +------------------------------------------
+ man/login.defs.5.xml | 148 +---------------------------
+ 2 files changed, 8 insertions(+), 363 deletions(-)
+
+diff --git a/etc/login.defs b/etc/login.defs
+index 33622c29..797ca6b3 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -3,6 +3,8 @@
+ #
+ #	$Id$
+ #
++# NOTE: This file is adapted for the use on Void Linux!
++#       Unsupported options due to the use of util-linux or PAM are removed.
+ 
+ #
+ # Delay in seconds before being allowed another attempt after a login failure
+@@ -11,26 +13,11 @@
+ #
+ FAIL_DELAY		3
+ 
+-#
+-# Enable logging and display of /var/log/faillog login(1) failure info.
+-#
+-FAILLOG_ENAB		yes
+-
+ #
+ # Enable display of unknown usernames when login(1) failures are recorded.
+ #
+ LOG_UNKFAIL_ENAB	no
+ 
+-#
+-# Enable logging of successful logins
+-#
+-LOG_OK_LOGINS		no
+-
+-#
+-# Enable logging and display of /var/log/lastlog login(1) time info.
+-#
+-LASTLOG_ENAB		yes
+-
+ #
+ # Limit the highest user ID number for which the lastlog entries should
+ # be updated.
+@@ -40,88 +27,13 @@ LASTLOG_ENAB		yes
+ #
+ #LASTLOG_UID_MAX
+ 
+-#
+-# Enable checking and display of mailbox status upon login.
+-#
+-# Disable if the shell startup files already check for mail
+-# ("mailx -e" or equivalent).
+-#
+-MAIL_CHECK_ENAB		yes
+-
+-#
+-# Enable additional checks upon password changes.
+-#
+-OBSCURE_CHECKS_ENAB	yes
+-
+-#
+-# Enable checking of time restrictions specified in /etc/porttime.
+-#
+-PORTTIME_CHECKS_ENAB	yes
+-
+-#
+-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
+-#
+-QUOTAS_ENAB		yes
+-
+-#
+-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
+-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
+-#
+-SYSLOG_SU_ENAB		yes
+-SYSLOG_SG_ENAB		yes
+-
+-#
+-# If defined, either full pathname of a file containing device names or
+-# a ":" delimited list of device names.  Root logins will be allowed only
+-# from these devices.
+-#
+-CONSOLE		/etc/securetty
+-#CONSOLE	console:tty01:tty02:tty03:tty04
+-
+-#
+-# If defined, all su(1) activity is logged to this file.
+-#
+-#SULOG_FILE	/var/log/sulog
+-
+ #
+ # If defined, ":" delimited list of "message of the day" files to
+ # be displayed upon login.
+ #
+-MOTD_FILE	/etc/motd
++MOTD_FILE
+ #MOTD_FILE	/etc/motd:/usr/lib/news/news-motd
+ 
+-#
+-# If defined, this file will be output before each login(1) prompt.
+-#
+-#ISSUE_FILE	/etc/issue
+-
+-#
+-# If defined, file which maps tty line to TERM environment parameter.
+-# Each line of the file is in a format similar to "vt100  tty01".
+-#
+-#TTYTYPE_FILE	/etc/ttytype
+-
+-#
+-# If defined, login(1) failures will be logged here in a utmp format.
+-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
+-#
+-FTMP_FILE	/var/log/btmp
+-
+-#
+-# If defined, name of file whose presence will inhibit non-root
+-# logins.  The content of this file should be a message indicating
+-# why logins are inhibited.
+-#
+-NOLOGINS_FILE	/etc/nologin
+-
+-#
+-# If defined, the command name to display when running "su -".  For
+-# example, if this is defined as "su" then ps(1) will display the
+-# command as "-su".  If not defined, then ps(1) will display the
+-# name of the shell actually being run, e.g. something like "-sh".
+-#
+-SU_NAME		su
+-
+ #
+ # *REQUIRED*
+ #   Directory where mailboxes reside, _or_ name of file, relative to the
+@@ -139,21 +51,6 @@ MAIL_DIR	/var/spool/mail
+ HUSHLOGIN_FILE	.hushlogin
+ #HUSHLOGIN_FILE	/etc/hushlogins
+ 
+-#
+-# If defined, either a TZ environment parameter spec or the
+-# fully-rooted pathname of a file containing such a spec.
+-#
+-#ENV_TZ		TZ=CST6CDT
+-#ENV_TZ		/etc/tzname
+-
+-#
+-# If defined, an HZ environment parameter spec.
+-#
+-# for Linux/x86
+-ENV_HZ		HZ=100
+-# For Linux/Alpha...
+-#ENV_HZ		HZ=1024
+-
+ #
+ # *REQUIRED*  The default PATH settings, for superuser and normal users.
+ #
+@@ -175,23 +72,6 @@ ENV_PATH	PATH=/bin:/usr/bin
+ TTYGROUP	tty
+ TTYPERM		0600
+ 
+-#
+-# Login configuration initializations:
+-#
+-#	ERASECHAR	Terminal ERASE character ('\010' = backspace).
+-#	KILLCHAR	Terminal KILL character ('\025' = CTRL/U).
+-#	ULIMIT		Default "ulimit" value.
+-#
+-# The ERASECHAR and KILLCHAR are used only on System V machines.
+-# The ULIMIT is used only if the system supports it.
+-# (now it works with setrlimit too; ulimit is in 512-byte units)
+-#
+-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+-#
+-ERASECHAR	0177
+-KILLCHAR	025
+-#ULIMIT		2097152
+-
+ # Default initial "umask" value used by login(1) on non-PAM enabled systems.
+ # Default "umask" value for pam_umask(8) on PAM enabled systems.
+ # UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+@@ -211,22 +91,12 @@ UMASK		022
+ #
+ #	PASS_MAX_DAYS	Maximum number of days a password may be used.
+ #	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
+-#	PASS_MIN_LEN	Minimum acceptable password length.
+ #	PASS_WARN_AGE	Number of days warning given before a password expires.
+ #
+ PASS_MAX_DAYS	99999
+ PASS_MIN_DAYS	0
+-PASS_MIN_LEN	5
+ PASS_WARN_AGE	7
+ 
+-#
+-# If "yes", the user must be listed as a member of the first gid 0 group
+-# in /etc/group (called "root" on most Linux systems) to be able to "su"
+-# to uid 0 accounts.  If the group doesn't exist or is empty, no one
+-# will be able to "su" to uid 0.
+-#
+-SU_WHEEL_ONLY	no
+-
+ #
+ # Min/max values for automatic uid selection in useradd(8)
+ #
+@@ -263,28 +133,6 @@ LOGIN_RETRIES		5
+ #
+ LOGIN_TIMEOUT		60
+ 
+-#
+-# Maximum number of attempts to change password if rejected (too easy)
+-#
+-PASS_CHANGE_TRIES	5
+-
+-#
+-# Warn about weak passwords (but still allow them) if you are root.
+-#
+-PASS_ALWAYS_WARN	yes
+-
+-#
+-# Number of significant characters in the password for crypt().
+-# Default is 8, don't change unless your crypt() is better.
+-# Ignored if MD5_CRYPT_ENAB set to "yes".
+-#
+-#PASS_MAX_LEN		8
+-
+-#
+-# Require password before chfn(1)/chsh(1) can make any changes.
+-#
+-CHFN_AUTH		yes
+-
+ #
+ # Which fields may be changed by regular users using chfn(1) - use
+ # any combination of letters "frwh" (full name, room number, work
+@@ -293,38 +141,13 @@ CHFN_AUTH		yes
+ #
+ CHFN_RESTRICT		rwh
+ 
+-#
+-# Password prompt (%s will be replaced by user name).
+-#
+-# XXX - it doesn't work correctly yet, for now leave it commented out
+-# to use the default which is just "Password: ".
+-#LOGIN_STRING		"%s's Password: "
+-
+-#
+-# Only works if compiled with MD5_CRYPT defined:
+-# If set to "yes", new passwords will be encrypted using the MD5-based
+-# algorithm compatible with the one used by recent releases of FreeBSD.
+-# It supports passwords of unlimited length and longer salt strings.
+-# Set to "no" if you need to copy encrypted passwords to other systems
+-# which don't understand the new algorithm.  Default is "no".
+-#
+-# Note: If you use PAM, it is recommended to use a value consistent with
+-# the PAM modules configuration.
+-#
+-# This variable is deprecated. You should use ENCRYPT_METHOD instead.
+-#
+-#MD5_CRYPT_ENAB	no
+-
+ #
+ # Only works if compiled with ENCRYPTMETHOD_SELECT defined:
+-# If set to MD5, MD5-based algorithm will be used for encrypting password
+ # If set to SHA256, SHA256-based algorithm will be used for encrypting password
+ # If set to SHA512, SHA512-based algorithm will be used for encrypting password
+-# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
+ # If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
+ # If set to DES, DES-based algorithm will be used for encrypting password (default)
+ # MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
+-# Overrides the MD5_CRYPT_ENAB option
+ #
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+@@ -348,21 +171,6 @@ CHFN_RESTRICT		rwh
+ #SHA_CRYPT_MIN_ROUNDS 5000
+ #SHA_CRYPT_MAX_ROUNDS 5000
+ 
+-#
+-# Only works if ENCRYPT_METHOD is set to BCRYPT.
+-#
+-# Define the number of BCRYPT rounds.
+-# With a lot of rounds, it is more difficult to brute-force the password.
+-# However, more CPU resources will be needed to authenticate users if
+-# this value is increased.
+-#
+-# If not specified, 13 rounds will be attempted.
+-# If only one of the MIN or MAX values is set, then this value will be used.
+-# If MIN > MAX, the highest value will be used.
+-#
+-#BCRYPT_MIN_ROUNDS 13
+-#BCRYPT_MAX_ROUNDS 13
+-
+ #
+ # Only works if ENCRYPT_METHOD is set to YESCRYPT.
+ #
+@@ -376,17 +184,6 @@ CHFN_RESTRICT		rwh
+ #
+ #YESCRYPT_COST_FACTOR 5
+ 
+-#
+-# List of groups to add to the user's supplementary group set
+-# when logging in from the console (as determined by the CONSOLE
+-# setting).  Default is none.
+-#
+-# Use with caution - it is possible for users to gain permanent
+-# access to these groups, even when not logged in from the console.
+-# How to do it is left as an exercise for the reader...
+-#
+-#CONSOLE_GROUPS		floppy:audio:cdrom
+-
+ #
+ # Should login be allowed if we can't cd to the home directory?
+ # Default is no.
+@@ -401,12 +198,6 @@ DEFAULT_HOME	yes
+ #
+ NONEXISTENT	/nonexistent
+ 
+-#
+-# If this file exists and is readable, login environment will be
+-# read from it.  Every line should be in the form name=value.
+-#
+-ENVIRON_FILE	/etc/environment
+-
+ #
+ # If defined, this command is run when removing a user.
+ # It should remove any at/cron/print jobs etc. owned by
+@@ -454,14 +245,6 @@ USERGROUPS_ENAB yes
+ #
+ #GRANT_AUX_GROUP_SUBIDS yes
+ 
+-#
+-# Prevents an empty password field to be interpreted as "no authentication
+-# required".
+-# Set to "yes" to prevent for all accounts
+-# Set to "superuser" to prevent for UID 0 / root (default)
+-# Set to "no" to not prevent for any account (dangerous, historical default)
+-PREVENT_NO_AUTH superuser
+-
+ #
+ # Select the HMAC cryptography algorithm.
+ # Used in pam_timestamp module to calculate the keyed-hash message
+diff --git a/man/login.defs.5.xml b/man/login.defs.5.xml
+index 05ef5125..1ddf537e 100644
+--- a/man/login.defs.5.xml
++++ b/man/login.defs.5.xml
+@@ -7,70 +7,38 @@
+ -->
+ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN" 
+   "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+-<!ENTITY BCRYPT_MIN_ROUNDS     SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
+-<!ENTITY CHFN_AUTH             SYSTEM "login.defs.d/CHFN_AUTH.xml">
+ <!ENTITY CHFN_RESTRICT         SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
+-<!ENTITY CHSH_AUTH             SYSTEM "login.defs.d/CHSH_AUTH.xml">
+-<!ENTITY CONSOLE               SYSTEM "login.defs.d/CONSOLE.xml">
+-<!ENTITY CONSOLE_GROUPS        SYSTEM "login.defs.d/CONSOLE_GROUPS.xml">
+ <!ENTITY CREATE_HOME           SYSTEM "login.defs.d/CREATE_HOME.xml">
+ <!ENTITY DEFAULT_HOME          SYSTEM "login.defs.d/DEFAULT_HOME.xml">
+ <!ENTITY ENCRYPT_METHOD        SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
+-<!ENTITY ENV_HZ                SYSTEM "login.defs.d/ENV_HZ.xml">
+ <!ENTITY ENV_PATH              SYSTEM "login.defs.d/ENV_PATH.xml">
+ <!ENTITY ENV_SUPATH            SYSTEM "login.defs.d/ENV_SUPATH.xml">
+-<!ENTITY ENV_TZ                SYSTEM "login.defs.d/ENV_TZ.xml">
+-<!ENTITY ENVIRON_FILE          SYSTEM "login.defs.d/ENVIRON_FILE.xml">
+-<!ENTITY ERASECHAR             SYSTEM "login.defs.d/ERASECHAR.xml">
+ <!ENTITY FAIL_DELAY            SYSTEM "login.defs.d/FAIL_DELAY.xml">
+-<!ENTITY FAILLOG_ENAB          SYSTEM "login.defs.d/FAILLOG_ENAB.xml">
+-<!ENTITY FAKE_SHELL            SYSTEM "login.defs.d/FAKE_SHELL.xml">
+-<!ENTITY FTMP_FILE             SYSTEM "login.defs.d/FTMP_FILE.xml">
+ <!ENTITY GID_MAX               SYSTEM "login.defs.d/GID_MAX.xml">
+ <!ENTITY HMAC_CRYPTO_ALGO      SYSTEM "login.defs.d/HMAC_CRYPTO_ALGO.xml">
+ <!ENTITY HOME_MODE             SYSTEM "login.defs.d/HOME_MODE.xml">
+ <!ENTITY HUSHLOGIN_FILE        SYSTEM "login.defs.d/HUSHLOGIN_FILE.xml">
+-<!ENTITY ISSUE_FILE            SYSTEM "login.defs.d/ISSUE_FILE.xml">
+-<!ENTITY KILLCHAR              SYSTEM "login.defs.d/KILLCHAR.xml">
+-<!ENTITY LASTLOG_ENAB          SYSTEM "login.defs.d/LASTLOG_ENAB.xml">
+ <!ENTITY LASTLOG_UID_MAX       SYSTEM "login.defs.d/LASTLOG_UID_MAX.xml">
+-<!ENTITY LOG_OK_LOGINS         SYSTEM "login.defs.d/LOG_OK_LOGINS.xml">
+ <!ENTITY LOG_UNKFAIL_ENAB      SYSTEM "login.defs.d/LOG_UNKFAIL_ENAB.xml">
+ <!ENTITY LOGIN_RETRIES         SYSTEM "login.defs.d/LOGIN_RETRIES.xml">
+-<!ENTITY LOGIN_STRING          SYSTEM "login.defs.d/LOGIN_STRING.xml">
+ <!ENTITY LOGIN_TIMEOUT         SYSTEM "login.defs.d/LOGIN_TIMEOUT.xml">
+-<!ENTITY MAIL_CHECK_ENAB       SYSTEM "login.defs.d/MAIL_CHECK_ENAB.xml">
+ <!ENTITY MAIL_DIR              SYSTEM "login.defs.d/MAIL_DIR.xml">
+ <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
+-<!ENTITY MD5_CRYPT_ENAB        SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
+ <!ENTITY MOTD_FILE             SYSTEM "login.defs.d/MOTD_FILE.xml">
+-<!ENTITY NOLOGINS_FILE         SYSTEM "login.defs.d/NOLOGINS_FILE.xml">
+ <!ENTITY NONEXISTENT           SYSTEM "login.defs.d/NONEXISTENT.xml">
+-<!ENTITY OBSCURE_CHECKS_ENAB   SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
+-<!ENTITY PASS_ALWAYS_WARN      SYSTEM "login.defs.d/PASS_ALWAYS_WARN.xml">
+-<!ENTITY PASS_CHANGE_TRIES     SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
+-<!ENTITY PASS_MAX_LEN          SYSTEM "login.defs.d/PASS_MAX_LEN.xml">
+ <!ENTITY PASS_MAX_DAYS         SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
+ <!ENTITY PASS_MIN_DAYS         SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
+ <!ENTITY PASS_WARN_AGE         SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
+-<!ENTITY PORTTIME_CHECKS_ENAB  SYSTEM "login.defs.d/PORTTIME_CHECKS_ENAB.xml">
+-<!ENTITY QUOTAS_ENAB           SYSTEM "login.defs.d/QUOTAS_ENAB.xml">
+ <!ENTITY SHA_CRYPT_MIN_ROUNDS  SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+-<!ENTITY SULOG_FILE            SYSTEM "login.defs.d/SULOG_FILE.xml">
+-<!ENTITY SU_NAME               SYSTEM "login.defs.d/SU_NAME.xml">
+-<!ENTITY SU_WHEEL_ONLY         SYSTEM "login.defs.d/SU_WHEEL_ONLY.xml">
+ <!ENTITY SUB_GID_COUNT         SYSTEM "login.defs.d/SUB_GID_COUNT.xml">
+ <!ENTITY SUB_UID_COUNT         SYSTEM "login.defs.d/SUB_UID_COUNT.xml">
+ <!ENTITY SYS_GID_MAX           SYSTEM "login.defs.d/SYS_GID_MAX.xml">
+ <!ENTITY SYSLOG_SG_ENAB        SYSTEM "login.defs.d/SYSLOG_SG_ENAB.xml">
+-<!ENTITY SYSLOG_SU_ENAB        SYSTEM "login.defs.d/SYSLOG_SU_ENAB.xml">
+ <!ENTITY SYS_UID_MAX           SYSTEM "login.defs.d/SYS_UID_MAX.xml">
+ <!ENTITY TCB_AUTH_GROUP        SYSTEM "login.defs.d/TCB_AUTH_GROUP.xml">
+ <!ENTITY TCB_SYMLINKS          SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
+ <!ENTITY TTYGROUP              SYSTEM "login.defs.d/TTYGROUP.xml">
+-<!ENTITY TTYTYPE_FILE          SYSTEM "login.defs.d/TTYTYPE_FILE.xml">
+ <!ENTITY UID_MAX               SYSTEM "login.defs.d/UID_MAX.xml">
+-<!ENTITY ULIMIT                SYSTEM "login.defs.d/ULIMIT.xml">
+ <!ENTITY UMASK                 SYSTEM "login.defs.d/UMASK.xml">
+ <!ENTITY USERDEL_CMD           SYSTEM "login.defs.d/USERDEL_CMD.xml">
+ <!ENTITY USERGROUPS_ENAB       SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
+@@ -147,48 +115,25 @@
+     <para>The following configuration items are provided:</para>
+ 
+     <variablelist remap='IP'>
+-      &BCRYPT_MIN_ROUNDS; <!-- documents also BCRYPT_MAX_ROUNDS -->
+-      &CHFN_AUTH;
+       &CHFN_RESTRICT;
+-      &CHSH_AUTH;
+-      &CONSOLE;
+-      &CONSOLE_GROUPS;
+       &CREATE_HOME;
+       &DEFAULT_HOME;
+       &ENCRYPT_METHOD;
+-      &ENV_HZ;
+       &ENV_PATH;
+       &ENV_SUPATH;
+-      &ENV_TZ;
+-      &ENVIRON_FILE;
+-      &ERASECHAR;
+       &FAIL_DELAY;
+-      &FAILLOG_ENAB;
+-      &FAKE_SHELL;
+-      &FTMP_FILE;
+       &GID_MAX; <!-- documents also GID_MIN -->
+       &HMAC_CRYPTO_ALGO;
+       &HOME_MODE;
+       &HUSHLOGIN_FILE;
+-      &ISSUE_FILE;
+-      &KILLCHAR;
+-      &LASTLOG_ENAB;
+       &LASTLOG_UID_MAX;
+-      &LOG_OK_LOGINS;
+       &LOG_UNKFAIL_ENAB;
+       &LOGIN_RETRIES;
+-      &LOGIN_STRING;
+       &LOGIN_TIMEOUT;
+-      &MAIL_CHECK_ENAB;
+       &MAIL_DIR;
+       &MAX_MEMBERS_PER_GROUP;
+-      &MD5_CRYPT_ENAB;
+       &MOTD_FILE;
+-      &NOLOGINS_FILE;
+       &NONEXISTENT;
+-      &OBSCURE_CHECKS_ENAB;
+-      &PASS_ALWAYS_WARN;
+-      &PASS_CHANGE_TRIES;
+       &PASS_MAX_DAYS;
+       &PASS_MIN_DAYS;
+       &PASS_WARN_AGE;
+@@ -198,25 +143,16 @@
+         time of account creation. Any changes to these settings won't affect
+         existing accounts.
+       </para>
+-      &PASS_MAX_LEN; <!-- documents also PASS_MIN_LEN -->
+-      &PORTTIME_CHECKS_ENAB;
+-      &QUOTAS_ENAB;
+       &SHA_CRYPT_MIN_ROUNDS; <!-- documents also SHA_CRYPT_MAX_ROUNDS -->
+-      &SULOG_FILE;
+-      &SU_NAME;
+-      &SU_WHEEL_ONLY;
+       &SUB_GID_COUNT; <!-- documents also SUB_GID_MIN SUB_GID_MAX -->
+       &SUB_UID_COUNT; <!-- documents also SUB_UID_MIN SUB_UID_MAX -->
+       &SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
+       &SYS_UID_MAX; <!-- documents also SYS_UID_MIN -->
+       &SYSLOG_SG_ENAB;
+-      &SYSLOG_SU_ENAB;
+       &TCB_AUTH_GROUP;
+       &TCB_SYMLINKS;
+       &TTYGROUP;
+-      &TTYTYPE_FILE;
+       &UID_MAX; <!-- documents also UID_MIN -->
+-      &ULIMIT;
+       &UMASK;
+       &USERDEL_CMD;
+       &USERGROUPS_ENAB;
+@@ -255,7 +191,7 @@
+ 	  <para>
+ 	    <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ 	    BCRYPT_MIN_ROUNDS</phrase>
+-	    ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++	    ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ 	    <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ 	    SHA_CRYPT_MIN_ROUNDS</phrase>
+ 	    <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
+@@ -280,7 +216,7 @@
+ 	<term>chsh</term>
+ 	<listitem>
+ 	  <para>
+-	    CHSH_AUTH LOGIN_STRING
++	    CHSH_AUTH
+ 	  </para>
+ 	</listitem>
+       </varlistentry>
+@@ -292,7 +228,7 @@
+ 	  <para>
+ 	    <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ 	    BCRYPT_MIN_ROUNDS</phrase>
+-	    ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++	    ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ 	    <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ 	    SHA_CRYPT_MIN_ROUNDS</phrase>
+ 	    <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
+@@ -352,35 +288,6 @@
+ 	  <para>LASTLOG_UID_MAX</para>
+ 	</listitem>
+       </varlistentry>
+-      <varlistentry>
+-	<term>login</term>
+-	<listitem>
+-	  <para>
+-	    <phrase condition="no_pam">CONSOLE</phrase>
+-	    CONSOLE_GROUPS DEFAULT_HOME
+-	    <phrase condition="no_pam">ENV_HZ ENV_PATH ENV_SUPATH
+-	    ENV_TZ ENVIRON_FILE</phrase>
+-	    ERASECHAR FAIL_DELAY
+-	    <phrase condition="no_pam">FAILLOG_ENAB</phrase>
+-	    FAKE_SHELL
+-	    <phrase condition="no_pam">FTMP_FILE</phrase>
+-	    HUSHLOGIN_FILE
+-	    <phrase condition="no_pam">ISSUE_FILE</phrase>
+-	    KILLCHAR
+-	    <phrase condition="no_pam">LASTLOG_ENAB LASTLOG_UID_MAX</phrase>
+-	    LOGIN_RETRIES
+-	    <phrase condition="no_pam">LOGIN_STRING</phrase>
+-	    LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
+-	    <phrase condition="no_pam">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
+-	    MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
+-	    QUOTAS_ENAB</phrase>
+-	    TTYGROUP TTYPERM TTYTYPE_FILE
+-	    <phrase condition="no_pam">ULIMIT UMASK</phrase>
+-	    USERGROUPS_ENAB
+-	  </para>
+-	</listitem>
+-      </varlistentry>
+-      <!-- logoutd: no variables -->
+       <varlistentry>
+ 	<term>newgrp / sg</term>
+ 	<listitem>
+@@ -397,7 +304,7 @@
+ 	    BCRYPT_MIN_ROUNDS</phrase>
+ 	    ENCRYPT_METHOD
+ 	    GID_MAX GID_MIN
+-	    MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++	    MAX_MEMBERS_PER_GROUP
+ 	    HOME_MODE
+ 	    PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
+ 	    <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+@@ -417,8 +324,7 @@
+ 	  <para>
+ 	    <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ 	    BCRYPT_MIN_ROUNDS</phrase>
+-	    ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
+-	    PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
++	    ENCRYPT_METHOD
+ 	    <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ 	    SHA_CRYPT_MIN_ROUNDS</phrase>
+ 	    <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
+@@ -451,32 +357,6 @@
+ 	  </para>
+ 	</listitem>
+       </varlistentry>
+-      <varlistentry>
+-	<term>su</term>
+-	<listitem>
+-	  <para>
+-	    <phrase condition="no_pam">CONSOLE</phrase>
+-	    CONSOLE_GROUPS DEFAULT_HOME
+-	    <phrase condition="no_pam">ENV_HZ ENVIRON_FILE</phrase>
+-	    ENV_PATH ENV_SUPATH
+-	    <phrase condition="no_pam">ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
+-	    MAIL_DIR MAIL_FILE QUOTAS_ENAB</phrase>
+-	    SULOG_FILE SU_NAME
+-	    <phrase condition="no_pam">SU_WHEEL_ONLY</phrase>
+-	    SYSLOG_SU_ENAB
+-	    <phrase condition="no_pam">USERGROUPS_ENAB</phrase>
+-	  </para>
+-	</listitem>
+-      </varlistentry>
+-      <varlistentry condition="no_pam">
+-	<term>sulogin</term>
+-	<listitem>
+-	  <para>
+-	    ENV_HZ
+-	    ENV_TZ
+-	  </para>
+-	</listitem>
+-      </varlistentry>
+       <varlistentry>
+ 	<term>useradd</term>
+ 	<listitem>
+@@ -505,24 +385,6 @@
+ 	  </para>
+ 	</listitem>
+       </varlistentry>
+-      <varlistentry>
+-	<term>usermod</term>
+-	<listitem>
+-	  <para>
+-	    LASTLOG_UID_MAX
+-	    MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP
+-	    <phrase condition="tcb">TCB_SYMLINKS USE_TCB</phrase>
+-	  </para>
+-	</listitem>
+-      </varlistentry>
+-      <varlistentry condition="tcb">
+-	<term>vipw</term>
+-	<listitem>
+-	  <para>
+-	    <phrase condition="tcb">USE_TCB</phrase>
+-	  </para>
+-	</listitem>
+-      </varlistentry>
+     </variablelist>
+   </refsect1>
+ 
+-- 
+2.44.0
+
diff --git a/srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch b/srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch
new file mode 100644
index 00000000000000..9f90710bcbb5ce
--- /dev/null
+++ b/srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch
@@ -0,0 +1,721 @@
+etc/pam.d/Makefile.am:
+Disable installation of PAM integration for chfn, chsh and login tools
+as they are provided by util-linux.
+
+man/Makefile.am, man/*/Makefile.am:
+Disable man pages for chfn, chsh, login, logoutd, newgrp, nologin, vigr,
+vipw and su as they are either no longer used or replaced by util-linux.
+
+src/Makefile.am:
+Set usbindir to use bin instead of sbin, as Void Linux is a /usr and bin
+merge distribution.
+Remove the use of login, nologin, chfn, chsh, logoutd, vipw and vigr, as
+they are either not used or replaced by util-linux.
+Move newgrp to replace sg (instead of it being a symlink).
+---
+ etc/pam.d/Makefile.am |  3 ---
+ man/Makefile.am       | 20 +++-----------------
+ man/cs/Makefile.am    |  8 ++------
+ man/da/Makefile.am    |  8 +-------
+ man/de/Makefile.am    | 11 +----------
+ man/fi/Makefile.am    |  5 +----
+ man/fr/Makefile.am    | 11 +----------
+ man/hu/Makefile.am    |  6 +-----
+ man/id/Makefile.am    |  2 --
+ man/it/Makefile.am    | 11 +----------
+ man/ja/Makefile.am    | 10 +---------
+ man/ko/Makefile.am    |  8 +-------
+ man/pl/Makefile.am    |  7 +------
+ man/ru/Makefile.am    | 11 +----------
+ man/sv/Makefile.am    |  8 +-------
+ man/tr/Makefile.am    |  3 ---
+ man/uk/Makefile.am    | 11 +----------
+ man/zh_CN/Makefile.am | 11 +----------
+ man/zh_TW/Makefile.am |  4 ----
+ src/Makefile.am       | 18 +++++++-----------
+ 20 files changed, 25 insertions(+), 151 deletions(-)
+
+diff --git a/etc/pam.d/Makefile.am b/etc/pam.d/Makefile.am
+index b8e4321f..73d4554f 100644
+--- a/etc/pam.d/Makefile.am
++++ b/etc/pam.d/Makefile.am
+@@ -3,10 +3,7 @@
+ 
+ pamd_files = \
+ 	chpasswd \
+-	chfn \
+-	chsh \
+ 	groupmems \
+-	login \
+ 	newusers \
+ 	passwd
+ 
+diff --git a/man/Makefile.am b/man/Makefile.am
+index cffef699..f57e476d 100644
+--- a/man/Makefile.am
++++ b/man/Makefile.am
+@@ -8,10 +8,8 @@ endif
+ 
+ man_MANS = \
+ 	man1/chage.1 \
+-	man1/chfn.1 \
+ 	man8/chgpasswd.8 \
+ 	man8/chpasswd.8 \
+-	man1/chsh.1 \
+ 	man1/expiry.1 \
+ 	man5/faillog.5 \
+ 	man8/faillog.8 \
+@@ -26,12 +24,9 @@ man_MANS = \
+ 	man8/grpconv.8 \
+ 	man8/grpunconv.8 \
+ 	man5/gshadow.5 \
+-	man1/login.1 \
++	man8/lastlog.8 \
+ 	man5/login.defs.5 \
+-	man8/logoutd.8 \
+-	man1/newgrp.1 \
+ 	man8/newusers.8 \
+-	man8/nologin.8 \
+ 	man1/passwd.1 \
+ 	man5/passwd.5 \
+ 	man8/pwck.8 \
+@@ -43,9 +38,7 @@ man_MANS = \
+ 	man5/suauth.5 \
+ 	man8/useradd.8 \
+ 	man8/userdel.8 \
+-	man8/usermod.8 \
+-	man8/vigr.8 \
+-	man8/vipw.8
++	man8/usermod.8
+ 
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+@@ -77,10 +70,8 @@ endif
+ 
+ man_XMANS = \
+ 	chage.1.xml \
+-	chfn.1.xml \
+ 	chgpasswd.8.xml \
+ 	chpasswd.8.xml \
+-	chsh.1.xml \
+ 	expiry.1.xml \
+ 	faillog.5.xml \
+ 	faillog.8.xml \
+@@ -94,12 +85,9 @@ man_XMANS = \
+ 	grpck.8.xml \
+ 	gshadow.5.xml \
+ 	limits.5.xml \
+-	login.1.xml \
+ 	login.access.5.xml \
+ 	login.defs.5.xml \
+-	logoutd.8.xml \
+ 	newgidmap.1.xml \
+-	newgrp.1.xml \
+ 	newuidmap.1.xml \
+ 	newusers.8.xml \
+ 	nologin.8.xml \
+@@ -111,14 +99,12 @@ man_XMANS = \
+ 	shadow.3.xml \
+ 	shadow.5.xml \
+ 	sg.1.xml \
+-	su.1.xml \
+ 	suauth.5.xml \
+ 	subgid.5.xml \
+ 	subuid.5.xml \
+ 	useradd.8.xml \
+ 	userdel.8.xml \
+-	usermod.8.xml \
+-	vipw.8.xml
++	usermod.8.xml
+ 
+ if ENABLE_LASTLOG
+ man_XMANS += lastlog.8.xml
+diff --git a/man/cs/Makefile.am b/man/cs/Makefile.am
+index 84407d71..c5ef7cf5 100644
+--- a/man/cs/Makefile.am
++++ b/man/cs/Makefile.am
+@@ -12,11 +12,8 @@ man_MANS = \
+ 	man1/groups.1 \
+ 	man8/grpck.8 \
+ 	man5/gshadow.5 \
+-	man8/nologin.8 \
+ 	man5/passwd.5 \
+-	man5/shadow.5 \
+-	man1/su.1 \
+-	man8/vipw.8
++	man5/shadow.5
+ 
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+@@ -24,6 +21,5 @@ endif
+ 
+ EXTRA_DIST = $(man_MANS) \
+ 	man1/id.1 \
+-	man8/groupmems.8 \
+-	man8/logoutd.8
++	man8/groupmems.8
+ 
+diff --git a/man/da/Makefile.am b/man/da/Makefile.am
+index a3b09224..e45bef66 100644
+--- a/man/da/Makefile.am
++++ b/man/da/Makefile.am
+@@ -3,16 +3,10 @@ mandir = @mandir@/da
+ 
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = \
+-	man1/chfn.1 \
+ 	man8/groupdel.8 \
+ 	man1/groups.1 \
+ 	man5/gshadow.5 \
+-	man8/logoutd.8 \
+-	man1/newgrp.1 \
+-	man8/nologin.8 \
+-	man1/sg.1 \
+-	man8/vigr.8 \
+-	man8/vipw.8
++	man1/sg.1
+ 
+ man_nopam = 
+ 
+diff --git a/man/de/Makefile.am b/man/de/Makefile.am
+index 671432d3..333d5524 100644
+--- a/man/de/Makefile.am
++++ b/man/de/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/de
+ 
+ man_MANS = \
+ 	man1/chage.1 \
+-	man1/chfn.1 \
+ 	man8/chgpasswd.8 \
+ 	man8/chpasswd.8 \
+-	man1/chsh.1 \
+ 	man1/expiry.1 \
+ 	man5/faillog.5 \
+ 	man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ 	man8/grpconv.8 \
+ 	man8/grpunconv.8 \
+ 	man5/gshadow.5 \
+-	man1/login.1 \
+ 	man5/login.defs.5 \
+-	man8/logoutd.8 \
+-	man1/newgrp.1 \
+ 	man8/newusers.8 \
+-	man8/nologin.8 \
+ 	man1/passwd.1 \
+ 	man5/passwd.5 \
+ 	man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ 	man1/sg.1 \
+ 	man3/shadow.3 \
+ 	man5/shadow.5 \
+-	man1/su.1 \
+ 	man5/suauth.5 \
+ 	man8/useradd.8 \
+ 	man8/userdel.8 \
+-	man8/usermod.8 \
+-	man8/vigr.8 \
+-	man8/vipw.8
++	man8/usermod.8
+ 
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/fi/Makefile.am b/man/fi/Makefile.am
+index 26a1a848..f02b92f3 100644
+--- a/man/fi/Makefile.am
++++ b/man/fi/Makefile.am
+@@ -1,10 +1,7 @@
+ 
+ mandir = @mandir@/fi
+ 
+-man_MANS = \
+-	man1/chfn.1 \
+-	man1/chsh.1 \
+-	man1/su.1
++man_MANS =
+ 
+ # Outdated manpages
+ #	passwd.1 (https://bugs.launchpad.net/ubuntu/+bug/384024)
+diff --git a/man/fr/Makefile.am b/man/fr/Makefile.am
+index 335e0298..9962c038 100644
+--- a/man/fr/Makefile.am
++++ b/man/fr/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/fr
+ 
+ man_MANS = \
+ 	man1/chage.1 \
+-	man1/chfn.1 \
+ 	man8/chgpasswd.8 \
+ 	man8/chpasswd.8 \
+-	man1/chsh.1 \
+ 	man1/expiry.1 \
+ 	man5/faillog.5 \
+ 	man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ 	man8/grpconv.8 \
+ 	man8/grpunconv.8 \
+ 	man5/gshadow.5 \
+-	man1/login.1 \
+ 	man5/login.defs.5 \
+-	man8/logoutd.8 \
+-	man1/newgrp.1 \
+ 	man8/newusers.8 \
+-	man8/nologin.8 \
+ 	man1/passwd.1 \
+ 	man5/passwd.5 \
+ 	man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ 	man1/sg.1 \
+ 	man3/shadow.3 \
+ 	man5/shadow.5 \
+-	man1/su.1 \
+ 	man5/suauth.5 \
+ 	man8/useradd.8 \
+ 	man8/userdel.8 \
+-	man8/usermod.8 \
+-	man8/vigr.8 \
+-	man8/vipw.8
++	man8/usermod.8
+ 
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/hu/Makefile.am b/man/hu/Makefile.am
+index 205bb0a8..3d813179 100644
+--- a/man/hu/Makefile.am
++++ b/man/hu/Makefile.am
+@@ -2,15 +2,11 @@
+ mandir = @mandir@/hu
+ 
+ man_MANS = \
+-	man1/chsh.1 \
+ 	man1/gpasswd.1 \
+ 	man1/groups.1 \
+-	man1/login.1 \
+-	man1/newgrp.1 \
+ 	man1/passwd.1 \
+ 	man5/passwd.5 \
+-	man1/sg.1 \
+-	man1/su.1
++	man1/sg.1
+ 
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/id/Makefile.am b/man/id/Makefile.am
+index 21f3dbe9..6d10b930 100644
+--- a/man/id/Makefile.am
++++ b/man/id/Makefile.am
+@@ -2,8 +2,6 @@
+ mandir = @mandir@/id
+ 
+ man_MANS = \
+-	man1/chsh.1 \
+-	man1/login.1 \
+ 	man8/useradd.8
+ 
+ EXTRA_DIST = $(man_MANS)
+diff --git a/man/it/Makefile.am b/man/it/Makefile.am
+index b76187fa..1f62e20e 100644
+--- a/man/it/Makefile.am
++++ b/man/it/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/it
+ 
+ man_MANS = \
+ 	man1/chage.1 \
+-	man1/chfn.1 \
+ 	man8/chgpasswd.8 \
+ 	man8/chpasswd.8 \
+-	man1/chsh.1 \
+ 	man1/expiry.1 \
+ 	man5/faillog.5 \
+ 	man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ 	man8/grpconv.8 \
+ 	man8/grpunconv.8 \
+ 	man5/gshadow.5 \
+-	man1/login.1 \
+ 	man5/login.defs.5 \
+-	man8/logoutd.8 \
+-	man1/newgrp.1 \
+ 	man8/newusers.8 \
+-	man8/nologin.8 \
+ 	man1/passwd.1 \
+ 	man5/passwd.5 \
+ 	man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ 	man1/sg.1 \
+ 	man3/shadow.3 \
+ 	man5/shadow.5 \
+-	man1/su.1 \
+ 	man5/suauth.5 \
+ 	man8/useradd.8 \
+ 	man8/userdel.8 \
+-	man8/usermod.8 \
+-	man8/vigr.8 \
+-	man8/vipw.8
++	man8/usermod.8
+ 
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/ja/Makefile.am b/man/ja/Makefile.am
+index 13f18da1..3401a085 100644
+--- a/man/ja/Makefile.am
++++ b/man/ja/Makefile.am
+@@ -3,9 +3,7 @@ mandir = @mandir@/ja
+ 
+ man_MANS = \
+ 	man1/chage.1 \
+-	man1/chfn.1 \
+ 	man8/chpasswd.8 \
+-	man1/chsh.1 \
+ 	man1/expiry.1 \
+ 	man5/faillog.5 \
+ 	man8/faillog.8 \
+@@ -17,10 +15,7 @@ man_MANS = \
+ 	man8/grpck.8 \
+ 	man8/grpconv.8 \
+ 	man8/grpunconv.8 \
+-	man1/login.1 \
+ 	man5/login.defs.5 \
+-	man8/logoutd.8 \
+-	man1/newgrp.1 \
+ 	man8/newusers.8 \
+ 	man1/passwd.1 \
+ 	man5/passwd.5 \
+@@ -29,13 +24,10 @@ man_MANS = \
+ 	man8/pwunconv.8 \
+ 	man1/sg.1 \
+ 	man5/shadow.5 \
+-	man1/su.1 \
+ 	man5/suauth.5 \
+ 	man8/useradd.8 \
+ 	man8/userdel.8 \
+-	man8/usermod.8 \
+-	man8/vigr.8 \
+-	man8/vipw.8
++	man8/usermod.8
+ 
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/ko/Makefile.am b/man/ko/Makefile.am
+index c269f0bb..9616cb3e 100644
+--- a/man/ko/Makefile.am
++++ b/man/ko/Makefile.am
+@@ -2,14 +2,8 @@
+ mandir = @mandir@/ko
+ 
+ man_MANS = \
+-	man1/chfn.1 \
+-	man1/chsh.1 \
+ 	man1/groups.1 \
+-	man1/login.1 \
+-	man5/passwd.5 \
+-	man1/su.1 \
+-	man8/vigr.8 \
+-	man8/vipw.8
++	man5/passwd.5
+ # newgrp.1 must be updated
+ #	newgrp.1
+ 
+diff --git a/man/pl/Makefile.am b/man/pl/Makefile.am
+index b2f096f7..00817d37 100644
+--- a/man/pl/Makefile.am
++++ b/man/pl/Makefile.am
+@@ -4,7 +4,6 @@ mandir = @mandir@/pl
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = \
+ 	man1/chage.1 \
+-	man1/chsh.1 \
+ 	man1/expiry.1 \
+ 	man5/faillog.5 \
+ 	man8/faillog.8 \
+@@ -15,14 +14,10 @@ man_MANS = \
+ 	man8/groupmod.8 \
+ 	man1/groups.1 \
+ 	man8/grpck.8 \
+-	man8/logoutd.8 \
+-	man1/newgrp.1 \
+ 	man1/sg.1 \
+ 	man3/shadow.3 \
+ 	man8/userdel.8 \
+-	man8/usermod.8 \
+-	man8/vigr.8 \
+-	man8/vipw.8
++	man8/usermod.8
+ 
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/ru/Makefile.am b/man/ru/Makefile.am
+index 84d55d9e..b65f4881 100644
+--- a/man/ru/Makefile.am
++++ b/man/ru/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/ru
+ 
+ man_MANS = \
+ 	man1/chage.1 \
+-	man1/chfn.1 \
+ 	man8/chgpasswd.8 \
+ 	man8/chpasswd.8 \
+-	man1/chsh.1 \
+ 	man1/expiry.1 \
+ 	man5/faillog.5 \
+ 	man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ 	man8/grpconv.8 \
+ 	man8/grpunconv.8 \
+ 	man5/gshadow.5 \
+-	man1/login.1 \
+ 	man5/login.defs.5 \
+-	man8/logoutd.8 \
+-	man1/newgrp.1 \
+ 	man8/newusers.8 \
+-	man8/nologin.8 \
+ 	man1/passwd.1 \
+ 	man5/passwd.5 \
+ 	man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ 	man1/sg.1 \
+ 	man3/shadow.3 \
+ 	man5/shadow.5 \
+-	man1/su.1 \
+ 	man5/suauth.5 \
+ 	man8/useradd.8 \
+ 	man8/userdel.8 \
+-	man8/usermod.8 \
+-	man8/vigr.8 \
+-	man8/vipw.8
++	man8/usermod.8
+ 
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/sv/Makefile.am b/man/sv/Makefile.am
+index 70329edf..58fa80e5 100644
+--- a/man/sv/Makefile.am
++++ b/man/sv/Makefile.am
+@@ -3,7 +3,6 @@ mandir = @mandir@/sv
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = \
+ 	man1/chage.1 \
+-	man1/chsh.1 \
+ 	man1/expiry.1 \
+ 	man5/faillog.5 \
+ 	man8/faillog.8 \
+@@ -15,18 +14,13 @@ man_MANS = \
+ 	man1/groups.1 \
+ 	man8/grpck.8 \
+ 	man5/gshadow.5 \
+-	man8/logoutd.8 \
+-	man1/newgrp.1 \
+-	man8/nologin.8 \
+ 	man1/passwd.1 \
+ 	man5/passwd.5 \
+ 	man8/pwck.8 \
+ 	man1/sg.1 \
+ 	man3/shadow.3 \
+ 	man5/suauth.5 \
+-	man8/userdel.8 \
+-	man8/vigr.8 \
+-	man8/vipw.8
++	man8/userdel.8
+ 
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/tr/Makefile.am b/man/tr/Makefile.am
+index 8d8b9166..4fe3632a 100644
+--- a/man/tr/Makefile.am
++++ b/man/tr/Makefile.am
+@@ -2,15 +2,12 @@ mandir = @mandir@/tr
+ 
+ man_MANS = \
+ 	man1/chage.1 \
+-	man1/chfn.1 \
+ 	man8/groupadd.8 \
+ 	man8/groupdel.8 \
+ 	man8/groupmod.8 \
+-	man1/login.1 \
+ 	man1/passwd.1 \
+ 	man5/passwd.5 \
+ 	man5/shadow.5 \
+-	man1/su.1 \
+ 	man8/useradd.8 \
+ 	man8/userdel.8 \
+ 	man8/usermod.8
+diff --git a/man/uk/Makefile.am b/man/uk/Makefile.am
+index 3fb5ffb3..e13c8fee 100644
+--- a/man/uk/Makefile.am
++++ b/man/uk/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/uk
+ 
+ man_MANS = \
+ 	man1/chage.1 \
+-	man1/chfn.1 \
+ 	man8/chgpasswd.8 \
+ 	man8/chpasswd.8 \
+-	man1/chsh.1 \
+ 	man1/expiry.1 \
+ 	man5/faillog.5 \
+ 	man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ 	man8/grpconv.8 \
+ 	man8/grpunconv.8 \
+ 	man5/gshadow.5 \
+-	man1/login.1 \
+ 	man5/login.defs.5 \
+-	man8/logoutd.8 \
+-	man1/newgrp.1 \
+ 	man8/newusers.8 \
+-	man8/nologin.8 \
+ 	man1/passwd.1 \
+ 	man5/passwd.5 \
+ 	man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ 	man1/sg.1 \
+ 	man3/shadow.3 \
+ 	man5/shadow.5 \
+-	man1/su.1 \
+ 	man5/suauth.5 \
+ 	man8/useradd.8 \
+ 	man8/userdel.8 \
+-	man8/usermod.8 \
+-	man8/vigr.8 \
+-	man8/vipw.8
++	man8/usermod.8
+ 
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/zh_CN/Makefile.am b/man/zh_CN/Makefile.am
+index a8b93a56..42ad764d 100644
+--- a/man/zh_CN/Makefile.am
++++ b/man/zh_CN/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/zh_CN
+ 
+ man_MANS = \
+ 	man1/chage.1 \
+-	man1/chfn.1 \
+ 	man8/chgpasswd.8 \
+ 	man8/chpasswd.8 \
+-	man1/chsh.1 \
+ 	man1/expiry.1 \
+ 	man5/faillog.5 \
+ 	man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ 	man8/grpconv.8 \
+ 	man8/grpunconv.8 \
+ 	man5/gshadow.5 \
+-	man1/login.1 \
+ 	man5/login.defs.5 \
+-	man8/logoutd.8 \
+-	man1/newgrp.1 \
+ 	man8/newusers.8 \
+-	man8/nologin.8 \
+ 	man1/passwd.1 \
+ 	man5/passwd.5 \
+ 	man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ 	man1/sg.1 \
+ 	man3/shadow.3 \
+ 	man5/shadow.5 \
+-	man1/su.1 \
+ 	man5/suauth.5 \
+ 	man8/useradd.8 \
+ 	man8/userdel.8 \
+-	man8/usermod.8 \
+-	man8/vigr.8 \
+-	man8/vipw.8
++	man8/usermod.8
+ 
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/zh_TW/Makefile.am b/man/zh_TW/Makefile.am
+index c36ed2c7..26696b67 100644
+--- a/man/zh_TW/Makefile.am
++++ b/man/zh_TW/Makefile.am
+@@ -2,15 +2,11 @@
+ mandir = @mandir@/zh_TW
+ 
+ man_MANS = \
+-	man1/chfn.1 \
+-	man1/chsh.1 \
+ 	man8/chpasswd.8 \
+-	man1/newgrp.1 \
+ 	man8/groupadd.8 \
+ 	man8/groupdel.8 \
+ 	man8/groupmod.8 \
+ 	man5/passwd.5 \
+-	man1/su.1 \
+ 	man8/useradd.8 \
+ 	man8/userdel.8 \
+ 	man8/usermod.8
+diff --git a/src/Makefile.am b/src/Makefile.am
+index b6cb09ef..bfe73b09 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -3,7 +3,7 @@ EXTRA_DIST = \
+ 	.indent.pro
+ 
+ ubindir = ${prefix}/bin
+-usbindir = ${prefix}/sbin
++usbindir = ${prefix}/bin
+ suidperms = 4755
+ sgidperms = 2755
+ 
+@@ -26,9 +26,9 @@ AM_CFLAGS = $(LIBBSD_CFLAGS)
+ # and installation would be much simpler (just two directories,
+ # $prefix/bin and $prefix/sbin, no install-data hacks...)
+ 
+-bin_PROGRAMS   = groups login
+-sbin_PROGRAMS  = nologin
+-ubin_PROGRAMS  = faillog chage chfn chsh expiry gpasswd newgrp passwd
++bin_PROGRAMS   = groups
++sbin_PROGRAMS  =
++ubin_PROGRAMS  = faillog lastlog chage expiry gpasswd newgrp passwd
+ if ENABLE_SUBIDS
+ ubin_PROGRAMS += newgidmap newuidmap
+ endif
+@@ -48,22 +48,20 @@ usbin_PROGRAMS = \
+ 	grpck \
+ 	grpconv \
+ 	grpunconv \
+-	logoutd \
+ 	newusers \
+ 	pwck \
+ 	pwconv \
+ 	pwunconv \
+ 	useradd \
+ 	userdel \
+-	usermod \
+-	vipw
++	usermod
+ 
+ # id and groups are from gnu, sulogin from sysvinit
+ noinst_PROGRAMS = id sulogin
+ 
+ suidusbins     =
+ suidbins       =
+-suidubins      = chage chfn chsh expiry gpasswd newgrp
++suidubins      = chage expiry gpasswd newgrp
+ if WITH_SU
+ suidbins      += su
+ endif
+@@ -135,18 +133,16 @@ sulogin_LDADD  = $(LDADD) $(LIBCRYPT) $(LIBECONF)
+ useradd_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl
+ userdel_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF) -ldl
+ usermod_LDADD  = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl
+-vipw_LDADD     = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
+ 
+ install-am: all-am
+ 	$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+-	ln -sf newgrp	$(DESTDIR)$(ubindir)/sg
+-	ln -sf vipw	$(DESTDIR)$(usbindir)/vigr
+ 	set -e; for i in $(suidbins); do \
+ 		chmod $(suidperms) $(DESTDIR)$(bindir)/$$i; \
+ 	done
+ 	set -e; for i in $(suidubins); do \
+ 		chmod $(suidperms) $(DESTDIR)$(ubindir)/$$i; \
+ 	done
++	mv -v $(DESTDIR)$(ubindir)/newgrp	$(DESTDIR)$(ubindir)/sg
+ 	set -e; for i in $(suidusbins); do \
+ 		chmod $(suidperms) $(DESTDIR)$(usbindir)/$$i; \
+ 	done
+-- 
+2.44.0
+
diff --git a/srcpkgs/shadow/patches/disable-ruserok.patch b/srcpkgs/shadow/patches/disable-ruserok.patch
new file mode 100644
index 00000000000000..dcc1a9f72333c8
--- /dev/null
+++ b/srcpkgs/shadow/patches/disable-ruserok.patch
@@ -0,0 +1,12 @@
+--- a/configure
++++ b/configure
+@@ -15825,9 +15825,6 @@ if test "$ac_cv_func_ruserok" = "yes"; then
+ 
+ printf "%s\n" "#define RLOGIN 1" >>confdefs.h
+ 
+-
+-printf "%s\n" "#define RUSEROK 0" >>confdefs.h
+-
+ fi
+ 
+ # Check whether --enable-shadowgrp was given.
diff --git a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch b/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
deleted file mode 100644
index c5564fffdc3852..00000000000000
--- a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
+++ /dev/null
@@ -1,23 +0,0 @@
---- a/src/usermod.c	2012-02-13 08:19:43.792146449 -0500
-+++ b/src/usermod.c	2012-02-13 08:21:19.375114500 -0500
-@@ -182,7 +182,7 @@
-	struct tm *tp;
-
-	if (date < 0) {
--		strncpy (buf, "never", maxsize);
-+		strncpy (buf, "never", maxsize - 1);
-	} else {
-		time_t t = (time_t) date;
-		tp = gmtime (&t);
---- a/src/login.c	2012-02-13 08:19:50.951994454 -0500
-+++ b/src/login.c	2012-02-13 08:21:04.490430937 -0500
-@@ -752,7 +752,8 @@
- 			          _("%s login: "), hostn);
- 		} else {
- 			strncpy (loginprompt, _("login: "),
--			         sizeof (loginprompt));
-+			         sizeof (loginprompt) - 1);
-+			loginprompt[sizeof (loginprompt) - 1] = '\0';
- 		}
- 
- 		retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
diff --git a/srcpkgs/shadow/patches/useradd-defaults.patch b/srcpkgs/shadow/patches/useradd-defaults.patch
new file mode 100644
index 00000000000000..38035df40cfcab
--- /dev/null
+++ b/srcpkgs/shadow/patches/useradd-defaults.patch
@@ -0,0 +1,21 @@
+diff --git a/src/useradd.c b/src/useradd.c
+index 677ea5a636f..49f55211a17 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -87,14 +87,14 @@ const char *Prog;
+ /*
+  * These defaults are used if there is no defaults file.
+  */
+-static gid_t def_group = 1000;
++static gid_t def_group = 100;
+ static const char *def_groups = "";
+ static const char *def_gname = "other";
+ static const char *def_home = "/home";
+ static const char *def_shell = "/bin/bash";
+ static const char *def_template = SKEL_DIR;
+ static const char *def_usrtemplate = USRSKELDIR;
+-static const char *def_create_mail_spool = "yes";
++static const char *def_create_mail_spool = "no";
+ static const char *def_log_init = "yes";
+
+ static long def_inactive = -1;
diff --git a/srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch b/srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch
new file mode 100644
index 00000000000000..fc0f5aa6eb1e93
--- /dev/null
+++ b/srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch
@@ -0,0 +1,43 @@
+etc/login.defs:
+- Change `ENV_SUPATH` and `ENV_SUPATH` to only use
+  /usr/local/sbin:/usr/local/bin:/usr/bin as Void is a /usr and
+  bin merge distribution.
+- Set `HOME_MODE` to `0700` to be able to rely on a `UMASK` of `022`
+  while creating home directories in a privacy conserving manner.
+- Change ENCRYPT_METHOD to YESCRYPT as it is a safer hashing algorithm
+  than DES.
+---
+
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -55,8 +55,8 @@ HUSHLOGIN_FILE	.hushlogin
+ # *REQUIRED*  The default PATH settings, for superuser and normal users.
+ #
+ # (they are minimal, add the rest in the shell startup files)
+-ENV_SUPATH	PATH=/sbin:/bin:/usr/sbin:/usr/bin
+-ENV_PATH	PATH=/bin:/usr/bin
++ENV_SUPATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
++ENV_PATH	PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+ 
+ #
+ # Terminal permissions
+@@ -84,7 +84,7 @@ UMASK		022
+ # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+ # home directories.
+ # If HOME_MODE is not set, the value of UMASK is used to create the mode.
+-#HOME_MODE	0700
++HOME_MODE	0700
+ 
+ #
+ # Password aging controls:
+@@ -152,7 +152,7 @@ CHFN_RESTRICT		rwh
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+-#ENCRYPT_METHOD DES
++ENCRYPT_METHOD YESCRYPT
+ 
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+-- 
+2.44.0
diff --git a/srcpkgs/shadow/patches/xstrdup.patch b/srcpkgs/shadow/patches/xstrdup.patch
deleted file mode 100644
index 562febcf4164f1..00000000000000
--- a/srcpkgs/shadow/patches/xstrdup.patch
+++ /dev/null
@@ -1,9 +0,0 @@
---- a/libmisc/xmalloc.c	2008-08-30 21:55:44.000000000 -0500
-+++ b/libmisc/xmalloc.c.new	2008-08-30 21:55:36.000000000 -0500
-@@ -61,5 +61,6 @@
- 
- char *xstrdup (const char *str)
- {
-+	if(str == NULL) return NULL;
- 	return strcpy (xmalloc (strlen (str) + 1), str);
- }
diff --git a/srcpkgs/shadow/template b/srcpkgs/shadow/template
index c7ece33540c9a0..7d1bedf714edad 100644
--- a/srcpkgs/shadow/template
+++ b/srcpkgs/shadow/template
@@ -1,45 +1,52 @@
 # Template file for 'shadow'
 pkgname=shadow
-version=4.8.1
-revision=3
+version=4.15.0
+revision=1
 build_style=gnu-configure
-configure_args="--bindir=/usr/bin --sbindir=/usr/bin
- --enable-shared --disable-static
- --with-libpam --without-selinux --with-acl --with-attr --without-su
- --disable-nls --enable-subordinate-ids --disable-account-tools-setuid
- --with-group-name-max-length=32"
-hostmakedepends="libtool"
-makedepends="acl-devel pam-devel"
+configure_args="--bindir=/usr/bin --sbindir=/usr/bin --libdir=/usr/lib
+ --enable-shared --disable-static --enable-lastlog --with-libpam
+ --with-yescrypt --without-selinux --with-acl --with-attr --without-su
+ --disable-nls --without-bcrypt --enable-subordinate-ids
+ --disable-account-tools-setuid --with-group-name-max-length=32"
+hostmakedepends="libtool pkg-config"
+makedepends="acl-devel pam-devel libbsd-devel"
 depends="pam"
 short_desc="Shadow password file utilities"
 maintainer="Enno Boland <gottox@voidlinux.org>"
 license="BSD-3-Clause"
 homepage="https://github.com/shadow-maint/shadow"
 distfiles="${homepage}/releases/download/${version}/shadow-${version}.tar.xz"
-checksum=a3ad4630bdc41372f02a647278a8c3514844295d36eefe68ece6c3a641c1ae62
-conf_files="/etc/pam.d/* /etc/default/* /etc/login.defs"
+checksum=e2e22c1b2a6241c9ed828387f1065b7eaa2e87c3d221550d1575cf6a35247c0d
+conf_files="
+ /etc/pam.d/chage
+ /etc/pam.d/chgpasswd
+ /etc/pam.d/chpasswd
+ /etc/pam.d/groupadd
+ /etc/pam.d/groupdel
+ /etc/pam.d/groupmems
+ /etc/pam.d/groupmod
+ /etc/pam.d/newusers
+ /etc/pam.d/passwd
+ /etc/pam.d/useradd
+ /etc/pam.d/userdel
+ /etc/pam.d/usermod"
 
 if [ "$XBPS_TARGET_LIBC" = "glibc" ]; then
 	makedepends+=" libxcrypt-devel"
 fi
 
-pre_configure() {
-	case "$XBPS_TARGET_MACHINE" in
-		# Completely disable unportable ruserok().
-		*-musl) sed '/RUSEROK/d' -i configure;;
-	esac
-}
-
 do_build() {
 	# Don't install groups(1), we use the one from coreutils.
-	sed -i 's/groups$(EXEEXT) //' src/Makefile
-	for f in $(find man -name Makefile); do
+	sed -i 's/groups$(EXEEXT) //' src/Makefile.in
+	for f in $(find man -name Makefile.in); do
 		sed -i 's/groups\.1 / /' $f
 	done
 	make ${makejobs}
 }
 
 post_install() {
+	make -C man DESTDIR="$DESTDIR" install-man
+
 	mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin
 
 	# Install our pam files not the ones supplied with shadow.
@@ -51,14 +58,6 @@ post_install() {
 		 groupmod newusers useradd userdel usermod; do
 		install -m644 $DESTDIR/etc/pam.d/chage $DESTDIR/etc/pam.d/${f}
 	done
-	install -m644 ${FILESDIR}/login.defs ${DESTDIR}/etc
-
-	# Disable creating mailbox files by default.
-	sed -i -e 's/yes/no/' $DESTDIR/etc/default/useradd
-	# Change default group to the users gid (100).
-	sed -i -e 's/^\(GROUP\)=\(.*\)$/\1=100/' ${DESTDIR}/etc/default/useradd
-
-	chmod 644 ${DESTDIR}/etc/default/useradd
 
 	# Install the cron daily job.
 	install -Dm744 ${FILESDIR}/shadow.cron-daily \