* [PR PATCH] shadow: update to 4.14.5.
@ 2024-02-18 12:12 dataCobra
2024-02-18 12:22 ` [PR PATCH] [Updated] " dataCobra
` (69 more replies)
0 siblings, 70 replies; 71+ messages in thread
From: dataCobra @ 2024-02-18 12:12 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 605 bytes --]
There is a new pull request by dataCobra against master on the void-packages repository
https://github.com/dataCobra/void-packages shadow
https://github.com/void-linux/void-packages/pull/48813
shadow: update to 4.14.5.
#### Testing the changes
- I tested the changes in this PR: **Currently testing**
#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- x86_64-musl
- i686
A patch file from https://github.com/void-linux/void-packages/pull/48813.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-shadow-48813.patch --]
[-- Type: text/x-diff, Size: 6400 bytes --]
From 7ac7ef1b5fddfb18a7aa6aebfdb996b36b9ccdab Mon Sep 17 00:00:00 2001
From: Benedikt Brinkmann <datacobra@thinkbot.de>
Date: Sun, 18 Feb 2024 13:10:14 +0100
Subject: [PATCH] shadow: update to 4.14.5.
---
common/shlibs | 1 +
.../shadow/patches/shadow-strncpy-usage.patch | 23 -------------
srcpkgs/shadow/patches/useradd-defaults.patch | 21 ++++++++++++
srcpkgs/shadow/patches/xstrdup.patch | 9 -----
srcpkgs/shadow/template | 34 ++++++++-----------
5 files changed, 37 insertions(+), 51 deletions(-)
delete mode 100644 srcpkgs/shadow/patches/shadow-strncpy-usage.patch
create mode 100644 srcpkgs/shadow/patches/useradd-defaults.patch
delete mode 100644 srcpkgs/shadow/patches/xstrdup.patch
diff --git a/common/shlibs b/common/shlibs
index 3cf507d8ada87..eff6d3caf1f0d 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -4275,3 +4275,4 @@ libunicode_ucd.so.0.4 libunicode-0.4.0_1
libunicode_loader.so.0.4 libunicode-0.4.0_1
force-stage.so.0.1 void-force-stage-0.1_1
libliftoff.so.0 libliftoff-0.4.1_1
+libsubid.so.4 shadow-4.14.5_1
diff --git a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch b/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
deleted file mode 100644
index c5564fffdc385..0000000000000
--- a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
+++ /dev/null
@@ -1,23 +0,0 @@
---- a/src/usermod.c 2012-02-13 08:19:43.792146449 -0500
-+++ b/src/usermod.c 2012-02-13 08:21:19.375114500 -0500
-@@ -182,7 +182,7 @@
- struct tm *tp;
-
- if (date < 0) {
-- strncpy (buf, "never", maxsize);
-+ strncpy (buf, "never", maxsize - 1);
- } else {
- time_t t = (time_t) date;
- tp = gmtime (&t);
---- a/src/login.c 2012-02-13 08:19:50.951994454 -0500
-+++ b/src/login.c 2012-02-13 08:21:04.490430937 -0500
-@@ -752,7 +752,8 @@
- _("%s login: "), hostn);
- } else {
- strncpy (loginprompt, _("login: "),
-- sizeof (loginprompt));
-+ sizeof (loginprompt) - 1);
-+ loginprompt[sizeof (loginprompt) - 1] = '\0';
- }
-
- retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
diff --git a/srcpkgs/shadow/patches/useradd-defaults.patch b/srcpkgs/shadow/patches/useradd-defaults.patch
new file mode 100644
index 0000000000000..38035df40cfca
--- /dev/null
+++ b/srcpkgs/shadow/patches/useradd-defaults.patch
@@ -0,0 +1,21 @@
+diff --git a/src/useradd.c b/src/useradd.c
+index 677ea5a636f..49f55211a17 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -87,14 +87,14 @@ const char *Prog;
+ /*
+ * These defaults are used if there is no defaults file.
+ */
+-static gid_t def_group = 1000;
++static gid_t def_group = 100;
+ static const char *def_groups = "";
+ static const char *def_gname = "other";
+ static const char *def_home = "/home";
+ static const char *def_shell = "/bin/bash";
+ static const char *def_template = SKEL_DIR;
+ static const char *def_usrtemplate = USRSKELDIR;
+-static const char *def_create_mail_spool = "yes";
++static const char *def_create_mail_spool = "no";
+ static const char *def_log_init = "yes";
+
+ static long def_inactive = -1;
diff --git a/srcpkgs/shadow/patches/xstrdup.patch b/srcpkgs/shadow/patches/xstrdup.patch
deleted file mode 100644
index 562febcf4164f..0000000000000
--- a/srcpkgs/shadow/patches/xstrdup.patch
+++ /dev/null
@@ -1,9 +0,0 @@
---- a/libmisc/xmalloc.c 2008-08-30 21:55:44.000000000 -0500
-+++ b/libmisc/xmalloc.c.new 2008-08-30 21:55:36.000000000 -0500
-@@ -61,5 +61,6 @@
-
- char *xstrdup (const char *str)
- {
-+ if(str == NULL) return NULL;
- return strcpy (xmalloc (strlen (str) + 1), str);
- }
diff --git a/srcpkgs/shadow/template b/srcpkgs/shadow/template
index c7ece33540c9a..00e4568d0d491 100644
--- a/srcpkgs/shadow/template
+++ b/srcpkgs/shadow/template
@@ -1,23 +1,22 @@
# Template file for 'shadow'
pkgname=shadow
-version=4.8.1
-revision=3
+version=4.14.5
+revision=1
build_style=gnu-configure
configure_args="--bindir=/usr/bin --sbindir=/usr/bin
- --enable-shared --disable-static
- --with-libpam --without-selinux --with-acl --with-attr --without-su
- --disable-nls --enable-subordinate-ids --disable-account-tools-setuid
- --with-group-name-max-length=32"
-hostmakedepends="libtool"
-makedepends="acl-devel pam-devel"
+ --enable-shared --disable-static --with-libpam --without-selinux --with-acl
+ --with-attr --without-su --disable-nls --enable-subordinate-ids
+ --disable-account-tools-setuid --with-group-name-max-length=32"
+hostmakedepends="libtool pkg-config"
+makedepends="acl-devel pam-devel libbsd-devel"
depends="pam"
short_desc="Shadow password file utilities"
maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://github.com/shadow-maint/shadow"
distfiles="${homepage}/releases/download/${version}/shadow-${version}.tar.xz"
-checksum=a3ad4630bdc41372f02a647278a8c3514844295d36eefe68ece6c3a641c1ae62
-conf_files="/etc/pam.d/* /etc/default/* /etc/login.defs"
+checksum=cba74bc7b05d89c015afe23131f9159ece38779d40a8af4cf162852e6e85ca23
+conf_files="/etc/pam.d/* /etc/login.defs"
if [ "$XBPS_TARGET_LIBC" = "glibc" ]; then
makedepends+=" libxcrypt-devel"
@@ -32,14 +31,16 @@ pre_configure() {
do_build() {
# Don't install groups(1), we use the one from coreutils.
- sed -i 's/groups$(EXEEXT) //' src/Makefile
- for f in $(find man -name Makefile); do
+ sed -i 's/groups$(EXEEXT) //' src/Makefile.in
+ for f in $(find man -name Makefile.in); do
sed -i 's/groups\.1 / /' $f
done
make ${makejobs}
}
post_install() {
+ make -C man DESTDIR="$DESTDIR" install-man
+
mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin
# Install our pam files not the ones supplied with shadow.
@@ -53,13 +54,6 @@ post_install() {
done
install -m644 ${FILESDIR}/login.defs ${DESTDIR}/etc
- # Disable creating mailbox files by default.
- sed -i -e 's/yes/no/' $DESTDIR/etc/default/useradd
- # Change default group to the users gid (100).
- sed -i -e 's/^\(GROUP\)=\(.*\)$/\1=100/' ${DESTDIR}/etc/default/useradd
-
- chmod 644 ${DESTDIR}/etc/default/useradd
-
# Install the cron daily job.
install -Dm744 ${FILESDIR}/shadow.cron-daily \
${DESTDIR}/etc/cron.daily/shadow
@@ -70,6 +64,8 @@ post_install() {
# Remove utilities provided by util-linux and logoutd.
mv ${DESTDIR}/usr/bin/{newgrp,sg}
+ rm -rf $DESTDIR/lib64
+
rm \
$DESTDIR/usr/bin/{login,chsh,chfn} \
$DESTDIR/usr/bin/{nologin,logoutd,vipw,vigr}
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR PATCH] [Updated] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
@ 2024-02-18 12:22 ` dataCobra
2024-02-18 12:45 ` dataCobra
` (68 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-02-18 12:22 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 610 bytes --]
There is an updated pull request by dataCobra against master on the void-packages repository
https://github.com/dataCobra/void-packages shadow
https://github.com/void-linux/void-packages/pull/48813
shadow: update to 4.14.5.
#### Testing the changes
- I tested the changes in this PR: **Currently testing**
#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- x86_64-musl
- i686
A patch file from https://github.com/void-linux/void-packages/pull/48813.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-shadow-48813.patch --]
[-- Type: text/x-diff, Size: 6643 bytes --]
From 7ee6633b5d354033e5e769c42ae947305438cfc7 Mon Sep 17 00:00:00 2001
From: Benedikt Brinkmann <datacobra@thinkbot.de>
Date: Sun, 18 Feb 2024 13:21:56 +0100
Subject: [PATCH] shadow: update to 4.14.5.
---
common/shlibs | 1 +
.../shadow/patches/shadow-strncpy-usage.patch | 23 ---------
srcpkgs/shadow/patches/useradd-defaults.patch | 21 +++++++++
srcpkgs/shadow/patches/xstrdup.patch | 9 ----
srcpkgs/shadow/template | 47 +++++++++++--------
5 files changed, 50 insertions(+), 51 deletions(-)
delete mode 100644 srcpkgs/shadow/patches/shadow-strncpy-usage.patch
create mode 100644 srcpkgs/shadow/patches/useradd-defaults.patch
delete mode 100644 srcpkgs/shadow/patches/xstrdup.patch
diff --git a/common/shlibs b/common/shlibs
index 3cf507d8ada879..eff6d3caf1f0d5 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -4275,3 +4275,4 @@ libunicode_ucd.so.0.4 libunicode-0.4.0_1
libunicode_loader.so.0.4 libunicode-0.4.0_1
force-stage.so.0.1 void-force-stage-0.1_1
libliftoff.so.0 libliftoff-0.4.1_1
+libsubid.so.4 shadow-4.14.5_1
diff --git a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch b/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
deleted file mode 100644
index c5564fffdc3852..00000000000000
--- a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
+++ /dev/null
@@ -1,23 +0,0 @@
---- a/src/usermod.c 2012-02-13 08:19:43.792146449 -0500
-+++ b/src/usermod.c 2012-02-13 08:21:19.375114500 -0500
-@@ -182,7 +182,7 @@
- struct tm *tp;
-
- if (date < 0) {
-- strncpy (buf, "never", maxsize);
-+ strncpy (buf, "never", maxsize - 1);
- } else {
- time_t t = (time_t) date;
- tp = gmtime (&t);
---- a/src/login.c 2012-02-13 08:19:50.951994454 -0500
-+++ b/src/login.c 2012-02-13 08:21:04.490430937 -0500
-@@ -752,7 +752,8 @@
- _("%s login: "), hostn);
- } else {
- strncpy (loginprompt, _("login: "),
-- sizeof (loginprompt));
-+ sizeof (loginprompt) - 1);
-+ loginprompt[sizeof (loginprompt) - 1] = '\0';
- }
-
- retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
diff --git a/srcpkgs/shadow/patches/useradd-defaults.patch b/srcpkgs/shadow/patches/useradd-defaults.patch
new file mode 100644
index 00000000000000..38035df40cfcab
--- /dev/null
+++ b/srcpkgs/shadow/patches/useradd-defaults.patch
@@ -0,0 +1,21 @@
+diff --git a/src/useradd.c b/src/useradd.c
+index 677ea5a636f..49f55211a17 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -87,14 +87,14 @@ const char *Prog;
+ /*
+ * These defaults are used if there is no defaults file.
+ */
+-static gid_t def_group = 1000;
++static gid_t def_group = 100;
+ static const char *def_groups = "";
+ static const char *def_gname = "other";
+ static const char *def_home = "/home";
+ static const char *def_shell = "/bin/bash";
+ static const char *def_template = SKEL_DIR;
+ static const char *def_usrtemplate = USRSKELDIR;
+-static const char *def_create_mail_spool = "yes";
++static const char *def_create_mail_spool = "no";
+ static const char *def_log_init = "yes";
+
+ static long def_inactive = -1;
diff --git a/srcpkgs/shadow/patches/xstrdup.patch b/srcpkgs/shadow/patches/xstrdup.patch
deleted file mode 100644
index 562febcf4164f1..00000000000000
--- a/srcpkgs/shadow/patches/xstrdup.patch
+++ /dev/null
@@ -1,9 +0,0 @@
---- a/libmisc/xmalloc.c 2008-08-30 21:55:44.000000000 -0500
-+++ b/libmisc/xmalloc.c.new 2008-08-30 21:55:36.000000000 -0500
-@@ -61,5 +61,6 @@
-
- char *xstrdup (const char *str)
- {
-+ if(str == NULL) return NULL;
- return strcpy (xmalloc (strlen (str) + 1), str);
- }
diff --git a/srcpkgs/shadow/template b/srcpkgs/shadow/template
index c7ece33540c9a0..792e482350d9c7 100644
--- a/srcpkgs/shadow/template
+++ b/srcpkgs/shadow/template
@@ -1,23 +1,35 @@
# Template file for 'shadow'
pkgname=shadow
-version=4.8.1
-revision=3
+version=4.14.5
+revision=1
build_style=gnu-configure
configure_args="--bindir=/usr/bin --sbindir=/usr/bin
- --enable-shared --disable-static
- --with-libpam --without-selinux --with-acl --with-attr --without-su
- --disable-nls --enable-subordinate-ids --disable-account-tools-setuid
- --with-group-name-max-length=32"
-hostmakedepends="libtool"
-makedepends="acl-devel pam-devel"
+ --enable-shared --disable-static --with-libpam --without-selinux --with-acl
+ --with-attr --without-su --disable-nls --enable-subordinate-ids
+ --disable-account-tools-setuid --with-group-name-max-length=32"
+hostmakedepends="libtool pkg-config"
+makedepends="acl-devel pam-devel libbsd-devel"
depends="pam"
short_desc="Shadow password file utilities"
maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://github.com/shadow-maint/shadow"
distfiles="${homepage}/releases/download/${version}/shadow-${version}.tar.xz"
-checksum=a3ad4630bdc41372f02a647278a8c3514844295d36eefe68ece6c3a641c1ae62
-conf_files="/etc/pam.d/* /etc/default/* /etc/login.defs"
+checksum=cba74bc7b05d89c015afe23131f9159ece38779d40a8af4cf162852e6e85ca23
+conf_files="
+ /etc/pam.d/chage
+ /etc/pam.d/chgpasswd
+ /etc/pam.d/chpasswd
+ /etc/pam.d/groupadd
+ /etc/pam.d/groupdel
+ /etc/pam.d/groupmems
+ /etc/pam.d/groupmod
+ /etc/pam.d/newusers
+ /etc/pam.d/passwd
+ /etc/pam.d/useradd
+ /etc/pam.d/userdel
+ /etc/pam.d/usermod
+ /etc/login.defs"
if [ "$XBPS_TARGET_LIBC" = "glibc" ]; then
makedepends+=" libxcrypt-devel"
@@ -32,14 +44,16 @@ pre_configure() {
do_build() {
# Don't install groups(1), we use the one from coreutils.
- sed -i 's/groups$(EXEEXT) //' src/Makefile
- for f in $(find man -name Makefile); do
+ sed -i 's/groups$(EXEEXT) //' src/Makefile.in
+ for f in $(find man -name Makefile.in); do
sed -i 's/groups\.1 / /' $f
done
make ${makejobs}
}
post_install() {
+ make -C man DESTDIR="$DESTDIR" install-man
+
mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin
# Install our pam files not the ones supplied with shadow.
@@ -53,13 +67,6 @@ post_install() {
done
install -m644 ${FILESDIR}/login.defs ${DESTDIR}/etc
- # Disable creating mailbox files by default.
- sed -i -e 's/yes/no/' $DESTDIR/etc/default/useradd
- # Change default group to the users gid (100).
- sed -i -e 's/^\(GROUP\)=\(.*\)$/\1=100/' ${DESTDIR}/etc/default/useradd
-
- chmod 644 ${DESTDIR}/etc/default/useradd
-
# Install the cron daily job.
install -Dm744 ${FILESDIR}/shadow.cron-daily \
${DESTDIR}/etc/cron.daily/shadow
@@ -70,6 +77,8 @@ post_install() {
# Remove utilities provided by util-linux and logoutd.
mv ${DESTDIR}/usr/bin/{newgrp,sg}
+ rm -rf $DESTDIR/lib64
+
rm \
$DESTDIR/usr/bin/{login,chsh,chfn} \
$DESTDIR/usr/bin/{nologin,logoutd,vipw,vigr}
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR PATCH] [Updated] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
2024-02-18 12:22 ` [PR PATCH] [Updated] " dataCobra
@ 2024-02-18 12:45 ` dataCobra
2024-02-18 13:00 ` dataCobra
` (67 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-02-18 12:45 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 688 bytes --]
There is an updated pull request by dataCobra against master on the void-packages repository
https://github.com/dataCobra/void-packages shadow
https://github.com/void-linux/void-packages/pull/48813
shadow: update to 4.14.5.
#### Testing the changes
- I tested the changes in this PR: **Currently testing**
#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- x86_64-musl
- i686
I welcome everyone to test this version. Maybe also on a new installation.
A patch file from https://github.com/void-linux/void-packages/pull/48813.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-shadow-48813.patch --]
[-- Type: text/x-diff, Size: 6651 bytes --]
From a1b07c7c6115ee386d2fbd4fc0c18607dc3453a2 Mon Sep 17 00:00:00 2001
From: Benedikt Brinkmann <datacobra@thinkbot.de>
Date: Sun, 18 Feb 2024 13:45:27 +0100
Subject: [PATCH] shadow: update to 4.14.5.
---
common/shlibs | 1 +
.../shadow/patches/shadow-strncpy-usage.patch | 23 ---------
srcpkgs/shadow/patches/useradd-defaults.patch | 21 +++++++++
srcpkgs/shadow/patches/xstrdup.patch | 9 ----
srcpkgs/shadow/template | 47 +++++++++++--------
5 files changed, 50 insertions(+), 51 deletions(-)
delete mode 100644 srcpkgs/shadow/patches/shadow-strncpy-usage.patch
create mode 100644 srcpkgs/shadow/patches/useradd-defaults.patch
delete mode 100644 srcpkgs/shadow/patches/xstrdup.patch
diff --git a/common/shlibs b/common/shlibs
index 3cf507d8ada87..eff6d3caf1f0d 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -4275,3 +4275,4 @@ libunicode_ucd.so.0.4 libunicode-0.4.0_1
libunicode_loader.so.0.4 libunicode-0.4.0_1
force-stage.so.0.1 void-force-stage-0.1_1
libliftoff.so.0 libliftoff-0.4.1_1
+libsubid.so.4 shadow-4.14.5_1
diff --git a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch b/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
deleted file mode 100644
index c5564fffdc385..0000000000000
--- a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
+++ /dev/null
@@ -1,23 +0,0 @@
---- a/src/usermod.c 2012-02-13 08:19:43.792146449 -0500
-+++ b/src/usermod.c 2012-02-13 08:21:19.375114500 -0500
-@@ -182,7 +182,7 @@
- struct tm *tp;
-
- if (date < 0) {
-- strncpy (buf, "never", maxsize);
-+ strncpy (buf, "never", maxsize - 1);
- } else {
- time_t t = (time_t) date;
- tp = gmtime (&t);
---- a/src/login.c 2012-02-13 08:19:50.951994454 -0500
-+++ b/src/login.c 2012-02-13 08:21:04.490430937 -0500
-@@ -752,7 +752,8 @@
- _("%s login: "), hostn);
- } else {
- strncpy (loginprompt, _("login: "),
-- sizeof (loginprompt));
-+ sizeof (loginprompt) - 1);
-+ loginprompt[sizeof (loginprompt) - 1] = '\0';
- }
-
- retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
diff --git a/srcpkgs/shadow/patches/useradd-defaults.patch b/srcpkgs/shadow/patches/useradd-defaults.patch
new file mode 100644
index 0000000000000..38035df40cfca
--- /dev/null
+++ b/srcpkgs/shadow/patches/useradd-defaults.patch
@@ -0,0 +1,21 @@
+diff --git a/src/useradd.c b/src/useradd.c
+index 677ea5a636f..49f55211a17 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -87,14 +87,14 @@ const char *Prog;
+ /*
+ * These defaults are used if there is no defaults file.
+ */
+-static gid_t def_group = 1000;
++static gid_t def_group = 100;
+ static const char *def_groups = "";
+ static const char *def_gname = "other";
+ static const char *def_home = "/home";
+ static const char *def_shell = "/bin/bash";
+ static const char *def_template = SKEL_DIR;
+ static const char *def_usrtemplate = USRSKELDIR;
+-static const char *def_create_mail_spool = "yes";
++static const char *def_create_mail_spool = "no";
+ static const char *def_log_init = "yes";
+
+ static long def_inactive = -1;
diff --git a/srcpkgs/shadow/patches/xstrdup.patch b/srcpkgs/shadow/patches/xstrdup.patch
deleted file mode 100644
index 562febcf4164f..0000000000000
--- a/srcpkgs/shadow/patches/xstrdup.patch
+++ /dev/null
@@ -1,9 +0,0 @@
---- a/libmisc/xmalloc.c 2008-08-30 21:55:44.000000000 -0500
-+++ b/libmisc/xmalloc.c.new 2008-08-30 21:55:36.000000000 -0500
-@@ -61,5 +61,6 @@
-
- char *xstrdup (const char *str)
- {
-+ if(str == NULL) return NULL;
- return strcpy (xmalloc (strlen (str) + 1), str);
- }
diff --git a/srcpkgs/shadow/template b/srcpkgs/shadow/template
index c7ece33540c9a..4ca6c68b78cc3 100644
--- a/srcpkgs/shadow/template
+++ b/srcpkgs/shadow/template
@@ -1,23 +1,35 @@
# Template file for 'shadow'
pkgname=shadow
-version=4.8.1
-revision=3
+version=4.14.5
+revision=1
build_style=gnu-configure
configure_args="--bindir=/usr/bin --sbindir=/usr/bin
- --enable-shared --disable-static
- --with-libpam --without-selinux --with-acl --with-attr --without-su
- --disable-nls --enable-subordinate-ids --disable-account-tools-setuid
- --with-group-name-max-length=32"
-hostmakedepends="libtool"
-makedepends="acl-devel pam-devel"
+ --enable-shared --disable-static --with-libpam --without-selinux --with-acl
+ --with-attr --without-su --disable-nls --enable-subordinate-ids
+ --disable-account-tools-setuid --with-group-name-max-length=32"
+hostmakedepends="libtool pkg-config"
+makedepends="acl-devel pam-devel libbsd-devel"
depends="pam"
short_desc="Shadow password file utilities"
maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://github.com/shadow-maint/shadow"
distfiles="${homepage}/releases/download/${version}/shadow-${version}.tar.xz"
-checksum=a3ad4630bdc41372f02a647278a8c3514844295d36eefe68ece6c3a641c1ae62
-conf_files="/etc/pam.d/* /etc/default/* /etc/login.defs"
+checksum=cba74bc7b05d89c015afe23131f9159ece38779d40a8af4cf162852e6e85ca23
+conf_files="
+ /etc/pam.d/chage
+ /etc/pam.d/chgpasswd
+ /etc/pam.d/chpasswd
+ /etc/pam.d/groupadd
+ /etc/pam.d/groupdel
+ /etc/pam.d/groupmems
+ /etc/pam.d/groupmod
+ /etc/pam.d/newusers
+ /etc/pam.d/passwd
+ /etc/pam.d/useradd
+ /etc/pam.d/userdel
+ /etc/pam.d/usermod
+ /etc/login.defs"
if [ "$XBPS_TARGET_LIBC" = "glibc" ]; then
makedepends+=" libxcrypt-devel"
@@ -32,14 +44,16 @@ pre_configure() {
do_build() {
# Don't install groups(1), we use the one from coreutils.
- sed -i 's/groups$(EXEEXT) //' src/Makefile
- for f in $(find man -name Makefile); do
+ sed -i 's/groups$(EXEEXT) //' src/Makefile.in
+ for f in $(find man -name Makefile.in); do
sed -i 's/groups\.1 / /' $f
done
make ${makejobs}
}
post_install() {
+ make -C man DESTDIR="$DESTDIR" install-man
+
mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin
# Install our pam files not the ones supplied with shadow.
@@ -53,13 +67,6 @@ post_install() {
done
install -m644 ${FILESDIR}/login.defs ${DESTDIR}/etc
- # Disable creating mailbox files by default.
- sed -i -e 's/yes/no/' $DESTDIR/etc/default/useradd
- # Change default group to the users gid (100).
- sed -i -e 's/^\(GROUP\)=\(.*\)$/\1=100/' ${DESTDIR}/etc/default/useradd
-
- chmod 644 ${DESTDIR}/etc/default/useradd
-
# Install the cron daily job.
install -Dm744 ${FILESDIR}/shadow.cron-daily \
${DESTDIR}/etc/cron.daily/shadow
@@ -70,6 +77,8 @@ post_install() {
# Remove utilities provided by util-linux and logoutd.
mv ${DESTDIR}/usr/bin/{newgrp,sg}
+ mv $DESTDIR/lib64/* $DESTDIR/usr/lib64/
+
rm \
$DESTDIR/usr/bin/{login,chsh,chfn} \
$DESTDIR/usr/bin/{nologin,logoutd,vipw,vigr}
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR PATCH] [Updated] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
2024-02-18 12:22 ` [PR PATCH] [Updated] " dataCobra
2024-02-18 12:45 ` dataCobra
@ 2024-02-18 13:00 ` dataCobra
2024-02-18 13:34 ` dataCobra
` (66 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-02-18 13:00 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 688 bytes --]
There is an updated pull request by dataCobra against master on the void-packages repository
https://github.com/dataCobra/void-packages shadow
https://github.com/void-linux/void-packages/pull/48813
shadow: update to 4.14.5.
#### Testing the changes
- I tested the changes in this PR: **Currently testing**
#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- x86_64-musl
- i686
I welcome everyone to test this version. Maybe also on a new installation.
A patch file from https://github.com/void-linux/void-packages/pull/48813.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-shadow-48813.patch --]
[-- Type: text/x-diff, Size: 6464 bytes --]
From 2701019ac1f93dec9bdd1515ef5057fa975536bc Mon Sep 17 00:00:00 2001
From: Benedikt Brinkmann <datacobra@thinkbot.de>
Date: Sun, 18 Feb 2024 14:00:30 +0100
Subject: [PATCH] shadow: update to 4.14.5.
---
common/shlibs | 1 +
.../shadow/patches/shadow-strncpy-usage.patch | 23 ---------
srcpkgs/shadow/patches/useradd-defaults.patch | 21 +++++++++
srcpkgs/shadow/patches/xstrdup.patch | 9 ----
srcpkgs/shadow/template | 47 +++++++++++--------
5 files changed, 49 insertions(+), 52 deletions(-)
delete mode 100644 srcpkgs/shadow/patches/shadow-strncpy-usage.patch
create mode 100644 srcpkgs/shadow/patches/useradd-defaults.patch
delete mode 100644 srcpkgs/shadow/patches/xstrdup.patch
diff --git a/common/shlibs b/common/shlibs
index 3cf507d8ada879..eff6d3caf1f0d5 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -4275,3 +4275,4 @@ libunicode_ucd.so.0.4 libunicode-0.4.0_1
libunicode_loader.so.0.4 libunicode-0.4.0_1
force-stage.so.0.1 void-force-stage-0.1_1
libliftoff.so.0 libliftoff-0.4.1_1
+libsubid.so.4 shadow-4.14.5_1
diff --git a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch b/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
deleted file mode 100644
index c5564fffdc3852..00000000000000
--- a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
+++ /dev/null
@@ -1,23 +0,0 @@
---- a/src/usermod.c 2012-02-13 08:19:43.792146449 -0500
-+++ b/src/usermod.c 2012-02-13 08:21:19.375114500 -0500
-@@ -182,7 +182,7 @@
- struct tm *tp;
-
- if (date < 0) {
-- strncpy (buf, "never", maxsize);
-+ strncpy (buf, "never", maxsize - 1);
- } else {
- time_t t = (time_t) date;
- tp = gmtime (&t);
---- a/src/login.c 2012-02-13 08:19:50.951994454 -0500
-+++ b/src/login.c 2012-02-13 08:21:04.490430937 -0500
-@@ -752,7 +752,8 @@
- _("%s login: "), hostn);
- } else {
- strncpy (loginprompt, _("login: "),
-- sizeof (loginprompt));
-+ sizeof (loginprompt) - 1);
-+ loginprompt[sizeof (loginprompt) - 1] = '\0';
- }
-
- retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
diff --git a/srcpkgs/shadow/patches/useradd-defaults.patch b/srcpkgs/shadow/patches/useradd-defaults.patch
new file mode 100644
index 00000000000000..38035df40cfcab
--- /dev/null
+++ b/srcpkgs/shadow/patches/useradd-defaults.patch
@@ -0,0 +1,21 @@
+diff --git a/src/useradd.c b/src/useradd.c
+index 677ea5a636f..49f55211a17 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -87,14 +87,14 @@ const char *Prog;
+ /*
+ * These defaults are used if there is no defaults file.
+ */
+-static gid_t def_group = 1000;
++static gid_t def_group = 100;
+ static const char *def_groups = "";
+ static const char *def_gname = "other";
+ static const char *def_home = "/home";
+ static const char *def_shell = "/bin/bash";
+ static const char *def_template = SKEL_DIR;
+ static const char *def_usrtemplate = USRSKELDIR;
+-static const char *def_create_mail_spool = "yes";
++static const char *def_create_mail_spool = "no";
+ static const char *def_log_init = "yes";
+
+ static long def_inactive = -1;
diff --git a/srcpkgs/shadow/patches/xstrdup.patch b/srcpkgs/shadow/patches/xstrdup.patch
deleted file mode 100644
index 562febcf4164f1..00000000000000
--- a/srcpkgs/shadow/patches/xstrdup.patch
+++ /dev/null
@@ -1,9 +0,0 @@
---- a/libmisc/xmalloc.c 2008-08-30 21:55:44.000000000 -0500
-+++ b/libmisc/xmalloc.c.new 2008-08-30 21:55:36.000000000 -0500
-@@ -61,5 +61,6 @@
-
- char *xstrdup (const char *str)
- {
-+ if(str == NULL) return NULL;
- return strcpy (xmalloc (strlen (str) + 1), str);
- }
diff --git a/srcpkgs/shadow/template b/srcpkgs/shadow/template
index c7ece33540c9a0..96f45405e4c173 100644
--- a/srcpkgs/shadow/template
+++ b/srcpkgs/shadow/template
@@ -1,23 +1,35 @@
# Template file for 'shadow'
pkgname=shadow
-version=4.8.1
-revision=3
+version=4.14.5
+revision=1
build_style=gnu-configure
-configure_args="--bindir=/usr/bin --sbindir=/usr/bin
- --enable-shared --disable-static
- --with-libpam --without-selinux --with-acl --with-attr --without-su
- --disable-nls --enable-subordinate-ids --disable-account-tools-setuid
- --with-group-name-max-length=32"
-hostmakedepends="libtool"
-makedepends="acl-devel pam-devel"
+configure_args="--bindir=/usr/bin --sbindir=/usr/bin --libdir=/usr/lib
+ --enable-shared --disable-static --with-libpam --without-selinux --with-acl
+ --with-attr --without-su --disable-nls --enable-subordinate-ids
+ --disable-account-tools-setuid --with-group-name-max-length=32"
+hostmakedepends="libtool pkg-config"
+makedepends="acl-devel pam-devel libbsd-devel"
depends="pam"
short_desc="Shadow password file utilities"
maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://github.com/shadow-maint/shadow"
distfiles="${homepage}/releases/download/${version}/shadow-${version}.tar.xz"
-checksum=a3ad4630bdc41372f02a647278a8c3514844295d36eefe68ece6c3a641c1ae62
-conf_files="/etc/pam.d/* /etc/default/* /etc/login.defs"
+checksum=cba74bc7b05d89c015afe23131f9159ece38779d40a8af4cf162852e6e85ca23
+conf_files="
+ /etc/pam.d/chage
+ /etc/pam.d/chgpasswd
+ /etc/pam.d/chpasswd
+ /etc/pam.d/groupadd
+ /etc/pam.d/groupdel
+ /etc/pam.d/groupmems
+ /etc/pam.d/groupmod
+ /etc/pam.d/newusers
+ /etc/pam.d/passwd
+ /etc/pam.d/useradd
+ /etc/pam.d/userdel
+ /etc/pam.d/usermod
+ /etc/login.defs"
if [ "$XBPS_TARGET_LIBC" = "glibc" ]; then
makedepends+=" libxcrypt-devel"
@@ -32,14 +44,16 @@ pre_configure() {
do_build() {
# Don't install groups(1), we use the one from coreutils.
- sed -i 's/groups$(EXEEXT) //' src/Makefile
- for f in $(find man -name Makefile); do
+ sed -i 's/groups$(EXEEXT) //' src/Makefile.in
+ for f in $(find man -name Makefile.in); do
sed -i 's/groups\.1 / /' $f
done
make ${makejobs}
}
post_install() {
+ make -C man DESTDIR="$DESTDIR" install-man
+
mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin
# Install our pam files not the ones supplied with shadow.
@@ -53,13 +67,6 @@ post_install() {
done
install -m644 ${FILESDIR}/login.defs ${DESTDIR}/etc
- # Disable creating mailbox files by default.
- sed -i -e 's/yes/no/' $DESTDIR/etc/default/useradd
- # Change default group to the users gid (100).
- sed -i -e 's/^\(GROUP\)=\(.*\)$/\1=100/' ${DESTDIR}/etc/default/useradd
-
- chmod 644 ${DESTDIR}/etc/default/useradd
-
# Install the cron daily job.
install -Dm744 ${FILESDIR}/shadow.cron-daily \
${DESTDIR}/etc/cron.daily/shadow
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (2 preceding siblings ...)
2024-02-18 13:00 ` dataCobra
@ 2024-02-18 13:34 ` dataCobra
2024-02-19 21:25 ` [PR REVIEW] " dkwo
` (65 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-02-18 13:34 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 344 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1951327885
Comment:
The file `/etc/default/useradd` is no longer created by default. Instead now the patched useradd binary is aware of the defaults that we provided before with the old version in `/etc/default/useradd`.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR REVIEW] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (3 preceding siblings ...)
2024-02-18 13:34 ` dataCobra
@ 2024-02-19 21:25 ` dkwo
2024-02-19 21:26 ` dkwo
` (64 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dkwo @ 2024-02-19 21:25 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 175 bytes --]
New review comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#discussion_r1495024596
Comment:
why did you remove this patch?
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR REVIEW] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (4 preceding siblings ...)
2024-02-19 21:25 ` [PR REVIEW] " dkwo
@ 2024-02-19 21:26 ` dkwo
2024-02-19 21:27 ` dkwo
` (63 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dkwo @ 2024-02-19 21:26 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 170 bytes --]
New review comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#discussion_r1495024986
Comment:
should this be `/bin/sh`?
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (5 preceding siblings ...)
2024-02-19 21:26 ` dkwo
@ 2024-02-19 21:27 ` dkwo
2024-02-19 22:08 ` dkwo
` (62 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dkwo @ 2024-02-19 21:27 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 286 bytes --]
New comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1953177160
Comment:
Some distros are also carrying this patch https://git.alpinelinux.org/aports/tree/community/shadow/fix-undefined-reference.patch Maybe it's useful?
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (6 preceding siblings ...)
2024-02-19 21:27 ` dkwo
@ 2024-02-19 22:08 ` dkwo
2024-02-19 22:10 ` dkwo
` (61 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dkwo @ 2024-02-19 22:08 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 254 bytes --]
New comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1953213303
Comment:
As a reference, /usr/bin/lastlog and its manpage are now gone, and there are new /usr/bin/getsubids and its manpage
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (7 preceding siblings ...)
2024-02-19 22:08 ` dkwo
@ 2024-02-19 22:10 ` dkwo
2024-02-20 9:10 ` [PR REVIEW] " dataCobra
` (60 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dkwo @ 2024-02-19 22:10 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 244 bytes --]
New comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1953215327
Comment:
also the file login.defs seems outdated.
distros like arch and chimera patch it instead of replacing it.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR REVIEW] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (8 preceding siblings ...)
2024-02-19 22:10 ` dkwo
@ 2024-02-20 9:10 ` dataCobra
2024-02-20 10:03 ` [PR PATCH] [Updated] " dataCobra
` (59 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-02-20 9:10 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 204 bytes --]
New review comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#discussion_r1495472679
Comment:
It was /bin/bash all the time so I wouldn't change it.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR PATCH] [Updated] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (9 preceding siblings ...)
2024-02-20 9:10 ` [PR REVIEW] " dataCobra
@ 2024-02-20 10:03 ` dataCobra
2024-02-20 10:05 ` dataCobra
` (58 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-02-20 10:03 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 674 bytes --]
There is an updated pull request by dataCobra against master on the void-packages repository
https://github.com/dataCobra/void-packages shadow
https://github.com/void-linux/void-packages/pull/48813
shadow: update to 4.14.5.
#### Testing the changes
- I tested the changes in this PR: **YES**
#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- x86_64-musl
- i686
I welcome everyone to test this version. Maybe also on a new installation.
A patch file from https://github.com/void-linux/void-packages/pull/48813.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-shadow-48813.patch --]
[-- Type: text/x-diff, Size: 36508 bytes --]
From 5b62251e9e948caab5532536462d918afd737b17 Mon Sep 17 00:00:00 2001
From: dataCobra <datacobra@thinkbot.de>
Date: Tue, 20 Feb 2024 11:02:29 +0100
Subject: [PATCH] shadow: update to 4.14.5.
---
common/shlibs | 1 +
srcpkgs/shadow/files/login.defs | 87 ---
...pt-login.defs-for-PAM-and-util-linux.patch | 721 ++++++++++++++++++
...d-Arch-Linux-defaults-for-login.defs.patch | 55 ++
.../patches/fix-undefined-reference.patch | 19 +
.../shadow/patches/shadow-strncpy-usage.patch | 23 -
srcpkgs/shadow/patches/useradd-defaults.patch | 21 +
srcpkgs/shadow/patches/xstrdup.patch | 9 -
srcpkgs/shadow/template | 46 +-
9 files changed, 843 insertions(+), 139 deletions(-)
delete mode 100644 srcpkgs/shadow/files/login.defs
create mode 100644 srcpkgs/shadow/patches/0002-Adapt-login.defs-for-PAM-and-util-linux.patch
create mode 100644 srcpkgs/shadow/patches/0003-Add-Arch-Linux-defaults-for-login.defs.patch
create mode 100644 srcpkgs/shadow/patches/fix-undefined-reference.patch
delete mode 100644 srcpkgs/shadow/patches/shadow-strncpy-usage.patch
create mode 100644 srcpkgs/shadow/patches/useradd-defaults.patch
delete mode 100644 srcpkgs/shadow/patches/xstrdup.patch
diff --git a/common/shlibs b/common/shlibs
index 34596bac98f4b5..6bd786075ec1d8 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -4277,3 +4277,4 @@ libunicode_ucd.so.0.4 libunicode-0.4.0_1
libunicode_loader.so.0.4 libunicode-0.4.0_1
force-stage.so.0.1 void-force-stage-0.1_1
libliftoff.so.0 libliftoff-0.4.1_1
+libsubid.so.4 shadow-4.14.5_1
diff --git a/srcpkgs/shadow/files/login.defs b/srcpkgs/shadow/files/login.defs
deleted file mode 100644
index 350764846af4b0..00000000000000
--- a/srcpkgs/shadow/files/login.defs
+++ /dev/null
@@ -1,87 +0,0 @@
-# Configuration file for login(1). For more information see
-# login.defs(5).
-
-# Directory where mailboxes reside, _or_ name of file, relative to the
-# home directory. If you do define both, MAIL_DIR takes precedence.
-#
-MAIL_DIR /var/mail
-#MAIL_FILE .mail
-
-# Password aging controls:
-#
-# PASS_MAX_DAYS Maximum number of days a password may be used.
-# PASS_MIN_DAYS Minimum number of days allowed between password changes.
-# PASS_MIN_LEN Minimum acceptable password length.
-# PASS_WARN_AGE Number of days warning given before a password expires.
-PASS_MAX_DAYS 99999
-PASS_MIN_DAYS 0
-PASS_WARN_AGE 7
-
-# Min/max values for automatic uid selection in useradd
-UID_MIN 1000
-UID_MAX 60000
-# System accounts
-SYS_UID_MIN 100
-SYS_UID_MAX 999
-
-# Min/max values for automatic gid selection in groupadd
-GID_MIN 1000
-GID_MAX 60000
-# System accounts
-SYS_GID_MIN 100
-SYS_GID_MAX 999
-
-# If useradd should create home directories for users by default
-CREATE_HOME yes
-
-# This enables userdel to remove user groups if no members exist.
-USERGROUPS_ENAB yes
-
-# Disable MOTD_FILE (empty); use pam_motd(8) instead.
-MOTD_FILE
-
-
-# If defined, either full pathname of a file containing device names or
-# a ":" delimited list of device names. Root logins will be allowed only
-# upon these devices.
-#
-CONSOLE /etc/securetty
-
-# Terminal permissions
-#
-# TTYGROUP Login tty will be assigned this group ownership.
-# TTYPERM Login tty will be set to this permission.
-#
-# If you have a "write" program which is "setgid" to a special group
-# which owns the terminals, define TTYGROUP to the group number and
-# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
-# TTYPERM to either 622 or 600.
-#
-TTYGROUP tty
-TTYPERM 0600
-
-# Login configuration initializations:
-#
-# ERASECHAR Terminal ERASE character ('\010' = backspace).
-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
-# UMASK Default "umask" value.
-#
-# The ERASECHAR and KILLCHAR are used only on System V machines.
-# The ULIMIT is used only if the system supports it.
-# (now it works with setrlimit too; ulimit is in 512-byte units)
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
-ERASECHAR 0177
-KILLCHAR 025
-UMASK 022
-HOME_MODE 0700
-
-# Max number of login retries if password is bad
-#
-LOGIN_RETRIES 5
-
-#
-# Max time in seconds for login
-#
-LOGIN_TIMEOUT 60
diff --git a/srcpkgs/shadow/patches/0002-Adapt-login.defs-for-PAM-and-util-linux.patch b/srcpkgs/shadow/patches/0002-Adapt-login.defs-for-PAM-and-util-linux.patch
new file mode 100644
index 00000000000000..dc794a7c14591f
--- /dev/null
+++ b/srcpkgs/shadow/patches/0002-Adapt-login.defs-for-PAM-and-util-linux.patch
@@ -0,0 +1,721 @@
+From dcc12b1d2bd612923c6c73d0da92fbe1aefa46b1 Mon Sep 17 00:00:00 2001
+From: David Runge <dvzrv@archlinux.org>
+Date: Mon, 31 Oct 2022 09:45:13 +0100
+Subject: [PATCH 2/3] Adapt login.defs for PAM and util-linux
+
+etc/login.defs:
+Remove unused login.defs options, that are either irrelevant due to the
+use of PAM or because the util-linux version of a binary does not
+support them.
+Modify all options that are ignored when using PAM, but are supported by
+util-linux.
+
+Removed options because they are part of PAMDEFS (options in PAMDEFS are
+options silently ignored by shadow when built with PAM enabled):
+* CHFN_AUTH
+* CRACKLIB_DICTPATH
+* ENV_HZ
+* ENVIRON_FILE
+* ENV_TZ
+* FAILLOG_ENAB
+* FTMP_FILE
+* ISSUE_FILE
+* LASTLOG_ENAB
+* LOGIN_STRING
+* MAIL_CHECK_ENAB
+* NOLOGINS_FILE
+* OBSCURE_CHECKS_ENAB
+* PASS_ALWAYS_WARN
+* PASS_CHANGE_TRIES
+* PASS_MAX_LEN
+* PASS_MIN_LEN
+* PORTTIME_CHECKS_ENAB
+* QUOTAS_ENAB
+* SU_WHEEL_ONLY
+* SYSLOG_SU_ENAB
+* ULIMIT
+
+Removed options because they are not availablbe with PAM enabled:
+* BCRYPT_MIN_ROUNDS
+* BCRYPT_MAX_ROUNDS
+* CONSOLE_GROUPS
+* CONSOLE
+* MD5_CRYPT_ENAB
+* PREVENT_NO_AUTH
+
+Removed encryption methods (`ENCRYPT_METHOD`), because they are unsafe
+or not available with PAM:
+* BCRYPT
+* MD5
+
+Removed options because they are not supported by login from util-linux:
+* ERASECHAR
+* KILLCHAR
+* LOG_OK_LOGINS
+* TTYTYPE_FILE
+
+Removed options because they are not supported by su from util-linux:
+* SULOG_FILE
+* SU_NAME
+
+Adapted options because they are in PAMDEFS but are supported by login
+from util-linux:
+* MOTD_FILE
+
+man/login.defs.5.xml:
+Remove unavailable options from man 5 login.defs.
+---
+ etc/login.defs | 228 +------------------------------------------
+ man/login.defs.5.xml | 150 +---------------------------
+ 2 files changed, 8 insertions(+), 370 deletions(-)
+
+diff --git a/etc/login.defs b/etc/login.defs
+index 114dbcd9..797ca6b3 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -3,6 +3,8 @@
+ #
+ # $Id$
+ #
++# NOTE: This file is adapted for the use on Arch Linux!
++# Unsupported options due to the use of util-linux or PAM are removed.
+
+ #
+ # Delay in seconds before being allowed another attempt after a login failure
+@@ -11,26 +13,11 @@
+ #
+ FAIL_DELAY 3
+
+-#
+-# Enable logging and display of /var/log/faillog login(1) failure info.
+-#
+-FAILLOG_ENAB yes
+-
+ #
+ # Enable display of unknown usernames when login(1) failures are recorded.
+ #
+ LOG_UNKFAIL_ENAB no
+
+-#
+-# Enable logging of successful logins
+-#
+-LOG_OK_LOGINS no
+-
+-#
+-# Enable logging and display of /var/log/lastlog login(1) time info.
+-#
+-LASTLOG_ENAB yes
+-
+ #
+ # Limit the highest user ID number for which the lastlog entries should
+ # be updated.
+@@ -40,88 +27,13 @@ LASTLOG_ENAB yes
+ #
+ #LASTLOG_UID_MAX
+
+-#
+-# Enable checking and display of mailbox status upon login.
+-#
+-# Disable if the shell startup files already check for mail
+-# ("mailx -e" or equivalent).
+-#
+-MAIL_CHECK_ENAB yes
+-
+-#
+-# Enable additional checks upon password changes.
+-#
+-OBSCURE_CHECKS_ENAB yes
+-
+-#
+-# Enable checking of time restrictions specified in /etc/porttime.
+-#
+-PORTTIME_CHECKS_ENAB yes
+-
+-#
+-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
+-#
+-QUOTAS_ENAB yes
+-
+-#
+-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
+-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
+-#
+-SYSLOG_SU_ENAB yes
+-SYSLOG_SG_ENAB yes
+-
+-#
+-# If defined, either full pathname of a file containing device names or
+-# a ":" delimited list of device names. Root logins will be allowed only
+-# from these devices.
+-#
+-CONSOLE /etc/securetty
+-#CONSOLE console:tty01:tty02:tty03:tty04
+-
+-#
+-# If defined, all su(1) activity is logged to this file.
+-#
+-#SULOG_FILE /var/log/sulog
+-
+ #
+ # If defined, ":" delimited list of "message of the day" files to
+ # be displayed upon login.
+ #
+-MOTD_FILE /etc/motd
++MOTD_FILE
+ #MOTD_FILE /etc/motd:/usr/lib/news/news-motd
+
+-#
+-# If defined, this file will be output before each login(1) prompt.
+-#
+-#ISSUE_FILE /etc/issue
+-
+-#
+-# If defined, file which maps tty line to TERM environment parameter.
+-# Each line of the file is in a format similar to "vt100 tty01".
+-#
+-#TTYTYPE_FILE /etc/ttytype
+-
+-#
+-# If defined, login(1) failures will be logged here in a utmp format.
+-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
+-#
+-FTMP_FILE /var/log/btmp
+-
+-#
+-# If defined, name of file whose presence will inhibit non-root
+-# logins. The content of this file should be a message indicating
+-# why logins are inhibited.
+-#
+-NOLOGINS_FILE /etc/nologin
+-
+-#
+-# If defined, the command name to display when running "su -". For
+-# example, if this is defined as "su" then ps(1) will display the
+-# command as "-su". If not defined, then ps(1) will display the
+-# name of the shell actually being run, e.g. something like "-sh".
+-#
+-SU_NAME su
+-
+ #
+ # *REQUIRED*
+ # Directory where mailboxes reside, _or_ name of file, relative to the
+@@ -139,21 +51,6 @@ MAIL_DIR /var/spool/mail
+ HUSHLOGIN_FILE .hushlogin
+ #HUSHLOGIN_FILE /etc/hushlogins
+
+-#
+-# If defined, either a TZ environment parameter spec or the
+-# fully-rooted pathname of a file containing such a spec.
+-#
+-#ENV_TZ TZ=CST6CDT
+-#ENV_TZ /etc/tzname
+-
+-#
+-# If defined, an HZ environment parameter spec.
+-#
+-# for Linux/x86
+-ENV_HZ HZ=100
+-# For Linux/Alpha...
+-#ENV_HZ HZ=1024
+-
+ #
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+@@ -175,23 +72,6 @@ ENV_PATH PATH=/bin:/usr/bin
+ TTYGROUP tty
+ TTYPERM 0600
+
+-#
+-# Login configuration initializations:
+-#
+-# ERASECHAR Terminal ERASE character ('\010' = backspace).
+-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
+-# ULIMIT Default "ulimit" value.
+-#
+-# The ERASECHAR and KILLCHAR are used only on System V machines.
+-# The ULIMIT is used only if the system supports it.
+-# (now it works with setrlimit too; ulimit is in 512-byte units)
+-#
+-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+-#
+-ERASECHAR 0177
+-KILLCHAR 025
+-#ULIMIT 2097152
+-
+ # Default initial "umask" value used by login(1) on non-PAM enabled systems.
+ # Default "umask" value for pam_umask(8) on PAM enabled systems.
+ # UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+@@ -211,27 +91,12 @@ UMASK 022
+ #
+ # PASS_MAX_DAYS Maximum number of days a password may be used.
+ # PASS_MIN_DAYS Minimum number of days allowed between password changes.
+-# PASS_MIN_LEN Minimum acceptable password length.
+ # PASS_WARN_AGE Number of days warning given before a password expires.
+ #
+ PASS_MAX_DAYS 99999
+ PASS_MIN_DAYS 0
+-PASS_MIN_LEN 5
+ PASS_WARN_AGE 7
+
+-#
+-# If "yes", the user must be listed as a member of the first gid 0 group
+-# in /etc/group (called "root" on most Linux systems) to be able to "su"
+-# to uid 0 accounts. If the group doesn't exist or is empty, no one
+-# will be able to "su" to uid 0.
+-#
+-SU_WHEEL_ONLY no
+-
+-#
+-# If compiled with cracklib support, sets the path to the dictionaries
+-#
+-CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
+-
+ #
+ # Min/max values for automatic uid selection in useradd(8)
+ #
+@@ -268,28 +133,6 @@ LOGIN_RETRIES 5
+ #
+ LOGIN_TIMEOUT 60
+
+-#
+-# Maximum number of attempts to change password if rejected (too easy)
+-#
+-PASS_CHANGE_TRIES 5
+-
+-#
+-# Warn about weak passwords (but still allow them) if you are root.
+-#
+-PASS_ALWAYS_WARN yes
+-
+-#
+-# Number of significant characters in the password for crypt().
+-# Default is 8, don't change unless your crypt() is better.
+-# Ignored if MD5_CRYPT_ENAB set to "yes".
+-#
+-#PASS_MAX_LEN 8
+-
+-#
+-# Require password before chfn(1)/chsh(1) can make any changes.
+-#
+-CHFN_AUTH yes
+-
+ #
+ # Which fields may be changed by regular users using chfn(1) - use
+ # any combination of letters "frwh" (full name, room number, work
+@@ -298,38 +141,13 @@ CHFN_AUTH yes
+ #
+ CHFN_RESTRICT rwh
+
+-#
+-# Password prompt (%s will be replaced by user name).
+-#
+-# XXX - it doesn't work correctly yet, for now leave it commented out
+-# to use the default which is just "Password: ".
+-#LOGIN_STRING "%s's Password: "
+-
+-#
+-# Only works if compiled with MD5_CRYPT defined:
+-# If set to "yes", new passwords will be encrypted using the MD5-based
+-# algorithm compatible with the one used by recent releases of FreeBSD.
+-# It supports passwords of unlimited length and longer salt strings.
+-# Set to "no" if you need to copy encrypted passwords to other systems
+-# which don't understand the new algorithm. Default is "no".
+-#
+-# Note: If you use PAM, it is recommended to use a value consistent with
+-# the PAM modules configuration.
+-#
+-# This variable is deprecated. You should use ENCRYPT_METHOD instead.
+-#
+-#MD5_CRYPT_ENAB no
+-
+ #
+ # Only works if compiled with ENCRYPTMETHOD_SELECT defined:
+-# If set to MD5, MD5-based algorithm will be used for encrypting password
+ # If set to SHA256, SHA256-based algorithm will be used for encrypting password
+ # If set to SHA512, SHA512-based algorithm will be used for encrypting password
+-# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
+ # If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
+ # If set to DES, DES-based algorithm will be used for encrypting password (default)
+ # MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
+-# Overrides the MD5_CRYPT_ENAB option
+ #
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+@@ -353,21 +171,6 @@ CHFN_RESTRICT rwh
+ #SHA_CRYPT_MIN_ROUNDS 5000
+ #SHA_CRYPT_MAX_ROUNDS 5000
+
+-#
+-# Only works if ENCRYPT_METHOD is set to BCRYPT.
+-#
+-# Define the number of BCRYPT rounds.
+-# With a lot of rounds, it is more difficult to brute-force the password.
+-# However, more CPU resources will be needed to authenticate users if
+-# this value is increased.
+-#
+-# If not specified, 13 rounds will be attempted.
+-# If only one of the MIN or MAX values is set, then this value will be used.
+-# If MIN > MAX, the highest value will be used.
+-#
+-#BCRYPT_MIN_ROUNDS 13
+-#BCRYPT_MAX_ROUNDS 13
+-
+ #
+ # Only works if ENCRYPT_METHOD is set to YESCRYPT.
+ #
+@@ -381,17 +184,6 @@ CHFN_RESTRICT rwh
+ #
+ #YESCRYPT_COST_FACTOR 5
+
+-#
+-# List of groups to add to the user's supplementary group set
+-# when logging in from the console (as determined by the CONSOLE
+-# setting). Default is none.
+-#
+-# Use with caution - it is possible for users to gain permanent
+-# access to these groups, even when not logged in from the console.
+-# How to do it is left as an exercise for the reader...
+-#
+-#CONSOLE_GROUPS floppy:audio:cdrom
+-
+ #
+ # Should login be allowed if we can't cd to the home directory?
+ # Default is no.
+@@ -406,12 +198,6 @@ DEFAULT_HOME yes
+ #
+ NONEXISTENT /nonexistent
+
+-#
+-# If this file exists and is readable, login environment will be
+-# read from it. Every line should be in the form name=value.
+-#
+-ENVIRON_FILE /etc/environment
+-
+ #
+ # If defined, this command is run when removing a user.
+ # It should remove any at/cron/print jobs etc. owned by
+@@ -459,14 +245,6 @@ USERGROUPS_ENAB yes
+ #
+ #GRANT_AUX_GROUP_SUBIDS yes
+
+-#
+-# Prevents an empty password field to be interpreted as "no authentication
+-# required".
+-# Set to "yes" to prevent for all accounts
+-# Set to "superuser" to prevent for UID 0 / root (default)
+-# Set to "no" to not prevent for any account (dangerous, historical default)
+-PREVENT_NO_AUTH superuser
+-
+ #
+ # Select the HMAC cryptography algorithm.
+ # Used in pam_timestamp module to calculate the keyed-hash message
+diff --git a/man/login.defs.5.xml b/man/login.defs.5.xml
+index ab62fa86..d82c47f1 100644
+--- a/man/login.defs.5.xml
++++ b/man/login.defs.5.xml
+@@ -7,69 +7,38 @@
+ -->
+ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+-<!ENTITY CHFN_AUTH SYSTEM "login.defs.d/CHFN_AUTH.xml">
+ <!ENTITY CHFN_RESTRICT SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
+-<!ENTITY CHSH_AUTH SYSTEM "login.defs.d/CHSH_AUTH.xml">
+-<!ENTITY CONSOLE SYSTEM "login.defs.d/CONSOLE.xml">
+-<!ENTITY CONSOLE_GROUPS SYSTEM "login.defs.d/CONSOLE_GROUPS.xml">
+ <!ENTITY CREATE_HOME SYSTEM "login.defs.d/CREATE_HOME.xml">
+ <!ENTITY DEFAULT_HOME SYSTEM "login.defs.d/DEFAULT_HOME.xml">
+ <!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
+-<!ENTITY ENV_HZ SYSTEM "login.defs.d/ENV_HZ.xml">
+ <!ENTITY ENV_PATH SYSTEM "login.defs.d/ENV_PATH.xml">
+ <!ENTITY ENV_SUPATH SYSTEM "login.defs.d/ENV_SUPATH.xml">
+-<!ENTITY ENV_TZ SYSTEM "login.defs.d/ENV_TZ.xml">
+-<!ENTITY ENVIRON_FILE SYSTEM "login.defs.d/ENVIRON_FILE.xml">
+-<!ENTITY ERASECHAR SYSTEM "login.defs.d/ERASECHAR.xml">
+ <!ENTITY FAIL_DELAY SYSTEM "login.defs.d/FAIL_DELAY.xml">
+-<!ENTITY FAILLOG_ENAB SYSTEM "login.defs.d/FAILLOG_ENAB.xml">
+-<!ENTITY FAKE_SHELL SYSTEM "login.defs.d/FAKE_SHELL.xml">
+-<!ENTITY FTMP_FILE SYSTEM "login.defs.d/FTMP_FILE.xml">
+ <!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
+ <!ENTITY HMAC_CRYPTO_ALGO SYSTEM "login.defs.d/HMAC_CRYPTO_ALGO.xml">
+ <!ENTITY HOME_MODE SYSTEM "login.defs.d/HOME_MODE.xml">
+ <!ENTITY HUSHLOGIN_FILE SYSTEM "login.defs.d/HUSHLOGIN_FILE.xml">
+-<!ENTITY ISSUE_FILE SYSTEM "login.defs.d/ISSUE_FILE.xml">
+-<!ENTITY KILLCHAR SYSTEM "login.defs.d/KILLCHAR.xml">
+-<!ENTITY LASTLOG_ENAB SYSTEM "login.defs.d/LASTLOG_ENAB.xml">
+ <!ENTITY LASTLOG_UID_MAX SYSTEM "login.defs.d/LASTLOG_UID_MAX.xml">
+-<!ENTITY LOG_OK_LOGINS SYSTEM "login.defs.d/LOG_OK_LOGINS.xml">
+ <!ENTITY LOG_UNKFAIL_ENAB SYSTEM "login.defs.d/LOG_UNKFAIL_ENAB.xml">
+ <!ENTITY LOGIN_RETRIES SYSTEM "login.defs.d/LOGIN_RETRIES.xml">
+-<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
+ <!ENTITY LOGIN_TIMEOUT SYSTEM "login.defs.d/LOGIN_TIMEOUT.xml">
+-<!ENTITY MAIL_CHECK_ENAB SYSTEM "login.defs.d/MAIL_CHECK_ENAB.xml">
+ <!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
+ <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
+-<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
+ <!ENTITY MOTD_FILE SYSTEM "login.defs.d/MOTD_FILE.xml">
+-<!ENTITY NOLOGINS_FILE SYSTEM "login.defs.d/NOLOGINS_FILE.xml">
+ <!ENTITY NONEXISTENT SYSTEM "login.defs.d/NONEXISTENT.xml">
+-<!ENTITY OBSCURE_CHECKS_ENAB SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
+-<!ENTITY PASS_ALWAYS_WARN SYSTEM "login.defs.d/PASS_ALWAYS_WARN.xml">
+-<!ENTITY PASS_CHANGE_TRIES SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
+-<!ENTITY PASS_MAX_LEN SYSTEM "login.defs.d/PASS_MAX_LEN.xml">
+ <!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
+ <!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
+ <!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
+-<!ENTITY PORTTIME_CHECKS_ENAB SYSTEM "login.defs.d/PORTTIME_CHECKS_ENAB.xml">
+-<!ENTITY QUOTAS_ENAB SYSTEM "login.defs.d/QUOTAS_ENAB.xml">
+ <!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+-<!ENTITY SULOG_FILE SYSTEM "login.defs.d/SULOG_FILE.xml">
+-<!ENTITY SU_NAME SYSTEM "login.defs.d/SU_NAME.xml">
+-<!ENTITY SU_WHEEL_ONLY SYSTEM "login.defs.d/SU_WHEEL_ONLY.xml">
+ <!ENTITY SUB_GID_COUNT SYSTEM "login.defs.d/SUB_GID_COUNT.xml">
+ <!ENTITY SUB_UID_COUNT SYSTEM "login.defs.d/SUB_UID_COUNT.xml">
+ <!ENTITY SYS_GID_MAX SYSTEM "login.defs.d/SYS_GID_MAX.xml">
+ <!ENTITY SYSLOG_SG_ENAB SYSTEM "login.defs.d/SYSLOG_SG_ENAB.xml">
+-<!ENTITY SYSLOG_SU_ENAB SYSTEM "login.defs.d/SYSLOG_SU_ENAB.xml">
+ <!ENTITY SYS_UID_MAX SYSTEM "login.defs.d/SYS_UID_MAX.xml">
+ <!ENTITY TCB_AUTH_GROUP SYSTEM "login.defs.d/TCB_AUTH_GROUP.xml">
+ <!ENTITY TCB_SYMLINKS SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
+ <!ENTITY TTYGROUP SYSTEM "login.defs.d/TTYGROUP.xml">
+-<!ENTITY TTYTYPE_FILE SYSTEM "login.defs.d/TTYTYPE_FILE.xml">
+ <!ENTITY UID_MAX SYSTEM "login.defs.d/UID_MAX.xml">
+-<!ENTITY ULIMIT SYSTEM "login.defs.d/ULIMIT.xml">
+ <!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
+ <!ENTITY USERDEL_CMD SYSTEM "login.defs.d/USERDEL_CMD.xml">
+ <!ENTITY USERGROUPS_ENAB SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
+@@ -145,47 +114,25 @@
+ <para>The following configuration items are provided:</para>
+
+ <variablelist remap='IP'>
+- &CHFN_AUTH;
+ &CHFN_RESTRICT;
+- &CHSH_AUTH;
+- &CONSOLE;
+- &CONSOLE_GROUPS;
+ &CREATE_HOME;
+ &DEFAULT_HOME;
+ &ENCRYPT_METHOD;
+- &ENV_HZ;
+ &ENV_PATH;
+ &ENV_SUPATH;
+- &ENV_TZ;
+- &ENVIRON_FILE;
+- &ERASECHAR;
+ &FAIL_DELAY;
+- &FAILLOG_ENAB;
+- &FAKE_SHELL;
+- &FTMP_FILE;
+ &GID_MAX; <!-- documents also GID_MIN -->
+ &HMAC_CRYPTO_ALGO;
+ &HOME_MODE;
+ &HUSHLOGIN_FILE;
+- &ISSUE_FILE;
+- &KILLCHAR;
+- &LASTLOG_ENAB;
+ &LASTLOG_UID_MAX;
+- &LOG_OK_LOGINS;
+ &LOG_UNKFAIL_ENAB;
+ &LOGIN_RETRIES;
+- &LOGIN_STRING;
+ &LOGIN_TIMEOUT;
+- &MAIL_CHECK_ENAB;
+ &MAIL_DIR;
+ &MAX_MEMBERS_PER_GROUP;
+- &MD5_CRYPT_ENAB;
+ &MOTD_FILE;
+- &NOLOGINS_FILE;
+ &NONEXISTENT;
+- &OBSCURE_CHECKS_ENAB;
+- &PASS_ALWAYS_WARN;
+- &PASS_CHANGE_TRIES;
+ &PASS_MAX_DAYS;
+ &PASS_MIN_DAYS;
+ &PASS_WARN_AGE;
+@@ -195,25 +142,16 @@
+ time of account creation. Any changes to these settings won't affect
+ existing accounts.
+ </para>
+- &PASS_MAX_LEN; <!-- documents also PASS_MIN_LEN -->
+- &PORTTIME_CHECKS_ENAB;
+- "AS_ENAB;
+ &SHA_CRYPT_MIN_ROUNDS; <!-- documents also SHA_CRYPT_MAX_ROUNDS -->
+- &SULOG_FILE;
+- &SU_NAME;
+- &SU_WHEEL_ONLY;
+ &SUB_GID_COUNT; <!-- documents also SUB_GID_MIN SUB_GID_MAX -->
+ &SUB_UID_COUNT; <!-- documents also SUB_UID_MIN SUB_UID_MAX -->
+ &SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
+ &SYS_UID_MAX; <!-- documents also SYS_UID_MIN -->
+ &SYSLOG_SG_ENAB;
+- &SYSLOG_SU_ENAB;
+ &TCB_AUTH_GROUP;
+ &TCB_SYMLINKS;
+ &TTYGROUP;
+- &TTYTYPE_FILE;
+ &UID_MAX; <!-- documents also UID_MIN -->
+- &ULIMIT;
+ &UMASK;
+ &USERDEL_CMD;
+ &USERGROUPS_ENAB;
+@@ -239,9 +177,7 @@
+ <term>chfn</term>
+ <listitem>
+ <para>
+- <phrase condition="no_pam">CHFN_AUTH</phrase>
+ CHFN_RESTRICT
+- <phrase condition="no_pam">LOGIN_STRING</phrase>
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -249,7 +185,7 @@
+ <term>chgpasswd</term>
+ <listitem>
+ <para>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -259,8 +195,6 @@
+ <term>chpasswd</term>
+ <listitem>
+ <para>
+- <phrase condition="no_pam">ENCRYPT_METHOD
+- MD5_CRYPT_ENAB </phrase>
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -270,7 +204,7 @@
+ <term>chsh</term>
+ <listitem>
+ <para>
+- CHSH_AUTH LOGIN_STRING
++ CHSH_AUTH
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -280,7 +214,7 @@
+ <term>gpasswd</term>
+ <listitem>
+ <para>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -339,35 +273,6 @@
+ <para>LASTLOG_UID_MAX</para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>login</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENV_PATH ENV_SUPATH
+- ENV_TZ ENVIRON_FILE</phrase>
+- ERASECHAR FAIL_DELAY
+- <phrase condition="no_pam">FAILLOG_ENAB</phrase>
+- FAKE_SHELL
+- <phrase condition="no_pam">FTMP_FILE</phrase>
+- HUSHLOGIN_FILE
+- <phrase condition="no_pam">ISSUE_FILE</phrase>
+- KILLCHAR
+- <phrase condition="no_pam">LASTLOG_ENAB LASTLOG_UID_MAX</phrase>
+- LOGIN_RETRIES
+- <phrase condition="no_pam">LOGIN_STRING</phrase>
+- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
+- <phrase condition="no_pam">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
+- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
+- QUOTAS_ENAB</phrase>
+- TTYGROUP TTYPERM TTYTYPE_FILE
+- <phrase condition="no_pam">ULIMIT UMASK</phrase>
+- USERGROUPS_ENAB
+- </para>
+- </listitem>
+- </varlistentry>
+- <!-- logoutd: no variables -->
+ <varlistentry>
+ <term>newgrp / sg</term>
+ <listitem>
+@@ -382,7 +287,7 @@
+ <para>
+ ENCRYPT_METHOD
+ GID_MAX GID_MIN
+- MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ MAX_MEMBERS_PER_GROUP
+ HOME_MODE
+ PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+@@ -399,8 +304,7 @@
+ <term>passwd</term>
+ <listitem>
+ <para>
+- ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
+- PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
++ ENCRYPT_METHOD
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -432,32 +336,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>su</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENVIRON_FILE</phrase>
+- ENV_PATH ENV_SUPATH
+- <phrase condition="no_pam">ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
+- MAIL_DIR MAIL_FILE QUOTAS_ENAB</phrase>
+- SULOG_FILE SU_NAME
+- <phrase condition="no_pam">SU_WHEEL_ONLY</phrase>
+- SYSLOG_SU_ENAB
+- <phrase condition="no_pam">USERGROUPS_ENAB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry>
+- <term>sulogin</term>
+- <listitem>
+- <para>
+- ENV_HZ
+- <phrase condition="no_pam">ENV_TZ</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+ <varlistentry>
+ <term>useradd</term>
+ <listitem>
+@@ -486,24 +364,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>usermod</term>
+- <listitem>
+- <para>
+- LASTLOG_UID_MAX
+- MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP
+- <phrase condition="tcb">TCB_SYMLINKS USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry condition="tcb">
+- <term>vipw</term>
+- <listitem>
+- <para>
+- <phrase condition="tcb">USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+ </variablelist>
+ </refsect1>
+
+--
+2.43.2
+
diff --git a/srcpkgs/shadow/patches/0003-Add-Arch-Linux-defaults-for-login.defs.patch b/srcpkgs/shadow/patches/0003-Add-Arch-Linux-defaults-for-login.defs.patch
new file mode 100644
index 00000000000000..e8b5885d1250bf
--- /dev/null
+++ b/srcpkgs/shadow/patches/0003-Add-Arch-Linux-defaults-for-login.defs.patch
@@ -0,0 +1,55 @@
+From 7eb2d0b9eff128c404ef7a6d07aa597ac9ca2d84 Mon Sep 17 00:00:00 2001
+From: David Runge <dvzrv@archlinux.org>
+Date: Mon, 31 Oct 2022 10:10:22 +0100
+Subject: [PATCH 3/3] Add Arch Linux defaults for login.defs
+
+etc/login.defs:
+- Change `ENV_SUPATH` and `ENV_SUPATH` to only use
+ /usr/local/sbin:/usr/local/bin:/usr/bin as Arch Linux is a /usr and
+ bin merge distribution.
+- Set `HOME_MODE` to `0700` to be able to rely on a `UMASK` of `022`
+ while creating home directories in a privacy conserving manner.
+- Change SYS_UID_MIN and SYS_GID_MIN to 500 which gives more space for
+ distribution added UIDs and GIDs of system users.
+- Change ENCRYPT_METHOD to YESCRYPT as it is a safer hashing algorithm
+ than DES.
+---
+ etc/login.defs | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/etc/login.defs b/etc/login.defs
+index 797ca6b3..c4accbf8 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -55,8 +55,8 @@ HUSHLOGIN_FILE .hushlogin
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+ # (they are minimal, add the rest in the shell startup files)
+-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
+-ENV_PATH PATH=/bin:/usr/bin
++ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
++ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+
+ #
+ # Terminal permissions
+@@ -84,7 +84,7 @@ UMASK 022
+ # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+ # home directories.
+ # If HOME_MODE is not set, the value of UMASK is used to create the mode.
+-#HOME_MODE 0700
++HOME_MODE 0700
+
+ #
+ # Password aging controls:
+@@ -152,7 +152,7 @@ CHFN_RESTRICT rwh
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+-#ENCRYPT_METHOD DES
++ENCRYPT_METHOD YESCRYPT
+
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+--
+2.43.2
+
diff --git a/srcpkgs/shadow/patches/fix-undefined-reference.patch b/srcpkgs/shadow/patches/fix-undefined-reference.patch
new file mode 100644
index 00000000000000..4a3e742b9837b7
--- /dev/null
+++ b/srcpkgs/shadow/patches/fix-undefined-reference.patch
@@ -0,0 +1,19 @@
+--- a/lib/alloc.h
++++ b/lib/alloc.h
+@@ -84,14 +84,14 @@
+ }
+
+
+-inline void *
++static inline void *
+ mallocarray(size_t nmemb, size_t size)
+ {
+ return reallocarray(NULL, nmemb, size);
+ }
+
+
+-inline void *
++static inline void *
+ reallocarrayf(void *p, size_t nmemb, size_t size)
+ {
+ void *q;
diff --git a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch b/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
deleted file mode 100644
index c5564fffdc3852..00000000000000
--- a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
+++ /dev/null
@@ -1,23 +0,0 @@
---- a/src/usermod.c 2012-02-13 08:19:43.792146449 -0500
-+++ b/src/usermod.c 2012-02-13 08:21:19.375114500 -0500
-@@ -182,7 +182,7 @@
- struct tm *tp;
-
- if (date < 0) {
-- strncpy (buf, "never", maxsize);
-+ strncpy (buf, "never", maxsize - 1);
- } else {
- time_t t = (time_t) date;
- tp = gmtime (&t);
---- a/src/login.c 2012-02-13 08:19:50.951994454 -0500
-+++ b/src/login.c 2012-02-13 08:21:04.490430937 -0500
-@@ -752,7 +752,8 @@
- _("%s login: "), hostn);
- } else {
- strncpy (loginprompt, _("login: "),
-- sizeof (loginprompt));
-+ sizeof (loginprompt) - 1);
-+ loginprompt[sizeof (loginprompt) - 1] = '\0';
- }
-
- retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
diff --git a/srcpkgs/shadow/patches/useradd-defaults.patch b/srcpkgs/shadow/patches/useradd-defaults.patch
new file mode 100644
index 00000000000000..38035df40cfcab
--- /dev/null
+++ b/srcpkgs/shadow/patches/useradd-defaults.patch
@@ -0,0 +1,21 @@
+diff --git a/src/useradd.c b/src/useradd.c
+index 677ea5a636f..49f55211a17 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -87,14 +87,14 @@ const char *Prog;
+ /*
+ * These defaults are used if there is no defaults file.
+ */
+-static gid_t def_group = 1000;
++static gid_t def_group = 100;
+ static const char *def_groups = "";
+ static const char *def_gname = "other";
+ static const char *def_home = "/home";
+ static const char *def_shell = "/bin/bash";
+ static const char *def_template = SKEL_DIR;
+ static const char *def_usrtemplate = USRSKELDIR;
+-static const char *def_create_mail_spool = "yes";
++static const char *def_create_mail_spool = "no";
+ static const char *def_log_init = "yes";
+
+ static long def_inactive = -1;
diff --git a/srcpkgs/shadow/patches/xstrdup.patch b/srcpkgs/shadow/patches/xstrdup.patch
deleted file mode 100644
index 562febcf4164f1..00000000000000
--- a/srcpkgs/shadow/patches/xstrdup.patch
+++ /dev/null
@@ -1,9 +0,0 @@
---- a/libmisc/xmalloc.c 2008-08-30 21:55:44.000000000 -0500
-+++ b/libmisc/xmalloc.c.new 2008-08-30 21:55:36.000000000 -0500
-@@ -61,5 +61,6 @@
-
- char *xstrdup (const char *str)
- {
-+ if(str == NULL) return NULL;
- return strcpy (xmalloc (strlen (str) + 1), str);
- }
diff --git a/srcpkgs/shadow/template b/srcpkgs/shadow/template
index c7ece33540c9a0..f3ed2daa9cfb62 100644
--- a/srcpkgs/shadow/template
+++ b/srcpkgs/shadow/template
@@ -1,23 +1,35 @@
# Template file for 'shadow'
pkgname=shadow
-version=4.8.1
-revision=3
+version=4.14.5
+revision=1
build_style=gnu-configure
-configure_args="--bindir=/usr/bin --sbindir=/usr/bin
- --enable-shared --disable-static
- --with-libpam --without-selinux --with-acl --with-attr --without-su
- --disable-nls --enable-subordinate-ids --disable-account-tools-setuid
+configure_args="--bindir=/usr/bin --sbindir=/usr/bin --libdir=/usr/lib
+ --enable-shared --disable-static --enable-lastlog --with-libpam
+ --without-selinux --with-acl --with-attr --without-su --disable-nls
+ --enable-subordinate-ids --disable-account-tools-setuid
--with-group-name-max-length=32"
-hostmakedepends="libtool"
-makedepends="acl-devel pam-devel"
+hostmakedepends="libtool pkg-config"
+makedepends="acl-devel pam-devel libbsd-devel"
depends="pam"
short_desc="Shadow password file utilities"
maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://github.com/shadow-maint/shadow"
distfiles="${homepage}/releases/download/${version}/shadow-${version}.tar.xz"
-checksum=a3ad4630bdc41372f02a647278a8c3514844295d36eefe68ece6c3a641c1ae62
-conf_files="/etc/pam.d/* /etc/default/* /etc/login.defs"
+checksum=cba74bc7b05d89c015afe23131f9159ece38779d40a8af4cf162852e6e85ca23
+conf_files="
+ /etc/pam.d/chage
+ /etc/pam.d/chgpasswd
+ /etc/pam.d/chpasswd
+ /etc/pam.d/groupadd
+ /etc/pam.d/groupdel
+ /etc/pam.d/groupmems
+ /etc/pam.d/groupmod
+ /etc/pam.d/newusers
+ /etc/pam.d/passwd
+ /etc/pam.d/useradd
+ /etc/pam.d/userdel
+ /etc/pam.d/usermod"
if [ "$XBPS_TARGET_LIBC" = "glibc" ]; then
makedepends+=" libxcrypt-devel"
@@ -32,14 +44,16 @@ pre_configure() {
do_build() {
# Don't install groups(1), we use the one from coreutils.
- sed -i 's/groups$(EXEEXT) //' src/Makefile
- for f in $(find man -name Makefile); do
+ sed -i 's/groups$(EXEEXT) //' src/Makefile.in
+ for f in $(find man -name Makefile.in); do
sed -i 's/groups\.1 / /' $f
done
make ${makejobs}
}
post_install() {
+ make -C man DESTDIR="$DESTDIR" install-man
+
mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin
# Install our pam files not the ones supplied with shadow.
@@ -51,14 +65,6 @@ post_install() {
groupmod newusers useradd userdel usermod; do
install -m644 $DESTDIR/etc/pam.d/chage $DESTDIR/etc/pam.d/${f}
done
- install -m644 ${FILESDIR}/login.defs ${DESTDIR}/etc
-
- # Disable creating mailbox files by default.
- sed -i -e 's/yes/no/' $DESTDIR/etc/default/useradd
- # Change default group to the users gid (100).
- sed -i -e 's/^\(GROUP\)=\(.*\)$/\1=100/' ${DESTDIR}/etc/default/useradd
-
- chmod 644 ${DESTDIR}/etc/default/useradd
# Install the cron daily job.
install -Dm744 ${FILESDIR}/shadow.cron-daily \
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (10 preceding siblings ...)
2024-02-20 10:03 ` [PR PATCH] [Updated] " dataCobra
@ 2024-02-20 10:05 ` dataCobra
2024-02-20 10:07 ` dataCobra
` (57 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-02-20 10:05 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 761 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1953870513
Comment:
> Some distros are also carrying this patch https://git.alpinelinux.org/aports/tree/community/shadow/fix-undefined-reference.patch Maybe it's useful?
I've added the patch and everything still builds fine.
> As a reference, /usr/bin/lastlog and its manpage are now gone, and there are new /usr/bin/getsubids and its manpage
Forgot to add the new configuration argument to add lastlog. Fixed with the new push.
> also the file login.defs seems outdated. distros like arch and chimera patch it instead of replacing it.
I've checked what Arch did and added and modified patch 2 and 3 so they fit our needs.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (11 preceding siblings ...)
2024-02-20 10:05 ` dataCobra
@ 2024-02-20 10:07 ` dataCobra
2024-02-20 14:21 ` [PR REVIEW] " dkwo
` (56 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-02-20 10:07 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 873 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1953870513
Comment:
> Some distros are also carrying this patch https://git.alpinelinux.org/aports/tree/community/shadow/fix-undefined-reference.patch Maybe it's useful?
I've added the patch and everything still builds fine.
> As a reference, /usr/bin/lastlog and its manpage are now gone, and there are new /usr/bin/getsubids and its manpage
Forgot to add the new configuration argument to add lastlog. Fixed with the new push.
> also the file login.defs seems outdated. distros like arch and chimera patch it instead of replacing it.
I've checked what Arch did and added and modified patch 2 and 3 so they fit our needs. The file will now be installed from shadow itself and patched beforehand. I removed the fixed file we provided.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR REVIEW] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (12 preceding siblings ...)
2024-02-20 10:07 ` dataCobra
@ 2024-02-20 14:21 ` dkwo
2024-02-20 14:21 ` dkwo
` (55 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dkwo @ 2024-02-20 14:21 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 199 bytes --]
New review comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#discussion_r1495903780
Comment:
this is strange though. maybe check with a maintainer?
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR REVIEW] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (13 preceding siblings ...)
2024-02-20 14:21 ` [PR REVIEW] " dkwo
@ 2024-02-20 14:21 ` dkwo
2024-02-20 14:23 ` dkwo
` (54 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dkwo @ 2024-02-20 14:21 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 180 bytes --]
New review comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#discussion_r1495904178
Comment:
this is still removed for no reason
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (14 preceding siblings ...)
2024-02-20 14:21 ` dkwo
@ 2024-02-20 14:23 ` dkwo
2024-02-20 15:11 ` [PR PATCH] [Updated] " dataCobra
` (53 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dkwo @ 2024-02-20 14:23 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 281 bytes --]
New comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1954323235
Comment:
about the patches from arch linux: they may need more adaptating to our needs. for example, yescrypt needs a build option if i remember right.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR PATCH] [Updated] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (15 preceding siblings ...)
2024-02-20 14:23 ` dkwo
@ 2024-02-20 15:11 ` dataCobra
2024-02-20 15:13 ` dataCobra
` (52 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-02-20 15:11 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 674 bytes --]
There is an updated pull request by dataCobra against master on the void-packages repository
https://github.com/dataCobra/void-packages shadow
https://github.com/void-linux/void-packages/pull/48813
shadow: update to 4.14.5.
#### Testing the changes
- I tested the changes in this PR: **YES**
#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- x86_64-musl
- i686
I welcome everyone to test this version. Maybe also on a new installation.
A patch file from https://github.com/void-linux/void-packages/pull/48813.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-shadow-48813.patch --]
[-- Type: text/x-diff, Size: 36524 bytes --]
From 0eb68566b5438528d79dba87ab17bb788bc4510c Mon Sep 17 00:00:00 2001
From: dataCobra <datacobra@thinkbot.de>
Date: Tue, 20 Feb 2024 16:11:21 +0100
Subject: [PATCH] shadow: update to 4.14.5.
---
common/shlibs | 1 +
srcpkgs/shadow/files/login.defs | 87 ---
...pt-login.defs-for-PAM-and-util-linux.patch | 721 ++++++++++++++++++
...d-Arch-Linux-defaults-for-login.defs.patch | 55 ++
.../patches/fix-undefined-reference.patch | 19 +
.../shadow/patches/shadow-strncpy-usage.patch | 23 -
srcpkgs/shadow/patches/useradd-defaults.patch | 21 +
srcpkgs/shadow/patches/xstrdup.patch | 9 -
srcpkgs/shadow/template | 46 +-
9 files changed, 843 insertions(+), 139 deletions(-)
delete mode 100644 srcpkgs/shadow/files/login.defs
create mode 100644 srcpkgs/shadow/patches/0002-Adapt-login.defs-for-PAM-and-util-linux.patch
create mode 100644 srcpkgs/shadow/patches/0003-Add-Arch-Linux-defaults-for-login.defs.patch
create mode 100644 srcpkgs/shadow/patches/fix-undefined-reference.patch
delete mode 100644 srcpkgs/shadow/patches/shadow-strncpy-usage.patch
create mode 100644 srcpkgs/shadow/patches/useradd-defaults.patch
delete mode 100644 srcpkgs/shadow/patches/xstrdup.patch
diff --git a/common/shlibs b/common/shlibs
index 34596bac98f4b5..6bd786075ec1d8 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -4277,3 +4277,4 @@ libunicode_ucd.so.0.4 libunicode-0.4.0_1
libunicode_loader.so.0.4 libunicode-0.4.0_1
force-stage.so.0.1 void-force-stage-0.1_1
libliftoff.so.0 libliftoff-0.4.1_1
+libsubid.so.4 shadow-4.14.5_1
diff --git a/srcpkgs/shadow/files/login.defs b/srcpkgs/shadow/files/login.defs
deleted file mode 100644
index 350764846af4b0..00000000000000
--- a/srcpkgs/shadow/files/login.defs
+++ /dev/null
@@ -1,87 +0,0 @@
-# Configuration file for login(1). For more information see
-# login.defs(5).
-
-# Directory where mailboxes reside, _or_ name of file, relative to the
-# home directory. If you do define both, MAIL_DIR takes precedence.
-#
-MAIL_DIR /var/mail
-#MAIL_FILE .mail
-
-# Password aging controls:
-#
-# PASS_MAX_DAYS Maximum number of days a password may be used.
-# PASS_MIN_DAYS Minimum number of days allowed between password changes.
-# PASS_MIN_LEN Minimum acceptable password length.
-# PASS_WARN_AGE Number of days warning given before a password expires.
-PASS_MAX_DAYS 99999
-PASS_MIN_DAYS 0
-PASS_WARN_AGE 7
-
-# Min/max values for automatic uid selection in useradd
-UID_MIN 1000
-UID_MAX 60000
-# System accounts
-SYS_UID_MIN 100
-SYS_UID_MAX 999
-
-# Min/max values for automatic gid selection in groupadd
-GID_MIN 1000
-GID_MAX 60000
-# System accounts
-SYS_GID_MIN 100
-SYS_GID_MAX 999
-
-# If useradd should create home directories for users by default
-CREATE_HOME yes
-
-# This enables userdel to remove user groups if no members exist.
-USERGROUPS_ENAB yes
-
-# Disable MOTD_FILE (empty); use pam_motd(8) instead.
-MOTD_FILE
-
-
-# If defined, either full pathname of a file containing device names or
-# a ":" delimited list of device names. Root logins will be allowed only
-# upon these devices.
-#
-CONSOLE /etc/securetty
-
-# Terminal permissions
-#
-# TTYGROUP Login tty will be assigned this group ownership.
-# TTYPERM Login tty will be set to this permission.
-#
-# If you have a "write" program which is "setgid" to a special group
-# which owns the terminals, define TTYGROUP to the group number and
-# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
-# TTYPERM to either 622 or 600.
-#
-TTYGROUP tty
-TTYPERM 0600
-
-# Login configuration initializations:
-#
-# ERASECHAR Terminal ERASE character ('\010' = backspace).
-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
-# UMASK Default "umask" value.
-#
-# The ERASECHAR and KILLCHAR are used only on System V machines.
-# The ULIMIT is used only if the system supports it.
-# (now it works with setrlimit too; ulimit is in 512-byte units)
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
-ERASECHAR 0177
-KILLCHAR 025
-UMASK 022
-HOME_MODE 0700
-
-# Max number of login retries if password is bad
-#
-LOGIN_RETRIES 5
-
-#
-# Max time in seconds for login
-#
-LOGIN_TIMEOUT 60
diff --git a/srcpkgs/shadow/patches/0002-Adapt-login.defs-for-PAM-and-util-linux.patch b/srcpkgs/shadow/patches/0002-Adapt-login.defs-for-PAM-and-util-linux.patch
new file mode 100644
index 00000000000000..dc794a7c14591f
--- /dev/null
+++ b/srcpkgs/shadow/patches/0002-Adapt-login.defs-for-PAM-and-util-linux.patch
@@ -0,0 +1,721 @@
+From dcc12b1d2bd612923c6c73d0da92fbe1aefa46b1 Mon Sep 17 00:00:00 2001
+From: David Runge <dvzrv@archlinux.org>
+Date: Mon, 31 Oct 2022 09:45:13 +0100
+Subject: [PATCH 2/3] Adapt login.defs for PAM and util-linux
+
+etc/login.defs:
+Remove unused login.defs options, that are either irrelevant due to the
+use of PAM or because the util-linux version of a binary does not
+support them.
+Modify all options that are ignored when using PAM, but are supported by
+util-linux.
+
+Removed options because they are part of PAMDEFS (options in PAMDEFS are
+options silently ignored by shadow when built with PAM enabled):
+* CHFN_AUTH
+* CRACKLIB_DICTPATH
+* ENV_HZ
+* ENVIRON_FILE
+* ENV_TZ
+* FAILLOG_ENAB
+* FTMP_FILE
+* ISSUE_FILE
+* LASTLOG_ENAB
+* LOGIN_STRING
+* MAIL_CHECK_ENAB
+* NOLOGINS_FILE
+* OBSCURE_CHECKS_ENAB
+* PASS_ALWAYS_WARN
+* PASS_CHANGE_TRIES
+* PASS_MAX_LEN
+* PASS_MIN_LEN
+* PORTTIME_CHECKS_ENAB
+* QUOTAS_ENAB
+* SU_WHEEL_ONLY
+* SYSLOG_SU_ENAB
+* ULIMIT
+
+Removed options because they are not availablbe with PAM enabled:
+* BCRYPT_MIN_ROUNDS
+* BCRYPT_MAX_ROUNDS
+* CONSOLE_GROUPS
+* CONSOLE
+* MD5_CRYPT_ENAB
+* PREVENT_NO_AUTH
+
+Removed encryption methods (`ENCRYPT_METHOD`), because they are unsafe
+or not available with PAM:
+* BCRYPT
+* MD5
+
+Removed options because they are not supported by login from util-linux:
+* ERASECHAR
+* KILLCHAR
+* LOG_OK_LOGINS
+* TTYTYPE_FILE
+
+Removed options because they are not supported by su from util-linux:
+* SULOG_FILE
+* SU_NAME
+
+Adapted options because they are in PAMDEFS but are supported by login
+from util-linux:
+* MOTD_FILE
+
+man/login.defs.5.xml:
+Remove unavailable options from man 5 login.defs.
+---
+ etc/login.defs | 228 +------------------------------------------
+ man/login.defs.5.xml | 150 +---------------------------
+ 2 files changed, 8 insertions(+), 370 deletions(-)
+
+diff --git a/etc/login.defs b/etc/login.defs
+index 114dbcd9..797ca6b3 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -3,6 +3,8 @@
+ #
+ # $Id$
+ #
++# NOTE: This file is adapted for the use on Arch Linux!
++# Unsupported options due to the use of util-linux or PAM are removed.
+
+ #
+ # Delay in seconds before being allowed another attempt after a login failure
+@@ -11,26 +13,11 @@
+ #
+ FAIL_DELAY 3
+
+-#
+-# Enable logging and display of /var/log/faillog login(1) failure info.
+-#
+-FAILLOG_ENAB yes
+-
+ #
+ # Enable display of unknown usernames when login(1) failures are recorded.
+ #
+ LOG_UNKFAIL_ENAB no
+
+-#
+-# Enable logging of successful logins
+-#
+-LOG_OK_LOGINS no
+-
+-#
+-# Enable logging and display of /var/log/lastlog login(1) time info.
+-#
+-LASTLOG_ENAB yes
+-
+ #
+ # Limit the highest user ID number for which the lastlog entries should
+ # be updated.
+@@ -40,88 +27,13 @@ LASTLOG_ENAB yes
+ #
+ #LASTLOG_UID_MAX
+
+-#
+-# Enable checking and display of mailbox status upon login.
+-#
+-# Disable if the shell startup files already check for mail
+-# ("mailx -e" or equivalent).
+-#
+-MAIL_CHECK_ENAB yes
+-
+-#
+-# Enable additional checks upon password changes.
+-#
+-OBSCURE_CHECKS_ENAB yes
+-
+-#
+-# Enable checking of time restrictions specified in /etc/porttime.
+-#
+-PORTTIME_CHECKS_ENAB yes
+-
+-#
+-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
+-#
+-QUOTAS_ENAB yes
+-
+-#
+-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
+-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
+-#
+-SYSLOG_SU_ENAB yes
+-SYSLOG_SG_ENAB yes
+-
+-#
+-# If defined, either full pathname of a file containing device names or
+-# a ":" delimited list of device names. Root logins will be allowed only
+-# from these devices.
+-#
+-CONSOLE /etc/securetty
+-#CONSOLE console:tty01:tty02:tty03:tty04
+-
+-#
+-# If defined, all su(1) activity is logged to this file.
+-#
+-#SULOG_FILE /var/log/sulog
+-
+ #
+ # If defined, ":" delimited list of "message of the day" files to
+ # be displayed upon login.
+ #
+-MOTD_FILE /etc/motd
++MOTD_FILE
+ #MOTD_FILE /etc/motd:/usr/lib/news/news-motd
+
+-#
+-# If defined, this file will be output before each login(1) prompt.
+-#
+-#ISSUE_FILE /etc/issue
+-
+-#
+-# If defined, file which maps tty line to TERM environment parameter.
+-# Each line of the file is in a format similar to "vt100 tty01".
+-#
+-#TTYTYPE_FILE /etc/ttytype
+-
+-#
+-# If defined, login(1) failures will be logged here in a utmp format.
+-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
+-#
+-FTMP_FILE /var/log/btmp
+-
+-#
+-# If defined, name of file whose presence will inhibit non-root
+-# logins. The content of this file should be a message indicating
+-# why logins are inhibited.
+-#
+-NOLOGINS_FILE /etc/nologin
+-
+-#
+-# If defined, the command name to display when running "su -". For
+-# example, if this is defined as "su" then ps(1) will display the
+-# command as "-su". If not defined, then ps(1) will display the
+-# name of the shell actually being run, e.g. something like "-sh".
+-#
+-SU_NAME su
+-
+ #
+ # *REQUIRED*
+ # Directory where mailboxes reside, _or_ name of file, relative to the
+@@ -139,21 +51,6 @@ MAIL_DIR /var/spool/mail
+ HUSHLOGIN_FILE .hushlogin
+ #HUSHLOGIN_FILE /etc/hushlogins
+
+-#
+-# If defined, either a TZ environment parameter spec or the
+-# fully-rooted pathname of a file containing such a spec.
+-#
+-#ENV_TZ TZ=CST6CDT
+-#ENV_TZ /etc/tzname
+-
+-#
+-# If defined, an HZ environment parameter spec.
+-#
+-# for Linux/x86
+-ENV_HZ HZ=100
+-# For Linux/Alpha...
+-#ENV_HZ HZ=1024
+-
+ #
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+@@ -175,23 +72,6 @@ ENV_PATH PATH=/bin:/usr/bin
+ TTYGROUP tty
+ TTYPERM 0600
+
+-#
+-# Login configuration initializations:
+-#
+-# ERASECHAR Terminal ERASE character ('\010' = backspace).
+-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
+-# ULIMIT Default "ulimit" value.
+-#
+-# The ERASECHAR and KILLCHAR are used only on System V machines.
+-# The ULIMIT is used only if the system supports it.
+-# (now it works with setrlimit too; ulimit is in 512-byte units)
+-#
+-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+-#
+-ERASECHAR 0177
+-KILLCHAR 025
+-#ULIMIT 2097152
+-
+ # Default initial "umask" value used by login(1) on non-PAM enabled systems.
+ # Default "umask" value for pam_umask(8) on PAM enabled systems.
+ # UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+@@ -211,27 +91,12 @@ UMASK 022
+ #
+ # PASS_MAX_DAYS Maximum number of days a password may be used.
+ # PASS_MIN_DAYS Minimum number of days allowed between password changes.
+-# PASS_MIN_LEN Minimum acceptable password length.
+ # PASS_WARN_AGE Number of days warning given before a password expires.
+ #
+ PASS_MAX_DAYS 99999
+ PASS_MIN_DAYS 0
+-PASS_MIN_LEN 5
+ PASS_WARN_AGE 7
+
+-#
+-# If "yes", the user must be listed as a member of the first gid 0 group
+-# in /etc/group (called "root" on most Linux systems) to be able to "su"
+-# to uid 0 accounts. If the group doesn't exist or is empty, no one
+-# will be able to "su" to uid 0.
+-#
+-SU_WHEEL_ONLY no
+-
+-#
+-# If compiled with cracklib support, sets the path to the dictionaries
+-#
+-CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
+-
+ #
+ # Min/max values for automatic uid selection in useradd(8)
+ #
+@@ -268,28 +133,6 @@ LOGIN_RETRIES 5
+ #
+ LOGIN_TIMEOUT 60
+
+-#
+-# Maximum number of attempts to change password if rejected (too easy)
+-#
+-PASS_CHANGE_TRIES 5
+-
+-#
+-# Warn about weak passwords (but still allow them) if you are root.
+-#
+-PASS_ALWAYS_WARN yes
+-
+-#
+-# Number of significant characters in the password for crypt().
+-# Default is 8, don't change unless your crypt() is better.
+-# Ignored if MD5_CRYPT_ENAB set to "yes".
+-#
+-#PASS_MAX_LEN 8
+-
+-#
+-# Require password before chfn(1)/chsh(1) can make any changes.
+-#
+-CHFN_AUTH yes
+-
+ #
+ # Which fields may be changed by regular users using chfn(1) - use
+ # any combination of letters "frwh" (full name, room number, work
+@@ -298,38 +141,13 @@ CHFN_AUTH yes
+ #
+ CHFN_RESTRICT rwh
+
+-#
+-# Password prompt (%s will be replaced by user name).
+-#
+-# XXX - it doesn't work correctly yet, for now leave it commented out
+-# to use the default which is just "Password: ".
+-#LOGIN_STRING "%s's Password: "
+-
+-#
+-# Only works if compiled with MD5_CRYPT defined:
+-# If set to "yes", new passwords will be encrypted using the MD5-based
+-# algorithm compatible with the one used by recent releases of FreeBSD.
+-# It supports passwords of unlimited length and longer salt strings.
+-# Set to "no" if you need to copy encrypted passwords to other systems
+-# which don't understand the new algorithm. Default is "no".
+-#
+-# Note: If you use PAM, it is recommended to use a value consistent with
+-# the PAM modules configuration.
+-#
+-# This variable is deprecated. You should use ENCRYPT_METHOD instead.
+-#
+-#MD5_CRYPT_ENAB no
+-
+ #
+ # Only works if compiled with ENCRYPTMETHOD_SELECT defined:
+-# If set to MD5, MD5-based algorithm will be used for encrypting password
+ # If set to SHA256, SHA256-based algorithm will be used for encrypting password
+ # If set to SHA512, SHA512-based algorithm will be used for encrypting password
+-# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
+ # If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
+ # If set to DES, DES-based algorithm will be used for encrypting password (default)
+ # MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
+-# Overrides the MD5_CRYPT_ENAB option
+ #
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+@@ -353,21 +171,6 @@ CHFN_RESTRICT rwh
+ #SHA_CRYPT_MIN_ROUNDS 5000
+ #SHA_CRYPT_MAX_ROUNDS 5000
+
+-#
+-# Only works if ENCRYPT_METHOD is set to BCRYPT.
+-#
+-# Define the number of BCRYPT rounds.
+-# With a lot of rounds, it is more difficult to brute-force the password.
+-# However, more CPU resources will be needed to authenticate users if
+-# this value is increased.
+-#
+-# If not specified, 13 rounds will be attempted.
+-# If only one of the MIN or MAX values is set, then this value will be used.
+-# If MIN > MAX, the highest value will be used.
+-#
+-#BCRYPT_MIN_ROUNDS 13
+-#BCRYPT_MAX_ROUNDS 13
+-
+ #
+ # Only works if ENCRYPT_METHOD is set to YESCRYPT.
+ #
+@@ -381,17 +184,6 @@ CHFN_RESTRICT rwh
+ #
+ #YESCRYPT_COST_FACTOR 5
+
+-#
+-# List of groups to add to the user's supplementary group set
+-# when logging in from the console (as determined by the CONSOLE
+-# setting). Default is none.
+-#
+-# Use with caution - it is possible for users to gain permanent
+-# access to these groups, even when not logged in from the console.
+-# How to do it is left as an exercise for the reader...
+-#
+-#CONSOLE_GROUPS floppy:audio:cdrom
+-
+ #
+ # Should login be allowed if we can't cd to the home directory?
+ # Default is no.
+@@ -406,12 +198,6 @@ DEFAULT_HOME yes
+ #
+ NONEXISTENT /nonexistent
+
+-#
+-# If this file exists and is readable, login environment will be
+-# read from it. Every line should be in the form name=value.
+-#
+-ENVIRON_FILE /etc/environment
+-
+ #
+ # If defined, this command is run when removing a user.
+ # It should remove any at/cron/print jobs etc. owned by
+@@ -459,14 +245,6 @@ USERGROUPS_ENAB yes
+ #
+ #GRANT_AUX_GROUP_SUBIDS yes
+
+-#
+-# Prevents an empty password field to be interpreted as "no authentication
+-# required".
+-# Set to "yes" to prevent for all accounts
+-# Set to "superuser" to prevent for UID 0 / root (default)
+-# Set to "no" to not prevent for any account (dangerous, historical default)
+-PREVENT_NO_AUTH superuser
+-
+ #
+ # Select the HMAC cryptography algorithm.
+ # Used in pam_timestamp module to calculate the keyed-hash message
+diff --git a/man/login.defs.5.xml b/man/login.defs.5.xml
+index ab62fa86..d82c47f1 100644
+--- a/man/login.defs.5.xml
++++ b/man/login.defs.5.xml
+@@ -7,69 +7,38 @@
+ -->
+ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+-<!ENTITY CHFN_AUTH SYSTEM "login.defs.d/CHFN_AUTH.xml">
+ <!ENTITY CHFN_RESTRICT SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
+-<!ENTITY CHSH_AUTH SYSTEM "login.defs.d/CHSH_AUTH.xml">
+-<!ENTITY CONSOLE SYSTEM "login.defs.d/CONSOLE.xml">
+-<!ENTITY CONSOLE_GROUPS SYSTEM "login.defs.d/CONSOLE_GROUPS.xml">
+ <!ENTITY CREATE_HOME SYSTEM "login.defs.d/CREATE_HOME.xml">
+ <!ENTITY DEFAULT_HOME SYSTEM "login.defs.d/DEFAULT_HOME.xml">
+ <!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
+-<!ENTITY ENV_HZ SYSTEM "login.defs.d/ENV_HZ.xml">
+ <!ENTITY ENV_PATH SYSTEM "login.defs.d/ENV_PATH.xml">
+ <!ENTITY ENV_SUPATH SYSTEM "login.defs.d/ENV_SUPATH.xml">
+-<!ENTITY ENV_TZ SYSTEM "login.defs.d/ENV_TZ.xml">
+-<!ENTITY ENVIRON_FILE SYSTEM "login.defs.d/ENVIRON_FILE.xml">
+-<!ENTITY ERASECHAR SYSTEM "login.defs.d/ERASECHAR.xml">
+ <!ENTITY FAIL_DELAY SYSTEM "login.defs.d/FAIL_DELAY.xml">
+-<!ENTITY FAILLOG_ENAB SYSTEM "login.defs.d/FAILLOG_ENAB.xml">
+-<!ENTITY FAKE_SHELL SYSTEM "login.defs.d/FAKE_SHELL.xml">
+-<!ENTITY FTMP_FILE SYSTEM "login.defs.d/FTMP_FILE.xml">
+ <!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
+ <!ENTITY HMAC_CRYPTO_ALGO SYSTEM "login.defs.d/HMAC_CRYPTO_ALGO.xml">
+ <!ENTITY HOME_MODE SYSTEM "login.defs.d/HOME_MODE.xml">
+ <!ENTITY HUSHLOGIN_FILE SYSTEM "login.defs.d/HUSHLOGIN_FILE.xml">
+-<!ENTITY ISSUE_FILE SYSTEM "login.defs.d/ISSUE_FILE.xml">
+-<!ENTITY KILLCHAR SYSTEM "login.defs.d/KILLCHAR.xml">
+-<!ENTITY LASTLOG_ENAB SYSTEM "login.defs.d/LASTLOG_ENAB.xml">
+ <!ENTITY LASTLOG_UID_MAX SYSTEM "login.defs.d/LASTLOG_UID_MAX.xml">
+-<!ENTITY LOG_OK_LOGINS SYSTEM "login.defs.d/LOG_OK_LOGINS.xml">
+ <!ENTITY LOG_UNKFAIL_ENAB SYSTEM "login.defs.d/LOG_UNKFAIL_ENAB.xml">
+ <!ENTITY LOGIN_RETRIES SYSTEM "login.defs.d/LOGIN_RETRIES.xml">
+-<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
+ <!ENTITY LOGIN_TIMEOUT SYSTEM "login.defs.d/LOGIN_TIMEOUT.xml">
+-<!ENTITY MAIL_CHECK_ENAB SYSTEM "login.defs.d/MAIL_CHECK_ENAB.xml">
+ <!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
+ <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
+-<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
+ <!ENTITY MOTD_FILE SYSTEM "login.defs.d/MOTD_FILE.xml">
+-<!ENTITY NOLOGINS_FILE SYSTEM "login.defs.d/NOLOGINS_FILE.xml">
+ <!ENTITY NONEXISTENT SYSTEM "login.defs.d/NONEXISTENT.xml">
+-<!ENTITY OBSCURE_CHECKS_ENAB SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
+-<!ENTITY PASS_ALWAYS_WARN SYSTEM "login.defs.d/PASS_ALWAYS_WARN.xml">
+-<!ENTITY PASS_CHANGE_TRIES SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
+-<!ENTITY PASS_MAX_LEN SYSTEM "login.defs.d/PASS_MAX_LEN.xml">
+ <!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
+ <!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
+ <!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
+-<!ENTITY PORTTIME_CHECKS_ENAB SYSTEM "login.defs.d/PORTTIME_CHECKS_ENAB.xml">
+-<!ENTITY QUOTAS_ENAB SYSTEM "login.defs.d/QUOTAS_ENAB.xml">
+ <!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+-<!ENTITY SULOG_FILE SYSTEM "login.defs.d/SULOG_FILE.xml">
+-<!ENTITY SU_NAME SYSTEM "login.defs.d/SU_NAME.xml">
+-<!ENTITY SU_WHEEL_ONLY SYSTEM "login.defs.d/SU_WHEEL_ONLY.xml">
+ <!ENTITY SUB_GID_COUNT SYSTEM "login.defs.d/SUB_GID_COUNT.xml">
+ <!ENTITY SUB_UID_COUNT SYSTEM "login.defs.d/SUB_UID_COUNT.xml">
+ <!ENTITY SYS_GID_MAX SYSTEM "login.defs.d/SYS_GID_MAX.xml">
+ <!ENTITY SYSLOG_SG_ENAB SYSTEM "login.defs.d/SYSLOG_SG_ENAB.xml">
+-<!ENTITY SYSLOG_SU_ENAB SYSTEM "login.defs.d/SYSLOG_SU_ENAB.xml">
+ <!ENTITY SYS_UID_MAX SYSTEM "login.defs.d/SYS_UID_MAX.xml">
+ <!ENTITY TCB_AUTH_GROUP SYSTEM "login.defs.d/TCB_AUTH_GROUP.xml">
+ <!ENTITY TCB_SYMLINKS SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
+ <!ENTITY TTYGROUP SYSTEM "login.defs.d/TTYGROUP.xml">
+-<!ENTITY TTYTYPE_FILE SYSTEM "login.defs.d/TTYTYPE_FILE.xml">
+ <!ENTITY UID_MAX SYSTEM "login.defs.d/UID_MAX.xml">
+-<!ENTITY ULIMIT SYSTEM "login.defs.d/ULIMIT.xml">
+ <!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
+ <!ENTITY USERDEL_CMD SYSTEM "login.defs.d/USERDEL_CMD.xml">
+ <!ENTITY USERGROUPS_ENAB SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
+@@ -145,47 +114,25 @@
+ <para>The following configuration items are provided:</para>
+
+ <variablelist remap='IP'>
+- &CHFN_AUTH;
+ &CHFN_RESTRICT;
+- &CHSH_AUTH;
+- &CONSOLE;
+- &CONSOLE_GROUPS;
+ &CREATE_HOME;
+ &DEFAULT_HOME;
+ &ENCRYPT_METHOD;
+- &ENV_HZ;
+ &ENV_PATH;
+ &ENV_SUPATH;
+- &ENV_TZ;
+- &ENVIRON_FILE;
+- &ERASECHAR;
+ &FAIL_DELAY;
+- &FAILLOG_ENAB;
+- &FAKE_SHELL;
+- &FTMP_FILE;
+ &GID_MAX; <!-- documents also GID_MIN -->
+ &HMAC_CRYPTO_ALGO;
+ &HOME_MODE;
+ &HUSHLOGIN_FILE;
+- &ISSUE_FILE;
+- &KILLCHAR;
+- &LASTLOG_ENAB;
+ &LASTLOG_UID_MAX;
+- &LOG_OK_LOGINS;
+ &LOG_UNKFAIL_ENAB;
+ &LOGIN_RETRIES;
+- &LOGIN_STRING;
+ &LOGIN_TIMEOUT;
+- &MAIL_CHECK_ENAB;
+ &MAIL_DIR;
+ &MAX_MEMBERS_PER_GROUP;
+- &MD5_CRYPT_ENAB;
+ &MOTD_FILE;
+- &NOLOGINS_FILE;
+ &NONEXISTENT;
+- &OBSCURE_CHECKS_ENAB;
+- &PASS_ALWAYS_WARN;
+- &PASS_CHANGE_TRIES;
+ &PASS_MAX_DAYS;
+ &PASS_MIN_DAYS;
+ &PASS_WARN_AGE;
+@@ -195,25 +142,16 @@
+ time of account creation. Any changes to these settings won't affect
+ existing accounts.
+ </para>
+- &PASS_MAX_LEN; <!-- documents also PASS_MIN_LEN -->
+- &PORTTIME_CHECKS_ENAB;
+- "AS_ENAB;
+ &SHA_CRYPT_MIN_ROUNDS; <!-- documents also SHA_CRYPT_MAX_ROUNDS -->
+- &SULOG_FILE;
+- &SU_NAME;
+- &SU_WHEEL_ONLY;
+ &SUB_GID_COUNT; <!-- documents also SUB_GID_MIN SUB_GID_MAX -->
+ &SUB_UID_COUNT; <!-- documents also SUB_UID_MIN SUB_UID_MAX -->
+ &SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
+ &SYS_UID_MAX; <!-- documents also SYS_UID_MIN -->
+ &SYSLOG_SG_ENAB;
+- &SYSLOG_SU_ENAB;
+ &TCB_AUTH_GROUP;
+ &TCB_SYMLINKS;
+ &TTYGROUP;
+- &TTYTYPE_FILE;
+ &UID_MAX; <!-- documents also UID_MIN -->
+- &ULIMIT;
+ &UMASK;
+ &USERDEL_CMD;
+ &USERGROUPS_ENAB;
+@@ -239,9 +177,7 @@
+ <term>chfn</term>
+ <listitem>
+ <para>
+- <phrase condition="no_pam">CHFN_AUTH</phrase>
+ CHFN_RESTRICT
+- <phrase condition="no_pam">LOGIN_STRING</phrase>
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -249,7 +185,7 @@
+ <term>chgpasswd</term>
+ <listitem>
+ <para>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -259,8 +195,6 @@
+ <term>chpasswd</term>
+ <listitem>
+ <para>
+- <phrase condition="no_pam">ENCRYPT_METHOD
+- MD5_CRYPT_ENAB </phrase>
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -270,7 +204,7 @@
+ <term>chsh</term>
+ <listitem>
+ <para>
+- CHSH_AUTH LOGIN_STRING
++ CHSH_AUTH
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -280,7 +214,7 @@
+ <term>gpasswd</term>
+ <listitem>
+ <para>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -339,35 +273,6 @@
+ <para>LASTLOG_UID_MAX</para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>login</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENV_PATH ENV_SUPATH
+- ENV_TZ ENVIRON_FILE</phrase>
+- ERASECHAR FAIL_DELAY
+- <phrase condition="no_pam">FAILLOG_ENAB</phrase>
+- FAKE_SHELL
+- <phrase condition="no_pam">FTMP_FILE</phrase>
+- HUSHLOGIN_FILE
+- <phrase condition="no_pam">ISSUE_FILE</phrase>
+- KILLCHAR
+- <phrase condition="no_pam">LASTLOG_ENAB LASTLOG_UID_MAX</phrase>
+- LOGIN_RETRIES
+- <phrase condition="no_pam">LOGIN_STRING</phrase>
+- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
+- <phrase condition="no_pam">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
+- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
+- QUOTAS_ENAB</phrase>
+- TTYGROUP TTYPERM TTYTYPE_FILE
+- <phrase condition="no_pam">ULIMIT UMASK</phrase>
+- USERGROUPS_ENAB
+- </para>
+- </listitem>
+- </varlistentry>
+- <!-- logoutd: no variables -->
+ <varlistentry>
+ <term>newgrp / sg</term>
+ <listitem>
+@@ -382,7 +287,7 @@
+ <para>
+ ENCRYPT_METHOD
+ GID_MAX GID_MIN
+- MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ MAX_MEMBERS_PER_GROUP
+ HOME_MODE
+ PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+@@ -399,8 +304,7 @@
+ <term>passwd</term>
+ <listitem>
+ <para>
+- ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
+- PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
++ ENCRYPT_METHOD
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -432,32 +336,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>su</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENVIRON_FILE</phrase>
+- ENV_PATH ENV_SUPATH
+- <phrase condition="no_pam">ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
+- MAIL_DIR MAIL_FILE QUOTAS_ENAB</phrase>
+- SULOG_FILE SU_NAME
+- <phrase condition="no_pam">SU_WHEEL_ONLY</phrase>
+- SYSLOG_SU_ENAB
+- <phrase condition="no_pam">USERGROUPS_ENAB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry>
+- <term>sulogin</term>
+- <listitem>
+- <para>
+- ENV_HZ
+- <phrase condition="no_pam">ENV_TZ</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+ <varlistentry>
+ <term>useradd</term>
+ <listitem>
+@@ -486,24 +364,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>usermod</term>
+- <listitem>
+- <para>
+- LASTLOG_UID_MAX
+- MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP
+- <phrase condition="tcb">TCB_SYMLINKS USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry condition="tcb">
+- <term>vipw</term>
+- <listitem>
+- <para>
+- <phrase condition="tcb">USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+ </variablelist>
+ </refsect1>
+
+--
+2.43.2
+
diff --git a/srcpkgs/shadow/patches/0003-Add-Arch-Linux-defaults-for-login.defs.patch b/srcpkgs/shadow/patches/0003-Add-Arch-Linux-defaults-for-login.defs.patch
new file mode 100644
index 00000000000000..e8b5885d1250bf
--- /dev/null
+++ b/srcpkgs/shadow/patches/0003-Add-Arch-Linux-defaults-for-login.defs.patch
@@ -0,0 +1,55 @@
+From 7eb2d0b9eff128c404ef7a6d07aa597ac9ca2d84 Mon Sep 17 00:00:00 2001
+From: David Runge <dvzrv@archlinux.org>
+Date: Mon, 31 Oct 2022 10:10:22 +0100
+Subject: [PATCH 3/3] Add Arch Linux defaults for login.defs
+
+etc/login.defs:
+- Change `ENV_SUPATH` and `ENV_SUPATH` to only use
+ /usr/local/sbin:/usr/local/bin:/usr/bin as Arch Linux is a /usr and
+ bin merge distribution.
+- Set `HOME_MODE` to `0700` to be able to rely on a `UMASK` of `022`
+ while creating home directories in a privacy conserving manner.
+- Change SYS_UID_MIN and SYS_GID_MIN to 500 which gives more space for
+ distribution added UIDs and GIDs of system users.
+- Change ENCRYPT_METHOD to YESCRYPT as it is a safer hashing algorithm
+ than DES.
+---
+ etc/login.defs | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/etc/login.defs b/etc/login.defs
+index 797ca6b3..c4accbf8 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -55,8 +55,8 @@ HUSHLOGIN_FILE .hushlogin
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+ # (they are minimal, add the rest in the shell startup files)
+-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
+-ENV_PATH PATH=/bin:/usr/bin
++ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
++ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+
+ #
+ # Terminal permissions
+@@ -84,7 +84,7 @@ UMASK 022
+ # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+ # home directories.
+ # If HOME_MODE is not set, the value of UMASK is used to create the mode.
+-#HOME_MODE 0700
++HOME_MODE 0700
+
+ #
+ # Password aging controls:
+@@ -152,7 +152,7 @@ CHFN_RESTRICT rwh
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+-#ENCRYPT_METHOD DES
++ENCRYPT_METHOD YESCRYPT
+
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+--
+2.43.2
+
diff --git a/srcpkgs/shadow/patches/fix-undefined-reference.patch b/srcpkgs/shadow/patches/fix-undefined-reference.patch
new file mode 100644
index 00000000000000..4a3e742b9837b7
--- /dev/null
+++ b/srcpkgs/shadow/patches/fix-undefined-reference.patch
@@ -0,0 +1,19 @@
+--- a/lib/alloc.h
++++ b/lib/alloc.h
+@@ -84,14 +84,14 @@
+ }
+
+
+-inline void *
++static inline void *
+ mallocarray(size_t nmemb, size_t size)
+ {
+ return reallocarray(NULL, nmemb, size);
+ }
+
+
+-inline void *
++static inline void *
+ reallocarrayf(void *p, size_t nmemb, size_t size)
+ {
+ void *q;
diff --git a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch b/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
deleted file mode 100644
index c5564fffdc3852..00000000000000
--- a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
+++ /dev/null
@@ -1,23 +0,0 @@
---- a/src/usermod.c 2012-02-13 08:19:43.792146449 -0500
-+++ b/src/usermod.c 2012-02-13 08:21:19.375114500 -0500
-@@ -182,7 +182,7 @@
- struct tm *tp;
-
- if (date < 0) {
-- strncpy (buf, "never", maxsize);
-+ strncpy (buf, "never", maxsize - 1);
- } else {
- time_t t = (time_t) date;
- tp = gmtime (&t);
---- a/src/login.c 2012-02-13 08:19:50.951994454 -0500
-+++ b/src/login.c 2012-02-13 08:21:04.490430937 -0500
-@@ -752,7 +752,8 @@
- _("%s login: "), hostn);
- } else {
- strncpy (loginprompt, _("login: "),
-- sizeof (loginprompt));
-+ sizeof (loginprompt) - 1);
-+ loginprompt[sizeof (loginprompt) - 1] = '\0';
- }
-
- retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
diff --git a/srcpkgs/shadow/patches/useradd-defaults.patch b/srcpkgs/shadow/patches/useradd-defaults.patch
new file mode 100644
index 00000000000000..38035df40cfcab
--- /dev/null
+++ b/srcpkgs/shadow/patches/useradd-defaults.patch
@@ -0,0 +1,21 @@
+diff --git a/src/useradd.c b/src/useradd.c
+index 677ea5a636f..49f55211a17 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -87,14 +87,14 @@ const char *Prog;
+ /*
+ * These defaults are used if there is no defaults file.
+ */
+-static gid_t def_group = 1000;
++static gid_t def_group = 100;
+ static const char *def_groups = "";
+ static const char *def_gname = "other";
+ static const char *def_home = "/home";
+ static const char *def_shell = "/bin/bash";
+ static const char *def_template = SKEL_DIR;
+ static const char *def_usrtemplate = USRSKELDIR;
+-static const char *def_create_mail_spool = "yes";
++static const char *def_create_mail_spool = "no";
+ static const char *def_log_init = "yes";
+
+ static long def_inactive = -1;
diff --git a/srcpkgs/shadow/patches/xstrdup.patch b/srcpkgs/shadow/patches/xstrdup.patch
deleted file mode 100644
index 562febcf4164f1..00000000000000
--- a/srcpkgs/shadow/patches/xstrdup.patch
+++ /dev/null
@@ -1,9 +0,0 @@
---- a/libmisc/xmalloc.c 2008-08-30 21:55:44.000000000 -0500
-+++ b/libmisc/xmalloc.c.new 2008-08-30 21:55:36.000000000 -0500
-@@ -61,5 +61,6 @@
-
- char *xstrdup (const char *str)
- {
-+ if(str == NULL) return NULL;
- return strcpy (xmalloc (strlen (str) + 1), str);
- }
diff --git a/srcpkgs/shadow/template b/srcpkgs/shadow/template
index c7ece33540c9a0..c7cdec783bf7a8 100644
--- a/srcpkgs/shadow/template
+++ b/srcpkgs/shadow/template
@@ -1,23 +1,35 @@
# Template file for 'shadow'
pkgname=shadow
-version=4.8.1
-revision=3
+version=4.14.5
+revision=1
build_style=gnu-configure
-configure_args="--bindir=/usr/bin --sbindir=/usr/bin
- --enable-shared --disable-static
- --with-libpam --without-selinux --with-acl --with-attr --without-su
- --disable-nls --enable-subordinate-ids --disable-account-tools-setuid
+configure_args="--bindir=/usr/bin --sbindir=/usr/bin --libdir=/usr/lib
+ --enable-shared --disable-static --enable-lastlog --with-libpam --with-yescrypt
+ --without-selinux --with-acl --with-attr --without-su --disable-nls
+ --enable-subordinate-ids --disable-account-tools-setuid
--with-group-name-max-length=32"
-hostmakedepends="libtool"
-makedepends="acl-devel pam-devel"
+hostmakedepends="libtool pkg-config"
+makedepends="acl-devel pam-devel libbsd-devel"
depends="pam"
short_desc="Shadow password file utilities"
maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://github.com/shadow-maint/shadow"
distfiles="${homepage}/releases/download/${version}/shadow-${version}.tar.xz"
-checksum=a3ad4630bdc41372f02a647278a8c3514844295d36eefe68ece6c3a641c1ae62
-conf_files="/etc/pam.d/* /etc/default/* /etc/login.defs"
+checksum=cba74bc7b05d89c015afe23131f9159ece38779d40a8af4cf162852e6e85ca23
+conf_files="
+ /etc/pam.d/chage
+ /etc/pam.d/chgpasswd
+ /etc/pam.d/chpasswd
+ /etc/pam.d/groupadd
+ /etc/pam.d/groupdel
+ /etc/pam.d/groupmems
+ /etc/pam.d/groupmod
+ /etc/pam.d/newusers
+ /etc/pam.d/passwd
+ /etc/pam.d/useradd
+ /etc/pam.d/userdel
+ /etc/pam.d/usermod"
if [ "$XBPS_TARGET_LIBC" = "glibc" ]; then
makedepends+=" libxcrypt-devel"
@@ -32,14 +44,16 @@ pre_configure() {
do_build() {
# Don't install groups(1), we use the one from coreutils.
- sed -i 's/groups$(EXEEXT) //' src/Makefile
- for f in $(find man -name Makefile); do
+ sed -i 's/groups$(EXEEXT) //' src/Makefile.in
+ for f in $(find man -name Makefile.in); do
sed -i 's/groups\.1 / /' $f
done
make ${makejobs}
}
post_install() {
+ make -C man DESTDIR="$DESTDIR" install-man
+
mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin
# Install our pam files not the ones supplied with shadow.
@@ -51,14 +65,6 @@ post_install() {
groupmod newusers useradd userdel usermod; do
install -m644 $DESTDIR/etc/pam.d/chage $DESTDIR/etc/pam.d/${f}
done
- install -m644 ${FILESDIR}/login.defs ${DESTDIR}/etc
-
- # Disable creating mailbox files by default.
- sed -i -e 's/yes/no/' $DESTDIR/etc/default/useradd
- # Change default group to the users gid (100).
- sed -i -e 's/^\(GROUP\)=\(.*\)$/\1=100/' ${DESTDIR}/etc/default/useradd
-
- chmod 644 ${DESTDIR}/etc/default/useradd
# Install the cron daily job.
install -Dm744 ${FILESDIR}/shadow.cron-daily \
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (16 preceding siblings ...)
2024-02-20 15:11 ` [PR PATCH] [Updated] " dataCobra
@ 2024-02-20 15:13 ` dataCobra
2024-02-20 15:14 ` dataCobra
` (51 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-02-20 15:13 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 230 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1954430385
Comment:
I've added yescrypt to be build for shadow to make sure we got a secure password hash.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (17 preceding siblings ...)
2024-02-20 15:13 ` dataCobra
@ 2024-02-20 15:14 ` dataCobra
2024-02-20 16:18 ` dkwo
` (50 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-02-20 15:14 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 237 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1954433633
Comment:
CC: @Gottox
Could you as a maintainer please check this as well? :slightly_smiling_face:
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (18 preceding siblings ...)
2024-02-20 15:14 ` dataCobra
@ 2024-02-20 16:18 ` dkwo
2024-02-22 9:37 ` [PR REVIEW] " sgn
` (49 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dkwo @ 2024-02-20 16:18 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 210 bytes --]
New comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1954569984
Comment:
what is the reason for removing `xstrdup.patch` instead of updating it?
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR REVIEW] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (19 preceding siblings ...)
2024-02-20 16:18 ` dkwo
@ 2024-02-22 9:37 ` sgn
2024-02-22 10:01 ` dataCobra
` (48 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: sgn @ 2024-02-22 9:37 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 185 bytes --]
New review comment by sgn on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#discussion_r1498944871
Comment:
It's `/bin/bash` as default user's shell.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (20 preceding siblings ...)
2024-02-22 9:37 ` [PR REVIEW] " sgn
@ 2024-02-22 10:01 ` dataCobra
2024-02-22 12:02 ` [PR PATCH] [Updated] " dataCobra
` (47 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-02-22 10:01 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 875 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1959095181
Comment:
> what is the reason for removing `xstrdup.patch` instead of updating it?
What do you want to update?
The function does no longer exist and the file is also removed.
In `lib/alloc.c` a comment says:
```
/* Replacements for malloc and strdup with error checking. Too trivial
to be worth copyrighting :-). I did that because a lot of code used
malloc and strdup without checking for NULL pointer, and I like some
message better than a core dump... --marekm
Yeh, but. Remember that bailing out might leave the system in some
bizarre state. You really want to put in error checking, then add
some back-out failure recovery code. -- jfh */
```
As I understand the patch is no longer needed.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR PATCH] [Updated] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (21 preceding siblings ...)
2024-02-22 10:01 ` dataCobra
@ 2024-02-22 12:02 ` dataCobra
2024-02-22 13:44 ` dkwo
` (46 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-02-22 12:02 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 674 bytes --]
There is an updated pull request by dataCobra against master on the void-packages repository
https://github.com/dataCobra/void-packages shadow
https://github.com/void-linux/void-packages/pull/48813
shadow: update to 4.14.5.
#### Testing the changes
- I tested the changes in this PR: **YES**
#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- x86_64-musl
- i686
I welcome everyone to test this version. Maybe also on a new installation.
A patch file from https://github.com/void-linux/void-packages/pull/48813.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-shadow-48813.patch --]
[-- Type: text/x-diff, Size: 36524 bytes --]
From 028b253741d6a038d349f3afb0c4b0d60531150a Mon Sep 17 00:00:00 2001
From: dataCobra <datacobra@thinkbot.de>
Date: Tue, 20 Feb 2024 16:11:21 +0100
Subject: [PATCH] shadow: update to 4.14.5.
---
common/shlibs | 1 +
srcpkgs/shadow/files/login.defs | 87 ---
...pt-login.defs-for-PAM-and-util-linux.patch | 721 ++++++++++++++++++
...d-Arch-Linux-defaults-for-login.defs.patch | 55 ++
.../patches/fix-undefined-reference.patch | 19 +
.../shadow/patches/shadow-strncpy-usage.patch | 23 -
srcpkgs/shadow/patches/useradd-defaults.patch | 21 +
srcpkgs/shadow/patches/xstrdup.patch | 9 -
srcpkgs/shadow/template | 46 +-
9 files changed, 843 insertions(+), 139 deletions(-)
delete mode 100644 srcpkgs/shadow/files/login.defs
create mode 100644 srcpkgs/shadow/patches/0002-Adapt-login.defs-for-PAM-and-util-linux.patch
create mode 100644 srcpkgs/shadow/patches/0003-Add-Arch-Linux-defaults-for-login.defs.patch
create mode 100644 srcpkgs/shadow/patches/fix-undefined-reference.patch
delete mode 100644 srcpkgs/shadow/patches/shadow-strncpy-usage.patch
create mode 100644 srcpkgs/shadow/patches/useradd-defaults.patch
delete mode 100644 srcpkgs/shadow/patches/xstrdup.patch
diff --git a/common/shlibs b/common/shlibs
index cde1106f7dbeff..dcd032a843cd95 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -4284,3 +4284,4 @@ libunicode_ucd.so.0.4 libunicode-0.4.0_1
libunicode_loader.so.0.4 libunicode-0.4.0_1
force-stage.so.0.1 void-force-stage-0.1_1
libliftoff.so.0 libliftoff-0.4.1_1
+libsubid.so.4 shadow-4.14.5_1
diff --git a/srcpkgs/shadow/files/login.defs b/srcpkgs/shadow/files/login.defs
deleted file mode 100644
index 350764846af4b0..00000000000000
--- a/srcpkgs/shadow/files/login.defs
+++ /dev/null
@@ -1,87 +0,0 @@
-# Configuration file for login(1). For more information see
-# login.defs(5).
-
-# Directory where mailboxes reside, _or_ name of file, relative to the
-# home directory. If you do define both, MAIL_DIR takes precedence.
-#
-MAIL_DIR /var/mail
-#MAIL_FILE .mail
-
-# Password aging controls:
-#
-# PASS_MAX_DAYS Maximum number of days a password may be used.
-# PASS_MIN_DAYS Minimum number of days allowed between password changes.
-# PASS_MIN_LEN Minimum acceptable password length.
-# PASS_WARN_AGE Number of days warning given before a password expires.
-PASS_MAX_DAYS 99999
-PASS_MIN_DAYS 0
-PASS_WARN_AGE 7
-
-# Min/max values for automatic uid selection in useradd
-UID_MIN 1000
-UID_MAX 60000
-# System accounts
-SYS_UID_MIN 100
-SYS_UID_MAX 999
-
-# Min/max values for automatic gid selection in groupadd
-GID_MIN 1000
-GID_MAX 60000
-# System accounts
-SYS_GID_MIN 100
-SYS_GID_MAX 999
-
-# If useradd should create home directories for users by default
-CREATE_HOME yes
-
-# This enables userdel to remove user groups if no members exist.
-USERGROUPS_ENAB yes
-
-# Disable MOTD_FILE (empty); use pam_motd(8) instead.
-MOTD_FILE
-
-
-# If defined, either full pathname of a file containing device names or
-# a ":" delimited list of device names. Root logins will be allowed only
-# upon these devices.
-#
-CONSOLE /etc/securetty
-
-# Terminal permissions
-#
-# TTYGROUP Login tty will be assigned this group ownership.
-# TTYPERM Login tty will be set to this permission.
-#
-# If you have a "write" program which is "setgid" to a special group
-# which owns the terminals, define TTYGROUP to the group number and
-# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
-# TTYPERM to either 622 or 600.
-#
-TTYGROUP tty
-TTYPERM 0600
-
-# Login configuration initializations:
-#
-# ERASECHAR Terminal ERASE character ('\010' = backspace).
-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
-# UMASK Default "umask" value.
-#
-# The ERASECHAR and KILLCHAR are used only on System V machines.
-# The ULIMIT is used only if the system supports it.
-# (now it works with setrlimit too; ulimit is in 512-byte units)
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
-ERASECHAR 0177
-KILLCHAR 025
-UMASK 022
-HOME_MODE 0700
-
-# Max number of login retries if password is bad
-#
-LOGIN_RETRIES 5
-
-#
-# Max time in seconds for login
-#
-LOGIN_TIMEOUT 60
diff --git a/srcpkgs/shadow/patches/0002-Adapt-login.defs-for-PAM-and-util-linux.patch b/srcpkgs/shadow/patches/0002-Adapt-login.defs-for-PAM-and-util-linux.patch
new file mode 100644
index 00000000000000..dc794a7c14591f
--- /dev/null
+++ b/srcpkgs/shadow/patches/0002-Adapt-login.defs-for-PAM-and-util-linux.patch
@@ -0,0 +1,721 @@
+From dcc12b1d2bd612923c6c73d0da92fbe1aefa46b1 Mon Sep 17 00:00:00 2001
+From: David Runge <dvzrv@archlinux.org>
+Date: Mon, 31 Oct 2022 09:45:13 +0100
+Subject: [PATCH 2/3] Adapt login.defs for PAM and util-linux
+
+etc/login.defs:
+Remove unused login.defs options, that are either irrelevant due to the
+use of PAM or because the util-linux version of a binary does not
+support them.
+Modify all options that are ignored when using PAM, but are supported by
+util-linux.
+
+Removed options because they are part of PAMDEFS (options in PAMDEFS are
+options silently ignored by shadow when built with PAM enabled):
+* CHFN_AUTH
+* CRACKLIB_DICTPATH
+* ENV_HZ
+* ENVIRON_FILE
+* ENV_TZ
+* FAILLOG_ENAB
+* FTMP_FILE
+* ISSUE_FILE
+* LASTLOG_ENAB
+* LOGIN_STRING
+* MAIL_CHECK_ENAB
+* NOLOGINS_FILE
+* OBSCURE_CHECKS_ENAB
+* PASS_ALWAYS_WARN
+* PASS_CHANGE_TRIES
+* PASS_MAX_LEN
+* PASS_MIN_LEN
+* PORTTIME_CHECKS_ENAB
+* QUOTAS_ENAB
+* SU_WHEEL_ONLY
+* SYSLOG_SU_ENAB
+* ULIMIT
+
+Removed options because they are not availablbe with PAM enabled:
+* BCRYPT_MIN_ROUNDS
+* BCRYPT_MAX_ROUNDS
+* CONSOLE_GROUPS
+* CONSOLE
+* MD5_CRYPT_ENAB
+* PREVENT_NO_AUTH
+
+Removed encryption methods (`ENCRYPT_METHOD`), because they are unsafe
+or not available with PAM:
+* BCRYPT
+* MD5
+
+Removed options because they are not supported by login from util-linux:
+* ERASECHAR
+* KILLCHAR
+* LOG_OK_LOGINS
+* TTYTYPE_FILE
+
+Removed options because they are not supported by su from util-linux:
+* SULOG_FILE
+* SU_NAME
+
+Adapted options because they are in PAMDEFS but are supported by login
+from util-linux:
+* MOTD_FILE
+
+man/login.defs.5.xml:
+Remove unavailable options from man 5 login.defs.
+---
+ etc/login.defs | 228 +------------------------------------------
+ man/login.defs.5.xml | 150 +---------------------------
+ 2 files changed, 8 insertions(+), 370 deletions(-)
+
+diff --git a/etc/login.defs b/etc/login.defs
+index 114dbcd9..797ca6b3 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -3,6 +3,8 @@
+ #
+ # $Id$
+ #
++# NOTE: This file is adapted for the use on Arch Linux!
++# Unsupported options due to the use of util-linux or PAM are removed.
+
+ #
+ # Delay in seconds before being allowed another attempt after a login failure
+@@ -11,26 +13,11 @@
+ #
+ FAIL_DELAY 3
+
+-#
+-# Enable logging and display of /var/log/faillog login(1) failure info.
+-#
+-FAILLOG_ENAB yes
+-
+ #
+ # Enable display of unknown usernames when login(1) failures are recorded.
+ #
+ LOG_UNKFAIL_ENAB no
+
+-#
+-# Enable logging of successful logins
+-#
+-LOG_OK_LOGINS no
+-
+-#
+-# Enable logging and display of /var/log/lastlog login(1) time info.
+-#
+-LASTLOG_ENAB yes
+-
+ #
+ # Limit the highest user ID number for which the lastlog entries should
+ # be updated.
+@@ -40,88 +27,13 @@ LASTLOG_ENAB yes
+ #
+ #LASTLOG_UID_MAX
+
+-#
+-# Enable checking and display of mailbox status upon login.
+-#
+-# Disable if the shell startup files already check for mail
+-# ("mailx -e" or equivalent).
+-#
+-MAIL_CHECK_ENAB yes
+-
+-#
+-# Enable additional checks upon password changes.
+-#
+-OBSCURE_CHECKS_ENAB yes
+-
+-#
+-# Enable checking of time restrictions specified in /etc/porttime.
+-#
+-PORTTIME_CHECKS_ENAB yes
+-
+-#
+-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
+-#
+-QUOTAS_ENAB yes
+-
+-#
+-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
+-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
+-#
+-SYSLOG_SU_ENAB yes
+-SYSLOG_SG_ENAB yes
+-
+-#
+-# If defined, either full pathname of a file containing device names or
+-# a ":" delimited list of device names. Root logins will be allowed only
+-# from these devices.
+-#
+-CONSOLE /etc/securetty
+-#CONSOLE console:tty01:tty02:tty03:tty04
+-
+-#
+-# If defined, all su(1) activity is logged to this file.
+-#
+-#SULOG_FILE /var/log/sulog
+-
+ #
+ # If defined, ":" delimited list of "message of the day" files to
+ # be displayed upon login.
+ #
+-MOTD_FILE /etc/motd
++MOTD_FILE
+ #MOTD_FILE /etc/motd:/usr/lib/news/news-motd
+
+-#
+-# If defined, this file will be output before each login(1) prompt.
+-#
+-#ISSUE_FILE /etc/issue
+-
+-#
+-# If defined, file which maps tty line to TERM environment parameter.
+-# Each line of the file is in a format similar to "vt100 tty01".
+-#
+-#TTYTYPE_FILE /etc/ttytype
+-
+-#
+-# If defined, login(1) failures will be logged here in a utmp format.
+-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
+-#
+-FTMP_FILE /var/log/btmp
+-
+-#
+-# If defined, name of file whose presence will inhibit non-root
+-# logins. The content of this file should be a message indicating
+-# why logins are inhibited.
+-#
+-NOLOGINS_FILE /etc/nologin
+-
+-#
+-# If defined, the command name to display when running "su -". For
+-# example, if this is defined as "su" then ps(1) will display the
+-# command as "-su". If not defined, then ps(1) will display the
+-# name of the shell actually being run, e.g. something like "-sh".
+-#
+-SU_NAME su
+-
+ #
+ # *REQUIRED*
+ # Directory where mailboxes reside, _or_ name of file, relative to the
+@@ -139,21 +51,6 @@ MAIL_DIR /var/spool/mail
+ HUSHLOGIN_FILE .hushlogin
+ #HUSHLOGIN_FILE /etc/hushlogins
+
+-#
+-# If defined, either a TZ environment parameter spec or the
+-# fully-rooted pathname of a file containing such a spec.
+-#
+-#ENV_TZ TZ=CST6CDT
+-#ENV_TZ /etc/tzname
+-
+-#
+-# If defined, an HZ environment parameter spec.
+-#
+-# for Linux/x86
+-ENV_HZ HZ=100
+-# For Linux/Alpha...
+-#ENV_HZ HZ=1024
+-
+ #
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+@@ -175,23 +72,6 @@ ENV_PATH PATH=/bin:/usr/bin
+ TTYGROUP tty
+ TTYPERM 0600
+
+-#
+-# Login configuration initializations:
+-#
+-# ERASECHAR Terminal ERASE character ('\010' = backspace).
+-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
+-# ULIMIT Default "ulimit" value.
+-#
+-# The ERASECHAR and KILLCHAR are used only on System V machines.
+-# The ULIMIT is used only if the system supports it.
+-# (now it works with setrlimit too; ulimit is in 512-byte units)
+-#
+-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+-#
+-ERASECHAR 0177
+-KILLCHAR 025
+-#ULIMIT 2097152
+-
+ # Default initial "umask" value used by login(1) on non-PAM enabled systems.
+ # Default "umask" value for pam_umask(8) on PAM enabled systems.
+ # UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+@@ -211,27 +91,12 @@ UMASK 022
+ #
+ # PASS_MAX_DAYS Maximum number of days a password may be used.
+ # PASS_MIN_DAYS Minimum number of days allowed between password changes.
+-# PASS_MIN_LEN Minimum acceptable password length.
+ # PASS_WARN_AGE Number of days warning given before a password expires.
+ #
+ PASS_MAX_DAYS 99999
+ PASS_MIN_DAYS 0
+-PASS_MIN_LEN 5
+ PASS_WARN_AGE 7
+
+-#
+-# If "yes", the user must be listed as a member of the first gid 0 group
+-# in /etc/group (called "root" on most Linux systems) to be able to "su"
+-# to uid 0 accounts. If the group doesn't exist or is empty, no one
+-# will be able to "su" to uid 0.
+-#
+-SU_WHEEL_ONLY no
+-
+-#
+-# If compiled with cracklib support, sets the path to the dictionaries
+-#
+-CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
+-
+ #
+ # Min/max values for automatic uid selection in useradd(8)
+ #
+@@ -268,28 +133,6 @@ LOGIN_RETRIES 5
+ #
+ LOGIN_TIMEOUT 60
+
+-#
+-# Maximum number of attempts to change password if rejected (too easy)
+-#
+-PASS_CHANGE_TRIES 5
+-
+-#
+-# Warn about weak passwords (but still allow them) if you are root.
+-#
+-PASS_ALWAYS_WARN yes
+-
+-#
+-# Number of significant characters in the password for crypt().
+-# Default is 8, don't change unless your crypt() is better.
+-# Ignored if MD5_CRYPT_ENAB set to "yes".
+-#
+-#PASS_MAX_LEN 8
+-
+-#
+-# Require password before chfn(1)/chsh(1) can make any changes.
+-#
+-CHFN_AUTH yes
+-
+ #
+ # Which fields may be changed by regular users using chfn(1) - use
+ # any combination of letters "frwh" (full name, room number, work
+@@ -298,38 +141,13 @@ CHFN_AUTH yes
+ #
+ CHFN_RESTRICT rwh
+
+-#
+-# Password prompt (%s will be replaced by user name).
+-#
+-# XXX - it doesn't work correctly yet, for now leave it commented out
+-# to use the default which is just "Password: ".
+-#LOGIN_STRING "%s's Password: "
+-
+-#
+-# Only works if compiled with MD5_CRYPT defined:
+-# If set to "yes", new passwords will be encrypted using the MD5-based
+-# algorithm compatible with the one used by recent releases of FreeBSD.
+-# It supports passwords of unlimited length and longer salt strings.
+-# Set to "no" if you need to copy encrypted passwords to other systems
+-# which don't understand the new algorithm. Default is "no".
+-#
+-# Note: If you use PAM, it is recommended to use a value consistent with
+-# the PAM modules configuration.
+-#
+-# This variable is deprecated. You should use ENCRYPT_METHOD instead.
+-#
+-#MD5_CRYPT_ENAB no
+-
+ #
+ # Only works if compiled with ENCRYPTMETHOD_SELECT defined:
+-# If set to MD5, MD5-based algorithm will be used for encrypting password
+ # If set to SHA256, SHA256-based algorithm will be used for encrypting password
+ # If set to SHA512, SHA512-based algorithm will be used for encrypting password
+-# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
+ # If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
+ # If set to DES, DES-based algorithm will be used for encrypting password (default)
+ # MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
+-# Overrides the MD5_CRYPT_ENAB option
+ #
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+@@ -353,21 +171,6 @@ CHFN_RESTRICT rwh
+ #SHA_CRYPT_MIN_ROUNDS 5000
+ #SHA_CRYPT_MAX_ROUNDS 5000
+
+-#
+-# Only works if ENCRYPT_METHOD is set to BCRYPT.
+-#
+-# Define the number of BCRYPT rounds.
+-# With a lot of rounds, it is more difficult to brute-force the password.
+-# However, more CPU resources will be needed to authenticate users if
+-# this value is increased.
+-#
+-# If not specified, 13 rounds will be attempted.
+-# If only one of the MIN or MAX values is set, then this value will be used.
+-# If MIN > MAX, the highest value will be used.
+-#
+-#BCRYPT_MIN_ROUNDS 13
+-#BCRYPT_MAX_ROUNDS 13
+-
+ #
+ # Only works if ENCRYPT_METHOD is set to YESCRYPT.
+ #
+@@ -381,17 +184,6 @@ CHFN_RESTRICT rwh
+ #
+ #YESCRYPT_COST_FACTOR 5
+
+-#
+-# List of groups to add to the user's supplementary group set
+-# when logging in from the console (as determined by the CONSOLE
+-# setting). Default is none.
+-#
+-# Use with caution - it is possible for users to gain permanent
+-# access to these groups, even when not logged in from the console.
+-# How to do it is left as an exercise for the reader...
+-#
+-#CONSOLE_GROUPS floppy:audio:cdrom
+-
+ #
+ # Should login be allowed if we can't cd to the home directory?
+ # Default is no.
+@@ -406,12 +198,6 @@ DEFAULT_HOME yes
+ #
+ NONEXISTENT /nonexistent
+
+-#
+-# If this file exists and is readable, login environment will be
+-# read from it. Every line should be in the form name=value.
+-#
+-ENVIRON_FILE /etc/environment
+-
+ #
+ # If defined, this command is run when removing a user.
+ # It should remove any at/cron/print jobs etc. owned by
+@@ -459,14 +245,6 @@ USERGROUPS_ENAB yes
+ #
+ #GRANT_AUX_GROUP_SUBIDS yes
+
+-#
+-# Prevents an empty password field to be interpreted as "no authentication
+-# required".
+-# Set to "yes" to prevent for all accounts
+-# Set to "superuser" to prevent for UID 0 / root (default)
+-# Set to "no" to not prevent for any account (dangerous, historical default)
+-PREVENT_NO_AUTH superuser
+-
+ #
+ # Select the HMAC cryptography algorithm.
+ # Used in pam_timestamp module to calculate the keyed-hash message
+diff --git a/man/login.defs.5.xml b/man/login.defs.5.xml
+index ab62fa86..d82c47f1 100644
+--- a/man/login.defs.5.xml
++++ b/man/login.defs.5.xml
+@@ -7,69 +7,38 @@
+ -->
+ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+-<!ENTITY CHFN_AUTH SYSTEM "login.defs.d/CHFN_AUTH.xml">
+ <!ENTITY CHFN_RESTRICT SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
+-<!ENTITY CHSH_AUTH SYSTEM "login.defs.d/CHSH_AUTH.xml">
+-<!ENTITY CONSOLE SYSTEM "login.defs.d/CONSOLE.xml">
+-<!ENTITY CONSOLE_GROUPS SYSTEM "login.defs.d/CONSOLE_GROUPS.xml">
+ <!ENTITY CREATE_HOME SYSTEM "login.defs.d/CREATE_HOME.xml">
+ <!ENTITY DEFAULT_HOME SYSTEM "login.defs.d/DEFAULT_HOME.xml">
+ <!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
+-<!ENTITY ENV_HZ SYSTEM "login.defs.d/ENV_HZ.xml">
+ <!ENTITY ENV_PATH SYSTEM "login.defs.d/ENV_PATH.xml">
+ <!ENTITY ENV_SUPATH SYSTEM "login.defs.d/ENV_SUPATH.xml">
+-<!ENTITY ENV_TZ SYSTEM "login.defs.d/ENV_TZ.xml">
+-<!ENTITY ENVIRON_FILE SYSTEM "login.defs.d/ENVIRON_FILE.xml">
+-<!ENTITY ERASECHAR SYSTEM "login.defs.d/ERASECHAR.xml">
+ <!ENTITY FAIL_DELAY SYSTEM "login.defs.d/FAIL_DELAY.xml">
+-<!ENTITY FAILLOG_ENAB SYSTEM "login.defs.d/FAILLOG_ENAB.xml">
+-<!ENTITY FAKE_SHELL SYSTEM "login.defs.d/FAKE_SHELL.xml">
+-<!ENTITY FTMP_FILE SYSTEM "login.defs.d/FTMP_FILE.xml">
+ <!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
+ <!ENTITY HMAC_CRYPTO_ALGO SYSTEM "login.defs.d/HMAC_CRYPTO_ALGO.xml">
+ <!ENTITY HOME_MODE SYSTEM "login.defs.d/HOME_MODE.xml">
+ <!ENTITY HUSHLOGIN_FILE SYSTEM "login.defs.d/HUSHLOGIN_FILE.xml">
+-<!ENTITY ISSUE_FILE SYSTEM "login.defs.d/ISSUE_FILE.xml">
+-<!ENTITY KILLCHAR SYSTEM "login.defs.d/KILLCHAR.xml">
+-<!ENTITY LASTLOG_ENAB SYSTEM "login.defs.d/LASTLOG_ENAB.xml">
+ <!ENTITY LASTLOG_UID_MAX SYSTEM "login.defs.d/LASTLOG_UID_MAX.xml">
+-<!ENTITY LOG_OK_LOGINS SYSTEM "login.defs.d/LOG_OK_LOGINS.xml">
+ <!ENTITY LOG_UNKFAIL_ENAB SYSTEM "login.defs.d/LOG_UNKFAIL_ENAB.xml">
+ <!ENTITY LOGIN_RETRIES SYSTEM "login.defs.d/LOGIN_RETRIES.xml">
+-<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
+ <!ENTITY LOGIN_TIMEOUT SYSTEM "login.defs.d/LOGIN_TIMEOUT.xml">
+-<!ENTITY MAIL_CHECK_ENAB SYSTEM "login.defs.d/MAIL_CHECK_ENAB.xml">
+ <!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
+ <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
+-<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
+ <!ENTITY MOTD_FILE SYSTEM "login.defs.d/MOTD_FILE.xml">
+-<!ENTITY NOLOGINS_FILE SYSTEM "login.defs.d/NOLOGINS_FILE.xml">
+ <!ENTITY NONEXISTENT SYSTEM "login.defs.d/NONEXISTENT.xml">
+-<!ENTITY OBSCURE_CHECKS_ENAB SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
+-<!ENTITY PASS_ALWAYS_WARN SYSTEM "login.defs.d/PASS_ALWAYS_WARN.xml">
+-<!ENTITY PASS_CHANGE_TRIES SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
+-<!ENTITY PASS_MAX_LEN SYSTEM "login.defs.d/PASS_MAX_LEN.xml">
+ <!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
+ <!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
+ <!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
+-<!ENTITY PORTTIME_CHECKS_ENAB SYSTEM "login.defs.d/PORTTIME_CHECKS_ENAB.xml">
+-<!ENTITY QUOTAS_ENAB SYSTEM "login.defs.d/QUOTAS_ENAB.xml">
+ <!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+-<!ENTITY SULOG_FILE SYSTEM "login.defs.d/SULOG_FILE.xml">
+-<!ENTITY SU_NAME SYSTEM "login.defs.d/SU_NAME.xml">
+-<!ENTITY SU_WHEEL_ONLY SYSTEM "login.defs.d/SU_WHEEL_ONLY.xml">
+ <!ENTITY SUB_GID_COUNT SYSTEM "login.defs.d/SUB_GID_COUNT.xml">
+ <!ENTITY SUB_UID_COUNT SYSTEM "login.defs.d/SUB_UID_COUNT.xml">
+ <!ENTITY SYS_GID_MAX SYSTEM "login.defs.d/SYS_GID_MAX.xml">
+ <!ENTITY SYSLOG_SG_ENAB SYSTEM "login.defs.d/SYSLOG_SG_ENAB.xml">
+-<!ENTITY SYSLOG_SU_ENAB SYSTEM "login.defs.d/SYSLOG_SU_ENAB.xml">
+ <!ENTITY SYS_UID_MAX SYSTEM "login.defs.d/SYS_UID_MAX.xml">
+ <!ENTITY TCB_AUTH_GROUP SYSTEM "login.defs.d/TCB_AUTH_GROUP.xml">
+ <!ENTITY TCB_SYMLINKS SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
+ <!ENTITY TTYGROUP SYSTEM "login.defs.d/TTYGROUP.xml">
+-<!ENTITY TTYTYPE_FILE SYSTEM "login.defs.d/TTYTYPE_FILE.xml">
+ <!ENTITY UID_MAX SYSTEM "login.defs.d/UID_MAX.xml">
+-<!ENTITY ULIMIT SYSTEM "login.defs.d/ULIMIT.xml">
+ <!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
+ <!ENTITY USERDEL_CMD SYSTEM "login.defs.d/USERDEL_CMD.xml">
+ <!ENTITY USERGROUPS_ENAB SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
+@@ -145,47 +114,25 @@
+ <para>The following configuration items are provided:</para>
+
+ <variablelist remap='IP'>
+- &CHFN_AUTH;
+ &CHFN_RESTRICT;
+- &CHSH_AUTH;
+- &CONSOLE;
+- &CONSOLE_GROUPS;
+ &CREATE_HOME;
+ &DEFAULT_HOME;
+ &ENCRYPT_METHOD;
+- &ENV_HZ;
+ &ENV_PATH;
+ &ENV_SUPATH;
+- &ENV_TZ;
+- &ENVIRON_FILE;
+- &ERASECHAR;
+ &FAIL_DELAY;
+- &FAILLOG_ENAB;
+- &FAKE_SHELL;
+- &FTMP_FILE;
+ &GID_MAX; <!-- documents also GID_MIN -->
+ &HMAC_CRYPTO_ALGO;
+ &HOME_MODE;
+ &HUSHLOGIN_FILE;
+- &ISSUE_FILE;
+- &KILLCHAR;
+- &LASTLOG_ENAB;
+ &LASTLOG_UID_MAX;
+- &LOG_OK_LOGINS;
+ &LOG_UNKFAIL_ENAB;
+ &LOGIN_RETRIES;
+- &LOGIN_STRING;
+ &LOGIN_TIMEOUT;
+- &MAIL_CHECK_ENAB;
+ &MAIL_DIR;
+ &MAX_MEMBERS_PER_GROUP;
+- &MD5_CRYPT_ENAB;
+ &MOTD_FILE;
+- &NOLOGINS_FILE;
+ &NONEXISTENT;
+- &OBSCURE_CHECKS_ENAB;
+- &PASS_ALWAYS_WARN;
+- &PASS_CHANGE_TRIES;
+ &PASS_MAX_DAYS;
+ &PASS_MIN_DAYS;
+ &PASS_WARN_AGE;
+@@ -195,25 +142,16 @@
+ time of account creation. Any changes to these settings won't affect
+ existing accounts.
+ </para>
+- &PASS_MAX_LEN; <!-- documents also PASS_MIN_LEN -->
+- &PORTTIME_CHECKS_ENAB;
+- "AS_ENAB;
+ &SHA_CRYPT_MIN_ROUNDS; <!-- documents also SHA_CRYPT_MAX_ROUNDS -->
+- &SULOG_FILE;
+- &SU_NAME;
+- &SU_WHEEL_ONLY;
+ &SUB_GID_COUNT; <!-- documents also SUB_GID_MIN SUB_GID_MAX -->
+ &SUB_UID_COUNT; <!-- documents also SUB_UID_MIN SUB_UID_MAX -->
+ &SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
+ &SYS_UID_MAX; <!-- documents also SYS_UID_MIN -->
+ &SYSLOG_SG_ENAB;
+- &SYSLOG_SU_ENAB;
+ &TCB_AUTH_GROUP;
+ &TCB_SYMLINKS;
+ &TTYGROUP;
+- &TTYTYPE_FILE;
+ &UID_MAX; <!-- documents also UID_MIN -->
+- &ULIMIT;
+ &UMASK;
+ &USERDEL_CMD;
+ &USERGROUPS_ENAB;
+@@ -239,9 +177,7 @@
+ <term>chfn</term>
+ <listitem>
+ <para>
+- <phrase condition="no_pam">CHFN_AUTH</phrase>
+ CHFN_RESTRICT
+- <phrase condition="no_pam">LOGIN_STRING</phrase>
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -249,7 +185,7 @@
+ <term>chgpasswd</term>
+ <listitem>
+ <para>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -259,8 +195,6 @@
+ <term>chpasswd</term>
+ <listitem>
+ <para>
+- <phrase condition="no_pam">ENCRYPT_METHOD
+- MD5_CRYPT_ENAB </phrase>
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -270,7 +204,7 @@
+ <term>chsh</term>
+ <listitem>
+ <para>
+- CHSH_AUTH LOGIN_STRING
++ CHSH_AUTH
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -280,7 +214,7 @@
+ <term>gpasswd</term>
+ <listitem>
+ <para>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -339,35 +273,6 @@
+ <para>LASTLOG_UID_MAX</para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>login</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENV_PATH ENV_SUPATH
+- ENV_TZ ENVIRON_FILE</phrase>
+- ERASECHAR FAIL_DELAY
+- <phrase condition="no_pam">FAILLOG_ENAB</phrase>
+- FAKE_SHELL
+- <phrase condition="no_pam">FTMP_FILE</phrase>
+- HUSHLOGIN_FILE
+- <phrase condition="no_pam">ISSUE_FILE</phrase>
+- KILLCHAR
+- <phrase condition="no_pam">LASTLOG_ENAB LASTLOG_UID_MAX</phrase>
+- LOGIN_RETRIES
+- <phrase condition="no_pam">LOGIN_STRING</phrase>
+- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
+- <phrase condition="no_pam">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
+- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
+- QUOTAS_ENAB</phrase>
+- TTYGROUP TTYPERM TTYTYPE_FILE
+- <phrase condition="no_pam">ULIMIT UMASK</phrase>
+- USERGROUPS_ENAB
+- </para>
+- </listitem>
+- </varlistentry>
+- <!-- logoutd: no variables -->
+ <varlistentry>
+ <term>newgrp / sg</term>
+ <listitem>
+@@ -382,7 +287,7 @@
+ <para>
+ ENCRYPT_METHOD
+ GID_MAX GID_MIN
+- MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ MAX_MEMBERS_PER_GROUP
+ HOME_MODE
+ PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+@@ -399,8 +304,7 @@
+ <term>passwd</term>
+ <listitem>
+ <para>
+- ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
+- PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
++ ENCRYPT_METHOD
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -432,32 +336,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>su</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENVIRON_FILE</phrase>
+- ENV_PATH ENV_SUPATH
+- <phrase condition="no_pam">ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
+- MAIL_DIR MAIL_FILE QUOTAS_ENAB</phrase>
+- SULOG_FILE SU_NAME
+- <phrase condition="no_pam">SU_WHEEL_ONLY</phrase>
+- SYSLOG_SU_ENAB
+- <phrase condition="no_pam">USERGROUPS_ENAB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry>
+- <term>sulogin</term>
+- <listitem>
+- <para>
+- ENV_HZ
+- <phrase condition="no_pam">ENV_TZ</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+ <varlistentry>
+ <term>useradd</term>
+ <listitem>
+@@ -486,24 +364,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>usermod</term>
+- <listitem>
+- <para>
+- LASTLOG_UID_MAX
+- MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP
+- <phrase condition="tcb">TCB_SYMLINKS USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry condition="tcb">
+- <term>vipw</term>
+- <listitem>
+- <para>
+- <phrase condition="tcb">USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+ </variablelist>
+ </refsect1>
+
+--
+2.43.2
+
diff --git a/srcpkgs/shadow/patches/0003-Add-Arch-Linux-defaults-for-login.defs.patch b/srcpkgs/shadow/patches/0003-Add-Arch-Linux-defaults-for-login.defs.patch
new file mode 100644
index 00000000000000..e8b5885d1250bf
--- /dev/null
+++ b/srcpkgs/shadow/patches/0003-Add-Arch-Linux-defaults-for-login.defs.patch
@@ -0,0 +1,55 @@
+From 7eb2d0b9eff128c404ef7a6d07aa597ac9ca2d84 Mon Sep 17 00:00:00 2001
+From: David Runge <dvzrv@archlinux.org>
+Date: Mon, 31 Oct 2022 10:10:22 +0100
+Subject: [PATCH 3/3] Add Arch Linux defaults for login.defs
+
+etc/login.defs:
+- Change `ENV_SUPATH` and `ENV_SUPATH` to only use
+ /usr/local/sbin:/usr/local/bin:/usr/bin as Arch Linux is a /usr and
+ bin merge distribution.
+- Set `HOME_MODE` to `0700` to be able to rely on a `UMASK` of `022`
+ while creating home directories in a privacy conserving manner.
+- Change SYS_UID_MIN and SYS_GID_MIN to 500 which gives more space for
+ distribution added UIDs and GIDs of system users.
+- Change ENCRYPT_METHOD to YESCRYPT as it is a safer hashing algorithm
+ than DES.
+---
+ etc/login.defs | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/etc/login.defs b/etc/login.defs
+index 797ca6b3..c4accbf8 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -55,8 +55,8 @@ HUSHLOGIN_FILE .hushlogin
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+ # (they are minimal, add the rest in the shell startup files)
+-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
+-ENV_PATH PATH=/bin:/usr/bin
++ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
++ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+
+ #
+ # Terminal permissions
+@@ -84,7 +84,7 @@ UMASK 022
+ # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+ # home directories.
+ # If HOME_MODE is not set, the value of UMASK is used to create the mode.
+-#HOME_MODE 0700
++HOME_MODE 0700
+
+ #
+ # Password aging controls:
+@@ -152,7 +152,7 @@ CHFN_RESTRICT rwh
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+-#ENCRYPT_METHOD DES
++ENCRYPT_METHOD YESCRYPT
+
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+--
+2.43.2
+
diff --git a/srcpkgs/shadow/patches/fix-undefined-reference.patch b/srcpkgs/shadow/patches/fix-undefined-reference.patch
new file mode 100644
index 00000000000000..4a3e742b9837b7
--- /dev/null
+++ b/srcpkgs/shadow/patches/fix-undefined-reference.patch
@@ -0,0 +1,19 @@
+--- a/lib/alloc.h
++++ b/lib/alloc.h
+@@ -84,14 +84,14 @@
+ }
+
+
+-inline void *
++static inline void *
+ mallocarray(size_t nmemb, size_t size)
+ {
+ return reallocarray(NULL, nmemb, size);
+ }
+
+
+-inline void *
++static inline void *
+ reallocarrayf(void *p, size_t nmemb, size_t size)
+ {
+ void *q;
diff --git a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch b/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
deleted file mode 100644
index c5564fffdc3852..00000000000000
--- a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
+++ /dev/null
@@ -1,23 +0,0 @@
---- a/src/usermod.c 2012-02-13 08:19:43.792146449 -0500
-+++ b/src/usermod.c 2012-02-13 08:21:19.375114500 -0500
-@@ -182,7 +182,7 @@
- struct tm *tp;
-
- if (date < 0) {
-- strncpy (buf, "never", maxsize);
-+ strncpy (buf, "never", maxsize - 1);
- } else {
- time_t t = (time_t) date;
- tp = gmtime (&t);
---- a/src/login.c 2012-02-13 08:19:50.951994454 -0500
-+++ b/src/login.c 2012-02-13 08:21:04.490430937 -0500
-@@ -752,7 +752,8 @@
- _("%s login: "), hostn);
- } else {
- strncpy (loginprompt, _("login: "),
-- sizeof (loginprompt));
-+ sizeof (loginprompt) - 1);
-+ loginprompt[sizeof (loginprompt) - 1] = '\0';
- }
-
- retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
diff --git a/srcpkgs/shadow/patches/useradd-defaults.patch b/srcpkgs/shadow/patches/useradd-defaults.patch
new file mode 100644
index 00000000000000..38035df40cfcab
--- /dev/null
+++ b/srcpkgs/shadow/patches/useradd-defaults.patch
@@ -0,0 +1,21 @@
+diff --git a/src/useradd.c b/src/useradd.c
+index 677ea5a636f..49f55211a17 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -87,14 +87,14 @@ const char *Prog;
+ /*
+ * These defaults are used if there is no defaults file.
+ */
+-static gid_t def_group = 1000;
++static gid_t def_group = 100;
+ static const char *def_groups = "";
+ static const char *def_gname = "other";
+ static const char *def_home = "/home";
+ static const char *def_shell = "/bin/bash";
+ static const char *def_template = SKEL_DIR;
+ static const char *def_usrtemplate = USRSKELDIR;
+-static const char *def_create_mail_spool = "yes";
++static const char *def_create_mail_spool = "no";
+ static const char *def_log_init = "yes";
+
+ static long def_inactive = -1;
diff --git a/srcpkgs/shadow/patches/xstrdup.patch b/srcpkgs/shadow/patches/xstrdup.patch
deleted file mode 100644
index 562febcf4164f1..00000000000000
--- a/srcpkgs/shadow/patches/xstrdup.patch
+++ /dev/null
@@ -1,9 +0,0 @@
---- a/libmisc/xmalloc.c 2008-08-30 21:55:44.000000000 -0500
-+++ b/libmisc/xmalloc.c.new 2008-08-30 21:55:36.000000000 -0500
-@@ -61,5 +61,6 @@
-
- char *xstrdup (const char *str)
- {
-+ if(str == NULL) return NULL;
- return strcpy (xmalloc (strlen (str) + 1), str);
- }
diff --git a/srcpkgs/shadow/template b/srcpkgs/shadow/template
index c7ece33540c9a0..c7cdec783bf7a8 100644
--- a/srcpkgs/shadow/template
+++ b/srcpkgs/shadow/template
@@ -1,23 +1,35 @@
# Template file for 'shadow'
pkgname=shadow
-version=4.8.1
-revision=3
+version=4.14.5
+revision=1
build_style=gnu-configure
-configure_args="--bindir=/usr/bin --sbindir=/usr/bin
- --enable-shared --disable-static
- --with-libpam --without-selinux --with-acl --with-attr --without-su
- --disable-nls --enable-subordinate-ids --disable-account-tools-setuid
+configure_args="--bindir=/usr/bin --sbindir=/usr/bin --libdir=/usr/lib
+ --enable-shared --disable-static --enable-lastlog --with-libpam --with-yescrypt
+ --without-selinux --with-acl --with-attr --without-su --disable-nls
+ --enable-subordinate-ids --disable-account-tools-setuid
--with-group-name-max-length=32"
-hostmakedepends="libtool"
-makedepends="acl-devel pam-devel"
+hostmakedepends="libtool pkg-config"
+makedepends="acl-devel pam-devel libbsd-devel"
depends="pam"
short_desc="Shadow password file utilities"
maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://github.com/shadow-maint/shadow"
distfiles="${homepage}/releases/download/${version}/shadow-${version}.tar.xz"
-checksum=a3ad4630bdc41372f02a647278a8c3514844295d36eefe68ece6c3a641c1ae62
-conf_files="/etc/pam.d/* /etc/default/* /etc/login.defs"
+checksum=cba74bc7b05d89c015afe23131f9159ece38779d40a8af4cf162852e6e85ca23
+conf_files="
+ /etc/pam.d/chage
+ /etc/pam.d/chgpasswd
+ /etc/pam.d/chpasswd
+ /etc/pam.d/groupadd
+ /etc/pam.d/groupdel
+ /etc/pam.d/groupmems
+ /etc/pam.d/groupmod
+ /etc/pam.d/newusers
+ /etc/pam.d/passwd
+ /etc/pam.d/useradd
+ /etc/pam.d/userdel
+ /etc/pam.d/usermod"
if [ "$XBPS_TARGET_LIBC" = "glibc" ]; then
makedepends+=" libxcrypt-devel"
@@ -32,14 +44,16 @@ pre_configure() {
do_build() {
# Don't install groups(1), we use the one from coreutils.
- sed -i 's/groups$(EXEEXT) //' src/Makefile
- for f in $(find man -name Makefile); do
+ sed -i 's/groups$(EXEEXT) //' src/Makefile.in
+ for f in $(find man -name Makefile.in); do
sed -i 's/groups\.1 / /' $f
done
make ${makejobs}
}
post_install() {
+ make -C man DESTDIR="$DESTDIR" install-man
+
mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin
# Install our pam files not the ones supplied with shadow.
@@ -51,14 +65,6 @@ post_install() {
groupmod newusers useradd userdel usermod; do
install -m644 $DESTDIR/etc/pam.d/chage $DESTDIR/etc/pam.d/${f}
done
- install -m644 ${FILESDIR}/login.defs ${DESTDIR}/etc
-
- # Disable creating mailbox files by default.
- sed -i -e 's/yes/no/' $DESTDIR/etc/default/useradd
- # Change default group to the users gid (100).
- sed -i -e 's/^\(GROUP\)=\(.*\)$/\1=100/' ${DESTDIR}/etc/default/useradd
-
- chmod 644 ${DESTDIR}/etc/default/useradd
# Install the cron daily job.
install -Dm744 ${FILESDIR}/shadow.cron-daily \
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (22 preceding siblings ...)
2024-02-22 12:02 ` [PR PATCH] [Updated] " dataCobra
@ 2024-02-22 13:44 ` dkwo
2024-02-22 15:19 ` dataCobra
` (45 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dkwo @ 2024-02-22 13:44 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 228 bytes --]
New comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1959480961
Comment:
see https://github.com/chimera-linux/cports/blob/master/main/shadow/patches/xstrdup.patch
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (23 preceding siblings ...)
2024-02-22 13:44 ` dkwo
@ 2024-02-22 15:19 ` dataCobra
2024-02-24 17:38 ` [PR PATCH] [Updated] " dataCobra
` (44 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-02-22 15:19 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 260 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1959671096
Comment:
> see https://github.com/chimera-linux/cports/blob/master/main/shadow/patches/xstrdup.patch
Thank you for the link.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR PATCH] [Updated] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (24 preceding siblings ...)
2024-02-22 15:19 ` dataCobra
@ 2024-02-24 17:38 ` dataCobra
2024-02-24 20:40 ` dkwo
` (43 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-02-24 17:38 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 674 bytes --]
There is an updated pull request by dataCobra against master on the void-packages repository
https://github.com/dataCobra/void-packages shadow
https://github.com/void-linux/void-packages/pull/48813
shadow: update to 4.14.5.
#### Testing the changes
- I tested the changes in this PR: **YES**
#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- x86_64-musl
- i686
I welcome everyone to test this version. Maybe also on a new installation.
A patch file from https://github.com/void-linux/void-packages/pull/48813.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-shadow-48813.patch --]
[-- Type: text/x-diff, Size: 36723 bytes --]
From 2d486227307412c08ed13067154144e4cc2d5bf2 Mon Sep 17 00:00:00 2001
From: dataCobra <datacobra@thinkbot.de>
Date: Sat, 24 Feb 2024 18:38:27 +0100
Subject: [PATCH] shadow: update to 4.14.5.
---
common/shlibs | 1 +
srcpkgs/shadow/files/login.defs | 87 ---
...pt-login.defs-for-PAM-and-util-linux.patch | 721 ++++++++++++++++++
...d-Arch-Linux-defaults-for-login.defs.patch | 55 ++
.../patches/fix-undefined-reference.patch | 19 +
.../shadow/patches/shadow-strncpy-usage.patch | 23 -
srcpkgs/shadow/patches/useradd-defaults.patch | 21 +
srcpkgs/shadow/patches/xstrdup.patch | 15 +-
srcpkgs/shadow/template | 46 +-
9 files changed, 851 insertions(+), 137 deletions(-)
delete mode 100644 srcpkgs/shadow/files/login.defs
create mode 100644 srcpkgs/shadow/patches/0002-Adapt-login.defs-for-PAM-and-util-linux.patch
create mode 100644 srcpkgs/shadow/patches/0003-Add-Arch-Linux-defaults-for-login.defs.patch
create mode 100644 srcpkgs/shadow/patches/fix-undefined-reference.patch
delete mode 100644 srcpkgs/shadow/patches/shadow-strncpy-usage.patch
create mode 100644 srcpkgs/shadow/patches/useradd-defaults.patch
diff --git a/common/shlibs b/common/shlibs
index 0750383d854a98..b205e0d008e749 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -4284,3 +4284,4 @@ libunicode_ucd.so.0.4 libunicode-0.4.0_1
libunicode_loader.so.0.4 libunicode-0.4.0_1
force-stage.so.0.1 void-force-stage-0.1_1
libliftoff.so.0 libliftoff-0.4.1_1
+libsubid.so.4 shadow-4.14.5_1
diff --git a/srcpkgs/shadow/files/login.defs b/srcpkgs/shadow/files/login.defs
deleted file mode 100644
index 350764846af4b0..00000000000000
--- a/srcpkgs/shadow/files/login.defs
+++ /dev/null
@@ -1,87 +0,0 @@
-# Configuration file for login(1). For more information see
-# login.defs(5).
-
-# Directory where mailboxes reside, _or_ name of file, relative to the
-# home directory. If you do define both, MAIL_DIR takes precedence.
-#
-MAIL_DIR /var/mail
-#MAIL_FILE .mail
-
-# Password aging controls:
-#
-# PASS_MAX_DAYS Maximum number of days a password may be used.
-# PASS_MIN_DAYS Minimum number of days allowed between password changes.
-# PASS_MIN_LEN Minimum acceptable password length.
-# PASS_WARN_AGE Number of days warning given before a password expires.
-PASS_MAX_DAYS 99999
-PASS_MIN_DAYS 0
-PASS_WARN_AGE 7
-
-# Min/max values for automatic uid selection in useradd
-UID_MIN 1000
-UID_MAX 60000
-# System accounts
-SYS_UID_MIN 100
-SYS_UID_MAX 999
-
-# Min/max values for automatic gid selection in groupadd
-GID_MIN 1000
-GID_MAX 60000
-# System accounts
-SYS_GID_MIN 100
-SYS_GID_MAX 999
-
-# If useradd should create home directories for users by default
-CREATE_HOME yes
-
-# This enables userdel to remove user groups if no members exist.
-USERGROUPS_ENAB yes
-
-# Disable MOTD_FILE (empty); use pam_motd(8) instead.
-MOTD_FILE
-
-
-# If defined, either full pathname of a file containing device names or
-# a ":" delimited list of device names. Root logins will be allowed only
-# upon these devices.
-#
-CONSOLE /etc/securetty
-
-# Terminal permissions
-#
-# TTYGROUP Login tty will be assigned this group ownership.
-# TTYPERM Login tty will be set to this permission.
-#
-# If you have a "write" program which is "setgid" to a special group
-# which owns the terminals, define TTYGROUP to the group number and
-# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
-# TTYPERM to either 622 or 600.
-#
-TTYGROUP tty
-TTYPERM 0600
-
-# Login configuration initializations:
-#
-# ERASECHAR Terminal ERASE character ('\010' = backspace).
-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
-# UMASK Default "umask" value.
-#
-# The ERASECHAR and KILLCHAR are used only on System V machines.
-# The ULIMIT is used only if the system supports it.
-# (now it works with setrlimit too; ulimit is in 512-byte units)
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
-ERASECHAR 0177
-KILLCHAR 025
-UMASK 022
-HOME_MODE 0700
-
-# Max number of login retries if password is bad
-#
-LOGIN_RETRIES 5
-
-#
-# Max time in seconds for login
-#
-LOGIN_TIMEOUT 60
diff --git a/srcpkgs/shadow/patches/0002-Adapt-login.defs-for-PAM-and-util-linux.patch b/srcpkgs/shadow/patches/0002-Adapt-login.defs-for-PAM-and-util-linux.patch
new file mode 100644
index 00000000000000..dc794a7c14591f
--- /dev/null
+++ b/srcpkgs/shadow/patches/0002-Adapt-login.defs-for-PAM-and-util-linux.patch
@@ -0,0 +1,721 @@
+From dcc12b1d2bd612923c6c73d0da92fbe1aefa46b1 Mon Sep 17 00:00:00 2001
+From: David Runge <dvzrv@archlinux.org>
+Date: Mon, 31 Oct 2022 09:45:13 +0100
+Subject: [PATCH 2/3] Adapt login.defs for PAM and util-linux
+
+etc/login.defs:
+Remove unused login.defs options, that are either irrelevant due to the
+use of PAM or because the util-linux version of a binary does not
+support them.
+Modify all options that are ignored when using PAM, but are supported by
+util-linux.
+
+Removed options because they are part of PAMDEFS (options in PAMDEFS are
+options silently ignored by shadow when built with PAM enabled):
+* CHFN_AUTH
+* CRACKLIB_DICTPATH
+* ENV_HZ
+* ENVIRON_FILE
+* ENV_TZ
+* FAILLOG_ENAB
+* FTMP_FILE
+* ISSUE_FILE
+* LASTLOG_ENAB
+* LOGIN_STRING
+* MAIL_CHECK_ENAB
+* NOLOGINS_FILE
+* OBSCURE_CHECKS_ENAB
+* PASS_ALWAYS_WARN
+* PASS_CHANGE_TRIES
+* PASS_MAX_LEN
+* PASS_MIN_LEN
+* PORTTIME_CHECKS_ENAB
+* QUOTAS_ENAB
+* SU_WHEEL_ONLY
+* SYSLOG_SU_ENAB
+* ULIMIT
+
+Removed options because they are not availablbe with PAM enabled:
+* BCRYPT_MIN_ROUNDS
+* BCRYPT_MAX_ROUNDS
+* CONSOLE_GROUPS
+* CONSOLE
+* MD5_CRYPT_ENAB
+* PREVENT_NO_AUTH
+
+Removed encryption methods (`ENCRYPT_METHOD`), because they are unsafe
+or not available with PAM:
+* BCRYPT
+* MD5
+
+Removed options because they are not supported by login from util-linux:
+* ERASECHAR
+* KILLCHAR
+* LOG_OK_LOGINS
+* TTYTYPE_FILE
+
+Removed options because they are not supported by su from util-linux:
+* SULOG_FILE
+* SU_NAME
+
+Adapted options because they are in PAMDEFS but are supported by login
+from util-linux:
+* MOTD_FILE
+
+man/login.defs.5.xml:
+Remove unavailable options from man 5 login.defs.
+---
+ etc/login.defs | 228 +------------------------------------------
+ man/login.defs.5.xml | 150 +---------------------------
+ 2 files changed, 8 insertions(+), 370 deletions(-)
+
+diff --git a/etc/login.defs b/etc/login.defs
+index 114dbcd9..797ca6b3 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -3,6 +3,8 @@
+ #
+ # $Id$
+ #
++# NOTE: This file is adapted for the use on Arch Linux!
++# Unsupported options due to the use of util-linux or PAM are removed.
+
+ #
+ # Delay in seconds before being allowed another attempt after a login failure
+@@ -11,26 +13,11 @@
+ #
+ FAIL_DELAY 3
+
+-#
+-# Enable logging and display of /var/log/faillog login(1) failure info.
+-#
+-FAILLOG_ENAB yes
+-
+ #
+ # Enable display of unknown usernames when login(1) failures are recorded.
+ #
+ LOG_UNKFAIL_ENAB no
+
+-#
+-# Enable logging of successful logins
+-#
+-LOG_OK_LOGINS no
+-
+-#
+-# Enable logging and display of /var/log/lastlog login(1) time info.
+-#
+-LASTLOG_ENAB yes
+-
+ #
+ # Limit the highest user ID number for which the lastlog entries should
+ # be updated.
+@@ -40,88 +27,13 @@ LASTLOG_ENAB yes
+ #
+ #LASTLOG_UID_MAX
+
+-#
+-# Enable checking and display of mailbox status upon login.
+-#
+-# Disable if the shell startup files already check for mail
+-# ("mailx -e" or equivalent).
+-#
+-MAIL_CHECK_ENAB yes
+-
+-#
+-# Enable additional checks upon password changes.
+-#
+-OBSCURE_CHECKS_ENAB yes
+-
+-#
+-# Enable checking of time restrictions specified in /etc/porttime.
+-#
+-PORTTIME_CHECKS_ENAB yes
+-
+-#
+-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
+-#
+-QUOTAS_ENAB yes
+-
+-#
+-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
+-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
+-#
+-SYSLOG_SU_ENAB yes
+-SYSLOG_SG_ENAB yes
+-
+-#
+-# If defined, either full pathname of a file containing device names or
+-# a ":" delimited list of device names. Root logins will be allowed only
+-# from these devices.
+-#
+-CONSOLE /etc/securetty
+-#CONSOLE console:tty01:tty02:tty03:tty04
+-
+-#
+-# If defined, all su(1) activity is logged to this file.
+-#
+-#SULOG_FILE /var/log/sulog
+-
+ #
+ # If defined, ":" delimited list of "message of the day" files to
+ # be displayed upon login.
+ #
+-MOTD_FILE /etc/motd
++MOTD_FILE
+ #MOTD_FILE /etc/motd:/usr/lib/news/news-motd
+
+-#
+-# If defined, this file will be output before each login(1) prompt.
+-#
+-#ISSUE_FILE /etc/issue
+-
+-#
+-# If defined, file which maps tty line to TERM environment parameter.
+-# Each line of the file is in a format similar to "vt100 tty01".
+-#
+-#TTYTYPE_FILE /etc/ttytype
+-
+-#
+-# If defined, login(1) failures will be logged here in a utmp format.
+-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
+-#
+-FTMP_FILE /var/log/btmp
+-
+-#
+-# If defined, name of file whose presence will inhibit non-root
+-# logins. The content of this file should be a message indicating
+-# why logins are inhibited.
+-#
+-NOLOGINS_FILE /etc/nologin
+-
+-#
+-# If defined, the command name to display when running "su -". For
+-# example, if this is defined as "su" then ps(1) will display the
+-# command as "-su". If not defined, then ps(1) will display the
+-# name of the shell actually being run, e.g. something like "-sh".
+-#
+-SU_NAME su
+-
+ #
+ # *REQUIRED*
+ # Directory where mailboxes reside, _or_ name of file, relative to the
+@@ -139,21 +51,6 @@ MAIL_DIR /var/spool/mail
+ HUSHLOGIN_FILE .hushlogin
+ #HUSHLOGIN_FILE /etc/hushlogins
+
+-#
+-# If defined, either a TZ environment parameter spec or the
+-# fully-rooted pathname of a file containing such a spec.
+-#
+-#ENV_TZ TZ=CST6CDT
+-#ENV_TZ /etc/tzname
+-
+-#
+-# If defined, an HZ environment parameter spec.
+-#
+-# for Linux/x86
+-ENV_HZ HZ=100
+-# For Linux/Alpha...
+-#ENV_HZ HZ=1024
+-
+ #
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+@@ -175,23 +72,6 @@ ENV_PATH PATH=/bin:/usr/bin
+ TTYGROUP tty
+ TTYPERM 0600
+
+-#
+-# Login configuration initializations:
+-#
+-# ERASECHAR Terminal ERASE character ('\010' = backspace).
+-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
+-# ULIMIT Default "ulimit" value.
+-#
+-# The ERASECHAR and KILLCHAR are used only on System V machines.
+-# The ULIMIT is used only if the system supports it.
+-# (now it works with setrlimit too; ulimit is in 512-byte units)
+-#
+-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+-#
+-ERASECHAR 0177
+-KILLCHAR 025
+-#ULIMIT 2097152
+-
+ # Default initial "umask" value used by login(1) on non-PAM enabled systems.
+ # Default "umask" value for pam_umask(8) on PAM enabled systems.
+ # UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+@@ -211,27 +91,12 @@ UMASK 022
+ #
+ # PASS_MAX_DAYS Maximum number of days a password may be used.
+ # PASS_MIN_DAYS Minimum number of days allowed between password changes.
+-# PASS_MIN_LEN Minimum acceptable password length.
+ # PASS_WARN_AGE Number of days warning given before a password expires.
+ #
+ PASS_MAX_DAYS 99999
+ PASS_MIN_DAYS 0
+-PASS_MIN_LEN 5
+ PASS_WARN_AGE 7
+
+-#
+-# If "yes", the user must be listed as a member of the first gid 0 group
+-# in /etc/group (called "root" on most Linux systems) to be able to "su"
+-# to uid 0 accounts. If the group doesn't exist or is empty, no one
+-# will be able to "su" to uid 0.
+-#
+-SU_WHEEL_ONLY no
+-
+-#
+-# If compiled with cracklib support, sets the path to the dictionaries
+-#
+-CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
+-
+ #
+ # Min/max values for automatic uid selection in useradd(8)
+ #
+@@ -268,28 +133,6 @@ LOGIN_RETRIES 5
+ #
+ LOGIN_TIMEOUT 60
+
+-#
+-# Maximum number of attempts to change password if rejected (too easy)
+-#
+-PASS_CHANGE_TRIES 5
+-
+-#
+-# Warn about weak passwords (but still allow them) if you are root.
+-#
+-PASS_ALWAYS_WARN yes
+-
+-#
+-# Number of significant characters in the password for crypt().
+-# Default is 8, don't change unless your crypt() is better.
+-# Ignored if MD5_CRYPT_ENAB set to "yes".
+-#
+-#PASS_MAX_LEN 8
+-
+-#
+-# Require password before chfn(1)/chsh(1) can make any changes.
+-#
+-CHFN_AUTH yes
+-
+ #
+ # Which fields may be changed by regular users using chfn(1) - use
+ # any combination of letters "frwh" (full name, room number, work
+@@ -298,38 +141,13 @@ CHFN_AUTH yes
+ #
+ CHFN_RESTRICT rwh
+
+-#
+-# Password prompt (%s will be replaced by user name).
+-#
+-# XXX - it doesn't work correctly yet, for now leave it commented out
+-# to use the default which is just "Password: ".
+-#LOGIN_STRING "%s's Password: "
+-
+-#
+-# Only works if compiled with MD5_CRYPT defined:
+-# If set to "yes", new passwords will be encrypted using the MD5-based
+-# algorithm compatible with the one used by recent releases of FreeBSD.
+-# It supports passwords of unlimited length and longer salt strings.
+-# Set to "no" if you need to copy encrypted passwords to other systems
+-# which don't understand the new algorithm. Default is "no".
+-#
+-# Note: If you use PAM, it is recommended to use a value consistent with
+-# the PAM modules configuration.
+-#
+-# This variable is deprecated. You should use ENCRYPT_METHOD instead.
+-#
+-#MD5_CRYPT_ENAB no
+-
+ #
+ # Only works if compiled with ENCRYPTMETHOD_SELECT defined:
+-# If set to MD5, MD5-based algorithm will be used for encrypting password
+ # If set to SHA256, SHA256-based algorithm will be used for encrypting password
+ # If set to SHA512, SHA512-based algorithm will be used for encrypting password
+-# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
+ # If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
+ # If set to DES, DES-based algorithm will be used for encrypting password (default)
+ # MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
+-# Overrides the MD5_CRYPT_ENAB option
+ #
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+@@ -353,21 +171,6 @@ CHFN_RESTRICT rwh
+ #SHA_CRYPT_MIN_ROUNDS 5000
+ #SHA_CRYPT_MAX_ROUNDS 5000
+
+-#
+-# Only works if ENCRYPT_METHOD is set to BCRYPT.
+-#
+-# Define the number of BCRYPT rounds.
+-# With a lot of rounds, it is more difficult to brute-force the password.
+-# However, more CPU resources will be needed to authenticate users if
+-# this value is increased.
+-#
+-# If not specified, 13 rounds will be attempted.
+-# If only one of the MIN or MAX values is set, then this value will be used.
+-# If MIN > MAX, the highest value will be used.
+-#
+-#BCRYPT_MIN_ROUNDS 13
+-#BCRYPT_MAX_ROUNDS 13
+-
+ #
+ # Only works if ENCRYPT_METHOD is set to YESCRYPT.
+ #
+@@ -381,17 +184,6 @@ CHFN_RESTRICT rwh
+ #
+ #YESCRYPT_COST_FACTOR 5
+
+-#
+-# List of groups to add to the user's supplementary group set
+-# when logging in from the console (as determined by the CONSOLE
+-# setting). Default is none.
+-#
+-# Use with caution - it is possible for users to gain permanent
+-# access to these groups, even when not logged in from the console.
+-# How to do it is left as an exercise for the reader...
+-#
+-#CONSOLE_GROUPS floppy:audio:cdrom
+-
+ #
+ # Should login be allowed if we can't cd to the home directory?
+ # Default is no.
+@@ -406,12 +198,6 @@ DEFAULT_HOME yes
+ #
+ NONEXISTENT /nonexistent
+
+-#
+-# If this file exists and is readable, login environment will be
+-# read from it. Every line should be in the form name=value.
+-#
+-ENVIRON_FILE /etc/environment
+-
+ #
+ # If defined, this command is run when removing a user.
+ # It should remove any at/cron/print jobs etc. owned by
+@@ -459,14 +245,6 @@ USERGROUPS_ENAB yes
+ #
+ #GRANT_AUX_GROUP_SUBIDS yes
+
+-#
+-# Prevents an empty password field to be interpreted as "no authentication
+-# required".
+-# Set to "yes" to prevent for all accounts
+-# Set to "superuser" to prevent for UID 0 / root (default)
+-# Set to "no" to not prevent for any account (dangerous, historical default)
+-PREVENT_NO_AUTH superuser
+-
+ #
+ # Select the HMAC cryptography algorithm.
+ # Used in pam_timestamp module to calculate the keyed-hash message
+diff --git a/man/login.defs.5.xml b/man/login.defs.5.xml
+index ab62fa86..d82c47f1 100644
+--- a/man/login.defs.5.xml
++++ b/man/login.defs.5.xml
+@@ -7,69 +7,38 @@
+ -->
+ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+-<!ENTITY CHFN_AUTH SYSTEM "login.defs.d/CHFN_AUTH.xml">
+ <!ENTITY CHFN_RESTRICT SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
+-<!ENTITY CHSH_AUTH SYSTEM "login.defs.d/CHSH_AUTH.xml">
+-<!ENTITY CONSOLE SYSTEM "login.defs.d/CONSOLE.xml">
+-<!ENTITY CONSOLE_GROUPS SYSTEM "login.defs.d/CONSOLE_GROUPS.xml">
+ <!ENTITY CREATE_HOME SYSTEM "login.defs.d/CREATE_HOME.xml">
+ <!ENTITY DEFAULT_HOME SYSTEM "login.defs.d/DEFAULT_HOME.xml">
+ <!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
+-<!ENTITY ENV_HZ SYSTEM "login.defs.d/ENV_HZ.xml">
+ <!ENTITY ENV_PATH SYSTEM "login.defs.d/ENV_PATH.xml">
+ <!ENTITY ENV_SUPATH SYSTEM "login.defs.d/ENV_SUPATH.xml">
+-<!ENTITY ENV_TZ SYSTEM "login.defs.d/ENV_TZ.xml">
+-<!ENTITY ENVIRON_FILE SYSTEM "login.defs.d/ENVIRON_FILE.xml">
+-<!ENTITY ERASECHAR SYSTEM "login.defs.d/ERASECHAR.xml">
+ <!ENTITY FAIL_DELAY SYSTEM "login.defs.d/FAIL_DELAY.xml">
+-<!ENTITY FAILLOG_ENAB SYSTEM "login.defs.d/FAILLOG_ENAB.xml">
+-<!ENTITY FAKE_SHELL SYSTEM "login.defs.d/FAKE_SHELL.xml">
+-<!ENTITY FTMP_FILE SYSTEM "login.defs.d/FTMP_FILE.xml">
+ <!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
+ <!ENTITY HMAC_CRYPTO_ALGO SYSTEM "login.defs.d/HMAC_CRYPTO_ALGO.xml">
+ <!ENTITY HOME_MODE SYSTEM "login.defs.d/HOME_MODE.xml">
+ <!ENTITY HUSHLOGIN_FILE SYSTEM "login.defs.d/HUSHLOGIN_FILE.xml">
+-<!ENTITY ISSUE_FILE SYSTEM "login.defs.d/ISSUE_FILE.xml">
+-<!ENTITY KILLCHAR SYSTEM "login.defs.d/KILLCHAR.xml">
+-<!ENTITY LASTLOG_ENAB SYSTEM "login.defs.d/LASTLOG_ENAB.xml">
+ <!ENTITY LASTLOG_UID_MAX SYSTEM "login.defs.d/LASTLOG_UID_MAX.xml">
+-<!ENTITY LOG_OK_LOGINS SYSTEM "login.defs.d/LOG_OK_LOGINS.xml">
+ <!ENTITY LOG_UNKFAIL_ENAB SYSTEM "login.defs.d/LOG_UNKFAIL_ENAB.xml">
+ <!ENTITY LOGIN_RETRIES SYSTEM "login.defs.d/LOGIN_RETRIES.xml">
+-<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
+ <!ENTITY LOGIN_TIMEOUT SYSTEM "login.defs.d/LOGIN_TIMEOUT.xml">
+-<!ENTITY MAIL_CHECK_ENAB SYSTEM "login.defs.d/MAIL_CHECK_ENAB.xml">
+ <!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
+ <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
+-<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
+ <!ENTITY MOTD_FILE SYSTEM "login.defs.d/MOTD_FILE.xml">
+-<!ENTITY NOLOGINS_FILE SYSTEM "login.defs.d/NOLOGINS_FILE.xml">
+ <!ENTITY NONEXISTENT SYSTEM "login.defs.d/NONEXISTENT.xml">
+-<!ENTITY OBSCURE_CHECKS_ENAB SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
+-<!ENTITY PASS_ALWAYS_WARN SYSTEM "login.defs.d/PASS_ALWAYS_WARN.xml">
+-<!ENTITY PASS_CHANGE_TRIES SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
+-<!ENTITY PASS_MAX_LEN SYSTEM "login.defs.d/PASS_MAX_LEN.xml">
+ <!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
+ <!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
+ <!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
+-<!ENTITY PORTTIME_CHECKS_ENAB SYSTEM "login.defs.d/PORTTIME_CHECKS_ENAB.xml">
+-<!ENTITY QUOTAS_ENAB SYSTEM "login.defs.d/QUOTAS_ENAB.xml">
+ <!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+-<!ENTITY SULOG_FILE SYSTEM "login.defs.d/SULOG_FILE.xml">
+-<!ENTITY SU_NAME SYSTEM "login.defs.d/SU_NAME.xml">
+-<!ENTITY SU_WHEEL_ONLY SYSTEM "login.defs.d/SU_WHEEL_ONLY.xml">
+ <!ENTITY SUB_GID_COUNT SYSTEM "login.defs.d/SUB_GID_COUNT.xml">
+ <!ENTITY SUB_UID_COUNT SYSTEM "login.defs.d/SUB_UID_COUNT.xml">
+ <!ENTITY SYS_GID_MAX SYSTEM "login.defs.d/SYS_GID_MAX.xml">
+ <!ENTITY SYSLOG_SG_ENAB SYSTEM "login.defs.d/SYSLOG_SG_ENAB.xml">
+-<!ENTITY SYSLOG_SU_ENAB SYSTEM "login.defs.d/SYSLOG_SU_ENAB.xml">
+ <!ENTITY SYS_UID_MAX SYSTEM "login.defs.d/SYS_UID_MAX.xml">
+ <!ENTITY TCB_AUTH_GROUP SYSTEM "login.defs.d/TCB_AUTH_GROUP.xml">
+ <!ENTITY TCB_SYMLINKS SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
+ <!ENTITY TTYGROUP SYSTEM "login.defs.d/TTYGROUP.xml">
+-<!ENTITY TTYTYPE_FILE SYSTEM "login.defs.d/TTYTYPE_FILE.xml">
+ <!ENTITY UID_MAX SYSTEM "login.defs.d/UID_MAX.xml">
+-<!ENTITY ULIMIT SYSTEM "login.defs.d/ULIMIT.xml">
+ <!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
+ <!ENTITY USERDEL_CMD SYSTEM "login.defs.d/USERDEL_CMD.xml">
+ <!ENTITY USERGROUPS_ENAB SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
+@@ -145,47 +114,25 @@
+ <para>The following configuration items are provided:</para>
+
+ <variablelist remap='IP'>
+- &CHFN_AUTH;
+ &CHFN_RESTRICT;
+- &CHSH_AUTH;
+- &CONSOLE;
+- &CONSOLE_GROUPS;
+ &CREATE_HOME;
+ &DEFAULT_HOME;
+ &ENCRYPT_METHOD;
+- &ENV_HZ;
+ &ENV_PATH;
+ &ENV_SUPATH;
+- &ENV_TZ;
+- &ENVIRON_FILE;
+- &ERASECHAR;
+ &FAIL_DELAY;
+- &FAILLOG_ENAB;
+- &FAKE_SHELL;
+- &FTMP_FILE;
+ &GID_MAX; <!-- documents also GID_MIN -->
+ &HMAC_CRYPTO_ALGO;
+ &HOME_MODE;
+ &HUSHLOGIN_FILE;
+- &ISSUE_FILE;
+- &KILLCHAR;
+- &LASTLOG_ENAB;
+ &LASTLOG_UID_MAX;
+- &LOG_OK_LOGINS;
+ &LOG_UNKFAIL_ENAB;
+ &LOGIN_RETRIES;
+- &LOGIN_STRING;
+ &LOGIN_TIMEOUT;
+- &MAIL_CHECK_ENAB;
+ &MAIL_DIR;
+ &MAX_MEMBERS_PER_GROUP;
+- &MD5_CRYPT_ENAB;
+ &MOTD_FILE;
+- &NOLOGINS_FILE;
+ &NONEXISTENT;
+- &OBSCURE_CHECKS_ENAB;
+- &PASS_ALWAYS_WARN;
+- &PASS_CHANGE_TRIES;
+ &PASS_MAX_DAYS;
+ &PASS_MIN_DAYS;
+ &PASS_WARN_AGE;
+@@ -195,25 +142,16 @@
+ time of account creation. Any changes to these settings won't affect
+ existing accounts.
+ </para>
+- &PASS_MAX_LEN; <!-- documents also PASS_MIN_LEN -->
+- &PORTTIME_CHECKS_ENAB;
+- "AS_ENAB;
+ &SHA_CRYPT_MIN_ROUNDS; <!-- documents also SHA_CRYPT_MAX_ROUNDS -->
+- &SULOG_FILE;
+- &SU_NAME;
+- &SU_WHEEL_ONLY;
+ &SUB_GID_COUNT; <!-- documents also SUB_GID_MIN SUB_GID_MAX -->
+ &SUB_UID_COUNT; <!-- documents also SUB_UID_MIN SUB_UID_MAX -->
+ &SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
+ &SYS_UID_MAX; <!-- documents also SYS_UID_MIN -->
+ &SYSLOG_SG_ENAB;
+- &SYSLOG_SU_ENAB;
+ &TCB_AUTH_GROUP;
+ &TCB_SYMLINKS;
+ &TTYGROUP;
+- &TTYTYPE_FILE;
+ &UID_MAX; <!-- documents also UID_MIN -->
+- &ULIMIT;
+ &UMASK;
+ &USERDEL_CMD;
+ &USERGROUPS_ENAB;
+@@ -239,9 +177,7 @@
+ <term>chfn</term>
+ <listitem>
+ <para>
+- <phrase condition="no_pam">CHFN_AUTH</phrase>
+ CHFN_RESTRICT
+- <phrase condition="no_pam">LOGIN_STRING</phrase>
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -249,7 +185,7 @@
+ <term>chgpasswd</term>
+ <listitem>
+ <para>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -259,8 +195,6 @@
+ <term>chpasswd</term>
+ <listitem>
+ <para>
+- <phrase condition="no_pam">ENCRYPT_METHOD
+- MD5_CRYPT_ENAB </phrase>
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -270,7 +204,7 @@
+ <term>chsh</term>
+ <listitem>
+ <para>
+- CHSH_AUTH LOGIN_STRING
++ CHSH_AUTH
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -280,7 +214,7 @@
+ <term>gpasswd</term>
+ <listitem>
+ <para>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -339,35 +273,6 @@
+ <para>LASTLOG_UID_MAX</para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>login</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENV_PATH ENV_SUPATH
+- ENV_TZ ENVIRON_FILE</phrase>
+- ERASECHAR FAIL_DELAY
+- <phrase condition="no_pam">FAILLOG_ENAB</phrase>
+- FAKE_SHELL
+- <phrase condition="no_pam">FTMP_FILE</phrase>
+- HUSHLOGIN_FILE
+- <phrase condition="no_pam">ISSUE_FILE</phrase>
+- KILLCHAR
+- <phrase condition="no_pam">LASTLOG_ENAB LASTLOG_UID_MAX</phrase>
+- LOGIN_RETRIES
+- <phrase condition="no_pam">LOGIN_STRING</phrase>
+- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
+- <phrase condition="no_pam">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
+- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
+- QUOTAS_ENAB</phrase>
+- TTYGROUP TTYPERM TTYTYPE_FILE
+- <phrase condition="no_pam">ULIMIT UMASK</phrase>
+- USERGROUPS_ENAB
+- </para>
+- </listitem>
+- </varlistentry>
+- <!-- logoutd: no variables -->
+ <varlistentry>
+ <term>newgrp / sg</term>
+ <listitem>
+@@ -382,7 +287,7 @@
+ <para>
+ ENCRYPT_METHOD
+ GID_MAX GID_MIN
+- MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ MAX_MEMBERS_PER_GROUP
+ HOME_MODE
+ PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+@@ -399,8 +304,7 @@
+ <term>passwd</term>
+ <listitem>
+ <para>
+- ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
+- PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
++ ENCRYPT_METHOD
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -432,32 +336,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>su</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENVIRON_FILE</phrase>
+- ENV_PATH ENV_SUPATH
+- <phrase condition="no_pam">ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
+- MAIL_DIR MAIL_FILE QUOTAS_ENAB</phrase>
+- SULOG_FILE SU_NAME
+- <phrase condition="no_pam">SU_WHEEL_ONLY</phrase>
+- SYSLOG_SU_ENAB
+- <phrase condition="no_pam">USERGROUPS_ENAB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry>
+- <term>sulogin</term>
+- <listitem>
+- <para>
+- ENV_HZ
+- <phrase condition="no_pam">ENV_TZ</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+ <varlistentry>
+ <term>useradd</term>
+ <listitem>
+@@ -486,24 +364,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>usermod</term>
+- <listitem>
+- <para>
+- LASTLOG_UID_MAX
+- MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP
+- <phrase condition="tcb">TCB_SYMLINKS USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry condition="tcb">
+- <term>vipw</term>
+- <listitem>
+- <para>
+- <phrase condition="tcb">USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+ </variablelist>
+ </refsect1>
+
+--
+2.43.2
+
diff --git a/srcpkgs/shadow/patches/0003-Add-Arch-Linux-defaults-for-login.defs.patch b/srcpkgs/shadow/patches/0003-Add-Arch-Linux-defaults-for-login.defs.patch
new file mode 100644
index 00000000000000..e8b5885d1250bf
--- /dev/null
+++ b/srcpkgs/shadow/patches/0003-Add-Arch-Linux-defaults-for-login.defs.patch
@@ -0,0 +1,55 @@
+From 7eb2d0b9eff128c404ef7a6d07aa597ac9ca2d84 Mon Sep 17 00:00:00 2001
+From: David Runge <dvzrv@archlinux.org>
+Date: Mon, 31 Oct 2022 10:10:22 +0100
+Subject: [PATCH 3/3] Add Arch Linux defaults for login.defs
+
+etc/login.defs:
+- Change `ENV_SUPATH` and `ENV_SUPATH` to only use
+ /usr/local/sbin:/usr/local/bin:/usr/bin as Arch Linux is a /usr and
+ bin merge distribution.
+- Set `HOME_MODE` to `0700` to be able to rely on a `UMASK` of `022`
+ while creating home directories in a privacy conserving manner.
+- Change SYS_UID_MIN and SYS_GID_MIN to 500 which gives more space for
+ distribution added UIDs and GIDs of system users.
+- Change ENCRYPT_METHOD to YESCRYPT as it is a safer hashing algorithm
+ than DES.
+---
+ etc/login.defs | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/etc/login.defs b/etc/login.defs
+index 797ca6b3..c4accbf8 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -55,8 +55,8 @@ HUSHLOGIN_FILE .hushlogin
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+ # (they are minimal, add the rest in the shell startup files)
+-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
+-ENV_PATH PATH=/bin:/usr/bin
++ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
++ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+
+ #
+ # Terminal permissions
+@@ -84,7 +84,7 @@ UMASK 022
+ # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+ # home directories.
+ # If HOME_MODE is not set, the value of UMASK is used to create the mode.
+-#HOME_MODE 0700
++HOME_MODE 0700
+
+ #
+ # Password aging controls:
+@@ -152,7 +152,7 @@ CHFN_RESTRICT rwh
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+-#ENCRYPT_METHOD DES
++ENCRYPT_METHOD YESCRYPT
+
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+--
+2.43.2
+
diff --git a/srcpkgs/shadow/patches/fix-undefined-reference.patch b/srcpkgs/shadow/patches/fix-undefined-reference.patch
new file mode 100644
index 00000000000000..4a3e742b9837b7
--- /dev/null
+++ b/srcpkgs/shadow/patches/fix-undefined-reference.patch
@@ -0,0 +1,19 @@
+--- a/lib/alloc.h
++++ b/lib/alloc.h
+@@ -84,14 +84,14 @@
+ }
+
+
+-inline void *
++static inline void *
+ mallocarray(size_t nmemb, size_t size)
+ {
+ return reallocarray(NULL, nmemb, size);
+ }
+
+
+-inline void *
++static inline void *
+ reallocarrayf(void *p, size_t nmemb, size_t size)
+ {
+ void *q;
diff --git a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch b/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
deleted file mode 100644
index c5564fffdc3852..00000000000000
--- a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
+++ /dev/null
@@ -1,23 +0,0 @@
---- a/src/usermod.c 2012-02-13 08:19:43.792146449 -0500
-+++ b/src/usermod.c 2012-02-13 08:21:19.375114500 -0500
-@@ -182,7 +182,7 @@
- struct tm *tp;
-
- if (date < 0) {
-- strncpy (buf, "never", maxsize);
-+ strncpy (buf, "never", maxsize - 1);
- } else {
- time_t t = (time_t) date;
- tp = gmtime (&t);
---- a/src/login.c 2012-02-13 08:19:50.951994454 -0500
-+++ b/src/login.c 2012-02-13 08:21:04.490430937 -0500
-@@ -752,7 +752,8 @@
- _("%s login: "), hostn);
- } else {
- strncpy (loginprompt, _("login: "),
-- sizeof (loginprompt));
-+ sizeof (loginprompt) - 1);
-+ loginprompt[sizeof (loginprompt) - 1] = '\0';
- }
-
- retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
diff --git a/srcpkgs/shadow/patches/useradd-defaults.patch b/srcpkgs/shadow/patches/useradd-defaults.patch
new file mode 100644
index 00000000000000..38035df40cfcab
--- /dev/null
+++ b/srcpkgs/shadow/patches/useradd-defaults.patch
@@ -0,0 +1,21 @@
+diff --git a/src/useradd.c b/src/useradd.c
+index 677ea5a636f..49f55211a17 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -87,14 +87,14 @@ const char *Prog;
+ /*
+ * These defaults are used if there is no defaults file.
+ */
+-static gid_t def_group = 1000;
++static gid_t def_group = 100;
+ static const char *def_groups = "";
+ static const char *def_gname = "other";
+ static const char *def_home = "/home";
+ static const char *def_shell = "/bin/bash";
+ static const char *def_template = SKEL_DIR;
+ static const char *def_usrtemplate = USRSKELDIR;
+-static const char *def_create_mail_spool = "yes";
++static const char *def_create_mail_spool = "no";
+ static const char *def_log_init = "yes";
+
+ static long def_inactive = -1;
diff --git a/srcpkgs/shadow/patches/xstrdup.patch b/srcpkgs/shadow/patches/xstrdup.patch
index 562febcf4164f1..f9de5f2e8bd7a2 100644
--- a/srcpkgs/shadow/patches/xstrdup.patch
+++ b/srcpkgs/shadow/patches/xstrdup.patch
@@ -1,9 +1,10 @@
---- a/libmisc/xmalloc.c 2008-08-30 21:55:44.000000000 -0500
-+++ b/libmisc/xmalloc.c.new 2008-08-30 21:55:36.000000000 -0500
-@@ -61,5 +61,6 @@
-
- char *xstrdup (const char *str)
+--- a/lib/alloc.h
++++ b/lib/alloc.h
+@@ -108,6 +108,7 @@ reallocarrayf(void *p, size_t nmemb, size_t size)
+ inline char *
+ xstrdup(const char *str)
{
-+ if(str == NULL) return NULL;
- return strcpy (xmalloc (strlen (str) + 1), str);
++ if (str == NULL) return NULL;
+ return strcpy(XMALLOC(strlen(str) + 1, char), str);
}
+
diff --git a/srcpkgs/shadow/template b/srcpkgs/shadow/template
index c7ece33540c9a0..c7cdec783bf7a8 100644
--- a/srcpkgs/shadow/template
+++ b/srcpkgs/shadow/template
@@ -1,23 +1,35 @@
# Template file for 'shadow'
pkgname=shadow
-version=4.8.1
-revision=3
+version=4.14.5
+revision=1
build_style=gnu-configure
-configure_args="--bindir=/usr/bin --sbindir=/usr/bin
- --enable-shared --disable-static
- --with-libpam --without-selinux --with-acl --with-attr --without-su
- --disable-nls --enable-subordinate-ids --disable-account-tools-setuid
+configure_args="--bindir=/usr/bin --sbindir=/usr/bin --libdir=/usr/lib
+ --enable-shared --disable-static --enable-lastlog --with-libpam --with-yescrypt
+ --without-selinux --with-acl --with-attr --without-su --disable-nls
+ --enable-subordinate-ids --disable-account-tools-setuid
--with-group-name-max-length=32"
-hostmakedepends="libtool"
-makedepends="acl-devel pam-devel"
+hostmakedepends="libtool pkg-config"
+makedepends="acl-devel pam-devel libbsd-devel"
depends="pam"
short_desc="Shadow password file utilities"
maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://github.com/shadow-maint/shadow"
distfiles="${homepage}/releases/download/${version}/shadow-${version}.tar.xz"
-checksum=a3ad4630bdc41372f02a647278a8c3514844295d36eefe68ece6c3a641c1ae62
-conf_files="/etc/pam.d/* /etc/default/* /etc/login.defs"
+checksum=cba74bc7b05d89c015afe23131f9159ece38779d40a8af4cf162852e6e85ca23
+conf_files="
+ /etc/pam.d/chage
+ /etc/pam.d/chgpasswd
+ /etc/pam.d/chpasswd
+ /etc/pam.d/groupadd
+ /etc/pam.d/groupdel
+ /etc/pam.d/groupmems
+ /etc/pam.d/groupmod
+ /etc/pam.d/newusers
+ /etc/pam.d/passwd
+ /etc/pam.d/useradd
+ /etc/pam.d/userdel
+ /etc/pam.d/usermod"
if [ "$XBPS_TARGET_LIBC" = "glibc" ]; then
makedepends+=" libxcrypt-devel"
@@ -32,14 +44,16 @@ pre_configure() {
do_build() {
# Don't install groups(1), we use the one from coreutils.
- sed -i 's/groups$(EXEEXT) //' src/Makefile
- for f in $(find man -name Makefile); do
+ sed -i 's/groups$(EXEEXT) //' src/Makefile.in
+ for f in $(find man -name Makefile.in); do
sed -i 's/groups\.1 / /' $f
done
make ${makejobs}
}
post_install() {
+ make -C man DESTDIR="$DESTDIR" install-man
+
mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin
# Install our pam files not the ones supplied with shadow.
@@ -51,14 +65,6 @@ post_install() {
groupmod newusers useradd userdel usermod; do
install -m644 $DESTDIR/etc/pam.d/chage $DESTDIR/etc/pam.d/${f}
done
- install -m644 ${FILESDIR}/login.defs ${DESTDIR}/etc
-
- # Disable creating mailbox files by default.
- sed -i -e 's/yes/no/' $DESTDIR/etc/default/useradd
- # Change default group to the users gid (100).
- sed -i -e 's/^\(GROUP\)=\(.*\)$/\1=100/' ${DESTDIR}/etc/default/useradd
-
- chmod 644 ${DESTDIR}/etc/default/useradd
# Install the cron daily job.
install -Dm744 ${FILESDIR}/shadow.cron-daily \
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (25 preceding siblings ...)
2024-02-24 17:38 ` [PR PATCH] [Updated] " dataCobra
@ 2024-02-24 20:40 ` dkwo
2024-02-24 20:43 ` dkwo
` (42 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dkwo @ 2024-02-24 20:40 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 455 bytes --]
New comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1962726411
Comment:
- does it make sense to disable RUSEROK for all libc through a patch, instead of selectively in pre_configure?
- same for groups(1): instead of in do_build, can this be done in a patch?
- is the use of a license file still needed?
- i think we should have only one patch for login.defs, which can be void-specific
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (26 preceding siblings ...)
2024-02-24 20:40 ` dkwo
@ 2024-02-24 20:43 ` dkwo
2024-02-25 14:26 ` [PR PATCH] [Updated] " dataCobra
` (41 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dkwo @ 2024-02-24 20:43 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 401 bytes --]
New comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1962726936
Comment:
e.g. see https://gitlab.archlinux.org/archlinux/packaging/packages/shadow/-/blob/main/0001-Disable-replaced-tools-their-man-pages-and-PAM-integ.patch?ref_type=heads and https://github.com/chimera-linux/cports/blob/master/main/shadow/patches/disable-ruserok.patch
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR PATCH] [Updated] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (27 preceding siblings ...)
2024-02-24 20:43 ` dkwo
@ 2024-02-25 14:26 ` dataCobra
2024-02-25 14:31 ` dataCobra
` (40 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-02-25 14:26 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 674 bytes --]
There is an updated pull request by dataCobra against master on the void-packages repository
https://github.com/dataCobra/void-packages shadow
https://github.com/void-linux/void-packages/pull/48813
shadow: update to 4.14.5.
#### Testing the changes
- I tested the changes in this PR: **YES**
#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- x86_64-musl
- i686
I welcome everyone to test this version. Maybe also on a new installation.
A patch file from https://github.com/void-linux/void-packages/pull/48813.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-shadow-48813.patch --]
[-- Type: text/x-diff, Size: 36497 bytes --]
From d7101d7f1b366de0dc7b5264427307f53a63f65b Mon Sep 17 00:00:00 2001
From: dataCobra <datacobra@thinkbot.de>
Date: Sun, 25 Feb 2024 15:26:19 +0100
Subject: [PATCH] shadow: update to 4.14.5.
---
common/shlibs | 1 +
srcpkgs/shadow/files/login.defs | 87 ---
...pt-login.defs-for-PAM-and-util-linux.patch | 721 ++++++++++++++++++
srcpkgs/shadow/patches/disable-ruserok.patch | 12 +
.../patches/fix-undefined-reference.patch | 19 +
.../shadow/patches/shadow-strncpy-usage.patch | 23 -
srcpkgs/shadow/patches/useradd-defaults.patch | 21 +
.../void-linux-defaults-for-login.defs.patch | 33 +
srcpkgs/shadow/patches/xstrdup.patch | 15 +-
srcpkgs/shadow/template | 53 +-
10 files changed, 841 insertions(+), 144 deletions(-)
delete mode 100644 srcpkgs/shadow/files/login.defs
create mode 100644 srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch
create mode 100644 srcpkgs/shadow/patches/disable-ruserok.patch
create mode 100644 srcpkgs/shadow/patches/fix-undefined-reference.patch
delete mode 100644 srcpkgs/shadow/patches/shadow-strncpy-usage.patch
create mode 100644 srcpkgs/shadow/patches/useradd-defaults.patch
create mode 100644 srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch
diff --git a/common/shlibs b/common/shlibs
index 695794c63daed..0f8fc032e3dd6 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -4284,3 +4284,4 @@ libunicode_ucd.so.0.4 libunicode-0.4.0_1
libunicode_loader.so.0.4 libunicode-0.4.0_1
force-stage.so.0.1 void-force-stage-0.1_1
libliftoff.so.0 libliftoff-0.4.1_1
+libsubid.so.4 shadow-4.14.5_1
diff --git a/srcpkgs/shadow/files/login.defs b/srcpkgs/shadow/files/login.defs
deleted file mode 100644
index 350764846af4b..0000000000000
--- a/srcpkgs/shadow/files/login.defs
+++ /dev/null
@@ -1,87 +0,0 @@
-# Configuration file for login(1). For more information see
-# login.defs(5).
-
-# Directory where mailboxes reside, _or_ name of file, relative to the
-# home directory. If you do define both, MAIL_DIR takes precedence.
-#
-MAIL_DIR /var/mail
-#MAIL_FILE .mail
-
-# Password aging controls:
-#
-# PASS_MAX_DAYS Maximum number of days a password may be used.
-# PASS_MIN_DAYS Minimum number of days allowed between password changes.
-# PASS_MIN_LEN Minimum acceptable password length.
-# PASS_WARN_AGE Number of days warning given before a password expires.
-PASS_MAX_DAYS 99999
-PASS_MIN_DAYS 0
-PASS_WARN_AGE 7
-
-# Min/max values for automatic uid selection in useradd
-UID_MIN 1000
-UID_MAX 60000
-# System accounts
-SYS_UID_MIN 100
-SYS_UID_MAX 999
-
-# Min/max values for automatic gid selection in groupadd
-GID_MIN 1000
-GID_MAX 60000
-# System accounts
-SYS_GID_MIN 100
-SYS_GID_MAX 999
-
-# If useradd should create home directories for users by default
-CREATE_HOME yes
-
-# This enables userdel to remove user groups if no members exist.
-USERGROUPS_ENAB yes
-
-# Disable MOTD_FILE (empty); use pam_motd(8) instead.
-MOTD_FILE
-
-
-# If defined, either full pathname of a file containing device names or
-# a ":" delimited list of device names. Root logins will be allowed only
-# upon these devices.
-#
-CONSOLE /etc/securetty
-
-# Terminal permissions
-#
-# TTYGROUP Login tty will be assigned this group ownership.
-# TTYPERM Login tty will be set to this permission.
-#
-# If you have a "write" program which is "setgid" to a special group
-# which owns the terminals, define TTYGROUP to the group number and
-# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
-# TTYPERM to either 622 or 600.
-#
-TTYGROUP tty
-TTYPERM 0600
-
-# Login configuration initializations:
-#
-# ERASECHAR Terminal ERASE character ('\010' = backspace).
-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
-# UMASK Default "umask" value.
-#
-# The ERASECHAR and KILLCHAR are used only on System V machines.
-# The ULIMIT is used only if the system supports it.
-# (now it works with setrlimit too; ulimit is in 512-byte units)
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
-ERASECHAR 0177
-KILLCHAR 025
-UMASK 022
-HOME_MODE 0700
-
-# Max number of login retries if password is bad
-#
-LOGIN_RETRIES 5
-
-#
-# Max time in seconds for login
-#
-LOGIN_TIMEOUT 60
diff --git a/srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch b/srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch
new file mode 100644
index 0000000000000..dd375e1348ccc
--- /dev/null
+++ b/srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch
@@ -0,0 +1,721 @@
+From dcc12b1d2bd612923c6c73d0da92fbe1aefa46b1 Mon Sep 17 00:00:00 2001
+From: David Runge <dvzrv@archlinux.org>
+Date: Mon, 31 Oct 2022 09:45:13 +0100
+Subject: [PATCH 2/3] Adapt login.defs for PAM and util-linux
+
+etc/login.defs:
+Remove unused login.defs options, that are either irrelevant due to the
+use of PAM or because the util-linux version of a binary does not
+support them.
+Modify all options that are ignored when using PAM, but are supported by
+util-linux.
+
+Removed options because they are part of PAMDEFS (options in PAMDEFS are
+options silently ignored by shadow when built with PAM enabled):
+* CHFN_AUTH
+* CRACKLIB_DICTPATH
+* ENV_HZ
+* ENVIRON_FILE
+* ENV_TZ
+* FAILLOG_ENAB
+* FTMP_FILE
+* ISSUE_FILE
+* LASTLOG_ENAB
+* LOGIN_STRING
+* MAIL_CHECK_ENAB
+* NOLOGINS_FILE
+* OBSCURE_CHECKS_ENAB
+* PASS_ALWAYS_WARN
+* PASS_CHANGE_TRIES
+* PASS_MAX_LEN
+* PASS_MIN_LEN
+* PORTTIME_CHECKS_ENAB
+* QUOTAS_ENAB
+* SU_WHEEL_ONLY
+* SYSLOG_SU_ENAB
+* ULIMIT
+
+Removed options because they are not availablbe with PAM enabled:
+* BCRYPT_MIN_ROUNDS
+* BCRYPT_MAX_ROUNDS
+* CONSOLE_GROUPS
+* CONSOLE
+* MD5_CRYPT_ENAB
+* PREVENT_NO_AUTH
+
+Removed encryption methods (`ENCRYPT_METHOD`), because they are unsafe
+or not available with PAM:
+* BCRYPT
+* MD5
+
+Removed options because they are not supported by login from util-linux:
+* ERASECHAR
+* KILLCHAR
+* LOG_OK_LOGINS
+* TTYTYPE_FILE
+
+Removed options because they are not supported by su from util-linux:
+* SULOG_FILE
+* SU_NAME
+
+Adapted options because they are in PAMDEFS but are supported by login
+from util-linux:
+* MOTD_FILE
+
+man/login.defs.5.xml:
+Remove unavailable options from man 5 login.defs.
+---
+ etc/login.defs | 228 +------------------------------------------
+ man/login.defs.5.xml | 150 +---------------------------
+ 2 files changed, 8 insertions(+), 370 deletions(-)
+
+diff --git a/etc/login.defs b/etc/login.defs
+index 114dbcd9..797ca6b3 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -3,6 +3,8 @@
+ #
+ # $Id$
+ #
++# NOTE: This file is adapted for the use on Void Linux!
++# Unsupported options due to the use of util-linux or PAM are removed.
+
+ #
+ # Delay in seconds before being allowed another attempt after a login failure
+@@ -11,26 +13,11 @@
+ #
+ FAIL_DELAY 3
+
+-#
+-# Enable logging and display of /var/log/faillog login(1) failure info.
+-#
+-FAILLOG_ENAB yes
+-
+ #
+ # Enable display of unknown usernames when login(1) failures are recorded.
+ #
+ LOG_UNKFAIL_ENAB no
+
+-#
+-# Enable logging of successful logins
+-#
+-LOG_OK_LOGINS no
+-
+-#
+-# Enable logging and display of /var/log/lastlog login(1) time info.
+-#
+-LASTLOG_ENAB yes
+-
+ #
+ # Limit the highest user ID number for which the lastlog entries should
+ # be updated.
+@@ -40,88 +27,13 @@ LASTLOG_ENAB yes
+ #
+ #LASTLOG_UID_MAX
+
+-#
+-# Enable checking and display of mailbox status upon login.
+-#
+-# Disable if the shell startup files already check for mail
+-# ("mailx -e" or equivalent).
+-#
+-MAIL_CHECK_ENAB yes
+-
+-#
+-# Enable additional checks upon password changes.
+-#
+-OBSCURE_CHECKS_ENAB yes
+-
+-#
+-# Enable checking of time restrictions specified in /etc/porttime.
+-#
+-PORTTIME_CHECKS_ENAB yes
+-
+-#
+-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
+-#
+-QUOTAS_ENAB yes
+-
+-#
+-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
+-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
+-#
+-SYSLOG_SU_ENAB yes
+-SYSLOG_SG_ENAB yes
+-
+-#
+-# If defined, either full pathname of a file containing device names or
+-# a ":" delimited list of device names. Root logins will be allowed only
+-# from these devices.
+-#
+-CONSOLE /etc/securetty
+-#CONSOLE console:tty01:tty02:tty03:tty04
+-
+-#
+-# If defined, all su(1) activity is logged to this file.
+-#
+-#SULOG_FILE /var/log/sulog
+-
+ #
+ # If defined, ":" delimited list of "message of the day" files to
+ # be displayed upon login.
+ #
+-MOTD_FILE /etc/motd
++MOTD_FILE
+ #MOTD_FILE /etc/motd:/usr/lib/news/news-motd
+
+-#
+-# If defined, this file will be output before each login(1) prompt.
+-#
+-#ISSUE_FILE /etc/issue
+-
+-#
+-# If defined, file which maps tty line to TERM environment parameter.
+-# Each line of the file is in a format similar to "vt100 tty01".
+-#
+-#TTYTYPE_FILE /etc/ttytype
+-
+-#
+-# If defined, login(1) failures will be logged here in a utmp format.
+-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
+-#
+-FTMP_FILE /var/log/btmp
+-
+-#
+-# If defined, name of file whose presence will inhibit non-root
+-# logins. The content of this file should be a message indicating
+-# why logins are inhibited.
+-#
+-NOLOGINS_FILE /etc/nologin
+-
+-#
+-# If defined, the command name to display when running "su -". For
+-# example, if this is defined as "su" then ps(1) will display the
+-# command as "-su". If not defined, then ps(1) will display the
+-# name of the shell actually being run, e.g. something like "-sh".
+-#
+-SU_NAME su
+-
+ #
+ # *REQUIRED*
+ # Directory where mailboxes reside, _or_ name of file, relative to the
+@@ -139,21 +51,6 @@ MAIL_DIR /var/spool/mail
+ HUSHLOGIN_FILE .hushlogin
+ #HUSHLOGIN_FILE /etc/hushlogins
+
+-#
+-# If defined, either a TZ environment parameter spec or the
+-# fully-rooted pathname of a file containing such a spec.
+-#
+-#ENV_TZ TZ=CST6CDT
+-#ENV_TZ /etc/tzname
+-
+-#
+-# If defined, an HZ environment parameter spec.
+-#
+-# for Linux/x86
+-ENV_HZ HZ=100
+-# For Linux/Alpha...
+-#ENV_HZ HZ=1024
+-
+ #
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+@@ -175,23 +72,6 @@ ENV_PATH PATH=/bin:/usr/bin
+ TTYGROUP tty
+ TTYPERM 0600
+
+-#
+-# Login configuration initializations:
+-#
+-# ERASECHAR Terminal ERASE character ('\010' = backspace).
+-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
+-# ULIMIT Default "ulimit" value.
+-#
+-# The ERASECHAR and KILLCHAR are used only on System V machines.
+-# The ULIMIT is used only if the system supports it.
+-# (now it works with setrlimit too; ulimit is in 512-byte units)
+-#
+-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+-#
+-ERASECHAR 0177
+-KILLCHAR 025
+-#ULIMIT 2097152
+-
+ # Default initial "umask" value used by login(1) on non-PAM enabled systems.
+ # Default "umask" value for pam_umask(8) on PAM enabled systems.
+ # UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+@@ -211,27 +91,12 @@ UMASK 022
+ #
+ # PASS_MAX_DAYS Maximum number of days a password may be used.
+ # PASS_MIN_DAYS Minimum number of days allowed between password changes.
+-# PASS_MIN_LEN Minimum acceptable password length.
+ # PASS_WARN_AGE Number of days warning given before a password expires.
+ #
+ PASS_MAX_DAYS 99999
+ PASS_MIN_DAYS 0
+-PASS_MIN_LEN 5
+ PASS_WARN_AGE 7
+
+-#
+-# If "yes", the user must be listed as a member of the first gid 0 group
+-# in /etc/group (called "root" on most Linux systems) to be able to "su"
+-# to uid 0 accounts. If the group doesn't exist or is empty, no one
+-# will be able to "su" to uid 0.
+-#
+-SU_WHEEL_ONLY no
+-
+-#
+-# If compiled with cracklib support, sets the path to the dictionaries
+-#
+-CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
+-
+ #
+ # Min/max values for automatic uid selection in useradd(8)
+ #
+@@ -268,28 +133,6 @@ LOGIN_RETRIES 5
+ #
+ LOGIN_TIMEOUT 60
+
+-#
+-# Maximum number of attempts to change password if rejected (too easy)
+-#
+-PASS_CHANGE_TRIES 5
+-
+-#
+-# Warn about weak passwords (but still allow them) if you are root.
+-#
+-PASS_ALWAYS_WARN yes
+-
+-#
+-# Number of significant characters in the password for crypt().
+-# Default is 8, don't change unless your crypt() is better.
+-# Ignored if MD5_CRYPT_ENAB set to "yes".
+-#
+-#PASS_MAX_LEN 8
+-
+-#
+-# Require password before chfn(1)/chsh(1) can make any changes.
+-#
+-CHFN_AUTH yes
+-
+ #
+ # Which fields may be changed by regular users using chfn(1) - use
+ # any combination of letters "frwh" (full name, room number, work
+@@ -298,38 +141,13 @@ CHFN_AUTH yes
+ #
+ CHFN_RESTRICT rwh
+
+-#
+-# Password prompt (%s will be replaced by user name).
+-#
+-# XXX - it doesn't work correctly yet, for now leave it commented out
+-# to use the default which is just "Password: ".
+-#LOGIN_STRING "%s's Password: "
+-
+-#
+-# Only works if compiled with MD5_CRYPT defined:
+-# If set to "yes", new passwords will be encrypted using the MD5-based
+-# algorithm compatible with the one used by recent releases of FreeBSD.
+-# It supports passwords of unlimited length and longer salt strings.
+-# Set to "no" if you need to copy encrypted passwords to other systems
+-# which don't understand the new algorithm. Default is "no".
+-#
+-# Note: If you use PAM, it is recommended to use a value consistent with
+-# the PAM modules configuration.
+-#
+-# This variable is deprecated. You should use ENCRYPT_METHOD instead.
+-#
+-#MD5_CRYPT_ENAB no
+-
+ #
+ # Only works if compiled with ENCRYPTMETHOD_SELECT defined:
+-# If set to MD5, MD5-based algorithm will be used for encrypting password
+ # If set to SHA256, SHA256-based algorithm will be used for encrypting password
+ # If set to SHA512, SHA512-based algorithm will be used for encrypting password
+-# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
+ # If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
+ # If set to DES, DES-based algorithm will be used for encrypting password (default)
+ # MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
+-# Overrides the MD5_CRYPT_ENAB option
+ #
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+@@ -353,21 +171,6 @@ CHFN_RESTRICT rwh
+ #SHA_CRYPT_MIN_ROUNDS 5000
+ #SHA_CRYPT_MAX_ROUNDS 5000
+
+-#
+-# Only works if ENCRYPT_METHOD is set to BCRYPT.
+-#
+-# Define the number of BCRYPT rounds.
+-# With a lot of rounds, it is more difficult to brute-force the password.
+-# However, more CPU resources will be needed to authenticate users if
+-# this value is increased.
+-#
+-# If not specified, 13 rounds will be attempted.
+-# If only one of the MIN or MAX values is set, then this value will be used.
+-# If MIN > MAX, the highest value will be used.
+-#
+-#BCRYPT_MIN_ROUNDS 13
+-#BCRYPT_MAX_ROUNDS 13
+-
+ #
+ # Only works if ENCRYPT_METHOD is set to YESCRYPT.
+ #
+@@ -381,17 +184,6 @@ CHFN_RESTRICT rwh
+ #
+ #YESCRYPT_COST_FACTOR 5
+
+-#
+-# List of groups to add to the user's supplementary group set
+-# when logging in from the console (as determined by the CONSOLE
+-# setting). Default is none.
+-#
+-# Use with caution - it is possible for users to gain permanent
+-# access to these groups, even when not logged in from the console.
+-# How to do it is left as an exercise for the reader...
+-#
+-#CONSOLE_GROUPS floppy:audio:cdrom
+-
+ #
+ # Should login be allowed if we can't cd to the home directory?
+ # Default is no.
+@@ -406,12 +198,6 @@ DEFAULT_HOME yes
+ #
+ NONEXISTENT /nonexistent
+
+-#
+-# If this file exists and is readable, login environment will be
+-# read from it. Every line should be in the form name=value.
+-#
+-ENVIRON_FILE /etc/environment
+-
+ #
+ # If defined, this command is run when removing a user.
+ # It should remove any at/cron/print jobs etc. owned by
+@@ -459,14 +245,6 @@ USERGROUPS_ENAB yes
+ #
+ #GRANT_AUX_GROUP_SUBIDS yes
+
+-#
+-# Prevents an empty password field to be interpreted as "no authentication
+-# required".
+-# Set to "yes" to prevent for all accounts
+-# Set to "superuser" to prevent for UID 0 / root (default)
+-# Set to "no" to not prevent for any account (dangerous, historical default)
+-PREVENT_NO_AUTH superuser
+-
+ #
+ # Select the HMAC cryptography algorithm.
+ # Used in pam_timestamp module to calculate the keyed-hash message
+diff --git a/man/login.defs.5.xml b/man/login.defs.5.xml
+index ab62fa86..d82c47f1 100644
+--- a/man/login.defs.5.xml
++++ b/man/login.defs.5.xml
+@@ -7,69 +7,38 @@
+ -->
+ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+-<!ENTITY CHFN_AUTH SYSTEM "login.defs.d/CHFN_AUTH.xml">
+ <!ENTITY CHFN_RESTRICT SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
+-<!ENTITY CHSH_AUTH SYSTEM "login.defs.d/CHSH_AUTH.xml">
+-<!ENTITY CONSOLE SYSTEM "login.defs.d/CONSOLE.xml">
+-<!ENTITY CONSOLE_GROUPS SYSTEM "login.defs.d/CONSOLE_GROUPS.xml">
+ <!ENTITY CREATE_HOME SYSTEM "login.defs.d/CREATE_HOME.xml">
+ <!ENTITY DEFAULT_HOME SYSTEM "login.defs.d/DEFAULT_HOME.xml">
+ <!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
+-<!ENTITY ENV_HZ SYSTEM "login.defs.d/ENV_HZ.xml">
+ <!ENTITY ENV_PATH SYSTEM "login.defs.d/ENV_PATH.xml">
+ <!ENTITY ENV_SUPATH SYSTEM "login.defs.d/ENV_SUPATH.xml">
+-<!ENTITY ENV_TZ SYSTEM "login.defs.d/ENV_TZ.xml">
+-<!ENTITY ENVIRON_FILE SYSTEM "login.defs.d/ENVIRON_FILE.xml">
+-<!ENTITY ERASECHAR SYSTEM "login.defs.d/ERASECHAR.xml">
+ <!ENTITY FAIL_DELAY SYSTEM "login.defs.d/FAIL_DELAY.xml">
+-<!ENTITY FAILLOG_ENAB SYSTEM "login.defs.d/FAILLOG_ENAB.xml">
+-<!ENTITY FAKE_SHELL SYSTEM "login.defs.d/FAKE_SHELL.xml">
+-<!ENTITY FTMP_FILE SYSTEM "login.defs.d/FTMP_FILE.xml">
+ <!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
+ <!ENTITY HMAC_CRYPTO_ALGO SYSTEM "login.defs.d/HMAC_CRYPTO_ALGO.xml">
+ <!ENTITY HOME_MODE SYSTEM "login.defs.d/HOME_MODE.xml">
+ <!ENTITY HUSHLOGIN_FILE SYSTEM "login.defs.d/HUSHLOGIN_FILE.xml">
+-<!ENTITY ISSUE_FILE SYSTEM "login.defs.d/ISSUE_FILE.xml">
+-<!ENTITY KILLCHAR SYSTEM "login.defs.d/KILLCHAR.xml">
+-<!ENTITY LASTLOG_ENAB SYSTEM "login.defs.d/LASTLOG_ENAB.xml">
+ <!ENTITY LASTLOG_UID_MAX SYSTEM "login.defs.d/LASTLOG_UID_MAX.xml">
+-<!ENTITY LOG_OK_LOGINS SYSTEM "login.defs.d/LOG_OK_LOGINS.xml">
+ <!ENTITY LOG_UNKFAIL_ENAB SYSTEM "login.defs.d/LOG_UNKFAIL_ENAB.xml">
+ <!ENTITY LOGIN_RETRIES SYSTEM "login.defs.d/LOGIN_RETRIES.xml">
+-<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
+ <!ENTITY LOGIN_TIMEOUT SYSTEM "login.defs.d/LOGIN_TIMEOUT.xml">
+-<!ENTITY MAIL_CHECK_ENAB SYSTEM "login.defs.d/MAIL_CHECK_ENAB.xml">
+ <!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
+ <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
+-<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
+ <!ENTITY MOTD_FILE SYSTEM "login.defs.d/MOTD_FILE.xml">
+-<!ENTITY NOLOGINS_FILE SYSTEM "login.defs.d/NOLOGINS_FILE.xml">
+ <!ENTITY NONEXISTENT SYSTEM "login.defs.d/NONEXISTENT.xml">
+-<!ENTITY OBSCURE_CHECKS_ENAB SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
+-<!ENTITY PASS_ALWAYS_WARN SYSTEM "login.defs.d/PASS_ALWAYS_WARN.xml">
+-<!ENTITY PASS_CHANGE_TRIES SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
+-<!ENTITY PASS_MAX_LEN SYSTEM "login.defs.d/PASS_MAX_LEN.xml">
+ <!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
+ <!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
+ <!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
+-<!ENTITY PORTTIME_CHECKS_ENAB SYSTEM "login.defs.d/PORTTIME_CHECKS_ENAB.xml">
+-<!ENTITY QUOTAS_ENAB SYSTEM "login.defs.d/QUOTAS_ENAB.xml">
+ <!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+-<!ENTITY SULOG_FILE SYSTEM "login.defs.d/SULOG_FILE.xml">
+-<!ENTITY SU_NAME SYSTEM "login.defs.d/SU_NAME.xml">
+-<!ENTITY SU_WHEEL_ONLY SYSTEM "login.defs.d/SU_WHEEL_ONLY.xml">
+ <!ENTITY SUB_GID_COUNT SYSTEM "login.defs.d/SUB_GID_COUNT.xml">
+ <!ENTITY SUB_UID_COUNT SYSTEM "login.defs.d/SUB_UID_COUNT.xml">
+ <!ENTITY SYS_GID_MAX SYSTEM "login.defs.d/SYS_GID_MAX.xml">
+ <!ENTITY SYSLOG_SG_ENAB SYSTEM "login.defs.d/SYSLOG_SG_ENAB.xml">
+-<!ENTITY SYSLOG_SU_ENAB SYSTEM "login.defs.d/SYSLOG_SU_ENAB.xml">
+ <!ENTITY SYS_UID_MAX SYSTEM "login.defs.d/SYS_UID_MAX.xml">
+ <!ENTITY TCB_AUTH_GROUP SYSTEM "login.defs.d/TCB_AUTH_GROUP.xml">
+ <!ENTITY TCB_SYMLINKS SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
+ <!ENTITY TTYGROUP SYSTEM "login.defs.d/TTYGROUP.xml">
+-<!ENTITY TTYTYPE_FILE SYSTEM "login.defs.d/TTYTYPE_FILE.xml">
+ <!ENTITY UID_MAX SYSTEM "login.defs.d/UID_MAX.xml">
+-<!ENTITY ULIMIT SYSTEM "login.defs.d/ULIMIT.xml">
+ <!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
+ <!ENTITY USERDEL_CMD SYSTEM "login.defs.d/USERDEL_CMD.xml">
+ <!ENTITY USERGROUPS_ENAB SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
+@@ -145,47 +114,25 @@
+ <para>The following configuration items are provided:</para>
+
+ <variablelist remap='IP'>
+- &CHFN_AUTH;
+ &CHFN_RESTRICT;
+- &CHSH_AUTH;
+- &CONSOLE;
+- &CONSOLE_GROUPS;
+ &CREATE_HOME;
+ &DEFAULT_HOME;
+ &ENCRYPT_METHOD;
+- &ENV_HZ;
+ &ENV_PATH;
+ &ENV_SUPATH;
+- &ENV_TZ;
+- &ENVIRON_FILE;
+- &ERASECHAR;
+ &FAIL_DELAY;
+- &FAILLOG_ENAB;
+- &FAKE_SHELL;
+- &FTMP_FILE;
+ &GID_MAX; <!-- documents also GID_MIN -->
+ &HMAC_CRYPTO_ALGO;
+ &HOME_MODE;
+ &HUSHLOGIN_FILE;
+- &ISSUE_FILE;
+- &KILLCHAR;
+- &LASTLOG_ENAB;
+ &LASTLOG_UID_MAX;
+- &LOG_OK_LOGINS;
+ &LOG_UNKFAIL_ENAB;
+ &LOGIN_RETRIES;
+- &LOGIN_STRING;
+ &LOGIN_TIMEOUT;
+- &MAIL_CHECK_ENAB;
+ &MAIL_DIR;
+ &MAX_MEMBERS_PER_GROUP;
+- &MD5_CRYPT_ENAB;
+ &MOTD_FILE;
+- &NOLOGINS_FILE;
+ &NONEXISTENT;
+- &OBSCURE_CHECKS_ENAB;
+- &PASS_ALWAYS_WARN;
+- &PASS_CHANGE_TRIES;
+ &PASS_MAX_DAYS;
+ &PASS_MIN_DAYS;
+ &PASS_WARN_AGE;
+@@ -195,25 +142,16 @@
+ time of account creation. Any changes to these settings won't affect
+ existing accounts.
+ </para>
+- &PASS_MAX_LEN; <!-- documents also PASS_MIN_LEN -->
+- &PORTTIME_CHECKS_ENAB;
+- "AS_ENAB;
+ &SHA_CRYPT_MIN_ROUNDS; <!-- documents also SHA_CRYPT_MAX_ROUNDS -->
+- &SULOG_FILE;
+- &SU_NAME;
+- &SU_WHEEL_ONLY;
+ &SUB_GID_COUNT; <!-- documents also SUB_GID_MIN SUB_GID_MAX -->
+ &SUB_UID_COUNT; <!-- documents also SUB_UID_MIN SUB_UID_MAX -->
+ &SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
+ &SYS_UID_MAX; <!-- documents also SYS_UID_MIN -->
+ &SYSLOG_SG_ENAB;
+- &SYSLOG_SU_ENAB;
+ &TCB_AUTH_GROUP;
+ &TCB_SYMLINKS;
+ &TTYGROUP;
+- &TTYTYPE_FILE;
+ &UID_MAX; <!-- documents also UID_MIN -->
+- &ULIMIT;
+ &UMASK;
+ &USERDEL_CMD;
+ &USERGROUPS_ENAB;
+@@ -239,9 +177,7 @@
+ <term>chfn</term>
+ <listitem>
+ <para>
+- <phrase condition="no_pam">CHFN_AUTH</phrase>
+ CHFN_RESTRICT
+- <phrase condition="no_pam">LOGIN_STRING</phrase>
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -249,7 +185,7 @@
+ <term>chgpasswd</term>
+ <listitem>
+ <para>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -259,8 +195,6 @@
+ <term>chpasswd</term>
+ <listitem>
+ <para>
+- <phrase condition="no_pam">ENCRYPT_METHOD
+- MD5_CRYPT_ENAB </phrase>
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -270,7 +204,7 @@
+ <term>chsh</term>
+ <listitem>
+ <para>
+- CHSH_AUTH LOGIN_STRING
++ CHSH_AUTH
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -280,7 +214,7 @@
+ <term>gpasswd</term>
+ <listitem>
+ <para>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -339,35 +273,6 @@
+ <para>LASTLOG_UID_MAX</para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>login</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENV_PATH ENV_SUPATH
+- ENV_TZ ENVIRON_FILE</phrase>
+- ERASECHAR FAIL_DELAY
+- <phrase condition="no_pam">FAILLOG_ENAB</phrase>
+- FAKE_SHELL
+- <phrase condition="no_pam">FTMP_FILE</phrase>
+- HUSHLOGIN_FILE
+- <phrase condition="no_pam">ISSUE_FILE</phrase>
+- KILLCHAR
+- <phrase condition="no_pam">LASTLOG_ENAB LASTLOG_UID_MAX</phrase>
+- LOGIN_RETRIES
+- <phrase condition="no_pam">LOGIN_STRING</phrase>
+- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
+- <phrase condition="no_pam">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
+- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
+- QUOTAS_ENAB</phrase>
+- TTYGROUP TTYPERM TTYTYPE_FILE
+- <phrase condition="no_pam">ULIMIT UMASK</phrase>
+- USERGROUPS_ENAB
+- </para>
+- </listitem>
+- </varlistentry>
+- <!-- logoutd: no variables -->
+ <varlistentry>
+ <term>newgrp / sg</term>
+ <listitem>
+@@ -382,7 +287,7 @@
+ <para>
+ ENCRYPT_METHOD
+ GID_MAX GID_MIN
+- MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ MAX_MEMBERS_PER_GROUP
+ HOME_MODE
+ PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+@@ -399,8 +304,7 @@
+ <term>passwd</term>
+ <listitem>
+ <para>
+- ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
+- PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
++ ENCRYPT_METHOD
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ </para>
+@@ -432,32 +336,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>su</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENVIRON_FILE</phrase>
+- ENV_PATH ENV_SUPATH
+- <phrase condition="no_pam">ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
+- MAIL_DIR MAIL_FILE QUOTAS_ENAB</phrase>
+- SULOG_FILE SU_NAME
+- <phrase condition="no_pam">SU_WHEEL_ONLY</phrase>
+- SYSLOG_SU_ENAB
+- <phrase condition="no_pam">USERGROUPS_ENAB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry>
+- <term>sulogin</term>
+- <listitem>
+- <para>
+- ENV_HZ
+- <phrase condition="no_pam">ENV_TZ</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+ <varlistentry>
+ <term>useradd</term>
+ <listitem>
+@@ -486,24 +364,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>usermod</term>
+- <listitem>
+- <para>
+- LASTLOG_UID_MAX
+- MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP
+- <phrase condition="tcb">TCB_SYMLINKS USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry condition="tcb">
+- <term>vipw</term>
+- <listitem>
+- <para>
+- <phrase condition="tcb">USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+ </variablelist>
+ </refsect1>
+
+--
+2.43.2
+
diff --git a/srcpkgs/shadow/patches/disable-ruserok.patch b/srcpkgs/shadow/patches/disable-ruserok.patch
new file mode 100644
index 0000000000000..dcc1a9f72333c
--- /dev/null
+++ b/srcpkgs/shadow/patches/disable-ruserok.patch
@@ -0,0 +1,12 @@
+--- a/configure
++++ b/configure
+@@ -15825,9 +15825,6 @@ if test "$ac_cv_func_ruserok" = "yes"; then
+
+ printf "%s\n" "#define RLOGIN 1" >>confdefs.h
+
+-
+-printf "%s\n" "#define RUSEROK 0" >>confdefs.h
+-
+ fi
+
+ # Check whether --enable-shadowgrp was given.
diff --git a/srcpkgs/shadow/patches/fix-undefined-reference.patch b/srcpkgs/shadow/patches/fix-undefined-reference.patch
new file mode 100644
index 0000000000000..4a3e742b9837b
--- /dev/null
+++ b/srcpkgs/shadow/patches/fix-undefined-reference.patch
@@ -0,0 +1,19 @@
+--- a/lib/alloc.h
++++ b/lib/alloc.h
+@@ -84,14 +84,14 @@
+ }
+
+
+-inline void *
++static inline void *
+ mallocarray(size_t nmemb, size_t size)
+ {
+ return reallocarray(NULL, nmemb, size);
+ }
+
+
+-inline void *
++static inline void *
+ reallocarrayf(void *p, size_t nmemb, size_t size)
+ {
+ void *q;
diff --git a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch b/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
deleted file mode 100644
index c5564fffdc385..0000000000000
--- a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
+++ /dev/null
@@ -1,23 +0,0 @@
---- a/src/usermod.c 2012-02-13 08:19:43.792146449 -0500
-+++ b/src/usermod.c 2012-02-13 08:21:19.375114500 -0500
-@@ -182,7 +182,7 @@
- struct tm *tp;
-
- if (date < 0) {
-- strncpy (buf, "never", maxsize);
-+ strncpy (buf, "never", maxsize - 1);
- } else {
- time_t t = (time_t) date;
- tp = gmtime (&t);
---- a/src/login.c 2012-02-13 08:19:50.951994454 -0500
-+++ b/src/login.c 2012-02-13 08:21:04.490430937 -0500
-@@ -752,7 +752,8 @@
- _("%s login: "), hostn);
- } else {
- strncpy (loginprompt, _("login: "),
-- sizeof (loginprompt));
-+ sizeof (loginprompt) - 1);
-+ loginprompt[sizeof (loginprompt) - 1] = '\0';
- }
-
- retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
diff --git a/srcpkgs/shadow/patches/useradd-defaults.patch b/srcpkgs/shadow/patches/useradd-defaults.patch
new file mode 100644
index 0000000000000..38035df40cfca
--- /dev/null
+++ b/srcpkgs/shadow/patches/useradd-defaults.patch
@@ -0,0 +1,21 @@
+diff --git a/src/useradd.c b/src/useradd.c
+index 677ea5a636f..49f55211a17 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -87,14 +87,14 @@ const char *Prog;
+ /*
+ * These defaults are used if there is no defaults file.
+ */
+-static gid_t def_group = 1000;
++static gid_t def_group = 100;
+ static const char *def_groups = "";
+ static const char *def_gname = "other";
+ static const char *def_home = "/home";
+ static const char *def_shell = "/bin/bash";
+ static const char *def_template = SKEL_DIR;
+ static const char *def_usrtemplate = USRSKELDIR;
+-static const char *def_create_mail_spool = "yes";
++static const char *def_create_mail_spool = "no";
+ static const char *def_log_init = "yes";
+
+ static long def_inactive = -1;
diff --git a/srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch b/srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch
new file mode 100644
index 0000000000000..4442d802603ff
--- /dev/null
+++ b/srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch
@@ -0,0 +1,33 @@
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -55,8 +55,8 @@ HUSHLOGIN_FILE .hushlogin
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+ # (they are minimal, add the rest in the shell startup files)
+-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
+-ENV_PATH PATH=/bin:/usr/bin
++ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
++ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+
+ #
+ # Terminal permissions
+@@ -84,7 +84,7 @@ UMASK 022
+ # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+ # home directories.
+ # If HOME_MODE is not set, the value of UMASK is used to create the mode.
+-#HOME_MODE 0700
++HOME_MODE 0700
+
+ #
+ # Password aging controls:
+@@ -152,7 +152,7 @@ CHFN_RESTRICT rwh
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+-#ENCRYPT_METHOD DES
++ENCRYPT_METHOD YESCRYPT
+
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+--
+2.43.2
diff --git a/srcpkgs/shadow/patches/xstrdup.patch b/srcpkgs/shadow/patches/xstrdup.patch
index 562febcf4164f..f9de5f2e8bd7a 100644
--- a/srcpkgs/shadow/patches/xstrdup.patch
+++ b/srcpkgs/shadow/patches/xstrdup.patch
@@ -1,9 +1,10 @@
---- a/libmisc/xmalloc.c 2008-08-30 21:55:44.000000000 -0500
-+++ b/libmisc/xmalloc.c.new 2008-08-30 21:55:36.000000000 -0500
-@@ -61,5 +61,6 @@
-
- char *xstrdup (const char *str)
+--- a/lib/alloc.h
++++ b/lib/alloc.h
+@@ -108,6 +108,7 @@ reallocarrayf(void *p, size_t nmemb, size_t size)
+ inline char *
+ xstrdup(const char *str)
{
-+ if(str == NULL) return NULL;
- return strcpy (xmalloc (strlen (str) + 1), str);
++ if (str == NULL) return NULL;
+ return strcpy(XMALLOC(strlen(str) + 1, char), str);
}
+
diff --git a/srcpkgs/shadow/template b/srcpkgs/shadow/template
index c7ece33540c9a..e455a33494fa1 100644
--- a/srcpkgs/shadow/template
+++ b/srcpkgs/shadow/template
@@ -1,45 +1,52 @@
# Template file for 'shadow'
pkgname=shadow
-version=4.8.1
-revision=3
+version=4.14.5
+revision=1
build_style=gnu-configure
-configure_args="--bindir=/usr/bin --sbindir=/usr/bin
- --enable-shared --disable-static
- --with-libpam --without-selinux --with-acl --with-attr --without-su
- --disable-nls --enable-subordinate-ids --disable-account-tools-setuid
+configure_args="--bindir=/usr/bin --sbindir=/usr/bin --libdir=/usr/lib
+ --enable-shared --disable-static --enable-lastlog --with-libpam --with-yescrypt
+ --without-selinux --with-acl --with-attr --without-su --disable-nls
+ --enable-subordinate-ids --disable-account-tools-setuid
--with-group-name-max-length=32"
-hostmakedepends="libtool"
-makedepends="acl-devel pam-devel"
+hostmakedepends="libtool pkg-config"
+makedepends="acl-devel pam-devel libbsd-devel"
depends="pam"
short_desc="Shadow password file utilities"
maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://github.com/shadow-maint/shadow"
distfiles="${homepage}/releases/download/${version}/shadow-${version}.tar.xz"
-checksum=a3ad4630bdc41372f02a647278a8c3514844295d36eefe68ece6c3a641c1ae62
-conf_files="/etc/pam.d/* /etc/default/* /etc/login.defs"
+checksum=cba74bc7b05d89c015afe23131f9159ece38779d40a8af4cf162852e6e85ca23
+conf_files="
+ /etc/pam.d/chage
+ /etc/pam.d/chgpasswd
+ /etc/pam.d/chpasswd
+ /etc/pam.d/groupadd
+ /etc/pam.d/groupdel
+ /etc/pam.d/groupmems
+ /etc/pam.d/groupmod
+ /etc/pam.d/newusers
+ /etc/pam.d/passwd
+ /etc/pam.d/useradd
+ /etc/pam.d/userdel
+ /etc/pam.d/usermod"
if [ "$XBPS_TARGET_LIBC" = "glibc" ]; then
makedepends+=" libxcrypt-devel"
fi
-pre_configure() {
- case "$XBPS_TARGET_MACHINE" in
- # Completely disable unportable ruserok().
- *-musl) sed '/RUSEROK/d' -i configure;;
- esac
-}
-
do_build() {
# Don't install groups(1), we use the one from coreutils.
- sed -i 's/groups$(EXEEXT) //' src/Makefile
- for f in $(find man -name Makefile); do
+ sed -i 's/groups$(EXEEXT) //' src/Makefile.in
+ for f in $(find man -name Makefile.in); do
sed -i 's/groups\.1 / /' $f
done
make ${makejobs}
}
post_install() {
+ make -C man DESTDIR="$DESTDIR" install-man
+
mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin
# Install our pam files not the ones supplied with shadow.
@@ -51,14 +58,6 @@ post_install() {
groupmod newusers useradd userdel usermod; do
install -m644 $DESTDIR/etc/pam.d/chage $DESTDIR/etc/pam.d/${f}
done
- install -m644 ${FILESDIR}/login.defs ${DESTDIR}/etc
-
- # Disable creating mailbox files by default.
- sed -i -e 's/yes/no/' $DESTDIR/etc/default/useradd
- # Change default group to the users gid (100).
- sed -i -e 's/^\(GROUP\)=\(.*\)$/\1=100/' ${DESTDIR}/etc/default/useradd
-
- chmod 644 ${DESTDIR}/etc/default/useradd
# Install the cron daily job.
install -Dm744 ${FILESDIR}/shadow.cron-daily \
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (28 preceding siblings ...)
2024-02-25 14:26 ` [PR PATCH] [Updated] " dataCobra
@ 2024-02-25 14:31 ` dataCobra
2024-02-25 14:31 ` dataCobra
` (39 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-02-25 14:31 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 944 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1962958977
Comment:
> * does it make sense to disable RUSEROK for all libc through a patch, instead of selectively in pre_configure?
I've added the patch you recommended from chimera linux.
> * same for groups(1): instead of in do_build, can this be done in a patch?
We could do that in a patch, but I feel like the way in the template is more convenient and easier to update.
> * is the use of a license file still needed?
I'll check that.
> * i think we should have only one patch for login.defs, which can be void-specific
Agree. For the moment I've only modified the patches a bit. But refactoring and cleaning up the files in the patches folder after we've finished the decision which patches to include must be done. Otherwise it might be hard to update the package in the future.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (29 preceding siblings ...)
2024-02-25 14:31 ` dataCobra
@ 2024-02-25 14:31 ` dataCobra
2024-02-25 16:00 ` dkwo
` (38 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-02-25 14:31 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 932 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1962958977
Comment:
> * does it make sense to disable RUSEROK for all libc through a patch, instead of selectively in pre_configure?
I've added the patch you recommended from chimera linux.
> * same for groups(1): instead of in do_build, can this be done in a patch?
We could do that in a patch, but I feel like the way in the template is more convenient and easier to update.
> * is the use of a license file still needed?
I'll check that.
> * i think we should have only one patch for login.defs, which can be void-specific
Agree. For the moment I've only modified the patches a bit. But refactoring and cleaning up the files in the patches folder after we've finished the decision which patches to include must be done. Otherwise it might be hard to update the package in the future.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (30 preceding siblings ...)
2024-02-25 14:31 ` dataCobra
@ 2024-02-25 16:00 ` dkwo
2024-03-06 16:23 ` dkwo
` (37 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dkwo @ 2024-02-25 16:00 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 331 bytes --]
New comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1962983531
Comment:
>
> We could do that in a patch, but I feel like the way in the template is more convenient and easier to update.
>
alternatively, could it be moved to either post_configure or pre_build?
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (31 preceding siblings ...)
2024-02-25 16:00 ` dkwo
@ 2024-03-06 16:23 ` dkwo
2024-03-09 12:39 ` [PR REVIEW] " alejandro-colomar
` (36 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dkwo @ 2024-03-06 16:23 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 174 bytes --]
New comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1981257021
Comment:
btw, 4.14.6 is out, soon maybe 4.15
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR REVIEW] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (32 preceding siblings ...)
2024-03-06 16:23 ` dkwo
@ 2024-03-09 12:39 ` alejandro-colomar
2024-03-09 12:44 ` alejandro-colomar
` (35 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: alejandro-colomar @ 2024-03-09 12:39 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 492 bytes --]
New review comment by alejandro-colomar on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#discussion_r1518567406
Comment:
Hi!
Just a question. Why would you have code for handling NULL? strdup(3) doesn't handle it.
```c
$ grepc strdup .
./include/string.h:char *strdup (const char *);
./src/string/strdup.c:char *strdup(const char *s)
{
size_t l = strlen(s);
char *d = malloc(l+1);
if (!d) return NULL;
return memcpy(d, s, l+1);
}
```
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (33 preceding siblings ...)
2024-03-09 12:39 ` [PR REVIEW] " alejandro-colomar
@ 2024-03-09 12:44 ` alejandro-colomar
2024-03-09 12:50 ` [PR REVIEW] " alejandro-colomar
` (34 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: alejandro-colomar @ 2024-03-09 12:44 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 716 bytes --]
New comment by alejandro-colomar on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1986847616
Comment:
> Some distros are also carrying this patch https://git.alpinelinux.org/aports/tree/community/shadow/fix-undefined-reference.patch Maybe it's useful?
That patch shouldn't be necesary. Please don't apply it unless you find a reason to. And if you do (find a build error that requires the patch), please report it as an upstream bug.
Would you mind asking the Alpine maintainer if they can comment on that patch? I'm interested in fixing upstream if there's something broken, but I'd like to learn what's broken, because that patch looks like a red herring.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR REVIEW] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (34 preceding siblings ...)
2024-03-09 12:44 ` alejandro-colomar
@ 2024-03-09 12:50 ` alejandro-colomar
2024-03-09 12:50 ` alejandro-colomar
` (33 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: alejandro-colomar @ 2024-03-09 12:50 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 173 bytes --]
New review comment by alejandro-colomar on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#discussion_r1518568756
Comment:
Cc: @dataCobra
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR REVIEW] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (35 preceding siblings ...)
2024-03-09 12:50 ` [PR REVIEW] " alejandro-colomar
@ 2024-03-09 12:50 ` alejandro-colomar
2024-03-09 12:52 ` alejandro-colomar
` (32 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: alejandro-colomar @ 2024-03-09 12:50 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 168 bytes --]
New review comment by alejandro-colomar on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#discussion_r1518568799
Comment:
Cc: @dkwo
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR REVIEW] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (36 preceding siblings ...)
2024-03-09 12:50 ` alejandro-colomar
@ 2024-03-09 12:52 ` alejandro-colomar
2024-03-09 13:01 ` alejandro-colomar
` (31 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: alejandro-colomar @ 2024-03-09 12:52 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 292 bytes --]
New review comment by alejandro-colomar on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#discussion_r1518568910
Comment:
I don't like this patch. You shouldn't need to make the functions static. Please report an upstream bug so we can see what's broken.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR REVIEW] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (37 preceding siblings ...)
2024-03-09 12:52 ` alejandro-colomar
@ 2024-03-09 13:01 ` alejandro-colomar
2024-03-09 13:02 ` alejandro-colomar
` (30 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: alejandro-colomar @ 2024-03-09 13:01 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 881 bytes --]
New review comment by alejandro-colomar on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#discussion_r1518570037
Comment:
These xfoo() functions are designed to exit/abort on errors reported by the corresponding foo() function.
Thus, xstrdup() is strdup(3) plus a check of an output NULL from strdup(3) to error out. The precise reason to have these functions is so that they can *never* return NULL.
Adding null checks to a NULL input is tangential to the purpose of these functions, and defeats their purpose. Now the function can return NULL, which needs to be checked by the caller.
So, if you really want to check for programmer errors, you'd need to exit on a NULL input, not just pass it through.
But you probably shouldn't do that at all. strdup(3) doesn't handle NULL input, and I don't see a reason why xstrdup() should.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR REVIEW] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (38 preceding siblings ...)
2024-03-09 13:01 ` alejandro-colomar
@ 2024-03-09 13:02 ` alejandro-colomar
2024-03-09 18:00 ` dkwo
` (29 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: alejandro-colomar @ 2024-03-09 13:02 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 315 bytes --]
New review comment by alejandro-colomar on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#discussion_r1518568910
Comment:
I don't like this patch. You shouldn't need to make the functions static. If anything is broken. please report an upstream bug so we can see what's broken.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (39 preceding siblings ...)
2024-03-09 13:02 ` alejandro-colomar
@ 2024-03-09 18:00 ` dkwo
2024-03-09 18:04 ` [PR REVIEW] " dkwo
` (28 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dkwo @ 2024-03-09 18:00 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 673 bytes --]
New comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1986931935
Comment:
@alejandro-colomar Thanks a lot for taking a look. Do you think it would be possible to make stuff that conflicts with coreutils and util-linux (e.g. groups) optional via a configure? right now most distros have to patch it (and their man) out (see the patch taken from arch). Ditto for respecting usr/bin and usr/sbin config options.
For the Alpine patch, maybe can you take a look at this https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/50121 pull request? the first thread has a discussion about why this was done.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR REVIEW] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (40 preceding siblings ...)
2024-03-09 18:00 ` dkwo
@ 2024-03-09 18:04 ` dkwo
2024-03-09 18:10 ` alejandro-colomar
` (27 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dkwo @ 2024-03-09 18:04 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 360 bytes --]
New review comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#discussion_r1518636585
Comment:
This patch goes back a long time (introduced in Void in 2012, shadow 4.1.5), so many things may have changed. If you say it's not needed, I tend to trust you. Maybe @q66 can comment as to why Chimera still keeps it?
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR REVIEW] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (41 preceding siblings ...)
2024-03-09 18:04 ` [PR REVIEW] " dkwo
@ 2024-03-09 18:10 ` alejandro-colomar
2024-03-09 18:26 ` alejandro-colomar
` (26 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: alejandro-colomar @ 2024-03-09 18:10 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 286 bytes --]
New review comment by alejandro-colomar on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#discussion_r1518638021
Comment:
Hmmm, I'd prefer to know why it originated, before confirming that it should be removed, but most likely. Let's hear @q66 . :)
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (42 preceding siblings ...)
2024-03-09 18:10 ` alejandro-colomar
@ 2024-03-09 18:26 ` alejandro-colomar
2024-03-09 18:27 ` alejandro-colomar
` (25 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: alejandro-colomar @ 2024-03-09 18:26 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1821 bytes --]
New comment by alejandro-colomar on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1986941736
Comment:
Hi!
> @alejandro-colomar Thanks a lot for taking a look.
=)
> Do you think it would be possible to make stuff that conflicts with coreutils and util-linux (e.g. groups) optional via a configure?
I'm neutral to that, but others seem to not like the idea. (Now I see you're the same one that reported the issue <https://github.com/shadow-maint/shadow/issues/842>.) How about opening an issue, not asking to make it conditional, but rather reporting the conflict with other projects? Maybe that's more convincing. You could document which distros use shadow's groups, and which distros use others' groups. Maybe we could merge the efforts from those other projects and shadow into a single groups implementation. While some competition is good, it might be good to merge at some point.
> right now most distros have to patch it (and their man) out (see the patch taken from arch). Ditto for respecting usr/bin and usr/sbin config options.
You know what? I would wipe out the entire autotools-based build system, which has been more problematic than anything else. I would write a hand-written GNUmakefile that allows more flexibility. But some distro maintainers (cough, Gentoo, cough) opposed strongly.
Please, please, report a bug in shadow. That will add up to the current issues with the build system. :)
>
> For the Alpine patch, maybe can you take a look at this https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/50121 pull request? the first thread has a discussion about why this was done.
Yup, I found that MR a moment ago, and sent an email <https://lists.sr.ht/~hallyn/shadow/%3CZeyg8ClVMNeRifua%40debian%3E>.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (43 preceding siblings ...)
2024-03-09 18:26 ` alejandro-colomar
@ 2024-03-09 18:27 ` alejandro-colomar
2024-03-09 18:28 ` alejandro-colomar
` (24 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: alejandro-colomar @ 2024-03-09 18:27 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1901 bytes --]
New comment by alejandro-colomar on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1986941736
Comment:
Hi!
> @alejandro-colomar Thanks a lot for taking a look.
=)
> Do you think it would be possible to make stuff that conflicts with coreutils and util-linux (e.g. groups) optional via a configure?
I'm neutral to that, but others seem to not like the idea. (Now I see you're the same one that reported the issue <https://github.com/shadow-maint/shadow/issues/842>, <https://lists.alpinelinux.org/~alpine/aports/%3CZeyg8ClVMNeRifua%40debian%3E>.) How about opening an issue, not asking to make it conditional, but rather reporting the conflict with other projects? Maybe that's more convincing. You could document which distros use shadow's groups, and which distros use others' groups. Maybe we could merge the efforts from those other projects and shadow into a single groups implementation. While some competition is good, it might be good to merge at some point.
> right now most distros have to patch it (and their man) out (see the patch taken from arch). Ditto for respecting usr/bin and usr/sbin config options.
You know what? I would wipe out the entire autotools-based build system, which has been more problematic than anything else. I would write a hand-written GNUmakefile that allows more flexibility. But some distro maintainers (cough, Gentoo, cough) opposed strongly.
Please, please, report a bug in shadow. That will add up to the current issues with the build system. :)
>
> For the Alpine patch, maybe can you take a look at this https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/50121 pull request? the first thread has a discussion about why this was done.
Yup, I found that MR a moment ago, and sent an email <https://lists.sr.ht/~hallyn/shadow/%3CZeyg8ClVMNeRifua%40debian%3E>.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (44 preceding siblings ...)
2024-03-09 18:27 ` alejandro-colomar
@ 2024-03-09 18:28 ` alejandro-colomar
2024-03-10 15:39 ` dataCobra
` (23 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: alejandro-colomar @ 2024-03-09 18:28 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1901 bytes --]
New comment by alejandro-colomar on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1986941736
Comment:
Hi!
> @alejandro-colomar Thanks a lot for taking a look.
=)
> Do you think it would be possible to make stuff that conflicts with coreutils and util-linux (e.g. groups) optional via a configure?
I'm neutral to that, but others seem to not like the idea. (Now I see you're the same one that reported the issue <https://github.com/shadow-maint/shadow/issues/842>.) How about opening an issue, not asking to make it conditional, but rather reporting the conflict with other projects? Maybe that's more convincing. You could document which distros use shadow's groups, and which distros use others' groups. Maybe we could merge the efforts from those other projects and shadow into a single groups implementation. While some competition is good, it might be good to merge at some point.
> right now most distros have to patch it (and their man) out (see the patch taken from arch). Ditto for respecting usr/bin and usr/sbin config options.
You know what? I would wipe out the entire autotools-based build system, which has been more problematic than anything else. I would write a hand-written GNUmakefile that allows more flexibility. But some distro maintainers (cough, Gentoo, cough) opposed strongly.
Please, please, report a bug in shadow. That will add up to the current issues with the build system. :)
>
> For the Alpine patch, maybe can you take a look at this https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/50121 pull request? the first thread has a discussion about why this was done.
Yup, I found that MR a moment ago, and sent an email <https://lists.sr.ht/~hallyn/shadow/%3CZeyg8ClVMNeRifua%40debian%3E>, <https://lists.alpinelinux.org/~alpine/aports/%3CZeyg8ClVMNeRifua%40debian%3E>.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (45 preceding siblings ...)
2024-03-09 18:28 ` alejandro-colomar
@ 2024-03-10 15:39 ` dataCobra
2024-03-22 19:03 ` [PR PATCH] [Updated] " dataCobra
` (22 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-03-10 15:39 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 242 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-1987272227
Comment:
Thank you both for all the input and information.
I'm currently working on an update to 4.15.0.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR PATCH] [Updated] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (46 preceding siblings ...)
2024-03-10 15:39 ` dataCobra
@ 2024-03-22 19:03 ` dataCobra
2024-03-22 19:05 ` dataCobra
` (21 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-03-22 19:03 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 674 bytes --]
There is an updated pull request by dataCobra against master on the void-packages repository
https://github.com/dataCobra/void-packages shadow
https://github.com/void-linux/void-packages/pull/48813
shadow: update to 4.14.5.
#### Testing the changes
- I tested the changes in this PR: **YES**
#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- x86_64-musl
- i686
I welcome everyone to test this version. Maybe also on a new installation.
A patch file from https://github.com/void-linux/void-packages/pull/48813.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-shadow-48813.patch --]
[-- Type: text/x-diff, Size: 52790 bytes --]
From 2f82f5ac930ae2aad688b1d4fe740a2ac72199c7 Mon Sep 17 00:00:00 2001
From: dataCobra <datacobra@thinkbot.de>
Date: Fri, 22 Mar 2024 20:02:59 +0100
Subject: [PATCH] shadow: update to 4.15.0.
---
common/shlibs | 1 +
srcpkgs/shadow/files/login.defs | 87 ---
...pt-login.defs-for-PAM-and-util-linux.patch | 694 +++++++++++++++++
...-tools-their-man-pages-and-PAM-integ.patch | 721 ++++++++++++++++++
srcpkgs/shadow/patches/disable-ruserok.patch | 12 +
.../shadow/patches/shadow-strncpy-usage.patch | 23 -
srcpkgs/shadow/patches/useradd-defaults.patch | 21 +
.../void-linux-defaults-for-login.defs.patch | 43 ++
srcpkgs/shadow/patches/xstrdup.patch | 9 -
srcpkgs/shadow/template | 55 +-
10 files changed, 1519 insertions(+), 147 deletions(-)
delete mode 100644 srcpkgs/shadow/files/login.defs
create mode 100644 srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch
create mode 100644 srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch
create mode 100644 srcpkgs/shadow/patches/disable-ruserok.patch
delete mode 100644 srcpkgs/shadow/patches/shadow-strncpy-usage.patch
create mode 100644 srcpkgs/shadow/patches/useradd-defaults.patch
create mode 100644 srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch
delete mode 100644 srcpkgs/shadow/patches/xstrdup.patch
diff --git a/common/shlibs b/common/shlibs
index 9ca4502a01c4a7..19cfecbfc45cdf 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -4302,3 +4302,4 @@ libunicode_loader.so.0.4 libunicode-0.4.0_1
force-stage.so.0.1 void-force-stage-0.1_1
libliftoff.so.0 libliftoff-0.4.1_1
libscfg.so libscfg-0.1.1_1
+libsubid.so.4 shadow-4.14.5_1
diff --git a/srcpkgs/shadow/files/login.defs b/srcpkgs/shadow/files/login.defs
deleted file mode 100644
index 350764846af4b0..00000000000000
--- a/srcpkgs/shadow/files/login.defs
+++ /dev/null
@@ -1,87 +0,0 @@
-# Configuration file for login(1). For more information see
-# login.defs(5).
-
-# Directory where mailboxes reside, _or_ name of file, relative to the
-# home directory. If you do define both, MAIL_DIR takes precedence.
-#
-MAIL_DIR /var/mail
-#MAIL_FILE .mail
-
-# Password aging controls:
-#
-# PASS_MAX_DAYS Maximum number of days a password may be used.
-# PASS_MIN_DAYS Minimum number of days allowed between password changes.
-# PASS_MIN_LEN Minimum acceptable password length.
-# PASS_WARN_AGE Number of days warning given before a password expires.
-PASS_MAX_DAYS 99999
-PASS_MIN_DAYS 0
-PASS_WARN_AGE 7
-
-# Min/max values for automatic uid selection in useradd
-UID_MIN 1000
-UID_MAX 60000
-# System accounts
-SYS_UID_MIN 100
-SYS_UID_MAX 999
-
-# Min/max values for automatic gid selection in groupadd
-GID_MIN 1000
-GID_MAX 60000
-# System accounts
-SYS_GID_MIN 100
-SYS_GID_MAX 999
-
-# If useradd should create home directories for users by default
-CREATE_HOME yes
-
-# This enables userdel to remove user groups if no members exist.
-USERGROUPS_ENAB yes
-
-# Disable MOTD_FILE (empty); use pam_motd(8) instead.
-MOTD_FILE
-
-
-# If defined, either full pathname of a file containing device names or
-# a ":" delimited list of device names. Root logins will be allowed only
-# upon these devices.
-#
-CONSOLE /etc/securetty
-
-# Terminal permissions
-#
-# TTYGROUP Login tty will be assigned this group ownership.
-# TTYPERM Login tty will be set to this permission.
-#
-# If you have a "write" program which is "setgid" to a special group
-# which owns the terminals, define TTYGROUP to the group number and
-# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
-# TTYPERM to either 622 or 600.
-#
-TTYGROUP tty
-TTYPERM 0600
-
-# Login configuration initializations:
-#
-# ERASECHAR Terminal ERASE character ('\010' = backspace).
-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
-# UMASK Default "umask" value.
-#
-# The ERASECHAR and KILLCHAR are used only on System V machines.
-# The ULIMIT is used only if the system supports it.
-# (now it works with setrlimit too; ulimit is in 512-byte units)
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
-ERASECHAR 0177
-KILLCHAR 025
-UMASK 022
-HOME_MODE 0700
-
-# Max number of login retries if password is bad
-#
-LOGIN_RETRIES 5
-
-#
-# Max time in seconds for login
-#
-LOGIN_TIMEOUT 60
diff --git a/srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch b/srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch
new file mode 100644
index 00000000000000..3a0e99134c533d
--- /dev/null
+++ b/srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch
@@ -0,0 +1,694 @@
+etc/login.defs:
+Remove unused login.defs options, that are either irrelevant due to the
+use of PAM or because the util-linux version of a binary does not
+support them.
+Modify all options that are ignored when using PAM, but are supported by
+util-linux.
+
+Removed options because they are part of PAMDEFS (options in PAMDEFS are
+options silently ignored by shadow when built with PAM enabled):
+* CHFN_AUTH
+* CRACKLIB_DICTPATH
+* ENV_HZ
+* ENVIRON_FILE
+* ENV_TZ
+* FAILLOG_ENAB
+* FTMP_FILE
+* ISSUE_FILE
+* LASTLOG_ENAB
+* LOGIN_STRING
+* MAIL_CHECK_ENAB
+* NOLOGINS_FILE
+* OBSCURE_CHECKS_ENAB
+* PASS_ALWAYS_WARN
+* PASS_CHANGE_TRIES
+* PASS_MAX_LEN
+* PASS_MIN_LEN
+* PORTTIME_CHECKS_ENAB
+* QUOTAS_ENAB
+* SU_WHEEL_ONLY
+* SYSLOG_SU_ENAB
+* ULIMIT
+
+Removed options because they are not availablbe with PAM enabled:
+* BCRYPT_MIN_ROUNDS
+* BCRYPT_MAX_ROUNDS
+* CONSOLE_GROUPS
+* CONSOLE
+* MD5_CRYPT_ENAB
+* PREVENT_NO_AUTH
+
+Removed encryption methods (`ENCRYPT_METHOD`), because they are unsafe
+or not available with PAM:
+* BCRYPT
+* MD5
+
+Removed options because they are not supported by login from util-linux:
+* ERASECHAR
+* KILLCHAR
+* LOG_OK_LOGINS
+* TTYTYPE_FILE
+
+Removed options because they are not supported by su from util-linux:
+* SULOG_FILE
+* SU_NAME
+
+Adapted options because they are in PAMDEFS but are supported by login
+from util-linux:
+* MOTD_FILE
+
+man/login.defs.5.xml:
+Remove unavailable options from man 5 login.defs.
+---
+ etc/login.defs | 223 +------------------------------------------
+ man/login.defs.5.xml | 148 +---------------------------
+ 2 files changed, 8 insertions(+), 363 deletions(-)
+
+diff --git a/etc/login.defs b/etc/login.defs
+index 33622c29..797ca6b3 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -3,6 +3,8 @@
+ #
+ # $Id$
+ #
++# NOTE: This file is adapted for the use on Void Linux!
++# Unsupported options due to the use of util-linux or PAM are removed.
+
+ #
+ # Delay in seconds before being allowed another attempt after a login failure
+@@ -11,26 +13,11 @@
+ #
+ FAIL_DELAY 3
+
+-#
+-# Enable logging and display of /var/log/faillog login(1) failure info.
+-#
+-FAILLOG_ENAB yes
+-
+ #
+ # Enable display of unknown usernames when login(1) failures are recorded.
+ #
+ LOG_UNKFAIL_ENAB no
+
+-#
+-# Enable logging of successful logins
+-#
+-LOG_OK_LOGINS no
+-
+-#
+-# Enable logging and display of /var/log/lastlog login(1) time info.
+-#
+-LASTLOG_ENAB yes
+-
+ #
+ # Limit the highest user ID number for which the lastlog entries should
+ # be updated.
+@@ -40,88 +27,13 @@ LASTLOG_ENAB yes
+ #
+ #LASTLOG_UID_MAX
+
+-#
+-# Enable checking and display of mailbox status upon login.
+-#
+-# Disable if the shell startup files already check for mail
+-# ("mailx -e" or equivalent).
+-#
+-MAIL_CHECK_ENAB yes
+-
+-#
+-# Enable additional checks upon password changes.
+-#
+-OBSCURE_CHECKS_ENAB yes
+-
+-#
+-# Enable checking of time restrictions specified in /etc/porttime.
+-#
+-PORTTIME_CHECKS_ENAB yes
+-
+-#
+-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
+-#
+-QUOTAS_ENAB yes
+-
+-#
+-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
+-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
+-#
+-SYSLOG_SU_ENAB yes
+-SYSLOG_SG_ENAB yes
+-
+-#
+-# If defined, either full pathname of a file containing device names or
+-# a ":" delimited list of device names. Root logins will be allowed only
+-# from these devices.
+-#
+-CONSOLE /etc/securetty
+-#CONSOLE console:tty01:tty02:tty03:tty04
+-
+-#
+-# If defined, all su(1) activity is logged to this file.
+-#
+-#SULOG_FILE /var/log/sulog
+-
+ #
+ # If defined, ":" delimited list of "message of the day" files to
+ # be displayed upon login.
+ #
+-MOTD_FILE /etc/motd
++MOTD_FILE
+ #MOTD_FILE /etc/motd:/usr/lib/news/news-motd
+
+-#
+-# If defined, this file will be output before each login(1) prompt.
+-#
+-#ISSUE_FILE /etc/issue
+-
+-#
+-# If defined, file which maps tty line to TERM environment parameter.
+-# Each line of the file is in a format similar to "vt100 tty01".
+-#
+-#TTYTYPE_FILE /etc/ttytype
+-
+-#
+-# If defined, login(1) failures will be logged here in a utmp format.
+-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
+-#
+-FTMP_FILE /var/log/btmp
+-
+-#
+-# If defined, name of file whose presence will inhibit non-root
+-# logins. The content of this file should be a message indicating
+-# why logins are inhibited.
+-#
+-NOLOGINS_FILE /etc/nologin
+-
+-#
+-# If defined, the command name to display when running "su -". For
+-# example, if this is defined as "su" then ps(1) will display the
+-# command as "-su". If not defined, then ps(1) will display the
+-# name of the shell actually being run, e.g. something like "-sh".
+-#
+-SU_NAME su
+-
+ #
+ # *REQUIRED*
+ # Directory where mailboxes reside, _or_ name of file, relative to the
+@@ -139,21 +51,6 @@ MAIL_DIR /var/spool/mail
+ HUSHLOGIN_FILE .hushlogin
+ #HUSHLOGIN_FILE /etc/hushlogins
+
+-#
+-# If defined, either a TZ environment parameter spec or the
+-# fully-rooted pathname of a file containing such a spec.
+-#
+-#ENV_TZ TZ=CST6CDT
+-#ENV_TZ /etc/tzname
+-
+-#
+-# If defined, an HZ environment parameter spec.
+-#
+-# for Linux/x86
+-ENV_HZ HZ=100
+-# For Linux/Alpha...
+-#ENV_HZ HZ=1024
+-
+ #
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+@@ -175,23 +72,6 @@ ENV_PATH PATH=/bin:/usr/bin
+ TTYGROUP tty
+ TTYPERM 0600
+
+-#
+-# Login configuration initializations:
+-#
+-# ERASECHAR Terminal ERASE character ('\010' = backspace).
+-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
+-# ULIMIT Default "ulimit" value.
+-#
+-# The ERASECHAR and KILLCHAR are used only on System V machines.
+-# The ULIMIT is used only if the system supports it.
+-# (now it works with setrlimit too; ulimit is in 512-byte units)
+-#
+-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+-#
+-ERASECHAR 0177
+-KILLCHAR 025
+-#ULIMIT 2097152
+-
+ # Default initial "umask" value used by login(1) on non-PAM enabled systems.
+ # Default "umask" value for pam_umask(8) on PAM enabled systems.
+ # UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+@@ -211,22 +91,12 @@ UMASK 022
+ #
+ # PASS_MAX_DAYS Maximum number of days a password may be used.
+ # PASS_MIN_DAYS Minimum number of days allowed between password changes.
+-# PASS_MIN_LEN Minimum acceptable password length.
+ # PASS_WARN_AGE Number of days warning given before a password expires.
+ #
+ PASS_MAX_DAYS 99999
+ PASS_MIN_DAYS 0
+-PASS_MIN_LEN 5
+ PASS_WARN_AGE 7
+
+-#
+-# If "yes", the user must be listed as a member of the first gid 0 group
+-# in /etc/group (called "root" on most Linux systems) to be able to "su"
+-# to uid 0 accounts. If the group doesn't exist or is empty, no one
+-# will be able to "su" to uid 0.
+-#
+-SU_WHEEL_ONLY no
+-
+ #
+ # Min/max values for automatic uid selection in useradd(8)
+ #
+@@ -263,28 +133,6 @@ LOGIN_RETRIES 5
+ #
+ LOGIN_TIMEOUT 60
+
+-#
+-# Maximum number of attempts to change password if rejected (too easy)
+-#
+-PASS_CHANGE_TRIES 5
+-
+-#
+-# Warn about weak passwords (but still allow them) if you are root.
+-#
+-PASS_ALWAYS_WARN yes
+-
+-#
+-# Number of significant characters in the password for crypt().
+-# Default is 8, don't change unless your crypt() is better.
+-# Ignored if MD5_CRYPT_ENAB set to "yes".
+-#
+-#PASS_MAX_LEN 8
+-
+-#
+-# Require password before chfn(1)/chsh(1) can make any changes.
+-#
+-CHFN_AUTH yes
+-
+ #
+ # Which fields may be changed by regular users using chfn(1) - use
+ # any combination of letters "frwh" (full name, room number, work
+@@ -293,38 +141,13 @@ CHFN_AUTH yes
+ #
+ CHFN_RESTRICT rwh
+
+-#
+-# Password prompt (%s will be replaced by user name).
+-#
+-# XXX - it doesn't work correctly yet, for now leave it commented out
+-# to use the default which is just "Password: ".
+-#LOGIN_STRING "%s's Password: "
+-
+-#
+-# Only works if compiled with MD5_CRYPT defined:
+-# If set to "yes", new passwords will be encrypted using the MD5-based
+-# algorithm compatible with the one used by recent releases of FreeBSD.
+-# It supports passwords of unlimited length and longer salt strings.
+-# Set to "no" if you need to copy encrypted passwords to other systems
+-# which don't understand the new algorithm. Default is "no".
+-#
+-# Note: If you use PAM, it is recommended to use a value consistent with
+-# the PAM modules configuration.
+-#
+-# This variable is deprecated. You should use ENCRYPT_METHOD instead.
+-#
+-#MD5_CRYPT_ENAB no
+-
+ #
+ # Only works if compiled with ENCRYPTMETHOD_SELECT defined:
+-# If set to MD5, MD5-based algorithm will be used for encrypting password
+ # If set to SHA256, SHA256-based algorithm will be used for encrypting password
+ # If set to SHA512, SHA512-based algorithm will be used for encrypting password
+-# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
+ # If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
+ # If set to DES, DES-based algorithm will be used for encrypting password (default)
+ # MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
+-# Overrides the MD5_CRYPT_ENAB option
+ #
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+@@ -348,21 +171,6 @@ CHFN_RESTRICT rwh
+ #SHA_CRYPT_MIN_ROUNDS 5000
+ #SHA_CRYPT_MAX_ROUNDS 5000
+
+-#
+-# Only works if ENCRYPT_METHOD is set to BCRYPT.
+-#
+-# Define the number of BCRYPT rounds.
+-# With a lot of rounds, it is more difficult to brute-force the password.
+-# However, more CPU resources will be needed to authenticate users if
+-# this value is increased.
+-#
+-# If not specified, 13 rounds will be attempted.
+-# If only one of the MIN or MAX values is set, then this value will be used.
+-# If MIN > MAX, the highest value will be used.
+-#
+-#BCRYPT_MIN_ROUNDS 13
+-#BCRYPT_MAX_ROUNDS 13
+-
+ #
+ # Only works if ENCRYPT_METHOD is set to YESCRYPT.
+ #
+@@ -376,17 +184,6 @@ CHFN_RESTRICT rwh
+ #
+ #YESCRYPT_COST_FACTOR 5
+
+-#
+-# List of groups to add to the user's supplementary group set
+-# when logging in from the console (as determined by the CONSOLE
+-# setting). Default is none.
+-#
+-# Use with caution - it is possible for users to gain permanent
+-# access to these groups, even when not logged in from the console.
+-# How to do it is left as an exercise for the reader...
+-#
+-#CONSOLE_GROUPS floppy:audio:cdrom
+-
+ #
+ # Should login be allowed if we can't cd to the home directory?
+ # Default is no.
+@@ -401,12 +198,6 @@ DEFAULT_HOME yes
+ #
+ NONEXISTENT /nonexistent
+
+-#
+-# If this file exists and is readable, login environment will be
+-# read from it. Every line should be in the form name=value.
+-#
+-ENVIRON_FILE /etc/environment
+-
+ #
+ # If defined, this command is run when removing a user.
+ # It should remove any at/cron/print jobs etc. owned by
+@@ -454,14 +245,6 @@ USERGROUPS_ENAB yes
+ #
+ #GRANT_AUX_GROUP_SUBIDS yes
+
+-#
+-# Prevents an empty password field to be interpreted as "no authentication
+-# required".
+-# Set to "yes" to prevent for all accounts
+-# Set to "superuser" to prevent for UID 0 / root (default)
+-# Set to "no" to not prevent for any account (dangerous, historical default)
+-PREVENT_NO_AUTH superuser
+-
+ #
+ # Select the HMAC cryptography algorithm.
+ # Used in pam_timestamp module to calculate the keyed-hash message
+diff --git a/man/login.defs.5.xml b/man/login.defs.5.xml
+index 05ef5125..1ddf537e 100644
+--- a/man/login.defs.5.xml
++++ b/man/login.defs.5.xml
+@@ -7,70 +7,38 @@
+ -->
+ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+-<!ENTITY BCRYPT_MIN_ROUNDS SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
+-<!ENTITY CHFN_AUTH SYSTEM "login.defs.d/CHFN_AUTH.xml">
+ <!ENTITY CHFN_RESTRICT SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
+-<!ENTITY CHSH_AUTH SYSTEM "login.defs.d/CHSH_AUTH.xml">
+-<!ENTITY CONSOLE SYSTEM "login.defs.d/CONSOLE.xml">
+-<!ENTITY CONSOLE_GROUPS SYSTEM "login.defs.d/CONSOLE_GROUPS.xml">
+ <!ENTITY CREATE_HOME SYSTEM "login.defs.d/CREATE_HOME.xml">
+ <!ENTITY DEFAULT_HOME SYSTEM "login.defs.d/DEFAULT_HOME.xml">
+ <!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
+-<!ENTITY ENV_HZ SYSTEM "login.defs.d/ENV_HZ.xml">
+ <!ENTITY ENV_PATH SYSTEM "login.defs.d/ENV_PATH.xml">
+ <!ENTITY ENV_SUPATH SYSTEM "login.defs.d/ENV_SUPATH.xml">
+-<!ENTITY ENV_TZ SYSTEM "login.defs.d/ENV_TZ.xml">
+-<!ENTITY ENVIRON_FILE SYSTEM "login.defs.d/ENVIRON_FILE.xml">
+-<!ENTITY ERASECHAR SYSTEM "login.defs.d/ERASECHAR.xml">
+ <!ENTITY FAIL_DELAY SYSTEM "login.defs.d/FAIL_DELAY.xml">
+-<!ENTITY FAILLOG_ENAB SYSTEM "login.defs.d/FAILLOG_ENAB.xml">
+-<!ENTITY FAKE_SHELL SYSTEM "login.defs.d/FAKE_SHELL.xml">
+-<!ENTITY FTMP_FILE SYSTEM "login.defs.d/FTMP_FILE.xml">
+ <!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
+ <!ENTITY HMAC_CRYPTO_ALGO SYSTEM "login.defs.d/HMAC_CRYPTO_ALGO.xml">
+ <!ENTITY HOME_MODE SYSTEM "login.defs.d/HOME_MODE.xml">
+ <!ENTITY HUSHLOGIN_FILE SYSTEM "login.defs.d/HUSHLOGIN_FILE.xml">
+-<!ENTITY ISSUE_FILE SYSTEM "login.defs.d/ISSUE_FILE.xml">
+-<!ENTITY KILLCHAR SYSTEM "login.defs.d/KILLCHAR.xml">
+-<!ENTITY LASTLOG_ENAB SYSTEM "login.defs.d/LASTLOG_ENAB.xml">
+ <!ENTITY LASTLOG_UID_MAX SYSTEM "login.defs.d/LASTLOG_UID_MAX.xml">
+-<!ENTITY LOG_OK_LOGINS SYSTEM "login.defs.d/LOG_OK_LOGINS.xml">
+ <!ENTITY LOG_UNKFAIL_ENAB SYSTEM "login.defs.d/LOG_UNKFAIL_ENAB.xml">
+ <!ENTITY LOGIN_RETRIES SYSTEM "login.defs.d/LOGIN_RETRIES.xml">
+-<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
+ <!ENTITY LOGIN_TIMEOUT SYSTEM "login.defs.d/LOGIN_TIMEOUT.xml">
+-<!ENTITY MAIL_CHECK_ENAB SYSTEM "login.defs.d/MAIL_CHECK_ENAB.xml">
+ <!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
+ <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
+-<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
+ <!ENTITY MOTD_FILE SYSTEM "login.defs.d/MOTD_FILE.xml">
+-<!ENTITY NOLOGINS_FILE SYSTEM "login.defs.d/NOLOGINS_FILE.xml">
+ <!ENTITY NONEXISTENT SYSTEM "login.defs.d/NONEXISTENT.xml">
+-<!ENTITY OBSCURE_CHECKS_ENAB SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
+-<!ENTITY PASS_ALWAYS_WARN SYSTEM "login.defs.d/PASS_ALWAYS_WARN.xml">
+-<!ENTITY PASS_CHANGE_TRIES SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
+-<!ENTITY PASS_MAX_LEN SYSTEM "login.defs.d/PASS_MAX_LEN.xml">
+ <!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
+ <!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
+ <!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
+-<!ENTITY PORTTIME_CHECKS_ENAB SYSTEM "login.defs.d/PORTTIME_CHECKS_ENAB.xml">
+-<!ENTITY QUOTAS_ENAB SYSTEM "login.defs.d/QUOTAS_ENAB.xml">
+ <!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+-<!ENTITY SULOG_FILE SYSTEM "login.defs.d/SULOG_FILE.xml">
+-<!ENTITY SU_NAME SYSTEM "login.defs.d/SU_NAME.xml">
+-<!ENTITY SU_WHEEL_ONLY SYSTEM "login.defs.d/SU_WHEEL_ONLY.xml">
+ <!ENTITY SUB_GID_COUNT SYSTEM "login.defs.d/SUB_GID_COUNT.xml">
+ <!ENTITY SUB_UID_COUNT SYSTEM "login.defs.d/SUB_UID_COUNT.xml">
+ <!ENTITY SYS_GID_MAX SYSTEM "login.defs.d/SYS_GID_MAX.xml">
+ <!ENTITY SYSLOG_SG_ENAB SYSTEM "login.defs.d/SYSLOG_SG_ENAB.xml">
+-<!ENTITY SYSLOG_SU_ENAB SYSTEM "login.defs.d/SYSLOG_SU_ENAB.xml">
+ <!ENTITY SYS_UID_MAX SYSTEM "login.defs.d/SYS_UID_MAX.xml">
+ <!ENTITY TCB_AUTH_GROUP SYSTEM "login.defs.d/TCB_AUTH_GROUP.xml">
+ <!ENTITY TCB_SYMLINKS SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
+ <!ENTITY TTYGROUP SYSTEM "login.defs.d/TTYGROUP.xml">
+-<!ENTITY TTYTYPE_FILE SYSTEM "login.defs.d/TTYTYPE_FILE.xml">
+ <!ENTITY UID_MAX SYSTEM "login.defs.d/UID_MAX.xml">
+-<!ENTITY ULIMIT SYSTEM "login.defs.d/ULIMIT.xml">
+ <!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
+ <!ENTITY USERDEL_CMD SYSTEM "login.defs.d/USERDEL_CMD.xml">
+ <!ENTITY USERGROUPS_ENAB SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
+@@ -147,48 +115,25 @@
+ <para>The following configuration items are provided:</para>
+
+ <variablelist remap='IP'>
+- &BCRYPT_MIN_ROUNDS; <!-- documents also BCRYPT_MAX_ROUNDS -->
+- &CHFN_AUTH;
+ &CHFN_RESTRICT;
+- &CHSH_AUTH;
+- &CONSOLE;
+- &CONSOLE_GROUPS;
+ &CREATE_HOME;
+ &DEFAULT_HOME;
+ &ENCRYPT_METHOD;
+- &ENV_HZ;
+ &ENV_PATH;
+ &ENV_SUPATH;
+- &ENV_TZ;
+- &ENVIRON_FILE;
+- &ERASECHAR;
+ &FAIL_DELAY;
+- &FAILLOG_ENAB;
+- &FAKE_SHELL;
+- &FTMP_FILE;
+ &GID_MAX; <!-- documents also GID_MIN -->
+ &HMAC_CRYPTO_ALGO;
+ &HOME_MODE;
+ &HUSHLOGIN_FILE;
+- &ISSUE_FILE;
+- &KILLCHAR;
+- &LASTLOG_ENAB;
+ &LASTLOG_UID_MAX;
+- &LOG_OK_LOGINS;
+ &LOG_UNKFAIL_ENAB;
+ &LOGIN_RETRIES;
+- &LOGIN_STRING;
+ &LOGIN_TIMEOUT;
+- &MAIL_CHECK_ENAB;
+ &MAIL_DIR;
+ &MAX_MEMBERS_PER_GROUP;
+- &MD5_CRYPT_ENAB;
+ &MOTD_FILE;
+- &NOLOGINS_FILE;
+ &NONEXISTENT;
+- &OBSCURE_CHECKS_ENAB;
+- &PASS_ALWAYS_WARN;
+- &PASS_CHANGE_TRIES;
+ &PASS_MAX_DAYS;
+ &PASS_MIN_DAYS;
+ &PASS_WARN_AGE;
+@@ -198,25 +143,16 @@
+ time of account creation. Any changes to these settings won't affect
+ existing accounts.
+ </para>
+- &PASS_MAX_LEN; <!-- documents also PASS_MIN_LEN -->
+- &PORTTIME_CHECKS_ENAB;
+- "AS_ENAB;
+ &SHA_CRYPT_MIN_ROUNDS; <!-- documents also SHA_CRYPT_MAX_ROUNDS -->
+- &SULOG_FILE;
+- &SU_NAME;
+- &SU_WHEEL_ONLY;
+ &SUB_GID_COUNT; <!-- documents also SUB_GID_MIN SUB_GID_MAX -->
+ &SUB_UID_COUNT; <!-- documents also SUB_UID_MIN SUB_UID_MAX -->
+ &SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
+ &SYS_UID_MAX; <!-- documents also SYS_UID_MIN -->
+ &SYSLOG_SG_ENAB;
+- &SYSLOG_SU_ENAB;
+ &TCB_AUTH_GROUP;
+ &TCB_SYMLINKS;
+ &TTYGROUP;
+- &TTYTYPE_FILE;
+ &UID_MAX; <!-- documents also UID_MIN -->
+- &ULIMIT;
+ &UMASK;
+ &USERDEL_CMD;
+ &USERGROUPS_ENAB;
+@@ -255,7 +191,7 @@
+ <para>
+ <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ BCRYPT_MIN_ROUNDS</phrase>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
+@@ -280,7 +216,7 @@
+ <term>chsh</term>
+ <listitem>
+ <para>
+- CHSH_AUTH LOGIN_STRING
++ CHSH_AUTH
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -292,7 +228,7 @@
+ <para>
+ <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ BCRYPT_MIN_ROUNDS</phrase>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
+@@ -352,35 +288,6 @@
+ <para>LASTLOG_UID_MAX</para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>login</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENV_PATH ENV_SUPATH
+- ENV_TZ ENVIRON_FILE</phrase>
+- ERASECHAR FAIL_DELAY
+- <phrase condition="no_pam">FAILLOG_ENAB</phrase>
+- FAKE_SHELL
+- <phrase condition="no_pam">FTMP_FILE</phrase>
+- HUSHLOGIN_FILE
+- <phrase condition="no_pam">ISSUE_FILE</phrase>
+- KILLCHAR
+- <phrase condition="no_pam">LASTLOG_ENAB LASTLOG_UID_MAX</phrase>
+- LOGIN_RETRIES
+- <phrase condition="no_pam">LOGIN_STRING</phrase>
+- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
+- <phrase condition="no_pam">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
+- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
+- QUOTAS_ENAB</phrase>
+- TTYGROUP TTYPERM TTYTYPE_FILE
+- <phrase condition="no_pam">ULIMIT UMASK</phrase>
+- USERGROUPS_ENAB
+- </para>
+- </listitem>
+- </varlistentry>
+- <!-- logoutd: no variables -->
+ <varlistentry>
+ <term>newgrp / sg</term>
+ <listitem>
+@@ -397,7 +304,7 @@
+ BCRYPT_MIN_ROUNDS</phrase>
+ ENCRYPT_METHOD
+ GID_MAX GID_MIN
+- MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ MAX_MEMBERS_PER_GROUP
+ HOME_MODE
+ PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+@@ -417,8 +324,7 @@
+ <para>
+ <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ BCRYPT_MIN_ROUNDS</phrase>
+- ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
+- PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
++ ENCRYPT_METHOD
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
+@@ -451,32 +357,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>su</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENVIRON_FILE</phrase>
+- ENV_PATH ENV_SUPATH
+- <phrase condition="no_pam">ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
+- MAIL_DIR MAIL_FILE QUOTAS_ENAB</phrase>
+- SULOG_FILE SU_NAME
+- <phrase condition="no_pam">SU_WHEEL_ONLY</phrase>
+- SYSLOG_SU_ENAB
+- <phrase condition="no_pam">USERGROUPS_ENAB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry condition="no_pam">
+- <term>sulogin</term>
+- <listitem>
+- <para>
+- ENV_HZ
+- ENV_TZ
+- </para>
+- </listitem>
+- </varlistentry>
+ <varlistentry>
+ <term>useradd</term>
+ <listitem>
+@@ -505,24 +385,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>usermod</term>
+- <listitem>
+- <para>
+- LASTLOG_UID_MAX
+- MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP
+- <phrase condition="tcb">TCB_SYMLINKS USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry condition="tcb">
+- <term>vipw</term>
+- <listitem>
+- <para>
+- <phrase condition="tcb">USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+ </variablelist>
+ </refsect1>
+
+--
+2.44.0
+
diff --git a/srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch b/srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch
new file mode 100644
index 00000000000000..9f90710bcbb5ce
--- /dev/null
+++ b/srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch
@@ -0,0 +1,721 @@
+etc/pam.d/Makefile.am:
+Disable installation of PAM integration for chfn, chsh and login tools
+as they are provided by util-linux.
+
+man/Makefile.am, man/*/Makefile.am:
+Disable man pages for chfn, chsh, login, logoutd, newgrp, nologin, vigr,
+vipw and su as they are either no longer used or replaced by util-linux.
+
+src/Makefile.am:
+Set usbindir to use bin instead of sbin, as Void Linux is a /usr and bin
+merge distribution.
+Remove the use of login, nologin, chfn, chsh, logoutd, vipw and vigr, as
+they are either not used or replaced by util-linux.
+Move newgrp to replace sg (instead of it being a symlink).
+---
+ etc/pam.d/Makefile.am | 3 ---
+ man/Makefile.am | 20 +++-----------------
+ man/cs/Makefile.am | 8 ++------
+ man/da/Makefile.am | 8 +-------
+ man/de/Makefile.am | 11 +----------
+ man/fi/Makefile.am | 5 +----
+ man/fr/Makefile.am | 11 +----------
+ man/hu/Makefile.am | 6 +-----
+ man/id/Makefile.am | 2 --
+ man/it/Makefile.am | 11 +----------
+ man/ja/Makefile.am | 10 +---------
+ man/ko/Makefile.am | 8 +-------
+ man/pl/Makefile.am | 7 +------
+ man/ru/Makefile.am | 11 +----------
+ man/sv/Makefile.am | 8 +-------
+ man/tr/Makefile.am | 3 ---
+ man/uk/Makefile.am | 11 +----------
+ man/zh_CN/Makefile.am | 11 +----------
+ man/zh_TW/Makefile.am | 4 ----
+ src/Makefile.am | 18 +++++++-----------
+ 20 files changed, 25 insertions(+), 151 deletions(-)
+
+diff --git a/etc/pam.d/Makefile.am b/etc/pam.d/Makefile.am
+index b8e4321f..73d4554f 100644
+--- a/etc/pam.d/Makefile.am
++++ b/etc/pam.d/Makefile.am
+@@ -3,10 +3,7 @@
+
+ pamd_files = \
+ chpasswd \
+- chfn \
+- chsh \
+ groupmems \
+- login \
+ newusers \
+ passwd
+
+diff --git a/man/Makefile.am b/man/Makefile.am
+index cffef699..f57e476d 100644
+--- a/man/Makefile.am
++++ b/man/Makefile.am
+@@ -8,10 +8,8 @@ endif
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -26,12 +24,9 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
++ man8/lastlog.8 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -43,9 +38,7 @@ man_MANS = \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+@@ -77,10 +70,8 @@ endif
+
+ man_XMANS = \
+ chage.1.xml \
+- chfn.1.xml \
+ chgpasswd.8.xml \
+ chpasswd.8.xml \
+- chsh.1.xml \
+ expiry.1.xml \
+ faillog.5.xml \
+ faillog.8.xml \
+@@ -94,12 +85,9 @@ man_XMANS = \
+ grpck.8.xml \
+ gshadow.5.xml \
+ limits.5.xml \
+- login.1.xml \
+ login.access.5.xml \
+ login.defs.5.xml \
+- logoutd.8.xml \
+ newgidmap.1.xml \
+- newgrp.1.xml \
+ newuidmap.1.xml \
+ newusers.8.xml \
+ nologin.8.xml \
+@@ -111,14 +99,12 @@ man_XMANS = \
+ shadow.3.xml \
+ shadow.5.xml \
+ sg.1.xml \
+- su.1.xml \
+ suauth.5.xml \
+ subgid.5.xml \
+ subuid.5.xml \
+ useradd.8.xml \
+ userdel.8.xml \
+- usermod.8.xml \
+- vipw.8.xml
++ usermod.8.xml
+
+ if ENABLE_LASTLOG
+ man_XMANS += lastlog.8.xml
+diff --git a/man/cs/Makefile.am b/man/cs/Makefile.am
+index 84407d71..c5ef7cf5 100644
+--- a/man/cs/Makefile.am
++++ b/man/cs/Makefile.am
+@@ -12,11 +12,8 @@ man_MANS = \
+ man1/groups.1 \
+ man8/grpck.8 \
+ man5/gshadow.5 \
+- man8/nologin.8 \
+ man5/passwd.5 \
+- man5/shadow.5 \
+- man1/su.1 \
+- man8/vipw.8
++ man5/shadow.5
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+@@ -24,6 +21,5 @@ endif
+
+ EXTRA_DIST = $(man_MANS) \
+ man1/id.1 \
+- man8/groupmems.8 \
+- man8/logoutd.8
++ man8/groupmems.8
+
+diff --git a/man/da/Makefile.am b/man/da/Makefile.am
+index a3b09224..e45bef66 100644
+--- a/man/da/Makefile.am
++++ b/man/da/Makefile.am
+@@ -3,16 +3,10 @@ mandir = @mandir@/da
+
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = \
+- man1/chfn.1 \
+ man8/groupdel.8 \
+ man1/groups.1 \
+ man5/gshadow.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+- man8/nologin.8 \
+- man1/sg.1 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man1/sg.1
+
+ man_nopam =
+
+diff --git a/man/de/Makefile.am b/man/de/Makefile.am
+index 671432d3..333d5524 100644
+--- a/man/de/Makefile.am
++++ b/man/de/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/de
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/fi/Makefile.am b/man/fi/Makefile.am
+index 26a1a848..f02b92f3 100644
+--- a/man/fi/Makefile.am
++++ b/man/fi/Makefile.am
+@@ -1,10 +1,7 @@
+
+ mandir = @mandir@/fi
+
+-man_MANS = \
+- man1/chfn.1 \
+- man1/chsh.1 \
+- man1/su.1
++man_MANS =
+
+ # Outdated manpages
+ # passwd.1 (https://bugs.launchpad.net/ubuntu/+bug/384024)
+diff --git a/man/fr/Makefile.am b/man/fr/Makefile.am
+index 335e0298..9962c038 100644
+--- a/man/fr/Makefile.am
++++ b/man/fr/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/fr
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/hu/Makefile.am b/man/hu/Makefile.am
+index 205bb0a8..3d813179 100644
+--- a/man/hu/Makefile.am
++++ b/man/hu/Makefile.am
+@@ -2,15 +2,11 @@
+ mandir = @mandir@/hu
+
+ man_MANS = \
+- man1/chsh.1 \
+ man1/gpasswd.1 \
+ man1/groups.1 \
+- man1/login.1 \
+- man1/newgrp.1 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+- man1/sg.1 \
+- man1/su.1
++ man1/sg.1
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/id/Makefile.am b/man/id/Makefile.am
+index 21f3dbe9..6d10b930 100644
+--- a/man/id/Makefile.am
++++ b/man/id/Makefile.am
+@@ -2,8 +2,6 @@
+ mandir = @mandir@/id
+
+ man_MANS = \
+- man1/chsh.1 \
+- man1/login.1 \
+ man8/useradd.8
+
+ EXTRA_DIST = $(man_MANS)
+diff --git a/man/it/Makefile.am b/man/it/Makefile.am
+index b76187fa..1f62e20e 100644
+--- a/man/it/Makefile.am
++++ b/man/it/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/it
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/ja/Makefile.am b/man/ja/Makefile.am
+index 13f18da1..3401a085 100644
+--- a/man/ja/Makefile.am
++++ b/man/ja/Makefile.am
+@@ -3,9 +3,7 @@ mandir = @mandir@/ja
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -17,10 +15,7 @@ man_MANS = \
+ man8/grpck.8 \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+@@ -29,13 +24,10 @@ man_MANS = \
+ man8/pwunconv.8 \
+ man1/sg.1 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/ko/Makefile.am b/man/ko/Makefile.am
+index c269f0bb..9616cb3e 100644
+--- a/man/ko/Makefile.am
++++ b/man/ko/Makefile.am
+@@ -2,14 +2,8 @@
+ mandir = @mandir@/ko
+
+ man_MANS = \
+- man1/chfn.1 \
+- man1/chsh.1 \
+ man1/groups.1 \
+- man1/login.1 \
+- man5/passwd.5 \
+- man1/su.1 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man5/passwd.5
+ # newgrp.1 must be updated
+ # newgrp.1
+
+diff --git a/man/pl/Makefile.am b/man/pl/Makefile.am
+index b2f096f7..00817d37 100644
+--- a/man/pl/Makefile.am
++++ b/man/pl/Makefile.am
+@@ -4,7 +4,6 @@ mandir = @mandir@/pl
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = \
+ man1/chage.1 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -15,14 +14,10 @@ man_MANS = \
+ man8/groupmod.8 \
+ man1/groups.1 \
+ man8/grpck.8 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/ru/Makefile.am b/man/ru/Makefile.am
+index 84d55d9e..b65f4881 100644
+--- a/man/ru/Makefile.am
++++ b/man/ru/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/ru
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/sv/Makefile.am b/man/sv/Makefile.am
+index 70329edf..58fa80e5 100644
+--- a/man/sv/Makefile.am
++++ b/man/sv/Makefile.am
+@@ -3,7 +3,6 @@ mandir = @mandir@/sv
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = \
+ man1/chage.1 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -15,18 +14,13 @@ man_MANS = \
+ man1/groups.1 \
+ man8/grpck.8 \
+ man5/gshadow.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/suauth.5 \
+- man8/userdel.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/userdel.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/tr/Makefile.am b/man/tr/Makefile.am
+index 8d8b9166..4fe3632a 100644
+--- a/man/tr/Makefile.am
++++ b/man/tr/Makefile.am
+@@ -2,15 +2,12 @@ mandir = @mandir@/tr
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/groupadd.8 \
+ man8/groupdel.8 \
+ man8/groupmod.8 \
+- man1/login.1 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+ man8/usermod.8
+diff --git a/man/uk/Makefile.am b/man/uk/Makefile.am
+index 3fb5ffb3..e13c8fee 100644
+--- a/man/uk/Makefile.am
++++ b/man/uk/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/uk
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/zh_CN/Makefile.am b/man/zh_CN/Makefile.am
+index a8b93a56..42ad764d 100644
+--- a/man/zh_CN/Makefile.am
++++ b/man/zh_CN/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/zh_CN
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/zh_TW/Makefile.am b/man/zh_TW/Makefile.am
+index c36ed2c7..26696b67 100644
+--- a/man/zh_TW/Makefile.am
++++ b/man/zh_TW/Makefile.am
+@@ -2,15 +2,11 @@
+ mandir = @mandir@/zh_TW
+
+ man_MANS = \
+- man1/chfn.1 \
+- man1/chsh.1 \
+ man8/chpasswd.8 \
+- man1/newgrp.1 \
+ man8/groupadd.8 \
+ man8/groupdel.8 \
+ man8/groupmod.8 \
+ man5/passwd.5 \
+- man1/su.1 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+ man8/usermod.8
+diff --git a/src/Makefile.am b/src/Makefile.am
+index b6cb09ef..bfe73b09 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -3,7 +3,7 @@ EXTRA_DIST = \
+ .indent.pro
+
+ ubindir = ${prefix}/bin
+-usbindir = ${prefix}/sbin
++usbindir = ${prefix}/bin
+ suidperms = 4755
+ sgidperms = 2755
+
+@@ -26,9 +26,9 @@ AM_CFLAGS = $(LIBBSD_CFLAGS)
+ # and installation would be much simpler (just two directories,
+ # $prefix/bin and $prefix/sbin, no install-data hacks...)
+
+-bin_PROGRAMS = groups login
+-sbin_PROGRAMS = nologin
+-ubin_PROGRAMS = faillog chage chfn chsh expiry gpasswd newgrp passwd
++bin_PROGRAMS = groups
++sbin_PROGRAMS =
++ubin_PROGRAMS = faillog lastlog chage expiry gpasswd newgrp passwd
+ if ENABLE_SUBIDS
+ ubin_PROGRAMS += newgidmap newuidmap
+ endif
+@@ -48,22 +48,20 @@ usbin_PROGRAMS = \
+ grpck \
+ grpconv \
+ grpunconv \
+- logoutd \
+ newusers \
+ pwck \
+ pwconv \
+ pwunconv \
+ useradd \
+ userdel \
+- usermod \
+- vipw
++ usermod
+
+ # id and groups are from gnu, sulogin from sysvinit
+ noinst_PROGRAMS = id sulogin
+
+ suidusbins =
+ suidbins =
+-suidubins = chage chfn chsh expiry gpasswd newgrp
++suidubins = chage expiry gpasswd newgrp
+ if WITH_SU
+ suidbins += su
+ endif
+@@ -135,18 +133,16 @@ sulogin_LDADD = $(LDADD) $(LIBCRYPT) $(LIBECONF)
+ useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl
+ userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF) -ldl
+ usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl
+-vipw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
+
+ install-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+- ln -sf newgrp $(DESTDIR)$(ubindir)/sg
+- ln -sf vipw $(DESTDIR)$(usbindir)/vigr
+ set -e; for i in $(suidbins); do \
+ chmod $(suidperms) $(DESTDIR)$(bindir)/$$i; \
+ done
+ set -e; for i in $(suidubins); do \
+ chmod $(suidperms) $(DESTDIR)$(ubindir)/$$i; \
+ done
++ mv -v $(DESTDIR)$(ubindir)/newgrp $(DESTDIR)$(ubindir)/sg
+ set -e; for i in $(suidusbins); do \
+ chmod $(suidperms) $(DESTDIR)$(usbindir)/$$i; \
+ done
+--
+2.44.0
+
diff --git a/srcpkgs/shadow/patches/disable-ruserok.patch b/srcpkgs/shadow/patches/disable-ruserok.patch
new file mode 100644
index 00000000000000..dcc1a9f72333c8
--- /dev/null
+++ b/srcpkgs/shadow/patches/disable-ruserok.patch
@@ -0,0 +1,12 @@
+--- a/configure
++++ b/configure
+@@ -15825,9 +15825,6 @@ if test "$ac_cv_func_ruserok" = "yes"; then
+
+ printf "%s\n" "#define RLOGIN 1" >>confdefs.h
+
+-
+-printf "%s\n" "#define RUSEROK 0" >>confdefs.h
+-
+ fi
+
+ # Check whether --enable-shadowgrp was given.
diff --git a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch b/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
deleted file mode 100644
index c5564fffdc3852..00000000000000
--- a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
+++ /dev/null
@@ -1,23 +0,0 @@
---- a/src/usermod.c 2012-02-13 08:19:43.792146449 -0500
-+++ b/src/usermod.c 2012-02-13 08:21:19.375114500 -0500
-@@ -182,7 +182,7 @@
- struct tm *tp;
-
- if (date < 0) {
-- strncpy (buf, "never", maxsize);
-+ strncpy (buf, "never", maxsize - 1);
- } else {
- time_t t = (time_t) date;
- tp = gmtime (&t);
---- a/src/login.c 2012-02-13 08:19:50.951994454 -0500
-+++ b/src/login.c 2012-02-13 08:21:04.490430937 -0500
-@@ -752,7 +752,8 @@
- _("%s login: "), hostn);
- } else {
- strncpy (loginprompt, _("login: "),
-- sizeof (loginprompt));
-+ sizeof (loginprompt) - 1);
-+ loginprompt[sizeof (loginprompt) - 1] = '\0';
- }
-
- retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
diff --git a/srcpkgs/shadow/patches/useradd-defaults.patch b/srcpkgs/shadow/patches/useradd-defaults.patch
new file mode 100644
index 00000000000000..38035df40cfcab
--- /dev/null
+++ b/srcpkgs/shadow/patches/useradd-defaults.patch
@@ -0,0 +1,21 @@
+diff --git a/src/useradd.c b/src/useradd.c
+index 677ea5a636f..49f55211a17 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -87,14 +87,14 @@ const char *Prog;
+ /*
+ * These defaults are used if there is no defaults file.
+ */
+-static gid_t def_group = 1000;
++static gid_t def_group = 100;
+ static const char *def_groups = "";
+ static const char *def_gname = "other";
+ static const char *def_home = "/home";
+ static const char *def_shell = "/bin/bash";
+ static const char *def_template = SKEL_DIR;
+ static const char *def_usrtemplate = USRSKELDIR;
+-static const char *def_create_mail_spool = "yes";
++static const char *def_create_mail_spool = "no";
+ static const char *def_log_init = "yes";
+
+ static long def_inactive = -1;
diff --git a/srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch b/srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch
new file mode 100644
index 00000000000000..fc0f5aa6eb1e93
--- /dev/null
+++ b/srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch
@@ -0,0 +1,43 @@
+etc/login.defs:
+- Change `ENV_SUPATH` and `ENV_SUPATH` to only use
+ /usr/local/sbin:/usr/local/bin:/usr/bin as Void is a /usr and
+ bin merge distribution.
+- Set `HOME_MODE` to `0700` to be able to rely on a `UMASK` of `022`
+ while creating home directories in a privacy conserving manner.
+- Change ENCRYPT_METHOD to YESCRYPT as it is a safer hashing algorithm
+ than DES.
+---
+
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -55,8 +55,8 @@ HUSHLOGIN_FILE .hushlogin
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+ # (they are minimal, add the rest in the shell startup files)
+-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
+-ENV_PATH PATH=/bin:/usr/bin
++ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
++ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+
+ #
+ # Terminal permissions
+@@ -84,7 +84,7 @@ UMASK 022
+ # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+ # home directories.
+ # If HOME_MODE is not set, the value of UMASK is used to create the mode.
+-#HOME_MODE 0700
++HOME_MODE 0700
+
+ #
+ # Password aging controls:
+@@ -152,7 +152,7 @@ CHFN_RESTRICT rwh
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+-#ENCRYPT_METHOD DES
++ENCRYPT_METHOD YESCRYPT
+
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+--
+2.44.0
diff --git a/srcpkgs/shadow/patches/xstrdup.patch b/srcpkgs/shadow/patches/xstrdup.patch
deleted file mode 100644
index 562febcf4164f1..00000000000000
--- a/srcpkgs/shadow/patches/xstrdup.patch
+++ /dev/null
@@ -1,9 +0,0 @@
---- a/libmisc/xmalloc.c 2008-08-30 21:55:44.000000000 -0500
-+++ b/libmisc/xmalloc.c.new 2008-08-30 21:55:36.000000000 -0500
-@@ -61,5 +61,6 @@
-
- char *xstrdup (const char *str)
- {
-+ if(str == NULL) return NULL;
- return strcpy (xmalloc (strlen (str) + 1), str);
- }
diff --git a/srcpkgs/shadow/template b/srcpkgs/shadow/template
index c7ece33540c9a0..7d1bedf714edad 100644
--- a/srcpkgs/shadow/template
+++ b/srcpkgs/shadow/template
@@ -1,45 +1,52 @@
# Template file for 'shadow'
pkgname=shadow
-version=4.8.1
-revision=3
+version=4.15.0
+revision=1
build_style=gnu-configure
-configure_args="--bindir=/usr/bin --sbindir=/usr/bin
- --enable-shared --disable-static
- --with-libpam --without-selinux --with-acl --with-attr --without-su
- --disable-nls --enable-subordinate-ids --disable-account-tools-setuid
- --with-group-name-max-length=32"
-hostmakedepends="libtool"
-makedepends="acl-devel pam-devel"
+configure_args="--bindir=/usr/bin --sbindir=/usr/bin --libdir=/usr/lib
+ --enable-shared --disable-static --enable-lastlog --with-libpam
+ --with-yescrypt --without-selinux --with-acl --with-attr --without-su
+ --disable-nls --without-bcrypt --enable-subordinate-ids
+ --disable-account-tools-setuid --with-group-name-max-length=32"
+hostmakedepends="libtool pkg-config"
+makedepends="acl-devel pam-devel libbsd-devel"
depends="pam"
short_desc="Shadow password file utilities"
maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://github.com/shadow-maint/shadow"
distfiles="${homepage}/releases/download/${version}/shadow-${version}.tar.xz"
-checksum=a3ad4630bdc41372f02a647278a8c3514844295d36eefe68ece6c3a641c1ae62
-conf_files="/etc/pam.d/* /etc/default/* /etc/login.defs"
+checksum=e2e22c1b2a6241c9ed828387f1065b7eaa2e87c3d221550d1575cf6a35247c0d
+conf_files="
+ /etc/pam.d/chage
+ /etc/pam.d/chgpasswd
+ /etc/pam.d/chpasswd
+ /etc/pam.d/groupadd
+ /etc/pam.d/groupdel
+ /etc/pam.d/groupmems
+ /etc/pam.d/groupmod
+ /etc/pam.d/newusers
+ /etc/pam.d/passwd
+ /etc/pam.d/useradd
+ /etc/pam.d/userdel
+ /etc/pam.d/usermod"
if [ "$XBPS_TARGET_LIBC" = "glibc" ]; then
makedepends+=" libxcrypt-devel"
fi
-pre_configure() {
- case "$XBPS_TARGET_MACHINE" in
- # Completely disable unportable ruserok().
- *-musl) sed '/RUSEROK/d' -i configure;;
- esac
-}
-
do_build() {
# Don't install groups(1), we use the one from coreutils.
- sed -i 's/groups$(EXEEXT) //' src/Makefile
- for f in $(find man -name Makefile); do
+ sed -i 's/groups$(EXEEXT) //' src/Makefile.in
+ for f in $(find man -name Makefile.in); do
sed -i 's/groups\.1 / /' $f
done
make ${makejobs}
}
post_install() {
+ make -C man DESTDIR="$DESTDIR" install-man
+
mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin
# Install our pam files not the ones supplied with shadow.
@@ -51,14 +58,6 @@ post_install() {
groupmod newusers useradd userdel usermod; do
install -m644 $DESTDIR/etc/pam.d/chage $DESTDIR/etc/pam.d/${f}
done
- install -m644 ${FILESDIR}/login.defs ${DESTDIR}/etc
-
- # Disable creating mailbox files by default.
- sed -i -e 's/yes/no/' $DESTDIR/etc/default/useradd
- # Change default group to the users gid (100).
- sed -i -e 's/^\(GROUP\)=\(.*\)$/\1=100/' ${DESTDIR}/etc/default/useradd
-
- chmod 644 ${DESTDIR}/etc/default/useradd
# Install the cron daily job.
install -Dm744 ${FILESDIR}/shadow.cron-daily \
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR PATCH] [Updated] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (47 preceding siblings ...)
2024-03-22 19:03 ` [PR PATCH] [Updated] " dataCobra
@ 2024-03-22 19:05 ` dataCobra
2024-03-22 19:09 ` dataCobra
` (20 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-03-22 19:05 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 674 bytes --]
There is an updated pull request by dataCobra against master on the void-packages repository
https://github.com/dataCobra/void-packages shadow
https://github.com/void-linux/void-packages/pull/48813
shadow: update to 4.14.5.
#### Testing the changes
- I tested the changes in this PR: **YES**
#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- x86_64-musl
- i686
I welcome everyone to test this version. Maybe also on a new installation.
A patch file from https://github.com/void-linux/void-packages/pull/48813.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-shadow-48813.patch --]
[-- Type: text/x-diff, Size: 52179 bytes --]
From a05dcf8a1e5bb050665558d90e0dd9883c0ba67a Mon Sep 17 00:00:00 2001
From: dataCobra <datacobra@thinkbot.de>
Date: Fri, 22 Mar 2024 20:04:51 +0100
Subject: [PATCH] shadow: update to 4.15.0.
---
common/shlibs | 1 +
srcpkgs/shadow/files/login.defs | 87 ---
...pt-login.defs-for-PAM-and-util-linux.patch | 694 +++++++++++++++++
...-tools-their-man-pages-and-PAM-integ.patch | 721 ++++++++++++++++++
srcpkgs/shadow/patches/disable-ruserok.patch | 12 +
.../shadow/patches/shadow-strncpy-usage.patch | 23 -
srcpkgs/shadow/patches/useradd-defaults.patch | 21 +
.../void-linux-defaults-for-login.defs.patch | 43 ++
srcpkgs/shadow/template | 55 +-
9 files changed, 1519 insertions(+), 138 deletions(-)
delete mode 100644 srcpkgs/shadow/files/login.defs
create mode 100644 srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch
create mode 100644 srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch
create mode 100644 srcpkgs/shadow/patches/disable-ruserok.patch
delete mode 100644 srcpkgs/shadow/patches/shadow-strncpy-usage.patch
create mode 100644 srcpkgs/shadow/patches/useradd-defaults.patch
create mode 100644 srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch
diff --git a/common/shlibs b/common/shlibs
index 9ca4502a01c4a7..19cfecbfc45cdf 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -4302,3 +4302,4 @@ libunicode_loader.so.0.4 libunicode-0.4.0_1
force-stage.so.0.1 void-force-stage-0.1_1
libliftoff.so.0 libliftoff-0.4.1_1
libscfg.so libscfg-0.1.1_1
+libsubid.so.4 shadow-4.14.5_1
diff --git a/srcpkgs/shadow/files/login.defs b/srcpkgs/shadow/files/login.defs
deleted file mode 100644
index 350764846af4b0..00000000000000
--- a/srcpkgs/shadow/files/login.defs
+++ /dev/null
@@ -1,87 +0,0 @@
-# Configuration file for login(1). For more information see
-# login.defs(5).
-
-# Directory where mailboxes reside, _or_ name of file, relative to the
-# home directory. If you do define both, MAIL_DIR takes precedence.
-#
-MAIL_DIR /var/mail
-#MAIL_FILE .mail
-
-# Password aging controls:
-#
-# PASS_MAX_DAYS Maximum number of days a password may be used.
-# PASS_MIN_DAYS Minimum number of days allowed between password changes.
-# PASS_MIN_LEN Minimum acceptable password length.
-# PASS_WARN_AGE Number of days warning given before a password expires.
-PASS_MAX_DAYS 99999
-PASS_MIN_DAYS 0
-PASS_WARN_AGE 7
-
-# Min/max values for automatic uid selection in useradd
-UID_MIN 1000
-UID_MAX 60000
-# System accounts
-SYS_UID_MIN 100
-SYS_UID_MAX 999
-
-# Min/max values for automatic gid selection in groupadd
-GID_MIN 1000
-GID_MAX 60000
-# System accounts
-SYS_GID_MIN 100
-SYS_GID_MAX 999
-
-# If useradd should create home directories for users by default
-CREATE_HOME yes
-
-# This enables userdel to remove user groups if no members exist.
-USERGROUPS_ENAB yes
-
-# Disable MOTD_FILE (empty); use pam_motd(8) instead.
-MOTD_FILE
-
-
-# If defined, either full pathname of a file containing device names or
-# a ":" delimited list of device names. Root logins will be allowed only
-# upon these devices.
-#
-CONSOLE /etc/securetty
-
-# Terminal permissions
-#
-# TTYGROUP Login tty will be assigned this group ownership.
-# TTYPERM Login tty will be set to this permission.
-#
-# If you have a "write" program which is "setgid" to a special group
-# which owns the terminals, define TTYGROUP to the group number and
-# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
-# TTYPERM to either 622 or 600.
-#
-TTYGROUP tty
-TTYPERM 0600
-
-# Login configuration initializations:
-#
-# ERASECHAR Terminal ERASE character ('\010' = backspace).
-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
-# UMASK Default "umask" value.
-#
-# The ERASECHAR and KILLCHAR are used only on System V machines.
-# The ULIMIT is used only if the system supports it.
-# (now it works with setrlimit too; ulimit is in 512-byte units)
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
-ERASECHAR 0177
-KILLCHAR 025
-UMASK 022
-HOME_MODE 0700
-
-# Max number of login retries if password is bad
-#
-LOGIN_RETRIES 5
-
-#
-# Max time in seconds for login
-#
-LOGIN_TIMEOUT 60
diff --git a/srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch b/srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch
new file mode 100644
index 00000000000000..3a0e99134c533d
--- /dev/null
+++ b/srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch
@@ -0,0 +1,694 @@
+etc/login.defs:
+Remove unused login.defs options, that are either irrelevant due to the
+use of PAM or because the util-linux version of a binary does not
+support them.
+Modify all options that are ignored when using PAM, but are supported by
+util-linux.
+
+Removed options because they are part of PAMDEFS (options in PAMDEFS are
+options silently ignored by shadow when built with PAM enabled):
+* CHFN_AUTH
+* CRACKLIB_DICTPATH
+* ENV_HZ
+* ENVIRON_FILE
+* ENV_TZ
+* FAILLOG_ENAB
+* FTMP_FILE
+* ISSUE_FILE
+* LASTLOG_ENAB
+* LOGIN_STRING
+* MAIL_CHECK_ENAB
+* NOLOGINS_FILE
+* OBSCURE_CHECKS_ENAB
+* PASS_ALWAYS_WARN
+* PASS_CHANGE_TRIES
+* PASS_MAX_LEN
+* PASS_MIN_LEN
+* PORTTIME_CHECKS_ENAB
+* QUOTAS_ENAB
+* SU_WHEEL_ONLY
+* SYSLOG_SU_ENAB
+* ULIMIT
+
+Removed options because they are not availablbe with PAM enabled:
+* BCRYPT_MIN_ROUNDS
+* BCRYPT_MAX_ROUNDS
+* CONSOLE_GROUPS
+* CONSOLE
+* MD5_CRYPT_ENAB
+* PREVENT_NO_AUTH
+
+Removed encryption methods (`ENCRYPT_METHOD`), because they are unsafe
+or not available with PAM:
+* BCRYPT
+* MD5
+
+Removed options because they are not supported by login from util-linux:
+* ERASECHAR
+* KILLCHAR
+* LOG_OK_LOGINS
+* TTYTYPE_FILE
+
+Removed options because they are not supported by su from util-linux:
+* SULOG_FILE
+* SU_NAME
+
+Adapted options because they are in PAMDEFS but are supported by login
+from util-linux:
+* MOTD_FILE
+
+man/login.defs.5.xml:
+Remove unavailable options from man 5 login.defs.
+---
+ etc/login.defs | 223 +------------------------------------------
+ man/login.defs.5.xml | 148 +---------------------------
+ 2 files changed, 8 insertions(+), 363 deletions(-)
+
+diff --git a/etc/login.defs b/etc/login.defs
+index 33622c29..797ca6b3 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -3,6 +3,8 @@
+ #
+ # $Id$
+ #
++# NOTE: This file is adapted for the use on Void Linux!
++# Unsupported options due to the use of util-linux or PAM are removed.
+
+ #
+ # Delay in seconds before being allowed another attempt after a login failure
+@@ -11,26 +13,11 @@
+ #
+ FAIL_DELAY 3
+
+-#
+-# Enable logging and display of /var/log/faillog login(1) failure info.
+-#
+-FAILLOG_ENAB yes
+-
+ #
+ # Enable display of unknown usernames when login(1) failures are recorded.
+ #
+ LOG_UNKFAIL_ENAB no
+
+-#
+-# Enable logging of successful logins
+-#
+-LOG_OK_LOGINS no
+-
+-#
+-# Enable logging and display of /var/log/lastlog login(1) time info.
+-#
+-LASTLOG_ENAB yes
+-
+ #
+ # Limit the highest user ID number for which the lastlog entries should
+ # be updated.
+@@ -40,88 +27,13 @@ LASTLOG_ENAB yes
+ #
+ #LASTLOG_UID_MAX
+
+-#
+-# Enable checking and display of mailbox status upon login.
+-#
+-# Disable if the shell startup files already check for mail
+-# ("mailx -e" or equivalent).
+-#
+-MAIL_CHECK_ENAB yes
+-
+-#
+-# Enable additional checks upon password changes.
+-#
+-OBSCURE_CHECKS_ENAB yes
+-
+-#
+-# Enable checking of time restrictions specified in /etc/porttime.
+-#
+-PORTTIME_CHECKS_ENAB yes
+-
+-#
+-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
+-#
+-QUOTAS_ENAB yes
+-
+-#
+-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
+-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
+-#
+-SYSLOG_SU_ENAB yes
+-SYSLOG_SG_ENAB yes
+-
+-#
+-# If defined, either full pathname of a file containing device names or
+-# a ":" delimited list of device names. Root logins will be allowed only
+-# from these devices.
+-#
+-CONSOLE /etc/securetty
+-#CONSOLE console:tty01:tty02:tty03:tty04
+-
+-#
+-# If defined, all su(1) activity is logged to this file.
+-#
+-#SULOG_FILE /var/log/sulog
+-
+ #
+ # If defined, ":" delimited list of "message of the day" files to
+ # be displayed upon login.
+ #
+-MOTD_FILE /etc/motd
++MOTD_FILE
+ #MOTD_FILE /etc/motd:/usr/lib/news/news-motd
+
+-#
+-# If defined, this file will be output before each login(1) prompt.
+-#
+-#ISSUE_FILE /etc/issue
+-
+-#
+-# If defined, file which maps tty line to TERM environment parameter.
+-# Each line of the file is in a format similar to "vt100 tty01".
+-#
+-#TTYTYPE_FILE /etc/ttytype
+-
+-#
+-# If defined, login(1) failures will be logged here in a utmp format.
+-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
+-#
+-FTMP_FILE /var/log/btmp
+-
+-#
+-# If defined, name of file whose presence will inhibit non-root
+-# logins. The content of this file should be a message indicating
+-# why logins are inhibited.
+-#
+-NOLOGINS_FILE /etc/nologin
+-
+-#
+-# If defined, the command name to display when running "su -". For
+-# example, if this is defined as "su" then ps(1) will display the
+-# command as "-su". If not defined, then ps(1) will display the
+-# name of the shell actually being run, e.g. something like "-sh".
+-#
+-SU_NAME su
+-
+ #
+ # *REQUIRED*
+ # Directory where mailboxes reside, _or_ name of file, relative to the
+@@ -139,21 +51,6 @@ MAIL_DIR /var/spool/mail
+ HUSHLOGIN_FILE .hushlogin
+ #HUSHLOGIN_FILE /etc/hushlogins
+
+-#
+-# If defined, either a TZ environment parameter spec or the
+-# fully-rooted pathname of a file containing such a spec.
+-#
+-#ENV_TZ TZ=CST6CDT
+-#ENV_TZ /etc/tzname
+-
+-#
+-# If defined, an HZ environment parameter spec.
+-#
+-# for Linux/x86
+-ENV_HZ HZ=100
+-# For Linux/Alpha...
+-#ENV_HZ HZ=1024
+-
+ #
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+@@ -175,23 +72,6 @@ ENV_PATH PATH=/bin:/usr/bin
+ TTYGROUP tty
+ TTYPERM 0600
+
+-#
+-# Login configuration initializations:
+-#
+-# ERASECHAR Terminal ERASE character ('\010' = backspace).
+-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
+-# ULIMIT Default "ulimit" value.
+-#
+-# The ERASECHAR and KILLCHAR are used only on System V machines.
+-# The ULIMIT is used only if the system supports it.
+-# (now it works with setrlimit too; ulimit is in 512-byte units)
+-#
+-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+-#
+-ERASECHAR 0177
+-KILLCHAR 025
+-#ULIMIT 2097152
+-
+ # Default initial "umask" value used by login(1) on non-PAM enabled systems.
+ # Default "umask" value for pam_umask(8) on PAM enabled systems.
+ # UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+@@ -211,22 +91,12 @@ UMASK 022
+ #
+ # PASS_MAX_DAYS Maximum number of days a password may be used.
+ # PASS_MIN_DAYS Minimum number of days allowed between password changes.
+-# PASS_MIN_LEN Minimum acceptable password length.
+ # PASS_WARN_AGE Number of days warning given before a password expires.
+ #
+ PASS_MAX_DAYS 99999
+ PASS_MIN_DAYS 0
+-PASS_MIN_LEN 5
+ PASS_WARN_AGE 7
+
+-#
+-# If "yes", the user must be listed as a member of the first gid 0 group
+-# in /etc/group (called "root" on most Linux systems) to be able to "su"
+-# to uid 0 accounts. If the group doesn't exist or is empty, no one
+-# will be able to "su" to uid 0.
+-#
+-SU_WHEEL_ONLY no
+-
+ #
+ # Min/max values for automatic uid selection in useradd(8)
+ #
+@@ -263,28 +133,6 @@ LOGIN_RETRIES 5
+ #
+ LOGIN_TIMEOUT 60
+
+-#
+-# Maximum number of attempts to change password if rejected (too easy)
+-#
+-PASS_CHANGE_TRIES 5
+-
+-#
+-# Warn about weak passwords (but still allow them) if you are root.
+-#
+-PASS_ALWAYS_WARN yes
+-
+-#
+-# Number of significant characters in the password for crypt().
+-# Default is 8, don't change unless your crypt() is better.
+-# Ignored if MD5_CRYPT_ENAB set to "yes".
+-#
+-#PASS_MAX_LEN 8
+-
+-#
+-# Require password before chfn(1)/chsh(1) can make any changes.
+-#
+-CHFN_AUTH yes
+-
+ #
+ # Which fields may be changed by regular users using chfn(1) - use
+ # any combination of letters "frwh" (full name, room number, work
+@@ -293,38 +141,13 @@ CHFN_AUTH yes
+ #
+ CHFN_RESTRICT rwh
+
+-#
+-# Password prompt (%s will be replaced by user name).
+-#
+-# XXX - it doesn't work correctly yet, for now leave it commented out
+-# to use the default which is just "Password: ".
+-#LOGIN_STRING "%s's Password: "
+-
+-#
+-# Only works if compiled with MD5_CRYPT defined:
+-# If set to "yes", new passwords will be encrypted using the MD5-based
+-# algorithm compatible with the one used by recent releases of FreeBSD.
+-# It supports passwords of unlimited length and longer salt strings.
+-# Set to "no" if you need to copy encrypted passwords to other systems
+-# which don't understand the new algorithm. Default is "no".
+-#
+-# Note: If you use PAM, it is recommended to use a value consistent with
+-# the PAM modules configuration.
+-#
+-# This variable is deprecated. You should use ENCRYPT_METHOD instead.
+-#
+-#MD5_CRYPT_ENAB no
+-
+ #
+ # Only works if compiled with ENCRYPTMETHOD_SELECT defined:
+-# If set to MD5, MD5-based algorithm will be used for encrypting password
+ # If set to SHA256, SHA256-based algorithm will be used for encrypting password
+ # If set to SHA512, SHA512-based algorithm will be used for encrypting password
+-# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
+ # If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
+ # If set to DES, DES-based algorithm will be used for encrypting password (default)
+ # MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
+-# Overrides the MD5_CRYPT_ENAB option
+ #
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+@@ -348,21 +171,6 @@ CHFN_RESTRICT rwh
+ #SHA_CRYPT_MIN_ROUNDS 5000
+ #SHA_CRYPT_MAX_ROUNDS 5000
+
+-#
+-# Only works if ENCRYPT_METHOD is set to BCRYPT.
+-#
+-# Define the number of BCRYPT rounds.
+-# With a lot of rounds, it is more difficult to brute-force the password.
+-# However, more CPU resources will be needed to authenticate users if
+-# this value is increased.
+-#
+-# If not specified, 13 rounds will be attempted.
+-# If only one of the MIN or MAX values is set, then this value will be used.
+-# If MIN > MAX, the highest value will be used.
+-#
+-#BCRYPT_MIN_ROUNDS 13
+-#BCRYPT_MAX_ROUNDS 13
+-
+ #
+ # Only works if ENCRYPT_METHOD is set to YESCRYPT.
+ #
+@@ -376,17 +184,6 @@ CHFN_RESTRICT rwh
+ #
+ #YESCRYPT_COST_FACTOR 5
+
+-#
+-# List of groups to add to the user's supplementary group set
+-# when logging in from the console (as determined by the CONSOLE
+-# setting). Default is none.
+-#
+-# Use with caution - it is possible for users to gain permanent
+-# access to these groups, even when not logged in from the console.
+-# How to do it is left as an exercise for the reader...
+-#
+-#CONSOLE_GROUPS floppy:audio:cdrom
+-
+ #
+ # Should login be allowed if we can't cd to the home directory?
+ # Default is no.
+@@ -401,12 +198,6 @@ DEFAULT_HOME yes
+ #
+ NONEXISTENT /nonexistent
+
+-#
+-# If this file exists and is readable, login environment will be
+-# read from it. Every line should be in the form name=value.
+-#
+-ENVIRON_FILE /etc/environment
+-
+ #
+ # If defined, this command is run when removing a user.
+ # It should remove any at/cron/print jobs etc. owned by
+@@ -454,14 +245,6 @@ USERGROUPS_ENAB yes
+ #
+ #GRANT_AUX_GROUP_SUBIDS yes
+
+-#
+-# Prevents an empty password field to be interpreted as "no authentication
+-# required".
+-# Set to "yes" to prevent for all accounts
+-# Set to "superuser" to prevent for UID 0 / root (default)
+-# Set to "no" to not prevent for any account (dangerous, historical default)
+-PREVENT_NO_AUTH superuser
+-
+ #
+ # Select the HMAC cryptography algorithm.
+ # Used in pam_timestamp module to calculate the keyed-hash message
+diff --git a/man/login.defs.5.xml b/man/login.defs.5.xml
+index 05ef5125..1ddf537e 100644
+--- a/man/login.defs.5.xml
++++ b/man/login.defs.5.xml
+@@ -7,70 +7,38 @@
+ -->
+ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+-<!ENTITY BCRYPT_MIN_ROUNDS SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
+-<!ENTITY CHFN_AUTH SYSTEM "login.defs.d/CHFN_AUTH.xml">
+ <!ENTITY CHFN_RESTRICT SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
+-<!ENTITY CHSH_AUTH SYSTEM "login.defs.d/CHSH_AUTH.xml">
+-<!ENTITY CONSOLE SYSTEM "login.defs.d/CONSOLE.xml">
+-<!ENTITY CONSOLE_GROUPS SYSTEM "login.defs.d/CONSOLE_GROUPS.xml">
+ <!ENTITY CREATE_HOME SYSTEM "login.defs.d/CREATE_HOME.xml">
+ <!ENTITY DEFAULT_HOME SYSTEM "login.defs.d/DEFAULT_HOME.xml">
+ <!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
+-<!ENTITY ENV_HZ SYSTEM "login.defs.d/ENV_HZ.xml">
+ <!ENTITY ENV_PATH SYSTEM "login.defs.d/ENV_PATH.xml">
+ <!ENTITY ENV_SUPATH SYSTEM "login.defs.d/ENV_SUPATH.xml">
+-<!ENTITY ENV_TZ SYSTEM "login.defs.d/ENV_TZ.xml">
+-<!ENTITY ENVIRON_FILE SYSTEM "login.defs.d/ENVIRON_FILE.xml">
+-<!ENTITY ERASECHAR SYSTEM "login.defs.d/ERASECHAR.xml">
+ <!ENTITY FAIL_DELAY SYSTEM "login.defs.d/FAIL_DELAY.xml">
+-<!ENTITY FAILLOG_ENAB SYSTEM "login.defs.d/FAILLOG_ENAB.xml">
+-<!ENTITY FAKE_SHELL SYSTEM "login.defs.d/FAKE_SHELL.xml">
+-<!ENTITY FTMP_FILE SYSTEM "login.defs.d/FTMP_FILE.xml">
+ <!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
+ <!ENTITY HMAC_CRYPTO_ALGO SYSTEM "login.defs.d/HMAC_CRYPTO_ALGO.xml">
+ <!ENTITY HOME_MODE SYSTEM "login.defs.d/HOME_MODE.xml">
+ <!ENTITY HUSHLOGIN_FILE SYSTEM "login.defs.d/HUSHLOGIN_FILE.xml">
+-<!ENTITY ISSUE_FILE SYSTEM "login.defs.d/ISSUE_FILE.xml">
+-<!ENTITY KILLCHAR SYSTEM "login.defs.d/KILLCHAR.xml">
+-<!ENTITY LASTLOG_ENAB SYSTEM "login.defs.d/LASTLOG_ENAB.xml">
+ <!ENTITY LASTLOG_UID_MAX SYSTEM "login.defs.d/LASTLOG_UID_MAX.xml">
+-<!ENTITY LOG_OK_LOGINS SYSTEM "login.defs.d/LOG_OK_LOGINS.xml">
+ <!ENTITY LOG_UNKFAIL_ENAB SYSTEM "login.defs.d/LOG_UNKFAIL_ENAB.xml">
+ <!ENTITY LOGIN_RETRIES SYSTEM "login.defs.d/LOGIN_RETRIES.xml">
+-<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
+ <!ENTITY LOGIN_TIMEOUT SYSTEM "login.defs.d/LOGIN_TIMEOUT.xml">
+-<!ENTITY MAIL_CHECK_ENAB SYSTEM "login.defs.d/MAIL_CHECK_ENAB.xml">
+ <!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
+ <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
+-<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
+ <!ENTITY MOTD_FILE SYSTEM "login.defs.d/MOTD_FILE.xml">
+-<!ENTITY NOLOGINS_FILE SYSTEM "login.defs.d/NOLOGINS_FILE.xml">
+ <!ENTITY NONEXISTENT SYSTEM "login.defs.d/NONEXISTENT.xml">
+-<!ENTITY OBSCURE_CHECKS_ENAB SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
+-<!ENTITY PASS_ALWAYS_WARN SYSTEM "login.defs.d/PASS_ALWAYS_WARN.xml">
+-<!ENTITY PASS_CHANGE_TRIES SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
+-<!ENTITY PASS_MAX_LEN SYSTEM "login.defs.d/PASS_MAX_LEN.xml">
+ <!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
+ <!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
+ <!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
+-<!ENTITY PORTTIME_CHECKS_ENAB SYSTEM "login.defs.d/PORTTIME_CHECKS_ENAB.xml">
+-<!ENTITY QUOTAS_ENAB SYSTEM "login.defs.d/QUOTAS_ENAB.xml">
+ <!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+-<!ENTITY SULOG_FILE SYSTEM "login.defs.d/SULOG_FILE.xml">
+-<!ENTITY SU_NAME SYSTEM "login.defs.d/SU_NAME.xml">
+-<!ENTITY SU_WHEEL_ONLY SYSTEM "login.defs.d/SU_WHEEL_ONLY.xml">
+ <!ENTITY SUB_GID_COUNT SYSTEM "login.defs.d/SUB_GID_COUNT.xml">
+ <!ENTITY SUB_UID_COUNT SYSTEM "login.defs.d/SUB_UID_COUNT.xml">
+ <!ENTITY SYS_GID_MAX SYSTEM "login.defs.d/SYS_GID_MAX.xml">
+ <!ENTITY SYSLOG_SG_ENAB SYSTEM "login.defs.d/SYSLOG_SG_ENAB.xml">
+-<!ENTITY SYSLOG_SU_ENAB SYSTEM "login.defs.d/SYSLOG_SU_ENAB.xml">
+ <!ENTITY SYS_UID_MAX SYSTEM "login.defs.d/SYS_UID_MAX.xml">
+ <!ENTITY TCB_AUTH_GROUP SYSTEM "login.defs.d/TCB_AUTH_GROUP.xml">
+ <!ENTITY TCB_SYMLINKS SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
+ <!ENTITY TTYGROUP SYSTEM "login.defs.d/TTYGROUP.xml">
+-<!ENTITY TTYTYPE_FILE SYSTEM "login.defs.d/TTYTYPE_FILE.xml">
+ <!ENTITY UID_MAX SYSTEM "login.defs.d/UID_MAX.xml">
+-<!ENTITY ULIMIT SYSTEM "login.defs.d/ULIMIT.xml">
+ <!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
+ <!ENTITY USERDEL_CMD SYSTEM "login.defs.d/USERDEL_CMD.xml">
+ <!ENTITY USERGROUPS_ENAB SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
+@@ -147,48 +115,25 @@
+ <para>The following configuration items are provided:</para>
+
+ <variablelist remap='IP'>
+- &BCRYPT_MIN_ROUNDS; <!-- documents also BCRYPT_MAX_ROUNDS -->
+- &CHFN_AUTH;
+ &CHFN_RESTRICT;
+- &CHSH_AUTH;
+- &CONSOLE;
+- &CONSOLE_GROUPS;
+ &CREATE_HOME;
+ &DEFAULT_HOME;
+ &ENCRYPT_METHOD;
+- &ENV_HZ;
+ &ENV_PATH;
+ &ENV_SUPATH;
+- &ENV_TZ;
+- &ENVIRON_FILE;
+- &ERASECHAR;
+ &FAIL_DELAY;
+- &FAILLOG_ENAB;
+- &FAKE_SHELL;
+- &FTMP_FILE;
+ &GID_MAX; <!-- documents also GID_MIN -->
+ &HMAC_CRYPTO_ALGO;
+ &HOME_MODE;
+ &HUSHLOGIN_FILE;
+- &ISSUE_FILE;
+- &KILLCHAR;
+- &LASTLOG_ENAB;
+ &LASTLOG_UID_MAX;
+- &LOG_OK_LOGINS;
+ &LOG_UNKFAIL_ENAB;
+ &LOGIN_RETRIES;
+- &LOGIN_STRING;
+ &LOGIN_TIMEOUT;
+- &MAIL_CHECK_ENAB;
+ &MAIL_DIR;
+ &MAX_MEMBERS_PER_GROUP;
+- &MD5_CRYPT_ENAB;
+ &MOTD_FILE;
+- &NOLOGINS_FILE;
+ &NONEXISTENT;
+- &OBSCURE_CHECKS_ENAB;
+- &PASS_ALWAYS_WARN;
+- &PASS_CHANGE_TRIES;
+ &PASS_MAX_DAYS;
+ &PASS_MIN_DAYS;
+ &PASS_WARN_AGE;
+@@ -198,25 +143,16 @@
+ time of account creation. Any changes to these settings won't affect
+ existing accounts.
+ </para>
+- &PASS_MAX_LEN; <!-- documents also PASS_MIN_LEN -->
+- &PORTTIME_CHECKS_ENAB;
+- "AS_ENAB;
+ &SHA_CRYPT_MIN_ROUNDS; <!-- documents also SHA_CRYPT_MAX_ROUNDS -->
+- &SULOG_FILE;
+- &SU_NAME;
+- &SU_WHEEL_ONLY;
+ &SUB_GID_COUNT; <!-- documents also SUB_GID_MIN SUB_GID_MAX -->
+ &SUB_UID_COUNT; <!-- documents also SUB_UID_MIN SUB_UID_MAX -->
+ &SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
+ &SYS_UID_MAX; <!-- documents also SYS_UID_MIN -->
+ &SYSLOG_SG_ENAB;
+- &SYSLOG_SU_ENAB;
+ &TCB_AUTH_GROUP;
+ &TCB_SYMLINKS;
+ &TTYGROUP;
+- &TTYTYPE_FILE;
+ &UID_MAX; <!-- documents also UID_MIN -->
+- &ULIMIT;
+ &UMASK;
+ &USERDEL_CMD;
+ &USERGROUPS_ENAB;
+@@ -255,7 +191,7 @@
+ <para>
+ <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ BCRYPT_MIN_ROUNDS</phrase>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
+@@ -280,7 +216,7 @@
+ <term>chsh</term>
+ <listitem>
+ <para>
+- CHSH_AUTH LOGIN_STRING
++ CHSH_AUTH
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -292,7 +228,7 @@
+ <para>
+ <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ BCRYPT_MIN_ROUNDS</phrase>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
+@@ -352,35 +288,6 @@
+ <para>LASTLOG_UID_MAX</para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>login</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENV_PATH ENV_SUPATH
+- ENV_TZ ENVIRON_FILE</phrase>
+- ERASECHAR FAIL_DELAY
+- <phrase condition="no_pam">FAILLOG_ENAB</phrase>
+- FAKE_SHELL
+- <phrase condition="no_pam">FTMP_FILE</phrase>
+- HUSHLOGIN_FILE
+- <phrase condition="no_pam">ISSUE_FILE</phrase>
+- KILLCHAR
+- <phrase condition="no_pam">LASTLOG_ENAB LASTLOG_UID_MAX</phrase>
+- LOGIN_RETRIES
+- <phrase condition="no_pam">LOGIN_STRING</phrase>
+- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
+- <phrase condition="no_pam">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
+- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
+- QUOTAS_ENAB</phrase>
+- TTYGROUP TTYPERM TTYTYPE_FILE
+- <phrase condition="no_pam">ULIMIT UMASK</phrase>
+- USERGROUPS_ENAB
+- </para>
+- </listitem>
+- </varlistentry>
+- <!-- logoutd: no variables -->
+ <varlistentry>
+ <term>newgrp / sg</term>
+ <listitem>
+@@ -397,7 +304,7 @@
+ BCRYPT_MIN_ROUNDS</phrase>
+ ENCRYPT_METHOD
+ GID_MAX GID_MIN
+- MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ MAX_MEMBERS_PER_GROUP
+ HOME_MODE
+ PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+@@ -417,8 +324,7 @@
+ <para>
+ <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ BCRYPT_MIN_ROUNDS</phrase>
+- ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
+- PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
++ ENCRYPT_METHOD
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
+@@ -451,32 +357,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>su</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENVIRON_FILE</phrase>
+- ENV_PATH ENV_SUPATH
+- <phrase condition="no_pam">ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
+- MAIL_DIR MAIL_FILE QUOTAS_ENAB</phrase>
+- SULOG_FILE SU_NAME
+- <phrase condition="no_pam">SU_WHEEL_ONLY</phrase>
+- SYSLOG_SU_ENAB
+- <phrase condition="no_pam">USERGROUPS_ENAB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry condition="no_pam">
+- <term>sulogin</term>
+- <listitem>
+- <para>
+- ENV_HZ
+- ENV_TZ
+- </para>
+- </listitem>
+- </varlistentry>
+ <varlistentry>
+ <term>useradd</term>
+ <listitem>
+@@ -505,24 +385,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>usermod</term>
+- <listitem>
+- <para>
+- LASTLOG_UID_MAX
+- MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP
+- <phrase condition="tcb">TCB_SYMLINKS USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry condition="tcb">
+- <term>vipw</term>
+- <listitem>
+- <para>
+- <phrase condition="tcb">USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+ </variablelist>
+ </refsect1>
+
+--
+2.44.0
+
diff --git a/srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch b/srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch
new file mode 100644
index 00000000000000..9f90710bcbb5ce
--- /dev/null
+++ b/srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch
@@ -0,0 +1,721 @@
+etc/pam.d/Makefile.am:
+Disable installation of PAM integration for chfn, chsh and login tools
+as they are provided by util-linux.
+
+man/Makefile.am, man/*/Makefile.am:
+Disable man pages for chfn, chsh, login, logoutd, newgrp, nologin, vigr,
+vipw and su as they are either no longer used or replaced by util-linux.
+
+src/Makefile.am:
+Set usbindir to use bin instead of sbin, as Void Linux is a /usr and bin
+merge distribution.
+Remove the use of login, nologin, chfn, chsh, logoutd, vipw and vigr, as
+they are either not used or replaced by util-linux.
+Move newgrp to replace sg (instead of it being a symlink).
+---
+ etc/pam.d/Makefile.am | 3 ---
+ man/Makefile.am | 20 +++-----------------
+ man/cs/Makefile.am | 8 ++------
+ man/da/Makefile.am | 8 +-------
+ man/de/Makefile.am | 11 +----------
+ man/fi/Makefile.am | 5 +----
+ man/fr/Makefile.am | 11 +----------
+ man/hu/Makefile.am | 6 +-----
+ man/id/Makefile.am | 2 --
+ man/it/Makefile.am | 11 +----------
+ man/ja/Makefile.am | 10 +---------
+ man/ko/Makefile.am | 8 +-------
+ man/pl/Makefile.am | 7 +------
+ man/ru/Makefile.am | 11 +----------
+ man/sv/Makefile.am | 8 +-------
+ man/tr/Makefile.am | 3 ---
+ man/uk/Makefile.am | 11 +----------
+ man/zh_CN/Makefile.am | 11 +----------
+ man/zh_TW/Makefile.am | 4 ----
+ src/Makefile.am | 18 +++++++-----------
+ 20 files changed, 25 insertions(+), 151 deletions(-)
+
+diff --git a/etc/pam.d/Makefile.am b/etc/pam.d/Makefile.am
+index b8e4321f..73d4554f 100644
+--- a/etc/pam.d/Makefile.am
++++ b/etc/pam.d/Makefile.am
+@@ -3,10 +3,7 @@
+
+ pamd_files = \
+ chpasswd \
+- chfn \
+- chsh \
+ groupmems \
+- login \
+ newusers \
+ passwd
+
+diff --git a/man/Makefile.am b/man/Makefile.am
+index cffef699..f57e476d 100644
+--- a/man/Makefile.am
++++ b/man/Makefile.am
+@@ -8,10 +8,8 @@ endif
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -26,12 +24,9 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
++ man8/lastlog.8 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -43,9 +38,7 @@ man_MANS = \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+@@ -77,10 +70,8 @@ endif
+
+ man_XMANS = \
+ chage.1.xml \
+- chfn.1.xml \
+ chgpasswd.8.xml \
+ chpasswd.8.xml \
+- chsh.1.xml \
+ expiry.1.xml \
+ faillog.5.xml \
+ faillog.8.xml \
+@@ -94,12 +85,9 @@ man_XMANS = \
+ grpck.8.xml \
+ gshadow.5.xml \
+ limits.5.xml \
+- login.1.xml \
+ login.access.5.xml \
+ login.defs.5.xml \
+- logoutd.8.xml \
+ newgidmap.1.xml \
+- newgrp.1.xml \
+ newuidmap.1.xml \
+ newusers.8.xml \
+ nologin.8.xml \
+@@ -111,14 +99,12 @@ man_XMANS = \
+ shadow.3.xml \
+ shadow.5.xml \
+ sg.1.xml \
+- su.1.xml \
+ suauth.5.xml \
+ subgid.5.xml \
+ subuid.5.xml \
+ useradd.8.xml \
+ userdel.8.xml \
+- usermod.8.xml \
+- vipw.8.xml
++ usermod.8.xml
+
+ if ENABLE_LASTLOG
+ man_XMANS += lastlog.8.xml
+diff --git a/man/cs/Makefile.am b/man/cs/Makefile.am
+index 84407d71..c5ef7cf5 100644
+--- a/man/cs/Makefile.am
++++ b/man/cs/Makefile.am
+@@ -12,11 +12,8 @@ man_MANS = \
+ man1/groups.1 \
+ man8/grpck.8 \
+ man5/gshadow.5 \
+- man8/nologin.8 \
+ man5/passwd.5 \
+- man5/shadow.5 \
+- man1/su.1 \
+- man8/vipw.8
++ man5/shadow.5
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+@@ -24,6 +21,5 @@ endif
+
+ EXTRA_DIST = $(man_MANS) \
+ man1/id.1 \
+- man8/groupmems.8 \
+- man8/logoutd.8
++ man8/groupmems.8
+
+diff --git a/man/da/Makefile.am b/man/da/Makefile.am
+index a3b09224..e45bef66 100644
+--- a/man/da/Makefile.am
++++ b/man/da/Makefile.am
+@@ -3,16 +3,10 @@ mandir = @mandir@/da
+
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = \
+- man1/chfn.1 \
+ man8/groupdel.8 \
+ man1/groups.1 \
+ man5/gshadow.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+- man8/nologin.8 \
+- man1/sg.1 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man1/sg.1
+
+ man_nopam =
+
+diff --git a/man/de/Makefile.am b/man/de/Makefile.am
+index 671432d3..333d5524 100644
+--- a/man/de/Makefile.am
++++ b/man/de/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/de
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/fi/Makefile.am b/man/fi/Makefile.am
+index 26a1a848..f02b92f3 100644
+--- a/man/fi/Makefile.am
++++ b/man/fi/Makefile.am
+@@ -1,10 +1,7 @@
+
+ mandir = @mandir@/fi
+
+-man_MANS = \
+- man1/chfn.1 \
+- man1/chsh.1 \
+- man1/su.1
++man_MANS =
+
+ # Outdated manpages
+ # passwd.1 (https://bugs.launchpad.net/ubuntu/+bug/384024)
+diff --git a/man/fr/Makefile.am b/man/fr/Makefile.am
+index 335e0298..9962c038 100644
+--- a/man/fr/Makefile.am
++++ b/man/fr/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/fr
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/hu/Makefile.am b/man/hu/Makefile.am
+index 205bb0a8..3d813179 100644
+--- a/man/hu/Makefile.am
++++ b/man/hu/Makefile.am
+@@ -2,15 +2,11 @@
+ mandir = @mandir@/hu
+
+ man_MANS = \
+- man1/chsh.1 \
+ man1/gpasswd.1 \
+ man1/groups.1 \
+- man1/login.1 \
+- man1/newgrp.1 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+- man1/sg.1 \
+- man1/su.1
++ man1/sg.1
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/id/Makefile.am b/man/id/Makefile.am
+index 21f3dbe9..6d10b930 100644
+--- a/man/id/Makefile.am
++++ b/man/id/Makefile.am
+@@ -2,8 +2,6 @@
+ mandir = @mandir@/id
+
+ man_MANS = \
+- man1/chsh.1 \
+- man1/login.1 \
+ man8/useradd.8
+
+ EXTRA_DIST = $(man_MANS)
+diff --git a/man/it/Makefile.am b/man/it/Makefile.am
+index b76187fa..1f62e20e 100644
+--- a/man/it/Makefile.am
++++ b/man/it/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/it
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/ja/Makefile.am b/man/ja/Makefile.am
+index 13f18da1..3401a085 100644
+--- a/man/ja/Makefile.am
++++ b/man/ja/Makefile.am
+@@ -3,9 +3,7 @@ mandir = @mandir@/ja
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -17,10 +15,7 @@ man_MANS = \
+ man8/grpck.8 \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+@@ -29,13 +24,10 @@ man_MANS = \
+ man8/pwunconv.8 \
+ man1/sg.1 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/ko/Makefile.am b/man/ko/Makefile.am
+index c269f0bb..9616cb3e 100644
+--- a/man/ko/Makefile.am
++++ b/man/ko/Makefile.am
+@@ -2,14 +2,8 @@
+ mandir = @mandir@/ko
+
+ man_MANS = \
+- man1/chfn.1 \
+- man1/chsh.1 \
+ man1/groups.1 \
+- man1/login.1 \
+- man5/passwd.5 \
+- man1/su.1 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man5/passwd.5
+ # newgrp.1 must be updated
+ # newgrp.1
+
+diff --git a/man/pl/Makefile.am b/man/pl/Makefile.am
+index b2f096f7..00817d37 100644
+--- a/man/pl/Makefile.am
++++ b/man/pl/Makefile.am
+@@ -4,7 +4,6 @@ mandir = @mandir@/pl
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = \
+ man1/chage.1 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -15,14 +14,10 @@ man_MANS = \
+ man8/groupmod.8 \
+ man1/groups.1 \
+ man8/grpck.8 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/ru/Makefile.am b/man/ru/Makefile.am
+index 84d55d9e..b65f4881 100644
+--- a/man/ru/Makefile.am
++++ b/man/ru/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/ru
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/sv/Makefile.am b/man/sv/Makefile.am
+index 70329edf..58fa80e5 100644
+--- a/man/sv/Makefile.am
++++ b/man/sv/Makefile.am
+@@ -3,7 +3,6 @@ mandir = @mandir@/sv
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = \
+ man1/chage.1 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -15,18 +14,13 @@ man_MANS = \
+ man1/groups.1 \
+ man8/grpck.8 \
+ man5/gshadow.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/suauth.5 \
+- man8/userdel.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/userdel.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/tr/Makefile.am b/man/tr/Makefile.am
+index 8d8b9166..4fe3632a 100644
+--- a/man/tr/Makefile.am
++++ b/man/tr/Makefile.am
+@@ -2,15 +2,12 @@ mandir = @mandir@/tr
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/groupadd.8 \
+ man8/groupdel.8 \
+ man8/groupmod.8 \
+- man1/login.1 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+ man8/usermod.8
+diff --git a/man/uk/Makefile.am b/man/uk/Makefile.am
+index 3fb5ffb3..e13c8fee 100644
+--- a/man/uk/Makefile.am
++++ b/man/uk/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/uk
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/zh_CN/Makefile.am b/man/zh_CN/Makefile.am
+index a8b93a56..42ad764d 100644
+--- a/man/zh_CN/Makefile.am
++++ b/man/zh_CN/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/zh_CN
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/zh_TW/Makefile.am b/man/zh_TW/Makefile.am
+index c36ed2c7..26696b67 100644
+--- a/man/zh_TW/Makefile.am
++++ b/man/zh_TW/Makefile.am
+@@ -2,15 +2,11 @@
+ mandir = @mandir@/zh_TW
+
+ man_MANS = \
+- man1/chfn.1 \
+- man1/chsh.1 \
+ man8/chpasswd.8 \
+- man1/newgrp.1 \
+ man8/groupadd.8 \
+ man8/groupdel.8 \
+ man8/groupmod.8 \
+ man5/passwd.5 \
+- man1/su.1 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+ man8/usermod.8
+diff --git a/src/Makefile.am b/src/Makefile.am
+index b6cb09ef..bfe73b09 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -3,7 +3,7 @@ EXTRA_DIST = \
+ .indent.pro
+
+ ubindir = ${prefix}/bin
+-usbindir = ${prefix}/sbin
++usbindir = ${prefix}/bin
+ suidperms = 4755
+ sgidperms = 2755
+
+@@ -26,9 +26,9 @@ AM_CFLAGS = $(LIBBSD_CFLAGS)
+ # and installation would be much simpler (just two directories,
+ # $prefix/bin and $prefix/sbin, no install-data hacks...)
+
+-bin_PROGRAMS = groups login
+-sbin_PROGRAMS = nologin
+-ubin_PROGRAMS = faillog chage chfn chsh expiry gpasswd newgrp passwd
++bin_PROGRAMS = groups
++sbin_PROGRAMS =
++ubin_PROGRAMS = faillog lastlog chage expiry gpasswd newgrp passwd
+ if ENABLE_SUBIDS
+ ubin_PROGRAMS += newgidmap newuidmap
+ endif
+@@ -48,22 +48,20 @@ usbin_PROGRAMS = \
+ grpck \
+ grpconv \
+ grpunconv \
+- logoutd \
+ newusers \
+ pwck \
+ pwconv \
+ pwunconv \
+ useradd \
+ userdel \
+- usermod \
+- vipw
++ usermod
+
+ # id and groups are from gnu, sulogin from sysvinit
+ noinst_PROGRAMS = id sulogin
+
+ suidusbins =
+ suidbins =
+-suidubins = chage chfn chsh expiry gpasswd newgrp
++suidubins = chage expiry gpasswd newgrp
+ if WITH_SU
+ suidbins += su
+ endif
+@@ -135,18 +133,16 @@ sulogin_LDADD = $(LDADD) $(LIBCRYPT) $(LIBECONF)
+ useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl
+ userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF) -ldl
+ usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl
+-vipw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
+
+ install-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+- ln -sf newgrp $(DESTDIR)$(ubindir)/sg
+- ln -sf vipw $(DESTDIR)$(usbindir)/vigr
+ set -e; for i in $(suidbins); do \
+ chmod $(suidperms) $(DESTDIR)$(bindir)/$$i; \
+ done
+ set -e; for i in $(suidubins); do \
+ chmod $(suidperms) $(DESTDIR)$(ubindir)/$$i; \
+ done
++ mv -v $(DESTDIR)$(ubindir)/newgrp $(DESTDIR)$(ubindir)/sg
+ set -e; for i in $(suidusbins); do \
+ chmod $(suidperms) $(DESTDIR)$(usbindir)/$$i; \
+ done
+--
+2.44.0
+
diff --git a/srcpkgs/shadow/patches/disable-ruserok.patch b/srcpkgs/shadow/patches/disable-ruserok.patch
new file mode 100644
index 00000000000000..dcc1a9f72333c8
--- /dev/null
+++ b/srcpkgs/shadow/patches/disable-ruserok.patch
@@ -0,0 +1,12 @@
+--- a/configure
++++ b/configure
+@@ -15825,9 +15825,6 @@ if test "$ac_cv_func_ruserok" = "yes"; then
+
+ printf "%s\n" "#define RLOGIN 1" >>confdefs.h
+
+-
+-printf "%s\n" "#define RUSEROK 0" >>confdefs.h
+-
+ fi
+
+ # Check whether --enable-shadowgrp was given.
diff --git a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch b/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
deleted file mode 100644
index c5564fffdc3852..00000000000000
--- a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
+++ /dev/null
@@ -1,23 +0,0 @@
---- a/src/usermod.c 2012-02-13 08:19:43.792146449 -0500
-+++ b/src/usermod.c 2012-02-13 08:21:19.375114500 -0500
-@@ -182,7 +182,7 @@
- struct tm *tp;
-
- if (date < 0) {
-- strncpy (buf, "never", maxsize);
-+ strncpy (buf, "never", maxsize - 1);
- } else {
- time_t t = (time_t) date;
- tp = gmtime (&t);
---- a/src/login.c 2012-02-13 08:19:50.951994454 -0500
-+++ b/src/login.c 2012-02-13 08:21:04.490430937 -0500
-@@ -752,7 +752,8 @@
- _("%s login: "), hostn);
- } else {
- strncpy (loginprompt, _("login: "),
-- sizeof (loginprompt));
-+ sizeof (loginprompt) - 1);
-+ loginprompt[sizeof (loginprompt) - 1] = '\0';
- }
-
- retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
diff --git a/srcpkgs/shadow/patches/useradd-defaults.patch b/srcpkgs/shadow/patches/useradd-defaults.patch
new file mode 100644
index 00000000000000..38035df40cfcab
--- /dev/null
+++ b/srcpkgs/shadow/patches/useradd-defaults.patch
@@ -0,0 +1,21 @@
+diff --git a/src/useradd.c b/src/useradd.c
+index 677ea5a636f..49f55211a17 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -87,14 +87,14 @@ const char *Prog;
+ /*
+ * These defaults are used if there is no defaults file.
+ */
+-static gid_t def_group = 1000;
++static gid_t def_group = 100;
+ static const char *def_groups = "";
+ static const char *def_gname = "other";
+ static const char *def_home = "/home";
+ static const char *def_shell = "/bin/bash";
+ static const char *def_template = SKEL_DIR;
+ static const char *def_usrtemplate = USRSKELDIR;
+-static const char *def_create_mail_spool = "yes";
++static const char *def_create_mail_spool = "no";
+ static const char *def_log_init = "yes";
+
+ static long def_inactive = -1;
diff --git a/srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch b/srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch
new file mode 100644
index 00000000000000..fc0f5aa6eb1e93
--- /dev/null
+++ b/srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch
@@ -0,0 +1,43 @@
+etc/login.defs:
+- Change `ENV_SUPATH` and `ENV_SUPATH` to only use
+ /usr/local/sbin:/usr/local/bin:/usr/bin as Void is a /usr and
+ bin merge distribution.
+- Set `HOME_MODE` to `0700` to be able to rely on a `UMASK` of `022`
+ while creating home directories in a privacy conserving manner.
+- Change ENCRYPT_METHOD to YESCRYPT as it is a safer hashing algorithm
+ than DES.
+---
+
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -55,8 +55,8 @@ HUSHLOGIN_FILE .hushlogin
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+ # (they are minimal, add the rest in the shell startup files)
+-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
+-ENV_PATH PATH=/bin:/usr/bin
++ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
++ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+
+ #
+ # Terminal permissions
+@@ -84,7 +84,7 @@ UMASK 022
+ # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+ # home directories.
+ # If HOME_MODE is not set, the value of UMASK is used to create the mode.
+-#HOME_MODE 0700
++HOME_MODE 0700
+
+ #
+ # Password aging controls:
+@@ -152,7 +152,7 @@ CHFN_RESTRICT rwh
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+-#ENCRYPT_METHOD DES
++ENCRYPT_METHOD YESCRYPT
+
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+--
+2.44.0
diff --git a/srcpkgs/shadow/template b/srcpkgs/shadow/template
index c7ece33540c9a0..7d1bedf714edad 100644
--- a/srcpkgs/shadow/template
+++ b/srcpkgs/shadow/template
@@ -1,45 +1,52 @@
# Template file for 'shadow'
pkgname=shadow
-version=4.8.1
-revision=3
+version=4.15.0
+revision=1
build_style=gnu-configure
-configure_args="--bindir=/usr/bin --sbindir=/usr/bin
- --enable-shared --disable-static
- --with-libpam --without-selinux --with-acl --with-attr --without-su
- --disable-nls --enable-subordinate-ids --disable-account-tools-setuid
- --with-group-name-max-length=32"
-hostmakedepends="libtool"
-makedepends="acl-devel pam-devel"
+configure_args="--bindir=/usr/bin --sbindir=/usr/bin --libdir=/usr/lib
+ --enable-shared --disable-static --enable-lastlog --with-libpam
+ --with-yescrypt --without-selinux --with-acl --with-attr --without-su
+ --disable-nls --without-bcrypt --enable-subordinate-ids
+ --disable-account-tools-setuid --with-group-name-max-length=32"
+hostmakedepends="libtool pkg-config"
+makedepends="acl-devel pam-devel libbsd-devel"
depends="pam"
short_desc="Shadow password file utilities"
maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://github.com/shadow-maint/shadow"
distfiles="${homepage}/releases/download/${version}/shadow-${version}.tar.xz"
-checksum=a3ad4630bdc41372f02a647278a8c3514844295d36eefe68ece6c3a641c1ae62
-conf_files="/etc/pam.d/* /etc/default/* /etc/login.defs"
+checksum=e2e22c1b2a6241c9ed828387f1065b7eaa2e87c3d221550d1575cf6a35247c0d
+conf_files="
+ /etc/pam.d/chage
+ /etc/pam.d/chgpasswd
+ /etc/pam.d/chpasswd
+ /etc/pam.d/groupadd
+ /etc/pam.d/groupdel
+ /etc/pam.d/groupmems
+ /etc/pam.d/groupmod
+ /etc/pam.d/newusers
+ /etc/pam.d/passwd
+ /etc/pam.d/useradd
+ /etc/pam.d/userdel
+ /etc/pam.d/usermod"
if [ "$XBPS_TARGET_LIBC" = "glibc" ]; then
makedepends+=" libxcrypt-devel"
fi
-pre_configure() {
- case "$XBPS_TARGET_MACHINE" in
- # Completely disable unportable ruserok().
- *-musl) sed '/RUSEROK/d' -i configure;;
- esac
-}
-
do_build() {
# Don't install groups(1), we use the one from coreutils.
- sed -i 's/groups$(EXEEXT) //' src/Makefile
- for f in $(find man -name Makefile); do
+ sed -i 's/groups$(EXEEXT) //' src/Makefile.in
+ for f in $(find man -name Makefile.in); do
sed -i 's/groups\.1 / /' $f
done
make ${makejobs}
}
post_install() {
+ make -C man DESTDIR="$DESTDIR" install-man
+
mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin
# Install our pam files not the ones supplied with shadow.
@@ -51,14 +58,6 @@ post_install() {
groupmod newusers useradd userdel usermod; do
install -m644 $DESTDIR/etc/pam.d/chage $DESTDIR/etc/pam.d/${f}
done
- install -m644 ${FILESDIR}/login.defs ${DESTDIR}/etc
-
- # Disable creating mailbox files by default.
- sed -i -e 's/yes/no/' $DESTDIR/etc/default/useradd
- # Change default group to the users gid (100).
- sed -i -e 's/^\(GROUP\)=\(.*\)$/\1=100/' ${DESTDIR}/etc/default/useradd
-
- chmod 644 ${DESTDIR}/etc/default/useradd
# Install the cron daily job.
install -Dm744 ${FILESDIR}/shadow.cron-daily \
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR PATCH] [Updated] shadow: update to 4.14.5.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (48 preceding siblings ...)
2024-03-22 19:05 ` dataCobra
@ 2024-03-22 19:09 ` dataCobra
2024-03-22 22:52 ` shadow: update to 4.15.0 dkwo
` (19 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-03-22 19:09 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 674 bytes --]
There is an updated pull request by dataCobra against master on the void-packages repository
https://github.com/dataCobra/void-packages shadow
https://github.com/void-linux/void-packages/pull/48813
shadow: update to 4.14.5.
#### Testing the changes
- I tested the changes in this PR: **YES**
#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- x86_64-musl
- i686
I welcome everyone to test this version. Maybe also on a new installation.
A patch file from https://github.com/void-linux/void-packages/pull/48813.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-shadow-48813.patch --]
[-- Type: text/x-diff, Size: 52790 bytes --]
From d3597add34e7fe5b36fedf4bcbd5f19169e40347 Mon Sep 17 00:00:00 2001
From: dataCobra <datacobra@thinkbot.de>
Date: Fri, 22 Mar 2024 20:09:16 +0100
Subject: [PATCH] shadow: update to 4.15.0.
---
common/shlibs | 1 +
srcpkgs/shadow/files/login.defs | 87 ---
...pt-login.defs-for-PAM-and-util-linux.patch | 694 +++++++++++++++++
...-tools-their-man-pages-and-PAM-integ.patch | 721 ++++++++++++++++++
srcpkgs/shadow/patches/disable-ruserok.patch | 12 +
.../shadow/patches/shadow-strncpy-usage.patch | 23 -
srcpkgs/shadow/patches/useradd-defaults.patch | 21 +
.../void-linux-defaults-for-login.defs.patch | 43 ++
srcpkgs/shadow/patches/xstrdup.patch | 9 -
srcpkgs/shadow/template | 55 +-
10 files changed, 1519 insertions(+), 147 deletions(-)
delete mode 100644 srcpkgs/shadow/files/login.defs
create mode 100644 srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch
create mode 100644 srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch
create mode 100644 srcpkgs/shadow/patches/disable-ruserok.patch
delete mode 100644 srcpkgs/shadow/patches/shadow-strncpy-usage.patch
create mode 100644 srcpkgs/shadow/patches/useradd-defaults.patch
create mode 100644 srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch
delete mode 100644 srcpkgs/shadow/patches/xstrdup.patch
diff --git a/common/shlibs b/common/shlibs
index 9ca4502a01c4a7..19cfecbfc45cdf 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -4302,3 +4302,4 @@ libunicode_loader.so.0.4 libunicode-0.4.0_1
force-stage.so.0.1 void-force-stage-0.1_1
libliftoff.so.0 libliftoff-0.4.1_1
libscfg.so libscfg-0.1.1_1
+libsubid.so.4 shadow-4.14.5_1
diff --git a/srcpkgs/shadow/files/login.defs b/srcpkgs/shadow/files/login.defs
deleted file mode 100644
index 350764846af4b0..00000000000000
--- a/srcpkgs/shadow/files/login.defs
+++ /dev/null
@@ -1,87 +0,0 @@
-# Configuration file for login(1). For more information see
-# login.defs(5).
-
-# Directory where mailboxes reside, _or_ name of file, relative to the
-# home directory. If you do define both, MAIL_DIR takes precedence.
-#
-MAIL_DIR /var/mail
-#MAIL_FILE .mail
-
-# Password aging controls:
-#
-# PASS_MAX_DAYS Maximum number of days a password may be used.
-# PASS_MIN_DAYS Minimum number of days allowed between password changes.
-# PASS_MIN_LEN Minimum acceptable password length.
-# PASS_WARN_AGE Number of days warning given before a password expires.
-PASS_MAX_DAYS 99999
-PASS_MIN_DAYS 0
-PASS_WARN_AGE 7
-
-# Min/max values for automatic uid selection in useradd
-UID_MIN 1000
-UID_MAX 60000
-# System accounts
-SYS_UID_MIN 100
-SYS_UID_MAX 999
-
-# Min/max values for automatic gid selection in groupadd
-GID_MIN 1000
-GID_MAX 60000
-# System accounts
-SYS_GID_MIN 100
-SYS_GID_MAX 999
-
-# If useradd should create home directories for users by default
-CREATE_HOME yes
-
-# This enables userdel to remove user groups if no members exist.
-USERGROUPS_ENAB yes
-
-# Disable MOTD_FILE (empty); use pam_motd(8) instead.
-MOTD_FILE
-
-
-# If defined, either full pathname of a file containing device names or
-# a ":" delimited list of device names. Root logins will be allowed only
-# upon these devices.
-#
-CONSOLE /etc/securetty
-
-# Terminal permissions
-#
-# TTYGROUP Login tty will be assigned this group ownership.
-# TTYPERM Login tty will be set to this permission.
-#
-# If you have a "write" program which is "setgid" to a special group
-# which owns the terminals, define TTYGROUP to the group number and
-# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
-# TTYPERM to either 622 or 600.
-#
-TTYGROUP tty
-TTYPERM 0600
-
-# Login configuration initializations:
-#
-# ERASECHAR Terminal ERASE character ('\010' = backspace).
-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
-# UMASK Default "umask" value.
-#
-# The ERASECHAR and KILLCHAR are used only on System V machines.
-# The ULIMIT is used only if the system supports it.
-# (now it works with setrlimit too; ulimit is in 512-byte units)
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
-ERASECHAR 0177
-KILLCHAR 025
-UMASK 022
-HOME_MODE 0700
-
-# Max number of login retries if password is bad
-#
-LOGIN_RETRIES 5
-
-#
-# Max time in seconds for login
-#
-LOGIN_TIMEOUT 60
diff --git a/srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch b/srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch
new file mode 100644
index 00000000000000..3a0e99134c533d
--- /dev/null
+++ b/srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch
@@ -0,0 +1,694 @@
+etc/login.defs:
+Remove unused login.defs options, that are either irrelevant due to the
+use of PAM or because the util-linux version of a binary does not
+support them.
+Modify all options that are ignored when using PAM, but are supported by
+util-linux.
+
+Removed options because they are part of PAMDEFS (options in PAMDEFS are
+options silently ignored by shadow when built with PAM enabled):
+* CHFN_AUTH
+* CRACKLIB_DICTPATH
+* ENV_HZ
+* ENVIRON_FILE
+* ENV_TZ
+* FAILLOG_ENAB
+* FTMP_FILE
+* ISSUE_FILE
+* LASTLOG_ENAB
+* LOGIN_STRING
+* MAIL_CHECK_ENAB
+* NOLOGINS_FILE
+* OBSCURE_CHECKS_ENAB
+* PASS_ALWAYS_WARN
+* PASS_CHANGE_TRIES
+* PASS_MAX_LEN
+* PASS_MIN_LEN
+* PORTTIME_CHECKS_ENAB
+* QUOTAS_ENAB
+* SU_WHEEL_ONLY
+* SYSLOG_SU_ENAB
+* ULIMIT
+
+Removed options because they are not availablbe with PAM enabled:
+* BCRYPT_MIN_ROUNDS
+* BCRYPT_MAX_ROUNDS
+* CONSOLE_GROUPS
+* CONSOLE
+* MD5_CRYPT_ENAB
+* PREVENT_NO_AUTH
+
+Removed encryption methods (`ENCRYPT_METHOD`), because they are unsafe
+or not available with PAM:
+* BCRYPT
+* MD5
+
+Removed options because they are not supported by login from util-linux:
+* ERASECHAR
+* KILLCHAR
+* LOG_OK_LOGINS
+* TTYTYPE_FILE
+
+Removed options because they are not supported by su from util-linux:
+* SULOG_FILE
+* SU_NAME
+
+Adapted options because they are in PAMDEFS but are supported by login
+from util-linux:
+* MOTD_FILE
+
+man/login.defs.5.xml:
+Remove unavailable options from man 5 login.defs.
+---
+ etc/login.defs | 223 +------------------------------------------
+ man/login.defs.5.xml | 148 +---------------------------
+ 2 files changed, 8 insertions(+), 363 deletions(-)
+
+diff --git a/etc/login.defs b/etc/login.defs
+index 33622c29..797ca6b3 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -3,6 +3,8 @@
+ #
+ # $Id$
+ #
++# NOTE: This file is adapted for the use on Void Linux!
++# Unsupported options due to the use of util-linux or PAM are removed.
+
+ #
+ # Delay in seconds before being allowed another attempt after a login failure
+@@ -11,26 +13,11 @@
+ #
+ FAIL_DELAY 3
+
+-#
+-# Enable logging and display of /var/log/faillog login(1) failure info.
+-#
+-FAILLOG_ENAB yes
+-
+ #
+ # Enable display of unknown usernames when login(1) failures are recorded.
+ #
+ LOG_UNKFAIL_ENAB no
+
+-#
+-# Enable logging of successful logins
+-#
+-LOG_OK_LOGINS no
+-
+-#
+-# Enable logging and display of /var/log/lastlog login(1) time info.
+-#
+-LASTLOG_ENAB yes
+-
+ #
+ # Limit the highest user ID number for which the lastlog entries should
+ # be updated.
+@@ -40,88 +27,13 @@ LASTLOG_ENAB yes
+ #
+ #LASTLOG_UID_MAX
+
+-#
+-# Enable checking and display of mailbox status upon login.
+-#
+-# Disable if the shell startup files already check for mail
+-# ("mailx -e" or equivalent).
+-#
+-MAIL_CHECK_ENAB yes
+-
+-#
+-# Enable additional checks upon password changes.
+-#
+-OBSCURE_CHECKS_ENAB yes
+-
+-#
+-# Enable checking of time restrictions specified in /etc/porttime.
+-#
+-PORTTIME_CHECKS_ENAB yes
+-
+-#
+-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
+-#
+-QUOTAS_ENAB yes
+-
+-#
+-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
+-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
+-#
+-SYSLOG_SU_ENAB yes
+-SYSLOG_SG_ENAB yes
+-
+-#
+-# If defined, either full pathname of a file containing device names or
+-# a ":" delimited list of device names. Root logins will be allowed only
+-# from these devices.
+-#
+-CONSOLE /etc/securetty
+-#CONSOLE console:tty01:tty02:tty03:tty04
+-
+-#
+-# If defined, all su(1) activity is logged to this file.
+-#
+-#SULOG_FILE /var/log/sulog
+-
+ #
+ # If defined, ":" delimited list of "message of the day" files to
+ # be displayed upon login.
+ #
+-MOTD_FILE /etc/motd
++MOTD_FILE
+ #MOTD_FILE /etc/motd:/usr/lib/news/news-motd
+
+-#
+-# If defined, this file will be output before each login(1) prompt.
+-#
+-#ISSUE_FILE /etc/issue
+-
+-#
+-# If defined, file which maps tty line to TERM environment parameter.
+-# Each line of the file is in a format similar to "vt100 tty01".
+-#
+-#TTYTYPE_FILE /etc/ttytype
+-
+-#
+-# If defined, login(1) failures will be logged here in a utmp format.
+-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
+-#
+-FTMP_FILE /var/log/btmp
+-
+-#
+-# If defined, name of file whose presence will inhibit non-root
+-# logins. The content of this file should be a message indicating
+-# why logins are inhibited.
+-#
+-NOLOGINS_FILE /etc/nologin
+-
+-#
+-# If defined, the command name to display when running "su -". For
+-# example, if this is defined as "su" then ps(1) will display the
+-# command as "-su". If not defined, then ps(1) will display the
+-# name of the shell actually being run, e.g. something like "-sh".
+-#
+-SU_NAME su
+-
+ #
+ # *REQUIRED*
+ # Directory where mailboxes reside, _or_ name of file, relative to the
+@@ -139,21 +51,6 @@ MAIL_DIR /var/spool/mail
+ HUSHLOGIN_FILE .hushlogin
+ #HUSHLOGIN_FILE /etc/hushlogins
+
+-#
+-# If defined, either a TZ environment parameter spec or the
+-# fully-rooted pathname of a file containing such a spec.
+-#
+-#ENV_TZ TZ=CST6CDT
+-#ENV_TZ /etc/tzname
+-
+-#
+-# If defined, an HZ environment parameter spec.
+-#
+-# for Linux/x86
+-ENV_HZ HZ=100
+-# For Linux/Alpha...
+-#ENV_HZ HZ=1024
+-
+ #
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+@@ -175,23 +72,6 @@ ENV_PATH PATH=/bin:/usr/bin
+ TTYGROUP tty
+ TTYPERM 0600
+
+-#
+-# Login configuration initializations:
+-#
+-# ERASECHAR Terminal ERASE character ('\010' = backspace).
+-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
+-# ULIMIT Default "ulimit" value.
+-#
+-# The ERASECHAR and KILLCHAR are used only on System V machines.
+-# The ULIMIT is used only if the system supports it.
+-# (now it works with setrlimit too; ulimit is in 512-byte units)
+-#
+-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+-#
+-ERASECHAR 0177
+-KILLCHAR 025
+-#ULIMIT 2097152
+-
+ # Default initial "umask" value used by login(1) on non-PAM enabled systems.
+ # Default "umask" value for pam_umask(8) on PAM enabled systems.
+ # UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+@@ -211,22 +91,12 @@ UMASK 022
+ #
+ # PASS_MAX_DAYS Maximum number of days a password may be used.
+ # PASS_MIN_DAYS Minimum number of days allowed between password changes.
+-# PASS_MIN_LEN Minimum acceptable password length.
+ # PASS_WARN_AGE Number of days warning given before a password expires.
+ #
+ PASS_MAX_DAYS 99999
+ PASS_MIN_DAYS 0
+-PASS_MIN_LEN 5
+ PASS_WARN_AGE 7
+
+-#
+-# If "yes", the user must be listed as a member of the first gid 0 group
+-# in /etc/group (called "root" on most Linux systems) to be able to "su"
+-# to uid 0 accounts. If the group doesn't exist or is empty, no one
+-# will be able to "su" to uid 0.
+-#
+-SU_WHEEL_ONLY no
+-
+ #
+ # Min/max values for automatic uid selection in useradd(8)
+ #
+@@ -263,28 +133,6 @@ LOGIN_RETRIES 5
+ #
+ LOGIN_TIMEOUT 60
+
+-#
+-# Maximum number of attempts to change password if rejected (too easy)
+-#
+-PASS_CHANGE_TRIES 5
+-
+-#
+-# Warn about weak passwords (but still allow them) if you are root.
+-#
+-PASS_ALWAYS_WARN yes
+-
+-#
+-# Number of significant characters in the password for crypt().
+-# Default is 8, don't change unless your crypt() is better.
+-# Ignored if MD5_CRYPT_ENAB set to "yes".
+-#
+-#PASS_MAX_LEN 8
+-
+-#
+-# Require password before chfn(1)/chsh(1) can make any changes.
+-#
+-CHFN_AUTH yes
+-
+ #
+ # Which fields may be changed by regular users using chfn(1) - use
+ # any combination of letters "frwh" (full name, room number, work
+@@ -293,38 +141,13 @@ CHFN_AUTH yes
+ #
+ CHFN_RESTRICT rwh
+
+-#
+-# Password prompt (%s will be replaced by user name).
+-#
+-# XXX - it doesn't work correctly yet, for now leave it commented out
+-# to use the default which is just "Password: ".
+-#LOGIN_STRING "%s's Password: "
+-
+-#
+-# Only works if compiled with MD5_CRYPT defined:
+-# If set to "yes", new passwords will be encrypted using the MD5-based
+-# algorithm compatible with the one used by recent releases of FreeBSD.
+-# It supports passwords of unlimited length and longer salt strings.
+-# Set to "no" if you need to copy encrypted passwords to other systems
+-# which don't understand the new algorithm. Default is "no".
+-#
+-# Note: If you use PAM, it is recommended to use a value consistent with
+-# the PAM modules configuration.
+-#
+-# This variable is deprecated. You should use ENCRYPT_METHOD instead.
+-#
+-#MD5_CRYPT_ENAB no
+-
+ #
+ # Only works if compiled with ENCRYPTMETHOD_SELECT defined:
+-# If set to MD5, MD5-based algorithm will be used for encrypting password
+ # If set to SHA256, SHA256-based algorithm will be used for encrypting password
+ # If set to SHA512, SHA512-based algorithm will be used for encrypting password
+-# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
+ # If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
+ # If set to DES, DES-based algorithm will be used for encrypting password (default)
+ # MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
+-# Overrides the MD5_CRYPT_ENAB option
+ #
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+@@ -348,21 +171,6 @@ CHFN_RESTRICT rwh
+ #SHA_CRYPT_MIN_ROUNDS 5000
+ #SHA_CRYPT_MAX_ROUNDS 5000
+
+-#
+-# Only works if ENCRYPT_METHOD is set to BCRYPT.
+-#
+-# Define the number of BCRYPT rounds.
+-# With a lot of rounds, it is more difficult to brute-force the password.
+-# However, more CPU resources will be needed to authenticate users if
+-# this value is increased.
+-#
+-# If not specified, 13 rounds will be attempted.
+-# If only one of the MIN or MAX values is set, then this value will be used.
+-# If MIN > MAX, the highest value will be used.
+-#
+-#BCRYPT_MIN_ROUNDS 13
+-#BCRYPT_MAX_ROUNDS 13
+-
+ #
+ # Only works if ENCRYPT_METHOD is set to YESCRYPT.
+ #
+@@ -376,17 +184,6 @@ CHFN_RESTRICT rwh
+ #
+ #YESCRYPT_COST_FACTOR 5
+
+-#
+-# List of groups to add to the user's supplementary group set
+-# when logging in from the console (as determined by the CONSOLE
+-# setting). Default is none.
+-#
+-# Use with caution - it is possible for users to gain permanent
+-# access to these groups, even when not logged in from the console.
+-# How to do it is left as an exercise for the reader...
+-#
+-#CONSOLE_GROUPS floppy:audio:cdrom
+-
+ #
+ # Should login be allowed if we can't cd to the home directory?
+ # Default is no.
+@@ -401,12 +198,6 @@ DEFAULT_HOME yes
+ #
+ NONEXISTENT /nonexistent
+
+-#
+-# If this file exists and is readable, login environment will be
+-# read from it. Every line should be in the form name=value.
+-#
+-ENVIRON_FILE /etc/environment
+-
+ #
+ # If defined, this command is run when removing a user.
+ # It should remove any at/cron/print jobs etc. owned by
+@@ -454,14 +245,6 @@ USERGROUPS_ENAB yes
+ #
+ #GRANT_AUX_GROUP_SUBIDS yes
+
+-#
+-# Prevents an empty password field to be interpreted as "no authentication
+-# required".
+-# Set to "yes" to prevent for all accounts
+-# Set to "superuser" to prevent for UID 0 / root (default)
+-# Set to "no" to not prevent for any account (dangerous, historical default)
+-PREVENT_NO_AUTH superuser
+-
+ #
+ # Select the HMAC cryptography algorithm.
+ # Used in pam_timestamp module to calculate the keyed-hash message
+diff --git a/man/login.defs.5.xml b/man/login.defs.5.xml
+index 05ef5125..1ddf537e 100644
+--- a/man/login.defs.5.xml
++++ b/man/login.defs.5.xml
+@@ -7,70 +7,38 @@
+ -->
+ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+-<!ENTITY BCRYPT_MIN_ROUNDS SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
+-<!ENTITY CHFN_AUTH SYSTEM "login.defs.d/CHFN_AUTH.xml">
+ <!ENTITY CHFN_RESTRICT SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
+-<!ENTITY CHSH_AUTH SYSTEM "login.defs.d/CHSH_AUTH.xml">
+-<!ENTITY CONSOLE SYSTEM "login.defs.d/CONSOLE.xml">
+-<!ENTITY CONSOLE_GROUPS SYSTEM "login.defs.d/CONSOLE_GROUPS.xml">
+ <!ENTITY CREATE_HOME SYSTEM "login.defs.d/CREATE_HOME.xml">
+ <!ENTITY DEFAULT_HOME SYSTEM "login.defs.d/DEFAULT_HOME.xml">
+ <!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
+-<!ENTITY ENV_HZ SYSTEM "login.defs.d/ENV_HZ.xml">
+ <!ENTITY ENV_PATH SYSTEM "login.defs.d/ENV_PATH.xml">
+ <!ENTITY ENV_SUPATH SYSTEM "login.defs.d/ENV_SUPATH.xml">
+-<!ENTITY ENV_TZ SYSTEM "login.defs.d/ENV_TZ.xml">
+-<!ENTITY ENVIRON_FILE SYSTEM "login.defs.d/ENVIRON_FILE.xml">
+-<!ENTITY ERASECHAR SYSTEM "login.defs.d/ERASECHAR.xml">
+ <!ENTITY FAIL_DELAY SYSTEM "login.defs.d/FAIL_DELAY.xml">
+-<!ENTITY FAILLOG_ENAB SYSTEM "login.defs.d/FAILLOG_ENAB.xml">
+-<!ENTITY FAKE_SHELL SYSTEM "login.defs.d/FAKE_SHELL.xml">
+-<!ENTITY FTMP_FILE SYSTEM "login.defs.d/FTMP_FILE.xml">
+ <!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
+ <!ENTITY HMAC_CRYPTO_ALGO SYSTEM "login.defs.d/HMAC_CRYPTO_ALGO.xml">
+ <!ENTITY HOME_MODE SYSTEM "login.defs.d/HOME_MODE.xml">
+ <!ENTITY HUSHLOGIN_FILE SYSTEM "login.defs.d/HUSHLOGIN_FILE.xml">
+-<!ENTITY ISSUE_FILE SYSTEM "login.defs.d/ISSUE_FILE.xml">
+-<!ENTITY KILLCHAR SYSTEM "login.defs.d/KILLCHAR.xml">
+-<!ENTITY LASTLOG_ENAB SYSTEM "login.defs.d/LASTLOG_ENAB.xml">
+ <!ENTITY LASTLOG_UID_MAX SYSTEM "login.defs.d/LASTLOG_UID_MAX.xml">
+-<!ENTITY LOG_OK_LOGINS SYSTEM "login.defs.d/LOG_OK_LOGINS.xml">
+ <!ENTITY LOG_UNKFAIL_ENAB SYSTEM "login.defs.d/LOG_UNKFAIL_ENAB.xml">
+ <!ENTITY LOGIN_RETRIES SYSTEM "login.defs.d/LOGIN_RETRIES.xml">
+-<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
+ <!ENTITY LOGIN_TIMEOUT SYSTEM "login.defs.d/LOGIN_TIMEOUT.xml">
+-<!ENTITY MAIL_CHECK_ENAB SYSTEM "login.defs.d/MAIL_CHECK_ENAB.xml">
+ <!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
+ <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
+-<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
+ <!ENTITY MOTD_FILE SYSTEM "login.defs.d/MOTD_FILE.xml">
+-<!ENTITY NOLOGINS_FILE SYSTEM "login.defs.d/NOLOGINS_FILE.xml">
+ <!ENTITY NONEXISTENT SYSTEM "login.defs.d/NONEXISTENT.xml">
+-<!ENTITY OBSCURE_CHECKS_ENAB SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
+-<!ENTITY PASS_ALWAYS_WARN SYSTEM "login.defs.d/PASS_ALWAYS_WARN.xml">
+-<!ENTITY PASS_CHANGE_TRIES SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
+-<!ENTITY PASS_MAX_LEN SYSTEM "login.defs.d/PASS_MAX_LEN.xml">
+ <!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
+ <!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
+ <!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
+-<!ENTITY PORTTIME_CHECKS_ENAB SYSTEM "login.defs.d/PORTTIME_CHECKS_ENAB.xml">
+-<!ENTITY QUOTAS_ENAB SYSTEM "login.defs.d/QUOTAS_ENAB.xml">
+ <!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+-<!ENTITY SULOG_FILE SYSTEM "login.defs.d/SULOG_FILE.xml">
+-<!ENTITY SU_NAME SYSTEM "login.defs.d/SU_NAME.xml">
+-<!ENTITY SU_WHEEL_ONLY SYSTEM "login.defs.d/SU_WHEEL_ONLY.xml">
+ <!ENTITY SUB_GID_COUNT SYSTEM "login.defs.d/SUB_GID_COUNT.xml">
+ <!ENTITY SUB_UID_COUNT SYSTEM "login.defs.d/SUB_UID_COUNT.xml">
+ <!ENTITY SYS_GID_MAX SYSTEM "login.defs.d/SYS_GID_MAX.xml">
+ <!ENTITY SYSLOG_SG_ENAB SYSTEM "login.defs.d/SYSLOG_SG_ENAB.xml">
+-<!ENTITY SYSLOG_SU_ENAB SYSTEM "login.defs.d/SYSLOG_SU_ENAB.xml">
+ <!ENTITY SYS_UID_MAX SYSTEM "login.defs.d/SYS_UID_MAX.xml">
+ <!ENTITY TCB_AUTH_GROUP SYSTEM "login.defs.d/TCB_AUTH_GROUP.xml">
+ <!ENTITY TCB_SYMLINKS SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
+ <!ENTITY TTYGROUP SYSTEM "login.defs.d/TTYGROUP.xml">
+-<!ENTITY TTYTYPE_FILE SYSTEM "login.defs.d/TTYTYPE_FILE.xml">
+ <!ENTITY UID_MAX SYSTEM "login.defs.d/UID_MAX.xml">
+-<!ENTITY ULIMIT SYSTEM "login.defs.d/ULIMIT.xml">
+ <!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
+ <!ENTITY USERDEL_CMD SYSTEM "login.defs.d/USERDEL_CMD.xml">
+ <!ENTITY USERGROUPS_ENAB SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
+@@ -147,48 +115,25 @@
+ <para>The following configuration items are provided:</para>
+
+ <variablelist remap='IP'>
+- &BCRYPT_MIN_ROUNDS; <!-- documents also BCRYPT_MAX_ROUNDS -->
+- &CHFN_AUTH;
+ &CHFN_RESTRICT;
+- &CHSH_AUTH;
+- &CONSOLE;
+- &CONSOLE_GROUPS;
+ &CREATE_HOME;
+ &DEFAULT_HOME;
+ &ENCRYPT_METHOD;
+- &ENV_HZ;
+ &ENV_PATH;
+ &ENV_SUPATH;
+- &ENV_TZ;
+- &ENVIRON_FILE;
+- &ERASECHAR;
+ &FAIL_DELAY;
+- &FAILLOG_ENAB;
+- &FAKE_SHELL;
+- &FTMP_FILE;
+ &GID_MAX; <!-- documents also GID_MIN -->
+ &HMAC_CRYPTO_ALGO;
+ &HOME_MODE;
+ &HUSHLOGIN_FILE;
+- &ISSUE_FILE;
+- &KILLCHAR;
+- &LASTLOG_ENAB;
+ &LASTLOG_UID_MAX;
+- &LOG_OK_LOGINS;
+ &LOG_UNKFAIL_ENAB;
+ &LOGIN_RETRIES;
+- &LOGIN_STRING;
+ &LOGIN_TIMEOUT;
+- &MAIL_CHECK_ENAB;
+ &MAIL_DIR;
+ &MAX_MEMBERS_PER_GROUP;
+- &MD5_CRYPT_ENAB;
+ &MOTD_FILE;
+- &NOLOGINS_FILE;
+ &NONEXISTENT;
+- &OBSCURE_CHECKS_ENAB;
+- &PASS_ALWAYS_WARN;
+- &PASS_CHANGE_TRIES;
+ &PASS_MAX_DAYS;
+ &PASS_MIN_DAYS;
+ &PASS_WARN_AGE;
+@@ -198,25 +143,16 @@
+ time of account creation. Any changes to these settings won't affect
+ existing accounts.
+ </para>
+- &PASS_MAX_LEN; <!-- documents also PASS_MIN_LEN -->
+- &PORTTIME_CHECKS_ENAB;
+- "AS_ENAB;
+ &SHA_CRYPT_MIN_ROUNDS; <!-- documents also SHA_CRYPT_MAX_ROUNDS -->
+- &SULOG_FILE;
+- &SU_NAME;
+- &SU_WHEEL_ONLY;
+ &SUB_GID_COUNT; <!-- documents also SUB_GID_MIN SUB_GID_MAX -->
+ &SUB_UID_COUNT; <!-- documents also SUB_UID_MIN SUB_UID_MAX -->
+ &SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
+ &SYS_UID_MAX; <!-- documents also SYS_UID_MIN -->
+ &SYSLOG_SG_ENAB;
+- &SYSLOG_SU_ENAB;
+ &TCB_AUTH_GROUP;
+ &TCB_SYMLINKS;
+ &TTYGROUP;
+- &TTYTYPE_FILE;
+ &UID_MAX; <!-- documents also UID_MIN -->
+- &ULIMIT;
+ &UMASK;
+ &USERDEL_CMD;
+ &USERGROUPS_ENAB;
+@@ -255,7 +191,7 @@
+ <para>
+ <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ BCRYPT_MIN_ROUNDS</phrase>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
+@@ -280,7 +216,7 @@
+ <term>chsh</term>
+ <listitem>
+ <para>
+- CHSH_AUTH LOGIN_STRING
++ CHSH_AUTH
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -292,7 +228,7 @@
+ <para>
+ <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ BCRYPT_MIN_ROUNDS</phrase>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
+@@ -352,35 +288,6 @@
+ <para>LASTLOG_UID_MAX</para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>login</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENV_PATH ENV_SUPATH
+- ENV_TZ ENVIRON_FILE</phrase>
+- ERASECHAR FAIL_DELAY
+- <phrase condition="no_pam">FAILLOG_ENAB</phrase>
+- FAKE_SHELL
+- <phrase condition="no_pam">FTMP_FILE</phrase>
+- HUSHLOGIN_FILE
+- <phrase condition="no_pam">ISSUE_FILE</phrase>
+- KILLCHAR
+- <phrase condition="no_pam">LASTLOG_ENAB LASTLOG_UID_MAX</phrase>
+- LOGIN_RETRIES
+- <phrase condition="no_pam">LOGIN_STRING</phrase>
+- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
+- <phrase condition="no_pam">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
+- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
+- QUOTAS_ENAB</phrase>
+- TTYGROUP TTYPERM TTYTYPE_FILE
+- <phrase condition="no_pam">ULIMIT UMASK</phrase>
+- USERGROUPS_ENAB
+- </para>
+- </listitem>
+- </varlistentry>
+- <!-- logoutd: no variables -->
+ <varlistentry>
+ <term>newgrp / sg</term>
+ <listitem>
+@@ -397,7 +304,7 @@
+ BCRYPT_MIN_ROUNDS</phrase>
+ ENCRYPT_METHOD
+ GID_MAX GID_MIN
+- MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ MAX_MEMBERS_PER_GROUP
+ HOME_MODE
+ PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+@@ -417,8 +324,7 @@
+ <para>
+ <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ BCRYPT_MIN_ROUNDS</phrase>
+- ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
+- PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
++ ENCRYPT_METHOD
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
+@@ -451,32 +357,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>su</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENVIRON_FILE</phrase>
+- ENV_PATH ENV_SUPATH
+- <phrase condition="no_pam">ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
+- MAIL_DIR MAIL_FILE QUOTAS_ENAB</phrase>
+- SULOG_FILE SU_NAME
+- <phrase condition="no_pam">SU_WHEEL_ONLY</phrase>
+- SYSLOG_SU_ENAB
+- <phrase condition="no_pam">USERGROUPS_ENAB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry condition="no_pam">
+- <term>sulogin</term>
+- <listitem>
+- <para>
+- ENV_HZ
+- ENV_TZ
+- </para>
+- </listitem>
+- </varlistentry>
+ <varlistentry>
+ <term>useradd</term>
+ <listitem>
+@@ -505,24 +385,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>usermod</term>
+- <listitem>
+- <para>
+- LASTLOG_UID_MAX
+- MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP
+- <phrase condition="tcb">TCB_SYMLINKS USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry condition="tcb">
+- <term>vipw</term>
+- <listitem>
+- <para>
+- <phrase condition="tcb">USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+ </variablelist>
+ </refsect1>
+
+--
+2.44.0
+
diff --git a/srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch b/srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch
new file mode 100644
index 00000000000000..9f90710bcbb5ce
--- /dev/null
+++ b/srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch
@@ -0,0 +1,721 @@
+etc/pam.d/Makefile.am:
+Disable installation of PAM integration for chfn, chsh and login tools
+as they are provided by util-linux.
+
+man/Makefile.am, man/*/Makefile.am:
+Disable man pages for chfn, chsh, login, logoutd, newgrp, nologin, vigr,
+vipw and su as they are either no longer used or replaced by util-linux.
+
+src/Makefile.am:
+Set usbindir to use bin instead of sbin, as Void Linux is a /usr and bin
+merge distribution.
+Remove the use of login, nologin, chfn, chsh, logoutd, vipw and vigr, as
+they are either not used or replaced by util-linux.
+Move newgrp to replace sg (instead of it being a symlink).
+---
+ etc/pam.d/Makefile.am | 3 ---
+ man/Makefile.am | 20 +++-----------------
+ man/cs/Makefile.am | 8 ++------
+ man/da/Makefile.am | 8 +-------
+ man/de/Makefile.am | 11 +----------
+ man/fi/Makefile.am | 5 +----
+ man/fr/Makefile.am | 11 +----------
+ man/hu/Makefile.am | 6 +-----
+ man/id/Makefile.am | 2 --
+ man/it/Makefile.am | 11 +----------
+ man/ja/Makefile.am | 10 +---------
+ man/ko/Makefile.am | 8 +-------
+ man/pl/Makefile.am | 7 +------
+ man/ru/Makefile.am | 11 +----------
+ man/sv/Makefile.am | 8 +-------
+ man/tr/Makefile.am | 3 ---
+ man/uk/Makefile.am | 11 +----------
+ man/zh_CN/Makefile.am | 11 +----------
+ man/zh_TW/Makefile.am | 4 ----
+ src/Makefile.am | 18 +++++++-----------
+ 20 files changed, 25 insertions(+), 151 deletions(-)
+
+diff --git a/etc/pam.d/Makefile.am b/etc/pam.d/Makefile.am
+index b8e4321f..73d4554f 100644
+--- a/etc/pam.d/Makefile.am
++++ b/etc/pam.d/Makefile.am
+@@ -3,10 +3,7 @@
+
+ pamd_files = \
+ chpasswd \
+- chfn \
+- chsh \
+ groupmems \
+- login \
+ newusers \
+ passwd
+
+diff --git a/man/Makefile.am b/man/Makefile.am
+index cffef699..f57e476d 100644
+--- a/man/Makefile.am
++++ b/man/Makefile.am
+@@ -8,10 +8,8 @@ endif
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -26,12 +24,9 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
++ man8/lastlog.8 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -43,9 +38,7 @@ man_MANS = \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+@@ -77,10 +70,8 @@ endif
+
+ man_XMANS = \
+ chage.1.xml \
+- chfn.1.xml \
+ chgpasswd.8.xml \
+ chpasswd.8.xml \
+- chsh.1.xml \
+ expiry.1.xml \
+ faillog.5.xml \
+ faillog.8.xml \
+@@ -94,12 +85,9 @@ man_XMANS = \
+ grpck.8.xml \
+ gshadow.5.xml \
+ limits.5.xml \
+- login.1.xml \
+ login.access.5.xml \
+ login.defs.5.xml \
+- logoutd.8.xml \
+ newgidmap.1.xml \
+- newgrp.1.xml \
+ newuidmap.1.xml \
+ newusers.8.xml \
+ nologin.8.xml \
+@@ -111,14 +99,12 @@ man_XMANS = \
+ shadow.3.xml \
+ shadow.5.xml \
+ sg.1.xml \
+- su.1.xml \
+ suauth.5.xml \
+ subgid.5.xml \
+ subuid.5.xml \
+ useradd.8.xml \
+ userdel.8.xml \
+- usermod.8.xml \
+- vipw.8.xml
++ usermod.8.xml
+
+ if ENABLE_LASTLOG
+ man_XMANS += lastlog.8.xml
+diff --git a/man/cs/Makefile.am b/man/cs/Makefile.am
+index 84407d71..c5ef7cf5 100644
+--- a/man/cs/Makefile.am
++++ b/man/cs/Makefile.am
+@@ -12,11 +12,8 @@ man_MANS = \
+ man1/groups.1 \
+ man8/grpck.8 \
+ man5/gshadow.5 \
+- man8/nologin.8 \
+ man5/passwd.5 \
+- man5/shadow.5 \
+- man1/su.1 \
+- man8/vipw.8
++ man5/shadow.5
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+@@ -24,6 +21,5 @@ endif
+
+ EXTRA_DIST = $(man_MANS) \
+ man1/id.1 \
+- man8/groupmems.8 \
+- man8/logoutd.8
++ man8/groupmems.8
+
+diff --git a/man/da/Makefile.am b/man/da/Makefile.am
+index a3b09224..e45bef66 100644
+--- a/man/da/Makefile.am
++++ b/man/da/Makefile.am
+@@ -3,16 +3,10 @@ mandir = @mandir@/da
+
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = \
+- man1/chfn.1 \
+ man8/groupdel.8 \
+ man1/groups.1 \
+ man5/gshadow.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+- man8/nologin.8 \
+- man1/sg.1 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man1/sg.1
+
+ man_nopam =
+
+diff --git a/man/de/Makefile.am b/man/de/Makefile.am
+index 671432d3..333d5524 100644
+--- a/man/de/Makefile.am
++++ b/man/de/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/de
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/fi/Makefile.am b/man/fi/Makefile.am
+index 26a1a848..f02b92f3 100644
+--- a/man/fi/Makefile.am
++++ b/man/fi/Makefile.am
+@@ -1,10 +1,7 @@
+
+ mandir = @mandir@/fi
+
+-man_MANS = \
+- man1/chfn.1 \
+- man1/chsh.1 \
+- man1/su.1
++man_MANS =
+
+ # Outdated manpages
+ # passwd.1 (https://bugs.launchpad.net/ubuntu/+bug/384024)
+diff --git a/man/fr/Makefile.am b/man/fr/Makefile.am
+index 335e0298..9962c038 100644
+--- a/man/fr/Makefile.am
++++ b/man/fr/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/fr
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/hu/Makefile.am b/man/hu/Makefile.am
+index 205bb0a8..3d813179 100644
+--- a/man/hu/Makefile.am
++++ b/man/hu/Makefile.am
+@@ -2,15 +2,11 @@
+ mandir = @mandir@/hu
+
+ man_MANS = \
+- man1/chsh.1 \
+ man1/gpasswd.1 \
+ man1/groups.1 \
+- man1/login.1 \
+- man1/newgrp.1 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+- man1/sg.1 \
+- man1/su.1
++ man1/sg.1
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/id/Makefile.am b/man/id/Makefile.am
+index 21f3dbe9..6d10b930 100644
+--- a/man/id/Makefile.am
++++ b/man/id/Makefile.am
+@@ -2,8 +2,6 @@
+ mandir = @mandir@/id
+
+ man_MANS = \
+- man1/chsh.1 \
+- man1/login.1 \
+ man8/useradd.8
+
+ EXTRA_DIST = $(man_MANS)
+diff --git a/man/it/Makefile.am b/man/it/Makefile.am
+index b76187fa..1f62e20e 100644
+--- a/man/it/Makefile.am
++++ b/man/it/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/it
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/ja/Makefile.am b/man/ja/Makefile.am
+index 13f18da1..3401a085 100644
+--- a/man/ja/Makefile.am
++++ b/man/ja/Makefile.am
+@@ -3,9 +3,7 @@ mandir = @mandir@/ja
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -17,10 +15,7 @@ man_MANS = \
+ man8/grpck.8 \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+@@ -29,13 +24,10 @@ man_MANS = \
+ man8/pwunconv.8 \
+ man1/sg.1 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/ko/Makefile.am b/man/ko/Makefile.am
+index c269f0bb..9616cb3e 100644
+--- a/man/ko/Makefile.am
++++ b/man/ko/Makefile.am
+@@ -2,14 +2,8 @@
+ mandir = @mandir@/ko
+
+ man_MANS = \
+- man1/chfn.1 \
+- man1/chsh.1 \
+ man1/groups.1 \
+- man1/login.1 \
+- man5/passwd.5 \
+- man1/su.1 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man5/passwd.5
+ # newgrp.1 must be updated
+ # newgrp.1
+
+diff --git a/man/pl/Makefile.am b/man/pl/Makefile.am
+index b2f096f7..00817d37 100644
+--- a/man/pl/Makefile.am
++++ b/man/pl/Makefile.am
+@@ -4,7 +4,6 @@ mandir = @mandir@/pl
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = \
+ man1/chage.1 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -15,14 +14,10 @@ man_MANS = \
+ man8/groupmod.8 \
+ man1/groups.1 \
+ man8/grpck.8 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/ru/Makefile.am b/man/ru/Makefile.am
+index 84d55d9e..b65f4881 100644
+--- a/man/ru/Makefile.am
++++ b/man/ru/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/ru
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/sv/Makefile.am b/man/sv/Makefile.am
+index 70329edf..58fa80e5 100644
+--- a/man/sv/Makefile.am
++++ b/man/sv/Makefile.am
+@@ -3,7 +3,6 @@ mandir = @mandir@/sv
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = \
+ man1/chage.1 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -15,18 +14,13 @@ man_MANS = \
+ man1/groups.1 \
+ man8/grpck.8 \
+ man5/gshadow.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/suauth.5 \
+- man8/userdel.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/userdel.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/tr/Makefile.am b/man/tr/Makefile.am
+index 8d8b9166..4fe3632a 100644
+--- a/man/tr/Makefile.am
++++ b/man/tr/Makefile.am
+@@ -2,15 +2,12 @@ mandir = @mandir@/tr
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/groupadd.8 \
+ man8/groupdel.8 \
+ man8/groupmod.8 \
+- man1/login.1 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+ man8/usermod.8
+diff --git a/man/uk/Makefile.am b/man/uk/Makefile.am
+index 3fb5ffb3..e13c8fee 100644
+--- a/man/uk/Makefile.am
++++ b/man/uk/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/uk
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/zh_CN/Makefile.am b/man/zh_CN/Makefile.am
+index a8b93a56..42ad764d 100644
+--- a/man/zh_CN/Makefile.am
++++ b/man/zh_CN/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/zh_CN
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/zh_TW/Makefile.am b/man/zh_TW/Makefile.am
+index c36ed2c7..26696b67 100644
+--- a/man/zh_TW/Makefile.am
++++ b/man/zh_TW/Makefile.am
+@@ -2,15 +2,11 @@
+ mandir = @mandir@/zh_TW
+
+ man_MANS = \
+- man1/chfn.1 \
+- man1/chsh.1 \
+ man8/chpasswd.8 \
+- man1/newgrp.1 \
+ man8/groupadd.8 \
+ man8/groupdel.8 \
+ man8/groupmod.8 \
+ man5/passwd.5 \
+- man1/su.1 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+ man8/usermod.8
+diff --git a/src/Makefile.am b/src/Makefile.am
+index b6cb09ef..bfe73b09 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -3,7 +3,7 @@ EXTRA_DIST = \
+ .indent.pro
+
+ ubindir = ${prefix}/bin
+-usbindir = ${prefix}/sbin
++usbindir = ${prefix}/bin
+ suidperms = 4755
+ sgidperms = 2755
+
+@@ -26,9 +26,9 @@ AM_CFLAGS = $(LIBBSD_CFLAGS)
+ # and installation would be much simpler (just two directories,
+ # $prefix/bin and $prefix/sbin, no install-data hacks...)
+
+-bin_PROGRAMS = groups login
+-sbin_PROGRAMS = nologin
+-ubin_PROGRAMS = faillog chage chfn chsh expiry gpasswd newgrp passwd
++bin_PROGRAMS = groups
++sbin_PROGRAMS =
++ubin_PROGRAMS = faillog lastlog chage expiry gpasswd newgrp passwd
+ if ENABLE_SUBIDS
+ ubin_PROGRAMS += newgidmap newuidmap
+ endif
+@@ -48,22 +48,20 @@ usbin_PROGRAMS = \
+ grpck \
+ grpconv \
+ grpunconv \
+- logoutd \
+ newusers \
+ pwck \
+ pwconv \
+ pwunconv \
+ useradd \
+ userdel \
+- usermod \
+- vipw
++ usermod
+
+ # id and groups are from gnu, sulogin from sysvinit
+ noinst_PROGRAMS = id sulogin
+
+ suidusbins =
+ suidbins =
+-suidubins = chage chfn chsh expiry gpasswd newgrp
++suidubins = chage expiry gpasswd newgrp
+ if WITH_SU
+ suidbins += su
+ endif
+@@ -135,18 +133,16 @@ sulogin_LDADD = $(LDADD) $(LIBCRYPT) $(LIBECONF)
+ useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl
+ userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF) -ldl
+ usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl
+-vipw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
+
+ install-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+- ln -sf newgrp $(DESTDIR)$(ubindir)/sg
+- ln -sf vipw $(DESTDIR)$(usbindir)/vigr
+ set -e; for i in $(suidbins); do \
+ chmod $(suidperms) $(DESTDIR)$(bindir)/$$i; \
+ done
+ set -e; for i in $(suidubins); do \
+ chmod $(suidperms) $(DESTDIR)$(ubindir)/$$i; \
+ done
++ mv -v $(DESTDIR)$(ubindir)/newgrp $(DESTDIR)$(ubindir)/sg
+ set -e; for i in $(suidusbins); do \
+ chmod $(suidperms) $(DESTDIR)$(usbindir)/$$i; \
+ done
+--
+2.44.0
+
diff --git a/srcpkgs/shadow/patches/disable-ruserok.patch b/srcpkgs/shadow/patches/disable-ruserok.patch
new file mode 100644
index 00000000000000..dcc1a9f72333c8
--- /dev/null
+++ b/srcpkgs/shadow/patches/disable-ruserok.patch
@@ -0,0 +1,12 @@
+--- a/configure
++++ b/configure
+@@ -15825,9 +15825,6 @@ if test "$ac_cv_func_ruserok" = "yes"; then
+
+ printf "%s\n" "#define RLOGIN 1" >>confdefs.h
+
+-
+-printf "%s\n" "#define RUSEROK 0" >>confdefs.h
+-
+ fi
+
+ # Check whether --enable-shadowgrp was given.
diff --git a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch b/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
deleted file mode 100644
index c5564fffdc3852..00000000000000
--- a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
+++ /dev/null
@@ -1,23 +0,0 @@
---- a/src/usermod.c 2012-02-13 08:19:43.792146449 -0500
-+++ b/src/usermod.c 2012-02-13 08:21:19.375114500 -0500
-@@ -182,7 +182,7 @@
- struct tm *tp;
-
- if (date < 0) {
-- strncpy (buf, "never", maxsize);
-+ strncpy (buf, "never", maxsize - 1);
- } else {
- time_t t = (time_t) date;
- tp = gmtime (&t);
---- a/src/login.c 2012-02-13 08:19:50.951994454 -0500
-+++ b/src/login.c 2012-02-13 08:21:04.490430937 -0500
-@@ -752,7 +752,8 @@
- _("%s login: "), hostn);
- } else {
- strncpy (loginprompt, _("login: "),
-- sizeof (loginprompt));
-+ sizeof (loginprompt) - 1);
-+ loginprompt[sizeof (loginprompt) - 1] = '\0';
- }
-
- retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
diff --git a/srcpkgs/shadow/patches/useradd-defaults.patch b/srcpkgs/shadow/patches/useradd-defaults.patch
new file mode 100644
index 00000000000000..38035df40cfcab
--- /dev/null
+++ b/srcpkgs/shadow/patches/useradd-defaults.patch
@@ -0,0 +1,21 @@
+diff --git a/src/useradd.c b/src/useradd.c
+index 677ea5a636f..49f55211a17 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -87,14 +87,14 @@ const char *Prog;
+ /*
+ * These defaults are used if there is no defaults file.
+ */
+-static gid_t def_group = 1000;
++static gid_t def_group = 100;
+ static const char *def_groups = "";
+ static const char *def_gname = "other";
+ static const char *def_home = "/home";
+ static const char *def_shell = "/bin/bash";
+ static const char *def_template = SKEL_DIR;
+ static const char *def_usrtemplate = USRSKELDIR;
+-static const char *def_create_mail_spool = "yes";
++static const char *def_create_mail_spool = "no";
+ static const char *def_log_init = "yes";
+
+ static long def_inactive = -1;
diff --git a/srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch b/srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch
new file mode 100644
index 00000000000000..fc0f5aa6eb1e93
--- /dev/null
+++ b/srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch
@@ -0,0 +1,43 @@
+etc/login.defs:
+- Change `ENV_SUPATH` and `ENV_SUPATH` to only use
+ /usr/local/sbin:/usr/local/bin:/usr/bin as Void is a /usr and
+ bin merge distribution.
+- Set `HOME_MODE` to `0700` to be able to rely on a `UMASK` of `022`
+ while creating home directories in a privacy conserving manner.
+- Change ENCRYPT_METHOD to YESCRYPT as it is a safer hashing algorithm
+ than DES.
+---
+
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -55,8 +55,8 @@ HUSHLOGIN_FILE .hushlogin
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+ # (they are minimal, add the rest in the shell startup files)
+-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
+-ENV_PATH PATH=/bin:/usr/bin
++ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
++ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+
+ #
+ # Terminal permissions
+@@ -84,7 +84,7 @@ UMASK 022
+ # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+ # home directories.
+ # If HOME_MODE is not set, the value of UMASK is used to create the mode.
+-#HOME_MODE 0700
++HOME_MODE 0700
+
+ #
+ # Password aging controls:
+@@ -152,7 +152,7 @@ CHFN_RESTRICT rwh
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+-#ENCRYPT_METHOD DES
++ENCRYPT_METHOD YESCRYPT
+
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+--
+2.44.0
diff --git a/srcpkgs/shadow/patches/xstrdup.patch b/srcpkgs/shadow/patches/xstrdup.patch
deleted file mode 100644
index 562febcf4164f1..00000000000000
--- a/srcpkgs/shadow/patches/xstrdup.patch
+++ /dev/null
@@ -1,9 +0,0 @@
---- a/libmisc/xmalloc.c 2008-08-30 21:55:44.000000000 -0500
-+++ b/libmisc/xmalloc.c.new 2008-08-30 21:55:36.000000000 -0500
-@@ -61,5 +61,6 @@
-
- char *xstrdup (const char *str)
- {
-+ if(str == NULL) return NULL;
- return strcpy (xmalloc (strlen (str) + 1), str);
- }
diff --git a/srcpkgs/shadow/template b/srcpkgs/shadow/template
index c7ece33540c9a0..7d1bedf714edad 100644
--- a/srcpkgs/shadow/template
+++ b/srcpkgs/shadow/template
@@ -1,45 +1,52 @@
# Template file for 'shadow'
pkgname=shadow
-version=4.8.1
-revision=3
+version=4.15.0
+revision=1
build_style=gnu-configure
-configure_args="--bindir=/usr/bin --sbindir=/usr/bin
- --enable-shared --disable-static
- --with-libpam --without-selinux --with-acl --with-attr --without-su
- --disable-nls --enable-subordinate-ids --disable-account-tools-setuid
- --with-group-name-max-length=32"
-hostmakedepends="libtool"
-makedepends="acl-devel pam-devel"
+configure_args="--bindir=/usr/bin --sbindir=/usr/bin --libdir=/usr/lib
+ --enable-shared --disable-static --enable-lastlog --with-libpam
+ --with-yescrypt --without-selinux --with-acl --with-attr --without-su
+ --disable-nls --without-bcrypt --enable-subordinate-ids
+ --disable-account-tools-setuid --with-group-name-max-length=32"
+hostmakedepends="libtool pkg-config"
+makedepends="acl-devel pam-devel libbsd-devel"
depends="pam"
short_desc="Shadow password file utilities"
maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://github.com/shadow-maint/shadow"
distfiles="${homepage}/releases/download/${version}/shadow-${version}.tar.xz"
-checksum=a3ad4630bdc41372f02a647278a8c3514844295d36eefe68ece6c3a641c1ae62
-conf_files="/etc/pam.d/* /etc/default/* /etc/login.defs"
+checksum=e2e22c1b2a6241c9ed828387f1065b7eaa2e87c3d221550d1575cf6a35247c0d
+conf_files="
+ /etc/pam.d/chage
+ /etc/pam.d/chgpasswd
+ /etc/pam.d/chpasswd
+ /etc/pam.d/groupadd
+ /etc/pam.d/groupdel
+ /etc/pam.d/groupmems
+ /etc/pam.d/groupmod
+ /etc/pam.d/newusers
+ /etc/pam.d/passwd
+ /etc/pam.d/useradd
+ /etc/pam.d/userdel
+ /etc/pam.d/usermod"
if [ "$XBPS_TARGET_LIBC" = "glibc" ]; then
makedepends+=" libxcrypt-devel"
fi
-pre_configure() {
- case "$XBPS_TARGET_MACHINE" in
- # Completely disable unportable ruserok().
- *-musl) sed '/RUSEROK/d' -i configure;;
- esac
-}
-
do_build() {
# Don't install groups(1), we use the one from coreutils.
- sed -i 's/groups$(EXEEXT) //' src/Makefile
- for f in $(find man -name Makefile); do
+ sed -i 's/groups$(EXEEXT) //' src/Makefile.in
+ for f in $(find man -name Makefile.in); do
sed -i 's/groups\.1 / /' $f
done
make ${makejobs}
}
post_install() {
+ make -C man DESTDIR="$DESTDIR" install-man
+
mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin
# Install our pam files not the ones supplied with shadow.
@@ -51,14 +58,6 @@ post_install() {
groupmod newusers useradd userdel usermod; do
install -m644 $DESTDIR/etc/pam.d/chage $DESTDIR/etc/pam.d/${f}
done
- install -m644 ${FILESDIR}/login.defs ${DESTDIR}/etc
-
- # Disable creating mailbox files by default.
- sed -i -e 's/yes/no/' $DESTDIR/etc/default/useradd
- # Change default group to the users gid (100).
- sed -i -e 's/^\(GROUP\)=\(.*\)$/\1=100/' ${DESTDIR}/etc/default/useradd
-
- chmod 644 ${DESTDIR}/etc/default/useradd
# Install the cron daily job.
install -Dm744 ${FILESDIR}/shadow.cron-daily \
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.15.0.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (49 preceding siblings ...)
2024-03-22 19:09 ` dataCobra
@ 2024-03-22 22:52 ` dkwo
2024-03-22 23:12 ` alejandro-colomar
` (18 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dkwo @ 2024-03-22 22:52 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 188 bytes --]
New comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-2016048948
Comment:
it may also be possible to drop the ruserok patch
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.15.0.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (50 preceding siblings ...)
2024-03-22 22:52 ` shadow: update to 4.15.0 dkwo
@ 2024-03-22 23:12 ` alejandro-colomar
2024-03-22 23:13 ` alejandro-colomar
` (17 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: alejandro-colomar @ 2024-03-22 23:12 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 488 bytes --]
New comment by alejandro-colomar on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-2016082763
Comment:
> it may also be possible to drop the ruserok patch
If you investigate that ruserok thing, you may want to have fun upstream with
<https://github.com/shadow-maint/shadow/blob/ead55e9ba8958504e23e29545f90c4dd925c7462/configure.ac#L162>
<https://github.com/shadow-maint/shadow/commit/428a2078b6c435f1780ec8f381033e7bd937d29e>
:)
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.15.0.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (51 preceding siblings ...)
2024-03-22 23:12 ` alejandro-colomar
@ 2024-03-22 23:13 ` alejandro-colomar
2024-03-24 19:40 ` dataCobra
` (16 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: alejandro-colomar @ 2024-03-22 23:13 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 670 bytes --]
New comment by alejandro-colomar on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-2016082763
Comment:
> it may also be possible to drop the ruserok patch
If you investigate that ruserok thing, you may want to have fun upstream with the "quick hack":
<https://github.com/shadow-maint/shadow/blob/ead55e9ba8958504e23e29545f90c4dd925c7462/configure.ac#L162>
<https://github.com/shadow-maint/shadow/commit/428a2078b6c435f1780ec8f381033e7bd937d29e>
<https://github.com/shadow-maint/shadow/commit/45c6603cc86c5881b00ac40e0f9fe548c30ff6be#diff-bb21aa33a3f69ccb36c68b220f40ad08f29b9cd2c05dfedae7b9e3d5d4d08f6bR196>
:)
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.15.0.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (52 preceding siblings ...)
2024-03-22 23:13 ` alejandro-colomar
@ 2024-03-24 19:40 ` dataCobra
2024-05-20 21:18 ` dkwo
` (15 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-03-24 19:40 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 252 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-2016922021
Comment:
@Gottox are you able to help as the maintainer of the package?
If you have some more knowledge/information.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.15.0.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (53 preceding siblings ...)
2024-03-24 19:40 ` dataCobra
@ 2024-05-20 21:18 ` dkwo
2024-06-10 7:45 ` dataCobra
` (14 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dkwo @ 2024-05-20 21:18 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 157 bytes --]
New comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-2121228997
Comment:
btw, 4.15.1 is out
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.15.0.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (54 preceding siblings ...)
2024-05-20 21:18 ` dkwo
@ 2024-06-10 7:45 ` dataCobra
2024-07-14 15:57 ` [PR PATCH] [Updated] " dataCobra
` (13 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-06-10 7:45 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 311 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-2157574456
Comment:
Hey, I'm currently not having the time to work on this on my own.
Help from the Maintainer @Gottox would be nice or another person who is capable of helping me out.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR PATCH] [Updated] shadow: update to 4.15.0.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (55 preceding siblings ...)
2024-06-10 7:45 ` dataCobra
@ 2024-07-14 15:57 ` dataCobra
2024-07-14 16:00 ` shadow: update to 4.16.0 dataCobra
` (12 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-07-14 15:57 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 674 bytes --]
There is an updated pull request by dataCobra against master on the void-packages repository
https://github.com/dataCobra/void-packages shadow
https://github.com/void-linux/void-packages/pull/48813
shadow: update to 4.15.0.
#### Testing the changes
- I tested the changes in this PR: **YES**
#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- x86_64-musl
- i686
I welcome everyone to test this version. Maybe also on a new installation.
A patch file from https://github.com/void-linux/void-packages/pull/48813.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-shadow-48813.patch --]
[-- Type: text/x-diff, Size: 52180 bytes --]
From aec780c5245165ca525479b0e8eb5fc993ae99ea Mon Sep 17 00:00:00 2001
From: dataCobra <datacobra@thinkbot.de>
Date: Sun, 14 Jul 2024 17:57:16 +0200
Subject: [PATCH] shadow: update to 4.16.0.
---
common/shlibs | 1 +
srcpkgs/shadow/files/login.defs | 87 ---
...pt-login.defs-for-PAM-and-util-linux.patch | 694 +++++++++++++++++
...-tools-their-man-pages-and-PAM-integ.patch | 721 ++++++++++++++++++
.../shadow/patches/shadow-strncpy-usage.patch | 23 -
srcpkgs/shadow/patches/useradd-defaults.patch | 21 +
.../void-linux-defaults-for-login.defs.patch | 43 ++
srcpkgs/shadow/patches/xstrdup.patch | 9 -
srcpkgs/shadow/template | 55 +-
9 files changed, 1507 insertions(+), 147 deletions(-)
delete mode 100644 srcpkgs/shadow/files/login.defs
create mode 100644 srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch
create mode 100644 srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch
delete mode 100644 srcpkgs/shadow/patches/shadow-strncpy-usage.patch
create mode 100644 srcpkgs/shadow/patches/useradd-defaults.patch
create mode 100644 srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch
delete mode 100644 srcpkgs/shadow/patches/xstrdup.patch
diff --git a/common/shlibs b/common/shlibs
index 4131964398e40f..38c5123bb7f4db 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -4517,3 +4517,4 @@ libKPim6MimeTreeParserWidgets.so.6 mimetreeparser-24.02.0_1
libopenrazer.so.0 libopenrazer-0.2.0_1
libstaroffice-0.0.so.0 libstaroffice-0.0.7_1
libbox2d.so.2 box2d-2.4.1_1
+libsubid.so.5 shadow-4.16.0_1
diff --git a/srcpkgs/shadow/files/login.defs b/srcpkgs/shadow/files/login.defs
deleted file mode 100644
index 350764846af4b0..00000000000000
--- a/srcpkgs/shadow/files/login.defs
+++ /dev/null
@@ -1,87 +0,0 @@
-# Configuration file for login(1). For more information see
-# login.defs(5).
-
-# Directory where mailboxes reside, _or_ name of file, relative to the
-# home directory. If you do define both, MAIL_DIR takes precedence.
-#
-MAIL_DIR /var/mail
-#MAIL_FILE .mail
-
-# Password aging controls:
-#
-# PASS_MAX_DAYS Maximum number of days a password may be used.
-# PASS_MIN_DAYS Minimum number of days allowed between password changes.
-# PASS_MIN_LEN Minimum acceptable password length.
-# PASS_WARN_AGE Number of days warning given before a password expires.
-PASS_MAX_DAYS 99999
-PASS_MIN_DAYS 0
-PASS_WARN_AGE 7
-
-# Min/max values for automatic uid selection in useradd
-UID_MIN 1000
-UID_MAX 60000
-# System accounts
-SYS_UID_MIN 100
-SYS_UID_MAX 999
-
-# Min/max values for automatic gid selection in groupadd
-GID_MIN 1000
-GID_MAX 60000
-# System accounts
-SYS_GID_MIN 100
-SYS_GID_MAX 999
-
-# If useradd should create home directories for users by default
-CREATE_HOME yes
-
-# This enables userdel to remove user groups if no members exist.
-USERGROUPS_ENAB yes
-
-# Disable MOTD_FILE (empty); use pam_motd(8) instead.
-MOTD_FILE
-
-
-# If defined, either full pathname of a file containing device names or
-# a ":" delimited list of device names. Root logins will be allowed only
-# upon these devices.
-#
-CONSOLE /etc/securetty
-
-# Terminal permissions
-#
-# TTYGROUP Login tty will be assigned this group ownership.
-# TTYPERM Login tty will be set to this permission.
-#
-# If you have a "write" program which is "setgid" to a special group
-# which owns the terminals, define TTYGROUP to the group number and
-# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
-# TTYPERM to either 622 or 600.
-#
-TTYGROUP tty
-TTYPERM 0600
-
-# Login configuration initializations:
-#
-# ERASECHAR Terminal ERASE character ('\010' = backspace).
-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
-# UMASK Default "umask" value.
-#
-# The ERASECHAR and KILLCHAR are used only on System V machines.
-# The ULIMIT is used only if the system supports it.
-# (now it works with setrlimit too; ulimit is in 512-byte units)
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
-ERASECHAR 0177
-KILLCHAR 025
-UMASK 022
-HOME_MODE 0700
-
-# Max number of login retries if password is bad
-#
-LOGIN_RETRIES 5
-
-#
-# Max time in seconds for login
-#
-LOGIN_TIMEOUT 60
diff --git a/srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch b/srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch
new file mode 100644
index 00000000000000..3a0e99134c533d
--- /dev/null
+++ b/srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch
@@ -0,0 +1,694 @@
+etc/login.defs:
+Remove unused login.defs options, that are either irrelevant due to the
+use of PAM or because the util-linux version of a binary does not
+support them.
+Modify all options that are ignored when using PAM, but are supported by
+util-linux.
+
+Removed options because they are part of PAMDEFS (options in PAMDEFS are
+options silently ignored by shadow when built with PAM enabled):
+* CHFN_AUTH
+* CRACKLIB_DICTPATH
+* ENV_HZ
+* ENVIRON_FILE
+* ENV_TZ
+* FAILLOG_ENAB
+* FTMP_FILE
+* ISSUE_FILE
+* LASTLOG_ENAB
+* LOGIN_STRING
+* MAIL_CHECK_ENAB
+* NOLOGINS_FILE
+* OBSCURE_CHECKS_ENAB
+* PASS_ALWAYS_WARN
+* PASS_CHANGE_TRIES
+* PASS_MAX_LEN
+* PASS_MIN_LEN
+* PORTTIME_CHECKS_ENAB
+* QUOTAS_ENAB
+* SU_WHEEL_ONLY
+* SYSLOG_SU_ENAB
+* ULIMIT
+
+Removed options because they are not availablbe with PAM enabled:
+* BCRYPT_MIN_ROUNDS
+* BCRYPT_MAX_ROUNDS
+* CONSOLE_GROUPS
+* CONSOLE
+* MD5_CRYPT_ENAB
+* PREVENT_NO_AUTH
+
+Removed encryption methods (`ENCRYPT_METHOD`), because they are unsafe
+or not available with PAM:
+* BCRYPT
+* MD5
+
+Removed options because they are not supported by login from util-linux:
+* ERASECHAR
+* KILLCHAR
+* LOG_OK_LOGINS
+* TTYTYPE_FILE
+
+Removed options because they are not supported by su from util-linux:
+* SULOG_FILE
+* SU_NAME
+
+Adapted options because they are in PAMDEFS but are supported by login
+from util-linux:
+* MOTD_FILE
+
+man/login.defs.5.xml:
+Remove unavailable options from man 5 login.defs.
+---
+ etc/login.defs | 223 +------------------------------------------
+ man/login.defs.5.xml | 148 +---------------------------
+ 2 files changed, 8 insertions(+), 363 deletions(-)
+
+diff --git a/etc/login.defs b/etc/login.defs
+index 33622c29..797ca6b3 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -3,6 +3,8 @@
+ #
+ # $Id$
+ #
++# NOTE: This file is adapted for the use on Void Linux!
++# Unsupported options due to the use of util-linux or PAM are removed.
+
+ #
+ # Delay in seconds before being allowed another attempt after a login failure
+@@ -11,26 +13,11 @@
+ #
+ FAIL_DELAY 3
+
+-#
+-# Enable logging and display of /var/log/faillog login(1) failure info.
+-#
+-FAILLOG_ENAB yes
+-
+ #
+ # Enable display of unknown usernames when login(1) failures are recorded.
+ #
+ LOG_UNKFAIL_ENAB no
+
+-#
+-# Enable logging of successful logins
+-#
+-LOG_OK_LOGINS no
+-
+-#
+-# Enable logging and display of /var/log/lastlog login(1) time info.
+-#
+-LASTLOG_ENAB yes
+-
+ #
+ # Limit the highest user ID number for which the lastlog entries should
+ # be updated.
+@@ -40,88 +27,13 @@ LASTLOG_ENAB yes
+ #
+ #LASTLOG_UID_MAX
+
+-#
+-# Enable checking and display of mailbox status upon login.
+-#
+-# Disable if the shell startup files already check for mail
+-# ("mailx -e" or equivalent).
+-#
+-MAIL_CHECK_ENAB yes
+-
+-#
+-# Enable additional checks upon password changes.
+-#
+-OBSCURE_CHECKS_ENAB yes
+-
+-#
+-# Enable checking of time restrictions specified in /etc/porttime.
+-#
+-PORTTIME_CHECKS_ENAB yes
+-
+-#
+-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
+-#
+-QUOTAS_ENAB yes
+-
+-#
+-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
+-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
+-#
+-SYSLOG_SU_ENAB yes
+-SYSLOG_SG_ENAB yes
+-
+-#
+-# If defined, either full pathname of a file containing device names or
+-# a ":" delimited list of device names. Root logins will be allowed only
+-# from these devices.
+-#
+-CONSOLE /etc/securetty
+-#CONSOLE console:tty01:tty02:tty03:tty04
+-
+-#
+-# If defined, all su(1) activity is logged to this file.
+-#
+-#SULOG_FILE /var/log/sulog
+-
+ #
+ # If defined, ":" delimited list of "message of the day" files to
+ # be displayed upon login.
+ #
+-MOTD_FILE /etc/motd
++MOTD_FILE
+ #MOTD_FILE /etc/motd:/usr/lib/news/news-motd
+
+-#
+-# If defined, this file will be output before each login(1) prompt.
+-#
+-#ISSUE_FILE /etc/issue
+-
+-#
+-# If defined, file which maps tty line to TERM environment parameter.
+-# Each line of the file is in a format similar to "vt100 tty01".
+-#
+-#TTYTYPE_FILE /etc/ttytype
+-
+-#
+-# If defined, login(1) failures will be logged here in a utmp format.
+-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
+-#
+-FTMP_FILE /var/log/btmp
+-
+-#
+-# If defined, name of file whose presence will inhibit non-root
+-# logins. The content of this file should be a message indicating
+-# why logins are inhibited.
+-#
+-NOLOGINS_FILE /etc/nologin
+-
+-#
+-# If defined, the command name to display when running "su -". For
+-# example, if this is defined as "su" then ps(1) will display the
+-# command as "-su". If not defined, then ps(1) will display the
+-# name of the shell actually being run, e.g. something like "-sh".
+-#
+-SU_NAME su
+-
+ #
+ # *REQUIRED*
+ # Directory where mailboxes reside, _or_ name of file, relative to the
+@@ -139,21 +51,6 @@ MAIL_DIR /var/spool/mail
+ HUSHLOGIN_FILE .hushlogin
+ #HUSHLOGIN_FILE /etc/hushlogins
+
+-#
+-# If defined, either a TZ environment parameter spec or the
+-# fully-rooted pathname of a file containing such a spec.
+-#
+-#ENV_TZ TZ=CST6CDT
+-#ENV_TZ /etc/tzname
+-
+-#
+-# If defined, an HZ environment parameter spec.
+-#
+-# for Linux/x86
+-ENV_HZ HZ=100
+-# For Linux/Alpha...
+-#ENV_HZ HZ=1024
+-
+ #
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+@@ -175,23 +72,6 @@ ENV_PATH PATH=/bin:/usr/bin
+ TTYGROUP tty
+ TTYPERM 0600
+
+-#
+-# Login configuration initializations:
+-#
+-# ERASECHAR Terminal ERASE character ('\010' = backspace).
+-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
+-# ULIMIT Default "ulimit" value.
+-#
+-# The ERASECHAR and KILLCHAR are used only on System V machines.
+-# The ULIMIT is used only if the system supports it.
+-# (now it works with setrlimit too; ulimit is in 512-byte units)
+-#
+-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+-#
+-ERASECHAR 0177
+-KILLCHAR 025
+-#ULIMIT 2097152
+-
+ # Default initial "umask" value used by login(1) on non-PAM enabled systems.
+ # Default "umask" value for pam_umask(8) on PAM enabled systems.
+ # UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+@@ -211,22 +91,12 @@ UMASK 022
+ #
+ # PASS_MAX_DAYS Maximum number of days a password may be used.
+ # PASS_MIN_DAYS Minimum number of days allowed between password changes.
+-# PASS_MIN_LEN Minimum acceptable password length.
+ # PASS_WARN_AGE Number of days warning given before a password expires.
+ #
+ PASS_MAX_DAYS 99999
+ PASS_MIN_DAYS 0
+-PASS_MIN_LEN 5
+ PASS_WARN_AGE 7
+
+-#
+-# If "yes", the user must be listed as a member of the first gid 0 group
+-# in /etc/group (called "root" on most Linux systems) to be able to "su"
+-# to uid 0 accounts. If the group doesn't exist or is empty, no one
+-# will be able to "su" to uid 0.
+-#
+-SU_WHEEL_ONLY no
+-
+ #
+ # Min/max values for automatic uid selection in useradd(8)
+ #
+@@ -263,28 +133,6 @@ LOGIN_RETRIES 5
+ #
+ LOGIN_TIMEOUT 60
+
+-#
+-# Maximum number of attempts to change password if rejected (too easy)
+-#
+-PASS_CHANGE_TRIES 5
+-
+-#
+-# Warn about weak passwords (but still allow them) if you are root.
+-#
+-PASS_ALWAYS_WARN yes
+-
+-#
+-# Number of significant characters in the password for crypt().
+-# Default is 8, don't change unless your crypt() is better.
+-# Ignored if MD5_CRYPT_ENAB set to "yes".
+-#
+-#PASS_MAX_LEN 8
+-
+-#
+-# Require password before chfn(1)/chsh(1) can make any changes.
+-#
+-CHFN_AUTH yes
+-
+ #
+ # Which fields may be changed by regular users using chfn(1) - use
+ # any combination of letters "frwh" (full name, room number, work
+@@ -293,38 +141,13 @@ CHFN_AUTH yes
+ #
+ CHFN_RESTRICT rwh
+
+-#
+-# Password prompt (%s will be replaced by user name).
+-#
+-# XXX - it doesn't work correctly yet, for now leave it commented out
+-# to use the default which is just "Password: ".
+-#LOGIN_STRING "%s's Password: "
+-
+-#
+-# Only works if compiled with MD5_CRYPT defined:
+-# If set to "yes", new passwords will be encrypted using the MD5-based
+-# algorithm compatible with the one used by recent releases of FreeBSD.
+-# It supports passwords of unlimited length and longer salt strings.
+-# Set to "no" if you need to copy encrypted passwords to other systems
+-# which don't understand the new algorithm. Default is "no".
+-#
+-# Note: If you use PAM, it is recommended to use a value consistent with
+-# the PAM modules configuration.
+-#
+-# This variable is deprecated. You should use ENCRYPT_METHOD instead.
+-#
+-#MD5_CRYPT_ENAB no
+-
+ #
+ # Only works if compiled with ENCRYPTMETHOD_SELECT defined:
+-# If set to MD5, MD5-based algorithm will be used for encrypting password
+ # If set to SHA256, SHA256-based algorithm will be used for encrypting password
+ # If set to SHA512, SHA512-based algorithm will be used for encrypting password
+-# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
+ # If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
+ # If set to DES, DES-based algorithm will be used for encrypting password (default)
+ # MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
+-# Overrides the MD5_CRYPT_ENAB option
+ #
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+@@ -348,21 +171,6 @@ CHFN_RESTRICT rwh
+ #SHA_CRYPT_MIN_ROUNDS 5000
+ #SHA_CRYPT_MAX_ROUNDS 5000
+
+-#
+-# Only works if ENCRYPT_METHOD is set to BCRYPT.
+-#
+-# Define the number of BCRYPT rounds.
+-# With a lot of rounds, it is more difficult to brute-force the password.
+-# However, more CPU resources will be needed to authenticate users if
+-# this value is increased.
+-#
+-# If not specified, 13 rounds will be attempted.
+-# If only one of the MIN or MAX values is set, then this value will be used.
+-# If MIN > MAX, the highest value will be used.
+-#
+-#BCRYPT_MIN_ROUNDS 13
+-#BCRYPT_MAX_ROUNDS 13
+-
+ #
+ # Only works if ENCRYPT_METHOD is set to YESCRYPT.
+ #
+@@ -376,17 +184,6 @@ CHFN_RESTRICT rwh
+ #
+ #YESCRYPT_COST_FACTOR 5
+
+-#
+-# List of groups to add to the user's supplementary group set
+-# when logging in from the console (as determined by the CONSOLE
+-# setting). Default is none.
+-#
+-# Use with caution - it is possible for users to gain permanent
+-# access to these groups, even when not logged in from the console.
+-# How to do it is left as an exercise for the reader...
+-#
+-#CONSOLE_GROUPS floppy:audio:cdrom
+-
+ #
+ # Should login be allowed if we can't cd to the home directory?
+ # Default is no.
+@@ -401,12 +198,6 @@ DEFAULT_HOME yes
+ #
+ NONEXISTENT /nonexistent
+
+-#
+-# If this file exists and is readable, login environment will be
+-# read from it. Every line should be in the form name=value.
+-#
+-ENVIRON_FILE /etc/environment
+-
+ #
+ # If defined, this command is run when removing a user.
+ # It should remove any at/cron/print jobs etc. owned by
+@@ -454,14 +245,6 @@ USERGROUPS_ENAB yes
+ #
+ #GRANT_AUX_GROUP_SUBIDS yes
+
+-#
+-# Prevents an empty password field to be interpreted as "no authentication
+-# required".
+-# Set to "yes" to prevent for all accounts
+-# Set to "superuser" to prevent for UID 0 / root (default)
+-# Set to "no" to not prevent for any account (dangerous, historical default)
+-PREVENT_NO_AUTH superuser
+-
+ #
+ # Select the HMAC cryptography algorithm.
+ # Used in pam_timestamp module to calculate the keyed-hash message
+diff --git a/man/login.defs.5.xml b/man/login.defs.5.xml
+index 05ef5125..1ddf537e 100644
+--- a/man/login.defs.5.xml
++++ b/man/login.defs.5.xml
+@@ -7,70 +7,38 @@
+ -->
+ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+-<!ENTITY BCRYPT_MIN_ROUNDS SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
+-<!ENTITY CHFN_AUTH SYSTEM "login.defs.d/CHFN_AUTH.xml">
+ <!ENTITY CHFN_RESTRICT SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
+-<!ENTITY CHSH_AUTH SYSTEM "login.defs.d/CHSH_AUTH.xml">
+-<!ENTITY CONSOLE SYSTEM "login.defs.d/CONSOLE.xml">
+-<!ENTITY CONSOLE_GROUPS SYSTEM "login.defs.d/CONSOLE_GROUPS.xml">
+ <!ENTITY CREATE_HOME SYSTEM "login.defs.d/CREATE_HOME.xml">
+ <!ENTITY DEFAULT_HOME SYSTEM "login.defs.d/DEFAULT_HOME.xml">
+ <!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
+-<!ENTITY ENV_HZ SYSTEM "login.defs.d/ENV_HZ.xml">
+ <!ENTITY ENV_PATH SYSTEM "login.defs.d/ENV_PATH.xml">
+ <!ENTITY ENV_SUPATH SYSTEM "login.defs.d/ENV_SUPATH.xml">
+-<!ENTITY ENV_TZ SYSTEM "login.defs.d/ENV_TZ.xml">
+-<!ENTITY ENVIRON_FILE SYSTEM "login.defs.d/ENVIRON_FILE.xml">
+-<!ENTITY ERASECHAR SYSTEM "login.defs.d/ERASECHAR.xml">
+ <!ENTITY FAIL_DELAY SYSTEM "login.defs.d/FAIL_DELAY.xml">
+-<!ENTITY FAILLOG_ENAB SYSTEM "login.defs.d/FAILLOG_ENAB.xml">
+-<!ENTITY FAKE_SHELL SYSTEM "login.defs.d/FAKE_SHELL.xml">
+-<!ENTITY FTMP_FILE SYSTEM "login.defs.d/FTMP_FILE.xml">
+ <!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
+ <!ENTITY HMAC_CRYPTO_ALGO SYSTEM "login.defs.d/HMAC_CRYPTO_ALGO.xml">
+ <!ENTITY HOME_MODE SYSTEM "login.defs.d/HOME_MODE.xml">
+ <!ENTITY HUSHLOGIN_FILE SYSTEM "login.defs.d/HUSHLOGIN_FILE.xml">
+-<!ENTITY ISSUE_FILE SYSTEM "login.defs.d/ISSUE_FILE.xml">
+-<!ENTITY KILLCHAR SYSTEM "login.defs.d/KILLCHAR.xml">
+-<!ENTITY LASTLOG_ENAB SYSTEM "login.defs.d/LASTLOG_ENAB.xml">
+ <!ENTITY LASTLOG_UID_MAX SYSTEM "login.defs.d/LASTLOG_UID_MAX.xml">
+-<!ENTITY LOG_OK_LOGINS SYSTEM "login.defs.d/LOG_OK_LOGINS.xml">
+ <!ENTITY LOG_UNKFAIL_ENAB SYSTEM "login.defs.d/LOG_UNKFAIL_ENAB.xml">
+ <!ENTITY LOGIN_RETRIES SYSTEM "login.defs.d/LOGIN_RETRIES.xml">
+-<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
+ <!ENTITY LOGIN_TIMEOUT SYSTEM "login.defs.d/LOGIN_TIMEOUT.xml">
+-<!ENTITY MAIL_CHECK_ENAB SYSTEM "login.defs.d/MAIL_CHECK_ENAB.xml">
+ <!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
+ <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
+-<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
+ <!ENTITY MOTD_FILE SYSTEM "login.defs.d/MOTD_FILE.xml">
+-<!ENTITY NOLOGINS_FILE SYSTEM "login.defs.d/NOLOGINS_FILE.xml">
+ <!ENTITY NONEXISTENT SYSTEM "login.defs.d/NONEXISTENT.xml">
+-<!ENTITY OBSCURE_CHECKS_ENAB SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
+-<!ENTITY PASS_ALWAYS_WARN SYSTEM "login.defs.d/PASS_ALWAYS_WARN.xml">
+-<!ENTITY PASS_CHANGE_TRIES SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
+-<!ENTITY PASS_MAX_LEN SYSTEM "login.defs.d/PASS_MAX_LEN.xml">
+ <!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
+ <!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
+ <!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
+-<!ENTITY PORTTIME_CHECKS_ENAB SYSTEM "login.defs.d/PORTTIME_CHECKS_ENAB.xml">
+-<!ENTITY QUOTAS_ENAB SYSTEM "login.defs.d/QUOTAS_ENAB.xml">
+ <!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+-<!ENTITY SULOG_FILE SYSTEM "login.defs.d/SULOG_FILE.xml">
+-<!ENTITY SU_NAME SYSTEM "login.defs.d/SU_NAME.xml">
+-<!ENTITY SU_WHEEL_ONLY SYSTEM "login.defs.d/SU_WHEEL_ONLY.xml">
+ <!ENTITY SUB_GID_COUNT SYSTEM "login.defs.d/SUB_GID_COUNT.xml">
+ <!ENTITY SUB_UID_COUNT SYSTEM "login.defs.d/SUB_UID_COUNT.xml">
+ <!ENTITY SYS_GID_MAX SYSTEM "login.defs.d/SYS_GID_MAX.xml">
+ <!ENTITY SYSLOG_SG_ENAB SYSTEM "login.defs.d/SYSLOG_SG_ENAB.xml">
+-<!ENTITY SYSLOG_SU_ENAB SYSTEM "login.defs.d/SYSLOG_SU_ENAB.xml">
+ <!ENTITY SYS_UID_MAX SYSTEM "login.defs.d/SYS_UID_MAX.xml">
+ <!ENTITY TCB_AUTH_GROUP SYSTEM "login.defs.d/TCB_AUTH_GROUP.xml">
+ <!ENTITY TCB_SYMLINKS SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
+ <!ENTITY TTYGROUP SYSTEM "login.defs.d/TTYGROUP.xml">
+-<!ENTITY TTYTYPE_FILE SYSTEM "login.defs.d/TTYTYPE_FILE.xml">
+ <!ENTITY UID_MAX SYSTEM "login.defs.d/UID_MAX.xml">
+-<!ENTITY ULIMIT SYSTEM "login.defs.d/ULIMIT.xml">
+ <!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
+ <!ENTITY USERDEL_CMD SYSTEM "login.defs.d/USERDEL_CMD.xml">
+ <!ENTITY USERGROUPS_ENAB SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
+@@ -147,48 +115,25 @@
+ <para>The following configuration items are provided:</para>
+
+ <variablelist remap='IP'>
+- &BCRYPT_MIN_ROUNDS; <!-- documents also BCRYPT_MAX_ROUNDS -->
+- &CHFN_AUTH;
+ &CHFN_RESTRICT;
+- &CHSH_AUTH;
+- &CONSOLE;
+- &CONSOLE_GROUPS;
+ &CREATE_HOME;
+ &DEFAULT_HOME;
+ &ENCRYPT_METHOD;
+- &ENV_HZ;
+ &ENV_PATH;
+ &ENV_SUPATH;
+- &ENV_TZ;
+- &ENVIRON_FILE;
+- &ERASECHAR;
+ &FAIL_DELAY;
+- &FAILLOG_ENAB;
+- &FAKE_SHELL;
+- &FTMP_FILE;
+ &GID_MAX; <!-- documents also GID_MIN -->
+ &HMAC_CRYPTO_ALGO;
+ &HOME_MODE;
+ &HUSHLOGIN_FILE;
+- &ISSUE_FILE;
+- &KILLCHAR;
+- &LASTLOG_ENAB;
+ &LASTLOG_UID_MAX;
+- &LOG_OK_LOGINS;
+ &LOG_UNKFAIL_ENAB;
+ &LOGIN_RETRIES;
+- &LOGIN_STRING;
+ &LOGIN_TIMEOUT;
+- &MAIL_CHECK_ENAB;
+ &MAIL_DIR;
+ &MAX_MEMBERS_PER_GROUP;
+- &MD5_CRYPT_ENAB;
+ &MOTD_FILE;
+- &NOLOGINS_FILE;
+ &NONEXISTENT;
+- &OBSCURE_CHECKS_ENAB;
+- &PASS_ALWAYS_WARN;
+- &PASS_CHANGE_TRIES;
+ &PASS_MAX_DAYS;
+ &PASS_MIN_DAYS;
+ &PASS_WARN_AGE;
+@@ -198,25 +143,16 @@
+ time of account creation. Any changes to these settings won't affect
+ existing accounts.
+ </para>
+- &PASS_MAX_LEN; <!-- documents also PASS_MIN_LEN -->
+- &PORTTIME_CHECKS_ENAB;
+- "AS_ENAB;
+ &SHA_CRYPT_MIN_ROUNDS; <!-- documents also SHA_CRYPT_MAX_ROUNDS -->
+- &SULOG_FILE;
+- &SU_NAME;
+- &SU_WHEEL_ONLY;
+ &SUB_GID_COUNT; <!-- documents also SUB_GID_MIN SUB_GID_MAX -->
+ &SUB_UID_COUNT; <!-- documents also SUB_UID_MIN SUB_UID_MAX -->
+ &SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
+ &SYS_UID_MAX; <!-- documents also SYS_UID_MIN -->
+ &SYSLOG_SG_ENAB;
+- &SYSLOG_SU_ENAB;
+ &TCB_AUTH_GROUP;
+ &TCB_SYMLINKS;
+ &TTYGROUP;
+- &TTYTYPE_FILE;
+ &UID_MAX; <!-- documents also UID_MIN -->
+- &ULIMIT;
+ &UMASK;
+ &USERDEL_CMD;
+ &USERGROUPS_ENAB;
+@@ -255,7 +191,7 @@
+ <para>
+ <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ BCRYPT_MIN_ROUNDS</phrase>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
+@@ -280,7 +216,7 @@
+ <term>chsh</term>
+ <listitem>
+ <para>
+- CHSH_AUTH LOGIN_STRING
++ CHSH_AUTH
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -292,7 +228,7 @@
+ <para>
+ <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ BCRYPT_MIN_ROUNDS</phrase>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
+@@ -352,35 +288,6 @@
+ <para>LASTLOG_UID_MAX</para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>login</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENV_PATH ENV_SUPATH
+- ENV_TZ ENVIRON_FILE</phrase>
+- ERASECHAR FAIL_DELAY
+- <phrase condition="no_pam">FAILLOG_ENAB</phrase>
+- FAKE_SHELL
+- <phrase condition="no_pam">FTMP_FILE</phrase>
+- HUSHLOGIN_FILE
+- <phrase condition="no_pam">ISSUE_FILE</phrase>
+- KILLCHAR
+- <phrase condition="no_pam">LASTLOG_ENAB LASTLOG_UID_MAX</phrase>
+- LOGIN_RETRIES
+- <phrase condition="no_pam">LOGIN_STRING</phrase>
+- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
+- <phrase condition="no_pam">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
+- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
+- QUOTAS_ENAB</phrase>
+- TTYGROUP TTYPERM TTYTYPE_FILE
+- <phrase condition="no_pam">ULIMIT UMASK</phrase>
+- USERGROUPS_ENAB
+- </para>
+- </listitem>
+- </varlistentry>
+- <!-- logoutd: no variables -->
+ <varlistentry>
+ <term>newgrp / sg</term>
+ <listitem>
+@@ -397,7 +304,7 @@
+ BCRYPT_MIN_ROUNDS</phrase>
+ ENCRYPT_METHOD
+ GID_MAX GID_MIN
+- MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ MAX_MEMBERS_PER_GROUP
+ HOME_MODE
+ PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+@@ -417,8 +324,7 @@
+ <para>
+ <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ BCRYPT_MIN_ROUNDS</phrase>
+- ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
+- PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
++ ENCRYPT_METHOD
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
+@@ -451,32 +357,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>su</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENVIRON_FILE</phrase>
+- ENV_PATH ENV_SUPATH
+- <phrase condition="no_pam">ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
+- MAIL_DIR MAIL_FILE QUOTAS_ENAB</phrase>
+- SULOG_FILE SU_NAME
+- <phrase condition="no_pam">SU_WHEEL_ONLY</phrase>
+- SYSLOG_SU_ENAB
+- <phrase condition="no_pam">USERGROUPS_ENAB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry condition="no_pam">
+- <term>sulogin</term>
+- <listitem>
+- <para>
+- ENV_HZ
+- ENV_TZ
+- </para>
+- </listitem>
+- </varlistentry>
+ <varlistentry>
+ <term>useradd</term>
+ <listitem>
+@@ -505,24 +385,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>usermod</term>
+- <listitem>
+- <para>
+- LASTLOG_UID_MAX
+- MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP
+- <phrase condition="tcb">TCB_SYMLINKS USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry condition="tcb">
+- <term>vipw</term>
+- <listitem>
+- <para>
+- <phrase condition="tcb">USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+ </variablelist>
+ </refsect1>
+
+--
+2.44.0
+
diff --git a/srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch b/srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch
new file mode 100644
index 00000000000000..9f90710bcbb5ce
--- /dev/null
+++ b/srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch
@@ -0,0 +1,721 @@
+etc/pam.d/Makefile.am:
+Disable installation of PAM integration for chfn, chsh and login tools
+as they are provided by util-linux.
+
+man/Makefile.am, man/*/Makefile.am:
+Disable man pages for chfn, chsh, login, logoutd, newgrp, nologin, vigr,
+vipw and su as they are either no longer used or replaced by util-linux.
+
+src/Makefile.am:
+Set usbindir to use bin instead of sbin, as Void Linux is a /usr and bin
+merge distribution.
+Remove the use of login, nologin, chfn, chsh, logoutd, vipw and vigr, as
+they are either not used or replaced by util-linux.
+Move newgrp to replace sg (instead of it being a symlink).
+---
+ etc/pam.d/Makefile.am | 3 ---
+ man/Makefile.am | 20 +++-----------------
+ man/cs/Makefile.am | 8 ++------
+ man/da/Makefile.am | 8 +-------
+ man/de/Makefile.am | 11 +----------
+ man/fi/Makefile.am | 5 +----
+ man/fr/Makefile.am | 11 +----------
+ man/hu/Makefile.am | 6 +-----
+ man/id/Makefile.am | 2 --
+ man/it/Makefile.am | 11 +----------
+ man/ja/Makefile.am | 10 +---------
+ man/ko/Makefile.am | 8 +-------
+ man/pl/Makefile.am | 7 +------
+ man/ru/Makefile.am | 11 +----------
+ man/sv/Makefile.am | 8 +-------
+ man/tr/Makefile.am | 3 ---
+ man/uk/Makefile.am | 11 +----------
+ man/zh_CN/Makefile.am | 11 +----------
+ man/zh_TW/Makefile.am | 4 ----
+ src/Makefile.am | 18 +++++++-----------
+ 20 files changed, 25 insertions(+), 151 deletions(-)
+
+diff --git a/etc/pam.d/Makefile.am b/etc/pam.d/Makefile.am
+index b8e4321f..73d4554f 100644
+--- a/etc/pam.d/Makefile.am
++++ b/etc/pam.d/Makefile.am
+@@ -3,10 +3,7 @@
+
+ pamd_files = \
+ chpasswd \
+- chfn \
+- chsh \
+ groupmems \
+- login \
+ newusers \
+ passwd
+
+diff --git a/man/Makefile.am b/man/Makefile.am
+index cffef699..f57e476d 100644
+--- a/man/Makefile.am
++++ b/man/Makefile.am
+@@ -8,10 +8,8 @@ endif
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -26,12 +24,9 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
++ man8/lastlog.8 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -43,9 +38,7 @@ man_MANS = \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+@@ -77,10 +70,8 @@ endif
+
+ man_XMANS = \
+ chage.1.xml \
+- chfn.1.xml \
+ chgpasswd.8.xml \
+ chpasswd.8.xml \
+- chsh.1.xml \
+ expiry.1.xml \
+ faillog.5.xml \
+ faillog.8.xml \
+@@ -94,12 +85,9 @@ man_XMANS = \
+ grpck.8.xml \
+ gshadow.5.xml \
+ limits.5.xml \
+- login.1.xml \
+ login.access.5.xml \
+ login.defs.5.xml \
+- logoutd.8.xml \
+ newgidmap.1.xml \
+- newgrp.1.xml \
+ newuidmap.1.xml \
+ newusers.8.xml \
+ nologin.8.xml \
+@@ -111,14 +99,12 @@ man_XMANS = \
+ shadow.3.xml \
+ shadow.5.xml \
+ sg.1.xml \
+- su.1.xml \
+ suauth.5.xml \
+ subgid.5.xml \
+ subuid.5.xml \
+ useradd.8.xml \
+ userdel.8.xml \
+- usermod.8.xml \
+- vipw.8.xml
++ usermod.8.xml
+
+ if ENABLE_LASTLOG
+ man_XMANS += lastlog.8.xml
+diff --git a/man/cs/Makefile.am b/man/cs/Makefile.am
+index 84407d71..c5ef7cf5 100644
+--- a/man/cs/Makefile.am
++++ b/man/cs/Makefile.am
+@@ -12,11 +12,8 @@ man_MANS = \
+ man1/groups.1 \
+ man8/grpck.8 \
+ man5/gshadow.5 \
+- man8/nologin.8 \
+ man5/passwd.5 \
+- man5/shadow.5 \
+- man1/su.1 \
+- man8/vipw.8
++ man5/shadow.5
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+@@ -24,6 +21,5 @@ endif
+
+ EXTRA_DIST = $(man_MANS) \
+ man1/id.1 \
+- man8/groupmems.8 \
+- man8/logoutd.8
++ man8/groupmems.8
+
+diff --git a/man/da/Makefile.am b/man/da/Makefile.am
+index a3b09224..e45bef66 100644
+--- a/man/da/Makefile.am
++++ b/man/da/Makefile.am
+@@ -3,16 +3,10 @@ mandir = @mandir@/da
+
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = \
+- man1/chfn.1 \
+ man8/groupdel.8 \
+ man1/groups.1 \
+ man5/gshadow.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+- man8/nologin.8 \
+- man1/sg.1 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man1/sg.1
+
+ man_nopam =
+
+diff --git a/man/de/Makefile.am b/man/de/Makefile.am
+index 671432d3..333d5524 100644
+--- a/man/de/Makefile.am
++++ b/man/de/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/de
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/fi/Makefile.am b/man/fi/Makefile.am
+index 26a1a848..f02b92f3 100644
+--- a/man/fi/Makefile.am
++++ b/man/fi/Makefile.am
+@@ -1,10 +1,7 @@
+
+ mandir = @mandir@/fi
+
+-man_MANS = \
+- man1/chfn.1 \
+- man1/chsh.1 \
+- man1/su.1
++man_MANS =
+
+ # Outdated manpages
+ # passwd.1 (https://bugs.launchpad.net/ubuntu/+bug/384024)
+diff --git a/man/fr/Makefile.am b/man/fr/Makefile.am
+index 335e0298..9962c038 100644
+--- a/man/fr/Makefile.am
++++ b/man/fr/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/fr
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/hu/Makefile.am b/man/hu/Makefile.am
+index 205bb0a8..3d813179 100644
+--- a/man/hu/Makefile.am
++++ b/man/hu/Makefile.am
+@@ -2,15 +2,11 @@
+ mandir = @mandir@/hu
+
+ man_MANS = \
+- man1/chsh.1 \
+ man1/gpasswd.1 \
+ man1/groups.1 \
+- man1/login.1 \
+- man1/newgrp.1 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+- man1/sg.1 \
+- man1/su.1
++ man1/sg.1
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/id/Makefile.am b/man/id/Makefile.am
+index 21f3dbe9..6d10b930 100644
+--- a/man/id/Makefile.am
++++ b/man/id/Makefile.am
+@@ -2,8 +2,6 @@
+ mandir = @mandir@/id
+
+ man_MANS = \
+- man1/chsh.1 \
+- man1/login.1 \
+ man8/useradd.8
+
+ EXTRA_DIST = $(man_MANS)
+diff --git a/man/it/Makefile.am b/man/it/Makefile.am
+index b76187fa..1f62e20e 100644
+--- a/man/it/Makefile.am
++++ b/man/it/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/it
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/ja/Makefile.am b/man/ja/Makefile.am
+index 13f18da1..3401a085 100644
+--- a/man/ja/Makefile.am
++++ b/man/ja/Makefile.am
+@@ -3,9 +3,7 @@ mandir = @mandir@/ja
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -17,10 +15,7 @@ man_MANS = \
+ man8/grpck.8 \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+@@ -29,13 +24,10 @@ man_MANS = \
+ man8/pwunconv.8 \
+ man1/sg.1 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/ko/Makefile.am b/man/ko/Makefile.am
+index c269f0bb..9616cb3e 100644
+--- a/man/ko/Makefile.am
++++ b/man/ko/Makefile.am
+@@ -2,14 +2,8 @@
+ mandir = @mandir@/ko
+
+ man_MANS = \
+- man1/chfn.1 \
+- man1/chsh.1 \
+ man1/groups.1 \
+- man1/login.1 \
+- man5/passwd.5 \
+- man1/su.1 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man5/passwd.5
+ # newgrp.1 must be updated
+ # newgrp.1
+
+diff --git a/man/pl/Makefile.am b/man/pl/Makefile.am
+index b2f096f7..00817d37 100644
+--- a/man/pl/Makefile.am
++++ b/man/pl/Makefile.am
+@@ -4,7 +4,6 @@ mandir = @mandir@/pl
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = \
+ man1/chage.1 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -15,14 +14,10 @@ man_MANS = \
+ man8/groupmod.8 \
+ man1/groups.1 \
+ man8/grpck.8 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/ru/Makefile.am b/man/ru/Makefile.am
+index 84d55d9e..b65f4881 100644
+--- a/man/ru/Makefile.am
++++ b/man/ru/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/ru
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/sv/Makefile.am b/man/sv/Makefile.am
+index 70329edf..58fa80e5 100644
+--- a/man/sv/Makefile.am
++++ b/man/sv/Makefile.am
+@@ -3,7 +3,6 @@ mandir = @mandir@/sv
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = \
+ man1/chage.1 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -15,18 +14,13 @@ man_MANS = \
+ man1/groups.1 \
+ man8/grpck.8 \
+ man5/gshadow.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/suauth.5 \
+- man8/userdel.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/userdel.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/tr/Makefile.am b/man/tr/Makefile.am
+index 8d8b9166..4fe3632a 100644
+--- a/man/tr/Makefile.am
++++ b/man/tr/Makefile.am
+@@ -2,15 +2,12 @@ mandir = @mandir@/tr
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/groupadd.8 \
+ man8/groupdel.8 \
+ man8/groupmod.8 \
+- man1/login.1 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+ man8/usermod.8
+diff --git a/man/uk/Makefile.am b/man/uk/Makefile.am
+index 3fb5ffb3..e13c8fee 100644
+--- a/man/uk/Makefile.am
++++ b/man/uk/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/uk
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/zh_CN/Makefile.am b/man/zh_CN/Makefile.am
+index a8b93a56..42ad764d 100644
+--- a/man/zh_CN/Makefile.am
++++ b/man/zh_CN/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/zh_CN
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/zh_TW/Makefile.am b/man/zh_TW/Makefile.am
+index c36ed2c7..26696b67 100644
+--- a/man/zh_TW/Makefile.am
++++ b/man/zh_TW/Makefile.am
+@@ -2,15 +2,11 @@
+ mandir = @mandir@/zh_TW
+
+ man_MANS = \
+- man1/chfn.1 \
+- man1/chsh.1 \
+ man8/chpasswd.8 \
+- man1/newgrp.1 \
+ man8/groupadd.8 \
+ man8/groupdel.8 \
+ man8/groupmod.8 \
+ man5/passwd.5 \
+- man1/su.1 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+ man8/usermod.8
+diff --git a/src/Makefile.am b/src/Makefile.am
+index b6cb09ef..bfe73b09 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -3,7 +3,7 @@ EXTRA_DIST = \
+ .indent.pro
+
+ ubindir = ${prefix}/bin
+-usbindir = ${prefix}/sbin
++usbindir = ${prefix}/bin
+ suidperms = 4755
+ sgidperms = 2755
+
+@@ -26,9 +26,9 @@ AM_CFLAGS = $(LIBBSD_CFLAGS)
+ # and installation would be much simpler (just two directories,
+ # $prefix/bin and $prefix/sbin, no install-data hacks...)
+
+-bin_PROGRAMS = groups login
+-sbin_PROGRAMS = nologin
+-ubin_PROGRAMS = faillog chage chfn chsh expiry gpasswd newgrp passwd
++bin_PROGRAMS = groups
++sbin_PROGRAMS =
++ubin_PROGRAMS = faillog lastlog chage expiry gpasswd newgrp passwd
+ if ENABLE_SUBIDS
+ ubin_PROGRAMS += newgidmap newuidmap
+ endif
+@@ -48,22 +48,20 @@ usbin_PROGRAMS = \
+ grpck \
+ grpconv \
+ grpunconv \
+- logoutd \
+ newusers \
+ pwck \
+ pwconv \
+ pwunconv \
+ useradd \
+ userdel \
+- usermod \
+- vipw
++ usermod
+
+ # id and groups are from gnu, sulogin from sysvinit
+ noinst_PROGRAMS = id sulogin
+
+ suidusbins =
+ suidbins =
+-suidubins = chage chfn chsh expiry gpasswd newgrp
++suidubins = chage expiry gpasswd newgrp
+ if WITH_SU
+ suidbins += su
+ endif
+@@ -135,18 +133,16 @@ sulogin_LDADD = $(LDADD) $(LIBCRYPT) $(LIBECONF)
+ useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl
+ userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF) -ldl
+ usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl
+-vipw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
+
+ install-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+- ln -sf newgrp $(DESTDIR)$(ubindir)/sg
+- ln -sf vipw $(DESTDIR)$(usbindir)/vigr
+ set -e; for i in $(suidbins); do \
+ chmod $(suidperms) $(DESTDIR)$(bindir)/$$i; \
+ done
+ set -e; for i in $(suidubins); do \
+ chmod $(suidperms) $(DESTDIR)$(ubindir)/$$i; \
+ done
++ mv -v $(DESTDIR)$(ubindir)/newgrp $(DESTDIR)$(ubindir)/sg
+ set -e; for i in $(suidusbins); do \
+ chmod $(suidperms) $(DESTDIR)$(usbindir)/$$i; \
+ done
+--
+2.44.0
+
diff --git a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch b/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
deleted file mode 100644
index c5564fffdc3852..00000000000000
--- a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
+++ /dev/null
@@ -1,23 +0,0 @@
---- a/src/usermod.c 2012-02-13 08:19:43.792146449 -0500
-+++ b/src/usermod.c 2012-02-13 08:21:19.375114500 -0500
-@@ -182,7 +182,7 @@
- struct tm *tp;
-
- if (date < 0) {
-- strncpy (buf, "never", maxsize);
-+ strncpy (buf, "never", maxsize - 1);
- } else {
- time_t t = (time_t) date;
- tp = gmtime (&t);
---- a/src/login.c 2012-02-13 08:19:50.951994454 -0500
-+++ b/src/login.c 2012-02-13 08:21:04.490430937 -0500
-@@ -752,7 +752,8 @@
- _("%s login: "), hostn);
- } else {
- strncpy (loginprompt, _("login: "),
-- sizeof (loginprompt));
-+ sizeof (loginprompt) - 1);
-+ loginprompt[sizeof (loginprompt) - 1] = '\0';
- }
-
- retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
diff --git a/srcpkgs/shadow/patches/useradd-defaults.patch b/srcpkgs/shadow/patches/useradd-defaults.patch
new file mode 100644
index 00000000000000..38035df40cfcab
--- /dev/null
+++ b/srcpkgs/shadow/patches/useradd-defaults.patch
@@ -0,0 +1,21 @@
+diff --git a/src/useradd.c b/src/useradd.c
+index 677ea5a636f..49f55211a17 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -87,14 +87,14 @@ const char *Prog;
+ /*
+ * These defaults are used if there is no defaults file.
+ */
+-static gid_t def_group = 1000;
++static gid_t def_group = 100;
+ static const char *def_groups = "";
+ static const char *def_gname = "other";
+ static const char *def_home = "/home";
+ static const char *def_shell = "/bin/bash";
+ static const char *def_template = SKEL_DIR;
+ static const char *def_usrtemplate = USRSKELDIR;
+-static const char *def_create_mail_spool = "yes";
++static const char *def_create_mail_spool = "no";
+ static const char *def_log_init = "yes";
+
+ static long def_inactive = -1;
diff --git a/srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch b/srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch
new file mode 100644
index 00000000000000..fc0f5aa6eb1e93
--- /dev/null
+++ b/srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch
@@ -0,0 +1,43 @@
+etc/login.defs:
+- Change `ENV_SUPATH` and `ENV_SUPATH` to only use
+ /usr/local/sbin:/usr/local/bin:/usr/bin as Void is a /usr and
+ bin merge distribution.
+- Set `HOME_MODE` to `0700` to be able to rely on a `UMASK` of `022`
+ while creating home directories in a privacy conserving manner.
+- Change ENCRYPT_METHOD to YESCRYPT as it is a safer hashing algorithm
+ than DES.
+---
+
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -55,8 +55,8 @@ HUSHLOGIN_FILE .hushlogin
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+ # (they are minimal, add the rest in the shell startup files)
+-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
+-ENV_PATH PATH=/bin:/usr/bin
++ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
++ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+
+ #
+ # Terminal permissions
+@@ -84,7 +84,7 @@ UMASK 022
+ # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+ # home directories.
+ # If HOME_MODE is not set, the value of UMASK is used to create the mode.
+-#HOME_MODE 0700
++HOME_MODE 0700
+
+ #
+ # Password aging controls:
+@@ -152,7 +152,7 @@ CHFN_RESTRICT rwh
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+-#ENCRYPT_METHOD DES
++ENCRYPT_METHOD YESCRYPT
+
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+--
+2.44.0
diff --git a/srcpkgs/shadow/patches/xstrdup.patch b/srcpkgs/shadow/patches/xstrdup.patch
deleted file mode 100644
index 562febcf4164f1..00000000000000
--- a/srcpkgs/shadow/patches/xstrdup.patch
+++ /dev/null
@@ -1,9 +0,0 @@
---- a/libmisc/xmalloc.c 2008-08-30 21:55:44.000000000 -0500
-+++ b/libmisc/xmalloc.c.new 2008-08-30 21:55:36.000000000 -0500
-@@ -61,5 +61,6 @@
-
- char *xstrdup (const char *str)
- {
-+ if(str == NULL) return NULL;
- return strcpy (xmalloc (strlen (str) + 1), str);
- }
diff --git a/srcpkgs/shadow/template b/srcpkgs/shadow/template
index c7ece33540c9a0..05d686fea9dce9 100644
--- a/srcpkgs/shadow/template
+++ b/srcpkgs/shadow/template
@@ -1,45 +1,52 @@
# Template file for 'shadow'
pkgname=shadow
-version=4.8.1
-revision=3
+version=4.16.0
+revision=1
build_style=gnu-configure
-configure_args="--bindir=/usr/bin --sbindir=/usr/bin
- --enable-shared --disable-static
- --with-libpam --without-selinux --with-acl --with-attr --without-su
- --disable-nls --enable-subordinate-ids --disable-account-tools-setuid
- --with-group-name-max-length=32"
-hostmakedepends="libtool"
-makedepends="acl-devel pam-devel"
+configure_args="--bindir=/usr/bin --sbindir=/usr/bin --libdir=/usr/lib
+ --enable-shared --disable-static --enable-lastlog --with-libpam
+ --with-yescrypt --without-selinux --with-acl --with-attr --without-su
+ --disable-nls --without-bcrypt --enable-subordinate-ids
+ --disable-account-tools-setuid --with-group-name-max-length=32"
+hostmakedepends="libtool pkg-config"
+makedepends="acl-devel pam-devel libbsd-devel"
depends="pam"
short_desc="Shadow password file utilities"
maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://github.com/shadow-maint/shadow"
distfiles="${homepage}/releases/download/${version}/shadow-${version}.tar.xz"
-checksum=a3ad4630bdc41372f02a647278a8c3514844295d36eefe68ece6c3a641c1ae62
-conf_files="/etc/pam.d/* /etc/default/* /etc/login.defs"
+checksum=b78e3921a95d53282a38e90628880624736bf6235e36eea50c50835f59a3530b
+conf_files="
+ /etc/pam.d/chage
+ /etc/pam.d/chgpasswd
+ /etc/pam.d/chpasswd
+ /etc/pam.d/groupadd
+ /etc/pam.d/groupdel
+ /etc/pam.d/groupmems
+ /etc/pam.d/groupmod
+ /etc/pam.d/newusers
+ /etc/pam.d/passwd
+ /etc/pam.d/useradd
+ /etc/pam.d/userdel
+ /etc/pam.d/usermod"
if [ "$XBPS_TARGET_LIBC" = "glibc" ]; then
makedepends+=" libxcrypt-devel"
fi
-pre_configure() {
- case "$XBPS_TARGET_MACHINE" in
- # Completely disable unportable ruserok().
- *-musl) sed '/RUSEROK/d' -i configure;;
- esac
-}
-
do_build() {
# Don't install groups(1), we use the one from coreutils.
- sed -i 's/groups$(EXEEXT) //' src/Makefile
- for f in $(find man -name Makefile); do
+ sed -i 's/groups$(EXEEXT) //' src/Makefile.in
+ for f in $(find man -name Makefile.in); do
sed -i 's/groups\.1 / /' $f
done
make ${makejobs}
}
post_install() {
+ make -C man DESTDIR="$DESTDIR" install-man
+
mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin
# Install our pam files not the ones supplied with shadow.
@@ -51,14 +58,6 @@ post_install() {
groupmod newusers useradd userdel usermod; do
install -m644 $DESTDIR/etc/pam.d/chage $DESTDIR/etc/pam.d/${f}
done
- install -m644 ${FILESDIR}/login.defs ${DESTDIR}/etc
-
- # Disable creating mailbox files by default.
- sed -i -e 's/yes/no/' $DESTDIR/etc/default/useradd
- # Change default group to the users gid (100).
- sed -i -e 's/^\(GROUP\)=\(.*\)$/\1=100/' ${DESTDIR}/etc/default/useradd
-
- chmod 644 ${DESTDIR}/etc/default/useradd
# Install the cron daily job.
install -Dm744 ${FILESDIR}/shadow.cron-daily \
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.16.0.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (56 preceding siblings ...)
2024-07-14 15:57 ` [PR PATCH] [Updated] " dataCobra
@ 2024-07-14 16:00 ` dataCobra
2024-07-14 17:25 ` alejandro-colomar
` (11 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-07-14 16:00 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 328 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-2227395530
Comment:
Updated the PR to shadow 4.16.0. But didn't had the time to check the package.
Just updating to make sure everyone who wants to can have a look.
Help and discussion is appreciated.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.16.0.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (57 preceding siblings ...)
2024-07-14 16:00 ` shadow: update to 4.16.0 dataCobra
@ 2024-07-14 17:25 ` alejandro-colomar
2024-07-14 17:26 ` alejandro-colomar
` (10 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: alejandro-colomar @ 2024-07-14 17:25 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1119 bytes --]
New comment by alejandro-colomar on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-2227420709
Comment:
Hi!
I've been improving the parsing of integers in shadow for some years. We've come up with a set of APIs that I've packaged in a standalone library, to reduce the work of maintaining shadow utils, and also to allow other projects to reuse those functions.
The functions and macros under <https://github.com/shadow-maint/shadow/tree/master/lib/atoi> are now available in <https://git.kernel.org/pub/scm/libs/liba2i/liba2i.git/>, and at some point, we'll remove them from shadow and depend on that library: <https://github.com/shadow-maint/shadow/pull/1049>.
We'd need distros to start packaging that library, so that in a year or two we could do that change.
I've released 0.10 today, and it should be already good for packaging. I'm waiting for several distros to package it to get their feedback, and adjust any issues they find before releasing 1.0.
Would you mind having a look at packaging that library?
Thanks!
And have a lovely day!
Alex
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.16.0.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (58 preceding siblings ...)
2024-07-14 17:25 ` alejandro-colomar
@ 2024-07-14 17:26 ` alejandro-colomar
2024-07-14 17:27 ` alejandro-colomar
` (9 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: alejandro-colomar @ 2024-07-14 17:26 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1155 bytes --]
New comment by alejandro-colomar on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-2227420709
Comment:
Hi!
I've been improving the parsing of integers in shadow for some years, fixing several bugs in the process. We've come up with a set of APIs that I've packaged in a standalone library, to reduce the work of maintaining shadow utils, and also to allow other projects to reuse those functions.
The functions and macros under <https://github.com/shadow-maint/shadow/tree/master/lib/atoi> are now available in <https://git.kernel.org/pub/scm/libs/liba2i/liba2i.git/>, and at some point, we'll remove them from shadow and depend on that library: <https://github.com/shadow-maint/shadow/pull/1049>.
We'd need distros to start packaging that library, so that in a year or two we could do that change.
I've released 0.10 today, and it should be already good for packaging. I'm waiting for several distros to package it to get their feedback, and adjust any issues they find before releasing 1.0.
Would you mind having a look at packaging that library?
Thanks!
And have a lovely day!
Alex
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.16.0.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (59 preceding siblings ...)
2024-07-14 17:26 ` alejandro-colomar
@ 2024-07-14 17:27 ` alejandro-colomar
2024-10-17 1:59 ` github-actions
` (8 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: alejandro-colomar @ 2024-07-14 17:27 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1259 bytes --]
New comment by alejandro-colomar on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-2227420709
Comment:
Hi!
I've been improving the parsing of integers in shadow for some years, fixing several bugs in the process. We've come up with a set of APIs that I've packaged in a standalone library, to reduce the work of maintaining shadow utils, and also to allow other projects to reuse those functions.
The functions and macros under <https://github.com/shadow-maint/shadow/tree/master/lib/atoi> are now available in <https://git.kernel.org/pub/scm/libs/liba2i/liba2i.git/>, and at some point, we'll remove them from shadow and depend on that library: <https://github.com/shadow-maint/shadow/pull/1049>.
We'd need distros to start packaging that library, so that in a year or two we could do that change.
I've released 0.10 today (<https://lore.kernel.org/liba2i/sovz7apsg5dqg6npx2lg4qbrq5mnhfygalczhwt7twtxdqnpqp@a6cglzcng6ji/T/#u>), and it should be already good for packaging. I'm waiting for several distros to package it to get their feedback, and adjust any issues they find before releasing 1.0.
Would you mind having a look at packaging that library?
Thanks!
And have a lovely day!
Alex
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.16.0.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (60 preceding siblings ...)
2024-07-14 17:27 ` alejandro-colomar
@ 2024-10-17 1:59 ` github-actions
2024-10-17 7:05 ` dataCobra
` (7 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: github-actions @ 2024-10-17 1:59 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 305 bytes --]
New comment by github-actions[bot] on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-2418334558
Comment:
Pull Requests become stale 90 days after last activity and are closed 14 days after that. If this pull request is still relevant bump it or assign it.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.16.0.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (61 preceding siblings ...)
2024-10-17 1:59 ` github-actions
@ 2024-10-17 7:05 ` dataCobra
2024-10-18 8:31 ` [PR PATCH] [Updated] " dataCobra
` (6 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-10-17 7:05 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 149 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-2418729532
Comment:
bump.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR PATCH] [Updated] shadow: update to 4.16.0.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (62 preceding siblings ...)
2024-10-17 7:05 ` dataCobra
@ 2024-10-18 8:31 ` dataCobra
2024-10-18 8:31 ` dataCobra
` (5 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-10-18 8:31 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 678 bytes --]
There is an updated pull request by dataCobra against master on the void-packages repository
https://github.com/dataCobra/void-packages shadow
https://github.com/void-linux/void-packages/pull/48813
shadow: update to 4.16.0.
#### Testing the changes
- I tested the changes in this PR: **NOT YET**
#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- x86_64-musl
- i686
I welcome everyone to test this version. Maybe also on a new installation.
A patch file from https://github.com/void-linux/void-packages/pull/48813.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-shadow-48813.patch --]
[-- Type: text/x-diff, Size: 52163 bytes --]
From 1aecd2f56380a59f20afea05d39b462a605800a8 Mon Sep 17 00:00:00 2001
From: dataCobra <datacobra@thinkbot.de>
Date: Sun, 14 Jul 2024 17:57:16 +0200
Subject: [PATCH] shadow: update to 4.16.0.
---
common/shlibs | 1 +
srcpkgs/shadow/files/login.defs | 87 ---
...pt-login.defs-for-PAM-and-util-linux.patch | 694 +++++++++++++++++
...-tools-their-man-pages-and-PAM-integ.patch | 721 ++++++++++++++++++
.../shadow/patches/shadow-strncpy-usage.patch | 23 -
srcpkgs/shadow/patches/useradd-defaults.patch | 21 +
.../void-linux-defaults-for-login.defs.patch | 43 ++
srcpkgs/shadow/patches/xstrdup.patch | 9 -
srcpkgs/shadow/template | 55 +-
9 files changed, 1507 insertions(+), 147 deletions(-)
delete mode 100644 srcpkgs/shadow/files/login.defs
create mode 100644 srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch
create mode 100644 srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch
delete mode 100644 srcpkgs/shadow/patches/shadow-strncpy-usage.patch
create mode 100644 srcpkgs/shadow/patches/useradd-defaults.patch
create mode 100644 srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch
delete mode 100644 srcpkgs/shadow/patches/xstrdup.patch
diff --git a/common/shlibs b/common/shlibs
index 41030500290ef9..24d9665d5c645f 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -4538,3 +4538,4 @@ libsfdo-desktop.so.0 libsfdo-0.1.3_1
libsfdo-desktop-file.so.0 libsfdo-0.1.3_1
libsfdo-icon.so.0 libsfdo-0.1.3_1
libKMahjongg6.so.6 libkmahjongg-24.08.2_1
+libsubid.so.5 shadow-4.16.0_1
diff --git a/srcpkgs/shadow/files/login.defs b/srcpkgs/shadow/files/login.defs
deleted file mode 100644
index 350764846af4b0..00000000000000
--- a/srcpkgs/shadow/files/login.defs
+++ /dev/null
@@ -1,87 +0,0 @@
-# Configuration file for login(1). For more information see
-# login.defs(5).
-
-# Directory where mailboxes reside, _or_ name of file, relative to the
-# home directory. If you do define both, MAIL_DIR takes precedence.
-#
-MAIL_DIR /var/mail
-#MAIL_FILE .mail
-
-# Password aging controls:
-#
-# PASS_MAX_DAYS Maximum number of days a password may be used.
-# PASS_MIN_DAYS Minimum number of days allowed between password changes.
-# PASS_MIN_LEN Minimum acceptable password length.
-# PASS_WARN_AGE Number of days warning given before a password expires.
-PASS_MAX_DAYS 99999
-PASS_MIN_DAYS 0
-PASS_WARN_AGE 7
-
-# Min/max values for automatic uid selection in useradd
-UID_MIN 1000
-UID_MAX 60000
-# System accounts
-SYS_UID_MIN 100
-SYS_UID_MAX 999
-
-# Min/max values for automatic gid selection in groupadd
-GID_MIN 1000
-GID_MAX 60000
-# System accounts
-SYS_GID_MIN 100
-SYS_GID_MAX 999
-
-# If useradd should create home directories for users by default
-CREATE_HOME yes
-
-# This enables userdel to remove user groups if no members exist.
-USERGROUPS_ENAB yes
-
-# Disable MOTD_FILE (empty); use pam_motd(8) instead.
-MOTD_FILE
-
-
-# If defined, either full pathname of a file containing device names or
-# a ":" delimited list of device names. Root logins will be allowed only
-# upon these devices.
-#
-CONSOLE /etc/securetty
-
-# Terminal permissions
-#
-# TTYGROUP Login tty will be assigned this group ownership.
-# TTYPERM Login tty will be set to this permission.
-#
-# If you have a "write" program which is "setgid" to a special group
-# which owns the terminals, define TTYGROUP to the group number and
-# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign
-# TTYPERM to either 622 or 600.
-#
-TTYGROUP tty
-TTYPERM 0600
-
-# Login configuration initializations:
-#
-# ERASECHAR Terminal ERASE character ('\010' = backspace).
-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
-# UMASK Default "umask" value.
-#
-# The ERASECHAR and KILLCHAR are used only on System V machines.
-# The ULIMIT is used only if the system supports it.
-# (now it works with setrlimit too; ulimit is in 512-byte units)
-#
-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
-#
-ERASECHAR 0177
-KILLCHAR 025
-UMASK 022
-HOME_MODE 0700
-
-# Max number of login retries if password is bad
-#
-LOGIN_RETRIES 5
-
-#
-# Max time in seconds for login
-#
-LOGIN_TIMEOUT 60
diff --git a/srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch b/srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch
new file mode 100644
index 00000000000000..3a0e99134c533d
--- /dev/null
+++ b/srcpkgs/shadow/patches/adapt-login.defs-for-PAM-and-util-linux.patch
@@ -0,0 +1,694 @@
+etc/login.defs:
+Remove unused login.defs options, that are either irrelevant due to the
+use of PAM or because the util-linux version of a binary does not
+support them.
+Modify all options that are ignored when using PAM, but are supported by
+util-linux.
+
+Removed options because they are part of PAMDEFS (options in PAMDEFS are
+options silently ignored by shadow when built with PAM enabled):
+* CHFN_AUTH
+* CRACKLIB_DICTPATH
+* ENV_HZ
+* ENVIRON_FILE
+* ENV_TZ
+* FAILLOG_ENAB
+* FTMP_FILE
+* ISSUE_FILE
+* LASTLOG_ENAB
+* LOGIN_STRING
+* MAIL_CHECK_ENAB
+* NOLOGINS_FILE
+* OBSCURE_CHECKS_ENAB
+* PASS_ALWAYS_WARN
+* PASS_CHANGE_TRIES
+* PASS_MAX_LEN
+* PASS_MIN_LEN
+* PORTTIME_CHECKS_ENAB
+* QUOTAS_ENAB
+* SU_WHEEL_ONLY
+* SYSLOG_SU_ENAB
+* ULIMIT
+
+Removed options because they are not availablbe with PAM enabled:
+* BCRYPT_MIN_ROUNDS
+* BCRYPT_MAX_ROUNDS
+* CONSOLE_GROUPS
+* CONSOLE
+* MD5_CRYPT_ENAB
+* PREVENT_NO_AUTH
+
+Removed encryption methods (`ENCRYPT_METHOD`), because they are unsafe
+or not available with PAM:
+* BCRYPT
+* MD5
+
+Removed options because they are not supported by login from util-linux:
+* ERASECHAR
+* KILLCHAR
+* LOG_OK_LOGINS
+* TTYTYPE_FILE
+
+Removed options because they are not supported by su from util-linux:
+* SULOG_FILE
+* SU_NAME
+
+Adapted options because they are in PAMDEFS but are supported by login
+from util-linux:
+* MOTD_FILE
+
+man/login.defs.5.xml:
+Remove unavailable options from man 5 login.defs.
+---
+ etc/login.defs | 223 +------------------------------------------
+ man/login.defs.5.xml | 148 +---------------------------
+ 2 files changed, 8 insertions(+), 363 deletions(-)
+
+diff --git a/etc/login.defs b/etc/login.defs
+index 33622c29..797ca6b3 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -3,6 +3,8 @@
+ #
+ # $Id$
+ #
++# NOTE: This file is adapted for the use on Void Linux!
++# Unsupported options due to the use of util-linux or PAM are removed.
+
+ #
+ # Delay in seconds before being allowed another attempt after a login failure
+@@ -11,26 +13,11 @@
+ #
+ FAIL_DELAY 3
+
+-#
+-# Enable logging and display of /var/log/faillog login(1) failure info.
+-#
+-FAILLOG_ENAB yes
+-
+ #
+ # Enable display of unknown usernames when login(1) failures are recorded.
+ #
+ LOG_UNKFAIL_ENAB no
+
+-#
+-# Enable logging of successful logins
+-#
+-LOG_OK_LOGINS no
+-
+-#
+-# Enable logging and display of /var/log/lastlog login(1) time info.
+-#
+-LASTLOG_ENAB yes
+-
+ #
+ # Limit the highest user ID number for which the lastlog entries should
+ # be updated.
+@@ -40,88 +27,13 @@ LASTLOG_ENAB yes
+ #
+ #LASTLOG_UID_MAX
+
+-#
+-# Enable checking and display of mailbox status upon login.
+-#
+-# Disable if the shell startup files already check for mail
+-# ("mailx -e" or equivalent).
+-#
+-MAIL_CHECK_ENAB yes
+-
+-#
+-# Enable additional checks upon password changes.
+-#
+-OBSCURE_CHECKS_ENAB yes
+-
+-#
+-# Enable checking of time restrictions specified in /etc/porttime.
+-#
+-PORTTIME_CHECKS_ENAB yes
+-
+-#
+-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
+-#
+-QUOTAS_ENAB yes
+-
+-#
+-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
+-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
+-#
+-SYSLOG_SU_ENAB yes
+-SYSLOG_SG_ENAB yes
+-
+-#
+-# If defined, either full pathname of a file containing device names or
+-# a ":" delimited list of device names. Root logins will be allowed only
+-# from these devices.
+-#
+-CONSOLE /etc/securetty
+-#CONSOLE console:tty01:tty02:tty03:tty04
+-
+-#
+-# If defined, all su(1) activity is logged to this file.
+-#
+-#SULOG_FILE /var/log/sulog
+-
+ #
+ # If defined, ":" delimited list of "message of the day" files to
+ # be displayed upon login.
+ #
+-MOTD_FILE /etc/motd
++MOTD_FILE
+ #MOTD_FILE /etc/motd:/usr/lib/news/news-motd
+
+-#
+-# If defined, this file will be output before each login(1) prompt.
+-#
+-#ISSUE_FILE /etc/issue
+-
+-#
+-# If defined, file which maps tty line to TERM environment parameter.
+-# Each line of the file is in a format similar to "vt100 tty01".
+-#
+-#TTYTYPE_FILE /etc/ttytype
+-
+-#
+-# If defined, login(1) failures will be logged here in a utmp format.
+-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
+-#
+-FTMP_FILE /var/log/btmp
+-
+-#
+-# If defined, name of file whose presence will inhibit non-root
+-# logins. The content of this file should be a message indicating
+-# why logins are inhibited.
+-#
+-NOLOGINS_FILE /etc/nologin
+-
+-#
+-# If defined, the command name to display when running "su -". For
+-# example, if this is defined as "su" then ps(1) will display the
+-# command as "-su". If not defined, then ps(1) will display the
+-# name of the shell actually being run, e.g. something like "-sh".
+-#
+-SU_NAME su
+-
+ #
+ # *REQUIRED*
+ # Directory where mailboxes reside, _or_ name of file, relative to the
+@@ -139,21 +51,6 @@ MAIL_DIR /var/spool/mail
+ HUSHLOGIN_FILE .hushlogin
+ #HUSHLOGIN_FILE /etc/hushlogins
+
+-#
+-# If defined, either a TZ environment parameter spec or the
+-# fully-rooted pathname of a file containing such a spec.
+-#
+-#ENV_TZ TZ=CST6CDT
+-#ENV_TZ /etc/tzname
+-
+-#
+-# If defined, an HZ environment parameter spec.
+-#
+-# for Linux/x86
+-ENV_HZ HZ=100
+-# For Linux/Alpha...
+-#ENV_HZ HZ=1024
+-
+ #
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+@@ -175,23 +72,6 @@ ENV_PATH PATH=/bin:/usr/bin
+ TTYGROUP tty
+ TTYPERM 0600
+
+-#
+-# Login configuration initializations:
+-#
+-# ERASECHAR Terminal ERASE character ('\010' = backspace).
+-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
+-# ULIMIT Default "ulimit" value.
+-#
+-# The ERASECHAR and KILLCHAR are used only on System V machines.
+-# The ULIMIT is used only if the system supports it.
+-# (now it works with setrlimit too; ulimit is in 512-byte units)
+-#
+-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+-#
+-ERASECHAR 0177
+-KILLCHAR 025
+-#ULIMIT 2097152
+-
+ # Default initial "umask" value used by login(1) on non-PAM enabled systems.
+ # Default "umask" value for pam_umask(8) on PAM enabled systems.
+ # UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+@@ -211,22 +91,12 @@ UMASK 022
+ #
+ # PASS_MAX_DAYS Maximum number of days a password may be used.
+ # PASS_MIN_DAYS Minimum number of days allowed between password changes.
+-# PASS_MIN_LEN Minimum acceptable password length.
+ # PASS_WARN_AGE Number of days warning given before a password expires.
+ #
+ PASS_MAX_DAYS 99999
+ PASS_MIN_DAYS 0
+-PASS_MIN_LEN 5
+ PASS_WARN_AGE 7
+
+-#
+-# If "yes", the user must be listed as a member of the first gid 0 group
+-# in /etc/group (called "root" on most Linux systems) to be able to "su"
+-# to uid 0 accounts. If the group doesn't exist or is empty, no one
+-# will be able to "su" to uid 0.
+-#
+-SU_WHEEL_ONLY no
+-
+ #
+ # Min/max values for automatic uid selection in useradd(8)
+ #
+@@ -263,28 +133,6 @@ LOGIN_RETRIES 5
+ #
+ LOGIN_TIMEOUT 60
+
+-#
+-# Maximum number of attempts to change password if rejected (too easy)
+-#
+-PASS_CHANGE_TRIES 5
+-
+-#
+-# Warn about weak passwords (but still allow them) if you are root.
+-#
+-PASS_ALWAYS_WARN yes
+-
+-#
+-# Number of significant characters in the password for crypt().
+-# Default is 8, don't change unless your crypt() is better.
+-# Ignored if MD5_CRYPT_ENAB set to "yes".
+-#
+-#PASS_MAX_LEN 8
+-
+-#
+-# Require password before chfn(1)/chsh(1) can make any changes.
+-#
+-CHFN_AUTH yes
+-
+ #
+ # Which fields may be changed by regular users using chfn(1) - use
+ # any combination of letters "frwh" (full name, room number, work
+@@ -293,38 +141,13 @@ CHFN_AUTH yes
+ #
+ CHFN_RESTRICT rwh
+
+-#
+-# Password prompt (%s will be replaced by user name).
+-#
+-# XXX - it doesn't work correctly yet, for now leave it commented out
+-# to use the default which is just "Password: ".
+-#LOGIN_STRING "%s's Password: "
+-
+-#
+-# Only works if compiled with MD5_CRYPT defined:
+-# If set to "yes", new passwords will be encrypted using the MD5-based
+-# algorithm compatible with the one used by recent releases of FreeBSD.
+-# It supports passwords of unlimited length and longer salt strings.
+-# Set to "no" if you need to copy encrypted passwords to other systems
+-# which don't understand the new algorithm. Default is "no".
+-#
+-# Note: If you use PAM, it is recommended to use a value consistent with
+-# the PAM modules configuration.
+-#
+-# This variable is deprecated. You should use ENCRYPT_METHOD instead.
+-#
+-#MD5_CRYPT_ENAB no
+-
+ #
+ # Only works if compiled with ENCRYPTMETHOD_SELECT defined:
+-# If set to MD5, MD5-based algorithm will be used for encrypting password
+ # If set to SHA256, SHA256-based algorithm will be used for encrypting password
+ # If set to SHA512, SHA512-based algorithm will be used for encrypting password
+-# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
+ # If set to YESCRYPT, YESCRYPT-based algorithm will be used for encrypting password
+ # If set to DES, DES-based algorithm will be used for encrypting password (default)
+ # MD5 and DES should not be used for new hashes, see crypt(5) for recommendations.
+-# Overrides the MD5_CRYPT_ENAB option
+ #
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+@@ -348,21 +171,6 @@ CHFN_RESTRICT rwh
+ #SHA_CRYPT_MIN_ROUNDS 5000
+ #SHA_CRYPT_MAX_ROUNDS 5000
+
+-#
+-# Only works if ENCRYPT_METHOD is set to BCRYPT.
+-#
+-# Define the number of BCRYPT rounds.
+-# With a lot of rounds, it is more difficult to brute-force the password.
+-# However, more CPU resources will be needed to authenticate users if
+-# this value is increased.
+-#
+-# If not specified, 13 rounds will be attempted.
+-# If only one of the MIN or MAX values is set, then this value will be used.
+-# If MIN > MAX, the highest value will be used.
+-#
+-#BCRYPT_MIN_ROUNDS 13
+-#BCRYPT_MAX_ROUNDS 13
+-
+ #
+ # Only works if ENCRYPT_METHOD is set to YESCRYPT.
+ #
+@@ -376,17 +184,6 @@ CHFN_RESTRICT rwh
+ #
+ #YESCRYPT_COST_FACTOR 5
+
+-#
+-# List of groups to add to the user's supplementary group set
+-# when logging in from the console (as determined by the CONSOLE
+-# setting). Default is none.
+-#
+-# Use with caution - it is possible for users to gain permanent
+-# access to these groups, even when not logged in from the console.
+-# How to do it is left as an exercise for the reader...
+-#
+-#CONSOLE_GROUPS floppy:audio:cdrom
+-
+ #
+ # Should login be allowed if we can't cd to the home directory?
+ # Default is no.
+@@ -401,12 +198,6 @@ DEFAULT_HOME yes
+ #
+ NONEXISTENT /nonexistent
+
+-#
+-# If this file exists and is readable, login environment will be
+-# read from it. Every line should be in the form name=value.
+-#
+-ENVIRON_FILE /etc/environment
+-
+ #
+ # If defined, this command is run when removing a user.
+ # It should remove any at/cron/print jobs etc. owned by
+@@ -454,14 +245,6 @@ USERGROUPS_ENAB yes
+ #
+ #GRANT_AUX_GROUP_SUBIDS yes
+
+-#
+-# Prevents an empty password field to be interpreted as "no authentication
+-# required".
+-# Set to "yes" to prevent for all accounts
+-# Set to "superuser" to prevent for UID 0 / root (default)
+-# Set to "no" to not prevent for any account (dangerous, historical default)
+-PREVENT_NO_AUTH superuser
+-
+ #
+ # Select the HMAC cryptography algorithm.
+ # Used in pam_timestamp module to calculate the keyed-hash message
+diff --git a/man/login.defs.5.xml b/man/login.defs.5.xml
+index 05ef5125..1ddf537e 100644
+--- a/man/login.defs.5.xml
++++ b/man/login.defs.5.xml
+@@ -7,70 +7,38 @@
+ -->
+ <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+-<!ENTITY BCRYPT_MIN_ROUNDS SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
+-<!ENTITY CHFN_AUTH SYSTEM "login.defs.d/CHFN_AUTH.xml">
+ <!ENTITY CHFN_RESTRICT SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
+-<!ENTITY CHSH_AUTH SYSTEM "login.defs.d/CHSH_AUTH.xml">
+-<!ENTITY CONSOLE SYSTEM "login.defs.d/CONSOLE.xml">
+-<!ENTITY CONSOLE_GROUPS SYSTEM "login.defs.d/CONSOLE_GROUPS.xml">
+ <!ENTITY CREATE_HOME SYSTEM "login.defs.d/CREATE_HOME.xml">
+ <!ENTITY DEFAULT_HOME SYSTEM "login.defs.d/DEFAULT_HOME.xml">
+ <!ENTITY ENCRYPT_METHOD SYSTEM "login.defs.d/ENCRYPT_METHOD.xml">
+-<!ENTITY ENV_HZ SYSTEM "login.defs.d/ENV_HZ.xml">
+ <!ENTITY ENV_PATH SYSTEM "login.defs.d/ENV_PATH.xml">
+ <!ENTITY ENV_SUPATH SYSTEM "login.defs.d/ENV_SUPATH.xml">
+-<!ENTITY ENV_TZ SYSTEM "login.defs.d/ENV_TZ.xml">
+-<!ENTITY ENVIRON_FILE SYSTEM "login.defs.d/ENVIRON_FILE.xml">
+-<!ENTITY ERASECHAR SYSTEM "login.defs.d/ERASECHAR.xml">
+ <!ENTITY FAIL_DELAY SYSTEM "login.defs.d/FAIL_DELAY.xml">
+-<!ENTITY FAILLOG_ENAB SYSTEM "login.defs.d/FAILLOG_ENAB.xml">
+-<!ENTITY FAKE_SHELL SYSTEM "login.defs.d/FAKE_SHELL.xml">
+-<!ENTITY FTMP_FILE SYSTEM "login.defs.d/FTMP_FILE.xml">
+ <!ENTITY GID_MAX SYSTEM "login.defs.d/GID_MAX.xml">
+ <!ENTITY HMAC_CRYPTO_ALGO SYSTEM "login.defs.d/HMAC_CRYPTO_ALGO.xml">
+ <!ENTITY HOME_MODE SYSTEM "login.defs.d/HOME_MODE.xml">
+ <!ENTITY HUSHLOGIN_FILE SYSTEM "login.defs.d/HUSHLOGIN_FILE.xml">
+-<!ENTITY ISSUE_FILE SYSTEM "login.defs.d/ISSUE_FILE.xml">
+-<!ENTITY KILLCHAR SYSTEM "login.defs.d/KILLCHAR.xml">
+-<!ENTITY LASTLOG_ENAB SYSTEM "login.defs.d/LASTLOG_ENAB.xml">
+ <!ENTITY LASTLOG_UID_MAX SYSTEM "login.defs.d/LASTLOG_UID_MAX.xml">
+-<!ENTITY LOG_OK_LOGINS SYSTEM "login.defs.d/LOG_OK_LOGINS.xml">
+ <!ENTITY LOG_UNKFAIL_ENAB SYSTEM "login.defs.d/LOG_UNKFAIL_ENAB.xml">
+ <!ENTITY LOGIN_RETRIES SYSTEM "login.defs.d/LOGIN_RETRIES.xml">
+-<!ENTITY LOGIN_STRING SYSTEM "login.defs.d/LOGIN_STRING.xml">
+ <!ENTITY LOGIN_TIMEOUT SYSTEM "login.defs.d/LOGIN_TIMEOUT.xml">
+-<!ENTITY MAIL_CHECK_ENAB SYSTEM "login.defs.d/MAIL_CHECK_ENAB.xml">
+ <!ENTITY MAIL_DIR SYSTEM "login.defs.d/MAIL_DIR.xml">
+ <!ENTITY MAX_MEMBERS_PER_GROUP SYSTEM "login.defs.d/MAX_MEMBERS_PER_GROUP.xml">
+-<!ENTITY MD5_CRYPT_ENAB SYSTEM "login.defs.d/MD5_CRYPT_ENAB.xml">
+ <!ENTITY MOTD_FILE SYSTEM "login.defs.d/MOTD_FILE.xml">
+-<!ENTITY NOLOGINS_FILE SYSTEM "login.defs.d/NOLOGINS_FILE.xml">
+ <!ENTITY NONEXISTENT SYSTEM "login.defs.d/NONEXISTENT.xml">
+-<!ENTITY OBSCURE_CHECKS_ENAB SYSTEM "login.defs.d/OBSCURE_CHECKS_ENAB.xml">
+-<!ENTITY PASS_ALWAYS_WARN SYSTEM "login.defs.d/PASS_ALWAYS_WARN.xml">
+-<!ENTITY PASS_CHANGE_TRIES SYSTEM "login.defs.d/PASS_CHANGE_TRIES.xml">
+-<!ENTITY PASS_MAX_LEN SYSTEM "login.defs.d/PASS_MAX_LEN.xml">
+ <!ENTITY PASS_MAX_DAYS SYSTEM "login.defs.d/PASS_MAX_DAYS.xml">
+ <!ENTITY PASS_MIN_DAYS SYSTEM "login.defs.d/PASS_MIN_DAYS.xml">
+ <!ENTITY PASS_WARN_AGE SYSTEM "login.defs.d/PASS_WARN_AGE.xml">
+-<!ENTITY PORTTIME_CHECKS_ENAB SYSTEM "login.defs.d/PORTTIME_CHECKS_ENAB.xml">
+-<!ENTITY QUOTAS_ENAB SYSTEM "login.defs.d/QUOTAS_ENAB.xml">
+ <!ENTITY SHA_CRYPT_MIN_ROUNDS SYSTEM "login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml">
+-<!ENTITY SULOG_FILE SYSTEM "login.defs.d/SULOG_FILE.xml">
+-<!ENTITY SU_NAME SYSTEM "login.defs.d/SU_NAME.xml">
+-<!ENTITY SU_WHEEL_ONLY SYSTEM "login.defs.d/SU_WHEEL_ONLY.xml">
+ <!ENTITY SUB_GID_COUNT SYSTEM "login.defs.d/SUB_GID_COUNT.xml">
+ <!ENTITY SUB_UID_COUNT SYSTEM "login.defs.d/SUB_UID_COUNT.xml">
+ <!ENTITY SYS_GID_MAX SYSTEM "login.defs.d/SYS_GID_MAX.xml">
+ <!ENTITY SYSLOG_SG_ENAB SYSTEM "login.defs.d/SYSLOG_SG_ENAB.xml">
+-<!ENTITY SYSLOG_SU_ENAB SYSTEM "login.defs.d/SYSLOG_SU_ENAB.xml">
+ <!ENTITY SYS_UID_MAX SYSTEM "login.defs.d/SYS_UID_MAX.xml">
+ <!ENTITY TCB_AUTH_GROUP SYSTEM "login.defs.d/TCB_AUTH_GROUP.xml">
+ <!ENTITY TCB_SYMLINKS SYSTEM "login.defs.d/TCB_SYMLINKS.xml">
+ <!ENTITY TTYGROUP SYSTEM "login.defs.d/TTYGROUP.xml">
+-<!ENTITY TTYTYPE_FILE SYSTEM "login.defs.d/TTYTYPE_FILE.xml">
+ <!ENTITY UID_MAX SYSTEM "login.defs.d/UID_MAX.xml">
+-<!ENTITY ULIMIT SYSTEM "login.defs.d/ULIMIT.xml">
+ <!ENTITY UMASK SYSTEM "login.defs.d/UMASK.xml">
+ <!ENTITY USERDEL_CMD SYSTEM "login.defs.d/USERDEL_CMD.xml">
+ <!ENTITY USERGROUPS_ENAB SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
+@@ -147,48 +115,25 @@
+ <para>The following configuration items are provided:</para>
+
+ <variablelist remap='IP'>
+- &BCRYPT_MIN_ROUNDS; <!-- documents also BCRYPT_MAX_ROUNDS -->
+- &CHFN_AUTH;
+ &CHFN_RESTRICT;
+- &CHSH_AUTH;
+- &CONSOLE;
+- &CONSOLE_GROUPS;
+ &CREATE_HOME;
+ &DEFAULT_HOME;
+ &ENCRYPT_METHOD;
+- &ENV_HZ;
+ &ENV_PATH;
+ &ENV_SUPATH;
+- &ENV_TZ;
+- &ENVIRON_FILE;
+- &ERASECHAR;
+ &FAIL_DELAY;
+- &FAILLOG_ENAB;
+- &FAKE_SHELL;
+- &FTMP_FILE;
+ &GID_MAX; <!-- documents also GID_MIN -->
+ &HMAC_CRYPTO_ALGO;
+ &HOME_MODE;
+ &HUSHLOGIN_FILE;
+- &ISSUE_FILE;
+- &KILLCHAR;
+- &LASTLOG_ENAB;
+ &LASTLOG_UID_MAX;
+- &LOG_OK_LOGINS;
+ &LOG_UNKFAIL_ENAB;
+ &LOGIN_RETRIES;
+- &LOGIN_STRING;
+ &LOGIN_TIMEOUT;
+- &MAIL_CHECK_ENAB;
+ &MAIL_DIR;
+ &MAX_MEMBERS_PER_GROUP;
+- &MD5_CRYPT_ENAB;
+ &MOTD_FILE;
+- &NOLOGINS_FILE;
+ &NONEXISTENT;
+- &OBSCURE_CHECKS_ENAB;
+- &PASS_ALWAYS_WARN;
+- &PASS_CHANGE_TRIES;
+ &PASS_MAX_DAYS;
+ &PASS_MIN_DAYS;
+ &PASS_WARN_AGE;
+@@ -198,25 +143,16 @@
+ time of account creation. Any changes to these settings won't affect
+ existing accounts.
+ </para>
+- &PASS_MAX_LEN; <!-- documents also PASS_MIN_LEN -->
+- &PORTTIME_CHECKS_ENAB;
+- "AS_ENAB;
+ &SHA_CRYPT_MIN_ROUNDS; <!-- documents also SHA_CRYPT_MAX_ROUNDS -->
+- &SULOG_FILE;
+- &SU_NAME;
+- &SU_WHEEL_ONLY;
+ &SUB_GID_COUNT; <!-- documents also SUB_GID_MIN SUB_GID_MAX -->
+ &SUB_UID_COUNT; <!-- documents also SUB_UID_MIN SUB_UID_MAX -->
+ &SYS_GID_MAX; <!-- documents also SYS_GID_MIN -->
+ &SYS_UID_MAX; <!-- documents also SYS_UID_MIN -->
+ &SYSLOG_SG_ENAB;
+- &SYSLOG_SU_ENAB;
+ &TCB_AUTH_GROUP;
+ &TCB_SYMLINKS;
+ &TTYGROUP;
+- &TTYTYPE_FILE;
+ &UID_MAX; <!-- documents also UID_MIN -->
+- &ULIMIT;
+ &UMASK;
+ &USERDEL_CMD;
+ &USERGROUPS_ENAB;
+@@ -255,7 +191,7 @@
+ <para>
+ <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ BCRYPT_MIN_ROUNDS</phrase>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
+@@ -280,7 +216,7 @@
+ <term>chsh</term>
+ <listitem>
+ <para>
+- CHSH_AUTH LOGIN_STRING
++ CHSH_AUTH
+ </para>
+ </listitem>
+ </varlistentry>
+@@ -292,7 +228,7 @@
+ <para>
+ <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ BCRYPT_MIN_ROUNDS</phrase>
+- ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
+@@ -352,35 +288,6 @@
+ <para>LASTLOG_UID_MAX</para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>login</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENV_PATH ENV_SUPATH
+- ENV_TZ ENVIRON_FILE</phrase>
+- ERASECHAR FAIL_DELAY
+- <phrase condition="no_pam">FAILLOG_ENAB</phrase>
+- FAKE_SHELL
+- <phrase condition="no_pam">FTMP_FILE</phrase>
+- HUSHLOGIN_FILE
+- <phrase condition="no_pam">ISSUE_FILE</phrase>
+- KILLCHAR
+- <phrase condition="no_pam">LASTLOG_ENAB LASTLOG_UID_MAX</phrase>
+- LOGIN_RETRIES
+- <phrase condition="no_pam">LOGIN_STRING</phrase>
+- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
+- <phrase condition="no_pam">MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
+- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
+- QUOTAS_ENAB</phrase>
+- TTYGROUP TTYPERM TTYTYPE_FILE
+- <phrase condition="no_pam">ULIMIT UMASK</phrase>
+- USERGROUPS_ENAB
+- </para>
+- </listitem>
+- </varlistentry>
+- <!-- logoutd: no variables -->
+ <varlistentry>
+ <term>newgrp / sg</term>
+ <listitem>
+@@ -397,7 +304,7 @@
+ BCRYPT_MIN_ROUNDS</phrase>
+ ENCRYPT_METHOD
+ GID_MAX GID_MIN
+- MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
++ MAX_MEMBERS_PER_GROUP
+ HOME_MODE
+ PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+@@ -417,8 +324,7 @@
+ <para>
+ <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ BCRYPT_MIN_ROUNDS</phrase>
+- ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
+- PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
++ ENCRYPT_METHOD
+ <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
+ SHA_CRYPT_MIN_ROUNDS</phrase>
+ <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
+@@ -451,32 +357,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>su</term>
+- <listitem>
+- <para>
+- <phrase condition="no_pam">CONSOLE</phrase>
+- CONSOLE_GROUPS DEFAULT_HOME
+- <phrase condition="no_pam">ENV_HZ ENVIRON_FILE</phrase>
+- ENV_PATH ENV_SUPATH
+- <phrase condition="no_pam">ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
+- MAIL_DIR MAIL_FILE QUOTAS_ENAB</phrase>
+- SULOG_FILE SU_NAME
+- <phrase condition="no_pam">SU_WHEEL_ONLY</phrase>
+- SYSLOG_SU_ENAB
+- <phrase condition="no_pam">USERGROUPS_ENAB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry condition="no_pam">
+- <term>sulogin</term>
+- <listitem>
+- <para>
+- ENV_HZ
+- ENV_TZ
+- </para>
+- </listitem>
+- </varlistentry>
+ <varlistentry>
+ <term>useradd</term>
+ <listitem>
+@@ -505,24 +385,6 @@
+ </para>
+ </listitem>
+ </varlistentry>
+- <varlistentry>
+- <term>usermod</term>
+- <listitem>
+- <para>
+- LASTLOG_UID_MAX
+- MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP
+- <phrase condition="tcb">TCB_SYMLINKS USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry condition="tcb">
+- <term>vipw</term>
+- <listitem>
+- <para>
+- <phrase condition="tcb">USE_TCB</phrase>
+- </para>
+- </listitem>
+- </varlistentry>
+ </variablelist>
+ </refsect1>
+
+--
+2.44.0
+
diff --git a/srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch b/srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch
new file mode 100644
index 00000000000000..9f90710bcbb5ce
--- /dev/null
+++ b/srcpkgs/shadow/patches/disable-replaced-tools-their-man-pages-and-PAM-integ.patch
@@ -0,0 +1,721 @@
+etc/pam.d/Makefile.am:
+Disable installation of PAM integration for chfn, chsh and login tools
+as they are provided by util-linux.
+
+man/Makefile.am, man/*/Makefile.am:
+Disable man pages for chfn, chsh, login, logoutd, newgrp, nologin, vigr,
+vipw and su as they are either no longer used or replaced by util-linux.
+
+src/Makefile.am:
+Set usbindir to use bin instead of sbin, as Void Linux is a /usr and bin
+merge distribution.
+Remove the use of login, nologin, chfn, chsh, logoutd, vipw and vigr, as
+they are either not used or replaced by util-linux.
+Move newgrp to replace sg (instead of it being a symlink).
+---
+ etc/pam.d/Makefile.am | 3 ---
+ man/Makefile.am | 20 +++-----------------
+ man/cs/Makefile.am | 8 ++------
+ man/da/Makefile.am | 8 +-------
+ man/de/Makefile.am | 11 +----------
+ man/fi/Makefile.am | 5 +----
+ man/fr/Makefile.am | 11 +----------
+ man/hu/Makefile.am | 6 +-----
+ man/id/Makefile.am | 2 --
+ man/it/Makefile.am | 11 +----------
+ man/ja/Makefile.am | 10 +---------
+ man/ko/Makefile.am | 8 +-------
+ man/pl/Makefile.am | 7 +------
+ man/ru/Makefile.am | 11 +----------
+ man/sv/Makefile.am | 8 +-------
+ man/tr/Makefile.am | 3 ---
+ man/uk/Makefile.am | 11 +----------
+ man/zh_CN/Makefile.am | 11 +----------
+ man/zh_TW/Makefile.am | 4 ----
+ src/Makefile.am | 18 +++++++-----------
+ 20 files changed, 25 insertions(+), 151 deletions(-)
+
+diff --git a/etc/pam.d/Makefile.am b/etc/pam.d/Makefile.am
+index b8e4321f..73d4554f 100644
+--- a/etc/pam.d/Makefile.am
++++ b/etc/pam.d/Makefile.am
+@@ -3,10 +3,7 @@
+
+ pamd_files = \
+ chpasswd \
+- chfn \
+- chsh \
+ groupmems \
+- login \
+ newusers \
+ passwd
+
+diff --git a/man/Makefile.am b/man/Makefile.am
+index cffef699..f57e476d 100644
+--- a/man/Makefile.am
++++ b/man/Makefile.am
+@@ -8,10 +8,8 @@ endif
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -26,12 +24,9 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
++ man8/lastlog.8 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -43,9 +38,7 @@ man_MANS = \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+@@ -77,10 +70,8 @@ endif
+
+ man_XMANS = \
+ chage.1.xml \
+- chfn.1.xml \
+ chgpasswd.8.xml \
+ chpasswd.8.xml \
+- chsh.1.xml \
+ expiry.1.xml \
+ faillog.5.xml \
+ faillog.8.xml \
+@@ -94,12 +85,9 @@ man_XMANS = \
+ grpck.8.xml \
+ gshadow.5.xml \
+ limits.5.xml \
+- login.1.xml \
+ login.access.5.xml \
+ login.defs.5.xml \
+- logoutd.8.xml \
+ newgidmap.1.xml \
+- newgrp.1.xml \
+ newuidmap.1.xml \
+ newusers.8.xml \
+ nologin.8.xml \
+@@ -111,14 +99,12 @@ man_XMANS = \
+ shadow.3.xml \
+ shadow.5.xml \
+ sg.1.xml \
+- su.1.xml \
+ suauth.5.xml \
+ subgid.5.xml \
+ subuid.5.xml \
+ useradd.8.xml \
+ userdel.8.xml \
+- usermod.8.xml \
+- vipw.8.xml
++ usermod.8.xml
+
+ if ENABLE_LASTLOG
+ man_XMANS += lastlog.8.xml
+diff --git a/man/cs/Makefile.am b/man/cs/Makefile.am
+index 84407d71..c5ef7cf5 100644
+--- a/man/cs/Makefile.am
++++ b/man/cs/Makefile.am
+@@ -12,11 +12,8 @@ man_MANS = \
+ man1/groups.1 \
+ man8/grpck.8 \
+ man5/gshadow.5 \
+- man8/nologin.8 \
+ man5/passwd.5 \
+- man5/shadow.5 \
+- man1/su.1 \
+- man8/vipw.8
++ man5/shadow.5
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+@@ -24,6 +21,5 @@ endif
+
+ EXTRA_DIST = $(man_MANS) \
+ man1/id.1 \
+- man8/groupmems.8 \
+- man8/logoutd.8
++ man8/groupmems.8
+
+diff --git a/man/da/Makefile.am b/man/da/Makefile.am
+index a3b09224..e45bef66 100644
+--- a/man/da/Makefile.am
++++ b/man/da/Makefile.am
+@@ -3,16 +3,10 @@ mandir = @mandir@/da
+
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = \
+- man1/chfn.1 \
+ man8/groupdel.8 \
+ man1/groups.1 \
+ man5/gshadow.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+- man8/nologin.8 \
+- man1/sg.1 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man1/sg.1
+
+ man_nopam =
+
+diff --git a/man/de/Makefile.am b/man/de/Makefile.am
+index 671432d3..333d5524 100644
+--- a/man/de/Makefile.am
++++ b/man/de/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/de
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/fi/Makefile.am b/man/fi/Makefile.am
+index 26a1a848..f02b92f3 100644
+--- a/man/fi/Makefile.am
++++ b/man/fi/Makefile.am
+@@ -1,10 +1,7 @@
+
+ mandir = @mandir@/fi
+
+-man_MANS = \
+- man1/chfn.1 \
+- man1/chsh.1 \
+- man1/su.1
++man_MANS =
+
+ # Outdated manpages
+ # passwd.1 (https://bugs.launchpad.net/ubuntu/+bug/384024)
+diff --git a/man/fr/Makefile.am b/man/fr/Makefile.am
+index 335e0298..9962c038 100644
+--- a/man/fr/Makefile.am
++++ b/man/fr/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/fr
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/hu/Makefile.am b/man/hu/Makefile.am
+index 205bb0a8..3d813179 100644
+--- a/man/hu/Makefile.am
++++ b/man/hu/Makefile.am
+@@ -2,15 +2,11 @@
+ mandir = @mandir@/hu
+
+ man_MANS = \
+- man1/chsh.1 \
+ man1/gpasswd.1 \
+ man1/groups.1 \
+- man1/login.1 \
+- man1/newgrp.1 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+- man1/sg.1 \
+- man1/su.1
++ man1/sg.1
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/id/Makefile.am b/man/id/Makefile.am
+index 21f3dbe9..6d10b930 100644
+--- a/man/id/Makefile.am
++++ b/man/id/Makefile.am
+@@ -2,8 +2,6 @@
+ mandir = @mandir@/id
+
+ man_MANS = \
+- man1/chsh.1 \
+- man1/login.1 \
+ man8/useradd.8
+
+ EXTRA_DIST = $(man_MANS)
+diff --git a/man/it/Makefile.am b/man/it/Makefile.am
+index b76187fa..1f62e20e 100644
+--- a/man/it/Makefile.am
++++ b/man/it/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/it
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/ja/Makefile.am b/man/ja/Makefile.am
+index 13f18da1..3401a085 100644
+--- a/man/ja/Makefile.am
++++ b/man/ja/Makefile.am
+@@ -3,9 +3,7 @@ mandir = @mandir@/ja
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -17,10 +15,7 @@ man_MANS = \
+ man8/grpck.8 \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+@@ -29,13 +24,10 @@ man_MANS = \
+ man8/pwunconv.8 \
+ man1/sg.1 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/ko/Makefile.am b/man/ko/Makefile.am
+index c269f0bb..9616cb3e 100644
+--- a/man/ko/Makefile.am
++++ b/man/ko/Makefile.am
+@@ -2,14 +2,8 @@
+ mandir = @mandir@/ko
+
+ man_MANS = \
+- man1/chfn.1 \
+- man1/chsh.1 \
+ man1/groups.1 \
+- man1/login.1 \
+- man5/passwd.5 \
+- man1/su.1 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man5/passwd.5
+ # newgrp.1 must be updated
+ # newgrp.1
+
+diff --git a/man/pl/Makefile.am b/man/pl/Makefile.am
+index b2f096f7..00817d37 100644
+--- a/man/pl/Makefile.am
++++ b/man/pl/Makefile.am
+@@ -4,7 +4,6 @@ mandir = @mandir@/pl
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = \
+ man1/chage.1 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -15,14 +14,10 @@ man_MANS = \
+ man8/groupmod.8 \
+ man1/groups.1 \
+ man8/grpck.8 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/ru/Makefile.am b/man/ru/Makefile.am
+index 84d55d9e..b65f4881 100644
+--- a/man/ru/Makefile.am
++++ b/man/ru/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/ru
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/sv/Makefile.am b/man/sv/Makefile.am
+index 70329edf..58fa80e5 100644
+--- a/man/sv/Makefile.am
++++ b/man/sv/Makefile.am
+@@ -3,7 +3,6 @@ mandir = @mandir@/sv
+ # 2012.01.28 - activate manpages with more than 50% translated messages
+ man_MANS = \
+ man1/chage.1 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -15,18 +14,13 @@ man_MANS = \
+ man1/groups.1 \
+ man8/grpck.8 \
+ man5/gshadow.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/suauth.5 \
+- man8/userdel.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/userdel.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/tr/Makefile.am b/man/tr/Makefile.am
+index 8d8b9166..4fe3632a 100644
+--- a/man/tr/Makefile.am
++++ b/man/tr/Makefile.am
+@@ -2,15 +2,12 @@ mandir = @mandir@/tr
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/groupadd.8 \
+ man8/groupdel.8 \
+ man8/groupmod.8 \
+- man1/login.1 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+ man8/usermod.8
+diff --git a/man/uk/Makefile.am b/man/uk/Makefile.am
+index 3fb5ffb3..e13c8fee 100644
+--- a/man/uk/Makefile.am
++++ b/man/uk/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/uk
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/zh_CN/Makefile.am b/man/zh_CN/Makefile.am
+index a8b93a56..42ad764d 100644
+--- a/man/zh_CN/Makefile.am
++++ b/man/zh_CN/Makefile.am
+@@ -3,10 +3,8 @@ mandir = @mandir@/zh_CN
+
+ man_MANS = \
+ man1/chage.1 \
+- man1/chfn.1 \
+ man8/chgpasswd.8 \
+ man8/chpasswd.8 \
+- man1/chsh.1 \
+ man1/expiry.1 \
+ man5/faillog.5 \
+ man8/faillog.8 \
+@@ -21,12 +19,8 @@ man_MANS = \
+ man8/grpconv.8 \
+ man8/grpunconv.8 \
+ man5/gshadow.5 \
+- man1/login.1 \
+ man5/login.defs.5 \
+- man8/logoutd.8 \
+- man1/newgrp.1 \
+ man8/newusers.8 \
+- man8/nologin.8 \
+ man1/passwd.1 \
+ man5/passwd.5 \
+ man8/pwck.8 \
+@@ -35,13 +29,10 @@ man_MANS = \
+ man1/sg.1 \
+ man3/shadow.3 \
+ man5/shadow.5 \
+- man1/su.1 \
+ man5/suauth.5 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+- man8/usermod.8 \
+- man8/vigr.8 \
+- man8/vipw.8
++ man8/usermod.8
+
+ if ENABLE_LASTLOG
+ man_MANS += man8/lastlog.8
+diff --git a/man/zh_TW/Makefile.am b/man/zh_TW/Makefile.am
+index c36ed2c7..26696b67 100644
+--- a/man/zh_TW/Makefile.am
++++ b/man/zh_TW/Makefile.am
+@@ -2,15 +2,11 @@
+ mandir = @mandir@/zh_TW
+
+ man_MANS = \
+- man1/chfn.1 \
+- man1/chsh.1 \
+ man8/chpasswd.8 \
+- man1/newgrp.1 \
+ man8/groupadd.8 \
+ man8/groupdel.8 \
+ man8/groupmod.8 \
+ man5/passwd.5 \
+- man1/su.1 \
+ man8/useradd.8 \
+ man8/userdel.8 \
+ man8/usermod.8
+diff --git a/src/Makefile.am b/src/Makefile.am
+index b6cb09ef..bfe73b09 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -3,7 +3,7 @@ EXTRA_DIST = \
+ .indent.pro
+
+ ubindir = ${prefix}/bin
+-usbindir = ${prefix}/sbin
++usbindir = ${prefix}/bin
+ suidperms = 4755
+ sgidperms = 2755
+
+@@ -26,9 +26,9 @@ AM_CFLAGS = $(LIBBSD_CFLAGS)
+ # and installation would be much simpler (just two directories,
+ # $prefix/bin and $prefix/sbin, no install-data hacks...)
+
+-bin_PROGRAMS = groups login
+-sbin_PROGRAMS = nologin
+-ubin_PROGRAMS = faillog chage chfn chsh expiry gpasswd newgrp passwd
++bin_PROGRAMS = groups
++sbin_PROGRAMS =
++ubin_PROGRAMS = faillog lastlog chage expiry gpasswd newgrp passwd
+ if ENABLE_SUBIDS
+ ubin_PROGRAMS += newgidmap newuidmap
+ endif
+@@ -48,22 +48,20 @@ usbin_PROGRAMS = \
+ grpck \
+ grpconv \
+ grpunconv \
+- logoutd \
+ newusers \
+ pwck \
+ pwconv \
+ pwunconv \
+ useradd \
+ userdel \
+- usermod \
+- vipw
++ usermod
+
+ # id and groups are from gnu, sulogin from sysvinit
+ noinst_PROGRAMS = id sulogin
+
+ suidusbins =
+ suidbins =
+-suidubins = chage chfn chsh expiry gpasswd newgrp
++suidubins = chage expiry gpasswd newgrp
+ if WITH_SU
+ suidbins += su
+ endif
+@@ -135,18 +133,16 @@ sulogin_LDADD = $(LDADD) $(LIBCRYPT) $(LIBECONF)
+ useradd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl
+ userdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBECONF) -ldl
+ usermod_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) $(LIBSEMANAGE) $(LIBACL) $(LIBATTR) $(LIBECONF) -ldl
+-vipw_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBECONF)
+
+ install-am: all-am
+ $(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+- ln -sf newgrp $(DESTDIR)$(ubindir)/sg
+- ln -sf vipw $(DESTDIR)$(usbindir)/vigr
+ set -e; for i in $(suidbins); do \
+ chmod $(suidperms) $(DESTDIR)$(bindir)/$$i; \
+ done
+ set -e; for i in $(suidubins); do \
+ chmod $(suidperms) $(DESTDIR)$(ubindir)/$$i; \
+ done
++ mv -v $(DESTDIR)$(ubindir)/newgrp $(DESTDIR)$(ubindir)/sg
+ set -e; for i in $(suidusbins); do \
+ chmod $(suidperms) $(DESTDIR)$(usbindir)/$$i; \
+ done
+--
+2.44.0
+
diff --git a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch b/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
deleted file mode 100644
index c5564fffdc3852..00000000000000
--- a/srcpkgs/shadow/patches/shadow-strncpy-usage.patch
+++ /dev/null
@@ -1,23 +0,0 @@
---- a/src/usermod.c 2012-02-13 08:19:43.792146449 -0500
-+++ b/src/usermod.c 2012-02-13 08:21:19.375114500 -0500
-@@ -182,7 +182,7 @@
- struct tm *tp;
-
- if (date < 0) {
-- strncpy (buf, "never", maxsize);
-+ strncpy (buf, "never", maxsize - 1);
- } else {
- time_t t = (time_t) date;
- tp = gmtime (&t);
---- a/src/login.c 2012-02-13 08:19:50.951994454 -0500
-+++ b/src/login.c 2012-02-13 08:21:04.490430937 -0500
-@@ -752,7 +752,8 @@
- _("%s login: "), hostn);
- } else {
- strncpy (loginprompt, _("login: "),
-- sizeof (loginprompt));
-+ sizeof (loginprompt) - 1);
-+ loginprompt[sizeof (loginprompt) - 1] = '\0';
- }
-
- retcode = pam_set_item (pamh, PAM_USER_PROMPT, loginprompt);
diff --git a/srcpkgs/shadow/patches/useradd-defaults.patch b/srcpkgs/shadow/patches/useradd-defaults.patch
new file mode 100644
index 00000000000000..38035df40cfcab
--- /dev/null
+++ b/srcpkgs/shadow/patches/useradd-defaults.patch
@@ -0,0 +1,21 @@
+diff --git a/src/useradd.c b/src/useradd.c
+index 677ea5a636f..49f55211a17 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -87,14 +87,14 @@ const char *Prog;
+ /*
+ * These defaults are used if there is no defaults file.
+ */
+-static gid_t def_group = 1000;
++static gid_t def_group = 100;
+ static const char *def_groups = "";
+ static const char *def_gname = "other";
+ static const char *def_home = "/home";
+ static const char *def_shell = "/bin/bash";
+ static const char *def_template = SKEL_DIR;
+ static const char *def_usrtemplate = USRSKELDIR;
+-static const char *def_create_mail_spool = "yes";
++static const char *def_create_mail_spool = "no";
+ static const char *def_log_init = "yes";
+
+ static long def_inactive = -1;
diff --git a/srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch b/srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch
new file mode 100644
index 00000000000000..fc0f5aa6eb1e93
--- /dev/null
+++ b/srcpkgs/shadow/patches/void-linux-defaults-for-login.defs.patch
@@ -0,0 +1,43 @@
+etc/login.defs:
+- Change `ENV_SUPATH` and `ENV_SUPATH` to only use
+ /usr/local/sbin:/usr/local/bin:/usr/bin as Void is a /usr and
+ bin merge distribution.
+- Set `HOME_MODE` to `0700` to be able to rely on a `UMASK` of `022`
+ while creating home directories in a privacy conserving manner.
+- Change ENCRYPT_METHOD to YESCRYPT as it is a safer hashing algorithm
+ than DES.
+---
+
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -55,8 +55,8 @@ HUSHLOGIN_FILE .hushlogin
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+ # (they are minimal, add the rest in the shell startup files)
+-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
+-ENV_PATH PATH=/bin:/usr/bin
++ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
++ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+
+ #
+ # Terminal permissions
+@@ -84,7 +84,7 @@ UMASK 022
+ # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+ # home directories.
+ # If HOME_MODE is not set, the value of UMASK is used to create the mode.
+-#HOME_MODE 0700
++HOME_MODE 0700
+
+ #
+ # Password aging controls:
+@@ -152,7 +152,7 @@ CHFN_RESTRICT rwh
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+-#ENCRYPT_METHOD DES
++ENCRYPT_METHOD YESCRYPT
+
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+--
+2.44.0
diff --git a/srcpkgs/shadow/patches/xstrdup.patch b/srcpkgs/shadow/patches/xstrdup.patch
deleted file mode 100644
index 562febcf4164f1..00000000000000
--- a/srcpkgs/shadow/patches/xstrdup.patch
+++ /dev/null
@@ -1,9 +0,0 @@
---- a/libmisc/xmalloc.c 2008-08-30 21:55:44.000000000 -0500
-+++ b/libmisc/xmalloc.c.new 2008-08-30 21:55:36.000000000 -0500
-@@ -61,5 +61,6 @@
-
- char *xstrdup (const char *str)
- {
-+ if(str == NULL) return NULL;
- return strcpy (xmalloc (strlen (str) + 1), str);
- }
diff --git a/srcpkgs/shadow/template b/srcpkgs/shadow/template
index c7ece33540c9a0..05d686fea9dce9 100644
--- a/srcpkgs/shadow/template
+++ b/srcpkgs/shadow/template
@@ -1,45 +1,52 @@
# Template file for 'shadow'
pkgname=shadow
-version=4.8.1
-revision=3
+version=4.16.0
+revision=1
build_style=gnu-configure
-configure_args="--bindir=/usr/bin --sbindir=/usr/bin
- --enable-shared --disable-static
- --with-libpam --without-selinux --with-acl --with-attr --without-su
- --disable-nls --enable-subordinate-ids --disable-account-tools-setuid
- --with-group-name-max-length=32"
-hostmakedepends="libtool"
-makedepends="acl-devel pam-devel"
+configure_args="--bindir=/usr/bin --sbindir=/usr/bin --libdir=/usr/lib
+ --enable-shared --disable-static --enable-lastlog --with-libpam
+ --with-yescrypt --without-selinux --with-acl --with-attr --without-su
+ --disable-nls --without-bcrypt --enable-subordinate-ids
+ --disable-account-tools-setuid --with-group-name-max-length=32"
+hostmakedepends="libtool pkg-config"
+makedepends="acl-devel pam-devel libbsd-devel"
depends="pam"
short_desc="Shadow password file utilities"
maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://github.com/shadow-maint/shadow"
distfiles="${homepage}/releases/download/${version}/shadow-${version}.tar.xz"
-checksum=a3ad4630bdc41372f02a647278a8c3514844295d36eefe68ece6c3a641c1ae62
-conf_files="/etc/pam.d/* /etc/default/* /etc/login.defs"
+checksum=b78e3921a95d53282a38e90628880624736bf6235e36eea50c50835f59a3530b
+conf_files="
+ /etc/pam.d/chage
+ /etc/pam.d/chgpasswd
+ /etc/pam.d/chpasswd
+ /etc/pam.d/groupadd
+ /etc/pam.d/groupdel
+ /etc/pam.d/groupmems
+ /etc/pam.d/groupmod
+ /etc/pam.d/newusers
+ /etc/pam.d/passwd
+ /etc/pam.d/useradd
+ /etc/pam.d/userdel
+ /etc/pam.d/usermod"
if [ "$XBPS_TARGET_LIBC" = "glibc" ]; then
makedepends+=" libxcrypt-devel"
fi
-pre_configure() {
- case "$XBPS_TARGET_MACHINE" in
- # Completely disable unportable ruserok().
- *-musl) sed '/RUSEROK/d' -i configure;;
- esac
-}
-
do_build() {
# Don't install groups(1), we use the one from coreutils.
- sed -i 's/groups$(EXEEXT) //' src/Makefile
- for f in $(find man -name Makefile); do
+ sed -i 's/groups$(EXEEXT) //' src/Makefile.in
+ for f in $(find man -name Makefile.in); do
sed -i 's/groups\.1 / /' $f
done
make ${makejobs}
}
post_install() {
+ make -C man DESTDIR="$DESTDIR" install-man
+
mv ${DESTDIR}/usr/sbin/* ${DESTDIR}/usr/bin
# Install our pam files not the ones supplied with shadow.
@@ -51,14 +58,6 @@ post_install() {
groupmod newusers useradd userdel usermod; do
install -m644 $DESTDIR/etc/pam.d/chage $DESTDIR/etc/pam.d/${f}
done
- install -m644 ${FILESDIR}/login.defs ${DESTDIR}/etc
-
- # Disable creating mailbox files by default.
- sed -i -e 's/yes/no/' $DESTDIR/etc/default/useradd
- # Change default group to the users gid (100).
- sed -i -e 's/^\(GROUP\)=\(.*\)$/\1=100/' ${DESTDIR}/etc/default/useradd
-
- chmod 644 ${DESTDIR}/etc/default/useradd
# Install the cron daily job.
install -Dm744 ${FILESDIR}/shadow.cron-daily \
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.16.0.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (63 preceding siblings ...)
2024-10-18 8:31 ` [PR PATCH] [Updated] " dataCobra
@ 2024-10-18 8:31 ` dataCobra
2024-12-15 8:35 ` dkwo
` (4 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2024-10-18 8:31 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 149 bytes --]
New comment by dataCobra on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-2418729532
Comment:
bump.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.16.0.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (64 preceding siblings ...)
2024-10-18 8:31 ` dataCobra
@ 2024-12-15 8:35 ` dkwo
2025-01-12 12:20 ` dkwo
` (3 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dkwo @ 2024-12-15 8:35 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 251 bytes --]
New comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-2543558065
Comment:
@dataCobra Version 4.17 has an RC out, and it removes groups and id. Maybe we can start experimenting with that?
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.16.0.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (65 preceding siblings ...)
2024-12-15 8:35 ` dkwo
@ 2025-01-12 12:20 ` dkwo
2025-04-13 2:17 ` github-actions
` (2 subsequent siblings)
69 siblings, 0 replies; 71+ messages in thread
From: dkwo @ 2025-01-12 12:20 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 160 bytes --]
New comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-2585712018
Comment:
version 4.17.2 is out
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.16.0.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (66 preceding siblings ...)
2025-01-12 12:20 ` dkwo
@ 2025-04-13 2:17 ` github-actions
2025-04-17 19:32 ` [PR PATCH] [Closed]: " dataCobra
2025-04-23 16:55 ` dkwo
69 siblings, 0 replies; 71+ messages in thread
From: github-actions @ 2025-04-13 2:17 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 305 bytes --]
New comment by github-actions[bot] on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-2799551595
Comment:
Pull Requests become stale 90 days after last activity and are closed 14 days after that. If this pull request is still relevant bump it or assign it.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: [PR PATCH] [Closed]: shadow: update to 4.16.0.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (67 preceding siblings ...)
2025-04-13 2:17 ` github-actions
@ 2025-04-17 19:32 ` dataCobra
2025-04-23 16:55 ` dkwo
69 siblings, 0 replies; 71+ messages in thread
From: dataCobra @ 2025-04-17 19:32 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 519 bytes --]
There's a closed pull request on the void-packages repository
shadow: update to 4.16.0.
https://github.com/void-linux/void-packages/pull/48813
Description:
#### Testing the changes
- I tested the changes in this PR: **NOT YET**
#### Local build testing
- I built this PR locally for my native architecture, (x86_64-glibc)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- x86_64-musl
- i686
I welcome everyone to test this version. Maybe also on a new installation.
^ permalink raw reply [flat|nested] 71+ messages in thread
* Re: shadow: update to 4.16.0.
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
` (68 preceding siblings ...)
2025-04-17 19:32 ` [PR PATCH] [Closed]: " dataCobra
@ 2025-04-23 16:55 ` dkwo
69 siblings, 0 replies; 71+ messages in thread
From: dkwo @ 2025-04-23 16:55 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 233 bytes --]
New comment by dkwo on void-packages repository
https://github.com/void-linux/void-packages/pull/48813#issuecomment-2824945745
Comment:
I tried updating at https://github.com/void-linux/void-packages/pull/55167 , comments welcome.
^ permalink raw reply [flat|nested] 71+ messages in thread
end of thread, other threads:[~2025-04-23 16:55 UTC | newest]
Thread overview: 71+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-02-18 12:12 [PR PATCH] shadow: update to 4.14.5 dataCobra
2024-02-18 12:22 ` [PR PATCH] [Updated] " dataCobra
2024-02-18 12:45 ` dataCobra
2024-02-18 13:00 ` dataCobra
2024-02-18 13:34 ` dataCobra
2024-02-19 21:25 ` [PR REVIEW] " dkwo
2024-02-19 21:26 ` dkwo
2024-02-19 21:27 ` dkwo
2024-02-19 22:08 ` dkwo
2024-02-19 22:10 ` dkwo
2024-02-20 9:10 ` [PR REVIEW] " dataCobra
2024-02-20 10:03 ` [PR PATCH] [Updated] " dataCobra
2024-02-20 10:05 ` dataCobra
2024-02-20 10:07 ` dataCobra
2024-02-20 14:21 ` [PR REVIEW] " dkwo
2024-02-20 14:21 ` dkwo
2024-02-20 14:23 ` dkwo
2024-02-20 15:11 ` [PR PATCH] [Updated] " dataCobra
2024-02-20 15:13 ` dataCobra
2024-02-20 15:14 ` dataCobra
2024-02-20 16:18 ` dkwo
2024-02-22 9:37 ` [PR REVIEW] " sgn
2024-02-22 10:01 ` dataCobra
2024-02-22 12:02 ` [PR PATCH] [Updated] " dataCobra
2024-02-22 13:44 ` dkwo
2024-02-22 15:19 ` dataCobra
2024-02-24 17:38 ` [PR PATCH] [Updated] " dataCobra
2024-02-24 20:40 ` dkwo
2024-02-24 20:43 ` dkwo
2024-02-25 14:26 ` [PR PATCH] [Updated] " dataCobra
2024-02-25 14:31 ` dataCobra
2024-02-25 14:31 ` dataCobra
2024-02-25 16:00 ` dkwo
2024-03-06 16:23 ` dkwo
2024-03-09 12:39 ` [PR REVIEW] " alejandro-colomar
2024-03-09 12:44 ` alejandro-colomar
2024-03-09 12:50 ` [PR REVIEW] " alejandro-colomar
2024-03-09 12:50 ` alejandro-colomar
2024-03-09 12:52 ` alejandro-colomar
2024-03-09 13:01 ` alejandro-colomar
2024-03-09 13:02 ` alejandro-colomar
2024-03-09 18:00 ` dkwo
2024-03-09 18:04 ` [PR REVIEW] " dkwo
2024-03-09 18:10 ` alejandro-colomar
2024-03-09 18:26 ` alejandro-colomar
2024-03-09 18:27 ` alejandro-colomar
2024-03-09 18:28 ` alejandro-colomar
2024-03-10 15:39 ` dataCobra
2024-03-22 19:03 ` [PR PATCH] [Updated] " dataCobra
2024-03-22 19:05 ` dataCobra
2024-03-22 19:09 ` dataCobra
2024-03-22 22:52 ` shadow: update to 4.15.0 dkwo
2024-03-22 23:12 ` alejandro-colomar
2024-03-22 23:13 ` alejandro-colomar
2024-03-24 19:40 ` dataCobra
2024-05-20 21:18 ` dkwo
2024-06-10 7:45 ` dataCobra
2024-07-14 15:57 ` [PR PATCH] [Updated] " dataCobra
2024-07-14 16:00 ` shadow: update to 4.16.0 dataCobra
2024-07-14 17:25 ` alejandro-colomar
2024-07-14 17:26 ` alejandro-colomar
2024-07-14 17:27 ` alejandro-colomar
2024-10-17 1:59 ` github-actions
2024-10-17 7:05 ` dataCobra
2024-10-18 8:31 ` [PR PATCH] [Updated] " dataCobra
2024-10-18 8:31 ` dataCobra
2024-12-15 8:35 ` dkwo
2025-01-12 12:20 ` dkwo
2025-04-13 2:17 ` github-actions
2025-04-17 19:32 ` [PR PATCH] [Closed]: " dataCobra
2025-04-23 16:55 ` dkwo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).