15441 lines
664 KiB

2022-11-08 Serge Hallyn <>
* useradd.8: fix default group ID (Tim Biermann)
* Revert drop of subid_init() (Serge Hallyn)
* Georgian translation (NorwayFun)
* useradd: Avoid taking unneeded space: do not reset non-existent data
in lastlog (David Kalnischkies)
* relax username restrictions (Alexander Kanavin)
* selinux: check MLS enabled before setting serange (genBTC)
* copy_tree: use fchmodat instead of chmod (Samanta Navarro)
* copy_tree: don't block on FIFOs (Samanta Navarro)
* add shell linter (Jan Macku)
* copy_tree: carefully treat permissions (Samanta Navarro)
* lib/commonio: make lock failures more detailed (Luca BRUNO)
* lib: use strzero and memzero where applicable (Christian Göttsche)
* Update Dutch translation (Frans Spiesschaert)
* Don't test for NULL before calling free (Alex Colomar)
* Use libc MAX() and MIN() (Alejandro Colomar)
* chage: Fix regression in print_date (Xiami)
* usermod: report error if homedir does not exist (Iker Pedrosa)
* libmisc: minimum id check for system accounts (Iker Pedrosa)
* fix usermod -rG x y wrongly adding a group (xyz)
* man: add missing space in useradd.8.xml (Iker Pedrosa)
* lastlog: check for localtime() return value (Iker Pedrosa)
* Raise limit for passwd and shadow entry length (Iker Pedrosa)
* Remove adduser-old.c (Alejandro Colomar)
* useradd: Fix buffer overflow when using a prefix (David Michael)
* Don't warn when failed to open /etc/nsswitch.conf (Serge Hallyn)
2022-08-15 Serge Hallyn <>
* Address CVE-2013-4235 (TOCTTOU when copying directories)
(Christian Göttsche)
2022-08-15 Serge Hallyn <>
* Fix uk manpages
2022-08-08 Serge Hallyn <>
* Add absolute path hint to --root (Celeste Liu)
* Various cleanups (Christian Göttsche)
* Fix Ubuntu release used in CI tests (Jeremy Whiting)
* add -F options to useradd (and tests) (Masatake YAMATO)
* useradd manpage updates (Masatake YAMATO and Alexander Zhang))
* Check for ownerid (not just username) in subid ranges (Iker Pedrosa)
2022-07-04 Serge Hallyn <>
* Declare file local functions static (Christian Göttsche)
* Use strict prototypes (Christian Göttsche)
* Do not drop const qualifier for Basename (Christian Göttsche)
* Constify various pointers (Christian Göttsche)
* Don't return uninitialized memory (Christian Göttsche)
* Don't let compiler optimize away memory cleaning (Christian Göttsche)
* Remove many obsolete compatibility checks and defines (Alejandro Colomar)
* Modify ID range check in useradd (Iker Pedrosa)
* Use "extern "C"" to make libsubid easier to use from C++ (Alois Wohlschlager)
* French translation updates (bubu)
* Fix s/with-pam/with-libpam/ (serge)
* Spanish translation updates (Fernando)
* French translation fixes (Balint Reczey)
* Default max group name length to 32 (Jami Kettunen)
* Fix PAM service files without-selinux (Ali Riza KESKIN)
* Improve manpages (Markus Hiereth)
- groupadd, useradd, usermod
- groups and id
- pwck
* Add fedora to CI builds (Iker Pedrosa)
* Fix condition under which pw_dir check happens (Ed Neville)
* logoutd: switch to strncat (Steve Grubb)
* AUTHORS: improve markdown output (Iker Pedrosa)
* Handle ERANGE errors correctly (Niko)
* Check for fopen NULL return (juyin)
* Split get_salt() into its own fn juyin)
* Get salt before chroot to ensure /dev/urandom. (juyin)
* Chpasswd code cleanup (juyin)
* Work around git enforcement (serge)
* Alphabetize order in usermod help (Matheus Marques)
* Erase password copy on error branches (Christian Göttsche)
* Suggest using --badname if needed (Iker Pedrosa)
* Update translation files (Iker Pedrosa)
* Correct badnames option to badname (Iker Pedrosa)
* configure: replace obsolete autoconf macros (Christian Göttsche)
* tests: replace egrep with grep -E (Sam James)
* Update Ukrainian translations (Yuri Chornoivan)
* Cleanups (Iker Pedrosa)
- Remove redeclared variable
- Remove commented out code and FIXMEs
- Add header guards
- Initialize local variables
* CI updates (Iker Pedrosa)
- Create github workflow to install dependencies
- Enable CodeQL
- Update actions version
* libmisc: use /dev/urandom as fallback if other methods fail (Xi Ruoyao)
2022-01-02 Serge Hallyn <>
* build: include lib/shadowlog_internal.h in dist tarballs (Sam James)
2022-01-02 Serge Hallyn <>
* Handle possible TOCTTOU issues in usermod/userdel (edneville)
* (CVE-2013-4235)
* Use O_NOFOLLOW when copying file
* Kill all user tasks in userdel
* Fix useradd -D segfault (Xi Ruoyao)
* Clean up obsolete libc feature-check ifdefs (Alejandro Colomar)
* Fix -fno-common build breaks due to duplicate Prog declarations
(Adam Sampson)
* Have single date_to_str definition (Alejandro Colomar)
* Fix libsubid SONAME version (Sam James)
2021-12-19 Serge Hallyn <>
Note: From this release forward, su from this package should be
considered deprecated. Please replace any users of it with su from
util-linux. Please open an issue if there is a problem with that.
We intend to remove it in an upcoming release.
* libsubid fixes (Xi Ruoyao, Serge Hallyn, Iker Pedrosa, Mike Gilbert,
GalaxyMaster, and Luís Ferreira)
* Rename the test program list_subid_ranges to getsubids, write
a manpage, so distros can ship it. (Iker Pedrosa)
* Add libeconf dep for new*idmap (Iker Pedrosa)
* Allow all group types with usermod -G (Iker Pedrosa)
* Avoid useradd generating empty subid range (Iker Pedrosa)
* Handle NULL pw_passwd (Jaroslav Jindrak)
* Fix default value SHA_get_salt_rounds (Mike Gilbert)
* Use https where possible in README (Paul Menzel)
* Update content and format of README (Iker Pedrosa)
* Translation updates (Balint Reczey, Frans Spiesschaert)
* Switch from xml2po to itstool in 'make dist' (Serge Hallyn)
* Fix double frees (Michael Vetter)
* Add LOG_INIT configurable to useradd (Andy Zaugg)
* Add CREATE_MAIL_SPOOL documentation (Andy Zaugg)
* Create a
* Fix su never being SIGKILLd when trapping TERM (Ruihan li)
* Fix wrong SELinux labels in several possible cases (Iker Pedrosa)
* Fix missing chmod in chadowtb_move (GalaxyMaster)
* Handle malformed hushlogins entries (Tobias Stoeckmann)
* Fix groupdel segv when passwd does not exist (François Rigault)
* Fix covscan-found newgrp segfault (Iker Pedrosa)
* Remove trailing slash on hoedir (Ed Neville)
* Fix passwd -l message - it does not change expirey (Ed Neville)
* Fix SIGCHLD handling bugs in su and vipw (Tobias Stoeckmann)
* Remove special case for "" in usermod (Alejandro Colomar)
* Implement usermod -rG to remove a specific group
(Andy Zaugg)
* call pam_end() after fork in child path for su and login
(Björn Fischer)
* useradd: In absence of /etc/passwd, assume 0 == root
(Ludwig Nussel)
* lib: check NULL before freeing data (Iker Pedrosa)
* Fix pwck segfault (Iker Pedrosa)
2021-07-22 Serge Hallyn <>
* Updated translations (Björn Esser, Juergen Hoetzel)
* Major salt updates (Björn Esser)
* Various coverity and cleanup fixes (Iker Pedrosa)
* Consistently use 0 to disable PASS_MIN_DAYS in man (tzccinct)
* Implement NSS support for subids and a libsubid (Serge Hallyn)
* setfcap: retain setfcap when mapping uid 0 (Christian Brauner)
* login.defs: include HMAC_CRYPTO_ALGO key (Iker Pedrosa)
* selinux fixes (Christian Göttsche)
* Fix path prefix path handling (Lucas Servén Marín)
* Manpage updates (tzccinct, Sevan Janiyan, Iker Pedrosa, Geert Ijewski,
谭九鼎, Jamin W. Collins, towerpark, andydna, Frans Spiesschaert)
* Treat an empty passwd field as invalid (Haelwenn Monnier)
* newxidmap: allow running under alternative gid (Martijn de Gouw)
* usermod: check that shell is executable (Geert Ijewski)
* Add yescript support (Rodolphe Bréard)
* useradd memleak fixes (whzhe)
* useradd: use built-in settings by default (Ludwig Nussel)
* getdefs: add foreign (non-shadow-utils) items (Karel Zak)
* buffer overflow fixes (Tobias Stoeckmann)
* Adding run-parts style for pre and post useradd/del (
2020-01-23 Serge Hallyn <>
* selinux: inclue stdio (Michael Vetter)
* man: don't suggest making groupmems user-writeable (Michael Weiser)
* Makefile: bail out on error in for loops (Wolfgang Bumiller)
* Adding logging of SSH_ORIGINAL_COMMAND to nologin. (
* add new HOME_MODE login.defs option (Duncan Overbruck)
* Add tty logging to useradd (
* Useradd: make non-executable shell check only a warning (Tomas Mraz)
* Update Dutch translation (Frans-Spiesschaert)
* user_busy: Do not mistake a regular user process for a namespaced one (Tomas Mraz)
* Revert "Honor --sbindir and --bindir for binary installation" Patrick McLean)
2019-12-20 Dave Reisner <>
* Do not auto-enable acct_tools_setuid just because
pam is enabled. NOTE - any distros which are relying
on this behavior will need to switch to configure
2019-12-01 Serge Hallyn <>
* Release 4.8
* Initial optional bcrypt support.
* Make build/install of 'su' optional.
* Fix for vipw not resuming correctly when suspended
* Sync password field descriptions in manpages
* Check for valid shell argument in useradd
* Allow translation of new strings through
* Migrate to itstool for translations
* Migrate to new SELinux api
* Support --enable-vendordir
* pwck: Only check homedir if set and not a system user
* Support nonstandard usernames
* sget{pw,gr}ent: check for data at EOL
* Add YYY-MM-DD support in chage
* Fix failing chmod calls for suidubins
* Fix --sbindir and --bindir for binary installations
* Fix LASTLOG_UID_MAX in login.defs
* Fix configure error with dash
2019-06-13 Serge Hallyn <>
* Release 4.7
* Spawn: don't loop forever on ECHILD
* Do not fail locking if there is a stale lockfile Tomas Mraz)
* Use lckpwdf if prefix not set (Tomas Mraz)
* Build: check correct DocBook version (Jan Tojnar)
* Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn)
* Add support for btrfs subvolumes for home (Adam Majer)
* Fix chpasswd long line handling (Nathan Ruiz)
* Use secure_getenv for gettime (Chris Lamb)
* Make sp_lstchg reproducible (Chris Lamb)
* Do not crash commonio_close if db file is not open (Tomas Mraz)
* Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
* French manpage update (Alban VIDAL)
* Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
* Sync po files from shadow.pot (Alban VIDAL)
* Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
* Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
* new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
* Fix segfault in useradd (Tomas Mraz)
* Coverity issues (Tomas Mraz)
* Flush sssd caches (Jakub Hrozek)
* Log UID in nologin (Vladimir Ivanov)
* run pam_getenvlist after setup_env in su.c (Michael Vogt)
* Support systems with only utmpx (A. Wilcox)
* Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
* Update po/zh_CN translation (Lion Yang)
* Create parent dirs for useradd -m (Michael Vetter)
* Prevent usermod segv
* Fix usermod crash (fariouche)
2018-04-29 Serge Hallyn <>
* Release 4.6
* Newgrp: avoid unnecessary lookups
* Make language less binary
* Add error when turning off man switch
* Spelling fixes
* Make userdel work with -R
* newgidmap: enforce setgroups=deny if self-mapping a group
* Norwegian bokmål translation
* pwck: prevent crash by not passing O_CREAT
* WITH_TCB fixes from Mandriva
* Fix pwconv and grpconv entry skips
* Fix -- slurping in su
* add --prefix option
2017-07-16 Serge Hallyn <>
* Import new Dutch translations.
2017-07-10 Serge Hallyn <>
* Expand error codes for groupmod.
2017-05-17 Serge Hallyn <>
* Release 4.5
2017-05-17 Serge Hallyn <>
* Patch from Tobias Stoeckmann fixing regression in previous CVE fix
preventing SIGTERM to su from being propagated to the job.
* Patch from Chris Lamb making sp_lstchg shadow field reproducible.
* Merge Russian translation updates from Yuri Kozlov
* Fix missing close of subuid file on error
2017-02-23 Serge Hallyn <>
* Merge patch by Tobias Stoeckmann <> to fix
the equivalent of util-linux CVE-2017-2616.
2017-02-08 Serge Hallyn <>
* Update Kazakh translations
* Consult configuration before calculating subuids
* Remove misplaced semicolon
2017-01-29 Serge Hallyn <>
* Patch from Fedora to improve performance with SSSD, Winbind,
or nss_ldap. (Tomas Mraz)
* Make sure knowndef_table is NULL-terminated. (Bernhard Rosenkränzer)
2016-12-21 Serge Hallyn <>
* Drop leading underscore from _COMMONIO_H and _SHADOWIO_H
* Fix readability in usermod error messages.
* Reset user in tallylog
* Add audit support to su
2016-12-02 Serge Hallyn <>
* changes since 4.4
- Use sizeof rather than hardcoding snprintf args
- Fix useradd improper default loading
- Update Vietnamese translations
- Update Polish translations
- Remove non-POSIX chmod option in Makefile
- Fix suidubins assignments
- Fix --add-subuids etc spelling in manpages
- Audit homedir ownership change.
- Print error on selinux file context update failure
- Keep original file perms when creating a backup
* (henceforth we'll update Changelog with each commit
and proper credit)
2016-12-02 Serge Hallyn <>
* Changes since 4.2.1:
- Documentation, error report and translations updates
- Replace path_max with 32
- User namespace support fixes/updates including:
- Correct sanity checks in newXidmap
- Fix building without subuid support
- Add /etc/subuid support for UID matching
- Support subuid for nonlocal users
- Default to 65536 subuid allocations
- Respect -r
- Check for range overflows
- Add tests from svn tree
- Use AC_CHECK_SIZEOF for uid_t size checks
- Accomodate missing /etc and login.defs
- Be more robust in hostile environment
- Allow removing a primary group
- Clear passwords on __pw_dup errors
- Memory leak fix in commonio_update and get_map_ranges
- Fix resource leak in syslog_sg
- Fix user busy error at userdel
- Support set/clear lastlog record via lastlog command
- Add --no-create-home as longopt for -M
- Fix signal races
- Reduce syslog priority of common usage events
2013-08-25 Nicolas François <>
* src/vipw.c: After waitpid(), use errno only if waitpid returned
-1. Debian#688260
* src/vipw.c: Likewise for system().
2013-08-23 victory <>
* po/ja.po: Updated to 558t
2013-08-22 Nicolas François <>
* man/po/shadow-man-pages.pot: Regenerated.
* man/po/*.po: Updated PO files.
2013-08-22 Nicolas François <>
* man/newgrp.1.xml: Fix encoding.
* man/sg.1.xml: Likewise.
2013-08-22 Nicolas François <>
* man/po/da.po: Unfuzzy according to previous change.
* man/po/de.po: Likewise.
* man/po/fr.po: Likewise.
* man/po/it.po: Likewise.
* man/po/pl.po: Likewise.
* man/po/ru.po: Likewise.
* man/po/sv.po: Likewise.
* man/po/zh_CN.po: Likewise.
2013-08-22 Nicolas François <>
* man/chage.1.xml: Add a non breaking space between options and
their parameter because xml2po removes those spaces. Alioth#314401
* man/chfn.1.xml: Likewise.
* man/chgpasswd.8.xml: Likewise.
* man/chpasswd.8.xml: Likewise.
* man/chsh.1.xml: Likewise.
* man/faillog.8.xml: Likewise.
* man/gpasswd.1.xml: Likewise.
* man/groupadd.8.xml: Likewise.
* man/groupdel.8.xml: Likewise.
* man/groupmems.8.xml: Likewise.
* man/groupmod.8.xml: Likewise.
* man/grpck.8.xml: Likewise.
* man/lastlog.8.xml: Likewise.
* man/newusers.8.xml: Likewise.
* man/passwd.1.xml: Likewise.
* man/pwck.8.xml: Likewise.
* man/pwconv.8.xml: Likewise.
* man/su.1.xml: Likewise.
* man/useradd.8.xml: Likewise.
* man/userdel.8.xml: Likewise.
* man/usermod.8.xml: Likewise.
* man/vipw.8.xml: Likewise.
2013-08-22 Nicolas François <>
* man/po/shadow-man-pages.pot: Regenerated.
* man/po/*.po: Updated PO files.
2013-08-22 Nicolas François <>
* man/po/de.po: Fix encoding.
2013-08-19 Nicolas François <>
* lib/subordinateio.c (subordinate_next): Fix return value.
2013-08-16 Nicolas François <>
* libmisc/idmapping.c: Include <stdio.h> needed for fprintf() and
2013-08-15 Nicolas François <>
* man/login.defs.d/SUB_GID_COUNT.xml: Document newusers behavior
when the user already have subordinate group IDs.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/login.defs.d/SUB_GID_COUNT.xml: Fix typo (MAX<->MIN).
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
2013-08-15 Nicolas François <>
* src/usermod.c: Check early if /etc/subuid (/etc/subgid) exists
when option -v/-V (-w/-W) are provided.
2013-08-15 Nicolas François <>
* src/usermod.c: Fix parse of ranges. The hyphen might be followed
by a negative integer.
2013-08-15 Nicolas François <>
* lib/subordinateio.c (find_free_range): max is allowed for new
2013-08-15 Nicolas François <>
* libmisc/find_new_sub_gids.c: Remove dead code.
find_new_sub_gids() is always called with *range_count set to 0.
It's more difficult to keep the subordinate GIDs and UIDs
synchronized, than for the user's UID/GId because the count of
subordinate IDs may differ.
* libmisc/find_new_sub_uids.c: Likewise.
* lib/subordinateio.h, lib/subordinateio.c: Remove APIs that are
no more needed: is_sub_uid_range_free(), is_sub_gid_range_free(),
2013-08-13 Nicolas François <>
* Check if sizeof uid_t and gid_t is larger than 32
bit to support subordinate IDs.
2013-08-13 Nicolas François <>
* lib/subordinateio.c: Avoid dead branches.
* lib/subordinateio.c: Add schematics with ranges to help reviews.
* lib/subordinateio.c: Avoid implicit conversion of pointers and
integers to booleans.
* lib/subordinateio.c: Added brackets.
2013-08-13 Nicolas François <>
* src/vipw.c: Fail in case arguments are provided after options.
2013-08-13 Nicolas François <>
* lib/subordinateio.c: Fix count for ranges truncated in
2013-08-13 Nicolas François <>
* src/su.c: Terminate the child (if needed) before closing the PAM
session. This is probably more correct, and avoid reporting
termination from signals possibly sent by PAM modules (e.g. former
versions of pam_systemd). Debian#670132
2013-08-13 Nicolas François <>
* src/su.c: When a SIGTSTP is caught, reset caught to 0. There is
no need to kill the child in such case after su is resumed. This
remove the "Session terminated, terminating shell...
...terminated." messages in such case.
2013-08-13 Nicolas François <>
* man/newgidmap.1.xml: Document the checks performed before
setting the mapping in /proc.
* man/newuidmap.1.xml: Likewise.
2013-08-13 Nicolas François <>
* libmisc/idmapping.h: Document what the upper and lower fields
are in struct map_range.
* man/newgidmap.1.xml: Document when the gid, gidlower and count
argument are.
* man/newuidmap.1.xml: Likewise for uid, uidlower and count.
2013-08-13 Nicolas François <>
* libmisc/salt.c (shadow_random): Use long instead of size_t.
Compatibility with size_t is easier to check since it's used for
smaller numbers (salt size).
2013-08-13 Nicolas François <>
* lib/groupmem.c: Add splint annotations. The added memset makes
splint think data was allocated.
* lib/pwmem.c: Likewise.
* lib/sgroupio.c: Likewise.
* lib/shadowmem.c: Likewise.
2013-08-13 Nicolas François <>
* man/login.defs.d/SUB_GID_COUNT.xml: Document that the behavior
of useradd and newusers depends on the existence of /etc/subgid.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise for /etc/subuid.
2013-08-13 Nicolas François <>
* src/useradd.c: Change message in case of find_new_sub_uids /
find_new_sub_gids failure. This complements the messages already
provided by these APIs.
2013-08-13 Nicolas François <>
* lib/subordinateio.c: Fix handling of boundaries.
* libmisc/find_new_sub_uids.c: Likewise.
* libmisc/find_new_sub_gids.c: Likewise.
2013-08-12 Nicolas François <>
* lib/subordinateio.c: Fix removal of ranges. The database needs
to be marked as changed or commonio_close will discard any change.
2013-08-11 Nicolas François <>
* man/newusers.8.xml: Include documentation of SUB_GID_MIN,
* man/useradd.8.xml: Likewise.
* man/usermod.8.xml: Likewise.
* man/newusers.8.xml: Document usage of /etc/subgid /etc/subuid.
* man/useradd.8.xml: Likewise.
* man/userdel.8.xml: Likewise.
* man/usermod.8.xml: Likewise.
* man/newusers.8.xml: Add references to subgid(5) and subuid(5).
* man/useradd.8.xml: Likewise.
* man/userdel.8.xml: Likewise.
* man/subgid.5.xml: Sort references alphabetically.
* man/subuid.5.xml: Likewise.
* man/subgid.5.xml: Add references to newusers(8), useradd(8),
userdel(8), usermod(8), user_namespaces(7).
* man/subuid.5.xml: Likewise.
2013-08-11 Nicolas François <>
* man/newgidmap.1.xml: Sort references alphabetically.
* man/newuidmap.1.xml: Likewise.
2013-08-11 Nicolas François <>
* Add configure options --enable-subordinate-ids /
--disable-subordinate-ids. Enabled by default.
* lib/prototypes.h: Include <config.h> before using its macros.
* lib/commonio.h, lib/commonio.c: Define commonio_append only when
ENABLE_SUBIDS is defined.
* lib/prototypes.h, libmisc/find_new_sub_gids.c,
libmisc/find_new_sub_uids.c: Likewise.
* lib/subordinateio.h, lib/subordinateio.c: Likewise.
* libmisc/user_busy.c: Only check if subordinate IDs are in use if
ENABLE_SUBIDS is defined.
* src/ Create newgidmap and newuidmap only if
ENABLE_SUBIDS is defined.
* src/newusers.c: Check for ENABLE_SUBIDS to enable support for
subordinate IDs.
* src/useradd.c: Likewise.
* src/userdel.c: Likewise.
* src/usermod.c: Likewise.
* man/ Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 only if ENABLE_SUBIDS is defined.
* man/fr/ Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 (not translated yet).
* man/generate_mans.mak: Add xsltproc conditionals
* man/login.defs.d/SUB_GID_COUNT.xml: Add dependency on subids
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/usermod.8.xml: Document options for subordinate IDs and
reference subgid(5) / subuid(5) depending on the subids condition.
2013-08-09 Nicolas François <>
* libmisc/salt.c: Remove unused variable.
2013-08-07 Nicolas François <>
* libmisc/utmp.c: Add include files needed for getaddrinfo().
See Alioth#314271
2013-08-07 Mike Frysinger <>
* Check at configure time whether libc supports
ruserok (support dropped by newer C libraries).
2013-08-07 Nicolas François <>
* man/usermod.8.xml: Fix typos and wording.
* man/usermod.8.xml: Add references to subgid(5) and subuid(5).
2013-08-07 Nicolas François <>
* libmisc/find_new_sub_gids.c: Fix wording: secondary ->
* libmisc/find_new_sub_uids.c: Likewise.
2013-08-06 Nicolas François <>
* libmisc/find_new_sub_gids.c: Remove duplicate check (duplicate
at least in its intent).
* libmisc/find_new_sub_uids.c: Likewise.
2013-08-06 Nicolas François <>
* src/usermod.c: Fix typos.
2013-08-06 Nicolas François <>
* man/subgid.5.xml: Reorder words.
* man/subuid.5.xml: Likewise.
2013-08-06 Nicolas François <>
* man/subgid.5.xml: Fix typos.
* man/subuid.5.xml: Likewise.
* man/subgid.5.xml: Fix copy-paste errors from subuid.5.xml.
2013-08-06 Nicolas François <>
* man/newgidmap.1.xml: Remove copy-pasted NOTE.
* man/newuidmap.1.xml: Likewise.
2013-08-06 Nicolas François <>
* lib/subordinateio.c: Remove unused variables.
2013-08-06 Nicolas François <>
* man/login.defs.d/SUB_GID_COUNT.xml: Fix typo.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/login.defs.d/SUB_UID_COUNT.xml: Fix copy-paste issue from
* man/newgidmap.1.xml: Fix Typo.
* src/useradd.c: Fix typos.
* lib/subordinateio.c: Fix typos.
2013-08-06 Nicolas François <>
Fix Debian bug #675824
* lib/groupmem.c (__gr_dup): Support libc which define other
fields in struct group.
* lib/pwmem.c: Likewise for struct passwd.
* lib/shadowmem.c: Likewise for struct spwd.
* lib/sgroupio.c: Apply same logic, even if this structure is
defined internally.
2013-08-05 Nicolas François <>
* lib/groupio.c: Revert change from 2013-07-29. The length of the
concatenated 2 lines was correct.
2013-08-05 Nicolas François <>
* libmisc/salt.c: random() max value is 2^31-1 (same as RAND_MAX
on GNU). As it is not clear whether on some systems the max value
can exceed this number and whether some systems have max values
which would be lower, we take this into account when defining the
salt size and number of rounds for SHA encrypted passwords. Higher
values are favored.
2013-08-04 Nicolas François <>
* man/su.1.xml: With getopt, '-' does not need to be the last
option, but it is recommended for portability.
2013-08-04 Nicolas François <>
* NEWS: Add NEWS entries.
2013-08-04 Nicolas François <>
* man/po/da.po: Fix translation (--home became --home-dir).
* man/po/de.po: Likewise.
* man/po/fr.po: Likewise.
* man/po/pl.po: Likewise.
* man/po/ru.po: Likewise.
* man/po/sv.po: Likewise.
2013-08-04 Nicolas François <>
* lib/groupio.c (merge_group_entries): Do not allocate more than
necessary (sizeof char* instead of char).
Thanks for Tomáš Mráz (alioth#313962)
* lib/groupio.c (merge_group_entries): Document that new_members
is correctly NULL terminated. (alioth:#313940)
2013-08-03 Nicolas François <>
* Changelog: Update documentation of 2013-07-28 mancha entry.
* lib/prototypes.h, lib/encrypt.c: Update splint marker,
pw_encrypt can return NULL.
* lib/encrypt.c: Fix outdated statement on GNU crypt.
* src/chgpasswd.c: Improve diagnostic to user when pw_encrypt
fails and use fail_exit() instead of exit().
* src/chpasswd.c: Likewise.
* src/newusers.c: Likewise.
* src/passwd.c: Likewise when new password is encrypted.
* src/newgrp.c: Improve diagnostic to user and syslog when
pw_encrypt fails. Do not apply 1s penalty as this is not an
invalid password issue.
* src/passwd.c: Likewise when password is checked.
2013-08-02 Nicolas François <>
* libmisc/setupenv.c: xstrdup the static char* temp_pw_dir /
temp_pw_shell. That way we can continue to use pw_free() without
segving. Thanks to Serge Hallyn for the patch.
* libmisc/setupenv.c: Free pw_dir and pw_shell before reallocating
2013-08-01 Yuri Kozlov <>
* po/ru.po: completed translation
Closes: Debian#718356
2013-07-29 Michael Scherer <>
* libmisc/root_flag.c: use chdir() before calling chroot() to
avoid potential security issue (see
Closes: alioth#313962
2013-07-29 Christian Perrier <>
* man/useradd.xml: use "--home-dir" instead of "--home"
Fix translations too.
Thanks to Ville Skyttä
Closes: alioth#313880
2013-07-29 Ville Skyttä <>
* man/ja/man8/groupmod.8: Syntax fix
Closes: alioth#313785
2013-07-29 Brad Hubbard <>
* lib/groupio.c: add newline char when two lines
are concatenated
Closes: alioth#313942
* lib/groupio.c: fix uninitialised memory in
merge_group_entries causes segfault in useradd by changing
a call to malloc to a call to calloc
Closes: alioth:#313940
2013-07-28 Guido Trentalancia <>
* etc/login.defs: fix typographic errors and use a better format
Closes: Debian#685415
2013-07-28 Simon Brandmair <>
* man/po/de.po: translation completed : 1203 translated messages
Closes: Debian#679152
2013-07-28 mancha <>
* lib/encrypt.c (pw_encrypt): crypt() in glibc/eglibc 2.17 now
fails if passed a salt that violates specs. On Linux, crypt() also
fails with DES/MD5 salts in FIPS140 mode. Rather than exit() on
NULL returns we send them back to the caller for appropriate
handling (instead of exiting). Closes: alioth#314234
* lib/pwauth.c: Handle NULL return from pw_crypt(), return non
zero (as in case of failure).
* libmisc/valid.c: Likewise.
* src/chgpasswd.c: Handle NULL return from pw_crypt(), report
crypt error to stderr and exit.
* src/chpasswd.c: Likewise.
* src/gpasswd.c: Likewise.
* src/newusers.c: Likewise.
* src/passwd.c: Likewise when new password is encrypted.
* src/newgrp.c: Handle NULL return from pw_crypt(), report crypt
error to stderr and syslog and return to report unchanged
* src/passwd.c: Likewise when password is checked.
2013-07-28 Christian Perrier <>
* Prepare for next point release 4.2.
* if using the static char* for pw_dir, strdup it so
pw_free() can be used. (Closes: Debian#691459, alioth#313957)
* Kill the child process group, rather than just the
immediate child; this is needed now that su no
longer starts a controlling terminal when not running an
interactive shell (closes: Debian#713979)
Thansk to Colin Watson for the patch.
2012-05-25 Nicolas François <>
* NEWS: Set release date.
* man/po/shadow-man-pages.pot: Regenerated.
* man/po/*.po: Updated PO files.
2012-05-25 Nicolas François <>
* man/*.xml: Add author based on copyright statement.
* man/<ll>/*.[1358], man/<ll>/man[1358]/*.[1358],
man/<ll>/ Sort manpages per section as the generated
2012-05-20 Nicolas François <>
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2012-05-20 Nicolas François <>
* man/, man/generate_mans.mak: Update clean targets,
due to the generation in separate sub folders.
2012-05-20 Nicolas François <>
* man/su.1.xml: Document author to avoid warnings during
generation. This needs to be rolled out to other manpages.
* man/generate_mans.mak: Do not add a AUTHOR section in the man
2012-05-20 Nicolas François <>
* src/su.c: non PAM enabled versions: do not fail if su is called
without a controlling terminal. Ignore ENXIO errors when opening
2012-05-20 Nicolas François <>
* src/useradd.c: Cleanup, return code 13 no more used.
* man/useradd.8.xml: Document return code 14, and remove return
code 13.
2012-05-20 Nicolas François <>
* NEWS, man/generate_mans.mak: Generate manpages in man1, man3,
man5, man8 subdirectories. This fix the generation of .so links
which did not point to a path relative to the top-level manual
* man/generate_mans.mak: Update man paths accordingly.
* man/ Likewise.
* man/da/ Likewise.
* man/de/ Likewise.
* man/fr/ Likewise.
* man/it/ Likewise.
* man/pl/ Likewise.
* man/ru/ Likewise.
* man/sv/ Likewise.
* man/zh_CN/ Likewise.
2012-05-20 Nicolas François <>
* Prepare for next point release
2012-05-19 Nitin A Kamble <>
* Remove deprecated AM_C_PROTOTYPES (no more
supported in automake 1.12).
2012-05-18 Nicolas François <>
* src/useradd.c: Keep the default file as much as possible to
avoid issue in case of crash. Use link instead of rename.
2012-05-18 Peter Vrabec <>
* lib/commonio.c: Fix labeling of /etc/{passwd,shadow,group,gshadow}.
It will basically label them with same context as
2012-05-18 Nicolas François <>
* src/pwunconv.c: Do not check spw_close() return value (file is
opened readonly).
* src/grpunconv.c: Do not check sgr_close() return value (file is
opened readonly).
2012-05-18 Nicolas François <>
* NEWS, src/userdel.c: Fix segfault when userdel removes the
user's group.
2012-05-17 Nicolas François <>
* NEWS, src/login.c: Log in utmp / utmpx / wtmp also when PAM is
enabled. This is not done by pam_lastlog. This was broken on
* NEWS, libmisc/utmp.c: Do not log in wtmp when PAM is enabled.
This is done by pam_lastlog.
2012-05-17 Christian Perrier <bubulle@Ê>
* man/po/fr.po: French translation of manpages completed
2012-05-17 Simon Brandmair <>
* man/po/de.po: German translation of manpages completed
2012-02-12 Nicolas François <>
* NEWS: New placeholder for the next release ( expected)
2012-04-15 Robert Luberda <>
* man/po/pl.po: Complete translation of logoutd(8) in Polish.
2012-02-13 Mike Frysinger <>
* src/passwd.c: (non PAM flavour) Report permission denied when
access to /etc/shadow fails with EACCES.
2012-02-13 Mike Frysinger <>
* lib/nscd.c: Add missing newline to error message.
* lib/nscd.c: If nscd is installed but not in use, then running
`nscd -i` will exit(1). We shouldn't warn in this case since this
is not abnormal behavior.
2012-02-13 Mike Frysinger <>
* man/.gitignore: Add generate_mans.deps
2012-02-13 Mike Frysinger <>
* man/grpck.8.xml: Relocate space.
2012-02-13 Mike Frysinger <>
* libmisc/copydir.c: Add missing #include <stdarg.h>
2012-02-12 Nicolas François <>
* NEWS: Set release date.
2012-02-12 Nicolas François <>
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2012-02-11 Giuseppe Sacco <>
* man/po/it.po: Updated after review.
2012-02-11 Nicolas François <>
* man/it/ Activate all manpages.
* man/po/it.po: Fix formal issues (end of lines).
2012-02-11 Giuseppe Sacco <>
* man/po/it.po: Updated to 1173t.
2012-01-30 Nicolas François <>
* man/useradd.8.xml, man/su.1.xml, man/po/da.po, man/po/ru.po,
man/po/fr.po, man/po/de.po, man/po/sv.po, man/po/pl.po,
man/po/it.po, man/po/shadow-man-pages.pot, man/po/zh_CN.po: Fix
two typos. Thanks to Giuseppe Sacco. Unfuzzy translations
* po/kk.po, po/nb.po, po/el.po, po/ca.po, po/ja.po: Re-generate.
* man/login.defs.d/ENV_PATH.xml, man/login.defs.d/ENV_SUPATH.xml:
Fix typo.
2012-01-28 Innocent De Marchi <>
* po/ca.po: Updated to 557t.
2012-01-28 Nicolas François <>
* NEWS,, man/da/, man/ Build
manpages with more than 50% translated messages.
* man/fr/ Add missing manpages: chgpasswd.8,
groupmems.8, nologin.8, sulogin.8.
* man/de/ Add missing manpages: chage.1, chgpasswd.8,
chpasswd.8, expiry.1, faillog.5, faillog.8, getspnam.3, gpasswd.1,
groupadd.8, groupdel.8, groupmems.8, groupmod.8, grpck.8,
grpconv.8, grpunconv.8, gshadow.5, lastlog.8, login.defs.5,
logoutd.8, newusers.8, nologin.8, pwck.8, pwconv.8, pwunconv.8,
sg.1, shadow.3, shadow.5, suauth.5, useradd.8, userdel.8,
usermod.8, limits.5, login.access.5, porttime.5, id.1, sulogin.8
* man/zh_CN/ Add missing manpages: chgpasswd.8,
groupmems.8, nologin.8, sulogin.8
* man/pl/, man/sv/, man/it/
Translate only manpages with more than 50% translated messages.
* man/po/da.po: Do not translate names of manpages (newusers,
limits, groups)
2012-01-28 Yuri Kozlov <>
* man/po/ru.po: Updated to 1173t.
2012-01-27 Thomas Blein <>
* po/fr.po: Updated to 557t.
* man/po/fr.po: Updated to 1173t.
2012-01-26 Joe Hansen <>
* po/da.po: Updated to 557t.
* man/po/da.po: Updated to 294t879u.
2012-01-23 Thomas Vasileiou <>
* po/el.po: Updated to 553t.
2012-01-22 Baurzhan Muftakhidinov <>
* po/kk.po: Updated to 557t.
2012-01-21 Miguel Figueiredo <>
* po/pt.po: Updated to 557t.
2012-01-19 Holger Wansing <>
* po/de.po: Updated to 557t.
2012-01-18 Bjørn Steensrud <>
* po/nb.po: Updated to 557t. Thanks also to Hans Fredrik Nordhaug.
2012-01-16 NAKANO Takeo <>
* po/ja.po: Updated to 557t
2012-01-16 Simon Brandmair <>
* man/po/de.po: Updated to 1173t.
2012-01-14 YunQiang Su <>
* po/zh_CN.po: Updated to 551t2f4u
* man/po/zh_CN.po: Updated to 1026t15f132u
2012-01-09 Yuri Kozlov <>
* po/ru.po: Updated to 557t.
2012-01-09 Nicolas François <>
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2012-01-08 Nicolas François <>
* lib/prototypes.h: Cleanup.
* lib/selinux.c, lib/semanage.c: prototypes.h was not included.
2011-12-09 Peter Vrabec <>
* lib/prototypes.h, lib/, po/,
libmisc/copydir.c, lib/selinux.c: Move set_selinux_file_context()
and reset_selinux_file_context() from libmisc/copydir.c to
* lib/commonio.c: Use set_selinux_file_context() and
reset_selinux_file_context() instead of using the existing
database SELinux context to set the context for the newly created
2011-12-09 Nicolas François <>
* src/vipw.c: Do not use a hardcoded program name in the usage
2011-12-04 Nicolas François <>
* po/ca.po, po/cs.po, po/da.po, po/de.po, po/es.po, po/eu.po,
po/fr.po, po/ja.po, po/kk.po, po/pt.po, po/pt_BR.po, po/ru.po,
po/sk.po, po/sv.po, po/vi.po, po/zh_CN.po: Quick unfuzzy.
2011-12-09 Nicolas François <>
* src/newusers.c, src/chpasswd.c, src/chgpasswd.c: Harmonize
usage messages.
2011-12-09 Nicolas François <>
* lib/, lib/prototypes.h, lib/selinux.c,
lib/semanage.c, po/ Move lib/selinux.c to
2011-11-21 Nicolas François <>
* src/usermod.c, man/usermod.8.xml: usermod -Z "" removes the
SELinux user mapping for the modified user.
* src/useradd.c: Zflg is #defined as user_selinux non empty.
2011-11-21 Peter Vrabec <>
* libmisc/copydir.c: Ignore errors to copy ACLs if the operation
is not supported.
2011-11-19 Nicolas François <>
* libmisc/root_flag.c, src/gpasswd.c, src/chsh.c: Add splint
* src/pwconv.c, src/pwunconv.c, src/grpconv.c, src/grpunconv.c:
Ignore return value of spw_rewind, pw_rewind, sgr_rewind, and
* lib/commonio.h: Both head and tail cannot be owned. Set tail as
* src/expiry.c: Ignore return value of expire ().
* src/expiry.c: The catch_signals function does not use its sig
* src/userdel.c: Last audit_logger parameter is a
shadow_audit_result, use SHADOW_AUDIT_FAILURE instead of 0.
* lib/selinux.c: vasprintf requires _GNU_SOURCE to be defined
before including stdio.h.
* src/chage.c: Cast 3rd date_to_str parameter to a time_t
* src/passwd.c: Add missing cast.
* lib/commonio.c: Avoid multiple statements per line.
* lib/commonio.c: Ignore fclose return value when the file was
open read only or was not changed, or if an error is already
2011-11-19 Nicolas François <>
* src/faillog.c: The fail_max field is a short, use a short also
for the max argument of setmax / setmax_one.
* src/faillog.c: Fail with an error message when faillog fails to
write to the faillog database.
2011-11-19 Nicolas François <>
* man/gpasswd.1.xml: Document the difference between the -r and -R
2011-11-19 Nicolas François <>
* man/useradd.8.xml, man/groupadd.8.xml, man/usermod.8.xml,
man/groupmod.8.xml: Avoid hardcoded values, and reference instead
the configuration options (e.g. UID_MIN)
* man/groupmod.8.xml, man/usermod.8.xml: Add missing reference to
* man/login.defs.d/UID_MAX.xml, man/login.defs.d/SYS_UID_MAX.xml,
man/login.defs.d/GID_MAX.xml, man/login.defs.d/SYS_GID_MAX.xml:
Document the default values.
2011-11-19 Nicolas François <>
* src/gpasswd.c: Change of group password enforces gshadow
password. Set /etc/group password to "x".
2011-11-16 Peter Vrabec <>
* NEWS, src/userdel.c, man/userdel.8.xml: Add option -Z/--selinux-user.
* libmisc/system.c, lib/prototypes.h, libmisc/ Removed
* lib/selinux.c, po/, lib/prototypes.h,
lib/ Added helper functions for semanage.
* NEWS, README, src/useradd.c, src/usermod.c, src/userdel.c, Use libsemanage instead of semanage.
2011-11-16 Peter Vrabec <>
* src/ useradd may need the LIBATTR library.
2011-11-16 Peter Vrabec <>
* libmisc/copydir.c: Ignore perm_copy_file() errors with errno set
2011-11-16 Nicolas François <>
* src/useradd.c: Compilation fix when SHADOWGRP is not enabled.
* libmisc/root_flag.c: Add missing #include <stdio.h>
2011-11-13 Nicolas François <>
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2011-11-12 Nicolas François <>
* src/chage.c, src/chfn.c, src/chgpasswd.c, src/chpasswd.c,
src/chsh.c, src/groupadd.c, src/groupdel.c, src/groupmems.c,
src/groupmod.c, src/newusers.c, src/useradd.c, src/userdel.c,
src/usermod.c: Provide the PAM error
message instead of our own, and log error to syslog.
* src/groupmems.c: Exit with exit rather than fail_exit in usage().
* src/newusers.c: Check the number of arguments.
* src/newusers.c: Do not create the home directory when it is not
* src/useradd.c: Set the group password to "!" rather "x" if there
are no gshadow file.
2011-11-11 Nicolas François <>
* src/pwck.c: Removed pw_opened.
* src/pwck.c: optind cannot be greater than argc.
* src/pwck.c: If spw_opened, then is_shadow is implicitly set.
* src/pwck.c: Do not report passwd entry without x password and a
shadow entry in --quiet mode (no interaction with the caller)
* src/pwck.c: Do not check if the last password change is in the
future if the time is set to 0.
2011-11-11 Nicolas François <>
* libmisc/root_flag.c: Drop privileges before changing root. The
--root option should not be used by regular users for suid utils.
* libmisc/root_flag.c: Improve error messages.
2011-11-11 Nicolas François <>
* src/pwck.c: Compile fix for TCB.
2011-11-11 Nicolas François <>
* libmisc/copydir.c: Avoid conflict with glibc. Rename error to
2011-11-11 Nicolas François <>
* man/newusers.8.xml: Document the optional file argument.
* man/newusers.8.xml: Fix the documentation of the inputs' format.
2011-11-06 Nicolas François <>
* man/groupmod.8.xml: Document that the primary group of users may
be changed by groupmod -g.
2011-11-06 Nicolas François <>
* NEWS, src/newusers.c, man/newusers.8.xml: Add --root option.
2011-11-06 Nicolas François <>
* src/vipw.c: Remove unused variable a.
2011-11-06 Nicolas François <>
* man/generate_mans.mak: The xml-config files do not depend on the
2011-10-31 Nicolas François <>
* src/chage.c, src/chgpasswd.c, src/chpasswd.c, src/chsh.c,
src/faillog.c, src/gpasswd.c, src/groupadd.c, src/groupdel.c,
src/groupmems.c, src/groupmod.c, src/grpconv.c, src/grpunconv.c,
src/lastlog.c, src/newusers.c, src/passwd.c, src/pwconv.c,
src/pwunconv.c, src/su.c, src/useradd.c, src/userdel.c,
src/usermod.c, src/vipw.c: Align and sort options.
2011-10-31 Nicolas François <>
* NEWS, src/pwck.c, man/pwck.8.xm, src/grpck.c, man/grpck.8.xml:
Add --root option.
2011-10-31 Nicolas François <>
* man/limits.5.xml, libmisc/limits.c: Sort limit identifiers.
* libmisc/limits.c: Fix support for the K limit identifier.
* libmisc/limits.c: Add missing default limit for L and U.
2011-10-31 Nicolas François <>
* src/pwck.c, man/pwck.8.xml: Add support for long options.
* src/pwck.c, man/pwck.8.xml: Add -h/--help option
* src/grpck.c, man/grpck.8.xml: Add support for long options.
* src/grpck.c, man/grpck.8.xml: Add -h/--help option
2011-10-30 Nicolas François <>
* src/expiry.c, man/expiry.1.xml: Add support for long options.
* src/expiry.c, man/expiry.1.xml: Add -h/--help option
2011-10-30 Nicolas François <>
* src/chfn.c, man/chfn.1.xml: Add support for long options.
* src/chfn.c, man/chfn.1.xml: Add -u/--help option
* NEWS, src/chfn.c, man/chfn.1.xml: Add --root option.
2011-10-30 Nicolas François <>
* NEWS, src/vipw.c, man/vipw.8.xml: Add --root option.
2011-10-30 Nicolas François <>
* NEWS, src/faillog.c, man/faillog.8.xml: Add --root option.
* NEWS, src/lastlog.c, man/lastlog.8.xml: Likewise.
* src/faillog.c: Add Prog variable, and prefix error messages with
Prog rather than "faillog".
* src/lastlog.c: Likewise.
* src/lastlog.c: Split usage in smaller messages.
2011-10-30 Nicolas François <>
* NEWS, src/chage.c, man/chage.1.xml: Add --root option. Open
audit and syslog after the potential chroot. chage's usage split
in smaller messages.
2011-10-30 Nicolas François <>
* src/login.c: re-indent.
* src/login.c: Fix support for sub-logins.
2011-10-30 Nicolas François <>
* src/faillog.c, src/chage.c, src/newusers.c, src/su.c: The getopt
index of long options is not used.
2011-10-29 Nicolas François <>
* lib/prototypes.h, libmisc/, libmisc/root_flag.c,
po/ Add process_root_flag() to process the --root
option and chroot so that the chroot config is used and changes
are applied to the chroot.
* NEWS, src/useradd.c, man/useradd.8.xml: Add --root option. Open
audit after the potential chroot.
* NEWS, src/userdel.c, man/userdel.8.xml: Add --root option. Open
audit and syslog after the potential chroot. userdel's usage split
in smaller messages.
* NEWS, src/usermod.c, man/usermod.8.xml: Likewise
* NEWS, src/groupadd.c, man/groupadd.8.xml: Add --root option. Open
audit and syslog after the potential chroot.
* src/groupadd.c: Check atexit failures.
* src/groupadd.c: Return E_SUCCESS instead of exit'ing at the end
of main().
* NEWS, src/groupadd.c, man/groupadd.8.xml: Add --root option. Open
audit and syslog after the potential chroot.
* src/groupmod.c: The getopt index of long options is not used.
* src/groupdel.c: Add process_flags().
* src/groupdel.c, man/groupdel.8.xml: Add --help option.
* NEWS, src/groupdel.c, man/groupdel.8.xml: Add --root option. Open
audit and syslog after the potential chroot.
* src/groupdel.c: Check atexit failures.
* NEWS, src/pwconv.c, src/pwunconv.c, src/grpconv.c,
src/grpunconv.c, man/pwconv.8.xml: Add --root option.
* src/pwconv.c, src/pwunconv.c, src/grpconv.c, src/grpunconv.c:
Add --help option.
* src/pwconv.c, src/pwunconv.c, src/grpconv.c, src/grpunconv.c:
Add process_flags() and usage().
* NEWS, src/chpasswd.c, man/chpasswd.8.xml, src/chgpasswd.c,
man/chgpasswd.8.xml: Add --root option.
* src/chpasswd.c, src/chgpasswd.c: The getopt index of long
options is not used.
* NEWS, src/passwd.c, man/passwd.1.xml: Add --root option.
passwd's usage split in smaller messages.
* src/passwd.c: Call sanitize_env() before setting the locales.
* NEWS, src/groupmems.c, man/groupmems.8.xml: Add --root option.
Open syslog after the potential chroot.
* src/groupmems.c: The getopt index of long options is not used.
* NEWS, src/chsh.c, man/chsh.1.xml: Add --root option.
chsh's usage split in smaller messages.
* src/chsh.c: The getopt index of long options is not used.
* NEWS, src/gpasswd.c, man/gpasswd.1.xml: Add --root option.
* src/gpasswd.c: The getopt index of long options is not used.
2011-10-22 Nicolas François <>
* man/ja/, man/fr/, man/ru/,
man/sv/, man/pl/, man/zh_CN/,
man/it/, man/ Include man_nopam in
EXTRA_DIST only when USE_PAM (they are already in man_MANS
2011-10-22 Nicolas François <>
* man/su.1.xml: Document that su -c does not providea controlling
2011-10-18 Nicolas François <>
* src/newusers.c: Fix typo.
* src/useradd.c: Likewise.
* lib/nscd.c: Remove unused variable.
* lib/prototypes.h, libmisc/cleanup.c, lib/spawn.c, src/chage.c:
Add splint annotations.
* src/sulogin.c (main): env is only used when USE_PAM is not set.
2011-10-15 Nicolas François <>
* man/login.defs.d/LOGIN_STRING.xml: Fix typo.
2011-09-18 Nicolas François <>
* lib/prototypes, libmisc/basename.c (Basename): Input is a
constant string.
* lib/prototypes.h, lib/spawn.h, lib/spawn.c, src/userdel.c,
lib/nscd.c, lib/ Delete spawn.h. Move from spawn.h to
* src/userdel.c: Remove unused variables.
* lib/nscd.c: Remove unused header files.
* lib/nscd.c: Add the program name to error messages.
* lib/nscd.c: Indicate when nscd does not terminate normally (signal).
* lib/spawn.c: Updated header.
* lib/spawn.c: Flush stdout and stderr to avoid inheriting from
ongoing buffers.
* lib/spawn.c: Avoid implicit conversion of pointer to boolean.
* lib/spawn.c: Replace perror by a complete message.
* lib/spawn.c: Continue to wait for the child if another child
* lib/prototypes.h: The name field from cleanup_info_mod is a
constant string. (username).
2011-09-18 Nicolas François <>
* libmisc/cleanup.c: Spawn children should no trigger cleanup
actions. Make sure only the parent (initial caller) perform the
cleanup actions.
2011-09-18 Nicolas François <>
* libmisc/salt.c (SHA_salt_rounds): It is statically ensured that
the format fits in rounds_prefix.
* libmisc/loginprompt.c: Likewise.
2011-09-18 Nicolas François <>
* src/grpconv.c: Fail if not called correctly.
* src/grpconv.c: At the end of main, the passwd and shadow files
are locked. No need to check before unlocking. No need to set the
lock as false neither since there cannot be anymore failures.
2011-09-18 Nicolas François <>
* src/chage.c: EPOCH is not needed, it's converted to -1 by
strtoday(). But we need to support "-1" specifically.
* src/chage.c: Fix usage: LOGIN is mandatory.
* src/chage.c: Display disabled expiry or last change as "-1"
instead of 1969-12-31. 1969-12-31 is still supported as input from
the user.
* src/chage.c: Exit cleanly with fail_exit() (lock files were not
2011-09-18 Nicolas François <>
* src/useradd.c: Remove def_file. It was always set to
* src/useradd.c: Fix cut&paste issue causing bad warning when
the useradd.default file contains an invalid INACTIVE= value.
* src/useradd.c: Added missing end of line for rename errors.
* src/useradd.c: Added -D synopsis to the usage message.
* src/useradd.c: Do not scale_age(-1), just use -1.
* src/useradd.c: Added FIXME to be fixed later.
* src/useradd.c: Allow -e -1 when there is no shadow file.
* src/useradd.c: Fail, but do not print the usage message when the
-e argument is not valid.
* src/useradd.c: No need to check for oflg since uflg is
already checked.
2011-09-18 Nicolas François <>
* src/su.c: Too much const were added on 2011-08-15. pw in
save_caller_context() is allocated and freed.
* src/su.c: Added missing #endif indication
* src/su.c (save_caller_context): password only needed if
2011-09-18 Nicolas François <>
* src/usermod.c: date_to_str() is always called with negativ set
to "never", remove this argument.
* src/usermod.c: Added missing cast for gr_free argument.
2011-09-18 Nicolas François <>
* src/pwconv.c: Fail if not called correctly.
* src/pwconv.c: At the end of main, the passwd and shadow files
are locked. No need to check before unlocking.
2011-09-18 Nicolas François <>
* src/newusers.c: Initially set the passwd's password to '*'
instead of 'x'. Only when it is confirmed that a shadow entry is
(will be) added, set the passwd's password to 'x'.
* src/newusers.c: An invalid line is an error. A failure needs to
be reported.
2011-09-18 Nicolas François <>
* src/gpasswd.c: Remove log_gpasswd_success_gshadow(). Writing in
gshadow is the last sub-task.
2011-09-18 Nicolas François <>
* src/chsh.c: No needto remove lines tarting with '#' from
/etc/shells. This is already done by getusershell() and these
shell would fail the access(X_OK) test.
2011-09-18 Nicolas François <>
* man/generate_mans.mak: Fix the generation of translated man
pages. xml2po removed the comment from empty headers and the
config was no more inserted.
2011-09-18 Nicolas François <>
* man/chage.1.xml: The LOGIN argument is not optional.
* man/login.defs.d/QUOTAS_ENAB.xml: Document the dependency
between /etc/limits and QUOTAS_ENAB.
2011-08-20 Nicolas François <>
* po/ Added lib/spawn.c.
2011-08-20 Jonathan Nieder <>
* lib/ Added lib/spawn.c and lib/spawn.h.
* lib/nscd.c, lib/spawn.c, lib/spawn.h: It is not possible to
differentiate between an nscd failure, and a failure to execute
due to no nscd with posix_spawn. Use our own run_command routine.
* src/userdel.c: Use run_command()
2011-08-15 Nicolas François <>
* src/groupmod.c: Ignore return value from snprintf.
* src/groupmod.c: Add static qualifier to the cleanup structures.
* src/groupmod.c: Check atexit failures.
2011-08-15 Nicolas François <>
* src/usermod.c: Do not assign static to NULL.
* src/usermod.c (date_to_str): buf needs to be unique (e.g.
independent from negativ), and is an out buffer.
* src/usermod.c: Ignore return value from snprintf, and force
nul-termination of buffer.
* src/usermod.c: Improve memory management.
* src/usermod.c: An audit bloc was not reachable, moved above on
success to move the home directory.
* src/usermod.c: Ignore close() return value for the mailbox
(opened read only).
2011-08-15 Nicolas François <>
* src/su.c: Added const modifiers.
* lib/prototypes: Synchronize splint annotations.
2011-08-14 Nicolas François <>
* src/su.c: Add splint annotations.
* src/su.c: Set caller_on_console as boolean.
* src/su.c: Ignore return value from fputs (usage) / puts (prompt).
* src/su.c: Improved memory management.
2011-08-14 Nicolas François <>
* src/chgpasswd.c, src/chpasswd.c, src/newusers.c: Replace cflg by
a test on crypt_method.
2011-08-14 Nicolas François <>
* libmisc/chowndir.c: Add splint annotations.
* src/chgpasswd.c: Likewise.
* src/chpasswd.c: Likewise.
* src/newusers.c: Likewise.
* libmisc/salt.c, lib/prototypes.h (crypt_make_salt): Likewise.
2011-08-14 Nicolas François <>
* lib/gshadow_.h: Fix typo in comment.
2011-08-14 Nicolas François <>
* lib/prototypes.h, libmisc/getgr_nam_gid.c: getgr_nam_gid()
returns an allocated structure.
2011-08-14 Nicolas François <>
* src/su.c: Add annotations to indicate that su_failure() does
not return.
2011-07-30 Nicolas François <>
* lib/commonio.c: Display PID as unsigned long.
2011-07-30 Nicolas François <>
* src/useradd.c: Remove unused Zflg.
2011-07-30 Nicolas François <>
* src/chgpasswd.c: Fix typo sp -> sg. sg_namp -> sg_name
* src/chgpasswd.c: Always update the group file when SHADOWGRP is
not enabled.
2011-07-30 Nicolas François <>
* src/newgrp.c: Fix typo in notreached annotation.
2011-07-30 Nicolas François <>
* src/usermod.c: Add annotations to indicate that fail_exit() does
not return.
* src/usermod.c: Fix typo in notreached annotation.
2011-07-30 Nicolas François <>
* libmisc/find_new_uid.c: free (used_uids) on return.
* libmisc/find_new_gid.c: free (used_gids) on return.
2011-07-28 Nicolas François <>
* lib/commonio.c: Fix NIS commit from 2011-07-14.
2011-07-28 Nicolas François <>
* NEWS, src/chpasswd.c: Create a shadow entry if the password is
set to 'x' in passwd and there are no entry in shadow for the
* NEWS, src/chgpasswd.c: Create a gshadow entry if the password is
set to 'x' in group and there are no entry in gshadow for the
2011-07-28 Nicolas François <>
* src/pwunconv.c: Exit after printing usage when arguments or
options are provided.
* src/pwunconv.c: Re-indent.
* src/pwunconv.c: Open the shadow file read only.
* src/grpunconv.c: Exit after printing usage when arguments or
options are provided.
* src/grpunconv.c: Open the gshadow file read only.
2011-07-28 Nicolas François <>
* src/chgpasswd.c: Fix typo.
2011-07-23 Nicolas François <>
* NEWS, src/login.c: Do not log in utmp / utmpx / wtmp when PAM is
enabled. This is already done by pam_lastlog. Note that
pam_lastlog can only log the parent PID, not the PID of the
process forked by login.
2011-07-23 Nicolas François <>
* src/chpasswd.c: Add annotations to indicate that usage() does
not return.
* src/chpasswd.c: Reindent.
* src/chpasswd.c: Remove dead code. No need to set crypt_method
to NULL when it is already NULL. sflg is only set if crypt_method
is not NULL.
2011-07-23 Nicolas François <>
* src/lastlog.c: Add annotations to indicate that usage() does not
2011-07-23 Nicolas François <>
* src/faillog.c: Add annotations to indicate that usage() does not
* src/faillog.c: Fix message: this is faillog, not lastlog.
* src/faillog.c: Check that there are no extra arguments after
parsing the options.
2011-07-23 Nicolas François <>
* src/chgpasswd.c: Add annotations to indicate that usage() does
not return.
* src/chgpasswd.c: Split usage in smaller parts. Those parts are
already translated for chpasswd. Usage is now closer to
* src/chgpasswd.c: Remove dead code. No need to set crypt_method
to NULL when it is already NULL. sflg is only set if crypt_method
is not NULL.
2011-07-23 Nicolas François <>
* src/expiry.c: Remove dead code.
* src/expiry.c: Improve comments.
2011-07-23 Nicolas François <>
* src/grpck.c: Added comments.
* src/grpck.c: Avoid implicit conversion of pointer to boolean.
* src/grpck.c: Remove dead code. argc cannot be lower than optind.
Avoid checking twice in a row for NULL != list[i].
2011-07-22 Nicolas François <>
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Fail in case of
invalid configuration.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Updated
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Be more strict
on the loop stop conditions. Stop if we passed the limit, even if
the limit itself was never noticed.
2011-07-14 Nicolas François <>
* man/po/fr.po: Fix some spacing issues due to configuration
2011-07-14 Nicolas François <>
* src/passwd.c: Overflow when computing the number of days based
on the scaling. Use of long long needed.
2011-07-14 Nicolas François <>
* NEWS, lib/commonio.h, lib/commonio.c: Additional messages to
indicate why locking failed.
* NEWS, lib/commonio.c: Fix the sort algorithm in case of NIS. NIS
entries were dropped.
* lib/commonio.c: NIS entries can start by '+' or '-'.
2011-07-14 Nicolas François <>
* NEWS, src/groupmod.c: When the gshadow file exists but there are
no gshadow entries, an entry is created if the password is changed
and group requires a shadow entry.
2011-07-14 Nicolas François <>
* src/usermod.c: Fix typo in comment.
* src/usermod.c (move_home): It is always an error to use -m if
the new home directory already exist (independently from the
existence of the old home directory did not exist)
* src/usermod.c (process_flags): Report usage if no options are
provided. Update the error message.
* src/usermod.c (process_flags): Check option compatibility and
dependency before options are discarded when no changes are
* src/usermod.c (process_flags): Check for oflg is not needed to
check if changes are needed.
* src/usermod.c: usage() does not return. Add annotations.
* src/usermod.c (update_gshadow): is_member was computed twice.
* src/usermod.c (update_group, update_gshadow): Reduce complexity
and document checks. Some checks were always true/false within
their call context.
* NEWS, src/usermod.c; man/usermod.8.xml: When the shadow file
exists but there are no shadow entries, an entry has to be created
if the password is changed and passwd requires a shadow entry, or
if aging features are used (-e or -f). Document this and also that
-e and -f require a shadow file.
* man/usermod.8.xml: Document behavior of an empty EXPIRE_DATE.
* man/usermod.8.xml: Document that the mail spool might have to be
renamed (as for the homedir)
* src/usermod.c (new_pwent): Document that pw_locate will not fail
because getpwnam returned successfully.
* src/usermod.c (process_flags): Do not display the usage in case
of an invalid -f value (similar to -e).
* src/usermod.c (process_flags): Indicate that the user name is
invalid, instead of just a 'field'.
2011-07-08 Nicolas François <>
* src/groupadd.c: Fix typo in comment.
* src/userdel.c: Fix typo from 2011-06-04. Report failure on the
mailfile instead of user_home.
* lib/fields.c: Fixed typo from 2010-02-15. field instead of cp
ought to be checked.
* src/vipw.c: Use Prog instead of progname. This is needed since
Prog is used in the library.
* Fix typo. libcrack default is 'no'.
* src/groupmod.c: Avoid implicit conversion of pointer to boolean.
* src/groupmod.c: osgrp can be set only if pflg || nflg. No need
to check for pflg || nflg again
2011-07-08 Nicolas François <>
* man/*.xml, man/ Add source and version
information. This reduce the amount of warnings during the
manpages generation.
2011-06-25 Nicolas François <>
* man/passwd.1.xml: Added reference to chpasswd(8).
* man/po/ru.po: Add space between option and argument.
2011-06-16 Francisco Javier Cuadrado <>
* po/es.po: Spanish translation
2011-06-16 Nicolas François <>
* libmisc/isexpired.c: Added parenthesis.
* libmisc/env.c: Added comments.
* libmisc/env.c: Avoid implicit conversion of pointer to boolean.
2011-06-16 Nicolas François <>
* src/su.c: environ is provided by <unistd.h>.
* src/su.c: Added function prototypes.
* src/su.c: Rename shellstr parameter to shellname to avoid
collision with static variable.
* NEWS, src/su.c: Added support for PAM modules which change
2011-06-13 Nicolas François <>
* src/su.c (prepare_pam_close_session): Extract the creation of a
child and listening for signal in the parent from run_shell().
prepare_pam_close_session() is now executed before the creation of
the pam session and before the UID is changed. This allows to
close the session as root.
* src/su.c: Also drop the controlling terminal when PAM is not
* src/su.c: Remove run_shell().
* src/su.c: After prepare_pam_close_session() there is no need to
close the session in the child. Added pam_setcred to
2011-06-12 Nicolas François <>
* src/su.c (save_caller_context): Extract from main() the code
used to save the caller's context.
* src/su.c: Split check_perms() in to a PAM (check_perms_pam) and
a non-PAM (check_perms_nopam) version.
* src/su.c: Cleanup check_perms_nopam().
* src/su.c: Merge environment setting blocks after the creation of
the session.
* src/su.c: Close the password databases together with syslog.
* src/su.c: Extract command line processing from main().
* src/su.c: Extract export of environment from main().
2011-06-10 Nicolas François <>
* src/su.c: Group some of the environment processing blocks. The
definition of shellstr, PATH and IFS is not influenced (getenv,
getdef, restricted_shell) by and does not influence (addenv does
not change environ) the authentication. And the authentication
did not overwrite those definitions. This will ease an extraction
from the big main() function.
* src/su.c: Move definition of change_environment and shellstr
after the switch to the final subsystem. The previous architecture
forced to always change the environment (the shell starts with a
'*' and was thus restricted, and change_environment could not be
reset to false).
* src/su.c: No need to change the user's shell in case of
subsystem root. Update the comments.
* src/su.c: Define shellstr before the environment so that
restricted_shell is called only once. This will allow moving the
environment definition after the switch to the new user.
* src/su.c: Extract the authentication from the main function.
* lib/prototypes.h, src/suauth.c, src/su.c (check_su_auth): Do not
use the pwent global variable to communicate between APIs of
different files. Added boolean parameter su_to_root to
* src/su.c (check_perms): Return the passwd entry of the finally
authenticated user. Remove usage of the pwent variable.
* src/su.c: The password of the caller is the one from the
spwd structure only if the passwd's password is 'x'.
* src/su.c: Cleanup local variables.
2011-06-10 Nicolas François <>
* src/su.c: Updating pwent after expire() is not useful. Only the
password information may have changed and they are not used
anymore afterwards.
* src/su.c: No need to call expire() if there are no shadow entry.
No need to convert a passwd entry into an spwd entry in that case.
2011-06-12 Thomas Blein <>
* man/po/fr.po: French manpages translation
2011-06-05 Nicolas François <>
* NEWS, src/su.c: Do not forward the controlling terminal to
commands executed with -c. This prevents tty hijacking which could
lead to execution with the caller's privileges. This required to
forward signals from the terminal (SIGINT, SIGQUIT, SIGTSTP) to
the executed command.
2011-06-05 Nicolas François <>
* NEWS, src/userdel.c: Do not remove a group with the same name as
the user (usergroup) if this group isn't the user's primary group.
2011-06-04 Nicolas François <>
* NEWS, src/userdel.c: Check the existence of the user's mail
spool before trying to remove it. If it does not exist, a warning
is issued, but no failure.
2011-06-03 Nicolas François <>
* src/sulogin.c: Added Prog, needed because of the last xmalloc()
2011-06-03 Nicolas François <>
* man/zh_CN/, man/zh_CN/ Added directory, and zh_CN
* man/ Build zh_CN pages.
* man/generate_translations.mak: Add config.xml to CLEANFILES.
* man/po/zh_CN.po: limits, groups, faillog, expiry should not be
translated (command name, file name), also this broke the build
system as they are used to derive manpage names.
2011-06-02 Peter Vrabec <>
* src/lastlog.c, src/faillog.c: Fix underflows causing wrong entry
to be displayed.
2011-06-02 Nicolas François <>
* libmisc/xmalloc.c: Harmonize message.
2011-06-02 Peter Vrabec <>
* libmisc/find_new_uid.c, libmisc/find_new_gid.c: Add missing
memory allocation check.
2011-06-02 Cal Peake <>
* NEWS, libmisc/addgrps.c: Fix allocator loop. Continue to
getgroups() when getgroups fails (-1) with errno==EINVAL.
2011-06-01 Simon Brandmair <>
* man/newusers.8.xml, man/suauth.5.xml, man/suauth.5.xml,
man/logoutd.8.xml, man/chgpasswd.8.xml, man/groups.1.xml,
man/faillog.5.xml, man/login.defs.d/MD5_CRYPT_ENAB.xml,
Fix typos
* man/po/de.po: German translation of manpages completed
2011-05-23 Innocent De Marchi <>
* po/ca.po: Catalan translation completed
2011-04-22 Miguel Figueiredo <>
* po/pt.po: Portuguese translation completed
2011-04-22 Thomas Blein <>
* po/fr.po: French translation completed
2011-04-16 Holger Wansing <>
* po/de.po: German translation completed
2011-04-15 Fred Maranhão <>
* po/pt_BR.po: Brazilian Portuguese translation completed
2011-04-10 Yuri Kozlov <>
* po/ru.po: Russian translation completed
2011-04-07 Daniel Nylander <>
* po/sv.po: Swedish translation completed
2011-04-07 Joe Dalton <>
* po/da.po: Danish translation completed
2011-04-05 Timur Birsh <>
* po/kk.po: Kazakh translation completed
2011-04-05 NAKANO Takeo <>
* po/ja.po: Japanese translation completed
2011-03-30 YunQiang Su <>
* man/po/zh_CN.po: convert Simplified Chinese translation
of manpages to gettext
* po/zh_CN.po: Simplified Chinese translation completed
2010-02-15 Nicolas François <>
* man/ru/ Remove double inclusion of $(man_nopam)
2010-02-15 Nicolas François <>
* libmisc/user_busy.c, src/userdel.c, src/usermod.c: Warn in
user_busy() rather than in src/userdel.c or src/usermod.c to
provide more accurate failure cause (user is logged in or user
still executes processes).
2010-02-15 Nicolas François <>
* lib/groupio.c, lib/sgroupio.c, lib/shadowio.c, lib/pwio.c: Check
entry validity before commits to databases.
* libmisc/fields.c, libmisc/, lib/fields.c,
lib/, po/ fields.c moved from libmisc to
* lib/fields.c: Fail if input pointer is NULL.
2010-02-13 Nicolas François <>
* NEWS, src/chfn.c, src/chsh.c: Fix CVE-2011-0721: forbid \n in
gecos or shell.
2011-02-12 Nicolas François <>
* Restore original autoreconf (see 2010-08-29's change
*, man/po/, man/po/ replaced by to avoid config.status
issues when there are multiple po directories.
* man/po/LINGUAS: Adapted to above change.
* man/po/, man/po/XMLFILES: replaced by
* man/ generate_mans.deps shall be included by make,
not automake.
2010-11-19 Nicolas François <>
* NEWS, libmisc/console.c: Fix CONSOLE parser. This caused login
to hang when CONSOLE was configured with a colon separated list of
TTYs. See
2010-09-05 Nicolas François <>
Integrate review comments from Julien Cristau
* libmisc/copydir.c: Missing parenthesis in comment.
* libmisc/chowndir.c: Fixed memory leak on failed realloc().
* libmisc/chowndir.c: Make sure the buffer for the path is large
* libmisc/remove_tree.c: Remove check for NULL before free().
2010-08-29 Nicolas François <>
* man/po/fr.po: Fix 2 fuzzy strings.
2010-08-29 Nicolas François <>
* NEWS, src/usermod.c: Accept options in any order (username not
necessarily at the end)
2010-08-29 Nicolas François <>
* Expand autoreconf to avoid running autopoint.
2010-08-29 Nicolas François <>
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2010-08-28 Brian M. Carlson <>
* man/chsh.1.xml: Fix comma splice.
2010-08-28 Nicolas François <>
* lib/protoypes.h, libmisc/copydir.c, src/useradd.c:
selinux_file_context renamed set_selinux_file_context.
* lib/protoypes.h, libmisc/copydir.c, src/useradd.c:
Added reset_selinux_file_context.
* src/useradd.c: Check the return value of
set_selinux_file_context and reset_selinux_file_context.
* libmisc/copydir.c: Check the return value of
2010-08-28 Nicolas François <>
* src/su.c: Fix handling of environment variables when
the environment is not changed. In particular, this makes su
behave as documented regarding PATH and IFS (i.e. they are reset)
when -p is provided.
2010-08-28 Nicolas François <>
* man/su.1.xml: Fix typo.
2010-08-22 Nicolas François <>
* src/newgrp.c, src/userdel.c, src/grpck.c, src/gpasswd.c,
src/newusers.c, src/pwconv.c, src/chpasswd.c, src/logoutd.c,
src/chfn.c, src/groupmems.c, src/usermod.c, src/pwunconv.c,
src/expiry.c, src/groupdel.c, src/chgpasswd.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/chage.c,
src/groupadd.c, src/login.c, src/grpconv.c, src/groups.c,
src/grpunconv.c, src/chsh.c: Prog changed to a constant string.
2010-08-22 Nicolas François <>
* libmisc/limits.c: Avoid implicit conversion of integer to
* libmisc/basename.c: Avoid implicit conversion of pointer to
* libmisc/basename.c, lib/prototypes.h (Basename): Return a
constant string.
* libmisc/basename.c, libmisc/obscure.c, lib/prototypes.h,
libmisc/xmalloc.c, libmisc/getdate.h, libmisc/system.c,
libmisc/getgr_nam_gid.c, libmisc/failure.c, libmisc/valid.c: Add
splint annotations.
* libmisc/chowndir.c: Avoid memory leak.
* libmisc/chowndir.c: Do not check *printf/*puts return value.
* libmisc/chowntty.c: Avoid implicit conversion between integer
* libmisc/obscure.c: Return a bool when possible instead of int.
* libmisc/shell.c: Do not check *printf/*puts return value.
* libmisc/shell.c: Do not check execle return value.
* libmisc/setupenv.c: Avoid implicit conversion between integer
* libmisc/xmalloc.c: size should not be zero to avoid returning
NULL pointers.
* libmisc/hushed.c: Do not check *printf/*puts return value.
* libmisc/system.c: Avoid implicit conversion of integer to
boolean. safe_system last argument is a boolean.
* libmisc/system.c: Check return value of dup2.
* libmisc/system.c: Do not check *printf/*puts return value.
* libmisc/system.c: Do not check execve return value.
* libmisc/salt.c: Do not check *printf/*puts return value.
* libmisc/loginprompt.c: Do not check gethostname return value.
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check
gr_rewind/pw_rewind return value.
* libmisc/ttytype.c: Limit the number of parsed characters in the
sscanf format.
* libmisc/ttytype.c: Test if a type was really read.
* libmisc/sub.c: Do not check *printf/*puts return value.
* libmisc/sub.c: Avoid implicit conversion of integer to boolean.
* src/userdel.c: Fix typo in comment.
* src/userdel.c: Avoid implicit conversion of boolean to integer.
* src/userdel.c: safe_system last argument is a boolean.
* src/newusers.c: Avoid implicit conversion of boolean to integer.
* src/newusers.c: Avoid implicit conversion of integer to boolean.
* src/usermod.c: Add brackets.
* src/usermod.c: Avoid implicit conversion of characters or
integers to booleans.
* src/vipw.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Avoid implicit conversion of integer to boolean.
* src/su.c: Add brackets.
* src/useradd.c: Avoid implicit conversion of characters or
integers to booleans.
2010-08-22 Nicolas François <>
* libmisc/obscure.c, lib/prototypes.h (obscure): Return a bool
instead of an int.
* libmisc/obscure.c, libmisc/tz.c, src/passwd.c, lib/encrypt.c,
libmisc/copydir.c, lib/prototypes.h: Add splint annotations.
* libmisc/tz.c: Fix some const issues.
* libmisc/tz.c: Avoid multi-statements lines.
* libmisc/tz.c: Add brackets.
* libmisc/copydir.c: Do not check *printf/*puts return value.
* libmisc/copydir.c: Fail if we cannot set or reset the SELinux
fscreate context.
* libmisc/copydir.c: Use xmalloc instead of malloc.
* libmisc/copydir.c: Do not check lutimes return value
* src/vipw.c: Avoid implicit conversion of integer to boolean.
* src/su.c (iswheel): Return a bool instead of an int.
* src/passwd.c: Remove insert_crypt_passwd(). Use xstrdup instead.
* src/passwd.c: Return constant strings when sufficient.
* src/passwd.c: Do not check *printf/*puts return value.
* src/passwd.c: Avoid implicit conversion of character to boolean.
* src/passwd.c: Do not check sleep return value.
* src/sulogin.c: Do not check *printf/*puts return value.
* lib/encrypt.c: Do not check fprintf return value.
2010-08-21 Nicolas François <>
* src/passwd.c: Fix a const issue.
* src/passwd.c: Avoid multi-statements lines.
* src/sulogin.c: Fix a const issue.
2010-08-21 Nicolas François <>
* libmisc/copydir.c, lib/prototypes.h: Caller can choose not to
copy the extended attributes (the SELinux context is hence reset)
* src/usermod.c: Copy the extended attributes.
* src/useradd.c: Only reset the SELinux context.
2010-08-21 Nicolas François <>
* Fixed typo.
2010-08-21 Nicolas François <>
* libmisc/console.c, libmisc/motd.c, libmisc/setupenv.c,
libmisc/sulog.c, libmisc/hushed.c, libmisc/failure.c,
libmisc/loginprompt.c, libmisc/ttytype.c, libmisc/obscure.c,
libmisc/pam_pass_non_interractive.c, src/userdel.c, src/login.c,
lib/commonio.c, lib/commonio.h, libmisc/setugid.c,
libmisc/setupenv.c: Fix some const issues.
* libmisc/motd.c: Avoid multi-statements lines.
* libmisc/motd.c: Support long MOTD_FILE.
* libmisc/list.c, lib/prototypes.h: Revert previous change.
dup_list and is_on_list are used with members as defined for the
group structure, and thus even if the list is not modified, the
list elements cannot be constant strings.
* libmisc/system.c: Avoid C++ comments.
* src/vipw.c: WITH_TCB cannot be tested inside a gettextized
string. Split the Usage string.
* lib/commonio.h: Re-indent.
2010-08-21 Nicolas François <>
* libmisc/audit_help.c (audit_logger):pgname is not used. We let
audit find out the name of the program.
* libmisc/audit_help.c: Re-indent.
2010-08-20 Nicolas François <>
* lib/groupio.c: Avoid implicit conversion from signed to unsigned.
2010-08-20 Nicolas François <>
* lib/commonio.c: Make sure there are no NULL pointer dereference.
2010-08-20 Nicolas François <>
* libmisc/remove_tree.c: Ignore snprintf return value.
2010-08-20 Nicolas François <>
* lib/prototypes.h, libmisc/list.c: dup_list() and is_on_list() do
not change the members of the list they receive. Added const
2010-08-20 Nicolas François <>
* src/usermod.c: Re-indent.
2010-08-20 Nicolas François <>
* lib/commonio.c: Avoid multi-statements lines.
2010-08-20 Nicolas François <>
* man/po/fr.po: Fix a typo.
2010-06-24 Baurzhan Muftakhidinov <>
* NEWS, po/kk.po: Updated Kazakh translation.
2010-04-12 Nicolas François <>
* man/po/fr.po: Fix some typos. Minor updates: 886t70f187u.
2010-04-12 Nicolas François <>
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2010-04-05 Nicolas François <>
* man/newusers.8.xml, man/useradd.8.xml, man/groupadd.8.xml,
man/login.defs.d/UMASK.xml, man/login.defs.d/CREATE_HOME.xml,
man/login.defs.d/LOGIN_RETRIES.xml: Fix typos: choosen, overriden,
2010-04-04 Nicolas François <>
* man/usermod.8.xml: Document changes of ownerships.
2010-04-04 Nicolas François <>
* man/vipw.8.xml: Fix formatting typo.
* man/vipw.8.xml: Document the login.defs parameters only when tcb
is enabled.
2010-04-04 Nicolas François <>
* src/useradd.c: spool is a constant string.
* src/useradd.c: Set the new copy_tree's paramater 'copy_root' to false
2010-04-04 Nicolas François <>
* src/usermod.c: move_home() is only called if mflg is set.
* src/usermod.c: Fail is -m is provided but the old home directory
is not a directory.
* src/usermod.c: Use the previous improvement of copy_tree to
provide better error diagnosis.
* src/usermod.c: When rename() is used, also change the ownership.
* src/usermod.c: Do not change the ownership of the root directory
* src/usermod.c: When -u is provided, only change the ownership of
the home directory if it is a directory.
* src/usermod.c: Also change ownerships when -g is used.
2010-04-04 Nicolas François <>
* lib/prototypes.h, libmisc/copydir.c: Add the old UID and GID to
copy_tree to detect when ownership shall be changed.
* libmisc/copydir.c: Document the behavior when the IDs are set to
* lib/prototypes.h, libmisc/copydir.c (copy_tree): Add parameter
* libmisc/copydir.c: error() and ctx can be static.
* libmisc/copydir.c (copy_hardlink): Remove parameter src.
2010-04-04 Nicolas François <>
* libmisc/chowndir.c: Dynamically allocate memory to support
path longer than 1024 characters.
* libmisc/chowndir.c: Fix typos in documentation.
* libmisc/chowndir.c: Support and document the behavior when a old
or new ID is set to -1.
* libmisc/chowndir.c: Improved error detection when chown fails.
* libmisc/chowndir.c: Harmonize error handling strategy when an
error occurs: stop changing ownership as soon as an error was
2010-04-03 Nicolas François <>
* man/hu/passwd.5: Fix formatting typo.
* man/id/login.1: Likewise.
2010-03-31 Nicolas François <>
* man/vipw.8.xml: When TCB is enabled, vipw uses login.defs.
2010-03-31 Nicolas François <>
* NEWS, libmisc/copydir.c: When a hardlink is detected, the
original hardlink should not be removed.
2010-03-30 Nicolas François <>
* po/, libmisc/, lib/prototypes.h,
libmisc/remove_tree.c, libmisc/copydir.c: Split remove_tree()
outside of copydir.c to avoid linking against libacl or libattr.
2010-03-30 Nicolas François <>
* src/su.c: shell's name must be -su when a su fakes a login.
2010-03-30 Nicolas François <>
* NEWS,, libmisc/copydir.c, man/useradd.8.xml,
man/usermod.8.xml, src/ Added support for ACLs and
Extended Attributes.
2010-03-30 Nicolas François <>
* libmisc/copydir.c: Document the sections closed by #endif
2010-03-27 Nicolas François <>
* man/vipw.8.xml: Add section ENVIRONMENT.
2010-03-26 Nicolas François <>
* etc/login.defs: Updated description of UMASK to indicate its
usage by pam_umask.
* man/login.defs.d/UMASK.xml: Likewise.
2010-03-25 Nicolas François <>
* man/login.1.xml: login does not check for new mails in PAM
enabled versions. This is done by pam_mail.
2010-03-25 Nicolas François <>
* NEWS, src/chpasswd.c, man/chpasswd.8.xml, man/login.defs.5.xml:
PAM enabled versions: restore the -e option to allow restoring
passwords without knowing those passwords. Restore together the -m
and -c options.
2010-03-23 Nicolas François <>
* src/su.c, src/vipw.c, src/newgrp.c: When the child is
interrupted, stop ourself with a SIGSTOP signal.
2010-03-23 Nicolas François <>
* src/newgrp.c: Limit the scope of variable pid.
* src/login_nopam.c: Limit the scope of variables end, lineno, i,
* src/logoutd.c: Limit the scope of variable c.
* src/vipw.c: Re-indent.
* src/vipw.c: Close the file after the creation of the backup.
* src/useradd.c (set_default): Close input file on failure.
* src/useradd.c: Limit the scope of variables spool, file, fd, gr,
gid, mode.
* src/passwd.c: Limit the scope of variables last and ok.
* src/chage.c: Fix typo (non breaking space).
* src/login.c: Limit the scope of variables erasechar killchar, c,
* src/groups.c: Limit the scope of variable ngroups, pri_grp, i.
* src/id.c: Limit the scope of variable i.
2010-03-22 Nicolas François <>
* lib/utent.c (getutline): Remove getutline(). This function is
no more used.
* lib/groupmem.c: Limit the scope of variable i.
* lib/shadow.c: Avoid implicit conversion of pointers and integers
to booleans.
* lib/shadow.c: Added brackets.
* libmisc/limits.c: Limit the scope of variable tmpmask.
* libmisc/copydir.c: Close opened file on failure.
* libmisc/loginprompt.c: Limit the scope of variable envc.
* libmisc/find_new_uid.c, libmisc/find_new_gid.c: Limit the scope
of variable id.
2010-03-21 Nicolas François <>
* libmisc/find_new_gid.c, libmisc/find_new_uid.c: Detect some
misconfigurations of UID_MIN, UID_MAX, SYS_UID_MIN, SYS_UID_MAX (and
the GID equivalents)
2010-03-20 Nicolas François <>
* NEWS, Next version will be 4.1.5.
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2010-03-20 Nicolas François <>
* libmisc/limits.c: Re-indent to make pmccabe happy.
2010-03-20 Nicolas François <>
* man/generate_translations.mak, man/generate_mans.mak: Fix
distcheck. All manpages generation code shall be enclosed in
2010-03-20 Nicolas François <>
* man/useradd.8.xml: Do not document the features which are not
* man/useradd.8.xml: Fix typo: -u was meant instead of -o.
* man/useradd.8.xml: Document that the default behavior depends on
2010-03-20 Nicolas François <>
* lib/groupio.c: Fix memory management insplit_groups().
2010-03-20 Nicolas François <>
* libmisc/strtoday.c: Empty dates indicate a disabled date, this is
not an error.
2010-03-19 Nicolas François <>
* src/useradd.c, lib/commonio.c, po/ Fix typos.
* libmisc/limits.c: Removed unused variable.
2010-03-19 Nicolas François <>
* lib/commonio.c: Stop sorting entries when we reach the first
NIS line.
2010-03-18 Nicolas François <>
* src/chsh.c: Even for root, warn if an invalid shell is
specified. Alioth#311305
2010-03-18 Nicolas François <>
* man/limits.5.xml: Document the selection of the limits when
multiple lines match the user.
2010-03-18 Nicolas François <>
* libmisc/limits.c: Re-indent.
* libmisc/limits.c: Reformat the documentation. Avoid personal
* man/limits.5.xml: Document the new features.
2010-03-18 Thomas Orgis <>
* NEWS, libmisc/limits.c: Fix parsing of limits.
* NEWS, libmisc/limits.c: Add support for infinite limits.
* NEWS, libmisc/limits.c: Add support for @group syntax.
2010-03-18 Nicolas François <>
* lib/tcbfuncs.h: Re-indent.
* lib/tcbfuncs.h: Explicitly indicate function taking a void
2010-03-18 Nicolas François <>
* src/useradd.c: When exiting because of a failure, warn if an
home directory created, but cannot be removed.
2010-03-18 Nicolas François <>
* libmisc/chowndir.c: Re-indent.
* libmisc/chowndir.c: Avoid assignment in comparisons.
* libmisc/chowndir.c: Added brackets and parenthesis.
2010-03-18 Nicolas François <>
* libmisc/strtoday.c: Add support for numerical dates, assuming
they are already specified in number of days since Epoch. Return
-2 in case of errors to support the specification of -1.
* src/usermod.c, src/useradd.c: Adapt to the new error value of
* src/chage.c: Remove isnum(). Adapt to the new error value of
strtoday(). Support for numerical dates is moved to strtoday().
2010-03-18 Nicolas François <>
* man/po/fr.po: Harmonize name of parameters.
2010-03-18 Nicolas François <>
* NEWS: Indicate which tools support TCB.
2010-03-18 Nicolas François <>
* src/pwck.c: Unlock the password and shadow files when there is a
failure to prepare the update in memory.
2010-03-18 Nicolas François <>
* src/pwck.c: Only log to SYSLOG when acting on system files.
2010-03-18 Nicolas François <>
* src/pwck.c: Document the sections closed by #endif
* src/pwck.c, man/pwck.8.xml: No alternative shadow file can be
given when USE_TCB is enabled.
* src/pwck.c: Remove the -s option from the usage when USE_TCB is
enabled. The option is still supported, but has no effect, as
documented in the manpage.
2010-03-18 Nicolas François <>
* src/pwck.c: Do not use pwd_file and spw_file. Always use the
dbname() functions.
2010-03-18 Nicolas François <>
* src/pwck.c: Re-indent.
2010-03-18 Nicolas François <>
* src/userdel.c, src/usermod.c, src/vipw.c, src/useradd.c,
src/pwck.c, src/chage.c, lib/shadowio.c: Explicitly use the
SHADOWTCB_FAILURE return code instead of 0 or implicit conversion
to booleans.
2010-03-18 Paweł Hajdan, Jr. <>
* src/pwck.c: Add support for TCB.
* src/pwck.c: Use spw_dbname() instead of spw_file since TCB
changes from a file to another depending on the user. Also use
pw_dbname() for consistency.
2010-03-17 Nicolas François <>
* src/faillog.c: Re-indent.
2010-03-17 Nicolas François <>
* lib/tcbfuncs.h: Added type shadowtcb_status.
* lib/tcbfuncs.h, lib/tcbfuncs.c: Return a shadowtcb_status
instead of an int.
* lib/tcbfuncs.c: Do not return in OUT_OF_MEMORY.
* lib/tcbfuncs.c: Only FreeBSD specify that the returned buffer is
NULL in case of failure. The return value of asprintf shall be
* lib/tcbfuncs.c: Avoid implicit conversion of pointers or
integers to booleans.
* lib/tcbfuncs.c: Avoid assignments in comparisons.
* lib/tcbfuncs.c: Do not free path before its last use.
* lib/tcbfuncs.c: Include shadowio.h, needed for the
spw_setdbname's prototype.
* lib/tcbfuncs.c: Ignore fflush() return value.
* lib/tcbfuncs.c: Avoid implicit signed to unsigned conversions.
* lib/tcbfuncs.c: Avoid integer to char conversions.
* lib/tcbfuncs.c: Include prototypes.h for the definition of Prog.
* lib/tcbfuncs.c: Removed dead return.
* lib/tcbfuncs.c: move_dir() and shadowtcb_move() need a non NULL
* lib/tcbfuncs.c: Avoid implicit int to mode_t conversion.
* lib/tcbfuncs.c: Added brackets and parenthesis.
* lib/tcbfuncs.c: Re-indent.
2010-03-17 Nicolas François <>
* lib/commonio.c: Avoid implicit conversion of pointers to
* lib/commonio.c: Ignore the return value of close when a
failure is reported.
2010-03-16 Nicolas François <>
* man/faillog.8.xml: Document the behavior in display mode of the
-a option.
* NEWS, man/faillog.8.xml, src/faillog.c: Extend the -a option to
the non-display mode. This changes the default behavior of the -l,
-m, -r, -t options when -a is not specified (restrict to existing
2010-03-15 Nicolas François <>
* man/chage.1.xml, man/login.defs.5.xml, man/pwck.8.xml,
man/pwconv.8.xml, man/useradd.8.xml, man/userdel.8.xml,
man/usermod.8.xml, man/vipw.8.xml: Document the usage of the
* man/pwconv.8.xml, man/pwck.8.xml: Document the behavior when
USE_TCB is enabled.
2010-03-15 Nicolas François <>
* po/, lib/tcbfuncs.c: Add more strings for
* lib/tcbfuncs.c: Indicate the name of the program in error
messages. Avoid perror.
* src/useradd.c: Re-indent.
* src/useradd.c: Add more strings for translation. Indicate the
name of the program in error messages.
* src/userdel.c: Re-indent.
* src/userdel.c: Add more strings for translation. Indicate the
name of the program in error messages.
2010-03-15 Nicolas François <>
* src/usermod.c: user_newname and user_newid cannot be used to
test if the username or ID is changed. lflg and uflg should be
used instead.
2010-03-15 Nicolas François <>
* src/userdel.c: Avoid perror. Give more verbose warnings.
2010-03-11 Nicolas François <>
* man/ Indicate that man/generate_mans.deps is
2010-03-11 Nicolas François <>
* lib/commonio.c: Re-indent.
* lib/commonio.c: Document the sections closed by #endif
* lib/commonio.c: Added brackets.
* lib/commonio.c: Avoid implicit conversion of integer to
2010-03-11 Nicolas François <>
* src/userdel.c: Re-indent.
* src/userdel.c: Added brackets.
* src/userdel.c: Avoid implicit conversion of pointers to
2010-03-11 Nicolas François <>
* lib/shadowio.c: Re-indent.
* lib/shadowio.c: Added brackets and parenthesis.
* lib/shadowio.c: Document the sections closed by #endif
* lib/shadowio.c: Avoid negation of comparisons.
* lib/shadowio.c: Avoid implicit conversion of integer to booleans
and booleans to integers.
2010-03-11 Nicolas François <>
* src/useradd.c: Re-indent.
* src/useradd.c: Added brackets.
* src/useradd.c: Avoid implicit conversion of integers to
* src/useradd.c: Harmonize error messages.
2010-03-11 Nicolas François <>
* src/vipw.c: Document the sections closed by #endif
* src/vipw.c: Avoid implicit conversion of pointers or integers to
* src/vipw.c: Added brackets and parenthesis.
* src/vipw.c: Limit the definition of some variables and macros to
the WITH_TCB scope.
* src/vipw.c: Avoid assignment in comparisons.
* src/vipw.c: Replace PASSWD_FILE (resp. GROUP_FILE and
SGROUP_FILE) by pw_dbname () (resp. gr_dbname () and sgr_dbname ()).
This is more consistent with the shadow file handling and may be
useful to allow edition of another partition's files.
2010-03-11 Nicolas François <>
* src/usermod.c: Re-indent.
* src/usermod.c: Avoid implicit conversion of pointers to
* src/usermod.c: Added parenthesis.
2010-03-11 Nicolas François <>
* src/pwunconv.c: Only check USE_TCB if configured WITH_TCB.
2010-03-10 Nicolas François <>
* src/userdel.c: Re-indent.
* src/userdel.c: Avoid implicit conversion of pointers to
* src/userdel.c: Document the sections closed by #endif
2010-03-10 Nicolas François <>
* src/pwconv.c: Only check USE_TCB if configured WITH_TCB.
2010-03-10 Nicolas François <>
* libmisc/copydir.c: Added parenthesis.
2010-02-14 Michael Bunk <>
* NEWS, lib/gshadow.c: Fix parsing of gshadow entries.
2010-01-30 Paweł Hajdan, Jr. <>
* NEWS: Add support for TCB.
* lib/tcbfuncs.h, lib/tcbfuncs.c, lib/ New library to
support TCB.
* lib/prototypes, libmisc/copydir.c (remove_tree): Add boolean
parameter remove_root.
* Add conditional WITH_TCB.
* src/userdel.c, src/usermod.c: Add support for TCB. Update call to
* src/pwconv.c, src/pwunconv.c: Should not be used with TCB enabled.
* src/vipw.c: Add support for TCB. Update call to remove_tree().
* src/useradd.c: Add support for TCB. Open the shadow file outside
of open_files().
* src/chage.c: Add support for TCB.
* src/ Install passwd sgid shadow when TCB is enabled.
* lib/getdefs.c, man/vipw.8.xml, man/login.defs.5.xml,
man/login.defs/TCB_AUTH_GROUP.xml, man/login.defs/USE_TCB.xml,
man/login.defs/TCB_SYMLINKS.xml, man/generate_mans.mak,
man/generate_mans.deps, man/ New configuration
* lib/shadowio.c, lib/commonio.c: Add support for TCB.
2010-01-24 Nicolas François <>
* libmisc/env.c: Fix sanitize_env() noslash support. This fixes
2010-01-24 Nicolas François <>
* src/su.c: Do not sanitize the environment. This breaks
--preserve-environment. This sanitation was disabled on Debian
since quite some time with no reported issues, and sanitize_env()
documentation agrees that it should be useless as all modern
Unixes will handle setuid executables properly. This fixes
2010-01-24 Nicolas François <>
* libmisc/setupenv.c: Fix typo from 2009-11-01.
2010-01-24 Paweł Hajdan, Jr. <>
* Add support for TCB in Actual TCB
support will follow.
2009-11-05 Nicolas François <>
* NEWS, src/groupmod.c: Fixed groupmod when configured with
2009-11-01 Nicolas François <>
* NEWS, man/login.defs.d/ENV_SUPATH.xml, libmisc/setupenv.c:
Harmonize other paths and documentation with previous
2009-11-01 Michel Hermier <>
* src/su.c: Set the default ENV_SUPATH to
/sbin:/bin:/usr/sbin:/usr/bin (i.e. PATH when no ENV_SUPATH is
2009-10-15 Thorsten Kukuk <>
* src/faillog.c, man/faillog.8.xml: Harmonize long option in code
and documentation. Use --lock-secs instead of --lock-time.
2009-10-05 Miroslav Kure <>
* po/cs.po: updated to 412t
2009-09-29 Clytie Siddall <>
* po/vi.po: updated to 412t
2009-09-27 Miroslav Kure <>
* po/cs.po: updated to 411t1f
2009-09-24 Christian Perrier <>
* man/po/fr.po: Updated French translation to 835t99f165
2009-09-24 Clytie Siddall <>
* po/vi.po: updated to 348t30f34u
2009-09-08 Nicolas François <>
* lib/commonio.c: Avoid pre-decrement operator (--n). Add some
* libmisc/cleanup.c: Fix off by one in an assertion.
2009-09-08 Nicolas François <>
* src/su.c: Fix indentation.
* src/su.c: Add more messages for translation.
* src/su.c: Ignore kill() return value when sending the TERM
signal. If it fails, a KILL should be sent anyway.
2009-09-08 Nicolas François <>
* NEWS, src/su.c: When su receives a signal, wait for the child to
terminate (after sending a SIGTERM), and kill it only if it did
not terminate by itself. No delay will be enforced if the child
cooperates. See
* NEWS, man/su.1.xml: Document su's exit values.
2009-09-08 Nicolas François <>
* src/useradd.c: The default value for the CREATE_MAIL_SPOOL
variable (i.e. if CREATE_MAIL_SPOOL= is specified without any
values) is "no", not DCREATE_MAIL_SPOOL ("CREATE_MAIL_SPOOL=").
2009-09-08 Nicolas François <>
* src/useradd.c: Avoid redefinition of SHELL. Use DSHELL instead.
For consistency, change HOME, INACT, EXPIRE, SKEL, and
2009-09-08 Nicolas François <>
* src/newusers.c: Prefer #ifdef over #if.
2009-09-08 Nicolas François <>
* We do not use SETPGRP_VOID, and already assume
that setpgrp has a void argument. Remove AC_FUNC_SETPGRP to ease
cross compiling.
2009-09-07 Nicolas François <>
* man/generate_translations.mak, man/generate_mans.mak,
po/ Removing and restoring the config.xml file
broke parallel builds. Build the manpages based on *.xml-config
files instead of *.xml files. The *.xml do not include config.xml
anymore, which permits to run xml2po without needing to remove
config.xml. The config.xml is restored in the *.xml-config files.
* man/groupadd.8.xml: Implementation of the above.
* man/generate_mans.deps: Updated dependencies
2009-09-07 Steve Grubb <>
* libmisc/limits.c: Fix the format to match the unsigned long
variable in argument.
* libmisc/utmp.c: Fix tests. tmptty is a variable stack. ut_host
is an array of the ut structure. None of them can be NULL.
2009-09-07 Nicolas François <>
* lib/shadowmem.c: Only copy the required fields of the struct
spwd. (start with the primitive types)
* lib/shadowmem.c: Avoid memzero() on a possibly NULL pointer.
* lib/groupmem.c: Only copy the required fields of the struct
group. (start with the primitive types)
* lib/groupmem.c: Avoid memzero() on a possibly NULL pointer.
* lib/groupmem.c: Free gr_mem in addition to its elements.
* lib/sgroupio.c: The struct sgrp has no primitive types to be
copied initially.
* lib/sgroupio.c: Avoid memzero() on a possibly NULL pointer.
* lib/sgroupio.c: Free sg_mem and sg_add in addition to their
* lib/pwmem.c: Only copy the required fields of the struct
passwd. (start with the primitive types)
2009-09-07 Nicolas François <>
* lib/sgroupio.h: Harmonize splint annotations of sgr_locate()
prototype with the one used in its definition.
2009-09-07 Steve Grubb <>
* libmisc/copydir.c, lib/shadowmem.c, lib/groupmem.c, lib/pwmem.c:
Fix some memory leaks.
2009-09-06 Nicolas François <>
* src/userdel.c, src/lastlog.c, src/gpasswd.c, src/newusers.c,
src/chpasswd.c, src/groupmems.c, src/usermod.c, src/chgpasswd.c,
src/vipw.c, src/su.c, src/useradd.c, src/groupmod.c, src/passwd.c,
src/groupadd.c, src/chage.c, src/faillog.c, src/chsh.c: Use
booleans for tests.
* src/userdel.c, src/gpasswd.c, src/groupmems.c, src/usermod.c,
src/groupmod.c, src/passwd.c: Use a break even after usage().
2009-09-05 Nicolas François <>
* src/gpasswd.c, src/groupmems.c: Split the groupmems and gpasswd
Usage string. It was changed anyway to add the --help option.
2009-09-05 Mike Frysinger <>
* NEWS, src/userdel.c, src/lastlog.c, src/gpasswd.c,
src/newusers.c, src/chpasswd.c, src/groupmems.c, src/usermod.c,
src/chgpasswd.c, src/vipw.c, src/su.c, src/useradd.c,
src/groupmod.c, src/passwd.c, src/groupadd.c, src/chage.c,
src/faillog.c, src/chsh.c: If someone uses the -h/--help options,
the usage should not go to stderr nor should the utility exit with
non-zero status. All of the shadow utils do just this
unfortunately, so convert them over to sanity.
* man/groupmems.8.xml, man/gpasswd.1.xml: Added option -h/--help.
2009-09-05 Nicolas François <>
* src/useradd.c: Fixed wrong format string.
* lib/gshadow.c: Removed declaration of unused variable.
2009-08-30 Mike Frysinger <>
* man/generate_mans.mak, man/generate_translations.mak: Provide an
useful error message when --enable-man is not enabled and the
translated manpages are not generated.
2009-08-21 Nicolas François <>
* man/login.defs.d/ENCRYPT_METHOD.xml: Avoid using sub-lists. They
break the groff formatting.
2009-07-24 Nicolas François <>
* po/fr.po: Fix typos, based on reviews by the Debian French
translation team.
2009-07-24 Nicolas François <>
* NEWS, Prepare for the next release
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2009-07-23 Nicolas François <>
* Fixed definition of the SHELL configuration.
2009-07-23 Nicolas François <>
* etc/login.defs: SYS_GID_MIN /SYS_UID_MIN changed from 100 to
101. GID 100 seems to be used statically.
2009-07-22 Nicolas François <>
* libmisc/shell.c, src/su.c: Execute the scripts with "sh -"
rather than "sh".
2009-07-22 Nicolas François <>
*, libmisc/shell.c, libmisc/setupenv.c, src/newgrp.c,
src/su.c: Let the system shell be configurable.
2009-07-20 Nicolas François <>
* NEWS, src/su.c, libmisc/shell.c: Added support for shells being a
shell script without a shebang.
2009-07-19 Jean-Louis Dupond <>
* po/nl.po: Fix obvious mistake in Dutch translation.
2009-07-18 Peter Vrabec <>
* NEWS, libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not use
getpwent / getgrent for system accounts. Trying the low-IDs with
getpwuid / getgrgid should be more efficient on LDAP configured
systems with many accounts.
* NEWS, libmisc/find_new_gid.c, libmisc/find_new_uid.c: Since
system accounts are allocated from SYS_?ID_MIN to SYS_?ID_MAX in
reverse order, accounts are packed close to SYS_?ID_MAX if
SYS_?ID_MIN is already used but there are still dome gaps.
2009-07-05 Piarres Beobide <>
* po/eu.po: Updated Basque translation.
2009-06-20 Nicolas François <>
* man/fi/ Stop distributing the Finnish translation of
passwd.1 (outdated).
2009-06-20 Nicolas François <>
* man/pwck.8.xml: The shadow file is optional.
* man/pwck.8.xml: Updated description of the checks. Added
description of the shadow checks.
* man/pwck.8.xml: Updated description of the checks.
2009-06-12 Nicolas François <>
* man/po/fr.po: Fixed typo (forunis)
2009-06-12 Nicolas François <>
* lib/fputsx.c: Compare the result of fgets() with the provided
buffer instead of NULL.
2009-06-12 Nicolas François <>
* lib/gshadow.c: Removed limitation on the length of the gshadow
* lib/gshadow.c: Compare the result of fgetsx() with the provided
buffer instead of NULL.
2009-06-11 Nicolas François <>
* libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetgrnam.c,
libmisc/xgetpwuid.c, libmisc/xgetgrgid.c, libmisc/xgetspnam.c: Do
not limit the size of the buffer to hold the group or user
structure. It used to be limited to 16k, which caused issues with
groups having many users.
2009-06-11 Nicolas François <>
* src/su.c, man/su.1.xml: The default behavior (without -p or
--login) is to copy most of the environment variables. Revert a
previous change and update the documentation.
2009-06-06 Nicolas François <>
* man/passwd.5.xml, man/shadow.5.xml: Document the passwd- and
shadow- files.
2009-06-06 Nicolas François <>
* NEWS, src/su.c: Preserve the DISPLAY and XAUTHORITY environment
variables, even with --login. This was not the case before in the
PAM version.
2009-06-06 Nicolas François <>
* src/useradd.c, src/groupmod.c, src/groupadd.c, src/faillog.c:
Fix typos. Take this opportunity to split the usage messages into
smaller messages (one per option).
* src/pwck.c: Fix typo.
2009-06-05 Petri Koistinen <>
* man/passwd.1.xml: The short option for --mindays is -n, not -m.
2009-06-04 Mike Frysinger <>
* .gitignore, man/.gitignore, src/.gitignore: Added .gitignore
2009-06-04 Nicolas François <>
* man/su.1.xml: Use <option> for the login.defs options.
* man/su.1.xml: Improve the documentation of the su behavior
regarding environment variables.
* man/su.1.xml: Document that the login.defs file is used.
2009-06-04 Nicolas François <>
* man/login.1.xml: Document that the login.defs file is used.
2009-06-04 Nicolas François <>
* man/login.defs.d/ENVIRON_FILE.xml: Document the format for
2009-05-26 Nicolas François <>
* man/gpasswd.1.xml: Ease the translation of the refpurpose.
* man/gpasswd.1.xml: Fix typo, shorten sentences.
2009-05-26 Nicolas François <>
* man/pwck.8.xml, man/grpck.8.xml: Move the SEE ALSO section at
the end.
2009-05-25 Nicolas François <>
* src/vipw.c: Make sure opened files are closed.
2009-05-25 Nicolas François <>
* man/chpasswd.8.xml, man/grpck.8.xml, man/newgrp.1.xml,
man/passwd.1.xml, man/sg.1.xml: Avoid a spurious comma.
2009-05-25 Nicolas François <>
* NEWS: New placeholder for the next release.
2009-05-22 Nicolas François <>
* po/fr.po: Updated French translation.
2009-05-22 Nicolas François <>
* NEWS: Prepare the next release.
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2009-05-22 Nicolas François <>
* man/passwd.1.xml: passwd -u does not reset the expiry field.
2009-05-22 Nicolas François <>
* man/po/fr.po: Updated some strings.
2009-05-22 Nicolas François <>
* NEWS, src/newgrp.c: Return the exit status of the child. Thanks
to Lionel Elie Mamane.
2009-05-22 Nicolas François <>
* src/usermod.c: Added warnings for absolute symlinks which could
be broken by rename().
2009-05-22 Nicolas François <>
* NEWS, src/userdel.c: Report errors to remove the user's mailbox.
* NEWS, src/userdel.c: When USERGROUPS_ENAB is enabled, remove the
user's group when the user was the only member. This is still not
complete, as the user could have been specified twice in the
* NEWS, src/userdel.c: Do not fail when -r is used and the home
directory does not exist.
2009-05-22 Nicolas François <>
* libmisc/copydir.c: Added warning for relative symlinks.
* libmisc/copydir.c (remove_tree): There is no need to check if
the root argument exist. opendir() will report this.
2009-05-21 Nicolas François <>
* man/faillog.8.xml: Minor updates.
2009-05-21 Nicolas François <>
* man/faillog.5.xml: Split a long paragraph. Typo fixes.
2009-05-21 Nicolas François <>
* man/gpasswd.1.xml: Minor updates.
2009-05-21 Nicolas François <>
* man/gshadow.5.xml: Updated documentation.
2009-05-21 Nicolas François <>
* man/usermod.8.xml, man/userdel.8.xml, man/useradd.8.xml:
Harmonize formatting of login.defs and default/useradd variables.
Use an <option> tag.
* man/usermod.8.xml: Added reference to gshadow(5).
* man/login.defs.d/USERDEL_CMD.xml: Shorten the lines of the
USERDEL_CMD example.
2009-05-21 Nicolas François <>
* src/su.c: Use a boolean instead of 0.
2009-05-20 Nicolas François <>
* man/usermod.8.xml: Fixed typos.
2009-05-20 Nicolas François <>
* Next version will be
2009-05-20 Nicolas François <>
* man/newusers.8.xml: Added notes regarding the ownership of
2009-05-19 Nicolas François <>
* man/groupmod.8.xml: Split the -g option description into smaller
2009-05-19 Nicolas François <>
* man/usermod.8.xml: Ownership of the mailbox is also changed with
the -u option.
2009-05-19 Nicolas François <>
* man/useradd.8.xml: When no passwords are provided, the password
is disabled, not the account.
2009-05-19 Nicolas François <>
* man/newusers.8.xml, man/chpasswd.8.xml, man/useradd.8.xml,
man/groupadd.8.xml, man/usermod.8.xml, man/chgpasswd.8.xml,
man/groupmod.8.xml: Added warning: passwords set with these tools
may not respect the password policy.
2009-05-19 Nicolas François <>
* man/groupadd.8.xml: Fixed formatting issue.
2009-05-19 Nicolas François <>
* man/userdel.8.xml: Added warning for files that could remain
owner by the removed user.
2009-05-19 Nicolas François <>
* man/useradd.8.xml: Fix formatting typo.
2009-05-19 Nicolas François <>
* man/groupdel.8.xml: Move the warning on filesystems checks to
the CAVEAT section.
2009-05-18 Nicolas François <>
* man/login.defs.d/GID_MAX.xml: Fixed typo. useradd was specified
2009-05-18 Nicolas François <>
* man/groupadd.8.xml, man/useradd.8.xml: names may also contain
2009-05-18 Nicolas François <>
* man/shadow.5.xml: What is important in shadow is not the
encryption, but that the file is not world readable.
2009-05-18 Nicolas François <>
* man/po/fr.po: Updated French translation. Thanks to ABBAS
Belkacem for the login.defs update.
2009-05-18 Nicolas François <>
* man/usermod.8.xml: Split the CAVEAT section in paragraphs.
Updated information on the user_busy check.
2009-05-18 Nicolas François <>
* man/userdel.8.xml: Document that -f may force the deletion of a
busy user.
2009-05-18 Nicolas François <>
* NEWS, src/usermod.c: Check if the user is busy when the user's
UID, name or home directory is changed.
2009-05-18 Nicolas François <>
* src/userdel.c, libmisc/user_busy.c, libmisc/,
lib/prototypes.h: Move user_busy() to libmisc/user_busy.c.
* NEWS, libmisc/user_busy.c: On Linux, do not check if an user is
logged in with utmp, but check if the user is running some
processes. If not on Linux, continue to search for an utmp record,
but make sure the process recorded in the utmp entry is still
2009-05-18 Nicolas François <>
* man/usermod.8.xml: Document the -m/--move-home option.
2009-05-17 Nicolas François <>
* src/userdel.c (user_busy): Check if the process registered in
utmp is still running. This avoids rejecting the removal of an
user when UTMP was not updated and indicate that the user is still
logged in.
2009-05-16 Nicolas François <>
* NEWS, libmisc/console.c (console): Remove the leading /dev/ from
the tty before comparing with the lines specified by CONSOLE.
* src/su.c: Do not remove the /dev/ prefix since it is done by
2009-05-16 Nicolas François <>
* man/login.defs.d/CONSOLE.xml: Document the format of the CONSOLE
2009-05-16 Nicolas François <>
* NEWS, src/login.c: Fix failure of non PAM enabled versions when
an empty username is entered after a first prompt.
2009-05-16 Nicolas François <>
* src/passwd.c: Added missing end of line at the end of success
2009-05-16 sacha <>
* po/fr.po: Fixed typo in the vipw usage string.
2009-05-12 Nicolas François <>
* libmisc/shell.c: Removed invalid code that executed the user's
shell as a shell script when the direct execution of the user's
shell failed with ENOEXEC and the user's shell has a shebang. The
interpreter might not be the right one. Executing the user's
shell with sh -c might be better, but I'm not sure we should try
harder when there is a failure. Note: the removed code was only
included #ifndef __linux__.
2009-05-12 Nicolas François <>
* man/userdel.8.xml: The USERGROUPS_ENAB group may not be removed
when the group is used by other users, not the user.
2009-05-12 Nicolas François <>
* src/userdel.c, man/login.defs.d/USERDEL_CMD.xml: Move the
USERDEL_CMD script example from the source code to the
2009-05-11 Nicolas François <>
* man/newusers.8.xml: PAM enabled version: describe how passwords
are updated and how newusers behave in case of error.
2009-05-10 Nicolas François <>
* NEWS, New release will be 4.1.4.
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2009-05-10 Nicolas François <>
* libmisc/copydir.c: Added prototype of readlink_malloc(), and
readlink_malloc() changed to static.
2009-05-10 Nicolas François <>
* src/su.c: Avoid redeclaration of root_pw.
2009-05-10 NAKANO Takeo <>
* po/ja.po: Updated Japanese translation.
2009-05-10 Jean-Luc Coulon (f5ibh) <>
* po/fr.po: Updated French translation.
2009-05-10 Nicolas François <>
* lib/commonio.c: Avoid PATH_MAX. On glibc, we can use realpath
with a NULL argument.
* src/useradd.c: Replace PATH_MAX by a fixed constant. The buffer
was not meant as a storage for a path.
* src/useradd.c, src/newusers.c, src/chpasswd.c: Better detection
of fgets errors. Lines shall end with a \n, unless we reached the
end of file.
* libmisc/copydir.c: Avoid PATH_MAX. Support file paths with any
length. Added readlink_malloc().
2009-05-09 Nicolas François <>
* src/pwck.c: Warn if an user has an entry in passwd and shadow,
and the password field in passwd is not 'x'.
* src/grpck.c: Warn if a group has an entry in group and gshadow,
and the password field in group is not 'x'.
2009-05-09 Nicolas François <>
* man/login.defs.d/ENCRYPT_METHOD.xml,
man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml: Updated note for PAM
enabled versions. These variables are only used for group
passwords in this case.
2009-05-09 Nicolas François <>
* man/chpasswd.8.xml: Sorted options alphabetically.
2009-05-09 Nicolas François <>
* NEWS, src/newusers.c, src/ Added support for
changing the passwords with PAM.
* src/newusers.c: Split the usage string in smaller parts to
allow enabling single parts.
* man/newusers.8.xml: Indicate the options and configuration
variables valid for PAM and non-PAM versions.
* man/newusers.8.xml: Added pointer to /etc/pam.d/chpasswd.
2009-05-09 Nicolas François <>
* src/userdel.c: Remove duplicate definitions of exit codes.
2009-05-07 Nicolas François <>
* libmisc/non_interactive_pam_conv.c,
libmisc/pam_pass_non_interractive.c, libmisc/ Renamed.
* libmisc/pam_pass_non_interractive.c, lib/prototypes.h:
non_interactive_password and non_interactive_pam_conv do not need
to be externally visible.
* libmisc/pam_pass_non_interractive.c: Added declaration of
* libmisc/pam_pass_non_interractive.c: Only compile ifdef USE_PAM.
* libmisc/pam_pass_non_interractive.c, lib/prototypes.h:
Added do_pam_passwd_non_interractive().
* src/chpasswd.c: Use do_pam_passwd_non_interractive().
2009-05-07 Nicolas François <>
* libmisc/pam_pass.c: Removed comment regarding pam_misc. This is
checked by
2009-05-07 Nicolas François <>
* man/login.defs.5.xml: PAM enabled chpasswd do not use any
configuration variable from login.defs.
2009-05-07 Nicolas François <>
* man/passwd.1.xml: Differentiate the files used for PAM and
non-PAM versions.
2009-05-07 Nicolas François <>
* man/chpasswd.8.xml: Describe how chpasswd behaves in case of error.
* man/chpasswd.8.xml: Describe the PAM enabled chpasswd behavior.
* man/chpasswd.8.xml: Differentiate the files and configurations
used for PAM and non-PAM versions.
2009-05-07 Nicolas François <>
* src/login.c: failcount does not need to be signed.
2009-05-07 Nicolas François <>
* src/ PAM enabled chpasswd now needs to be linked to
the PAM library, even if --enable-account-tools-setuid is not
2009-05-07 Nicolas François <>
* src/chpasswd.c: Added the line number when an error is reported
instead of only the username.
* src/chpasswd.c: PAM enabled chpasswd may change the password
database (for the user where the password update succeeded) even
if there were a failure for one user. Do not indicate that changes
were ignored.
2009-05-07 Nicolas François <>
* src/passwd.c: Exit immediately when unlocking a password would
result in a passwordless account. This avoid printing a success
message after the warning.
2009-05-07 Nicolas François <>
* src/nologin.c: Include <stdlib.h> to get EXIT_FAILURE.
2009-05-04 Nicolas François <>
* NEWS, Fix build failure on non-PAM enabled system
when --without-pam is not specified.
2009-04-30 Nicolas François <>
* lib/commonio.c: Ignore the return values of fclose() and
unlink() in case of failure of fopen_set_perms() or
* lib/commonio.c: Should the backup file be unlink'ed in case of
failure of create_backup()?
2009-04-30 Nicolas François <>
* lib/getulong.c: Added splint annotations.
2009-04-30 Nicolas François <>
* src/newgrp.c, src/chfn.c, src/groupmems.c, src/usermod.c,
src/userdel.c, src/chpasswd.c, src/grpck.c, src/gpasswd.c,
src/groupdel.c, src/chgpasswd.c, src/vipw.c, src/useradd.c,
src/su.c, src/groupmod.c, src/passwd.c, src/pwck.c,
src/groupadd.c, src/chage.c, src/login.c, src/faillog.c,
src/sulogin.c, src/chsh.c, src/pwconv.c: Added splint annotations.
* src/userdel.c, src/pwconv.c, src/lastlog.c, src/grpck.c,
src/vipw.c, src/groupmod.c, src/passwd.c, src/pwck.c, src/login.c,
src/sulogin.c, src/usermod.c: Use return instead of exit at the
end of main().
* src/gpasswd.c, src/passwd.c, src/faillog.c: Use the exitcodes.h
exit codes.
* src/chpasswd.c: Added missing ||.
* src/nologin.c: Do not include exitcodes.h.
* src/nologin.c: Added brackets.
* src/nologin.c: Avoid assignments in comparisons.
2009-04-30 Nicolas François <>
* libmisc/getgr_nam_gid.c, lib/get_gid.c, lib/get_pid.c,
lib/get_uid.c: Added splint annotations.
2009-04-30 Nicolas François <>
* lib/exitcodes.h: Define E_SUCCESS as EXIT_SUCCESS. Added FIXMEs.
* libmisc/chowntty.c, libmisc/rlogin.c, libmisc/sub.c,
src/newusers.c, libmisc/sulog.c, libmisc/system.c, src/logoutd.c,
src/groups.c, src/id.c, lib/encrypt.c, libmisc/audit_help.c,
libmisc/limits.c: Return EXIT_FAILURE instead of 1, and
EXIT_SUCCESS instead of 0.
* libmisc/audit_help.c: Replace an fprintf() by fputs().
* libmisc/audit_help.c: Remove documentation of the audit_logger
returned values. The function returns void.
* libmisc/system.c: Only return status if waitpid succeeded.
Return -1 otherwise.
2009-04-28 Nicolas François <>
* NEWS, src/chpasswd.c: Added support for changing the passwords
with PAM.
* src/chpasswd.c: Split the usage string in smaller parts to
allow enabling single parts.
* src/chpasswd.c: Do not set a global lock on the password files.
This is done by PAM each time a password is updated.
2009-04-28 Nicolas François <>
* lib/defines.h: Include <utmpx.h> and <utmp.h> to define
2009-04-28 Nicolas François <>
* src/login.c: Change a snprintf() to strncpy(). There are no
2009-04-28 Nicolas François <>
* src/passwd.c: Harmonize status report at the end of passwd.
Prefix the messages with "passwd: ", only indicate a password
change if the password was actually changed, and password
properties changed otherwise.
2009-04-28 Nicolas François <>
* src/chgpasswd.c, src/newusers.c: There is no need to test for 0
after getopt_long. No options have flag != NULL.
2009-04-28 Nicolas François <>
* lib/prototypes.h: Replace #if by #ifdef
* libmisc/, lib/prototypes.h,
libmisc/non_interactive_pam_conv.c: Added
non_interactive_pam_conv() and non_interactive_password.
2009-04-28 Nicolas François <>
* libmisc/utmp.c, src/userdel.c, src/logoutd.c: Replace #if by #ifdef
2009-04-28 Nicolas François <>
* src/vipw.c: Harmonize messages.
2009-04-28 Nicolas François <>
* src/lastlog.c: Replace atoi() by getulong().
2009-04-28 Nicolas François <>
* libmisc/failure.h: Replace HAVE_UTMPX_H by USE_UTMPX.
2009-04-28 Nicolas François <>
* libmisc/rlogin.c: Replace atoi() by getulong().
2009-04-28 Nicolas François <>
* libmisc/failure.c: Replace HAVE_UTMPX_H by USE_UTMPX.
2009-04-28 Nicolas François <>
* libmisc/chkname.c: Do not include <utmp.h> and <utmpx.h>. There
are no more needed.
2009-04-28 Nicolas François <>
* libmisc/limits.c: Replace strtol() by getlong().
* libmisc/limits.c: Replace HAVE_UTMPX_H by USE_UTMPX.
2009-04-27 Nicolas François <>
* man/groupmod.8.xml, man/usermod.8.xml, man/groupadd.8.xml,
man/useradd.8.xml: Added note to warn about insecurity in using
* man/groupmod.8.xml: Removed not regarding default if --password
is not used. This was a cut&paste from groupadd.8.xml.
* man/passwd.1.xml: Split some paragraphs.
* man/passwd.1.xml: Recommend other encryption methods than DES.
2009-04-27 Nicolas François <>
* src/login.c: Move update_utmp() after the PID or session ID
changed in order to get more accurate data in UTMP. This also
fixes "exec login" when login in installed setuid.
2009-04-27 Nicolas François <>
* src/login.c: Reuse a string and avoid an untranslated message
"Login incorrect".
2009-04-27 Nicolas François <>
* src/login.c: Replace HAVE_UTMPX_H by USE_UTMPX.
* src/login.c: Avoid name clash between global variables and the
update_utmp() arguments.
2009-04-27 Nicolas François <>
* src/groupadd.c, lib/commonio.c, lib/groupio.c: Added missing
include of <assert.h>
2009-04-27 Nicolas François <>
* lib/prototypes.h: Replace HAVE_UTMPX_H by USE_UTMPX.
* lib/prototypes.h, libmisc/log.c: Added splint annotations.
* libmisc/log.c: Added SYSLOG warning when lseek fails (should not
2009-04-27 Nicolas François <>
* libmisc/mail.c, libmisc/copydir.c: Added missing include of
2009-04-27 Nicolas François <>
* libmisc/env.c: Added assertions on the snprintf results.
2009-04-27 Nicolas François <>
* NEWS, Added configure option --enable-utmpx,
disabled by default. This defines USE_UTMPX, which should be used
instead of HAVE_UTMPX_H.
* libmisc/utmp.c: Replace HAVE_UTMPX_H by USE_UTMPX.
* libmisc/utmp.c: Removed old comment on HAVE_STRUCT_UTMP_UT_ID
and UTMPX support.
2009-04-27 Nicolas François <>
* man/po/fr.po: Fix typo.
2009-04-26 Nicolas François <>
* src/newgrp.c: Close the databases before changing the UDI and
2009-04-26 Nicolas François <>
* libmisc/myname.c: Updated splint annotations.
2009-04-26 Nicolas François <>
* lib/commonio.c: Added splint annotations.
* lib/commonio.c: old_context should be local to commonio_close(),
not global.
2009-04-26 Nicolas François <>
* src/passwd.c: Do not freecon strings duplicated with strdup.
Also avoid allocation of memory.
* src/passwd.c: Use SYSLOG instead of syslog.
2009-04-25 Miroslav Kure <>
* po/cs.po: Updated to 352T7f8u
2009-04-25 Nicolas François <>
* lib/commonio.h, lib/commonio.c: Added splint annotations.
* lib/commonio.c: Do not assumes eptr is always notnull.
2009-04-25 Nicolas François <>
* NEWS, po/pt.po: Updated Portuguese translation.
2009-04-25 Nicolas François <>
* libmisc/copydir.c: Added splint annotations.
* libmisc/copydir.c: Added assert to help splint.
* libmisc/copydir.c: Free allocated structures in cas of failure.
* libmisc/copydir.c: Avoid implicit conversion of pointers to
* libmisc/copydir.c: Use buffers of size PATH_MAX instead of 1024
for filenames.
* libmisc/copydir.c: Use fchmod and fchown to change the mode of
the opened file.
* libmisc/copydir.c: Indicate the mode to open(), even if we chmod
2009-04-25 Nicolas François <>
* lib/prototypes.h: Added prototypes of getulong() and get_pid().
* lib/prototypes.h: Added splint annotations.
2009-04-25 Nicolas François <>
* lib/commonio.c: Use get_pid() instead of strtol.
* lib/commonio.c: Replace an int by a size_t.
2009-04-25 Nicolas François <>
* lib/commonio.h: Added splint annotations.
2009-04-25 Nicolas François <>
* lib/sgroupio.c: Free allocated structures on failure.
* lib/sgroupio.c: Added splint annotations.
2009-04-25 Nicolas François <>
* lib/, lib/get_pid.c, lib/getulong.c: Added get_pid()
and getulong().
2009-04-25 Nicolas François <>
* lib/getlong.c: Do not check for NULL string but empty string.
2009-04-25 Nicolas François <>
* lib/groupio.c: Updated splint annotations.
* lib/groupio.c: Added assert to help splint.
2009-04-25 Nicolas François <>
* src/useradd.c: Check assumptions on snprintf().
* src/useradd.c: Replace peror by an strerror and avoid an
intermediate buffer.
* src/useradd.c: Save errno between the failure and the report by
* src/useradd.c: Prefer xmalloc to malloc.
2009-04-25 Nicolas François <>
* src/lastlog.c: Remove function calls from within assert().
2009-04-25 Nicolas François <>
* libmisc/obscure.c: Change some int to size_t.
2009-04-25 Nicolas François <>
* libmisc/console.c: Use a less disturbing construct for splint.
2009-04-25 Nicolas François <>
* libmisc/limits.c: Parse the limits, umask, nice, maxlogin, file
limit with getlog() / getulong(). This also means, in case of
non-PAM enabled systems, that the umask specified on the GECOS
fields should start with a 0 if specified in octal. (it used to be
force to octal). Do the appropriate cast and range checking.
2009-04-25 Nicolas François <>
* libmisc/salt.c: In case gettimeofday() fails, get some entropy
from the PID.
2009-04-25 Nicolas François <>
* libmisc/setupenv.c: Prefer snprintf to sprintf, even if a small
context indicates no issues.
* libmisc/setupenv.c: Avoid implicit conversion of pointers to
2009-04-25 Nicolas François <>
* libmisc/loginprompt.c: Prefer snprintf to sprintf, even if a
small context indicates no issues.
2009-04-25 Nicolas François <>
* src/faillog.c: Remove function calls from within assert().
2009-04-25 Nicolas François <>
* libmisc/mail.c: Ignore the return value of puts().
* libmisc/mail.c: Prefer snprintf to sprintf, even if a small
context indicates no issues.
2009-04-22 Nicolas François <>
* lib/commonio.c, lib/commonio.h, lib/groupio.c, lib/groupio.h,
lib/pwio.c, lib/pwio.h, lib/shadowio.c, lib/shadowio.h: Added
splint annotations. The *_locate() and *_next() functions
currently return an observer. As the structure are often modified
by the caller, it could maybe be changed to exposed later. (and
2009-04-22 Nicolas François <>
* lib/pwauth.c: Use a boolean for wipe_clear_pass and use_skey.
* lib/pwauth.c: Added splint annotations.
* lib/pwauth.c: Added brackets and parenthesis.
* lib/pwauth.c: Avoid assignments in comparisons.
* lib/pwauth.c: Avoid implicit conversion of pointers or
characters to booleans.
2009-04-22 Nicolas François <>
* src/groupmod.c: Cast ID to ulongs and use ulong formats for IDs.
2009-04-22 Nicolas François <>
* src/newgrp.c: Added splint annotations.
* src/newgrp.c: audit_buf is only used in newgrp. Make it static.
* src/newgrp.c: Ignore the return value of fputs().
* src/newgrp.c: Use exit(EXIT_FAILURE) instead of exit(1).
2009-04-22 Nicolas François <>
* libmisc/pwdcheck.c (passwd_check): The progname is not used.
* libmisc/pwdcheck.c: Ignore the return value of sleep().
* libmisc/pwdcheck.c: Use exit(EXIT_FAILURE) instead of exit(1).
2009-04-22 Nicolas François <>
* libmisc/setupenv.c: Avoid assignments in comparisons.
* libmisc/setupenv.c: Added brackets and parenthesis.
* libmisc/setupenv.c: Ignore the return value of fclose (file
opened read-only)
* libmisc/setupenv.c: Ignore the return value of puts().
* libmisc/setupenv.c: Avoid implicit conversion of pointers to
2009-04-22 Nicolas François <>
* libmisc/find_new_gid.c, libmisc/find_new_uid.c,
libmisc/isexpired.c, src/groupadd.c, lib/pwauth.h, lib/groupmem.c,
lib/shadowmem.c, lib/pwmem.c, lib/prototypes.h: Added splint
2009-04-22 Nicolas François <>
* libmisc/loginprompt.c: Use exit(EXIT_FAILURE) instead of
* libmisc/loginprompt.c: Avoid implicit conversion of pointers to
* libmisc/loginprompt.c: Ignore return value of putc().
2009-04-22 Nicolas François <>
* libmisc/env.c, libmisc/age.c: Added splint annotations.
* libmisc/age.c: Added brackets and parenthesis.
* libmisc/age.c: Ignore the return value of fclose (file opened
* libmisc/age.c: Ignore puts() return value.
* libmisc/age.c: Use exit(EXIT_FAILURE) instead of exit(1).
* libmisc/age.c: Avoid assignments in comparisons.
2009-04-22 Nicolas François <>
* lib/fputsx.c, lib/gshadow.c, lib/commonio.h: Added splint
2009-04-22 Nicolas François <>
* lib/get_gid.c: gidstr should not be NULL, but the check was
meant to make sure it is not empty.
* lib/get_uid.c: Likewise.
2009-04-22 Nicolas François <>
* lib/getdef.c: Added splint annotations.
* lib/getdef.c: Ignore fputs() return value.
* lib/getdef.c: Use EXIT_FAILURE / EXIT_SUCCESS for exit()
2009-04-22 Nicolas François <>
* src/faillog.c: Added splint annotations.
* src/faillog.c: Cast ID to ulongs and use ulong formats for IDs.
* src/faillog.c: Ignore fflush() return value.
* src/faillog.c: Added parenthesis.
2009-04-22 Nicolas François <>
* src/grpck.c: Ignore puts return value.
* src/grpck.c: Avoid variable format string.
2009-04-22 Nicolas François <>
* src/lastlog.c: Use EXIT_FAILURE / EXIT_SUCCESS for exit()
* src/lastlog.c: Added s