.gitignore

@@ -1 +1 @@
-SOURCES/libuser-0.62.tar.xz
+SOURCES/libuser-0.63.tar.xz

.libuser.metadata

@@ -1 +1 @@
-e0fe60dd38f3b5777d0a4ad664725eddd18ef310 SOURCES/libuser-0.62.tar.xz
+cd6b029165743afaaee58e7d80e767da7a868545 SOURCES/libuser-0.63.tar.xz

SOURCES/0001-Fix-errors-with-Werror-format-security.patch

@@ -1,52 +0,0 @@
-From 9317afc8bb7eec656444fc2eecfcd1ea3bfdda82 Mon Sep 17 00:00:00 2001
-From: Stephen Gallagher <sgallagh@redhat.com>
-Date: Wed, 15 Mar 2017 12:43:03 -0400
-Subject: [PATCH] Fix errors with -Werror=format-security
-
-Recent versions of the Fedora build system treat format-security
-warnings as errors, resulting in failure to build. This patch
-ensures that appropriate format strings are present.
-
-Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
----
- modules/files.c | 2 +-
- modules/ldap.c  | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/modules/files.c b/modules/files.c
-index 4ef0a57be9f2aad99d82abfae5204009a93e5572..6a7787e28112ba07e0fc44f2887ce1d1540af29e 100644
---- a/modules/files.c
-+++ b/modules/files.c
-@@ -532,11 +532,11 @@ parse_field(const struct format_specifier *format, GValue *value,
- 	err = NULL;
- 	ret = lu_value_init_set_attr_from_string(value, format->attribute,
- 						 string, &err);
- 	if (ret == FALSE) {
- 		g_assert(err != NULL);
--		g_warning(lu_strerror(err));
-+		g_warning("%s", lu_strerror(err));
- 		lu_error_free(&err);
- 	}
- 	return ret;
- }
- 
-diff --git a/modules/ldap.c b/modules/ldap.c
-index ad10f7394c5735f3180cbab5bc7314301fd83ffc..02e9eb6a0cf10595d730e3dc719f2e848a3491d4 100644
---- a/modules/ldap.c
-+++ b/modules/ldap.c
-@@ -670,11 +670,11 @@ lu_ldap_lookup(struct lu_module *module,
- 					error = NULL;
- 					ok = lu_value_init_set_attr_from_string
- 						(&value, attr, val, &error);
- 					if (ok == FALSE) {
- 						g_assert(error != NULL);
--						g_warning(lu_strerror(error));
-+						g_warning("%s", lu_strerror(error));
- 						lu_error_free(&error);
- 					} else {
- 						lu_ent_add_current(ent, attr,
- 								   &value);
- 						g_value_unset(&value);
--- 
-2.12.0
-

SOURCES/0002-Use-2048-bit-keys-in-tests-to-avoid-issues-with-mode.patch

@@ -1,40 +0,0 @@
-From 68e2c532e610e1c91dd10ff176b673d6190adef4 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jakub.hrozek@posteo.se>
-Date: Mon, 6 Aug 2018 21:43:53 +0200
-Subject: [PATCH] Use 2048-bit keys in tests to avoid issues with modern
- systems
-
----
- tests/default_pw_test | 2 +-
- tests/ldap_test       | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/tests/default_pw_test b/tests/default_pw_test
-index 6da406cf3f67cee2084e730361d43c88df83b81c..733c85c090e07c87a9a7ef8b58c5396bf5f91197 100755
---- a/tests/default_pw_test
-+++ b/tests/default_pw_test
-@@ -30,7 +30,7 @@ rm -rf "$workdir"
- mkdir "$workdir"
- 
- # Create a SSL key
--/usr/bin/openssl req -newkey rsa:1024 -keyout "$workdir"/key1 -nodes \
-+/usr/bin/openssl req -newkey rsa:2048 -keyout "$workdir"/key1 -nodes \
-     -x509 -days 2 -out "$workdir"/key3 2>/dev/null <<EOF
- .
- .
-diff --git a/tests/ldap_test b/tests/ldap_test
-index f82c2795ef283e323f49c8a400d6c628b3a3e331..54609b14d54b2c5638445262e7fb25307ba6db4c 100755
---- a/tests/ldap_test
-+++ b/tests/ldap_test
-@@ -30,7 +30,7 @@ rm -rf "$workdir"
- mkdir "$workdir"
- 
- # Create a SSL key
--/usr/bin/openssl req -newkey rsa:1024 -keyout "$workdir"/key1 -nodes \
-+/usr/bin/openssl req -newkey rsa:2048 -keyout "$workdir"/key1 -nodes \
-     -x509 -days 2 -out "$workdir"/key3 2>/dev/null <<EOF
- .
- .
--- 
-2.14.4
-

SOURCES/0003-Add-audit-events-around-user-life-cycle.patch

@@ -1,658 +0,0 @@
-From 72962208c42ea202f1e31f2f3ac1b523cd545b06 Mon Sep 17 00:00:00 2001
-From: Steve Grubb <sgrubb@redhat.com>
-Date: Fri, 3 Aug 2018 11:33:05 +0200
-Subject: [PATCH] Add audit events around user life cycle
-
----
- Makefile.am        | 18 ++++++-------
- apps/lchage.c      |  5 ++++
- apps/lchsh.c       |  7 +++++
- apps/lgroupadd.c   |  5 ++++
- apps/lgroupdel.c   |  6 +++++
- apps/lgroupmod.c   | 36 +++++++++++++++++++++++++
- apps/luseradd.c    | 16 +++++++++++
- apps/luserdel.c    | 17 ++++++++++++
- apps/lusermod.c    | 38 +++++++++++++++++++++++++-
- configure.ac       | 17 ++++++++++++
- lib/common.c       | 66 +++++++++++++++++++++++++++++++++++++++++++++-
- lib/user_private.h | 15 +++++++++++
- 12 files changed, 235 insertions(+), 11 deletions(-)
-
-diff --git a/Makefile.am b/Makefile.am
-index 080f97e8cc81a77dd0413c3b6fe7fe8002499393..9f099bd71941a869274a502a3130802731d83c24 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -116,7 +116,7 @@ apps_libapputil_la_LDFLAGS = $(GOBJECT_LIBS) -lpam -lpam_misc $(SELINUX_LIBS)
- 
- apps_lchage_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
- apps_lchage_LDADD = lib/libuser.la $(LTLIBINTL)
--apps_lchage_LDFLAGS = $(GMODULE_LIBS) -lpopt
-+apps_lchage_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
- 
- apps_lchfn_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
- apps_lchfn_LDADD = apps/libapputil.la lib/libuser.la $(LTLIBINTL)
-@@ -124,19 +124,19 @@ apps_lchfn_LDFLAGS = $(GMODULE_LIBS) -lpopt
- 
- apps_lchsh_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
- apps_lchsh_LDADD = apps/libapputil.la lib/libuser.la $(LTLIBINTL)
--apps_lchsh_LDFLAGS = $(GMODULE_LIBS) -lpopt
-+apps_lchsh_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
- 
- apps_lgroupadd_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
- apps_lgroupadd_LDADD = lib/libuser.la $(LTLIBINTL)
--apps_lgroupadd_LDFLAGS = $(GMODULE_LIBS) -lpopt
-+apps_lgroupadd_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
- 
- apps_lgroupdel_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
- apps_lgroupdel_LDADD = lib/libuser.la $(LTLIBINTL)
--apps_lgroupdel_LDFLAGS = $(GMODULE_LIBS) -lpopt
-+apps_lgroupdel_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
- 
- apps_lgroupmod_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
- apps_lgroupmod_LDADD = lib/libuser.la $(LTLIBINTL)
--apps_lgroupmod_LDFLAGS = $(GMODULE_LIBS) -lpopt
-+apps_lgroupmod_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
- 
- apps_lid_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
- apps_lid_LDADD = lib/libuser.la $(LTLIBINTL)
-@@ -152,15 +152,15 @@ apps_lpasswd_LDFLAGS = $(GMODULE_LIBS) -lpopt
- 
- apps_luseradd_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
- apps_luseradd_LDADD = lib/libuser.la $(LTLIBINTL)
--apps_luseradd_LDFLAGS = $(GMODULE_LIBS) -lpopt
-+apps_luseradd_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
- 
- apps_luserdel_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
- apps_luserdel_LDADD = lib/libuser.la $(LTLIBINTL)
--apps_luserdel_LDFLAGS = $(GMODULE_LIBS) -lpopt
-+apps_luserdel_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
- 
- apps_lusermod_CPPFLAGS = $(AM_CPPFLAGS) $(LOCALEDIR_CPPFLAGS)
- apps_lusermod_LDADD = lib/libuser.la $(LTLIBINTL)
--apps_lusermod_LDFLAGS = $(GMODULE_LIBS) -lpopt
-+apps_lusermod_LDFLAGS = $(GMODULE_LIBS) -lpopt $(AUDIT_LIBS)
- 
- lib_libuser_la_SOURCES = lib/common.c lib/config.c lib/entity.c lib/error.c \
- 	lib/fs.c lib/getdate.y lib/internal.h lib/misc.c lib/modules.c \
-@@ -170,7 +170,7 @@ lib_libuser_la_CPPFLAGS = $(GMODULE_CFLAGS) -Ilib $(LOCALEDIR_CPPFLAGS) \
- 	-DMODULEDIR='"$(pkglibdir)"' -DNSCD='"$(NSCD)"' \
- 	-DSYSCONFDIR='"$(sysconfdir)"'
- lib_libuser_la_LDFLAGS = $(GMODULE_LIBS) $(CRYPT_LIBS) $(SELINUX_LIBS) \
--	-version-info 6:2:5
-+	$(AUDIT_LIBS) -version-info 6:2:5
- lib_libuser_la_LIBADD = $(LTLIBINTL)
- 
- modules_libuser_files_la_SOURCES = modules/files.c
-diff --git a/apps/lchage.c b/apps/lchage.c
-index bad296ccf0755dd6781b1a2e6397dccb1f7dbd12..1a4f04883062cb11f15a2e34d37e127fef2a374e 100644
---- a/apps/lchage.c
-+++ b/apps/lchage.c
-@@ -29,6 +29,7 @@
- #include <popt.h>
- #include <glib.h>
- #include "../lib/user.h"
-+#include "../lib/user_private.h"
- #include "apputil.h"
- 
- #define INVALID_LONG LONG_MIN
-@@ -239,8 +240,12 @@ main(int argc, const char **argv)
- 			fprintf(stderr,
- 				_("Failed to modify aging information for %s: "
- 				  "%s\n"), user, lu_strerror(error));
-+			lu_audit_logger(AUDIT_USER_MGMT, "change-age", user,
-+				AUDIT_NO_ID, 0);
- 			return 3;
- 		}
-+		lu_audit_logger(AUDIT_USER_MGMT, "change-age", user,
-+				AUDIT_NO_ID, 1);
- 
- 		lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
- 	}
-diff --git a/apps/lchsh.c b/apps/lchsh.c
-index 7c8a9246d4548a7f6fbacce91cdfdf4372799943..555ed2ea7b0d5a90bf37a7f23c398b382ac45a38 100644
---- a/apps/lchsh.c
-+++ b/apps/lchsh.c
-@@ -26,6 +26,7 @@
- #include <string.h>
- #include <unistd.h>
- #include "../lib/user.h"
-+#include "../lib/user_private.h"
- #include "apputil.h"
- 
- int
-@@ -120,6 +121,8 @@ main(int argc, const char **argv)
- 				      NULL, &error) == FALSE) {
- 			fprintf(stderr, _("Shell not changed: %s\n"),
- 				lu_strerror(error));
-+			lu_audit_logger(AUDIT_USER_MGMT, "change-shell", user,
-+				AUDIT_NO_ID, 0);
- 			return 1;
- 		}
- 		/* Modify the in-memory structure's shell attribute. */
-@@ -132,9 +135,13 @@ main(int argc, const char **argv)
- 		if (lu_user_modify(ctx, ent, &error)) {
- 			g_print(_("Shell changed.\n"));
- 			lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
-+			lu_audit_logger(AUDIT_USER_MGMT, "change-shell", user,
-+				AUDIT_NO_ID, 1);
- 		} else {
- 			fprintf(stderr, _("Shell not changed: %s\n"),
- 				lu_strerror(error));
-+			lu_audit_logger(AUDIT_USER_MGMT, "change-shell", user,
-+				AUDIT_NO_ID, 0);
- 			return 1;
- 		}
- 	}
-diff --git a/apps/lgroupadd.c b/apps/lgroupadd.c
-index d73ee864adac9e5dbc7d98392190db225d116143..3fa2a1df5ac5838ef256541c07ae6028e4f6a80b 100644
---- a/apps/lgroupadd.c
-+++ b/apps/lgroupadd.c
-@@ -118,6 +118,8 @@ main(int argc, const char **argv)
- 	if (lu_group_add(ctx, ent, &error) == FALSE) {
- 		fprintf(stderr, _("Group creation failed: %s\n"),
- 			lu_strerror(error));
-+		lu_audit_logger(AUDIT_ADD_GROUP, "add-group", name,
-+				AUDIT_NO_ID, 0);
- 		return 2;
- 	}
- 
-@@ -127,5 +129,8 @@ main(int argc, const char **argv)
- 
- 	lu_end(ctx);
- 
-+	lu_audit_logger(AUDIT_ADD_GROUP, "add-group", name,
-+				AUDIT_NO_ID, 1);
-+
- 	return 0;
- }
-diff --git a/apps/lgroupdel.c b/apps/lgroupdel.c
-index e0fd6c6d42f55eef82f0790f551721972c129b5f..c5ccbed95cb834719cd109a81e6f979bb737dc71 100644
---- a/apps/lgroupdel.c
-+++ b/apps/lgroupdel.c
-@@ -24,6 +24,7 @@
- #include <locale.h>
- #include <popt.h>
- #include "../lib/user.h"
-+#include "../lib/user_private.h"
- #include "apputil.h"
- 
- int
-@@ -90,6 +91,8 @@ main(int argc, const char **argv)
- 	if (lu_group_delete(ctx, ent, &error) == FALSE) {
- 		fprintf(stderr, _("Group %s could not be deleted: %s\n"),
- 			group, lu_strerror(error));
-+		lu_audit_logger(AUDIT_DEL_GROUP, "delete-group", group,
-+				AUDIT_NO_ID, 0);
- 		return 3;
- 	}
- 
-@@ -99,5 +102,8 @@ main(int argc, const char **argv)
- 
- 	lu_end(ctx);
- 
-+	lu_audit_logger(AUDIT_DEL_GROUP, "delete-group", group,
-+			AUDIT_NO_ID, 1);
-+
- 	return 0;
- }
-diff --git a/apps/lgroupmod.c b/apps/lgroupmod.c
-index 21170e06f37370d7b2f2d936048ae7abf24fd181..0ad0ae4f39d32435b4668ef15ec678d8ea319e5c 100644
---- a/apps/lgroupmod.c
-+++ b/apps/lgroupmod.c
-@@ -138,8 +138,14 @@ main(int argc, const char **argv)
- 		    == FALSE) {
- 			fprintf(stderr, _("Failed to set password for group "
- 				"%s: %s\n"), group, lu_strerror(error));
-+			lu_audit_logger(AUDIT_GRP_MGMT,
-+					"changing-group-passwd", group,
-+					AUDIT_NO_ID, 0);
- 			return 4;
- 		}
-+		lu_audit_logger(AUDIT_GRP_MGMT,
-+				"changing-group-passwd", group,
-+				AUDIT_NO_ID, 1);
- 	}
- 
- 	if (cryptedUserPassword) {
-@@ -147,8 +153,14 @@ main(int argc, const char **argv)
- 				     &error) == FALSE) {
- 			fprintf(stderr, _("Failed to set password for group "
- 				"%s: %s\n"), group, lu_strerror(error));
-+			lu_audit_logger(AUDIT_GRP_MGMT,
-+					"changing-group-passwd", group,
-+					AUDIT_NO_ID, 0);
- 			return 5;
- 		}
-+		lu_audit_logger(AUDIT_GRP_MGMT,
-+				"changing-group-passwd", group,
-+				AUDIT_NO_ID, 1);
- 	}
- 
- 	if (lock) {
-@@ -156,8 +168,14 @@ main(int argc, const char **argv)
- 			fprintf(stderr,
- 				_("Group %s could not be locked: %s\n"), group,
- 				lu_strerror(error));
-+			lu_audit_logger(AUDIT_GRP_MGMT,
-+					"changing-group-lock", group,
-+					AUDIT_NO_ID, 0);
- 			return 6;
- 		}
-+		lu_audit_logger(AUDIT_GRP_MGMT,
-+				"changing-group-lock", group,
-+				AUDIT_NO_ID, 1);
- 	}
- 
- 	if (unlock) {
-@@ -165,8 +183,14 @@ main(int argc, const char **argv)
- 			fprintf(stderr,
- 				_("Group %s could not be unlocked: %s\n"),
- 				group, lu_strerror(error));
-+			lu_audit_logger(AUDIT_GRP_MGMT,
-+					"changing-group-lock", group,
-+					AUDIT_NO_ID, 0);
- 			return 7;
- 		}
-+		lu_audit_logger(AUDIT_GRP_MGMT,
-+				"changing-group-lock", group,
-+				AUDIT_NO_ID, 1);
- 	}
- 
- 	change = gid || addAdmins || remAdmins || addMembers || remMembers;
-@@ -241,8 +265,14 @@ main(int argc, const char **argv)
- 	if (change && lu_group_modify(ctx, ent, &error) == FALSE) {
- 		fprintf(stderr, _("Group %s could not be modified: %s\n"),
- 			group, lu_strerror(error));
-+		lu_audit_logger(AUDIT_GRP_MGMT,
-+				"changing-group-members", group,
-+				AUDIT_NO_ID, 0);
- 		return 8;
- 	}
-+	lu_audit_logger(AUDIT_GRP_MGMT,
-+			"changing-group-members", group,
-+			AUDIT_NO_ID, 1);
- 	if (gidNumber != LU_VALUE_INVALID_ID) {
- 		users = lu_users_enumerate_by_group_full(ctx, gid, &error);
- 
-@@ -256,8 +286,14 @@ main(int argc, const char **argv)
- 			fprintf(stderr,
- 				_("Group %s could not be modified: %s\n"),
- 				group, lu_strerror(error));
-+			lu_audit_logger(AUDIT_GRP_MGMT,
-+				"changing-group-id", group,
-+				AUDIT_NO_ID, 0);
- 			return 8;
- 		}
-+		lu_audit_logger(AUDIT_GRP_MGMT,
-+			"changing-group-id", group,
-+			AUDIT_NO_ID, 1);
- 	}
- 
- 	lu_ent_free(ent);
-diff --git a/apps/luseradd.c b/apps/luseradd.c
-index 7839183c00f892ad50f77f5aed6ada07cd3c125b..9d7f4f10a9c6f849e551f017f05c2e67e4a56259 100644
---- a/apps/luseradd.c
-+++ b/apps/luseradd.c
-@@ -210,8 +210,12 @@ main(int argc, const char **argv)
- 				lu_error_free(&error);
- 			}
- 			lu_end(ctx);
-+			lu_audit_logger(AUDIT_ADD_GROUP, "add-group", name,
-+					AUDIT_NO_ID, 0);
- 			return 1;
- 		}
-+		lu_audit_logger(AUDIT_ADD_GROUP, "add-group", name,
-+				AUDIT_NO_ID, 1);
- 	}
- 
- 	/* Retrieve the group ID. */
-@@ -259,9 +263,13 @@ main(int argc, const char **argv)
- 	if (lu_user_add(ctx, ent, &error) == FALSE) {
- 		fprintf(stderr, _("Account creation failed: %s.\n"),
- 			lu_strerror(error));
-+		lu_audit_logger(AUDIT_ADD_USER, "add-user", name,
-+					AUDIT_NO_ID, 0);
-+
- 		return 3;
- 	}
-         lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
-+	lu_audit_logger(AUDIT_ADD_USER, "add-user", name, AUDIT_NO_ID, 1);
- 
- 	/* If we don't have the the don't-create-home flag, create the user's
- 	 * home directory. */
-@@ -282,8 +290,12 @@ main(int argc, const char **argv)
- 					&error) == FALSE) {
- 			fprintf(stderr, _("Error creating %s: %s.\n"),
- 				homeDirectory, lu_strerror(error));
-+			lu_audit_logger(AUDIT_USER_MGMT, "add-home-dir", name,
-+				uidNumber, 0);
- 			return 7;
- 		}
-+		lu_audit_logger(AUDIT_USER_MGMT, "add-home-dir", name,
-+				uidNumber, 1);
- 
- 		/* Create a mail spool for the user. */
- 		if (lu_mail_spool_create(ctx, ent, &error) != TRUE) {
-@@ -311,8 +323,12 @@ main(int argc, const char **argv)
- 			fprintf(stderr, _("Error setting password for user "
- 					  "%s: %s.\n"), name,
- 				lu_strerror(error));
-+			lu_audit_logger(AUDIT_USER_CHAUTHTOK, "updating-password",
-+					name, uidNumber, 0);
- 			return 3;
- 		}
-+		lu_audit_logger(AUDIT_USER_CHAUTHTOK, "updating-password",
-+					name, uidNumber, 1);
- 	}
- 	lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
- 
-diff --git a/apps/luserdel.c b/apps/luserdel.c
-index 2f39a4ffb8ae47ac5dc3c84270b54a8ca68c7403..7e20fa7ea9bf4082967bc6931a8557936bfda0a2 100644
---- a/apps/luserdel.c
-+++ b/apps/luserdel.c
-@@ -26,6 +26,7 @@
- #include <string.h>
- #include <unistd.h>
- #include "../lib/user.h"
-+#include "../lib/user_private.h"
- #include "apputil.h"
- 
- int
-@@ -93,8 +94,12 @@ main(int argc, const char **argv)
- 	if (lu_user_delete(ctx, ent, &error) == FALSE) {
- 		fprintf(stderr, _("User %s could not be deleted: %s.\n"),
- 			user, lu_strerror(error));
-+		lu_audit_logger(AUDIT_DEL_USER, "delete-user", user,
-+				AUDIT_NO_ID, 0);
- 		return 3;
- 	}
-+	lu_audit_logger(AUDIT_DEL_USER, "delete-user", user,
-+			AUDIT_NO_ID, 1);
- 
- 	lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
- 
-@@ -126,9 +131,15 @@ main(int argc, const char **argv)
- 				fprintf(stderr, _("Group %s could not be "
- 						  "deleted: %s.\n"), tmp,
- 					lu_strerror(error));
-+				lu_audit_logger_with_group (AUDIT_DEL_GROUP,
-+					"delete-group", user, AUDIT_NO_ID,
-+					tmp, 0);
- 				return 7;
- 			}
- 		}
-+		lu_audit_logger_with_group (AUDIT_DEL_GROUP,
-+					    "delete-group", user,
-+					    AUDIT_NO_ID, tmp, 1);
- 		lu_ent_free(group_ent);
- 		lu_nscd_flush_cache(LU_NSCD_CACHE_GROUP);
- 	}
-@@ -138,8 +149,14 @@ main(int argc, const char **argv)
- 			fprintf(stderr,
- 				_("Error removing home directory: %s.\n"),
- 				lu_strerror(error));
-+			lu_audit_logger(AUDIT_USER_MGMT,
-+					"deleting-home-directory", user,
-+					AUDIT_NO_ID, 0);
- 			return 9;
- 		}
-+		lu_audit_logger(AUDIT_USER_MGMT, "deleting-home-directory", user,
-+				AUDIT_NO_ID, 1);
-+
- 		/* Delete the user's mail spool. */
- 		if (lu_mail_spool_remove(ctx, ent, &error) != TRUE) {
- 			fprintf(stderr, _("Error removing mail spool: %s"),
-diff --git a/apps/lusermod.c b/apps/lusermod.c
-index afec147475736f0b814b5e1f30c77064f3915c20..143157f114c93960fb879d9e6e0c1fb914f3ffcb 100644
---- a/apps/lusermod.c
-+++ b/apps/lusermod.c
-@@ -179,8 +179,13 @@ main(int argc, const char **argv)
- 			fprintf(stderr,
- 				_("Failed to set password for user %s: %s.\n"),
- 				user, lu_strerror(error));
-+			lu_audit_logger(AUDIT_USER_CHAUTHTOK, 
-+					"updating-password", user,
-+					uidNumber, 0);
- 			return 5;
- 		}
-+		lu_audit_logger(AUDIT_USER_CHAUTHTOK, "updating-password",
-+				user, uidNumber, 0);
- 	}
- 
- 	/* If we need to change a user's crypted password, try to change it,
-@@ -192,8 +197,13 @@ main(int argc, const char **argv)
- 			fprintf(stderr,
- 				_("Failed to set password for user %s: %s.\n"),
- 				user, lu_strerror(error));
-+			lu_audit_logger(AUDIT_USER_CHAUTHTOK, 
-+					"updating-password", user,
-+					uidNumber, 0);
- 			return 6;
- 		}
-+		lu_audit_logger(AUDIT_USER_CHAUTHTOK, "updating-password",
-+				user, uidNumber, 0);
- 	}
- 
- 	/* If we need to lock/unlock the user's account, do that. */
-@@ -202,16 +212,26 @@ main(int argc, const char **argv)
- 			fprintf(stderr,
- 				_("User %s could not be locked: %s.\n"),
- 				user, lu_strerror(error));
-+			lu_audit_logger(AUDIT_USER_CHAUTHTOK, 
-+					"locking-account", user,
-+					uidNumber, 0);
- 			return 7;
- 		}
-+		lu_audit_logger(AUDIT_USER_CHAUTHTOK, "locking-account",
-+				user, uidNumber, 0);
- 	}
- 	if (unlock) {
- 		if (lu_user_unlock(ctx, ent, &error) == FALSE) {
- 			fprintf(stderr,
- 				_("User %s could not be unlocked: %s.\n"),
- 				user, lu_strerror(error));
-+			lu_audit_logger(AUDIT_USER_CHAUTHTOK, 
-+					"unlocking-account", user,
-+					uidNumber, 0);
- 			return 8;
- 		}
-+		lu_audit_logger(AUDIT_USER_CHAUTHTOK, "unlocking-account",
-+				user, uidNumber, 0);
- 	}
- 
- 	/* Determine if we actually need to change anything. */
-@@ -274,8 +294,13 @@ main(int argc, const char **argv)
- 	if (change && (lu_user_modify(ctx, ent, &error) == FALSE)) {
- 		fprintf(stderr, _("User %s could not be modified: %s.\n"),
- 			user, lu_strerror(error));
-+			lu_audit_logger(AUDIT_USER_MGMT, 
-+					"modify-account", user,
-+					uidNumber, 0);
- 		return 9;
- 	}
-+	lu_audit_logger(AUDIT_USER_MGMT, "modify-account",
-+			user, uidNumber, 1);
- 	lu_nscd_flush_cache(LU_NSCD_CACHE_PASSWD);
- 
- 	/* If the user's name changed, we need to update supplemental
-@@ -322,12 +347,19 @@ main(int argc, const char **argv)
- 				}
- 			}
- 			/* Save the changes to the group. */
--			if (lu_group_modify(ctx, group, &error) == FALSE)
-+			if (lu_group_modify(ctx, group, &error) == FALSE) {
- 				fprintf(stderr, _("Group %s could not be "
- 						  "modified: %s.\n"),
- 					lu_ent_get_first_string(group,
- 								LU_GROUPNAME),
- 					lu_strerror(error));
-+				lu_audit_logger_with_group(AUDIT_USER_MGMT, 
-+						    "update-member-in-group", user, uidNumber,
-+						    lu_ent_get_first_string(group, LU_GROUPNAME),0);
-+			} else
-+				lu_audit_logger_with_group(AUDIT_USER_MGMT, 
-+						    "update-member-in-group", user, uidNumber,
-+						    lu_ent_get_first_string(group, LU_GROUPNAME),1);
- 			lu_ent_free(group);
- 		}
- 		g_ptr_array_free(groups, TRUE);
-@@ -353,8 +385,12 @@ main(int argc, const char **argv)
- 			fprintf(stderr, _("Error moving %s to %s: %s.\n"),
- 				oldHomeDirectory, homeDirectory,
- 				lu_strerror(error));
-+			lu_audit_logger(AUDIT_USER_MGMT, "moving-home-dir",
-+					user, uidNumber, 0);
- 			return 12;
- 		}
-+		lu_audit_logger(AUDIT_USER_MGMT, "moving-home-dir",
-+				user, uidNumber, 1);
- 	}
- 	g_free(oldHomeDirectory);
- 
-diff --git a/configure.ac b/configure.ac
-index 3e68b16a1f65ff5e5e3e905c1ffce8993e562176..0bd4a67d4c77fa1b701d74dbeab908a192dbf4d7 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -118,6 +118,23 @@ if test "x$selinux" != xno ; then
- fi
- AC_SUBST(SELINUX_LIBS)
- 
-+AC_ARG_WITH(audit,
-+AS_HELP_STRING([--with-audit],[log using Linux Audit in addition to syslog]),
-+use_audit=$withval,
-+use_audit=auto)
-+if test x$use_audit != xno ; then
-+        AC_SEARCH_LIBS([audit_open], [audit])
-+        if test x$ac_cv_search_audit_open = xno ; then
-+                if test x$use_audit != xauto ; then
-+                        AC_MSG_ERROR([requested Linux Audit, but libaudit was not found])
-+                fi
-+        else
-+                AC_DEFINE(WITH_AUDIT,1,[Define if you want to use Linux Audit.])
-+		AUDIT_LIBS=-laudit
-+        fi
-+fi
-+AC_SUBST(AUDIT_LIBS)
-+
- AC_C_CONST
- AC_TYPE_UID_T
- AC_TYPE_MODE_T
-diff --git a/lib/common.c b/lib/common.c
-index fc5df7461111908ff3eae59608ce0a51d62e155e..dce7e570ec9c92b56b28f15ab503fb7a641b660e 100644
---- a/lib/common.c
-+++ b/lib/common.c
-@@ -16,9 +16,10 @@
-  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
-  */
- 
--#include <config.h>
-+#include "config.h"
- #include <glib.h>
- #include <string.h>
-+#include <stdlib.h>
- 
- #include "internal.h"
- #include "user_private.h"
-@@ -111,3 +112,66 @@ lu_common_sgroup_default(struct lu_module *module,
- 	g_return_val_if_fail(name != NULL, FALSE);
- 	return lu_common_group_default(module, name, is_system, ent, error);
- }
-+
-+#ifdef WITH_AUDIT
-+static int audit_fd = 0;
-+
-+/* result - 1 is "success" and 0 is "failed" */
-+void lu_audit_logger(int type, const char *op, const char *name,
-+                        unsigned int id, unsigned int result)
-+{
-+	if (audit_fd == 0) {
-+		/* First time through */
-+		audit_fd = audit_open();
-+		if (audit_fd < 0) {
-+			/* You get these only when the kernel doesn't have
-+			 * audit compiled in. */
-+			if (	   (errno == EINVAL)
-+				|| (errno == EPROTONOSUPPORT)
-+				|| (errno == EAFNOSUPPORT))
-+					return;
-+			fputs("Cannot open audit interface - aborting.\n", stderr);
-+			exit(EXIT_FAILURE);
-+		}
-+	}
-+	if (audit_fd < 0)
-+		return;
-+	audit_log_acct_message(audit_fd, type, NULL, op, name, id,
-+		NULL, NULL, NULL, (int) result);
-+}
-+
-+/* result - 1 is "success" and 0 is "failed" */
-+void lu_audit_logger_with_group (int type, const char *op, const char *name,
-+		unsigned int id, const char *grp, unsigned int result)
-+{
-+	int len;
-+	char enc_group[(LOGIN_NAME_MAX*2)+1], buf[1024];
-+
-+	if (audit_fd == 0) {
-+		/* First time through */
-+		audit_fd = audit_open();
-+		if (audit_fd < 0) {
-+			/* You get these only when the kernel doesn't have
-+			 * audit compiled in. */
-+			if (	   (errno == EINVAL)
-+				|| (errno == EPROTONOSUPPORT)
-+				|| (errno == EAFNOSUPPORT))
-+					return;
-+			fputs("Cannot open audit interface - aborting.\n", stderr);
-+			exit(EXIT_FAILURE);
-+		}
-+	}
-+	if (audit_fd < 0)
-+		return;
-+	len = strnlen(grp, sizeof(enc_group)/2);
-+	if (audit_value_needs_encoding(grp, len)) {
-+		snprintf(buf, sizeof(buf), "%s grp=%s", op,
-+			audit_encode_value(enc_group, grp, len));
-+	} else {
-+		snprintf(buf, sizeof(buf), "%s grp=\"%s\"", op, grp);
-+	}
-+	audit_log_acct_message(audit_fd, type, NULL, buf, name, id,
-+			NULL, NULL, NULL, (int) result);
-+}
-+#endif
-+
-diff --git a/lib/user_private.h b/lib/user_private.h
-index a4869c138d51519539b6939406cdb0fee23ab7f6..02b813c47ee359db774bb85a2aa7aa12e18d3067 100644
---- a/lib/user_private.h
-+++ b/lib/user_private.h
-@@ -34,6 +34,9 @@
- #ifdef WITH_SELINUX
- #include <selinux/selinux.h>
- #endif
-+#ifdef WITH_AUDIT
-+#include <libaudit.h>
-+#endif
- #include "user.h"
- 
- G_BEGIN_DECLS
-@@ -357,6 +360,18 @@ id_t lu_get_first_unused_id(struct lu_context *ctx, enum lu_entity_type type,
- /* Append a copy of VALUES to DEST */
- void lu_util_append_values(GValueArray *dest, GValueArray *values);
- 
-+#ifdef WITH_AUDIT
-+void lu_audit_logger(int type, const char *op, const char *name,
-+		     unsigned int id, unsigned int result);
-+void lu_audit_logger_with_group(int type, const char *op, const char *name,
-+				 unsigned int id, const char *grp,
-+				 unsigned int result);
-+#else
-+#define lu_audit_logger(a, b, c, d, e)
-+#define lu_audit_logger_with_group(a, b, c, d, e, f)
-+#endif
-+#define AUDIT_NO_ID	((unsigned int) -1)
-+
- G_END_DECLS
- 
- #endif
--- 
-2.17.1
-

SOURCES/0004-Check-negative-return-of-PyList_Size.patch

@@ -1,44 +0,0 @@
-From 11a7ff7eeefe763be9ade949e8f2a4a2d53f6129 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jakub.hrozek@posteo.se>
-Date: Mon, 24 Sep 2018 20:51:51 +0200
-Subject: [PATCH 4/7] Check negative return of PyList_Size
-
-Merges:
-https://pagure.io/libuser/issue/28
-
-In case of an error, PyList_Size can return a negative value. We should
-check that case, also to avoid compiler warnings like:
-
-Error: COMPILER_WARNING: [#def41] [warning: defect not occurring in libuser-0.60-9.el7]
-libuser-0.62/python/misc.c: scope_hint: In function 'libuser_admin_prompt'
-libuser-0.62/python/misc.c:160:12: warning: argument 1 range [9223372036854775808, 18446744073709551615] exceeds maximum object size 9223372036854775807 [-Walloc-size-larger-than=]
-/usr/include/glib-2.0/glib/glist.h:32: included_from: Included from here.
-/usr/include/glib-2.0/glib/ghash.h:33: included_from: Included from here.
-/usr/include/glib-2.0/glib.h:50: included_from: Included from here.
-libuser-0.62/python/misc.c:25: included_from: Included from here.
-/usr/include/glib-2.0/glib/gmem.h:96:10: note: in a call to allocation function 'g_malloc0_n' declared here
----
- python/misc.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/python/misc.c b/python/misc.c
-index c4ce819bfaeb4296507b504c4647b7676377b631..fcb0ccfebae143fa7c7a43ad60d7e9b231ca8863 100644
---- a/python/misc.c
-+++ b/python/misc.c
-@@ -137,7 +137,12 @@ libuser_admin_prompt(struct libuser_admin *self, PyObject * args,
- 		return NULL;
- 	}
- 	count = PyList_Size(list);
--	if (count > INT_MAX) {
-+	if (count < 0) {
-+		PyErr_SetString(PyExc_TypeError,
-+				"prompt_list has no size; probably not a list");
-+		DEBUG_EXIT;
-+		return NULL;
-+	} else if (count > INT_MAX) {
- 		PyErr_SetString(PyExc_ValueError, "too many prompts");
- 		DEBUG_EXIT;
- 		return NULL;
--- 
-2.14.4
-

SOURCES/0004-resource-leak.patch

@@ -1,7 +1,21 @@
-diff -up libuser-0.62/lib/user.c.orig libuser-0.62/lib/user.c
---- libuser-0.62/lib/user.c.orig	2024-05-07 17:03:45.220514343 +0200
-+++ libuser-0.62/lib/user.c	2024-05-07 17:05:17.855649386 +0200
-@@ -986,7 +986,10 @@ lu_dispatch(struct lu_context *context,
+commit 009d9238317d152f524ee46c4be1ad2f93c47732
+Author: Jakub Hrozek <jakub.hrozek@posteo.se>
+Date:   Wed Sep 26 21:29:35 2018 +0200
+
+    lu_dispatch: Free tmp on failures
+    
+    Merges:
+    https://pagure.io/libuser/issue/23
+    
+    This makes the code slightly less compact with using an explicit
+    condition instead of the g_return_val_if_fail() shorthand, but freeing
+    tmp on failures.
+
+diff --git a/lib/user.c b/lib/user.c
+index ad2bb09..5709f41 100644
+--- a/lib/user.c
++++ b/lib/user.c
+@@ -980,7 +980,10 @@ lu_dispatch(struct lu_context *context,
  	case user_default:
  	case group_default:
  		/* Make sure we have both name and boolean here. */
@@ -13,7 +27,7 @@ diff -up libuser-0.62/lib/user.c.orig libuser-0.62/lib/user.c
  		/* Run the checks and preps. */
  		if (run_list(context, context->create_module_names,
  			    logic_and, id,
-@@ -1065,7 +1068,10 @@ lu_dispatch(struct lu_context *context,
+@@ -1059,7 +1062,10 @@ lu_dispatch(struct lu_context *context,
  	case user_setpass:
  	case group_setpass:
  		/* Make sure we have a valid password. */
@@ -25,7 +39,7 @@ diff -up libuser-0.62/lib/user.c.orig libuser-0.62/lib/user.c
  		/* no break: fall through */
  	case user_removepass:
  	case group_removepass:
-@@ -1094,7 +1100,10 @@ lu_dispatch(struct lu_context *context,
+@@ -1088,7 +1094,10 @@ lu_dispatch(struct lu_context *context,
  	case users_enumerate_by_group:
  	case groups_enumerate_by_user:
  		/* Make sure we have both name and ID here. */

SOURCES/0005-files.c-Init-char-name-to-NULL.patch

@@ -1,60 +0,0 @@
-From 7acf0fad0ca468f33f86084f36251df5baf3dc94 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jakub.hrozek@posteo.se>
-Date: Wed, 26 Sep 2018 21:01:59 +0200
-Subject: [PATCH 5/7] files.c: Init char *name to NULL
-
-Merges:
-https://pagure.io/libuser/issue/27
-
-This is mostly to silence coverity warnings. "enum lu_entity_type" has
-three values and several places in the code follow logic as:
-
-char *name;
-if ent->type == user:
-        name = foo()
-if ent->type == group
-        name = bar()
-g_assert(name != NULL)
-
-it shouldn't be possible for ent->type to be anything else but in the
-odd case it is, initializing name to NULL will ensure that name will be
-still NULL after the code falls through the conditions and at least the
-behaviour is defined.
----
- modules/files.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/modules/files.c b/modules/files.c
-index 6a7787e28112ba07e0fc44f2887ce1d1540af29e..8c2a282b6448bbfb313b5d4f5eeb28b8240bccd5 100644
---- a/modules/files.c
-+++ b/modules/files.c
-@@ -1501,7 +1501,7 @@ generic_lock(struct lu_module *module, const char *file_suffix, int field,
- 	     struct lu_ent *ent, enum lock_op op, struct lu_error **error)
- {
- 	struct editing *e;
--	char *value, *new_value, *name;
-+	char *value, *new_value, *name = NULL;
- 	gboolean commit = FALSE, ret = FALSE;
- 
- 	/* Get the name which keys the entries of interest in the file. */
-@@ -1561,7 +1561,7 @@ generic_is_locked(struct lu_module *module, const char *file_suffix,
- 		  int field, struct lu_ent *ent, struct lu_error **error)
- {
- 	char *filename;
--	char *value, *name;
-+	char *value, *name = NULL;
- 	int fd;
- 	gboolean ret = FALSE;
- 
-@@ -1752,7 +1752,7 @@ generic_setpass(struct lu_module *module, const char *file_suffix, int field,
- 		struct lu_error **error)
- {
- 	struct editing *e;
--	char *value, *name;
-+	char *value, *name = NULL;
- 	gboolean ret = FALSE;
- 
- 	/* Get the name of this account. */
--- 
-2.14.4
-

SOURCES/0006-merge_ent_array_duplicates-Only-use-values-if-valid.patch

@@ -1,56 +0,0 @@
-From 8da7fc83aa3e9fd868c6a8da9261b72dae7d29e7 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jakub.hrozek@posteo.se>
-Date: Wed, 26 Sep 2018 21:38:02 +0200
-Subject: [PATCH 6/7] merge_ent_array_duplicates: Only use values if valid
-
-Merges:
-https://pagure.io/libuser/issue/22
-
-Don't attempt to dereference a NULL pointer
----
- lib/user.c | 22 ++++++++++++++--------
- 1 file changed, 14 insertions(+), 8 deletions(-)
-
-diff --git a/lib/user.c b/lib/user.c
-index ad2bb099c7d12bd91188e69f188c64953b1d9748..2500565a544bb33a5e08d9807a794a42c819a2d2 100644
---- a/lib/user.c
-+++ b/lib/user.c
-@@ -691,10 +691,13 @@ merge_ent_array_duplicates(GPtrArray *array)
- 			while (attributes != NULL) {
- 				attr = (const char *)attributes->data;
- 				values = lu_ent_get_current(current, attr);
--				for (j = 0; j < values->n_values; j++) {
--					value = g_value_array_get_nth(values,
--								      j);
--					lu_ent_add_current(saved, attr, value);
-+				if (values != NULL) {
-+					for (j = 0; j < values->n_values; j++) {
-+						value = g_value_array_get_nth(
-+									values,
-+									j);
-+						lu_ent_add_current(saved, attr, value);
-+					}
- 				}
- 				attributes = g_list_next(attributes);
- 			}
-@@ -705,10 +708,13 @@ merge_ent_array_duplicates(GPtrArray *array)
- 			while (attributes != NULL) {
- 				attr = (const char *)attributes->data;
- 				values = lu_ent_get(current, attr);
--				for (j = 0; j < values->n_values; j++) {
--					value = g_value_array_get_nth(values,
--								      j);
--					lu_ent_add(saved, attr, value);
-+				if (values != NULL) {
-+					for (j = 0; j < values->n_values; j++) {
-+						value = g_value_array_get_nth(
-+									values,
-+									j);
-+						lu_ent_add(saved, attr, value);
-+					}
- 				}
- 				attributes = g_list_next(attributes);
- 			}
--- 
-2.14.4
-

SOURCES/0007-editing_open-close-fd-after-we-ve-established-its-va.patch

@@ -1,33 +0,0 @@
-From e5536845298b6672a16e5866a823fcf6562c6cf3 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jakub.hrozek@posteo.se>
-Date: Wed, 26 Sep 2018 21:15:38 +0200
-Subject: [PATCH 7/7] editing_open: close fd after we've established its
- validity
-
-Merges:
-https://pagure.io/libuser/issue/26
-
-The code used to first close(fd) and only then check if it's != -1.
-Reverse the logic so that the fd is only closed if valid.
----
- modules/files.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/modules/files.c b/modules/files.c
-index 8c2a282b6448bbfb313b5d4f5eeb28b8240bccd5..b8bf8a60e5810c0b705bd91efbdf9e27e851cd2b 100644
---- a/modules/files.c
-+++ b/modules/files.c
-@@ -387,9 +387,9 @@ editing_open(struct lu_module *module, const char *file_suffix,
- 	backup_name = g_strconcat(e->filename, "-", NULL);
- 	fd = open_and_copy_file(e->filename, backup_name, FALSE, error);
- 	g_free (backup_name);
--	close(fd);
- 	if (fd == -1)
- 		goto err_fscreate;
-+	close(fd);
- 
- 	e->new_filename = g_strconcat(e->filename, "+", NULL);
- 	e->new_fd = open_and_copy_file(e->filename, e->new_filename, TRUE,
--- 
-2.14.4
-

SOURCES/0008-lgroupmod-Emit-AUDIT_GRP_CHAUTHTOK-not-AUDIT_GRP_MGM.patch

@@ -1,48 +0,0 @@
-From c6a4e9f596c976f71894269e3168567e6118236c Mon Sep 17 00:00:00 2001
-From: Steve Grubb <sgrubb@redhat.com>
-Date: Wed, 5 Jun 2019 22:16:51 +0200
-Subject: [PATCH] lgroupmod: Emit AUDIT_GRP_CHAUTHTOK, not AUDIT_GRP_MGMT when
- changing group password
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1670997
----
- apps/lgroupmod.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/apps/lgroupmod.c b/apps/lgroupmod.c
-index 0ad0ae4..20be85f 100644
---- a/apps/lgroupmod.c
-+++ b/apps/lgroupmod.c
-@@ -138,12 +138,12 @@ main(int argc, const char **argv)
- 		    == FALSE) {
- 			fprintf(stderr, _("Failed to set password for group "
- 				"%s: %s\n"), group, lu_strerror(error));
--			lu_audit_logger(AUDIT_GRP_MGMT,
-+			lu_audit_logger(AUDIT_GRP_CHAUTHTOK,
- 					"changing-group-passwd", group,
- 					AUDIT_NO_ID, 0);
- 			return 4;
- 		}
--		lu_audit_logger(AUDIT_GRP_MGMT,
-+		lu_audit_logger(AUDIT_GRP_CHAUTHTOK,
- 				"changing-group-passwd", group,
- 				AUDIT_NO_ID, 1);
- 	}
-@@ -153,12 +153,12 @@ main(int argc, const char **argv)
- 				     &error) == FALSE) {
- 			fprintf(stderr, _("Failed to set password for group "
- 				"%s: %s\n"), group, lu_strerror(error));
--			lu_audit_logger(AUDIT_GRP_MGMT,
-+			lu_audit_logger(AUDIT_GRP_CHAUTHTOK,
- 					"changing-group-passwd", group,
- 					AUDIT_NO_ID, 0);
- 			return 5;
- 		}
--		lu_audit_logger(AUDIT_GRP_MGMT,
-+		lu_audit_logger(AUDIT_GRP_CHAUTHTOK,
- 				"changing-group-passwd", group,
- 				AUDIT_NO_ID, 1);
- 	}
--- 
-2.20.1
-

SPECS/libuser.spec

@@ -1,48 +1,40 @@
 Name: libuser
-Version: 0.62
-Release: 26%{?dist}
-Group: System Environment/Base
+Version: 0.63
+Release: 15%{?dist}
 License: LGPLv2+
 URL: https://pagure.io/libuser
 Source: http://releases.pagure.org/libuser/libuser-%{version}.tar.xz
-# https://bugzilla.redhat.com/show_bug.cgi?id=1608321
-Source1:  libuser-0_62-ja.po
-Source2:  libuser-0_62-zh_CN.po
-Source3:  libuser-0_62-zh_TW.po
-Source4:  libuser-0_62-fr.po
-Source5:  libuser-0_62-it.po
-Source6:  libuser-0_62-de.po
-Source7:  libuser-0_62-ko.po
-Source8:  libuser-0_62-pt_BR.po
-Source9:  libuser-0_62-ru.po
-Source10: libuser-0_62-es.po
+Patch0001: 0001-man-typo.patch
+Patch0002: 0002-popt-memopy.patch
+Patch0003: 0003-translation.patch
+Patch0004: 0004-resource-leak.patch
+Patch0005: 0005-translation-update.patch
 
-# Because we patch configure
-BuildRequires: autoconf gettext-devel automake libtool
-BuildRequires: glib2-devel, linuxdoc-tools, pam-devel, popt-devel
-BuildRequires: cyrus-sasl-devel, libselinux-devel, openldap-devel, python3-devel
+BuildRequires: glib2-devel
+BuildRequires: linuxdoc-tools
+BuildRequires: pam-devel
+BuildRequires: popt-devel
+BuildRequires: cyrus-sasl-devel
+BuildRequires: libselinux-devel
+BuildRequires: openldap-devel
+BuildRequires: python3-devel
 # To make sure the configure script can find it
 BuildRequires: nscd
-# We support libaudit
-BuildRequires: audit-libs-devel
+BuildRequires: gcc
 # For %%check
-BuildRequires: openldap-clients, openldap-servers, openssl
+BuildRequires: openldap-clients
+# BuildRequires: openldap-servers
+BuildRequires: openssl
+BuildRequires: make
+BuildRequires: bison
+BuildRequires: libtool
+BuildRequires: gettext-devel
+BuildRequires: gtk-doc
+BuildRequires: audit-libs-devel
+
 Summary: A user and group account administration library
 
-%define __provides_exclude_from %{python3_sitearch}/.*\.so$
-
-# Patch to address format-security.
-# Submitted upstream at https://pagure.io/libuser/pull-request/17
-Patch1: 0001-Fix-errors-with-Werror-format-security.patch
-Patch2: 0002-Use-2048-bit-keys-in-tests-to-avoid-issues-with-mode.patch
-Patch3: 0003-Add-audit-events-around-user-life-cycle.patch
-Patch4: 0004-Check-negative-return-of-PyList_Size.patch
-Patch5: 0005-files.c-Init-char-name-to-NULL.patch
-Patch6: 0006-merge_ent_array_duplicates-Only-use-values-if-valid.patch
-Patch7: 0007-editing_open-close-fd-after-we-ve-established-its-va.patch
-Patch8: 0008-lgroupmod-Emit-AUDIT_GRP_CHAUTHTOK-not-AUDIT_GRP_MGM.patch
-Patch9: 0009-man-typo.patch
-Patch10: 0010-resource-leak.patch
+%global __provides_exclude_from ^(%{_libdir}/%{name}|%{python3_sitearch})/.*$
 
 %description
 The libuser library implements a standardized interface for manipulating
@@ -53,7 +45,6 @@ Sample applications modeled after those included with the shadow password
 suite are included.
 
 %package devel
-Group: Development/Libraries
 Summary: Files needed for developing applications which use libuser
 Requires: %{name}%{?_isa} = %{version}-%{release}
 Requires: glib2-devel%{?_isa}
@@ -63,12 +54,11 @@ The libuser-devel package contains header files, static libraries, and other
 files useful for developing applications with libuser.
 
 %package -n python3-libuser
-%{?python_provide:%python_provide python2-libuser}
 Summary: Python 3 bindings for the libuser library
-Group: Development/Libraries
 Requires: libuser%{?_isa} = %{version}-%{release}
-Provides: libuser-python3 = %{version}-%{release}
-Obsoletes: libuser-python3 < %{version}-%{release}
+Provides: python3-libuser = %{version}-%{release}
+Provides: python3-libuser%{?_isa} = %{version}-%{release}
+%{?python_provide:%python_provide python3-libuser}
 
 %description -n python3-libuser
 The python3-libuser package contains the Python bindings for
@@ -76,70 +66,33 @@ the libuser library, which provides a Python 3 API for manipulating and
 administering user and group accounts.
 
 %prep
-%setup -q -n libuser-%{version}
-
-%patch -P 1 -p1
-%patch -P 2 -p1
-%patch -P 3 -p1
-%patch -P 4 -p1
-%patch -P 5 -p1
-%patch -P 6 -p1
-%patch -P 7 -p1
-%patch -P 8 -p1
-%patch -P 9 -p1
-%patch -P 10 -p1
-cp %{SOURCE1}  po/ja.po
-cp %{SOURCE2}  po/zh_CN.po
-cp %{SOURCE3}  po/zh_TW.po
-cp %{SOURCE4}  po/fr.po
-cp %{SOURCE5}  po/it.po
-cp %{SOURCE6}  po/de.po
-cp %{SOURCE7}  po/ko.po
-cp %{SOURCE8}  po/pt_BR.po
-cp %{SOURCE9}  po/ru.po
-cp %{SOURCE10} po/es.po
+%autosetup -n libuser-%{version} -p1
 
 %build
-autoreconf -if
-%configure --with-selinux \
-           --with-ldap \
-           --with-audit \
-           --with-html-dir=%{_datadir}/gtk-doc/html \
-	PYTHON=/usr/bin/python3
+./autogen.sh
+%configure --with-selinux --with-ldap --with-audit \
+           --enable-gtk-doc --with-html-dir=%{_datadir}/gtk-doc/html \
+           PYTHON=%{python3}
 make
-# (make all) only rebuilds .gmo files if the .pot file is updated, regardless of po/ja.po changes
-make -C po ja.gmo
-make -C po zh_CN.gmo
-make -C po zh_TW.gmo
-make -C po it.gmo
-make -C po de.gmo
-make -C po ko.gmo
-make -C po pt_BR.gmo
-make -C po ru.gmo
-make -C po es.gmo
 
 
 %install
-make install DESTDIR=$RPM_BUILD_ROOT INSTALL='install -p'
+%make_install
 
 %find_lang %{name}
 
-%check
-
-LC_ALL=C.UTF-8 make check \
-	|| { cat test-suite.log; false; }
-
-# Verify that all python modules load, just in case.
-LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir}:${LD_LIBRARY_PATH}
-export LD_LIBRARY_PATH
-cd $RPM_BUILD_ROOT/%{python3_sitearch}
-# The Python 3 module only supports UTF-8
-LC_ALL=C.UTF-8 python3 -c "import libuser"
+#%check
+#make check || { cat test-suite.log; false; }
+#
+## Verify that all python modules load, just in case.
+#LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%{_libdir}:${LD_LIBRARY_PATH}
+#export LD_LIBRARY_PATH
+#PYTHONPATH=$RPM_BUILD_ROOT%{python3_sitearch}
+#export PYTHONPATH
+#%{python3} -c "import libuser"
 
 
-%post -p /sbin/ldconfig
-
-%postun -p /sbin/ldconfig
+%ldconfig_scriptlets
 
 %files -f %{name}.lang
 %{!?_licensedir:%global license %%doc}
@@ -170,50 +123,120 @@ LC_ALL=C.UTF-8 python3 -c "import libuser"
 %{_datadir}/gtk-doc/html/*
 
 %changelog
-* Tue Jul 23 2024 Michal Hlavinka <mhlavink@redhat.com> - 0.62-26
-- fix findings from static application security testing (#RHEL-35578)
-- translation update (#RHEL-12111)
+* Tue May 7 2024 Tomas Halman <thalman@redhat.com> - 0.63-15
+- Update translations
+  Resolves: RHEL-12110
 
-* Tue Nov 29 2022 Tomas Halman <thalman@redhat.com> - 0.62-25
-- Man-page update
-- Resolves: rhbz#2070941 - small typo in lchage man page
+* Mon May 6 2024 Tomas Halman <thalman@redhat.com> - 0.63-14
+- Fix findings from static application security testing
+  Resolves: RHEL-35693
 
-* Wed Jun 26 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.62-23
-- Actually apply the patch from the previous build
-- Resolves: rhbz#1670997 - Amend the user lifecycle auditing
+* Tue Jul 11 2023 Tomas Halman <thalman@redhat.com> - 0.63-13
+- Translation update
+  Resolves: rhbz#2139662
 
-* Fri Jun  7 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.62-22
-- Resolves: rhbz#1670997 - Amend the user lifecycle auditing
+* Thu Nov 10 2022 Tomas Halman <thalman@redhat.com> - 0.63-12
+- correct popt memory handling
+- Fix the manpage
+  Resolves: rhbz#2070943
 
-* Fri Nov 30 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-21
-- Resolves: rhbz#1608321 - [libuser] RHEL 8.0 Tier 0 Localization
+* Fri Jul 15 2022 Tomas Halman <thalman@redhat.com> - 0.63-11
+- remove build dependency for openldap-server
+  Resolves: rhbz#2102876
 
-* Fri Oct 12 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-20
-- Resolves: rhbz#1637398 - libuser-python3 should be renamed to comply
-                           with Packaging Guidelines
+* Tue Aug 17 2021 Tomas Halman <thalman@redhat.com> - 0.63-10
+- Update changelog according git history
+  Resolves: rhbz#1993633
 
-* Wed Oct  3 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-19
-- Resolves: rhbz#1602600 -  Please review important issues found by covscan
-                            in "libuser-0.62-14.el8+7" package
+* Tue Aug 17 2021 Tomas Halman <thalman@redhat.com> - 0.63-9
+- Fix broken changelog in rpm spec
+  Resolves: rhbz#1993633
 
-* Fri Sep 28 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-18
-- Resolves: rhbz#1608321 - [libuser] RHEL 8.0 Tier 0 Localization
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 0.63-7
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
 
-* Mon Aug 13 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-17
-- Resolves: rhbz#1558151 - libuser needs audit events around the account
-                           lifecycle
+* Tue Jun 22 2021 Mohan Boddu <mboddu@redhat.com> - 0.63-6
+- Rebuilt for RHEL 9 BETA for openssl 3.0
+  Related: rhbz#1971065
 
-* Mon Aug  6 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-16
-- Use 2048bit keys in tests
-- Resolves: rhbz#1611729 - [RHEL8-S-BUILD] libuser Fails Scratch Build on rhel-8.0
+* Thu May 20 2021 Tomas Halman <thalman@redhat.com> - 0.63-5
+- Enable audit library in the build
+- Resolves: rhbz#1923043 - libuser doesn't audit events around the account lifecycle
 
-* Mon Jun 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-15
-- Drop the fakeroot dependency
-- Resolves: #1581448 - Remove fakeroot from libuser in RHEL8
+* Tue May 11 2021 Tomas Halman <thalman@redhat.com> - 0.63-4
+- Resolves: rhbz#1951601 - Remove fakeroot dependency
 
-* Sun Jun 10 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-14
-- Do not build python2-libuser at all in RHEL-8
-- Resolves: #1559103 - libuser: Drop Python 2 subpackage(s) from RHEL 8
+* Tue May 11 2021 Tomas Halman <thalman@redhat.com>  - 0.63-3
+- Renaming python package according to the standard
+- Resolves: rhbz#1951968
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.63-2
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Mon Mar 1 2021 Tomas Halman <thalman@redhat.com> - 0.63-1
+- Release new version 0.63
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-31
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Sep 09 2020 Tom Stellard <tstellar@redhat.com> - 0.62-30
+ - Use make macros
+ - https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
+
+* Wed Sep 02 2020 Merlin Mathesius <mmathesi@redhat.com> - 0.62-29
+- Pull in upstream patch that fixes FTBFS for Rawhide and ELN
+
+* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-28
+- Second attempt - Rebuilt for
+  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-27
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Fri Jul  3 2020 Jakub Hrozek <jhrozek@redhat.com> - 0.62-26
+- Temporarily disable tests, nothing changed since forever so this should be
+  safe and would unblock FTBFS
+- Related: rhbz#1817666 - libuser fails to build with Python 3.9: FAIL: tests/fs_test
+
+* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 0.62-25
+- Rebuilt for Python 3.9
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-24
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Tue Nov 26 2019 Miro Hrončok <mhroncok@redhat.com> - 0.62-23
+- Subpackage python2-libuser has been removed
+  See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal
+
+* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 0.62-22
+- Rebuilt for Python 3.8
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-21
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-20
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 0.62-19
+- Rebuilt for libcrypt.so.2 (#1666033)
+
+* Fri Jul 20 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-19
+- BuildRequires: gcc
+- Related: rhbz#1604682 - libuser: FTBFS in Fedora rawhide
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-17
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Mon Jul  9 2018 Jakub Hrozek <jhrozek@redhat.com> - 0.62-16
+- Use python2 explicitly in tests of python2 bindings instead of just "python"
+- Related: rhbz#1582899 - libuser: FTBFS in Fedora 28
+
+* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 0.62-15
+- Rebuilt for Python 3.7
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.62-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 
 * Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 0.62-13
 - Rebuilt for switch to libxcrypt
@@ -620,7 +643,7 @@ LC_ALL=C.UTF-8 python3 -c "import libuser"
 - Fix updating of groups after user renaming in lusermod
 - Allow setting a shadow password even if the current shadow password is
   invalid (#131180)
-- Add lu_{user,group}_unlock_nonempty (#86414); module interface ABI has 
+- Add lu_{user,group}_unlock_nonempty (#86414); module interface ABI has
   changed
 - Miscellaneous bug and memory leak fixes
 
@@ -695,7 +718,7 @@ LC_ALL=C.UTF-8 python3 -c "import libuser"
 - enable SELinux
 
 * Mon Sep 08 2003 Dan Walsh <dwalsh@redhat.com> 0.51.7-5
-- Turn off SELinux 
+- Turn off SELinux
 
 * Wed Aug 06 2003 Dan Walsh <dwalsh@redhat.com> 0.51.7-3
 - Add SELinux support
@@ -922,7 +945,7 @@ LC_ALL=C.UTF-8 python3 -c "import libuser"
 - finish adding a sasldb module which manipulates a sasldb file
 - add users_enumerate_by_group and groups_enumerate_by_users
 
-* Wed Jul 25 2001 Nalin Dahyabhai <nalin@redhat.com> 
+* Wed Jul 25 2001 Nalin Dahyabhai <nalin@redhat.com>
 - luserdel: remove the user's primary group if it has the same name as
   the user and has no members configured (-G disables)
 - fixup some configure stuff to make libuser.conf get generated correctly
@@ -976,7 +999,7 @@ LC_ALL=C.UTF-8 python3 -c "import libuser"
 
 * Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
 - stub out the krb5 and ldap modules so that they'll at least compile again
- 
+
 * Tue Jul 10 2001 Nalin Dahyabhai <nalin@redhat.com>
 - don't bail when writing empty fields to colon-delimited files
 - use permissions of the original file when making backup files instead of 0600