From 58c14c794f7296aabee3c7e19ee7dd86fc353b05 Mon Sep 17 00:00:00 2001
From: Iker Pedrosa <ipedrosa@redhat.com>
Date: Mon, 8 Jun 2026 09:26:44 +0200
Subject: [PATCH] groupadd, groupmod: update gshadow file with -U

Resolves: RHEL-135902
Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
---
 shadow-4.15.0-groupadd-groupmod-gshadow.patch | 111 ++++++++++++++++++
 shadow-utils.spec                             |   6 +-
 2 files changed, 115 insertions(+), 2 deletions(-)
 create mode 100644 shadow-4.15.0-groupadd-groupmod-gshadow.patch

diff --git a/shadow-4.15.0-groupadd-groupmod-gshadow.patch b/shadow-4.15.0-groupadd-groupmod-gshadow.patch
new file mode 100644
index 0000000..9ea533d
--- /dev/null
+++ b/shadow-4.15.0-groupadd-groupmod-gshadow.patch
@@ -0,0 +1,111 @@
+From f220407144f37fab591ca799fc6b930a8500a0a2 Mon Sep 17 00:00:00 2001
+From: Dennis Baurichter <dennisba@mail.upb.de>
+Date: Sun, 17 Nov 2024 03:27:40 +0100
+Subject: [PATCH] groupadd, groupmod: Update gshadow file with -U
+
+When running groupadd or groupmod with the -U|--user option, also update
+the group shadow database if it is used.
+
+Fixes: 342c934a (2020-08-09, "add -U option to groupadd and groupmod")
+Closes: <https://github.com/shadow-maint/shadow/issues/1124>
+---
+ src/groupadd.c |  4 ++++
+ src/groupmod.c | 25 ++++++++++++++++++++-----
+ 2 files changed, 24 insertions(+), 5 deletions(-)
+
+diff --git a/src/groupadd.c b/src/groupadd.c
+index 1623ba80..263dc93a 100644
+--- a/src/groupadd.c
++++ b/src/groupadd.c
+@@ -204,6 +204,10 @@ static void grp_update (void)
+ 				exit (E_GRP_UPDATE);
+ 			}
+ 			grp.gr_mem = add_list(grp.gr_mem, token);
++#ifdef  SHADOWGRP
++			if (is_shadow_grp)
++				sgrp.sg_mem = add_list(sgrp.sg_mem, token);
++#endif
+ 			token = strtok(NULL, ",");
+ 		}
+ 	}
+diff --git a/src/groupmod.c b/src/groupmod.c
+index ec2e6043..ee1b4a9d 100644
+--- a/src/groupmod.c
++++ b/src/groupmod.c
+@@ -222,7 +222,7 @@ static void grp_update (void)
+ 	new_grent (&grp);
+ #ifdef	SHADOWGRP
+ 	if (   is_shadow_grp
+-	    && (pflg || nflg)) {
++	    && (pflg || nflg || user_list)) {
+ 		osgrp = sgr_locate (group_name);
+ 		if (NULL != osgrp) {
+ 			sgrp = *osgrp;
+@@ -262,6 +262,17 @@ static void grp_update (void)
+ 			if (NULL != grp.gr_mem[0])
+ 				grp.gr_mem = dup_list (grp.gr_mem);
+ 		}
++#ifdef	SHADOWGRP
++		if (NULL != osgrp) {
++			if (!aflg) {
++				sgrp.sg_mem = XMALLOC(1, char *);
++				sgrp.sg_mem[0] = NULL;
++			} else {
++				if (NULL != sgrp.sg_mem[0])
++					sgrp.sg_mem = dup_list(sgrp.sg_mem);
++			}
++		}
++#endif				/* SHADOWGRP */
+ 
+ 		token = strtok(user_list, ",");
+ 		while (token) {
+@@ -270,6 +281,10 @@ static void grp_update (void)
+ 				exit (E_GRP_UPDATE);
+ 			}
+ 			grp.gr_mem = add_list(grp.gr_mem, token);
++#ifdef	SHADOWGRP
++			if (NULL != osgrp)
++				sgrp.sg_mem = add_list(sgrp.sg_mem, token);
++#endif				/* SHADOWGRP */
+ 			token = strtok(NULL, ",");
+ 		}
+ 	}
+@@ -486,7 +501,7 @@ static void close_files (void)
+ 
+ #ifdef	SHADOWGRP
+ 	if (   is_shadow_grp
+-	    && (pflg || nflg)) {
++	    && (pflg || nflg || user_list)) {
+ 		if (sgr_close () == 0) {
+ 			fprintf (stderr,
+ 			         _("%s: failure while writing changes to %s\n"),
+@@ -618,7 +633,7 @@ static void prepare_failure_reports (void)
+ 	add_cleanup (cleanup_report_mod_group, &info_group);
+ #ifdef	SHADOWGRP
+ 	if (   is_shadow_grp
+-	    && (pflg || nflg)) {
++	    && (pflg || nflg || user_list)) {
+ 		add_cleanup (cleanup_report_mod_gshadow, &info_gshadow);
+ 	}
+ #endif
+@@ -645,7 +660,7 @@ static void lock_files (void)
+ 
+ #ifdef	SHADOWGRP
+ 	if (   is_shadow_grp
+-	    && (pflg || nflg)) {
++	    && (pflg || nflg || user_list)) {
+ 		if (sgr_lock () == 0) {
+ 			fprintf (stderr,
+ 			         _("%s: cannot lock %s; try again later.\n"),
+@@ -683,7 +698,7 @@ static void open_files (void)
+ 
+ #ifdef	SHADOWGRP
+ 	if (   is_shadow_grp
+-	    && (pflg || nflg)) {
++	    && (pflg || nflg || user_list)) {
+ 		if (sgr_open (O_CREAT | O_RDWR) == 0) {
+ 			fprintf (stderr,
+ 			         _("%s: cannot open %s\n"),
+-- 
+2.54.0
+
diff --git a/shadow-utils.spec b/shadow-utils.spec
index 20c5457..8cc6d47 100644
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@@ -1,7 +1,7 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
 Version: 4.15.0
-Release: 12%{?dist}
+Release: 13%{?dist}
 Epoch: 2
 License: BSD-3-Clause AND GPL-2.0-or-later
 URL: https://github.com/shadow-maint/shadow
@@ -45,6 +45,8 @@ Patch11: shadow-4.15.0-groupmod-segfault.patch
 # https://github.com/shadow-maint/shadow/commit/67c42427a0941a4b47c04e8a95322be9d069ff32
 # https://github.com/shadow-maint/shadow/commit/02e930892590efd4023586696d05ce7ce2838e0f
 Patch12: shadow-4.15.0-subordinate-fix-duplicate-range.patch
+# https://github.com/shadow-maint/shadow/commit/f220407144f37fab591ca799fc6b930a8500a0a2
+Patch13: shadow-4.15.0-groupadd-groupmod-gshadow.patch
 
 ### Dependencies ###
 Requires: audit-libs >= 1.6.5
@@ -293,7 +295,7 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.a
 %{_libdir}/libsubid.so
 
 %changelog
-* Fri May 15 2026 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.15.0-12
+* Fri May 15 2026 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.15.0-13
 - groupmod.c: delete gr_free_members(&grp) to avoid double free
   Resolves: RHEL-135902
 - subordinateio.c: list_owner_ranges(): Fix duplicate range when