diff --git a/shadow-4.2.1-lastlog-unexpire.patch b/shadow-4.2.1-lastlog-unexpire.patch
deleted file mode 100644
index 2596820..0000000
--- a/shadow-4.2.1-lastlog-unexpire.patch
+++ /dev/null
@@ -1,249 +0,0 @@
-diff -up shadow-4.2.1/man/lastlog.8.xml.unexpire shadow-4.2.1/man/lastlog.8.xml
---- shadow-4.2.1/man/lastlog.8.xml.unexpire	2014-03-01 19:59:51.000000000 +0100
-+++ shadow-4.2.1/man/lastlog.8.xml	2016-02-03 11:50:20.481293785 +0100
-@@ -105,6 +105,17 @@
-       </varlistentry>
-       <varlistentry>
- 	<term>
-+	  <option>-C</option>, <option>--clear</option>
-+	</term>
-+	<listitem>
-+	  <para>
-+	    Clear lastlog record of an user. This option can be used only together
-+	    with <option>-u</option> (<option>--user</option>)).
-+	  </para>
-+	</listitem>
-+      </varlistentry>
-+      <varlistentry>
-+	<term>
- 	  <option>-h</option>, <option>--help</option>
- 	</term>
- 	<listitem>
-@@ -123,6 +134,17 @@
- 	  </para>
- 	</listitem>
-       </varlistentry>
-+      <varlistentry>
-+	<term>
-+	  <option>-S</option>, <option>--set</option>
-+	</term>
-+	<listitem>
-+	  <para>
-+	    Set lastlog record of an user to the current time. This option can be
-+	    used only together with <option>-u</option> (<option>--user</option>)).
-+	  </para>
-+	</listitem>
-+      </varlistentry>
-       <varlistentry>
- 	<term>
- 	  <option>-t</option>, <option>--time</option>&nbsp;<replaceable>DAYS</replaceable>
-diff -up shadow-4.2.1/src/lastlog.c.unexpire shadow-4.2.1/src/lastlog.c
---- shadow-4.2.1/src/lastlog.c.unexpire	2014-03-01 19:59:51.000000000 +0100
-+++ shadow-4.2.1/src/lastlog.c	2016-02-03 11:35:26.971273603 +0100
-@@ -71,6 +71,8 @@ static struct stat statbuf;	/* fstat buf
- static bool uflg = false;	/* print only an user of range of users */
- static bool tflg = false;	/* print is restricted to most recent days */
- static bool bflg = false;	/* print excludes most recent days */
-+static bool Cflg = false;	/* clear record for user */
-+static bool Sflg = false;	/* set record for user */
- 
- #define	NOW	(time ((time_t *) 0))
- 
-@@ -83,8 +85,10 @@ static /*@noreturn@*/void usage (int sta
- 	                  "Options:\n"),
- 	                Prog);
- 	(void) fputs (_("  -b, --before DAYS             print only lastlog records older than DAYS\n"), usageout);
-+	(void) fputs (_("  -C, --clear                   clear lastlog record of an user (usable only with -u)\n"), usageout);
- 	(void) fputs (_("  -h, --help                    display this help message and exit\n"), usageout);
- 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
-+	(void) fputs (_("  -S, --set                     set lastlog record to current time (usable only with -u)\n"), usageout);
- 	(void) fputs (_("  -t, --time DAYS               print only lastlog records more recent than DAYS\n"), usageout);
- 	(void) fputs (_("  -u, --user LOGIN              print lastlog record of the specified LOGIN\n"), usageout);
- 	(void) fputs ("\n", usageout);
-@@ -194,6 +198,80 @@ static void print (void)
- 	}
- }
- 
-+static void update_one (/*@null@*/const struct passwd *pw)
-+{
-+	off_t offset;
-+	struct lastlog ll;
-+	int err;
-+
-+	if (NULL == pw) {
-+		return;
-+	}
-+
-+	offset = (off_t) pw->pw_uid * sizeof (ll);
-+	/* fseeko errors are not really relevant for us. */
-+	err = fseeko (lastlogfile, offset, SEEK_SET);
-+	assert (0 == err);
-+
-+	memzero (&ll, sizeof (ll));
-+
-+	if (Sflg) {
-+		ll.ll_time = NOW;
-+#ifdef HAVE_LL_HOST
-+		strcpy (ll.ll_host, "localhost");
-+#endif
-+		strcpy (ll.ll_line, "lastlog");
-+#ifdef WITH_AUDIT
-+		audit_logger (AUDIT_ACCT_UNLOCK, Prog,
-+			"clearing-lastlog",
-+			pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
-+#endif
-+	}
-+#ifdef WITH_AUDIT
-+	else {
-+		audit_logger (AUDIT_ACCT_UNLOCK, Prog,
-+			"refreshing-lastlog",
-+			pw->pw_name, (unsigned int) pw->pw_uid, SHADOW_AUDIT_SUCCESS);
-+	}
-+#endif
-+
-+	if (fwrite (&ll, sizeof(ll), 1, lastlogfile) != 1) {
-+			fprintf (stderr,
-+			         _("%s: Failed to update the entry for UID %lu\n"),
-+			         Prog, (unsigned long int)pw->pw_uid);
-+			exit (EXIT_FAILURE);
-+	}
-+}
-+
-+static void update (void)
-+{
-+	const struct passwd *pwent;
-+
-+	if (!uflg) /* safety measure */
-+		return;
-+
-+	if (has_umin && has_umax && (umin == umax)) {
-+		update_one (getpwuid ((uid_t)umin));
-+	} else {
-+		setpwent ();
-+		while ( (pwent = getpwent ()) != NULL ) {
-+			if ((has_umin && (pwent->pw_uid < (uid_t)umin))
-+				|| (has_umax && (pwent->pw_uid > (uid_t)umax))) {
-+				continue;
-+			}
-+			update_one (pwent);
-+		}
-+		endpwent ();
-+	}
-+
-+	if (fflush (lastlogfile) != 0 || fsync (fileno (lastlogfile)) != 0) {
-+			fprintf (stderr,
-+			         _("%s: Failed to update the lastlog file\n"),
-+			         Prog);
-+			exit (EXIT_FAILURE);
-+	}
-+}
-+
- int main (int argc, char **argv)
- {
- 	/*
-@@ -208,18 +286,24 @@ int main (int argc, char **argv)
- 
- 	process_root_flag ("-R", argc, argv);
- 
-+#ifdef WITH_AUDIT
-+	audit_help_open ();
-+#endif
-+
- 	{
- 		int c;
- 		static struct option const longopts[] = {
- 			{"before", required_argument, NULL, 'b'},
-+			{"clear",  no_argument,       NULL, 'C'},
- 			{"help",   no_argument,       NULL, 'h'},
- 			{"root",   required_argument, NULL, 'R'},
-+			{"set",    no_argument,       NULL, 'S'},
- 			{"time",   required_argument, NULL, 't'},
- 			{"user",   required_argument, NULL, 'u'},
- 			{NULL, 0, NULL, '\0'}
- 		};
- 
--		while ((c = getopt_long (argc, argv, "b:hR:t:u:", longopts,
-+		while ((c = getopt_long (argc, argv, "b:ChR:St:u:", longopts,
- 		                         NULL)) != -1) {
- 			switch (c) {
- 			case 'b':
-@@ -235,11 +319,21 @@ int main (int argc, char **argv)
- 				bflg = true;
- 				break;
- 			}
-+			case 'C':
-+			{
-+				Cflg = true;
-+				break;
-+			}
- 			case 'h':
- 				usage (EXIT_SUCCESS);
- 				/*@notreached@*/break;
- 			case 'R': /* no-op, handled in process_root_flag () */
- 				break;
-+			case 'S':
-+			{
-+				Sflg = true;
-+				break;
-+			}
- 			case 't':
- 			{
- 				unsigned long days;
-@@ -294,9 +388,21 @@ int main (int argc, char **argv)
- 			         Prog, argv[optind]);
- 			usage (EXIT_FAILURE);
- 		}
-+		if (Cflg && Sflg) {
-+			fprintf (stderr,
-+			         _("%s: Option -C cannot be used together with option -S\n"),
-+			         Prog);
-+			usage (EXIT_FAILURE);
-+		}
-+		if ((Cflg || Sflg) && !uflg) {
-+			fprintf (stderr,
-+			         _("%s: Options -C and -S require option -u to specify the user\n"),
-+			         Prog);
-+			usage (EXIT_FAILURE);
-+		}
- 	}
- 
--	lastlogfile = fopen (LASTLOG_FILE, "r");
-+	lastlogfile = fopen (LASTLOG_FILE, (Cflg || Sflg)?"r+":"r");
- 	if (NULL == lastlogfile) {
- 		perror (LASTLOG_FILE);
- 		exit (EXIT_FAILURE);
-@@ -310,7 +416,10 @@ int main (int argc, char **argv)
- 		exit (EXIT_FAILURE);
- 	}
- 
--	print ();
-+	if (Cflg || Sflg)
-+		update ();
-+	else
-+		print ();
- 
- 	(void) fclose (lastlogfile);
- 
-diff -up shadow-4.2.1/src/Makefile.am.unexpire shadow-4.2.1/src/Makefile.am
---- shadow-4.2.1/src/Makefile.am.unexpire	2014-05-08 10:43:11.000000000 +0200
-+++ shadow-4.2.1/src/Makefile.am	2016-02-03 11:35:26.971273603 +0100
-@@ -95,6 +95,7 @@ groupmod_LDADD = $(LDADD) $(LIBPAM_SUID)
- grpck_LDADD    = $(LDADD) $(LIBSELINUX)
- grpconv_LDADD  = $(LDADD) $(LIBSELINUX)
- grpunconv_LDADD = $(LDADD) $(LIBSELINUX)
-+lastlog_LDADD   = $(LDADD) $(LIBAUDIT)
- login_SOURCES  = \
- 	login.c \
- 	login_nopam.c
-diff -up shadow-4.2.1/src/Makefile.in.unexpire shadow-4.2.1/src/Makefile.in
---- shadow-4.2.1/src/Makefile.in.unexpire	2014-05-09 18:49:48.000000000 +0200
-+++ shadow-4.2.1/src/Makefile.in	2016-02-03 11:35:26.972273609 +0100
-@@ -197,7 +197,7 @@ id_DEPENDENCIES = $(am__DEPENDENCIES_1)
- 	$(top_builddir)/lib/libshadow.la
- lastlog_SOURCES = lastlog.c
- lastlog_OBJECTS = lastlog.$(OBJEXT)
--lastlog_LDADD = $(LDADD)
-+lastlog_LDADD = $(LDADD) $(LIBAUDIT)
- lastlog_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
- 	$(top_builddir)/libmisc/libmisc.a \
- 	$(top_builddir)/lib/libshadow.la
diff --git a/shadow-4.2.1-user-busy.patch b/shadow-4.2.1-user-busy.patch
deleted file mode 100644
index ee7e41a..0000000
--- a/shadow-4.2.1-user-busy.patch
+++ /dev/null
@@ -1,48 +0,0 @@
-From d2fa8c5d4b0b19445562daf78d3a62421fe8d6b8 Mon Sep 17 00:00:00 2001
-From: Bastian Blank <bastian.blank@credativ.de>
-Date: Tue, 17 Nov 2015 10:52:24 -0600
-Subject: [PATCH] Fix user busy errors at userdel
-
-From: Bastian Blank <bastian.blank@credativ.de>
-Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
----
- libmisc/user_busy.c | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/libmisc/user_busy.c b/libmisc/user_busy.c
-index db7174a..0db32c3 100644
---- a/libmisc/user_busy.c
-+++ b/libmisc/user_busy.c
-@@ -175,6 +175,9 @@ static int user_busy_processes (const char *name, uid_t uid)
- 	if (stat ("/", &sbroot) != 0) {
- 		perror ("stat (\"/\")");
- 		(void) closedir (proc);
-+#ifdef ENABLE_SUBIDS
-+		sub_uid_close();
-+#endif
- 		return 0;
- 	}
- 
-@@ -212,6 +215,9 @@ static int user_busy_processes (const char *name, uid_t uid)
- 
- 		if (check_status (name, tmp_d_name, uid) != 0) {
- 			(void) closedir (proc);
-+#ifdef ENABLE_SUBIDS
-+			sub_uid_close();
-+#endif
- 			fprintf (stderr,
- 			         _("%s: user %s is currently used by process %d\n"),
- 			         Prog, name, pid);
-@@ -232,6 +238,9 @@ static int user_busy_processes (const char *name, uid_t uid)
- 				}
- 				if (check_status (name, task_path+6, uid) != 0) {
- 					(void) closedir (proc);
-+#ifdef ENABLE_SUBIDS
-+					sub_uid_close();
-+#endif
- 					fprintf (stderr,
- 					         _("%s: user %s is currently used by process %d\n"),
- 					         Prog, name, pid);
--- 
-2.5.0
-
diff --git a/shadow-4.2.1-audit-update.patch b/shadow-4.3.1-audit-update.patch
similarity index 92%
rename from shadow-4.2.1-audit-update.patch
rename to shadow-4.3.1-audit-update.patch
index 8f2edf8..e708f75 100644
--- a/shadow-4.2.1-audit-update.patch
+++ b/shadow-4.3.1-audit-update.patch
@@ -1,6 +1,6 @@
-diff -up shadow-4.2.1/libmisc/audit_help.c.audit-update shadow-4.2.1/libmisc/audit_help.c
---- shadow-4.2.1/libmisc/audit_help.c.audit-update	2014-03-01 18:50:05.000000000 +0100
-+++ shadow-4.2.1/libmisc/audit_help.c	2014-11-26 15:06:24.663660558 +0100
+diff -up shadow-4.3.1/libmisc/audit_help.c.audit-update shadow-4.3.1/libmisc/audit_help.c
+--- shadow-4.3.1/libmisc/audit_help.c.audit-update	2016-08-15 06:00:59.000000000 +0200
++++ shadow-4.3.1/libmisc/audit_help.c	2016-08-22 17:21:15.442291139 +0200
 @@ -68,7 +68,7 @@ void audit_help_open (void)
   * This function will log a message to the audit system using a predefined
   * message format. Parameter usage is as follows:
@@ -50,9 +50,9 @@ diff -up shadow-4.2.1/libmisc/audit_help.c.audit-update shadow-4.2.1/libmisc/aud
  void audit_logger_message (const char *message, shadow_audit_result result)
  {
  	if (audit_fd < 0) {
-diff -up shadow-4.2.1/libmisc/cleanup_group.c.audit-update shadow-4.2.1/libmisc/cleanup_group.c
---- shadow-4.2.1/libmisc/cleanup_group.c.audit-update	2014-03-01 18:50:05.000000000 +0100
-+++ shadow-4.2.1/libmisc/cleanup_group.c	2014-11-26 15:06:24.663660558 +0100
+diff -up shadow-4.3.1/libmisc/cleanup_group.c.audit-update shadow-4.3.1/libmisc/cleanup_group.c
+--- shadow-4.3.1/libmisc/cleanup_group.c.audit-update	2016-08-15 06:00:59.000000000 +0200
++++ shadow-4.3.1/libmisc/cleanup_group.c	2016-08-22 17:21:15.443291142 +0200
 @@ -83,7 +83,7 @@ void cleanup_report_mod_group (void *cle
  	         gr_dbname (),
  	         info->action));
@@ -131,9 +131,9 @@ diff -up shadow-4.2.1/libmisc/cleanup_group.c.audit-update shadow-4.2.1/libmisc/
  		                      SHADOW_AUDIT_FAILURE);
  #endif
  	}
-diff -up shadow-4.2.1/libmisc/cleanup_user.c.audit-update shadow-4.2.1/libmisc/cleanup_user.c
---- shadow-4.2.1/libmisc/cleanup_user.c.audit-update	2014-03-01 18:50:05.000000000 +0100
-+++ shadow-4.2.1/libmisc/cleanup_user.c	2014-11-26 15:06:24.663660558 +0100
+diff -up shadow-4.3.1/libmisc/cleanup_user.c.audit-update shadow-4.3.1/libmisc/cleanup_user.c
+--- shadow-4.3.1/libmisc/cleanup_user.c.audit-update	2016-08-15 06:00:59.000000000 +0200
++++ shadow-4.3.1/libmisc/cleanup_user.c	2016-08-22 17:21:15.443291142 +0200
 @@ -65,7 +65,7 @@ void cleanup_report_mod_passwd (void *cl
  	         pw_dbname (),
  	         info->action));
@@ -181,9 +181,9 @@ diff -up shadow-4.2.1/libmisc/cleanup_user.c.audit-update shadow-4.2.1/libmisc/c
  		                      SHADOW_AUDIT_FAILURE);
  #endif
  	}
-diff -up shadow-4.2.1/lib/prototypes.h.audit-update shadow-4.2.1/lib/prototypes.h
---- shadow-4.2.1/lib/prototypes.h.audit-update	2014-11-26 15:06:24.644660498 +0100
-+++ shadow-4.2.1/lib/prototypes.h	2014-11-26 15:06:24.663660558 +0100
+diff -up shadow-4.3.1/lib/prototypes.h.audit-update shadow-4.3.1/lib/prototypes.h
+--- shadow-4.3.1/lib/prototypes.h.audit-update	2016-08-22 17:21:15.406291044 +0200
++++ shadow-4.3.1/lib/prototypes.h	2016-08-22 17:21:15.443291142 +0200
 @@ -208,12 +208,21 @@ extern int audit_fd;
  extern void audit_help_open (void);
  /* Use AUDIT_NO_ID when a name is provided to audit_logger instead of an ID */
@@ -206,9 +206,9 @@ diff -up shadow-4.2.1/lib/prototypes.h.audit-update shadow-4.2.1/lib/prototypes.
  void audit_logger_message (const char *message, shadow_audit_result result);
  #endif
  
-diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
---- shadow-4.2.1/src/gpasswd.c.audit-update	2014-03-01 19:59:51.000000000 +0100
-+++ shadow-4.2.1/src/gpasswd.c	2014-11-26 15:06:24.664660561 +0100
+diff -up shadow-4.3.1/src/gpasswd.c.audit-update shadow-4.3.1/src/gpasswd.c
+--- shadow-4.3.1/src/gpasswd.c.audit-update	2016-08-15 06:00:59.000000000 +0200
++++ shadow-4.3.1/src/gpasswd.c	2016-08-22 17:21:15.444291144 +0200
 @@ -137,7 +137,7 @@ static void usage (int status)
  	(void) fputs (_("  -d, --delete USER             remove USER from GROUP\n"), usageout);
  	(void) fputs (_("  -h, --help                    display this help message and exit\n"), usageout);
@@ -218,7 +218,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
  	(void) fputs (_("  -R, --restrict                restrict access to GROUP to its members\n"), usageout);
  	(void) fputs (_("  -M, --members USER,...        set the list of members of GROUP\n"), usageout);
  #ifdef SHADOWGRP
-@@ -397,21 +397,14 @@ static void open_files (void)
+@@ -396,21 +396,14 @@ static void open_files (void)
  
  static void log_gpasswd_failure (const char *suffix)
  {
@@ -243,7 +243,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
  		              SHADOW_AUDIT_FAILURE);
  #endif
  	} else if (dflg) {
-@@ -419,13 +412,9 @@ static void log_gpasswd_failure (const c
+@@ -418,13 +411,9 @@ static void log_gpasswd_failure (const c
  		         "%s failed to remove user %s from group %s%s",
  		         myname, user, group, suffix));
  #ifdef WITH_AUDIT
@@ -260,7 +260,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
  		              SHADOW_AUDIT_FAILURE);
  #endif
  	} else if (rflg) {
-@@ -433,13 +422,9 @@ static void log_gpasswd_failure (const c
+@@ -432,13 +421,9 @@ static void log_gpasswd_failure (const c
  		         "%s failed to remove password of group %s%s",
  		         myname, group, suffix));
  #ifdef WITH_AUDIT
@@ -277,7 +277,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
  		              SHADOW_AUDIT_FAILURE);
  #endif
  	} else if (Rflg) {
-@@ -447,13 +432,9 @@ static void log_gpasswd_failure (const c
+@@ -446,13 +431,9 @@ static void log_gpasswd_failure (const c
  		         "%s failed to restrict access to group %s%s",
  		         myname, group, suffix));
  #ifdef WITH_AUDIT
@@ -294,7 +294,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
  		              SHADOW_AUDIT_FAILURE);
  #endif
  	} else if (Aflg || Mflg) {
-@@ -463,13 +444,9 @@ static void log_gpasswd_failure (const c
+@@ -462,13 +443,9 @@ static void log_gpasswd_failure (const c
  			         "%s failed to set the administrators of group %s to %s%s",
  			         myname, group, admins, suffix));
  #ifdef WITH_AUDIT
@@ -311,7 +311,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
  			              SHADOW_AUDIT_FAILURE);
  #endif
  		}
-@@ -479,13 +456,9 @@ static void log_gpasswd_failure (const c
+@@ -478,13 +455,9 @@ static void log_gpasswd_failure (const c
  			         "%s failed to set the members of group %s to %s%s",
  			         myname, group, members, suffix));
  #ifdef WITH_AUDIT
@@ -328,7 +328,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
  			              SHADOW_AUDIT_FAILURE);
  #endif
  		}
-@@ -494,13 +467,9 @@ static void log_gpasswd_failure (const c
+@@ -493,13 +466,9 @@ static void log_gpasswd_failure (const c
  		         "%s failed to change password of group %s%s",
  		         myname, group, suffix));
  #ifdef WITH_AUDIT
@@ -345,7 +345,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
  		              SHADOW_AUDIT_FAILURE);
  #endif
  	}
-@@ -531,21 +500,14 @@ static void log_gpasswd_failure_gshadow
+@@ -530,21 +499,14 @@ static void log_gpasswd_failure_gshadow
  
  static void log_gpasswd_success (const char *suffix)
  {
@@ -370,7 +370,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
  		              SHADOW_AUDIT_SUCCESS);
  #endif
  	} else if (dflg) {
-@@ -553,13 +515,9 @@ static void log_gpasswd_success (const c
+@@ -552,13 +514,9 @@ static void log_gpasswd_success (const c
  		         "user %s removed by %s from group %s%s",
  		         user, myname, group, suffix));
  #ifdef WITH_AUDIT
@@ -387,7 +387,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
  		              SHADOW_AUDIT_SUCCESS);
  #endif
  	} else if (rflg) {
-@@ -567,13 +525,9 @@ static void log_gpasswd_success (const c
+@@ -566,13 +524,9 @@ static void log_gpasswd_success (const c
  		         "password of group %s removed by %s%s",
  		         group, myname, suffix));
  #ifdef WITH_AUDIT
@@ -404,7 +404,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
  		              SHADOW_AUDIT_SUCCESS);
  #endif
  	} else if (Rflg) {
-@@ -581,13 +535,9 @@ static void log_gpasswd_success (const c
+@@ -580,13 +534,9 @@ static void log_gpasswd_success (const c
  		         "access to group %s restricted by %s%s",
  		         group, myname, suffix));
  #ifdef WITH_AUDIT
@@ -421,7 +421,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
  		              SHADOW_AUDIT_SUCCESS);
  #endif
  	} else if (Aflg || Mflg) {
-@@ -597,13 +547,9 @@ static void log_gpasswd_success (const c
+@@ -596,13 +546,9 @@ static void log_gpasswd_success (const c
  			         "administrators of group %s set by %s to %s%s",
  			         group, myname, admins, suffix));
  #ifdef WITH_AUDIT
@@ -438,7 +438,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
  			              SHADOW_AUDIT_SUCCESS);
  #endif
  		}
-@@ -613,13 +559,9 @@ static void log_gpasswd_success (const c
+@@ -612,13 +558,9 @@ static void log_gpasswd_success (const c
  			         "members of group %s set by %s to %s%s",
  			         group, myname, members, suffix));
  #ifdef WITH_AUDIT
@@ -455,7 +455,7 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
  			              SHADOW_AUDIT_SUCCESS);
  #endif
  		}
-@@ -628,13 +570,9 @@ static void log_gpasswd_success (const c
+@@ -627,13 +569,9 @@ static void log_gpasswd_success (const c
  		         "password of group %s changed by %s%s",
  		         group, myname, suffix));
  #ifdef WITH_AUDIT
@@ -472,9 +472,9 @@ diff -up shadow-4.2.1/src/gpasswd.c.audit-update shadow-4.2.1/src/gpasswd.c
  		              SHADOW_AUDIT_SUCCESS);
  #endif
  	}
-diff -up shadow-4.2.1/src/groupadd.c.audit-update shadow-4.2.1/src/groupadd.c
---- shadow-4.2.1/src/groupadd.c.audit-update	2014-03-01 19:59:51.000000000 +0100
-+++ shadow-4.2.1/src/groupadd.c	2014-11-26 15:06:24.664660561 +0100
+diff -up shadow-4.3.1/src/groupadd.c.audit-update shadow-4.3.1/src/groupadd.c
+--- shadow-4.3.1/src/groupadd.c.audit-update	2016-08-15 06:00:59.000000000 +0200
++++ shadow-4.3.1/src/groupadd.c	2016-08-22 17:21:15.444291144 +0200
 @@ -127,6 +127,15 @@ static /*@noreturn@*/void usage (int sta
  	exit (status);
  }
@@ -579,7 +579,7 @@ diff -up shadow-4.2.1/src/groupadd.c.audit-update shadow-4.2.1/src/groupadd.c
  		add_cleanup (cleanup_unlock_gshadow, NULL);
  	}
 @@ -349,7 +352,7 @@ static void open_files (void)
- 	if (gr_open (O_RDWR) == 0) {
+ 	if (gr_open (O_CREAT | O_RDWR) == 0) {
  		fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
  		SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
 -		exit (E_GRP_UPDATE);
@@ -650,10 +650,10 @@ diff -up shadow-4.2.1/src/groupadd.c.audit-update shadow-4.2.1/src/groupadd.c
  		}
  	}
  
-diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
---- shadow-4.2.1/src/groupdel.c.audit-update	2014-03-01 19:59:51.000000000 +0100
-+++ shadow-4.2.1/src/groupdel.c	2014-11-26 15:06:24.665660564 +0100
-@@ -100,6 +100,15 @@ static /*@noreturn@*/void usage (int sta
+diff -up shadow-4.3.1/src/groupdel.c.audit-update shadow-4.3.1/src/groupdel.c
+--- shadow-4.3.1/src/groupdel.c.audit-update	2016-08-15 06:00:59.000000000 +0200
++++ shadow-4.3.1/src/groupdel.c	2016-08-22 17:21:15.445291147 +0200
+@@ -102,6 +102,15 @@ static /*@noreturn@*/void usage (int sta
  	exit (status);
  }
  
@@ -669,7 +669,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
  /*
   * grp_update - update group file entries
   *
-@@ -126,7 +135,7 @@ static void grp_update (void)
+@@ -128,7 +137,7 @@ static void grp_update (void)
  		fprintf (stderr,
  		         _("%s: cannot remove entry '%s' from %s\n"),
  		         Prog, group_name, gr_dbname ());
@@ -678,7 +678,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
  	}
  
  #ifdef	SHADOWGRP
-@@ -138,7 +147,7 @@ static void grp_update (void)
+@@ -140,7 +149,7 @@ static void grp_update (void)
  			fprintf (stderr,
  			         _("%s: cannot remove entry '%s' from %s\n"),
  			         Prog, group_name, sgr_dbname ());
@@ -687,7 +687,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
  		}
  	}
  #endif				/* SHADOWGRP */
-@@ -157,12 +166,12 @@ static void close_files (void)
+@@ -159,12 +168,12 @@ static void close_files (void)
  		fprintf (stderr,
  		         _("%s: failure while writing changes to %s\n"),
  		         Prog, gr_dbname ());
@@ -702,7 +702,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
  	              group_name, (unsigned int) group_id,
  	              SHADOW_AUDIT_SUCCESS);
  #endif
-@@ -182,12 +191,12 @@ static void close_files (void)
+@@ -184,12 +193,12 @@ static void close_files (void)
  			fprintf (stderr,
  			         _("%s: failure while writing changes to %s\n"),
  			         Prog, sgr_dbname ());
@@ -718,7 +718,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
  		              group_name, (unsigned int) group_id,
  		              SHADOW_AUDIT_SUCCESS);
  #endif
-@@ -201,13 +210,6 @@ static void close_files (void)
+@@ -203,13 +212,6 @@ static void close_files (void)
  	}
  #endif				/* SHADOWGRP */
  
@@ -732,7 +732,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
  	SYSLOG ((LOG_INFO, "group '%s' removed\n", group_name));
  	del_cleanup (cleanup_report_del_group);
  }
-@@ -224,7 +226,7 @@ static void open_files (void)
+@@ -226,7 +228,7 @@ static void open_files (void)
  		fprintf (stderr,
  		         _("%s: cannot lock %s; try again later.\n"),
  		         Prog, gr_dbname ());
@@ -741,7 +741,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
  	}
  	add_cleanup (cleanup_unlock_group, NULL);
  #ifdef	SHADOWGRP
-@@ -233,7 +235,7 @@ static void open_files (void)
+@@ -235,7 +237,7 @@ static void open_files (void)
  			fprintf (stderr,
  			         _("%s: cannot lock %s; try again later.\n"),
  			         Prog, sgr_dbname ());
@@ -750,7 +750,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
  		}
  		add_cleanup (cleanup_unlock_gshadow, NULL);
  	}
-@@ -251,7 +253,7 @@ static void open_files (void)
+@@ -253,7 +255,7 @@ static void open_files (void)
  		         _("%s: cannot open %s\n"),
  		         Prog, gr_dbname ());
  		SYSLOG ((LOG_WARN, "cannot open %s", gr_dbname ()));
@@ -759,7 +759,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
  	}
  #ifdef	SHADOWGRP
  	if (is_shadow_grp) {
-@@ -260,7 +262,7 @@ static void open_files (void)
+@@ -262,7 +264,7 @@ static void open_files (void)
  			         _("%s: cannot open %s\n"),
  			         Prog, sgr_dbname ());
  			SYSLOG ((LOG_WARN, "cannot open %s", sgr_dbname ()));
@@ -768,7 +768,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
  		}
  	}
  #endif				/* SHADOWGRP */
-@@ -301,7 +303,7 @@ static void group_busy (gid_t gid)
+@@ -303,7 +305,7 @@ static void group_busy (gid_t gid)
  	fprintf (stderr,
  	         _("%s: cannot remove the primary group of user '%s'\n"),
  	         Prog, pwd->pw_name);
@@ -777,7 +777,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
  }
  
  /*
-@@ -379,7 +381,7 @@ int main (int argc, char **argv)
+@@ -384,7 +386,7 @@ int main (int argc, char **argv)
  		fprintf (stderr,
  		         _("%s: Cannot setup cleanup service.\n"),
  		         Prog);
@@ -786,7 +786,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
  	}
  
  	process_flags (argc, argv);
-@@ -393,7 +395,7 @@ int main (int argc, char **argv)
+@@ -398,7 +400,7 @@ int main (int argc, char **argv)
  			fprintf (stderr,
  			         _("%s: Cannot determine your user name.\n"),
  			         Prog);
@@ -795,7 +795,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
  		}
  
  		retval = pam_start ("groupdel", pampw->pw_name, &conv, &pamh);
-@@ -414,7 +416,7 @@ int main (int argc, char **argv)
+@@ -419,7 +421,7 @@ int main (int argc, char **argv)
  		if (NULL != pamh) {
  			(void) pam_end (pamh, retval);
  		}
@@ -804,7 +804,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
  	}
  	(void) pam_end (pamh, retval);
  #endif				/* USE_PAM */
-@@ -434,7 +436,7 @@ int main (int argc, char **argv)
+@@ -439,7 +441,7 @@ int main (int argc, char **argv)
  			fprintf (stderr,
  			         _("%s: group '%s' does not exist\n"),
  			         Prog, group_name);
@@ -813,7 +813,7 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
  		}
  
  		group_id = grp->gr_gid;
-@@ -458,7 +460,7 @@ int main (int argc, char **argv)
+@@ -463,7 +465,7 @@ int main (int argc, char **argv)
  			         _("%s: %s is the NIS master\n"),
  			         Prog, nis_master);
  		}
@@ -822,9 +822,9 @@ diff -up shadow-4.2.1/src/groupdel.c.audit-update shadow-4.2.1/src/groupdel.c
  	}
  #endif
  
-diff -up shadow-4.2.1/src/groupmod.c.audit-update shadow-4.2.1/src/groupmod.c
---- shadow-4.2.1/src/groupmod.c.audit-update	2014-03-01 19:59:51.000000000 +0100
-+++ shadow-4.2.1/src/groupmod.c	2014-11-26 15:06:24.665660564 +0100
+diff -up shadow-4.3.1/src/groupmod.c.audit-update shadow-4.3.1/src/groupmod.c
+--- shadow-4.3.1/src/groupmod.c.audit-update	2016-08-15 06:00:59.000000000 +0200
++++ shadow-4.3.1/src/groupmod.c	2016-08-22 17:21:15.445291147 +0200
 @@ -438,7 +438,7 @@ static void close_files (void)
  		exit (E_GRP_UPDATE);
  	}
@@ -1018,9 +1018,9 @@ diff -up shadow-4.2.1/src/groupmod.c.audit-update shadow-4.2.1/src/groupmod.c
  
  // FIXME: add a system cleanup
  	add_cleanup (cleanup_report_mod_group, &info_group);
-diff -up shadow-4.2.1/src/chage.c.audit-update shadow-4.2.1/src/chage.c
---- shadow-4.2.1/src/chage.c.audit-update	2014-03-01 19:59:51.000000000 +0100
-+++ shadow-4.2.1/src/chage.c	2014-11-26 15:06:24.663660558 +0100
+diff -up shadow-4.3.1/src/chage.c.audit-update shadow-4.3.1/src/chage.c
+--- shadow-4.3.1/src/chage.c.audit-update	2016-08-15 06:00:59.000000000 +0200
++++ shadow-4.3.1/src/chage.c	2016-08-22 17:21:15.446291149 +0200
 @@ -126,9 +126,10 @@ static /*@noreturn@*/void fail_exit (int
  
  #ifdef WITH_AUDIT
@@ -1108,9 +1108,9 @@ diff -up shadow-4.2.1/src/chage.c.audit-update shadow-4.2.1/src/chage.c
  			              user_name, (unsigned int) user_uid, 1);
  		}
  #endif
-diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c
---- shadow-4.2.1/src/newgrp.c.audit-update	2014-11-26 15:06:24.660660548 +0100
-+++ shadow-4.2.1/src/newgrp.c	2014-11-26 15:06:24.666660567 +0100
+diff -up shadow-4.3.1/src/newgrp.c.audit-update shadow-4.3.1/src/newgrp.c
+--- shadow-4.3.1/src/newgrp.c.audit-update	2016-08-22 17:21:15.439291131 +0200
++++ shadow-4.3.1/src/newgrp.c	2016-08-22 17:21:15.446291149 +0200
 @@ -206,11 +206,12 @@ static void check_perms (const struct gr
  		    strcmp (cpasswd, grp->gr_passwd) != 0) {
  #ifdef WITH_AUDIT
@@ -1161,7 +1161,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c
  	exit (EXIT_FAILURE);
  }
  
-@@ -317,15 +306,27 @@ static void syslog_sg (const char *name,
+@@ -320,15 +309,27 @@ static void syslog_sg (const char *name,
  				 is_newgrp ? "newgrp" : "sg", strerror (errno));
  #ifdef WITH_AUDIT
  			if (group) {
@@ -1193,7 +1193,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c
  			}
  #endif
  			exit (EXIT_FAILURE);
-@@ -451,7 +452,7 @@ int main (int argc, char **argv)
+@@ -456,7 +457,7 @@ int main (int argc, char **argv)
  #ifdef WITH_AUDIT
  		audit_logger (AUDIT_CHGRP_ID, Prog,
  		              "changing", NULL,
@@ -1202,7 +1202,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c
  #endif
  		SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)",
  		         (unsigned long) getuid ()));
-@@ -567,15 +568,26 @@ int main (int argc, char **argv)
+@@ -572,15 +573,26 @@ int main (int argc, char **argv)
  		perror ("getgroups");
  #ifdef WITH_AUDIT
  		if (group) {
@@ -1233,7 +1233,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c
  		}
  #endif
  		exit (EXIT_FAILURE);
-@@ -716,10 +728,10 @@ int main (int argc, char **argv)
+@@ -721,10 +733,10 @@ int main (int argc, char **argv)
  		perror ("setgid");
  #ifdef WITH_AUDIT
  		snprintf (audit_buf, sizeof(audit_buf),
@@ -1246,7 +1246,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c
  #endif
  		exit (EXIT_FAILURE);
  	}
-@@ -728,10 +740,10 @@ int main (int argc, char **argv)
+@@ -733,10 +745,10 @@ int main (int argc, char **argv)
  		perror ("setuid");
  #ifdef WITH_AUDIT
  		snprintf (audit_buf, sizeof(audit_buf),
@@ -1259,7 +1259,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c
  #endif
  		exit (EXIT_FAILURE);
  	}
-@@ -745,10 +757,10 @@ int main (int argc, char **argv)
+@@ -750,10 +762,10 @@ int main (int argc, char **argv)
  		execl (SHELL, "sh", "-c", command, (char *) 0);
  #ifdef WITH_AUDIT
  		snprintf (audit_buf, sizeof(audit_buf),
@@ -1272,7 +1272,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c
  #endif
  		perror (SHELL);
  		exit ((errno == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
-@@ -812,11 +824,11 @@ int main (int argc, char **argv)
+@@ -817,11 +829,11 @@ int main (int argc, char **argv)
  	}
  
  #ifdef WITH_AUDIT
@@ -1286,7 +1286,7 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c
  #endif
  	/*
  	 * Exec the login shell and go away. We are trying to get back to
-@@ -840,15 +852,24 @@ int main (int argc, char **argv)
+@@ -845,15 +857,24 @@ int main (int argc, char **argv)
  	closelog ();
  #ifdef WITH_AUDIT
  	if (NULL != group) {
@@ -1315,9 +1315,9 @@ diff -up shadow-4.2.1/src/newgrp.c.audit-update shadow-4.2.1/src/newgrp.c
  	}
  #endif
  	exit (EXIT_FAILURE);
-diff -up shadow-4.2.1/src/useradd.c.audit-update shadow-4.2.1/src/useradd.c
---- shadow-4.2.1/src/useradd.c.audit-update	2014-11-26 15:06:24.648660511 +0100
-+++ shadow-4.2.1/src/useradd.c	2014-11-26 15:14:02.446087183 +0100
+diff -up shadow-4.3.1/src/useradd.c.audit-update shadow-4.3.1/src/useradd.c
+--- shadow-4.3.1/src/useradd.c.audit-update	2016-08-22 17:21:15.410291055 +0200
++++ shadow-4.3.1/src/useradd.c	2016-08-22 17:21:15.447291152 +0200
 @@ -222,6 +222,8 @@ static void create_mail (void);
   */
  static void fail_exit (int code)
@@ -1636,7 +1636,7 @@ diff -up shadow-4.2.1/src/useradd.c.audit-update shadow-4.2.1/src/useradd.c
  		              user_name, (unsigned int) user_id,
  		              SHADOW_AUDIT_SUCCESS);
  #endif
-@@ -2098,12 +2034,6 @@ int main (int argc, char **argv)
+@@ -2100,12 +2036,6 @@ int main (int argc, char **argv)
  	 */
  	if (getpwnam (user_name) != NULL) { /* local, no need for xgetpwnam */
  		fprintf (stderr, _("%s: user '%s' already exists\n"), Prog, user_name);
@@ -1649,7 +1649,7 @@ diff -up shadow-4.2.1/src/useradd.c.audit-update shadow-4.2.1/src/useradd.c
  		fail_exit (E_NAME_IN_USE);
  	}
  
-@@ -2119,12 +2049,6 @@ int main (int argc, char **argv)
+@@ -2121,12 +2051,6 @@ int main (int argc, char **argv)
  			fprintf (stderr,
  			         _("%s: group %s exists - if you want to add this user to that group, use -g.\n"),
  			         Prog, user_name);
@@ -1662,7 +1662,7 @@ diff -up shadow-4.2.1/src/useradd.c.audit-update shadow-4.2.1/src/useradd.c
  			fail_exit (E_NAME_IN_USE);
  		}
  	}
-@@ -2154,12 +2078,6 @@ int main (int argc, char **argv)
+@@ -2156,12 +2080,6 @@ int main (int argc, char **argv)
  				fprintf (stderr,
  				         _("%s: UID %lu is not unique\n"),
  				         Prog, (unsigned long) user_id);
@@ -1675,7 +1675,7 @@ diff -up shadow-4.2.1/src/useradd.c.audit-update shadow-4.2.1/src/useradd.c
  				fail_exit (E_UID_IN_USE);
  			}
  		}
-@@ -2223,9 +2141,10 @@ int main (int argc, char **argv)
+@@ -2225,9 +2143,10 @@ int main (int argc, char **argv)
  			         _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
  			         Prog, user_name, user_selinux);
  #ifdef WITH_AUDIT
@@ -1689,9 +1689,9 @@ diff -up shadow-4.2.1/src/useradd.c.audit-update shadow-4.2.1/src/useradd.c
  #endif				/* WITH_AUDIT */
  			rv = E_SE_UPDATE;
  		    }
-diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c
---- shadow-4.2.1/src/userdel.c.audit-update	2014-11-26 15:06:24.655660533 +0100
-+++ shadow-4.2.1/src/userdel.c	2014-11-26 15:16:01.892459425 +0100
+diff -up shadow-4.3.1/src/userdel.c.audit-update shadow-4.3.1/src/userdel.c
+--- shadow-4.3.1/src/userdel.c.audit-update	2016-08-22 17:21:15.418291076 +0200
++++ shadow-4.3.1/src/userdel.c	2016-08-22 17:21:15.447291152 +0200
 @@ -214,9 +214,9 @@ static void update_groups (void)
  		 * Update the DBM group file with the new entry as well.
  		 */
@@ -1766,7 +1766,7 @@ diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c
  		fail_exit (E_PW_UPDATE);
  	}
  	pw_locked = true;
- 	if (pw_open (O_RDWR) == 0) {
+ 	if (pw_open (O_CREAT | O_RDWR) == 0) {
  		fprintf (stderr,
  		         _("%s: cannot open %s\n"), Prog, pw_dbname ());
 -#ifdef WITH_AUDIT
@@ -1817,7 +1817,7 @@ diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c
  		fail_exit (E_GRP_UPDATE);
  	}
  	gr_locked = true;
- 	if (gr_open (O_RDWR) == 0) {
+ 	if (gr_open (O_CREAT | O_RDWR) == 0) {
  		fprintf (stderr, _("%s: cannot open %s\n"), Prog, gr_dbname ());
 -#ifdef WITH_AUDIT
 -		audit_logger (AUDIT_DEL_USER, Prog,
@@ -1841,7 +1841,7 @@ diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c
  			fail_exit (E_GRP_UPDATE);
  		}
  		sgr_locked= true;
- 		if (sgr_open (O_RDWR) == 0) {
+ 		if (sgr_open (O_CREAT | O_RDWR) == 0) {
  			fprintf (stderr, _("%s: cannot open %s\n"),
  			         Prog, sgr_dbname ());
 -#ifdef WITH_AUDIT
@@ -1866,7 +1866,7 @@ diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c
  			fail_exit (E_SUB_UID_UPDATE);
  		}
  		sub_uid_locked = true;
- 		if (sub_uid_open (O_RDWR) == 0) {
+ 		if (sub_uid_open (O_CREAT | O_RDWR) == 0) {
  			fprintf (stderr,
  				_("%s: cannot open %s\n"), Prog, sub_uid_dbname ());
 -#ifdef WITH_AUDIT
@@ -1891,7 +1891,7 @@ diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c
  			fail_exit (E_SUB_GID_UPDATE);
  		}
  		sub_gid_locked = true;
- 		if (sub_gid_open (O_RDWR) == 0) {
+ 		if (sub_gid_open (O_CREAT | O_RDWR) == 0) {
  			fprintf (stderr,
  				_("%s: cannot open %s\n"), Prog, sub_gid_dbname ());
 -#ifdef WITH_AUDIT
@@ -2019,9 +2019,9 @@ diff -up shadow-4.2.1/src/userdel.c.audit-update shadow-4.2.1/src/userdel.c
  			              user_name, (unsigned int) user_id,
  			              SHADOW_AUDIT_FAILURE);
  #endif				/* WITH_AUDIT */
-diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c
---- shadow-4.2.1/src/usermod.c.audit-update	2014-11-26 15:06:24.661660551 +0100
-+++ shadow-4.2.1/src/usermod.c	2014-11-26 15:17:38.580760741 +0100
+diff -up shadow-4.3.1/src/usermod.c.audit-update shadow-4.3.1/src/usermod.c
+--- shadow-4.3.1/src/usermod.c.audit-update	2016-08-22 17:21:15.441291136 +0200
++++ shadow-4.3.1/src/usermod.c	2016-08-22 17:21:15.448291155 +0200
 @@ -447,8 +447,8 @@ static char *new_pw_passwd (char *pw_pas
  
  #ifdef WITH_AUDIT
@@ -2256,7 +2256,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c
  #endif
  			SYSLOG ((LOG_INFO, "add '%s' to shadow group '%s'",
  			         user_newname, nsgrp->sg_name));
-@@ -1810,8 +1821,8 @@ static void move_home (void)
+@@ -1758,8 +1769,8 @@ static void move_home (void)
  
  #ifdef WITH_AUDIT
  		if (uflg || gflg) {
@@ -2267,7 +2267,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c
  				      user_newname, (unsigned int) user_newid, 1);
  		}
  #endif
-@@ -1829,8 +1840,8 @@ static void move_home (void)
+@@ -1777,8 +1788,8 @@ static void move_home (void)
  				fail_exit (E_HOMEDIR);
  			}
  #ifdef WITH_AUDIT
@@ -2278,7 +2278,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c
  			              user_newname, (unsigned int) user_newid,
  			              1);
  #endif
-@@ -1849,9 +1860,9 @@ static void move_home (void)
+@@ -1797,9 +1808,9 @@ static void move_home (void)
  						         Prog, user_home);
  					}
  #ifdef WITH_AUDIT
@@ -2290,7 +2290,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c
  					              user_newname,
  					              (unsigned int) user_newid,
  					              1);
-@@ -2055,8 +2066,8 @@ static void move_mailbox (void)
+@@ -2003,8 +2014,8 @@ static void move_mailbox (void)
  		}
  #ifdef WITH_AUDIT
  		else {
@@ -2301,7 +2301,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c
  			              user_newname, (unsigned int) user_newid, 1);
  		}
  #endif
-@@ -2074,8 +2085,8 @@ static void move_mailbox (void)
+@@ -2022,8 +2033,8 @@ static void move_mailbox (void)
  		}
  #ifdef WITH_AUDIT
  		else {
@@ -2312,7 +2312,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c
  			              user_newname, (unsigned int) user_newid, 1);
  		}
  #endif
-@@ -2217,8 +2228,8 @@ int main (int argc, char **argv)
+@@ -2215,8 +2226,8 @@ int main (int argc, char **argv)
  				         _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
  				         Prog, user_name, user_selinux);
  #ifdef WITH_AUDIT
@@ -2323,7 +2323,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c
  				              user_name, (unsigned int) user_id,
  				              SHADOW_AUDIT_FAILURE);
  #endif				/* WITH_AUDIT */
-@@ -2230,8 +2241,8 @@ int main (int argc, char **argv)
+@@ -2228,8 +2239,8 @@ int main (int argc, char **argv)
  				         _("%s: warning: the user name %s to SELinux user mapping removal failed.\n"),
  				         Prog, user_name);
  #ifdef WITH_AUDIT
@@ -2334,7 +2334,7 @@ diff -up shadow-4.2.1/src/usermod.c.audit-update shadow-4.2.1/src/usermod.c
  				              user_name, (unsigned int) user_id,
  				              SHADOW_AUDIT_FAILURE);
  #endif				/* WITH_AUDIT */
-@@ -2269,8 +2280,8 @@ int main (int argc, char **argv)
+@@ -2267,8 +2278,8 @@ int main (int argc, char **argv)
  			 */
  #ifdef WITH_AUDIT
  			if (uflg || gflg) {
diff --git a/shadow-4.2.1-defs-chroot.patch b/shadow-4.3.1-defs-chroot.patch
similarity index 60%
rename from shadow-4.2.1-defs-chroot.patch
rename to shadow-4.3.1-defs-chroot.patch
index 827ad40..e57fac8 100644
--- a/shadow-4.2.1-defs-chroot.patch
+++ b/shadow-4.3.1-defs-chroot.patch
@@ -1,18 +1,18 @@
-diff -up shadow-4.2.1/src/useradd.c.defs-chroot shadow-4.2.1/src/useradd.c
---- shadow-4.2.1/src/useradd.c.defs-chroot	2014-12-01 15:14:58.000000000 +0100
-+++ shadow-4.2.1/src/useradd.c	2015-08-27 15:46:21.935698862 +0200
+diff -up shadow-4.3.1/src/useradd.c.defs-chroot shadow-4.3.1/src/useradd.c
+--- shadow-4.3.1/src/useradd.c.defs-chroot	2016-08-22 17:13:29.420068883 +0200
++++ shadow-4.3.1/src/useradd.c	2016-08-22 17:15:14.040343275 +0200
 @@ -1938,8 +1938,8 @@ int main (int argc, char **argv)
  #endif				/* ACCT_TOOLS_SETUID */
  
- 	/* Needed for userns check */
+ #ifdef ENABLE_SUBIDS
 -	uid_t uid_min = (uid_t) getdef_ulong ("UID_MIN", 1000UL);
 -	uid_t uid_max = (uid_t) getdef_ulong ("UID_MAX", 60000UL);
 +	uid_t uid_min;
 +	uid_t uid_max;
+ #endif
  
  	/*
- 	 * Get my name so that I can use it to report errors.
-@@ -1957,6 +1957,9 @@ int main (int argc, char **argv)
+@@ -1958,6 +1958,9 @@ int main (int argc, char **argv)
  	audit_help_open ();
  #endif
  
diff --git a/shadow-4.2.1-manfix.patch b/shadow-4.3.1-manfix.patch
similarity index 81%
rename from shadow-4.2.1-manfix.patch
rename to shadow-4.3.1-manfix.patch
index 2ca84b3..2aeb0a8 100644
--- a/shadow-4.2.1-manfix.patch
+++ b/shadow-4.3.1-manfix.patch
@@ -1,6 +1,6 @@
-diff -up shadow-4.2.1/man/groupmems.8.xml.manfix shadow-4.2.1/man/groupmems.8.xml
---- shadow-4.2.1/man/groupmems.8.xml.manfix	2014-03-01 19:59:51.000000000 +0100
-+++ shadow-4.2.1/man/groupmems.8.xml	2015-11-06 14:21:03.013060324 +0100
+diff -up shadow-4.3.1/man/groupmems.8.xml.manfix shadow-4.3.1/man/groupmems.8.xml
+--- shadow-4.3.1/man/groupmems.8.xml.manfix	2016-08-15 06:00:59.000000000 +0200
++++ shadow-4.3.1/man/groupmems.8.xml	2016-08-22 17:08:48.486332066 +0200
 @@ -179,20 +179,10 @@
    <refsect1 id='setup'>
      <title>SETUP</title>
@@ -25,9 +25,9 @@ diff -up shadow-4.2.1/man/groupmems.8.xml.manfix shadow-4.2.1/man/groupmems.8.xm
    </refsect1>
  
    <refsect1 id='configuration'>
-diff -up shadow-4.2.1/man/chage.1.xml.manfix shadow-4.2.1/man/chage.1.xml
---- shadow-4.2.1/man/chage.1.xml.manfix	2014-03-01 19:59:51.000000000 +0100
-+++ shadow-4.2.1/man/chage.1.xml	2014-11-26 15:34:51.256978960 +0100
+diff -up shadow-4.3.1/man/chage.1.xml.manfix shadow-4.3.1/man/chage.1.xml
+--- shadow-4.3.1/man/chage.1.xml.manfix	2016-08-15 06:00:59.000000000 +0200
++++ shadow-4.3.1/man/chage.1.xml	2016-08-22 17:08:48.486332066 +0200
 @@ -102,6 +102,9 @@
  	    Set the number of days since January 1st, 1970 when the password
  	    was last changed. The date may also be expressed in the format
@@ -38,9 +38,9 @@ diff -up shadow-4.2.1/man/chage.1.xml.manfix shadow-4.2.1/man/chage.1.xml
  	  </para>
  	</listitem>
        </varlistentry>
-diff -up shadow-4.2.1/man/ja/man5/login.defs.5.manfix shadow-4.2.1/man/ja/man5/login.defs.5
---- shadow-4.2.1/man/ja/man5/login.defs.5.manfix	2014-03-01 19:59:51.000000000 +0100
-+++ shadow-4.2.1/man/ja/man5/login.defs.5	2016-01-08 09:58:29.591702354 +0100
+diff -up shadow-4.3.1/man/ja/man5/login.defs.5.manfix shadow-4.3.1/man/ja/man5/login.defs.5
+--- shadow-4.3.1/man/ja/man5/login.defs.5.manfix	2016-08-15 06:00:59.000000000 +0200
++++ shadow-4.3.1/man/ja/man5/login.defs.5	2016-08-22 17:08:48.486332066 +0200
 @@ -147,10 +147,6 @@ 以下の参照表は、
  shadow パスワード機能のどのプログラムが
  どのパラメータを使用するかを示したものである。
@@ -52,9 +52,9 @@ diff -up shadow-4.2.1/man/ja/man5/login.defs.5.manfix shadow-4.2.1/man/ja/man5/l
  .IP groupadd 12
  GID_MAX GID_MIN
  .IP newusers 12
-diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.xml
---- shadow-4.2.1/man/login.defs.5.xml.manfix	2014-03-13 06:52:55.000000000 +0100
-+++ shadow-4.2.1/man/login.defs.5.xml	2016-01-08 09:59:35.854169787 +0100
+diff -up shadow-4.3.1/man/login.defs.5.xml.manfix shadow-4.3.1/man/login.defs.5.xml
+--- shadow-4.3.1/man/login.defs.5.xml.manfix	2016-08-15 06:00:59.000000000 +0200
++++ shadow-4.3.1/man/login.defs.5.xml	2016-08-22 17:08:48.487332069 +0200
 @@ -162,6 +162,17 @@
        long numeric parameters is machine-dependent.
      </para>
@@ -105,7 +105,7 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
        <!-- expiry: no variables (CONSOLE_GROUPS linked, but not used) -->
        <!-- faillog: no variables -->
        <varlistentry>
-@@ -350,34 +342,6 @@
+@@ -350,34 +343,6 @@
        </varlistentry>
        <!-- id: no variables -->
        <!-- lastlog: no variables -->
@@ -191,9 +191,9 @@ diff -up shadow-4.2.1/man/login.defs.5.xml.manfix shadow-4.2.1/man/login.defs.5.
        <varlistentry>
  	<term>useradd</term>
  	<listitem>
-diff -up shadow-4.2.1/man/shadow.5.xml.manfix shadow-4.2.1/man/shadow.5.xml
---- shadow-4.2.1/man/shadow.5.xml.manfix	2014-03-01 19:59:51.000000000 +0100
-+++ shadow-4.2.1/man/shadow.5.xml	2015-10-27 16:54:29.304231353 +0100
+diff -up shadow-4.3.1/man/shadow.5.xml.manfix shadow-4.3.1/man/shadow.5.xml
+--- shadow-4.3.1/man/shadow.5.xml.manfix	2016-08-15 06:00:59.000000000 +0200
++++ shadow-4.3.1/man/shadow.5.xml	2016-08-22 17:08:48.487332069 +0200
 @@ -208,8 +208,8 @@
  	  </para>
  	  <para>
@@ -205,10 +205,10 @@ diff -up shadow-4.2.1/man/shadow.5.xml.manfix shadow-4.2.1/man/shadow.5.xml
  	  </para>
  	  <para>
  	    An empty field means that there are no enforcement of an
-diff -up shadow-4.2.1/man/useradd.8.xml.manfix shadow-4.2.1/man/useradd.8.xml
---- shadow-4.2.1/man/useradd.8.xml.manfix	2014-11-26 15:34:51.234978891 +0100
-+++ shadow-4.2.1/man/useradd.8.xml	2014-11-26 15:34:51.257978963 +0100
-@@ -347,11 +347,16 @@
+diff -up shadow-4.3.1/man/useradd.8.xml.manfix shadow-4.3.1/man/useradd.8.xml
+--- shadow-4.3.1/man/useradd.8.xml.manfix	2016-08-22 17:08:48.446331961 +0200
++++ shadow-4.3.1/man/useradd.8.xml	2016-08-22 17:08:48.487332069 +0200
+@@ -347,6 +347,11 @@
  	    <option>CREATE_HOME</option> is not enabled, no home
  	    directories are created.
  	  </para>
@@ -220,15 +220,9 @@ diff -up shadow-4.2.1/man/useradd.8.xml.manfix shadow-4.2.1/man/useradd.8.xml
  	</listitem>
        </varlistentry>
        <varlistentry>
- 	<term>
--	  <option>-M</option>
-+	  <option>-M</option>, <option>--no-create-home</option>
- 	</term>
- 	<listitem>
- 	  <para>
-diff -up shadow-4.2.1/man/usermod.8.xml.manfix shadow-4.2.1/man/usermod.8.xml
---- shadow-4.2.1/man/usermod.8.xml.manfix	2014-03-01 19:59:51.000000000 +0100
-+++ shadow-4.2.1/man/usermod.8.xml	2014-11-26 15:34:51.257978963 +0100
+diff -up shadow-4.3.1/man/usermod.8.xml.manfix shadow-4.3.1/man/usermod.8.xml
+--- shadow-4.3.1/man/usermod.8.xml.manfix	2016-08-15 06:00:59.000000000 +0200
++++ shadow-4.3.1/man/usermod.8.xml	2016-08-22 17:08:48.487332069 +0200
 @@ -132,7 +132,8 @@
  	    If the <option>-m</option>
  	    option is given, the contents of the current home directory will
diff --git a/shadow-4.2.1-selinux-perms.patch b/shadow-4.3.1-selinux-perms.patch
similarity index 79%
rename from shadow-4.2.1-selinux-perms.patch
rename to shadow-4.3.1-selinux-perms.patch
index 7e7f70e..9469a7e 100644
--- a/shadow-4.2.1-selinux-perms.patch
+++ b/shadow-4.3.1-selinux-perms.patch
@@ -1,6 +1,6 @@
-diff -up shadow-4.2.1/src/chgpasswd.c.selinux-perms shadow-4.2.1/src/chgpasswd.c
---- shadow-4.2.1/src/chgpasswd.c.selinux-perms	2014-03-01 19:59:51.000000000 +0100
-+++ shadow-4.2.1/src/chgpasswd.c	2016-05-30 11:57:53.635841186 +0200
+diff -up shadow-4.3.1/src/chgpasswd.c.selinux-perms shadow-4.3.1/src/chgpasswd.c
+--- shadow-4.3.1/src/chgpasswd.c.selinux-perms	2016-08-15 06:00:59.000000000 +0200
++++ shadow-4.3.1/src/chgpasswd.c	2016-08-22 17:25:46.825011776 +0200
 @@ -39,6 +39,13 @@
  #include <pwd.h>
  #include <stdio.h>
@@ -147,9 +147,9 @@ diff -up shadow-4.2.1/src/chgpasswd.c.selinux-perms shadow-4.2.1/src/chgpasswd.c
  		/* 
  		 * The updated group file entry is then put back and will
  		 * be written to the group file later, after all the
-diff -up shadow-4.2.1/src/chpasswd.c.selinux-perms shadow-4.2.1/src/chpasswd.c
---- shadow-4.2.1/src/chpasswd.c.selinux-perms	2014-03-01 19:59:51.000000000 +0100
-+++ shadow-4.2.1/src/chpasswd.c	2016-05-30 11:58:23.034484807 +0200
+diff -up shadow-4.3.1/src/chpasswd.c.selinux-perms shadow-4.3.1/src/chpasswd.c
+--- shadow-4.3.1/src/chpasswd.c.selinux-perms	2016-08-15 06:00:59.000000000 +0200
++++ shadow-4.3.1/src/chpasswd.c	2016-08-22 17:25:46.825011776 +0200
 @@ -39,6 +39,13 @@
  #include <pwd.h>
  #include <stdio.h>
@@ -257,10 +257,10 @@ diff -up shadow-4.2.1/src/chpasswd.c.selinux-perms shadow-4.2.1/src/chpasswd.c
  		/* 
  		 * The updated password file entry is then put back and will
  		 * be written to the password file later, after all the
-diff -up shadow-4.2.1/src/Makefile.am.selinux-perms shadow-4.2.1/src/Makefile.am
---- shadow-4.2.1/src/Makefile.am.selinux-perms	2016-05-27 16:04:00.896475284 +0200
-+++ shadow-4.2.1/src/Makefile.am	2016-05-27 16:04:00.899475353 +0200
-@@ -84,9 +84,9 @@ chage_LDADD    = $(LDADD) $(LIBPAM_SUID)
+diff -up shadow-4.3.1/src/Makefile.am.selinux-perms shadow-4.3.1/src/Makefile.am
+--- shadow-4.3.1/src/Makefile.am.selinux-perms	2016-08-15 06:00:59.000000000 +0200
++++ shadow-4.3.1/src/Makefile.am	2016-08-22 17:25:46.825011776 +0200
+@@ -87,9 +87,9 @@ chage_LDADD    = $(LDADD) $(LIBPAM_SUID)
  newuidmap_LDADD    = $(LDADD) $(LIBSELINUX)
  newgidmap_LDADD    = $(LDADD) $(LIBSELINUX)
  chfn_LDADD     = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
@@ -272,18 +272,3 @@ diff -up shadow-4.2.1/src/Makefile.am.selinux-perms shadow-4.2.1/src/Makefile.am
  gpasswd_LDADD  = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
  groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
  groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
-diff -up shadow-4.2.1/src/Makefile.in.selinux-perms shadow-4.2.1/src/Makefile.in
---- shadow-4.2.1/src/Makefile.in.selinux-perms	2016-05-27 16:04:00.896475284 +0200
-+++ shadow-4.2.1/src/Makefile.in	2016-05-27 16:04:00.899475353 +0200
-@@ -521,9 +521,9 @@ chage_LDADD = $(LDADD) $(LIBPAM_SUID) $(
- newuidmap_LDADD = $(LDADD) $(LIBSELINUX)
- newgidmap_LDADD = $(LDADD) $(LIBSELINUX)
- chfn_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
--chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT)
-+chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBAUDIT) $(LIBCRYPT)
- chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD)
--chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT)
-+chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBAUDIT) $(LIBCRYPT)
- gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT)
- groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)
- groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX)