diff --git a/shadow-4.3.1-manfix.patch b/shadow-4.3.1-manfix.patch
index 2aeb0a8..4ca6054 100644
--- a/shadow-4.3.1-manfix.patch
+++ b/shadow-4.3.1-manfix.patch
@@ -38,6 +38,20 @@ diff -up shadow-4.3.1/man/chage.1.xml.manfix shadow-4.3.1/man/chage.1.xml
+@@ -119,6 +122,13 @@
+ system again.
+
+
++ For example the following can be used to set an account to expire
++ in 180 days:
++
++
++ chage -E $(date -d +180days +%Y-%m-%d)
++
++
+ Passing the number -1 as the
+ EXPIRE_DATE will remove an account
+ expiration date.
diff -up shadow-4.3.1/man/ja/man5/login.defs.5.manfix shadow-4.3.1/man/ja/man5/login.defs.5
--- shadow-4.3.1/man/ja/man5/login.defs.5.manfix 2016-08-15 06:00:59.000000000 +0200
+++ shadow-4.3.1/man/ja/man5/login.defs.5 2016-08-22 17:08:48.486332066 +0200
diff --git a/shadow-4.5-userdel-chroot.patch b/shadow-4.5-userdel-chroot.patch
new file mode 100644
index 0000000..e5cf287
--- /dev/null
+++ b/shadow-4.5-userdel-chroot.patch
@@ -0,0 +1,108 @@
+diff -up shadow-4.5/lib/selinux.c.userdel-chroot shadow-4.5/lib/selinux.c
+--- shadow-4.5/lib/selinux.c.userdel-chroot 2017-11-02 10:19:11.886588281 +0100
++++ shadow-4.5/lib/selinux.c 2017-11-02 11:38:32.029906306 +0100
+@@ -75,7 +75,7 @@ int set_selinux_file_context (const char
+ }
+ return 0;
+ error:
+- if (security_getenforce () != 0) {
++ if (security_getenforce () > 0) {
+ return 1;
+ }
+ return 0;
+@@ -95,7 +95,7 @@ int reset_selinux_file_context (void)
+ selinux_checked = true;
+ }
+ if (selinux_enabled) {
+- if (setfscreatecon (NULL) != 0) {
++ if (setfscreatecon (NULL) != 0 && security_getenforce () > 0) {
+ return 1;
+ }
+ }
+diff -up shadow-4.5/src/userdel.c.userdel-chroot shadow-4.5/src/userdel.c
+--- shadow-4.5/src/userdel.c.userdel-chroot 2017-11-02 10:19:11.899588578 +0100
++++ shadow-4.5/src/userdel.c 2017-11-02 11:16:07.437048450 +0100
+@@ -96,6 +96,7 @@ static char *user_home;
+ static bool fflg = false;
+ static bool rflg = false;
+ static bool Zflg = false;
++static bool Rflg = false;
+
+ static bool is_shadow_pwd;
+
+@@ -958,6 +959,7 @@ int main (int argc, char **argv)
+ rflg = true;
+ break;
+ case 'R': /* no-op, handled in process_root_flag () */
++ Rflg = true;
+ break;
+ #ifdef WITH_SELINUX
+ case 'Z':
+@@ -1031,9 +1033,11 @@ int main (int argc, char **argv)
+ * Start with a quick check to see if the user exists.
+ */
+ user_name = argv[argc - 1];
++ open_files ();
++
+ {
+- struct passwd *pwd;
+- pwd = getpwnam (user_name); /* local, no need for xgetpwnam */
++ const struct passwd *pwd;
++ pwd = pw_locate (user_name); /* we care only about local users */
+ if (NULL == pwd) {
+ fprintf (stderr, _("%s: user '%s' does not exist\n"),
+ Prog, user_name);
+@@ -1043,7 +1047,7 @@ int main (int argc, char **argv)
+ user_name, AUDIT_NO_ID,
+ SHADOW_AUDIT_FAILURE);
+ #endif /* WITH_AUDIT */
+- exit (E_NOTFOUND);
++ fail_exit (E_NOTFOUND);
+ }
+ user_id = pwd->pw_uid;
+ user_gid = pwd->pw_gid;
+@@ -1051,7 +1055,7 @@ int main (int argc, char **argv)
+ }
+ #ifdef WITH_TCB
+ if (shadowtcb_set_user (user_name) == SHADOWTCB_FAILURE) {
+- exit (E_NOTFOUND);
++ fail_exit (E_NOTFOUND);
+ }
+ #endif /* WITH_TCB */
+ #ifdef USE_NIS
+@@ -1071,7 +1075,7 @@ int main (int argc, char **argv)
+ _("%s: %s is the NIS master\n"),
+ Prog, nis_master);
+ }
+- exit (E_NOTFOUND);
++ fail_exit (E_NOTFOUND);
+ }
+ #endif /* USE_NIS */
+ /*
+@@ -1079,7 +1083,7 @@ int main (int argc, char **argv)
+ * Note: This is a best effort basis. The user may log in between,
+ * a cron job may be started on her behalf, etc.
+ */
+- if (user_busy (user_name, user_id) != 0) {
++ if (!Rflg && user_busy (user_name, user_id) != 0) {
+ if (!fflg) {
+ #ifdef WITH_AUDIT
+ audit_logger (AUDIT_DEL_USER, Prog,
+@@ -1087,15 +1091,14 @@ int main (int argc, char **argv)
+ user_name, AUDIT_NO_ID,
+ SHADOW_AUDIT_FAILURE);
+ #endif /* WITH_AUDIT */
+- exit (E_USER_BUSY);
++ fail_exit (E_USER_BUSY);
+ }
+ }
+
+ /*
+- * Do the hard stuff - open the files, create the user entries,
++ * Do the hard stuff - create the user entries,
+ * create the home directory, then close and update the files.
+ */
+- open_files ();
+ update_user ();
+ update_groups ();
+
diff --git a/shadow-utils.spec b/shadow-utils.spec
index 4b030dd..32f70ce 100644
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@@ -1,7 +1,7 @@
Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils
Version: 4.5
-Release: 5%{?dist}
+Release: 6%{?dist}
Epoch: 2
URL: http://pkg-shadow.alioth.debian.org/
Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
@@ -29,6 +29,7 @@ Patch24: shadow-4.2.1-no-lock-dos.patch
Patch28: shadow-4.3.1-selinux-perms.patch
Patch29: shadow-4.2.1-null-tm.patch
Patch30: shadow-4.1.5.1-newgrp-grouplist.patch
+Patch31: shadow-4.5-userdel-chroot.patch
License: BSD and GPLv2+
Group: System Environment/Base
@@ -78,6 +79,7 @@ are used for managing group accounts.
%patch28 -p1 -b .selinux-perms
%patch29 -p1 -b .null-tm
%patch30 -p1 -b .grouplist
+%patch31 -p1 -b .userdel-chroot
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
cp -f doc/HOWTO.utf8 doc/HOWTO
@@ -116,7 +118,6 @@ install -p -c -m 0600 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/default/useradd
ln -s useradd $RPM_BUILD_ROOT%{_sbindir}/adduser
-#ln -s %{_mandir}/man8/useradd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/adduser.8
ln -s useradd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/adduser.8
for subdir in $RPM_BUILD_ROOT/%{_mandir}/{??,??_??,??_??.*}/man* ; do
test -d $subdir && test -e $subdir/useradd.8 && echo ".so man8/useradd.8" > $subdir/adduser.8
@@ -234,6 +235,10 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/vigr.8*
%changelog
+* Thu Nov 2 2017 Tomáš Mráz - 2:4.5-6
+- fix userdel in chroot (#1316168)
+- add useful chage -E example to chage manpage
+
* Fri Sep 15 2017 Tomáš Mráz - 2:4.5-5
- do not allow "." and ".." user names