diff --git a/shadow-4.6-pwck-grpck-sssd-cache.patch b/shadow-4.6-pwck-grpck-sssd-cache.patch new file mode 100644 index 0000000..4b69224 --- /dev/null +++ b/shadow-4.6-pwck-grpck-sssd-cache.patch @@ -0,0 +1,32 @@ +diff -up shadow-4.6/src/grpck.c.pwck-grpck-sssd-cache.patch shadow-4.6/src/grpck.c +--- shadow-4.6/src/grpck.c.pwck-grpck-sssd-cache.patch 2025-11-11 16:22:09.100423804 +0100 ++++ shadow-4.6/src/grpck.c 2025-11-11 16:25:14.843456014 +0100 +@@ -872,8 +872,10 @@ int main (int argc, char **argv) + /* Commit the change in the database if needed */ + close_files (changed); + +- nscd_flush_cache ("group"); +- sssd_flush_cache (SSSD_DB_GROUP); ++ if (!read_only && changed) { ++ nscd_flush_cache ("group"); ++ sssd_flush_cache (SSSD_DB_GROUP); ++ } + + /* + * Tell the user what we did and exit. +diff -up shadow-4.6/src/pwck.c.pwck-grpck-sssd-cache.patch shadow-4.6/src/pwck.c +--- shadow-4.6/src/pwck.c.pwck-grpck-sssd-cache.patch 2025-11-11 16:22:09.101298653 +0100 ++++ shadow-4.6/src/pwck.c 2025-11-11 16:25:53.329987225 +0100 +@@ -878,8 +878,10 @@ int main (int argc, char **argv) + + close_files (changed); + +- nscd_flush_cache ("passwd"); +- sssd_flush_cache (SSSD_DB_PASSWD); ++ if (!read_only && changed) { ++ nscd_flush_cache ("passwd"); ++ sssd_flush_cache (SSSD_DB_PASSWD); ++ } + + /* + * Tell the user what we did and exit. diff --git a/shadow-4.6-shadow-logfd.patch b/shadow-4.6-shadow-logfd.patch new file mode 100644 index 0000000..25cde20 --- /dev/null +++ b/shadow-4.6-shadow-logfd.patch @@ -0,0 +1,15 @@ +diff -up shadow-4.9/lib/nss.c.shadow-logfd shadow-4.9/lib/nss.c +--- shadow-4.9/lib/nss.c.shadow-logfd 2021-07-22 23:55:35.000000000 +0200 ++++ shadow-4.9/lib/nss.c 2025-04-07 15:26:58.957447229 +0200 +@@ -42,6 +42,10 @@ void nss_init(char *nsswitch_path) { + char *line = NULL, *p, *token, *saveptr; + size_t len = 0; + ++ if (shadow_logfd == NULL) { ++ shadow_logfd = stderr; ++ } ++ + if (atomic_flag_test_and_set(&nss_init_started)) { + // Another thread has started nss_init, wait for it to complete + while (!atomic_load(&nss_init_completed)) + diff --git a/shadow-utils.spec b/shadow-utils.spec index c9c1d5a..34cc0c2 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -1,7 +1,7 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils Version: 4.6 -Release: 22%{?dist} +Release: 23%{?dist} Epoch: 2 URL: http://pkg-shadow.alioth.debian.org/ Source0: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz @@ -101,6 +101,10 @@ Patch66: shadow-4.6-skip-over-reserved-ids.patch # https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904 Patch67: shadow-4.6-gpasswd-fix-password-leak.patch Patch68: shadow-4.6-salt-remove-rounds.patch +# Downstream only patch +Patch69: shadow-4.6-shadow-logfd.patch +# https://github.com/shadow-maint/shadow/commit/ce66b8d5eb2c12356fd2975ff2d7d6eeaed7d6a8 +Patch70: shadow-4.6-pwck-grpck-sssd-cache.patch License: BSD and GPLv2+ Group: System Environment/Base @@ -205,6 +209,8 @@ Development files for shadow-utils-subid. %patch66 -p1 -b .skip-over-reserved-ids %patch67 -p1 -b .gpasswd-fix-password-leak %patch68 -p1 -b .salt-remove-rounds +%patch69 -p1 -b .shadow-logfd +%patch70 -p1 -b .pwck-grpck-sssd-cache iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 cp -f doc/HOWTO.utf8 doc/HOWTO @@ -375,6 +381,11 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la %{_libdir}/libsubid.so %changelog +* Fri Nov 14 2025 Iker Pedrosa - 2:4.6-23 +- nss.c: shadow_logfd to stderr. Resolves: RHEL-83432 +- pwck/grpck: only force nscd/sssd caches flush if anything was changed + Resolves: RHEL-123912 + * Tue Nov 21 2023 Iker Pedrosa - 2:4.6-22 - salt: remove rounds from salt string. Resolves: RHEL-16668