- Rebase to version 4.15.0

- getdef: avoid spurious error messages about unknown configuration options Signed-off-by: Iker Pedrosa <ipedrosa@redhat.com>
2024-04-03 09:49:58 +02:00 · 2024-04-03 09:49:58 +02:00 · fd50fe1eda
commit fd50fe1eda
parent 875366386d
9 changed files with 455 additions and 407 deletions
--- a/.gitignore
+++ b/.gitignore
@ -24,3 +24,5 @@ shadow-4.1.4.2.tar.bz2
 /shadow-4.13.tar.xz.asc
 /shadow-4.14.0.tar.xz
 /shadow-4.14.0.tar.xz.asc
+/shadow-4.15.0.tar.xz
+/shadow-4.15.0.tar.xz.asc
--- a/shadow-4.14.0-useradd-def-usrtemplate-selinux-label.patch
+++ b/shadow-4.14.0-useradd-def-usrtemplate-selinux-label.patch
@ -1,28 +0,0 @@
-From 48aa12af31c0b72872b411857d03a518a4200a3d Mon Sep 17 00:00:00 2001
-From: Johannes Segitz <jsegitz@suse.de>
-Date: Tue, 26 Sep 2023 15:14:14 +0200
-Subject: [PATCH] useradd: Set proper SELinux labels for def_usrtemplate
-
-Fixes: 74c17c716 ("Add support for skeleton files from /usr/etc/skel")
-
-Signed-off-by: Johannes Segitz <jsegitz@suse.com>
---
- src/useradd.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/useradd.c b/src/useradd.c
-index 76a4d649..fe62a051 100644
--- a/src/useradd.c
-+++ b/src/useradd.c
-@@ -2788,7 +2788,7 @@ int main (int argc, char **argv)
- 		if (home_added) {
- 			copy_tree (def_template, prefix_user_home, false, true,
- 			           (uid_t)-1, user_id, (gid_t)-1, user_gid);
-			copy_tree (def_usrtemplate, prefix_user_home, false, false,
-+			copy_tree (def_usrtemplate, prefix_user_home, false, true,
- 			           (uid_t)-1, user_id, (gid_t)-1, user_gid);
- 		} else {
- 			fprintf (stderr,
-- 
-2.41.0
-
--- a/shadow-4.15.0-account-tools-setuid.patch
+++ b/shadow-4.15.0-account-tools-setuid.patch
@ -1,7 +1,6 @@
-diff --git a/src/chpasswd.c b/src/chpasswd.c
-index 3a4bd4fe..246e4176 100644
--- a/src/chpasswd.c
-+++ b/src/chpasswd.c
+diff -up shadow-4.15.0/src/chpasswd.c.account-tools-setuid shadow-4.15.0/src/chpasswd.c
+--- shadow-4.15.0/src/chpasswd.c.account-tools-setuid	2024-03-08 22:27:04.000000000 +0100
+++ shadow-4.15.0/src/chpasswd.c	2024-03-11 11:21:57.561150382 +0100
@@ -443,9 +443,11 @@ int main (int argc, char **argv)
 	char *cp;
 	const char *salt;
@ -14,7 +13,7 @@ index 3a4bd4fe..246e4176 100644
 
 	int errors = 0;
 	int line = 0;
-@@ -470,19 +472,23 @@ int main (int argc, char **argv)
+@@ -469,19 +471,23 @@ int main (int argc, char **argv)
 	process_root_flag ("-R", argc, argv);
 	prefix = process_prefix_flag ("-P", argc, argv);
 
@ -26,7 +25,7 @@ index 3a4bd4fe..246e4176 100644
 #endif				/* USE_PAM */
 +#endif /* ACCT_TOOLS_SETUID */
 
- 	OPENLOG ("chpasswd");
+ 	OPENLOG (Prog);
 
 	check_perms ();
 
@ -38,15 +37,15 @@ index 3a4bd4fe..246e4176 100644
 	{
 		is_shadow_pwd = spw_file_present ();
 
-@@ -544,6 +550,7 @@ int main (int argc, char **argv)
+@@ -543,6 +549,7 @@ int main (int argc, char **argv)
 		}
 		newpwd = cp;
 
 +#ifdef ACCT_TOOLS_SETUID
 #ifdef USE_PAM
 		if (use_pam) {
- 			if (do_pam_passwd_non_interactive ("chpasswd", name, newpwd) != 0) {
-@@ -554,6 +561,7 @@ int main (int argc, char **argv)
+ 			if (do_pam_passwd_non_interactive (Prog, name, newpwd) != 0) {
+@@ -553,6 +560,7 @@ int main (int argc, char **argv)
 			}
 		} else
 #endif				/* USE_PAM */
@ -54,7 +53,7 @@ index 3a4bd4fe..246e4176 100644
 		{
 		const struct spwd *sp;
 		struct spwd newsp;
-@@ -673,9 +681,11 @@ int main (int argc, char **argv)
+@@ -672,9 +680,11 @@ int main (int argc, char **argv)
 	 * password database.
 	 */
 	if (0 != errors) {
@ -66,7 +65,7 @@ index 3a4bd4fe..246e4176 100644
 		{
 			fprintf (stderr,
 			         _("%s: error detected, changes ignored\n"),
-@@ -684,9 +694,11 @@ int main (int argc, char **argv)
+@@ -683,9 +693,11 @@ int main (int argc, char **argv)
 		fail_exit (1);
 	}
 
@ -78,10 +77,9 @@ index 3a4bd4fe..246e4176 100644
 	{
 	/* Save the changes */
 		close_files ();
-diff --git a/src/groupmems.c b/src/groupmems.c
-index 63a1601c..73f7310e 100644
--- a/src/groupmems.c
-+++ b/src/groupmems.c
+diff -up shadow-4.15.0/src/groupmems.c.account-tools-setuid shadow-4.15.0/src/groupmems.c
+--- shadow-4.15.0/src/groupmems.c.account-tools-setuid	2024-03-08 22:27:04.000000000 +0100
+++ shadow-4.15.0/src/groupmems.c	2024-03-11 11:16:18.365408572 +0100
@@ -14,9 +14,11 @@
 #include <grp.h>
 #include <stdio.h>
@ -94,7 +92,7 @@ index 63a1601c..73f7310e 100644
 #include <pwd.h>
 
 #include "alloc.h"
-@@ -430,6 +432,7 @@ static void process_flags (int argc, char **argv)
+@@ -430,6 +432,7 @@ static void process_flags (int argc, cha
 static void check_perms (void)
 {
 	if (!list) {
@ -112,12 +110,11 @@ index 63a1601c..73f7310e 100644
 	}
 }
 
-diff --git a/src/newusers.c b/src/newusers.c
-index 09e14a48..96b60de2 100644
--- a/src/newusers.c
-+++ b/src/newusers.c
+diff -up shadow-4.15.0/src/newusers.c.account-tools-setuid shadow-4.15.0/src/newusers.c
+--- shadow-4.15.0/src/newusers.c.account-tools-setuid	2024-03-08 22:27:04.000000000 +0100
+++ shadow-4.15.0/src/newusers.c	2024-03-11 11:20:07.198909046 +0100
@@ -59,6 +59,7 @@
- const char *Prog;
+ static const char Prog[] = "newusers";
 
 static bool rflg = false;	/* create a system account */
 +#ifndef ACCT_TOOLS_SETUID
@ -172,7 +169,7 @@ index 09e14a48..96b60de2 100644
 	(void) fputs ("\n", usageout);
 
 	exit (status);
-@@ -405,6 +413,7 @@ static int add_user (const char *name, uid_t uid, gid_t gid)
+@@ -405,6 +413,7 @@ static int add_user (const char *name, u
 	return (pw_update (&pwent) == 0) ? -1 : 0;
 }
 
@ -180,7 +177,7 @@ index 09e14a48..96b60de2 100644
 #ifndef USE_PAM
 /*
  * update_passwd - update the password in the passwd entry
-@@ -457,6 +466,7 @@ static int update_passwd (struct passwd *pwd, const char *password)
+@@ -457,6 +466,7 @@ static int update_passwd (struct passwd
 	return 0;
 }
 #endif				/* !USE_PAM */
@ -188,7 +185,7 @@ index 09e14a48..96b60de2 100644
 
 /*
  * add_passwd - add or update the encrypted password
-@@ -465,10 +475,13 @@ static int add_passwd (struct passwd *pwd, const char *password)
+@@ -465,10 +475,13 @@ static int add_passwd (struct passwd *pw
 {
 	const struct spwd *sp;
 	struct spwd spent;
@ -202,7 +199,7 @@ index 09e14a48..96b60de2 100644
 #ifndef USE_PAM
 	void *crypt_arg = NULL;
 	if (NULL != crypt_method) {
-@@ -505,13 +518,14 @@ static int add_passwd (struct passwd *pwd, const char *password)
+@@ -505,13 +518,14 @@ static int add_passwd (struct passwd *pw
 		return update_passwd (pwd, password);
 	}
 #endif				/* USE_PAM */
@ -218,7 +215,7 @@ index 09e14a48..96b60de2 100644
 	if (NULL != sp) {
 		spent = *sp;
 		if (   (NULL != crypt_method)
-@@ -547,7 +561,7 @@ static int add_passwd (struct passwd *pwd, const char *password)
+@@ -547,7 +561,7 @@ static int add_passwd (struct passwd *pw
 	if (strcmp (pwd->pw_passwd, "x") != 0) {
 		return update_passwd (pwd, password);
 	}
@ -227,7 +224,7 @@ index 09e14a48..96b60de2 100644
 	/*
 	 * If there is already a shadow entry, do not touch it.
 	 * If there is already a passwd entry with a password, do not
-@@ -558,14 +572,14 @@ static int add_passwd (struct passwd *pwd, const char *password)
+@@ -558,14 +572,14 @@ static int add_passwd (struct passwd *pw
 	    || (strcmp (pwd->pw_passwd, "x") != 0)) {
 		return 0;
 	}
@ -244,7 +241,7 @@ index 09e14a48..96b60de2 100644
 	if ((crypt_method != NULL) && (0 == strcmp(crypt_method, "NONE"))) {
 		spent.sp_pwdp = (char *)password;
 	} else {
-@@ -610,35 +624,41 @@ static int add_passwd (struct passwd *pwd, const char *password)
+@@ -610,35 +624,41 @@ static int add_passwd (struct passwd *pw
 static void process_flags (int argc, char **argv)
 {
 	int c;
@ -288,7 +285,7 @@ index 09e14a48..96b60de2 100644
 	                         "bhr",
 #endif
 	                         long_options, NULL)) != -1) {
-@@ -646,11 +666,13 @@ static void process_flags (int argc, char **argv)
+@@ -646,11 +666,13 @@ static void process_flags (int argc, cha
 		case 'b':
 			allow_bad_names = true;
 			break;
@ -302,7 +299,7 @@ index 09e14a48..96b60de2 100644
 		case 'h':
 			usage (EXIT_SUCCESS);
 			break;
-@@ -659,6 +681,7 @@ static void process_flags (int argc, char **argv)
+@@ -659,6 +681,7 @@ static void process_flags (int argc, cha
 			break;
 		case 'R': /* no-op, handled in process_root_flag () */
 			break;
@ -310,7 +307,7 @@ index 09e14a48..96b60de2 100644
 #ifndef USE_PAM
 #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) || defined(USE_YESCRYPT)
 		case 's':
-@@ -698,6 +721,7 @@ static void process_flags (int argc, char **argv)
+@@ -698,6 +721,7 @@ static void process_flags (int argc, cha
 			break;
 #endif				/* USE_SHA_CRYPT || USE_BCRYPT || USE_YESCRYPT */
 #endif				/* !USE_PAM */
@ -318,7 +315,7 @@ index 09e14a48..96b60de2 100644
 		default:
 			usage (EXIT_FAILURE);
 			break;
-@@ -730,6 +754,7 @@ static void process_flags (int argc, char **argv)
+@@ -730,6 +754,7 @@ static void process_flags (int argc, cha
  */
 static void check_flags (void)
 {
@ -347,9 +344,9 @@ index 09e14a48..96b60de2 100644
 #endif				/* USE_PAM */
 +#endif /* ACCT_TOOLS_SETUID */
 
- 	Prog = Basename (argv[0]);
 	log_set_progname(Prog);
-@@ -1196,6 +1224,7 @@ int main (int argc, char **argv)
+ 	log_set_logfd(stderr);
+@@ -1195,6 +1223,7 @@ int main (int argc, char **argv)
 		}
 		newpw = *pw;
 
@ -357,7 +354,7 @@ index 09e14a48..96b60de2 100644
 #ifdef USE_PAM
 		/* keep the list of user/password for later update by PAM */
 		nusers++;
-@@ -1212,6 +1241,7 @@ int main (int argc, char **argv)
+@@ -1211,6 +1240,7 @@ int main (int argc, char **argv)
 		usernames[nusers-1] = strdup (fields[0]);
 		passwords[nusers-1] = strdup (fields[1]);
 #endif				/* USE_PAM */
@ -365,7 +362,7 @@ index 09e14a48..96b60de2 100644
 		if (add_passwd (&newpw, fields[1]) != 0) {
 			fprintf (stderr,
 			         _("%s: line %d: can't update password\n"),
-@@ -1328,6 +1358,7 @@ int main (int argc, char **argv)
+@@ -1327,6 +1357,7 @@ int main (int argc, char **argv)
 	nscd_flush_cache ("group");
 	sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
 
@ -373,7 +370,7 @@ index 09e14a48..96b60de2 100644
 #ifdef USE_PAM
 	unsigned int i;
 	/* Now update the passwords using PAM */
-@@ -1340,6 +1371,7 @@ int main (int argc, char **argv)
+@@ -1339,6 +1370,7 @@ int main (int argc, char **argv)
 		}
 	}
 #endif				/* USE_PAM */
--- a/shadow-4.15.0-audit-update.patch
+++ b/shadow-4.15.0-audit-update.patch
--- a/shadow-4.15.0-date-parsing.patch
+++ b/shadow-4.15.0-date-parsing.patch
@ -1,7 +1,7 @@
-Index: shadow-4.5/libmisc/getdate.y
+Index: shadow-4.5/lib/getdate.y
 ===================================================================
--- shadow-4.5.orig/libmisc/getdate.y
-+++ shadow-4.5/libmisc/getdate.y
+--- shadow-4.5.orig/lib/getdate.y
+++ shadow-4.5/lib/getdate.y
@@ -152,6 +152,7 @@ static int	yyHaveDay;
 static int	yyHaveRel;
 static int	yyHaveTime;
--- a/shadow-4.15.0-getdef-spurious-error.patch
+++ b/shadow-4.15.0-getdef-spurious-error.patch
@ -0,0 +1,137 @@
+From ead55e9ba8958504e23e29545f90c4dd925c7462 Mon Sep 17 00:00:00 2001
+From: Serge Hallyn <serge@hallyn.com>
+Date: Wed, 20 Mar 2024 17:39:46 -0500
+Subject: [PATCH] getdef: avoid spurious error messages about unknown
+ configuration options
+
+def_find can return NULL for unset, not just unknown, config options.  So
+move the decision of whether to log an error message about an unknown config
+option back into def_find, which knows the difference.  Only putdef_str()
+will pass a char* srcfile to def_find, so only calls from putdef_str will
+cause the message, which was the original intent of fa68441bc4be8.
+
+closes #967
+
+fixes: fa68441bc4be8 ("Improve the login.defs unknown item error message")
+Signed-off-by: Serge Hallyn <serge@hallyn.com>
+---
+ lib/getdef.c | 30 ++++++++++++++++--------------
+ 1 file changed, 16 insertions(+), 14 deletions(-)
+
+diff --git a/lib/getdef.c b/lib/getdef.c
+index 4d4d4e19..ef2ae1f0 100644
+--- a/lib/getdef.c
+++ b/lib/getdef.c
+@@ -176,7 +176,7 @@ static const char* def_fname = LOGINDEFS;	/* login config defs file       */
+ static bool def_loaded = false;		/* are defs already loaded?     */
+ 
+ /* local function prototypes */
+-static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *);
+static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *, const char *);
+ static void def_load (void);
+ 
+ 
+@@ -195,7 +195,7 @@ static void def_load (void);
+ 		def_load ();
+ 	}
+ 
+-	d = def_find (item);
+	d = def_find (item, NULL);
+ 	return (NULL == d) ? NULL : d->value;
+ }
+ 
+@@ -214,7 +214,7 @@ bool getdef_bool (const char *item)
+ 		def_load ();
+ 	}
+ 
+-	d = def_find (item);
+	d = def_find (item, NULL);
+ 	if ((NULL == d) || (NULL == d->value)) {
+ 		return false;
+ 	}
+@@ -240,7 +240,7 @@ int getdef_num (const char *item, int dflt)
+ 		def_load ();
+ 	}
+ 
+-	d = def_find (item);
+	d = def_find (item, NULL);
+ 	if ((NULL == d) || (NULL == d->value)) {
+ 		return dflt;
+ 	}
+@@ -275,7 +275,7 @@ unsigned int getdef_unum (const char *item, unsigned int dflt)
+ 		def_load ();
+ 	}
+ 
+-	d = def_find (item);
+	d = def_find (item, NULL);
+ 	if ((NULL == d) || (NULL == d->value)) {
+ 		return dflt;
+ 	}
+@@ -310,7 +310,7 @@ long getdef_long (const char *item, long dflt)
+ 		def_load ();
+ 	}
+ 
+-	d = def_find (item);
+	d = def_find (item, NULL);
+ 	if ((NULL == d) || (NULL == d->value)) {
+ 		return dflt;
+ 	}
+@@ -342,7 +342,7 @@ unsigned long getdef_ulong (const char *item, unsigned long dflt)
+ 		def_load ();
+ 	}
+ 
+-	d = def_find (item);
+	d = def_find (item, NULL);
+ 	if ((NULL == d) || (NULL == d->value)) {
+ 		return dflt;
+ 	}
+@@ -375,12 +375,9 @@ int putdef_str (const char *name, const char *value, const char *srcfile)
+ 	 * Locate the slot to save the value.  If this parameter
+ 	 * is unknown then "def_find" will print an err message.
+ 	 */
+-	d = def_find (name);
+-	if (NULL == d) {
+-		if (NULL != srcfile)
+-			SYSLOG ((LOG_CRIT, "shadow: unknown configuration item '%s' in '%s'", name, srcfile));
+	d = def_find (name, srcfile);
+	if (NULL == d)
+ 		return -1;
+-	}
+ 
+ 	/*
+ 	 * Save off the value.
+@@ -404,9 +401,12 @@ int putdef_str (const char *name, const char *value, const char *srcfile)
+  *
+  * Search through a table of configurable items to locate the
+  * specified configuration option.
+ *
+ * If srcfile is not NULL, and the item is not found, then report an error saying
+ * the unknown item was used in this file.
+  */
+ 
+-static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name)
+static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name, const char *srcfile)
+ {
+ 	struct itemdef *ptr;
+ 
+@@ -432,6 +432,8 @@ static /*@observer@*/ /*@null@*/struct itemdef *def_find (const char *name)
+ 	fprintf (shadow_logfd,
+ 	         _("configuration error - unknown item '%s' (notify administrator)\n"),
+ 	         name);
+	if (srcfile != NULL)
+		SYSLOG ((LOG_CRIT, "shadow: unknown configuration item '%s' in '%s'", name, srcfile));
+ 
+ out:
+ 	return NULL;
+@@ -610,7 +612,7 @@ int main (int argc, char **argv)
+ 	def_load ();
+ 
+ 	for (i = 0; i < NUMDEFS; ++i) {
+-		d = def_find (def_table[i].name);
+		d = def_find (def_table[i].name, NULL);
+ 		if (NULL == d) {
+ 			printf ("error - lookup '%s' failed\n",
+ 			        def_table[i].name);
+-- 
+2.44.0
+
--- a/shadow-4.15.0-manfix.patch
+++ b/shadow-4.15.0-manfix.patch
@ -1,7 +1,7 @@
-diff -up shadow-4.8.1/man/groupmems.8.xml.manfix shadow-4.8.1/man/groupmems.8.xml
--- shadow-4.8.1/man/groupmems.8.xml.manfix	2020-03-17 15:34:48.750414984 +0100
-+++ shadow-4.8.1/man/groupmems.8.xml	2020-03-17 15:41:13.383588722 +0100
-@@ -179,20 +179,10 @@
+diff -up shadow-4.15.0/man/groupmems.8.xml.manfix shadow-4.15.0/man/groupmems.8.xml
+--- shadow-4.15.0/man/groupmems.8.xml.manfix	2023-05-26 04:56:11.000000000 +0200
+++ shadow-4.15.0/man/groupmems.8.xml	2024-02-09 10:42:20.337036378 +0100
+@@ -156,20 +156,10 @@
   <refsect1 id='setup'>
     <title>SETUP</title>
     <para>
@ -25,10 +25,10 @@ diff -up shadow-4.8.1/man/groupmems.8.xml.manfix shadow-4.8.1/man/groupmems.8.xm
   </refsect1>
 
   <refsect1 id='configuration'>
-diff -up shadow-4.8.1/man/ja/man5/login.defs.5.manfix shadow-4.8.1/man/ja/man5/login.defs.5
--- shadow-4.8.1/man/ja/man5/login.defs.5.manfix	2019-07-23 17:26:08.000000000 +0200
-+++ shadow-4.8.1/man/ja/man5/login.defs.5	2020-03-17 15:34:48.750414984 +0100
-@@ -147,10 +147,6 @@ 以下の参照表は、
+diff -up shadow-4.15.0/man/ja/man5/login.defs.5.manfix shadow-4.15.0/man/ja/man5/login.defs.5
+--- shadow-4.15.0/man/ja/man5/login.defs.5.manfix	2023-03-13 21:58:56.000000000 +0100
+++ shadow-4.15.0/man/ja/man5/login.defs.5	2024-02-09 10:42:20.337036378 +0100
+@@ -123,10 +123,6 @@ 以下の参照表は、
 shadow パスワード機能のどのプログラムが
 どのパラメータを使用するかを示したものである。
 .na
@ -39,10 +39,10 @@ diff -up shadow-4.8.1/man/ja/man5/login.defs.5.manfix shadow-4.8.1/man/ja/man5/l
 .IP groupadd 12
 GID_MAX GID_MIN
 .IP newusers 12
-diff -up shadow-4.8.1/man/login.defs.5.xml.manfix shadow-4.8.1/man/login.defs.5.xml
--- shadow-4.8.1/man/login.defs.5.xml.manfix	2020-01-17 16:47:56.000000000 +0100
-+++ shadow-4.8.1/man/login.defs.5.xml	2020-03-17 15:34:48.750414984 +0100
-@@ -164,6 +164,17 @@
+diff -up shadow-4.15.0/man/login.defs.5.xml.manfix shadow-4.15.0/man/login.defs.5.xml
+--- shadow-4.15.0/man/login.defs.5.xml.manfix	2024-01-22 22:36:43.000000000 +0100
+++ shadow-4.15.0/man/login.defs.5.xml	2024-02-09 10:45:49.014407259 +0100
+@@ -144,6 +144,17 @@
       long numeric parameters is machine-dependent.
     </para>
 
@ -60,7 +60,7 @@ diff -up shadow-4.8.1/man/login.defs.5.xml.manfix shadow-4.8.1/man/login.defs.5.
     <para>The following configuration items are provided:</para>
 
     <variablelist remap='IP'>
-@@ -256,16 +267,6 @@
+@@ -240,16 +251,6 @@
 	</listitem>
       </varlistentry>
       <varlistentry>
@ -77,7 +77,7 @@ diff -up shadow-4.8.1/man/login.defs.5.xml.manfix shadow-4.8.1/man/login.defs.5.
 	<term>chgpasswd</term>
 	<listitem>
 	  <para>
-@@ -286,14 +287,6 @@
+@@ -276,14 +277,6 @@
 	  </para>
 	</listitem>
       </varlistentry>
@ -92,7 +92,7 @@ diff -up shadow-4.8.1/man/login.defs.5.xml.manfix shadow-4.8.1/man/login.defs.5.
       <!-- expiry: no variables (CONSOLE_GROUPS linked, but not used) -->
       <!-- faillog: no variables -->
       <varlistentry>
-@@ -359,34 +352,6 @@
+@@ -352,34 +345,6 @@
 	  <para>LASTLOG_UID_MAX</para>
 	</listitem>
       </varlistentry>
@ -127,25 +127,7 @@ diff -up shadow-4.8.1/man/login.defs.5.xml.manfix shadow-4.8.1/man/login.defs.5.
       <!-- logoutd: no variables -->
       <varlistentry>
 	<term>newgrp / sg</term>
-@@ -415,17 +380,6 @@
- 	</listitem>
-       </varlistentry>
-       <!-- nologin: no variables -->
-      <varlistentry condition="no_pam">
-	<term>passwd</term>
-	<listitem>
-	  <para>
-	    ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
-	    PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
-	    <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
-	    SHA_CRYPT_MIN_ROUNDS</phrase>
-	  </para>
-	</listitem>
-      </varlistentry>
-       <varlistentry>
- 	<term>pwck</term>
- 	<listitem>
-@@ -452,32 +406,6 @@
+@@ -451,32 +416,6 @@
 	  </para>
 	</listitem>
       </varlistentry>
@ -166,12 +148,12 @@ diff -up shadow-4.8.1/man/login.defs.5.xml.manfix shadow-4.8.1/man/login.defs.5.
 -	  </para>
 -	</listitem>
 -      </varlistentry>
-      <varlistentry>
+-      <varlistentry condition="no_pam">
 -	<term>sulogin</term>
 -	<listitem>
 -	  <para>
 -	    ENV_HZ
-	    <phrase condition="no_pam">ENV_TZ</phrase>
+-	    ENV_TZ
 -	  </para>
 -	</listitem>
 -      </varlistentry>
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@ -1,7 +1,7 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
-Version: 4.14.0
-Release: 6%{?dist}
+Version: 4.15.0
+Release: 1%{?dist}
 Epoch: 2
 License: BSD-3-Clause AND GPL-2.0-or-later
 URL: https://github.com/shadow-maint/shadow
@ -19,20 +19,15 @@ Source7: passwd.pamd

 ### Patches ###
 # Misc manual page changes - non-upstreamable
-Patch0: shadow-4.14.0-manfix.patch
+Patch0: shadow-4.15.0-manfix.patch
 # Date parsing improvement - could be upstreamed
-Patch1: shadow-4.2.1-date-parsing.patch
+Patch1: shadow-4.15.0-date-parsing.patch
 # Audit message changes - partially upstreamed
-Patch2: shadow-4.14.0-audit-update.patch
-# https://github.com/shadow-maint/shadow/pull/812
-Patch3: shadow-4.14.0-useradd-def-usrtemplate-selinux-label.patch
+Patch2: shadow-4.15.0-audit-update.patch
 # Probably non-upstreamable
-Patch4: shadow-4.14.0-account-tools-setuid.patch
-# https://github.com/shadow-maint/shadow/commit/43b4e5a6c41f5c43cad18810f9229e40e8c4a57e
-# https://github.com/shadow-maint/shadow/commit/45f34ee8c196a98397504cb7ed8576b6f1825cf9
-Patch5: shadow-4.14.0-remove-libcrack.patch
-# https://github.com/shadow-maint/shadow/pull/927
-Patch6: shadow-4.14.0-passwd-stdin.patch
+Patch3: shadow-4.15.0-account-tools-setuid.patch
+# https://github.com/shadow-maint/shadow/commit/ead55e9ba8958504e23e29545f90c4dd925c7462
+Patch4: shadow-4.15.0-getdef-spurious-error.patch

 ### Dependencies ###
 Requires: audit-libs >= 1.6.5
@ -107,7 +102,7 @@ cp -a %{SOURCE4} %{SOURCE5} .
 cp -a %{SOURCE6} man/login.defs.d/HOME_MODE.xml

 # Force regeneration of getdate.c
-rm libmisc/getdate.c
+rm lib/getdate.c

 %build
 %ifarch sparc64
@ -193,9 +188,11 @@ rm $RPM_BUILD_ROOT%{_mandir}/*/man8/faillog.*

 # Remove PAM service files we don't use.
 rm $RPM_BUILD_ROOT%{_pam_confdir}/chfn
+rm $RPM_BUILD_ROOT%{_pam_confdir}/chpasswd
 rm $RPM_BUILD_ROOT%{_pam_confdir}/chsh
 rm $RPM_BUILD_ROOT%{_pam_confdir}/groupmems
 rm $RPM_BUILD_ROOT%{_pam_confdir}/login
+rm $RPM_BUILD_ROOT%{_pam_confdir}/newusers
 rm $RPM_BUILD_ROOT%{_pam_confdir}/su

 find $RPM_BUILD_ROOT%{_mandir} -depth -type d -empty -delete
@ -278,6 +275,10 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.a
 %{_libdir}/libsubid.so

 %changelog
+* Wed Apr  3 2024 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.15.0-1
+- Rebase to version 4.15.0
+- getdef: avoid spurious error messages about unknown configuration options
+
 * Mon Feb 12 2024 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.14.0-6
 - Build linking `libpam`

--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (shadow-4.14.0.tar.xz) = ff960481d576f9db5a9f10becc4e1a74c03de484ecfdcd7f1ea735fded683d7ba0f9cd895dc6a431b77e5a633752273178b1bcda4cefaa5adbf0f143c9a0c86f
-SHA512 (shadow-4.14.0.tar.xz.asc) = d011a732d73b4b066ca8d204c0420303f925c87efc7655feb5c5f60b619d67da450e220ee44f6c86929ae79cbd4343136fe9c20d25b39fa0a228a48e57636309
+SHA512 (shadow-4.15.0.tar.xz) = 88d72fb706f6792b460c14a9b1b42fe0b5962834ec3793f296cbc138807736b5ad73d3f802cda74db740a71545eb1c8ec47447c2250299eb730ed2b2674e2249
+SHA512 (shadow-4.15.0.tar.xz.asc) = 0a39d6a45b7d8df12aade89ed9fc9d481c91297dbd34e85fe831426c1d0051cbcf8478759306b8871cd6b1835604c5836decf398d0165c50ac52fee365561446