<feed xmlns='http://www.w3.org/2005/Atom'>
<title>packages/utils/shadow/patches, branch master</title>
<subtitle>Mirror of packages feed</subtitle>
<id>https://git.openwrt.org/feed/packages/atom?h=master</id>
<link rel='self' href='https://git.openwrt.org/feed/packages/atom?h=master'/>
<link rel='alternate' type='text/html' href='https://git.openwrt.org/feed/packages/'/>
<updated>2026-05-22T03:57:39Z</updated>
<entry>
<title>shadow: update to 4.19.4</title>
<updated>2026-05-22T03:57:39Z</updated>
<author>
<name>Alexandru Ardelean</name>
</author>
<published>2026-04-22T09:42:55Z</published>
<link rel='alternate' type='text/html' href='https://git.openwrt.org/feed/packages/commit/?id=dc5289490488fb2dc4b91b63baf651518ba2bcfc'/>
<id>urn:sha1:dc5289490488fb2dc4b91b63baf651518ba2bcfc</id>
<content type='text'>
Large version jump from 4.8.1 to 4.19.4 (latest upstream LTS).

Build changes:
- Refresh patches/004-fix-su-controoling-term.patch: su.c moved the
  ioctl() call from line 1122 to 1169 and changed (char *) 0 to
  (char *) NULL; update patch context and re-canonicalise through
  quilt (blank context line spacing).
- New CONFIGURE_ARGS:
  * --disable-logind: 4.19.4 added an optional libsystemd-based
    logind integration which OpenWrt doesn't ship.
  * --without-libbsd: shadow's configure now hard-fails on missing
    readpassphrase() unless libbsd is found; the in-tree
    lib/readpassphrase.c fallback is enabled by --without-libbsd.
  * --without-sssd: avoid dragging in an sssd build dep.
  * --disable-subordinate-ids: 4.19.4 builds libsubid (subuid/subgid
    runtime API) unconditionally when subids are enabled, and its
    libtool -export-symbols-regex generates a version script that
    binutils 2.40+ rejects against libxcrypt's versioned
    crypt_checksalt@@XCRYPT_4.3 symbol. Disabling subordinate-ids
    skips libsubid entirely; OpenWrt doesn't ship libsubid.
- Drop newgidmap, newuidmap, lastlog and groups from SHADOW_APPLETS:
  newgidmap/newuidmap are only built when subordinate-ids are
  enabled, lastlog defaults to disabled in 4.19.4, and the groups
  binary was removed from shadow upstream (use coreutils).

Test coverage:
- Replace the per-applet --version check in test.sh with per-applet
  functional tests:
    pwck     -&gt; 'pwck -r' read-only consistency check; accept
                 non-zero exit since the CI container's /etc/passwd
                 trips minor warnings.
    grpck    -&gt; 'grpck -r' read-only consistency check.
    chage    -&gt; 'chage -l root' lists password aging info.
    useradd  -&gt; 'useradd -D' dumps defaults without modifying state.
    passwd   -&gt; 'passwd -S root' prints the password status line.
    faillog  -&gt; create empty /var/log/faillog then 'faillog -a'
                must emit a header line.
    login/su -&gt; PAM-interactive; presence covered by generic tests.
    Other applets -&gt; verify binary presence (CI's generic tests
                 already check stripped, no build paths, linked-libs).
- Add test-version.sh as a generic-version-check override: shadow
  tools don't honour --version (only --help), so the framework's
  probe finds no PKG_VERSION match in any binary and would otherwise
  fail Generic tests for every sub-package.

Signed-off-by: Alexandru Ardelean &lt;alex@shruggie.ro&gt;
</content>
</entry>
<entry>
<title>shadow: update to 4.8.1</title>
<updated>2020-02-02T21:07:52Z</updated>
<author>
<name>Rosen Penev</name>
</author>
<published>2020-01-31T03:07:26Z</published>
<link rel='alternate' type='text/html' href='https://git.openwrt.org/feed/packages/commit/?id=87e5ded04cf65fbaa398568efe41830c4b60397a'/>
<id>urn:sha1:87e5ded04cf65fbaa398568efe41830c4b60397a</id>
<content type='text'>
Fixed license information.

Removed patch requiring autoreconf and replaced with a configure variable.

Removed faulty patch that broke systems without a disabled crypt size hack.
Replaced with using a SED command as well as bcrypt, which works in musl.

Removed su patch and converted it to a SED command in the Makefile.

Added new shadow utilities.

Signed-off-by: Rosen Penev &lt;rosenp@gmail.com&gt;
</content>
</entry>
<entry>
<title>shadow: change default encryption method from DES to SHA512</title>
<updated>2019-12-18T10:37:39Z</updated>
<author>
<name>Karel Kočí</name>
</author>
<published>2019-05-13T11:38:04Z</published>
<link rel='alternate' type='text/html' href='https://git.openwrt.org/feed/packages/commit/?id=f27ce05a5859a6cea24eb290e27ed904a67fe2e5'/>
<id>urn:sha1:f27ce05a5859a6cea24eb290e27ed904a67fe2e5</id>
<content type='text'>
Busybox in default uses SHA512 as well.

On big ditribution this default is sourced from PAM. That means that
shadow reads pam settings and uses that. OpenWrt in most cases does not
have PAM installed and in such case shadow fallbacks to its own default
which is DES. This just changes that default to SHA512 which is
consistent with rest of the system.

Signed-off-by: Karel Kočí &lt;karel.koci@nic.cz&gt;
</content>
</entry>
<entry>
<title>shadow: Update to 4.6</title>
<updated>2018-08-16T01:31:34Z</updated>
<author>
<name>Rosen Penev</name>
</author>
<published>2018-08-11T06:27:13Z</published>
<link rel='alternate' type='text/html' href='https://git.openwrt.org/feed/packages/commit/?id=2192c572a33ed05c5f0481d5bf5971d31e74bead'/>
<id>urn:sha1:2192c572a33ed05c5f0481d5bf5971d31e74bead</id>
<content type='text'>
Switched dead URLs to new upstream.

Signed-off-by: Rosen Penev &lt;rosenp@gmail.com&gt;
</content>
</entry>
<entry>
<title>shadow: use proper fix for checking subordinate IDs support</title>
<updated>2017-11-15T18:08:42Z</updated>
<author>
<name>Rafał Miłecki</name>
</author>
<published>2017-11-14T12:14:24Z</published>
<link rel='alternate' type='text/html' href='https://git.openwrt.org/feed/packages/commit/?id=f7c0dcb4c4f20c9aed3c33a1cc5ace29db63f37a'/>
<id>urn:sha1:f7c0dcb4c4f20c9aed3c33a1cc5ace29db63f37a</id>
<content type='text'>
During 4.2.1 version update support for subordinate IDs has been
disabled. It was handled by:

1) Adding --disable-subordinate-ids to avoid:
configure: error: cannot run test program while cross compiling

2) Adding patch 003-fix-disabling-subids.patch to avoid:
usermod.c: In function 'process_flags':
usermod.c:1364:10: error: 'vflg' undeclared (first use in this function)
  if (   (vflg || Vflg)
          ^

This commit adds a patch with a proper configure.in fix. We don't need
to disable subordinate IDs anymore.

Signed-off-by: Rafał Miłecki &lt;rafal@milecki.pl&gt;
</content>
</entry>
<entry>
<title>shadow: fix su controlling terminal #1521</title>
<updated>2015-07-03T11:44:10Z</updated>
<author>
<name>Pelle Johnsen</name>
</author>
<published>2015-07-03T11:44:10Z</published>
<link rel='alternate' type='text/html' href='https://git.openwrt.org/feed/packages/commit/?id=a14b3c86518e0b161d7356e7f3de01bb220bade9'/>
<id>urn:sha1:a14b3c86518e0b161d7356e7f3de01bb220bade9</id>
<content type='text'>
Signed-off-by: Pelle Johnsen &lt;pelle.johnsen@gmail.com&gt;
</content>
</entry>
<entry>
<title>shadow: update to 4.2.1, add PKG_LICENSE</title>
<updated>2014-08-12T06:49:34Z</updated>
<author>
<name>Steven Barth</name>
</author>
<published>2014-08-12T06:49:34Z</published>
<link rel='alternate' type='text/html' href='https://git.openwrt.org/feed/packages/commit/?id=7cf7c8675a87097bb8086eb446177fcba8214600'/>
<id>urn:sha1:7cf7c8675a87097bb8086eb446177fcba8214600</id>
<content type='text'>
Signed-off-by: Steven Barth &lt;steven@midlink.org&gt;
</content>
</entry>
<entry>
<title>shadow: adopt here</title>
<updated>2014-07-18T14:27:31Z</updated>
<author>
<name>Steven Barth</name>
</author>
<published>2014-07-18T14:27:12Z</published>
<link rel='alternate' type='text/html' href='https://git.openwrt.org/feed/packages/commit/?id=7766038afbde6c360c99694654605ee9ad93008a'/>
<id>urn:sha1:7766038afbde6c360c99694654605ee9ad93008a</id>
<content type='text'>
Signed-off-by: Steven Barth &lt;steven@midlink.org&gt;
</content>
</entry>
</feed>
