8.217. shadow-utils

Bug Fixes

BZ#787742

Previously, pwconv and grpconv utilities improperly parsed respective shadow and gshadow files with errors. Consequently, when writing corrected shadow and gshadow files, only the first error on two consecutive erroneous lines was corrected. With this update, pwconv and grpconv parse the files with errors correctly, and all lines are corrected in the newly written files.

BZ#890222

Due to a bug in code parsing in the /etc/group file, the useradd command could terminate unexpectedly with a segmentation fault when merging group entries. The parsing code has been fixed, and useradd now correctly merges group entries.

BZ#955769

Previously, the useradd command assigned the SELinux user to the new user being created after creating and populating the home directory of the user. Consequently, the SELinux contexts of the home directory files were incorrect. With this update, the SELinux user is assigned to the newly created user before populating the home directory, and the SELinux contexts on the home directory files for newly created users are now correct.

BZ#956742

Due to improper detection of invalid date specification in the chage command, chage did not fail when used with invalid date specification. With this update, the code of chage properly detects invalid date specification, and fails if an invalid date is specified.

BZ#957782

Prior to this update, the chage command incorrectly handled date in the format of "[month] DD YYYY" as "[month] DD hhmm". As a consequence, if chage was used with such date specification, the date was set to an unexpected value. The updated chage code correctly handles date in the aforementioned format. As a result, if chage is used with such date specification, the date is set to an expected value.

BZ#993049

Previously, the newgrp command always tried to find a group with a matching group ID (GID) within all the groups on the system. If the groups were stored on the LDAP server, it caused large data to be pulled from the LDAP server on each invocation of newgrp. The underlying source code has been fixed, and newgrp no longer tries to find a matching group among all the groups on the system if the user is a member of the group specified on the command line. Thus no extra data is pulled from the LDAP server.

BZ#1016516

The usermod code handled improperly the creation of a new entry in the /etc/shadow file. As a consequence, the "usermod -p" command failed to set the new password if the entry in the /etc/shadow file was missing. The updated usermod code properly creates a new entry in /etc/shadow if it is missing, and the "usermod -p" command sets the new password correctly even if the user's entry in /etc/shadow is missing.