8.217. shadow-utils

Updated shadow-utils packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts.

Bug Fixes

Previously, pwconv and grpconv utilities improperly parsed respective shadow and gshadow files with errors. Consequently, when writing corrected shadow and gshadow files, only the first error on two consecutive erroneous lines was corrected. With this update, pwconv and grpconv parse the files with errors correctly, and all lines are corrected in the newly written files.
Due to a bug in code parsing in the /etc/group file, the useradd command could terminate unexpectedly with a segmentation fault when merging group entries. The parsing code has been fixed, and useradd now correctly merges group entries.
Previously, the useradd command assigned the SELinux user to the new user being created after creating and populating the home directory of the user. Consequently, the SELinux contexts of the home directory files were incorrect. With this update, the SELinux user is assigned to the newly created user before populating the home directory, and the SELinux contexts on the home directory files for newly created users are now correct.
Due to improper detection of invalid date specification in the chage command, chage did not fail when used with invalid date specification. With this update, the code of chage properly detects invalid date specification, and fails if an invalid date is specified.
Prior to this update, the chage command incorrectly handled date in the format of "[month] DD YYYY" as "[month] DD hhmm". As a consequence, if chage was used with such date specification, the date was set to an unexpected value. The updated chage code correctly handles date in the aforementioned format. As a result, if chage is used with such date specification, the date is set to an expected value.
Previously, the newgrp command always tried to find a group with a matching group ID (GID) within all the groups on the system. If the groups were stored on the LDAP server, it caused large data to be pulled from the LDAP server on each invocation of newgrp. The underlying source code has been fixed, and newgrp no longer tries to find a matching group among all the groups on the system if the user is a member of the group specified on the command line. Thus no extra data is pulled from the LDAP server.
The usermod code handled improperly the creation of a new entry in the /etc/shadow file. As a consequence, the "usermod -p" command failed to set the new password if the entry in the /etc/shadow file was missing. The updated usermod code properly creates a new entry in /etc/shadow if it is missing, and the "usermod -p" command sets the new password correctly even if the user's entry in /etc/shadow is missing.
Users of shadow-utils are advised to upgrade to these updated packages, which fix these bugs.