4.295. shadow-utils

An updated shadow-utils package that fixes multiple bugs and adds three enhancements is now available for Red Hat Enterprise Linux 6.
The shadow-utils package includes programs for converting UNIX password files to the shadow password format, as well as tools for managing user and group accounts.

Bug Fixes

BZ#586796
Previously, the extended access control lists (ACL) on a file or directory below the /etc/skel directory were not preserved when a new user was created. As a result, the file or directory was copied but the extended ACLs that were associated with the file or directory were lost. This update preserves these extended ACLs.
BZ#667593
Previously,the switch-group (sg) command failed with a segmentation fault when using password protected groups. This update modifies the gshadow functions in shadow-utils and also uses the gshadow functions from glibc so that the sg command now handles password protected groups as expected.
BZ#672510
Previously, the new group (newgrp) command failed with a segmentation fault when using password protected groups. This update modifies the newgrp command so that the newgrp command now handles password protected groups as expected.
BZ#674878, BZ#696213
Previously, the man page for the useradd command contained misleading information about the -m option. The -m option is described correctly.
BZ#693377
Previously, the useradd command failed with a segmentation fault when the user ID (UID) range exceeded the maximum of 2147483647 (UID_MAX) accounts on a 64bit system. This update replaces the alloca() function with the malloc() function and checks the return value. Now, the useradd command operates in this range as expected.
BZ#706321
Previously, the lastlog command did not work correctly with large UIDs on 32bit system due to integer overflow. As a result, lastlog showed only users that were logged in. This update modifies the code so that lastlog now shows also users that were never logged in.

Enhancements

BZ#723921
This update is compiled with the position-independent executable (PIE) and relocation read-only (RELRO) flags which enhance the security of the system.
BZ#639900
With this update, the userdel command offers the option to delete both from the SELinux login mapping.
BZ#629277, BZ#696213
This update adds additional comments in "/etc/login.defs". These comments inform the administrator that certain configuration options are ignored in favor of the pam-cracklib module.
All users of shadow-utils are advised to upgrade to this updated package, which fixes these bugs and adds these enhancements.