diff --git a/trunk/FS66068.patch b/trunk/FS66068.patch
new file mode 100644
index 0000000..87442d8
--- /dev/null
+++ b/trunk/FS66068.patch
@@ -0,0 +1,19 @@
+diff --git a/etc/login.defs b/etc/login.defs
+index 397446fe..123da519 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -88,12 +88,12 @@ TTYPERM 0600
+ # 022 is the default value, but 027, or even 077, could be considered
+ # for increased privacy. There is no One True Answer here: each sysadmin
+ # must make up their mind.
+-UMASK 077
++UMASK 022
+
+ # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+ # home directories.
+ # If HOME_MODE is not set, the value of UMASK is used to create the mode.
+-#HOME_MODE 0700
++HOME_MODE 0700
+
+ #
+ # Password aging controls:
diff --git a/trunk/FS71393.patch b/trunk/FS71393.patch
new file mode 100644
index 0000000..6e9be4d
--- /dev/null
+++ b/trunk/FS71393.patch
@@ -0,0 +1,13 @@
+diff --git a/etc/login.defs b/etc/login.defs
+index 0a07819..34f8c70 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -178,7 +178,7 @@ CHFN_RESTRICT rwh
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+-ENCRYPT_METHOD SHA512
++ENCRYPT_METHOD YESCRYPT
+
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
diff --git a/trunk/PKGBUILD b/trunk/PKGBUILD
index de451df..c15e9e0 100644
--- a/trunk/PKGBUILD
+++ b/trunk/PKGBUILD
@@ -11,20 +11,28 @@ license=('BSD')
# libcap-ng needed by install scriptlet for 'filecap'
depends=('pam' 'acl' 'libacl.so' 'audit' 'libaudit.so' 'libcap-ng' 'libcap-ng.so'
'libxcrypt' 'libcrypt.so')
+makedepends=('docbook-xsl' 'itstool')
backup=(etc/login.defs
etc/pam.d/{chage,passwd,shadow,useradd,usermod,userdel}
etc/pam.d/{chpasswd,newusers,groupadd,groupdel,groupmod}
etc/pam.d/{chgpasswd,groupmems}
etc/default/useradd)
-options=(strip debug)
validpgpkeys=('D5C2F9BFCA128BBA22A77218872F702C4D6E25A8' # Christian Perrier
'F1D08DB778185BF784002DFFE9FEEA06A85E3F9D') # Serge Hallyn
source=("https://github.com/shadow-maint/shadow/releases/download/$pkgver/shadow-$pkgver.tar.xz"{,.asc}
+ https://github.com/shadow-maint/shadow/commit/085d04c3ddfb817ba5f13269b604384c260be84f.patch
+ https://github.com/shadow-maint/shadow/commit/b2753b146a6d98389587c43d6f003404bf0dec12.patch
+ https://github.com/shadow-maint/shadow/commit/e5bb71b2fd59a76c2dfe8ef7104d61967bc2a47d.patch
+ https://github.com/shadow-maint/shadow/commit/5cd04d03f94622c12220d4a6352824af081b8531.patch
+ shadow-4.8-ignore-login-prompt.patch # From Fedora
+ options.patch
+ login.defs-arch.patch
+ FS66068.patch
+ FS71393.patch
LICENSE
chgpasswd
chpasswd
defaults.pam
- login.defs
newusers
passwd
shadow.{timer,service}
@@ -32,17 +40,39 @@ source=("https://github.com/shadow-maint/shadow/releases/download/$pkgver/shadow
install=shadow.install
sha1sums=('63457a0ba58dc4e81b2663b839dc6c89d3343f12'
'SKIP'
+ '15e9bd2cb6a0ca3dc6b91210313e3b43a419c5ad'
+ 'dd515df3fcf60ea03a7b7a688c9b255febee37ed'
+ '34b88e2a0c29fe4be1e599ddc7a863bb224c6e89'
+ '6d4087f1c3c9b4af928ef95d8117e1e1e7b1cbc3'
+ '21c84f51d0bb9e61f00bc30bba7bf24778278995'
+ 'cb132948c54d6b0eed730f5ce858d24b5b795ce6'
+ '6e1cf6e38923575b10a6a058d26b9659e15b3738'
+ '1ca05c11da220b04cd1748133b07469d7b5691b6'
+ '9422415c05bb5c2598ae86edd059f744a14d2cee'
'33a6cf1e44a1410e5c9726c89e5de68b78f5f922'
'4ad0e059406a305c8640ed30d93c2a1f62c2f4ad'
'12427b1ca92a9b85ca8202239f0d9f50198b818f'
'0e56fed7fc93572c6bf0d8f3b099166558bb46f1'
- '81a02eadb5f605fef5c75b6d8a03713a7041864b'
'12427b1ca92a9b85ca8202239f0d9f50198b818f'
'611be25d91c3f8f307c7fe2485d5f781e5dee75f'
'a154a94b47a3d0c6c287253b98c0d10b861226d0'
'b5540736f5acbc23b568973eb5645604762db3dd'
'c173208c5cf34528602f9931468a67b7f68abad3')
+prepare() {
+ cd "$pkgname-$pkgver"
+ sed -i '36,109d;156,242d' ../085d04c3ddfb817ba5f13269b604384c260be84f.patch # Delete all hunks that made it into the tarball
+ patch -p1 -i ../085d04c3ddfb817ba5f13269b604384c260be84f.patch # Add man/login.defs.d/HOME_MODE.xml missing from tarball.
+ patch -p1 -i ../b2753b146a6d98389587c43d6f003404bf0dec12.patch # patch man/Makefile.am to use HOME_MODE.xml.
+ patch -p1 -i ../e5bb71b2fd59a76c2dfe8ef7104d61967bc2a47d.patch # modify #endif does not match condition of #if in passwd.c
+ patch -p1 -i ../5cd04d03f94622c12220d4a6352824af081b8531.patch # Add yescrypt support
+ patch -p1 -i ../shadow-4.8-ignore-login-prompt.patch # Do not complain about LOGIN_PLAIN_PROMPT option that is used by login from util-linux.
+ patch -p1 -i ../options.patch # Remove uptions not supported due to use of pam or util-linux from login.defs and related man page.
+ patch -p1 -i ../login.defs-arch.patch # Set Arch defaults.
+ patch -p1 -i ../FS66068.patch # Changes to login.defs for FS#66068 should be merged into above patch if accepted.
+ patch -p1 -i ../FS71393.patch # Changes to login.defs for FS#71393 should be merged into above patch if accepted.
+}
+
build() {
cd "$pkgname-$pkgver"
@@ -58,9 +88,11 @@ build() {
--with-libpam \
--with-group-name-max-length=32 \
--with-audit \
- --without-selinux
+ --without-selinux \
+ --enable-man
make
+ make man
}
package() {
@@ -81,7 +113,7 @@ package() {
ln -s ../shadow.timer "$pkgdir/usr/lib/systemd/system/timers.target.wants/shadow.timer"
# login.defs
- install -Dm644 "$srcdir/login.defs" "$pkgdir/etc/login.defs"
+ install -Dm644 etc/login.defs "$pkgdir/etc/login.defs"
# PAM config - custom
rm "$pkgdir/etc/pam.d"/*
diff --git a/trunk/login.defs-arch.patch b/trunk/login.defs-arch.patch
new file mode 100644
index 0000000..9c373c8
--- /dev/null
+++ b/trunk/login.defs-arch.patch
@@ -0,0 +1,76 @@
+diff --git a/etc/login.defs b/etc/login.defs
+index eebf0d99..397446fe 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -1,8 +1,14 @@
+ #
+ # /etc/login.defs - Configuration control definitions for the shadow package.
+ #
+-# $Id$
++# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH.
++# If unspecified, some arbitrary (and possibly incorrect) value will
++# be assumed. All other items are optional - if not specified then
++# the described action or option will be inhibited.
+ #
++# Comment lines (lines beginning with "#") and blank lines are ignored.
++#
++# Modified for Linux. --marekm
+
+ #
+ # Delay in seconds before being allowed another attempt after a login failure
+@@ -34,7 +40,7 @@ SYSLOG_SG_ENAB yes
+ # If defined, ":" delimited list of "message of the day" files to
+ # be displayed upon login.
+ #
+-MOTD_FILE /etc/motd
++MOTD_FILE
+ #MOTD_FILE /etc/motd:/usr/lib/news/news-motd
+
+ #
+@@ -58,8 +64,8 @@ HUSHLOGIN_FILE .hushlogin
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+ # (they are minimal, add the rest in the shell startup files)
+-ENV_SUPATH PATH=/sbin:/bin:/usr/sbin:/usr/bin
+-ENV_PATH PATH=/bin:/usr/bin
++ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
++ENV_PATH PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
+
+ #
+ # Terminal permissions
+@@ -82,7 +88,7 @@ TTYPERM 0600
+ # 022 is the default value, but 027, or even 077, could be considered
+ # for increased privacy. There is no One True Answer here: each sysadmin
+ # must make up their mind.
+-UMASK 022
++UMASK 077
+
+ # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+ # home directories.
+@@ -106,7 +112,7 @@ PASS_WARN_AGE 7
+ UID_MIN 1000
+ UID_MAX 60000
+ # System accounts
+-SYS_UID_MIN 101
++SYS_UID_MIN 500
+ SYS_UID_MAX 999
+ # Extra per user uids
+ SUB_UID_MIN 100000
+@@ -119,7 +125,7 @@ SUB_UID_COUNT 65536
+ GID_MIN 1000
+ GID_MAX 60000
+ # System accounts
+-SYS_GID_MIN 101
++SYS_GID_MIN 500
+ SYS_GID_MAX 999
+ # Extra per user group ids
+ SUB_GID_MIN 100000
+@@ -171,7 +177,7 @@ CHFN_RESTRICT rwh
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+-#ENCRYPT_METHOD DES
++ENCRYPT_METHOD SHA512
+
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
diff --git a/trunk/options.patch b/trunk/options.patch
new file mode 100644
index 0000000..d496dd8
--- /dev/null
+++ b/trunk/options.patch
@@ -0,0 +1,503 @@
+diff --git a/etc/login.defs b/etc/login.defs
+index a2f8cd50..eebf0d99 100644
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -11,26 +11,11 @@
+ #
+ FAIL_DELAY 3
+
+-#
+-# Enable logging and display of /var/log/faillog login(1) failure info.
+-#
+-FAILLOG_ENAB yes
+-
+ #
+ # Enable display of unknown usernames when login(1) failures are recorded.
+ #
+ LOG_UNKFAIL_ENAB no
+
+-#
+-# Enable logging of successful logins
+-#
+-LOG_OK_LOGINS no
+-
+-#
+-# Enable logging and display of /var/log/lastlog login(1) time info.
+-#
+-LASTLOG_ENAB yes
+-
+ #
+ # Limit the highest user ID number for which the lastlog entries should
+ # be updated.
+@@ -41,48 +26,10 @@ LASTLOG_ENAB yes
+ #LASTLOG_UID_MAX
+
+ #
+-# Enable checking and display of mailbox status upon login.
+-#
+-# Disable if the shell startup files already check for mail
+-# ("mailx -e" or equivalent).
+-#
+-MAIL_CHECK_ENAB yes
+-
+-#
+-# Enable additional checks upon password changes.
+-#
+-OBSCURE_CHECKS_ENAB yes
+-
+-#
+-# Enable checking of time restrictions specified in /etc/porttime.
+-#
+-PORTTIME_CHECKS_ENAB yes
+-
+-#
+-# Enable setting of ulimit, umask, and niceness from passwd(5) gecos field.
+-#
+-QUOTAS_ENAB yes
+-
+-#
+-# Enable "syslog" logging of su(1) activity - in addition to sulog file logging.
+-# SYSLOG_SG_ENAB does the same for newgrp(1) and sg(1).
++# Enable "syslog" logging of newgrp(1) and sg(1) activity.
+ #
+-SYSLOG_SU_ENAB yes
+ SYSLOG_SG_ENAB yes
+
+-#
+-# If defined, either full pathname of a file containing device names or
+-# a ":" delimited list of device names. Root logins will be allowed only
+-# from these devices.
+-#
+-CONSOLE /etc/securetty
+-#CONSOLE console:tty01:tty02:tty03:tty04
+-
+-#
+-# If defined, all su(1) activity is logged to this file.
+-#
+-#SULOG_FILE /var/log/sulog
+-
+ #
+ # If defined, ":" delimited list of "message of the day" files to
+ # be displayed upon login.
+@@ -90,38 +37,6 @@ CONSOLE /etc/securetty
+ MOTD_FILE /etc/motd
+ #MOTD_FILE /etc/motd:/usr/lib/news/news-motd
+
+-#
+-# If defined, this file will be output before each login(1) prompt.
+-#
+-#ISSUE_FILE /etc/issue
+-
+-#
+-# If defined, file which maps tty line to TERM environment parameter.
+-# Each line of the file is in a format similar to "vt100 tty01".
+-#
+-#TTYTYPE_FILE /etc/ttytype
+-
+-#
+-# If defined, login(1) failures will be logged here in a utmp format.
+-# last(1), when invoked as lastb(1), will read /var/log/btmp, so...
+-#
+-FTMP_FILE /var/log/btmp
+-
+-#
+-# If defined, name of file whose presence will inhibit non-root
+-# logins. The content of this file should be a message indicating
+-# why logins are inhibited.
+-#
+-NOLOGINS_FILE /etc/nologin
+-
+-#
+-# If defined, the command name to display when running "su -". For
+-# example, if this is defined as "su" then ps(1) will display the
+-# command as "-su". If not defined, then ps(1) will display the
+-# name of the shell actually being run, e.g. something like "-sh".
+-#
+-SU_NAME su
+-
+ #
+ # *REQUIRED*
+ # Directory where mailboxes reside, _or_ name of file, relative to the
+@@ -139,21 +54,6 @@ MAIL_DIR /var/spool/mail
+ HUSHLOGIN_FILE .hushlogin
+ #HUSHLOGIN_FILE /etc/hushlogins
+
+-#
+-# If defined, either a TZ environment parameter spec or the
+-# fully-rooted pathname of a file containing such a spec.
+-#
+-#ENV_TZ TZ=CST6CDT
+-#ENV_TZ /etc/tzname
+-
+-#
+-# If defined, an HZ environment parameter spec.
+-#
+-# for Linux/x86
+-ENV_HZ HZ=100
+-# For Linux/Alpha...
+-#ENV_HZ HZ=1024
+-
+ #
+ # *REQUIRED* The default PATH settings, for superuser and normal users.
+ #
+@@ -175,23 +75,6 @@ ENV_PATH PATH=/bin:/usr/bin
+ TTYGROUP tty
+ TTYPERM 0600
+
+-#
+-# Login configuration initializations:
+-#
+-# ERASECHAR Terminal ERASE character ('\010' = backspace).
+-# KILLCHAR Terminal KILL character ('\025' = CTRL/U).
+-# ULIMIT Default "ulimit" value.
+-#
+-# The ERASECHAR and KILLCHAR are used only on System V machines.
+-# The ULIMIT is used only if the system supports it.
+-# (now it works with setrlimit too; ulimit is in 512-byte units)
+-#
+-# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
+-#
+-ERASECHAR 0177
+-KILLCHAR 025
+-#ULIMIT 2097152
+-
+ # Default initial "umask" value used by login(1) on non-PAM enabled systems.
+ # Default "umask" value for pam_umask(8) on PAM enabled systems.
+ # UMASK is also used by useradd(8) and newusers(8) to set the mode for new
+@@ -211,27 +94,12 @@ UMASK 022
+ #
+ # PASS_MAX_DAYS Maximum number of days a password may be used.
+ # PASS_MIN_DAYS Minimum number of days allowed between password changes.
+-# PASS_MIN_LEN Minimum acceptable password length.
+ # PASS_WARN_AGE Number of days warning given before a password expires.
+ #
+ PASS_MAX_DAYS 99999
+ PASS_MIN_DAYS 0
+-PASS_MIN_LEN 5
+ PASS_WARN_AGE 7
+
+-#
+-# If "yes", the user must be listed as a member of the first gid 0 group
+-# in /etc/group (called "root" on most Linux systems) to be able to "su"
+-# to uid 0 accounts. If the group doesn't exist or is empty, no one
+-# will be able to "su" to uid 0.
+-#
+-SU_WHEEL_ONLY no
+-
+-#
+-# If compiled with cracklib support, sets the path to the dictionaries
+-#
+-CRACKLIB_DICTPATH /var/cache/cracklib/cracklib_dict
+-
+ #
+ # Min/max values for automatic uid selection in useradd(8)
+ #
+@@ -268,28 +136,6 @@ LOGIN_RETRIES 5
+ #
+ LOGIN_TIMEOUT 60
+
+-#
+-# Maximum number of attempts to change password if rejected (too easy)
+-#
+-PASS_CHANGE_TRIES 5
+-
+-#
+-# Warn about weak passwords (but still allow them) if you are root.
+-#
+-PASS_ALWAYS_WARN yes
+-
+-#
+-# Number of significant characters in the password for crypt().
+-# Default is 8, don't change unless your crypt() is better.
+-# Ignored if MD5_CRYPT_ENAB set to "yes".
+-#
+-#PASS_MAX_LEN 8
+-
+-#
+-# Require password before chfn(1)/chsh(1) can make any changes.
+-#
+-CHFN_AUTH yes
+-
+ #
+ # Which fields may be changed by regular users using chfn(1) - use
+ # any combination of letters "frwh" (full name, room number, work
+@@ -298,13 +144,6 @@ CHFN_AUTH yes
+ #
+ CHFN_RESTRICT rwh
+
+-#
+-# Password prompt (%s will be replaced by user name).
+-#
+-# XXX - it doesn't work correctly yet, for now leave it commented out
+-# to use the default which is just "Password: ".
+-#LOGIN_STRING "%s's Password: "
+-
+ #
+ # Only works if compiled with MD5_CRYPT defined:
+ # If set to "yes", new passwords will be encrypted using the MD5-based
+@@ -365,29 +204,12 @@ CHFN_RESTRICT rwh
+ #BCRYPT_MIN_ROUNDS 13
+ #BCRYPT_MAX_ROUNDS 13
+
+-#
+-# List of groups to add to the user's supplementary group set
+-# when logging in from the console (as determined by the CONSOLE
+-# setting). Default is none.
+-#
+-# Use with caution - it is possible for users to gain permanent
+-# access to these groups, even when not logged in from the console.
+-# How to do it is left as an exercise for the reader...
+-#
+-#CONSOLE_GROUPS floppy:audio:cdrom
+-
+ #
+ # Should login be allowed if we can't cd to the home directory?
+ # Default is no.
+ #
+ DEFAULT_HOME yes
+
+-#
+-# If this file exists and is readable, login environment will be
+-# read from it. Every line should be in the form name=value.
+-#
+-ENVIRON_FILE /etc/environment
+-
+ #
+ # If defined, this command is run when removing a user.
+ # It should remove any at/cron/print jobs etc. owned by
+diff --git a/man/login.defs.5.xml b/man/login.defs.5.xml
+index 9e95da20..36992c4b 100644
+--- a/man/login.defs.5.xml
++++ b/man/login.defs.5.xml
+@@ -31,67 +31,37 @@
+ -->
+
+
+-
+-
+-
+
+
+
+-
+
+
+-
+-
+-
+
+-
+-
+-
+
+
+
+-
+-
+-
+
+-
+
+
+-
+
+-
+
+
+
+
+-
+-
+-
+-
+-
+
+
+
+-
+-
+
+-
+-
+-
+
+
+
+
+-
+
+
+
+
+-
+
+-
+
+
+
+@@ -167,45 +137,24 @@
+ The following configuration items are provided:
+
+
+- &CHFN_AUTH;
+ &CHFN_RESTRICT;
+- &CHSH_AUTH;
+- &CONSOLE;
+- &CONSOLE_GROUPS;
+ &CREATE_HOME;
+ &DEFAULT_HOME;
+ &ENCRYPT_METHOD;
+- &ENV_HZ;
+ &ENV_PATH;
+ &ENV_SUPATH;
+- &ENV_TZ;
+- &ENVIRON_FILE;
+- &ERASECHAR;
+ &FAIL_DELAY;
+- &FAILLOG_ENAB;
+- &FAKE_SHELL;
+- &FTMP_FILE;
+ &GID_MAX;
+ &HOME_MODE;
+ &HUSHLOGIN_FILE;
+- &ISSUE_FILE;
+- &KILLCHAR;
+- &LASTLOG_ENAB;
+ &LASTLOG_UID_MAX;
+- &LOG_OK_LOGINS;
+ &LOG_UNKFAIL_ENAB;
+ &LOGIN_RETRIES;
+- &LOGIN_STRING;
+ &LOGIN_TIMEOUT;
+- &MAIL_CHECK_ENAB;
+ &MAIL_DIR;
+ &MAX_MEMBERS_PER_GROUP;
+ &MD5_CRYPT_ENAB;
+ &MOTD_FILE;
+- &NOLOGINS_FILE;
+- &OBSCURE_CHECKS_ENAB;
+- &PASS_ALWAYS_WARN;
+- &PASS_CHANGE_TRIES;
+ &PASS_MAX_DAYS;
+ &PASS_MIN_DAYS;
+ &PASS_WARN_AGE;
+@@ -215,25 +164,16 @@
+ time of account creation. Any changes to these settings won't affect
+ existing accounts.
+
+- &PASS_MAX_LEN;
+- &PORTTIME_CHECKS_ENAB;
+- "AS_ENAB;
+ &SHA_CRYPT_MIN_ROUNDS;
+- &SULOG_FILE;
+- &SU_NAME;
+- &SU_WHEEL_ONLY;
+ &SUB_GID_COUNT;
+ &SUB_UID_COUNT;
+ &SYS_GID_MAX;
+ &SYS_UID_MAX;
+ &SYSLOG_SG_ENAB;
+- &SYSLOG_SU_ENAB;
+ &TCB_AUTH_GROUP;
+ &TCB_SYMLINKS;
+ &TTYGROUP;
+- &TTYTYPE_FILE;
+ &UID_MAX;
+- &ULIMIT;
+ &UMASK;
+ &USERDEL_CMD;
+ &USERGROUPS_ENAB;
+@@ -359,35 +299,6 @@
+ LASTLOG_UID_MAX
+
+
+-
+- login
+-
+-
+- CONSOLE
+- CONSOLE_GROUPS DEFAULT_HOME
+- ENV_HZ ENV_PATH ENV_SUPATH
+- ENV_TZ ENVIRON_FILE
+- ERASECHAR FAIL_DELAY
+- FAILLOG_ENAB
+- FAKE_SHELL
+- FTMP_FILE
+- HUSHLOGIN_FILE
+- ISSUE_FILE
+- KILLCHAR
+- LASTLOG_ENAB LASTLOG_UID_MAX
+- LOGIN_RETRIES
+- LOGIN_STRING
+- LOGIN_TIMEOUT LOG_OK_LOGINS LOG_UNKFAIL_ENAB
+- MAIL_CHECK_ENAB MAIL_DIR MAIL_FILE
+- MOTD_FILE NOLOGINS_FILE PORTTIME_CHECKS_ENAB
+- QUOTAS_ENAB
+- TTYGROUP TTYPERM TTYTYPE_FILE
+- ULIMIT UMASK
+- USERGROUPS_ENAB
+-
+-
+-
+-
+
+ newgrp / sg
+
+@@ -452,32 +363,6 @@
+
+
+
+-
+- su
+-
+-
+- CONSOLE
+- CONSOLE_GROUPS DEFAULT_HOME
+- ENV_HZ ENVIRON_FILE
+- ENV_PATH ENV_SUPATH
+- ENV_TZ LOGIN_STRING MAIL_CHECK_ENAB
+- MAIL_DIR MAIL_FILE QUOTAS_ENAB
+- SULOG_FILE SU_NAME
+- SU_WHEEL_ONLY
+- SYSLOG_SU_ENAB
+- USERGROUPS_ENAB
+-
+-
+-
+-
+- sulogin
+-
+-
+- ENV_HZ
+- ENV_TZ
+-
+-
+-
+
+ useradd
+
+@@ -507,22 +392,6 @@
+
+
+
+- usermod
+-
+-
+- LASTLOG_UID_MAX
+- MAIL_DIR MAIL_FILE MAX_MEMBERS_PER_GROUP
+- TCB_SYMLINKS USE_TCB
+-
+-
+-
+-
+- vipw
+-
+-
+- USE_TCB
+-
+-
+
+
+
diff --git a/trunk/shadow-4.8-ignore-login-prompt.patch b/trunk/shadow-4.8-ignore-login-prompt.patch
new file mode 100644
index 0000000..c93aae7
--- /dev/null
+++ b/trunk/shadow-4.8-ignore-login-prompt.patch
@@ -0,0 +1,11 @@
+diff -up shadow-4.8/lib/getdef.c.login-prompt shadow-4.8/lib/getdef.c
+--- shadow-4.8/lib/getdef.c.login-prompt 2020-01-13 10:38:44.852796681 +0100
++++ shadow-4.8/lib/getdef.c 2020-01-13 10:39:54.472612511 +0100
+@@ -98,6 +98,7 @@ static struct itemdef def_table[] = {
+ {"LASTLOG_UID_MAX", NULL},
+ {"LOGIN_RETRIES", NULL},
+ {"LOGIN_TIMEOUT", NULL},
++ {"LOGIN_PLAIN_PROMPT", NULL},
+ {"LOG_OK_LOGINS", NULL},
+ {"LOG_UNKFAIL_ENAB", NULL},
+ {"MAIL_DIR", NULL},