This release includes some steps toward preparing for the Y2038 (e.g. removing lastlog conditionally), a great deal of removal of obsolete function checks (like rmdir), and overhaul of some string manipulation functions, of which there is more to come. And a great deal more. The abbreviated git log follows:
Serge Hallyn: configure.ac: check for strlcpy
Michael Vetter: Remove intree website
Serge Hallyn: 4.14.0-rc4 pre-release
Serge Hallyn: Releases: add etc/shadow-maint to distfiles
Serge Hallyn: 4.14.0-rc3
Iker Pedrosa: libmisc: include freezero
Iker Pedrosa: libmisc: add freezero source code
Iker Pedrosa: libmisc: add readpassphrase source code
Iker Pedrosa: configure: add with-libbsd option
Iker Pedrosa: man: include shadow-man.xsl in tarball
Iker Pedrosa: man: include its.rules in tarball
Iker Pedrosa: autogen: enable lastlog build
Christian Göttsche: Add wrapper for write(2)
Serge Hallyn: tag 4.14.0-rc2
Michael Vetter: Add new files to libmisc_la_SOURCES
Serge Hallyn: Add a make dist CI test
Serge Hallyn: 4.14.0-rc1
Serge Hallyn: remove xmalloc.c from POTFILES.in
Iker Pedrosa: logoutd: add missing <utmp.h> include
Iker Pedrosa: CI: compile old utmp interface in Fedora
Iker Pedrosa: src: add SELINUX library
Iker Pedrosa: libmisc: conditionally compile utmp.c and logind.c
Iker Pedrosa: lib: replace USER_NAME_MAX_LENGTH macro
Iker Pedrosa: libmisc: call active_sessions_count()
Iker Pedrosa: libmisc: implement active_sessions_count()
Iker Pedrosa: utmp: update update_utmp()
Iker Pedrosa: utmp: move update_utmp
Iker Pedrosa: utmp: move failtmp()
Iker Pedrosa: libmisc: implement get_session_host()
Iker Pedrosa: configure: new option enable-logind
xiongshenglan: shadow userdel: add the adaptation to the busybox ps in 01-kill_user_procs.sh
Michael Vetter: chsh: warn if root sets a shell not listed in /etc/shells
Michael Vetter: doc: mention ci workflow file to learn about deps
Serge Hallyn: man/po/Makefile: add a comment to shadow-man-pages.pot
Vegard Nossum: newgrp: fix potential string injection
Todd Zullinger: lastlog: fix alignment of Latest header
Iker Pedrosa: configure: fix lastlog check
Alan D. Salewski: subuid.5: reference newusers(8) rather than newusers(1)
Iker Pedrosa: CI: build lastlog in Fedora
Iker Pedrosa: man: conditionally build lastlog documentation
Iker Pedrosa: usermod: conditionally build lastlog functionality
Iker Pedrosa: useradd: conditionally build lastlog functionality
Iker Pedrosa: login: conditionally build lastlog functionality
Iker Pedrosa: lastlog: stop building by default
Iker Pedrosa: CI: update debian repos
Bernd Kuhls: Fix yescrypt support
Jeffrey Bencteux: chgpasswd: fix segfault in command-line options
Alejandro Colomar: gpasswd(1): Fix password leak
Alejandro Colomar: src/useradd.c: create_mail(): Cosmetic
Alejandro Colomar: src/useradd.c: create_home(): Cosmetic
Alejandro Colomar: src/useradd.c: create_home(): Cosmetic
Alejandro Colomar: src/useradd.c: create_home(): Cosmetic
Alejandro Colomar: src/useradd.c: close_group_files(): Cosmetic
Alejandro Colomar: src/useradd.c: check_uid_range(): Cosmetic
Jaroslav Jindrak: build: link passwd, chpasswd and chage against libdl
Jaroslav Jindrak: configure: check whether fgetpwent_r is available before marking xprefix_getpwnam_r as reentrant
Jaroslav Jindrak: passwd: fall back to non-PAM code when prefix is used
Jaroslav Jindrak: chpasswd: fall back to non-PAM code when prefix is used
Jaroslav Jindrak: chpasswd: add --prefix/-P options
Jaroslav Jindrak: chage: add --prefix/-P options
Jaroslav Jindrak: passwd: Respect --prefix/-P options
Michael Vetter: prefix: add prefix support
Iker Pedrosa: strtoday: remove unnecessary cast
Alejandro Colomar: Use temporary variable
Alejandro Colomar: realloc(NULL, ...) is equivalent to malloc(...)
Alejandro Colomar: Simplify allocation APIs
Christian Göttsche: Drop alloca(3)
Christian Göttsche: usermod: fix off-by-one issues
Alejandro Colomar: libmisc/csrand.c: Update comments
Alejandro Colomar: lib/nss.c: Fix use of invalid p
Alejandro Colomar: lib/nss.c: Fix use of uninitialized p
Alejandro Colomar: Centralize error handling
Alejandro Colomar: Second verse, it gets worse; it gets no better than this
Alejandro Colomar: ROFL: Rolling on the floor looping
Alejandro Colomar: This ain't no loop
Iker Pedrosa: newusers: Improve error message
Martin Kletzander: ch(g)passwd: Check selinux permissions upon startup
Skyler Ferrante: Check if crypt_method null before dereferencing
Alejandro Colomar: xgetXXbyYY: Simplify elifs
Alejandro Colomar: xgetXXbyYY: Centralize error handling
Alejandro Colomar: xgetXXbyYY: tfix
Samanta Navarro: xgetXXbyYY: Avoid duplicated error handling block
Samanta Navarro: xgetXXbyYY: Handle DUP_FUNCTION failure
Serge Hallyn: sub_[ug]id_{add,remove}: fix return values
Martin Kletzander: usermod: Small optimization using memmove for password unlock
Alejandro Colomar: Reorder logic to improve comprehensibility
Alejandro Colomar: newusers: Fail early
Alejandro Colomar: newusers: Add missing error handling
Samanta Navarro: libmisc: Use safer chroot/chdir sequence
Samanta Navarro: su: Prevent stack overflow in check_perms
Samanta Navarro: subsystem: Prevent endless loop
Serge Hallyn: def_load: avoid NULL deref
Serge Hallyn: def_load: split the econf from non-econf definition
Tobias Stoeckmann: Plug econf memory leaks
Samanta Navarro: chsh: Verify that login shell path is absolute
Samanta Navarro: process_prefix_flag: Drop privileges
bubu: Update French translations
Samanta Navarro: get_pid.c: Use tighter validation checks
Markus Hiereth: replace inadequate German translation of login error message
Markus Hiereth: Update German translations
Samanta Navarro: Remove some static char arrays
Samanta Navarro: commonio: Use do_lock_file again
Serge Hallyn: Fix broken docbook translations
ed neville: open with O_CREAT when lock path does not exist
Samanta Navarro: commonio_open: Remove fcntl call
Samanta Navarro: commonio_lock_nowait: Remove deprecated code
Samanta Navarro: login_prompt: Simplify login_prompt API
Samanta Navarro: login_prompt: Use exit in signal handler
Samanta Navarro: login_prompt: Do not parse environment variables
Samanta Navarro: libmisc/yesno.c: Fix regression
Alejandro Colomar: libmisc, man: Drop old check and advice for complex character sets in passwords
Christian Göttsche: semanage: disconnect to free libsemanage internals
Christian Göttsche: commonio: free removed database entries
ed neville: run_parts for groupadd and groupdel
lilinjie: fix typos
Alejandro Colomar: libmisc/yesno.c: Use getline(3) and rpmatch(3)
Samanta Navarro: newgrp/useradd: always set SIGCHLD to default
Serge Hallyn: Update AUTHORS to add Marek Michałkiewicz
Samanta Navarro: Read whole line in yes_or_no
Christian Göttsche: useradd/usermod: add --selinux-range argument
Alejandro Colomar: CI: Make build logs more readable
Iker Pedrosa: ci: remove explicit fedora dependencies
Iker Pedrosa: README: add reference to contribution guidelines
Iker Pedrosa: doc: add contributions introduction
Iker Pedrosa: doc: add license
Iker Pedrosa: doc: add releases
Iker Pedrosa: doc: add Continuous Integration
Iker Pedrosa: doc: add tests
Iker Pedrosa: doc: add coding style
Iker Pedrosa: doc: add build & install
Serge Hallyn: trivial: vipw.8: fix grammar
Christian Göttsche: sssd: skip flushing if executable does not exist
Christian Göttsche: Overhaul valid_field()
Martin Kletzander: semanage: Do not set default SELinux range
Michael Vetter: Fix typo in groupadd usage
Christian Göttsche: ci: update Differential ShellCheck
tomspiderlabs: Added control character check
Mike Gilbert: usermod: respect --prefix for --gid option
Alejandro Colomar: Fix su(1) silent truncation
Alejandro Colomar: Simplify is_my_tty()
Alejandro Colomar: Fix is_my_tty() buffer overrun
Alejandro Colomar: Add STRLEN(): a constexpr strlen(3) for string literals
Alejandro Colomar: Fix crash with large timestamps
Paul Eggert: Prefer strcpy(3) to strlcpy(3) when either works
Paul Eggert: Fix change_field() buffer underrun
Paul Eggert: Omit unneeded test in change_field()
Paul Eggert: Simplify change_field() by using strcpy
skyler-ferrante: Fix null dereference in basename
Iker Pedrosa: CI: script for local container build
Iker Pedrosa: CI: build project in containers
Iker Pedrosa: container: add fedora
Iker Pedrosa: container: add debian
Iker Pedrosa: container: add alpine
Iker Pedrosa: SECURITY.md: add Iker Pedrosa
Christian Göttsche: selinux: use type safe function pointer assignment
Christian Göttsche: Use strict prototype in definition
Vinícius dos Santos Oliveira: Add .editorconfig
Serge Hallyn: run_some: fix shellcheck warning
Serge Hallyn: fail on any run_some test failure
Serge Hallyn: ignore first test in run_some
Serge Hallyn: swap first two tests - does the first one still fail?
Serge Hallyn: tests: remove some github runner PATH tweaking
Alejandro Colomar: tests: Support git-worktree(1)
Serge Hallyn: tests: newuidmap and newgidmap: update expected fail message
Serge Hallyn: libsubid: include alloc.h
Serge Hallyn: run_some: log stderr
Vinícius dos Santos Oliveira: Validate fds created by the user
Serge Hallyn: get_pidfd_from_fd: return -1 on error, not 0
Serge Hallyn: g-h-a workflow: workaround
Serge Hallyn: Fix regression in some translation strings
Iker Pedrosa: lib: bit_ceil_wrapul(): stop recursion
Iker Pedrosa: lib: define ULONG_WIDTH if non-existent
maqi: Update translation
Serge Hallyn: newuidmap and newgidmap: support passing pid as fd
Alejandro Colomar: Fix use-after-free of pointer after realloc(3)
Alejandro Colomar: Use safer allocation macros
Alejandro Colomar: libmisc: Add safer allocation macros
Alejandro Colomar: Use xreallocarray() instead of its pattern
Alejandro Colomar: Use reallocarrayf() instead of its pattern
Alejandro Colomar: Use *array() allocation functions where appropriate
Alejandro Colomar: Use xcalloc(3) instead of its pattern
Alejandro Colomar: libmisc: Add safer allocation functions
Alejandro Colomar: libmisc: Move xmalloc.c to alloc.c
Alejandro Colomar: Use calloc(3) instead of its pattern
Alejandro Colomar: Use reallocarray(3) instead of its pattern
Alejandro Colomar: Use reallocf(3) instead of its pattern
Alejandro Colomar: malloc(3) already sets errno to ENOMEM
Alejandro Colomar: Rely on realloc(NULL, ...) being equivalent to malloc(...)
Alejandro Colomar: libmisc: agetpass(): Fix bug detecting truncation
Martin Kletzander: find_new[gu]id(): Skip over IDs that are reserved for legacy reasons
Samanta Navarro: Fix comments
Samanta Navarro: Fix grammar
Samanta Navarro: Fix typo
Samanta Navarro: Fix typos
Alejandro Colomar: Use stpecpy() where appropriate
Alejandro Colomar: Add stpecpy()
Alejandro Colomar: Add mempcpy(3)
Alejandro Colomar: Remove unnecessary NUL terminators
Alejandro Colomar: Use stpeprintf() where appropriate
Alejandro Colomar: Add stpeprintf()
Alejandro Colomar: agetpass.c: Use SPDX tags
Martin Kletzander: Fix VPATH build
Alejandro Colomar: ttytype(): Fix race
Alejandro Colomar: Remove superfluous casts
Serge Hallyn: run on github runner
Serge Hallyn: tests: print default timeout message to stderr
Serge Hallyn: use self-hosted runner for testsuite
Alejandro Colomar: Use the noreturn attribute, rather than comments
Alejandro Colomar: lib/defines.h: Add NORETURN attribute macro
Alejandro Colomar: Assume getutent(3) exists (remove dead code)
Alejandro Colomar: Handle reallocf(3) errors
Alejandro Colomar: Fix memory leaks by replacing realloc(3) with reallocf(3)
Alejandro Colomar: Remove unused function: gr_append_member()
Serge Hallyn: Improve TTYGROUP description in login.defs manpage
Alejandro Colomar: Remove superfluous casts to 'void*'
Alejandro Colomar: Call NULL by its name
Alejandro Colomar: Use freezero(3) where suitable
Samanta Navarro: Prevent out of boundary access
Samanta Navarro: Explicitly override only newlines
Samanta Navarro: Correctly handle illegal system file in tz
Alejandro Colomar: leading_zerosul(): Fix bug
Alejandro Colomar: Unoptimize the higher part of the domain of csrand_uniform()
Alejandro Colomar: Add bit manipulation functions
Alejandro Colomar: Revert "Add bit manipulation functions"
Alejandro Colomar: Optimize csrand_uniform()
Alejandro Colomar: Use WIDTHOF() instead of its expansion
Alejandro Colomar: Add WIDTHOF() to get the width in bits
Alejandro Colomar: Rewrite csrand_interval() as a wrapper around csrand_uniform()
Alejandro Colomar: Add csrand_uniform()
Alejandro Colomar: Add bit manipulation functions
Alejandro Colomar: Move csrand() to a new file csrand.c
Alejandro Colomar: Use naming consistent with other common functions
Alejandro Colomar: Fix types of the csrand_interval() API
Alejandro Colomar: Use a more precise name for a CSPRNG API with an interval
Stefan Schubert: Supporting vendor given -shells- configuration file
Samanta Navarro: libmisc: fix grammar
Samanta Navarro: Fix typos
Christian Göttsche: Declare constant data structure const
Christian Göttsche: Provide strlcpy declaration
Christian Göttsche: Avoid comparisons of different signs
Christian Göttsche: Drop redundant declaration
Christian Göttsche: copydir: fix impl usage
Christian Göttsche: Modernize manual memzero implementation
Christian Göttsche: Replace flawed memset_s usage
Alejandro Colomar: Use getnameinfo(3) instead of our own equivalent
Alejandro Colomar: Prefer getrandom(3)/getentropy(3) over arc4random(3bsd)
Serge Hallyn: workflow: update checkout acton v2 to v3
SoumyaWind: shadow: Fix can not print full login timeout message
lilinjie: fix typo
Christian Göttsche: Warn if failed to read existing /etc/nsswitch.conf
Alejandro Colomar: Call inet_sockaddr2str() instead of inet_ntop(3)
Alejandro Colomar: Add inet_sockaddr2str() to wrap inet_ntop(3)
Alejandro Colomar: Replace gethostbyname(3) by getaddrinfo(3)
ed neville: changing lock mechanism
Serge Hallyn: chfn: new_fields: fix wrong fields printed
Alejandro Colomar: Add NITEMS(arr) to get the number of elements of an array
Alejandro Colomar: Use strlcpy(3) instead of its pattern
Iker Pedrosa: strtoday.c: remove unused defines.h inclusion
Iker Pedrosa: strtoday.c: remove USE_GETDATE as it was always used
Iker Pedrosa: strtoday.c: remove POSIX 1995 conditional dependency
Alejandro Colomar: Assume struct tm is defined in <time.h>
Alejandro Colomar: Assume struct stat has st_atim and st_mtim fields
Alejandro Colomar: Remove USE_SYSLOG preprocessor conditional, which was always defined
Alejandro Colomar: Remove dead code
Alejandro Colomar: Don't redefine errno(3)
Alejandro Colomar: Fix typos in length calculations
Alejandro Colomar: Use 'uintmax_t' to print 'gid_t'
Alejandro Colomar: Fix off-by-one mistakes
Alejandro Colomar: Cosmetic fixes
Alejandro Colomar: Remove traces of utmpx
Alejandro Colomar: Disable utmpx permanently
Alejandro Colomar: Assume <utmpx.h> always exists
Alejandro Colomar: Remove pwdauth.c
Michael Vetter: Add support for skeleton files from /usr/etc/skel
Michael Vetter: Fix useradd audit event logging of ID field
Alejandro Colomar: Remove comments that survived the Helicoprion
Alejandro Colomar: Ping? :)
Alejandro Colomar: Remove preprocessor conditionals that are always true
Alejandro Colomar: Remove code conditional on USE_TERMIO
Alejandro Colomar: Assume socket(2) exists
Alejandro Colomar: Assume inet_ntoa(3) exists
Alejandro Colomar: Assume F_* and SEEK_* macros are defined
Alejandro Colomar: Remove code conditional on S_SPLINT_S
Alejandro Colomar: Assume strdup(3) exists
Alejandro Colomar: Assume strcasecmp(3) exists
Alejandro Colomar: Assume rmdir(2) exists
Alejandro Colomar: Assume mkdir(2) exists
Alejandro Colomar: Assume B[0-9]* macros are defined
Alejandro Colomar: Assume SIGTTOU is defined
Alejandro Colomar: Assume SIGTSTP is defined
Alejandro Colomar: Assume RLIMIT_STACK is defined
Alejandro Colomar: Assume RLIMIT_NOFILE is defined
Alejandro Colomar: Assume RLIMIT_FSIZE is defined
Alejandro Colomar: Assume RLIMIT_DATA is defined
Alejandro Colomar: Assume RLIMIT_CPU is defined
Alejandro Colomar: Assume RLIMIT_AS is defined
Alejandro Colomar: Assume RLIMIT_CORE is defined
Alejandro Colomar: Assume getgrgid_r(3) exists
Alejandro Colomar: Assume getgrnam_r(3) exists
Alejandro Colomar: Assume getpwuid_r(3) exists
Alejandro Colomar: Assume getpwnam_r(3) exists
Alejandro Colomar: Assume fsync(2) exists
Alejandro Colomar: Assume fchown(2) exists
Alejandro Colomar: Assume fchmod(2) exists
Alejandro Colomar: Assume l64a(3) exists
Alejandro Colomar: Assume <netdb.h> exists
Alejandro Colomar: Remove preprocessor conditionals that are always true
Alejandro Colomar: Assume <sys/resource.h> exists
Alejandro Colomar: Remove uses of ulimit(3)
Alejandro Colomar: Add indentation to heavy use of preprocessor conditionals
Alejandro Colomar: Remove unused check for <utime.h>
Alejandro Colomar: Remove unused check for <syslog.h>
Alejandro Colomar: Assume <termios.h> exists
Alejandro Colomar: Assume <utmpx.h> exists
Alejandro Colomar: Remove unused check for <sys/time.h>
Alejandro Colomar: Assume <unistd.h> exists
Alejandro Colomar: Remove unused check for <fcntl.h>
Alejandro Colomar: Assume strstr(3) exists
Alejandro Colomar: Assume snprintf(3) exists
Alejandro Colomar: Assume rename(2) exists
Alejandro Colomar: Assume NULL exists
Alejandro Colomar: Assume strerror(3) exists
Alejandro Colomar: Assume fputs(3) exists
Alejandro Colomar: Assume <locale.h> exists
Alejandro Colomar: Remove unused check for <limits.h>
Alejandro Colomar: Assume <errno.h> exists
Alejandro Colomar: Assume <stdbool.h> exists
James Addison: Add '62_usermod_remove_supplementary_groups' test case to test runner scripts (run_some)
James Addison: Add '62_usermod_remove_supplementary_groups' test case to test runner scripts (run_all, run_all.coverage)
James Addison: Add regression test for 'usermod -rG' -- it should not add users to groups they did not previously belong to
James Addison: Preparation / clarity: rename existing usermod test from 'remove_supplemental_groups' to 'clear_supplemental_groups'
Guillem Jover: agetpass: Hook into build-system
Alejandro Colomar: Hide [[gnu::malloc(deallocator)]] in a macro
Alejandro Colomar: Replace the deprecated getpass(3) by our agetpass()
Alex Colomar: libmisc: agetpass(), erase_pass(): Add functions for getting passwords safely
Alex Colomar: Don't 'else' after a 'noreturn' call
Iker Pedrosa: CI: add libbsd and pkg-config dependencies
Florian Weimer: Fix HAVE_SHADOWGRP configure check
Andy Zaugg: Allow supplementary groups to be added via config file
Iker Pedrosa: useradd: check if subid range exists for user