diff --git a/add-home_mode-xml-file.patch b/add-home_mode-xml-file.patch
new file mode 100644
index 0000000000000000000000000000000000000000..7e08541e8f6dc70911056be9b77ed2618a49343b
--- /dev/null
+++ b/add-home_mode-xml-file.patch
@@ -0,0 +1,62 @@
+From 56073640403f65193689d94a5024547181c8c4d8 Mon Sep 17 00:00:00 2001
+From: guiyao <guiyao@huawei.com>
+Date: Wed, 15 Apr 2020 19:15:53 -0400
+Subject: [PATCH] add home_mode xml file
+
+---
+ man/login.defs.d/HOME_MODE.xml | 43 ++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 43 insertions(+)
+ create mode 100644 man/login.defs.d/HOME_MODE.xml
+
+diff --git a/man/login.defs.d/HOME_MODE.xml b/man/login.defs.d/HOME_MODE.xml
+new file mode 100644
+index 0000000..21aa55f
+--- /dev/null
++++ b/man/login.defs.d/HOME_MODE.xml
+@@ -0,0 +1,43 @@
++<!--
++   Copyright (c) 1991 - 1993, Julianne Frances Haugh
++   Copyright (c) 1991 - 1993, Chip Rosenthal
++   Copyright (c) 2007 - 2009, Nicolas François
++   All rights reserved.
++  
++   Redistribution and use in source and binary forms, with or without
++   modification, are permitted provided that the following conditions
++   are met:
++   1. Redistributions of source code must retain the above copyright
++      notice, this list of conditions and the following disclaimer.
++   2. Redistributions in binary form must reproduce the above copyright
++      notice, this list of conditions and the following disclaimer in the
++      documentation and/or other materials provided with the distribution.
++   3. The name of the copyright holders or contributors may not be used to
++      endorse or promote products derived from this software without
++      specific prior written permission.
++  
++   THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
++   ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
++   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
++   PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT
++   HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
++   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++   DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++   THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++   (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
++   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++-->
++<varlistentry>
++  <term><option>HOME_MODE</option> (number)</term>
++  <listitem>
++    <para>
++      The mode for new home directories. If not specified,
++      the <option>UMASK</option> is used to create the mode.
++    </para>
++    <para>
++      <command>useradd</command> and <command>newusers</command> use this
++      to set the mode of the home directory they create.
++    </para>
++  </listitem>
++</varlistentry>
+-- 
+1.8.3.1
+
diff --git a/chpasswd b/chpasswd
new file mode 100644
index 0000000000000000000000000000000000000000..15c4663b941d502e9a6b9c23c3a8adbb56afbdd1
--- /dev/null
+++ b/chpasswd
@@ -0,0 +1,5 @@
+#%PAM-1.0
+# This tool only uses the password stack.
+password   substack system-auth
+-password   optional    pam_gnome_keyring.so use_authtok
+password   substack postlogin
diff --git a/fix-logmsg.patch b/fix-logmsg.patch
new file mode 100644
index 0000000000000000000000000000000000000000..1ceedbe5b67e8ab7ff6404714dd823f55fce411b
--- /dev/null
+++ b/fix-logmsg.patch
@@ -0,0 +1,13 @@
+Index: shadow-4.5/src/useradd.c
+===================================================================
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -329,7 +329,7 @@ static void fail_exit (int code)
+ 	              user_name, AUDIT_NO_ID,
+ 	              SHADOW_AUDIT_FAILURE);
+ #endif
+-	SYSLOG ((LOG_INFO, "failed adding user '%s', data deleted", user_name));
++	SYSLOG ((LOG_INFO, "failed adding user '%s', exit code: %d", user_name, code));
+ 	exit (code);
+ }
+
diff --git a/long-password-entry.patch b/long-password-entry.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ff05cc45d03297fe115ecbb8ae7e7a8f1cd3e9e6
--- /dev/null
+++ b/long-password-entry.patch
@@ -0,0 +1,84 @@
+diff --git a/lib/defines.h b/lib/defines.h
+--- a/lib/defines.h
++++ b/lib/defines.h
+@@ -388,4 +388,7 @@ extern char *strerror ();
+ #  define shadow_getenv(name) getenv(name)
+ #endif
+ 
++/* Maximum length of passwd entry */
++#define PASSWD_ENTRY_MAX_LENGTH 32768
++
+ #endif				/* _DEFINES_H_ */
+diff --git a/lib/pwio.c b/lib/pwio.c
+--- a/lib/pwio.c
++++ b/lib/pwio.c
+@@ -79,7 +79,10 @@ static int passwd_put (const void *ent, FILE * file)
+ 	    || (pw->pw_gid == (gid_t)-1)
+ 	    || (valid_field (pw->pw_gecos, ":\n") == -1)
+ 	    || (valid_field (pw->pw_dir, ":\n") == -1)
+-	    || (valid_field (pw->pw_shell, ":\n") == -1)) {
++	    || (valid_field (pw->pw_shell, ":\n") == -1)
++	    || (strlen (pw->pw_name) + strlen (pw->pw_passwd) +
++	        strlen (pw->pw_gecos) + strlen (pw->pw_dir) +
++	        strlen (pw->pw_shell) + 100 > PASSWD_ENTRY_MAX_LENGTH)) {
+ 		return -1;
+ 	}
+ 
+diff --git a/lib/sgetpwent.c b/lib/sgetpwent.c
+--- a/lib/sgetpwent.c
++++ b/lib/sgetpwent.c
+@@ -57,7 +57,7 @@
+ struct passwd *sgetpwent (const char *buf)
+ {
+ 	static struct passwd pwent;
+-	static char pwdbuf[1024];
++	static char pwdbuf[PASSWD_ENTRY_MAX_LENGTH];
+ 	register int i;
+ 	register char *cp;
+ 	char *fields[NFIELDS];
+@@ -67,8 +67,10 @@ struct passwd *sgetpwent (const char *buf)
+ 	 * the password structure remain valid.
+ 	 */
+ 
+-	if (strlen (buf) >= sizeof pwdbuf)
++	if (strlen (buf) >= sizeof pwdbuf) {
++		fprintf (stderr, "Too long passwd entry encountered, file corruption?\n");
+ 		return 0;	/* fail if too long */
++	}
+ 	strcpy (pwdbuf, buf);
+ 
+ 	/*
+diff --git a/lib/sgetspent.c b/lib/sgetspent.c
+--- a/lib/sgetspent.c
++++ b/lib/sgetspent.c
+@@ -48,7 +48,7 @@
+  */
+ struct spwd *sgetspent (const char *string)
+ {
+-	static char spwbuf[1024];
++	static char spwbuf[PASSWD_ENTRY_MAX_LENGTH];
+ 	static struct spwd spwd;
+ 	char *fields[FIELDS];
+ 	char *cp;
+@@ -61,6 +61,7 @@ struct spwd *sgetspent (const char *string)
+ 	 */
+ 
+ 	if (strlen (string) >= sizeof spwbuf) {
++		fprintf (stderr, "Too long shadow entry encountered, file corruption?\n");
+ 		return 0;	/* fail if too long */
+ 	}
+ 	strcpy (spwbuf, string);
+diff --git a/lib/shadowio.c b/lib/shadowio.c
+--- a/lib/shadowio.c
++++ b/lib/shadowio.c
+@@ -79,7 +79,9 @@ static int shadow_put (const void *ent, FILE * file)
+ 
+ 	if (   (NULL == sp)
+ 	    || (valid_field (sp->sp_namp, ":\n") == -1)
+-	    || (valid_field (sp->sp_pwdp, ":\n") == -1)) {
++	    || (valid_field (sp->sp_pwdp, ":\n") == -1)
++	    || (strlen (sp->sp_namp) + strlen (sp->sp_pwdp) +
++	        1000 > PASSWD_ENTRY_MAX_LENGTH)) {
+ 		return -1;
+ 	}
+ 
diff --git a/newusers b/newusers
new file mode 100644
index 0000000000000000000000000000000000000000..15c4663b941d502e9a6b9c23c3a8adbb56afbdd1
--- /dev/null
+++ b/newusers
@@ -0,0 +1,5 @@
+#%PAM-1.0
+# This tool only uses the password stack.
+password   substack system-auth
+-password   optional    pam_gnome_keyring.so use_authtok
+password   substack postlogin
diff --git a/null-time.patch b/null-time.patch
new file mode 100644
index 0000000000000000000000000000000000000000..fcf22f0e88e7d3bc1cb6338769d8cb930d480fd1
--- /dev/null
+++ b/null-time.patch
@@ -0,0 +1,94 @@
+Index: shadow-4.5/src/chage.c
+===================================================================
+--- a/src/chage.c
++++ b/src/chage.c
+@@ -167,6 +167,10 @@ static void date_to_str (char *buf, size_t maxsize, time_t date)
+ 	struct tm *tp;
+ 
+ 	tp = gmtime (&date);
++	if (tp == NULL) {
++		(void) snprintf (buf, maxsize, "(unknown)");
++		return;
++	}
+ #ifdef HAVE_STRFTIME
+ 	(void) strftime (buf, maxsize, "%Y-%m-%d", tp);
+ #else
+Index: shadow-4.5/src/faillog.c
+===================================================================
+--- a/src/faillog.c
++++ b/src/faillog.c
+@@ -163,10 +163,14 @@ static void print_one (/*@null@*/const struct passwd *pw, bool force)
+ 	}
+ 
+ 	tm = localtime (&fl.fail_time);
++	if (tm == NULL) {
++		cp = "(unknown)";
++	} else {
+ #ifdef HAVE_STRFTIME
+-	strftime (ptime, sizeof (ptime), "%D %H:%M:%S %z", tm);
+-	cp = ptime;
++		strftime (ptime, sizeof (ptime), "%D %H:%M:%S %z", tm);
++		cp = ptime;
+ #endif
++	}
+ 	printf ("%-9s   %5d    %5d   ",
+ 	        pw->pw_name, fl.fail_cnt, fl.fail_max);
+ 	/* FIXME: cp is not defined ifndef HAVE_STRFTIME */
+Index: shadow-4.5/src/lastlog.c
+===================================================================
+--- a/src/lastlog.c
++++ b/src/lastlog.c
+@@ -159,13 +159,17 @@ static void print_one (/*@null@*/const struct passwd *pw)
+ 
+ 	ll_time = ll.ll_time;
+ 	tm = localtime (&ll_time);
++	if (tm == NULL) {
++		cp = "(unknown)";
++	} else {
+ #ifdef HAVE_STRFTIME
+-	strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
+-	cp = ptime;
++		strftime (ptime, sizeof (ptime), "%a %b %e %H:%M:%S %z %Y", tm);
++		cp = ptime;
+ #else
+-	cp = asctime (tm);
+-	cp[24] = '\0';
++		cp = asctime (tm);
++		cp[24] = '\0';
+ #endif
++	}
+ 
+ 	if (ll.ll_time == (time_t) 0) {
+ 		cp = _("**Never logged in**\0");
+Index: shadow-4.5/src/passwd.c
+===================================================================
+--- a/src/passwd.c
++++ b/src/passwd.c
+@@ -456,6 +456,9 @@ static /*@observer@*/const char *date_to_str (time_t t)
+ 	struct tm *tm;
+ 
+ 	tm = gmtime (&t);
++	if (tm == NULL) {
++		return "(unknown)";
++	}
+ #ifdef HAVE_STRFTIME
+ 	(void) strftime (buf, sizeof buf, "%m/%d/%Y", tm);
+ #else				/* !HAVE_STRFTIME */
+Index: shadow-4.5/src/usermod.c
+===================================================================
+--- a/src/usermod.c
++++ b/src/usermod.c
+@@ -216,6 +216,10 @@ static void date_to_str (/*@unique@*//*@out@*/char *buf, size_t maxsize,
+ 	} else {
+ 		time_t t = (time_t) date;
+ 		tp = gmtime (&t);
++		if (tp == NULL) {
++			strncpy (buf, "unknown", maxsize);
++			return;
++		}
+ #ifdef HAVE_STRFTIME
+ 		strftime (buf, maxsize, "%Y-%m-%d", tp);
+ #else
+-- 
+2.19.1
+
diff --git a/selinux-flag.patch b/selinux-flag.patch
new file mode 100644
index 0000000000000000000000000000000000000000..09367178bc1551443906c68e28d589eaefecce5c
--- /dev/null
+++ b/selinux-flag.patch
@@ -0,0 +1,140 @@
+From 73e2af119d62d76cd7edcd2109a122a22e143e91 Mon Sep 17 00:00:00 2001
+From: "guiyao" <guiyao@huawei.com>
+Date: Wed, 15 Apr 2020 15:41:18 -0400
+Subject: [PATCH] selinux-flag
+
+backport selinux flag patch and modified for new code
+---
+ lib/semanage.c |  7 ++++++
+ src/useradd.c  | 69 ++++++++++++++++++++++++++++++----------------------------
+ 2 files changed, 43 insertions(+), 33 deletions(-)
+
+diff --git a/lib/semanage.c b/lib/semanage.c
+index e983f5f..7ec8969 100644
+--- a/lib/semanage.c
++++ b/lib/semanage.c
+@@ -294,6 +294,9 @@ int set_seuser (const char *login_name, const char *seuser_name)
+ 
+ 	ret = 0;
+ 
++	/* drop obsolete matchpathcon cache */
++	matchpathcon_fini();
++
+ done:
+ 	semanage_seuser_key_free (key);
+ 	semanage_handle_destroy (handle);
+@@ -369,6 +372,10 @@ int del_seuser (const char *login_name)
+ 	}
+ 
+ 	ret = 0;
++
++	/* drop obsolete matchpathcon cache */
++	matchpathcon_fini();
++
+ done:
+ 	semanage_handle_destroy (handle);
+ 	return ret;
+diff --git a/src/useradd.c b/src/useradd.c
+index b294439..47394a3 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -2242,6 +2242,7 @@ static void create_mail (void)
+  */
+ int main (int argc, char **argv)
+ {
++	int rv = E_SUCCESS;
+ #ifdef ACCT_TOOLS_SETUID
+ #ifdef USE_PAM
+ 	pam_handle_t *pamh = NULL;
+@@ -2464,27 +2465,11 @@ int main (int argc, char **argv)
+ 
+ 	usr_update ();
+ 
+-	if (mflg) {
+-		create_home ();
+-		if (home_added) {
+-			copy_tree (def_template, prefix_user_home, false, false,
+-			           (uid_t)-1, user_id, (gid_t)-1, user_gid);
+-		} else {
+-			fprintf (stderr,
+-			         _("%s: warning: the home directory %s already exists.\n"
+-			           "%s: Not copying any file from skel directory into it.\n"),
+-			         Prog, user_home, Prog);
+-		}
+-
+-	}
+-
+-	/* Do not create mail directory for system accounts */
+-	if (!rflg) {
+-		create_mail ();
+-	}
+-
+ 	close_files ();
+ 
++	nscd_flush_cache ("passwd");
++	nscd_flush_cache ("group");
++
+ 	/*
+ 	 * tallylog_reset needs to be able to lookup
+ 	 * a valid existing user name,
+@@ -2495,25 +2480,43 @@ int main (int argc, char **argv)
+ 	}
+ 
+ #ifdef WITH_SELINUX
+-	if (Zflg) {
+-		if (set_seuser (user_name, user_selinux) != 0) {
+-			fprintf (stderr,
+-			         _("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
+-			         Prog, user_name, user_selinux);
++	if (Zflg && *user_selinux) {
++		if (is_selinux_enabled () > 0) {
++			if (set_seuser (user_name, user_selinux) != 0) {
++				fprintf (stderr,
++					_("%s: warning: the user name %s to %s SELinux user mapping failed.\n"),
++					Prog, user_name, user_selinux);
+ #ifdef WITH_AUDIT
+-			audit_logger (AUDIT_ADD_USER, Prog,
+-			              "adding SELinux user mapping",
+-			              user_name, (unsigned int) user_id, 0);
+-#endif				/* WITH_AUDIT */
+-			fail_exit (E_SE_UPDATE);
++				audit_logger (AUDIT_ADD_USER, Prog,
++					"adding SELinux user mapping",
++					user_name, (unsigned int) user_id, 0);
++#endif                 /* WITH_AUDIT */
++				rv = E_SE_UPDATE;
++			}
+ 		}
+ 	}
+-#endif				/* WITH_SELINUX */
++#endif
++
++	if (mflg) {
++		create_home ();
++		if (home_added) {
++			copy_tree (def_template, prefix_user_home, false, true,
++						(uid_t)-1, user_id, (gid_t)-1, user_gid);
++		} else {
++			fprintf (stderr,
++					_("%s: warning: the home directory already exists.\n"
++					"Not copying any file from skel directory into it.\n"),
++					Prog);
++		}
++	}
++
++	/* Do not create mail directory for system accounts */
++	if (!rflg) {
++		create_mail ();
++	}
+ 
+-	nscd_flush_cache ("passwd");
+-	nscd_flush_cache ("group");
+ 	sssd_flush_cache (SSSD_DB_PASSWD | SSSD_DB_GROUP);
+ 
+-	return E_SUCCESS;
++	return rv;
+ }
+ 
+-- 
+1.8.3.1
+
diff --git a/shadow-4.5-goodname.patch b/shadow-4.5-goodname.patch
index b107e3f254d61026a5e6593f7b3f76d39b041d9a..3c41dbac35548b234d98ff14602663f233b4f426 100644
--- a/shadow-4.5-goodname.patch
+++ b/shadow-4.5-goodname.patch
@@ -1,18 +1,25 @@
-Index: shadow-4.5/libmisc/chkname.c
-===================================================================
---- shadow-4.5.orig/libmisc/chkname.c
-+++ shadow-4.5/libmisc/chkname.c
-@@ -47,27 +47,46 @@
- #include "chkname.h"
+From a386a250712771e44e2020060e6a3ca690f72129 Mon Sep 17 00:00:00 2001
+From: "guiyao" <guiyao@huawei.com>
+Date: Wed, 15 Apr 2020 15:18:25 -0400
+Subject: [PATCH] shadow: shadow-4.5-goodname
+
+backport patch and do some modify for new code
+---
+ libmisc/chkname.c  | 40 +++++++++++++++++++++++++++++-----------
+ man/groupadd.8.xml | 10 ++++++----
+ man/useradd.8.xml  | 12 ++++++++----
+ 3 files changed, 43 insertions(+), 19 deletions(-)
+
+diff --git a/libmisc/chkname.c b/libmisc/chkname.c
+index bdd1e72..957c966 100644
+--- a/libmisc/chkname.c
++++ b/libmisc/chkname.c
+@@ -55,26 +55,44 @@ static bool is_valid_name (const char *name)
+ 	}
  
- static bool is_valid_name (const char *name)
--{
-+{      
  	/*
 -	 * User/group names must match [a-z_][a-z0-9_-]*[$]
 -	 */
--	if (('\0' == *name) ||
--	    !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
 +         * User/group names must match gnu e-regex:
 +         *    [a-zA-Z0-9_.][a-zA-Z0-9_.-]{0,30}[a-zA-Z0-9_.$-]?
 +         *
@@ -22,15 +29,17 @@ Index: shadow-4.5/libmisc/chkname.c
 +         * Also do not allow fully numeric names or just "." or "..".
 +         */
 +	int numeric;
-+
+ 
+-	if (('\0' == *name) ||
+-	    !((('a' <= *name) && ('z' >= *name)) || ('_' == *name))) {
 +	if ('\0' == *name ||
-+	    ('.' == *name && (('.' == name[1] && '\0' == name[2]) ||
-+			      '\0' == name[1])) ||
-+	    !((*name >= 'a' && *name <= 'z') ||
-+	      (*name >= 'A' && *name <= 'Z') ||
-+	      (*name >= '0' && *name <= '9') ||
-+	      *name == '_' ||
-+	      *name == '.')) {
++		('.' == *name && (('.' == name[1] && '\0' == name[2]) ||
++				'\0' == name[1])) ||
++		!((*name >= 'a' && *name <= 'z') ||
++		  (*name >= 'A' && *name <= 'Z') ||
++		  (*name >= '0' && *name <= '9') ||
++		  *name == '_' ||
++		  *name == '.')) {
  		return false;
  	}
  
@@ -42,14 +51,15 @@ Index: shadow-4.5/libmisc/chkname.c
 -		      ('_' == *name) ||
 -		      ('-' == *name) ||
 -		      ( ('$' == *name) && ('\0' == *(name + 1)) )
+-		     )) {
 +		if (!((*name >= 'a' && *name <= 'z') ||
-+		      (*name >= 'A' && *name <= 'Z') ||
-+		      (*name >= '0' && *name <= '9') ||
-+		      *name == '_' ||
-+		      *name == '.' ||
-+		      *name == '-' ||
-+		      (*name == '$' && name[1] == '\0')
- 		     )) {
++			 (*name >= 'A' && *name <= 'Z') ||
++			 (*name >= '0' && *name <= '9') ||
++			 *name == '_' ||
++			 *name == '.' ||
++			 *name == '-' ||
++			 (*name == '$' && name[1] == '\0')
++			)) {
  			return false;
  		}
 +		numeric &= isdigit(*name);
@@ -60,11 +70,11 @@ Index: shadow-4.5/libmisc/chkname.c
  }
  
  bool is_valid_user_name (const char *name)
-Index: shadow-4.5/man/groupadd.8.xml
-===================================================================
---- shadow-4.5.orig/man/groupadd.8.xml
-+++ shadow-4.5/man/groupadd.8.xml
-@@ -256,10 +256,12 @@
+diff --git a/man/groupadd.8.xml b/man/groupadd.8.xml
+index 1e58f09..47a4c95 100644
+--- a/man/groupadd.8.xml
++++ b/man/groupadd.8.xml
+@@ -273,10 +273,12 @@
     <refsect1 id='caveats'>
       <title>CAVEATS</title>
       <para>
@@ -81,11 +91,11 @@ Index: shadow-4.5/man/groupadd.8.xml
       </para>
       <para>
         Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
-Index: shadow-4.5/man/useradd.8.xml
-===================================================================
---- shadow-4.5.orig/man/useradd.8.xml
-+++ shadow-4.5/man/useradd.8.xml
-@@ -633,10 +633,14 @@
+diff --git a/man/useradd.8.xml b/man/useradd.8.xml
+index 03612ce..4e9e0dc 100644
+--- a/man/useradd.8.xml
++++ b/man/useradd.8.xml
+@@ -662,10 +662,14 @@
      </para>
  
      <para>
@@ -104,3 +114,6 @@ Index: shadow-4.5/man/useradd.8.xml
      </para>
      <para>
        Usernames may only be up to 32 characters long.
+-- 
+1.8.3.1
+
diff --git a/shadow-4.6.tar.xz.asc b/shadow-4.6.tar.xz.asc
deleted file mode 100644
index e36c97f27fe2a8b0d782570effa5c6c2fc58843b..0000000000000000000000000000000000000000
--- a/shadow-4.6.tar.xz.asc
+++ /dev/null
@@ -1,11 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEE8dCNt3gYW/eEAC3/6f7qBqheP50FAlrncOkACgkQ6f7qBqhe
-P52UGAf/eOnoIYIZ52y72iMxeNfQMTMjYTZd1YrtjlK0RQKquK7FrCOg91MvOF2B
-hLVKu2OU7mzuPTMSAraAxjXLkrM0E3vFjMtu1fHBGlGTMspAfik/9Gu9qoevAKXy
-BRqgN5m5HMfoGPeEjzILzaGq8bnPKIOfJ0iAYVkjjIa73Vn20uTmNgNZIRqHqwfw
-5GUFHn6cjQXFcQ3ngywgwQD7/h/65w8dBbGysF551sAqzPJRbneQL9Wtklcqi1ub
-55NyF0ifT67RqMh+EyxhuhXP1Hi57PTEAeqaFMFxnPlQPb+8pQ8nszWBmI+vUN8D
-FmhwCtSTnmKlj0jeAqevmkijJhGPQQ==
-=fk/F
------END PGP SIGNATURE-----
diff --git a/shadow-4.7.tar.xz b/shadow-4.7.tar.xz
deleted file mode 100644
index c4e121d03f5b0e4f75e6d3d5a27960242a96f2c5..0000000000000000000000000000000000000000
Binary files a/shadow-4.7.tar.xz and /dev/null differ
diff --git a/shadow-4.8.1.tar.xz b/shadow-4.8.1.tar.xz
new file mode 100644
index 0000000000000000000000000000000000000000..986e648556d982c250bcbd236be79a974c1f030d
Binary files /dev/null and b/shadow-4.8.1.tar.xz differ
diff --git a/shadow-utils-fix-invalid-path.patch b/shadow-utils-fix-invalid-path.patch
deleted file mode 100644
index f98fb3a50f9c55c9cee21e520186a589d9a61a14..0000000000000000000000000000000000000000
--- a/shadow-utils-fix-invalid-path.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From d268644440170ea52e124061e2d848278c693c90 Mon Sep 17 00:00:00 2001
-From: guoxiaoqi <guoxiaoqi2@huawei.com>
-Date: Mon, 16 Dec 2019 10:31:44 -0500
-Subject: [PATCH] fix invalid path
-
-Signed-off-by: guoxiaoqi <guoxiaoqi2@huawei.com>
----
- src/useradd.c | 15 +++++++++++++++
- 1 file changed, 15 insertions(+)
-
-diff --git a/src/useradd.c b/src/useradd.c
-index cafbe90..930b4ea 100644
---- a/src/useradd.c
-+++ b/src/useradd.c
-@@ -1276,6 +1276,21 @@ static void process_flags (int argc, char **argv)
- 					exit (E_BAD_ARG);
- 				}
- 				user_shell = optarg;
-+                                struct stat st;
-+                                if (stat (optarg, &st) != 0) {
-+                                        if ((ENOENT == errno) || (ENOTDIR == errno)) {
-+                                                /* The file or directory does not exist */
-+                                                fprintf (stderr,
-+                                                 _("%s: warning :The file %s is not exist\n"),
-+                                                 Prog, optarg);
-+                                                exit (E_BAD_ARG);
-+                                        }
-+                                } else if ((st.st_mode & S_IXUSR) == 0) {
-+                                        fprintf (stderr,
-+                                         _("%s: warning :The file %s is not executable\n"),
-+                                         Prog, optarg);
-+                                        exit (E_BAD_ARG);
-+                                }
- 				def_shell = optarg;
- 				sflg = true;
- 				break;
--- 
-1.8.3.1
-
diff --git a/shadow.spec b/shadow.spec
index 5f2f56fa427a9e8faefa3f4e52082f59e66f7010..729c8f85413095598deab0d1a21af34f79db8657 100644
--- a/shadow.spec
+++ b/shadow.spec
@@ -1,6 +1,6 @@
 Name: shadow
-Version: 4.7
-Release: 10
+Version: 4.8.1
+Release: 2
 Epoch: 2
 License: BSD and GPLv2+
 Summary: Tools for managing accounts and shadow password files
@@ -10,17 +10,23 @@ Source2: shadow-utils.useradd
 Source3: shadow-utils.login.defs
 Source4: shadow-bsd.txt
 Source5: https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
+Source6: chpasswd
+Source7: newusers
 # fix unknown item 'LASTLOG_MAX_UID'
-Patch1:    usermod.c-Fix-invalid-variable-name.patch
-Patch2:    shadow-4.5-goodname.patch
-Patch3:    shadow-4.1.5.1-var-lock.patch
-Patch4:    shadow-utils-fix-lock-file-residue.patch
-Patch5:    shadow-utils-fix-invalid-path.patch
+Patch0:  shadow-4.5-goodname.patch
+Patch1:  fix-logmsg.patch
+Patch2:  null-time.patch
+Patch3:  long-password-entry.patch
+Patch4:  usermod-unlock.patch
+Patch5:  selinux-flag.patch
+Patch6:  add-home_mode-xml-file.patch
+Patch7:  shadow-4.1.5.1-var-lock.patch
+Patch8:  shadow-utils-fix-lock-file-residue.patch
 
 BuildRequires: gcc, libselinux-devel, audit-libs-devel, libsemanage-devel
 BuildRequires: libacl-devel, libattr-devel gdb
 BuildRequires: bison, flex, gnome-doc-utils, docbook-style-xsl, docbook-dtds
-BuildRequires: autoconf, automake, libtool, gettext-devel
+BuildRequires: autoconf, automake, libtool, gettext-devel, itstool, pam-devel
 Requires: libselinux
 Requires: audit
 Requires: setup
@@ -58,7 +64,7 @@ autoreconf -fiv
         --with-sha-crypt \
         --with-selinux \
         --without-libcrack \
-        --without-libpam \
+        --with-libpam \
         --disable-shared \
         --with-group-name-max-length=32
 %make_build
@@ -69,7 +75,8 @@ rm -rf $RPM_BUILD_ROOT
 install -d -m 755 $RPM_BUILD_ROOT/%{_sysconfdir}/default
 install -p -c -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_sysconfdir}/login.defs
 install -p -c -m 0600 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/default/useradd
-
+install -p -c -m 0644 %{SOURCE6} $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/chpasswd
+install -p -c -m 0644 %{SOURCE7} $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/newusers
 
 ln -s useradd $RPM_BUILD_ROOT%{_sbindir}/adduser
 ln -s useradd.8 $RPM_BUILD_ROOT/%{_mandir}/man8/adduser.8
@@ -86,8 +93,6 @@ rm $RPM_BUILD_ROOT/%{_bindir}/login
 rm $RPM_BUILD_ROOT/%{_bindir}/passwd
 rm $RPM_BUILD_ROOT/%{_bindir}/su
 rm $RPM_BUILD_ROOT/%{_bindir}/faillog
-rm $RPM_BUILD_ROOT/%{_sysconfdir}/login.access
-rm $RPM_BUILD_ROOT/%{_sysconfdir}/limits
 rm $RPM_BUILD_ROOT/%{_sbindir}/logoutd
 rm $RPM_BUILD_ROOT/%{_sbindir}/nologin
 rm $RPM_BUILD_ROOT/%{_mandir}/man1/chfn.*
@@ -104,14 +109,8 @@ rm $RPM_BUILD_ROOT/%{_mandir}/man1/passwd.*
 rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/passwd.*
 rm $RPM_BUILD_ROOT/%{_mandir}/man1/su.*
 rm $RPM_BUILD_ROOT/%{_mandir}/*/man1/su.*
-rm $RPM_BUILD_ROOT/%{_mandir}/man5/limits.*
-rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/limits.*
-rm $RPM_BUILD_ROOT/%{_mandir}/man5/login.access.*
-rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/login.access.*
 rm $RPM_BUILD_ROOT/%{_mandir}/man5/passwd.*
 rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/passwd.*
-rm $RPM_BUILD_ROOT/%{_mandir}/man5/porttime.*
-rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/porttime.*
 rm $RPM_BUILD_ROOT/%{_mandir}/man5/suauth.*
 rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/suauth.*
 rm $RPM_BUILD_ROOT/%{_mandir}/man8/logoutd.*
@@ -124,6 +123,11 @@ rm $RPM_BUILD_ROOT/%{_mandir}/man5/faillog.*
 rm $RPM_BUILD_ROOT/%{_mandir}/*/man5/faillog.*
 rm $RPM_BUILD_ROOT/%{_mandir}/man8/faillog.*
 rm $RPM_BUILD_ROOT/%{_mandir}/*/man8/faillog.*
+rm $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/chfn
+rm $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/chsh
+rm $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/login
+rm $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/passwd
+rm $RPM_BUILD_ROOT/%{_sysconfdir}/pam.d/su
 
 find $RPM_BUILD_ROOT%{_mandir} -depth -type d -empty -delete
 %find_lang shadow
@@ -156,11 +160,20 @@ done
 %{_sbindir}/newusers
 %{_sbindir}/vipw
 %{_sbindir}/vigr
+%{_sysconfdir}/pam.d/chpasswd
+%{_sysconfdir}/pam.d/groupmems
+%{_sysconfdir}/pam.d/newusers
 
 %files help
 %{_mandir}/*/*
 
 %changelog
+* Tue May 12 2020 steven<steven_ygui@163.com> - 2:4.8.1-2
+- Enable --with-libpam config during compiling
+
+* Fri Apr 24 2020 steven<steven_ygui@163.com> - 2:4.8.1-1
+- Upgrade version to 4.8.1
+
 * Sat Mar 21 2020 openEuler Buildteam <buildteam@openEuler.org> - 2:4.7-10
 - Only package man file into shadow-help; add buildrequires of gdb
 
diff --git a/usermod-unlock.patch b/usermod-unlock.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ff9602d098f2817c2645e47a426791acfef1a6ef
--- /dev/null
+++ b/usermod-unlock.patch
@@ -0,0 +1,65 @@
+Index: shadow-4.5/src/usermod.c
+===================================================================
+--- a/src/usermod.c
++++ b/src/usermod.c
+@@ -466,14 +466,17 @@ static char *new_pw_passwd (char *pw_pass)
+ 		strcat (buf, pw_pass);
+ 		pw_pass = buf;
+ 	} else if (Uflg && pw_pass[0] == '!') {
+-		char *s;
++		char *s = pw_pass;
+ 
+-		if (pw_pass[1] == '\0') {
++		while ('!' == *s)
++			++s;
++
++		if (*s == '\0') {
+ 			fprintf (stderr,
+ 			         _("%s: unlocking the user's password would result in a passwordless account.\n"
+ 			           "You should set a password with usermod -p to unlock this user's password.\n"),
+ 			         Prog);
+-			return pw_pass;
++			return NULL;
+ 		}
+ 
+ #ifdef WITH_AUDIT
+@@ -482,12 +485,15 @@ static char *new_pw_passwd (char *pw_pass)
+ 		              user_newname, (unsigned int) user_newid, 0);
+ #endif
+ 		SYSLOG ((LOG_INFO, "unlock user '%s' password", user_newname));
+-		s = pw_pass;
+-		while ('\0' != *s) {
+-			*s = *(s + 1);
+-			s++;
+-		}
++		memmove (pw_pass, s, strlen (s) + 1);
+ 	} else if (pflg) {
++		if (strchr (user_pass, ':') != NULL) {
++			fprintf (stderr,
++			         _("%s: The password field cannot contain a colon character.\n"),
++			         Prog);
++			return NULL;
++
++		}
+ #ifdef WITH_AUDIT
+ 		audit_logger (AUDIT_USER_CHAUTHTOK, Prog,
+ 		              "changing password",
+@@ -536,6 +542,8 @@ static void new_pwent (struct passwd *pwent)
+ 	if (   (!is_shadow_pwd)
+ 	    || (strcmp (pwent->pw_passwd, SHADOW_PASSWD_STRING) != 0)) {
+ 		pwent->pw_passwd = new_pw_passwd (pwent->pw_passwd);
++		if (pwent->pw_passwd == NULL)
++			fail_exit (E_PW_UPDATE);
+ 	}
+ 
+ 	if (uflg) {
+@@ -650,6 +658,8 @@ static void new_spent (struct spwd *spent)
+ 	 *  + aging has been requested
+ 	 */
+ 	spent->sp_pwdp = new_pw_passwd (spent->sp_pwdp);
++	if (spent->sp_pwdp == NULL)
++		fail_exit(E_PW_UPDATE);
+ 
+ 	if (pflg) {
+ 		spent->sp_lstchg = (long) gettime () / SCALE;
+
diff --git a/usermod.c-Fix-invalid-variable-name.patch b/usermod.c-Fix-invalid-variable-name.patch
deleted file mode 100644
index 793896518dfd2c938d531dd4a9191cd3009f4ee9..0000000000000000000000000000000000000000
--- a/usermod.c-Fix-invalid-variable-name.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From fc0ed79e5d700b4a730235fe88e60951717edc6e Mon Sep 17 00:00:00 2001
-From: Stanislav Brabec <sbrabec@suse.cz>
-Date: Fri, 26 Jul 2019 21:39:42 +0200
-Subject: [PATCH] usermod.c: Fix invalid variable name
-
-Fix invalid LASTLOG_MAX_UID variable name to correct LASTLOG_UID_MAX.
-
-Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
----
- src/usermod.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/usermod.c b/src/usermod.c
-index c371886..0ae50e3 100644
---- a/src/usermod.c
-+++ b/src/usermod.c
-@@ -1879,7 +1879,7 @@ static void update_lastlog (void)
- 		return;
- 	}
- 
--	max_uid = (uid_t) getdef_ulong ("LASTLOG_MAX_UID", 0xFFFFFFFFUL);
-+	max_uid = (uid_t) getdef_ulong ("LASTLOG_UID_MAX", 0xFFFFFFFFUL);
- 	if (user_newid > max_uid) {
- 		/* do not touch lastlog for large uids */
- 		return;
--- 
-1.8.3.1
-