diff --git a/debian/NEWS b/debian/NEWS
index 0a718751..2f5dcc95 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,10 @@
+shadow (1:4.17.0~rc1-1) unstable; urgency=medium
+
+  Username checking now once again follows the upstream rules, for
+  an ecosystem-wide ruleset and security.
+
+ -- Chris Hofstaedtler <zeha@debian.org>  Sun, 22 Dec 2024 20:12:35 +0100
+
 shadow (1:4.16.0-5) unstable; urgency=medium
 
   /var/log/faillog and the programs to read it are no longer part since
diff --git a/debian/patches/debian/Relax-usernames-groupnames-checking.patch b/debian/patches/debian/Relax-usernames-groupnames-checking.patch
deleted file mode 100644
index a07c5e57..00000000
--- a/debian/patches/debian/Relax-usernames-groupnames-checking.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
-Date: Sat, 22 Jun 2024 17:39:41 +0200
-Subject: Relax usernames/groupnames checking
-
-Allows any non-empty user/grounames that don't contain ':', ',', '\\' or
-'\n' characters and don't start with '-', '+', or '~'. This patch is
-more restrictive than original Karl's version. closes: #264879 Also
-closes: #377844
-
-Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400):
-
-I can't come up with a good justification as to why characters other
-than ':'s and '\0's should be disallowed in group and usernames (other
-than '-' as the leading character).  Thus, the maintenance tools don't
-anymore.  closes: #79682, #166798, #171179
-
-Status wrt upstream: Debian specific. Not to be used upstream
----
- lib/chkname.c      | 39 +++++++++++++++------------------------
- man/groupadd.8.xml |  7 +++++++
- man/useradd.8.xml  |  9 +++++++++
- 3 files changed, 31 insertions(+), 24 deletions(-)
-
-diff --git a/lib/chkname.c b/lib/chkname.c
-index 8bde7a2..95fbe10 100644
---- a/lib/chkname.c
-+++ b/lib/chkname.c
-@@ -60,24 +60,22 @@ is_valid_name(const char *name)
- 	}
- 
- 	/*
--         * User/group names must match BRE regex:
--         *    [a-zA-Z0-9_.][a-zA-Z0-9_.-]*$\?
--         *
--         * as a non-POSIX, extension, allow "$" as the last char for
--         * sake of Samba 3.x "add machine script"
--         *
--         * Also do not allow fully numeric names or just "." or "..".
--         */
-+	 * POSIX indicate that usernames are composed of characters from the
-+	 * portable filename character set [A-Za-z0-9._-], and that the hyphen
-+	 * should not be used as the first character of a portable user name.
-+	 *
-+	 * Allow more relaxed user/group names in Debian -- ^[^-~+:,\\\s][^:,\\\s]*$
-+	 *
-+	 * Also do not allow fully numeric names or just "." or "..".
-+	 */
- 	int numeric;
- 
--	if ('\0' == *name ||
--	    ('.' == *name && (('.' == name[1] && '\0' == name[2]) ||
--			      '\0' == name[1])) ||
--	    !((*name >= 'a' && *name <= 'z') ||
--	      (*name >= 'A' && *name <= 'Z') ||
--	      (*name >= '0' && *name <= '9') ||
--	      *name == '_' ||
--	      *name == '.'))
-+	if (('\0' == *name) ||
-+		('.' == *name && (('.' == name[1] && '\0' == name[2]) ||
-+						  '\0' == name[1])) ||
-+		('-'  == *name) ||
-+		('~'  == *name) ||
-+		('+'  == *name))
- 	{
- 		errno = EINVAL;
- 		return false;
-@@ -86,14 +84,7 @@ is_valid_name(const char *name)
- 	numeric = isdigit(*name);
- 
- 	while ('\0' != *++name) {
--		if (!((*name >= 'a' && *name <= 'z') ||
--		      (*name >= 'A' && *name <= 'Z') ||
--		      (*name >= '0' && *name <= '9') ||
--		      *name == '_' ||
--		      *name == '.' ||
--		      *name == '-' ||
--		      (*name == '$' && name[1] == '\0')
--		     ))
-+		if ((':' == *name) || (',' == *name) || ('\\' == *name) || isspace(*name))
- 		{
- 			errno = EINVAL;
- 			return false;
-diff --git a/man/groupadd.8.xml b/man/groupadd.8.xml
-index 9abf159..5aa7998 100644
---- a/man/groupadd.8.xml
-+++ b/man/groupadd.8.xml
-@@ -71,6 +71,13 @@
-        Fully numeric groupnames and groupnames . or .. are
-        also disallowed.
-      </para>
-+     <para>
-+       On Debian, the only constraints are that groupnames must neither start
-+       with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
-+       colon (':'), a comma (','), or a whitespace (space:' ',
-+       end of line: '\n', tabulation: '\t', etc.).
-+       They also cannot be purely numeric or the strings "." or "..".
-+     </para>
-      <para>
-        Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
-      </para>
-diff --git a/man/useradd.8.xml b/man/useradd.8.xml
-index 17987a6..e164940 100644
---- a/man/useradd.8.xml
-+++ b/man/useradd.8.xml
-@@ -735,6 +735,15 @@
-     <para>
-       Usernames may only be up to 256 characters long.
-     </para>
-+    <para>
-+      On Debian, the only constraints are that usernames must neither start
-+      with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a
-+      colon (':'), a comma (','), or a whitespace (space: ' ',
-+      end of line: '\n', tabulation: '\t', etc.). Note that using a slash
-+      ('/') may break the default algorithm for the definition of the
-+      user's home directory.
-+      They also cannot be purely numeric or the strings "." or "..".
-+    </para>
-   </refsect1>
- 
-   <refsect1 id='configuration'>
diff --git a/debian/patches/series b/debian/patches/series
index 3e250562..2cf98b86 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,7 +2,6 @@ debian/Set-group-and-mode-for-g-shadow-files.patch
 debian/Keep-using-Debian-adduser-defaults.patch
 debian/Document-the-shadowconfig-utility.patch
 debian/Recommend-using-adduser-and-deluser.patch
-debian/Relax-usernames-groupnames-checking.patch
 debian/tests-disable-su.patch
 debian/Adapt-login.defs-for-Debian.patch
 debian/Define-LOGIN_NAME_MAX-on-HURD.patch