Change log for shadow package in Debian
| 1 → 48 of 48 results | First • Previous • Next • Last |
| Published in sid-release |
shadow (1:4.13+dfsg1-4) unstable; urgency=medium [ Helmut Grohne ] * DEP17: Move login and shadowconfig to /usr. (Closes: #1059915) -- Serge Hallyn <email address hidden> Sun, 04 Feb 2024 20:28:27 +0000
| Superseded in sid-release |
shadow (1:4.13+dfsg1-3) unstable; urgency=medium * Team upload * Remove myself from uploaders -- Balint Reczey <email address hidden> Sun, 15 Oct 2023 19:10:52 +0200
| Superseded in sid-release |
shadow (1:4.13+dfsg1-2) unstable; urgency=medium
[ Balint Reczey ]
* debian/gitlab-ci.yml: Use sudo to fix reprotest test
* debian/login.pam: Drop reference to Debian Etch (Closes: #1040064)
* debian/NEWS: Fix false claim about PREVENT_NO_AUTH affecting authentication.
Also drop setting PREVENT_NO_AUTH in shipped login.defs. (Closes: #1041547)
* Cherry-pick upstream patch to fix gpasswd passwd leak
(CVE-2023-4641) (Closes: #1051062)
* Cherry-pick upstream patch to fix chfn vulnerability allowing injection of
control characters into some /etc/passwd fields.
(CVE-2023-29383) (Closes: #1034482)
[ Gioele Barabucci ]
* Support <nodoc> build profile
`xsltproc`, `docbook` and all other XML-related packages are not needed
when the `<nodoc>` build profile is active, as long as `./configure` is
called with `--disable-man`. (Closes: #1051827)
-- Balint Reczey <email address hidden> Tue, 26 Sep 2023 22:01:52 +0200
shadow (1:4.13+dfsg1-1) unstable; urgency=medium
[ Balint Reczey ]
* debian/watch: Make watch file work with new GitHub UI
* debian/control: Mark libsubid-dev as Multi-Arch: same
* New upstream version 4.13
- fix typo in useradd(8) (Closes: #1021380)
* Refresh patches
[ Debian Janitor ]
* Remove constraints unnecessary since buster (oldstable)
* login: Drop versioned constraint on util-linux in Breaks.
Changes-By: deb-scrub-obsolete
-- Balint Reczey <email address hidden> Fri, 11 Nov 2022 09:28:15 +0100
| Superseded in sid-release |
shadow (1:4.12.3+dfsg1-3) unstable; urgency=medium [ Debian Janitor ] * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository-Browse. [ Balint Reczey ] * Fix tree copying regressions introduced in 4.12.2. (Closes: #1023132) -- Balint Reczey <email address hidden> Sat, 05 Nov 2022 14:47:01 +0100
| Superseded in sid-release |
shadow (1:4.12.3+dfsg1-2) unstable; urgency=medium
* Cherry-pick upstream patch to fix regression in expiration date handling
(Closes: #1021697)
-- Balint Reczey <email address hidden> Sat, 22 Oct 2022 20:23:10 +0200
| Superseded in sid-release |
shadow (1:4.12.3+dfsg1-1) unstable; urgency=medium
[ Balint Reczey ]
* New upstream release (Closes: #1004242, #1006848)
* Refresh patches
* debian/patches: Reorder patches in series to make it look sane
* Fix Lintian elevated-privileges tag rename
[ Johannes Schauer Marin Rodrigues ]
* debian/shadowconfig: Support DPKG_ROOT without using chroot()
(Closes: #1007758)
* useradd: cherry-pick patch from upstream to avoid creating several GB worth
of sparse lastlog and faillog files for users with high uid values
(Closes: #1019245)
[ Debian Janitor ]
* Update renamed lintian tag names in lintian overrides.
* Update standards version to 4.6.1, no changes needed.
-- Balint Reczey <email address hidden> Tue, 04 Oct 2022 22:09:04 +0200
| Superseded in sid-release |
shadow (1:4.11.1+dfsg1-2) unstable; urgency=medium
[ Balint Reczey ]
* debian/README.source: Recommend submitting translations upstream
* debian/tests/control: Mark smoke test as superficial
* useradd: Restore defaults used up to 4.8.1 version.
Also fix /etc/default/useradd to state that mail spool directories are
not created.
* login.defs:
- List default value of HOME_MODE
- Warn about weak cryptographic choices, like upstream
- include HMAC_CRYPTO_ALGO key
- Fix typo
[ Jenkins ]
* Trim trailing whitespace.
Changes-By: lintian-brush
Fixes: lintian: trailing-whitespace
* Use canonical URL in Vcs-Git.
Changes-By: lintian-brush
Fixes: lintian: vcs-field-not-canonical
* Fix day-of-week for changelog entry 1:4.1.4.2+svn3283-3.
Changes-By: lintian-brush
Fixes: lintian: debian-changelog-has-wrong-day-of-week
-- Balint Reczey <email address hidden> Thu, 03 Mar 2022 20:41:41 +0100
| Superseded in sid-release |
shadow (1:4.11.1+dfsg1-1) unstable; urgency=medium * debian/NEWS: Fix version and release of latest entry -- Balint Reczey <email address hidden> Mon, 31 Jan 2022 10:33:28 +0100
| Deleted in experimental-release (Reason: None provided.) |
shadow (1:4.11.1+dfsg1-0exp1) experimental; urgency=medium
* login: Don't list su command as shipped (Closes: #960637)
* Install nologin /usr/sbin without patching makefiles
* debian/copyright: Fully rewrite the file based on upstream license update
and exclude contrib/atudel from upstream tarball
* debian/watch: Repack upstream tarball with +dfsg1 suffix
* debian/upstream/signing-key.asc: Update upstream signing key
* New upstream version 4.11.1+dfsg1
* Refresh patches
* Set NONEXISTENT to /nonexistent in shipped login.defs (Closes: #960318)
* Enable newly added yescrypt support
* Include YESCRYPT options in shipped login.defs (Closes: #991914)
* debian/rules: Stop using --disable-shared to build shared libraries
* Ship the libsubid4 and libsubid-dev packages and ship getsubids in uidmap
* debian/rules: Drop obsolete variable setting
* debian/login.lintian-overrides: Drop unused override
* debian/control: Make the Vcs-Browser URL canonical
* debian/login.defs: List new GRANT_AUX_GROUP_SUBIDS option in shipped login.defs
* debian/NEWS: Mention new login behaviour regarding empty password field.
Also set PREVENT_NO_AUTH in shipped login.defs accordingly.
* debian/tests: Cherry-pick part of autopkgtest from Ubuntu.
Thanks to Michael Vogt for the more extensive suite in Ubuntu
* debian/login.defs: Set default subuid and subgid ranges
-- Balint Reczey <email address hidden> Sat, 22 Jan 2022 21:03:44 +0100
shadow (1:4.8.1-2) unstable; urgency=medium
* debian/control: Switch to libsemanage-dev from libsemanage1-dev
(Closes: #998633)
* ACK NMU, thanks for all the changes
* Make passwd recommend sensible-utils because vipw uses sensible-editor
* Add files to debian/not-installed or install them when they were missed
This change ships a few more man page translations
* debian/control: Bump debhelper-compat version to 13
* List man pages to install in debian/*.manpages instead of in
debian/*.install
* Clean up debian/control using 'cme fix dpkg-control'
* Rename deprecated debian/passwd.tmpfile to debian/passwd.tmpfiles
* debian/control: Revert to my personal email address in the Maintainer field
-- Balint Reczey <email address hidden> Wed, 10 Nov 2021 10:39:04 +0100
| Superseded in sid-release |
shadow (1:4.8.1-1.1) unstable; urgency=medium [ Johannes Schauer Marin Rodrigues ] * Non-maintainer upload. [ Niels Thykier ] * Remove obsolete login.preinst * Remove obsolete code from passwd maintscripts [ Helmut Grohne ] * logoutd is gone since at least buster (closes: #989712) * Delete duplicate subuid/subgid creation. * login.postinstd support for DPKG_ROOT (closes: #992578) -- Johannes Schauer Marin Rodrigues <email address hidden> Sat, 23 Oct 2021 21:04:57 +0200
shadow (1:4.8.1-1) unstable; urgency=medium
* debian/default/useradd: Fix typo DHSELL -> DSHELL (Closes: #897028)
* New upstream version 4.8.1
- Update Dutch translation (Closes: #946608)
* Refresh patches
-- Balint Reczey <email address hidden> Fri, 07 Feb 2020 15:54:14 +0100
shadow (1:4.8-1) unstable; urgency=medium
[ Laurent Bigonville ]
* Move the call to pam_motd before pam_selinux open
[ Justin B Rye ]
* login: Update package description (Closes: #808301)
[ Yuriy M. Kaminskiy ]
* Mark uidmap and login as Multi-Arch: foreign (Closes: #934473)
[ Andreas Henriksson ]
* New upstream release.
- man: generate translations using itstool instead of xml2po
* Replace gnome-doc-utils build-dep with itstool (Closes: #881889)
* Use explicit --without-su configure flag
* Refresh and massage patches to apply
* Cherry-pick upstream patch reverting bindir/sbindir
* Fix lintian warning useless-autoreconf-build-depends
[ Balint Reczey ]
* debian/login.su.pam: Drop unused file
-- Balint Reczey <email address hidden> Fri, 20 Dec 2019 16:39:40 +0100
shadow (1:4.7-2) unstable; urgency=medium
[ Balint Reczey ]
* Remove obsolete /etc/cron.daily/passwd in maintainer scripts
(Closes: #932017)
* Remove Christian Perrier from Uploaders according to his request.
Thank you for maintaining shadow for long years! (Closes: #893944, #927576)
[ Gaudenz Steinlin ]
* Improve NEWS entry about securetty.
-- Balint Reczey <email address hidden> Tue, 16 Jul 2019 18:48:12 +0200
shadow (1:4.7-1) unstable; urgency=medium
[ Ondřej Nový ]
* d/changelog: Remove trailing whitespaces
[ Niels Thykier ]
* Declare the explicit requirement for (fake)root.
The shadow package currently requires (fake)root to produce the debs
due to static non-root:root ownerships in the debs.
[ Bryan Quigley ]
* Remove cron daily backup.
It was added in 2010 (#554170) as a split off from a previous cron
job. I haven't seen an argument for why it's useful to keep.
Depending on when a mistake occurs in one of the files it backups
it will provide variable recovery time of 0 to 24hours.
[ Balint Reczey ]
* Add Salsa CI configuration
* Drop Lintian override for su, it is not shipped in login anymore
* Stop shipping and honoring /etc/securetty
(Closes: #731656, #830255, #879903, #920764, #771675, #917893, #607073)
* Migrate to dh from cdbs
* Ship some missing man files
* Fix checking upstream tarball's OpenPGP signature
* New upstream version 4.7
* Refresh patches
* Run autopkgtest in Salsa CI when it exists
* debian/NEWS: Fix version of latest entry
* Clean up /etc/securetty properly on upgrade
-- Balint Reczey <email address hidden> Mon, 08 Jul 2019 15:58:46 +0200
shadow (1:4.5-1.1) unstable; urgency=medium
* Non-maintainer upload (greetings from DebCamp/DebConf Taiwan).
* Stop shipping su and break old util-linux version. (See #833256)
- Breaks on old version to force lockstep upgrade, which should
really be a depends-new-version (and can be switched around
together with util-linux once the transition is finished).
Using Breaks/Depends the 'wrong' way around is to make apt
unpack things in the 'right' order (avoiding any gaps where
/bin/su is not available during the upgrade phase).
-- Andreas Henriksson <email address hidden> Fri, 27 Jul 2018 10:07:37 +0200
shadow (1:4.5-1) unstable; urgency=medium
* New upstream version 4.5
- Fix buffer overflow if NULL line is present in db (CVE-2017-12424)
(Closes: #756630)
- Make the sp_lstchg shadow field reproducible (Closes: #857803)
- Fix regression in useradd not loading defaults properly.
(Closes: #865762)
* Refresh patches
* Drop patches manipulating su argument concatenation:
* Cut redundant information from Debian-specific README files
* Revert adding pts/0 and pts/1 to securetty.
Adding pts/* defeats the purpose of securetty. Let containers add it if
needed as described in #830255.
* Use my @ubuntu.com email address in Maintainer field
-- Balint Reczey <email address hidden> Wed, 27 Sep 2017 12:45:23 -0400
| Published in jessie-release |
shadow (1:4.2-3+deb8u4) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* Reset pid_child only if waitpid was successful.
This is a regression fix for CVE-2017-2616. If su receives a signal like
SIGTERM, it is not propagated to the child. (Closes: #862806)
-- Salvatore Bonaccorso <email address hidden> Wed, 17 May 2017 12:58:54 +0200
shadow (1:4.4-4.1) unstable; urgency=high
* Non-maintainer upload.
* Reset pid_child only if waitpid was successful.
This is a regression fix for CVE-2017-2616. If su receives a signal like
SIGTERM, it is not propagated to the child. (Closes: #862806)
-- Salvatore Bonaccorso <email address hidden> Wed, 17 May 2017 13:59:59 +0200
| Superseded in jessie-release |
shadow (1:4.2-3+deb8u3) jessie-security; urgency=high * Fix integer overflow in getulong.c (CVE-2016-6252) (Closes: #832170) * Refresh patches * Add myself to uploaders replacing Nicolas FRANCOIS (Nekral) -- Balint Reczey <email address hidden> Fri, 24 Feb 2017 00:57:31 +0100
shadow (1:4.4-4) unstable; urgency=high * su: properly clear child PID (CVE-2017-2616) (Closes: #855943) -- Balint Reczey <email address hidden> Fri, 24 Feb 2017 01:33:25 +0100
shadow (1:4.4-3) unstable; urgency=medium
[ Balint Reczey ]
* Clean up stale locks on boot (Closes: #478771)
* Sync motd handling with sshd.
Using patch from Ubuntu (Closes: #757148)
[ Stéphane Graber ]
* Add missing /etc/{subgid|subuid} in postinst
-- Balint Reczey <email address hidden> Wed, 25 Jan 2017 16:43:09 +0100
shadow (1:4.4-2) unstable; urgency=medium
[ Balint Reczey ]
* Update homepage to new upstream
* Always use /bin/sh shell in the build (Closes: #817971)
* Replace user´s -> user's to make login.def file valid ASCII
(Closes: #850338)
* Update patch naming docmentation
* Fix typos in German man pages (Closes: #734609)
* Send 1000_configure_userns patch upstream
* Add call to pam_keyinit for login pam service.
This module is linux-any only, so copy what openssh has already done and
remove the call at build time for other architectures.
The call to this module is needed to have proper per-session kernel
keyring. (Closes: #734671)
* Add pts/0 and pts/1 to securetty (Closes: #830255)
* Add ttySAC* to securetty (Closes: #824391)
* Add ttySC[4-9] to securetty (Closes: #768020)
[ Laurent Bigonville ]
* Move pam_selinux open call higher in the session stack (Closes: #747313)
[ Christian Perrier ]
* Fix typos in login.pam (thanks to Jakub Wilk for reporting)
(Closes: #747115)
* Include groupmems(8) in the passwd package (Closes: #663117)
[ Frans Spiesschaert ]
* Dutch translation update (Closes: #772470)
[ Trần Ngọc Quân ]
* Update Vietnamese translation (Closes: #777107)
[ Miroslav Kuře ]
* Updated Czech translation. (Closes: #759113)
[ Holger Wansing ]
* Update for German man pages
[ Thomas Blein ]
* French manpage translation (Closes: #805182)
[ Lars Bahner ]
* Fix some spelling issues in the Norwegian translation (Closes: #800553)
-- Balint Reczey <email address hidden> Thu, 19 Jan 2017 18:22:49 +0100
shadow (1:4.4-1) unstable; urgency=medium
[ Christian Perrier ]
* Imported Upstream version 4.2
* Debian patch: Fix typo in su.1.xml
* Configure userns
* Vietnamese translation update
* French translation update (Closes: #725793)
* German translation update
* Update NEWS file
* Issue a warning if no manpages have been generated
* Regenerate PO files
* Regenerate manpages PO files
* Imported Upstream version 4.2.1
[ Serge Hallyn ]
* Import new upstream
* Patch changes:
- Update 501_commonio_group_shadow to work with upstream changes
- Update 1010_vietnamese_translation
- Drop userns patches which are now all upstream
[ Balint Reczey ]
* Update debian/watch to use GitHub releases
* Imported Upstream version 4.4
- Fix incorrect integer handling (CVE-2016-6252) (Closes: #832170)
* Disable Vietnamese translation patch because it does not apply cleanly
* Bump debhelper compat level to 10
* ACK NMU by Samuel Thibault dropping the patch which is integrated
upstream
* Stop build-depending on build-essential dpkg-dev
* Tag login package as essential properly
* Adopt the package under the Shadow Team's umbrella (Closes: #801707)
-- Balint Reczey <email address hidden> Fri, 06 Jan 2017 16:19:18 +0100
shadow (1:4.2-3.3) unstable; urgency=medium * Non-maintainer upload. * Apply upstream patch to fix build on hurd-i386. (Closes: #750480) -- Samuel Thibault <email address hidden> Tue, 22 Nov 2016 18:31:28 +0000
shadow (1:4.2-3.2) unstable; urgency=medium
* Non-maintainer upload.
* Use HTTPS in Vcs-Git.
* Stop using hardening-wrapper and instead use /usr/share/dpkg/buildflags.mk.
Closes: #836653
-- Mattia Rizzolo <email address hidden> Sun, 18 Sep 2016 14:42:16 +0000
| Superseded in jessie-release |
shadow (1:4.2-3+deb8u1) jessie; urgency=medium * Non-maintainer upload. * Fix error handling in busy user detection. (Closes: #778287) -- Bastian Blank <email address hidden> Wed, 18 Nov 2015 08:07:09 +0000
shadow (1:4.2-3.1) unstable; urgency=medium * Non-maintainer upload. * Fix error handling in busy user detection. (Closes: #778287) -- Bastian Blank <email address hidden> Thu, 12 Nov 2015 14:33:33 +0000
shadow (1:4.2-3) unstable; urgency=low
* Enforce hardened builds to workaround cdbs sometimes not building
with hardening flags as in 1:4.2-2+b1
Thanks to Dr. Markus Waldeck for pointing the issue and Simon Ruderich
For providing a working patch.
-- Christian Perrier <email address hidden> Wed, 19 Nov 2014 21:59:09 +0100
shadow (1:4.2-2) unstable; urgency=low
* The "Soumaintrain" release
* The "Rigotte de Condrieu" release was 4.2-1
* Upload to unstable
* Last upload integrates the use of dh_autoreconf which has the same
effect then Eric Dorland's patch in 1:4.1.5.1-1.1 NMU to drop the
use of automake1.9. Closes: #724434
[ Samuel Thibault ]
* Enable the login package on hurd-any, but without /bin/login, still provided
by the hurd package. Closes: #737805.
This fix was accidentally forgotten in 1:4.2-1
[ Josh Triplett ]
* use the new pam_exec functionality from pam 1.1.8-1 to implement the
dynamic motd, rather than using /run/motd.dynamic from initscripts.
This will allow initscripts to drop /etc/init.d/motd.
Closes: #741129
[ Laurent Bigonville ]
* Enable libaudit support. Closes: #745774
[ Trần Ngọc Quân ]
* Vietnamese translation update.
[ Christian Perrier ]
* Add a lintian override for newuidmap and newgidmap setuid binaries
* Add upstream signing key as debian/upstream-signing-key.asc
* Check upstream signing key in debian/watch
-- Christian Perrier <email address hidden> Sun, 04 May 2014 19:39:07 +0200
| Deleted in experimental-release (Reason: None provided.) |
shadow (1:4.2-1) experimental; urgency=low
[ Nicolas FRANCOIS (Nekral) ]
* New upstream release. Fixes:
- Invalid free() in su fixed by using strdup(). Thanks to Serge
Hallyn for the patch. Closes: #691459
- Kill the child process group, rather than just the
immediate child; this is needed now that su no
longer starts a controlling terminal when not running an
interactive shell. Thanks to Colin Watson for the patch.
Closes: #713979
- German manpages translation update. Closes: #679152
- Improve login.defs (typographic errors and better format).
Closes: #685415
- Russian translation update. Closes: #718356
- Do not assume random() is limited by RAND_MAX. Closes: #677275
- Support C libraries with unknown fields in struct passwd.
Closes: #675824
- su: child cleanup is performed before terminating PAM sessions. This
avoids anoying "...terminated" messages when PAM module send signal to
su during session close. Closes: #670132
- vipw/vigr is checking arguments provided after options. Closes: #677812
- Updated Japanese translation. Closes: #720004
- vipw: Fix error reporting when editor fails. Closes: #688260
* Moved to git: replace Vcs-Git in place of Vcs-Svn and adapt
Vcs-Browser.
* Add pam_loginuid to login PAM settings. Closes: #677441
* passwd.install: add new subuid.5 and subgid.5 manpages
* debian/rules, debian/control, debian/uidmap.install: create new uidmap
package containing the new setuid-root binaries newuidmap and newgidmap
Set uidmap as priority optional.
* debian/login.su.pam: Enable pam_limits by default. Closes: #705301
* debian/rules: Set default editor to sensible-editor for vipw.
Closes: #688252
[ Micah Anderson ]
* added debian/patches/userns to enable use of subuids, plus some bugfix
patches on top of them, patches from Eric Biederman, pulled from
Ubuntu. Closes: #739981
* Allow LXC devices (lxc/console, lxc/tty[1234]) in securetty.linux
* Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify
this default for UPGs. (Closes: #583971)
* login.postinst: install a default /etc/subuid and /etc/subgid
* fix installation of setuid/setgid/newuidmap/newgid/map man pages
[ Laurent Bigonville ]
* Switch to dpkg-source 3.0 (quilt) format
* Add build-dependency against bison
* Call dh-autoreconf since we need to regenerate all the autofoo files
[ Philippe Grégoire ]
* Fix 1000_configure_userns to avoid dropping a needed #endif
Closes: #744877
[ Christian Perrier ]
* Bump Standards to 3.9.5 (checked)
* Use 'set -e' in postinst scripts and not in thei shebang line
* Explicitly point to GPL-2 document in debian/copyright
-- Christian Perrier <email address hidden> Tue, 22 Apr 2014 09:01:42 +0200
shadow (1:4.1.5.1-1.1) unstable; urgency=medium
* Non-maintainer upload.
[ Eric Dorland ]
* Switch to automake1.11. (Closes: #724434)
[ Samuel Thibault ]
* Enable the login package on hurd-any, but without /bin/login, still provided
by the hurd package. Closes: #737805.
-- Samuel Thibault <email address hidden> Sun, 16 Mar 2014 20:58:24 +0100
shadow (1:4.1.5.1-1) unstable; urgency=low
* The "Gruyère" release.
[ Nicolas FRANCOIS (Nekral) ]
* New upstream release:
- login: log into utmp(x) but not into wtmp (this is done by pam_lastlog).
Log to utmp(x) was broken by the fix for #605329. Closes: 659957
- userdel: Fix segfault when userdel removes the user's group.
Closes: #660406
- manpages: .so links point to paths relative to the top-level manual
hierarchy. Closes: #661025
- useradd(8): Return code 13 no more documented. Closes: #661802
* debian/patches/series, debian/patches/428_grpck_add_prune_option: Removed.
The -p option was not documented and was meant to fix consequences of a
bug now fixed more than 10 years ago.
* debian/shadowconfig.sh: Display issues, but dot not prompt interactively
to fix passwd/group/shadow/gshadow issues. Closes: #638263
* debian/control: Bump Standards-Version to 3.9.3 (no changes needed).
* debian/rules: Simplify setting of hardening flags. cdbs 0.4.103 needed to
get hardened version of shadow-utils. Restore previous requirement on
dpkg-dev to 1.13.5.
[ Christian Perrier ]
* Complete Polish translation of logoutd(8). Closes: #668880
* German translation of manpages completed. Closes: #673234
[ Roger Leigh ]
* Separation of static and dynamic motd components in login PAM module
Closes: #669698
-- Nicolas FRANCOIS (Nekral) <email address hidden> Fri, 25 May 2012 15:42:01 +0200
shadow (1:4.1.5-1) unstable; urgency=low
* The "Charolais" release.
[ Nicolas FRANCOIS (Nekral) ]
* New upstream release:
- su: Fix possible tty hijacking by dropping the controlling terminal when
executing a command (CVE-2005-4890). Closes: #628843
- userdel: Check the existence of the user's mail spool before trying to
remove it. If it does not exist, a warning is issued, but no failure.
Closes: #617295
- userdel: Do not remove a group with the same name as the user
(usergroup) if this group isn't the user's primary group.
Closes: #584868
- su: Close the PAM session as root (fix issues with pam_mount and
pam_systemd). Closes: #580434
- Fix several typos in manpages. Thanks to Simon Brandmair.
Closes: #628776
- userdel error message has been clarified when the user is still
executing processes (it used to complain that the user is logged in).
Closes: #603315
- passwd(1) references chpasswd(8). Closes: #609117
- Spaces have been added between options and arguments in the Russian
manpages. Closes: #606159
- Fix handling of numerical dates in usermod -e. Closes: #621810
- usermod: When the shadow file exists but there are no shadow entries, an
entry is created if the password is changed and passwd requires a shadow
entry, or if aging features are used (-e or -f). Closes: 632461
- Added diagnosis for lock failures. Closes: #616167
- grpck/pwck: NIS entries were dropped by -s (sort). Closes: #622765
- login does not log into utmp(x) and wtmp. This is already done by
pam_lastlog. Closes: #605329
- groupmod: document that /etc/passwd can be modified by groupmod -g.
Closes: #647308
- Updated patches
+ debian/patches/008_login_log_failure_in_FTMP
+ debian/patches/401_cppw_src.dpatch
+ debian/patches/402_cppw_selinux
+ debian/patches/428_grpck_add_prune_option
+ debian/patches/429_login_FAILLOG_ENAB
+ debian/patches/463_login_delay_obeys_to_PAM
+ debian/patches/501_commonio_group_shadow
+ debian/patches/505_useradd_recommend_adduser
+ debian/patches/506_relaxed_usernames
+ debian/patches/508_nologin_in_usr_sbin
+ debian/patches/523_su_arguments_are_concatenated
+ debian/patches/523_su_arguments_are_no_more_concatenated_by_default
+ debian/patches/542_useradd-O_option
+ debian/patches/900_testsuite_groupmems
- debian/patches/008_su_get_PAM_username: Removed, feature supported
upstream.
- debian/patches/300_CVE-2011-0721: Removed, applied upstream.
- Upstream translation updates from Debian BTS:
+ Brazilian Portuguese. Closes: #622834
+ Catalan. Closes: #627526
+ Danish. Closes: #621330, #657514
+ German. Closes: #622908, #656503
+ French. Closes: #623608, #657621
+ Japanese. Closes: #620978
+ Kazakh. Closes: #620930
+ Portuguese. Closes: #623722, #656686
+ Russian. Closes: #622106, #655194
+ Spanish (Closes: #630618)
+ Swedish. Closes: #621126
+ Simplified Chinese. Closes: #655858
- Upstream manpages translation updates from Debian BTS:
+ French. Closes: #630250, #657622
+ German. Closes: #628777
+ Simplified Chinese. Closes: #602264, #655858
+ Danish added. Closes: #657516
+ Russian. Closes: #657710
* debian/control: mark passwd as 'Multi-Arch: foreign'. Closes: #614321
* debian/securetty.linux: Add IBM pSeries console ports. Closes: #597661
* debian/securetty.linux: Add serial Console for MIPS Swarm.
(http://lists.debian.org/debian-release/2011/02/msg00320.html)
* debian/securetty.linux: Add s390/s390x ports ttysclp0. Closes: #647469
* debian/securetty.linux: Fixed typo: ttyama -> ttyAMA. Closes: #544184
* debian/rules, debian/man.insert, debian/man.insert.sed: Bug #507673 has
been closed. It is no more needed to patch the generated manpages. This
also fix failures to build twice is a row. Closes: #636047
* debian/patches/401_cppw_src.dpatch: Replace progname by Prog. Rename
create_backup_file to create_copy. The lock functions do not set errno.
Do not report the error string on cppwexit.
* debian/patches/401_cppw_src.dpatch, debian/patches/402_cppw_selinux:
Synchronize with coding style.
* debian/patches/401_cppw_src.dpatch: Detect as well too many and too
few arguments.
* debian/patches/506_relaxed_usernames: Really check if the user/group
name starts with a dash. Also forbid names starting with '+' or '~'.
Document the naming policy in useradd.8 / groupadd.8.
* debian/patches/506_relaxed_usernames: Also forbid names containing a
comma.
* debian/patches/901_testsuite_gcov: Do not revert the locale when testing
with gcov to avoid coverage false negatives. This does not impact the
debian binary package, only the test package.
* debian/control: Add Build-Depends on libsemanage1-dev [linux-any]
* debian/rules: Do not hard-code CFLAGS and LDFLAGS. Build with all
hardening flags set. Closes: #657010
* debian/control: depends on dpkg-dev (>= 1.16.1~) for including
/usr/share/dpkg/buildflags.mk
* debian/control: Standards-Version: bumped to 3.9.2. No changes.
* debian/login.defs: Set the default encryption method to SHA512.
Closes: #657717
[ Christian Perrier ]
* Use "linux-any" instead of a negated list of architectures in
Build-Depends. Closes: #634465
-- Nicolas FRANCOIS (Nekral) <email address hidden> Sun, 12 Feb 2012 22:27:03 +0100
| Published in squeeze-release |
shadow (1:4.1.4.2+svn3283-2+squeeze1) stable-security; urgency=high * The "Tomanoix" release. * debian/patches/300_CVE-2011-0721: Fix insufficient input sanitation leading to possible user or group creation in NIS environments. -- Nicolas FRANCOIS (Nekral) <email address hidden> Sun, 13 Feb 2011 22:02:28 +0100
shadow (1:4.1.4.2+svn3283-3) unstable; urgency=high * The "Trappe d'Echourgnac" release. * Fix typo in /etc/pam.d/login comments. Thanks to Ferenc Wagner. Closes: #598717 * debian/patches/300_CVE-2011-0721: Fix insufficient input sanitation leading to possible user or group creation in NIS environments. -- Nicolas FRANCOIS (Nekral) <email address hidden> Mon, 13 Feb 2011 23:20:05 +0100
shadow (1:4.1.4.2+svn3283-2) unstable; urgency=low * The "Bleu du Vercors-Sassenage" release. * Fix backup command line in cron.daily script. Closes: #596283 -- Nicolas FRANCOIS (Nekral) <email address hidden> Sat, 25 Sep 2010 23:38:39 +0200
shadow (1:4.1.4.2+svn3283-1) unstable; urgency=low
* The "Bleu de Gex" release.
* New upstream unreleased version:
- Fix formatting of the login.defs.5 manpage. Closes: #542804
- Updated Czech translation. Closes: #548407
- Updated Vietnamese translation. Closes: #548065
- Remove patches applied upstream:
+ debian/patches/008_su_no_sanitize_env
+ debian/patches/483_su_fakelogin_wrong_arg0
- Updated patches:
+ debian/patches/523_su_arguments_are_no_more_concatenated_by_default
+ debian/patches/542_useradd-O_option
- Added support for dates already specified as a number of days since
Epoch in useradd, usermod and chage. Closes: #562221
- This also allows, in the chage interactive mode, to specify -1 as the
expiration date to disable it. Closes: #573018
- Fixed parsing of gshadow. This fix password support in newgrp.
Closes: #569899
- pwck and grpck stop sorting at the first line which begins with a '+'.
This will avoid messing up with NIS entries. Closes: #567836
- Fix interruption of su, newgrp, vipw with Ctrl-Z. Closes: 530231
- mail checking is no more mentioned in login(1) since it is done by PAM.
Closes: #470059
- The -e (and -c and -m) option was restored in chpasswd (which still uses
PAM by default). Closes: #539354
- Kazakh translation updated. Closes: #586994
- Fixed comma splice in chsh(1). Closes: #582166
* debian/securetty.kfreebsd: On GNU/kFreeBSD the serial devices have change
from /dev/cuuaX to /dev/ttydX in kernel 6.0. Closes: #544523
* debian/securetty.linux: Added support for embedded ARM AMBA PL011 ports
(e.g. emulated by QEMU). Closes: #544184
* debian/control: Removed Martin Quinson from the Uploaders, on his request.
* debian/login.defs: Improve documentation of USERGROUPS_ENAB.
Closes: #572687
* debian/rules: Added DEB_AUTO_UPDATE_LIBTOOL = pre. Closes: #560633
* debian/login.pam: return back to mostly "requisite" for the pam_securetty
PAM module, but ignore PAM_USER_UNKNOWN. This will avoid root from
entering a password, and will also avoid user enumeration attacks.
Mis-typed root login are not protected, only root can be blamed for
mis-typing and entering a password on an insecure line. Users willing to
protect against mis-typed root login can use "requisite", but will be
vulnerable to user enumeration attacks on insecure lines, and should use
pam 1.1.0-4 at least. Closes: #574082, #531341
* debian/passwd.cron.daily: Handle the backups of the user and group
databases so that it can be removed from the standard daily cron job.
Closes: #554170
* debian/login.defs: Updated description of UMASK (used by pam_umask).
* debian/securetty.linux: Reorganize and synchronize with
Documentation/devices.txt. This added a lot of TTYs, including the
ttyPZ0..3. Closes: #576203
* debian/rules, debian/man.insert, debian/man.insert.sed: Hack to avoid bug
507673, causing missing apostrophes in the manpages generated by
docbook-xsl (see debian bug 507673).
* debian/control: Standards-Version: bumped to 3.8.4. No changes.
* debian/passwd.lintian-overrides: Remove old entries relevant for
passwd.config.
* debian/control: Do not repeat the Section and Priority fields for the
binary packages.
* debian/rules: Disable new features: --without-acl --without-attr
--without-tcb
-- Nicolas FRANCOIS (Nekral) <email address hidden> Sun, 29 Aug 2010 21:14:12 +0200
| Published in lenny-release |
shadow (1:4.1.1-6+lenny1) stable-proposed-updates; urgency=low
* The "Soumaintrain" release.
* debian/patches/306_long_group_lines: Fix handling of long lines in the
user or group files. Closes: #552006
-- Nicolas FRANCOIS (Nekral) <email address hidden> Fri, 13 Nov 2009 22:13:39 +0100
shadow (1:4.1.4.2-1) unstable; urgency=low
* The "Tome des Bauges" release.
* New upstream release:
- Updated Basque translation. Closes: #535553
- Fixed some translatable string. Closes: #525726
- Fixed documentation of the short option for --mindays in passwd(1).
Closes: #531983
- Added support for shells being shell scripts without a shebang.
Closes: #479406
* debian/securetty.linux: Added Embedded Renesas SuperH ports.
Closes: #535927
* debian/securetty.linux: Added ttyS2 to ttyS5. Some extension card provide
more serial ports, but that should be sufficient until there is a support
for regular expressions. Closes: #534244
* debian/patches/506_relaxed_usernames: Fixed typo. groupadd(8) should
document the restriction on groupnames, not usernames.
* debian/login.pam: pam_securetty included as a required module instead of
requisite to avoid leak of user name information. Closes: #531341
* debian/shadowconfig.sh: Do not run shadowoff() and shadowon() in subshell.
This also remove a dependency on bash (even though /bin/sh would have been
sufficient). Thanks to Luk for spotting this.
* debian/login.dirs, debian/passwd.dirs: Removed usr/share/linda/overrides.
* debian/control: Standards-Version: bumped to 3.8.2. No changes.
-- Nicolas FRANCOIS (Nekral) <email address hidden> Fri, 24 Jul 2009 05:03:23 +0200
shadow (1:4.1.4.1-1) unstable; urgency=low
* The "Chevrotin" release.
* New upstream release:
- Fixed typo in the French vipw usage. Closes: #528486
- Fixed failure to delete an user (wrongly detected as still logged in).
On Linux, userdel checks if the user has some running processes.
Otherwise, it still check with utmp if the user is logged in and check
if the process indicated by utmp is still running to avoid
mis-detection of logged-in users. Closes: #528060
- newgrp and sg return the exit status of their child. Closes: #529897
- Updated patches:
+ debian/patches/506_relaxed_usernames
* debian/login.defs: Removed comment about MD5_CRYPT. MD5_CRYPT_ENAB is no
more used by chpasswd and newusers.
* debian/patches/*: Updated patches to the new quilt and shadow versions.
* debian/patches/506_relaxed_usernames: usernames with a slash will not only
break one option. Move to the discussion on the usernames.
-- Nicolas FRANCOIS (Nekral) <email address hidden> Fri, 22 May 2009 16:29:58 +0200
shadow (1:4.1.4-3) unstable; urgency=low
* The "Banonet" release.
* debian/login.pam: Really ignore pam_selinux.so failures when the module do
not exist. Closes: #528673
-- Nicolas FRANCOIS (Nekral) <email address hidden> Sat, 16 May 2009 12:11:15 +0200
shadow (1:4.1.4-2) unstable; urgency=low
* The "Banon" release.
* debian/rules, debian/passwd.linda-overrides, debian/login.linda-overrides:
Removed linda-overrides files.
* debian/rules: Install the lintian overrides with dh_lintian.
* debian/control: Raised dependency on debhelper (>= 6.0.7~) for dh_lintian.
* debian/compat: Raised to 6
* debian/login.postinst: Install /var/log/faillog during initial installs
only. This permits admins to disable failed logins recording.
Closes: #488420
* debian/login.pam: Ignore pam_selinux.so failures when the module do not
exist. A required pam_selinux.so makes login fail when the module does not
exist (e.g. on architecture without SE Linux support). Closes: #528673
-- Nicolas FRANCOIS (Nekral) <email address hidden> Thu, 14 May 2009 22:36:34 +0200
shadow (1:4.1.4-1) unstable; urgency=low
* The "Chambérat" release.
* New upstream release:
- Updated Czech translation. Closes: #525658
- Updated French translation.
- Updated German translation. Closes: #527131
- Updated Japanese translation.
- Updated Korean translation. Closes: #524719
- Updated Portuguese translation. Closes: #525531
- Updated Russian translation. Closes: #527636
- passwd: Report password properties changes if the password is not
actually changed. Closes: #525967
- Fixed lastlog. 4.1.3 only reported empty logs. Closes: #524873
- Remove patches applied upstream:
+ debian/patches/403_fix_PATH-MAX_hurd
- Updated patches:
+ debian/patches/008_login_log_failure_in_FTMP
+ debian/patches/401_cppw_src.dpatch
+ debian/patches/429_login_FAILLOG_ENAB
+ debian/patches/463_login_delay_obeys_to_PAM
- pwck and grpck warn when the shadowed and non-shadowed files contain
an entry for the same user or group and the non shadowed file password
field is not 'x'. Closes: #501869
Other topics raised in this bug were fixed previously.
* debian/securetty.linux: Added Freescale i.MX ports. Closes: #527095
* debian/securetty.linux: Added some local X displays. See LP #104957. But
only a limited set of displays were added.
* debian/rules, debian/passwd.newusers.pam, debian/passwd.chpasswd.pam:
Install the newusers and chpasswd PAM service configuration files.
newusers and chpasswd now use PAM to update the passwords.
Closes: #525153
* debian/login.pam: Updated support for SELinux. Closes: #527106
* debian/control: Standards-Version bumped to 3.8.1. No changes.
* debian/control: Changed gnome-doc-utils dependency to >= 0.4.3 (instead
of >= 0.4.3-1)
* debian/control: Added ${misc:Depends} to the passwd's Depends and login's
Pre-Depends.
-- Nicolas FRANCOIS (Nekral) <email address hidden> Mon, 11 May 2009 00:25:11 +0200
shadow (1:4.1.3.1-1) unstable; urgency=low
* The "Le Puant Macéré" release.
Sorry for the lack of cheese name in 1:4.1.3-1. At least this one should
count for two.
* New upstream release:
- Fixed wrong parsing of octal permissions. This impacted login (permission
of the TTYs, UMASK, ERASECHAR or KILLCHAR) in release 1:4.1.3-1 only.
Closes: #524139, #524258
- removed debian/patches/200_bin_nb: Applied upstream.
- removed debian/patches/302_vim_selinux_support: Applied upstream.
- Fixed login segfault when called without a username. Closes: #524193
-- Nicolas FRANCOIS (Nekral) <email address hidden> Wed, 15 Apr 2009 23:59:06 +0200
shadow (1:4.1.1-6) unstable; urgency=medium
* The "Rollot" release.
* debian/patches/303_login_symlink_attack: Fix a race condition that could
lead to gaining ownership or changing mode of arbitrary files.
Closes: #505271
* debian/patches/304_su.1_synopsis: Fix the su synopsis. username is
referenced in the manpage, not LOGIN. Closes: #501830
* debian/patches/305_login.1_japanese: Fix the path of the utmp and wtmp
files. Closes: #501353
-- Nicolas FRANCOIS (Nekral) <email address hidden> Fri, 14 Nov 2008 21:52:42 +0100
shadow (1:4.1.1-5) unstable; urgency=low
* The "Bergues" release.
* debian/login.pam: restore the Etch behavior of pam_securetty.so in case of
unknown user. Closes: #443322, #495831
-- Nicolas FRANCOIS (Nekral) <email address hidden> Sun, 14 Sep 2008 19:13:34 +0200
| 1 → 48 of 48 results | First • Previous • Next • Last |
