shadow 1:4.5-1ubuntu1 source package in Ubuntu


shadow (1:4.5-1ubuntu1) bionic; urgency=medium

  * Merge with Debian; remaining changes:
    - debian/login.defs:
      + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
        handling does not only apply to "former (pre-PAM) uses".
      + Update documentation of UMASK: Explain that USERGROUPS_ENAB
        will modify this default for UPGs.
    - debian/{,rules}: Add apport hook
    - debian/patches/1010_extrausers.patch: Add support to passwd for
    - debian/patches/1011_extrausers_toggle.patch: extrausers support for
      useradd and groupadd
    - debian/patches/1012_extrausers_chfn.patch: add support for
      --extrausers to the chfn tool
    - debian/passwd.maintscripts: Clean up upstart configuration
  * Dropped changes, included in Debian:
    - Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
      /etc/update-motd.d/* scripts twice.
  * Dropped changes, included upstream:
    - debian/patches/userns/subuids-nonlocal-users: Don't limit
      subuid/subgid support to local users.
    - debian/patches/1021_no_subuids_for_system_users.patch
    - debian/patches/CVE-2017-2616.patch: Check process's exit status before
      sending signal
    - debian/patches/CVE-2017-2616-regression.patch: Do not reset the
      pid_child to 0 if the child process is still running.
    - CVE-2017-2616
    - debian/patches/CVE-2016-6252.patch: parse directly into unsigned long
    - CVE-2016-6252
  * Dropped obsoleted changes:
    - debian/rules: setting DEB_*_INSTALLINIT_ARGS became obsolete after
      switching to passwd.tmpfile from passwd.service

shadow (1:4.5-1) unstable; urgency=medium

  * New upstream version 4.5
    - Fix buffer overflow if NULL line is present in db (CVE-2017-12424)
      (Closes: #756630)
    - Make the sp_lstchg shadow field reproducible (Closes: #857803)
    - Fix regression in useradd not loading defaults properly.
      (Closes: #865762)
  * Refresh patches
  * Drop patches manipulating su argument concatenation:
  * Cut redundant information from Debian-specific README files
  * Revert adding pts/0 and pts/1 to securetty.
    Adding pts/* defeats the purpose of securetty. Let containers add it if
    needed as described in #830255.
  * Use my email address in Maintainer field

shadow (1:4.4-4.1) unstable; urgency=high

  * Non-maintainer upload.
  * Reset pid_child only if waitpid was successful.
    This is a regression fix for CVE-2017-2616. If su receives a signal like
    SIGTERM, it is not propagated to the child. (Closes: #862806)

shadow (1:4.4-4) unstable; urgency=high

  * su: properly clear child PID (CVE-2017-2616) (Closes: #855943)

shadow (1:4.4-3) unstable; urgency=medium

  [ Balint Reczey ]
  * Clean up stale locks on boot (Closes: #478771)
  * Sync motd handling with sshd.
    Using patch from Ubuntu (Closes: #757148)

  [ Stéphane Graber ]
  * Add missing /etc/{subgid|subuid} in postinst

shadow (1:4.4-2) unstable; urgency=medium

  [ Balint Reczey ]
  * Update homepage to new upstream
  * Always use /bin/sh shell in the build (Closes: #817971)
  * Replace user´s -> user's to make login.def file valid ASCII
    (Closes: #850338)
  * Update patch naming docmentation
  * Fix typos in German man pages (Closes: #734609)
  * Send 1000_configure_userns patch upstream
  * Add call to pam_keyinit for login pam service.
    This module is linux-any only, so copy what openssh has already done and
    remove the call at build time for other architectures.
    The call to this module is needed to have proper per-session kernel
    keyring. (Closes: #734671)
  * Add pts/0 and pts/1 to securetty (Closes: #830255)
  * Add ttySAC* to securetty (Closes: #824391)
  * Add ttySC[4-9] to securetty (Closes: #768020)

  [ Laurent Bigonville ]
  * Move pam_selinux open call higher in the session stack (Closes: #747313)

  [ Christian Perrier ]
  * Fix typos in login.pam (thanks to Jakub Wilk for reporting)
    (Closes: #747115)
  * Include groupmems(8) in the passwd package (Closes: #663117)

  [ Frans Spiesschaert ]
  * Dutch translation update (Closes: #772470)

  [ Trần Ngọc Quân ]
  * Update Vietnamese translation (Closes: #777107)

  [ Miroslav Kuře ]
  * Updated Czech translation. (Closes: #759113)

  [ Holger Wansing ]
  * Update for German man pages

  [ Thomas Blein ]
  * French manpage translation (Closes: #805182)

  [ Lars Bahner ]
  * Fix some spelling issues in the Norwegian translation (Closes: #800553)

shadow (1:4.4-1) unstable; urgency=medium

  [ Christian Perrier ]
  * Imported Upstream version 4.2
  * Debian patch: Fix typo in su.1.xml
  * Configure userns
  * Vietnamese translation update
  * French translation update (Closes: #725793)
  * German translation update
  * Update NEWS file
  * Issue a warning if no manpages have been generated
  * Regenerate PO files
  * Regenerate manpages PO files
  * Imported Upstream version 4.2.1

  [ Serge Hallyn ]
  * Import new upstream
  * Patch changes:
    - Update 501_commonio_group_shadow to work with upstream changes
    - Update 1010_vietnamese_translation
    - Drop userns patches which are now all upstream

  [ Balint Reczey ]
  * Update debian/watch to use GitHub releases
  * Imported Upstream version 4.4
    - Fix incorrect integer handling (CVE-2016-6252) (Closes: #832170)
  * Disable Vietnamese translation patch because it does not apply cleanly
  * Bump debhelper compat level to 10
  * ACK NMU by Samuel Thibault dropping the patch which is integrated
  * Stop build-depending on build-essential dpkg-dev
  * Tag login package as essential properly
  * Adopt the package under the Shadow Team's umbrella (Closes: #801707)

shadow (1:4.2-3.3) unstable; urgency=medium

  * Non-maintainer upload.
  * Apply upstream patch to fix build on hurd-i386. (Closes: #750480)

 -- Balint Reczey <email address hidden>  Thu, 25 Jan 2018 16:09:22 +0100

Upload details

Uploaded by:
Balint Reczey
Uploaded to:
Original maintainer:
Ubuntu Developers
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section
Bionic release main admin


File Size SHA-256 Checksum
shadow_4.5.orig.tar.xz 1.3 MiB 22b0952dc944b163e2370bb911b11ca275fc80ad024267cf21e496b28c23d500
shadow_4.5-1ubuntu1.debian.tar.xz 459.5 KiB 51e534983f0500229b51b3f3ccbee3b041e48d3ea6e5f64c914351a0e996dc05
shadow_4.5-1ubuntu1.dsc 2.3 KiB 0b49e04e8e85866adec2196c299b393883f5cf40358bb92f5168cfa941de4dd0

Available diffs

View changes file

Binary packages built by this source

login: system login tools

 These tools are required to be able to login and use your system. The
 login program invokes your user shell and enables command execution. The
 newgrp program is used to change your effective group ID (useful for
 workgroup type situations). The su program allows changing your effective
 user ID (useful being able to execute commands as another user).

login-dbgsym: debug symbols for login
passwd: change and administer password and group data

 This package includes passwd, chsh, chfn, and many other programs to
 maintain password and group data.
 Shadow passwords are supported. See /usr/share/doc/passwd/README.Debian

passwd-dbgsym: debug symbols for passwd
uidmap: No summary available for uidmap in ubuntu cosmic.

No description available for uidmap in ubuntu cosmic.

uidmap-dbgsym: debug symbols for uidmap