-
shadow (1:4.5-1ubuntu2.5) bionic-security; urgency=medium
* SECURITY REGRESSION: useradd command does not copy all of /etc/skel
(LP: #1998169)
- debian/patches/CVE-2013-4235-pre1.patch: removed
- debian/patches/CVE-2013-4235-pre2.patch: removed
- debian/patches/CVE-2013-4235-1.patch: removed
- debian/patches/CVE-2013-4235-2.patch: removed
- debian/patches/CVE-2013-4235-3.patch: removed
- debian/patches/CVE-2013-4235-4.patch: removed
- debian/patches/CVE-2013-4235-5.patch: removed
- debian/patches/CVE-2013-4235-6.patch: removed
- debian/patches/CVE-2013-4235-7.patch: removed
- debian/patches/CVE-2013-4235-post1.patch: removed
- debian/patches/CVE-2013-4235-post2.patch: removed
- debian/patches/CVE-2013-4235-post3.patch: removed
-- Camila Camargo de Matos <email address hidden> Tue, 29 Nov 2022 09:25:19 -0300
-
shadow (1:4.5-1ubuntu2.4) bionic-security; urgency=medium
* SECURITY UPDATE: race condition when copying and removing directory trees
- debian/patches/CVE-2013-4235-pre1.patch: add nofollow to opens.
- debian/patches/CVE-2013-4235-pre2.patch: prepare context for actual file
type (set_selinux_file_context).
- debian/patches/CVE-2013-4235-1.patch: avoid races in chown_tree().
- debian/patches/CVE-2013-4235-2.patch: avoid races in remove_tree().
- debian/patches/CVE-2013-4235-3.patch: require symlink support.
- debian/patches/CVE-2013-4235-4.patch: fail if regular file pre-exists in
copy_tree().
- debian/patches/CVE-2013-4235-5.patch: more robust file content copy in
copy_tree().
- debian/patches/CVE-2013-4235-6.patch: address minor compiler warnings.
- debian/patches/CVE-2013-4235-7.patch: avoid races in copy_tree().
- debian/patches/CVE-2013-4235-post1.patch: use fchmodat instead of chmod
(copy_tree).
- debian/patches/CVE-2013-4235-post2.patch: do not block on fifos
(copy_tree).
- debian/patches/CVE-2013-4235-post3.patch: carefully treat permissions
(copy_tree).
- CVE-2013-4235
-- Camila Camargo de Matos <email address hidden> Thu, 24 Nov 2022 09:30:57 -0300
-
shadow (1:4.5-1ubuntu2.3) bionic; urgency=medium
[ Michael Vogt ]
* debian/patches/1010_extrausers.patch:
Add automatic detection of "extrausers" for usermod -G
(LP: #1959375)
-- Alberto Mardegan <email address hidden> Mon, 14 Mar 2022 13:49:40 +0300
-
shadow (1:4.5-1ubuntu2.2) bionic-security; urgency=medium
* SECURITY UPDATE: Access to privileged information
- debian/patches/CVE-2018-7169.patch: newgidmap:
enforce setgroups=deny if self-mapping a group in
src/newgidmap.c.
- CVE-2018-7169
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 25 Jan 2022 13:26:21 -0300
-
shadow (1:4.5-1ubuntu2.1) bionic; urgency=medium
* debian/patches/1014_extrausers_delgroup.patch
- add --extrausers option to "groupdel" (LP: #1840375)
-- Michael Vogt <email address hidden> Wed, 21 Aug 2019 12:25:16 +0200
-
shadow (1:4.5-1ubuntu2) bionic; urgency=medium
* debian/patches/1013_extrausers_deluser.patch
- add --extrausers option to "userdel" (LP: #1659534)
* debian/patches/2000_fix-su-pam-env-handling.
- fix "su -l" to correctly use pam_getenvlist (LP: #984390)
-- Michael Vogt <email address hidden> Fri, 22 Mar 2019 20:05:38 +0100
-
shadow (1:4.5-1ubuntu1) bionic; urgency=medium
* Merge with Debian; remaining changes:
- debian/login.defs:
+ Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
handling does not only apply to "former (pre-PAM) uses".
+ Update documentation of UMASK: Explain that USERGROUPS_ENAB
will modify this default for UPGs.
- debian/{source_shadow.py,rules}: Add apport hook
- debian/patches/1010_extrausers.patch: Add support to passwd for
libnss-extrausers
- debian/patches/1011_extrausers_toggle.patch: extrausers support for
useradd and groupadd
- debian/patches/1012_extrausers_chfn.patch: add support for
--extrausers to the chfn tool
- debian/passwd.maintscripts: Clean up upstart configuration
* Dropped changes, included in Debian:
- Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
/etc/update-motd.d/* scripts twice.
* Dropped changes, included upstream:
- debian/patches/userns/subuids-nonlocal-users: Don't limit
subuid/subgid support to local users.
- debian/patches/1021_no_subuids_for_system_users.patch
- debian/patches/CVE-2017-2616.patch: Check process's exit status before
sending signal
- debian/patches/CVE-2017-2616-regression.patch: Do not reset the
pid_child to 0 if the child process is still running.
- CVE-2017-2616
- debian/patches/CVE-2016-6252.patch: parse directly into unsigned long
- CVE-2016-6252
* Dropped obsoleted changes:
- debian/rules: setting DEB_*_INSTALLINIT_ARGS became obsolete after
switching to passwd.tmpfile from passwd.service
shadow (1:4.5-1) unstable; urgency=medium
* New upstream version 4.5
- Fix buffer overflow if NULL line is present in db (CVE-2017-12424)
(Closes: #756630)
- Make the sp_lstchg shadow field reproducible (Closes: #857803)
- Fix regression in useradd not loading defaults properly.
(Closes: #865762)
* Refresh patches
* Drop patches manipulating su argument concatenation:
* Cut redundant information from Debian-specific README files
* Revert adding pts/0 and pts/1 to securetty.
Adding pts/* defeats the purpose of securetty. Let containers add it if
needed as described in #830255.
* Use my @ubuntu.com email address in Maintainer field
shadow (1:4.4-4.1) unstable; urgency=high
* Non-maintainer upload.
* Reset pid_child only if waitpid was successful.
This is a regression fix for CVE-2017-2616. If su receives a signal like
SIGTERM, it is not propagated to the child. (Closes: #862806)
shadow (1:4.4-4) unstable; urgency=high
* su: properly clear child PID (CVE-2017-2616) (Closes: #855943)
shadow (1:4.4-3) unstable; urgency=medium
[ Balint Reczey ]
* Clean up stale locks on boot (Closes: #478771)
* Sync motd handling with sshd.
Using patch from Ubuntu (Closes: #757148)
[ Stéphane Graber ]
* Add missing /etc/{subgid|subuid} in postinst
shadow (1:4.4-2) unstable; urgency=medium
[ Balint Reczey ]
* Update homepage to new upstream
* Always use /bin/sh shell in the build (Closes: #817971)
* Replace user´s -> user's to make login.def file valid ASCII
(Closes: #850338)
* Update patch naming docmentation
* Fix typos in German man pages (Closes: #734609)
* Send 1000_configure_userns patch upstream
* Add call to pam_keyinit for login pam service.
This module is linux-any only, so copy what openssh has already done and
remove the call at build time for other architectures.
The call to this module is needed to have proper per-session kernel
keyring. (Closes: #734671)
* Add pts/0 and pts/1 to securetty (Closes: #830255)
* Add ttySAC* to securetty (Closes: #824391)
* Add ttySC[4-9] to securetty (Closes: #768020)
[ Laurent Bigonville ]
* Move pam_selinux open call higher in the session stack (Closes: #747313)
[ Christian Perrier ]
* Fix typos in login.pam (thanks to Jakub Wilk for reporting)
(Closes: #747115)
* Include groupmems(8) in the passwd package (Closes: #663117)
[ Frans Spiesschaert ]
* Dutch translation update (Closes: #772470)
[ Trần Ngọc Quân ]
* Update Vietnamese translation (Closes: #777107)
[ Miroslav Kuře ]
* Updated Czech translation. (Closes: #759113)
[ Holger Wansing ]
* Update for German man pages
[ Thomas Blein ]
* French manpage translation (Closes: #805182)
[ Lars Bahner ]
* Fix some spelling issues in the Norwegian translation (Closes: #800553)
shadow (1:4.4-1) unstable; urgency=medium
[ Christian Perrier ]
* Imported Upstream version 4.2
* Debian patch: Fix typo in su.1.xml
* Configure userns
* Vietnamese translation update
* French translation update (Closes: #725793)
* German translation update
* Update NEWS file
* Issue a warning if no manpages have been generated
* Regenerate PO files
* Regenerate manpages PO files
* Imported Upstream version 4.2.1
[ Serge Hallyn ]
* Import new upstream
* Patch changes:
- Update 501_commonio_group_shadow to work with upstream changes
- Update 1010_vietnamese_translation
- Drop userns patches which are now all upstream
[ Balint Reczey ]
* Update debian/watch to use GitHub releases
* Imported Upstream version 4.4
- Fix incorrect integer handling (CVE-2016-6252) (Closes: #832170)
* Disable Vietnamese translation patch because it does not apply cleanly
* Bump debhelper compat level to 10
* ACK NMU by Samuel Thibault dropping the patch which is integrated
upstream
* Stop build-depending on build-essential dpkg-dev
* Tag login package as essential properly
* Adopt the package under the Shadow Team's umbrella (Closes: #801707)
shadow (1:4.2-3.3) unstable; urgency=medium
* Non-maintainer upload.
* Apply upstream patch to fix build on hurd-i386. (Closes: #750480)
-- Balint Reczey <email address hidden> Thu, 25 Jan 2018 16:09:22 +0100
-
shadow (1:4.2-3.2ubuntu4) artful; urgency=medium
* Drop upstart system jobs.
-- Dimitri John Ledkov <email address hidden> Mon, 21 Aug 2017 00:56:14 +0100