shadow (1:4.5-1ubuntu1) bionic; urgency=medium
* Merge with Debian; remaining changes:
- debian/login.defs:
+ Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
handling does not only apply to "former (pre-PAM) uses".
+ Update documentation of UMASK: Explain that USERGROUPS_ENAB
will modify this default for UPGs.
- debian/{source_shadow.py,rules}: Add apport hook
- debian/patches/1010_extrausers.patch: Add support to passwd for
libnss-extrausers
- debian/patches/1011_extrausers_toggle.patch: extrausers support for
useradd and groupadd
- debian/patches/1012_extrausers_chfn.patch: add support for
--extrausers to the chfn tool
- debian/passwd.maintscripts: Clean up upstart configuration
* Dropped changes, included in Debian:
- Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
/etc/update-motd.d/* scripts twice.
* Dropped changes, included upstream:
- debian/patches/userns/subuids-nonlocal-users: Don't limit
subuid/subgid support to local users.
- debian/patches/1021_no_subuids_for_system_users.patch
- debian/patches/CVE-2017-2616.patch: Check process's exit status before
sending signal
- debian/patches/CVE-2017-2616-regression.patch: Do not reset the
pid_child to 0 if the child process is still running.
- CVE-2017-2616
- debian/patches/CVE-2016-6252.patch: parse directly into unsigned long
- CVE-2016-6252
* Dropped obsoleted changes:
- debian/rules: setting DEB_*_INSTALLINIT_ARGS became obsolete after
switching to passwd.tmpfile from passwd.service
shadow (1:4.5-1) unstable; urgency=medium
* New upstream version 4.5
- Fix buffer overflow if NULL line is present in db (CVE-2017-12424)
(Closes: #756630)
- Make the sp_lstchg shadow field reproducible (Closes: #857803)
- Fix regression in useradd not loading defaults properly.
(Closes: #865762)
* Refresh patches
* Drop patches manipulating su argument concatenation:
* Cut redundant information from Debian-specific README files
* Revert adding pts/0 and pts/1 to securetty.
Adding pts/* defeats the purpose of securetty. Let containers add it if
needed as described in #830255.
* Use my @ubuntu.com email address in Maintainer field
shadow (1:4.4-4.1) unstable; urgency=high
* Non-maintainer upload.
* Reset pid_child only if waitpid was successful.
This is a regression fix for CVE-2017-2616. If su receives a signal like
SIGTERM, it is not propagated to the child. (Closes: #862806)
shadow (1:4.4-4) unstable; urgency=high
* su: properly clear child PID (CVE-2017-2616) (Closes: #855943)
shadow (1:4.4-3) unstable; urgency=medium
[ Balint Reczey ]
* Clean up stale locks on boot (Closes: #478771)
* Sync motd handling with sshd.
Using patch from Ubuntu (Closes: #757148)
[ Stéphane Graber ]
* Add missing /etc/{subgid|subuid} in postinst
shadow (1:4.4-2) unstable; urgency=medium
[ Balint Reczey ]
* Update homepage to new upstream
* Always use /bin/sh shell in the build (Closes: #817971)
* Replace user´s -> user's to make login.def file valid ASCII
(Closes: #850338)
* Update patch naming docmentation
* Fix typos in German man pages (Closes: #734609)
* Send 1000_configure_userns patch upstream
* Add call to pam_keyinit for login pam service.
This module is linux-any only, so copy what openssh has already done and
remove the call at build time for other architectures.
The call to this module is needed to have proper per-session kernel
keyring. (Closes: #734671)
* Add pts/0 and pts/1 to securetty (Closes: #830255)
* Add ttySAC* to securetty (Closes: #824391)
* Add ttySC[4-9] to securetty (Closes: #768020)
[ Laurent Bigonville ]
* Move pam_selinux open call higher in the session stack (Closes: #747313)
[ Christian Perrier ]
* Fix typos in login.pam (thanks to Jakub Wilk for reporting)
(Closes: #747115)
* Include groupmems(8) in the passwd package (Closes: #663117)
[ Frans Spiesschaert ]
* Dutch translation update (Closes: #772470)
[ Trần Ngọc Quân ]
* Update Vietnamese translation (Closes: #777107)
[ Miroslav Kuře ]
* Updated Czech translation. (Closes: #759113)
[ Holger Wansing ]
* Update for German man pages
[ Thomas Blein ]
* French manpage translation (Closes: #805182)
[ Lars Bahner ]
* Fix some spelling issues in the Norwegian translation (Closes: #800553)
shadow (1:4.4-1) unstable; urgency=medium
[ Christian Perrier ]
* Imported Upstream version 4.2
* Debian patch: Fix typo in su.1.xml
* Configure userns
* Vietnamese translation update
* French translation update (Closes: #725793)
* German translation update
* Update NEWS file
* Issue a warning if no manpages have been generated
* Regenerate PO files
* Regenerate manpages PO files
* Imported Upstream version 4.2.1
[ Serge Hallyn ]
* Import new upstream
* Patch changes:
- Update 501_commonio_group_shadow to work with upstream changes
- Update 1010_vietnamese_translation
- Drop userns patches which are now all upstream
[ Balint Reczey ]
* Update debian/watch to use GitHub releases
* Imported Upstream version 4.4
- Fix incorrect integer handling (CVE-2016-6252) (Closes: #832170)
* Disable Vietnamese translation patch because it does not apply cleanly
* Bump debhelper compat level to 10
* ACK NMU by Samuel Thibault dropping the patch which is integrated
upstream
* Stop build-depending on build-essential dpkg-dev
* Tag login package as essential properly
* Adopt the package under the Shadow Team's umbrella (Closes: #801707)
shadow (1:4.2-3.3) unstable; urgency=medium
* Non-maintainer upload.
* Apply upstream patch to fix build on hurd-i386. (Closes: #750480)
-- Balint Reczey <email address hidden> Thu, 25 Jan 2018 16:09:22 +0100
