-
shadow (1:4.8.1-1ubuntu5.20.04.5) focal-security; urgency=medium
* SECURITY UPDATE: unsanitized buffer leading to a password leak during
gpasswd new password operation
- debian/patches/CVE-2023-4641.patch: fix password leak in gpasswd.
- CVE-2023-4641
-- Camila Camargo de Matos <email address hidden> Tue, 06 Feb 2024 09:49:54 -0300
-
shadow (1:4.8.1-1ubuntu5.20.04.4) focal-security; urgency=medium
* SECURITY REGRESSION: useradd command does not copy all of /etc/skel
(LP: #1998169)
- debian/patches/CVE-2013-4235-pre1.patch: removed
- debian/patches/CVE-2013-4235-pre2.patch: removed
- debian/patches/CVE-2013-4235-1.patch: removed
- debian/patches/CVE-2013-4235-2.patch: removed
- debian/patches/CVE-2013-4235-3.patch: removed
- debian/patches/CVE-2013-4235-4.patch: removed
- debian/patches/CVE-2013-4235-5.patch: removed
- debian/patches/CVE-2013-4235-6.patch: removed
- debian/patches/CVE-2013-4235-7.patch: removed
- debian/patches/CVE-2013-4235-post1.patch: removed
- debian/patches/CVE-2013-4235-post2.patch: removed
- debian/patches/CVE-2013-4235-post3.patch: removed
-- Camila Camargo de Matos <email address hidden> Tue, 29 Nov 2022 08:53:10 -0300
-
shadow (1:4.8.1-1ubuntu5.20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: race condition when copying and removing directory trees
- debian/patches/CVE-2013-4235-pre1.patch: add nofollow to opens.
- debian/patches/CVE-2013-4235-pre2.patch: prepare context for actual file
type (set_selinux_file_context).
- debian/patches/CVE-2013-4235-1.patch: avoid races in chown_tree().
- debian/patches/CVE-2013-4235-2.patch: avoid races in remove_tree().
- debian/patches/CVE-2013-4235-3.patch: require symlink support.
- debian/patches/CVE-2013-4235-4.patch: fail if regular file pre-exists in
copy_tree().
- debian/patches/CVE-2013-4235-5.patch: more robust file content copy in
copy_tree().
- debian/patches/CVE-2013-4235-6.patch: address minor compiler warnings.
- debian/patches/CVE-2013-4235-7.patch: avoid races in copy_tree().
- debian/patches/CVE-2013-4235-post1.patch: use fchmodat instead of chmod
(copy_tree).
- debian/patches/CVE-2013-4235-post2.patch: do not block on fifos
(copy_tree).
- debian/patches/CVE-2013-4235-post3.patch: carefully treat permissions
(copy_tree).
- CVE-2013-4235
-- Camila Camargo de Matos <email address hidden> Thu, 24 Nov 2022 09:15:58 -0300
-
shadow (1:4.8.1-1ubuntu5.20.04.2) focal; urgency=medium
[ Michael Vogt ]
* debian/patches/1010_extrausers.patch:
Add automatic detection of "extrausers" for usermod -G
(LP: #1959375)
-- Alberto Mardegan <email address hidden> Mon, 14 Mar 2022 11:26:09 +0300
-
shadow (1:4.8.1-1ubuntu5.20.04.1) focal; urgency=medium
* Disallow purely numeric usernames. This includes hexadecimal
octal syntax. (LP: #1927078)
-- William 'jawn-smith' Wilson <email address hidden> Wed, 14 Jul 2021 17:08:18 -0500
-
shadow (1:4.8.1-1ubuntu5.20.04) focal; urgency=medium
* debian/patches/1015_add_zsys_support.patch:
- Add support for ZSys user deletion (LP: #1870058)
- Fix a build warning
-- Didier Roche <email address hidden> Thu, 28 May 2020 08:37:47 +0200
-
shadow (1:4.8.1-1ubuntu5) focal; urgency=medium
* debian/patches/1015_add_zsys_support.patch:
Fix regression on zfs system when the user dataset wasn’t created
(LP: #1873263)
- wrong variable was used when merged with debian
- reset the correct order to ensure owner and mod are correct.
-- Didier Roche <email address hidden> Thu, 16 Apr 2020 14:36:45 +0200
-
shadow (1:4.8.1-1ubuntu4) focal; urgency=medium
* debian/patches/1015_add_zsys_support.patch:
- use now zsysctl command instead of zsys which isn't available anymore.
This fix creation of new user dataset on ZFS.
-- Didier Roche <email address hidden> Mon, 06 Apr 2020 09:51:10 +0200
-
shadow (1:4.8.1-1ubuntu3) focal; urgency=medium
* debian/patches/1013_extrausers_deluser.patch:
- move "if (use_extrausers)" check before the test if the user
actually exists in the local database
* debian/tests:
- add smoke autopkgtest tests around {user,group}{add,del} with
and without extrausers to avoid regressions like the one fixed
in 4.8.1-1ubuntu2
-- Michael Vogt <email address hidden> Mon, 09 Mar 2020 10:43:16 +0100
-
shadow (1:4.8.1-1ubuntu2) focal; urgency=medium
* No-change rebuild to pick up dependency on libcrypt1.
-- Matthias Klose <email address hidden> Sat, 07 Mar 2020 10:16:01 +0100
-
shadow (1:4.8.1-1ubuntu1) focal; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/login.defs:
+ Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
handling does not only apply to "former (pre-PAM) uses".
+ Update documentation of UMASK: Explain that USERGROUPS_ENAB
will modify this default for UPGs.
- debian/{source_shadow.py,login.install}: Add apport hook
- debian/patches/1010_extrausers.patch: Add support to passwd for
libnss-extrausers
- debian/patches/1011_extrausers_toggle.patch: extrausers support for
useradd and groupadd
- debian/patches/1014_extrausers_delgroup.patch
+ add --extrausers option to "groupdel"
- debian/patches/1013_extrausers_deluser.patch
+ add --extrausers option to "userdel"
- debian/patches/1012_extrausers_chfn.patch:
+ add support for --extrausers to the chfn tool
- debian/patches/1015_add_zsys_support.patch:
+ Call zsys to handle home directory if available.
- debian/passwd.maintscripts: Clean up upstart configuration
shadow (1:4.8.1-1) unstable; urgency=medium
* debian/default/useradd: Fix typo DHSELL -> DSHELL (Closes: #897028)
* New upstream version 4.8.1
- Update Dutch translation (Closes: #946608)
* Refresh patches
-- Balint Reczey <email address hidden> Fri, 07 Feb 2020 16:32:06 +0100
-
shadow (1:4.8-1ubuntu1) focal; urgency=medium
* Merge from Debian unstable. Remaining changes:
- debian/login.defs:
+ Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
handling does not only apply to "former (pre-PAM) uses".
+ Update documentation of UMASK: Explain that USERGROUPS_ENAB
will modify this default for UPGs.
- debian/{source_shadow.py,login.install}: Add apport hook
- debian/patches/1010_extrausers.patch: Add support to passwd for
libnss-extrausers
- debian/patches/1011_extrausers_toggle.patch: extrausers support for
useradd and groupadd
- debian/patches/1014_extrausers_delgroup.patch
+ add --extrausers option to "groupdel"
- debian/patches/1013_extrausers_deluser.patch
+ add --extrausers option to "userdel"
- debian/patches/1012_extrausers_chfn.patch:
+ add support for --extrausers to the chfn tool
- debian/patches/1015_add_zsys_support.patch:
+ Call zsys to handle home directory if available.
- debian/passwd.maintscripts: Clean up upstart configuration
shadow (1:4.8-1) unstable; urgency=medium
[ Laurent Bigonville ]
* Move the call to pam_motd before pam_selinux open
[ Justin B Rye ]
* login: Update package description (Closes: #808301)
[ Yuriy M. Kaminskiy ]
* Mark uidmap and login as Multi-Arch: foreign (Closes: #934473)
[ Andreas Henriksson ]
* New upstream release.
- man: generate translations using itstool instead of xml2po
* Replace gnome-doc-utils build-dep with itstool (Closes: #881889)
* Use explicit --without-su configure flag
* Refresh and massage patches to apply
* Cherry-pick upstream patch reverting bindir/sbindir
* Fix lintian warning useless-autoreconf-build-depends
[ Balint Reczey ]
* debian/login.su.pam: Drop unused file
shadow (1:4.7-2) unstable; urgency=medium
[ Balint Reczey ]
* Remove obsolete /etc/cron.daily/passwd in maintainer scripts
(Closes: #932017)
* Remove Christian Perrier from Uploaders according to his request.
Thank you for maintaining shadow for long years! (Closes: #893944, #927576)
[ Gaudenz Steinlin ]
* Improve NEWS entry about securetty.
shadow (1:4.7-1) unstable; urgency=medium
[ Ondřej Nový ]
* d/changelog: Remove trailing whitespaces
[ Niels Thykier ]
* Declare the explicit requirement for (fake)root.
The shadow package currently requires (fake)root to produce the debs
due to static non-root:root ownerships in the debs.
[ Bryan Quigley ]
* Remove cron daily backup.
It was added in 2010 (#554170) as a split off from a previous cron
job. I haven't seen an argument for why it's useful to keep.
Depending on when a mistake occurs in one of the files it backups
it will provide variable recovery time of 0 to 24hours.
[ Balint Reczey ]
* Add Salsa CI configuration
* Drop Lintian override for su, it is not shipped in login anymore
* Stop shipping and honoring /etc/securetty
(Closes: #731656, #830255, #879903, #920764, #771675, #917893, #607073)
* Migrate to dh from cdbs
* Ship some missing man files
* Fix checking upstream tarball's OpenPGP signature
* New upstream version 4.7
* Refresh patches
* Run autopkgtest in Salsa CI when it exists
* debian/NEWS: Fix version of latest entry
* Clean up /etc/securetty properly on upgrade
-- Balint Reczey <email address hidden> Mon, 20 Jan 2020 15:16:35 +0100
-
shadow (1:4.5-1.1ubuntu4) eoan; urgency=medium
* debian/patches/1015_add_zsys_support.patch:
- Call zsys to handle home directory if available.
We call zsys to handle dataset creation for zsys system in a separate
home dataset for each user on the system.
This allows one to handle user dataset outside of /home and also renaming.
We don't support yet deletion, as removing the dataset would remove as
well every snapshot of the history, and so, revert to previous version
will result in user created, but no home directory, which is unwanted.
(LP: #1842902)
-- Didier Roche <email address hidden> Thu, 29 Aug 2019 15:00:07 +0200
