Change logs for shadow source package in Intrepid

  • shadow (1:4.1.1-1ubuntu1.2) intrepid-security; urgency=low
    
      * SECURITY UPDATE: root privilege escalation via utmp group.
        - debian/patches/303_login_symlink_attack: upstream fix thanks
          to Paul Szabo and Nicolas Fran├žois.
    
     -- Kees Cook <email address hidden>   Mon, 08 Dec 2008 00:26:39 -0800
  • shadow (1:4.1.1-1ubuntu1.1) intrepid-security; urgency=low
    
      * disable the root password for virtual machines created with vm-builder
        on Ubuntu 8.10. (LP: #296841)
      * debian/rules: use 'DEB_AUTO_UPDATE_LIBTOOL = pre' to work-around new
        libtool (thanks Colin Watson)
    
     -- Jamie Strandboge <email address hidden>   Tue, 11 Nov 2008 15:56:09 -0600
  • shadow (1:4.1.1-1ubuntu1) intrepid; urgency=low
    
      * Merge from debian unstable, remaining changes:
        - debian/login.pam: Enable SELinux support in login.pam.
    
    shadow (1:4.1.1-1) unstable; urgency=low
    
      * New upstream release. This closes the following bugs:
        - Fix errors when gpasswd is called without a gshadow file.
          Closes: #467236, #467488
        - Fix newgrp segfault when the primary group is not listed in /etc/groups.
          Closes: #461670
        - Fix infinite loop in usermod when two groups have the same name.
          Closes: #470745
        - Make SE Linux tests more strict, when the real UID is 0 SE Linux checks
          will be performed. Closes: #472575
        - Option --password added to groupadd / groupmod (like useradd / usermod).
          Closes: #445484
        - Remove patches applied upstream:
          + debian/patches/451_login_PATH
          + debian/patches/462_warn_to_edit_shadow
          + debian/patches/467_useradd_-r_LSB
          + debian/patches/466_fflush-prompt
          + debian/patches/480_getopt_args_reorder
          + debian/patches/496_login_init_session
          + debian/patches/408_passwd_check_arguments
          + debian/patches/412_lastlog_-u_numerical_range
          + debian/patches/407_adduser_disable_PUG_with-n
        - Updated patches:
          + debian/patches/504_undef_USE_PAM.nolibpam
            $(LIBCRYPT) $(LIBSKEY) $(LIBMD) are no more included in libshadow.la.
            Avoid link to unneeded libraries (spotted by dpkg-shlibdeps).
          + debian/patches/501_commonio_group_shadow
          + debian/patches/429_login_FAILLOG_ENAB
          + debian/patches/542_useradd-O_option
          + debian/patches/401_cppw_src.dpatch
          + debian/patches/428_grpck_add_prune_option
        - Updated translations:
          + Basque. Closes: #473555
          + German. Closes: #473646
          + Italian. Closes: #472951
          + Korean. Closes: #471935
          + Portuguese. Closes: #472244
          + Russian. Closes: #472506
          + Slovak. Closes: #471802
          + Turkish. Closes: #473279
      * debian/watch: Add a watch file for shadow.
      * debian/rules, debian/recode_manpages.sh: Do not recode the manpages.
        Keep them in UTF-8.
      * debian/rules, debian/control: login (>= 970502-1) was already provided
        by login in Hamm. libpam-modules (>= 0.72-5) was already provided by
        libpam-modules in Potato. libpam-runtime (>= 0.76-14) was already provided
        by libpam-runtime in Sarge (now oldstable). Simplify the dependencies.
      * debian/control: Move the dependency on libpam-modules from Depends to
        Pre-Depends. The login package is Essential, and without libpam-modules,
        login or su are not functional. Thanks to Steve Langasek for pointing this
        out.
      * debian/control: There's no need for a dependency on login (now that it is
        unversionned; see above) in the passwd package.
      * debian/control: The passwd's Replaces on manpages-de can be versionned
        again. The su(1) manpage was removed from manpages-de.
      * debian/securetty.linux: Added ttyUSB0, ttyUSB1, ttyUSB2, and MPC5200
        serial ports (ttyPSC0, ttyPSC1, ttyPSC2, ttyPSC3, ttyPSC4, ttyPSC5).
        Closes: #461374
      * debian/control: Change XS-X-Vcs-Svn to Vcs-Svn.  Update the link to the
        new repository layout.  Add a Vcs-Browser field.
      * debian/control: Added Homepage field.
      * debian/passwd.postrm: Removed (was empty).
    
    shadow (1:4.1.0-2) unstable; urgency=low
    
      * The "Bleu des Causses" release
      * Unversion the conflict with manpages-de for login, as it also provides
        a German manpage for su(1). Closes: #460508
    
    shadow (1:4.1.0-1) unstable; urgency=low
    
      [ Nicolas FRANCOIS (Nekral) ]
      * The "Bleu d'Auvergne" release
      * New upstream release. This closes the following bugs:
        - usermod: Make usermod options independent of the argument order.
          Closes: #451518
        - login: Improve logging of login when the user's passwd entry could not
          be retrieved.  Closes: #451521
        - Updated Russian translations. Thanks to Yuri Kozlov <email address hidden>.
          Closes: #452291, #452296
        - Section of newgrp fixed in the gshadow manpage. Closes: #454485
        - Remove patches applied upstream:
          + 468_duplicate_passwd_struct_before_usage
          + 495_salt_stack_smash
          + 397_non_numerical_identifier
          + 405_su_no_pam_end_before_exec
          + 493_pwck_no_SHADOWPWD
          + 497_newgrp_primary_group
          + 409_man_generate_from_PO
          + 410_newgrp_man_mention_sg
          + 411_chpasswd_document_no_pam
          + 494_passwd_lock
          + 417_passwd_warndays
        - Updated patches:
          + debian/patches/504_undef_USE_PAM.dpatch
            MD5_CRYPT_ENAB is back in login.defs to define the default crypt
            algorithm. It is tagged as deprecated and ENCRYPT_METHOD is
            recommended instead. New algorithms are also available.
            Closes: #447747
      * Debian packaging fixes:
        - debian/rules: compile with -W -Wall
        - debian/rules: large files are now supported by configure. Remove
          -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 from
          CFLAGS.
        - 479_chowntty_debug was debian specific. Renamed to 579_chowntty_debug
        - Remove (not applied patch) 419_time_structures.dpatch. All its chunks
          are already applied upstream (with some differences), except one chunk
          which comes from 008_login_log_failure_in_FTMP. Fix
          008_login_log_failure_in_FTMP. This should fix some bugs causing invalid
          faillog entries on 64 bit architectures with 32 bit compatibility.
        - debian/securetty.linux: Add ttyS1. Better comments for the ttyS and xen
          consoles. Add a note for the devfs consoles. They are no more needed for
          most users. Closes: #454584
    
      [ Christian Perrier ]
      * debian/control
        - Updated to Standards: 3.7.3.0 (checked, no change needed)
    
     -- Kees Cook <email address hidden>   Mon, 09 Jun 2008 10:08:38 -0700
  • shadow (1:4.0.18.2-1ubuntu2) hardy; urgency=low
    
      * Add 498_make_useradd_faster_with_ldap: make useradd faster when
        nsswitch uses LDAP or some other remote names database (LP: #120015),
        thanks to Vince Busam.
    
     -- <email address hidden> (Matt T. Proud)   Fri, 08 Feb 2008 18:30:51 -0800