-
shadow (1:4.1.1-6ubuntu6) jaunty; urgency=low
* debian/login.preinst: fix typo in grep (LP: #354887).
-- Kees Cook <email address hidden> Fri, 03 Apr 2009 22:12:07 -0700
-
shadow (1:4.1.1-6ubuntu5) jaunty; urgency=low
* debian/login.preinst: add special-case handling to restore the
original white-space in /etc/login.defs that is changed by
system-tools-backends (LP: #316756).
-- Kees Cook <email address hidden> Fri, 03 Apr 2009 14:33:43 -0700
-
shadow (1:4.1.1-6ubuntu4) jaunty; urgency=low
* debian/patches/593_omit_lastchange_field_if_clock_is_misset (LP: #349504)
- If the system clock is set to Jan 01, 1970, and a new user is created
the last changed field gets set to 0, which tells login that the
password is expired and must be changed. During installation,
this can cause autologin to fail. Having the clock set to 01/01/1970
on a fresh install is common on the ARM architecture, so this is a high
priority bug since its likely to affect most ARM users on first install
-- Michael Casadevall <email address hidden> Thu, 02 Apr 2009 14:05:31 -0400
-
shadow (1:4.1.1-6ubuntu3) jaunty; urgency=low
[ Bryan McLellan ]
* Don't do the vm-builder root password check on fresh installations
(LP: #340841).
-- Colin Watson <email address hidden> Tue, 17 Mar 2009 13:32:55 +0000
-
shadow (1:4.1.1-6ubuntu2) jaunty; urgency=low
* debian/securetty.linux (LP: #316841)
- Updated securetty support for Freescale MX-series boards
-- Michael Casadevall <email address hidden> Tue, 13 Jan 2009 12:56:38 -0500
-
shadow (1:4.1.1-6ubuntu1) jaunty; urgency=low
* Merge from debian unstable, remaining changes:
- Ubuntu specific:
+ debian/login.pam: Enable SELinux support in login.pam.
+ debian/rules: regenerate autoconf to avoid libtool-caused FTBFS.
+ debian/login.defs: use SHA512 by default for password crypt routine.
+ debian/passwd.postinst: disable the root password for virtual
machines created with vm-builder on Ubuntu 8.10.
- debian/patches/stdout-encrypted-password.patch: allow chpasswd to
report encrypted passwords to stdout for tools needing encrypted
passwords (debian bug 505640).
shadow (1:4.1.1-6) unstable; urgency=medium
* The "Rollot" release.
* debian/patches/303_login_symlink_attack: Fix a race condition that could
lead to gaining ownership or changing mode of arbitrary files.
Closes: #505271
* debian/patches/304_su.1_synopsis: Fix the su synopsis. username is
referenced in the manpage, not LOGIN. Closes: #501830
* debian/patches/305_login.1_japanese: Fix the path of the utmp and wtmp
files. Closes: #501353
-- Kees Cook <email address hidden> Mon, 08 Dec 2008 00:44:46 -0800
-
shadow (1:4.1.1-5ubuntu3) jaunty; urgency=low
* disable the root password for virtual machines created with vm-builder
on Ubuntu 8.10. (LP: #296841)
-- Jamie Strandboge <email address hidden> Thu, 13 Nov 2008 20:32:42 -0600
-
shadow (1:4.1.1-5ubuntu2) jaunty; urgency=low
* debian/login.defs: use SHA512 by default for password crypt routine
(LP: #51551, currently Ubuntu specific).
* debian/patches/stdout-encrypted-password.patch: allow chpasswd to report
encrypted passwords to stdout for tools needing encrypted passwords
(debian bug 505640).
* debian/rules: regenerate autoconf to avoid libtool-caused FTBFS.
-- Kees Cook <email address hidden> Thu, 13 Nov 2008 16:43:48 -0800
-
shadow (1:4.1.1-5ubuntu1) jaunty; urgency=low
* Merge from debian unstable, remaining changes:
- debian/login.pam: Enable SELinux support in login.pam.
shadow (1:4.1.1-5) unstable; urgency=low
* The "Bergues" release.
* debian/login.pam: restore the Etch behavior of pam_securetty.so in case of
unknown user. Closes: #443322, #495831
shadow (1:4.1.1-4) unstable; urgency=low
* The "Rocamadour" release.
* debian/patches/302_remove_non_translated_polish_manpages,
debian/patches/series: Remove the (untranslated) su.1 and login.1 polish
translation. Closes: #491460
* debian/patches/506_relaxed_usernames: Document that the naming policy is
also used for the group names policy. Differentiate the Debian
constraints in a separate paragraph. Added documentation of the username
length restriction. Closes: #493230
* debian/patches/507_32char_grnames.dpatch: Update the documentation of the
group length restriction. Closes: #493230
* debian/login.pam: Replace the "multiple" option of pam_selinux by
"select_context". This requires PAM 1.0.1, but is commented.
Closes: #493181
* debian/patches/494_passwd_lock-no_account_lock: Fix typo (missing
parenthesis). Thanks to Moray Allan.
shadow (1:4.1.1-3) unstable; urgency=low
* The "Morbier" release.
* debian/patches/302_vim_selinux_support: Add SE Linux support to vipw/vigr.
Thanks to Russell Coker. Closes: #491907
* debian/patches/494_passwd_lock-no_account_lock: Restore the previous
behavior of passwd -l (which changed in #389183): only lock the user's
password, not the user's account. Also explicitly document the
differences. This restores a behavior common with the previous versions of
passwd and with other implementations. Closes: #492307
* debian/patches/494_passwd_lock-no_account_lock: Add a reference to
usermod(8) in passwd(1). Closes: #412234
* debian/login.pam: Enforce a fail delay to avoid login brute-force.
Closes: #443322
* debian/login.pam: Indicate why the pam_securetty module is used as a
requisite module and mentions the possible drawbacks. Closes: #482352
* debian/login.defs: Do not mention the libpam-umask package (the module is
now provided by libpam-modules). Closes: #492410
* debian/patches/200_Czech_binary_translation: Updated Czech translation.
Thanks to Miroslav Kure. Closes: #482823
* debian/securetty.linux: Add the PA-RISC mux ports (ttyB0, ttyB1).
Closes: #488515
shadow (1:4.1.1-2) unstable; urgency=low
* The "Brie de Meaux" and "Brie de Melun" double cheese release.
* Backported patches from upstream
- debian/patches/300_SHA_crypt_method:
This fixes bugs in the SHA encryption method that force the salt to have
8 bytes (instead of a random length between 8 and 16 bytes), and force
the number of SHA rounds to be equal to the lowest limit (at least 1000
SHA rounds).
- debian/patches/301_manpages_missing_options:
This add the missing documentation of options in useradd, groupadd, and
newusers.
* Tag patches already applied upstream
- debian/patches/487_passwd_chauthtok_failed_message
- debian/patches/406_vipw_resume_properly
- debian/patches/008_su_get_PAM_username
- debian/patches/491_configure.in_friendly_selinux_detection
- debian/patches/434_login_stop_checking_args_after--
- debian/patches/414_remove-unwise-advices
* Added description of new variables in /etc/login.defs:
- SYS_UID_MIN, SYS_UID_MAX, SYS_GID_MIN, SYS_GID_MAX
- ENCRYPT_METHOD
- SHA_CRYPT_MIN_ROUNDS, SHA_CRYPT_MAX_ROUNDS
* New Debian Policy:
- debian/control: Bump Standards-Version to 3.8.0 (no changes needed).
- debian/README.source: Document how to patch the upstream source, how to
use quilt, how to package a new upstream and how to use the testsuite.
* debian/patches/505_useradd_recommend_adduser: Fix typo: userdel is used to
remove an user, not to add one. Closes: #475795
-- Scott James Remnant <email address hidden> Wed, 05 Nov 2008 07:26:43 +0000
-
shadow (1:4.1.1-1ubuntu1) intrepid; urgency=low
* Merge from debian unstable, remaining changes:
- debian/login.pam: Enable SELinux support in login.pam.
shadow (1:4.1.1-1) unstable; urgency=low
* New upstream release. This closes the following bugs:
- Fix errors when gpasswd is called without a gshadow file.
Closes: #467236, #467488
- Fix newgrp segfault when the primary group is not listed in /etc/groups.
Closes: #461670
- Fix infinite loop in usermod when two groups have the same name.
Closes: #470745
- Make SE Linux tests more strict, when the real UID is 0 SE Linux checks
will be performed. Closes: #472575
- Option --password added to groupadd / groupmod (like useradd / usermod).
Closes: #445484
- Remove patches applied upstream:
+ debian/patches/451_login_PATH
+ debian/patches/462_warn_to_edit_shadow
+ debian/patches/467_useradd_-r_LSB
+ debian/patches/466_fflush-prompt
+ debian/patches/480_getopt_args_reorder
+ debian/patches/496_login_init_session
+ debian/patches/408_passwd_check_arguments
+ debian/patches/412_lastlog_-u_numerical_range
+ debian/patches/407_adduser_disable_PUG_with-n
- Updated patches:
+ debian/patches/504_undef_USE_PAM.nolibpam
$(LIBCRYPT) $(LIBSKEY) $(LIBMD) are no more included in libshadow.la.
Avoid link to unneeded libraries (spotted by dpkg-shlibdeps).
+ debian/patches/501_commonio_group_shadow
+ debian/patches/429_login_FAILLOG_ENAB
+ debian/patches/542_useradd-O_option
+ debian/patches/401_cppw_src.dpatch
+ debian/patches/428_grpck_add_prune_option
- Updated translations:
+ Basque. Closes: #473555
+ German. Closes: #473646
+ Italian. Closes: #472951
+ Korean. Closes: #471935
+ Portuguese. Closes: #472244
+ Russian. Closes: #472506
+ Slovak. Closes: #471802
+ Turkish. Closes: #473279
* debian/watch: Add a watch file for shadow.
* debian/rules, debian/recode_manpages.sh: Do not recode the manpages.
Keep them in UTF-8.
* debian/rules, debian/control: login (>= 970502-1) was already provided
by login in Hamm. libpam-modules (>= 0.72-5) was already provided by
libpam-modules in Potato. libpam-runtime (>= 0.76-14) was already provided
by libpam-runtime in Sarge (now oldstable). Simplify the dependencies.
* debian/control: Move the dependency on libpam-modules from Depends to
Pre-Depends. The login package is Essential, and without libpam-modules,
login or su are not functional. Thanks to Steve Langasek for pointing this
out.
* debian/control: There's no need for a dependency on login (now that it is
unversionned; see above) in the passwd package.
* debian/control: The passwd's Replaces on manpages-de can be versionned
again. The su(1) manpage was removed from manpages-de.
* debian/securetty.linux: Added ttyUSB0, ttyUSB1, ttyUSB2, and MPC5200
serial ports (ttyPSC0, ttyPSC1, ttyPSC2, ttyPSC3, ttyPSC4, ttyPSC5).
Closes: #461374
* debian/control: Change XS-X-Vcs-Svn to Vcs-Svn. Update the link to the
new repository layout. Add a Vcs-Browser field.
* debian/control: Added Homepage field.
* debian/passwd.postrm: Removed (was empty).
shadow (1:4.1.0-2) unstable; urgency=low
* The "Bleu des Causses" release
* Unversion the conflict with manpages-de for login, as it also provides
a German manpage for su(1). Closes: #460508
shadow (1:4.1.0-1) unstable; urgency=low
[ Nicolas FRANCOIS (Nekral) ]
* The "Bleu d'Auvergne" release
* New upstream release. This closes the following bugs:
- usermod: Make usermod options independent of the argument order.
Closes: #451518
- login: Improve logging of login when the user's passwd entry could not
be retrieved. Closes: #451521
- Updated Russian translations. Thanks to Yuri Kozlov <email address hidden>.
Closes: #452291, #452296
- Section of newgrp fixed in the gshadow manpage. Closes: #454485
- Remove patches applied upstream:
+ 468_duplicate_passwd_struct_before_usage
+ 495_salt_stack_smash
+ 397_non_numerical_identifier
+ 405_su_no_pam_end_before_exec
+ 493_pwck_no_SHADOWPWD
+ 497_newgrp_primary_group
+ 409_man_generate_from_PO
+ 410_newgrp_man_mention_sg
+ 411_chpasswd_document_no_pam
+ 494_passwd_lock
+ 417_passwd_warndays
- Updated patches:
+ debian/patches/504_undef_USE_PAM.dpatch
MD5_CRYPT_ENAB is back in login.defs to define the default crypt
algorithm. It is tagged as deprecated and ENCRYPT_METHOD is
recommended instead. New algorithms are also available.
Closes: #447747
* Debian packaging fixes:
- debian/rules: compile with -W -Wall
- debian/rules: large files are now supported by configure. Remove
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 from
CFLAGS.
- 479_chowntty_debug was debian specific. Renamed to 579_chowntty_debug
- Remove (not applied patch) 419_time_structures.dpatch. All its chunks
are already applied upstream (with some differences), except one chunk
which comes from 008_login_log_failure_in_FTMP. Fix
008_login_log_failure_in_FTMP. This should fix some bugs causing invalid
faillog entries on 64 bit architectures with 32 bit compatibility.
- debian/securetty.linux: Add ttyS1. Better comments for the ttyS and xen
consoles. Add a note for the devfs consoles. They are no more needed for
most users. Closes: #454584
[ Christian Perrier ]
* debian/control
- Updated to Standards: 3.7.3.0 (checked, no change needed)
-- Kees Cook <email address hidden> Mon, 09 Jun 2008 10:08:38 -0700
