-
shadow (1:4.1.4.1-1ubuntu2.2) karmic-security; urgency=low
* SECURITY UPDATE: could inject NIS groups memberships into /etc/passwd.
- debian/patches/900_locale_env_sanity: actually set locale environment
variables correctly.
- debian/patches/901_reject_newline: reject newlines in GECOS updates.
- CVE-2011-0721
-- Kees Cook <email address hidden> Mon, 14 Feb 2011 13:43:17 -0800
-
shadow (1:4.1.4.1-1ubuntu2) karmic; urgency=low
* debian/securetty.linux: also list ttyS2 and ttyS3; beagleboard uses ttyS2
as serial port.
-- Loic Minier <email address hidden> Fri, 31 Jul 2009 15:34:56 +0200
-
shadow (1:4.1.4.1-1ubuntu1) karmic; urgency=low
* Resynchronise with Debian. Remaining changes:
- Ubuntu specific:
+ debian/login.defs: use SHA512 by default for password crypt routine.
- debian/patches/495_stdout-encrypted-password: chpasswd can report
password hashes on stdout (Debian bug 505640).
* Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.
It's looking a bit ugly now ...
shadow (1:4.1.4.1-1) unstable; urgency=low
* The "Chevrotin" release.
* New upstream release:
- Fixed typo in the French vipw usage. Closes: #528486
- Fixed failure to delete an user (wrongly detected as still logged in).
On Linux, userdel checks if the user has some running processes.
Otherwise, it still check with utmp if the user is logged in and check
if the process indicated by utmp is still running to avoid
mis-detection of logged-in users. Closes: #528060
- newgrp and sg return the exit status of their child. Closes: #529897
- Updated patches:
+ debian/patches/506_relaxed_usernames
* debian/login.defs: Removed comment about MD5_CRYPT. MD5_CRYPT_ENAB is no
more used by chpasswd and newusers.
* debian/patches/*: Updated patches to the new quilt and shadow versions.
* debian/patches/506_relaxed_usernames: usernames with a slash will not only
break one option. Move to the discussion on the usernames.
shadow (1:4.1.4-3) unstable; urgency=low
* The "Banonet" release.
* debian/login.pam: Really ignore pam_selinux.so failures when the module do
not exist. Closes: #528673
shadow (1:4.1.4-2) unstable; urgency=low
* The "Banon" release.
* debian/rules, debian/passwd.linda-overrides, debian/login.linda-overrides:
Removed linda-overrides files.
* debian/rules: Install the lintian overrides with dh_lintian.
* debian/control: Raised dependency on debhelper (>= 6.0.7~) for dh_lintian.
* debian/compat: Raised to 6
* debian/login.postinst: Install /var/log/faillog during initial installs
only. This permits admins to disable failed logins recording.
Closes: #488420
* debian/login.pam: Ignore pam_selinux.so failures when the module do not
exist. A required pam_selinux.so makes login fail when the module does not
exist (e.g. on architecture without SE Linux support). Closes: #528673
shadow (1:4.1.4-1) unstable; urgency=low
* The "Chambérat" release.
* New upstream release:
- Updated Czech translation. Closes: #525658
- Updated French translation.
- Updated German translation. Closes: #527131
- Updated Japanese translation.
- Updated Korean translation. Closes: #524719
- Updated Portuguese translation. Closes: #525531
- Updated Russian translation. Closes: #527636
- passwd: Report password properties changes if the password is not
actually changed. Closes: #525967
- Fixed lastlog. 4.1.3 only reported empty logs. Closes: #524873
- Remove patches applied upstream:
+ debian/patches/403_fix_PATH-MAX_hurd
- Updated patches:
+ debian/patches/008_login_log_failure_in_FTMP
+ debian/patches/401_cppw_src.dpatch
+ debian/patches/429_login_FAILLOG_ENAB
+ debian/patches/463_login_delay_obeys_to_PAM
- pwck and grpck warn when the shadowed and non-shadowed files contain
an entry for the same user or group and the non shadowed file password
field is not 'x'. Closes: #501869
Other topics raised in this bug were fixed previously.
* debian/securetty.linux: Added Freescale i.MX ports. Closes: #527095
* debian/securetty.linux: Added some local X displays. See LP #104957. But
only a limited set of displays were added.
* debian/rules, debian/passwd.newusers.pam, debian/passwd.chpasswd.pam:
Install the newusers and chpasswd PAM service configuration files.
newusers and chpasswd now use PAM to update the passwords.
Closes: #525153
* debian/login.pam: Updated support for SELinux. Closes: #527106
* debian/control: Standards-Version bumped to 3.8.1. No changes.
* debian/control: Changed gnome-doc-utils dependency to >= 0.4.3 (instead
of >= 0.4.3-1)
* debian/control: Added ${misc:Depends} to the passwd's Depends and login's
Pre-Depends.
-- Colin Watson <email address hidden> Wed, 03 Jun 2009 11:16:51 +0100
-
shadow (1:4.1.3.1-1ubuntu1) karmic; urgency=low
* Merge from debian unstable, remaining changes:
- Ubuntu specific:
+ debian/login.defs: use SHA512 by default for password crypt routine.
- debian/patches/stdout-encrypted-password.patch: chpasswd can report
password hashes on stdout (debian bug 505640).
- debian/login.pam: Enable SELinux support (debian bug 527106).
- debian/securetty.linux: support Freescale MX-series (debian bug 527095).
* Add debian/patches/300_lastlog_failure: fixed upstream (debian bug 524873).
* Drop debian/patches/593_omit_lastchange_field_if_clock_is_misset: fixed
upstream.
shadow (1:4.1.3.1-1) unstable; urgency=low
* The "Le Puant Macéré" release.
Sorry for the lack of cheese name in 1:4.1.3-1. At least this one should
count for two.
* New upstream release:
- Fixed wrong parsing of octal permissions. This impacted login (permission
of the TTYs, UMASK, ERASECHAR or KILLCHAR) in release 1:4.1.3-1 only.
Closes: #524139, #524258
- removed debian/patches/200_bin_nb: Applied upstream.
- removed debian/patches/302_vim_selinux_support: Applied upstream.
- Fixed login segfault when called without a username. Closes: #524193
shadow (1:4.1.3-1) unstable; urgency=low
* The "" release.
* New upstream release:
- Fix possible login DOS. Closes: #505071
- Fix gpasswd and username with 32 characters. Closes: #508785
- Fix typo in nologin(8). Closes: #513252
- Remove old features from passwd(1). Closes: #499578
- login: Close passwd while waiting for exit. Closes: #474318
- login: fix the count of login failures. Closes: #498788
- Remove patches applied upstream (4.1.2):
+ debian/patches/434_login_stop_checking_args_after--
+ debian/patches/491_configure.in_friendly_selinux_detection
+ debian/patches/487_passwd_chauthtok_failed_message
+ debian/patches/406_vipw_resume_properly
+ debian/patches/414_remove-unwise-advices
+ debian/patches/300_SHA_crypt_method
+ debian/patches/301_manpages_missing_options
+ debian/patches/415_login_put-echoctl-back
+ debian/patches/431_su_uid_0_not_root
- Remove patches applied upstream (4.1.3):
+ debian/patches/200_Czech_binary_translation
+ debian/patches/302_remove_non_translated_polish_manpages
+ debian/patches/494_passwd_lock-no_account_lock
+ debian/patches/200_Czech_binary_translation
+ debian/patches/494_passwd_lock-no_account_lock
- Updated patches:
+ debian/patches/431_su_uid_0_not_root
+ debian/patches/463_login_delay_obeys_to_PAM
+ debian/patches/008_su_get_PAM_username
+ debian/patches/302_vim_selinux_support
+ debian/patches/008_login_log_failure_in_FTMP
+ debian/patches/429_login_FAILLOG_ENAB
+ debian/patches/428_grpck_add_prune_option
+ debian/patches/401_cppw_src.dpatch
+ debian/patches/506_relaxed_usernames
+ debian/patches/463_login_delay_obeys_to_PAM
+ debian/patches/542_useradd-O_option
- Translations
+ New Kazakh translation. Closes: #517809
+ Updated Slovak translation. Closes: #523621
* debian/patches/454_userdel_no_MAIL_FILE: Patch removed. If MAIL_FILE is
defined, the mailbox is not in MAIL_SPOOL_DIR.
* debian/patches/506_relaxed_usernames: Use an extra paragraph for the note
on username with a '/'.
* debian/patches/504_undef_USE_PAM.nolibpam,
debian/patches/504_undef_USE_PAM.dpatch, debian/rules: Patches removed.
Replaced by the --disable-account-tools-setuid configure option.
* debian/control: changed the "Replaces" on manpages-zh to a versioned
one on 1.5.1-1
* debian/control: drop all Replaces on manpages-* when the version is
prior to Etch
* Versioned Replaces on manpages-tr (<<1..5) as conflicting manpages have
been removed in that package
* debian/patches/402_cppw_selinux: Add SE Linux support for cppw / cpgr.
* debian/patches/900_testsuite_groupmems, debian/patches/901_testsuite_gcov:
Added patches, only intended to be used in the testsuite.
* debian/securetty.linux: Added ttyPZ0, ttyPZ1, ttyPZ2, ttyPZ3 for PowerMac
machines. Closes: #511739
* debian/patches/579_chowntty_debug: Removed. With the fix for 505071 and
505271, this additional debug information is no more needed.
* debian/patches/507_32char_grnames.dpatch: Patch removed. Replaced by the
--with-group-name-max-length=32 configure option.
* debian/patches/592_manpages_typos: No more needed.
* debian/patches/401_cppw_src.dpatch: Call fsync before closing the backup
file descriptor. This ensures that the backup file will be available on
the storage medium.
* debian/securetty.linux: Removed devfs devices. Usage of devfs enabled
kernel in Lenny was not supported. Closes: #511961
* debian/login.defs: Added /usr/local/games/ to ENV_PATH (for regular
users). Closes: #487105
* debian/patches/200_bin_nb: Updated Norwegian Bokmål translation.
Closes: #523798
* debian/login.defs: Update GID_MIN to 1000. This is more consistent with
UID_MIN, SYS_GID_MAX and the usage of the same ID for UID and GIDs. This
should also be more consistent with the assignment of system group IDs
starting from GID_MAX and going down.
-- Kees Cook <email address hidden> Tue, 05 May 2009 09:45:21 -0700
-
shadow (1:4.1.1-6ubuntu6) jaunty; urgency=low
* debian/login.preinst: fix typo in grep (LP: #354887).
-- Kees Cook <email address hidden> Fri, 03 Apr 2009 22:12:07 -0700