Change logs for shadow source package in Karmic

  • shadow (1: karmic-security; urgency=low
      * SECURITY UPDATE: could inject NIS groups memberships into /etc/passwd.
        - debian/patches/900_locale_env_sanity: actually set locale environment
          variables correctly.
        - debian/patches/901_reject_newline: reject newlines in GECOS updates.
        - CVE-2011-0721
     -- Kees Cook <email address hidden>   Mon, 14 Feb 2011 13:43:17 -0800
  • shadow (1: karmic; urgency=low
      * debian/securetty.linux: also list ttyS2 and ttyS3; beagleboard uses ttyS2
        as serial port.
     -- Loic Minier <email address hidden>   Fri, 31 Jul 2009 15:34:56 +0200
  • shadow (1: karmic; urgency=low
      * Resynchronise with Debian. Remaining changes:
        - Ubuntu specific:
          + debian/login.defs: use SHA512 by default for password crypt routine.
        - debian/patches/495_stdout-encrypted-password: chpasswd can report
          password hashes on stdout (Debian bug 505640).
      * Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.
        It's looking a bit ugly now ...
    shadow (1: unstable; urgency=low
      * The "Chevrotin" release.
      * New upstream release:
         - Fixed typo in the French vipw usage. Closes: #528486
         - Fixed failure to delete an user (wrongly detected as still logged in).
           On Linux, userdel checks if the user has some running processes.
           Otherwise, it still check with utmp if the user is logged in and check
           if the process indicated by utmp is still running to avoid
           mis-detection of logged-in users. Closes: #528060
         - newgrp and sg return the exit status of their child. Closes: #529897
         - Updated patches:
            + debian/patches/506_relaxed_usernames
      * debian/login.defs: Removed comment about MD5_CRYPT. MD5_CRYPT_ENAB is no
        more used by chpasswd and newusers.
      * debian/patches/*: Updated patches to the new quilt and shadow versions.
      * debian/patches/506_relaxed_usernames: usernames with a slash will not only
        break one option. Move to the discussion on the usernames.
    shadow (1:4.1.4-3) unstable; urgency=low
      * The "Banonet" release.
      * debian/login.pam: Really ignore failures when the module do
        not exist. Closes: #528673
    shadow (1:4.1.4-2) unstable; urgency=low
      * The "Banon" release.
      * debian/rules, debian/passwd.linda-overrides, debian/login.linda-overrides:
        Removed linda-overrides files.
      * debian/rules: Install the lintian overrides with dh_lintian.
      * debian/control: Raised dependency on debhelper (>= 6.0.7~) for dh_lintian.
      * debian/compat: Raised to 6
      * debian/login.postinst: Install /var/log/faillog during initial installs
        only. This permits admins to disable failed logins recording.
        Closes: #488420
      * debian/login.pam: Ignore failures when the module do not
        exist. A required makes login fail when the module does not
        exist (e.g. on architecture without SE Linux support). Closes: #528673
    shadow (1:4.1.4-1) unstable; urgency=low
      * The "Chambérat" release.
      * New upstream release:
         - Updated Czech translation. Closes: #525658
         - Updated French translation.
         - Updated German translation. Closes: #527131
         - Updated Japanese translation.
         - Updated Korean translation. Closes: #524719
         - Updated Portuguese translation. Closes: #525531
         - Updated Russian translation. Closes: #527636
         - passwd: Report password properties changes if the password is not
           actually changed. Closes: #525967
         - Fixed lastlog. 4.1.3 only reported empty logs. Closes: #524873
         - Remove patches applied upstream:
            + debian/patches/403_fix_PATH-MAX_hurd
         - Updated patches:
            + debian/patches/008_login_log_failure_in_FTMP
            + debian/patches/401_cppw_src.dpatch
            + debian/patches/429_login_FAILLOG_ENAB
            + debian/patches/463_login_delay_obeys_to_PAM
         - pwck and grpck warn when the shadowed and non-shadowed files contain
           an entry for the same user or group and the non shadowed file password
           field is not 'x'. Closes: #501869
           Other topics raised in this bug were fixed previously.
      * debian/securetty.linux: Added Freescale i.MX ports. Closes: #527095
      * debian/securetty.linux: Added some local X displays. See LP #104957. But
        only a limited set of displays were added.
      * debian/rules, debian/passwd.newusers.pam, debian/passwd.chpasswd.pam:
        Install the newusers and chpasswd PAM service configuration files.
        newusers and chpasswd now use PAM to update the passwords.
        Closes: #525153
      * debian/login.pam: Updated support for SELinux. Closes: #527106
      * debian/control: Standards-Version bumped to 3.8.1. No changes.
      * debian/control: Changed gnome-doc-utils dependency to >= 0.4.3 (instead
        of >= 0.4.3-1)
      * debian/control: Added ${misc:Depends} to the passwd's Depends and login's
     -- Colin Watson <email address hidden>   Wed, 03 Jun 2009 11:16:51 +0100
  • shadow (1: karmic; urgency=low
      * Merge from debian unstable, remaining changes:
        - Ubuntu specific:
          + debian/login.defs: use SHA512 by default for password crypt routine.
        - debian/patches/stdout-encrypted-password.patch: chpasswd can report
          password hashes on stdout (debian bug 505640).
        - debian/login.pam: Enable SELinux support (debian bug 527106).
        - debian/securetty.linux: support Freescale MX-series (debian bug 527095).
      * Add debian/patches/300_lastlog_failure: fixed upstream (debian bug 524873).
      * Drop debian/patches/593_omit_lastchange_field_if_clock_is_misset: fixed
    shadow (1: unstable; urgency=low
      * The "Le Puant Macéré" release.
        Sorry for the lack of cheese name in 1:4.1.3-1. At least this one should
        count for two.
      * New upstream release:
        - Fixed wrong parsing of octal permissions. This impacted login (permission
          of the TTYs, UMASK, ERASECHAR or KILLCHAR) in release 1:4.1.3-1 only.
          Closes: #524139, #524258
        - removed debian/patches/200_bin_nb: Applied upstream.
        - removed debian/patches/302_vim_selinux_support: Applied upstream.
        - Fixed login segfault when called without a username. Closes: #524193
    shadow (1:4.1.3-1) unstable; urgency=low
      * The "" release.
      * New upstream release:
        - Fix possible login DOS. Closes: #505071
        - Fix gpasswd and username with 32 characters. Closes: #508785
        - Fix typo in nologin(8). Closes: #513252
        - Remove old features from passwd(1). Closes: #499578
        - login: Close passwd while waiting for exit. Closes: #474318
        - login: fix the count of login failures. Closes: #498788
        - Remove patches applied upstream (4.1.2):
          + debian/patches/434_login_stop_checking_args_after--
          + debian/patches/491_configure.in_friendly_selinux_detection
          + debian/patches/487_passwd_chauthtok_failed_message
          + debian/patches/406_vipw_resume_properly
          + debian/patches/414_remove-unwise-advices
          + debian/patches/300_SHA_crypt_method
          + debian/patches/301_manpages_missing_options
          + debian/patches/415_login_put-echoctl-back
          + debian/patches/431_su_uid_0_not_root
        - Remove patches applied upstream (4.1.3):
          + debian/patches/200_Czech_binary_translation
          + debian/patches/302_remove_non_translated_polish_manpages
          + debian/patches/494_passwd_lock-no_account_lock
          + debian/patches/200_Czech_binary_translation
          + debian/patches/494_passwd_lock-no_account_lock
        - Updated patches:
          + debian/patches/431_su_uid_0_not_root
          + debian/patches/463_login_delay_obeys_to_PAM
          + debian/patches/008_su_get_PAM_username
          + debian/patches/302_vim_selinux_support
          + debian/patches/008_login_log_failure_in_FTMP
          + debian/patches/429_login_FAILLOG_ENAB
          + debian/patches/428_grpck_add_prune_option
          + debian/patches/401_cppw_src.dpatch
          + debian/patches/506_relaxed_usernames
          + debian/patches/463_login_delay_obeys_to_PAM
          + debian/patches/542_useradd-O_option
        - Translations
          + New Kazakh translation. Closes: #517809
          + Updated Slovak translation. Closes: #523621
      * debian/patches/454_userdel_no_MAIL_FILE: Patch removed. If MAIL_FILE is
        defined, the mailbox is not in MAIL_SPOOL_DIR.
      * debian/patches/506_relaxed_usernames: Use an extra paragraph for the note
        on username with a '/'.
      * debian/patches/504_undef_USE_PAM.nolibpam,
        debian/patches/504_undef_USE_PAM.dpatch, debian/rules: Patches removed.
        Replaced by the --disable-account-tools-setuid configure option.
      * debian/control: changed the "Replaces" on manpages-zh to a versioned
        one on 1.5.1-1
      * debian/control: drop all Replaces on manpages-* when the version is
        prior to Etch
      * Versioned Replaces on manpages-tr (<<1..5) as conflicting manpages have
        been removed in that package
      * debian/patches/402_cppw_selinux: Add SE Linux support for cppw / cpgr.
      * debian/patches/900_testsuite_groupmems, debian/patches/901_testsuite_gcov:
        Added patches, only intended to be used in the testsuite.
      * debian/securetty.linux: Added ttyPZ0, ttyPZ1, ttyPZ2, ttyPZ3 for PowerMac
        machines.  Closes: #511739
      * debian/patches/579_chowntty_debug: Removed. With the fix for 505071 and
        505271, this additional debug information is no more needed.
      * debian/patches/507_32char_grnames.dpatch: Patch removed. Replaced by the
        --with-group-name-max-length=32 configure option.
      * debian/patches/592_manpages_typos: No more needed.
      * debian/patches/401_cppw_src.dpatch: Call fsync before closing the backup
        file descriptor. This ensures that the backup file will be available on
        the storage medium.
      * debian/securetty.linux: Removed devfs devices. Usage of devfs enabled
        kernel in Lenny was not supported. Closes: #511961
      * debian/login.defs: Added /usr/local/games/ to ENV_PATH (for regular
        users). Closes: #487105
      * debian/patches/200_bin_nb: Updated Norwegian Bokmål translation.
        Closes: #523798
      * debian/login.defs: Update GID_MIN to 1000. This is more consistent with
        UID_MIN, SYS_GID_MAX and the usage of the same ID for UID and GIDs. This
        should also be more consistent with the assignment of system group IDs
        starting from GID_MAX and going down.
     -- Kees Cook <email address hidden>   Tue, 05 May 2009 09:45:21 -0700
  • shadow (1:4.1.1-6ubuntu6) jaunty; urgency=low
      * debian/login.preinst: fix typo in grep (LP: #354887).
     -- Kees Cook <email address hidden>   Fri, 03 Apr 2009 22:12:07 -0700