[Pkg-shadow-devel] Ubuntu (new upstream) shadow 1:4.0.18.1-6ubuntu1

Ubuntu Merge-o-Matic mom at ubuntu.com
Tue Dec 19 16:12:03 UTC 2006


This e-mail has been sent due to an upload to Ubuntu of a new upstream
version which still contains Ubuntu changes.  It contains the difference
between the Ubuntu version and the equivalent base version in Debian, note
that this difference may include the upstream changes.
-------------- next part --------------
Format: 1.7
Date: Tue, 19 Dec 2006 15:42:13 +0100
Source: shadow
Binary: login passwd
Architecture: source
Version: 1:4.0.18.1-6ubuntu1
Distribution: feisty
Urgency: low
Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 login      - system login tools
 passwd     - change and administer password and group data
Closes: 378899 395537 402002
Changes: 
 shadow (1:4.0.18.1-6ubuntu1) feisty; urgency=low
 .
   * Merge from debian unstable, remaining changes:
     - debian/passwd.postinst: Tidy up after Breezy d-i's password exposure in
       log files. (LP#34606)
 .
 shadow (1:4.0.18.1-6) unstable; urgency=low
 .
   * The "Vieux Lille" release
   * Upstream translation updates:
     - debian/patches/404_man-fr: Fix the French translation of
       passwd.1. Closes: #395537
   * Upstream bugs or fixes not yet fixed in upstream releases or CVS:
     - 403_fix_PATH-MAX_hurd: fixed glibc error on Hurd by not freeing f
       unconditionnally. Thanks to Michael banck for the patch fix
       Closes: #402002
   * Upstream bugs fixed upstream:
     - 103_man-de: early German translation of manpages. Updates
       passwd manpage. Closes: #378899
Files: 
 9e990cd81042160628bf74a79faf8e1c 1116 admin required shadow_4.0.18.1-6ubuntu1.dsc
 46902437f3e37ca0ddfafc4e63f2da65 224105 admin required shadow_4.0.18.1-6ubuntu1.diff.gz
-------------- next part --------------
diff -pruN 1:4.0.18.1-6/debian/changelog 1:4.0.18.1-6ubuntu1/debian/changelog
--- 1:4.0.18.1-6/debian/changelog	2006-12-19 16:09:28.000000000 +0000
+++ 1:4.0.18.1-6ubuntu1/debian/changelog	2006-12-19 16:08:44.000000000 +0000
@@ -1,3 +1,11 @@
+shadow (1:4.0.18.1-6ubuntu1) feisty; urgency=low
+
+  * Merge from debian unstable, remaining changes:
+    - debian/passwd.postinst: Tidy up after Breezy d-i's password exposure in
+      log files. (LP#34606)
+
+ -- Martin Pitt <martin.pitt at ubuntu.com>  Tue, 19 Dec 2006 15:42:13 +0100
+
 shadow (1:4.0.18.1-6) unstable; urgency=low
 
   * The "Vieux Lille" release
@@ -14,6 +22,19 @@ shadow (1:4.0.18.1-6) unstable; urgency=
 
  -- Christian Perrier <bubulle at debian.org>  Thu,  7 Dec 2006 19:10:50 +0100
 
+shadow (1:4.0.18.1-5ubuntu1) feisty; urgency=low
+
+  * Merge with Debian, remaining Ubuntu changes:
+    - debian/passwd.postinst: Tidy up after Breezy d-i's password exposure in
+      log files. (LP#34606)
+  * Drop passwd/root-password-empty debconf question and translations, and
+    Ubuntu specific changes in initial user creation; we do not use this any
+    more since Dapper.
+  * Drop manually merged translations, since we can use language packs for
+    shadow now.
+
+ -- Martin Pitt <martin.pitt at ubuntu.com>  Mon, 27 Nov 2006 17:41:18 +0100
+
 shadow (1:4.0.18.1-5) unstable; urgency=high
 
   * The "Chaource" release
@@ -154,6 +175,49 @@ shadow (1:4.0.17-1) unstable; urgency=lo
 
  -- Christian Perrier <bubulle at debian.org>  Wed, 12 Jul 2006 22:55:13 +0200
 
+shadow (1:4.0.16-2ubuntu4) edgy; urgency=low
+
+  * debian/control: Fix automake dependency, too. *blush*
+
+ -- Martin Pitt <martin.pitt at ubuntu.com>  Wed, 18 Oct 2006 09:42:41 +0200
+
+shadow (1:4.0.16-2ubuntu3) edgy; urgency=low
+
+  * Fix FTBFS due to new gettext 0.15:
+    - debian/rules: Use automake 1.9 instead of 1.7, 1.7 breaks with newer
+      gettext.
+    - Add debian/patches/593_po_mkinstalldirs: Hardcode the value of
+      'mkinstalldirs' in po/Makefile.in.in instead of using @MKINSTALLDIRS at .
+      The latter has been removed from gettext 0.15. This is a Gross Hackâ„¢,
+      but has to do for Edgy.
+    - Closes: LP#66506
+
+ -- Martin Pitt <martin.pitt at ubuntu.com>  Tue, 17 Oct 2006 09:09:52 +0200
+
+shadow (1:4.0.16-2ubuntu2) edgy; urgency=low
+
+  * Consolidate some duplicated code in passwd.postinst.
+  * Tidy up after Malone bug #48350, which left an empty root password if
+    you backed up from the installer's final message, by locking the root
+    password if this condition is detected. Unfortunately I don't know of a
+    reliable way to tell whether this situation arose due to the installer
+    bug or deliberately, so the postinst is verbose and we make sure only to
+    make this change once.
+  * 495_salt_stack_smash: Make sure the salt returned from crypt_make_salt
+    is properly truncated if MD5_CRYPT_ENAB is disabled, and make chpasswd
+    and chgpasswd more careful to avoid a (small) buffer overflow while
+    handling that salt in their MD5 modes. Fixes chpasswd/chgpasswd crashes
+    when SSP is enabled.
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Tue, 11 Jul 2006 14:13:13 +0100
+
+shadow (1:4.0.16-2ubuntu1) edgy; urgency=low
+
+  [ Ubuntu Merge-o-Matic ]
+  * Merge from debian unstable.
+
+ -- Scott James Remnant <scott at ubuntu.com>  Thu, 29 Jun 2006 23:28:54 +0100
+
 shadow (1:4.0.16-2) unstable; urgency=low
 
   * The "Valençay" release
@@ -547,6 +611,29 @@ shadow (1:4.0.14-1) unstable; urgency=lo
 
  -- Christian Perrier <bubulle at debian.org>  Fri,  6 Jan 2006 07:42:52 +0100
 
+shadow (1:4.0.13-7ubuntu3) dapper; urgency=low
+
+  * Remove management of /etc/shells now that debianutils owns it.
+    Removed debian/{README.shells,passwd.docs}
+    Updated debian/{rules,passwd.postinst,passwd.postrm}
+
+ -- Daniel Silverstone <daniel.silverstone at ubuntu.com>  Mon,  3 Apr 2006 13:32:42 +0100
+
+shadow (1:4.0.13-7ubuntu2) dapper; urgency=low
+
+  * Tidy up after Malone bug #34606, which left passwords exposed in
+    /var/log/installer/cdebconf/questions.dat, by removing those passwords;
+    for good measure, make /var/log/installer/cdebconf/* world-unreadable if
+    this bug is detected.
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Sun, 12 Mar 2006 22:45:32 +0000
+
+shadow (1:4.0.13-7ubuntu1) dapper; urgency=low
+
+  * Resynchronise with Debian.
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Sun,  4 Dec 2005 16:23:24 +0000
+
 shadow (1:4.0.13-7) unstable; urgency=low
 
   * The "Chabichou" release
@@ -568,6 +655,17 @@ shadow (1:4.0.13-7) unstable; urgency=lo
 
  -- Christian Perrier <bubulle at debian.org>  Sun, 20 Nov 2005 16:04:54 +0100
 
+shadow (1:4.0.13-6ubuntu1) dapper; urgency=low
+
+  * Resynchronise with Debian.
+  * Note that the debconf questions passwd/root-password-crypted and
+    passwd/user-password-crypted now have type password rather than boolean,
+    and to preseed a crypted password you preseed those variables directly
+    rather than the old method of preseeding passwd/root-password or
+    passwd/user-password and setting the *-crypted questions to true.
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Wed, 16 Nov 2005 20:16:01 +0000
+
 shadow (1:4.0.13-6) unstable; urgency=low
 
   * The "Saint-Nectaire" release
@@ -764,7 +862,7 @@ shadow (1:4.0.12-5) unstable; urgency=lo
   * Really add /etc/pam.d/su. Closes: #330291
   
  -- Christian Perrier <bubulle at debian.org>  Wed, 28 Sep 2005 19:59:31 +0200
-   
+
 shadow (1:4.0.12-4) unstable; urgency=low
 
   * The "Epoisses" release
@@ -917,6 +1015,53 @@ shadow (1:4.0.3-38) unstable; urgency=lo
 
  -- Christian Perrier <bubulle at debian.org>  Thu, 14 Jul 2005 10:14:23 +0200
 
+shadow (1:4.0.3-37ubuntu7) breezy; urgency=low
+
+  * Stop including passwd.templates in initial-passwd-udeb.templates; it's
+    no longer necessary with passthrough, and it triggers a debconf-copydb
+    bug which wipes out all translations in the target configdb.
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Tue, 11 Oct 2005 14:55:35 +0100
+
+shadow (1:4.0.3-37ubuntu6) breezy; urgency=low
+
+  * Update translations from Rosetta: German, Greek, Hungarian, Slovak,
+    Swedish, Tagalog.
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Tue,  4 Oct 2005 19:00:24 +0100
+
+shadow (1:4.0.3-37ubuntu5) breezy; urgency=low
+
+  * If passwd/user-uid is set, only pass --uid to adduser, not --gid.
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Mon,  3 Oct 2005 12:20:10 +0100
+
+shadow (1:4.0.3-37ubuntu4) breezy; urgency=low
+
+  * Add passwd/user-uid template, which can be preseeded to force the
+    initial user to have a certain uid.
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Sun,  2 Oct 2005 15:35:26 +0100
+
+shadow (1:4.0.3-37ubuntu3) breezy; urgency=low
+
+  * Allow usernames containing hyphens (closes: Ubuntu #15721).
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Tue, 20 Sep 2005 16:58:59 +0100
+
+shadow (1:4.0.3-37ubuntu2) breezy; urgency=low
+
+  * Be sure to decrement the STATE variable if passwords don't match or
+    password is empty.  Ubuntu #13920.
+
+ -- Tollef Fog Heen <tfheen at ubuntu.com>  Wed, 31 Aug 2005 16:44:46 +0200
+
+shadow (1:4.0.3-37ubuntu1) breezy; urgency=low
+
+  * Resynchronise with Debian.
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Tue, 12 Jul 2005 14:57:57 +0100
+
 shadow (1:4.0.3-37) unstable; urgency=low
 
   * The "Camembert" release
@@ -1174,6 +1319,23 @@ shadow (1:4.0.3-35) unstable; urgency=lo
 
  -- Christian Perrier <bubulle at debian.org>  Fri,  3 Jun 2005 07:32:07 +0200
 
+shadow (1:4.0.3-34ubuntu2) breezy; urgency=low
+
+  * Clear seen flags on passwd/root-password and passwd/root-password-again
+    on password mismatches (closes: Ubuntu #10784).
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Wed,  8 Jun 2005 15:16:49 +0100
+
+shadow (1:4.0.3-34ubuntu1) breezy; urgency=low
+
+  * Resynchronise with Debian.
+  * Use DEB_HOST_ARCH_* variables if available so that we work correctly
+    with dpkg 1.13.
+  * Go back to copying information from stack databases, since cdebconf 0.78
+    can handle that.
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Tue, 31 May 2005 19:24:39 +0100
+
 shadow (1:4.0.3-34) unstable; urgency=low
 
   * Debian packaging fixes:
@@ -1273,6 +1435,27 @@ shadow (1:4.0.3-32) unstable; urgency=lo
 
  -- Christian Perrier <bubulle at debian.org>  Tue,  3 May 2005 11:53:12 +0200
 
+shadow (1:4.0.3-31sarge3ubuntu3) breezy; urgency=low
+
+  * cdebconf's stack driver doesn't support iterate yet, so copy information
+    directly from the backend databases.
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Mon, 16 May 2005 16:21:37 +0100
+
+shadow (1:4.0.3-31sarge3ubuntu2) breezy; urgency=low
+
+  * Force initial-passwd-udeb.templates encoding to UTF-8.
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Mon,  9 May 2005 17:19:23 +0100
+
+shadow (1:4.0.3-31sarge3ubuntu1) breezy; urgency=low
+
+  * Resynchronise with Debian.
+  * Remove awful temporary script for copying information from cdebconf to
+    debconf, and rely on debconf-copydb from cdebconf 0.76 instead.
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Thu,  5 May 2005 14:32:45 +0100
+
 shadow (1:4.0.3-31sarge3) unstable; urgency=low
 
   * The "please buy me a brain" release
@@ -1351,6 +1534,129 @@ shadow (1:4.0.3-30.8) unstable; urgency=
 
  -- Christian Perrier <bubulle at debian.org>  Tue, 11 Jan 2005 11:39:18 +0100
 
+shadow (1:4.0.3-30.7ubuntu16) hoary; urgency=low
+
+  * Update Greek translation (thanks, Giorgos Logiotatidis).
+  * Update Romanian translation (thanks, Ovidiu Damian).
+  * Update Spanish translation (thanks, Enrique Matías Sánchez).
+  * Add Xhosa translation (thanks, Adi Attar).
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Tue,  5 Apr 2005 17:39:35 +0100
+
+shadow (1:4.0.3-30.7ubuntu15) hoary; urgency=low
+
+  * Update French translation (thanks, Sebastien Bacher).
+  * Update Hungarian translation (thanks, Gabor Burjan).
+  * Update Norwegian Bokmål translation (thanks, Terance Edward Sola).
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Mon, 28 Mar 2005 20:32:18 +0100
+
+shadow (1:4.0.3-30.7ubuntu14) hoary; urgency=low
+
+  * Update Brazilian Portuguese translation (thanks, Carlos Eduardo Pedroza
+    Santiviago).
+  * Update German translation (thanks, Maximilian Gerlach).
+  * Update Polish translation (thanks, Emil Oppeln-Bronikowski).
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Sat, 26 Mar 2005 02:26:47 +0000
+
+shadow (1:4.0.3-30.7ubuntu13) hoary; urgency=low
+
+  * After adding the user to /etc/aliases, run newaliases.  Closes: #8067
+
+ -- LaMont Jones <lamont at ubuntu.com>  Tue, 22 Mar 2005 13:54:24 -0700
+
+shadow (1:4.0.3-30.7ubuntu12) hoary; urgency=low
+
+  * Set DEBIAN_PRIORITY to the value of debconf/priority while running
+    debconf in /target (closes: Ubuntu #7961).
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Mon, 21 Mar 2005 18:14:57 +0000
+
+shadow (1:4.0.3-30.7ubuntu11) hoary; urgency=low
+
+  * Use passthrough mechanism to call passwd.config from
+    initial-passwd-udeb.
+  * Always set LANG to the value of debian-installer/locale when chrooting
+    into /target.
+  * Set a translatable title.
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Mon, 14 Mar 2005 19:40:25 +0000
+
+shadow (1:4.0.3-30.7ubuntu10) hoary; urgency=low
+
+  * Never generate invalid default usernames (part of Ubuntu #668).
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Fri,  4 Mar 2005 11:09:13 +0000
+
+shadow (1:4.0.3-30.7ubuntu9) hoary; urgency=low
+
+  * Avoid infinite loop when backing up from user password mismatch
+    question.
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Sun, 13 Feb 2005 10:38:20 +0000
+
+shadow (1:4.0.3-30.7ubuntu8) hoary; urgency=low
+
+  * Instead of adding the initial user to /etc/sudoers directly, create an
+    'admin' group, add the initial user to that, and add %admin to
+    /etc/sudoers. Based on a patch by Rob Caskey (closes: Ubuntu #1849).
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Wed,  9 Feb 2005 01:59:28 +0000
+
+shadow (1:4.0.3-30.7ubuntu7) hoary; urgency=low
+
+  * If passwd/root-password-crypted or passwd/user-password-crypted are set
+    to true when the respective password has been preseeded, assume that it
+    has been pre-crypted.
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Tue,  8 Feb 2005 14:46:44 +0000
+
+shadow (1:4.0.3-30.7ubuntu6) hoary; urgency=low
+
+  * Fix check for whether the root password has been preseeded.
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Mon,  7 Feb 2005 16:47:04 +0000
+
+shadow (1:4.0.3-30.7ubuntu5) hoary; urgency=low
+
+  * Renumber initial-passwd-udeb menu item to 71.
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Mon, 31 Jan 2005 18:33:55 +0000
+
+shadow (1:4.0.3-30.7ubuntu4) hoary; urgency=low
+
+  * Restore the root password question, but at medium priority. If the
+    answer is empty, disable the root account and use sudo. This allows for
+    preseeding the root password, but leaves the default install exactly as
+    it was.
+  * Fix root_password to return false if the root password is disabled.
+  * Always create a user account if there isn't one already and the root
+    password is disabled, so that in expert mode you don't accidentally get
+    locked out.
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Tue, 25 Jan 2005 15:59:41 +0000
+
+shadow (1:4.0.3-30.7ubuntu3) hoary; urgency=low
+
+  * Add the initial user to default groups, /etc/sudoers, and /etc/aliases
+    (moved from base-config).
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Mon, 17 Jan 2005 14:37:14 +0000
+
+shadow (1:4.0.3-30.7ubuntu2) hoary; urgency=low
+
+  * Add initial-passwd-udeb, which pulls Jedi mind tricks on debconf and
+    cdebconf to set up users and passwords in the first stage.
+
+ -- Colin Watson <cjwatson at canonical.com>  Thu, 13 Jan 2005 15:44:57 +0000
+
+shadow (1:4.0.3-30.7ubuntu1) hoary; urgency=low
+
+  * Resynchronise with Debian.
+
+ -- Scott James Remnant <scott at canonical.com>  Sat, 25 Dec 2004 12:46:54 +0000
+
 shadow (1:4.0.3-30.7) unstable; urgency=low
 
   * Non-maintainer upload targeted at sarge.
@@ -1394,6 +1700,12 @@ shadow (1:4.0.3-30.5) unstable; urgency=
 
  -- Christian Perrier <bubulle at debian.org>  Thu, 16 Dec 2004 21:48:56 +0100
 
+shadow (1:4.0.3-30.4ubuntu1) hoary; urgency=low
+
+  * Resynchronise with Debian.
+
+ -- Scott James Remnant <scott at canonical.com>  Sat, 27 Nov 2004 12:49:18 +0000
+
 shadow (1:4.0.3-30.4) unstable; urgency=low
 
   * Non-maintainer upload targeted at sarge.
@@ -1407,6 +1719,12 @@ shadow (1:4.0.3-30.4) unstable; urgency=
 
  -- Christian Perrier <bubulle at debian.org>  Thu, 25 Nov 2004 07:21:53 +0100
 
+shadow (1:4.0.3-30.3ubuntu1) hoary; urgency=low
+
+  * Resynchronise with Debian.
+
+ -- Scott James Remnant <scott at canonical.com>  Tue, 09 Nov 2004 23:45:16 +0000
+
 shadow (1:4.0.3-30.3) unstable; urgency=high
 
   * Non-maintainer upload: security fix using the woody patch
@@ -1421,6 +1739,33 @@ shadow (1:4.0.3-30.3) unstable; urgency=
 
  -- Christian Perrier <bubulle at debian.org>  Tue,  2 Nov 2004 22:28:26 +0100
 
+shadow (1:4.0.3-30.2ubuntu3) hoary; urgency=low
+
+  * SECURITY UPDATE: Fix input validation which allowed local users to bypass
+    certain security restrictions.
+  * libmisc/pwdcheck.c, passwd_check(): Always do "goto bailout" if
+    pam_chauthok() failed; previously, the result of pam_chkauthtok() was
+    ignored. This function is used by "chsh" and "chfn". This could be
+    exploited to do unauthorized modification of account properties.
+  * Thanks to Martin Schulze <joey at infodrom.org> for discovering this.
+  * References:
+    CAN-2004-1001
+    http://secunia.com/advisories/13028
+
+ -- Martin Pitt <martin.pitt at canonical.com>  Wed,  3 Nov 2004 09:50:07 +0100
+
+shadow (1:4.0.3-30.2ubuntu2) hoary; urgency=low
+
+  * Resolve merge conflicts
+
+ -- Matt Zimmerman <mdz at canonical.com>  Thu, 28 Oct 2004 17:28:41 -0700
+
+shadow (1:4.0.3-30.2ubuntu1) hoary; urgency=low
+
+  * Resynchronise with Debian.
+
+ -- Scott James Remnant <scott at canonical.com>  Thu, 28 Oct 2004 09:43:31 +0100
+
 shadow (1:4.0.3-30.2) unstable; urgency=low
 
   * Non-maintainer upload targeted at sarge.
@@ -1542,6 +1887,44 @@ shadow (1:4.0.3-29) unstable; urgency=lo
 
  -- Karl Ramm <kcr at debian.org>  Sat,  3 Jul 2004 00:24:55 -0400
 
+shadow (1:4.0.3-28.5ubuntu6) warty; urgency=low
+
+  * Update German translation of passwd/user-fullname.
+
+ -- Colin Watson <cjwatson at canonical.com>  Tue, 14 Sep 2004 01:01:32 +0100
+
+shadow (1:4.0.3-28.5ubuntu5) warty; urgency=low
+
+  * Clarify passwd/user-fullname text a bit (thanks, Stuart Langridge).
+
+ -- Colin Watson <cjwatson at flatline.org.uk>  Tue, 31 Aug 2004 17:31:26 +0100
+
+shadow (1:4.0.3-28.5ubuntu4) warty; urgency=low
+
+  * debian/passwd.config: Disable root password on initial installation.
+
+ -- Colin Watson <cjwatson at flatline.org.uk>  Mon, 23 Aug 2004 21:35:35 +0100
+
+shadow (1:4.0.3-28.5ubuntu3) warty; urgency=low
+
+  * Remove setuid from login
+
+ -- Matt Zimmerman <mdz at alcor.net>  Thu,  5 Aug 2004 19:27:57 -0700
+
+shadow (1:4.0.3-28.5ubuntu2) warty; urgency=low
+
+  * Use a more accurate regex to test whether root already has a password
+    (Warty bug #372, Debian bug #260799)
+
+ -- Matt Zimmerman <mdz at alcor.net>  Fri, 23 Jul 2004 15:30:40 -0700
+
+shadow (1:4.0.3-28.5ubuntu1) warty; urgency=low
+
+  * debian/passwd.config: Ask user-fullname question at critical priority
+    (Debian bug #257700).
+
+ -- Colin Watson <cjwatson at flatline.org.uk>  Mon, 12 Jul 2004 16:21:49 +0100
+
 shadow (1:4.0.3-28.5) unstable; urgency=low
 
   * debian/*.files
@@ -2096,7 +2479,7 @@ shadow (20000902-6.1) unstable; urgency=
   * Upgrade to latest config.sub and config.guess.  Closes: #88547
  
  -- Gerhard Tonn <gt at debian.org>  Fri,  1 Jun 2001 20:38:43 +0200
-                                                              
+
 shadow (20000902-6) unstable; urgency=medium
 
   * actually set root's password when appropriate
diff -pruN 1:4.0.18.1-6/debian/passwd.postinst 1:4.0.18.1-6ubuntu1/debian/passwd.postinst
--- 1:4.0.18.1-6/debian/passwd.postinst	2006-12-19 16:09:28.000000000 +0000
+++ 1:4.0.18.1-6ubuntu1/debian/passwd.postinst	2006-12-19 16:08:44.000000000 +0000
@@ -8,7 +8,17 @@ configure)
     # installer, some unrelated to passwd but we decided to put the fix
     # here since there was no better place. This can safely be removed
     # after etch is released.
+    # In Ubuntu, it may be wise to keep this code around for longer, since
+    # this bug left passwords exposed in Ubuntu 5.10:
+    #   https://launchpad.net/bugs/34606
     if dpkg --compare-versions "$2" lt "1:4.0.14-9"; then
+	    if egrep -qs 'passwd/(root|user)-password' /var/log/installer/cdebconf/*
+	    then
+		    perl -000 -pi -e '
+			    if (m{^Name: passwd/(?:root|user)-password(?:-again)? *$}m) {
+				    s/^Value:.*\n//m
+			    }' /var/log/installer/cdebconf/* || true
+	    fi
 	    for log in /var/log/base-config* \
 		    $(find /var/log/debian-installer/ /var/log/installer/ -type f 2>/dev/null ); do
 		if [ -e "$log" ]; then
@@ -33,6 +43,23 @@ EOF
     			exit 1
 		)
 	fi
+
+	# Tidy up after installer security bug that left an empty root
+	# password if you backed up from the installer's final message:
+	#   https://launchpad.net/bugs/48350
+	if (dpkg --compare-versions "$2" lt-nl 1:4.0.13-7ubuntu3.2 || \
+	    [ "$2" = 1:4.0.16-2ubuntu1 ]) && \
+	   perl -e '(my @root = getpwnam "root") or exit 1;
+		    my $rootpw = $root[1];
+		    $rootpw =~ /^(\$1\$[^\$]*\$?)/ or exit 1;
+		    my $salt = $1;
+		    exit 1 if $salt eq "";
+		    my $emptypw = crypt("", $salt);
+		    exit (($rootpw eq $emptypw) ? 0 : 1);'
+	then
+		echo "Locking root password left blank by installer bug ..."
+		echo 'root:*' | chpasswd -e -m
+	fi
     ;;
 esac
 


More information about the Pkg-shadow-devel mailing list