[Pkg-shadow-devel] shadow 4.1.1 released

Nicolas François nicolas.francois at centraliens.net
Fri Apr 4 23:18:05 UTC 2008


Hello,

I'm pleased to announce the release of shadow 4.1.1.

You can find the 4.1.1 archive in:
ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.1.tar.bz2
ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-4.1.1.tar.bz2.sig


Here is the comprehensive changelog for this release:

shadow-4.1.0 -> shadow-4.1.1						02-04-2008

*** general:
- security
  * Do not seed the random number generator each time, and use the time in
    microseconds to avoid having the same salt for different passwords
    generated in the same second.
- packaging
  * Do not install the shadow library per default.
- general
  * Do not translate the messages sent to syslog. This avoids logging
    PAM error messages in the users's locale.
- etc/login.defs
  * Set GID_MIN to the same value as UID_MIN by default (1000).
  * Added variables SYS_UID_MIN (100), SYS_UID_MAX (999), SYS_GID_MIN (100),
    SYS_GID_MAX (999) for system accounts.
- etc/useradd
  * /etc/default/useradd now defines HOME as /home to match FHS.
- chage
  * Fix bug which forbid to set the aging information of an account with a
    passwd entry, but no shadow entry.
- faillog
  * faillog -r now only reset the entries of existing users. This makes
    faillog faster.
- gpasswd
  * Fix failures when the gshadow file is not present.
  * When a password is moved to the gshadow file, use "x" instead of "x"
    to indicate that the password is shadowed (consistency with grpconv).
  * Make sure the group and gshadow files are unlocked on exit.
- groupadd
  * New option -p/--password to specify an encrypted password.
  * New option -r, --system for system accounts.
- groupdel
  * Do not fail if the group does not exist in the gshadow file.
  * Do not rewrite the group or gshadow file in case of error.
  * Make sure the group and gshadow files are unlocked on exit.
  * Fail if the system is not configured to support split groups and
    different group entries have the name of the group to be deleted.
- groupmems
  * Fix buffer overflow when adding an user to a group. Thanks to Peter Vrabec.
- groupmod
  * New option -p/--password to specify an encrypted password.
  * Make sure the group and gshadow files are unlocked on exit.
  * When the GID of a group is changed, update also the GID of the passwd
    entries of the users whose primary group is the group being modified.
- grpck
  * Fix logging of changes to syslog when a group file is provided,
    without a gshadow file.
- lastlog
  * Accept users specified as a numerical UID, or ranges of users (-user,
    user-, user1-user2).
- login
  * Use PATH and SUPATH to set the PATH environment variable, even when
    support for PAM is enabled.
  * If started as init, start a new session.
- newgrp
  * Fix segfault when an user returns to an unknown GID (either the user
    was deleted during the user's newgrp session or the user's passwd
    entry referenced an invalid group). Add a syslog warning in that case.
  * Use the correct AUDIT_CHGRP_ID event instead of AUDIT_USER_START, when
    changing the user space group ID with newgrp or sg.
- newusers
  * The new users are no more added to the list of members of their groups
    because the membership is already set by their primary group.
  * Added support for gshadow.
  * Avoid using the same salt for different passwords.
  * Fix support for the NONE crypt method.
  * newusers will behave more like useradd regarding the choice of UID or
    GID or regarding the validity of user and group names.
  * New option -r, --system for system accounts.
  * Make sure the passwd, group, shadow, and gshadow files are unlocked on
    exit.
- passwd
  * Make sure that no more than one username argument was provided.
  * Make SE Linux tests more strict, when the real UID is 0 SE Linux
    checks will be performed.
- pwck
  * Fix logging of changes to syslog when a passwd file is provided,
    without a shadow file.
- su
  * su's arguments are now reordered. If needed, use -- to separate su's
    options from the shell's options.
- sulogin
  * If started as init, start a new session.
- useradd
  * New option -l to avoid adding the user to the lastlog and faillog databases.
  * Fix the handling of the --defaults option (it required an argument,
    but should behave as -D)
  * Document the --defaults option, which was already described in the
    useradd's Usage information.
  * New option -r, --system for system accounts.
  * New options -U, --user-group and -N, --no-user-group. These options
    should replace nflg from the previous versions. Please set any -n
    option to deprecated because its meaning differs from one distribution
    to the other.
  * Make sure the passwd, group, shadow, and gshadow files are unlocked on
    exit.
- usermod
  * Keep the access and modification time of files when moving an user's home
    directory.
  * Check that the new fields set with -u, -s, -l, -g, -f, -e, -d, and -c
    differ from the old ones. If a requested new value is equal to the old
    one, no changes will be performed for that field. If no fields are
    changed, usermod will exist successfully with a warning. This avoids
    logging changes to syslog when there are actually no changes.
  * Fix the handling of -a when a user is being renamed (with -l)
- vipw/vigr
  * Recommend editing the shadowed (resp. regular) file if the regular (resp.
    shadowed) file was edited.

Best Regards,
-- 
Nekral



More information about the Pkg-shadow-devel mailing list