[Pkg-shadow-devel] Ubuntu (new upstream) shadow 1:4.1.1-6ubuntu1
Ubuntu Merge-o-Matic
mom at ubuntu.com
Mon Dec 8 12:39:06 UTC 2008
This e-mail has been sent due to an upload to Ubuntu of a new upstream
version which still contains Ubuntu changes. It contains the difference
between the Ubuntu version and the equivalent base version in Debian, note
that this difference may include the upstream changes.
-------------- next part --------------
Format: 1.7
Date: Mon, 08 Dec 2008 00:44:46 -0800
Source: shadow
Binary: login passwd
Architecture: source
Version: 1:4.1.1-6ubuntu1
Distribution: jaunty
Urgency: medium
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Kees Cook <kees at ubuntu.com>
Description:
login - system login tools
passwd - change and administer password and group data
Closes: 501353 501830 505271
Changes:
shadow (1:4.1.1-6ubuntu1) jaunty; urgency=low
.
* Merge from debian unstable, remaining changes:
- Ubuntu specific:
+ debian/login.pam: Enable SELinux support in login.pam.
+ debian/rules: regenerate autoconf to avoid libtool-caused FTBFS.
+ debian/login.defs: use SHA512 by default for password crypt routine.
+ debian/passwd.postinst: disable the root password for virtual
machines created with vm-builder on Ubuntu 8.10.
- debian/patches/stdout-encrypted-password.patch: allow chpasswd to
report encrypted passwords to stdout for tools needing encrypted
passwords (debian bug 505640).
.
shadow (1:4.1.1-6) unstable; urgency=medium
.
* The "Rollot" release.
* debian/patches/303_login_symlink_attack: Fix a race condition that could
lead to gaining ownership or changing mode of arbitrary files.
Closes: #505271
* debian/patches/304_su.1_synopsis: Fix the su synopsis. username is
referenced in the manpage, not LOGIN. Closes: #501830
* debian/patches/305_login.1_japanese: Fix the path of the utmp and wtmp
files. Closes: #501353
Files:
0c42bf2967a85bbb085411083e2dab70 1692 admin required shadow_4.1.1-6ubuntu1.dsc
c2ead9b934c358507d7e3fed92dc11ea 93197 admin required shadow_4.1.1-6ubuntu1.diff.gz
Original-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
-------------- next part --------------
diff -pruN 1:4.1.1-6/debian/changelog 1:4.1.1-6ubuntu1/debian/changelog
--- 1:4.1.1-6/debian/changelog 2008-12-08 12:23:15.000000000 +0000
+++ 1:4.1.1-6ubuntu1/debian/changelog 2008-12-08 12:22:16.000000000 +0000
@@ -1,3 +1,18 @@
+shadow (1:4.1.1-6ubuntu1) jaunty; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - Ubuntu specific:
+ + debian/login.pam: Enable SELinux support in login.pam.
+ + debian/rules: regenerate autoconf to avoid libtool-caused FTBFS.
+ + debian/login.defs: use SHA512 by default for password crypt routine.
+ + debian/passwd.postinst: disable the root password for virtual
+ machines created with vm-builder on Ubuntu 8.10.
+ - debian/patches/stdout-encrypted-password.patch: allow chpasswd to
+ report encrypted passwords to stdout for tools needing encrypted
+ passwords (debian bug 505640).
+
+ -- Kees Cook <kees at ubuntu.com> Mon, 08 Dec 2008 00:44:46 -0800
+
shadow (1:4.1.1-6) unstable; urgency=medium
* The "Rollot" release.
@@ -11,6 +26,31 @@ shadow (1:4.1.1-6) unstable; urgency=med
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Fri, 14 Nov 2008 21:52:42 +0100
+shadow (1:4.1.1-5ubuntu3) jaunty; urgency=low
+
+ * disable the root password for virtual machines created with vm-builder
+ on Ubuntu 8.10. (LP: #296841)
+
+ -- Jamie Strandboge <jamie at ubuntu.com> Thu, 13 Nov 2008 20:32:42 -0600
+
+shadow (1:4.1.1-5ubuntu2) jaunty; urgency=low
+
+ * debian/login.defs: use SHA512 by default for password crypt routine
+ (LP: #51551, currently Ubuntu specific).
+ * debian/patches/stdout-encrypted-password.patch: allow chpasswd to report
+ encrypted passwords to stdout for tools needing encrypted passwords
+ (debian bug 505640).
+ * debian/rules: regenerate autoconf to avoid libtool-caused FTBFS.
+
+ -- Kees Cook <kees at ubuntu.com> Thu, 13 Nov 2008 16:43:48 -0800
+
+shadow (1:4.1.1-5ubuntu1) jaunty; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - debian/login.pam: Enable SELinux support in login.pam.
+
+ -- Scott James Remnant <scott at ubuntu.com> Wed, 05 Nov 2008 07:26:43 +0000
+
shadow (1:4.1.1-5) unstable; urgency=low
* The "Bergues" release.
@@ -96,6 +136,13 @@ shadow (1:4.1.1-2) unstable; urgency=low
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Fri, 13 Jun 2008 01:27:16 +0200
+shadow (1:4.1.1-1ubuntu1) intrepid; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - debian/login.pam: Enable SELinux support in login.pam.
+
+ -- Kees Cook <kees at ubuntu.com> Mon, 09 Jun 2008 10:08:38 -0700
+
shadow (1:4.1.1-1) unstable; urgency=low
* New upstream release. This closes the following bugs:
@@ -221,6 +268,20 @@ shadow (1:4.1.0-1) unstable; urgency=low
-- Christian Perrier <bubulle at debian.org> Sat, 12 Jan 2008 20:40:02 +0100
+shadow (1:4.0.18.2-1ubuntu2) hardy; urgency=low
+
+ * Add 498_make_useradd_faster_with_ldap: make useradd faster when
+ nsswitch uses LDAP or some other remote names database (LP: #120015),
+ thanks to Vince Busam.
+
+ -- Matt T. Proud <mtp at google.com> Fri, 08 Feb 2008 18:30:51 -0800
+
+shadow (1:4.0.18.2-1ubuntu1) hardy; urgency=low
+
+ * debian/login.pam: Enable SELinux support in login.pam (LP: #191326).
+
+ -- Caleb Case <ccase at tresys.com> Fri, 08 Feb 2008 02:20:06 -0500
+
shadow (1:4.0.18.2-1) unstable; urgency=low
* The "Vacherin" release.
@@ -1163,7 +1224,7 @@ shadow (1:4.0.12-5) unstable; urgency=lo
* Really add /etc/pam.d/su. Closes: #330291
-- Christian Perrier <bubulle at debian.org> Wed, 28 Sep 2005 19:59:31 +0200
-
+
shadow (1:4.0.12-4) unstable; urgency=low
* The "Epoisses" release
@@ -2495,7 +2556,7 @@ shadow (20000902-6.1) unstable; urgency=
* Upgrade to latest config.sub and config.guess. Closes: #88547
-- Gerhard Tonn <gt at debian.org> Fri, 1 Jun 2001 20:38:43 +0200
-
+
shadow (20000902-6) unstable; urgency=medium
* actually set root's password when appropriate
diff -pruN 1:4.1.1-6/debian/control 1:4.1.1-6ubuntu1/debian/control
--- 1:4.1.1-6/debian/control 2008-12-08 12:23:15.000000000 +0000
+++ 1:4.1.1-6ubuntu1/debian/control 2008-12-08 12:22:16.000000000 +0000
@@ -1,7 +1,8 @@
Source: shadow
Section: admin
Priority: required
-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
+Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
+XSBC-Original-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
Standards-Version: 3.8.0
Uploaders: Christian Perrier <bubulle at debian.org>, Martin Quinson <mquinson at debian.org>, Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>
Build-Depends: autoconf, automake1.9, libtool, gettext, libpam0g-dev, debhelper (>= 5.0.0), quilt, dpkg-dev (>= 1.13.5), xsltproc, docbook-xsl, docbook-xml, libxml2-utils, cdbs, libselinux1-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64], gnome-doc-utils (>= 0.4.3-1)
diff -pruN 1:4.1.1-6/debian/login.defs 1:4.1.1-6ubuntu1/debian/login.defs
--- 1:4.1.1-6/debian/login.defs 2008-12-08 12:23:15.000000000 +0000
+++ 1:4.1.1-6ubuntu1/debian/login.defs 2008-12-08 12:22:16.000000000 +0000
@@ -286,7 +286,7 @@ USERGROUPS_ENAB yes
# Note: It is recommended to use a value consistent with
# the PAM modules configuration.
#
-#ENCRYPT_METHOD DES
+ENCRYPT_METHOD SHA512
#
# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
diff -pruN 1:4.1.1-6/debian/login.pam 1:4.1.1-6ubuntu1/debian/login.pam
--- 1:4.1.1-6/debian/login.pam 2008-12-08 12:23:15.000000000 +0000
+++ 1:4.1.1-6ubuntu1/debian/login.pam 2008-12-08 12:22:16.000000000 +0000
@@ -20,6 +20,12 @@ auth [success=ok ignore=ignore use
# (Replaces the `NOLOGINS_FILE' option from login.defs)
auth requisite pam_nologin.so
+# SELinux needs to be the first session rule. This ensures that any
+# lingering context has been cleared. Without out this it is possible
+# that a module could execute code in the wrong domain. (When SELinux
+# is disabled, this returns success.)
+session required pam_selinux.so close
+
# This module parses environment configuration file(s)
# and also allows you to use an extended config
# file /etc/security/pam_env.conf.
@@ -72,12 +78,13 @@ session optional pam_motd.so
# See comments in /etc/login.defs
session optional pam_mail.so standard
-# SELinux needs to intervene at login time to ensure that the process
-# starts in the proper default security context.
-# Uncomment the following line to enable SELinux
-# session required pam_selinux.so select_context
-
# Standard Un*x account and session
@include common-account
@include common-session
@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this. (When
+# SELinux is disabled, this returns success.)
+session required pam_selinux.so open
diff -pruN 1:4.1.1-6/debian/passwd.postinst 1:4.1.1-6ubuntu1/debian/passwd.postinst
--- 1:4.1.1-6/debian/passwd.postinst 2008-12-08 12:23:15.000000000 +0000
+++ 1:4.1.1-6ubuntu1/debian/passwd.postinst 2008-12-08 12:22:16.000000000 +0000
@@ -15,6 +15,16 @@ configure)
done
fi
+ # Fix root password of '!' for vm-builder installed instances. Unrelated
+ # to passwd, but seems best place. /var/log/installer won't exist in
+ # vm-builder created images
+ if dpkg --compare-versions "$2" lt "1:4.1.1-5ubuntu3" && \
+ test ! -d "/var/log/installer"; then
+ if printf '!\0' | unix_chkpwd root nullok ; then
+ echo 'root:!' | chpasswd -e
+ fi
+ fi
+
rm -f /etc/pam.d/passwd.pre-upgrade 2>/dev/null
if ! getent group shadow | grep -q '^shadow:[^:]*:42'
then
diff -pruN 1:4.1.1-6/debian/patches/495_stdout-encrypted-password 1:4.1.1-6ubuntu1/debian/patches/495_stdout-encrypted-password
--- 1:4.1.1-6/debian/patches/495_stdout-encrypted-password 1970-01-01 01:00:00.000000000 +0100
+++ 1:4.1.1-6ubuntu1/debian/patches/495_stdout-encrypted-password 2008-12-08 12:22:16.000000000 +0000
@@ -0,0 +1,118 @@
+Index: shadow-4.1.1/src/chpasswd.c
+===================================================================
+--- shadow-4.1.1.orig/src/chpasswd.c 2008-10-29 11:23:27.000000000 -0700
++++ shadow-4.1.1/src/chpasswd.c 2008-10-29 11:25:19.000000000 -0700
+@@ -54,6 +54,7 @@
+ static int eflg = 0;
+ static int md5flg = 0;
+ static int sflg = 0;
++static int use_stdout = 0;
+
+ static const char *crypt_method = NULL;
+ static long sha_rounds = 5000;
+@@ -83,6 +84,8 @@
+ " -c, --crypt-method the crypt method (one of %s)\n"
+ " -e, --encrypted supplied passwords are encrypted\n"
+ " -h, --help display this help message and exit\n"
++ " -S, --stdout report encrypted passwords to stdout\n"
++ " instead of changing the passwd file\n"
+ " -m, --md5 encrypt the clear text password using\n"
+ " the MD5 algorithm\n"
+ "%s"
+@@ -113,6 +116,7 @@
+ {"encrypted", no_argument, NULL, 'e'},
+ {"help", no_argument, NULL, 'h'},
+ {"md5", no_argument, NULL, 'm'},
++ {"stdout", no_argument, NULL, 'S'},
+ #ifdef USE_SHA_CRYPT
+ {"sha-rounds", required_argument, NULL, 's'},
+ #endif
+@@ -121,9 +125,9 @@
+
+ while ((c = getopt_long (argc, argv,
+ #ifdef USE_SHA_CRYPT
+- "c:ehms:",
++ "c:ehmSs:",
+ #else
+- "c:ehm",
++ "c:ehmS",
+ #endif
+ long_options, &option_index)) != -1) {
+ switch (c) {
+@@ -140,6 +144,9 @@
+ case 'm':
+ md5flg = 1;
+ break;
++ case 'S':
++ use_stdout = 1;
++ break;
+ #ifdef USE_SHA_CRYPT
+ case 's':
+ sflg = 1;
+@@ -215,6 +222,7 @@
+ */
+ static void check_perms (void)
+ {
++ if (use_stdout) return;
+ #ifdef USE_PAM
+ int retval = PAM_SUCCESS;
+
+@@ -333,11 +341,13 @@
+
+ process_flags (argc, argv);
+
++ if (!use_stdout) {
+ check_perms ();
+
+ is_shadow_pwd = spw_file_present ();
+
+ open_files ();
++ }
+
+ /*
+ * Read each line, separating the user name from the password. The
+@@ -398,6 +408,11 @@
+ crypt_make_salt(crypt_method, arg));
+ }
+
++ if (use_stdout) {
++ fprintf (stdout, "%s:%s\n", name, cp);
++ continue;
++ }
++
+ /*
+ * Get the password file entry for this user. The user must
+ * already exist.
+@@ -468,6 +483,7 @@
+ exit (1);
+ }
+
++ if (!use_stdout) {
+ close_files ();
+
+ nscd_flush_cache ("passwd");
+@@ -475,6 +491,7 @@
+ #ifdef USE_PAM
+ pam_end (pamh, PAM_SUCCESS);
+ #endif /* USE_PAM */
++ }
+
+ return (0);
+ }
+Index: shadow-4.1.1/man/chpasswd.8.xml
+===================================================================
+--- shadow-4.1.1.orig/man/chpasswd.8.xml 2008-10-29 11:22:39.000000000 -0700
++++ shadow-4.1.1/man/chpasswd.8.xml 2008-10-29 11:23:27.000000000 -0700
+@@ -79,6 +79,12 @@
+ </listitem>
+ </varlistentry>
+ <varlistentry>
++ <term><option>-S</option>, <option>--stdout</option></term>
++ <listitem>
++ <para>Report encrypted passwords to stdout instead of updating password file.</para>
++ </listitem>
++ </varlistentry>
++ <varlistentry>
+ <term><option>-h</option>, <option>--help</option></term>
+ <listitem>
+ <para>Display help message and exit.</para>
diff -pruN 1:4.1.1-6/debian/patches/series 1:4.1.1-6ubuntu1/debian/patches/series
--- 1:4.1.1-6/debian/patches/series 2008-12-08 12:23:15.000000000 +0000
+++ 1:4.1.1-6ubuntu1/debian/patches/series 2008-12-08 12:22:16.000000000 +0000
@@ -37,3 +37,4 @@
303_login_symlink_attack
304_su.1_synopsis
305_login.1_japanese
+495_stdout-encrypted-password
diff -pruN 1:4.1.1-6/debian/rules 1:4.1.1-6ubuntu1/debian/rules
--- 1:4.1.1-6/debian/rules 2008-12-08 12:23:15.000000000 +0000
+++ 1:4.1.1-6ubuntu1/debian/rules 2008-12-08 12:22:16.000000000 +0000
@@ -21,6 +21,7 @@ include /usr/share/cdbs/1/class/autotool
DEB_AUTO_UPDATE_ACLOCAL = 1.9
DEB_AUTO_UPDATE_AUTOCONF = 1.9
DEB_AUTO_UPDATE_AUTOMAKE = 1.9
+DEB_AUTO_UPDATE_LIBTOOL = pre
# Adds extra options when calling the configure script:
DEB_CONFIGURE_EXTRA_FLAGS := --disable-shared --without-libcrack --without-audit --mandir=/usr/share/man --with-libpam --enable-shadowgrp --enable-man
More information about the Pkg-shadow-devel
mailing list