[Pkg-shadow-devel] Ubuntu (new upstream) shadow 1:4.1.1-1ubuntu1
Ubuntu Merge-o-Matic
mom at ubuntu.com
Mon Jun 9 21:51:37 UTC 2008
This e-mail has been sent due to an upload to Ubuntu of a new upstream
version which still contains Ubuntu changes. It contains the difference
between the Ubuntu version and the equivalent base version in Debian, note
that this difference may include the upstream changes.
-------------- next part --------------
Format: 1.7
Date: Mon, 09 Jun 2008 10:08:38 -0700
Source: shadow
Binary: login passwd
Architecture: source
Version: 1:4.1.1-1ubuntu1
Distribution: intrepid
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Kees Cook <kees at ubuntu.com>
Description:
login - system login tools
passwd - change and administer password and group data
Closes: 445484 447747 451518 451521 452291 452296 454485 454584 460508 461374 461670 467236 467488 470745 471802 471935 472244 472506 472575 472951 473279 473555 473646
Changes:
shadow (1:4.1.1-1ubuntu1) intrepid; urgency=low
.
* Merge from debian unstable, remaining changes:
- debian/login.pam: Enable SELinux support in login.pam.
.
shadow (1:4.1.1-1) unstable; urgency=low
.
* New upstream release. This closes the following bugs:
- Fix errors when gpasswd is called without a gshadow file.
Closes: #467236, #467488
- Fix newgrp segfault when the primary group is not listed in /etc/groups.
Closes: #461670
- Fix infinite loop in usermod when two groups have the same name.
Closes: #470745
- Make SE Linux tests more strict, when the real UID is 0 SE Linux checks
will be performed. Closes: #472575
- Option --password added to groupadd / groupmod (like useradd / usermod).
Closes: #445484
- Remove patches applied upstream:
+ debian/patches/451_login_PATH
+ debian/patches/462_warn_to_edit_shadow
+ debian/patches/467_useradd_-r_LSB
+ debian/patches/466_fflush-prompt
+ debian/patches/480_getopt_args_reorder
+ debian/patches/496_login_init_session
+ debian/patches/408_passwd_check_arguments
+ debian/patches/412_lastlog_-u_numerical_range
+ debian/patches/407_adduser_disable_PUG_with-n
- Updated patches:
+ debian/patches/504_undef_USE_PAM.nolibpam
$(LIBCRYPT) $(LIBSKEY) $(LIBMD) are no more included in libshadow.la.
Avoid link to unneeded libraries (spotted by dpkg-shlibdeps).
+ debian/patches/501_commonio_group_shadow
+ debian/patches/429_login_FAILLOG_ENAB
+ debian/patches/542_useradd-O_option
+ debian/patches/401_cppw_src.dpatch
+ debian/patches/428_grpck_add_prune_option
- Updated translations:
+ Basque. Closes: #473555
+ German. Closes: #473646
+ Italian. Closes: #472951
+ Korean. Closes: #471935
+ Portuguese. Closes: #472244
+ Russian. Closes: #472506
+ Slovak. Closes: #471802
+ Turkish. Closes: #473279
* debian/watch: Add a watch file for shadow.
* debian/rules, debian/recode_manpages.sh: Do not recode the manpages.
Keep them in UTF-8.
* debian/rules, debian/control: login (>= 970502-1) was already provided
by login in Hamm. libpam-modules (>= 0.72-5) was already provided by
libpam-modules in Potato. libpam-runtime (>= 0.76-14) was already provided
by libpam-runtime in Sarge (now oldstable). Simplify the dependencies.
* debian/control: Move the dependency on libpam-modules from Depends to
Pre-Depends. The login package is Essential, and without libpam-modules,
login or su are not functional. Thanks to Steve Langasek for pointing this
out.
* debian/control: There's no need for a dependency on login (now that it is
unversionned; see above) in the passwd package.
* debian/control: The passwd's Replaces on manpages-de can be versionned
again. The su(1) manpage was removed from manpages-de.
* debian/securetty.linux: Added ttyUSB0, ttyUSB1, ttyUSB2, and MPC5200
serial ports (ttyPSC0, ttyPSC1, ttyPSC2, ttyPSC3, ttyPSC4, ttyPSC5).
Closes: #461374
* debian/control: Change XS-X-Vcs-Svn to Vcs-Svn. Update the link to the
new repository layout. Add a Vcs-Browser field.
* debian/control: Added Homepage field.
* debian/passwd.postrm: Removed (was empty).
.
shadow (1:4.1.0-2) unstable; urgency=low
.
* The "Bleu des Causses" release
* Unversion the conflict with manpages-de for login, as it also provides
a German manpage for su(1). Closes: #460508
.
shadow (1:4.1.0-1) unstable; urgency=low
.
[ Nicolas FRANCOIS (Nekral) ]
* The "Bleu d'Auvergne" release
* New upstream release. This closes the following bugs:
- usermod: Make usermod options independent of the argument order.
Closes: #451518
- login: Improve logging of login when the user's passwd entry could not
be retrieved. Closes: #451521
- Updated Russian translations. Thanks to Yuri Kozlov <kozlov.y at gmail.com>.
Closes: #452291, #452296
- Section of newgrp fixed in the gshadow manpage. Closes: #454485
- Remove patches applied upstream:
+ 468_duplicate_passwd_struct_before_usage
+ 495_salt_stack_smash
+ 397_non_numerical_identifier
+ 405_su_no_pam_end_before_exec
+ 493_pwck_no_SHADOWPWD
+ 497_newgrp_primary_group
+ 409_man_generate_from_PO
+ 410_newgrp_man_mention_sg
+ 411_chpasswd_document_no_pam
+ 494_passwd_lock
+ 417_passwd_warndays
- Updated patches:
+ debian/patches/504_undef_USE_PAM.dpatch
MD5_CRYPT_ENAB is back in login.defs to define the default crypt
algorithm. It is tagged as deprecated and ENCRYPT_METHOD is
recommended instead. New algorithms are also available.
Closes: #447747
* Debian packaging fixes:
- debian/rules: compile with -W -Wall
- debian/rules: large files are now supported by configure. Remove
-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 from
CFLAGS.
- 479_chowntty_debug was debian specific. Renamed to 579_chowntty_debug
- Remove (not applied patch) 419_time_structures.dpatch. All its chunks
are already applied upstream (with some differences), except one chunk
which comes from 008_login_log_failure_in_FTMP. Fix
008_login_log_failure_in_FTMP. This should fix some bugs causing invalid
faillog entries on 64 bit architectures with 32 bit compatibility.
- debian/securetty.linux: Add ttyS1. Better comments for the ttyS and xen
consoles. Add a note for the devfs consoles. They are no more needed for
most users. Closes: #454584
.
[ Christian Perrier ]
* debian/control
- Updated to Standards: 3.7.3.0 (checked, no change needed)
Files:
0973097dd8d01a1363ca83a1da09017e 1686 admin required shadow_4.1.1-1ubuntu1.dsc
bb0e54ea7e71a24d1262bf22cde40d16 76908 admin required shadow_4.1.1-1ubuntu1.diff.gz
Original-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
-------------- next part --------------
diff -pruN 1:4.1.1-1/debian/changelog 1:4.1.1-1ubuntu1/debian/changelog
--- 1:4.1.1-1/debian/changelog 2008-06-09 22:33:49.000000000 +0100
+++ 1:4.1.1-1ubuntu1/debian/changelog 2008-06-09 22:29:31.000000000 +0100
@@ -1,3 +1,10 @@
+shadow (1:4.1.1-1ubuntu1) intrepid; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - debian/login.pam: Enable SELinux support in login.pam.
+
+ -- Kees Cook <kees at ubuntu.com> Mon, 09 Jun 2008 10:08:38 -0700
+
shadow (1:4.1.1-1) unstable; urgency=low
* New upstream release. This closes the following bugs:
@@ -123,6 +130,20 @@ shadow (1:4.1.0-1) unstable; urgency=low
-- Christian Perrier <bubulle at debian.org> Sat, 12 Jan 2008 20:40:02 +0100
+shadow (1:4.0.18.2-1ubuntu2) hardy; urgency=low
+
+ * Add 498_make_useradd_faster_with_ldap: make useradd faster when
+ nsswitch uses LDAP or some other remote names database (LP: #120015),
+ thanks to Vince Busam.
+
+ -- Matt T. Proud <mtp at google.com> Fri, 08 Feb 2008 18:30:51 -0800
+
+shadow (1:4.0.18.2-1ubuntu1) hardy; urgency=low
+
+ * debian/login.pam: Enable SELinux support in login.pam (LP: #191326).
+
+ -- Caleb Case <ccase at tresys.com> Fri, 08 Feb 2008 02:20:06 -0500
+
shadow (1:4.0.18.2-1) unstable; urgency=low
* The "Vacherin" release.
@@ -1065,7 +1086,7 @@ shadow (1:4.0.12-5) unstable; urgency=lo
* Really add /etc/pam.d/su. Closes: #330291
-- Christian Perrier <bubulle at debian.org> Wed, 28 Sep 2005 19:59:31 +0200
-
+
shadow (1:4.0.12-4) unstable; urgency=low
* The "Epoisses" release
@@ -2397,7 +2418,7 @@ shadow (20000902-6.1) unstable; urgency=
* Upgrade to latest config.sub and config.guess. Closes: #88547
-- Gerhard Tonn <gt at debian.org> Fri, 1 Jun 2001 20:38:43 +0200
-
+
shadow (20000902-6) unstable; urgency=medium
* actually set root's password when appropriate
diff -pruN 1:4.1.1-1/debian/control 1:4.1.1-1ubuntu1/debian/control
--- 1:4.1.1-1/debian/control 2008-06-09 22:33:49.000000000 +0100
+++ 1:4.1.1-1ubuntu1/debian/control 2008-06-09 22:29:31.000000000 +0100
@@ -1,7 +1,8 @@
Source: shadow
Section: admin
Priority: required
-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
+Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
+XSBC-Original-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
Standards-Version: 3.7.3.0
Uploaders: Christian Perrier <bubulle at debian.org>, Martin Quinson <mquinson at debian.org>, Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>
Build-Depends: autoconf, automake1.9, libtool, gettext, libpam0g-dev, debhelper (>= 5.0.0), quilt, dpkg-dev (>= 1.13.5), xsltproc, docbook-xsl, docbook-xml, libxml2-utils, cdbs, libselinux1-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64], gnome-doc-utils (>= 0.4.3-1)
diff -pruN 1:4.1.1-1/debian/login.pam 1:4.1.1-1ubuntu1/debian/login.pam
--- 1:4.1.1-1/debian/login.pam 2008-06-09 22:33:49.000000000 +0100
+++ 1:4.1.1-1ubuntu1/debian/login.pam 2008-06-09 22:29:31.000000000 +0100
@@ -14,6 +14,12 @@ auth requisite pam_securetty.so
# (Replaces the `NOLOGINS_FILE' option from login.defs)
auth requisite pam_nologin.so
+# SELinux needs to be the first session rule. This ensures that any
+# lingering context has been cleared. Without out this it is possible
+# that a module could execute code in the wrong domain. (When SELinux
+# is disabled, this returns success.)
+session required pam_selinux.so close
+
# This module parses environment configuration file(s)
# and also allows you to use an extended config
# file /etc/security/pam_env.conf.
@@ -66,12 +72,13 @@ session optional pam_motd.so
# See comments in /etc/login.defs
session optional pam_mail.so standard
-# SELinux needs to intervene at login time to ensure that the process
-# starts in the proper default security context.
-# Uncomment the following line to enable SELinux
-# session required pam_selinux.so multiple
-
# Standard Un*x account and session
@include common-account
@include common-session
@include common-password
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this. (When
+# SELinux is disabled, this returns success.)
+session required pam_selinux.so open
More information about the Pkg-shadow-devel
mailing list