[Pkg-shadow-devel] Ubuntu (new upstream) shadow 1:4.1.4.1-1ubuntu1

Ubuntu Merge-o-Matic mom at ubuntu.com
Wed Jun 3 16:31:46 UTC 2009


This e-mail has been sent due to an upload to Ubuntu of a new upstream
version which still contains Ubuntu changes.  It contains the difference
between the Ubuntu version and the equivalent base version in Debian, note
that this difference may include the upstream changes.
-------------- next part --------------
Format: 1.7
Date: Wed, 03 Jun 2009 11:16:51 +0100
Source: shadow
Binary: passwd login
Architecture: source
Version: 1:4.1.4.1-1ubuntu1
Distribution: karmic
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Colin Watson <cjwatson at ubuntu.com>
Description: 
 login      - system login tools
 passwd     - change and administer password and group data
Closes: 488420 501869 524719 524873 525153 525531 525658 525967 527095 527106 527131 527636 528060 528486 528673 528673 529897
Changes: 
 shadow (1:4.1.4.1-1ubuntu1) karmic; urgency=low
 .
   * Resynchronise with Debian. Remaining changes:
     - Ubuntu specific:
       + debian/login.defs: use SHA512 by default for password crypt routine.
     - debian/patches/495_stdout-encrypted-password: chpasswd can report
       password hashes on stdout (Debian bug 505640).
   * Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.
     It's looking a bit ugly now ...
 .
 shadow (1:4.1.4.1-1) unstable; urgency=low
 .
   * The "Chevrotin" release.
   * New upstream release:
      - Fixed typo in the French vipw usage. Closes: #528486
      - Fixed failure to delete an user (wrongly detected as still logged in).
        On Linux, userdel checks if the user has some running processes.
        Otherwise, it still check with utmp if the user is logged in and check
        if the process indicated by utmp is still running to avoid
        mis-detection of logged-in users. Closes: #528060
      - newgrp and sg return the exit status of their child. Closes: #529897
      - Updated patches:
         + debian/patches/506_relaxed_usernames
   * debian/login.defs: Removed comment about MD5_CRYPT. MD5_CRYPT_ENAB is no
     more used by chpasswd and newusers.
   * debian/patches/*: Updated patches to the new quilt and shadow versions.
   * debian/patches/506_relaxed_usernames: usernames with a slash will not only
     break one option. Move to the discussion on the usernames.
 .
 shadow (1:4.1.4-3) unstable; urgency=low
 .
   * The "Banonet" release.
   * debian/login.pam: Really ignore pam_selinux.so failures when the module do
     not exist. Closes: #528673
 .
 shadow (1:4.1.4-2) unstable; urgency=low
 .
   * The "Banon" release.
   * debian/rules, debian/passwd.linda-overrides, debian/login.linda-overrides:
     Removed linda-overrides files.
   * debian/rules: Install the lintian overrides with dh_lintian.
   * debian/control: Raised dependency on debhelper (>= 6.0.7~) for dh_lintian.
   * debian/compat: Raised to 6
   * debian/login.postinst: Install /var/log/faillog during initial installs
     only. This permits admins to disable failed logins recording.
     Closes: #488420
   * debian/login.pam: Ignore pam_selinux.so failures when the module do not
     exist. A required pam_selinux.so makes login fail when the module does not
     exist (e.g. on architecture without SE Linux support). Closes: #528673
 .
 shadow (1:4.1.4-1) unstable; urgency=low
 .
   * The "Chambérat" release.
   * New upstream release:
      - Updated Czech translation. Closes: #525658
      - Updated French translation.
      - Updated German translation. Closes: #527131
      - Updated Japanese translation.
      - Updated Korean translation. Closes: #524719
      - Updated Portuguese translation. Closes: #525531
      - Updated Russian translation. Closes: #527636
      - passwd: Report password properties changes if the password is not
        actually changed. Closes: #525967
      - Fixed lastlog. 4.1.3 only reported empty logs. Closes: #524873
      - Remove patches applied upstream:
         + debian/patches/403_fix_PATH-MAX_hurd
      - Updated patches:
         + debian/patches/008_login_log_failure_in_FTMP
         + debian/patches/401_cppw_src.dpatch
         + debian/patches/429_login_FAILLOG_ENAB
         + debian/patches/463_login_delay_obeys_to_PAM
      - pwck and grpck warn when the shadowed and non-shadowed files contain
        an entry for the same user or group and the non shadowed file password
        field is not 'x'. Closes: #501869
        Other topics raised in this bug were fixed previously.
   * debian/securetty.linux: Added Freescale i.MX ports. Closes: #527095
   * debian/securetty.linux: Added some local X displays. See LP #104957. But
     only a limited set of displays were added.
   * debian/rules, debian/passwd.newusers.pam, debian/passwd.chpasswd.pam:
     Install the newusers and chpasswd PAM service configuration files.
     newusers and chpasswd now use PAM to update the passwords.
     Closes: #525153
   * debian/login.pam: Updated support for SELinux. Closes: #527106
   * debian/control: Standards-Version bumped to 3.8.1. No changes.
   * debian/control: Changed gnome-doc-utils dependency to >= 0.4.3 (instead
     of >= 0.4.3-1)
   * debian/control: Added ${misc:Depends} to the passwd's Depends and login's
     Pre-Depends.
Files: 
 f231668ef3fb38e85c9c47decc4d6b64 1723 admin required shadow_4.1.4.1-1ubuntu1.dsc
 e84883d2bd2dc22af1352f497c8e452b 78693 admin required shadow_4.1.4.1-1ubuntu1.diff.gz
Original-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
-------------- next part --------------
diff -pruN 1:4.1.4.1-1/debian/changelog 1:4.1.4.1-1ubuntu1/debian/changelog
--- 1:4.1.4.1-1/debian/changelog	2009-06-03 17:22:41.000000000 +0100
+++ 1:4.1.4.1-1ubuntu1/debian/changelog	2009-06-03 17:18:32.000000000 +0100
@@ -1,3 +1,15 @@
+shadow (1:4.1.4.1-1ubuntu1) karmic; urgency=low
+
+  * Resynchronise with Debian. Remaining changes:
+    - Ubuntu specific:
+      + debian/login.defs: use SHA512 by default for password crypt routine.
+    - debian/patches/495_stdout-encrypted-password: chpasswd can report
+      password hashes on stdout (Debian bug 505640).
+  * Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.
+    It's looking a bit ugly now ...
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Wed, 03 Jun 2009 11:16:51 +0100
+
 shadow (1:4.1.4.1-1) unstable; urgency=low
 
   * The "Chevrotin" release.
@@ -85,6 +97,21 @@ shadow (1:4.1.4-1) unstable; urgency=low
 
  -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>  Mon, 11 May 2009 00:25:11 +0200
 
+shadow (1:4.1.3.1-1ubuntu1) karmic; urgency=low
+
+  * Merge from debian unstable, remaining changes:
+    - Ubuntu specific:
+      + debian/login.defs: use SHA512 by default for password crypt routine.
+    - debian/patches/stdout-encrypted-password.patch: chpasswd can report
+      password hashes on stdout (debian bug 505640).
+    - debian/login.pam: Enable SELinux support (debian bug 527106).
+    - debian/securetty.linux: support Freescale MX-series (debian bug 527095).
+  * Add debian/patches/300_lastlog_failure: fixed upstream (debian bug 524873).
+  * Drop debian/patches/593_omit_lastchange_field_if_clock_is_misset: fixed
+    upstream.
+
+ -- Kees Cook <kees at ubuntu.com>  Tue, 05 May 2009 09:45:21 -0700
+
 shadow (1:4.1.3.1-1) unstable; urgency=low
 
   * The "Le Puant Macéré" release.
@@ -180,6 +207,108 @@ shadow (1:4.1.3-1) unstable; urgency=low
 
  -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>  Tue, 14 Apr 2009 23:33:22 +0200
 
+shadow (1:4.1.1-6ubuntu6) jaunty; urgency=low
+
+  * debian/login.preinst: fix typo in grep (LP: #354887).
+
+ -- Kees Cook <kees at ubuntu.com>  Fri, 03 Apr 2009 22:12:07 -0700
+
+shadow (1:4.1.1-6ubuntu5) jaunty; urgency=low
+
+  * debian/login.preinst: add special-case handling to restore the
+    original white-space in /etc/login.defs that is changed by
+    system-tools-backends (LP: #316756).
+
+ -- Kees Cook <kees at ubuntu.com>  Fri, 03 Apr 2009 14:33:43 -0700
+
+shadow (1:4.1.1-6ubuntu4) jaunty; urgency=low
+
+  * debian/patches/593_omit_lastchange_field_if_clock_is_misset (LP: #349504)
+    - If the system clock is set to Jan 01, 1970, and a new user is created
+      the last changed field gets set to 0, which tells login that the 
+      password is expired and must be changed. During installation, 
+      this can cause autologin to fail. Having the clock set to 01/01/1970
+      on a fresh install is common on the ARM architecture, so this is a high
+      priority bug since its likely to affect most ARM users on first install
+
+ -- Michael Casadevall <mcasadevall at ubuntu.com>  Thu, 02 Apr 2009 14:05:31 -0400
+
+shadow (1:4.1.1-6ubuntu3) jaunty; urgency=low
+
+  [ Bryan McLellan ]
+  * Don't do the vm-builder root password check on fresh installations
+    (LP: #340841).
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Tue, 17 Mar 2009 13:32:55 +0000
+
+shadow (1:4.1.1-6ubuntu2) jaunty; urgency=low
+
+  * debian/securetty.linux (LP: #316841)
+    - Updated securetty support for Freescale MX-series boards
+
+ -- Michael Casadevall <sonicmctails at gmail.com>  Tue, 13 Jan 2009 12:56:38 -0500
+
+shadow (1:4.1.1-6ubuntu1) jaunty; urgency=low
+
+  * Merge from debian unstable, remaining changes:
+    - Ubuntu specific:
+      + debian/login.pam: Enable SELinux support in login.pam.
+      + debian/rules: regenerate autoconf to avoid libtool-caused FTBFS.
+      + debian/login.defs: use SHA512 by default for password crypt routine.
+      + debian/passwd.postinst: disable the root password for virtual
+        machines created with vm-builder on Ubuntu 8.10.
+    - debian/patches/stdout-encrypted-password.patch: allow chpasswd to
+      report encrypted passwords to stdout for tools needing encrypted
+      passwords (debian bug 505640).
+
+ -- Kees Cook <kees at ubuntu.com>  Mon, 08 Dec 2008 00:44:46 -0800
+
+shadow (1:4.1.1-6) unstable; urgency=medium
+
+  * The "Rollot" release.
+  * debian/patches/303_login_symlink_attack: Fix a race condition that could
+    lead to gaining ownership or changing mode of arbitrary files.
+    Closes: #505271 
+  * debian/patches/304_su.1_synopsis: Fix the su synopsis. username is
+    referenced in the manpage, not LOGIN. Closes: #501830
+  * debian/patches/305_login.1_japanese: Fix the path of the utmp and wtmp
+    files. Closes: #501353
+
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>  Fri, 14 Nov 2008 21:52:42 +0100
+
+shadow (1:4.1.1-5ubuntu3) jaunty; urgency=low
+
+  * disable the root password for virtual machines created with vm-builder
+    on Ubuntu 8.10. (LP: #296841)
+
+ -- Jamie Strandboge <jamie at ubuntu.com>  Thu, 13 Nov 2008 20:32:42 -0600
+
+shadow (1:4.1.1-5ubuntu2) jaunty; urgency=low
+
+  * debian/login.defs: use SHA512 by default for password crypt routine
+    (LP: #51551, currently Ubuntu specific).
+  * debian/patches/stdout-encrypted-password.patch: allow chpasswd to report
+    encrypted passwords to stdout for tools needing encrypted passwords
+    (debian bug 505640).
+  * debian/rules: regenerate autoconf to avoid libtool-caused FTBFS.
+
+ -- Kees Cook <kees at ubuntu.com>  Thu, 13 Nov 2008 16:43:48 -0800
+
+shadow (1:4.1.1-5ubuntu1) jaunty; urgency=low
+
+  * Merge from debian unstable, remaining changes:
+    - debian/login.pam: Enable SELinux support in login.pam.
+
+ -- Scott James Remnant <scott at ubuntu.com>  Wed, 05 Nov 2008 07:26:43 +0000
+
+shadow (1:4.1.1-5) unstable; urgency=low
+
+  * The "Bergues" release.
+  * debian/login.pam: restore the Etch behavior of pam_securetty.so in case of
+    unknown user. Closes: #443322, #495831
+
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>  Sun, 14 Sep 2008 19:13:34 +0200
+
 shadow (1:4.1.1-4) unstable; urgency=low
 
   * The "Rocamadour" release.
@@ -257,6 +386,13 @@ shadow (1:4.1.1-2) unstable; urgency=low
 
  -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>  Fri, 13 Jun 2008 01:27:16 +0200
 
+shadow (1:4.1.1-1ubuntu1) intrepid; urgency=low
+
+  * Merge from debian unstable, remaining changes:
+    - debian/login.pam: Enable SELinux support in login.pam.
+
+ -- Kees Cook <kees at ubuntu.com>  Mon, 09 Jun 2008 10:08:38 -0700
+
 shadow (1:4.1.1-1) unstable; urgency=low
 
   * New upstream release. This closes the following bugs:
@@ -382,6 +518,20 @@ shadow (1:4.1.0-1) unstable; urgency=low
 
  -- Christian Perrier <bubulle at debian.org>  Sat, 12 Jan 2008 20:40:02 +0100
 
+shadow (1:4.0.18.2-1ubuntu2) hardy; urgency=low
+
+  * Add 498_make_useradd_faster_with_ldap: make useradd faster when
+    nsswitch uses LDAP or some other remote names database (LP: #120015),
+    thanks to Vince Busam.
+
+ -- Matt T. Proud <mtp at google.com>  Fri, 08 Feb 2008 18:30:51 -0800
+
+shadow (1:4.0.18.2-1ubuntu1) hardy; urgency=low
+
+  * debian/login.pam: Enable SELinux support in login.pam (LP: #191326).
+
+ -- Caleb Case <ccase at tresys.com>  Fri, 08 Feb 2008 02:20:06 -0500
+
 shadow (1:4.0.18.2-1) unstable; urgency=low
 
   * The "Vacherin" release.
diff -pruN 1:4.1.4.1-1/debian/control 1:4.1.4.1-1ubuntu1/debian/control
--- 1:4.1.4.1-1/debian/control	2009-06-03 17:22:41.000000000 +0100
+++ 1:4.1.4.1-1ubuntu1/debian/control	2009-06-03 17:18:32.000000000 +0100
@@ -1,7 +1,8 @@
 Source: shadow
 Section: admin
 Priority: required
-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
+Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
+XSBC-Original-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
 Standards-Version: 3.8.1
 Uploaders: Christian Perrier <bubulle at debian.org>, Martin Quinson <mquinson at debian.org>, Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>
 Build-Depends: autoconf, automake1.9, libtool, gettext, libpam0g-dev, debhelper (>= 6.0.7~), quilt, dpkg-dev (>= 1.13.5), xsltproc, docbook-xsl, docbook-xml, libxml2-utils, cdbs, libselinux1-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64], gnome-doc-utils (>= 0.4.3)
diff -pruN 1:4.1.4.1-1/debian/login.defs 1:4.1.4.1-1ubuntu1/debian/login.defs
--- 1:4.1.4.1-1/debian/login.defs	2009-06-03 17:22:41.000000000 +0100
+++ 1:4.1.4.1-1ubuntu1/debian/login.defs	2009-06-03 17:18:32.000000000 +0100
@@ -283,7 +283,7 @@ USERGROUPS_ENAB yes
 # Note: It is recommended to use a value consistent with
 # the PAM modules configuration.
 #
-#ENCRYPT_METHOD DES
+ENCRYPT_METHOD SHA512
 
 #
 # Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
diff -pruN 1:4.1.4.1-1/debian/patches/495_stdout-encrypted-password 1:4.1.4.1-1ubuntu1/debian/patches/495_stdout-encrypted-password
--- 1:4.1.4.1-1/debian/patches/495_stdout-encrypted-password	1970-01-01 01:00:00.000000000 +0100
+++ 1:4.1.4.1-1ubuntu1/debian/patches/495_stdout-encrypted-password	2009-06-03 17:18:32.000000000 +0100
@@ -0,0 +1,173 @@
+Description: allow chpasswd to report a correctly hashed password (using
+ system defaults for hash mechanism) to stdout.
+Upstream: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505640
+
+Index: shadow-4.1.4.1/src/chpasswd.c
+===================================================================
+--- shadow-4.1.4.1.orig/src/chpasswd.c
++++ shadow-4.1.4.1/src/chpasswd.c
+@@ -54,7 +54,6 @@
+  * Global variables
+  */
+ char *Prog;
+-#ifndef USE_PAM
+ static bool cflg   = false;
+ static bool eflg   = false;
+ static bool md5flg = false;
+@@ -70,7 +69,8 @@
+ static bool is_shadow_pwd;
+ static bool pw_locked = false;
+ static bool spw_locked = false;
+-#endif				/* !USE_PAM */
++
++static int use_stdout = 0;
+ 
+ /* local function prototypes */
+ static void fail_exit (int code);
+@@ -141,6 +141,9 @@
+ 	              stderr);
+ #endif				/* USE_SHA_CRYPT */
+ #endif				/* !USE_PAM */
++	(void) fputs (_("  -S, --stdout                  report encrypted passwords to stdout\n"
++	                "                                instead of changing the passwd file\n"),
++	              stderr);
+ 	(void) fputs ("\n", stderr);
+ 
+ 	exit (E_USAGE);
+@@ -164,6 +167,7 @@
+ 		{"sha-rounds", required_argument, NULL, 's'},
+ #endif				/* USE_SHA_CRYPT */
+ #endif				/* !USE_PAM */
++		{"stdout", no_argument, NULL, 'S'},
+ 		{"help", no_argument, NULL, 'h'},
+ 		{NULL, 0, NULL, '\0'}
+ 	};
+@@ -171,12 +175,12 @@
+ 	while ((c = getopt_long (argc, argv,
+ #ifndef USE_PAM
+ # ifdef USE_SHA_CRYPT
+-	                         "c:ehms:",
++	                         "c:ehms:S",
+ # else				/* !USE_SHA_CRYPT */
+-	                         "c:ehm",
++	                         "c:ehmS",
+ # endif				/* !USE_SHA_CRYPT */
+ #else
+-	                         "h",
++	                         "hS",
+ #endif				/* !USE_PAM */
+ 	                         long_options, &option_index)) != -1) {
+ 		switch (c) {
+@@ -206,6 +210,9 @@
+ 			break;
+ #endif				/* USE_SHA_CRYPT */
+ #endif				/* !USE_PAM */
++		case 'S':
++			use_stdout = 1;
++			break;
+ 		default:
+ 			usage ();
+ 			break;
+@@ -271,6 +278,7 @@
+  */
+ static void check_perms (void)
+ {
++	if (use_stdout) return;
+ #ifdef USE_PAM
+ #ifdef ACCT_TOOLS_SETUID
+ 	pam_handle_t *pamh = NULL;
+@@ -412,6 +420,7 @@
+ 
+ 	OPENLOG ("chpasswd");
+ 
++	if (!use_stdout) {
+ 	check_perms ();
+ 
+ #ifndef USE_PAM
+@@ -419,6 +428,7 @@
+ 
+ 	open_files ();
+ #endif
++	}
+ 
+ 	/*
+ 	 * Read each line, separating the user name from the password. The
+@@ -467,13 +477,14 @@
+ 		newpwd = cp;
+ 
+ #ifdef USE_PAM
+-		if (do_pam_passwd_non_interractive ("chpasswd", name, newpwd) != 0) {
+-			fprintf (stderr,
+-			         _("%s: (line %d, user %s) password not changed\n"),
+-			         Prog, line, name);
+-			errors++;
+-		}
+-#else				/* !USE_PAM */
++		/* Even if we would normally be using PAM, use_stdout
++		 * requires us to compute the password ourselves. This
++		 * requires our ENCRYPT_METHOD to be in sync with PAM so
++		 * needs to be reworked, but for now that's better than the
++		 * rest of the system having to be in sync with PAM too.
++		 */
++		if (use_stdout) {
++#endif
+ 		if (   !eflg
+ 		    && (   (NULL == crypt_method)
+ 		        || (0 != strcmp (crypt_method, "NONE")))) {
+@@ -492,6 +503,24 @@
+ 			cp = pw_encrypt (newpwd,
+ 			                 crypt_make_salt(crypt_method, arg));
+ 		}
++#ifdef USE_PAM
++		}
++#endif
++
++		if (use_stdout) {
++			fprintf (stdout, "%s:%s\n", name, cp);
++			continue;
++		}
++
++#ifdef USE_PAM
++		if (do_pam_passwd_non_interractive ("chpasswd", name, newpwd) != 0) {
++			fprintf (stderr,
++			         _("%s: (line %d, user %s) password not changed\n"),
++			         Prog, line, name);
++			errors++;
++			continue;
++		}
++#else				/* !USE_PAM */
+ 
+ 		/*
+ 		 * Get the password file entry for this user. The user must
+@@ -573,12 +602,14 @@
+ 		fail_exit (1);
+ 	}
+ 
++	if (!use_stdout) {
+ #ifndef USE_PAM
+ 	/* Save the changes */
+ 	close_files ();
+ #endif
+ 
+ 	nscd_flush_cache ("passwd");
++	}
+ 
+ 	return (0);
+ }
+Index: shadow-4.1.4.1/man/chpasswd.8.xml
+===================================================================
+--- shadow-4.1.4.1.orig/man/chpasswd.8.xml
++++ shadow-4.1.4.1/man/chpasswd.8.xml
+@@ -134,6 +134,12 @@
+     </variablelist>
+     <variablelist remap='IP'>
+       <varlistentry>
++	<term><option>-S</option>, <option>--stdout</option></term>
++	<listitem>
++	  <para>Report encrypted passwords to stdout instead of updating password file.</para>
++	</listitem>
++      </varlistentry>
++      <varlistentry>
+ 	<term><option>-h</option>, <option>--help</option></term>
+ 	<listitem>
+ 	  <para>Display help message and exit.</para>
diff -pruN 1:4.1.4.1-1/debian/patches/series 1:4.1.4.1-1ubuntu1/debian/patches/series
--- 1:4.1.4.1-1/debian/patches/series	2009-06-03 17:22:41.000000000 +0100
+++ 1:4.1.4.1-1ubuntu1/debian/patches/series	2009-06-03 17:18:32.000000000 +0100
@@ -20,3 +20,4 @@
 483_su_fakelogin_wrong_arg0
 508_nologin_in_usr_sbin
 505_useradd_recommend_adduser
+495_stdout-encrypted-password 


More information about the Pkg-shadow-devel mailing list