[Pkg-shadow-devel] Ubuntu (new upstream) shadow 1:4.1.4.2-1ubuntu1
Ubuntu Merge-o-Matic
mom at ubuntu.com
Thu Nov 12 15:13:35 UTC 2009
This e-mail has been sent due to an upload to Ubuntu of a new upstream
version which still contains Ubuntu changes. It contains the difference
between the Ubuntu version and the equivalent base version in Debian, note
that this difference may include the upstream changes.
-------------- next part --------------
Format: 1.8
Date: Sat, 07 Nov 2009 04:55:18 -0500
Source: shadow
Binary: passwd login
Architecture: source
Version: 1:4.1.4.2-1ubuntu1
Distribution: lucid
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Nicolas Valcárcel Scerpella (Canonical) <nvalcarcel at canonical.com>
Description:
login - system login tools
passwd - change and administer password and group data
Closes: 479406 525726 531341 531983 534244 535553 535927
Changes:
shadow (1:4.1.4.2-1ubuntu1) lucid; urgency=low
.
* Merged with debian unstable. Remaning changes (LP: #477299):
- Ubuntu specific:
+ debian/login.defs: use SHA512 by default for password crypt routine.
- debian/patches/495_stdout-encrypted-password: chpasswd can report
password hashes on stdout (Debian bug 505640).
- Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.
.
shadow (1:4.1.4.2-1) unstable; urgency=low
.
* The "Tome des Bauges" release.
* New upstream release:
- Updated Basque translation. Closes: #535553
- Fixed some translatable string. Closes: #525726
- Fixed documentation of the short option for --mindays in passwd(1).
Closes: #531983
- Added support for shells being shell scripts without a shebang.
Closes: #479406
* debian/securetty.linux: Added Embedded Renesas SuperH ports.
Closes: #535927
* debian/securetty.linux: Added ttyS2 to ttyS5. Some extension card provide
more serial ports, but that should be sufficient until there is a support
for regular expressions. Closes: #534244
* debian/patches/506_relaxed_usernames: Fixed typo. groupadd(8) should
document the restriction on groupnames, not usernames.
* debian/login.pam: pam_securetty included as a required module instead of
requisite to avoid leak of user name information. Closes: #531341
* debian/shadowconfig.sh: Do not run shadowoff() and shadowon() in subshell.
This also remove a dependency on bash (even though /bin/sh would have been
sufficient). Thanks to Luk for spotting this.
* debian/login.dirs, debian/passwd.dirs: Removed usr/share/linda/overrides.
* debian/control: Standards-Version: bumped to 3.8.2. No changes.
Checksums-Sha1:
5356beb79b22e4d7e55a85fadfc1779c8571ad06 1667 shadow_4.1.4.2-1ubuntu1.dsc
9274cd369323696950fe5292ff6674c5464a740f 79563 shadow_4.1.4.2-1ubuntu1.diff.gz
Checksums-Sha256:
17d2ae61b5089f7d4bcb9cccb7b759912661bcda9a3e17403ad16642c9ea6366 1667 shadow_4.1.4.2-1ubuntu1.dsc
fc26447d5a04a8af951515f1c031138b854f8a036d0565267ac3c0a992a9801b 79563 shadow_4.1.4.2-1ubuntu1.diff.gz
Files:
5b37f37c0208dee1f1b49cf49ea87a86 1667 admin required shadow_4.1.4.2-1ubuntu1.dsc
13b9bfe0f9e9f6806b82c9bdc8f3edc2 79563 admin required shadow_4.1.4.2-1ubuntu1.diff.gz
Launchpad-Bugs-Fixed: 477299
Original-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
-------------- next part --------------
diff -pruN 1:4.1.4.2-1/debian/changelog 1:4.1.4.2-1ubuntu1/debian/changelog
--- 1:4.1.4.2-1/debian/changelog 2009-11-12 14:29:59.000000000 +0000
+++ 1:4.1.4.2-1ubuntu1/debian/changelog 2009-11-12 13:05:12.000000000 +0000
@@ -1,3 +1,14 @@
+shadow (1:4.1.4.2-1ubuntu1) lucid; urgency=low
+
+ * Merged with debian unstable. Remaning changes (LP: #477299):
+ - Ubuntu specific:
+ + debian/login.defs: use SHA512 by default for password crypt routine.
+ - debian/patches/495_stdout-encrypted-password: chpasswd can report
+ password hashes on stdout (Debian bug 505640).
+ - Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.
+
+ -- Nicolas Valcárcel Scerpella (Canonical) <nvalcarcel at canonical.com> Sat, 07 Nov 2009 04:55:18 -0500
+
shadow (1:4.1.4.2-1) unstable; urgency=low
* The "Tome des Bauges" release.
@@ -25,6 +36,25 @@ shadow (1:4.1.4.2-1) unstable; urgency=l
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Fri, 24 Jul 2009 05:03:23 +0200
+shadow (1:4.1.4.1-1ubuntu2) karmic; urgency=low
+
+ * debian/securetty.linux: also list ttyS2 and ttyS3; beagleboard uses ttyS2
+ as serial port.
+
+ -- Loïc Minier <loic.minier at ubuntu.com> Fri, 31 Jul 2009 15:34:56 +0200
+
+shadow (1:4.1.4.1-1ubuntu1) karmic; urgency=low
+
+ * Resynchronise with Debian. Remaining changes:
+ - Ubuntu specific:
+ + debian/login.defs: use SHA512 by default for password crypt routine.
+ - debian/patches/495_stdout-encrypted-password: chpasswd can report
+ password hashes on stdout (Debian bug 505640).
+ * Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.
+ It's looking a bit ugly now ...
+
+ -- Colin Watson <cjwatson at ubuntu.com> Wed, 03 Jun 2009 11:16:51 +0100
+
shadow (1:4.1.4.1-1) unstable; urgency=low
* The "Chevrotin" release.
@@ -112,6 +142,21 @@ shadow (1:4.1.4-1) unstable; urgency=low
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Mon, 11 May 2009 00:25:11 +0200
+shadow (1:4.1.3.1-1ubuntu1) karmic; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - Ubuntu specific:
+ + debian/login.defs: use SHA512 by default for password crypt routine.
+ - debian/patches/stdout-encrypted-password.patch: chpasswd can report
+ password hashes on stdout (debian bug 505640).
+ - debian/login.pam: Enable SELinux support (debian bug 527106).
+ - debian/securetty.linux: support Freescale MX-series (debian bug 527095).
+ * Add debian/patches/300_lastlog_failure: fixed upstream (debian bug 524873).
+ * Drop debian/patches/593_omit_lastchange_field_if_clock_is_misset: fixed
+ upstream.
+
+ -- Kees Cook <kees at ubuntu.com> Tue, 05 May 2009 09:45:21 -0700
+
shadow (1:4.1.3.1-1) unstable; urgency=low
* The "Le Puant Macéré" release.
@@ -207,6 +252,108 @@ shadow (1:4.1.3-1) unstable; urgency=low
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Tue, 14 Apr 2009 23:33:22 +0200
+shadow (1:4.1.1-6ubuntu6) jaunty; urgency=low
+
+ * debian/login.preinst: fix typo in grep (LP: #354887).
+
+ -- Kees Cook <kees at ubuntu.com> Fri, 03 Apr 2009 22:12:07 -0700
+
+shadow (1:4.1.1-6ubuntu5) jaunty; urgency=low
+
+ * debian/login.preinst: add special-case handling to restore the
+ original white-space in /etc/login.defs that is changed by
+ system-tools-backends (LP: #316756).
+
+ -- Kees Cook <kees at ubuntu.com> Fri, 03 Apr 2009 14:33:43 -0700
+
+shadow (1:4.1.1-6ubuntu4) jaunty; urgency=low
+
+ * debian/patches/593_omit_lastchange_field_if_clock_is_misset (LP: #349504)
+ - If the system clock is set to Jan 01, 1970, and a new user is created
+ the last changed field gets set to 0, which tells login that the
+ password is expired and must be changed. During installation,
+ this can cause autologin to fail. Having the clock set to 01/01/1970
+ on a fresh install is common on the ARM architecture, so this is a high
+ priority bug since its likely to affect most ARM users on first install
+
+ -- Michael Casadevall <mcasadevall at ubuntu.com> Thu, 02 Apr 2009 14:05:31 -0400
+
+shadow (1:4.1.1-6ubuntu3) jaunty; urgency=low
+
+ [ Bryan McLellan ]
+ * Don't do the vm-builder root password check on fresh installations
+ (LP: #340841).
+
+ -- Colin Watson <cjwatson at ubuntu.com> Tue, 17 Mar 2009 13:32:55 +0000
+
+shadow (1:4.1.1-6ubuntu2) jaunty; urgency=low
+
+ * debian/securetty.linux (LP: #316841)
+ - Updated securetty support for Freescale MX-series boards
+
+ -- Michael Casadevall <sonicmctails at gmail.com> Tue, 13 Jan 2009 12:56:38 -0500
+
+shadow (1:4.1.1-6ubuntu1) jaunty; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - Ubuntu specific:
+ + debian/login.pam: Enable SELinux support in login.pam.
+ + debian/rules: regenerate autoconf to avoid libtool-caused FTBFS.
+ + debian/login.defs: use SHA512 by default for password crypt routine.
+ + debian/passwd.postinst: disable the root password for virtual
+ machines created with vm-builder on Ubuntu 8.10.
+ - debian/patches/stdout-encrypted-password.patch: allow chpasswd to
+ report encrypted passwords to stdout for tools needing encrypted
+ passwords (debian bug 505640).
+
+ -- Kees Cook <kees at ubuntu.com> Mon, 08 Dec 2008 00:44:46 -0800
+
+shadow (1:4.1.1-6) unstable; urgency=medium
+
+ * The "Rollot" release.
+ * debian/patches/303_login_symlink_attack: Fix a race condition that could
+ lead to gaining ownership or changing mode of arbitrary files.
+ Closes: #505271
+ * debian/patches/304_su.1_synopsis: Fix the su synopsis. username is
+ referenced in the manpage, not LOGIN. Closes: #501830
+ * debian/patches/305_login.1_japanese: Fix the path of the utmp and wtmp
+ files. Closes: #501353
+
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Fri, 14 Nov 2008 21:52:42 +0100
+
+shadow (1:4.1.1-5ubuntu3) jaunty; urgency=low
+
+ * disable the root password for virtual machines created with vm-builder
+ on Ubuntu 8.10. (LP: #296841)
+
+ -- Jamie Strandboge <jamie at ubuntu.com> Thu, 13 Nov 2008 20:32:42 -0600
+
+shadow (1:4.1.1-5ubuntu2) jaunty; urgency=low
+
+ * debian/login.defs: use SHA512 by default for password crypt routine
+ (LP: #51551, currently Ubuntu specific).
+ * debian/patches/stdout-encrypted-password.patch: allow chpasswd to report
+ encrypted passwords to stdout for tools needing encrypted passwords
+ (debian bug 505640).
+ * debian/rules: regenerate autoconf to avoid libtool-caused FTBFS.
+
+ -- Kees Cook <kees at ubuntu.com> Thu, 13 Nov 2008 16:43:48 -0800
+
+shadow (1:4.1.1-5ubuntu1) jaunty; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - debian/login.pam: Enable SELinux support in login.pam.
+
+ -- Scott James Remnant <scott at ubuntu.com> Wed, 05 Nov 2008 07:26:43 +0000
+
+shadow (1:4.1.1-5) unstable; urgency=low
+
+ * The "Bergues" release.
+ * debian/login.pam: restore the Etch behavior of pam_securetty.so in case of
+ unknown user. Closes: #443322, #495831
+
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Sun, 14 Sep 2008 19:13:34 +0200
+
shadow (1:4.1.1-4) unstable; urgency=low
* The "Rocamadour" release.
@@ -284,6 +431,13 @@ shadow (1:4.1.1-2) unstable; urgency=low
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Fri, 13 Jun 2008 01:27:16 +0200
+shadow (1:4.1.1-1ubuntu1) intrepid; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - debian/login.pam: Enable SELinux support in login.pam.
+
+ -- Kees Cook <kees at ubuntu.com> Mon, 09 Jun 2008 10:08:38 -0700
+
shadow (1:4.1.1-1) unstable; urgency=low
* New upstream release. This closes the following bugs:
@@ -409,6 +563,20 @@ shadow (1:4.1.0-1) unstable; urgency=low
-- Christian Perrier <bubulle at debian.org> Sat, 12 Jan 2008 20:40:02 +0100
+shadow (1:4.0.18.2-1ubuntu2) hardy; urgency=low
+
+ * Add 498_make_useradd_faster_with_ldap: make useradd faster when
+ nsswitch uses LDAP or some other remote names database (LP: #120015),
+ thanks to Vince Busam.
+
+ -- Matt T. Proud <mtp at google.com> Fri, 08 Feb 2008 18:30:51 -0800
+
+shadow (1:4.0.18.2-1ubuntu1) hardy; urgency=low
+
+ * debian/login.pam: Enable SELinux support in login.pam (LP: #191326).
+
+ -- Caleb Case <ccase at tresys.com> Fri, 08 Feb 2008 02:20:06 -0500
+
shadow (1:4.0.18.2-1) unstable; urgency=low
* The "Vacherin" release.
diff -pruN 1:4.1.4.2-1/debian/control 1:4.1.4.2-1ubuntu1/debian/control
--- 1:4.1.4.2-1/debian/control 2009-11-12 14:29:59.000000000 +0000
+++ 1:4.1.4.2-1ubuntu1/debian/control 2009-11-12 13:05:12.000000000 +0000
@@ -1,7 +1,8 @@
Source: shadow
Section: admin
Priority: required
-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
+Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
+XSBC-Original-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
Standards-Version: 3.8.2
Uploaders: Christian Perrier <bubulle at debian.org>, Martin Quinson <mquinson at debian.org>, Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>
Build-Depends: autoconf, automake1.9, libtool, gettext, libpam0g-dev, debhelper (>= 6.0.7~), quilt, dpkg-dev (>= 1.13.5), xsltproc, docbook-xsl, docbook-xml, libxml2-utils, cdbs, libselinux1-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64], gnome-doc-utils (>= 0.4.3)
diff -pruN 1:4.1.4.2-1/debian/login.defs 1:4.1.4.2-1ubuntu1/debian/login.defs
--- 1:4.1.4.2-1/debian/login.defs 2009-11-12 14:29:59.000000000 +0000
+++ 1:4.1.4.2-1ubuntu1/debian/login.defs 2009-11-12 13:05:12.000000000 +0000
@@ -283,7 +283,7 @@ USERGROUPS_ENAB yes
# Note: It is recommended to use a value consistent with
# the PAM modules configuration.
#
-#ENCRYPT_METHOD DES
+ENCRYPT_METHOD SHA512
#
# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512.
diff -pruN 1:4.1.4.2-1/debian/patches/495_stdout-encrypted-password 1:4.1.4.2-1ubuntu1/debian/patches/495_stdout-encrypted-password
--- 1:4.1.4.2-1/debian/patches/495_stdout-encrypted-password 1970-01-01 01:00:00.000000000 +0100
+++ 1:4.1.4.2-1ubuntu1/debian/patches/495_stdout-encrypted-password 2009-11-12 13:05:12.000000000 +0000
@@ -0,0 +1,173 @@
+Description: allow chpasswd to report a correctly hashed password (using
+ system defaults for hash mechanism) to stdout.
+Upstream: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505640
+
+Index: shadow-4.1.4.1/src/chpasswd.c
+===================================================================
+--- shadow-4.1.4.1.orig/src/chpasswd.c
++++ shadow-4.1.4.1/src/chpasswd.c
+@@ -54,7 +54,6 @@
+ * Global variables
+ */
+ char *Prog;
+-#ifndef USE_PAM
+ static bool cflg = false;
+ static bool eflg = false;
+ static bool md5flg = false;
+@@ -70,7 +69,8 @@
+ static bool is_shadow_pwd;
+ static bool pw_locked = false;
+ static bool spw_locked = false;
+-#endif /* !USE_PAM */
++
++static int use_stdout = 0;
+
+ /* local function prototypes */
+ static void fail_exit (int code);
+@@ -141,6 +141,9 @@
+ stderr);
+ #endif /* USE_SHA_CRYPT */
+ #endif /* !USE_PAM */
++ (void) fputs (_(" -S, --stdout report encrypted passwords to stdout\n"
++ " instead of changing the passwd file\n"),
++ stderr);
+ (void) fputs ("\n", stderr);
+
+ exit (E_USAGE);
+@@ -164,6 +167,7 @@
+ {"sha-rounds", required_argument, NULL, 's'},
+ #endif /* USE_SHA_CRYPT */
+ #endif /* !USE_PAM */
++ {"stdout", no_argument, NULL, 'S'},
+ {"help", no_argument, NULL, 'h'},
+ {NULL, 0, NULL, '\0'}
+ };
+@@ -171,12 +175,12 @@
+ while ((c = getopt_long (argc, argv,
+ #ifndef USE_PAM
+ # ifdef USE_SHA_CRYPT
+- "c:ehms:",
++ "c:ehms:S",
+ # else /* !USE_SHA_CRYPT */
+- "c:ehm",
++ "c:ehmS",
+ # endif /* !USE_SHA_CRYPT */
+ #else
+- "h",
++ "hS",
+ #endif /* !USE_PAM */
+ long_options, &option_index)) != -1) {
+ switch (c) {
+@@ -206,6 +210,9 @@
+ break;
+ #endif /* USE_SHA_CRYPT */
+ #endif /* !USE_PAM */
++ case 'S':
++ use_stdout = 1;
++ break;
+ default:
+ usage ();
+ break;
+@@ -271,6 +278,7 @@
+ */
+ static void check_perms (void)
+ {
++ if (use_stdout) return;
+ #ifdef USE_PAM
+ #ifdef ACCT_TOOLS_SETUID
+ pam_handle_t *pamh = NULL;
+@@ -412,6 +420,7 @@
+
+ OPENLOG ("chpasswd");
+
++ if (!use_stdout) {
+ check_perms ();
+
+ #ifndef USE_PAM
+@@ -419,6 +428,7 @@
+
+ open_files ();
+ #endif
++ }
+
+ /*
+ * Read each line, separating the user name from the password. The
+@@ -467,13 +477,14 @@
+ newpwd = cp;
+
+ #ifdef USE_PAM
+- if (do_pam_passwd_non_interractive ("chpasswd", name, newpwd) != 0) {
+- fprintf (stderr,
+- _("%s: (line %d, user %s) password not changed\n"),
+- Prog, line, name);
+- errors++;
+- }
+-#else /* !USE_PAM */
++ /* Even if we would normally be using PAM, use_stdout
++ * requires us to compute the password ourselves. This
++ * requires our ENCRYPT_METHOD to be in sync with PAM so
++ * needs to be reworked, but for now that's better than the
++ * rest of the system having to be in sync with PAM too.
++ */
++ if (use_stdout) {
++#endif
+ if ( !eflg
+ && ( (NULL == crypt_method)
+ || (0 != strcmp (crypt_method, "NONE")))) {
+@@ -492,6 +503,24 @@
+ cp = pw_encrypt (newpwd,
+ crypt_make_salt(crypt_method, arg));
+ }
++#ifdef USE_PAM
++ }
++#endif
++
++ if (use_stdout) {
++ fprintf (stdout, "%s:%s\n", name, cp);
++ continue;
++ }
++
++#ifdef USE_PAM
++ if (do_pam_passwd_non_interractive ("chpasswd", name, newpwd) != 0) {
++ fprintf (stderr,
++ _("%s: (line %d, user %s) password not changed\n"),
++ Prog, line, name);
++ errors++;
++ continue;
++ }
++#else /* !USE_PAM */
+
+ /*
+ * Get the password file entry for this user. The user must
+@@ -573,12 +602,14 @@
+ fail_exit (1);
+ }
+
++ if (!use_stdout) {
+ #ifndef USE_PAM
+ /* Save the changes */
+ close_files ();
+ #endif
+
+ nscd_flush_cache ("passwd");
++ }
+
+ return (0);
+ }
+Index: shadow-4.1.4.1/man/chpasswd.8.xml
+===================================================================
+--- shadow-4.1.4.1.orig/man/chpasswd.8.xml
++++ shadow-4.1.4.1/man/chpasswd.8.xml
+@@ -134,6 +134,12 @@
+ </variablelist>
+ <variablelist remap='IP'>
+ <varlistentry>
++ <term><option>-S</option>, <option>--stdout</option></term>
++ <listitem>
++ <para>Report encrypted passwords to stdout instead of updating password file.</para>
++ </listitem>
++ </varlistentry>
++ <varlistentry>
+ <term><option>-h</option>, <option>--help</option></term>
+ <listitem>
+ <para>Display help message and exit.</para>
diff -pruN 1:4.1.4.2-1/debian/patches/series 1:4.1.4.2-1ubuntu1/debian/patches/series
--- 1:4.1.4.2-1/debian/patches/series 2009-11-12 14:29:59.000000000 +0000
+++ 1:4.1.4.2-1ubuntu1/debian/patches/series 2009-11-12 13:05:12.000000000 +0000
@@ -20,3 +20,4 @@
483_su_fakelogin_wrong_arg0
508_nologin_in_usr_sbin
505_useradd_recommend_adduser
+495_stdout-encrypted-password
More information about the Pkg-shadow-devel
mailing list