[Pkg-shadow-devel] Freeze exception: shadow

Nicolas François nicolas.francois at centraliens.net
Wed Aug 18 18:31:07 UTC 2010


On Wed, Aug 18, 2010 at 02:24:50PM +0200, Mehdi Dogguy wrote:
> Can I trade this unblock with an upload of src:shadow? :) It has 3 RC
> bugs tagged as pending since months.

Looks like I'm trading for additional work I would have to do.
This looks biased;)

More seriously, I need to find what would be the preferred next shadow
[1] Prepare an upstream release and a Debian package based on it
[2] Package the current upstream trunk (this is mostly ready but must be
    tested, and I need to check if I raised my hand in the middle of a
[3] Retrofit fixes for Debian bugs
[4] Retrofit fixes for Debian release critical bugs only

[1] does not look realistic for me.
Then from an effort point of view, my preference goes from [2] to [4] to [3]

What would be acceptable for a freeze exception?

The current (i.e. trunk matching solution [2] above) changelog entries are:

  * The "Bleu de Gex" release.
  * New upstream release:
    - Fix formatting of the login.defs.5 manpage. Closes: #542804
    - Updated Czech translation. Closes: #548407
    - Updated Vietnamese translation. Closes: #548065
    - Remove patches applied upstream:
      + debian/patches/008_su_no_sanitize_env
      + debian/patches/483_su_fakelogin_wrong_arg0
    - Updated patches:
      + debian/patches/523_su_arguments_are_no_more_concatenated_by_default
      + debian/patches/542_useradd-O_option
    - Added support for dates already specified as a number of days since
      Epoch in useradd, usermod and chage. Closes: #562221
    - This also allows, in the chage interactive mode, to specify -1 as the
      expiration date to disable it. Closes: #573018
    - Fixed parsing of gshadow. This fix password support in newgrp.
      Closes: #569899
    - pwck and grpck stop sorting at the first line which begins with a '+'.
      This will avoid messing up with NIS entries. Closes: #567836
    - Fix interruption of su, newgrp, vipw with Ctrl-Z. Closes: 530231
    - mail checking is no more mentioned in login(1) since it is done by PAM.
      Closes: #470059
    - The -e (and -c and -m) option was restored in chpasswd (which still uses
      PAM by default).  Closes: #539354
    - Kazakh translation updated. Closes: #586994
  * debian/securetty.kfreebsd: On GNU/kFreeBSD the serial devices have change
    from /dev/cuuaX to /dev/ttydX in kernel 6.0. Closes: #544523
  * debian/securetty.linux: Added support for embedded ARM AMBA PL011 ports
    (e.g. emulated by QEMU). Closes: #544184
  * debian/control: Removed Martin Quinson from the Uploaders, on his request.
  * debian/login.defs: Improve documentation of USERGROUPS_ENAB.
    Closes: #572687
  * debian/rules: Added DEB_AUTO_UPDATE_LIBTOOL = pre. Closes: #560633
  * debian/login.pam: return back to mostly "requisite" for the pam_securetty
    PAM module, but ignore PAM_USER_UNKNOWN. This will avoid root from
    entering a password, and will also avoid user enumeration attacks.
    Mis-typed root login are not protected, only root can be blamed for
    mis-typing and entering a password on an insecure line. Users willing to
    protect against mis-typed root login can use "requisite", but will be
    vulnerable to user enumeration attacks on insecure lines, and should use
    pam 1.1.0-4 at least. Closes: #574082, #531341
  * debian/passwd.cron.daily: Handle the backups of the user and group
    databases so that it can be removed from the standard daily cron job.
    Closes: #554170
  * debian/login.defs: Updated description of UMASK (used by pam_umask).
  * debian/securetty.linux: Reorganize and synchronize with
    Documentation/devices.txt. This added a lot of TTYs, including the
    ttyPZ0..3. Closes: #576203
  * debian/rules, debian/man.insert, debian/man.insert.sed: Hack to avoid bug
    507673, causing missing apostrophes in the manpages generated by
  * debian/control: Standards-Version: bumped to 3.8.4. No changes.
  * debian/passwd.lintian-overrides: Remove old entries relevant for
  * debian/control: Do not repeat the Section and Priority fields for the
    binary packages.

Best Regards,

More information about the Pkg-shadow-devel mailing list