[Pkg-shadow-devel] Ubuntu (new upstream) shadow 1:4.1.5.1-1ubuntu2
Ubuntu Merge-o-Matic
mom at ubuntu.com
Wed Jan 2 19:07:25 UTC 2013
This e-mail has been sent due to an upload to Ubuntu of a new upstream
version which still contains Ubuntu changes. It contains the difference
between the Ubuntu version and the equivalent base version in Debian, note
that this difference may include the upstream changes.
-------------- next part --------------
Format: 1.8
Date: Thu, 29 Nov 2012 15:27:11 +0000
Source: shadow
Binary: passwd login
Architecture: source
Version: 1:4.1.5.1-1ubuntu2
Distribution: raring
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Colin Watson <cjwatson at ubuntu.com>
Description:
login - system login tools
passwd - change and administer password and group data
Closes: 544184 580434 583971 584868 597661 602264 603315 605329 606159 609117 614321 616167 617295 620930 620978 621126 621330 621810 622106 622765 622834 622908 623608 623722 627526 628776 628777 628843 630250 630618 632461 634465 636047 638263 647308 647469 655194 655858 656503 656686 657010 657514 657516 657621 657622 657710 657717 657763 659957 660406 661025 661802 668880 669698 673234
Launchpad-Bugs-Fixed: 523896
Changes:
shadow (1:4.1.5.1-1ubuntu2) raring; urgency=low
.
* Revert build-dependency from gettext:any to gettext, now that gettext is
Multi-Arch: foreign.
.
shadow (1:4.1.5.1-1ubuntu1) raring; urgency=low
.
* The "Yorkshire Blue" release.
* Merge from Debian unstable. Remaining changes:
- debian/passwd.upstart: Add an upstrat job to clear locks on
[shadow-]passwd/group. (LP: #523896).
- Build-depend on gettext:any for cross-building support.
- Allow LXC devices (lxc/console, lxc/tty[1234]) that we'll start using
in LXC with Precise.
- debian/login.defs:
+ Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
handling does not only apply to "former (pre-PAM) uses".
+ Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify
this default for UPGs. (Closes: #583971)
- debian/{source_shadow.py,rules}: Add apport hook
- debian/patches/495_stdout-encrypted-password: chpasswd can report
password hashes on stdout (Debian bug 505640).
.
* Dropped changes, merged in Debian:
- Fix case of ttyAMA0-3 devices and move them near the ttyAM0-15 ones;
Debian #544184; fixes console on Vexpress boards (e.g. in QEMU).
- use SHA512 by default for password crypt routine.
- debian/rules: fix FTBFS from newer libtools
- Mark passwd Multi-Arch: foreign.
.
shadow (1:4.1.5.1-1) unstable; urgency=low
.
* The "Gruyère" release.
.
[ Nicolas FRANCOIS (Nekral) ]
* New upstream release:
- login: log into utmp(x) but not into wtmp (this is done by pam_lastlog).
Log to utmp(x) was broken by the fix for #605329. Closes: 659957
- userdel: Fix segfault when userdel removes the user's group.
Closes: #660406
- manpages: .so links point to paths relative to the top-level manual
hierarchy. Closes: #661025
- useradd(8): Return code 13 no more documented. Closes: #661802
* debian/patches/series, debian/patches/428_grpck_add_prune_option: Removed.
The -p option was not documented and was meant to fix consequences of a
bug now fixed more than 10 years ago.
* debian/shadowconfig.sh: Display issues, but dot not prompt interactively
to fix passwd/group/shadow/gshadow issues. Closes: #638263
* debian/control: Bump Standards-Version to 3.9.3 (no changes needed).
* debian/rules: Simplify setting of hardening flags. cdbs 0.4.103 needed to
get hardened version of shadow-utils. Restore previous requirement on
dpkg-dev to 1.13.5.
.
[ Christian Perrier ]
* Complete Polish translation of logoutd(8). Closes: #668880
* German translation of manpages completed. Closes: #673234
.
[ Roger Leigh ]
* Separation of static and dynamic motd components in login PAM module
Closes: #669698
.
shadow (1:4.1.5-1) unstable; urgency=low
.
* The "Charolais" release.
.
[ Nicolas FRANCOIS (Nekral) ]
* New upstream release:
- su: Fix possible tty hijacking by dropping the controlling terminal when
executing a command (CVE-2005-4890). Closes: #628843
- userdel: Check the existence of the user's mail spool before trying to
remove it. If it does not exist, a warning is issued, but no failure.
Closes: #617295
- userdel: Do not remove a group with the same name as the user
(usergroup) if this group isn't the user's primary group.
Closes: #584868
- su: Close the PAM session as root (fix issues with pam_mount and
pam_systemd). Closes: #580434
- Fix several typos in manpages. Thanks to Simon Brandmair.
Closes: #628776
- userdel error message has been clarified when the user is still
executing processes (it used to complain that the user is logged in).
Closes: #603315
- passwd(1) references chpasswd(8). Closes: #609117
- Spaces have been added between options and arguments in the Russian
manpages. Closes: #606159
- Fix handling of numerical dates in usermod -e. Closes: #621810
- usermod: When the shadow file exists but there are no shadow entries, an
entry is created if the password is changed and passwd requires a shadow
entry, or if aging features are used (-e or -f). Closes: 632461
- Added diagnosis for lock failures. Closes: #616167
- grpck/pwck: NIS entries were dropped by -s (sort). Closes: #622765
- login does not log into utmp(x) and wtmp. This is already done by
pam_lastlog. Closes: #605329
- groupmod: document that /etc/passwd can be modified by groupmod -g.
Closes: #647308
- Updated patches
+ debian/patches/008_login_log_failure_in_FTMP
+ debian/patches/401_cppw_src.dpatch
+ debian/patches/402_cppw_selinux
+ debian/patches/428_grpck_add_prune_option
+ debian/patches/429_login_FAILLOG_ENAB
+ debian/patches/463_login_delay_obeys_to_PAM
+ debian/patches/501_commonio_group_shadow
+ debian/patches/505_useradd_recommend_adduser
+ debian/patches/506_relaxed_usernames
+ debian/patches/508_nologin_in_usr_sbin
+ debian/patches/523_su_arguments_are_concatenated
+ debian/patches/523_su_arguments_are_no_more_concatenated_by_default
+ debian/patches/542_useradd-O_option
+ debian/patches/900_testsuite_groupmems
- debian/patches/008_su_get_PAM_username: Removed, feature supported
upstream.
- debian/patches/300_CVE-2011-0721: Removed, applied upstream.
- Upstream translation updates from Debian BTS:
+ Brazilian Portuguese. Closes: #622834
+ Catalan. Closes: #627526, #657763
+ Danish. Closes: #621330, #657514
+ German. Closes: #622908, #656503
+ French. Closes: #623608, #657621
+ Japanese. Closes: #620978
+ Kazakh. Closes: #620930
+ Portuguese. Closes: #623722, #656686
+ Russian. Closes: #622106, #655194
+ Spanish (Closes: #630618)
+ Swedish. Closes: #621126
+ Simplified Chinese. Closes: #655858
- Upstream manpages translation updates from Debian BTS:
+ French. Closes: #630250, #657622
+ German. Closes: #628777
+ Simplified Chinese. Closes: #602264, #655858
+ Danish added. Closes: #657516
+ Russian. Closes: #657710
* debian/control: mark passwd as 'Multi-Arch: foreign'. Closes: #614321
* debian/securetty.linux: Add IBM pSeries console ports. Closes: #597661
* debian/securetty.linux: Add serial Console for MIPS Swarm.
(http://lists.debian.org/debian-release/2011/02/msg00320.html)
* debian/securetty.linux: Add s390/s390x ports ttysclp0. Closes: #647469
* debian/securetty.linux: Fixed typo: ttyama -> ttyAMA. Closes: #544184
* debian/rules, debian/man.insert, debian/man.insert.sed: Bug #507673 has
been closed. It is no more needed to patch the generated manpages. This
also fix failures to build twice is a row. Closes: #636047
* debian/patches/401_cppw_src.dpatch: Replace progname by Prog. Rename
create_backup_file to create_copy. The lock functions do not set errno.
Do not report the error string on cppwexit.
* debian/patches/401_cppw_src.dpatch, debian/patches/402_cppw_selinux:
Synchronize with coding style.
* debian/patches/401_cppw_src.dpatch: Detect as well too many and too
few arguments.
* debian/patches/506_relaxed_usernames: Really check if the user/group
name starts with a dash. Also forbid names starting with '+' or '~'.
Document the naming policy in useradd.8 / groupadd.8.
* debian/patches/506_relaxed_usernames: Also forbid names containing a
comma.
* debian/patches/901_testsuite_gcov: Do not revert the locale when testing
with gcov to avoid coverage false negatives. This does not impact the
debian binary package, only the test package.
* debian/control: Add Build-Depends on libsemanage1-dev [linux-any]
* debian/rules: Do not hard-code CFLAGS and LDFLAGS. Build with all
hardening flags set. Closes: #657010
* debian/control: depends on dpkg-dev (>= 1.16.1~) for including
/usr/share/dpkg/buildflags.mk
* debian/control: Standards-Version: bumped to 3.9.2. No changes.
* debian/login.defs: Set the default encryption method to SHA512.
Closes: #657717
.
[ Christian Perrier ]
* Use "linux-any" instead of a negated list of architectures in
Build-Depends. Closes: #634465
Checksums-Sha1:
531b17c4d62d55719edc264140971e040a95c764 2387 shadow_4.1.5.1-1ubuntu2.dsc
9a8378c921ca817b222123963b083dbaecc81c15 85751 shadow_4.1.5.1-1ubuntu2.diff.gz
Checksums-Sha256:
f06d3c7995bd40ee03a21901c4cbe3119a2aea93b717c17c6d3ac592c7ad5e31 2387 shadow_4.1.5.1-1ubuntu2.dsc
d43c5b204e49726e0d57c6f0063d04436d52e9dd704ef4552d6dfe89256d6fd9 85751 shadow_4.1.5.1-1ubuntu2.diff.gz
Files:
69a8a991985e1b96cff6730cf39eb63c 2387 admin required shadow_4.1.5.1-1ubuntu2.dsc
e9dbbd5e647e5706f67b9a9893250399 85751 admin required shadow_4.1.5.1-1ubuntu2.diff.gz
Original-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
-------------- next part --------------
diff -pruN 1:4.1.5.1-1/debian/changelog 1:4.1.5.1-1ubuntu2/debian/changelog
--- 1:4.1.5.1-1/debian/changelog 2013-01-02 19:05:55.000000000 +0000
+++ 1:4.1.5.1-1ubuntu2/debian/changelog 2013-01-02 19:05:56.000000000 +0000
@@ -1,3 +1,37 @@
+shadow (1:4.1.5.1-1ubuntu2) raring; urgency=low
+
+ * Revert build-dependency from gettext:any to gettext, now that gettext is
+ Multi-Arch: foreign.
+
+ -- Colin Watson <cjwatson at ubuntu.com> Thu, 29 Nov 2012 15:27:11 +0000
+
+shadow (1:4.1.5.1-1ubuntu1) raring; urgency=low
+
+ * The "Yorkshire Blue" release.
+ * Merge from Debian unstable. Remaining changes:
+ - debian/passwd.upstart: Add an upstrat job to clear locks on
+ [shadow-]passwd/group. (LP: #523896).
+ - Build-depend on gettext:any for cross-building support.
+ - Allow LXC devices (lxc/console, lxc/tty[1234]) that we'll start using
+ in LXC with Precise.
+ - debian/login.defs:
+ + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+ handling does not only apply to "former (pre-PAM) uses".
+ + Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify
+ this default for UPGs. (Closes: #583971)
+ - debian/{source_shadow.py,rules}: Add apport hook
+ - debian/patches/495_stdout-encrypted-password: chpasswd can report
+ password hashes on stdout (Debian bug 505640).
+
+ * Dropped changes, merged in Debian:
+ - Fix case of ttyAMA0-3 devices and move them near the ttyAM0-15 ones;
+ Debian #544184; fixes console on Vexpress boards (e.g. in QEMU).
+ - use SHA512 by default for password crypt routine.
+ - debian/rules: fix FTBFS from newer libtools
+ - Mark passwd Multi-Arch: foreign.
+
+ -- Dmitrijs Ledkovs <dmitrij.ledkov at ubuntu.com> Tue, 23 Oct 2012 09:59:19 +0100
+
shadow (1:4.1.5.1-1) unstable; urgency=low
* The "Gruyère" release.
@@ -141,6 +175,68 @@ shadow (1:4.1.5-1) unstable; urgency=low
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Sun, 12 Feb 2012 22:27:03 +0100
+shadow (1:4.1.4.2+svn3283-3ubuntu7) quantal; urgency=low
+
+ * debian/passwd.upstart: Add an upstrat job to clear locks on
+ [shadow-]passwd/group. (LP: #523896).
+
+ -- Dmitrijs Ledkovs <dmitrij.ledkov at ubuntu.com> Fri, 31 Aug 2012 13:00:33 +0100
+
+shadow (1:4.1.4.2+svn3283-3ubuntu6) quantal; urgency=low
+
+ * debian/source_shadow.py: Fix compatibility with python3. Thanks Edward
+ Donovan! (LP: #1013171)
+
+ -- Martin Pitt <martin.pitt at ubuntu.com> Mon, 18 Jun 2012 15:09:54 +0200
+
+shadow (1:4.1.4.2+svn3283-3ubuntu5) precise; urgency=low
+
+ * Build-depend on gettext:any for cross-building support.
+
+ -- Colin Watson <cjwatson at ubuntu.com> Mon, 09 Apr 2012 00:28:03 +0100
+
+shadow (1:4.1.4.2+svn3283-3ubuntu4) precise; urgency=low
+
+ * Allow LXC devices (lxc/console, lxc/tty[1234]) that we'll start using
+ in LXC with Precise.
+
+ -- Stéphane Graber <stgraber at ubuntu.com> Fri, 10 Feb 2012 15:34:05 -0500
+
+shadow (1:4.1.4.2+svn3283-3ubuntu3) precise; urgency=low
+
+ * Fix case of ttyAMA0-3 devices and move them near the ttyAM0-15 ones;
+ Debian #544184; fixes console on Vexpress boards (e.g. in QEMU).
+
+ -- Loïc Minier <loic.minier at ubuntu.com> Wed, 30 Nov 2011 22:47:47 +0100
+
+shadow (1:4.1.4.2+svn3283-3ubuntu2) oneiric; urgency=low
+
+ * debian/login.defs:
+ - Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+ handling does not only apply to "former (pre-PAM) uses".
+ - Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify
+ this default for UPGs. (Closes: #583971)
+
+ -- Martin Pitt <martin.pitt at ubuntu.com> Fri, 24 Jun 2011 11:07:34 +0200
+
+shadow (1:4.1.4.2+svn3283-3ubuntu1) natty; urgency=low
+
+ * The "string cheese" release.
+ * Merge from Debian unstable. Remaining changes:
+ - Ubuntu specific:
+ + debian/login.defs: use SHA512 by default for password crypt routine.
+ - debian/{source_shadow.py,rules}: Add apport hook
+ - debian/rules: fix FTBFS from newer libtools
+ - debian/patches/495_stdout-encrypted-password: chpasswd can report
+ password hashes on stdout (Debian bug 505640).
+ * Dropped changes, merged in Debian:
+ - debian/patches/300_CVE-2011-0721: reject newlines in GECOS updates.
+ - CVE-2011-0721
+ * Mark passwd Multi-Arch: foreign, so packages that aren't of the same
+ arch can depend on it.
+
+ -- Steve Langasek <steve.langasek at ubuntu.com> Sun, 20 Feb 2011 15:59:15 -0800
+
shadow (1:4.1.4.2+svn3283-3) unstable; urgency=high
* The "Trappe d'Echourgnac" release.
@@ -151,6 +247,34 @@ shadow (1:4.1.4.2+svn3283-3) unstable; u
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Mon, 13 Feb 2011 23:20:05 +0100
+shadow (1:4.1.4.2+svn3283-2ubuntu3) natty; urgency=low
+
+ * SECURITY UPDATE: could inject NIS groups memberships into /etc/passwd.
+ - debian/patches/300_CVE-2011-0721: reject newlines in GECOS updates.
+ - CVE-2011-0721
+
+ -- Kees Cook <kees at ubuntu.com> Tue, 15 Feb 2011 13:57:01 -0800
+
+shadow (1:4.1.4.2+svn3283-2ubuntu2) natty; urgency=low
+
+ * debian/patches/495_stdout-encrypted-password: adjust patch for changes
+ in src/chpasswd.c to fix FTBFS
+
+ -- Oliver Grawert <ogra at ubuntu.com> Tue, 04 Jan 2011 15:48:49 +0100
+
+shadow (1:4.1.4.2+svn3283-2ubuntu1) natty; urgency=low
+
+ * Merge from debian unstable. Remaining changes:
+ - Ubuntu specific:
+ + debian/login.defs: use SHA512 by default for password crypt routine.
+ - debian/{source_shadow.py,rules}: Add apport hook
+ - debian/rules: fix FTBFS from newer libtools
+ - debian/patches/495_stdout-encrypted-password: chpasswd can report
+ password hashes on stdout (Debian bug 505640).
+ - Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.
+
+ -- Oliver Grawert <ogra at ubuntu.com> Wed, 24 Nov 2010 13:42:42 +0100
+
shadow (1:4.1.4.2+svn3283-2) unstable; urgency=low
* The "Bleu du Vercors-Sassenage" release.
@@ -222,6 +346,32 @@ shadow (1:4.1.4.2+svn3283-1) unstable; u
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Sun, 29 Aug 2010 21:14:12 +0200
+shadow (1:4.1.4.2-1ubuntu3) maverick; urgency=low
+
+ * add ttyO0-3 to debian/securetty.linux, if OMAP kernels are built with
+ TI's DMA-offloaded driver instead of the default 8250 one the serial tty's
+ are called like that (LP: #512845).
+
+ -- Oliver Grawert <ogra at ubuntu.com> Tue, 31 Aug 2010 14:45:17 +0200
+
+shadow (1:4.1.4.2-1ubuntu2) lucid; urgency=low
+
+ * debian/{source_shadow.py,rules}: Add apport hook
+ * debian/rules: fix FTBFS from newer libtools
+
+ -- Marc Deslauriers <marc.deslauriers at ubuntu.com> Tue, 26 Jan 2010 08:54:59 -0500
+
+shadow (1:4.1.4.2-1ubuntu1) lucid; urgency=low
+
+ * Merged with debian unstable. Remaning changes (LP: #477299):
+ - Ubuntu specific:
+ + debian/login.defs: use SHA512 by default for password crypt routine.
+ - debian/patches/495_stdout-encrypted-password: chpasswd can report
+ password hashes on stdout (Debian bug 505640).
+ - Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.
+
+ -- Nicolas Valcárcel Scerpella (Canonical) <nvalcarcel at canonical.com> Sat, 07 Nov 2009 04:55:18 -0500
+
shadow (1:4.1.4.2-1) unstable; urgency=low
* The "Tome des Bauges" release.
@@ -249,6 +399,25 @@ shadow (1:4.1.4.2-1) unstable; urgency=l
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Fri, 24 Jul 2009 05:03:23 +0200
+shadow (1:4.1.4.1-1ubuntu2) karmic; urgency=low
+
+ * debian/securetty.linux: also list ttyS2 and ttyS3; beagleboard uses ttyS2
+ as serial port.
+
+ -- Loïc Minier <loic.minier at ubuntu.com> Fri, 31 Jul 2009 15:34:56 +0200
+
+shadow (1:4.1.4.1-1ubuntu1) karmic; urgency=low
+
+ * Resynchronise with Debian. Remaining changes:
+ - Ubuntu specific:
+ + debian/login.defs: use SHA512 by default for password crypt routine.
+ - debian/patches/495_stdout-encrypted-password: chpasswd can report
+ password hashes on stdout (Debian bug 505640).
+ * Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.
+ It's looking a bit ugly now ...
+
+ -- Colin Watson <cjwatson at ubuntu.com> Wed, 03 Jun 2009 11:16:51 +0100
+
shadow (1:4.1.4.1-1) unstable; urgency=low
* The "Chevrotin" release.
@@ -336,6 +505,21 @@ shadow (1:4.1.4-1) unstable; urgency=low
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Mon, 11 May 2009 00:25:11 +0200
+shadow (1:4.1.3.1-1ubuntu1) karmic; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - Ubuntu specific:
+ + debian/login.defs: use SHA512 by default for password crypt routine.
+ - debian/patches/stdout-encrypted-password.patch: chpasswd can report
+ password hashes on stdout (debian bug 505640).
+ - debian/login.pam: Enable SELinux support (debian bug 527106).
+ - debian/securetty.linux: support Freescale MX-series (debian bug 527095).
+ * Add debian/patches/300_lastlog_failure: fixed upstream (debian bug 524873).
+ * Drop debian/patches/593_omit_lastchange_field_if_clock_is_misset: fixed
+ upstream.
+
+ -- Kees Cook <kees at ubuntu.com> Tue, 05 May 2009 09:45:21 -0700
+
shadow (1:4.1.3.1-1) unstable; urgency=low
* The "Le Puant Macéré" release.
@@ -431,6 +615,108 @@ shadow (1:4.1.3-1) unstable; urgency=low
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Tue, 14 Apr 2009 23:33:22 +0200
+shadow (1:4.1.1-6ubuntu6) jaunty; urgency=low
+
+ * debian/login.preinst: fix typo in grep (LP: #354887).
+
+ -- Kees Cook <kees at ubuntu.com> Fri, 03 Apr 2009 22:12:07 -0700
+
+shadow (1:4.1.1-6ubuntu5) jaunty; urgency=low
+
+ * debian/login.preinst: add special-case handling to restore the
+ original white-space in /etc/login.defs that is changed by
+ system-tools-backends (LP: #316756).
+
+ -- Kees Cook <kees at ubuntu.com> Fri, 03 Apr 2009 14:33:43 -0700
+
+shadow (1:4.1.1-6ubuntu4) jaunty; urgency=low
+
+ * debian/patches/593_omit_lastchange_field_if_clock_is_misset (LP: #349504)
+ - If the system clock is set to Jan 01, 1970, and a new user is created
+ the last changed field gets set to 0, which tells login that the
+ password is expired and must be changed. During installation,
+ this can cause autologin to fail. Having the clock set to 01/01/1970
+ on a fresh install is common on the ARM architecture, so this is a high
+ priority bug since its likely to affect most ARM users on first install
+
+ -- Michael Casadevall <mcasadevall at ubuntu.com> Thu, 02 Apr 2009 14:05:31 -0400
+
+shadow (1:4.1.1-6ubuntu3) jaunty; urgency=low
+
+ [ Bryan McLellan ]
+ * Don't do the vm-builder root password check on fresh installations
+ (LP: #340841).
+
+ -- Colin Watson <cjwatson at ubuntu.com> Tue, 17 Mar 2009 13:32:55 +0000
+
+shadow (1:4.1.1-6ubuntu2) jaunty; urgency=low
+
+ * debian/securetty.linux (LP: #316841)
+ - Updated securetty support for Freescale MX-series boards
+
+ -- Michael Casadevall <sonicmctails at gmail.com> Tue, 13 Jan 2009 12:56:38 -0500
+
+shadow (1:4.1.1-6ubuntu1) jaunty; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - Ubuntu specific:
+ + debian/login.pam: Enable SELinux support in login.pam.
+ + debian/rules: regenerate autoconf to avoid libtool-caused FTBFS.
+ + debian/login.defs: use SHA512 by default for password crypt routine.
+ + debian/passwd.postinst: disable the root password for virtual
+ machines created with vm-builder on Ubuntu 8.10.
+ - debian/patches/stdout-encrypted-password.patch: allow chpasswd to
+ report encrypted passwords to stdout for tools needing encrypted
+ passwords (debian bug 505640).
+
+ -- Kees Cook <kees at ubuntu.com> Mon, 08 Dec 2008 00:44:46 -0800
+
+shadow (1:4.1.1-6) unstable; urgency=medium
+
+ * The "Rollot" release.
+ * debian/patches/303_login_symlink_attack: Fix a race condition that could
+ lead to gaining ownership or changing mode of arbitrary files.
+ Closes: #505271
+ * debian/patches/304_su.1_synopsis: Fix the su synopsis. username is
+ referenced in the manpage, not LOGIN. Closes: #501830
+ * debian/patches/305_login.1_japanese: Fix the path of the utmp and wtmp
+ files. Closes: #501353
+
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Fri, 14 Nov 2008 21:52:42 +0100
+
+shadow (1:4.1.1-5ubuntu3) jaunty; urgency=low
+
+ * disable the root password for virtual machines created with vm-builder
+ on Ubuntu 8.10. (LP: #296841)
+
+ -- Jamie Strandboge <jamie at ubuntu.com> Thu, 13 Nov 2008 20:32:42 -0600
+
+shadow (1:4.1.1-5ubuntu2) jaunty; urgency=low
+
+ * debian/login.defs: use SHA512 by default for password crypt routine
+ (LP: #51551, currently Ubuntu specific).
+ * debian/patches/stdout-encrypted-password.patch: allow chpasswd to report
+ encrypted passwords to stdout for tools needing encrypted passwords
+ (debian bug 505640).
+ * debian/rules: regenerate autoconf to avoid libtool-caused FTBFS.
+
+ -- Kees Cook <kees at ubuntu.com> Thu, 13 Nov 2008 16:43:48 -0800
+
+shadow (1:4.1.1-5ubuntu1) jaunty; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - debian/login.pam: Enable SELinux support in login.pam.
+
+ -- Scott James Remnant <scott at ubuntu.com> Wed, 05 Nov 2008 07:26:43 +0000
+
+shadow (1:4.1.1-5) unstable; urgency=low
+
+ * The "Bergues" release.
+ * debian/login.pam: restore the Etch behavior of pam_securetty.so in case of
+ unknown user. Closes: #443322, #495831
+
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Sun, 14 Sep 2008 19:13:34 +0200
+
shadow (1:4.1.1-4) unstable; urgency=low
* The "Rocamadour" release.
@@ -508,6 +794,13 @@ shadow (1:4.1.1-2) unstable; urgency=low
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Fri, 13 Jun 2008 01:27:16 +0200
+shadow (1:4.1.1-1ubuntu1) intrepid; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - debian/login.pam: Enable SELinux support in login.pam.
+
+ -- Kees Cook <kees at ubuntu.com> Mon, 09 Jun 2008 10:08:38 -0700
+
shadow (1:4.1.1-1) unstable; urgency=low
* New upstream release. This closes the following bugs:
@@ -633,6 +926,20 @@ shadow (1:4.1.0-1) unstable; urgency=low
-- Christian Perrier <bubulle at debian.org> Sat, 12 Jan 2008 20:40:02 +0100
+shadow (1:4.0.18.2-1ubuntu2) hardy; urgency=low
+
+ * Add 498_make_useradd_faster_with_ldap: make useradd faster when
+ nsswitch uses LDAP or some other remote names database (LP: #120015),
+ thanks to Vince Busam.
+
+ -- Matt T. Proud <mtp at google.com> Fri, 08 Feb 2008 18:30:51 -0800
+
+shadow (1:4.0.18.2-1ubuntu1) hardy; urgency=low
+
+ * debian/login.pam: Enable SELinux support in login.pam (LP: #191326).
+
+ -- Caleb Case <ccase at tresys.com> Fri, 08 Feb 2008 02:20:06 -0500
+
shadow (1:4.0.18.2-1) unstable; urgency=low
* The "Vacherin" release.
@@ -1575,7 +1882,7 @@ shadow (1:4.0.12-5) unstable; urgency=lo
* Really add /etc/pam.d/su. Closes: #330291
-- Christian Perrier <bubulle at debian.org> Wed, 28 Sep 2005 19:59:31 +0200
-
+
shadow (1:4.0.12-4) unstable; urgency=low
* The "Epoisses" release
@@ -2907,7 +3214,7 @@ shadow (20000902-6.1) unstable; urgency=
* Upgrade to latest config.sub and config.guess. Closes: #88547
-- Gerhard Tonn <gt at debian.org> Fri, 1 Jun 2001 20:38:43 +0200
-
+
shadow (20000902-6) unstable; urgency=medium
* actually set root's password when appropriate
diff -pruN 1:4.1.5.1-1/debian/control 1:4.1.5.1-1ubuntu2/debian/control
--- 1:4.1.5.1-1/debian/control 2013-01-02 19:05:55.000000000 +0000
+++ 1:4.1.5.1-1ubuntu2/debian/control 2013-01-02 19:05:56.000000000 +0000
@@ -1,7 +1,8 @@
Source: shadow
Section: admin
Priority: required
-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
+XSBC-Original-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
Standards-Version: 3.9.3
Uploaders: Christian Perrier <bubulle at debian.org>, Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>
Build-Depends: autoconf, automake1.9, libtool, gettext, libpam0g-dev, debhelper (>= 6.0.7~), quilt, dpkg-dev (>= 1.13.5), xsltproc, docbook-xsl, docbook-xml, libxml2-utils, cdbs, libselinux1-dev [linux-any], libsemanage1-dev [linux-any], gnome-doc-utils (>= 0.4.3)
diff -pruN 1:4.1.5.1-1/debian/login.defs 1:4.1.5.1-1ubuntu2/debian/login.defs
--- 1:4.1.5.1-1/debian/login.defs 2013-01-02 19:05:55.000000000 +0000
+++ 1:4.1.5.1-1ubuntu2/debian/login.defs 2013-01-02 19:05:56.000000000 +0000
@@ -139,6 +139,11 @@ TTYPERM 0600
# There is no One True Answer here : each sysadmin must make up his/her
# mind.
#
+# If USERGROUPS_ENAB is set to "yes", that will modify this UMASK default value
+# for private user groups, i. e. the uid is the same as gid, and username is
+# the same as the primary group name: for these, the user permissions will be
+# used as group permissions, e. g. 022 will become 002.
+#
# Prefix these values with "0" to get octal, "0x" to get hexadecimal.
#
ERASECHAR 0177
@@ -209,13 +214,14 @@ DEFAULT_HOME yes
#USERDEL_CMD /usr/sbin/userdel_local
#
+# Enable setting of the umask group bits to be the same as owner bits
+# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
+# the same as gid, and username is the same as the primary group name.
+#
# If set to yes, userdel will remove the user´s group if it contains no
# more members, and useradd will create by default a group with the name
# of the user.
#
-# Other former uses of this variable such as setting the umask when
-# user==primary group are not used in PAM environments, such as Debian
-#
USERGROUPS_ENAB yes
#
diff -pruN 1:4.1.5.1-1/debian/passwd.upstart 1:4.1.5.1-1ubuntu2/debian/passwd.upstart
--- 1:4.1.5.1-1/debian/passwd.upstart 1970-01-01 00:00:00.000000000 +0000
+++ 1:4.1.5.1-1ubuntu2/debian/passwd.upstart 2013-01-02 19:05:56.000000000 +0000
@@ -0,0 +1,18 @@
+# passwd - clear locks on passwd and related files
+#
+# Copyright 2012 Canonical Ltd.
+# Author: Dmitrijs Ledkovs
+#
+# This helper clears locks on passwd to avoid million duplicate bug reports
+# like this one: https://launchpad.net/bugs/523896
+# Ideally we'd know what lock-up, and doesn't clear the lock, and fix that.
+# But it appears to be safe enough to clear them unconditionally on boot.
+#
+
+description "Clear passwd locks"
+
+start on filesystem
+
+task
+
+exec rm -f /etc/gshadow.lock /etc/shadow.lock /etc/passwd.lock /etc/group.lock
diff -pruN 1:4.1.5.1-1/debian/patches/495_stdout-encrypted-password 1:4.1.5.1-1ubuntu2/debian/patches/495_stdout-encrypted-password
--- 1:4.1.5.1-1/debian/patches/495_stdout-encrypted-password 1970-01-01 00:00:00.000000000 +0000
+++ 1:4.1.5.1-1ubuntu2/debian/patches/495_stdout-encrypted-password 2013-01-02 19:05:56.000000000 +0000
@@ -0,0 +1,129 @@
+## Description: add some description
+## Origin/Author: add some origin or author
+## Bug: bug URL
+Index: b/man/chpasswd.8.xml
+===================================================================
+--- a/man/chpasswd.8.xml
++++ b/man/chpasswd.8.xml
+@@ -169,6 +169,12 @@
+ </variablelist>
+ <variablelist remap='IP'>
+ <varlistentry>
++ <term><option>-S</option>, <option>--stdout</option></term>
++ <listitem>
++ <para>Report encrypted passwords to stdout instead of updating password file.</para>
++ </listitem>
++ </varlistentry>
++ <varlistentry>
+ <term><option>-h</option>, <option>--help</option></term>
+ <listitem>
+ <para>Display help message and exit.</para>
+Index: b/src/chpasswd.c
+===================================================================
+--- a/src/chpasswd.c
++++ b/src/chpasswd.c
+@@ -71,6 +71,8 @@
+ static bool pw_locked = false;
+ static bool spw_locked = false;
+
++static int use_stdout = 0;
++
+ /* local function prototypes */
+ static void fail_exit (int code);
+ static /*@noreturn@*/void usage (int status);
+@@ -134,6 +136,9 @@
+ " crypt algorithms\n"),
+ usageout);
+ #endif /* USE_SHA_CRYPT */
++ (void) fputs (_(" -S, --stdout report encrypted passwords to stdout\n"
++ " instead of changing the passwd file\n"),
++ usageout);
+ (void) fputs ("\n", usageout);
+
+ exit (status);
+@@ -156,14 +161,15 @@
+ #ifdef USE_SHA_CRYPT
+ {"sha-rounds", required_argument, NULL, 's'},
+ #endif /* USE_SHA_CRYPT */
++ {"stdout", no_argument, NULL, 'S'},
+ {NULL, 0, NULL, '\0'}
+ };
+
+ while ((c = getopt_long (argc, argv,
+ #ifdef USE_SHA_CRYPT
+- "c:ehmR:s:",
++ "c:ehmR:s:S",
+ #else /* !USE_SHA_CRYPT */
+- "c:ehmR:",
++ "c:ehmR:S",
+ #endif /* !USE_SHA_CRYPT */
+ long_options, NULL)) != -1) {
+ switch (c) {
+@@ -192,6 +198,9 @@
+ }
+ break;
+ #endif /* USE_SHA_CRYPT */
++ case 'S':
++ use_stdout = 1;
++ break;
+ default:
+ usage (E_USAGE);
+ /*@notreached@*/break;
+@@ -255,6 +264,7 @@
+ */
+ static void check_perms (void)
+ {
++ if (use_stdout) return;
+ #ifdef USE_PAM
+ #ifdef ACCT_TOOLS_SETUID
+ /* If chpasswd uses PAM and is SUID, check the permissions,
+@@ -405,17 +415,19 @@
+
+ OPENLOG ("chpasswd");
+
++ if (!use_stdout) {
+ check_perms ();
+
+ #ifdef USE_PAM
+- if (!use_pam)
++ if (!use_pam) {
+ #endif /* USE_PAM */
+- {
+ is_shadow_pwd = spw_file_present ();
+
+ open_files ();
++#ifdef USE_PAM
++ }
++#endif /* USE_PAM */
+ }
+-
+ /*
+ * Read each line, separating the user name from the password. The
+ * password entry for each user will be looked up in the appropriate
+@@ -493,6 +505,10 @@
+ cp = pw_encrypt (newpwd,
+ crypt_make_salt(crypt_method, arg));
+ }
++ if (use_stdout) {
++ fprintf (stdout, "%s:%s\n", name, cp);
++ continue;
++ }
+
+ /*
+ * Get the password file entry for this user. The user must
+@@ -608,6 +624,7 @@
+ fail_exit (1);
+ }
+
++ if (!use_stdout) {
+ #ifdef USE_PAM
+ if (!use_pam)
+ #endif /* USE_PAM */
+@@ -617,6 +634,7 @@
+ }
+
+ nscd_flush_cache ("passwd");
++ }
+
+ return (0);
+ }
diff -pruN 1:4.1.5.1-1/debian/patches/series 1:4.1.5.1-1ubuntu2/debian/patches/series
--- 1:4.1.5.1-1/debian/patches/series 2013-01-02 19:05:55.000000000 +0000
+++ 1:4.1.5.1-1ubuntu2/debian/patches/series 2013-01-02 19:05:56.000000000 +0000
@@ -16,3 +16,5 @@
523_su_arguments_are_no_more_concatenated_by_default
508_nologin_in_usr_sbin
505_useradd_recommend_adduser
+495_stdout-encrypted-password
+
diff -pruN 1:4.1.5.1-1/debian/rules 1:4.1.5.1-1ubuntu2/debian/rules
--- 1:4.1.5.1-1/debian/rules 2013-01-02 19:05:55.000000000 +0000
+++ 1:4.1.5.1-1ubuntu2/debian/rules 2013-01-02 19:05:56.000000000 +0000
@@ -19,6 +19,11 @@ DEB_DH_INSTALL_SOURCEDIR=debian/tmp
# the other arch, DEB_DESTDIR already points to debian/tmp)
DEB_DESTDIR=$(CURDIR)/debian/tmp
+## Ubuntu
+# Upstart job for clearing locks
+DEB_DH_INSTALLINIT_ARGS=--upstart-only --no-start
+##
+
include /usr/share/cdbs/1/class/autotools.mk
# Automatically update autoconf, etc.
DEB_AUTO_UPDATE_ACLOCAL = 1.9
@@ -41,6 +46,8 @@ binary-install/login::
dh_installpam -p login --name=su
install -c -m 444 debian/login.defs debian/login/etc/login.defs
install -c -m 444 debian/securetty.$(DEB_HOST_ARCH_OS) debian/login/etc/securetty
+ install -d debian/login/usr/share/apport/package-hooks
+ install -c -m 644 debian/source_shadow.py debian/login/usr/share/apport/package-hooks/source_shadow.py
dh_lintian -p login
binary-install/passwd::
diff -pruN 1:4.1.5.1-1/debian/securetty.linux 1:4.1.5.1-1ubuntu2/debian/securetty.linux
--- 1:4.1.5.1-1/debian/securetty.linux 2013-01-02 19:05:55.000000000 +0000
+++ 1:4.1.5.1-1ubuntu2/debian/securetty.linux 2013-01-02 19:05:56.000000000 +0000
@@ -385,6 +385,13 @@ ttymxc3
ttymxc4
ttymxc5
+# LXC (Linux Containers)
+lxc/console
+lxc/tty1
+lxc/tty2
+lxc/tty3
+lxc/tty4
+
# Serial Console for MIPS Swarm
duart0
duart1
diff -pruN 1:4.1.5.1-1/debian/source_shadow.py 1:4.1.5.1-1ubuntu2/debian/source_shadow.py
--- 1:4.1.5.1-1/debian/source_shadow.py 1970-01-01 00:00:00.000000000 +0000
+++ 1:4.1.5.1-1ubuntu2/debian/source_shadow.py 2013-01-02 19:05:56.000000000 +0000
@@ -0,0 +1,26 @@
+#!/usr/bin/python
+
+'''Apport package hook for shadow
+
+(c) 2010 Canonical Ltd.
+Contributors:
+Marc Deslauriers <marc.deslauriers at canonical.com>
+
+This program is free software; you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by the
+Free Software Foundation; either version 2 of the License, or (at your
+option) any later version. See http://www.gnu.org/copyleft/gpl.html for
+the full text of the license.
+'''
+
+from apport.hookutils import *
+
+def add_info(report):
+
+ attach_file_if_exists(report, '/etc/login.defs', 'LoginDefs')
+
+if __name__ == '__main__':
+ report = {}
+ add_info(report)
+ for key in report:
+ print('[%s]\n%s' % (key, report[key]))
More information about the Pkg-shadow-devel
mailing list