[Pkg-shadow-devel] Ubuntu (new upstream) shadow 1:4.8-1ubuntu1

Ubuntu Merge-o-Matic mom at ubuntu.com
Thu Jan 23 13:40:41 GMT 2020


This e-mail has been sent due to an upload to Ubuntu of a new upstream
version which still contains Ubuntu changes.  It contains the difference
between the Ubuntu version and the equivalent base version in Debian, note
that this difference may include the upstream changes.
-------------- next part --------------
Format: 1.8
Date: Mon, 20 Jan 2020 15:16:35 +0100
Source: shadow
Binary: passwd login uidmap
Architecture: source
Version: 1:4.8-1ubuntu1
Distribution: focal
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Balint Reczey <rbalint at ubuntu.com>
Description: 
 login      - system login tools
 passwd     - change and administer password and group data
 uidmap     - programs to help use subuids
Closes: 607073 731656 771675 808301 830255 879903 881889 893944 917893 920764 927576 932017 934473
Changes: 
 shadow (1:4.8-1ubuntu1) focal; urgency=medium
 .
   * Merge from Debian unstable.  Remaining changes:
     - debian/login.defs:
       + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
         handling does not only apply to "former (pre-PAM) uses".
       + Update documentation of UMASK: Explain that USERGROUPS_ENAB
         will modify this default for UPGs.
     - debian/{source_shadow.py,login.install}: Add apport hook
     - debian/patches/1010_extrausers.patch: Add support to passwd for
       libnss-extrausers
     - debian/patches/1011_extrausers_toggle.patch: extrausers support for
       useradd and groupadd
     - debian/patches/1014_extrausers_delgroup.patch
       + add --extrausers option to "groupdel"
     - debian/patches/1013_extrausers_deluser.patch
       + add --extrausers option to "userdel"
     - debian/patches/1012_extrausers_chfn.patch:
       + add support for --extrausers to the chfn tool
     - debian/patches/1015_add_zsys_support.patch:
       + Call zsys to handle home directory if available.
     - debian/passwd.maintscripts: Clean up upstart configuration
 .
 shadow (1:4.8-1) unstable; urgency=medium
 .
   [ Laurent Bigonville ]
   * Move the call to pam_motd before pam_selinux open
 .
   [ Justin B Rye ]
   * login: Update package description (Closes: #808301)
 .
   [ Yuriy M. Kaminskiy ]
   * Mark uidmap and login as Multi-Arch: foreign (Closes: #934473)
 .
   [ Andreas Henriksson ]
   * New upstream release.
     - man: generate translations using itstool instead of xml2po
   * Replace gnome-doc-utils build-dep with itstool (Closes: #881889)
   * Use explicit --without-su configure flag
   * Refresh and massage patches to apply
   * Cherry-pick upstream patch reverting bindir/sbindir
   * Fix lintian warning useless-autoreconf-build-depends
 .
   [ Balint Reczey ]
   * debian/login.su.pam: Drop unused file
 .
 shadow (1:4.7-2) unstable; urgency=medium
 .
   [ Balint Reczey ]
   * Remove obsolete /etc/cron.daily/passwd in maintainer scripts
     (Closes: #932017)
   * Remove Christian Perrier from Uploaders according to his request.
     Thank you for maintaining shadow for long years! (Closes: #893944, #927576)
 .
   [ Gaudenz Steinlin ]
   * Improve NEWS entry about securetty.
 .
 shadow (1:4.7-1) unstable; urgency=medium
 .
   [ Ond��ej Nov�� ]
   * d/changelog: Remove trailing whitespaces
 .
   [ Niels Thykier ]
   * Declare the explicit requirement for (fake)root.
     The shadow package currently requires (fake)root to produce the debs
     due to static non-root:root ownerships in the debs.
 .
   [ Bryan Quigley ]
   * Remove cron daily backup.
     It was added in 2010 (#554170) as a split off from a previous cron
     job.  I haven't seen an argument for why it's useful to keep.
     Depending on when a mistake occurs in one of the files it backups
     it will provide variable recovery time of 0 to 24hours.
 .
   [ Balint Reczey ]
   * Add Salsa CI configuration
   * Drop Lintian override for su, it is not shipped in login anymore
   * Stop shipping and honoring /etc/securetty
     (Closes: #731656, #830255, #879903, #920764, #771675, #917893, #607073)
   * Migrate to dh from cdbs
   * Ship some missing man files
   * Fix checking upstream tarball's OpenPGP signature
   * New upstream version 4.7
   * Refresh patches
   * Run autopkgtest in Salsa CI when it exists
   * debian/NEWS: Fix version of latest entry
   * Clean up /etc/securetty properly on upgrade
Checksums-Sha1: 
 e03d2c42fdbf1fd45e1892f651dfa38e86b0fdcc 2308 shadow_4.8-1ubuntu1.dsc
 c8bf8b5231b17a128ca920845ec8c772cf701a44 84704 shadow_4.8-1ubuntu1.debian.tar.xz
Checksums-Sha256: 
 6faf9d99618e2a05aa7a9f5a82a812024e4fd876e7e71a15cd3c938f93b74510 2308 shadow_4.8-1ubuntu1.dsc
 4e1d2b4c0f3163f28eb270370ca44f40e5402911dcff28f315bc430523480daf 84704 shadow_4.8-1ubuntu1.debian.tar.xz
Files: 
 e5fe4addd0bbb3cd3cbe2f23678a7c3b 2308 admin required shadow_4.8-1ubuntu1.dsc
 0c5522f28bb32421e64beaeaff525758 84704 admin required shadow_4.8-1ubuntu1.debian.tar.xz
Original-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
-------------- next part --------------
diff -pruN 1:4.8-1/debian/changelog 1:4.8-1ubuntu1/debian/changelog
--- 1:4.8-1/debian/changelog	2019-12-20 15:39:40.000000000 +0000
+++ 1:4.8-1ubuntu1/debian/changelog	2020-01-20 14:16:35.000000000 +0000
@@ -1,3 +1,28 @@
+shadow (1:4.8-1ubuntu1) focal; urgency=medium
+
+  * Merge from Debian unstable.  Remaining changes:
+    - debian/login.defs:
+      + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+        handling does not only apply to "former (pre-PAM) uses".
+      + Update documentation of UMASK: Explain that USERGROUPS_ENAB
+        will modify this default for UPGs.
+    - debian/{source_shadow.py,login.install}: Add apport hook
+    - debian/patches/1010_extrausers.patch: Add support to passwd for
+      libnss-extrausers
+    - debian/patches/1011_extrausers_toggle.patch: extrausers support for
+      useradd and groupadd
+    - debian/patches/1014_extrausers_delgroup.patch
+      + add --extrausers option to "groupdel"
+    - debian/patches/1013_extrausers_deluser.patch
+      + add --extrausers option to "userdel"
+    - debian/patches/1012_extrausers_chfn.patch:
+      + add support for --extrausers to the chfn tool
+    - debian/patches/1015_add_zsys_support.patch:
+      + Call zsys to handle home directory if available.
+    - debian/passwd.maintscripts: Clean up upstart configuration
+
+ -- Balint Reczey <rbalint at ubuntu.com>  Mon, 20 Jan 2020 15:16:35 +0100
+
 shadow (1:4.8-1) unstable; urgency=medium
 
   [ Laurent Bigonville ]
@@ -69,6 +94,53 @@ shadow (1:4.7-1) unstable; urgency=mediu
 
  -- Balint Reczey <rbalint at ubuntu.com>  Mon, 08 Jul 2019 15:58:46 +0200
 
+shadow (1:4.5-1.1ubuntu4) eoan; urgency=medium
+
+  * debian/patches/1015_add_zsys_support.patch:
+    - Call zsys to handle home directory if available.
+    We call zsys to handle dataset creation for zsys system in a separate
+    home dataset for each user on the system.
+    This allows one to handle user dataset outside of /home and also renaming.
+    We don't support yet deletion, as removing the dataset would remove as
+    well every snapshot of the history, and so, revert to previous version
+    will result in user created, but no home directory, which is unwanted.
+    (LP: #1842902)
+
+ -- Didier Roche <didrocks at ubuntu.com>  Thu, 29 Aug 2019 15:00:07 +0200
+
+shadow (1:4.5-1.1ubuntu3) eoan; urgency=medium
+
+  * debian/patches/1014_extrausers_delgroup.patch
+    - add --extrausers option to "groupdel" (LP: #1840375)
+
+ -- Michael Vogt <michael.vogt at ubuntu.com>  Wed, 21 Aug 2019 11:40:17 +0200
+
+shadow (1:4.5-1.1ubuntu2) disco; urgency=medium
+
+  * debian/patches/1013_extrausers_deluser.patch
+    - add --extrausers option to "userdel" (LP: #1659534)
+
+ -- Michael Vogt <michael.vogt at ubuntu.com>  Fri, 22 Mar 2019 19:32:50 +0100
+
+shadow (1:4.5-1.1ubuntu1) disco; urgency=low
+
+  * Merge from Debian unstable.  Remaining changes:
+    - debian/login.defs:
+      + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+        handling does not only apply to "former (pre-PAM) uses".
+      + Update documentation of UMASK: Explain that USERGROUPS_ENAB
+        will modify this default for UPGs.
+    - debian/{source_shadow.py,rules}: Add apport hook
+    - debian/patches/1010_extrausers.patch: Add support to passwd for
+      libnss-extrausers
+    - debian/patches/1011_extrausers_toggle.patch: extrausers support for
+      useradd and groupadd
+    - debian/patches/1012_extrausers_chfn.patch: add support for
+      --extrausers to the chfn tool
+    - debian/passwd.maintscripts: Clean up upstart configuration
+
+ -- Steve Langasek <steve.langasek at ubuntu.com>  Thu, 24 Jan 2019 15:46:48 -0800
+
 shadow (1:4.5-1.1) unstable; urgency=medium
 
   * Non-maintainer upload (greetings from DebCamp/DebConf Taiwan).
@@ -82,6 +154,42 @@ shadow (1:4.5-1.1) unstable; urgency=med
 
  -- Andreas Henriksson <andreas at fatal.se>  Fri, 27 Jul 2018 10:07:37 +0200
 
+shadow (1:4.5-1ubuntu1) bionic; urgency=medium
+
+  * Merge with Debian; remaining changes:
+    - debian/login.defs:
+      + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+        handling does not only apply to "former (pre-PAM) uses".
+      + Update documentation of UMASK: Explain that USERGROUPS_ENAB
+        will modify this default for UPGs.
+    - debian/{source_shadow.py,rules}: Add apport hook
+    - debian/patches/1010_extrausers.patch: Add support to passwd for
+      libnss-extrausers
+    - debian/patches/1011_extrausers_toggle.patch: extrausers support for
+      useradd and groupadd
+    - debian/patches/1012_extrausers_chfn.patch: add support for
+      --extrausers to the chfn tool
+    - debian/passwd.maintscripts: Clean up upstart configuration
+  * Dropped changes, included in Debian:
+    - Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
+      /etc/update-motd.d/* scripts twice.
+  * Dropped changes, included upstream:
+    - debian/patches/userns/subuids-nonlocal-users: Don't limit
+      subuid/subgid support to local users.
+    - debian/patches/1021_no_subuids_for_system_users.patch
+    - debian/patches/CVE-2017-2616.patch: Check process's exit status before
+      sending signal
+    - debian/patches/CVE-2017-2616-regression.patch: Do not reset the
+      pid_child to 0 if the child process is still running.
+    - CVE-2017-2616
+    - debian/patches/CVE-2016-6252.patch: parse directly into unsigned long
+    - CVE-2016-6252
+  * Dropped obsoleted changes:
+    - debian/rules: setting DEB_*_INSTALLINIT_ARGS became obsolete after
+      switching to passwd.tmpfile from passwd.service
+
+ -- Balint Reczey <rbalint at ubuntu.com>  Thu, 25 Jan 2018 16:09:22 +0100
+
 shadow (1:4.5-1) unstable; urgency=medium
 
   * New upstream version 4.5
@@ -217,6 +325,86 @@ shadow (1:4.2-3.3) unstable; urgency=med
 
  -- Samuel Thibault <sthibault at debian.org>  Tue, 22 Nov 2016 18:31:28 +0000
 
+shadow (1:4.2-3.2ubuntu4) artful; urgency=medium
+
+  * Drop upstart system jobs.
+
+ -- Dimitri John Ledkov <xnox at ubuntu.com>  Mon, 21 Aug 2017 00:56:14 +0100
+
+shadow (1:4.2-3.2ubuntu2) artful; urgency=medium
+
+  * SECURITY UPDATE: su could be used to kill arbitrary processes.
+    - debian/patches/CVE-2017-2616.patch: Check process's exit status before
+      sending signal
+    - debian/patches/CVE-2017-2616-regression.patch: Do not reset the
+      pid_child to 0 if the child process is still running.
+    - CVE-2017-2616
+  * SECURITY UPDATE: getulong() function could accidentally parse negative
+    numbers as large positive numbers.
+    - debian/patches/CVE-2016-6252.patch: parse directly into unsigned long
+    - CVE-2016-6252
+
+ -- Seth Arnold <seth.arnold at canonical.com>  Thu, 18 May 2017 14:39:32 -0400
+
+shadow (1:4.2-3.2ubuntu1) yakkety; urgency=medium
+
+  * Merge with Debian; remaining changes:
+    - debian/passwd.upstart: Add an upstart job to clear locks on
+      [shadow-]passwd/group.
+    - debian/login.defs:
+      + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+        handling does not only apply to "former (pre-PAM) uses".
+      + Update documentation of UMASK: Explain that USERGROUPS_ENAB
+        will modify this default for UPGs.
+    - debian/{source_shadow.py,rules}: Add apport hook
+    - Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
+      /etc/update-motd.d/* scripts twice.
+    - debian/patches/1010_extrausers.patch: Add support to passwd for
+      libnss-extrausers
+    - debian/patches/1011_extrausers_toggle.patch: extrausers support for
+      useradd and groupadd
+    - debian/patches/userns/subuids-nonlocal-users: Don't limit
+      subuid/subgid support to local users.
+  * Dropped changes, included in Debian:
+    - Allow LXC devices (lxc/console, lxc/tty[1234]), used from precise on.
+    - Add uidmap package based on upstream patches that introduce
+      newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional
+      updates on those to widen the default allocation to 65536 uids and gids
+      and only assign ranges to non-system users.
+    - debian/patches/1020_fix_user_busy_errors: Call sub_uid_close in all
+      error cases.
+  * Dropped changes, included upstream:
+    - debian/patches/495_stdout-encrypted-password: chpasswd can report
+      password hashes on stdout.
+    - debian/patches/496_su_kill_process_group: Kill the child process group,
+      rather than just the immediate child.
+  * Fix pam_motd calls so that the second pam_motd is the noupdate one rather
+    than the first, ensuring /run/motd.dynamic is always populated and shown
+    on the first login after boot.  LP: #1368864.
+  * Don't call 'pam_exec uname', a change adopted in Debian without
+    coordination with the Debian PAM maintainer
+  * Use dh_installinit now for installing the upstart job, as we no longer
+    generate a dependency on upstart-job.
+  * Include /etc/sub[ug]id in the list of files to clear locks for on boot.
+    LP: #1304505
+  * Add a systemd unit to go with the upstart job, so that lock clearing works
+    on newer Ubuntu releases.
+  * add support for "chfn --extrausers" (LP: #1495580)
+  * debian/patches/1010_extrausers.patch:
+    - Fix usermod to handle a readonly /etc gracefully (LP: #1562872)
+  * debian/patches/1010_extrausers.patch:
+    - Fix usermod to look in extrausers location for basic changes to a
+      user's passwd info.  Fixes changing user's real name in Touch via
+      AccountsService.  (Does not address updating groups yet, since that's
+      less useful now, as we can't update any system groups.)
+  * d/p/1021_no_subuids_for_system_users.patch: fix the not creating subuids
+    for system users.  (LP: #1545884)
+  * Replace debian/passwd.service with debian/passwd.tmpfile, systemd tmpfile
+    handling has support for removing files for us on boot.  Thanks to
+    Martin Pitt <pitti at ubuntu.com> for the hint.
+
+ -- Matthias Klose <doko at ubuntu.com>  Tue, 20 Sep 2016 09:43:54 +0200
+
 shadow (1:4.2-3.2) unstable; urgency=medium
 
   * Non-maintainer upload.
@@ -226,6 +414,93 @@ shadow (1:4.2-3.2) unstable; urgency=med
 
  -- Mattia Rizzolo <mattia at debian.org>  Sun, 18 Sep 2016 14:42:16 +0000
 
+shadow (1:4.2-3.1ubuntu6) yakkety; urgency=medium
+
+  * add support for "chfn --extrausers" (LP: #1495580)
+
+ -- Michael Vogt <michael.vogt at ubuntu.com>  Thu, 23 Jun 2016 08:02:00 +0200
+
+shadow (1:4.2-3.1ubuntu5) xenial; urgency=medium
+
+  * debian/patches/1010_extrausers.patch:
+    - Fix usermod to handle a readonly /etc gracefully (LP: #1562872)
+
+ -- Michael Terry <mterry at ubuntu.com>  Mon, 28 Mar 2016 09:44:23 -0400
+
+shadow (1:4.2-3.1ubuntu4) xenial; urgency=medium
+
+  * debian/patches/1010_extrausers.patch:
+    - Fix usermod to look in extrausers location for basic changes to a
+      user's passwd info.  Fixes changing user's real name in Touch via
+      AccountsService.  (Does not address updating groups yet, since that's
+      less useful now, as we can't update any system groups.)
+
+ -- Michael Terry <mterry at ubuntu.com>  Wed, 02 Mar 2016 15:01:19 -0500
+
+shadow (1:4.2-3.1ubuntu3) xenial; urgency=medium
+
+  * d/p/1021_no_subuids_for_system_users.patch: fix the not creating subuids
+    for system users.  (LP: #1545884)
+
+ -- Serge Hallyn <serge.hallyn at ubuntu.com>  Wed, 17 Feb 2016 20:57:59 -0800
+
+shadow (1:4.2-3.1ubuntu2) xenial; urgency=medium
+
+  * Replace debian/passwd.service with debian/passwd.tmpfile, systemd tmpfile
+    handling has support for removing files for us on boot.  Thanks to
+    Martin Pitt <pitti at ubuntu.com> for the hint.
+
+ -- Steve Langasek <steve.langasek at ubuntu.com>  Thu, 04 Feb 2016 14:01:27 -0800
+
+shadow (1:4.2-3.1ubuntu1) xenial; urgency=low
+
+  * Merge from Debian unstable.
+    - Includes pam_loginuid in login PAM config.  LP: #1067779.
+    - Fixes typo in usermod -h output.  LP: #1348873.
+  * Remaining changes:
+    - debian/passwd.upstart: Add an upstart job to clear locks on
+      [shadow-]passwd/group.
+    - debian/login.defs:
+      + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+        handling does not only apply to "former (pre-PAM) uses".
+      + Update documentation of UMASK: Explain that USERGROUPS_ENAB
+        will modify this default for UPGs.
+    - debian/{source_shadow.py,rules}: Add apport hook
+    - Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
+      /etc/update-motd.d/* scripts twice.
+    - debian/patches/1010_extrausers.patch: Add support to passwd for
+      libnss-extrausers
+    - debian/patches/1011_extrausers_toggle.patch: extrausers support for
+      useradd and groupadd
+    - debian/patches/userns/subuids-nonlocal-users: Don't limit
+      subuid/subgid support to local users.
+  * Dropped changes, included in Debian:
+    - Allow LXC devices (lxc/console, lxc/tty[1234]), used from precise on.
+    - Add uidmap package based on upstream patches that introduce
+      newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional
+      updates on those to widen the default allocation to 65536 uids and gids
+      and only assign ranges to non-system users.
+    - debian/patches/1020_fix_user_busy_errors: Call sub_uid_close in all
+      error cases.
+  * Dropped changes, included upstream:
+    - debian/patches/495_stdout-encrypted-password: chpasswd can report
+      password hashes on stdout.
+    - debian/patches/496_su_kill_process_group: Kill the child process group,
+      rather than just the immediate child.
+  * Fix pam_motd calls so that the second pam_motd is the noupdate one rather
+    than the first, ensuring /run/motd.dynamic is always populated and shown
+    on the first login after boot.  LP: #1368864.
+  * Don't call 'pam_exec uname', a change adopted in Debian without
+    coordination with the Debian PAM maintainer
+  * Use dh_installinit now for installing the upstart job, as we no longer
+    generate a dependency on upstart-job.
+  * Include /etc/sub[ug]id in the list of files to clear locks for on boot.
+    LP: #1304505
+  * Add a systemd unit to go with the upstart job, so that lock clearing works
+    on newer Ubuntu releases.
+
+ -- Steve Langasek <steve.langasek at ubuntu.com>  Thu, 28 Jan 2016 22:21:41 -0800
+
 shadow (1:4.2-3.1) unstable; urgency=medium
 
   * Non-maintainer upload.
@@ -304,14 +579,14 @@ shadow (1:4.2-1) experimental; urgency=l
   * Add pam_loginuid to login PAM settings. Closes: #677441
   * passwd.install: add new subuid.5 and subgid.5 manpages
   * debian/rules, debian/control, debian/uidmap.install: create new uidmap
-    package containing the new setuid-root binaries newuidmap and newgidmap
+    package containing the new setuid-root binaries newuidmap and newgidmap 
     Set uidmap as priority optional.
   * debian/login.su.pam: Enable pam_limits by default. Closes: #705301
   * debian/rules: Set default editor to sensible-editor for vipw.
     Closes: #688252
 
   [ Micah Anderson ]
-  * added debian/patches/userns to enable use of subuids, plus some bugfix
+  * added debian/patches/userns to enable use of subuids, plus some bugfix 
     patches on top of them, patches from Eric Biederman, pulled from
     Ubuntu. Closes: #739981
   * Allow LXC devices (lxc/console, lxc/tty[1234]) in securetty.linux
@@ -324,7 +599,7 @@ shadow (1:4.2-1) experimental; urgency=l
   * Switch to dpkg-source 3.0 (quilt) format
   * Add build-dependency against bison
   * Call dh-autoreconf since we need to regenerate all the autofoo files
-
+  
   [ Philippe Gr��goire ]
   * Fix 1000_configure_userns to avoid dropping a needed #endif
     Closes: #744877
@@ -336,6 +611,79 @@ shadow (1:4.2-1) experimental; urgency=l
 
  -- Christian Perrier <bubulle at debian.org>  Tue, 22 Apr 2014 09:01:42 +0200
 
+shadow (1:4.1.5.1-1.1ubuntu7) wily; urgency=medium
+
+  * debian/patches/userns/subuids-nonlocal-users: Don't limit
+    subuid/subgid support to local users.  Closes LP: #1475749.
+
+ -- Steve Langasek <steve.langasek at ubuntu.com>  Mon, 20 Jul 2015 18:44:12 -0700
+
+shadow (1:4.1.5.1-1.1ubuntu6) wily; urgency=medium
+
+  * extrausers support for useradd and groupadd (LP: #1323732)
+
+ -- Sergio Schvezov <sergio.schvezov at canonical.com>  Thu, 25 Jun 2015 15:26:55 -0300
+
+shadow (1:4.1.5.1-1.1ubuntu5) wily; urgency=medium
+
+  * debian/rules: Re-enable audit support. (LP: #1414817)
+  * debian/control: add libaudit-dev to Build-Depends.
+
+ -- Mathieu Trudel-Lapierre <mathieu-tl at ubuntu.com>  Tue, 02 Jun 2015 10:46:18 -0400
+
+shadow (1:4.1.5.1-1.1ubuntu4) vivid; urgency=medium
+
+  * debian/patches/1020_fix_user_busy_errors:
+    - libmisc/user_busy.c: Call sub_uid_close in all error cases, otherwise
+      code that later opens it as RW fails obscurely. (LP: #1436937)
+
+ -- William Grant <wgrant at ubuntu.com>  Mon, 20 Apr 2015 18:41:47 +0100
+
+shadow (1:4.1.5.1-1.1ubuntu3) vivid; urgency=medium
+
+  * No change rebuild to get debug symbols for all architectures.
+
+ -- Brian Murray <brian at ubuntu.com>  Tue, 02 Dec 2014 11:39:38 -0800
+
+shadow (1:4.1.5.1-1.1ubuntu2) utopic; urgency=medium
+
+  * debian/patches/1010_extrausers.patch:
+    - Add support to passwd for libnss-extrausers by falling back to the
+      /var/lib/extrausers/ locations if it exists when updating
+      passwd or shadow.
+
+ -- Michael Terry <mterry at ubuntu.com>  Fri, 18 Jul 2014 10:00:44 -0400
+
+shadow (1:4.1.5.1-1.1ubuntu1) utopic; urgency=medium
+
+  * Merge from Debian unstable.  Remaining changes:
+     - debian/passwd.upstart: Add an upstrat job to clear locks on
+       [shadow-]passwd/group. (LP: #523896).
+     - Allow LXC devices (lxc/console, lxc/tty[1234]) that we'll start using
+       in LXC with Precise.
+     - debian/login.defs:
+       + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+         handling does not only apply to "former (pre-PAM) uses".
+       + Update documentation of UMASK: Explain that USERGROUPS_ENAB
+         will modify this default for UPGs. (Closes: #583971)
+     - debian/{source_shadow.py,rules}: Add apport hook
+     - debian/patches/495_stdout-encrypted-password: chpasswd can report
+       password hashes on stdout (Debian bug 505640).
+     - Install upstart job by-hand, instead of using dh_installinit to avoid
+       dependency on upstart-job.
+     - Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
+       /etc/update-motd.d/* scripts twice (LP: #1169558).
+     - debian/patches/496_su_kill_process_group: Kill the child process group,
+       rather than just the immediate child; this is needed now that su no
+       longer starts a controlling terminal when not running an interactive
+       shell (closes: #713979).
+     - Add uidmap package based on upstream patches that introduce
+       newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional
+       updates on those to widen the default allocation to 65536 uids and gids
+       and only assign ranges to non-system users.
+
+ -- St��phane Graber <stgraber at ubuntu.com>  Fri, 02 May 2014 15:17:15 -0400
+
 shadow (1:4.1.5.1-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
@@ -349,6 +697,103 @@ shadow (1:4.1.5.1-1.1) unstable; urgency
 
  -- Samuel Thibault <sthibault at debian.org>  Sun, 16 Mar 2014 20:58:24 +0100
 
+shadow (1:4.1.5.1-1ubuntu9) trusty; urgency=medium
+
+  * Set our subuid and subgid range to 65536 uids by default.
+  * Patch newusers to not add subuids and subgids to system users.
+  * Patch useradd to not add subuids and subgids to system users and to
+    regular users who don't fit between uid_min and uid_max.
+    (This is needed due to adduser not passing --system...)
+
+ -- St��phane Graber <stgraber at ubuntu.com>  Sun, 16 Feb 2014 19:33:48 -0500
+
+shadow (1:4.1.5.1-1ubuntu8) trusty; urgency=medium
+
+  * Fix postinst to create subuid and subgid when missing as those won't
+    get created by usermod or any of the other tools.
+
+ -- St��phane Graber <stgraber at ubuntu.com>  Fri, 17 Jan 2014 16:15:13 -0500
+
+shadow (1:4.1.5.1-1ubuntu7) trusty; urgency=medium
+
+  * Don't ship subuid/subgid as conffiles as that'll just cause problems
+    on upgrades. Instead simply touch them if they're not already present.
+
+ -- St��phane Graber <stgraber at ubuntu.com>  Sun, 12 Jan 2014 12:59:46 -0500
+
+shadow (1:4.1.5.1-1ubuntu6) saucy; urgency=low
+
+  * debian/patches/496_su_kill_process_group: Kill the child process group,
+    rather than just the immediate child; this is needed now that su no
+    longer starts a controlling terminal when not running an interactive
+    shell (closes: #713979).
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Fri, 26 Jul 2013 16:55:52 +0100
+
+shadow (1:4.1.5.1-1ubuntu5) saucy; urgency=low
+
+  [ Serge Hallyn ]
+  * debian/patches/userns: patches from Eric Biederman to enable use of
+    subuids, plus some bugfix patches on top of them. (LP: #1192864)
+  * passwd.install: add new manpages
+  * debian/control, debian/uidmap.install: create new uidmap package
+    containing the new setuid-root binaries newuidmap and newgidmap 
+  * debian/subuid, debian/rules: install a default /etc/subuid and /etc/subgid
+  * debian/patches/userns/16_add-argument-sanity-checking.patch: address
+    three sanity checking concerns brought up by sarnold at
+    http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2013-June/ \
+    009752.html.
+
+ -- Dmitrijs Ledkovs <dmitrij.ledkov at ubuntu.com>  Fri, 28 Jun 2013 11:31:51 +0100
+
+shadow (1:4.1.5.1-1ubuntu4) raring; urgency=low
+
+  * Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
+    /etc/update-motd.d/* scripts twice (LP: #1169558).
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Thu, 18 Apr 2013 01:01:45 +0100
+
+shadow (1:4.1.5.1-1ubuntu3) raring; urgency=low
+
+  * Install upstart job by-hand, instead of using dh_installinit to avoid
+    dependency on upstart-job.
+
+ -- Dmitrijs Ledkovs <dmitrij.ledkov at ubuntu.com>  Mon, 18 Mar 2013 03:23:31 +0000
+
+shadow (1:4.1.5.1-1ubuntu2) raring; urgency=low
+
+  * Revert build-dependency from gettext:any to gettext, now that gettext is
+    Multi-Arch: foreign.
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Thu, 29 Nov 2012 15:27:11 +0000
+
+shadow (1:4.1.5.1-1ubuntu1) raring; urgency=low
+
+  * The "Yorkshire Blue" release.
+  * Merge from Debian unstable.  Remaining changes:  
+     - debian/passwd.upstart: Add an upstrat job to clear locks on
+       [shadow-]passwd/group. (LP: #523896).
+     - Build-depend on gettext:any for cross-building support.
+     - Allow LXC devices (lxc/console, lxc/tty[1234]) that we'll start using
+       in LXC with Precise.
+     - debian/login.defs:
+       + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+         handling does not only apply to "former (pre-PAM) uses".
+       + Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify
+         this default for UPGs. (Closes: #583971)
+     - debian/{source_shadow.py,rules}: Add apport hook
+     - debian/patches/495_stdout-encrypted-password: chpasswd can report
+       password hashes on stdout (Debian bug 505640).
+
+  * Dropped changes, merged in Debian:
+     - Fix case of ttyAMA0-3 devices and move them near the ttyAM0-15 ones;
+       Debian #544184; fixes console on Vexpress boards (e.g. in QEMU).
+     - use SHA512 by default for password crypt routine.
+     - debian/rules: fix FTBFS from newer libtools
+     - Mark passwd Multi-Arch: foreign.
+  
+ -- Dmitrijs Ledkovs <dmitrij.ledkov at ubuntu.com>  Tue, 23 Oct 2012 09:59:19 +0100
+
 shadow (1:4.1.5.1-1) unstable; urgency=low
 
   * The "Gruy��re" release.
@@ -492,6 +937,68 @@ shadow (1:4.1.5-1) unstable; urgency=low
 
  -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>  Sun, 12 Feb 2012 22:27:03 +0100
 
+shadow (1:4.1.4.2+svn3283-3ubuntu7) quantal; urgency=low
+
+  * debian/passwd.upstart: Add an upstrat job to clear locks on
+    [shadow-]passwd/group. (LP: #523896).
+
+ -- Dmitrijs Ledkovs <dmitrij.ledkov at ubuntu.com>  Fri, 31 Aug 2012 13:00:33 +0100
+
+shadow (1:4.1.4.2+svn3283-3ubuntu6) quantal; urgency=low
+
+  * debian/source_shadow.py: Fix compatibility with python3. Thanks Edward
+    Donovan! (LP: #1013171)
+
+ -- Martin Pitt <martin.pitt at ubuntu.com>  Mon, 18 Jun 2012 15:09:54 +0200
+
+shadow (1:4.1.4.2+svn3283-3ubuntu5) precise; urgency=low
+
+  * Build-depend on gettext:any for cross-building support.
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Mon, 09 Apr 2012 00:28:03 +0100
+
+shadow (1:4.1.4.2+svn3283-3ubuntu4) precise; urgency=low
+
+  * Allow LXC devices (lxc/console, lxc/tty[1234]) that we'll start using
+    in LXC with Precise.
+
+ -- St��phane Graber <stgraber at ubuntu.com>  Fri, 10 Feb 2012 15:34:05 -0500
+
+shadow (1:4.1.4.2+svn3283-3ubuntu3) precise; urgency=low
+
+  * Fix case of ttyAMA0-3 devices and move them near the ttyAM0-15 ones;
+    Debian #544184; fixes console on Vexpress boards (e.g. in QEMU).
+
+ -- Lo��c Minier <loic.minier at ubuntu.com>  Wed, 30 Nov 2011 22:47:47 +0100
+
+shadow (1:4.1.4.2+svn3283-3ubuntu2) oneiric; urgency=low
+
+  * debian/login.defs:
+    - Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+      handling does not only apply to "former (pre-PAM) uses".
+    - Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify
+      this default for UPGs. (Closes: #583971)
+
+ -- Martin Pitt <martin.pitt at ubuntu.com>  Fri, 24 Jun 2011 11:07:34 +0200
+
+shadow (1:4.1.4.2+svn3283-3ubuntu1) natty; urgency=low
+
+  * The "string cheese" release.
+  * Merge from Debian unstable.  Remaining changes:
+    - Ubuntu specific:
+      + debian/login.defs: use SHA512 by default for password crypt routine.
+    - debian/{source_shadow.py,rules}: Add apport hook
+    - debian/rules: fix FTBFS from newer libtools
+    - debian/patches/495_stdout-encrypted-password: chpasswd can report
+      password hashes on stdout (Debian bug 505640).
+  * Dropped changes, merged in Debian:
+    - debian/patches/300_CVE-2011-0721: reject newlines in GECOS updates.
+    - CVE-2011-0721
+  * Mark passwd Multi-Arch: foreign, so packages that aren't of the same
+    arch can depend on it.
+
+ -- Steve Langasek <steve.langasek at ubuntu.com>  Sun, 20 Feb 2011 15:59:15 -0800
+
 shadow (1:4.1.4.2+svn3283-3) unstable; urgency=high
 
   * The "Trappe d'Echourgnac" release.
@@ -502,6 +1009,34 @@ shadow (1:4.1.4.2+svn3283-3) unstable; u
 
  -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>  Mon, 13 Feb 2011 23:20:05 +0100
 
+shadow (1:4.1.4.2+svn3283-2ubuntu3) natty; urgency=low
+
+  * SECURITY UPDATE: could inject NIS groups memberships into /etc/passwd.
+    - debian/patches/300_CVE-2011-0721: reject newlines in GECOS updates.
+    - CVE-2011-0721
+
+ -- Kees Cook <kees at ubuntu.com>  Tue, 15 Feb 2011 13:57:01 -0800
+
+shadow (1:4.1.4.2+svn3283-2ubuntu2) natty; urgency=low
+
+  * debian/patches/495_stdout-encrypted-password: adjust patch for changes 
+    in src/chpasswd.c to fix FTBFS
+
+ -- Oliver Grawert <ogra at ubuntu.com>  Tue, 04 Jan 2011 15:48:49 +0100
+
+shadow (1:4.1.4.2+svn3283-2ubuntu1) natty; urgency=low
+
+  * Merge from debian unstable.  Remaining changes:
+    - Ubuntu specific:
+      + debian/login.defs: use SHA512 by default for password crypt routine.
+    - debian/{source_shadow.py,rules}: Add apport hook
+    - debian/rules: fix FTBFS from newer libtools
+    - debian/patches/495_stdout-encrypted-password: chpasswd can report
+      password hashes on stdout (Debian bug 505640).
+    - Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.
+
+ -- Oliver Grawert <ogra at ubuntu.com>  Wed, 24 Nov 2010 13:42:42 +0100
+
 shadow (1:4.1.4.2+svn3283-2) unstable; urgency=low
 
   * The "Bleu du Vercors-Sassenage" release.
@@ -573,6 +1108,32 @@ shadow (1:4.1.4.2+svn3283-1) unstable; u
 
  -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>  Sun, 29 Aug 2010 21:14:12 +0200
 
+shadow (1:4.1.4.2-1ubuntu3) maverick; urgency=low
+
+  * add ttyO0-3 to debian/securetty.linux, if OMAP kernels are built with
+    TI's DMA-offloaded driver instead of the default 8250 one the serial tty's
+    are called like that (LP: #512845).
+
+ -- Oliver Grawert <ogra at ubuntu.com>  Tue, 31 Aug 2010 14:45:17 +0200
+
+shadow (1:4.1.4.2-1ubuntu2) lucid; urgency=low
+
+  * debian/{source_shadow.py,rules}: Add apport hook
+  * debian/rules: fix FTBFS from newer libtools
+
+ -- Marc Deslauriers <marc.deslauriers at ubuntu.com>  Tue, 26 Jan 2010 08:54:59 -0500
+
+shadow (1:4.1.4.2-1ubuntu1) lucid; urgency=low
+
+  * Merged with debian unstable. Remaning changes (LP: #477299):
+    - Ubuntu specific:
+      + debian/login.defs: use SHA512 by default for password crypt routine.
+    - debian/patches/495_stdout-encrypted-password: chpasswd can report
+      password hashes on stdout (Debian bug 505640).
+    - Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.
+
+ -- Nicolas Valc��rcel Scerpella (Canonical) <nvalcarcel at canonical.com>  Sat, 07 Nov 2009 04:55:18 -0500
+
 shadow (1:4.1.4.2-1) unstable; urgency=low
 
   * The "Tome des Bauges" release.
@@ -600,6 +1161,25 @@ shadow (1:4.1.4.2-1) unstable; urgency=l
 
  -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>  Fri, 24 Jul 2009 05:03:23 +0200
 
+shadow (1:4.1.4.1-1ubuntu2) karmic; urgency=low
+
+  * debian/securetty.linux: also list ttyS2 and ttyS3; beagleboard uses ttyS2
+    as serial port.
+
+ -- Lo��c Minier <loic.minier at ubuntu.com>  Fri, 31 Jul 2009 15:34:56 +0200
+
+shadow (1:4.1.4.1-1ubuntu1) karmic; urgency=low
+
+  * Resynchronise with Debian. Remaining changes:
+    - Ubuntu specific:
+      + debian/login.defs: use SHA512 by default for password crypt routine.
+    - debian/patches/495_stdout-encrypted-password: chpasswd can report
+      password hashes on stdout (Debian bug 505640).
+  * Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.
+    It's looking a bit ugly now ...
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Wed, 03 Jun 2009 11:16:51 +0100
+
 shadow (1:4.1.4.1-1) unstable; urgency=low
 
   * The "Chevrotin" release.
@@ -614,7 +1194,7 @@ shadow (1:4.1.4.1-1) unstable; urgency=l
      - Updated patches:
         + debian/patches/506_relaxed_usernames
   * debian/login.defs: Removed comment about MD5_CRYPT. MD5_CRYPT_ENAB is no
-    more used by chpasswd and newusers.
+    more used by chpasswd and newusers. 
   * debian/patches/*: Updated patches to the new quilt and shadow versions.
   * debian/patches/506_relaxed_usernames: usernames with a slash will not only
     break one option. Move to the discussion on the usernames.
@@ -659,7 +1239,7 @@ shadow (1:4.1.4-1) unstable; urgency=low
      - Updated Russian translation. Closes: #527636
      - passwd: Report password properties changes if the password is not
        actually changed. Closes: #525967
-     - Fixed lastlog. 4.1.3 only reported empty logs. Closes: #524873
+     - Fixed lastlog. 4.1.3 only reported empty logs. Closes: #524873 
      - Remove patches applied upstream:
         + debian/patches/403_fix_PATH-MAX_hurd
      - Updated patches:
@@ -687,6 +1267,21 @@ shadow (1:4.1.4-1) unstable; urgency=low
 
  -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>  Mon, 11 May 2009 00:25:11 +0200
 
+shadow (1:4.1.3.1-1ubuntu1) karmic; urgency=low
+
+  * Merge from debian unstable, remaining changes:
+    - Ubuntu specific:
+      + debian/login.defs: use SHA512 by default for password crypt routine.
+    - debian/patches/stdout-encrypted-password.patch: chpasswd can report
+      password hashes on stdout (debian bug 505640).
+    - debian/login.pam: Enable SELinux support (debian bug 527106).
+    - debian/securetty.linux: support Freescale MX-series (debian bug 527095).
+  * Add debian/patches/300_lastlog_failure: fixed upstream (debian bug 524873).
+  * Drop debian/patches/593_omit_lastchange_field_if_clock_is_misset: fixed
+    upstream.
+
+ -- Kees Cook <kees at ubuntu.com>  Tue, 05 May 2009 09:45:21 -0700
+
 shadow (1:4.1.3.1-1) unstable; urgency=low
 
   * The "Le Puant Mac��r��" release.
@@ -782,6 +1377,108 @@ shadow (1:4.1.3-1) unstable; urgency=low
 
  -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>  Tue, 14 Apr 2009 23:33:22 +0200
 
+shadow (1:4.1.1-6ubuntu6) jaunty; urgency=low
+
+  * debian/login.preinst: fix typo in grep (LP: #354887).
+
+ -- Kees Cook <kees at ubuntu.com>  Fri, 03 Apr 2009 22:12:07 -0700
+
+shadow (1:4.1.1-6ubuntu5) jaunty; urgency=low
+
+  * debian/login.preinst: add special-case handling to restore the
+    original white-space in /etc/login.defs that is changed by
+    system-tools-backends (LP: #316756).
+
+ -- Kees Cook <kees at ubuntu.com>  Fri, 03 Apr 2009 14:33:43 -0700
+
+shadow (1:4.1.1-6ubuntu4) jaunty; urgency=low
+
+  * debian/patches/593_omit_lastchange_field_if_clock_is_misset (LP: #349504)
+    - If the system clock is set to Jan 01, 1970, and a new user is created
+      the last changed field gets set to 0, which tells login that the 
+      password is expired and must be changed. During installation, 
+      this can cause autologin to fail. Having the clock set to 01/01/1970
+      on a fresh install is common on the ARM architecture, so this is a high
+      priority bug since its likely to affect most ARM users on first install
+
+ -- Michael Casadevall <mcasadevall at ubuntu.com>  Thu, 02 Apr 2009 14:05:31 -0400
+
+shadow (1:4.1.1-6ubuntu3) jaunty; urgency=low
+
+  [ Bryan McLellan ]
+  * Don't do the vm-builder root password check on fresh installations
+    (LP: #340841).
+
+ -- Colin Watson <cjwatson at ubuntu.com>  Tue, 17 Mar 2009 13:32:55 +0000
+
+shadow (1:4.1.1-6ubuntu2) jaunty; urgency=low
+
+  * debian/securetty.linux (LP: #316841)
+    - Updated securetty support for Freescale MX-series boards
+
+ -- Michael Casadevall <sonicmctails at gmail.com>  Tue, 13 Jan 2009 12:56:38 -0500
+
+shadow (1:4.1.1-6ubuntu1) jaunty; urgency=low
+
+  * Merge from debian unstable, remaining changes:
+    - Ubuntu specific:
+      + debian/login.pam: Enable SELinux support in login.pam.
+      + debian/rules: regenerate autoconf to avoid libtool-caused FTBFS.
+      + debian/login.defs: use SHA512 by default for password crypt routine.
+      + debian/passwd.postinst: disable the root password for virtual
+        machines created with vm-builder on Ubuntu 8.10.
+    - debian/patches/stdout-encrypted-password.patch: allow chpasswd to
+      report encrypted passwords to stdout for tools needing encrypted
+      passwords (debian bug 505640).
+
+ -- Kees Cook <kees at ubuntu.com>  Mon, 08 Dec 2008 00:44:46 -0800
+
+shadow (1:4.1.1-6) unstable; urgency=medium
+
+  * The "Rollot" release.
+  * debian/patches/303_login_symlink_attack: Fix a race condition that could
+    lead to gaining ownership or changing mode of arbitrary files.
+    Closes: #505271 
+  * debian/patches/304_su.1_synopsis: Fix the su synopsis. username is
+    referenced in the manpage, not LOGIN. Closes: #501830
+  * debian/patches/305_login.1_japanese: Fix the path of the utmp and wtmp
+    files. Closes: #501353
+
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>  Fri, 14 Nov 2008 21:52:42 +0100
+
+shadow (1:4.1.1-5ubuntu3) jaunty; urgency=low
+
+  * disable the root password for virtual machines created with vm-builder
+    on Ubuntu 8.10. (LP: #296841)
+
+ -- Jamie Strandboge <jamie at ubuntu.com>  Thu, 13 Nov 2008 20:32:42 -0600
+
+shadow (1:4.1.1-5ubuntu2) jaunty; urgency=low
+
+  * debian/login.defs: use SHA512 by default for password crypt routine
+    (LP: #51551, currently Ubuntu specific).
+  * debian/patches/stdout-encrypted-password.patch: allow chpasswd to report
+    encrypted passwords to stdout for tools needing encrypted passwords
+    (debian bug 505640).
+  * debian/rules: regenerate autoconf to avoid libtool-caused FTBFS.
+
+ -- Kees Cook <kees at ubuntu.com>  Thu, 13 Nov 2008 16:43:48 -0800
+
+shadow (1:4.1.1-5ubuntu1) jaunty; urgency=low
+
+  * Merge from debian unstable, remaining changes:
+    - debian/login.pam: Enable SELinux support in login.pam.
+
+ -- Scott James Remnant <scott at ubuntu.com>  Wed, 05 Nov 2008 07:26:43 +0000
+
+shadow (1:4.1.1-5) unstable; urgency=low
+
+  * The "Bergues" release.
+  * debian/login.pam: restore the Etch behavior of pam_securetty.so in case of
+    unknown user. Closes: #443322, #495831
+
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>  Sun, 14 Sep 2008 19:13:34 +0200
+
 shadow (1:4.1.1-4) unstable; urgency=low
 
   * The "Rocamadour" release.
@@ -859,6 +1556,13 @@ shadow (1:4.1.1-2) unstable; urgency=low
 
  -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net>  Fri, 13 Jun 2008 01:27:16 +0200
 
+shadow (1:4.1.1-1ubuntu1) intrepid; urgency=low
+
+  * Merge from debian unstable, remaining changes:
+    - debian/login.pam: Enable SELinux support in login.pam.
+
+ -- Kees Cook <kees at ubuntu.com>  Mon, 09 Jun 2008 10:08:38 -0700
+
 shadow (1:4.1.1-1) unstable; urgency=low
 
   * New upstream release. This closes the following bugs:
@@ -984,6 +1688,20 @@ shadow (1:4.1.0-1) unstable; urgency=low
 
  -- Christian Perrier <bubulle at debian.org>  Sat, 12 Jan 2008 20:40:02 +0100
 
+shadow (1:4.0.18.2-1ubuntu2) hardy; urgency=low
+
+  * Add 498_make_useradd_faster_with_ldap: make useradd faster when
+    nsswitch uses LDAP or some other remote names database (LP: #120015),
+    thanks to Vince Busam.
+
+ -- Matt T. Proud <mtp at google.com>  Fri, 08 Feb 2008 18:30:51 -0800
+
+shadow (1:4.0.18.2-1ubuntu1) hardy; urgency=low
+
+  * debian/login.pam: Enable SELinux support in login.pam (LP: #191326).
+
+ -- Caleb Case <ccase at tresys.com>  Fri, 08 Feb 2008 02:20:06 -0500
+
 shadow (1:4.0.18.2-1) unstable; urgency=low
 
   * The "Vacherin" release.
@@ -1089,7 +1807,7 @@ shadow (1:4.0.18.1-9) unstable; urgency=
     - 409_man_generate_from_PO: Generate the translated man pages at build
     time.
     - 200_regenerate_manpages: No more needed.
-
+    
 
  -- Christian Perrier <bubulle at debian.org>  Tue, 15 May 2007 23:40:13 +0200
 
@@ -1116,7 +1834,7 @@ shadow (1:4.0.18.1-8) unstable; urgency=
       neither -n nor -g are specified. See also 407_adduser_disable_PUG_with-n
     - no longer include /usr/bin/X11 in defaults PATH variable. Closes: #395890
     - set debhelper compatibility to 5 through debian/compat
-    - ignore a false positive lintian warning about
+    - ignore a false positive lintian warning about 
       possible-missing-colon-in-closes in line 668 of the changelog
   * Upstream bugs not yet fixed in upstream releases or CVS:
     - 493_pwck_no_SHADOWPWD: SHADOWPWD no more exist.
@@ -1753,7 +2471,7 @@ shadow (1:4.0.13-5) unstable; urgency=lo
       Working user password crypted preseeding (it probably failed earlier)
   * Debconf translation updates:
     - Russian updated. Closes: #337370
-
+  
  -- Christian Perrier <bubulle at debian.org>  Tue,  1 Nov 2005 18:10:30 +0100
 
 shadow (1:4.0.13-4) unstable; urgency=low
@@ -1901,7 +2619,7 @@ shadow (1:4.0.12-6) unstable; urgency=lo
       - manpages-fi (removed because distributes translations we don't have)
       - manpages-pt (removed because distributes translations we don't have)
       - manpages-tr (removed because distributes translations we don't have)
-      - manpages-zh for login
+      - manpages-zh for login 
                     (removed because distributes translations we don't have)
     - debian/login.pam, debian/login.su.pam:
       - use "readenv=1" with pam_env so that /etc/environment settings are
@@ -1924,7 +2642,7 @@ shadow (1:4.0.12-6) unstable; urgency=lo
 shadow (1:4.0.12-5) unstable; urgency=low
 
   * Really add /etc/pam.d/su. Closes: #330291
-
+  
  -- Christian Perrier <bubulle at debian.org>  Wed, 28 Sep 2005 19:59:31 +0200
 
 shadow (1:4.0.12-4) unstable; urgency=low
@@ -1986,7 +2704,7 @@ shadow (1:4.0.12-1) experimental; urgenc
       ULIMIT
     - NEWS.Debian: added
     - Ship a (currently useless) PAM configuration file for chage, useradd,
-      usermod, userdel, groupadd, groupmod, groupdel, including
+      usermod, userdel, groupadd, groupmod, groupdel, including 
       pam_rootok.so alone
     - use dh_installpam to install PAM configuration files
     - start the cleanup of the unused patches list
@@ -2274,7 +2992,7 @@ shadow (1:4.0.3-35) unstable; urgency=lo
       (change made in sarge branch also)
       Closes: #300720
     - debian/rules: Add removal of config.log in the clean target
-    - debian/control:
+    - debian/control: 
       - Add Martin to Uploaders
       - Remove Sam Hartman from Uploaders. The team is now setup and this
         does not really have a real meaning now. You're still welcome for
@@ -2526,7 +3244,7 @@ shadow (1:4.0.3-30.6) unstable; urgency=
 
   * Revert back to Ian Gulliver genuine patch
     to chpasswd. Update man page accordingly.
-    Closes: #283961
+    Closes: #283961 
     (again)
   * Programs translations
     - German updated. Closes: #286522
@@ -2646,7 +3364,7 @@ shadow (1:4.0.3-30) unstable; urgency=hi
   * Correct check for root password being already set in passwd.config
     Closes: #260799
 
-  * Acknowledge 29.1 NMU:
+  * Acknowledge 29.1 NMU: 
     Closes: #256664, #257949, #258241, #258563, #258566, #258957,
     #190567, #259389, #260223, #257949, #259663, #259827
 
@@ -2693,14 +3411,14 @@ shadow (1:4.0.3-29) unstable; urgency=lo
       Closes: #253792
       this change was already in 28.5 but was forgotten in the
       changelog
-  * Acknowledge NMUs:
+  * Acknowledge NMUs: 
   closes: #244604, #244734, #246302, #246376, #246848, #246859,
           #247084, #247698, #247770, #248386, #248391, #248392,
 	  #248392, #248516, #248516, #248648, #248938, #248957,
 	  #249141, #249257, #249682, #250169, #250339, #250496,
 	  #251140, #251141, #251317, #251495, #251716, #251990,
 	  #252087, #252499, #253165, #253186, #253570, #254503,
-	  #254760
+	  #254760 
 
  -- Karl Ramm <kcr at debian.org>  Sat,  3 Jul 2004 00:24:55 -0400
 
@@ -2898,7 +3616,7 @@ shadow (1:4.0.3-23) unstable; urgency=lo
 
 shadow (1:4.0.3-22) unstable; urgency=low
 
-  * Don't assume that lastlog.ll_time or utmp.ut_time or utmpx.ut_tv are made
+  * Don't assume that lastlog.ll_time or utmp.ut_time or utmpx.ut_tv are made 
     up of time_ts and timevals, because they aren't on x86-64.  Dismaying
     but true.
 
@@ -2906,7 +3624,7 @@ shadow (1:4.0.3-22) unstable; urgency=lo
 
 shadow (1:4.0.3-21) unstable; urgency=low
 
-  * Try and get the right French translation update in the right place,
+  * Try and get the right French translation update in the right place, 
     Karl, you can do it even if you do only speak English. Closes: #236993
 
  -- Karl Ramm <kcr at debian.org>  Wed, 10 Mar 2004 15:31:35 -0500
@@ -2964,7 +3682,7 @@ shadow (1:4.0.3-17) unstable; urgency=lo
 shadow (1:4.0.3-16) unstable; urgency=low
 
   * run dh_installdeb *after* dh_installdebconf,
-    remove . from short description of passwd,
+    remove . from short description of passwd, 
     add versioned conflict with debconf older than 0.5
     closes: #224133
   * replace manpages-it due to man page conflict
@@ -2975,7 +3693,7 @@ shadow (1:4.0.3-16) unstable; urgency=lo
   * fix permissions on chage and expiry, closes: #224717
   * run debconf-updatepo
   * remove debian/compat as redundant
-
+  
  -- Karl Ramm <kcr at debian.org>  Mon, 22 Dec 2003 19:53:30 -0500
 
 shadow (1:4.0.3-15) unstable; urgency=low
@@ -2988,7 +3706,7 @@ shadow (1:4.0.3-15) unstable; urgency=lo
 
 shadow (1:4.0.3-14) unstable; urgency=low
 
-  * exit 30 when backing all the way out in passwd.conf, and
+  * exit 30 when backing all the way out in passwd.conf, and 
     depend on base-config 2.00, closes: #222772
   * adjust debconf templates for debian-installer work,
     closes: #222832
@@ -3005,11 +3723,11 @@ shadow (1:4.0.3-13) unstable; urgency=lo
 shadow (1:4.0.3-12) unstable; urgency=low
 
   * Explicitly use automake-1.7 and aclocal-1.7.  closes: #216594
-  * Update Danish debconf translation.  closes: #216542
+  * Update Danish debconf translation.  closes: #216542  
   * Update French debconf translation.  closes: #206352
   * Update Dutch debconf translation.  closes: #212995
   * Remove redundant dependency on grep.  closes: #216535
-  * Fix chfn documentation bug.  closes: #213931
+  * Fix chfn documentation bug.  closes: #213931  
   * Fix su syslogs to be less ambiguous.  (old:new instead of old-new
     because '-' can appear in usernames.)  Not clearer, mind you, but less
     ambiguous.  closes: #213592
@@ -3125,7 +3843,7 @@ shadow (1:4.0.3-3) unstable; urgency=low
 
   * the "fix the brain damage" release
   * fix pam brain-damage in ch{age,passwd}, {group,user}{add,del,mod}, newusers
-    closes: #162181, #162199, #162228
+    closes: #162181, #162199, #162228 
   * fix vipw symlink brain-damage: closes: #162218
   * fix package description brain damage, closes: #139563
   * install cp{pw,gr} brain damge
@@ -3226,7 +3944,7 @@ shadow (20000902-8) unstable; urgency=lo
     from going off on its own.
   * terminate argument validation in login when it hits a '--'.
     closes: #66368
-
+  
  -- Karl Ramm <kcr at debian.org>  Mon, 22 Oct 2001 11:17:35 -0400
 
 shadow (20000902-7) unstable; urgency=low
@@ -3253,10 +3971,10 @@ shadow (20000902-7) unstable; urgency=lo
  -- Karl Ramm <kcr at debian.org>  Wed, 22 Aug 2001 12:09:27 -0400
 
 shadow (20000902-6.1) unstable; urgency=low
-
+ 
   * Non-maintainer upload.
   * Upgrade to latest config.sub and config.guess.  Closes: #88547
-
+ 
  -- Gerhard Tonn <gt at debian.org>  Fri,  1 Jun 2001 20:38:43 +0200
 
 shadow (20000902-6) unstable; urgency=medium
@@ -3283,7 +4001,7 @@ shadow (20000902-4) unstable; urgency=lo
 shadow (20000902-3.1) unstable; urgency=low
 
   * Non-maintainer upload
-  * Recompile to fix ARM lossage
+  * Recompile to fix ARM lossage 
 
  -- Philip Blundell <philb at armlinux.org>  Sun, 11 Mar 2001 07:47:27 -0500
 
@@ -3607,7 +4325,7 @@ shadow (19990827-3) unstable; urgency=lo
   * login.defs: documented above change
   * {login,passwd}.postinst: fixed some bashisms, closes: #45159
   * login.defs.pam.linux: documented the FAKE_SHELL option, closes: 31987
-  * su.1,login.1: documented the subsystem root ability in login and su, closes:
+  * su.1,login.1: documented the subsystem root ability in login and su, closes: 
   * doc directory for both packages now includes the README.shadow-paper file
     closes: #15391
 
@@ -3748,7 +4466,7 @@ shadow (980403-0.3.3) unstable; urgency=
 shadow (980403-0.3.2) unstable; urgency=low
 
   * configure.in patched for utmpx.h (for arm)
-
+  
  -- Jim Pick <jim at jimpick.com>  Sun,  4 Oct 1998 19:06:15 -0700
 
 shadow (980403-0.3.1) frozen unstable; urgency=low
@@ -3776,7 +4494,7 @@ shadow (980403-0.2) frozen unstable; urg
  -- Joel Klecker <jk at espy.org>  Mon, 11 May 1998 11:25:22 -0700
 
 shadow (980403-0.1) frozen unstable; urgency=low
-
+  
   * Non-maintainer release.
   * New upstream release (18225).
   * (debian/login.postinst)
@@ -3805,7 +4523,7 @@ shadow (980403-0.1) frozen unstable; urg
   * Install upstream changelog as 'changelog.gz' as per policy (20052).
   * (secure-su): Changed /etc/suauth to reference the group 'root'
     instead of 'wheel' (17593).
-
+  
  -- Joel Klecker <jk at espy.org>  Thu, 30 Apr 1998 18:32:12 -0700
 
 shadow (970616-1) unstable; urgency=low
@@ -3875,7 +4593,7 @@ shadow (961025-2) frozen unstable; urgen
  -- Guy Maor <maor at ece.utexas.edu>  Sat, 19 Apr 1997 02:34:59 -0500
 
 shadow (961025-1) unstable; urgency=low
-
+  
   * Upstream upgrade, new source format.
 
  -- Guy Maor <maor at ece.utexas.edu>  Mon, 10 Feb 1997 02:56:56 -0600
diff -pruN 1:4.8-1/debian/control 1:4.8-1ubuntu1/debian/control
--- 1:4.8-1/debian/control	2019-12-20 15:39:40.000000000 +0000
+++ 1:4.8-1ubuntu1/debian/control	2020-01-20 14:16:35.000000000 +0000
@@ -1,5 +1,6 @@
 Source: shadow
-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
+XSBC-Original-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
 Uploaders: Balint Reczey <rbalint at ubuntu.com>,
            Serge Hallyn <serge at hallyn.com>
 Section: admin
diff -pruN 1:4.8-1/debian/login.defs 1:4.8-1ubuntu1/debian/login.defs
--- 1:4.8-1/debian/login.defs	2019-12-20 15:39:40.000000000 +0000
+++ 1:4.8-1ubuntu1/debian/login.defs	2020-01-20 14:16:35.000000000 +0000
@@ -214,13 +214,14 @@ DEFAULT_HOME	yes
 #USERDEL_CMD	/usr/sbin/userdel_local
 
 #
+# Enable setting of the umask group bits to be the same as owner bits
+# (examples: 022 -> 002, 077 -> 007) for non-root users, if the uid is
+# the same as gid, and username is the same as the primary group name.
+#
 # If set to yes, userdel will remove the user's group if it contains no
 # more members, and useradd will create by default a group with the name
 # of the user.
 #
-# Other former uses of this variable such as setting the umask when
-# user==primary group are not used in PAM environments, such as Debian
-#
 USERGROUPS_ENAB yes
 
 #
diff -pruN 1:4.8-1/debian/login.install 1:4.8-1ubuntu1/debian/login.install
--- 1:4.8-1/debian/login.install	2019-12-20 15:39:40.000000000 +0000
+++ 1:4.8-1ubuntu1/debian/login.install	2020-01-20 14:16:35.000000000 +0000
@@ -1,4 +1,5 @@
 debian/login.defs etc
+debian/source_shadow.py usr/share/apport/package-hooks
 usr/share/locale/*/LC_MESSAGES/shadow.mo
 usr/share/man/*/man1/login.1
 usr/share/man/*/man1/newgrp.1
diff -pruN 1:4.8-1/debian/passwd.maintscript 1:4.8-1ubuntu1/debian/passwd.maintscript
--- 1:4.8-1/debian/passwd.maintscript	2019-12-20 15:39:40.000000000 +0000
+++ 1:4.8-1ubuntu1/debian/passwd.maintscript	2020-01-20 14:16:35.000000000 +0000
@@ -1 +1,2 @@
 rm_conffile /etc/cron.daily/passwd 1:4.7-2~
+rm_conffile /etc/init/passwd.conf 1:4.2-3.2ubuntu4~ passwd
diff -pruN 1:4.8-1/debian/patches/1010_extrausers.patch 1:4.8-1ubuntu1/debian/patches/1010_extrausers.patch
--- 1:4.8-1/debian/patches/1010_extrausers.patch	1970-01-01 00:00:00.000000000 +0000
+++ 1:4.8-1ubuntu1/debian/patches/1010_extrausers.patch	2020-01-20 14:16:35.000000000 +0000
@@ -0,0 +1,264 @@
+From: Michael Terry <michael.terry at canonical.com>
+Date: Fri, 20 Dec 2019 16:45:51 +0100
+Subject: Add support to passwd for updating libnss-extrausers locations
+
+---
+ lib/commonio.c |  2 ++
+ lib/defines.h  |  8 ++++++++
+ src/passwd.c   | 65 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-
+ src/usermod.c  | 48 +++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 122 insertions(+), 1 deletion(-)
+
+diff --git a/lib/commonio.c b/lib/commonio.c
+index 9f6ceca..008691f 100644
+--- a/lib/commonio.c
++++ b/lib/commonio.c
+@@ -419,6 +419,7 @@ int commonio_lock (struct commonio_db *db)
+ 	int i;
+ 
+ #ifdef HAVE_LCKPWDF
++  if (strncmp(db->filename, "/etc/", 5) == 0) {
+ 	/*
+ 	 * Only if the system libc has a real lckpwdf() - the one from
+ 	 * lockpw.c calls us and would cause infinite recursion!
+@@ -448,6 +449,7 @@ int commonio_lock (struct commonio_db *db)
+ 		ulckpwdf ();
+ 		return 0;		/* failure */
+ 	}
++  } /* strncmp(db->filename, "/etc/", 5) == 0 */
+ #endif				/* !HAVE_LCKPWDF */
+ 
+ 	/*
+diff --git a/lib/defines.h b/lib/defines.h
+index 2fb1b56..ffa8b6a 100644
+--- a/lib/defines.h
++++ b/lib/defines.h
+@@ -316,6 +316,14 @@ char *strchr (), *strrchr (), *strtok ();
+ #endif
+ #endif
+ 
++#ifndef EXTRAUSERS_PASSWD_FILE
++#define EXTRAUSERS_PASSWD_FILE "/var/lib/extrausers/passwd"
++#endif
++
++#ifndef EXTRAUSERS_SHADOW_FILE
++#define EXTRAUSERS_SHADOW_FILE "/var/lib/extrausers/shadow"
++#endif
++
+ #ifndef NULL
+ #define NULL ((void *) 0)
+ #endif
+diff --git a/src/passwd.c b/src/passwd.c
+index 13619b1..bfe0aea 100644
+--- a/src/passwd.c
++++ b/src/passwd.c
+@@ -559,8 +559,15 @@ static void update_noshadow (void)
+ {
+ 	const struct passwd *pw;
+ 	struct passwd *npw;
++	bool try_extrausers = strcmp (pw_dbname (), EXTRAUSERS_PASSWD_FILE) != 0 &&
++	                      access (EXTRAUSERS_PASSWD_FILE, F_OK) == 0;
+ 
+ 	if (pw_lock () == 0) {
++		if (try_extrausers) {
++			pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++			update_noshadow ();
++			return;
++		}
+ 		(void) fprintf (stderr,
+ 		                _("%s: cannot lock %s; try again later.\n"),
+ 		                Prog, pw_dbname ());
+@@ -568,6 +575,20 @@ static void update_noshadow (void)
+ 	}
+ 	pw_locked = true;
+ 	if (pw_open (O_CREAT | O_RDWR) == 0) {
++		if (try_extrausers) {
++			if (pw_unlock () == 0) {
++				(void) fprintf (stderr,
++				                _("%s: failed to unlock %s\n"),
++				                Prog, pw_dbname ());
++				SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
++				/* continue */
++			}
++			pw_locked = false;
++
++			pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++			update_noshadow ();
++			return;
++		}
+ 		(void) fprintf (stderr,
+ 		                _("%s: cannot open %s\n"),
+ 		                Prog, pw_dbname ());
+@@ -576,6 +597,21 @@ static void update_noshadow (void)
+ 	}
+ 	pw = pw_locate (name);
+ 	if (NULL == pw) {
++		if (try_extrausers) {
++			(void) pw_close ();
++			if (pw_unlock () == 0) {
++				(void) fprintf (stderr,
++				                _("%s: failed to unlock %s\n"),
++				                Prog, pw_dbname ());
++				SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
++				/* continue */
++			}
++			pw_locked = false;
++
++			pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++			update_noshadow ();
++			return;
++		}
+ 		(void) fprintf (stderr,
+ 		                _("%s: user '%s' does not exist in %s\n"),
+ 		                Prog, name, pw_dbname ());
+@@ -613,8 +649,15 @@ static void update_shadow (void)
+ {
+ 	const struct spwd *sp;
+ 	struct spwd *nsp;
++	bool try_extrausers = strcmp (spw_dbname (), EXTRAUSERS_SHADOW_FILE) != 0 &&
++	                      access (EXTRAUSERS_SHADOW_FILE, F_OK) == 0;
+ 
+ 	if (spw_lock () == 0) {
++		if (try_extrausers) {
++			spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++			update_shadow ();
++			return;
++		}
+ 		(void) fprintf (stderr,
+ 		                _("%s: cannot lock %s; try again later.\n"),
+ 		                Prog, spw_dbname ());
+@@ -622,6 +665,20 @@ static void update_shadow (void)
+ 	}
+ 	spw_locked = true;
+ 	if (spw_open (O_CREAT | O_RDWR) == 0) {
++		if (try_extrausers) {
++			if (spw_unlock () == 0) {
++				(void) fprintf (stderr,
++						        _("%s: failed to unlock %s\n"),
++						        Prog, spw_dbname ());
++				SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
++				/* continue */
++			}
++			spw_locked = false;
++
++			spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++			update_shadow ();
++			return;
++		}
+ 		(void) fprintf (stderr,
+ 		                _("%s: cannot open %s\n"),
+ 		                Prog, spw_dbname ());
+@@ -632,7 +689,9 @@ static void update_shadow (void)
+ 	if (NULL == sp) {
+ 		/* Try to update the password in /etc/passwd instead. */
+ 		(void) spw_close ();
+-		update_noshadow ();
++		if (!try_extrausers) {
++			update_noshadow ();
++		}
+ 		if (spw_unlock () == 0) {
+ 			(void) fprintf (stderr,
+ 			                _("%s: failed to unlock %s\n"),
+@@ -641,6 +700,10 @@ static void update_shadow (void)
+ 			/* continue */
+ 		}
+ 		spw_locked = false;
++		if (try_extrausers) {
++			spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++			update_shadow ();
++		}
+ 		return;
+ 	}
+ 	nsp = __spw_dup (sp);
+diff --git a/src/usermod.c b/src/usermod.c
+index 05b9871..fb833e1 100644
+--- a/src/usermod.c
++++ b/src/usermod.c
+@@ -1566,7 +1566,16 @@ static void close_files (void)
+  */
+ static void open_files (void)
+ {
++	bool try_extrausers = strcmp (pw_dbname (), EXTRAUSERS_PASSWD_FILE) != 0 &&
++	                      access (EXTRAUSERS_PASSWD_FILE, F_OK) == 0;
++
+ 	if (pw_lock () == 0) {
++		if (try_extrausers) {
++			pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++			spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++			open_files ();
++			return;
++		}
+ 		fprintf (stderr,
+ 		         _("%s: cannot lock %s; try again later.\n"),
+ 		         Prog, pw_dbname ());
+@@ -1574,12 +1583,29 @@ static void open_files (void)
+ 	}
+ 	pw_locked = true;
+ 	if (pw_open (O_CREAT | O_RDWR) == 0) {
++		if (try_extrausers) {
++			pw_unlock ();
++			pw_locked = false;
++			pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++			spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++			open_files ();
++			return;
++		}
+ 		fprintf (stderr,
+ 		         _("%s: cannot open %s\n"),
+ 		         Prog, pw_dbname ());
+ 		fail_exit (E_PW_UPDATE);
+ 	}
+ 	if (is_shadow_pwd && (spw_lock () == 0)) {
++		if (try_extrausers) {
++			pw_close ();
++			pw_unlock ();
++			pw_locked = false;
++			pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++			spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++			open_files ();
++			return;
++		}
+ 		fprintf (stderr,
+ 		         _("%s: cannot lock %s; try again later.\n"),
+ 		         Prog, spw_dbname ());
+@@ -1587,6 +1613,17 @@ static void open_files (void)
+ 	}
+ 	spw_locked = true;
+ 	if (is_shadow_pwd && (spw_open (O_CREAT | O_RDWR) == 0)) {
++		if (try_extrausers) {
++			pw_close ();
++			pw_unlock ();
++			spw_unlock ();
++			pw_locked = false;
++			spw_locked = false;
++			pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++			spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++			open_files ();
++			return;
++		}
+ 		fprintf (stderr,
+ 		         _("%s: cannot open %s\n"),
+ 		         Prog, spw_dbname ());
+@@ -1675,11 +1712,22 @@ static void usr_update (void)
+ 	struct spwd spent;
+ 	const struct spwd *spwd = NULL;
+ 
++	bool try_extrausers = strcmp (pw_dbname (), EXTRAUSERS_PASSWD_FILE) != 0 &&
++	                      access (EXTRAUSERS_PASSWD_FILE, F_OK) == 0;
++
+ 	/*
+ 	 * Locate the entry in /etc/passwd, which MUST exist.
+ 	 */
+ 	pwd = pw_locate (user_name);
+ 	if (NULL == pwd) {
++		if (try_extrausers) {
++			close_files ();
++			pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++			spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++			open_files ();
++			usr_update ();
++			return;
++		}
+ 		fprintf (stderr,
+ 		         _("%s: user '%s' does not exist in %s\n"),
+ 		         Prog, user_name, pw_dbname ());
diff -pruN 1:4.8-1/debian/patches/1011_extrausers_toggle.patch 1:4.8-1ubuntu1/debian/patches/1011_extrausers_toggle.patch
--- 1:4.8-1/debian/patches/1011_extrausers_toggle.patch	1970-01-01 00:00:00.000000000 +0000
+++ 1:4.8-1ubuntu1/debian/patches/1011_extrausers_toggle.patch	2020-01-20 14:16:35.000000000 +0000
@@ -0,0 +1,160 @@
+From: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
+Date: Fri, 20 Dec 2019 16:45:51 +0100
+Subject: _extrausers_toggle
+
+---
+ lib/defines.h  | 16 ++++++++++++++++
+ src/groupadd.c | 22 ++++++++++++++++++++++
+ src/useradd.c  | 23 +++++++++++++++++++++++
+ 3 files changed, 61 insertions(+)
+
+diff --git a/lib/defines.h b/lib/defines.h
+index ffa8b6a..25c411f 100644
+--- a/lib/defines.h
++++ b/lib/defines.h
+@@ -324,6 +324,22 @@ char *strchr (), *strrchr (), *strtok ();
+ #define EXTRAUSERS_SHADOW_FILE "/var/lib/extrausers/shadow"
+ #endif
+ 
++#ifndef EXTRAUSERS_GROUP_FILE
++#define EXTRAUSERS_GROUP_FILE "/var/lib/extrausers/group"
++#endif
++
++#ifndef EXTRAUSERS_SHADOWGROUP_FILE
++#define EXTRAUSERS_SHADOWGROUP_FILE "/var/lib/extrausers/gshadow"
++#endif
++
++#ifndef EXTRAUSERS_SUBUID_FILE
++#define EXTRAUSERS_SUBUID_FILE "/var/lib/extrausers/subuid"
++#endif
++
++#ifndef EXTRAUSERS_SUBGID_FILE
++#define EXTRAUSERS_SUBGID_FILE "/var/lib/extrausers/subgid"
++#endif
++
+ #ifndef NULL
+ #define NULL ((void *) 0)
+ #endif
+diff --git a/src/groupadd.c b/src/groupadd.c
+index 2dd8eec..e746efc 100644
+--- a/src/groupadd.c
++++ b/src/groupadd.c
+@@ -105,6 +105,12 @@ static void process_flags (int argc, char **argv);
+ static void check_flags (void);
+ static void check_perms (void);
+ 
++#ifndef EXTRAUSERS_OPT
++#define EXTRAUSERS_OPT 100000
++#endif
++
++static bool use_extrausers = false;
++
+ /*
+  * usage - display usage message and exit
+  */
+@@ -127,6 +133,7 @@ static /*@noreturn@*/void usage (int status)
+ 	(void) fputs (_("  -r, --system                  create a system account\n"), usageout);
+ 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
+ 	(void) fputs (_("  -P, --prefix PREFIX_DIR       directory prefix\n"), usageout);
++	(void) fputs (_("      --extrausers              Use the extra users database\n"), usageout);
+ 	(void) fputs ("\n", usageout);
+ 	exit (status);
+ }
+@@ -391,12 +398,16 @@ static void process_flags (int argc, char **argv)
+ 		{"system",     no_argument,       NULL, 'r'},
+ 		{"root",       required_argument, NULL, 'R'},
+ 		{"prefix",     required_argument, NULL, 'P'},
++		{"extrausers", no_argument,       NULL, EXTRAUSERS_OPT},
+ 		{NULL, 0, NULL, '\0'}
+ 	};
+ 
+ 	while ((c = getopt_long (argc, argv, "fg:hK:op:rR:P:",
+ 		                 long_options, NULL)) != -1) {
+ 		switch (c) {
++        case EXTRAUSERS_OPT:
++            use_extrausers = true;
++            break;
+ 		case 'f':
+ 			/*
+ 			 * "force" - do nothing, just exit(0), if the
+@@ -606,7 +617,18 @@ int main (int argc, char **argv)
+ 
+ 	check_perms ();
+ 
++    if (use_extrausers) {
++		fprintf (stderr, "ENTER EXTRAUSERS_GROUP_FILE");
++        gr_setdbname (EXTRAUSERS_GROUP_FILE);
++		fprintf (stderr, "EXIT EXTRAUSERS_GROUP_FILE");
++    }
++
+ #ifdef SHADOWGRP
++    if (use_extrausers) {
++		fprintf (stderr, "ENTER EXTRAUSERS_SHADOWGROUP_FILE");
++        sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE);
++		fprintf (stderr, "EXIT EXTRAUSERS_SHADOWGROUP_FILE");
++    }
+ 	is_shadow_grp = sgr_file_present ();
+ #endif
+ 
+diff --git a/src/useradd.c b/src/useradd.c
+index 44c48cb..a92a35b 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -150,6 +150,12 @@ static bool do_grp_update = false;	/* group files need to be updated */
+ 
+ extern int allow_bad_names;
+ 
++#ifndef EXTRAUSERS_OPT
++#define EXTRAUSERS_OPT 100000
++#endif
++
++static bool use_extrausers = false;
++
+ static bool
+     bflg = false,		/* new default root of home directory */
+     cflg = false,		/* comment (GECOS) field for new account */
+@@ -859,6 +865,7 @@ static void usage (int status)
+ #ifdef WITH_SELINUX
+ 	(void) fputs (_("  -Z, --selinux-user SEUSER     use a specific SEUSER for the SELinux user mapping\n"), usageout);
+ #endif				/* WITH_SELINUX */
++	(void) fputs (_("      --extrausers              Use the extra users database\n"), usageout);
+ 	(void) fputs ("\n", usageout);
+ 	exit (status);
+ }
+@@ -1139,6 +1146,7 @@ static void process_flags (int argc, char **argv)
+ #ifdef WITH_SELINUX
+ 			{"selinux-user",   required_argument, NULL, 'Z'},
+ #endif				/* WITH_SELINUX */
++			{"extrausers",     no_argument,       NULL, EXTRAUSERS_OPT},
+ 			{NULL, 0, NULL, '\0'}
+ 		};
+ 		while ((c = getopt_long (argc, argv,
+@@ -1149,6 +1157,9 @@ static void process_flags (int argc, char **argv)
+ #endif				/* !WITH_SELINUX */
+ 		                         long_options, NULL)) != -1) {
+ 			switch (c) {
++			case EXTRAUSERS_OPT:
++                use_extrausers = true;
++                break;
+ 			case 'b':
+ 				if (   ( !VALID (optarg) )
+ 				    || ( optarg[0] != '/' )) {
+@@ -2373,6 +2384,18 @@ int main (int argc, char **argv)
+ 		}
+ 	}
+ 
++    if (use_extrausers) {
++        pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++        spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++        gr_setdbname (EXTRAUSERS_GROUP_FILE);
++        /* TODO expose this information in other tools */
++        sub_uid_setdbname(EXTRAUSERS_SUBUID_FILE);
++        sub_gid_setdbname(EXTRAUSERS_SUBGID_FILE);
++#ifdef SHADOWGRP
++        sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE);
++#endif
++    }
++
+ 	/*
+ 	 * Do the hard stuff:
+ 	 * - open the files,
diff -pruN 1:4.8-1/debian/patches/1012_extrausers_chfn.patch 1:4.8-1ubuntu1/debian/patches/1012_extrausers_chfn.patch
--- 1:4.8-1/debian/patches/1012_extrausers_chfn.patch	1970-01-01 00:00:00.000000000 +0000
+++ 1:4.8-1ubuntu1/debian/patches/1012_extrausers_chfn.patch	2020-01-20 14:16:35.000000000 +0000
@@ -0,0 +1,71 @@
+From: Michael Vogt <mvo at ubuntu.com>
+Date: Fri, 20 Dec 2019 16:45:51 +0100
+Subject: add support for --extrausers for chfn
+
+This add support for --extrausers to the chfn tool.
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1495580
+---
+ src/chfn.c | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/src/chfn.c b/src/chfn.c
+index b2658fc..acf945a 100644
+--- a/src/chfn.c
++++ b/src/chfn.c
+@@ -71,6 +71,11 @@ static bool hflg = false;		/* -h - set home phone number        */
+ static bool oflg = false;		/* -o - set other information        */
+ static bool pw_locked = false;
+ 
++#ifndef EXTRAUSERS_OPT
++#define EXTRAUSERS_OPT 100000
++#endif
++static bool use_extrausers = false;
++
+ /*
+  * External identifiers
+  */
+@@ -123,6 +128,7 @@ static /*@noreturn@*/void usage (int status)
+ 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
+ 	(void) fputs (_("  -u, --help                    display this help message and exit\n"), usageout);
+ 	(void) fputs (_("  -w, --work-phone WORK_PHONE   change user's office phone number\n"), usageout);
++	(void) fputs (_("      --extrausers              Use the extra users database\n"), usageout);        
+ 	(void) fputs ("\n", usageout);
+ 	exit (status);
+ }
+@@ -273,6 +279,7 @@ static void process_flags (int argc, char **argv)
+ 		{"root",       required_argument, NULL, 'R'},
+ 		{"help",       no_argument,       NULL, 'u'},
+ 		{"work-phone", required_argument, NULL, 'w'},
++                {"extrausers", no_argument, NULL, EXTRAUSERS_OPT},
+ 		{NULL, 0, NULL, '\0'}
+ 	};
+ 
+@@ -286,6 +293,9 @@ static void process_flags (int argc, char **argv)
+ 	while ((c = getopt_long (argc, argv, "f:h:o:r:R:uw:",
+ 	                         long_options, NULL)) != -1) {
+ 		switch (c) {
++                case EXTRAUSERS_OPT:
++                   use_extrausers = true;
++                   break;
+ 		case 'f':
+ 			if (!may_change_field ('f')) {
+ 				fprintf (stderr,
+@@ -653,6 +663,18 @@ int main (int argc, char **argv)
+ 	/* parse the command line options */
+ 	process_flags (argc, argv);
+ 
++        if (use_extrausers) {
++           pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++           spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++           gr_setdbname (EXTRAUSERS_GROUP_FILE);
++           /* TODO expose this information in other tools */
++           sub_uid_setdbname(EXTRAUSERS_SUBUID_FILE);
++           sub_gid_setdbname(EXTRAUSERS_SUBGID_FILE);
++#ifdef SHADOWGRP
++           sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE);
++#endif
++        }
++        
+ 	/*
+ 	 * Get the name of the user to check. It is either the command line
+ 	 * name, or the name getlogin() returns.
diff -pruN 1:4.8-1/debian/patches/1013_extrausers_deluser.patch 1:4.8-1ubuntu1/debian/patches/1013_extrausers_deluser.patch
--- 1:4.8-1/debian/patches/1013_extrausers_deluser.patch	1970-01-01 00:00:00.000000000 +0000
+++ 1:4.8-1ubuntu1/debian/patches/1013_extrausers_deluser.patch	2020-01-20 14:16:35.000000000 +0000
@@ -0,0 +1,71 @@
+From: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
+Date: Fri, 20 Dec 2019 16:45:51 +0100
+Subject: _extrausers_deluser
+
+===================================================================
+---
+ src/userdel.c | 23 +++++++++++++++++++++++
+ 1 file changed, 23 insertions(+)
+
+diff --git a/src/userdel.c b/src/userdel.c
+index cc951e5..f0b6790 100644
+--- a/src/userdel.c
++++ b/src/userdel.c
+@@ -139,6 +139,12 @@ static int remove_mailbox (void);
+ static int remove_tcbdir (const char *user_name, uid_t user_id);
+ #endif				/* WITH_TCB */
+ 
++#ifndef EXTRAUSERS_OPT
++#define EXTRAUSERS_OPT 100000
++#endif
++
++static bool use_extrausers = false;
++
+ /*
+  * usage - display usage message and exit
+  */
+@@ -157,6 +163,7 @@ static void usage (int status)
+ 	(void) fputs (_("  -r, --remove                  remove home directory and mail spool\n"), usageout);
+ 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
+ 	(void) fputs (_("  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
++	(void) fputs (_("      --extrausers              Use the extra users database\n"), usageout);
+ #ifdef WITH_SELINUX
+ 	(void) fputs (_("  -Z, --selinux-user            remove any SELinux user mapping for the user\n"), usageout);
+ #endif				/* WITH_SELINUX */
+@@ -1035,6 +1042,7 @@ int main (int argc, char **argv)
+ 			{"remove",       no_argument,       NULL, 'r'},
+ 			{"root",         required_argument, NULL, 'R'},
+ 			{"prefix",       required_argument, NULL, 'P'},
++                        {"extrausers", no_argument,       NULL, EXTRAUSERS_OPT},
+ #ifdef WITH_SELINUX
+ 			{"selinux-user", no_argument,       NULL, 'Z'},
+ #endif				/* WITH_SELINUX */
+@@ -1048,6 +1056,9 @@ int main (int argc, char **argv)
+ #endif				/* !WITH_SELINUX */
+ 		                         long_options, NULL)) != -1) {
+ 			switch (c) {
++                        case EXTRAUSERS_OPT:
++                                use_extrausers = true;
++                                break;
+ 			case 'f':	/* force remove even if not owned by user */
+ 				fflg = true;
+ 				break;
+@@ -1215,6 +1226,18 @@ int main (int argc, char **argv)
+ 		}
+ 	}
+ 
++        if (use_extrausers) {
++               pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++               spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++               gr_setdbname (EXTRAUSERS_GROUP_FILE);
++               /* TODO expose this information in other tools */
++               sub_uid_setdbname(EXTRAUSERS_SUBUID_FILE);
++               sub_gid_setdbname(EXTRAUSERS_SUBGID_FILE);
++#ifdef SHADOWGRP
++               sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE);
++#endif
++        }
++
+ 	/*
+ 	 * Do the hard stuff - open the files, create the user entries,
+ 	 * create the home directory, then close and update the files.
diff -pruN 1:4.8-1/debian/patches/1014_extrausers_delgroup.patch 1:4.8-1ubuntu1/debian/patches/1014_extrausers_delgroup.patch
--- 1:4.8-1/debian/patches/1014_extrausers_delgroup.patch	1970-01-01 00:00:00.000000000 +0000
+++ 1:4.8-1ubuntu1/debian/patches/1014_extrausers_delgroup.patch	2020-01-20 14:16:35.000000000 +0000
@@ -0,0 +1,71 @@
+From: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
+Date: Fri, 20 Dec 2019 16:45:51 +0100
+Subject: _extrausers_delgroup
+
+===================================================================
+---
+ src/groupdel.c | 23 +++++++++++++++++++++++
+ 1 file changed, 23 insertions(+)
+
+diff --git a/src/groupdel.c b/src/groupdel.c
+index f941a84..7487582 100644
+--- a/src/groupdel.c
++++ b/src/groupdel.c
+@@ -87,6 +87,12 @@ static void open_files (void);
+ static void group_busy (gid_t gid);
+ static void process_flags (int argc, char **argv);
+ 
++#ifndef EXTRAUSERS_OPT
++#define EXTRAUSERS_OPT 100000
++#endif
++
++static bool use_extrausers = false;
++
+ /*
+  * usage - display usage message and exit
+  */
+@@ -102,6 +108,7 @@ static /*@noreturn@*/void usage (int status)
+ 	(void) fputs (_("  -R, --root CHROOT_DIR         directory to chroot into\n"), usageout);
+ 	(void) fputs (_("  -P, --prefix PREFIX_DIR       prefix directory where are located the /etc/* files\n"), usageout);
+ 	(void) fputs (_("  -f, --force                   delete group even if it is the primary group of a user\n"), usageout);
++        (void) fputs (_("      --extrausers              Use the extra users database\n"), usageout);
+ 	(void) fputs ("\n", usageout);
+ 	exit (status);
+ }
+@@ -325,6 +332,7 @@ static void process_flags (int argc, char **argv)
+ 		{"help", no_argument,       NULL, 'h'},
+ 		{"root", required_argument, NULL, 'R'},
+ 		{"prefix", required_argument, NULL, 'P'},
++		{"extrausers", no_argument, NULL, EXTRAUSERS_OPT},
+ 		{NULL, 0, NULL, '\0'}
+ 	};
+ 
+@@ -341,6 +349,9 @@ static void process_flags (int argc, char **argv)
+ 		case 'f':
+ 			check_group_busy = false;
+ 			break;
++		case EXTRAUSERS_OPT:
++			use_extrausers = true;
++			break;
+ 		default:
+ 			usage (E_USAGE);
+ 		}
+@@ -482,6 +493,18 @@ int main (int argc, char **argv)
+ 		group_busy (group_id);
+ 	}
+ 
++        if (use_extrausers) {
++               pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++               spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++               gr_setdbname (EXTRAUSERS_GROUP_FILE);
++               /* TODO expose this information in other tools */
++               sub_uid_setdbname(EXTRAUSERS_SUBUID_FILE);
++               sub_gid_setdbname(EXTRAUSERS_SUBGID_FILE);
++#ifdef SHADOWGRP
++               sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE);
++#endif
++        }
++
+ 	/*
+ 	 * Do the hard stuff - open the files, delete the group entries,
+ 	 * then close and update the files.
diff -pruN 1:4.8-1/debian/patches/1015_add_zsys_support.patch 1:4.8-1ubuntu1/debian/patches/1015_add_zsys_support.patch
--- 1:4.8-1/debian/patches/1015_add_zsys_support.patch	1970-01-01 00:00:00.000000000 +0000
+++ 1:4.8-1ubuntu1/debian/patches/1015_add_zsys_support.patch	2020-01-20 14:16:35.000000000 +0000
@@ -0,0 +1,134 @@
+From: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
+Date: Fri, 29 Jun 2018 17:22:06 +0200
+Subject: Call zsys to handle home directory if available
+
+We call zsys to handle dataset creation for zsys system in a separate home
+dataset for each user on the system.
+This allows one to handle user dataset outside of /home and also renaming.
+We don't handle with system users (uid < 1000) as we consider them by default
+as part of the system.
+We don't support yet deletion, as removing the dataset would remove as well
+every snapshot of the history, and so, revert to previous version will result
+in user created, but no home directory, which is unwanted.
+Forwarded: not-needed
+Origin: ubuntu
+---
+ src/useradd.c | 43 ++++++++++++++++++++++++++++++++++++++++++-
+ src/usermod.c | 36 +++++++++++++++++++++++++++++++++++-
+ 2 files changed, 77 insertions(+), 2 deletions(-)
+
+diff --git a/src/useradd.c b/src/useradd.c
+index a92a35b..a1feb6d 100644
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -2074,6 +2074,13 @@ static void usr_update (void)
+  */
+ static void create_home (void)
+ {
++	const char zsys[] = "/sbin/zsys";
++	const char *pname = "zsys";
++	pid_t childpid;
++	int devnull_fd;
++	int zsys_failed;
++	int zsys_status;
++
+ 	if (access (prefix_user_home, F_OK) != 0) {
+ 		char path[strlen (prefix_user_home) + 2];
+ 		char *bhome, *cp;
+@@ -2137,7 +2144,41 @@ static void create_home (void)
+ 				}
+ 				else
+ #endif
+-				if (mkdir (path, 0) != 0) {
++		// We don't create zsys user dataset for system users
++		if (user_id < 1000) {
++			zsys_failed = 1;
++		} else {
++			zsys_failed = 0;
++			switch (childpid = fork())
++			{
++			case -1: /* error */
++				zsys_failed = 1;
++				break;
++			case 0:							  /* child */
++				devnull_fd = open("/dev/null", O_WRONLY);
++				if (devnull_fd == -1) {
++					perror("can't open /dev/null");
++					exit(3);
++				}
++				// don't print zsys stdout and stderr
++				if (dup2(devnull_fd, 1) == -1 || (dup2(devnull_fd, 2) == -1)) {
++					exit(3);
++				}
++				execl(zsys, pname, "userdata", "create", user_name, prefix_user_home, NULL);
++				/* If we come here, something has gone terribly wrong */
++				perror(zsys);
++				exit(42); /* don't continue, we now have 2 processes running! */
++				/* NOTREACHED */
++				break;
++			default: /* parent */
++				if (waitpid(childpid, &zsys_status, 0) == -1 || !WIFEXITED(zsys_status) || WEXITSTATUS(zsys_status) != 0)
++					zsys_failed = 1;
++				break;
++			}
++		}
++
++		/* XXX - create missing parent directories.  --marekm */
++		if (zsys_failed != 0 && mkdir (prefix_user_home, 0) != 0) {
+ 			fprintf (stderr,
+ 							_("%s: cannot create directory %s\n"),
+ 							Prog, path);
+diff --git a/src/usermod.c b/src/usermod.c
+index fb833e1..1781cd8 100644
+--- a/src/usermod.c
++++ b/src/usermod.c
+@@ -1819,6 +1819,12 @@ static void usr_update (void)
+ static void move_home (void)
+ {
+ 	struct stat sb;
++	const char zsys[] = "/sbin/zsys";
++	const char *pname = "zsys";
++	int devnull_fd;
++	pid_t childpid;
++	int zsys_failed;
++	int zsys_status;
+ 
+ 	if (access (prefix_user_newhome, F_OK) == 0) {
+ 		/*
+@@ -1853,7 +1859,35 @@ static void move_home (void)
+ 		}
+ #endif
+ 
+-		if (rename (prefix_user_home, prefix_user_newhome) == 0) {
++        zsys_failed = 0;
++		switch (childpid = fork())
++		{
++		case -1: /* error */
++			zsys_failed = 1;
++			break;
++		case 0: /* child */
++			devnull_fd = open("/dev/null", O_WRONLY);
++			if (devnull_fd == -1){
++				perror("can't open /dev/null");
++				exit(3);
++			}
++			// don't print zsys stdout and stderr
++			if (dup2(devnull_fd, 1) == -1 || (dup2(devnull_fd, 2) == -1)) {
++				exit(3);
++			}
++			execl(zsys, pname, "userdata", "set-home", prefix_user_home, user_newhome, NULL);
++			/* If we come here, something has gone terribly wrong */
++			perror(zsys);
++			exit(42); /* don't continue, we now have 2 processes running! */
++			/* NOTREACHED */
++			break;
++		default: /* parent */
++			if (waitpid(childpid, &zsys_status, 0) == -1 || !WIFEXITED(zsys_status) || WEXITSTATUS(zsys_status) != 0)
++				zsys_failed = 1;
++			break;
++		}
++
++		if (zsys_failed == 0 || rename (prefix_user_home, prefix_user_newhome) == 0) {
+ 			/* FIXME: rename above may have broken symlinks
+ 			 *        pointing to the user's home directory
+ 			 *        with an absolute path. */
diff -pruN 1:4.8-1/debian/patches/series 1:4.8-1ubuntu1/debian/patches/series
--- 1:4.8-1/debian/patches/series	2019-12-20 15:39:40.000000000 +0000
+++ 1:4.8-1ubuntu1/debian/patches/series	2020-01-20 14:16:35.000000000 +0000
@@ -15,3 +15,9 @@
 505_useradd_recommend_adduser
 501_commonio_group_shadow
 git_revert_bindir.patch
+1010_extrausers.patch
+1011_extrausers_toggle.patch
+1012_extrausers_chfn.patch
+1013_extrausers_deluser.patch
+1014_extrausers_delgroup.patch
+1015_add_zsys_support.patch
diff -pruN 1:4.8-1/debian/source_shadow.py 1:4.8-1ubuntu1/debian/source_shadow.py
--- 1:4.8-1/debian/source_shadow.py	1970-01-01 00:00:00.000000000 +0000
+++ 1:4.8-1ubuntu1/debian/source_shadow.py	2020-01-20 14:16:35.000000000 +0000
@@ -0,0 +1,26 @@
+#!/usr/bin/python
+
+'''Apport package hook for shadow
+
+(c) 2010 Canonical Ltd.
+Contributors:
+Marc Deslauriers <marc.deslauriers at canonical.com>
+
+This program is free software; you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by the
+Free Software Foundation; either version 2 of the License, or (at your
+option) any later version.  See http://www.gnu.org/copyleft/gpl.html for
+the full text of the license.
+'''
+
+from apport.hookutils import *
+
+def add_info(report):
+
+    attach_file_if_exists(report, '/etc/login.defs', 'LoginDefs')
+
+if __name__ == '__main__':
+    report = {}
+    add_info(report)
+    for key in report:
+        print('[%s]\n%s' % (key, report[key]))


More information about the Pkg-shadow-devel mailing list