[Pkg-shadow-devel] Ubuntu (new upstream) shadow 1:4.16.0-7ubuntu1
Ubuntu Merge-o-Matic
mom at ubuntu.com
Wed Jan 22 15:57:57 GMT 2025
This e-mail has been sent due to an upload to Ubuntu of a new upstream
version which still contains Ubuntu changes. It contains the difference
between the Ubuntu version and the equivalent base version in Debian, note
that this difference may include the upstream changes.
-------------- next part --------------
Format: 1.8
Date: Mon, 02 Dec 2024 12:39:54 +0100
Source: shadow
Binary: passwd login.defs uidmap libsubid5 libsubid-dev
Architecture: source
Version: 1:4.16.0-7ubuntu1
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Florent 'Skia' Jacquet <florent.jacquet at canonical.com>
Description:
libsubid-dev - subordinate id handling library -- shared library
libsubid5 - subordinate id handling library -- shared library
login.defs - system user management configuration
passwd - change and administer password and group data
uidmap - programs to help use subuids
Closes: 750752 856557 1074320 1074394 1087519
Launchpad-Bugs-Fixed: 2049529 2089923
Changes:
shadow (1:4.16.0-7ubuntu1) plucky; urgency=medium
.
* Merge with Debian unstable. Remaining changes (LP: #2089923):
- d/p/* : Enable private home directories by default
- debian/{source_shadow.py,login.defs.install}: Add apport hook
- debian/patches/1010_extrausers.patch:
+ Add support to passwd for libnss-extrausers
+ Add automatic detection of "extrausers" for usermod -G
- d/p/1011_extrausers_toggle.patch: extrausers support for useradd/groupadd
- d/p/1012_extrausers_chfn.patch: --extrausers support for chfn tool
- d/p/1013_extrausers_deluser.patch: --extrausers support for userdel
- d/p/1014_extrausers_delgroup.patch: --extrausers support for groupdel
- d/p/1016_extrausers_gpasswd.patch: extrausers support for gpasswd
- d/p/506_relaxed_usernames.patch, d/t/{control,numeric-username}:
- d/t/smoke: Extend for extrausers support
- Add some cursory tests for the extrausers features
- d/p/lp2063200: fix useradd group validation with extrausers (LP 2063200)
.
* New Changes:
- d/tests: make 'upstream' tests work with current sources layout
.
* Drop Changes:
- d/p/1015_add_zsys_support.patch: zsys to handle home dir if available
Reason: buggy and unmaintained zsys integration (LP: #2049529)
.
shadow (1:4.16.0-7) unstable; urgency=medium
.
[ Florent 'Skia' Jacquet ]
* d/patches: fix 'upstream' test suite
.
shadow (1:4.16.0-6) unstable; urgency=medium
.
* Add NEWS entry about faillog (Closes: #1074320)
.
shadow (1:4.16.0-5) unstable; urgency=medium
.
[ Chris Hofstaedtler ]
* Always build with btrfs support on linux-any (Closes: #856557)
* debputy.manifest: merge path-metadata entries
* login.defs: remove info about write(1)
Which is not part of Debian trixie. (Closes: #1087519)
.
[ Pino Toscano ]
* Include <utmpx.h>, fixing the build on GNU/Hurd
.
shadow (1:4.16.0-4) unstable; urgency=medium
.
* Drop Debian-only cppw, cpgr tools (Closes: #750752)
* Stop patching login, not installed anymore
* Define LOGIN_NAME_MAX on HURD
* Remove libsystemd-dev Build-Depends.
Only necessary for login(1).
* Stop building programs we do not install
.
shadow (1:4.16.0-3) unstable; urgency=medium
.
* Upload to unstable.
* Fix FTBFS on hurd.
DEB_HOST_ARCH_OS was unset.
.
shadow (1:4.16.0-2) experimental; urgency=medium
.
* passwd: switch Depends from login to login.defs
login will again be installed on fewer systems, but existing installs
will retain it (it is Protected: yes).
* Drop login package, to allow takeover by util-linux.
Move shadow.mo to Package: passwd, have passwd Replaces: older login.
* login.defs: ship manpage
* Re-add workarounds for tests in tests/tests directory.
4.15.3 fixed this, but 4.16.0 happened earlier.
.
shadow (1:4.16.0-1) experimental; urgency=medium
.
* New upstream version 4.16.0
* Rebase patches
* Split /etc/login.defs into its own binary package (Closes: #1074394)
* Rename libsubid4 to libsubid5 (soname bump)
* d/watch: add versionmangle for -rc
Checksums-Sha1:
a19a52a6e948a97cb9872c0dff59ccb0155be58b 2579 shadow_4.16.0-7ubuntu1.dsc
52a12b4b34f4807635b174a28aa96bc9c29a29b3 184116 shadow_4.16.0-7ubuntu1.debian.tar.xz
Checksums-Sha256:
ce0e3906e44f6ff6befa0a80710b310cb12f9726acda0a5786ebb50f9835ecca 2579 shadow_4.16.0-7ubuntu1.dsc
a9e52d709fdf8b016d1880ce6927232c7c1284ba126f4cd258505acd9ae7e1b3 184116 shadow_4.16.0-7ubuntu1.debian.tar.xz
Files:
d4dcfe9e91bcb009f888e8dc20f5a69d 2579 admin required shadow_4.16.0-7ubuntu1.dsc
47c02f8c857d718ff6144554ea564518 184116 admin required shadow_4.16.0-7ubuntu1.debian.tar.xz
Original-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
-------------- next part --------------
diff -pruN 1:4.16.0-7/debian/changelog 1:4.16.0-7ubuntu1/debian/changelog
--- 1:4.16.0-7/debian/changelog 2024-12-06 12:51:40.000000000 +0000
+++ 1:4.16.0-7ubuntu1/debian/changelog 2024-12-02 11:39:54.000000000 +0000
@@ -1,3 +1,30 @@
+shadow (1:4.16.0-7ubuntu1) plucky; urgency=medium
+
+ * Merge with Debian unstable. Remaining changes (LP: #2089923):
+ - d/p/* : Enable private home directories by default
+ - debian/{source_shadow.py,login.defs.install}: Add apport hook
+ - debian/patches/1010_extrausers.patch:
+ + Add support to passwd for libnss-extrausers
+ + Add automatic detection of "extrausers" for usermod -G
+ - d/p/1011_extrausers_toggle.patch: extrausers support for useradd/groupadd
+ - d/p/1012_extrausers_chfn.patch: --extrausers support for chfn tool
+ - d/p/1013_extrausers_deluser.patch: --extrausers support for userdel
+ - d/p/1014_extrausers_delgroup.patch: --extrausers support for groupdel
+ - d/p/1016_extrausers_gpasswd.patch: extrausers support for gpasswd
+ - d/p/506_relaxed_usernames.patch, d/t/{control,numeric-username}:
+ - d/t/smoke: Extend for extrausers support
+ - Add some cursory tests for the extrausers features
+ - d/p/lp2063200: fix useradd group validation with extrausers (LP 2063200)
+
+ * New Changes:
+ - d/tests: make 'upstream' tests work with current sources layout
+
+ * Drop Changes:
+ - d/p/1015_add_zsys_support.patch: zsys to handle home dir if available
+ Reason: buggy and unmaintained zsys integration (LP: #2049529)
+
+ -- Florent 'Skia' Jacquet <florent.jacquet at canonical.com> Mon, 02 Dec 2024 12:39:54 +0100
+
shadow (1:4.16.0-7) unstable; urgency=medium
[ Florent 'Skia' Jacquet ]
@@ -66,6 +93,46 @@ shadow (1:4.16.0-1) experimental; urgenc
-- Chris Hofstaedtler <zeha at debian.org> Fri, 02 Aug 2024 17:35:29 +0200
+shadow (1:4.15.3-3ubuntu2) oracular; urgency=medium
+
+ * d/p : disallow pure numeric user and group names (LP: #2076898)
+
+ -- Hector Cao <hector.cao at canonical.com> Tue, 13 Aug 2024 12:15:06 +0200
+
+shadow (1:4.15.3-3ubuntu1) oracular; urgency=medium
+
+ * Merge with Debian unstable. Remaining changes (LP: #2073338):
+ - d/p/* : Enable private home directories by default
+ - debian/{source_shadow.py,login.install}: Add apport hook
+ - debian/patches/1010_extrausers.patch:
+ + Add support to passwd for libnss-extrausers
+ + Add automatic detection of "extrausers" for usermod -G
+ - d/p/1011_extrausers_toggle.patch: extrausers support for useradd/groupadd
+ - d/p/1012_extrausers_chfn.patch: --extrausers support for chfn tool
+ This patch has been refreshed to remove "implicit function declaration"
+ warning
+ - d/p/1013_extrausers_deluser.patch: --extrausers support for userdel
+ - d/p/1014_extrausers_delgroup.patch: --extrausers support for groupdel
+ This patch has been refreshed to remove "implicit function declaration"
+ warning
+ - d/p/1015_add_zsys_support.patch: zsys to handle home dir if available
+ - d/p/1016_extrausers_gpasswd.patch: extrausers support for gpasswd
+ - d/p/506_relaxed_usernames.patch, d/t/{control,numeric-username}:
+ + disallow purely numeric usernames
+ The patch has been integrated in debian but we still have to
+ keep the tests
+ - d/t/smoke: Extend for extrausers support
+ - Add some cursory tests for the extrausers features
+ - d/p/lp2063200: fix useradd group validation with extrausers (LP 2063200)
+
+ Dropped changes:
+ - debian/login.defs: Update documentation of USERGROUPS_ENAB/UMASK
+ Reason: Integrated upstream
+ - Fix ftbfs with -Werror=implicit-function-declaration
+ Reason: Integrated upstream
+
+ -- Hector Cao <hector.cao at canonical.com> Mon, 29 Jul 2024 11:30:50 +0200
+
shadow (1:4.15.3-3) unstable; urgency=medium
* Forbid backslashes in user/group-names.
@@ -186,6 +253,56 @@ shadow (1:4.13+dfsg1-5) unstable; urgenc
-- Chris Hofstaedtler <zeha at debian.org> Sun, 02 Jun 2024 20:01:51 +0200
+shadow (1:4.13+dfsg1-4ubuntu5) oracular; urgency=medium
+
+ * d/p/lp2063200/*: amend the patch to fix `useradd -D` breakage
+ (LP: #2063200)
+
+ -- Simon Chopin <schopin at ubuntu.com> Mon, 27 May 2024 18:56:51 +0200
+
+shadow (1:4.13+dfsg1-4ubuntu4) oracular; urgency=medium
+
+ * Add some cursory tests for the extrausers features
+ * d/p/lp2063200: fix useradd group validation with extrausers (LP: 2063200)
+
+ -- Simon Chopin <schopin at ubuntu.com> Tue, 07 May 2024 18:49:58 +0200
+
+shadow (1:4.13+dfsg1-4ubuntu3) noble; urgency=medium
+
+ * Fix ftbfs with -Werror=implicit-function-declaration.
+
+ -- Matthias Klose <doko at ubuntu.com> Tue, 09 Apr 2024 09:01:02 +0200
+
+shadow (1:4.13+dfsg1-4ubuntu2) noble; urgency=high
+
+ * No change rebuild for 64-bit time_t and frame pointers.
+
+ -- Julian Andres Klode <juliank at ubuntu.com> Mon, 08 Apr 2024 18:19:19 +0200
+
+shadow (1:4.13+dfsg1-4ubuntu1) noble; urgency=medium
+
+ * Merge with Debian unstable. Remaining changes:
+ - d/login.defs: Enable private home directories by default
+ - debian/login.defs: Update documentation of USERGROUPS_ENAB/UMASK
+ + USERGROUPS_ENAB: with pam_umask, the UPG handling does not only apply
+ to "former (pre-PAM) uses".
+ + UMASK: Explain that USERGROUPS_ENAB will modify this default for UPGs.
+ - debian/{source_shadow.py,login.install}: Add apport hook
+ - debian/patches/1010_extrausers.patch:
+ + Add support to passwd for libnss-extrausers
+ + Add automatic detection of "extrausers" for usermod -G
+ - d/p/1011_extrausers_toggle.patch: extrausers support for useradd/groupadd
+ - d/p/1012_extrausers_chfn.patch: --extrausers support for chfn tool
+ - d/p/1013_extrausers_deluser.patch: --extrausers support for userdel
+ - d/p/1014_extrausers_delgroup.patch: --extrausers support for groupdel
+ - d/p/1015_add_zsys_support.patch: zsys to handle home dir if available
+ - d/p/1016_extrausers_gpasswd.patch: extrausers support for gpasswd
+ - d/p/506_relaxed_usernames.patch, d/t/{control,numeric-username}:
+ + disallow purely numeric usernames
+ - d/t/smoke: Extend for extrausers support
+
+ -- Julian Andres Klode <juliank at ubuntu.com> Thu, 22 Feb 2024 13:30:23 +0100
+
shadow (1:4.13+dfsg1-4) unstable; urgency=medium
[ Helmut Grohne ]
@@ -193,6 +310,30 @@ shadow (1:4.13+dfsg1-4) unstable; urgenc
-- Serge Hallyn <serge at hallyn.com> Sun, 04 Feb 2024 20:28:27 +0000
+shadow (1:4.13+dfsg1-3ubuntu1) noble; urgency=medium
+
+ * Merge with Debian unstable. Remaining changes:
+ - d/login.defs: Enable private home directories by default
+ - debian/login.defs: Update documentation of USERGROUPS_ENAB/UMASK
+ + USERGROUPS_ENAB: with pam_umask, the UPG handling does not only apply
+ to "former (pre-PAM) uses".
+ + UMASK: Explain that USERGROUPS_ENAB will modify this default for UPGs.
+ - debian/{source_shadow.py,login.install}: Add apport hook
+ - debian/patches/1010_extrausers.patch:
+ + Add support to passwd for libnss-extrausers
+ + Add automatic detection of "extrausers" for usermod -G
+ - d/p/1011_extrausers_toggle.patch: extrausers support for useradd/groupadd
+ - d/p/1012_extrausers_chfn.patch: --extrausers support for chfn tool
+ - d/p/1013_extrausers_deluser.patch: --extrausers support for userdel
+ - d/p/1014_extrausers_delgroup.patch: --extrausers support for groupdel
+ - d/p/1015_add_zsys_support.patch: zsys to handle home dir if available
+ - d/p/1016_extrausers_gpasswd.patch: extrausers support for gpasswd
+ - d/p/506_relaxed_usernames.patch, d/t/{control,numeric-username}:
+ + disallow purely numeric usernames
+ - d/t/smoke: Extend for extrausers support
+
+ -- Lukas Märdian <slyon at ubuntu.com> Tue, 05 Dec 2023 11:36:01 +0100
+
shadow (1:4.13+dfsg1-3) unstable; urgency=medium
* Team upload
@@ -222,6 +363,36 @@ shadow (1:4.13+dfsg1-2) unstable; urgenc
-- Balint Reczey <balint at balintreczey.hu> Tue, 26 Sep 2023 22:01:52 +0200
+shadow (1:4.13+dfsg1-1ubuntu1) lunar; urgency=medium
+
+ * Merge from Debian unstable. Remaining changes:
+ - d/login.defs: Enable private home directories by default
+ - debian/login.defs: Update documentation of USERGROUPS_ENAB/UMASK
+ + USERGROUPS_ENAB: with pam_umask, the UPG handling does not only apply
+ to "former (pre-PAM) uses".
+ + UMASK: Explain that USERGROUPS_ENAB will modify this default for UPGs.
+ - debian/{source_shadow.py,login.install}: Add apport hook
+ - debian/patches/1010_extrausers.patch:
+ + Add support to passwd for libnss-extrausers
+ + Add automatic detection of "extrausers" for usermod -G
+ - d/p/1011_extrausers_toggle.patch: extrausers support for useradd/groupadd
+ - d/p/1012_extrausers_chfn.patch: --extrausers support for chfn tool
+ - d/p/1013_extrausers_deluser.patch: --extrausers support for userdel
+ - d/p/1014_extrausers_delgroup.patch: --extrausers support for groupdel
+ - d/p/1015_add_zsys_support.patch: zsys to handle home dir if available
+ - d/p/1016_extrausers_gpasswd.patch: extrausers support for gpasswd
+ - d/p/506_relaxed_usernames.patch, d/t/{control,numeric-username}:
+ + disallow purely numeric usernames
+ - d/t/smoke: Extend for extrausers support
+ * Dropped changes (not needed anymore):
+ - d/passwd.maintscript: cleanup /etc/init/passwd.conf 1:4.2-3.2ubuntu4~
+ * Refresh patches:
+ - d/p/1010_extrausers.patch
+ - d/p/1011_extrausers_toggle.patch
+ - d/p/1015_add_zsys_support.patch
+
+ -- Lukas Märdian <slyon at ubuntu.com> Wed, 23 Nov 2022 11:55:02 +0100
+
shadow (1:4.13+dfsg1-1) unstable; urgency=medium
[ Balint Reczey ]
@@ -276,6 +447,41 @@ shadow (1:4.12.3+dfsg1-1) unstable; urge
-- Balint Reczey <balint at balintreczey.hu> Tue, 04 Oct 2022 22:09:04 +0200
+shadow (1:4.11.1+dfsg1-2ubuntu1) kinetic; urgency=medium
+
+ * Merge from Debian unstable. Remaining changes:
+ - debian/login.defs:
+ + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+ handling does not only apply to "former (pre-PAM) uses".
+ + Update documentation of UMASK: Explain that USERGROUPS_ENAB
+ will modify this default for UPGs.
+ + Enable private home directories by default
+ - debian/{source_shadow.py,login.install}: Add apport hook
+ - debian/patches/1010_extrausers.patch:
+ + Add support to passwd for libnss-extrausers
+ + Add automatic detection of "extrausers" for usermod -G
+ - debian/patches/1011_extrausers_toggle.patch:
+ + extrausers support for useradd and groupadd
+ - debian/patches/1012_extrausers_chfn.patch:
+ + add support for --extrausers to the chfn tool
+ - debian/patches/1013_extrausers_deluser.patch:
+ + add --extrausers option to "userdel"
+ - debian/patches/1014_extrausers_delgroup.patch:
+ + add --extrausers option to "groupdel"
+ - debian/patches/1015_add_zsys_support.patch:
+ + Call zsys to handle home directory if available.
+ - debian/patches/1016_extrausers_gpasswd.patch:
+ + Add support for extrausers in gpasswd.
+ - d/p/506_relaxed_usernames.patch, d/t/{control,numeric-username}
+ + disallow purely numeric usernames
+ - debian/tests/smoke:
+ + Extend for extrausers support
+ * Dropped changes, applied in Debian:
+ - Basic test in d/t/control and d/t/smoke
+ - Documentation about HOME_MODE in login.defs
+
+ -- Lukas Märdian <slyon at ubuntu.com> Mon, 23 May 2022 14:23:01 +0200
+
shadow (1:4.11.1+dfsg1-2) unstable; urgency=medium
[ Balint Reczey ]
@@ -336,6 +542,46 @@ shadow (1:4.11.1+dfsg1-0exp1) experiment
-- Balint Reczey <balint at balintreczey.hu> Sat, 22 Jan 2022 21:03:44 +0100
+shadow (1:4.8.1-2ubuntu2) jammy; urgency=medium
+
+ [ Michael Vogt ]
+ * debian/patches/1010_extrausers.patch:
+ Add automatic detection of "extrausers" for usermod -G
+ (LP: #1959375)
+
+ -- Alberto Mardegan <alberto.mardegan at canonical.com> Mon, 14 Mar 2022 11:59:13 +0300
+
+shadow (1:4.8.1-2ubuntu1) jammy; urgency=low
+
+ * Merge from Debian unstable (LP: #1951161). Remaining changes:
+ - debian/login.defs:
+ + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+ handling does not only apply to "former (pre-PAM) uses".
+ + Update documentation of UMASK: Explain that USERGROUPS_ENAB
+ will modify this default for UPGs.
+ + Enable private home directories by default
+ - debian/{source_shadow.py,login.install}: Add apport hook
+ - debian/patches/1010_extrausers.patch: Add support to passwd for
+ libnss-extrausers
+ - debian/patches/1011_extrausers_toggle.patch: extrausers support for
+ useradd and groupadd
+ - debian/patches/1014_extrausers_delgroup.patch
+ + add --extrausers option to "groupdel"
+ - debian/patches/1013_extrausers_deluser.patch
+ + add --extrausers option to "userdel"
+ - debian/patches/1012_extrausers_chfn.patch
+ + add support for --extrausers to the chfn tool
+ - debian/patches/1015_add_zsys_support.patch
+ + Call zsys to handle home directory if available.
+ - debian/patches/1016_extrausers_gpasswd.patch
+ + Add support for extrausers in gpasswd.
+ - debian/patches/506_relaxed_usernames.patch
+ + disallow purely numeric usernames
+ * Dropped changes, included in Debian:
+ - debian/passwd.maintscripts: Clean up upstart configuration
+
+ -- William 'jawn-smith' Wilson <jawn-smith at ubuntu.com> Mon, 15 Nov 2021 16:13:44 -0600
+
shadow (1:4.8.1-2) unstable; urgency=medium
* debian/control: Switch to libsemanage-dev from libsemanage1-dev
@@ -369,6 +615,97 @@ shadow (1:4.8.1-1.1) unstable; urgency=m
-- Johannes Schauer Marin Rodrigues <josch at debian.org> Sat, 23 Oct 2021 21:04:57 +0200
+shadow (1:4.8.1-1ubuntu9) impish; urgency=medium
+
+ * Disallow purely numeric usernames. This includes hexadecimal and
+ octal syntax. (LP: #1927078)
+
+ -- William 'jawn-smith' Wilson <william.wilson at canonical.com> Thu, 17 Jun 2021 14:35:15 -0500
+
+shadow (1:4.8.1-1ubuntu8) hirsute; urgency=medium
+
+ * Enable private home directories by default (LP: #48734)
+ - Set HOME_MODE=750 in login.defs to enable private home directories
+
+ -- Alex Murray <alex.murray at canonical.com> Thu, 07 Jan 2021 15:35:37 +1030
+
+shadow (1:4.8.1-1ubuntu7) hirsute; urgency=medium
+
+ [ Marcus Tomlinson ]
+ * debian/patches/1016_extrausers_gpasswd.patch:
+ - Add support for extrausers in gpasswd.
+
+ -- Dimitri John Ledkov <xnox at ubuntu.com> Wed, 02 Dec 2020 10:44:11 +0000
+
+shadow (1:4.8.1-1ubuntu6) groovy; urgency=medium
+
+ * debian/patches/1015_add_zsys_support.patch:
+ - Add support for ZSys user deletion (LP: #1881540)
+ - Fix a build warning
+
+ -- Didier Roche <didrocks at ubuntu.com> Thu, 28 May 2020 08:37:47 +0200
+
+shadow (1:4.8.1-1ubuntu5) focal; urgency=medium
+
+ * debian/patches/1015_add_zsys_support.patch:
+ Fix regression on zfs system when the user dataset wasn’t created
+ (LP: #1873263)
+ - wrong variable was used when merged with debian
+ - reset the correct order to ensure owner and mod are correct.
+
+ -- Didier Roche <didrocks at ubuntu.com> Thu, 16 Apr 2020 14:36:45 +0200
+
+shadow (1:4.8.1-1ubuntu4) focal; urgency=medium
+
+ * debian/patches/1015_add_zsys_support.patch:
+ - use now zsysctl command instead of zsys which isn't available anymore.
+ This fix creation of new user dataset on ZFS.
+
+ -- Didier Roche <didrocks at ubuntu.com> Mon, 06 Apr 2020 09:51:10 +0200
+
+shadow (1:4.8.1-1ubuntu3) focal; urgency=medium
+
+ * debian/patches/1013_extrausers_deluser.patch:
+ - move "if (use_extrausers)" check before the test if the user
+ actually exists in the local database
+ * debian/tests:
+ - add smoke autopkgtest tests around {user,group}{add,del} with
+ and without extrausers to avoid regressions like the one fixed
+ in 4.8.1-1ubuntu2
+
+ -- Michael Vogt <michael.vogt at ubuntu.com> Mon, 09 Mar 2020 10:43:16 +0100
+
+shadow (1:4.8.1-1ubuntu2) focal; urgency=medium
+
+ * No-change rebuild to pick up dependency on libcrypt1.
+
+ -- Matthias Klose <doko at ubuntu.com> Sat, 07 Mar 2020 10:16:01 +0100
+
+shadow (1:4.8.1-1ubuntu1) focal; urgency=medium
+
+ * Merge from Debian unstable. Remaining changes:
+ - debian/login.defs:
+ + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+ handling does not only apply to "former (pre-PAM) uses".
+ + Update documentation of UMASK: Explain that USERGROUPS_ENAB
+ will modify this default for UPGs.
+ - debian/{source_shadow.py,login.install}: Add apport hook
+ - debian/patches/1010_extrausers.patch: Add support to passwd for
+ libnss-extrausers
+ - debian/patches/1011_extrausers_toggle.patch: extrausers support for
+ useradd and groupadd
+ - debian/patches/1014_extrausers_delgroup.patch
+ + add --extrausers option to "groupdel"
+ - debian/patches/1013_extrausers_deluser.patch
+ + add --extrausers option to "userdel"
+ - debian/patches/1012_extrausers_chfn.patch:
+ + add support for --extrausers to the chfn tool
+ - debian/patches/1015_add_zsys_support.patch:
+ + Call zsys to handle home directory if available.
+ - debian/passwd.maintscripts: Clean up upstart configuration
+
+ -- Balint Reczey <rbalint at ubuntu.com> Fri, 07 Feb 2020 16:32:06 +0100
+
shadow (1:4.8.1-1) unstable; urgency=medium
* debian/default/useradd: Fix typo DHSELL -> DSHELL (Closes: #897028)
@@ -378,6 +715,31 @@ shadow (1:4.8.1-1) unstable; urgency=med
-- Balint Reczey <rbalint at ubuntu.com> Fri, 07 Feb 2020 15:54:14 +0100
+shadow (1:4.8-1ubuntu1) focal; urgency=medium
+
+ * Merge from Debian unstable. Remaining changes:
+ - debian/login.defs:
+ + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+ handling does not only apply to "former (pre-PAM) uses".
+ + Update documentation of UMASK: Explain that USERGROUPS_ENAB
+ will modify this default for UPGs.
+ - debian/{source_shadow.py,login.install}: Add apport hook
+ - debian/patches/1010_extrausers.patch: Add support to passwd for
+ libnss-extrausers
+ - debian/patches/1011_extrausers_toggle.patch: extrausers support for
+ useradd and groupadd
+ - debian/patches/1014_extrausers_delgroup.patch
+ + add --extrausers option to "groupdel"
+ - debian/patches/1013_extrausers_deluser.patch
+ + add --extrausers option to "userdel"
+ - debian/patches/1012_extrausers_chfn.patch:
+ + add support for --extrausers to the chfn tool
+ - debian/patches/1015_add_zsys_support.patch:
+ + Call zsys to handle home directory if available.
+ - debian/passwd.maintscripts: Clean up upstart configuration
+
+ -- Balint Reczey <rbalint at ubuntu.com> Mon, 20 Jan 2020 15:16:35 +0100
+
shadow (1:4.8-1) unstable; urgency=medium
[ Laurent Bigonville ]
@@ -449,6 +811,53 @@ shadow (1:4.7-1) unstable; urgency=mediu
-- Balint Reczey <rbalint at ubuntu.com> Mon, 08 Jul 2019 15:58:46 +0200
+shadow (1:4.5-1.1ubuntu4) eoan; urgency=medium
+
+ * debian/patches/1015_add_zsys_support.patch:
+ - Call zsys to handle home directory if available.
+ We call zsys to handle dataset creation for zsys system in a separate
+ home dataset for each user on the system.
+ This allows one to handle user dataset outside of /home and also renaming.
+ We don't support yet deletion, as removing the dataset would remove as
+ well every snapshot of the history, and so, revert to previous version
+ will result in user created, but no home directory, which is unwanted.
+ (LP: #1842902)
+
+ -- Didier Roche <didrocks at ubuntu.com> Thu, 29 Aug 2019 15:00:07 +0200
+
+shadow (1:4.5-1.1ubuntu3) eoan; urgency=medium
+
+ * debian/patches/1014_extrausers_delgroup.patch
+ - add --extrausers option to "groupdel" (LP: #1840375)
+
+ -- Michael Vogt <michael.vogt at ubuntu.com> Wed, 21 Aug 2019 11:40:17 +0200
+
+shadow (1:4.5-1.1ubuntu2) disco; urgency=medium
+
+ * debian/patches/1013_extrausers_deluser.patch
+ - add --extrausers option to "userdel" (LP: #1659534)
+
+ -- Michael Vogt <michael.vogt at ubuntu.com> Fri, 22 Mar 2019 19:32:50 +0100
+
+shadow (1:4.5-1.1ubuntu1) disco; urgency=low
+
+ * Merge from Debian unstable. Remaining changes:
+ - debian/login.defs:
+ + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+ handling does not only apply to "former (pre-PAM) uses".
+ + Update documentation of UMASK: Explain that USERGROUPS_ENAB
+ will modify this default for UPGs.
+ - debian/{source_shadow.py,rules}: Add apport hook
+ - debian/patches/1010_extrausers.patch: Add support to passwd for
+ libnss-extrausers
+ - debian/patches/1011_extrausers_toggle.patch: extrausers support for
+ useradd and groupadd
+ - debian/patches/1012_extrausers_chfn.patch: add support for
+ --extrausers to the chfn tool
+ - debian/passwd.maintscripts: Clean up upstart configuration
+
+ -- Steve Langasek <steve.langasek at ubuntu.com> Thu, 24 Jan 2019 15:46:48 -0800
+
shadow (1:4.5-1.1) unstable; urgency=medium
* Non-maintainer upload (greetings from DebCamp/DebConf Taiwan).
@@ -462,6 +871,42 @@ shadow (1:4.5-1.1) unstable; urgency=med
-- Andreas Henriksson <andreas at fatal.se> Fri, 27 Jul 2018 10:07:37 +0200
+shadow (1:4.5-1ubuntu1) bionic; urgency=medium
+
+ * Merge with Debian; remaining changes:
+ - debian/login.defs:
+ + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+ handling does not only apply to "former (pre-PAM) uses".
+ + Update documentation of UMASK: Explain that USERGROUPS_ENAB
+ will modify this default for UPGs.
+ - debian/{source_shadow.py,rules}: Add apport hook
+ - debian/patches/1010_extrausers.patch: Add support to passwd for
+ libnss-extrausers
+ - debian/patches/1011_extrausers_toggle.patch: extrausers support for
+ useradd and groupadd
+ - debian/patches/1012_extrausers_chfn.patch: add support for
+ --extrausers to the chfn tool
+ - debian/passwd.maintscripts: Clean up upstart configuration
+ * Dropped changes, included in Debian:
+ - Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
+ /etc/update-motd.d/* scripts twice.
+ * Dropped changes, included upstream:
+ - debian/patches/userns/subuids-nonlocal-users: Don't limit
+ subuid/subgid support to local users.
+ - debian/patches/1021_no_subuids_for_system_users.patch
+ - debian/patches/CVE-2017-2616.patch: Check process's exit status before
+ sending signal
+ - debian/patches/CVE-2017-2616-regression.patch: Do not reset the
+ pid_child to 0 if the child process is still running.
+ - CVE-2017-2616
+ - debian/patches/CVE-2016-6252.patch: parse directly into unsigned long
+ - CVE-2016-6252
+ * Dropped obsoleted changes:
+ - debian/rules: setting DEB_*_INSTALLINIT_ARGS became obsolete after
+ switching to passwd.tmpfile from passwd.service
+
+ -- Balint Reczey <rbalint at ubuntu.com> Thu, 25 Jan 2018 16:09:22 +0100
+
shadow (1:4.5-1) unstable; urgency=medium
* New upstream version 4.5
@@ -597,6 +1042,86 @@ shadow (1:4.2-3.3) unstable; urgency=med
-- Samuel Thibault <sthibault at debian.org> Tue, 22 Nov 2016 18:31:28 +0000
+shadow (1:4.2-3.2ubuntu4) artful; urgency=medium
+
+ * Drop upstart system jobs.
+
+ -- Dimitri John Ledkov <xnox at ubuntu.com> Mon, 21 Aug 2017 00:56:14 +0100
+
+shadow (1:4.2-3.2ubuntu2) artful; urgency=medium
+
+ * SECURITY UPDATE: su could be used to kill arbitrary processes.
+ - debian/patches/CVE-2017-2616.patch: Check process's exit status before
+ sending signal
+ - debian/patches/CVE-2017-2616-regression.patch: Do not reset the
+ pid_child to 0 if the child process is still running.
+ - CVE-2017-2616
+ * SECURITY UPDATE: getulong() function could accidentally parse negative
+ numbers as large positive numbers.
+ - debian/patches/CVE-2016-6252.patch: parse directly into unsigned long
+ - CVE-2016-6252
+
+ -- Seth Arnold <seth.arnold at canonical.com> Thu, 18 May 2017 14:39:32 -0400
+
+shadow (1:4.2-3.2ubuntu1) yakkety; urgency=medium
+
+ * Merge with Debian; remaining changes:
+ - debian/passwd.upstart: Add an upstart job to clear locks on
+ [shadow-]passwd/group.
+ - debian/login.defs:
+ + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+ handling does not only apply to "former (pre-PAM) uses".
+ + Update documentation of UMASK: Explain that USERGROUPS_ENAB
+ will modify this default for UPGs.
+ - debian/{source_shadow.py,rules}: Add apport hook
+ - Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
+ /etc/update-motd.d/* scripts twice.
+ - debian/patches/1010_extrausers.patch: Add support to passwd for
+ libnss-extrausers
+ - debian/patches/1011_extrausers_toggle.patch: extrausers support for
+ useradd and groupadd
+ - debian/patches/userns/subuids-nonlocal-users: Don't limit
+ subuid/subgid support to local users.
+ * Dropped changes, included in Debian:
+ - Allow LXC devices (lxc/console, lxc/tty[1234]), used from precise on.
+ - Add uidmap package based on upstream patches that introduce
+ newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional
+ updates on those to widen the default allocation to 65536 uids and gids
+ and only assign ranges to non-system users.
+ - debian/patches/1020_fix_user_busy_errors: Call sub_uid_close in all
+ error cases.
+ * Dropped changes, included upstream:
+ - debian/patches/495_stdout-encrypted-password: chpasswd can report
+ password hashes on stdout.
+ - debian/patches/496_su_kill_process_group: Kill the child process group,
+ rather than just the immediate child.
+ * Fix pam_motd calls so that the second pam_motd is the noupdate one rather
+ than the first, ensuring /run/motd.dynamic is always populated and shown
+ on the first login after boot. LP: #1368864.
+ * Don't call 'pam_exec uname', a change adopted in Debian without
+ coordination with the Debian PAM maintainer
+ * Use dh_installinit now for installing the upstart job, as we no longer
+ generate a dependency on upstart-job.
+ * Include /etc/sub[ug]id in the list of files to clear locks for on boot.
+ LP: #1304505
+ * Add a systemd unit to go with the upstart job, so that lock clearing works
+ on newer Ubuntu releases.
+ * add support for "chfn --extrausers" (LP: #1495580)
+ * debian/patches/1010_extrausers.patch:
+ - Fix usermod to handle a readonly /etc gracefully (LP: #1562872)
+ * debian/patches/1010_extrausers.patch:
+ - Fix usermod to look in extrausers location for basic changes to a
+ user's passwd info. Fixes changing user's real name in Touch via
+ AccountsService. (Does not address updating groups yet, since that's
+ less useful now, as we can't update any system groups.)
+ * d/p/1021_no_subuids_for_system_users.patch: fix the not creating subuids
+ for system users. (LP: #1545884)
+ * Replace debian/passwd.service with debian/passwd.tmpfile, systemd tmpfile
+ handling has support for removing files for us on boot. Thanks to
+ Martin Pitt <pitti at ubuntu.com> for the hint.
+
+ -- Matthias Klose <doko at ubuntu.com> Tue, 20 Sep 2016 09:43:54 +0200
+
shadow (1:4.2-3.2) unstable; urgency=medium
* Non-maintainer upload.
@@ -606,6 +1131,93 @@ shadow (1:4.2-3.2) unstable; urgency=med
-- Mattia Rizzolo <mattia at debian.org> Sun, 18 Sep 2016 14:42:16 +0000
+shadow (1:4.2-3.1ubuntu6) yakkety; urgency=medium
+
+ * add support for "chfn --extrausers" (LP: #1495580)
+
+ -- Michael Vogt <michael.vogt at ubuntu.com> Thu, 23 Jun 2016 08:02:00 +0200
+
+shadow (1:4.2-3.1ubuntu5) xenial; urgency=medium
+
+ * debian/patches/1010_extrausers.patch:
+ - Fix usermod to handle a readonly /etc gracefully (LP: #1562872)
+
+ -- Michael Terry <mterry at ubuntu.com> Mon, 28 Mar 2016 09:44:23 -0400
+
+shadow (1:4.2-3.1ubuntu4) xenial; urgency=medium
+
+ * debian/patches/1010_extrausers.patch:
+ - Fix usermod to look in extrausers location for basic changes to a
+ user's passwd info. Fixes changing user's real name in Touch via
+ AccountsService. (Does not address updating groups yet, since that's
+ less useful now, as we can't update any system groups.)
+
+ -- Michael Terry <mterry at ubuntu.com> Wed, 02 Mar 2016 15:01:19 -0500
+
+shadow (1:4.2-3.1ubuntu3) xenial; urgency=medium
+
+ * d/p/1021_no_subuids_for_system_users.patch: fix the not creating subuids
+ for system users. (LP: #1545884)
+
+ -- Serge Hallyn <serge.hallyn at ubuntu.com> Wed, 17 Feb 2016 20:57:59 -0800
+
+shadow (1:4.2-3.1ubuntu2) xenial; urgency=medium
+
+ * Replace debian/passwd.service with debian/passwd.tmpfile, systemd tmpfile
+ handling has support for removing files for us on boot. Thanks to
+ Martin Pitt <pitti at ubuntu.com> for the hint.
+
+ -- Steve Langasek <steve.langasek at ubuntu.com> Thu, 04 Feb 2016 14:01:27 -0800
+
+shadow (1:4.2-3.1ubuntu1) xenial; urgency=low
+
+ * Merge from Debian unstable.
+ - Includes pam_loginuid in login PAM config. LP: #1067779.
+ - Fixes typo in usermod -h output. LP: #1348873.
+ * Remaining changes:
+ - debian/passwd.upstart: Add an upstart job to clear locks on
+ [shadow-]passwd/group.
+ - debian/login.defs:
+ + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+ handling does not only apply to "former (pre-PAM) uses".
+ + Update documentation of UMASK: Explain that USERGROUPS_ENAB
+ will modify this default for UPGs.
+ - debian/{source_shadow.py,rules}: Add apport hook
+ - Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
+ /etc/update-motd.d/* scripts twice.
+ - debian/patches/1010_extrausers.patch: Add support to passwd for
+ libnss-extrausers
+ - debian/patches/1011_extrausers_toggle.patch: extrausers support for
+ useradd and groupadd
+ - debian/patches/userns/subuids-nonlocal-users: Don't limit
+ subuid/subgid support to local users.
+ * Dropped changes, included in Debian:
+ - Allow LXC devices (lxc/console, lxc/tty[1234]), used from precise on.
+ - Add uidmap package based on upstream patches that introduce
+ newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional
+ updates on those to widen the default allocation to 65536 uids and gids
+ and only assign ranges to non-system users.
+ - debian/patches/1020_fix_user_busy_errors: Call sub_uid_close in all
+ error cases.
+ * Dropped changes, included upstream:
+ - debian/patches/495_stdout-encrypted-password: chpasswd can report
+ password hashes on stdout.
+ - debian/patches/496_su_kill_process_group: Kill the child process group,
+ rather than just the immediate child.
+ * Fix pam_motd calls so that the second pam_motd is the noupdate one rather
+ than the first, ensuring /run/motd.dynamic is always populated and shown
+ on the first login after boot. LP: #1368864.
+ * Don't call 'pam_exec uname', a change adopted in Debian without
+ coordination with the Debian PAM maintainer
+ * Use dh_installinit now for installing the upstart job, as we no longer
+ generate a dependency on upstart-job.
+ * Include /etc/sub[ug]id in the list of files to clear locks for on boot.
+ LP: #1304505
+ * Add a systemd unit to go with the upstart job, so that lock clearing works
+ on newer Ubuntu releases.
+
+ -- Steve Langasek <steve.langasek at ubuntu.com> Thu, 28 Jan 2016 22:21:41 -0800
+
shadow (1:4.2-3.1) unstable; urgency=medium
* Non-maintainer upload.
@@ -716,6 +1328,79 @@ shadow (1:4.2-1) experimental; urgency=l
-- Christian Perrier <bubulle at debian.org> Tue, 22 Apr 2014 09:01:42 +0200
+shadow (1:4.1.5.1-1.1ubuntu7) wily; urgency=medium
+
+ * debian/patches/userns/subuids-nonlocal-users: Don't limit
+ subuid/subgid support to local users. Closes LP: #1475749.
+
+ -- Steve Langasek <steve.langasek at ubuntu.com> Mon, 20 Jul 2015 18:44:12 -0700
+
+shadow (1:4.1.5.1-1.1ubuntu6) wily; urgency=medium
+
+ * extrausers support for useradd and groupadd (LP: #1323732)
+
+ -- Sergio Schvezov <sergio.schvezov at canonical.com> Thu, 25 Jun 2015 15:26:55 -0300
+
+shadow (1:4.1.5.1-1.1ubuntu5) wily; urgency=medium
+
+ * debian/rules: Re-enable audit support. (LP: #1414817)
+ * debian/control: add libaudit-dev to Build-Depends.
+
+ -- Mathieu Trudel-Lapierre <mathieu-tl at ubuntu.com> Tue, 02 Jun 2015 10:46:18 -0400
+
+shadow (1:4.1.5.1-1.1ubuntu4) vivid; urgency=medium
+
+ * debian/patches/1020_fix_user_busy_errors:
+ - libmisc/user_busy.c: Call sub_uid_close in all error cases, otherwise
+ code that later opens it as RW fails obscurely. (LP: #1436937)
+
+ -- William Grant <wgrant at ubuntu.com> Mon, 20 Apr 2015 18:41:47 +0100
+
+shadow (1:4.1.5.1-1.1ubuntu3) vivid; urgency=medium
+
+ * No change rebuild to get debug symbols for all architectures.
+
+ -- Brian Murray <brian at ubuntu.com> Tue, 02 Dec 2014 11:39:38 -0800
+
+shadow (1:4.1.5.1-1.1ubuntu2) utopic; urgency=medium
+
+ * debian/patches/1010_extrausers.patch:
+ - Add support to passwd for libnss-extrausers by falling back to the
+ /var/lib/extrausers/ locations if it exists when updating
+ passwd or shadow.
+
+ -- Michael Terry <mterry at ubuntu.com> Fri, 18 Jul 2014 10:00:44 -0400
+
+shadow (1:4.1.5.1-1.1ubuntu1) utopic; urgency=medium
+
+ * Merge from Debian unstable. Remaining changes:
+ - debian/passwd.upstart: Add an upstrat job to clear locks on
+ [shadow-]passwd/group. (LP: #523896).
+ - Allow LXC devices (lxc/console, lxc/tty[1234]) that we'll start using
+ in LXC with Precise.
+ - debian/login.defs:
+ + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+ handling does not only apply to "former (pre-PAM) uses".
+ + Update documentation of UMASK: Explain that USERGROUPS_ENAB
+ will modify this default for UPGs. (Closes: #583971)
+ - debian/{source_shadow.py,rules}: Add apport hook
+ - debian/patches/495_stdout-encrypted-password: chpasswd can report
+ password hashes on stdout (Debian bug 505640).
+ - Install upstart job by-hand, instead of using dh_installinit to avoid
+ dependency on upstart-job.
+ - Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
+ /etc/update-motd.d/* scripts twice (LP: #1169558).
+ - debian/patches/496_su_kill_process_group: Kill the child process group,
+ rather than just the immediate child; this is needed now that su no
+ longer starts a controlling terminal when not running an interactive
+ shell (closes: #713979).
+ - Add uidmap package based on upstream patches that introduce
+ newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional
+ updates on those to widen the default allocation to 65536 uids and gids
+ and only assign ranges to non-system users.
+
+ -- Stéphane Graber <stgraber at ubuntu.com> Fri, 02 May 2014 15:17:15 -0400
+
shadow (1:4.1.5.1-1.1) unstable; urgency=medium
* Non-maintainer upload.
@@ -729,6 +1414,103 @@ shadow (1:4.1.5.1-1.1) unstable; urgency
-- Samuel Thibault <sthibault at debian.org> Sun, 16 Mar 2014 20:58:24 +0100
+shadow (1:4.1.5.1-1ubuntu9) trusty; urgency=medium
+
+ * Set our subuid and subgid range to 65536 uids by default.
+ * Patch newusers to not add subuids and subgids to system users.
+ * Patch useradd to not add subuids and subgids to system users and to
+ regular users who don't fit between uid_min and uid_max.
+ (This is needed due to adduser not passing --system...)
+
+ -- Stéphane Graber <stgraber at ubuntu.com> Sun, 16 Feb 2014 19:33:48 -0500
+
+shadow (1:4.1.5.1-1ubuntu8) trusty; urgency=medium
+
+ * Fix postinst to create subuid and subgid when missing as those won't
+ get created by usermod or any of the other tools.
+
+ -- Stéphane Graber <stgraber at ubuntu.com> Fri, 17 Jan 2014 16:15:13 -0500
+
+shadow (1:4.1.5.1-1ubuntu7) trusty; urgency=medium
+
+ * Don't ship subuid/subgid as conffiles as that'll just cause problems
+ on upgrades. Instead simply touch them if they're not already present.
+
+ -- Stéphane Graber <stgraber at ubuntu.com> Sun, 12 Jan 2014 12:59:46 -0500
+
+shadow (1:4.1.5.1-1ubuntu6) saucy; urgency=low
+
+ * debian/patches/496_su_kill_process_group: Kill the child process group,
+ rather than just the immediate child; this is needed now that su no
+ longer starts a controlling terminal when not running an interactive
+ shell (closes: #713979).
+
+ -- Colin Watson <cjwatson at ubuntu.com> Fri, 26 Jul 2013 16:55:52 +0100
+
+shadow (1:4.1.5.1-1ubuntu5) saucy; urgency=low
+
+ [ Serge Hallyn ]
+ * debian/patches/userns: patches from Eric Biederman to enable use of
+ subuids, plus some bugfix patches on top of them. (LP: #1192864)
+ * passwd.install: add new manpages
+ * debian/control, debian/uidmap.install: create new uidmap package
+ containing the new setuid-root binaries newuidmap and newgidmap
+ * debian/subuid, debian/rules: install a default /etc/subuid and /etc/subgid
+ * debian/patches/userns/16_add-argument-sanity-checking.patch: address
+ three sanity checking concerns brought up by sarnold at
+ http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2013-June/ \
+ 009752.html.
+
+ -- Dmitrijs Ledkovs <dmitrij.ledkov at ubuntu.com> Fri, 28 Jun 2013 11:31:51 +0100
+
+shadow (1:4.1.5.1-1ubuntu4) raring; urgency=low
+
+ * Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
+ /etc/update-motd.d/* scripts twice (LP: #1169558).
+
+ -- Colin Watson <cjwatson at ubuntu.com> Thu, 18 Apr 2013 01:01:45 +0100
+
+shadow (1:4.1.5.1-1ubuntu3) raring; urgency=low
+
+ * Install upstart job by-hand, instead of using dh_installinit to avoid
+ dependency on upstart-job.
+
+ -- Dmitrijs Ledkovs <dmitrij.ledkov at ubuntu.com> Mon, 18 Mar 2013 03:23:31 +0000
+
+shadow (1:4.1.5.1-1ubuntu2) raring; urgency=low
+
+ * Revert build-dependency from gettext:any to gettext, now that gettext is
+ Multi-Arch: foreign.
+
+ -- Colin Watson <cjwatson at ubuntu.com> Thu, 29 Nov 2012 15:27:11 +0000
+
+shadow (1:4.1.5.1-1ubuntu1) raring; urgency=low
+
+ * The "Yorkshire Blue" release.
+ * Merge from Debian unstable. Remaining changes:
+ - debian/passwd.upstart: Add an upstrat job to clear locks on
+ [shadow-]passwd/group. (LP: #523896).
+ - Build-depend on gettext:any for cross-building support.
+ - Allow LXC devices (lxc/console, lxc/tty[1234]) that we'll start using
+ in LXC with Precise.
+ - debian/login.defs:
+ + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+ handling does not only apply to "former (pre-PAM) uses".
+ + Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify
+ this default for UPGs. (Closes: #583971)
+ - debian/{source_shadow.py,rules}: Add apport hook
+ - debian/patches/495_stdout-encrypted-password: chpasswd can report
+ password hashes on stdout (Debian bug 505640).
+
+ * Dropped changes, merged in Debian:
+ - Fix case of ttyAMA0-3 devices and move them near the ttyAM0-15 ones;
+ Debian #544184; fixes console on Vexpress boards (e.g. in QEMU).
+ - use SHA512 by default for password crypt routine.
+ - debian/rules: fix FTBFS from newer libtools
+ - Mark passwd Multi-Arch: foreign.
+
+ -- Dmitrijs Ledkovs <dmitrij.ledkov at ubuntu.com> Tue, 23 Oct 2012 09:59:19 +0100
+
shadow (1:4.1.5.1-1) unstable; urgency=low
* The "Gruyère" release.
@@ -872,6 +1654,68 @@ shadow (1:4.1.5-1) unstable; urgency=low
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Sun, 12 Feb 2012 22:27:03 +0100
+shadow (1:4.1.4.2+svn3283-3ubuntu7) quantal; urgency=low
+
+ * debian/passwd.upstart: Add an upstrat job to clear locks on
+ [shadow-]passwd/group. (LP: #523896).
+
+ -- Dmitrijs Ledkovs <dmitrij.ledkov at ubuntu.com> Fri, 31 Aug 2012 13:00:33 +0100
+
+shadow (1:4.1.4.2+svn3283-3ubuntu6) quantal; urgency=low
+
+ * debian/source_shadow.py: Fix compatibility with python3. Thanks Edward
+ Donovan! (LP: #1013171)
+
+ -- Martin Pitt <martin.pitt at ubuntu.com> Mon, 18 Jun 2012 15:09:54 +0200
+
+shadow (1:4.1.4.2+svn3283-3ubuntu5) precise; urgency=low
+
+ * Build-depend on gettext:any for cross-building support.
+
+ -- Colin Watson <cjwatson at ubuntu.com> Mon, 09 Apr 2012 00:28:03 +0100
+
+shadow (1:4.1.4.2+svn3283-3ubuntu4) precise; urgency=low
+
+ * Allow LXC devices (lxc/console, lxc/tty[1234]) that we'll start using
+ in LXC with Precise.
+
+ -- Stéphane Graber <stgraber at ubuntu.com> Fri, 10 Feb 2012 15:34:05 -0500
+
+shadow (1:4.1.4.2+svn3283-3ubuntu3) precise; urgency=low
+
+ * Fix case of ttyAMA0-3 devices and move them near the ttyAM0-15 ones;
+ Debian #544184; fixes console on Vexpress boards (e.g. in QEMU).
+
+ -- Loïc Minier <loic.minier at ubuntu.com> Wed, 30 Nov 2011 22:47:47 +0100
+
+shadow (1:4.1.4.2+svn3283-3ubuntu2) oneiric; urgency=low
+
+ * debian/login.defs:
+ - Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
+ handling does not only apply to "former (pre-PAM) uses".
+ - Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify
+ this default for UPGs. (Closes: #583971)
+
+ -- Martin Pitt <martin.pitt at ubuntu.com> Fri, 24 Jun 2011 11:07:34 +0200
+
+shadow (1:4.1.4.2+svn3283-3ubuntu1) natty; urgency=low
+
+ * The "string cheese" release.
+ * Merge from Debian unstable. Remaining changes:
+ - Ubuntu specific:
+ + debian/login.defs: use SHA512 by default for password crypt routine.
+ - debian/{source_shadow.py,rules}: Add apport hook
+ - debian/rules: fix FTBFS from newer libtools
+ - debian/patches/495_stdout-encrypted-password: chpasswd can report
+ password hashes on stdout (Debian bug 505640).
+ * Dropped changes, merged in Debian:
+ - debian/patches/300_CVE-2011-0721: reject newlines in GECOS updates.
+ - CVE-2011-0721
+ * Mark passwd Multi-Arch: foreign, so packages that aren't of the same
+ arch can depend on it.
+
+ -- Steve Langasek <steve.langasek at ubuntu.com> Sun, 20 Feb 2011 15:59:15 -0800
+
shadow (1:4.1.4.2+svn3283-3) unstable; urgency=high
* The "Trappe d'Echourgnac" release.
@@ -882,6 +1726,34 @@ shadow (1:4.1.4.2+svn3283-3) unstable; u
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Sun, 13 Feb 2011 23:20:05 +0100
+shadow (1:4.1.4.2+svn3283-2ubuntu3) natty; urgency=low
+
+ * SECURITY UPDATE: could inject NIS groups memberships into /etc/passwd.
+ - debian/patches/300_CVE-2011-0721: reject newlines in GECOS updates.
+ - CVE-2011-0721
+
+ -- Kees Cook <kees at ubuntu.com> Tue, 15 Feb 2011 13:57:01 -0800
+
+shadow (1:4.1.4.2+svn3283-2ubuntu2) natty; urgency=low
+
+ * debian/patches/495_stdout-encrypted-password: adjust patch for changes
+ in src/chpasswd.c to fix FTBFS
+
+ -- Oliver Grawert <ogra at ubuntu.com> Tue, 04 Jan 2011 15:48:49 +0100
+
+shadow (1:4.1.4.2+svn3283-2ubuntu1) natty; urgency=low
+
+ * Merge from debian unstable. Remaining changes:
+ - Ubuntu specific:
+ + debian/login.defs: use SHA512 by default for password crypt routine.
+ - debian/{source_shadow.py,rules}: Add apport hook
+ - debian/rules: fix FTBFS from newer libtools
+ - debian/patches/495_stdout-encrypted-password: chpasswd can report
+ password hashes on stdout (Debian bug 505640).
+ - Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.
+
+ -- Oliver Grawert <ogra at ubuntu.com> Wed, 24 Nov 2010 13:42:42 +0100
+
shadow (1:4.1.4.2+svn3283-2) unstable; urgency=low
* The "Bleu du Vercors-Sassenage" release.
@@ -953,6 +1825,32 @@ shadow (1:4.1.4.2+svn3283-1) unstable; u
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Sun, 29 Aug 2010 21:14:12 +0200
+shadow (1:4.1.4.2-1ubuntu3) maverick; urgency=low
+
+ * add ttyO0-3 to debian/securetty.linux, if OMAP kernels are built with
+ TI's DMA-offloaded driver instead of the default 8250 one the serial tty's
+ are called like that (LP: #512845).
+
+ -- Oliver Grawert <ogra at ubuntu.com> Tue, 31 Aug 2010 14:45:17 +0200
+
+shadow (1:4.1.4.2-1ubuntu2) lucid; urgency=low
+
+ * debian/{source_shadow.py,rules}: Add apport hook
+ * debian/rules: fix FTBFS from newer libtools
+
+ -- Marc Deslauriers <marc.deslauriers at ubuntu.com> Tue, 26 Jan 2010 08:54:59 -0500
+
+shadow (1:4.1.4.2-1ubuntu1) lucid; urgency=low
+
+ * Merged with debian unstable. Remaning changes (LP: #477299):
+ - Ubuntu specific:
+ + debian/login.defs: use SHA512 by default for password crypt routine.
+ - debian/patches/495_stdout-encrypted-password: chpasswd can report
+ password hashes on stdout (Debian bug 505640).
+ - Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.
+
+ -- Nicolas Valcárcel Scerpella (Canonical) <nvalcarcel at canonical.com> Sat, 07 Nov 2009 04:55:18 -0500
+
shadow (1:4.1.4.2-1) unstable; urgency=low
* The "Tome des Bauges" release.
@@ -980,6 +1878,25 @@ shadow (1:4.1.4.2-1) unstable; urgency=l
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Fri, 24 Jul 2009 05:03:23 +0200
+shadow (1:4.1.4.1-1ubuntu2) karmic; urgency=low
+
+ * debian/securetty.linux: also list ttyS2 and ttyS3; beagleboard uses ttyS2
+ as serial port.
+
+ -- Loïc Minier <loic.minier at ubuntu.com> Fri, 31 Jul 2009 15:34:56 +0200
+
+shadow (1:4.1.4.1-1ubuntu1) karmic; urgency=low
+
+ * Resynchronise with Debian. Remaining changes:
+ - Ubuntu specific:
+ + debian/login.defs: use SHA512 by default for password crypt routine.
+ - debian/patches/495_stdout-encrypted-password: chpasswd can report
+ password hashes on stdout (Debian bug 505640).
+ * Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.
+ It's looking a bit ugly now ...
+
+ -- Colin Watson <cjwatson at ubuntu.com> Wed, 03 Jun 2009 11:16:51 +0100
+
shadow (1:4.1.4.1-1) unstable; urgency=low
* The "Chevrotin" release.
@@ -1067,6 +1984,21 @@ shadow (1:4.1.4-1) unstable; urgency=low
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Mon, 11 May 2009 00:25:11 +0200
+shadow (1:4.1.3.1-1ubuntu1) karmic; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - Ubuntu specific:
+ + debian/login.defs: use SHA512 by default for password crypt routine.
+ - debian/patches/stdout-encrypted-password.patch: chpasswd can report
+ password hashes on stdout (debian bug 505640).
+ - debian/login.pam: Enable SELinux support (debian bug 527106).
+ - debian/securetty.linux: support Freescale MX-series (debian bug 527095).
+ * Add debian/patches/300_lastlog_failure: fixed upstream (debian bug 524873).
+ * Drop debian/patches/593_omit_lastchange_field_if_clock_is_misset: fixed
+ upstream.
+
+ -- Kees Cook <kees at ubuntu.com> Tue, 05 May 2009 09:45:21 -0700
+
shadow (1:4.1.3.1-1) unstable; urgency=low
* The "Le Puant Macéré" release.
@@ -1162,6 +2094,108 @@ shadow (1:4.1.3-1) unstable; urgency=low
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Tue, 14 Apr 2009 23:33:22 +0200
+shadow (1:4.1.1-6ubuntu6) jaunty; urgency=low
+
+ * debian/login.preinst: fix typo in grep (LP: #354887).
+
+ -- Kees Cook <kees at ubuntu.com> Fri, 03 Apr 2009 22:12:07 -0700
+
+shadow (1:4.1.1-6ubuntu5) jaunty; urgency=low
+
+ * debian/login.preinst: add special-case handling to restore the
+ original white-space in /etc/login.defs that is changed by
+ system-tools-backends (LP: #316756).
+
+ -- Kees Cook <kees at ubuntu.com> Fri, 03 Apr 2009 14:33:43 -0700
+
+shadow (1:4.1.1-6ubuntu4) jaunty; urgency=low
+
+ * debian/patches/593_omit_lastchange_field_if_clock_is_misset (LP: #349504)
+ - If the system clock is set to Jan 01, 1970, and a new user is created
+ the last changed field gets set to 0, which tells login that the
+ password is expired and must be changed. During installation,
+ this can cause autologin to fail. Having the clock set to 01/01/1970
+ on a fresh install is common on the ARM architecture, so this is a high
+ priority bug since its likely to affect most ARM users on first install
+
+ -- Michael Casadevall <mcasadevall at ubuntu.com> Thu, 02 Apr 2009 14:05:31 -0400
+
+shadow (1:4.1.1-6ubuntu3) jaunty; urgency=low
+
+ [ Bryan McLellan ]
+ * Don't do the vm-builder root password check on fresh installations
+ (LP: #340841).
+
+ -- Colin Watson <cjwatson at ubuntu.com> Tue, 17 Mar 2009 13:32:55 +0000
+
+shadow (1:4.1.1-6ubuntu2) jaunty; urgency=low
+
+ * debian/securetty.linux (LP: #316841)
+ - Updated securetty support for Freescale MX-series boards
+
+ -- Michael Casadevall <sonicmctails at gmail.com> Tue, 13 Jan 2009 12:56:38 -0500
+
+shadow (1:4.1.1-6ubuntu1) jaunty; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - Ubuntu specific:
+ + debian/login.pam: Enable SELinux support in login.pam.
+ + debian/rules: regenerate autoconf to avoid libtool-caused FTBFS.
+ + debian/login.defs: use SHA512 by default for password crypt routine.
+ + debian/passwd.postinst: disable the root password for virtual
+ machines created with vm-builder on Ubuntu 8.10.
+ - debian/patches/stdout-encrypted-password.patch: allow chpasswd to
+ report encrypted passwords to stdout for tools needing encrypted
+ passwords (debian bug 505640).
+
+ -- Kees Cook <kees at ubuntu.com> Mon, 08 Dec 2008 00:44:46 -0800
+
+shadow (1:4.1.1-6) unstable; urgency=medium
+
+ * The "Rollot" release.
+ * debian/patches/303_login_symlink_attack: Fix a race condition that could
+ lead to gaining ownership or changing mode of arbitrary files.
+ Closes: #505271
+ * debian/patches/304_su.1_synopsis: Fix the su synopsis. username is
+ referenced in the manpage, not LOGIN. Closes: #501830
+ * debian/patches/305_login.1_japanese: Fix the path of the utmp and wtmp
+ files. Closes: #501353
+
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Fri, 14 Nov 2008 21:52:42 +0100
+
+shadow (1:4.1.1-5ubuntu3) jaunty; urgency=low
+
+ * disable the root password for virtual machines created with vm-builder
+ on Ubuntu 8.10. (LP: #296841)
+
+ -- Jamie Strandboge <jamie at ubuntu.com> Thu, 13 Nov 2008 20:32:42 -0600
+
+shadow (1:4.1.1-5ubuntu2) jaunty; urgency=low
+
+ * debian/login.defs: use SHA512 by default for password crypt routine
+ (LP: #51551, currently Ubuntu specific).
+ * debian/patches/stdout-encrypted-password.patch: allow chpasswd to report
+ encrypted passwords to stdout for tools needing encrypted passwords
+ (debian bug 505640).
+ * debian/rules: regenerate autoconf to avoid libtool-caused FTBFS.
+
+ -- Kees Cook <kees at ubuntu.com> Thu, 13 Nov 2008 16:43:48 -0800
+
+shadow (1:4.1.1-5ubuntu1) jaunty; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - debian/login.pam: Enable SELinux support in login.pam.
+
+ -- Scott James Remnant <scott at ubuntu.com> Wed, 05 Nov 2008 07:26:43 +0000
+
+shadow (1:4.1.1-5) unstable; urgency=low
+
+ * The "Bergues" release.
+ * debian/login.pam: restore the Etch behavior of pam_securetty.so in case of
+ unknown user. Closes: #443322, #495831
+
+ -- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Sun, 14 Sep 2008 19:13:34 +0200
+
shadow (1:4.1.1-4) unstable; urgency=low
* The "Rocamadour" release.
@@ -1239,6 +2273,13 @@ shadow (1:4.1.1-2) unstable; urgency=low
-- Nicolas FRANCOIS (Nekral) <nicolas.francois at centraliens.net> Fri, 13 Jun 2008 01:27:16 +0200
+shadow (1:4.1.1-1ubuntu1) intrepid; urgency=low
+
+ * Merge from debian unstable, remaining changes:
+ - debian/login.pam: Enable SELinux support in login.pam.
+
+ -- Kees Cook <kees at ubuntu.com> Mon, 09 Jun 2008 10:08:38 -0700
+
shadow (1:4.1.1-1) unstable; urgency=low
* New upstream release. This closes the following bugs:
@@ -1364,6 +2405,20 @@ shadow (1:4.1.0-1) unstable; urgency=low
-- Christian Perrier <bubulle at debian.org> Sat, 12 Jan 2008 20:40:02 +0100
+shadow (1:4.0.18.2-1ubuntu2) hardy; urgency=low
+
+ * Add 498_make_useradd_faster_with_ldap: make useradd faster when
+ nsswitch uses LDAP or some other remote names database (LP: #120015),
+ thanks to Vince Busam.
+
+ -- Matt T. Proud <mtp at google.com> Fri, 08 Feb 2008 18:30:51 -0800
+
+shadow (1:4.0.18.2-1ubuntu1) hardy; urgency=low
+
+ * debian/login.pam: Enable SELinux support in login.pam (LP: #191326).
+
+ -- Caleb Case <ccase at tresys.com> Fri, 08 Feb 2008 02:20:06 -0500
+
shadow (1:4.0.18.2-1) unstable; urgency=low
* The "Vacherin" release.
diff -pruN 1:4.16.0-7/debian/control 1:4.16.0-7ubuntu1/debian/control
--- 1:4.16.0-7/debian/control 2024-12-06 12:51:40.000000000 +0000
+++ 1:4.16.0-7ubuntu1/debian/control 2024-12-02 11:39:54.000000000 +0000
@@ -1,5 +1,6 @@
Source: shadow
-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
+Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
+XSBC-Original-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
Uploaders:
Serge Hallyn <serge at hallyn.com>,
Chris Hofstaedtler <zeha at debian.org>
diff -pruN 1:4.16.0-7/debian/login.defs.install 1:4.16.0-7ubuntu1/debian/login.defs.install
--- 1:4.16.0-7/debian/login.defs.install 2024-12-06 12:51:40.000000000 +0000
+++ 1:4.16.0-7ubuntu1/debian/login.defs.install 2024-12-02 11:39:54.000000000 +0000
@@ -1 +1,2 @@
+debian/source_shadow.py usr/share/apport/package-hooks
etc/login.defs etc
diff -pruN 1:4.16.0-7/debian/patches/1010_extrausers.patch 1:4.16.0-7ubuntu1/debian/patches/1010_extrausers.patch
--- 1:4.16.0-7/debian/patches/1010_extrausers.patch 1970-01-01 00:00:00.000000000 +0000
+++ 1:4.16.0-7ubuntu1/debian/patches/1010_extrausers.patch 2024-12-02 11:39:54.000000000 +0000
@@ -0,0 +1,309 @@
+From 0b219c349416c83559ea75b6cae953d6690a7198 Mon Sep 17 00:00:00 2001
+From: Michael Terry <michael.terry at canonical.com>
+Date: Tue, 16 Jul 2024 19:02:19 +0200
+Subject: [PATCH] Add support to passwd for updating libnss-extrausers
+ locations
+
+---
+ lib/commonio.c | 2 ++
+ lib/defines.h | 8 ++++++
+ src/passwd.c | 65 ++++++++++++++++++++++++++++++++++++++++-
+ src/usermod.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++
+ 4 files changed, 152 insertions(+), 1 deletion(-)
+
+--- a/lib/commonio.c
++++ b/lib/commonio.c
+@@ -388,6 +388,7 @@
+ int i;
+
+ #ifdef HAVE_LCKPWDF
++ if (strncmp(db->filename, "/etc/", 5) == 0) {
+ /*
+ * Only if the system libc has a real lckpwdf() - the one from
+ * lockpw.c calls us and would cause infinite recursion!
+@@ -417,6 +418,7 @@
+ ulckpwdf ();
+ return 0; /* failure */
+ }
++ } /* strncmp(db->filename, "/etc/", 5) == 0 */
+ #endif /* !HAVE_LCKPWDF */
+
+ /*
+--- a/lib/defines.h
++++ b/lib/defines.h
+@@ -161,6 +161,14 @@
+ #define SHADOW_FILE "/etc/shadow"
+ #endif
+
++#ifndef EXTRAUSERS_PASSWD_FILE
++#define EXTRAUSERS_PASSWD_FILE "/var/lib/extrausers/passwd"
++#endif
++
++#ifndef EXTRAUSERS_SHADOW_FILE
++#define EXTRAUSERS_SHADOW_FILE "/var/lib/extrausers/shadow"
++#endif
++
+ #ifndef SUBUID_FILE
+ #define SUBUID_FILE "/etc/subuid"
+ #endif
+--- a/src/passwd.c
++++ b/src/passwd.c
+@@ -551,8 +551,15 @@
+ {
+ const struct passwd *pw;
+ struct passwd *npw;
++ bool try_extrausers = strcmp (pw_dbname (), EXTRAUSERS_PASSWD_FILE) != 0 &&
++ access (EXTRAUSERS_PASSWD_FILE, F_OK) == 0;
+
+ if (pw_lock () == 0) {
++ if (try_extrausers) {
++ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++ update_noshadow ();
++ return;
++ }
+ (void) fprintf (stderr,
+ _("%s: cannot lock %s; try again later.\n"),
+ Prog, pw_dbname ());
+@@ -560,6 +567,20 @@
+ }
+ pw_locked = true;
+ if (pw_open (O_CREAT | O_RDWR) == 0) {
++ if (try_extrausers) {
++ if (pw_unlock () == 0) {
++ (void) fprintf (stderr,
++ _("%s: failed to unlock %s\n"),
++ Prog, pw_dbname ());
++ SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
++ /* continue */
++ }
++ pw_locked = false;
++
++ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++ update_noshadow ();
++ return;
++ }
+ (void) fprintf (stderr,
+ _("%s: cannot open %s\n"),
+ Prog, pw_dbname ());
+@@ -568,6 +589,21 @@
+ }
+ pw = pw_locate (name);
+ if (NULL == pw) {
++ if (try_extrausers) {
++ (void) pw_close ();
++ if (pw_unlock () == 0) {
++ (void) fprintf (stderr,
++ _("%s: failed to unlock %s\n"),
++ Prog, pw_dbname ());
++ SYSLOG ((LOG_ERR, "failed to unlock %s", pw_dbname ()));
++ /* continue */
++ }
++ pw_locked = false;
++
++ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++ update_noshadow ();
++ return;
++ }
+ (void) fprintf (stderr,
+ _("%s: user '%s' does not exist in %s\n"),
+ Prog, name, pw_dbname ());
+@@ -605,8 +641,15 @@
+ {
+ const struct spwd *sp;
+ struct spwd *nsp;
++ bool try_extrausers = strcmp (spw_dbname (), EXTRAUSERS_SHADOW_FILE) != 0 &&
++ access (EXTRAUSERS_SHADOW_FILE, F_OK) == 0;
+
+ if (spw_lock () == 0) {
++ if (try_extrausers) {
++ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++ update_shadow ();
++ return;
++ }
+ (void) fprintf (stderr,
+ _("%s: cannot lock %s; try again later.\n"),
+ Prog, spw_dbname ());
+@@ -614,6 +657,20 @@
+ }
+ spw_locked = true;
+ if (spw_open (O_CREAT | O_RDWR) == 0) {
++ if (try_extrausers) {
++ if (spw_unlock () == 0) {
++ (void) fprintf (stderr,
++ _("%s: failed to unlock %s\n"),
++ Prog, spw_dbname ());
++ SYSLOG ((LOG_ERR, "failed to unlock %s", spw_dbname ()));
++ /* continue */
++ }
++ spw_locked = false;
++
++ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++ update_shadow ();
++ return;
++ }
+ (void) fprintf (stderr,
+ _("%s: cannot open %s\n"),
+ Prog, spw_dbname ());
+@@ -624,7 +681,9 @@
+ if (NULL == sp) {
+ /* Try to update the password in /etc/passwd instead. */
+ (void) spw_close ();
+- update_noshadow ();
++ if (!try_extrausers) {
++ update_noshadow ();
++ }
+ if (spw_unlock () == 0) {
+ (void) fprintf (stderr,
+ _("%s: failed to unlock %s\n"),
+@@ -633,6 +692,10 @@
+ /* continue */
+ }
+ spw_locked = false;
++ if (try_extrausers) {
++ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++ update_shadow ();
++ }
+ return;
+ }
+ nsp = __spw_dup (sp);
+--- a/src/usermod.c
++++ b/src/usermod.c
+@@ -1586,7 +1586,18 @@
+ */
+ static void open_files (void)
+ {
++ bool try_extrausers = strcmp (pw_dbname (), EXTRAUSERS_PASSWD_FILE) != 0 &&
++ access (EXTRAUSERS_PASSWD_FILE, F_OK) == 0;
++
+ if (pw_lock () == 0) {
++ if (try_extrausers) {
++ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++ gr_setdbname (EXTRAUSERS_GROUP_FILE);
++ sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE);
++ open_files ();
++ return;
++ }
+ fprintf (stderr,
+ _("%s: cannot lock %s; try again later.\n"),
+ Prog, pw_dbname ());
+@@ -1594,12 +1605,29 @@
+ }
+ pw_locked = true;
+ if (pw_open (O_CREAT | O_RDWR) == 0) {
++ if (try_extrausers) {
++ pw_unlock ();
++ pw_locked = false;
++ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++ open_files ();
++ return;
++ }
+ fprintf (stderr,
+ _("%s: cannot open %s\n"),
+ Prog, pw_dbname ());
+ fail_exit (E_PW_UPDATE);
+ }
+ if (is_shadow_pwd && (spw_lock () == 0)) {
++ if (try_extrausers) {
++ pw_close ();
++ pw_unlock ();
++ pw_locked = false;
++ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++ open_files ();
++ return;
++ }
+ fprintf (stderr,
+ _("%s: cannot lock %s; try again later.\n"),
+ Prog, spw_dbname ());
+@@ -1607,6 +1635,17 @@
+ }
+ spw_locked = true;
+ if (is_shadow_pwd && (spw_open (O_CREAT | O_RDWR) == 0)) {
++ if (try_extrausers) {
++ pw_close ();
++ pw_unlock ();
++ spw_unlock ();
++ pw_locked = false;
++ spw_locked = false;
++ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++ open_files ();
++ return;
++ }
+ fprintf (stderr,
+ _("%s: cannot open %s\n"),
+ Prog, spw_dbname ());
+@@ -1619,6 +1658,14 @@
+ * group entries.
+ */
+ if (gr_lock () == 0) {
++ if (try_extrausers) {
++ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++ gr_setdbname (EXTRAUSERS_GROUP_FILE);
++ sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE);
++ open_files ();
++ return;
++ }
+ fprintf (stderr,
+ _("%s: cannot lock %s; try again later.\n"),
+ Prog, gr_dbname ());
+@@ -1626,6 +1673,16 @@
+ }
+ gr_locked = true;
+ if (gr_open (O_CREAT | O_RDWR) == 0) {
++ if (try_extrausers) {
++ gr_unlock ();
++ gr_locked = false;
++ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++ gr_setdbname (EXTRAUSERS_GROUP_FILE);
++ sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE);
++ open_files ();
++ return;
++ }
+ fprintf (stderr,
+ _("%s: cannot open %s\n"),
+ Prog, gr_dbname ());
+@@ -1633,6 +1690,16 @@
+ }
+ #ifdef SHADOWGRP
+ if (is_shadow_grp && (sgr_lock () == 0)) {
++ if (try_extrausers) {
++ gr_unlock ();
++ gr_locked = false;
++ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++ gr_setdbname (EXTRAUSERS_GROUP_FILE);
++ sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE);
++ open_files ();
++ return;
++ }
+ fprintf (stderr,
+ _("%s: cannot lock %s; try again later.\n"),
+ Prog, sgr_dbname ());
+@@ -1695,11 +1762,22 @@
+ struct spwd spent;
+ const struct spwd *spwd = NULL;
+
++ bool try_extrausers = strcmp (pw_dbname (), EXTRAUSERS_PASSWD_FILE) != 0 &&
++ access (EXTRAUSERS_PASSWD_FILE, F_OK) == 0;
++
+ /*
+ * Locate the entry in /etc/passwd, which MUST exist.
+ */
+ pwd = pw_locate (user_name);
+ if (NULL == pwd) {
++ if (try_extrausers) {
++ close_files ();
++ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++ open_files ();
++ usr_update ();
++ return;
++ }
+ fprintf (stderr,
+ _("%s: user '%s' does not exist in %s\n"),
+ Prog, user_name, pw_dbname ());
diff -pruN 1:4.16.0-7/debian/patches/1011_extrausers_toggle.patch 1:4.16.0-7ubuntu1/debian/patches/1011_extrausers_toggle.patch
--- 1:4.16.0-7/debian/patches/1011_extrausers_toggle.patch 1970-01-01 00:00:00.000000000 +0000
+++ 1:4.16.0-7ubuntu1/debian/patches/1011_extrausers_toggle.patch 2024-12-02 11:39:54.000000000 +0000
@@ -0,0 +1,155 @@
+From 3e666cdc68c222145f592d65c8568a08ad0e99cb Mon Sep 17 00:00:00 2001
+From: Hector Cao <hector.cao at canonical.com>
+Date: Tue, 16 Jul 2024 19:40:08 +0200
+Subject: [PATCH] extrausers support toogle
+
+---
+ lib/defines.h | 16 ++++++++++++++++
+ src/groupadd.c | 22 ++++++++++++++++++++++
+ src/useradd.c | 23 +++++++++++++++++++++++
+ 3 files changed, 61 insertions(+)
+
+--- a/lib/defines.h
++++ b/lib/defines.h
+@@ -169,6 +169,22 @@
+ #define EXTRAUSERS_SHADOW_FILE "/var/lib/extrausers/shadow"
+ #endif
+
++#ifndef EXTRAUSERS_GROUP_FILE
++#define EXTRAUSERS_GROUP_FILE "/var/lib/extrausers/group"
++#endif
++
++#ifndef EXTRAUSERS_SHADOWGROUP_FILE
++#define EXTRAUSERS_SHADOWGROUP_FILE "/var/lib/extrausers/gshadow"
++#endif
++
++#ifndef EXTRAUSERS_SUBUID_FILE
++#define EXTRAUSERS_SUBUID_FILE "/var/lib/extrausers/subuid"
++#endif
++
++#ifndef EXTRAUSERS_SUBGID_FILE
++#define EXTRAUSERS_SUBGID_FILE "/var/lib/extrausers/subgid"
++#endif
++
+ #ifndef SUBUID_FILE
+ #define SUBUID_FILE "/etc/subuid"
+ #endif
+--- a/src/groupadd.c
++++ b/src/groupadd.c
+@@ -86,6 +86,12 @@
+ static void check_flags (void);
+ static void check_perms (void);
+
++#ifndef EXTRAUSERS_OPT
++#define EXTRAUSERS_OPT 100000
++#endif
++
++static bool use_extrausers = false;
++
+ /*
+ * usage - display usage message and exit
+ */
+@@ -111,6 +117,7 @@
+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
+ (void) fputs (_(" -P, --prefix PREFIX_DIR directory prefix\n"), usageout);
+ (void) fputs (_(" -U, --users USERS list of user members of this group\n"), usageout);
++ (void) fputs (_(" --extrausers Use the extra users database\n"), usageout);
+ (void) fputs ("\n", usageout);
+ exit (status);
+ }
+@@ -385,12 +392,16 @@
+ {"root", required_argument, NULL, 'R'},
+ {"prefix", required_argument, NULL, 'P'},
+ {"users", required_argument, NULL, 'U'},
++ {"extrausers", no_argument, NULL, EXTRAUSERS_OPT},
+ {NULL, 0, NULL, '\0'}
+ };
+
+ while ((c = getopt_long (argc, argv, "fg:hK:op:rR:P:U:",
+ long_options, NULL)) != -1) {
+ switch (c) {
++ case EXTRAUSERS_OPT:
++ use_extrausers = true;
++ break;
+ case 'f':
+ /*
+ * "force" - do nothing, just exit(0), if the
+@@ -606,7 +617,18 @@
+ exit(1);
+ }
+
++ if (use_extrausers) {
++ fprintf (stderr, "ENTER EXTRAUSERS_GROUP_FILE");
++ gr_setdbname (EXTRAUSERS_GROUP_FILE);
++ fprintf (stderr, "EXIT EXTRAUSERS_GROUP_FILE");
++ }
++
+ #ifdef SHADOWGRP
++ if (use_extrausers) {
++ fprintf (stderr, "ENTER EXTRAUSERS_SHADOWGROUP_FILE");
++ sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE);
++ fprintf (stderr, "EXIT EXTRAUSERS_SHADOWGROUP_FILE");
++ }
+ is_shadow_grp = sgr_file_present ();
+ #endif
+
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -147,6 +147,12 @@
+
+ extern int allow_bad_names;
+
++#ifndef EXTRAUSERS_OPT
++#define EXTRAUSERS_OPT 100000
++#endif
++
++static bool use_extrausers = false;
++
+ static bool
+ bflg = false, /* new default root of home directory */
+ cflg = false, /* comment (GECOS) field for new account */
+@@ -937,6 +943,7 @@
+ (void) fputs (_(" -Z, --selinux-user SEUSER use a specific SEUSER for the SELinux user mapping\n"), usageout);
+ (void) fputs (_(" --selinux-range SERANGE use a specific MLS range for the SELinux user mapping\n"), usageout);
+ #endif /* WITH_SELINUX */
++ (void) fputs (_(" --extrausers Use the extra users database\n"), usageout);
+ (void) fputs ("\n", usageout);
+ exit (status);
+ }
+@@ -1212,6 +1219,7 @@
+ {"selinux-user", required_argument, NULL, 'Z'},
+ {"selinux-range", required_argument, NULL, 202},
+ #endif /* WITH_SELINUX */
++ {"extrausers", no_argument, NULL, EXTRAUSERS_OPT},
+ {NULL, 0, NULL, '\0'}
+ };
+ while ((c = getopt_long (argc, argv,
+@@ -1225,6 +1233,9 @@
+ "",
+ long_options, NULL)) != -1) {
+ switch (c) {
++ case EXTRAUSERS_OPT:
++ use_extrausers = true;
++ break;
+ case 'b':
+ if ( ( !VALID (optarg) )
+ || ( optarg[0] != '/' )) {
+@@ -2604,6 +2615,18 @@
+ }
+ }
+
++ if (use_extrausers) {
++ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++ gr_setdbname (EXTRAUSERS_GROUP_FILE);
++ /* TODO expose this information in other tools */
++ sub_uid_setdbname(EXTRAUSERS_SUBUID_FILE);
++ sub_gid_setdbname(EXTRAUSERS_SUBGID_FILE);
++#ifdef SHADOWGRP
++ sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE);
++#endif
++ }
++
+ /*
+ * Do the hard stuff:
+ * - open the files,
diff -pruN 1:4.16.0-7/debian/patches/1012_extrausers_chfn.patch 1:4.16.0-7ubuntu1/debian/patches/1012_extrausers_chfn.patch
--- 1:4.16.0-7/debian/patches/1012_extrausers_chfn.patch 1970-01-01 00:00:00.000000000 +0000
+++ 1:4.16.0-7ubuntu1/debian/patches/1012_extrausers_chfn.patch 2024-12-02 11:39:54.000000000 +0000
@@ -0,0 +1,88 @@
+From a7a677af1134fd5bdc26e74903564f0b2f430520 Mon Sep 17 00:00:00 2001
+From: Michael Vogt <mvo at ubuntu.com>
+Date: Fri, 20 Dec 2019 16:45:51 +0100
+Subject: [PATCH] add support for --extrausers for chfn
+
+This add support for --extrausers to the chfn tool.
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1495580
+
+[Changelog]
+- This patch has been refreshed to fix warning 'implicit function declaration'
+ Hector Cao <hector.cao at canonical.com>
+---
+ src/chfn.c | 29 +++++++++++++++++++++++++++++
+ 1 file changed, 29 insertions(+)
+
+--- a/src/chfn.c
++++ b/src/chfn.c
+@@ -35,6 +35,13 @@
+ #include "string/sprintf.h"
+ #include "string/strtcpy.h"
+
++#include "pwio.h"
++#include "shadowio.h"
++#include "groupio.h"
++#ifdef SHADOWGRP
++#include "sgroupio.h"
++#endif
++#include "subordinateio.h"
+
+ /*
+ * Global variables.
+@@ -54,6 +61,11 @@
+ static bool oflg = false; /* -o - set other information */
+ static bool pw_locked = false;
+
++#ifndef EXTRAUSERS_OPT
++#define EXTRAUSERS_OPT 100000
++#endif
++static bool use_extrausers = false;
++
+ /*
+ * External identifiers
+ */
+@@ -108,6 +120,7 @@
+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
+ (void) fputs (_(" -u, --help display this help message and exit\n"), usageout);
+ (void) fputs (_(" -w, --work-phone WORK_PHONE change user's office phone number\n"), usageout);
++ (void) fputs (_(" --extrausers Use the extra users database\n"), usageout);
+ (void) fputs ("\n", usageout);
+ exit (status);
+ }
+@@ -258,6 +271,7 @@
+ {"root", required_argument, NULL, 'R'},
+ {"help", no_argument, NULL, 'u'},
+ {"work-phone", required_argument, NULL, 'w'},
++ {"extrausers", no_argument, NULL, EXTRAUSERS_OPT},
+ {NULL, 0, NULL, '\0'}
+ };
+
+@@ -271,6 +285,9 @@
+ while ((c = getopt_long (argc, argv, "f:h:o:r:R:uw:",
+ long_options, NULL)) != -1) {
+ switch (c) {
++ case EXTRAUSERS_OPT:
++ use_extrausers = true;
++ break;
+ case 'f':
+ if (!may_change_field ('f')) {
+ fprintf (stderr,
+@@ -643,6 +660,18 @@
+ /* parse the command line options */
+ process_flags (argc, argv);
+
++ if (use_extrausers) {
++ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++ gr_setdbname (EXTRAUSERS_GROUP_FILE);
++ /* TODO expose this information in other tools */
++ sub_uid_setdbname(EXTRAUSERS_SUBUID_FILE);
++ sub_gid_setdbname(EXTRAUSERS_SUBGID_FILE);
++#ifdef SHADOWGRP
++ sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE);
++#endif
++ }
++
+ /*
+ * Get the name of the user to check. It is either the command line
+ * name, or the name getlogin() returns.
diff -pruN 1:4.16.0-7/debian/patches/1013_extrausers_deluser.patch 1:4.16.0-7ubuntu1/debian/patches/1013_extrausers_deluser.patch
--- 1:4.16.0-7/debian/patches/1013_extrausers_deluser.patch 1970-01-01 00:00:00.000000000 +0000
+++ 1:4.16.0-7ubuntu1/debian/patches/1013_extrausers_deluser.patch 2024-12-02 11:39:54.000000000 +0000
@@ -0,0 +1,69 @@
+From: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
+Date: Fri, 20 Dec 2019 16:45:51 +0100
+Subject: _extrausers_deluser
+
+===================================================================
+---
+ src/userdel.c | 23 +++++++++++++++++++++++
+ 1 file changed, 23 insertions(+)
+
+--- a/src/userdel.c
++++ b/src/userdel.c
+@@ -123,6 +123,12 @@
+ static int remove_tcbdir (const char *user_name, uid_t user_id);
+ #endif /* WITH_TCB */
+
++#ifndef EXTRAUSERS_OPT
++#define EXTRAUSERS_OPT 100000
++#endif
++
++static bool use_extrausers = false;
++
+ /*
+ * usage - display usage message and exit
+ */
+@@ -142,6 +148,7 @@
+ (void) fputs (_(" -r, --remove remove home directory and mail spool\n"), usageout);
+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
+ (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
++ (void) fputs (_(" --extrausers Use the extra users database\n"), usageout);
+ #ifdef WITH_SELINUX
+ (void) fputs (_(" -Z, --selinux-user remove any SELinux user mapping for the user\n"), usageout);
+ #endif /* WITH_SELINUX */
+@@ -984,6 +991,7 @@
+ {"remove", no_argument, NULL, 'r'},
+ {"root", required_argument, NULL, 'R'},
+ {"prefix", required_argument, NULL, 'P'},
++ {"extrausers", no_argument, NULL, EXTRAUSERS_OPT},
+ #ifdef WITH_SELINUX
+ {"selinux-user", no_argument, NULL, 'Z'},
+ #endif /* WITH_SELINUX */
+@@ -997,6 +1005,9 @@
+ #endif /* !WITH_SELINUX */
+ long_options, NULL)) != -1) {
+ switch (c) {
++ case EXTRAUSERS_OPT:
++ use_extrausers = true;
++ break;
+ case 'f': /* force remove even if not owned by user */
+ fflg = true;
+ break;
+@@ -1085,6 +1096,18 @@
+ is_sub_gid = sub_gid_file_present ();
+ #endif /* ENABLE_SUBIDS */
+
++ if (use_extrausers) {
++ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++ gr_setdbname (EXTRAUSERS_GROUP_FILE);
++ /* TODO expose this information in other tools */
++ sub_uid_setdbname(EXTRAUSERS_SUBUID_FILE);
++ sub_gid_setdbname(EXTRAUSERS_SUBGID_FILE);
++#ifdef SHADOWGRP
++ sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE);
++#endif
++ }
++
+ /*
+ * Start with a quick check to see if the user exists.
+ */
diff -pruN 1:4.16.0-7/debian/patches/1014_extrausers_delgroup.patch 1:4.16.0-7ubuntu1/debian/patches/1014_extrausers_delgroup.patch
--- 1:4.16.0-7/debian/patches/1014_extrausers_delgroup.patch 1970-01-01 00:00:00.000000000 +0000
+++ 1:4.16.0-7ubuntu1/debian/patches/1014_extrausers_delgroup.patch 2024-12-02 11:39:54.000000000 +0000
@@ -0,0 +1,86 @@
+From b5780df280e812f43c2efaeeab80bf8b01d427e1 Mon Sep 17 00:00:00 2001
+From: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
+Date: Fri, 20 Dec 2019 16:45:51 +0100
+Subject: [PATCH] _extrausers_delgroup
+
+===================================================================
+
+[Changelog]
+ - This patch has been refreshed to fix warning 'implicit function declaration'
+ Hector Cao <hector.cao at canonical.com>
+---
+ src/groupdel.c | 28 ++++++++++++++++++++++++++++
+ 1 file changed, 28 insertions(+)
+
+--- a/src/groupdel.c
++++ b/src/groupdel.c
+@@ -33,6 +33,11 @@
+ #endif
+ #include "shadowlog.h"
+ #include "run_part.h"
++
++#include "pwio.h"
++#include "shadowio.h"
++#include "subordinateio.h"
++
+ /*
+ * Global variables
+ */
+@@ -66,6 +71,12 @@
+ static void group_busy (gid_t gid);
+ static void process_flags (int argc, char **argv);
+
++#ifndef EXTRAUSERS_OPT
++#define EXTRAUSERS_OPT 100000
++#endif
++
++static bool use_extrausers = false;
++
+ /*
+ * usage - display usage message and exit
+ */
+@@ -83,6 +94,7 @@
+ (void) fputs (_(" -R, --root CHROOT_DIR directory to chroot into\n"), usageout);
+ (void) fputs (_(" -P, --prefix PREFIX_DIR prefix directory where are located the /etc/* files\n"), usageout);
+ (void) fputs (_(" -f, --force delete group even if it is the primary group of a user\n"), usageout);
++ (void) fputs (_(" --extrausers Use the extra users database\n"), usageout);
+ (void) fputs ("\n", usageout);
+ exit (status);
+ }
+@@ -303,6 +315,7 @@
+ {"force", no_argument, NULL, 'f'},
+ {"root", required_argument, NULL, 'R'},
+ {"prefix", required_argument, NULL, 'P'},
++ {"extrausers", no_argument, NULL, EXTRAUSERS_OPT},
+ {NULL, 0, NULL, '\0'}
+ };
+
+@@ -319,6 +332,9 @@
+ case 'f':
+ check_group_busy = false;
+ break;
++ case EXTRAUSERS_OPT:
++ use_extrausers = true;
++ break;
+ default:
+ usage (E_USAGE);
+ }
+@@ -441,6 +457,18 @@
+ exit(1);
+ }
+
++ if (use_extrausers) {
++ pw_setdbname (EXTRAUSERS_PASSWD_FILE);
++ spw_setdbname (EXTRAUSERS_SHADOW_FILE);
++ gr_setdbname (EXTRAUSERS_GROUP_FILE);
++ /* TODO expose this information in other tools */
++ sub_uid_setdbname(EXTRAUSERS_SUBUID_FILE);
++ sub_gid_setdbname(EXTRAUSERS_SUBGID_FILE);
++#ifdef SHADOWGRP
++ sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE);
++#endif
++ }
++
+ /*
+ * Do the hard stuff - open the files, delete the group entries,
+ * then close and update the files.
diff -pruN 1:4.16.0-7/debian/patches/1016_extrausers_gpasswd.patch 1:4.16.0-7ubuntu1/debian/patches/1016_extrausers_gpasswd.patch
--- 1:4.16.0-7/debian/patches/1016_extrausers_gpasswd.patch 1970-01-01 00:00:00.000000000 +0000
+++ 1:4.16.0-7ubuntu1/debian/patches/1016_extrausers_gpasswd.patch 2024-12-02 11:39:54.000000000 +0000
@@ -0,0 +1,50 @@
+From cc0cb068263008ab0a5d397f22898f8d5661e580 Mon Sep 17 00:00:00 2001
+From: Marcus Tomlinson <marcus.tomlinson at canonical.com>
+Date: Wed, 21 Oct 2020 13:18:01 +0100
+Subject: [PATCH] add extrausers flag
+
+---
+ src/gpasswd.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+--- a/src/gpasswd.c
++++ b/src/gpasswd.c
+@@ -110,6 +110,10 @@
+ static void log_gpasswd_success_system (/*@null@*/MAYBE_UNUSED void *arg);
+ static void log_gpasswd_success_group (/*@null@*/MAYBE_UNUSED void *arg);
+
++#ifndef EXTRAUSERS_OPT
++#define EXTRAUSERS_OPT 100000
++#endif
++
+ /*
+ * usage - display usage message
+ */
+@@ -128,6 +132,7 @@
+ (void) fputs (_(" -r, --remove-password remove the GROUP's password\n"), usageout);
+ (void) fputs (_(" -R, --restrict restrict access to GROUP to its members\n"), usageout);
+ (void) fputs (_(" -M, --members USER,... set the list of members of GROUP\n"), usageout);
++ (void) fputs (_(" --extrausers use the extra users database\n"), usageout);
+ #ifdef SHADOWGRP
+ (void) fputs (_(" -A, --administrators ADMIN,...\n"
+ " set the list of administrators for GROUP\n"), usageout);
+@@ -225,12 +230,19 @@
+ {"root", required_argument, NULL, 'Q'},
+ {"remove-password", no_argument, NULL, 'r'},
+ {"restrict", no_argument, NULL, 'R'},
++ {"extrausers", no_argument, NULL, EXTRAUSERS_OPT},
+ {NULL, 0, NULL, '\0'}
+ };
+
+ while ((c = getopt_long (argc, argv, "a:A:d:ghM:Q:rR",
+ long_options, NULL)) != -1) {
+ switch (c) {
++ case EXTRAUSERS_OPT:
++ gr_setdbname (EXTRAUSERS_GROUP_FILE);
++#ifdef SHADOWGRP
++ sgr_setdbname (EXTRAUSERS_SHADOWGROUP_FILE);
++#endif
++ break;
+ case 'a': /* add a user */
+ aflg = true;
+ user = optarg;
diff -pruN 1:4.16.0-7/debian/patches/lp2063200/0023-useradd-move-group-validation-after-option-parsing.patch 1:4.16.0-7ubuntu1/debian/patches/lp2063200/0023-useradd-move-group-validation-after-option-parsing.patch
--- 1:4.16.0-7/debian/patches/lp2063200/0023-useradd-move-group-validation-after-option-parsing.patch 1970-01-01 00:00:00.000000000 +0000
+++ 1:4.16.0-7ubuntu1/debian/patches/lp2063200/0023-useradd-move-group-validation-after-option-parsing.patch 2024-12-02 11:39:54.000000000 +0000
@@ -0,0 +1,58 @@
+From: Simon Chopin <simon.chopin at canonical.com>
+Date: Tue, 7 May 2024 16:38:29 +0200
+Subject: useradd: move group validation after option parsing
+
+Other options like extrausers will impact how that validation is done.
+
+V2: Fix unconditional Gflg=true, breaking the -D flag.
+
+Signed-off-by: Simon Chopin <simon.chopin at canonical.com>
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/2063200
+Forwarded: not-needed
+---
+ src/useradd.c | 20 +++++++++++++-------
+ 1 file changed, 13 insertions(+), 7 deletions(-)
+
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -1175,6 +1175,7 @@
+ static void process_flags (int argc, char **argv)
+ {
+ const struct group *grp;
++ char *raw_groups = NULL;
+ bool anyflag = false;
+ char *cp;
+ struct stat st;
+@@ -1350,13 +1351,7 @@
+ gflg = true;
+ break;
+ case 'G':
+- if (get_groups (optarg) != 0) {
+- exit (E_NOTFOUND);
+- }
+- if (NULL != user_groups[0]) {
+- do_grp_update = true;
+- }
+- Gflg = true;
++ raw_groups = xstrdup(optarg);
+ break;
+ case 'h':
+ usage (E_SUCCESS);
+@@ -1482,6 +1477,17 @@
+ }
+ }
+
++ if (raw_groups != NULL) {
++ if (get_groups (raw_groups) != 0) {
++ exit (E_NOTFOUND);
++ }
++ free(raw_groups);
++ if (NULL != user_groups[0]) {
++ do_grp_update = true;
++ }
++ Gflg = true;
++ }
++
+ if (!gflg && !Nflg && !Uflg) {
+ /* Get the settings from login.defs */
+ Uflg = getdef_bool ("USERGROUPS_ENAB");
diff -pruN 1:4.16.0-7/debian/patches/lp2063200/0024-useradd-revert-to-old-group-validation-algorithm-wit.patch 1:4.16.0-7ubuntu1/debian/patches/lp2063200/0024-useradd-revert-to-old-group-validation-algorithm-wit.patch
--- 1:4.16.0-7/debian/patches/lp2063200/0024-useradd-revert-to-old-group-validation-algorithm-wit.patch 1970-01-01 00:00:00.000000000 +0000
+++ 1:4.16.0-7ubuntu1/debian/patches/lp2063200/0024-useradd-revert-to-old-group-validation-algorithm-wit.patch 2024-12-02 11:39:54.000000000 +0000
@@ -0,0 +1,61 @@
+From 70ce868ba29510eff423e844ba37731e6c1eea92 Mon Sep 17 00:00:00 2001
+From: Simon Chopin <simon.chopin at canonical.com>
+Date: Tue, 7 May 2024 16:43:21 +0200
+Subject: [PATCH] useradd: revert to old group validation algorithm with
+ extrausers
+
+The previous way was to directly check that the system has any knowledge
+of the group, without caring about its origin. It has changed to instead
+manually check the local group files, under the assumption that it is
+the only source of local group info, and it doesn't make sense for a
+local user to belong to, say, a LDAP group.
+
+That approach breaks down with our extrausers patch set, as we're
+splitting the local group info in multiple places. To work around this,
+this patch works around the problem by simply reverting to the old
+approach if using the extrausers option.
+
+Signed-off-by: Simon Chopin <simon.chopin at canonical.com>
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/2063200
+Forwarded: not-needed
+---
+ src/useradd.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+--- a/src/useradd.c
++++ b/src/useradd.c
+@@ -776,7 +776,8 @@
+ /*
+ * Open the group files
+ */
+- open_group_files ();
++ if (!use_extrausers)
++ open_group_files ();
+
+ /*
+ * So long as there is some data to be converted, strip off
+@@ -796,7 +797,10 @@
+ * Names starting with digits are treated as numerical
+ * GID values, otherwise the string is looked up as is.
+ */
+- grp = get_local_group (list);
++ if (use_extrausers)
++ grp = prefix_getgr_nam_gid(list);
++ else
++ grp = get_local_group (list);
+
+ /*
+ * There must be a match, either by GID value or by
+@@ -835,8 +839,10 @@
+ gr_free (grp);
+ } while (NULL != list);
+
+- close_group_files ();
+- unlock_group_files ();
++ if (!use_extrausers) {
++ close_group_files ();
++ unlock_group_files ();
++ }
+
+ user_groups[ngroups] = NULL;
+
diff -pruN 1:4.16.0-7/debian/patches/series 1:4.16.0-7ubuntu1/debian/patches/series
--- 1:4.16.0-7/debian/patches/series 2024-12-06 12:51:40.000000000 +0000
+++ 1:4.16.0-7ubuntu1/debian/patches/series 2024-12-02 11:39:54.000000000 +0000
@@ -10,3 +10,14 @@ debian/Adapt-login.defs-for-Debian.patch
debian/Define-LOGIN_NAME_MAX-on-HURD.patch
debian/Stop-building-programs-we-do-not-install.patch
upstream/lib-user_busy.c-Include-utmpx.h.patch
+ubuntu/0001-Enable-private-home-directories-by-default.patch
+#lp2076898
+ubuntu/0001-Forbid-user-and-group-names-to-be-fully-numeric.patch
+1010_extrausers.patch
+1011_extrausers_toggle.patch
+1012_extrausers_chfn.patch
+1013_extrausers_deluser.patch
+1014_extrausers_delgroup.patch
+1016_extrausers_gpasswd.patch
+lp2063200/0023-useradd-move-group-validation-after-option-parsing.patch
+lp2063200/0024-useradd-revert-to-old-group-validation-algorithm-wit.patch
diff -pruN 1:4.16.0-7/debian/patches/ubuntu/0001-Enable-private-home-directories-by-default.patch 1:4.16.0-7ubuntu1/debian/patches/ubuntu/0001-Enable-private-home-directories-by-default.patch
--- 1:4.16.0-7/debian/patches/ubuntu/0001-Enable-private-home-directories-by-default.patch 1970-01-01 00:00:00.000000000 +0000
+++ 1:4.16.0-7ubuntu1/debian/patches/ubuntu/0001-Enable-private-home-directories-by-default.patch 2024-12-02 11:39:54.000000000 +0000
@@ -0,0 +1,28 @@
+From 0c16f8de4bb6170c655f13661ce75dd436fd98f4 Mon Sep 17 00:00:00 2001
+From: Hector Cao <hector.cao at canonical.com>
+Date: Wed, 17 Jul 2024 08:52:39 +0200
+Subject: [PATCH] Enable private home directories by default
+
+Before the version 1:4.15.3-2, Debian lets the
+HOME_MODE variable unset in the debian/login.defs file
+Ubuntu uncomments the variable and sets the HOME_MODE
+to 0750
+But with this new version, Debian uncomment the HOME_MODE
+variable that has the value 0700
+This patch tries to keep the Ubuntu current behavior by
+overriding the HOME_MODE from Debian to have the value 0750
+---
+ etc/login.defs | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -85,7 +85,7 @@
+
+ # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
+ # home directories.
+-HOME_MODE 0700
++HOME_MODE 0750
+
+ #
+ # Password aging controls:
diff -pruN 1:4.16.0-7/debian/patches/ubuntu/0001-Forbid-user-and-group-names-to-be-fully-numeric.patch 1:4.16.0-7ubuntu1/debian/patches/ubuntu/0001-Forbid-user-and-group-names-to-be-fully-numeric.patch
--- 1:4.16.0-7/debian/patches/ubuntu/0001-Forbid-user-and-group-names-to-be-fully-numeric.patch 1970-01-01 00:00:00.000000000 +0000
+++ 1:4.16.0-7ubuntu1/debian/patches/ubuntu/0001-Forbid-user-and-group-names-to-be-fully-numeric.patch 2024-12-02 11:39:54.000000000 +0000
@@ -0,0 +1,88 @@
+From 7890f7608fd8fe684abb01f73ce88bacc2085dd9 Mon Sep 17 00:00:00 2001
+From: Hector Cao <hector.cao at canonical.com>
+Date: Mon, 12 Aug 2024 19:05:58 +0000
+Subject: [PATCH] Forbid user and group names to be fully numeric
+
+---
+ lib/chkname.c | 33 +++++++++++++++++++++++++++++++++
+ man/groupadd.8.xml | 5 +++++
+ man/useradd.8.xml | 5 +++++
+ 3 files changed, 43 insertions(+)
+
+--- a/lib/chkname.c
++++ b/lib/chkname.c
+@@ -73,13 +73,46 @@
+ return false;
+ }
+
++ bool is_numeric = true;
++ bool is_hex = true;
++ bool is_octal = true;
++ int chars_checked = 0;
++
++ /* if the username does not start with "0x" it is not hexadecimal */
++ if (*name != '0' || *(name + 1) != 'x') {
++ is_hex = false;
++ }
++
++ /* if the username does not start with "0o" it is not octal */
++ if (*name != '0' || *(name + 1) != 'o') {
++ is_octal = false;
++ }
++
+ do {
+ if ((':' == *name) || (',' == *name) || ('\\' == *name) || isspace(*name)) {
+ return false;
+ }
++
++ if ((*name < '0' || *name > '9')) {
++ is_numeric = false;
++ }
++ if ((*name < '0' || *name > '9') &&
++ (*name < 'A' || *name > 'F') &&
++ (*name < 'a' || *name > 'f') &&
++ chars_checked >= 2) {
++ is_hex = false;
++ }
++ if ((*name < '0' || *name > '7') && chars_checked >= 2) {
++ is_octal = false;
++ }
++ chars_checked++;
+ name++;
+ } while ('\0' != *name);
+
++ if (is_numeric || is_hex || is_octal) {
++ return false;
++ }
++
+ return true;
+ }
+
+--- a/man/groupadd.8.xml
++++ b/man/groupadd.8.xml
+@@ -78,6 +78,11 @@
+ end of line: '\n', tabulation: '\t', etc.).
+ </para>
+ <para>
++ On Ubuntu, the same constraints as Debian are in place, with the
++ additional constraint that the groupname cannot be fully numeric.
++ This includes octal and hexadecimal syntax.
++ </para>
++ <para>
+ Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long.
+ </para>
+ </refsect1>
+--- a/man/useradd.8.xml
++++ b/man/useradd.8.xml
+@@ -743,6 +743,11 @@
+ ('/') may break the default algorithm for the definition of the
+ user's home directory.
+ </para>
++ <para>
++ On Ubuntu, the same constraints as Debian are in place, with the
++ additional constraint that the username cannot be fully numeric.
++ This includes octal and hexadecimal syntax.
++ </para>
+ </refsect1>
+
+ <refsect1 id='configuration'>
diff -pruN 1:4.16.0-7/debian/source_shadow.py 1:4.16.0-7ubuntu1/debian/source_shadow.py
--- 1:4.16.0-7/debian/source_shadow.py 1970-01-01 00:00:00.000000000 +0000
+++ 1:4.16.0-7ubuntu1/debian/source_shadow.py 2024-04-23 10:44:51.000000000 +0000
@@ -0,0 +1,26 @@
+#!/usr/bin/python
+
+'''Apport package hook for shadow
+
+(c) 2010 Canonical Ltd.
+Contributors:
+Marc Deslauriers <marc.deslauriers at canonical.com>
+
+This program is free software; you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by the
+Free Software Foundation; either version 2 of the License, or (at your
+option) any later version. See http://www.gnu.org/copyleft/gpl.html for
+the full text of the license.
+'''
+
+from apport.hookutils import *
+
+def add_info(report):
+
+ attach_file_if_exists(report, '/etc/login.defs', 'LoginDefs')
+
+if __name__ == '__main__':
+ report = {}
+ add_info(report)
+ for key in report:
+ print('[%s]\n%s' % (key, report[key]))
diff -pruN 1:4.16.0-7/debian/tests/control 1:4.16.0-7ubuntu1/debian/tests/control
--- 1:4.16.0-7/debian/tests/control 2024-12-06 12:51:40.000000000 +0000
+++ 1:4.16.0-7ubuntu1/debian/tests/control 2024-08-26 16:05:48.000000000 +0000
@@ -8,3 +8,10 @@ Depends:
@,
@builddeps@
Restrictions: needs-root, build-needed, breaks-testbed, allow-stderr, isolation-machine
+
+Tests: numeric-username
+Restrictions: needs-root, allow-stderr
+
+Tests: extrausers-etc-readonly
+Restrictions: needs-root, allow-stderr, breaks-testbed
+Depends: passwd, libnss-extrausers, augeas-tools
diff -pruN 1:4.16.0-7/debian/tests/extrausers-etc-readonly 1:4.16.0-7ubuntu1/debian/tests/extrausers-etc-readonly
--- 1:4.16.0-7/debian/tests/extrausers-etc-readonly 1970-01-01 00:00:00.000000000 +0000
+++ 1:4.16.0-7ubuntu1/debian/tests/extrausers-etc-readonly 2024-08-13 09:15:03.000000000 +0000
@@ -0,0 +1,36 @@
+#!/bin/bash
+
+set -ex
+
+augtool set '/files/etc/nsswitch.conf/database["passwd"]/service[last()+1]' extrausers
+augtool set '/files/etc/nsswitch.conf/database["group"]/service[last()+1]' extrausers
+augtool set '/files/etc/nsswitch.conf/database["shadow"]/service[last()+1]' extrausers
+augtool set '/files/etc/nsswitch.conf/database["gshadow"]/service[last()+1]' extrausers
+
+mv /etc /etc-rw
+mkdir /etc
+mount -o bind,ro /etc-rw /etc
+
+groupadd --extrausers existinggroup
+grep -E -q '^existinggroup:' /var/lib/extrausers/group
+
+useradd --extrausers --groups existinggroup somenewuser
+grep -E -q '^existinggroup:x:[0-9]+:somenewuser' /var/lib/extrausers/group
+grep -E -q '^somenewuser:' /var/lib/extrausers/group
+grep -E -q '^somenewuser:' /var/lib/extrausers/gshadow
+grep -E -q '^somenewuser:' /var/lib/extrausers/passwd
+grep -E -q '^somenewuser:' /var/lib/extrausers/shadow
+
+if useradd --extrausers --groups invalidgroup someotheruser; then
+ echo "Should have failed!"
+ exit 1
+fi
+
+groupadd --extrausers existinggroup2
+grep -E -q '^existinggroup2:' /var/lib/extrausers/group
+
+usermod -G existinggroup2 somenewuser
+if grep -E -q '^existinggroup:x:[0-9]+:somenewuser' /var/lib/extrausers/group; then
+ exit 1
+fi
+grep -E -q '^existinggroup2:x:[0-9]+:somenewuser' /var/lib/extrausers/group
diff -pruN 1:4.16.0-7/debian/tests/numeric-username 1:4.16.0-7ubuntu1/debian/tests/numeric-username
--- 1:4.16.0-7/debian/tests/numeric-username 1970-01-01 00:00:00.000000000 +0000
+++ 1:4.16.0-7ubuntu1/debian/tests/numeric-username 2024-04-23 10:44:51.000000000 +0000
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+set -ux
+
+# purely numeric usernames are considered invalid
+for invalidUsername in "0" "00" "0123456789" "0x0" "0x0123456789" "0o0" "0o01234567" "0xDEADBEEF" "0xcafe42" "0xdeadbeef" "0xdeadBEEF"
+do
+ useradd $invalidUsername
+ ret=$?
+ if [ $ret -eq 0 ]
+ then
+ exit 1
+ fi
+done
+
+# usernames that start with a digit and contain other valid characters should not fail
+for validUsername in "0root" "0123456789root" "0-0" "0_0" "0.o" "0xo" "0-o" "0_o" "0x0x0x0" "0o0123456789" "0.0.0.0" "0x123.456.789" "0o123.456.789" "123.456" "0.0" "0xdeadbeefjawn-smith" "0o123jawn-smith"
+do
+ useradd $validUsername
+ ret=$?
+ if [ $ret -ne 0 ]
+ then
+ exit 1
+ fi
+done
diff -pruN 1:4.16.0-7/debian/tests/smoke 1:4.16.0-7ubuntu1/debian/tests/smoke
--- 1:4.16.0-7/debian/tests/smoke 2024-12-06 12:51:40.000000000 +0000
+++ 1:4.16.0-7ubuntu1/debian/tests/smoke 2024-05-27 16:56:41.000000000 +0000
@@ -2,12 +2,31 @@
set -e
+# smoke test for {user,group}{add,del}
+mkdir -p /var/lib/extrausers
+
echo "Adding an user works"
useradd shadow-test-user
grep '^shadow-test-user:x:' /etc/passwd
grep '^shadow-test-user:!:' /etc/shadow
+# nothing got added to the extrausers
+! grep -s 'shadow-test-user' /var/lib/extrausers/passwd
+! grep -s 'shadow-test-user' /var/lib/extrausers/shadow
echo "Removing an user works"
userdel shadow-test-user
! grep 'shadow-test-user' /etc/passwd
! grep 'shadow-test-user' /etc/shadow
+
+echo "Adding an extrauser works"
+useradd --extrausers shadow-test-user
+grep '^shadow-test-user:x:' /var/lib/extrausers/passwd
+grep '^shadow-test-user:!:' /var/lib/extrausers/shadow
+# nothing got added to the system
+! grep 'shadow-test-user' /etc/passwd
+! grep 'shadow-test-user' /etc/shadow
+
+echo "Removing an extrauser works"
+userdel --extrausers shadow-test-user
+! grep 'shadow-test-user' /var/lib/extrausers/passwd
+! grep 'shadow-test-user' /var/lib/extrausers/passwd
diff -pruN 1:4.16.0-7/debian/tests/upstream 1:4.16.0-7ubuntu1/debian/tests/upstream
--- 1:4.16.0-7/debian/tests/upstream 2024-12-06 12:51:40.000000000 +0000
+++ 1:4.16.0-7ubuntu1/debian/tests/upstream 2024-12-02 11:39:54.000000000 +0000
@@ -3,7 +3,7 @@ useradd ubuntu
export BUILD_BASE_DIR=$(pwd)
-cd tests
+cd tests/tests
cleanup() {
cp testsuite.log $AUTOPKGTEST_ARTIFACTS/
More information about the Pkg-shadow-devel
mailing list