Change log for shadow package in Debian

131 of 31 results
Published in buster-release on 2017-10-03
Published in sid-release on 2017-09-27
shadow (1:4.5-1) unstable; urgency=medium

  * New upstream version 4.5
    - Fix buffer overflow if NULL line is present in db (CVE-2017-12424)
      (Closes: #756630)
    - Make the sp_lstchg shadow field reproducible (Closes: #857803)
    - Fix regression in useradd not loading defaults properly.
      (Closes: #865762)
  * Refresh patches
  * Drop patches manipulating su argument concatenation:
  * Cut redundant information from Debian-specific README files
  * Revert adding pts/0 and pts/1 to securetty.
    Adding pts/* defeats the purpose of securetty. Let containers add it if
    needed as described in #830255.
  * Use my @ubuntu.com email address in Maintainer field

 -- Balint Reczey <email address hidden>  Wed, 27 Sep 2017 12:45:23 -0400
Published in jessie-release on 2017-07-22
shadow (1:4.2-3+deb8u4) jessie-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Reset pid_child only if waitpid was successful.
    This is a regression fix for CVE-2017-2616. If su receives a signal like
    SIGTERM, it is not propagated to the child. (Closes: #862806)

 -- Salvatore Bonaccorso <email address hidden>  Wed, 17 May 2017 12:58:54 +0200
Superseded in buster-release on 2017-10-03
Published in stretch-release on 2017-05-24
Superseded in sid-release on 2017-09-27
shadow (1:4.4-4.1) unstable; urgency=high

  * Non-maintainer upload.
  * Reset pid_child only if waitpid was successful.
    This is a regression fix for CVE-2017-2616. If su receives a signal like
    SIGTERM, it is not propagated to the child. (Closes: #862806)

 -- Salvatore Bonaccorso <email address hidden>  Wed, 17 May 2017 13:59:59 +0200
Superseded in jessie-release on 2017-07-22
shadow (1:4.2-3+deb8u3) jessie-security; urgency=high

  * Fix integer overflow in getulong.c (CVE-2016-6252) (Closes: #832170)
  * Refresh patches
  * Add myself to uploaders replacing Nicolas FRANCOIS (Nekral)

 -- Balint Reczey <email address hidden>  Fri, 24 Feb 2017 00:57:31 +0100
Superseded in stretch-release on 2017-05-24
Superseded in sid-release on 2017-05-22
shadow (1:4.4-4) unstable; urgency=high

  * su: properly clear child PID (CVE-2017-2616) (Closes: #855943)

 -- Balint Reczey <email address hidden>  Fri, 24 Feb 2017 01:33:25 +0100
Superseded in stretch-release on 2017-02-26
Superseded in sid-release on 2017-02-25
shadow (1:4.4-3) unstable; urgency=medium

  [ Balint Reczey ]
  * Clean up stale locks on boot (Closes: #478771)
  * Sync motd handling with sshd.
    Using patch from Ubuntu (Closes: #757148)

  [ Stéphane Graber ]
  * Add missing /etc/{subgid|subuid} in postinst

 -- Balint Reczey <email address hidden>  Wed, 25 Jan 2017 16:43:09 +0100
Superseded in sid-release on 2017-01-26
shadow (1:4.4-2) unstable; urgency=medium

  [ Balint Reczey ]
  * Update homepage to new upstream
  * Always use /bin/sh shell in the build (Closes: #817971)
  * Replace user´s -> user's to make login.def file valid ASCII
    (Closes: #850338)
  * Update patch naming docmentation
  * Fix typos in German man pages (Closes: #734609)
  * Send 1000_configure_userns patch upstream
  * Add call to pam_keyinit for login pam service.
    This module is linux-any only, so copy what openssh has already done and
    remove the call at build time for other architectures.
    The call to this module is needed to have proper per-session kernel
    keyring. (Closes: #734671)
  * Add pts/0 and pts/1 to securetty (Closes: #830255)
  * Add ttySAC* to securetty (Closes: #824391)
  * Add ttySC[4-9] to securetty (Closes: #768020)

  [ Laurent Bigonville ]
  * Move pam_selinux open call higher in the session stack (Closes: #747313)

  [ Christian Perrier ]
  * Fix typos in login.pam (thanks to Jakub Wilk for reporting)
    (Closes: #747115)
  * Include groupmems(8) in the passwd package (Closes: #663117)

  [ Frans Spiesschaert ]
  * Dutch translation update (Closes: #772470)

  [ Trần Ngọc Quân ]
  * Update Vietnamese translation (Closes: #777107)

  [ Miroslav Kuře ]
  * Updated Czech translation. (Closes: #759113)

  [ Holger Wansing ]
  * Update for German man pages

  [ Thomas Blein ]
  * French manpage translation (Closes: #805182)

  [ Lars Bahner ]
  * Fix some spelling issues in the Norwegian translation (Closes: #800553)

 -- Balint Reczey <email address hidden>  Thu, 19 Jan 2017 18:22:49 +0100
Superseded in stretch-release on 2017-02-05
Superseded in sid-release on 2017-01-21
shadow (1:4.4-1) unstable; urgency=medium

  [ Christian Perrier ]
  * Imported Upstream version 4.2
  * Debian patch: Fix typo in su.1.xml
  * Configure userns
  * Vietnamese translation update
  * French translation update (Closes: #725793)
  * German translation update
  * Update NEWS file
  * Issue a warning if no manpages have been generated
  * Regenerate PO files
  * Regenerate manpages PO files
  * Imported Upstream version 4.2.1

  [ Serge Hallyn ]
  * Import new upstream
  * Patch changes:
    - Update 501_commonio_group_shadow to work with upstream changes
    - Update 1010_vietnamese_translation
    - Drop userns patches which are now all upstream

  [ Balint Reczey ]
  * Update debian/watch to use GitHub releases
  * Imported Upstream version 4.4
    - Fix incorrect integer handling (CVE-2016-6252) (Closes: #832170)
  * Disable Vietnamese translation patch because it does not apply cleanly
  * Bump debhelper compat level to 10
  * ACK NMU by Samuel Thibault dropping the patch which is integrated
    upstream
  * Stop build-depending on build-essential dpkg-dev
  * Tag login package as essential properly
  * Adopt the package under the Shadow Team's umbrella (Closes: #801707)

 -- Balint Reczey <email address hidden>  Fri, 06 Jan 2017 16:19:18 +0100
Superseded in stretch-release on 2017-01-17
Superseded in sid-release on 2017-01-11
shadow (1:4.2-3.3) unstable; urgency=medium

  * Non-maintainer upload.
  * Apply upstream patch to fix build on hurd-i386. (Closes: #750480)

 -- Samuel Thibault <email address hidden>  Tue, 22 Nov 2016 18:31:28 +0000
Superseded in stretch-release on 2016-12-03
Superseded in sid-release on 2016-11-28
shadow (1:4.2-3.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Use HTTPS in Vcs-Git.
  * Stop using hardening-wrapper and instead use /usr/share/dpkg/buildflags.mk.
    Closes: #836653

 -- Mattia Rizzolo <email address hidden>  Sun, 18 Sep 2016 14:42:16 +0000
Superseded in jessie-release on 2017-05-07
shadow (1:4.2-3+deb8u1) jessie; urgency=medium

  * Non-maintainer upload.
  * Fix error handling in busy user detection. (Closes: #778287)

 -- Bastian Blank <email address hidden>  Wed, 18 Nov 2015 08:07:09 +0000
Superseded in stretch-release on 2016-09-25
Superseded in sid-release on 2016-09-20
shadow (1:4.2-3.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix error handling in busy user detection. (Closes: #778287)

 -- Bastian Blank <email address hidden>  Thu, 12 Nov 2015 14:33:33 +0000
Superseded in stretch-release on 2015-11-18
Superseded in jessie-release on 2016-01-23
Superseded in sid-release on 2015-11-12
shadow (1:4.2-3) unstable; urgency=low


  * Enforce hardened builds to workaround cdbs sometimes not building
    with hardening flags as in 1:4.2-2+b1
    Thanks to Dr. Markus Waldeck for pointing the issue and Simon Ruderich
    For providing a working patch.

 -- Christian Perrier <email address hidden>  Wed, 19 Nov 2014 21:59:09 +0100
Superseded in jessie-release on 2014-12-01
Superseded in sid-release on 2014-11-22
shadow (1:4.2-2) unstable; urgency=low


  * The "Soumaintrain" release
  * The "Rigotte de Condrieu" release was 4.2-1
  * Upload to unstable
  * Last upload integrates the use of dh_autoreconf which has the same
    effect then Eric Dorland's patch in 1:4.1.5.1-1.1 NMU to drop the
    use of automake1.9. Closes: #724434

  [ Samuel Thibault ]
  * Enable the login package on hurd-any, but without /bin/login, still provided
    by the hurd package. Closes: #737805.
    This fix was accidentally forgotten in 1:4.2-1

  [ Josh Triplett ]
  * use the new pam_exec functionality from pam 1.1.8-1 to implement the
    dynamic motd, rather than using /run/motd.dynamic from initscripts.
    This will allow initscripts to drop /etc/init.d/motd.
    Closes: #741129

  [ Laurent Bigonville ]
  * Enable libaudit support. Closes: #745774

  [ Trần Ngọc Quân ]
  * Vietnamese translation update.

  [ Christian Perrier ]
  * Add a lintian override for newuidmap and newgidmap setuid binaries
  * Add upstream signing key as debian/upstream-signing-key.asc
  * Check upstream signing key in debian/watch

 -- Christian Perrier <email address hidden>  Sun, 04 May 2014 19:39:07 +0200
Deleted in experimental-release (Reason: None provided.)
shadow (1:4.2-1) experimental; urgency=low


  [ Nicolas FRANCOIS (Nekral) ]
  * New upstream release. Fixes:
    - Invalid free() in su fixed by using strdup(). Thanks to Serge
      Hallyn for the patch. Closes: #691459
    - Kill the child process group, rather than just the
      immediate child; this is needed now that su no
      longer starts a controlling terminal when not running an
      interactive shell. Thanks to Colin Watson for the patch.
      Closes: #713979
    - German manpages translation update. Closes: #679152
    - Improve login.defs (typographic errors and better format).
      Closes: #685415
    - Russian translation update. Closes: #718356
    - Do not assume random() is limited by RAND_MAX.  Closes: #677275
    - Support C libraries with unknown fields in struct passwd.
      Closes: #675824
    - su: child cleanup is performed before terminating PAM sessions. This
      avoids anoying "...terminated" messages when PAM module send signal to
      su during session close. Closes: #670132
    - vipw/vigr is checking arguments provided after options. Closes: #677812
    - Updated Japanese translation. Closes: #720004
    - vipw: Fix error reporting when editor fails. Closes: #688260
  * Moved to git: replace Vcs-Git in place of Vcs-Svn and adapt
    Vcs-Browser.
  * Add pam_loginuid to login PAM settings. Closes: #677441
  * passwd.install: add new subuid.5 and subgid.5 manpages
  * debian/rules, debian/control, debian/uidmap.install: create new uidmap
    package containing the new setuid-root binaries newuidmap and newgidmap 
    Set uidmap as priority optional.
  * debian/login.su.pam: Enable pam_limits by default. Closes: #705301
  * debian/rules: Set default editor to sensible-editor for vipw.
    Closes: #688252

  [ Micah Anderson ]
  * added debian/patches/userns to enable use of subuids, plus some bugfix 
    patches on top of them, patches from Eric Biederman, pulled from
    Ubuntu. Closes: #739981
  * Allow LXC devices (lxc/console, lxc/tty[1234]) in securetty.linux
  * Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify
    this default for UPGs. (Closes: #583971)
  * login.postinst: install a default /etc/subuid and /etc/subgid
  * fix installation of setuid/setgid/newuidmap/newgid/map man pages

  [ Laurent Bigonville ]
  * Switch to dpkg-source 3.0 (quilt) format
  * Add build-dependency against bison
  * Call dh-autoreconf since we need to regenerate all the autofoo files
  
  [ Philippe Grégoire ]
  * Fix 1000_configure_userns to avoid dropping a needed #endif
    Closes: #744877

  [ Christian Perrier ]
  * Bump Standards to 3.9.5 (checked)
  * Use 'set -e' in postinst scripts and not in thei shebang line
  * Explicitly point to GPL-2 document in debian/copyright

 -- Christian Perrier <email address hidden>  Tue, 22 Apr 2014 09:01:42 +0200
Superseded in jessie-release on 2014-05-15
Superseded in sid-release on 2016-11-28
shadow (1:4.1.5.1-1.1) unstable; urgency=medium


  * Non-maintainer upload.

  [ Eric Dorland ]
  * Switch to automake1.11. (Closes: #724434)

  [ Samuel Thibault ]
  * Enable the login package on hurd-any, but without /bin/login, still provided
    by the hurd package. Closes: #737805.

 -- Samuel Thibault <email address hidden>  Sun, 16 Mar 2014 20:58:24 +0100
Superseded in jessie-release on 2014-03-22
Published in wheezy-release on 2012-06-05
Superseded in sid-release on 2014-03-21
shadow (1:4.1.5.1-1) unstable; urgency=low


  * The "Gruyère" release.

  [ Nicolas FRANCOIS (Nekral) ]
  * New upstream release:
    - login: log into utmp(x) but not into wtmp (this is done by pam_lastlog).
      Log to utmp(x) was broken by the fix for #605329. Closes: 659957
    - userdel: Fix segfault when userdel removes the user's group.
      Closes: #660406
    - manpages: .so links point to paths relative to the top-level manual
      hierarchy. Closes: #661025
    - useradd(8): Return code 13 no more documented. Closes: #661802
  * debian/patches/series, debian/patches/428_grpck_add_prune_option: Removed.
    The -p option was not documented and was meant to fix consequences of a
    bug now fixed more than 10 years ago.
  * debian/shadowconfig.sh: Display issues, but dot not prompt interactively
    to fix passwd/group/shadow/gshadow issues. Closes: #638263
  * debian/control: Bump Standards-Version to 3.9.3 (no changes needed).
  * debian/rules: Simplify setting of hardening flags. cdbs 0.4.103 needed to
    get hardened version of shadow-utils. Restore previous requirement on
    dpkg-dev to 1.13.5.

  [ Christian Perrier ]
  * Complete Polish translation of logoutd(8). Closes: #668880
  * German translation of manpages completed. Closes: #673234

  [ Roger Leigh ]
  * Separation of static and dynamic motd components in login PAM module
    Closes: #669698

 -- Nicolas FRANCOIS (Nekral) <email address hidden>  Fri, 25 May 2012 15:42:01 +0200
Superseded in wheezy-release on 2012-06-05
Superseded in sid-release on 2012-05-27
shadow (1:4.1.5-1) unstable; urgency=low


  * The "Charolais" release.

  [ Nicolas FRANCOIS (Nekral) ]
  * New upstream release:
    - su: Fix possible tty hijacking by dropping the controlling terminal when
      executing a command (CVE-2005-4890). Closes: #628843
    - userdel: Check the existence of the user's mail spool before trying to
      remove it. If it does not exist, a warning is issued, but no failure.
      Closes: #617295
    - userdel: Do not remove a group with the same name as the user
      (usergroup) if this group isn't the user's primary group.
      Closes: #584868
    - su: Close the PAM session as root (fix issues with pam_mount and
      pam_systemd). Closes: #580434
    - Fix several typos in manpages. Thanks to Simon Brandmair.
      Closes: #628776
    - userdel error message has been clarified when the user is still
      executing processes (it used to complain that the user is logged in).
      Closes: #603315
    - passwd(1) references chpasswd(8). Closes: #609117
    - Spaces have been added between options and arguments in the Russian
      manpages. Closes: #606159
    - Fix handling of numerical dates in usermod -e. Closes: #621810
    - usermod: When the shadow file exists but there are no shadow entries, an
      entry is created if the password is changed and passwd requires a shadow
      entry, or if aging features are used (-e or -f). Closes: 632461
    - Added diagnosis for lock failures. Closes: #616167
    - grpck/pwck: NIS entries were dropped by -s (sort). Closes: #622765
    - login does not log into utmp(x) and wtmp. This is already done by
      pam_lastlog. Closes: #605329
    - groupmod: document that /etc/passwd can be modified by groupmod -g.
      Closes: #647308
    - Updated patches
      + debian/patches/008_login_log_failure_in_FTMP
      + debian/patches/401_cppw_src.dpatch
      + debian/patches/402_cppw_selinux
      + debian/patches/428_grpck_add_prune_option
      + debian/patches/429_login_FAILLOG_ENAB
      + debian/patches/463_login_delay_obeys_to_PAM
      + debian/patches/501_commonio_group_shadow
      + debian/patches/505_useradd_recommend_adduser
      + debian/patches/506_relaxed_usernames
      + debian/patches/508_nologin_in_usr_sbin
      + debian/patches/523_su_arguments_are_concatenated
      + debian/patches/523_su_arguments_are_no_more_concatenated_by_default
      + debian/patches/542_useradd-O_option
      + debian/patches/900_testsuite_groupmems
    - debian/patches/008_su_get_PAM_username: Removed, feature supported
      upstream.
    - debian/patches/300_CVE-2011-0721: Removed, applied upstream.
    - Upstream translation updates from Debian BTS:
      + Brazilian Portuguese. Closes: #622834
      + Catalan. Closes: #627526
      + Danish. Closes: #621330, #657514
      + German. Closes: #622908, #656503
      + French. Closes: #623608, #657621
      + Japanese. Closes: #620978
      + Kazakh. Closes: #620930
      + Portuguese. Closes: #623722, #656686
      + Russian. Closes: #622106, #655194
      + Spanish (Closes: #630618)
      + Swedish. Closes: #621126
      + Simplified Chinese. Closes: #655858
    - Upstream manpages translation updates from Debian BTS:
      + French. Closes: #630250, #657622
      + German. Closes: #628777
      + Simplified Chinese. Closes: #602264, #655858
      + Danish added. Closes: #657516
      + Russian. Closes: #657710
  * debian/control: mark passwd as 'Multi-Arch: foreign'. Closes: #614321
  * debian/securetty.linux: Add IBM pSeries console ports. Closes: #597661
  * debian/securetty.linux: Add serial Console for MIPS Swarm.
    (http://lists.debian.org/debian-release/2011/02/msg00320.html)
  * debian/securetty.linux: Add s390/s390x ports ttysclp0. Closes: #647469
  * debian/securetty.linux: Fixed typo: ttyama -> ttyAMA. Closes: #544184
  * debian/rules, debian/man.insert, debian/man.insert.sed: Bug #507673 has
    been closed. It is no more needed to patch the generated manpages. This
    also fix failures to build twice is a row. Closes: #636047
  * debian/patches/401_cppw_src.dpatch: Replace progname by Prog. Rename
    create_backup_file to create_copy. The lock functions do not set errno.
    Do not report the error string on cppwexit.
  * debian/patches/401_cppw_src.dpatch, debian/patches/402_cppw_selinux:
    Synchronize with coding style.
  * debian/patches/401_cppw_src.dpatch: Detect as well too many and too
    few arguments.
  * debian/patches/506_relaxed_usernames: Really check if the user/group
    name starts with a dash. Also forbid names starting with '+' or '~'.
    Document the naming policy in useradd.8 / groupadd.8.
  * debian/patches/506_relaxed_usernames: Also forbid names containing a
    comma.
  * debian/patches/901_testsuite_gcov: Do not revert the locale when testing
    with gcov to avoid coverage false negatives. This does not impact the
    debian binary package, only the test package.
  * debian/control: Add Build-Depends on libsemanage1-dev [linux-any]
  * debian/rules: Do not hard-code CFLAGS and LDFLAGS. Build with all
    hardening flags set. Closes: #657010
  * debian/control: depends on dpkg-dev (>= 1.16.1~) for including
    /usr/share/dpkg/buildflags.mk
  * debian/control: Standards-Version: bumped to 3.9.2. No changes.
  * debian/login.defs: Set the default encryption method to SHA512.
    Closes: #657717

  [ Christian Perrier ]
  * Use "linux-any" instead of a negated list of architectures in
    Build-Depends. Closes: #634465

 -- Nicolas FRANCOIS (Nekral) <email address hidden>  Sun, 12 Feb 2012 22:27:03 +0100
Published in squeeze-release
shadow (1:4.1.4.2+svn3283-2+squeeze1) stable-security; urgency=high
  * The "Tomanoix" release.  * debian/patches/300_CVE-2011-0721: Fix insufficient input sanitation    leading to possible user or group creation in NIS environments. -- Nicolas FRANCOIS (Nekral) <email address hidden>  Sun, 13 Feb 2011 22:02:28 +0100
Superseded in wheezy-release on 2012-02-23
Superseded in sid-release on 2012-02-14
shadow (1:4.1.4.2+svn3283-3) unstable; urgency=high
  * The "Trappe d'Echourgnac" release.  * Fix typo in /etc/pam.d/login comments. Thanks to Ferenc Wagner.    Closes: #598717  * debian/patches/300_CVE-2011-0721: Fix insufficient input sanitation    leading to possible user or group creation in NIS environments. -- Nicolas FRANCOIS (Nekral) <email address hidden>  Mon, 13 Feb 2011 23:20:05 +0100
Superseded in wheezy-release on 2011-09-21
Superseded in squeeze-release on 2011-09-13
Superseded in sid-release on 2011-09-20
shadow (1:4.1.4.2+svn3283-2) unstable; urgency=low


  * The "Bleu du Vercors-Sassenage" release.
  * Fix backup command line in cron.daily script. Closes: #596283

 -- Nicolas FRANCOIS (Nekral) <email address hidden>  Sat, 25 Sep 2010 23:38:39 +0200
Superseded in squeeze-release on 2011-09-13
Superseded in sid-release on 2011-09-20
shadow (1:4.1.4.2+svn3283-1) unstable; urgency=low


  * The "Bleu de Gex" release.
  * New upstream unreleased version:
    - Fix formatting of the login.defs.5 manpage. Closes: #542804
    - Updated Czech translation. Closes: #548407
    - Updated Vietnamese translation. Closes: #548065
    - Remove patches applied upstream:
      + debian/patches/008_su_no_sanitize_env
      + debian/patches/483_su_fakelogin_wrong_arg0
    - Updated patches:
      + debian/patches/523_su_arguments_are_no_more_concatenated_by_default
      + debian/patches/542_useradd-O_option
    - Added support for dates already specified as a number of days since
      Epoch in useradd, usermod and chage. Closes: #562221
    - This also allows, in the chage interactive mode, to specify -1 as the
      expiration date to disable it. Closes: #573018
    - Fixed parsing of gshadow. This fix password support in newgrp.
      Closes: #569899
    - pwck and grpck stop sorting at the first line which begins with a '+'.
      This will avoid messing up with NIS entries. Closes: #567836
    - Fix interruption of su, newgrp, vipw with Ctrl-Z. Closes: 530231
    - mail checking is no more mentioned in login(1) since it is done by PAM.
      Closes: #470059
    - The -e (and -c and -m) option was restored in chpasswd (which still uses
      PAM by default).  Closes: #539354
    - Kazakh translation updated. Closes: #586994
    - Fixed comma splice in chsh(1). Closes: #582166
  * debian/securetty.kfreebsd: On GNU/kFreeBSD the serial devices have change
    from /dev/cuuaX to /dev/ttydX in kernel 6.0. Closes: #544523
  * debian/securetty.linux: Added support for embedded ARM AMBA PL011 ports
    (e.g. emulated by QEMU). Closes: #544184
  * debian/control: Removed Martin Quinson from the Uploaders, on his request.
  * debian/login.defs: Improve documentation of USERGROUPS_ENAB.
    Closes: #572687
  * debian/rules: Added DEB_AUTO_UPDATE_LIBTOOL = pre. Closes: #560633
  * debian/login.pam: return back to mostly "requisite" for the pam_securetty
    PAM module, but ignore PAM_USER_UNKNOWN. This will avoid root from
    entering a password, and will also avoid user enumeration attacks.
    Mis-typed root login are not protected, only root can be blamed for
    mis-typing and entering a password on an insecure line. Users willing to
    protect against mis-typed root login can use "requisite", but will be
    vulnerable to user enumeration attacks on insecure lines, and should use
    pam 1.1.0-4 at least. Closes: #574082, #531341
  * debian/passwd.cron.daily: Handle the backups of the user and group
    databases so that it can be removed from the standard daily cron job.
    Closes: #554170
  * debian/login.defs: Updated description of UMASK (used by pam_umask).
  * debian/securetty.linux: Reorganize and synchronize with
    Documentation/devices.txt. This added a lot of TTYs, including the
    ttyPZ0..3. Closes: #576203
  * debian/rules, debian/man.insert, debian/man.insert.sed: Hack to avoid bug
    507673, causing missing apostrophes in the manpages generated by
    docbook-xsl (see debian bug 507673).
  * debian/control: Standards-Version: bumped to 3.8.4. No changes.
  * debian/passwd.lintian-overrides: Remove old entries relevant for
    passwd.config.
  * debian/control: Do not repeat the Section and Priority fields for the
    binary packages.
  * debian/rules: Disable new features: --without-acl --without-attr
    --without-tcb

 -- Nicolas FRANCOIS (Nekral) <email address hidden>  Sun, 29 Aug 2010 21:14:12 +0200
Published in lenny-release on 2010-01-30
shadow (1:4.1.1-6+lenny1) stable-proposed-updates; urgency=low


  * The "Soumaintrain" release.
  * debian/patches/306_long_group_lines: Fix handling of long lines in the
    user or group files. Closes: #552006

 -- Nicolas FRANCOIS (Nekral) <email address hidden>  Fri, 13 Nov 2009 22:13:39 +0100
Superseded in squeeze-release on 2011-09-13
Superseded in sid-release on 2011-09-20
shadow (1:4.1.4.2-1) unstable; urgency=low


  * The "Tome des Bauges" release.
  * New upstream release:
     - Updated Basque translation. Closes: #535553
     - Fixed some translatable string. Closes: #525726
     - Fixed documentation of the short option for --mindays in passwd(1).
       Closes: #531983
     - Added support for shells being shell scripts without a shebang.
       Closes: #479406
  * debian/securetty.linux: Added Embedded Renesas SuperH ports.
    Closes: #535927
  * debian/securetty.linux: Added ttyS2 to ttyS5. Some extension card provide
    more serial ports, but that should be sufficient until there is a support
    for regular expressions. Closes: #534244
  * debian/patches/506_relaxed_usernames: Fixed typo. groupadd(8) should
    document the restriction on groupnames, not usernames.
  * debian/login.pam: pam_securetty included as a required module instead of
    requisite to avoid leak of user name information. Closes: #531341
  * debian/shadowconfig.sh: Do not run shadowoff() and shadowon() in subshell.
    This also remove a dependency on bash (even though /bin/sh would have been
    sufficient). Thanks to Luk for spotting this.
  * debian/login.dirs, debian/passwd.dirs: Removed usr/share/linda/overrides.
  * debian/control: Standards-Version: bumped to 3.8.2. No changes.

 -- Nicolas FRANCOIS (Nekral) <email address hidden>  Fri, 24 Jul 2009 05:03:23 +0200
Superseded in squeeze-release on 2011-09-13
Superseded in sid-release on 2011-09-20
shadow (1:4.1.4.1-1) unstable; urgency=low


  * The "Chevrotin" release.
  * New upstream release:
     - Fixed typo in the French vipw usage. Closes: #528486
     - Fixed failure to delete an user (wrongly detected as still logged in).
       On Linux, userdel checks if the user has some running processes.
       Otherwise, it still check with utmp if the user is logged in and check
       if the process indicated by utmp is still running to avoid
       mis-detection of logged-in users. Closes: #528060
     - newgrp and sg return the exit status of their child. Closes: #529897
     - Updated patches:
        + debian/patches/506_relaxed_usernames
  * debian/login.defs: Removed comment about MD5_CRYPT. MD5_CRYPT_ENAB is no
    more used by chpasswd and newusers. 
  * debian/patches/*: Updated patches to the new quilt and shadow versions.
  * debian/patches/506_relaxed_usernames: usernames with a slash will not only
    break one option. Move to the discussion on the usernames.

 -- Nicolas FRANCOIS (Nekral) <email address hidden>  Fri, 22 May 2009 16:29:58 +0200
Superseded in sid-release on 2011-09-20
shadow (1:4.1.4-3) unstable; urgency=low


  * The "Banonet" release.
  * debian/login.pam: Really ignore pam_selinux.so failures when the module do
    not exist. Closes: #528673

 -- Nicolas FRANCOIS (Nekral) <email address hidden>  Sat, 16 May 2009 12:11:15 +0200
Superseded in sid-release on 2011-09-20
shadow (1:4.1.4-2) unstable; urgency=low


  * The "Banon" release.
  * debian/rules, debian/passwd.linda-overrides, debian/login.linda-overrides:
    Removed linda-overrides files.
  * debian/rules: Install the lintian overrides with dh_lintian.
  * debian/control: Raised dependency on debhelper (>= 6.0.7~) for dh_lintian.
  * debian/compat: Raised to 6
  * debian/login.postinst: Install /var/log/faillog during initial installs
    only. This permits admins to disable failed logins recording.
    Closes: #488420
  * debian/login.pam: Ignore pam_selinux.so failures when the module do not
    exist. A required pam_selinux.so makes login fail when the module does not
    exist (e.g. on architecture without SE Linux support). Closes: #528673

 -- Nicolas FRANCOIS (Nekral) <email address hidden>  Thu, 14 May 2009 22:36:34 +0200
Superseded in sid-release on 2011-09-20
shadow (1:4.1.4-1) unstable; urgency=low


  * The "Chambérat" release.
  * New upstream release:
     - Updated Czech translation. Closes: #525658
     - Updated French translation.
     - Updated German translation. Closes: #527131
     - Updated Japanese translation.
     - Updated Korean translation. Closes: #524719
     - Updated Portuguese translation. Closes: #525531
     - Updated Russian translation. Closes: #527636
     - passwd: Report password properties changes if the password is not
       actually changed. Closes: #525967
     - Fixed lastlog. 4.1.3 only reported empty logs. Closes: #524873 
     - Remove patches applied upstream:
        + debian/patches/403_fix_PATH-MAX_hurd
     - Updated patches:
        + debian/patches/008_login_log_failure_in_FTMP
        + debian/patches/401_cppw_src.dpatch
        + debian/patches/429_login_FAILLOG_ENAB
        + debian/patches/463_login_delay_obeys_to_PAM
     - pwck and grpck warn when the shadowed and non-shadowed files contain
       an entry for the same user or group and the non shadowed file password
       field is not 'x'. Closes: #501869
       Other topics raised in this bug were fixed previously.
  * debian/securetty.linux: Added Freescale i.MX ports. Closes: #527095
  * debian/securetty.linux: Added some local X displays. See LP #104957. But
    only a limited set of displays were added.
  * debian/rules, debian/passwd.newusers.pam, debian/passwd.chpasswd.pam:
    Install the newusers and chpasswd PAM service configuration files.
    newusers and chpasswd now use PAM to update the passwords.
    Closes: #525153
  * debian/login.pam: Updated support for SELinux. Closes: #527106
  * debian/control: Standards-Version bumped to 3.8.1. No changes.
  * debian/control: Changed gnome-doc-utils dependency to >= 0.4.3 (instead
    of >= 0.4.3-1)
  * debian/control: Added ${misc:Depends} to the passwd's Depends and login's
    Pre-Depends.

 -- Nicolas FRANCOIS (Nekral) <email address hidden>  Mon, 11 May 2009 00:25:11 +0200
Superseded in squeeze-release on 2011-09-13
Superseded in sid-release on 2011-09-20
shadow (1:4.1.3.1-1) unstable; urgency=low


  * The "Le Puant Macéré" release.
    Sorry for the lack of cheese name in 1:4.1.3-1. At least this one should
    count for two.
  * New upstream release:
    - Fixed wrong parsing of octal permissions. This impacted login (permission
      of the TTYs, UMASK, ERASECHAR or KILLCHAR) in release 1:4.1.3-1 only.
      Closes: #524139, #524258
    - removed debian/patches/200_bin_nb: Applied upstream.
    - removed debian/patches/302_vim_selinux_support: Applied upstream.
    - Fixed login segfault when called without a username. Closes: #524193

 -- Nicolas FRANCOIS (Nekral) <email address hidden>  Wed, 15 Apr 2009 23:59:06 +0200
Superseded in squeeze-release on 2011-09-13
Superseded in lenny-release on 2011-09-13
Superseded in sid-release on 2011-09-20
shadow (1:4.1.1-6) unstable; urgency=medium


  * The "Rollot" release.
  * debian/patches/303_login_symlink_attack: Fix a race condition that could
    lead to gaining ownership or changing mode of arbitrary files.
    Closes: #505271 
  * debian/patches/304_su.1_synopsis: Fix the su synopsis. username is
    referenced in the manpage, not LOGIN. Closes: #501830
  * debian/patches/305_login.1_japanese: Fix the path of the utmp and wtmp
    files. Closes: #501353

 -- Nicolas FRANCOIS (Nekral) <email address hidden>  Fri, 14 Nov 2008 21:52:42 +0100
Superseded in sid-release on 2011-09-20
Superseded in lenny-release on 2011-09-13
shadow (1:4.1.1-5) unstable; urgency=low


  * The "Bergues" release.
  * debian/login.pam: restore the Etch behavior of pam_securetty.so in case of
    unknown user. Closes: #443322, #495831

 -- Nicolas FRANCOIS (Nekral) <email address hidden>  Sun, 14 Sep 2008 19:13:34 +0200
131 of 31 results