Change log for shadow package in Ubuntu

175 of 112 results
Published in focal-release 12 hours ago
Published in eoan-release on 2019-09-10
Deleted in eoan-proposed (Reason: moved to release)
shadow (1:4.5-1.1ubuntu4) eoan; urgency=medium

  * debian/patches/1015_add_zsys_support.patch:
    - Call zsys to handle home directory if available.
    We call zsys to handle dataset creation for zsys system in a separate
    home dataset for each user on the system.
    This allows one to handle user dataset outside of /home and also renaming.
    We don't support yet deletion, as removing the dataset would remove as
    well every snapshot of the history, and so, revert to previous version
    will result in user created, but no home directory, which is unwanted.
    (LP: #1842902)

 -- Didier Roche <email address hidden>  Thu, 29 Aug 2019 15:00:07 +0200
Published in xenial-proposed on 2019-08-30
shadow (1:4.2-3.1ubuntu5.5) xenial; urgency=medium

  * debian/patches/1014_extrausers_delgroup.patch
    - add --extrausers option to "groupdel" (LP: #1840375)

 -- Michael Vogt <email address hidden>  Wed, 21 Aug 2019 12:28:19 +0200
Published in bionic-proposed on 2019-08-30
shadow (1:4.5-1ubuntu2.1) bionic; urgency=medium

  * debian/patches/1014_extrausers_delgroup.patch
    - add --extrausers option to "groupdel" (LP: #1840375)

 -- Michael Vogt <email address hidden>  Wed, 21 Aug 2019 12:25:16 +0200
Published in disco-proposed on 2019-08-30
shadow (1:4.5-1.1ubuntu2.1) disco; urgency=medium

  * debian/patches/1014_extrausers_delgroup.patch
    - add --extrausers option to "groupdel" (LP: #1840375)

 -- Michael Vogt <email address hidden>  Wed, 21 Aug 2019 12:22:19 +0200
Superseded in eoan-release on 2019-09-10
Deleted in eoan-proposed on 2019-09-11 (Reason: moved to release)
shadow (1:4.5-1.1ubuntu3) eoan; urgency=medium

  * debian/patches/1014_extrausers_delgroup.patch
    - add --extrausers option to "groupdel" (LP: #1840375)

 -- Michael Vogt <email address hidden>  Wed, 21 Aug 2019 11:40:17 +0200
Published in bionic-updates on 2019-04-25
Deleted in bionic-proposed (Reason: moved to -updates)
shadow (1:4.5-1ubuntu2) bionic; urgency=medium

  * debian/patches/1013_extrausers_deluser.patch
    - add --extrausers option to "userdel" (LP: #1659534)
  * debian/patches/2000_fix-su-pam-env-handling.
    - fix "su -l" to correctly use pam_getenvlist (LP: #984390)

 -- Michael Vogt <email address hidden>  Fri, 22 Mar 2019 20:05:38 +0100

Available diffs

Published in xenial-updates on 2019-04-25
Deleted in xenial-proposed (Reason: moved to -updates)
shadow (1:4.2-3.1ubuntu5.4) xenial; urgency=medium

  * patches/1012_extrausers_chfn.patch:
    - add --extrausers option to "chfn" (LP: #1495580)
  * debian/patches/1013_extrausers_deluser.patch:
    - add --extrausers option to "userdel" (LP: #1659534)
  * debian/patches/2000_fix-su-pam-env-handling:
    - fix "su -l" to correctly use pam_getenvlist (LP: #984390)

 -- Michael Vogt <email address hidden>  Fri, 22 Mar 2019 20:22:06 +0100
Superseded in eoan-release on 2019-08-22
Published in disco-release on 2019-03-25
Deleted in disco-proposed (Reason: moved to release)
shadow (1:4.5-1.1ubuntu2) disco; urgency=medium

  * debian/patches/1013_extrausers_deluser.patch
    - add --extrausers option to "userdel" (LP: #1659534)

 -- Michael Vogt <email address hidden>  Fri, 22 Mar 2019 19:32:50 +0100
Superseded in disco-release on 2019-03-25
Deleted in disco-proposed on 2019-03-26 (Reason: moved to release)
shadow (1:4.5-1.1ubuntu1) disco; urgency=low

  * Merge from Debian unstable.  Remaining changes:
    - debian/login.defs:
      + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
        handling does not only apply to "former (pre-PAM) uses".
      + Update documentation of UMASK: Explain that USERGROUPS_ENAB
        will modify this default for UPGs.
    - debian/{source_shadow.py,rules}: Add apport hook
    - debian/patches/1010_extrausers.patch: Add support to passwd for
      libnss-extrausers
    - debian/patches/1011_extrausers_toggle.patch: extrausers support for
      useradd and groupadd
    - debian/patches/1012_extrausers_chfn.patch: add support for
      --extrausers to the chfn tool
    - debian/passwd.maintscripts: Clean up upstart configuration

Superseded in disco-release on 2019-01-25
Published in cosmic-release on 2018-05-01
Published in bionic-release on 2018-01-30
Deleted in bionic-proposed (Reason: moved to release)
shadow (1:4.5-1ubuntu1) bionic; urgency=medium

  * Merge with Debian; remaining changes:
    - debian/login.defs:
      + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
        handling does not only apply to "former (pre-PAM) uses".
      + Update documentation of UMASK: Explain that USERGROUPS_ENAB
        will modify this default for UPGs.
    - debian/{source_shadow.py,rules}: Add apport hook
    - debian/patches/1010_extrausers.patch: Add support to passwd for
      libnss-extrausers
    - debian/patches/1011_extrausers_toggle.patch: extrausers support for
      useradd and groupadd
    - debian/patches/1012_extrausers_chfn.patch: add support for
      --extrausers to the chfn tool
    - debian/passwd.maintscripts: Clean up upstart configuration
  * Dropped changes, included in Debian:
    - Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
      /etc/update-motd.d/* scripts twice.
  * Dropped changes, included upstream:
    - debian/patches/userns/subuids-nonlocal-users: Don't limit
      subuid/subgid support to local users.
    - debian/patches/1021_no_subuids_for_system_users.patch
    - debian/patches/CVE-2017-2616.patch: Check process's exit status before
      sending signal
    - debian/patches/CVE-2017-2616-regression.patch: Do not reset the
      pid_child to 0 if the child process is still running.
    - CVE-2017-2616
    - debian/patches/CVE-2016-6252.patch: parse directly into unsigned long
    - CVE-2016-6252
  * Dropped obsoleted changes:
    - debian/rules: setting DEB_*_INSTALLINIT_ARGS became obsolete after
      switching to passwd.tmpfile from passwd.service

Available diffs

Superseded in bionic-release on 2018-01-30
Published in artful-release on 2017-08-23
Deleted in artful-proposed (Reason: moved to release)
shadow (1:4.2-3.2ubuntu4) artful; urgency=medium

  * Drop upstart system jobs.

 -- Dimitri John Ledkov <email address hidden>  Mon, 21 Aug 2017 00:56:14 +0100
Superseded in artful-release on 2017-08-23
Deleted in artful-proposed on 2017-08-24 (Reason: moved to release)
shadow (1:4.2-3.2ubuntu3) artful; urgency=medium

  * Drop upstart system jobs.

 -- Dimitri John Ledkov <email address hidden>  Sat, 19 Aug 2017 20:52:46 +0100
Superseded in artful-release on 2017-08-21
Deleted in artful-proposed on 2017-08-22 (Reason: moved to release)
shadow (1:4.2-3.2ubuntu2) artful; urgency=medium

  * SECURITY UPDATE: su could be used to kill arbitrary processes.
    - debian/patches/CVE-2017-2616.patch: Check process's exit status before
      sending signal
    - debian/patches/CVE-2017-2616-regression.patch: Do not reset the
      pid_child to 0 if the child process is still running.
    - CVE-2017-2616
  * SECURITY UPDATE: getulong() function could accidentally parse negative
    numbers as large positive numbers.
    - debian/patches/CVE-2016-6252.patch: parse directly into unsigned long
    - CVE-2016-6252

 -- Seth Arnold <email address hidden>  Thu, 18 May 2017 14:39:32 -0400
Obsolete in zesty-updates on 2018-06-22
Obsolete in zesty-security on 2018-06-22
shadow (1:4.2-3.2ubuntu1.17.04.2) zesty-security; urgency=medium

  * REGRESSION UPDATE: The patch for CVE-2017-2616 introduced a regression.
    If su received a signal like SIGTERM it wasn't propagated to the child.
    - debian/patches/CVE-2017-2616-regression.patch: Do not reset the
      pid_child to 0 if the child process is still running.
    Thanks to Tobias Stoeckmann for the fix and Radu Duta for the report.

 -- Seth Arnold <email address hidden>  Mon, 15 May 2017 19:28:44 -0700
Obsolete in yakkety-updates on 2018-01-23
Obsolete in yakkety-security on 2018-01-23
shadow (1:4.2-3.2ubuntu1.16.10.2) yakkety-security; urgency=medium

  * REGRESSION UPDATE: The patch for CVE-2017-2616 introduced a regression.
    If su received a signal like SIGTERM it wasn't propagated to the child.
    - debian/patches/CVE-2017-2616-regression.patch: Do not reset the
      pid_child to 0 if the child process is still running.
    Thanks to Tobias Stoeckmann for the fix and Radu Duta for the report.

 -- Seth Arnold <email address hidden>  Mon, 15 May 2017 19:27:49 -0700
Published in trusty-updates on 2017-05-17
Published in trusty-security on 2017-05-17
shadow (1:4.1.5.1-1ubuntu9.5) trusty-security; urgency=medium

  * REGRESSION UPDATE: The patch for CVE-2017-2616 introduced a regression.
    If su received a signal like SIGTERM it wasn't propagated to the child.
    - debian/patches/CVE-2017-2616-regression.patch: Do not reset the
      pid_child to 0 if the child process is still running.
    Thanks to Tobias Stoeckmann for the fix and Radu Duta for the report.

 -- Seth Arnold <email address hidden>  Mon, 15 May 2017 19:22:49 -0700
Superseded in xenial-updates on 2019-04-25
Published in xenial-security on 2017-05-17
shadow (1:4.2-3.1ubuntu5.3) xenial-security; urgency=medium

  * REGRESSION UPDATE: The patch for CVE-2017-2616 introduced a regression.
    If su received a signal like SIGTERM it wasn't propagated to the child.
    - debian/patches/CVE-2017-2616-regression.patch: Do not reset the
      pid_child to 0 if the child process is still running.
    Thanks to Tobias Stoeckmann for the fix and Radu Duta for the report.

 -- Seth Arnold <email address hidden>  Mon, 15 May 2017 19:26:55 -0700
Superseded in zesty-updates on 2017-05-17
Superseded in zesty-security on 2017-05-17
shadow (1:4.2-3.2ubuntu1.17.04.1) zesty-security; urgency=medium

  * SECURITY UPDATE: su could be used to kill arbitrary processes.
    - debian/patches/CVE-2017-2616.patch: Check process's exit status before
      sending signal
    - CVE-2017-2616
  * SECURITY UPDATE: getulong() function could accidentally parse negative
    numbers as large positive numbers.
    - debian/patches/CVE-2016-6252.patch: parse directly into unsigned long
    - CVE-2016-6252

 -- Seth Arnold <email address hidden>  Thu, 04 May 2017 01:00:33 -0700
Superseded in yakkety-updates on 2017-05-17
Superseded in yakkety-security on 2017-05-17
shadow (1:4.2-3.2ubuntu1.16.10.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: su could be used to kill arbitrary processes.
    - debian/patches/CVE-2017-2616.patch: Check process's exit status before
      sending signal
    - CVE-2017-2616
  * SECURITY UPDATE: getulong() function could accidentally parse negative
    numbers as large positive numbers.
    - debian/patches/CVE-2016-6252.patch: parse directly into unsigned long
    - CVE-2016-6252

 -- Seth Arnold <email address hidden>  Thu, 04 May 2017 01:00:25 -0700
Superseded in xenial-updates on 2017-05-17
Superseded in xenial-security on 2017-05-17
shadow (1:4.2-3.1ubuntu5.2) xenial-security; urgency=medium

  * SECURITY UPDATE: su could be used to kill arbitrary processes.
    - debian/patches/CVE-2017-2616.patch: Check process's exit status before
      sending signal
    - CVE-2017-2616
  * SECURITY UPDATE: getulong() function could accidentally parse negative
    numbers as large positive numbers.
    - debian/patches/CVE-2016-6252.patch: parse directly into unsigned long
    - CVE-2016-6252

 -- Seth Arnold <email address hidden>  Thu, 04 May 2017 01:00:19 -0700
Superseded in trusty-updates on 2017-05-17
Superseded in trusty-security on 2017-05-17
shadow (1:4.1.5.1-1ubuntu9.4) trusty-security; urgency=medium

  * SECURITY UPDATE: su could be used to kill arbitrary processes.
    - debian/patches/CVE-2017-2616.patch: Check process's exit status before
      sending signal
    - CVE-2017-2616
  * SECURITY UPDATE: su could be used to kill arbitrary processes.
    - debian/patches/reset-caught-on-sigtstp.patch: Check process's SIGTSTP
      status before sending signal. No CVE is currently assigned.
  * SECURITY UPDATE: getulong() function could accidentally parse negative
    numbers as large positive numbers.
    - debian/patches/CVE-2016-6252.patch: parse directly into unsigned long
    - CVE-2016-6252

 -- Seth Arnold <email address hidden>  Thu, 04 May 2017 01:00:09 -0700
Superseded in artful-release on 2017-05-31
Obsolete in zesty-release on 2018-06-22
Obsolete in yakkety-release on 2018-01-23
Deleted in yakkety-proposed on 2018-06-22 (Reason: moved to release)
shadow (1:4.2-3.2ubuntu1) yakkety; urgency=medium

  * Merge with Debian; remaining changes:
    - debian/passwd.upstart: Add an upstart job to clear locks on
      [shadow-]passwd/group.
    - debian/login.defs:
      + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
        handling does not only apply to "former (pre-PAM) uses".
      + Update documentation of UMASK: Explain that USERGROUPS_ENAB
        will modify this default for UPGs.
    - debian/{source_shadow.py,rules}: Add apport hook
    - Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
      /etc/update-motd.d/* scripts twice.
    - debian/patches/1010_extrausers.patch: Add support to passwd for
      libnss-extrausers
    - debian/patches/1011_extrausers_toggle.patch: extrausers support for
      useradd and groupadd
    - debian/patches/userns/subuids-nonlocal-users: Don't limit
      subuid/subgid support to local users.
  * Dropped changes, included in Debian:
    - Allow LXC devices (lxc/console, lxc/tty[1234]), used from precise on.
    - Add uidmap package based on upstream patches that introduce
      newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional
      updates on those to widen the default allocation to 65536 uids and gids
      and only assign ranges to non-system users.
    - debian/patches/1020_fix_user_busy_errors: Call sub_uid_close in all
      error cases.
  * Dropped changes, included upstream:
    - debian/patches/495_stdout-encrypted-password: chpasswd can report
      password hashes on stdout.
    - debian/patches/496_su_kill_process_group: Kill the child process group,
      rather than just the immediate child.
  * Fix pam_motd calls so that the second pam_motd is the noupdate one rather
    than the first, ensuring /run/motd.dynamic is always populated and shown
    on the first login after boot.  LP: #1368864.
  * Don't call 'pam_exec uname', a change adopted in Debian without
    coordination with the Debian PAM maintainer
  * Use dh_installinit now for installing the upstart job, as we no longer
    generate a dependency on upstart-job.
  * Include /etc/sub[ug]id in the list of files to clear locks for on boot.
    LP: #1304505
  * Add a systemd unit to go with the upstart job, so that lock clearing works
    on newer Ubuntu releases.
  * add support for "chfn --extrausers" (LP: #1495580)
  * debian/patches/1010_extrausers.patch:
    - Fix usermod to handle a readonly /etc gracefully (LP: #1562872)
  * debian/patches/1010_extrausers.patch:
    - Fix usermod to look in extrausers location for basic changes to a
      user's passwd info.  Fixes changing user's real name in Touch via
      AccountsService.  (Does not address updating groups yet, since that's
      less useful now, as we can't update any system groups.)
  * d/p/1021_no_subuids_for_system_users.patch: fix the not creating subuids
    for system users.  (LP: #1545884)
  * Replace debian/passwd.service with debian/passwd.tmpfile, systemd tmpfile
    handling has support for removing files for us on boot.  Thanks to
    Martin Pitt <email address hidden> for the hint.

Superseded in yakkety-release on 2016-09-20
Deleted in yakkety-proposed on 2016-09-21 (Reason: moved to release)
shadow (1:4.2-3.1ubuntu6) yakkety; urgency=medium

  * add support for "chfn --extrausers" (LP: #1495580)

 -- Michael Vogt <email address hidden>  Thu, 23 Jun 2016 08:02:00 +0200
Superseded in yakkety-release on 2016-06-23
Published in xenial-release on 2016-03-29
Deleted in xenial-proposed (Reason: moved to release)
shadow (1:4.2-3.1ubuntu5) xenial; urgency=medium

  * debian/patches/1010_extrausers.patch:
    - Fix usermod to handle a readonly /etc gracefully (LP: #1562872)

 -- Michael Terry <email address hidden>  Mon, 28 Mar 2016 09:44:23 -0400
Superseded in xenial-release on 2016-03-29
Deleted in xenial-proposed on 2016-03-30 (Reason: moved to release)
shadow (1:4.2-3.1ubuntu4) xenial; urgency=medium

  * debian/patches/1010_extrausers.patch:
    - Fix usermod to look in extrausers location for basic changes to a
      user's passwd info.  Fixes changing user's real name in Touch via
      AccountsService.  (Does not address updating groups yet, since that's
      less useful now, as we can't update any system groups.)

 -- Michael Terry <email address hidden>  Wed, 02 Mar 2016 15:01:19 -0500
Superseded in xenial-release on 2016-03-03
Deleted in xenial-proposed on 2016-03-05 (Reason: moved to release)
shadow (1:4.2-3.1ubuntu3) xenial; urgency=medium

  * d/p/1021_no_subuids_for_system_users.patch: fix the not creating subuids
    for system users.  (LP: #1545884)

 -- Serge Hallyn <email address hidden>  Wed, 17 Feb 2016 20:57:59 -0800
Superseded in xenial-release on 2016-02-18
Deleted in xenial-proposed on 2016-02-19 (Reason: moved to release)
shadow (1:4.2-3.1ubuntu2) xenial; urgency=medium

  * Replace debian/passwd.service with debian/passwd.tmpfile, systemd tmpfile
    handling has support for removing files for us on boot.  Thanks to
    Martin Pitt <email address hidden> for the hint.

 -- Steve Langasek <email address hidden>  Thu, 04 Feb 2016 14:01:27 -0800
Superseded in xenial-release on 2016-02-05
Deleted in xenial-proposed on 2016-02-06 (Reason: moved to release)
shadow (1:4.2-3.1ubuntu1) xenial; urgency=low

  * Merge from Debian unstable.
    - Includes pam_loginuid in login PAM config.  LP: #1067779.
    - Fixes typo in usermod -h output.  LP: #1348873.
  * Remaining changes:
    - debian/passwd.upstart: Add an upstart job to clear locks on
      [shadow-]passwd/group.
    - debian/login.defs:
      + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
        handling does not only apply to "former (pre-PAM) uses".
      + Update documentation of UMASK: Explain that USERGROUPS_ENAB
        will modify this default for UPGs.
    - debian/{source_shadow.py,rules}: Add apport hook
    - Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
      /etc/update-motd.d/* scripts twice.
    - debian/patches/1010_extrausers.patch: Add support to passwd for
      libnss-extrausers
    - debian/patches/1011_extrausers_toggle.patch: extrausers support for
      useradd and groupadd
    - debian/patches/userns/subuids-nonlocal-users: Don't limit
      subuid/subgid support to local users.
  * Dropped changes, included in Debian:
    - Allow LXC devices (lxc/console, lxc/tty[1234]), used from precise on.
    - Add uidmap package based on upstream patches that introduce
      newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional
      updates on those to widen the default allocation to 65536 uids and gids
      and only assign ranges to non-system users.
    - debian/patches/1020_fix_user_busy_errors: Call sub_uid_close in all
      error cases.
  * Dropped changes, included upstream:
    - debian/patches/495_stdout-encrypted-password: chpasswd can report
      password hashes on stdout.
    - debian/patches/496_su_kill_process_group: Kill the child process group,
      rather than just the immediate child.
  * Fix pam_motd calls so that the second pam_motd is the noupdate one rather
    than the first, ensuring /run/motd.dynamic is always populated and shown
    on the first login after boot.  LP: #1368864.
  * Don't call 'pam_exec uname', a change adopted in Debian without
    coordination with the Debian PAM maintainer
  * Use dh_installinit now for installing the upstart job, as we no longer
    generate a dependency on upstart-job.
  * Include /etc/sub[ug]id in the list of files to clear locks for on boot.
    LP: #1304505
  * Add a systemd unit to go with the upstart job, so that lock clearing works
    on newer Ubuntu releases.

Superseded in trusty-updates on 2017-05-05
Deleted in trusty-proposed on 2017-05-06 (Reason: moved to -updates)
shadow (1:4.1.5.1-1ubuntu9.2) trusty; urgency=medium

  * debian/control, debian/rules: re-enable libaudit support. (LP: #1478087)

 -- Mathieu Trudel-Lapierre <email address hidden>  Fri, 22 Jan 2016 11:21:57 -0500
Obsolete in vivid-updates on 2018-01-18
Deleted in vivid-proposed on 2018-01-19 (Reason: moved to -updates)
shadow (1:4.1.5.1-1.1ubuntu4.1) vivid; urgency=medium

  * debian/patches/userns/subuids-nonlocal-users: Don't limit
    subuid/subgid support to local users.  Closes LP: #1475749.

 -- Steve Langasek <email address hidden>  Mon, 20 Jul 2015 22:58:18 -0700
Superseded in xenial-release on 2016-02-03
Obsolete in wily-release on 2018-01-22
Deleted in wily-proposed on 2018-01-22 (Reason: moved to release)
shadow (1:4.1.5.1-1.1ubuntu7) wily; urgency=medium

  * debian/patches/userns/subuids-nonlocal-users: Don't limit
    subuid/subgid support to local users.  Closes LP: #1475749.

 -- Steve Langasek <email address hidden>  Mon, 20 Jul 2015 18:44:12 -0700
Obsolete in utopic-proposed on 2016-11-03
shadow (1:4.1.5.1-1.1ubuntu2.1) utopic; urgency=medium

  [ William Grant ]
  * debian/patches/1020_fix_user_busy_errors:
    - libmisc/user_busy.c: Call sub_uid_close in all error cases, otherwise
      code that later opens it as RW fails obscurely. (LP: #1342875)

 -- Steve Langasek <email address hidden>  Fri, 10 Jul 2015 13:17:44 -0700
Superseded in trusty-updates on 2016-02-04
Deleted in trusty-proposed on 2016-02-06 (Reason: moved to -updates)
shadow (1:4.1.5.1-1ubuntu9.1) trusty; urgency=medium

  [ William Grant ]
  * debian/patches/1020_fix_user_busy_errors:
    - libmisc/user_busy.c: Call sub_uid_close in all error cases, otherwise
      code that later opens it as RW fails obscurely. (LP: #1342875)

 -- Steve Langasek <email address hidden>  Fri, 10 Jul 2015 13:06:20 -0700
Superseded in wily-release on 2015-07-21
Deleted in wily-proposed on 2015-07-22 (Reason: moved to release)
shadow (1:4.1.5.1-1.1ubuntu6) wily; urgency=medium

  * extrausers support for useradd and groupadd (LP: #1323732)

 -- Sergio Schvezov <email address hidden>  Thu, 25 Jun 2015 15:26:55 -0300
Superseded in wily-release on 2015-07-02
Deleted in wily-proposed on 2015-07-04 (Reason: moved to release)
shadow (1:4.1.5.1-1.1ubuntu5) wily; urgency=medium

  * debian/rules: Re-enable audit support. (LP: #1414817)
  * debian/control: add libaudit-dev to Build-Depends.

 -- Mathieu Trudel-Lapierre <email address hidden>  Tue, 02 Jun 2015 10:46:18 -0400
Superseded in wily-release on 2015-06-02
Obsolete in vivid-release on 2018-01-18
Deleted in vivid-proposed on 2018-01-19 (Reason: moved to release)
shadow (1:4.1.5.1-1.1ubuntu4) vivid; urgency=medium

  * debian/patches/1020_fix_user_busy_errors:
    - libmisc/user_busy.c: Call sub_uid_close in all error cases, otherwise
      code that later opens it as RW fails obscurely. (LP: #1436937)
 -- William Grant <email address hidden>   Mon, 20 Apr 2015 18:41:47 +0100
Superseded in vivid-release on 2015-04-20
Deleted in vivid-proposed on 2015-04-22 (Reason: moved to release)
shadow (1:4.1.5.1-1.1ubuntu3) vivid; urgency=medium

  * No change rebuild to get debug symbols for all architectures.
 -- Brian Murray <email address hidden>   Tue, 02 Dec 2014 11:39:38 -0800
Superseded in vivid-release on 2014-12-02
Obsolete in utopic-release on 2016-11-03
Deleted in utopic-proposed on 2016-11-03 (Reason: moved to release)
shadow (1:4.1.5.1-1.1ubuntu2) utopic; urgency=medium

  * debian/patches/1010_extrausers.patch:
    - Add support to passwd for libnss-extrausers by falling back to the
      /var/lib/extrausers/ locations if it exists when updating
      passwd or shadow.
 -- Michael Terry <email address hidden>   Fri, 18 Jul 2014 10:00:44 -0400
Superseded in utopic-release on 2014-07-18
Deleted in utopic-proposed on 2014-07-19 (Reason: moved to release)
shadow (1:4.1.5.1-1.1ubuntu1) utopic; urgency=medium

  * Merge from Debian unstable.  Remaining changes:
     - debian/passwd.upstart: Add an upstrat job to clear locks on
       [shadow-]passwd/group. (LP: #523896).
     - Allow LXC devices (lxc/console, lxc/tty[1234]) that we'll start using
       in LXC with Precise.
     - debian/login.defs:
       + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
         handling does not only apply to "former (pre-PAM) uses".
       + Update documentation of UMASK: Explain that USERGROUPS_ENAB
         will modify this default for UPGs. (Closes: #583971)
     - debian/{source_shadow.py,rules}: Add apport hook
     - debian/patches/495_stdout-encrypted-password: chpasswd can report
       password hashes on stdout (Debian bug 505640).
     - Install upstart job by-hand, instead of using dh_installinit to avoid
       dependency on upstart-job.
     - Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
       /etc/update-motd.d/* scripts twice (LP: #1169558).
     - debian/patches/496_su_kill_process_group: Kill the child process group,
       rather than just the immediate child; this is needed now that su no
       longer starts a controlling terminal when not running an interactive
       shell (closes: #713979).
     - Add uidmap package based on upstream patches that introduce
       newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional
       updates on those to widen the default allocation to 65536 uids and gids
       and only assign ranges to non-system users.

Superseded in utopic-release on 2014-05-02
Published in trusty-release on 2014-02-17
Deleted in trusty-proposed (Reason: moved to release)
shadow (1:4.1.5.1-1ubuntu9) trusty; urgency=medium

  * Set our subuid and subgid range to 65536 uids by default.
  * Patch newusers to not add subuids and subgids to system users.
  * Patch useradd to not add subuids and subgids to system users and to
    regular users who don't fit between uid_min and uid_max.
    (This is needed due to adduser not passing --system...)
 -- Stephane Graber <email address hidden>   Sun, 16 Feb 2014 19:33:48 -0500
Superseded in trusty-release on 2014-02-17
Deleted in trusty-proposed on 2014-02-18 (Reason: moved to release)
shadow (1:4.1.5.1-1ubuntu8) trusty; urgency=medium

  * Fix postinst to create subuid and subgid when missing as those won't
    get created by usermod or any of the other tools.
 -- Stephane Graber <email address hidden>   Fri, 17 Jan 2014 16:15:13 -0500
Superseded in trusty-release on 2014-01-17
Deleted in trusty-proposed on 2014-01-19 (Reason: moved to release)
shadow (1:4.1.5.1-1ubuntu7) trusty; urgency=medium

  * Don't ship subuid/subgid as conffiles as that'll just cause problems
    on upgrades. Instead simply touch them if they're not already present.
 -- Stephane Graber <email address hidden>   Sun, 12 Jan 2014 12:59:46 -0500
Obsolete in raring-updates on 2015-04-24
Deleted in raring-proposed on 2015-04-27 (Reason: moved to -updates)
shadow (1:4.1.5.1-1ubuntu4.1) raring; urgency=low

  * debian/patches/496_su_kill_process_group: Kill the child process group,
    rather than just the immediate child; this is needed now that su no
    longer starts a controlling terminal when not running an interactive
    shell (closes: #713979, LP: #1205407).
 -- Colin Watson <email address hidden>   Fri, 26 Jul 2013 17:20:17 +0100
Superseded in trusty-release on 2014-01-12
Obsolete in saucy-release on 2015-04-24
Deleted in saucy-proposed on 2015-04-28 (Reason: moved to release)
shadow (1:4.1.5.1-1ubuntu6) saucy; urgency=low

  * debian/patches/496_su_kill_process_group: Kill the child process group,
    rather than just the immediate child; this is needed now that su no
    longer starts a controlling terminal when not running an interactive
    shell (closes: #713979).
 -- Colin Watson <email address hidden>   Fri, 26 Jul 2013 16:55:52 +0100
Superseded in saucy-release on 2013-07-26
Deleted in saucy-proposed on 2013-07-27 (Reason: moved to release)
shadow (1:4.1.5.1-1ubuntu5) saucy; urgency=low

  [ Serge Hallyn ]
  * debian/patches/userns: patches from Eric Biederman to enable use of
    subuids, plus some bugfix patches on top of them. (LP: #1192864)
  * passwd.install: add new manpages
  * debian/control, debian/uidmap.install: create new uidmap package
    containing the new setuid-root binaries newuidmap and newgidmap
  * debian/subuid, debian/rules: install a default /etc/subuid and /etc/subgid
  * debian/patches/userns/16_add-argument-sanity-checking.patch: address
    three sanity checking concerns brought up by sarnold at
    http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/2013-June/ \
    009752.html.
 -- Dmitrijs Ledkovs <email address hidden>   Fri, 28 Jun 2013 11:31:51 +0100
Superseded in saucy-release on 2013-06-28
Obsolete in raring-release on 2015-04-24
Deleted in raring-proposed on 2015-04-27 (Reason: moved to release)
shadow (1:4.1.5.1-1ubuntu4) raring; urgency=low

  * Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
    /etc/update-motd.d/* scripts twice (LP: #1169558).
 -- Colin Watson <email address hidden>   Thu, 18 Apr 2013 01:01:45 +0100
Superseded in raring-release on 2013-04-18
Deleted in raring-proposed on 2013-04-19 (Reason: moved to release)
shadow (1:4.1.5.1-1ubuntu3) raring; urgency=low

  * Install upstart job by-hand, instead of using dh_installinit to avoid
    dependency on upstart-job.
 -- Dmitrijs Ledkovs <email address hidden>   Mon, 18 Mar 2013 03:23:31 +0000
Superseded in raring-release on 2013-03-18
Deleted in raring-proposed on 2013-03-19 (Reason: moved to release)
shadow (1:4.1.5.1-1ubuntu2) raring; urgency=low

  * Revert build-dependency from gettext:any to gettext, now that gettext is
    Multi-Arch: foreign.
 -- Colin Watson <email address hidden>   Thu, 29 Nov 2012 15:27:11 +0000
Superseded in raring-proposed on 2012-11-29
shadow (1:4.1.5.1-1ubuntu1) raring; urgency=low

  * The "Yorkshire Blue" release.
  * Merge from Debian unstable.  Remaining changes:
     - debian/passwd.upstart: Add an upstrat job to clear locks on
       [shadow-]passwd/group. (LP: #523896).
     - Build-depend on gettext:any for cross-building support.
     - Allow LXC devices (lxc/console, lxc/tty[1234]) that we'll start using
       in LXC with Precise.
     - debian/login.defs:
       + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
         handling does not only apply to "former (pre-PAM) uses".
       + Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify
         this default for UPGs. (Closes: #583971)
     - debian/{source_shadow.py,rules}: Add apport hook
     - debian/patches/495_stdout-encrypted-password: chpasswd can report
       password hashes on stdout (Debian bug 505640).

  * Dropped changes, merged in Debian:
     - Fix case of ttyAMA0-3 devices and move them near the ttyAM0-15 ones;
       Debian #544184; fixes console on Vexpress boards (e.g. in QEMU).
     - use SHA512 by default for password crypt routine.
     - debian/rules: fix FTBFS from newer libtools
     - Mark passwd Multi-Arch: foreign.

Published in precise-updates on 2012-10-15
Deleted in precise-proposed (Reason: moved to -updates)
shadow (1:4.1.4.2+svn3283-3ubuntu5.1) precise-proposed; urgency=low

  * debian/passwd.upstart: Add an upstrat job to clear locks on
    [shadow-]passwd/group. (LP: #523896).
 -- Dmitrijs Ledkovs <email address hidden>   Fri, 31 Aug 2012 13:00:33 +0100
Superseded in raring-release on 2013-01-02
Obsolete in quantal-release on 2015-04-24
shadow (1:4.1.4.2+svn3283-3ubuntu7) quantal; urgency=low

  * debian/passwd.upstart: Add an upstrat job to clear locks on
    [shadow-]passwd/group. (LP: #523896).
 -- Dmitrijs Ledkovs <email address hidden>   Fri, 31 Aug 2012 13:00:33 +0100
Superseded in quantal-release on 2012-09-06
shadow (1:4.1.4.2+svn3283-3ubuntu6) quantal; urgency=low

  * debian/source_shadow.py: Fix compatibility with python3. Thanks Edward
    Donovan! (LP: #1013171)
 -- Martin Pitt <email address hidden>   Mon, 18 Jun 2012 15:09:54 +0200
Superseded in quantal-release on 2012-06-18
Published in precise-release on 2012-04-09
shadow (1:4.1.4.2+svn3283-3ubuntu5) precise; urgency=low

  * Build-depend on gettext:any for cross-building support.
 -- Colin Watson <email address hidden>   Mon, 09 Apr 2012 00:28:03 +0100
Superseded in precise-release on 2012-04-09
shadow (1:4.1.4.2+svn3283-3ubuntu4) precise; urgency=low

  * Allow LXC devices (lxc/console, lxc/tty[1234]) that we'll start using
    in LXC with Precise.
 -- Stephane Graber <email address hidden>   Fri, 10 Feb 2012 15:34:05 -0500
Superseded in precise-release on 2012-02-10
shadow (1:4.1.4.2+svn3283-3ubuntu3) precise; urgency=low

  * Fix case of ttyAMA0-3 devices and move them near the ttyAM0-15 ones;
    Debian #544184; fixes console on Vexpress boards (e.g. in QEMU).
 -- Loic Minier <email address hidden>   Wed, 30 Nov 2011 22:47:47 +0100
Superseded in precise-release on 2011-12-01
Obsolete in oneiric-release on 2015-04-24
shadow (1:4.1.4.2+svn3283-3ubuntu2) oneiric; urgency=low

  * debian/login.defs:
    - Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
      handling does not only apply to "former (pre-PAM) uses".
    - Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify
      this default for UPGs. (Closes: #583971)
 -- Martin Pitt <email address hidden>   Fri, 24 Jun 2011 11:07:34 +0200
Superseded in oneiric-release on 2011-06-24
Obsolete in natty-release on 2013-06-04
shadow (1:4.1.4.2+svn3283-3ubuntu1) natty; urgency=low

  * The "string cheese" release.
  * Merge from Debian unstable.  Remaining changes:
    - Ubuntu specific:
      + debian/login.defs: use SHA512 by default for password crypt routine.
    - debian/{source_shadow.py,rules}: Add apport hook
    - debian/rules: fix FTBFS from newer libtools
    - debian/patches/495_stdout-encrypted-password: chpasswd can report
      password hashes on stdout (Debian bug 505640).
  * Dropped changes, merged in Debian:
    - debian/patches/300_CVE-2011-0721: reject newlines in GECOS updates.
    - CVE-2011-0721
  * Mark passwd Multi-Arch: foreign, so packages that aren't of the same
    arch can depend on it.
 -- Steve Langasek <email address hidden>   Sun, 20 Feb 2011 15:59:15 -0800
Superseded in natty-release on 2011-02-21
shadow (1:4.1.4.2+svn3283-2ubuntu3) natty; urgency=low

  * SECURITY UPDATE: could inject NIS groups memberships into /etc/passwd.
    - debian/patches/300_CVE-2011-0721: reject newlines in GECOS updates.
    - CVE-2011-0721
 -- Kees Cook <email address hidden>   Tue, 15 Feb 2011 13:57:01 -0800
Obsolete in lucid-updates on 2016-10-26
Obsolete in lucid-security on 2016-10-26
shadow (1:4.1.4.2-1ubuntu2.2) lucid-security; urgency=low

  * SECURITY UPDATE: could inject NIS groups memberships into /etc/passwd.
    - debian/patches/900_locale_env_sanity: actually set locale environment
      variables correctly.
    - debian/patches/901_reject_newline: reject newlines in GECOS updates.
    - CVE-2011-0721
 -- Kees Cook <email address hidden>   Mon, 14 Feb 2011 13:42:29 -0800
Obsolete in karmic-updates on 2013-03-04
Obsolete in karmic-security on 2013-03-04
shadow (1:4.1.4.1-1ubuntu2.2) karmic-security; urgency=low

  * SECURITY UPDATE: could inject NIS groups memberships into /etc/passwd.
    - debian/patches/900_locale_env_sanity: actually set locale environment
      variables correctly.
    - debian/patches/901_reject_newline: reject newlines in GECOS updates.
    - CVE-2011-0721
 -- Kees Cook <email address hidden>   Mon, 14 Feb 2011 13:43:17 -0800
Obsolete in maverick-updates on 2013-03-05
Obsolete in maverick-security on 2013-03-05
shadow (1:4.1.4.2-1ubuntu3.2) maverick-security; urgency=low

  * SECURITY UPDATE: could inject NIS groups memberships into /etc/passwd.
    - debian/patches/900_locale_env_sanity: actually set locale environment
      variables correctly.
    - debian/patches/901_reject_newline: reject newlines in GECOS updates.
    - CVE-2011-0721
 -- Kees Cook <email address hidden>   Mon, 14 Feb 2011 13:37:48 -0800
Superseded in natty-release on 2011-02-15
shadow (1:4.1.4.2+svn3283-2ubuntu2) natty; urgency=low

  * debian/patches/495_stdout-encrypted-password: adjust patch for changes
    in src/chpasswd.c to fix FTBFS
 -- Oliver Grawert <email address hidden>   Tue, 04 Jan 2011 15:48:49 +0100
Superseded in natty-release on 2011-01-04
shadow (1:4.1.4.2+svn3283-2ubuntu1) natty; urgency=low

  * Merge from debian unstable.  Remaining changes:
    - Ubuntu specific:
      + debian/login.defs: use SHA512 by default for password crypt routine.
    - debian/{source_shadow.py,rules}: Add apport hook
    - debian/rules: fix FTBFS from newer libtools
    - debian/patches/495_stdout-encrypted-password: chpasswd can report
      password hashes on stdout (Debian bug 505640).
    - Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.

Superseded in natty-release on 2010-11-24
Obsolete in maverick-release on 2013-03-05
shadow (1:4.1.4.2-1ubuntu3) maverick; urgency=low

  * add ttyO0-3 to debian/securetty.linux, if OMAP kernels are built with
    TI's DMA-offloaded driver instead of the default 8250 one the serial tty's
    are called like that (LP: #512845).
 -- Oliver Grawert <email address hidden>   Tue, 31 Aug 2010 14:45:17 +0200
Superseded in maverick-release on 2010-09-03
Obsolete in lucid-release on 2016-10-26
shadow (1:4.1.4.2-1ubuntu2) lucid; urgency=low

  * debian/{source_shadow.py,rules}: Add apport hook
  * debian/rules: fix FTBFS from newer libtools
 -- Marc Deslauriers <email address hidden>   Tue, 26 Jan 2010 08:54:59 -0500
Superseded in lucid-release on 2010-01-26
shadow (1:4.1.4.2-1ubuntu1) lucid; urgency=low

  * Merged with debian unstable. Remaning changes (LP: #477299):
    - Ubuntu specific:
      + debian/login.defs: use SHA512 by default for password crypt routine.
    - debian/patches/495_stdout-encrypted-password: chpasswd can report
      password hashes on stdout (Debian bug 505640).
    - Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.

Superseded in lucid-release on 2009-11-11
Obsolete in karmic-release on 2013-03-04
shadow (1:4.1.4.1-1ubuntu2) karmic; urgency=low

  * debian/securetty.linux: also list ttyS2 and ttyS3; beagleboard uses ttyS2
    as serial port.

 -- Loic Minier <email address hidden>   Fri, 31 Jul 2009 15:34:56 +0200
Superseded in karmic-release on 2009-07-31
shadow (1:4.1.4.1-1ubuntu1) karmic; urgency=low

  * Resynchronise with Debian. Remaining changes:
    - Ubuntu specific:
      + debian/login.defs: use SHA512 by default for password crypt routine.
    - debian/patches/495_stdout-encrypted-password: chpasswd can report
      password hashes on stdout (Debian bug 505640).
  * Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.
    It's looking a bit ugly now ...

Superseded in karmic-release on 2009-06-03
shadow (1:4.1.3.1-1ubuntu1) karmic; urgency=low

  * Merge from debian unstable, remaining changes:
    - Ubuntu specific:
      + debian/login.defs: use SHA512 by default for password crypt routine.
    - debian/patches/stdout-encrypted-password.patch: chpasswd can report
      password hashes on stdout (debian bug 505640).
    - debian/login.pam: Enable SELinux support (debian bug 527106).
    - debian/securetty.linux: support Freescale MX-series (debian bug 527095).
  * Add debian/patches/300_lastlog_failure: fixed upstream (debian bug 524873).
  * Drop debian/patches/593_omit_lastchange_field_if_clock_is_misset: fixed
    upstream.

Superseded in karmic-release on 2009-05-05
Obsolete in jaunty-release on 2013-02-28
shadow (1:4.1.1-6ubuntu6) jaunty; urgency=low

  * debian/login.preinst: fix typo in grep (LP: #354887).

 -- Kees Cook <email address hidden>   Fri, 03 Apr 2009 22:12:07 -0700
Superseded in jaunty-release on 2009-04-04
shadow (1:4.1.1-6ubuntu5) jaunty; urgency=low

  * debian/login.preinst: add special-case handling to restore the
    original white-space in /etc/login.defs that is changed by
    system-tools-backends (LP: #316756).

 -- Kees Cook <email address hidden>   Fri, 03 Apr 2009 14:33:43 -0700
Superseded in jaunty-release on 2009-04-03
shadow (1:4.1.1-6ubuntu4) jaunty; urgency=low

  * debian/patches/593_omit_lastchange_field_if_clock_is_misset (LP: #349504)
    - If the system clock is set to Jan 01, 1970, and a new user is created
      the last changed field gets set to 0, which tells login that the
      password is expired and must be changed. During installation,
      this can cause autologin to fail. Having the clock set to 01/01/1970
      on a fresh install is common on the ARM architecture, so this is a high
      priority bug since its likely to affect most ARM users on first install

 -- Michael Casadevall <email address hidden>   Thu, 02 Apr 2009 14:05:31 -0400
Superseded in jaunty-release on 2009-04-03
Superseded in jaunty-release on 2009-03-19
shadow (1:4.1.1-6ubuntu3) jaunty; urgency=low

  [ Bryan McLellan ]
  * Don't do the vm-builder root password check on fresh installations
    (LP: #340841).

 -- Colin Watson <email address hidden>   Tue, 17 Mar 2009 13:32:55 +0000
Superseded in jaunty-release on 2009-03-17
shadow (1:4.1.1-6ubuntu2) jaunty; urgency=low

  * debian/securetty.linux (LP: #316841)
    - Updated securetty support for Freescale MX-series boards

 -- Michael Casadevall <email address hidden>   Tue, 13 Jan 2009 12:56:38 -0500
Superseded in jaunty-release on 2009-01-13
shadow (1:4.1.1-6ubuntu1) jaunty; urgency=low

  * Merge from debian unstable, remaining changes:
    - Ubuntu specific:
      + debian/login.pam: Enable SELinux support in login.pam.
      + debian/rules: regenerate autoconf to avoid libtool-caused FTBFS.
      + debian/login.defs: use SHA512 by default for password crypt routine.
      + debian/passwd.postinst: disable the root password for virtual
        machines created with vm-builder on Ubuntu 8.10.
    - debian/patches/stdout-encrypted-password.patch: allow chpasswd to
      report encrypted passwords to stdout for tools needing encrypted
      passwords (debian bug 505640).

175 of 112 results