[ubuntu/raring-proposed] shadow 1:4.1.5.1-1ubuntu1 (Accepted)
Dmitrijs Ledkovs
dmitrij.ledkov at ubuntu.com
Fri Nov 9 13:45:23 UTC 2012
shadow (1:4.1.5.1-1ubuntu1) raring; urgency=low
* The "Yorkshire Blue" release.
* Merge from Debian unstable. Remaining changes:
- debian/passwd.upstart: Add an upstrat job to clear locks on
[shadow-]passwd/group. (LP: #523896).
- Build-depend on gettext:any for cross-building support.
- Allow LXC devices (lxc/console, lxc/tty[1234]) that we'll start using
in LXC with Precise.
- debian/login.defs:
+ Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
handling does not only apply to "former (pre-PAM) uses".
+ Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify
this default for UPGs. (Closes: #583971)
- debian/{source_shadow.py,rules}: Add apport hook
- debian/patches/495_stdout-encrypted-password: chpasswd can report
password hashes on stdout (Debian bug 505640).
* Dropped changes, merged in Debian:
- Fix case of ttyAMA0-3 devices and move them near the ttyAM0-15 ones;
Debian #544184; fixes console on Vexpress boards (e.g. in QEMU).
- use SHA512 by default for password crypt routine.
- debian/rules: fix FTBFS from newer libtools
- Mark passwd Multi-Arch: foreign.
shadow (1:4.1.5.1-1) unstable; urgency=low
* The "Gruyère" release.
[ Nicolas FRANCOIS (Nekral) ]
* New upstream release:
- login: log into utmp(x) but not into wtmp (this is done by pam_lastlog).
Log to utmp(x) was broken by the fix for #605329. Closes: 659957
- userdel: Fix segfault when userdel removes the user's group.
Closes: #660406
- manpages: .so links point to paths relative to the top-level manual
hierarchy. Closes: #661025
- useradd(8): Return code 13 no more documented. Closes: #661802
* debian/patches/series, debian/patches/428_grpck_add_prune_option: Removed.
The -p option was not documented and was meant to fix consequences of a
bug now fixed more than 10 years ago.
* debian/shadowconfig.sh: Display issues, but dot not prompt interactively
to fix passwd/group/shadow/gshadow issues. Closes: #638263
* debian/control: Bump Standards-Version to 3.9.3 (no changes needed).
* debian/rules: Simplify setting of hardening flags. cdbs 0.4.103 needed to
get hardened version of shadow-utils. Restore previous requirement on
dpkg-dev to 1.13.5.
[ Christian Perrier ]
* Complete Polish translation of logoutd(8). Closes: #668880
* German translation of manpages completed. Closes: #673234
[ Roger Leigh ]
* Separation of static and dynamic motd components in login PAM module
Closes: #669698
shadow (1:4.1.5-1) unstable; urgency=low
* The "Charolais" release.
[ Nicolas FRANCOIS (Nekral) ]
* New upstream release:
- su: Fix possible tty hijacking by dropping the controlling terminal when
executing a command (CVE-2005-4890). Closes: #628843
- userdel: Check the existence of the user's mail spool before trying to
remove it. If it does not exist, a warning is issued, but no failure.
Closes: #617295
- userdel: Do not remove a group with the same name as the user
(usergroup) if this group isn't the user's primary group.
Closes: #584868
- su: Close the PAM session as root (fix issues with pam_mount and
pam_systemd). Closes: #580434
- Fix several typos in manpages. Thanks to Simon Brandmair.
Closes: #628776
- userdel error message has been clarified when the user is still
executing processes (it used to complain that the user is logged in).
Closes: #603315
- passwd(1) references chpasswd(8). Closes: #609117
- Spaces have been added between options and arguments in the Russian
manpages. Closes: #606159
- Fix handling of numerical dates in usermod -e. Closes: #621810
- usermod: When the shadow file exists but there are no shadow entries, an
entry is created if the password is changed and passwd requires a shadow
entry, or if aging features are used (-e or -f). Closes: 632461
- Added diagnosis for lock failures. Closes: #616167
- grpck/pwck: NIS entries were dropped by -s (sort). Closes: #622765
- login does not log into utmp(x) and wtmp. This is already done by
pam_lastlog. Closes: #605329
- groupmod: document that /etc/passwd can be modified by groupmod -g.
Closes: #647308
- Updated patches
+ debian/patches/008_login_log_failure_in_FTMP
+ debian/patches/401_cppw_src.dpatch
+ debian/patches/402_cppw_selinux
+ debian/patches/428_grpck_add_prune_option
+ debian/patches/429_login_FAILLOG_ENAB
+ debian/patches/463_login_delay_obeys_to_PAM
+ debian/patches/501_commonio_group_shadow
+ debian/patches/505_useradd_recommend_adduser
+ debian/patches/506_relaxed_usernames
+ debian/patches/508_nologin_in_usr_sbin
+ debian/patches/523_su_arguments_are_concatenated
+ debian/patches/523_su_arguments_are_no_more_concatenated_by_default
+ debian/patches/542_useradd-O_option
+ debian/patches/900_testsuite_groupmems
- debian/patches/008_su_get_PAM_username: Removed, feature supported
upstream.
- debian/patches/300_CVE-2011-0721: Removed, applied upstream.
- Upstream translation updates from Debian BTS:
+ Brazilian Portuguese. Closes: #622834
+ Catalan. Closes: #627526, #657763
+ Danish. Closes: #621330, #657514
+ German. Closes: #622908, #656503
+ French. Closes: #623608, #657621
+ Japanese. Closes: #620978
+ Kazakh. Closes: #620930
+ Portuguese. Closes: #623722, #656686
+ Russian. Closes: #622106, #655194
+ Spanish (Closes: #630618)
+ Swedish. Closes: #621126
+ Simplified Chinese. Closes: #655858
- Upstream manpages translation updates from Debian BTS:
+ French. Closes: #630250, #657622
+ German. Closes: #628777
+ Simplified Chinese. Closes: #602264, #655858
+ Danish added. Closes: #657516
+ Russian. Closes: #657710
* debian/control: mark passwd as 'Multi-Arch: foreign'. Closes: #614321
* debian/securetty.linux: Add IBM pSeries console ports. Closes: #597661
* debian/securetty.linux: Add serial Console for MIPS Swarm.
(http://lists.debian.org/debian-release/2011/02/msg00320.html)
* debian/securetty.linux: Add s390/s390x ports ttysclp0. Closes: #647469
* debian/securetty.linux: Fixed typo: ttyama -> ttyAMA. Closes: #544184
* debian/rules, debian/man.insert, debian/man.insert.sed: Bug #507673 has
been closed. It is no more needed to patch the generated manpages. This
also fix failures to build twice is a row. Closes: #636047
* debian/patches/401_cppw_src.dpatch: Replace progname by Prog. Rename
create_backup_file to create_copy. The lock functions do not set errno.
Do not report the error string on cppwexit.
* debian/patches/401_cppw_src.dpatch, debian/patches/402_cppw_selinux:
Synchronize with coding style.
* debian/patches/401_cppw_src.dpatch: Detect as well too many and too
few arguments.
* debian/patches/506_relaxed_usernames: Really check if the user/group
name starts with a dash. Also forbid names starting with '+' or '~'.
Document the naming policy in useradd.8 / groupadd.8.
* debian/patches/506_relaxed_usernames: Also forbid names containing a
comma.
* debian/patches/901_testsuite_gcov: Do not revert the locale when testing
with gcov to avoid coverage false negatives. This does not impact the
debian binary package, only the test package.
* debian/control: Add Build-Depends on libsemanage1-dev [linux-any]
* debian/rules: Do not hard-code CFLAGS and LDFLAGS. Build with all
hardening flags set. Closes: #657010
* debian/control: depends on dpkg-dev (>= 1.16.1~) for including
/usr/share/dpkg/buildflags.mk
* debian/control: Standards-Version: bumped to 3.9.2. No changes.
* debian/login.defs: Set the default encryption method to SHA512.
Closes: #657717
[ Christian Perrier ]
* Use "linux-any" instead of a negated list of architectures in
Build-Depends. Closes: #634465
Date: Tue, 23 Oct 2012 09:59:19 +0100
Changed-By: Dmitrijs Ledkovs <dmitrij.ledkov at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/raring/+source/shadow/1:4.1.5.1-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 23 Oct 2012 09:59:19 +0100
Source: shadow
Binary: passwd login
Architecture: source
Version: 1:4.1.5.1-1ubuntu1
Distribution: raring
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Dmitrijs Ledkovs <dmitrij.ledkov at ubuntu.com>
Description:
login - system login tools
passwd - change and administer password and group data
Closes: 544184 580434 583971 584868 597661 602264 603315 605329 606159 609117 614321 616167 617295 620930 620978 621126 621330 621810 622106 622765 622834 622908 623608 623722 627526 628776 628777 628843 630250 630618 632461 634465 636047 638263 647308 647469 655194 655858 656503 656686 657010 657514 657516 657621 657622 657710 657717 657763 659957 660406 661025 661802 668880 669698 673234
Launchpad-Bugs-Fixed: 523896
Changes:
shadow (1:4.1.5.1-1ubuntu1) raring; urgency=low
.
* The "Yorkshire Blue" release.
* Merge from Debian unstable. Remaining changes:
- debian/passwd.upstart: Add an upstrat job to clear locks on
[shadow-]passwd/group. (LP: #523896).
- Build-depend on gettext:any for cross-building support.
- Allow LXC devices (lxc/console, lxc/tty[1234]) that we'll start using
in LXC with Precise.
- debian/login.defs:
+ Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
handling does not only apply to "former (pre-PAM) uses".
+ Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify
this default for UPGs. (Closes: #583971)
- debian/{source_shadow.py,rules}: Add apport hook
- debian/patches/495_stdout-encrypted-password: chpasswd can report
password hashes on stdout (Debian bug 505640).
.
* Dropped changes, merged in Debian:
- Fix case of ttyAMA0-3 devices and move them near the ttyAM0-15 ones;
Debian #544184; fixes console on Vexpress boards (e.g. in QEMU).
- use SHA512 by default for password crypt routine.
- debian/rules: fix FTBFS from newer libtools
- Mark passwd Multi-Arch: foreign.
.
shadow (1:4.1.5.1-1) unstable; urgency=low
.
* The "Gruyère" release.
.
[ Nicolas FRANCOIS (Nekral) ]
* New upstream release:
- login: log into utmp(x) but not into wtmp (this is done by pam_lastlog).
Log to utmp(x) was broken by the fix for #605329. Closes: 659957
- userdel: Fix segfault when userdel removes the user's group.
Closes: #660406
- manpages: .so links point to paths relative to the top-level manual
hierarchy. Closes: #661025
- useradd(8): Return code 13 no more documented. Closes: #661802
* debian/patches/series, debian/patches/428_grpck_add_prune_option: Removed.
The -p option was not documented and was meant to fix consequences of a
bug now fixed more than 10 years ago.
* debian/shadowconfig.sh: Display issues, but dot not prompt interactively
to fix passwd/group/shadow/gshadow issues. Closes: #638263
* debian/control: Bump Standards-Version to 3.9.3 (no changes needed).
* debian/rules: Simplify setting of hardening flags. cdbs 0.4.103 needed to
get hardened version of shadow-utils. Restore previous requirement on
dpkg-dev to 1.13.5.
.
[ Christian Perrier ]
* Complete Polish translation of logoutd(8). Closes: #668880
* German translation of manpages completed. Closes: #673234
.
[ Roger Leigh ]
* Separation of static and dynamic motd components in login PAM module
Closes: #669698
.
shadow (1:4.1.5-1) unstable; urgency=low
.
* The "Charolais" release.
.
[ Nicolas FRANCOIS (Nekral) ]
* New upstream release:
- su: Fix possible tty hijacking by dropping the controlling terminal when
executing a command (CVE-2005-4890). Closes: #628843
- userdel: Check the existence of the user's mail spool before trying to
remove it. If it does not exist, a warning is issued, but no failure.
Closes: #617295
- userdel: Do not remove a group with the same name as the user
(usergroup) if this group isn't the user's primary group.
Closes: #584868
- su: Close the PAM session as root (fix issues with pam_mount and
pam_systemd). Closes: #580434
- Fix several typos in manpages. Thanks to Simon Brandmair.
Closes: #628776
- userdel error message has been clarified when the user is still
executing processes (it used to complain that the user is logged in).
Closes: #603315
- passwd(1) references chpasswd(8). Closes: #609117
- Spaces have been added between options and arguments in the Russian
manpages. Closes: #606159
- Fix handling of numerical dates in usermod -e. Closes: #621810
- usermod: When the shadow file exists but there are no shadow entries, an
entry is created if the password is changed and passwd requires a shadow
entry, or if aging features are used (-e or -f). Closes: 632461
- Added diagnosis for lock failures. Closes: #616167
- grpck/pwck: NIS entries were dropped by -s (sort). Closes: #622765
- login does not log into utmp(x) and wtmp. This is already done by
pam_lastlog. Closes: #605329
- groupmod: document that /etc/passwd can be modified by groupmod -g.
Closes: #647308
- Updated patches
+ debian/patches/008_login_log_failure_in_FTMP
+ debian/patches/401_cppw_src.dpatch
+ debian/patches/402_cppw_selinux
+ debian/patches/428_grpck_add_prune_option
+ debian/patches/429_login_FAILLOG_ENAB
+ debian/patches/463_login_delay_obeys_to_PAM
+ debian/patches/501_commonio_group_shadow
+ debian/patches/505_useradd_recommend_adduser
+ debian/patches/506_relaxed_usernames
+ debian/patches/508_nologin_in_usr_sbin
+ debian/patches/523_su_arguments_are_concatenated
+ debian/patches/523_su_arguments_are_no_more_concatenated_by_default
+ debian/patches/542_useradd-O_option
+ debian/patches/900_testsuite_groupmems
- debian/patches/008_su_get_PAM_username: Removed, feature supported
upstream.
- debian/patches/300_CVE-2011-0721: Removed, applied upstream.
- Upstream translation updates from Debian BTS:
+ Brazilian Portuguese. Closes: #622834
+ Catalan. Closes: #627526, #657763
+ Danish. Closes: #621330, #657514
+ German. Closes: #622908, #656503
+ French. Closes: #623608, #657621
+ Japanese. Closes: #620978
+ Kazakh. Closes: #620930
+ Portuguese. Closes: #623722, #656686
+ Russian. Closes: #622106, #655194
+ Spanish (Closes: #630618)
+ Swedish. Closes: #621126
+ Simplified Chinese. Closes: #655858
- Upstream manpages translation updates from Debian BTS:
+ French. Closes: #630250, #657622
+ German. Closes: #628777
+ Simplified Chinese. Closes: #602264, #655858
+ Danish added. Closes: #657516
+ Russian. Closes: #657710
* debian/control: mark passwd as 'Multi-Arch: foreign'. Closes: #614321
* debian/securetty.linux: Add IBM pSeries console ports. Closes: #597661
* debian/securetty.linux: Add serial Console for MIPS Swarm.
(http://lists.debian.org/debian-release/2011/02/msg00320.html)
* debian/securetty.linux: Add s390/s390x ports ttysclp0. Closes: #647469
* debian/securetty.linux: Fixed typo: ttyama -> ttyAMA. Closes: #544184
* debian/rules, debian/man.insert, debian/man.insert.sed: Bug #507673 has
been closed. It is no more needed to patch the generated manpages. This
also fix failures to build twice is a row. Closes: #636047
* debian/patches/401_cppw_src.dpatch: Replace progname by Prog. Rename
create_backup_file to create_copy. The lock functions do not set errno.
Do not report the error string on cppwexit.
* debian/patches/401_cppw_src.dpatch, debian/patches/402_cppw_selinux:
Synchronize with coding style.
* debian/patches/401_cppw_src.dpatch: Detect as well too many and too
few arguments.
* debian/patches/506_relaxed_usernames: Really check if the user/group
name starts with a dash. Also forbid names starting with '+' or '~'.
Document the naming policy in useradd.8 / groupadd.8.
* debian/patches/506_relaxed_usernames: Also forbid names containing a
comma.
* debian/patches/901_testsuite_gcov: Do not revert the locale when testing
with gcov to avoid coverage false negatives. This does not impact the
debian binary package, only the test package.
* debian/control: Add Build-Depends on libsemanage1-dev [linux-any]
* debian/rules: Do not hard-code CFLAGS and LDFLAGS. Build with all
hardening flags set. Closes: #657010
* debian/control: depends on dpkg-dev (>= 1.16.1~) for including
/usr/share/dpkg/buildflags.mk
* debian/control: Standards-Version: bumped to 3.9.2. No changes.
* debian/login.defs: Set the default encryption method to SHA512.
Closes: #657717
.
[ Christian Perrier ]
* Use "linux-any" instead of a negated list of architectures in
Build-Depends. Closes: #634465
Checksums-Sha1:
31b8827a05dfe782fcd2634ace4781d5260ceb53 2335 shadow_4.1.5.1-1ubuntu1.dsc
6e4de75de58405d21b0377b926ae770afccd95bc 3508077 shadow_4.1.5.1.orig.tar.gz
8fdb79861a4d30db5d2d6d4c8e6060e09f180656 86043 shadow_4.1.5.1-1ubuntu1.diff.gz
Checksums-Sha256:
59bad15db6ec7ee8d9b37ad8037c3098ff9e485ccaaa345fbe18e6fd656f788c 2335 shadow_4.1.5.1-1ubuntu1.dsc
ee1986c5fec9f6e7868bcc5329874a72dec74897b598d86eb0532f79471f32f0 3508077 shadow_4.1.5.1.orig.tar.gz
9047a57edd99cab8c98729a3bea0aa8dfeabce62d07919ba7f228721d90eedd4 86043 shadow_4.1.5.1-1ubuntu1.diff.gz
Files:
1be5776fdf466c3b4434d217c1e68ca9 2335 admin required shadow_4.1.5.1-1ubuntu1.dsc
ae66de9953f840fb3a97f6148bc39a30 3508077 admin required shadow_4.1.5.1.orig.tar.gz
d41af90086fb4e7d9999c80b8673cf94 86043 admin required shadow_4.1.5.1-1ubuntu1.diff.gz
Original-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJQnQhvAAoJEIh7YGGLPBau7vcP/jbU5dJmziOvSLqOQSJwbFlb
U442oOrHestfRp+8xBQhyx1zVjY0qJEWd+UZ9k0mx9rVb17f8yxyzHYf+P7UwLcb
olpgnq/reRrcWkAIX5d9ll3vsXv8hsUNpSCCZnbSrJtM1VSaO+H0B+NU586rnBAJ
uwRd8VL2OEmuvI7U/AVIZV1Ar8W4o1irdPzGgsXq9LhS1FmMdSMpg8k1upjzELur
fciz6EdBYU9IEavyvgTL6Ai5yWFV/FXV52diLLRjBmPZjZPdHWcbOmc/XczPtACQ
1ACjUqrfQabKVR9+W0ElTVvaj14akrTR8Efv9njuTwJR6zH3O1gmP1d//DBd/AiX
fhVvsipsDtsc0UXTL/LcZkg2xP2pfzVWg/GiWzbxoDqbGdaDfkAxKH7vtx5lFdpd
sYBb8+aBn/6DGFpauH1A7F6xdezcKedIXiNCYI5Hqt2vORInT86Salrw1tCUCV1Z
60o1r46IHo7s4Gc8DFZniooshveHurrwfoRKGUISSIzE4UPbbiyoLuq8thfEvfjp
+KUHA4dwtz8fUYdw+hmDQrMts4mqGughpmc+cJhI7Fxn74c7QBdt4F/Bwi+kryn2
j7Srihv6fZc8z4xAt9HT9Z1KmlajdhApWOwC621cMVSy48Orm4SbAACPab2e0235
2K4yMV6C+uZJ24vyq+my
=crvj
-----END PGP SIGNATURE-----
More information about the Raring-changes
mailing list