[ubuntu/xenial-proposed] shadow 1:4.2-3.1ubuntu1 (Accepted)
Steve Langasek
steve.langasek at ubuntu.com
Tue Feb 2 04:41:14 UTC 2016
shadow (1:4.2-3.1ubuntu1) xenial; urgency=low
* Merge from Debian unstable.
- Includes pam_loginuid in login PAM config. LP: #1067779.
- Fixes typo in usermod -h output. LP: #1348873.
* Remaining changes:
- debian/passwd.upstart: Add an upstart job to clear locks on
[shadow-]passwd/group.
- debian/login.defs:
+ Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
handling does not only apply to "former (pre-PAM) uses".
+ Update documentation of UMASK: Explain that USERGROUPS_ENAB
will modify this default for UPGs.
- debian/{source_shadow.py,rules}: Add apport hook
- Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
/etc/update-motd.d/* scripts twice.
- debian/patches/1010_extrausers.patch: Add support to passwd for
libnss-extrausers
- debian/patches/1011_extrausers_toggle.patch: extrausers support for
useradd and groupadd
- debian/patches/userns/subuids-nonlocal-users: Don't limit
subuid/subgid support to local users.
* Dropped changes, included in Debian:
- Allow LXC devices (lxc/console, lxc/tty[1234]), used from precise on.
- Add uidmap package based on upstream patches that introduce
newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional
updates on those to widen the default allocation to 65536 uids and gids
and only assign ranges to non-system users.
- debian/patches/1020_fix_user_busy_errors: Call sub_uid_close in all
error cases.
* Dropped changes, included upstream:
- debian/patches/495_stdout-encrypted-password: chpasswd can report
password hashes on stdout.
- debian/patches/496_su_kill_process_group: Kill the child process group,
rather than just the immediate child.
* Fix pam_motd calls so that the second pam_motd is the noupdate one rather
than the first, ensuring /run/motd.dynamic is always populated and shown
on the first login after boot. LP: #1368864.
* Don't call 'pam_exec uname', a change adopted in Debian without
coordination with the Debian PAM maintainer
* Use dh_installinit now for installing the upstart job, as we no longer
generate a dependency on upstart-job.
* Include /etc/sub[ug]id in the list of files to clear locks for on boot.
LP: #1304505
* Add a systemd unit to go with the upstart job, so that lock clearing works
on newer Ubuntu releases.
shadow (1:4.2-3.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix error handling in busy user detection. (Closes: #778287)
shadow (1:4.2-3) unstable; urgency=low
* Enforce hardened builds to workaround cdbs sometimes not building
with hardening flags as in 1:4.2-2+b1
Thanks to Dr. Markus Waldeck for pointing the issue and Simon Ruderich
For providing a working patch.
shadow (1:4.2-2) unstable; urgency=low
* The "Soumaintrain" release
* The "Rigotte de Condrieu" release was 4.2-1
* Upload to unstable
* Last upload integrates the use of dh_autoreconf which has the same
effect then Eric Dorland's patch in 1:4.1.5.1-1.1 NMU to drop the
use of automake1.9. Closes: #724434
[ Samuel Thibault ]
* Enable the login package on hurd-any, but without /bin/login, still provided
by the hurd package. Closes: #737805.
This fix was accidentally forgotten in 1:4.2-1
[ Josh Triplett ]
* use the new pam_exec functionality from pam 1.1.8-1 to implement the
dynamic motd, rather than using /run/motd.dynamic from initscripts.
This will allow initscripts to drop /etc/init.d/motd.
Closes: #741129
[ Laurent Bigonville ]
* Enable libaudit support. Closes: #745774
[ Trần Ngọc Quân ]
* Vietnamese translation update.
[ Christian Perrier ]
* Add a lintian override for newuidmap and newgidmap setuid binaries
* Add upstream signing key as debian/upstream-signing-key.asc
* Check upstream signing key in debian/watch
shadow (1:4.2-1) experimental; urgency=low
[ Nicolas FRANCOIS (Nekral) ]
* New upstream release. Fixes:
- Invalid free() in su fixed by using strdup(). Thanks to Serge
Hallyn for the patch. Closes: #691459
- Kill the child process group, rather than just the
immediate child; this is needed now that su no
longer starts a controlling terminal when not running an
interactive shell. Thanks to Colin Watson for the patch.
Closes: #713979
- German manpages translation update. Closes: #679152
- Improve login.defs (typographic errors and better format).
Closes: #685415
- Russian translation update. Closes: #718356
- Do not assume random() is limited by RAND_MAX. Closes: #677275
- Support C libraries with unknown fields in struct passwd.
Closes: #675824
- su: child cleanup is performed before terminating PAM sessions. This
avoids anoying "...terminated" messages when PAM module send signal to
su during session close. Closes: #670132
- vipw/vigr is checking arguments provided after options. Closes: #677812
- Updated Japanese translation. Closes: #720004
- vipw: Fix error reporting when editor fails. Closes: #688260
* Moved to git: replace Vcs-Git in place of Vcs-Svn and adapt
Vcs-Browser.
* Add pam_loginuid to login PAM settings. Closes: #677441
* passwd.install: add new subuid.5 and subgid.5 manpages
* debian/rules, debian/control, debian/uidmap.install: create new uidmap
package containing the new setuid-root binaries newuidmap and newgidmap
Set uidmap as priority optional.
* debian/login.su.pam: Enable pam_limits by default. Closes: #705301
* debian/rules: Set default editor to sensible-editor for vipw.
Closes: #688252
[ Micah Anderson ]
* added debian/patches/userns to enable use of subuids, plus some bugfix
patches on top of them, patches from Eric Biederman, pulled from
Ubuntu. Closes: #739981
* Allow LXC devices (lxc/console, lxc/tty[1234]) in securetty.linux
* Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify
this default for UPGs. (Closes: #583971)
* login.postinst: install a default /etc/subuid and /etc/subgid
* fix installation of setuid/setgid/newuidmap/newgid/map man pages
[ Laurent Bigonville ]
* Switch to dpkg-source 3.0 (quilt) format
* Add build-dependency against bison
* Call dh-autoreconf since we need to regenerate all the autofoo files
[ Philippe Grégoire ]
* Fix 1000_configure_userns to avoid dropping a needed #endif
Closes: #744877
[ Christian Perrier ]
* Bump Standards to 3.9.5 (checked)
* Use 'set -e' in postinst scripts and not in thei shebang line
* Explicitly point to GPL-2 document in debian/copyright
Date: Thu, 28 Jan 2016 22:21:41 -0800
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/shadow/1:4.2-3.1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 28 Jan 2016 22:21:41 -0800
Source: shadow
Binary: passwd login uidmap
Architecture: source
Version: 1:4.2-3.1ubuntu1
Distribution: xenial
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Langasek <steve.langasek at ubuntu.com>
Description:
login - system login tools
passwd - change and administer password and group data
uidmap - programs to help use subuids
Closes: 583971 670132 675824 677275 677441 677812 679152 685415 688252 688260 691459 705301 713979 718356 720004 724434 737805 739981 741129 744877 745774 778287
Launchpad-Bugs-Fixed: 1067779 1304505 1348873 1368864
Changes:
shadow (1:4.2-3.1ubuntu1) xenial; urgency=low
.
* Merge from Debian unstable.
- Includes pam_loginuid in login PAM config. LP: #1067779.
- Fixes typo in usermod -h output. LP: #1348873.
* Remaining changes:
- debian/passwd.upstart: Add an upstart job to clear locks on
[shadow-]passwd/group.
- debian/login.defs:
+ Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
handling does not only apply to "former (pre-PAM) uses".
+ Update documentation of UMASK: Explain that USERGROUPS_ENAB
will modify this default for UPGs.
- debian/{source_shadow.py,rules}: Add apport hook
- Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
/etc/update-motd.d/* scripts twice.
- debian/patches/1010_extrausers.patch: Add support to passwd for
libnss-extrausers
- debian/patches/1011_extrausers_toggle.patch: extrausers support for
useradd and groupadd
- debian/patches/userns/subuids-nonlocal-users: Don't limit
subuid/subgid support to local users.
* Dropped changes, included in Debian:
- Allow LXC devices (lxc/console, lxc/tty[1234]), used from precise on.
- Add uidmap package based on upstream patches that introduce
newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional
updates on those to widen the default allocation to 65536 uids and gids
and only assign ranges to non-system users.
- debian/patches/1020_fix_user_busy_errors: Call sub_uid_close in all
error cases.
* Dropped changes, included upstream:
- debian/patches/495_stdout-encrypted-password: chpasswd can report
password hashes on stdout.
- debian/patches/496_su_kill_process_group: Kill the child process group,
rather than just the immediate child.
* Fix pam_motd calls so that the second pam_motd is the noupdate one rather
than the first, ensuring /run/motd.dynamic is always populated and shown
on the first login after boot. LP: #1368864.
* Don't call 'pam_exec uname', a change adopted in Debian without
coordination with the Debian PAM maintainer
* Use dh_installinit now for installing the upstart job, as we no longer
generate a dependency on upstart-job.
* Include /etc/sub[ug]id in the list of files to clear locks for on boot.
LP: #1304505
* Add a systemd unit to go with the upstart job, so that lock clearing works
on newer Ubuntu releases.
.
shadow (1:4.2-3.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix error handling in busy user detection. (Closes: #778287)
.
shadow (1:4.2-3) unstable; urgency=low
.
* Enforce hardened builds to workaround cdbs sometimes not building
with hardening flags as in 1:4.2-2+b1
Thanks to Dr. Markus Waldeck for pointing the issue and Simon Ruderich
For providing a working patch.
.
shadow (1:4.2-2) unstable; urgency=low
.
* The "Soumaintrain" release
* The "Rigotte de Condrieu" release was 4.2-1
* Upload to unstable
* Last upload integrates the use of dh_autoreconf which has the same
effect then Eric Dorland's patch in 1:4.1.5.1-1.1 NMU to drop the
use of automake1.9. Closes: #724434
.
[ Samuel Thibault ]
* Enable the login package on hurd-any, but without /bin/login, still provided
by the hurd package. Closes: #737805.
This fix was accidentally forgotten in 1:4.2-1
.
[ Josh Triplett ]
* use the new pam_exec functionality from pam 1.1.8-1 to implement the
dynamic motd, rather than using /run/motd.dynamic from initscripts.
This will allow initscripts to drop /etc/init.d/motd.
Closes: #741129
.
[ Laurent Bigonville ]
* Enable libaudit support. Closes: #745774
.
[ Trần Ngọc Quân ]
* Vietnamese translation update.
.
[ Christian Perrier ]
* Add a lintian override for newuidmap and newgidmap setuid binaries
* Add upstream signing key as debian/upstream-signing-key.asc
* Check upstream signing key in debian/watch
.
shadow (1:4.2-1) experimental; urgency=low
.
[ Nicolas FRANCOIS (Nekral) ]
* New upstream release. Fixes:
- Invalid free() in su fixed by using strdup(). Thanks to Serge
Hallyn for the patch. Closes: #691459
- Kill the child process group, rather than just the
immediate child; this is needed now that su no
longer starts a controlling terminal when not running an
interactive shell. Thanks to Colin Watson for the patch.
Closes: #713979
- German manpages translation update. Closes: #679152
- Improve login.defs (typographic errors and better format).
Closes: #685415
- Russian translation update. Closes: #718356
- Do not assume random() is limited by RAND_MAX. Closes: #677275
- Support C libraries with unknown fields in struct passwd.
Closes: #675824
- su: child cleanup is performed before terminating PAM sessions. This
avoids anoying "...terminated" messages when PAM module send signal to
su during session close. Closes: #670132
- vipw/vigr is checking arguments provided after options. Closes: #677812
- Updated Japanese translation. Closes: #720004
- vipw: Fix error reporting when editor fails. Closes: #688260
* Moved to git: replace Vcs-Git in place of Vcs-Svn and adapt
Vcs-Browser.
* Add pam_loginuid to login PAM settings. Closes: #677441
* passwd.install: add new subuid.5 and subgid.5 manpages
* debian/rules, debian/control, debian/uidmap.install: create new uidmap
package containing the new setuid-root binaries newuidmap and newgidmap
Set uidmap as priority optional.
* debian/login.su.pam: Enable pam_limits by default. Closes: #705301
* debian/rules: Set default editor to sensible-editor for vipw.
Closes: #688252
.
[ Micah Anderson ]
* added debian/patches/userns to enable use of subuids, plus some bugfix
patches on top of them, patches from Eric Biederman, pulled from
Ubuntu. Closes: #739981
* Allow LXC devices (lxc/console, lxc/tty[1234]) in securetty.linux
* Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify
this default for UPGs. (Closes: #583971)
* login.postinst: install a default /etc/subuid and /etc/subgid
* fix installation of setuid/setgid/newuidmap/newgid/map man pages
.
[ Laurent Bigonville ]
* Switch to dpkg-source 3.0 (quilt) format
* Add build-dependency against bison
* Call dh-autoreconf since we need to regenerate all the autofoo files
.
[ Philippe Grégoire ]
* Fix 1000_configure_userns to avoid dropping a needed #endif
Closes: #744877
.
[ Christian Perrier ]
* Bump Standards to 3.9.5 (checked)
* Use 'set -e' in postinst scripts and not in thei shebang line
* Explicitly point to GPL-2 document in debian/copyright
Checksums-Sha1:
a5cddc622fb443a52a54804a6f3e8abbc51f38c4 2458 shadow_4.2-3.1ubuntu1.dsc
77feddc823a42623462d3c3a9a49f2f6cf213ca9 1088696 shadow_4.2.orig.tar.xz
17435696ee1825400ef2580ab42ae5a7dafc12b2 503256 shadow_4.2-3.1ubuntu1.debian.tar.xz
Checksums-Sha256:
cadf56b663a73edb8af481f05db793c3d8a32453aad95c08dd3baa548c2b271f 2458 shadow_4.2-3.1ubuntu1.dsc
c5bd72c4ecb438b99289e4630b22ea0626987a378d084910dbe59eceaa34be1d 1088696 shadow_4.2.orig.tar.xz
adc4c09c7c130b87aa4eb8699795e893141d8cc8f6e2f429c1201deef1a294c1 503256 shadow_4.2-3.1ubuntu1.debian.tar.xz
Files:
2c22ab01815f4ba0e8fe04253969a0c9 2458 admin required shadow_4.2-3.1ubuntu1.dsc
912a5957c1471acccedbc2a635e36f5e 1088696 admin required shadow_4.2.orig.tar.xz
0e2c4d79d1bf1fa0cb8087c3e856eff6 503256 admin required shadow_4.2-3.1ubuntu1.debian.tar.xz
Original-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCgAGBQJWsDMvAAoJEFaNMPMhshM9rvEQALIHgqnRq3nk6lanarh8NmR5
G2qQu3hJ/Q9cEKBCz1yIrzQYe1Q9Knce/KFAio9RVRABmyQAAhqhym+kR+EuMMdE
i0jOfTrgHJ41JXUdfwdtQ9oPhPJ9/JTyImeRGsY+DsC2MMMcSBmkPnSSY95MSCCn
1c2jjRUdNPNAsFP5fTnD/PNdtnIkLDx2ML2zT0zYlMON76ewg0zwd5Pu8PIywBAj
ti+4vYnB6MSrVg977p4NLw5psL7CJNA1BRnb4x3AxdQwASiZLR1gwUxyB/MytNa0
2bhq2sqriNnst2mVOP4rbiAwryKDViMqSJ9U6UMEXm6OJ803x/K1hC/fPZyD9uI1
Tcp0vUqIBm8ujFzt+fBBQz3S9fjac53oWtT0HGohm/+iHMzl+/pznbGLj/MG/f/B
DcPPJHZnRzneouVNpoxK23jq44ofOwnpo2ByVdE8w9VGx9G8daqGJvBaENx46eTw
zzGXVK4fRVUeYyOy2fH5d2RqfoJXQaIcd1wPSWiI9RL51hO6AxAAYPzkSJCJgJZk
AP6ia61wcUmdtQ0V8JzESuQuhUZpcX8/KXS5eJNYLCZM6y2hFpvlaY++9QyNlds6
uCXN21IlZWPTXEUXGzPVC1cGrsnsPI/DolvFl4ZsXhjxDCH7CghNvMsbEdZYAA6H
zMEUb5Bg8IZffhqAeiXq
=Dc86
-----END PGP SIGNATURE-----
More information about the Xenial-changes
mailing list