-
shadow (1:4.1.4.2+svn3283-3ubuntu1) natty; urgency=low
* The "string cheese" release.
* Merge from Debian unstable. Remaining changes:
- Ubuntu specific:
+ debian/login.defs: use SHA512 by default for password crypt routine.
- debian/{source_shadow.py,rules}: Add apport hook
- debian/rules: fix FTBFS from newer libtools
- debian/patches/495_stdout-encrypted-password: chpasswd can report
password hashes on stdout (Debian bug 505640).
* Dropped changes, merged in Debian:
- debian/patches/300_CVE-2011-0721: reject newlines in GECOS updates.
- CVE-2011-0721
* Mark passwd Multi-Arch: foreign, so packages that aren't of the same
arch can depend on it.
-- Steve Langasek <email address hidden> Sun, 20 Feb 2011 15:59:15 -0800
-
shadow (1:4.1.4.2+svn3283-2ubuntu3) natty; urgency=low
* SECURITY UPDATE: could inject NIS groups memberships into /etc/passwd.
- debian/patches/300_CVE-2011-0721: reject newlines in GECOS updates.
- CVE-2011-0721
-- Kees Cook <email address hidden> Tue, 15 Feb 2011 13:57:01 -0800
-
shadow (1:4.1.4.2+svn3283-2ubuntu2) natty; urgency=low
* debian/patches/495_stdout-encrypted-password: adjust patch for changes
in src/chpasswd.c to fix FTBFS
-- Oliver Grawert <email address hidden> Tue, 04 Jan 2011 15:48:49 +0100
-
shadow (1:4.1.4.2+svn3283-2ubuntu1) natty; urgency=low
* Merge from debian unstable. Remaining changes:
- Ubuntu specific:
+ debian/login.defs: use SHA512 by default for password crypt routine.
- debian/{source_shadow.py,rules}: Add apport hook
- debian/rules: fix FTBFS from newer libtools
- debian/patches/495_stdout-encrypted-password: chpasswd can report
password hashes on stdout (Debian bug 505640).
- Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.
shadow (1:4.1.4.2+svn3283-2) unstable; urgency=low
* The "Bleu du Vercors-Sassenage" release.
* Fix backup command line in cron.daily script. Closes: #596283
shadow (1:4.1.4.2+svn3283-1) unstable; urgency=low
* The "Bleu de Gex" release.
* New upstream unreleased version:
- Fix formatting of the login.defs.5 manpage. Closes: #542804
- Updated Czech translation. Closes: #548407
- Updated Vietnamese translation. Closes: #548065
- Remove patches applied upstream:
+ debian/patches/008_su_no_sanitize_env
+ debian/patches/483_su_fakelogin_wrong_arg0
- Updated patches:
+ debian/patches/523_su_arguments_are_no_more_concatenated_by_default
+ debian/patches/542_useradd-O_option
- Added support for dates already specified as a number of days since
Epoch in useradd, usermod and chage. Closes: #562221
- This also allows, in the chage interactive mode, to specify -1 as the
expiration date to disable it. Closes: #573018
- Fixed parsing of gshadow. This fix password support in newgrp.
Closes: #569899
- pwck and grpck stop sorting at the first line which begins with a '+'.
This will avoid messing up with NIS entries. Closes: #567836
- Fix interruption of su, newgrp, vipw with Ctrl-Z. Closes: 530231
- mail checking is no more mentioned in login(1) since it is done by PAM.
Closes: #470059
- The -e (and -c and -m) option was restored in chpasswd (which still uses
PAM by default). Closes: #539354
- Kazakh translation updated. Closes: #586994
- Fixed comma splice in chsh(1). Closes: #582166
* debian/securetty.kfreebsd: On GNU/kFreeBSD the serial devices have change
from /dev/cuuaX to /dev/ttydX in kernel 6.0. Closes: #544523
* debian/securetty.linux: Added support for embedded ARM AMBA PL011 ports
(e.g. emulated by QEMU). Closes: #544184
* debian/control: Removed Martin Quinson from the Uploaders, on his request.
* debian/login.defs: Improve documentation of USERGROUPS_ENAB.
Closes: #572687
* debian/rules: Added DEB_AUTO_UPDATE_LIBTOOL = pre. Closes: #560633
* debian/login.pam: return back to mostly "requisite" for the pam_securetty
PAM module, but ignore PAM_USER_UNKNOWN. This will avoid root from
entering a password, and will also avoid user enumeration attacks.
Mis-typed root login are not protected, only root can be blamed for
mis-typing and entering a password on an insecure line. Users willing to
protect against mis-typed root login can use "requisite", but will be
vulnerable to user enumeration attacks on insecure lines, and should use
pam 1.1.0-4 at least. Closes: #574082, #531341
* debian/passwd.cron.daily: Handle the backups of the user and group
databases so that it can be removed from the standard daily cron job.
Closes: #554170
* debian/login.defs: Updated description of UMASK (used by pam_umask).
* debian/securetty.linux: Reorganize and synchronize with
Documentation/devices.txt. This added a lot of TTYs, including the
ttyPZ0..3. Closes: #576203
* debian/rules, debian/man.insert, debian/man.insert.sed: Hack to avoid bug
507673, causing missing apostrophes in the manpages generated by
docbook-xsl (see debian bug 507673).
* debian/control: Standards-Version: bumped to 3.8.4. No changes.
* debian/passwd.lintian-overrides: Remove old entries relevant for
passwd.config.
* debian/control: Do not repeat the Section and Priority fields for the
binary packages.
* debian/rules: Disable new features: --without-acl --without-attr
--without-tcb
-- Oliver Grawert <email address hidden> Wed, 24 Nov 2010 13:42:42 +0100
-
shadow (1:4.1.4.2-1ubuntu3) maverick; urgency=low
* add ttyO0-3 to debian/securetty.linux, if OMAP kernels are built with
TI's DMA-offloaded driver instead of the default 8250 one the serial tty's
are called like that (LP: #512845).
-- Oliver Grawert <email address hidden> Tue, 31 Aug 2010 14:45:17 +0200
