[ubuntu/bionic-proposed] shadow 1:4.5-1ubuntu1 (Accepted)
Balint Reczey
rbalint at ubuntu.com
Mon Jan 29 02:02:19 UTC 2018
shadow (1:4.5-1ubuntu1) bionic; urgency=medium
* Merge with Debian; remaining changes:
- debian/login.defs:
+ Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
handling does not only apply to "former (pre-PAM) uses".
+ Update documentation of UMASK: Explain that USERGROUPS_ENAB
will modify this default for UPGs.
- debian/{source_shadow.py,rules}: Add apport hook
- debian/patches/1010_extrausers.patch: Add support to passwd for
libnss-extrausers
- debian/patches/1011_extrausers_toggle.patch: extrausers support for
useradd and groupadd
- debian/patches/1012_extrausers_chfn.patch: add support for
--extrausers to the chfn tool
- debian/passwd.maintscripts: Clean up upstart configuration
* Dropped changes, included in Debian:
- Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
/etc/update-motd.d/* scripts twice.
* Dropped changes, included upstream:
- debian/patches/userns/subuids-nonlocal-users: Don't limit
subuid/subgid support to local users.
- debian/patches/1021_no_subuids_for_system_users.patch
- debian/patches/CVE-2017-2616.patch: Check process's exit status before
sending signal
- debian/patches/CVE-2017-2616-regression.patch: Do not reset the
pid_child to 0 if the child process is still running.
- CVE-2017-2616
- debian/patches/CVE-2016-6252.patch: parse directly into unsigned long
- CVE-2016-6252
* Dropped obsoleted changes:
- debian/rules: setting DEB_*_INSTALLINIT_ARGS became obsolete after
switching to passwd.tmpfile from passwd.service
shadow (1:4.5-1) unstable; urgency=medium
* New upstream version 4.5
- Fix buffer overflow if NULL line is present in db (CVE-2017-12424)
(Closes: #756630)
- Make the sp_lstchg shadow field reproducible (Closes: #857803)
- Fix regression in useradd not loading defaults properly.
(Closes: #865762)
* Refresh patches
* Drop patches manipulating su argument concatenation:
* Cut redundant information from Debian-specific README files
* Revert adding pts/0 and pts/1 to securetty.
Adding pts/* defeats the purpose of securetty. Let containers add it if
needed as described in #830255.
* Use my @ubuntu.com email address in Maintainer field
shadow (1:4.4-4.1) unstable; urgency=high
* Non-maintainer upload.
* Reset pid_child only if waitpid was successful.
This is a regression fix for CVE-2017-2616. If su receives a signal like
SIGTERM, it is not propagated to the child. (Closes: #862806)
shadow (1:4.4-4) unstable; urgency=high
* su: properly clear child PID (CVE-2017-2616) (Closes: #855943)
shadow (1:4.4-3) unstable; urgency=medium
[ Balint Reczey ]
* Clean up stale locks on boot (Closes: #478771)
* Sync motd handling with sshd.
Using patch from Ubuntu (Closes: #757148)
[ Stéphane Graber ]
* Add missing /etc/{subgid|subuid} in postinst
shadow (1:4.4-2) unstable; urgency=medium
[ Balint Reczey ]
* Update homepage to new upstream
* Always use /bin/sh shell in the build (Closes: #817971)
* Replace user´s -> user's to make login.def file valid ASCII
(Closes: #850338)
* Update patch naming docmentation
* Fix typos in German man pages (Closes: #734609)
* Send 1000_configure_userns patch upstream
* Add call to pam_keyinit for login pam service.
This module is linux-any only, so copy what openssh has already done and
remove the call at build time for other architectures.
The call to this module is needed to have proper per-session kernel
keyring. (Closes: #734671)
* Add pts/0 and pts/1 to securetty (Closes: #830255)
* Add ttySAC* to securetty (Closes: #824391)
* Add ttySC[4-9] to securetty (Closes: #768020)
[ Laurent Bigonville ]
* Move pam_selinux open call higher in the session stack (Closes: #747313)
[ Christian Perrier ]
* Fix typos in login.pam (thanks to Jakub Wilk for reporting)
(Closes: #747115)
* Include groupmems(8) in the passwd package (Closes: #663117)
[ Frans Spiesschaert ]
* Dutch translation update (Closes: #772470)
[ Trần Ngọc Quân ]
* Update Vietnamese translation (Closes: #777107)
[ Miroslav Kuře ]
* Updated Czech translation. (Closes: #759113)
[ Holger Wansing ]
* Update for German man pages
[ Thomas Blein ]
* French manpage translation (Closes: #805182)
[ Lars Bahner ]
* Fix some spelling issues in the Norwegian translation (Closes: #800553)
shadow (1:4.4-1) unstable; urgency=medium
[ Christian Perrier ]
* Imported Upstream version 4.2
* Debian patch: Fix typo in su.1.xml
* Configure userns
* Vietnamese translation update
* French translation update (Closes: #725793)
* German translation update
* Update NEWS file
* Issue a warning if no manpages have been generated
* Regenerate PO files
* Regenerate manpages PO files
* Imported Upstream version 4.2.1
[ Serge Hallyn ]
* Import new upstream
* Patch changes:
- Update 501_commonio_group_shadow to work with upstream changes
- Update 1010_vietnamese_translation
- Drop userns patches which are now all upstream
[ Balint Reczey ]
* Update debian/watch to use GitHub releases
* Imported Upstream version 4.4
- Fix incorrect integer handling (CVE-2016-6252) (Closes: #832170)
* Disable Vietnamese translation patch because it does not apply cleanly
* Bump debhelper compat level to 10
* ACK NMU by Samuel Thibault dropping the patch which is integrated
upstream
* Stop build-depending on build-essential dpkg-dev
* Tag login package as essential properly
* Adopt the package under the Shadow Team's umbrella (Closes: #801707)
shadow (1:4.2-3.3) unstable; urgency=medium
* Non-maintainer upload.
* Apply upstream patch to fix build on hurd-i386. (Closes: #750480)
Date: Thu, 25 Jan 2018 16:09:22 +0100
Changed-By: Balint Reczey <rbalint at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/shadow/1:4.5-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 25 Jan 2018 16:09:22 +0100
Source: shadow
Binary: passwd login uidmap
Architecture: source
Version: 1:4.5-1ubuntu1
Distribution: bionic
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Balint Reczey <rbalint at ubuntu.com>
Description:
login - system login tools
passwd - change and administer password and group data
uidmap - programs to help use subuids
Closes: 478771 663117 725793 734609 734671 747115 747313 750480 756630 757148 759113 768020 772470 777107 800553 801707 805182 817971 824391 830255 832170 850338 855943 857803 862806 865762
Changes:
shadow (1:4.5-1ubuntu1) bionic; urgency=medium
.
* Merge with Debian; remaining changes:
- debian/login.defs:
+ Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
handling does not only apply to "former (pre-PAM) uses".
+ Update documentation of UMASK: Explain that USERGROUPS_ENAB
will modify this default for UPGs.
- debian/{source_shadow.py,rules}: Add apport hook
- debian/patches/1010_extrausers.patch: Add support to passwd for
libnss-extrausers
- debian/patches/1011_extrausers_toggle.patch: extrausers support for
useradd and groupadd
- debian/patches/1012_extrausers_chfn.patch: add support for
--extrausers to the chfn tool
- debian/passwd.maintscripts: Clean up upstart configuration
* Dropped changes, included in Debian:
- Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
/etc/update-motd.d/* scripts twice.
* Dropped changes, included upstream:
- debian/patches/userns/subuids-nonlocal-users: Don't limit
subuid/subgid support to local users.
- debian/patches/1021_no_subuids_for_system_users.patch
- debian/patches/CVE-2017-2616.patch: Check process's exit status before
sending signal
- debian/patches/CVE-2017-2616-regression.patch: Do not reset the
pid_child to 0 if the child process is still running.
- CVE-2017-2616
- debian/patches/CVE-2016-6252.patch: parse directly into unsigned long
- CVE-2016-6252
* Dropped obsoleted changes:
- debian/rules: setting DEB_*_INSTALLINIT_ARGS became obsolete after
switching to passwd.tmpfile from passwd.service
.
shadow (1:4.5-1) unstable; urgency=medium
.
* New upstream version 4.5
- Fix buffer overflow if NULL line is present in db (CVE-2017-12424)
(Closes: #756630)
- Make the sp_lstchg shadow field reproducible (Closes: #857803)
- Fix regression in useradd not loading defaults properly.
(Closes: #865762)
* Refresh patches
* Drop patches manipulating su argument concatenation:
* Cut redundant information from Debian-specific README files
* Revert adding pts/0 and pts/1 to securetty.
Adding pts/* defeats the purpose of securetty. Let containers add it if
needed as described in #830255.
* Use my @ubuntu.com email address in Maintainer field
.
shadow (1:4.4-4.1) unstable; urgency=high
.
* Non-maintainer upload.
* Reset pid_child only if waitpid was successful.
This is a regression fix for CVE-2017-2616. If su receives a signal like
SIGTERM, it is not propagated to the child. (Closes: #862806)
.
shadow (1:4.4-4) unstable; urgency=high
.
* su: properly clear child PID (CVE-2017-2616) (Closes: #855943)
.
shadow (1:4.4-3) unstable; urgency=medium
.
[ Balint Reczey ]
* Clean up stale locks on boot (Closes: #478771)
* Sync motd handling with sshd.
Using patch from Ubuntu (Closes: #757148)
.
[ Stéphane Graber ]
* Add missing /etc/{subgid|subuid} in postinst
.
shadow (1:4.4-2) unstable; urgency=medium
.
[ Balint Reczey ]
* Update homepage to new upstream
* Always use /bin/sh shell in the build (Closes: #817971)
* Replace user´s -> user's to make login.def file valid ASCII
(Closes: #850338)
* Update patch naming docmentation
* Fix typos in German man pages (Closes: #734609)
* Send 1000_configure_userns patch upstream
* Add call to pam_keyinit for login pam service.
This module is linux-any only, so copy what openssh has already done and
remove the call at build time for other architectures.
The call to this module is needed to have proper per-session kernel
keyring. (Closes: #734671)
* Add pts/0 and pts/1 to securetty (Closes: #830255)
* Add ttySAC* to securetty (Closes: #824391)
* Add ttySC[4-9] to securetty (Closes: #768020)
.
[ Laurent Bigonville ]
* Move pam_selinux open call higher in the session stack (Closes: #747313)
.
[ Christian Perrier ]
* Fix typos in login.pam (thanks to Jakub Wilk for reporting)
(Closes: #747115)
* Include groupmems(8) in the passwd package (Closes: #663117)
.
[ Frans Spiesschaert ]
* Dutch translation update (Closes: #772470)
.
[ Trần Ngọc Quân ]
* Update Vietnamese translation (Closes: #777107)
.
[ Miroslav Kuře ]
* Updated Czech translation. (Closes: #759113)
.
[ Holger Wansing ]
* Update for German man pages
.
[ Thomas Blein ]
* French manpage translation (Closes: #805182)
.
[ Lars Bahner ]
* Fix some spelling issues in the Norwegian translation (Closes: #800553)
.
shadow (1:4.4-1) unstable; urgency=medium
.
[ Christian Perrier ]
* Imported Upstream version 4.2
* Debian patch: Fix typo in su.1.xml
* Configure userns
* Vietnamese translation update
* French translation update (Closes: #725793)
* German translation update
* Update NEWS file
* Issue a warning if no manpages have been generated
* Regenerate PO files
* Regenerate manpages PO files
* Imported Upstream version 4.2.1
.
[ Serge Hallyn ]
* Import new upstream
* Patch changes:
- Update 501_commonio_group_shadow to work with upstream changes
- Update 1010_vietnamese_translation
- Drop userns patches which are now all upstream
.
[ Balint Reczey ]
* Update debian/watch to use GitHub releases
* Imported Upstream version 4.4
- Fix incorrect integer handling (CVE-2016-6252) (Closes: #832170)
* Disable Vietnamese translation patch because it does not apply cleanly
* Bump debhelper compat level to 10
* ACK NMU by Samuel Thibault dropping the patch which is integrated
upstream
* Stop build-depending on build-essential dpkg-dev
* Tag login package as essential properly
* Adopt the package under the Shadow Team's umbrella (Closes: #801707)
.
shadow (1:4.2-3.3) unstable; urgency=medium
.
* Non-maintainer upload.
* Apply upstream patch to fix build on hurd-i386. (Closes: #750480)
Checksums-Sha1:
ee92daa01e0e46c769131057efcd3e79f9c2ee23 2389 shadow_4.5-1ubuntu1.dsc
16f366e1b2bb7dbc53af91dbdd2d03e1702cf919 1344524 shadow_4.5.orig.tar.xz
0f4c12d2f9feee27e54e244412b668234dc30101 470524 shadow_4.5-1ubuntu1.debian.tar.xz
7147eac1081fb2000693a77295be3994cc8b1bdb 8023 shadow_4.5-1ubuntu1_source.buildinfo
Checksums-Sha256:
0b49e04e8e85866adec2196c299b393883f5cf40358bb92f5168cfa941de4dd0 2389 shadow_4.5-1ubuntu1.dsc
22b0952dc944b163e2370bb911b11ca275fc80ad024267cf21e496b28c23d500 1344524 shadow_4.5.orig.tar.xz
51e534983f0500229b51b3f3ccbee3b041e48d3ea6e5f64c914351a0e996dc05 470524 shadow_4.5-1ubuntu1.debian.tar.xz
b44864458fe59e913758882fbc53877ca86125bdfb4e2f49eac4f622de71ff1a 8023 shadow_4.5-1ubuntu1_source.buildinfo
Files:
237051d72a7c438836857feb7b255444 2389 admin required shadow_4.5-1ubuntu1.dsc
dc6263258eab3dbeb66c8687841ae4a9 1344524 admin required shadow_4.5.orig.tar.xz
f59436e49b34e7f3837a310559da0a38 470524 admin required shadow_4.5-1ubuntu1.debian.tar.xz
3b3e25deae69b2e9e024c29dd7fc5e61 8023 admin required shadow_4.5-1ubuntu1_source.buildinfo
Original-Maintainer: Shadow package maintainers <pkg-shadow-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIwBAEBCAAaBQJaboAlExxyYmFsaW50QHVidW50dS5jb20ACgkQ9mTSVrRpGn2v
VQ/+NmhewCI+k7q4fivC3H4WYVRZHXJWNhztJoe8wPH04J5FqMBYgTvn/oDm6hnb
SfXcyLIfQTjLBIsXvTPMSQWmU15jxUQ2zDE9P14iEfy8DWxO1Knz0us+BgEUStxz
oMOX2EQQ1+pYFAK03taZn0+7Frd63sPnJNcovQYHlZIyE9EavTM3lfwEENFTCgrQ
PBeIA5c9OpXXVFQPz7FCsUOnR5Od6D5+R8qBX/WtXN0YVEKDPu5kOS/OVth5CmC5
y5z05DHWSquOMbbpRudaSwXH4QUryhkiW8IYslVPv7IMRUDJYU3K+Tn6d+xAcvZn
5wcVH6gZtUmnlL47Dx5QBe74EY41gxrzwewklxKRwo3b7TlqSqfX48XZhAU2pYhz
bCP7l1DqtJFeEaF8eBlk0NF41lsA094TvW0vbTnYBHLINKPQZciIemzWyvGH7hzr
a1etf2iSrP5iSA2IcRyT2ltA3R5I+YMoBg12BqaT8r6u59pG/mvMPdjF/v69vt2l
L4sstswIK+Oo9nmwRlGNyt0C+WRdiw6ZLG9PTYbmZGEx49cMEkMZiDiKUSlBa5o1
H37X+q3nSuuGFv/wQNuHsPO0+SUlv57uSiwunj1scGveNZAk2Y2KlIYGqfhwdLmw
hb4i1SHwk6V7GK8ysTkF3WkXOnPIgfLk4Ii2b6wZdlzWFnE=
=l7su
-----END PGP SIGNATURE-----
More information about the Bionic-changes
mailing list