shadow (20000902-12woody1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Adjusted password check to fix authentication bypass [debian/patches/036_CAN-2004-1001_passwd_check] -- Martin Schulze Tue, 2 Nov 2004 19:00:19 +0100 shadow (20000902-12) unstable; urgency=high * "oops" * /etc/login.defs: /var/spool/mail -> /var/mail, closes: #125311 -- Karl Ramm Sun, 7 Apr 2002 11:54:48 -0400 shadow (20000902-11) unstable; urgency=low * Fix some nits: * remove changelog~ file. oops. closes: #139711 * fix typo in control. closes: #139564 * Hmmm. People open more bugs when I upload new versions of things. Maybe they just notice them more then, or maybe it's just Murphy. -- K. Ramm Tue, 26 Mar 2002 12:14:33 -0500 shadow (20000902-10) unstable; urgency=low * We hates the automake. We hates it forever. closes: #139293 * stupid ommision: logoutd still in postinst. closes: #139422 * make login.defs a bit clearer. closes: #138809 -- Karl Ramm Fri, 22 Mar 2002 12:09:07 -0500 shadow (20000902-9) unstable; urgency=medium * Get rid of logoutd, it doesn't work, didn't work in potato, and now it's causing people to open RC bugs. closes: #138259, #66153, #121940 I'm told the timeoutd package does a better job anyway. * add /bin/tcsh to /etc/shells, closes: #118103, #122112 * add /bin/ksh to /etc/shells, closes: #123556 * remove text about password aging from passwd(5), closes: #137493 * spanish debconf template for passwd, closes: #136463 * document the fact that you can not have a valid password in /etc/shadow. closes: #131690 * /etc/login.defs: /var/spool/mail -> /var/mail, closes: #125311 * fix locations of utmp and wtmp in login(1), closes: #119656 * The package description for passwd refers to README.Debian.gz but only README.debian.gz actually exists. Most packages use README.Debian.gz, but the control file is the only place that gets it wrong for this package. When in doubt, fix the documentation. :-) closes: #116955 -- Karl Ramm Thu, 14 Mar 2002 17:05:56 -0500 shadow (20000902-8) unstable; urgency=low * check in passwd.expire.cron for already-expired passwords; closes: #102319 * note in chage.1 and shadowconfig.8 that password aging information only works when shadow passwords are enabled. closes: #103702 * enable changing the name in chfn by default. closes: #107819 * fail to mangle files in lib/commonio.c, thanks to matt@linuxbox.nu * add /dev/console to the secure ttys list. because. closes: #113949 * find the FHS mail spool first in configure. closes: #114951 (thanks to mjb@debian.org) * above sadly causes automake to go bonkers, and I don't want to reassemble the build system before woody is released. Keep automake from going off on its own. * terminate argument validation in login when it hits a '--'. closes: #66368 -- Karl Ramm Mon, 22 Oct 2001 11:17:35 -0400 shadow (20000902-7) unstable; urgency=low * the "I'm sorry, I should've done this earlier" release * Cancel login timeout after authentication so that patient people timing out on network directory services can log in with local accounts. Closes: #107148 * Add Brazillian Portugese debconf template translation for passwd. Closes: #105292, #93223 * Pull /usr/share/doc/$package/README.shadow-paper.gz. Closes: #98058 * Use getent instead of group to verify existence of shadow group [works better for distributed group files]. Closes: #99902 [Note that this sort of problem is rampant in these postinst and config scripts, but that's not getting fixed in woody.] * Amend reference to /usr/doc in shadowconfig.8. Closes: #102804 * su should set $USER. Closes: #102995 * userdel now deletes user groups from /etc/gshdow as well as /etc/group. Closes: #99442 * grpck now has an (otherwise undocumented) -p option, so that shadowconfig can clean up the results of the above, so the config script will fail randomly less often. Closes: #103385 -- Karl Ramm Wed, 22 Aug 2001 12:09:27 -0400 shadow (20000902-6.1) unstable; urgency=low * Non-maintainer upload. * Upgrade to latest config.sub and config.guess. Closes: #88547 -- Gerhard Tonn Fri, 1 Jun 2001 20:38:43 +0200 shadow (20000902-6) unstable; urgency=medium * actually set root's password when appropriate patch thanks to joeyh, closes #98402 * fix error in expiry man page. Such damage. closes: #99291 * fix group of setgid program chage and expiry, closes: #98122 -- Karl Ramm Thu, 31 May 2001 07:38:59 -0400 shadow (20000902-5) unstable; urgency=low * add build dependency on file, to keep libtool happy. closes: #97498 -- Karl Ramm Wed, 16 May 2001 06:57:23 -0400 shadow (20000902-4) unstable; urgency=low * Change maintainers, closes: #92355 -- Karl Ramm Sun, 13 May 2001 03:28:07 -0400 shadow (20000902-3.1) unstable; urgency=low * Non-maintainer upload * Recompile to fix ARM lossage -- Philip Blundell Sun, 11 Mar 2001 07:47:27 -0500 shadow (20000902-3) unstable; urgency=low * Update config.sub and config.guess so ia64 compiled, closes: #81897 * libmisc/sub.c: skip '*' in shell name when doing subsystem, closes: #82893 * src/su.c: don't assume uid 0 == "root", use getpwuid to fetch it, closes: #81924 * This was fixed in a previous version, closes: #77057 * Update passwd long desc, closes: #88299 * Conflict with suidmanager << 0.5, and remove suid{,un}register calls, closes: #87157 * Update policy to 3.5.0.0 * Added debconf support for passwd from base-config -- Ben Collins Sat, 3 Mar 2001 07:26:57 -0500 shadow (20000902-2) unstable frozen; urgency=low * control.hurd->control.gnu: closes: #77940 * Cannot reproduce, closes: #79447 * User never sent a patch, plus I think removing the passwd/account when doing passwd -l is a bad idea. Makes it so you cannot unlock the account. closes: #77824 * Don't allow shadowconfig to change perms of other binaries, close: #77057 * IMO, this is not a bug. It's part of a feature, and can be disabled by turning off USER_GROUPS. closes: #76806 * /bin/login is suid root for several good reasons. For one, it allows daemons that use it to run as non-root. This is a good thing since it means only one program is running as root, and not several. closes: #17911 * sulog is fairly easy to grep or parse so I don't see how the similarity of the log entries for failed and successful is a problem. '-' for failed, '+' for success. closes: #63801 * logoutd.8: s,/etc/utmp,/var/run/utmp, closes: #80494 * Fix case where pam_auth returns a NULL username, closes: #76817, #75510 * Hmm, Linux is a sysv derivative, so the comment is perfectly legitimate, closes: #76898 * MAX_PASSWORD is used by useradd, and CHFN_AUTH is actually used by * chfn to decide if the current user needs to auth in order to change their info, closes: #71114 * login.1: Fix \' closes: #75435 * login -f works for me assuming you call it as root. I tested this with plain pam_unix.so, and also with pam_unix.so stacked with pam_ldap.so. So if it doesn't work with telnet-heimdal, then that program is not doing something right. closes: #78186 * login.pam.d: made pam_nologin.so requisite. closes: #80111 * su to root seems pretty quick to me, closes: #64756 * xmalloc.c: remove decleration of malloc, which was causing system * header conflicts. closes: #80398 -- Ben Collins Sun, 31 Dec 2000 14:33:47 -0500 shadow (20000902-1) unstable frozen; urgency=low * New upstream release, lots of Debian patches merged, closes: #72735 * man/passwd.1: removed reference to passwd(3), closes: #72704 * man/chsh.1,man/chfn.1: document login.defs affects on these programs, closes: #68029 * not a bug, expected behavior, closes: #74137 * IMO, this is a bug in the user's setup, closes: #65600 * securetty: add devfs console devices, closes: #71946 * libmisc/sulog.c: removed arbitrary limit on number of chars printed of the tty name (truncated to 6 chars, which is silly), closes: #65404 * tested this, and it works fine for me so long as pam_unix.so is called with the nullok option (which it isn't by default because of security concerns), closes: #75063 * appears to be fixed by PAM, closes: #70627 * src/useradd.c: user mkstemp instead of mktemp, per libc6 linktime warning * src/su.c: fixup arg handling passed to shell, closes: #75326 -- Ben Collins Mon, 23 Oct 2000 13:22:29 -0400 shadow (19990827-21) unstable frozen; urgency=low * Added build deps * Use pre-generated files for hurd/linux control file. The old method of using cpp would have broken with the new gcc. -- Ben Collins Wed, 26 Jul 2000 21:04:03 -0400 shadow (19990827-20) unstable frozen; urgency=low * Release Manager None of these are marked as RC in the BTS, however, they do make the package unsuitable for release. Since this is an essential package (IOW, installed on every Debian system), I hope you can see how important it is to make sure this package is perfect. None of the changes are functional (except the fix in logoutd's init script, which was a 20 char change), so please consider this for the next test cycle. * Fix logoutd init script from spurious output when /etc/porttime is not there, closes: #63962, #64067 * su: Fix typo in usage output, closes: #60226 * passwd: Fixed typo and missing newline in output for successful password change, closes: #64106, #63703 * passwd.1: Add documentation on the -f, -e, -s and -d command line options, closes: #64339, #64410 * login: Verified that utmp/wtmp works when called by telnet with -h option, closes: #56854 -- Ben Collins Tue, 23 May 2000 14:40:01 -0400 shadow (19990827-19) unstable frozen; urgency=low * debian/local/shells: added esh, closes: #59934 * logoutd: modify to work with pam_time.so's time.conf file, modify manpage to reflect this, closes: #61300 * userdel.8: added note about group removal, closes: #56723 * base-config handles md5 setup, closes: #60125 * cppw: make sure it gets installed, closes: #62960 * passwd: correct error message for "not you", closes: #61313 * sulog.c: fixed extern for char (char foo[] -> char *foo), closes: #61643 * userdel.8: documented userdel's exit values, closes: #54775 * passwd: error messages are two fold, the second is actually from pam_strerror(), closes: #61937 * passwd: print "success" on successful password change, closes: #58676 -- Ben Collins Sat, 29 Apr 2000 10:26:56 -0400 shadow (19990827-18) unstable frozen; urgency=low * Crap, all the bug fixes from -17 need to go to frozen too -- Ben Collins Tue, 29 Feb 2000 14:57:14 -0500 shadow (19990827-17) unstable; urgency=low * Fixed typo in login.defs, closes: #54877 * logoutd.init.d: Check for /etc/security/time.conf, closes: #54900 * login.defs: Added note about the MAIL env option, closes: #54768 * login.pam.d,passwd.pam.d: Use new options in pam_unix.so to enable obsure password checks. This mimics the old behavior in pre-PAM shadow, closes: #58203 * Use patch from Topi Miettinen to add pam session ability to su, closes: #57526, #55873, #57532 * Made login's -f option also able to use the username after -- if none was passed as it's optarg, closes: #53702 -- Ben Collins Mon, 28 Feb 2000 12:37:22 -0500 shadow (19990827-16) unstable; urgency=low * got rid of g+s directories in the source tarball, closes: #54585 * make su mode 4755 in the package. This way there is no chance of a failed dpkg install causing it to be left without suid root perms before suidmanager or chmod is called in the postinst. * src/login.c: added faillog support to the pam_authenticate loop. This loop is now completely rewritten, and should produce better results on failures, closes: #53164 -- Ben Collins Sun, 9 Jan 2000 23:35:08 -0500 shadow (19990827-15) unstable; urgency=low * src/su.c: moved signal() call to re-establish SIGINT to right place, closes: #54496 * src/login.c: if hostname is blank (not a remote login via rlogin or telnet), then use the tty to log failures in syslog, closes: #53966 * passwd: Locking a password by appending '!' appears to be pretty standard, so ssh needs to check for it. * passwd and login come with a README.pam that discusses the differences between the PAM and old non-PAM versions. It also talks about where to look for details. Also now that I have added the extra examples to the pam.d files, I hope this satisfies...closes: #52917 * A new package, base-config, which will be used by boot floppies is going to have an option to configure MD5 usage for passwords. Since this is the best place for it, and I don't really have any control over it, I am .... closes: #47620 * libmisc/chowntty.c: applied patch for read-only root, closes: #52069 -- Ben Collins Sat, 8 Jan 2000 22:11:29 -0500 shadow (19990827-14) unstable; urgency=low * debian/local/shells: added /bin/zsh, closes: #53883 -- Ben Collins Sun, 2 Jan 2000 13:51:42 -0500 shadow (19990827-13) unstable; urgency=low * su.c: ignore SIGINT while authenticating, closes: #52372 * su.pam.d: added 2 new examples of how to allow su for wheel users without prompting for a password, and also how to deny users of a specific group. -- Ben Collins Sat, 1 Jan 2000 22:29:46 -0500 shadow (19990827-12) unstable; urgency=low * Recompiled against latest libpam and up'd the module deps, closes: #52171 * login.pam.d: added "noenv" option so we don't clobber login's setting, closes: #51441 -- Ben Collins Tue, 14 Dec 1999 22:41:40 -0500 shadow (19990827-11) unstable; urgency=low * debian/passwd.in: add a preinst (matches login's) to fix the latest build change (only affected hurd since it doesn't use login). * debian/scripts/passwd.mk: use passwd.preinst instead of login.preinst to complete the fix above. -- Ben Collins Mon, 6 Dec 1999 18:25:07 -0500 shadow (19990827-10) unstable; urgency=low * src/login.c: only set pam_fail_delay if > 0. Also make the default 0 so not defining it has the same affect as disabling it, closes: #51178 * src/userdel.c: make sure we remove the shadow group entries when removing the users own group, closes: #50005, #50138 -- Ben Collins Fri, 26 Nov 1999 22:37:44 -0500 shadow (19990827-9) unstable; urgency=low * src/su.c: Fixed getopt parsing, and added a usage output * man/su.1: minor typos -- Ben Collins Mon, 8 Nov 1999 22:13:05 -0500 shadow (19990827-8) unstable; urgency=low * src/login.c: fixed loggin of username on succesful login (was using the normal username, when it should have used pam_user), closes: #47819 * src/login.c: check for hushed login and pass PAM_SILENT if true, closes: #48002 * src/useradd.c: set def_shell to /bin/bash, closes: #48304 * doc/README.debian: add note about how to avoid issues with nscd's lag in aging the cache, closes: #48629 * src/cppw.c: new program to assist copying a passwd/group file without corruption, closes: #42141 -- Ben Collins Tue, 2 Nov 1999 21:46:28 -0500 shadow (19990827-7) unstable; urgency=low * {passwd,login}.pam.d: added blurb about how to use the pam_cracklib module, and also changed it to use pam_unix and not pam_pwdb (gah! how did that happen?), closes: #46983 * README.debian: changes to reflect new PAM usage aswell as removing references to obsolete config files, closes: #46595 * passwd.expire.cron: example script that informs users by email when their accounts are about to expire, closes: #41393 * lastlogin.c: added -h option and usage aswell as long option support, closes: #45804 * shadow now only has 3 wishlist bugs and nothing else -- Ben Collins Sat, 9 Oct 1999 11:54:16 -0400 shadow (19990827-6) unstable; urgency=low * debian/shells: new file, needed to include /bin/sash, closes: #45826 * useradd.8,groupadd.8: added note about the prefered use of adduser and addgroup when conforming to Debian policy (taken from notes in adduser's man pages), closes: #22821 * dialups.5: new man page that documents /etc/{dialups,d_passwd}, closes: #42212 * src/su.c: added -m, -p and -s command line options to match GNU options, also documented in su(1), closes: #45394, #46424 * login.defs.5: clarified usage of TTYTYPE_FILE, closes: #23194 * login.pam.d: added pam_issue.so which replaces the old ISSUE_FILE from login.defs, this also allows it to grok escapes in the issue file, also increases the MODDEPS to (>= 0.69-10). By default this module is not enabled, closes: #21044 * login.defs.pam.linux: added ISSUE_FILE to list of deprecated options -- Ben Collins Mon, 4 Oct 1999 19:56:22 -0400 shadow (19990827-5) unstable; urgency=low * {login,su}.1: added description of a subsystem login, closes: #31987 * src/chowndir.c: fixed recursive chown's on usermod, also changed it to use lchown and lstat since we actually want that, closes: #46405 * su.1: removed reference to suauth aswell as added "-c" to the SYNOPSIS, closes: #45685 * login.1: added options to the SYNOPSIS and documented OPTIONS, closes: #28763 * login.defs.5: documented the ENVIRON_FILE options (even though it's not really used in the PAM version), close: #28786 * 010_src_gpasswd.c: new patch, fixes changing group passwords when not using shadow groups, closes: #25919 * {chfn,chsh,login}.pam.d: added nullok to pam_unix.so auth line to allow for passwordless accounts, closes: #46510 * login.pam.d: add "standard" to the pam_mail option so we get old style "You have..." login messages. -- Ben Collins Sun, 3 Oct 1999 13:41:53 -0400 shadow (19990827-4) unstable; urgency=low * Alright, we are really getting some usage from this now, and seeing some odd ball setups, so it means more work for me, but more stable and feature filled software for you :) * debian/{login,su}.pam.d: Fixed spelling errors, closes: #45234, #45235 * debian/login.pam.d: Added commented pam_access.so reference and description, closes: #45241 * src/login.c: moved usage of setup_uid_gid() when PAM is enabled or pam_groups.so's groups get clobbered * src/newgrp.c: don't call sanitize_env() and also make sure we don't check passwords when the user is trying to get back to their default group, closes: #22244 * Closed some other bugs that were either not really bugs, or they weren't reproducable. * debian/login.pam.d: moved around the pam_motd and pam_mail modules to order them the same as old login would have done -- Ben Collins Sun, 19 Sep 1999 19:42:13 -0400 shadow (19990827-3) unstable; urgency=low * This is a "Sit down and really fix some bugs" update. I'm going through the ones that really need some work. * src/vipw.c: use the system() call to invoke the editor so that it accepts command line args in the EDITOR and VISUAL environment vars, closes: #31029 * src/userdel.c: added code to remove user groups (of the same name) if there were no members left and USERGROUPS_ENAB is set to yes, closes: #35046 * login.defs: documented above change * {login,passwd}.postinst: fixed some bashisms, closes: #45159 * login.defs.pam.linux: documented the FAKE_SHELL option, closes: 31987 * su.1,login.1: documented the subsystem root ability in login and su, closes: * doc directory for both packages now includes the README.shadow-paper file closes: #15391 -- Ben Collins Sun, 19 Sep 1999 15:49:11 -0400 shadow (19990827-2) unstable; urgency=low * debian/rules: use "$(CC) -E" instead of "cpp" to make it easier to cross compile for Hurd (requested by Marcus Brinkman). * debian/login.pam.d: forgot to remove that comment about login not being PAMified, it is and works fine. * src/login.c: Added login.defs option to turn on and off the persistent login, also give note on when it isn't and is needed in login.defs. * lib/getdef.c: Added CLOSE_SESSIONS for above code. * man/login.defs.5: document the new CLOSE_SESSION option for login * logoutd: disabled until I can fix it to grok /etc/security/time.conf -- Ben Collins Mon, 13 Sep 1999 18:57:47 -0400 shadow (19990827-1) unstable; urgency=low * New Maintainer, with Guy's consent. closes: #22296, #22331 (closed some NMU bug reports) * New upstream release, closes: #15879, #24712, #25739, #28785, #32991 closes: #38672, #39933, #41060, #42480, #22534, #12690, #36150, #26412 closes: #40398, #43750 * Ok, now for some dusting and house cleaning (aka The Bug Killfile Begins Here): %%- login package - Not a bug in login anymore, closes: #28098 - No longer pertinent, and is not controlled by the login program, closes: #23155 - This does not appear to be a bug anymore, closes: #32424 - This is not a login problem. Xterm itself prints the LOGIN message and it does _not_ read login.access, closes: #16958 - Seems to be fixed, closes: #28098 - Huge list of "Fixed" bugs, that I want to close. I really need to start with a clean slate in order to get some of this cleaned up, closes: #3439, #11443, #13485, #13815, #15176, #15998, #16187, #17529 closes: #17532, #17532, #18133, #18225, #20052, #20876, #21280, #21357 closes: #21687, #21695, #21746, #21767, #22716, #24710 - lastlog(8): Clarified differences in the usage of "login-name" and UID, closes: #26727 %%- passwd package - newuser: appears to be working correctly and placing x, not !, closes: #19620 - userdel(8): added note about user's mail spool also being deleted, closes: #20790 - Can't reproduce this one, closes: #21639 - -e expire_date The date on which the user account will be dis- abled. The date is specified in the format MM/DD/YY. Bug filer was trying to use an integer instead of the documented format, closes: #22533 - chfn's command line options seem to work for root and non-root, closes: #25396 - seems to have been fixed by the latest upstream, #25670 - Removed references to shadow(3), closes: #32859 - passwd only saves first 8 chars...duh :) closes: #33368 - userdel can only do so much, the admin should know to check some things on their own, closes: #35418 - Lot's of Y2K issues fixed in this release, closes: #37232 - useradd requires the -m option to make it create a home directory if one does not exist, closes: #39581 - useradd's -p option requires the password to already be encrypted as documented in useradd(8), closes: #39870, #39874 - More "Fixed" bugs in passwd, closes: #13753, #16893, #17894, #18132 closes: #18628, #12691 %%- su (no longer a package, but has bugs just the same, will be forwarded to the login package soon) - Sorry, but su (all su's) invoke the shell with -c "cmd". This is documented, not a bug, it's a standard interface that su expects, go fix sash's bug for not supporting it, closes: #14551 - Acknoledged NMU: closes: #20058 - More "Fixed" bugs getting closed...CLOSED AT LAST, closes: #17593 closes: #20057, #12689 * Switched to a new build setup (dbs) * Split makes into seperate files to make it a little cleaner * FHS compliance changes (usr/{doc,man} to usr/share/{doc,man}) * debian/tar.c: removed * su: su is now going to be provided by shadow's login package and removed from shellutils (the shellutils maintainer agreed to this) in preperation for future PAM support. Added conflicts with older version of shellutils that does provide the su binary. * debian/control.in: removed the secure-su package since login now contains su and all of it's components * debian/control.in: modified the package descriptions to be a little more explicative of what they do. * Upgraded standards version to 3.0.1.1 * Setup suidmanager support for all +s apps, closes: #15705, #15704, #15699 * Enabled PAM. Support now for su, passwd, chfn, chsh. I am working on the support in login. * expiry: Changed to be installed as sgid shadow instead of suid root since it doesn't need root priviledges. Also added man page expiry(1) based on the comments found in expiry.c. * Removed bashism's in control scripts. Now lintian clean (smells fresh too) * chage.c: Keep chage from locking when not running as root, since it just needs to read the shadow and password files. This let's it run sgid shadow instead of suid root. When run as root, it can lock files for editing. * login.c: Pam support Works For Me(tm)! * login.c: Fixed PAM's auth when PAM_USER was not set from the command line, also call pam_fail_delay() with FAIL_DELAY as the arg before authentication. * etc/login.defs.pam.linux: new file, reflects options that PAM takesover * etc/login.defs.pam.hurd: new file, same for Hurd * debian/passwd.mk: make sure that login.defs.5 get's installed for Hurd * pam.d/: Modified defaults for each service to reflect the old style and also added commented options on how to enable obsoleted options from login.defs in the PAM Way(tm). * debian/rules: removed --disable-desrpc from configure options since it was supposedly just a workaround for glibc 2.0 * src/login.c: reset pam_fail_delay after every failure * debian/rules: remove debian/files on clean target * src/login.c: removed setup_limits() and check_nologin() usage when PAM is enabled * debian/login.pam.d,debian/login.defs.pam.linux: made notes about the pam_limits.so module, as well as pam_nologin.so * debian/su.pam.d: made notes about pam_limits.so module * debian/control.in: removed depends on libpam-motd since it is now in libpam-modules, also make login conflict with secure-su * debian/*: setup so that Hurd does not get PAM, since they don't have it ported completely yet. * debian/*: Final approach to a final upload, modified login.postinst to check old obsolete conffiles to see if the user needs a notice that they are no longer used. -- Ben Collins Sat, 11 Sep 1999 19:58:14 -0400 shadow (980403-0.3.3) unstable; urgency=low * Non maintainer upload. * Add dpkg-architecture and cross compilation support to the package. * Changes for the Hurd: + Only build passwd, add etc/login.defs.hurd to this package. + libmisc/rlogin.c: Conditionalize CBAUD, which is not portable. -- Marcus Brinkmann Thu, 5 Aug 1999 00:28:12 +0200 shadow (980403-0.3.2) unstable; urgency=low * configure.in patched for utmpx.h (for arm) -- Jim Pick Sun, 4 Oct 1998 19:06:15 -0700 shadow (980403-0.3.1) frozen unstable; urgency=low * Non maintainer upload. changes.{guess,sub} changed to recognize a Arm architecture. -- Turbo Fredriksson Fri, 14 Aug 1998 22:37:58 -0400 shadow (980403-0.3) frozen unstable; urgency=high * Non maintainer upload. * src/login.c: Applied patch from to fix security hole of login not checking the return code from setgid(), initgroups() or setuid(). [#24710] -- James Troup Fri, 17 Jul 1998 18:56:31 +0100 shadow (980403-0.2) frozen unstable; urgency=low * (login.defs): fixed UMASK (thanks to James Troup for noticing my screwup :) * Pruned non-Debian changelog entries. -- Joel Klecker Mon, 11 May 1998 11:25:22 -0700 shadow (980403-0.1) frozen unstable; urgency=low * Non-maintainer release. * New upstream release (18225). * (debian/login.postinst) * Use 'touch' instead of 'cat >' when creating /var/log/faillog (15998,16187,21687). * No longer fails if no previous configured version exists (11433). * (gpasswd): now checks which user invoked it before calling setuid() (18132). * (debian/passwd.postinst): removed bashism (13753). * (groupmod): NULL dereference fixed upstream, as a result, it no longer dumps core when changing group name (16893,17894). * (useradd): no longer segfaults if /etc/default/useradd is missing (18628). * (login.defs.1): now documents more options (13485). * (source): includes 'missing' (13815,18133,21280). * (login.1): * Removed mention of "d_passwd(5)", which doesn't exist, and login.defs.5 now documents /etc/dialups (15176). * Added /etc/nologin to FILES section and reference nologin(5) (21695). * The URL mentioned in Bug#15391 is no longer valid. * (login.defs): no longer sets ULIMIT (17529). * (login): * No longer uses static buffers for group lines (17532). * Doesn't seem to make assumptions about gid_t any longer (21767). * (faillog.8): s-/usr/adm-/var/log-g (19974). * (lastlog.8): notes that "some systems" use /var/log instead of /usr/adm (21746). * Install upstream changelog as 'changelog.gz' as per policy (20052). * (secure-su): Changed /etc/suauth to reference the group 'root' instead of 'wheel' (17593). -- Joel Klecker Thu, 30 Apr 1998 18:32:12 -0700 shadow (970616-1) unstable; urgency=low * Upstream upgrade. * chage works (10561). * Fix NIS behavior (5634,8734,10032,10545,10984,11160,12064). * Wrote pwconv,pwunconv,grpconv,grpunconv manpage (10940). * vipw fixes (10521,10696,11618,11924,12184,13001) * Fixes for new automake. * Compile with glibc2. (8627,8777,9824,11713,11719,12082,12108,11442). * debian/rules fixes (8876,12468). * /etc/login.defs: UMASK=002 (9102). * chown /dev/vcs* on login (9421,13255). * Added tty9-tty12 to /etc/securetty (11644). * Provide template and manpage for /etc/limits (12289). * Fix security hole in postinst (11769). * login fills out ut_addr field in utmp (10701). * shadowconfig.sh fixes (9189,9328,9386,10968,12452,12469). * Overcome postinst bug in old shadow-passwd package (9939,12120). * useradd default GROUP=100 (9244). * Allow 8 bit chars in chfn (12367). * secure-su - set HOME, use SHELL if set (11003,11189). -- Guy Maor Fri, 26 Sep 1997 19:23:42 -0500 shadow (970616) unstable; urgency=low * vipw preserves permissions on edited files (10521). * various other bug fixes. -- Marek Michalkiewicz Mon, 16 Jun 1997 02:02:00 +0200 shadow (970601) unstable; urgency=low * Fix typo in libmisc/mail.c causing login to segfault. -- Marek Michalkiewicz Mon, 2 Jun 1997 07:33:00 +0200 shadow (970502-2) unstable; urgency=low * Fixes to shadow group support (grpconv didn't work). -- Marek Michalkiewicz Fri, 2 May 1997 15:48:00 +0200 shadow (970502-1) unstable; urgency=low * Upstream upgrade. -- Marek Michalkiewicz Fri, 2 May 1997 03:18:00 +0200 shadow (961025-2) frozen unstable; urgency=medium * Fix useradd -D segfault (8098, 8152, 8733). * Fix shadowconfig - permfix only on xlock; /etc/init.d/xdm rewrite, chmod (8102, 8320, 8333, 8708). * Remove HOWTO from usr/doc/passwd as it's in linux-doc (8150). * Fixes to su.1 (8153). * login, passwd, su each conflict and replace with the old shadow-* version. (8269, 8290, 8393, 8394). * Put /etc/shells back in passwd (8328). * Fixed login.postinst for upgrade from shadow-login (8392). * Added -e to pwck for use in shadowconfig: reports only errors, no warnings (8542). * Wrote shadowconfig.8 (8588). -- Guy Maor Sat, 19 Apr 1997 02:34:59 -0500 shadow (961025-1) unstable; urgency=low * Upstream upgrade, new source format. -- Guy Maor Mon, 10 Feb 1997 02:56:56 -0600 shadow (960530-1) experimental; urgency=LOW * Added grpunconv script * Changed prerm/postinst scripts to remove/create shadowed group file * Added vipw/vigr binaries * Renamed package to shadow-passwd * Added packages shadow-su and shadow-login * Added 'Essential: yes' to be able to replace passwd and login * Section now base for shadow-passwd and shadow-login * Added /etc/shell conffile * Added /etc/securetty conffile * Added new conffile /etc/suauth. Set it up so only users in group 0 can su to root. shadow (960810-1) base; urgency=LOW * Added useradd default file so that default group is no longer 1 * Also corrected the useradd manpage * Replaced grpunconv script by real binary which does correct locking. * Added 'source' field control file to control files * Changed version naming in debian.rules * New upstream version