shadow (1:4.8.1-2ubuntu2.2) jammy-security; urgency=medium
* SECURITY UPDATE: unsanitized buffer leading to a password leak during
gpasswd new password operation
- debian/patches/CVE-2023-4641.patch: fix password leak in gpasswd.
- CVE-2023-4641
-- Camila Camargo de Matos <camila.camargodematos@canonical.com> Tue, 06 Feb 2024 09:54:23 -0300
shadow (1:4.8.1-2ubuntu2.1) jammy-security; urgency=medium
* SECURITY UPDATE: race condition when copying and removing directory trees
- debian/patches/CVE-2013-4235-pre1.patch: add nofollow to opens.
- debian/patches/CVE-2013-4235-pre2.patch: prepare context for actual file
type (set_selinux_file_context).
- debian/patches/CVE-2013-4235-1.patch: avoid races in chown_tree().
- debian/patches/CVE-2013-4235-2.patch: avoid races in remove_tree().
- debian/patches/CVE-2013-4235-3.patch: require symlink support.
- debian/patches/CVE-2013-4235-4.patch: fail if regular file pre-exists in
copy_tree().
- debian/patches/CVE-2013-4235-5.patch: more robust file content copy in
copy_tree().
- debian/patches/CVE-2013-4235-6.patch: address minor compiler warnings.
- debian/patches/CVE-2013-4235-7.patch: avoid races in copy_tree().
- debian/patches/CVE-2013-4235-post1.patch: use fchmodat instead of chmod
(copy_tree).
- debian/patches/CVE-2013-4235-post2.patch: do not block on fifos
(copy_tree).
- debian/patches/CVE-2013-4235-post3.patch: carefully treat permissions
(copy_tree).
- CVE-2013-4235
-- Camila Camargo de Matos <camila.camargodematos@canonical.com> Thu, 24 Nov 2022 09:05:18 -0300
shadow (1:4.8.1-2ubuntu2) jammy; urgency=medium
[ Michael Vogt ]
* debian/patches/1010_extrausers.patch:
Add automatic detection of "extrausers" for usermod -G
(LP: #1959375)
-- Alberto Mardegan <alberto.mardegan@canonical.com> Mon, 14 Mar 2022 11:59:13 +0300
shadow (1:4.8.1-2ubuntu1) jammy; urgency=low
* Merge from Debian unstable (LP: #1951161). Remaining changes:
- debian/login.defs:
+ Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
handling does not only apply to "former (pre-PAM) uses".
+ Update documentation of UMASK: Explain that USERGROUPS_ENAB
will modify this default for UPGs.
+ Enable private home directories by default
- debian/{source_shadow.py,login.install}: Add apport hook
- debian/patches/1010_extrausers.patch: Add support to passwd for
libnss-extrausers
- debian/patches/1011_extrausers_toggle.patch: extrausers support for
useradd and groupadd
- debian/patches/1014_extrausers_delgroup.patch
+ add --extrausers option to "groupdel"
- debian/patches/1013_extrausers_deluser.patch
+ add --extrausers option to "userdel"
- debian/patches/1012_extrausers_chfn.patch
+ add support for --extrausers to the chfn tool
- debian/patches/1015_add_zsys_support.patch
+ Call zsys to handle home directory if available.
- debian/patches/1016_extrausers_gpasswd.patch
+ Add support for extrausers in gpasswd.
- debian/patches/506_relaxed_usernames.patch
+ disallow purely numeric usernames
* Dropped changes, included in Debian:
- debian/passwd.maintscripts: Clean up upstart configuration
-- William 'jawn-smith' Wilson <jawn-smith@ubuntu.com> Mon, 15 Nov 2021 16:13:44 -0600
shadow (1:4.8.1-2) unstable; urgency=medium
* debian/control: Switch to libsemanage-dev from libsemanage1-dev
(Closes: #998633)
* ACK NMU, thanks for all the changes
* Make passwd recommend sensible-utils because vipw uses sensible-editor
* Add files to debian/not-installed or install them when they were missed
This change ships a few more man page translations
* debian/control: Bump debhelper-compat version to 13
* List man pages to install in debian/*.manpages instead of in
debian/*.install
* Clean up debian/control using 'cme fix dpkg-control'
* Rename deprecated debian/passwd.tmpfile to debian/passwd.tmpfiles
* debian/control: Revert to my personal email address in the Maintainer field
-- Balint Reczey <balint@balintreczey.hu> Wed, 10 Nov 2021 10:39:04 +0100
shadow (1:4.8.1-1.1) unstable; urgency=medium
[ Johannes Schauer Marin Rodrigues ]
* Non-maintainer upload.
[ Niels Thykier ]
* Remove obsolete login.preinst
* Remove obsolete code from passwd maintscripts
[ Helmut Grohne ]
* logoutd is gone since at least buster (closes: #989712)
* Delete duplicate subuid/subgid creation.
* login.postinstd support for DPKG_ROOT (closes: #992578)
-- Johannes Schauer Marin Rodrigues <josch@debian.org> Sat, 23 Oct 2021 21:04:57 +0200
shadow (1:4.8.1-1ubuntu9) impish; urgency=medium
* Disallow purely numeric usernames. This includes hexadecimal and
octal syntax. (LP: #1927078)
-- William 'jawn-smith' Wilson <william.wilson@canonical.com> Thu, 17 Jun 2021 14:35:15 -0500
shadow (1:4.8.1-1ubuntu8) hirsute; urgency=medium
* Enable private home directories by default (LP: #48734)
- Set HOME_MODE=750 in login.defs to enable private home directories
-- Alex Murray <alex.murray@canonical.com> Thu, 07 Jan 2021 15:35:37 +1030
shadow (1:4.8.1-1ubuntu7) hirsute; urgency=medium
[ Marcus Tomlinson ]
* debian/patches/1016_extrausers_gpasswd.patch:
- Add support for extrausers in gpasswd.
-- Dimitri John Ledkov <xnox@ubuntu.com> Wed, 02 Dec 2020 10:44:11 +0000
shadow (1:4.8.1-1ubuntu6) groovy; urgency=medium
* debian/patches/1015_add_zsys_support.patch:
- Add support for ZSys user deletion (LP: #1881540)
- Fix a build warning
-- Didier Roche <didrocks@ubuntu.com> Thu, 28 May 2020 08:37:47 +0200
# For older changelog entries, run 'apt-get changelog passwd'
Generated by dwww version 1.14 on Wed Jan 22 23:52:17 CET 2025.