diff options
| author | Christian Perrier <bubulle@debian.org> | 2013-07-27 18:37:22 +0200 |
|---|---|---|
| committer | Christian Perrier <bubulle@debian.org> | 2013-07-27 18:37:22 +0200 |
| commit | a0c7601c6d9ad68a8b646cc6f2e2770b42e193e0 (patch) | |
| tree | 2a665033cd96558573859c58c88f5be3715a2c68 | |
| parent | 03e6eeb8bb4697fa0e488fabcf507f907f244925 (diff) | |
| download | shadow-tests.tar.gz | |
Drop debian/tests
68 files changed, 0 insertions, 7007 deletions
diff --git a/debian/Makefile b/debian/Makefile deleted file mode 100644 index 06d49f55..00000000 --- a/debian/Makefile +++ /dev/null @@ -1,16 +0,0 @@ -PKG=shadow -SITE=ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/ - -deb:: check_cheese - -include /usr/share/quilt/quilt.debbuild.mk - -check_cheese: - @dpkg-parsechangelog | grep -q "\* The \".*\".* release\." || { \ - echo ""; \ - echo " ** **"; \ - echo " ** Warning: not a cheesy release! **"; \ - echo " ** **"; \ - echo ""; \ - exit 1; \ - } diff --git a/debian/NEWS b/debian/NEWS deleted file mode 100644 index 28071546..00000000 --- a/debian/NEWS +++ /dev/null @@ -1,36 +0,0 @@ -shadow (1:4.0.15-5) unstable; urgency=low - - * commands passed in argument to su must use su's -c option and must quote - the command if it contains a space, as in: - su - root -c "ls -l /" - The following commands won't work anymore: - su - root -c ls -l / - su - root "ls -l /" - su - root ls -l / - - -- Christian Perrier <bubulle@debian.org> Sat, 8 Apr 2006 20:11:38 +0200 - -shadow (1:4.0.14-1) unstable; urgency=low - - * passwd does not support the -f, -s, and -g options anymore. You should use - the chfn, chsh and gpasswd utilities instead. - * login now distributes the nologin utility, which can be used as a shell - to politely refuse a login - - -- Christian Perrier <bubulle@debian.org> Thu, 5 Jan 2006 08:47:44 +0100 - -shadow (1:4.0.12-1) unstable; urgency=low - - CLOSE_SESSIONS and other variables are not used anymore in - /etc/login/defs. - As shadow utilities which use this file now warn about unknown - entries there, administrators should remove such unknown entries. - The supplied login.defs file does not include them anymore. - - dpasswd is no more distributed by upstream. Login do not support - dialup password anymore. Re-introducing this functionality in - upstream is not trivial. - - - -- Christian Perrier <bubulle@debian.org> Thu, 25 Aug 2005 08:38:47 +0200 - diff --git a/debian/README.debian b/debian/README.debian deleted file mode 100644 index e7ef2631..00000000 --- a/debian/README.debian +++ /dev/null @@ -1,62 +0,0 @@ -Read this file first for a brief overview of the new versions of login -and passwd. - - ----Shadow passwords - -The command `shadowconfig on' will turn on shadow password support. -`shadowconfig off' will turn it back off. If you turn on shadow -password support, you'll gain the ability to set password ages and -expirations with chage(1). - -NOTE: If you use the nscd package, you may have problems with a -slight delay in updating the password information. You may notice -this during upgrades of certain packages that try to add a system -user and then access the users information immediately afterwards. -To avoid this, it is suggested that you stop the nscd daemon before -upgrades, then restart it again. - ----General configuration - -Most of the configuration for the shadow utilities is in -/etc/login.defs. See login.defs(5). The defaults are quite -reasonable. - -Also see the /etc/pam.d/* files for each program to configure the PAM -support. PAM documentation is available in several formats in the -libpam-doc package. - - ----MD5 Encryption - -This is enabled now using the /etc/pam.d/* files. Examples are given. - - ----Adding users and groups - -Though you may add users and groups with the SysV type commands, -useradd and groupadd, I recommend you add them with Debian adduser -version 3+. adduser gives you more configuration and conforms to the -Debian UID and GID allocation. - -Editing user and group parameters can be done with usermod and -groupmod. Removing users and groups can be done with userdel and -groupdel. - - ---- Group administration - -Local group allocation is much easier. With gpasswd(1) you can -designate users to administer groups. They can then securely add or -remove users from the group. - - ---- What to read next? - -Read the manpages, the other files in this directory, and the Shadow -Password HOWTO (included in the doc-linux package). A large portion -of these files deals with getting shadow installed. You can, of -course, ignore those parts. - -Also, the libpam-doc package will go a long way to allowing you to take -full advantage of the PAM authentication scheme. diff --git a/debian/README.source b/debian/README.source deleted file mode 100644 index 1993b9f8..00000000 --- a/debian/README.source +++ /dev/null @@ -1,17 +0,0 @@ -This package uses quilt to patch the upstream source. - -You can find some info on how to generate the patched source, add a new -modification, and remove an existing modification on: - /usr/share/doc/quilt/README.source - -================================================================================ - -To package a new upstream release, you can use the Makefile: - svn://svn.debian.org/svn/pkg-shadow/debian/trunk/Makefile - -================================================================================ - -A testsuite is also available. Instruction on how to run this testsuite -are available on: - svn://svn.debian.org/svn/pkg-shadow/debian/trunk/tests/README - diff --git a/debian/TODO b/debian/TODO deleted file mode 100644 index 7bb324a7..00000000 --- a/debian/TODO +++ /dev/null @@ -1,32 +0,0 @@ -Things that should be done: - * the patches directory can be cleaned - + It would be nice to have the program and man page correction in the - same patch - * other queries on debian-devel: - + should PAM session be closed as root? - * Verify the files left in debian/tmp - + e.g. /etc/default/adduser should be installed - * Check the build system: rebuilding the package twoce in the same tree - doubles the size of the diff.gz file - -Other points (not related to the release of a syncronized shadow): - * compare the source with the usages and man pages - + probably add a sentence to chsh/chfn's manpages about authentication - required for ordinary users - * do something (a tool) for the variables in login.defs - In Debian, some tools are not compiled with the PAM support, so upstream - getdef.c won't be OK. - It should be nice to see in each man page the set of variables used. - The Debian package can now compile (export DEB_BUILD_OPTIONS='nostrip debug') - with the debugging informations. This may be used to extract the set of - variables used in Debian/for each tools. - * verify all the patches around (I've found patches for at least RedHat, - OWL, LFS, Mandriva, Gentoo; are they already applied?) - * make a testsuite - + all options could be tested - + by reading the man page and writing some small tests for each - functionnality (and testing the limit cases, we can probably find - a lot of small/documentation bugs) - e.g. test chage with some fields set to 0 - test chage with a date argument instead of a number of days - diff --git a/debian/bugs-usertags b/debian/bugs-usertags deleted file mode 100644 index 6117f1d2..00000000 --- a/debian/bugs-usertags +++ /dev/null @@ -1,25 +0,0 @@ -This described the usertags used by the team. - -For usertags documentation, see -http://lists.debian.org/debian-devel-announce/2005/09/msg00002.html - -All bugs tagged by team members must be tagged with -"user pkg-shadow-devel@lists.alioth.debian.org" - -Tags list ---------- - -toclose: This bug has been announced to be closed in case no more news - or information is received from the bug submitter or someone - else until the delay specified in the limits_YYYYMMDD tag - -limits-YYYYMMDD: combine it with "toclose". Specifies the date after which - bugs can be closed without other action in case no news - is received - -manpages-replace A bug reported angainst a manpages-xx package to indicate - conflicting man pages. This tag can be used to tune the - Replaces fields. - -su-transition: This bug is related to the su transition (#276419) - diff --git a/debian/changelog b/debian/changelog deleted file mode 100644 index 4470d14a..00000000 --- a/debian/changelog +++ /dev/null @@ -1,3560 +0,0 @@ -shadow (1:4.1.5.1-1) unstable; urgency=low - - * The "Gruyère" release. - - [ Nicolas FRANCOIS (Nekral) ] - * New upstream release: - - login: log into utmp(x) but not into wtmp (this is done by pam_lastlog). - Log to utmp(x) was broken by the fix for #605329. Closes: 659957 - - userdel: Fix segfault when userdel removes the user's group. - Closes: #660406 - - manpages: .so links point to paths relative to the top-level manual - hierarchy. Closes: #661025 - - useradd(8): Return code 13 no more documented. Closes: #661802 - * debian/patches/series, debian/patches/428_grpck_add_prune_option: Removed. - The -p option was not documented and was meant to fix consequences of a - bug now fixed more than 10 years ago. - * debian/shadowconfig.sh: Display issues, but dot not prompt interactively - to fix passwd/group/shadow/gshadow issues. Closes: #638263 - * debian/control: Bump Standards-Version to 3.9.3 (no changes needed). - * debian/rules: Simplify setting of hardening flags. cdbs 0.4.103 needed to - get hardened version of shadow-utils. Restore previous requirement on - dpkg-dev to 1.13.5. - - [ Christian Perrier ] - * Complete Polish translation of logoutd(8). Closes: #668880 - * German translation of manpages completed. Closes: #673234 - - [ Roger Leigh ] - * Separation of static and dynamic motd components in login PAM module - Closes: #669698 - - -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Fri, 25 May 2012 15:42:01 +0200 - -shadow (1:4.1.5-1) unstable; urgency=low - - * The "Charolais" release. - - [ Nicolas FRANCOIS (Nekral) ] - * New upstream release: - - su: Fix possible tty hijacking by dropping the controlling terminal when - executing a command (CVE-2005-4890). Closes: #628843 - - userdel: Check the existence of the user's mail spool before trying to - remove it. If it does not exist, a warning is issued, but no failure. - Closes: #617295 - - userdel: Do not remove a group with the same name as the user - (usergroup) if this group isn't the user's primary group. - Closes: #584868 - - su: Close the PAM session as root (fix issues with pam_mount and - pam_systemd). Closes: #580434 - - Fix several typos in manpages. Thanks to Simon Brandmair. - Closes: #628776 - - userdel error message has been clarified when the user is still - executing processes (it used to complain that the user is logged in). - Closes: #603315 - - passwd(1) references chpasswd(8). Closes: #609117 - - Spaces have been added between options and arguments in the Russian - manpages. Closes: #606159 - - Fix handling of numerical dates in usermod -e. Closes: #621810 - - usermod: When the shadow file exists but there are no shadow entries, an - entry is created if the password is changed and passwd requires a shadow - entry, or if aging features are used (-e or -f). Closes: 632461 - - Added diagnosis for lock failures. Closes: #616167 - - grpck/pwck: NIS entries were dropped by -s (sort). Closes: #622765 - - login does not log into utmp(x) and wtmp. This is already done by - pam_lastlog. Closes: #605329 - - groupmod: document that /etc/passwd can be modified by groupmod -g. - Closes: #647308 - - Updated patches - + debian/patches/008_login_log_failure_in_FTMP - + debian/patches/401_cppw_src.dpatch - + debian/patches/402_cppw_selinux - + debian/patches/428_grpck_add_prune_option - + debian/patches/429_login_FAILLOG_ENAB - + debian/patches/463_login_delay_obeys_to_PAM - + debian/patches/501_commonio_group_shadow - + debian/patches/505_useradd_recommend_adduser - + debian/patches/506_relaxed_usernames - + debian/patches/508_nologin_in_usr_sbin - + debian/patches/523_su_arguments_are_concatenated - + debian/patches/523_su_arguments_are_no_more_concatenated_by_default - + debian/patches/542_useradd-O_option - + debian/patches/900_testsuite_groupmems - - debian/patches/008_su_get_PAM_username: Removed, feature supported - upstream. - - debian/patches/300_CVE-2011-0721: Removed, applied upstream. - - Upstream translation updates from Debian BTS: - + Brazilian Portuguese. Closes: #622834 - + Catalan. Closes: #627526, #657763 - + Danish. Closes: #621330, #657514 - + German. Closes: #622908, #656503 - + French. Closes: #623608, #657621 - + Japanese. Closes: #620978 - + Kazakh. Closes: #620930 - + Portuguese. Closes: #623722, #656686 - + Russian. Closes: #622106, #655194 - + Spanish (Closes: #630618) - + Swedish. Closes: #621126 - + Simplified Chinese. Closes: #655858 - - Upstream manpages translation updates from Debian BTS: - + French. Closes: #630250, #657622 - + German. Closes: #628777 - + Simplified Chinese. Closes: #602264, #655858 - + Danish added. Closes: #657516 - + Russian. Closes: #657710 - * debian/control: mark passwd as 'Multi-Arch: foreign'. Closes: #614321 - * debian/securetty.linux: Add IBM pSeries console ports. Closes: #597661 - * debian/securetty.linux: Add serial Console for MIPS Swarm. - (http://lists.debian.org/debian-release/2011/02/msg00320.html) - * debian/securetty.linux: Add s390/s390x ports ttysclp0. Closes: #647469 - * debian/securetty.linux: Fixed typo: ttyama -> ttyAMA. Closes: #544184 - * debian/rules, debian/man.insert, debian/man.insert.sed: Bug #507673 has - been closed. It is no more needed to patch the generated manpages. This - also fix failures to build twice is a row. Closes: #636047 - * debian/patches/401_cppw_src.dpatch: Replace progname by Prog. Rename - create_backup_file to create_copy. The lock functions do not set errno. - Do not report the error string on cppwexit. - * debian/patches/401_cppw_src.dpatch, debian/patches/402_cppw_selinux: - Synchronize with coding style. - * debian/patches/401_cppw_src.dpatch: Detect as well too many and too - few arguments. - * debian/patches/506_relaxed_usernames: Really check if the user/group - name starts with a dash. Also forbid names starting with '+' or '~'. - Document the naming policy in useradd.8 / groupadd.8. - * debian/patches/506_relaxed_usernames: Also forbid names containing a - comma. - * debian/patches/901_testsuite_gcov: Do not revert the locale when testing - with gcov to avoid coverage false negatives. This does not impact the - debian binary package, only the test package. - * debian/control: Add Build-Depends on libsemanage1-dev [linux-any] - * debian/rules: Do not hard-code CFLAGS and LDFLAGS. Build with all - hardening flags set. Closes: #657010 - * debian/control: depends on dpkg-dev (>= 1.16.1~) for including - /usr/share/dpkg/buildflags.mk - * debian/control: Standards-Version: bumped to 3.9.2. No changes. - * debian/login.defs: Set the default encryption method to SHA512. - Closes: #657717 - - [ Christian Perrier ] - * Use "linux-any" instead of a negated list of architectures in - Build-Depends. Closes: #634465 - - -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Sun, 12 Feb 2012 22:27:03 +0100 - -shadow (1:4.1.4.2+svn3283-3) unstable; urgency=high - - * The "Trappe d'Echourgnac" release. - * Fix typo in /etc/pam.d/login comments. Thanks to Ferenc Wagner. - Closes: #598717 - * debian/patches/300_CVE-2011-0721: Fix insufficient input sanitation - leading to possible user or group creation in NIS environments. - - -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Mon, 13 Feb 2011 23:20:05 +0100 - -shadow (1:4.1.4.2+svn3283-2) unstable; urgency=low - - * The "Bleu du Vercors-Sassenage" release. - * Fix backup command line in cron.daily script. Closes: #596283 - - -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Sat, 25 Sep 2010 23:38:39 +0200 - -shadow (1:4.1.4.2+svn3283-1) unstable; urgency=low - - * The "Bleu de Gex" release. - * New upstream unreleased version: - - Fix formatting of the login.defs.5 manpage. Closes: #542804 - - Updated Czech translation. Closes: #548407 - - Updated Vietnamese translation. Closes: #548065 - - Remove patches applied upstream: - + debian/patches/008_su_no_sanitize_env - + debian/patches/483_su_fakelogin_wrong_arg0 - - Updated patches: - + debian/patches/523_su_arguments_are_no_more_concatenated_by_default - + debian/patches/542_useradd-O_option - - Added support for dates already specified as a number of days since - Epoch in useradd, usermod and chage. Closes: #562221 - - This also allows, in the chage interactive mode, to specify -1 as the - expiration date to disable it. Closes: #573018 - - Fixed parsing of gshadow. This fix password support in newgrp. - Closes: #569899 - - pwck and grpck stop sorting at the first line which begins with a '+'. - This will avoid messing up with NIS entries. Closes: #567836 - - Fix interruption of su, newgrp, vipw with Ctrl-Z. Closes: 530231 - - mail checking is no more mentioned in login(1) since it is done by PAM. - Closes: #470059 - - The -e (and -c and -m) option was restored in chpasswd (which still uses - PAM by default). Closes: #539354 - - Kazakh translation updated. Closes: #586994 - - Fixed comma splice in chsh(1). Closes: #582166 - * debian/securetty.kfreebsd: On GNU/kFreeBSD the serial devices have change - from /dev/cuuaX to /dev/ttydX in kernel 6.0. Closes: #544523 - * debian/securetty.linux: Added support for embedded ARM AMBA PL011 ports - (e.g. emulated by QEMU). Closes: #544184 - * debian/control: Removed Martin Quinson from the Uploaders, on his request. - * debian/login.defs: Improve documentation of USERGROUPS_ENAB. - Closes: #572687 - * debian/rules: Added DEB_AUTO_UPDATE_LIBTOOL = pre. Closes: #560633 - * debian/login.pam: return back to mostly "requisite" for the pam_securetty - PAM module, but ignore PAM_USER_UNKNOWN. This will avoid root from - entering a password, and will also avoid user enumeration attacks. - Mis-typed root login are not protected, only root can be blamed for - mis-typing and entering a password on an insecure line. Users willing to - protect against mis-typed root login can use "requisite", but will be - vulnerable to user enumeration attacks on insecure lines, and should use - pam 1.1.0-4 at least. Closes: #574082, #531341 - * debian/passwd.cron.daily: Handle the backups of the user and group - databases so that it can be removed from the standard daily cron job. - Closes: #554170 - * debian/login.defs: Updated description of UMASK (used by pam_umask). - * debian/securetty.linux: Reorganize and synchronize with - Documentation/devices.txt. This added a lot of TTYs, including the - ttyPZ0..3. Closes: #576203 - * debian/rules, debian/man.insert, debian/man.insert.sed: Hack to avoid bug - 507673, causing missing apostrophes in the manpages generated by - docbook-xsl (see debian bug 507673). - * debian/control: Standards-Version: bumped to 3.8.4. No changes. - * debian/passwd.lintian-overrides: Remove old entries relevant for - passwd.config. - * debian/control: Do not repeat the Section and Priority fields for the - binary packages. - * debian/rules: Disable new features: --without-acl --without-attr - --without-tcb - - -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Sun, 29 Aug 2010 21:14:12 +0200 - -shadow (1:4.1.4.2-1) unstable; urgency=low - - * The "Tome des Bauges" release. - * New upstream release: - - Updated Basque translation. Closes: #535553 - - Fixed some translatable string. Closes: #525726 - - Fixed documentation of the short option for --mindays in passwd(1). - Closes: #531983 - - Added support for shells being shell scripts without a shebang. - Closes: #479406 - * debian/securetty.linux: Added Embedded Renesas SuperH ports. - Closes: #535927 - * debian/securetty.linux: Added ttyS2 to ttyS5. Some extension card provide - more serial ports, but that should be sufficient until there is a support - for regular expressions. Closes: #534244 - * debian/patches/506_relaxed_usernames: Fixed typo. groupadd(8) should - document the restriction on groupnames, not usernames. - * debian/login.pam: pam_securetty included as a required module instead of - requisite to avoid leak of user name information. Closes: #531341 - * debian/shadowconfig.sh: Do not run shadowoff() and shadowon() in subshell. - This also remove a dependency on bash (even though /bin/sh would have been - sufficient). Thanks to Luk for spotting this. - * debian/login.dirs, debian/passwd.dirs: Removed usr/share/linda/overrides. - * debian/control: Standards-Version: bumped to 3.8.2. No changes. - - -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Fri, 24 Jul 2009 05:03:23 +0200 - -shadow (1:4.1.4.1-1) unstable; urgency=low - - * The "Chevrotin" release. - * New upstream release: - - Fixed typo in the French vipw usage. Closes: #528486 - - Fixed failure to delete an user (wrongly detected as still logged in). - On Linux, userdel checks if the user has some running processes. - Otherwise, it still check with utmp if the user is logged in and check - if the process indicated by utmp is still running to avoid - mis-detection of logged-in users. Closes: #528060 - - newgrp and sg return the exit status of their child. Closes: #529897 - - Updated patches: - + debian/patches/506_relaxed_usernames - * debian/login.defs: Removed comment about MD5_CRYPT. MD5_CRYPT_ENAB is no - more used by chpasswd and newusers. - * debian/patches/*: Updated patches to the new quilt and shadow versions. - * debian/patches/506_relaxed_usernames: usernames with a slash will not only - break one option. Move to the discussion on the usernames. - - -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Fri, 22 May 2009 16:29:58 +0200 - -shadow (1:4.1.4-3) unstable; urgency=low - - * The "Banonet" release. - * debian/login.pam: Really ignore pam_selinux.so failures when the module do - not exist. Closes: #528673 - - -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Sat, 16 May 2009 12:11:15 +0200 - -shadow (1:4.1.4-2) unstable; urgency=low - - * The "Banon" release. - * debian/rules, debian/passwd.linda-overrides, debian/login.linda-overrides: - Removed linda-overrides files. - * debian/rules: Install the lintian overrides with dh_lintian. - * debian/control: Raised dependency on debhelper (>= 6.0.7~) for dh_lintian. - * debian/compat: Raised to 6 - * debian/login.postinst: Install /var/log/faillog during initial installs - only. This permits admins to disable failed logins recording. - Closes: #488420 - * debian/login.pam: Ignore pam_selinux.so failures when the module do not - exist. A required pam_selinux.so makes login fail when the module does not - exist (e.g. on architecture without SE Linux support). Closes: #528673 - - -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Thu, 14 May 2009 22:36:34 +0200 - -shadow (1:4.1.4-1) unstable; urgency=low - - * The "Chambérat" release. - * New upstream release: - - Updated Czech translation. Closes: #525658 - - Updated French translation. - - Updated German translation. Closes: #527131 - - Updated Japanese translation. - - Updated Korean translation. Closes: #524719 - - Updated Portuguese translation. Closes: #525531 - - Updated Russian translation. Closes: #527636 - - passwd: Report password properties changes if the password is not - actually changed. Closes: #525967 - - Fixed lastlog. 4.1.3 only reported empty logs. Closes: #524873 - - Remove patches applied upstream: - + debian/patches/403_fix_PATH-MAX_hurd - - Updated patches: - + debian/patches/008_login_log_failure_in_FTMP - + debian/patches/401_cppw_src.dpatch - + debian/patches/429_login_FAILLOG_ENAB - + debian/patches/463_login_delay_obeys_to_PAM - - pwck and grpck warn when the shadowed and non-shadowed files contain - an entry for the same user or group and the non shadowed file password - field is not 'x'. Closes: #501869 - Other topics raised in this bug were fixed previously. - * debian/securetty.linux: Added Freescale i.MX ports. Closes: #527095 - * debian/securetty.linux: Added some local X displays. See LP #104957. But - only a limited set of displays were added. - * debian/rules, debian/passwd.newusers.pam, debian/passwd.chpasswd.pam: - Install the newusers and chpasswd PAM service configuration files. - newusers and chpasswd now use PAM to update the passwords. - Closes: #525153 - * debian/login.pam: Updated support for SELinux. Closes: #527106 - * debian/control: Standards-Version bumped to 3.8.1. No changes. - * debian/control: Changed gnome-doc-utils dependency to >= 0.4.3 (instead - of >= 0.4.3-1) - * debian/control: Added ${misc:Depends} to the passwd's Depends and login's - Pre-Depends. - - -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Mon, 11 May 2009 00:25:11 +0200 - -shadow (1:4.1.3.1-1) unstable; urgency=low - - * The "Le Puant Macéré" release. - Sorry for the lack of cheese name in 1:4.1.3-1. At least this one should - count for two. - * New upstream release: - - Fixed wrong parsing of octal permissions. This impacted login (permission - of the TTYs, UMASK, ERASECHAR or KILLCHAR) in release 1:4.1.3-1 only. - Closes: #524139, #524258 - - removed debian/patches/200_bin_nb: Applied upstream. - - removed debian/patches/302_vim_selinux_support: Applied upstream. - - Fixed login segfault when called without a username. Closes: #524193 - - -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Wed, 15 Apr 2009 23:59:06 +0200 - -shadow (1:4.1.3-1) unstable; urgency=low - - * The "" release. - * New upstream release: - - Fix possible login DOS. Closes: #505071 - - Fix gpasswd and username with 32 characters. Closes: #508785 - - Fix typo in nologin(8). Closes: #513252 - - Remove old features from passwd(1). Closes: #499578 - - login: Close passwd while waiting for exit. Closes: #474318 - - login: fix the count of login failures. Closes: #498788 - - Remove patches applied upstream (4.1.2): - + debian/patches/434_login_stop_checking_args_after-- - + debian/patches/491_configure.in_friendly_selinux_detection - + debian/patches/487_passwd_chauthtok_failed_message - + debian/patches/406_vipw_resume_properly - + debian/patches/414_remove-unwise-advices - + debian/patches/300_SHA_crypt_method - + debian/patches/301_manpages_missing_options - + debian/patches/415_login_put-echoctl-back - + debian/patches/431_su_uid_0_not_root - - Remove patches applied upstream (4.1.3): - + debian/patches/200_Czech_binary_translation - + debian/patches/302_remove_non_translated_polish_manpages - + debian/patches/494_passwd_lock-no_account_lock - + debian/patches/200_Czech_binary_translation - + debian/patches/494_passwd_lock-no_account_lock - - Updated patches: - + debian/patches/431_su_uid_0_not_root - + debian/patches/463_login_delay_obeys_to_PAM - + debian/patches/008_su_get_PAM_username - + debian/patches/302_vim_selinux_support - + debian/patches/008_login_log_failure_in_FTMP - + debian/patches/429_login_FAILLOG_ENAB - + debian/patches/428_grpck_add_prune_option - + debian/patches/401_cppw_src.dpatch - + debian/patches/506_relaxed_usernames - + debian/patches/463_login_delay_obeys_to_PAM - + debian/patches/542_useradd-O_option - - Translations - + New Kazakh translation. Closes: #517809 - + Updated Slovak translation. Closes: #523621 - * debian/patches/454_userdel_no_MAIL_FILE: Patch removed. If MAIL_FILE is - defined, the mailbox is not in MAIL_SPOOL_DIR. - * debian/patches/506_relaxed_usernames: Use an extra paragraph for the note - on username with a '/'. - * debian/patches/504_undef_USE_PAM.nolibpam, - debian/patches/504_undef_USE_PAM.dpatch, debian/rules: Patches removed. - Replaced by the --disable-account-tools-setuid configure option. - * debian/control: changed the "Replaces" on manpages-zh to a versioned - one on 1.5.1-1 - * debian/control: drop all Replaces on manpages-* when the version is - prior to Etch - * Versioned Replaces on manpages-tr (<<1..5) as conflicting manpages have - been removed in that package - * debian/patches/402_cppw_selinux: Add SE Linux support for cppw / cpgr. - * debian/patches/900_testsuite_groupmems, debian/patches/901_testsuite_gcov: - Added patches, only intended to be used in the testsuite. - * debian/securetty.linux: Added ttyPZ0, ttyPZ1, ttyPZ2, ttyPZ3 for PowerMac - machines. Closes: #511739 - * debian/patches/579_chowntty_debug: Removed. With the fix for 505071 and - 505271, this additional debug information is no more needed. - * debian/patches/507_32char_grnames.dpatch: Patch removed. Replaced by the - --with-group-name-max-length=32 configure option. - * debian/patches/592_manpages_typos: No more needed. - * debian/patches/401_cppw_src.dpatch: Call fsync before closing the backup - file descriptor. This ensures that the backup file will be available on - the storage medium. - * debian/securetty.linux: Removed devfs devices. Usage of devfs enabled - kernel in Lenny was not supported. Closes: #511961 - * debian/login.defs: Added /usr/local/games/ to ENV_PATH (for regular - users). Closes: #487379 - * debian/patches/200_bin_nb: Updated Norwegian Bokmål translation. - Closes: #523798 - * debian/login.defs: Update GID_MIN to 1000. This is more consistent with - UID_MIN, SYS_GID_MAX and the usage of the same ID for UID and GIDs. This - should also be more consistent with the assignment of system group IDs - starting from GID_MAX and going down. - - -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Tue, 14 Apr 2009 23:33:22 +0200 - -shadow (1:4.1.1-4) unstable; urgency=low - - * The "Rocamadour" release. - * debian/patches/302_remove_non_translated_polish_manpages, - debian/patches/series: Remove the (untranslated) su.1 and login.1 polish - translation. Closes: #491460 - * debian/patches/506_relaxed_usernames: Document that the naming policy is - also used for the group names policy. Differentiate the Debian - constraints in a separate paragraph. Added documentation of the username - length restriction. Closes: #493230 - * debian/patches/507_32char_grnames.dpatch: Update the documentation of the - group length restriction. Closes: #493230 - * debian/login.pam: Replace the "multiple" option of pam_selinux by - "select_context". This requires PAM 1.0.1, but is commented. - Closes: #493181 - * debian/patches/494_passwd_lock-no_account_lock: Fix typo (missing - parenthesis). Thanks to Moray Allan. - - -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Fri, 15 Aug 2008 12:36:15 -0300 - -shadow (1:4.1.1-3) unstable; urgency=low - - * The "Morbier" release. - * debian/patches/302_vim_selinux_support: Add SE Linux support to vipw/vigr. - Thanks to Russell Coker. Closes: #491907 - * debian/patches/494_passwd_lock-no_account_lock: Restore the previous - behavior of passwd -l (which changed in #389183): only lock the user's - password, not the user's account. Also explicitly document the - differences. This restores a behavior common with the previous versions of - passwd and with other implementations. Closes: #492307 - * debian/patches/494_passwd_lock-no_account_lock: Add a reference to - usermod(8) in passwd(1). Closes: #412234 - * debian/login.pam: Enforce a fail delay to avoid login brute-force. - Closes: #443322 - * debian/login.pam: Indicate why the pam_securetty module is used as a - requisite module and mentions the possible drawbacks. Closes: #482352 - * debian/login.defs: Do not mention the libpam-umask package (the module is - now provided by libpam-modules). Closes: #492410 - * debian/patches/200_Czech_binary_translation: Updated Czech translation. - Thanks to Miroslav Kure. Closes: #482823 - * debian/securetty.linux: Add the PA-RISC mux ports (ttyB0, ttyB1). - Closes: #488515 - - -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Sat, 26 Jul 2008 10:12:46 +0200 - -shadow (1:4.1.1-2) unstable; urgency=low - - * The "Brie de Meaux" and "Brie de Melun" double cheese release. - * Backported patches from upstream - - debian/patches/300_SHA_crypt_method: - This fixes bugs in the SHA encryption method that force the salt to have - 8 bytes (instead of a random length between 8 and 16 bytes), and force - the number of SHA rounds to be equal to the lowest limit (at least 1000 - SHA rounds). - - debian/patches/301_manpages_missing_options: - This add the missing documentation of options in useradd, groupadd, and - newusers. - * Tag patches already applied upstream - - debian/patches/487_passwd_chauthtok_failed_message - - debian/patches/406_vipw_resume_properly - - debian/patches/008_su_get_PAM_username - - debian/patches/491_configure.in_friendly_selinux_detection - - debian/patches/434_login_stop_checking_args_after-- - - debian/patches/414_remove-unwise-advices - * Added description of new variables in /etc/login.defs: - - SYS_UID_MIN, SYS_UID_MAX, SYS_GID_MIN, SYS_GID_MAX - - ENCRYPT_METHOD - - SHA_CRYPT_MIN_ROUNDS, SHA_CRYPT_MAX_ROUNDS - * New Debian Policy: - - debian/control: Bump Standards-Version to 3.8.0 (no changes needed). - - debian/README.source: Document how to patch the upstream source, how to - use quilt, how to package a new upstream and how to use the testsuite. - * debian/patches/505_useradd_recommend_adduser: Fix typo: userdel is used to - remove an user, not to add one. Closes: #475795 - - -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Fri, 13 Jun 2008 01:27:16 +0200 - -shadow (1:4.1.1-1) unstable; urgency=low - - * New upstream release. This closes the following bugs: - - Fix errors when gpasswd is called without a gshadow file. - Closes: #467236, #467488 - - Fix newgrp segfault when the primary group is not listed in /etc/groups. - Closes: #461670 - - Fix infinite loop in usermod when two groups have the same name. - Closes: #470745 - - Make SE Linux tests more strict, when the real UID is 0 SE Linux checks - will be performed. Closes: #472575 - - Option --password added to groupadd / groupmod (like useradd / usermod). - Closes: #445484 - - Remove patches applied upstream: - + debian/patches/451_login_PATH - + debian/patches/462_warn_to_edit_shadow - + debian/patches/467_useradd_-r_LSB - + debian/patches/466_fflush-prompt - + debian/patches/480_getopt_args_reorder - + debian/patches/496_login_init_session - + debian/patches/408_passwd_check_arguments - + debian/patches/412_lastlog_-u_numerical_range - + debian/patches/407_adduser_disable_PUG_with-n - - Updated patches: - + debian/patches/504_undef_USE_PAM.nolibpam - $(LIBCRYPT) $(LIBSKEY) $(LIBMD) are no more included in libshadow.la. - Avoid link to unneeded libraries (spotted by dpkg-shlibdeps). - + debian/patches/501_commonio_group_shadow - + debian/patches/429_login_FAILLOG_ENAB - + debian/patches/542_useradd-O_option - + debian/patches/401_cppw_src.dpatch - + debian/patches/428_grpck_add_prune_option - - Updated translations: - + Basque. Closes: #473555 - + German. Closes: #473646 - + Italian. Closes: #472951 - + Korean. Closes: #471935 - + Portuguese. Closes: #472244 - + Russian. Closes: #472506 - + Slovak. Closes: #471802 - + Turkish. Closes: #473279 - * debian/watch: Add a watch file for shadow. - * debian/rules, debian/recode_manpages.sh: Do not recode the manpages. - Keep them in UTF-8. - * debian/rules, debian/control: login (>= 970502-1) was already provided - by login in Hamm. libpam-modules (>= 0.72-5) was already provided by - libpam-modules in Potato. libpam-runtime (>= 0.76-14) was already provided - by libpam-runtime in Sarge (now oldstable). Simplify the dependencies. - * debian/control: Move the dependency on libpam-modules from Depends to - Pre-Depends. The login package is Essential, and without libpam-modules, - login or su are not functional. Thanks to Steve Langasek for pointing this - out. - * debian/control: There's no need for a dependency on login (now that it is - unversionned; see above) in the passwd package. - * debian/control: The passwd's Replaces on manpages-de can be versionned - again. The su(1) manpage was removed from manpages-de. - * debian/securetty.linux: Added ttyUSB0, ttyUSB1, ttyUSB2, and MPC5200 - serial ports (ttyPSC0, ttyPSC1, ttyPSC2, ttyPSC3, ttyPSC4, ttyPSC5). - Closes: #461374 - * debian/control: Change XS-X-Vcs-Svn to Vcs-Svn. Update the link to the - new repository layout. Add a Vcs-Browser field. - * debian/control: Added Homepage field. - * debian/passwd.postrm: Removed (was empty). - - -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Thu, 03 Apr 2008 01:31:10 +0200 - -shadow (1:4.1.0-2) unstable; urgency=low - - * The "Bleu des Causses" release - * Unversion the conflict with manpages-de for login, as it also provides - a German manpage for su(1). Closes: #460508 - - -- Christian Perrier <bubulle@debian.org> Sun, 13 Jan 2008 18:52:46 +0100 - -shadow (1:4.1.0-1) unstable; urgency=low - - [ Nicolas FRANCOIS (Nekral) ] - * The "Bleu d'Auvergne" release - * New upstream release. This closes the following bugs: - - usermod: Make usermod options independent of the argument order. - Closes: #451518 - - login: Improve logging of login when the user's passwd entry could not - be retrieved. Closes: #451521 - - Updated Russian translations. Thanks to Yuri Kozlov <kozlov.y@gmail.com>. - Closes: #452291, #452296 - - Section of newgrp fixed in the gshadow manpage. Closes: #454485 - - Remove patches applied upstream: - + 468_duplicate_passwd_struct_before_usage - + 495_salt_stack_smash - + 397_non_numerical_identifier - + 405_su_no_pam_end_before_exec - + 493_pwck_no_SHADOWPWD - + 497_newgrp_primary_group - + 409_man_generate_from_PO - + 410_newgrp_man_mention_sg - + 411_chpasswd_document_no_pam - + 494_passwd_lock - + 417_passwd_warndays - - Updated patches: - + debian/patches/504_undef_USE_PAM.dpatch - MD5_CRYPT_ENAB is back in login.defs to define the default crypt - algorithm. It is tagged as deprecated and ENCRYPT_METHOD is - recommended instead. New algorithms are also available. - Closes: #447747 - * Debian packaging fixes: - - debian/rules: compile with -W -Wall - - debian/rules: large files are now supported by configure. Remove - -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 from - CFLAGS. - - 479_chowntty_debug was debian specific. Renamed to 579_chowntty_debug - - Remove (not applied patch) 419_time_structures.dpatch. All its chunks - are already applied upstream (with some differences), except one chunk - which comes from 008_login_log_failure_in_FTMP. Fix - 008_login_log_failure_in_FTMP. This should fix some bugs causing invalid - faillog entries on 64 bit architectures with 32 bit compatibility. - - debian/securetty.linux: Add ttyS1. Better comments for the ttyS and xen - consoles. Add a note for the devfs consoles. They are no more needed for - most users. Closes: #454584 - - [ Christian Perrier ] - * debian/control - - Updated to Standards: 3.7.3.0 (checked, no change needed) - - -- Christian Perrier <bubulle@debian.org> Sat, 12 Jan 2008 20:40:02 +0100 - -shadow (1:4.0.18.2-1) unstable; urgency=low - - * The "Vacherin" release. - * New upstream version. This closes the following bugs: - - gpasswd manpage improvements. Closes: #445480 - - support for the resource limits "max nice value", and "max real time - priority" was added upstream. Note that it does not impact Debian - because shadow is compiled with PAM support on Debian. Closes: #442334 - - Finnish translation. Closes: #448233 - - Remove patches applied upstream: - + 438_su_GNU_origin - + 433_shadow.5-typo_312430 - + 402-clarify_usermod_usage - + 498_man_nonpam_undefined - + 301_passwd-typo-383216 - + 101_ja - + 102_de-fix-sorry - + 404_man-fr - + 103_man-de - + 104_man-sv - + 302_su_man_mention_sg - + 303_wording_fixes_in_su_man - + 201_fix_man_su_fr - + 202_it_man_uses_gettext - + 413_no-sorry-in-passwd - + 416_man-fr_newgrp - - The upstream tarball is now built with gettext 0.16. Remove - + 499_gettext-0.15 - - Significant changes to patches - + 397_non_numerical_identifier - usermod.c was already patched upstream; useradd.c was not. - + 467_useradd_-r_LSB - Simplifications. There should be no changes. - + 409_man_generate_from_PO - The Italian PO was added upstream. Patch the Italian Makefile. - * Upstream bugs not fixed in upstream's CVS: - - debian/securetty.linux: Added xvc0 and hvc0 consoles to the Linux's - consoles where root login is allowed. (triggered by #423389) - - debian/patches/417_passwd_warndays: Correct the long option name for - "-w" from "warning" to "warndays". Closes: #445481 - * Upstream translation updates: - - debian/patches/105_zh_CN: Update Simplified Chinese translation - Closes: #431287 - - debian/patches/416_man-fr_newgrp: Fix a typo in the French newgrp man - page. Thanks to Nicolas Aupetit. Closes: #439090 - * Debian packaging fixes: - - Fix typos in useradd default file. Thanks to Justin Pryzby. - - Fix typos in cppw.8. Thanks to Justin Pryzby. Closes: #447757 - - -- Christian Perrier <bubulle@debian.org> Tue, 30 Oct 2007 06:11:40 +0100 - -shadow (1:4.0.18.1-11) unstable; urgency=low - - * The "Baguette laonnaise" release - * Reactivate ECHOCTL in login after it disappeared in 4.0.8. Closes: #429758 - * Disable audit support. This fixes a failure to build from source. - Reported by Sesse - - -- Christian Perrier <bubulle@debian.org> Fri, 22 Jun 2007 19:33:01 +0200 - -shadow (1:4.0.18.1-10) unstable; urgency=low - - * The "Trappe d'Échourgnac" release - * Upstream bugs fixed in upstream's CVS: - - 302_su_man_mention_sg: mention sg(1) in su man page. Closes: #396690 - - 303_wording_fixes_in_su_man: minor wording fixes in su(1) - * Upstream bugs not fixed in upstream's CVS: - - 410_newgrp_man_mention_sg: mention sg(1) in newgrp man page - - 201_fix_man_su_fr: fix translation error in french translation for su(1) - - 202_it_man_uses_gettext: switch italian manpages to gettext. This will - fix missing paragraphs in translated manpages. Closes: #425689 - - 411_chpasswd_document_no_pam: Document that chgpasswd do not use PAM to - update the passwords. Thus functionnalities provided by PAM modules are - not present in chgpasswd (e.g. writting the old password in - /etc/security/opasswd). Closes: #396726 - - 412_lastlog_-u_numerical_range: allow numerical UID and range of IDs in - argument to lastog -u. Closes: #259494 - - 413_no-sorry-in-passwd: No longer print 'Sorry' when something - fails in passwd, su and newgrp. Closes: #384164 - - 414_remove-unwise-advices: Remove not so wise advices about choosing - passwords. Closes: #386818 - - 494_passwd_lock: set the account expiry field when using - "passwd -l/-u". Closes: #389183 - * Debian packaging fixes: - - 506_relaxed_usernames: do not allow spaces in usernames. This was at - least broken with username starting with a space or tabulation (the user - can be added but not removed). Closes: #400683 - - -- Christian Perrier <bubulle@debian.org> Sun, 17 Jun 2007 07:38:14 +0200 - -shadow (1:4.0.18.1-9) unstable; urgency=low - - * The "Etorki" release - * Fix debian/copyright and mention that the upstream site - is "temporarily?) no longer available. Closes: #423956 - Add the various copyrights from Marek, Andrzej and Tomasz - (deduced from the ChangeLog entries as upstream doesn't have an - explicit copyright file) - * Debian packaging fixes: - The 3 following entries fix the FTBFS when built twice in a row. - Closes: #424257 - - 498_man_nonpam_undefined: Do not patch the generated man/it/Makefile.in. - - 409_man_generate_from_PO: Generate the translated man pages at build - time. - - 200_regenerate_manpages: No more needed. - - - -- Christian Perrier <bubulle@debian.org> Tue, 15 May 2007 23:40:13 +0200 - -shadow (1:4.0.18.1-8) unstable; urgency=low - - * The "Feuille de Dreux" release - * New upstream version - * Debian packaging fixes: - - 505_useradd_recommend_adduser: Recommend using adduser and deluser for - regular operations. Closes: #406046 - - Versioned Build-Depends on gnome-doc-utils as we use the "-l" - switch of xml2po. Closes: #390110 - - Remove conflicts for packages that are only in Debian releases prior - to sarge: - - passwd: shadow-passwd, pam-apps, suidregister (<< 0.50), debconf (<< 0.5) - - login: shadow-login, pam-apps, secure-su, suidregister (<< 0.50) - - Remove all debconf configuration. This is now done in D-I and is - no longer useful on regular systems. Closes: #386529 - - Remove Replaces for packages that are only in Debian releases prior - - passwd: manpages (<=1.15-2), manpages-pl (<= 20020406-1) - - login: shadow-login, shadow-passwd, shellutils (<< 2.0-2), manpages-pl (<= 20020406-1) - - Remove unneeded Build-Depends: bzip2, file, texinfo, libpam-runtime - - /etc/default/useradd: Mentions the creation of primary user groups is - neither -n nor -g are specified. See also 407_adduser_disable_PUG_with-n - - no longer include /usr/bin/X11 in defaults PATH variable. Closes: #395890 - - set debhelper compatibility to 5 through debian/compat - - ignore a false positive lintian warning about - possible-missing-colon-in-closes in line 668 of the changelog - * Upstream bugs not yet fixed in upstream releases or CVS: - - 493_pwck_no_SHADOWPWD: SHADOWPWD no more exist. - pwck do not detect missing users in /etc/shadow. - - 466_fflush-prompt: Fix compilation error. - One call to yes_or_no was forgotten because it was in - commented code (which is now enabled). - - 406_vipw_resume_properly: Resume correctly after ^Z - Thanks to Dean Gaudet for the patch and report. Closes: #414542 - - 497_newgrp_primary_group: Do not request a password when a user uses - newgrp to switch to her primary group. Closes: #396691 - - 407_adduser_disable_PUG_with-n: Add option -n to useradd to disable the - creation of primary user groups. Closes: #416835 - - 408_passwd_check_arguments: Check the passwd arguments and fail with the - usage message if there are more than one non option arguments (i.e. - usernames). Closes: #410268 - * Upstream bugs fixed in upstream releases or CVS: - - 497_non_numerical_identifier moved as 397_non_numerical_identifier - because upstream applied it - - -- Christian Perrier <bubulle@debian.org> Mon, 07 May 2007 14:53:13 +0200 - -shadow (1:4.0.18.1-7) unstable; urgency=low - - * The "Pélardon" release - * Debian packaging fixes: - - debian/recode_manpages.sh: Recode the Swedish manpages to ISO-8859-1. - Closes: #403210 - - 200_regenerate_manpages: Manually generate the man pages. This fixes the - formatting of some pages (e.g. passwd.5); permits to propagate the Debian - changes to the translated manpages; and to benefit from the fixes in the - Swedish manpages (see 104_man-sv). - * Upstream bugs fixed upstream: - - 104_man-sv: Fix Swedish manpages's PO encoding (some characters were - converted twice to UTF-8). - * Upstream bugs or fixes not yet fixed in upstream releases or CVS: - - 405_su_no_pam_end_before_exec: Avoid terminating the PAM library in the - forked child. This is done later in the parent after closing the PAM - session. With pam_krb5, this allow users to reuse the cached credential - in the forked shell. Closes: #412061 - - -- Christian Perrier <bubulle@debian.org> Tue, 27 Feb 2007 06:51:44 +0100 - -shadow (1:4.0.18.1-6) unstable; urgency=low - - * The "Vieux Lille" release - * Upstream translation updates: - - debian/patches/404_man-fr: Fix the French translation of - passwd.1. Closes: #395537 - * Upstream bugs or fixes not yet fixed in upstream releases or CVS: - - 403_fix_PATH-MAX_hurd: fixed glibc error on Hurd by not freeing f - unconditionnally. Thanks to Michael banck for the patch fix - Closes: #402002 - * Upstream bugs fixed upstream: - - 103_man-de: early German translation of manpages. Updates - passwd manpage. Closes: #378899 - - -- Christian Perrier <bubulle@debian.org> Thu, 7 Dec 2006 19:10:50 +0100 - -shadow (1:4.0.18.1-5) unstable; urgency=high - - * The "Chaource" release - * Debconf translation updates. - - Wolof. - * Debian packaging fixes: - - 401_cppw_src.dpatch: - Fix cppw, which copied to /etc/passwd even with the -s switch. - Closes: #394182 - - -- Christian Perrier <bubulle@debian.org> Sat, 21 Oct 2006 23:33:20 +0200 - -shadow (1:4.0.18.1-4) unstable; urgency=low - - * The "Brocciu" release - * Debconf translation updates. Closes: #392193 - - Brazilian Portuguese. - - Finnish. - - Hindi. - - Hungarian. - - Indonesian. - - Norwegian Bokmål. - - Slovak. - - Turkish. - - Vietnamese. - - -- Christian Perrier <bubulle@debian.org> Tue, 17 Oct 2006 22:52:54 +0200 - -shadow (1:4.0.18.1-3) unstable; urgency=low - - * The "Gris de Lille" release - * Debian packaging fixes: - - debian/control: Use XS-X-Vcs-Svn: field - - debian/login.pam: add (commented) SELinux enabling entry - to prepare the system for SELinux. Closes: #387480 - * Upstream translation updates: - - debian/patches/102_de-fix-sorry: Fix the translation of "Sorry" in - German. Closes: #383045 - * Debconf translation updates: - - Spanish. Closes: #383812 - - Hebrew. Closes: #387635 - - -- Christian Perrier <bubulle@debian.org> Sun, 17 Sep 2006 08:54:22 +0200 - -shadow (1:4.0.18.1-2) unstable; urgency=low - - * The "Picodon" release - * Upstream translation updates: - - debian/patches/101_ja: Japanese. Closes: #381873 - * Debconf translation updates: - - Spanish. Closes: #383812 - * Upstream bugs fixed in upstream releases or CVS: - - debian/patches/301_passwd-typo-383216: fix a typo in passwd.1 - Closes: #383216 - * Upstream bugs not yet fixed in upstream releases or CVS: - - build with new gettext 0.15. This requires building with automake 1.9 - and a change in po/Makefile.in.in: 499_gettext-0.15. Closes: #384631 - - -- Christian Perrier <bubulle@debian.org> Fri, 25 Aug 2006 19:12:25 +0200 - -shadow (1:4.0.18.1-1) unstable; urgency=low - - * The "Laguiole" release - * New upstream version. - * Upstream bugs not yet fixed in upstream releases or CVS: - - 497_non_numerical_identifier: In useradd and usermod, only numerical - group identifiers were supported. - Closes: #381394, #381399, #381404, #381408, #381448 - - 498_man_nonpam_undefined: Fix a build failure. - * Debian specific fixes: - - 496_login_init_session: only start a new session if we are init. - - -- Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> Fri, 4 Aug 2006 18:50:53 +0200 - -shadow (1:4.0.18-1) unstable; urgency=low - - * The "Selles sur Cher" release - * New upstream version. This closes the following bugs: - - Fix the usermod's -a option. It should not take an - argument, -a it uses the -G argument. Closes: #380645 - - Galician translation. Closes: #378793 - - Basque translation. Closes: #378794 - - Russian translation. Closes: #378911 - * Debian packaging fixes: - - login.defs: do not mention GETPASS_ASTERISKS since it is no more used. - Thanks to Mike Frysinger for noticing it. - - 506_relaxed_usernames: Fix the regular expression of the accepted user - name in the useradd man page. Closes: #377844 - - Add Nicolas FRANCOIS to the Uploaders. - - Remove the NEWS entry for version 1:4.0.17-1. It was meant to warn - testing's users and is not meant for Etch users. - - manpages-it 0.3.4-3 do not collides with passwd anymore. Update the - Replaces field accordingly. - * Debconf translation updates: - - Japanese translation updated. Closes: #379954 - - -- Christian Perrier <bubulle@debian.org> Sun, 16 Jul 2006 11:41:24 +0200 - -shadow (1:4.0.17-2) unstable; urgency=low - - * The "La Marseillaise 2006" release - * Upstream bugs not yet fixed in upstream releases or CVS: - - 495_salt_stack_smash: chpasswd/chgpasswd does not break if compiled - with SSP. Closes: #377825 - - 496_login_init_session: Make login initialize a session so that - ^C and ^Z work when used while booting with "init=/bin/login" - Closes: #374547 - - -- Christian Perrier <bubulle@debian.org> Fri, 14 Jul 2006 13:05:53 +0200 - -shadow (1:4.0.17-1) unstable; urgency=low - - * The "Sainte-maure de Touraine" release - * New upstream version. This closes the following bugs: - - Russian translation. Closes: #374998 - - Khmer translation. Closes: #375065 - - Nepali translation. Closes: #375485 - - Korean translation. Closes: #375243 - - Vietnamese. Closes: #375086 - * Debian specific fixes: - - 503_shadowconfig.8: fix a typo in the French manpage (README.debian - instead of README.Debian). Thanks to Mohammed Adnène Trojette. - - 508_nologin_in_usr_sbin: keep nologin in /usr/sbin. - * Debian packaging fixes: - - passwd.postinst: Modified call to shadowconfig as "install" is not - a documented argument to postinst. Thanks to Justin Pryzby for - spotting that one and proposing a fix. Closes: #374457 - - passwd.templates: use "for internal use" as template for untranslatable - templates which will save some lintian warnings with future - versions of lintian - * Debconf translation updates: - - Lituanian translation updated. Closes: #374313 - - Dutch translation updated. Closes: #377003 - * Upstream bugs fixed upstream: - - debian/patches/301_useradd-375040: create the mail spool files during - user creation when CREATE_MAIL_SPOOL=yes. Closes: #375040 - Thanks to Stephen Gran for helping out with the correct patch. - - -- Christian Perrier <bubulle@debian.org> Wed, 12 Jul 2006 22:55:13 +0200 - -shadow (1:4.0.16-2) unstable; urgency=low - - * The "Valençay" release - * Upstream bugs or fixes not yet fixed in upstream releases or CVS: - - 403_fix_PATH-MAX_hurd: fix FTBFS on Hurd. Thanks to Michael Banck - for the fix. Closes: #372155 - - -- Christian Perrier <bubulle@debian.org> Sat, 10 Jun 2006 15:31:12 +0200 - -shadow (1:4.0.16-1) unstable; urgency=low - - * The "Cabécou" release - * New upstream release - * Added build dependency on gnome-doc-utils so that xml2po is available - for building - * Debian specific fixes: - - 504_undef_USE_PAM.dpatch: do not use PAM for chgpasswd - Closes: #369439 - - debian/rules, debian/passwd.install: cleanup - The limits.5 man page is no more installed by upstream. (It wasn't - neither on Debian). - - no more distribute the login.access.5 and porttime.5 man pages. - (not used when login uses PAM) - - 592_manpages_typos: add another fix for the XML man pages (useradd.8) - It is needed by the current version of docbook-xsl in Debian (1.68). - Closes: #369806 - * Debian packaging fixes: - - ignore some lintian warnings about templates writing style for - untranslatable templates - * Read /etc/default/locale in su PAM config file - Closes: #369391 - - -- Christian Perrier <bubulle@debian.org> Wed, 7 Jun 2006 20:23:36 +0200 - -shadow (1:4.0.15-10) unstable; urgency=high - - * The "Emmental" release - * Upstream bugs or fixes fixed in upstream releases or CVS: - - Fix for CERT VU#312962 - + check the return value of fchown before fchmod when the mailbox is - created by useradd - + The patch also uses login.defs::MAIL_DIR instead of /var/mail. - * Reading /etc/default/locale is back in login PAM config file - after brainstorming with Steve. Closes: #368102 - * Debian specific fixes - - Patches cleanup: - + remove 004_configure.in.dpatch (not used since a long time). - + rename 404_undef_USE_PAM.nolibpam and 404_undef_USE_PAM.dpatch to - 504_xxx as they are debian specific. - + rename 407_32char_grnames.dpatch to 507_xxx for the same reason. - + rename 432_login_cancel_timout_after_authentication to 332_xxx, - because it is already applied upstream. - + Likewise for 461_keep_sticky_bit_for_dirs, 486_chgpasswd.8 and - 492_correct_exit_status_for_run_commands - - -- Christian Perrier <bubulle@debian.org> Thu, 18 May 2006 01:44:56 -0500 - -shadow (1:4.0.15-9) unstable; urgency=low - - * The "Coulommiers" release - * Debian specific fixes - - 506_relaxed_usernames: better wording of the explanations about - the constraints on usernames in Debian. Closes: #364909 - - -- Christian Perrier <bubulle@debian.org> Wed, 17 May 2006 21:23:36 -0500 - -shadow (1:4.0.15-8) unstable; urgency=low - - * The "Tomme de Savoie" release - * Upstream bugs or fixes not yet fixed in upstream releases or CVS: - - 487_passwd_chauthtok_failed_message: Add an informative message - When password couldn't be changed in passwd when chauthok fails - Closes: #352137 - * Debian packaging fixes: - - stop reading /etc/default/locale in addition to /etc/environment - in the PAM configuration file for login and su - - -- Christian Perrier <bubulle@debian.org> Tue, 16 May 2006 20:09:17 -0500 - -shadow (1:4.0.15-7) unstable; urgency=low - - * The "Abondance" release - * Fix UNRELEASED in the NEWS.Debian file. Closes: #364752 - * debian/control - - Updated to Standards: 3.7.2.0 (checked, no change needed: we were - already compliant) - * Debconf translation updates: - - Dutch translation updated. Closes: #363690 - * Debian specific fixes: - - 406_good_name: Better description of what usernames are recommanded or - allowed in useradd(8). Thanks to Reuben Thomas. Closes: #364909 - * Upstream bugs or fixes fixed in upstream releases or CVS: - - 303_usermod_-a_in_man. Document -a in usermod man page. Closes: #365091 - - 402-clarify_usermod_usage. Move -a close to -G. Closes: #363033 - - Programs translation updates or fixes: - - 351_nl-359913: Fix typo in Dutch translation. Closes: #359913 - - 352_id-361186: Complete Indonesian translation. Closes: #361186, #361187 - - 353_hu-362749: New Hungarian translation. Closes: #362749 - - -- Christian Perrier <bubulle@debian.org> Thu, 4 May 2006 20:53:35 +0200 - -shadow (1:4.0.15-6) unstable; urgency=high - - * The "Beaufort" release - * Debian packaging fixes: - - Change the Conflicts on backupninja from (<= 0.9.3-4) to (<< 0.9.3-5). - - Set a version Conflicts with gnunet. - - -- Christian Perrier <bubulle@debian.org> Mon, 17 Apr 2006 15:18:05 +0200 - -shadow (1:4.0.15-5) unstable; urgency=high - - * The "Ossau-Iraty" release - * Debian packaging fixes: - - Add a NEWS entry for the new su behavior introduced in 1:4.0.15-2 - - explicitely set DEB_HOST_ARCH_OS to avoid FTBFS on autobuilder now - that sudo doesn't pass environment variables explicitely - - -- Christian Perrier <bubulle@debian.org> Sat, 15 Apr 2006 10:05:05 +0200 - -shadow (1:4.0.15-4) unstable; urgency=high - - * The "Fourme d'Ambert" release - * Debian packaging fixes: - - set a versioned Conflict with python-4suite. - - -- Christian Perrier <bubulle@debian.org> Sat, 8 Apr 2006 20:11:38 +0200 - -shadow (1:4.0.15-3) unstable; urgency=high - - * The "Neufchâtel" release - * Debian packaging fixes: - - set a versioned Conflict with amaviwsd-new. Closes: #360856, #360567 - - -- Christian Perrier <bubulle@debian.org> Wed, 5 Apr 2006 08:50:21 +0200 - -shadow (1:4.0.15-2) unstable; urgency=low - - * The "Pavé d'Auge" release - * Debian packaging fixes: - - Only replace manpages-es << 1.55-4. Thanks to Rubén - - Include chgpasswd in shipped files. Really Closes: #355070 - - parse /etc/default/locale for locale environment variables in login and - su default PAM configuration files. Thanks to Denis Barbier for the - patch. Closes: #359163 - - su: Do not concatenate the additional arguments, and support an - environment variable to revert to the old Debian's su behavior. - Closes: #276419 - To avoid breaking packages using the old-style way to pass - arguments, set Conflicts with "gnunet, amavisd-new, python-4suite, - backupninja (<= 0.9.3-4), echolot (<< 2.1.8-4)" - - 467_useradd_-r_LSB. Do not forgot to change the owner of the new home - directory. Closes: #360179 - * Upstream bugs or fixes not already fixed in upstream releases or CVS: - - 486_chgpasswd.8: add a manpage for chgpasswd. - * Upstream bugs or fixes fixed in upstream releases or CVS: - - 492_correct_exit_status_for_run_commands: correct the exit status of su - when the invoked command fails. Closes: #360276 - - -- Christian Perrier <bubulle@debian.org> Sun, 2 Apr 2006 12:45:49 +0200 - -shadow (1:4.0.15-1) unstable; urgency=low - - * The "Livarot" release - * Ack the previous changes uploaded to experimental except for #276419 - * New upstream release - - chpasswd.8: Rewrite the CAVEATS section. Closes: #355010 - - Updated translation for: - * Indonesian Closes: #345514, #347198 - * Swedish Closes: #346017, #346449, #352276 - * Slovak Closes: #346376, #349898, #352028 - * Romanian Closes: #347755, #352712 - * Galician Closes: #347943, #352444, #355587 - * Italian Closes: #348339, #352345 - * Greek Closes: #348713 - * Russian Closes: #349193 - * Basque Closes: #349496 - * Catalan Closes: #353898 - * Vietnamese Closes: #352310 - * Italian Closes: #356610 - - lastlog: Warn if non-option argument are provided. Closes: #349560 - - chgpasswd: new utility. Closes: #355070 - * Debian packaging fixes: - - Only replace manpages-ko << 20050219-2. Thanks to the Debian QA Group. - - Only replace manpages-fi << 0.2-4. Thanks to the Debian QA Group. - - Only replace manpages-de << 0.4-10. Thanks to Daniel Kobras - - Only replace manpages-es-extra << 0.8a-15. Thanks to Javier - Fernandez-Sanguino Peña. - * Upstream bugs or fixes not already fixed in upstream releases or CVS: - - 467_useradd_-r_LSB: add a "-r" option for adding system users - for LSB compatibility. Closes: #333706 - This patch, announced in 4.0.14-7 was indeed not applied. - * Debconf translation updates: - - Punjabi translation renamed to pa.po after debian-i18n decision - - -- Christian Perrier <bubulle@debian.org> Tue, 21 Mar 2006 12:37:01 +0100 - -shadow (1:4.0.14-9) unstable; urgency=high - - * passwd.postinst: On upgrades from any prior version, chmod 600 various - base-config and d-i log files that might contain sensative information, - including in some cases, passwords. Closes: #356939 - - -- Christian Perrier <bubulle@debian.org> Wed, 15 Mar 2006 08:03:43 +0100 - -shadow (1:4.0.14-8) experimental; urgency=low - - * The "Salers" release - * Debconf translation updates: - - Dutch updated. Closes: #354593 - * Debian packaging fixes: - - move the @include statements at the end of pam configuration files. - This is of no important with the Debian default common-* files - but would lead to unexpected results if the local admin adds - "sufficient" lines in these common-* files - - make sure debian/recode_manpages.sh fails if a page can't be recoded. - - more bulletproof string checks in passwd.config (related to: #355268). - - Do not use type-handling for the dependency on libselinux1-dev. - Use an explicit list of arches. Thanks to Guillem Jover. - - su: Do not concatenate the additional arguments, and support an - environment variable to revert to the old Debian's su behavior. - Closes: #276419 - * Upstream bugs fixed in upstream CVS: - - make passwd.1 synopsis consistent with other man pages - Closes: #352136 - - -- Christian Perrier <bubulle@debian.org> Mon, 6 Mar 2006 06:54:42 +0100 - -shadow (1:4.0.14-7) unstable; urgency=low - - * The "Carré d'Aurillac" release (let's stay in Cantal) - * Upstream bugs or fixes not already fixed in upstream releases or CVS: - - 467_useradd_-r_LSB: add a "-r" option for adding system users - for LSB compatibility. Closes: #333706 - - 493_selinux_no_proc: - Only check selinux_check_passwd_access on SELinux enabled system. - This fix issues in passwd, chage, chfn and chsh when /proc is not - mounted. Closes: #352494 - * Debian packaging fixes: - - Stop replacing manpages-it (login only, newusers is still conflicting on - passwd) and manpages-hu as new releases removed the conflicting manpages - - passwd.config: - Better POSIX compliance and avoid failure if root password is set to '!' - Thanks to Vagrant Cascadian for reporting and providing the patch - Closes: #353813 - - -- Christian Perrier <bubulle@debian.org> Wed, 22 Feb 2006 06:58:47 +0100 - -shadow (1:4.0.14-6) unstable; urgency=low - - * The "Cantal" ("Vieux" flavour) release - * Upstream bugs or fixes not already fixed in upstream releases or CVS: - - 491_configure.in_friendly_selinux_detection: - Detect that selinux is not present without failing. - - 492_manpages_typos: - Fix a typo in the passwd manpage "TheUNIX". Closes: #352135 - - -- Christian Perrier <bubulle@debian.org> Fri, 10 Feb 2006 16:50:59 +0100 - -shadow (1:4.0.14-5) unstable; urgency=low - - * The "Roquefort" release - * Upstream bugs or fixes not already fixed in upstream releases or CVS: - - 489_useradd_allow_non_uniq_uid: - Allow non-unique UID when -o is specified. Closes: #351281 - - 490_useradd_always_unlock_group_databases: - Always remove the lock on the group and gshadow databases. - CLoses: #348250 - - 463_login_delay_obeys_to_PAM: - Do not hardcode pam_fail_delay and let pam_unix do its job to - set a delay...or not - CLoses: #87648 - * Debian packaging fixes: - - Build with SE Linux support for Linux architectures - (and do not link the tools without SELinux support with the selinux - library: 490_link_selinux_only_when_needed) - Closes: #351631 - - -- Christian Perrier <bubulle@debian.org> Thu, 9 Feb 2006 19:04:58 +0100 - -shadow (1:4.0.14-4) unstable; urgency=low - - * The "Cancoillotte" release - * Debian specific fixes: - - recode_manpages.sh was not called after the switch to CDBS. - The man pages were all distributed in UTF-8 - - Encode the (Debian) shadowconfig manpages in UTF-8 so that - recode_manpages.sh can be used on all manpages - - do not build login on The Hurd - Closes: #349356 - - debian/rules: - additional cleanups - * Upstream bugs or fixes not already fixed in upstream releases or CVS: - - 485_shell-env-exitcodes: - - explicitly pass environment to shell() as 3rd argument - - return errno from shell() - - introduce E_CMD_NOTFOUND/E_CMD_NOEXEC exitcodes - * Debconf translation updates: - - Danish updated. Closes: #348571 - - -- Christian Perrier <bubulle@debian.org> Sun, 15 Jan 2006 16:27:15 +0100 - -shadow (1:4.0.14-3) unstable; urgency=low - - * The "Pont-L'Évêque" release - * Upstream bugs or fixes not already fixed in upstream releases or CVS: - - 479_chowntty_debug: - - produce more helpful syslog message[s] when is_my_tty() fails - (see bug #332198). - - 462_warn_to_edit_shadow: - - warn users to edit the shadow file when using vipw or vigr - Closes: #62821 - - 480_getopt_args_reorder: - - Allow SU options to be passed after - or the username - - 481_userdel_remove_remove_group: - - User's group was removed twice, which caused warnings - - 461_keep_sticky_bit_for_dirs: - - keep the sticky bit in the directory copied by useradd in the - skeleton or by usermod. - Closes: #296729 - - 482_libmisc_copydir_check_return_values: - - check the return value of system calls in copy_tree - - 483_su_fakelogin_wrong_arg0: - - shell's name must be -su when su is faking a login shell. - Closes: #347747 - - 484_su-p_preserve_PATH: - - -p did not preserve the PATH environment variable when su started a - shell (no -c). - Closes: #347935 - * Debian specific fixes: - - debian/rules: - - switch to cdbs for package build - - -- Christian Perrier <bubulle@debian.org> Sun, 15 Jan 2006 15:03:56 +0100 - -shadow (1:4.0.14-2) unstable; urgency=low - - * The "Vieux brie" release - * Missing dependency on docbook-xml and libxml2-utils - Closes: #346395 - - -- Christian Perrier <bubulle@debian.org> Sat, 7 Jan 2006 19:08:36 +0100 - -shadow (1:4.0.14-1) unstable; urgency=low - - * The "Crottin de Chavignol" release - * New upstream release. This release fixes the following issues: - - French useradd no longer documents nonexisting -n option - Closes: #340578 - - Russian translation update. Closes: #340826 - - Fix German translation. Closes: #338373 - - Swedish translation update. Closes: #334264 - - Ukrainian translation update. Closes: #335381 - - Tagalog translation update. Closes: #336649 - - French translation update. Closes: #338410 - - Simplified Chinese translation update. Closes: #339554 - - Russian man pages translation update. Closes: #340828 - * Upstream bugs not already fixed in upstream releases or CVS: - - 468_duplicate_passwd_struct_before_usage - Duplicate the passwd structures retrieved by getpwnam before calling - PAM. Closes: #341230 - * Debian specific fixes: - - 502_fix_generated_man_pages - remove the occurences of ’ which is not supported by the current version - of docbook-xsl in Debian. Closes: #341489 - * Debconf translation updates: - - Basque updated. Closes: #342102 - - Catalan updated. Closes: #344964 - * Debian packaging fixes: - - debian/rules, debian/login.files, debian/passwd.files: - Use dh_install instead of old dh_movefiles for moving files from - debian/tmp and rename {login, passwd}.files to {login,passwd}.install - Closes: #343534 - - debian/rules: - debian/rules: stop building login for Hurd, which breaks bootstrap - Thanks to Michael Banck for the patch. Closes: #343473 - - debian/passwd.config: - call programs using [a-z] under a C locale. Thanks Denis Barbier - for the patch. Closes: #343595 - - debian/rules, debian/shells, debian/passwd.postinst: - Remove the /usr/share/passwd/shells files and the postinst code that - installed it as /etc/shells. This is now done by debianutils. - Closes: #342858 - - Also remove README.shells, which should be distributed by debianutils. - - debian/passwd.postrm: - Do not remove /etc/shells on purge. Closes: #345659 - - Fix the version of an old entry in NEWS.Debian - - Do not distribute the pam.d files for commands with disabled PAM support - (chage, chpasswd, groupadd, groupdel, groupmod, useradd, userdel, - usermod) - - -- Christian Perrier <bubulle@debian.org> Fri, 6 Jan 2006 07:42:52 +0100 - -shadow (1:4.0.13-7) unstable; urgency=low - - * The "Chabichou" release - * Debian packaging fixes: - - debian/rules, debian/login.links, debian/passwd.links: - Use dh_link for setting up symlinks - - get rid of initial-passwd-udeb as D-I will now use its - own udeb (user-setup-udeb) - * Debconf translation updates: - - Portuguese updated. Closes: #338767 - - Korean updated. Closes: #339011 - - Ukrainian updated. Closes: #338878 - - Galician updated. Closes: #338908 - - German updated. Closes: #339660 - - Romanian updated. Closes: #340097 - * Upstream fixes which will reach next upstream version - - 460_vipw-quiet: vipw logs "unchanged" message to stdout - and offers a quiet mode. Closes: #190252 - - -- Christian Perrier <bubulle@debian.org> Sun, 20 Nov 2005 16:04:54 +0100 - -shadow (1:4.0.13-6) unstable; urgency=low - - * The "Saint-Nectaire" release - * Debian packaging fixes: - - passwd.config: - Add "seen false" for passwd/root-password and - passwd/root-password-again when entered root passwords mismatch or are - empty. Thanks to Tollef Fog Heen for noticing. - * Debconf translation updates: - - Simplified Chinese updated. Closes: #338075 - - -- Christian Perrier <bubulle@debian.org> Thu, 10 Nov 2005 17:07:14 +0100 - -shadow (1:4.0.13-5) unstable; urgency=low - - * The "Fourme de Montbrison" release - * Debian packaging fixes: - - passwd.config: - Add a variable quoting which probably prevented users to - preseed a locked password for root and fix a logic error in the script - Working user password crypted preseeding (it probably failed earlier) - * Debconf translation updates: - - Russian updated. Closes: #337370 - - -- Christian Perrier <bubulle@debian.org> Tue, 1 Nov 2005 18:10:30 +0100 - -shadow (1:4.0.13-4) unstable; urgency=low - - * The "Comté" release (let's make Nicolas happy) - * Debian packaging fixes: - - initial-passwd-udeb: - Grab last version of Ubuntu code to get rid of the mktemp error - This virtually closes bug 336321 but we keep it opened to be sure - that noone imagines pushing this version to testing. - * Upstream fixes which will reach next upstream version - - 467_usermod_longopts: add long options support to usermod. - Closes: #260149 - - 366_fflush-prompt: fflush prompts to allow scripting. Closes: #333138 - - -- Christian Perrier <bubulle@debian.org> Tue, 1 Nov 2005 13:04:09 +0100 - -shadow (1:4.0.13-3) unstable; urgency=high - - * The "Trou du Cru" release (actually, the one deserving this name is me) - * Urgency set to high to avoid breaking D-I for too long - * Debian packaging fixes: - - debian/control: - - Make initial-passwd-udeb priority extra to avoid breaking all D-I - images - - -- Christian Perrier <bubulle@debian.org> Sun, 30 Oct 2005 06:52:26 +0100 - -shadow (1:4.0.13-2) unstable; urgency=low - - * The "Pouligny St-Pierre" release - * Debian packaging fixes: - - debian/control: - - manpages-ja: versioned Replaces as the man pages have now been - removed - - manpages-ko: versioned Replaces as the man pages have now been - removed - - debian/login.defs: - - fix a typo. - - early release of a (currently not used) udeb to allow user creation - and password setting to be done in D-I first stage - Patch taken from Ubuntu. Thanks to Colin Watson for providing it. - - debian/copyright: - - for RMS clones sake, stop breaking Thy Holy GNU Copyright - Closes: #334870 - * Patches to upstream man pages, not yet applied upstream: - - debian/patches/457_document_useradd_groupadd_nis: - Document that low level utilities will certainly never - implement strange behaviour such as adding local users or groups with - logins existing in external databases - Closes: #282184 - - debian/patches/458_manpages_typos - Fix some typos in faillog.5, chage.1, chpasswd.8 - Thanks to A Costa <agcosta@gis.net> - Closes: #333995, #333994, #333993 - - debian/patches/459_better_document_useradd_-d - Better document, in useradd.8, that the home_dir specified - with -d is not created if it does not exist - Closes: #154996 - * Debconf translation updates: - - Norwegian Bokmal updated. Closes: #316732 - - Russian updated. Closes: #334250 - - Tagalog updated. Closes: #335158 - - Swedish updated. Closes: #335319 - - Italian updated. Closes: #335856 - - -- Christian Perrier <bubulle@debian.org> Tue, 25 Oct 2005 11:46:31 +0200 - -shadow (1:4.0.13-1) unstable; urgency=low - - * The "Maroilles" release - * New upstream version: - Debian bugs fixed by the new upstream version: - - faillog: Do not oversimplify the date of the last unsuccessful login - Closes: #89902 - - login.1: also mention securetty(5). Closes: #325773 - - chfn.1, chsh.1, groupadd.8, newusers.8, pwconv.8 - useradd.8, userdel.8, usermod.8: - Improved crossreferences with other manpages - Closes: #300892 - - newgrp.1: - Improved documentation of how group passwords work - Closes: #325558 - - passwd.c: - The usage line is no more too terse - Closes: #146779 - * Patches to upstream man pages, not yet applied upstream: - - debian/patches/452_doc_password_check_order: - Document the order for checking the password strength - Closes: #115380 - * Debian packaging fixes: - - debian/login.su.pam: - - pam_wheel example moved after pam_rootok in config. - Also documents that with 'pam_wheel.so group=foo', root may need to - be in the foo group. Closes: #330630, #330855 - - pam_env turned to be used as a session module which it is designed - to be. Thanks to Steinar H. Gunderson who pointed this out and - Steve Langasek and Andrew Suffield who suggested the right solution. - - debian/control: - - manpages-es-extra: versioned Replaces as the man pages have now been - removed - - manpages-de: versioned Replaces as the man pages have now been - removed - - manpages-hu: versioned Replaces as the man pages have now been - removed - - debian/rules: - - pack upstream's NEWS file into login and passwd. Closes: #331487 - - pack login.defs and its manpages into "passwd" instead of "login" - package for the Hurd platform. Closes: #249372 - - copy upstream's changelog. Closes: #331487 - - debian/passwd.config, debian/passwd.templates: - - allow preseeding the root (and user) password with a MD5 hash - Closes: #275343, #304352 - Thanks to Colin Watson for the Ubuntu patch - - the above also allows preseeding a disabled password for root - Closes: #304343 - - add passwd/user-uid template, which can be preseeded to force the - initial user to have a certain uid. - Thanks to Colin Watson for the Ubuntu patch - - allow hyphens in username - Thanks to Colin Watson for the Ubuntu patch (Ubuntu #15721) - - debian/login.defs: - - document the obsoleted by PAM ENV_HZ variable. Closes: #265613 - - better document the real use of USERGROUPS_ENAB. Closes: #282822 - - debian/add-shell, debian/remove-shell, debian/add-shell.8, - debian/remove-shell.8: - - utilities moved to debianutils. Add a versioned "Depends" line on - debianutils so that passwd cannot be upgraded when the new - debianutils version including these utilities isn't available - Closes: #208514, #268656, #269573, #293171 - * Debconf translation updates: - - Swedish updated. Closes: #332711 - - -- Christian Perrier <bubulle@debian.org> Mon, 10 Oct 2005 23:15:47 +0200 - -shadow (1:4.0.12-6) unstable; urgency=low - - * The "Reblochon" release - * Debian packaging fixes: - - debian/control: - More accurate Replaces lines for manpages-* packages which have - been fixed: - - manpages-ru - - manpages-fr - - manpages-fi (removed because distributes translations we don't have) - - manpages-pt (removed because distributes translations we don't have) - - manpages-tr (removed because distributes translations we don't have) - - manpages-zh for login - (removed because distributes translations we don't have) - - debian/login.pam, debian/login.su.pam: - - use "readenv=1" with pam_env so that /etc/environment settings are - used. Thanks to Konrad Jelen for pointing it - - use "pam_mail" for login and su to display the user's new mail status - (for login only) and set the MAIL environment variable - Add a comment about the need to *also* define MAIL_DIR and possibly - MAIL_FILE in /etc/login.defs so that userdel behaves properly - Closes: #330420 - - Really add /etc/pam.d/passwd. Closes: #330870 - - Enable pam_group by default in login. Closes: #124293 - - debian/login.defs: - Better document the real and future use of MAIL_DIR and MAIL_FILE - * Upstream bugs not already fixed in upstream releases or CVS: - - 451_login_PATH: set PATH according to ENV_SUPATH and ENV_PATH for login - Closes: #330803 - - -- Christian Perrier <bubulle@debian.org> Wed, 28 Sep 2005 19:59:31 +0200 - -shadow (1:4.0.12-5) unstable; urgency=low - - * Really add /etc/pam.d/su. Closes: #330291 - - -- Christian Perrier <bubulle@debian.org> Wed, 28 Sep 2005 19:59:31 +0200 - -shadow (1:4.0.12-4) unstable; urgency=low - - * The "Epoisses" release - * Debian packaging fixes: - - debian/control: - Add a few more Replaces for broken manpages-xx packages - which provide random man pages for software they don't - provide. Closes: #330526, #330338 - * Use dh_installpam correctly so that /etc/pam.d/su really exists - Closes: #330291 - * Change section to admin because of the restructuration of the "base" - section by the ftpmasters - - -- Christian Perrier <bubulle@debian.org> Tue, 27 Sep 2005 07:20:44 +0200 - -shadow (1:4.0.12-3) unstable; urgency=low - - * The "Langres" release - * Debian packaging fixes: - - debian/control: - login now replaces manpages-de because of conflicting login.1 - manpage. Closes: #330247 - - -- Christian Perrier <bubulle@debian.org> Tue, 27 Sep 2005 07:20:44 +0200 - -shadow (1:4.0.12-2) unstable; urgency=low - - * The "Boulette d'Avesnes" release - * Debian packaging fixes: - - debian/useradd.default: - File added and installed as /etc/default/useradd to provide - "safe" defaults to useradd and, for instance, have it create users - with a shell. Closes: #293492 - - -- Christian Perrier <bubulle@debian.org> Thu, 22 Sep 2005 07:34:29 +0200 - -shadow (1:4.0.12-1) experimental; urgency=low - - * The "Munster" release - * New upstream release - * Bugs fixed by the move to upstream release: - - Portuguese translation update. Closes: #323069 - * Debian packaging fixes: - - Fix a bug number in the previous changelog entry (s/155297/155279/). - - Patches for man pages reduced to only patch XML files: - 441, 440, 333, 421, 424, 442, 444 - - Reduce 005 patch to only patch useradd.8.xml (other changes - have been fixed upstream and we assume that the man pages are - generated from the XML files). - Move the patch for the su man page (wich explain the 437_* patches) - to 437_su_add_GNU_options_7 - - Disable patches now applied upstream: - 002, 336, 363, 443_man_it_Makefile.am, 364 - - login.defs: - Entries moved to obsolete sections: - CLOSE_SESSIONS, LOGIN_STRING, NO_PASSWORD_CONSOLE, QMAIL_DIR - ULIMIT - - NEWS.Debian: added - - Ship a (currently useless) PAM configuration file for chage, useradd, - usermod, userdel, groupadd, groupmod, groupdel, including - pam_rootok.so alone - - use dh_installpam to install PAM configuration files - - start the cleanup of the unused patches list - - debian/passwd.config: - No more endless loops when the user passwords mismatch - Closes: #325910 - * Upstream bugs not already fixed in upstream releases or CVS: - - 443_chage_exit_values: now exit with errorlevel=15 when no - shadow password exists (was previously 3 but upstream now uses it) - - 447_missing_login.defs_variables: verify the list of login.defs - variables used and update the getdef.c and login.def files accordingly. - * Debconf translation updates: - - German updated. Closes: #321761 - - Romanian updated. Closes: #323575 - - Dutch updated. Closes: #323756 - * Upstream bugs already fixed in upstream releases or CVS: - - 448_enable_man: man pages are generated from the XML files. - - -- Christian Perrier <bubulle@debian.org> Thu, 25 Aug 2005 08:38:53 +0200 - -shadow (1:4.0.11.1-1) experimental; urgency=low - - * New upstream release. - * Bugs fixed by the move to upstream release: - - Stop documenting about passing env variables at login prompt - Closes: #95213 - - Correct reference to vi(1) man page in vipw(1) - Closes: #260636 - * Debian packaging fixes: - - Enable the use of pam_env for su. Needed a fix which appeared - in upstream 4.0.6 - Closes: #155279, #202840, #287108 - * Debconf translation updates: - - Macedonian updated. Closes: #320229 - - -- Christian Perrier <bubulle@debian.org> Tue, 26 Jul 2005 09:17:40 +0200 - -shadow (1:4.0.3-39) unstable; urgency=low - - * Debian packaging fixes: - - moved `shadowconfig on` from .preinst to .postinst - Closes: #319138 - - debian/passwd.linda-overrides, debian/login.linda-overrides, debian/rules: - Add file permissions overrides for linda similar to those we have for lintian - - debian/login.lintian-overrides: - No more file permission overrides for login - - debian/passwd.config: - let error messages from shadowconfig (and therefore underlying - pwck/grpck tools which use stdout for this purpose) to reach stdout - instead of getting into /dev/null. This helps error diagnostics and - supposedly Closes: #319136 - * Programs translation updates: - - French completed. - * Man pages translation updates: - - 207_id-manpages: correct Indonesian manpages so that they do not - fail lexgrog tests by linda - - 206_ko-manpages: correct Korean manpages so that they do not - fail lexgrog tests by linda - * Debconf translation updates: - - Arabic updated from Arabeyes repository - - -- Christian Perrier <bubulle@debian.org> Fri, 22 Jul 2005 18:42:24 +0200 - -shadow (1:4.0.3-38) unstable; urgency=low - - * The "La Marseillaise" release - * Debian packaging fixes: - - changed debian/rules to generate non-versioned "Depends: login" - entry for hurd's "passwd" package. This allows to use native - Hurd's login/su, because "hurd" package seems to provide "login". - See: #249372 (I don't claim the bug to be dealt with though -- - it's still not clear whether the newly built "login" package for - Hurd is functional). - - Enable shadow by default on firsttime installation even when the package - is not reconfigured (ie also when not called from base-config). - Thanks to Bastian Blank for the patch and comments - Closes: #316219 - - Build shadow with debugging. Closes: #204644 - * Programs translation updates: - - Hebrew translation disabled. Closes: #317805 - - Portuguese updated. Closes: #318190 - - Vietnamese updated. Closes: #318257 - * Debconf translation updates: - - Estonian updated. Closes: #317719 - - Hebrew updated - * Upstream bugs already fixed in upstream releases or CVS: - - Modified 356_su-stop_cont-proxy to block TSTP, TTIN, TTOU, QUIT - and HUP -- to do the same as in newgrp.c - Closes: #317747 - - -- Christian Perrier <bubulle@debian.org> Thu, 14 Jul 2005 10:14:23 +0200 - -shadow (1:4.0.3-37) unstable; urgency=low - - * The "Camembert" release - * Upstream bugs not fixed in upstream releases or CVS: - - 442_useradd.8-O - Document useradd's "-O" option - Closes: #304934 - * Debconf translation updates: - - Indonesian updated (sent by translator to Christian Perrier) - - Bulgarian updated. Closes: #317327 - - Vietnamese added (sent by translator to Christian Perrier) - - Wolof added (sent by translator to Christian Perrier) - Closes: #317532 - * Man pages translation updates: - - Really remove the too outdated Korean translation of newgrp.1 - which doesn't even mention sg - * Programs translation updates: - - debian/patches/117_id: - - Indonesian translation update (sent by translator to Christian Perrier) - * Debian packaging fixes: - - login.defs - Fix a typo (s/dmesg/mesg/), thanks to Maximilian Attens - Closes: #317236 - - Fix FTBFS for GNU/Hurd and GNU/kFreeBSD - - securetty.kfreebsd-gnu renamed to securetty.kfreebsd - - securetty.netbsd-gnu renamed to securetty.netbsd - - securetty.gnu renamed to securetty.hurd - Closes: #317304 - * Upstream bugs not fixed in upstream releases or CVS: - - 443_chage_exit_values - chage: change the exit value to 3 when chage fails because the system is - not shadow enabled. - Closes: #317012 - - 426_grpck_group-gshadow_members_consistency - grpck/pwck: fix segmentation faults - Closes: #317366 - - 423_su_arguments_are_concatenated, 423_su_pass_args_without_concatenation - revert the patch done for #276419, because it breaks pbuilder and other - packages. Also document the Debian su behavior. - su behave differently from FreeBSD or SUN; this issue will have to be - handled latter (re-open #276419). - Closes: #317264 - - -- Christian Perrier <bubulle@debian.org> Wed, 6 Jul 2005 03:13:37 +0300 - -shadow (1:4.0.3-36) unstable; urgency=low - - * Debian specific programs fixes: - - Re-enable logging and displaying failures on login when login is - compiled with PAM and when FAILLOG_ENAB is set to yes. And create the - faillog file if it does not exist on postinst (as on Woody). - Closes: #192849 - - do not localize login's syslog messages. - * Debian packaging fixes: - - Fix FTBFS with new dpkg 1.13 and use a correct dpkg-architecture - invocation. Closes: #314407 - - Add a comment about potential sensitive information exposure - when LOG_UNKFAIL_ENAB is set in login.defs - Closes: #298773 - - Remove limits.5 and limits.conf.5 man pages which do not - reflect the way we deal with limits in Debian - Closes: #288106, #244754 - - debian/login.defs: - - Make SU_PATH and PATH consistent with the values used in /etc/profile - Closes: #286616 - - Comment the UMASK setting which is more confusing than useful - as it only affects console logins. Better use pam_umask instead - Closes: #314539, #248150 - - Add a comment about "appropriate" values for umask - Closes: #269583 - - Correct the assertion about the variable defined by QMAIL_DIR - which is MAILDIR, not MAIL - Closes: #109279 - - Move the PASS_MAX_LEN variable at the end of login.defs as this - is obsoleted when using PAM - Closes: #87301 - - debian/passwd.config: - - Re-enable the password confirmation question at critical priority - Closes: #304350 - - Do no prompt again for the login name when the two passwords don't - match while creating a new user - Closes: #245332 - - debian/add-shell.sh, debian/remove-shell.sh, debian/shadowconfig.sh, - debian/passwd.config, debian/passwd.postinst: - - checked for bashisms, replaced "#!/bin/bash" with "#!/bin/sh", - Closes: #315767 - - replaced "test XXX -a YYY" XSI:isms with "test XXX && test YYY", - for rationale see: - http://www.opengroup.org/onlinepubs/009695399/utilities/test.html - - replaced all unneeded "egrep"s with basic "grep"s - Closes: #256732 - - debian/rules: - Remove the setuid bit on login - Closes: #298060 - - debian/passwd.templates: - Templates rewrite to shorten them down a little and make them DTSG - compliant. Give more details about what the user's full name is used - for. - Closes: #287410 - - Updated to Standards: 3.6.2 (checked) - * Debconf translation updates: - - Estonian added. Closes: #312471 - - Basque updated. Closes: #314303 - - Malagasy updated. Closes: #290842 - - Punjabi updated. Closes: #315372 - - Danish updated. Closes: #315378 - - Polish updated. Closes: #315391 - - Japanese updated. Closes: #315407 - - Brazilian Portuguese updated. Closes: #315426 - - Czech updated. Closes: #315429 - - Spanish updated. Closes: #315434 - - Lithuanian updated. Closes: #315483 - - Galician updated. Closes: #315362 - - Portuguese updated. Closes: #315375 - - Simplified Chinese updated. Closes: #315567 - - French updated - - Ukrainian updated. Closes: #315727 - - Welsh updated. Closes: #315809 - - Slovak updated. Closes: #315812 - - Romanian updated. Closes: #315783 - - Finnish updated. Closes: #315972 - - Catalan updated. Closes: #316026 - * Man pages translation updates: - - Remove the too outdated Korean translation of newgrp.1 - which doesn't even mention sg - Closes: #261490 - * Man pages correction for Debian specific issues: - - 402_usermod.8-system-users-range-286258: - Document the system user range from 0 to 999 in Debian - Closes: #286258 - * Upstream bugs not fixed in upstream releases or CVS: - - 423_su_pass_args_without_concatenation - Thanks to Helmut Waitzmann. - Closes: #276419 - * pass the argument to the shell or command without concatenation - before the call to exec. - * If no command is provided, the arguments after the username are for - the shell, no -c has to be appended. - - 008_su_ignore_SIGINT - * Also ignore SIGQUIT in su to avoid defeating the delay. - The gain in security is very minor. - Closes: #288827 - - 424_pwck.8_quiet_option - pwck(8): document the -q option. Closes: #309408 - - 425_lastlog_8_sparse - lastlog(8): Document that lastlog is a sparse file, and don't need to be - rotated. Closes: #219321 - - 426_grpck_group-gshadow_members_consistency - * (grpck) warn for inconsistencies between members in /etc/group and gshadow - Closes: #75181 - * (pwck and grpck) warn and propose a fix for entries present in the - regular /etc/group or /etc/passwd files and not in shadow/gshadow. - - 427_chage_expiry_0 - Fix chage display in the case of null expiry fields (do not display - Never, but 01 Jan 1970) - Closes: #78961 - * Upstream bugs already fixed in upstream releases or CVS: - - Corrected typos in chfn.1. Closes: #312428 - - Corrected typos in gshadow.5. Closes: #312429 - - Corrected typos in shadow.5. Closes: #312430 - - Corrected typos in grpck.8. Closes: #312431 - - Added patch (356th) for su to propagate SIGSTOP up and SIGCONT down. - Added similar patch (357th) for newgrp. Both changes only affect - operation with CLOSE_SESSION set to yes (in /etc/login.defs). - Closes: #314727 - * Translation updates: - - debian/patches/010_more-i18ned-messages - - More messages are translatable. We will deal with the translation - updates after syncing with upstream. - Closes: #266281 - - debian/patches/114_eu: - - Basque translation update. Closes: #314423 - - debian/patches/132_vi.dpatch: - - Vietnamese translation update. Closes: #315840 - - -- Christian Perrier <bubulle@debian.org> Mon, 20 Jun 2005 23:37:56 +0300 - -shadow (1:4.0.3-35) unstable; urgency=low - - * Re-apply the debian/patches/036_CAN-2004-1001_passwd_check patch - which fixed the "Adjusted password check to fix authentication bypass" - security issue (CAN-2004-1001) - * Debian packaging fixes: - - Add --host to config_options on cross build. Patch from NIIBE Yutaka. - Closes: #283729 - - Enable login for GNU/Hurd in rules. First patch from Robert Millan. - Closes: #249372 - - Cleanup passwd debconf stuff as md5 passwords are assumed since - 1:4.0.3-19 and the resolution of #223664. - - Document the TTYPERM variable set to 0600 in the default login.defs file - Closes: #59439 - - Make login and su use limits.so PAM module by default - (change made in sarge branch also) - Closes: #300720 - - debian/rules: Add removal of config.log in the clean target - - debian/control: - - Add Martin to Uploaders - - Remove Sam Hartman from Uploaders. The team is now setup and this - does not really have a real meaning now. You're still welcome for - NMU's, Sam, and thanks for the good work. - - Switching from dpatch to quilt. - * Debconf translation updates: - - Portuguese spellchecked by Miguel Figueiredo - - Punjabi (Gumurkhi) added, by Amanpreet Singh Alam. Closes: #309800 - * Man pages translation updates: - - German completed by reference to original man page - Closes: #311554 - * Debian specific programs fixes: - - NONE - * Upstream bugs not fixed in upstream releases or CVS: - - 421_login.1_pishing: - Document how to initiate a trusted path under Linux - Closes: #305600 - - set CLOSE_SESSIONS to yes in login.defs, and document why. - Closes: #163635 - * Upstream bugs already fixed in upstream releases or CVS: - - 324_configure.in-no-debian-dir: - Separated from 004_configure.in : this change will not be needed when - syncing with upstream - - 325_gshadow_5_manpage: - Add a gshadow.5 man page, and clarifications in the newgrp and gpasswd - man pages. - Closes: #113191, #166173, #169046, #251926 - - 326_su.1_pwconv.8-typos: - Correct typos in su.1 and pwconv.8 man pages. - Closes: #309666 - * Translation updates: - - 004_configure.in, 100_LINGUAS - Add Vietnamese to LINGUAS. Patch for LINGUAS in configure.in moved - from 004_configure.in to the new 100_LINGUAS patch - - 101_cs: Czech updated by Miroslav Kure - Closes: #308658 - - 102_de: German updated by Dennis Stampfer - - 104_fr: French updated by Jean-Luc Coulon - Closes: #308909 - - 111_ca: Catalan completed by Guillem Jover - Closes: #309212 - - 108_sv: Swedish completed with the help of Magnus Holmgren - Encoding issues fixed - Closes: #309380 - - 109_uk: Ukrainian completed by Eugeniy Meshcheryakov - Closes: #308647 - - 120_nl: Dutch updated by Bart Cornelis - Closes: #308662 - - 124_ru: Russian updated by Yuri Kozlov - Closes: #308839 - - 129_ru: Romanian updated by Sorin Bataruc - Closes: #308921 - - 130_zh_TW: Tradition Chinese updated by Tetralet - Closes: #311588 - - 131_tl: Tagalog updated by Eric Pareja - Closes: #310386 - - 132_vi: Correct file used for Vietnamese tanslation - Closes: #306614, #307251, #307262, #308479 - - -- Christian Perrier <bubulle@debian.org> Fri, 3 Jun 2005 07:32:07 +0200 - -shadow (1:4.0.3-34) unstable; urgency=low - - * Debian packaging fixes: - - NONE - * Debian specific programs fixes: - - NONE - * Upstream bugs not fixed in upstream releases or CVS: - - 406_good_name: - - relaxed user/group names checking is now fixed and accepts - _only_ names matching '^[^-:\n][^:\n]*$' - Closes: #264879, #308478 - * Upstream bugs already fixed in upstream releases or CVS: - - 311_high-uids.dpatch: - - Add large file support to lastlog and faillog. Closes: #280212 - * Translation updates: - - 132_vi: - Vietnamese programs translation added (from upstream CVS) - Closes: #308479 - - 118_it: - Italian programs translation updated - Closes: #308327 - - -- Christian Perrier <bubulle@debian.org> Tue, 10 May 2005 18:24:12 +0200 - -shadow (1:4.0.3-33) unstable; urgency=low - - * The "Don't believe lintian blindly" release - * Urgency left to low because RC bug fixed but we leave priority - to sarge-targeted work - * Debian packaging fixes: - - Remove CVS id tag from the supplied login.defs file - Closes: #308019 - - revert dependency on debconf which would make it required - Closes: #308145 - - Add the missing add-shell, remove-shell, cppw and cpgr - (Debian specific) man pages - Closes: #162241 - - make lintian ignore warnings about missing debconf dependency - in passwd.lintian-overrides - * Debian specific programs fixes: - - NONE - * Upstream bugs not already fixed in upstream releases or CVS: - - NONE - * Upstream bugs already fixed in upstream releases or CVS: - - 313_pam_access_with_preauth: - - allow PAM account authorization when preauthenticated - Closes: #193869 - - 314_passwd.1_formatting: - - minor formatting fixes of passwd(1) man page - Closes: #304447 - - 315_chage.1_document_expiration_removal: - - document expiration removal in chage(1) - Closes: #304542 - - 316_vipw-race-242407: - - make vipw to remove /etc/{passwd|shadow|group|gshadow}.edit - and only then unlock - Closes: #242407 - - 317_lastlog_usage_249611: - - Fix the lastlog usage and all the translations accordingly - (--user instead of --login). - Closes: #249611 - - 323_passwd.1-typo: - - correct a typo in passwd(1) man page. Closes: #302740 - - -- Christian Perrier <bubulle@debian.org> Sun, 8 May 2005 14:32:20 +0200 - -shadow (1:4.0.3-32) unstable; urgency=low - - * Switch to dpatch for upstream patches - This should bring more clarity to modifications - we make to upstream sources and help integrating - new upstream releases - Old patches have been moved quite roughly to - debian/patches - * Modified debian/rules for "Calling GNU configure properly", see - /usr/share/doc/autotools-dev/README.Debian.gz - * Debian packaging fixes: - - Lintian fixes: - - Description synopsis initial capital letters removed - - passwd now depends on debconf (>=0.5.00) as it uses the seen flag - - add login.lintian-overrides and passwd.lintian-overrides - files to mention setuid and setgid files and avoid lintian warning - about them - - debian/pam.d/login: - - Remove the confusing comment about "nullok". Closes: #207816 - - debian/rules: - - Add call for dh_installdirs - - debian/passwd.dirs: - - Added - - debian/login.dirs: - - Added - * Debian specific programs fixes: - - fixed /usr/sbin/remove-shell bug with handling of non-existing/empty - /etc/shells file. Closes: #271565 - * GNU config automated update: config.sub (20010907 to 20050422), - config.guess (20010904 to 20050422) - - -- Christian Perrier <bubulle@debian.org> Tue, 3 May 2005 11:53:12 +0200 - -shadow (1:4.0.3-31sarge3) unstable; urgency=low - - * The "please buy me a brain" release - * *Really* shorten down the Dutch debconf translation for the root password - input so that it fits in one screen. Closes: #277750 - * man/usermod.8: *Really* document -o option in usermod - Closes: #302388 - * man/fr/po4a/fr: Removed. This directory only clutters up the diff - and is not used during the build process - * man/de/passwd.1: Updated. Closes: #304757 - * man/de/chsh.1: Updated. - * man/it/*: All files updated. Closes: #305095 - * Translation updates: - - Portuguese (from the translation file sent for 4.0.8 upstream) - Closes: #305257 - - -- Christian Perrier <bubulle@debian.org> Tue, 19 Apr 2005 19:31:43 +0200 - -shadow (1:4.0.3-31sarge2) unstable; urgency=low - - * Shorten down the Dutch debconf translation for the root password - input so that it fits in one screen. Closes: #277750 - * man/usermod.8: Document -o option in usermod - Closes: #302388 - - -- Christian Perrier <bubulle@debian.org> Mon, 4 Apr 2005 20:28:47 +0200 - -shadow (1:4.0.3-31sarge1) unstable; urgency=high - - * Urgency set to high because of RC bug fixed. Reuploaded - because I messed up with the changelog first. Use this occasion - to start a sarge series just in case. Changes below were made - in the former version already. - * Avoid package file conflicts for woody->sarge upgrade: - - Add manpages-it and manpages-ko to Replaces: for login - - Remove manpages-de from Replaces: for login (useless) - - Improve readability of the Replaces line for passwd - Closes: #299549 - - -- Christian Perrier <bubulle@debian.org> Tue, 15 Mar 2005 13:55:34 +0100 - -shadow (1:4.0.3-31) unstable; urgency=low - - * New maintainer - - -- Christian Perrier <bubulle@debian.org> Fri, 11 Mar 2005 19:28:38 +0100 - -shadow (1:4.0.3-30.10) unstable; urgency=low - - * Non-maintainer upload targeted at sarge. - * Programs translations: - - Greek updated. Closes: #293911 - - French updated. Closes: #294330 - * Debconf translations: - - Galician updated. Closes: #295543 - - -- Christian Perrier <bubulle@debian.org> Mon, 7 Feb 2005 08:18:56 +0100 - -shadow (1:4.0.3-30.9) unstable; urgency=low - - * Non-maintainer upload targeted at sarge. - * Programs translations: - - German updated. Closes: #291703 - - Tagalog added. Closes: #292353 - - Korean updated. - - -- Christian Perrier <bubulle@debian.org> Sun, 23 Jan 2005 09:30:49 +0100 - -shadow (1:4.0.3-30.8) unstable; urgency=low - - * Non-maintainer upload targeted at sarge. - * Debconf translations: - - Tagalog added. Closes: #289837 - * Programs translations: - - Traditional Chinese added. Closes: #288879 - - -- Christian Perrier <bubulle@debian.org> Tue, 11 Jan 2005 11:39:18 +0100 - -shadow (1:4.0.3-30.7) unstable; urgency=low - - * Non-maintainer upload targeted at sarge. - * Resolv conflict with manpage-spl in login - as well as passwd. Thanks to Robert Luberda for - the notice - - -- Christian Perrier <bubulle@debian.org> Thu, 23 Dec 2004 22:23:11 +0100 - -shadow (1:4.0.3-30.6) unstable; urgency=low - - * Revert back to Ian Gulliver genuine patch - to chpasswd. Update man page accordingly. - Closes: #283961 - (again) - * Programs translations - - German updated. Closes: #286522 - * Debconf translations - - German updated. Closes: #286522 - - -- Christian Perrier <bubulle@debian.org> Mon, 20 Dec 2004 23:51:39 +0100 - -shadow (1:4.0.3-30.5) unstable; urgency=high - - * Non-maintainer upload targeted at sarge. - Fix release critical bug - * Resolve conflict with woody's manpages-pl package - which prevent woody->sarge upgrade if - manpages-pl was installed - Closes: #284239 - * Programs translations - - Romanian added. Closes: #284338 - * Add MD5 support to chpasswd - Thanks to Ian Gulliver for the patch - Closes: #283961 - * Correct typos in man pages - Thanks to Nicolas François for the patch - Closes: #141322 - * Replace "C/" with "../../" in man/fr/shadow.conf - for best integration in the package build process - - -- Christian Perrier <bubulle@debian.org> Thu, 16 Dec 2004 21:48:56 +0100 - -shadow (1:4.0.3-30.4) unstable; urgency=low - - * Non-maintainer upload targeted at sarge. - Localisation and d-i related updates only - * Programs translations - - Albanian (very partial) added. - * Debconf translations - - Hindi added. Closes: #282443 - - Malagasy added. Closes: #282580 - - Albanian added. Closes: #282160 - - -- Christian Perrier <bubulle@debian.org> Thu, 25 Nov 2004 07:21:53 +0100 - -shadow (1:4.0.3-30.3) unstable; urgency=high - - * Non-maintainer upload: security fix using the woody patch - by the Security Team - * Adjusted password check to fix authentication bypass - [debian/patches/036_CAN-2004-1001_passwd_check] - * Debconf translations - - Brazilian Portuguese updated. Closes: #278051 - - Norwegian Bokmal fixed. Closes: #277563 - * Programs translations - - Indonesian updated. Closes: #277751, #277741 - - -- Christian Perrier <bubulle@debian.org> Tue, 2 Nov 2004 22:28:26 +0100 - -shadow (1:4.0.3-30.2) unstable; urgency=low - - * Non-maintainer upload targeted at sarge. - Localisation and d-i related updates only - * Debconf translations - - Macedonian added. Closes: #275781 - - Slovakian updated. Closes: #273585 - - Slovenian added. - * Man pages translations - - German for vipw.8/vigr.8. Closes: #260645 - * Fix preseeding for d-i : do not mark debconf templates as seen - Also remove the hack for Joey Hess login name..:) - Closes: #271407 - * Ask for the user full name at critical priority so that - it is never empty. Closes: #257700 - - -- Christian Perrier <bubulle@debian.org> Sun, 10 Oct 2004 19:02:50 +0200 - -shadow (1:4.0.3-30.1) unstable; urgency=low - - * Non-maintainer upload targeted at sarge. Localisation updates only - * Debconf translations - - Arabic added. Closes: #261022 - - Swedish updated. Closes: #261553 - - Bulgarian added. Closes: #262928 - - Brazilian Portuguese updated. Closes: #263957 - - Simplified Chinese updated. Closes: #268646 - - Traditional Chinese updated. Closes: #268151 - - German updated. Closes: #268051 - - Basque synced with templates.pot - * Programs translations - - Swedish updated. Closes: #261553 - - Russian updated. Closes: #268412 - - Norwegian Bokmal updated. Closes: #269907 - - Norwegian Nynorsk updated. Closes: #269907 - - Hebrew updated. Closes: #269967 - - Danish updated. Closes: #270083 - - Catalan updated. Closes: #254956 - * Man pages translations - - French translation completely rewritten and reviewed - Closes: #270168 - - Add expiry.1 and limits.conf.5 to the list of installed man - pages (add two lines to passwd.files and one to rules) - From #270168 also. - - -- Christian Perrier <bubulle@debian.org> Tue, 7 Sep 2004 20:20:21 +0200 - -shadow (1:4.0.3-30) unstable; urgency=high - * Attempt to fix FTBFS and dependency problems on hurd. Closes: #235641 - * don't run dh_undocumented anymore as it has become angstful. - - * Thanks to Christian Perrier: - * Debconf translations - - Brazilian updated. Closes: #261387 - - Croatian added. Closes: #261418 - - Minor corrections fo ja.po and pl.po headers - * Programs translations - - Dutch updated. Closes: #260361 - - Hebrew added. Closes: #260722 - * Urgency set to high because of RC bug fixed: - * Correct check for root password being already set in passwd.config - Closes: #260799 - - * Acknowledge 29.1 NMU: - Closes: #256664, #257949, #258241, #258563, #258566, #258957, - #190567, #259389, #260223, #257949, #259663, #259827 - - -- Karl Ramm <kcr@debian.org> Tue, 27 Jul 2004 09:38:32 -0400 - -shadow (1:4.0.3-29.1) unstable; urgency=low - - * NMU with maintainer consent - * Programs translations - - Greek updated. Closes: #256664 - - Finnish updated. Closes: #257949 - - Spanish updated. Closes: #258241 - - Polish updated. Closes: #258563 - - Indonesian added (configure.in changed accordingly). Closes: #258566 - - French updated. Closes: #258957, #190567 - - Slovak updated. Closes: #259389 - - Portuguese updated. Closes: #260223 - * Debconf translations - - Finnish updated. Closes: #257949 - * Typo correction in su.1 man page. Closes: #259663 - * Removed malloc definition in libmisc/xmalloc.c - Closes: #259827 - * Lintian-driven corrections - - Corrected section number in several man pages: - - grpck.8 - - pwck.8 - - ja/grpck.8 - - pl/grpck.8 - - pl/pwck.8 - - Replace the full GPL text in copyright by a pointer - - Bumped Standards to 3.6.1.1 (changes checked) - - -- Christian Perrier <bubulle@debian.org> Mon, 19 Jul 2004 17:52:24 +0200 - -shadow (1:4.0.3-29) unstable; urgency=low - * Be up front on the origin of our su. Closes: #244297 - * The following thanks to Christian Perrier: - * Debconf translations - - Hungarian added. Closes: #256493 - - Greek updated. Closes: #251990 - - Brazilian portuguese updated. Closes: #256771 - * po/POTFILES.in - - corrected file. No more mentions unexisting files - Closes: #253792 - this change was already in 28.5 but was forgotten in the - changelog - * Acknowledge NMUs: - closes: #244604, #244734, #246302, #246376, #246848, #246859, - #247084, #247698, #247770, #248386, #248391, #248392, - #248392, #248516, #248516, #248648, #248938, #248957, - #249141, #249257, #249682, #250169, #250339, #250496, - #251140, #251141, #251317, #251495, #251716, #251990, - #252087, #252499, #253165, #253186, #253570, #254503, - #254760 - - -- Karl Ramm <kcr@debian.org> Sat, 3 Jul 2004 00:24:55 -0400 - -shadow (1:4.0.3-28.5) unstable; urgency=low - - * debian/*.files - - care about adding ALL existing translations. Removed hard-coded - file names. Closes: #248516 - Thanks to Ruben Porras for noticing - This involves changes to debian/*.files with the use of - regexp in these files - * libmisc/failure.c - - Make use of plural forms. Closes: #251317 - * Programs translations - - Norwegian Bokmal and Norwegian Nynorsk translations. Closes: #252499 - - Dutch updated. Closes: #253165 - - Brazilian Portuguese updated - - Turkish updated - - Korean updated - - Czech updated - - Japanese updated - - German updated - - Catalan added. Closes: #254760 - - Italian updated - * Debconf translations - - Finnish added. Closes: #253570 - - Danish updated - - Hebrew added. Closes: #253186 - - Traditional Chinese added. Closes: #254503 - - French updated for clarification and shorten the root password screen - - -- Christian Perrier <bubulle@debian.org> Tue, 22 Jun 2004 09:44:45 +0200 - -shadow (1:4.0.3-28.4) unstable; urgency=low - - * NMU for l10n stuff again - * Programs translations - - All languages "activated" in configure.in. Closes: #248516 - - Russian. Closes: #250496 - - Bosnian added. Closes: #251141 - - Finnish update. Closes: #251495 - - Italian update. Closes: #252087 - * Debconf translations - - Norwegian Bokmal update. Closes: #250339 - - Bosnian added. Closes: #251140 - - Catalan updated. Closes: #251716 - - Greek update. Closes: #251990 - - Welsh added (directly sent by Dafydd Harries - * Christian Perrier - - debian/passwd.config : a few rewards to a few people. Just check - the code - - -- Christian Perrier <bubulle@debian.org> Tue, 1 Jun 2004 09:11:01 -0300 - -shadow (1:4.0.3-28.3) unstable; urgency=high - - * NMU for correcting my mistake - * Remove an extra "fi" in passwd.config. Closes: #250169 - * Debconf translation updates: - - Norwegian Nynorsk. Closes: #249682 - - -- Christian Perrier <bubulle@debian.org> Fri, 21 May 2004 06:50:13 +0200 - -shadow (1:4.0.3-28.2) unstable; urgency=high - - * NMU for Debian Installer rc1 release schedule - * Removed duplicate sentence in templates. Closes: #244734, #244604 - * Move the "root password empty" check before the root password - confirmation. Closes: #247770 - * Debconf translation updates: - - Danish. Closes: #246859 - - Spanish. Closes: #246302 - - Russian. Closes: #248392 - - Simplified Chinese. Closes: #248938 - - Lithuanian. Closes: #249141 - - Italian. Closes: #249257 - - Dutch sent directly by Bart Cornelis - - Korean sent directly by Changwoo Ryu - - Galician sent directly by Héctor Fernández - - Romanian sent directly by Eddy Petrisor - * Programs translation updates: - - Korean. Closes: #242055 - - Japanese. Closes: #242586 - - Polish. Closes: #246376 - - Slovak. Closes: #247084 - - Basque. Closes: #248386 - - German. Closes: #248391 - - Russian. Closes: #248392 - - Spanish. Closes: #248516 - - Czech. Closes: #248648 - - Simplified Chinese. Closes: #248957 - - Indonesian. Closes: #242813 - - Italian sent directly by Giuseppe Sacco - * Translated man pages - - Typo correction in Brazilian Portuguese for gpasswd. Closes: #247698 - - -- Christian Perrier <bubulle@debian.org> Tue, 18 May 2004 12:09:34 +0200 - -shadow (1:4.0.3-28.1) unstable; urgency=high - - * NMU for special purposes below - * Urgency set to high for helping out Brazilian DD's building CD's - for FISL conference - * Translation updates: - - Debconf: - - Brazilian Portuguese. Closes: #246848 - - Spanish. Was unfortunately based on older templates hence - this does not close 246302 - - Basque: Closes: #243545 - - German: Closes: #242116 - - -- Christian Perrier <bubulle@debian.org> Mon, 10 May 2004 23:23:25 +0200 - -shadow (1:4.0.3-28) unstable; urgency=low - - * Fix login and passwd in preinst to avoid promts on woody upgrade, - Closes: #243099 - * Fix login and passwd configuration file to support common-passwd - * Apply NMU patch from Christian Perrier, Closes: #241438 - - -- Sam Hartman <hartmans@debian.org> Thu, 29 Apr 2004 16:31:25 -0400 - -shadow (1:4.0.3-27) unstable; urgency=low - - * update "da" debconf translation, closes: #241262 - * new "pt_BR" program translation, closes: #241366 - - -- Karl Ramm <kcr@debian.org> Thu, 1 Apr 2004 00:19:44 -0500 - -shadow (1:4.0.3-26.1) unstable; urgency=low - - * NMU for Debian Installe rneeds - * Translation updates: - - Debconf: - - French. Closes: #241438 - - Ukrainian. Closes: #241514 - - Swedish: #241558 - - Japanese. Closes: #241802 - - Danish. Closes: #241262 - - Portuguese. Closes: #241675 - - Polish. Closes: #243185, #242996 - - Czech. Closes: #241877 - - Korean. Closes: #241928 - - Greek. Closes: #242396 - - Turkish. Closes: #243103 - - Slovak. Closes: #245671 - - -- Christian Perrier <bubulle@debian.org> Wed, 28 Apr 2004 11:47:34 +0200 - -shadow (1:4.0.3-26) unstable; urgency=low - - * Have passwd.config fall back gracefully to useradd if adduser is - unavailable. closes: #240894 - - -- Karl Ramm <kcr@debian.org> Wed, 31 Mar 2004 00:26:17 -0500 - -shadow (1:4.0.3-25) unstable; urgency=low - - * Update "da" program translation, thanks to Claus Hindsgaul. - * Update "sv" translation, closes: #239198 - * lower debconf priority of shadow password question to 'low' - - -- Karl Ramm <kcr@debian.org> Tue, 30 Mar 2004 19:39:59 -0500 - -shadow (1:4.0.3-24) unstable; urgency=low - - * add new program translations to the file manifest. *sigh* - closes: #241016 - * add "tr" debconf translation. closes: #239148 - * Rearrange username creation dialog text to make sense in - new order. closes: #240607 - * Edit the debconf templates for content. - * Remove the program .gmo files in the clean step. closes: #200054 - - -- Karl Ramm <kcr@debian.org> Tue, 30 Mar 2004 11:37:22 -0500 - -shadow (1:4.0.3-23) unstable; urgency=low - - * increase maximum group name size to 32 for no particularly good reason - closes: #240456 - * fix su man page to reflect code. closes: #239805 - * fix username defaulting in passwd.config. closes: #238781 - * update "it" debconf translation. closes: #237504 - * update "ru" debconf translation. closes: #238211 - * update "de" debconf translation. closes: #238779 - * update "el" debconf translation. closes: #240473 - * add "nn" debconf translation. closes: #238590 - * add "da" program translation. closes: #238005 - * add "nl" program translation. closes: #238488 - * add "pt" program translation. closes: #238796 - * add "pt" debconf translation. closes: #239641 - * remove spurious const, closes: #240677 - - -- Karl Ramm <kcr@debian.org> Sun, 28 Mar 2004 19:46:34 -0500 - -shadow (1:4.0.3-22) unstable; urgency=low - - * Don't assume that lastlog.ll_time or utmp.ut_time or utmpx.ut_tv are made - up of time_ts and timevals, because they aren't on x86-64. Dismaying - but true. - - -- Karl Ramm <kcr@debian.org> Sun, 14 Mar 2004 16:53:21 -0500 - -shadow (1:4.0.3-21) unstable; urgency=low - - * Try and get the right French translation update in the right place, - Karl, you can do it even if you do only speak English. Closes: #236993 - - -- Karl Ramm <kcr@debian.org> Wed, 10 Mar 2004 15:31:35 -0500 - -shadow (1:4.0.3-20) unstable; urgency=low - - * Added Norwegian Bokmal debconf translation, closes: #206349 - * tell shadow build system about new message translations - - -- Karl Ramm <kcr@debian.org> Thu, 4 Mar 2004 11:04:44 -0500 - -shadow (1:4.0.3-19) unstable; urgency=low - - * When creating a user account in psaswd.config, ask for full name - first, and make up a default username. Closes: #235386 - * "No really, assume md5 passwords". Closes: #223664 - - -- Karl Ramm <kcr@debian.org> Thu, 4 Mar 2004 00:42:08 -0500 - -shadow (1:4.0.3-18) unstable; urgency=low - - * Removed po/cs.po and added new debian/po/cs.po - Updated Czech translation, closes: #229125 - * Updated Japanese debconf translation, closes: #227237 - * Updated Danish debconf translation, closes: #227619 - * Updated Dutch debconf translation, closes: #227883 - * Updated Brazilian Portuguese debconf translation, closes: #228080 - * Added Simplified Chinese debconf translation - Added Simplified Chinese programs translation - Closes: #229334 - * Added Greek debconf translation - Added Greek programs translation - Closes: #229504, #229528 - * Added Finnish programs translation, closes: #230369 - charset changed from UTF-8 to ISO-8859-1 as the bug patch was wrong - * Updated German debconf translation, closes: #232710 - * Updated Russian debconf translation, closes: #235541 - * Added Ukrainian debconf translation, closes: #233560 - * Added Lithuanian debconf translation, closes: #235698 - * thanks to Christian Perrier <bubulle@debian.org> - - -- Karl Ramm <kcr@debian.org> Wed, 3 Mar 2004 22:56:31 -0500 - -shadow (1:4.0.3-17) unstable; urgency=low - - * Fix braino in version number of example dependency in README.shells. - Apologies to anyone foolhardy enough to believe my documentation. - * Add Swedish debconf translation, closes: #225059 - * New French debconf translation, closes: #225914 - * Add Catalan debconf translation, closes: #227029 - * add securetty files for the hurd, freebsd, and netbsd, closes: #200739 - - -- Karl Ramm <kcr@debian.org> Sun, 11 Jan 2004 17:37:54 -0500 - -shadow (1:4.0.3-16) unstable; urgency=low - - * run dh_installdeb *after* dh_installdebconf, - remove . from short description of passwd, - add versioned conflict with debconf older than 0.5 - closes: #224133 - * replace manpages-it due to man page conflict - closes: #224474 - * fix the *other* su syslogs. - closes: #224508 - * fix filename in control file, closes: #224579 - * fix permissions on chage and expiry, closes: #224717 - * run debconf-updatepo - * remove debian/compat as redundant - - -- Karl Ramm <kcr@debian.org> Mon, 22 Dec 2003 19:53:30 -0500 - -shadow (1:4.0.3-15) unstable; urgency=low - - * remove bogus dependency on base-config 2.00, - closes: #222772, #223726 - * New Czech translation thanks to Miroslav Kure. - - -- Karl Ramm <kcr@debian.org> Fri, 12 Dec 2003 18:40:25 -0500 - -shadow (1:4.0.3-14) unstable; urgency=low - - * exit 30 when backing all the way out in passwd.conf, and - depend on base-config 2.00, closes: #222772 - * adjust debconf templates for debian-installer work, - closes: #222832 - - -- Karl Ramm <kcr@debian.org> Thu, 11 Dec 2003 01:53:37 -0500 - -shadow (1:4.0.3-13) unstable; urgency=low - - * Fix typo passwd.config. Closes: #223079, #222714 - * Let's try out this oldfangled anonymous ftp upload queue. - - -- Karl Ramm <kcr@debian.org> Mon, 8 Dec 2003 17:59:31 -0500 - -shadow (1:4.0.3-12) unstable; urgency=low - - * Explicitly use automake-1.7 and aclocal-1.7. closes: #216594 - * Update Danish debconf translation. closes: #216542 - * Update French debconf translation. closes: #206352 - * Update Dutch debconf translation. closes: #212995 - * Remove redundant dependency on grep. closes: #216535 - * Fix chfn documentation bug. closes: #213931 - * Fix su syslogs to be less ambiguous. (old:new instead of old-new - because '-' can appear in usernames.) Not clearer, mind you, but less - ambiguous. closes: #213592 - * Rename limits(5) to limits.conf(5) and edit to reflect reality. - closes: #212935 - * Move the change_uid call in login back to where it was before -11, and - relocate the fork for pam_close_session above it. closes: #211884 - - -- Karl Ramm <kcr@debian.org> Sat, 25 Oct 2003 15:26:20 -0400 - -shadow (1:4.0.3-11) unstable; urgency=low - - * update Japanese debconf translation. closes: #210382 - * update Brazilian Portugese debconf translation. closes: #208122 - * run pam cleanup code as root. closes: #195048 - - -- Karl Ramm <kcr@debian.org> Sat, 13 Sep 2003 17:49:29 -0400 - -shadow (1:4.0.3-10) unstable; urgency=low - - * postinst sources confmodule. closes: #88843 - * Implement the pam configuration New World Order. Wow, that was quick. :-) - * Implement a scheme for allowing other packages to modify /etc/shells. - - -- Karl Ramm <kcr@debian.org> Fri, 22 Aug 2003 20:58:42 -0400 - -shadow (1:4.0.3-9) unstable; urgency=low - - * fix mysterious creeping bug in po/Makefile.in.in, closes: #200052 - * dutch debconf translation, closes: #204578 - * switch to po-debconf, closes: #183998, #200130 - * use automake1.7, closes: #205991 - * update german debconf translation, closes: #94138 - * I can't come up with a good justification as to why characters other - than ':'s and '\0's should be disallowed in group and usernames (other - than '-' as the leading character). Thus, the maintenance tools don't - anymore. closes: #79682, #166798, #171179 - * Fix typo in /etc/pam.d/su. closes: #196804 - * danish debconf translation, closes: #118245 - * russian debconf translation, closes: #198729 - * And last, but not least, what's undoubtedly going to be the most - popular change: md5 passwords are turned on by default, and there is - no prompt to change them. Yes, this is reduced functionality. No, it - can't go back in the way it was; the old code not only modified - conffiles, it modified *other*packages* conffiles and was a massive - policy violation. I expect this change will motivate the people who - have said that they will come up with a proper solution to do so. - closes: #186016, #110228, #171808 - - -- Karl Ramm <kcr@debian.org> Wed, 20 Aug 2003 02:06:50 -0400 - -shadow (1:4.0.3-8) unstable; urgency=low - - * Fix missing ':' in getopt call. closes: #184301 - * Don't install mkpasswd, we don't use it. closes: #185919, #187906 - * replaces: manpages-ko. closes: #184810 - * Fix the message in #190567 (not closing until it's been accepted upstream) - * Fix brainos in login.1. closes: #184731 - * Fixup permissions for chage. closes: #184138 - * Force the umask to 022 in passwd.config. closes: #182506 - * Add Sam Hartman <hartmans@debian.org> as an uploader. - * Update standards-version. - * Add versioned build-depend on debhelper. - - -- Karl Ramm <kcr@debian.org> Sat, 26 Apr 2003 15:34:16 -0400 - -shadow (1:4.0.3-7) unstable; urgency=low - - * When relocating a user's home directory, don't fail and remove the new - home directory if we can't remove the old home directory for some - reason; the results can be spectularly poort if, for instance, only - the rmdir() fails. closes: #166369 - * run dh_installdebconf so base-config will work. *sigh*. closes: #166788 - - -- Karl Ramm <kcr@debian.org> Sun, 24 Nov 2002 21:40:30 -0500 - -shadow (1:4.0.3-6) unstable; urgency=low - - * remove automake dependency and leave only automake1.5, since it seems - to confuse the alpha and mipsel autobuilders for some reason. - - -- Karl Ramm <kcr@debian.org> Sun, 13 Oct 2002 21:45:15 -0400 - -shadow (1:4.0.3-5) unstable; urgency=low - - * build-depend on libtool and automake. oops. closes: #164545 - - -- Karl Ramm <kcr@debian.org> Sun, 13 Oct 2002 01:44:47 -0400 - -shadow (1:4.0.3-4) unstable; urgency=low - - * I am unable to begin to express the bitterness that I'm now experiencing. - * replaces manpages-de <= 0.4-4, closes: #162097, #162173 - * replaces manpages-fr, closes: #162150 - * replaces manpages-hu, closes: #162126 - * replaces manpages-ja, closes: #163511, #162095 - * fix sg symlink, closes: #162339, #163652 - * newgrp should be aware that getlogin() and ttyname() are not - guaranteed to return anything and NOT blindly assume that they - successfully returned a pointer to a string. I mean, really, people, - that sort of thing hasn't been reliable since 4.2BSD on a VAX. I'll - bet most of the working on the upstream weren't even born yet when - this sort of thing was commonplace (it was NEVER acceptable). - closes: #162303 - * pull the manpage for the spiffy su forward. closes: #162275 - * depend on automake1.5, and rerun the autogrunge. This should - *hopefully* make it build more consistently. - * this concludes the biweekly treading of water. - - -- Karl Ramm <kcr@debian.org> Sat, 12 Oct 2002 14:56:16 -0400 - -shadow (1:4.0.3-3) unstable; urgency=low - - * the "fix the brain damage" release - * fix pam brain-damage in ch{age,passwd}, {group,user}{add,del,mod}, newusers - closes: #162181, #162199, #162228 - * fix vipw symlink brain-damage: closes: #162218 - * fix package description brain damage, closes: #139563 - * install cp{pw,gr} brain damge - - -- Karl Ramm <kcr@debian.org> Wed, 25 Sep 2002 01:21:35 -0400 - -shadow (1:4.0.3-2) unstable; urgency=low - - * fix "su -". closes: #162089 - * document exit codes of groupdel and userdel (again, for userdel) - closes: #161861 - * clean up logoutd cleanup - - -- Karl Ramm <kcr@debian.org> Mon, 23 Sep 2002 19:44:40 -0400 - -shadow (1:4.0.3-1) unstable; urgency=low - - * new upstream version! closes: #149444, #150237, #145415 - * completely new packaging! - * all new bugs! - * old bugs as well! - * remove /etc/init.d/logoutd, like the old postrm should've, closes: #160682 - * fix passwd manpage, closes: #160477, #122797 - * fix lastlog manpage, closes: #159886 - * add as many virtual console devices as I seem to have to securetty, - closes: #156472 - * add ttyS0 and tts/0 to securetty. closes: #130138 - * su should not segfault if nobody has uid 0. closes: #139967 - * install and use translations. closes: #118238 - * upstream uses new automake. closes: #114935 - * add russian template file for password. closes: #130358 - * handle template installation correctly. closes: #156674 - * don't place a maximum restriction on the length of passwords. - closes: #159487 - * fix description. closes: #145459 - * update config.{guess,sub} - - -- Karl Ramm <kcr@debian.org> Wed, 18 Sep 2002 10:14:08 -0400 - -shadow (20000902-12) unstable; urgency=high - - * "oops" - * /etc/login.defs: /var/spool/mail -> /var/mail, closes: #125311 - - -- Karl Ramm <kcr@debian.org> Sun, 7 Apr 2002 11:54:48 -0400 - -shadow (20000902-11) unstable; urgency=low - - * Fix some nits: - * remove changelog~ file. oops. closes: #139711 - * fix typo in control. closes: #139564 - * Hmmm. People open more bugs when I upload new versions of things. - Maybe they just notice them more then, or maybe it's just Murphy. - - -- K. Ramm <kcr@debian.org> Tue, 26 Mar 2002 12:14:33 -0500 - -shadow (20000902-10) unstable; urgency=low - - * We hates the automake. We hates it forever. closes: #139293 - * stupid ommision: logoutd still in postinst. closes: #139422 - * make login.defs a bit clearer. closes: #138809 - - -- Karl Ramm <kcr@debian.org> Fri, 22 Mar 2002 12:09:07 -0500 - -shadow (20000902-9) unstable; urgency=medium - - * Get rid of logoutd, it doesn't work, didn't work in potato, and now - it's causing people to open RC bugs. closes: #138259, #66153, #121940 - I'm told the timeoutd package does a better job anyway. - * add /bin/tcsh to /etc/shells, closes: #118103, #122112 - * add /bin/ksh to /etc/shells, closes: #123556 - * remove text about password aging from passwd(5), closes: #137493 - * spanish debconf template for passwd, closes: #136463 - * document the fact that you can not have a valid password in - /etc/shadow. closes: #131690 - * /etc/login.defs: /var/spool/mail -> /var/mail, closes: #125311 - * fix locations of utmp and wtmp in login(1), closes: #119656 - * The package description for passwd refers to README.Debian.gz - but only README.debian.gz actually exists. Most packages use - README.Debian.gz, but the control file is the only place that gets it - wrong for this package. When in doubt, fix the documentation. :-) - closes: #116955 - - -- Karl Ramm <kcr@debian.org> Thu, 14 Mar 2002 17:05:56 -0500 - -shadow (20000902-8) unstable; urgency=low - - * check in passwd.expire.cron for already-expired passwords; closes: #102319 - * note in chage.1 and shadowconfig.8 that password aging information - only works when shadow passwords are enabled. closes: #103702 - * enable changing the name in chfn by default. closes: #107819 - * fail to mangle files in lib/commonio.c, thanks to matt@linuxbox.nu - * add /dev/console to the secure ttys list. because. closes: #113949 - * find the FHS mail spool first in configure. closes: #114951 - (thanks to mjb@debian.org) - * above sadly causes automake to go bonkers, and I don't want to - reassemble the build system before woody is released. Keep automake - from going off on its own. - * terminate argument validation in login when it hits a '--'. - closes: #66368 - - -- Karl Ramm <kcr@debian.org> Mon, 22 Oct 2001 11:17:35 -0400 - -shadow (20000902-7) unstable; urgency=low - - * the "I'm sorry, I should've done this earlier" release - * Cancel login timeout after authentication so that patient people - timing out on network directory services can log in with local - accounts. Closes: #107148 - * Add Brazillian Portugese debconf template translation for passwd. - Closes: #105292, #93223 - * Pull /usr/share/doc/$package/README.shadow-paper.gz. Closes: #98058 - * Use getent instead of group to verify existence of shadow group - [works better for distributed group files]. Closes: #99902 - [Note that this sort of problem is rampant in these postinst and - config scripts, but that's not getting fixed in woody.] - * Amend reference to /usr/doc in shadowconfig.8. Closes: #102804 - * su should set $USER. Closes: #102995 - * userdel now deletes user groups from /etc/gshdow as well as - /etc/group. Closes: #99442 - * grpck now has an (otherwise undocumented) -p option, so that - shadowconfig can clean up the results of the above, so the config - script will fail randomly less often. Closes: #103385 - - -- Karl Ramm <kcr@debian.org> Wed, 22 Aug 2001 12:09:27 -0400 - -shadow (20000902-6.1) unstable; urgency=low - - * Non-maintainer upload. - * Upgrade to latest config.sub and config.guess. Closes: #88547 - - -- Gerhard Tonn <gt@debian.org> Fri, 1 Jun 2001 20:38:43 +0200 - -shadow (20000902-6) unstable; urgency=medium - - * actually set root's password when appropriate - patch thanks to joeyh, closes #98402 - * fix error in expiry man page. Such damage. closes: #99291 - * fix group of setgid program chage and expiry, closes: #98122 - - -- Karl Ramm <kcr@debian.org> Thu, 31 May 2001 07:38:59 -0400 - -shadow (20000902-5) unstable; urgency=low - - * add build dependency on file, to keep libtool happy. closes: #97498 - - -- Karl Ramm <kcr@debian.org> Wed, 16 May 2001 06:57:23 -0400 - -shadow (20000902-4) unstable; urgency=low - - * Change maintainers, closes: #92355 - - -- Karl Ramm <kcr@debian.org> Sun, 13 May 2001 03:28:07 -0400 - -shadow (20000902-3.1) unstable; urgency=low - - * Non-maintainer upload - * Recompile to fix ARM lossage - - -- Philip Blundell <philb@armlinux.org> Sun, 11 Mar 2001 07:47:27 -0500 - -shadow (20000902-3) unstable; urgency=low - - * Update config.sub and config.guess so ia64 compiled, closes: #81897 - * libmisc/sub.c: skip '*' in shell name when doing subsystem, closes: - #82893 - * src/su.c: don't assume uid 0 == "root", use getpwuid to fetch it, - closes: #81924 - * This was fixed in a previous version, closes: #77057 - * Update passwd long desc, closes: #88299 - * Conflict with suidmanager << 0.5, and remove suid{,un}register calls, - closes: #87157 - * Update policy to 3.5.0.0 - * Added debconf support for passwd from base-config - - -- Ben Collins <bcollins@debian.org> Sat, 3 Mar 2001 07:26:57 -0500 - -shadow (20000902-2) unstable frozen; urgency=low - - * control.hurd->control.gnu: closes: #77940 - * Cannot reproduce, closes: #79447 - * User never sent a patch, plus I think removing the passwd/account when - doing passwd -l is a bad idea. Makes it so you cannot unlock the - account. closes: #77824 - * Don't allow shadowconfig to change perms of other binaries, close: #77057 - * IMO, this is not a bug. It's part of a feature, and can be disabled by - turning off USER_GROUPS. closes: #76806 - * /bin/login is suid root for several good reasons. For one, it allows - daemons that use it to run as non-root. This is a good thing since it - means only one program is running as root, and not several. closes: #17911 - * sulog is fairly easy to grep or parse so I don't see how the - similarity of the log entries for failed and successful is a problem. - '-' for failed, '+' for success. closes: #63801 - * logoutd.8: s,/etc/utmp,/var/run/utmp, closes: #80494 - * Fix case where pam_auth returns a NULL username, closes: #76817, #75510 - * Hmm, Linux is a sysv derivative, so the comment is perfectly - legitimate, closes: #76898 - * MAX_PASSWORD is used by useradd, and CHFN_AUTH is actually used by - * chfn to decide if the current user needs to auth in order to change - their info, closes: #71114 - * login.1: Fix \' closes: #75435 - * login -f works for me assuming you call it as root. I tested this with - plain pam_unix.so, and also with pam_unix.so stacked with pam_ldap.so. - So if it doesn't work with telnet-heimdal, then that program is not - doing something right. closes: #78186 - * login.pam.d: made pam_nologin.so requisite. closes: #80111 - * su to root seems pretty quick to me, closes: #64756 - * xmalloc.c: remove decleration of malloc, which was causing system - * header conflicts. closes: #80398 - - -- Ben Collins <bcollins@debian.org> Sun, 31 Dec 2000 14:33:47 -0500 - -shadow (20000902-1) unstable frozen; urgency=low - - * New upstream release, lots of Debian patches merged, closes: #72735 - * man/passwd.1: removed reference to passwd(3), closes: #72704 - * man/chsh.1,man/chfn.1: document login.defs affects on these programs, - closes: #68029 - * not a bug, expected behavior, closes: #74137 - * IMO, this is a bug in the user's setup, closes: #65600 - * securetty: add devfs console devices, closes: #71946 - * libmisc/sulog.c: removed arbitrary limit on number of chars printed of - the tty name (truncated to 6 chars, which is silly), closes: #65404 - * tested this, and it works fine for me so long as pam_unix.so is called - with the nullok option (which it isn't by default because of security - concerns), closes: #75063 - * appears to be fixed by PAM, closes: #70627 - * src/useradd.c: user mkstemp instead of mktemp, per libc6 linktime - warning - * src/su.c: fixup arg handling passed to shell, closes: #75326 - - -- Ben Collins <bcollins@debian.org> Mon, 23 Oct 2000 13:22:29 -0400 - -shadow (19990827-21) unstable frozen; urgency=low - - * Added build deps - * Use pre-generated files for hurd/linux control file. The old method of - using cpp would have broken with the new gcc. - - -- Ben Collins <bcollins@debian.org> Wed, 26 Jul 2000 21:04:03 -0400 - -shadow (19990827-20) unstable frozen; urgency=low - - * Release Manager - None of these are marked as RC in the BTS, however, they do make the - package unsuitable for release. Since this is an essential package (IOW, - installed on every Debian system), I hope you can see how important it - is to make sure this package is perfect. None of the changes are - functional (except the fix in logoutd's init script, which was a 20 char - change), so please consider this for the next test cycle. - * Fix logoutd init script from spurious output when /etc/porttime is not - there, closes: #63962, #64067 - * su: Fix typo in usage output, closes: #60226 - * passwd: Fixed typo and missing newline in output for successful password - change, closes: #64106, #63703 - * passwd.1: Add documentation on the -f, -e, -s and -d command line - options, closes: #64339, #64410 - * login: Verified that utmp/wtmp works when called by telnet with -h - option, closes: #56854 - - -- Ben Collins <bcollins@debian.org> Tue, 23 May 2000 14:40:01 -0400 - -shadow (19990827-19) unstable frozen; urgency=low - - * debian/local/shells: added esh, closes: #59934 - * logoutd: modify to work with pam_time.so's time.conf file, modify - manpage to reflect this, closes: #61300 - * userdel.8: added note about group removal, closes: #56723 - * base-config handles md5 setup, closes: #60125 - * cppw: make sure it gets installed, closes: #62960 - * passwd: correct error message for "not you", closes: #61313 - * sulog.c: fixed extern for char (char foo[] -> char *foo), closes: #61643 - * userdel.8: documented userdel's exit values, closes: #54775 - * passwd: error messages are two fold, the second is actually from - pam_strerror(), closes: #61937 - * passwd: print "success" on successful password change, closes: #58676 - - -- Ben Collins <bcollins@debian.org> Sat, 29 Apr 2000 10:26:56 -0400 - -shadow (19990827-18) unstable frozen; urgency=low - - * Crap, all the bug fixes from -17 need to go to frozen too - - -- Ben Collins <bcollins@debian.org> Tue, 29 Feb 2000 14:57:14 -0500 - -shadow (19990827-17) unstable; urgency=low - - * Fixed typo in login.defs, closes: #54877 - * logoutd.init.d: Check for /etc/security/time.conf, closes: #54900 - * login.defs: Added note about the MAIL env option, closes: #54768 - * login.pam.d,passwd.pam.d: Use new options in pam_unix.so to enable - obsure password checks. This mimics the old behavior in pre-PAM - shadow, closes: #58203 - * Use patch from Topi Miettinen <tom@pluto.nic.fi> to add pam session - ability to su, closes: #57526, #55873, #57532 - * Made login's -f option also able to use the username after -- if none - was passed as it's optarg, closes: #53702 - - -- Ben Collins <bcollins@debian.org> Mon, 28 Feb 2000 12:37:22 -0500 - -shadow (19990827-16) unstable; urgency=low - - * got rid of g+s directories in the source tarball, closes: #54585 - * make su mode 4755 in the package. This way there is no chance of a - failed dpkg install causing it to be left without suid root perms - before suidmanager or chmod is called in the postinst. - * src/login.c: added faillog support to the pam_authenticate loop. This - loop is now completely rewritten, and should produce better results on - failures, closes: #53164 - - -- Ben Collins <bcollins@debian.org> Sun, 9 Jan 2000 23:35:08 -0500 - -shadow (19990827-15) unstable; urgency=low - - * src/su.c: moved signal() call to re-establish SIGINT to right place, - closes: #54496 - * src/login.c: if hostname is blank (not a remote login via rlogin or - telnet), then use the tty to log failures in syslog, closes: #53966 - * passwd: Locking a password by appending '!' appears to be pretty - standard, so ssh needs to check for it. - * passwd and login come with a README.pam that discusses the differences - between the PAM and old non-PAM versions. It also talks about where to - look for details. Also now that I have added the extra examples to the - pam.d files, I hope this satisfies...closes: #52917 - * A new package, base-config, which will be used by boot floppies is - going to have an option to configure MD5 usage for passwords. Since - this is the best place for it, and I don't really have any control - over it, I am .... closes: #47620 - * libmisc/chowntty.c: applied patch for read-only root, closes: #52069 - - -- Ben Collins <bcollins@debian.org> Sat, 8 Jan 2000 22:11:29 -0500 - -shadow (19990827-14) unstable; urgency=low - - * debian/local/shells: added /bin/zsh, closes: #53883 - - -- Ben Collins <bcollins@debian.org> Sun, 2 Jan 2000 13:51:42 -0500 - -shadow (19990827-13) unstable; urgency=low - - * su.c: ignore SIGINT while authenticating, closes: #52372 - * su.pam.d: added 2 new examples of how to allow su for wheel users - without prompting for a password, and also how to deny users of a - specific group. - - -- Ben Collins <bcollins@debian.org> Sat, 1 Jan 2000 22:29:46 -0500 - -shadow (19990827-12) unstable; urgency=low - - * Recompiled against latest libpam and up'd the module deps, - closes: #52171 - * login.pam.d: added "noenv" option so we don't clobber login's setting, - closes: #51441 - - -- Ben Collins <bcollins@debian.org> Tue, 14 Dec 1999 22:41:40 -0500 - -shadow (19990827-11) unstable; urgency=low - - * debian/passwd.in: add a preinst (matches login's) to fix the latest - build change (only affected hurd since it doesn't use login). - * debian/scripts/passwd.mk: use passwd.preinst instead of login.preinst - to complete the fix above. - - -- Ben Collins <bcollins@debian.org> Mon, 6 Dec 1999 18:25:07 -0500 - -shadow (19990827-10) unstable; urgency=low - - * src/login.c: only set pam_fail_delay if > 0. Also make the default 0 - so not defining it has the same affect as disabling it, closes: #51178 - * src/userdel.c: make sure we remove the shadow group entries when - removing the users own group, closes: #50005, #50138 - - -- Ben Collins <bcollins@debian.org> Fri, 26 Nov 1999 22:37:44 -0500 - -shadow (19990827-9) unstable; urgency=low - - * src/su.c: Fixed getopt parsing, and added a usage output - * man/su.1: minor typos - - -- Ben Collins <bcollins@debian.org> Mon, 8 Nov 1999 22:13:05 -0500 - -shadow (19990827-8) unstable; urgency=low - - * src/login.c: fixed loggin of username on succesful login (was using - the normal username, when it should have used pam_user), - closes: #47819 - * src/login.c: check for hushed login and pass PAM_SILENT if true, - closes: #48002 - * src/useradd.c: set def_shell to /bin/bash, closes: #48304 - * doc/README.debian: add note about how to avoid issues with nscd's - lag in aging the cache, closes: #48629 - * src/cppw.c: new program to assist copying a passwd/group file without - corruption, closes: #42141 - - -- Ben Collins <bcollins@debian.org> Tue, 2 Nov 1999 21:46:28 -0500 - -shadow (19990827-7) unstable; urgency=low - - * {passwd,login}.pam.d: added blurb about how to use the pam_cracklib - module, and also changed it to use pam_unix and not pam_pwdb (gah! - how did that happen?), closes: #46983 - * README.debian: changes to reflect new PAM usage aswell as removing - references to obsolete config files, closes: #46595 - * passwd.expire.cron: example script that informs users by email when - their accounts are about to expire, closes: #41393 - * lastlogin.c: added -h option and usage aswell as long option support, - closes: #45804 - * shadow now only has 3 wishlist bugs and nothing else - - -- Ben Collins <bcollins@debian.org> Sat, 9 Oct 1999 11:54:16 -0400 - -shadow (19990827-6) unstable; urgency=low - - * debian/shells: new file, needed to include /bin/sash, closes: #45826 - * useradd.8,groupadd.8: added note about the prefered use of adduser - and addgroup when conforming to Debian policy (taken from notes in - adduser's man pages), closes: #22821 - * dialups.5: new man page that documents /etc/{dialups,d_passwd}, - closes: #42212 - * src/su.c: added -m, -p and -s command line options to match GNU options, - also documented in su(1), closes: #45394, #46424 - * login.defs.5: clarified usage of TTYTYPE_FILE, closes: #23194 - * login.pam.d: added pam_issue.so which replaces the old ISSUE_FILE from - login.defs, this also allows it to grok escapes in the issue file, - also increases the MODDEPS to (>= 0.69-10). By default this module is - not enabled, closes: #21044 - * login.defs.pam.linux: added ISSUE_FILE to list of deprecated options - - -- Ben Collins <bcollins@debian.org> Mon, 4 Oct 1999 19:56:22 -0400 - -shadow (19990827-5) unstable; urgency=low - - * {login,su}.1: added description of a subsystem login, closes: #31987 - * src/chowndir.c: fixed recursive chown's on usermod, also changed it - to use lchown and lstat since we actually want that, closes: #46405 - * su.1: removed reference to suauth aswell as added "-c" to the SYNOPSIS, - closes: #45685 - * login.1: added options to the SYNOPSIS and documented OPTIONS, - closes: #28763 - * login.defs.5: documented the ENVIRON_FILE options (even though it's - not really used in the PAM version), close: #28786 - * 010_src_gpasswd.c: new patch, fixes changing group passwords when not - using shadow groups, closes: #25919 - * {chfn,chsh,login}.pam.d: added nullok to pam_unix.so auth line to - allow for passwordless accounts, closes: #46510 - * login.pam.d: add "standard" to the pam_mail option so we get old - style "You have..." login messages. - - -- Ben Collins <bcollins@debian.org> Sun, 3 Oct 1999 13:41:53 -0400 - -shadow (19990827-4) unstable; urgency=low - - * Alright, we are really getting some usage from this now, and seeing - some odd ball setups, so it means more work for me, but more stable - and feature filled software for you :) - * debian/{login,su}.pam.d: Fixed spelling errors, closes: #45234, #45235 - * debian/login.pam.d: Added commented pam_access.so reference and - description, closes: #45241 - * src/login.c: moved usage of setup_uid_gid() when PAM is enabled or - pam_groups.so's groups get clobbered - * src/newgrp.c: don't call sanitize_env() and also make sure we don't - check passwords when the user is trying to get back to their default - group, closes: #22244 - * Closed some other bugs that were either not really bugs, or they weren't - reproducable. - * debian/login.pam.d: moved around the pam_motd and pam_mail modules to - order them the same as old login would have done - - -- Ben Collins <bcollins@debian.org> Sun, 19 Sep 1999 19:42:13 -0400 - -shadow (19990827-3) unstable; urgency=low - - * This is a "Sit down and really fix some bugs" update. I'm going through - the ones that really need some work. - * src/vipw.c: use the system() call to invoke the editor so that it accepts - command line args in the EDITOR and VISUAL environment vars, closes: #31029 - * src/userdel.c: added code to remove user groups (of the same name) if there - were no members left and USERGROUPS_ENAB is set to yes, closes: #35046 - * login.defs: documented above change - * {login,passwd}.postinst: fixed some bashisms, closes: #45159 - * login.defs.pam.linux: documented the FAKE_SHELL option, closes: 31987 - * su.1,login.1: documented the subsystem root ability in login and su, closes: - * doc directory for both packages now includes the README.shadow-paper file - closes: #15391 - - -- Ben Collins <bcollins@debian.org> Sun, 19 Sep 1999 15:49:11 -0400 - -shadow (19990827-2) unstable; urgency=low - - * debian/rules: use "$(CC) -E" instead of "cpp" to make it easier to - cross compile for Hurd (requested by Marcus Brinkman). - * debian/login.pam.d: forgot to remove that comment about login not - being PAMified, it is and works fine. - * src/login.c: Added login.defs option to turn on and off the persistent - login, also give note on when it isn't and is needed in login.defs. - * lib/getdef.c: Added CLOSE_SESSIONS for above code. - * man/login.defs.5: document the new CLOSE_SESSION option for login - * logoutd: disabled until I can fix it to grok /etc/security/time.conf - - -- Ben Collins <bcollins@debian.org> Mon, 13 Sep 1999 18:57:47 -0400 - -shadow (19990827-1) unstable; urgency=low - - * New Maintainer, with Guy's consent. - closes: #22296, #22331 (closed some NMU bug reports) - * New upstream release, closes: #15879, #24712, #25739, #28785, #32991 - closes: #38672, #39933, #41060, #42480, #22534, #12690, #36150, #26412 - closes: #40398, #43750 - * Ok, now for some dusting and house cleaning (aka The Bug Killfile - Begins Here): - %%- login package - - Not a bug in login anymore, closes: #28098 - - No longer pertinent, and is not controlled by the login program, - closes: #23155 - - This does not appear to be a bug anymore, closes: #32424 - - This is not a login problem. Xterm itself prints the LOGIN message - and it does _not_ read login.access, closes: #16958 - - Seems to be fixed, closes: #28098 - - Huge list of "Fixed" bugs, that I want to close. I really need to - start with a clean slate in order to get some of this cleaned up, - closes: #3439, #11443, #13485, #13815, #15176, #15998, #16187, #17529 - closes: #17532, #17532, #18133, #18225, #20052, #20876, #21280, #21357 - closes: #21687, #21695, #21746, #21767, #22716, #24710 - - lastlog(8): Clarified differences in the usage of "login-name" and - UID, closes: #26727 - %%- passwd package - - newuser: appears to be working correctly and placing x, not !, - closes: #19620 - - userdel(8): added note about user's mail spool also being deleted, - closes: #20790 - - Can't reproduce this one, closes: #21639 - - -e expire_date - The date on which the user account will be dis- - abled. The date is specified in the format - MM/DD/YY. - Bug filer was trying to use an integer instead of the documented - format, closes: #22533 - - chfn's command line options seem to work for root and non-root, - closes: #25396 - - seems to have been fixed by the latest upstream, #25670 - - Removed references to shadow(3), closes: #32859 - - passwd only saves first 8 chars...duh :) closes: #33368 - - userdel can only do so much, the admin should know to check some - things on their own, closes: #35418 - - Lot's of Y2K issues fixed in this release, closes: #37232 - - useradd requires the -m option to make it create a home directory - if one does not exist, closes: #39581 - - useradd's -p option requires the password to already be encrypted - as documented in useradd(8), closes: #39870, #39874 - - More "Fixed" bugs in passwd, closes: #13753, #16893, #17894, #18132 - closes: #18628, #12691 - %%- su (no longer a package, but has bugs just the same, will be - forwarded to the login package soon) - - Sorry, but su (all su's) invoke the shell with -c "cmd". This is - documented, not a bug, it's a standard interface that su expects, - go fix sash's bug for not supporting it, closes: #14551 - - Acknoledged NMU: closes: #20058 - - More "Fixed" bugs getting closed...CLOSED AT LAST, closes: #17593 - closes: #20057, #12689 - * Switched to a new build setup (dbs) - * Split makes into seperate files to make it a little cleaner - * FHS compliance changes (usr/{doc,man} to usr/share/{doc,man}) - * debian/tar.c: removed - * su: su is now going to be provided by shadow's login package and - removed from shellutils (the shellutils maintainer agreed to this) - in preperation for future PAM support. Added conflicts with older - version of shellutils that does provide the su binary. - * debian/control.in: removed the secure-su package since login now - contains su and all of it's components - * debian/control.in: modified the package descriptions to be a little - more explicative of what they do. - * Upgraded standards version to 3.0.1.1 - * Setup suidmanager support for all +s apps, closes: #15705, #15704, #15699 - * Enabled PAM. Support now for su, passwd, chfn, chsh. I am working on the - support in login. - * expiry: Changed to be installed as sgid shadow instead of suid root - since it doesn't need root priviledges. Also added man page expiry(1) based - on the comments found in expiry.c. - * Removed bashism's in control scripts. Now lintian clean (smells fresh too) - * chage.c: Keep chage from locking when not running as root, since it just - needs to read the shadow and password files. This let's it run sgid shadow - instead of suid root. When run as root, it can lock files for editing. - * login.c: Pam support Works For Me(tm)! - * login.c: Fixed PAM's auth when PAM_USER was not set from the command line, - also call pam_fail_delay() with FAIL_DELAY as the arg before authentication. - * etc/login.defs.pam.linux: new file, reflects options that PAM takesover - * etc/login.defs.pam.hurd: new file, same for Hurd - * debian/passwd.mk: make sure that login.defs.5 get's installed for Hurd - * pam.d/: Modified defaults for each service to reflect the old style and also - added commented options on how to enable obsoleted options from login.defs - in the PAM Way(tm). - * debian/rules: removed --disable-desrpc from configure options since it was - supposedly just a workaround for glibc 2.0 - * src/login.c: reset pam_fail_delay after every failure - * debian/rules: remove debian/files on clean target - * src/login.c: removed setup_limits() and check_nologin() usage when PAM is - enabled - * debian/login.pam.d,debian/login.defs.pam.linux: made notes about the pam_limits.so - module, as well as pam_nologin.so - * debian/su.pam.d: made notes about pam_limits.so module - * debian/control.in: removed depends on libpam-motd since it is now in libpam-modules, - also make login conflict with secure-su - * debian/*: setup so that Hurd does not get PAM, since they don't have it ported - completely yet. - * debian/*: Final approach to a final upload, modified login.postinst to check old - obsolete conffiles to see if the user needs a notice that they are no longer used. - - -- Ben Collins <bcollins@debian.org> Sat, 11 Sep 1999 19:58:14 -0400 - -shadow (980403-0.3.3) unstable; urgency=low - - * Non maintainer upload. - * Add dpkg-architecture and cross compilation support to the package. - * Changes for the Hurd: - + Only build passwd, add etc/login.defs.hurd to this package. - + libmisc/rlogin.c: Conditionalize CBAUD, which is not portable. - - -- Marcus Brinkmann <brinkmd@debian.org> Thu, 5 Aug 1999 00:28:12 +0200 - -shadow (980403-0.3.2) unstable; urgency=low - - * configure.in patched for utmpx.h (for arm) - - -- Jim Pick <jim@jimpick.com> Sun, 4 Oct 1998 19:06:15 -0700 - -shadow (980403-0.3.1) frozen unstable; urgency=low - - * Non maintainer upload. - changes.{guess,sub} changed to recognize a Arm architecture. - - -- Turbo Fredriksson <turbo@debian.org> Fri, 14 Aug 1998 22:37:58 -0400 - -shadow (980403-0.3) frozen unstable; urgency=high - - * Non maintainer upload. - * src/login.c: Applied patch from <marekm@i17linuxb.ists.pwr.wroc.pl> to - fix security hole of login not checking the return code from setgid(), - initgroups() or setuid(). [#24710] - - -- James Troup <james@nocrew.org> Fri, 17 Jul 1998 18:56:31 +0100 - -shadow (980403-0.2) frozen unstable; urgency=low - - * (login.defs): fixed UMASK - (thanks to James Troup for noticing my screwup :) - * Pruned non-Debian changelog entries. - - -- Joel Klecker <jk@espy.org> Mon, 11 May 1998 11:25:22 -0700 - -shadow (980403-0.1) frozen unstable; urgency=low - - * Non-maintainer release. - * New upstream release (18225). - * (debian/login.postinst) - * Use 'touch' instead of 'cat >' when creating /var/log/faillog - (15998,16187,21687). - * No longer fails if no previous configured version exists (11433). - * (gpasswd): now checks which user invoked it before calling setuid() (18132). - * (debian/passwd.postinst): removed bashism (13753). - * (groupmod): NULL dereference fixed upstream, as a result, it no longer - dumps core when changing group name (16893,17894). - * (useradd): no longer segfaults if /etc/default/useradd is missing (18628). - * (login.defs.1): now documents more options (13485). - * (source): includes 'missing' (13815,18133,21280). - * (login.1): - * Removed mention of "d_passwd(5)", which doesn't exist, - and login.defs.5 now documents /etc/dialups (15176). - * Added /etc/nologin to FILES section and reference nologin(5) (21695). - * The URL mentioned in Bug#15391 is no longer valid. - * (login.defs): no longer sets ULIMIT (17529). - * (login): - * No longer uses static buffers for group lines (17532). - * Doesn't seem to make assumptions about gid_t any longer (21767). - * (faillog.8): s-/usr/adm-/var/log-g (19974). - * (lastlog.8): notes that "some systems" use /var/log instead of - /usr/adm (21746). - * Install upstream changelog as 'changelog.gz' as per policy (20052). - * (secure-su): Changed /etc/suauth to reference the group 'root' - instead of 'wheel' (17593). - - -- Joel Klecker <jk@espy.org> Thu, 30 Apr 1998 18:32:12 -0700 - -shadow (970616-1) unstable; urgency=low - - * Upstream upgrade. - * chage works (10561). - * Fix NIS behavior (5634,8734,10032,10545,10984,11160,12064). - * Wrote pwconv,pwunconv,grpconv,grpunconv manpage (10940). - * vipw fixes (10521,10696,11618,11924,12184,13001) - * Fixes for new automake. - * Compile with glibc2. (8627,8777,9824,11713,11719,12082,12108,11442). - * debian/rules fixes (8876,12468). - * /etc/login.defs: UMASK=002 (9102). - * chown /dev/vcs* on login (9421,13255). - * Added tty9-tty12 to /etc/securetty (11644). - * Provide template and manpage for /etc/limits (12289). - * Fix security hole in postinst (11769). - * login fills out ut_addr field in utmp (10701). - * shadowconfig.sh fixes (9189,9328,9386,10968,12452,12469). - * Overcome postinst bug in old shadow-passwd package (9939,12120). - * useradd default GROUP=100 (9244). - * Allow 8 bit chars in chfn (12367). - * secure-su - set HOME, use SHELL if set (11003,11189). - - -- Guy Maor <maor@ece.utexas.edu> Fri, 26 Sep 1997 19:23:42 -0500 - -shadow (970616) unstable; urgency=low - - * vipw preserves permissions on edited files (10521). - * various other bug fixes. - - -- Marek Michalkiewicz <marekm@piast.t19.ds.pwr.wroc.pl> Mon, 16 Jun 1997 02:02:00 +0200 - -shadow (970601) unstable; urgency=low - - * Fix typo in libmisc/mail.c causing login to segfault. - - -- Marek Michalkiewicz <marekm@piast.t19.ds.pwr.wroc.pl> Mon, 2 Jun 1997 07:33:00 +0200 - -shadow (970502-2) unstable; urgency=low - - * Fixes to shadow group support (grpconv didn't work). - - -- Marek Michalkiewicz <marekm@piast.t19.ds.pwr.wroc.pl> Fri, 2 May 1997 15:48:00 +0200 - -shadow (970502-1) unstable; urgency=low - - * Upstream upgrade. - - -- Marek Michalkiewicz <marekm@piast.t19.ds.pwr.wroc.pl> Fri, 2 May 1997 03:18:00 +0200 - -shadow (961025-2) frozen unstable; urgency=medium - - * Fix useradd -D segfault (8098, 8152, 8733). - * Fix shadowconfig - permfix only on xlock; /etc/init.d/xdm rewrite, chmod - (8102, 8320, 8333, 8708). - * Remove HOWTO from usr/doc/passwd as it's in linux-doc (8150). - * Fixes to su.1 (8153). - * login, passwd, su each conflict and replace with the old shadow-* - version. (8269, 8290, 8393, 8394). - * Put /etc/shells back in passwd (8328). - * Fixed login.postinst for upgrade from shadow-login (8392). - * Added -e to pwck for use in shadowconfig: reports only errors, no - warnings (8542). - * Wrote shadowconfig.8 (8588). - - -- Guy Maor <maor@ece.utexas.edu> Sat, 19 Apr 1997 02:34:59 -0500 - -shadow (961025-1) unstable; urgency=low - - * Upstream upgrade, new source format. - - -- Guy Maor <maor@ece.utexas.edu> Mon, 10 Feb 1997 02:56:56 -0600 - -shadow (960530-1) experimental; urgency=LOW - - * Added grpunconv script - * Changed prerm/postinst scripts to remove/create shadowed group - file - * Added vipw/vigr binaries - * Renamed package to shadow-passwd - * Added packages shadow-su and shadow-login - * Added 'Essential: yes' to be able to replace passwd and login - * Section now base for shadow-passwd and shadow-login - * Added /etc/shell conffile - * Added /etc/securetty conffile - * Added new conffile /etc/suauth. Set it up so only users in group 0 - can su to root. - - -- Unknown <unknown@debian.org> Mon, 01 Jul 1996 00:00:00 +0000 - -shadow (960810-1) base; urgency=LOW - - * Added useradd default file so that default group is no longer 1 - * Also corrected the useradd manpage - * Replaced grpunconv script by real binary which does correct - locking. - * Added 'source' field control file to control files - * Changed version naming in debian.rules - * New upstream version - - -- Unknown <unknown@debian.org> Mon, 01 Jan 1996 00:00:00 +0000 - diff --git a/debian/compat b/debian/compat deleted file mode 100644 index 1e8b3149..00000000 --- a/debian/compat +++ /dev/null @@ -1 +0,0 @@ -6 diff --git a/debian/control b/debian/control deleted file mode 100644 index 31d630c8..00000000 --- a/debian/control +++ /dev/null @@ -1,35 +0,0 @@ -Source: shadow -Section: admin -Priority: required -Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org> -Standards-Version: 3.9.3 -Uploaders: Christian Perrier <bubulle@debian.org>, Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> -Build-Depends: autoconf, automake1.9, libtool, gettext, libpam0g-dev, debhelper (>= 6.0.7~), quilt, dpkg-dev (>= 1.13.5), xsltproc, docbook-xsl, docbook-xml, libxml2-utils, cdbs, libselinux1-dev [linux-any], libsemanage1-dev [linux-any], gnome-doc-utils (>= 0.4.3) -Vcs-Svn: svn://svn.debian.org/svn/pkg-shadow/debian/trunk -Vcs-Browser: http://svn.debian.org/viewsvn/pkg-shadow/debian/trunk -Homepage: http://pkg-shadow.alioth.debian.org/ - -Package: passwd -Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-modules, debianutils (>= 2.15.2) -Replaces: manpages-tr (<<1.0.5), manpages-zh (<<1.5.1-1) -Multi-Arch: foreign -Description: change and administer password and group data - This package includes passwd, chsh, chfn, and many other programs to - maintain password and group data. - . - Shadow passwords are supported. See /usr/share/doc/passwd/README.Debian - -Package: login -Architecture: any -Pre-Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime, libpam-modules -Conflicts: gnunet (<< 0.7.0c-2), amavisd-new (<<2.3.3-8), python-4suite (<< 0.99cvs20060405-1), backupninja (<< 0.9.3-5), echolot (<< 2.1.8-4) -Replaces: manpages-de (<< 0.5-3), manpages-tr (<<1.0.5), manpages-zh (<<1.5.1-1) -Essential: yes -Description: system login tools - These tools are required to be able to login and use your system. The - login program invokes your user shell and enables command execution. The - newgrp program is used to change your effective group ID (useful for - workgroup type situations). The su program allows changing your effective - user ID (useful being able to execute commands as another user). - diff --git a/debian/copyright b/debian/copyright deleted file mode 100644 index 1341cd07..00000000 --- a/debian/copyright +++ /dev/null @@ -1,103 +0,0 @@ -This is Debian GNU/Linux's prepackaged version of the shadow utilities. - -It was downloaded from: <ftp://ftp.pld.org.pl/software/shadow/>. -As of May 2007, this site is no longer available. - -Copyright: - -Parts of this software are copyright 1988 - 1994, Julianne Frances Haugh. -All rights reserved. - -Parts of this software are copyright 1997 - 2001, Marek Michałkiewicz. -All rights reserved. - -Parts of this software are copyright 2001 - 2004, Andrzej Krzysztofowicz -All rights reserved. - -Parts of this software are copyright 2000 - 2007, Tomasz Kłoczko. -All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: -1. Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. -2. Redistributions in binary form must reproduce the above copyright - notice, this list of conditions and the following disclaimer in the - documentation and/or other materials provided with the distribution. -3. Neither the name of Julianne F. Haugh nor the names of its contributors - may be used to endorse or promote products derived from this software - without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -SUCH DAMAGE. - -This source code is currently archived on ftp.uu.net in the -comp.sources.misc portion of the USENET archives. You may also contact -the author, Julianne F. Haugh, at jockgrrl@ix.netcom.com if you have -any questions regarding this package. - -THIS SOFTWARE IS BEING DISTRIBUTED AS-IS. THE AUTHORS DISCLAIM ALL -LIABILITY FOR ANY CONSEQUENCES OF USE. THE USER IS SOLELY RESPONSIBLE -FOR THE MAINTENANCE OF THIS SOFTWARE PACKAGE. THE AUTHORS ARE UNDER NO -OBLIGATION TO PROVIDE MODIFICATIONS OR IMPROVEMENTS. THE USER IS -ENCOURAGED TO TAKE ANY AND ALL STEPS NEEDED TO PROTECT AGAINST ACCIDENTAL -LOSS OF INFORMATION OR MACHINE RESOURCES. - -Special thanks are due to Chip Rosenthal for his fine testing efforts; -to Steve Simmons for his work in porting this code to BSD; and to Bill -Kennedy for his contributions of LaserJet printer time and energies. -Also, thanks for Dennis L. Mumaugh for the initial shadow password -information and to Tony Walton (olapw@olgb1.oliv.co.uk) for the System -V Release 4 changes. Effort in porting to SunOS has been contributed -by Dr. Michael Newberry (miken@cs.adfa.oz.au) and Micheal J. Miller, Jr. -(mke@kaberd.rain.com). Effort in porting to AT&T UNIX System V Release -4 has been provided by Andrew Herbert (andrew@werple.pub.uu.oz.au). -Special thanks to Marek Michalkiewicz (marekm@i17linuxb.ists.pwr.wroc.pl) -for taking over the Linux port of this software. - -Source files: login_access.c, login_desrpc.c, login_krb.c are derived -from the logdaemon-5.0 package, which is under the following license: - -/************************************************************************ -* Copyright 1995 by Wietse Venema. All rights reserved. Individual files -* may be covered by other copyrights (as noted in the file itself.) -* -* This material was originally written and compiled by Wietse Venema at -* Eindhoven University of Technology, The Netherlands, in 1990, 1991, -* 1992, 1993, 1994 and 1995. -* -* Redistribution and use in source and binary forms are permitted -* provided that this entire copyright notice is duplicated in all such -* copies. -* -* This software is provided "as is" and without any expressed or implied -* warranties, including, without limitation, the implied warranties of -* merchantibility and fitness for any particular purpose. -************************************************************************/ - -Some parts substantially in src/su.c derived from an ancestor of -su for GNU. Run a shell with substitute user and group IDs. -Copyright (C) 1992-2003 Free Software Foundation, Inc. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - On Debian GNU/Linux systems, the complete text of the GNU General Public - License can be found in '/usr/share/common-licenses/GPL' diff --git a/debian/cpgr.8 b/debian/cpgr.8 deleted file mode 100644 index d62ec36f..00000000 --- a/debian/cpgr.8 +++ /dev/null @@ -1 +0,0 @@ -.so man8/cppw.8 diff --git a/debian/cppw.8 b/debian/cppw.8 deleted file mode 100644 index 6a9cc6fc..00000000 --- a/debian/cppw.8 +++ /dev/null @@ -1,27 +0,0 @@ -.TH CPPW 8 "7 Apr 2005" -.SH NAME -cppw, cpgr \- copy with locking the given file to the password or group file -.SH SYNOPSIS -\fBcppw\fR [\fB\-h\fR] [\fB\-s\fR] password_file -.br -\fBcpgr\fR [\fB\-h\fR] [\fB\-s\fR] group_file - -.SH DESCRIPTION -.BR cppw " and " cpgr -will copy, with locking, the given file to -.IR /etc/passwd " and " /etc/group ", respectively." -With the \fB\-s\fR flag, they will copy the shadow versions of those files, -.IR /etc/shadow " and " /etc/gshadow ", respectively." - -With the \fB\-h\fR flag, the commands display a short help message and exit -silently. -.SH "SEE ALSO" -.BR vipw (8), -.BR vigr (8), -.BR group (5), -.BR passwd (5), -.BR shadow (5), -.BR gshadow (5) -.SH AUTHOR -\fBcppw\fR and \fBcpgr\fR were written by Stephen Frost, based on -\fBvipw\fR and \fBvigr\fR written by Guy Maor. diff --git a/debian/dependencies b/debian/dependencies deleted file mode 100644 index e8cc1418..00000000 --- a/debian/dependencies +++ /dev/null @@ -1,94 +0,0 @@ -Build-Depends: -============== - * autoconf - * automake1.9 - works with 1.7 or 1.9 (at least) - * libtool - * gettext - POT, PO, GMO regenerated? - * libpam0g-dev - OK - * debhelper (>= 4.1.16) - * po-debconf - OK - * quilt - patch system - * dpkg-dev (>= 1.13.5) - * xsltproc - used to generate the manpages - * docbook-xsl - needed for /usr/share/xml/docbook/stylesheet/nwalsh/manpages/docbook.xsl - * docbook-xml - manpages/docbook.xsl includes html/docbook.xsl - (But it is not strictly needed. The generated manpages are identical. - Without it, a warning is generated.) - Needed by JH_CHECK_XML_CATALOG([-//OASIS//DTD DocBook XML V4.1.2//EN], [DocBook XML DTD V4.1.2], [], enable_man=no) - * libxml2-utils - needed by the JH_CHECK_XML_CATALOG macros - * cdbs - used in debian/rules - * libselinux1-dev [!hurd-i386 !kfreebsd-i386 !kfreebsd-amd64] - * gnome-doc-utils (>= 0.4.3-1) - xml2po, 0.4.3-1 needed for the -l switch. - -passwd Depends: -=============== - * ${shlibs:Depends} - OK - * ${loginpam} - - hurd - login - libpam-modules (>= 0.72-5) - - other archs - + login (>= 970502-1) - login is needed because some passwd utils need /etc/login.defs - login is Essential, so this is just to enforce the version - + libpam-modules (>= 0.72-5) - * debianutils (>= 2.15.2) - After 1:4.0.12-6, {add,remove}-shell are distributed in debianutils (2.15) - /etc/shell was forgotten and introduced in debianutils in 2.15.2 - -passwd Conflicts: -================= - -passwd Replaces: -================ - Some of the passwd man pages are also distributed in some manpages* packages. - Look at the debian/02/run test to optimize these dependencies. - NOTE: Not all maintainers have been notified. - * manpages-de (<< 0.4-9), manpages-fi (<< 0.2-4), manpages-fr (<<1.64.0-1), manpages-hu (<< 20010119-5), manpages-it (<< 0.3.4-3), manpages-ja (<< 0.5.0.0.20050915-1), manpages-ko (<< 20050219-2), manpages-es (<< 1.55-4), manpages-es-extra (<< 0.8a-15), manpages-ru (<< 0.98-3) - All those packages have been updated during sarge->etch. So these Replaces - should be removed after lenny release - * manpages-tr, manpages-zh - Those packages are still in etch, so the Replaces should be kept even - after lenny release - -login Pre-Depends: -================== - * ${shlibs:Depends} - * libpam-runtime (>= 0.76-14) - sarge contained 0.76-22 - -Why Pre-Depends? (because it's an essential package?) - -login Depends: -============== - * libpam-modules (>= 0.72-5) - libpam-modules is needed. - potato contained 0.72-9 - -login Conflicts: -================ - -login Replaces: -=============== - * Some of the login man pages are also distributed in some manpages* packages. - Look at the debian/02/run test to optimize these dependencies. - NOTE: Not all maintainers have been notified. - - manpages-fi, manpages-fr (<<1.64.0-1), manpages-hu, manpages-it, manpages-ko, manpages-ja (<< 0.5.0.0.20050915-1), manpages-de (<< 0.4-10), manpages-es-extra (<<0.8a-15) - Those are packages that have been updated during sarge->etch. These - Replaces should be removed after lenny - - manpages-tr, manpages-zh - Those packages are still in etch, so the Replaces should be kept even - after lenny release - diff --git a/debian/login.defs b/debian/login.defs deleted file mode 100644 index 968c6578..00000000 --- a/debian/login.defs +++ /dev/null @@ -1,335 +0,0 @@ -# -# /etc/login.defs - Configuration control definitions for the login package. -# -# Three items must be defined: MAIL_DIR, ENV_SUPATH, and ENV_PATH. -# If unspecified, some arbitrary (and possibly incorrect) value will -# be assumed. All other items are optional - if not specified then -# the described action or option will be inhibited. -# -# Comment lines (lines beginning with "#") and blank lines are ignored. -# -# Modified for Linux. --marekm - -# REQUIRED for useradd/userdel/usermod -# Directory where mailboxes reside, _or_ name of file, relative to the -# home directory. If you _do_ define MAIL_DIR and MAIL_FILE, -# MAIL_DIR takes precedence. -# -# Essentially: -# - MAIL_DIR defines the location of users mail spool files -# (for mbox use) by appending the username to MAIL_DIR as defined -# below. -# - MAIL_FILE defines the location of the users mail spool files as the -# fully-qualified filename obtained by prepending the user home -# directory before $MAIL_FILE -# -# NOTE: This is no more used for setting up users MAIL environment variable -# which is, starting from shadow 4.0.12-1 in Debian, entirely the -# job of the pam_mail PAM modules -# See default PAM configuration files provided for -# login, su, etc. -# -# This is a temporary situation: setting these variables will soon -# move to /etc/default/useradd and the variables will then be -# no more supported -MAIL_DIR /var/mail -#MAIL_FILE .mail - -# -# Enable logging and display of /var/log/faillog login failure info. -# This option conflicts with the pam_tally PAM module. -# -FAILLOG_ENAB yes - -# -# Enable display of unknown usernames when login failures are recorded. -# -# WARNING: Unknown usernames may become world readable. -# See #290803 and #298773 for details about how this could become a security -# concern -LOG_UNKFAIL_ENAB no - -# -# Enable logging of successful logins -# -LOG_OK_LOGINS no - -# -# Enable "syslog" logging of su activity - in addition to sulog file logging. -# SYSLOG_SG_ENAB does the same for newgrp and sg. -# -SYSLOG_SU_ENAB yes -SYSLOG_SG_ENAB yes - -# -# If defined, all su activity is logged to this file. -# -#SULOG_FILE /var/log/sulog - -# -# If defined, file which maps tty line to TERM environment parameter. -# Each line of the file is in a format something like "vt100 tty01". -# -#TTYTYPE_FILE /etc/ttytype - -# -# If defined, login failures will be logged here in a utmp format -# last, when invoked as lastb, will read /var/log/btmp, so... -# -FTMP_FILE /var/log/btmp - -# -# If defined, the command name to display when running "su -". For -# example, if this is defined as "su" then a "ps" will display the -# command is "-su". If not defined, then "ps" would display the -# name of the shell actually being run, e.g. something like "-sh". -# -SU_NAME su - -# -# If defined, file which inhibits all the usual chatter during the login -# sequence. If a full pathname, then hushed mode will be enabled if the -# user's name or shell are found in the file. If not a full pathname, then -# hushed mode will be enabled if the file exists in the user's home directory. -# -HUSHLOGIN_FILE .hushlogin -#HUSHLOGIN_FILE /etc/hushlogins - -# -# *REQUIRED* The default PATH settings, for superuser and normal users. -# -# (they are minimal, add the rest in the shell startup files) -ENV_SUPATH PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin -ENV_PATH PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games - -# -# Terminal permissions -# -# TTYGROUP Login tty will be assigned this group ownership. -# TTYPERM Login tty will be set to this permission. -# -# If you have a "write" program which is "setgid" to a special group -# which owns the terminals, define TTYGROUP to the group number and -# TTYPERM to 0620. Otherwise leave TTYGROUP commented out and assign -# TTYPERM to either 622 or 600. -# -# In Debian /usr/bin/bsd-write or similar programs are setgid tty -# However, the default and recommended value for TTYPERM is still 0600 -# to not allow anyone to write to anyone else console or terminal - -# Users can still allow other people to write them by issuing -# the "mesg y" command. - -TTYGROUP tty -TTYPERM 0600 - -# -# Login configuration initializations: -# -# ERASECHAR Terminal ERASE character ('\010' = backspace). -# KILLCHAR Terminal KILL character ('\025' = CTRL/U). -# UMASK Default "umask" value. -# -# The ERASECHAR and KILLCHAR are used only on System V machines. -# -# UMASK is the default umask value for pam_umask and is used by -# useradd and newusers to set the mode of the new home directories. -# 022 is the "historical" value in Debian for UMASK -# 027, or even 077, could be considered better for privacy -# There is no One True Answer here : each sysadmin must make up his/her -# mind. -# -# Prefix these values with "0" to get octal, "0x" to get hexadecimal. -# -ERASECHAR 0177 -KILLCHAR 025 -UMASK 022 - -# -# Password aging controls: -# -# PASS_MAX_DAYS Maximum number of days a password may be used. -# PASS_MIN_DAYS Minimum number of days allowed between password changes. -# PASS_WARN_AGE Number of days warning given before a password expires. -# -PASS_MAX_DAYS 99999 -PASS_MIN_DAYS 0 -PASS_WARN_AGE 7 - -# -# Min/max values for automatic uid selection in useradd -# -UID_MIN 1000 -UID_MAX 60000 -# System accounts -#SYS_UID_MIN 100 -#SYS_UID_MAX 999 - -# -# Min/max values for automatic gid selection in groupadd -# -GID_MIN 1000 -GID_MAX 60000 -# System accounts -#SYS_GID_MIN 100 -#SYS_GID_MAX 999 - -# -# Max number of login retries if password is bad. This will most likely be -# overriden by PAM, since the default pam_unix module has it's own built -# in of 3 retries. However, this is a safe fallback in case you are using -# an authentication module that does not enforce PAM_MAXTRIES. -# -LOGIN_RETRIES 5 - -# -# Max time in seconds for login -# -LOGIN_TIMEOUT 60 - -# -# Which fields may be changed by regular users using chfn - use -# any combination of letters "frwh" (full name, room number, work -# phone, home phone). If not defined, no changes are allowed. -# For backward compatibility, "yes" = "rwh" and "no" = "frwh". -# -CHFN_RESTRICT rwh - -# -# Should login be allowed if we can't cd to the home directory? -# Default in no. -# -DEFAULT_HOME yes - -# -# If defined, this command is run when removing a user. -# It should remove any at/cron/print jobs etc. owned by -# the user to be removed (passed as the first argument). -# -#USERDEL_CMD /usr/sbin/userdel_local - -# -# If set to yes, userdel will remove the user´s group if it contains no -# more members, and useradd will create by default a group with the name -# of the user. -# -# Other former uses of this variable such as setting the umask when -# user==primary group are not used in PAM environments, such as Debian -# -USERGROUPS_ENAB yes - -# -# Instead of the real user shell, the program specified by this parameter -# will be launched, although its visible name (argv[0]) will be the shell's. -# The program may do whatever it wants (logging, additional authentification, -# banner, ...) before running the actual shell. -# -# FAKE_SHELL /bin/fakeshell - -# -# If defined, either full pathname of a file containing device names or -# a ":" delimited list of device names. Root logins will be allowed only -# upon these devices. -# -# This variable is used by login and su. -# -#CONSOLE /etc/consoles -#CONSOLE console:tty01:tty02:tty03:tty04 - -# -# List of groups to add to the user's supplementary group set -# when logging in on the console (as determined by the CONSOLE -# setting). Default is none. -# -# Use with caution - it is possible for users to gain permanent -# access to these groups, even when not logged in on the console. -# How to do it is left as an exercise for the reader... -# -# This variable is used by login and su. -# -#CONSOLE_GROUPS floppy:audio:cdrom - -# -# If set to "yes", new passwords will be encrypted using the MD5-based -# algorithm compatible with the one used by recent releases of FreeBSD. -# It supports passwords of unlimited length and longer salt strings. -# Set to "no" if you need to copy encrypted passwords to other systems -# which don't understand the new algorithm. Default is "no". -# -# This variable is deprecated. You should use ENCRYPT_METHOD. -# -#MD5_CRYPT_ENAB no - -# -# If set to MD5 , MD5-based algorithm will be used for encrypting password -# If set to SHA256, SHA256-based algorithm will be used for encrypting password -# If set to SHA512, SHA512-based algorithm will be used for encrypting password -# If set to DES, DES-based algorithm will be used for encrypting password (default) -# Overrides the MD5_CRYPT_ENAB option -# -# Note: It is recommended to use a value consistent with -# the PAM modules configuration. -# -ENCRYPT_METHOD SHA512 - -# -# Only used if ENCRYPT_METHOD is set to SHA256 or SHA512. -# -# Define the number of SHA rounds. -# With a lot of rounds, it is more difficult to brute forcing the password. -# But note also that it more CPU resources will be needed to authenticate -# users. -# -# If not specified, the libc will choose the default number of rounds (5000). -# The values must be inside the 1000-999999999 range. -# If only one of the MIN or MAX values is set, then this value will be used. -# If MIN > MAX, the highest value will be used. -# -# SHA_CRYPT_MIN_ROUNDS 5000 -# SHA_CRYPT_MAX_ROUNDS 5000 - -################# OBSOLETED BY PAM ############## -# # -# These options are now handled by PAM. Please # -# edit the appropriate file in /etc/pam.d/ to # -# enable the equivelants of them. -# -############### - -#MOTD_FILE -#DIALUPS_CHECK_ENAB -#LASTLOG_ENAB -#MAIL_CHECK_ENAB -#OBSCURE_CHECKS_ENAB -#PORTTIME_CHECKS_ENAB -#SU_WHEEL_ONLY -#CRACKLIB_DICTPATH -#PASS_CHANGE_TRIES -#PASS_ALWAYS_WARN -#ENVIRON_FILE -#NOLOGINS_FILE -#ISSUE_FILE -#PASS_MIN_LEN -#PASS_MAX_LEN -#ULIMIT -#ENV_HZ -#CHFN_AUTH -#CHSH_AUTH -#FAIL_DELAY - -################# OBSOLETED ####################### -# # -# These options are no more handled by shadow. # -# # -# Shadow utilities will display a warning if they # -# still appear. # -# # -################################################### - -# CLOSE_SESSIONS -# LOGIN_STRING -# NO_PASSWORD_CONSOLE -# QMAIL_DIR - - - diff --git a/debian/login.dirs b/debian/login.dirs deleted file mode 100644 index 1da8fba8..00000000 --- a/debian/login.dirs +++ /dev/null @@ -1 +0,0 @@ -usr/share/lintian/overrides diff --git a/debian/login.install b/debian/login.install deleted file mode 100644 index a031ee7a..00000000 --- a/debian/login.install +++ /dev/null @@ -1,25 +0,0 @@ -usr/share/locale/*/LC_MESSAGES/shadow.mo -usr/share/man/*/man1/login.1 -usr/share/man/*/man1/newgrp.1 -usr/share/man/*/man1/sg.1 -usr/share/man/*/man1/su.1 -usr/share/man/*/man5/faillog.5 -usr/share/man/*/man5/login.defs.5 -usr/share/man/*/man8/faillog.8 -usr/share/man/*/man8/lastlog.8 -usr/share/man/*/man8/nologin.8 -usr/share/man/man1/login.1 -usr/share/man/man1/newgrp.1 -usr/share/man/man1/sg.1 -usr/share/man/man1/su.1 -usr/share/man/man5/faillog.5 -usr/share/man/man5/login.defs.5 -usr/share/man/man8/faillog.8 -usr/share/man/man8/lastlog.8 -usr/share/man/man8/nologin.8 -usr/sbin/nologin -usr/bin/faillog -usr/bin/lastlog -usr/bin/newgrp -bin/login -bin/su diff --git a/debian/login.links b/debian/login.links deleted file mode 100644 index 3886f8f2..00000000 --- a/debian/login.links +++ /dev/null @@ -1 +0,0 @@ -usr/bin/newgrp usr/bin/sg diff --git a/debian/login.lintian-overrides b/debian/login.lintian-overrides deleted file mode 100644 index 489928d2..00000000 --- a/debian/login.lintian-overrides +++ /dev/null @@ -1,3 +0,0 @@ -login: setuid-binary usr/bin/newgrp 4755 root/root -login: setuid-binary bin/su 4755 root/root -login: possible-missing-colon-in-closes l667:closes bug 336321 diff --git a/debian/login.pam b/debian/login.pam deleted file mode 100644 index 14dc2cdd..00000000 --- a/debian/login.pam +++ /dev/null @@ -1,110 +0,0 @@ -# -# The PAM configuration file for the Shadow `login' service -# - -# Enforce a minimal delay in case of failure (in microseconds). -# (Replaces the `FAIL_DELAY' setting from login.defs) -# Note that other modules may require another minimal delay. (for example, -# to disable any delay, you should add the nodelay option to pam_unix) -auth optional pam_faildelay.so delay=3000000 - -# Outputs an issue file prior to each login prompt (Replaces the -# ISSUE_FILE option from login.defs). Uncomment for use -# auth required pam_issue.so issue=/etc/issue - -# Disallows root logins except on tty's listed in /etc/securetty -# (Replaces the `CONSOLE' setting from login.defs) -# -# With the default control of this module: -# [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] -# root will not be prompted for a password on insecure lines. -# if an invalid username is entered, a password is prompted (but login -# will eventually be rejected) -# -# You can change it to a "requisite" module if you think root may mis-type -# her login and should not be prompted for a password in that case. But -# this will leave the system as vulnerable to user enumeration attacks. -# -# You can change it to a "required" module if you think it permits to -# guess valid user names of your system (invalid user names are considered -# as possibly being root on insecure lines), but root passwords may be -# communicated over insecure lines. -auth [success=ok new_authtok_reqd=ok ignore=ignore user_unknown=bad default=die] pam_securetty.so - -# Disallows other than root logins when /etc/nologin exists -# (Replaces the `NOLOGINS_FILE' option from login.defs) -auth requisite pam_nologin.so - -# SELinux needs to be the first session rule. This ensures that any -# lingering context has been cleared. Without out this it is possible -# that a module could execute code in the wrong domain. -# When the module is present, "required" would be sufficient (When SELinux -# is disabled, this returns success.) -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close - -# This module parses environment configuration file(s) -# and also allows you to use an extended config -# file /etc/security/pam_env.conf. -# -# parsing /etc/environment needs "readenv=1" -session required pam_env.so readenv=1 -# locale variables are also kept into /etc/default/locale in etch -# reading this file *in addition to /etc/environment* does not hurt -session required pam_env.so readenv=1 envfile=/etc/default/locale - -# Standard Un*x authentication. -@include common-auth - -# This allows certain extra groups to be granted to a user -# based on things like time of day, tty, service, and user. -# Please edit /etc/security/group.conf to fit your needs -# (Replaces the `CONSOLE_GROUPS' option in login.defs) -auth optional pam_group.so - -# Uncomment and edit /etc/security/time.conf if you need to set -# time restrainst on logins. -# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs -# as well as /etc/porttime) -# account requisite pam_time.so - -# Uncomment and edit /etc/security/access.conf if you need to -# set access limits. -# (Replaces /etc/login.access file) -# account required pam_access.so - -# Sets up user limits according to /etc/security/limits.conf -# (Replaces the use of /etc/limits in old login) -session required pam_limits.so - -# Prints the last login info upon succesful login -# (Replaces the `LASTLOG_ENAB' option from login.defs) -session optional pam_lastlog.so - -# Prints the message of the day upon succesful login. -# (Replaces the `MOTD_FILE' option in login.defs) -# This includes a dynamically generated part from /run/motd.dynamic -# and a static (admin-editable) part from /etc/motd. -session optional pam_motd.so motd=/run/motd.dynamic noupdate -session optional pam_motd.so - -# Prints the status of the user's mailbox upon succesful login -# (Replaces the `MAIL_CHECK_ENAB' option from login.defs). -# -# This also defines the MAIL environment variable -# However, userdel also needs MAIL_DIR and MAIL_FILE variables -# in /etc/login.defs to make sure that removing a user -# also removes the user's mail spool file. -# See comments in /etc/login.defs -session optional pam_mail.so standard - -# Standard Un*x account and session -@include common-account -@include common-session -@include common-password - -# SELinux needs to intervene at login time to ensure that the process -# starts in the proper default security context. Only sessions which are -# intended to run in the user's context should be run after this. -session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open -# When the module is present, "required" would be sufficient (When SELinux -# is disabled, this returns success.) diff --git a/debian/login.postinst b/debian/login.postinst deleted file mode 100644 index 59d6b7fc..00000000 --- a/debian/login.postinst +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh -e - -if test "$1" = configure -then - if test -f /etc/init.d/logoutd - then - if test "$(md5sum /etc/init.d/logoutd)" = "9080f92783dd53f6f2108e698c06bd53 /etc/init.d/logoutd" - then - echo "removing logoutd cruft" - rm /etc/init.d/logoutd - update-rc.d logoutd remove - fi - fi -fi -rm -f /etc/pam.d/login.pre-upgrade 2>/dev/null - -if [ "$1" = "configure" ] && [ "$2" = "" ] -then - # Install faillog during initial installs only - if [ ! -f /var/log/faillog ] ; then - touch /var/log/faillog - chown root:root /var/log/faillog - chmod 644 /var/log/faillog - fi -fi - -#DEBHELPER# - -exit 0 diff --git a/debian/login.preinst b/debian/login.preinst deleted file mode 100644 index fc7f5985..00000000 --- a/debian/login.preinst +++ /dev/null @@ -1,52 +0,0 @@ -#! /bin/sh - -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * <new-preinst> `install' -# * <new-preinst> `install' <old-version> -# * <new-preinst> `upgrade' <old-version> -# * <old-preinst> `abort-upgrade' <new-version> -# -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package - -remove_md5() { - if md5sum $1 2>/dev/null |grep -q $2; then - cp $1 $1.pre-upgrade - sed -e '/^[^#][ \t]*assword[ \t]*required[ \t]*pam_unix.so/ s/ md5$//' $1 >$1.post-upgrade \ - && mv $1.post-upgrade $1 - fi - } - - -case "$1" in - install|upgrade) - if [ "x$2" != "x" ] ; then - if dpkg --compare-versions $2 lt 1:4.0.3 ; then - remove_md5 /etc/pam.d/login 5e61c3334e25625fe1fa4d79cf9123ff - fi - fi - - ;; - - abort-upgrade) - ;; - - *) - echo "preinst called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 - - diff --git a/debian/login.su.pam b/debian/login.su.pam deleted file mode 100644 index c1a84aec..00000000 --- a/debian/login.su.pam +++ /dev/null @@ -1,62 +0,0 @@ -# -# The PAM configuration file for the Shadow `su' service -# - -# This allows root to su without passwords (normal operation) -auth sufficient pam_rootok.so - -# Uncomment this to force users to be a member of group root -# before they can use `su'. You can also add "group=foo" -# to the end of this line if you want to use a group other -# than the default "root" (but this may have side effect of -# denying "root" user, unless she's a member of "foo" or explicitly -# permitted earlier by e.g. "sufficient pam_rootok.so"). -# (Replaces the `SU_WHEEL_ONLY' option from login.defs) -# auth required pam_wheel.so - -# Uncomment this if you want wheel members to be able to -# su without a password. -# auth sufficient pam_wheel.so trust - -# Uncomment this if you want members of a specific group to not -# be allowed to use su at all. -# auth required pam_wheel.so deny group=nosu - -# Uncomment and edit /etc/security/time.conf if you need to set -# time restrainst on su usage. -# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs -# as well as /etc/porttime) -# account requisite pam_time.so - -# This module parses environment configuration file(s) -# and also allows you to use an extended config -# file /etc/security/pam_env.conf. -# -# parsing /etc/environment needs "readenv=1" -session required pam_env.so readenv=1 -# locale variables are also kept into /etc/default/locale in etch -# reading this file *in addition to /etc/environment* does not hurt -session required pam_env.so readenv=1 envfile=/etc/default/locale - -# Defines the MAIL environment variable -# However, userdel also needs MAIL_DIR and MAIL_FILE variables -# in /etc/login.defs to make sure that removing a user -# also removes the user's mail spool file. -# See comments in /etc/login.defs -# -# "nopen" stands to avoid reporting new mail when su'ing to another user -session optional pam_mail.so nopen - -# Sets up user limits, please uncomment and read /etc/security/limits.conf -# to enable this functionality. -# (Replaces the use of /etc/limits in old login) -# session required pam_limits.so - -# The standard Unix authentication modules, used with -# NIS (man nsswitch) as well as normal /etc/passwd and -# /etc/shadow entries. -@include common-auth -@include common-account -@include common-session - - diff --git a/debian/passwd.chage.pam b/debian/passwd.chage.pam deleted file mode 100644 index d31356e8..00000000 --- a/debian/passwd.chage.pam +++ /dev/null @@ -1,8 +0,0 @@ -# The PAM configuration file for the Shadow 'chage' service -# - -# This allows root to change password aging being prompted for a password -auth sufficient pam_rootok.so - -# checks for account validity -account required pam_permit.so diff --git a/debian/passwd.chfn.pam b/debian/passwd.chfn.pam deleted file mode 100644 index 10fcf07b..00000000 --- a/debian/passwd.chfn.pam +++ /dev/null @@ -1,16 +0,0 @@ -# -# The PAM configuration file for the Shadow `chfn' service -# - -# This allows root to change user infomation without being -# prompted for a password -auth sufficient pam_rootok.so - -# The standard Unix authentication modules, used with -# NIS (man nsswitch) as well as normal /etc/passwd and -# /etc/shadow entries. -@include common-auth -@include common-account -@include common-session - - diff --git a/debian/passwd.chpasswd.pam b/debian/passwd.chpasswd.pam deleted file mode 100644 index da2adcc9..00000000 --- a/debian/passwd.chpasswd.pam +++ /dev/null @@ -1,5 +0,0 @@ -# The PAM configuration file for the Shadow 'chpasswd' service -# - -@include common-password - diff --git a/debian/passwd.chsh.pam b/debian/passwd.chsh.pam deleted file mode 100644 index 7eb604d7..00000000 --- a/debian/passwd.chsh.pam +++ /dev/null @@ -1,20 +0,0 @@ -# -# The PAM configuration file for the Shadow `chsh' service -# - -# This will not allow a user to change their shell unless -# their current one is listed in /etc/shells. This keeps -# accounts with special shells from changing them. -auth required pam_shells.so - -# This allows root to change user shell without being -# prompted for a password -auth sufficient pam_rootok.so - -# The standard Unix authentication modules, used with -# NIS (man nsswitch) as well as normal /etc/passwd and -# /etc/shadow entries. -@include common-auth -@include common-account -@include common-session - diff --git a/debian/passwd.cron.daily b/debian/passwd.cron.daily deleted file mode 100644 index 4778bf09..00000000 --- a/debian/passwd.cron.daily +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -cd /var/backups || exit 0 - -for FILE in passwd group shadow gshadow; do - test -f /etc/$FILE || continue - cmp -s $FILE.bak /etc/$FILE && continue - cp -p /etc/$FILE $FILE.bak && chmod 600 $FILE.bak -done diff --git a/debian/passwd.dirs b/debian/passwd.dirs deleted file mode 100644 index d2a6c07f..00000000 --- a/debian/passwd.dirs +++ /dev/null @@ -1,2 +0,0 @@ -usr/share/lintian/overrides -etc/default diff --git a/debian/passwd.examples b/debian/passwd.examples deleted file mode 100644 index 85a26844..00000000 --- a/debian/passwd.examples +++ /dev/null @@ -1 +0,0 @@ -debian/passwd.expire.cron diff --git a/debian/passwd.expire.cron b/debian/passwd.expire.cron deleted file mode 100644 index 5e5b69fd..00000000 --- a/debian/passwd.expire.cron +++ /dev/null @@ -1,57 +0,0 @@ -#!/usr/bin/perl -# -# passwd.expire.cron: sample expiry notification script for use as a cronjob -# -# Copyright 1999 by Ben Collins <bcollins@debian.org>, complete rights granted -# for use, distribution, modification, etc. -# -# Usage: -# edit the listed options, including the actual email, then rename to -# /etc/cron.daily/passwd -# -# If your users don't have a valid login shell (ie. they are ftp or mail -# users only), they will need some other way to change their password -# (telnet will work since login will handle password aging, or a poppasswd -# program, if they are mail users). - -# <CONFIG> # - -# should be same as /etc/adduser.conf -$LOW_UID=1000; -$HIGH_UID=29999; - -# this let's the MTA handle the domain, -# set it manually if you want. Make sure -# you also add the @ like "\@domain.com" -$MAIL_DOM=""; - -# </CONFIG> # - -# Set the current day reference -$curdays = int(time() / (60 * 60 * 24)); - -# Now go through the list - -open(SH, "< /etc/shadow"); -while (<SH>) { - @shent = split(':', $_); - @userent = getpwnam($shent[0]); - if ($userent[2] >= $LOW_UID && $userent[2] <= $HIGH_UID) { - if ($curdays > $shent[2] + $shent[4] - $shent[5] && - $shent[4] != -1 && $shent[4] != 0 && - $shent[5] != -1 && $shent[5] != 0) { - $daysleft = ($shent[2] + $shent[4]) - $curdays; - if ($daysleft == 1) { $days = "day"; } else {$days = "days"; } - if ($daysleft < 0) { next; } - open (MAIL, "| mail -s '[WARNING] account will expire in $daysleft $days' $shent[0]${MAIL_DOM}"); - print MAIL <<EOF; -Your account will expire in $daysleft $days. Please change your password before -then or your account will expire -EOF - close (MAIL); - # This makes sure we also get a list of almost expired users - print "$shent[0]'s account will expire in $daysleft days\n"; - } - } - @userent = getpwent(); -} diff --git a/debian/passwd.groupadd.pam b/debian/passwd.groupadd.pam deleted file mode 100644 index 374c2fe0..00000000 --- a/debian/passwd.groupadd.pam +++ /dev/null @@ -1,8 +0,0 @@ -# The PAM configuration file for the Shadow 'groupadd' service -# - -# This allows root to add groups without being prompted for a password -auth sufficient pam_rootok.so - -# checks for account validity -account required pam_permit.so diff --git a/debian/passwd.groupdel.pam b/debian/passwd.groupdel.pam deleted file mode 100644 index da81c19c..00000000 --- a/debian/passwd.groupdel.pam +++ /dev/null @@ -1,8 +0,0 @@ -# The PAM configuration file for the Shadow 'groupdel' service -# - -# This allows root to remove groups without being prompted for a password -auth sufficient pam_rootok.so - -# checks for account validity -account required pam_permit.so diff --git a/debian/passwd.groupmod.pam b/debian/passwd.groupmod.pam deleted file mode 100644 index a08d8c45..00000000 --- a/debian/passwd.groupmod.pam +++ /dev/null @@ -1,8 +0,0 @@ -# The PAM configuration file for the Shadow 'groupmod' service -# - -# This allows root to modify groups without being prompted for a password -auth sufficient pam_rootok.so - -# checks for account validity -account required pam_permit.so diff --git a/debian/passwd.install b/debian/passwd.install deleted file mode 100644 index 64794bbf..00000000 --- a/debian/passwd.install +++ /dev/null @@ -1,74 +0,0 @@ -usr/bin/chage -usr/bin/chfn -usr/bin/chsh -usr/bin/expiry -usr/bin/gpasswd -usr/bin/passwd -usr/sbin/chpasswd -usr/sbin/chgpasswd -usr/sbin/cppw -usr/sbin/groupadd -usr/sbin/groupdel -usr/sbin/groupmod -usr/sbin/grpck -usr/sbin/grpconv -usr/sbin/grpunconv -usr/sbin/newusers -usr/sbin/pwck -usr/sbin/pwconv -usr/sbin/pwunconv -usr/sbin/useradd -usr/sbin/userdel -usr/sbin/usermod -usr/sbin/vipw -usr/share/man/*/man1/chage.1 -usr/share/man/*/man1/chfn.1 -usr/share/man/*/man1/chsh.1 -usr/share/man/*/man1/expiry.1 -usr/share/man/*/man1/gpasswd.1 -usr/share/man/*/man1/passwd.1 -usr/share/man/*/man5/passwd.5 -usr/share/man/*/man5/shadow.5 -usr/share/man/*/man5/gshadow.5 -usr/share/man/*/man8/chpasswd.8 -usr/share/man/*/man8/groupadd.8 -usr/share/man/*/man8/groupdel.8 -usr/share/man/*/man8/groupmod.8 -usr/share/man/*/man8/grpck.8 -usr/share/man/*/man8/grpconv.8 -usr/share/man/*/man8/grpunconv.8 -usr/share/man/*/man8/newusers.8 -usr/share/man/*/man8/pwck.8 -usr/share/man/*/man8/pwconv.8 -usr/share/man/*/man8/pwunconv.8 -usr/share/man/*/man8/useradd.8 -usr/share/man/*/man8/userdel.8 -usr/share/man/*/man8/usermod.8 -usr/share/man/*/man8/vigr.8 -usr/share/man/*/man8/vipw.8 -usr/share/man/man1/chage.1 -usr/share/man/man1/chfn.1 -usr/share/man/man1/chsh.1 -usr/share/man/man1/expiry.1 -usr/share/man/man1/gpasswd.1 -usr/share/man/man1/passwd.1 -usr/share/man/man5/passwd.5 -usr/share/man/man5/shadow.5 -usr/share/man/man5/gshadow.5 -usr/share/man/man8/chgpasswd.8 -usr/share/man/man8/chpasswd.8 -usr/share/man/man8/groupadd.8 -usr/share/man/man8/groupdel.8 -usr/share/man/man8/groupmod.8 -usr/share/man/man8/grpck.8 -usr/share/man/man8/grpconv.8 -usr/share/man/man8/grpunconv.8 -usr/share/man/man8/newusers.8 -usr/share/man/man8/pwck.8 -usr/share/man/man8/pwconv.8 -usr/share/man/man8/pwunconv.8 -usr/share/man/man8/useradd.8 -usr/share/man/man8/userdel.8 -usr/share/man/man8/usermod.8 -usr/share/man/man8/vigr.8 -usr/share/man/man8/vipw.8 diff --git a/debian/passwd.links b/debian/passwd.links deleted file mode 100644 index 57b529ea..00000000 --- a/debian/passwd.links +++ /dev/null @@ -1,2 +0,0 @@ -usr/sbin/vipw usr/sbin/vigr -usr/sbin/cppw usr/sbin/cpgr diff --git a/debian/passwd.lintian-overrides b/debian/passwd.lintian-overrides deleted file mode 100644 index 9f05b121..00000000 --- a/debian/passwd.lintian-overrides +++ /dev/null @@ -1,6 +0,0 @@ -passwd: setgid-binary usr/bin/chage 2755 root/shadow -passwd: setuid-binary usr/bin/chfn 4755 root/root -passwd: setuid-binary usr/bin/chsh 4755 root/root -passwd: setgid-binary usr/bin/expiry 2755 root/shadow -passwd: setuid-binary usr/bin/gpasswd 4755 root/root -passwd: setuid-binary usr/bin/passwd 4755 root/root diff --git a/debian/passwd.newusers.pam b/debian/passwd.newusers.pam deleted file mode 100644 index 552ca902..00000000 --- a/debian/passwd.newusers.pam +++ /dev/null @@ -1,5 +0,0 @@ -# The PAM configuration file for the Shadow 'newusers' service -# - -@include common-password - diff --git a/debian/passwd.passwd.pam b/debian/passwd.passwd.pam deleted file mode 100644 index 5872e7bd..00000000 --- a/debian/passwd.passwd.pam +++ /dev/null @@ -1,6 +0,0 @@ -# -# The PAM configuration file for the Shadow `passwd' service -# - -@include common-password - diff --git a/debian/passwd.postinst b/debian/passwd.postinst deleted file mode 100644 index d48966e5..00000000 --- a/debian/passwd.postinst +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh -e - -case "$1" in -configure) - # Fix permissions on various log files from old versions of the debian - # installer, some unrelated to passwd but we decided to put the fix - # here since there was no better place. This can safely be removed - # after etch is released. - if dpkg --compare-versions "$2" lt "1:4.0.14-9"; then - for log in /var/log/base-config* \ - $(find /var/log/debian-installer/ /var/log/installer/ -type f 2>/dev/null ); do - if [ -e "$log" ]; then - chmod 600 "$log" - fi - done - fi - - rm -f /etc/pam.d/passwd.pre-upgrade 2>/dev/null - if ! getent group shadow | grep -q '^shadow:[^:]*:42' - then - groupadd -g 42 shadow || ( - cat <<EOF -Group ID 42 has been allocated for the shadow group. You have either -used 42 yourself or created a shadow group with a different ID. -Please correct this problem and reconfigure with ``dpkg --configure passwd''. - -Note that both user and group IDs in the range 0-99 are globally -allocated by the Debian project and must be the same on every Debian -system. -EOF - exit 1 - ) - fi - ;; -esac - -# Run shadowconfig only on new installs -[ -z "$2" ] && shadowconfig on - -#DEBHELPER# - -exit 0 diff --git a/debian/passwd.preinst b/debian/passwd.preinst deleted file mode 100644 index 05b5483c..00000000 --- a/debian/passwd.preinst +++ /dev/null @@ -1,51 +0,0 @@ -#! /bin/sh - -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * <new-preinst> `install' -# * <new-preinst> `install' <old-version> -# * <new-preinst> `upgrade' <old-version> -# * <old-preinst> `abort-upgrade' <new-version> -# -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package - -remove_md5() { - if md5sum $1 2>/dev/null |grep -q $2; then - cp $1 $1.pre-upgrade - sed -e '/^[^#]*[ \t]*password[ \t]*required[ \t]*pam_unix.so/ s/ md5$//' $1 >$1.post-upgrade \ - && mv $1.post-upgrade $1 - fi - } - - -case "$1" in - install|upgrade) - if [ "x$2" != "x" ] ; then - if dpkg --compare-versions $2 lt 1:4.0.3 ; then - remove_md5 /etc/pam.d/passwd 23a5d1465bbc1e39ca6e0c32f22a75c9 - fi - fi - ;; - - abort-upgrade) - ;; - - *) - echo "preinst called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 - - diff --git a/debian/passwd.useradd.pam b/debian/passwd.useradd.pam deleted file mode 100644 index e1dd6e76..00000000 --- a/debian/passwd.useradd.pam +++ /dev/null @@ -1,8 +0,0 @@ -# The PAM configuration file for the Shadow 'useradd' service -# - -# This allows root to add users without being prompted for a password -auth sufficient pam_rootok.so - -# checks for account validity -account required pam_permit.so diff --git a/debian/passwd.userdel.pam b/debian/passwd.userdel.pam deleted file mode 100644 index 450ddaea..00000000 --- a/debian/passwd.userdel.pam +++ /dev/null @@ -1,8 +0,0 @@ -# The PAM configuration file for the Shadow 'userdel' service -# - -# This allows root to remove users without being prompted for a password -auth sufficient pam_rootok.so - -# checks for account validity -account required pam_permit.so diff --git a/debian/passwd.usermod.pam b/debian/passwd.usermod.pam deleted file mode 100644 index da81c19c..00000000 --- a/debian/passwd.usermod.pam +++ /dev/null @@ -1,8 +0,0 @@ -# The PAM configuration file for the Shadow 'groupdel' service -# - -# This allows root to remove groups without being prompted for a password -auth sufficient pam_rootok.so - -# checks for account validity -account required pam_permit.so diff --git a/debian/patches/008_login_log_failure_in_FTMP b/debian/patches/008_login_log_failure_in_FTMP deleted file mode 100644 index b2851cca..00000000 --- a/debian/patches/008_login_log_failure_in_FTMP +++ /dev/null @@ -1,51 +0,0 @@ -Goal: Log login failures to the btmp file - -Notes: - * I'm not sure login should add an entry in the FTMP file when PAM is used. - (but nothing in /etc/login.defs indicates that the failure is not logged) - ---- a/src/login.c -+++ b/src/login.c -@@ -835,6 +835,24 @@ - (void) puts (""); - (void) puts (_("Login incorrect")); - -+ if (getdef_str("FTMP_FILE") != NULL) { -+#ifdef USE_UTMPX -+ struct utmpx *failent = -+ prepare_utmpx (failent_user, -+ tty, -+ /* FIXME: or fromhost? */hostname, -+ utent); -+#else /* !USE_UTMPX */ -+ struct utmp *failent = -+ prepare_utmp (failent_user, -+ tty, -+ hostname, -+ utent); -+#endif /* !USE_UTMPX */ -+ failtmp (failent_user, failent); -+ free (failent); -+ } -+ - if (failcount >= retries) { - SYSLOG ((LOG_NOTICE, - "TOO MANY LOGIN TRIES (%u)%s FOR '%s'", ---- a/lib/getdef.c -+++ b/lib/getdef.c -@@ -62,6 +62,7 @@ - {"ERASECHAR", NULL}, - {"FAIL_DELAY", NULL}, - {"FAKE_SHELL", NULL}, -+ {"FTMP_FILE", NULL}, - {"GID_MAX", NULL}, - {"GID_MIN", NULL}, - {"HUSHLOGIN_FILE", NULL}, -@@ -103,7 +104,6 @@ - {"ENVIRON_FILE", NULL}, - {"ENV_TZ", NULL}, - {"FAILLOG_ENAB", NULL}, -- {"FTMP_FILE", NULL}, - {"ISSUE_FILE", NULL}, - {"LASTLOG_ENAB", NULL}, - {"LOGIN_STRING", NULL}, diff --git a/debian/patches/401_cppw_src.dpatch b/debian/patches/401_cppw_src.dpatch deleted file mode 100755 index 687f9e92..00000000 --- a/debian/patches/401_cppw_src.dpatch +++ /dev/null @@ -1,276 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 401_cppw_src.dpatch by Nicolas FRANCOIS <nicolas.francois@centraliens.net> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Add cppw / cpgr - -@DPATCH@ ---- /dev/null -+++ b/src/cppw.c -@@ -0,0 +1,238 @@ -+/* -+ cppw, cpgr copy with locking given file over the password or group file -+ with -s will copy with locking given file over shadow or gshadow file -+ -+ Copyright (C) 1999 Stephen Frost <sfrost@snowman.net> -+ -+ Based on vipw, vigr by: -+ Copyright (C) 1997 Guy Maor <maor@ece.utexas.edu> -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 2 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, but -+ WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program; if not, write to the Free Software -+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -+ -+ */ -+ -+#include <config.h> -+#include "defines.h" -+ -+#include <errno.h> -+#include <sys/stat.h> -+#include <unistd.h> -+#include <stdio.h> -+#include <stdlib.h> -+#include <sys/types.h> -+#include <signal.h> -+#include <utime.h> -+#include "exitcodes.h" -+#include "prototypes.h" -+#include "pwio.h" -+#include "shadowio.h" -+#include "groupio.h" -+#include "sgroupio.h" -+ -+ -+const char *Prog; -+ -+const char *filename, *filenewname; -+static bool filelocked = false; -+static int (*unlock) (void); -+ -+/* local function prototypes */ -+static int create_copy (FILE *fp, const char *dest, struct stat *sb); -+static void cppwexit (const char *msg, int syserr, int ret); -+static void cppwcopy (const char *file, -+ const char *in_file, -+ int (*file_lock) (void), -+ int (*file_unlock) (void)); -+ -+static int create_copy (FILE *fp, const char *dest, struct stat *sb) -+{ -+ struct utimbuf ub; -+ FILE *bkfp; -+ int c; -+ mode_t mask; -+ -+ mask = umask (077); -+ bkfp = fopen (dest, "w"); -+ (void) umask (mask); -+ if (NULL == bkfp) { -+ return -1; -+ } -+ -+ rewind (fp); -+ while ((c = getc (fp)) != EOF) { -+ if (putc (c, bkfp) == EOF) { -+ break; -+ } -+ } -+ -+ if ( (c != EOF) -+ || (fflush (bkfp) != 0)) { -+ (void) fclose (bkfp); -+ (void) unlink (dest); -+ return -1; -+ } -+ if ( (fsync (fileno (bkfp)) != 0) -+ || (fclose (bkfp) != 0)) { -+ (void) unlink (dest); -+ return -1; -+ } -+ -+ ub.actime = sb->st_atime; -+ ub.modtime = sb->st_mtime; -+ if ( (utime (dest, &ub) != 0) -+ || (chmod (dest, sb->st_mode) != 0) -+ || (chown (dest, sb->st_uid, sb->st_gid) != 0)) { -+ (void) unlink (dest); -+ return -1; -+ } -+ return 0; -+} -+ -+static void cppwexit (const char *msg, int syserr, int ret) -+{ -+ int err = errno; -+ if (filelocked) { -+ (*unlock) (); -+ } -+ if (NULL != msg) { -+ fprintf (stderr, "%s: %s", Prog, msg); -+ if (0 != syserr) { -+ fprintf (stderr, ": %s", strerror (err)); -+ } -+ (void) fputs ("\n", stderr); -+ } -+ if (NULL != filename) { -+ fprintf (stderr, _("%s: %s is unchanged\n"), Prog, filename); -+ } else { -+ fprintf (stderr, _("%s: no changes\n"), Prog); -+ } -+ -+ exit (ret); -+} -+ -+static void cppwcopy (const char *file, -+ const char *in_file, -+ int (*file_lock) (void), -+ int (*file_unlock) (void)) -+{ -+ struct stat st1; -+ FILE *f; -+ char filenew[1024]; -+ -+ snprintf (filenew, sizeof filenew, "%s.new", file); -+ unlock = file_unlock; -+ filename = file; -+ filenewname = filenew; -+ -+ if (access (file, F_OK) != 0) { -+ cppwexit (file, 1, 1); -+ } -+ if (file_lock () == 0) { -+ cppwexit (_("Couldn't lock file"), 0, 5); -+ } -+ filelocked = true; -+ -+ /* file to copy has same owners, perm */ -+ if (stat (file, &st1) != 0) { -+ cppwexit (file, 1, 1); -+ } -+ f = fopen (in_file, "r"); -+ if (NULL == f) { -+ cppwexit (in_file, 1, 1); -+ } -+ if (create_copy (f, filenew, &st1) != 0) { -+ cppwexit (_("Couldn't make copy"), errno, 1); -+ } -+ -+ /* XXX - here we should check filenew for errors; if there are any, -+ * fail w/ an appropriate error code and let the user manually fix -+ * it. Use pwck or grpck to do the check. - Stephen (Shamelessly -+ * stolen from '--marekm's comment) */ -+ -+ if (rename (filenew, file) != 0) { -+ fprintf (stderr, _("%s: can't copy %s: %s)\n"), -+ Prog, filenew, strerror (errno)); -+ cppwexit (NULL,0,1); -+ } -+ -+ (*file_unlock) (); -+} -+ -+int main (int argc, char **argv) -+{ -+ int flag; -+ bool cpshadow = false; -+ char *in_file; -+ int e = E_USAGE; -+ bool do_cppw = true; -+ -+ (void) setlocale (LC_ALL, ""); -+ (void) bindtextdomain (PACKAGE, LOCALEDIR); -+ (void) textdomain (PACKAGE); -+ -+ Prog = Basename (argv[0]); -+ if (strcmp (Prog, "cpgr") == 0) { -+ do_cppw = false; -+ } -+ -+ while ((flag = getopt (argc, argv, "ghps")) != EOF) { -+ switch (flag) { -+ case 'p': -+ do_cppw = true; -+ break; -+ case 'g': -+ do_cppw = false; -+ break; -+ case 's': -+ cpshadow = true; -+ break; -+ case 'h': -+ e = E_SUCCESS; -+ /*pass through*/ -+ default: -+ (void) fputs (_("Usage:\n\ -+`cppw <file>' copys over /etc/passwd `cppw -s <file>' copys over /etc/shadow\n\ -+`cpgr <file>' copys over /etc/group `cpgr -s <file>' copys over /etc/gshadow\n\ -+"), (E_SUCCESS != e) ? stderr : stdout); -+ exit (e); -+ } -+ } -+ -+ if (argc != optind + 1) { -+ cppwexit (_("wrong number of arguments, -h for usage"),0,1); -+ } -+ -+ in_file = argv[optind]; -+ -+ if (do_cppw) { -+ if (cpshadow) { -+ cppwcopy (SHADOW_FILE, in_file, spw_lock, spw_unlock); -+ } else { -+ cppwcopy (PASSWD_FILE, in_file, pw_lock, pw_unlock); -+ } -+ } else { -+#ifdef SHADOWGRP -+ if (cpshadow) { -+ cppwcopy (SGROUP_FILE, in_file, sgr_lock, sgr_unlock); -+ } else -+#endif /* SHADOWGRP */ -+ { -+ cppwcopy (GROUP_FILE, in_file, gr_lock, gr_unlock); -+ } -+ } -+ -+ return 0; -+} -+ ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -26,6 +26,7 @@ - sbin_PROGRAMS = nologin - ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd - usbin_PROGRAMS = \ -+ cppw \ - chgpasswd \ - chpasswd \ - groupadd \ -@@ -82,6 +83,7 @@ - chgpasswd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBSELINUX) $(LIBCRYPT) - chsh_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT_NOPAM) $(LIBSKEY) $(LIBMD) - chpasswd_LDADD = $(LDADD) $(LIBPAM) $(LIBSELINUX) $(LIBCRYPT) -+cppw_LDADD = $(LDADD) $(LIBSELINUX) - gpasswd_LDADD = $(LDADD) $(LIBAUDIT) $(LIBSELINUX) $(LIBCRYPT) - groupadd_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) - groupdel_LDADD = $(LDADD) $(LIBPAM_SUID) $(LIBAUDIT) $(LIBSELINUX) ---- a/po/POTFILES.in -+++ b/po/POTFILES.in -@@ -85,6 +85,7 @@ - src/chgpasswd.c - src/chpasswd.c - src/chsh.c -+src/cppw.c - src/expiry.c - src/faillog.c - src/gpasswd.c diff --git a/debian/patches/402_cppw_selinux b/debian/patches/402_cppw_selinux deleted file mode 100644 index b92767fe..00000000 --- a/debian/patches/402_cppw_selinux +++ /dev/null @@ -1,62 +0,0 @@ -Goal: Add selinux support to cppw - -Fix: - -Status wrt upstream: cppw is not available upstream. - The patch was made based on the - 302_vim_selinux_support patch. It needs to be - reviewed by an SE-Linux aware person. - -Depends on 401_cppw_src.dpatch - ---- a/src/cppw.c -+++ b/src/cppw.c -@@ -34,6 +34,9 @@ - #include <sys/types.h> - #include <signal.h> - #include <utime.h> -+#ifdef WITH_SELINUX -+#include <selinux/selinux.h> -+#endif /* WITH_SELINUX */ - #include "exitcodes.h" - #include "prototypes.h" - #include "pwio.h" -@@ -139,6 +142,22 @@ - if (access (file, F_OK) != 0) { - cppwexit (file, 1, 1); - } -+#ifdef WITH_SELINUX -+ /* if SE Linux is enabled then set the context of all new files -+ * to be the context of the file we are editing */ -+ if (is_selinux_enabled () > 0) { -+ security_context_t passwd_context=NULL; -+ int ret = 0; -+ if (getfilecon (file, &passwd_context) < 0) { -+ cppwexit (_("Couldn't get file context"), errno, 1); -+ } -+ ret = setfscreatecon (passwd_context); -+ freecon (passwd_context); -+ if (0 != ret) { -+ cppwexit (_("setfscreatecon () failed"), errno, 1); -+ } -+ } -+#endif /* WITH_SELINUX */ - if (file_lock () == 0) { - cppwexit (_("Couldn't lock file"), 0, 5); - } -@@ -167,6 +186,15 @@ - cppwexit (NULL,0,1); - } - -+#ifdef WITH_SELINUX -+ /* unset the fscreatecon */ -+ if (is_selinux_enabled () > 0) { -+ if (setfscreatecon (NULL)) { -+ cppwexit (_("setfscreatecon() failed"), errno, 1); -+ } -+ } -+#endif /* WITH_SELINUX */ -+ - (*file_unlock) (); - } - diff --git a/debian/patches/429_login_FAILLOG_ENAB b/debian/patches/429_login_FAILLOG_ENAB deleted file mode 100644 index 57a6d150..00000000 --- a/debian/patches/429_login_FAILLOG_ENAB +++ /dev/null @@ -1,92 +0,0 @@ -Goal: Re-enable logging and displaying failures on login when login is - compiled with PAM and when FAILLOG_ENAB is set to yes. And create the - faillog file if it does not exist on postinst (as on Woody). -Depends: 008_login_more_LOG_UNKFAIL_ENAB -Fixes: #192849 - -Note: It could be removed if pam_tally could report the number of failures - preceding a successful login. - ---- a/src/login.c -+++ b/src/login.c -@@ -133,9 +133,9 @@ - /*@null@*/const struct utmp *utent); - #endif /* ! USE_PAM */ - --#ifndef USE_PAM - static struct faillog faillog; - -+#ifndef USE_PAM - static void bad_time_notify (void); - static void check_nologin (bool login_to_root); - #else -@@ -795,6 +795,9 @@ - SYSLOG ((LOG_NOTICE, - "TOO MANY LOGIN TRIES (%u)%s FOR '%s'", - failcount, fromhost, failent_user)); -+ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) { -+ failure (pwd->pw_uid, tty, &faillog); -+ } - fprintf (stderr, - _("Maximum number of tries exceeded (%u)\n"), - failcount); -@@ -812,6 +815,14 @@ - pam_strerror (pamh, retcode))); - failed = true; - } -+ if ( (NULL != pwd) -+ && getdef_bool("FAILLOG_ENAB") -+ && ! failcheck (pwd->pw_uid, &faillog, failed)) { -+ SYSLOG((LOG_CRIT, -+ "exceeded failure limit for `%s' %s", -+ failent_user, fromhost)); -+ failed = 1; -+ } - - if (!failed) { - break; -@@ -835,6 +846,10 @@ - (void) puts (""); - (void) puts (_("Login incorrect")); - -+ if ((NULL != pwd) && getdef_bool("FAILLOG_ENAB")) { -+ failure (pwd->pw_uid, tty, &faillog); -+ } -+ - if (getdef_str("FTMP_FILE") != NULL) { - #ifdef USE_UTMPX - struct utmpx *failent = -@@ -1291,6 +1306,7 @@ - */ - #ifndef USE_PAM - motd (); /* print the message of the day */ -+#endif - if ( getdef_bool ("FAILLOG_ENAB") - && (0 != faillog.fail_cnt)) { - failprint (&faillog); -@@ -1303,6 +1319,7 @@ - username, (int) faillog.fail_cnt)); - } - } -+#ifndef USE_PAM - if ( getdef_bool ("LASTLOG_ENAB") - && (ll.ll_time != 0)) { - time_t ll_time = ll.ll_time; ---- a/lib/getdef.c -+++ b/lib/getdef.c -@@ -61,6 +61,7 @@ - {"ENV_SUPATH", NULL}, - {"ERASECHAR", NULL}, - {"FAIL_DELAY", NULL}, -+ {"FAILLOG_ENAB", NULL}, - {"FAKE_SHELL", NULL}, - {"FTMP_FILE", NULL}, - {"GID_MAX", NULL}, -@@ -103,7 +104,6 @@ - {"ENV_HZ", NULL}, - {"ENVIRON_FILE", NULL}, - {"ENV_TZ", NULL}, -- {"FAILLOG_ENAB", NULL}, - {"ISSUE_FILE", NULL}, - {"LASTLOG_ENAB", NULL}, - {"LOGIN_STRING", NULL}, diff --git a/debian/patches/463_login_delay_obeys_to_PAM b/debian/patches/463_login_delay_obeys_to_PAM deleted file mode 100644 index 26285ea1..00000000 --- a/debian/patches/463_login_delay_obeys_to_PAM +++ /dev/null @@ -1,105 +0,0 @@ -Goal: Do not hardcode pam_fail_delay and let pam_unix do its - job to set a delay...or not - -Fixes: #87648 - -Status wrt upstream: Forwarded but not applied yet - -Note: If removed, FAIL_DELAY must be re-added to /etc/login.defs - ---- a/src/login.c -+++ b/src/login.c -@@ -529,7 +529,6 @@ - #if defined(HAVE_STRFTIME) && !defined(USE_PAM) - char ptime[80]; - #endif -- unsigned int delay; - unsigned int retries; - bool subroot = false; - #ifndef USE_PAM -@@ -549,6 +548,7 @@ - pid_t child; - char *pam_user = NULL; - #else -+ unsigned int delay; - struct spwd *spwd = NULL; - #endif - /* -@@ -709,7 +709,6 @@ - } - - environ = newenvp; /* make new environment active */ -- delay = getdef_unum ("FAIL_DELAY", 1); - retries = getdef_unum ("LOGIN_RETRIES", RETRIES); - - #ifdef USE_PAM -@@ -725,8 +724,7 @@ - - /* - * hostname & tty are either set to NULL or their correct values, -- * depending on how much we know. We also set PAM's fail delay to -- * ours. -+ * depending on how much we know. - * - * PAM_RHOST and PAM_TTY are used for authentication, only use - * information coming from login or from the caller (e.g. no utmp) -@@ -735,10 +733,6 @@ - PAM_FAIL_CHECK; - retcode = pam_set_item (pamh, PAM_TTY, tty); - PAM_FAIL_CHECK; --#ifdef HAS_PAM_FAIL_DELAY -- retcode = pam_fail_delay (pamh, 1000000 * delay); -- PAM_FAIL_CHECK; --#endif - /* if fflg, then the user has already been authenticated */ - if (!fflg) { - unsigned int failcount = 0; -@@ -779,12 +773,6 @@ - bool failed = false; - - failcount++; --#ifdef HAS_PAM_FAIL_DELAY -- if (delay > 0) { -- retcode = pam_fail_delay(pamh, 1000000*delay); -- PAM_FAIL_CHECK; -- } --#endif - - retcode = pam_authenticate (pamh, 0); - -@@ -1107,14 +1095,17 @@ - free (username); - username = NULL; - -+#ifndef USE_PAM - /* - * Wait a while (a la SVR4 /usr/bin/login) before attempting - * to login the user again. If the earlier alarm occurs - * before the sleep() below completes, login will exit. - */ -+ delay = getdef_unum ("FAIL_DELAY", 1); - if (delay > 0) { - (void) sleep (delay); - } -+#endif - - (void) puts (_("Login incorrect")); - ---- a/lib/getdef.c -+++ b/lib/getdef.c -@@ -60,7 +60,6 @@ - {"ENV_PATH", NULL}, - {"ENV_SUPATH", NULL}, - {"ERASECHAR", NULL}, -- {"FAIL_DELAY", NULL}, - {"FAILLOG_ENAB", NULL}, - {"FAKE_SHELL", NULL}, - {"FTMP_FILE", NULL}, -@@ -104,6 +103,7 @@ - {"ENV_HZ", NULL}, - {"ENVIRON_FILE", NULL}, - {"ENV_TZ", NULL}, -+ {"FAIL_DELAY", NULL}, - {"ISSUE_FILE", NULL}, - {"LASTLOG_ENAB", NULL}, - {"LOGIN_STRING", NULL}, diff --git a/debian/patches/501_commonio_group_shadow b/debian/patches/501_commonio_group_shadow deleted file mode 100644 index 436d48f8..00000000 --- a/debian/patches/501_commonio_group_shadow +++ /dev/null @@ -1,37 +0,0 @@ -Goal: save the [g]shadow files with the 'shadow' group and mode 0440 - -Fixes: #166793 - ---- a/lib/commonio.c -+++ b/lib/commonio.c -@@ -44,6 +44,7 @@ - #include <errno.h> - #include <stdio.h> - #include <signal.h> -+#include <grp.h> - #include "nscd.h" - #ifdef WITH_TCB - #include <tcb.h> -@@ -966,13 +967,20 @@ - goto fail; - } - } else { -+ struct group *grp; - /* - * Default permissions for new [g]shadow files. - * (passwd and group always exist...) - */ -- sb.st_mode = 0400; -+ sb.st_mode = 0440; - sb.st_uid = 0; -- sb.st_gid = 0; -+ /* -+ * Try to retrieve the shadow's GID, and fall back to GID 0. -+ */ -+ if ((grp = getgrnam("shadow")) != NULL) -+ sb.st_gid = grp->gr_gid; -+ else -+ sb.st_gid = 0; - } - - snprintf (buf, sizeof buf, "%s+", db->filename); diff --git a/debian/patches/503_shadowconfig.8 b/debian/patches/503_shadowconfig.8 deleted file mode 100644 index 9d78adf4..00000000 --- a/debian/patches/503_shadowconfig.8 +++ /dev/null @@ -1,191 +0,0 @@ -Goal: Document the shadowconfig utility - -Status wrt upstream: The shadowconfig utility is debian specific. - Its man page also (but it used to be distributed) - ---- /dev/null -+++ b/man/shadowconfig.8 -@@ -0,0 +1,41 @@ -+.\"Generated by db2man.xsl. Don't modify this, modify the source. -+.de Sh \" Subsection -+.br -+.if t .Sp -+.ne 5 -+.PP -+\fB\\$1\fR -+.PP -+.. -+.de Sp \" Vertical space (when we can't use .PP) -+.if t .sp .5v -+.if n .sp -+.. -+.de Ip \" List item -+.br -+.ie \\n(.$>=3 .ne \\$3 -+.el .ne 3 -+.IP "\\$1" \\$2 -+.. -+.TH "SHADOWCONFIG" 8 "19 Apr 1997" "" "" -+.SH NAME -+shadowconfig \- toggle shadow passwords on and off -+.SH "SYNOPSIS" -+.ad l -+.hy 0 -+.HP 13 -+\fBshadowconfig\fR \fB\fIon\fR\fR | \fB\fIoff\fR\fR -+.ad -+.hy -+ -+.SH "DESCRIPTION" -+ -+.PP -+\fBshadowconfig\fR on will turn shadow passwords on; \fIshadowconfig off\fR will turn shadow passwords off\&. \fBshadowconfig\fR will print an error message and exit with a nonzero code if it finds anything awry\&. If that happens, you should correct the error and run it again\&. Turning shadow passwords on when they are already on, or off when they are already off, is harmless\&. -+ -+.PP -+Read \fI/usr/share/doc/passwd/README\&.Debian\fR for a brief introduction to shadow passwords and related features\&. -+ -+.PP -+Note that turning shadow passwords off and on again will lose all password aging information\&. -+ ---- /dev/null -+++ b/man/shadowconfig.8.xml -@@ -0,0 +1,52 @@ -+<?xml version="1.0" encoding="UTF-8"?> -+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" -+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> -+<refentry id='shadowconfig.8'> -+ <!-- $Id: shadowconfig.8.xml,v 1.6 2005/06/15 12:39:27 kloczek Exp $ --> -+ <refentryinfo> -+ <date>19 Apr 1997</date> -+ </refentryinfo> -+ <refmeta> -+ <refentrytitle>shadowconfig</refentrytitle> -+ <manvolnum>8</manvolnum> -+ <refmiscinfo class='date'>19 Apr 1997</refmiscinfo> -+ <refmiscinfo class='source'>Debian GNU/Linux</refmiscinfo> -+ </refmeta> -+ <refnamediv id='name'> -+ <refname>shadowconfig</refname> -+ <refpurpose>toggle shadow passwords on and off</refpurpose> -+ </refnamediv> -+ -+ <refsynopsisdiv id='synopsis'> -+ <cmdsynopsis> -+ <command>shadowconfig</command> -+ <group choice='plain'> -+ <arg choice='plain'><replaceable>on</replaceable></arg> -+ <arg choice='plain'><replaceable>off</replaceable></arg> -+ </group> -+ </cmdsynopsis> -+ </refsynopsisdiv> -+ -+ <refsect1 id='description'> -+ <title>DESCRIPTION</title> -+ <para><command>shadowconfig</command> on will turn shadow passwords on; -+ <emphasis remap='B'>shadowconfig off</emphasis> will turn shadow -+ passwords off. <command>shadowconfig</command> will print an error -+ message and exit with a nonzero code if it finds anything awry. If -+ that happens, you should correct the error and run it again. Turning -+ shadow passwords on when they are already on, or off when they are -+ already off, is harmless. -+ </para> -+ -+ <para> -+ Read <filename>/usr/share/doc/passwd/README.Debian</filename> for a -+ brief introduction -+ to shadow passwords and related features. -+ </para> -+ -+ <para>Note that turning shadow passwords off and on again will lose all -+ password -+ aging information. -+ </para> -+ </refsect1> -+</refentry> ---- /dev/null -+++ b/man/fr/shadowconfig.8 -@@ -0,0 +1,26 @@ -+.\" This file was generated with po4a. Translate the source file. -+.\" -+.\"$Id: shadowconfig.8,v 1.4 2001/08/23 23:10:48 kloczek Exp $ -+.TH SHADOWCONFIG 8 "19 avril 1997" "Debian GNU/Linux" -+.SH NOM -+shadowconfig \- active ou désactive les mots de passe cachés -+.SH SYNOPSIS -+\fBshadowconfig\fP \fIon\fP | \fIoff\fP -+.SH DESCRIPTION -+.PP -+\fBshadowconfig on\fP active les mots de passe cachés («\ shadow passwords\ »)\ ; \fBshadowconfig off\fP les désactive. \fBShadowconfig\fP affiche un message -+d'erreur et quitte avec une valeur de retour non nulle s'il rencontre -+quelque chose d'inattendu. Dans ce cas, vous devrez corriger l'erreur avant -+de recommencer. -+ -+Activer les mots de passe cachés lorsqu'ils sont déjà activés, ou les -+désactiver lorsqu'ils ne sont pas actifs est sans effet. -+ -+Lisez \fI/usr/share/doc/passwd/README.Debian\fP pour une brève introduction aux -+mots de passe cachés et à leurs fonctionnalités. -+ -+Notez que désactiver puis réactiver les mots de passe cachés aura pour -+conséquence la perte des informations d'âge sur les mots de passe. -+.SH TRADUCTION -+Nicolas FRANÇOIS, 2004. -+Veuillez signaler toute erreur à <\fIdebian\-l10\-french@lists.debian.org\fR>. ---- /dev/null -+++ b/man/ja/shadowconfig.8 -@@ -0,0 +1,25 @@ -+.\" all right reserved, -+.\" Translated Tue Oct 30 11:59:11 JST 2001 -+.\" by Maki KURODA <mkuroda@aisys-jp.com> -+.\" -+.TH SHADOWCONFIG 8 "19 Apr 1997" "Debian GNU/Linux" -+.SH 名前 -+shadowconfig \- shadow パスワードの設定をオン及びオフに切替える -+.SH 書式 -+.B "shadowconfig" -+.IR on " | " off -+.SH 説明 -+.PP -+.B shadowconfig on -+は shadow パスワードを有効にする。 -+.B shadowconfig off -+は shadow パスワードを無効にする。 -+.B shadowconfig -+は何らかの間違いがあると、エラーメッセージを表示し、 -+ゼロではない返り値を返す。 -+もしそのようなことが起こった場合、エラーを修正し、再度実行しなければならない。 -+shadow パスワードの設定がすでにオンの場合にオンに設定したり、 -+すでにオフの場合にオフに設定しても、何の影響もない。 -+ -+.I /usr/share/doc/passwd/README.debian.gz -+には shadow パスワードとそれに関する特徴の簡単な紹介が書かれている。 ---- /dev/null -+++ b/man/pl/shadowconfig.8 -@@ -0,0 +1,27 @@ -+.\" $Id: shadowconfig.8,v 1.3 2001/08/23 23:10:51 kloczek Exp $ -+.\" {PTM/WK/1999-09-14} -+.TH SHADOWCONFIG 8 "19 kwietnia 1997" "Debian GNU/Linux" -+.SH NAZWA -+shadowconfig - przełącza ochronę haseł i grup przez pliki shadow -+.SH SKŁADNIA -+.B "shadowconfig" -+.IR on " | " off -+.SH OPIS -+.PP -+.B shadowconfig on -+włącza ochronę haseł i grup przez dodatkowe, przesłaniane pliki (shadow); -+.B shadowconfig off -+wyłącza dodatkowe pliki haseł i grup. -+.B shadowconfig -+wyświetla komunikat o błędzie i kończy pracę z niezerowym kodem jeśli -+znajdzie coś nieprawidłowego. W takim wypadku powinieneś poprawić błąd -+.\" if it finds anything awry. -+i uruchomić program ponownie. -+ -+Włączenie ochrony haseł, gdy jest ona już włączona lub jej wyłączenie, -+gdy jest wyłączona jest nieszkodliwe. -+ -+Przeczytaj -+.IR /usr/share/doc/passwd/README.debian.gz , -+gdzie znajdziesz krótkie wprowadzenie do ochrony haseł z użyciem dodatkowych -+plików haseł przesłanianych (shadow passwords) i związanych tematów. diff --git a/debian/patches/505_useradd_recommend_adduser b/debian/patches/505_useradd_recommend_adduser deleted file mode 100644 index c5c35874..00000000 --- a/debian/patches/505_useradd_recommend_adduser +++ /dev/null @@ -1,36 +0,0 @@ -Goal: Recommend using adduser and deluser. - -Fixes: #406046 - -Status wrt upstream: Debian specific patch. - ---- a/man/useradd.8.xml -+++ b/man/useradd.8.xml -@@ -84,6 +84,12 @@ - <refsect1 id='description'> - <title>DESCRIPTION</title> - <para> -+ <command>useradd</command> is a low level utility for adding -+ users. On Debian, administrators should usually use -+ <citerefentry><refentrytitle>adduser</refentrytitle> -+ <manvolnum>8</manvolnum></citerefentry> instead. -+ </para> -+ <para> - When invoked without the <option>-D</option> option, the - <command>useradd</command> command creates a new user account using - the values specified on the command line plus the default values from ---- a/man/userdel.8.xml -+++ b/man/userdel.8.xml -@@ -64,6 +64,12 @@ - <refsect1 id='description'> - <title>DESCRIPTION</title> - <para> -+ <command>userdel</command> is a low level utility for removing -+ users. On Debian, administrators should usually use -+ <citerefentry><refentrytitle>deluser</refentrytitle> -+ <manvolnum>8</manvolnum></citerefentry> instead. -+ </para> -+ <para> - The <command>userdel</command> command modifies the system account - files, deleting all entries that refer to the user name <emphasis - remap='I'>LOGIN</emphasis>. The named user must exist. diff --git a/debian/patches/506_relaxed_usernames b/debian/patches/506_relaxed_usernames deleted file mode 100755 index bdf39615..00000000 --- a/debian/patches/506_relaxed_usernames +++ /dev/null @@ -1,100 +0,0 @@ -Goal: Relaxed usernames/groupnames checking patch. - -Status wrt upstream: Debian specific. Not to be used upstream - -Details: - Allows any non-empty user/grounames that don't contain ':', ',' or '\n' - characters and don't start with '-', '+', or '~'. This patch is more - restrictive than original Karl's version. closes: #264879 - Also closes: #377844 - - Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400): - - I can't come up with a good justification as to why characters other - than ':'s and '\0's should be disallowed in group and usernames (other - than '-' as the leading character). Thus, the maintenance tools don't - anymore. closes: #79682, #166798, #171179 - ---- a/libmisc/chkname.c -+++ b/libmisc/chkname.c -@@ -48,6 +48,7 @@ - - static bool is_valid_name (const char *name) - { -+#if 0 - /* - * User/group names must match [a-z_][a-z0-9_-]*[$] - */ -@@ -66,6 +67,26 @@ - return false; - } - } -+#endif -+ /* -+ * POSIX indicate that usernames are composed of characters from the -+ * portable filename character set [A-Za-z0-9._-], and that the hyphen -+ * should not be used as the first character of a portable user name. -+ * -+ * Allow more relaxed user/group names in Debian -- ^[^-~+:,\s][^:,\s]*$ -+ */ -+ if ( ('\0' == *name) -+ || ('-' == *name) -+ || ('~' == *name) -+ || ('+' == *name)) { -+ return false; -+ } -+ do { -+ if ((':' == *name) || (',' == *name) || isspace(*name)) { -+ return false; -+ } -+ name++; -+ } while ('\0' != *name); - - return true; - } ---- a/man/useradd.8.xml -+++ b/man/useradd.8.xml -@@ -635,12 +635,20 @@ - </para> - - <para> -- Usernames must start with a lower case letter or an underscore, -+ It is usually recommended to only use usernames that begin with a lower case letter or an underscore, - followed by lower case letters, digits, underscores, or dashes. - They can end with a dollar sign. - In regular expression terms: [a-z_][a-z0-9_-]*[$]? - </para> - <para> -+ On Debian, the only constraints are that usernames must neither start -+ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a -+ colon (':'), a comma (','), or a whitespace (space: ' ', -+ end of line: '\n', tabulation: '\t', etc.). Note that using a slash -+ ('/') may break the default algorithm for the definition of the -+ user's home directory. -+ </para> -+ <para> - Usernames may only be up to 32 characters long. - </para> - </refsect1> ---- a/man/groupadd.8.xml -+++ b/man/groupadd.8.xml -@@ -240,12 +240,18 @@ - <refsect1 id='caveats'> - <title>CAVEATS</title> - <para> -- Groupnames must start with a lower case letter or an underscore, -+ It is usually recommended to only use groupnames that begin with a lower case letter or an underscore, - followed by lower case letters, digits, underscores, or dashes. - They can end with a dollar sign. - In regular expression terms: [a-z_][a-z0-9_-]*[$]? - </para> - <para> -+ On Debian, the only constraints are that groupnames must neither start -+ with a dash ('-') nor plus ('+') nor tilde ('~') nor contain a -+ colon (':'), a comma (','), or a whitespace (space:' ', -+ end of line: '\n', tabulation: '\t', etc.). -+ </para> -+ <para> - Groupnames may only be up to &GROUP_NAME_MAX_LENGTH; characters long. - </para> - <para> diff --git a/debian/patches/508_nologin_in_usr_sbin b/debian/patches/508_nologin_in_usr_sbin deleted file mode 100644 index 026e2db4..00000000 --- a/debian/patches/508_nologin_in_usr_sbin +++ /dev/null @@ -1,18 +0,0 @@ ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -23,7 +23,6 @@ - # $prefix/bin and $prefix/sbin, no install-data hacks...) - - bin_PROGRAMS = groups login su --sbin_PROGRAMS = nologin - ubin_PROGRAMS = faillog lastlog chage chfn chsh expiry gpasswd newgrp passwd - usbin_PROGRAMS = \ - cppw \ -@@ -38,6 +37,7 @@ - grpunconv \ - logoutd \ - newusers \ -+ nologin \ - pwck \ - pwconv \ - pwunconv \ diff --git a/debian/patches/523_su_arguments_are_concatenated b/debian/patches/523_su_arguments_are_concatenated deleted file mode 100644 index 0abc4c5f..00000000 --- a/debian/patches/523_su_arguments_are_concatenated +++ /dev/null @@ -1,48 +0,0 @@ -Goal: Concatenate the non-su arguments and provide them to the shell with - the -c option -Fixes: #317264 - see also #276419 - -Status wrt upstream: This is a Debian specific patch. - -Note: the fix of the man page is still missing. - (to be taken from the trunk) - ---- a/src/su.c -+++ b/src/su.c -@@ -1150,6 +1150,35 @@ - argv[0] = "-c"; - argv[1] = command; - } -+ /* On Debian, the arguments are concatenated and the -+ * resulting string is always given to the shell with its -+ * -c option. -+ */ -+ { -+ char **parg; -+ unsigned int cmd_len = 0; -+ char *cmd = NULL; -+ if (strcmp(argv[0], "-c") != 0) { -+ argv--; -+ argv[0] = "-c"; -+ } -+ /* Now argv[0] is always -c, and other arguments -+ * can be concatenated -+ */ -+ cmd_len = 1; /* finale '\0' */ -+ for (parg = &argv[1]; *parg; parg++) { -+ cmd_len += strlen (*parg) + 1; -+ } -+ cmd = (char *) xmalloc (sizeof (char) * cmd_len); -+ cmd[0] = '\0'; -+ for (parg = &argv[1]; *parg; parg++) { -+ strcat (cmd, " "); -+ strcat (cmd, *parg); -+ } -+ cmd[cmd_len - 1] = '\0'; -+ argv[1] = &cmd[1]; /* do not take first space */ -+ argv[2] = NULL; -+ } - /* - * Use the shell and create an argv - * with the rest of the command line included. diff --git a/debian/patches/523_su_arguments_are_no_more_concatenated_by_default b/debian/patches/523_su_arguments_are_no_more_concatenated_by_default deleted file mode 100644 index d4213451..00000000 --- a/debian/patches/523_su_arguments_are_no_more_concatenated_by_default +++ /dev/null @@ -1,50 +0,0 @@ -Goal: Do not concatenate the additional arguments, and support an - environment variable to revert to the old Debian's su behavior. - -This patch needs the su_arguments_are_concatenated patch. - -This patch, and su_arguments_are_concatenated should be dropped after -Etch. - -Status wrt upstream: This patch is Debian specific. - ---- a/src/su.c -+++ b/src/su.c -@@ -104,6 +104,19 @@ - /* If nonzero, change some environment vars to indicate the user su'd to. */ - static bool change_environment = true; - -+/* -+ * If nonzero, keep the old Debian behavior: -+ * * concatenate all the arguments and provide them to the -c option of -+ * the shell -+ * * If there are some additional arguments, but no -c, add a -c -+ * argument anyway -+ * Drawbacks: -+ * * you can't provide options to the shell (other than -c) -+ * * you can't rely on the argument count -+ * See http://bugs.debian.org/276419 -+ */ -+static int old_debian_behavior; -+ - #ifdef USE_PAM - static pam_handle_t *pamh = NULL; - static int caught = 0; -@@ -950,6 +963,8 @@ - int ret; - #endif /* USE_PAM */ - -+ old_debian_behavior = (getenv("SU_NO_SHELL_ARGS") != NULL); -+ - (void) setlocale (LC_ALL, ""); - (void) bindtextdomain (PACKAGE, LOCALEDIR); - (void) textdomain (PACKAGE); -@@ -1154,7 +1169,7 @@ - * resulting string is always given to the shell with its - * -c option. - */ -- { -+ if (old_debian_behavior) { - char **parg; - unsigned int cmd_len = 0; - char *cmd = NULL; diff --git a/debian/patches/542_useradd-O_option b/debian/patches/542_useradd-O_option deleted file mode 100644 index 506352f1..00000000 --- a/debian/patches/542_useradd-O_option +++ /dev/null @@ -1,43 +0,0 @@ -Goal: accepts the -O flag for backward compatibility. (was used by adduser?) - -Note: useradd.8 needs to be regenerated. - -Status wrt upstream: not included as this is just specific - backward compatibility for Debian - ---- a/man/useradd.8.xml -+++ b/man/useradd.8.xml -@@ -321,6 +321,11 @@ - databases are resetted to avoid reusing the entry from a previously - deleted user. - </para> -+ <para> -+ For the compatibility with previous Debian's -+ <command>useradd</command>, the <option>-O</option> option is -+ also supported. -+ </para> - </listitem> - </varlistentry> - <varlistentry> ---- a/src/useradd.c -+++ b/src/useradd.c -@@ -1011,9 +1011,9 @@ - }; - while ((c = getopt_long (argc, argv, - #ifdef WITH_SELINUX -- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:UZ:", -+ "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:s:u:UZ:", - #else /* !WITH_SELINUX */ -- "b:c:d:De:f:g:G:hk:K:lmMNop:rR:s:u:U", -+ "b:c:d:De:f:g:G:hk:O:K:lmMNop:rR:s:u:U", - #endif /* !WITH_SELINUX */ - long_options, NULL)) != -1) { - switch (c) { -@@ -1136,6 +1136,7 @@ - kflg = true; - break; - case 'K': -+ case 'O': /* compatibility with previous Debian useradd */ - /* - * override login.defs defaults (-K name=value) - * example: -K UID_MIN=100 -K UID_MAX=499 diff --git a/debian/patches/900_testsuite_groupmems b/debian/patches/900_testsuite_groupmems deleted file mode 100644 index 6bdc4978..00000000 --- a/debian/patches/900_testsuite_groupmems +++ /dev/null @@ -1,81 +0,0 @@ ---- a/debian/passwd.install -+++ b/debian/passwd.install -@@ -9,6 +9,7 @@ - usr/sbin/cppw - usr/sbin/groupadd - usr/sbin/groupdel -+usr/sbin/groupmems - usr/sbin/groupmod - usr/sbin/grpck - usr/sbin/grpconv -@@ -33,6 +34,7 @@ - usr/share/man/*/man8/chpasswd.8 - usr/share/man/*/man8/groupadd.8 - usr/share/man/*/man8/groupdel.8 -+usr/share/man/*/man8/groupmems.8 - usr/share/man/*/man8/groupmod.8 - usr/share/man/*/man8/grpck.8 - usr/share/man/*/man8/grpconv.8 -@@ -59,6 +61,7 @@ - usr/share/man/man8/chpasswd.8 - usr/share/man/man8/groupadd.8 - usr/share/man/man8/groupdel.8 -+usr/share/man/man8/groupmems.8 - usr/share/man/man8/groupmod.8 - usr/share/man/man8/grpck.8 - usr/share/man/man8/grpconv.8 ---- a/debian/passwd.postinst -+++ b/debian/passwd.postinst -@@ -31,6 +31,24 @@ - exit 1 - ) - fi -+ if ! getent group groupmems | grep -q '^groupmems:[^:]*:99' -+ then -+ groupadd -g 99 groupmems || ( -+ cat <<EOF -+************************ TESTSUITE ***************************** -+Group ID 99 has been allocated for the groupmems group. You have either -+used 99 yourself or created a groupmems group with a different ID. -+Please correct this problem and reconfigure with ``dpkg --configure passwd''. -+ -+Note that both user and group IDs in the range 0-99 are globally -+allocated by the Debian project and must be the same on every Debian -+system. -+EOF -+ exit 1 -+ ) -+# FIXME -+ chgrp groupmems /usr/sbin/groupmems -+ fi - ;; - esac - ---- a/debian/rules -+++ b/debian/rules -@@ -60,6 +60,7 @@ - dh_installpam -p passwd --name=chsh - dh_installpam -p passwd --name=chpasswd - dh_installpam -p passwd --name=newusers -+ dh_installpam -p passwd --name=groupmems - ifeq ($(DEB_HOST_ARCH_OS),hurd) - # login is not built on The Hurd, but some utilities of passwd depends on - # /etc/login.defs. -@@ -87,3 +88,6 @@ - chgrp shadow debian/passwd/usr/bin/expiry - chmod g+s debian/passwd/usr/bin/chage - chmod g+s debian/passwd/usr/bin/expiry -+ chgrp groupmems debian/passwd/usr/sbin/groupmems -+ chmod u+s debian/passwd/usr/sbin/groupmems -+ chmod o-x debian/passwd/usr/sbin/groupmems ---- /dev/null -+++ b/debian/passwd.groupmems.pam -@@ -0,0 +1,8 @@ -+# The PAM configuration file for the Shadow 'groupmod' service -+# -+ -+# This allows root to modify groups without being prompted for a password -+auth sufficient pam_rootok.so -+ -+@include common-auth -+@include common-account diff --git a/debian/patches/901_testsuite_gcov b/debian/patches/901_testsuite_gcov deleted file mode 100644 index 717cccaa..00000000 --- a/debian/patches/901_testsuite_gcov +++ /dev/null @@ -1,76 +0,0 @@ ---- a/lib/Makefile.am -+++ b/lib/Makefile.am -@@ -1,6 +1,8 @@ - - AUTOMAKE_OPTIONS = 1.0 foreign - -+CFLAGS += -fprofile-arcs -ftest-coverage -+ - DEFS = - - noinst_LTLIBRARIES = libshadow.la ---- a/libmisc/Makefile.am -+++ b/libmisc/Makefile.am -@@ -1,6 +1,8 @@ - - EXTRA_DIST = .indent.pro xgetXXbyYY.c - -+CFLAGS += -fprofile-arcs -ftest-coverage -+ - INCLUDES = -I$(top_srcdir)/lib - - noinst_LIBRARIES = libmisc.a ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -7,6 +7,8 @@ - suidperms = 4755 - sgidperms = 2755 - -+CFLAGS += -fprofile-arcs -ftest-coverage -+ - INCLUDES = \ - -I${top_srcdir}/lib \ - -I$(top_srcdir)/libmisc ---- a/debian/rules -+++ b/debian/rules -@@ -40,6 +40,12 @@ - endif - export CFLAGS - -+clean:: clean_gcov -+ -+clean_gcov: -+ find . -name "*.gcda" -delete -+ find . -name "*.gcno" -delete -+ - # Add extras to the install process: - binary-install/login:: - dh_installpam -p login ---- a/lib/defines.h -+++ b/lib/defines.h -@@ -174,23 +174,9 @@ - trust the formatted time received from the unix domain (or worse, - UDP) socket. -MM */ - /* Avoid translated PAM error messages: Set LC_ALL to "C". -+ * This is disabled for coverage testing - * --Nekral */ --#define SYSLOG(x) \ -- do { \ -- char *old_locale = setlocale (LC_ALL, NULL); \ -- char *saved_locale = NULL; \ -- if (NULL != old_locale) { \ -- saved_locale = strdup (old_locale); \ -- } \ -- if (NULL != saved_locale) { \ -- (void) setlocale (LC_ALL, "C"); \ -- } \ -- syslog x ; \ -- if (NULL != saved_locale) { \ -- (void) setlocale (LC_ALL, saved_locale); \ -- free (saved_locale); \ -- } \ -- } while (false) -+#define SYSLOG(x) syslog x - #else /* !ENABLE_NLS */ - #define SYSLOG(x) syslog x - #endif /* !ENABLE_NLS */ diff --git a/debian/patches/README.patches b/debian/patches/README.patches deleted file mode 100644 index 8df4cd3f..00000000 --- a/debian/patches/README.patches +++ /dev/null @@ -1,71 +0,0 @@ -Small intro to the system for numbering the patches here... - --The 0xx series of patches are patches isolated from the latest - version of the shadow Debian package not using quilt in order to - separate upstream from Debian-specific stuff. - - NO MORE PATCHES SHOULD BE ADDED IN THESE SERIES - --The 1xx series are l10n patches to upstream 4.0.18.1. As upstream has - adopted Debian translations, it is very likely that these patches - will become useless when we will have synced with upstream - --The 2xx series are patches for manual pages translations to upstream - 4.0.18.1. - --The 3xx series are patches which have been temporarily applied to - Debian's shadow while we *know* they have been applied upstream as well - These patches should NOT be kept when we will sync with upstream - --The 4xx series are patches which have been applied to Debian's shadow - and have NOT been accepted and/or applied upstream. These patches MUST be kept - even after resynced with upstream - --The 5xx series are patches which are applied to Debian's shadow - and will never be proposed upstream because they're too specific - This list SHOULD BE AS SHORT AS POSSIBLE - -In short, while we are working towards synchronisation with upstream, -our goal is to make 0xx patches disappear by moving them either to 3xx -series (things already implemented upstream) or to 4xx series -(Debian-specific patches). - - -Short HOWTO for quilt -===================== - -The quilt system can be assimilated to a Pile Of Patches management system. -Patches live in debian/patches, the working directory is "." - -The basic commands are (abbreviation accepted): -quilt push (asks to apply the next patch in the pile) -quilt pop (removes the current patch and go up in the pile) -quilt refresh (take the current changes in tree onto the patch) - -When a file is changed by a patch, quilt saves it somewhere under .pc on -application. This is how it can refresh it afterward (comparing the version -in .pc and the one you currently have in your working dir). - -There are three common pitfalls with quilt: - - doing "quilt pop" without doing "quilt refresh". The version of current - dir is replaced with the version of the .pc dir. Your changes are lost. - Quilt wont let you do so, but you can force it with '-f' if you're fool. - - editing a file with is not in the patch yet. Quilt didn't do any previous - backup. - Use "quilt add" to add files to patches. - Set $EDITOR and use "quilt edit" to edit a file, and add it onto the - patch if needed. - - If you update your working directory, patches may not revert cleanly. - It is thus recommended to use "quilt pop -a" before updating with - "svn up". - If you forget (and run into trouble), you may want to remove the whole - shadow-?.?.? directory. If you use the makefile which is in the upper - directory (trunk/), shadow-?.?.?/debian/patches is a link to - debian/patches, so this dirctory does not contain any valuable info. - -The documentation is quite well done, I think. "quilt -h" will list you the -commands. "quilt <cmd> -h" will give you some hints about it. "man quilt" is -a reference documentation. /usr/share/doc/quilt/quilt.pdf.gz is a complete -manual, with tutorial. - - diff --git a/debian/patches/series b/debian/patches/series deleted file mode 100644 index 0a59b9f3..00000000 --- a/debian/patches/series +++ /dev/null @@ -1,18 +0,0 @@ -# These patches are only for the testsuite: -#900_testsuite_groupmems -#901_testsuite_gcov - -503_shadowconfig.8 -008_login_log_failure_in_FTMP -429_login_FAILLOG_ENAB -401_cppw_src.dpatch -# 402 should be merged in 401, but should be reviewed by SE Linux experts first -402_cppw_selinux -506_relaxed_usernames -542_useradd-O_option -501_commonio_group_shadow -463_login_delay_obeys_to_PAM -523_su_arguments_are_concatenated -523_su_arguments_are_no_more_concatenated_by_default -508_nologin_in_usr_sbin -505_useradd_recommend_adduser diff --git a/debian/rules b/debian/rules deleted file mode 100755 index e0a15157..00000000 --- a/debian/rules +++ /dev/null @@ -1,84 +0,0 @@ -#!/usr/bin/make -f -# -*- mode: makefile; coding: utf-8 -*- - -DEB_HOST_ARCH_OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS) - -ifeq ($(DEB_HOST_ARCH_OS),hurd) -# Do not build login on The Hurd -override DEB_ARCH_PACKAGES=passwd -endif - -# Enable PIE, BINDNOW, and possible future flags. -export DEB_BUILD_MAINT_OPTIONS = hardening=+all - -include /usr/share/cdbs/1/rules/debhelper.mk -# Specify where dh_install will find the files that it needs to move: -DEB_DH_INSTALL_SOURCEDIR=debian/tmp -# Specify the destination of shadow's "make install" -# (This is only needed on The Hurd, where only one package is built. On -# the other arch, DEB_DESTDIR already points to debian/tmp) -DEB_DESTDIR=$(CURDIR)/debian/tmp - -include /usr/share/cdbs/1/class/autotools.mk -# Automatically update autoconf, etc. -DEB_AUTO_UPDATE_ACLOCAL = 1.9 -DEB_AUTO_UPDATE_AUTOCONF = 1.9 -DEB_AUTO_UPDATE_AUTOMAKE = 1.9 -DEB_AUTO_UPDATE_LIBTOOL = pre - -# Adds extra options when calling the configure script: -DEB_CONFIGURE_EXTRA_FLAGS := --disable-shared --without-libcrack --without-audit --mandir=/usr/share/man --with-libpam --enable-shadowgrp --enable-man --disable-account-tools-setuid --with-group-name-max-length=32 --without-acl --without-attr --without-tcb -ifneq ($(DEB_BUILD_GNU_TYPE),$(DEB_HOST_GNU_TYPE)) - DEB_CONFIGURE_EXTRA_FLAGS += --host=$(DEB_HOST_GNU_TYPE) -endif - -# Automatically controls patching at build time: -include /usr/share/cdbs/1/rules/patchsys-quilt.mk - -# Add extras to the install process: -binary-install/login:: - dh_installpam -p login - dh_installpam -p login --name=su - install -c -m 444 debian/login.defs debian/login/etc/login.defs - install -c -m 444 debian/securetty.$(DEB_HOST_ARCH_OS) debian/login/etc/securetty - dh_lintian -p login - -binary-install/passwd:: - install -c -m 444 man/shadowconfig.8 debian/passwd/usr/share/man/man8 - install -c -m 444 man/ja/shadowconfig.8 debian/passwd/usr/share/man/ja/man8 - install -c -m 444 man/pl/shadowconfig.8 debian/passwd/usr/share/man/pl/man8 - install -c -m 444 man/fr/shadowconfig.8 debian/passwd/usr/share/man/fr/man8 - # Distribute the pam.d files; unless for the commands with disabled PAM - # support - dh_installpam -p passwd --name=passwd - dh_installpam -p passwd --name=chfn - dh_installpam -p passwd --name=chsh - dh_installpam -p passwd --name=chpasswd - dh_installpam -p passwd --name=newusers -ifeq ($(DEB_HOST_ARCH_OS),hurd) -# login is not built on The Hurd, but some utilities of passwd depends on -# /etc/login.defs. - install -c -m 444 debian/login.defs debian/passwd/etc/login.defs -endif - install -c -m 644 debian/useradd.default debian/passwd/etc/default/useradd - install -d debian/passwd/sbin - install -c -m 555 debian/shadowconfig.sh debian/passwd/sbin/shadowconfig - install -c -m 444 debian/cpgr.8 debian/passwd/usr/share/man/man8 - install -c -m 444 debian/cppw.8 debian/passwd/usr/share/man/man8 - dh_lintian -p passwd - -binary-predeb/login:: - # No real need for login to be setuid root - # chmod u+s debian/login/bin/login - chmod u+s debian/login/bin/su - chmod u+s debian/login/usr/bin/newgrp - -binary-predeb/passwd:: - chmod u+s debian/passwd/usr/bin/chfn - chmod u+s debian/passwd/usr/bin/chsh - chmod u+s debian/passwd/usr/bin/gpasswd - chmod u+s debian/passwd/usr/bin/passwd - chgrp shadow debian/passwd/usr/bin/chage - chgrp shadow debian/passwd/usr/bin/expiry - chmod g+s debian/passwd/usr/bin/chage - chmod g+s debian/passwd/usr/bin/expiry diff --git a/debian/securetty.hurd b/debian/securetty.hurd deleted file mode 100644 index 7b9e4187..00000000 --- a/debian/securetty.hurd +++ /dev/null @@ -1,71 +0,0 @@ -# /etc/securetty: list of terminals on which root is allowed to login. -# See securetty(5) and login(1). -console - -# for people with serial port consoles -com0 - -# Standard consoles -tty1 -tty2 -tty3 -tty4 -tty5 -tty6 -tty7 -tty8 -tty9 -tty10 -tty11 -tty12 -tty13 -tty14 -tty15 -tty16 -tty17 -tty18 -tty19 -tty20 -tty21 -tty22 -tty23 -tty24 -tty25 -tty26 -tty27 -tty28 -tty29 -tty30 -tty31 -tty32 -tty33 -tty34 -tty35 -tty36 -tty37 -tty38 -tty39 -tty40 -tty41 -tty42 -tty43 -tty44 -tty45 -tty46 -tty47 -tty48 -tty49 -tty50 -tty51 -tty52 -tty53 -tty54 -tty55 -tty56 -tty57 -tty58 -tty59 -tty60 -tty61 -tty62 -tty63 diff --git a/debian/securetty.kfreebsd b/debian/securetty.kfreebsd deleted file mode 100644 index 1e35e464..00000000 --- a/debian/securetty.kfreebsd +++ /dev/null @@ -1,24 +0,0 @@ -# /etc/securetty: list of terminals on which root is allowed to login. -# See securetty(5) and login(1). -console - -# for people with serial port consoles -ttyd0 -ttyd1 - -# Standard consoles -ttyv0 -ttyv1 -ttyv2 -ttyv3 -ttyv4 -ttyv5 -ttyv6 -ttyv7 -ttyva -ttyvb -ttyvc -ttyvd -ttyve -ttyvf - diff --git a/debian/securetty.knetbsd b/debian/securetty.knetbsd deleted file mode 100644 index d8fba693..00000000 --- a/debian/securetty.knetbsd +++ /dev/null @@ -1,12 +0,0 @@ -# /etc/securetty: list of terminals on which root is allowed to login. -# See securetty(5) and login(1). -console - -# for people with serial port consoles -tty00 - -# Standard consoles -ttyE0 -ttyE1 -ttyE2 -ttyE3 diff --git a/debian/securetty.linux b/debian/securetty.linux deleted file mode 100644 index 9be98b0a..00000000 --- a/debian/securetty.linux +++ /dev/null @@ -1,393 +0,0 @@ -# /etc/securetty: list of terminals on which root is allowed to login. -# See securetty(5) and login(1). - -console - -# Local X displays (allows empty passwords with pam_unix's nullok_secure) -:0 -:0.0 -:0.1 -:1 -:1.0 -:1.1 -:2 -:2.0 -:2.1 -:3 -:3.0 -:3.1 -#... - - -# ========================================================== -# -# TTYs sorted by major number according to Documentation/devices.txt -# -# ========================================================== - -# Virtual consoles -tty1 -tty2 -tty3 -tty4 -tty5 -tty6 -tty7 -tty8 -tty9 -tty10 -tty11 -tty12 -tty13 -tty14 -tty15 -tty16 -tty17 -tty18 -tty19 -tty20 -tty21 -tty22 -tty23 -tty24 -tty25 -tty26 -tty27 -tty28 -tty29 -tty30 -tty31 -tty32 -tty33 -tty34 -tty35 -tty36 -tty37 -tty38 -tty39 -tty40 -tty41 -tty42 -tty43 -tty44 -tty45 -tty46 -tty47 -tty48 -tty49 -tty50 -tty51 -tty52 -tty53 -tty54 -tty55 -tty56 -tty57 -tty58 -tty59 -tty60 -tty61 -tty62 -tty63 - -# UART serial ports -ttyS0 -ttyS1 -ttyS2 -ttyS3 -ttyS4 -ttyS5 -#...ttyS191 - -# Serial Mux devices (Linux/PA-RISC only) -ttyB0 -ttyB1 -#... - -# Chase serial card -ttyH0 -ttyH1 -#... - -# Cyclades serial cards -ttyC0 -ttyC1 -#...ttyC31 - -# Digiboard serial cards -ttyD0 -ttyD1 -#... - -# Stallion serial cards -ttyE0 -ttyE1 -#...ttyE255 - -# Specialix serial cards -ttyX0 -ttyX1 -#... - -# Comtrol Rocketport serial cards -ttyR0 -ttyR1 -#... - -# SDL RISCom serial cards -ttyL0 -ttyL1 -#... - -# Hayes ESP serial card -ttyP0 -ttyP1 -#... - -# Computone IntelliPort II serial card -ttyF0 -ttyF1 -#...ttyF255 - -# Specialix IO8+ serial card -ttyW0 -ttyW1 -#... - -# Comtrol VS-1000 serial controller -ttyV0 -ttyV1 -#... - -# ISI serial card -ttyM0 -ttyM1 -#... - -# Technology Concepts serial card -ttyT0 -ttyT1 -#... - -# Specialix RIO serial card -ttySR0 -ttySR1 -#...ttySR511 - -# Chase Research AT/PCI-Fast serial card -ttyCH0 -ttyCH1 -#...ttyCH63 - -# Moxa Intellio serial card -ttyMX0 -ttyMX1 -#...ttyMX127 - -# SmartIO serial card -ttySI0 -ttySI1 -#... - -# USB dongles -ttyUSB0 -ttyUSB1 -ttyUSB2 -#... - -# LinkUp Systems L72xx UARTs -ttyLU0 -ttyLU1 -ttyLU2 -ttyLU3 - -# StrongARM builtin serial ports -ttySA0 -ttySA1 -ttySA2 - -# SCI serial port (SuperH) ports and SC26xx serial ports -ttySC0 -ttySC1 -ttySC2 -ttySC3 - -# ARM "AMBA" serial ports -ttyAM0 -ttyAM1 -ttyAM2 -ttyAM3 -ttyAM4 -ttyAM5 -ttyAM6 -ttyAM7 -ttyAM8 -ttyAM9 -ttyAM10 -ttyAM11 -ttyAM12 -ttyAM13 -ttyAM14 -ttyAM15 - -# Embedded ARM AMBA PL011 ports (e.g. emulated by QEMU) -ttyAMA0 -ttyAMA1 -ttyAMA2 -ttyAMA3 - -# DataBooster serial ports -ttyDB0 -ttyDB1 -ttyDB2 -ttyDB3 -ttyDB4 -ttyDB5 -ttyDB6 -ttyDB7 - -# SGI Altix console ports -ttySG0 - -# Motorola i.MX ports -ttySMX0 -ttySMX1 -ttySMX2 - -# Marvell MPSC ports -ttyMM0 -ttyMM1 - -# PPC CPM (SCC or SMC) ports -ttyCPM0 -ttyCPM1 -ttyCPM2 -ttyCPM3 -ttyCPM4 -ttyCPM5 - -# Altix serial cards -ttyIOC0 -ttyIOC1 -#...ttyIOC31 - -# NEC VR4100 series SIU -ttyVR0 - -# NEC VR4100 series SSIU -ttyVR1 - -# Altix ioc4 serial cards -ttyIOC84 -ttyIOC85 -#...ttyIOC115 - -# Altix ioc3 serial cards -ttySIOC0 -ttySIOC1 -#...ttySIOC31 - -# PPC PSC ports -ttyPSC0 -ttyPSC1 -ttyPSC2 -ttyPSC3 -ttyPSC4 -ttyPSC5 - -# ATMEL serial ports -ttyAT0 -ttyAT1 -#...ttyAT15 - -# Hilscher netX serial port -ttyNX0 -ttyNX1 -#...ttyNX15 - -# Xilinx uartlite - port -ttyUL0 -ttyUL1 -ttyUL2 -ttyUL3 - -# Xen virtual console - port 0 -xvc0 - -# pmac_zilog - port -ttyPZ0 -ttyPZ1 -ttyPZ2 -ttyPZ3 - -# TX39/49 serial port -ttyTX0 -ttyTX1 -ttyTX2 -ttyTX3 -ttyTX4 -ttyTX5 -ttyTX6 -ttyTX7 - -# SC26xx serial ports (see SCI serial ports (SuperH)) - -# MAX3100 serial ports -ttyMAX0 -ttyMAX1 -ttyMAX2 -ttyMAX3 - -# OMAP serial ports -ttyO0 -ttyO1 -ttyO2 -ttyO3 - -# User space serial ports -ttyU0 -ttyU1 - -# A2232 serial card -ttyY0 -ttyY1 - -# IBM 3270 terminal Unix tty access -3270/tty1 -3270/tty2 -#... - -# IBM iSeries/pSeries virtual console -hvc0 -hvc1 -#... -#IBM pSeries console ports -hvsi0 -hvsi1 -hvsi2 - -# Equinox SST multi-port serial boards -ttyEQ0 -ttyEQ1 -#...ttyEQ1027 - -# ========================================================== -# -# Not in Documentation/Devices.txt -# -# ========================================================== - -# Embedded Freescale i.MX ports -ttymxc0 -ttymxc1 -ttymxc2 -ttymxc3 -ttymxc4 -ttymxc5 - -# Serial Console for MIPS Swarm -duart0 -duart1 - -# s390 and s390x ports in LPAR mode -ttysclp0 diff --git a/debian/shadowconfig.sh b/debian/shadowconfig.sh deleted file mode 100644 index 28df7512..00000000 --- a/debian/shadowconfig.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/sh -# turn shadow passwords on or off on a Debian system - -set -e - -shadowon () { - set -e - pwck -q -r - grpck -r - pwconv - grpconv - chown root:root /etc/passwd /etc/group - chmod 644 /etc/passwd /etc/group - chown root:shadow /etc/shadow /etc/gshadow - chmod 640 /etc/shadow /etc/gshadow -} - -shadowoff () { - set -e - pwck -q -r - grpck -r - pwunconv - grpunconv - # sometimes the passwd perms get munged - chown root:root /etc/passwd /etc/group - chmod 644 /etc/passwd /etc/group -} - -case "$1" in - "on") - if shadowon ; then - echo Shadow passwords are now on. - else - echo Please correct the error and rerun \`$0 on\' - exit 1 - fi - ;; - "off") - if shadowoff ; then - echo Shadow passwords are now off. - else - echo Please correct the error and rerun \`$0 off\' - exit 1 - fi - ;; - *) - echo Usage: $0 on \| off - ;; -esac diff --git a/debian/useradd.default b/debian/useradd.default deleted file mode 100644 index a834feff..00000000 --- a/debian/useradd.default +++ /dev/null @@ -1,37 +0,0 @@ -# Default values for useradd(8) -# -# The SHELL variable specifies the default login shell on your -# system. -# Similar to DHSELL in adduser. However, we use "sh" here because -# useradd is a low level utility and should be as general -# as possible -SHELL=/bin/sh -# -# The default group for users -# 100=users on Debian systems -# Same as USERS_GID in adduser -# This argument is used when the -n flag is specified. -# The default behavior (when -n and -g are not specified) is to create a -# primary user group with the same name as the user being added to the -# system. -# GROUP=100 -# -# The default home directory. Same as DHOME for adduser -# HOME=/home -# -# The number of days after a password expires until the account -# is permanently disabled -# INACTIVE=-1 -# -# The default expire date -# EXPIRE= -# -# The SKEL variable specifies the directory containing "skeletal" user -# files; in other words, files such as a sample .profile that will be -# copied to the new user's home directory when it is created. -# SKEL=/etc/skel -# -# Defines whether the mail spool should be created while -# creating the account -# CREATE_MAIL_SPOOL=yes - diff --git a/debian/watch b/debian/watch deleted file mode 100644 index b0bf2b6d..00000000 --- a/debian/watch +++ /dev/null @@ -1,3 +0,0 @@ -version=3 -ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/shadow-(.*)\.tar\.gz \ - debian uupdate |