shadow 1:4.5-1ubuntu1 source package in Ubuntu

Changelog

shadow (1:4.5-1ubuntu1) bionic; urgency=medium

  * Merge with Debian; remaining changes:
    - debian/login.defs:
      + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
        handling does not only apply to "former (pre-PAM) uses".
      + Update documentation of UMASK: Explain that USERGROUPS_ENAB
        will modify this default for UPGs.
    - debian/{source_shadow.py,rules}: Add apport hook
    - debian/patches/1010_extrausers.patch: Add support to passwd for
      libnss-extrausers
    - debian/patches/1011_extrausers_toggle.patch: extrausers support for
      useradd and groupadd
    - debian/patches/1012_extrausers_chfn.patch: add support for
      --extrausers to the chfn tool
    - debian/passwd.maintscripts: Clean up upstart configuration
  * Dropped changes, included in Debian:
    - Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
      /etc/update-motd.d/* scripts twice.
  * Dropped changes, included upstream:
    - debian/patches/userns/subuids-nonlocal-users: Don't limit
      subuid/subgid support to local users.
    - debian/patches/1021_no_subuids_for_system_users.patch
    - debian/patches/CVE-2017-2616.patch: Check process's exit status before
      sending signal
    - debian/patches/CVE-2017-2616-regression.patch: Do not reset the
      pid_child to 0 if the child process is still running.
    - CVE-2017-2616
    - debian/patches/CVE-2016-6252.patch: parse directly into unsigned long
    - CVE-2016-6252
  * Dropped obsoleted changes:
    - debian/rules: setting DEB_*_INSTALLINIT_ARGS became obsolete after
      switching to passwd.tmpfile from passwd.service

shadow (1:4.5-1) unstable; urgency=medium

  * New upstream version 4.5
    - Fix buffer overflow if NULL line is present in db (CVE-2017-12424)
      (Closes: #756630)
    - Make the sp_lstchg shadow field reproducible (Closes: #857803)
    - Fix regression in useradd not loading defaults properly.
      (Closes: #865762)
  * Refresh patches
  * Drop patches manipulating su argument concatenation:
  * Cut redundant information from Debian-specific README files
  * Revert adding pts/0 and pts/1 to securetty.
    Adding pts/* defeats the purpose of securetty. Let containers add it if
    needed as described in #830255.
  * Use my @ubuntu.com email address in Maintainer field

shadow (1:4.4-4.1) unstable; urgency=high

  * Non-maintainer upload.
  * Reset pid_child only if waitpid was successful.
    This is a regression fix for CVE-2017-2616. If su receives a signal like
    SIGTERM, it is not propagated to the child. (Closes: #862806)

shadow (1:4.4-4) unstable; urgency=high

  * su: properly clear child PID (CVE-2017-2616) (Closes: #855943)

shadow (1:4.4-3) unstable; urgency=medium

  [ Balint Reczey ]
  * Clean up stale locks on boot (Closes: #478771)
  * Sync motd handling with sshd.
    Using patch from Ubuntu (Closes: #757148)

  [ Stéphane Graber ]
  * Add missing /etc/{subgid|subuid} in postinst

shadow (1:4.4-2) unstable; urgency=medium

  [ Balint Reczey ]
  * Update homepage to new upstream
  * Always use /bin/sh shell in the build (Closes: #817971)
  * Replace user´s -> user's to make login.def file valid ASCII
    (Closes: #850338)
  * Update patch naming docmentation
  * Fix typos in German man pages (Closes: #734609)
  * Send 1000_configure_userns patch upstream
  * Add call to pam_keyinit for login pam service.
    This module is linux-any only, so copy what openssh has already done and
    remove the call at build time for other architectures.
    The call to this module is needed to have proper per-session kernel
    keyring. (Closes: #734671)
  * Add pts/0 and pts/1 to securetty (Closes: #830255)
  * Add ttySAC* to securetty (Closes: #824391)
  * Add ttySC[4-9] to securetty (Closes: #768020)

  [ Laurent Bigonville ]
  * Move pam_selinux open call higher in the session stack (Closes: #747313)

  [ Christian Perrier ]
  * Fix typos in login.pam (thanks to Jakub Wilk for reporting)
    (Closes: #747115)
  * Include groupmems(8) in the passwd package (Closes: #663117)

  [ Frans Spiesschaert ]
  * Dutch translation update (Closes: #772470)

  [ Trần Ngọc Quân ]
  * Update Vietnamese translation (Closes: #777107)

  [ Miroslav Kuře ]
  * Updated Czech translation. (Closes: #759113)

  [ Holger Wansing ]
  * Update for German man pages

  [ Thomas Blein ]
  * French manpage translation (Closes: #805182)

  [ Lars Bahner ]
  * Fix some spelling issues in the Norwegian translation (Closes: #800553)

shadow (1:4.4-1) unstable; urgency=medium

  [ Christian Perrier ]
  * Imported Upstream version 4.2
  * Debian patch: Fix typo in su.1.xml
  * Configure userns
  * Vietnamese translation update
  * French translation update (Closes: #725793)
  * German translation update
  * Update NEWS file
  * Issue a warning if no manpages have been generated
  * Regenerate PO files
  * Regenerate manpages PO files
  * Imported Upstream version 4.2.1

  [ Serge Hallyn ]
  * Import new upstream
  * Patch changes:
    - Update 501_commonio_group_shadow to work with upstream changes
    - Update 1010_vietnamese_translation
    - Drop userns patches which are now all upstream

  [ Balint Reczey ]
  * Update debian/watch to use GitHub releases
  * Imported Upstream version 4.4
    - Fix incorrect integer handling (CVE-2016-6252) (Closes: #832170)
  * Disable Vietnamese translation patch because it does not apply cleanly
  * Bump debhelper compat level to 10
  * ACK NMU by Samuel Thibault dropping the patch which is integrated
    upstream
  * Stop build-depending on build-essential dpkg-dev
  * Tag login package as essential properly
  * Adopt the package under the Shadow Team's umbrella (Closes: #801707)

shadow (1:4.2-3.3) unstable; urgency=medium

  * Non-maintainer upload.
  * Apply upstream patch to fix build on hurd-i386. (Closes: #750480)

 -- Balint Reczey <email address hidden>  Thu, 25 Jan 2018 16:09:22 +0100