VesperOS/shadow
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
880 Commits 10 Branches 149 Tags
fa4dccbc4a2b4ffaffca0b5594e507b5a2c5b503
Commit Graph

437 Commits

Author SHA1 Message Date
Andreas Henriksson
fa4dccbc4a Fix lintian warning useless-autoreconf-build-depends 
Newer debhelper will pull in and run dh-autoreconf
by default, so no need for explicit build-depends or
usage.
 2019-12-05 15:17:06 +01:00
Andreas Henriksson
e34706dd5b Cherry-pick upstream patch reverting bindir/sbindir 
From:
3cc3948d71.patch
 2019-12-05 15:12:17 +01:00
Andreas Henriksson
787ebc3336 Refresh and massage patches to apply 
The following needed massaging to apply:
* debian/patches/508_nologin_in_usr_sbin
* debian/patches/401_cppw_src.dpatch

The remaining patches just got trivial quilt refresh updates,
except debian/patches/506_relaxed_usernames which needed
special attention to be correctly refreshed.
 2019-12-05 15:08:29 +01:00
Andreas Henriksson
93ea3fe510 Use explicit --without-su configure flag 
The shadow package did now ship the su program even before this,
Debian uses the util-linux implementation of su (since Buster).
In shadow 4.8 there's now an explicit configure flag that can be
used to disable su explicitly, rather than just not shipping it in
the resulting debian package.

See commit 88de51965d
"Stop shipping su and break old util-linux version. (See #833256)"
 2019-12-05 13:39:26 +01:00
Andreas Henriksson
30e6a960ee Replace gnome-doc-utils build-dep with itstool 
Closes: #881889
 2019-12-05 13:34:19 +01:00
Andreas Henriksson
e38381641b Update debian/changelog 2019-12-05 13:34:19 +01:00
Andreas Henriksson
1177f4b257 Update debian/changelog 2019-12-05 13:29:18 +01:00
Yuriy M. Kaminskiy
0a3492dd90 Mark uidmap and login as Multi-Arch: foreign 
Closes: #934473
 2019-11-11 16:54:57 +01:00
Justin B Rye
77901f4115 login: Update package description 
Closes: #808301
 2019-11-11 16:25:49 +01:00
Laurent Bigonville
4d8a10d86c Move the call to pam_motd before pam_selinux open 
pam_selinux calls setexeccon() with the context of the user, that means
that the first execve() after the call to "pam_selinux open" will be
executed in the user's context.

As pam_motd in debian calls system() to run run-parts to generate the
motd dynamically we need to be sure that this is done before that so it
runs in the context of the login executable.
 2019-09-03 17:00:06 +02:00
Balint Reczey
9bda99f55d Update changelog 2019-07-16 18:49:41 +02:00
Gaudenz Steinlin
8f33168316 Improve NEWS entry about securetty 
The original version was unclear because it was missing a not in the second part of the sentence.
 2019-07-16 07:36:39 +00:00
Balint Reczey
488bb269c9 Update changelog 2019-07-15 23:45:51 +02:00
Balint Reczey
1a76a81ccc Remove Christian Perrier from Uploaders according to his request 
Thank you for maintaining shadow for long years!

Closes: #893944, #927576
 2019-07-15 23:11:39 +02:00
Balint Reczey
1e63ff4abc Remove obsolete /etc/cron.daily/passwd in maintainer scripts 
Closes: #932017
 2019-07-15 12:51:34 +02:00
Balint Reczey
8931f490ed Update changelog 2019-07-08 15:59:16 +02:00
Balint Reczey
1ddb81753d Clean up /etc/securetty properly on upgrade 2019-07-08 15:46:55 +02:00
Balint Reczey
252ca1a609 debian/NEWS: Fix version of latest entry 2019-07-08 15:36:32 +02:00
Balint Reczey
3709c159af Run autopkgtest in Salsa CI when it exists 2019-06-23 22:25:01 +02:00
Balint Reczey
00c091542c Update changelog 2019-06-23 22:13:18 +02:00
Balint Reczey
084a543a03 Refresh patches 2019-06-23 22:11:48 +02:00
Balint Reczey
d04fc57f13 Fix checking upstream tarball's OpenPGP signature 2019-06-23 16:49:11 +02:00
Balint Reczey
1daf68f0a3 Ship some missing man files 2019-06-23 16:17:34 +02:00
Balint Reczey
58ead426f4 Migrate to dh from cdbs 2019-06-23 16:02:51 +02:00
Balint Reczey
9be33624de Update changelog 2019-06-23 15:48:31 +02:00
Balint Reczey
f1f3ef5674 Stop shipping and honoring /etc/securetty 
Closes: #731656, #830255, #879903, #920764, #771675, #917893, #607073
 2019-06-23 15:48:00 +02:00
Balint Reczey
c60535694b Update changelog 2019-06-19 15:59:55 +02:00
Balint Reczey
7bc992f580 Drop Lintian override for su, it is not shipped in login anymore 2019-06-19 14:51:45 +02:00
Balint Reczey
7c34f34109 Merge branch 'master' into 'master' 
Remove cron daily backup

See merge request debian/shadow!6
 2019-06-19 10:09:37 +00:00
Balint Reczey
e153c45690 Update changelog 2019-06-19 00:46:57 +02:00
Bryan Quigley
9c70ce4480 Remove cron daily backup 
It was added in 2010 (#554170) as a split off from a previous cron
job.  I haven't seen an arguement for why it's useful to keep.

Depending on when a mistake occurs in one of the files it backups
it will provide variable recovery time of 0 to 24hours.
 2019-06-17 09:38:53 -07:00
Balint Reczey
6170e87bd5 Add Salsa CI configuration 2019-05-14 17:07:31 +02:00
Balint Reczey
2ace7fb8f5 Merge remote-tracking branch 'origin/master' 2019-05-14 16:42:35 +02:00
Balint Reczey
b2a4d20bf7 Merge branch 'set-rules-requires-root' into 'master' 
Declare the explicit requirement for (fake)root

See merge request debian/shadow!2
 2019-05-14 14:35:25 +00:00
Balint Reczey
089560d90e Refresh patches 2019-03-03 23:40:55 +01:00
Ondřej Nový
7ca7e82ae8 d/changelog: Remove trailing whitespaces 2018-10-01 09:38:15 +02:00
Niels Thykier
19c35c70e1 Declare the explicit requirement for (fake)root 
The shadow package currently requires (fake)root to produce the debs due to static non-root:root ownerships in the debs.
 2018-08-12 18:07:23 +00:00
Balint Reczey
b001531192 Move packaging repository to Salsa 2018-07-28 17:35:13 +08:00
Andreas Henriksson
88de51965d Stop shipping su and break old util-linux version. (See #833256) 
Breaks on old version to force lockstep upgrade, which should
really be a depends-new-version (and can be switched around
together with util-linux once the transition is finished).
Using Breaks/Depends the 'wrong' way around is to make apt
unpack things in the 'right' order (avoiding any gaps where
/bin/su is not available during the upgrade phase).
 2018-07-28 17:31:41 +08:00
Balint Reczey
df6b651325 Update changelog 2017-09-27 12:56:13 -04:00
Balint Reczey
406a28db14 Use my @ubuntu.com email address in Maintainer field 2017-09-27 12:45:10 -04:00
Balint Reczey
00bcf65d58 Revert "Add pts/0 and pts/1 to securetty" 
Adding pts/* defeats the purpose of securetty. Let containers add it if
needed as described in #830255.

This reverts commit 8b5c7cace3
 2017-09-17 23:42:28 +02:00
Balint Reczey
9105fcd24c Update changelog 2017-08-22 16:44:34 +02:00
Balint Reczey
ba18b6cab2 Cut redundant information from Debian-specific README files 2017-08-12 18:48:09 -04:00
Balint Reczey
b43b5a89d1 Drop patches manipulating su argument concatenation: 
- 523_su_arguments_are_concatenated
- su_arguments_are_no_more_concatenated_by_default
 2017-08-11 11:16:45 -04:00
Balint Reczey
591aa8debe Refresh patches 
Dropped patches:
- 0001-Typos-fix-in-german-translation-of-man-pages.patch
- 0002-Last-bits-of-enabling-subuids.patch
- 0003-Dutch-translation-update.patch
- 0004-Updated-Czech-translation.patch
- 0005-Update-for-German-man-pages.patch
- 0006-French-manpage-translation.patch
- 0007-Fix-some-spelling-issues-in-the-Norwegian-translatio.patch
- 0008-su-properly-clear-child-PID.patch
- 1010_vietnamese_translation
- 301-Reset-pid_child-only-if-waitpid-was-successful.patch
 2017-08-10 18:36:48 -04:00
Salvatore Bonaccorso
d7f24f954e Import Debian changes 1:4.4-4.1 
shadow (1:4.4-4.1) unstable; urgency=high

  * Non-maintainer upload.
  * Reset pid_child only if waitpid was successful.
    This is a regression fix for CVE-2017-2616. If su receives a signal like
    SIGTERM, it is not propagated to the child. (Closes: #862806)
 2017-08-10 18:25:45 -04:00
Balint Reczey
f9176c3be3 Update changelog 2017-02-24 01:50:13 +01:00
Balint Reczey
bc6cd09194 su: properly clear child PID (CVE-2017-2616) 
Closes: #855943
 2017-02-24 01:50:09 +01:00
Balint Reczey
b8a7c3ac04 Update changelog 2017-01-25 16:43:47 +01:00