Compare commits
17 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 9698b06fef | |||
| 406dd68863 | |||
| 2ff04fd9b5 | |||
| 97a3bc0c43 | |||
| 485b374d09 | |||
| 25f0b936c0 | |||
| 776d4d23ac | |||
| 9f285306f3 | |||
| f569ea06ff | |||
| 50defcfa5d | |||
| 56c7502686 | |||
| 7c66acdd2e | |||
| 4806645316 | |||
| 05a41bc4d5 | |||
| 75eb241552 | |||
| d7ce68863e | |||
| 095f9d48ef |
Vendored
+8
@@ -1,3 +1,11 @@
|
||||
shadow (1:4.13+dfsg1-2) unstable; urgency=medium
|
||||
|
||||
The previous entry falsely states that PREVENT_NO_AUTH in /etc/login.defs
|
||||
affects authentication. The historical default of letting all users with
|
||||
empty password field in without authentication is still in effect.
|
||||
|
||||
-- Balint Reczey <balint@balintreczey.hu> Mon, 25 Sep 2023 17:04:09 +0200
|
||||
|
||||
shadow (1:4.11.1+dfsg1-0exp1) experimental; urgency=medium
|
||||
|
||||
Login now prevents an empty password field to be interpreted as
|
||||
|
||||
Vendored
+37
-9
@@ -1,16 +1,44 @@
|
||||
shadow (1:4.13+dfsg1-1+deb12u1) bookworm; urgency=medium
|
||||
shadow (1:4.13+dfsg1-4.1) unstable; urgency=medium
|
||||
|
||||
* Enhance the manpage for vipw (closes #1064940).
|
||||
|
||||
-- Toni Mueller <toni@debian.org> Thu, 29 Feb 2024 16:37:32 +0000
|
||||
|
||||
shadow (1:4.13+dfsg1-4) unstable; urgency=medium
|
||||
|
||||
[ Helmut Grohne ]
|
||||
* DEP17: Move login and shadowconfig to /usr. (Closes: #1059915)
|
||||
|
||||
-- Serge Hallyn <serge@hallyn.com> Sun, 04 Feb 2024 20:28:27 +0000
|
||||
|
||||
shadow (1:4.13+dfsg1-3) unstable; urgency=medium
|
||||
|
||||
* Team upload
|
||||
* Remove myself from uploaders
|
||||
|
||||
-- Balint Reczey <balint@balintreczey.hu> Sun, 15 Oct 2023 19:10:52 +0200
|
||||
|
||||
shadow (1:4.13+dfsg1-2) unstable; urgency=medium
|
||||
|
||||
[ Balint Reczey ]
|
||||
* Cherry-pick upstream patch to fix gpasswd passwd leak (Closes: #1051062)
|
||||
CVE-2023-4641
|
||||
* Cherry-pick upstream patch to fix chfn vulnerability (Closes: #1034482)
|
||||
CVE-2023-29383
|
||||
* Fix valid_field() that regressed in upstream's chfn fix
|
||||
* debian/gitlab-ci.yml: Use sudo to fix reprotest test
|
||||
* debian/login.pam: Drop reference to Debian Etch (Closes: #1040064)
|
||||
* debian/NEWS: Fix false claim about PREVENT_NO_AUTH affecting authentication.
|
||||
Also drop setting PREVENT_NO_AUTH in shipped login.defs. (Closes: #1041547)
|
||||
* Cherry-pick upstream patch to fix gpasswd passwd leak
|
||||
(CVE-2023-4641) (Closes: #1051062)
|
||||
* Cherry-pick upstream patch to fix chfn vulnerability allowing injection of
|
||||
control characters into some /etc/passwd fields.
|
||||
(CVE-2023-29383) (Closes: #1034482)
|
||||
|
||||
[ Chris Hofstaedtler ]
|
||||
* Update Uploaders: field from unstable
|
||||
[ Gioele Barabucci ]
|
||||
* Support <nodoc> build profile
|
||||
`xsltproc`, `docbook` and all other XML-related packages are not needed
|
||||
when the `<nodoc>` build profile is active, as long as `./configure` is
|
||||
called with `--disable-man`. (Closes: #1051827)
|
||||
|
||||
-- Chris Hofstaedtler <zeha@debian.org> Mon, 07 Apr 2025 12:38:46 +0200
|
||||
|
||||
-- Balint Reczey <balint@balintreczey.hu> Tue, 26 Sep 2023 22:01:52 +0200
|
||||
|
||||
shadow (1:4.13+dfsg1-1) unstable; urgency=medium
|
||||
|
||||
|
||||
Vendored
+6
-8
@@ -1,8 +1,6 @@
|
||||
Source: shadow
|
||||
Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
|
||||
Uploaders:
|
||||
Serge Hallyn <serge@hallyn.com>,
|
||||
Chris Hofstaedtler <zeha@debian.org>
|
||||
Uploaders: Serge Hallyn <serge@hallyn.com>
|
||||
Section: admin
|
||||
Priority: required
|
||||
Build-Depends: debhelper-compat (= 13),
|
||||
@@ -10,13 +8,13 @@ Build-Depends: debhelper-compat (= 13),
|
||||
libcrypt-dev,
|
||||
libpam0g-dev,
|
||||
quilt,
|
||||
xsltproc,
|
||||
docbook-xsl,
|
||||
docbook-xml,
|
||||
libxml2-utils,
|
||||
xsltproc <!nodoc>,
|
||||
docbook-xsl <!nodoc>,
|
||||
docbook-xml <!nodoc>,
|
||||
libxml2-utils <!nodoc>,
|
||||
libselinux1-dev [linux-any],
|
||||
libsemanage-dev [linux-any],
|
||||
itstool,
|
||||
itstool <!nodoc>,
|
||||
bison,
|
||||
libaudit-dev [linux-any]
|
||||
Standards-Version: 4.6.1
|
||||
|
||||
Vendored
+3
-1
@@ -1,5 +1,7 @@
|
||||
variables:
|
||||
RELEASE: 'unstable'
|
||||
RELEASE: 'unstable'
|
||||
# workaround for https://salsa.debian.org/salsa-ci-team/pipeline/-/issues/259
|
||||
SALSA_CI_REPROTEST_ARGS: --vary=domain_host.use_sudo=1
|
||||
include:
|
||||
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
|
||||
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
|
||||
|
||||
Vendored
-8
@@ -337,14 +337,6 @@ NONEXISTENT /nonexistent
|
||||
#
|
||||
#GRANT_AUX_GROUP_SUBIDS yes
|
||||
|
||||
#
|
||||
# Prevents an empty password field to be interpreted as "no authentication
|
||||
# required".
|
||||
# Set to "yes" to prevent for all accounts
|
||||
# Set to "superuser" to prevent for UID 0 / root (default)
|
||||
# Set to "no" to not prevent for any account (dangerous, historical default)
|
||||
PREVENT_NO_AUTH superuser
|
||||
|
||||
#
|
||||
# Select the HMAC cryptography algorithm.
|
||||
# Used in pam_timestamp module to calculate the keyed-hash message
|
||||
|
||||
Vendored
+1
-1
@@ -4,4 +4,4 @@ sbin/nologin usr/sbin
|
||||
usr/bin/faillog
|
||||
usr/bin/lastlog
|
||||
usr/bin/newgrp
|
||||
bin/login
|
||||
bin/login usr/bin
|
||||
|
||||
Vendored
+1
-1
@@ -49,7 +49,7 @@ session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux
|
||||
#
|
||||
# parsing /etc/environment needs "readenv=1"
|
||||
session required pam_env.so readenv=1
|
||||
# locale variables are also kept into /etc/default/locale in etch
|
||||
# locale variables can also be set in /etc/default/locale
|
||||
# reading this file *in addition to /etc/environment* does not hurt
|
||||
session required pam_env.so readenv=1 envfile=/etc/default/locale
|
||||
|
||||
|
||||
Vendored
+1
-1
@@ -1,5 +1,5 @@
|
||||
debian/default/useradd etc/default
|
||||
debian/shadowconfig sbin
|
||||
debian/shadowconfig usr/sbin
|
||||
usr/bin/chage
|
||||
usr/bin/chfn
|
||||
usr/bin/chsh
|
||||
|
||||
Vendored
+5
-1
@@ -21,6 +21,10 @@ DEB_CONFIGURE_EXTRA_FLAGS := --without-libcrack \
|
||||
--without-tcb \
|
||||
SHELL=/bin/sh
|
||||
|
||||
ifneq ($(filter nodoc,$(DEB_BUILD_PROFILES)),)
|
||||
DEB_CONFIGURE_EXTRA_FLAGS += --disable-man
|
||||
endif
|
||||
|
||||
# Set the default editor for vipw/vigr
|
||||
CFLAGS += -DDEFAULT_EDITOR="\"sensible-editor\""
|
||||
|
||||
@@ -38,7 +42,7 @@ endif
|
||||
dh_install -a
|
||||
ifeq ($(DEB_HOST_ARCH_OS),hurd)
|
||||
# /bin/login is provided by the hurd package.
|
||||
rm -f debian/login/bin/login
|
||||
rm -f debian/login/usr/bin/login
|
||||
endif
|
||||
|
||||
override_dh_installpam:
|
||||
|
||||
+14
-1
@@ -73,10 +73,20 @@
|
||||
the appropriate locks to prevent file corruption. When looking for an
|
||||
editor, the programs will first try the environment variable
|
||||
<envar>$VISUAL</envar>, then the environment variable
|
||||
<envar>$EDITOR</envar>, and finally the default editor,
|
||||
<envar>$EDITOR</envar>, then the editor from
|
||||
<filename>~/.selected_editor</filename>, and finally
|
||||
<command>nano</command>.
|
||||
<citerefentry><refentrytitle>vi</refentrytitle>
|
||||
<manvolnum>1</manvolnum></citerefentry>.
|
||||
</para>
|
||||
<para>
|
||||
On the first run, if the environment variables <envar>$VISUAL</envar>
|
||||
and <envar>$EDITOR</envar> are both unset, this program asks you for
|
||||
an editor and stores your selection in
|
||||
<filename>~/.selected_editor</filename>. If the editor mentioned
|
||||
therein does not exist on your system, the program will fall back
|
||||
to using <command>nano</command>.
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
<refsect1 id='options'>
|
||||
@@ -210,6 +220,9 @@
|
||||
<citerefentry>
|
||||
<refentrytitle>gshadow</refentrytitle><manvolnum>5</manvolnum>
|
||||
</citerefentry>
|
||||
<citerefentry>
|
||||
<refentrytitle>~/.selected_editor</refentrytitle><manvolnum>5</manvolnum>
|
||||
</citerefentry>
|
||||
<citerefentry condition="tcb">
|
||||
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
|
||||
</citerefentry>,
|
||||
|
||||
Reference in New Issue
Block a user