Update changelog for 1:4.13+dfsg1-5 release

Signed-off-by: Serge Hallyn <serge@hallyn.com>

debian/changelog

@@ -1,8 +1,15 @@
-shadow (1:4.13+dfsg1-4.1) unstable; urgency=medium
+shadow (1:4.13+dfsg1-5) unstable; urgency=medium
 
-  * Enhance the manpage for vipw (closes #1064940).
+  * Add myself to Uploaders, per discussion with Serge Hallyn
+  * Apply wrap-and-sort -kas style
+  * Use debputy to avoid Rules-Requires-Root: binary-targets
+  * libsubid4: tighten package-internal dependencies
 
- -- Toni Mueller <toni@debian.org>  Thu, 29 Feb 2024 16:37:32 +0000
+  [ Serge Hallyn ]
+  * Drop pam_lastlog.so from config. (Closes: #1068229)
+  * Stop installing lastlog binary.
+
+ -- Chris Hofstaedtler <zeha@debian.org>  Sun, 02 Jun 2024 20:01:51 +0200
 
 shadow (1:4.13+dfsg1-4) unstable; urgency=medium
 

debian/control

@@ -1,35 +1,39 @@
 Source: shadow
 Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
-Uploaders: Serge Hallyn <serge@hallyn.com>
+Uploaders:
+ Serge Hallyn <serge@hallyn.com>,
+ Chris Hofstaedtler <zeha@debian.org>
 Section: admin
 Priority: required
-Build-Depends: debhelper-compat (= 13),
-               gettext,
-               libcrypt-dev,
-               libpam0g-dev,
-               quilt,
-               xsltproc <!nodoc>,
-               docbook-xsl <!nodoc>,
-               docbook-xml <!nodoc>,
-               libxml2-utils <!nodoc>,
-               libselinux1-dev [linux-any],
-               libsemanage-dev [linux-any],
-               itstool <!nodoc>,
-               bison,
-               libaudit-dev [linux-any]
+Build-Depends:
+ bison,
+ debhelper-compat (= 13),
+ dh-sequence-zz-debputy-rrr (>= 0.1.23~),
+ docbook-xml <!nodoc>,
+ docbook-xsl <!nodoc>,
+ gettext,
+ itstool <!nodoc>,
+ libaudit-dev [linux-any],
+ libcrypt-dev,
+ libpam0g-dev,
+ libselinux1-dev [linux-any],
+ libsemanage-dev [linux-any],
+ libxml2-utils <!nodoc>,
+ quilt,
+ xsltproc <!nodoc>
 Standards-Version: 4.6.1
 Vcs-Git: https://salsa.debian.org/debian/shadow.git -b master
 Vcs-Browser: https://salsa.debian.org/debian/shadow
 Homepage: https://github.com/shadow-maint/shadow
-Rules-Requires-Root: binary-targets
+Rules-Requires-Root: no
 
 Package: passwd
 Architecture: any
 Multi-Arch: foreign
-Depends: ${shlibs:Depends},
-         ${misc:Depends},
-         libpam-modules
-Recommends: sensible-utils
+Depends:
+ libpam-modules
+Recommends:
+ sensible-utils
 Description: change and administer password and group data
  This package includes passwd, chsh, chfn, and many other programs to
  maintain password and group data.
@@ -40,13 +44,15 @@ Package: login
 Architecture: any
 Multi-Arch: foreign
 Essential: yes
-Pre-Depends: ${shlibs:Depends},
-             ${misc:Depends},
-             libpam-runtime,
-             libpam-modules
-Breaks: hurd (<< 20140206~) [hurd-any]
-Conflicts: python-4suite (<< 0.99cvs20060405-1)
-Replaces: hurd (<< 20140206~) [hurd-any]
+Pre-Depends:
+ libpam-modules,
+ libpam-runtime
+Breaks:
+ hurd (<< 20140206~) [hurd-any]
+Conflicts:
+ python-4suite (<< 0.99cvs20060405-1)
+Replaces:
+ hurd (<< 20140206~) [hurd-any]
 Description: system login tools
  This package provides some required infrastructure for logins and for
  changing effective user or group IDs, including:
@@ -57,8 +63,6 @@ Package: uidmap
 Architecture: any
 Multi-Arch: foreign
 Priority: optional
-Depends: ${shlibs:Depends},
-         ${misc:Depends}
 Description: programs to help use subuids
  These programs help unprivileged users to create uid and gid mappings in
  user namespaces.
@@ -68,8 +72,6 @@ Section: libs
 Priority: optional
 Architecture: any
 Multi-Arch: same
-Pre-Depends: ${misc:Pre-Depends}
-Depends: ${shlibs:Depends}, ${misc:Depends}
 Description: subordinate id handling library -- shared library
  The library provides an interface for querying, granding and ungranting
  subordinate user and group ids.
@@ -79,7 +81,8 @@ Section: libdevel
 Priority: optional
 Architecture: any
 Multi-Arch: same
-Depends: ${misc:Depends}, libsubid4 (= ${binary:Version})
+Depends:
+ libsubid4 (= ${binary:Version})
 Description: subordinate id handling library -- shared library
  The library provides an interface for querying, granding and ungranting
  subordinate user and group ids.

debian/debputy.manifest

@@ -0,0 +1,37 @@
+manifest-version: '0.1'
+packages:
+  passwd:
+    transformations:
+    - path-metadata:
+        path: usr/bin/chfn
+        mode: "u=rwxs,go=rx"
+    - path-metadata:
+        path: usr/bin/chsh
+        mode: "u=rwxs,go=rx"
+    - path-metadata:
+        path: usr/bin/gpasswd
+        mode: "u=rwxs,go=rx"
+    - path-metadata:
+        path: usr/bin/passwd
+        mode: "u=rwxs,go=rx"
+    - path-metadata:
+        path: usr/bin/chage
+        group: "shadow"
+        mode: "u=rwx,go=rxs"
+    - path-metadata:
+        path: usr/bin/expiry
+        group: "shadow"
+        mode: "u=rwx,go=rxs"
+  login:
+    transformations:
+    - path-metadata:
+        path: usr/bin/newgrp
+        mode: "u=rwxs,go=rx"
+  uidmap:
+    transformations:
+    - path-metadata:
+        path: usr/bin/newgidmap
+        mode: "u=rwxs,go=rx"
+    - path-metadata:
+        path: usr/bin/newuidmap
+        mode: "u=rwxs,go=rx"

debian/login.install

@@ -1,7 +1,6 @@
+bin/login usr/bin
 debian/login.defs etc
-usr/share/locale/*/LC_MESSAGES/shadow.mo
 sbin/nologin usr/sbin
 usr/bin/faillog
-usr/bin/lastlog
 usr/bin/newgrp
-bin/login usr/bin
+usr/share/locale/*/LC_MESSAGES/shadow.mo

debian/login.manpages

@@ -4,7 +4,6 @@ usr/share/man/*/man1/sg.1
 usr/share/man/*/man5/faillog.5
 usr/share/man/*/man5/login.defs.5
 usr/share/man/*/man8/faillog.8
-usr/share/man/*/man8/lastlog.8
 usr/share/man/*/man8/nologin.8
 usr/share/man/man1/login.1
 usr/share/man/man1/newgrp.1
@@ -12,5 +11,4 @@ usr/share/man/man1/sg.1
 usr/share/man/man5/faillog.5
 usr/share/man/man5/login.defs.5
 usr/share/man/man8/faillog.8
-usr/share/man/man8/lastlog.8
 usr/share/man/man8/nologin.8

debian/login.pam

@@ -77,10 +77,6 @@ auth       optional   pam_group.so
 # (Replaces the use of /etc/limits in old login)
 session    required   pam_limits.so
 
-# Prints the last login info upon successful login
-# (Replaces the `LASTLOG_ENAB' option from login.defs)
-session    optional   pam_lastlog.so
-
 # Prints the status of the user's mailbox upon successful login
 # (Replaces the `MAIL_CHECK_ENAB' option from login.defs). 
 #

debian/not-installed

@@ -15,6 +15,7 @@ etc/pam.d/passwd
 etc/pam.d/useradd
 etc/pam.d/userdel
 etc/pam.d/usermod
+usr/bin/lastlog
 usr/bin/sg
 usr/lib/*/libsubid.la
 usr/sbin/logoutd
@@ -25,6 +26,7 @@ usr/share/man/*/man1/su.1
 usr/share/man/*/man3/getspnam.3
 usr/share/man/*/man3/shadow.3
 usr/share/man/*/man5/suauth.5
+usr/share/man/*/man8/lastlog.8
 usr/share/man/*/man8/logoutd.8
 usr/share/man/man1/groups.1
 usr/share/man/man1/logoutd.1
@@ -32,5 +34,6 @@ usr/share/man/man1/su.1
 usr/share/man/man3/getspnam.3
 usr/share/man/man3/shadow.3
 usr/share/man/man5/suauth.5
+usr/share/man/man8/lastlog.8
 usr/share/man/man8/logoutd.8
 

debian/passwd.dirs

@@ -1,2 +1,2 @@
-usr/share/lintian/overrides
 etc/default
+usr/share/lintian/overrides

debian/passwd.install

@@ -6,13 +6,13 @@ usr/bin/chsh
 usr/bin/expiry
 usr/bin/gpasswd
 usr/bin/passwd
-usr/sbin/chpasswd
 usr/sbin/chgpasswd
+usr/sbin/chpasswd
 usr/sbin/cppw
 usr/sbin/groupadd
 usr/sbin/groupdel
-usr/sbin/groupmod
 usr/sbin/groupmems
+usr/sbin/groupmod
 usr/sbin/grpck
 usr/sbin/grpconv
 usr/sbin/grpunconv

debian/passwd.links

@@ -1,2 +1,2 @@
-usr/sbin/vipw usr/sbin/vigr
 usr/sbin/cppw usr/sbin/cpgr
+usr/sbin/vipw usr/sbin/vigr

debian/passwd.manpages

@@ -6,17 +6,17 @@ usr/share/man/*/man1/chsh.1
 usr/share/man/*/man1/expiry.1
 usr/share/man/*/man1/gpasswd.1
 usr/share/man/*/man1/passwd.1
+usr/share/man/*/man5/gshadow.5
 usr/share/man/*/man5/passwd.5
+usr/share/man/*/man5/shadow.5
 usr/share/man/*/man5/subgid.5
 usr/share/man/*/man5/subuid.5
-usr/share/man/*/man5/shadow.5
-usr/share/man/*/man5/gshadow.5
-usr/share/man/*/man8/chpasswd.8
 usr/share/man/*/man8/chgpasswd.8
+usr/share/man/*/man8/chpasswd.8
 usr/share/man/*/man8/groupadd.8
 usr/share/man/*/man8/groupdel.8
-usr/share/man/*/man8/groupmod.8
 usr/share/man/*/man8/groupmems.8
+usr/share/man/*/man8/groupmod.8
 usr/share/man/*/man8/grpck.8
 usr/share/man/*/man8/grpconv.8
 usr/share/man/*/man8/grpunconv.8
@@ -35,11 +35,11 @@ usr/share/man/man1/chsh.1
 usr/share/man/man1/expiry.1
 usr/share/man/man1/gpasswd.1
 usr/share/man/man1/passwd.1
+usr/share/man/man5/gshadow.5
 usr/share/man/man5/passwd.5
 usr/share/man/man5/shadow.5
-usr/share/man/man5/gshadow.5
-usr/share/man/man5/subuid.5
 usr/share/man/man5/subgid.5
+usr/share/man/man5/subuid.5
 usr/share/man/man8/chgpasswd.8
 usr/share/man/man8/chpasswd.8
 usr/share/man/man8/groupadd.8

debian/rules

@@ -55,25 +55,6 @@ override_dh_installpam:
 	dh_installpam -p passwd --name=chpasswd
 	dh_installpam -p passwd --name=newusers
 
-override_dh_builddeb-arch:
-	# uidmap
-	chmod u+s debian/uidmap/usr/bin/newuidmap
-	chmod u+s debian/uidmap/usr/bin/newgidmap
-	# login
-	# No real need for login to be setuid root
-	# chmod u+s debian/login/bin/login
-	chmod u+s debian/login/usr/bin/newgrp
-	# passwd
-	chmod u+s debian/passwd/usr/bin/chfn
-	chmod u+s debian/passwd/usr/bin/chsh
-	chmod u+s debian/passwd/usr/bin/gpasswd
-	chmod u+s debian/passwd/usr/bin/passwd
-	chgrp shadow debian/passwd/usr/bin/chage
-	chgrp shadow debian/passwd/usr/bin/expiry
-	chmod g+s debian/passwd/usr/bin/chage
-	chmod g+s debian/passwd/usr/bin/expiry
-	dh_builddeb -a
-
 override_dh_auto_clean:
 	sed -i 's/# Linux only # //' debian/login.pam
 	dh_auto_clean

debian/shlibs.local

@@ -0,0 +1 @@
+deb: libsubid 4 libsubid4 (= ${binary:Version})

debian/uidmap.install

@@ -1,3 +1,3 @@
 bin/getsubids usr/bin
-usr/bin/newuidmap
 usr/bin/newgidmap
+usr/bin/newuidmap

man/vipw.8.xml

@@ -73,20 +73,10 @@
       the appropriate locks to prevent file corruption. When looking for an
       editor, the programs will first try the environment variable
       <envar>$VISUAL</envar>, then the environment variable
-      <envar>$EDITOR</envar>, then the editor from
-      <filename>~/.selected_editor</filename>, and finally
-      <command>nano</command>.
+      <envar>$EDITOR</envar>, and finally the default editor,
       <citerefentry><refentrytitle>vi</refentrytitle>
       <manvolnum>1</manvolnum></citerefentry>.
     </para>
-    <para>
-        On the first run, if the environment variables <envar>$VISUAL</envar>
-        and <envar>$EDITOR</envar> are both unset, this program asks you for
-        an editor and stores your selection in
-        <filename>~/.selected_editor</filename>. If the editor mentioned
-        therein does not exist on your system, the program will fall back
-        to using <command>nano</command>.
-    </para>
   </refsect1>
 
   <refsect1 id='options'>
@@ -220,9 +210,6 @@
       <citerefentry>
 	<refentrytitle>gshadow</refentrytitle><manvolnum>5</manvolnum>
       </citerefentry>
-      <citerefentry>
-          <refentrytitle>~/.selected_editor</refentrytitle><manvolnum>5</manvolnum>
-      </citerefentry>
       <citerefentry condition="tcb">
 	<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
       </citerefentry>,