From 0c04b92a9afe5e09a20307d8a5ec98d97ed00f47 Mon Sep 17 00:00:00 2001 From: Balint Reczey Date: Fri, 21 Jan 2022 23:41:15 +0100 Subject: New upstream version 4.11.1+dfsg1 --- ChangeLog | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 75 insertions(+), 15 deletions(-) (limited to 'ChangeLog') diff --git a/ChangeLog b/ChangeLog index 5f42a2b3..c6cc8f60 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,63 @@ +2022-01-02 Serge Hallyn + + * build: include lib/shadowlog_internal.h in dist tarballs (Sam James) + +2022-01-02 Serge Hallyn + + * Handle possible TOCTTOU issues in usermod/userdel (edneville) + * (CVE-2013-4235) + * Use O_NOFOLLOW when copying file + * Kill all user tasks in userdel + * Fix useradd -D segfault (Xi Ruoyao) + * Clean up obsolete libc feature-check ifdefs (Alejandro Colomar) + * Fix -fno-common build breaks due to duplicate Prog declarations + (Adam Sampson) + * Have single date_to_str definition (Alejandro Colomar) + * Fix libsubid SONAME version (Sam James) + +2021-12-19 Serge Hallyn + + Note: From this release forward, su from this package should be + considered deprecated. Please replace any users of it with su from + util-linux. Please open an issue if there is a problem with that. + We intend to remove it in an upcoming release. + + * libsubid fixes (Xi Ruoyao, Serge Hallyn, Iker Pedrosa, Mike Gilbert, + GalaxyMaster, and Luís Ferreira) + * Rename the test program list_subid_ranges to getsubids, write + a manpage, so distros can ship it. (Iker Pedrosa) + * Add libeconf dep for new*idmap (Iker Pedrosa) + * Allow all group types with usermod -G (Iker Pedrosa) + * Avoid useradd generating empty subid range (Iker Pedrosa) + * Handle NULL pw_passwd (Jaroslav Jindrak) + * Fix default value SHA_get_salt_rounds (Mike Gilbert) + * Use https where possible in README (Paul Menzel) + * Update content and format of README (Iker Pedrosa) + * Translation updates (Balint Reczey, Frans Spiesschaert) + * Switch from xml2po to itstool in 'make dist' (Serge Hallyn) + * Fix double frees (Michael Vetter) + * Add LOG_INIT configurable to useradd (Andy Zaugg) + * Add CREATE_MAIL_SPOOL documentation (Andy Zaugg) + * Create a security.md + * Fix su never being SIGKILLd when trapping TERM (Ruihan li) + * Fix wrong SELinux labels in several possible cases (Iker Pedrosa) + * Fix missing chmod in chadowtb_move (GalaxyMaster) + * Handle malformed hushlogins entries (Tobias Stoeckmann) + * Fix groupdel segv when passwd does not exist (François Rigault) + * Fix covscan-found newgrp segfault (Iker Pedrosa) + * Remove trailing slash on hoedir (Ed Neville) + * Fix passwd -l message - it does not change expirey (Ed Neville) + * Fix SIGCHLD handling bugs in su and vipw (Tobias Stoeckmann) + * Remove special case for "" in usermod (Alejandro Colomar) + * Implement usermod -rG to remove a specific group + (Andy Zaugg) + * call pam_end() after fork in child path for su and login + (Björn Fischer) + * useradd: In absence of /etc/passwd, assume 0 == root + (Ludwig Nussel) + * lib: check NULL before freeing data (Iker Pedrosa) + * Fix pwck segfault (Iker Pedrosa) + 2021-07-22 Serge Hallyn * Updated translations (Björn Esser, Juergen Hoetzel) @@ -285,7 +345,7 @@ 2013-08-15 Nicolas François * src/usermod.c: Check early if /etc/subuid (/etc/subgid) exists - when option -v/-V (-w/-W) are provided. + when option -v/-V (-w/-W) are provided. 2013-08-15 Nicolas François @@ -662,8 +722,8 @@ * configure.in: Prepare for next point release 4.2. * if using the static char* for pw_dir, strdup it so - pw_free() can be used. (Closes: Debian#691459, alioth#313957) - * Kill the child process group, rather than just the + pw_free() can be used. (Closes: Debian#691459, alioth#313957) + * Kill the child process group, rather than just the immediate child; this is needed now that su no longer starts a controlling terminal when not running an interactive shell (closes: Debian#713979) @@ -890,7 +950,7 @@ * po/pt.po: Updated to 557t. -2012-01-19 Holger Wansing +2012-01-19 Holger Wansing * po/de.po: Updated to 557t. @@ -1477,8 +1537,8 @@ * NEWS, src/chpasswd.c: Create a shadow entry if the password is set to 'x' in passwd and there are no entry in shadow for the user. - * NEWS, src/chgpasswd.c: Create a gshadow entry if the password is - set to 'x' in group and there are no entry in gshadow for the + * NEWS, src/chgpasswd.c: Create a gshadow entry if the password is + set to 'x' in group and there are no entry in gshadow for the group. 2011-07-28 Nicolas François @@ -1550,7 +1610,7 @@ 2011-07-22 Nicolas François * libmisc/find_new_gid.c, libmisc/find_new_uid.c: Fail in case of - invalid configuration. + invalid configuration. * libmisc/find_new_gid.c, libmisc/find_new_uid.c: Updated comments. * libmisc/find_new_gid.c, libmisc/find_new_uid.c: Be more strict @@ -1787,7 +1847,7 @@ man/login.defs.d/DEFAULT_HOME.xml, man/login.defs.d/LOGIN_RETRIES.xml, man/login.defs.d/MD5_CRYPT_ENAB.xml, - man/login.defs.d/PORTTIME_CHECKS_ENAB.xml, + man/login.defs.d/PORTTIME_CHECKS_ENAB.xml, man/login.defs.d/SHA_CRYPT_MIN_ROUNDS.xml: Fix typos * man/po/de.po: German translation of manpages completed @@ -1834,7 +1894,7 @@ 2011-03-30 YunQiang Su - * man/po/zh_CN.po: convert Simplified Chinese translation + * man/po/zh_CN.po: convert Simplified Chinese translation of manpages to gettext * po/zh_CN.po: Simplified Chinese translation completed @@ -1973,7 +2033,7 @@ boolean. safe_system last argument is a boolean. * libmisc/system.c: Check return value of dup2. * libmisc/system.c: Do not check *printf/*puts return value. - * libmisc/system.c: Do not check execve return value. + * libmisc/system.c: Do not check execve return value. * libmisc/salt.c: Do not check *printf/*puts return value. * libmisc/loginprompt.c: Do not check gethostname return value. * libmisc/find_new_gid.c, libmisc/find_new_uid.c: Do not check @@ -2126,7 +2186,7 @@ 2010-04-04 Nicolas François * src/useradd.c: spool is a constant string. - * src/useradd.c: Set the new copy_tree's paramater 'copy_root' to false + * src/useradd.c: Set the new copy_tree's paramater 'copy_root' to false 2010-04-04 Nicolas François @@ -4975,7 +5035,7 @@ * src/groupadd.c: Log to audit with type AUDIT_ADD_GROUP instead of AUDIT_USER_CHAUTHTOK. - * src/groupdel.c: Log to audit with type AUDIT_DEL_GROUP instead + * src/groupdel.c: Log to audit with type AUDIT_DEL_GROUP instead of AUDIT_USER_CHAUTHTOK. * src/useradd.c: Log to audit with type AUDIT_ADD_USER / AUDIT_ADD_GROUP / AUDIT_USYS_CONFIG instead of @@ -5231,7 +5291,7 @@ * NEWS, src/gpasswd.c: Use getopt_long instead of getopt. Added support for long options --add (-a), --delete (-d), --remove-password (-r), --restrict (-R), --administrators (-A), - and --members (-M) + and --members (-M) * man/gpasswd.1.xml: Document the new long options. * src/gpasswd.c: The sgrp structure is only used if SHADOWGRP is defined. @@ -7420,7 +7480,7 @@ to mimic useradd's behavior choices of UID and GID. * src/newusers.c: Reuse the generic find_new_uid() and find_new_gid() functions. This permits to respect the - UID_MIN/UID_MAX and GID_MIN/GID_MAX variables, should + UID_MIN/UID_MAX and GID_MIN/GID_MAX variables, should * src/newusers.c: Check if the user or group exist using the external databases (with the libc getpwnam/getgrnam functions). Refuse to update an user which exist in an external database but @@ -9217,7 +9277,7 @@ Debian's patch 202_it_man_uses_gettext. Thanks to Giuseppe Sacco who contributed the Italian translation. * man/de/de.po: (nearly) complete German translation of man pages - Imported from Debian's patch 203_de-man-update. Thanks to + Imported from Debian's patch 203_de-man-update. Thanks to Simon Brandmair * src/usermod.c: Clarify the online help of usermod for "-a" Imported from Debian's patch 402-clarify_usermod_usage -- cgit v1.2.1