From db1dc7288b64873f4f39e8404fd99c1bf55c7a8b Mon Sep 17 00:00:00 2001 From: Christian Perrier Date: Sat, 27 Jul 2013 18:42:08 +0200 Subject: Imported Upstream version 4.1.5.1 --- NEWS | 2134 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 2134 insertions(+) create mode 100644 NEWS (limited to 'NEWS') diff --git a/NEWS b/NEWS new file mode 100644 index 00000000..a42ac422 --- /dev/null +++ b/NEWS @@ -0,0 +1,2134 @@ +$Id: NEWS 3743 2012-05-25 11:51:53Z nekral-guest $ + +shadow-4.1.5 -> shadow-4.1.5.1 2012-05-25 + +- login + * Log into utmp(x) when PAM is enabled, but do not log into wtmp. + This complete pam_lastlog which logs into wtmp and in into utmp(x). +- su + * non PAM enabled versions: do not fail if su is called without a + controlling terminal. +- userdel + * Fix segfault when userdel removes the user's group. + +*** documentation + * .so links now point to paths relative to the top-level manual hierarchy + +*** translation + * Updated French man pages translation. + * Updated German man pages translation. + * Updated Polish man pages translation. (logoutd.8) + +shadow-4.1.4.3 -> shadow-4.1.5 2012-02-12 + +*** security + * su -c could be abused by the executed command to invoke commands with + the caller privileges. See below. (CVE-2005-4890) + +*** general + * report usage error to stderr, but report usage help to stdout (and return + zero) when explicitly requested (e.g. with --help). + * initial support for tcb (http://openwall.com/tcb/) for useradd, + userdel, usermod, chage, pwck, vipw. + * Added support for ACLs and Extended Attributes in useradd and usermod. + Support shall be enabled with the new --with-acl or --with-attr + configure options. + * Added diagnosis for lock failures. + * use libsemanage instead of the semanage tool. + +- chage + * Add --root option. +- chfn + * Add --root option. +- chgpasswd + * When the gshadow file exists but there are no gshadow entries, an entry + is created if the password is changed and group requires a + shadow entry. + * Add --root option. +- chpasswd + * PAM enabled versions: restore the -e option to allow restoring + passwords without knowing those passwords. Restore together the -m + and -c options. (These options were removed in shadow-4.1.4 on PAM + enabled versions) + * When the shadow file exists but there are no shadow entries, an entry + is created if the password is changed and passwd requires a + shadow entry. + * Add --root option. +- chsh + * Add --root option. +- faillog + * The -l, -m, -r, -t options only act on the existing users, unless -a is + specified. + * Add --root option. +- gpasswd + * Add --root option. +- groupadd + * Add --root option. +- groupdel + * Add --root option. +- groupmems + * Fix parsing of gshadow entries. + * Add --root option. +- groupmod + * Fixed groupmod when configured with --enable-account-tools-setuid. + * When the gshadow file exists but there are no gshadow entries, an entry + is created if the password is changed and group requires a + shadow entry. + * Add --root option. +- grpck + * Add --root option. + * NIS entries were dropped by -s (sort). +- grpconv + * Add --root option. +- grpunconv + * Add --root option. +- lastlog + * Add --root option. +- login + * Fixed limits support (non PAM enabled versions only) + * Added support for infinite limits and group based limits (non PAM + enabled versions only) + * Fixed infinite loop when CONSOLE is configured with a colon-separated + list of TTYs. + * Fixed warning and support for CONSOLE_GROUPS for users member of more + than 16 groups. + * Do not log into utmp(x) or wtmp when PAM is enabled. This is done by + pam_lastlog. +- newgrp, sg + * Fix parsing of gshadow entries. +- newusers + * Add --root option. +- passwd + * Add --root option. +- pwpck + * NIS entries were dropped by -s (sort). + * Add --root option. +- pwconv + * Add --root option. +- pwunconv + * Add --root option. +- useradd + * If the skeleton directory contained hardlinked files, copies of the + hardlink were removed from the skeleton directory. + * Add --root option. +- userdel + * Check the existence of the user's mail spool before trying to remove + it. If it does not exist, a warning is issued, but no failure. + * Do not remove a group with the same name as the user (usergroup) if + this group isn't the user's primary group. + * Add --root option. + * Add --selinux-user option. +- usermod + * Accept options in any order (username not necessarily at the end) + * When the shadow file exists but there are no shadow entries, an entry + is created if the password is changed and passwd requires a + shadow entry, or if aging features are used (-e or -f). + * Add --root option. +- su + * Document the su exit values. + * When su receives a signal, wait for the child to terminate (after + sending a SIGTERM), and kill it only if it did not terminate by itself. + No delay will be enforced if the child cooperates. + * Default ENV_SUPATH is /sbin:/bin:/usr/sbin:/usr/bin + * Fixed infinite loop when CONSOLE is configured with a colon-separated + list of TTYs. + * Fixed warning and support for CONSOLE_GROUPS for users member of more + than 16 groups. + * Do not forward the controlling terminal to commands executed with -c. + This prevents tty hijacking which could lead to execution with the + caller's privileges. + * Close PAM sessions as root. This will be more friendly to PAM modules + like pam_mount or pam_systemd. + * Added support for PAM modules which change PAM_USER. + +*** translation + * Updated Brazilian Portuguese translation. + * Updated Catalan translation. + * Updated Czech translation. + * Updated Danish translation. + * New Danish man pages translation. + * Updated French translation. + * Updated French man pages translation. + * Updated German translation. + * Updated German man pages translation. + * Updated Greek translation. + * Updated Italian man pages translation. + * Updated Japanese translation. + * Updated Kazakh translation. + * Updated Norwegian Bokmål translation. + * Updated Portuguese translation. + * Updated Russian translation. + * Updated Simplified Chinese translation. + * Updated Simplified Chinese man pages translation. + * Updated Swedish translation. + * Updated Vietnamese translation. + +shadow-4.1.4.2 -> shadow-4.1.4.3 2011-02-15 + +*** security +- CVE-2011-0721: An insufficient input sanitation in chfn can be exploited + to create users or groups in a NIS environment. + +shadow-4.1.4.1 -> shadow-4.1.4.2 2009-07-24 + +- general + * Improved support for large groups (impacts most user/group management + tools). + +- addition of system users or groups + * Speed improvement. This should be noticeable in case of LDAP configured + systems. This should impact useradd, groupadd, and newusers + * Since system accounts are allocated from SYS_?ID_MIN to SYS_?ID_MAX in + reverse order, accounts are packed close to SYS_?ID_MAX if SYS_?ID_MIN + is already used but there are still dome gaps. + +- login + * Add support for shells being a shell script without a shebang. +- su + * Preserve the DISPLAY and XAUTHORITY environment variables. This was + only the case in the non PAM enabled versions. + * Add support for shells being a shell script without a shebang. + +*** translation + * The Finnish translation of passwd(1) was outdated and is no more + distributed. + +shadow-4.1.4 -> shadow-4.1.4.1 2009-05-22 + +- login + * Fix failures with empty usernames on non PAM versions. + * Fix CONSOLE (securetty) support on non PAM versions. +- newgrp + * Return the exit status of the child. +- userdel + * On Linux, do not check if an user is logged in with utmp, but check if + the user is running some processes. + * If not on Linux, continue to search for an utmp record, but make sure + the process recorded in the utmp entry is still running. + * Report failures to remove the user's mailbox + * When USERGROUPS_ENAB is enabled, remove the user's group when the + user was the only member. + * Do not fail when -r is used and the home directory does not exist. +- usermod + * Check if the user is busy when the user's UID, name or home directory + is changed. + +shadow-4.1.3.1 -> shadow-4.1.4 2009-05-10 + +- packaging + * Enable --enable-account-tools-setuid by default for PAM builds. + * Add configure option --enable-utmpx, disabled by default to mimic + the previous behavior on Linux (where utmp and utmpx are identical). + * Fix build failure on non-PAM systems when --without-pam is not + specified. + +- chpasswd + * Change the passwords using PAM. This permits to define the password + policy in a central place. The -c/--crypt-method, -e/--encrypted, + -m/--md5 and -s/--sha-rounds options are no more supported on PAM + enabled systems. +- grpck + * Warn if a group has an entry in group and gshadow, and the password + field in group is not 'x'. +- login + * Do not trust the current utmp entry's ut_line to set PAM_TTY. This could + lead to DOS attacks. + * (PAM) Even if the user was already authenticated (-f flag), ask the + user to update his authentication token if needed. +- lastlog + * Fix regression causing empty reports. +- newusers + * Change the passwords using PAM. This permits to define the password + policy in a central place. The -c/--crypt-method and -s/--sha-rounds + options are no more supported on PAM enabled systems. +- pwck + * Warn if an user has an entry in passwd and shadow, and the password + field in passwd is not 'x'. + +*** translation + - Updated Czech translation + - Updated French translation + - Updated German translation + - Updated Japanese translation + - Updated Korean translation + - Updated Portuguese translation + - Updated Russian translation + +shadow-4.1.3 -> shadow-4.1.3.1 2009-04-15 + +*** security: +- Due to bad parsing of octal permissions, the permissions on tty (login) + but also UMASK were set wrongly (and weirdly). Only shadow-4.1.3 was + affected. + +*** general +- login + * Fix regression when no user is specified on the command line. +- userdel + * Fixed SE Linux support +- vipw + * SE Linux: Set the default context to the context of the file being + edited. This ensures that the backup file inherit from the file's + context. + +*** translation + - Updated Norwegian Bokmål translation + +shadow-4.1.2.2 -> shadow-4.1.3 2009-04-12 + +*** general: +- packaging + * Fixed support for OpenPAM. + * Fixed support for uclibc. + * Added configure --enable-account-tools-setuid (default) / + --disable-account-tools-setuid options. This permits to disable the + PAM authentication of the caller for chage, chgpasswd, chpasswd, + groupadd, groupdel, groupmod, newusers, useradd, userdel, and usermod. + This authentication is not necessary when these tools are not + installed setuid root. + * Added configure --with-group-name-max-length (default) / + --without-group-name-max-length options. This permits to configure the maximum length allowed for group names: + -> default of 16 (like today) + --with-group-name-max-length -> default of 16 + --without-group-name-max-length -> no max length + --with-group-name-max-length=n > max is set to n + No sanity checking is performed on n so people could do + something neat like --with-group-name-max-length=MAX_INT +- addition of users or groups + * Speed improvement in case UID_MAX/SYS_UID_MAX/GID_MAX/SYS_GID_MAX is + used for an user/group. This should be noticeable in case of LDAP + configured systems. This should impact useradd, groupadd, and newusers +- error handling improvement + * Make sure errors and incomplete changes are reported to syslog and + audit in case of unexpected failures. + * Report system inconsistencies to syslog and audit. + * Only report success to syslog and audit if the changes are really + performed in the system databases. + This is still not complete. +- /etc/login.defs + * New CREATE_HOME variable to tell useradd to create a home directory by + default. +- Translations + * New Kazakh translation. + * Spanish manpages are no more distributed. They are outdated. Please + contact pkg-shadow-devel@lists.alioth.debian.org if you wish to + provide updates. + +- faillog + * Accept users specified as a numerical UID, or ranges of users (-user, + user-, user1-user2). + * -l, -m, and -r now apply not only to existing users, but to all the + specified UIDs. + * Options can be specified in any order. +- gpasswd + * Added support for long options --add (-a), --delete (-d), + --remove-password (-r), --restrict (-R), --administrators (-A), and + --members (-M). + * Added support for usernames with arbitrary length. + * audit logging improvements. + * error handling improvement (see above). + * Log permission denied to syslog and audit. +- groupadd + * audit logging improvements. + * error handling improvement (see above). + * Speedup (see "addition of users or groups" above). + * do not create groups with GID set to (gid_t)-1. + * Allocate system group GIDs in reverse order. This could be useful + later to increase the static IDs range. +- groupdel + * audit logging improvements. + * error handling improvement (see above). +- groupmems + * Check if user exist before they are added to groups. + * Avoid segfault in case the specified group does not exist in /etc/group. + * Everybody is allowed to list the users of a group. + * /etc/group is open readonly when one just wants to list the users of a + group. + * Added syslog support. + * Use the groupmems PAM service name instead of groupmod. + * Fix segmentation faults when adding or removing users from a group. + * Added support for shadow groups. + * Added support long options --add (-a), --delete (-d), --purge (-p), + --list (-l), --group (-g). +- groupmod + * audit logging improvements. + * error handling improvement (see above). + * do not create groups with GID set to (gid_t)-1. +- grpck + * warn for groups with GID set to (gid_t)-1. +- login + * Restore the echoctl, echoke, onclr flags to the terminal termio flags. + Reset echoprt, noflsh, tostop. This behavior seems to have change by + mistake in earlier releases (4.0.8, for no obvious reason). +- newusers + * Implement the -r, --system option. + * Speedup (see "addition of users or groups" above). + * do not create users with UID set to (gid_t)-1. + * do not create groups with GID set to (gid_t)-1. + * Allocate system account UIDs/GIDs in reverse order. This could be useful + later to increase the static IDs range. +- passwd + * For compatibility with other passwd version, the --lock an --unlock + options do not lock or unlock the user account anymore. They only + lock or unlock the user's password. +- pwck + * warn for users with UID set to (uid_t)-1. +- su + * Preserve COLORTERM in addition to TERM when su is called with the -l + option. +- useradd + * audit logging improvements. + * Speedup (see "addition of users or groups" above). + * See CREATE_HOME above. + * New -M/--no-create-home option to disable CREATE_HOME. + * do not create users with UID set to (gid_t)-1. + * Added -Z option to map SELinux user for user's login. + * Allocate system user UIDs in reverse order. This could be useful + later to increase the static IDs range. +- userdel + * audit logging improvements. + * Do not fail if the removed user is not in the shadow database. + * When the user's group shall be removed, do not fail if this group is + not in the gshadow file. + * Delete the SELinux user mapping for user's login. +- usermod + * Allow adding LDAP users (or any user not present in the local passwd + file) to local groups + * do not create users with UID set to (gid_t)-1. + * Added -Z option to map SELinux user for user's login. + +shadow-4.1.2.1 -> shadow-4.1.2.2 23-11-2008 + +*** security +- Fix a race condition in login that could lead to gaining ownership or + changing mode of arbitrary files. +- Fix a possible login DOS, which could be caused by injecting forged + entries in utmp. + +shadow-4.1.2 -> shadow-4.1.2.1 26-06-2008 + +*** security +- Fix an "audit log injection" vulnerability in login. + This vulnerability makes it easier for attackers to hide activities by + modifying portions of log events, e.g. by appending an addr= statement + to the login name. + +shadow-4.1.1 -> shadow-4.1.2 25-05-2008 + +*** security: +- generation of SHA encrypted passwords (chpasswd, gpasswd, newusers, + chgpasswd; and also passwd if configured without PAM support). + The number of rounds and number of salt bytes was fixed to their lower + allowed values (resp. configurable and 8), hence voiding some of the + advantages of this encryption method. Dictionary attacks with + precomputed tables were easier than expected, but still harder than with + the MD5 (or DES) methods. + +*** general: +- packaging + * Distribute the chfn, chsh, and userdel PAM configuration file. + * Fix the detection of the audit, pam, and selinux library and header + file; and fail if the feature is requested but not present on the + system. + * Fix build failure when configured with audit support. +- chfn + * Allow non-US-ASCII characters in the GECOS fields ("name", "room + number", and "other info" fields). +- login + * Do not fail if a shell option, specified after --, has more than 2 + letters. +- su + * If the SULOG_FILE does not exist when an su session is logged, make + sure the file is created with group root, instead of using the group + of the caller. +- vipw + * Resume properly after ^Z. + +*** documentation: +- Document the -r, --system option in the useradd, groupadd, and newusers + manpages. +- Document the -c, --crypt-method and -s, --sha-rounds options in the + newusers manpage. +- Document the -k, --skel option in the useradd manpage. +- Tag the section which require --enable-shadowgrp or --with-sha-crypt + accordingly. + +shadow-4.1.0 -> shadow-4.1.1 02-04-2008 + +*** general: +- security + * Do not seed the random number generator each time, and use the time in + microseconds to avoid having the same salt for different passwords + generated in the same second. +- packaging + * Do not install the shadow library per default. +- general + * Do not translate the messages sent to syslog. This avoids logging + PAM error messages in the users's locale. +- etc/login.defs + * Set GID_MIN to the same value as UID_MIN by default (1000). + * Added variables SYS_UID_MIN (100), SYS_UID_MAX (999), SYS_GID_MIN (100), + SYS_GID_MAX (999) for system accounts. +- etc/useradd + * /etc/default/useradd now defines HOME as /home to match FHS. +- chage + * Fix bug which forbid to set the aging information of an account with a + passwd entry, but no shadow entry. +- faillog + * faillog -r now only reset the entries of existing users. This makes + faillog faster. +- gpasswd + * Fix failures when the gshadow file is not present. + * When a password is moved to the gshadow file, use "x" instead of "!" + to indicate that the password is shadowed (consistency with grpconv). + * Make sure the group and gshadow files are unlocked on exit. +- groupadd + * New option -p/--password to specify an encrypted password. + * New option -r, --system for system accounts. +- groupdel + * Do not fail if the group does not exist in the gshadow file. + * Do not rewrite the group or gshadow file in case of error. + * Make sure the group and gshadow files are unlocked on exit. + * Fail if the system is not configured to support split groups and + different group entries have the name of the group to be deleted. +- groupmems + * Fix buffer overflow when adding an user to a group. Thanks to Peter Vrabec. +- groupmod + * New option -p/--password to specify an encrypted password. + * Make sure the group and gshadow files are unlocked on exit. + * When the GID of a group is changed, update also the GID of the passwd + entries of the users whose primary group is the group being modified. +- grpck + * Fix logging of changes to syslog when a group file is provided, + without a gshadow file. +- lastlog + * Accept users specified as a numerical UID, or ranges of users (-user, + user-, user1-user2). +- login + * Use PATH and SUPATH to set the PATH environment variable, even when + support for PAM is enabled. + * If started as init, start a new session. +- newgrp + * Fix segfault when an user returns to an unknown GID (either the user + was deleted during the user's newgrp session or the user's passwd + entry referenced an invalid group). Add a syslog warning in that case. + * Use the correct AUDIT_CHGRP_ID event instead of AUDIT_USER_START, when + changing the user space group ID with newgrp or sg. +- newusers + * The new users are no more added to the list of members of their groups + because the membership is already set by their primary group. + * Added support for gshadow. + * Avoid using the same salt for different passwords. + * Fix support for the NONE crypt method. + * newusers will behave more like useradd regarding the choice of UID or + GID or regarding the validity of user and group names. + * New option -r, --system for system accounts. + * Make sure the passwd, group, shadow, and gshadow files are unlocked on + exit. +- passwd + * Make sure that no more than one username argument was provided. + * Make SE Linux tests more strict, when the real UID is 0 SE Linux + checks will be performed. +- pwck + * Fix logging of changes to syslog when a passwd file is provided, + without a shadow file. +- su + * su's arguments are now reordered. If needed, use -- to separate su's + options from the shell's options. +- sulogin + * If started as init, start a new session. +- useradd + * New option -l to avoid adding the user to the lastlog and faillog databases. + * Fix the handling of the --defaults option (it required an argument, + but should behave as -D) + * Document the --defaults option, which was already described in the + useradd's Usage information. + * New option -r, --system for system accounts. + * New options -U, --user-group and -N, --no-user-group. These options + should replace nflg from the previous versions. Please set any -n + option to deprecated because its meaning differs from one distribution + to the other. + * Make sure the passwd, group, shadow, and gshadow files are unlocked on + exit. +- usermod + * Keep the access and modification time of files when moving an user's home + directory. + * Check that the new fields set with -u, -s, -l, -g, -f, -e, -d, and -c + differ from the old ones. If a requested new value is equal to the old + one, no changes will be performed for that field. If no fields are + changed, usermod will exist successfully with a warning. This avoids + logging changes to syslog when there are actually no changes. + * Fix the handling of -a when a user is being renamed (with -l) +- vipw/vigr + * Recommend editing the shadowed (resp. regular) file if the regular (resp. + shadowed) file was edited. + +shadow-4.0.18.2 -> shadow-4.1.0 09-12-2007 + +*** security: +- chgpasswd + When compiled with PAM support, it used the chpasswd policy file instead + of the chgpasswd policy file. If an administrator added some restriction + to the chgpasswd policy file, they were not taken into account. + +*** general: +- Add support for SHA256 and SHA512 encrypt methods (supported by new + libc). +- useradd: Allow non numerical group identifier to be specified with + useradd's -g option. +- chgpasswd, chpasswd: Fix chpasswd and chgpasswd stack overflow. +- newgrp: Do not give an indication that the group has no password. Ask + for the password, as if there were a password. +- The permissions of the suid binaries is now configurable in + src/Makefile.am. Note that changing the permissions is not recommended. +- newgrp.c: Declare the child and pid variable at the beginning of a block. + This fixes a compilation issue with gcc 2.95. +- login_nopam: Add support for systems with no innetgr(). On those + systems, username with an @ will be treated like any other username + (i.e. lookup in the local database for an user with an @). Thanks to + Mike Frysinger for the patch. +- Add support for uClibc with no l64a(). +- userdel, usermod: Fix infinite loop caused by erroneous group file + containing two entries with the same name. (The fix strategy differs + from + (https://bugzilla.redhat.com/show_bug.cgi?id=240915) +- userdel: Abort if an error is detected while updating the passwd or group + databases. The passwd or group files will not be written. +- usermod: Update the group database before flushing the nscd caches. +- usermod: Make sure the group modifications will be allowed before + writing the passwd files. +- Flush the nscd tables using nscd -i instead of the private glibc socket. +- usermod: Make usermod options independent of the argument order. +- newgrp: Do not request a password when a user uses newgrp to switch to + her primary group. +- passwd: -l/-u options: edit the shadow account expiry field *in + addition* to editing the password field. +- pwck: Remove the SHADOWPWD preprocessor check. Some check for /etc/shadow + were always missing. +- su: Avoid terminating the PAM library in the forked child. This is done + later in the parent after closing the PAM session. +- userdel: Fix the homedir prefix checking. +- passwd, usermod: Refuse to unlock an account when it would result in a + passwordless account. +- Full review of the usage of getpwnam(), getpwuid(), getgrnam(), + getgrgid(), and getspnam(). There should be no functional changes. +- gpasswd: Only read information from the local file group database. It + writes the changes in /etc/group and/or /etc/gshadow, but used to read + information from getgrnam (hence possibly from another group database). +- New login.defs variable: MAX_MEMBERS_PER_GROUP. It should provide a + better support for split groups. Be careful when using this variable: + not all tools support well split groups (in or out of the shadow + tool suite). It fixes gpasswd and chgpasswd when split groups are used. +- Use MD5_CRYPT_ENAB, ENCRYPT_METHOD, SHA_CRYPT_MIN_ROUNDS, and + SHA_CRYPT_MAX_ROUNDS to define the default encryption algorithm for the + passwords. +- chpaswd, chgpasswd, newusers: New options -c/--crypt-method and + -s/--sha-rounds to supersede the system default encryption algorithm. +- chpaswd, chgpasswd, newusers: DES is no more the default algorithm. They + will respect the system default configured in /etc/login.defs + +*** documentation: +- Generate the translated manpages from PO at build time. +- The generated manpages will change depending on the configure options. + If you use different options than the one used for the distributed + archive, you should re-generate the manpages. +- login.defs should now describe all the variables. +- The tools' documentation details the login.defs variables they use. + +shadow-4.0.18.1 -> shadow-4.0.18.2 28-10-2007 + +*** general: +- usermod: fixed handle -a option (by Benno Schulenberg + ), +- useradd: improved auditing support + (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=211659), +- groupadd, groupdel, groupmod, useradd, userdel, usermod: flush nscd cashes + after close /etc/{group,passwd} files, +- su: If compiled without PAM support, enforce the limits from /etc/limits + when one of the -, -l, or --login options is set, even if called by root. +- limits: Support for 2 new resource limits: max nice value, and max real + time priority. The resource limits are not used when compiled with PAM. +*** documentation: +- updated translations: fi, ja, nl, tl, zh_CN. +- groupadd.8, groupmod.8, login.1, useradd.8, userdel.8, usermod.8: grammar + mistakes and other corrections (by Schulenberg ), + +shadow-4.0.18 -> shadow-4.0.18.1 03-08-2006 + +*** general: +- groupmems: fixed compilation when PAM is disabled + (by Johannes Winkelmann ), +- fixed missing man pages in dist tar ball necessary on build when + PAM is disabled. + +shadow-4.0.17 -> shadow-4.0.18 01-08-2006 + +*** general: +- su: fixed set enviroment too early when using PAM, so move it to !USE_PAM + (patch submitted by Mike Frysinger ), +- groupadd, groupmod, useradd, usermod: fixed UID/GID overflow (fixed + http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=198920) +- passwd, useradd, usermod: fixed inactive/mindays/warndays/maxdays overflow + (simillar to RH#198920), +- groupmems: rewrited for use PAM and getopt_long() and now it is enabled + for build and install (patch by George Kraft ), +- S/Key: removed assign getpass() to libshadow_getpass() on autoconf level + (patch by Ulrich Mueller ; http://bugs.gentoo.org/139966), +- usermod: back to previous -a option semantics and clarify -a behavior + on documentation level (by Greg Schafer ), +- chsh, groupmod: rewrited for use getopt_long(). +- updated translations: ca, cs, da, eu, fr, gl, hu, ko, pl, pt, ru, sv, tr, uk, vi. +*** documentation: +- fr and ru man pages are up to date, +- partially translated sv man pages set added + (by Daniel Nylander ), +- pl chage(1), chsh(1), groupmod(8): translation finished. + +shadow-4.0.16 -> shadow-4.0.17 10-07-2006 + +*** general: +- userdel, usermod: fixed segfault on remove home directory when it can't + be removed; for example when it is /dev/null (fixed http://bugs.gentoo.org/139148), +- improved SELinux detection on autoconf level (based on patch by + Dan Yefimov ), +- removed using private implementation getpass() libc function + (now getpass() is used also when S/KEY support is enabled), +- move nologin do $(sbindir), +- useradd: fixed mail spool file creation (bug cached by Frans Pop + ; + fixed http://bugs.debian.org/374705), +- updated translations: cs, da, de, ko, nb, nl, pt, ro, ru, sk, sv, vi, +- new translations: dz, km, ne. +*** documentation: +- ru man pages up to date, +- lastlog(8): updated pl translation, +- faillog(5): added missing information about fail_locktime element of + faillog struct (by Thorsten Kukuk ), +- updated translations: eu, fr, pl. +- reverted using docbook.sourceforge.net in XSL url. + +shadow-4.0.15 -> shadow-4.0.16 05-06-2006 + +*** general: +- userdel: better fix for old CERT VU#312962 (which was fixed in shadow 4.0.8): + fixed forgoten checking of the return value from fchown() before + proceeding with the fchmod() (based on Owl patch prepared by + Rafal Wojtczuk ), +- userdel: use login.defs::MAIL_DIR instead hardcoded /var/mail in created + mailbox path (based on Owl fixes submited + by Solar Designer ), +- by default do not use libshadow_getpass() as getpass() replacemement. + Use libshadow_getpass() only when S/KEY support is enabled. + Current glibc getpass() handles correctly longer than 8 characters + passwords and libshadow_getpass() is used only because libc getpass() + do not handles password prompting with echo enabled, +- move login.defs::MD5_CRYPT_ENAB to non-PAM part, +- userdel: rewrited for use getopt_log(), +- install default/template configuration files: +-- if shadow is configured with use PAM install /etc/pam.d/* files, +-- if shadow do not uses PAM install /etc/{limits,login.acces} files, +-- install /etc/login.defs and /etc/default/useradd files, +- fixed handle relative symlinks too in lib/commonio.c + (merge patch from Fedora), +- properly notify nscd to flush its cache + (https://bugzilla.redhat.com/bugzilla/186803), +- useradd, usermod: fixes for verify return values mkdir() and chown() + on copy files (merge 482_libmisc_copydir_check_return_values Debian + patch), +- login, su (non-PAM variant): export MAIL only when MAIL_CHECK_ENAB + is enabled (Mike Frysinger ), +- pgck, grpck: warn when the members of a group differ in /etc/groups + and /etc/gshadow (fixed http://bugs.debian.org/75181), +- su: fixed exit with a status 0 when the invoked command is terminated + by a signal which was not catched + (fixed by Eero Häkkinen ), +- login: cancel login timeout after authentication so that patient people + timing out on network directory services can log in with local + accounts (http://bugs.debian.org/107148), +- chgpasswd: fixes for build correctly with --disable-shadowgrp + (patch by Johannes Winkelmann ). +- updated translations: cs, da, es, eu, fi, fr, gl, hu, id, pt, ru, sk, sv, vi. +- new translations: hu. +*** documentation: +- new cs man pages: groupmems(8), groupmod(8), grpck(8), gshadow(5) + (by Miroslav Kure ), +- regenerate roff man pages using docbook-style-xsl-1.70.1, +- bunch of cleanups in chfn(1), faillog(8), gpasswd(1), groupadd(8), + groupmems(8), limits(5), login(1), login.defs(5), newgrp(1), passwd(1), + passwd(5) and su(1) (by Yuri Kozlov ), +- update pl vipw(8) man page, +- added chgpasswd(8) ru man page, +- updated ru login.defs(5), passwd(1), userdel(8), usermod(8) man pages, +- pw_auth(3) man page removed (outdated), +- install limits(5), login.access(5) and porttime(5) man pages only when + shadow is builded with PAM support disabled, +- passwd(1): better document how password strength is checked + (fixed http://bugs.debian.org/115380), +- usermod(8): added missing -a option description + (by Christian Perrier ), +- hu chsh(1), lugin(1), newgrp(1): fixed typos + (by Koblinger Egmont ), +- login.defs(5): remove information about CREATE_HOME (patch by + Mike Frysinger ), +- chgpasswd(8): new man page. + +shadow-4.0.14 -> shadow-4.0.15 13-03-2006 + +*** general: +- do not install translated man pages if shadow is configured with + --disable-nls + (based patch submited by Mike Frysinger ), +- added fixes for detect BSD's S/Key with updated the skeychallenge() + function for take a fourth argument in case BSD version (patch submited by + Mike Frysinger ), +- login: default UMASK if not specified in login.defs is 022 (pointed by + Peter Vrabec ), +- chgpasswd: new tool (by Jonas Meurer ), +- lastlog: print the usage and exit if an additional argument is profided to + lastlog (merge 488_laslog_verify_arguments Debian patch), +- login, newgrp, nologin, su: do not link with libselinux (merge + 490_link_selinux_only_when_needed Debian patch), +- chage, chfn, chsh, passwd: fixed confusing error message if /proc is not + mounted (http://bugs.debian.org/352494 patch Nicolas François + ), +- login (merge 433_login_more_LOG_UNKFAIL_ENAB Debian patch): + - TOO MANY LOGIN... logged if PAM_MAXTRIES or failcount >= retries (was + onl test PAM_MAXTRIES), + - print to stderr (in addition to syslog) in case of maximum number of + tries exceeded, + - always prints the number of tries in the syslog entry. + - add special handling for PAM_ABORT + - add an entry to failog, as when USE_PAM is not defined. (#53164) + - changed pam_end to PAM_END. This is certainly was a mistake. PAM_END is + pam_close_seesion + pam_end. Here, the session is still not open, we + don't have to close it. + - a HAVE_PAM_FAIL_DELAY is missing, +- su: fixed pam session support (patch from Topi Miettinen; fixed #57526, + #55873, 57532 Debian bugs), +- userdel: user's group is already removed by update_groups(). + remove_group() is not needed (bug introduced in 4.0.14 on merge FC fixes). + Fixed by Nicolas François , +- useradd: allways remove group and gshadow databases lock, Fixed by Nicolas + François + (http://bugs.debian.org/348250) +- auditing fixes: + - corrected prototypes in lib/prototypes.h (thre is no audit_help_log(); + added audit_logger() prototype), + - useradd: fixed excess audit_logger() argument, +- chage: added missing \n on display password status if password must be + chaged, +- useradd: fixed allow non-unique UID (http://bugs.debian.org/351281), +- variouse code cleanups for make possible compilation of shadow with -Wall + -Werror (by Alexander Gattin ), +- su: move exit() outside libmisc/shell.c::shell() for handle shell() errors + on higher level (now is better visable where some programs exit with 126 + and 127 exit codes); added new shell() parameter (char *const envp[]) + which allow fix preserving enviloment in su on using -p, (patch by + Alexander Gattin ), +- su: added handle -c,--command option for GNU su compliance (merge + 437_su_-c_option Debian patch), +- login: added translate login prompt string (suggested by Evgeniy + Dushistov), +- updated translations: ca, cs, da, el, es, eu, gl, fi, fr, it, nb, nl, pt, + pt_BR, ro, ru, sk, sv, tl, vi, zh_CN, +- new translations: gl. +*** documentation: +- ru man pages: added new nologin(8) and updated all other man pages (by + Yuri Kozlov ), +- chsh(1), su(1): update fi translations generated from XML files + (Tommi Vainikainen ), +- expiry(1), faillog(5), faillog(8), gpasswd(1), groupadd(8), groupdel(8), + logoutd(8), nologin(8), vipw(8): added new cs man pages, (by Miroslav Kure + ) +- login.defs(5): default UMASK if not specified in login.defs is 022 + (pointed by Peter Vrabec ), +- useradd(8): better document that -d will not add the user's home directory + if it does not already exist (http://bugs.debian.org/154996), +- nologin(8) man pages added (merge 478_nologin.8.xml Debian patch). + +shadow-4.0.13 -> shadow-4.0.14 03-01-2006 + +*** general: +- fixes in handling login.defs: $MAIL_FILE is used in userdel and usermod, + $MD5_CRYPT_ENAB is used by crypt_make_salt, which is used by chpasswd, + gpasswd and newusers. + Both variables moved to PAM not dependent (447_missing_login.defs_variables + Debian patch), +- chage: fix chage display when the last change field is set to 0. + This is consistent with PAM (merge 427_chage_expiry_0 Debian patch), +- su: if an password is expired, su should propose to change this password + (fixed http://bugs.debian.org/321384), +- login: added auditing support (based on Fedora patch for login from util-linux), +- useradd: merge PUG fixes from RedHat patch, +- nologin: new program, +- vipw: added a "quiet" mode (http://bugs.debian.org/190252), +- newgrp: added auditing support (by Steve Grubb ), +- switch over to a new logging function (by Steve Grubb ), +- userdel: fix incorrect audit record in userdel + (https://bugzilla.redhat.com/bugzilla/174392), +- userdel: remove the user's group unless it is not really a user-private group + for better PUG support (based on FC patch), +- userdel: make the -f option force the removal of the user's group (even if it + is the primary group of another user) + (merge 453_userdel_-f_removes_group Debian patch), +- usermod: rewrited for use getopt_long() (Christian Perrier ), +- grpck: fixed segmentation fault on using -s when /etc/gshadow is empty (fix by + Tomasz Lemiech ), +- passwd: remove handle -f, -g and -s options. +- added handle -s/--shell, -m/-p/preserve-environment options like GNU su + (based on patches from Debian submited by + Nicolas François ) +- su: export $USER and $SHELL as well as $HOME (http://bugs.debian.org/11003 and + http://bugs.debian.org/11189), +- su, vipw: rewrited for use getopt_long(), +- su: log successful/failed through syslog (http://bugs.debian.org/190215), +- updated translations: ca, cs, da, eu, fi, fr, it, pl, pt, ru, sv, tl, vi, +- new translations: gl. +*** documentation: +- added es, ko vigr(8) and vipw(8), hu lastlog(8), ko vipw(8), zh_CN su(1), + zh_TW chpasswd(8) and su(1), +- added tr man pages: chage(1), chfn(1), groupadd(8), groupdel(8), groupmod(8), + login(1), passwd(1), passwd(5), shadow(5), su(1) useradd(8), userdel(8), + usermod(8), +- passwd5): added es, hu, pt_BR, zh_CN zh_TW translations, +- added full set (up to date) fr man pages + (by Nicolas François ), +- pwck(1): document -q option, +- WARNING: all translated man pages are now in UFT-8, +- added full set of ru man pages (by Yuri Kozlov ), +- login(1): better explain the respective roles of login, init and getty with regards + to the utmp file (merge 440_manpages-login.1 Debian patch), +- login(1): document how to initiate a trusted path on linux + (http://bugs.debian.org/305600), +- userdel(8): document the -f option; document the group removal behavior (merge + 455_userdel.8.xml Debian patch), +- groupadd(8), useradd(8): document that useradd/groupadd refuse adding entries already in an + external database (http://bugs.debian.org/282184), +- updated it groupdel(8), passwd(1), pwconv(8), useradd(8), userdel(8), usermod(8) man pages + (merge 205_it-manpages Debian patch), +- added fi chfn(1), chsh(1), passwd(1), su(1), +- newusers(8): added it translation, +- newgrp(1): added de, es, zh_CN, zh_TW translations. + +shadow-4.0.12 -> shadow-4.0.13 10-10-2005 + +*** general: +- chage: removed duplicated pam_start(), +- chfn, chsh: finished PAM support usin pam_start() and co., +- userdel: userdel should not remove the group which is primary for someone else + (fix by Nicolas François + http://bugs.debian.org/295416), +- login: use "%c" in strftime() output (based on patch from + http://bugs.debian.org/89902 by Christian Perrier ), +- fixedlib/commonio.c: don't assume selinux is enabled if is_selinux_enabled() + returns -1 (merge isSelinuxEnabled FC patch by Jeremy Katz ), +- login, su (non-PAM case): fixed setup max address space limits (added missing break + statement in case) spoted by Lasse Collin , +- auditing support added. Patch prepared by Peter Vrabec basing + on work by Steve Grubb from http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159215 + Now auditing support have commands: chage, gpasswd, groupadd, groupdel, groupmod, + useradd, userdel, usermod. +- chage, chfn, chsh, passwd: change to use new selinux API for + selinux_check_passwd_access() (patch from Fedora by Dan Walsh ), +- use #ident preprocesor directive istead RCID macro with content similar + to example described in ident(1) man page (modern compilers like latest GCC + removes not used functions by global optimization). + So "ident /usr/bin/passwd" will show again some useable informations +- su: fixed twice copy enviroment which causes auth problems + (bug was introduced in 4.0.12; fix by Nicolas François ), +- chage: differentiate the different failure causes by the exit value + This will permit to adduser Debian script to detect if chage failed because the + system doesn't have shadowed passwords (fix for http://bugs.debian.org/317012), +- merge 010_more-i18ned-messages Debian patch which adds i18n support for few + more messages (orginaly patch was prepared by Guillem Jover ), +- lastlog: added handle -b option which allow print only lastlog records older than + specified DAYS (fix by ), +- chpasswd, gpasswd, newusers: fixed libmisc/salt.c for use login.defs::MD5_CRYPT_ENAB + only if PAM support is disabled (fix by John Gatewood Ham ), +- passwd: rewrited for use getopt_long(), +- newgrp: when newgrp process sits between parent and child shells, it should + propagate STOPs from child to parent and CONTs from parent to child, + otherwise e.g. bash's "suspend" command won't work + Fixed Debian http://bugs.debian.org/314727 +- updated translations: da, es, fr, pt, ro, ru. +*** documentation: +- chsh(1), groupadd(8), newusers(8), pwconv(8), useradd(8), userdel(8), usermod(8): + added missing references to /etc/login.defs and login.defs(5) + (Christian Perrier ), +- passwd(5): rewrited based on work by Greg Wooledge + http://bugs.debian.org/328113 +- login(1): added securetty(5) to SEE ALSO section + (fixed Debian bug http://bugs.debian.org/325773), +- groupadd(8), useradd(8): fix regular expression describing alloved login/group + names (pointed by Nicolas François ) + (correct is [a-z_][a-z0-9_-]*[$]), +- groupadd(8), useradd(8): documents in CAVEATS section the limitations shadow + places on user and group names (fix by Mike Frysinger ). +- chage(1), groupadd(8): document -h,--help option. + +shadow-4.0.11.1 -> shadow-4.0.12 22-08-2005 + +*** general: +- newgrp, login: remove using login.defs::CLOSE_SESSIONS variable and allways + close PAM session, +- fixed configure.in: realy enable shadow group support by default (pointed by + Greg Schafer and Peter Vrabec ), +- login.defs: removed handle QMAIL_DIR variable, +- login: allow regular user to login on read-only root file system (not only for root) + Patch by Nicolas François + Fix for http://bugs.debian.org/52069 +- gpasswd, grpck, grpconv, grpuconv: added flushing group nscd cache, +- pwck, pwconv: added flushing passwd nscd cache, +- usermod: fixed handle -p option (patch by Peter Vrabec ), +- chage: use -1 as value for disable password inactivity, expiration date and + checking an password validation. + Based on patch by Peter Vrabec which fixes: + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=109499 + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=137498 + and on 427_chage_expiry_0 Debian patch (fix for http://bugs.debian.org/78961) +- useradd: do not copy files from skel directory if home directory exist and write + warning message about not copying skel files + Patch by Peter Vrabec which fixes: + https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=143150 + https://bugzilla.redhat.com/beta/show_bug.cgi?id=158574 + https://bugzilla.redhat.com/beta/show_bug.cgi?id=80242 +- su: ignore SIGINT while authenticating. A ^C could defeat the waiting + period and permit brute-force attacks (fixed http://bugs.debian.org/288827), +- uClibc fixes (by Martin Schlemmer ): + added require ngettext (added [need-ngettext] to AM_GNU_GETTEXT() parameters) + and stub prototype for ngettext() in lib/prototypes.h (neccessary if shadow + compiled with disabled NLS support) +- groupadd: rewrited for use getopt_long(), +- groupadd, groupdel, groupmod, userdel: do OPENLOG() before pam_start(), +- groupadd: fixed double OPENLOG(), +- removed lib/{grpack,gspack,pwpack,sppack}.c and prototypes from lib/prototypes.h + (outdated), +- newusers: added flushing passwd and group nscd caches, +- passwd, pwunconv, userdel, vipw: remove flushing shadow nscd cache (nscd do not caches + shadow map), +- pwck: now pwck OPENLOG with correct name ("pwck" instead "pwsk") + (fix by Alexander Gattin ), +- pwck, grpck: replace all puts() with printf() - it fixes problems with extra blank + lines printed in some messages + (fix by Alexander Gattin ), +- passwd: use separated message "Password set to expire." instead "Password changed." + on "passwd -e" (fix by Christian Perrier shadow-4.0.11.1 21-07-2005 + +*** general: +- fixed configure.in: now is possible build shadow with enabled/disabled shadow group + support (thanks for report symptoms of the bug to Greg Schafer ), +- updated translations: sv. + +shadow-4.0.10 -> shadow-4.0.11 18-07-2005 + +*** general: +- su: ignore SIGINT while authenticating. A ^C could defeat the waiting period and + permit brute-force attacks. Also ignore SIGQUIT. + Fixed: http://bugs.debian.org/52372 and http://bugs.debian.org/288827 +- useradd: rewrited for use getopt_long(), +- newgrp: add fix for handle splitted NIS groups: extends the functionality that, + if the requested group is given, all groups of the same GID are tested for + membership of the requesting user. + (fix by Christian Mudra ) +- fix nscd_flush_cache(): for some reason doing the INVALIDATE call with two + write()'s fails. Do one writev() call instead. + http://bugs.gentoo.org/show_bug.cgi?id=80413 + (submited by Martin Schlemmer ) +- merge nscd-socket-path patch from Fedora: newer glibc's have a different nscd socket + location (/var/run/nscd/socket instead /var/run/.nscd_socket), +- S/Key support is back, +- usermod: added -a option. This flag can only be used in conjunction with the -G + option. It cause usermod to append user to the current supplementary group list. + (patch by Peter Vrabec ) +- chage: added missing \n in error messages, +- useradd, groupadd: change -O option to -K and document it in man page, +- su, sulogin, login: fixed erroneous warning messages when used with PAM about some + login.defs variables (fix by DJ Lucas ), +- autoconf: +-- stop with error message if crypt() not found, +-- remove --with{,out}-libcrypt switch, +-- move all autoheader templates from acconfig.h to configure.in, +- login: setup limits and umask (using login.defs ULIMITS and UMASK variables) only when + PAM support is disabled (it is task for pam_limits and pam_umask modules), +- sulogin, login: use SYSLOG macro instead syslog() which saves the locale, sets the + locale to C, sends the message and restores the locale + (fix by Nicolas François ). +- updated translations: cs, da, de, es, fi, pl, pt, ro, ru, sk. +*** documentation: +- pwck(8): document -q option (based on Debian patch for fix http://bugs.debian.org/309408) +- pwck(8): rewrited OPTIONS section and better SYNOPSIS, +- lastlog(8): document that lastlog is a sparse file, and don't need to be rotated + http://bugs.debian.org/219321 +- login(8): better explain the respective roles of login, init and getty with regards + to the utmp file (based on 441_manpages-shadow.5 Debian patch), +- shadowconfig(8): removed (will be maintained in Debian shadow pkg repository), +- groupadd(8): document -o option, +- in SEE ALLSO section in groupadd(8), groupdel(8), groupmod(8), userdel(8), usermod(8) + added refer to gpasswd(8) (suggested by Mike Frysinger ). + +shadow-4.0.9 -> shadow-4.0.10 28-06-2005 + +*** general: +- mkpasswd: removed, +- userdel: now deletes user groups from /etc/gshdow as well as /etc/group. + Fix by Nicolas François . + http://bugs.debian.org/99442 +- usermod: when relocating a user's home directory, don't fail and remove the new + home directory if we can't remove the old home directory for some + reason; the results can be spectularly poort if, for instance, only + the rmdir() fails. Patch prepared by Timo Lindfors . + http://bugs.debian.org/166369 +- su: fix syslogs to be less ambiguous. Use old:new format instead of old-new + because '-' can appear in usernames + http://bugs.debian.org/213592 +- removed not used now libmisc/setup.c, +- login: use also UTMPX API instead UTMP on failure (login was affected for this + when shadow was builded without PAM support) + patch by Nicolas François +- login: the PAM session needs to be closed as root, thus before change_uid() + http://bugs.debian.org/53570 http://bugs.debian.org/195048 http://bugs.debian.org/211884 +- login: made login's -f option also able to use the username after -- if none + was passed as it's optarg + http://bugs.debian.org/53702 +- login: check for hushed login and pass PAM_SILENT if true, + http://bugs.debian.org/48002 +- login: fixed username on succesful login (was using the normal username, + when it should have used pam_user) http://bugs.debian.org/47819 +- remove using SHADOWPWD #define so now shadow is allways builded with shadow + passwowd support, +- chage: rewrited for use getopt_long(), +- updated translations: ca, cs, da, fi, pl, ru, zh_TW. +*** documentation: +- most of the man pages now are generated from XML files so in case submiting any + chages to this resources please make diff to XML files, +- chfn: give more details about the influence of login.defs on what's allowed to + users. + +shadow-4.0.8 -> shadow-4.0.9 23-05-2005 + +*** general: +- passwd: fixed segfault in non-PAM connfiguration + (submited by Greg Schafer ), +- newgrp: fixed NULL pointer dereference - getlogin() and ttyname() can + return NULL which is not checked (http://bugs.debian.org/162303), +- updated translations: ro, ru, +- added new translations: vi, +- lib/getdef.c: leaves the table as it is, and changes from the binary search to + a sequential one (Lucas Correia Villa Real ), +- lastlog: fixed --help message (s,--login,--user,) http://bugs.debian.org/249611. + +shadow-4.0.7 -> shadow-4.0.8 26-04-2005 + +*** general: +- remove not working OPIE and SKEY support, +- chage, useradd, usermod: reduce multiple OPENLOG() calls, +- passwd: fix #61313 Debian bug: "passwd -S root" (as a normal user) should not + display "You may not change the password for root.", +- vipw: fixed race condition (Debian #242407 bug; fix by Alexander Gattin + ), +- configure.in: add using AC_GNU_SOURCE macro for kill compilation warnings about + implicit declaration of function `fseeko', +- faillog: changed faillog record display format for allow fit in 80 columns all + faillog atributies, +- removed NDBM code (unused), +- fixed use of SU_WHEEL_ONLY in su. Now su realy is avalaible for wheel group + members. Thanks to Mike Frysinger for report: + http://bugs.gentoo.org/show_bug.cgi?id=80345 +- drop never finished kerberos and des_rpc support (for kerberos support back firs + must be prepared modularization), +- fixed UTMP path detection (by Kelledin ), +- useradd: rewrited group count to dynamic (by John Newbigin + ), +- login: fixed create lastlog entry fo users never loged in on non-PAM + variant of login (fix by ), +- remove handle login.defs::NOLOGIN_STR (never used), +- useradd: fixes a potential security problem when mailbox is created in + useradd. + Patch and comment by Koblinger Egmont : + Only two arguments are passed to the open() call though it expects three + because O_CREAT is present. Hence the permission of the file first becomes + some random garbage found on the stack, and an attacker can perhaps open + this file and hold it open for reading or writing before the proper + fchmod() is executed. (Actually, we could also pass the final "mode" to + the open() call and then save the consequent fchmod().) +- SELinux changes: added changes in chage, chfn, chsh, passwd for allow + construct more grained user password/accuunt properties on SELinux + policies level. Patch originally based on RH changes (submited by Chris + PeBenito ), +- added SELinux changes: in libmisc/copydir.c (based on Fedora patch), +- updated translations: cs, da, es, eu, fi, fr, it, ko, nl, pl, pt, sk, uk, +- added new translations: tl, +- reindent all source code using -l80, +*** documentation: +- it man pages (by Danilo Piazzalunga ): +-- updated: chfn.1, chsh.1, groups.1, grpck.8, grpconv.8, + grpunconv.8, id.1, lastlog.8, login.1, newgrp.1, pwunconv.8, shadow.5, + vigr.8, vipw.8, +-- new: chage.1, chpasswd.8, expiry.1, faillog.5, faillog.8, getspnam.3, + logoutd.8, porttime.5, pwck.8, shadow.3, shadowconfig.8, su.1, +- passwd(1): fix #160477 Debian bug: improve -S output description, +- newgrp(1): fix #251926, #166173, #113191 Debian bugs: explain why editing /etc/group + (without gshadow) doesn't permit to use newgrp, +- newgrp(1): newgrp uses /bin/sh (not bash), +- faillog(8): updated after rewrited faillog command for use getopt_long(), +- login(1): removed fragment about abilities pass enviroment variables in login prompt, +- gshadow(5): new file (by Nicolas Nicolas François ), +- usermod(8): fixed #302388 Debian bug: added separated -o option description, + +shadow-4.0.6 -> shadow-4.0.7 26-01-2005 + +- updated translations: da, es, fi, it, nl, pl, pt, +- added zh_TW translation (from Debian resources), +- remove unused now files in lib/ directory, +- switch faillog to use getopt_long(), +- added de vigr(8), vipw(8) man pages (from Debian resources), +- added ro, sq translations (from Debian resources), +- fixed large file support in lastlog and faillog: +-- added AC_SYS_LARGEFILE macro to autoconf, +-- use fseeko() instead fseek() and remove casting file offsets to unsigned + long. +- lastlog: +-- rewrited source code using the same style as in chpasswd.c, +-- open lastlog file after finish parse comman line optiomns + (now --help otput can be displayd for users without lastlog + file read permission), +-- cleanups in lastlog(8) man page using the same style as in + chpasswd(8). +- chpasswd: +-- switch chpasswd to use getopt_long() and adds a --md5 option + (by Ian Gulliver ), +-- rewrited chpasswd(8) man page. + +shadow-4.0.5 -> shadow-4.0.6 08-11-2004 + +- su: fixed adding of pam_env env variables to enviroment + (Martin Schlemmer ), +- autoconf: fixed filling MAIL_SPOOL_DIR and MAIL_SPOOL_FILE variables + which was allways empty (Gregorio Guidi ), +- realuy closse security bug in libmisc/pwdcheck.c, +- added missing template/example PAM service config files for chfn, chsh and + userdel, +- do not translate variable names from /etc/default/useradd during + "useradd -D". + +shadow-4.0.4.1 -> shadow-4.0.5 27-10-2004 + +- change libmisc to private static library, +- added SELinux support (basing on patch from Gentoo), +- chage: more verbose/human readable -l output. This output is much more + beter for send directly via email for each users as message with account + status (for example as message with warning about account/password expiration), +- login: fixed handle -f option: now it works correctly without specify "-h + " if open login session localy is required (thanks for help + investigate bug for Krzysztof Kotlenga), +- userdel: when removing a user with userdel, userdel was always exits with 1 (fixed). + Based on http://bugs.gentoo.org/show_bug.cgi?id=66687, +- useradd: added handle /etc/defaults/useradd::CREATE_MAIL_SPOOL={yes|no}. + Now on adding user account can be also created empty user mail spool. + Curent code handle only mailbox. + TODO: add handle create user mail spool in maildir format. +- useradd: when placing symlinks into /etc/skel copy_tree of + libmisc/copydir.c will properly create the symlink in the destination + directory but not change the ownership to the target user/group. This + makes httpd Option SymlinkIfOwnerMatch break for default weg pages + including symlinks placed into /etc/skel/public_html for example. + http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=66819 +- su: add pam_open_session() support. If builded without PAM support + propagate $DISPLAY and $XAUTHORITY enviroment variables. + Based on http://www.gentoo.org/cgi-bin/viewcvs.cgi/sys-apps/shadow/files/shadow-4.0.4.1-su-pam_open_session.patch?rev=1.1 +- applied 036_pam_access_with_preauth.patch Debian patch submited by Bjorn + Torkelsson : add support for PAM account + management to restrict access using pam_access when login is invoked with -f. +- applied Owl patches by Solar Designer : + shadow-4.0.4.1-owl-pam-auth.diff: + Moved the PAM authentication in user management commands after + command-line parsing, made it use separate service names for each command. + Use constant strings rather than argv[0] for syslog ident in the user + management commands, + shadow-4.0.4.1-owl-tmp.diff: + Remove using mktemp() if mkstemp() prototype not found (use allways mkstemp()), + shadow-4.0.4.1-owl-check-reads.diff: + Add checking for read errors in commonio and vipw/vigr (not doing so could + result in data loss when the records are written back), +- fixed securirty bug in libmisc/pwdcheck.c which allow unauthorized + account properties modification. + Affected tools: chfn and chsh. + Bug was discovered by Martin Schulze . +- added it translation (by Danilo Piazzalunga ), +- added sk translation (by Peter Mann , submited by Christian + Perrier ), +- added es translation (by Ruben Porras ), +- updated ko translation (by Changwoo Ryu ), +- added fi translation (by Tommi Vainikainen ), +- new translations: bs, ca, da, eu, he, id, nb, nl, nn, pt, pt_BR, tr, + zh_CN (stolen from Debian), +- remove adduser(8) roff include man page to useradd(8). + +shadow-4.0.4 => shadow-4.0.4.1 14-01-2004 +- bug fixes in automake files for generate correct tar ball on "make dist": + added mising "EXTRA_DIST = $(man_MANS)" in man/*/Makefile.am. + +shadow-4.0.3 => shadow-4.0.4 14-01-2004 + +*** general: +- added missing information about -f options in groupadd usage mesage + (document this also in man page), +- removed TCFS support (tcfs is dead), +- convert all po/*.po files to utf-8, +- one TODO entry gone: fix nscd flushing databases on change (use + per service flushing method instead HUPing nscd process), +- removed old AUTH_METHODS dependent code, +- chage: now all code depend on SHADOWPWD. If shadow will not be configured + on autoconf level for using shadow possword chage is olny stub which + informs "chage not configured for shadow password support." +- dpasswd: removed, +- login: remove handle login.defs::DIALUPS_CHECK_ENAB code, +- login: remove handle login.defs::NO_PASSWORD_CONSOLE code, +- ALL tools, libraries: remove old SVR4, SVR4_SI86_EUA BSD_QUOTA and ATT_AGE + dependent code, +- ALL: ready for gettext 0.11.5, automake 1.7.4, autoconf 2.57, +- logoutd, userd: handle also utmpx if avalaile, +- newgrp: fix for non-PAM version + Use CLOSE_SESSIONS depending code only when USE_PAM. + The problem was reported by Mattias Webjorn Eriksson using Slackware + 8.1 and reproduced it using slackware-current (9.0beta) (fix submited by + Simon Williams ), +- fix in too_many_failures() function: incorrect if() condition in non-PAM + dependent code in fail login handling (fixed by Krzysztof + Oledzki ), +*** documentation: +- install groups(1) man page (moved from EXTRA_DIST to man_MANS), +- removed pwauth(8), d_passwd(5), dialups(5) man pages, +- remove text about password aging from passwd(5) (based on Debian changes), +- document useradd and groupadd -M option in en and pl man pages + (by Jakub Mikusek ). +- added ru passwd(1) man page from KSI resources, +- added es man pages found in Conectiva distribution resources, +- added chch(1), chfn(1) man pages from chinese man pages translation + project, +- added id(1) man page czech man pages translation project, +- updated ja man pages and added expiry(1), +- removed old doc/ANNOUNCE, +- updated german passwd(1), chsh(1) and login(1) man page and added chfn(1) + (by Josef Spillner ), +- many other cleanups and unifications in man pages. + +shadow-4.0.2 => shadow-4.0.3 13-03-2002 + +- added variouse cs, de, fr, id, it, ko man pages found mainly in national + man pages translations projects (this documents are not synced with + current en version but you know .. "Documentations is lik sex. When it is + good it very very good. Whet it is bad it is better than nothing."). Any + changes for syncing this are welcome and for anyone who will want maintain + this documents directly I can give cvs write access to project resources. +- added new de translation (by Frank Schmid ). +- fixed building --with-shared: swapped utent (in src/login.c and + libmisc/utmp.c) and pwent (in libmisc/suauth.c and src/su.c) + definition/extern (by Dimitar Zhekov ). +- minor changes and updates in man pages (also merged + shadow-4.0.0-owl-man.patch by Solar Designer ). + +shadow-4.0.1 => shadow-4.0.2 17-02-2002 + +- resolve many fuzzy translations also all this which may cause problems on + displaing long uid/gid, +- allow use "$" on ending in cereated by useradd usermname accounts for allow + create machine acounts for samba (thanks to Jerome Borsboom + for point this problem in 4.0.1), +- fix small but ugly bug in configure.in in libpam_mics library detection. + +shadow-4.0.0 => shadow-4.0.1 + +- added ability to log session closes in newgrp + (Joseph Parmelee ), +- add -pcs to .indent.pro file and reindent all code in src/, +- remove "\n" from all SYSLOG() messages, +- finish integrate AGING code into SHADOWPW, +- remove handle old HAVE_USERSEC_H code, +- updated ja and added hu man pages, +- applied patches by Solar Designer : + shadow-4.0.0-owl-chage-drop-priv.diffd + shadow-4.0.0-owl-chage-ro-no-lock.diff: + Added locks which are needed when doing r/w accesses, not when running + as root. If root does read-only, there's no lock needed. Added missing + "#include " for above (me). + shadow-4.0.0-owl-warnings.diff + Olny one fix from this patch was aplayd because other was fixed few days + before :) + shadow-4.0.0-owl-check_names.diff + Merge only prat this patch with checking login name matching; checking + is login string isn't longer than possible it will be good prepare using + probably _POSIX_LOGIN_NAME_MAX from , + shadow-4.0.0-owl-chage-drop-priv.diff + shadow-4.0.0-owl-pam-auth.diff + Merge part with reorder initialize PAM and checkin is chage is runed by + root or not - now chage can be runed from non-root account for checking + by user own account information (if PAM enabled). +- fixes for handle/print correctly 32bit uid/gid (Thorsten Kukuk ), +- implemented functions for better reloading the nscd cache (per NSS map) + (Thorsten Kukuk ), +- fixed warnings "not used but defined" on compile using gcc 3.0.x + (bulletpr00ph ), +- added ja, ko translations found in SuSE, +- added symlinks: newgrp -> sg, vipw -> vigr, +- added vigr(1) man page as roff .so link to vipw(1), +- added sg(1) man page as roff .so link to newgrp(1), +- installed fix for SEGV when using pwck -s on /etc/passwd file with + empty lines in it. + +shadow-20001016 => shadow-4.0.0 06-01-2002 + +- fix bug discovered and fixed by Marcel Ritter + + Due to a big buffer size in lib/commonio.c this error does only appear + if a line gets longer than 4096 bytes (there are probably very few people + stumbling across this). + Ths bug can be exposed by trashing /etc/groups file using useradd with script: + #!/bin/sh + typeset -i NUM + NUM=0 + groupadd demogroup + while [ $NUM -le 1000 ]; do + useradd -g demogroup -G demogroup -p "NONE" user$NUM + NUM=$NUM+1 + done +- remove limit 32 to groups per user by (the same user can belong to + more than 32 groups) by use sysconf(_SC_NGROUPS_MAX) instead constant + NGROUPS_MAX (patch by Radu Constantin Rendec ) + NOTE: it probably need testing on other system for add + some condition for using sysconf(_SC_NGROUPS_MAX) or NGROUPS_MAX constant, +- added -s option to {pw,grp}ck to sort checked files by UID/GID, +- drop detecting is pam_strerror() need one or two arguments. Instead using + PAM_STRERROR() macro use directly pam_strerror() function with two + arguments. pam_strerror() with one argument is obsoleted, +- adde ja man pages (probably some man pages need update), +- much better automake support, +- added pt_BR man pages for gpasswd(1), groupadd(8), groupdel(8), + groupmod(8), shadow(5) (man pages for other nations also are welcome), +- mamny small fixes and updates nad improvements in man pages, +- aplayed Debian patch to man pages for shadowconfig, +- remove limit to 6 chars logged tty name (012_libmisc_sulog.c.diff Debian + patch). + +shadow-20001012 -> shadow-20001016: +- conditionaly disabled body reload_nscd() because not every + version of nscd can handle it (this can be enabled by define + ENABLE_NSCD_SIGHUP) (Marek Michałkiewicz ) +- fixes on autoconf/automake level for dist target, +- Julianne F. Haugh new contact adress. + +shadow-20000902 => shadow-20001012 + +- removed /redhat directory with obsoleted files (partialy rewrited spec + file is now in root directory), +- aplayed shadow-19990827-group.patch patch from RH wich prevents adduser + overwrite previously existing groups in adduser, +- added PAM support for chage (bind to "chage" PAM config file) also + added PAM support for all other small tools like chpasswd, groupadd, + groupdel, groupmod, newusers, useradd, userdel, usermod (bind to common + "shadow" PAM config file) - this modificaytions mainly based on + modifications prepared by Janek Rękojarski , +- many small fixes and improvments in automake (mow "make dist" + works correctly), +- added cs translation (Jiri Pavlovsky ). + +shadow-20000826 => shadow-20000902 + +This is probably the last release from me. +Tomasz Kloczko is the new maintainer. +Good luck! + +(I'm still interested to know what is going on with this package, +which is fairly important to many Linux distributions, so please +Cc: marekm@linux.org.pl in any related discussions - just don't +expect me to respond quickly...) + +Previous warning still applies - be careful! + +- applied some of the Red Hat patches (revised slightly), thanks to + Bernhard Rosenkraenzer : fix for truncated long + lines (>8K) in /etc/group, send SIGHUP to nscd (caching daemon + in glibc 2.1.x) after changing anything, add usermod -L and -U + options, remove LOG_CONS from openlog(), chage -d and -E handles + dates in yyyy-mm-dd format ('/' is not required) +- various cleanups + +shadow-19990827 => shadow-20000826 + +WARNING: this release is not tested (other than that it compiles for me), +please be careful. Previous release was a year ago, so it is really time +to release something and start looking for a new, better maintainer... +(I've been extremely busy recently. Credit for most of the real work, +such as complete PAM support, should go to Ben Collins +who maintains this package for Debian.) + +- merged most of the changes from Debian (not all of them yet, PAM support + should be complete but is not tested - need to upgrade to potato first) +- added Polish translations of manual pages from PLD +- change sulog() to not depend on global variables oldname, name +- try to not follow symbolic links when deleting files recursively + in userdel (still not perfect, safest to do it in single user mode) +- removed workarounds for ancient (pre-ANSI) C compilers - use gcc! + (a few ANSI C constructs were used already, and no one complained) +- updated author's e-mail address (jfh@bga.com -> jfh@austin.ibm.com) + +shadow-19990709 => shadow-19990827 + +- upgrade to autoconf-2.13, automake-1.4, libtool-1.3.3 +- i18n: added French translation by Vincent Renardias +- i18n: added Swedish translation by Kristoffer Brånemyr +- logoutd no longer reads /etc/logoutd.mesg at startup - instead, read + it when sending to luser's tty (no need to reload with SIGHUP) +- added support for "usergroups" feature often found in Linux distributions + (if USERGROUPS_ENAB in login.defs set to "yes", uid != 0, uid == gid, and + username == groupname, then set umask to 002 instead of 022) +- Debian: pwck and grpck are now run from a daily cron job (root will + receive an e-mail if something is wrong), and at system startup +- added support for setting umask in /etc/limits +- when using OPIE, re-prompt with echo on after empty password was entered +- GETPASS_ASTERISKS now run time configurable (login.defs) +- getpass() now uses stdin and stderr (not stdout) if it can't open /dev/tty +- getpass() allows all input to be erased using Control-U, and beeps when + too many characters are entered +- removed obsolete sgtty support, in 1999 everyone should have termios :) +- Debian: tar wrapper no longer needed to build packages as non-root user + (install libtricks, and use "dpkg-buildpackage -rfakeroot" instead) +- Debian: changes for GNU Hurd by Marcus Brinkmann : + dpkg-architecture, cross compilation, only build passwd, add + etc/login.defs.hurd conffile, conditionalize CBAUD +- newgrp sets $HOME before running the new shell +- both "sg group command" (usage message) and "sg group -c command" + (man page) work, updated both the usage message and the man page :) +- i18n: added missing _() for some translatable strings + +shadow-19990607 => shadow-19990709 + +- added PAM support to chfn and chsh (thanks to Thorsten Kukuk) +- fixed a bug in newgrp if the user is in >= 17 groups +- added @LIBSKEY@ to LDADD for all programs (for some reason, + almost all programs need it if skey/opie support is enabled) +- changed grpconv/grpunconv to compile with --disable-shadowgrp +- changed faillog to do something (assume -p) with no options specified +- updated version of the udbachk passwd/shadow/group file integrity + checker (contrib/udbachk.v012.tgz) + +shadow-19990307 => shadow-19990607 + +- upgraded to libtool-1.2, latest config.{guess,sub} +- added missing #include "defines.h" in libmisc/login_desrpc.c - thanks + to almost everyone for reporting it :-) +- moved PAM-related defines to pam_defs.h +- added some braces to if/else to avoid egcs warnings +- started adding PAM support to login (based on util-linux, not finished yet) +- changed "!" to "x" for pw_passwd in src/newusers.c +- a few more Y2K fixes +- added contrib/udbachk.tgz (passwd/shadow/group file integrity checker), + thanks to Sami Kerola +- Debian: made /etc/{limits,login.access,login.defs,porttime,securetty} + files all mode 0600 (Bug#38729 - login: /etc/limits is world readable) +- updated mailing list information (moved again, now hosted by SuSE), + updated README.mirrors, other minor documentation updates +- made getpass work with redirected stdin +- new readpass echoing asterisks disabled by default by popular demand + (can be enabled at compile time: ./configure --enable-readpass) +- the random number of asterisks in readpass is now more random + (random number generator initialization was missing) +- commented out --enable-md5crypt (obsolete) in configure.in +- when checking for libskey, link with -lcrypt if libcrypt is available + (otherwise the configure test for libskey fails - libskey needs libcrypt) +- added Package/Version ident strings (so you can use the RCS "ident" + command to check any binary, which version of shadow it comes from) + +shadow-981228 => shadow-19990307 + +- added support for setting process priority in /etc/limits +- i18n: updated Greek translation +- i18n: added Polish translation by Arkadiusz Miskiewicz +- documented the -p option in useradd.8 and usermod.8 man pages +- some "const" gcc warning fixes +- attempt to fix lib/snprintf.c compilation problems +- added restart/reload/force-reload to /etc/init.d/logoutd (found by lintian) +- always require password for root logins (even with NO_PASSWORD_CONSOLE) +- workaround for RedHat's CREATE_HOME feature in /etc/login.defs +- changed to Y2K compatible version numbering +- more Y2K fixes, use the ISO 8601 date format (yyyy-mm-dd) for default + values of user-entered dates (you can still enter dates in any format + supported by GNU date) +- oops, added doc/README.nls to list of files to distribute +- added missing sanitize_env() call to src/login.c +- debian/rules installs /bin/login non-setuid by default, just in case... +- build Debian packages with cracklib support (depends on cracklib-runtime) + +shadow-980724 => shadow-981228 + +- login now clears the username in argv[] (in case someone types the + password instead of username, by mistake) +- i18n support, Greek translation (Nikos Mavroyanopoulos), see README.nls +- updated author's e-mail address (jfh@tab.com -> jfh@bga.com) +- new getpass() replacement that displays *'s (Pavel Machek) +- no password required when logging in from ttys listed under + NO_PASSWORD_CONSOLE in login.defs (Pavel Machek) +- fixed limits code so RLIMIT_AS should work +- upgraded to Debian 2.0 +- built a new machine (P2 350MHz, 64MB RAM) so the thing can be compiled + in reasonable time again +- upgraded to automake-1.3, libtool-1.0h (also new config.guess and + config.sub that work on i686) +- usermod fixed to handle group names starting with digits (not recommended) + +shadow-980626 => shadow-980724 + +- security: login no longer gives you a root shell if setgid() + or initgroups() or setuid() fails for any reason, discovered + by Ted Hickman +- remove libshadow.so -> libshadow.so.x.x symlink after install +- a few int -> uid_t type cleanups +- fail immediately (don't retry) in *_lock() if euid != 0 +- added sample PAM config files etc/pam.d/{passwd,su} +- preliminary PAM support in su (untested - use at your own risk, + comments and patches welcome!) +- cleanup and more comments in OPIE code (Algis Rudys) +- added support for TCFS (Transparent Cryptographic File System) + (use ./configure --with-libtcfs, see http://tcfs.dia.unisa.it/ + for more info), thanks to Aniello Del Sorbo + +shadow-980529 => shadow-980626 + +- fixed bug in commonio_lock() (infinite recursion if lckpwdf() not + used and database cannot be locked), thanks to Jonathan Hankins +- fixed bug in copy_tree() (NUL-terminate readlink() results), + thanks to Lutz Schwalowsky +- no need to press Enter after Ctrl-C to interrupt password prompt +- removed a few harmless gcc warnings +- secure RPC login disabled if not found (glibc 2.0) +- faillog.8: changed /usr/adm -> /var/log +- pwconv.8: documented that it may fail on invalid password files + +shadow-980417 => shadow-980529 + +- fixed "interesting" strzero() bug introduced by me in 980417: + strzero(cp) didn't work as intended (the macro used a local + variable called "cp" - oops...); Leonard N. Zubkoff was the + first person to report it - thanks! +- fixed usermod -e to accept empty argument (like useradd), + thanks to Martin Bene +- several changes from Debian 980403-0.2, see debian/changelog +- added contrib/shadow-anonftp.patch (not yet merged, sorry...) + thanks to Calle Karlsson + +shadow-980403 => shadow-980417 + +- fixed login session limits (again - broken since 980130) +- more symbolic constants for exit status values +- fixed logoutd to work with 8-character usernames in utmp + (no room for terminating NUL!) +- various fixes to make the code more glibc2-friendly +- updated doc/cracklib26.diff (fix for empty gecos, etc.) +- updated the files in redhat/ from shadow-utils-970616-11.src.rpm + (RH 5.0 updates) + +shadow-980130 => shadow-980403 + +- security: su now creates the sulog file (if enabled and doesn't + already exist) with umask 077 +- hopefully removed arbitrary group size limits (not yet for + shadow groups though - sgetsgent() still needs a rewrite, + but I don't want to delay this release any longer...) +- fixed NULL dereference in groupmod -n + +shadow-971215 => shadow-980130 + +- Debian binary packages can be built without root privileges + (tar wrapper - debian/tar.c) +- new subdir "redhat" (needs more work, see redhat/README) +- in several places, exit(127) if exec fails with ENOENT, and + exit(126) on other errors (as in ksh and bash) +- renamed getpass() and md5_crypt() to libshadow_* to avoid name + conflicts with libc functions - md5_crypt() is also in libcrypt.a + on Linux/PPC, thanks to Anton Gluck +- handle crypt() returning NULL (possible according to Single Unix + Spec) more gracefully (exit instead of SIGSEGV) +- fixed bug in putgrent() that showed up when realloc() moved the + buffer while expanding it, thanks to Floody +- fixed bug in login session limits (with a limit set to N logins, + only N-1 logins were allowed), thanks to Floody +- upgraded to libtool-1.0h (now recognizes GNU ld on Debian 1.3.1) +- newer config.guess and config.sub (should work on x86 for x > 5) +- removed doc/automake-1.0.diff (obsoleted by automake-1.2) +- added doc/cracklib26.diff (some patches for cracklib-2.6) +- documented more (not all yet) login.defs(5) settings +- replaced more exit status numeric values with #defines +- shadow-utils.spec now generated from shadow-utils.spec.in + (so I don't have to edit version numbers for every new release) +- groupadd -f option, based on RedHat's shadow-utils-970616-9 patch + ("force" - exit(0) if the group already exists); other RedHat- + specific options not added yet (best done in a perl script that + runs useradd/usermod/groupadd - see Debian's adduser-3.x) +- added -O option (override login.defs values) to useradd and groupadd +- if usermod can't update the group file(s), exit(10) but update the + password file(s) anyway (as documented by Solaris man page) +- useradd should no longer set sp_expire to the current date (oops) +- configure.in: added --enable-desrpc, check for gethostbyname in libc + before trying libnsl (necessary for Solaris; not for Linux or Irix, + even though libnsl may be present), fixed pw_age/pw_comment/pw_quota + detection, setpgrp vs. setpgid, other minor tweaks +- various */Makefile.am tweaks +- login.defs: added FAKE_SHELL - program to run instead of the login + shell, with the real shell in argv[0] (Frank Denis) +- login.defs: ignore case in yes/no settings +- more E_* defines instead of hardcoded numbers for exit() +- added sanitize_env() for setuid programs +- login_desrpc() checks for getnetname() errors +- new password is not "too similar" if it is long enough +- replacement strstr() was static, no one noticed :-) +- {pw,spw}_lock() and {pw,spw}_unlock() track the lock count and call + lckpwdf() and ulckpwdf() as needed, *_lock_first() hack removed +- login sets $REMOTEHOST for remote logins +- added newgrp -l option (Single Unix Spec, same as "-") +- EXPERIMENTAL shared lib support using libtool (libshadow.so saves about + 200K of disk space on Linux/x86), enabled by default if supported by + the system, use ./configure --disable-shared if it causes any problems. + Warning: libshadow.so is intended for internal use by this package + only - binary compatibility with future releases is not guaranteed. + There should be no need to link any other programs with libshadow.so - + the libshadow.so -> libshadow.so.x.x symlink is unnecessary. +- pam_strerror() takes one or two arguments, depending on the Linux-PAM + version (!) - added check to configure; fixed do_pam_passwd prototype +- libmisc/login_access.c should compile on Linux/PPC and Solaris +- added information about the new ftp site to doc/README.mirrors + +shadow-971001 => shadow-971215 + +- added workaround for NYS libc 5.3.12 (RedHat 4.2) bug to grpck +- updated the RPM .spec file +- renamed rlogin() to do_rlogin() to avoid Linux/PPC build problem + (glibc defines something else named "rlogin" in utmpbits.h ?) +- added MD5 checksums in Debian packages +- added -p and -g options to vipw (edit the password or group file + respectively, regardless of the command name in argv[0]) +- removed old DBM support (NDBM code is still there) +- fixed a bug in gpasswd: current username was incorrectly identified as + "root" because of setuid(0) done too early. It may be a security hole + when using shadow groups - if "root" is listed as a group administrator, + any user can add/remove members in that group. Thanks to Jesse Thilo. +- gpasswd now logs which user (root or group admin) made the changes +- passwd now uses $PATH to search for the chfn, chsh, gpasswd commands +- newgrp and add_groups() allocate supplementary group lists dynamically +- moved check_shell() from src/chsh.c to libmisc/chkshell.c +- CHFN_RESTRICT in login.defs can now specify exactly which fields may be + changed by regular users (any combination of letters "frwh") +- fixed contrib/pwdauth.c segfault with non-existent usernames +- minor change in lib/getdef.c to handle quotes better (Juergen Heinzl) +- new date parsing code (from GNU date) used by useradd, usermod, chage +- upgraded to automake-1.2, added libtool-0.7 (no libshadow.so yet) +- converted code to ANSI C, added ansi2knr (untested - use gcc!) +- fixed useradd -G segfault (one '*' that shouldn't be there) +- allow 8-bit characters in chfn +- added support for RLIMIT_AS (max address space) in libmisc/limits.c +- changed the handling of NIS plus entries in password files +- some more tweaking in various debian/* files +- logoutd uses getutent() instead of reading utmp file directly +- fixed lckpwdf() called twice (and failing) when changing password + if the user is not listed in /etc/shadow (Mike Pakovic) +- erase and kill characters left unchanged if not defined in login.defs + +shadow-970616 => shadow-971001 + +- Debian: mkpasswd no longer installed (dbm files not supported) +- chpasswd checks for shadow/non-shadow at run time, too +- added chpasswd -e (input file with encrypted passwords) - Jay Soffian +- changed libmisc/login_access.c as suggested by Dave Hagewood +- replaced sprintf() with snprintf() in several places +- added lib/snprintf.[ch] (from XFree86) for systems without snprintf() +- minor tweaks in contrib/adduser.c (/usr/local -> /usr) +- non-root users can only run su with a terminal on stdin +- temporarily disabled DES_RPC because getsecretkey() causes login to hang + for 5 minutes on at least one RH 4.0 system. Not sure if this is a bug + in libc, or system misconfiguration. Needs further investigation. +- check for strerror() and -lrpcsvc (should compile on SunOS again) +- fixed free() called twice in libmisc/mail.c +- added information about mirror sites (doc/README.mirrors) +- updated pwconv.8 and pwunconv.8 man pages +- "make install" now installs pwconv, pwunconv, grpconv, grpunconv +- pwauth.8 no longer installed (AUTH_METHODS not supported by default) +- corrected su.1 man page ($SHELL not used) +- no need for --with-md5crypt if the MD5-based crypt() is already in libc + (or another library specified in /etc/ld.so.preload - Linux ld.so 1.8.0+) +- cleaned up PASS_MAX in getpass() (127 always assumed) +- default editor for vipw changed from /bin/ae to a real editor :) + +shadow-970601 => shadow-970616 + +- fixed execlp call (missing NULL) in src/vipw.c +- vipw now preserves permissions on edited files +- commented out the xdm-shadow hack in shadowconfig +- improved RedHat spec file (Timo Karjalainen) +- updated mailing list information +- added information about the shadow paper (doc/README.shadow-paper) +- renamed doc/console.c.spec (confused RPM) + +shadow-970502-2 => shadow-970601 + +- fixed a typo in libmisc/mail.c causing login to segfault + if MAIL_CHECK_ENAB=yes (sorry!) +- patches for OPIE support (Algis Rudys) (untested) +- programs that modify /etc/passwd or /etc/shadow will use + lckpwdf() if available +- now compiles with PAM support! (still untested) +- cosmetic error message changes (prefixed by argv[0]:) + +shadow-970216 => shadow-970502-2 + +- shadow group support fixes (grpconv didn't work - for some + reason, putsgent() returns 1 instead of 0 on success; + now -1 = failure, anything else = success) +- upgraded to autoconf-2.12 +- pwconv and pwunconv now follow other UN*X systems and SVID3 + (modify files in place), original versions moved to "old" +- scologin.c moved to "old" (it was only for SCO Xenix) so + people stop sending patches for scologin.c gcc warnings :) +- don't use the MD5* functions in libmisc/salt.c (glibc has + the new md5 crypt(), but no and MD5* functions!) +- support for MkLinux, Solaris, JIS, Qmail (Frank Denis) +- "passwd -S -a" now really works +- support for Debian, vipw, a few fixes (Guy Maor) +- src/login.c radius bug fix (Rafal Maszkowski) +- ISSUE_FILE_ENAB -> ISSUE_FILE in the sample /etc/login.defs +- fixes for glibc and DES_RPC (Thorsten Kukuk) +- limits.5 man page (Luca Berra) +- expiry will work setgid shadow too, removed euid 0 check +- added check for a64l() to configure (glibc) + +shadow-961025 => shadow-970216 + +- major rewrite of *io.c (no more 4 copies of almost identical code) +- use fsync() (if available) instead of sync() when updating password files +- use fchmod() and fchown() if available +- keep the NIS "plus on a line by itself" entries at end of passwd/group +- configure checks location of passwd/chfn/chsh programs (/usr/bin or /bin) +- passwd -S -a: list information about all users (root only) +- passwd -k: change only expired passwords +- passwd -q: quiet mode +- first attempt at PAM support in passwd +- passwd updates the non-shadow password if /etc/shadow exists but the + user has no shadow password +- passwd logs who changed the password, added hook to allow non-root + administrators who can change passwords (not implemented yet) +- su sets $HOME even without the "-" option (suggested by Joey Hess) +- added -p (set encrypted password) option to useradd and usermod + (idea from hpux10 - undocumented option used internally by SAM) +- useradd -D -e does the right thing (set default expiration date) +- USERDEL_CMD in login.defs instead of hardcoded {ATRM,CRONTAB}_COMMAND + because there are just too many systems that need different commands +- removed #ifdef FAILLOG_LOCKTIME (now always enabled), warning: the + faillog file format has been changed (somewhere between 960129 and + 960810), please truncate the old file (if any) to zero length +- ISSUE_FILE (may be different from /etc/issue) instead of ISSUE_FILE_ENAB +- wtmp, lastlog, faillog file location guessed by configure +- separate checks for invalid user and group names, max username length + based on struct utmp (it's not always 8 characters) +- pwck and grpck now check for invalid user/group names +- pwck -q (quiet, report only serious problems) option added +- separate cleaner sgetpwent() without the NIS magic +- NIS entries ignored (never changed) by *io.c, pwck, grpck +- various code cleanups +- new get_my_pwent() function for getting my own username, uid etc. +- faillog opens the file read-write if possible (even if not root) +- passwd -S allowed for normal users (for their own uid only) +- handle the case of login denied to passwordless accounts better + ("Login incorrect" without "Password:" prompt looks strange) +- corrected author information and removed a copyright restriction + +shadow-960925 => shadow-961025 + +- fixed a few typos in shadow group code +- don't check for names starting with 'r' to determine if the shell + is restricted, use /etc/shells instead (for the "rc" shell) +- removed extra definition of LASTLOG_FILE in configure.in +- expiry no longer segfaults if no /etc/shadow +- userdel -r "can't remove mailbox" warning no longer printed on success +- useradd exit codes changed to match hpux10 man page +- fixed possible fd leak etc. in file locking code (lib/commonio.c) + +shadow-960920 => shadow-960925 + +- bug fixes to the new environment code using malloc +- use hardcoded names instead of basename(argv[0]) for openlog() in programs + that users can run (chage, chfn, chsh, gpasswd, login, newgrp, passwd, su) +- small fix to isexpired(), and use it in passwd as well +- use strftime() and strptime() if available +- added chmod 600 /etc/passwd- at the end of pwconv5 (backup file may + contain encrypted passwords!) +- pass size to change_field (chage, chfn, chsh) instead of assuming BUFSIZ + (nothing bad happened yet, just a cleanup) +- gpasswd should work with both shadow and non-shadow group passwords +- detect unsupported options if no shadow (gpasswd, useradd, usermod) +- passwd -e for sunos4 (ATT_AGE), untested +- read environment from file (ENVIRON_FILE in login.defs), idea from ssh +- small fix to l64a() +- passwd prints a message after password successfully changed (for things + like poppassd which run passwd and expect some output) +- passwd logs if password was changed by root (as opposed to a luser) +- passwd uses current uid if no username argument and getlogin() fails + +shadow-960910 => shadow-960920 + +- use malloc for environment variables, no more MAXENV (Juergen Heinzl) +- newusers should work with both shadow and non-shadow passwords + (still left to do: chpasswd, gpasswd) +- login-static no longer compiled by default +- more SYSLOG() macros + +shadow-960810 => shadow-960910 + +- updated README.linux to point to the new ftp site +- chfn and chsh optionally (CHFN_AUTH) prompt for password like util-linux +- man pages now closer to LDP standards (Ivan Nejgebauer) +- newgrp uses SYSLOG_SG_ENAB (not SU) as in the /etc/login.defs comments +- obscure.c fixed to compile with HAVE_LIBCRACK +- cosmetic message changes in age.c +- utmp open error check fixed in utmp.c +- grpunconv added (Michael Meskes) +- login reports invalid login time, not "Login incorrect" (Ivan Nejgebauer) +- logoutd sets OPOST before writing to the tty (Ivan Nejgebauer) +- sulogin: don't use syslog(), other minor changes (Ivan Nejgebauer) +- passwords can be changed if sp_max == -1 (now considered infinity) +- usermod: don't use sizeof(struct lastlog) when writing to faillog (ugh) +- started replacing lots of #ifdef USE_SYSLOG with cleaner macros +- contrib/rpasswd.c added (Joshua Cowan) +- PASS_MAX is 127 with MD5_CRYPT (not just for Linux - sunos4 too...) +- workarounds for a RedHat NYS libc getspnam() bug (if /etc/shadow + doesn't exist, it succeeds and returns sp_lstchg==0 instead of -1). + +shadow-960129 => shadow-960810 + +- automake, configure checks for libcrypt and libcrack (Janos Farkas) +- added --enable-shadowgrp to configure (shadow groups disabled by default) +- should compile on SunOS 4.1.x - but it does NOT mean that it works :-) +- login sets HUSHLOGIN=TRUE or FALSE (for shell startup scripts etc.) +- hopefully removed all the rcsid warnings +- contrib/atudel perl script to remove at jobs (thanks to Brian Gaeke) +- resource limits (Cristian Gafton) +- workaround for buggy init/getty(?) leaving junk in ut_host on RedHat +- more fixes in man pages +- pwck and grpck no longer suggest to run mkpasswd if *DBM not compiled in +- most programs (groupadd, groupdel, groupmod, grpck, login, passwd, pwck, + su, useradd, userdel, usermod) should now work with both shadow and + non-shadow passwords/groups (check for /etc/shadow and /etc/gshadow at + run time); a few programs still left to do +- mailbox mv/chown/rm in usermod/userdel (suggested by Cristian Gafton) +- new contrib/adduser.c from Chris Evans +- lots of other minor changes +- source tree reorganization, GNU autoconf, portability cleanups +- basename() renamed to Basename() to avoid name space confusion +- new programs to create /etc/shadow and /etc/gshadow: pwconv5, grpconv +- newgrp cleanup and a few fixes +- useradd uses PASS_MAX_DAYS, PASS_MIN_DAYS and PASS_WARN_AGE +- don't make the first group member the group admin by default + (define FIRST_MEMBER_IS_ADMIN to get the old gpasswd behaviour) +- password aging constants, NGROUPS_MAX and syslog stuff in only one + place (defines.h) instead of repeating it in all source files... +- added userdel -r safety check (refuse to remove the home directory + if it would result in removing some other user's home directory) +- usermod -u now correctly checks for non-unique uid (unless -o) +- sync() after updating password files, just to be more safe +- "make install" should install /etc/login.defs if it doesn't exist +- new option to control what happens if we can't cd to the home directory + (DEFAULT_HOME in /etc/login.defs) +- enter the home directory as the user, not as root (for NFS etc.) +- added check for Slackware bugs (nobody UID -1) in pwck and grpck +- new CONSOLE_GROUPS feature (thanks to pacman@tardis.mars.net), it is + possible to add specified groups (floppy etc.) for console logins +- new faillog feature: lock account for specified (per-user) time since + the last failure after exceeding the failure limit +- new man pages (gpasswd.1, login.access.5, suauth.5) +- fixes in man pages, renamed *.4 to *.5 +- new "contrib" directory (two adduser programs) +- changed some "system" to "feature" #ifdefs (autoconf someday...) +- sulogin no longer requires to be run from init, should work from rc + scripts too +- changes to prevent unshadowing with libc SHADOW_COMPAT (get info + using xx_locate(), modify it and call xx_update(), don't write back + anything returned by getpwnam() etc.) +- stupid bug fixed in lastlog.c +- don't move non-directories in "usermod -m" +- don't log unknown usernames (passwords mistyped for usernames) (lmain.c) +- macros to get around ancient compilers which don't like prototypes +- make more use of "const" (not everywhere yet) +- added #ifdef AUTH_METHODS - very few people use administrator defined + authentication methods because many programs are not aware of them; + not supporting them makes the code simpler +- new "save" and "restore" Makefile targets, thanks to Rafal Maszkowski +- sgetgrent() in libshadow.a is optional, some versions of libc have it, + see HAVE_SGETGRENT in config.h (grent.c) +- don't use continued lines in /etc/group, the standard getgr*() functions + don't support that (grent.c) +- removed the third main() argument (according to libc docs, not allowed by + POSIX.1 - use environ instead) (lmain.c, smain.c, newgrp.c, sulogin.c) +- login access control (lmain.c, login_access.c) +- added copyright notice to login_access.c (from logdaemon-5.0) +- detailed su access control (smain.c, suauth.c) - thanks to Chris Evans +- added closelog() in su before executing the shell (smain.c) +- getting current user name changed (smain.c) +- "x" instead of "*" in pw_passwd, consistent with pwconv (useradd.c) +- getpass() shouldn't return NULL except on errors (getpass.c) +- moved isexpired() to isexpired.c (now part of libshadow.a) from age.c +- SunOS4-like passwd -e (force change on next login) (isexpired.c, passwd.c) +- can use shadow support in new versions of Linux libc instead of libshadow.a, + see HAVE_SHADOWPWD, HAVE_SHADOWGRP in config.h.linux (shadow.c, gshadow.c) +- "no shadow password" not logged, the same /bin/login should work with both + shadow and non-shadow passwords (lmain.c) +- some cleanup in various places (lmain.c, passwd.c) +- new program to verify username/password pairs, for xlock etc.; it is not + installed by default, read the comments first (pwdauth.c) +- authentication programs run with empty environment for safety (pwauth.c) +- added missing fstat error checks (faillog.c, lastlog.c, setup.c, *io.c) +- common code separated from *io.c (commonio.c) +- ownership and permissions on password files are now preserved (we may try + to make more use of setgid and setuid non-root programs in the future) +- added (untested) MD5-based crypt() from FreeBSD (md5crypt.c), see + MD5_CRYPT in config.h.linux and MD5_CRYPT_ENAB in login.defs.linux +- termios/termio/sgtty macros cleaned up a bit + +shadow-951218 => shadow-960129 + +Emergency bug fix release - no new features since 951218. There are many +new changes, but this bug really can't wait until they are tested. + +Probably all previous versions of the shadow suite have a serious bug which +makes it possible to overwrite the stack by entering very long username at +the login prompt. This can give root access to any remote user! + +Changed the maximum size in login.c from BUFSIZ (1024) to 32 (to match +size of the array in lmain.c). Aaargh!!! + +shadow-951203 => shadow-951218 + +Changes: +- Linux utmp handling fixes (utmp.c) +- last failure date printing fixes (failure.c) +- minor fix to compile with USE_CRACKLIB (obscure.c) +- eliminated the use of snprintf (env.c, lmain.c, login.c, shell.c, smain.c) +- basename.c added, replacing duplicated code in various places +- "su -" runs the shell with '-' in argv[0] again (smain.c) +- removing at/cron jobs cleaned up (userdel.c) +- /etc/gshadow should not be world-readable (sgroupio.c) +- if fflush() failed, files were not closed (*io.c) +- login prompt is now "hostname login: " on Linux (lmain.c, login.c) +- "save" and "restore" targets commented out (don't work) (Makefile.linux) +- some minor cleanups for gcc -Wall (unused variables etc.) +- removed README.FIRST (copyrights are OK now) +- updated ANNOUNCE, README.linux, WISHLIST +- as suggested, converted to RCS + +shadow-3.3.2-951127 => shadow-951203-jfh + +Changes: +- Added the BSD-style copyright to all of the files. Any files with the + old copyright have multiple copyright holders and need to be cleanroomed + to produce BSD-style copyrightable files, or I need to get the consent + of the others to change the copyright. +- Changed the ANNOUNCE file to not refer to the README.FIRST file. Now + that all of the files should have the correct copyright there is no need + to refer to that e-mail message. +- Changes SCCS strings to "%W% %U% %G%". Marek needs to either convert to + RCS or check into SCCS and then checkout. I'd suggest using RCS ;-) + + jfh@rpp386.cactus.org + +shadow-3.3.2-951106 => shadow-951127 + +Note: for now this code only supports Linux. All the #ifdef's are there +(and will be; support for at least SunOS 4.1.x would be nice) but: +- I had to fix some potential security problems resulting from sloppy + coding (no bounds checking), and it was easier for me to use snprintf() + (not available on many systems, unfortunately), I'll fix that later. + Old versions of Linux libc don't have snprintf() either, and the one + in libbsd.a ignores the max size - don't use it! (libc-4.6.27 is OK) +- I am lazy and only updated Makefile.linux and config.h.linux this time +- I don't have root access to non-Linux systems (this means no testing) +- this code needs some major reorganization, which will (hopefully) + make porting easier + +Changes: +- some code cleanup, prototypes.h, defines.h, Makefile and config.h changes +- login can be statically linked (not that I think it's a good idea, better + fix the telnetd, but paranoid people will like it :-) +- login is installed non-setuid by default +- check for NULL from getpass() +- wipe cleartext password from getpass() when no longer needed (pwauth.c) +- use standard "Password: " prompt by default (pwauth.c) +- hopefully fixed bogus sigaction() stuff (Linux only) (getpass.c) +- oops, setrlimit wants bytes, ulimit wants 512-byte units (lmain.c) +- Linux has +- print ll_host on Linux too (lmain.c) +- size checking in various places (setuid root programs, argh!) +- preserve TERM from getty (lmain.c) +- don't ignore SIGHUP (lmain.c) +- :%s/setenv/set_env/g (setenv(3) conflict) (env.c, lmain.c, login.c) +- remove LD_xxx (env.c) +- use bzero() instead of memset() for BSD portability and less #ifdef's + (if the system has no bzero(), implement it as a macro using memset()) +- the above fixes wrong order of memset() parameters (log.c) +- use getutent/pututline instead of doing it by hand (utmp.c) +- added the new settings to login.defs.linux +- added login_access.c to the distribution (not used yet) + +========== + +shadow-3.3.2 => shadow-3.3.2-951106 + +- added dummy pad.c and #ifdef'ed out references to pad_auth (pwauth.c) +- malloc/strdup error checking, hopefully no more core dumps... +- define HAVE_RLIMIT instead of HAVE_ULIMIT for Linux (config.h.linux) +- changed pathnames on Linux to conform to new FSSTND (/var/log etc.) +- larger buffer for cipher, for md5 crypt() if and when (encrypt.c, passwd.c) +- use POSIX termios whenever possible on Linux +- list.c, removed add_list/del_list from gpmain.c, user{add,del,mod}.c +- strtoday.c, removed duplicates from chage.c, useradd.c, usermod.c +- login -h only for root (lmain.c) +- login -r not needed for Linux (lmain.c) +- sample login.defs modified for Linux (login.defs.linux) +- swapped chfn USAGE and ADMUSAGE (chfn.c) +- added -u to passwd usage (passwd.c) +- no #! check necessary for Linux (shell.c) +- define OLD_CRON for some old incompatible Linux distributions (userdel.c) +- PASS_MAX is now 127 (not 8) for Linux (getpass.c) +- LOGIN_RETRIES, LOGIN_TIMEOUT, PASS_CHANGE_TRIES are no longer compiled in, + can now be set in login.defs, old values are used as defaults (lmain.c) +- unique uid/gid selection now more robust (useradd.c, groupadd.c) +- UID_MIN, UID_MAX, GID_MIN, GID_MAX in login.defs (useradd.c, groupadd.c) +- CRACKLIB_DICTPATH no longer compiled in, can be set in login.defs (passwd.c) +- PASS_ALWAYS_WARN: warn about weak passwords even for root (passwd.c) +- PASS_MAX_LEN, check truncated passwords again (obscure.c) +- check for weak passwords too if previous password was empty (obscure.c) +- CHFN_RESTRICT: don't let users change their full names (chfn.c) +- Linux has getusershell(), use it (chsh.c) +- check if the new shell is executable by the user (chsh.c) +- sleep before printing "Login incorrect", not the other way around (lmain.c) +- don't be picky about utmp only if any of -rfh flags given (lmain.c) +- do "wheel group" more like BSD does (smain.c) +- use getlogin() in su (smain.c) +- UMASK from login.defs defaults to 077, not 0 (lmain.c, newusers.c) +- #undef HAS_ATRM for Linux until atrm can do what we need (config.h.linux) +- Linux has most commands in /usr/bin, not /bin (age.c, passwd.c, userdel.c) +- ULIMIT from login.defs works on systems using setrlimit() too (lmain.c) +- LOGIN_STRING should work now (pwauth.c, getdef.c) +- kludge to avoid conflict with Linux (gshadow.h) +- mv Makefile Makefile.xenix ; mv config.h config.h.xenix - so that they are + not lost when you copy the right ones to Makefile and config.h + +========== + +shadow-3.3.2 + +Original version, received directly from the author. -- cgit v1.2.1