lp:ubuntu/lucid-security/shadow

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

36. By Kees Cook on 2011-02-14

* SECURITY UPDATE: could inject NIS groups memberships into /etc/passwd.
  - debian/patches/900_locale_env_sanity: actually set locale environment
    variables correctly.
  - debian/patches/901_reject_newline: reject newlines in GECOS updates.
  - CVE-2011-0721

35. By Marc Deslauriers on 2010-01-26

* debian/{source_shadow.py,rules}: Add apport hook
* debian/rules: fix FTBFS from newer libtools

34. By Nicolas Valcarcel on 2009-11-07

* Merged with debian unstable. Remaning changes (LP: #477299):
  - Ubuntu specific:
    + debian/login.defs: use SHA512 by default for password crypt routine.
  - debian/patches/495_stdout-encrypted-password: chpasswd can report
    password hashes on stdout (Debian bug 505640).
  - Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.

33. By Loïc Minier on 2009-07-31

debian/securetty.linux: also list ttyS2 and ttyS3; beagleboard uses ttyS2
as serial port.

32. By Colin Watson on 2009-06-03

* Resynchronise with Debian. Remaining changes:
  - Ubuntu specific:
    + debian/login.defs: use SHA512 by default for password crypt routine.
  - debian/patches/495_stdout-encrypted-password: chpasswd can report
    password hashes on stdout (Debian bug 505640).
* Rework 495_stdout-encrypted-password to cope with chpasswd using PAM.
  It's looking a bit ugly now ...

31. By Kees Cook on 2009-05-05

* Merge from debian unstable, remaining changes:
  - Ubuntu specific:
    + debian/login.defs: use SHA512 by default for password crypt routine.
  - debian/patches/stdout-encrypted-password.patch: chpasswd can report
    password hashes on stdout (debian bug 505640).
  - debian/login.pam: Enable SELinux support (debian bug 527106).
  - debian/securetty.linux: support Freescale MX-series (debian bug 527095).
* Add debian/patches/300_lastlog_failure: fixed upstream (debian bug 524873).
* Drop debian/patches/593_omit_lastchange_field_if_clock_is_misset: fixed
  upstream.

30. By Kees Cook on 2009-04-03

debian/login.preinst: fix typo in grep (LP: #354887).

29. By Kees Cook on 2009-04-03

debian/login.preinst: add special-case handling to restore the
original white-space in /etc/login.defs that is changed by
system-tools-backends (LP: #316756).

28. By Michael Casadevall on 2009-04-02

* debian/patches/593_omit_lastchange_field_if_clock_is_misset (LP: #349504)
  - If the system clock is set to Jan 01, 1970, and a new user is created
    the last changed field gets set to 0, which tells login that the
    password is expired and must be changed. During installation,
    this can cause autologin to fail. Having the clock set to 01/01/1970
    on a fresh install is common on the ARM architecture, so this is a high
    priority bug since its likely to affect most ARM users on first install

27. By Colin Watson on 2009-03-17

[ Bryan McLellan ]
Don't do the vm-builder root password check on fresh installations
(LP: #340841).