forked from shadow-maint/shadow
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ChangeLog
15440 lines (10676 loc) · 664 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
2022-11-08 Serge Hallyn <[email protected]>
* useradd.8: fix default group ID (Tim Biermann)
* Revert drop of subid_init() (Serge Hallyn)
* Georgian translation (NorwayFun)
* useradd: Avoid taking unneeded space: do not reset non-existent data
in lastlog (David Kalnischkies)
* relax username restrictions (Alexander Kanavin)
* selinux: check MLS enabled before setting serange (genBTC)
* copy_tree: use fchmodat instead of chmod (Samanta Navarro)
* copy_tree: don't block on FIFOs (Samanta Navarro)
* add shell linter (Jan Macku)
* copy_tree: carefully treat permissions (Samanta Navarro)
* lib/commonio: make lock failures more detailed (Luca BRUNO)
* lib: use strzero and memzero where applicable (Christian Göttsche)
* Update Dutch translation (Frans Spiesschaert)
* Don't test for NULL before calling free (Alex Colomar)
* Use libc MAX() and MIN() (Alejandro Colomar)
* chage: Fix regression in print_date (Xiami)
* usermod: report error if homedir does not exist (Iker Pedrosa)
* libmisc: minimum id check for system accounts (Iker Pedrosa)
* fix usermod -rG x y wrongly adding a group (xyz)
* man: add missing space in useradd.8.xml (Iker Pedrosa)
* lastlog: check for localtime() return value (Iker Pedrosa)
* Raise limit for passwd and shadow entry length (Iker Pedrosa)
* Remove adduser-old.c (Alejandro Colomar)
* useradd: Fix buffer overflow when using a prefix (David Michael)
* Don't warn when failed to open /etc/nsswitch.conf (Serge Hallyn)
2022-08-15 Serge Hallyn <[email protected]>
* Address CVE-2013-4235 (TOCTTOU when copying directories)
(Christian Göttsche)
2022-08-15 Serge Hallyn <[email protected]>
* Fix uk manpages
2022-08-08 Serge Hallyn <[email protected]>
* Add absolute path hint to --root (Celeste Liu)
* Various cleanups (Christian Göttsche)
* Fix Ubuntu release used in CI tests (Jeremy Whiting)
* add -F options to useradd (and tests) (Masatake YAMATO)
* useradd manpage updates (Masatake YAMATO and Alexander Zhang))
* Check for ownerid (not just username) in subid ranges (Iker Pedrosa)
2022-07-04 Serge Hallyn <[email protected]>
* Declare file local functions static (Christian Göttsche)
* Use strict prototypes (Christian Göttsche)
* Do not drop const qualifier for Basename (Christian Göttsche)
* Constify various pointers (Christian Göttsche)
* Don't return uninitialized memory (Christian Göttsche)
* Don't let compiler optimize away memory cleaning (Christian Göttsche)
* Remove many obsolete compatibility checks and defines (Alejandro Colomar)
* Modify ID range check in useradd (Iker Pedrosa)
* Use "extern "C"" to make libsubid easier to use from C++ (Alois Wohlschlager)
* French translation updates (bubu)
* Fix s/with-pam/with-libpam/ (serge)
* Spanish translation updates (Fernando)
* French translation fixes (Balint Reczey)
* Default max group name length to 32 (Jami Kettunen)
* Fix PAM service files without-selinux (Ali Riza KESKIN)
* Improve manpages (Markus Hiereth)
- groupadd, useradd, usermod
- groups and id
- pwck
* Add fedora to CI builds (Iker Pedrosa)
* Fix condition under which pw_dir check happens (Ed Neville)
* logoutd: switch to strncat (Steve Grubb)
* AUTHORS: improve markdown output (Iker Pedrosa)
* Handle ERANGE errors correctly (Niko)
* Check for fopen NULL return (juyin)
* Split get_salt() into its own fn juyin)
* Get salt before chroot to ensure /dev/urandom. (juyin)
* Chpasswd code cleanup (juyin)
* Work around git safe.directory enforcement (serge)
* Alphabetize order in usermod help (Matheus Marques)
* Erase password copy on error branches (Christian Göttsche)
* Suggest using --badname if needed (Iker Pedrosa)
* Update translation files (Iker Pedrosa)
* Correct badnames option to badname (Iker Pedrosa)
* configure: replace obsolete autoconf macros (Christian Göttsche)
* tests: replace egrep with grep -E (Sam James)
* Update Ukrainian translations (Yuri Chornoivan)
* Cleanups (Iker Pedrosa)
- Remove redeclared variable
- Remove commented out code and FIXMEs
- Add header guards
- Initialize local variables
* CI updates (Iker Pedrosa)
- Create github workflow to install dependencies
- Enable CodeQL
- Update actions version
* libmisc: use /dev/urandom as fallback if other methods fail (Xi Ruoyao)
2022-01-02 Serge Hallyn <[email protected]>
* build: include lib/shadowlog_internal.h in dist tarballs (Sam James)
2022-01-02 Serge Hallyn <[email protected]>
* Handle possible TOCTTOU issues in usermod/userdel (edneville)
* (CVE-2013-4235)
* Use O_NOFOLLOW when copying file
* Kill all user tasks in userdel
* Fix useradd -D segfault (Xi Ruoyao)
* Clean up obsolete libc feature-check ifdefs (Alejandro Colomar)
* Fix -fno-common build breaks due to duplicate Prog declarations
(Adam Sampson)
* Have single date_to_str definition (Alejandro Colomar)
* Fix libsubid SONAME version (Sam James)
2021-12-19 Serge Hallyn <[email protected]>
Note: From this release forward, su from this package should be
considered deprecated. Please replace any users of it with su from
util-linux. Please open an issue if there is a problem with that.
We intend to remove it in an upcoming release.
* libsubid fixes (Xi Ruoyao, Serge Hallyn, Iker Pedrosa, Mike Gilbert,
GalaxyMaster, and Luís Ferreira)
* Rename the test program list_subid_ranges to getsubids, write
a manpage, so distros can ship it. (Iker Pedrosa)
* Add libeconf dep for new*idmap (Iker Pedrosa)
* Allow all group types with usermod -G (Iker Pedrosa)
* Avoid useradd generating empty subid range (Iker Pedrosa)
* Handle NULL pw_passwd (Jaroslav Jindrak)
* Fix default value SHA_get_salt_rounds (Mike Gilbert)
* Use https where possible in README (Paul Menzel)
* Update content and format of README (Iker Pedrosa)
* Translation updates (Balint Reczey, Frans Spiesschaert)
* Switch from xml2po to itstool in 'make dist' (Serge Hallyn)
* Fix double frees (Michael Vetter)
* Add LOG_INIT configurable to useradd (Andy Zaugg)
* Add CREATE_MAIL_SPOOL documentation (Andy Zaugg)
* Create a security.md
* Fix su never being SIGKILLd when trapping TERM (Ruihan li)
* Fix wrong SELinux labels in several possible cases (Iker Pedrosa)
* Fix missing chmod in chadowtb_move (GalaxyMaster)
* Handle malformed hushlogins entries (Tobias Stoeckmann)
* Fix groupdel segv when passwd does not exist (François Rigault)
* Fix covscan-found newgrp segfault (Iker Pedrosa)
* Remove trailing slash on hoedir (Ed Neville)
* Fix passwd -l message - it does not change expirey (Ed Neville)
* Fix SIGCHLD handling bugs in su and vipw (Tobias Stoeckmann)
* Remove special case for "" in usermod (Alejandro Colomar)
* Implement usermod -rG to remove a specific group
(Andy Zaugg)
* call pam_end() after fork in child path for su and login
(Björn Fischer)
* useradd: In absence of /etc/passwd, assume 0 == root
(Ludwig Nussel)
* lib: check NULL before freeing data (Iker Pedrosa)
* Fix pwck segfault (Iker Pedrosa)
2021-07-22 Serge Hallyn <[email protected]>
* Updated translations (Björn Esser, Juergen Hoetzel)
* Major salt updates (Björn Esser)
* Various coverity and cleanup fixes (Iker Pedrosa)
* Consistently use 0 to disable PASS_MIN_DAYS in man (tzccinct)
* Implement NSS support for subids and a libsubid (Serge Hallyn)
* setfcap: retain setfcap when mapping uid 0 (Christian Brauner)
* login.defs: include HMAC_CRYPTO_ALGO key (Iker Pedrosa)
* selinux fixes (Christian Göttsche)
* Fix path prefix path handling (Lucas Servén Marín)
* Manpage updates (tzccinct, Sevan Janiyan, Iker Pedrosa, Geert Ijewski,
谭九鼎, Jamin W. Collins, towerpark, andydna, Frans Spiesschaert)
* Treat an empty passwd field as invalid (Haelwenn Monnier)
* newxidmap: allow running under alternative gid (Martijn de Gouw)
* usermod: check that shell is executable (Geert Ijewski)
* Add yescript support (Rodolphe Bréard)
* useradd memleak fixes (whzhe)
* useradd: use built-in settings by default (Ludwig Nussel)
* getdefs: add foreign (non-shadow-utils) items (Karel Zak)
* buffer overflow fixes (Tobias Stoeckmann)
* Adding run-parts style for pre and post useradd/del ([email protected])
2020-01-23 Serge Hallyn <[email protected]>
* selinux: inclue stdio (Michael Vetter)
* man: don't suggest making groupmems user-writeable (Michael Weiser)
* Makefile: bail out on error in for loops (Wolfgang Bumiller)
* Adding logging of SSH_ORIGINAL_COMMAND to nologin. ([email protected])
* add new HOME_MODE login.defs option (Duncan Overbruck)
* Add tty logging to useradd ([email protected])
* Useradd: make non-executable shell check only a warning (Tomas Mraz)
* Update Dutch translation (Frans-Spiesschaert)
* user_busy: Do not mistake a regular user process for a namespaced one (Tomas Mraz)
* Revert "Honor --sbindir and --bindir for binary installation" Patrick McLean)
2019-12-20 Dave Reisner <[email protected]>
* Do not auto-enable acct_tools_setuid just because
pam is enabled. NOTE - any distros which are relying
on this behavior will need to switch to configure
--enable-account-tools-setuid
2019-12-01 Serge Hallyn <[email protected]>
* Release 4.8
* Initial optional bcrypt support.
* Make build/install of 'su' optional.
* Fix for vipw not resuming correctly when suspended
* Sync password field descriptions in manpages
* Check for valid shell argument in useradd
* Allow translation of new strings through POTFILES.in
* Migrate to itstool for translations
* Migrate to new SELinux api
* Support --enable-vendordir
* pwck: Only check homedir if set and not a system user
* Support nonstandard usernames
* sget{pw,gr}ent: check for data at EOL
* Add YYY-MM-DD support in chage
* Fix failing chmod calls for suidubins
* Fix --sbindir and --bindir for binary installations
* Fix LASTLOG_UID_MAX in login.defs
* Fix configure error with dash
2019-06-13 Serge Hallyn <[email protected]>
* Release 4.7
* Spawn: don't loop forever on ECHILD
* Do not fail locking if there is a stale lockfile Tomas Mraz)
* Use lckpwdf if prefix not set (Tomas Mraz)
* Build: check correct DocBook version (Jan Tojnar)
* Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn)
* Add support for btrfs subvolumes for home (Adam Majer)
* Fix chpasswd long line handling (Nathan Ruiz)
* Use secure_getenv for gettime (Chris Lamb)
* Make sp_lstchg reproducible (Chris Lamb)
* Do not crash commonio_close if db file is not open (Tomas Mraz)
* Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
* French manpage update (Alban VIDAL)
* Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
* Sync po files from shadow.pot (Alban VIDAL)
* Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
* Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
* new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
* Fix segfault in useradd (Tomas Mraz)
* Coverity issues (Tomas Mraz)
* Flush sssd caches (Jakub Hrozek)
* Log UID in nologin (Vladimir Ivanov)
* run pam_getenvlist after setup_env in su.c (Michael Vogt)
* Support systems with only utmpx (A. Wilcox)
* Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
* Update po/zh_CN translation (Lion Yang)
* Create parent dirs for useradd -m (Michael Vetter)
* Prevent usermod segv
* Fix usermod crash (fariouche)
2018-04-29 Serge Hallyn <[email protected]>
* Release 4.6
* Newgrp: avoid unnecessary lookups
* Make language less binary
* Add error when turning off man switch
* Spelling fixes
* Make userdel work with -R
* newgidmap: enforce setgroups=deny if self-mapping a group
* Norwegian bokmål translation
* pwck: prevent crash by not passing O_CREAT
* WITH_TCB fixes from Mandriva
* Fix pwconv and grpconv entry skips
* Fix -- slurping in su
* add --prefix option
2017-07-16 Serge Hallyn <[email protected]>
* Import new Dutch translations.
2017-07-10 Serge Hallyn <[email protected]>
* Expand error codes for groupmod.
2017-05-17 Serge Hallyn <[email protected]>
* Release 4.5
2017-05-17 Serge Hallyn <[email protected]>
* Patch from Tobias Stoeckmann fixing regression in previous CVE fix
preventing SIGTERM to su from being propagated to the job.
* Patch from Chris Lamb making sp_lstchg shadow field reproducible.
* Merge Russian translation updates from Yuri Kozlov
* Fix missing close of subuid file on error
2017-02-23 Serge Hallyn <[email protected]>
* Merge patch by Tobias Stoeckmann <[email protected]> to fix
the equivalent of util-linux CVE-2017-2616.
2017-02-08 Serge Hallyn <[email protected]>
* Update Kazakh translations
* Consult configuration before calculating subuids
* Remove misplaced semicolon
2017-01-29 Serge Hallyn <[email protected]>
* Patch from Fedora to improve performance with SSSD, Winbind,
or nss_ldap. (Tomas Mraz)
* Make sure knowndef_table is NULL-terminated. (Bernhard Rosenkränzer)
2016-12-21 Serge Hallyn <[email protected]>
* Drop leading underscore from _COMMONIO_H and _SHADOWIO_H
* Fix readability in usermod error messages.
* Reset user in tallylog
* Add audit support to su
2016-12-02 Serge Hallyn <[email protected]>
* changes since 4.4
- Use sizeof rather than hardcoding snprintf args
- Fix useradd improper default loading
- Update Vietnamese translations
- Update Polish translations
- Remove non-POSIX chmod option in Makefile
- Fix suidubins assignments
- Fix --add-subuids etc spelling in manpages
- Audit homedir ownership change.
- Print error on selinux file context update failure
- Keep original file perms when creating a backup
* (henceforth we'll update Changelog with each commit
and proper credit)
2016-12-02 Serge Hallyn <[email protected]>
* Changes since 4.2.1:
- Documentation, error report and translations updates
- Replace path_max with 32
- User namespace support fixes/updates including:
- Correct sanity checks in newXidmap
- Fix building without subuid support
- Add /etc/subuid support for UID matching
- Support subuid for nonlocal users
- Default to 65536 subuid allocations
- Respect -r
- Check for range overflows
- Add tests from svn tree
- Use AC_CHECK_SIZEOF for uid_t size checks
- Accomodate missing /etc and login.defs
- Support FORCE_SHADOW
- Be more robust in hostile environment
- Allow removing a primary group
- Clear passwords on __pw_dup errors
- Memory leak fix in commonio_update and get_map_ranges
- Fix resource leak in syslog_sg
- Fix user busy error at userdel
- Support set/clear lastlog record via lastlog command
- Add --no-create-home as longopt for -M
- Fix signal races
- Reduce syslog priority of common usage events
2013-08-25 Nicolas François <[email protected]>
* src/vipw.c: After waitpid(), use errno only if waitpid returned
-1. Debian#688260
* src/vipw.c: Likewise for system().
2013-08-23 victory <[email protected]>
* po/ja.po: Updated to 558t
2013-08-22 Nicolas François <[email protected]>
* man/po/shadow-man-pages.pot: Regenerated.
* man/po/*.po: Updated PO files.
2013-08-22 Nicolas François <[email protected]>
* man/newgrp.1.xml: Fix encoding.
* man/sg.1.xml: Likewise.
2013-08-22 Nicolas François <[email protected]>
* man/po/da.po: Unfuzzy according to previous change.
* man/po/de.po: Likewise.
* man/po/fr.po: Likewise.
* man/po/it.po: Likewise.
* man/po/pl.po: Likewise.
* man/po/ru.po: Likewise.
* man/po/sv.po: Likewise.
* man/po/zh_CN.po: Likewise.
2013-08-22 Nicolas François <[email protected]>
* man/chage.1.xml: Add a non breaking space between options and
their parameter because xml2po removes those spaces. Alioth#314401
* man/chfn.1.xml: Likewise.
* man/chgpasswd.8.xml: Likewise.
* man/chpasswd.8.xml: Likewise.
* man/chsh.1.xml: Likewise.
* man/faillog.8.xml: Likewise.
* man/gpasswd.1.xml: Likewise.
* man/groupadd.8.xml: Likewise.
* man/groupdel.8.xml: Likewise.
* man/groupmems.8.xml: Likewise.
* man/groupmod.8.xml: Likewise.
* man/grpck.8.xml: Likewise.
* man/lastlog.8.xml: Likewise.
* man/newusers.8.xml: Likewise.
* man/passwd.1.xml: Likewise.
* man/pwck.8.xml: Likewise.
* man/pwconv.8.xml: Likewise.
* man/su.1.xml: Likewise.
* man/useradd.8.xml: Likewise.
* man/userdel.8.xml: Likewise.
* man/usermod.8.xml: Likewise.
* man/vipw.8.xml: Likewise.
2013-08-22 Nicolas François <[email protected]>
* man/po/shadow-man-pages.pot: Regenerated.
* man/po/*.po: Updated PO files.
2013-08-22 Nicolas François <[email protected]>
* man/po/de.po: Fix encoding.
2013-08-19 Nicolas François <[email protected]>
* lib/subordinateio.c (subordinate_next): Fix return value.
2013-08-16 Nicolas François <[email protected]>
* libmisc/idmapping.c: Include <stdio.h> needed for fprintf() and
stderr.
2013-08-15 Nicolas François <[email protected]>
* man/login.defs.d/SUB_GID_COUNT.xml: Document newusers behavior
when the user already have subordinate group IDs.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/login.defs.d/SUB_GID_COUNT.xml: Fix typo (MAX<->MIN).
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
2013-08-15 Nicolas François <[email protected]>
* src/usermod.c: Check early if /etc/subuid (/etc/subgid) exists
when option -v/-V (-w/-W) are provided.
2013-08-15 Nicolas François <[email protected]>
* src/usermod.c: Fix parse of ranges. The hyphen might be followed
by a negative integer.
2013-08-15 Nicolas François <[email protected]>
* lib/subordinateio.c (find_free_range): max is allowed for new
ranges.
2013-08-15 Nicolas François <[email protected]>
* libmisc/find_new_sub_gids.c: Remove dead code.
find_new_sub_gids() is always called with *range_count set to 0.
It's more difficult to keep the subordinate GIDs and UIDs
synchronized, than for the user's UID/GId because the count of
subordinate IDs may differ.
* libmisc/find_new_sub_uids.c: Likewise.
* lib/subordinateio.h, lib/subordinateio.c: Remove APIs that are
no more needed: is_sub_uid_range_free(), is_sub_gid_range_free(),
is_range_free().
2013-08-13 Nicolas François <[email protected]>
* configure.in: Check if sizeof uid_t and gid_t is larger than 32
bit to support subordinate IDs.
2013-08-13 Nicolas François <[email protected]>
* lib/subordinateio.c: Avoid dead branches.
* lib/subordinateio.c: Add schematics with ranges to help reviews.
* lib/subordinateio.c: Avoid implicit conversion of pointers and
integers to booleans.
* lib/subordinateio.c: Added brackets.
2013-08-13 Nicolas François <[email protected]>
* src/vipw.c: Fail in case arguments are provided after options.
Debian#677812
2013-08-13 Nicolas François <[email protected]>
* lib/subordinateio.c: Fix count for ranges truncated in
remove_range().
2013-08-13 Nicolas François <[email protected]>
* src/su.c: Terminate the child (if needed) before closing the PAM
session. This is probably more correct, and avoid reporting
termination from signals possibly sent by PAM modules (e.g. former
versions of pam_systemd). Debian#670132
2013-08-13 Nicolas François <[email protected]>
* src/su.c: When a SIGTSTP is caught, reset caught to 0. There is
no need to kill the child in such case after su is resumed. This
remove the "Session terminated, terminating shell...
...terminated." messages in such case.
2013-08-13 Nicolas François <[email protected]>
* man/newgidmap.1.xml: Document the checks performed before
setting the mapping in /proc.
* man/newuidmap.1.xml: Likewise.
2013-08-13 Nicolas François <[email protected]>
* libmisc/idmapping.h: Document what the upper and lower fields
are in struct map_range.
* man/newgidmap.1.xml: Document when the gid, gidlower and count
argument are.
* man/newuidmap.1.xml: Likewise for uid, uidlower and count.
2013-08-13 Nicolas François <[email protected]>
* libmisc/salt.c (shadow_random): Use long instead of size_t.
Compatibility with size_t is easier to check since it's used for
smaller numbers (salt size).
2013-08-13 Nicolas François <[email protected]>
* lib/groupmem.c: Add splint annotations. The added memset makes
splint think data was allocated.
* lib/pwmem.c: Likewise.
* lib/sgroupio.c: Likewise.
* lib/shadowmem.c: Likewise.
2013-08-13 Nicolas François <[email protected]>
* man/login.defs.d/SUB_GID_COUNT.xml: Document that the behavior
of useradd and newusers depends on the existence of /etc/subgid.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise for /etc/subuid.
2013-08-13 Nicolas François <[email protected]>
* src/useradd.c: Change message in case of find_new_sub_uids /
find_new_sub_gids failure. This complements the messages already
provided by these APIs.
2013-08-13 Nicolas François <[email protected]>
* lib/subordinateio.c: Fix handling of boundaries.
* libmisc/find_new_sub_uids.c: Likewise.
* libmisc/find_new_sub_gids.c: Likewise.
2013-08-12 Nicolas François <[email protected]>
* lib/subordinateio.c: Fix removal of ranges. The database needs
to be marked as changed or commonio_close will discard any change.
2013-08-11 Nicolas François <[email protected]>
* man/newusers.8.xml: Include documentation of SUB_GID_MIN,
SUB_GID_MAX, SUB_GID_COUNT, SUB_UID_MIN, SUB_UID_MAX,
SUB_UID_COUNT.
* man/useradd.8.xml: Likewise.
* man/usermod.8.xml: Likewise.
* man/newusers.8.xml: Document usage of /etc/subgid /etc/subuid.
* man/useradd.8.xml: Likewise.
* man/userdel.8.xml: Likewise.
* man/usermod.8.xml: Likewise.
* man/newusers.8.xml: Add references to subgid(5) and subuid(5).
* man/useradd.8.xml: Likewise.
* man/userdel.8.xml: Likewise.
* man/subgid.5.xml: Sort references alphabetically.
* man/subuid.5.xml: Likewise.
* man/subgid.5.xml: Add references to newusers(8), useradd(8),
userdel(8), usermod(8), user_namespaces(7).
* man/subuid.5.xml: Likewise.
2013-08-11 Nicolas François <[email protected]>
* man/newgidmap.1.xml: Sort references alphabetically.
* man/newuidmap.1.xml: Likewise.
2013-08-11 Nicolas François <[email protected]>
* configure.in: Add configure options --enable-subordinate-ids /
--disable-subordinate-ids. Enabled by default.
* lib/prototypes.h: Include <config.h> before using its macros.
* lib/commonio.h, lib/commonio.c: Define commonio_append only when
ENABLE_SUBIDS is defined.
* lib/prototypes.h, libmisc/find_new_sub_gids.c,
libmisc/find_new_sub_uids.c: Likewise.
* lib/subordinateio.h, lib/subordinateio.c: Likewise.
* libmisc/user_busy.c: Only check if subordinate IDs are in use if
ENABLE_SUBIDS is defined.
* src/Makefile.am: Create newgidmap and newuidmap only if
ENABLE_SUBIDS is defined.
* src/newusers.c: Check for ENABLE_SUBIDS to enable support for
subordinate IDs.
* src/useradd.c: Likewise.
* src/userdel.c: Likewise.
* src/usermod.c: Likewise.
* man/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 only if ENABLE_SUBIDS is defined.
* man/fr/Makefile.am: Install man1/newgidmap.1, man1/newuidmap.1,
man5/subgid.5, and man5/subuid.5 (not translated yet).
* man/generate_mans.mak: Add xsltproc conditionals
subids/no_subids.
* man/login.defs.d/SUB_GID_COUNT.xml: Add dependency on subids
condition.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/usermod.8.xml: Document options for subordinate IDs and
reference subgid(5) / subuid(5) depending on the subids condition.
2013-08-09 Nicolas François <[email protected]>
* libmisc/salt.c: Remove unused variable.
2013-08-07 Nicolas François <[email protected]>
* libmisc/utmp.c: Add include files needed for getaddrinfo().
See Alioth#314271
2013-08-07 Mike Frysinger <[email protected]>
* configure.in: Check at configure time whether libc supports
ruserok (support dropped by newer C libraries).
2013-08-07 Nicolas François <[email protected]>
* man/usermod.8.xml: Fix typos and wording.
* man/usermod.8.xml: Add references to subgid(5) and subuid(5).
2013-08-07 Nicolas François <[email protected]>
* libmisc/find_new_sub_gids.c: Fix wording: secondary ->
subordinate.
* libmisc/find_new_sub_uids.c: Likewise.
2013-08-06 Nicolas François <[email protected]>
* libmisc/find_new_sub_gids.c: Remove duplicate check (duplicate
at least in its intent).
* libmisc/find_new_sub_uids.c: Likewise.
2013-08-06 Nicolas François <[email protected]>
* src/usermod.c: Fix typos.
2013-08-06 Nicolas François <[email protected]>
* man/subgid.5.xml: Reorder words.
* man/subuid.5.xml: Likewise.
2013-08-06 Nicolas François <[email protected]>
* man/subgid.5.xml: Fix typos.
* man/subuid.5.xml: Likewise.
* man/subgid.5.xml: Fix copy-paste errors from subuid.5.xml.
2013-08-06 Nicolas François <[email protected]>
* man/newgidmap.1.xml: Remove copy-pasted NOTE.
* man/newuidmap.1.xml: Likewise.
2013-08-06 Nicolas François <[email protected]>
* lib/subordinateio.c: Remove unused variables.
2013-08-06 Nicolas François <[email protected]>
* man/login.defs.d/SUB_GID_COUNT.xml: Fix typo.
* man/login.defs.d/SUB_UID_COUNT.xml: Likewise.
* man/login.defs.d/SUB_UID_COUNT.xml: Fix copy-paste issue from
SUB_GID_COUNT.
* man/newgidmap.1.xml: Fix Typo.
* src/useradd.c: Fix typos.
* lib/subordinateio.c: Fix typos.
2013-08-06 Nicolas François <[email protected]>
Fix Debian bug #675824
* lib/groupmem.c (__gr_dup): Support libc which define other
fields in struct group.
* lib/pwmem.c: Likewise for struct passwd.
* lib/shadowmem.c: Likewise for struct spwd.
* lib/sgroupio.c: Apply same logic, even if this structure is
defined internally.
2013-08-05 Nicolas François <[email protected]>
* lib/groupio.c: Revert change from 2013-07-29. The length of the
concatenated 2 lines was correct.
2013-08-05 Nicolas François <[email protected]>
* libmisc/salt.c: random() max value is 2^31-1 (same as RAND_MAX
on GNU). As it is not clear whether on some systems the max value
can exceed this number and whether some systems have max values
which would be lower, we take this into account when defining the
salt size and number of rounds for SHA encrypted passwords. Higher
values are favored.
2013-08-04 Nicolas François <[email protected]>
* man/su.1.xml: With getopt, '-' does not need to be the last
option, but it is recommended for portability.
Closes https://bugs.launchpad.net/bugs/1100775
2013-08-04 Nicolas François <[email protected]>
* NEWS: Add NEWS entries.
2013-08-04 Nicolas François <[email protected]>
* man/po/da.po: Fix translation (--home became --home-dir).
* man/po/de.po: Likewise.
* man/po/fr.po: Likewise.
* man/po/pl.po: Likewise.
* man/po/ru.po: Likewise.
* man/po/sv.po: Likewise.
2013-08-04 Nicolas François <[email protected]>
* lib/groupio.c (merge_group_entries): Do not allocate more than
necessary (sizeof char* instead of char).
Thanks for Tomáš Mráz (alioth#313962)
* lib/groupio.c (merge_group_entries): Document that new_members
is correctly NULL terminated. (alioth:#313940)
2013-08-03 Nicolas François <[email protected]>
* Changelog: Update documentation of 2013-07-28 mancha entry.
* lib/prototypes.h, lib/encrypt.c: Update splint marker,
pw_encrypt can return NULL.
* lib/encrypt.c: Fix outdated statement on GNU crypt.
* src/chgpasswd.c: Improve diagnostic to user when pw_encrypt
fails and use fail_exit() instead of exit().
* src/chpasswd.c: Likewise.
* src/newusers.c: Likewise.
* src/passwd.c: Likewise when new password is encrypted.
* src/newgrp.c: Improve diagnostic to user and syslog when
pw_encrypt fails. Do not apply 1s penalty as this is not an
invalid password issue.
* src/passwd.c: Likewise when password is checked.
2013-08-02 Nicolas François <[email protected]>
* libmisc/setupenv.c: xstrdup the static char* temp_pw_dir /
temp_pw_shell. That way we can continue to use pw_free() without
segving. Thanks to Serge Hallyn for the patch.
* libmisc/setupenv.c: Free pw_dir and pw_shell before reallocating
them.
2013-08-01 Yuri Kozlov <[email protected]>
* po/ru.po: completed translation
Closes: Debian#718356
2013-07-29 Michael Scherer <[email protected]>
* libmisc/root_flag.c: use chdir() before calling chroot() to
avoid potential security issue (see
http://www.bpfh.net/simes/computing/chroot-break.html)
Closes: alioth#313962
2013-07-29 Christian Perrier <[email protected]>
* man/useradd.xml: use "--home-dir" instead of "--home"
Fix translations too.
Thanks to Ville Skyttä
Closes: alioth#313880
2013-07-29 Ville Skyttä <[email protected]>
* man/ja/man8/groupmod.8: Syntax fix
Closes: alioth#313785
2013-07-29 Brad Hubbard <[email protected]>
* lib/groupio.c: add newline char when two lines
are concatenated
Closes: alioth#313942
* lib/groupio.c: fix uninitialised memory in
merge_group_entries causes segfault in useradd by changing
a call to malloc to a call to calloc
Closes: alioth:#313940
2013-07-28 Guido Trentalancia <[email protected]>
* etc/login.defs: fix typographic errors and use a better format
Closes: Debian#685415
2013-07-28 Simon Brandmair <[email protected]>
* man/po/de.po: translation completed : 1203 translated messages
Closes: Debian#679152
2013-07-28 mancha <[email protected]>
* lib/encrypt.c (pw_encrypt): crypt() in glibc/eglibc 2.17 now
fails if passed a salt that violates specs. On Linux, crypt() also
fails with DES/MD5 salts in FIPS140 mode. Rather than exit() on
NULL returns we send them back to the caller for appropriate
handling (instead of exiting). Closes: alioth#314234
* lib/pwauth.c: Handle NULL return from pw_crypt(), return non
zero (as in case of failure).
* libmisc/valid.c: Likewise.
* src/chgpasswd.c: Handle NULL return from pw_crypt(), report
crypt error to stderr and exit.
* src/chpasswd.c: Likewise.
* src/gpasswd.c: Likewise.
* src/newusers.c: Likewise.
* src/passwd.c: Likewise when new password is encrypted.
* src/newgrp.c: Handle NULL return from pw_crypt(), report crypt
error to stderr and syslog and return to report unchanged
password.
* src/passwd.c: Likewise when password is checked.
2013-07-28 Christian Perrier <[email protected]>
* configure.in: Prepare for next point release 4.2.
* if using the static char* for pw_dir, strdup it so
pw_free() can be used. (Closes: Debian#691459, alioth#313957)
* Kill the child process group, rather than just the
immediate child; this is needed now that su no
longer starts a controlling terminal when not running an
interactive shell (closes: Debian#713979)
Thansk to Colin Watson for the patch.
2012-05-25 Nicolas François <[email protected]>
* NEWS: Set release date.
* man/po/shadow-man-pages.pot: Regenerated.
* man/po/*.po: Updated PO files.
2012-05-25 Nicolas François <[email protected]>
* man/*.xml: Add author based on copyright statement.
* man/<ll>/*.[1358], man/<ll>/man[1358]/*.[1358],
man/<ll>/Makefile.am: Sort manpages per section as the generated
manpages.
2012-05-20 Nicolas François <[email protected]>
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2012-05-20 Nicolas François <[email protected]>
* man/Makefile.am, man/generate_mans.mak: Update clean targets,
due to the generation in separate sub folders.
2012-05-20 Nicolas François <[email protected]>
* man/su.1.xml: Document author to avoid warnings during
generation. This needs to be rolled out to other manpages.
* man/generate_mans.mak: Do not add a AUTHOR section in the man
pages.
2012-05-20 Nicolas François <[email protected]>
* src/su.c: non PAM enabled versions: do not fail if su is called
without a controlling terminal. Ignore ENXIO errors when opening
/dev/tty.
2012-05-20 Nicolas François <[email protected]>
* src/useradd.c: Cleanup, return code 13 no more used.
* man/useradd.8.xml: Document return code 14, and remove return
code 13.
2012-05-20 Nicolas François <[email protected]>
* NEWS, man/generate_mans.mak: Generate manpages in man1, man3,
man5, man8 subdirectories. This fix the generation of .so links
which did not point to a path relative to the top-level manual
hierarchy.
* man/generate_mans.mak: Update man paths accordingly.
* man/Makefile.am: Likewise.
* man/da/Makefile.am: Likewise.
* man/de/Makefile.am: Likewise.
* man/fr/Makefile.am: Likewise.
* man/it/Makefile.am: Likewise.
* man/pl/Makefile.am: Likewise.
* man/ru/Makefile.am: Likewise.
* man/sv/Makefile.am: Likewise.
* man/zh_CN/Makefile.am: Likewise.
2012-05-20 Nicolas François <[email protected]>
* configure.in: Prepare for next point release 4.1.5.1.
2012-05-19 Nitin A Kamble <[email protected]>
* configure.in: Remove deprecated AM_C_PROTOTYPES (no more
supported in automake 1.12).
2012-05-18 Nicolas François <[email protected]>
* src/useradd.c: Keep the default file as much as possible to
avoid issue in case of crash. Use link instead of rename.
2012-05-18 Peter Vrabec <[email protected]>
* lib/commonio.c: Fix labeling of /etc/{passwd,shadow,group,gshadow}.
It will basically label them with same context as
/etc/{passwd+,shadow+,group+,gshadow+}
2012-05-18 Nicolas François <[email protected]>
* src/pwunconv.c: Do not check spw_close() return value (file is
opened readonly).
* src/grpunconv.c: Do not check sgr_close() return value (file is
opened readonly).
2012-05-18 Nicolas François <[email protected]>
* NEWS, src/userdel.c: Fix segfault when userdel removes the
user's group.
2012-05-17 Nicolas François <[email protected]>
* NEWS, src/login.c: Log in utmp / utmpx / wtmp also when PAM is
enabled. This is not done by pam_lastlog. This was broken on
2011-07-23.
* NEWS, libmisc/utmp.c: Do not log in wtmp when PAM is enabled.
This is done by pam_lastlog.
2012-05-17 Christian Perrier <bubulle@Êebian.org>
* man/po/fr.po: French translation of manpages completed
2012-05-17 Simon Brandmair <[email protected]>
* man/po/de.po: German translation of manpages completed
2012-02-12 Nicolas François <[email protected]>
* NEWS: New placeholder for the next release (4.1.5.1 expected)
2012-04-15 Robert Luberda <[email protected]>
* man/po/pl.po: Complete translation of logoutd(8) in Polish.
2012-02-13 Mike Frysinger <[email protected]>
* src/passwd.c: (non PAM flavour) Report permission denied when
access to /etc/shadow fails with EACCES.
2012-02-13 Mike Frysinger <[email protected]>
* lib/nscd.c: Add missing newline to error message.
* lib/nscd.c: If nscd is installed but not in use, then running
`nscd -i` will exit(1). We shouldn't warn in this case since this
is not abnormal behavior.
2012-02-13 Mike Frysinger <[email protected]>
* man/.gitignore: Add generate_mans.deps
2012-02-13 Mike Frysinger <[email protected]>
* man/grpck.8.xml: Relocate space.
2012-02-13 Mike Frysinger <[email protected]>
* libmisc/copydir.c: Add missing #include <stdarg.h>
2012-02-12 Nicolas François <[email protected]>
* NEWS: Set release date.
2012-02-12 Nicolas François <[email protected]>
* po/shadow.pot, man/po/shadow-man-pages.pot: Regenerated.
* po/*.po, man/po/*.po: Updated PO files.
2012-02-11 Giuseppe Sacco <[email protected]>
* man/po/it.po: Updated after review.
2012-02-11 Nicolas François <[email protected]>
* man/it/Makefile.am: Activate all manpages.
* man/po/it.po: Fix formal issues (end of lines).
2012-02-11 Giuseppe Sacco <[email protected]>
* man/po/it.po: Updated to 1173t.
2012-01-30 Nicolas François <[email protected]>
* man/useradd.8.xml, man/su.1.xml, man/po/da.po, man/po/ru.po,
man/po/fr.po, man/po/de.po, man/po/sv.po, man/po/pl.po,
man/po/it.po, man/po/shadow-man-pages.pot, man/po/zh_CN.po: Fix
two typos. Thanks to Giuseppe Sacco. Unfuzzy translations
* po/kk.po, po/nb.po, po/el.po, po/ca.po, po/ja.po: Re-generate.
* man/login.defs.d/ENV_PATH.xml, man/login.defs.d/ENV_SUPATH.xml:
Fix typo.