Quoting C. Chad Wallace ([EMAIL PROTECTED]): > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Package: passwd > Version: 1:4.0.18.1-3 > Severity: grave > Justification: causes data loss > > Since some time after sarge, the cppw program does not recognize the -s > switch. When -s is given, it is supposed to copy the file to /etc/shadow, > but instead it copies it to /etc/passwd, effectively disabling ALL logins. > > I've looked at the code (in debian/patches/401_cppw_src.dpatch), and > noticed it is checking for the obsolete symbol SHADOWPWD before checking > for the -s switch. Since that symbol doesn't exist (The Changelog says it > has been removed), it goes ahead and copies the file over /etc/passwd > instead of /etc/shadow.
Thank you for your detailed and extensive bug report. We will of course discuss it with Nicolas François who co-maintains the package and I have no doubt that a quick solution will be found within a few days.
signature.asc
Description: Digital signature
