Hello fellow developers, I would like to request your help in testing the new version of the shadow package (that provides login, passwd and such other important or base packages).
Debian is upstream for shadow since Nicolas François (with my help) took over the maintenance of shadow back in 2005. Since then, Nicolas, whose expertise in C programming is millions of miles ahead of mine, did a great job in maintaining the package, keeping its bug log low and in general keep it as safe and clean as possible. However since about 2-3 years, Nicolas is much less active in Debian than he was and I'm mostly left alone really maintaining shadow as a Debian package. And thus, the package had very few uploads. Still, last work by Nicolas happened in early 2013 when he worked again on some requested new features, merging in some proposed work by Serge Hallyn. Later on, more enhancements have been proposed by other people, mostly to integrate the support for subuid/subgid. I'd like to thank, here, Eric Biedermann, Serge Hally and Micah Anderson who helped a lot integrating this, as I know nearly nothing about all this stuff. That lead to a new upstream version (4.2) which, unfortunately, Nicolas had no free time to officially publish. Moreover, all this converged roughly during the wheezy freeze and it was of course inappropriate to upload this. Then dust started to pile up again on shadow....and all this work remained unpublished. Partly also because my own involvment in Debian decreased and got recentered on thing I really have expertise about. However, I finally took enough time to bring the final touch to a new package for shadow, namely 4.2-1. This package supposedly brings the long awaited new features such ad subuid, subgid, pam_loginuid in login settings,etc. See the complete changelog at the end of this mail. This package just got uploaded to experimental a few days ago and got ACCEPTed (it add a new "uidmap" package) yesterday. However, I'm completely unable to test the new package except its very very basic functions and here is where I need your help. I really have ZERO clue about these new features and I'm anything but a security or code expert. Indeed, I'm not the best suited person to maintain shadow alone but, as of now, I'm the last one that's left...;-) These new features apparently deserve to be added to the distribution and hopefully jessie but before uploading it to unstable, they need a lot more testing and feedback. So, please, if you're interested in this, or more generally concerned by keeping some of our core packages in goo dcondition, feel free to install the new packages from experimental and test them as you can. Full changelog for the new shadow package (including the damn typos I made here or there, as usual): shadow (1:4.2-1) experimental; urgency=low [ Nicolas FRANCOIS (Nekral) ] * New upstream release. Fixes: - Invalid free() in su fixed by using strdup(). Thanks to Serge Hallyn for the patch. Closes: #691459 - Kill the child process group, rather than just the immediate child; this is needed now that su no longer starts a controlling terminal when not running an interactive shell. Thanks to Colin Watson for the patch. Closes: #713979 - German manpages translation update. Closes: #679152 - Improve login.defs (typographic errors and better format). Closes: #685415 - Russian translation update. Closes: #718356 - Do not assume random() is limited by RAND_MAX. Closes: #677275 - Support C libraries with unknown fields in struct passwd. Closes: #675824 - su: child cleanup is performed before terminating PAM sessions. This avoids anoying "...terminated" messages when PAM module send signal to su during session close. Closes: #670132 - vipw/vigr is checking arguments provided after options. Closes: #677812 - Updated Japanese translation. Closes: #720004 - vipw: Fix error reporting when editor fails. Closes: #688260 * Moved to git: replace Vcs-Git in place of Vcs-Svn and adapt Vcs-Browser. * Add pam_loginuid to login PAM settings. Closes: #677441 * passwd.install: add new subuid.5 and subgid.5 manpages * debian/rules, debian/control, debian/uidmap.install: create new uidmap package containing the new setuid-root binaries newuidmap and newgidmap Set uidmap as priority optional. * debian/login.su.pam: Enable pam_limits by default. Closes: #705301 * debian/rules: Set default editor to sensible-editor for vipw. Closes: #688252 [ Micah Anderson ] * added debian/patches/userns to enable use of subuids, plus some bugfix patches on top of them, patches from Eric Biederman, pulled from Ubuntu. Closes: #739981 * Allow LXC devices (lxc/console, lxc/tty[1234]) in securetty.linux * Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify this default for UPGs. (Closes: #583971) * login.postinst: install a default /etc/subuid and /etc/subgid * fix installation of setuid/setgid/newuidmap/newgid/map man pages [ Laurent Bigonville ] * Switch to dpkg-source 3.0 (quilt) format * Add build-dependency against bison * Call dh-autoreconf since we need to regenerate all the autofoo files [ Philippe Grégoire ] * Fix 1000_configure_userns to avoid dropping a needed #endif Closes: #744877 [ Christian Perrier ] * Bump Standards to 3.9.5 (checked) * Use 'set -e' in postinst scripts and not in thei shebang line * Explicitly point to GPL-2 document in debian/copyright Thanks in advance for your help. --
signature.asc
Description: Digital signature