Hello fellow developers, I would like to request your help in testing the new version of the shadow package (that provides login, passwd and such other important or base packages).
Debian is upstream for shadow since Nicolas François (with my help)
took over the maintenance of shadow back in 2005. Since then, Nicolas,
whose expertise in C programming is millions of miles ahead of mine,
did a great job in maintaining the package, keeping its bug log low
and in general keep it as safe and clean as possible.
However since about 2-3 years, Nicolas is much less active in Debian
than he was and I'm mostly left alone really maintaining shadow as a
Debian package. And thus, the package had very few uploads.
Still, last work by Nicolas happened in early 2013 when he worked
again on some requested new features, merging in some proposed work by
Serge Hallyn. Later on, more enhancements have been proposed by other
people, mostly to integrate the support for subuid/subgid. I'd like to
thank, here, Eric Biedermann, Serge Hally and Micah Anderson who
helped a lot integrating this, as I know nearly nothing about all this stuff.
That lead to a new upstream version (4.2) which, unfortunately,
Nicolas had no free time to officially publish. Moreover, all this
converged roughly during the wheezy freeze and it was of course
inappropriate to upload this.
Then dust started to pile up again on shadow....and all this work
remained unpublished. Partly also because my own involvment in Debian
decreased and got recentered on thing I really have expertise about.
However, I finally took enough time to bring the final touch to a new
package for shadow, namely 4.2-1. This package supposedly brings the
long awaited new features such ad subuid, subgid, pam_loginuid in
login settings,etc. See the complete changelog at the end of this
mail.
This package just got uploaded to experimental a few days ago and got
ACCEPTed (it add a new "uidmap" package) yesterday.
However, I'm completely unable to test the new package except its very
very basic functions and here is where I need your help. I really have
ZERO clue about these new features and I'm anything but a security or
code expert. Indeed, I'm not the best suited person to maintain shadow
alone but, as of now, I'm the last one that's left...;-)
These new features apparently deserve to be added to the distribution
and hopefully jessie but before uploading it to unstable, they need a
lot more testing and feedback. So, please, if you're interested in
this, or more generally concerned by keeping some of our core packages
in goo dcondition, feel free to install the new packages from
experimental and test them as you can.
Full changelog for the new shadow package (including the damn typos I
made here or there, as usual):
shadow (1:4.2-1) experimental; urgency=low
[ Nicolas FRANCOIS (Nekral) ]
* New upstream release. Fixes:
- Invalid free() in su fixed by using strdup(). Thanks to Serge
Hallyn for the patch. Closes: #691459
- Kill the child process group, rather than just the
immediate child; this is needed now that su no
longer starts a controlling terminal when not running an
interactive shell. Thanks to Colin Watson for the patch.
Closes: #713979
- German manpages translation update. Closes: #679152
- Improve login.defs (typographic errors and better format).
Closes: #685415
- Russian translation update. Closes: #718356
- Do not assume random() is limited by RAND_MAX. Closes: #677275
- Support C libraries with unknown fields in struct passwd.
Closes: #675824
- su: child cleanup is performed before terminating PAM sessions. This
avoids anoying "...terminated" messages when PAM module send signal to
su during session close. Closes: #670132
- vipw/vigr is checking arguments provided after options. Closes: #677812
- Updated Japanese translation. Closes: #720004
- vipw: Fix error reporting when editor fails. Closes: #688260
* Moved to git: replace Vcs-Git in place of Vcs-Svn and adapt
Vcs-Browser.
* Add pam_loginuid to login PAM settings. Closes: #677441
* passwd.install: add new subuid.5 and subgid.5 manpages
* debian/rules, debian/control, debian/uidmap.install: create new uidmap
package containing the new setuid-root binaries newuidmap and newgidmap
Set uidmap as priority optional.
* debian/login.su.pam: Enable pam_limits by default. Closes: #705301
* debian/rules: Set default editor to sensible-editor for vipw.
Closes: #688252
[ Micah Anderson ]
* added debian/patches/userns to enable use of subuids, plus some bugfix
patches on top of them, patches from Eric Biederman, pulled from
Ubuntu. Closes: #739981
* Allow LXC devices (lxc/console, lxc/tty[1234]) in securetty.linux
* Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify
this default for UPGs. (Closes: #583971)
* login.postinst: install a default /etc/subuid and /etc/subgid
* fix installation of setuid/setgid/newuidmap/newgid/map man pages
[ Laurent Bigonville ]
* Switch to dpkg-source 3.0 (quilt) format
* Add build-dependency against bison
* Call dh-autoreconf since we need to regenerate all the autofoo files
[ Philippe Grégoire ]
* Fix 1000_configure_userns to avoid dropping a needed #endif
Closes: #744877
[ Christian Perrier ]
* Bump Standards to 3.9.5 (checked)
* Use 'set -e' in postinst scripts and not in thei shebang line
* Explicitly point to GPL-2 document in debian/copyright
Thanks in advance for your help.
--
signature.asc
Description: Digital signature
