Skip to content

Releases: shadow-maint/shadow

Release 4.10

19 Dec 20:25
Compare
Choose a tag to compare

Note: From this release forward, su from this package should be
considered deprecated. Please replace any users of it with su from
util-linux. Please open an issue if there is a problem with that.
We intend to remove it in an upcoming release.

This release features many fixes expecially to the building of
libsubid, some SELinux labeling issues, and a few signaling
issues.

Changelog:
* libsubid fixes (Xi Ruoyao, Serge Hallyn, Iker Pedrosa, Mike Gilbert,
GalaxyMaster, and Luís Ferreira)
* Rename the test program list_subid_ranges to getsubids, write
a manpage, so distros can ship it. (Iker Pedrosa)
* Add libeconf dep for new*idmap (Iker Pedrosa)
* Allow all group types with usermod -G (Iker Pedrosa)
* Avoid useradd generating empty subid range (Iker Pedrosa)
* Handle NULL pw_passwd (Jaroslav Jindrak)
* Fix default value SHA_get_salt_rounds (Mike Gilbert)
* Use https where possible in README (Paul Menzel)
* Update content and format of README (Iker Pedrosa)
* Translation updates (Balint Reczey, Frans Spiesschaert)
* Switch from xml2po to itstool in 'make dist' (Serge Hallyn)
* Fix double frees (Michael Vetter)
* Add LOG_INIT configurable to useradd (Andy Zaugg)
* Add CREATE_MAIL_SPOOL documentation (Andy Zaugg)
* Create a security.md
* Fix su never being SIGKILLd when trapping TERM (Ruihan li)
* Fix wrong SELinux labels in several possible cases (Iker Pedrosa)
* Fix missing chmod in chadowtb_move (GalaxyMaster)
* Handle malformed hushlogins entries (Tobias Stoeckmann)
* Fix groupdel segv when passwd does not exist (François Rigault)
* Fix covscan-found newgrp segfault (Iker Pedrosa)
* Remove trailing slash on hoedir (Ed Neville)
* Fix passwd -l message - it does not change expirey (Ed Neville)
* Fix SIGCHLD handling bugs in su and vipw (Tobias Stoeckmann)
* Remove special case for "" in usermod (Alejandro Colomar)
* Implement usermod -rG to remove a specific group
(Andy Zaugg)
* call pam_end() after fork in child path for su and login
(Björn Fischer)
* useradd: In absence of /etc/passwd, assume 0 == root
(Ludwig Nussel)
* lib: check NULL before freeing data (Iker Pedrosa)
* Fix pwck segfault (Iker Pedrosa)

Release 4.9

22 Jul 23:37
Compare
Choose a tag to compare

Changelog:

  • Updated translations (Björn Esser, Juergen Hoetzel)
  • Major salt updates (Björn Esser)
  • Various coverity and cleanup fixes (Iker Pedrosa)
  • Consistently use 0 to disable PASS_MIN_DAYS in man (tzccinct)
  • Implement NSS support for subids and a libsubid (Serge Hallyn)
  • setfcap: retain setfcap when mapping uid 0 (Christian Brauner)
  • login.defs: include HMAC_CRYPTO_ALGO key (Iker Pedrosa)
  • selinux fixes (Christian Göttsche)
  • Fix path prefix path handling (Lucas Servén Marín)
  • Manpage updates (tzccinct, Sevan Janiyan, Iker Pedrosa, Geert Ijewski,
    谭九鼎, Jamin W. Collins, towerpark, andydna, Frans Spiesschaert)
  • Treat an empty passwd field as invalid (Haelwenn Monnier)
  • newxidmap: allow running under alternative gid (Martijn de Gouw)
  • usermod: check that shell is executable (Geert Ijewski)
  • Add yescript support (Rodolphe Bréard)
  • useradd memleak fixes (whzhe)
  • useradd: use built-in settings by default (Ludwig Nussel)
  • getdefs: add foreign (non-shadow-utils) items (Karel Zak)
  • buffer overflow fixes (Tobias Stoeckmann)
  • Adding run-parts style for pre and post useradd/del ([email protected])

Release 4.8.1

23 Jan 21:23
Compare
Choose a tag to compare

This minor release was made mainly to revert the --sbindir/--bindir commit which broke some distributions.

Changelog:

    * selinux: incluee stdio (Michael Vetter)
    * man: don't suggest making groupmems user-writeable (Michael Weiser)
    * Makefile: bail out on error in for loops (Wolfgang Bumiller)
    * Adding logging of SSH_ORIGINAL_COMMAND to nologin. ([email protected])
    * add new HOME_MODE login.defs option (Duncan Overbruck)
    * Add tty logging to useradd ([email protected])
    * Useradd: make non-executable shell check only a warning (Tomas Mraz)
    * Update Dutch translation (Frans-Spiesschaert)
    * user_busy: Do not mistake a regular user process for a namespaced one (Tomas Mraz)
    * Revert "Honor --sbindir and --bindir for binary installation" Patrick McLean)

Release 4.8

01 Dec 17:54
Compare
Choose a tag to compare
    * Initial optional bcrypt support.
    * Make build/install of 'su' optional.
    * Fix for vipw not resuming correctly when suspended
    * Sync password field descriptions in manpages
    * Check for valid shell argument in useradd
    * Allow translation of new strings through POTFILES.in
    * Migrate to itstool for translations
    * Migrate to new SELinux api
    * Support --enable-vendordir
    * pwck: Only check homedir if set and not a system user
    * Support nonstandard usernames
    * sget{pw,gr}ent: check for data at EOL
    * Add YYY-MM-DD support in chage
    * Fix failing chmod calls for suidubins
    * Fix --sbindir and --bindir for binary installations
    * Fix LASTLOG_UID_MAX in login.defs
    * Fix configure error with dash

Releasing 4.7

13 Jun 19:32
Compare
Choose a tag to compare
Releasing 4.7 Pre-release
Pre-release

Changelog:

    * Spawn: don't loop forever on ECHILD
    * Do not fail locking if there is a stale lockfile Tomas Mraz)
    * Use lckpwdf if prefix not set (Tomas Mraz)
    * Build: check correct DocBook version (Jan Tojnar)
    * Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn)
    * Add support for btrfs subvolumes for home (Adam Majer)
    * Fix chpasswd long line handling (Nathan Ruiz)
    * Use secure_getenv for gettime (Chris Lamb)
    * Make sp_lstchg reproducible (Chris Lamb)
    * Do not crash commonio_close if db file is not open (Tomas Mraz)
    * Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
    * French manpage update (Alban VIDAL)
    * Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
    * Sync po files from shadow.pot (Alban VIDAL)
    * Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
    * Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
    * new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
    * Fix segfault in useradd (Tomas Mraz)
    * Coverity issues (Tomas Mraz)
    * Flush sssd caches (Jakub Hrozek)
    * Log UID in nologin (Vladimir Ivanov)
    * run pam_getenvlist after setup_env in su.c (Michael Vogt)
    * Support systems with only utmpx (A. Wilcox)
    * Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
    * Update po/zh_CN translation (Lion Yang)
    * Create parent dirs for useradd -m (Michael Vetter)
    * Prevent usermod segv
    * Fix usermod crash (fariouche)

Releasing 4.6

29 Apr 16:58
Compare
Choose a tag to compare

Changelog:

  • Newgrp: avoid unnecessary lookups
  • Make language less binary
  • Add error when turning off man switch
  • Spelling fixes
  • Make userdel work with -R
  • newgidmap: enforce setgroups=deny if self-mapping a group
  • Norwegian bokmål translation
  • pwck: prevent crash by not passing O_CREAT
  • WITH_TCB fixes from Mandriva
  • Fix pwconv and grpconv entry skips
  • Fix -- slurping in su
  • add --prefix option
  • Import new Dutch translations.
  • Expand error codes for groupmod.

Releasing 4.5

17 May 20:00
Compare
Choose a tag to compare

Changelog since 4.4:

    * Patch from Tobias Stoeckmann fixing regression in previous CVE fix
      preventing SIGTERM to su from being propagated to the job.
    * Patch from Chris Lamb making sp_lstchg shadow field reproducible.
    * Merge Russian translation updates from Yuri Kozlov
    * Fix missing close of subuid file on error
    * Merge patch by Tobias Stoeckmann <[email protected]> to fix
      the equivalent of util-linux CVE-2017-2616.
    * Update Kazakh translations
    * Consult configuration before calculating subuids
    * Remove misplaced semicolon
    * Patch from Fedora to improve performance with SSSD, Winbind,
      or nss_ldap. (Tomas Mraz)
    * Make sure knowndef_table is NULL-terminated.  (Bernhard Rosenkränzer)
    * Drop leading underscore from _COMMONIO_H and _SHADOWIO_H
    * Fix readability in usermod error messages.
    * Reset user in tallylog
    * Add audit support to su
    * Use sizeof rather than hardcoding snprintf args
    * Fix useradd improper default loading
    * Update Vietnamese translations
    * Update Polish translations
    * Remove non-POSIX chmod option in Makefile
    * Fix suidubins assignments
    * Fix --add-subuids etc spelling in manpages
    * Audit homedir ownership change.
    * Print error on selinux file context update failure
    * Keep original file perms when creating a backup

Shadow 4.4

02 Dec 22:05
Compare
Choose a tag to compare
    * Changes since 4.2.1:

      - Documentation, error report and translations updates
      - Replace path_max with 32
      - User namespace support fixes/updates including:
        - Correct sanity checks in newXidmap
        - Fix building without subuid support
        - Add /etc/subuid support for UID matching
        - Support subuid for nonlocal users
        - Default to 65536 subuid allocations
        - Respect -r
        - Check for range overflows
      - Add tests from svn tree
      - Use AC_CHECK_SIZEOF for uid_t size checks
      - Accomodate missing /etc and login.defs
      - Support FORCE_SHADOW
      - Be more robust in hostile environment
      - Allow removing a primary group
      - Clear passwords on __pw_dup errors
      - Memory leak fix in commonio_update and get_map_ranges
      - Fix resource leak in syslog_sg
      - Fix user busy error at userdel
      - Support set/clear lastlog record via lastlog command
      - Add --no-create-home as longopt for -M
      - Fix signal races
      - Reduce syslog priority of common usage events