shadow (1:4.2-3.2ubuntu1) yakkety; urgency=medium
* Merge with Debian; remaining changes:
- debian/passwd.upstart: Add an upstart job to clear locks on
[shadow-]passwd/group.
- debian/login.defs:
+ Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
handling does not only apply to "former (pre-PAM) uses".
+ Update documentation of UMASK: Explain that USERGROUPS_ENAB
will modify this default for UPGs.
- debian/{source_shadow.py,rules}: Add apport hook
- Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
/etc/update-motd.d/* scripts twice.
- debian/patches/1010_extrausers.patch: Add support to passwd for
libnss-extrausers
- debian/patches/1011_extrausers_toggle.patch: extrausers support for
useradd and groupadd
- debian/patches/userns/subuids-nonlocal-users: Don't limit
subuid/subgid support to local users.
* Dropped changes, included in Debian:
- Allow LXC devices (lxc/console, lxc/tty[1234]), used from precise on.
- Add uidmap package based on upstream patches that introduce
newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional
updates on those to widen the default allocation to 65536 uids and gids
and only assign ranges to non-system users.
- debian/patches/1020_fix_user_busy_errors: Call sub_uid_close in all
error cases.
* Dropped changes, included upstream:
- debian/patches/495_stdout-encrypted-password: chpasswd can report
password hashes on stdout.
- debian/patches/496_su_kill_process_group: Kill the child process group,
rather than just the immediate child.
* Fix pam_motd calls so that the second pam_motd is the noupdate one rather
than the first, ensuring /run/motd.dynamic is always populated and shown
on the first login after boot. LP: #1368864.
* Don't call 'pam_exec uname', a change adopted in Debian without
coordination with the Debian PAM maintainer
* Use dh_installinit now for installing the upstart job, as we no longer
generate a dependency on upstart-job.
* Include /etc/sub[ug]id in the list of files to clear locks for on boot.
LP: #1304505
* Add a systemd unit to go with the upstart job, so that lock clearing works
on newer Ubuntu releases.
* add support for "chfn --extrausers" (LP: #1495580)
* debian/patches/1010_extrausers.patch:
- Fix usermod to handle a readonly /etc gracefully (LP: #1562872)
* debian/patches/1010_extrausers.patch:
- Fix usermod to look in extrausers location for basic changes to a
user's passwd info. Fixes changing user's real name in Touch via
AccountsService. (Does not address updating groups yet, since that's
less useful now, as we can't update any system groups.)
* d/p/1021_no_subuids_for_system_users.patch: fix the not creating subuids
for system users. (LP: #1545884)
* Replace debian/passwd.service with debian/passwd.tmpfile, systemd tmpfile
handling has support for removing files for us on boot. Thanks to
Martin Pitt <email address hidden> for the hint.
shadow (1:4.2-3.2) unstable; urgency=medium
* Non-maintainer upload.
* Use HTTPS in Vcs-Git.
* Stop using hardening-wrapper and instead use /usr/share/dpkg/buildflags.mk.
Closes: #836653
-- Matthias Klose <email address hidden> Tue, 20 Sep 2016 09:43:54 +0200
