Skip to content

Releases: shadow-maint/shadow

Release 4.9

22 Jul 23:37
@hallyn hallyn
v4.9
6f9124b
Compare
Choose a tag to compare
Release 4.9

Changelog:

  • Updated translations (Björn Esser, Juergen Hoetzel)
  • Major salt updates (Björn Esser)
  • Various coverity and cleanup fixes (Iker Pedrosa)
  • Consistently use 0 to disable PASS_MIN_DAYS in man (tzccinct)
  • Implement NSS support for subids and a libsubid (Serge Hallyn)
  • setfcap: retain setfcap when mapping uid 0 (Christian Brauner)
  • login.defs: include HMAC_CRYPTO_ALGO key (Iker Pedrosa)
  • selinux fixes (Christian Göttsche)
  • Fix path prefix path handling (Lucas Servén Marín)
  • Manpage updates (tzccinct, Sevan Janiyan, Iker Pedrosa, Geert Ijewski,
    谭九鼎, Jamin W. Collins, towerpark, andydna, Frans Spiesschaert)
  • Treat an empty passwd field as invalid (Haelwenn Monnier)
  • newxidmap: allow running under alternative gid (Martijn de Gouw)
  • usermod: check that shell is executable (Geert Ijewski)
  • Add yescript support (Rodolphe Bréard)
  • useradd memleak fixes (whzhe)
  • useradd: use built-in settings by default (Ludwig Nussel)
  • getdefs: add foreign (non-shadow-utils) items (Karel Zak)
  • buffer overflow fixes (Tobias Stoeckmann)
  • Adding run-parts style for pre and post useradd/del ([email protected])
Assets 6
Loading

Release 4.8.1

23 Jan 21:23
@hallyn hallyn
4.8.1
2cc7da6
Compare
Choose a tag to compare
Release 4.8.1

This minor release was made mainly to revert the --sbindir/--bindir commit which broke some distributions.

Changelog:

    * selinux: incluee stdio (Michael Vetter)
    * man: don't suggest making groupmems user-writeable (Michael Weiser)
    * Makefile: bail out on error in for loops (Wolfgang Bumiller)
    * Adding logging of SSH_ORIGINAL_COMMAND to nologin. ([email protected])
    * add new HOME_MODE login.defs option (Duncan Overbruck)
    * Add tty logging to useradd ([email protected])
    * Useradd: make non-executable shell check only a warning (Tomas Mraz)
    * Update Dutch translation (Frans-Spiesschaert)
    * user_busy: Do not mistake a regular user process for a namespaced one (Tomas Mraz)
    * Revert "Honor --sbindir and --bindir for binary installation" Patrick McLean)
Assets 6
Loading

Release 4.8

01 Dec 17:54
@hallyn hallyn
4.8
81de782
Compare
Choose a tag to compare
Release 4.8 
    * Initial optional bcrypt support.
    * Make build/install of 'su' optional.
    * Fix for vipw not resuming correctly when suspended
    * Sync password field descriptions in manpages
    * Check for valid shell argument in useradd
    * Allow translation of new strings through POTFILES.in
    * Migrate to itstool for translations
    * Migrate to new SELinux api
    * Support --enable-vendordir
    * pwck: Only check homedir if set and not a system user
    * Support nonstandard usernames
    * sget{pw,gr}ent: check for data at EOL
    * Add YYY-MM-DD support in chage
    * Fix failing chmod calls for suidubins
    * Fix --sbindir and --bindir for binary installations
    * Fix LASTLOG_UID_MAX in login.defs
    * Fix configure error with dash
Assets 6
Loading

Releasing 4.7

13 Jun 19:32
@hallyn hallyn
4.7
2bb99b8
Compare
Choose a tag to compare
Releasing 4.7 Pre-release
Pre-release

Changelog:

    * Spawn: don't loop forever on ECHILD
    * Do not fail locking if there is a stale lockfile Tomas Mraz)
    * Use lckpwdf if prefix not set (Tomas Mraz)
    * Build: check correct DocBook version (Jan Tojnar)
    * Usermod: Print 'no changes' to stdout, not stderr (Serge Hallyn)
    * Add support for btrfs subvolumes for home (Adam Majer)
    * Fix chpasswd long line handling (Nathan Ruiz)
    * Use secure_getenv for gettime (Chris Lamb)
    * Make sp_lstchg reproducible (Chris Lamb)
    * Do not crash commonio_close if db file is not open (Tomas Mraz)
    * Don't flush nscd and sssd cache in read-only mode (Charlie Vuillemez)
    * French manpage update (Alban VIDAL)
    * Fix manpage defaults for SUB_UID/GID_COUNT (Tomas Mraz)
    * Sync po files from shadow.pot (Alban VIDAL)
    * Usermod: guard against unsafe chown of homedir contents (Tomas Mraz)
    * Add LASTLOG_UID_MAX to login.defs (Tomas Mraz)
    * new[ug]idmap file capabilities support (Giuseppe Scrivano and Christian Brauner)
    * Fix segfault in useradd (Tomas Mraz)
    * Coverity issues (Tomas Mraz)
    * Flush sssd caches (Jakub Hrozek)
    * Log UID in nologin (Vladimir Ivanov)
    * run pam_getenvlist after setup_env in su.c (Michael Vogt)
    * Support systems with only utmpx (A. Wilcox)
    * Fix unguarded ENABLE_SUBIDS code (Jan Chren (rindeal))
    * Update po/zh_CN translation (Lion Yang)
    * Create parent dirs for useradd -m (Michael Vetter)
    * Prevent usermod segv
    * Fix usermod crash (fariouche)
Assets 6
Loading

Releasing 4.6

29 Apr 16:58
@hallyn hallyn
4.6
f50603a
Compare
Choose a tag to compare
Releasing 4.6

Changelog:

  • Newgrp: avoid unnecessary lookups
  • Make language less binary
  • Add error when turning off man switch
  • Spelling fixes
  • Make userdel work with -R
  • newgidmap: enforce setgroups=deny if self-mapping a group
  • Norwegian bokmål translation
  • pwck: prevent crash by not passing O_CREAT
  • WITH_TCB fixes from Mandriva
  • Fix pwconv and grpconv entry skips
  • Fix -- slurping in su
  • add --prefix option
  • Import new Dutch translations.
  • Expand error codes for groupmod.
Assets 6
Loading

Releasing 4.5

17 May 20:00
@hallyn hallyn
4.5
15be89f
Compare
Choose a tag to compare
Releasing 4.5

Changelog since 4.4:

    * Patch from Tobias Stoeckmann fixing regression in previous CVE fix
      preventing SIGTERM to su from being propagated to the job.
    * Patch from Chris Lamb making sp_lstchg shadow field reproducible.
    * Merge Russian translation updates from Yuri Kozlov
    * Fix missing close of subuid file on error
    * Merge patch by Tobias Stoeckmann <[email protected]> to fix
      the equivalent of util-linux CVE-2017-2616.
    * Update Kazakh translations
    * Consult configuration before calculating subuids
    * Remove misplaced semicolon
    * Patch from Fedora to improve performance with SSSD, Winbind,
      or nss_ldap. (Tomas Mraz)
    * Make sure knowndef_table is NULL-terminated.  (Bernhard Rosenkränzer)
    * Drop leading underscore from _COMMONIO_H and _SHADOWIO_H
    * Fix readability in usermod error messages.
    * Reset user in tallylog
    * Add audit support to su
    * Use sizeof rather than hardcoding snprintf args
    * Fix useradd improper default loading
    * Update Vietnamese translations
    * Update Polish translations
    * Remove non-POSIX chmod option in Makefile
    * Fix suidubins assignments
    * Fix --add-subuids etc spelling in manpages
    * Audit homedir ownership change.
    * Print error on selinux file context update failure
    * Keep original file perms when creating a backup
Assets 6
Loading

Shadow 4.4

02 Dec 22:05
@hallyn hallyn
4.4
68061f2
Compare
Choose a tag to compare
Shadow 4.4 
    * Changes since 4.2.1:

      - Documentation, error report and translations updates
      - Replace path_max with 32
      - User namespace support fixes/updates including:
        - Correct sanity checks in newXidmap
        - Fix building without subuid support
        - Add /etc/subuid support for UID matching
        - Support subuid for nonlocal users
        - Default to 65536 subuid allocations
        - Respect -r
        - Check for range overflows
      - Add tests from svn tree
      - Use AC_CHECK_SIZEOF for uid_t size checks
      - Accomodate missing /etc and login.defs
      - Support FORCE_SHADOW
      - Be more robust in hostile environment
      - Allow removing a primary group
      - Clear passwords on __pw_dup errors
      - Memory leak fix in commonio_update and get_map_ranges
      - Fix resource leak in syslog_sg
      - Fix user busy error at userdel
      - Support set/clear lastlog record via lastlog command
      - Add --no-create-home as longopt for -M
      - Fix signal races
      - Reduce syslog priority of common usage events
Assets 6
Loading