shadow (1:4.17.4-2) unstable; urgency=medium
* Allow LOGIN_ENV_SAFELIST (from util-linux) in /etc/login.defs.
Using patch from upstream.
-- Chris Hofstaedtler <zeha@debian.org> Sat, 19 Apr 2025 12:20:28 +0200
shadow (1:4.17.4-1) unstable; urgency=medium
* New upstream version 4.17.4
* Rebase patches
-- Chris Hofstaedtler <zeha@debian.org> Sat, 29 Mar 2025 13:28:35 +0100
shadow (1:4.17.3-3) unstable; urgency=medium
* Accept /usr/sbin/nologin as an alternate to /sbin/nologin.
Thanks to Marc Haber
-- Chris Hofstaedtler <zeha@debian.org> Fri, 28 Mar 2025 12:13:03 +0100
shadow (1:4.17.3-2) unstable; urgency=medium
* Do not warn about useradd --system with Debian-globally allocated uids
(Closes: #1100563)
* Refresh patches
-- Chris Hofstaedtler <zeha@debian.org> Sun, 16 Mar 2025 13:39:58 +0100
shadow (1:4.17.3-1) unstable; urgency=medium
* New upstream version 4.17.3
* Refresh patches and include upstream patch for getdate.
Include https://github.com/shadow-maint/shadow/pull/1214 to fix
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095430 in the
way upstream intends to fix it.
* Explicitly pass {s,}bindir to configure.
Avoids upstream hacks in configure.
-- Chris Hofstaedtler <zeha@debian.org> Mon, 24 Feb 2025 23:09:52 +0100
shadow (1:4.17.2-6) unstable; urgency=medium
* d/rules: ensure lib/getdate.c gets rebuilt
* configure: always pick /usr/bin/passwd.
Thanks to Jochen Sprickerhof <jspricke@debian.org>
-- Chris Hofstaedtler <zeha@debian.org> Mon, 24 Feb 2025 12:16:49 +0100
shadow (1:4.17.2-5) unstable; urgency=medium
* Warn about future --badname removal.
Upstream PR 1158 plans to remove this flag, probably in the forky
timeframe. Warn users now.
* Import upstream patch to fix chfn (#1096187)
* Add regression test for #1096187
* Add regression test for #1095430
* Remove "shadowconfig off"
If needed please run pwunconv, grpunconv manually, but please understand
you are on your own.
-- Chris Hofstaedtler <zeha@debian.org> Mon, 17 Feb 2025 19:54:09 +0100
shadow (1:4.17.2-4) unstable; urgency=medium
* Revert upstreams chfn.c strsep change (Closes: #1096187)
-- Chris Hofstaedtler <zeha@debian.org> Mon, 17 Feb 2025 12:28:56 +0100
shadow (1:4.17.2-3) unstable; urgency=medium
* Revert upstreams strtoday calculation "fix" (Closes: #1095430)
-- Chris Hofstaedtler <zeha@debian.org> Sun, 16 Feb 2025 20:24:35 +0100
shadow (1:4.17.2-2) unstable; urgency=medium
* Upload to unstable.
* Apply upstream revert of "Use local time for human-readable dates"
(Closes: #1095430)
-- Chris Hofstaedtler <zeha@debian.org> Sat, 15 Feb 2025 17:21:17 +0100
shadow (1:4.17.2-1) experimental; urgency=medium
* New upstream version 4.17.2
* Apply upstream patch from Marc Haber to document E_BAD_NAME
* Refresh patches
-- Chris Hofstaedtler <zeha@debian.org> Sun, 09 Feb 2025 18:14:51 +0100
shadow (1:4.17.1-2) experimental; urgency=medium
* Rewrite shadowconfig(8) manpage.
Thanks to Alejandro Colomar <alx@kernel.org>
* Remove unnecessary Build-Depends: quilt.
Thanks to Bastian Germann (Closes: #1092461)
-- Chris Hofstaedtler <zeha@debian.org> Wed, 08 Jan 2025 12:40:10 +0100
shadow (1:4.17.1-1) experimental; urgency=medium
* New upstream version 4.17.1
-- Chris Hofstaedtler <zeha@debian.org> Sat, 04 Jan 2025 12:41:51 +0100
shadow (1:4.17.0-1) experimental; urgency=medium
* New upstream version 4.17.0
* Refresh patches.
-- Chris Hofstaedtler <zeha@debian.org> Sat, 28 Dec 2024 13:14:16 +0100
shadow (1:4.17.0~rc1-2) experimental; urgency=medium
* Remove Debian patch to relax username checks.
Per discussion on d-devel, with upstream, and with the
adduser maintainer.
Thanks: Marc Haber
-- Chris Hofstaedtler <zeha@debian.org> Sun, 22 Dec 2024 20:15:16 +0100
shadow (1:4.17.0~rc1-1) experimental; urgency=medium
* New upstream version 4.17.0~rc1
* Add upstream patch for new return-code for bad usernames
* Refresh patches
* d/copyright: update
* Forbid purely numeric user/group names, and "." and ".."
-- Chris Hofstaedtler <zeha@debian.org> Fri, 06 Dec 2024 19:55:32 +0100
shadow (1:4.16.0-7) unstable; urgency=medium
[ Florent 'Skia' Jacquet ]
* d/patches: fix 'upstream' test suite
-- Chris Hofstaedtler <zeha@debian.org> Fri, 06 Dec 2024 13:51:40 +0100
shadow (1:4.16.0-6) unstable; urgency=medium
* Add NEWS entry about faillog (Closes: #1074320)
-- Chris Hofstaedtler <zeha@debian.org> Fri, 06 Dec 2024 13:29:54 +0100
shadow (1:4.16.0-5) unstable; urgency=medium
[ Chris Hofstaedtler ]
* Always build with btrfs support on linux-any (Closes: #856557)
* debputy.manifest: merge path-metadata entries
* login.defs: remove info about write(1)
Which is not part of Debian trixie. (Closes: #1087519)
[ Pino Toscano ]
* Include <utmpx.h>, fixing the build on GNU/Hurd
-- Chris Hofstaedtler <zeha@debian.org> Fri, 15 Nov 2024 20:30:32 +0100
shadow (1:4.16.0-4) unstable; urgency=medium
* Drop Debian-only cppw, cpgr tools (Closes: #750752)
* Stop patching login, not installed anymore
* Define LOGIN_NAME_MAX on HURD
* Remove libsystemd-dev Build-Depends.
Only necessary for login(1).
* Stop building programs we do not install
-- Chris Hofstaedtler <zeha@debian.org> Tue, 06 Aug 2024 00:29:18 +0200
shadow (1:4.16.0-3) unstable; urgency=medium
* Upload to unstable.
* Fix FTBFS on hurd.
DEB_HOST_ARCH_OS was unset.
-- Chris Hofstaedtler <zeha@debian.org> Mon, 05 Aug 2024 17:21:27 +0200
shadow (1:4.16.0-2) experimental; urgency=medium
* passwd: switch Depends from login to login.defs
login will again be installed on fewer systems, but existing installs
will retain it (it is Protected: yes).
* Drop login package, to allow takeover by util-linux.
Move shadow.mo to Package: passwd, have passwd Replaces: older login.
* login.defs: ship manpage
* Re-add workarounds for tests in tests/tests directory.
4.15.3 fixed this, but 4.16.0 happened earlier.
-- Chris Hofstaedtler <zeha@debian.org> Mon, 05 Aug 2024 02:36:29 +0200
shadow (1:4.16.0-1) experimental; urgency=medium
* New upstream version 4.16.0
* Rebase patches
* Split /etc/login.defs into its own binary package (Closes: #1074394)
* Rename libsubid4 to libsubid5 (soname bump)
* d/watch: add versionmangle for -rc
-- Chris Hofstaedtler <zeha@debian.org> Fri, 02 Aug 2024 17:35:29 +0200
shadow (1:4.15.3-3) unstable; urgency=medium
* Forbid backslashes in user/group-names.
They can still be used with --force-badname, but it's a start. In the
long run I want to remove our relax patch, and upstream should fix the
line continuation too. For #1076619.
-- Chris Hofstaedtler <zeha@debian.org> Sun, 21 Jul 2024 21:05:32 +0200
shadow (1:4.15.3-2) unstable; urgency=medium
[ Pino Toscano ]
* d/rules: actually enable Linux-only options on Linux
This enables --enable-logind and --with-audit.
[ Chris Hofstaedtler ]
* Stop installing groupmems(8) (Closes: #1004472, LP: #2039541)
* login.defs: remove obsolete/confusing comments
* login.defs: resync comments with upstream
* login.defs: remove incomplete list of unused vars
* login.defs: remove obscure, defaulted vars
* login.defs: remove vars ignored by su(1)
* login.defs: remove CONSOLE_GROUPS, ignored with PAM
* login.defs: remove CONSOLE, ignored with PAM
-- Chris Hofstaedtler <zeha@debian.org> Sun, 07 Jul 2024 15:30:38 +0200
shadow (1:4.15.3-1) unstable; urgency=medium
* New upstream version 4.15.3
* tests: follow upstream subdir fix
* Fix setup of test libsubid-04_nss
* Drop login.postinst, obsoleted by #1074121
* Bump Standards-Version to 4.7.0
-- Chris Hofstaedtler <zeha@debian.org> Sat, 06 Jul 2024 23:50:36 +0200
shadow (1:4.15.2-3) unstable; urgency=medium
* d/watch: add versionmangle for -rc
* Revert "Use upstream's restrictions on user- and group names again".
Breaks adduser's tests, see #1074306.
-- Chris Hofstaedtler <zeha@debian.org> Wed, 26 Jun 2024 12:40:34 +0200
shadow (1:4.15.2-2) unstable; urgency=medium
* useradd(8): Fix missing paragraph on username length
* d/rules: explicitly set --with-audit and --enable-subordinate-ids
* Remove faillog support.
Stop installing faillog binary and man pages. Stop creating
/var/log/faillog in login.postinst.
PAM has removed support for /var/log/faillog by dropping pam_tally, and
login itself cannot write to it either.
* Use upstream's restrictions on user- and group names again.
Upstream started supporting mixed-case names some time ago.
Purely numeric names (#79682) are now forbidden again, as there is no
way of distinguishing them from user/group IDs otherwise.
* Drop useradd's backwards-compatibility -O flag
* Remove our copy of HOME_MODE.xml, identical upstream
* shadowconfig.8: actually install again
* passwd: add Depends: login.
Stop-gap until passwd can takeover /etc/login.defs from login.
-- Chris Hofstaedtler <zeha@debian.org> Tue, 25 Jun 2024 19:42:24 +0200
shadow (1:4.15.2-1) unstable; urgency=medium
* New upstream version 4.15.2
Includes fix for csrand_uniform().
-- Chris Hofstaedtler <zeha@debian.org> Sat, 22 Jun 2024 17:37:34 +0200
shadow (1:4.15.1-1) unstable; urgency=medium
* New upstream version 4.15.1
Closes: #832047, #812127, #1034312, #856902, #791806
Closes: #1006216, #1006225, #1006208
* contrib/atudel, non-DFSG-compliant was removed upstream
* Remove obsolete configure flag --without-libcrack
* Use functions from libbsd (Closes: #1032393)
* Build-Depend: libltdl-dev for LT_LIB_DLLOAD
(Closes: #1065350)
* Build-Depend: pkgconf
* Drop upstream applied patches
* Disable FTMP_FILE by default, drop login failure logging
* Rebase patch 401_cppw_src.dpatch
* Rename patch 402_cppw_selinux
* Use upstream FAILLOG_ENAB code, incompatible with PAM
(Closes: #776314)
* Rebase patch 463_login_delay_obeys_to_PAM
* Rebase patch 501_commonio_group_shadow
* Rebase patch 502_debian_useradd_defaults
* Rebase patch 506_relaxed_usernames
* Rebase patch 542_useradd-O_option
* Update upstream signing keys
* Tag build with dh-package-notes
* Turn off --enable-lastlog, drop lastlog from not-installed
* Explicitly enable logind on linux-any
* Update default ENCRYPT_METHOD (Closes: #1043236)
* login: switch from Essential to Protected: yes (Closes: #960638)
Moves Pre-Depends to Depends.
* Enable acl, xattr support (Closes: #745796)
* login.defs: remove PAM-unsupported crypt settings (Closes: #1055582)
-- Chris Hofstaedtler <zeha@debian.org> Sat, 22 Jun 2024 16:08:41 +0200
shadow (1:4.13+dfsg1-5) unstable; urgency=medium
* Add myself to Uploaders, per discussion with Serge Hallyn
* Apply wrap-and-sort -kas style
* Use debputy to avoid Rules-Requires-Root: binary-targets
* libsubid4: tighten package-internal dependencies
[ Serge Hallyn ]
* Drop pam_lastlog.so from config. (Closes: #1068229)
* Stop installing lastlog binary.
-- Chris Hofstaedtler <zeha@debian.org> Sun, 02 Jun 2024 20:01:51 +0200
shadow (1:4.13+dfsg1-4) unstable; urgency=medium
[ Helmut Grohne ]
* DEP17: Move login and shadowconfig to /usr. (Closes: #1059915)
-- Serge Hallyn <serge@hallyn.com> Sun, 04 Feb 2024 20:28:27 +0000
shadow (1:4.13+dfsg1-3) unstable; urgency=medium
* Team upload
* Remove myself from uploaders
-- Balint Reczey <balint@balintreczey.hu> Sun, 15 Oct 2023 19:10:52 +0200
shadow (1:4.13+dfsg1-2) unstable; urgency=medium
[ Balint Reczey ]
* debian/gitlab-ci.yml: Use sudo to fix reprotest test
* debian/login.pam: Drop reference to Debian Etch (Closes: #1040064)
* debian/NEWS: Fix false claim about PREVENT_NO_AUTH affecting authentication.
Also drop setting PREVENT_NO_AUTH in shipped login.defs. (Closes: #1041547)
* Cherry-pick upstream patch to fix gpasswd passwd leak
(CVE-2023-4641) (Closes: #1051062)
* Cherry-pick upstream patch to fix chfn vulnerability allowing injection of
control characters into some /etc/passwd fields.
(CVE-2023-29383) (Closes: #1034482)
[ Gioele Barabucci ]
* Support <nodoc> build profile
`xsltproc`, `docbook` and all other XML-related packages are not needed
when the `<nodoc>` build profile is active, as long as `./configure` is
called with `--disable-man`. (Closes: #1051827)
-- Balint Reczey <balint@balintreczey.hu> Tue, 26 Sep 2023 22:01:52 +0200
shadow (1:4.13+dfsg1-1) unstable; urgency=medium
[ Balint Reczey ]
* debian/watch: Make watch file work with new GitHub UI
* debian/control: Mark libsubid-dev as Multi-Arch: same
* New upstream version 4.13
- fix typo in useradd(8) (Closes: #1021380)
* Refresh patches
[ Debian Janitor ]
* Remove constraints unnecessary since buster (oldstable)
* login: Drop versioned constraint on util-linux in Breaks.
Changes-By: deb-scrub-obsolete
-- Balint Reczey <balint@balintreczey.hu> Fri, 11 Nov 2022 09:28:15 +0100
shadow (1:4.12.3+dfsg1-3) unstable; urgency=medium
[ Debian Janitor ]
* Set upstream metadata fields: Bug-Database, Bug-Submit, Repository-Browse.
[ Balint Reczey ]
* Fix tree copying regressions introduced in 4.12.2. (Closes: #1023132)
-- Balint Reczey <balint@balintreczey.hu> Sat, 05 Nov 2022 14:47:01 +0100
shadow (1:4.12.3+dfsg1-2) unstable; urgency=medium
* Cherry-pick upstream patch to fix regression in expiration date handling
(Closes: #1021697)
-- Balint Reczey <balint@balintreczey.hu> Sat, 22 Oct 2022 20:23:10 +0200
shadow (1:4.12.3+dfsg1-1) unstable; urgency=medium
[ Balint Reczey ]
* New upstream release (Closes: #1004242, #1006848)
* Refresh patches
* debian/patches: Reorder patches in series to make it look sane
* Fix Lintian elevated-privileges tag rename
[ Johannes Schauer Marin Rodrigues ]
* debian/shadowconfig: Support DPKG_ROOT without using chroot()
(Closes: #1007758)
* useradd: cherry-pick patch from upstream to avoid creating several GB worth
of sparse lastlog and faillog files for users with high uid values
(Closes: #1019245)
[ Debian Janitor ]
* Update renamed lintian tag names in lintian overrides.
* Update standards version to 4.6.1, no changes needed.
-- Balint Reczey <balint@balintreczey.hu> Tue, 04 Oct 2022 22:09:04 +0200
shadow (1:4.11.1+dfsg1-2) unstable; urgency=medium
[ Balint Reczey ]
* debian/README.source: Recommend submitting translations upstream
* debian/tests/control: Mark smoke test as superficial
* useradd: Restore defaults used up to 4.8.1 version.
Also fix /etc/default/useradd to state that mail spool directories are
not created.
* login.defs:
- List default value of HOME_MODE
- Warn about weak cryptographic choices, like upstream
- include HMAC_CRYPTO_ALGO key
- Fix typo
[ Jenkins ]
* Trim trailing whitespace.
Changes-By: lintian-brush
Fixes: lintian: trailing-whitespace
* Use canonical URL in Vcs-Git.
Changes-By: lintian-brush
Fixes: lintian: vcs-field-not-canonical
* Fix day-of-week for changelog entry 1:4.1.4.2+svn3283-3.
Changes-By: lintian-brush
Fixes: lintian: debian-changelog-has-wrong-day-of-week
-- Balint Reczey <balint@balintreczey.hu> Thu, 03 Mar 2022 20:41:41 +0100
shadow (1:4.11.1+dfsg1-1) unstable; urgency=medium
* debian/NEWS: Fix version and release of latest entry
-- Balint Reczey <balint@balintreczey.hu> Mon, 31 Jan 2022 10:33:28 +0100
shadow (1:4.11.1+dfsg1-0exp1) experimental; urgency=medium
* login: Don't list su command as shipped (Closes: #960637)
* Install nologin /usr/sbin without patching makefiles
* debian/copyright: Fully rewrite the file based on upstream license update
and exclude contrib/atudel from upstream tarball
* debian/watch: Repack upstream tarball with +dfsg1 suffix
* debian/upstream/signing-key.asc: Update upstream signing key
* New upstream version 4.11.1+dfsg1
* Refresh patches
* Set NONEXISTENT to /nonexistent in shipped login.defs (Closes: #960318)
* Enable newly added yescrypt support
* Include YESCRYPT options in shipped login.defs (Closes: #991914)
* debian/rules: Stop using --disable-shared to build shared libraries
* Ship the libsubid4 and libsubid-dev packages and ship getsubids in uidmap
* debian/rules: Drop obsolete variable setting
* debian/login.lintian-overrides: Drop unused override
* debian/control: Make the Vcs-Browser URL canonical
* debian/login.defs: List new GRANT_AUX_GROUP_SUBIDS option in shipped login.defs
* debian/NEWS: Mention new login behaviour regarding empty password field.
Also set PREVENT_NO_AUTH in shipped login.defs accordingly.
* debian/tests: Cherry-pick part of autopkgtest from Ubuntu.
Thanks to Michael Vogt for the more extensive suite in Ubuntu
* debian/login.defs: Set default subuid and subgid ranges
-- Balint Reczey <balint@balintreczey.hu> Sat, 22 Jan 2022 21:03:44 +0100
shadow (1:4.8.1-2) unstable; urgency=medium
* debian/control: Switch to libsemanage-dev from libsemanage1-dev
(Closes: #998633)
* ACK NMU, thanks for all the changes
* Make passwd recommend sensible-utils because vipw uses sensible-editor
* Add files to debian/not-installed or install them when they were missed
This change ships a few more man page translations
* debian/control: Bump debhelper-compat version to 13
* List man pages to install in debian/*.manpages instead of in
debian/*.install
* Clean up debian/control using 'cme fix dpkg-control'
* Rename deprecated debian/passwd.tmpfile to debian/passwd.tmpfiles
* debian/control: Revert to my personal email address in the Maintainer field
-- Balint Reczey <balint@balintreczey.hu> Wed, 10 Nov 2021 10:39:04 +0100
shadow (1:4.8.1-1.1) unstable; urgency=medium
[ Johannes Schauer Marin Rodrigues ]
* Non-maintainer upload.
[ Niels Thykier ]
* Remove obsolete login.preinst
* Remove obsolete code from passwd maintscripts
[ Helmut Grohne ]
* logoutd is gone since at least buster (closes: #989712)
* Delete duplicate subuid/subgid creation.
* login.postinstd support for DPKG_ROOT (closes: #992578)
-- Johannes Schauer Marin Rodrigues <josch@debian.org> Sat, 23 Oct 2021 21:04:57 +0200
shadow (1:4.8.1-1) unstable; urgency=medium
* debian/default/useradd: Fix typo DHSELL -> DSHELL (Closes: #897028)
* New upstream version 4.8.1
- Update Dutch translation (Closes: #946608)
* Refresh patches
-- Balint Reczey <rbalint@ubuntu.com> Fri, 07 Feb 2020 15:54:14 +0100
shadow (1:4.8-1) unstable; urgency=medium
[ Laurent Bigonville ]
* Move the call to pam_motd before pam_selinux open
[ Justin B Rye ]
* login: Update package description (Closes: #808301)
[ Yuriy M. Kaminskiy ]
* Mark uidmap and login as Multi-Arch: foreign (Closes: #934473)
[ Andreas Henriksson ]
* New upstream release.
- man: generate translations using itstool instead of xml2po
* Replace gnome-doc-utils build-dep with itstool (Closes: #881889)
* Use explicit --without-su configure flag
* Refresh and massage patches to apply
* Cherry-pick upstream patch reverting bindir/sbindir
* Fix lintian warning useless-autoreconf-build-depends
[ Balint Reczey ]
* debian/login.su.pam: Drop unused file
-- Balint Reczey <rbalint@ubuntu.com> Fri, 20 Dec 2019 16:39:40 +0100
shadow (1:4.7-2) unstable; urgency=medium
[ Balint Reczey ]
* Remove obsolete /etc/cron.daily/passwd in maintainer scripts
(Closes: #932017)
* Remove Christian Perrier from Uploaders according to his request.
Thank you for maintaining shadow for long years! (Closes: #893944, #927576)
[ Gaudenz Steinlin ]
* Improve NEWS entry about securetty.
-- Balint Reczey <rbalint@ubuntu.com> Tue, 16 Jul 2019 18:48:12 +0200
shadow (1:4.7-1) unstable; urgency=medium
[ Ondřej Nový ]
* d/changelog: Remove trailing whitespaces
[ Niels Thykier ]
* Declare the explicit requirement for (fake)root.
The shadow package currently requires (fake)root to produce the debs
due to static non-root:root ownerships in the debs.
[ Bryan Quigley ]
* Remove cron daily backup.
It was added in 2010 (#554170) as a split off from a previous cron
job. I haven't seen an argument for why it's useful to keep.
Depending on when a mistake occurs in one of the files it backups
it will provide variable recovery time of 0 to 24hours.
[ Balint Reczey ]
* Add Salsa CI configuration
* Drop Lintian override for su, it is not shipped in login anymore
* Stop shipping and honoring /etc/securetty
(Closes: #731656, #830255, #879903, #920764, #771675, #917893, #607073)
* Migrate to dh from cdbs
* Ship some missing man files
* Fix checking upstream tarball's OpenPGP signature
* New upstream version 4.7
* Refresh patches
* Run autopkgtest in Salsa CI when it exists
* debian/NEWS: Fix version of latest entry
* Clean up /etc/securetty properly on upgrade
-- Balint Reczey <rbalint@ubuntu.com> Mon, 08 Jul 2019 15:58:46 +0200
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog uidmap`.
Generated by dwww version 1.16 on Tue Dec 16 07:43:19 CET 2025.