Re: Upcoming Debian Releases
Guy Maor:
>
> "Brian C. White" <bcwhite@verisim.com> writes:
>
> > If you and Guy Maor want to get this [shadow support] out the door
> > in the next week, then great!
>
> I will finish it this weekend. I'll also recompile xbase so xdm
> works with it.
Great. I just released a new upstream version of the shadow suite,
with a few more bug fixes - please take a look at it
(ftp://serek.arch.pwr.wroc.pl/pub/shadow/shadow-961025.tar.gz).
It works with both non-shadow and shadow passwords (checks for
/etc/shadow at run time), and there are tools to convert back and
forth between them. Also, I think it might be a good idea to move
this from experimental to unstable, so it receives more testing
and feedback.
Most packages already support shadow passwords, but a few still
don't. It shouldn't be hard to do for the maintainers - if in doubt,
ask me for help. It is easy to do, and the same binaries will work
with both shadow and non-shadow passwords. Should I submit bug
reports on packages that don't yet support shadow passwords?
BTW, if you're going to recompile X (as far as I know, one has to
recompile the whole X source tree anyway), please fix 4332/4364
(two bug reports for the same bug) - a security hole in libXt
(buffer overrun, uid 0 shell exploitable using the setuid xterm).
This one probably should go into "stable" as well... (The patch,
replacing sprintf with snprintf, is included in the bug report.)
Regards,
Marek
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: