Re: Passwd packages are too buggy (need help?)

To: Javier Fernández-Sanguino Peña <jfs@computer.org>
Cc: debian-qa@lists.debian.org
Subject: Re: Passwd packages are too buggy (need help?)
From: kcr@debian.org
Date: 03 Sep 2002 12:48:37 -0400
Message-id: <[🔎] uusheh7c93u.fsf@GENUINE-IMITATION-OVALKWIK.MIT.EDU>
In-reply-to: <[🔎] 20020903154113.GA28931@dat.etsit.upm.es>
References: <[🔎] 20020903154113.GA28931@dat.etsit.upm.es>

Javier Fernández-Sanguino Peña <jfs@computer.org> writes:
> Karl, I have just recently browsed the passwd packages bugs and there are
> quite a number of them who have not been addressed (some) for over a year.
> Many of these bugs could be considered security related because some of
> the tools provided will not work with MD5 passwods (recommended in Debian
> installation).

Many of the older ones I inherited from the previous maintainer, and many
of them I believe were fixed by the previous maintainer still open because
I tend to put new packages ahead of debbugs maintenance.

> Many bug reports do not even have a followup by the maintainer saying: 
> "this is true, will fix". There is a new release upstream (as #150237
> says) that seems to fix some of the bugs (such as #142070, #89803, #81721)
> since PAM support has been added (as far as I can see in
> http://cvs.pld.org.pl/shadow/ChangeLog?rev=1.1)  also these entries are
> important:

I know about the new release.  Why does everyone assume that I don't?  I'm
currently slogging through the debian-specific patches from the
previous-version packaging, and not enjoying it very much because the new
upstream reformatted all the C code.

> * src/useradd.c:
> 	- fix a security bug (adduser could overwrite previously existing
> 	  groups (shadow-19990827-group.patch from RH),
> * lib/commonio.c:
> 	- installed fix for SEGV when using pwck -s on /etc/passwd file
> with
> 	  empty lines in it

Neither of those seem especially earth-shattering.  Annoying, yes, but not
earth shattering [and I'd need some convincing that the useradd bug was
actually a security problem.]

> Most other changes are documentation-related (translated manpages).
> 
> Do you need help with this package? You could consider uploading a new
> upstream version up to experimental and ask bug-trackers to follow it and
> see if it fixes (some of) the bugs that are currently over a year old.

What I have now works for me, but I suspect it would be badly broken for
most people.  I'll consider whether I'll die of embarrassment if I upload
it to experimental.

> PS: Incidently I just filed a bug against xscreensaver and against passwd,
> sorry :(

Hmm, don't see your passwd bug yet.  And I'm not convinced at all by your
xscreensaver bug. :-)

kcr

Reply to:

Follow-Ups:
- Re: Passwd packages are too buggy (need help?)
  - From: Tollef Fog Heen <tollef@add.no>

References:
- Passwd packages are too buggy (need help?)
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

Prev by Date: Passwd packages are too buggy (need help?)
Next by Date: Re: old ITP's
Previous by thread: Passwd packages are too buggy (need help?)
Next by thread: Re: Passwd packages are too buggy (need help?)
Index(es):
- Date
- Thread