Freeze exception: shadow
Hello,
On Wed, Aug 18, 2010 at 02:24:50PM +0200, Mehdi Dogguy wrote:
>
> Can I trade this unblock with an upload of src:shadow? :) It has 3 RC
> bugs tagged as pending since months.
Looks like I'm trading for additional work I would have to do.
This looks biased;)
More seriously, I need to find what would be the preferred next shadow
release:
[1] Prepare an upstream release and a Debian package based on it
[2] Package the current upstream trunk (this is mostly ready but must be
tested, and I need to check if I raised my hand in the middle of a
patch)
[3] Retrofit fixes for Debian bugs
[4] Retrofit fixes for Debian release critical bugs only
[1] does not look realistic for me.
Then from an effort point of view, my preference goes from [2] to [4] to [3]
What would be acceptable for a freeze exception?
The current (i.e. trunk matching solution [2] above) changelog entries are:
* The "Bleu de Gex" release.
* New upstream release:
- Fix formatting of the login.defs.5 manpage. Closes: #542804
- Updated Czech translation. Closes: #548407
- Updated Vietnamese translation. Closes: #548065
- Remove patches applied upstream:
+ debian/patches/008_su_no_sanitize_env
+ debian/patches/483_su_fakelogin_wrong_arg0
- Updated patches:
+ debian/patches/523_su_arguments_are_no_more_concatenated_by_default
+ debian/patches/542_useradd-O_option
- Added support for dates already specified as a number of days since
Epoch in useradd, usermod and chage. Closes: #562221
- This also allows, in the chage interactive mode, to specify -1 as the
expiration date to disable it. Closes: #573018
- Fixed parsing of gshadow. This fix password support in newgrp.
Closes: #569899
- pwck and grpck stop sorting at the first line which begins with a '+'.
This will avoid messing up with NIS entries. Closes: #567836
- Fix interruption of su, newgrp, vipw with Ctrl-Z. Closes: 530231
- mail checking is no more mentioned in login(1) since it is done by PAM.
Closes: #470059
- The -e (and -c and -m) option was restored in chpasswd (which still uses
PAM by default). Closes: #539354
- Kazakh translation updated. Closes: #586994
* debian/securetty.kfreebsd: On GNU/kFreeBSD the serial devices have change
from /dev/cuuaX to /dev/ttydX in kernel 6.0. Closes: #544523
* debian/securetty.linux: Added support for embedded ARM AMBA PL011 ports
(e.g. emulated by QEMU). Closes: #544184
* debian/control: Removed Martin Quinson from the Uploaders, on his request.
* debian/login.defs: Improve documentation of USERGROUPS_ENAB.
Closes: #572687
* debian/rules: Added DEB_AUTO_UPDATE_LIBTOOL = pre. Closes: #560633
* debian/login.pam: return back to mostly "requisite" for the pam_securetty
PAM module, but ignore PAM_USER_UNKNOWN. This will avoid root from
entering a password, and will also avoid user enumeration attacks.
Mis-typed root login are not protected, only root can be blamed for
mis-typing and entering a password on an insecure line. Users willing to
protect against mis-typed root login can use "requisite", but will be
vulnerable to user enumeration attacks on insecure lines, and should use
pam 1.1.0-4 at least. Closes: #574082, #531341
* debian/passwd.cron.daily: Handle the backups of the user and group
databases so that it can be removed from the standard daily cron job.
Closes: #554170
* debian/login.defs: Updated description of UMASK (used by pam_umask).
* debian/securetty.linux: Reorganize and synchronize with
Documentation/devices.txt. This added a lot of TTYs, including the
ttyPZ0..3. Closes: #576203
* debian/rules, debian/man.insert, debian/man.insert.sed: Hack to avoid bug
507673, causing missing apostrophes in the manpages generated by
docbook-xsl.
* debian/control: Standards-Version: bumped to 3.8.4. No changes.
* debian/passwd.lintian-overrides: Remove old entries relevant for
passwd.config.
* debian/control: Do not repeat the Section and Priority fields for the
binary packages.
Best Regards,
--
Nekral
Reply to: