$Id$
-shadow-4.1.3.1 -> shadow-4.1.3.2 UNRELEASED
+shadow-4.1.4.1 -> shadow-4.1.4.2 2009-07-24
+
+- general
+ * Improved support for large groups (impacts most user/group management
+ tools).
+
+- addition of system users or groups
+ * Speed improvement. This should be noticeable in case of LDAP configured
+ systems. This should impact useradd, groupadd, and newusers
+ * Since system accounts are allocated from SYS_?ID_MIN to SYS_?ID_MAX in
+ reverse order, accounts are packed close to SYS_?ID_MAX if SYS_?ID_MIN
+ is already used but there are still dome gaps.
+
+- login
+ * Add support for shells being a shell script without a shebang.
+- su
+ * Preserve the DISPLAY and XAUTHORITY environment variables. This was
+ only the case in the non PAM enabled versions.
+ * Add support for shells being a shell script without a shebang.
+
+*** translation
+ * The Finnish translation of passwd(1) was outdated and is no more
+ distributed.
+
+shadow-4.1.4 -> shadow-4.1.4.1 2009-05-22
+
+- login
+ * Fix failures with empty usernames on non PAM versions.
+ * Fix CONSOLE (securetty) support on non PAM versions.
+- newgrp
+ * Return the exit status of the child.
+- userdel
+ * On Linux, do not check if an user is logged in with utmp, but check if
+ the user is running some processes.
+ * If not on Linux, continue to search for an utmp record, but make sure
+ the process recorded in the utmp entry is still running.
+ * Report failures to remove the user's mailbox
+ * When USERGROUPS_ENAB is enabled, remove the user's group when the
+ user was the only member.
+ * Do not fail when -r is used and the home directory does not exist.
+- usermod
+ * Check if the user is busy when the user's UID, name or home directory
+ is changed.
+
+shadow-4.1.3.1 -> shadow-4.1.4 2009-05-10
- packaging
* Enable --enable-account-tools-setuid by default for PAM builds.
+ * Add configure option --enable-utmpx, disabled by default to mimic
+ the previous behavior on Linux (where utmp and utmpx are identical).
+ * Fix build failure on non-PAM systems when --without-pam is not
+ specified.
+
+- chpasswd
+ * Change the passwords using PAM. This permits to define the password
+ policy in a central place. The -c/--crypt-method, -e/--encrypted,
+ -m/--md5 and -s/--sha-rounds options are no more supported on PAM
+ enabled systems.
+- grpck
+ * Warn if a group has an entry in group and gshadow, and the password
+ field in group is not 'x'.
- login
* Do not trust the current utmp entry's ut_line to set PAM_TTY. This could
lead to DOS attacks.
user to update his authentication token if needed.
- lastlog
* Fix regression causing empty reports.
+- newusers
+ * Change the passwords using PAM. This permits to define the password
+ policy in a central place. The -c/--crypt-method and -s/--sha-rounds
+ options are no more supported on PAM enabled systems.
+- pwck
+ * Warn if an user has an entry in passwd and shadow, and the password
+ field in passwd is not 'x'.
*** translation
+ - Updated Czech translation
+ - Updated French translation
+ - Updated German translation
+ - Updated Japanese translation
- Updated Korean translation
- Updated Portuguese translation
+ - Updated Russian translation
shadow-4.1.3 -> shadow-4.1.3.1 2009-04-15