]> granicus.if.org Git - shadow/blobdiff - NEWS
projects / shadow / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
* src/usermod.c (process_flags): Indicate that the user name is
[shadow] / NEWS
diff --git a/NEWS b/NEWS
index 3b731e96af033d959d6e24b05664079808335ef6..87ba9cb56835d057b7a1ab17a37b2fb3a7bcb403 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -2,7 +2,11 @@ $Id$
 
 shadow-4.1.4.3 -> shadow-4.1.5                                 UNRELEASED
 
-- general
+*** security
+  * su -c could be abused by the executed command to invoke commands with
+    the caller privileges. See below.
+
+*** general
   * report usage error to stderr, but report usage help to stdout (and return
     zero) when explicitly requested (e.g. with --help).
   * initial support for tcb (http://openwall.com/tcb/) for useradd,
@@ -39,6 +43,12 @@ shadow-4.1.4.3 -> shadow-4.1.5                                       UNRELEASED
     list of TTYs.
   * Fixed warning and support for CONSOLE_GROUPS for users member of more
     than 16 groups.
+  * Do not forward the controlling terminal to commands executed with -c.
+    This prevents tty hijacking which could lead to execution with the
+    caller's privileges.
+  * Close PAM sessions as root. This will be more friendly to PAM modules
+    like pam_mount or pam_systemd.
+  * Added support for PAM modules which change PAM_USER.
 - newgrp, sg, groupmems
   * Fix parsing of gshadow entries.
 - useradd
@@ -51,15 +61,31 @@ shadow-4.1.4.3 -> shadow-4.1.5                                      UNRELEASED
     this group isn't the user's primary group.
 - usermod
   * Accept options in any order (username not necessarily at the end)
+  * When the shadow file exists but there are no shadow entries, an entry
+    is created if the password is changed and passwd requires a
+    shadow entry, or if aging features are used (-e or -f).
 
 *** translation
+  * Updated Brazilian Portuguese translation.
+  * Updated Catalan translation.
   * Updated Czech translation.
-  * Updated Vietnamese translation.
+  * Updated Danish translation.
+  * Updated French translation.
+  * Updated French man pages translation.
+  * Updated German translation.
+  * Updated German man pages translation.
+  * Updated Japanese translation.
   * Updated Kazakh translation.
+  * Updated Portuguese translation.
+  * Updated Russian translation.
+  * Updated Simplified Chinese translation.
+  * Updated Simplified Chinese man pages translation.
+  * Updated Swedish translation.
+  * Updated Vietnamese translation.
 
 shadow-4.1.4.2 -> shadow-4.1.4.3                                               2011-02-15
 
-*** security:
+*** security
 - CVE-2011-0721: An insufficient input sanitation in chfn can be exploited
   to create users or groups in a NIS environment.
 
Unnamed repository; edit this file 'description' to name the repository.