X-Git-Url: https://granicus.if.org/sourcecode?a=blobdiff_plain;f=NEWS;h=87ba9cb56835d057b7a1ab17a37b2fb3a7bcb403;hb=d4e630b8cc0126dda0f071da76ecf315f4330eb5;hp=76d4bae9ec95432d9e76eb7d13140f5b3286c664;hpb=604c7d72d9756f2204ca55312189d0f74befaad1;p=shadow diff --git a/NEWS b/NEWS index 76d4bae9..87ba9cb5 100644 --- a/NEWS +++ b/NEWS @@ -1,10 +1,125 @@ $Id$ -shadow-4.1.4 -> shadow-4.1.4.1 UNRELEASED +shadow-4.1.4.3 -> shadow-4.1.5 UNRELEASED + +*** security + * su -c could be abused by the executed command to invoke commands with + the caller privileges. See below. + +*** general + * report usage error to stderr, but report usage help to stdout (and return + zero) when explicitly requested (e.g. with --help). + * initial support for tcb (http://openwall.com/tcb/) for useradd, + userdel, usermod, chage, pwck, vipw. + * Added support for ACLs and Extended Attributes in useradd and usermod. + Support shall be enabled with the new --with-acl or --with-attr + configure options. + +-chpasswd + * PAM enabled versions: restore the -e option to allow restoring + passwords without knowing those passwords. Restore together the -m + and -c options. (These options were removed in shadow-4.1.4 on PAM + enabled versions) +- faillog + * The -l, -m, -r, -t options only act on the existing users, unless -a is + specified. +- groupmod + * Fixed groupmod when configured with --enable-account-tools-setuid. +-login + * Fixed limits support (non PAM enabled versions only) + * Added support for infinite limits and group based limits (non PAM + enabled versions only) + * Fixed infinite loop when CONSOLE is configured with a colon-separated + list of TTYs. + * Fixed warning and support for CONSOLE_GROUPS for users member of more + than 16 groups. +- su + * Document the su exit values. + * When su receives a signal, wait for the child to terminate (after + sending a SIGTERM), and kill it only if it did not terminate by itself. + No delay will be enforced if the child cooperates. + * Default ENV_SUPATH is /sbin:/bin:/usr/sbin:/usr/bin + * Fixed infinite loop when CONSOLE is configured with a colon-separated + list of TTYs. + * Fixed warning and support for CONSOLE_GROUPS for users member of more + than 16 groups. + * Do not forward the controlling terminal to commands executed with -c. + This prevents tty hijacking which could lead to execution with the + caller's privileges. + * Close PAM sessions as root. This will be more friendly to PAM modules + like pam_mount or pam_systemd. + * Added support for PAM modules which change PAM_USER. +- newgrp, sg, groupmems + * Fix parsing of gshadow entries. +- useradd + * If the skeleton directory contained hardlinked files, copies of the + hardlink were removed from the skeleton directory. +- userdel + * Check the existence of the user's mail spool before trying to remove + it. If it does not exist, a warning is issued, but no failure. + * Do not remove a group with the same name as the user (usergroup) if + this group isn't the user's primary group. +- usermod + * Accept options in any order (username not necessarily at the end) + * When the shadow file exists but there are no shadow entries, an entry + is created if the password is changed and passwd requires a + shadow entry, or if aging features are used (-e or -f). + +*** translation + * Updated Brazilian Portuguese translation. + * Updated Catalan translation. + * Updated Czech translation. + * Updated Danish translation. + * Updated French translation. + * Updated French man pages translation. + * Updated German translation. + * Updated German man pages translation. + * Updated Japanese translation. + * Updated Kazakh translation. + * Updated Portuguese translation. + * Updated Russian translation. + * Updated Simplified Chinese translation. + * Updated Simplified Chinese man pages translation. + * Updated Swedish translation. + * Updated Vietnamese translation. + +shadow-4.1.4.2 -> shadow-4.1.4.3 2011-02-15 + +*** security +- CVE-2011-0721: An insufficient input sanitation in chfn can be exploited + to create users or groups in a NIS environment. + +shadow-4.1.4.1 -> shadow-4.1.4.2 2009-07-24 + +- general + * Improved support for large groups (impacts most user/group management + tools). + +- addition of system users or groups + * Speed improvement. This should be noticeable in case of LDAP configured + systems. This should impact useradd, groupadd, and newusers + * Since system accounts are allocated from SYS_?ID_MIN to SYS_?ID_MAX in + reverse order, accounts are packed close to SYS_?ID_MAX if SYS_?ID_MIN + is already used but there are still dome gaps. + +- login + * Add support for shells being a shell script without a shebang. +- su + * Preserve the DISPLAY and XAUTHORITY environment variables. This was + only the case in the non PAM enabled versions. + * Add support for shells being a shell script without a shebang. + +*** translation + * The Finnish translation of passwd(1) was outdated and is no more + distributed. + +shadow-4.1.4 -> shadow-4.1.4.1 2009-05-22 - login * Fix failures with empty usernames on non PAM versions. * Fix CONSOLE (securetty) support on non PAM versions. +- newgrp + * Return the exit status of the child. - userdel * On Linux, do not check if an user is logged in with utmp, but check if the user is running some processes.