shadow - Debian Package Tracker

general

source: shadow (main)
version: 1:4.16.0-4
maintainer: Shadow package maintainers (archive) (DMD)
uploaders: Chris Hofstaedtler [DMD] – Serge Hallyn [DMD]
arch: all any
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:4.5-1.1
oldstable: 1:4.8.1-1
stable: 1:4.13+dfsg1-1
testing: 1:4.16.0-4
unstable: 1:4.16.0-4

versioned links

1:4.5-1.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.8.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.13+dfsg1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.16.0-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libsubid-dev
libsubid5
login.defs (2 bugs: 0, 0, 2, 0)
passwd (25 bugs: 0, 16, 9, 0)
uidmap (1 bugs: 0, 1, 0, 0)

action needed

3 bugs tagged patch in the BTS normal

The BTS contains patches fixing 3 bugs, consider including or untagging them.

Created: 2024-02-25 Last update: 2024-11-15 14:01

Depends on packages which need a new maintainer normal

The packages that shadow depends on which need a new maintainer are:

docbook-xml (#802368)
- Build-Depends: docbook-xml
docbook-xsl (#802370)
- Build-Depends: docbook-xsl

Created: 2023-09-01 Last update: 2024-11-15 12:00

5 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit ccaa7ea01ec2fcbfc99bc58306eb717e477466ec
Merge: a5e0d00 1eaf901
Author: Chris Hofstaedtler <zeha@debian.org>
Date:   Thu Sep 12 23:19:21 2024 +0000

    Merge branch 'non-linux' into 'master'
    
    Include <utmpx.h>, fixing the build on GNU/Hurd
    
    See merge request debian/shadow!26

commit 1eaf9012b10e4688a064a571c820fe29a9f00c12
Author: Pino Toscano <pino@debian.org>
Date:   Thu Sep 12 19:15:27 2024 +0200

    Include <utmpx.h>, fixing the build on GNU/Hurd

commit a5e0d004422c1ea2287390757b448e11b5ae9826
Author: Chris Hofstaedtler <zeha@debian.org>
Date:   Fri Aug 23 12:13:24 2024 +0200

    Customize debian/salsa-ci.yml
    
    Gbp-Dch: ignore

commit ade65b0204872501532d8c999a24c2ad7de7c829
Author: Chris Hofstaedtler <zeha@debian.org>
Date:   Tue Aug 13 09:39:05 2024 +0200

    debputy.manifest: merge path-metadata entries

commit a23a040247daf7b1c043d67a9d535dde6221cbe4
Author: Chris Hofstaedtler <zeha@debian.org>
Date:   Tue Aug 6 01:02:58 2024 +0200

    Always build with btrfs support on linux-any
    
    Closes: #856557

Created: 2024-08-06 Last update: 2024-11-10 02:06

lintian reports 2 warnings normal

Lintian reports 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2024-08-06 Last update: 2024-08-06 12:07

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2023-4641: (needs triaging) A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.
CVE-2023-29383: (needs triaging) In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

You can find information about how to handle these issues in the security team's documentation.

Created: 2023-06-10 Last update: 2024-10-26 22:31

debian/patches: 10 patches to forward upstream low

Among the 11 debian patches available in version 1:4.16.0-4 of the package, we noticed the following issues:

10 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2024-08-06 11:48

news

[rss feed]

[2024-08-28] shadow 1:4.16.0-4 MIGRATED to testing (Debian testing watch)
[2024-08-05] Accepted shadow 1:4.16.0-4 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-08-05] Accepted shadow 1:4.16.0-3 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-08-05] Accepted shadow 1:4.16.0-2 (source) into experimental (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-08-03] Accepted shadow 1:4.16.0-1 (source arm64 all) into experimental (Debian FTP Masters) (signed by: Christian Hofstaedtler)
[2024-07-21] Accepted shadow 1:4.15.3-3 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-07-13] shadow 1:4.15.3-2 MIGRATED to testing (Debian testing watch)
[2024-07-07] Accepted shadow 1:4.15.3-2 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-07-06] Accepted shadow 1:4.15.3-1 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-07-01] shadow 1:4.15.2-3 MIGRATED to testing (Debian testing watch)
[2024-07-01] shadow 1:4.15.2-3 MIGRATED to testing (Debian testing watch)
[2024-06-26] Accepted shadow 1:4.15.2-3 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-06-25] Accepted shadow 1:4.15.2-2 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-06-22] Accepted shadow 1:4.15.2-1 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-06-22] Accepted shadow 1:4.15.1-1 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-06-08] shadow 1:4.13+dfsg1-5 MIGRATED to testing (Debian testing watch)
[2024-06-02] Accepted shadow 1:4.13+dfsg1-5 (source) into unstable (Chris Hofstaedtler) (signed by: Christian Hofstaedtler)
[2024-02-24] shadow 1:4.13+dfsg1-4 MIGRATED to testing (Debian testing watch)
[2024-02-18] Accepted shadow 1:4.13+dfsg1-4 (source) into unstable (Serge Hallyn) (signed by: Jonathan Carter)
[2023-10-21] shadow 1:4.13+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2023-10-21] shadow 1:4.13+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2023-10-15] Accepted shadow 1:4.13+dfsg1-3 (source) into unstable (Balint Reczey)
[2023-10-02] shadow 1:4.13+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2023-09-27] Accepted shadow 1:4.13+dfsg1-2 (source) into unstable (Balint Reczey)
[2022-11-17] shadow 1:4.13+dfsg1-1 MIGRATED to testing (Debian testing watch)
[2022-11-11] Accepted shadow 1:4.13+dfsg1-1 (source) into unstable (Balint Reczey)
[2022-11-11] shadow 1:4.12.3+dfsg1-3 MIGRATED to testing (Debian testing watch)
[2022-11-05] Accepted shadow 1:4.12.3+dfsg1-3 (source) into unstable (Balint Reczey)
[2022-10-28] shadow 1:4.12.3+dfsg1-2 MIGRATED to testing (Debian testing watch)
[2022-10-22] Accepted shadow 1:4.12.3+dfsg1-2 (source) into unstable (Balint Reczey)

bugs [bug history graph]

all: 41
RC: 0
I&N: 20
M&W: 20
F&P: 1
patch: 3

links

homepage
lintian (0, 2)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
l10n (34, 55)
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:4.15.3-3ubuntu2
92 bugs (4 patches)
patches for 1:4.15.3-3ubuntu2