Your message dated Thu, 03 Apr 2008 00:17:15 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#470745: fixed in shadow 1:4.1.1-1
has caused the Debian Bug report #470745,
regarding passwd: usermod loops and mem leaks
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
470745: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=470745
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: passwd
Version: 1:4.0.18.1-7
Severity: critical
Justification: breaks the whole system
If /etc/gshadow file has been changed so two otherwise non-identical groups
apear with the same groupname, usermod will loop and use all memory on system
if called.
Reproducable by performing this:
# groupadd tr
# groupadd rtr
# useradd -g tr tr
# perl -pi -e 's/rtr/tr/g' /etc/gshadow
# usermod -G tr tr
<observe usermod using memory and proc time>
Tested and reproduced on latest (4.0r3) netinst iso image and updated with all
packages.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Versions of packages passwd depends on:
ii debianutils 2.17 Miscellaneous utilities specific t
ii libc6 2.3.6.ds1-13etch5 GNU C Library: Shared libraries
ii libpam-modules 0.79-5 Pluggable Authentication Modules f
ii libpam0g 0.79-5 Pluggable Authentication Modules l
ii libselinux1 1.32-3 SELinux shared libraries
ii login 1:4.0.18.1-7 system login tools
passwd recommends no packages.
-- debconf information:
passwd/root-password-crypted: (password omitted)
passwd/user-password-crypted: (password omitted)
passwd/root-password: (password omitted)
passwd/root-password-again: (password omitted)
passwd/user-password-again: (password omitted)
passwd/user-password: (password omitted)
passwd/password-mismatch:
passwd/shadow: true
passwd/username: tr
passwd/password-empty:
passwd/username-bad:
passwd/make-user: true
passwd/title:
passwd/user-fullname:
passwd/user-uid:
--- End Message ---
--- Begin Message ---
Source: shadow
Source-Version: 1:4.1.1-1
We believe that the bug you reported is fixed in the latest version of
shadow, which is due to be installed in the Debian FTP archive:
login_4.1.1-1_i386.deb
to pool/main/s/shadow/login_4.1.1-1_i386.deb
passwd_4.1.1-1_i386.deb
to pool/main/s/shadow/passwd_4.1.1-1_i386.deb
shadow_4.1.1-1.diff.gz
to pool/main/s/shadow/shadow_4.1.1-1.diff.gz
shadow_4.1.1-1.dsc
to pool/main/s/shadow/shadow_4.1.1-1.dsc
shadow_4.1.1.orig.tar.gz
to pool/main/s/shadow/shadow_4.1.1.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nicolas FRANCOIS (Nekral) <[EMAIL PROTECTED]> (supplier of updated shadow
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 03 Apr 2008 01:31:10 +0200
Source: shadow
Binary: passwd login
Architecture: source i386
Version: 1:4.1.1-1
Distribution: unstable
Urgency: low
Maintainer: Shadow package maintainers <[EMAIL PROTECTED]>
Changed-By: Nicolas FRANCOIS (Nekral) <[EMAIL PROTECTED]>
Description:
login - system login tools
passwd - change and administer password and group data
Closes: 445484 461374 461670 467236 467488 470745 471802 471935 472244 472506
472575 472951 473279 473555 473646
Changes:
shadow (1:4.1.1-1) unstable; urgency=low
.
* New upstream release. This closes the following bugs:
- Fix errors when gpasswd is called without a gshadow file.
Closes: #467236, #467488
- Fix newgrp segfault when the primary group is not listed in /etc/groups.
Closes: #461670
- Fix infinite loop in usermod when two groups have the same name.
Closes: #470745
- Make SE Linux tests more strict, when the real UID is 0 SE Linux checks
will be performed. Closes: #472575
- Option --password added to groupadd / groupmod (like useradd / usermod).
Closes: #445484
- Remove patches applied upstream:
+ debian/patches/451_login_PATH
+ debian/patches/462_warn_to_edit_shadow
+ debian/patches/467_useradd_-r_LSB
+ debian/patches/466_fflush-prompt
+ debian/patches/480_getopt_args_reorder
+ debian/patches/496_login_init_session
+ debian/patches/408_passwd_check_arguments
+ debian/patches/412_lastlog_-u_numerical_range
+ debian/patches/407_adduser_disable_PUG_with-n
- Updated patches:
+ debian/patches/504_undef_USE_PAM.nolibpam
$(LIBCRYPT) $(LIBSKEY) $(LIBMD) are no more included in libshadow.la.
Avoid link to unneeded libraries (spotted by dpkg-shlibdeps).
+ debian/patches/501_commonio_group_shadow
+ debian/patches/429_login_FAILLOG_ENAB
+ debian/patches/542_useradd-O_option
+ debian/patches/401_cppw_src.dpatch
+ debian/patches/428_grpck_add_prune_option
- Updated translations:
+ Basque. Closes: #473555
+ German. Closes: #473646
+ Italian. Closes: #472951
+ Korean. Closes: #471935
+ Portuguese. Closes: #472244
+ Russian. Closes: #472506
+ Slovak. Closes: #471802
+ Turkish. Closes: #473279
* debian/watch: Add a watch file for shadow.
* debian/rules, debian/recode_manpages.sh: Do not recode the manpages.
Keep them in UTF-8.
* debian/rules, debian/control: login (>= 970502-1) was already provided
by login in Hamm. libpam-modules (>= 0.72-5) was already provided by
libpam-modules in Potato. libpam-runtime (>= 0.76-14) was already provided
by libpam-runtime in Sarge (now oldstable). Simplify the dependencies.
* debian/control: Move the dependency on libpam-modules from Depends to
Pre-Depends. The login package is Essential, and without libpam-modules,
login or su are not functional. Thanks to Steve Langasek for pointing this
out.
* debian/control: There's no need for a dependency on login (now that it is
unversionned; see above) in the passwd package.
* debian/control: The passwd's Replaces on manpages-de can be versionned
again. The su(1) manpage was removed from manpages-de.
* debian/securetty.linux: Added ttyUSB0, ttyUSB1, ttyUSB2, and MPC5200
serial ports (ttyPSC0, ttyPSC1, ttyPSC2, ttyPSC3, ttyPSC4, ttyPSC5).
Closes: #461374
* debian/control: Change XS-X-Vcs-Svn to Vcs-Svn. Update the link to the
new repository layout. Add a Vcs-Browser field.
* debian/control: Added Homepage field.
* debian/passwd.postrm: Removed (was empty).
Files:
2edb489bd07a9a09e378cc3a53da7315 1160 admin required shadow_4.1.1-1.dsc
ae893c18fdb0a89bc7991ba1098f1446 2720267 admin required
shadow_4.1.1.orig.tar.gz
f6b6241d60ae93cf59d5c7076c863c75 76018 admin required shadow_4.1.1-1.diff.gz
d396813553676b7114aef714d961ab2d 851106 admin required passwd_4.1.1-1_i386.deb
057b56c6f418289d873fc7aceceeb3a5 857970 admin required login_4.1.1-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH9B3ZWgo5mup89a0RAri3AJ4y/H5GADTWIfgFta0julvrwQ4/SgCfc1MI
GBlVDL6jN7+HGYZgygtYLX8=
=fzF5
-----END PGP SIGNATURE-----
--- End Message ---
