[Lunar-commits] <moonbase> shadow: Version bump to 4.1.2.1

Stefan Wold ratler at lunar-linux.org
Thu Jul 24 09:25:01 CEST 2008


commit bc3fd228659d2a4f8f3f978d8e062c0a452c2056
Author: Stefan Wold <ratler at lunar-linux.org>
Date:   Thu Jul 24 09:25:01 2008 +0200

    shadow: Version bump to 4.1.2.1
    
    * SECURITY BUMP
    - Fix an "audit log injection" vulnerability in login.
      This vulnerability makes it easier for attackers to hide activities by
      modifying portions of log events, e.g. by appending an addr= statement
      to the login name.
    
    * Minor tweaking in BUILD
    * Added pam.d files I forgot to commit last bump
---
 security/shadow/BUILD           |    1 +
 security/shadow/DETAILS         |    6 +++---
 security/shadow/pam.d/groupmems |    4 ++++
 security/shadow/pam.d/groupmod  |    4 ++++
 security/shadow/pam.d/newusers  |    4 ++++
 5 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/security/shadow/BUILD b/security/shadow/BUILD
index 2c6e854..8a1e0b4 100644
--- a/security/shadow/BUILD
+++ b/security/shadow/BUILD
@@ -14,6 +14,7 @@
               --datadir=/usr/share \
               --infodir=/usr/share/info \
               --mandir=/usr/share/man \
+              --localedir=/usr/share/locale \
               --with-libcrypt \
               --with-libcrack \
               --without-selinux \
diff --git a/security/shadow/DETAILS b/security/shadow/DETAILS
index e1f5f6f..24674a1 100644
--- a/security/shadow/DETAILS
+++ b/security/shadow/DETAILS
@@ -1,16 +1,16 @@
           MODULE=shadow
-         VERSION=4.1.2
+         VERSION=4.1.2.1
           SOURCE=$MODULE-$VERSION.tar.bz2
          SOURCE2=login-1.3.defs.pam
       SOURCE_URL=ftp://pkg-shadow.alioth.debian.org/pub/pkg-shadow/
      SOURCE2_URL=$PATCH_URL
      SOURCE3_URL=$PATCH_URL
-      SOURCE_VFY=sha1:ce005ce380b043dbfdbddcf0ac7b9a750217f0f6
+      SOURCE_VFY=sha1:a007e90d844d25d67a49699d508613ccea54e068
      SOURCE2_VFY=sha1:92676e80ec2e8e83d0dcbd688e1e4026b647232e
         WEB_SITE=http://packages.qa.debian.org/s/shadow.html
       MAINTAINER=ratler at lunar-linux.org
          ENTERED=20010922
-         UPDATED=20080624
+         UPDATED=20080724
            SHORT="Contains the shadow password file utilities"
 PSAFE=no
 
diff --git a/security/shadow/pam.d/groupmems b/security/shadow/pam.d/groupmems
new file mode 100644
index 0000000..8f49f5c
--- /dev/null
+++ b/security/shadow/pam.d/groupmems
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+account		required	pam_permit.so
+password	include		system-auth
diff --git a/security/shadow/pam.d/groupmod b/security/shadow/pam.d/groupmod
new file mode 100644
index 0000000..8f49f5c
--- /dev/null
+++ b/security/shadow/pam.d/groupmod
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+account		required	pam_permit.so
+password	include		system-auth
diff --git a/security/shadow/pam.d/newusers b/security/shadow/pam.d/newusers
new file mode 100644
index 0000000..8f49f5c
--- /dev/null
+++ b/security/shadow/pam.d/newusers
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth		sufficient	pam_rootok.so
+account		required	pam_permit.so
+password	include		system-auth


More information about the Lunar-commits mailing list