Debian Bug report logs -
#569899
/usr/bin/newgrp: newgrp: Always fails with "Invalid password." after asking for one
Reported by: Michael Bunk <mb@computer-leipzig.com>
Date: Sun, 14 Feb 2010 21:27:02 UTC
Severity: normal
Found in version shadow/1:4.1.4.2-1
Fixed in version shadow/1:4.1.4.2+svn3283-1
Done: Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>:
Bug#569899; Package login.
(Sun, 14 Feb 2010 21:27:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Bunk <mb@computer-leipzig.com>:
New Bug report received and forwarded. Copy sent to Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>.
(Sun, 14 Feb 2010 21:27:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: login
Version: 1:4.1.4.2-1
Severity: normal
File: /usr/bin/newgrp
If you try to switch to a password protected (with gpasswd) group you are no member of using "newgrp somegroup", even if you supply the right password, you get "Invalid password.".
The reason is the code for reading /etc/gshadow being broken. Attached is a small fix against svn://svn.debian.org/svn/pkg-shadow/upstream/trunk Revision 3094.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.33-rc6 (SMP w/1 CPU core)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages login depends on:
ii libc6 2.10.2-2 GNU C Library: Shared libraries
ii libpam-modules 1.1.0-4 Pluggable Authentication Modules f
ii libpam-runtime 1.1.0-4 Runtime support for the PAM librar
ii libpam0g 1.1.1-1 Pluggable Authentication Modules l
login recommends no packages.
login suggests no packages.
-- no debconf information
[fix-etc-gshadow-reading.patch (text/x-diff, attachment)]
Added tag(s) pending.
Request was from Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net>
to control@bugs.debian.org.
(Fri, 19 Mar 2010 18:12:02 GMT) (full text, mbox, link).
Reply sent
to Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net>:
You have taken responsibility.
(Mon, 06 Sep 2010 08:33:36 GMT) (full text, mbox, link).
Notification sent
to Michael Bunk <mb@computer-leipzig.com>:
Bug acknowledged by developer.
(Mon, 06 Sep 2010 08:33:36 GMT) (full text, mbox, link).
Message #12 received at 569899-close@bugs.debian.org (full text, mbox, reply):
Source: shadow
Source-Version: 1:4.1.4.2+svn3283-1
We believe that the bug you reported is fixed in the latest version of
shadow, which is due to be installed in the Debian FTP archive:
login_4.1.4.2+svn3283-1_i386.deb
to main/s/shadow/login_4.1.4.2+svn3283-1_i386.deb
passwd_4.1.4.2+svn3283-1_i386.deb
to main/s/shadow/passwd_4.1.4.2+svn3283-1_i386.deb
shadow_4.1.4.2+svn3283-1.diff.gz
to main/s/shadow/shadow_4.1.4.2+svn3283-1.diff.gz
shadow_4.1.4.2+svn3283-1.dsc
to main/s/shadow/shadow_4.1.4.2+svn3283-1.dsc
shadow_4.1.4.2+svn3283.orig.tar.gz
to main/s/shadow/shadow_4.1.4.2+svn3283.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 569899@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net> (supplier of updated shadow package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 29 Aug 2010 21:14:12 +0200
Source: shadow
Binary: passwd login
Architecture: source i386
Version: 1:4.1.4.2+svn3283-1
Distribution: unstable
Urgency: low
Maintainer: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
Changed-By: Nicolas FRANCOIS (Nekral) <nicolas.francois@centraliens.net>
Description:
login - system login tools
passwd - change and administer password and group data
Closes: 470059 530231 531341 539354 542804 544184 544523 548065 548407 554170 560633 562221 567836 569899 572687 573018 574082 576203 582166 586994
Changes:
shadow (1:4.1.4.2+svn3283-1) unstable; urgency=low
.
* The "Bleu de Gex" release.
* New upstream unreleased version:
- Fix formatting of the login.defs.5 manpage. Closes: #542804
- Updated Czech translation. Closes: #548407
- Updated Vietnamese translation. Closes: #548065
- Remove patches applied upstream:
+ debian/patches/008_su_no_sanitize_env
+ debian/patches/483_su_fakelogin_wrong_arg0
- Updated patches:
+ debian/patches/523_su_arguments_are_no_more_concatenated_by_default
+ debian/patches/542_useradd-O_option
- Added support for dates already specified as a number of days since
Epoch in useradd, usermod and chage. Closes: #562221
- This also allows, in the chage interactive mode, to specify -1 as the
expiration date to disable it. Closes: #573018
- Fixed parsing of gshadow. This fix password support in newgrp.
Closes: #569899
- pwck and grpck stop sorting at the first line which begins with a '+'.
This will avoid messing up with NIS entries. Closes: #567836
- Fix interruption of su, newgrp, vipw with Ctrl-Z. Closes: 530231
- mail checking is no more mentioned in login(1) since it is done by PAM.
Closes: #470059
- The -e (and -c and -m) option was restored in chpasswd (which still uses
PAM by default). Closes: #539354
- Kazakh translation updated. Closes: #586994
- Fixed comma splice in chsh(1). Closes: #582166
* debian/securetty.kfreebsd: On GNU/kFreeBSD the serial devices have change
from /dev/cuuaX to /dev/ttydX in kernel 6.0. Closes: #544523
* debian/securetty.linux: Added support for embedded ARM AMBA PL011 ports
(e.g. emulated by QEMU). Closes: #544184
* debian/control: Removed Martin Quinson from the Uploaders, on his request.
* debian/login.defs: Improve documentation of USERGROUPS_ENAB.
Closes: #572687
* debian/rules: Added DEB_AUTO_UPDATE_LIBTOOL = pre. Closes: #560633
* debian/login.pam: return back to mostly "requisite" for the pam_securetty
PAM module, but ignore PAM_USER_UNKNOWN. This will avoid root from
entering a password, and will also avoid user enumeration attacks.
Mis-typed root login are not protected, only root can be blamed for
mis-typing and entering a password on an insecure line. Users willing to
protect against mis-typed root login can use "requisite", but will be
vulnerable to user enumeration attacks on insecure lines, and should use
pam 1.1.0-4 at least. Closes: #574082, #531341
* debian/passwd.cron.daily: Handle the backups of the user and group
databases so that it can be removed from the standard daily cron job.
Closes: #554170
* debian/login.defs: Updated description of UMASK (used by pam_umask).
* debian/securetty.linux: Reorganize and synchronize with
Documentation/devices.txt. This added a lot of TTYs, including the
ttyPZ0..3. Closes: #576203
* debian/rules, debian/man.insert, debian/man.insert.sed: Hack to avoid bug
507673, causing missing apostrophes in the manpages generated by
docbook-xsl (see debian bug 507673).
* debian/control: Standards-Version: bumped to 3.8.4. No changes.
* debian/passwd.lintian-overrides: Remove old entries relevant for
passwd.config.
* debian/control: Do not repeat the Section and Priority fields for the
binary packages.
* debian/rules: Disable new features: --without-acl --without-attr
--without-tcb
Checksums-Sha1:
7e6d456cac76b0edb669bc8c6b6e35988554a2aa 1574 shadow_4.1.4.2+svn3283-1.dsc
8b704b8f07718e329205f23d457c3121c0f3679e 2942890 shadow_4.1.4.2+svn3283.orig.tar.gz
1c59dc329cc0eb2853eef9d1704765d2802ab35a 79546 shadow_4.1.4.2+svn3283-1.diff.gz
37078d85476f27c9fa744d790b443e326d7bad88 1033502 passwd_4.1.4.2+svn3283-1_i386.deb
91e3b85485627e729f38a1cd5488890119f92ec8 782862 login_4.1.4.2+svn3283-1_i386.deb
Checksums-Sha256:
bb607350daf7f665026d3c797488cc1709760ea2db456860aa7ad5b7afcb0795 1574 shadow_4.1.4.2+svn3283-1.dsc
2bb79a35d5610515daf6471a091025b4bf991b6c631e068baa6097a13cf83fcb 2942890 shadow_4.1.4.2+svn3283.orig.tar.gz
0590e9eb246848abddee0a576f8d4870ab8e3b4035266e73335b171b256f5bd4 79546 shadow_4.1.4.2+svn3283-1.diff.gz
103ad32ed5e798c3fb4c918ebe6d8c3c27fb97b10f0e812820b253f5793621e3 1033502 passwd_4.1.4.2+svn3283-1_i386.deb
12f4501ef74528a646d85db90fb5a28a8ab91887e189d837f8bfcc603639fd12 782862 login_4.1.4.2+svn3283-1_i386.deb
Files:
d3e1dfa7117ea6745f686d50d09b1dac 1574 admin required shadow_4.1.4.2+svn3283-1.dsc
10f6ddcb029c024aaf77d033bcb459d5 2942890 admin required shadow_4.1.4.2+svn3283.orig.tar.gz
b6e34205c45409f01b1c2ab9ed2ea84e 79546 admin required shadow_4.1.4.2+svn3283-1.diff.gz
a2a9fc8dabfffabfe425703c8b100655 1033502 admin required passwd_4.1.4.2+svn3283-1_i386.deb
befcae284cecb4e531f3f05c04a65506 782862 admin required login_4.1.4.2+svn3283-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkyD+OcACgkQWgo5mup89a3l9gCbBlhp/AZDA7hNBjo14d/qeezh
f7AAniMTVJK+xQompzzf1Cm7Az/MaTbI
=UbtM
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 17 Oct 2010 07:38:38 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Tue Jul 16 11:26:56 2024;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.