Release 4.19.0

Breaking changes:

-  Remove support for escaped newlines in configuration files.
   It never worked correctly.
-  Some user names and group names are too dangerous and are rejected,
   even with --badname.

Future breaking changes:

-  SHA512 and SHA256 will be supported unconditionally in the next
   release.  The build-time flag '--with-sha-crypt' will be removed.
   See <shadow-maint#1452>.

Deprecations:

-  groupmems(8)
	The program will be removed in a future release.
	See <shadow-maint#1343>.

-  logoutd(8)
	The program will be removed in the next release.
	See <shadow-maint#999>,
	and <shadow-maint#1344>.

-  login.defs(5): MD_CRYPT_ENAB
	This feature had been deprecated for decades.  It will be
	removed in a future release.
	The command-line equivalents (-m, --md5) of this feature in
	chpasswd(8) and chgpasswd(8) will also be removed in a future
	release.
	See <shadow-maint#1455>.

-  DES
	This hashing algorithm has been deprecated for a long time,
	and support for it will be removed in a future release.
	See <shadow-maint#1456>

-  MD5
	This hashing algorithm has been deprecated for a long time,
	and support for it will be removed in a future release.
	See <shadow-maint#1457>

-  Password aging
	The ability to periodically expire passwords is detrimental to
	safety, and will be removed eventually.  See also:
	<shadow-maint#1432>
	<https://people.scs.carleton.ca/~paulv/papers/expiration-authorcopy.pdf>
	<https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver>
	<https://pages.nist.gov/800-63-FAQ/#q-b05>
	<https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry>

	This deprecation includes the following programs and features:

	expiry(1)
	chage(1):
		-I,--inactive (also the interactive version)
		-m,--mindays (also the interactive version)
		-M,--maxdays (also the interactive version)
		-W,--warndays (also the interactive version)
	passwd(1):
		-k,--keep-tokens
		-n,--mindays
		-x,--maxdays
		-i,--inactive
		-w,--warndays
	useradd(8):
		-f,--inactive
	usermod(8):
		-f,--inactive
	login.defs(5):
		PASS_MIN_DAYS
		PASS_MAX_DAYS
		PASS_WARN_AGE
	/etc/default/useradd:
		INACTIVE
	shadow(5):
		sp_lstchg: Restrict to just the values 0 and empty.
		sp_min
		sp_max
		sp_warn
		sp_inact

	Because removing all of these suddently would be too disruptive
	(mainly, because of contracts in regulated environments, with
	 contracts that enforce outdated policies), we'll continue
	providing most of these features for a relatively long time.
	However, you should consider not using them, and if it doesn't
	depend on you, you should consider contacting whoever is
	responsible for it.  We'll eventually and gradually remove them.

Signed-off-by: Alejandro Colomar <alx@kernel.org>

Author: alejandro-colomar

configure.ac

@@ -5,7 +5,7 @@ m4_define([libsubid_abi_minor], [0])
 m4_define([libsubid_abi_micro], [0])
 m4_define([libsubid_abi], [libsubid_abi_major.libsubid_abi_minor.libsubid_abi_micro])
 
-AC_INIT([shadow], [4.19.0-rc1], [pkg-shadow-devel@lists.alioth.debian.org], [],
+AC_INIT([shadow], [4.19.0], [pkg-shadow-devel@lists.alioth.debian.org], [],
 	[https://github.com/shadow-maint/shadow])
 AC_CONFIG_MACRO_DIRS([m4])
 AC_CONFIG_AUX_DIR([build-aux])