diff -u liboobs-2.22.0/debian/control liboobs-2.22.0/debian/control
--- liboobs-2.22.0/debian/control
+++ liboobs-2.22.0/debian/control
@@ -1,8 +1,9 @@
 Source: liboobs
 Section: libs
 Priority: optional
-Maintainer: Loic Minier <lool@dooz.org>
-Uploaders: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>, Josselin Mouette <joss@debian.org>
+Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Loic Minier <lool@dooz.org>
+Uploaders: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org>, Josselin Mouette <joss@debian.org>, Loic Minier <lool@dooz.org>
 Build-Depends: cdbs,
         debhelper (>= 5),
         system-tools-backends-dev (>= 2.5.4),
diff -u liboobs-2.22.0/debian/changelog liboobs-2.22.0/debian/changelog
--- liboobs-2.22.0/debian/changelog
+++ liboobs-2.22.0/debian/changelog
@@ -1,3 +1,11 @@
+liboobs (2.22.0-1ubuntu1) jaunty; urgency=low
+
+  * First pass at using shadow package to do password hashing (LP: #51551).
+    - Add debian/patches/use-chpasswd.patch.
+    - debian/control: add versioned Depend on passwd with "chpasswd -S".
+
+ -- Kees Cook <kees@ubuntu.com>  Tue, 25 Nov 2008 09:51:52 -0800
+
 liboobs (2.22.0-1) unstable; urgency=low
 
   * New upstream release.
diff -u liboobs-2.22.0/debian/control.in liboobs-2.22.0/debian/control.in
--- liboobs-2.22.0/debian/control.in
+++ liboobs-2.22.0/debian/control.in
@@ -1,7 +1,8 @@
 Source: liboobs
 Section: libs
 Priority: optional
-Maintainer: Loic Minier <lool@dooz.org>
+Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss@lists.ubuntu.com>
+XSBC-Original-Maintainer: Loic Minier <lool@dooz.org>
 Uploaders: @GNOME_TEAM@
 Build-Depends: cdbs,
         debhelper (>= 5),
only in patch2:
unchanged:
--- liboobs-2.22.0.orig/debian/patches/use-chpasswd.patch
+++ liboobs-2.22.0/debian/patches/use-chpasswd.patch
@@ -0,0 +1,121 @@
+diff -Nur -x '*.orig' -x '*~' liboobs-2.22.0/oobs/oobs-user.c liboobs-2.22.0.new/oobs/oobs-user.c
+--- liboobs-2.22.0/oobs/oobs-user.c	2008-01-02 06:23:56.000000000 -0800
++++ liboobs-2.22.0.new/oobs/oobs-user.c	2008-11-25 10:48:49.000000000 -0800
+@@ -20,6 +20,7 @@
+ 
+ #include <glib-object.h>
+ #include <sys/types.h>
++#include <stdio.h>
+ #include <unistd.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -205,6 +206,73 @@
+   user->_priv         = priv;
+ }
+ 
++static gchar *
++oobs_get_hashed_password (const gchar *plain)
++{
++  gboolean ok;
++  gchar *hashed = NULL;
++  gchar output[512];
++  gchar *args[3];
++  args[0] = "/usr/sbin/chpasswd";
++  args[1] = "-S";
++  args[2] = NULL;
++
++  GPid child_pid;
++  gint child_stdin;
++  gint child_stdout;
++  GError *error = NULL;
++
++  ok = g_spawn_async_with_pipes ("/", args, NULL, 0,
++                                 NULL, NULL, &child_pid,
++                                 &child_stdin, &child_stdout, NULL,
++                                 &error);
++  if (!ok) {
++    /* Is there no way to return errors to top-level?? */
++    if (error) g_error_free (error);
++    return NULL;
++  }
++
++  FILE *sender = fdopen (child_stdin, "a");
++  if (!sender) {
++    /* fdopen didn't take over fd, so we close it ourselves */
++    close (child_stdin);
++    goto child_shutdown;
++  }
++  FILE *reader = fdopen (child_stdout, "r");
++  if (!reader) {
++    /* fdopen didn't take over fd, so we close it ourselves */
++    close (child_stdout);
++    fclose (sender);
++    goto child_shutdown;
++  }
++
++  /* send plaintext password */
++  int sent = fprintf (sender, "NULL:%s\n", plain);
++  fclose (sender);
++
++  /* read response */
++  if (sent > 0 && !fgets (output, sizeof (output), reader)) {
++    /* failed to read */
++    output[0] = '\0';
++  }
++  fclose (reader);
++
++  /* truncate newline */
++  hashed = strchr (output, '\n');
++  if (hashed) *hashed = '\0';
++
++  /* locate and dup past separator */
++  hashed = strchr (output, ':');
++  if (!hashed) goto child_shutdown;
++  hashed++;
++  hashed = g_strdup (hashed);
++
++child_shutdown:
++  g_spawn_close_pid (child_pid);
++
++  return hashed;
++}
++
+ static void
+ oobs_user_set_property (GObject      *object,
+ 			guint         prop_id,
+@@ -213,8 +281,6 @@
+ {
+   OobsUser *user;
+   OobsUserPrivate *priv;
+-  gboolean use_md5;
+-  gchar *salt, *str;
+ 
+   g_return_if_fail (OOBS_IS_USER (object));
+ 
+@@ -229,23 +295,9 @@
+       break;
+     case PROP_PASSWORD:
+       g_free (priv->password);
+-      g_object_get (priv->config, "use-md5", &use_md5, NULL);
+-
+-      if (use_md5)
+-	{
+-	  salt = utils_get_random_string (5);
+-	  str = g_strdup_printf ("$1$%s", salt);
+-	  priv->password = g_strdup ((gchar *) crypt (g_value_get_string (value), str));
+-
+-	  g_free (str);
+-	}
+-      else
+-	{
+-	  salt = utils_get_random_string (2);
+-	  priv->password = g_strdup ((gchar *) crypt (g_value_get_string (value), salt));
+-	}
+-
+-      g_free (salt);
++      priv->password = oobs_get_hashed_password (g_value_get_string (value));
++      /* return a locked password on failure. */
++      if (!priv->password) priv->password = g_strdup ("!");
+       break;
+     case PROP_CRYPTED_PASSWORD:
+       g_free (priv->password);