From: Arkadiusz Miśkiewicz Date: Thu, 9 Mar 2023 12:15:24 +0000 (+0100) Subject: Rel 9; don't force password change if using weaker pass hashes X-Git-Tag: auto/th/pam-1.4.0-9 X-Git-Url: http://git.pld-linux.org/gitweb.cgi?a=commitdiff_plain;h=4691b922051424d8578b3b7165639866576670b6;p=packages%2Fpam.git Rel 9; don't force password change if using weaker pass hashes --- diff --git a/no-force-pass-change.patch b/no-force-pass-change.patch new file mode 100644 index 0000000..989ca9c --- /dev/null +++ b/no-force-pass-change.patch @@ -0,0 +1,11 @@ +--- Linux-PAM-1.4.0/modules/pam_unix/passverify.c~ 2020-06-08 12:17:27.000000000 +0200 ++++ Linux-PAM-1.4.0/modules/pam_unix/passverify.c 2023-03-09 13:12:17.643235815 +0100 +@@ -289,7 +289,7 @@ PAMH_ARG_DECL(int check_shadow_expiry, + D(("account expired")); + return PAM_ACCT_EXPIRED; + } +-#if defined(CRYPT_CHECKSALT_AVAILABLE) && CRYPT_CHECKSALT_AVAILABLE ++#if 0 && defined(CRYPT_CHECKSALT_AVAILABLE) && CRYPT_CHECKSALT_AVAILABLE + if (spent->sp_lstchg == 0 || + crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_METHOD_LEGACY || + crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_TOO_CHEAP) { diff --git a/pam.spec b/pam.spec index f9427dc..473268f 100644 --- a/pam.spec +++ b/pam.spec @@ -25,7 +25,7 @@ Summary(tr.UTF-8): Modüler, artımsal doğrulama birimleri Summary(uk.UTF-8): Інструмент, що забезпечує аутентифікацію для програм Name: pam Version: 1.4.0 -Release: 8 +Release: 9 Epoch: 1 # The library is BSD licensed with option to relicense as GPLv2+ # - this option is redundant as the BSD license allows that anyway. @@ -51,6 +51,7 @@ Patch3: %{name}-mkhomedir-notfound.patch Patch4: %{name}-db-gdbm.patch Patch5: %{name}-exec-failok.patch Patch6: pam_console_pam_tty.patch +Patch7: no-force-pass-change.patch URL: http://www.linux-pam.org/ %{?with_audit:BuildRequires: audit-libs-devel >= 1.6.9} BuildRequires: autoconf >= 2.61 @@ -297,6 +298,7 @@ danych GDBM. %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 %build %{__libtoolize}