Accepting request 932263 from Base:System

- Fix segfaults in newgrp and pwck
  * Add shadow-4.9-newgrp-segfault.patch 
    https://github.com/shadow-maint/shadow/pull/437
  * Add shadow-4.9-pwck-segfault.patch
    https://github.com/shadow-maint/shadow/pull/445

- Added hardening to systemd service(s) (bsc#1181400). Modified:
  * shadow.service

- shadow-util-linux.patch:
  * Remove the section patching lib/getdef.c in favor of the
    upstream FOREIGNDEFS.
  * Add LOGIN_KEEP_USERNAME to login.defs.
  * Remove PREVENT_NO_AUTH from login.defs. Only used by the
    unpackaged login and su.
- shadow-login_defs-unused-by-pam.patch:
  * Remove variables BCRYPT_MIN_ROUNDS, BCRYPT_MAX_ROUNDS,
    YESCRYPT_COST_FACTOR, not supported by the current
    configuratiton.
- Update login_defs-support-for-pam symbol to version 1.5.2
  (support for new variable HMAC_CRYPTO_ALGO).
- Update login_defs-support-for-util-linux to version 2.37
  (support for new variable LOGIN_KEEP_USERNAME).
- Refresh shadow-login_defs-comments.patch and
  shadow-login_defs-suse.patch.
- Improve shadow-login_defs-check.sh:
  * Add helper to import local new version in the parent dir.
  * Fix spec editing sed expression.
  * Add PREVENT_NO_AUTH to known unused variables.
  * Update pam sed expression to find HMAC_CRYPTO_ALGO.

OBS-URL: https://build.opensuse.org/request/show/932263
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shadow?expand=0&rev=45
This commit is contained in:
Dominique Leuenberger 2021-11-21 22:51:28 +00:00 committed by Git OBS Bridge
commit 6f9efa1aed
10 changed files with 205 additions and 89 deletions

View File

@ -0,0 +1,15 @@
https://github.com/shadow-maint/shadow/commit/497e90751bc0d95cc998b0f06305040563903948
Index: shadow-4.9/src/newgrp.c
===================================================================
--- shadow-4.9.orig/src/newgrp.c
+++ shadow-4.9/src/newgrp.c
@@ -163,8 +163,8 @@ static void check_perms (const struct gr
spwd = xgetspnam (pwd->pw_name);
if (NULL != spwd) {
pwd->pw_passwd = xstrdup (spwd->sp_pwdp);
+ spw_free (spwd);
}
- spw_free (spwd);
if ((pwd->pw_passwd[0] == '\0') && (grp->gr_passwd[0] != '\0')) {
needspasswd = true;

View File

@ -0,0 +1,14 @@
https://github.com/shadow-maint/shadow/commit/d8e54618feea201987c1f3cb402ed50d1d8b604f
Index: shadow-4.9/src/pwck.c
===================================================================
--- shadow-4.9.orig/src/pwck.c
+++ shadow-4.9/src/pwck.c
@@ -857,6 +857,7 @@ int main (int argc, char **argv)
* Get my name so that I can use it to report errors.
*/
Prog = Basename (argv[0]);
+ shadow_logfd = stderr;
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);

View File

@ -20,7 +20,18 @@ which osc >/dev/null
# Extract list of referenced variables. # Extract list of referenced variables.
if ! test -f openSUSE:Factory/util-linux/BUILD/*/configure.ac ; then if ! test -f openSUSE:Factory/util-linux/BUILD/*/configure.ac ; then
echo "Checking out util-linux..." echo "Checking out util-linux..."
if test -d ../util-linux ; then
echo -n "../util-linux found. Are you preparing new version? (y/N) "
read
if test "${REPLY:0:1}" = "y" ; then
mkdir -p openSUSE:Factory
cp -a ../util-linux openSUSE:Factory/
else
osc co openSUSE:Factory util-linux osc co openSUSE:Factory util-linux
fi
else
osc co openSUSE:Factory util-linux
fi
cd openSUSE:Factory/util-linux cd openSUSE:Factory/util-linux
quilt setup -d BUILD util-linux.spec quilt setup -d BUILD util-linux.spec
cd BUILD/* cd BUILD/*
@ -43,7 +54,18 @@ cd ../../../..
# Extract list of referenced variables. # Extract list of referenced variables.
if ! test -f openSUSE:Factory/pam/BUILD/*/configure.ac ; then if ! test -f openSUSE:Factory/pam/BUILD/*/configure.ac ; then
echo "Checking out pam..." echo "Checking out pam..."
if test -d ../pam ; then
echo -n "../pam found. Are you preparing new version? (y/N) "
read
if test "${REPLY:0:1}" = "y" ; then
mkdir -p openSUSE:Factory
cp -a ../pam openSUSE:Factory/
else
osc co openSUSE:Factory pam osc co openSUSE:Factory pam
fi
else
osc co openSUSE:Factory pam
fi
cd openSUSE:Factory/pam cd openSUSE:Factory/pam
quilt setup -d BUILD pam.spec quilt setup -d BUILD pam.spec
cd BUILD/* cd BUILD/*
@ -54,7 +76,7 @@ fi
echo "Extracting variables from pam..." echo "Extracting variables from pam..."
cd openSUSE:Factory/pam/BUILD/* cd openSUSE:Factory/pam/BUILD/*
grep -rh LOGIN_DEFS . | grep -rh LOGIN_DEFS . |
sed -n 's/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' | sed -n 's/CRYPTO_KEY/\"HMAC_CRYPTO_ALGO\"/g;s/^.*search_key *([A-Za-z_]*, *[A-Z_]*LOGIN_DEFS, *"\([A-Z0-9_]*\)").*$/\1/p' |
LC_ALL=C sort -u >../../../../shadow-login_defs-check-pam.lst LC_ALL=C sort -u >../../../../shadow-login_defs-check-pam.lst
cd ../../../.. cd ../../../..
@ -66,12 +88,24 @@ if ! test -f shadow-login_defs-check-build/stamp ; then
# In case of shadow, variables extraction is more complicated. The list # In case of shadow, variables extraction is more complicated. The list
# depends on configure options, so we have to perform a fake build and # depends on configure options, so we have to perform a fake build and
# extract variables from prepreocessed sources. # extract variables from prepreocessed sources.
sed -i '/^%make_build/i\_smp_mpflags="%{?_smp_mpflags} -k CPPFLAGS=\\"-E\\""' shadow.spec # sed -i '/^%make_build/i\_smp_mpflags="%{?_smp_mpflags} -k CPPFLAGS=\\"-E\\""' shadow.spec
sed -i 's/^%make_build/%make_build -k CPPFLAGS=\\"-E\\"/' shadow.spec
if cmp -s shadow.spec shadow.spec.shadow-login_defs-check-save ; then
echo "$0: Please fix sed expression modifying shadow.spec."
mv shadow.spec.shadow-login_defs-check-save shadow.spec
exit 1
fi
fi fi
osc build "$@" || : if osc build "$@" ; then
echo "This build command was expected to fail, but it succeeded."
echo "$0: Please fix sed expression modifying shadow.spec."
mv shadow.spec.shadow-login_defs-check-save shadow.spec
exit 1
else
echo "This build command was expected to fail." echo "This build command was expected to fail."
echo "" echo ""
fi
mv shadow.spec.shadow-login_defs-check-save shadow.spec mv shadow.spec.shadow-login_defs-check-save shadow.spec
BUILD_ROOT=$(osc lbl | sed -n 's/^.*Using BUILD_ROOT=//p') BUILD_ROOT=$(osc lbl | sed -n 's/^.*Using BUILD_ROOT=//p')
@ -167,6 +201,8 @@ function falsematch() {
FTMP_FILE ) return 0 ;; FTMP_FILE ) return 0 ;;
# ISSUE_FILE used by library call login_prompt() used only by login.c that is deleted in the spec. # ISSUE_FILE used by library call login_prompt() used only by login.c that is deleted in the spec.
ISSUE_FILE ) return 0 ;; ISSUE_FILE ) return 0 ;;
# PREVENT_NO_AUTH us used only by login.c and su.c that are deleted in the spec.
PREVENT_NO_AUTH ) return 0 ;;
* ) return 1 ;; * ) return 1 ;;
esac esac
} }
@ -242,7 +278,7 @@ echo "Change in shadow.spec:"
sed -n 's/^Version:[[:space:]]*/Provides: login_defs-support-for-util-linux = /p' <openSUSE\:Factory/util-linux/util-linux.spec sed -n 's/^Version:[[:space:]]*/Provides: login_defs-support-for-util-linux = /p' <openSUSE\:Factory/util-linux/util-linux.spec
echo " echo "
If you ported encryption_method_nis.patch to the new pam version, If you ported shadow-login_defs-unused-by-pam.patch to the new pam version,
please submit these updates: please submit these updates:
Change in pam.spec:" Change in pam.spec:"
sed -n 's/^Version:[[:space:]]*/Requires: login_defs-support-for-pam >= /p' <openSUSE\:Factory/pam/pam.spec sed -n 's/^Version:[[:space:]]*/Requires: login_defs-support-for-pam >= /p' <openSUSE\:Factory/pam/pam.spec

View File

@ -13,38 +13,6 @@ Index: etc/login.defs
# #
# Delay in seconds before being allowed another attempt after a login failure # Delay in seconds before being allowed another attempt after a login failure
@@ -23,15 +21,6 @@ LOG_UNKFAIL_ENAB no
#
#
-# Limit the highest user ID number for which the lastlog entries should
-# be updated.
-#
-# No LASTLOG_UID_MAX means that there is no user ID limit for writing
-# lastlog entries.
-#
-#LASTLOG_UID_MAX
-
-#
# Enable "syslog" logging of newgrp(1) and sg(1) activity - in addition
# to sulog file logging.
#
@@ -46,6 +35,15 @@ CONSOLE /etc/securetty
#CONSOLE console:tty01:tty02:tty03:tty04
#
+# Limit the highest user ID number for which the lastlog entries should
+# be updated.
+#
+# No LASTLOG_UID_MAX means that there is no user ID limit for writing
+# lastlog entries.
+#
+#LASTLOG_UID_MAX
+
+#
# If defined, all su(1) activity is logged to this file.
#
#SULOG_FILE /var/log/sulog
@@ -99,11 +97,14 @@ ENV_PATH /bin:/usr/bin @@ -99,11 +97,14 @@ ENV_PATH /bin:/usr/bin
ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin ENV_ROOTPATH /sbin:/bin:/usr/sbin:/usr/bin
#ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin #ENV_SUPATH /sbin:/bin:/usr/sbin:/usr/bin
@ -86,7 +54,7 @@ Index: etc/login.defs
GID_MIN 1000 GID_MIN 1000
GID_MAX 60000 GID_MAX 60000
# System accounts # System accounts
@@ -190,7 +201,6 @@ LOGIN_TIMEOUT 60 @@ -196,7 +207,6 @@ LOGIN_TIMEOUT 60
CHFN_RESTRICT rwh CHFN_RESTRICT rwh
# #
@ -94,7 +62,7 @@ Index: etc/login.defs
# If set to "yes", new passwords will be encrypted using the MD5-based # If set to "yes", new passwords will be encrypted using the MD5-based
# algorithm compatible with the one used by recent releases of FreeBSD. # algorithm compatible with the one used by recent releases of FreeBSD.
# It supports passwords of unlimited length and longer salt strings. # It supports passwords of unlimited length and longer salt strings.
@@ -205,7 +215,6 @@ CHFN_RESTRICT rwh @@ -211,7 +221,6 @@ CHFN_RESTRICT rwh
#MD5_CRYPT_ENAB no #MD5_CRYPT_ENAB no
# #

View File

@ -67,7 +67,7 @@ Index: etc/login.defs
# Default initial "umask" value used by login(1) on non-PAM enabled systems. # Default initial "umask" value used by login(1) on non-PAM enabled systems.
# Default "umask" value for pam_umask(8) on PAM enabled systems. # Default "umask" value for pam_umask(8) on PAM enabled systems.
@@ -125,7 +128,7 @@ @@ -133,7 +136,7 @@ UMASK 022
# HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new # HOME_MODE is used by useradd(8) and newusers(8) to set the mode for new
# home directories. # home directories.
# If HOME_MODE is not set, the value of UMASK is used to create the mode. # If HOME_MODE is not set, the value of UMASK is used to create the mode.
@ -106,8 +106,8 @@ Index: etc/login.defs
+LOGIN_RETRIES 3 +LOGIN_RETRIES 3
# #
# Max time in seconds for login(1) # Tell login to only re-prompt for the password if authentication
@@ -201,18 +204,9 @@ LOGIN_TIMEOUT 60 @@ -207,18 +210,9 @@ LOGIN_TIMEOUT 60
CHFN_RESTRICT rwh CHFN_RESTRICT rwh
# #
@ -128,7 +128,7 @@ Index: etc/login.defs
# #
# If set to MD5, MD5-based algorithm will be used for encrypting password # If set to MD5, MD5-based algorithm will be used for encrypting password
@@ -227,7 +221,7 @@ CHFN_RESTRICT rwh @@ -233,7 +227,7 @@ CHFN_RESTRICT rwh
# Note: If you use PAM, it is recommended to use a value consistent with # Note: If you use PAM, it is recommended to use a value consistent with
# the PAM modules configuration. # the PAM modules configuration.
# #
@ -137,7 +137,7 @@ Index: etc/login.defs
# #
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
@@ -325,7 +319,7 @@ USERDEL_POSTCMD /usr/sbin/userde @@ -303,7 +297,7 @@ USERDEL_POSTCMD /usr/sbin/userde
# #
# This also enables userdel(8) to remove user groups if no members exist. # This also enables userdel(8) to remove user groups if no members exist.
# #
@ -146,7 +146,7 @@ Index: etc/login.defs
# #
# If set to a non-zero number, the shadow utilities will make sure that # If set to a non-zero number, the shadow utilities will make sure that
@@ -344,7 +338,7 @@ USERGROUPS_ENAB yes @@ -322,7 +316,7 @@ USERGROUPS_ENAB yes
# This option is overridden with the -M or -m flags on the useradd(8) # This option is overridden with the -M or -m flags on the useradd(8)
# command-line. # command-line.
# #
@ -155,4 +155,3 @@ Index: etc/login.defs
# #
# Force use shadow, even if shadow passwd & shadow group files are # Force use shadow, even if shadow passwd & shadow group files are

View File

@ -1,6 +1,9 @@
Remove variables that are present in login.defs, but shadow with the Remove variables that are present in login.defs, but shadow with the
current configuration (e. g. with PAM) does not use them. current configuration (e. g. with PAM) does not use them.
It also includes variables used by the current configuration, but deleted
in the spec file.
shadow-login_defs-unused-check.sh makes possible to verify that it is shadow-login_defs-unused-check.sh makes possible to verify that it is
still up to date. still up to date.
@ -221,10 +224,38 @@ Index: etc/login.defs
# Only works if compiled with MD5_CRYPT defined: # Only works if compiled with MD5_CRYPT defined:
# If set to "yes", new passwords will be encrypted using the MD5-based # If set to "yes", new passwords will be encrypted using the MD5-based
# algorithm compatible with the one used by recent releases of FreeBSD. # algorithm compatible with the one used by recent releases of FreeBSD.
@@ -382,17 +252,6 @@ CHFN_RESTRICT rwh @@ -354,45 +224,6 @@ CHFN_RESTRICT rwh
#YESCRYPT_COST_FACTOR 5 #SHA_CRYPT_MAX_ROUNDS 5000
# #
-# Only works if ENCRYPT_METHOD is set to BCRYPT.
-#
-# Define the number of BCRYPT rounds.
-# With a lot of rounds, it is more difficult to brute-force the password.
-# However, more CPU resources will be needed to authenticate users if
-# this value is increased.
-#
-# If not specified, 13 rounds will be attempted.
-# If only one of the MIN or MAX values is set, then this value will be used.
-# If MIN > MAX, the highest value will be used.
-#
-#BCRYPT_MIN_ROUNDS 13
-#BCRYPT_MAX_ROUNDS 13
-
-#
-# Only works if ENCRYPT_METHOD is set to YESCRYPT.
-#
-# Define the YESCRYPT cost factor.
-# With a higher cost factor, it is more difficult to brute-force the password.
-# However, more CPU time and more memory will be needed to authenticate users
-# if this value is increased.
-#
-# If not specified, a cost factor of 5 will be used.
-# The value must be within the 1-11 range.
-#
-#YESCRYPT_COST_FACTOR 5
-
-#
-# List of groups to add to the user's supplementary group set -# List of groups to add to the user's supplementary group set
-# when logging in from the console (as determined by the CONSOLE -# when logging in from the console (as determined by the CONSOLE
-# setting). Default is none. -# setting). Default is none.
@ -239,7 +270,7 @@ Index: etc/login.defs
# Should login be allowed if we can't cd to the home directory? # Should login be allowed if we can't cd to the home directory?
# Default is no. # Default is no.
# #
@@ -407,12 +266,6 @@ DEFAULT_HOME yes @@ -407,12 +238,6 @@ DEFAULT_HOME yes
NONEXISTENT /nonexistent NONEXISTENT /nonexistent
# #

View File

@ -109,39 +109,32 @@ Index: etc/login.defs
# Default initial "umask" value used by login(1) on non-PAM enabled systems. # Default initial "umask" value used by login(1) on non-PAM enabled systems.
# Default "umask" value for pam_umask(8) on PAM enabled systems. # Default "umask" value for pam_umask(8) on PAM enabled systems.
# UMASK is also used by useradd(8) and newusers(8) to set the mode for new # UMASK is also used by useradd(8) and newusers(8) to set the mode for new
Index: lib/getdef.c @@ -163,6 +177,12 @@ SUB_GID_COUNT 65536
=================================================================== LOGIN_RETRIES 5
--- lib/getdef.c.orig
+++ lib/getdef.c
@@ -67,6 +67,7 @@ struct itemdef {
{"LOGIN_STRING", NULL}, \
{"MAIL_CHECK_ENAB", NULL}, \
{"MOTD_FILE", NULL}, \
+ {"MOTD_FIRSTONLY", NULL}, \
{"NOLOGINS_FILE", NULL}, \
{"OBSCURE_CHECKS_ENAB", NULL}, \
{"PASS_ALWAYS_WARN", NULL}, \
@@ -91,6 +92,7 @@ struct itemdef {
#define NUMDEFS (sizeof(def_table)/sizeof(def_table[0])) #
static struct itemdef def_table[] = { +# Tell login to only re-prompt for the password if authentication
+ {"ALWAYS_SET_PATH", NULL}, +# failed, but the username is valid. The default value is no.
{"CHARACTER_CLASS", NULL}, +#
{"CHFN_RESTRICT", NULL}, +LOGIN_KEEP_USERNAME no
{"CONSOLE_GROUPS", NULL}, +
@@ -99,6 +101,7 @@ static struct itemdef def_table[] = { +#
{"DEFAULT_HOME", NULL}, # Max time in seconds for login(1)
{"ENCRYPT_METHOD", NULL}, #
{"ENV_PATH", NULL}, LOGIN_TIMEOUT 60
+ {"ENV_ROOTPATH", NULL}, @@ -315,15 +335,6 @@ CHARACTER_CLASS [ABCDEFGHIJKLMNO
{"ENV_SUPATH", NULL}, #GRANT_AUX_GROUP_SUBIDS yes
{"ERASECHAR", NULL},
{"FAIL_DELAY", NULL}, #
@@ -110,6 +113,7 @@ static struct itemdef def_table[] = { -# Prevents an empty password field to be interpreted as "no authentication
{"KILLCHAR", NULL}, -# required".
{"LASTLOG_UID_MAX", NULL}, -# Set to "yes" to prevent for all accounts
{"LOGIN_RETRIES", NULL}, -# Set to "superuser" to prevent for UID 0 / root (default)
+ {"LOGIN_PLAIN_PROMPT", NULL}, -# Set to "no" to not prevent for any account (dangerous, historical default)
{"LOGIN_TIMEOUT", NULL}, -
{"LOG_OK_LOGINS", NULL}, -PREVENT_NO_AUTH superuser
{"LOG_UNKFAIL_ENAB", NULL}, -
-#
# Select the HMAC cryptography algorithm.
# Used in pam_timestamp module to calculate the keyed-hash message
# authentication code.

View File

@ -1,3 +1,44 @@
-------------------------------------------------------------------
Thu Nov 18 13:46:03 UTC 2021 - Michael Vetter <mvetter@suse.com>
- Fix segfaults in newgrp and pwck
* Add shadow-4.9-newgrp-segfault.patch
https://github.com/shadow-maint/shadow/pull/437
* Add shadow-4.9-pwck-segfault.patch
https://github.com/shadow-maint/shadow/pull/445
-------------------------------------------------------------------
Tue Nov 16 15:58:46 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Modified:
* shadow.service
-------------------------------------------------------------------
Tue Nov 9 01:39:44 UTC 2021 - Stanislav Brabec <sbrabec@suse.com>
- shadow-util-linux.patch:
* Remove the section patching lib/getdef.c in favor of the
upstream FOREIGNDEFS.
* Add LOGIN_KEEP_USERNAME to login.defs.
* Remove PREVENT_NO_AUTH from login.defs. Only used by the
unpackaged login and su.
- shadow-login_defs-unused-by-pam.patch:
* Remove variables BCRYPT_MIN_ROUNDS, BCRYPT_MAX_ROUNDS,
YESCRYPT_COST_FACTOR, not supported by the current
configuratiton.
- Update login_defs-support-for-pam symbol to version 1.5.2
(support for new variable HMAC_CRYPTO_ALGO).
- Update login_defs-support-for-util-linux to version 2.37
(support for new variable LOGIN_KEEP_USERNAME).
- Refresh shadow-login_defs-comments.patch and
shadow-login_defs-suse.patch.
- Improve shadow-login_defs-check.sh:
* Add helper to import local new version in the parent dir.
* Fix spec editing sed expression.
* Add PREVENT_NO_AUTH to known unused variables.
* Update pam sed expression to find HMAC_CRYPTO_ALGO.
* Add more sanity checks.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Sep 20 09:43:41 UTC 2021 - Michael Vetter <mvetter@suse.com> Mon Sep 20 09:43:41 UTC 2021 - Michael Vetter <mvetter@suse.com>

View File

@ -2,6 +2,19 @@
Description=Verify integrity of password and group files Description=Verify integrity of password and group files
[Service] [Service]
# added automatically, for details please see
# https://en.opensuse.org/openSUSE:Security_Features#Systemd_hardening_effort
ProtectSystem=full
ProtectHome=read-only
PrivateDevices=true
ProtectHostname=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
RestrictRealtime=true
# end of automatic additions
Type=oneshot Type=oneshot
ExecStart=/usr/sbin/pwck -r ExecStart=/usr/sbin/pwck -r
ExecStart=/usr/sbin/grpck -r ExecStart=/usr/sbin/grpck -r

View File

@ -71,6 +71,10 @@ Patch13: shadow-passwd-handle-null.patch
Patch14: shadow-4.9-sgent-free.patch Patch14: shadow-4.9-sgent-free.patch
# PATCH-FIX-UPSTREAM shadow-4.9-useradd-subuid.patch mvetter@suse.de -- Fix generating empty subid range and undeclared subid_count (boo#1190146) # PATCH-FIX-UPSTREAM shadow-4.9-useradd-subuid.patch mvetter@suse.de -- Fix generating empty subid range and undeclared subid_count (boo#1190146)
Patch15: shadow-4.9-useradd-subuid.patch Patch15: shadow-4.9-useradd-subuid.patch
# PATCH-FIX-UPSTREAM shadow-4.9-newgrp-segfault.patch mvetter@suse.de -- Fix segfault in newgrp (gh#437)
Patch16: shadow-4.9-newgrp-segfault.patch
# PATCH-FIX-UPSTREAM shadow-4.9-pwck-segfault.patch mvetter@suse.de -- Fix segfault in pwck (gh#445)
Patch17: shadow-4.9-pwck-segfault.patch
BuildRequires: audit-devel > 2.3 BuildRequires: audit-devel > 2.3
BuildRequires: autoconf BuildRequires: autoconf
BuildRequires: automake BuildRequires: automake
@ -107,8 +111,8 @@ Summary: The login.defs configuration file
# encryption_method_nis.patch has to be ported! # encryption_method_nis.patch has to be ported!
# Call shadow-login_defs-check.sh before! # Call shadow-login_defs-check.sh before!
Group: System/Base Group: System/Base
Provides: login_defs-support-for-pam = 1.3.1 Provides: login_defs-support-for-pam = 1.5.2
Provides: login_defs-support-for-util-linux = 2.36 Provides: login_defs-support-for-util-linux = 2.37
BuildArch: noarch BuildArch: noarch
%description -n login_defs %description -n login_defs
@ -150,6 +154,8 @@ Development files for libsubid3.
%patch13 -p1 %patch13 -p1
%patch14 -p1 %patch14 -p1
%patch15 -p1 %patch15 -p1
%patch16 -p1
%patch17 -p1
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
mv -v doc/HOWTO.utf8 doc/HOWTO mv -v doc/HOWTO.utf8 doc/HOWTO