From 477b858b570c28ab90df4e0163e3cdfa32eaf85d27925e99d28e98e5703ae8db Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Tue, 20 Aug 2019 13:09:49 +0000 Subject: [PATCH 1/2] Accepting request 724580 from home:kukuk:branches:Base:System - encryption_method_nis.patch: drop, DES should really not be used anymore anywhere, even with NIS - shadow-login_defs-suse.patch: remove encryption NIS entry OBS-URL: https://build.opensuse.org/request/show/724580 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=76 --- encryption_method_nis.patch | 32 -------------------------------- shadow-login_defs-suse.patch | 6 ++---- shadow.changes | 7 +++++++ shadow.spec | 3 --- 4 files changed, 9 insertions(+), 39 deletions(-) delete mode 100644 encryption_method_nis.patch diff --git a/encryption_method_nis.patch b/encryption_method_nis.patch deleted file mode 100644 index 8235523..0000000 --- a/encryption_method_nis.patch +++ /dev/null @@ -1,32 +0,0 @@ -Add support for ENCRYPT_METHOD_NIS used by pam: modules/pam_unix/pam_unix_passwd.c. - -Index: lib/getdef.c -=================================================================== ---- lib/getdef.c.orig -+++ lib/getdef.c -@@ -85,6 +85,7 @@ static struct itemdef def_table[] = { - {"CREATE_HOME", NULL}, - {"DEFAULT_HOME", NULL}, - {"ENCRYPT_METHOD", NULL}, -+ {"ENCRYPT_METHOD_NIS", NULL}, - {"ENV_PATH", NULL}, - {"ENV_ROOTPATH", NULL}, - {"ENV_SUPATH", NULL}, -Index: etc/login.defs -=================================================================== ---- etc/login.defs.orig -+++ etc/login.defs -@@ -187,10 +187,13 @@ CHFN_RESTRICT rwh - # If set to DES, DES-based algorithm will be used for encrypting password (default) - # Overrides the MD5_CRYPT_ENAB option - # -+# ENCRYPT_METHOD_NIS is used by pam_unix_passwd.so. -+# - # Note: If you use PAM, it is recommended to use a value consistent with - # the PAM modules configuration. - # - #ENCRYPT_METHOD DES -+#ENCRYPT_METHOD_NIS DES - - # - # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. diff --git a/shadow-login_defs-suse.patch b/shadow-login_defs-suse.patch index 961c3a5..1ef095b 100644 --- a/shadow-login_defs-suse.patch +++ b/shadow-login_defs-suse.patch @@ -118,18 +118,16 @@ Index: etc/login.defs # # If set to MD5, MD5-based algorithm will be used for encrypting password -@@ -210,8 +203,8 @@ CHFN_RESTRICT rwh +@@ -210,7 +203,7 @@ CHFN_RESTRICT rwh # Note: If you use PAM, it is recommended to use a value consistent with # the PAM modules configuration. # -#ENCRYPT_METHOD DES --#ENCRYPT_METHOD_NIS DES +ENCRYPT_METHOD SHA512 -+ENCRYPT_METHOD_NIS DES # # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512. -@@ -272,7 +265,7 @@ USERDEL_POSTCMD /usr/sbin/userde +@@ -268,7 +261,7 @@ USERDEL_POSTCMD /usr/sbin/userde # # This also enables userdel(8) to remove user groups if no members exist. # diff --git a/shadow.changes b/shadow.changes index 67f8157..8a877a7 100644 --- a/shadow.changes +++ b/shadow.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Aug 19 14:50:02 CEST 2019 - kukuk@suse.de + +- encryption_method_nis.patch: drop, DES should really not be used + anymore anywhere, even with NIS +- shadow-login_defs-suse.patch: remove encryption NIS entry + ------------------------------------------------------------------- Fri Jul 26 23:44:56 CEST 2019 - sbrabec@suse.com diff --git a/shadow.spec b/shadow.spec index f3ca36e..d79b801 100644 --- a/shadow.spec +++ b/shadow.spec @@ -51,8 +51,6 @@ Patch5: shadow-util-linux.patch Patch6: shadow-4.1.5.1-userdel-helpfix.patch # PATCH-FIX-FEDORA shadow-4.1.5.1-logmsg.patch kukuk@suse.com -- Fix error message. Patch7: shadow-4.1.5.1-logmsg.patch -# PATCH-FEATURE-SUSE encryption_method_nis.patch kukuk@suse.com -- Add support for ENCRYPT_METHOD_NIS used by SUSE patch in pam (pam_unix). -Patch10: encryption_method_nis.patch # PATCH-FEATURE-SUSE shadow-login_defs-comments.patch kukuk@suse.com -- Adjust login.defs comments. Patch13: shadow-login_defs-comments.patch # PATCH-FEATURE-SUSE shadow-login_defs-suse.patch kukuk@suse.com -- Customize login.defs. @@ -101,7 +99,6 @@ group accounts. %patch5 %patch6 %patch7 -%patch10 %patch13 %patch14 %if 0%{?suse_version} < 1330 From 2d8b6fc0242133ffd3e9266c18cd1b8cceaf9b97a6914959e7b0b93dabb56dae Mon Sep 17 00:00:00 2001 From: Michael Vetter Date: Tue, 3 Sep 2019 11:21:48 +0000 Subject: [PATCH 2/2] Accepting request 727985 from home:jubalh:branches:Base:System - bsc#1144060: Add pam_keyinit.so to /etc/pam.d configuration files to support kernel keyring feature - Update pamd.tar.bz2 with pam configuration files accordingly OBS-URL: https://build.opensuse.org/request/show/727985 OBS-URL: https://build.opensuse.org/package/show/Base:System/shadow?expand=0&rev=77 --- pamd.tar.bz2 | 4 ++-- shadow.changes | 7 +++++++ shadow.spec | 2 +- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/pamd.tar.bz2 b/pamd.tar.bz2 index 8fbae20..7730a16 100644 --- a/pamd.tar.bz2 +++ b/pamd.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:51dc6651d0c5abcc777db007b1dadfb8a5a1f2d7985e3cb93a24de91753eb1b4 -size 577 +oid sha256:10fe7f75c4b15b7588edd846e01c8093fcd1dd53cc6c40f9f39c9c64a6d92b1d +size 908 diff --git a/shadow.changes b/shadow.changes index 8a877a7..604d122 100644 --- a/shadow.changes +++ b/shadow.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Sep 2 11:12:59 UTC 2019 - mvetter@suse.com + +- bsc#1144060: Add pam_keyinit.so to /etc/pam.d configuration files + to support kernel keyring feature +- Update pamd.tar.bz2 with pam configuration files accordingly + ------------------------------------------------------------------- Mon Aug 19 14:50:02 CEST 2019 - kukuk@suse.de diff --git a/shadow.spec b/shadow.spec index d79b801..2b8757c 100644 --- a/shadow.spec +++ b/shadow.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ #