From c96363b066f767899110e9eb4efd81dffbfda750 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 11 Mar 2025 08:12:00 +0000 Subject: [PATCH] import CS shadow-utils-4.9-12.el9 --- SOURCES/shadow-4.9-disable-sssd.patch | 12 +++++++++++ SOURCES/shadow-4.9-salt-remove-rounds.patch | 24 +++++++++++++++++++++ SPECS/shadow-utils.spec | 14 +++++++++++- 3 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 SOURCES/shadow-4.9-disable-sssd.patch create mode 100644 SOURCES/shadow-4.9-salt-remove-rounds.patch diff --git a/SOURCES/shadow-4.9-disable-sssd.patch b/SOURCES/shadow-4.9-disable-sssd.patch new file mode 100644 index 0000000..74e1124 --- /dev/null +++ b/SOURCES/shadow-4.9-disable-sssd.patch @@ -0,0 +1,12 @@ +diff -up shadow-4.9/lib/sssd.c.disable-sssd shadow-4.9/lib/sssd.c +--- shadow-4.9/lib/sssd.c.disable-sssd 2024-09-13 10:28:17.144473113 +0200 ++++ shadow-4.9/lib/sssd.c 2024-09-13 10:29:07.135621104 +0200 +@@ -16,7 +16,7 @@ + int sssd_flush_cache (int dbflags) + { + int status, code, rv; +- const char *cmd = "/usr/sbin/sss_cache"; ++ const char *cmd = "/usr/sbin/sss_cache_shadow_utils"; + char *sss_cache_args = NULL; + const char *spawnedArgs[] = {"sss_cache", NULL, NULL}; + const char *spawnedEnv[] = {NULL}; diff --git a/SOURCES/shadow-4.9-salt-remove-rounds.patch b/SOURCES/shadow-4.9-salt-remove-rounds.patch new file mode 100644 index 0000000..eca3de9 --- /dev/null +++ b/SOURCES/shadow-4.9-salt-remove-rounds.patch @@ -0,0 +1,24 @@ +diff --git a/libmisc/salt.c b/libmisc/salt.c +index efef4e59..823b093d 100644 +--- a/libmisc/salt.c ++++ b/libmisc/salt.c +@@ -439,6 +439,19 @@ static /*@observer@*/const char *gensalt (size_t salt_size) + exit (1); + } + ++ char *pos = strstr(retval, "$rounds="); ++ if (pos != NULL) { ++ char str[128]; ++ int len; ++ int ret; ++ ++ ret = sprintf(str, "%lu", rounds); ++ if (ret > 0) { ++ len = strlen("$rounds=") + strlen(str); ++ memmove(pos, pos + len, strlen(pos + len) + 1); ++ } ++ } ++ + return retval; + #else /* USE_XCRYPT_GENSALT */ + /* Check if the result buffer is long enough. */ diff --git a/SPECS/shadow-utils.spec b/SPECS/shadow-utils.spec index 66fbdc6..243ecc0 100644 --- a/SPECS/shadow-utils.spec +++ b/SPECS/shadow-utils.spec @@ -1,7 +1,7 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils Version: 4.9 -Release: 9%{?dist} +Release: 12%{?dist} Epoch: 2 License: BSD and GPLv2+ URL: https://github.com/shadow-maint/shadow @@ -80,6 +80,10 @@ Patch28: shadow-4.9-useradd-check-if-subid-range-exists.patch Patch29: shadow-4.9-skip-over-reserved-ids.patch # https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904 Patch30: shadow-4.9-gpasswd-fix-password-leak.patch +# Downstream only patch +Patch31: shadow-4.9-disable-sssd.patch +# Downstream only patch +Patch32: shadow-4.9-salt-remove-rounds.patch ### Dependencies ### Requires: audit-libs >= 1.6.5 @@ -171,6 +175,8 @@ Development files for shadow-utils-subid. %patch28 -p1 -b .useradd-check-if-subid-range-exists %patch29 -p1 -b .skip-over-reserved-ids %patch30 -p1 -b .gpasswd-fix-password-leak +%patch31 -p1 -b .disable-sssd +%patch32 -p1 -b .salt-remove-rounds iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 cp -f doc/HOWTO.utf8 doc/HOWTO @@ -341,6 +347,12 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la %{_libdir}/libsubid.so %changelog +* Mon Nov 4 2024 Iker Pedrosa - 2:4.9-12 +- salt: remove rounds from salt string. Resolves: RHEL-58978 + +* Fri Sep 13 2024 Iker Pedrosa - 2:4.9-10 +- Disable sssd integration by default. Resolves: RHEL-56352 + * Wed Jul 3 2024 Iker Pedrosa - 2:4.9-9 - login.defs: Update SHA_CRYPT_MAX_ROUNDS from 5000 to 100000. Resolves: RHEL-40195