import UBI shadow-utils-4.6-22.el8

This commit is contained in:
eabdullin 2024-05-22 13:19:44 +00:00
parent 0860cf4d83
commit f918213805
3 changed files with 41 additions and 2 deletions

View File

@ -0,0 +1,15 @@
diff --git a/libmisc/salt.c b/libmisc/salt.c
index c72447ea..4940d76e 100644
--- a/libmisc/salt.c
+++ b/libmisc/salt.c
@@ -248,6 +248,10 @@ static /*@observer@*/const char *gensalt (size_t salt_size)
result[0] = '\0';
}
+ if (strstr(result, "rounds=") != NULL) {
+ result[3] = '\0';
+ }
+
/*
* Concatenate a pseudo random salt.
*/

View File

@ -77,6 +77,22 @@ CREATE_HOME yes
#
USERGROUPS_ENAB yes
# Use SHA512 to encrypt password.
#
# If set to SHA256, SHA256-based algorithm will be used for encrypting password
# If set to SHA512, SHA512-based algorithm will be used for encrypting password
# If set to BCRYPT, BCRYPT-based algorithm will be used for encrypting password
#
ENCRYPT_METHOD SHA512
#
# Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
#
# Define the number of SHA rounds.
# With a lot of rounds, it is more difficult to brute-force the password.
# However, more CPU resources will be needed to authenticate users if
# this value is increased.
#
# The values must be within the 1000-999999999 range.
#
SHA_CRYPT_MAX_ROUNDS 5000

View File

@ -1,7 +1,7 @@
Summary: Utilities for managing accounts and shadow password files
Name: shadow-utils
Version: 4.6
Release: 19%{?dist}
Release: 22%{?dist}
Epoch: 2
URL: http://pkg-shadow.alioth.debian.org/
Source0: https://github.com/shadow-maint/shadow/releases/download/v%{version}/shadow-%{version}.tar.xz
@ -100,6 +100,7 @@ Patch65: shadow-4.6-useradd-check-if-subid-range-exists.patch
Patch66: shadow-4.6-skip-over-reserved-ids.patch
# https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904
Patch67: shadow-4.6-gpasswd-fix-password-leak.patch
Patch68: shadow-4.6-salt-remove-rounds.patch
License: BSD and GPLv2+
Group: System Environment/Base
@ -203,6 +204,7 @@ Development files for shadow-utils-subid.
%patch65 -p1 -b .useradd-check-if-subid-range-exists
%patch66 -p1 -b .skip-over-reserved-ids
%patch67 -p1 -b .gpasswd-fix-password-leak
%patch68 -p1 -b .salt-remove-rounds
iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8
cp -f doc/HOWTO.utf8 doc/HOWTO
@ -373,6 +375,12 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
%{_libdir}/libsubid.so
%changelog
* Tue Nov 21 2023 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-22
- salt: remove rounds from salt string. Resolves: RHEL-16668
* Thu Nov 2 2023 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-21
- login.defs: include SHA_CRYPT_MAX_ROUNDS. Resolves: RHEL-15024
* Wed Jul 12 2023 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.6-19
- gpasswd: fix password leak. Resolves: #2215947