[packages/pam] Rel 9; don't force password change if using weaker pass hashes

arekm arekm at pld-linux.org
Thu Mar 9 13:15:37 CET 2023 

commit 4691b922051424d8578b3b7165639866576670b6
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Thu Mar 9 13:15:24 2023 +0100

    Rel 9; don't force password change if using weaker pass hashes

 no-force-pass-change.patch | 11 +++++++++++
 pam.spec                   |  4 +++-
 2 files changed, 14 insertions(+), 1 deletion(-)
---
diff --git a/pam.spec b/pam.spec
index f9427dc..473268f 100644
--- a/pam.spec
+++ b/pam.spec
@@ -25,7 +25,7 @@ Summary(tr.UTF-8):	Modüler, artımsal doğrulama birimleri
 Summary(uk.UTF-8):	Інструмент, що забезпечує аутентифікацію для програм
 Name:		pam
 Version:	1.4.0
-Release:	8
+Release:	9
 Epoch:		1
 # The library is BSD licensed with option to relicense as GPLv2+
 # - this option is redundant as the BSD license allows that anyway.
@@ -51,6 +51,7 @@ Patch3:		%{name}-mkhomedir-notfound.patch
 Patch4:		%{name}-db-gdbm.patch
 Patch5:		%{name}-exec-failok.patch
 Patch6:		pam_console_pam_tty.patch
+Patch7:         no-force-pass-change.patch
 URL:		http://www.linux-pam.org/
 %{?with_audit:BuildRequires:	audit-libs-devel >= 1.6.9}
 BuildRequires:	autoconf >= 2.61
@@ -297,6 +298,7 @@ danych GDBM.
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+%patch7 -p1
 
 %build
 %{__libtoolize}
diff --git a/no-force-pass-change.patch b/no-force-pass-change.patch
new file mode 100644
index 0000000..989ca9c
--- /dev/null
+++ b/no-force-pass-change.patch
@@ -0,0 +1,11 @@
+--- Linux-PAM-1.4.0/modules/pam_unix/passverify.c~	2020-06-08 12:17:27.000000000 +0200
++++ Linux-PAM-1.4.0/modules/pam_unix/passverify.c	2023-03-09 13:12:17.643235815 +0100
+@@ -289,7 +289,7 @@ PAMH_ARG_DECL(int check_shadow_expiry,
+ 		D(("account expired"));
+ 		return PAM_ACCT_EXPIRED;
+ 	}
+-#if defined(CRYPT_CHECKSALT_AVAILABLE) && CRYPT_CHECKSALT_AVAILABLE
++#if 0 && defined(CRYPT_CHECKSALT_AVAILABLE) && CRYPT_CHECKSALT_AVAILABLE
+ 	if (spent->sp_lstchg == 0 ||
+ 	    crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_METHOD_LEGACY ||
+ 	    crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_TOO_CHEAP) {
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/pam.git/commitdiff/4691b922051424d8578b3b7165639866576670b6

More information about the pld-cvs-commit mailing list