Summary: Programs for handling passwords in a secure way Name: shadow Version: 4.2.1 Release: 12%{?dist} URL: http://pkg-shadow.alioth.debian.org/ License: BSD Group: Applications/System Vendor: VMware, Inc. Distribution: Photon Source0: http://pkg-shadow.alioth.debian.org/releases/%{name}-%{version}.tar.xz %define sha1 shadow=0917cbadd4ce0c7c36670e5ecd37bbed92e6d82d Source1: chage Source2: chpasswd Source3: login Source4: other Source5: passwd Source6: sshd Source7: su Source8: system-account Source9: system-auth Source10: system-password Source11: system-session Patch0: chkname-allowcase.patch Patch1: shadow-4.2.1-CVE-2016-6252-fix.patch Patch2: shadow-4.2.1-CVE-2017-12424.patch BuildRequires: cracklib BuildRequires: cracklib-devel Requires: cracklib Requires: cracklib-dicts BuildRequires: Linux-PAM Requires: Linux-PAM %description The Shadow package contains programs for handling passwords in a secure way. %prep %setup -q -n %{name}-%{version} %patch0 -p1 %patch1 -p1 %patch2 -p1 sed -i 's/groups$(EXEEXT) //' src/Makefile.in find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \; sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ -e 's@/var/spool/mail@/var/mail@' etc/login.defs sed -i 's@DICTPATH.*@DICTPATH\t/usr/share/cracklib/pw_dict@' \ etc/login.defs %build ./configure \ --sysconfdir=/etc \ --with-libpam \ --with-libcrack \ --with-group-name-max-length=32 make %{?_smp_mflags} %install make DESTDIR=%{buildroot} install install -vdm 755 %{buildroot}/bin mv -v %{buildroot}%{_bindir}/passwd %{buildroot}/bin sed -i 's/yes/no/' %{buildroot}/etc/default/useradd # Use group id 100(users) by default sed -i 's/GROUP.*/GROUP=100/' %{buildroot}/etc/default/useradd # Disable usergroups. Use "users" group by default (see /etc/default/useradd) # for all nonroot users. sed -i 's/USERGROUPS_ENAB.*/USERGROUPS_ENAB no/' %{buildroot}/etc/login.defs cp etc/{limits,login.access} %{buildroot}/etc for FUNCTION in FAIL_DELAY \ FAILLOG_ENAB \ LASTLOG_ENAB \ MAIL_CHECK_ENAB \ OBSCURE_CHECKS_ENAB \ PORTTIME_CHECKS_ENAB \ QUOTAS_ENAB \ CONSOLE MOTD_FILE \ FTMP_FILE NOLOGINS_FILE \ ENV_HZ PASS_MIN_LEN \ SU_WHEEL_ONLY \ CRACKLIB_DICTPATH \ PASS_CHANGE_TRIES \ PASS_ALWAYS_WARN \ CHFN_AUTH ENCRYPT_METHOD \ ENVIRON_FILE do sed -i "s/^${FUNCTION}/# &/" %{buildroot}/etc/login.defs done sed -i "s/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/" %{buildroot}/etc/login.defs install -vm644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE6} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE7} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE8} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE9} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE11} %{buildroot}%{_sysconfdir}/pam.d/ for PROGRAM in chfn chgpasswd chsh groupadd groupdel \ groupmems groupmod newusers useradd userdel usermod do install -v -m644 %{buildroot}%{_sysconfdir}/pam.d/chage %{buildroot}%{_sysconfdir}/pam.d/${PROGRAM} sed -i "s/chage/$PROGRAM/" %{buildroot}%{_sysconfdir}/pam.d/${PROGRAM} done %find_lang %{name} %post %{_sbindir}/pwconv %{_sbindir}/grpconv %files -f %{name}.lang %defattr(-,root,root) %config(noreplace) /etc/login.defs %config(noreplace) /etc/login.access %config(noreplace) /etc/default/useradd %config(noreplace) /etc/limits /bin/* /sbin/nologin %{_bindir}/* %{_sbindir}/* %{_mandir}/*/* %config(noreplace) %{_sysconfdir}/pam.d/* %changelog * Fri Apr 20 2018 Alexey Makhalov <amakhalov@vmware.com> 4.2.1-12 - Move pam.d config file to here for better tracking. - Add pam_loginuid module as optional in a session. * Tue Aug 15 2017 Anish Swaminathan <anishs@vmware.com> 4.2.1-11 - Added fix for CVE-2017-12424 * Fri Jun 30 2017 Harish Udaiya Kumar <hudaiyakumar@vmware.com> 4.2.1-10 - Added fix for CVE-2016-6252 * Thu Apr 27 2017 Divya Thaluru <dthaluru@vmware.com> 4.2.1-9 - Allow '.' in username * Tue Jun 21 2016 Divya Thaluru <dthaluru@vmware.com> 4.2.1-8 - Added logic to not replace pam.d conf files in upgrade scenario * Fri May 27 2016 Divya Thaluru <dthaluru@vmware.com> 4.2.1-7 - Adding pam_cracklib module as requisite to pam password configuration * Wed May 25 2016 Divya Thaluru <dthaluru@vmware.com> 4.2.1-6 - Modifying pam_systemd module as optional in a session * Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 4.2.1-5 - GA - Bump release of all rpms * Mon May 2 2016 Xiaolin Li <xiaolinl@vmware.com> 4.2.1-4 - Enabling pam_systemd module in a session. * Fri Apr 29 2016 Divya Thaluru <dthaluru@vmware.com> 4.2.1-3 - Setting password aging limits to 90 days * Wed Apr 27 2016 Divya Thaluru <dthaluru@vmware.com> 4.2.1-3 - Setting password aging limits to 365 days * Wed Mar 23 2016 Divya Thaluru <dthaluru@vmware.com> 4.2.1-2 - Enabling pam_limits module in a session * Tue Jan 12 2016 Anish Swaminathan <anishs@vmware.com> 4.2.1-1 - Update version * Wed Dec 2 2015 Divya Thaluru <dthaluru@vmware.com> 4.1.5.1-6 - Fixed PAM Configuration file for passwd * Mon Oct 26 2015 Sharath George <sharathg@vmware.com> 4.1.5.1-5 - Allow mixed case in username. * Mon Jun 29 2015 Divya Thaluru <dthaluru@vmware.com> 4.1.5.1-4 - Fixed PAM Configuration file for chpasswd * Tue Jun 16 2015 Alexey Makhalov <amakhalov@vmware.com> 4.1.5.1-3 - Use group id 100(users) by default * Wed May 27 2015 Divya Thaluru <dthaluru@vmware.com> 4.1.5.1-2 - Adding PAM support * Wed Nov 5 2014 Divya Thaluru <dthaluru@vmware.com> 4.1.5.1-1 - Initial build. First version