Summary: Programs for handling passwords in a secure way Name: shadow Version: 4.2.1 Release: 16%{?dist} URL: http://pkg-shadow.alioth.debian.org/ License: BSD Group: Applications/System Vendor: VMware, Inc. Distribution: Photon Source0: http://pkg-shadow.alioth.debian.org/releases/%{name}-%{version}.tar.xz %define sha1 shadow=0917cbadd4ce0c7c36670e5ecd37bbed92e6d82d Source1: chage Source2: chpasswd Source3: login Source4: other Source5: passwd Source6: sshd Source7: su Source8: system-account Source9: system-auth Source10: system-password Source11: system-session Patch0: chkname-allowcase.patch Patch1: shadow-4.2.1-CVE-2016-6252-fix.patch Patch2: shadow-4.2.1-CVE-2017-12424.patch Patch3: shadow-4.2.1-CVE-2018-7169.patch BuildRequires: cracklib BuildRequires: cracklib-devel Requires: cracklib BuildRequires: Linux-PAM-devel Requires: Linux-PAM Requires: (%{name}-tools = %{version}-%{release} or toybox) %description The Shadow package contains programs for handling passwords in a secure way. %package tools Summary: Contains subset of tools which might be replaced by toybox Group: Applications/System Requires: %{name} = %{version}-%{release} %description tools Contains subset of tools which might be replaced by toybox %package lang Summary: Additional language files for shadow Group: Applications/System Requires: %{name} = %{version}-%{release} %description lang These are the additional language files of shadow. %prep %setup -q -n %{name}-%{version} %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 sed -i 's/groups$(EXEEXT) //' src/Makefile.in find man -name Makefile.in -exec sed -i 's/groups\.1 / /' {} \; sed -i -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \ -e 's@/var/spool/mail@/var/mail@' etc/login.defs sed -i 's@DICTPATH.*@DICTPATH\t/usr/share/cracklib/pw_dict@' \ etc/login.defs %build ./configure \ --sysconfdir=/etc \ --with-libpam \ --with-libcrack \ --with-group-name-max-length=32 make %{?_smp_mflags} %install make DESTDIR=%{buildroot} install install -vdm 755 %{buildroot}/bin mv -v %{buildroot}%{_bindir}/passwd %{buildroot}/bin sed -i 's/yes/no/' %{buildroot}/etc/default/useradd # Use group id 100(users) by default sed -i 's/GROUP.*/GROUP=100/' %{buildroot}/etc/default/useradd # Disable usergroups. Use "users" group by default (see /etc/default/useradd) # for all nonroot users. sed -i 's/USERGROUPS_ENAB.*/USERGROUPS_ENAB no/' %{buildroot}/etc/login.defs cp etc/{limits,login.access} %{buildroot}/etc for FUNCTION in FAIL_DELAY \ FAILLOG_ENAB \ LASTLOG_ENAB \ MAIL_CHECK_ENAB \ OBSCURE_CHECKS_ENAB \ PORTTIME_CHECKS_ENAB \ QUOTAS_ENAB \ CONSOLE MOTD_FILE \ FTMP_FILE NOLOGINS_FILE \ ENV_HZ PASS_MIN_LEN \ SU_WHEEL_ONLY \ CRACKLIB_DICTPATH \ PASS_CHANGE_TRIES \ PASS_ALWAYS_WARN \ CHFN_AUTH ENCRYPT_METHOD \ ENVIRON_FILE do sed -i "s/^${FUNCTION}/# &/" %{buildroot}/etc/login.defs done sed -i "s/^PASS_MAX_DAYS.*/PASS_MAX_DAYS 90/" %{buildroot}/etc/login.defs install -vm644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE5} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE6} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE7} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE8} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE9} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE10} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE11} %{buildroot}%{_sysconfdir}/pam.d/ for PROGRAM in chfn chgpasswd chsh groupadd groupdel \ groupmems groupmod newusers useradd userdel usermod do install -v -m644 %{buildroot}%{_sysconfdir}/pam.d/chage %{buildroot}%{_sysconfdir}/pam.d/${PROGRAM} sed -i "s/chage/$PROGRAM/" %{buildroot}%{_sysconfdir}/pam.d/${PROGRAM} done %find_lang %{name} %check make %{?_smp_mflags} check %post %{_sbindir}/pwconv %{_sbindir}/grpconv %files %defattr(-,root,root) %config(noreplace) /etc/login.defs %config(noreplace) /etc/login.access %config(noreplace) /etc/default/useradd %config(noreplace) /etc/limits /sbin/nologin %{_bindir}/* %{_sbindir}/* %{_mandir}/man1 %{_mandir}/man5 %{_mandir}/man8 %exclude %{_mandir}/cs %exclude %{_mandir}/da %exclude %{_mandir}/de %exclude %{_mandir}/fi %exclude %{_mandir}/fr %exclude %{_mandir}/hu %exclude %{_mandir}/id %exclude %{_mandir}/it %exclude %{_mandir}/ja %exclude %{_mandir}/ko %exclude %{_mandir}/man3 %exclude %{_mandir}/pl %exclude %{_mandir}/pt_BR %exclude %{_mandir}/ru %exclude %{_mandir}/sv %exclude %{_mandir}/tr %exclude %{_mandir}/zh_CN %exclude %{_mandir}/zh_TW %config(noreplace) %{_sysconfdir}/pam.d/* %files tools %defattr(-,root,root) /bin/* %files lang -f %{name}.lang %defattr(-,root,root) %changelog * Mon Jul 30 2018 Tapas Kundu <tkundu@vmware.com> 4.2.1-16 - Added fix for CVE-2018-7169 * Fri Apr 20 2018 Alexey Makhalov <amakhalov@vmware.com> 4.2.1-15 - Move pam.d config file to here for better tracking. - Add pam_loginuid module as optional in a session. * Tue Oct 10 2017 Alexey Makhalov <amakhalov@vmware.com> 4.2.1-14 - Added -tools subpackage - Main package requires -tools or toybox * Tue Aug 15 2017 Anish Swaminathan <anishs@vmware.com> 4.2.1-13 - Added fix for CVE-2017-12424, CVE-2016-6252 * Thu Apr 27 2017 Divya Thaluru <dthaluru@vmware.com> 4.2.1-12 - Allow '.' in username * Wed Dec 07 2016 Xiaolin Li <xiaolinl@vmware.com> 4.2.1-11 - BuildRequires Linux-PAM-devel * Wed Nov 23 2016 Alexey Makhalov <amakhalov@vmware.com> 4.2.1-10 - Added -lang subpackage * Mon Oct 04 2016 ChangLee <changlee@vmware.com> 4.2.1-9 - Modified %check * Tue Jun 21 2016 Divya Thaluru <dthaluru@vmware.com> 4.2.1-8 - Added logic to not replace pam.d conf files in upgrade scenario * Fri May 27 2016 Divya Thaluru <dthaluru@vmware.com> 4.2.1-7 - Adding pam_cracklib module as requisite to pam password configuration * Wed May 25 2016 Divya Thaluru <dthaluru@vmware.com> 4.2.1-6 - Modifying pam_systemd module as optional in a session * Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 4.2.1-5 - GA - Bump release of all rpms * Mon May 2 2016 Xiaolin Li <xiaolinl@vmware.com> 4.2.1-4 - Enabling pam_systemd module in a session. * Fri Apr 29 2016 Divya Thaluru <dthaluru@vmware.com> 4.2.1-3 - Setting password aging limits to 90 days * Wed Apr 27 2016 Divya Thaluru <dthaluru@vmware.com> 4.2.1-3 - Setting password aging limits to 365 days * Wed Mar 23 2016 Divya Thaluru <dthaluru@vmware.com> 4.2.1-2 - Enabling pam_limits module in a session * Tue Jan 12 2016 Anish Swaminathan <anishs@vmware.com> 4.2.1-1 - Update version * Wed Dec 2 2015 Divya Thaluru <dthaluru@vmware.com> 4.1.5.1-6 - Fixed PAM Configuration file for passwd * Mon Oct 26 2015 Sharath George <sharathg@vmware.com> 4.1.5.1-5 - Allow mixed case in username. * Mon Jun 29 2015 Divya Thaluru <dthaluru@vmware.com> 4.1.5.1-4 - Fixed PAM Configuration file for chpasswd * Tue Jun 16 2015 Alexey Makhalov <amakhalov@vmware.com> 4.1.5.1-3 - Use group id 100(users) by default * Wed May 27 2015 Divya Thaluru <dthaluru@vmware.com> 4.1.5.1-2 - Adding PAM support * Wed Nov 5 2014 Divya Thaluru <dthaluru@vmware.com> 4.1.5.1-1 - Initial build. First version