diff options
| author | Steve Langasek <vorlon@debian.org> | 2021-12-06 11:11:31 -0800 |
|---|---|---|
| committer | Steve Langasek <vorlon@debian.org> | 2021-12-06 11:11:31 -0800 |
| commit | a3d540fc9aab544f53eb4d2035454a12820bd02d (patch) | |
| tree | c0ff911dfb5b5d5e719c747165c526681420cb79 /debian/patches-applied/pam_unix_avoid_checksalt | |
| parent | ea04efa24985743014da9dd22c0581cbaef82ede (diff) | |
| parent | 17efd306e797a3fe46564896de31583c2c99f338 (diff) | |
| download | pam-a3d540fc9aab544f53eb4d2035454a12820bd02d.tar.gz pam-a3d540fc9aab544f53eb4d2035454a12820bd02d.tar.bz2 pam-a3d540fc9aab544f53eb4d2035454a12820bd02d.zip | |
pam (1.4.0-11) unstable; urgency=medium
* Whitespace fixes in debconf templates.
[ Sergio Durigan Junior ]
* d/p/pam_env-allow-environment-files-without-EOL-at-EOF.patch:
Allow /etc/environment files without EOL at EOF. In other words,
allow files without a newline at the end. (LP: #1953201)
[dgit import unpatched pam 1.4.0-11]
Diffstat (limited to 'debian/patches-applied/pam_unix_avoid_checksalt')
| -rw-r--r-- | debian/patches-applied/pam_unix_avoid_checksalt | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/debian/patches-applied/pam_unix_avoid_checksalt b/debian/patches-applied/pam_unix_avoid_checksalt new file mode 100644 index 00000000..5a441145 --- /dev/null +++ b/debian/patches-applied/pam_unix_avoid_checksalt @@ -0,0 +1,43 @@ +debian-bug: #992848 +upstream-bug: https://github.com/linux-pam/linux-pam/issues/367 + + +From 980d90c9232fe5325d1a4deddd42c597cf9e1a54 Mon Sep 17 00:00:00 2001 +From: "Dmitry V. Levin" <ldv@altlinux.org> +Date: Thu, 10 Jun 2021 14:00:00 +0000 +Subject: [PATCH] pam_unix: do not use crypt_checksalt when checking for + password expiration + +According to Zack Weinberg, the intended meaning of +CRYPT_SALT_METHOD_LEGACY is "passwd(1) should not use this hashing +method", it is not supposed to mean "force a password change on next +login for any user with an existing stored hash using this method". + +This reverts commit 4da9febc39b955892a30686e8396785b96bb8ba5. + +* modules/pam_unix/passverify.c (check_shadow_expiry) +[CRYPT_CHECKSALT_AVAILABLE]: Remove. + +Closes: https://github.com/linux-pam/linux-pam/issues/367 +--- + modules/pam_unix/passverify.c | 6 ------ + 1 file changed, 6 deletions(-) + +diff --git a/modules/pam_unix/passverify.c b/modules/pam_unix/passverify.c +index f6132f805..5a19ed856 100644 +--- a/modules/pam_unix/passverify.c ++++ b/modules/pam_unix/passverify.c +@@ -289,13 +289,7 @@ PAMH_ARG_DECL(int check_shadow_expiry, + D(("account expired")); + return PAM_ACCT_EXPIRED; + } +-#if defined(CRYPT_CHECKSALT_AVAILABLE) && CRYPT_CHECKSALT_AVAILABLE +- if (spent->sp_lstchg == 0 || +- crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_METHOD_LEGACY || +- crypt_checksalt(spent->sp_pwdp) == CRYPT_SALT_TOO_CHEAP) { +-#else + if (spent->sp_lstchg == 0) { +-#endif + D(("need a new password")); + *daysleft = 0; + return PAM_NEW_AUTHTOK_REQD; |