shadow-selinux 4.15.0-1 update

author: Nicolas Iooss 2024-03-20 14:48:15 +0100
committer: Nicolas Iooss 2024-03-20 22:19:48 +0100
commit: 241bc36b8da9e162133dc0a2ac90f44e9139d1ca (patch)
tree: ce0d6602767d90be9f570d95d41f8b4208dbd991 /0002-Adapt-login.defs-for-PAM-and-util-linux.patch
parent: f337fc878ba0b6d5986dc0dcc6ce66064983bd87 (diff)
download: aur-241bc36b8da9e162133dc0a2ac90f44e9139d1ca.tar.gz
1 files changed, 38 insertions, 60 deletions
diff --git a/0002-Adapt-login.defs-for-PAM-and-util-linux.patch b/0002-Adapt-login.defs-for-PAM-and-util-linux.patch
index ccf24098c1e6..f4b24d1bf5fc 100644
--- a/0002-Adapt-login.defs-for-PAM-and-util-linux.patch
+++ b/0002-Adapt-login.defs-for-PAM-and-util-linux.patch
@@ -1,4 +1,4 @@
-From bb10dbe53f1c8613a9586d5255b878f3fc954ef1 Mon Sep 17 00:00:00 2001
+From f65ece73bcd44caaf8ff62c0f427f960be1f40f2 Mon Sep 17 00:00:00 2001
 From: David Runge <dvzrv@archlinux.org>
 Date: Mon, 31 Oct 2022 09:45:13 +0100
 Subject: [PATCH 2/3] Adapt login.defs for PAM and util-linux
@@ -65,12 +65,12 @@ from util-linux:
 man/login.defs.5.xml:
 Remove unavailable options from man 5 login.defs.
 ---
- etc/login.defs       | 228 +------------------------------------------
- man/login.defs.5.xml | 150 +---------------------------
- 2 files changed, 8 insertions(+), 370 deletions(-)
+ etc/login.defs       | 223 +------------------------------------------
+ man/login.defs.5.xml | 148 +---------------------------
+ 2 files changed, 8 insertions(+), 363 deletions(-)
 
 diff --git a/etc/login.defs b/etc/login.defs
-index 114dbcd9..797ca6b3 100644
+index 33622c29..797ca6b3 100644
 --- a/etc/login.defs
 +++ b/etc/login.defs
 @@ -3,6 +3,8 @@
@@ -245,7 +245,7 @@ index 114dbcd9..797ca6b3 100644
  # Default initial "umask" value used by login(1) on non-PAM enabled systems.
  # Default "umask" value for pam_umask(8) on PAM enabled systems.
  # UMASK is also used by useradd(8) and newusers(8) to set the mode for new
-@@ -211,27 +91,12 @@ UMASK		022
+@@ -211,22 +91,12 @@ UMASK		022
  #
  #	PASS_MAX_DAYS	Maximum number of days a password may be used.
  #	PASS_MIN_DAYS	Minimum number of days allowed between password changes.
@@ -265,15 +265,10 @@ index 114dbcd9..797ca6b3 100644
 -#
 -SU_WHEEL_ONLY	no
 -
--#
--# If compiled with cracklib support, sets the path to the dictionaries
--#
--CRACKLIB_DICTPATH	/var/cache/cracklib/cracklib_dict
--
  #
  # Min/max values for automatic uid selection in useradd(8)
  #
-@@ -268,28 +133,6 @@ LOGIN_RETRIES		5
+@@ -263,28 +133,6 @@ LOGIN_RETRIES		5
  #
  LOGIN_TIMEOUT		60
  
@@ -302,7 +297,7 @@ index 114dbcd9..797ca6b3 100644
  #
  # Which fields may be changed by regular users using chfn(1) - use
  # any combination of letters "frwh" (full name, room number, work
-@@ -298,38 +141,13 @@ CHFN_AUTH		yes
+@@ -293,38 +141,13 @@ CHFN_AUTH		yes
  #
  CHFN_RESTRICT		rwh
  
@@ -341,7 +336,7 @@ index 114dbcd9..797ca6b3 100644
  #
  # Note: If you use PAM, it is recommended to use a value consistent with
  # the PAM modules configuration.
-@@ -353,21 +171,6 @@ CHFN_RESTRICT		rwh
+@@ -348,21 +171,6 @@ CHFN_RESTRICT		rwh
  #SHA_CRYPT_MIN_ROUNDS 5000
  #SHA_CRYPT_MAX_ROUNDS 5000
  
@@ -363,7 +358,7 @@ index 114dbcd9..797ca6b3 100644
  #
  # Only works if ENCRYPT_METHOD is set to YESCRYPT.
  #
-@@ -381,17 +184,6 @@ CHFN_RESTRICT		rwh
+@@ -376,17 +184,6 @@ CHFN_RESTRICT		rwh
  #
  #YESCRYPT_COST_FACTOR 5
  
@@ -381,7 +376,7 @@ index 114dbcd9..797ca6b3 100644
  #
  # Should login be allowed if we can't cd to the home directory?
  # Default is no.
-@@ -406,12 +198,6 @@ DEFAULT_HOME	yes
+@@ -401,12 +198,6 @@ DEFAULT_HOME	yes
  #
  NONEXISTENT	/nonexistent
  
@@ -394,7 +389,7 @@ index 114dbcd9..797ca6b3 100644
  #
  # If defined, this command is run when removing a user.
  # It should remove any at/cron/print jobs etc. owned by
-@@ -459,14 +245,6 @@ USERGROUPS_ENAB yes
+@@ -454,14 +245,6 @@ USERGROUPS_ENAB yes
  #
  #GRANT_AUX_GROUP_SUBIDS yes
  
@@ -410,13 +405,14 @@ index 114dbcd9..797ca6b3 100644
  # Select the HMAC cryptography algorithm.
  # Used in pam_timestamp module to calculate the keyed-hash message
 diff --git a/man/login.defs.5.xml b/man/login.defs.5.xml
-index ab62fa86..d82c47f1 100644
+index 05ef5125..1ddf537e 100644
 --- a/man/login.defs.5.xml
 +++ b/man/login.defs.5.xml
-@@ -7,69 +7,38 @@
+@@ -7,70 +7,38 @@
  -->
  <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.5//EN" 
    "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+-<!ENTITY BCRYPT_MIN_ROUNDS     SYSTEM "login.defs.d/BCRYPT_MIN_ROUNDS.xml">
 -<!ENTITY CHFN_AUTH             SYSTEM "login.defs.d/CHFN_AUTH.xml">
  <!ENTITY CHFN_RESTRICT         SYSTEM "login.defs.d/CHFN_RESTRICT.xml">
 -<!ENTITY CHSH_AUTH             SYSTEM "login.defs.d/CHSH_AUTH.xml">
@@ -483,10 +479,11 @@ index ab62fa86..d82c47f1 100644
  <!ENTITY UMASK                 SYSTEM "login.defs.d/UMASK.xml">
  <!ENTITY USERDEL_CMD           SYSTEM "login.defs.d/USERDEL_CMD.xml">
  <!ENTITY USERGROUPS_ENAB       SYSTEM "login.defs.d/USERGROUPS_ENAB.xml">
-@@ -145,47 +114,25 @@
+@@ -147,48 +115,25 @@
      <para>The following configuration items are provided:</para>
  
      <variablelist remap='IP'>
+-      &BCRYPT_MIN_ROUNDS; <!-- documents also BCRYPT_MAX_ROUNDS -->
 -      &CHFN_AUTH;
        &CHFN_RESTRICT;
 -      &CHSH_AUTH;
@@ -531,7 +528,7 @@ index ab62fa86..d82c47f1 100644
        &PASS_MAX_DAYS;
        &PASS_MIN_DAYS;
        &PASS_WARN_AGE;
-@@ -195,25 +142,16 @@
+@@ -198,25 +143,16 @@
          time of account creation. Any changes to these settings won't affect
          existing accounts.
        </para>
@@ -557,35 +554,16 @@ index ab62fa86..d82c47f1 100644
        &UMASK;
        &USERDEL_CMD;
        &USERGROUPS_ENAB;
-@@ -239,9 +177,7 @@
- 	<term>chfn</term>
- 	<listitem>
- 	  <para>
--	    <phrase condition="no_pam">CHFN_AUTH</phrase>
- 	    CHFN_RESTRICT
--	    <phrase condition="no_pam">LOGIN_STRING</phrase>
- 	  </para>
- 	</listitem>
-       </varlistentry>
-@@ -249,7 +185,7 @@
- 	<term>chgpasswd</term>
- 	<listitem>
+@@ -255,7 +191,7 @@
  	  <para>
+ 	    <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ 	    BCRYPT_MIN_ROUNDS</phrase>
 -	    ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
 +	    ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
  	    <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
  	    SHA_CRYPT_MIN_ROUNDS</phrase>
- 	  </para>
-@@ -259,8 +195,6 @@
- 	<term>chpasswd</term>
- 	<listitem>
- 	  <para>
--	    <phrase condition="no_pam">ENCRYPT_METHOD
--	    MD5_CRYPT_ENAB </phrase>
- 	    <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
- 	    SHA_CRYPT_MIN_ROUNDS</phrase>
- 	  </para>
-@@ -270,7 +204,7 @@
+ 	    <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
+@@ -280,7 +216,7 @@
  	<term>chsh</term>
  	<listitem>
  	  <para>
@@ -594,16 +572,16 @@ index ab62fa86..d82c47f1 100644
  	  </para>
  	</listitem>
        </varlistentry>
-@@ -280,7 +214,7 @@
- 	<term>gpasswd</term>
- 	<listitem>
+@@ -292,7 +228,7 @@
  	  <para>
+ 	    <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ 	    BCRYPT_MIN_ROUNDS</phrase>
 -	    ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
 +	    ENCRYPT_METHOD MAX_MEMBERS_PER_GROUP
  	    <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
  	    SHA_CRYPT_MIN_ROUNDS</phrase>
- 	  </para>
-@@ -339,35 +273,6 @@
+ 	    <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
+@@ -352,35 +288,6 @@
  	  <para>LASTLOG_UID_MAX</para>
  	</listitem>
        </varlistentry>
@@ -639,8 +617,8 @@ index ab62fa86..d82c47f1 100644
        <varlistentry>
  	<term>newgrp / sg</term>
  	<listitem>
-@@ -382,7 +287,7 @@
- 	  <para>
+@@ -397,7 +304,7 @@
+ 	    BCRYPT_MIN_ROUNDS</phrase>
  	    ENCRYPT_METHOD
  	    GID_MAX GID_MIN
 -	    MAX_MEMBERS_PER_GROUP MD5_CRYPT_ENAB
@@ -648,17 +626,17 @@ index ab62fa86..d82c47f1 100644
  	    HOME_MODE
  	    PASS_MAX_DAYS PASS_MIN_DAYS PASS_WARN_AGE
  	    <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
-@@ -399,8 +304,7 @@
- 	<term>passwd</term>
- 	<listitem>
+@@ -417,8 +324,7 @@
  	  <para>
+ 	    <phrase condition="bcrypt">BCRYPT_MAX_ROUNDS
+ 	    BCRYPT_MIN_ROUNDS</phrase>
 -	    ENCRYPT_METHOD MD5_CRYPT_ENAB OBSCURE_CHECKS_ENAB
 -	    PASS_ALWAYS_WARN PASS_CHANGE_TRIES PASS_MAX_LEN PASS_MIN_LEN
 +	    ENCRYPT_METHOD
  	    <phrase condition="sha_crypt">SHA_CRYPT_MAX_ROUNDS
  	    SHA_CRYPT_MIN_ROUNDS</phrase>
- 	  </para>
-@@ -432,32 +336,6 @@
+ 	    <phrase condition="yescrypt">YESCRYPT_COST_FACTOR</phrase>
+@@ -451,32 +357,6 @@
  	  </para>
  	</listitem>
        </varlistentry>
@@ -679,19 +657,19 @@ index ab62fa86..d82c47f1 100644
 -	  </para>
 -	</listitem>
 -      </varlistentry>
--      <varlistentry>
+-      <varlistentry condition="no_pam">
 -	<term>sulogin</term>
 -	<listitem>
 -	  <para>
 -	    ENV_HZ
--	    <phrase condition="no_pam">ENV_TZ</phrase>
+-	    ENV_TZ
 -	  </para>
 -	</listitem>
 -      </varlistentry>
        <varlistentry>
  	<term>useradd</term>
  	<listitem>
-@@ -486,24 +364,6 @@
+@@ -505,24 +385,6 @@
  	  </para>
  	</listitem>
        </varlistentry>
author	Nicolas Iooss	2024-03-20 14:48:15 +0100
committer	Nicolas Iooss	2024-03-20 22:19:48 +0100
commit	241bc36b8da9e162133dc0a2ac90f44e9139d1ca (patch)
tree	ce0d6602767d90be9f570d95d41f8b4208dbd991 /0002-Adapt-login.defs-for-PAM-and-util-linux.patch
parent	f337fc878ba0b6d5986dc0dcc6ce66064983bd87 (diff)
download	aur-241bc36b8da9e162133dc0a2ac90f44e9139d1ca.tar.gz