packages/libpwquality
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:6193d5e5e3beafc0e167c9f155ddae23f457f421
Branches Tags
packages:main
...
compare: packages:3f5e9380817a4a16bd5faea89fb9fc89d5e44592
Branches Tags
packages:main

10 Commits
6193d5e5e3 ... 3f5e938081

Author SHA1 Message Date
openeuler-ci-bot
3f5e938081
!32 【openEuler-20.03-LTS-SP4】Make maxclassrepeat=1 behavior consistent with docs 
From: @yixiangzhike 
Reviewed-by: @houmingyong 
Signed-off-by: @houmingyong
 2024-07-02 07:23:51 +00:00
yixiangzhike
9fa9386543 Make maxclassrepeat=1 behavior consistent with docs 2024-07-02 14:58:01 +08:00
openeuler-ci-bot
e4ea77d392
!27 【openEuler-20.03-LTS-SP3】Change the files order in patch file fix-doc-about-difok 
From: @yixiangzhike 
Reviewed-by: @houmingyong 
Signed-off-by: @houmingyong
 2022-08-23 09:01:20 +00:00
yixiangzhike
18517a111a Change the files order in patch file fix-doc-about-difok 
Signed-off-by: yixiangzhike <yixiangzhike007@163.com>
 2022-08-23 16:11:34 +08:00
openeuler-ci-bot
44f6cbb417
!21 【openEuler-20.03-LTS-SP3】Fix doc about difok 
From: @yixiangzhike 
Reviewed-by: @houmingyong 
Signed-off-by: @houmingyong
 2022-08-11 01:39:38 +00:00
yixiangzhike
31046537d7 Fix doc about difok 
Signed-off-by: yixiangzhike <yixiangzhike007@163.com>
 2022-08-10 16:29:37 +08:00
openeuler-ci-bot
b88a4f2dec
!12 【轻量级PR】修正changelog中的错误日期 
From: @konglidong 
Reviewed-by: @zhujianwei001 
Signed-off-by: @zhujianwei001
 2022-06-01 02:29:00 +00:00
konglidong
5fb50794e2 modify bogus date in %changelog 2022-05-07 14:34:18 +08:00
openeuler-ci-bot
abbe80816b !4 update to 1.4.2 
Merge pull request !4 from Liquor/openEuler-20.03-LTS
 2020-08-26 16:37:51 +08:00
liquor
2c821a14a2 update to 1.4.2 2020-08-25 16:23:44 +08:00
7 changed files with 141 additions and 125 deletions
Show Stats Expand all files Collapse all files

46
0001-Fix-harmless-one-byte-buffer-underflow-on-read.patch
View File

@ -1,46 +0,0 @@
From 9d6140b4c37f39cdd0c1947adf07dc5ca1762055 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Tue, 26 Mar 2019 10:12:09 +0100
Subject: [PATCH 1/2] Fix harmless one byte buffer underflow on read
When settings file has comments spanning a whole line there
is harmless one byte read before the line buffer.
Thanks Emiel Bruijntjes for finding the issue.
---
src/settings.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/settings.c b/src/settings.c
index 4f11537..922a55d 100644
--- a/src/settings.c
+++ b/src/settings.c
@@ -134,7 +134,8 @@ read_config_file(pwquality_settings_t *pwq, const char *cfgfile, void **auxerror
int eq;
len = strlen(linebuf);
- if (linebuf[len - 1] != '\n' && !feof(f)) {
+ /* len cannot be 0 unless there is a bug in fgets */
+ if (len && linebuf[len - 1] != '\n' && !feof(f)) {
(void) fclose(f);
return PWQ_ERROR_CFGFILE_MALFORMED;
}
@@ -146,13 +147,13 @@ read_config_file(pwquality_settings_t *pwq, const char *cfgfile, void **auxerror
}
/* drop terminating whitespace including the \n */
- do {
+ while (ptr > linebuf) {
if (!isspace(*(ptr-1))) {
*ptr = '\0';
break;
}
--ptr;
- } while (ptr > linebuf);
+ }
/* skip initial whitespace */
for (ptr = linebuf; isspace(*ptr); ptr++);
--
1.8.3.1

69
0006-pam_pwquality-Abort-the-retry-loop-when-user-cancels.patch
View File

@ -1,69 +0,0 @@
From bddd1dfe5a13e39e04ed1593cba4263dfd528fad Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 17 May 2018 15:32:16 +0200
Subject: [PATCH 06/11] pam_pwquality: Abort the retry loop when user cancels
prompt
The retry loop must be aborted for any pam_get_authtok() error
except for PAM_TRY_AGAIN.
Fixes: #7
---
src/pam_pwquality.c | 26 +++++++++++++++-----------
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/src/pam_pwquality.c b/src/pam_pwquality.c
index dd72380..9c9849d 100644
--- a/src/pam_pwquality.c
+++ b/src/pam_pwquality.c
@@ -209,11 +209,12 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
*/
retval = pam_get_authtok_noverify(pamh, &newtoken, NULL);
- if (retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_ERR, "pam_get_authtok_noverify returned error: %s",
- pam_strerror(pamh, retval));
- continue;
- } else if (newtoken == NULL) { /* user aborted password change, quit */
+ if (retval != PAM_SUCCESS || newtoken == NULL) {
+ if (retval == PAM_AUTHTOK_ERR || newtoken == NULL)
+ pam_syslog(pamh, LOG_INFO, "user aborted password change");
+ else
+ pam_syslog(pamh, LOG_ERR, "pam_get_authtok_noverify returned error: %s",
+ pam_strerror(pamh, retval));
pwquality_free_settings(options.pwq);
return PAM_AUTHTOK_ERR;
}
@@ -248,12 +249,15 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
}
retval = pam_get_authtok_verify(pamh, &newtoken, NULL);
- if (retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_ERR, "pam_get_authtok_verify returned error: %s",
- pam_strerror(pamh, retval));
+ if (retval != PAM_SUCCESS || newtoken == NULL) {
pam_set_item(pamh, PAM_AUTHTOK, NULL);
- continue;
- } else if (newtoken == NULL) { /* user aborted password change, quit */
+ if (retval == PAM_TRY_AGAIN)
+ continue;
+ if (retval == PAM_AUTHTOK_ERR || newtoken == NULL)
+ pam_syslog(pamh, LOG_INFO, "user aborted password change");
+ else
+ pam_syslog(pamh, LOG_ERR, "pam_get_authtok_verify returned error: %s",
+ pam_strerror(pamh, retval));
pwquality_free_settings(options.pwq);
return PAM_AUTHTOK_ERR;
}
@@ -270,7 +274,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
if (options.retry_times > 1)
return PAM_MAXTRIES;
else
- return retval;
+ return PAM_AUTHTOK_ERR;
} else {
pwquality_free_settings(options.pwq);
if (ctrl & PAM_DEBUG_ARG)
--
1.8.3.1

28
backport-Make-maxclassrepeat-1-behavior-consistent-with-docs.patch Normal file
View File

@ -0,0 +1,28 @@
From 2f6cd189bde18f5e73ed0a24c731681b085fc874 Mon Sep 17 00:00:00 2001
From: fdub <fdub@users.noreply.github.com>
Date: Wed, 1 Nov 2023 15:29:32 +0100
Subject: [PATCH] Make maxclassrepeat=1 behavior consistent with docs
When setting maxclassrepeat=1, the rule would be inactive and allow passwords containing 2 consecutive characters from the same class. Only when setting maxclassrepeat>=2, the rule would behave as expected.
This issue was already addressed in pam_cracklib many years ago: https://github.com/linux-pam/linux-pam/pull/9
---
src/check.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/check.c b/src/check.c
index d24bebc..79d4c9c 100644
--- a/src/check.c
+++ b/src/check.c
@@ -238,7 +238,7 @@ simple(pwquality_settings_t *pwq, const char *new, void **auxerror)
} else
sameclass++;
}
- if (pwq->max_class_repeat > 1 && sameclass > pwq->max_class_repeat) {
+ if (pwq->max_class_repeat > 0 && sameclass > pwq->max_class_repeat) {
if (auxerror)
*auxerror = (void *)(long)pwq->max_class_repeat;
return PWQ_ERROR_MAX_CLASS_REPEAT;
--
2.33.0

81
fix-doc-about-difok.patch Normal file
View File

@ -0,0 +1,81 @@
From 950ef20f494efad610dcd150db8c8b004c2b1c0d Mon Sep 17 00:00:00 2001
From: yixiangzhike <yixiangzhike007@163.com>
Date: Wed, 10 Aug 2022 15:34:03 +0800
Subject: [PATCH] fix doc about difok
---
doc/man/pam_pwquality.8.pod | 2 +-
doc/man/pam_pwquality.8 | 2 +-
doc/man/pwquality.conf.5.pod | 2 +-
doc/man/pwquality.conf.5 | 2 +-
src/pwquality.conf | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/doc/man/pam_pwquality.8.pod b/doc/man/pam_pwquality.8.pod
index 7a74b48..4734a24 100644
--- a/doc/man/pam_pwquality.8.pod
+++ b/doc/man/pam_pwquality.8.pod
@@ -102,7 +102,7 @@ I<1>.
=item B<difok=>I<N>
-This argument will change the default of I<1> for the number of changes in
+This argument will change the default of I<5> for the number of changes in
the new password from the old password.
The special value of I<0> disables all checks of similarity of the new password
diff --git a/doc/man/pam_pwquality.8 b/doc/man/pam_pwquality.8
index 030223d..670d562 100644
--- a/doc/man/pam_pwquality.8
+++ b/doc/man/pam_pwquality.8
@@ -156,7 +156,7 @@ Prompt user at most \fIN\fR times before returning with error. The default is
\&\fI1\fR.
.IP "\fBdifok=\fR\fIN\fR" 4
.IX Item "difok=N"
-This argument will change the default of \fI1\fR for the number of changes in
+This argument will change the default of \fI5\fR for the number of changes in
the new password from the old password.
.Sp
The special value of \fI0\fR disables all checks of similarity of the new password
diff --git a/doc/man/pwquality.conf.5.pod b/doc/man/pwquality.conf.5.pod
index ada22d0..c7c44cb 100644
--- a/doc/man/pwquality.conf.5.pod
+++ b/doc/man/pwquality.conf.5.pod
@@ -34,7 +34,7 @@ The possible options in the file are:
=item B<difok>
Number of characters in the new password that must not be present in the
-old password. (default 1)
+old password. (default 5)
The special value of 0 disables all checks of similarity of the new password
with the old password except the new password being exactly the same as
diff --git a/doc/man/pwquality.conf.5 b/doc/man/pwquality.conf.5
index 1093aeb..7ed1992 100644
--- a/doc/man/pwquality.conf.5
+++ b/doc/man/pwquality.conf.5
@@ -103,7 +103,7 @@ The possible options in the file are:
.IP "\fBdifok\fR" 4
.IX Item "difok"
Number of characters in the new password that must not be present in the
-old password. (default 1)
+old password. (default 5)
.Sp
The special value of 0 disables all checks of similarity of the new password
with the old password except the new password being exactly the same as
diff --git a/src/pwquality.conf b/src/pwquality.conf
index ace3d5f..cb3e99c 100644
--- a/src/pwquality.conf
+++ b/src/pwquality.conf
@@ -3,7 +3,7 @@
#
# Number of characters in the new password that must not be present in the
# old password.
-# difok = 1
+# difok = 5
#
# Minimum acceptable size for the new password (plus one if
# credits are not disabled which is the default). (See pam_cracklib manual.)
--
2.27.0

BIN
libpwquality-1.4.0.tar.bz2
View File

Binary file not shown.

BIN
libpwquality-1.4.2.tar.bz2 Normal file
View File

Binary file not shown.

42
libpwquality.spec
View File

@ -2,20 +2,17 @@
%define _secconfdir %{_sysconfdir}/security
Name: libpwquality
Version: 1.4.0
Release: 12
Version: 1.4.2
Release: 4
Summary: Library for password quality checking and generating random passwords.
License: BSD or GPLv2+
URL: https://github.com/libpwquality/libpwquality/
Source0: https://github.com/libpwquality/libpwquality/releases/download/libpwquality-%{version}/libpwquality-%{version}.tar.bz2
#patch from Fedora
Patch6000: 0006-pam_pwquality-Abort-the-retry-loop-when-user-cancels.patch
#patch from Fedora
Patch6001: 0001-Fix-harmless-one-byte-buffer-underflow-on-read.patch
Patch9000: modify-pwquality_conf.patch
Patch9001: fix-password-similarity.patch
Patch0: modify-pwquality_conf.patch
Patch1: fix-password-similarity.patch
Patch2: fix-doc-about-difok.patch
Patch3: backport-Make-maxclassrepeat-1-behavior-consistent-with-docs.patch
BuildRequires: gcc cracklib-devel gettext pam-devel
BuildRequires: python2-devel python3-devel
@ -126,8 +123,33 @@ mkdir %{buildroot}%{_secconfdir}/pwquality.conf.d
%{_mandir}/man5/*
%{_mandir}/man3/*
%{_mandir}/man8/*
%changelog
* Tue Aug 21 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.4.0-12
* Tue Jul 2 2024 yixiangzhike <yixiangzhike007@163.com> - 1.4.2-4
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:backport upstream patch to fix maxclassrepeat=1
* Tue Aug 23 2022 yixiangzhike <yixiangzhike007@163.com> - 1.4.2-3
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:change the files order in patch file fix-doc-about-difok.patch
* Wed Aug 10 2022 yixiangzhike <yixiangzhike007@163.com> - 1.4.2-2
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix doc about difok
* Tue Aug 25 2020 Liquor <lirui130@huawei.com> - 1.4.2-1
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:update to 1.4.2
* Fri Aug 21 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.4.0-12
- Type:rebuild
- ID:NA
- SUG:NA