import shadow-utils-4.9-10.el9_5

2 months ago · ec8f29d80e
parent f651e75257
commit ec8f29d80e
3 changed files with 23 additions and 2 deletions
--- a/SOURCES/shadow-4.9-disable-sssd.patch
+++ b/SOURCES/shadow-4.9-disable-sssd.patch
@ -0,0 +1,12 @@
+diff -up shadow-4.9/lib/sssd.c.disable-sssd shadow-4.9/lib/sssd.c
+--- shadow-4.9/lib/sssd.c.disable-sssd	2024-09-13 10:28:17.144473113 +0200
+++ shadow-4.9/lib/sssd.c	2024-09-13 10:29:07.135621104 +0200
+@@ -16,7 +16,7 @@
+ int sssd_flush_cache (int dbflags)
+ {
+ 	int status, code, rv;
+-	const char *cmd = "/usr/sbin/sss_cache";
+	const char   *cmd = "/usr/sbin/sss_cache_shadow_utils";
+ 	char *sss_cache_args = NULL;
+ 	const char *spawnedArgs[] = {"sss_cache", NULL, NULL};
+ 	const char *spawnedEnv[] = {NULL};
--- a/SOURCES/shadow-utils.login.defs
+++ b/SOURCES/shadow-utils.login.defs
@ -214,7 +214,7 @@ ENCRYPT_METHOD SHA512
 # If not specified, the libc will choose the default number of rounds (5000).
 # The values must be within the 1000-999999999 range.
 #
-#SHA_CRYPT_MAX_ROUNDS 5000
+SHA_CRYPT_MAX_ROUNDS 100000

 # Currently SHA_CRYPT_MIN_ROUNDS is not supported

--- a/SPECS/shadow-utils.spec
+++ b/SPECS/shadow-utils.spec
@ -1,7 +1,7 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
 Version: 4.9
-Release: 8%{?dist}
+Release: 10%{?dist}
 Epoch: 2
 License: BSD and GPLv2+
 URL: https://github.com/shadow-maint/shadow
@ -80,6 +80,8 @@ Patch28: shadow-4.9-useradd-check-if-subid-range-exists.patch
 Patch29: shadow-4.9-skip-over-reserved-ids.patch
 # https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904
 Patch30: shadow-4.9-gpasswd-fix-password-leak.patch
+# Downstream only patch
+Patch31: shadow-4.9-disable-sssd.patch

 ### Dependencies ###
 Requires: audit-libs >= 1.6.5
@ -171,6 +173,7 @@ Development files for shadow-utils-subid.
 %patch28 -p1 -b .useradd-check-if-subid-range-exists
 %patch29 -p1 -b .skip-over-reserved-ids
 %patch30 -p1 -b .gpasswd-fix-password-leak
+%patch31 -p1 -b .disable-sssd

 iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
 cp -f doc/HOWTO.utf8 doc/HOWTO
@ -341,6 +344,12 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
 %{_libdir}/libsubid.so

 %changelog
+* Fri Sep 13 2024 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-10
+- Disable sssd integration by default. Resolves: RHEL-56352
+
+* Wed Jul  3 2024 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-9
+- login.defs: Update SHA_CRYPT_MAX_ROUNDS from 5000 to 100000. Resolves: RHEL-40195
+
 * Wed Jul 12 2023 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.9-8
 - gpasswd: fix password leak. Resolves: #2215948