From f27ce05a5859a6cea24eb290e27ed904a67fe2e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Mon, 13 May 2019 13:38:04 +0200 Subject: [PATCH] shadow: change default encryption method from DES to SHA512 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Busybox in default uses SHA512 as well. On big ditribution this default is sourced from PAM. That means that shadow reads pam settings and uses that. OpenWrt in most cases does not have PAM installed and in such case shadow fallbacks to its own default which is DES. This just changes that default to SHA512 which is consistent with rest of the system. Signed-off-by: Karel Kočí --- utils/shadow/Makefile | 2 +- .../patches/005-set-encrypt-method-sha512.patch | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 utils/shadow/patches/005-set-encrypt-method-sha512.patch diff --git a/utils/shadow/Makefile b/utils/shadow/Makefile index dddeffb59..6795fbc2b 100644 --- a/utils/shadow/Makefile +++ b/utils/shadow/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=shadow PKG_VERSION:=4.6 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://github.com/shadow-maint/shadow/releases/download/$(PKG_VERSION) diff --git a/utils/shadow/patches/005-set-encrypt-method-sha512.patch b/utils/shadow/patches/005-set-encrypt-method-sha512.patch new file mode 100644 index 000000000..46bcd3fe1 --- /dev/null +++ b/utils/shadow/patches/005-set-encrypt-method-sha512.patch @@ -0,0 +1,11 @@ +--- a/etc/login.defs ++++ b/etc/login.defs +@@ -317,7 +317,7 @@ CHFN_RESTRICT rwh + # Note: If you use PAM, it is recommended to use a value consistent with + # the PAM modules configuration. + # +-#ENCRYPT_METHOD DES ++ENCRYPT_METHOD SHA512 + + # + # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.