patches: packages: set default encryption method in shadow to SHA512

ee3bef9f · Karel Koci · 2e7d5ede · ee3bef9f
Verified Commit ee3bef9f authored 5 years ago by Karel Koci
--- a/patches/packages/to-upstream/0015-shadow-change-default-encryption-method-from-DES-to-.patch
+++ b/patches/packages/to-upstream/0015-shadow-change-default-encryption-method-from-DES-to-.patch
+From 0c9dfe8c77cd38ead1a7340ebdd23e8100056896 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <karel.koci@nic.cz>
+Date: Mon, 13 May 2019 13:38:04 +0200
+Subject: [PATCH] shadow: change default encryption method from DES to SHA512
+
+Busybox in default uses SHA512 as well.
+---
+ utils/shadow/Makefile                                 |  2 +-
+ .../patches/005-set-encrypt-method-sha512.patch       | 11 +++++++++++
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+ create mode 100644 utils/shadow/patches/005-set-encrypt-method-sha512.patch
+
+diff --git a/utils/shadow/Makefile b/utils/shadow/Makefile
+index 8e9e311..51c029f 100644
+--- a/utils/shadow/Makefile
+++ b/utils/shadow/Makefile
+@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
+ 
+ PKG_NAME:=shadow
+ PKG_VERSION:=4.6
+-PKG_RELEASE:=1
+PKG_RELEASE:=2
+ 
+ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+ PKG_SOURCE_URL:=https://github.com/shadow-maint/shadow/releases/download/$(PKG_VERSION)
+diff --git a/utils/shadow/patches/005-set-encrypt-method-sha512.patch b/utils/shadow/patches/005-set-encrypt-method-sha512.patch
+new file mode 100644
+index 0000000..46bcd3f
+--- /dev/null
+++ b/utils/shadow/patches/005-set-encrypt-method-sha512.patch
+@@ -0,0 +1,11 @@
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -317,7 +317,7 @@ CHFN_RESTRICT		rwh
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+-#ENCRYPT_METHOD DES
++ENCRYPT_METHOD SHA512
+ 
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.
+-- 
+2.21.0
+