Hello community,
here is the log from the commit of package yast2-security for openSUSE:Factory
checked in at Fri Jul 29 16:54:15 CEST 2011.
--------
--- yast2-security/yast2-security.changes 2011-04-05 11:05:48.000000000 +0200
+++ /mounts/work_src_done/STABLE/yast2-security/yast2-security.changes 2011-07-20 11:05:17.000000000 +0200
@@ -1,0 +2,6 @@
+Wed Jul 20 11:04:03 CEST 2011 - jsuchome@suse.cz
+
+- remove blowfish hash from selections (fate#312321)
+- 2.21.1
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
yast2-security-2.21.0.tar.bz2
New:
----
yast2-security-2.21.1.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ yast2-security.spec ++++++
--- /var/tmp/diff_new_pack.uDhEis/_old 2011-07-29 16:54:01.000000000 +0200
+++ /var/tmp/diff_new_pack.uDhEis/_new 2011-07-29 16:54:01.000000000 +0200
@@ -19,16 +19,16 @@
Name: yast2-security
-Version: 2.21.0
+Version: 2.21.1
Release: 1
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Source0: yast2-security-2.21.0.tar.bz2
+Source0: yast2-security-2.21.1.tar.bz2
Prefix: /usr
Group: System/YaST
-License: GPLv2+
+License: GPL v2 or later
BuildRequires: doxygen perl-XML-Writer pkg-config update-desktop-files yast2-devtools yast2-pam yast2-testsuite
# new Pam.ycp API
@@ -50,7 +50,7 @@
The YaST2 component for security settings configuration.
%prep
-%setup -n yast2-security-2.21.0
+%setup -n yast2-security-2.21.1
%build
%{prefix}/bin/y2tool y2autoconf
++++++ yast2-security-2.21.0.tar.bz2 -> yast2-security-2.21.1.tar.bz2 ++++++
++++ 5460 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/VERSION new/yast2-security-2.21.1/VERSION
--- old/yast2-security-2.21.0/VERSION 2011-04-05 11:03:54.000000000 +0200
+++ new/yast2-security-2.21.1/VERSION 2011-07-20 11:04:33.000000000 +0200
@@ -1 +1 @@
-2.21.0
+2.21.1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/configure.in new/yast2-security-2.21.1/configure.in
--- old/yast2-security-2.21.0/configure.in 2010-02-05 11:46:30.000000000 +0100
+++ new/yast2-security-2.21.1/configure.in 2011-06-23 15:51:43.000000000 +0200
@@ -3,7 +3,7 @@
dnl -- This file is generated by y2autoconf 2.18.11 - DO NOT EDIT! --
dnl (edit configure.in.in instead)
-AC_INIT(yast2-security, 2.19.1, http://bugs.opensuse.org/, yast2-security)
+AC_INIT(yast2-security, 2.21.0, http://bugs.opensuse.org/, yast2-security)
dnl Check for presence of file 'RPMNAME'
AC_CONFIG_SRCDIR([RPMNAME])
@@ -18,7 +18,7 @@
AM_INIT_AUTOMAKE(tar-ustar -Wno-portability)
dnl Important YaST2 variables
-VERSION="2.19.1"
+VERSION="2.21.0"
RPMNAME="yast2-security"
MAINTAINER="Jiri Suchomel "
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/src/Security.ycp new/yast2-security-2.21.1/src/Security.ycp
--- old/yast2-security-2.21.0/src/Security.ycp 2011-04-04 08:32:22.000000000 +0200
+++ new/yast2-security-2.21.1/src/Security.ycp 2011-07-20 11:02:31.000000000 +0200
@@ -4,7 +4,7 @@
* Summary: Data for the security configuration
* Authors: Michal Svec
*
- * $Id: Security.ycp 62809 2010-11-10 16:07:59Z jsuchome $
+ * $Id: Security.ycp 63710 2011-04-05 09:05:11Z jsuchome $
*/
{
@@ -122,7 +122,7 @@
"GID_MIN" : "1000",
"DISPLAYMANAGER_SHUTDOWN" : "all",
"LASTLOG_ENAB" : "yes",
- "PASSWD_ENCRYPTION" : "blowfish",
+ "PASSWD_ENCRYPTION" : "sha512",
"GROUP_ENCRYPTION" : "md5",
"PASSWD_USE_CRACKLIB" : "yes",
"PASS_MAX_DAYS" : "99999",
@@ -241,21 +241,11 @@
global map PasswordMaxLengths = $[
"des" : 8,
"md5" : 127,
- "blowfish" : 72,
"sha256" : 127,
"sha512" : 127
];
/**
- * List of supported password encryption ciphers
- */
-list<string> Ciphers = [
- // "des",
- "md5",
- "blowfish",
-];
-
-/**
* Abort function
* return boolean return true if abort
*/
@@ -330,6 +320,7 @@
global define boolean Read() {
Settings = $[];
+ modified = false;
/* Read security settings */
@@ -381,12 +372,19 @@
// read the password hash settings
string method = PamSettings::GetDefaultValue ("CRYPT_FILES");
+ // change old default to new default automatically
+ if (method == "blowfish")
+ {
+ y2milestone ("found 'blowfish', changing to new default 'sha512'");
+ method = "sha512";
+ modified = true;
+ }
if (method == nil || method == "" ||
- !contains (["des","md5","blowfish","sha256","sha512"],method))
+ !contains (["des","md5","sha256","sha512"],method))
{
method = PamSettings::GetHashMethod ();
}
- if (method == "" || !contains (["des","md5","blowfish","sha256","sha512"],method))
+ if (method == "" || !contains (["des","md5","sha256","sha512"],method))
method = "des";
Settings["PASSWD_ENCRYPTION"] = method;
Settings["GROUP_ENCRYPTION"] = PamSettings::GetGroupHashMethod ();
@@ -429,8 +427,6 @@
Settings["PERMISSION_SECURITY"] = perm;
y2debug("Settings=%1", Settings);
- modified = false;
-
// remeber the read values
Settings_bak = Settings;
return true;
@@ -530,7 +526,7 @@
Progress::NextStage();
/* pam stuff */
- string encr = Settings["PASSWD_ENCRYPTION"]:"blowfish";
+ string encr = Settings["PASSWD_ENCRYPTION"]:"sha512";
PamSettings::SetDefaultValue ("CRYPT_FILES", encr);
// use cracklib?
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/src/helps.ycp new/yast2-security-2.21.1/src/helps.ycp
--- old/yast2-security-2.21.0/src/helps.ycp 2011-04-05 11:03:28.000000000 +0200
+++ new/yast2-security-2.21.1/src/helps.ycp 2011-07-19 15:52:39.000000000 +0200
@@ -126,7 +126,7 @@
_("<p><b>Password Encryption Method:</b></p>") +
/* Password dialog help 5b/8 */
-_("<p><b>des</b>, the Linux default method, works in all network environments,
+_("<p><b>DES</b>, the Linux default method, works in all network environments,
but it restricts you to passwords no longer than eight characters. If you need
compatibility with other systems, use this method.</p>") +
@@ -135,9 +135,8 @@
distributions, but not by other systems or old software.</p>") +
/* Password dialog help 5d/8 */
-_("<p><b>Blowfish</b> is similar to MD5, but uses a different algorithm
-to encrypt passwords. A lot of CPU power is needed to calculate the hash,
-which makes it difficult to crack passwords with the help of a dictionary.</p>")
+_("<p><b>SHA-512</b> is the current standard hash method, using other algorithms is not recommended unless needed for compatibility purpose.</p>")
+
+
/* Password dialog help 7/8 */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/src/levels.ycp new/yast2-security-2.21.1/src/levels.ycp
--- old/yast2-security-2.21.0/src/levels.ycp 2009-06-02 22:40:39.000000000 +0200
+++ new/yast2-security-2.21.1/src/levels.ycp 2011-07-19 15:26:37.000000000 +0200
@@ -66,7 +66,7 @@
"GID_MIN" : "1000",
"DISPLAYMANAGER_SHUTDOWN" : "all",
"LASTLOG_ENAB" : "yes",
- "PASSWD_ENCRYPTION" : "blowfish",
+ "PASSWD_ENCRYPTION" : "sha512",
"PASSWD_USE_CRACKLIB" : "yes",
"PASS_MAX_DAYS" : "99999",
"PASS_MIN_DAYS" : "0",
@@ -108,7 +108,7 @@
"GID_MIN" : "1000",
"DISPLAYMANAGER_SHUTDOWN" : "root",
"LASTLOG_ENAB" : "yes",
- "PASSWD_ENCRYPTION" : "blowfish",
+ "PASSWD_ENCRYPTION" : "sha512",
"PASSWD_USE_CRACKLIB" : "yes",
"PASS_MAX_DAYS" : "99999",
"PASS_MIN_DAYS" : "1",
@@ -150,7 +150,7 @@
"GID_MIN" : "1000",
"DISPLAYMANAGER_SHUTDOWN" : "root",
"LASTLOG_ENAB" : "yes",
- "PASSWD_ENCRYPTION" : "blowfish",
+ "PASSWD_ENCRYPTION" : "sha512",
"PASSWD_USE_CRACKLIB" : "yes",
"PASS_MAX_DAYS" : "99999",
"PASS_MIN_DAYS" : "1",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/src/security.ycp new/yast2-security-2.21.1/src/security.ycp
--- old/yast2-security-2.21.0/src/security.ycp 2011-04-01 16:32:49.000000000 +0200
+++ new/yast2-security-2.21.1/src/security.ycp 2011-07-19 15:26:54.000000000 +0200
@@ -4,7 +4,7 @@
* Summary: Main file
* Authors: Michal Svec
*
- * $Id: security.ycp 57402 2009-06-02 20:40:08Z jsuchome $
+ * $Id: security.ycp 63710 2011-04-05 09:05:11Z jsuchome $
*
* This is a main file of the module. There is in the file
* only some calls to the basic functions. The settings are
@@ -159,7 +159,7 @@
// command line help text for 'set passwd' option
"help" : _("Password encryption method"),
"type" : "enum",
- "typespec" : [ "des", "md5", "blowfish", "sha256", "sha512" ],
+ "typespec" : [ "des", "md5", "sha256", "sha512" ],
],
"crack" : $[
// command line help text for 'set crack' option
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/src/widgets.ycp new/yast2-security-2.21.1/src/widgets.ycp
--- old/yast2-security-2.21.0/src/widgets.ycp 2011-04-05 11:04:36.000000000 +0200
+++ new/yast2-security-2.21.1/src/widgets.ycp 2011-07-19 15:28:32.000000000 +0200
@@ -4,7 +4,7 @@
* Summary: Security widgets definitions
* Authors: Michal Svec
*
- * $Id: widgets.ycp 60705 2010-02-05 11:39:47Z jsuchome $
+ * $Id: widgets.ycp 63710 2011-04-05 09:05:11Z jsuchome $
*
* This file contains the definitions of all widgets used by the
* security module. They are all in one map (function) called
@@ -166,7 +166,7 @@
/* ComboBox label */
"Label" : _("P&assword Encryption Method"),
/* ComboBox values */
- "Options" : [["des","DES"],["md5","MD5"],["blowfish","Blowfish"], ["sha256", "SHA-256"], ["sha512", "SHA-512"]],
+ "Options" : [["des","DES"],["md5","MD5"],["sha256", "SHA-256"], ["sha512", "SHA-512"]],
"Value" : "des",
"Notify" : "yes",
],
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/testsuite/tests/Level1.out new/yast2-security-2.21.1/testsuite/tests/Level1.out
--- old/yast2-security-2.21.0/testsuite/tests/Level1.out 2010-08-06 11:07:09.000000000 +0200
+++ new/yast2-security-2.21.1/testsuite/tests/Level1.out 2011-07-20 10:55:29.000000000 +0200
@@ -78,7 +78,7 @@
Write .etc.inittab nil true
Execute .target.bash "/sbin/telinit q" 0
Read .etc.default.passwd."CRYPT_FILES" nil
-Write .etc.default.passwd."CRYPT_FILES" "blowfish" true
+Write .etc.default.passwd."CRYPT_FILES" "sha512" true
Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib" $[]
Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib-minlen" $[]
Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/testsuite/tests/Level2.out new/yast2-security-2.21.1/testsuite/tests/Level2.out
--- old/yast2-security-2.21.0/testsuite/tests/Level2.out 2010-08-06 11:07:17.000000000 +0200
+++ new/yast2-security-2.21.1/testsuite/tests/Level2.out 2011-07-20 10:55:42.000000000 +0200
@@ -78,7 +78,7 @@
Write .etc.inittab nil true
Execute .target.bash "/sbin/telinit q" 0
Read .etc.default.passwd."CRYPT_FILES" nil
-Write .etc.default.passwd."CRYPT_FILES" "blowfish" true
+Write .etc.default.passwd."CRYPT_FILES" "sha512" true
Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib" $[]
Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib-minlen" $[]
Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/testsuite/tests/Level3.out new/yast2-security-2.21.1/testsuite/tests/Level3.out
--- old/yast2-security-2.21.0/testsuite/tests/Level3.out 2010-08-06 11:07:28.000000000 +0200
+++ new/yast2-security-2.21.1/testsuite/tests/Level3.out 2011-07-20 10:55:35.000000000 +0200
@@ -78,7 +78,7 @@
Write .etc.inittab nil true
Execute .target.bash "/sbin/telinit q" 0
Read .etc.default.passwd."CRYPT_FILES" nil
-Write .etc.default.passwd."CRYPT_FILES" "blowfish" true
+Write .etc.default.passwd."CRYPT_FILES" "sha512" true
Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib" $[]
Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib" $[]
Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib-minlen=6" $[]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/testsuite/tests/Read.out new/yast2-security-2.21.1/testsuite/tests/Read.out
--- old/yast2-security-2.21.0/testsuite/tests/Read.out 2010-08-06 11:07:37.000000000 +0200
+++ new/yast2-security-2.21.1/testsuite/tests/Read.out 2011-07-20 10:59:24.000000000 +0200
@@ -56,3 +56,4 @@
Execute .target.bash_output "/usr/sbin/pam-config -q --cracklib" $[]
Execute .target.bash_output "/usr/sbin/pam-config -q --pwhistory" $[]
Return true
+Dump sha512
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/testsuite/tests/Read.ycp new/yast2-security-2.21.1/testsuite/tests/Read.ycp
--- old/yast2-security-2.21.0/testsuite/tests/Read.ycp 2009-06-02 22:40:39.000000000 +0200
+++ new/yast2-security-2.21.1/testsuite/tests/Read.ycp 2011-07-20 10:59:17.000000000 +0200
@@ -14,7 +14,7 @@
{
-include "testsuite.ycp";
+import "Testsuite";
import "Security";
map scr_info = $[
@@ -97,6 +97,8 @@
]
];
-TEST(``(Security::Read()),[scr_info,$[],E],nil);
+Testsuite::Test (``(Security::Read()),[scr_info,$[],E],nil);
+// read blowfish, changed to sha512
+Testsuite::Dump (Security::Settings["PASSWD_ENCRYPTION"]:nil);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/testsuite/tests/Write.out new/yast2-security-2.21.1/testsuite/tests/Write.out
--- old/yast2-security-2.21.0/testsuite/tests/Write.out 2010-08-06 11:07:43.000000000 +0200
+++ new/yast2-security-2.21.1/testsuite/tests/Write.out 2011-07-20 10:55:16.000000000 +0200
@@ -78,7 +78,7 @@
Write .etc.inittab nil true
Execute .target.bash "/sbin/telinit q" 0
Read .etc.default.passwd."CRYPT_FILES" nil
-Write .etc.default.passwd."CRYPT_FILES" "blowfish" true
+Write .etc.default.passwd."CRYPT_FILES" "sha512" true
Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib" $[]
Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib-minlen" $[]
Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[]
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org