Hello community, here is the log from the commit of package yast2-security for openSUSE:Factory checked in at Fri Jul 29 16:54:15 CEST 2011.
-------- --- yast2-security/yast2-security.changes 2011-04-05 11:05:48.000000000 +0200 +++ /mounts/work_src_done/STABLE/yast2-security/yast2-security.changes 2011-07-20 11:05:17.000000000 +0200 @@ -1,0 +2,6 @@ +Wed Jul 20 11:04:03 CEST 2011 - jsuch...@suse.cz + +- remove blowfish hash from selections (fate#312321) +- 2.21.1 + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- yast2-security-2.21.0.tar.bz2 New: ---- yast2-security-2.21.1.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-security.spec ++++++ --- /var/tmp/diff_new_pack.uDhEis/_old 2011-07-29 16:54:01.000000000 +0200 +++ /var/tmp/diff_new_pack.uDhEis/_new 2011-07-29 16:54:01.000000000 +0200 @@ -19,16 +19,16 @@ Name: yast2-security -Version: 2.21.0 +Version: 2.21.1 Release: 1 BuildRoot: %{_tmppath}/%{name}-%{version}-build -Source0: yast2-security-2.21.0.tar.bz2 +Source0: yast2-security-2.21.1.tar.bz2 Prefix: /usr Group: System/YaST -License: GPLv2+ +License: GPL v2 or later BuildRequires: doxygen perl-XML-Writer pkg-config update-desktop-files yast2-devtools yast2-pam yast2-testsuite # new Pam.ycp API @@ -50,7 +50,7 @@ The YaST2 component for security settings configuration. %prep -%setup -n yast2-security-2.21.0 +%setup -n yast2-security-2.21.1 %build %{prefix}/bin/y2tool y2autoconf ++++++ yast2-security-2.21.0.tar.bz2 -> yast2-security-2.21.1.tar.bz2 ++++++ ++++ 5460 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/VERSION new/yast2-security-2.21.1/VERSION --- old/yast2-security-2.21.0/VERSION 2011-04-05 11:03:54.000000000 +0200 +++ new/yast2-security-2.21.1/VERSION 2011-07-20 11:04:33.000000000 +0200 @@ -1 +1 @@ -2.21.0 +2.21.1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/configure.in new/yast2-security-2.21.1/configure.in --- old/yast2-security-2.21.0/configure.in 2010-02-05 11:46:30.000000000 +0100 +++ new/yast2-security-2.21.1/configure.in 2011-06-23 15:51:43.000000000 +0200 @@ -3,7 +3,7 @@ dnl -- This file is generated by y2autoconf 2.18.11 - DO NOT EDIT! -- dnl (edit configure.in.in instead) -AC_INIT(yast2-security, 2.19.1, http://bugs.opensuse.org/, yast2-security) +AC_INIT(yast2-security, 2.21.0, http://bugs.opensuse.org/, yast2-security) dnl Check for presence of file 'RPMNAME' AC_CONFIG_SRCDIR([RPMNAME]) @@ -18,7 +18,7 @@ AM_INIT_AUTOMAKE(tar-ustar -Wno-portability) dnl Important YaST2 variables -VERSION="2.19.1" +VERSION="2.21.0" RPMNAME="yast2-security" MAINTAINER="Jiri Suchomel <jsuch...@suse.cz>" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/src/Security.ycp new/yast2-security-2.21.1/src/Security.ycp --- old/yast2-security-2.21.0/src/Security.ycp 2011-04-04 08:32:22.000000000 +0200 +++ new/yast2-security-2.21.1/src/Security.ycp 2011-07-20 11:02:31.000000000 +0200 @@ -4,7 +4,7 @@ * Summary: Data for the security configuration * Authors: Michal Svec <ms...@suse.cz> * - * $Id: Security.ycp 62809 2010-11-10 16:07:59Z jsuchome $ + * $Id: Security.ycp 63710 2011-04-05 09:05:11Z jsuchome $ */ { @@ -122,7 +122,7 @@ "GID_MIN" : "1000", "DISPLAYMANAGER_SHUTDOWN" : "all", "LASTLOG_ENAB" : "yes", - "PASSWD_ENCRYPTION" : "blowfish", + "PASSWD_ENCRYPTION" : "sha512", "GROUP_ENCRYPTION" : "md5", "PASSWD_USE_CRACKLIB" : "yes", "PASS_MAX_DAYS" : "99999", @@ -241,21 +241,11 @@ global map PasswordMaxLengths = $[ "des" : 8, "md5" : 127, - "blowfish" : 72, "sha256" : 127, "sha512" : 127 ]; /** - * List of supported password encryption ciphers - */ -list<string> Ciphers = [ - // "des", - "md5", - "blowfish", -]; - -/** * Abort function * return boolean return true if abort */ @@ -330,6 +320,7 @@ global define boolean Read() { Settings = $[]; + modified = false; /* Read security settings */ @@ -381,12 +372,19 @@ // read the password hash settings string method = PamSettings::GetDefaultValue ("CRYPT_FILES"); + // change old default to new default automatically + if (method == "blowfish") + { + y2milestone ("found 'blowfish', changing to new default 'sha512'"); + method = "sha512"; + modified = true; + } if (method == nil || method == "" || - !contains (["des","md5","blowfish","sha256","sha512"],method)) + !contains (["des","md5","sha256","sha512"],method)) { method = PamSettings::GetHashMethod (); } - if (method == "" || !contains (["des","md5","blowfish","sha256","sha512"],method)) + if (method == "" || !contains (["des","md5","sha256","sha512"],method)) method = "des"; Settings["PASSWD_ENCRYPTION"] = method; Settings["GROUP_ENCRYPTION"] = PamSettings::GetGroupHashMethod (); @@ -429,8 +427,6 @@ Settings["PERMISSION_SECURITY"] = perm; y2debug("Settings=%1", Settings); - modified = false; - // remeber the read values Settings_bak = Settings; return true; @@ -530,7 +526,7 @@ Progress::NextStage(); /* pam stuff */ - string encr = Settings["PASSWD_ENCRYPTION"]:"blowfish"; + string encr = Settings["PASSWD_ENCRYPTION"]:"sha512"; PamSettings::SetDefaultValue ("CRYPT_FILES", encr); // use cracklib? diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/src/helps.ycp new/yast2-security-2.21.1/src/helps.ycp --- old/yast2-security-2.21.0/src/helps.ycp 2011-04-05 11:03:28.000000000 +0200 +++ new/yast2-security-2.21.1/src/helps.ycp 2011-07-19 15:52:39.000000000 +0200 @@ -126,7 +126,7 @@ _("<p><b>Password Encryption Method:</b></p>") + /* Password dialog help 5b/8 */ -_("<p><b>des</b>, the Linux default method, works in all network environments, +_("<p><b>DES</b>, the Linux default method, works in all network environments, but it restricts you to passwords no longer than eight characters. If you need compatibility with other systems, use this method.</p>") + @@ -135,9 +135,8 @@ distributions, but not by other systems or old software.</p>") + /* Password dialog help 5d/8 */ -_("<p><b>Blowfish</b> is similar to MD5, but uses a different algorithm -to encrypt passwords. A lot of CPU power is needed to calculate the hash, -which makes it difficult to crack passwords with the help of a dictionary.</p>") +_("<p><b>SHA-512</b> is the current standard hash method, using other algorithms is not recommended unless needed for compatibility purpose.</p>") + + /* Password dialog help 7/8 */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/src/levels.ycp new/yast2-security-2.21.1/src/levels.ycp --- old/yast2-security-2.21.0/src/levels.ycp 2009-06-02 22:40:39.000000000 +0200 +++ new/yast2-security-2.21.1/src/levels.ycp 2011-07-19 15:26:37.000000000 +0200 @@ -66,7 +66,7 @@ "GID_MIN" : "1000", "DISPLAYMANAGER_SHUTDOWN" : "all", "LASTLOG_ENAB" : "yes", - "PASSWD_ENCRYPTION" : "blowfish", + "PASSWD_ENCRYPTION" : "sha512", "PASSWD_USE_CRACKLIB" : "yes", "PASS_MAX_DAYS" : "99999", "PASS_MIN_DAYS" : "0", @@ -108,7 +108,7 @@ "GID_MIN" : "1000", "DISPLAYMANAGER_SHUTDOWN" : "root", "LASTLOG_ENAB" : "yes", - "PASSWD_ENCRYPTION" : "blowfish", + "PASSWD_ENCRYPTION" : "sha512", "PASSWD_USE_CRACKLIB" : "yes", "PASS_MAX_DAYS" : "99999", "PASS_MIN_DAYS" : "1", @@ -150,7 +150,7 @@ "GID_MIN" : "1000", "DISPLAYMANAGER_SHUTDOWN" : "root", "LASTLOG_ENAB" : "yes", - "PASSWD_ENCRYPTION" : "blowfish", + "PASSWD_ENCRYPTION" : "sha512", "PASSWD_USE_CRACKLIB" : "yes", "PASS_MAX_DAYS" : "99999", "PASS_MIN_DAYS" : "1", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/src/security.ycp new/yast2-security-2.21.1/src/security.ycp --- old/yast2-security-2.21.0/src/security.ycp 2011-04-01 16:32:49.000000000 +0200 +++ new/yast2-security-2.21.1/src/security.ycp 2011-07-19 15:26:54.000000000 +0200 @@ -4,7 +4,7 @@ * Summary: Main file * Authors: Michal Svec <ms...@suse.cz> * - * $Id: security.ycp 57402 2009-06-02 20:40:08Z jsuchome $ + * $Id: security.ycp 63710 2011-04-05 09:05:11Z jsuchome $ * * This is a main file of the module. There is in the file * only some calls to the basic functions. The settings are @@ -159,7 +159,7 @@ // command line help text for 'set passwd' option "help" : _("Password encryption method"), "type" : "enum", - "typespec" : [ "des", "md5", "blowfish", "sha256", "sha512" ], + "typespec" : [ "des", "md5", "sha256", "sha512" ], ], "crack" : $[ // command line help text for 'set crack' option diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/src/widgets.ycp new/yast2-security-2.21.1/src/widgets.ycp --- old/yast2-security-2.21.0/src/widgets.ycp 2011-04-05 11:04:36.000000000 +0200 +++ new/yast2-security-2.21.1/src/widgets.ycp 2011-07-19 15:28:32.000000000 +0200 @@ -4,7 +4,7 @@ * Summary: Security widgets definitions * Authors: Michal Svec <ms...@suse.cz> * - * $Id: widgets.ycp 60705 2010-02-05 11:39:47Z jsuchome $ + * $Id: widgets.ycp 63710 2011-04-05 09:05:11Z jsuchome $ * * This file contains the definitions of all widgets used by the * security module. They are all in one map (function) called @@ -166,7 +166,7 @@ /* ComboBox label */ "Label" : _("P&assword Encryption Method"), /* ComboBox values */ - "Options" : [["des","DES"],["md5","MD5"],["blowfish","Blowfish"], ["sha256", "SHA-256"], ["sha512", "SHA-512"]], + "Options" : [["des","DES"],["md5","MD5"],["sha256", "SHA-256"], ["sha512", "SHA-512"]], "Value" : "des", "Notify" : "yes", ], diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/testsuite/tests/Level1.out new/yast2-security-2.21.1/testsuite/tests/Level1.out --- old/yast2-security-2.21.0/testsuite/tests/Level1.out 2010-08-06 11:07:09.000000000 +0200 +++ new/yast2-security-2.21.1/testsuite/tests/Level1.out 2011-07-20 10:55:29.000000000 +0200 @@ -78,7 +78,7 @@ Write .etc.inittab nil true Execute .target.bash "/sbin/telinit q" 0 Read .etc.default.passwd."CRYPT_FILES" nil -Write .etc.default.passwd."CRYPT_FILES" "blowfish" true +Write .etc.default.passwd."CRYPT_FILES" "sha512" true Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib-minlen" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/testsuite/tests/Level2.out new/yast2-security-2.21.1/testsuite/tests/Level2.out --- old/yast2-security-2.21.0/testsuite/tests/Level2.out 2010-08-06 11:07:17.000000000 +0200 +++ new/yast2-security-2.21.1/testsuite/tests/Level2.out 2011-07-20 10:55:42.000000000 +0200 @@ -78,7 +78,7 @@ Write .etc.inittab nil true Execute .target.bash "/sbin/telinit q" 0 Read .etc.default.passwd."CRYPT_FILES" nil -Write .etc.default.passwd."CRYPT_FILES" "blowfish" true +Write .etc.default.passwd."CRYPT_FILES" "sha512" true Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib-minlen" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/testsuite/tests/Level3.out new/yast2-security-2.21.1/testsuite/tests/Level3.out --- old/yast2-security-2.21.0/testsuite/tests/Level3.out 2010-08-06 11:07:28.000000000 +0200 +++ new/yast2-security-2.21.1/testsuite/tests/Level3.out 2011-07-20 10:55:35.000000000 +0200 @@ -78,7 +78,7 @@ Write .etc.inittab nil true Execute .target.bash "/sbin/telinit q" 0 Read .etc.default.passwd."CRYPT_FILES" nil -Write .etc.default.passwd."CRYPT_FILES" "blowfish" true +Write .etc.default.passwd."CRYPT_FILES" "sha512" true Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib" $[] Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib" $[] Execute .target.bash_output "/usr/sbin/pam-config -a --cracklib-minlen=6" $[] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/testsuite/tests/Read.out new/yast2-security-2.21.1/testsuite/tests/Read.out --- old/yast2-security-2.21.0/testsuite/tests/Read.out 2010-08-06 11:07:37.000000000 +0200 +++ new/yast2-security-2.21.1/testsuite/tests/Read.out 2011-07-20 10:59:24.000000000 +0200 @@ -56,3 +56,4 @@ Execute .target.bash_output "/usr/sbin/pam-config -q --cracklib" $[] Execute .target.bash_output "/usr/sbin/pam-config -q --pwhistory" $[] Return true +Dump sha512 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/testsuite/tests/Read.ycp new/yast2-security-2.21.1/testsuite/tests/Read.ycp --- old/yast2-security-2.21.0/testsuite/tests/Read.ycp 2009-06-02 22:40:39.000000000 +0200 +++ new/yast2-security-2.21.1/testsuite/tests/Read.ycp 2011-07-20 10:59:17.000000000 +0200 @@ -14,7 +14,7 @@ { -include "testsuite.ycp"; +import "Testsuite"; import "Security"; map scr_info = $[ @@ -97,6 +97,8 @@ ] ]; -TEST(``(Security::Read()),[scr_info,$[],E],nil); +Testsuite::Test (``(Security::Read()),[scr_info,$[],E],nil); +// read blowfish, changed to sha512 +Testsuite::Dump (Security::Settings["PASSWD_ENCRYPTION"]:nil); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/yast2-security-2.21.0/testsuite/tests/Write.out new/yast2-security-2.21.1/testsuite/tests/Write.out --- old/yast2-security-2.21.0/testsuite/tests/Write.out 2010-08-06 11:07:43.000000000 +0200 +++ new/yast2-security-2.21.1/testsuite/tests/Write.out 2011-07-20 10:55:16.000000000 +0200 @@ -78,7 +78,7 @@ Write .etc.inittab nil true Execute .target.bash "/sbin/telinit q" 0 Read .etc.default.passwd."CRYPT_FILES" nil -Write .etc.default.passwd."CRYPT_FILES" "blowfish" true +Write .etc.default.passwd."CRYPT_FILES" "sha512" true Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --cracklib-minlen" $[] Execute .target.bash_output "/usr/sbin/pam-config -d --pwhistory-remember" $[] ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org