CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2022/04/02 06:14:58
Modified files:
security/dropbear: Makefile
Added files:
security/dropbear/patches: patch-svr-authpasswd_c
Log message:
Dropbear's check for a locked account is "did crypt(userpassword,
oldhash) fail". If the existing hashed password entry from getpwnam_shadow
is blank (i.e. no password set) then crypt fails, so as-is the "is locked"
error is logged when the password is blank.
Swap the "locked password" and "blank password" checks, so that the
correct message is logged for a blank password.
