shadow: change default encryption method from DES to SHA512

Busybox in default uses SHA512 as well.

On big ditribution this default is sourced from PAM. That means that
shadow reads pam settings and uses that. OpenWrt in most cases does not
have PAM installed and in such case shadow fallbacks to its own default
which is DES. This just changes that default to SHA512 which is
consistent with rest of the system.

Signed-off-by: Karel Kočí <karel.koci@nic.cz>

diff --git a/utils/shadow/Makefile b/utils/shadow/Makefile
index dddeffb5944cb49e671856a45f5fdbb1d3bee91e..6795fbc2bb2d197766e65205531cb054cd8db87d 100644 (file)
--- a/utils/shadow/Makefile
+++ b/utils/shadow/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=shadow
 PKG_VERSION:=4.6
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://github.com/shadow-maint/shadow/releases/download/$(PKG_VERSION)

diff --git a/utils/shadow/patches/005-set-encrypt-method-sha512.patch b/utils/shadow/patches/005-set-encrypt-method-sha512.patch
new file mode 100644 (file)
index 0000000..46bcd3f
--- /dev/null
+++ b/utils/shadow/patches/005-set-encrypt-method-sha512.patch
@@ -0,0 +1,11 @@
+--- a/etc/login.defs
++++ b/etc/login.defs
+@@ -317,7 +317,7 @@ CHFN_RESTRICT              rwh
+ # Note: If you use PAM, it is recommended to use a value consistent with
+ # the PAM modules configuration.
+ #
+-#ENCRYPT_METHOD DES
++ENCRYPT_METHOD SHA512
+ 
+ #
+ # Only works if ENCRYPT_METHOD is set to SHA256 or SHA512.