"Fossies" - the Fresh Open Source Software Archive 
Member "passwdqc-2.0.3/passwdqc.spec" (23 Jun 2023, 18551 Bytes) of package /linux/privat/passwdqc-2.0.3.tar.gz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) RPM Spec source code syntax highlighting (style:
standard) with prefixed line numbers.
Alternatively you can here
view or
download the uninterpreted source code file.
See also the latest
Fossies "Diffs" side-by-side code changes report for "passwdqc.spec":
2.0.2_vs_2.0.3.
1 Summary: A password/passphrase strength checking and policy enforcement toolset.
2 Name: passwdqc
3 Version: 2.0.3
4 Release: owl1
5 License: BSD-compatible
6 Group: System Environment/Base
7 URL: https://www.openwall.com/passwdqc/
8 Source: https://www.openwall.com/passwdqc/%name-%version.tar.gz
9 Provides: pam_passwdqc = %version-%release
10 Obsoletes: pam_passwdqc < %version-%release
11 BuildRequires: pam-devel
12 BuildRoot: /override/%name-%version
13
14 %description
15 passwdqc is a password/passphrase strength checking and policy
16 enforcement toolset, including a PAM module (pam_passwdqc), command-line
17 programs (pwqcheck, pwqfilter, and pwqgen), and a library (libpasswdqc).
18
19 pam_passwdqc is normally invoked on password changes by programs such as
20 passwd(1). It is capable of checking password or passphrase strength,
21 enforcing a policy, and offering randomly-generated passphrases, with
22 all of these features being optional and easily (re-)configurable.
23
24 pwqcheck and pwqgen are standalone password/passphrase strength checking
25 and random passphrase generator programs, respectively, which are usable
26 from scripts.
27
28 The pwqfilter program searches, creates, or updates binary passphrase
29 filter files, which can also be used with pwqcheck and pam_passwdqc.
30
31 libpasswdqc is the underlying library, which may also be used from
32 third-party programs.
33
34 %package devel
35 Summary: Libraries and header files for building passwdqc-aware applications.
36 Group: Development/Libraries
37 Requires: %name = %version-%release
38
39 %description devel
40 This package contains development libraries and header files needed for
41 building passwdqc-aware applications.
42
43 %prep
44 %setup -q
45
46 %{expand:%%define optflags_lib %{?optflags_lib:%optflags_lib}%{!?optflags_lib:%optflags}}
47
48 %build
49 %__make \
50 CPPFLAGS='-DLINUX_PAM' \
51 CFLAGS_bin='-Wall -W %optflags' \
52 CFLAGS_lib='-Wall -W -fPIC %optflags_lib'
53
54 %install
55 rm -rf %buildroot
56 %__make install DESTDIR=%buildroot MANDIR=%_mandir \
57 SHARED_LIBDIR=/%_lib DEVEL_LIBDIR=%_libdir \
58 SECUREDIR=/%_lib/security
59
60 %post -p /sbin/ldconfig
61 %postun -p /sbin/ldconfig
62
63 %files
64 %defattr(-,root,root)
65 %doc CHANGES LICENSE README pwqcheck.php
66 %config(noreplace) /etc/passwdqc.conf
67 /%_lib/lib*.so*
68 %_bindir/*
69 /%_lib/security/pam_passwdqc.so
70 %_mandir/man[158]/*
71
72 %files devel
73 %defattr(-,root,root)
74 %_includedir/*.h
75 %_libdir/pkgconfig/passwdqc.pc
76 %_libdir/lib*.so
77 %_mandir/man3/*
78
79 %changelog
80 * Fri Jun 23 2023 Dmitry V. Levin <ldv-at-owl.openwall.com> 2.0.3-owl1
81 - wordset_4k: Move "enroll" to the multiple spellings list (by Solar Designer)
82 - Don't #include <endian.h> on macOS (by Solar Designer)
83 - pwqfilter: Allow --pre-hashed after --hash* (by Solar Designer)
84 - Add pkg-config file (by Egor Ignatov)
85 - Makefile: add Cygwin support (by Chad Dougherty)
86 - Remove non-existent symbols from the linker version script
87 to fix -Wl,--no-undefined-version (by Fangrui Song)
88 - pam_passwdqc: extend enforce=users to support chpasswd PAM service
89 in addition to traditionally supported passwd
90
91 * Sun Apr 04 2021 Solar Designer <solar-at-owl.openwall.com> 2.0.2-owl1
92 - Changes by Dmitry V. Levin:
93 - pam_passwdqc: enhance formatting of auto-generated policy descriptions
94 - Add libpasswdqc(3) manual page
95 - Add manual page links for all functions documented in libpasswdqc(3)
96 - Package section 3 manual pages into devel subpackage
97 - LICENSE: mention the license of CI scripts (which are not packaged)
98 - Update CHANGES
99
100 * Wed Mar 10 2021 Solar Designer <solar-at-owl.openwall.com> 2.0.1-owl1
101 - Changes by Dmitry V. Levin:
102 - pam_passwdqc: enhance auto-generated policy descriptions
103 - Makefile: use CPPFLAGS and LDFLAGS consistently
104 - Makefile: remove *.po dependence on passwdqc.pot
105 - Remove generated passwdqc.pot from the repository
106 - po/ru.po: regenerate using "make update_po"
107 - po/ru.po: translate new messages added in 1.9.0+
108 - wordset_4k: Move "whisky" to the multiple spellings list
109 - Increase maximum size of randomly-generated passphrases to 136 bits
110 - Add CHANGES based on two latest release announcements, start to maintain it
111
112 * Wed Feb 17 2021 Solar Designer <solar-at-owl.openwall.com> 2.0.0-owl2
113 - Update the package description to include pwqfilter.
114
115 * Tue Feb 16 2021 Solar Designer <solar-at-owl.openwall.com> 2.0.0-owl1
116 - Introduce and use passwdqc_params_free().
117
118 * Fri Jan 29 2021 Solar Designer <solar-at-owl.openwall.com> 1.9.0-owl1
119 - Add support for external wordlist, denylist, and binary filter.
120 - passwdqc_random(): Obtain all of the random bytes before the loop.
121 - Merge changes needed for building with Visual Studio on Windows.
122
123 * Mon Jan 25 2021 Solar Designer <solar-at-owl.openwall.com> 1.5.0-owl1
124 - Updated the included wordlist to avoid some inappropriate words in randomly
125 generated passphrases while not removing any words from the "word-based" check,
126 and also to have plenty of extra words for subsequent removal of more words
127 that might be considered inappropriate from the initial 4096 that are used for
128 randomly generated passphrases.
129
130 * Mon Jan 25 2021 Solar Designer <solar-at-owl.openwall.com> 1.4.1-owl1
131 - Set default for "max" to 72 (was 40).
132 - Document "similar" in pwqcheck print_help() and man page.
133 - Drop the CVS Id tags (stale ones would be confusing with our move to git).
134
135 * Wed Dec 25 2019 Dmitry V. Levin <ldv-at-owl.openwall.com> 1.4.0-owl1
136 - Implemented i18n support in pam_passwdqc, contributed by Oleg Solovyov,
137 Andrey Cherepanov, and me. The i18n support is off by default, it can be
138 enabled if Linux-PAM is built using --enable-nls configure option.
139 - Implemented audit support in pam_passwdqc, contributed by Oleg Solovyov
140 and me. The audit support is off by default, it can be enabled if Linux-PAM
141 is built using --enable-audit configure option.
142
143 * Mon Dec 09 2019 Solar Designer <solar-at-owl.openwall.com> 1.3.2-owl1
144 - Define _DEFAULT_SOURCE for our use of crypt(3) on newer glibc.
145 The problem was identified and this change tested by Dmitry V. Levin.
146 - Clarified in the man pages that /etc/passwdqc.conf is not read unless this
147 suggested file location is specified with the config= option.
148 - Clarified the OpenBSD configuration example.
149 - Escape the minus sign in the OpenBSD configuration example to make the
150 manpage linter happy, patch by Jackson Doak via Unit 193:
151 https://www.openwall.com/lists/passwdqc-users/2019/04/16/1
152
153 * Wed Jul 20 2016 Solar Designer <solar-at-owl.openwall.com> 1.3.1-owl1
154 - With "non-unix", initialize the pw_dir field in fake_pw now that (since
155 passwdqc 1.1.3 in 2009) passwdqc_check.c uses that field.
156 Bug reported by Jim Paris via Debian: https://bugs.debian.org/831356
157 - Use size_t for variables holding strlen() return values.
158 - Cap "max" at 10000 (in case a config set it higher; the default remains 40).
159 - Check against the shortest allowed password length prior to checking against
160 the old password (this affects reporting when the old password is empty).
161 - For zeroization of sensitive data, use a wrapper around memset() called via
162 a function pointer to reduce the likelihood of a compiler optimizing those
163 calls out and to allow for overriding of this function with an OS-specific
164 "secure" memory zeroization function.
165 - In pwqgen, set stdout to non-buffered, and zeroize and free our own buffer
166 holding the generated password.
167
168 * Wed Apr 24 2013 Solar Designer <solar-at-owl.openwall.com> 1.3.0-owl1
169 - When checking is_simple() after discounting a common character sequence,
170 apply the (negative) bias even for the passphrase length check. Previously,
171 we were not doing this because passphrases are normally built from words, and
172 the same code was being used for the check for dictionary words.
173 - Expanded the list of common character sequences. Along with the change
174 above, this reduces the number of passing passwords for RockYou top 100k from
175 35 to 18, and for RockYou top 1M from 2333 to 2273 (all of these are with
176 passwdqc's default policy).
177 - Moved the common character sequences check to be made after the dictionary
178 words check, to avoid introducing more cases of misreporting.
179 - Added pwqcheck.php, a PHP wrapper function around the pwqcheck program.
180
181 * Tue Apr 23 2013 Solar Designer <solar-at-owl.openwall.com> 1.2.4-owl1
182 - In randomly generated passphrases: toggle case of the first character of each
183 word only if we wouldn't achieve sufficient entropy otherwise, use a trailing
184 separator if we achieve sufficient entropy even with the final word omitted
185 (in fact, we now enable the use of different separators in more cases for this
186 reason), use dashes rather than spaces to separate words when different
187 separator characters are not in use.
188 - Expanded the allowed size of randomly-generated passphrases in bits (now it's
189 24 to 85 in the tools, and 24 to 136 in the passwdqc_random() interface).
190
191 * Wed Aug 15 2012 Solar Designer <solar-at-owl.openwall.com> 1.2.3-owl1
192 - Handle possible NULL returns from crypt().
193 - Declared all pre-initialized arrays and structs as const.
194 - Added Darwin (Mac OS X) support to the Makefile, loosely based on a patch by
195 Ronald Ip (thanks!)
196
197 * Tue Jun 22 2010 Solar Designer <solar-at-owl.openwall.com> 1.2.2-owl1
198 - Introduced the GNU'ish "uninstall" make target name (a synonym for "remove").
199 - Makefile updates to make the "install" and "uninstall" targets with their
200 default settings friendlier to Solaris systems.
201 - Added a link to a wiki page with detailed Solaris-specific instructions to
202 the PLATFORMS file.
203
204 * Sat Mar 27 2010 Solar Designer <solar-at-owl.openwall.com> 1.2.1-owl1
205 - When matching against the reversed new password, always pass the original
206 non-reversed new password (possibly with a substring removed) into is_simple(),
207 but remove or check the correct substring in is_based() considering that the
208 matching is possibly being done against the reversed password.
209
210 * Tue Mar 16 2010 Solar Designer <solar-at-owl.openwall.com> 1.2.0-owl1
211 - New command-line options for pwqcheck: -1 and -2 for reading just 1 and
212 just 2 lines from stdin, respectively (instead of reading 3 lines, which is
213 the default), --multi for checking multiple passphrases at once (until EOF).
214 - With randomly-generated passphrases, encode more entropy per separator
215 character (by increasing the number of different separators from 8 to 16) and
216 per word (by altering the case of the first letter of each word), which
217 increases the default generated passphrase size from 42 to 47 bits.
218 - Substring matching has been enhanced to partially discount rather than fully
219 remove weak substrings, support leetspeak, and detect some common sequences of
220 characters (sequential digits, letters in alphabetical order, adjacent keys on
221 a QWERTY keyboard).
222 - Detect and allow passphrases with non-ASCII characters in the words.
223 - A number of optimizations have been made resulting in significant speedup
224 of passwdqc_check() on real-world passwords.
225 - Don't require %%optflags_lib such that the package can be built with
226 "rpmbuild -tb" on the tarball on non-Owl.
227
228 * Fri Oct 30 2009 Dmitry V. Levin <ldv-at-owl.openwall.com> 1.1.4-owl1
229 - Added const qualifier to all arguments of passwdqc_check() and
230 passwdqc_random().
231 - Implemented pwqcheck's stdin check for too long lines.
232 - Applied markup corrections to passwdqc.conf(5) and pwqcheck(1) for better
233 portability (by Kevin Steves and Jason McIntyre, with minor changes made
234 by Solar Designer).
235 - Changed use of mdoc's .Os macro to be consistent with other Openwall
236 Project's software (by Solar Designer).
237
238 * Wed Oct 21 2009 Dmitry V. Levin <ldv-at-owl.openwall.com> 1.1.3-owl1
239 - Eliminated insufficiently portable EXIT_FAILURE and EXIT_SUCCESS macros.
240 - In passwdqc_load.c, replaced redundant snprintf(3) with plain sprintf(3).
241 - Added pw_dir checks to passwdqc_check(), similar to already existing
242 pw_gecos checks.
243 - Dropped undocumented support for multiple options per config file line.
244 - Switched to a heavily cut-down BSD license.
245 - Added ldconfig calls to %%post and %%postun scripts.
246
247 * Sat Oct 17 2009 Solar Designer <solar-at-owl.openwall.com> 1.1.2-owl1
248 - In pwqcheck.c, replaced the uses of strsep(), which were insufficiently
249 portable, with code based on strchr().
250 - Corrected the linker invocations for Solaris (tested on Solaris 10) and
251 likely for HP-UX (untested). We broke this between 1.0.5 and 1.1.0.
252 - Split the CFLAGS into two, separate for libraries (libpasswdqc, pam_passwdqc)
253 and binaries (the pwq* programs).
254 - In the Makefile, set umask 022 on mkdir's invoked by "make install".
255
256 * Thu Oct 15 2009 Dmitry V. Levin <ldv-at-owl.openwall.com> 1.1.1-owl1
257 - Relaxed license of pwqgen and pwqcheck manual pages.
258 - Ensure that pwqgen's exit status is zero only if generated passphrase
259 has been printed successfully.
260 - Changed pwqcheck to print "OK" line on success.
261 - Changed pwqcheck to print "Weak passphrase" diagnostics to stdout
262 instead of stderr.
263
264 * Sat Oct 10 2009 Solar Designer <solar-at-owl.openwall.com> 1.1.0-owl1
265 - Export passwdqc_params_load in libpasswdqc.
266 - Minor English grammar corrections to messages produced by pam_passwdqc.
267 - Minor documentation edits.
268 - Added/adjusted copyright statements and attributions to reflect Dmitry's
269 recent changes.
270
271 * Mon Sep 28 2009 Dmitry V. Levin <ldv-at-owl.openwall.com> unreleased
272 - Introduced libpasswdqc shared library.
273 - Implemented pwqgen and pwqcheck utilities.
274 - Implemented config= parameter support in libpasswdqc.
275 - Packaged /etc/passwdqc.conf file with default configuration.
276 - Added passwdqc.conf(5) manual page.
277
278 * Tue Feb 12 2008 Solar Designer <solar-at-owl.openwall.com> 1.0.5-owl1
279 - Replaced the separator characters with some of those defined by RFC 3986
280 as being safe within "userinfo" part of URLs without encoding.
281 - Reduced the default value for the N2 parameter to min=... (the minimum
282 length for passphrases) from 12 to 11.
283 - Corrected the potentially misleading description of N2 (Debian bug #310595).
284 - Applied minor grammar and style corrections to the documentation, a
285 pam_passwdqc message, and source code comments.
286
287 * Tue Apr 04 2006 Dmitry V. Levin <ldv-at-owl.openwall.com> 1.0.4-owl1
288 - Changed Makefile to pass list of libraries to linker after regular
289 object files, to fix build with -Wl,--as-needed.
290 - Corrected specfile to make it build on x86_64.
291
292 * Wed Aug 17 2005 Dmitry V. Levin <ldv-at-owl.openwall.com> 1.0.3-owl1
293 - Fixed potential memory leak in conversation wrapper.
294 - Restricted list of global symbols exported by the PAM module
295 to standard set of six pam_sm_* functions.
296
297 * Wed May 18 2005 Solar Designer <solar-at-owl.openwall.com> 1.0.2-owl1
298 - Fixed compiler warnings seen on FreeBSD 5.3.
299 - Updated the Makefile to not require editing on FreeBSD.
300 - Updated the FreeBSD-specific notes in PLATFORMS.
301
302 * Sun Mar 27 2005 Solar Designer <solar-at-owl.openwall.com> 1.0.1-owl1
303 - Further compiler warning fixes on LP64 platforms.
304
305 * Fri Mar 25 2005 Solar Designer <solar-at-owl.openwall.com> 1.0-owl1
306 - Corrected the source code to not break C strict aliasing rules.
307
308 * Wed Jan 26 2005 Solar Designer <solar-at-owl.openwall.com> 0.7.6-owl1
309 - Disallow unreasonable random= settings.
310 - Clarified the allowable bit sizes for randomly-generated passphrases and
311 the lack of relationship between passphrase= and random= options.
312
313 * Fri Oct 31 2003 Solar Designer <solar-at-owl.openwall.com> 0.7.5-owl1
314 - Assume invocation by root only if both the UID is 0 and the PAM service
315 name is "passwd"; this should solve changing expired passwords on Solaris
316 and HP-UX and make "enforce=users" safe.
317 - Produce proper English explanations for a wider variety of settings.
318 - Moved the "-c" out of CFLAGS, renamed FAKEROOT to DESTDIR.
319
320 * Sat Jun 21 2003 Solar Designer <solar-at-owl.openwall.com> 0.7.4-owl1
321 - Documented that "enforce=users" may not always work for services other
322 than the passwd command.
323 - Applied a patch to PLATFORMS from Mike Gerdts of GE Medical Systems
324 to reflect how Solaris 8 patch 108993-18 (or 108994-18 on x86) changes
325 Solaris 8's PAM implementation to look like Solaris 9.
326
327 * Mon Jun 02 2003 Solar Designer <solar-at-owl.openwall.com> 0.7.3.1-owl1
328 - Added URL.
329
330 * Thu Oct 31 2002 Solar Designer <solar-at-owl.openwall.com> 0.7.3-owl1
331 - When compiling with gcc, also link with gcc.
332 - Use $(MAKE) to invoke sub-makes.
333
334 * Fri Oct 04 2002 Solar Designer <solar-at-owl.openwall.com>
335 - Solaris 9 notes in PLATFORMS.
336
337 * Wed Sep 18 2002 Solar Designer <solar-at-owl.openwall.com>
338 - Build with Sun's C compiler cleanly, from Kevin Steves.
339 - Use install -c as that actually makes a difference on at least HP-UX
340 (otherwise install would possibly move files and not change the owner).
341
342 * Fri Sep 13 2002 Solar Designer <solar-at-owl.openwall.com>
343 - Have the same pam_passwdqc binary work for both trusted and non-trusted
344 HP-UX, from Kevin Steves.
345
346 * Fri Sep 06 2002 Solar Designer <solar-at-owl.openwall.com>
347 - Use bigcrypt() on HP-UX whenever necessary, from Kevin Steves of Atomic
348 Gears LLC.
349 - Moved the old password checking into a separate function.
350
351 * Wed Jul 31 2002 Solar Designer <solar-at-owl.openwall.com>
352 - Call it 0.6.
353
354 * Sat Jul 27 2002 Solar Designer <solar-at-owl.openwall.com>
355 - Documented that the man page is under the 3-clause BSD-style license.
356 - HP-UX 11 support.
357
358 * Tue Jul 23 2002 Solar Designer <solar-at-owl.openwall.com>
359 - Applied minor corrections to the man page and at the same time eliminated
360 unneeded/unimportant differences between it and the README.
361
362 * Sun Jul 21 2002 Solar Designer <solar-at-owl.openwall.com>
363 - 0.5.1: imported the pam_passwdqc(8) manual page back from FreeBSD.
364
365 * Tue Apr 16 2002 Solar Designer <solar-at-owl.openwall.com>
366 - 0.5: preliminary OpenPAM (FreeBSD-current) support in the code and related
367 code cleanups (thanks to Dag-Erling Smorgrav).
368
369 * Thu Feb 07 2002 Michail Litvak <mci-at-owl.openwall.com>
370 - Enforce our new spec file conventions.
371
372 * Sun Nov 04 2001 Solar Designer <solar-at-owl.openwall.com>
373 - Updated to 0.4:
374 - Added "ask_oldauthtok" and "check_oldauthtok" as needed for stacking with
375 the Solaris pam_unix;
376 - Permit for stacking of more than one instance of this module (no statics).
377
378 * Tue Feb 13 2001 Solar Designer <solar-at-owl.openwall.com>
379 - Install the module as mode 755.
380
381 * Tue Dec 19 2000 Solar Designer <solar-at-owl.openwall.com>
382 - Added "-Wall -fPIC" to the CFLAGS.
383
384 * Mon Oct 30 2000 Solar Designer <solar-at-owl.openwall.com>
385 - 0.3: portability fixes (this might build on non-Linux-PAM now).
386
387 * Fri Sep 22 2000 Solar Designer <solar-at-owl.openwall.com>
388 - 0.2: added "use_authtok", added README.
389
390 * Fri Aug 18 2000 Solar Designer <solar-at-owl.openwall.com>
391 - 0.1, "retry_wanted" bugfix.
392
393 * Sun Jul 02 2000 Solar Designer <solar-at-owl.openwall.com>
394 - Initial version (non-public).