Make maxclassrepeat=1 behavior consistent with docs

(cherry picked from commit b48e3474812293f04ba6a6b78b177aae0ec0c7f0)
2024-07-02 14:53:22 +08:00 · 2024-07-02 14:53:22 +08:00 · 31fb1fc22b
commit 31fb1fc22b
parent 659e1cac75
2 changed files with 36 additions and 1 deletions
--- a/backport-Make-maxclassrepeat-1-behavior-consistent-with-docs.patch
+++ b/backport-Make-maxclassrepeat-1-behavior-consistent-with-docs.patch
@ -0,0 +1,28 @@
+From 2f6cd189bde18f5e73ed0a24c731681b085fc874 Mon Sep 17 00:00:00 2001
+From: fdub <fdub@users.noreply.github.com>
+Date: Wed, 1 Nov 2023 15:29:32 +0100
+Subject: [PATCH] Make maxclassrepeat=1 behavior consistent with docs
+
+When setting maxclassrepeat=1, the rule would be inactive and allow passwords containing 2 consecutive characters from the same class. Only when setting maxclassrepeat>=2, the rule would behave as expected.
+
+This issue was already addressed in pam_cracklib many years ago: https://github.com/linux-pam/linux-pam/pull/9
+---
+ src/check.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/check.c b/src/check.c
+index d24bebc..79d4c9c 100644
+--- a/src/check.c
+++ b/src/check.c
+@@ -238,7 +238,7 @@ simple(pwquality_settings_t *pwq, const char *new, void **auxerror)
+                         } else
+                                 sameclass++;
+                 }
+-                if (pwq->max_class_repeat > 1 && sameclass > pwq->max_class_repeat) {
+                if (pwq->max_class_repeat > 0 && sameclass > pwq->max_class_repeat) {
+                         if (auxerror)
+                                 *auxerror = (void *)(long)pwq->max_class_repeat;
+                         return PWQ_ERROR_MAX_CLASS_REPEAT;
+-- 
+2.33.0
+
--- a/libpwquality.spec
+++ b/libpwquality.spec
@ -3,7 +3,7 @@

 Name: libpwquality
 Version: 1.4.5
-Release: 1
+Release: 2
 Summary: Library for password quality checking and generating random passwords.
 License: BSD or GPLv2+
 URL:     https://github.com/libpwquality/libpwquality/
@ -12,6 +12,7 @@ Source0: https://github.com/libpwquality/libpwquality/releases/download/libpwqua
 Patch0: modify-pwquality_conf.patch
 Patch1: fix-password-similarity.patch
 Patch2: fix-doc-about-difok.patch
+Patch3: backport-Make-maxclassrepeat-1-behavior-consistent-with-docs.patch

 BuildRequires: gcc cracklib-devel gettext pam-devel
 BuildRequires: python3-devel
@ -99,6 +100,12 @@ mkdir %{buildroot}%{_secconfdir}/pwquality.conf.d
 %{_mandir}/man8/*

 %changelog
+* Tue Jul 2 2024 yixiangzhike <yixiangzhike007@163.com> - 1.4.5-2
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:backport upstream patch to fix maxclassrepeat=1
+
 * Wed Dec 28 2022 yixiangzhike <yixiangzhike007@163.com> - 1.4.5-1
 - Type:enhancement
 - ID:NA