!34 [sync] PR-31: 【Mainline】Make maxclassrepeat=1 behavior consistent with docs

From: @openeuler-sync-bot 
Reviewed-by: @houmingyong 
Signed-off-by: @houmingyong

backport-Make-maxclassrepeat-1-behavior-consistent-with-docs.patch

@@ -0,0 +1,28 @@
+From 2f6cd189bde18f5e73ed0a24c731681b085fc874 Mon Sep 17 00:00:00 2001
+From: fdub <fdub@users.noreply.github.com>
+Date: Wed, 1 Nov 2023 15:29:32 +0100
+Subject: [PATCH] Make maxclassrepeat=1 behavior consistent with docs
+
+When setting maxclassrepeat=1, the rule would be inactive and allow passwords containing 2 consecutive characters from the same class. Only when setting maxclassrepeat>=2, the rule would behave as expected.
+
+This issue was already addressed in pam_cracklib many years ago: https://github.com/linux-pam/linux-pam/pull/9
+---
+ src/check.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/check.c b/src/check.c
+index d24bebc..79d4c9c 100644
+--- a/src/check.c
++++ b/src/check.c
+@@ -238,7 +238,7 @@ simple(pwquality_settings_t *pwq, const char *new, void **auxerror)
+                         } else
+                                 sameclass++;
+                 }
+-                if (pwq->max_class_repeat > 1 && sameclass > pwq->max_class_repeat) {
++                if (pwq->max_class_repeat > 0 && sameclass > pwq->max_class_repeat) {
+                         if (auxerror)
+                                 *auxerror = (void *)(long)pwq->max_class_repeat;
+                         return PWQ_ERROR_MAX_CLASS_REPEAT;
+-- 
+2.33.0
+

fix-doc-about-difok.patch

@@ -0,0 +1,81 @@
+From 950ef20f494efad610dcd150db8c8b004c2b1c0d Mon Sep 17 00:00:00 2001
+From: yixiangzhike <yixiangzhike007@163.com>
+Date: Wed, 10 Aug 2022 15:34:03 +0800
+Subject: [PATCH] fix doc about difok
+
+---
+ doc/man/pam_pwquality.8.pod  | 2 +-
+ doc/man/pam_pwquality.8      | 2 +-
+ doc/man/pwquality.conf.5.pod | 2 +-
+ doc/man/pwquality.conf.5     | 2 +-
+ src/pwquality.conf           | 2 +-
+ 5 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/doc/man/pam_pwquality.8.pod b/doc/man/pam_pwquality.8.pod
+index 7a74b48..4734a24 100644
+--- a/doc/man/pam_pwquality.8.pod
++++ b/doc/man/pam_pwquality.8.pod
+@@ -102,7 +102,7 @@ I<1>.
+ 
+ =item B<difok=>I<N>
+ 
+-This argument will change the default of I<1> for the number of changes in
++This argument will change the default of I<5> for the number of changes in
+ the new password from the old password.
+ 
+ The special value of I<0> disables all checks of similarity of the new password
+diff --git a/doc/man/pam_pwquality.8 b/doc/man/pam_pwquality.8
+index 030223d..670d562 100644
+--- a/doc/man/pam_pwquality.8
++++ b/doc/man/pam_pwquality.8
+@@ -156,7 +156,7 @@ Prompt user at most \fIN\fR times before returning with error. The default is
+ \&\fI1\fR.
+ .IP "\fBdifok=\fR\fIN\fR" 4
+ .IX Item "difok=N"
+-This argument will change the default of \fI1\fR for the number of changes in
++This argument will change the default of \fI5\fR for the number of changes in
+ the new password from the old password.
+ .Sp
+ The special value of \fI0\fR disables all checks of similarity of the new password
+diff --git a/doc/man/pwquality.conf.5.pod b/doc/man/pwquality.conf.5.pod
+index ada22d0..c7c44cb 100644
+--- a/doc/man/pwquality.conf.5.pod
++++ b/doc/man/pwquality.conf.5.pod
+@@ -34,7 +34,7 @@ The possible options in the file are:
+ =item B<difok>
+ 
+ Number of characters in the new password that must not be present in the
+-old password. (default 1)
++old password. (default 5)
+ 
+ The special value of 0 disables all checks of similarity of the new password
+ with the old password except the new password being exactly the same as
+diff --git a/doc/man/pwquality.conf.5 b/doc/man/pwquality.conf.5
+index 1093aeb..7ed1992 100644
+--- a/doc/man/pwquality.conf.5
++++ b/doc/man/pwquality.conf.5
+@@ -103,7 +103,7 @@ The possible options in the file are:
+ .IP "\fBdifok\fR" 4
+ .IX Item "difok"
+ Number of characters in the new password that must not be present in the
+-old password. (default 1)
++old password. (default 5)
+ .Sp
+ The special value of 0 disables all checks of similarity of the new password
+ with the old password except the new password being exactly the same as
+diff --git a/src/pwquality.conf b/src/pwquality.conf
+index ace3d5f..cb3e99c 100644
+--- a/src/pwquality.conf
++++ b/src/pwquality.conf
+@@ -3,7 +3,7 @@
+ #
+ # Number of characters in the new password that must not be present in the
+ # old password.
+-# difok = 1
++# difok = 5
+ #
+ # Minimum acceptable size for the new password (plus one if
+ # credits are not disabled which is the default). (See pam_cracklib manual.)
+-- 
+2.27.0
+

libpwquality.spec

@@ -2,7 +2,7 @@
 %define _secconfdir %{_sysconfdir}/security
 
 Name: libpwquality
-Version: 1.4.4
+Version: 1.4.5
 Release: 2
 Summary: Library for password quality checking and generating random passwords.
 License: BSD or GPLv2+
@@ -11,6 +11,8 @@ Source0: https://github.com/libpwquality/libpwquality/releases/download/libpwqua
 
 Patch0: modify-pwquality_conf.patch
 Patch1: fix-password-similarity.patch
+Patch2: fix-doc-about-difok.patch
+Patch3: backport-Make-maxclassrepeat-1-behavior-consistent-with-docs.patch
 
 BuildRequires: gcc cracklib-devel gettext pam-devel
 BuildRequires: python3-devel
@@ -54,6 +56,11 @@ This package provides Python3 bindings for the libpwquality library.
 %make_build
 
 %install
+# python-setuptools >= v60.0.0 changes the SETUPTOOLS_USE_DISTUTILS default value to local,
+# it does't use Python's standard library distutils default.
+# As a result, failed to build libpwquality.
+# Now, set SETUPTOOLS_USE_DISTUTILS value to stdlib
+export SETUPTOOLS_USE_DISTUTILS=stdlib
 %make_install
 
 rm -f %{buildroot}%{_libdir}/*.la
@@ -93,6 +100,36 @@ mkdir %{buildroot}%{_secconfdir}/pwquality.conf.d
 %{_mandir}/man8/*
 
 %changelog
+* Tue Jul 2 2024 yixiangzhike <yixiangzhike007@163.com> - 1.4.5-2
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:backport upstream patch to fix maxclassrepeat=1
+
+* Wed Dec 28 2022 yixiangzhike <yixiangzhike007@163.com> - 1.4.5-1
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:update to 1.4.5
+
+* Tue Aug 23 2022 yixiangzhike <yixiangzhike007@163.com> - 1.4.4-5
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:change the files order in patch file fix-doc-about-difok.patch
+
+* Wed Aug 10 2022 yixiangzhike <yixiangzhike007@163.com> - 1.4.4-4
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix doc about difok
+
+* Tue Jul 26 2022 yixiangzhike <yixiangzhike007@163.com> - 1.4.4-3
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:fix the libpwquality build failure issue
+
 * Tue Apr 26 2022 zhangruifang2020 <zhangruifang1@h-partners.com> - 1.4.4-2
 - Type:bugfix
 - ID:NA