From 08a62b5fa3ab4570e3b6e810737b033133d94c75 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Mon, 12 Jul 2021 09:59:19 +0200
Subject: [PATCH] Enable bcrypt support, as libxcrypt supports it well
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Björn Esser <besser82@fedoraproject.org>
---
 shadow-utils.login.defs | 15 ++++++++++++++-
 shadow-utils.spec       |  6 +++++-
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/shadow-utils.login.defs b/shadow-utils.login.defs
index 67845ce..486203b 100644
--- a/shadow-utils.login.defs
+++ b/shadow-utils.login.defs
@@ -219,7 +219,20 @@ ENCRYPT_METHOD YESCRYPT
 
 # Currently SHA_CRYPT_MIN_ROUNDS is not supported
 
-# Currently BCRYPT_MIN_ROUNDS and BCRYPT_MAX_ROUNDS are not supported
+#
+# Only works if ENCRYPT_METHOD is set to BCRYPT.
+#
+# Define the number of BCRYPT rounds.
+# With a lot of rounds, it is more difficult to brute-force the password.
+# However, more CPU resources will be needed to authenticate users if
+# this value is increased.
+#
+# If not specified, 13 rounds will be attempted.
+# If only one of the MIN or MAX values is set, then this value will be used.
+# If MIN > MAX, the highest value will be used.
+#
+#BCRYPT_MIN_ROUNDS 13
+#BCRYPT_MAX_ROUNDS 31
 
 #
 # Only works if ENCRYPT_METHOD is set to YESCRYPT.
diff --git a/shadow-utils.spec b/shadow-utils.spec
index a78e1a3..75898fd 100644
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@@ -1,7 +1,7 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
 Version: 4.8.1
-Release: 16%{?dist}
+Release: 17%{?dist}
 Epoch: 2
 URL: https://github.com/shadow-maint/shadow
 Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
@@ -238,6 +238,7 @@ autoreconf
         --enable-man \
         --with-audit \
         --with-sha-crypt \
+        --with-bcrypt \
         --with-yescrypt \
         --with-selinux \
         --without-libcrack \
@@ -381,6 +382,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
 %{_libdir}/libsubid.so
 
 %changelog
+* Mon Jul 12 2021 Björn Esser <besser82@fedoraproject.org> - 2:4.8.1-17
+- Enable bcrypt support, as libxcrypt supports it well
+
 * Sun Jul 04 2021 Björn Esser <besser82@fedoraproject.org> - 2:4.8.1-16
 - Add a patch to obtain random bytes using getentropy()
 - Update shadow-4.8-crypt_h.patch with the upstreamed version