[yast-commit] r65369 - in /trunk/core: VERSION libycp/src/y2crypt.cc package/yast2-core.changes
Author: mvidner Date: Thu Aug 18 12:44:25 2011 New Revision: 65369 URL: http://svn.opensuse.org/viewcvs/yast?rev=65369&view=rev Log: change blowfish id from 2a to 2y (bnc#700876 bnc#706705 CVE-2011-2483) (thanks to Ludwig Nussel) Modified: trunk/core/VERSION trunk/core/libycp/src/y2crypt.cc trunk/core/package/yast2-core.changes Modified: trunk/core/VERSION URL: http://svn.opensuse.org/viewcvs/yast/trunk/core/VERSION?rev=65369&r1=65368&r2=65369&view=diff ============================================================================== --- trunk/core/VERSION (original) +++ trunk/core/VERSION Thu Aug 18 12:44:25 2011 @@ -1 +1 @@ -2.21.5 +2.21.6 Modified: trunk/core/libycp/src/y2crypt.cc URL: http://svn.opensuse.org/viewcvs/yast/trunk/core/libycp/src/y2crypt.cc?rev=65369&r1=65368&r2=65369&view=diff ============================================================================== --- trunk/core/libycp/src/y2crypt.cc (original) +++ trunk/core/libycp/src/y2crypt.cc Thu Aug 18 12:44:25 2011 @@ -141,7 +141,7 @@ break; case BLOWFISH: - salt = make_crypt_salt ("$2a$", 0); + salt = make_crypt_salt ("$2y$", 0); if (!salt) { y2error ("Cannot create salt for blowfish crypt"); @@ -178,7 +178,9 @@ return false; } - if (!newencrypted) + if (!newencrypted + /* catch retval magic by ow-crypt/libxcrypt */ + || !strcmp(newencrypted, "*0") || !strcmp(newencrypted, "*1")) { y2error ("crypt_r () returns 0 pointer"); return false; Modified: trunk/core/package/yast2-core.changes URL: http://svn.opensuse.org/viewcvs/yast/trunk/core/package/yast2-core.changes?rev=65369&r1=65368&r2=65369&view=diff ============================================================================== --- trunk/core/package/yast2-core.changes (original) +++ trunk/core/package/yast2-core.changes Thu Aug 18 12:44:25 2011 @@ -1,4 +1,11 @@ ------------------------------------------------------------------- +Thu Aug 18 12:40:23 CEST 2011 - mvidner@suse.cz + +- change blowfish id from 2a to 2y (bnc#700876 bnc#706705 CVE-2011-2483) + (thanks to Ludwig Nussel) +- 2.21.6 + +------------------------------------------------------------------- Fri Aug 5 13:16:34 CEST 2011 - mvidner@suse.cz - YCP Debugger added, by Stano Visnovsky. -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org
participants (1)
-
mvidner@svn2.opensuse.org