Hello community,
here is the log from the commit of package libxcrypt for openSUSE:Factory
checked in at Wed Jul 27 09:55:52 CEST 2011.
--------
--- libxcrypt/libxcrypt.changes 2011-06-09 09:40:22.000000000 +0200
+++ /mounts/work_src_done/STABLE/libxcrypt/libxcrypt.changes 2011-07-20 11:54:58.000000000 +0200
@@ -1,0 +2,12 @@
+Tue Jul 19 08:36:18 UTC 2011 - lnussel@suse.de
+
+- update crypt_blowfish to version 1.2 (bnc#700876, CVE-2011-2483)
+ * due to the signedness bug fix 2a hashes are incompatible with
+ previous versions if the password contains 8bit chracters!
+
+-------------------------------------------------------------------
+Tue Jul 5 12:39:05 UTC 2011 - lnussel@suse.de
+
+- update bundled crypt_blowfish to 1.1
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
New:
----
crypt_blowfish-1.2.tar.gz
crypt_blowfish-1.2.tar.gz.sign
libxcrypt-3.0.4-blowfish-noasm.diff
libxcrypt-3.0.4-blowfish-xcrypt.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libxcrypt.spec ++++++
--- /var/tmp/diff_new_pack.2Q7pnJ/_old 2011-07-27 09:53:09.000000000 +0200
+++ /var/tmp/diff_new_pack.2Q7pnJ/_new 2011-07-27 09:53:09.000000000 +0200
@@ -27,11 +27,16 @@
Obsoletes: libxcrypt-64bit
%endif
Version: 3.0.4
-Release: 1
+Release: 5
Summary: Crypt Library for DES, MD5, Blowfish and others
Source: libxcrypt-%{version}.tar.bz2
-Source2: baselibs.conf
+Url: http://www.openwall.com/crypt/
+Source1: %{url}crypt_blowfish-1.2.tar.gz
+Source2: %{url}crypt_blowfish-1.2.tar.gz.sign
+Source20: baselibs.conf
Patch0: fix-werror.patch
+Patch1: libxcrypt-3.0.4-blowfish-noasm.diff
+Patch2: libxcrypt-3.0.4-blowfish-xcrypt.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -63,10 +68,16 @@
%prep
-%setup -q
+%setup -q -a1
+cp crypt_blowfish-*/*.{c,h} plugins/blowfish
+mv plugins/blowfish/wrapper.c plugins/blowfish/blowfish-test.c
%patch0 -p1
+%patch1 -p1
+%patch2 -p1
%build
+rm -f libtool
+autoreconf -f -i
./configure CFLAGS="$RPM_OPT_FLAGS -Wno-cast-align" \
--prefix=%{_prefix} \
--libdir=/%{_lib} --disable-static
++++++ libxcrypt-3.0.4-blowfish-noasm.diff ++++++
Index: libxcrypt-3.0.4/plugins/blowfish/crypt_blowfish.c
===================================================================
--- libxcrypt-3.0.4.orig/plugins/blowfish/crypt_blowfish.c
+++ libxcrypt-3.0.4/plugins/blowfish/crypt_blowfish.c
@@ -42,7 +42,7 @@
#include "crypt_blowfish.h"
#ifdef __i386__
-#define BF_ASM 1
+#define BF_ASM 0
#define BF_SCALE 1
#elif defined(__x86_64__) || defined(__alpha__) || defined(__hppa__)
#define BF_ASM 0
++++++ libxcrypt-3.0.4-blowfish-xcrypt.diff ++++++
Index: libxcrypt-3.0.4/plugins/blowfish/crypt_blowfish.c
===================================================================
--- libxcrypt-3.0.4.orig/plugins/blowfish/crypt_blowfish.c
+++ libxcrypt-3.0.4/plugins/blowfish/crypt_blowfish.c
@@ -32,6 +32,7 @@
*/
#include
+#include
#include
#ifndef __set_errno
@@ -52,6 +53,9 @@
#define BF_SCALE 0
#endif
+#include "xcrypt-plugin.h"
+#define _crypt_blowfish_rn __crypt_r
+
typedef unsigned int BF_word;
typedef signed int BF_word_signed;
@@ -887,3 +891,10 @@ char *_crypt_gensalt_blowfish_rn(const c
return output;
}
+
+char *__crypt_gensalt_r (unsigned long count, __const char *input, int size, char *output, int output_size)
+{
+ return _crypt_gensalt_blowfish_rn("$2a$", count, input, size, output, output_size);
+}
+
+
Index: libxcrypt-3.0.4/plugins/blowfish/blowfish-test.c
===================================================================
--- libxcrypt-3.0.4.orig/plugins/blowfish/blowfish-test.c
+++ libxcrypt-3.0.4/plugins/blowfish/blowfish-test.c
@@ -26,13 +26,19 @@
#define CRYPT_OUTPUT_SIZE (7 + 22 + 31 + 1)
#define CRYPT_GENSALT_OUTPUT_SIZE (7 + 22 + 1)
-#if defined(__GLIBC__) && defined(_LIBC)
#define __SKIP_GNU
-#endif
+#include "xcrypt.h"
+#include "xcrypt-plugin.h"
#include "ow-crypt.h"
#include "crypt_blowfish.h"
+#ifndef XCRYPT
#include "crypt_gensalt.h"
+#else
+#define _crypt_blowfish_rn __crypt_r
+#undef crypt_r
+char *crypt_r(const char *key, const char *setting, void *data);
+#endif
#if defined(__GLIBC__) && defined(_LIBC)
/* crypt.h from glibc-crypt-2.1 will define struct crypt_data for us */
@@ -186,6 +192,7 @@ char *crypt(const char *key, const char
#define __crypt_gensalt crypt_gensalt
#endif
+#ifndef XCRYPT
char *__crypt_gensalt_rn(const char *prefix, unsigned long count,
const char *input, int size, char *output, int output_size)
{
@@ -220,6 +227,13 @@ char *__crypt_gensalt_rn(const char *pre
return use(prefix, count, input, size, output, output_size);
}
+#else
+char *__crypt_gensalt_rn(const char *prefix __attribute__((unused)), unsigned long count,
+ const char *input, int size, char *output, int output_size)
+{
+ return __crypt_gensalt_r(count, input, size, output, output_size);
+}
+#endif
char *__crypt_gensalt_ra(const char *prefix, unsigned long count,
const char *input, int size)
@@ -531,4 +545,21 @@ int main(void)
return 0;
}
+#endif
+
+#ifdef XCRYPT
+int _crypt_output_magic(const char *setting, char *output, int size)
+{
+ if (size < 3)
+ return -1;
+
+ output[0] = '*';
+ output[1] = '0';
+ output[2] = '\0';
+
+ if (setting[0] == '*' && setting[1] == '0')
+ output[1] = '1';
+
+ return 0;
+}
#endif
Index: libxcrypt-3.0.4/plugins/blowfish/Makefile.am
===================================================================
--- libxcrypt-3.0.4.orig/plugins/blowfish/Makefile.am
+++ libxcrypt-3.0.4/plugins/blowfish/Makefile.am
@@ -25,5 +25,5 @@ libxcrypt_2a_la_SOURCES = crypt_blowfish
noinst_PROGRAMS = blowfish-test
-blowfish_test_CFLAGS = $(AM_CFLAGS) -DTEST_THREADS=10
+blowfish_test_CFLAGS = $(AM_CFLAGS) -DTEST -DTEST_THREADS=4 -DXCRYPT
blowfish_test_LDADD = libxcrypt_2a.la -lpthread
Index: libxcrypt-3.0.4/src/xcrypt.c
===================================================================
--- libxcrypt-3.0.4.orig/src/xcrypt.c
+++ libxcrypt-3.0.4/src/xcrypt.c
@@ -42,6 +42,10 @@ get_plugin (const char *hash_id)
{
struct plugin_t *ptr = plugins;
+ /* blowfish hack for CVE-2011-2483 */
+ if (!strcmp(hash_id, "2x") || !strcmp(hash_id, "2y"))
+ hash_id = "2a";
+
while (ptr)
{
if (strcmp (hash_id, ptr->id) == 0)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org