Author: mvidner Date: Fri Aug 19 11:19:02 2011 New Revision: 65373 URL: http://svn.opensuse.org/viewcvs/yast?rev=65373&view=rev Log: change blowfish id from 2a to 2y (bnc#700876 bnc#706705 CVE-2011-2483) (thanks to Ludwig Nussel) svn merge -c65369 http://svn.opensuse.org/svn/yast/trunk/core Modified: branches/SuSE-Code-11-SP2-Branch/core/ (props changed) branches/SuSE-Code-11-SP2-Branch/core/VERSION branches/SuSE-Code-11-SP2-Branch/core/libycp/src/y2crypt.cc branches/SuSE-Code-11-SP2-Branch/core/package/yast2-core.changes Modified: branches/SuSE-Code-11-SP2-Branch/core/VERSION URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/core/VERSION?rev=65373&r1=65372&r2=65373&view=diff ============================================================================== --- branches/SuSE-Code-11-SP2-Branch/core/VERSION (original) +++ branches/SuSE-Code-11-SP2-Branch/core/VERSION Fri Aug 19 11:19:02 2011 @@ -1 +1 @@ -2.17.39 +2.17.40 Modified: branches/SuSE-Code-11-SP2-Branch/core/libycp/src/y2crypt.cc URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/core/libycp/src/y2crypt.cc?rev=65373&r1=65372&r2=65373&view=diff ============================================================================== --- branches/SuSE-Code-11-SP2-Branch/core/libycp/src/y2crypt.cc (original) +++ branches/SuSE-Code-11-SP2-Branch/core/libycp/src/y2crypt.cc Fri Aug 19 11:19:02 2011 @@ -141,7 +141,7 @@ break; case BLOWFISH: - salt = make_crypt_salt ("$2a$", 0); + salt = make_crypt_salt ("$2y$", 0); if (!salt) { y2error ("Cannot create salt for blowfish crypt"); @@ -178,7 +178,9 @@ return false; } - if (!newencrypted) + if (!newencrypted + /* catch retval magic by ow-crypt/libxcrypt */ + || !strcmp(newencrypted, "*0") || !strcmp(newencrypted, "*1")) { y2error ("crypt_r () returns 0 pointer"); return false; Modified: branches/SuSE-Code-11-SP2-Branch/core/package/yast2-core.changes URL: http://svn.opensuse.org/viewcvs/yast/branches/SuSE-Code-11-SP2-Branch/core/package/yast2-core.changes?rev=65373&r1=65372&r2=65373&view=diff ============================================================================== --- branches/SuSE-Code-11-SP2-Branch/core/package/yast2-core.changes (original) +++ branches/SuSE-Code-11-SP2-Branch/core/package/yast2-core.changes Fri Aug 19 11:19:02 2011 @@ -1,4 +1,11 @@ ------------------------------------------------------------------- +Thu Aug 18 12:40:23 CEST 2011 - mvidner@suse.cz + +- change blowfish id from 2a to 2y (bnc#700876 bnc#706705 CVE-2011-2483) + (thanks to Ludwig Nussel) +- 2.17.40 + +------------------------------------------------------------------- Mon Aug 1 12:56:11 UTC 2011 - mvidner@suse.cz - Log YCP client arguments only with y2debug, not to reveal AutoYaST -- To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org For additional commands, e-mail: yast-commit+help@opensuse.org