Hello community,
here is the log from the commit of package glibc for openSUSE:Factory
checked in at Mon Aug 29 12:34:49 CEST 2011.
--------
--- glibc/glibc.changes 2011-08-25 13:26:05.000000000 +0200
+++ /mounts/work_src_done/STABLE/glibc/glibc.changes 2011-08-25 14:03:39.000000000 +0200
@@ -1,0 +2,8 @@
+Thu Aug 25 09:44:37 UTC 2011 - lnussel@suse.de
+
+- use symbol version OW_CRYPT_1.0 for the Owl extensions
+ (crypt_r[an], crypt_gensalt.*)
+- refactor sha2 gensalt patch
+- document sha2 hashes in man page
+
+-------------------------------------------------------------------
@@ -45,0 +54,5 @@
+
+-------------------------------------------------------------------
+Fri Jul 22 13:47:23 UTC 2011 - lnussel@suse.de
+
+- fix signature of sha2 functions
calling whatdependson for head-i586
Old:
----
crypt_blowfish-1.1-sha.diff
minmem
New:
----
crypt_blowfish-1.2-sha.diff
crypt_blowfish-1.2-versioning.diff
glibc-2.14-crypt-versioning.diff
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ glibc.spec ++++++
--- /var/tmp/diff_new_pack.hUFDL3/_old 2011-08-29 12:33:33.000000000 +0200
+++ /var/tmp/diff_new_pack.hUFDL3/_new 2011-08-29 12:33:33.000000000 +0200
@@ -79,7 +79,7 @@
%endif
AutoReqProv: on
Version: 2.14
-Release: 5
+Release: 7
Url: http://www.gnu.org/software/libc/libc.html
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Source: glibc-%{version}-4eddf93f5cc2.tar.bz2
@@ -120,6 +120,8 @@
Patch4: glibc-2.3.locales.diff.bz2
# PATCH-FEATURE-OPENSUSE -- add crypt_blowfish support - bnc#700876
Patch5: glibc-2.14-crypt.diff
+# PATCH-FEATURE-OPENSUSE -- use separate symbol version for Owl extensions - lnussel@suse.de
+Patch6: glibc-2.14-crypt-versioning.diff
# PATCH-FIX-OPENSUSE add some extra information to version output - kukuk@suse.de
Patch7: glibc-version.diff
# PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines
@@ -199,7 +201,9 @@
# PATCH-FIX-UPSTREAM Fix fopen("non-existing-file", "re") errno bnc#713146 aj@suse.de
Patch69: fopen-close-exec.patch
# PATCH-FEATURE-OPENSUSE -- add sha support to crypt_blowfish lnussel@suse.de
-Patch80: crypt_blowfish-1.1-sha.diff
+Patch80: crypt_blowfish-1.2-sha.diff
+# PATCH-FEATURE-OPENSUSE -- use separate symbol version for Owl extensions - lnussel@suse.de
+Patch81: crypt_blowfish-1.2-versioning.diff
%description
The GNU C Library provides the most important standard libraries used
@@ -370,6 +374,7 @@
tar -xzf %SOURCE50
pushd crypt_blowfish-%{crypt_bf_version}
%patch80 -p1
+%patch81 -p1
popd
mv crypt/{crypt.h,gnu-crypt.h}
mv crypt_blowfish-%crypt_bf_version/*.[chS] crypt/
@@ -380,6 +385,7 @@
%patch3
%patch4
%patch5 -p1
+%patch6 -p1
%patch7
%patch8
%patch12
++++++ crypt_blowfish-1.1-sha.diff -> crypt_blowfish-1.2-sha.diff ++++++
--- glibc/crypt_blowfish-1.1-sha.diff 2011-07-07 09:29:49.000000000 +0200
+++ /mounts/work_src_done/STABLE/glibc/crypt_blowfish-1.2-sha.diff 2011-08-25 14:29:14.000000000 +0200
@@ -1,158 +1,121 @@
-From 22a0cc20633a4ddd61233410563c9fabe6b515ed Mon Sep 17 00:00:00 2001
+From 1c581a8364ab18a6938f3153d7bea793d06a4652 Mon Sep 17 00:00:00 2001
From: Ludwig Nussel
-Date: Tue, 5 Jul 2011 17:25:12 +0200
-Subject: [PATCH crypt_blowfish 1/2] support for sha256 and sha512
+Date: Thu, 25 Aug 2011 14:00:38 +0200
+Subject: [PATCH crypt_blowfish] support for sha256 and sha512
---
- crypt_gensalt.c | 119 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
- wrapper.c | 28 +++++++++++++
- 2 files changed, 147 insertions(+), 0 deletions(-)
+ crypt.3 | 14 +++++++++++++
+ crypt_gensalt.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ wrapper.c | 23 +++++++++++++++++++++
+ 3 files changed, 95 insertions(+), 0 deletions(-)
+diff --git a/crypt.3 b/crypt.3
+index e2f25bd..40a3538 100644
+--- a/crypt.3
++++ b/crypt.3
+@@ -399,6 +399,20 @@ too low for the currently available hardware.
+ .hash "$1$" "\e$1\e$[^$]{1,8}\e$[./0-9A-Za-z]{22}" unlimited 8 "" 128 "6 to 48" 1000
+ .PP
+ .ti -2
++.B SHA256 based
++.br
++This is Ulrich Drepper's SHA256-based password hashing method originally
++developed for Linux.
++.hash "$5$" "\e$5\e$(rounds=[0-9]{1,9}\e$)?([./0-9A-Za-z]{1,16})?\e$[./0-9A-Za-z]{43}" unlimited 8 "" 256 "0 to 96" "1000 to 999999999 (default 5000)"
++.PP
++.ti -2
++.B SHA512 based
++.br
++This is Ulrich Drepper's SHA512-based password hashing method originally
++developed for Linux.
++.hash "$6$" "\e$6\e$(rounds=[0-9]{1,9}\e$)?([./0-9A-Za-z]{1,16})?\e$[./0-9A-Za-z]{86}" unlimited 8 "" 512 "0 to 96" "1000 to 999999999 (default 5000)"
++.PP
++.ti -2
+ .BR "OpenBSD-style Blowfish-based" " (" bcrypt )
+ .br
+ .B bcrypt
diff --git a/crypt_gensalt.c b/crypt_gensalt.c
-index 43b0f6c..4600e30 100644
+index 73c15a1..5cf9812 100644
--- a/crypt_gensalt.c
+++ b/crypt_gensalt.c
-@@ -7,6 +7,11 @@
- * entirely in crypt_blowfish.c.
+@@ -19,6 +19,7 @@
*/
-+/* asprintf&free */
-+#define _GNU_SOURCE
-+#include
-+#include
-+
#include
++#include
#include
-@@ -105,3 +110,117 @@ char *_crypt_gensalt_md5_rn(unsigned long count,
+ #ifndef __set_errno
+@@ -122,3 +123,60 @@ char *_crypt_gensalt_md5_rn(const char *prefix, unsigned long count,
return output;
}
+
-+char *_crypt_gensalt_sha256_rn (unsigned long count,
++#define SHA2_SALT_LEN_MAX 16
++#define SHA2_ROUNDS_MIN 1000
++#define SHA2_ROUNDS_MAX 999999999
++char *_crypt_gensalt_sha2_rn (const char *prefix, unsigned long count,
+ const char *input, int size, char *output, int output_size)
-+{
-+ unsigned long value;
-+ char *buf;
-+ char buf2[12];
-+
-+ if (count > 0) {
-+ if (asprintf (&buf, "$5$rounds=%ld$", count) < 0) {
-+ if (output_size > 0)
-+ output[0] = '\0';
-+ errno = ENOMEM;
-+ return NULL;
-+ }
-+ } else {
-+ if (asprintf (&buf, "$5$") < 0) {
-+ if (output_size > 0)
-+ output[0] = '\0';
-+ errno = ENOMEM;
-+ return NULL;
-+ }
-+ }
-+
-+ if (size < 3 || output_size < (int)strlen (buf) + 4 + 1) {
-+ free (buf);
-+ if (output_size > 0)
-+ output[0] = '\0';
-+ errno = ERANGE;
-+ return NULL;
-+ }
-+
-+ value = (unsigned long)(unsigned char)input[0] |
-+ ((unsigned long)(unsigned char)input[1] << 8) |
-+ ((unsigned long)(unsigned char)input[2] << 16);
-+ buf2[0] = _crypt_itoa64[value & 0x3f];
-+ buf2[1] = _crypt_itoa64[(value >> 6) & 0x3f];
-+ buf2[2] = _crypt_itoa64[(value >> 12) & 0x3f];
-+ buf2[3] = _crypt_itoa64[(value >> 18) & 0x3f];
-+ buf2[4] = '\0';
-+
-+ if (size >= 6 && output_size >= (int)strlen (buf) + 4 + 4 + 1) {
-+ value = (unsigned long)(unsigned char)input[3] |
-+ ((unsigned long)(unsigned char)input[4] << 8) |
-+ ((unsigned long)(unsigned char)input[5] << 16);
-+ buf2[4] = _crypt_itoa64[value & 0x3f];
-+ buf2[5] = _crypt_itoa64[(value >> 6) & 0x3f];
-+ buf2[6] = _crypt_itoa64[(value >> 12) & 0x3f];
-+ buf2[7] = _crypt_itoa64[(value >> 18) & 0x3f];
-+ buf2[8] = '\0';
-+ }
-+
-+ snprintf (output, output_size, "%s%s", buf, buf2);
-+ free (buf);
-+
-+ return output;
-+}
+
-+char *_crypt_gensalt_sha512_rn (unsigned long count,
-+ const char *input, int size, char *output, int output_size)
+{
-+ unsigned long value;
-+ char *buf;
-+ char buf2[12];
-+
-+ if (count > 0) {
-+ if (asprintf (&buf, "$6$rounds=%ld$", count) < 0) {
-+ if (output_size > 0)
-+ output[0] = '\0';
-+ errno = ENOMEM;
-+ return NULL;
-+ }
-+ } else {
-+ if (asprintf (&buf, "$6$") < 0) {
-+ if (output_size > 0)
-+ output[0] = '\0';
-+ errno = ENOMEM;
-+ return NULL;
-+ }
-+ }
-+
-+ if (size < 3 || output_size < (int)strlen (buf) + 4 + 1) {
-+ free (buf);
-+ if (output_size > 0)
-+ output[0] = '\0';
-+ __set_errno(ERANGE);
-+ return NULL;
++ char *o = output;
++ const char *i = input;
++ unsigned needed = 3 + MIN(size/3*4, SHA2_SALT_LEN_MAX) + 1;
++
++ if (size < 3 || output_size < needed)
++ goto error;
++
++ size = MIN(size, SHA2_SALT_LEN_MAX/4*3);
++
++ o[0] = prefix[0];
++ o[1] = prefix[1];
++ o[2] = prefix[2];
++ o += 3;
++
++ if (count) {
++ count = MAX(SHA2_ROUNDS_MIN, MIN(count, SHA2_ROUNDS_MAX));
++ int n = snprintf (o, output_size-3, "rounds=%ld$", count);
++ if (n < 0 || n >= output_size-3)
++ goto error;
++ needed += n;
++ o += n;
++ }
++
++ if (output_size < needed)
++ goto error;
++
++ while (size >= 3) {
++ unsigned long value =
++ (unsigned long)(unsigned char)i[0] |
++ ((unsigned long)(unsigned char)i[1] << 8) |
++ ((unsigned long)(unsigned char)i[2] << 16);
++ o[0] = _crypt_itoa64[value & 0x3f];
++ o[1] = _crypt_itoa64[(value >> 6) & 0x3f];
++ o[2] = _crypt_itoa64[(value >> 12) & 0x3f];
++ o[3] = _crypt_itoa64[(value >> 18) & 0x3f];
++ size -= 3;
++ i += 3;
++ o += 3;
+ }
-+
-+ value = (unsigned long)(unsigned char)input[0] |
-+ ((unsigned long)(unsigned char)input[1] << 8) |
-+ ((unsigned long)(unsigned char)input[2] << 16);
-+ buf2[0] = _crypt_itoa64[value & 0x3f];
-+ buf2[1] = _crypt_itoa64[(value >> 6) & 0x3f];
-+ buf2[2] = _crypt_itoa64[(value >> 12) & 0x3f];
-+ buf2[3] = _crypt_itoa64[(value >> 18) & 0x3f];
-+ buf2[4] = '\0';
-+
-+ if (size >= 6 && output_size >= (int)strlen (buf) + 4 + 4 + 1) {
-+ value = (unsigned long)(unsigned char)input[3] |
-+ ((unsigned long)(unsigned char)input[4] << 8) |
-+ ((unsigned long)(unsigned char)input[5] << 16);
-+ buf2[4] = _crypt_itoa64[value & 0x3f];
-+ buf2[5] = _crypt_itoa64[(value >> 6) & 0x3f];
-+ buf2[6] = _crypt_itoa64[(value >> 12) & 0x3f];
-+ buf2[7] = _crypt_itoa64[(value >> 18) & 0x3f];
-+ buf2[8] = '\0';
-+ }
-+
-+ snprintf (output, output_size, "%s%s", buf, buf2);
-+ free (buf);
++ o[0] = '\0';
+
+ return output;
++
++error:
++ if (output_size > 0)
++ output[0] = '\0';
++ errno = ENOMEM;
++ return NULL;
+}
diff --git a/wrapper.c b/wrapper.c
-index af441bc..07772bc 100644
+index 344053b..070d91d 100644
--- a/wrapper.c
+++ b/wrapper.c
-@@ -33,12 +33,20 @@
+@@ -44,12 +44,18 @@
#include "crypt_blowfish.h"
#include "crypt_gensalt.h"
-+extern char *_crypt_gensalt_sha256_rn(unsigned long count,
-+ const char *input, int size, char *output, int output_size);
-+extern char *_crypt_gensalt_sha512_rn(unsigned long count,
++extern char *_crypt_gensalt_sha2_rn(const char *prefix, unsigned long count,
+ const char *input, int size, char *output, int output_size);
#if defined(__GLIBC__) && defined(_LIBC)
@@ -167,7 +130,7 @@
/* crypt-entry.c needs to be patched to define __des_crypt_r rather than
* __crypt_r, and not define crypt_r and crypt at all */
extern char *__des_crypt_r(const char *key, const char *salt,
-@@ -101,6 +109,10 @@ static char *_crypt_retval_magic(char *retval, const char *setting,
+@@ -112,6 +118,10 @@ static char *_crypt_retval_magic(char *retval, const char *setting,
char *__crypt_rn(__const char *key, __const char *setting,
void *data, int size)
{
@@ -178,7 +141,7 @@
if (setting[0] == '$' && setting[1] == '2')
return _crypt_blowfish_rn(key, setting, (char *)data, size);
if (setting[0] == '$' && setting[1] == '1')
-@@ -118,6 +130,16 @@ char *__crypt_rn(__const char *key, __const char *setting,
+@@ -129,6 +139,16 @@ char *__crypt_rn(__const char *key, __const char *setting,
char *__crypt_ra(__const char *key, __const char *setting,
void **data, int *size)
{
@@ -195,15 +158,12 @@
if (setting[0] == '$' && setting[1] == '2') {
if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE))
return NULL;
-@@ -199,6 +221,12 @@ char *__crypt_gensalt_rn(const char *prefix, unsigned long count,
+@@ -210,6 +230,9 @@ char *__crypt_gensalt_rn(const char *prefix, unsigned long count,
return NULL;
}
-+ if (!strncmp(prefix, "$6$", 3))
-+ use = _crypt_gensalt_sha512_rn;
-+ else
-+ if (!strncmp(prefix, "$5$", 3))
-+ use = _crypt_gensalt_sha256_rn;
++ if (!strncmp(prefix, "$5$", 3) || !strncmp(prefix, "$6$", 3))
++ use = _crypt_gensalt_sha2_rn;
+ else
if (!strncmp(prefix, "$2a$", 4) || !strncmp(prefix, "$2y$", 4))
use = _crypt_gensalt_blowfish_rn;
++++++ crypt_blowfish-1.2-versioning.diff ++++++
Index: crypt_blowfish-1.2/wrapper.c
===================================================================
--- crypt_blowfish-1.2/wrapper.c
+++ crypt_blowfish-1.2/wrapper.c
@@ -38,6 +38,7 @@
#define CRYPT_GENSALT_OUTPUT_SIZE (7 + 22 + 1)
#if defined(__GLIBC__) && defined(_LIBC)
+#include
#define __SKIP_GNU
#endif
#include "ow-crypt.h"
@@ -291,14 +292,34 @@ char *__crypt_gensalt(const char *prefix
}
#if defined(__GLIBC__) && defined(_LIBC)
-weak_alias(__crypt_rn, crypt_rn)
-weak_alias(__crypt_ra, crypt_ra)
weak_alias(__crypt_r, crypt_r)
weak_alias(__crypt, crypt)
-weak_alias(__crypt_gensalt_rn, crypt_gensalt_rn)
-weak_alias(__crypt_gensalt_ra, crypt_gensalt_ra)
-weak_alias(__crypt_gensalt, crypt_gensalt)
-weak_alias(crypt, fcrypt)
+weak_alias(__crypt, fcrypt)
+#if SHARED
+#if 1 // Owl has crypt_gensalt as GLIBC_2_0 so keep for compatibility
+#define ow_compat_symbol(name) \
+ compat_symbol(libcrypt, _compat_##name, name, GLIBC_2_0); \
+ weak_alias(__##name, _compat_##name)
+#else
+#define ow_compat_symbol(name)
+#endif
+
+#define ow_versioned(name) \
+ ow_compat_symbol(name) \
+ versioned_symbol(libcrypt, _owl_##name, name, OW_CRYPT_1_0);
+#else
+#define ow_versioned(name)
+#endif // SHARED
+
+#define ow_symbol(name) \
+ ow_versioned(name) \
+ weak_alias(__##name, _owl_##name) \
+
+ow_symbol(crypt_rn)
+ow_symbol(crypt_ra)
+ow_symbol(crypt_gensalt)
+ow_symbol(crypt_gensalt_rn)
+ow_symbol(crypt_gensalt_ra)
#endif
#ifdef TEST
++++++ glibc-2.14-crypt-versioning.diff ++++++
Index: glibc-2.14/Versions.def
===================================================================
--- glibc-2.14.orig/Versions.def
+++ glibc-2.14/Versions.def
@@ -41,6 +41,7 @@ libc {
}
libcrypt {
GLIBC_2.0
+ OW_CRYPT_1.0
}
libdl {
GLIBC_2.0
Index: glibc-2.14/crypt/Versions
===================================================================
--- glibc-2.14.orig/crypt/Versions
+++ glibc-2.14/crypt/Versions
@@ -3,4 +3,7 @@ libcrypt {
crypt; crypt_r; encrypt; encrypt_r; fcrypt; setkey; setkey_r;
crypt_rn; crypt_ra; crypt_gensalt; crypt_gensalt_rn; crypt_gensalt_ra;
}
+ OW_CRYPT_1.0 {
+ crypt_rn; crypt_ra; crypt_gensalt; crypt_gensalt_rn; crypt_gensalt_ra;
+ }
}
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org