Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libxcrypt for openSUSE:Factory
checked in at 2021-12-22 20:17:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libxcrypt (Old)
and /work/SRC/openSUSE:Factory/.libxcrypt.new.2520 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxcrypt"
Wed Dec 22 20:17:38 2021 rev:14 rq:941718 version:4.4.27
Changes:
--------
--- /work/SRC/openSUSE:Factory/libxcrypt/libxcrypt.changes 2021-12-13
20:46:41.892501996 +0100
+++ /work/SRC/openSUSE:Factory/.libxcrypt.new.2520/libxcrypt.changes
2021-12-22 20:17:38.515835107 +0100
@@ -1,0 +2,7 @@
+Mon Dec 20 22:45:41 UTC 2021 - Dirk M??ller <dmuel...@suse.com>
+
+- update to 4.4.27:
+ * Limit the maximum amount of rbytes to 64 bytes (512 bits) for yescrypt,
+ gost-yescrypt, and scrypt
+
+-------------------------------------------------------------------
Old:
----
libxcrypt-4.4.26.tar.xz
libxcrypt-4.4.26.tar.xz.asc
New:
----
libxcrypt-4.4.27.tar.xz
libxcrypt-4.4.27.tar.xz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libxcrypt.spec ++++++
--- /var/tmp/diff_new_pack.i121C2/_old 2021-12-22 20:17:39.215835435 +0100
+++ /var/tmp/diff_new_pack.i121C2/_new 2021-12-22 20:17:39.223835439 +0100
@@ -17,7 +17,7 @@
Name: libxcrypt
-Version: 4.4.26
+Version: 4.4.27
Release: 0
Summary: Extended crypt library for DES, MD5, Blowfish and others
License: BSD-2-Clause AND GPL-3.0-or-later AND LGPL-2.1-or-later AND
BSD-3-Clause AND SUSE-Public-Domain
++++++ libxcrypt-4.4.26.tar.xz -> libxcrypt-4.4.27.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libxcrypt-4.4.26/Makefile.am
new/libxcrypt-4.4.27/Makefile.am
--- old/libxcrypt-4.4.26/Makefile.am 2021-09-18 12:38:31.000000000 +0200
+++ new/libxcrypt-4.4.27/Makefile.am 2021-12-17 16:16:06.000000000 +0100
@@ -602,6 +602,47 @@
$(PERL) ./$(SCRIPTS_AUX)/check-perlcritic-config && \
perlcritic --quiet ./
+# Target for generating a signed release tarball.
+release: libxcrypt-$(VERSION).tar.xz.sha256sum libxcrypt-gpgkey.gpg
+phony_targets += release
+
+libxcrypt-$(VERSION).tar.xz.asc: dist-xz
+ $(GPG2) \
+ --quiet \
+ --armor \
+ --detach-sign \
+ --default-key F52E98007594C21D \
+ --output libxcrypt-$(VERSION).tar.xz.asc.T \
+ libxcrypt-$(VERSION).tar.xz
+ $(AM_V_at)$(SCRIPTS_AUX)/move-if-change \
+ libxcrypt-$(VERSION).tar.xz.asc.T \
+ libxcrypt-$(VERSION).tar.xz.asc
+
+libxcrypt-$(VERSION).tar.xz.sha256sum: libxcrypt-$(VERSION).tar.xz.asc
+ $(SHA256SUM) \
+ libxcrypt-$(VERSION).tar.xz \
+ libxcrypt-$(VERSION).tar.xz.asc \
+ > libxcrypt-$(VERSION).tar.xz.sha256sum.T
+ $(AM_V_at)$(SCRIPTS_AUX)/move-if-change \
+ libxcrypt-$(VERSION).tar.xz.sha256sum.T \
+ libxcrypt-$(VERSION).tar.xz.sha256sum
+
+libxcrypt-gpgkey.gpg:
+ $(GPG2) \
+ --export \
+ --export-options \
+ export-minimal \
+ F52E98007594C21D \
+ > libxcrypt-gpgkey.gpg.T
+ $(AM_V_at)$(SCRIPTS_AUX)/move-if-change \
+ libxcrypt-gpgkey.gpg.T \
+ libxcrypt-gpgkey.gpg
+
+CLEANFILES += \
+ libxcrypt-$(VERSION).tar.xz.asc* \
+ libxcrypt-$(VERSION).tar.xz.sha256sum* \
+ libxcrypt-gpgkey.gpg*
+
# Every object file depends on crypt-symbol-vers.h and crypt-hashes.h,
# which are generated files, so automatic dependency generation is not
# sufficient.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libxcrypt-4.4.26/Makefile.in
new/libxcrypt-4.4.27/Makefile.in
--- old/libxcrypt-4.4.26/Makefile.in 2021-09-18 14:05:22.000000000 +0200
+++ new/libxcrypt-4.4.27/Makefile.in 2021-12-17 16:17:38.000000000 +0100
@@ -907,6 +907,7 @@
ENABLE_VALGRIND_sgcheck = @ENABLE_VALGRIND_sgcheck@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
+GPG2 = @GPG2@
GREP = @GREP@
HAVE_CPP_dD = @HAVE_CPP_dD@
INSTALL = @INSTALL@
@@ -950,6 +951,7 @@
RELRO_FLAG = @RELRO_FLAG@
SED = @SED@
SET_MAKE = @SET_MAKE@
+SHA256SUM = @SHA256SUM@
SHELL = @SHELL@
STRIP = @STRIP@
SYMBOL_PREFIX = @SYMBOL_PREFIX@
@@ -1121,7 +1123,7 @@
# Install libcrypt.pc symlink to libxcrypt.pc file.
phony_targets = install-data-hook-pkgconfig uninstall-hook-pkgconfig \
$(am__append_3) $(am__append_6) $(am__append_9) \
- $(am__append_12) $(am__append_15) test-programs
+ $(am__append_12) $(am__append_15) test-programs release
uninstall_hook_targets = uninstall-hook-pkgconfig $(am__append_5) \
$(am__append_8) $(am__append_11) $(am__append_14)
@ENABLE_OBSOLETE_API_FALSE@libcrypt_la_VERSION = 2:0:0
@@ -1138,7 +1140,9 @@
crypt-symbol-vers.h.stamp crypt-hashes.h crypt-hashes.h.T \
crypt-hashes.h.stamp crypt.h crypt.h.T crypt.h.stamp xcrypt.h \
xcrypt.h.T xcrypt.h.stamp ./*.gcda ./*.gcno lib/*.gcda \
- lib/*.gcno test/*.gcda test/*.gcno $(am__append_16)
+ lib/*.gcno test/*.gcda test/*.gcno $(am__append_16) \
+ libxcrypt-$(VERSION).tar.xz.asc* \
+ libxcrypt-$(VERSION).tar.xz.sha256sum* libxcrypt-gpgkey.gpg*
DISTCLEANFILES = .deps/*.Plo
# Almost everything depends on the generated headers; the generated
@@ -3682,6 +3686,41 @@
$(PERL) ./$(SCRIPTS_AUX)/check-perlcritic-config && \
perlcritic --quiet ./
+# Target for generating a signed release tarball.
+release: libxcrypt-$(VERSION).tar.xz.sha256sum libxcrypt-gpgkey.gpg
+
+libxcrypt-$(VERSION).tar.xz.asc: dist-xz
+ $(GPG2) \
+ --quiet \
+ --armor \
+ --detach-sign \
+ --default-key F52E98007594C21D \
+ --output libxcrypt-$(VERSION).tar.xz.asc.T \
+ libxcrypt-$(VERSION).tar.xz
+ $(AM_V_at)$(SCRIPTS_AUX)/move-if-change \
+ libxcrypt-$(VERSION).tar.xz.asc.T \
+ libxcrypt-$(VERSION).tar.xz.asc
+
+libxcrypt-$(VERSION).tar.xz.sha256sum: libxcrypt-$(VERSION).tar.xz.asc
+ $(SHA256SUM) \
+ libxcrypt-$(VERSION).tar.xz \
+ libxcrypt-$(VERSION).tar.xz.asc \
+ > libxcrypt-$(VERSION).tar.xz.sha256sum.T
+ $(AM_V_at)$(SCRIPTS_AUX)/move-if-change \
+ libxcrypt-$(VERSION).tar.xz.sha256sum.T \
+ libxcrypt-$(VERSION).tar.xz.sha256sum
+
+libxcrypt-gpgkey.gpg:
+ $(GPG2) \
+ --export \
+ --export-options \
+ export-minimal \
+ F52E98007594C21D \
+ > libxcrypt-gpgkey.gpg.T
+ $(AM_V_at)$(SCRIPTS_AUX)/move-if-change \
+ libxcrypt-gpgkey.gpg.T \
+ libxcrypt-gpgkey.gpg
+
# Every object file depends on crypt-symbol-vers.h and crypt-hashes.h,
# which are generated files, so automatic dependency generation is not
# sufficient.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libxcrypt-4.4.26/NEWS new/libxcrypt-4.4.27/NEWS
--- old/libxcrypt-4.4.26/NEWS 2021-09-18 14:04:53.000000000 +0200
+++ new/libxcrypt-4.4.27/NEWS 2021-12-17 16:17:09.000000000 +0100
@@ -3,6 +3,11 @@
Please send bug reports, questions and suggestions to
<https://github.com/besser82/libxcrypt/issues>.
+Version 4.4.27
+* Limit the maximum amount of rbytes to 64 bytes (512 bits) for
+ yescrypt, gost-yescrypt, and scrypt. Also reflect this limit
+ in the documentation (issue #145).
+
Version 4.4.26
* Fix compilation on systems with GCC >= 10, that do not support
declarations with __attribute__((symver)).
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libxcrypt-4.4.26/configure
new/libxcrypt-4.4.27/configure
--- old/libxcrypt-4.4.26/configure 2021-09-18 14:05:21.000000000 +0200
+++ new/libxcrypt-4.4.27/configure 2021-12-17 16:17:37.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for xcrypt 4.4.26.
+# Generated by GNU Autoconf 2.69 for xcrypt 4.4.27.
#
# Report bugs to <https://github.com/besser82/libxcrypt/issues>.
#
@@ -590,8 +590,8 @@
# Identity of this package.
PACKAGE_NAME='xcrypt'
PACKAGE_TARNAME='libxcrypt'
-PACKAGE_VERSION='4.4.26'
-PACKAGE_STRING='xcrypt 4.4.26'
+PACKAGE_VERSION='4.4.27'
+PACKAGE_STRING='xcrypt 4.4.27'
PACKAGE_BUGREPORT='https://github.com/besser82/libxcrypt/issues'
PACKAGE_URL='https://github.com/besser82/libxcrypt'
@@ -697,6 +697,8 @@
LIBTOOL
WARN_CFLAGS_FOR_BUILD
WARN_CFLAGS
+SHA256SUM
+GPG2
PERL
LN_S
CPP
@@ -1386,7 +1388,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures xcrypt 4.4.26 to adapt to many kinds of systems.
+\`configure' configures xcrypt 4.4.27 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1457,7 +1459,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of xcrypt 4.4.26:";;
+ short | recursive ) echo "Configuration of xcrypt 4.4.27:";;
esac
cat <<\_ACEOF
@@ -1636,7 +1638,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-xcrypt configure 4.4.26
+xcrypt configure 4.4.27
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -1910,7 +1912,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by xcrypt $as_me 4.4.26, which was
+It was created by xcrypt $as_me 4.4.27, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2797,7 +2799,7 @@
# Define the identity of the package.
PACKAGE='libxcrypt'
- VERSION='4.4.26'
+ VERSION='4.4.27'
cat >>confdefs.h <<_ACEOF
@@ -4817,6 +4819,88 @@
$as_echo "no" >&6; }
as_fn_error $? "Perl version 5.14.0 or later is required" "$LINENO" 5
fi
+# Extract the first word of "gpg2", so it can be a program name with args.
+set dummy gpg2; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_GPG2+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $GPG2 in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_GPG2="$GPG2" # Let the user override the test with a path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_path_GPG2="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext"
>&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_GPG2" && ac_cv_path_GPG2="false"
+ ;;
+esac
+fi
+GPG2=$ac_cv_path_GPG2
+if test -n "$GPG2"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $GPG2" >&5
+$as_echo "$GPG2" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# Extract the first word of "sha256sum", so it can be a program name with args.
+set dummy sha256sum; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if ${ac_cv_path_SHA256SUM+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ case $SHA256SUM in
+ [\\/]* | ?:[\\/]*)
+ ac_cv_path_SHA256SUM="$SHA256SUM" # Let the user override the test with a
path.
+ ;;
+ *)
+ as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+ IFS=$as_save_IFS
+ test -z "$as_dir" && as_dir=.
+ for ac_exec_ext in '' $ac_executable_extensions; do
+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
+ ac_cv_path_SHA256SUM="$as_dir/$ac_word$ac_exec_ext"
+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext"
>&5
+ break 2
+ fi
+done
+ done
+IFS=$as_save_IFS
+
+ test -z "$ac_cv_path_SHA256SUM" && ac_cv_path_SHA256SUM="false"
+ ;;
+esac
+fi
+SHA256SUM=$ac_cv_path_SHA256SUM
+if test -n "$SHA256SUM"; then
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SHA256SUM" >&5
+$as_echo "$SHA256SUM" >&6; }
+else
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
for ac_header in sys/types.h sys/stat.h strings.h inttypes.h stdint.h unistd.h
@@ -16073,7 +16157,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by xcrypt $as_me 4.4.26, which was
+This file was extended by xcrypt $as_me 4.4.27, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -16140,7 +16224,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-xcrypt config.status 4.4.26
+xcrypt config.status 4.4.27
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libxcrypt-4.4.26/configure.ac
new/libxcrypt-4.4.27/configure.ac
--- old/libxcrypt-4.4.26/configure.ac 2021-09-18 14:04:53.000000000 +0200
+++ new/libxcrypt-4.4.27/configure.ac 2021-12-17 16:17:09.000000000 +0100
@@ -1,7 +1,7 @@
# Process this file with autoconf to produce a configure script.
m4_include([build-aux/m4/zw_automodern.m4])
AC_INIT([xcrypt],
- [4.4.26],
+ [4.4.27],
[https://github.com/besser82/libxcrypt/issues],
[libxcrypt],
[https://github.com/besser82/libxcrypt])
@@ -47,6 +47,8 @@
AC_PROG_MAKE_SET
AC_PROG_LN_S
zw_PROG_PERL([5.14.0])
+AC_PATH_PROG([GPG2], [gpg2], [false])
+AC_PATH_PROG([SHA256SUM], [sha256sum], [false])
AC_USE_SYSTEM_EXTENSIONS
AC_SYS_LARGEFILE
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libxcrypt-4.4.26/doc/crypt.5
new/libxcrypt-4.4.27/doc/crypt.5
--- old/libxcrypt-4.4.26/doc/crypt.5 2021-09-03 11:58:31.000000000 +0200
+++ new/libxcrypt-4.4.27/doc/crypt.5 2021-12-17 16:16:06.000000000 +0100
@@ -170,7 +170,7 @@
yescrypt is a scalable passphrase hashing scheme designed by Solar Designer,
which is based on Colin Percival's scrypt.
Recommended for new hashes.
-.hash "$y$" "\e$y\e$[./A-Za-z0-9]+\e$[./A-Za-z0-9]{,86}\e$[./A-Za-z0-9]{43}"
unlimited 8 256 256 "up to 512" "1 to 11 (logarithmic)"
+.hash "$y$" "\e$y\e$[./A-Za-z0-9]+\e$[./A-Za-z0-9]{,86}\e$[./A-Za-z0-9]{43}"
unlimited 8 256 256 "up to 512 (128+ recommended)" "1 to 11 (logarithmic)"
.Ss gost-yescrypt
gost-yescrypt uses the output from the yescrypt hashing method in place of a
hmac message. Thus, the yescrypt crypto properties are superseded by the
@@ -181,14 +181,14 @@
The GOST R 34.11-2012 (Streebog) hash function has been published by the IETF
as RFC 6986.
Recommended for new hashes.
-.hash "$gy$" "\e$gy\e$[./A-Za-z0-9]+\e$[./A-Za-z0-9]{,86}\e$[./A-Za-z0-9]{43}"
unlimited 8 256 256 "up to 512" "1 to 11 (logarithmic)"
+.hash "$gy$" "\e$gy\e$[./A-Za-z0-9]+\e$[./A-Za-z0-9]{,86}\e$[./A-Za-z0-9]{43}"
unlimited 8 256 256 "up to 512 (128+ recommended)" "1 to 11 (logarithmic)"
.Ss scrypt
scrypt is a password-based key derivation function created by Colin Percival,
originally for the Tarsnap online backup service.
The algorithm was specifically designed to make it costly to perform
large-scale custom hardware attacks by requiring large amounts of memory.
In 2016, the scrypt algorithm was published by IETF as RFC 7914.
-.hash "$7$" "\e$7\e$[./A-Za-z0-9]{11,97}\e$[./A-Za-z0-9]{43}" unlimited 8 256
256 "up to 512" "6 to 11 (logarithmic)"
+.hash "$7$" "\e$7\e$[./A-Za-z0-9]{11,97}\e$[./A-Za-z0-9]{43}" unlimited 8 256
256 "up to 512 (128+ recommended)" "6 to 11 (logarithmic)"
.Ss bcrypt
A hash based on the Blowfish block cipher,
modified to have an extra-expensive key schedule.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libxcrypt-4.4.26/lib/crypt-gost-yescrypt.c
new/libxcrypt-4.4.27/lib/crypt-gost-yescrypt.c
--- old/libxcrypt-4.4.26/lib/crypt-gost-yescrypt.c 2021-09-03
11:58:31.000000000 +0200
+++ new/libxcrypt-4.4.27/lib/crypt-gost-yescrypt.c 2021-12-17
16:16:06.000000000 +0100
@@ -58,6 +58,10 @@
const uint8_t *rbytes, size_t nrbytes,
uint8_t *output, size_t o_size)
{
+ /* Up to 512 bits (64 bytes) of entropy for computing the salt portion
+ of the MCF-setting are supported. */
+ nrbytes = (nrbytes > 64 ? 64 : nrbytes);
+
if (o_size < 4 + 8 * 6 + BASE64_LEN (nrbytes) + 1 ||
CRYPT_GENSALT_OUTPUT_SIZE < 4 + 8 * 6 + BASE64_LEN (nrbytes) + 1)
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libxcrypt-4.4.26/lib/crypt-scrypt.c
new/libxcrypt-4.4.27/lib/crypt-scrypt.c
--- old/libxcrypt-4.4.26/lib/crypt-scrypt.c 2021-09-03 11:58:31.000000000
+0200
+++ new/libxcrypt-4.4.27/lib/crypt-scrypt.c 2021-12-17 16:16:06.000000000
+0100
@@ -165,6 +165,10 @@
const uint8_t *rbytes, size_t nrbytes,
uint8_t *output, size_t o_size)
{
+ /* Up to 512 bits (64 bytes) of entropy for computing the salt portion
+ of the MCF-setting are supported. */
+ nrbytes = (nrbytes > 64 ? 64 : nrbytes);
+
if (o_size < 3 + 1 + 5 * 2 + BASE64_LEN (nrbytes) + 1 ||
CRYPT_GENSALT_OUTPUT_SIZE < 3 + 1 + 5 * 2 + BASE64_LEN (nrbytes) + 1)
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libxcrypt-4.4.26/lib/crypt-yescrypt.c
new/libxcrypt-4.4.27/lib/crypt-yescrypt.c
--- old/libxcrypt-4.4.26/lib/crypt-yescrypt.c 2021-09-03 11:58:31.000000000
+0200
+++ new/libxcrypt-4.4.27/lib/crypt-yescrypt.c 2021-12-17 16:16:06.000000000
+0100
@@ -106,6 +106,10 @@
const uint8_t *rbytes, size_t nrbytes,
uint8_t *output, size_t o_size)
{
+ /* Up to 512 bits (64 bytes) of entropy for computing the salt portion
+ of the MCF-setting are supported. */
+ nrbytes = (nrbytes > 64 ? 64 : nrbytes);
+
if (o_size < 3 + 8 * 6 + 1 + BASE64_LEN (nrbytes) + 1 ||
CRYPT_GENSALT_OUTPUT_SIZE < 3 + 8 * 6 + 1 + BASE64_LEN (nrbytes) + 1)
{
