Hello community, here is the log from the commit of package whois for openSUSE:Factory checked in at Wed Jul 27 12:04:46 CEST 2011.
-------- --- whois/whois.changes 2011-03-22 11:18:32.000000000 +0100 +++ /mounts/work_src_done/STABLE/whois/whois.changes 2011-07-19 10:48:56.000000000 +0200 @@ -1,0 +2,8 @@ +Tue Jul 19 08:48:20 UTC 2011 - lnus...@suse.de + +- enable use of crypt_gensalt to support all glibc supported + algorithms +- allow 8bit passwords read from file +- support new blowfish $2y algorithm + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- whois-5.0.11-mkpasswd-add-support-for-the-new-2y-blowfish-tag-CVE-2011-2483.diff whois-5.0.11-mkpasswd-crypt_gensalt-might-change-the-prefix.diff whois-5.0.11-mkpasswd-fix-compiler-warnings.diff whois-5.0.11-mkpasswd-remove-obsolete-settings.diff whois-5.0.11-mkpasswd-set-default-blowfish-rounds-to-5.diff whois-5.0.11-mkpasswd-support-8bit-characters.diff whois-5.0.11-mkpasswd-support-Owl-patched-libcrypt.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ whois.spec ++++++ --- /var/tmp/diff_new_pack.9PoEdB/_old 2011-07-27 11:59:03.000000000 +0200 +++ /var/tmp/diff_new_pack.9PoEdB/_new 2011-07-27 11:59:03.000000000 +0200 @@ -19,13 +19,20 @@ Name: whois Version: 5.0.11 -Release: 1 +Release: 2 License: GPLv2+ Summary: Whois Client Program Url: http://www.linux.it/~md/software/ Group: Productivity/Networking/Other -Source: %{name}_%{version}.tar.bz2 +Source: http://ftp.debian.org/debian/pool/main/w/whois/%{name}_%{version}.tar.bz2 Patch1: whois-4.7.33-nb.patch +Patch2: whois-5.0.11-mkpasswd-support-Owl-patched-libcrypt.diff +Patch3: whois-5.0.11-mkpasswd-crypt_gensalt-might-change-the-prefix.diff +Patch4: whois-5.0.11-mkpasswd-support-8bit-characters.diff +Patch5: whois-5.0.11-mkpasswd-add-support-for-the-new-2y-blowfish-tag-CVE-2011-2483.diff +Patch6: whois-5.0.11-mkpasswd-set-default-blowfish-rounds-to-5.diff +Patch7: whois-5.0.11-mkpasswd-remove-obsolete-settings.diff +Patch8: whois-5.0.11-mkpasswd-fix-compiler-warnings.diff BuildRequires: libidn-devel Provides: ripe-whois-tools BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -40,10 +47,17 @@ %prep %setup -n whois-%{version} %patch1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 rename no nb po/no.* %build -make all mkpasswd HAVE_LIBIDN=1 HAVE_ICONV=1 CFLAGS="%{optflags}" +make all mkpasswd HAVE_LIBIDN=1 HAVE_ICONV=1 HAVE_CRYPT_GENSALT=1 CFLAGS="%{optflags}" %install mkdir -p %{buildroot}{/usr/bin,%{_mandir}/man1} ++++++ whois-5.0.11-mkpasswd-add-support-for-the-new-2y-blowfish-tag-CVE-2011-2483.diff ++++++ >From 757e302cc12f962ee1e04ccc572d0553bcfb780c Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <ludwig.nus...@suse.de> Date: Thu, 14 Jul 2011 13:38:08 +0200 Subject: [PATCH whois 4/7] add support for the new 2y blowfish tag (CVE-2011-2483) --- mkpasswd.c | 9 +++++++-- 1 files changed, 7 insertions(+), 2 deletions(-) diff --git a/mkpasswd.c b/mkpasswd.c index 8bdc7f3..281d970 100644 --- a/mkpasswd.c +++ b/mkpasswd.c @@ -86,9 +86,13 @@ static const struct crypt_method methods[] = { #if defined FreeBSD { "bf", "$2$", 22, 22, 0, "Blowfish (FreeBSD)" }, #endif -#if defined OpenBSD || (defined __SVR4 && defined __sun) || defined HAVE_CRYPT_GENSALT +#if defined OpenBSD || (defined __SVR4 && defined __sun) { "bf", "$2a$", 22, 22, 1, "Blowfish" }, #endif +#if defined HAVE_CRYPT_GENSALT + { "bf", "$2a$", 22, 22, 1, "Blowfish, system-specific on 8-bit chars" }, + { "bfy", "$2y$", 22, 22, 1, "Blowfish, correct handling of 8-bit chars" }, +#endif #if defined FreeBSD { "nt", "$3$", 0, 0, 0, "NT-Hash" }, #endif @@ -226,7 +230,8 @@ int main(int argc, char *argv[]) salt_prefix = methods[0].prefix; } - if (streq(salt_prefix, "$2a$")) { /* OpenBSD Blowfish */ + if (streq(salt_prefix, "$2a$") + || streq(salt_prefix, "$2y$")) { /* OpenBSD Blowfish */ if (rounds <= 4) rounds = 4; /* actually for 2a it is the logarithm of the number of rounds */ -- 1.7.3.4 ++++++ whois-5.0.11-mkpasswd-crypt_gensalt-might-change-the-prefix.diff ++++++ >From b8cdda35e57303fa67e96165e8eb37a19e22171b Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <ludwig.nus...@suse.de> Date: Thu, 14 Jul 2011 13:06:56 +0200 Subject: [PATCH whois 3/7] crypt_gensalt might change the prefix It's undocumented behavior but be prepared for it. --- mkpasswd.c | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) diff --git a/mkpasswd.c b/mkpasswd.c index 59c7a58..8bdc7f3 100644 --- a/mkpasswd.c +++ b/mkpasswd.c @@ -331,7 +331,9 @@ int main(int argc, char *argv[]) fprintf(stderr, "crypt failed.\n"); exit(2); } - if (!strneq(result, salt_prefix, strlen(salt_prefix))) { + /* yes, using strlen(salt_prefix) on salt. It's not + * documented whether crypt_gensalt may change the prefix */ + if (!strneq(result, salt, strlen(salt_prefix))) { fprintf(stderr, _("Method not supported by crypt(3).\n")); exit(2); } -- 1.7.3.4 ++++++ whois-5.0.11-mkpasswd-fix-compiler-warnings.diff ++++++ >From a57b7374a00a93bc237f34c28f9226258adb6a82 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <ludwig.nus...@suse.de> Date: Thu, 14 Jul 2011 13:42:01 +0200 Subject: [PATCH whois 7/7] fix compiler warnings --- mkpasswd.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mkpasswd.c b/mkpasswd.c index 7408cbc..cb5f5ad 100644 --- a/mkpasswd.c +++ b/mkpasswd.c @@ -179,7 +179,7 @@ int main(int argc, char *argv[]) { char *p; rounds = strtol(optarg, &p, 10); - if (p == NULL || *p != '\0' || rounds < 0) { + if (p == NULL || *p != '\0') { fprintf(stderr, _("Invalid number '%s'.\n"), optarg); exit(1); } @@ -296,7 +296,7 @@ int main(int argc, char *argv[]) if (password) { } else if (password_fd != -1) { FILE *fp; - unsigned char *p; + char *p; if (isatty(password_fd)) fprintf(stderr, _("Password: ")); -- 1.7.3.4 ++++++ whois-5.0.11-mkpasswd-remove-obsolete-settings.diff ++++++ >From cda3259facbb37e8775131cfde9822aeb09edf78 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <ludwig.nus...@suse.de> Date: Thu, 14 Jul 2011 13:31:13 +0200 Subject: [PATCH whois 6/7] remove obsolete settings According to Solar Designer $2$ never was officially released, refers to a pre-version of blowfish crypt. FreeBSD is said to support $2a. libxcrypt does not actually support {SHA} --- mkpasswd.c | 8 +------- 1 files changed, 1 insertions(+), 7 deletions(-) diff --git a/mkpasswd.c b/mkpasswd.c index ee997ba..7408cbc 100644 --- a/mkpasswd.c +++ b/mkpasswd.c @@ -83,10 +83,7 @@ static const struct crypt_method methods[] = { { "des", "", 2, 2, 0, N_("standard 56 bit DES-based crypt(3)") }, { "md5", "$1$", 8, 8, 0, "MD5" }, -#if defined FreeBSD - { "bf", "$2$", 22, 22, 0, "Blowfish (FreeBSD)" }, -#endif -#if defined OpenBSD || (defined __SVR4 && defined __sun) +#if defined OpenBSD || defined FreeBSD || (defined __SVR4 && defined __sun) { "bf", "$2a$", 22, 22, 1, "Blowfish" }, #endif #if defined HAVE_CRYPT_GENSALT @@ -111,9 +108,6 @@ static const struct crypt_method methods[] = { #if defined __SVR4 && defined __sun { "sunmd5", "$md5$", 8, 8, 1, "SunMD5" }, #endif -#if defined HAVE_XCRYPT - { "sha", "{SHA}", 0, 0, 0, "SHA-1" }, -#endif { NULL, NULL, 0, 0, 0, NULL } }; -- 1.7.3.4 ++++++ whois-5.0.11-mkpasswd-set-default-blowfish-rounds-to-5.diff ++++++ >From 45731d21f551b72e10e211edfa1b3c4e2ed3f8ad Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <ludwig.nus...@suse.de> Date: Thu, 14 Jul 2011 13:39:07 +0200 Subject: [PATCH whois 5/7] set default blowfish rounds to 5 five rounds is the crypt_blowfish default --- mkpasswd.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mkpasswd.c b/mkpasswd.c index 281d970..ee997ba 100644 --- a/mkpasswd.c +++ b/mkpasswd.c @@ -232,8 +232,8 @@ int main(int argc, char *argv[]) if (streq(salt_prefix, "$2a$") || streq(salt_prefix, "$2y$")) { /* OpenBSD Blowfish */ - if (rounds <= 4) - rounds = 4; + if (rounds < 5) + rounds = 5; /* actually for 2a it is the logarithm of the number of rounds */ snprintf(rounds_str, sizeof(rounds_str), "%02u$", rounds); } else if (rounds_support && rounds) -- 1.7.3.4 ++++++ whois-5.0.11-mkpasswd-support-8bit-characters.diff ++++++ >From b6d62022a7ab3694ed6cef0021a2f837c6b5d80b Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <ludwig.nus...@suse.de> Date: Thu, 14 Jul 2011 13:06:41 +0200 Subject: [PATCH whois 2/7] support 8bit characters 8bit characters are accepted when typed interactively so there is no reason to reject them when read from a file. --- mkpasswd.c | 17 +++-------------- 1 files changed, 3 insertions(+), 14 deletions(-) diff --git a/mkpasswd.c b/mkpasswd.c index 43403d4..59c7a58 100644 --- a/mkpasswd.c +++ b/mkpasswd.c @@ -312,20 +312,9 @@ int main(int argc, char *argv[]) exit(2); } - p = (unsigned char *)password; - while (*p) { - if (*p == '\n' || *p == '\r') { - *p = '\0'; - break; - } - /* which characters are valid? */ - if (*p > 0x7f) { - fprintf(stderr, - _("Illegal password character '0x%hhx'.\n"), *p); - exit(1); - } - p++; - } + p = strpbrk(password, "\n\r"); + if (p) + *p = '\0'; } else { password = getpass(_("Password: ")); if (!password) { -- 1.7.3.4 ++++++ whois-5.0.11-mkpasswd-support-Owl-patched-libcrypt.diff ++++++ >From 1f6bc61a9b79472234571092493d6d980826e736 Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <ludwig.nus...@suse.de> Date: Thu, 14 Jul 2011 13:06:14 +0200 Subject: [PATCH whois 1/7] support Owl patched libcrypt Owl (and upcoming openSUSE) patch crypt_gensalt directly into libc's libcrypt. --- Makefile | 7 ++++++- mkpasswd.c | 8 ++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index 44f09dd..66c4cbe 100644 --- a/Makefile +++ b/Makefile @@ -44,9 +44,14 @@ endif ifdef HAVE_XCRYPT mkpasswd_LDADD += -lxcrypt -DEFS += -DHAVE_XCRYPT +DEFS += -DHAVE_XCRYPT -DHAVE_CRYPT_GENSALT else +ifdef HAVE_CRYPT_GENSALT +DEFS += -DHAVE_CRYPT_GENSALT mkpasswd_LDADD += -lcrypt +else +mkpasswd_LDADD += -lcrypt +endif endif ############################################################################## diff --git a/mkpasswd.c b/mkpasswd.c index 176d980..43403d4 100644 --- a/mkpasswd.c +++ b/mkpasswd.c @@ -36,6 +36,10 @@ #include <xcrypt.h> #include <sys/stat.h> #endif +#ifdef HAVE_CRYPT_GENSALT +#define _OW_SOURCE +#include <crypt.h> +#endif #ifdef HAVE_GETTIMEOFDAY #include <sys/time.h> #endif @@ -82,7 +86,7 @@ static const struct crypt_method methods[] = { #if defined FreeBSD { "bf", "$2$", 22, 22, 0, "Blowfish (FreeBSD)" }, #endif -#if defined OpenBSD || (defined __SVR4 && defined __sun) || defined HAVE_XCRYPT +#if defined OpenBSD || (defined __SVR4 && defined __sun) || defined HAVE_CRYPT_GENSALT { "bf", "$2a$", 22, 22, 1, "Blowfish" }, #endif #if defined FreeBSD @@ -264,7 +268,7 @@ int main(int argc, char *argv[]) strcat(salt, rounds_str); strcat(salt, salt_arg); } else { -#ifdef HAVE_XCRYPT +#ifdef HAVE_CRYPT_GENSALT void *entropy = get_random_bytes(64); salt = crypt_gensalt(salt_prefix, rounds, entropy, 64); -- 1.7.3.4 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org