Hello community, here is the log from the commit of package libxcrypt for openSUSE:11.4 checked in at Fri Jul 29 18:11:32 CEST 2011.
Patchinfo file has no description Patchinfo file has no description Patchinfo file has no description -------- --- old-versions/11.4/all/libxcrypt/libxcrypt.changes 2010-06-28 08:50:28.000000000 +0200 +++ 11.4/libxcrypt/libxcrypt.changes 2011-07-20 12:00:55.000000000 +0200 @@ -1,0 +2,7 @@ +Tue Jul 19 15:45:39 UTC 2011 - lnus...@suse.de + +- update crypt_blowfish to version 1.2 (bnc#700876, CVE-2011-2483) + * due to the signedness bug fix 2a hashes are incompatible with + previous versions if the password contains 8bit chracters! + +------------------------------------------------------------------- Package does not exist at destination yet. Using Fallback old-versions/11.4/all/libxcrypt Destination is old-versions/11.4/UPDATES/all/libxcrypt calling whatdependson for 11.4-i586 New: ---- crypt_blowfish-1.2.tar.gz crypt_blowfish-1.2.tar.gz.sign libxcrypt-3.0.4-blowfish-Makefile.in.diff libxcrypt-3.0.4-blowfish-noasm.diff libxcrypt-3.0.4-blowfish-xcrypt.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxcrypt.spec ++++++ --- /var/tmp/diff_new_pack.0Fvkub/_old 2011-07-29 18:11:19.000000000 +0200 +++ /var/tmp/diff_new_pack.0Fvkub/_new 2011-07-29 18:11:19.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package libxcrypt (Version 3.0.3) +# spec file for package libxcrypt # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,6 +17,7 @@ # norootforbuild +%define crypt_bf_version 1.2 Name: libxcrypt License: LGPLv2.1+ ; Public Domain, Freeware @@ -27,11 +28,19 @@ Obsoletes: libxcrypt-64bit %endif Version: 3.0.3 -Release: 3 +Release: 9.<RELEASE10> Summary: Crypt Library for DES, MD5, Blowfish and others +Url: http://www.openwall.com/crypt/ Source: libxcrypt-%{version}.tar.bz2 -Source2: baselibs.conf +Source1: %{url}crypt_blowfish-%{crypt_bf_version}.tar.gz +Source2: %{url}crypt_blowfish-%{crypt_bf_version}.tar.gz.sign +Source3: baselibs.conf +Patch1: libxcrypt-3.0.4-blowfish-noasm.diff +Patch2: libxcrypt-3.0.4-blowfish-xcrypt.diff +# just patching Makefile.in to avoid autoreconf +Patch3: libxcrypt-3.0.4-blowfish-Makefile.in.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build +Provides: libxcrypt-crypt_blowfish = 1.2 %description Libxcrypt is a replacement for libcrypt, which comes with the GNU C @@ -62,7 +71,12 @@ %prep -%setup -q +%setup -q -a1 +%patch1 -p0 +%patch2 -p0 +%patch3 -p0 +cp crypt_blowfish-*/*.{c,h} plugins/blowfish +mv plugins/blowfish/wrapper.c plugins/blowfish/blowfish-test.c %build ./configure CFLAGS="$RPM_OPT_FLAGS -Wno-cast-align" \ @@ -83,6 +97,9 @@ rm $RPM_BUILD_ROOT/%{_lib}/xcrypt/lib*.{so,la} ln -sf ../../%{_lib}/libxcrypt.so.2 $RPM_BUILD_ROOT%{_libdir}/libxcrypt.so /sbin/ldconfig -n $RPM_BUILD_ROOT/%{_lib}/ +# +ln -s libxcrypt_2a.so.1 $RPM_BUILD_ROOT/%{_lib}/xcrypt/libxcrypt_2y.so.1 +ln -s libxcrypt_2a.so.1 $RPM_BUILD_ROOT/%{_lib}/xcrypt/libxcrypt_2x.so.1 %clean rm -rf $RPM_BUILD_ROOT ++++++ libxcrypt-3.0.4-blowfish-Makefile.in.diff ++++++ Index: plugins/blowfish/Makefile.in =================================================================== --- plugins/blowfish/Makefile.in.orig +++ plugins/blowfish/Makefile.in @@ -234,8 +234,8 @@ libxcrypt_2a_la_LDFLAGS = -version-info plugin_LTLIBRARIES = libxcrypt_2a.la libxcrypt_2a_la_SOURCES = crypt_blowfish.c -blowfish_test_CFLAGS = $(AM_CFLAGS) -DTEST_THREADS=10 -blowfish_test_LDADD = libxcrypt_2a.la -lpthread +blowfish_test_CFLAGS = $(AM_CFLAGS) -DTEST -DTEST_THREADS=4 -DXCRYPT +blowfish_test_LDADD = libxcrypt_2a.la -ldl -lpthread all: all-am .SUFFIXES: ++++++ libxcrypt-3.0.4-blowfish-noasm.diff ++++++ Index: crypt_blowfish-1.2/crypt_blowfish.c =================================================================== --- crypt_blowfish-1.2/crypt_blowfish.c.orig +++ crypt_blowfish-1.2/crypt_blowfish.c @@ -54,7 +54,7 @@ #include "crypt_blowfish.h" #ifdef __i386__ -#define BF_ASM 1 +#define BF_ASM 0 #define BF_SCALE 1 #elif defined(__x86_64__) || defined(__alpha__) || defined(__hppa__) #define BF_ASM 0 ++++++ libxcrypt-3.0.4-blowfish-xcrypt.diff ++++++ Index: crypt_blowfish-1.2/crypt_blowfish.c =================================================================== --- crypt_blowfish-1.2/crypt_blowfish.c.orig +++ crypt_blowfish-1.2/crypt_blowfish.c @@ -44,6 +44,7 @@ */ #include <string.h> +#include <stdio.h> #include <errno.h> #ifndef __set_errno @@ -64,6 +65,10 @@ #define BF_SCALE 0 #endif +#include "xcrypt-plugin.h" +#define _crypt_blowfish_rn __crypt_r +#include <dlfcn.h> + typedef unsigned int BF_word; typedef signed int BF_word_signed; @@ -900,3 +905,23 @@ char *_crypt_gensalt_blowfish_rn(const c return output; } + +/* dirty hack */ +static const char* _find_prefix(const char* prefix) +{ + Dl_info info; + if (dladdr(_find_prefix, &info) && strlen(info.dli_fname) > 8) + { + const char* sfx = info.dli_fname+strlen(info.dli_fname)-8; + if (!strncmp(sfx, "_2y.", 4)) + prefix = "$2y$"; + else if (!strncmp(sfx, "_2x.", 4)) + prefix = "$2x$"; + } + return prefix; +} + +char *__crypt_gensalt_r (unsigned long count, __const char *input, int size, char *output, int output_size) +{ + return _crypt_gensalt_blowfish_rn(_find_prefix("$2a$"), count, input, size, output, output_size); +} Index: crypt_blowfish-1.2/wrapper.c =================================================================== --- crypt_blowfish-1.2/wrapper.c.orig +++ crypt_blowfish-1.2/wrapper.c @@ -37,13 +37,19 @@ #define CRYPT_OUTPUT_SIZE (7 + 22 + 31 + 1) #define CRYPT_GENSALT_OUTPUT_SIZE (7 + 22 + 1) -#if defined(__GLIBC__) && defined(_LIBC) #define __SKIP_GNU -#endif +#include "xcrypt.h" +#include "xcrypt-plugin.h" #include "ow-crypt.h" #include "crypt_blowfish.h" +#ifndef XCRYPT #include "crypt_gensalt.h" +#else +#define _crypt_blowfish_rn __crypt_r +#undef crypt_r +char *crypt_r(const char *key, const char *setting, void *data); +#endif #if defined(__GLIBC__) && defined(_LIBC) /* crypt.h from glibc-crypt-2.1 will define struct crypt_data for us */ @@ -197,6 +203,7 @@ char *crypt(const char *key, const char #define __crypt_gensalt crypt_gensalt #endif +#ifndef XCRYPT char *__crypt_gensalt_rn(const char *prefix, unsigned long count, const char *input, int size, char *output, int output_size) { @@ -231,6 +238,13 @@ char *__crypt_gensalt_rn(const char *pre return use(prefix, count, input, size, output, output_size); } +#else +char *__crypt_gensalt_rn(const char *prefix __attribute__((unused)), unsigned long count, + const char *input, int size, char *output, int output_size) +{ + return __crypt_gensalt_r(count, input, size, output, output_size); +} +#endif char *__crypt_gensalt_ra(const char *prefix, unsigned long count, const char *input, int size) @@ -542,4 +556,21 @@ int main(void) return 0; } +#endif + +#ifdef XCRYPT +int _crypt_output_magic(const char *setting, char *output, int size) +{ + if (size < 3) + return -1; + + output[0] = '*'; + output[1] = '0'; + output[2] = '\0'; + + if (setting[0] == '*' && setting[1] == '0') + output[1] = '1'; + + return 0; +} #endif Index: plugins/blowfish/Makefile.am =================================================================== --- plugins/blowfish/Makefile.am.orig +++ plugins/blowfish/Makefile.am @@ -25,5 +25,5 @@ libxcrypt_2a_la_SOURCES = crypt_blowfish noinst_PROGRAMS = blowfish-test -blowfish_test_CFLAGS = $(AM_CFLAGS) -DTEST_THREADS=10 -blowfish_test_LDADD = libxcrypt_2a.la -lpthread +blowfish_test_CFLAGS = $(AM_CFLAGS) -DTEST -DTEST_THREADS=4 -DXCRYPT +blowfish_test_LDADD = libxcrypt_2a.la -ldl -lpthread ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
