Hello community, here is the log from the commit of package yast2-core for openSUSE:Factory checked in at Thu Aug 18 14:24:04 CEST 2011.
-------- --- yast2-core/yast2-core.changes 2011-08-05 16:53:44.000000000 +0200 +++ /mounts/work_src_done/STABLE/yast2-core/yast2-core.changes 2011-08-18 13:16:58.000000000 +0200 @@ -1,0 +2,7 @@ +Thu Aug 18 12:40:23 CEST 2011 - mvid...@suse.cz + +- change blowfish id from 2a to 2y (bnc#700876 bnc#706705 CVE-2011-2483) + (thanks to Ludwig Nussel) +- 2.21.6 + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- yast2-core-2.21.5.tar.bz2 New: ---- yast2-core-2.21.6.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-core.spec ++++++ --- /var/tmp/diff_new_pack.u0MKKD/_old 2011-08-18 14:22:49.000000000 +0200 +++ /var/tmp/diff_new_pack.u0MKKD/_new 2011-08-18 14:22:49.000000000 +0200 @@ -19,11 +19,11 @@ Name: yast2-core -Version: 2.21.5 +Version: 2.21.6 Release: 1 BuildRoot: %{_tmppath}/%{name}-%{version}-build -Source0: yast2-core-2.21.5.tar.bz2 +Source0: yast2-core-2.21.6.tar.bz2 Prefix: /usr @@ -86,7 +86,7 @@ YCP debugger client. %prep -%setup -n yast2-core-2.21.5 +%setup -n yast2-core-2.21.6 %build ++++++ yast2-core-2.21.5.tar.bz2 -> yast2-core-2.21.6.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-core-2.21.5/VERSION new/yast2-core-2.21.6/VERSION --- old/yast2-core-2.21.5/VERSION 2011-08-05 16:45:50.000000000 +0200 +++ new/yast2-core-2.21.6/VERSION 2011-08-18 13:09:16.000000000 +0200 @@ -1 +1 @@ -2.21.5 +2.21.6 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-core-2.21.5/configure new/yast2-core-2.21.6/configure --- old/yast2-core-2.21.5/configure 2011-08-05 16:46:02.000000000 +0200 +++ new/yast2-core-2.21.6/configure 2011-08-18 13:09:28.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for yast2-core 2.21.5. +# Generated by GNU Autoconf 2.68 for yast2-core 2.21.6. # # Report bugs to <http://bugs.opensuse.org/>. # @@ -570,8 +570,8 @@ # Identity of this package. PACKAGE_NAME='yast2-core' PACKAGE_TARNAME='yast2-core' -PACKAGE_VERSION='2.21.5' -PACKAGE_STRING='yast2-core 2.21.5' +PACKAGE_VERSION='2.21.6' +PACKAGE_STRING='yast2-core 2.21.6' PACKAGE_BUGREPORT='http://bugs.opensuse.org/' PACKAGE_URL='' @@ -1371,7 +1371,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures yast2-core 2.21.5 to adapt to many kinds of systems. +\`configure' configures yast2-core 2.21.6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1442,7 +1442,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of yast2-core 2.21.5:";; + short | recursive ) echo "Configuration of yast2-core 2.21.6:";; esac cat <<\_ACEOF @@ -1559,7 +1559,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -yast2-core configure 2.21.5 +yast2-core configure 2.21.6 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -2103,7 +2103,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by yast2-core $as_me 2.21.5, which was +It was created by yast2-core $as_me 2.21.6, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -3033,7 +3033,7 @@ # Define the identity of the package. PACKAGE='yast2-core' - VERSION='2.21.5' + VERSION='2.21.6' cat >>confdefs.h <<_ACEOF @@ -3155,7 +3155,7 @@ -VERSION="2.21.5" +VERSION="2.21.6" RPMNAME="yast2-core" MAINTAINER="Martin Vidner <mvid...@suse.cz>" @@ -18429,7 +18429,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by yast2-core $as_me 2.21.5, which was +This file was extended by yast2-core $as_me 2.21.6, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -18495,7 +18495,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -yast2-core config.status 2.21.5 +yast2-core config.status 2.21.6 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-core-2.21.5/configure.in new/yast2-core-2.21.6/configure.in --- old/yast2-core-2.21.5/configure.in 2011-08-05 16:45:51.000000000 +0200 +++ new/yast2-core-2.21.6/configure.in 2011-08-18 13:09:17.000000000 +0200 @@ -3,7 +3,7 @@ dnl -- This file is generated by y2autoconf 2.18.11 - DO NOT EDIT! -- dnl (edit configure.in.in instead) -AC_INIT(yast2-core, 2.21.5, http://bugs.opensuse.org/, yast2-core) +AC_INIT(yast2-core, 2.21.6, http://bugs.opensuse.org/, yast2-core) dnl Check for presence of file 'RPMNAME' AC_CONFIG_SRCDIR([RPMNAME]) @@ -18,7 +18,7 @@ AM_INIT_AUTOMAKE(tar-ustar -Wno-portability) dnl Important YaST2 variables -VERSION="2.21.5" +VERSION="2.21.6" RPMNAME="yast2-core" MAINTAINER="Martin Vidner <mvid...@suse.cz>" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-core-2.21.5/libycp/src/y2crypt.cc new/yast2-core-2.21.6/libycp/src/y2crypt.cc --- old/yast2-core-2.21.5/libycp/src/y2crypt.cc 2011-08-05 16:45:41.000000000 +0200 +++ new/yast2-core-2.21.6/libycp/src/y2crypt.cc 2011-08-18 13:09:12.000000000 +0200 @@ -141,7 +141,7 @@ break; case BLOWFISH: - salt = make_crypt_salt ("$2a$", 0); + salt = make_crypt_salt ("$2y$", 0); if (!salt) { y2error ("Cannot create salt for blowfish crypt"); @@ -178,7 +178,9 @@ return false; } - if (!newencrypted) + if (!newencrypted + /* catch retval magic by ow-crypt/libxcrypt */ + || !strcmp(newencrypted, "*0") || !strcmp(newencrypted, "*1")) { y2error ("crypt_r () returns 0 pointer"); return false; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org