Message ID | 20210926103700.2988-1-adolf.belka@ipfire.org |
---|---|
State | Accepted |
Commit | 692c22519dc6b693bb4fdb31135267dd8f8d97fb |
Headers |
Return-Path: <development-bounces@lists.ipfire.org> Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4HHMf11Kwrz3xWd for <patchwork@web04.haj.ipfire.org>; Sun, 26 Sep 2021 10:37:13 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4HHMf064pPz12q; Sun, 26 Sep 2021 10:37:12 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4HHMf058v2z2yl3; Sun, 26 Sep 2021 10:37:12 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4HHMdz1V84z2xmx for <development@lists.ipfire.org>; Sun, 26 Sep 2021 10:37:11 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4HHMdy5yd7zBQ; Sun, 26 Sep 2021 10:37:10 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1632652630; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yR4rhTarFoXbS5C1GnwclkW9qgND1yAYbezx8v7jGQk=; b=AredYcfuzRATHg7iCdlHjDgZNWk3QnF7ytHAj3+2Be9vWFMlNKoXDTnbAlrI2zg3uZdd8+ WXDTL3qXb70RMRCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1632652630; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yR4rhTarFoXbS5C1GnwclkW9qgND1yAYbezx8v7jGQk=; b=PuBZLlxqdB93QNOvu6G11e87Lv6dKNF6J89ClfcFREaJWb0gFjiPFCVptr9BKZd8GfhfZf kOMy/xgS9SyLAYth4Wz75ChfegOlh0//Q+vUgtqC9byCD7ZbSJSSLyFC6uIXhNsUuJ5s9B 6ml9kZsWS3/FrcZyfFLalzB4wImPmpjA+6lhRBaDvQ0Db1NzltUJuF4xKeMjwc7TVr+foT xheC6bN6gJnz2JGSYBRtJ1fz4xRiNyAC9WsRVwE261iFu1mTjB1LN7Lvc+lNgo1FD/TT0E fy9nzMZri3R+2UZJypbLpkARSU6K6OphOYD/du1EfAl9fjtWt1kA2iV5FbZ9aA== From: Adolf Belka <adolf.belka@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH v2] libxcrypt: Update to version 4.4.26 Date: Sun, 26 Sep 2021 12:37:00 +0200 Message-Id: <20210926103700.2988-1-adolf.belka@ipfire.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk <development.lists.ipfire.org> List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>, <mailto:development-request@lists.ipfire.org?subject=unsubscribe> List-Archive: <http://lists.ipfire.org/pipermail/development/> List-Post: <mailto:development@lists.ipfire.org> List-Help: <mailto:development-request@lists.ipfire.org?subject=help> List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>, <mailto:development-request@lists.ipfire.org?subject=subscribe> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org> |
Series |
[v2] libxcrypt: Update to version 4.4.26
|
|
Commit Message
Adolf Belka
Sept. 26, 2021, 10:37 a.m. UTC
- v2 version is to extend from 4.4.25 to 4.4.26
- Update from 4.4.23 to 4.4.26
- Update of rootfile not required
- Changelog
Version 4.4.26
* Fix compilation on systems with GCC >= 10, that do not support
declarations with __attribute__((symver)).
Version 4.4.25
* Add support for Python 3.11 in the configure script.
* Stricter checking of invalid salt characters (issue #135).
Hashed passphrases are always entirely printable ASCII, and do
not contain any whitespace or the characters ':', ';', '*', '!',
or '\'. (These characters are used as delimiters and special
markers in the passwd(5) and shadow(5) files.)
Version 4.4.24
* Add hash group for Debian in lib/hashes.conf.
Debian has switched to use the yescrypt hashing algorithm as
the default for new user passwords, so we should add a group
for this distribution.
* Overhaul the badsalt test.
Test patterns are now mostly generated rather than manually coded
into a big table. Not reading past the end of the “setting” part
of the string is tested more thoroughly (this would have caught the
sunmd5 $$ bug if it had been available at the time).
Test logs are tidier.
* Add ‘test-programs’ utility target to Makefile.
It is sometimes useful to compile all the test programs but not run
them. Add a Makefile target that does this.
* Fix incorrect bcrypt-related ifdeffage in test/badsalt.c.
The four variants of bcrypt are independently configurable, but the
badsalt tests for them were all being toggled by INCLUDE_bcrypt,
which is only the macro for the $2b$ variant.
* Fix bigcrypt-related test cases in test/badsalt.c.
The test spec was only correct when both or neither of bigcrypt and
descrypt were enabled.
* Detect ASan in configure and disable incompatible tests.
ASan’s “interceptors” for crypt and crypt_r have a semantic conflict
with libxcrypt, requiring a few tests to be disabled for builds with
-fsanitize-address. See commentary in test/crypt-badargs.c for an
explanation of the conflict, and the commentary in
build-aux/zw_detect_asan.m4 for why a configure test is required.
* Fix several issues found by Covscan in the testsuite. These include:
- CWE-170: String not null terminated (STRING_NULL)
- CWE-188: Reliance on integer endianness (INCOMPATIBLE_CAST)
- CWE-190: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
- CWE-569: Wrong sizeof argument (SIZEOF_MISMATCH)
- CWE-573: Missing varargs init or cleanup (VARARGS)
- CWE-687: Argument cannot be negative (NEGATIVE_RETURNS)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
lfs/libxcrypt | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
Comments
Reviewed-by: Peter Müller <peter.mueller@ipfire.org> > - v2 version is to extend from 4.4.25 to 4.4.26 > - Update from 4.4.23 to 4.4.26 > - Update of rootfile not required > - Changelog > Version 4.4.26 > * Fix compilation on systems with GCC >= 10, that do not support > declarations with __attribute__((symver)). > Version 4.4.25 > * Add support for Python 3.11 in the configure script. > * Stricter checking of invalid salt characters (issue #135). > Hashed passphrases are always entirely printable ASCII, and do > not contain any whitespace or the characters ':', ';', '*', '!', > or '\'. (These characters are used as delimiters and special > markers in the passwd(5) and shadow(5) files.) > Version 4.4.24 > * Add hash group for Debian in lib/hashes.conf. > Debian has switched to use the yescrypt hashing algorithm as > the default for new user passwords, so we should add a group > for this distribution. > * Overhaul the badsalt test. > Test patterns are now mostly generated rather than manually coded > into a big table. Not reading past the end of the “setting” part > of the string is tested more thoroughly (this would have caught the > sunmd5 $$ bug if it had been available at the time). > Test logs are tidier. > * Add ‘test-programs’ utility target to Makefile. > It is sometimes useful to compile all the test programs but not run > them. Add a Makefile target that does this. > * Fix incorrect bcrypt-related ifdeffage in test/badsalt.c. > The four variants of bcrypt are independently configurable, but the > badsalt tests for them were all being toggled by INCLUDE_bcrypt, > which is only the macro for the $2b$ variant. > * Fix bigcrypt-related test cases in test/badsalt.c. > The test spec was only correct when both or neither of bigcrypt and > descrypt were enabled. > * Detect ASan in configure and disable incompatible tests. > ASan’s “interceptors” for crypt and crypt_r have a semantic conflict > with libxcrypt, requiring a few tests to be disabled for builds with > -fsanitize-address. See commentary in test/crypt-badargs.c for an > explanation of the conflict, and the commentary in > build-aux/zw_detect_asan.m4 for why a configure test is required. > * Fix several issues found by Covscan in the testsuite. These include: > - CWE-170: String not null terminated (STRING_NULL) > - CWE-188: Reliance on integer endianness (INCOMPATIBLE_CAST) > - CWE-190: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN) > - CWE-569: Wrong sizeof argument (SIZEOF_MISMATCH) > - CWE-573: Missing varargs init or cleanup (VARARGS) > - CWE-687: Argument cannot be negative (NEGATIVE_RETURNS) > > Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> > --- > lfs/libxcrypt | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/lfs/libxcrypt b/lfs/libxcrypt > index 16ebb1dc5..770b4249e 100644 > --- a/lfs/libxcrypt > +++ b/lfs/libxcrypt > @@ -24,10 +24,10 @@ > > include Config > > -VER = 4.4.23 > +VER = 4.4.26 > > THISAPP = libxcrypt-$(VER) > -DL_FILE = $(THISAPP).tar.gz > +DL_FILE = $(THISAPP).tar.xz > DL_FROM = $(URL_IPFIRE) > DIR_APP = $(DIR_SRC)/$(THISAPP) > > @@ -47,7 +47,7 @@ objects = $(DL_FILE) > > $(DL_FILE) = $(DL_FROM)/$(DL_FILE) > > -$(DL_FILE)_MD5 = 405116b5cc90b72216afccc54025afbc > +$(DL_FILE)_MD5 = 34954869627f62f9992808b6cff0d0a9 > > install : $(TARGET) > >
diff --git a/lfs/libxcrypt b/lfs/libxcrypt index 16ebb1dc5..770b4249e 100644 --- a/lfs/libxcrypt +++ b/lfs/libxcrypt @@ -24,10 +24,10 @@ include Config -VER = 4.4.23 +VER = 4.4.26 THISAPP = libxcrypt-$(VER) -DL_FILE = $(THISAPP).tar.gz +DL_FILE = $(THISAPP).tar.xz DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) @@ -47,7 +47,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 405116b5cc90b72216afccc54025afbc +$(DL_FILE)_MD5 = 34954869627f62f9992808b6cff0d0a9 install : $(TARGET)