libxcrypt: Update to version 4.4.25

Message ID 20210824212810.1311202-1-adolf.belka@ipfire.org
State New
Headers show
Series libxcrypt: Update to version 4.4.25 | expand

Commit Message

Adolf Belka Aug. 24, 2021, 9:28 p.m. UTC
- Update from 4.4.23 to 4.4.25
- Update of rootfile not required
- Changelog
   Version 4.4.25
    * Add support for Python 3.11 in the configure script.
    * Stricter checking of invalid salt characters (issue #135).
      Hashed passphrases are always entirely printable ASCII, and do
      not contain any whitespace or the characters ':', ';', '*', '!',
      or '\'.  (These characters are used as delimiters and special
      markers in the passwd(5) and shadow(5) files.)
   Version 4.4.24
    * Add hash group for Debian in lib/hashes.conf.
      Debian has switched to use the yescrypt hashing algorithm as
      the default for new user passwords, so we should add a group
      for this distribution.
    * Overhaul the badsalt test.
      Test patterns are now mostly generated rather than manually coded
      into a big table.  Not reading past the end of the “setting” part
      of the string is tested more thoroughly (this would have caught the
      sunmd5 $$ bug if it had been available at the time).
      Test logs are tidier.
    * Add ‘test-programs’ utility target to Makefile.
      It is sometimes useful to compile all the test programs but not run
      them.  Add a Makefile target that does this.
    * Fix incorrect bcrypt-related ifdeffage in test/badsalt.c.
      The four variants of bcrypt are independently configurable, but the
      badsalt tests for them were all being toggled by INCLUDE_bcrypt,
      which is only the macro for the $2b$ variant.
    * Fix bigcrypt-related test cases in test/badsalt.c.
      The test spec was only correct when both or neither of bigcrypt and
      descrypt were enabled.
    * Detect ASan in configure and disable incompatible tests.
      ASan’s “interceptors” for crypt and crypt_r have a semantic conflict
      with libxcrypt, requiring a few tests to be disabled for builds with
      -fsanitize-address.  See commentary in test/crypt-badargs.c for an
      explanation of the conflict, and the commentary in
      build-aux/zw_detect_asan.m4 for why a configure test is required.
    * Fix several issues found by Covscan in the testsuite.  These include:
      - CWE-170: String not null terminated (STRING_NULL)
      - CWE-188: Reliance on integer endianness (INCOMPATIBLE_CAST)
      - CWE-190: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
      - CWE-569: Wrong sizeof argument (SIZEOF_MISMATCH)
      - CWE-573: Missing varargs init or cleanup (VARARGS)
      - CWE-687: Argument cannot be negative (NEGATIVE_RETURNS)

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 lfs/libxcrypt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Michael Tremer Aug. 31, 2021, 10:01 a.m. UTC | #1
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>

> On 24 Aug 2021, at 22:28, Adolf Belka <adolf.belka@ipfire.org> wrote:
> 
> - Update from 4.4.23 to 4.4.25
> - Update of rootfile not required
> - Changelog
>   Version 4.4.25
>    * Add support for Python 3.11 in the configure script.
>    * Stricter checking of invalid salt characters (issue #135).
>      Hashed passphrases are always entirely printable ASCII, and do
>      not contain any whitespace or the characters ':', ';', '*', '!',
>      or '\'.  (These characters are used as delimiters and special
>      markers in the passwd(5) and shadow(5) files.)
>   Version 4.4.24
>    * Add hash group for Debian in lib/hashes.conf.
>      Debian has switched to use the yescrypt hashing algorithm as
>      the default for new user passwords, so we should add a group
>      for this distribution.
>    * Overhaul the badsalt test.
>      Test patterns are now mostly generated rather than manually coded
>      into a big table.  Not reading past the end of the “setting” part
>      of the string is tested more thoroughly (this would have caught the
>      sunmd5 $$ bug if it had been available at the time).
>      Test logs are tidier.
>    * Add ‘test-programs’ utility target to Makefile.
>      It is sometimes useful to compile all the test programs but not run
>      them.  Add a Makefile target that does this.
>    * Fix incorrect bcrypt-related ifdeffage in test/badsalt.c.
>      The four variants of bcrypt are independently configurable, but the
>      badsalt tests for them were all being toggled by INCLUDE_bcrypt,
>      which is only the macro for the $2b$ variant.
>    * Fix bigcrypt-related test cases in test/badsalt.c.
>      The test spec was only correct when both or neither of bigcrypt and
>      descrypt were enabled.
>    * Detect ASan in configure and disable incompatible tests.
>      ASan’s “interceptors” for crypt and crypt_r have a semantic conflict
>      with libxcrypt, requiring a few tests to be disabled for builds with
>      -fsanitize-address.  See commentary in test/crypt-badargs.c for an
>      explanation of the conflict, and the commentary in
>      build-aux/zw_detect_asan.m4 for why a configure test is required.
>    * Fix several issues found by Covscan in the testsuite.  These include:
>      - CWE-170: String not null terminated (STRING_NULL)
>      - CWE-188: Reliance on integer endianness (INCOMPATIBLE_CAST)
>      - CWE-190: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
>      - CWE-569: Wrong sizeof argument (SIZEOF_MISMATCH)
>      - CWE-573: Missing varargs init or cleanup (VARARGS)
>      - CWE-687: Argument cannot be negative (NEGATIVE_RETURNS)
> 
> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
> ---
> lfs/libxcrypt | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/lfs/libxcrypt b/lfs/libxcrypt
> index 16ebb1dc5..f2fd7f331 100644
> --- a/lfs/libxcrypt
> +++ b/lfs/libxcrypt
> @@ -24,7 +24,7 @@
> 
> include Config
> 
> -VER        = 4.4.23
> +VER        = 4.4.25
> 
> THISAPP    = libxcrypt-$(VER)
> DL_FILE    = $(THISAPP).tar.gz
> @@ -47,7 +47,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_MD5 = 405116b5cc90b72216afccc54025afbc
> +$(DL_FILE)_MD5 = 4828b1530f5bf35af0b45b35acc4db1d
> 
> install : $(TARGET)
> 
> -- 
> 2.33.0
>

Patch

diff --git a/lfs/libxcrypt b/lfs/libxcrypt
index 16ebb1dc5..f2fd7f331 100644
--- a/lfs/libxcrypt
+++ b/lfs/libxcrypt
@@ -24,7 +24,7 @@ 
 
 include Config
 
-VER        = 4.4.23
+VER        = 4.4.25
 
 THISAPP    = libxcrypt-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -47,7 +47,7 @@  objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_MD5 = 405116b5cc90b72216afccc54025afbc
+$(DL_FILE)_MD5 = 4828b1530f5bf35af0b45b35acc4db1d
 
 install : $(TARGET)