- v2 version is to extend from 4.4.25 to 4.4.26
- Update from 4.4.23 to 4.4.26
- Update of rootfile not required
- Changelog
Version 4.4.26
* Fix compilation on systems with GCC >= 10, that do not support
declarations with __attribute__((symver)).
Version 4.4.25
* Add support for Python 3.11 in the configure script.
* Stricter checking of invalid salt characters (issue #135).
Hashed passphrases are always entirely printable ASCII, and do
not contain any whitespace or the characters ':', ';', '*', '!',
or '\'. (These characters are used as delimiters and special
markers in the passwd(5) and shadow(5) files.)
Version 4.4.24
* Add hash group for Debian in lib/hashes.conf.
Debian has switched to use the yescrypt hashing algorithm as
the default for new user passwords, so we should add a group
for this distribution.
* Overhaul the badsalt test.
Test patterns are now mostly generated rather than manually coded
into a big table. Not reading past the end of the “setting” part
of the string is tested more thoroughly (this would have caught the
sunmd5 $$ bug if it had been available at the time).
Test logs are tidier.
* Add ‘test-programs’ utility target to Makefile.
It is sometimes useful to compile all the test programs but not run
them. Add a Makefile target that does this.
* Fix incorrect bcrypt-related ifdeffage in test/badsalt.c.
The four variants of bcrypt are independently configurable, but the
badsalt tests for them were all being toggled by INCLUDE_bcrypt,
which is only the macro for the $2b$ variant.
* Fix bigcrypt-related test cases in test/badsalt.c.
The test spec was only correct when both or neither of bigcrypt and
descrypt were enabled.
* Detect ASan in configure and disable incompatible tests.
ASan’s “interceptors” for crypt and crypt_r have a semantic conflict
with libxcrypt, requiring a few tests to be disabled for builds with
-fsanitize-address. See commentary in test/crypt-badargs.c for an
explanation of the conflict, and the commentary in
build-aux/zw_detect_asan.m4 for why a configure test is required.
* Fix several issues found by Covscan in the testsuite. These include:
- CWE-170: String not null terminated (STRING_NULL)
- CWE-188: Reliance on integer endianness (INCOMPATIBLE_CAST)
- CWE-190: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
- CWE-569: Wrong sizeof argument (SIZEOF_MISMATCH)
- CWE-573: Missing varargs init or cleanup (VARARGS)
- CWE-687: Argument cannot be negative (NEGATIVE_RETURNS)
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
- Update from 4.4.20 to 4.4.22
- Update of rootfile not required
- Changelog
Version 4.4.22
* The crypt_checksalt() function has been fixed to correctly return
with 'CRYPT_SALT_INVALID', in case the setting, that is passed
to be checked, represents an empty passphrase or an uncomputed
setting for descrypt without any salt characters.
Version 4.4.21
* The crypt_checksalt() function will now return the value
'CRYPT_SALT_METHOD_LEGACY' in case the setting, that is passed
to be checked, uses a hashing method, which is considered to be
too weak for use with new passphrases.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 4.4.19 to 4.4.20
- Update of rootfile not required
- Changelog
Version 4.4.20
* Fix build when the CFLAGS variable, that is passed into the
configure script, has a leading whitespace character in it
(issue #125).
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
- Update from 4.4.17 to 4.4.19
- Update of rootfile not needed
- Changelog
libxcrypt NEWS -- history of user-visible changes.
Version 4.4.19
* Improve fallback implementation of explicit_bzero.
* Add glibc-on-CSKY, ARC, and RISCV-32 entries to libcrypt.minver.
These were added in GNU libc 2.29, 2.32, and 2.33 respectively
(issue #122).
* Do not build xcrypt.h if we’re not going to install it.
* Do not apply --enable-obsolete-api-enosys mode to fcrypt.
* Compilation fix for NetBSD. NetBSD’s <unistd.h> declares encrypt
and setkey to return int, contrary to POSIX (which says they return
void). Rename those declarations out of the way with macros.
* Compilation fixes for building with GCC 11.
Basically fixes for explicit type-casting.
* Force update of existing symlinks during installation (issue #120).
Version 4.4.18
* Fix compilation errors on (Free)BSD (issue #110).
* Fix conversion error in lib/alg-gost3411-core.c, which is seen by
some sensitive compilers.
* Convert build scripts to Perl.
The minimum version of Perl required is 5.14.
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
libcrypt is deprecated in glibc, and is now explicitely disabled.
Instead we ship libxcrypt which is an alternative implemenation and can be used as a drop-in replacement.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
