Hello community, here is the log from the commit of package glibc for openSUSE:Factory checked in at Thu Jul 21 08:55:17 CEST 2011.
-------- --- glibc/glibc.changes 2011-07-06 11:53:20.000000000 +0200 +++ /mounts/work_src_done/STABLE/glibc/glibc.changes 2011-07-19 14:23:33.000000000 +0200 @@ -1,0 +2,25 @@ +Tue Jul 19 12:19:22 UTC 2011 - [email protected] + +- Back to old glibc-2.2-sunrpc.diff for now. + +------------------------------------------------------------------- +Tue Jul 19 08:41:55 UTC 2011 - [email protected] + +- update crypt_blowfish to version 1.2 (bnc#700876) + * due to the signedness bug fix 2a hashes are incompatible with + previous versions if the password contains 8bit chracters! + * libcrypt now exports crypt_gensalt + +------------------------------------------------------------------- +Tue Jul 12 14:21:29 UTC 2011 - [email protected] + +- Remove ppc-atomic.diff after discussion with glibc PPC experts + since it does not bring any real benefit. + +------------------------------------------------------------------- +Thu Jul 7 14:50:15 UTC 2011 - [email protected] + +- Update glibc-2.2-sunrpc.diff with newer patch from sourceware + bugzilla (bs#bso#5379). + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- crypt_blowfish-1.0-suse.diff minmem ppc-atomic.diff New: ---- crypt_blowfish-1.1-sha.diff crypt_blowfish-1.2.tar.gz crypt_blowfish-1.2.tar.gz.sign glibc-2.14-crypt.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ glibc.spec ++++++ --- /var/tmp/diff_new_pack.wnjDqL/_old 2011-07-21 08:49:56.000000000 +0200 +++ /var/tmp/diff_new_pack.wnjDqL/_new 2011-07-21 08:49:56.000000000 +0200 @@ -16,6 +16,7 @@ # +%define crypt_bf_version 1.2 Name: glibc License: GPLv2+ @@ -77,7 +78,7 @@ Obsoletes: glibc-32bit %endif Version: 2.13 -Release: 23 +Release: 25 Url: http://www.gnu.org/software/libc/libc.html Source: glibc-%{version}-996cf2ef0727.tar.bz2 Source2: http://ftp.gnu.org/gnu/glibc/glibc-ports-2.13.tar.bz2 @@ -94,6 +95,9 @@ Source20: nscd.conf Source21: nscd.service Source22: nscd.socket +# +Source50: http://www.openwall.com/crypt/crypt_blowfish-%{crypt_bf_version}.tar.gz +Source51: http://www.openwall.com/crypt/crypt_blowfish-%{crypt_bf_version}.tar.gz.sign Requires(pre): filesystem Provides: rtld(GNU_HASH) @@ -114,8 +118,8 @@ Patch3: glibc-resolv-reload.diff # PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines Patch4: glibc-2.3.locales.diff.bz2 -# PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines -Patch5: crypt_blowfish-1.0-suse.diff +# PATCH-FEATURE-OPENSUSE -- add crypt_blowfish support - bnc#700876 +Patch5: glibc-2.14-crypt.diff # PATCH-FIX-OPENSUSE add some extra information to version output - [email protected] Patch7: glibc-version.diff # PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines @@ -146,15 +150,13 @@ Patch25: glibc-2.3.90-langpackdir.diff # PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines Patch27: glibc-2.6-configure.diff -# PATCH-FIX-OPENSUSE Fix hangs in UDP RPC calls bso#5379 +# PATCH-FIX-OPENSUSE Fix hangs in UDP RPC calls bso#5379 bnc#257745 [email protected] Patch28: glibc-2.2-sunrpc.diff # PATCH-FIX-OPENSUSE Do not generate hardlink for getconf Patch29: glibc-2.8-getconf.diff # PATCH-FIX-OPENSUSE only use ipv6 if real ipv6 address exists bnc#361697, bnc#684534 Patch30: getaddrinfo-ipv6-sanity.diff # PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines -Patch31: ppc-atomic.diff -# PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines Patch33: glibc-compiled-binaries.diff # PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines Patch36: glibc-no-unwind-tables.diff @@ -164,7 +166,7 @@ Patch38: glibc-cpusetsize.diff # PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines Patch40: libm-x86-64-exceptions.diff -# PATCH-MISSING-TAG -- See http://en.opensuse.org/openSUSE:Packaging_Patches_guidelines +# PATCH-FIX-OPENSUSE - Allow compilation with -altivec [email protected] Patch41: glibc-uio-cell.diff # PATCH-FIX-UPSTREAM -- add missing includes [email protected] Patch43: missing-include-build-fix.diff @@ -206,6 +208,9 @@ Patch63: glibc-2.13-localedef.patch # PATCH-FIX-UPSTREAM Fix futex bug bso#12403 [email protected] Patch64: glibc-fix-rwlock-stack-imbalance.patch +# +# PATCH-FEATURE-OPENSUSE -- add sha support to crypt_blowfish [email protected] +Patch80: crypt_blowfish-1.1-sha.diff %description The GNU C Library provides the most important standard libraries used @@ -369,6 +374,14 @@ # any other leave out ports %setup -n glibc-%{version} -q -a 3 -a 4 %endif +# Owl crypt_blowfish +tar -xzf %SOURCE50 +pushd crypt_blowfish-%{crypt_bf_version} +%patch80 -p1 +popd +mv crypt/{crypt.h,gnu-crypt.h} +mv crypt_blowfish-%crypt_bf_version/*.[chS] crypt/ +# %patch0 # libNoVersion part is only active on ix86 %patch1 @@ -376,7 +389,7 @@ # %patch2 -p1 %patch3 %patch4 -%patch5 +%patch5 -p1 %patch7 %patch8 # Disabled @@ -403,7 +416,6 @@ %patch28 %patch29 %patch30 -%patch31 %patch33 %patch36 # Disable for now ++++++ crypt_blowfish-1.1-sha.diff ++++++ >From 22a0cc20633a4ddd61233410563c9fabe6b515ed Mon Sep 17 00:00:00 2001 From: Ludwig Nussel <[email protected]> Date: Tue, 5 Jul 2011 17:25:12 +0200 Subject: [PATCH crypt_blowfish 1/2] support for sha256 and sha512 --- crypt_gensalt.c | 119 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ wrapper.c | 28 +++++++++++++ 2 files changed, 147 insertions(+), 0 deletions(-) diff --git a/crypt_gensalt.c b/crypt_gensalt.c index 43b0f6c..4600e30 100644 --- a/crypt_gensalt.c +++ b/crypt_gensalt.c @@ -7,6 +7,11 @@ * entirely in crypt_blowfish.c. */ +/* asprintf&free */ +#define _GNU_SOURCE +#include <stdio.h> +#include <stdlib.h> + #include <string.h> #include <errno.h> @@ -105,3 +110,117 @@ char *_crypt_gensalt_md5_rn(unsigned long count, return output; } + +char *_crypt_gensalt_sha256_rn (unsigned long count, + const char *input, int size, char *output, int output_size) +{ + unsigned long value; + char *buf; + char buf2[12]; + + if (count > 0) { + if (asprintf (&buf, "$5$rounds=%ld$", count) < 0) { + if (output_size > 0) + output[0] = '\0'; + errno = ENOMEM; + return NULL; + } + } else { + if (asprintf (&buf, "$5$") < 0) { + if (output_size > 0) + output[0] = '\0'; + errno = ENOMEM; + return NULL; + } + } + + if (size < 3 || output_size < (int)strlen (buf) + 4 + 1) { + free (buf); + if (output_size > 0) + output[0] = '\0'; + errno = ERANGE; + return NULL; + } + + value = (unsigned long)(unsigned char)input[0] | + ((unsigned long)(unsigned char)input[1] << 8) | + ((unsigned long)(unsigned char)input[2] << 16); + buf2[0] = _crypt_itoa64[value & 0x3f]; + buf2[1] = _crypt_itoa64[(value >> 6) & 0x3f]; + buf2[2] = _crypt_itoa64[(value >> 12) & 0x3f]; + buf2[3] = _crypt_itoa64[(value >> 18) & 0x3f]; + buf2[4] = '\0'; + + if (size >= 6 && output_size >= (int)strlen (buf) + 4 + 4 + 1) { + value = (unsigned long)(unsigned char)input[3] | + ((unsigned long)(unsigned char)input[4] << 8) | + ((unsigned long)(unsigned char)input[5] << 16); + buf2[4] = _crypt_itoa64[value & 0x3f]; + buf2[5] = _crypt_itoa64[(value >> 6) & 0x3f]; + buf2[6] = _crypt_itoa64[(value >> 12) & 0x3f]; + buf2[7] = _crypt_itoa64[(value >> 18) & 0x3f]; + buf2[8] = '\0'; + } + + snprintf (output, output_size, "%s%s", buf, buf2); + free (buf); + + return output; +} + +char *_crypt_gensalt_sha512_rn (unsigned long count, + const char *input, int size, char *output, int output_size) +{ + unsigned long value; + char *buf; + char buf2[12]; + + if (count > 0) { + if (asprintf (&buf, "$6$rounds=%ld$", count) < 0) { + if (output_size > 0) + output[0] = '\0'; + errno = ENOMEM; + return NULL; + } + } else { + if (asprintf (&buf, "$6$") < 0) { + if (output_size > 0) + output[0] = '\0'; + errno = ENOMEM; + return NULL; + } + } + + if (size < 3 || output_size < (int)strlen (buf) + 4 + 1) { + free (buf); + if (output_size > 0) + output[0] = '\0'; + __set_errno(ERANGE); + return NULL; + } + + value = (unsigned long)(unsigned char)input[0] | + ((unsigned long)(unsigned char)input[1] << 8) | + ((unsigned long)(unsigned char)input[2] << 16); + buf2[0] = _crypt_itoa64[value & 0x3f]; + buf2[1] = _crypt_itoa64[(value >> 6) & 0x3f]; + buf2[2] = _crypt_itoa64[(value >> 12) & 0x3f]; + buf2[3] = _crypt_itoa64[(value >> 18) & 0x3f]; + buf2[4] = '\0'; + + if (size >= 6 && output_size >= (int)strlen (buf) + 4 + 4 + 1) { + value = (unsigned long)(unsigned char)input[3] | + ((unsigned long)(unsigned char)input[4] << 8) | + ((unsigned long)(unsigned char)input[5] << 16); + buf2[4] = _crypt_itoa64[value & 0x3f]; + buf2[5] = _crypt_itoa64[(value >> 6) & 0x3f]; + buf2[6] = _crypt_itoa64[(value >> 12) & 0x3f]; + buf2[7] = _crypt_itoa64[(value >> 18) & 0x3f]; + buf2[8] = '\0'; + } + + snprintf (output, output_size, "%s%s", buf, buf2); + free (buf); + + return output; +} diff --git a/wrapper.c b/wrapper.c index af441bc..07772bc 100644 --- a/wrapper.c +++ b/wrapper.c @@ -33,12 +33,20 @@ #include "crypt_blowfish.h" #include "crypt_gensalt.h" +extern char *_crypt_gensalt_sha256_rn(unsigned long count, + const char *input, int size, char *output, int output_size); +extern char *_crypt_gensalt_sha512_rn(unsigned long count, + const char *input, int size, char *output, int output_size); #if defined(__GLIBC__) && defined(_LIBC) /* crypt.h from glibc-crypt-2.1 will define struct crypt_data for us */ #include "crypt.h" extern char *__md5_crypt_r(const char *key, const char *salt, char *buffer, int buflen); +extern char *__sha256_crypt_r (const char *key, const char *salt, + char *buffer, int buflen); +extern char *__sha512_crypt_r (const char *key, const char *salt, + char *buffer, int buflen); /* crypt-entry.c needs to be patched to define __des_crypt_r rather than * __crypt_r, and not define crypt_r and crypt at all */ extern char *__des_crypt_r(const char *key, const char *salt, @@ -101,6 +109,10 @@ static char *_crypt_retval_magic(char *retval, const char *setting, char *__crypt_rn(__const char *key, __const char *setting, void *data, int size) { + if (setting[0] == '$' && setting[1] == '6') + return __sha512_crypt_r(key, setting, (char *)data, size); + if (setting[0] == '$' && setting[1] == '5') + return __sha256_crypt_r(key, setting, (char *)data, size); if (setting[0] == '$' && setting[1] == '2') return _crypt_blowfish_rn(key, setting, (char *)data, size); if (setting[0] == '$' && setting[1] == '1') @@ -118,6 +130,16 @@ char *__crypt_rn(__const char *key, __const char *setting, char *__crypt_ra(__const char *key, __const char *setting, void **data, int *size) { + if (setting[0] == '$' && setting[1] == '6') { + if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE)) + return NULL; + return __sha512_crypt_r(key, setting, (char *)*data, *size); + } + if (setting[0] == '$' && setting[1] == '5') { + if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE)) + return NULL; + return __sha256_crypt_r(key, setting, (char *)*data, *size); + } if (setting[0] == '$' && setting[1] == '2') { if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE)) return NULL; @@ -199,6 +221,12 @@ char *__crypt_gensalt_rn(const char *prefix, unsigned long count, return NULL; } + if (!strncmp(prefix, "$6$", 3)) + use = _crypt_gensalt_sha512_rn; + else + if (!strncmp(prefix, "$5$", 3)) + use = _crypt_gensalt_sha256_rn; + else if (!strncmp(prefix, "$2a$", 4) || !strncmp(prefix, "$2y$", 4)) use = _crypt_gensalt_blowfish_rn; else -- 1.7.3.4 ++++++ glibc-2.14-crypt.diff ++++++ diff -urp glibc-2.14.orig/crypt/Makefile glibc-2.14/crypt/Makefile --- glibc-2.14.orig/crypt/Makefile 2011-05-31 04:12:33 +0000 +++ glibc-2.14/crypt/Makefile 2011-07-16 21:40:56 +0000 @@ -22,6 +22,7 @@ subdir := crypt headers := crypt.h +headers += gnu-crypt.h ow-crypt.h extra-libs := libcrypt extra-libs-others := $(extra-libs) @@ -29,6 +30,8 @@ extra-libs-others := $(extra-libs) libcrypt-routines := crypt-entry md5-crypt sha256-crypt sha512-crypt crypt \ crypt_util +libcrypt-routines += crypt_blowfish x86 crypt_gensalt wrapper + tests := cert md5c-test sha256c-test sha512c-test distribute := ufc-crypt.h crypt-private.h ufc.c speeds.c README.ufc-crypt \ diff -urp glibc-2.14.orig/crypt/Versions glibc-2.14/crypt/Versions --- glibc-2.14.orig/crypt/Versions 2011-05-31 04:12:33 +0000 +++ glibc-2.14/crypt/Versions 2011-07-16 21:40:56 +0000 @@ -1,5 +1,6 @@ libcrypt { GLIBC_2.0 { crypt; crypt_r; encrypt; encrypt_r; fcrypt; setkey; setkey_r; + crypt_rn; crypt_ra; crypt_gensalt; crypt_gensalt_rn; crypt_gensalt_ra; } } diff -urp glibc-2.14.orig/crypt/crypt-entry.c glibc-2.14/crypt/crypt-entry.c --- glibc-2.14.orig/crypt/crypt-entry.c 2011-05-31 04:12:33 +0000 +++ glibc-2.14/crypt/crypt-entry.c 2011-07-16 21:40:56 +0000 @@ -82,7 +82,7 @@ extern struct crypt_data _ufc_foobar; */ char * -__crypt_r (key, salt, data) +__des_crypt_r (key, salt, data) const char *key; const char *salt; struct crypt_data * __restrict data; @@ -137,6 +137,7 @@ __crypt_r (key, salt, data) _ufc_output_conversion_r (res[0], res[1], salt, data); return data->crypt_3_buf; } +#if 0 weak_alias (__crypt_r, crypt_r) char * @@ -177,3 +178,4 @@ __fcrypt (key, salt) return crypt (key, salt); } #endif +#endif ++++++ glibc-2.2-sunrpc.diff ++++++ --- /var/tmp/diff_new_pack.wnjDqL/_old 2011-07-21 08:49:56.000000000 +0200 +++ /var/tmp/diff_new_pack.wnjDqL/_new 2011-07-21 08:49:56.000000000 +0200 @@ -1,8 +1,6 @@ -The following patch was not accepted upstream, see: +For details see: http://sourceware.org/bugzilla/show_bug.cgi?id=5379 -It needs rework. - Index: sunrpc/clnt_udp.c =================================================================== --- sunrpc/clnt_udp.c.orig ++++++ glibc-uio-cell.diff ++++++ --- /var/tmp/diff_new_pack.wnjDqL/_old 2011-07-21 08:49:57.000000000 +0200 +++ /var/tmp/diff_new_pack.wnjDqL/_new 2011-07-21 08:49:57.000000000 +0200 @@ -1,3 +1,8 @@ +Refused by Ulrich Drepper: +http://sourceware.org/ml/libc-alpha/2011-07/msg00046.html + +We have to keep it until gcc handles this better. + 2009-11-06 Petr Baudis <[email protected]> * include/sys/uio.h: Change __vector to __iovec to avoid clash ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
