Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libxcrypt for openSUSE:Factory checked in at 2021-07-21 19:05:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libxcrypt (Old) and /work/SRC/openSUSE:Factory/.libxcrypt.new.2632 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libxcrypt" Wed Jul 21 19:05:23 2021 rev:11 rq:901705 version:4.4.23 Changes: -------- --- /work/SRC/openSUSE:Factory/libxcrypt/libxcrypt.changes 2021-04-18 21:44:03.756615516 +0200 +++ /work/SRC/openSUSE:Factory/.libxcrypt.new.2632/libxcrypt.changes 2021-07-21 19:05:24.807190710 +0200 @@ -1,0 +2,19 @@ +Thu Jun 24 08:48:06 UTC 2021 - Paolo Stivanin <i...@paolostivanin.com> + +- Update to 4.4.23 + * Fix output calculation for gensalt_yescrypt_rn(). + * Fix -Werror=conversion in lib/crypt-des-obsolete.c, + test/des-obsolete.c, and test/des-obsolete_r.c. + * The crypt_checksalt() function has been fixed to correctly return + with 'CRYPT_SALT_INVALID', in case the setting, that is passed + to be checked, represents an empty passphrase or an uncomputed + setting for descrypt without any salt characters. + * The crypt_checksalt() function will now return the value + 'CRYPT_SALT_METHOD_LEGACY' in case the setting, that is passed + to be checked, uses a hashing method, which is considered to be + too weak for use with new passphrases. + * Fix build when the CFLAGS variable, that is passed into the + configure script, has a leading whitespace character in it + (issue #123). + +------------------------------------------------------------------- Old: ---- libxcrypt-4.4.19.tar.gz New: ---- libxcrypt-4.4.23.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libxcrypt.spec ++++++ --- /var/tmp/diff_new_pack.xJLjEB/_old 2021-07-21 19:05:25.379191704 +0200 +++ /var/tmp/diff_new_pack.xJLjEB/_new 2021-07-21 19:05:25.383191711 +0200 @@ -17,7 +17,7 @@ Name: libxcrypt -Version: 4.4.19 +Version: 4.4.23 Release: 0 Summary: Extended crypt library for DES, MD5, Blowfish and others License: BSD-2-Clause AND GPL-3.0-or-later AND LGPL-2.1-or-later AND BSD-3-Clause AND SUSE-Public-Domain ++++++ libxcrypt-4.4.19.tar.gz -> libxcrypt-4.4.23.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.19/.gitignore new/libxcrypt-4.4.23/.gitignore --- old/libxcrypt-4.4.19/.gitignore 2021-04-08 21:57:36.000000000 +0200 +++ new/libxcrypt-4.4.23/.gitignore 2021-06-20 18:43:25.000000000 +0200 @@ -130,3 +130,11 @@ # Coverage all_coverage.info coverage.info + +# Packit +libxcrypt.spec +libxcrypt-*.rpm +libxcrypt-*.srpm +libxcrypt-*.src.rpm +libxcrypt-*/ +*/libxcrypt-*.rpm diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.19/.packit.yaml new/libxcrypt-4.4.23/.packit.yaml --- old/libxcrypt-4.4.19/.packit.yaml 1970-01-01 01:00:00.000000000 +0100 +++ new/libxcrypt-4.4.23/.packit.yaml 2021-06-20 18:43:25.000000000 +0200 @@ -0,0 +1,43 @@ +specfile_path: libxcrypt.spec + +synced_files: + - libxcrypt.spec + - .packit.yaml + +upstream_package_name: libxcrypt +upstream_project_url: https://github.com/besser82/libxcrypt +upstream_tag_template: v{version} +downstream_package_name: libxcrypt +dist_git_namespace: rpms +create_pr: True + +actions: + post-upstream-clone: "wget https://src.fedoraproject.org/rpms/libxcrypt/raw/main/f/libxcrypt.spec -O libxcrypt.spec" + +jobs: +- job: copr_build + trigger: pull_request + metadata: + list_on_homepage: False + targets: + - fedora-all-aarch64 + - fedora-all-i386 + - fedora-all-x86_64 + - fedora-development-s390x + +- job: copr_build + trigger: commit + metadata: + branch: develop + list_on_homepage: False + targets: + - fedora-all-aarch64 + - fedora-all-i386 + - fedora-all-x86_64 + - fedora-development-s390x + +- job: propose_downstream + trigger: release + metadata: + dist_git_branches: + - main diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.19/NEWS new/libxcrypt-4.4.23/NEWS --- old/libxcrypt-4.4.19/NEWS 2021-04-08 21:57:36.000000000 +0200 +++ new/libxcrypt-4.4.23/NEWS 2021-06-20 18:43:25.000000000 +0200 @@ -3,6 +3,28 @@ Please send bug reports, questions and suggestions to <https://github.com/besser82/libxcrypt/issues>. +Version 4.4.23 +* Fix output calculation for gensalt_yescrypt_rn(). +* Fix -Werror=conversion in lib/crypt-des-obsolete.c, + test/des-obsolete.c, and test/des-obsolete_r.c. + +Version 4.4.22 +* The crypt_checksalt() function has been fixed to correctly return + with 'CRYPT_SALT_INVALID', in case the setting, that is passed + to be checked, represents an empty passphrase or an uncomputed + setting for descrypt without any salt characters. + +Version 4.4.21 +* The crypt_checksalt() function will now return the value + 'CRYPT_SALT_METHOD_LEGACY' in case the setting, that is passed + to be checked, uses a hashing method, which is considered to be + too weak for use with new passphrases. + +Version 4.4.20 +* Fix build when the CFLAGS variable, that is passed into the + configure script, has a leading whitespace character in it + (issue #123). + Version 4.4.19 * Improve fallback implementation of explicit_bzero. * Add glibc-on-CSKY, ARC, and RISCV-32 entries to libcrypt.minver. @@ -27,7 +49,6 @@ Version 4.4.17 * Fix compilation error in 'alignas (type)' with older versions of glibc and/or gcc (issue #107). - * Salt string compatibility with generic implementations (issue #105). All other existing implementations of the md5crypt, sha256crypt, and sha512crypt hashing methods allow any ASCII character to be @@ -37,7 +58,6 @@ which serves a special purpose in the Unix shadow file, and the newline '\n' character, since all parameters of the user data must be on the same line within the Unix shadow file. - * Fix for GCC 10.2 on s390x. Version 4.4.16 @@ -354,7 +374,6 @@ glibc libcrypt). * struct crypt_data is now only 32kB (from 128kB), and divided into a public-API section and a properly opaque internal section. - * New feature: supplying a null pointer as the "prefix" argument to any of the crypt_gencrypt functions will cause it to select the best available hash function (in this release, bcrypt in mode 'a'). @@ -364,7 +383,6 @@ * New feature: supplying a null pointer as the "rbytes" argument to any of the crypt_gencrypt functions will cause it to acquire random bytes from the operating system. - * The legacy functions bigcrypt, fcrypt, encrypt, encrypt_r, setkey, and setkey_r are no longer available for use by new programs. All of these (except fcrypt, which was just another name for crypt) @@ -381,7 +399,6 @@ --disable-obsolete-api, and will prevent DES and MD5 password hashes from being *verified* -- accounts with such hashes are effectively locked. It is intended for use in high-security new installations. - * Sensitive intermediate data is now thoroughly scrubbed from the stack and CPU registers before the crypt functions return to their callers. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.19/build-aux/BuildCommon.pm new/libxcrypt-4.4.23/build-aux/BuildCommon.pm --- old/libxcrypt-4.4.19/build-aux/BuildCommon.pm 2021-04-08 21:57:36.000000000 +0200 +++ new/libxcrypt-4.4.23/build-aux/BuildCommon.pm 2021-06-20 18:43:25.000000000 +0200 @@ -293,14 +293,16 @@ # use Class::Struct HashSpec => [ - name => '$', - prefix => '$', - nrbytes => '$', + name => '$', + prefix => '$', + nrbytes => '$', + is_strong => '$', ]; use Class::Struct HashesConfData => [ hashes => '*%', groups => '*%', max_namelen => '$', + max_nrbyteslen => '$', max_prefixlen => '$', default_candidates => '*@', ]; @@ -351,8 +353,9 @@ my %line_of; my %hashes; my %groups; - my $max_namelen = 0; - my $max_prefixlen = 0; + my $max_namelen = 0; + my $max_nrbyteslen = 0; + my $max_prefixlen = 0; my @default_candidates; local $_; while (<$fh>) { @@ -397,6 +400,10 @@ $nrbytes = 1; } + if ($max_nrbyteslen < length $nrbytes) { + $max_nrbyteslen = length $nrbytes; + } + $flags = q{} if $flags eq ':'; for (split /,/, $flags) { if (!exists $VALID_FLAGS{$_}) { @@ -417,9 +424,10 @@ next if $error; my $entry = HashSpec->new( - name => $name, - prefix => $h_prefix, - nrbytes => $nrbytes, + name => $name, + prefix => $h_prefix, + nrbytes => $nrbytes, + is_strong => $is_strong, ); $hashes{$name} = $entry; for my $g (@grps) { @@ -458,6 +466,7 @@ hashes => \%hashes, groups => \%groups, max_namelen => $max_namelen, + max_nrbyteslen => $max_nrbyteslen, max_prefixlen => $max_prefixlen, default_candidates => \@default_candidates, ); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.19/build-aux/compute-symver-floor new/libxcrypt-4.4.23/build-aux/compute-symver-floor --- old/libxcrypt-4.4.19/build-aux/compute-symver-floor 2021-04-08 21:57:36.000000000 +0200 +++ new/libxcrypt-4.4.23/build-aux/compute-symver-floor 2021-06-20 18:43:25.000000000 +0200 @@ -37,6 +37,10 @@ @CFLAGS = sh_split($ENV{CFLAGS} // q{}); + # Remove empty elements, particularly leading ones which + # cause issues with popen below. + @CFLAGS = grep { $_ } @CFLAGS; + # We call ensure_C_locale here, not from the main section, # because this sub might not get called at all, in which # case it would be unnecessary work. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.19/build-aux/gen-crypt-hashes-h new/libxcrypt-4.4.23/build-aux/gen-crypt-hashes-h --- old/libxcrypt-4.4.19/build-aux/gen-crypt-hashes-h 2021-04-08 21:57:36.000000000 +0200 +++ new/libxcrypt-4.4.23/build-aux/gen-crypt-hashes-h 2021-06-20 18:43:25.000000000 +0200 @@ -87,15 +87,16 @@ } @enabled_hashes; for my $e (@table_hashes) { - my $name_rn = $e->name . '_rn,'; - my $q_prefix = '"' . $e->prefix . '",'; - printf " { %-*s %d, crypt_%-*s gensalt_%-*s %s }, \\\n", - $hconf->max_prefixlen + 2, $q_prefix, length($e->prefix), - $hconf->max_namelen + 4, $name_rn, - $hconf->max_namelen + 4, $name_rn, - $e->nrbytes; + my $name_rn = $e->name . '_rn,'; + my $q_prefix = '"' . $e->prefix . '",'; + my $str_nrbytes = $e->nrbytes . ','; + printf " { %-*s %d, crypt_%-*s gensalt_%-*s %-*s %s}, \\\n", + $hconf->max_prefixlen + 3, $q_prefix, length($e->prefix), + $hconf->max_namelen + 4, $name_rn, + $hconf->max_namelen + 4, $name_rn, + $hconf->max_nrbyteslen + 1, $str_nrbytes, $e->is_strong; } - print " { 0, 0, 0, 0, 0 }\n"; + print " { 0, 0, 0, 0, 0, 0 }\n"; # The default_candidates array is in decreasing order of strength; # select the first one that's enabled, if any. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.19/configure.ac new/libxcrypt-4.4.23/configure.ac --- old/libxcrypt-4.4.19/configure.ac 2021-04-08 21:57:36.000000000 +0200 +++ new/libxcrypt-4.4.23/configure.ac 2021-06-20 18:43:25.000000000 +0200 @@ -1,7 +1,7 @@ # Process this file with autoconf to produce a configure script. m4_include([build-aux/zw_automodern.m4]) AC_INIT([xcrypt], - [4.4.19], + [4.4.23], [https://github.com/besser82/libxcrypt/issues], [libxcrypt], [https://github.com/besser82/libxcrypt]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.19/doc/crypt_checksalt.3 new/libxcrypt-4.4.23/doc/crypt_checksalt.3 --- old/libxcrypt-4.4.19/doc/crypt_checksalt.3 2021-04-08 21:57:36.000000000 +0200 +++ new/libxcrypt-4.4.23/doc/crypt_checksalt.3 2021-06-20 18:43:25.000000000 +0200 @@ -51,7 +51,7 @@ will fail if passed this .Ar setting . Manual intervention will be required to reactivate the user's account. -.It Dv CRYPT_SALT_METHOD_LEGACY (Not implemented, yet) +.It Dv CRYPT_SALT_METHOD_LEGACY .Ar setting specifies a hashing method that is no longer considered strong enough for use with new passphrases. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.19/lib/crypt-des-obsolete.c new/libxcrypt-4.4.23/lib/crypt-des-obsolete.c --- old/libxcrypt-4.4.19/lib/crypt-des-obsolete.c 2021-04-08 21:57:36.000000000 +0200 +++ new/libxcrypt-4.4.23/lib/crypt-des-obsolete.c 2021-06-20 18:43:25.000000000 +0200 @@ -85,7 +85,7 @@ { c = bitv[i]; for (int j = 0; j < 8; j++) - bytev[i*8 + j] = (c & (0x01 << (7 - j))) != 0; + bytev[i*8 + j] = (char)((c & (0x01 << (7 - j))) != 0); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.19/lib/crypt-yescrypt.c new/libxcrypt-4.4.23/lib/crypt-yescrypt.c --- old/libxcrypt-4.4.19/lib/crypt-yescrypt.c 2021-04-08 21:57:36.000000000 +0200 +++ new/libxcrypt-4.4.23/lib/crypt-yescrypt.c 2021-06-20 18:43:25.000000000 +0200 @@ -106,8 +106,8 @@ const uint8_t *rbytes, size_t nrbytes, uint8_t *output, size_t o_size) { - if (o_size < 3 + 8 * 6 + BASE64_LEN (nrbytes) + 1 || - CRYPT_GENSALT_OUTPUT_SIZE < 3 + 8 * 6 + BASE64_LEN (nrbytes) + 1) + if (o_size < 3 + 8 * 6 + 1 + BASE64_LEN (nrbytes) + 1 || + CRYPT_GENSALT_OUTPUT_SIZE < 3 + 8 * 6 + 1 + BASE64_LEN (nrbytes) + 1) { errno = ERANGE; return; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.19/lib/crypt.c new/libxcrypt-4.4.23/lib/crypt.c --- old/libxcrypt-4.4.19/lib/crypt.c 2021-04-08 21:57:36.000000000 +0200 +++ new/libxcrypt-4.4.23/lib/crypt.c 2021-06-20 18:43:25.000000000 +0200 @@ -68,6 +68,7 @@ /* The type of this field is unsigned char to ensure that it cannot be set larger than the size of an internal buffer in crypt_gensalt_rn. */ unsigned char nrbytes; + unsigned char is_strong; }; static const struct hashfn hash_algorithms[] = @@ -314,14 +315,24 @@ { int retval = CRYPT_SALT_INVALID; - if (!setting) - return retval; + if (!setting || /* NULL string */ + setting[0] == '\0') /* empty passphrase, or descrypt without salt */ + goto end; const struct hashfn *h = get_hashfn (setting); if (h) - retval = CRYPT_SALT_OK; + { + retval = CRYPT_SALT_OK; + + if (h->is_strong == 0) + { + retval = CRYPT_SALT_METHOD_LEGACY; + goto end; + } + } +end: return retval; } SYMVER_crypt_checksalt; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.19/lib/crypt.h.in new/libxcrypt-4.4.23/lib/crypt.h.in --- old/libxcrypt-4.4.19/lib/crypt.h.in 2021-04-08 21:57:36.000000000 +0200 +++ new/libxcrypt-4.4.23/lib/crypt.h.in 2021-06-20 18:43:25.000000000 +0200 @@ -211,7 +211,7 @@ #define CRYPT_SALT_OK 0 #define CRYPT_SALT_INVALID 1 #define CRYPT_SALT_METHOD_DISABLED 2 /* NOT implemented, yet. */ -#define CRYPT_SALT_METHOD_LEGACY 3 /* NOT implemented, yet. */ +#define CRYPT_SALT_METHOD_LEGACY 3 #define CRYPT_SALT_TOO_CHEAP 4 /* NOT implemented, yet. */ /* Convenience function to get the prefix of the preferred hash method, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.19/libxcrypt.spec.rpkg new/libxcrypt-4.4.23/libxcrypt.spec.rpkg --- old/libxcrypt-4.4.19/libxcrypt.spec.rpkg 2021-04-08 21:57:36.000000000 +0200 +++ new/libxcrypt-4.4.23/libxcrypt.spec.rpkg 2021-06-20 18:43:25.000000000 +0200 @@ -193,6 +193,9 @@ %package compat Summary: Compatibility library providing legacy API functions +# For testing the glibc compatibility symbols. +BuildRequires: libxcrypt-compat + Requires: %{name}%{?_isa} = %{version}-%{release} Requires: glibc%{?_isa} >= %{glibc_minver} @@ -323,6 +326,43 @@ popd %endif +mkdir -p %{_vpath_builddir}-all_possible_tests + +# The configure scripts want to use -Wl,--wrap to run some +# special tests, which is not compatible with LTO. +%global system_lto_cflags_bak %{_lto_cflags} +%define _lto_cflags %{nil} + +# Reset compiler flags in env. +unset CFLAGS +unset CXXFLAGS +unset FFLAGS +unset FCFLAGS +unset LDFLAGS +unset LT_SYS_LIBRARY_PATH + +# Build a library suitable for all possible tests. +pushd %{_vpath_builddir}-all_possible_tests +%configure \ +%if %{with compat_pkg} + %{common_configure_options} \ + --enable-hashes=all \ + --enable-obsolete-api=%{compat_api} \ + --enable-obsolete-api-enosys=%{enosys_stubs} +%else + %{common_configure_options} \ + --enable-hashes=%{hash_methods} \ + --enable-obsolete-api=%{obsolete_api} \ +%if %{with new_api} + --enable-obsolete-api-enosys=%{obsolete_api} +%else + --enable-obsolete-api-enosys=%{enosys_stubs} +%endif +%endif +%define _lto_cflags %{system_lto_cflags_bak} +%make_build +popd + %install %if %{with compat_pkg} @@ -353,6 +393,7 @@ %if %{with compat_pkg} build_dirs="${build_dirs} %{_vpath_builddir}-compat" %endif +build_dirs="${build_dirs} %{_vpath_builddir}-all_possible_tests" for dir in ${build_dirs}; do %make_build -C ${dir} check || \ { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.19/test/TestCommon.pm new/libxcrypt-4.4.23/test/TestCommon.pm --- old/libxcrypt-4.4.19/test/TestCommon.pm 2021-04-08 21:57:36.000000000 +0200 +++ new/libxcrypt-4.4.23/test/TestCommon.pm 2021-06-20 18:43:25.000000000 +0200 @@ -27,8 +27,6 @@ use POSIX (); use lib "$FindBin::Bin/../build-aux"; -## ProhibitUnusedImport does not notice uses from @EXPORT_OK. -## no critic (TooMuchCode::ProhibitUnusedImport) use BuildCommon qw( ensure_C_locale error @@ -38,7 +36,6 @@ subprocess_error which ); -## use critic our @EXPORT_OK; use Exporter qw(import); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.19/test/checksalt.c new/libxcrypt-4.4.23/test/checksalt.c --- old/libxcrypt-4.4.19/test/checksalt.c 2021-04-08 21:57:36.000000000 +0200 +++ new/libxcrypt-4.4.23/test/checksalt.c 2021-06-20 18:43:25.000000000 +0200 @@ -30,83 +30,83 @@ static const struct testcase testcases[] = { #if INCLUDE_descrypt || INCLUDE_bigcrypt - { "", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, - { "..", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, - { "MN", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, -#else - { "", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, - { "..", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, - { "MN", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, + { "", CRYPT_SALT_INVALID, CRYPT_SALT_METHOD_LEGACY, CRYPT_SALT_METHOD_LEGACY }, + { "..", CRYPT_SALT_METHOD_LEGACY, CRYPT_SALT_METHOD_LEGACY, CRYPT_SALT_METHOD_LEGACY }, + { "MN", CRYPT_SALT_METHOD_LEGACY, CRYPT_SALT_METHOD_LEGACY, CRYPT_SALT_METHOD_LEGACY }, +#else + { "", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, + { "..", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, + { "MN", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, #endif #if INCLUDE_bsdicrypt - { "_", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, + { "_", CRYPT_SALT_METHOD_LEGACY, CRYPT_SALT_METHOD_LEGACY, CRYPT_SALT_METHOD_LEGACY }, #else - { "_", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, + { "_", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, #endif #if INCLUDE_md5crypt - { "$1$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, + { "$1$", CRYPT_SALT_METHOD_LEGACY, CRYPT_SALT_METHOD_LEGACY, CRYPT_SALT_METHOD_LEGACY }, #else - { "$1$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, + { "$1$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, #endif #if INCLUDE_nt - { "$3$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, + { "$3$", CRYPT_SALT_METHOD_LEGACY, CRYPT_SALT_METHOD_LEGACY, CRYPT_SALT_METHOD_LEGACY }, #else - { "$3$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, + { "$3$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, #endif #if INCLUDE_sunmd5 - { "$md5", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, + { "$md5", CRYPT_SALT_METHOD_LEGACY, CRYPT_SALT_METHOD_LEGACY, CRYPT_SALT_METHOD_LEGACY }, #else - { "$md5", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, + { "$md5", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, #endif #if INCLUDE_sha1crypt - { "$sha1", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, + { "$sha1", CRYPT_SALT_METHOD_LEGACY, CRYPT_SALT_METHOD_LEGACY, CRYPT_SALT_METHOD_LEGACY }, #else - { "$sha1", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, + { "$sha1", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, #endif #if INCLUDE_sha256crypt - { "$5$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, + { "$5$", CRYPT_SALT_METHOD_LEGACY, CRYPT_SALT_METHOD_LEGACY, CRYPT_SALT_METHOD_LEGACY }, #else - { "$5$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, + { "$5$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, #endif #if INCLUDE_sha512crypt - { "$6$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, + { "$6$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, #else - { "$6$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, + { "$6$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, #endif #if INCLUDE_bcrypt - { "$2b$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, + { "$2b$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, #else - { "$2b$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, + { "$2b$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, #endif #if INCLUDE_bcrypt_a - { "$2a$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, + { "$2a$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, #else - { "$2a$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, + { "$2a$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, #endif #if INCLUDE_bcrypt_x - { "$2x$", CRYPT_SALT_OK, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, + { "$2x$", CRYPT_SALT_METHOD_LEGACY, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, #else - { "$2x$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, + { "$2x$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, #endif #if INCLUDE_bcrypt_y - { "$2y$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, + { "$2y$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, #else - { "$2y$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, + { "$2y$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, #endif #if INCLUDE_yescrypt - { "$y$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, + { "$y$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, #else - { "$y$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, + { "$y$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, #endif #if INCLUDE_scrypt - { "$7$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, + { "$7$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, #else - { "$7$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, + { "$7$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, #endif #if INCLUDE_gost_yescrypt - { "$gy$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, + { "$gy$", CRYPT_SALT_OK, CRYPT_SALT_OK, CRYPT_SALT_OK }, #else - { "$gy$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, + { "$gy$", CRYPT_SALT_INVALID, CRYPT_SALT_INVALID, CRYPT_SALT_INVALID }, #endif /* All of these are invalid. */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.19/test/des-obsolete.c new/libxcrypt-4.4.23/test/des-obsolete.c --- old/libxcrypt-4.4.19/test/des-obsolete.c 2021-04-08 21:57:36.000000000 +0200 +++ new/libxcrypt-4.4.23/test/des-obsolete.c 2021-06-20 18:43:25.000000000 +0200 @@ -29,7 +29,7 @@ { t = pk[i]; for (j = 0; j < 8; j++) - ex[i*8 + j] = (t & (0x01u << (7 - j))) != 0; + ex[i*8 + j] = (unsigned char)((t & (0x01u << (7 - j))) != 0); } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libxcrypt-4.4.19/test/des-obsolete_r.c new/libxcrypt-4.4.23/test/des-obsolete_r.c --- old/libxcrypt-4.4.19/test/des-obsolete_r.c 2021-04-08 21:57:36.000000000 +0200 +++ new/libxcrypt-4.4.23/test/des-obsolete_r.c 2021-06-20 18:43:25.000000000 +0200 @@ -29,7 +29,7 @@ { t = pk[i]; for (j = 0; j < 8; j++) - ex[i*8 + j] = (t & (0x01u << (7 - j))) != 0; + ex[i*8 + j] = (unsigned char)((t & (0x01u << (7 - j))) != 0); } }
