Hello community, here is the log from the commit of package glibc for openSUSE:11.3 checked in at Fri Jul 29 18:01:46 CEST 2011.
Patchinfo file has no description Patchinfo file has no description Patchinfo file has no description -------- --- old-versions/11.3/UPDATES/all/glibc/glibc.changes 2010-10-27 03:24:40.000000000 +0200 +++ 11.3/glibc/glibc.changes 2011-07-27 10:18:03.000000000 +0200 @@ -1,0 +2,7 @@ +Tue Jul 19 15:51:51 UTC 2011 - lnus...@suse.de + +- update crypt_blowfish to version 1.2 (bnc#700876, CVE-2011-2483) + * due to the signedness bug fix 2a hashes are incompatible with + previous versions if the password contains 8bit chracters! + +------------------------------------------------------------------- calling whatdependson for 11.3-i586 Old: ---- minmem New: ---- crypt_blowfish-1.2.tar.gz crypt_blowfish-1.2.tar.gz.sign crypt_blowfish-noasm.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ glibc.spec ++++++ --- /var/tmp/diff_new_pack.moaLMX/_old 2011-07-29 18:00:57.000000000 +0200 +++ /var/tmp/diff_new_pack.moaLMX/_new 2011-07-29 18:00:57.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package glibc (Version 2.11.2) +# spec file for package glibc # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,6 +17,7 @@ # norootforbuild +%define crypt_bf_version 1.2 Name: glibc BuildRequires: gcc-c++ libstdc++-devel @@ -64,7 +65,7 @@ Provides: rtld(GNU_HASH) AutoReqProv: on Version: 2.11.2 -Release: 3.<RELEASE2> +Release: 3.<RELEASE5> Url: http://www.gnu.org/software/libc/libc.html PreReq: filesystem BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -80,6 +81,8 @@ Source12: glibc_post_upgrade.c Source15: glibc.rpmlintrc Source16: baselibs.conf +Source50: http://www.openwall.com/crypt/crypt_blowfish-%{crypt_bf_version}.tar.gz +Source51: http://www.openwall.com/crypt/crypt_blowfish-%{crypt_bf_version}.tar.gz.sign %if %_target_cpu == "i686" # We need to avoid to have only the src rpm from i686 on the media, # since it does not work on other architectures. @@ -92,6 +95,7 @@ Patch3: glibc-resolv-reload.diff Patch4: glibc-2.3.locales.diff.bz2 Patch5: crypt_blowfish-1.0-suse.diff +Patch6: crypt_blowfish-noasm.diff Patch7: glibc-version.diff Patch8: glibc-2.4.90-revert-only-euro.diff Patch9: glibc-2.3-regcomp.diff @@ -296,11 +300,12 @@ # add glibc-ports for arm # this is CURRENTLY BROKEN; ARM-interested contributors need to provide # new tested glibc-ports source -%setup -n glibc-%{version} -q -a 2 -a 3 -a 4 +%setup -n glibc-%{version} -q -a 2 -a 3 -a 4 -a 50 %else # any other leave out ports -%setup -n glibc-%{version} -q -a 3 -a 4 +%setup -n glibc-%{version} -q -a 3 -a 4 -a 50 %endif +mv crypt_blowfish-%crypt_bf_version/crypt_blowfish.[ch] crypt/ %patch0 # libNoVersion part is only active on ix86 %patch1 @@ -308,6 +313,7 @@ %patch3 %patch4 %patch5 +%patch6 %patch7 %patch8 %patch9 ++++++ crypt_blowfish-1.0-suse.diff ++++++ ++++ 773 lines (skipped) ++++ between old-versions/11.3/UPDATES/all/glibc/crypt_blowfish-1.0-suse.diff ++++ and 11.3/glibc/crypt_blowfish-1.0-suse.diff ++++++ crypt_blowfish-noasm.diff ++++++ Index: crypt/crypt_blowfish.c =================================================================== --- crypt/crypt_blowfish.c.orig +++ crypt/crypt_blowfish.c @@ -54,7 +54,7 @@ #include "crypt_blowfish.h" #ifdef __i386__ -#define BF_ASM 1 +#define BF_ASM 0 #define BF_SCALE 1 #elif defined(__x86_64__) || defined(__alpha__) || defined(__hppa__) #define BF_ASM 0 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
