From 2e320182afaa5d54db3e45c4da7c4441228dc844 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Wed, 30 Jan 2019 11:50:40 +0100 Subject: [PATCH] Add a README-POSIX file with information about the stub functions --- libxcrypt.spec | 40 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 38 insertions(+), 2 deletions(-) diff --git a/libxcrypt.spec b/libxcrypt.spec index 2af990a..4c0dfc7 100644 --- a/libxcrypt.spec +++ b/libxcrypt.spec @@ -127,7 +127,7 @@ fi \ Name: libxcrypt Version: 4.4.3 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Extended crypt library for descrypt, md5crypt, bcrypt, and others # For explicit license breakdown, see the @@ -272,6 +272,24 @@ by the %{name}-compat package. %endif EOF %endif +%if %{with enosys_stubs} +%{__cat} << EOF >> README-POSIX +This version of the libcrypt.so.1 library has entirely removed +the functionality of the encrypt, encrypt_r, setkey, setkey_r, +and fcrypt functions, while keeping fully binary compatibility +with existing (third-party) applications possibly still using +those funtions. If such an application attemps to call one of +these functions, the corresponding function will indicate that +it is not supported by the system in a POSIX-compliant way. + +For security reasons, the encrypt and encrypt_r functions will +also overwrite their data-block argument with random bits. + +All existing binary executables linked against glibc's libcrypt +should work unmodified with the provided version of the +libcrypt.so.1 library in place. +EOF +%endif %{__mkdir_p} %{_vpath_builddir}{,-compat} @@ -331,6 +349,12 @@ if [ -f README%{distname} ]; then README%{distname} fi +# Install README-POSIX file, if existing, to shared %%_pkgdocdir. +if [ -f README-POSIX ]; then + %{__install} -Dpm 0644 -t %{buildroot}%{_pkgdocdir} \ + README-POSIX +fi + %check %if %{with compat_pkg} @@ -371,7 +395,13 @@ done %files %doc %dir %{_pkgdocdir} %doc %{_pkgdocdir}/NEWS -%doc %{_pkgdocdir}/README* +%doc %{_pkgdocdir}/README +%if %{with new_api} +%doc %{_pkgdocdir}/README%{distname} +%endif +%if %{with enosys_stubs} && %{without compat_pkg} +%doc %{_pkgdocdir}/README-POSIX +%endif %doc %{_pkgdocdir}/THANKS %license AUTHORS COPYING.LIB LICENSING /%{_lib}/.libcrypt.so.{%{soc},%{sov}}.hmac @@ -381,6 +411,9 @@ done %if %{with compat_pkg} %files compat +%if %{with enosys_stubs} +%doc %{_pkgdocdir}/README-POSIX +%endif /%{_lib}/.libcrypt.so.{%{csoc},%{csov}}.hmac /%{_lib}/libcrypt.so.{%{csoc},%{csov}} %endif @@ -404,6 +437,9 @@ done %changelog +* Wed Jan 30 2019 Björn Esser - 4.4.3-4 +- Add a README-POSIX file with information about the stub functions + * Wed Jan 30 2019 Björn Esser - 4.4.3-3 - Replace unsafe functions in libxcrypt-compat with stubs (#1670735)