From 6113b63613c3aaf8d320c478687ed8d33626e4a4 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 7 May 2019 09:38:20 -0400 Subject: [PATCH] import libxcrypt-4.1.1-4.el8 --- .gitignore | 1 + .libxcrypt.metadata | 1 + SOURCES/libxcrypt-rh1612157.patch | 67 +++++++ SOURCES/libxcrypt-rh1613537.patch | 320 ++++++++++++++++++++++++++++++ SPECS/libxcrypt.spec | 259 ++++++++++++++++++++++++ 5 files changed, 648 insertions(+) create mode 100644 .gitignore create mode 100644 .libxcrypt.metadata create mode 100644 SOURCES/libxcrypt-rh1612157.patch create mode 100644 SOURCES/libxcrypt-rh1613537.patch create mode 100644 SPECS/libxcrypt.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..39680f2 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/libxcrypt-4.1.1.tar.gz diff --git a/.libxcrypt.metadata b/.libxcrypt.metadata new file mode 100644 index 0000000..ffbc812 --- /dev/null +++ b/.libxcrypt.metadata @@ -0,0 +1 @@ +12f53bf48f4c08a5b650537e1e236495d39e5a81 SOURCES/libxcrypt-4.1.1.tar.gz diff --git a/SOURCES/libxcrypt-rh1612157.patch b/SOURCES/libxcrypt-rh1612157.patch new file mode 100644 index 0000000..b2a3c21 --- /dev/null +++ b/SOURCES/libxcrypt-rh1612157.patch @@ -0,0 +1,67 @@ +commit cc1806e214b89403152c2c53932d8d0b8aeb1e91 +Author: Björn Esser +Date: Sat Aug 4 13:02:03 2018 +0200 + + Add alias man-pages for other crypt functions. + +diff --git a/Makefile.am b/Makefile.am +index 201dea53313e7054..1ea36121d085b55d 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -15,7 +15,8 @@ EXTRA_DIST = \ + gen-map.awk gen-vers.awk gen-crypt-h.awk \ + gen-hashes.awk sel-hashes.awk hashes.lst + +-notrans_dist_man3_MANS = crypt_rn.3 crypt_gensalt.3 ++notrans_dist_man3_MANS = crypt.3 crypt_r.3 crypt_ra.3 \ ++ crypt_rn.3 crypt_gensalt.3 + notrans_dist_man5_MANS = crypt.5 + + nodist_include_HEADERS = crypt.h +diff --git a/crypt.3 b/crypt.3 +new file mode 100644 +index 0000000000000000..430e48f320d6e8af +--- /dev/null ++++ b/crypt.3 +@@ -0,0 +1 @@ ++.so man3/crypt_rn.3 +diff --git a/crypt.5 b/crypt.5 +index 5db9c923cbd66e55..7fe46091f192b114 100644 +--- a/crypt.5 ++++ b/crypt.5 +@@ -279,6 +279,8 @@ that will work on an old operating system that supports nothing else. + .hash "$3$" "\e$3\e$\e$[0-9a-f]{32}" unlimited 8 256 256 0 1 + .SH SEE ALSO + .BR crypt (3), ++.BR crypt_r (3), ++.BR crypt_ra (3), + .BR crypt_rn (3), + .BR crypt_gensalt (3), + .BR getpwent (3), +diff --git a/crypt_gensalt.3 b/crypt_gensalt.3 +index ebfff28db79a3c53..31097400e5cd2080 100644 +--- a/crypt_gensalt.3 ++++ b/crypt_gensalt.3 +@@ -223,6 +223,8 @@ T} Thread safety MT-Safe + .SH SEE ALSO + .ad l + .BR crypt (3), ++.BR crypt_r (3), ++.BR crypt_ra (3), + .BR crypt_rn (3), + .BR getpass (3), + .BR getpwent (3), +diff --git a/crypt_r.3 b/crypt_r.3 +new file mode 100644 +index 0000000000000000..430e48f320d6e8af +--- /dev/null ++++ b/crypt_r.3 +@@ -0,0 +1 @@ ++.so man3/crypt_rn.3 +diff --git a/crypt_ra.3 b/crypt_ra.3 +new file mode 100644 +index 0000000000000000..430e48f320d6e8af +--- /dev/null ++++ b/crypt_ra.3 +@@ -0,0 +1 @@ ++.so man3/crypt_rn.3 diff --git a/SOURCES/libxcrypt-rh1613537.patch b/SOURCES/libxcrypt-rh1613537.patch new file mode 100644 index 0000000..0a32ffc --- /dev/null +++ b/SOURCES/libxcrypt-rh1613537.patch @@ -0,0 +1,320 @@ +commit 8596e298f761c32cecff45424f5242cd14269292 +Author: Zack Weinberg +Date: Tue Aug 7 21:35:12 2018 -0400 + + Add configure option --disable-failure-tokens. + + When this option is given, crypt and crypt_r will return NULL on + failure, instead of a special "failure token" string that isn't the + hash of any passphrase. This was the historical behavior of glibc, + FreeBSD libc, and several other implementations. + +diff --git a/configure.ac b/configure.ac +index a22a5926bd82f729..23651f9c5c886107 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -152,6 +152,25 @@ AC_CHECK_FUNCS_ONCE([ + ]) + + # Configure options. ++AC_ARG_ENABLE([failure-tokens], ++ AS_HELP_STRING( ++ [--disable-failure-tokens], ++ [Make crypt and crypt_r return NULL on failure, instead of a ++ special "failure token" string that isn't the hash of any ++ passphrase. This matches the behavior of several other ++ crypt implementations, but will break programs that assume these ++ functions never return NULL. crypt_rn and crypt_ra are not affected ++ by this option, and will always return NULL on failure.] ++ ), ++ [case "$enableval" in ++ yes) enable_failure_tokens=1;; ++ no) enable_failure_tokens=0;; ++ *) AC_MSG_ERROR([bad value ${enableval} for --enable-failure-tokens]);; ++ esac], ++ [enable_failure_tokens=1]) ++AC_DEFINE_UNQUOTED([ENABLE_FAILURE_TOKENS], [$enable_failure_tokens], ++ [Define to 1 if crypt and crypt_r should return a "failure token" on ++ failure, or 0 if they should return NULL.]) + + AC_ARG_ENABLE([obsolete-api], + AS_HELP_STRING( +diff --git a/crypt.c b/crypt.c +index 9a3e19214e613097..839763afad14eaa9 100644 +--- a/crypt.c ++++ b/crypt.c +@@ -235,7 +235,11 @@ crypt_r (const char *phrase, const char *setting, struct crypt_data *data) + { + make_failure_token (setting, data->output, sizeof data->output); + do_crypt (phrase, setting, data); ++#if ENABLE_FAILURE_TOKENS + return data->output; ++#else ++ return data->output[0] == '*' ? 0 : data->output; ++#endif + } + SYMVER_crypt_r; + #endif +diff --git a/crypt_rn.3 b/crypt_rn.3 +index 24da44cfce19716b..d021c4ed4a046e04 100644 +--- a/crypt_rn.3 ++++ b/crypt_rn.3 +@@ -204,17 +204,31 @@ multiple threads simultaneously, as long as a separate + object is used for each thread. + .PP + Upon error, +-.B crypt +-and +-.B crypt_r +-return a pointer to an ++.BR crypt_r ", " crypt_rn ", and " crypt_ra ++write an + .I invalid +-hashed passphrase. ++hashed passphrase to the ++.I output ++field of their ++.I crypt_data ++object, and ++.B crypt ++writes an invalid hash to its static storage area. + This string will be shorter than 13 characters, + will begin with a \(oq\fB*\fR\(cq, + and will not compare equal to + .IR setting . +-(This peculiar behavior is for compatibility ++.PP ++Upon error, ++.BR crypt_rn " and " crypt_ra ++return a null pointer. ++.BR crypt_r " and " crypt ++may also return a null pointer, ++or they may return a pointer to the invalid hash, ++depending on how ++.I libcrypt ++was configured. ++(The option to return the invalid hash is for compatibility + with old applications that assume that + .B crypt + cannot return a null pointer. +@@ -222,15 +236,6 @@ See + .B "PORTABILITY NOTES" + below.) + .PP +-.B crypt_rn +-and +-.B crypt_ra +-also write an invalid hashed passphrase to the +-.I output +-field of their +-.I crypt_data +-object when they fail, but they return a null pointer. +-.PP + All four functions set + .I errno + when they fail. +diff --git a/test-badsalt.c b/test-badsalt.c +index b2743373628b1f3f..3d2e47ac0e7647bd 100644 +--- a/test-badsalt.c ++++ b/test-badsalt.c +@@ -222,12 +222,28 @@ check_crypt (const char *label, const char *fn, + const char *retval, const char *setting, + bool expected_to_succeed) + { +- /* crypt/crypt_r should never return null */ ++#if ENABLE_FAILURE_TOKENS ++ /* crypt/crypt_r never return null when failure tokens are enabled */ + if (!retval) + { + printf ("FAIL: %s/%s/%s: returned NULL\n", label, setting, fn); + return false; + } ++#else ++ if (expected_to_succeed && !retval) ++ { ++ printf ("FAIL: %s/%s/%s: returned NULL\n", label, setting, fn); ++ return false; ++ } ++ else if (!expected_to_succeed && retval) ++ { ++ printf ("FAIL: %s/%s/%s: returned %p, should be NULL\n", ++ label, setting, fn, (const void *)retval); ++ return false; ++ } ++ else if (!expected_to_succeed && !retval) ++ return true; ++#endif + if (!check_results (label, fn, retval, setting, + expected_to_succeed)) + return false; +diff --git a/test-crypt-badargs.c b/test-crypt-badargs.c +index 0e6af1626a605086..6be24a99ca7f9015 100644 +--- a/test-crypt-badargs.c ++++ b/test-crypt-badargs.c +@@ -169,6 +169,14 @@ test_crypt_ra (const char *tag, + check (tag, expect, got); + } + ++#if ENABLE_FAILURE_TOKENS ++# define FT0 "*0" ++# define FT1 "*1" ++#else ++# define FT0 0 ++# define FT1 0 ++#endif ++ + /* PAGE should point to PAGESIZE bytes of read-write memory followed + by another PAGESIZE bytes of inaccessible memory. */ + +@@ -187,55 +195,55 @@ do_tests(char *page, size_t pagesize) + size_t i; + + /* When SETTING is null, it shouldn't matter what PHRASE is. */ +- expect_no_fault ("0.0.crypt", 0, 0, "*0", test_crypt); +- expect_no_fault ("0.0.crypt_r", 0, 0, "*0", test_crypt_r); ++ expect_no_fault ("0.0.crypt", 0, 0, FT0, test_crypt); ++ expect_no_fault ("0.0.crypt_r", 0, 0, FT0, test_crypt_r); + expect_no_fault ("0.0.crypt_rn", 0, 0, 0, test_crypt_rn); + expect_no_fault ("0.0.crypt_ra", 0, 0, 0, test_crypt_ra); + +- expect_no_fault ("''.0.crypt", "", 0, "*0", test_crypt); +- expect_no_fault ("''.0.crypt_r", "", 0, "*0", test_crypt_r); ++ expect_no_fault ("''.0.crypt", "", 0, FT0, test_crypt); ++ expect_no_fault ("''.0.crypt_r", "", 0, FT0, test_crypt_r); + expect_no_fault ("''.0.crypt_rn", "", 0, 0, test_crypt_rn); + expect_no_fault ("''.0.crypt_ra", "", 0, 0, test_crypt_ra); + +- expect_no_fault ("ph.0.crypt", phrase, 0, "*0", test_crypt); +- expect_no_fault ("ph.0.crypt_r", phrase, 0, "*0", test_crypt_r); ++ expect_no_fault ("ph.0.crypt", phrase, 0, FT0, test_crypt); ++ expect_no_fault ("ph.0.crypt_r", phrase, 0, FT0, test_crypt_r); + expect_no_fault ("ph.0.crypt_rn", phrase, 0, 0, test_crypt_rn); + expect_no_fault ("ph.0.crypt_ra", phrase, 0, 0, test_crypt_ra); + +- expect_no_fault ("p1.0.crypt", p1, 0, "*0", test_crypt); +- expect_no_fault ("p1.0.crypt_r", p1, 0, "*0", test_crypt_r); ++ expect_no_fault ("p1.0.crypt", p1, 0, FT0, test_crypt); ++ expect_no_fault ("p1.0.crypt_r", p1, 0, FT0, test_crypt_r); + expect_no_fault ("p1.0.crypt_rn", p1, 0, 0, test_crypt_rn); + expect_no_fault ("p1.0.crypt_ra", p1, 0, 0, test_crypt_ra); + +- expect_no_fault ("p2.0.crypt", p2, 0, "*0", test_crypt); +- expect_no_fault ("p2.0.crypt_r", p2, 0, "*0", test_crypt_r); ++ expect_no_fault ("p2.0.crypt", p2, 0, FT0, test_crypt); ++ expect_no_fault ("p2.0.crypt_r", p2, 0, FT0, test_crypt_r); + expect_no_fault ("p2.0.crypt_rn", p2, 0, 0, test_crypt_rn); + expect_no_fault ("p2.0.crypt_ra", p2, 0, 0, test_crypt_ra); + + /* Conversely, when PHRASE is null, + it shouldn't matter what SETTING is... */ +- expect_no_fault ("0.''.crypt", 0, "", "*0", test_crypt); +- expect_no_fault ("0.''.crypt_r", 0, "", "*0", test_crypt_r); ++ expect_no_fault ("0.''.crypt", 0, "", FT0, test_crypt); ++ expect_no_fault ("0.''.crypt_r", 0, "", FT0, test_crypt_r); + expect_no_fault ("0.''.crypt_rn", 0, "", 0, test_crypt_rn); + expect_no_fault ("0.''.crypt_ra", 0, "", 0, test_crypt_ra); + +- expect_no_fault ("0.'*'.crypt", 0, "*", "*0", test_crypt); +- expect_no_fault ("0.'*'.crypt_r", 0, "*", "*0", test_crypt_r); ++ expect_no_fault ("0.'*'.crypt", 0, "*", FT0, test_crypt); ++ expect_no_fault ("0.'*'.crypt_r", 0, "*", FT0, test_crypt_r); + expect_no_fault ("0.'*'.crypt_rn", 0, "*", 0, test_crypt_rn); + expect_no_fault ("0.'*'.crypt_ra", 0, "*", 0, test_crypt_ra); + +- expect_no_fault ("0.'*0'.crypt", 0, "*0", "*1", test_crypt); +- expect_no_fault ("0.'*0'.crypt_r", 0, "*0", "*1", test_crypt_r); ++ expect_no_fault ("0.'*0'.crypt", 0, "*0", FT1, test_crypt); ++ expect_no_fault ("0.'*0'.crypt_r", 0, "*0", FT1, test_crypt_r); + expect_no_fault ("0.'*0'.crypt_rn", 0, "*0", 0, test_crypt_rn); + expect_no_fault ("0.'*0'.crypt_ra", 0, "*0", 0, test_crypt_ra); + +- expect_no_fault ("0.'*1'.crypt", 0, "*1", "*0", test_crypt); +- expect_no_fault ("0.'*1'.crypt_r", 0, "*1", "*0", test_crypt_r); ++ expect_no_fault ("0.'*1'.crypt", 0, "*1", FT0, test_crypt); ++ expect_no_fault ("0.'*1'.crypt_r", 0, "*1", FT0, test_crypt_r); + expect_no_fault ("0.'*1'.crypt_rn", 0, "*1", 0, test_crypt_rn); + expect_no_fault ("0.'*1'.crypt_ra", 0, "*1", 0, test_crypt_ra); + +- expect_no_fault ("0.p1.crypt", 0, p1, "*0", test_crypt); +- expect_no_fault ("0.p1.crypt_r", 0, p1, "*0", test_crypt_r); ++ expect_no_fault ("0.p1.crypt", 0, p1, FT0, test_crypt); ++ expect_no_fault ("0.p1.crypt_r", 0, p1, FT0, test_crypt_r); + expect_no_fault ("0.p1.crypt_rn", 0, p1, 0, test_crypt_rn); + expect_no_fault ("0.p1.crypt_ra", 0, p1, 0, test_crypt_ra); + +@@ -245,8 +253,8 @@ do_tests(char *page, size_t pagesize) + bug, but it's impractical to fix without breaking the property + that 'crypt' _never_ creates a failure token that is equal to the + setting string, which is more important than this corner case. */ +- expect_a_fault ("0.p2.crypt", 0, p2, "*0", test_crypt); +- expect_a_fault ("0.p2.crypt_r", 0, p2, "*0", test_crypt_r); ++ expect_a_fault ("0.p2.crypt", 0, p2, FT0, test_crypt); ++ expect_a_fault ("0.p2.crypt_r", 0, p2, FT0, test_crypt_r); + expect_a_fault ("0.p2.crypt_rn", 0, p2, 0, test_crypt_rn); + expect_a_fault ("0.p2.crypt_ra", 0, p2, 0, test_crypt_ra); + +@@ -257,9 +265,9 @@ do_tests(char *page, size_t pagesize) + strcpy (page, "p1.'"); + strcat (page, settings[i]); + strcat (page, "'.crypt"); +- expect_a_fault (page, p1, settings[i], "*0", test_crypt); ++ expect_a_fault (page, p1, settings[i], FT0, test_crypt); + strcat (page, "_r"); +- expect_a_fault (page, p1, settings[i], "*0", test_crypt_r); ++ expect_a_fault (page, p1, settings[i], FT0, test_crypt_r); + strcat (page, "n"); + expect_a_fault (page, p1, settings[i], 0, test_crypt_rn); + page [strlen (page) - 1] = 'a'; +@@ -268,9 +276,9 @@ do_tests(char *page, size_t pagesize) + strcpy (page, "p2.'"); + strcat (page, settings[i]); + strcat (page, "'.crypt"); +- expect_a_fault (page, p2, settings[i], "*0", test_crypt); ++ expect_a_fault (page, p2, settings[i], FT0, test_crypt); + strcat (page, "_r"); +- expect_a_fault (page, p2, settings[i], "*0", test_crypt_r); ++ expect_a_fault (page, p2, settings[i], FT0, test_crypt_r); + strcat (page, "n"); + expect_a_fault (page, p2, settings[i], 0, test_crypt_rn); + page [strlen (page) - 1] = 'a'; +@@ -279,8 +287,8 @@ do_tests(char *page, size_t pagesize) + + /* Conversely, when PHRASE is valid, passing an invalid string as SETTING + should crash reliably. */ +- expect_a_fault ("ph.p2.crypt", phrase, p2, "*0", test_crypt); +- expect_a_fault ("ph.p2.crypt_r", phrase, p2, "*0", test_crypt_r); ++ expect_a_fault ("ph.p2.crypt", phrase, p2, FT0, test_crypt); ++ expect_a_fault ("ph.p2.crypt_r", phrase, p2, FT0, test_crypt_r); + expect_a_fault ("ph.p2.crypt_rn", phrase, p2, 0, test_crypt_rn); + expect_a_fault ("ph.p2.crypt_ra", phrase, p2, 0, test_crypt_ra); + +@@ -292,9 +300,9 @@ do_tests(char *page, size_t pagesize) + strcpy (page, "ph.'"); + strcat (page, settings[i]); + strcat (page, ".crypt"); +- expect_a_fault (page, phrase, p1, "*0", test_crypt); ++ expect_a_fault (page, phrase, p1, FT0, test_crypt); + strcat (page, "_r"); +- expect_a_fault (page, phrase, p1, "*0", test_crypt_r); ++ expect_a_fault (page, phrase, p1, FT0, test_crypt_r); + strcat (page, "n"); + expect_a_fault (page, phrase, p1, 0, test_crypt_rn); + page [strlen (page) - 1] = 'a'; +diff --git a/test-crypt-bcrypt.c b/test-crypt-bcrypt.c +index c984e4d47d8df2c6..bf149b405bd408c7 100644 +--- a/test-crypt-bcrypt.c ++++ b/test-crypt-bcrypt.c +@@ -194,8 +194,12 @@ main (void) + errno = 0; + p = crypt (key, setting); + errnm = errno; ++#if ENABLE_FAILURE_TOKENS + match = strcmp (p, hash); +- if ((!ok && !errno) || strcmp (p, hash)) ++#else ++ match = (ok ? strcmp (p, hash) : p != 0); ++#endif ++ if ((!ok && !errno) || match) + { + printf ("FAIL: %d/crypt.1: key=%s setting=%s: xhash=%s xerr=%d, " + "p=%s match=%d err=%s\n", diff --git a/SPECS/libxcrypt.spec b/SPECS/libxcrypt.spec new file mode 100644 index 0000000..cfb4302 --- /dev/null +++ b/SPECS/libxcrypt.spec @@ -0,0 +1,259 @@ +# Shared object version of libcrypt. +%global soc 1 +%global sol 1 +%global sof 0 +%global sov %{soc}.%{sol}.%{sof} + +# Add generation of HMAC checksums of the final stripped +# binaries. %%define with lazy globbing is used here +# intentionally, because using %%global does not work. +%define __spec_install_post \ +%{?__debug_package:%{__debug_install_post}} \ +%{__arch_install_post} \ +%{__os_install_post} \ +%{_bindir}/fipshmac %{buildroot}/%{_lib}/libcrypt.so.%{sov} \ +%{__ln_s} .libcrypt.so.%{sov}.hmac \\\ + %{buildroot}/%{_lib}/.libcrypt.so.%{soc}.hmac \ +%{nil} + + +Name: libxcrypt +Version: 4.1.1 +Release: 4%{?dist} +Summary: Extended crypt library for DES, MD5, Blowfish and others + +# For explicit license breakdown, see the +# LICENSING file in the source tarball. +License: LGPLv2+ and BSD and Public Domain +URL: https://github.com/besser82/%{name} +Source0: %{url}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +Patch1: libxcrypt-rh1612157.patch +Patch2: libxcrypt-rh1613537.patch + +BuildRequires: fipscheck +BuildRequires: libtool + +Requires: glibc%{_isa} >= 2.26.9000-46 + +# We do not need to keep this forever. +%if 0%{?fedora} && 0%{?fedora} <= 31 +# Inherited from former libcrypt package. +Obsoletes: libcrypt-nss <= 2.26.9000-33 + +# Obsolete former libcrypt properly. +Obsoletes: libcrypt <= 2.26.9000-46 + +# Provide virtual libcrypt as it has been done +# by former libcrypt{,-nss} packages from glibc. +Provides: libcrypt == 2.26.9000-46.1 +Provides: libcrypt%{?_isa} == 2.26.9000-46.1 +%endif + +%description +libxcrypt is a modern library for one-way hashing of passwords. It +supports DES, MD5, SHA-2-256, SHA-2-512, and bcrypt-based password +hashes, and provides the traditional Unix 'crypt' and 'crypt_r' +interfaces, as well as a set of extended interfaces pioneered by +Openwall Linux, 'crypt_rn', 'crypt_ra', 'crypt_gensalt', +'crypt_gensalt_rn', and 'crypt_gensalt_ra'. + +libxcrypt is intended to be used by login(1), passwd(1), and other +similar programs; that is, to hash a small number of passwords during +an interactive authentication dialogue with a human. It is not +suitable for use in bulk password-cracking applications, or in any +other situation where speed is more important than careful handling of +sensitive data. However, it *is* intended to be fast and lightweight +enough for use in servers that must field thousands of login attempts +per minute. + +On Linux-based systems, by default libxcrypt will be binary backward +compatible with the libcrypt.so.1 shipped as part of the GNU C Library. +This means that all existing binary executables linked against glibc's +libcrypt should work unmodified with this library's libcrypt.so.1. We +have taken pains to provide exactly the same "symbol versions" as were +used by glibc on various CPU architectures, and to account for the +variety of ways in which the Openwall extensions were patched into +glibc's libcrypt by some Linux distributions. (For instance, +compatibility symlinks for SuSE's "libowcrypt" are provided.) + +However, the converse is not true: programs linked against libxcrypt +will not work with glibc's libcrypt. Also, programs that use certain +legacy APIs supplied by glibc's libcrypt ('encrypt', 'encrypt_r', +'setkey', 'setkey_r', and 'fcrypt') cannot be compiled against libxcrypt. + + +%package devel +Summary: Development files for %{name} + +Requires: %{name}%{?_isa} == %{version}-%{release} +Requires: glibc-devel%{?_isa} >= 2.26.9000-46 +Requires: glibc-headers%{?_isa} >= 2.26.9000-46 +Conflicts: man-pages < 4.15-3 + +%description devel +The %{name}-devel package contains libraries and header files for +developing applications that use %{name}. + + +%package static +Summary: Static library for -static linking with %{name} + +Requires: %{name}-devel%{?_isa} == %{version}-%{release} +Requires: glibc-static%{?_isa} >= 2.26.9000-46 + +%description static +This package contains the libxcrypt static libraries for -static +linking. You don't need this, unless you link statically, which +is highly discouraged. + + +%prep +%autosetup -p 1 +%{_bindir}/autoreconf -fiv + + +%build +%configure \ + --libdir=/%{_lib} \ + --disable-silent-rules \ + --enable-shared \ + --enable-static \ + --disable-failure-tokens \ + --enable-hashes=all \ + --enable-obsolete-api=glibc \ + --with-pkgconfigdir=%{_libdir}/pkgconfig +%make_build + + +%install +%make_install + +# Get rid of libtool crap. +%{_bindir}/find %{buildroot} -name '*.la' -print -delete + +# Install documentation to shared %%_pkgdocdir. +%{__install} -Dpm 0644 -t %{buildroot}%{_pkgdocdir} \ + ChangeLog NEWS README THANKS TODO + + +%check +%make_build check || \ + { + rc=$?; + echo "-----BEGIN TESTLOG-----"; + %{__cat} test-suite.log; + echo "-----END TESTLOG-----"; + exit $rc; + } + + +%ldconfig_scriptlets + + +%files +%license AUTHORS COPYING.LIB LICENSING +%doc %dir %{_pkgdocdir} +%doc %{_pkgdocdir}/NEWS +%doc %{_pkgdocdir}/README +%doc %{_pkgdocdir}/THANKS +/%{_lib}/.libcrypt.so.%{soc}.hmac +/%{_lib}/.libcrypt.so.%{sov}.hmac +/%{_lib}/libcrypt.so.%{soc} +/%{_lib}/libcrypt.so.%{sov} +%{_mandir}/man5/crypt.5.* + + +%files devel +%doc %{_pkgdocdir}/ChangeLog +%doc %{_pkgdocdir}/TODO +/%{_lib}/libcrypt.so +%{_includedir}/crypt.h +%{_libdir}/pkgconfig/libcrypt.pc +%{_libdir}/pkgconfig/%{name}.pc +%{_mandir}/man3/crypt.3.* +%{_mandir}/man3/crypt_r.3.* +%{_mandir}/man3/crypt_ra.3.* +%{_mandir}/man3/crypt_rn.3.* +%{_mandir}/man3/crypt_gensalt.3.* + +%files static +/%{_lib}/libcrypt.a + + +%changelog +* Wed Aug 8 2018 Florian Weimer - 4.1.1-4 +- Move development panpages to libxcrypt-devel (#1613824) + +* Wed Aug 8 2018 Florian Weimer - 4.1.1-3 +- Change crypt, crypt_r to return NULL on failure (#1613537) + +* Wed Aug 8 2018 Florian Weimer - 4.1.1-2 +- Add manpages aliases for crypt, crypt_r, crypt_ra (#1612157) + +* Wed Aug 01 2018 Björn Esser - 4.1.1-1 +- New upstream release + +* Fri Jul 13 2018 Björn Esser - 4.1.0-1 +- New upstream release + +* Fri Jul 13 2018 Björn Esser - 4.0.1-6 +- Make testsuite fail on error again +- Update patch0 with more upstream fixes + +* Fri Jul 13 2018 Björn Esser - 4.0.1-5 +- Add patch to update to recent development branch +- Re-enable SUNMD5 support as it is BSD licensed now +- Build compatibility symbols for glibc only +- Skip failing testsuite once + +* Fri Jul 13 2018 Fedora Release Engineering - 4.0.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Fri Jun 29 2018 Florian Weimer - 4.0.1-3 +- Remove CDDL from license list (#1592445) + +* Fri Jun 29 2018 Florian Weimer - 4.0.1-2 +- Remove SUNMD5 support (#1592445) + +* Wed May 16 2018 Björn Esser - 4.0.1-1 +- New upstream release + +* Sat Feb 17 2018 Björn Esser - 4.0.0-5 +- Switch to %%ldconfig_scriptlets + +* Wed Feb 07 2018 Fedora Release Engineering - 4.0.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Feb 01 2018 Björn Esser - 4.0.0-3 +- Add patch to fix unintialize value in badsalt test + +* Wed Jan 31 2018 Björn Esser - 4.0.0-2 +- Add patch to fix bcrypt test with GCC8 + +* Sat Jan 27 2018 Björn Esser - 4.0.0-1 +- New upstream release + +* Mon Jan 22 2018 Igor Gnatenko - 4.0.0-0.204.20180120git3436e7b +- Fix Obsoletes + +* Sat Jan 20 2018 Björn Esser - 4.0.0-0.203.20180120git3436e7b +- Update to new snapshot fixing cast-align + +* Sat Jan 20 2018 Björn Esser - 4.0.0-0.202.20180120gitde99d27 +- Update to new snapshot (rhbz#1536752) + +* Sat Jan 20 2018 Björn Esser - 4.0.0-0.201.20171109git15447aa +- Use archful Obsoletes for libcrypt +- Add versioned Requires on glibc packages not shipping libcrypt +- Add comments about the packaging logic for replacing former libcrypt + +* Fri Jan 12 2018 Björn Esser - 4.0.0-0.200.20171109git15447aa +- Initial import (rhbz#1532794) +- Add Obsoletes/Provides for libcrypt + +* Wed Jan 10 2018 Björn Esser - 4.0.0-0.101.20171109git15447aa +- Fix style of %%git_{rel,ver} + +* Tue Jan 09 2018 Björn Esser - 4.0.0-0.100.git20171109.15447aa +- Initial rpm release (rhbz#1532794) +- Start revision at 0.100 to superseed builds from COPR