diff --git a/libxcrypt-4.0.1_to_develop.patch b/libxcrypt-4.0.1_to_develop.patch index b9b8c4a..d6c0aad 100644 --- a/libxcrypt-4.0.1_to_develop.patch +++ b/libxcrypt-4.0.1_to_develop.patch @@ -1,7 +1,7 @@ From 0bf9b35bb04b9f35a43e2ff6493d6a5ecc3c9db1 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Tue, 22 May 2018 11:42:07 +0200 -Subject: [PATCH 01/38] Fix spelling of SUSE +Subject: [PATCH 01/41] Fix spelling of SUSE --- Makefile.am | 4 ++-- @@ -61,7 +61,7 @@ index 2de7d1b..18aac79 100644 From 089d679b81a3c4e821f5f9cfaacb33e67370eeed Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 22 Jun 2018 00:07:54 +0000 -Subject: [PATCH 02/38] Lower the minimum required automake version +Subject: [PATCH 02/41] Lower the minimum required automake version The minimum required automake version was raised from 1.7 to 1.15 by commit a6c11d6cd89ac391dfb81bc2b7eb2b9fb31d7da6. This new requirement @@ -88,7 +88,7 @@ index 90fe733..491dfae 100644 From fab17cc338b3e18cb74ebed8da3a876e485e3c95 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 22 Jun 2018 00:07:54 +0000 -Subject: [PATCH 03/38] gen-vers.awk: fix typo in comment +Subject: [PATCH 03/41] gen-vers.awk: fix typo in comment --- gen-vers.awk | 2 +- @@ -111,7 +111,7 @@ index 602195a..4870d05 100644 From b1d83b002039a561233ce55986d9205e76138a14 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Wed, 27 Jun 2018 14:58:49 +0000 -Subject: [PATCH 04/38] Fix build with USE_SWAPCONTEXT turned off +Subject: [PATCH 04/41] Fix build with USE_SWAPCONTEXT turned off Due to regression introduced by commit v4.0.0~100, the project no longer builds when USE_SWAPCONTEXT is not available or explicitly turned off. @@ -138,7 +138,7 @@ index d7f0ffc..2aa9491 100644 From 942d51bbe41f6f84138916c2b180b5b669d65b27 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 29 Jun 2018 11:07:48 +0000 -Subject: [PATCH 05/38] Include crypt-port.h in two remaining source files +Subject: [PATCH 05/41] Include crypt-port.h in two remaining source files crypt-port.h must be the first header file included by each source file, this guarantees that config.h is included before any system header. @@ -175,7 +175,7 @@ index 27313f0..5e4f118 100644 From e9b661ffd4d58788f61c46ad1e8e29380b43f464 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 29 Jun 2018 11:07:48 +0000 -Subject: [PATCH 06/38] Use ARRAY_SIZE instead of open-coding it in every use +Subject: [PATCH 06/41] Use ARRAY_SIZE instead of open-coding it in every use case Introduce ARRAY_SIZE macro, use it in all cases like @@ -441,7 +441,7 @@ index dfe194c..4b3a0e1 100644 From 10483284a8fbefde59e71700089a28e3f18cbe5b Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 22 Jun 2018 00:07:54 +0000 -Subject: [PATCH 07/38] Extend --enable-weak-hashes configure option +Subject: [PATCH 07/41] Extend --enable-weak-hashes configure option Extend --enable-weak-hashes configure option to accept optional "glibc" parameter. When specified, it enables only those of weak hashes that @@ -767,7 +767,7 @@ index 4b3a0e1..39a5435 100644 From 84134e4d8e773fa6e27df1de2088f001e8042ef2 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Tue, 26 Jun 2018 22:45:01 +0000 -Subject: [PATCH 08/38] crypt_gensalt_rn: fix the number of automatically +Subject: [PATCH 08/41] crypt_gensalt_rn: fix the number of automatically obtained random bytes Commit v4.0.0~94 extended crypt_gensalt_ra to obtained random bytes @@ -967,7 +967,7 @@ index 39a5435..f4d0629 100644 From 2973606ece4ebc17ffea4882b090eec68555f0b0 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Wed, 27 Jun 2018 17:59:36 +0000 -Subject: [PATCH 09/38] crypt_gensalt_rn: fix the leak of obtained random bytes +Subject: [PATCH 09/41] crypt_gensalt_rn: fix the leak of obtained random bytes Erase the memory containing automatically obtained random bytes to avoid leak of sensitive data after return from the function. @@ -1011,7 +1011,7 @@ index 26f3537..12d50fd 100644 From 19ac122ea84b370e421a8cb5a174a64577f6fa4e Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 29 Jun 2018 02:59:42 +0000 -Subject: [PATCH 10/38] test-gensalt: extend checks of expected output +Subject: [PATCH 10/41] test-gensalt: extend checks of expected output In addition to checks for expected output length, check expected output strings for deterministic methods. @@ -1150,7 +1150,7 @@ index f4d0629..2705671 100644 From 75dd1518c70d11093117e5c575cc2d7c121415f9 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sat, 30 Jun 2018 12:26:41 +0000 -Subject: [PATCH 11/38] crypt_sha1_rn: fix memory leak +Subject: [PATCH 11/41] crypt_sha1_rn: fix memory leak Reported-by: Vitaly Chikunov --- @@ -1174,7 +1174,7 @@ index ac4f04a..e8427d5 100644 From 86f386578f997a1039df42e26ff3f766ed09454b Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Sat, 30 Jun 2018 12:26:41 +0000 -Subject: [PATCH 12/38] gensalt_sha1_rn: fix read of random bytes out of bounds +Subject: [PATCH 12/41] gensalt_sha1_rn: fix read of random bytes out of bounds Reported-by: Vitaly Chikunov --- @@ -1199,7 +1199,7 @@ index e8427d5..b55d233 100644 From fd45d0e95045b49a80a87bfa184fc9be90336779 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 29 Jun 2018 13:22:51 +0000 -Subject: [PATCH 13/38] .travis.yml: reduce flakyness +Subject: [PATCH 13/41] .travis.yml: reduce flakyness Reduce false positives by wrapping network-related operations into a loop. @@ -1243,7 +1243,7 @@ index c812e22..7e892b2 100644 From 1a51a81abc609c1a48edb2f4c0887e892e9e968f Mon Sep 17 00:00:00 2001 From: Zack Weinberg Date: Wed, 4 Jul 2018 15:07:31 -0400 -Subject: [PATCH 14/38] Check in alg-des-tables.c, don't run gen-des-tables at +Subject: [PATCH 14/41] Check in alg-des-tables.c, don't run gen-des-tables at build time. This eliminates a whole bunch of dodgy logic from @@ -5403,7 +5403,7 @@ index ac6043a..0000000 From ed4be6afa7b34fe0d827cc3f7f9608de0d9325cd Mon Sep 17 00:00:00 2001 From: Zack Weinberg Date: Wed, 4 Jul 2018 21:42:36 -0400 -Subject: [PATCH 15/38] Make it possible to disable individual hashes at +Subject: [PATCH 15/41] Make it possible to disable individual hashes at configure time. The table of supported hash algorithms now lives in hashes.lst. @@ -7364,7 +7364,7 @@ index 2705671..b81fcf0 100644 From 15b30b6d7da6d5470de65f9a2a4d676f82423ceb Mon Sep 17 00:00:00 2001 From: Zack Weinberg Date: Wed, 4 Jul 2018 22:31:02 -0400 -Subject: [PATCH 16/38] .travis.yml: Use --enable-hashes instead of +Subject: [PATCH 16/41] .travis.yml: Use --enable-hashes instead of --enable-weak-hashes. --- @@ -7473,7 +7473,7 @@ index 7e892b2..ffca408 100644 From a33d95ea613256c46f0b05fa2345080d47193c9e Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Wed, 4 Jul 2018 15:59:40 +0000 -Subject: [PATCH 17/38] .travis.yml: add --enable-hashes=glibc to the test +Subject: [PATCH 17/41] .travis.yml: add --enable-hashes=glibc to the test matrix --- @@ -7519,7 +7519,7 @@ index ffca408..b8a7ecf 100644 From a7f9df50cecec46bb8176382faa685ce35ca72be Mon Sep 17 00:00:00 2001 From: Zack Weinberg Date: Thu, 5 Jul 2018 15:20:05 -0400 -Subject: [PATCH 18/38] Make salt validation pickier. +Subject: [PATCH 18/41] Make salt validation pickier. This started out as a patch to fold together test-crypt-badsalt.c and test-crypt-nonnull.c (which were almost the same program) and extend @@ -8904,7 +8904,7 @@ index b81fcf0..5b9d64c 100644 From 58ac83090e107aa628a5be252931a2b8b0f286cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Sun, 8 Jul 2018 23:59:53 +0200 -Subject: [PATCH 19/38] Fix Werror=stringop-truncation +Subject: [PATCH 19/41] Fix Werror=stringop-truncation --- test-gensalt.c | 5 ++--- @@ -8930,7 +8930,7 @@ index 5b9d64c..c08627e 100644 From 98043c5be0ed8a09dfd49ad04b179c017ac78677 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Mon, 9 Jul 2018 00:49:19 +0200 -Subject: [PATCH 20/38] Fix DNF config for DNF v3.x +Subject: [PATCH 20/41] Fix DNF config for DNF v3.x --- .travis.dnf.conf.rawhide_latest | 4 ++-- @@ -8952,7 +8952,7 @@ index ee4370a..52b55b0 100644 From c14b7ae156e4dfb21c4c2506eb6d44e98eaa6f29 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Mon, 9 Jul 2018 11:42:05 +0200 -Subject: [PATCH 21/38] Extend badsalt tests and fix invalid pass +Subject: [PATCH 21/41] Extend badsalt tests and fix invalid pass --- test-badsalt.c | 53 +++++++++++++++++++++++++++++++++++++---------------- @@ -9065,7 +9065,7 @@ index 41d164a..6d57b14 100644 From 820e5b242e648347e9c9e4110e75842b3d6531e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Mon, 9 Jul 2018 15:25:54 +0200 -Subject: [PATCH 22/38] Add test for short output buffers +Subject: [PATCH 22/41] Add test for short output buffers --- Makefile.am | 3 ++- @@ -9176,7 +9176,7 @@ index 0000000..7ab9d11 From 9197a77826124683e39ef123f5e57058e358e225 Mon Sep 17 00:00:00 2001 From: Zack Weinberg Date: Tue, 10 Jul 2018 12:06:10 -0400 -Subject: [PATCH 23/38] Replace crypt-sunmd5.c with BSD-licensed cleanroom +Subject: [PATCH 23/41] Replace crypt-sunmd5.c with BSD-licensed cleanroom reimplementation. This eliminates all CDDL-licensed code from the library, as requested @@ -9852,7 +9852,7 @@ index c08627e..f8d95c3 100644 From 4067bee9f5b24d5323af232ef25f3b6dc4950f5a Mon Sep 17 00:00:00 2001 From: Zack Weinberg Date: Tue, 10 Jul 2018 20:32:11 -0400 -Subject: [PATCH 24/38] Make crypt_gensalt for $sha1 deterministic. +Subject: [PATCH 24/41] Make crypt_gensalt for $sha1 deterministic. All of the randomness is now drawn from the 'rbytes' argument, rather than taking some of it from direct calls to get_random_bytes. This @@ -10063,7 +10063,7 @@ index f8d95c3..98923e5 100644 From 9bed27f2bd0495361e892a0740bcdf237f560b98 Mon Sep 17 00:00:00 2001 From: Zack Weinberg Date: Tue, 10 Jul 2018 21:36:11 -0400 -Subject: [PATCH 25/38] Don't use malloc in crypt-pbkdf1-sha1.c. +Subject: [PATCH 25/41] Don't use malloc in crypt-pbkdf1-sha1.c. There's no need to copy the salt when we can just use %.*s in two places. @@ -10155,7 +10155,7 @@ index eeb57d5..75ca300 100644 From c20f9f161c0aa362e0ed8bc8ee387badd8acbc38 Mon Sep 17 00:00:00 2001 From: Zack Weinberg Date: Tue, 10 Jul 2018 21:44:02 -0400 -Subject: [PATCH 26/38] Fix incorrect output-size computation in crypt_sha1_rn. +Subject: [PATCH 26/41] Fix incorrect output-size computation in crypt_sha1_rn. It was testing for enough space for the raw SHA1 digest, not the digest after base64 expansion. @@ -10195,7 +10195,7 @@ index cbf390e..c96b72d 100644 From 8639108dea0b847282e1de2bae6c7aef8f778b99 Mon Sep 17 00:00:00 2001 From: Zack Weinberg Date: Tue, 10 Jul 2018 21:49:14 -0400 -Subject: [PATCH 27/38] Make XCRYPT_SECURE_MEMSET() syntactically a normal +Subject: [PATCH 27/41] Make XCRYPT_SECURE_MEMSET() syntactically a normal expression. All of the alternative definitions of XCRYPT_SECURE_MEMSET expanded to @@ -10456,7 +10456,7 @@ index 5647250..5053525 100644 From 15d1e3bf3d259ea262f3d34e8c225a3abfabaa09 Mon Sep 17 00:00:00 2001 From: Zack Weinberg Date: Wed, 11 Jul 2018 17:15:46 -0400 -Subject: [PATCH 28/38] Add more tests based on gaps in line coverage. +Subject: [PATCH 28/41] Add more tests based on gaps in line coverage. We were not adequately testing invalid-argument error paths within crypt_gensalt, and we were also not adequately testing a variety of @@ -11237,7 +11237,7 @@ index 98923e5..6713387 100644 From 4f71018701bf54fb9891cc94d8d268f46ed82e62 Mon Sep 17 00:00:00 2001 From: Zack Weinberg Date: Wed, 11 Jul 2018 21:53:54 -0400 -Subject: [PATCH 29/38] Fix test-badsetting when not all hashes are enabled. +Subject: [PATCH 29/41] Fix test-badsetting when not all hashes are enabled. It turns out I was wrong to think that we could safely leave the subtests for excluded hashes enabled, because you get a slightly @@ -11374,7 +11374,7 @@ index ae2337b..d6abe71 100644 From b9064279d0d73e7d1f0ce3de3d52c31ed7a8ca2e Mon Sep 17 00:00:00 2001 From: Zack Weinberg Date: Thu, 12 Jul 2018 12:21:44 -0400 -Subject: [PATCH 30/38] crypt.5: Add docs for SHA1, MD5/Sun, NTHASH. +Subject: [PATCH 30/41] crypt.5: Add docs for SHA1, MD5/Sun, NTHASH. Also tighten up the wording in a couple other places and fix a bug that was making the .hash macro not do what it was supposed to for @@ -11568,7 +11568,7 @@ index f79dd3d..5db9c92 100644 From 77461c03422ce1f5829b0180e68c4bdbf914956c Mon Sep 17 00:00:00 2001 From: Zack Weinberg Date: Thu, 12 Jul 2018 12:23:59 -0400 -Subject: [PATCH 31/38] Add two more test programs to .gitignore. +Subject: [PATCH 31/41] Add two more test programs to .gitignore. --- .gitignore | 2 ++ @@ -11598,7 +11598,7 @@ index bb7f15c..16488f3 100644 From 9f728b79718a8e8b371f48b75592beed638f9c2b Mon Sep 17 00:00:00 2001 From: Zack Weinberg Date: Thu, 12 Jul 2018 12:24:46 -0400 -Subject: [PATCH 32/38] test-badsetting.c: correct "Written by" year. +Subject: [PATCH 32/41] test-badsetting.c: correct "Written by" year. --- test-badsetting.c | 2 +- @@ -11620,7 +11620,7 @@ index d6abe71..665e830 100644 From b3ee64bf08082367ea2116ea1fb2007e1a2896cd Mon Sep 17 00:00:00 2001 From: Zack Weinberg Date: Thu, 12 Jul 2018 12:25:12 -0400 -Subject: [PATCH 33/38] Add tests for get_random_bytes. +Subject: [PATCH 33/41] Add tests for get_random_bytes. It turns out not to be *that* hard to exercise the fallback logic in get_random_bytes, thanks to GNU ld's --wrap feature. There is also @@ -12269,7 +12269,7 @@ index 0000000..16df6d0 From 59680ceac13f85a1506fca87255ea47304a8e493 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Tue, 26 Jun 2018 22:45:01 +0000 -Subject: [PATCH 34/38] crypt.h: introduce CRYPT_GENSALT_IMPLEMENTS_* feature +Subject: [PATCH 34/41] crypt.h: introduce CRYPT_GENSALT_IMPLEMENTS_* feature test macros Define CRYPT_GENSALT_IMPLEMENTS_DEFAULT_PREFIX and @@ -12343,7 +12343,7 @@ index 8759011..ebfff28 100644 From d077e0bf39c7b4e3443c35ac8abd6eae4489aecd Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Mon, 9 Jul 2018 17:35:38 +0000 -Subject: [PATCH 35/38] Install libcrypt.pc symlink along with libxcrypt.pc +Subject: [PATCH 35/41] Install libcrypt.pc symlink along with libxcrypt.pc As the library name differs from the project name, avoid potential confusion libcrypt.pc vs libxcrypt.pc by installing libcrypt.pc symlink @@ -12376,7 +12376,7 @@ index f99f842..945f283 100644 From 4f22827c619c2196898b32de44bd45ca627de545 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Fri, 22 Jun 2018 00:07:54 +0000 -Subject: [PATCH 36/38] Extend --enable-obsolete-api configure option +Subject: [PATCH 36/41] Extend --enable-obsolete-api configure option Make vendor specific parts of compatibility ABI that are enabled by --enable-obsolete-api option configurable. This allows vendors to @@ -12607,7 +12607,7 @@ index 18aac79..0989990 100644 From 022c86e681d2497ac02d88ac265d3c7c2d8b4ac5 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Tue, 10 Jul 2018 15:38:15 +0000 -Subject: [PATCH 37/38] .travis.yml: add --enable-obsolete-api=glibc to the +Subject: [PATCH 37/41] .travis.yml: add --enable-obsolete-api=glibc to the test matrix --- @@ -12653,7 +12653,7 @@ index 31c50fa..db45ded 100644 From 430212bcae4b9f31ed12bc52706b313da723c5cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Fri, 13 Jul 2018 12:21:32 +0200 -Subject: [PATCH 38/38] test-short-outbuf.c: Fix to build on 32 bit arches +Subject: [PATCH 38/41] test-short-outbuf.c: Fix to build on 32 bit arches --- test-short-outbuf.c | 8 ++++---- @@ -12685,3 +12685,225 @@ index 7ab9d11..d928daa 100644 free (j); free (*outbuf); + +From 383b8b86fc9ab960c60d99ad3c82a93404879c57 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= +Date: Fri, 13 Jul 2018 13:31:07 +0200 +Subject: [PATCH 39/41] crypt-sunmd5.c: Fix possible overflow on 32 bit arches + +--- + crypt-sunmd5.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypt-sunmd5.c b/crypt-sunmd5.c +index c294797..c72aff5 100644 +--- a/crypt-sunmd5.c ++++ b/crypt-sunmd5.c +@@ -299,7 +299,7 @@ gensalt_sunmd5_rn (unsigned long count, + bits of entropy are smuggled into the salt via the round number). */ + if (count < 32768) + count = 32768; +- else if (count + 65536 > SUNMD5_MAX_ROUNDS) ++ else if (count > SUNMD5_MAX_ROUNDS - 65536) + count = SUNMD5_MAX_ROUNDS - 65536; + + count += ((unsigned int)rbytes[0]) << 8; + +From f08ac26609d5bceb867f76b78979b1c21ff04206 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= +Date: Fri, 13 Jul 2018 15:50:34 +0200 +Subject: [PATCH 40/41] crypt-pbkdf1-sha1.c: gensalt should have indentical + output on big endian arches + +--- + crypt-pbkdf1-sha1.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/crypt-pbkdf1-sha1.c b/crypt-pbkdf1-sha1.c +index cf22f67..38ade74 100644 +--- a/crypt-pbkdf1-sha1.c ++++ b/crypt-pbkdf1-sha1.c +@@ -30,6 +30,7 @@ + #include "crypt-port.h" + #include "crypt-private.h" + #include "alg-hmac-sha1.h" ++#include "byteorder.h" + + #include + #include +@@ -227,8 +228,8 @@ gensalt_sha1_rn (unsigned long count, + * dictionary attack by not using the same iteration count for + * every entry. + */ +- uint32_t rounds, random; +- memcpy (&random, rbytes, 4); ++ uint32_t rounds, random = le32_to_cpu (rbytes); ++ + if (count == 0) + count = CRYPT_SHA1_ITERATIONS; + if (count > UINT32_MAX) + +From 8fb52d98e2750cd5302a375727b703b925896f33 Mon Sep 17 00:00:00 2001 +From: Zack Weinberg +Date: Fri, 13 Jul 2018 11:45:06 -0400 +Subject: [PATCH 41/41] Fix several test failures on x86-64 with -m32. + + - more fixes for crypt-sunmd5.c when 'unsigned long' and 'unsigned + int' are the same + - test-getrandom-fallbacks needs to interpose open64 as well as open + - test-short-outbuf.c can use %zu instead of %lu to avoid casting + - glibc for x86-64/-m32 uses the same symbol versions as glibc/i386 + +also, libcrypt.minver is now in alphabetical order by host_cpu pattern +within each block of architectures with the same minimum symbol version. +--- + Makefile.am | 2 +- + crypt-sunmd5.c | 6 +++--- + libcrypt.minver | 27 ++++++++++++++------------- + test-gensalt.c | 2 +- + test-getrandom-fallbacks.c | 13 +++++++++++++ + test-short-outbuf.c | 8 ++++---- + 6 files changed, 36 insertions(+), 22 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index be8b585..8605ce7 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -204,7 +204,7 @@ test_getrandom_fallbacks_LDADD = randombytes.lo + if HAVE_LD_WRAP + test_getrandom_fallbacks_LDFLAGS = \ + -Wl,--wrap,getentropy -Wl,--wrap,getrandom -Wl,--wrap,syscall \ +- -Wl,--wrap,open -Wl,--wrap,read -Wl,--wrap,close ++ -Wl,--wrap,open -Wl,--wrap,open64 -Wl,--wrap,read -Wl,--wrap,close + endif + + # Every object file depends on crypt-symbol-vers.h and crypt-hashes.h, +diff --git a/crypt-sunmd5.c b/crypt-sunmd5.c +index c72aff5..0c67a67 100644 +--- a/crypt-sunmd5.c ++++ b/crypt-sunmd5.c +@@ -43,7 +43,7 @@ + #define SUNMD5_SALT_LEN 8 + #define SUNMD5_MAX_SETTING_LEN 32 /* $md5,rounds=4294963199$12345678$ */ + #define SUNMD5_BARE_OUTPUT_LEN 22 /* not counting the setting or the NUL */ +-#define SUNMD5_MAX_ROUNDS (0xFFFFFFFF - 4096) ++#define SUNMD5_MAX_ROUNDS (0xFFFFFFFFul - 4096) + + /* At each round of the algorithm, this string (including the trailing + NUL) may or may not be included in the input to MD5, depending on a +@@ -302,8 +302,8 @@ gensalt_sunmd5_rn (unsigned long count, + else if (count > SUNMD5_MAX_ROUNDS - 65536) + count = SUNMD5_MAX_ROUNDS - 65536; + +- count += ((unsigned int)rbytes[0]) << 8; +- count += ((unsigned int)rbytes[1]) << 0; ++ count += ((unsigned long)rbytes[0]) << 8; ++ count += ((unsigned long)rbytes[1]) << 0; + + assert (count != 0); + +diff --git a/libcrypt.minver b/libcrypt.minver +index 256a40a..e1896bb 100644 +--- a/libcrypt.minver ++++ b/libcrypt.minver +@@ -31,23 +31,24 @@ + riscv64.* GLIBC_2.27 + nios2.* GLIBC_2.21 + microblaze.* GLIBC_2.18 +-powerpc64le.* GLIBC_2.17 + aarch64.* GLIBC_2.17 ++powerpc64le.* GLIBC_2.17 + x86_64.* GLIBC_2.16 /* x32 */ __x86_64__ && ULONG_MAX == UINT_MAX +-tilepro.* GLIBC_2.12 + tilegx.* GLIBC_2.12 +-m68k.* GLIBC_2.4 /* coldfire */ defined __mcoldfire__ ++tilepro.* GLIBC_2.12 + arm.* GLIBC_2.4 ++m68k.* GLIBC_2.4 /* coldfire */ defined __mcoldfire__ + powerpc64.* GLIBC_2.3 +-x86_64.* GLIBC_2.2.5 ++x86_64.* GLIBC_2.2.5 /* 64 */ defined __x86_64__ + s390x.* GLIBC_2.2 +-sparc.* GLIBC_2.0 +-sh.* GLIBC_2.0 +-s390.* GLIBC_2.0 +-powerpc.* GLIBC_2.0 +-mips.* GLIBC_2.0 +-m68k.* GLIBC_2.0 +-ia64.* GLIBC_2.0 +-i[3-9]86.* GLIBC_2.0 +-hppa.* GLIBC_2.0 + alpha.* GLIBC_2.0 ++hppa.* GLIBC_2.0 ++i[3-9]86.* GLIBC_2.0 ++ia64.* GLIBC_2.0 ++m68k.* GLIBC_2.0 ++mips.* GLIBC_2.0 ++powerpc.* GLIBC_2.0 ++s390.* GLIBC_2.0 ++sh.* GLIBC_2.0 ++sparc.* GLIBC_2.0 ++x86_64.* GLIBC_2.0 /* 32 */ +diff --git a/test-gensalt.c b/test-gensalt.c +index 6713387..bbdfedb 100644 +--- a/test-gensalt.c ++++ b/test-gensalt.c +@@ -179,7 +179,7 @@ static const struct testcase testcases[] = + // SHA1/PBKDF always emits a round count, but we need to test its + // behavior on very large inputs. (This number is the largest + // supported round count.) +- { "$md5", sunmd5_expected_output_r, 32, 0, 4294963199 }, ++ { "$md5", sunmd5_expected_output_r, 32, 0, 4294963199ul }, + #endif + #if INCLUDE_sha1 + { "$sha1", sha1_expected_output, 26, 34, 0 }, +diff --git a/test-getrandom-fallbacks.c b/test-getrandom-fallbacks.c +index 8cbab5f..3e7a96a 100644 +--- a/test-getrandom-fallbacks.c ++++ b/test-getrandom-fallbacks.c +@@ -170,6 +170,19 @@ __wrap_open (const char *path, int flags, mode_t mode) + return ret; + } + ++extern int __wrap_open64 (const char *, int, mode_t); ++extern int __real_open64 (const char *, int, mode_t); ++int ++__wrap_open64 (const char *path, int flags, mode_t mode) ++{ ++ int ret = __real_open64 (path, flags, mode); ++ if (ret == -1) ++ return ret; ++ if (!strcmp (path, "/dev/urandom")) ++ urandom_fd = ret; ++ return ret; ++} ++ + extern int __wrap_close (int); + extern int __real_close (int); + int +diff --git a/test-short-outbuf.c b/test-short-outbuf.c +index d928daa..f3f33a0 100644 +--- a/test-short-outbuf.c ++++ b/test-short-outbuf.c +@@ -44,8 +44,8 @@ main (void) + ok = false; + } + +- printf ("Test %u.0: %s, expected: \"%-2s\", got: \"%-2s\"\n", +- (unsigned int)(i + 1), result, testcases[i].exp_rn, *outbuf); ++ printf ("Test %zu.0: %s, expected: \"%-2s\", got: \"%-2s\"\n", ++ i + 1, result, testcases[i].exp_rn, *outbuf); + + crypt_ra ("@@", "@@", (void **) outbuf, (int *) j); + +@@ -59,8 +59,8 @@ main (void) + ok = false; + } + +- printf ("Test %u.1: %s, expected: \"%-2s\", got: \"%-2s\"\n", +- (unsigned int)(i + 1), result, testcases[i].exp_ra, *outbuf); ++ printf ("Test %zu.1: %s, expected: \"%-2s\", got: \"%-2s\"\n", ++ i + 1, result, testcases[i].exp_ra, *outbuf); + + free (j); + free (*outbuf); diff --git a/libxcrypt.spec b/libxcrypt.spec index d9866fa..3478b04 100644 --- a/libxcrypt.spec +++ b/libxcrypt.spec @@ -19,7 +19,7 @@ Name: libxcrypt Version: 4.0.1 -Release: 5%{?dist} +Release: 6%{?dist} Summary: Extended crypt library for DES, MD5, Blowfish and others # For explicit license breakdown, see the @@ -141,7 +141,7 @@ is highly discouraged. echo "-----BEGIN TESTLOG-----"; %{__cat} test-suite.log; echo "-----END TESTLOG-----"; -# exit $rc; + exit $rc; } @@ -177,6 +177,10 @@ is highly discouraged. %changelog +* Fri Jul 13 2018 Björn Esser - 4.0.1-6 +- Make testsuite fail on error again +- Update patch0 with more upstream fixes + * Fri Jul 13 2018 Björn Esser - 4.0.1-5 - Add patch to update to recent development branch - Re-enable SUNMD5 support as it is BSD licensed now