Auto sync2gitlab import of libxcrypt-4.1.1-6.el8.src.rpm

.gitignore

@@ -0,0 +1 @@
+/libxcrypt-4.1.1.tar.gz

EMPTY

@@ -1 +0,0 @@
- 

libxcrypt-rh1612157.patch

@@ -0,0 +1,67 @@
+commit cc1806e214b89403152c2c53932d8d0b8aeb1e91
+Author: Björn Esser <besser82@fedoraproject.org>
+Date:   Sat Aug 4 13:02:03 2018 +0200
+
+    Add alias man-pages for other crypt functions.
+
+diff --git a/Makefile.am b/Makefile.am
+index 201dea53313e7054..1ea36121d085b55d 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -15,7 +15,8 @@ EXTRA_DIST = \
+ 	gen-map.awk gen-vers.awk gen-crypt-h.awk \
+ 	gen-hashes.awk sel-hashes.awk hashes.lst
+ 
+-notrans_dist_man3_MANS = crypt_rn.3 crypt_gensalt.3
++notrans_dist_man3_MANS = crypt.3 crypt_r.3 crypt_ra.3 \
++	crypt_rn.3 crypt_gensalt.3
+ notrans_dist_man5_MANS = crypt.5
+ 
+ nodist_include_HEADERS = crypt.h
+diff --git a/crypt.3 b/crypt.3
+new file mode 100644
+index 0000000000000000..430e48f320d6e8af
+--- /dev/null
++++ b/crypt.3
+@@ -0,0 +1 @@
++.so man3/crypt_rn.3
+diff --git a/crypt.5 b/crypt.5
+index 5db9c923cbd66e55..7fe46091f192b114 100644
+--- a/crypt.5
++++ b/crypt.5
+@@ -279,6 +279,8 @@ that will work on an old operating system that supports nothing else.
+ .hash "$3$" "\e$3\e$\e$[0-9a-f]{32}" unlimited 8 256 256 0 1
+ .SH SEE ALSO
+ .BR crypt (3),
++.BR crypt_r (3),
++.BR crypt_ra (3),
+ .BR crypt_rn (3),
+ .BR crypt_gensalt (3),
+ .BR getpwent (3),
+diff --git a/crypt_gensalt.3 b/crypt_gensalt.3
+index ebfff28db79a3c53..31097400e5cd2080 100644
+--- a/crypt_gensalt.3
++++ b/crypt_gensalt.3
+@@ -223,6 +223,8 @@ T}	Thread safety	MT-Safe
+ .SH SEE ALSO
+ .ad l
+ .BR crypt (3),
++.BR crypt_r (3),
++.BR crypt_ra (3),
+ .BR crypt_rn (3),
+ .BR getpass (3),
+ .BR getpwent (3),
+diff --git a/crypt_r.3 b/crypt_r.3
+new file mode 100644
+index 0000000000000000..430e48f320d6e8af
+--- /dev/null
++++ b/crypt_r.3
+@@ -0,0 +1 @@
++.so man3/crypt_rn.3
+diff --git a/crypt_ra.3 b/crypt_ra.3
+new file mode 100644
+index 0000000000000000..430e48f320d6e8af
+--- /dev/null
++++ b/crypt_ra.3
+@@ -0,0 +1 @@
++.so man3/crypt_rn.3

libxcrypt-rh1613537.patch

@@ -0,0 +1,320 @@
+commit 8596e298f761c32cecff45424f5242cd14269292
+Author: Zack Weinberg <zackw@panix.com>
+Date:   Tue Aug 7 21:35:12 2018 -0400
+
+    Add configure option --disable-failure-tokens.
+    
+    When this option is given, crypt and crypt_r will return NULL on
+    failure, instead of a special "failure token" string that isn't the
+    hash of any passphrase.  This was the historical behavior of glibc,
+    FreeBSD libc, and several other implementations.
+
+diff --git a/configure.ac b/configure.ac
+index a22a5926bd82f729..23651f9c5c886107 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -152,6 +152,25 @@ AC_CHECK_FUNCS_ONCE([
+ ])
+ 
+ # Configure options.
++AC_ARG_ENABLE([failure-tokens],
++    AS_HELP_STRING(
++        [--disable-failure-tokens],
++        [Make crypt and crypt_r return NULL on failure, instead of a
++         special "failure token" string that isn't the hash of any
++         passphrase.  This matches the behavior of several other
++         crypt implementations, but will break programs that assume these
++         functions never return NULL.  crypt_rn and crypt_ra are not affected
++         by this option, and will always return NULL on failure.]
++    ),
++    [case "$enableval" in
++      yes) enable_failure_tokens=1;;
++       no) enable_failure_tokens=0;;
++        *) AC_MSG_ERROR([bad value ${enableval} for --enable-failure-tokens]);;
++     esac],
++    [enable_failure_tokens=1])
++AC_DEFINE_UNQUOTED([ENABLE_FAILURE_TOKENS], [$enable_failure_tokens],
++  [Define to 1 if crypt and crypt_r should return a "failure token" on
++   failure, or 0 if they should return NULL.])
+ 
+ AC_ARG_ENABLE([obsolete-api],
+     AS_HELP_STRING(
+diff --git a/crypt.c b/crypt.c
+index 9a3e19214e613097..839763afad14eaa9 100644
+--- a/crypt.c
++++ b/crypt.c
+@@ -235,7 +235,11 @@ crypt_r (const char *phrase, const char *setting, struct crypt_data *data)
+ {
+   make_failure_token (setting, data->output, sizeof data->output);
+   do_crypt (phrase, setting, data);
++#if ENABLE_FAILURE_TOKENS
+   return data->output;
++#else
++  return data->output[0] == '*' ? 0 : data->output;
++#endif
+ }
+ SYMVER_crypt_r;
+ #endif
+diff --git a/crypt_rn.3 b/crypt_rn.3
+index 24da44cfce19716b..d021c4ed4a046e04 100644
+--- a/crypt_rn.3
++++ b/crypt_rn.3
+@@ -204,17 +204,31 @@ multiple threads simultaneously, as long as a separate
+ object is used for each thread.
+ .PP
+ Upon error,
+-.B crypt
+-and
+-.B crypt_r
+-return a pointer to an
++.BR crypt_r ", " crypt_rn ", and " crypt_ra
++write an
+ .I invalid
+-hashed passphrase.
++hashed passphrase to the
++.I output
++field of their
++.I crypt_data
++object, and
++.B crypt
++writes an invalid hash to its static storage area.
+ This string will be shorter than 13 characters,
+ will begin with a \(oq\fB*\fR\(cq,
+ and will not compare equal to
+ .IR setting .
+-(This peculiar behavior is for compatibility
++.PP
++Upon error,
++.BR crypt_rn " and " crypt_ra
++return a null pointer.
++.BR crypt_r " and " crypt
++may also return a null pointer,
++or they may return a pointer to the invalid hash,
++depending on how
++.I libcrypt
++was configured.
++(The option to return the invalid hash is for compatibility
+ with old applications that assume that
+ .B crypt
+ cannot return a null pointer.
+@@ -222,15 +236,6 @@ See
+ .B "PORTABILITY NOTES"
+ below.)
+ .PP
+-.B crypt_rn
+-and
+-.B crypt_ra
+-also write an invalid hashed passphrase to the
+-.I output
+-field of their
+-.I crypt_data
+-object when they fail, but they return a null pointer.
+-.PP
+ All four functions set
+ .I errno
+ when they fail.
+diff --git a/test-badsalt.c b/test-badsalt.c
+index b2743373628b1f3f..3d2e47ac0e7647bd 100644
+--- a/test-badsalt.c
++++ b/test-badsalt.c
+@@ -222,12 +222,28 @@ check_crypt (const char *label, const char *fn,
+              const char *retval, const char *setting,
+              bool expected_to_succeed)
+ {
+-  /* crypt/crypt_r should never return null */
++#if ENABLE_FAILURE_TOKENS
++  /* crypt/crypt_r never return null when failure tokens are enabled */
+   if (!retval)
+     {
+       printf ("FAIL: %s/%s/%s: returned NULL\n", label, setting, fn);
+       return false;
+     }
++#else
++  if (expected_to_succeed && !retval)
++    {
++      printf ("FAIL: %s/%s/%s: returned NULL\n", label, setting, fn);
++      return false;
++    }
++  else if (!expected_to_succeed && retval)
++    {
++      printf ("FAIL: %s/%s/%s: returned %p, should be NULL\n",
++              label, setting, fn, (const void *)retval);
++      return false;
++    }
++  else if (!expected_to_succeed && !retval)
++    return true;
++#endif
+   if (!check_results (label, fn, retval, setting,
+                       expected_to_succeed))
+     return false;
+diff --git a/test-crypt-badargs.c b/test-crypt-badargs.c
+index 0e6af1626a605086..6be24a99ca7f9015 100644
+--- a/test-crypt-badargs.c
++++ b/test-crypt-badargs.c
+@@ -169,6 +169,14 @@ test_crypt_ra (const char *tag,
+   check (tag, expect, got);
+ }
+ 
++#if ENABLE_FAILURE_TOKENS
++# define FT0 "*0"
++# define FT1 "*1"
++#else
++# define FT0 0
++# define FT1 0
++#endif
++
+ /* PAGE should point to PAGESIZE bytes of read-write memory followed
+    by another PAGESIZE bytes of inaccessible memory.  */
+ 
+@@ -187,55 +195,55 @@ do_tests(char *page, size_t pagesize)
+   size_t i;
+ 
+   /* When SETTING is null, it shouldn't matter what PHRASE is.  */
+-  expect_no_fault ("0.0.crypt",    0,  0, "*0", test_crypt);
+-  expect_no_fault ("0.0.crypt_r",  0,  0, "*0", test_crypt_r);
++  expect_no_fault ("0.0.crypt",    0,  0, FT0, test_crypt);
++  expect_no_fault ("0.0.crypt_r",  0,  0, FT0, test_crypt_r);
+   expect_no_fault ("0.0.crypt_rn", 0,  0, 0,    test_crypt_rn);
+   expect_no_fault ("0.0.crypt_ra", 0,  0, 0,    test_crypt_ra);
+ 
+-  expect_no_fault ("''.0.crypt",    "", 0, "*0", test_crypt);
+-  expect_no_fault ("''.0.crypt_r",  "", 0, "*0", test_crypt_r);
++  expect_no_fault ("''.0.crypt",    "", 0, FT0, test_crypt);
++  expect_no_fault ("''.0.crypt_r",  "", 0, FT0, test_crypt_r);
+   expect_no_fault ("''.0.crypt_rn", "", 0, 0,    test_crypt_rn);
+   expect_no_fault ("''.0.crypt_ra", "", 0, 0,    test_crypt_ra);
+ 
+-  expect_no_fault ("ph.0.crypt",    phrase, 0, "*0", test_crypt);
+-  expect_no_fault ("ph.0.crypt_r",  phrase, 0, "*0", test_crypt_r);
++  expect_no_fault ("ph.0.crypt",    phrase, 0, FT0, test_crypt);
++  expect_no_fault ("ph.0.crypt_r",  phrase, 0, FT0, test_crypt_r);
+   expect_no_fault ("ph.0.crypt_rn", phrase, 0, 0,    test_crypt_rn);
+   expect_no_fault ("ph.0.crypt_ra", phrase, 0, 0,    test_crypt_ra);
+ 
+-  expect_no_fault ("p1.0.crypt",    p1, 0, "*0", test_crypt);
+-  expect_no_fault ("p1.0.crypt_r",  p1, 0, "*0", test_crypt_r);
++  expect_no_fault ("p1.0.crypt",    p1, 0, FT0, test_crypt);
++  expect_no_fault ("p1.0.crypt_r",  p1, 0, FT0, test_crypt_r);
+   expect_no_fault ("p1.0.crypt_rn", p1, 0, 0,    test_crypt_rn);
+   expect_no_fault ("p1.0.crypt_ra", p1, 0, 0,    test_crypt_ra);
+ 
+-  expect_no_fault ("p2.0.crypt",    p2, 0, "*0", test_crypt);
+-  expect_no_fault ("p2.0.crypt_r",  p2, 0, "*0", test_crypt_r);
++  expect_no_fault ("p2.0.crypt",    p2, 0, FT0, test_crypt);
++  expect_no_fault ("p2.0.crypt_r",  p2, 0, FT0, test_crypt_r);
+   expect_no_fault ("p2.0.crypt_rn", p2, 0, 0,    test_crypt_rn);
+   expect_no_fault ("p2.0.crypt_ra", p2, 0, 0,    test_crypt_ra);
+ 
+   /* Conversely, when PHRASE is null,
+      it shouldn't matter what SETTING is...  */
+-  expect_no_fault ("0.''.crypt",    0, "", "*0", test_crypt);
+-  expect_no_fault ("0.''.crypt_r",  0, "", "*0", test_crypt_r);
++  expect_no_fault ("0.''.crypt",    0, "", FT0,  test_crypt);
++  expect_no_fault ("0.''.crypt_r",  0, "", FT0,  test_crypt_r);
+   expect_no_fault ("0.''.crypt_rn", 0, "", 0,    test_crypt_rn);
+   expect_no_fault ("0.''.crypt_ra", 0, "", 0,    test_crypt_ra);
+ 
+-  expect_no_fault ("0.'*'.crypt",    0, "*", "*0", test_crypt);
+-  expect_no_fault ("0.'*'.crypt_r",  0, "*", "*0", test_crypt_r);
++  expect_no_fault ("0.'*'.crypt",    0, "*", FT0,  test_crypt);
++  expect_no_fault ("0.'*'.crypt_r",  0, "*", FT0,  test_crypt_r);
+   expect_no_fault ("0.'*'.crypt_rn", 0, "*", 0,    test_crypt_rn);
+   expect_no_fault ("0.'*'.crypt_ra", 0, "*", 0,    test_crypt_ra);
+ 
+-  expect_no_fault ("0.'*0'.crypt",    0, "*0", "*1", test_crypt);
+-  expect_no_fault ("0.'*0'.crypt_r",  0, "*0", "*1", test_crypt_r);
++  expect_no_fault ("0.'*0'.crypt",    0, "*0", FT1,  test_crypt);
++  expect_no_fault ("0.'*0'.crypt_r",  0, "*0", FT1,  test_crypt_r);
+   expect_no_fault ("0.'*0'.crypt_rn", 0, "*0", 0,    test_crypt_rn);
+   expect_no_fault ("0.'*0'.crypt_ra", 0, "*0", 0,    test_crypt_ra);
+ 
+-  expect_no_fault ("0.'*1'.crypt",    0, "*1", "*0", test_crypt);
+-  expect_no_fault ("0.'*1'.crypt_r",  0, "*1", "*0", test_crypt_r);
++  expect_no_fault ("0.'*1'.crypt",    0, "*1", FT0,  test_crypt);
++  expect_no_fault ("0.'*1'.crypt_r",  0, "*1", FT0,  test_crypt_r);
+   expect_no_fault ("0.'*1'.crypt_rn", 0, "*1", 0,    test_crypt_rn);
+   expect_no_fault ("0.'*1'.crypt_ra", 0, "*1", 0,    test_crypt_ra);
+ 
+-  expect_no_fault ("0.p1.crypt",    0, p1, "*0", test_crypt);
+-  expect_no_fault ("0.p1.crypt_r",  0, p1, "*0", test_crypt_r);
++  expect_no_fault ("0.p1.crypt",    0, p1, FT0,  test_crypt);
++  expect_no_fault ("0.p1.crypt_r",  0, p1, FT0,  test_crypt_r);
+   expect_no_fault ("0.p1.crypt_rn", 0, p1, 0,    test_crypt_rn);
+   expect_no_fault ("0.p1.crypt_ra", 0, p1, 0,    test_crypt_ra);
+ 
+@@ -245,8 +253,8 @@ do_tests(char *page, size_t pagesize)
+      bug, but it's impractical to fix without breaking the property
+      that 'crypt' _never_ creates a failure token that is equal to the
+      setting string, which is more important than this corner case.  */
+-  expect_a_fault ("0.p2.crypt",    0, p2, "*0", test_crypt);
+-  expect_a_fault ("0.p2.crypt_r",  0, p2, "*0", test_crypt_r);
++  expect_a_fault ("0.p2.crypt",    0, p2, FT0,  test_crypt);
++  expect_a_fault ("0.p2.crypt_r",  0, p2, FT0,  test_crypt_r);
+   expect_a_fault ("0.p2.crypt_rn", 0, p2, 0,    test_crypt_rn);
+   expect_a_fault ("0.p2.crypt_ra", 0, p2, 0,    test_crypt_ra);
+ 
+@@ -257,9 +265,9 @@ do_tests(char *page, size_t pagesize)
+       strcpy (page, "p1.'");
+       strcat (page, settings[i]);
+       strcat (page, "'.crypt");
+-      expect_a_fault (page, p1, settings[i], "*0", test_crypt);
++      expect_a_fault (page, p1, settings[i], FT0,  test_crypt);
+       strcat (page, "_r");
+-      expect_a_fault (page, p1, settings[i], "*0", test_crypt_r);
++      expect_a_fault (page, p1, settings[i], FT0,  test_crypt_r);
+       strcat (page, "n");
+       expect_a_fault (page, p1, settings[i], 0,    test_crypt_rn);
+       page [strlen (page) - 1] = 'a';
+@@ -268,9 +276,9 @@ do_tests(char *page, size_t pagesize)
+       strcpy (page, "p2.'");
+       strcat (page, settings[i]);
+       strcat (page, "'.crypt");
+-      expect_a_fault (page, p2, settings[i], "*0", test_crypt);
++      expect_a_fault (page, p2, settings[i], FT0,  test_crypt);
+       strcat (page, "_r");
+-      expect_a_fault (page, p2, settings[i], "*0", test_crypt_r);
++      expect_a_fault (page, p2, settings[i], FT0,  test_crypt_r);
+       strcat (page, "n");
+       expect_a_fault (page, p2, settings[i], 0,    test_crypt_rn);
+       page [strlen (page) - 1] = 'a';
+@@ -279,8 +287,8 @@ do_tests(char *page, size_t pagesize)
+ 
+   /* Conversely, when PHRASE is valid, passing an invalid string as SETTING
+      should crash reliably.  */
+-  expect_a_fault ("ph.p2.crypt",    phrase, p2, "*0", test_crypt);
+-  expect_a_fault ("ph.p2.crypt_r",  phrase, p2, "*0", test_crypt_r);
++  expect_a_fault ("ph.p2.crypt",    phrase, p2, FT0,  test_crypt);
++  expect_a_fault ("ph.p2.crypt_r",  phrase, p2, FT0,  test_crypt_r);
+   expect_a_fault ("ph.p2.crypt_rn", phrase, p2, 0,    test_crypt_rn);
+   expect_a_fault ("ph.p2.crypt_ra", phrase, p2, 0,    test_crypt_ra);
+ 
+@@ -292,9 +300,9 @@ do_tests(char *page, size_t pagesize)
+       strcpy (page, "ph.'");
+       strcat (page, settings[i]);
+       strcat (page, ".crypt");
+-      expect_a_fault (page, phrase, p1, "*0", test_crypt);
++      expect_a_fault (page, phrase, p1, FT0, test_crypt);
+       strcat (page, "_r");
+-      expect_a_fault (page, phrase, p1, "*0", test_crypt_r);
++      expect_a_fault (page, phrase, p1, FT0, test_crypt_r);
+       strcat (page, "n");
+       expect_a_fault (page, phrase, p1, 0,    test_crypt_rn);
+       page [strlen (page) - 1] = 'a';
+diff --git a/test-crypt-bcrypt.c b/test-crypt-bcrypt.c
+index c984e4d47d8df2c6..bf149b405bd408c7 100644
+--- a/test-crypt-bcrypt.c
++++ b/test-crypt-bcrypt.c
+@@ -194,8 +194,12 @@ main (void)
+       errno = 0;
+       p = crypt (key, setting);
+       errnm = errno;
++#if ENABLE_FAILURE_TOKENS
+       match = strcmp (p, hash);
+-      if ((!ok && !errno) || strcmp (p, hash))
++#else
++      match = (ok ? strcmp (p, hash) : p != 0);
++#endif
++      if ((!ok && !errno) || match)
+         {
+           printf ("FAIL: %d/crypt.1: key=%s setting=%s: xhash=%s xerr=%d, "
+                   "p=%s match=%d err=%s\n",

libxcrypt.spec

@@ -0,0 +1,268 @@
+# Shared object version of libcrypt.
+%global soc 1
+%global sol 1
+%global sof 0
+%global sov %{soc}.%{sol}.%{sof}
+
+# Add generation of HMAC checksums of the final stripped
+# binaries.  %%define with lazy globbing is used here
+# intentionally, because using %%global does not work.
+%define __spec_install_post                                 \
+%{?__debug_package:%{__debug_install_post}}                 \
+%{__arch_install_post}                                      \
+%{__os_install_post}                                        \
+%{_bindir}/fipshmac %{buildroot}/%{_lib}/libcrypt.so.%{sov} \
+%{__ln_s} .libcrypt.so.%{sov}.hmac                          \\\
+  %{buildroot}/%{_lib}/.libcrypt.so.%{soc}.hmac             \
+%{nil}
+
+
+Name:           libxcrypt
+Version:        4.1.1
+Release:        6%{?dist}
+Summary:        Extended crypt library for DES, MD5, Blowfish and others
+
+# For explicit license breakdown, see the
+# LICENSING file in the source tarball.
+License:        LGPLv2+ and BSD and Public Domain
+URL:            https://github.com/besser82/%{name}
+Source0:        %{url}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Patch1: libxcrypt-rh1612157.patch
+Patch2: libxcrypt-rh1613537.patch
+# fix for salt interoperability issue: https://github.com/besser82/libxcrypt/pull/106
+Patch3: libxcrypt-rh1899716.patch
+
+BuildRequires:  fipscheck
+BuildRequires:  libtool
+
+Requires:       glibc%{_isa}          >= 2.26.9000-46
+
+# We do not need to keep this forever.
+%if 0%{?fedora} && 0%{?fedora} <= 31
+# Inherited from former libcrypt package.
+Obsoletes:      libcrypt-nss          <= 2.26.9000-33
+
+# Obsolete former libcrypt properly.
+Obsoletes:      libcrypt              <= 2.26.9000-46
+
+# Provide virtual libcrypt as it has been done
+# by former libcrypt{,-nss} packages from glibc.
+Provides:       libcrypt              == 2.26.9000-46.1
+Provides:       libcrypt%{?_isa}      == 2.26.9000-46.1
+%endif
+
+%description
+libxcrypt is a modern library for one-way hashing of passwords.  It
+supports DES, MD5, SHA-2-256, SHA-2-512, and bcrypt-based password
+hashes, and provides the traditional Unix 'crypt' and 'crypt_r'
+interfaces, as well as a set of extended interfaces pioneered by
+Openwall Linux, 'crypt_rn', 'crypt_ra', 'crypt_gensalt',
+'crypt_gensalt_rn', and 'crypt_gensalt_ra'.
+
+libxcrypt is intended to be used by login(1), passwd(1), and other
+similar programs; that is, to hash a small number of passwords during
+an interactive authentication dialogue with a human.  It is not
+suitable for use in bulk password-cracking applications, or in any
+other situation where speed is more important than careful handling of
+sensitive data.  However, it *is* intended to be fast and lightweight
+enough for use in servers that must field thousands of login attempts
+per minute.
+
+On Linux-based systems, by default libxcrypt will be binary backward
+compatible with the libcrypt.so.1 shipped as part of the GNU C Library.
+This means that all existing binary executables linked against glibc's
+libcrypt should work unmodified with this library's libcrypt.so.1.  We
+have taken pains to provide exactly the same "symbol versions" as were
+used by glibc on various CPU architectures, and to account for the
+variety of ways in which the Openwall extensions were patched into
+glibc's libcrypt by some Linux distributions.  (For instance,
+compatibility symlinks for SuSE's "libowcrypt" are provided.)
+
+However, the converse is not true: programs linked against libxcrypt
+will not work with glibc's libcrypt.  Also, programs that use certain
+legacy APIs supplied by glibc's libcrypt ('encrypt', 'encrypt_r',
+'setkey', 'setkey_r', and 'fcrypt') cannot be compiled against libxcrypt.
+
+
+%package        devel
+Summary:        Development files for %{name}
+
+Requires:       %{name}%{?_isa}       == %{version}-%{release}
+Requires:       glibc-devel%{?_isa}   >= 2.26.9000-46
+Requires:       glibc-headers%{?_isa} >= 2.26.9000-46
+Conflicts:	man-pages < 4.15-3
+
+%description    devel
+The %{name}-devel package contains libraries and header files for
+developing applications that use %{name}.
+
+
+%package        static
+Summary:        Static library for -static linking with %{name}
+
+Requires:       %{name}-devel%{?_isa} == %{version}-%{release}
+Requires:       glibc-static%{?_isa}  >= 2.26.9000-46
+
+%description    static
+This package contains the libxcrypt static libraries for -static
+linking.  You don't need this, unless you link statically, which
+is highly discouraged.
+
+
+%prep
+%autosetup -p 1
+%{_bindir}/autoreconf -fiv
+
+
+%build
+%configure                     \
+  --libdir=/%{_lib}            \
+  --disable-silent-rules       \
+  --enable-shared              \
+  --enable-static              \
+  --disable-failure-tokens     \
+  --enable-hashes=all          \
+  --enable-obsolete-api=glibc  \
+  --with-pkgconfigdir=%{_libdir}/pkgconfig
+%make_build
+
+
+%install
+%make_install
+
+# Get rid of libtool crap.
+%{_bindir}/find %{buildroot} -name '*.la' -print -delete
+
+# Install documentation to shared %%_pkgdocdir.
+%{__install} -Dpm 0644 -t %{buildroot}%{_pkgdocdir} \
+  ChangeLog NEWS README THANKS TODO
+
+
+%check
+%make_build check || \
+  {
+    rc=$?;
+    echo "-----BEGIN TESTLOG-----";
+    %{__cat} test-suite.log;
+    echo "-----END TESTLOG-----";
+    exit $rc;
+  }
+
+
+%ldconfig_scriptlets
+
+
+%files
+%license AUTHORS COPYING.LIB LICENSING
+%doc %dir %{_pkgdocdir}
+%doc %{_pkgdocdir}/NEWS
+%doc %{_pkgdocdir}/README
+%doc %{_pkgdocdir}/THANKS
+/%{_lib}/.libcrypt.so.%{soc}.hmac
+/%{_lib}/.libcrypt.so.%{sov}.hmac
+/%{_lib}/libcrypt.so.%{soc}
+/%{_lib}/libcrypt.so.%{sov}
+%{_mandir}/man5/crypt.5.*
+
+
+%files          devel
+%doc %{_pkgdocdir}/ChangeLog
+%doc %{_pkgdocdir}/TODO
+/%{_lib}/libcrypt.so
+%{_includedir}/crypt.h
+%{_libdir}/pkgconfig/libcrypt.pc
+%{_libdir}/pkgconfig/%{name}.pc
+%{_mandir}/man3/crypt.3.*
+%{_mandir}/man3/crypt_r.3.*
+%{_mandir}/man3/crypt_ra.3.*
+%{_mandir}/man3/crypt_rn.3.*
+%{_mandir}/man3/crypt_gensalt.3.*
+
+%files          static
+/%{_lib}/libcrypt.a
+
+
+%changelog
+* Thu Apr 29 2021 Stanislav Zidek <szidek@redhat.com> - 4.1.1-6
++ libxcrypt-4.1.1-6
+- Rebuilt with fixed binutils (#1954438)
+
+* Wed Apr  7 2021 Stanislav Zidek <szidek@redhat.com> - 4.1.1-5
+- Fixed salt interoperability issue (#1899716)
+
+* Wed Aug  8 2018 Florian Weimer <fweimer@redhat.com> - 4.1.1-4
+- Move development panpages to libxcrypt-devel (#1613824)
+
+* Wed Aug  8 2018 Florian Weimer <fweimer@redhat.com> - 4.1.1-3
+- Change crypt, crypt_r to return NULL on failure (#1613537)
+
+* Wed Aug  8 2018 Florian Weimer <fweimer@redhat.com> - 4.1.1-2
+- Add manpages aliases for crypt, crypt_r, crypt_ra (#1612157)
+
+* Wed Aug 01 2018 Björn Esser <besser82@fedoraproject.org> - 4.1.1-1
+- New upstream release
+
+* Fri Jul 13 2018 Björn Esser <besser82@fedoraproject.org> - 4.1.0-1
+- New upstream release
+
+* Fri Jul 13 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.1-6
+- Make testsuite fail on error again
+- Update patch0 with more upstream fixes
+
+* Fri Jul 13 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.1-5
+- Add patch to update to recent development branch
+- Re-enable SUNMD5 support as it is BSD licensed now
+- Build compatibility symbols for glibc only
+- Skip failing testsuite once
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Fri Jun 29 2018 Florian Weimer <fweimer@redhat.com> - 4.0.1-3
+- Remove CDDL from license list (#1592445)
+
+* Fri Jun 29 2018 Florian Weimer <fweimer@redhat.com> - 4.0.1-2
+- Remove SUNMD5 support (#1592445)
+
+* Wed May 16 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.1-1
+- New upstream release
+
+* Sat Feb 17 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-5
+- Switch to %%ldconfig_scriptlets
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.0-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Thu Feb 01 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-3
+- Add patch to fix unintialize value in badsalt test
+
+* Wed Jan 31 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-2
+- Add patch to fix bcrypt test with GCC8
+
+* Sat Jan 27 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-1
+- New upstream release
+
+* Mon Jan 22 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.0.0-0.204.20180120git3436e7b
+- Fix Obsoletes
+
+* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.203.20180120git3436e7b
+- Update to new snapshot fixing cast-align
+
+* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.202.20180120gitde99d27
+- Update to new snapshot (rhbz#1536752)
+
+* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.201.20171109git15447aa
+- Use archful Obsoletes for libcrypt
+- Add versioned Requires on glibc packages not shipping libcrypt
+- Add comments about the packaging logic for replacing former libcrypt
+
+* Fri Jan 12 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.200.20171109git15447aa
+- Initial import (rhbz#1532794)
+- Add Obsoletes/Provides for libcrypt
+
+* Wed Jan 10 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.101.20171109git15447aa
+- Fix style of %%git_{rel,ver}
+
+* Tue Jan 09 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.100.git20171109.15447aa
+- Initial rpm release (rhbz#1532794)
+- Start revision at 0.100 to superseed builds from COPR

sources

@@ -0,0 +1 @@
+SHA512 (libxcrypt-4.1.1.tar.gz) = 64f9453ffd0128e65dbafb981e5ee0e20eb1dcabae6290053a9ad30a071e37c8f970c83d2c58c61bddc7f3793af2e32344260cbfc9a69af8beca0b1650e44dff