rpms/libxcrypt
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8s
Branches Tags
rpms:c8s
rpms:c9s
rpms:c10s
rpms:c9
rpms:c9-beta
rpms:c8
rpms:c8-beta
rpms:imports/c10s/libxcrypt-4.4.36-10.el10
rpms:imports/c10s/libxcrypt-4.4.36-9.el10
rpms:imports/c9/libxcrypt-4.4.18-3.el9
rpms:imports/c9-beta/libxcrypt-4.4.18-3.el9
rpms:imports/c8/libxcrypt-4.1.1-6.el8
rpms:imports/c8-beta/libxcrypt-4.1.1-6.el8
rpms:imports/c8-beta/libxcrypt-4.1.1-4.el8
rpms:imports/c8/libxcrypt-4.1.1-4.el8
rpms:imports/c8s/libxcrypt-4.1.1-6.el8
rpms:imports/c8s/libxcrypt-4.1.1-5.el8
...
pull from: rpms:c10s
Branches Tags
rpms:c9s
rpms:c10s
rpms:c8s
rpms:c9
rpms:c9-beta
rpms:c8
rpms:c8-beta
rpms:imports/c10s/libxcrypt-4.4.36-10.el10
rpms:imports/c10s/libxcrypt-4.4.36-9.el10
rpms:imports/c9/libxcrypt-4.4.18-3.el9
rpms:imports/c9-beta/libxcrypt-4.4.18-3.el9
rpms:imports/c8/libxcrypt-4.1.1-6.el8
rpms:imports/c8-beta/libxcrypt-4.1.1-6.el8
rpms:imports/c8-beta/libxcrypt-4.1.1-4.el8
rpms:imports/c8/libxcrypt-4.1.1-4.el8
rpms:imports/c8s/libxcrypt-4.1.1-6.el8
rpms:imports/c8s/libxcrypt-4.1.1-5.el8

No commits in common. "c8s" and "c10s" have entirely different histories.
c8s ... c10s

14 changed files with 964 additions and 1586 deletions
Show Stats Expand all files Collapse all files

1
.fmf/version Normal file
View File

@ -0,0 +1 @@
1

6
.gitignore vendored
View File

@ -1 +1,5 @@
/libxcrypt-*.tar.*
/libxcrypt-*/
/libxcrypt-*.rpm
/libxcrypt-*.tar.xz
/libxcrypt-gpgkey.gpg
/results_libxcrypt/

43
.packit.yaml Normal file
View File

@ -0,0 +1,43 @@
specfile_path: libxcrypt.spec
synced_files:
- libxcrypt.spec
- .packit.yaml
upstream_package_name: libxcrypt
upstream_project_url: https://github.com/besser82/libxcrypt
upstream_tag_template: v{version}
downstream_package_name: libxcrypt
dist_git_namespace: rpms
create_pr: True
actions:
post-upstream-clone: "wget https://src.fedoraproject.org/rpms/libxcrypt/raw/main/f/libxcrypt.spec -O libxcrypt.spec"
jobs:
- job: copr_build
trigger: pull_request
metadata:
list_on_homepage: False
targets:
- fedora-all-aarch64
- fedora-all-i386
- fedora-all-x86_64
- fedora-development-s390x
- job: copr_build
trigger: commit
metadata:
branch: develop
list_on_homepage: False
targets:
- fedora-all-aarch64
- fedora-all-i386
- fedora-all-x86_64
- fedora-development-s390x
- job: propose_downstream
trigger: release
metadata:
dist_git_branches:
- main

1
ci.fmf Normal file
View File

@ -0,0 +1 @@
resultsdb-testcase: separate

7
gating.yaml
View File

@ -1,8 +1,7 @@
# recipients: glibc-bugzilla
--- !Policy
product_versions:
- rhel-8
- rhel-10
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-disabled-buildroot-enabled.functional}
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-disabled-buildroot-disabled.functional}

16
libxcrypt-4.4.36.tar.xz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEZ4zj/uQwMRWW24wW9S6YAHWUwh0FAmSlr0UACgkQ9S6YAHWU
wh0/Pg/+M0zxkElg/2YPCFNeSo+zsVjGozdnPF4DvISk54+owXULo2fkx7VW15LC
4DcvKKg3p+6bCz1rdOnJbzSfNiO3d7VS1mGNOECWUTF4q3eiXhgDy5QrHbZfDaqR
DohWDNJPY1RwTfMf8qhtnTukjutnNpUdPJHV5wavJsBr8mLQ6qBXTsgfORJsfGi0
cz+GTn3IZX/xcMvbFx9VrY/ixzYZZMFOmy+00T2yURlA/A5XjNPldTDRYVBtYUre
Phiox3Oz9BRh65hnLjPFIYvMrjAGnOxl2lWfHK6Mdu46QV7qB7nGryOSbr4OHvN8
YpukVexz5YlSM09ws9AHqUzf4nn2fo+M1v9YftrLYa0vKM5oUW5+nJp2oRm+q2WW
UYy7J60rM7Rg8HvpAXriIbyOz758xSA3dwSMAVFrY9mLZdCipBfdAD9xNIysaWTo
ockJ13TYzK6m8F8aL3tYGT/7M1IbdUMqGa7wPEkg5bkb0IGOI45yH4VN4AbU3h4v
ZZrMNkMNl84Y3rYgq2QcqoMf9Wg/dv9zuXpkF0COipk4qxiEiBZlebFSAZEX1LSO
6O5AlUtHb9Mue7CTv61dV//C7l2/TOADsvWN4dBqQzioPx+uH4wJAdEY6afeePAR
GniSzdtbuszlVcd7E8sqN/DFofhOBBXrX6QpJkapMTnfoKDL3SQ=
=wTDU
-----END PGP SIGNATURE-----

2
libxcrypt-4.4.36.tar.xz.sha256sum Normal file
View File

@ -0,0 +1,2 @@
e5e1f4caee0a01de2aee26e3138807d6d3ca2b8e67287966d1fefd65e1fd8943 libxcrypt-4.4.36.tar.xz
04f2985349a027dd544806b2b6888402fbfd71322c210a94271e1e02f46fbf74 libxcrypt-4.4.36.tar.xz.asc

35
libxcrypt-configure-c99.patch Normal file
View File

@ -0,0 +1,35 @@
Author: Florian Weimer <fweimer@redhat.com>
Date: Tue Dec 19 11:00:11 2023 +0100
configure: Only text the makecontext signature we need
The test/explicit-bzero.c test uses a start routine without any
arguments. There is no need for the multi-argument version.
This avoids a build failure with glibc and future compilers.
The GNU C library declares the makecontext callback of
type void (*) (void), so no cast is needed. On other systems,
the type may be the (currently distinct) type void (*) (),
but given that this only affects the ability to execute a test,
no further machinery is added here to detect that different type.
Submitted upstream: <https://github.com/besser82/libxcrypt/pull/178>
diff --git a/configure.ac b/configure.ac
index 35965b3b20466f71..ecc71b02b8c9752f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -303,13 +303,11 @@ AS_IF([test $ac_cv_header_ucontext_h = yes],
#include <ucontext.h>
static int x;
static void fn1(void) {}
-static void fn2(int a, int b) { x = a - b; }
]], [[
ucontext_t uc1, uc2;
if (getcontext(&uc1)) return 1;
if (setcontext(&uc1)) return 1;
makecontext(&uc1, fn1, 0);
- makecontext(&uc2, fn2, 2, 1, 1);
if (swapcontext(&uc1, &uc2)) return 1;
return x;
]])],

67
libxcrypt-rh1612157.patch
View File

@ -1,67 +0,0 @@
commit cc1806e214b89403152c2c53932d8d0b8aeb1e91
Author: Björn Esser <besser82@fedoraproject.org>
Date: Sat Aug 4 13:02:03 2018 +0200
Add alias man-pages for other crypt functions.
diff --git a/Makefile.am b/Makefile.am
index 201dea53313e7054..1ea36121d085b55d 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -15,7 +15,8 @@ EXTRA_DIST = \
gen-map.awk gen-vers.awk gen-crypt-h.awk \
gen-hashes.awk sel-hashes.awk hashes.lst
-notrans_dist_man3_MANS = crypt_rn.3 crypt_gensalt.3
+notrans_dist_man3_MANS = crypt.3 crypt_r.3 crypt_ra.3 \
+ crypt_rn.3 crypt_gensalt.3
notrans_dist_man5_MANS = crypt.5
nodist_include_HEADERS = crypt.h
diff --git a/crypt.3 b/crypt.3
new file mode 100644
index 0000000000000000..430e48f320d6e8af
--- /dev/null
+++ b/crypt.3
@@ -0,0 +1 @@
+.so man3/crypt_rn.3
diff --git a/crypt.5 b/crypt.5
index 5db9c923cbd66e55..7fe46091f192b114 100644
--- a/crypt.5
+++ b/crypt.5
@@ -279,6 +279,8 @@ that will work on an old operating system that supports nothing else.
.hash "$3$" "\e$3\e$\e$[0-9a-f]{32}" unlimited 8 256 256 0 1
.SH SEE ALSO
.BR crypt (3),
+.BR crypt_r (3),
+.BR crypt_ra (3),
.BR crypt_rn (3),
.BR crypt_gensalt (3),
.BR getpwent (3),
diff --git a/crypt_gensalt.3 b/crypt_gensalt.3
index ebfff28db79a3c53..31097400e5cd2080 100644
--- a/crypt_gensalt.3
+++ b/crypt_gensalt.3
@@ -223,6 +223,8 @@ T} Thread safety MT-Safe
.SH SEE ALSO
.ad l
.BR crypt (3),
+.BR crypt_r (3),
+.BR crypt_ra (3),
.BR crypt_rn (3),
.BR getpass (3),
.BR getpwent (3),
diff --git a/crypt_r.3 b/crypt_r.3
new file mode 100644
index 0000000000000000..430e48f320d6e8af
--- /dev/null
+++ b/crypt_r.3
@@ -0,0 +1 @@
+.so man3/crypt_rn.3
diff --git a/crypt_ra.3 b/crypt_ra.3
new file mode 100644
index 0000000000000000..430e48f320d6e8af
--- /dev/null
+++ b/crypt_ra.3
@@ -0,0 +1 @@
+.so man3/crypt_rn.3

320
libxcrypt-rh1613537.patch
View File

@ -1,320 +0,0 @@
commit 8596e298f761c32cecff45424f5242cd14269292
Author: Zack Weinberg <zackw@panix.com>
Date: Tue Aug 7 21:35:12 2018 -0400
Add configure option --disable-failure-tokens.
When this option is given, crypt and crypt_r will return NULL on
failure, instead of a special "failure token" string that isn't the
hash of any passphrase. This was the historical behavior of glibc,
FreeBSD libc, and several other implementations.
diff --git a/configure.ac b/configure.ac
index a22a5926bd82f729..23651f9c5c886107 100644
--- a/configure.ac
+++ b/configure.ac
@@ -152,6 +152,25 @@ AC_CHECK_FUNCS_ONCE([
])
# Configure options.
+AC_ARG_ENABLE([failure-tokens],
+ AS_HELP_STRING(
+ [--disable-failure-tokens],
+ [Make crypt and crypt_r return NULL on failure, instead of a
+ special "failure token" string that isn't the hash of any
+ passphrase. This matches the behavior of several other
+ crypt implementations, but will break programs that assume these
+ functions never return NULL. crypt_rn and crypt_ra are not affected
+ by this option, and will always return NULL on failure.]
+ ),
+ [case "$enableval" in
+ yes) enable_failure_tokens=1;;
+ no) enable_failure_tokens=0;;
+ *) AC_MSG_ERROR([bad value ${enableval} for --enable-failure-tokens]);;
+ esac],
+ [enable_failure_tokens=1])
+AC_DEFINE_UNQUOTED([ENABLE_FAILURE_TOKENS], [$enable_failure_tokens],
+ [Define to 1 if crypt and crypt_r should return a "failure token" on
+ failure, or 0 if they should return NULL.])
AC_ARG_ENABLE([obsolete-api],
AS_HELP_STRING(
diff --git a/crypt.c b/crypt.c
index 9a3e19214e613097..839763afad14eaa9 100644
--- a/crypt.c
+++ b/crypt.c
@@ -235,7 +235,11 @@ crypt_r (const char *phrase, const char *setting, struct crypt_data *data)
{
make_failure_token (setting, data->output, sizeof data->output);
do_crypt (phrase, setting, data);
+#if ENABLE_FAILURE_TOKENS
return data->output;
+#else
+ return data->output[0] == '*' ? 0 : data->output;
+#endif
}
SYMVER_crypt_r;
#endif
diff --git a/crypt_rn.3 b/crypt_rn.3
index 24da44cfce19716b..d021c4ed4a046e04 100644
--- a/crypt_rn.3
+++ b/crypt_rn.3
@@ -204,17 +204,31 @@ multiple threads simultaneously, as long as a separate
object is used for each thread.
.PP
Upon error,
-.B crypt
-and
-.B crypt_r
-return a pointer to an
+.BR crypt_r ", " crypt_rn ", and " crypt_ra
+write an
.I invalid
-hashed passphrase.
+hashed passphrase to the
+.I output
+field of their
+.I crypt_data
+object, and
+.B crypt
+writes an invalid hash to its static storage area.
This string will be shorter than 13 characters,
will begin with a \(oq\fB*\fR\(cq,
and will not compare equal to
.IR setting .
-(This peculiar behavior is for compatibility
+.PP
+Upon error,
+.BR crypt_rn " and " crypt_ra
+return a null pointer.
+.BR crypt_r " and " crypt
+may also return a null pointer,
+or they may return a pointer to the invalid hash,
+depending on how
+.I libcrypt
+was configured.
+(The option to return the invalid hash is for compatibility
with old applications that assume that
.B crypt
cannot return a null pointer.
@@ -222,15 +236,6 @@ See
.B "PORTABILITY NOTES"
below.)
.PP
-.B crypt_rn
-and
-.B crypt_ra
-also write an invalid hashed passphrase to the
-.I output
-field of their
-.I crypt_data
-object when they fail, but they return a null pointer.
-.PP
All four functions set
.I errno
when they fail.
diff --git a/test-badsalt.c b/test-badsalt.c
index b2743373628b1f3f..3d2e47ac0e7647bd 100644
--- a/test-badsalt.c
+++ b/test-badsalt.c
@@ -222,12 +222,28 @@ check_crypt (const char *label, const char *fn,
const char *retval, const char *setting,
bool expected_to_succeed)
{
- /* crypt/crypt_r should never return null */
+#if ENABLE_FAILURE_TOKENS
+ /* crypt/crypt_r never return null when failure tokens are enabled */
if (!retval)
{
printf ("FAIL: %s/%s/%s: returned NULL\n", label, setting, fn);
return false;
}
+#else
+ if (expected_to_succeed && !retval)
+ {
+ printf ("FAIL: %s/%s/%s: returned NULL\n", label, setting, fn);
+ return false;
+ }
+ else if (!expected_to_succeed && retval)
+ {
+ printf ("FAIL: %s/%s/%s: returned %p, should be NULL\n",
+ label, setting, fn, (const void *)retval);
+ return false;
+ }
+ else if (!expected_to_succeed && !retval)
+ return true;
+#endif
if (!check_results (label, fn, retval, setting,
expected_to_succeed))
return false;
diff --git a/test-crypt-badargs.c b/test-crypt-badargs.c
index 0e6af1626a605086..6be24a99ca7f9015 100644
--- a/test-crypt-badargs.c
+++ b/test-crypt-badargs.c
@@ -169,6 +169,14 @@ test_crypt_ra (const char *tag,
check (tag, expect, got);
}
+#if ENABLE_FAILURE_TOKENS
+# define FT0 "*0"
+# define FT1 "*1"
+#else
+# define FT0 0
+# define FT1 0
+#endif
+
/* PAGE should point to PAGESIZE bytes of read-write memory followed
by another PAGESIZE bytes of inaccessible memory. */
@@ -187,55 +195,55 @@ do_tests(char *page, size_t pagesize)
size_t i;
/* When SETTING is null, it shouldn't matter what PHRASE is. */
- expect_no_fault ("0.0.crypt", 0, 0, "*0", test_crypt);
- expect_no_fault ("0.0.crypt_r", 0, 0, "*0", test_crypt_r);
+ expect_no_fault ("0.0.crypt", 0, 0, FT0, test_crypt);
+ expect_no_fault ("0.0.crypt_r", 0, 0, FT0, test_crypt_r);
expect_no_fault ("0.0.crypt_rn", 0, 0, 0, test_crypt_rn);
expect_no_fault ("0.0.crypt_ra", 0, 0, 0, test_crypt_ra);
- expect_no_fault ("''.0.crypt", "", 0, "*0", test_crypt);
- expect_no_fault ("''.0.crypt_r", "", 0, "*0", test_crypt_r);
+ expect_no_fault ("''.0.crypt", "", 0, FT0, test_crypt);
+ expect_no_fault ("''.0.crypt_r", "", 0, FT0, test_crypt_r);
expect_no_fault ("''.0.crypt_rn", "", 0, 0, test_crypt_rn);
expect_no_fault ("''.0.crypt_ra", "", 0, 0, test_crypt_ra);
- expect_no_fault ("ph.0.crypt", phrase, 0, "*0", test_crypt);
- expect_no_fault ("ph.0.crypt_r", phrase, 0, "*0", test_crypt_r);
+ expect_no_fault ("ph.0.crypt", phrase, 0, FT0, test_crypt);
+ expect_no_fault ("ph.0.crypt_r", phrase, 0, FT0, test_crypt_r);
expect_no_fault ("ph.0.crypt_rn", phrase, 0, 0, test_crypt_rn);
expect_no_fault ("ph.0.crypt_ra", phrase, 0, 0, test_crypt_ra);
- expect_no_fault ("p1.0.crypt", p1, 0, "*0", test_crypt);
- expect_no_fault ("p1.0.crypt_r", p1, 0, "*0", test_crypt_r);
+ expect_no_fault ("p1.0.crypt", p1, 0, FT0, test_crypt);
+ expect_no_fault ("p1.0.crypt_r", p1, 0, FT0, test_crypt_r);
expect_no_fault ("p1.0.crypt_rn", p1, 0, 0, test_crypt_rn);
expect_no_fault ("p1.0.crypt_ra", p1, 0, 0, test_crypt_ra);
- expect_no_fault ("p2.0.crypt", p2, 0, "*0", test_crypt);
- expect_no_fault ("p2.0.crypt_r", p2, 0, "*0", test_crypt_r);
+ expect_no_fault ("p2.0.crypt", p2, 0, FT0, test_crypt);
+ expect_no_fault ("p2.0.crypt_r", p2, 0, FT0, test_crypt_r);
expect_no_fault ("p2.0.crypt_rn", p2, 0, 0, test_crypt_rn);
expect_no_fault ("p2.0.crypt_ra", p2, 0, 0, test_crypt_ra);
/* Conversely, when PHRASE is null,
it shouldn't matter what SETTING is... */
- expect_no_fault ("0.''.crypt", 0, "", "*0", test_crypt);
- expect_no_fault ("0.''.crypt_r", 0, "", "*0", test_crypt_r);
+ expect_no_fault ("0.''.crypt", 0, "", FT0, test_crypt);
+ expect_no_fault ("0.''.crypt_r", 0, "", FT0, test_crypt_r);
expect_no_fault ("0.''.crypt_rn", 0, "", 0, test_crypt_rn);
expect_no_fault ("0.''.crypt_ra", 0, "", 0, test_crypt_ra);
- expect_no_fault ("0.'*'.crypt", 0, "*", "*0", test_crypt);
- expect_no_fault ("0.'*'.crypt_r", 0, "*", "*0", test_crypt_r);
+ expect_no_fault ("0.'*'.crypt", 0, "*", FT0, test_crypt);
+ expect_no_fault ("0.'*'.crypt_r", 0, "*", FT0, test_crypt_r);
expect_no_fault ("0.'*'.crypt_rn", 0, "*", 0, test_crypt_rn);
expect_no_fault ("0.'*'.crypt_ra", 0, "*", 0, test_crypt_ra);
- expect_no_fault ("0.'*0'.crypt", 0, "*0", "*1", test_crypt);
- expect_no_fault ("0.'*0'.crypt_r", 0, "*0", "*1", test_crypt_r);
+ expect_no_fault ("0.'*0'.crypt", 0, "*0", FT1, test_crypt);
+ expect_no_fault ("0.'*0'.crypt_r", 0, "*0", FT1, test_crypt_r);
expect_no_fault ("0.'*0'.crypt_rn", 0, "*0", 0, test_crypt_rn);
expect_no_fault ("0.'*0'.crypt_ra", 0, "*0", 0, test_crypt_ra);
- expect_no_fault ("0.'*1'.crypt", 0, "*1", "*0", test_crypt);
- expect_no_fault ("0.'*1'.crypt_r", 0, "*1", "*0", test_crypt_r);
+ expect_no_fault ("0.'*1'.crypt", 0, "*1", FT0, test_crypt);
+ expect_no_fault ("0.'*1'.crypt_r", 0, "*1", FT0, test_crypt_r);
expect_no_fault ("0.'*1'.crypt_rn", 0, "*1", 0, test_crypt_rn);
expect_no_fault ("0.'*1'.crypt_ra", 0, "*1", 0, test_crypt_ra);
- expect_no_fault ("0.p1.crypt", 0, p1, "*0", test_crypt);
- expect_no_fault ("0.p1.crypt_r", 0, p1, "*0", test_crypt_r);
+ expect_no_fault ("0.p1.crypt", 0, p1, FT0, test_crypt);
+ expect_no_fault ("0.p1.crypt_r", 0, p1, FT0, test_crypt_r);
expect_no_fault ("0.p1.crypt_rn", 0, p1, 0, test_crypt_rn);
expect_no_fault ("0.p1.crypt_ra", 0, p1, 0, test_crypt_ra);
@@ -245,8 +253,8 @@ do_tests(char *page, size_t pagesize)
bug, but it's impractical to fix without breaking the property
that 'crypt' _never_ creates a failure token that is equal to the
setting string, which is more important than this corner case. */
- expect_a_fault ("0.p2.crypt", 0, p2, "*0", test_crypt);
- expect_a_fault ("0.p2.crypt_r", 0, p2, "*0", test_crypt_r);
+ expect_a_fault ("0.p2.crypt", 0, p2, FT0, test_crypt);
+ expect_a_fault ("0.p2.crypt_r", 0, p2, FT0, test_crypt_r);
expect_a_fault ("0.p2.crypt_rn", 0, p2, 0, test_crypt_rn);
expect_a_fault ("0.p2.crypt_ra", 0, p2, 0, test_crypt_ra);
@@ -257,9 +265,9 @@ do_tests(char *page, size_t pagesize)
strcpy (page, "p1.'");
strcat (page, settings[i]);
strcat (page, "'.crypt");
- expect_a_fault (page, p1, settings[i], "*0", test_crypt);
+ expect_a_fault (page, p1, settings[i], FT0, test_crypt);
strcat (page, "_r");
- expect_a_fault (page, p1, settings[i], "*0", test_crypt_r);
+ expect_a_fault (page, p1, settings[i], FT0, test_crypt_r);
strcat (page, "n");
expect_a_fault (page, p1, settings[i], 0, test_crypt_rn);
page [strlen (page) - 1] = 'a';
@@ -268,9 +276,9 @@ do_tests(char *page, size_t pagesize)
strcpy (page, "p2.'");
strcat (page, settings[i]);
strcat (page, "'.crypt");
- expect_a_fault (page, p2, settings[i], "*0", test_crypt);
+ expect_a_fault (page, p2, settings[i], FT0, test_crypt);
strcat (page, "_r");
- expect_a_fault (page, p2, settings[i], "*0", test_crypt_r);
+ expect_a_fault (page, p2, settings[i], FT0, test_crypt_r);
strcat (page, "n");
expect_a_fault (page, p2, settings[i], 0, test_crypt_rn);
page [strlen (page) - 1] = 'a';
@@ -279,8 +287,8 @@ do_tests(char *page, size_t pagesize)
/* Conversely, when PHRASE is valid, passing an invalid string as SETTING
should crash reliably. */
- expect_a_fault ("ph.p2.crypt", phrase, p2, "*0", test_crypt);
- expect_a_fault ("ph.p2.crypt_r", phrase, p2, "*0", test_crypt_r);
+ expect_a_fault ("ph.p2.crypt", phrase, p2, FT0, test_crypt);
+ expect_a_fault ("ph.p2.crypt_r", phrase, p2, FT0, test_crypt_r);
expect_a_fault ("ph.p2.crypt_rn", phrase, p2, 0, test_crypt_rn);
expect_a_fault ("ph.p2.crypt_ra", phrase, p2, 0, test_crypt_ra);
@@ -292,9 +300,9 @@ do_tests(char *page, size_t pagesize)
strcpy (page, "ph.'");
strcat (page, settings[i]);
strcat (page, ".crypt");
- expect_a_fault (page, phrase, p1, "*0", test_crypt);
+ expect_a_fault (page, phrase, p1, FT0, test_crypt);
strcat (page, "_r");
- expect_a_fault (page, phrase, p1, "*0", test_crypt_r);
+ expect_a_fault (page, phrase, p1, FT0, test_crypt_r);
strcat (page, "n");
expect_a_fault (page, phrase, p1, 0, test_crypt_rn);
page [strlen (page) - 1] = 'a';
diff --git a/test-crypt-bcrypt.c b/test-crypt-bcrypt.c
index c984e4d47d8df2c6..bf149b405bd408c7 100644
--- a/test-crypt-bcrypt.c
+++ b/test-crypt-bcrypt.c
@@ -194,8 +194,12 @@ main (void)
errno = 0;
p = crypt (key, setting);
errnm = errno;
+#if ENABLE_FAILURE_TOKENS
match = strcmp (p, hash);
- if ((!ok && !errno) || strcmp (p, hash))
+#else
+ match = (ok ? strcmp (p, hash) : p != 0);
+#endif
+ if ((!ok && !errno) || match)
{
printf ("FAIL: %d/crypt.1: key=%s setting=%s: xhash=%s xerr=%d, "
"p=%s match=%d err=%s\n",

1035
libxcrypt-rh1899716.patch
View File

File diff suppressed because it is too large Load Diff

991
libxcrypt.spec
View File

File diff suppressed because it is too large Load Diff

23
plans/ci.fmf Normal file
View File

@ -0,0 +1,23 @@
/fips-disabled-buildroot-disabled:
plan:
import:
url: https://pkgs.devel.redhat.com/git/tests/libxcrypt
name: /plans/ci/fips-disabled-buildroot-disabled
/fips-disabled-buildroot-enabled:
plan:
import:
url: https://pkgs.devel.redhat.com/git/tests/libxcrypt
name: /plans/ci/fips-disabled-buildroot-enabled
/fips-enabled-buildroot-disabled:
plan:
import:
url: https://pkgs.devel.redhat.com/git/tests/libxcrypt
name: /plans/ci/fips-enabled-buildroot-disabled
/fips-enabled-buildroot-enabled:
plan:
import:
url: https://pkgs.devel.redhat.com/git/tests/libxcrypt
name: /plans/ci/fips-enabled-buildroot-enabled

3
sources
View File

@ -1 +1,2 @@
SHA512 (libxcrypt-4.1.1.tar.gz) = 64f9453ffd0128e65dbafb981e5ee0e20eb1dcabae6290053a9ad30a071e37c8f970c83d2c58c61bddc7f3793af2e32344260cbfc9a69af8beca0b1650e44dff
SHA512 (libxcrypt-4.4.36.tar.xz) = 468560e6f90877540d22e32c867cbcf3786983a6fdae6ef86454f4b7f2bbaae1b6589d1af75cda73078fa8f6e91b1a32f8353f26d433246eef7be3e96d4ae1c7
SHA512 (libxcrypt-gpgkey.gpg) = 723ce5d76676e4366959e03850f8814d5b30f8b20a39629f0ccff61bb2b2bef64223fd78e719ad23d7dd272ca6c0177089749f9b508099d56750a8bb466d006c