rpms/libxcrypt
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8s
Branches Tags
rpms:c8s
rpms:c9s
rpms:c10
rpms:c10s
rpms:c9
rpms:c9-beta
rpms:c8
rpms:c8-beta
rpms:imports/c10/libxcrypt-4.4.36-10.el10_0
rpms:imports/c10s/libxcrypt-4.4.36-10.el10
rpms:imports/c10s/libxcrypt-4.4.36-9.el10
rpms:imports/c9/libxcrypt-4.4.18-3.el9
rpms:imports/c9-beta/libxcrypt-4.4.18-3.el9
rpms:imports/c8/libxcrypt-4.1.1-6.el8
rpms:imports/c8-beta/libxcrypt-4.1.1-6.el8
rpms:imports/c8-beta/libxcrypt-4.1.1-4.el8
rpms:imports/c8/libxcrypt-4.1.1-4.el8
rpms:imports/c8s/libxcrypt-4.1.1-6.el8
rpms:imports/c8s/libxcrypt-4.1.1-5.el8
...
pull from: rpms:c9-beta
Branches Tags
rpms:c9s
rpms:c8s
rpms:c10
rpms:c10s
rpms:c9
rpms:c9-beta
rpms:c8
rpms:c8-beta
rpms:imports/c10/libxcrypt-4.4.36-10.el10_0
rpms:imports/c10s/libxcrypt-4.4.36-10.el10
rpms:imports/c10s/libxcrypt-4.4.36-9.el10
rpms:imports/c9/libxcrypt-4.4.18-3.el9
rpms:imports/c9-beta/libxcrypt-4.4.18-3.el9
rpms:imports/c8/libxcrypt-4.1.1-6.el8
rpms:imports/c8-beta/libxcrypt-4.1.1-6.el8
rpms:imports/c8-beta/libxcrypt-4.1.1-4.el8
rpms:imports/c8/libxcrypt-4.1.1-4.el8
rpms:imports/c8s/libxcrypt-4.1.1-6.el8
rpms:imports/c8s/libxcrypt-4.1.1-5.el8

No commits in common. "c8s" and "c9-beta" have entirely different histories.
c8s ... c9-beta

14 changed files with 750 additions and 1730 deletions
Show Stats Expand all files Collapse all files

1
.fmf/version
View File

@ -1 +0,0 @@
1

2
.gitignore vendored
View File

@ -1 +1 @@
/libxcrypt-*.tar.* SOURCES/libxcrypt-4.4.18.tar.gz

1
.libxcrypt.metadata Normal file
View File

@ -0,0 +1 @@
ff71519c631bd39fe8b1aae076f26a992197aefc SOURCES/libxcrypt-4.4.18.tar.gz

3
README.md
View File

@ -1,3 +0,0 @@
# libxcrypt
The libxcrypt package

70
SOURCES/libxcrypt-4.4.17-enable_LTO_build.patch Normal file
View File

@ -0,0 +1,70 @@
From a1bff4255fb9cad501a8a5d4bffb8f95df0f615f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
Date: Thu, 13 Aug 2020 18:51:50 +0200
Subject: [PATCH] crypt-port: Add the bits for compiling with link-time
optimization.
GCC 10.2 and LLVM/Clang 10 offer initial support for building
libraries, that are using symbol versioning features, with LTO.
To make use of this with GCC 10.2, the exported versioned symbols
need to be declared explicitly with __attribute__((symver (...))).
LLVM/Clang 10 supports symbol versioning with LTO out of the box
without any changes needed.
Fixes #24.
---
lib/crypt-port.h | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/lib/crypt-port.h b/lib/crypt-port.h
index bec36ac..ca86261 100644
--- a/lib/crypt-port.h
+++ b/lib/crypt-port.h
@@ -179,11 +179,29 @@ _crypt_strcpy_or_abort (void *, const size_t, const void *);
# define _strong_alias(name, aliasname) \
extern __typeof (name) aliasname __THROW __attribute__ ((alias (#name)))
+/* Starting with GCC 10.2, we can use the symver attribute, which also works
+ with link-time optimization enabled. */
+# if __GNUC__ > 10 || (__GNUC__ == 10 && __GNUC_MINOR__ >= 2)
+
+/* Referencing specific _compatibility_ symbols still needs inline asm. */
+# define _symver_ref(extstr, intname, version) \
+ __asm__ (".symver " #intname "," extstr "@" #version)
+
+/* Set the symbol version for EXTNAME, which uses INTNAME as its
+ implementation. */
+# define symver_set(extstr, intname, version, mode) \
+ extern __typeof (intname) intname __THROW \
+ __attribute__((symver (extstr mode #version)))
+
+# else
+
/* Set the symbol version for EXTNAME, which uses INTNAME as its
implementation. */
# define symver_set(extstr, intname, version, mode) \
__asm__ (".symver " #intname "," extstr mode #version)
+# endif
+
#else
# error "Don't know how to do symbol versioning with this compiler"
#endif
@@ -239,9 +257,14 @@ _crypt_strcpy_or_abort (void *, const size_t, const void *);
/* Tests may need to _refer_ to compatibility symbols, but should never need
to _define_ them. */
-
#define symver_ref(extstr, intname, version) \
+ _symver_ref(extstr, intname, version)
+
+/* Generic way for referencing specific _compatibility_ symbols. */
+#ifndef _symver_ref
+#define _symver_ref(extstr, intname, version) \
symver_set(extstr, intname, version, "@")
+#endif
/* Define configuration macros used during compile-time by the
GOST R 34.11-2012 "Streebog" hash function. */

678
SPECS/libxcrypt.spec Normal file
View File

@ -0,0 +1,678 @@
# Build with new api?
%if 0%{?fedora} >= 30 || 0%{?rhel} >= 9
%bcond_without new_api
%else
%bcond_with new_api
%endif
# Build the compat package?
%if !(0%{?fedora} >= 999 || 0%{?rhel} >= 99) && %{with new_api}
%bcond_without compat_pkg
%else
%bcond_with compat_pkg
%endif
# Replace obsolete functions with a stub?
%if (0%{?fedora} >= 30 || 0%{?rhel} >= 9) && %{with compat_pkg}
%bcond_without enosys_stubs
%else
%bcond_with enosys_stubs
%endif
# Build the static library?
%bcond_without staticlib
# Shared object version of libcrypt.
%if %{with new_api}
%global soc 2
%global sol 0
%global sof 0
%global sov %{soc}.%{sol}.%{sof}
%else
%global soc 1
%global sol 1
%global sof 0
%global sov %{soc}.%{sol}.%{sof}
%endif
%if %{with compat_pkg}
%global csoc 1
%global csol 1
%global csof 0
%global csov %{csoc}.%{csol}.%{csof}
%endif
# First version of glibc built without libcrypt.
%global glibc_minver 2.27
# The libxcrypt-devel package conflicts with out-dated manuals
# shipped with the man-pages packages *before* this EVR.
%global man_pages_minver 4.15-3
# Hash methods and API supported by libcrypt.
# NEVER EVER touch this, if you do NOT know what you are doing!
%global hash_methods all
%if %{with new_api}
%global obsolete_api no
%else
%global obsolete_api glibc
%endif
%if %{with compat_pkg}
%global compat_methods all
%global compat_api glibc
%endif
# Do we replace the obsolete API functions with stubs?
%if %{with enosys_stubs}
%global enosys_stubs yes
%else
%global enosys_stubs no
%endif
# Needed for the distribution README file.
%if 0%{?fedora}
%global distname .fedora
%else
%if 0%{?rhel}
%global distname .rhel
%else
%global distname .distribution
%endif
%endif
# Needed for out-of-tree builds.
%global _configure "$(realpath ../configure)"
# Common configure options.
%global common_configure_options \\\
--disable-failure-tokens \\\
--disable-silent-rules \\\
--enable-shared \\\
%if %{with staticlib} \
--enable-static \\\
%else \
--disable-static \\\
%endif \
--disable-valgrind \\\
--srcdir=$(realpath ..) \\\
--with-pkgconfigdir=%{_libdir}/pkgconfig
# Macros for shorthand.
%global _fipsdir %{_libdir}/fipscheck
# Add generation of HMAC checksums of the final stripped
# binaries. %%define with lazy globbing is used here
# intentionally, because using %%global does not work.
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
libdir="%{buildroot}%{_libdir}" \
fipsdir="$libdir/fipscheck" \
mkdir -p $fipsdir \
fipshmac -d $fipsdir \\\
$libdir/libcrypt.so.%{sov} \
ln -s libcrypt.so.%{sov}.hmac \\\
$fipsdir/libcrypt.so.%{soc}.hmac \
if [[ %{with staticlib} == 1 ]]; then \
fipshmac -d $fipsdir \\\
$libdir/libcrypt.a \
if [[ %{without new_api} == 1 ]]; then \
ln -s .libcrypt.a.hmac \\\
$fipsdir/libxcrypt.a.hmac \
fi \
fi \
if [[ %{with compat_pkg} == 1 ]]; then \
fipshmac -d $fipsdir \\\
$libdir/libcrypt.so.%{csov} \
ln -s libcrypt.so.%{csov}.hmac \\\
$fipsdir/libcrypt.so.%{csoc}.hmac \
fi \
%{nil}
# Fail linking if there are undefined symbols.
# Required for proper ELF symbol versioning support.
%global _ld_strict_symbol_defs 1
Name: libxcrypt
Version: 4.4.18
Release: 3%{?dist}
Summary: Extended crypt library for descrypt, md5crypt, bcrypt, and others
# For explicit license breakdown, see the
# LICENSING file in the source tarball.
License: LGPLv2+ and BSD and Public Domain
URL: https://github.com/besser82/%{name}
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
# Patch 0000 - 2999: Backported patches from upstream.
# Patch 3000 - 5999: Backported patches from pull requests.
Patch3000: libxcrypt-4.4.17-enable_LTO_build.patch
# Patch 6000 - 9999: Downstream patches.
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: fipscheck
BuildRequires: gcc
BuildRequires: glibc-devel >= %{glibc_minver}
BuildRequires: libtool
BuildRequires: make
BuildRequires: perl-core
# We do not need to keep this forever.
%if !(0%{?fedora} > 31 || 0%{?rhel} > 10)
# Inherited from former libcrypt package.
Obsoletes: libcrypt-nss < %{glibc_minver}
Provides: libcrypt-nss = %{glibc_minver}
Provides: libcrypt-nss%{?_isa} = %{glibc_minver}
# Obsolete former libcrypt properly and provide a virtual libcrypt
# package as it has been done by the former packages, which were
# built by glibc before.
Obsoletes: libcrypt < %{glibc_minver}
Provides: libcrypt = %{glibc_minver}
Provides: libcrypt%{?_isa} = %{glibc_minver}
# Obsolete former libxcrypt-common properly.
Obsoletes: %{name}-common < 4.3.3-4
Provides: %{name}-common = %{version}-%{release}
%endif
%if %{with new_api} && %{without compat_pkg}
Obsoletes: %{name}-compat < %{version}-%{release}
%endif
# We need a version of glibc, that doesn't build libcrypt anymore.
Requires: glibc%{?_isa} >= %{glibc_minver}
%if 0%{?fedora} >= 30
Recommends: mkpasswd
%endif
%description
libxcrypt is a modern library for one-way hashing of passwords. It
supports a wide variety of both modern and historical hashing methods:
yescrypt, gost-yescrypt, scrypt, bcrypt, sha512crypt, sha256crypt,
md5crypt, SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt, and descrypt.
It provides the traditional Unix crypt and crypt_r interfaces, as well
as a set of extended interfaces pioneered by Openwall Linux, crypt_rn,
crypt_ra, crypt_gensalt, crypt_gensalt_rn, and crypt_gensalt_ra.
libxcrypt is intended to be used by login(1), passwd(1), and other
similar programs; that is, to hash a small number of passwords during
an interactive authentication dialogue with a human. It is not suitable
for use in bulk password-cracking applications, or in any other situation
where speed is more important than careful handling of sensitive data.
However, it is intended to be fast and lightweight enough for use in
servers that must field thousands of login attempts per minute.
%if %{with new_api}
This version of the library does not provide the legacy API functions
that have been provided by glibc's libcrypt.so.1.
%endif
%if %{with compat_pkg}
%package compat
Summary: Compatibility library providing legacy API functions
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: glibc%{?_isa} >= %{glibc_minver}
%description compat
This package contains the library providing the compatibility API
for applications that are linked against glibc's libxcrypt, or that
are still using the unsafe and deprecated, encrypt, encrypt_r,
setkey, setkey_r, and fcrypt functions, which are still required by
recent versions of POSIX, the Single UNIX Specification, and various
other standards.
All existing binary executables linked against glibc's libcrypt should
work unmodified with the library supplied by this package.
%endif
%package devel
Summary: Development files for %{name}
Conflicts: man-pages < %{man_pages_minver}
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: glibc-devel%{?_isa} >= %{glibc_minver}
%description devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.
%if %{with staticlib}
%package static
Summary: Static library for -static linking with %{name}
Requires: %{name}-devel%{?_isa} = %{version}-%{release}
Requires: glibc-devel%{?_isa} >= %{glibc_minver}
Requires: glibc-static%{?_isa} >= %{glibc_minver}
%description static
This package contains the libxcrypt static library for -static
linking.
You don't need this, unless you link statically, which is highly
discouraged.
%endif
%prep
%autosetup -p 1
$(realpath ./autogen.sh)
%if %{with new_api}
cat << EOF >> README%{distname}
This version of the %{name} package ships the libcrypt.so.2
library and does not provide the legacy API functions that have
been provided by glibc's libcrypt.so.1. The removed functions
by name are encrypt, encrypt_r, setkey, setkey_r, and fcrypt.
%if %{with compat_pkg}
If you are using a third-party application that links against
those functions, or that is linked against glibc's libcrypt,
you may need to install the %{name}-compat package manually.
All existing binary executables linked against glibc's libcrypt
should work unmodified with the libcrypt.so.1 library supplied
by the %{name}-compat package.
%endif
EOF
%endif
%if %{with enosys_stubs}
cat << EOF >> README.posix
This version of the libcrypt.so.1 library has entirely removed
the functionality of the encrypt, encrypt_r, setkey, setkey_r,
and fcrypt functions, while keeping fully binary compatibility
with existing (third-party) applications possibly still using
those funtions. If such an application attemps to call one of
these functions, the corresponding function will indicate that
it is not supported by the system in a POSIX-compliant way.
For security reasons, the encrypt and encrypt_r functions will
also overwrite their data-block argument with random bits.
All existing binary executables linked against glibc's libcrypt
should work unmodified with the provided version of the
libcrypt.so.1 library in place.
EOF
%endif
%if %{with staticlib}
cat << EOF >> README.static
Applications that use certain legacy APIs supplied by glibcs
libcrypt (encrypt, encrypt_r, setkey, setkey_r, and fcrypt)
cannot be compiled nor linked against the supplied build of
the object files provided in the static library libcrypt.a.
EOF
%endif
%build
mkdir -p %{_vpath_builddir}
# Build the default system library.
pushd %{_vpath_builddir}
%configure \
%{common_configure_options} \
--enable-hashes=%{hash_methods} \
--enable-obsolete-api=%{obsolete_api} \
%if %{with new_api}
--enable-obsolete-api-enosys=%{obsolete_api}
%else
--enable-obsolete-api-enosys=%{enosys_stubs}
%endif
%make_build
popd
%if %{with compat_pkg}
mkdir -p %{_vpath_builddir}-compat
# Build the compatibility library.
pushd %{_vpath_builddir}-compat
%configure \
%{common_configure_options} \
--enable-hashes=%{compat_methods} \
--enable-obsolete-api=%{compat_api} \
--enable-obsolete-api-enosys=%{enosys_stubs}
%make_build
popd
%endif
%install
%if %{with compat_pkg}
# Install the compatibility library.
%make_install -C %{_vpath_builddir}-compat
# Cleanup everything we do not need from the compatibility library.
find %{buildroot} -xtype f -not -name 'libcrypt.so.%{csoc}*' -delete -print
find %{buildroot} -type l -not -name 'libcrypt.so.%{csoc}*' -delete -print
%endif
# Install the default system library.
%make_install -C %{_vpath_builddir}
# Get rid of libtool crap.
find %{buildroot} -name '*.la' -delete -print
# Install documentation to shared %%_pkgdocdir.
install -Dpm 0644 -t %{buildroot}%{_pkgdocdir} \
ChangeLog NEWS README* THANKS TODO
# Drop README.md as it is identical to README.
rm -f %{buildroot}%{_pkgdocdir}/README.md
%check
build_dirs="%{_vpath_builddir}"
%if %{with compat_pkg}
build_dirs="${build_dirs} %{_vpath_builddir}-compat"
%endif
for dir in ${build_dirs}; do
%make_build -C ${dir} check || \
{
rc=$?;
echo "-----BEGIN TESTLOG: ${dir}-----";
cat ${dir}/test-suite.log;
echo "-----END TESTLOG: ${dir}-----";
exit $rc;
}
done
%ldconfig_scriptlets
%if %{with compat_pkg}
%ldconfig_scriptlets compat
%endif
%files
%dir %{_fipsdir}
%doc %dir %{_pkgdocdir}
%doc %{_pkgdocdir}/NEWS
%doc %{_pkgdocdir}/README
%if %{with new_api}
%doc %{_pkgdocdir}/README%{distname}
%endif
%if %{with enosys_stubs} && %{without compat_pkg}
%doc %{_pkgdocdir}/README.posix
%endif
%doc %{_pkgdocdir}/THANKS
%license AUTHORS COPYING.LIB LICENSING
%{_fipsdir}/libcrypt.so.%{soc}.hmac
%{_fipsdir}/libcrypt.so.%{sov}.hmac
%{_libdir}/libcrypt.so.%{soc}
%{_libdir}/libcrypt.so.%{sov}
%{_mandir}/man5/crypt.5*
%if %{with compat_pkg}
%files compat
%dir %{_fipsdir}
%if %{with enosys_stubs}
%doc %{_pkgdocdir}/README.posix
%endif
%{_fipsdir}/libcrypt.so.%{csoc}.hmac
%{_fipsdir}/libcrypt.so.%{csov}.hmac
%{_libdir}/libcrypt.so.%{csoc}
%{_libdir}/libcrypt.so.%{csov}
%endif
%files devel
%doc %{_pkgdocdir}/ChangeLog
%doc %{_pkgdocdir}/TODO
%{_libdir}/libcrypt.so
%if %{without new_api}
%{_libdir}/libxcrypt.so
%endif
%{_includedir}/crypt.h
%if %{without new_api}
%{_includedir}/xcrypt.h
%endif
%{_libdir}/pkgconfig/libcrypt.pc
%{_libdir}/pkgconfig/%{name}.pc
%{_mandir}/man3/crypt.3*
%{_mandir}/man3/crypt_r.3*
%{_mandir}/man3/crypt_ra.3*
%{_mandir}/man3/crypt_rn.3*
%{_mandir}/man3/crypt_checksalt.3*
%{_mandir}/man3/crypt_gensalt.3*
%{_mandir}/man3/crypt_gensalt_ra.3*
%{_mandir}/man3/crypt_gensalt_rn.3*
%{_mandir}/man3/crypt_preferred_method.3*
%if %{with staticlib}
%files static
%dir %{_fipsdir}
%doc %{_pkgdocdir}/README.static
%{_fipsdir}/libcrypt.a.hmac
%if %{without new_api}
%{_fipsdir}/libxcrypt.a.hmac
%endif
%{_libdir}/libcrypt.a
%if %{without new_api}
%{_libdir}/libxcrypt.a
%endif
%endif
%changelog
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4.4.18-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 4.4.18-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Sat Feb 20 2021 Björn Esser <besser82@fedoraproject.org> - 4.4.18-1
- New upstream release
- Add explicit BR: perl-core
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.17-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Sun Aug 23 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.17-1
- New upstream release
* Sat Aug 15 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.16-7
- Add a patch to add support for LTO builds
- Enable LTO
- Add a patch to fix Wformat-overflow
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.16-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Jun 30 2020 Jeff Law <law@redhat.com> - 4.4.16-5
- Disable LTO
* Fri Jun 19 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.16-4
- Trim %%changelog starting with v4.4.0
- Remove memcheck conditional
* Sat Apr 25 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.16-3
- Explicitly force linking with '-Wl,-z,defs'
* Fri Apr 24 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.16-2
- Move fipscheck hmac checksums to %%{_libdir}/fipscheck
* Sat Apr 04 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.16-1
- New upstream release
* Thu Apr 02 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.15-2
- Move library from %%_lib to %%_libdir
* Wed Feb 26 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.15-1
- New upstream release
* Mon Feb 17 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.14-1
- New upstream release
* Sun Feb 16 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.13-1
- New upstream release
* Tue Feb 11 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.12-3
- Add an upstream patch to fix a typo in the documentation
* Wed Feb 05 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.12-2
- Add two upstream patches to resolve minor bugs
* Thu Jan 30 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.12-1
- New upstream release
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Sat Jan 18 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.11-1
- New upstream release
* Sun Dec 15 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.10-2
- Add two upstream patches to fix build with upcoming GCC-10
* Wed Sep 18 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.10-1
- New upstream release
* Sat Sep 07 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.9-1
- New upstream release (#1750010)
* Sun Sep 01 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.8-1
- New upstream release
* Sat Aug 24 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.7-1
- New upstream release
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Jun 24 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.6-2
- Build all hash methods for the compat package
- Add a patch to fix Wformat in crypt-kat.c
* Sun May 05 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.6-1
- New upstream release
* Sat May 04 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.5-1
- New upstream release (#1706419)
- Add patch to remove an unneeded union keyword
- Add patch to make unalignment test really unaligned
* Fri Mar 15 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.4-2
- Change Recommends: whois-mkpasswd to Fedora 30 and later (#1687870)
* Mon Mar 04 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.4-1
- New upstream release
* Tue Feb 19 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.3-10
- Fix versioned requirements on glibc
* Tue Feb 19 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.3-9
- Fix conditional in __spec_install_post
* Tue Feb 19 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.3-8
- Update Obsoletes, Provides, and Requires to glibc 2.27
- Add Recommends: whois-mkpasswd for Fedora
- Optimize installation of the documentation files
- Fix %%description
- Use an absolute path for the configure script and srcdir
* Tue Feb 19 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.3-7
- Add patch to fix the output formatting of a test
* Wed Feb 06 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.3-6
- Always build all supported hash methods
- Drop distcheck at the end of %%check stage
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Jan 30 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.3-4
- Add a README.posix file with information about the stub functions
- Add a README.static file with information about the static library
* Wed Jan 30 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.3-3
- Replace unsafe functions in libxcrypt-compat with stubs (#1670735)
* Thu Jan 24 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.3-2
- Fix and simplify the conditionals for the compat package
- Add an option to replace unsafe functions in the compat lib with a stub
- Add patch to fix another possible format-overflow
* Thu Jan 24 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.3-1
- New upstream release
* Thu Jan 24 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.2-8
- Optimize file removal for compatibility library
* Mon Jan 21 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.2-7
- Add two upstream patches to fix build with GCC 9
* Mon Jan 21 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.2-6
- Add upstream patch to add proper C++-guards in <xcrypt.h>
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.2-5
- Build the compat package with glibc hashing methods only
- Add an option to disable the compat-package for future use
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.2-4
- Bump SO-name for Fedora >= 30 and enable compat package (#1666033)
- Add distribution README file
- Update description of the compat package
- Conditionally remove non-built hashing methods from description
* Sun Dec 23 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.2-3
- Remove architecture bits from Recommends
* Sun Dec 23 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.2-2
- Update summary
* Sat Dec 22 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.2-1
- New upstream release
* Thu Dec 06 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.1-1
- New upstream release
* Tue Dec 04 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.0-5
- Sync -fno-plt patch with upstream commit
* Tue Dec 04 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.0-4
- Backport upstream commit to fix a memory leak from a static pointer
* Tue Dec 04 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.0-3
- Backport upstream PR to build with -fno-plt optimization
* Mon Nov 26 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.0-2
- Backport upstream commit to use a safer strcpy for the NT method
- Backport upstream generating base64 encoded output for NT gensalt
- Backport upstream commit to require less rbytes for NT gensalt
- Backport upstream commit to test incremental hmac-sha256 computation
- Add Recommends: mkpasswd for Fedora >= 30
* Tue Nov 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.0-1
- New upstream release

1
ci.fmf
View File

@ -1 +0,0 @@
resultsdb-testcase: separate

10
gating.yaml
View File

@ -1,10 +0,0 @@
# recipients: glibc-bugzilla
--- !Policy
product_versions:
- rhel-8
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-disabled-buildroot-disabled.functional}
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-disabled-buildroot-enabled.functional}
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-enabled-buildroot-disabled.functional}
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/ci/fips-enabled-buildroot-enabled.functional}

67
libxcrypt-rh1612157.patch
View File

@ -1,67 +0,0 @@
commit cc1806e214b89403152c2c53932d8d0b8aeb1e91
Author: Björn Esser <besser82@fedoraproject.org>
Date: Sat Aug 4 13:02:03 2018 +0200
Add alias man-pages for other crypt functions.
diff --git a/Makefile.am b/Makefile.am
index 201dea53313e7054..1ea36121d085b55d 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -15,7 +15,8 @@ EXTRA_DIST = \
gen-map.awk gen-vers.awk gen-crypt-h.awk \
gen-hashes.awk sel-hashes.awk hashes.lst
-notrans_dist_man3_MANS = crypt_rn.3 crypt_gensalt.3
+notrans_dist_man3_MANS = crypt.3 crypt_r.3 crypt_ra.3 \
+ crypt_rn.3 crypt_gensalt.3
notrans_dist_man5_MANS = crypt.5
nodist_include_HEADERS = crypt.h
diff --git a/crypt.3 b/crypt.3
new file mode 100644
index 0000000000000000..430e48f320d6e8af
--- /dev/null
+++ b/crypt.3
@@ -0,0 +1 @@
+.so man3/crypt_rn.3
diff --git a/crypt.5 b/crypt.5
index 5db9c923cbd66e55..7fe46091f192b114 100644
--- a/crypt.5
+++ b/crypt.5
@@ -279,6 +279,8 @@ that will work on an old operating system that supports nothing else.
.hash "$3$" "\e$3\e$\e$[0-9a-f]{32}" unlimited 8 256 256 0 1
.SH SEE ALSO
.BR crypt (3),
+.BR crypt_r (3),
+.BR crypt_ra (3),
.BR crypt_rn (3),
.BR crypt_gensalt (3),
.BR getpwent (3),
diff --git a/crypt_gensalt.3 b/crypt_gensalt.3
index ebfff28db79a3c53..31097400e5cd2080 100644
--- a/crypt_gensalt.3
+++ b/crypt_gensalt.3
@@ -223,6 +223,8 @@ T} Thread safety MT-Safe
.SH SEE ALSO
.ad l
.BR crypt (3),
+.BR crypt_r (3),
+.BR crypt_ra (3),
.BR crypt_rn (3),
.BR getpass (3),
.BR getpwent (3),
diff --git a/crypt_r.3 b/crypt_r.3
new file mode 100644
index 0000000000000000..430e48f320d6e8af
--- /dev/null
+++ b/crypt_r.3
@@ -0,0 +1 @@
+.so man3/crypt_rn.3
diff --git a/crypt_ra.3 b/crypt_ra.3
new file mode 100644
index 0000000000000000..430e48f320d6e8af
--- /dev/null
+++ b/crypt_ra.3
@@ -0,0 +1 @@
+.so man3/crypt_rn.3

320
libxcrypt-rh1613537.patch
View File

@ -1,320 +0,0 @@
commit 8596e298f761c32cecff45424f5242cd14269292
Author: Zack Weinberg <zackw@panix.com>
Date: Tue Aug 7 21:35:12 2018 -0400
Add configure option --disable-failure-tokens.
When this option is given, crypt and crypt_r will return NULL on
failure, instead of a special "failure token" string that isn't the
hash of any passphrase. This was the historical behavior of glibc,
FreeBSD libc, and several other implementations.
diff --git a/configure.ac b/configure.ac
index a22a5926bd82f729..23651f9c5c886107 100644
--- a/configure.ac
+++ b/configure.ac
@@ -152,6 +152,25 @@ AC_CHECK_FUNCS_ONCE([
])
# Configure options.
+AC_ARG_ENABLE([failure-tokens],
+ AS_HELP_STRING(
+ [--disable-failure-tokens],
+ [Make crypt and crypt_r return NULL on failure, instead of a
+ special "failure token" string that isn't the hash of any
+ passphrase. This matches the behavior of several other
+ crypt implementations, but will break programs that assume these
+ functions never return NULL. crypt_rn and crypt_ra are not affected
+ by this option, and will always return NULL on failure.]
+ ),
+ [case "$enableval" in
+ yes) enable_failure_tokens=1;;
+ no) enable_failure_tokens=0;;
+ *) AC_MSG_ERROR([bad value ${enableval} for --enable-failure-tokens]);;
+ esac],
+ [enable_failure_tokens=1])
+AC_DEFINE_UNQUOTED([ENABLE_FAILURE_TOKENS], [$enable_failure_tokens],
+ [Define to 1 if crypt and crypt_r should return a "failure token" on
+ failure, or 0 if they should return NULL.])
AC_ARG_ENABLE([obsolete-api],
AS_HELP_STRING(
diff --git a/crypt.c b/crypt.c
index 9a3e19214e613097..839763afad14eaa9 100644
--- a/crypt.c
+++ b/crypt.c
@@ -235,7 +235,11 @@ crypt_r (const char *phrase, const char *setting, struct crypt_data *data)
{
make_failure_token (setting, data->output, sizeof data->output);
do_crypt (phrase, setting, data);
+#if ENABLE_FAILURE_TOKENS
return data->output;
+#else
+ return data->output[0] == '*' ? 0 : data->output;
+#endif
}
SYMVER_crypt_r;
#endif
diff --git a/crypt_rn.3 b/crypt_rn.3
index 24da44cfce19716b..d021c4ed4a046e04 100644
--- a/crypt_rn.3
+++ b/crypt_rn.3
@@ -204,17 +204,31 @@ multiple threads simultaneously, as long as a separate
object is used for each thread.
.PP
Upon error,
-.B crypt
-and
-.B crypt_r
-return a pointer to an
+.BR crypt_r ", " crypt_rn ", and " crypt_ra
+write an
.I invalid
-hashed passphrase.
+hashed passphrase to the
+.I output
+field of their
+.I crypt_data
+object, and
+.B crypt
+writes an invalid hash to its static storage area.
This string will be shorter than 13 characters,
will begin with a \(oq\fB*\fR\(cq,
and will not compare equal to
.IR setting .
-(This peculiar behavior is for compatibility
+.PP
+Upon error,
+.BR crypt_rn " and " crypt_ra
+return a null pointer.
+.BR crypt_r " and " crypt
+may also return a null pointer,
+or they may return a pointer to the invalid hash,
+depending on how
+.I libcrypt
+was configured.
+(The option to return the invalid hash is for compatibility
with old applications that assume that
.B crypt
cannot return a null pointer.
@@ -222,15 +236,6 @@ See
.B "PORTABILITY NOTES"
below.)
.PP
-.B crypt_rn
-and
-.B crypt_ra
-also write an invalid hashed passphrase to the
-.I output
-field of their
-.I crypt_data
-object when they fail, but they return a null pointer.
-.PP
All four functions set
.I errno
when they fail.
diff --git a/test-badsalt.c b/test-badsalt.c
index b2743373628b1f3f..3d2e47ac0e7647bd 100644
--- a/test-badsalt.c
+++ b/test-badsalt.c
@@ -222,12 +222,28 @@ check_crypt (const char *label, const char *fn,
const char *retval, const char *setting,
bool expected_to_succeed)
{
- /* crypt/crypt_r should never return null */
+#if ENABLE_FAILURE_TOKENS
+ /* crypt/crypt_r never return null when failure tokens are enabled */
if (!retval)
{
printf ("FAIL: %s/%s/%s: returned NULL\n", label, setting, fn);
return false;
}
+#else
+ if (expected_to_succeed && !retval)
+ {
+ printf ("FAIL: %s/%s/%s: returned NULL\n", label, setting, fn);
+ return false;
+ }
+ else if (!expected_to_succeed && retval)
+ {
+ printf ("FAIL: %s/%s/%s: returned %p, should be NULL\n",
+ label, setting, fn, (const void *)retval);
+ return false;
+ }
+ else if (!expected_to_succeed && !retval)
+ return true;
+#endif
if (!check_results (label, fn, retval, setting,
expected_to_succeed))
return false;
diff --git a/test-crypt-badargs.c b/test-crypt-badargs.c
index 0e6af1626a605086..6be24a99ca7f9015 100644
--- a/test-crypt-badargs.c
+++ b/test-crypt-badargs.c
@@ -169,6 +169,14 @@ test_crypt_ra (const char *tag,
check (tag, expect, got);
}
+#if ENABLE_FAILURE_TOKENS
+# define FT0 "*0"
+# define FT1 "*1"
+#else
+# define FT0 0
+# define FT1 0
+#endif
+
/* PAGE should point to PAGESIZE bytes of read-write memory followed
by another PAGESIZE bytes of inaccessible memory. */
@@ -187,55 +195,55 @@ do_tests(char *page, size_t pagesize)
size_t i;
/* When SETTING is null, it shouldn't matter what PHRASE is. */
- expect_no_fault ("0.0.crypt", 0, 0, "*0", test_crypt);
- expect_no_fault ("0.0.crypt_r", 0, 0, "*0", test_crypt_r);
+ expect_no_fault ("0.0.crypt", 0, 0, FT0, test_crypt);
+ expect_no_fault ("0.0.crypt_r", 0, 0, FT0, test_crypt_r);
expect_no_fault ("0.0.crypt_rn", 0, 0, 0, test_crypt_rn);
expect_no_fault ("0.0.crypt_ra", 0, 0, 0, test_crypt_ra);
- expect_no_fault ("''.0.crypt", "", 0, "*0", test_crypt);
- expect_no_fault ("''.0.crypt_r", "", 0, "*0", test_crypt_r);
+ expect_no_fault ("''.0.crypt", "", 0, FT0, test_crypt);
+ expect_no_fault ("''.0.crypt_r", "", 0, FT0, test_crypt_r);
expect_no_fault ("''.0.crypt_rn", "", 0, 0, test_crypt_rn);
expect_no_fault ("''.0.crypt_ra", "", 0, 0, test_crypt_ra);
- expect_no_fault ("ph.0.crypt", phrase, 0, "*0", test_crypt);
- expect_no_fault ("ph.0.crypt_r", phrase, 0, "*0", test_crypt_r);
+ expect_no_fault ("ph.0.crypt", phrase, 0, FT0, test_crypt);
+ expect_no_fault ("ph.0.crypt_r", phrase, 0, FT0, test_crypt_r);
expect_no_fault ("ph.0.crypt_rn", phrase, 0, 0, test_crypt_rn);
expect_no_fault ("ph.0.crypt_ra", phrase, 0, 0, test_crypt_ra);
- expect_no_fault ("p1.0.crypt", p1, 0, "*0", test_crypt);
- expect_no_fault ("p1.0.crypt_r", p1, 0, "*0", test_crypt_r);
+ expect_no_fault ("p1.0.crypt", p1, 0, FT0, test_crypt);
+ expect_no_fault ("p1.0.crypt_r", p1, 0, FT0, test_crypt_r);
expect_no_fault ("p1.0.crypt_rn", p1, 0, 0, test_crypt_rn);
expect_no_fault ("p1.0.crypt_ra", p1, 0, 0, test_crypt_ra);
- expect_no_fault ("p2.0.crypt", p2, 0, "*0", test_crypt);
- expect_no_fault ("p2.0.crypt_r", p2, 0, "*0", test_crypt_r);
+ expect_no_fault ("p2.0.crypt", p2, 0, FT0, test_crypt);
+ expect_no_fault ("p2.0.crypt_r", p2, 0, FT0, test_crypt_r);
expect_no_fault ("p2.0.crypt_rn", p2, 0, 0, test_crypt_rn);
expect_no_fault ("p2.0.crypt_ra", p2, 0, 0, test_crypt_ra);
/* Conversely, when PHRASE is null,
it shouldn't matter what SETTING is... */
- expect_no_fault ("0.''.crypt", 0, "", "*0", test_crypt);
- expect_no_fault ("0.''.crypt_r", 0, "", "*0", test_crypt_r);
+ expect_no_fault ("0.''.crypt", 0, "", FT0, test_crypt);
+ expect_no_fault ("0.''.crypt_r", 0, "", FT0, test_crypt_r);
expect_no_fault ("0.''.crypt_rn", 0, "", 0, test_crypt_rn);
expect_no_fault ("0.''.crypt_ra", 0, "", 0, test_crypt_ra);
- expect_no_fault ("0.'*'.crypt", 0, "*", "*0", test_crypt);
- expect_no_fault ("0.'*'.crypt_r", 0, "*", "*0", test_crypt_r);
+ expect_no_fault ("0.'*'.crypt", 0, "*", FT0, test_crypt);
+ expect_no_fault ("0.'*'.crypt_r", 0, "*", FT0, test_crypt_r);
expect_no_fault ("0.'*'.crypt_rn", 0, "*", 0, test_crypt_rn);
expect_no_fault ("0.'*'.crypt_ra", 0, "*", 0, test_crypt_ra);
- expect_no_fault ("0.'*0'.crypt", 0, "*0", "*1", test_crypt);
- expect_no_fault ("0.'*0'.crypt_r", 0, "*0", "*1", test_crypt_r);
+ expect_no_fault ("0.'*0'.crypt", 0, "*0", FT1, test_crypt);
+ expect_no_fault ("0.'*0'.crypt_r", 0, "*0", FT1, test_crypt_r);
expect_no_fault ("0.'*0'.crypt_rn", 0, "*0", 0, test_crypt_rn);
expect_no_fault ("0.'*0'.crypt_ra", 0, "*0", 0, test_crypt_ra);
- expect_no_fault ("0.'*1'.crypt", 0, "*1", "*0", test_crypt);
- expect_no_fault ("0.'*1'.crypt_r", 0, "*1", "*0", test_crypt_r);
+ expect_no_fault ("0.'*1'.crypt", 0, "*1", FT0, test_crypt);
+ expect_no_fault ("0.'*1'.crypt_r", 0, "*1", FT0, test_crypt_r);
expect_no_fault ("0.'*1'.crypt_rn", 0, "*1", 0, test_crypt_rn);
expect_no_fault ("0.'*1'.crypt_ra", 0, "*1", 0, test_crypt_ra);
- expect_no_fault ("0.p1.crypt", 0, p1, "*0", test_crypt);
- expect_no_fault ("0.p1.crypt_r", 0, p1, "*0", test_crypt_r);
+ expect_no_fault ("0.p1.crypt", 0, p1, FT0, test_crypt);
+ expect_no_fault ("0.p1.crypt_r", 0, p1, FT0, test_crypt_r);
expect_no_fault ("0.p1.crypt_rn", 0, p1, 0, test_crypt_rn);
expect_no_fault ("0.p1.crypt_ra", 0, p1, 0, test_crypt_ra);
@@ -245,8 +253,8 @@ do_tests(char *page, size_t pagesize)
bug, but it's impractical to fix without breaking the property
that 'crypt' _never_ creates a failure token that is equal to the
setting string, which is more important than this corner case. */
- expect_a_fault ("0.p2.crypt", 0, p2, "*0", test_crypt);
- expect_a_fault ("0.p2.crypt_r", 0, p2, "*0", test_crypt_r);
+ expect_a_fault ("0.p2.crypt", 0, p2, FT0, test_crypt);
+ expect_a_fault ("0.p2.crypt_r", 0, p2, FT0, test_crypt_r);
expect_a_fault ("0.p2.crypt_rn", 0, p2, 0, test_crypt_rn);
expect_a_fault ("0.p2.crypt_ra", 0, p2, 0, test_crypt_ra);
@@ -257,9 +265,9 @@ do_tests(char *page, size_t pagesize)
strcpy (page, "p1.'");
strcat (page, settings[i]);
strcat (page, "'.crypt");
- expect_a_fault (page, p1, settings[i], "*0", test_crypt);
+ expect_a_fault (page, p1, settings[i], FT0, test_crypt);
strcat (page, "_r");
- expect_a_fault (page, p1, settings[i], "*0", test_crypt_r);
+ expect_a_fault (page, p1, settings[i], FT0, test_crypt_r);
strcat (page, "n");
expect_a_fault (page, p1, settings[i], 0, test_crypt_rn);
page [strlen (page) - 1] = 'a';
@@ -268,9 +276,9 @@ do_tests(char *page, size_t pagesize)
strcpy (page, "p2.'");
strcat (page, settings[i]);
strcat (page, "'.crypt");
- expect_a_fault (page, p2, settings[i], "*0", test_crypt);
+ expect_a_fault (page, p2, settings[i], FT0, test_crypt);
strcat (page, "_r");
- expect_a_fault (page, p2, settings[i], "*0", test_crypt_r);
+ expect_a_fault (page, p2, settings[i], FT0, test_crypt_r);
strcat (page, "n");
expect_a_fault (page, p2, settings[i], 0, test_crypt_rn);
page [strlen (page) - 1] = 'a';
@@ -279,8 +287,8 @@ do_tests(char *page, size_t pagesize)
/* Conversely, when PHRASE is valid, passing an invalid string as SETTING
should crash reliably. */
- expect_a_fault ("ph.p2.crypt", phrase, p2, "*0", test_crypt);
- expect_a_fault ("ph.p2.crypt_r", phrase, p2, "*0", test_crypt_r);
+ expect_a_fault ("ph.p2.crypt", phrase, p2, FT0, test_crypt);
+ expect_a_fault ("ph.p2.crypt_r", phrase, p2, FT0, test_crypt_r);
expect_a_fault ("ph.p2.crypt_rn", phrase, p2, 0, test_crypt_rn);
expect_a_fault ("ph.p2.crypt_ra", phrase, p2, 0, test_crypt_ra);
@@ -292,9 +300,9 @@ do_tests(char *page, size_t pagesize)
strcpy (page, "ph.'");
strcat (page, settings[i]);
strcat (page, ".crypt");
- expect_a_fault (page, phrase, p1, "*0", test_crypt);
+ expect_a_fault (page, phrase, p1, FT0, test_crypt);
strcat (page, "_r");
- expect_a_fault (page, phrase, p1, "*0", test_crypt_r);
+ expect_a_fault (page, phrase, p1, FT0, test_crypt_r);
strcat (page, "n");
expect_a_fault (page, phrase, p1, 0, test_crypt_rn);
page [strlen (page) - 1] = 'a';
diff --git a/test-crypt-bcrypt.c b/test-crypt-bcrypt.c
index c984e4d47d8df2c6..bf149b405bd408c7 100644
--- a/test-crypt-bcrypt.c
+++ b/test-crypt-bcrypt.c
@@ -194,8 +194,12 @@ main (void)
errno = 0;
p = crypt (key, setting);
errnm = errno;
+#if ENABLE_FAILURE_TOKENS
match = strcmp (p, hash);
- if ((!ok && !errno) || strcmp (p, hash))
+#else
+ match = (ok ? strcmp (p, hash) : p != 0);
+#endif
+ if ((!ok && !errno) || match)
{
printf ("FAIL: %d/crypt.1: key=%s setting=%s: xhash=%s xerr=%d, "
"p=%s match=%d err=%s\n",

1035
libxcrypt-rh1899716.patch
View File

File diff suppressed because it is too large Load Diff

268
libxcrypt.spec
View File

@ -1,268 +0,0 @@
# Shared object version of libcrypt.
%global soc 1
%global sol 1
%global sof 0
%global sov %{soc}.%{sol}.%{sof}
# Add generation of HMAC checksums of the final stripped
# binaries. %%define with lazy globbing is used here
# intentionally, because using %%global does not work.
%define __spec_install_post \
%{?__debug_package:%{__debug_install_post}} \
%{__arch_install_post} \
%{__os_install_post} \
%{_bindir}/fipshmac %{buildroot}/%{_lib}/libcrypt.so.%{sov} \
%{__ln_s} .libcrypt.so.%{sov}.hmac \\\
%{buildroot}/%{_lib}/.libcrypt.so.%{soc}.hmac \
%{nil}
Name: libxcrypt
Version: 4.1.1
Release: 6%{?dist}
Summary: Extended crypt library for DES, MD5, Blowfish and others
# For explicit license breakdown, see the
# LICENSING file in the source tarball.
License: LGPLv2+ and BSD and Public Domain
URL: https://github.com/besser82/%{name}
Source0: %{url}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Patch1: libxcrypt-rh1612157.patch
Patch2: libxcrypt-rh1613537.patch
# fix for salt interoperability issue: https://github.com/besser82/libxcrypt/pull/106
Patch3: libxcrypt-rh1899716.patch
BuildRequires: fipscheck
BuildRequires: libtool
Requires: glibc%{_isa} >= 2.26.9000-46
# We do not need to keep this forever.
%if 0%{?fedora} && 0%{?fedora} <= 31
# Inherited from former libcrypt package.
Obsoletes: libcrypt-nss <= 2.26.9000-33
# Obsolete former libcrypt properly.
Obsoletes: libcrypt <= 2.26.9000-46
# Provide virtual libcrypt as it has been done
# by former libcrypt{,-nss} packages from glibc.
Provides: libcrypt == 2.26.9000-46.1
Provides: libcrypt%{?_isa} == 2.26.9000-46.1
%endif
%description
libxcrypt is a modern library for one-way hashing of passwords. It
supports DES, MD5, SHA-2-256, SHA-2-512, and bcrypt-based password
hashes, and provides the traditional Unix 'crypt' and 'crypt_r'
interfaces, as well as a set of extended interfaces pioneered by
Openwall Linux, 'crypt_rn', 'crypt_ra', 'crypt_gensalt',
'crypt_gensalt_rn', and 'crypt_gensalt_ra'.
libxcrypt is intended to be used by login(1), passwd(1), and other
similar programs; that is, to hash a small number of passwords during
an interactive authentication dialogue with a human. It is not
suitable for use in bulk password-cracking applications, or in any
other situation where speed is more important than careful handling of
sensitive data. However, it *is* intended to be fast and lightweight
enough for use in servers that must field thousands of login attempts
per minute.
On Linux-based systems, by default libxcrypt will be binary backward
compatible with the libcrypt.so.1 shipped as part of the GNU C Library.
This means that all existing binary executables linked against glibc's
libcrypt should work unmodified with this library's libcrypt.so.1. We
have taken pains to provide exactly the same "symbol versions" as were
used by glibc on various CPU architectures, and to account for the
variety of ways in which the Openwall extensions were patched into
glibc's libcrypt by some Linux distributions. (For instance,
compatibility symlinks for SuSE's "libowcrypt" are provided.)
However, the converse is not true: programs linked against libxcrypt
will not work with glibc's libcrypt. Also, programs that use certain
legacy APIs supplied by glibc's libcrypt ('encrypt', 'encrypt_r',
'setkey', 'setkey_r', and 'fcrypt') cannot be compiled against libxcrypt.
%package devel
Summary: Development files for %{name}
Requires: %{name}%{?_isa} == %{version}-%{release}
Requires: glibc-devel%{?_isa} >= 2.26.9000-46
Requires: glibc-headers%{?_isa} >= 2.26.9000-46
Conflicts: man-pages < 4.15-3
%description devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.
%package static
Summary: Static library for -static linking with %{name}
Requires: %{name}-devel%{?_isa} == %{version}-%{release}
Requires: glibc-static%{?_isa} >= 2.26.9000-46
%description static
This package contains the libxcrypt static libraries for -static
linking. You don't need this, unless you link statically, which
is highly discouraged.
%prep
%autosetup -p 1
%{_bindir}/autoreconf -fiv
%build
%configure \
--libdir=/%{_lib} \
--disable-silent-rules \
--enable-shared \
--enable-static \
--disable-failure-tokens \
--enable-hashes=all \
--enable-obsolete-api=glibc \
--with-pkgconfigdir=%{_libdir}/pkgconfig
%make_build
%install
%make_install
# Get rid of libtool crap.
%{_bindir}/find %{buildroot} -name '*.la' -print -delete
# Install documentation to shared %%_pkgdocdir.
%{__install} -Dpm 0644 -t %{buildroot}%{_pkgdocdir} \
ChangeLog NEWS README THANKS TODO
%check
%make_build check || \
{
rc=$?;
echo "-----BEGIN TESTLOG-----";
%{__cat} test-suite.log;
echo "-----END TESTLOG-----";
exit $rc;
}
%ldconfig_scriptlets
%files
%license AUTHORS COPYING.LIB LICENSING
%doc %dir %{_pkgdocdir}
%doc %{_pkgdocdir}/NEWS
%doc %{_pkgdocdir}/README
%doc %{_pkgdocdir}/THANKS
/%{_lib}/.libcrypt.so.%{soc}.hmac
/%{_lib}/.libcrypt.so.%{sov}.hmac
/%{_lib}/libcrypt.so.%{soc}
/%{_lib}/libcrypt.so.%{sov}
%{_mandir}/man5/crypt.5.*
%files devel
%doc %{_pkgdocdir}/ChangeLog
%doc %{_pkgdocdir}/TODO
/%{_lib}/libcrypt.so
%{_includedir}/crypt.h
%{_libdir}/pkgconfig/libcrypt.pc
%{_libdir}/pkgconfig/%{name}.pc
%{_mandir}/man3/crypt.3.*
%{_mandir}/man3/crypt_r.3.*
%{_mandir}/man3/crypt_ra.3.*
%{_mandir}/man3/crypt_rn.3.*
%{_mandir}/man3/crypt_gensalt.3.*
%files static
/%{_lib}/libcrypt.a
%changelog
* Thu Apr 29 2021 Stanislav Zidek <szidek@redhat.com> - 4.1.1-6
+ libxcrypt-4.1.1-6
- Rebuilt with fixed binutils (#1954438)
* Wed Apr 7 2021 Stanislav Zidek <szidek@redhat.com> - 4.1.1-5
- Fixed salt interoperability issue (#1899716)
* Wed Aug 8 2018 Florian Weimer <fweimer@redhat.com> - 4.1.1-4
- Move development panpages to libxcrypt-devel (#1613824)
* Wed Aug 8 2018 Florian Weimer <fweimer@redhat.com> - 4.1.1-3
- Change crypt, crypt_r to return NULL on failure (#1613537)
* Wed Aug 8 2018 Florian Weimer <fweimer@redhat.com> - 4.1.1-2
- Add manpages aliases for crypt, crypt_r, crypt_ra (#1612157)
* Wed Aug 01 2018 Björn Esser <besser82@fedoraproject.org> - 4.1.1-1
- New upstream release
* Fri Jul 13 2018 Björn Esser <besser82@fedoraproject.org> - 4.1.0-1
- New upstream release
* Fri Jul 13 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.1-6
- Make testsuite fail on error again
- Update patch0 with more upstream fixes
* Fri Jul 13 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.1-5
- Add patch to update to recent development branch
- Re-enable SUNMD5 support as it is BSD licensed now
- Build compatibility symbols for glibc only
- Skip failing testsuite once
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Jun 29 2018 Florian Weimer <fweimer@redhat.com> - 4.0.1-3
- Remove CDDL from license list (#1592445)
* Fri Jun 29 2018 Florian Weimer <fweimer@redhat.com> - 4.0.1-2
- Remove SUNMD5 support (#1592445)
* Wed May 16 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.1-1
- New upstream release
* Sat Feb 17 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-5
- Switch to %%ldconfig_scriptlets
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Feb 01 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-3
- Add patch to fix unintialize value in badsalt test
* Wed Jan 31 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-2
- Add patch to fix bcrypt test with GCC8
* Sat Jan 27 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-1
- New upstream release
* Mon Jan 22 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.0.0-0.204.20180120git3436e7b
- Fix Obsoletes
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.203.20180120git3436e7b
- Update to new snapshot fixing cast-align
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.202.20180120gitde99d27
- Update to new snapshot (rhbz#1536752)
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.201.20171109git15447aa
- Use archful Obsoletes for libcrypt
- Add versioned Requires on glibc packages not shipping libcrypt
- Add comments about the packaging logic for replacing former libcrypt
* Fri Jan 12 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.200.20171109git15447aa
- Initial import (rhbz#1532794)
- Add Obsoletes/Provides for libcrypt
* Wed Jan 10 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.101.20171109git15447aa
- Fix style of %%git_{rel,ver}
* Tue Jan 09 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.100.git20171109.15447aa
- Initial rpm release (rhbz#1532794)
- Start revision at 0.100 to superseed builds from COPR

23
plans/ci.fmf
View File

@ -1,23 +0,0 @@
/fips-disabled-buildroot-disabled:
plan:
import:
url: https://pkgs.devel.redhat.com/git/tests/libxcrypt
name: /plans/ci/fips-disabled-buildroot-disabled
/fips-disabled-buildroot-enabled:
plan:
import:
url: https://pkgs.devel.redhat.com/git/tests/libxcrypt
name: /plans/ci/fips-disabled-buildroot-enabled
/fips-enabled-buildroot-disabled:
plan:
import:
url: https://pkgs.devel.redhat.com/git/tests/libxcrypt
name: /plans/ci/fips-enabled-buildroot-disabled
/fips-enabled-buildroot-enabled:
plan:
import:
url: https://pkgs.devel.redhat.com/git/tests/libxcrypt
name: /plans/ci/fips-enabled-buildroot-enabled

1
sources
View File

@ -1 +0,0 @@
SHA512 (libxcrypt-4.1.1.tar.gz) = 64f9453ffd0128e65dbafb981e5ee0e20eb1dcabae6290053a9ad30a071e37c8f970c83d2c58c61bddc7f3793af2e32344260cbfc9a69af8beca0b1650e44dff