Compare commits
No commits in common. "c9-beta" and "c8s" have entirely different histories.
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/libxcrypt-4.4.18.tar.gz
|
/libxcrypt-*.tar.*
|
||||||
|
@ -1 +0,0 @@
|
|||||||
ff71519c631bd39fe8b1aae076f26a992197aefc SOURCES/libxcrypt-4.4.18.tar.gz
|
|
@ -1,70 +0,0 @@
|
|||||||
From a1bff4255fb9cad501a8a5d4bffb8f95df0f615f Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
|
|
||||||
Date: Thu, 13 Aug 2020 18:51:50 +0200
|
|
||||||
Subject: [PATCH] crypt-port: Add the bits for compiling with link-time
|
|
||||||
optimization.
|
|
||||||
|
|
||||||
GCC 10.2 and LLVM/Clang 10 offer initial support for building
|
|
||||||
libraries, that are using symbol versioning features, with LTO.
|
|
||||||
|
|
||||||
To make use of this with GCC 10.2, the exported versioned symbols
|
|
||||||
need to be declared explicitly with __attribute__((symver (...))).
|
|
||||||
|
|
||||||
LLVM/Clang 10 supports symbol versioning with LTO out of the box
|
|
||||||
without any changes needed.
|
|
||||||
|
|
||||||
Fixes #24.
|
|
||||||
---
|
|
||||||
lib/crypt-port.h | 25 ++++++++++++++++++++++++-
|
|
||||||
1 file changed, 24 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/lib/crypt-port.h b/lib/crypt-port.h
|
|
||||||
index bec36ac..ca86261 100644
|
|
||||||
--- a/lib/crypt-port.h
|
|
||||||
+++ b/lib/crypt-port.h
|
|
||||||
@@ -179,11 +179,29 @@ _crypt_strcpy_or_abort (void *, const size_t, const void *);
|
|
||||||
# define _strong_alias(name, aliasname) \
|
|
||||||
extern __typeof (name) aliasname __THROW __attribute__ ((alias (#name)))
|
|
||||||
|
|
||||||
+/* Starting with GCC 10.2, we can use the symver attribute, which also works
|
|
||||||
+ with link-time optimization enabled. */
|
|
||||||
+# if __GNUC__ > 10 || (__GNUC__ == 10 && __GNUC_MINOR__ >= 2)
|
|
||||||
+
|
|
||||||
+/* Referencing specific _compatibility_ symbols still needs inline asm. */
|
|
||||||
+# define _symver_ref(extstr, intname, version) \
|
|
||||||
+ __asm__ (".symver " #intname "," extstr "@" #version)
|
|
||||||
+
|
|
||||||
+/* Set the symbol version for EXTNAME, which uses INTNAME as its
|
|
||||||
+ implementation. */
|
|
||||||
+# define symver_set(extstr, intname, version, mode) \
|
|
||||||
+ extern __typeof (intname) intname __THROW \
|
|
||||||
+ __attribute__((symver (extstr mode #version)))
|
|
||||||
+
|
|
||||||
+# else
|
|
||||||
+
|
|
||||||
/* Set the symbol version for EXTNAME, which uses INTNAME as its
|
|
||||||
implementation. */
|
|
||||||
# define symver_set(extstr, intname, version, mode) \
|
|
||||||
__asm__ (".symver " #intname "," extstr mode #version)
|
|
||||||
|
|
||||||
+# endif
|
|
||||||
+
|
|
||||||
#else
|
|
||||||
# error "Don't know how to do symbol versioning with this compiler"
|
|
||||||
#endif
|
|
||||||
@@ -239,9 +257,14 @@ _crypt_strcpy_or_abort (void *, const size_t, const void *);
|
|
||||||
|
|
||||||
/* Tests may need to _refer_ to compatibility symbols, but should never need
|
|
||||||
to _define_ them. */
|
|
||||||
-
|
|
||||||
#define symver_ref(extstr, intname, version) \
|
|
||||||
+ _symver_ref(extstr, intname, version)
|
|
||||||
+
|
|
||||||
+/* Generic way for referencing specific _compatibility_ symbols. */
|
|
||||||
+#ifndef _symver_ref
|
|
||||||
+#define _symver_ref(extstr, intname, version) \
|
|
||||||
symver_set(extstr, intname, version, "@")
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
/* Define configuration macros used during compile-time by the
|
|
||||||
GOST R 34.11-2012 "Streebog" hash function. */
|
|
@ -1,678 +0,0 @@
|
|||||||
# Build with new api?
|
|
||||||
%if 0%{?fedora} >= 30 || 0%{?rhel} >= 9
|
|
||||||
%bcond_without new_api
|
|
||||||
%else
|
|
||||||
%bcond_with new_api
|
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
# Build the compat package?
|
|
||||||
%if !(0%{?fedora} >= 999 || 0%{?rhel} >= 99) && %{with new_api}
|
|
||||||
%bcond_without compat_pkg
|
|
||||||
%else
|
|
||||||
%bcond_with compat_pkg
|
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
# Replace obsolete functions with a stub?
|
|
||||||
%if (0%{?fedora} >= 30 || 0%{?rhel} >= 9) && %{with compat_pkg}
|
|
||||||
%bcond_without enosys_stubs
|
|
||||||
%else
|
|
||||||
%bcond_with enosys_stubs
|
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
# Build the static library?
|
|
||||||
%bcond_without staticlib
|
|
||||||
|
|
||||||
|
|
||||||
# Shared object version of libcrypt.
|
|
||||||
%if %{with new_api}
|
|
||||||
%global soc 2
|
|
||||||
%global sol 0
|
|
||||||
%global sof 0
|
|
||||||
%global sov %{soc}.%{sol}.%{sof}
|
|
||||||
%else
|
|
||||||
%global soc 1
|
|
||||||
%global sol 1
|
|
||||||
%global sof 0
|
|
||||||
%global sov %{soc}.%{sol}.%{sof}
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{with compat_pkg}
|
|
||||||
%global csoc 1
|
|
||||||
%global csol 1
|
|
||||||
%global csof 0
|
|
||||||
%global csov %{csoc}.%{csol}.%{csof}
|
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
# First version of glibc built without libcrypt.
|
|
||||||
%global glibc_minver 2.27
|
|
||||||
|
|
||||||
|
|
||||||
# The libxcrypt-devel package conflicts with out-dated manuals
|
|
||||||
# shipped with the man-pages packages *before* this EVR.
|
|
||||||
%global man_pages_minver 4.15-3
|
|
||||||
|
|
||||||
|
|
||||||
# Hash methods and API supported by libcrypt.
|
|
||||||
# NEVER EVER touch this, if you do NOT know what you are doing!
|
|
||||||
%global hash_methods all
|
|
||||||
|
|
||||||
%if %{with new_api}
|
|
||||||
%global obsolete_api no
|
|
||||||
%else
|
|
||||||
%global obsolete_api glibc
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{with compat_pkg}
|
|
||||||
%global compat_methods all
|
|
||||||
%global compat_api glibc
|
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
# Do we replace the obsolete API functions with stubs?
|
|
||||||
%if %{with enosys_stubs}
|
|
||||||
%global enosys_stubs yes
|
|
||||||
%else
|
|
||||||
%global enosys_stubs no
|
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
# Needed for the distribution README file.
|
|
||||||
%if 0%{?fedora}
|
|
||||||
%global distname .fedora
|
|
||||||
%else
|
|
||||||
%if 0%{?rhel}
|
|
||||||
%global distname .rhel
|
|
||||||
%else
|
|
||||||
%global distname .distribution
|
|
||||||
%endif
|
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
# Needed for out-of-tree builds.
|
|
||||||
%global _configure "$(realpath ../configure)"
|
|
||||||
|
|
||||||
|
|
||||||
# Common configure options.
|
|
||||||
%global common_configure_options \\\
|
|
||||||
--disable-failure-tokens \\\
|
|
||||||
--disable-silent-rules \\\
|
|
||||||
--enable-shared \\\
|
|
||||||
%if %{with staticlib} \
|
|
||||||
--enable-static \\\
|
|
||||||
%else \
|
|
||||||
--disable-static \\\
|
|
||||||
%endif \
|
|
||||||
--disable-valgrind \\\
|
|
||||||
--srcdir=$(realpath ..) \\\
|
|
||||||
--with-pkgconfigdir=%{_libdir}/pkgconfig
|
|
||||||
|
|
||||||
|
|
||||||
# Macros for shorthand.
|
|
||||||
%global _fipsdir %{_libdir}/fipscheck
|
|
||||||
|
|
||||||
|
|
||||||
# Add generation of HMAC checksums of the final stripped
|
|
||||||
# binaries. %%define with lazy globbing is used here
|
|
||||||
# intentionally, because using %%global does not work.
|
|
||||||
%define __spec_install_post \
|
|
||||||
%{?__debug_package:%{__debug_install_post}} \
|
|
||||||
%{__arch_install_post} \
|
|
||||||
%{__os_install_post} \
|
|
||||||
libdir="%{buildroot}%{_libdir}" \
|
|
||||||
fipsdir="$libdir/fipscheck" \
|
|
||||||
mkdir -p $fipsdir \
|
|
||||||
fipshmac -d $fipsdir \\\
|
|
||||||
$libdir/libcrypt.so.%{sov} \
|
|
||||||
ln -s libcrypt.so.%{sov}.hmac \\\
|
|
||||||
$fipsdir/libcrypt.so.%{soc}.hmac \
|
|
||||||
if [[ %{with staticlib} == 1 ]]; then \
|
|
||||||
fipshmac -d $fipsdir \\\
|
|
||||||
$libdir/libcrypt.a \
|
|
||||||
if [[ %{without new_api} == 1 ]]; then \
|
|
||||||
ln -s .libcrypt.a.hmac \\\
|
|
||||||
$fipsdir/libxcrypt.a.hmac \
|
|
||||||
fi \
|
|
||||||
fi \
|
|
||||||
if [[ %{with compat_pkg} == 1 ]]; then \
|
|
||||||
fipshmac -d $fipsdir \\\
|
|
||||||
$libdir/libcrypt.so.%{csov} \
|
|
||||||
ln -s libcrypt.so.%{csov}.hmac \\\
|
|
||||||
$fipsdir/libcrypt.so.%{csoc}.hmac \
|
|
||||||
fi \
|
|
||||||
%{nil}
|
|
||||||
|
|
||||||
|
|
||||||
# Fail linking if there are undefined symbols.
|
|
||||||
# Required for proper ELF symbol versioning support.
|
|
||||||
%global _ld_strict_symbol_defs 1
|
|
||||||
|
|
||||||
|
|
||||||
Name: libxcrypt
|
|
||||||
Version: 4.4.18
|
|
||||||
Release: 3%{?dist}
|
|
||||||
Summary: Extended crypt library for descrypt, md5crypt, bcrypt, and others
|
|
||||||
|
|
||||||
# For explicit license breakdown, see the
|
|
||||||
# LICENSING file in the source tarball.
|
|
||||||
License: LGPLv2+ and BSD and Public Domain
|
|
||||||
URL: https://github.com/besser82/%{name}
|
|
||||||
Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
|
|
||||||
|
|
||||||
# Patch 0000 - 2999: Backported patches from upstream.
|
|
||||||
|
|
||||||
# Patch 3000 - 5999: Backported patches from pull requests.
|
|
||||||
Patch3000: libxcrypt-4.4.17-enable_LTO_build.patch
|
|
||||||
|
|
||||||
# Patch 6000 - 9999: Downstream patches.
|
|
||||||
|
|
||||||
BuildRequires: autoconf
|
|
||||||
BuildRequires: automake
|
|
||||||
BuildRequires: fipscheck
|
|
||||||
BuildRequires: gcc
|
|
||||||
BuildRequires: glibc-devel >= %{glibc_minver}
|
|
||||||
BuildRequires: libtool
|
|
||||||
BuildRequires: make
|
|
||||||
BuildRequires: perl-core
|
|
||||||
|
|
||||||
# We do not need to keep this forever.
|
|
||||||
%if !(0%{?fedora} > 31 || 0%{?rhel} > 10)
|
|
||||||
# Inherited from former libcrypt package.
|
|
||||||
Obsoletes: libcrypt-nss < %{glibc_minver}
|
|
||||||
Provides: libcrypt-nss = %{glibc_minver}
|
|
||||||
Provides: libcrypt-nss%{?_isa} = %{glibc_minver}
|
|
||||||
|
|
||||||
# Obsolete former libcrypt properly and provide a virtual libcrypt
|
|
||||||
# package as it has been done by the former packages, which were
|
|
||||||
# built by glibc before.
|
|
||||||
Obsoletes: libcrypt < %{glibc_minver}
|
|
||||||
Provides: libcrypt = %{glibc_minver}
|
|
||||||
Provides: libcrypt%{?_isa} = %{glibc_minver}
|
|
||||||
|
|
||||||
# Obsolete former libxcrypt-common properly.
|
|
||||||
Obsoletes: %{name}-common < 4.3.3-4
|
|
||||||
Provides: %{name}-common = %{version}-%{release}
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{with new_api} && %{without compat_pkg}
|
|
||||||
Obsoletes: %{name}-compat < %{version}-%{release}
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# We need a version of glibc, that doesn't build libcrypt anymore.
|
|
||||||
Requires: glibc%{?_isa} >= %{glibc_minver}
|
|
||||||
|
|
||||||
%if 0%{?fedora} >= 30
|
|
||||||
Recommends: mkpasswd
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%description
|
|
||||||
libxcrypt is a modern library for one-way hashing of passwords. It
|
|
||||||
supports a wide variety of both modern and historical hashing methods:
|
|
||||||
yescrypt, gost-yescrypt, scrypt, bcrypt, sha512crypt, sha256crypt,
|
|
||||||
md5crypt, SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt, and descrypt.
|
|
||||||
It provides the traditional Unix crypt and crypt_r interfaces, as well
|
|
||||||
as a set of extended interfaces pioneered by Openwall Linux, crypt_rn,
|
|
||||||
crypt_ra, crypt_gensalt, crypt_gensalt_rn, and crypt_gensalt_ra.
|
|
||||||
|
|
||||||
libxcrypt is intended to be used by login(1), passwd(1), and other
|
|
||||||
similar programs; that is, to hash a small number of passwords during
|
|
||||||
an interactive authentication dialogue with a human. It is not suitable
|
|
||||||
for use in bulk password-cracking applications, or in any other situation
|
|
||||||
where speed is more important than careful handling of sensitive data.
|
|
||||||
However, it is intended to be fast and lightweight enough for use in
|
|
||||||
servers that must field thousands of login attempts per minute.
|
|
||||||
%if %{with new_api}
|
|
||||||
This version of the library does not provide the legacy API functions
|
|
||||||
that have been provided by glibc's libcrypt.so.1.
|
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
%if %{with compat_pkg}
|
|
||||||
%package compat
|
|
||||||
Summary: Compatibility library providing legacy API functions
|
|
||||||
|
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
||||||
Requires: glibc%{?_isa} >= %{glibc_minver}
|
|
||||||
|
|
||||||
%description compat
|
|
||||||
This package contains the library providing the compatibility API
|
|
||||||
for applications that are linked against glibc's libxcrypt, or that
|
|
||||||
are still using the unsafe and deprecated, encrypt, encrypt_r,
|
|
||||||
setkey, setkey_r, and fcrypt functions, which are still required by
|
|
||||||
recent versions of POSIX, the Single UNIX Specification, and various
|
|
||||||
other standards.
|
|
||||||
|
|
||||||
All existing binary executables linked against glibc's libcrypt should
|
|
||||||
work unmodified with the library supplied by this package.
|
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
%package devel
|
|
||||||
Summary: Development files for %{name}
|
|
||||||
|
|
||||||
Conflicts: man-pages < %{man_pages_minver}
|
|
||||||
|
|
||||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
|
||||||
Requires: glibc-devel%{?_isa} >= %{glibc_minver}
|
|
||||||
|
|
||||||
%description devel
|
|
||||||
The %{name}-devel package contains libraries and header files for
|
|
||||||
developing applications that use %{name}.
|
|
||||||
|
|
||||||
|
|
||||||
%if %{with staticlib}
|
|
||||||
%package static
|
|
||||||
Summary: Static library for -static linking with %{name}
|
|
||||||
|
|
||||||
Requires: %{name}-devel%{?_isa} = %{version}-%{release}
|
|
||||||
Requires: glibc-devel%{?_isa} >= %{glibc_minver}
|
|
||||||
Requires: glibc-static%{?_isa} >= %{glibc_minver}
|
|
||||||
|
|
||||||
%description static
|
|
||||||
This package contains the libxcrypt static library for -static
|
|
||||||
linking.
|
|
||||||
|
|
||||||
You don't need this, unless you link statically, which is highly
|
|
||||||
discouraged.
|
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
%prep
|
|
||||||
%autosetup -p 1
|
|
||||||
|
|
||||||
$(realpath ./autogen.sh)
|
|
||||||
|
|
||||||
%if %{with new_api}
|
|
||||||
cat << EOF >> README%{distname}
|
|
||||||
This version of the %{name} package ships the libcrypt.so.2
|
|
||||||
library and does not provide the legacy API functions that have
|
|
||||||
been provided by glibc's libcrypt.so.1. The removed functions
|
|
||||||
by name are encrypt, encrypt_r, setkey, setkey_r, and fcrypt.
|
|
||||||
%if %{with compat_pkg}
|
|
||||||
|
|
||||||
If you are using a third-party application that links against
|
|
||||||
those functions, or that is linked against glibc's libcrypt,
|
|
||||||
you may need to install the %{name}-compat package manually.
|
|
||||||
|
|
||||||
All existing binary executables linked against glibc's libcrypt
|
|
||||||
should work unmodified with the libcrypt.so.1 library supplied
|
|
||||||
by the %{name}-compat package.
|
|
||||||
%endif
|
|
||||||
EOF
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{with enosys_stubs}
|
|
||||||
cat << EOF >> README.posix
|
|
||||||
This version of the libcrypt.so.1 library has entirely removed
|
|
||||||
the functionality of the encrypt, encrypt_r, setkey, setkey_r,
|
|
||||||
and fcrypt functions, while keeping fully binary compatibility
|
|
||||||
with existing (third-party) applications possibly still using
|
|
||||||
those funtions. If such an application attemps to call one of
|
|
||||||
these functions, the corresponding function will indicate that
|
|
||||||
it is not supported by the system in a POSIX-compliant way.
|
|
||||||
|
|
||||||
For security reasons, the encrypt and encrypt_r functions will
|
|
||||||
also overwrite their data-block argument with random bits.
|
|
||||||
|
|
||||||
All existing binary executables linked against glibc's libcrypt
|
|
||||||
should work unmodified with the provided version of the
|
|
||||||
libcrypt.so.1 library in place.
|
|
||||||
EOF
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%if %{with staticlib}
|
|
||||||
cat << EOF >> README.static
|
|
||||||
Applications that use certain legacy APIs supplied by glibc’s
|
|
||||||
libcrypt (encrypt, encrypt_r, setkey, setkey_r, and fcrypt)
|
|
||||||
cannot be compiled nor linked against the supplied build of
|
|
||||||
the object files provided in the static library libcrypt.a.
|
|
||||||
EOF
|
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
%build
|
|
||||||
mkdir -p %{_vpath_builddir}
|
|
||||||
|
|
||||||
# Build the default system library.
|
|
||||||
pushd %{_vpath_builddir}
|
|
||||||
%configure \
|
|
||||||
%{common_configure_options} \
|
|
||||||
--enable-hashes=%{hash_methods} \
|
|
||||||
--enable-obsolete-api=%{obsolete_api} \
|
|
||||||
%if %{with new_api}
|
|
||||||
--enable-obsolete-api-enosys=%{obsolete_api}
|
|
||||||
%else
|
|
||||||
--enable-obsolete-api-enosys=%{enosys_stubs}
|
|
||||||
%endif
|
|
||||||
%make_build
|
|
||||||
popd
|
|
||||||
|
|
||||||
%if %{with compat_pkg}
|
|
||||||
mkdir -p %{_vpath_builddir}-compat
|
|
||||||
|
|
||||||
# Build the compatibility library.
|
|
||||||
pushd %{_vpath_builddir}-compat
|
|
||||||
%configure \
|
|
||||||
%{common_configure_options} \
|
|
||||||
--enable-hashes=%{compat_methods} \
|
|
||||||
--enable-obsolete-api=%{compat_api} \
|
|
||||||
--enable-obsolete-api-enosys=%{enosys_stubs}
|
|
||||||
%make_build
|
|
||||||
popd
|
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
%install
|
|
||||||
%if %{with compat_pkg}
|
|
||||||
# Install the compatibility library.
|
|
||||||
%make_install -C %{_vpath_builddir}-compat
|
|
||||||
|
|
||||||
# Cleanup everything we do not need from the compatibility library.
|
|
||||||
find %{buildroot} -xtype f -not -name 'libcrypt.so.%{csoc}*' -delete -print
|
|
||||||
find %{buildroot} -type l -not -name 'libcrypt.so.%{csoc}*' -delete -print
|
|
||||||
%endif
|
|
||||||
|
|
||||||
# Install the default system library.
|
|
||||||
%make_install -C %{_vpath_builddir}
|
|
||||||
|
|
||||||
# Get rid of libtool crap.
|
|
||||||
find %{buildroot} -name '*.la' -delete -print
|
|
||||||
|
|
||||||
# Install documentation to shared %%_pkgdocdir.
|
|
||||||
install -Dpm 0644 -t %{buildroot}%{_pkgdocdir} \
|
|
||||||
ChangeLog NEWS README* THANKS TODO
|
|
||||||
|
|
||||||
# Drop README.md as it is identical to README.
|
|
||||||
rm -f %{buildroot}%{_pkgdocdir}/README.md
|
|
||||||
|
|
||||||
|
|
||||||
%check
|
|
||||||
build_dirs="%{_vpath_builddir}"
|
|
||||||
%if %{with compat_pkg}
|
|
||||||
build_dirs="${build_dirs} %{_vpath_builddir}-compat"
|
|
||||||
%endif
|
|
||||||
for dir in ${build_dirs}; do
|
|
||||||
%make_build -C ${dir} check || \
|
|
||||||
{
|
|
||||||
rc=$?;
|
|
||||||
echo "-----BEGIN TESTLOG: ${dir}-----";
|
|
||||||
cat ${dir}/test-suite.log;
|
|
||||||
echo "-----END TESTLOG: ${dir}-----";
|
|
||||||
exit $rc;
|
|
||||||
}
|
|
||||||
done
|
|
||||||
|
|
||||||
|
|
||||||
%ldconfig_scriptlets
|
|
||||||
%if %{with compat_pkg}
|
|
||||||
%ldconfig_scriptlets compat
|
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
%files
|
|
||||||
%dir %{_fipsdir}
|
|
||||||
%doc %dir %{_pkgdocdir}
|
|
||||||
%doc %{_pkgdocdir}/NEWS
|
|
||||||
%doc %{_pkgdocdir}/README
|
|
||||||
%if %{with new_api}
|
|
||||||
%doc %{_pkgdocdir}/README%{distname}
|
|
||||||
%endif
|
|
||||||
%if %{with enosys_stubs} && %{without compat_pkg}
|
|
||||||
%doc %{_pkgdocdir}/README.posix
|
|
||||||
%endif
|
|
||||||
%doc %{_pkgdocdir}/THANKS
|
|
||||||
%license AUTHORS COPYING.LIB LICENSING
|
|
||||||
%{_fipsdir}/libcrypt.so.%{soc}.hmac
|
|
||||||
%{_fipsdir}/libcrypt.so.%{sov}.hmac
|
|
||||||
%{_libdir}/libcrypt.so.%{soc}
|
|
||||||
%{_libdir}/libcrypt.so.%{sov}
|
|
||||||
%{_mandir}/man5/crypt.5*
|
|
||||||
|
|
||||||
|
|
||||||
%if %{with compat_pkg}
|
|
||||||
%files compat
|
|
||||||
%dir %{_fipsdir}
|
|
||||||
%if %{with enosys_stubs}
|
|
||||||
%doc %{_pkgdocdir}/README.posix
|
|
||||||
%endif
|
|
||||||
%{_fipsdir}/libcrypt.so.%{csoc}.hmac
|
|
||||||
%{_fipsdir}/libcrypt.so.%{csov}.hmac
|
|
||||||
%{_libdir}/libcrypt.so.%{csoc}
|
|
||||||
%{_libdir}/libcrypt.so.%{csov}
|
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
%files devel
|
|
||||||
%doc %{_pkgdocdir}/ChangeLog
|
|
||||||
%doc %{_pkgdocdir}/TODO
|
|
||||||
%{_libdir}/libcrypt.so
|
|
||||||
%if %{without new_api}
|
|
||||||
%{_libdir}/libxcrypt.so
|
|
||||||
%endif
|
|
||||||
%{_includedir}/crypt.h
|
|
||||||
%if %{without new_api}
|
|
||||||
%{_includedir}/xcrypt.h
|
|
||||||
%endif
|
|
||||||
%{_libdir}/pkgconfig/libcrypt.pc
|
|
||||||
%{_libdir}/pkgconfig/%{name}.pc
|
|
||||||
%{_mandir}/man3/crypt.3*
|
|
||||||
%{_mandir}/man3/crypt_r.3*
|
|
||||||
%{_mandir}/man3/crypt_ra.3*
|
|
||||||
%{_mandir}/man3/crypt_rn.3*
|
|
||||||
%{_mandir}/man3/crypt_checksalt.3*
|
|
||||||
%{_mandir}/man3/crypt_gensalt.3*
|
|
||||||
%{_mandir}/man3/crypt_gensalt_ra.3*
|
|
||||||
%{_mandir}/man3/crypt_gensalt_rn.3*
|
|
||||||
%{_mandir}/man3/crypt_preferred_method.3*
|
|
||||||
|
|
||||||
|
|
||||||
%if %{with staticlib}
|
|
||||||
%files static
|
|
||||||
%dir %{_fipsdir}
|
|
||||||
%doc %{_pkgdocdir}/README.static
|
|
||||||
%{_fipsdir}/libcrypt.a.hmac
|
|
||||||
%if %{without new_api}
|
|
||||||
%{_fipsdir}/libxcrypt.a.hmac
|
|
||||||
%endif
|
|
||||||
%{_libdir}/libcrypt.a
|
|
||||||
%if %{without new_api}
|
|
||||||
%{_libdir}/libxcrypt.a
|
|
||||||
%endif
|
|
||||||
%endif
|
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
|
||||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4.4.18-3
|
|
||||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
|
||||||
Related: rhbz#1991688
|
|
||||||
|
|
||||||
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 4.4.18-2
|
|
||||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
|
||||||
|
|
||||||
* Sat Feb 20 2021 Björn Esser <besser82@fedoraproject.org> - 4.4.18-1
|
|
||||||
- New upstream release
|
|
||||||
- Add explicit BR: perl-core
|
|
||||||
|
|
||||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.17-2
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
|
||||||
|
|
||||||
* Sun Aug 23 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.17-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Sat Aug 15 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.16-7
|
|
||||||
- Add a patch to add support for LTO builds
|
|
||||||
- Enable LTO
|
|
||||||
- Add a patch to fix Wformat-overflow
|
|
||||||
|
|
||||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.16-6
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Jun 30 2020 Jeff Law <law@redhat.com> - 4.4.16-5
|
|
||||||
- Disable LTO
|
|
||||||
|
|
||||||
* Fri Jun 19 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.16-4
|
|
||||||
- Trim %%changelog starting with v4.4.0
|
|
||||||
- Remove memcheck conditional
|
|
||||||
|
|
||||||
* Sat Apr 25 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.16-3
|
|
||||||
- Explicitly force linking with '-Wl,-z,defs'
|
|
||||||
|
|
||||||
* Fri Apr 24 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.16-2
|
|
||||||
- Move fipscheck hmac checksums to %%{_libdir}/fipscheck
|
|
||||||
|
|
||||||
* Sat Apr 04 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.16-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Thu Apr 02 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.15-2
|
|
||||||
- Move library from %%_lib to %%_libdir
|
|
||||||
|
|
||||||
* Wed Feb 26 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.15-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Mon Feb 17 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.14-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Sun Feb 16 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.13-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Tue Feb 11 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.12-3
|
|
||||||
- Add an upstream patch to fix a typo in the documentation
|
|
||||||
|
|
||||||
* Wed Feb 05 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.12-2
|
|
||||||
- Add two upstream patches to resolve minor bugs
|
|
||||||
|
|
||||||
* Thu Jan 30 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.12-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.11-2
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
||||||
|
|
||||||
* Sat Jan 18 2020 Björn Esser <besser82@fedoraproject.org> - 4.4.11-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Sun Dec 15 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.10-2
|
|
||||||
- Add two upstream patches to fix build with upcoming GCC-10
|
|
||||||
|
|
||||||
* Wed Sep 18 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.10-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Sat Sep 07 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.9-1
|
|
||||||
- New upstream release (#1750010)
|
|
||||||
|
|
||||||
* Sun Sep 01 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.8-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Sat Aug 24 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.7-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.6-3
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
||||||
|
|
||||||
* Mon Jun 24 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.6-2
|
|
||||||
- Build all hash methods for the compat package
|
|
||||||
- Add a patch to fix Wformat in crypt-kat.c
|
|
||||||
|
|
||||||
* Sun May 05 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.6-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Sat May 04 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.5-1
|
|
||||||
- New upstream release (#1706419)
|
|
||||||
- Add patch to remove an unneeded union keyword
|
|
||||||
- Add patch to make unalignment test really unaligned
|
|
||||||
|
|
||||||
* Fri Mar 15 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.4-2
|
|
||||||
- Change Recommends: whois-mkpasswd to Fedora 30 and later (#1687870)
|
|
||||||
|
|
||||||
* Mon Mar 04 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.4-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Tue Feb 19 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.3-10
|
|
||||||
- Fix versioned requirements on glibc
|
|
||||||
|
|
||||||
* Tue Feb 19 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.3-9
|
|
||||||
- Fix conditional in __spec_install_post
|
|
||||||
|
|
||||||
* Tue Feb 19 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.3-8
|
|
||||||
- Update Obsoletes, Provides, and Requires to glibc 2.27
|
|
||||||
- Add Recommends: whois-mkpasswd for Fedora
|
|
||||||
- Optimize installation of the documentation files
|
|
||||||
- Fix %%description
|
|
||||||
- Use an absolute path for the configure script and srcdir
|
|
||||||
|
|
||||||
* Tue Feb 19 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.3-7
|
|
||||||
- Add patch to fix the output formatting of a test
|
|
||||||
|
|
||||||
* Wed Feb 06 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.3-6
|
|
||||||
- Always build all supported hash methods
|
|
||||||
- Drop distcheck at the end of %%check stage
|
|
||||||
|
|
||||||
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.3-5
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
||||||
|
|
||||||
* Wed Jan 30 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.3-4
|
|
||||||
- Add a README.posix file with information about the stub functions
|
|
||||||
- Add a README.static file with information about the static library
|
|
||||||
|
|
||||||
* Wed Jan 30 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.3-3
|
|
||||||
- Replace unsafe functions in libxcrypt-compat with stubs (#1670735)
|
|
||||||
|
|
||||||
* Thu Jan 24 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.3-2
|
|
||||||
- Fix and simplify the conditionals for the compat package
|
|
||||||
- Add an option to replace unsafe functions in the compat lib with a stub
|
|
||||||
- Add patch to fix another possible format-overflow
|
|
||||||
|
|
||||||
* Thu Jan 24 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.3-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Thu Jan 24 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.2-8
|
|
||||||
- Optimize file removal for compatibility library
|
|
||||||
|
|
||||||
* Mon Jan 21 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.2-7
|
|
||||||
- Add two upstream patches to fix build with GCC 9
|
|
||||||
|
|
||||||
* Mon Jan 21 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.2-6
|
|
||||||
- Add upstream patch to add proper C++-guards in <xcrypt.h>
|
|
||||||
|
|
||||||
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.2-5
|
|
||||||
- Build the compat package with glibc hashing methods only
|
|
||||||
- Add an option to disable the compat-package for future use
|
|
||||||
|
|
||||||
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 4.4.2-4
|
|
||||||
- Bump SO-name for Fedora >= 30 and enable compat package (#1666033)
|
|
||||||
- Add distribution README file
|
|
||||||
- Update description of the compat package
|
|
||||||
- Conditionally remove non-built hashing methods from description
|
|
||||||
|
|
||||||
* Sun Dec 23 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.2-3
|
|
||||||
- Remove architecture bits from Recommends
|
|
||||||
|
|
||||||
* Sun Dec 23 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.2-2
|
|
||||||
- Update summary
|
|
||||||
|
|
||||||
* Sat Dec 22 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.2-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Thu Dec 06 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.1-1
|
|
||||||
- New upstream release
|
|
||||||
|
|
||||||
* Tue Dec 04 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.0-5
|
|
||||||
- Sync -fno-plt patch with upstream commit
|
|
||||||
|
|
||||||
* Tue Dec 04 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.0-4
|
|
||||||
- Backport upstream commit to fix a memory leak from a static pointer
|
|
||||||
|
|
||||||
* Tue Dec 04 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.0-3
|
|
||||||
- Backport upstream PR to build with -fno-plt optimization
|
|
||||||
|
|
||||||
* Mon Nov 26 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.0-2
|
|
||||||
- Backport upstream commit to use a safer strcpy for the NT method
|
|
||||||
- Backport upstream generating base64 encoded output for NT gensalt
|
|
||||||
- Backport upstream commit to require less rbytes for NT gensalt
|
|
||||||
- Backport upstream commit to test incremental hmac-sha256 computation
|
|
||||||
- Add Recommends: mkpasswd for Fedora >= 30
|
|
||||||
|
|
||||||
* Tue Nov 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.4.0-1
|
|
||||||
- New upstream release
|
|
8
gating.yaml
Normal file
8
gating.yaml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
# recipients: glibc-bugzilla
|
||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- rhel-8
|
||||||
|
decision_context: osci_compose_gate
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
||||||
|
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}
|
67
libxcrypt-rh1612157.patch
Normal file
67
libxcrypt-rh1612157.patch
Normal file
@ -0,0 +1,67 @@
|
|||||||
|
commit cc1806e214b89403152c2c53932d8d0b8aeb1e91
|
||||||
|
Author: Björn Esser <besser82@fedoraproject.org>
|
||||||
|
Date: Sat Aug 4 13:02:03 2018 +0200
|
||||||
|
|
||||||
|
Add alias man-pages for other crypt functions.
|
||||||
|
|
||||||
|
diff --git a/Makefile.am b/Makefile.am
|
||||||
|
index 201dea53313e7054..1ea36121d085b55d 100644
|
||||||
|
--- a/Makefile.am
|
||||||
|
+++ b/Makefile.am
|
||||||
|
@@ -15,7 +15,8 @@ EXTRA_DIST = \
|
||||||
|
gen-map.awk gen-vers.awk gen-crypt-h.awk \
|
||||||
|
gen-hashes.awk sel-hashes.awk hashes.lst
|
||||||
|
|
||||||
|
-notrans_dist_man3_MANS = crypt_rn.3 crypt_gensalt.3
|
||||||
|
+notrans_dist_man3_MANS = crypt.3 crypt_r.3 crypt_ra.3 \
|
||||||
|
+ crypt_rn.3 crypt_gensalt.3
|
||||||
|
notrans_dist_man5_MANS = crypt.5
|
||||||
|
|
||||||
|
nodist_include_HEADERS = crypt.h
|
||||||
|
diff --git a/crypt.3 b/crypt.3
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000000000..430e48f320d6e8af
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/crypt.3
|
||||||
|
@@ -0,0 +1 @@
|
||||||
|
+.so man3/crypt_rn.3
|
||||||
|
diff --git a/crypt.5 b/crypt.5
|
||||||
|
index 5db9c923cbd66e55..7fe46091f192b114 100644
|
||||||
|
--- a/crypt.5
|
||||||
|
+++ b/crypt.5
|
||||||
|
@@ -279,6 +279,8 @@ that will work on an old operating system that supports nothing else.
|
||||||
|
.hash "$3$" "\e$3\e$\e$[0-9a-f]{32}" unlimited 8 256 256 0 1
|
||||||
|
.SH SEE ALSO
|
||||||
|
.BR crypt (3),
|
||||||
|
+.BR crypt_r (3),
|
||||||
|
+.BR crypt_ra (3),
|
||||||
|
.BR crypt_rn (3),
|
||||||
|
.BR crypt_gensalt (3),
|
||||||
|
.BR getpwent (3),
|
||||||
|
diff --git a/crypt_gensalt.3 b/crypt_gensalt.3
|
||||||
|
index ebfff28db79a3c53..31097400e5cd2080 100644
|
||||||
|
--- a/crypt_gensalt.3
|
||||||
|
+++ b/crypt_gensalt.3
|
||||||
|
@@ -223,6 +223,8 @@ T} Thread safety MT-Safe
|
||||||
|
.SH SEE ALSO
|
||||||
|
.ad l
|
||||||
|
.BR crypt (3),
|
||||||
|
+.BR crypt_r (3),
|
||||||
|
+.BR crypt_ra (3),
|
||||||
|
.BR crypt_rn (3),
|
||||||
|
.BR getpass (3),
|
||||||
|
.BR getpwent (3),
|
||||||
|
diff --git a/crypt_r.3 b/crypt_r.3
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000000000..430e48f320d6e8af
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/crypt_r.3
|
||||||
|
@@ -0,0 +1 @@
|
||||||
|
+.so man3/crypt_rn.3
|
||||||
|
diff --git a/crypt_ra.3 b/crypt_ra.3
|
||||||
|
new file mode 100644
|
||||||
|
index 0000000000000000..430e48f320d6e8af
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/crypt_ra.3
|
||||||
|
@@ -0,0 +1 @@
|
||||||
|
+.so man3/crypt_rn.3
|
320
libxcrypt-rh1613537.patch
Normal file
320
libxcrypt-rh1613537.patch
Normal file
@ -0,0 +1,320 @@
|
|||||||
|
commit 8596e298f761c32cecff45424f5242cd14269292
|
||||||
|
Author: Zack Weinberg <zackw@panix.com>
|
||||||
|
Date: Tue Aug 7 21:35:12 2018 -0400
|
||||||
|
|
||||||
|
Add configure option --disable-failure-tokens.
|
||||||
|
|
||||||
|
When this option is given, crypt and crypt_r will return NULL on
|
||||||
|
failure, instead of a special "failure token" string that isn't the
|
||||||
|
hash of any passphrase. This was the historical behavior of glibc,
|
||||||
|
FreeBSD libc, and several other implementations.
|
||||||
|
|
||||||
|
diff --git a/configure.ac b/configure.ac
|
||||||
|
index a22a5926bd82f729..23651f9c5c886107 100644
|
||||||
|
--- a/configure.ac
|
||||||
|
+++ b/configure.ac
|
||||||
|
@@ -152,6 +152,25 @@ AC_CHECK_FUNCS_ONCE([
|
||||||
|
])
|
||||||
|
|
||||||
|
# Configure options.
|
||||||
|
+AC_ARG_ENABLE([failure-tokens],
|
||||||
|
+ AS_HELP_STRING(
|
||||||
|
+ [--disable-failure-tokens],
|
||||||
|
+ [Make crypt and crypt_r return NULL on failure, instead of a
|
||||||
|
+ special "failure token" string that isn't the hash of any
|
||||||
|
+ passphrase. This matches the behavior of several other
|
||||||
|
+ crypt implementations, but will break programs that assume these
|
||||||
|
+ functions never return NULL. crypt_rn and crypt_ra are not affected
|
||||||
|
+ by this option, and will always return NULL on failure.]
|
||||||
|
+ ),
|
||||||
|
+ [case "$enableval" in
|
||||||
|
+ yes) enable_failure_tokens=1;;
|
||||||
|
+ no) enable_failure_tokens=0;;
|
||||||
|
+ *) AC_MSG_ERROR([bad value ${enableval} for --enable-failure-tokens]);;
|
||||||
|
+ esac],
|
||||||
|
+ [enable_failure_tokens=1])
|
||||||
|
+AC_DEFINE_UNQUOTED([ENABLE_FAILURE_TOKENS], [$enable_failure_tokens],
|
||||||
|
+ [Define to 1 if crypt and crypt_r should return a "failure token" on
|
||||||
|
+ failure, or 0 if they should return NULL.])
|
||||||
|
|
||||||
|
AC_ARG_ENABLE([obsolete-api],
|
||||||
|
AS_HELP_STRING(
|
||||||
|
diff --git a/crypt.c b/crypt.c
|
||||||
|
index 9a3e19214e613097..839763afad14eaa9 100644
|
||||||
|
--- a/crypt.c
|
||||||
|
+++ b/crypt.c
|
||||||
|
@@ -235,7 +235,11 @@ crypt_r (const char *phrase, const char *setting, struct crypt_data *data)
|
||||||
|
{
|
||||||
|
make_failure_token (setting, data->output, sizeof data->output);
|
||||||
|
do_crypt (phrase, setting, data);
|
||||||
|
+#if ENABLE_FAILURE_TOKENS
|
||||||
|
return data->output;
|
||||||
|
+#else
|
||||||
|
+ return data->output[0] == '*' ? 0 : data->output;
|
||||||
|
+#endif
|
||||||
|
}
|
||||||
|
SYMVER_crypt_r;
|
||||||
|
#endif
|
||||||
|
diff --git a/crypt_rn.3 b/crypt_rn.3
|
||||||
|
index 24da44cfce19716b..d021c4ed4a046e04 100644
|
||||||
|
--- a/crypt_rn.3
|
||||||
|
+++ b/crypt_rn.3
|
||||||
|
@@ -204,17 +204,31 @@ multiple threads simultaneously, as long as a separate
|
||||||
|
object is used for each thread.
|
||||||
|
.PP
|
||||||
|
Upon error,
|
||||||
|
-.B crypt
|
||||||
|
-and
|
||||||
|
-.B crypt_r
|
||||||
|
-return a pointer to an
|
||||||
|
+.BR crypt_r ", " crypt_rn ", and " crypt_ra
|
||||||
|
+write an
|
||||||
|
.I invalid
|
||||||
|
-hashed passphrase.
|
||||||
|
+hashed passphrase to the
|
||||||
|
+.I output
|
||||||
|
+field of their
|
||||||
|
+.I crypt_data
|
||||||
|
+object, and
|
||||||
|
+.B crypt
|
||||||
|
+writes an invalid hash to its static storage area.
|
||||||
|
This string will be shorter than 13 characters,
|
||||||
|
will begin with a \(oq\fB*\fR\(cq,
|
||||||
|
and will not compare equal to
|
||||||
|
.IR setting .
|
||||||
|
-(This peculiar behavior is for compatibility
|
||||||
|
+.PP
|
||||||
|
+Upon error,
|
||||||
|
+.BR crypt_rn " and " crypt_ra
|
||||||
|
+return a null pointer.
|
||||||
|
+.BR crypt_r " and " crypt
|
||||||
|
+may also return a null pointer,
|
||||||
|
+or they may return a pointer to the invalid hash,
|
||||||
|
+depending on how
|
||||||
|
+.I libcrypt
|
||||||
|
+was configured.
|
||||||
|
+(The option to return the invalid hash is for compatibility
|
||||||
|
with old applications that assume that
|
||||||
|
.B crypt
|
||||||
|
cannot return a null pointer.
|
||||||
|
@@ -222,15 +236,6 @@ See
|
||||||
|
.B "PORTABILITY NOTES"
|
||||||
|
below.)
|
||||||
|
.PP
|
||||||
|
-.B crypt_rn
|
||||||
|
-and
|
||||||
|
-.B crypt_ra
|
||||||
|
-also write an invalid hashed passphrase to the
|
||||||
|
-.I output
|
||||||
|
-field of their
|
||||||
|
-.I crypt_data
|
||||||
|
-object when they fail, but they return a null pointer.
|
||||||
|
-.PP
|
||||||
|
All four functions set
|
||||||
|
.I errno
|
||||||
|
when they fail.
|
||||||
|
diff --git a/test-badsalt.c b/test-badsalt.c
|
||||||
|
index b2743373628b1f3f..3d2e47ac0e7647bd 100644
|
||||||
|
--- a/test-badsalt.c
|
||||||
|
+++ b/test-badsalt.c
|
||||||
|
@@ -222,12 +222,28 @@ check_crypt (const char *label, const char *fn,
|
||||||
|
const char *retval, const char *setting,
|
||||||
|
bool expected_to_succeed)
|
||||||
|
{
|
||||||
|
- /* crypt/crypt_r should never return null */
|
||||||
|
+#if ENABLE_FAILURE_TOKENS
|
||||||
|
+ /* crypt/crypt_r never return null when failure tokens are enabled */
|
||||||
|
if (!retval)
|
||||||
|
{
|
||||||
|
printf ("FAIL: %s/%s/%s: returned NULL\n", label, setting, fn);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
+#else
|
||||||
|
+ if (expected_to_succeed && !retval)
|
||||||
|
+ {
|
||||||
|
+ printf ("FAIL: %s/%s/%s: returned NULL\n", label, setting, fn);
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+ else if (!expected_to_succeed && retval)
|
||||||
|
+ {
|
||||||
|
+ printf ("FAIL: %s/%s/%s: returned %p, should be NULL\n",
|
||||||
|
+ label, setting, fn, (const void *)retval);
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+ else if (!expected_to_succeed && !retval)
|
||||||
|
+ return true;
|
||||||
|
+#endif
|
||||||
|
if (!check_results (label, fn, retval, setting,
|
||||||
|
expected_to_succeed))
|
||||||
|
return false;
|
||||||
|
diff --git a/test-crypt-badargs.c b/test-crypt-badargs.c
|
||||||
|
index 0e6af1626a605086..6be24a99ca7f9015 100644
|
||||||
|
--- a/test-crypt-badargs.c
|
||||||
|
+++ b/test-crypt-badargs.c
|
||||||
|
@@ -169,6 +169,14 @@ test_crypt_ra (const char *tag,
|
||||||
|
check (tag, expect, got);
|
||||||
|
}
|
||||||
|
|
||||||
|
+#if ENABLE_FAILURE_TOKENS
|
||||||
|
+# define FT0 "*0"
|
||||||
|
+# define FT1 "*1"
|
||||||
|
+#else
|
||||||
|
+# define FT0 0
|
||||||
|
+# define FT1 0
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/* PAGE should point to PAGESIZE bytes of read-write memory followed
|
||||||
|
by another PAGESIZE bytes of inaccessible memory. */
|
||||||
|
|
||||||
|
@@ -187,55 +195,55 @@ do_tests(char *page, size_t pagesize)
|
||||||
|
size_t i;
|
||||||
|
|
||||||
|
/* When SETTING is null, it shouldn't matter what PHRASE is. */
|
||||||
|
- expect_no_fault ("0.0.crypt", 0, 0, "*0", test_crypt);
|
||||||
|
- expect_no_fault ("0.0.crypt_r", 0, 0, "*0", test_crypt_r);
|
||||||
|
+ expect_no_fault ("0.0.crypt", 0, 0, FT0, test_crypt);
|
||||||
|
+ expect_no_fault ("0.0.crypt_r", 0, 0, FT0, test_crypt_r);
|
||||||
|
expect_no_fault ("0.0.crypt_rn", 0, 0, 0, test_crypt_rn);
|
||||||
|
expect_no_fault ("0.0.crypt_ra", 0, 0, 0, test_crypt_ra);
|
||||||
|
|
||||||
|
- expect_no_fault ("''.0.crypt", "", 0, "*0", test_crypt);
|
||||||
|
- expect_no_fault ("''.0.crypt_r", "", 0, "*0", test_crypt_r);
|
||||||
|
+ expect_no_fault ("''.0.crypt", "", 0, FT0, test_crypt);
|
||||||
|
+ expect_no_fault ("''.0.crypt_r", "", 0, FT0, test_crypt_r);
|
||||||
|
expect_no_fault ("''.0.crypt_rn", "", 0, 0, test_crypt_rn);
|
||||||
|
expect_no_fault ("''.0.crypt_ra", "", 0, 0, test_crypt_ra);
|
||||||
|
|
||||||
|
- expect_no_fault ("ph.0.crypt", phrase, 0, "*0", test_crypt);
|
||||||
|
- expect_no_fault ("ph.0.crypt_r", phrase, 0, "*0", test_crypt_r);
|
||||||
|
+ expect_no_fault ("ph.0.crypt", phrase, 0, FT0, test_crypt);
|
||||||
|
+ expect_no_fault ("ph.0.crypt_r", phrase, 0, FT0, test_crypt_r);
|
||||||
|
expect_no_fault ("ph.0.crypt_rn", phrase, 0, 0, test_crypt_rn);
|
||||||
|
expect_no_fault ("ph.0.crypt_ra", phrase, 0, 0, test_crypt_ra);
|
||||||
|
|
||||||
|
- expect_no_fault ("p1.0.crypt", p1, 0, "*0", test_crypt);
|
||||||
|
- expect_no_fault ("p1.0.crypt_r", p1, 0, "*0", test_crypt_r);
|
||||||
|
+ expect_no_fault ("p1.0.crypt", p1, 0, FT0, test_crypt);
|
||||||
|
+ expect_no_fault ("p1.0.crypt_r", p1, 0, FT0, test_crypt_r);
|
||||||
|
expect_no_fault ("p1.0.crypt_rn", p1, 0, 0, test_crypt_rn);
|
||||||
|
expect_no_fault ("p1.0.crypt_ra", p1, 0, 0, test_crypt_ra);
|
||||||
|
|
||||||
|
- expect_no_fault ("p2.0.crypt", p2, 0, "*0", test_crypt);
|
||||||
|
- expect_no_fault ("p2.0.crypt_r", p2, 0, "*0", test_crypt_r);
|
||||||
|
+ expect_no_fault ("p2.0.crypt", p2, 0, FT0, test_crypt);
|
||||||
|
+ expect_no_fault ("p2.0.crypt_r", p2, 0, FT0, test_crypt_r);
|
||||||
|
expect_no_fault ("p2.0.crypt_rn", p2, 0, 0, test_crypt_rn);
|
||||||
|
expect_no_fault ("p2.0.crypt_ra", p2, 0, 0, test_crypt_ra);
|
||||||
|
|
||||||
|
/* Conversely, when PHRASE is null,
|
||||||
|
it shouldn't matter what SETTING is... */
|
||||||
|
- expect_no_fault ("0.''.crypt", 0, "", "*0", test_crypt);
|
||||||
|
- expect_no_fault ("0.''.crypt_r", 0, "", "*0", test_crypt_r);
|
||||||
|
+ expect_no_fault ("0.''.crypt", 0, "", FT0, test_crypt);
|
||||||
|
+ expect_no_fault ("0.''.crypt_r", 0, "", FT0, test_crypt_r);
|
||||||
|
expect_no_fault ("0.''.crypt_rn", 0, "", 0, test_crypt_rn);
|
||||||
|
expect_no_fault ("0.''.crypt_ra", 0, "", 0, test_crypt_ra);
|
||||||
|
|
||||||
|
- expect_no_fault ("0.'*'.crypt", 0, "*", "*0", test_crypt);
|
||||||
|
- expect_no_fault ("0.'*'.crypt_r", 0, "*", "*0", test_crypt_r);
|
||||||
|
+ expect_no_fault ("0.'*'.crypt", 0, "*", FT0, test_crypt);
|
||||||
|
+ expect_no_fault ("0.'*'.crypt_r", 0, "*", FT0, test_crypt_r);
|
||||||
|
expect_no_fault ("0.'*'.crypt_rn", 0, "*", 0, test_crypt_rn);
|
||||||
|
expect_no_fault ("0.'*'.crypt_ra", 0, "*", 0, test_crypt_ra);
|
||||||
|
|
||||||
|
- expect_no_fault ("0.'*0'.crypt", 0, "*0", "*1", test_crypt);
|
||||||
|
- expect_no_fault ("0.'*0'.crypt_r", 0, "*0", "*1", test_crypt_r);
|
||||||
|
+ expect_no_fault ("0.'*0'.crypt", 0, "*0", FT1, test_crypt);
|
||||||
|
+ expect_no_fault ("0.'*0'.crypt_r", 0, "*0", FT1, test_crypt_r);
|
||||||
|
expect_no_fault ("0.'*0'.crypt_rn", 0, "*0", 0, test_crypt_rn);
|
||||||
|
expect_no_fault ("0.'*0'.crypt_ra", 0, "*0", 0, test_crypt_ra);
|
||||||
|
|
||||||
|
- expect_no_fault ("0.'*1'.crypt", 0, "*1", "*0", test_crypt);
|
||||||
|
- expect_no_fault ("0.'*1'.crypt_r", 0, "*1", "*0", test_crypt_r);
|
||||||
|
+ expect_no_fault ("0.'*1'.crypt", 0, "*1", FT0, test_crypt);
|
||||||
|
+ expect_no_fault ("0.'*1'.crypt_r", 0, "*1", FT0, test_crypt_r);
|
||||||
|
expect_no_fault ("0.'*1'.crypt_rn", 0, "*1", 0, test_crypt_rn);
|
||||||
|
expect_no_fault ("0.'*1'.crypt_ra", 0, "*1", 0, test_crypt_ra);
|
||||||
|
|
||||||
|
- expect_no_fault ("0.p1.crypt", 0, p1, "*0", test_crypt);
|
||||||
|
- expect_no_fault ("0.p1.crypt_r", 0, p1, "*0", test_crypt_r);
|
||||||
|
+ expect_no_fault ("0.p1.crypt", 0, p1, FT0, test_crypt);
|
||||||
|
+ expect_no_fault ("0.p1.crypt_r", 0, p1, FT0, test_crypt_r);
|
||||||
|
expect_no_fault ("0.p1.crypt_rn", 0, p1, 0, test_crypt_rn);
|
||||||
|
expect_no_fault ("0.p1.crypt_ra", 0, p1, 0, test_crypt_ra);
|
||||||
|
|
||||||
|
@@ -245,8 +253,8 @@ do_tests(char *page, size_t pagesize)
|
||||||
|
bug, but it's impractical to fix without breaking the property
|
||||||
|
that 'crypt' _never_ creates a failure token that is equal to the
|
||||||
|
setting string, which is more important than this corner case. */
|
||||||
|
- expect_a_fault ("0.p2.crypt", 0, p2, "*0", test_crypt);
|
||||||
|
- expect_a_fault ("0.p2.crypt_r", 0, p2, "*0", test_crypt_r);
|
||||||
|
+ expect_a_fault ("0.p2.crypt", 0, p2, FT0, test_crypt);
|
||||||
|
+ expect_a_fault ("0.p2.crypt_r", 0, p2, FT0, test_crypt_r);
|
||||||
|
expect_a_fault ("0.p2.crypt_rn", 0, p2, 0, test_crypt_rn);
|
||||||
|
expect_a_fault ("0.p2.crypt_ra", 0, p2, 0, test_crypt_ra);
|
||||||
|
|
||||||
|
@@ -257,9 +265,9 @@ do_tests(char *page, size_t pagesize)
|
||||||
|
strcpy (page, "p1.'");
|
||||||
|
strcat (page, settings[i]);
|
||||||
|
strcat (page, "'.crypt");
|
||||||
|
- expect_a_fault (page, p1, settings[i], "*0", test_crypt);
|
||||||
|
+ expect_a_fault (page, p1, settings[i], FT0, test_crypt);
|
||||||
|
strcat (page, "_r");
|
||||||
|
- expect_a_fault (page, p1, settings[i], "*0", test_crypt_r);
|
||||||
|
+ expect_a_fault (page, p1, settings[i], FT0, test_crypt_r);
|
||||||
|
strcat (page, "n");
|
||||||
|
expect_a_fault (page, p1, settings[i], 0, test_crypt_rn);
|
||||||
|
page [strlen (page) - 1] = 'a';
|
||||||
|
@@ -268,9 +276,9 @@ do_tests(char *page, size_t pagesize)
|
||||||
|
strcpy (page, "p2.'");
|
||||||
|
strcat (page, settings[i]);
|
||||||
|
strcat (page, "'.crypt");
|
||||||
|
- expect_a_fault (page, p2, settings[i], "*0", test_crypt);
|
||||||
|
+ expect_a_fault (page, p2, settings[i], FT0, test_crypt);
|
||||||
|
strcat (page, "_r");
|
||||||
|
- expect_a_fault (page, p2, settings[i], "*0", test_crypt_r);
|
||||||
|
+ expect_a_fault (page, p2, settings[i], FT0, test_crypt_r);
|
||||||
|
strcat (page, "n");
|
||||||
|
expect_a_fault (page, p2, settings[i], 0, test_crypt_rn);
|
||||||
|
page [strlen (page) - 1] = 'a';
|
||||||
|
@@ -279,8 +287,8 @@ do_tests(char *page, size_t pagesize)
|
||||||
|
|
||||||
|
/* Conversely, when PHRASE is valid, passing an invalid string as SETTING
|
||||||
|
should crash reliably. */
|
||||||
|
- expect_a_fault ("ph.p2.crypt", phrase, p2, "*0", test_crypt);
|
||||||
|
- expect_a_fault ("ph.p2.crypt_r", phrase, p2, "*0", test_crypt_r);
|
||||||
|
+ expect_a_fault ("ph.p2.crypt", phrase, p2, FT0, test_crypt);
|
||||||
|
+ expect_a_fault ("ph.p2.crypt_r", phrase, p2, FT0, test_crypt_r);
|
||||||
|
expect_a_fault ("ph.p2.crypt_rn", phrase, p2, 0, test_crypt_rn);
|
||||||
|
expect_a_fault ("ph.p2.crypt_ra", phrase, p2, 0, test_crypt_ra);
|
||||||
|
|
||||||
|
@@ -292,9 +300,9 @@ do_tests(char *page, size_t pagesize)
|
||||||
|
strcpy (page, "ph.'");
|
||||||
|
strcat (page, settings[i]);
|
||||||
|
strcat (page, ".crypt");
|
||||||
|
- expect_a_fault (page, phrase, p1, "*0", test_crypt);
|
||||||
|
+ expect_a_fault (page, phrase, p1, FT0, test_crypt);
|
||||||
|
strcat (page, "_r");
|
||||||
|
- expect_a_fault (page, phrase, p1, "*0", test_crypt_r);
|
||||||
|
+ expect_a_fault (page, phrase, p1, FT0, test_crypt_r);
|
||||||
|
strcat (page, "n");
|
||||||
|
expect_a_fault (page, phrase, p1, 0, test_crypt_rn);
|
||||||
|
page [strlen (page) - 1] = 'a';
|
||||||
|
diff --git a/test-crypt-bcrypt.c b/test-crypt-bcrypt.c
|
||||||
|
index c984e4d47d8df2c6..bf149b405bd408c7 100644
|
||||||
|
--- a/test-crypt-bcrypt.c
|
||||||
|
+++ b/test-crypt-bcrypt.c
|
||||||
|
@@ -194,8 +194,12 @@ main (void)
|
||||||
|
errno = 0;
|
||||||
|
p = crypt (key, setting);
|
||||||
|
errnm = errno;
|
||||||
|
+#if ENABLE_FAILURE_TOKENS
|
||||||
|
match = strcmp (p, hash);
|
||||||
|
- if ((!ok && !errno) || strcmp (p, hash))
|
||||||
|
+#else
|
||||||
|
+ match = (ok ? strcmp (p, hash) : p != 0);
|
||||||
|
+#endif
|
||||||
|
+ if ((!ok && !errno) || match)
|
||||||
|
{
|
||||||
|
printf ("FAIL: %d/crypt.1: key=%s setting=%s: xhash=%s xerr=%d, "
|
||||||
|
"p=%s match=%d err=%s\n",
|
1035
libxcrypt-rh1899716.patch
Normal file
1035
libxcrypt-rh1899716.patch
Normal file
File diff suppressed because it is too large
Load Diff
268
libxcrypt.spec
Normal file
268
libxcrypt.spec
Normal file
@ -0,0 +1,268 @@
|
|||||||
|
# Shared object version of libcrypt.
|
||||||
|
%global soc 1
|
||||||
|
%global sol 1
|
||||||
|
%global sof 0
|
||||||
|
%global sov %{soc}.%{sol}.%{sof}
|
||||||
|
|
||||||
|
# Add generation of HMAC checksums of the final stripped
|
||||||
|
# binaries. %%define with lazy globbing is used here
|
||||||
|
# intentionally, because using %%global does not work.
|
||||||
|
%define __spec_install_post \
|
||||||
|
%{?__debug_package:%{__debug_install_post}} \
|
||||||
|
%{__arch_install_post} \
|
||||||
|
%{__os_install_post} \
|
||||||
|
%{_bindir}/fipshmac %{buildroot}/%{_lib}/libcrypt.so.%{sov} \
|
||||||
|
%{__ln_s} .libcrypt.so.%{sov}.hmac \\\
|
||||||
|
%{buildroot}/%{_lib}/.libcrypt.so.%{soc}.hmac \
|
||||||
|
%{nil}
|
||||||
|
|
||||||
|
|
||||||
|
Name: libxcrypt
|
||||||
|
Version: 4.1.1
|
||||||
|
Release: 6%{?dist}
|
||||||
|
Summary: Extended crypt library for DES, MD5, Blowfish and others
|
||||||
|
|
||||||
|
# For explicit license breakdown, see the
|
||||||
|
# LICENSING file in the source tarball.
|
||||||
|
License: LGPLv2+ and BSD and Public Domain
|
||||||
|
URL: https://github.com/besser82/%{name}
|
||||||
|
Source0: %{url}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
|
||||||
|
Patch1: libxcrypt-rh1612157.patch
|
||||||
|
Patch2: libxcrypt-rh1613537.patch
|
||||||
|
# fix for salt interoperability issue: https://github.com/besser82/libxcrypt/pull/106
|
||||||
|
Patch3: libxcrypt-rh1899716.patch
|
||||||
|
|
||||||
|
BuildRequires: fipscheck
|
||||||
|
BuildRequires: libtool
|
||||||
|
|
||||||
|
Requires: glibc%{_isa} >= 2.26.9000-46
|
||||||
|
|
||||||
|
# We do not need to keep this forever.
|
||||||
|
%if 0%{?fedora} && 0%{?fedora} <= 31
|
||||||
|
# Inherited from former libcrypt package.
|
||||||
|
Obsoletes: libcrypt-nss <= 2.26.9000-33
|
||||||
|
|
||||||
|
# Obsolete former libcrypt properly.
|
||||||
|
Obsoletes: libcrypt <= 2.26.9000-46
|
||||||
|
|
||||||
|
# Provide virtual libcrypt as it has been done
|
||||||
|
# by former libcrypt{,-nss} packages from glibc.
|
||||||
|
Provides: libcrypt == 2.26.9000-46.1
|
||||||
|
Provides: libcrypt%{?_isa} == 2.26.9000-46.1
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%description
|
||||||
|
libxcrypt is a modern library for one-way hashing of passwords. It
|
||||||
|
supports DES, MD5, SHA-2-256, SHA-2-512, and bcrypt-based password
|
||||||
|
hashes, and provides the traditional Unix 'crypt' and 'crypt_r'
|
||||||
|
interfaces, as well as a set of extended interfaces pioneered by
|
||||||
|
Openwall Linux, 'crypt_rn', 'crypt_ra', 'crypt_gensalt',
|
||||||
|
'crypt_gensalt_rn', and 'crypt_gensalt_ra'.
|
||||||
|
|
||||||
|
libxcrypt is intended to be used by login(1), passwd(1), and other
|
||||||
|
similar programs; that is, to hash a small number of passwords during
|
||||||
|
an interactive authentication dialogue with a human. It is not
|
||||||
|
suitable for use in bulk password-cracking applications, or in any
|
||||||
|
other situation where speed is more important than careful handling of
|
||||||
|
sensitive data. However, it *is* intended to be fast and lightweight
|
||||||
|
enough for use in servers that must field thousands of login attempts
|
||||||
|
per minute.
|
||||||
|
|
||||||
|
On Linux-based systems, by default libxcrypt will be binary backward
|
||||||
|
compatible with the libcrypt.so.1 shipped as part of the GNU C Library.
|
||||||
|
This means that all existing binary executables linked against glibc's
|
||||||
|
libcrypt should work unmodified with this library's libcrypt.so.1. We
|
||||||
|
have taken pains to provide exactly the same "symbol versions" as were
|
||||||
|
used by glibc on various CPU architectures, and to account for the
|
||||||
|
variety of ways in which the Openwall extensions were patched into
|
||||||
|
glibc's libcrypt by some Linux distributions. (For instance,
|
||||||
|
compatibility symlinks for SuSE's "libowcrypt" are provided.)
|
||||||
|
|
||||||
|
However, the converse is not true: programs linked against libxcrypt
|
||||||
|
will not work with glibc's libcrypt. Also, programs that use certain
|
||||||
|
legacy APIs supplied by glibc's libcrypt ('encrypt', 'encrypt_r',
|
||||||
|
'setkey', 'setkey_r', and 'fcrypt') cannot be compiled against libxcrypt.
|
||||||
|
|
||||||
|
|
||||||
|
%package devel
|
||||||
|
Summary: Development files for %{name}
|
||||||
|
|
||||||
|
Requires: %{name}%{?_isa} == %{version}-%{release}
|
||||||
|
Requires: glibc-devel%{?_isa} >= 2.26.9000-46
|
||||||
|
Requires: glibc-headers%{?_isa} >= 2.26.9000-46
|
||||||
|
Conflicts: man-pages < 4.15-3
|
||||||
|
|
||||||
|
%description devel
|
||||||
|
The %{name}-devel package contains libraries and header files for
|
||||||
|
developing applications that use %{name}.
|
||||||
|
|
||||||
|
|
||||||
|
%package static
|
||||||
|
Summary: Static library for -static linking with %{name}
|
||||||
|
|
||||||
|
Requires: %{name}-devel%{?_isa} == %{version}-%{release}
|
||||||
|
Requires: glibc-static%{?_isa} >= 2.26.9000-46
|
||||||
|
|
||||||
|
%description static
|
||||||
|
This package contains the libxcrypt static libraries for -static
|
||||||
|
linking. You don't need this, unless you link statically, which
|
||||||
|
is highly discouraged.
|
||||||
|
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%autosetup -p 1
|
||||||
|
%{_bindir}/autoreconf -fiv
|
||||||
|
|
||||||
|
|
||||||
|
%build
|
||||||
|
%configure \
|
||||||
|
--libdir=/%{_lib} \
|
||||||
|
--disable-silent-rules \
|
||||||
|
--enable-shared \
|
||||||
|
--enable-static \
|
||||||
|
--disable-failure-tokens \
|
||||||
|
--enable-hashes=all \
|
||||||
|
--enable-obsolete-api=glibc \
|
||||||
|
--with-pkgconfigdir=%{_libdir}/pkgconfig
|
||||||
|
%make_build
|
||||||
|
|
||||||
|
|
||||||
|
%install
|
||||||
|
%make_install
|
||||||
|
|
||||||
|
# Get rid of libtool crap.
|
||||||
|
%{_bindir}/find %{buildroot} -name '*.la' -print -delete
|
||||||
|
|
||||||
|
# Install documentation to shared %%_pkgdocdir.
|
||||||
|
%{__install} -Dpm 0644 -t %{buildroot}%{_pkgdocdir} \
|
||||||
|
ChangeLog NEWS README THANKS TODO
|
||||||
|
|
||||||
|
|
||||||
|
%check
|
||||||
|
%make_build check || \
|
||||||
|
{
|
||||||
|
rc=$?;
|
||||||
|
echo "-----BEGIN TESTLOG-----";
|
||||||
|
%{__cat} test-suite.log;
|
||||||
|
echo "-----END TESTLOG-----";
|
||||||
|
exit $rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
%ldconfig_scriptlets
|
||||||
|
|
||||||
|
|
||||||
|
%files
|
||||||
|
%license AUTHORS COPYING.LIB LICENSING
|
||||||
|
%doc %dir %{_pkgdocdir}
|
||||||
|
%doc %{_pkgdocdir}/NEWS
|
||||||
|
%doc %{_pkgdocdir}/README
|
||||||
|
%doc %{_pkgdocdir}/THANKS
|
||||||
|
/%{_lib}/.libcrypt.so.%{soc}.hmac
|
||||||
|
/%{_lib}/.libcrypt.so.%{sov}.hmac
|
||||||
|
/%{_lib}/libcrypt.so.%{soc}
|
||||||
|
/%{_lib}/libcrypt.so.%{sov}
|
||||||
|
%{_mandir}/man5/crypt.5.*
|
||||||
|
|
||||||
|
|
||||||
|
%files devel
|
||||||
|
%doc %{_pkgdocdir}/ChangeLog
|
||||||
|
%doc %{_pkgdocdir}/TODO
|
||||||
|
/%{_lib}/libcrypt.so
|
||||||
|
%{_includedir}/crypt.h
|
||||||
|
%{_libdir}/pkgconfig/libcrypt.pc
|
||||||
|
%{_libdir}/pkgconfig/%{name}.pc
|
||||||
|
%{_mandir}/man3/crypt.3.*
|
||||||
|
%{_mandir}/man3/crypt_r.3.*
|
||||||
|
%{_mandir}/man3/crypt_ra.3.*
|
||||||
|
%{_mandir}/man3/crypt_rn.3.*
|
||||||
|
%{_mandir}/man3/crypt_gensalt.3.*
|
||||||
|
|
||||||
|
%files static
|
||||||
|
/%{_lib}/libcrypt.a
|
||||||
|
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Thu Apr 29 2021 Stanislav Zidek <szidek@redhat.com> - 4.1.1-6
|
||||||
|
+ libxcrypt-4.1.1-6
|
||||||
|
- Rebuilt with fixed binutils (#1954438)
|
||||||
|
|
||||||
|
* Wed Apr 7 2021 Stanislav Zidek <szidek@redhat.com> - 4.1.1-5
|
||||||
|
- Fixed salt interoperability issue (#1899716)
|
||||||
|
|
||||||
|
* Wed Aug 8 2018 Florian Weimer <fweimer@redhat.com> - 4.1.1-4
|
||||||
|
- Move development panpages to libxcrypt-devel (#1613824)
|
||||||
|
|
||||||
|
* Wed Aug 8 2018 Florian Weimer <fweimer@redhat.com> - 4.1.1-3
|
||||||
|
- Change crypt, crypt_r to return NULL on failure (#1613537)
|
||||||
|
|
||||||
|
* Wed Aug 8 2018 Florian Weimer <fweimer@redhat.com> - 4.1.1-2
|
||||||
|
- Add manpages aliases for crypt, crypt_r, crypt_ra (#1612157)
|
||||||
|
|
||||||
|
* Wed Aug 01 2018 Björn Esser <besser82@fedoraproject.org> - 4.1.1-1
|
||||||
|
- New upstream release
|
||||||
|
|
||||||
|
* Fri Jul 13 2018 Björn Esser <besser82@fedoraproject.org> - 4.1.0-1
|
||||||
|
- New upstream release
|
||||||
|
|
||||||
|
* Fri Jul 13 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.1-6
|
||||||
|
- Make testsuite fail on error again
|
||||||
|
- Update patch0 with more upstream fixes
|
||||||
|
|
||||||
|
* Fri Jul 13 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.1-5
|
||||||
|
- Add patch to update to recent development branch
|
||||||
|
- Re-enable SUNMD5 support as it is BSD licensed now
|
||||||
|
- Build compatibility symbols for glibc only
|
||||||
|
- Skip failing testsuite once
|
||||||
|
|
||||||
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.1-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jun 29 2018 Florian Weimer <fweimer@redhat.com> - 4.0.1-3
|
||||||
|
- Remove CDDL from license list (#1592445)
|
||||||
|
|
||||||
|
* Fri Jun 29 2018 Florian Weimer <fweimer@redhat.com> - 4.0.1-2
|
||||||
|
- Remove SUNMD5 support (#1592445)
|
||||||
|
|
||||||
|
* Wed May 16 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.1-1
|
||||||
|
- New upstream release
|
||||||
|
|
||||||
|
* Sat Feb 17 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-5
|
||||||
|
- Switch to %%ldconfig_scriptlets
|
||||||
|
|
||||||
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.0-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Feb 01 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-3
|
||||||
|
- Add patch to fix unintialize value in badsalt test
|
||||||
|
|
||||||
|
* Wed Jan 31 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-2
|
||||||
|
- Add patch to fix bcrypt test with GCC8
|
||||||
|
|
||||||
|
* Sat Jan 27 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-1
|
||||||
|
- New upstream release
|
||||||
|
|
||||||
|
* Mon Jan 22 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.0.0-0.204.20180120git3436e7b
|
||||||
|
- Fix Obsoletes
|
||||||
|
|
||||||
|
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.203.20180120git3436e7b
|
||||||
|
- Update to new snapshot fixing cast-align
|
||||||
|
|
||||||
|
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.202.20180120gitde99d27
|
||||||
|
- Update to new snapshot (rhbz#1536752)
|
||||||
|
|
||||||
|
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.201.20171109git15447aa
|
||||||
|
- Use archful Obsoletes for libcrypt
|
||||||
|
- Add versioned Requires on glibc packages not shipping libcrypt
|
||||||
|
- Add comments about the packaging logic for replacing former libcrypt
|
||||||
|
|
||||||
|
* Fri Jan 12 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.200.20171109git15447aa
|
||||||
|
- Initial import (rhbz#1532794)
|
||||||
|
- Add Obsoletes/Provides for libcrypt
|
||||||
|
|
||||||
|
* Wed Jan 10 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.101.20171109git15447aa
|
||||||
|
- Fix style of %%git_{rel,ver}
|
||||||
|
|
||||||
|
* Tue Jan 09 2018 Björn Esser <besser82@fedoraproject.org> - 4.0.0-0.100.git20171109.15447aa
|
||||||
|
- Initial rpm release (rhbz#1532794)
|
||||||
|
- Start revision at 0.100 to superseed builds from COPR
|
Loading…
Reference in New Issue
Block a user