diff --git a/crypt_blowfish-1.0.diff b/crypt_blowfish-1.0-suse.diff similarity index 61% rename from crypt_blowfish-1.0.diff rename to crypt_blowfish-1.0-suse.diff index 32e5be7..506adbf 100644 --- a/crypt_blowfish-1.0.diff +++ b/crypt_blowfish-1.0-suse.diff @@ -49,7 +49,7 @@ diff -ruN crypt-/crypt_blowfish.c crypt/crypt_blowfish.c +#endif + +#ifdef __i386__ -+#define BF_ASM 1 ++#define BF_ASM 0 /* original OW patch has 1 */ +#define BF_SCALE 1 +#elif defined(__alpha__) || defined(__hppa__) +#define BF_ASM 0 @@ -745,586 +745,51 @@ diff -ruN crypt-/crypt_blowfish.c crypt/crypt_blowfish.c + + return output; +} -diff -ruN crypt-/crypt_gensalt.c crypt/crypt_gensalt.c ---- crypt-/crypt_gensalt.c 1970-01-01 01:00:00.000000000 +0100 -+++ crypt/crypt_gensalt.c 2006-09-20 20:56:59.000000000 +0200 -@@ -0,0 +1,111 @@ -+/* -+ * Written by Solar Designer and placed in the public domain. -+ * See crypt_blowfish.c for more information. -+ * -+ * This file contains salt generation functions for the traditional and -+ * other common crypt(3) algorithms, except for bcrypt which is defined -+ * entirely in crypt_blowfish.c. -+ */ -+ -+#include -+ -+#include -+#ifndef __set_errno -+#define __set_errno(val) errno = (val) -+#endif -+ -+#undef __CONST -+#ifdef __GNUC__ -+#define __CONST __const -+#else -+#define __CONST -+#endif -+ -+unsigned char _crypt_itoa64[64 + 1] = -+ "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; -+ -+char *_crypt_gensalt_traditional_rn(unsigned long count, -+ __CONST char *input, int size, char *output, int output_size) -+{ -+ if (size < 2 || output_size < 2 + 1 || (count && count != 25)) { -+ if (output_size > 0) output[0] = '\0'; -+ __set_errno((output_size < 2 + 1) ? ERANGE : EINVAL); -+ return NULL; -+ } -+ -+ output[0] = _crypt_itoa64[(unsigned int)input[0] & 0x3f]; -+ output[1] = _crypt_itoa64[(unsigned int)input[1] & 0x3f]; -+ output[2] = '\0'; -+ -+ return output; -+} -+ -+char *_crypt_gensalt_extended_rn(unsigned long count, -+ __CONST char *input, int size, char *output, int output_size) -+{ -+ unsigned long value; -+ -+/* Even iteration counts make it easier to detect weak DES keys from a look -+ * at the hash, so they should be avoided */ -+ if (size < 3 || output_size < 1 + 4 + 4 + 1 || -+ (count && (count > 0xffffff || !(count & 1)))) { -+ if (output_size > 0) output[0] = '\0'; -+ __set_errno((output_size < 1 + 4 + 4 + 1) ? ERANGE : EINVAL); -+ return NULL; -+ } -+ -+ if (!count) count = 725; -+ -+ output[0] = '_'; -+ output[1] = _crypt_itoa64[count & 0x3f]; -+ output[2] = _crypt_itoa64[(count >> 6) & 0x3f]; -+ output[3] = _crypt_itoa64[(count >> 12) & 0x3f]; -+ output[4] = _crypt_itoa64[(count >> 18) & 0x3f]; -+ value = (unsigned long)(unsigned char)input[0] | -+ ((unsigned long)(unsigned char)input[1] << 8) | -+ ((unsigned long)(unsigned char)input[2] << 16); -+ output[5] = _crypt_itoa64[value & 0x3f]; -+ output[6] = _crypt_itoa64[(value >> 6) & 0x3f]; -+ output[7] = _crypt_itoa64[(value >> 12) & 0x3f]; -+ output[8] = _crypt_itoa64[(value >> 18) & 0x3f]; -+ output[9] = '\0'; -+ -+ return output; -+} -+ -+char *_crypt_gensalt_md5_rn(unsigned long count, -+ __CONST char *input, int size, char *output, int output_size) -+{ -+ unsigned long value; -+ -+ if (size < 3 || output_size < 3 + 4 + 1 || (count && count != 1000)) { -+ if (output_size > 0) output[0] = '\0'; -+ __set_errno((output_size < 3 + 4 + 1) ? ERANGE : EINVAL); -+ return NULL; -+ } -+ -+ output[0] = '$'; -+ output[1] = '1'; -+ output[2] = '$'; -+ value = (unsigned long)(unsigned char)input[0] | -+ ((unsigned long)(unsigned char)input[1] << 8) | -+ ((unsigned long)(unsigned char)input[2] << 16); -+ output[3] = _crypt_itoa64[value & 0x3f]; -+ output[4] = _crypt_itoa64[(value >> 6) & 0x3f]; -+ output[5] = _crypt_itoa64[(value >> 12) & 0x3f]; -+ output[6] = _crypt_itoa64[(value >> 18) & 0x3f]; -+ output[7] = '\0'; -+ -+ if (size >= 6 && output_size >= 3 + 4 + 4 + 1) { -+ value = (unsigned long)(unsigned char)input[3] | -+ ((unsigned long)(unsigned char)input[4] << 8) | -+ ((unsigned long)(unsigned char)input[5] << 16); -+ output[7] = _crypt_itoa64[value & 0x3f]; -+ output[8] = _crypt_itoa64[(value >> 6) & 0x3f]; -+ output[9] = _crypt_itoa64[(value >> 12) & 0x3f]; -+ output[10] = _crypt_itoa64[(value >> 18) & 0x3f]; -+ output[11] = '\0'; -+ } -+ -+ return output; -+} -diff -ruN crypt-/ow-crypt.h crypt/ow-crypt.h ---- crypt-/ow-crypt.h 1970-01-01 01:00:00.000000000 +0100 -+++ crypt/ow-crypt.h 2006-09-20 20:56:59.000000000 +0200 -@@ -0,0 +1,34 @@ -+/* -+ * Written by Solar Designer and placed in the public domain. -+ * See crypt_blowfish.c for more information. -+ */ -+ -+#ifndef _OW_CRYPT_H -+#define _OW_CRYPT_H -+ -+#undef __CONST -+#ifdef __GNUC__ -+#define __CONST __const -+#else -+#define __CONST -+#endif -+ -+#ifndef __SKIP_GNU -+extern char *crypt(__CONST char *key, __CONST char *setting); -+extern char *crypt_r(__CONST char *key, __CONST char *setting, void *data); -+#endif -+ -+#ifndef __SKIP_OW -+extern char *crypt_rn(__CONST char *key, __CONST char *setting, -+ void *data, int size); -+extern char *crypt_ra(__CONST char *key, __CONST char *setting, -+ void **data, int *size); -+extern char *crypt_gensalt(__CONST char *prefix, unsigned long count, -+ __CONST char *input, int size); -+extern char *crypt_gensalt_rn(__CONST char *prefix, unsigned long count, -+ __CONST char *input, int size, char *output, int output_size); -+extern char *crypt_gensalt_ra(__CONST char *prefix, unsigned long count, -+ __CONST char *input, int size); -+#endif -+ -+#endif -diff -ruN crypt-/wrapper.c crypt/wrapper.c ---- crypt-/wrapper.c 1970-01-01 01:00:00.000000000 +0100 -+++ crypt/wrapper.c 2006-09-20 20:56:59.000000000 +0200 -@@ -0,0 +1,426 @@ -+/* -+ * Written by Solar Designer and placed in the public domain. -+ * See crypt_blowfish.c for more information. -+ */ -+ -+#include -+#include -+ -+#include -+#ifndef __set_errno -+#define __set_errno(val) errno = (val) -+#endif -+ -+#ifdef TEST -+#include -+#include -+#include -+#include -+#include -+#ifdef TEST_THREADS -+#include -+#endif -+#endif -+ -+#define CRYPT_OUTPUT_SIZE (7 + 22 + 31 + 1) -+#define CRYPT_GENSALT_OUTPUT_SIZE (7 + 22 + 1) -+ -+#if defined(__GLIBC__) && defined(_LIBC) -+#define __SKIP_GNU -+#endif -+#include "ow-crypt.h" -+ -+extern char *_crypt_blowfish_rn(__CONST char *key, __CONST char *setting, -+ char *output, int size); -+extern char *_crypt_gensalt_blowfish_rn(unsigned long count, -+ __CONST char *input, int size, char *output, int output_size); -+ -+extern unsigned char _crypt_itoa64[]; -+extern char *_crypt_gensalt_traditional_rn(unsigned long count, -+ __CONST char *input, int size, char *output, int output_size); -+extern char *_crypt_gensalt_extended_rn(unsigned long count, -+ __CONST char *input, int size, char *output, int output_size); -+extern char *_crypt_gensalt_md5_rn(unsigned long count, -+ __CONST char *input, int size, char *output, int output_size); -+ -+#if defined(__GLIBC__) && defined(_LIBC) -+/* crypt.h from glibc-crypt-2.1 will define struct crypt_data for us */ -+#include "crypt.h" -+extern char *__md5_crypt_r(const char *key, const char *salt, -+ char *buffer, int buflen); -+/* crypt-entry.c needs to be patched to define __des_crypt_r rather than -+ * __crypt_r, and not define crypt_r and crypt at all */ -+extern char *__des_crypt_r(const char *key, const char *salt, -+ struct crypt_data *data); -+extern struct crypt_data _ufc_foobar; -+#endif -+ -+static int _crypt_data_alloc(void **data, int *size, int need) -+{ -+ void *updated; -+ -+ if (*data && *size >= need) return 0; -+ -+ updated = realloc(*data, need); -+ -+ if (!updated) { -+#ifndef __GLIBC__ -+ /* realloc(3) on glibc sets errno, so we don't need to bother */ -+ __set_errno(ENOMEM); -+#endif -+ return -1; -+ } -+ -+#if defined(__GLIBC__) && defined(_LIBC) -+ if (need >= sizeof(struct crypt_data)) -+ ((struct crypt_data *)updated)->initialized = 0; -+#endif -+ -+ *data = updated; -+ *size = need; -+ -+ return 0; -+} -+ -+static char *_crypt_retval_magic(char *retval, __CONST char *setting, -+ char *output) -+{ -+ if (retval) return retval; -+ -+ output[0] = '*'; -+ output[1] = '0'; -+ output[2] = '\0'; -+ -+ if (setting[0] == '*' && setting[1] == '0') -+ output[1] = '1'; -+ -+ return output; -+} -+ -+#if defined(__GLIBC__) && defined(_LIBC) -+/* -+ * Applications may re-use the same instance of struct crypt_data without -+ * resetting the initialized field in order to let crypt_r() skip some of -+ * its initialization code. Thus, it is important that our multiple hashing -+ * algorithms either don't conflict with each other in their use of the -+ * data area or reset the initialized field themselves whenever required. -+ * Currently, the hashing algorithms simply have no conflicts: the first -+ * field of struct crypt_data is the 128-byte large DES key schedule which -+ * __des_crypt_r() calculates each time it is called while the two other -+ * hashing algorithms use less than 128 bytes of the data area. -+ */ -+ -+char *__crypt_rn(__const char *key, __const char *setting, -+ void *data, int size) -+{ -+ if (setting[0] == '$' && setting[1] == '2') -+ return _crypt_blowfish_rn(key, setting, (char *)data, size); -+ if (setting[0] == '$' && setting[1] == '1') -+ return __md5_crypt_r(key, setting, (char *)data, size); -+ if (setting[0] == '$' || setting[0] == '_') { -+ __set_errno(EINVAL); -+ return NULL; -+ } -+ if (size >= sizeof(struct crypt_data)) -+ return __des_crypt_r(key, setting, (struct crypt_data *)data); -+ __set_errno(ERANGE); -+ return NULL; -+} -+ -+char *__crypt_ra(__const char *key, __const char *setting, -+ void **data, int *size) -+{ -+ if (setting[0] == '$' && setting[1] == '2') { -+ if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE)) -+ return NULL; -+ return _crypt_blowfish_rn(key, setting, (char *)*data, *size); -+ } -+ if (setting[0] == '$' && setting[1] == '1') { -+ if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE)) -+ return NULL; -+ return __md5_crypt_r(key, setting, (char *)*data, *size); -+ } -+ if (setting[0] == '$' || setting[0] == '_') { -+ __set_errno(EINVAL); -+ return NULL; -+ } -+ if (_crypt_data_alloc(data, size, sizeof(struct crypt_data))) -+ return NULL; -+ return __des_crypt_r(key, setting, (struct crypt_data *)*data); -+} -+ -+char *__crypt_r(__const char *key, __const char *setting, -+ struct crypt_data *data) -+{ -+ return _crypt_retval_magic( -+ __crypt_rn(key, setting, data, sizeof(*data)), -+ setting, (char *)data); -+} -+ -+char *__crypt(__const char *key, __const char *setting) -+{ -+ return _crypt_retval_magic( -+ __crypt_rn(key, setting, &_ufc_foobar, sizeof(_ufc_foobar)), -+ setting, (char *)&_ufc_foobar); -+} -+#else -+char *crypt_rn(__CONST char *key, __CONST char *setting, void *data, int size) -+{ -+ return _crypt_blowfish_rn(key, setting, (char *)data, size); -+} -+ -+char *crypt_ra(__CONST char *key, __CONST char *setting, -+ void **data, int *size) -+{ -+ if (_crypt_data_alloc(data, size, CRYPT_OUTPUT_SIZE)) -+ return NULL; -+ return _crypt_blowfish_rn(key, setting, (char *)*data, *size); -+} -+ -+char *crypt_r(__CONST char *key, __CONST char *setting, void *data) -+{ -+ return _crypt_retval_magic( -+ crypt_rn(key, setting, data, CRYPT_OUTPUT_SIZE), -+ setting, (char *)data); -+} -+ -+char *crypt(__CONST char *key, __CONST char *setting) -+{ -+ static char output[CRYPT_OUTPUT_SIZE]; -+ -+ return _crypt_retval_magic( -+ crypt_rn(key, setting, output, sizeof(output)), -+ setting, output); -+} -+ -+#define __crypt_gensalt_rn crypt_gensalt_rn -+#define __crypt_gensalt_ra crypt_gensalt_ra -+#define __crypt_gensalt crypt_gensalt -+#endif -+ -+char *__crypt_gensalt_rn(__CONST char *prefix, unsigned long count, -+ __CONST char *input, int size, char *output, int output_size) -+{ -+ char *(*use)(unsigned long count, -+ __CONST char *input, int size, char *output, int output_size); -+ -+ /* This may be supported on some platforms in the future */ -+ if (!input) { -+ __set_errno(EINVAL); -+ return NULL; -+ } -+ -+ if (!strncmp(prefix, "$2a$", 4)) -+ use = _crypt_gensalt_blowfish_rn; -+ else -+ if (!strncmp(prefix, "$1$", 3)) -+ use = _crypt_gensalt_md5_rn; -+ else -+ if (prefix[0] == '_') -+ use = _crypt_gensalt_extended_rn; -+ else -+ if (!prefix[0] || -+ (prefix[0] && prefix[1] && -+ memchr(_crypt_itoa64, prefix[0], 64) && -+ memchr(_crypt_itoa64, prefix[1], 64))) -+ use = _crypt_gensalt_traditional_rn; -+ else { -+ __set_errno(EINVAL); -+ return NULL; -+ } -+ -+ return use(count, input, size, output, output_size); -+} -+ -+char *__crypt_gensalt_ra(__CONST char *prefix, unsigned long count, -+ __CONST char *input, int size) -+{ -+ char output[CRYPT_GENSALT_OUTPUT_SIZE]; -+ char *retval; -+ -+ retval = __crypt_gensalt_rn(prefix, count, -+ input, size, output, sizeof(output)); -+ -+ if (retval) { -+ retval = strdup(retval); -+#ifndef __GLIBC__ -+ /* strdup(3) on glibc sets errno, so we don't need to bother */ -+ if (!retval) -+ __set_errno(ENOMEM); -+#endif -+ } -+ -+ return retval; -+} -+ -+char *__crypt_gensalt(__CONST char *prefix, unsigned long count, -+ __CONST char *input, int size) -+{ -+ static char output[CRYPT_GENSALT_OUTPUT_SIZE]; -+ -+ return __crypt_gensalt_rn(prefix, count, -+ input, size, output, sizeof(output)); -+} -+ -+#if defined(__GLIBC__) && defined(_LIBC) -+weak_alias(__crypt_rn, crypt_rn) -+weak_alias(__crypt_ra, crypt_ra) -+weak_alias(__crypt_r, crypt_r) -+weak_alias(__crypt, crypt) -+weak_alias(__crypt_gensalt_rn, crypt_gensalt_rn) -+weak_alias(__crypt_gensalt_ra, crypt_gensalt_ra) -+weak_alias(__crypt_gensalt, crypt_gensalt) -+#endif -+ -+#ifdef TEST -+static struct { -+ char *hash; -+ char *pw; -+} tests[] = { -+ {"$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW", -+ "U*U"}, -+ {"$2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK", -+ "U*U*"}, -+ {"$2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a", -+ "U*U*U"}, -+ {"$2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy", -+ ""}, -+ {"$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui", -+ "0123456789abcdefghijklmnopqrstuvwxyz" -+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"}, -+ {NULL, NULL} -+}; -+ -+#define which tests[0] -+ -+static volatile sig_atomic_t running; -+ -+static void handle_timer(int signum) -+{ -+ running = 0; -+} -+ -+static void *run(void *arg) -+{ -+ unsigned long count = 0; -+ int i = 0; -+ void *data = NULL; -+ int size = 0x12345678; -+ -+ do { -+ if (strcmp(crypt_ra(tests[i].pw, tests[i].hash, &data, &size), -+ tests[i].hash)) { -+ printf("%d: FAILED (crypt_ra/%d/%lu)\n", -+ (char *)arg - (char *)0, i, count); -+ free(data); -+ return NULL; -+ } -+ if (!tests[++i].hash) i = 0; -+ count++; -+ } while (running); -+ -+ free(data); -+ return count + (char *)0; -+} -+ -+int main(void) -+{ -+ struct itimerval it; -+ struct tms buf; -+ clock_t start_real, start_virtual, end_real, end_virtual; -+ unsigned long count; -+ void *data; -+ int size; -+ char *setting1, *setting2; -+ int i; -+#ifdef TEST_THREADS -+ pthread_t t[TEST_THREADS]; -+ void *t_retval; -+#endif -+ -+ for (i = 0; tests[i].hash; i++) -+ if (strcmp(crypt(tests[i].pw, tests[i].hash), tests[i].hash)) { -+ printf("FAILED (crypt/%d)\n", i); -+ return 1; -+ } -+ -+ data = NULL; -+ size = 0x12345678; -+ for (i = 0; tests[i].hash; i++) -+ if (strcmp(crypt_ra(tests[i].pw, tests[i].hash, &data, &size), -+ tests[i].hash)) { -+ printf("FAILED (crypt_ra/%d)\n", i); -+ return 1; -+ } -+ -+ setting1 = crypt_gensalt(which.hash, 12, data, size); -+ if (!setting1 || strncmp(setting1, "$2a$12$", 7)) { -+ puts("FAILED (crypt_gensalt)\n"); -+ return 1; -+ } -+ -+ setting2 = crypt_gensalt_ra(setting1, 12, data, size); -+ if (strcmp(setting1, setting2)) { -+ puts("FAILED (crypt_gensalt_ra/1)\n"); -+ return 1; -+ } -+ -+ (*(char *)data)++; -+ setting1 = crypt_gensalt_ra(setting2, 12, data, size); -+ if (!strcmp(setting1, setting2)) { -+ puts("FAILED (crypt_gensalt_ra/2)\n"); -+ return 1; -+ } -+ -+ free(setting1); -+ free(setting2); -+ free(data); -+ -+ running = 1; -+ signal(SIGALRM, handle_timer); -+ -+ memset(&it, 0, sizeof(it)); -+ it.it_value.tv_sec = 5; -+ setitimer(ITIMER_REAL, &it, NULL); -+ -+ start_real = times(&buf); -+ start_virtual = buf.tms_utime + buf.tms_stime; -+ -+ count = (char *)run((char *)0) - (char *)0; -+ -+ end_real = times(&buf); -+ end_virtual = buf.tms_utime + buf.tms_stime; -+ if (end_virtual == start_virtual) end_virtual++; -+ -+ printf("%.1f c/s real, %.1f c/s virtual\n", -+ (float)count * CLK_TCK / (end_real - start_real), -+ (float)count * CLK_TCK / (end_virtual - start_virtual)); -+ -+#ifdef TEST_THREADS -+ running = 1; -+ it.it_value.tv_sec = 60; -+ setitimer(ITIMER_REAL, &it, NULL); -+ start_real = times(&buf); -+ -+ for (i = 0; i < TEST_THREADS; i++) -+ if (pthread_create(&t[i], NULL, run, i + (char *)0)) { -+ perror("pthread_create"); -+ return 1; -+ } -+ -+ for (i = 0; i < TEST_THREADS; i++) { -+ if (pthread_join(t[i], &t_retval)) { -+ perror("pthread_join"); -+ continue; -+ } -+ if (!t_retval) continue; -+ count = (char *)t_retval - (char *)0; -+ end_real = times(&buf); -+ printf("%d: %.1f c/s real\n", i, -+ (float)count * CLK_TCK / (end_real - start_real)); -+ } -+#endif -+ -+ return 0; -+} -+#endif +diff --git a/crypt/Makefile b/crypt/Makefile +index b9c8797..6c51263 100644 +--- crypt/Makefile ++++ crypt/Makefile +@@ -27,7 +27,7 @@ extra-libs := libcrypt + extra-libs-others := $(extra-libs) + + libcrypt-routines := crypt-entry md5-crypt sha256-crypt sha512-crypt crypt \ +- crypt_util ++ crypt_util crypt_blowfish + + tests := cert md5c-test sha256c-test sha512c-test + +diff --git a/crypt/crypt-entry.c b/crypt/crypt-entry.c +index fdddad2..6e6ba58 100644 +--- crypt/crypt-entry.c ++++ crypt/crypt-entry.c +@@ -61,6 +61,8 @@ extern char *__sha256_crypt (const char *key, const char *salt); + extern char *__sha512_crypt_r (const char *key, const char *salt, + char *buffer, int buflen); + extern char *__sha512_crypt (const char *key, const char *salt); ++extern char *_crypt_blowfish_rn (const char *key, const char *setting, ++ char *output, int size); + #endif + + /* Define our magic string to mark salt for MD5 encryption +@@ -74,6 +76,9 @@ static const char sha256_salt_prefix[] = "$5$"; + /* Magic string for SHA512 encryption. */ + static const char sha512_salt_prefix[] = "$6$"; + ++/* Magic string for Blowfish encryption. */ ++static const char blowfish_salt_prefix[] = "$2a$"; ++ + /* For use by the old, non-reentrant routines (crypt/encrypt/setkey) */ + extern struct crypt_data _ufc_foobar; + +@@ -106,6 +111,11 @@ __crypt_r (key, salt, data) + if (strncmp (sha512_salt_prefix, salt, sizeof (sha512_salt_prefix) - 1) == 0) + return __sha512_crypt_r (key, salt, (char *) data, + sizeof (struct crypt_data)); ++ ++ /* Try to find out whether we have to use Blowfish encryption replacement. */ ++ if (strncmp (blowfish_salt_prefix, salt, sizeof (blowfish_salt_prefix) - 1) == 0) ++ return _crypt_blowfish_rn (key, salt, (char *) data, ++ sizeof (struct crypt_data)); + #endif + + /* diff --git a/crypt_blowfish-glibc-2.3.diff b/crypt_blowfish-glibc-2.3.diff deleted file mode 100644 index e46ffcd..0000000 --- a/crypt_blowfish-glibc-2.3.diff +++ /dev/null @@ -1,105 +0,0 @@ ---- crypt/crypt-entry.c 2001-07-06 09:37:47.000000000 +0200 -+++ crypt/crypt-entry.c 2003-10-01 11:23:27.000000000 +0200 -@@ -70,7 +70,7 @@ - */ - - char * --__crypt_r (key, salt, data) -+__des_crypt_r (key, salt, data) - const char *key; - const char *salt; - struct crypt_data * __restrict data; -@@ -115,6 +115,7 @@ - _ufc_output_conversion_r (res[0], res[1], salt, data); - return data->crypt_3_buf; - } -+#if 0 - weak_alias (__crypt_r, crypt_r) - - char * -@@ -147,3 +148,4 @@ - return crypt (key, salt); - } - #endif -+#endif ---- crypt/crypt-private.h 2001-07-06 09:37:47.000000000 +0200 -+++ crypt/crypt-private.h 2003-10-01 11:23:27.000000000 +0200 -@@ -55,6 +55,8 @@ - /* crypt-entry.c */ - extern char *__crypt_r (__const char *__key, __const char *__salt, - struct crypt_data * __restrict __data); -+extern char *__des_crypt_r (__const char *__key, __const char *__salt, -+ struct crypt_data * __restrict __data); - extern char *fcrypt (__const char *key, __const char *salt); - - #endif /* crypt-private.h */ ---- crypt/Makefile~ 2007-11-06 05:27:13.635014000 +0100 -+++ crypt/Makefile 2007-11-06 05:27:27.500142000 +0100 -@@ -27,7 +27,7 @@ - extra-libs-others := $(extra-libs) - - libcrypt-routines := crypt-entry md5-crypt sha256-crypt sha512-crypt crypt \ -- crypt_util -+ crypt_util crypt_blowfish crypt_gensalt wrapper - - tests := cert md5c-test sha256c-test sha512c-test - ---- crypt/ow-crypt.h 2001-05-01 13:14:31.000000000 +0200 -+++ crypt/ow-crypt.h 2003-10-01 11:23:27.000000000 +0200 -@@ -13,12 +13,6 @@ - #define __CONST - #endif - --#ifndef __SKIP_GNU --extern char *crypt(__CONST char *key, __CONST char *setting); --extern char *crypt_r(__CONST char *key, __CONST char *setting, void *data); --#endif -- --#ifndef __SKIP_OW - extern char *crypt_rn(__CONST char *key, __CONST char *setting, - void *data, int size); - extern char *crypt_ra(__CONST char *key, __CONST char *setting, -@@ -29,6 +23,5 @@ - __CONST char *input, int size, char *output, int output_size); - extern char *crypt_gensalt_ra(__CONST char *prefix, unsigned long count, - __CONST char *input, int size); --#endif - - #endif ---- crypt/wrapper.c 2002-11-08 01:26:31.000000000 +0100 -+++ crypt/wrapper.c 2003-10-01 11:59:03.000000000 +0200 -@@ -45,12 +45,11 @@ - #if defined(__GLIBC__) && defined(_LIBC) - /* crypt.h from glibc-crypt-2.1 will define struct crypt_data for us */ - #include "crypt.h" -+#include "ufc-crypt.h" -+#include "crypt-private.h" -+ - extern char *__md5_crypt_r(const char *key, const char *salt, - char *buffer, int buflen); --/* crypt-entry.c needs to be patched to define __des_crypt_r rather than -- * __crypt_r, and not define crypt_r and crypt at all */ --extern char *__des_crypt_r(const char *key, const char *salt, -- struct crypt_data *data); - extern struct crypt_data _ufc_foobar; - #endif - -@@ -266,6 +264,7 @@ - weak_alias(__crypt_ra, crypt_ra) - weak_alias(__crypt_r, crypt_r) - weak_alias(__crypt, crypt) -+weak_alias(__crypt, fcrypt) - weak_alias(__crypt_gensalt_rn, crypt_gensalt_rn) - weak_alias(__crypt_gensalt_ra, crypt_gensalt_ra) - weak_alias(__crypt_gensalt, crypt_gensalt) ---- crypt/crypt_blowfish.c -+++ crypt/crypt_blowfish.c 2005/04/28 10:59:24 -@@ -45,7 +45,7 @@ - #endif - - #ifdef __i386__ --#define BF_ASM 1 -+#define BF_ASM 0 - #define BF_SCALE 1 - #elif defined(__alpha__) || defined(__hppa__) - #define BF_ASM 0 diff --git a/glibc-2.8-clone.diff b/glibc-2.8-clone.diff index ed8f017..7922b44 100644 --- a/glibc-2.8-clone.diff +++ b/glibc-2.8-clone.diff @@ -1,3 +1,5 @@ +http://sources.redhat.com/bugzilla/show_bug.cgi?id=6693 + Index: sysdeps/unix/sysv/linux/x86_64/clone.S =================================================================== RCS file: /cvs/glibc/libc/sysdeps/unix/sysv/linux/x86_64/clone.S,v diff --git a/glibc-nscd-assert.diff b/glibc-nscd-assert.diff new file mode 100644 index 0000000..8b781bc --- /dev/null +++ b/glibc-nscd-assert.diff @@ -0,0 +1,136 @@ +2009-08-18 Anders Johansson + + * nscd/aicache.c: Fix mixing up dataset and dataset->resp + offsets and record sizes in assert()s and response sending. + * nscd/grpcache.c: Likewise. + * nscd/hstcache.c: Likewise. + * nscd/initgrcache.c: Likewise. + * nscd/pwdcache.c: Likewise. + +diff -ur glibc-2.4.orig/nscd/aicache.c glibc-2.4/nscd/aicache.c +--- nscd/aicache.c 2009-06-18 14:20:53.000000000 +0200 ++++ nscd/aicache.c 2009-06-18 14:21:20.000000000 +0200 +@@ -450,6 +450,6 @@ + { + assert (db->wr_fd != -1); + assert ((char *) &dataset->resp > (char *) db->data); +- assert ((char *) &dataset->resp - (char *) db->head + total ++ assert ((char *) dataset - (char *) db->head + total + <= (sizeof (struct database_pers_head) + + db->head->module * sizeof (ref_t) +@@ -458,6 +458,6 @@ + ssize_t written; + written = sendfileall (fd, db->wr_fd, (char *) &dataset->resp +- - (char *) db->head, total); ++ - (char *) db->head, dataset->head.recsize); + # ifndef __ASSUME_SENDFILE + if (written == -1 && errno == ENOSYS) + goto use_write; +@@ -469,7 +469,7 @@ + use_write: + # endif + #endif +- writeall (fd, &dataset->resp, total); ++ writeall (fd, &dataset->resp, dataset->head.recsize); + } + + goto out; +diff -ur glibc-2.4.orig/nscd/grpcache.c glibc-2.4/nscd/grpcache.c +--- nscd/grpcache.c 2009-06-18 14:20:53.000000000 +0200 ++++ nscd/grpcache.c 2009-06-18 14:21:20.000000000 +0200 +@@ -317,14 +317,14 @@ + { + assert (db->wr_fd != -1); + assert ((char *) &dataset->resp > (char *) db->data); +- assert ((char *) &dataset->resp - (char *) db->head ++ assert ((char *) dataset - (char *) db->head + + total + <= (sizeof (struct database_pers_head) + + db->head->module * sizeof (ref_t) + + db->head->data_size)); + written = sendfileall (fd, db->wr_fd, + (char *) &dataset->resp +- - (char *) db->head, total); ++ - (char *) db->head, dataset->head.recsize); + # ifndef __ASSUME_SENDFILE + if (written == -1 && errno == ENOSYS) + goto use_write; +@@ -335,7 +335,7 @@ + use_write: + # endif + #endif +- written = writeall (fd, &dataset->resp, total); ++ written = writeall (fd, &dataset->resp, dataset->head.recsize); + } + + /* Add the record to the database. But only if it has not been +diff -ur glibc-2.4.orig/nscd/hstcache.c glibc-2.4/nscd/hstcache.c +--- nscd/hstcache.c 2009-06-18 14:20:53.000000000 +0200 ++++ nscd/hstcache.c 2009-06-18 14:22:22.000000000 +0200 +@@ -365,7 +365,7 @@ + { + assert (db->wr_fd != -1); + assert ((char *) &dataset->resp > (char *) db->data); +- assert ((char *) &dataset->resp - (char *) db->head ++ assert ((char *) dataset - (char *) db->head + + total + <= (sizeof (struct database_pers_head) + + db->head->module * sizeof (ref_t) +diff -ur glibc-2.4.orig/nscd/initgrcache.c glibc-2.4/nscd/initgrcache.c +--- nscd/initgrcache.c 2009-06-18 14:20:53.000000000 +0200 ++++ nscd/initgrcache.c 2009-06-18 14:21:20.000000000 +0200 +@@ -367,14 +367,14 @@ + { + assert (db->wr_fd != -1); + assert ((char *) &dataset->resp > (char *) db->data); +- assert ((char *) &dataset->resp - (char *) db->head ++ assert ((char *) dataset - (char *) db->head + + total + <= (sizeof (struct database_pers_head) + + db->head->module * sizeof (ref_t) + + db->head->data_size)); + written = sendfileall (fd, db->wr_fd, + (char *) &dataset->resp +- - (char *) db->head, total); ++ - (char *) db->head, dataset->head.recsize); + # ifndef __ASSUME_SENDFILE + if (written == -1 && errno == ENOSYS) + goto use_write; +@@ -385,7 +385,7 @@ + use_write: + # endif + #endif +- written = writeall (fd, &dataset->resp, total); ++ written = writeall (fd, &dataset->resp, dataset->head.recsize); + } + + +diff -ur glibc-2.4.orig/nscd/pwdcache.c glibc-2.4/nscd/pwdcache.c +--- nscd/pwdcache.c 2009-06-18 14:20:53.000000000 +0200 ++++ nscd/pwdcache.c 2009-06-18 14:21:20.000000000 +0200 +@@ -311,14 +311,14 @@ + { + assert (db->wr_fd != -1); + assert ((char *) &dataset->resp > (char *) db->data); +- assert ((char *) &dataset->resp - (char *) db->head ++ assert ((char *) dataset - (char *) db->head + + total + <= (sizeof (struct database_pers_head) + + db->head->module * sizeof (ref_t) + + db->head->data_size)); + written = sendfileall (fd, db->wr_fd, + (char *) &dataset->resp +- - (char *) db->head, total); ++ - (char *) db->head, dataset->head.recsize ); + # ifndef __ASSUME_SENDFILE + if (written == -1 && errno == ENOSYS) + goto use_write; +@@ -329,7 +329,7 @@ + use_write: + # endif + #endif +- written = writeall (fd, &dataset->resp, total); ++ written = writeall (fd, &dataset->resp, dataset->head.recsize); + } + + diff --git a/glibc-utmp-timeout-raise.diff b/glibc-utmp-timeout-raise.diff new file mode 100644 index 0000000..26972f9 --- /dev/null +++ b/glibc-utmp-timeout-raise.diff @@ -0,0 +1,16 @@ +On extremely loaded systems, the default timeout may not be enough and some +entries may not appear in the utmp log. With 30s login delay, the system +should still stay usable for repair in case the utmp locking somehow breaks +down. + +--- login/utmp_file.c~ 2009-06-16 12:36:31.000000000 +0200 ++++ login/utmp_file.c 2009-06-16 12:36:33.000000000 +0200 +@@ -42,7 +42,7 @@ + + /* Locking timeout. */ + #ifndef TIMEOUT +-# define TIMEOUT 1 ++# define TIMEOUT 30 + #endif + + /* Do-nothing handler for locking timeout. */ diff --git a/glibc.changes b/glibc.changes index 9893534..5006f72 100644 --- a/glibc.changes +++ b/glibc.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Sat Sep 5 23:19:51 CEST 2009 - pbaudis@suse.cz + +- Raise utmp locking timeout from 1s to 30s to ensure logins get recorded + even on heavily loaded systems [bnc#486631] +- Fix invalid pointer handling in some nscd assertions and the code to send + data to the client [bnc#513617] +- Radically trim down the Blowfish support patch - keeps only crypt_blowfish + from the original OWL patch, but does the rest within the current glibc + crypt infrastructure [bnc#529495] + ------------------------------------------------------------------- Wed Aug 26 12:53:54 CEST 2009 - mls@suse.de diff --git a/glibc.spec b/glibc.spec index c731684..52f68fc 100644 --- a/glibc.spec +++ b/glibc.spec @@ -69,7 +69,7 @@ Obsoletes: glibc-32bit Provides: rtld(GNU_HASH) AutoReqProv: on Version: 2.10.1 -Release: 6 +Release: 7 Url: http://www.gnu.org/software/libc/libc.html PreReq: filesystem BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -97,8 +97,7 @@ Patch1: glibc-2.3.90-noversion.diff Patch2: glibc-2.3.90-fnmatch.diff Patch3: resolv.dynamic.diff Patch4: glibc-2.3.locales.diff.bz2 -Patch5: crypt_blowfish-1.0.diff -Patch6: crypt_blowfish-glibc-2.3.diff +Patch5: crypt_blowfish-1.0-suse.diff Patch7: glibc-version.diff Patch8: glibc-2.4.90-revert-only-euro.diff Patch9: glibc-2.3-regcomp.diff @@ -138,6 +137,8 @@ Patch44: glibc-cpusetsize.diff Patch45: glibc-nis-splitgroups.diff Patch46: glibc-2.10-mcheck-free-race.diff Patch47: glibc-2.10.99-ia64-include.diff +Patch48: glibc-utmp-timeout-raise.diff +Patch49: glibc-nscd-assert.diff Patch500: ARM_glibc-2.10.1-local-eabi-wchar.diff Patch501: ARM_glibc-2.10.1-local-hwcap-updates.diff Patch502: ARM_glibc-2.10.1-local-lowlevellock.diff @@ -301,7 +302,6 @@ versions of your software. %patch3 %patch4 %patch5 -%patch6 %patch7 %patch8 %patch9 @@ -343,6 +343,8 @@ rm sysdeps/x86_64/fpu/s_sincos.S %patch45 %patch46 %patch47 +%patch48 +%patch49 %ifarch %arm armv5tel armv7l %patch500 %patch501