Andreas Schwab
746e16d2b9
- Update to glibc 2.17.90 85891acadf1b: * CVE-2013-2207 Incorrectly granting access to another user's pseudo-terminal has been fixed by disabling the use of pt_chown (Bugzilla #15755). Distributions can re-enable building and using pt_chown via the new configure option `--enable-pt_chown'. Enabling the use of pt_chown carries with it considerable security risks and should only be used if the distribution understands and accepts the risks. * CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla #15078). * CVE-2013-1914 Stack overflow in getaddrinfo with many results has been fixed (Bugzilla #15330). * Add support for calling C++11 thread_local object destructors on thread and program exit. This needs compiler support for offloading C++11 destructor calls to glibc. * Improved worst case performance of libm functions with double inputs and output. * Support for priority inherited mutexes in pthread condition variables on non-x86 architectures. * Optimized string functions for AArch64. Implemented by Marcus Shawcroft. * Optimized string functions for ARM. Implemented by Will Newton and Richard Henderson. * Added a benchmark framework to track performance of functions in glibc. * New <math.h> macro named issignaling to check for a signaling NaN (sNaN). It is based on draft TS 18661 and currently enabled as a GNU extension. * On Linux, the clock function now uses the clock_gettime system call for improved precision, rather than old times system call. * Added new API functions pthread_getattr_default_np and pthread_setattr_default_np to get and set the default pthread attributes of a process. * Added support for TSX lock elision for pthread mutexes on i386 and x86-64. OBS-URL: https://build.opensuse.org/request/show/186119 OBS-URL: https://build.opensuse.org/package/show/Base:System/glibc?expand=0&rev=304
364 lines
10 KiB
Diff
364 lines
10 KiB
Diff
Index: crypt_blowfish-1.2/crypt_blowfish.c
|
|
===================================================================
|
|
--- crypt_blowfish-1.2.orig/crypt_blowfish.c
|
|
+++ crypt_blowfish-1.2/crypt_blowfish.c
|
|
@@ -872,31 +872,3 @@ char *_crypt_blowfish_rn(const char *key
|
|
__set_errno(EINVAL); /* pretend we don't support this hash type */
|
|
return NULL;
|
|
}
|
|
-
|
|
-char *_crypt_gensalt_blowfish_rn(const char *prefix, unsigned long count,
|
|
- const char *input, int size, char *output, int output_size)
|
|
-{
|
|
- if (size < 16 || output_size < 7 + 22 + 1 ||
|
|
- (count && (count < 4 || count > 31)) ||
|
|
- prefix[0] != '$' || prefix[1] != '2' ||
|
|
- (prefix[2] != 'a' && prefix[2] != 'y')) {
|
|
- if (output_size > 0) output[0] = '\0';
|
|
- __set_errno((output_size < 7 + 22 + 1) ? ERANGE : EINVAL);
|
|
- return NULL;
|
|
- }
|
|
-
|
|
- if (!count) count = 5;
|
|
-
|
|
- output[0] = '$';
|
|
- output[1] = '2';
|
|
- output[2] = prefix[2];
|
|
- output[3] = '$';
|
|
- output[4] = '0' + count / 10;
|
|
- output[5] = '0' + count % 10;
|
|
- output[6] = '$';
|
|
-
|
|
- BF_encode(&output[7], (const BF_word *)input, 16);
|
|
- output[7 + 22] = '\0';
|
|
-
|
|
- return output;
|
|
-}
|
|
Index: crypt_blowfish-1.2/crypt_blowfish.h
|
|
===================================================================
|
|
--- crypt_blowfish-1.2.orig/crypt_blowfish.h
|
|
+++ crypt_blowfish-1.2/crypt_blowfish.h
|
|
@@ -20,8 +20,5 @@
|
|
extern int _crypt_output_magic(const char *setting, char *output, int size);
|
|
extern char *_crypt_blowfish_rn(const char *key, const char *setting,
|
|
char *output, int size);
|
|
-extern char *_crypt_gensalt_blowfish_rn(const char *prefix,
|
|
- unsigned long count,
|
|
- const char *input, int size, char *output, int output_size);
|
|
|
|
#endif
|
|
Index: crypt_blowfish-1.2/crypt_gensalt.c
|
|
===================================================================
|
|
--- crypt_blowfish-1.2.orig/crypt_gensalt.c
|
|
+++ crypt_blowfish-1.2/crypt_gensalt.c
|
|
@@ -180,3 +180,69 @@ error:
|
|
errno = ENOMEM;
|
|
return NULL;
|
|
}
|
|
+
|
|
+
|
|
+typedef unsigned int BF_word;
|
|
+
|
|
+static const unsigned char BF_itoa64[64 + 1] =
|
|
+ "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
|
|
+
|
|
+static void BF_encode(char *dst, const BF_word *src, int size)
|
|
+{
|
|
+ const unsigned char *sptr = (const unsigned char *)src;
|
|
+ const unsigned char *end = sptr + size;
|
|
+ unsigned char *dptr = (unsigned char *)dst;
|
|
+ unsigned int c1, c2;
|
|
+
|
|
+ do {
|
|
+ c1 = *sptr++;
|
|
+ *dptr++ = BF_itoa64[c1 >> 2];
|
|
+ c1 = (c1 & 0x03) << 4;
|
|
+ if (sptr >= end) {
|
|
+ *dptr++ = BF_itoa64[c1];
|
|
+ break;
|
|
+ }
|
|
+
|
|
+ c2 = *sptr++;
|
|
+ c1 |= c2 >> 4;
|
|
+ *dptr++ = BF_itoa64[c1];
|
|
+ c1 = (c2 & 0x0f) << 2;
|
|
+ if (sptr >= end) {
|
|
+ *dptr++ = BF_itoa64[c1];
|
|
+ break;
|
|
+ }
|
|
+
|
|
+ c2 = *sptr++;
|
|
+ c1 |= c2 >> 6;
|
|
+ *dptr++ = BF_itoa64[c1];
|
|
+ *dptr++ = BF_itoa64[c2 & 0x3f];
|
|
+ } while (sptr < end);
|
|
+}
|
|
+
|
|
+char *_crypt_gensalt_blowfish_rn(const char *prefix, unsigned long count,
|
|
+ const char *input, int size, char *output, int output_size)
|
|
+{
|
|
+ if (size < 16 || output_size < 7 + 22 + 1 ||
|
|
+ (count && (count < 4 || count > 31)) ||
|
|
+ prefix[0] != '$' || prefix[1] != '2' ||
|
|
+ (prefix[2] != 'a' && prefix[2] != 'y')) {
|
|
+ if (output_size > 0) output[0] = '\0';
|
|
+ __set_errno((output_size < 7 + 22 + 1) ? ERANGE : EINVAL);
|
|
+ return NULL;
|
|
+ }
|
|
+
|
|
+ if (!count) count = 5;
|
|
+
|
|
+ output[0] = '$';
|
|
+ output[1] = '2';
|
|
+ output[2] = prefix[2];
|
|
+ output[3] = '$';
|
|
+ output[4] = '0' + count / 10;
|
|
+ output[5] = '0' + count % 10;
|
|
+ output[6] = '$';
|
|
+
|
|
+ BF_encode(&output[7], (const BF_word *)input, 16);
|
|
+ output[7 + 22] = '\0';
|
|
+
|
|
+ return output;
|
|
+}
|
|
Index: crypt_blowfish-1.2/crypt_gensalt.h
|
|
===================================================================
|
|
--- crypt_blowfish-1.2.orig/crypt_gensalt.h
|
|
+++ crypt_blowfish-1.2/crypt_gensalt.h
|
|
@@ -28,5 +28,8 @@ extern char *_crypt_gensalt_md5_rn(const
|
|
const char *input, int size, char *output, int output_size);
|
|
extern char *_crypt_gensalt_sha2_rn(const char *prefix, unsigned long count,
|
|
const char *input, int size, char *output, int output_size);
|
|
+extern char *_crypt_gensalt_blowfish_rn(const char *prefix,
|
|
+ unsigned long count,
|
|
+ const char *input, int size, char *output, int output_size);
|
|
|
|
#endif
|
|
Index: crypt_blowfish-1.2/wrapper-gensalt.c
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ crypt_blowfish-1.2/wrapper-gensalt.c
|
|
@@ -0,0 +1,113 @@
|
|
+/*
|
|
+ * Written by Solar Designer <solar at openwall.com> in 2000-2011.
|
|
+ * No copyright is claimed, and the software is hereby placed in the public
|
|
+ * domain. In case this attempt to disclaim copyright and place the software
|
|
+ * in the public domain is deemed null and void, then the software is
|
|
+ * Copyright (c) 2000-2011 Solar Designer and it is hereby released to the
|
|
+ * general public under the following terms:
|
|
+ *
|
|
+ * Redistribution and use in source and binary forms, with or without
|
|
+ * modification, are permitted.
|
|
+ *
|
|
+ * There's ABSOLUTELY NO WARRANTY, express or implied.
|
|
+ *
|
|
+ * See crypt_blowfish.c for more information.
|
|
+ */
|
|
+
|
|
+#include <stdlib.h>
|
|
+#include <string.h>
|
|
+
|
|
+#include <errno.h>
|
|
+#ifndef __set_errno
|
|
+#define __set_errno(val) errno = (val)
|
|
+#endif
|
|
+
|
|
+#define CRYPT_GENSALT_OUTPUT_SIZE (7 + 22 + 1)
|
|
+
|
|
+#if defined(__GLIBC__) && defined(_LIBC)
|
|
+#define __SKIP_GNU
|
|
+#endif
|
|
+#include "ow-crypt.h"
|
|
+
|
|
+#include "crypt_gensalt.h"
|
|
+
|
|
+#if !(defined(__GLIBC__) && defined(_LIBC))
|
|
+#define __crypt_gensalt_rn crypt_gensalt_rn
|
|
+#define __crypt_gensalt_ra crypt_gensalt_ra
|
|
+#define __crypt_gensalt crypt_gensalt
|
|
+#endif
|
|
+
|
|
+char *__crypt_gensalt_rn(const char *prefix, unsigned long count,
|
|
+ const char *input, int size, char *output, int output_size)
|
|
+{
|
|
+ char *(*use)(const char *_prefix, unsigned long _count,
|
|
+ const char *_input, int _size,
|
|
+ char *_output, int _output_size);
|
|
+
|
|
+ /* This may be supported on some platforms in the future */
|
|
+ if (!input) {
|
|
+ __set_errno(EINVAL);
|
|
+ return NULL;
|
|
+ }
|
|
+
|
|
+ if (!strncmp(prefix, "$5$", 3) || !strncmp(prefix, "$6$", 3))
|
|
+ use = _crypt_gensalt_sha2_rn;
|
|
+ else
|
|
+ if (!strncmp(prefix, "$2a$", 4) || !strncmp(prefix, "$2y$", 4))
|
|
+ use = _crypt_gensalt_blowfish_rn;
|
|
+ else
|
|
+ if (!strncmp(prefix, "$1$", 3))
|
|
+ use = _crypt_gensalt_md5_rn;
|
|
+ else
|
|
+ if (prefix[0] == '_')
|
|
+ use = _crypt_gensalt_extended_rn;
|
|
+ else
|
|
+ if (!prefix[0] ||
|
|
+ (prefix[0] && prefix[1] &&
|
|
+ memchr(_crypt_itoa64, prefix[0], 64) &&
|
|
+ memchr(_crypt_itoa64, prefix[1], 64)))
|
|
+ use = _crypt_gensalt_traditional_rn;
|
|
+ else {
|
|
+ __set_errno(EINVAL);
|
|
+ return NULL;
|
|
+ }
|
|
+
|
|
+ return use(prefix, count, input, size, output, output_size);
|
|
+}
|
|
+
|
|
+char *__crypt_gensalt_ra(const char *prefix, unsigned long count,
|
|
+ const char *input, int size)
|
|
+{
|
|
+ char output[CRYPT_GENSALT_OUTPUT_SIZE];
|
|
+ char *retval;
|
|
+
|
|
+ retval = __crypt_gensalt_rn(prefix, count,
|
|
+ input, size, output, sizeof(output));
|
|
+
|
|
+ if (retval) {
|
|
+ retval = strdup(retval);
|
|
+#ifndef __GLIBC__
|
|
+ /* strdup(3) on glibc sets errno, so we don't need to bother */
|
|
+ if (!retval)
|
|
+ __set_errno(ENOMEM);
|
|
+#endif
|
|
+ }
|
|
+
|
|
+ return retval;
|
|
+}
|
|
+
|
|
+char *__crypt_gensalt(const char *prefix, unsigned long count,
|
|
+ const char *input, int size)
|
|
+{
|
|
+ static char output[CRYPT_GENSALT_OUTPUT_SIZE];
|
|
+
|
|
+ return __crypt_gensalt_rn(prefix, count,
|
|
+ input, size, output, sizeof(output));
|
|
+}
|
|
+
|
|
+#if defined(__GLIBC__) && defined(_LIBC)
|
|
+weak_alias(__crypt_gensalt_rn, crypt_gensalt_rn)
|
|
+weak_alias(__crypt_gensalt_ra, crypt_gensalt_ra)
|
|
+weak_alias(__crypt_gensalt, crypt_gensalt)
|
|
+#endif
|
|
+
|
|
Index: crypt_blowfish-1.2/wrapper.c
|
|
===================================================================
|
|
--- crypt_blowfish-1.2.orig/wrapper.c
|
|
+++ crypt_blowfish-1.2/wrapper.c
|
|
@@ -35,7 +35,6 @@
|
|
#endif
|
|
|
|
#define CRYPT_OUTPUT_SIZE (7 + 22 + 31 + 1)
|
|
-#define CRYPT_GENSALT_OUTPUT_SIZE (7 + 22 + 1)
|
|
|
|
#if defined(__GLIBC__) && defined(_LIBC)
|
|
#define __SKIP_GNU
|
|
@@ -43,7 +42,6 @@
|
|
#include "ow-crypt.h"
|
|
|
|
#include "crypt_blowfish.h"
|
|
-#include "crypt_gensalt.h"
|
|
|
|
#if defined(__GLIBC__) && defined(_LIBC)
|
|
/* crypt.h from glibc-crypt-2.1 will define struct crypt_data for us */
|
|
@@ -209,88 +207,11 @@ char *crypt(const char *key, const char
|
|
crypt_rn(key, setting, output, sizeof(output)),
|
|
setting, output, sizeof(output));
|
|
}
|
|
-
|
|
-#define __crypt_gensalt_rn crypt_gensalt_rn
|
|
-#define __crypt_gensalt_ra crypt_gensalt_ra
|
|
-#define __crypt_gensalt crypt_gensalt
|
|
-#endif
|
|
-
|
|
-char *__crypt_gensalt_rn(const char *prefix, unsigned long count,
|
|
- const char *input, int size, char *output, int output_size)
|
|
-{
|
|
- char *(*use)(const char *_prefix, unsigned long _count,
|
|
- const char *_input, int _size,
|
|
- char *_output, int _output_size);
|
|
-
|
|
- /* This may be supported on some platforms in the future */
|
|
- if (!input) {
|
|
- __set_errno(EINVAL);
|
|
- return NULL;
|
|
- }
|
|
-
|
|
- if (!strncmp(prefix, "$5$", 3) || !strncmp(prefix, "$6$", 3))
|
|
- use = _crypt_gensalt_sha2_rn;
|
|
- else
|
|
- if (!strncmp(prefix, "$2a$", 4) || !strncmp(prefix, "$2y$", 4))
|
|
- use = _crypt_gensalt_blowfish_rn;
|
|
- else
|
|
- if (!strncmp(prefix, "$1$", 3))
|
|
- use = _crypt_gensalt_md5_rn;
|
|
- else
|
|
- if (prefix[0] == '_')
|
|
- use = _crypt_gensalt_extended_rn;
|
|
- else
|
|
- if (!prefix[0] ||
|
|
- (prefix[0] && prefix[1] &&
|
|
- memchr(_crypt_itoa64, prefix[0], 64) &&
|
|
- memchr(_crypt_itoa64, prefix[1], 64)))
|
|
- use = _crypt_gensalt_traditional_rn;
|
|
- else {
|
|
- __set_errno(EINVAL);
|
|
- return NULL;
|
|
- }
|
|
-
|
|
- return use(prefix, count, input, size, output, output_size);
|
|
-}
|
|
-
|
|
-char *__crypt_gensalt_ra(const char *prefix, unsigned long count,
|
|
- const char *input, int size)
|
|
-{
|
|
- char output[CRYPT_GENSALT_OUTPUT_SIZE];
|
|
- char *retval;
|
|
-
|
|
- retval = __crypt_gensalt_rn(prefix, count,
|
|
- input, size, output, sizeof(output));
|
|
-
|
|
- if (retval) {
|
|
- retval = strdup(retval);
|
|
-#ifndef __GLIBC__
|
|
- /* strdup(3) on glibc sets errno, so we don't need to bother */
|
|
- if (!retval)
|
|
- __set_errno(ENOMEM);
|
|
#endif
|
|
- }
|
|
-
|
|
- return retval;
|
|
-}
|
|
-
|
|
-char *__crypt_gensalt(const char *prefix, unsigned long count,
|
|
- const char *input, int size)
|
|
-{
|
|
- static char output[CRYPT_GENSALT_OUTPUT_SIZE];
|
|
-
|
|
- return __crypt_gensalt_rn(prefix, count,
|
|
- input, size, output, sizeof(output));
|
|
-}
|
|
|
|
#if defined(__GLIBC__) && defined(_LIBC)
|
|
-weak_alias(__crypt_rn, crypt_rn)
|
|
-weak_alias(__crypt_ra, crypt_ra)
|
|
weak_alias(__crypt_r, crypt_r)
|
|
weak_alias(__crypt, crypt)
|
|
-weak_alias(__crypt_gensalt_rn, crypt_gensalt_rn)
|
|
-weak_alias(__crypt_gensalt_ra, crypt_gensalt_ra)
|
|
-weak_alias(__crypt_gensalt, crypt_gensalt)
|
|
weak_alias(crypt, fcrypt)
|
|
#endif
|
|
|