From 617c9b051aa4ec096f7fca363e53a6018abcbf28c8460ae4e36ac116457404a4 Mon Sep 17 00:00:00 2001 From: Andreas Schwab Date: Wed, 18 Aug 2021 10:55:33 +0000 Subject: [PATCH] Accepting request 912877 from home:Andreas_Schwab:Factory - Update to 4.4.25 * Fix several issues found by Covscan in the testsuite. These include: - CWE-170: String not null terminated (STRING_NULL) - CWE-188: Reliance on integer endianness (INCOMPATIBLE_CAST) - CWE-190: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN) - CWE-569: Wrong sizeof argument (SIZEOF_MISMATCH) - CWE-573: Missing varargs init or cleanup (VARARGS) - CWE-687: Argument cannot be negative (NEGATIVE_RETURNS) * Stricter checking of invalid salt characters (issue #135). OBS-URL: https://build.opensuse.org/request/show/912877 OBS-URL: https://build.opensuse.org/package/show/Base:System/libxcrypt?expand=0&rev=32 --- libxcrypt-4.4.23.tar.gz | 3 --- libxcrypt-4.4.25.tar.gz | 3 +++ libxcrypt.changes | 13 +++++++++++++ libxcrypt.spec | 2 +- 4 files changed, 17 insertions(+), 4 deletions(-) delete mode 100644 libxcrypt-4.4.23.tar.gz create mode 100644 libxcrypt-4.4.25.tar.gz diff --git a/libxcrypt-4.4.23.tar.gz b/libxcrypt-4.4.23.tar.gz deleted file mode 100644 index e98edff..0000000 --- a/libxcrypt-4.4.23.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9cbbcb795ed5d121a1613eb0e40c77173b53e15a746796fc7cd7bd71cfd64533 -size 536009 diff --git a/libxcrypt-4.4.25.tar.gz b/libxcrypt-4.4.25.tar.gz new file mode 100644 index 0000000..f500e82 --- /dev/null +++ b/libxcrypt-4.4.25.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:caea3d032a46c4855ff818637884c7f5719ad228b79387b62ee023c8fbef17b4 +size 523797 diff --git a/libxcrypt.changes b/libxcrypt.changes index 5fc686d..9b18d5e 100644 --- a/libxcrypt.changes +++ b/libxcrypt.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Wed Aug 18 10:22:27 UTC 2021 - Andreas Schwab + +- Update to 4.4.25 + * Fix several issues found by Covscan in the testsuite. These include: + - CWE-170: String not null terminated (STRING_NULL) + - CWE-188: Reliance on integer endianness (INCOMPATIBLE_CAST) + - CWE-190: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN) + - CWE-569: Wrong sizeof argument (SIZEOF_MISMATCH) + - CWE-573: Missing varargs init or cleanup (VARARGS) + - CWE-687: Argument cannot be negative (NEGATIVE_RETURNS) + * Stricter checking of invalid salt characters (issue #135). + ------------------------------------------------------------------- Thu Jun 24 08:48:06 UTC 2021 - Paolo Stivanin diff --git a/libxcrypt.spec b/libxcrypt.spec index 7233582..81eebdd 100644 --- a/libxcrypt.spec +++ b/libxcrypt.spec @@ -17,7 +17,7 @@ Name: libxcrypt -Version: 4.4.23 +Version: 4.4.25 Release: 0 Summary: Extended crypt library for DES, MD5, Blowfish and others License: BSD-2-Clause AND GPL-3.0-or-later AND LGPL-2.1-or-later AND BSD-3-Clause AND SUSE-Public-Domain