Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.2
pwdutils
pwdutils-3.2.14-CVE-2011-2483.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File pwdutils-3.2.14-CVE-2011-2483.diff of Package pwdutils
Index: pwdutils-3.2.10/src/chpasswd.c =================================================================== --- pwdutils-3.2.10.orig/src/chpasswd.c +++ pwdutils-3.2.10/src/chpasswd.c @@ -342,7 +342,7 @@ main (int argc, char *argv[]) /* blowfish has a limit of 72 characters */ if (use_crypt == BLOWFISH && strlen (cp) > 72) cp[72] = '\0'; - salt = make_crypt_salt ("$2a$", 0 /* XXX crypt_rounds */); + salt = make_crypt_salt ("$2y$", 0 /* XXX crypt_rounds */); if (salt != NULL) pw_data->newpassword = strdup (crypt_r (cp, salt, &output)); else Index: pwdutils-3.2.10/src/gpasswd.c =================================================================== --- pwdutils-3.2.10.orig/src/gpasswd.c +++ pwdutils-3.2.10/src/gpasswd.c @@ -432,7 +432,7 @@ main (int argc, char **argv) /* blowfish has a limit of 72 characters */ if (use_crypt == BLOWFISH && strlen (p1) > 72) p1[72] = '\0'; - salt = make_crypt_salt ("$2a$", 0 /* XXX crypt_rounds */); + salt = make_crypt_salt ("$2y$", 0 /* XXX crypt_rounds */); if (salt != NULL) gr_data->newpassword = strdup (crypt_r (p1, salt, &output)); else Index: pwdutils-3.2.10/etc/default/passwd =================================================================== --- pwdutils-3.2.10.orig/etc/default/passwd +++ pwdutils-3.2.10/etc/default/passwd @@ -26,3 +26,20 @@ BLOWFISH_CRYPT_FILES=10 # For NIS, we should always use DES: CRYPT_YP=des + +# In June 2011 it was discovered that the Linux crypt_blowfish +# implementation contained a bug that made passwords with non-ASCII +# characters easier to crack (CVE-2011-2483). Affected passwords are +# also incompatible with the original, correct OpenBSD +# implementation. Therefore the $2a hash identifier previously used +# for blowfish now is ambiguous as it could mean the hash was +# generated with the correct implementation on OpenBSD or the buggy +# one on Linux. To avoid the ambiguity two new identifier were +# introduced. $2x now explicitly identifies hashes that were +# generated with the buggy algorithm while $2y is used for hashes +# generated with the correct algorithm. New passwords are now +# generated with the $2y identifier. +# +# Setting the following option to "yes" tells the sytem that $2a +# hashes are to be treated as generated with the buggy algorithm. +BLOWFISH_2a2x=yes
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor