Re: [PATCH v2] libxcrypt: Update to version 4.4.26

["Peter Müller" <peter.mueller@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 3784 bytes --]

Reviewed-by: Peter Müller <peter.mueller(a)ipfire.org>

> - v2 version is to extend from 4.4.25 to 4.4.26
> - Update from 4.4.23 to 4.4.26
> - Update of rootfile not required
> - Changelog
>     Version 4.4.26
>      * Fix compilation on systems with GCC >= 10, that do not support
>        declarations with __attribute__((symver)).
>     Version 4.4.25
>      * Add support for Python 3.11 in the configure script.
>      * Stricter checking of invalid salt characters (issue #135).
>        Hashed passphrases are always entirely printable ASCII, and do
>        not contain any whitespace or the characters ':', ';', '*', '!',
>        or '\'.  (These characters are used as delimiters and special
>        markers in the passwd(5) and shadow(5) files.)
>     Version 4.4.24
>      * Add hash group for Debian in lib/hashes.conf.
>        Debian has switched to use the yescrypt hashing algorithm as
>        the default for new user passwords, so we should add a group
>        for this distribution.
>      * Overhaul the badsalt test.
>        Test patterns are now mostly generated rather than manually coded
>        into a big table.  Not reading past the end of the “setting” part
>        of the string is tested more thoroughly (this would have caught the
>        sunmd5 $$ bug if it had been available at the time).
>        Test logs are tidier.
>      * Add ‘test-programs’ utility target to Makefile.
>        It is sometimes useful to compile all the test programs but not run
>        them.  Add a Makefile target that does this.
>      * Fix incorrect bcrypt-related ifdeffage in test/badsalt.c.
>        The four variants of bcrypt are independently configurable, but the
>        badsalt tests for them were all being toggled by INCLUDE_bcrypt,
>        which is only the macro for the $2b$ variant.
>      * Fix bigcrypt-related test cases in test/badsalt.c.
>        The test spec was only correct when both or neither of bigcrypt and
>        descrypt were enabled.
>      * Detect ASan in configure and disable incompatible tests.
>        ASan’s “interceptors” for crypt and crypt_r have a semantic conflict
>        with libxcrypt, requiring a few tests to be disabled for builds with
>        -fsanitize-address.  See commentary in test/crypt-badargs.c for an
>        explanation of the conflict, and the commentary in
>        build-aux/zw_detect_asan.m4 for why a configure test is required.
>      * Fix several issues found by Covscan in the testsuite.  These include:
>        - CWE-170: String not null terminated (STRING_NULL)
>        - CWE-188: Reliance on integer endianness (INCOMPATIBLE_CAST)
>        - CWE-190: Unintentional integer overflow (OVERFLOW_BEFORE_WIDEN)
>        - CWE-569: Wrong sizeof argument (SIZEOF_MISMATCH)
>        - CWE-573: Missing varargs init or cleanup (VARARGS)
>        - CWE-687: Argument cannot be negative (NEGATIVE_RETURNS)
> 
> Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
> ---
>   lfs/libxcrypt | 6 +++---
>   1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/lfs/libxcrypt b/lfs/libxcrypt
> index 16ebb1dc5..770b4249e 100644
> --- a/lfs/libxcrypt
> +++ b/lfs/libxcrypt
> @@ -24,10 +24,10 @@
>   
>   include Config
>   
> -VER        = 4.4.23
> +VER        = 4.4.26
>   
>   THISAPP    = libxcrypt-$(VER)
> -DL_FILE    = $(THISAPP).tar.gz
> +DL_FILE    = $(THISAPP).tar.xz
>   DL_FROM    = $(URL_IPFIRE)
>   DIR_APP    = $(DIR_SRC)/$(THISAPP)
>   
> @@ -47,7 +47,7 @@ objects = $(DL_FILE)
>   
>   $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
>   
> -$(DL_FILE)_MD5 = 405116b5cc90b72216afccc54025afbc
> +$(DL_FILE)_MD5 = 34954869627f62f9992808b6cff0d0a9
>   
>   install : $(TARGET)
>   
>