--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-41093fcfb6
2018-08-04 21:45:12.206400
--------------------------------------------------------------------------------
Name : libxcrypt
Product : Fedora 28
Version : 4.1.1
Release : 1.fc28
URL :
https://github.com/besser82/libxcrypt
Summary : Extended crypt library for DES, MD5, Blowfish and others
Description :
libxcrypt is a modern library for one-way hashing of passwords. It
supports DES, MD5, SHA-2-256, SHA-2-512, and bcrypt-based password
hashes, and provides the traditional Unix 'crypt' and 'crypt_r'
interfaces, as well as a set of extended interfaces pioneered by
Openwall Linux, 'crypt_rn', 'crypt_ra', 'crypt_gensalt',
'crypt_gensalt_rn', and 'crypt_gensalt_ra'.
libxcrypt is intended to be used by login(1), passwd(1), and other
similar programs; that is, to hash a small number of passwords during
an interactive authentication dialogue with a human. It is not
suitable for use in bulk password-cracking applications, or in any
other situation where speed is more important than careful handling of
sensitive data. However, it *is* intended to be fast and lightweight
enough for use in servers that must field thousands of login attempts
per minute.
On Linux-based systems, by default libxcrypt will be binary backward
compatible with the libcrypt.so.1 shipped as part of the GNU C Library.
This means that all existing binary executables linked against glibc's
libcrypt should work unmodified with this library's libcrypt.so.1. We
have taken pains to provide exactly the same "symbol versions" as were
used by glibc on various CPU architectures, and to account for the
variety of ways in which the Openwall extensions were patched into
glibc's libcrypt by some Linux distributions. (For instance,
compatibility symlinks for SuSE's "libowcrypt" are provided.)
However, the converse is not true: programs linked against libxcrypt
will not work with glibc's libcrypt. Also, programs that use certain
legacy APIs supplied by glibc's libcrypt ('encrypt', 'encrypt_r',
'setkey', 'setkey_r', and 'fcrypt') cannot be compiled against
libxcrypt.
--------------------------------------------------------------------------------
Update Information:
#Version 4.1.1 * Predictable behavior when arguments to crypt() are NULL or
invalid. * Hash formats $5, $6, and $md5 once again allow an explicit rounds
parameter specifying the default number of rounds. * The library no longer uses
swapcontext(), for ease of debugging and better compatibility with hardening
mechanisms like Intel CET. * crypt_gensalt_ra no longer leaks memory on failure.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 1 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.1.1-1
- New upstream release
* Fri Jul 13 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.1.0-1
- New upstream release
* Fri Jul 13 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.0.1-6
- Make testsuite fail on error again
- Update patch0 with more upstream fixes
* Fri Jul 13 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.0.1-5
- Add patch to update to recent development branch
- Re-enable SUNMD5 support as it is BSD licensed now
- Build compatibility symbols for glibc only
- Skip failing testsuite once
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 4.0.1-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Jun 29 2018 Florian Weimer <fweimer(a)redhat.com> - 4.0.1-3
- Remove CDDL from license list (#1592445)
* Fri Jun 29 2018 Florian Weimer <fweimer(a)redhat.com> - 4.0.1-2
- Remove SUNMD5 support (#1592445)
* Wed May 16 2018 Bj��rn Esser <besser82(a)fedoraproject.org> - 4.0.1-1
- New upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1608285 - libxcrypt: Remove use of <ucontext.h>
https://bugzilla.redhat.com/show_bug.cgi?id=1608285
[ 2 ] Bug #1608283 - libxcrypt: Fix memory leak in crypt_gensalt_ra
https://bugzilla.redhat.com/show_bug.cgi?id=1608283
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-41093fcfb6' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------