Bug 7793 - [Patch] Missing sha-256/sha-512 support in crypt()
Summary: [Patch] Missing sha-256/sha-512 support in crypt()
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 2
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Thomas Backlund
QA Contact:
URL:
Whiteboard:
Keywords: PATCH
Depends on:
Blocks:
 
Reported: 2012-10-15 00:53 CEST by a b
Modified: 2012-12-06 09:21 CET (History)
1 user (show)

See Also:
Source RPM: glibc-2.14.1-8.mga2.src.rpm
CVE:
Status comment:


Attachments
Updated patch for glibc 2.14 to add sha-256/512 support (5.16 KB, patch)
2012-10-15 00:53 CEST, a b
Details | Diff
Updated spec for the updated patch (868 bytes, patch)
2012-10-15 00:55 CEST, a b
Details | Diff
Updated spec for the updated patch (1.15 KB, patch)
2012-10-15 19:55 CEST, a b
Details | Diff

Description a b 2012-10-15 00:53:56 CEST
Created attachment 2941 [details]
Updated patch for glibc 2.14 to add sha-256/512 support

Description of problem:
Up to and including glibc-2.12.1-11.3.mga1 crypt(3) supported sha-256 and sha-512 password hashes. The patch to support this was dropped from glibc-2.14.1-8.mga2, however. This caused several (ruby and python) applications to fail as they could not validate the passwords anymore. 

Version-Release number of selected component (if applicable):
glibc 2.14.1

How reproducible:
See below.

Steps to Reproduce:
1. ruby -e 'puts "my-secret".crypt("$5$rounds=10000$sHpTPaXHPpFF8agG")'
2. ruby -e 'puts "my-secret".crypt("$6$rounds=10000$sHpTPaXHPpFF8agG")'
3. python -c 'from crypt import crypt; print(crypt("my-secret", "$5$rounds=10000$sHpTPaXHPpFF8agG"))'
4. python -c 'from crypt import crypt; print(crypt("my-secret", "$6$rounds=10000$sHpTPaXHPpFF8agG"))'

In each case it should print out
$5$rounds=10000$sHpTPaXHPpFF8agG$IrVp.2mghjnCxFjXofJOCHDjzVywrvp8VXC.41wngvD
or
$6$rounds=10000$sHpTPaXHPpFF8agG$7LCyF.mfj96JeySXYze1Ut8z.TZYOzg5HrCzJC7jYe69L.nM89eg2bp.WYkW8aed2xwuL/zeaOhqev2MA1GhI0
If it instead it prints out '*0' then the algorithm is not supported.
Comment 1 a b 2012-10-15 00:55:14 CEST
Created attachment 2942 [details]
Updated spec for the updated patch
a b 2012-10-15 00:55:43 CEST

Source RPM: (none) => glibc-2.14.1-8.mga2.src.rpm

Thierry Vignaud 2012-10-15 13:19:07 CEST

Keywords: (none) => PATCH
CC: (none) => thierry.vignaud
Assignee: bugsquad => tmb

Comment 2 a b 2012-10-15 19:55:14 CEST
Created attachment 2947 [details]
Updated spec for the updated patch

Oops, just realized I had accidentally removed a hunk when I cleaned up the spec for submission.

Attachment 2942 is obsolete: 0 => 1

Comment 3 Thomas Backlund 2012-10-15 20:33:57 CEST
Ah, sorry ... 

seems I disabled the patch by mistake during 2.14 rebase here:
http://svnweb.mageia.org/packages/cauldron/glibc/current/SPECS/glibc.spec?r1=156157&r2=156310

I will re-add it and push it as an update for Mageia 2 along with a few other fixes I have queued probably by the end of the week...

I will fix in Cauldron too, so it will work for mga3

Thanks for noticing it, and sorry for the problem

Status: NEW => ASSIGNED

Comment 4 Thomas Backlund 2012-10-15 21:30:29 CEST
Fixed in Cauldron with glibc-2.16-13.mga3

Fixed in SVN for Mageia 2 and queued for next update:
http://svnweb.mageia.org/packages?view=revision&revision=306739
Thierry Vignaud 2012-10-15 22:22:48 CEST

CC: thierry.vignaud => (none)

Comment 5 a b 2012-10-16 09:35:45 CEST
Wow, that was fast! Thanks.
Comment 6 Thierry Vignaud 2012-12-06 09:21:50 CET
Closing then

Status: ASSIGNED => RESOLVED
CC: (none) => thierry.vignaud
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.