SPECS: pwdutils.spec - added crypt patch to restore MD5(!) and add blowfish...
Jakub Bogusz
qboosh at pld-linux.org
Fri Sep 12 20:38:35 CEST 2008
On Tue, Sep 09, 2008 at 07:17:10AM +0200, Arkadiusz Miskiewicz wrote:
> On Monday 08 September 2008, Jakub Bogusz wrote:
> > On Mon, Sep 08, 2008 at 10:06:14PM +0200, qboosh wrote:
> > > Author: qboosh Date: Mon Sep 8 20:06:14 2008 GMT
> > > Module: SPECS Tag: HEAD
> > > ---- Log message:
> > > - added crypt patch to restore MD5(!) and add blowfish support in
> > > chpasswd(8) - added lt patch to fix build with libtool 2
> > > - updated am BR
> > > - dropped outdated todo
> > > - release 5
> >
> > It's important change - without this patch (or Openwall crypt-blowfish
> > glibc patches or crypt-blowfish support from SuSE libxcrypt) chpasswd(8)
> > supported _only_ DES hashes (and thus passwords truncated to
> > 8 characters).
>
> What upstream said about this btw?
I haven't contacted so far.
If "upstream" refers to SuSE, they ship libxcrypt which provides APIs
for MD5 and Blowfish support, so it's not their problem (their problem
were security bugs in libxcrypt which even effectively resulted in
falling back from MD5 to DES, but it was another issue).
If "upstream" refers to pwdutils alone, the only issue is that it's
nowhere documented and chpasswd silently falls back to DES (even when
it writes about falling back to MD5 in case of unsupported Blowfish).
--
Jakub Bogusz http://qboosh.pl/
More information about the pld-devel-en
mailing list