Add a patch to fix the used prefix for the bcrypt hash method

Signed-off-by: Björn Esser <besser82@fedoraproject.org>
2021-06-21 14:57:16 +02:00 · 2021-06-21 14:57:16 +02:00 · c0e594d3c5
parent c5fd8d4a0a
commit c0e594d3c5
2 changed files with 42 additions and 1 deletions
--- a/shadow-4.8.1-fix_bcrypt_prefix.patch
+++ b/shadow-4.8.1-fix_bcrypt_prefix.patch
@ -0,0 +1,35 @@
+From 738d92a4bd99a2038aa5f97b2fc85daa7011e403 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= <besser82@fedoraproject.org>
+Date: Sat, 12 Jun 2021 13:54:14 +0200
+Subject: [PATCH] libmisc/salt.c: bcrypt should use $2b$ as prefix for setting.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This prefix is the recommended one for new bcrypt hashes
+for a long time.
+
+Signed-off-by: Björn Esser <besser82@fedoraproject.org>
+---
+ libmisc/salt.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/libmisc/salt.c b/libmisc/salt.c
+index 1bfa015b..5dc521ef 100644
+--- a/libmisc/salt.c
+++ b/libmisc/salt.c
+@@ -90,12 +90,8 @@ static void seedRNG (void)
+  */
+ #define MAGNUM(array,ch)	(array)[0]=(array)[2]='$',(array)[1]=(ch),(array)[3]='\0'
+ #ifdef USE_BCRYPT
+-/* 
+- * Using the Prefix $2a$ to enable an anti-collision safety measure in musl libc.
+- * Negatively affects a subset of passwords containing the '\xff' character,
+- * which is not valid UTF-8 (so "unlikely to cause much annoyance").
+- */
+-#define BCRYPTMAGNUM(array)	(array)[0]=(array)[3]='$',(array)[1]='2',(array)[2]='a',(array)[4]='\0'
+/* Use $2b$ as prefix for compatibility with OpenBSD's bcrypt. */
+#define BCRYPTMAGNUM(array)	(array)[0]=(array)[3]='$',(array)[1]='2',(array)[2]='b',(array)[4]='\0'
+ #endif /* USE_BCRYPT */
+ 
+ #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT)
--- a/shadow-utils.spec
+++ b/shadow-utils.spec
@ -1,7 +1,7 @@
 Summary: Utilities for managing accounts and shadow password files
 Name: shadow-utils
 Version: 4.8.1
-Release: 13%{?dist}
+Release: 14%{?dist}
 Epoch: 2
 URL: https://github.com/shadow-maint/shadow
 Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz
@ -106,6 +106,8 @@ Patch59: shadow-4.8.1-fix_YESCRYPT_salt_cost_param_type.patch
 # https://github.com/shadow-maint/shadow/commit/5d0d7841971cc53d9a9d1aefe12f00204115bf6a
 # https://github.com/shadow-maint/shadow/commit/e65cc6aebcb4132fa413f00a905216a5b35b3d57
 Patch60: shadow-4.8.1-covscan_fixes.patch
+# https://github.com/shadow-maint/shadow/commit/738d92a4bd99a2038aa5f97b2fc85daa7011e403
+Patch61: shadow-4.8.1-fix_bcrypt_prefix.patch

 License: BSD and GPLv2+
 BuildRequires: make
@ -191,6 +193,7 @@ Development files for shadow-utils-subid.
 %patch58 -p1 -b .yescrypt
 %patch59 -p1 -b .YESCRYPT_salt_cost_param_type
 %patch60 -p1 -b .covscan_fixes
+%patch61 -p1 -b .bcrypt_prefix

 iconv -f ISO88591 -t utf-8  doc/HOWTO > doc/HOWTO.utf8
 cp -f doc/HOWTO.utf8 doc/HOWTO
@ -360,6 +363,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la
 %{_libdir}/libsubid.so

 %changelog
+* Mon Jun 28 2021 Björn Esser <besser82@fedoraproject.org> - 2:4.8.1-14
+- Add a patch to fix the used prefix for the bcrypt hash method
+
 * Mon Jun 28 2021 Iker Pedrosa <ipedrosa@redhat.com> - 2:4.8.1-13
 - Covscan fixes