From c0e594d3c5c5162e622a66700fbfccced5777b16 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= Date: Mon, 21 Jun 2021 14:57:16 +0200 Subject: [PATCH] Add a patch to fix the used prefix for the bcrypt hash method MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Björn Esser --- shadow-4.8.1-fix_bcrypt_prefix.patch | 35 ++++++++++++++++++++++++++++ shadow-utils.spec | 8 ++++++- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 shadow-4.8.1-fix_bcrypt_prefix.patch diff --git a/shadow-4.8.1-fix_bcrypt_prefix.patch b/shadow-4.8.1-fix_bcrypt_prefix.patch new file mode 100644 index 0000000..e8ac3bc --- /dev/null +++ b/shadow-4.8.1-fix_bcrypt_prefix.patch @@ -0,0 +1,35 @@ +From 738d92a4bd99a2038aa5f97b2fc85daa7011e403 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Bj=C3=B6rn=20Esser?= +Date: Sat, 12 Jun 2021 13:54:14 +0200 +Subject: [PATCH] libmisc/salt.c: bcrypt should use $2b$ as prefix for setting. +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This prefix is the recommended one for new bcrypt hashes +for a long time. + +Signed-off-by: Björn Esser +--- + libmisc/salt.c | 8 ++------ + 1 file changed, 2 insertions(+), 6 deletions(-) + +diff --git a/libmisc/salt.c b/libmisc/salt.c +index 1bfa015b..5dc521ef 100644 +--- a/libmisc/salt.c ++++ b/libmisc/salt.c +@@ -90,12 +90,8 @@ static void seedRNG (void) + */ + #define MAGNUM(array,ch) (array)[0]=(array)[2]='$',(array)[1]=(ch),(array)[3]='\0' + #ifdef USE_BCRYPT +-/* +- * Using the Prefix $2a$ to enable an anti-collision safety measure in musl libc. +- * Negatively affects a subset of passwords containing the '\xff' character, +- * which is not valid UTF-8 (so "unlikely to cause much annoyance"). +- */ +-#define BCRYPTMAGNUM(array) (array)[0]=(array)[3]='$',(array)[1]='2',(array)[2]='a',(array)[4]='\0' ++/* Use $2b$ as prefix for compatibility with OpenBSD's bcrypt. */ ++#define BCRYPTMAGNUM(array) (array)[0]=(array)[3]='$',(array)[1]='2',(array)[2]='b',(array)[4]='\0' + #endif /* USE_BCRYPT */ + + #if defined(USE_SHA_CRYPT) || defined(USE_BCRYPT) diff --git a/shadow-utils.spec b/shadow-utils.spec index bde69bc..1e1366a 100644 --- a/shadow-utils.spec +++ b/shadow-utils.spec @@ -1,7 +1,7 @@ Summary: Utilities for managing accounts and shadow password files Name: shadow-utils Version: 4.8.1 -Release: 13%{?dist} +Release: 14%{?dist} Epoch: 2 URL: https://github.com/shadow-maint/shadow Source0: https://github.com/shadow-maint/shadow/releases/download/%{version}/shadow-%{version}.tar.xz @@ -106,6 +106,8 @@ Patch59: shadow-4.8.1-fix_YESCRYPT_salt_cost_param_type.patch # https://github.com/shadow-maint/shadow/commit/5d0d7841971cc53d9a9d1aefe12f00204115bf6a # https://github.com/shadow-maint/shadow/commit/e65cc6aebcb4132fa413f00a905216a5b35b3d57 Patch60: shadow-4.8.1-covscan_fixes.patch +# https://github.com/shadow-maint/shadow/commit/738d92a4bd99a2038aa5f97b2fc85daa7011e403 +Patch61: shadow-4.8.1-fix_bcrypt_prefix.patch License: BSD and GPLv2+ BuildRequires: make @@ -191,6 +193,7 @@ Development files for shadow-utils-subid. %patch58 -p1 -b .yescrypt %patch59 -p1 -b .YESCRYPT_salt_cost_param_type %patch60 -p1 -b .covscan_fixes +%patch61 -p1 -b .bcrypt_prefix iconv -f ISO88591 -t utf-8 doc/HOWTO > doc/HOWTO.utf8 cp -f doc/HOWTO.utf8 doc/HOWTO @@ -360,6 +363,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/libsubid.la %{_libdir}/libsubid.so %changelog +* Mon Jun 28 2021 Björn Esser - 2:4.8.1-14 +- Add a patch to fix the used prefix for the bcrypt hash method + * Mon Jun 28 2021 Iker Pedrosa - 2:4.8.1-13 - Covscan fixes