|
Packit |
13e0ca |
libxcrypt NEWS -- history of user-visible changes.
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Please send bug reports, questions and suggestions to
|
|
Packit |
13e0ca |
<https://github.com/besser82/libxcrypt/issues>.
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Version 4.1.1
|
|
Packit |
13e0ca |
* --enable-hashes now supports additional groups of hashing methods:
|
|
Packit |
13e0ca |
'freebsd', 'netbsd', 'openbsd', 'osx', and 'solaris', which select
|
|
Packit |
13e0ca |
the hashes historically supported on those operating systems.
|
|
Packit |
13e0ca |
* Predictable behavior when arguments to crypt() are NULL or invalid
|
|
Packit |
13e0ca |
(issue #15).
|
|
Packit |
13e0ca |
* Hash formats $5, $6, and $md5 once again allow an explicit rounds
|
|
Packit |
13e0ca |
parameter specifying the default number of rounds (issue #16).
|
|
Packit |
13e0ca |
* The library no longer uses swapcontext(), for ease of debugging and
|
|
Packit |
13e0ca |
better compatibility with hardening mechanisms like Intel CET
|
|
Packit |
13e0ca |
(issue #18).
|
|
Packit |
13e0ca |
* Can now be built with versions of GNU ld older than 2.26.2.
|
|
Packit |
13e0ca |
* crypt_gensalt_ra no longer leaks memory on failure.
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Version 4.1.0
|
|
Packit |
13e0ca |
* Fix spelling of SUSE.
|
|
Packit |
13e0ca |
* Lower the minimum required automake version to 1.14.
|
|
Packit |
13e0ca |
* Fix build with USE_SWAPCONTEXT turned off.
|
|
Packit |
13e0ca |
* Extend --enable-weak-hashes configure option to accept optional
|
|
Packit |
13e0ca |
"glibc" parameter. When specified, it enables only those of
|
|
Packit |
13e0ca |
weak hashes that are supported by historic versions of the
|
|
Packit |
13e0ca |
GNU libc.
|
|
Packit |
13e0ca |
* Fix the leak of obtained random bytes.
|
|
Packit |
13e0ca |
* Check expected output strings for deterministic methods.
|
|
Packit |
13e0ca |
* Fix memory leak in crypt_sha1_rn.
|
|
Packit |
13e0ca |
* Fix read of random bytes out of bounds in gensalt_sha1_rn.
|
|
Packit |
13e0ca |
* Make it possible to disable individual hashes at configure time.
|
|
Packit |
13e0ca |
The default is --enable-hashes=all. --enable-hashes=strong is the
|
|
Packit |
13e0ca |
equivalent of the old --disable-weak-hashes. You could even do
|
|
Packit |
13e0ca |
--enable-hashes=bcrypt,des to get a binary-compatible libcrypt.so.1
|
|
Packit |
13e0ca |
that still supports almost nothing other than bcrypt.
|
|
Packit |
13e0ca |
* Make salt validation pickier.
|
|
Packit |
13e0ca |
* Replace crypt-sunmd5.c with BSD-licensed cleanroom reimplementation.
|
|
Packit |
13e0ca |
* Make crypt_gensalt for $sha1 deterministic.
|
|
Packit |
13e0ca |
* Fix incorrect output-size computation in crypt_sha1_rn.
|
|
Packit |
13e0ca |
* Add docs for SHA1, MD5/Sun, NTHASH.
|
|
Packit |
13e0ca |
* Introduce CRYPT_GENSALT_IMPLEMENTS_* feature test macros.
|
|
Packit |
13e0ca |
* Install libcrypt.pc symlink along with libxcrypt.pc.
|
|
Packit |
13e0ca |
* Extend --enable-obsolete-api configure option.
|
|
Packit |
13e0ca |
Make vendor specific parts of compatibility ABI that are enabled by
|
|
Packit |
13e0ca |
--enable-obsolete-api option configurable.
|
|
Packit |
13e0ca |
This allows vendors to enable only those parts of compatibility ABI
|
|
Packit |
13e0ca |
that are relevant to them.
|
|
Packit |
13e0ca |
* Extend overall test coverage.
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Version 4.0.1
|
|
Packit |
13e0ca |
* Fixes for GCC v8.x
|
|
Packit |
13e0ca |
* Add symbol version for riscv64
|
|
Packit |
13e0ca |
* Fixed an uninitialized value in test-crypt-badsalt
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Version 4.0.0
|
|
Packit |
13e0ca |
* Full binary backward compatibility with glibc libcrypt; all programs
|
|
Packit |
13e0ca |
compiled with glibc libcrypt, including vendor-patched versions that
|
|
Packit |
13e0ca |
include the Openwall extensions, should work with this libcrypt
|
|
Packit |
13e0ca |
(however, programs compiled against this libcrypt will NOT work with
|
|
Packit |
13e0ca |
glibc libcrypt).
|
|
Packit |
13e0ca |
* struct crypt_data is now only 32kB (from 128kB), and divided into a
|
|
Packit |
13e0ca |
public-API section and a properly opaque internal section.
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
* New feature: supplying a null pointer as the "prefix" argument to
|
|
Packit |
13e0ca |
any of the crypt_gencrypt functions will cause it to select the best
|
|
Packit |
13e0ca |
available hash function (in this release, bcrypt in mode 'a').
|
|
Packit |
13e0ca |
CAUTION: it must be a null pointer, not an empty string. If you
|
|
Packit |
13e0ca |
supply an empty string, that selects DES, which is the *worst*
|
|
Packit |
13e0ca |
available hash function.
|
|
Packit |
13e0ca |
* New feature: supplying a null pointer as the "rbytes" argument to
|
|
Packit |
13e0ca |
any of the crypt_gencrypt functions will cause it to acquire random
|
|
Packit |
13e0ca |
bytes from the operating system.
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
* The legacy functions bigcrypt, fcrypt, encrypt, encrypt_r,
|
|
Packit |
13e0ca |
setkey, and setkey_r are no longer available for use by new programs.
|
|
Packit |
13e0ca |
All of these (except fcrypt, which was just another name for crypt)
|
|
Packit |
13e0ca |
force the use of DES, which is no longer safe for any application.
|
|
Packit |
13e0ca |
* New configure option --disable-obsolete-api removes the above
|
|
Packit |
13e0ca |
functions from the library. Since this breaks compatibility with
|
|
Packit |
13e0ca |
glibc's libcrypt, when this option is used the shared library will
|
|
Packit |
13e0ca |
be libcrypt.so.2 instead of libcrypt.so.1, and all of the
|
|
Packit |
13e0ca |
compatibility symbol versions for the crypt* functions will be
|
|
Packit |
13e0ca |
omitted. This option is the default on all operating systems where
|
|
Packit |
13e0ca |
there is no GNU C Library to be compatible with.
|
|
Packit |
13e0ca |
* New configure option --disable-weak-hashes removes all support for
|
|
Packit |
13e0ca |
DES and MD5 hashes from the library. This option implies
|
|
Packit |
13e0ca |
--disable-obsolete-api, and will prevent DES and MD5 password hashes
|
|
Packit |
13e0ca |
from being *verified* -- accounts with such hashes are effectively
|
|
Packit |
13e0ca |
locked. It is intended for use in high-security new installations.
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
* Sensitive intermediate data is now thoroughly scrubbed from the
|
|
Packit |
13e0ca |
stack and CPU registers before the crypt functions return to their
|
|
Packit |
13e0ca |
callers.
|
|
Packit |
13e0ca |
* UFC-crypt has been replaced with FreeSec; this enables the reduction in
|
|
Packit |
13e0ca |
size of crypt_data, and adds full support for BSD extended DES hashes.
|
|
Packit |
13e0ca |
* Extensive code cleanup and portability work. The static library
|
|
Packit |
13e0ca |
should now be buildable with any C99 compiler, although some
|
|
Packit |
13e0ca |
features may not be available (notably acquiring random bytes from
|
|
Packit |
13e0ca |
the operating system and scrubbing the stack). The shared library
|
|
Packit |
13e0ca |
does still require some GNU extensions for symbol versioning.
|
|
Packit |
13e0ca |
* The configure options --enable-Wno-cast-align and --enable-bootstrap
|
|
Packit |
13e0ca |
are no longer necessary and have been removed.
|
|
Packit |
13e0ca |
* If building from a Git checkout instead of a tarball release, use
|
|
Packit |
13e0ca |
'autoreconf -i' to create the configure script; autogen.sh has been
|
|
Packit |
13e0ca |
removed.
|
|
Packit |
13e0ca |
* More thoroughly tested.
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Version 3.1.1
|
|
Packit |
13e0ca |
* Add '--enable-Wno-cast-align' to silence 'cast increases required alignment'
|
|
Packit |
13e0ca |
* Whitespace clean-up
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Version 3.1.0
|
|
Packit |
13e0ca |
* Update upstream-contact
|
|
Packit |
13e0ca |
* Add './configure --enable-bootstrap' to skip some tests on initial build
|
|
Packit |
13e0ca |
* Add bootstrap-script for Autotools
|
|
Packit |
13e0ca |
* Add LICENSE for bcrypt
|
|
Packit |
13e0ca |
* Update crypt_blowfish to v1.3
|
|
Packit |
13e0ca |
* Add '-Wextra' to CFLAGS
|
|
Packit |
13e0ca |
* Fix warnings generated by gcc 5.1.1
|
|
Packit |
13e0ca |
* Update Autotools
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Version 3.0.4
|
|
Packit |
13e0ca |
* Fix warnings generated by gcc 4.6
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Version 3.0.3
|
|
Packit |
13e0ca |
* Fix memory leak
|
|
Packit |
13e0ca |
* Fix compiler warnings
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Version 3.0.2
|
|
Packit |
13e0ca |
* Fix generating salts for MD5
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Version 3.0.1
|
|
Packit |
13e0ca |
* Fix build failures
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Version 3.0
|
|
Packit |
13e0ca |
* Add sha256 and sha512 hashes
|
|
Packit |
13e0ca |
* Move all hashes into plugins
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Version 2.4
|
|
Packit |
13e0ca |
* Sync with crypt_blowfish 1.0
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Version 2.3
|
|
Packit |
13e0ca |
* Fix problems with gcc > 4.0
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Version 2.2
|
|
Packit |
13e0ca |
* Fix realloc call in md5-crypt
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Version 2.1
|
|
Packit |
13e0ca |
* Enable x86.S for i386 again
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Version 2.0
|
|
Packit |
13e0ca |
* Rename all crypt* functions to xcrypt* to avoid clash with normal
|
|
Packit |
13e0ca |
libcrypt from glibc
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Version 1.4
|
|
Packit |
13e0ca |
* Fix compiling with glibc > 2.3.1
|
|
Packit |
13e0ca |
* Sync with crypt_blowfish 0.4.5
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Version 1.3
|
|
Packit |
13e0ca |
* Sync with current glibc CVS (fix for not correct initialication of
|
|
Packit |
13e0ca |
internal data structs)
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Version 1.2
|
|
Packit |
13e0ca |
* Fix building with glibc 2.3.x
|
|
Packit |
13e0ca |
* Add support for HPPA
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Version 1.1
|
|
Packit |
13e0ca |
* merge md5.h with xcrypt.h
|
|
Packit |
13e0ca |
* Add SHA1 functions and crypt
|
|
Packit |
13e0ca |
|
|
Packit |
13e0ca |
Version 1.0
|
|
Packit |
13e0ca |
* First release
|