Show pageOld revisionsBacklinksBack to top This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. ====== Slackware-14.1 ChangeLog (2013-03-28) ====== ====== Thu Mar 28 06:59:52 UTC 2013 ====== ===== Packages ===== ==== Rebuilt ==== * [[slackware.14.1>a/shadow-4.1.4.3-i486-8.txz]] \\ Patched pw_encrypt() to fix "crypt: Invalid argument" and immediate login \\ failure when a non-existent user tries to log in. This was caused by a \\ change in the behavior of glibc's crypt() function. When a user that does \\ not exist tries to log in, the code in shadow calls crypt() with an invalid \\ salt. The old version of crypt() used the provided bad salt (always "!") \\ to produce a DES hash with "!!" at the beginning, while the new one just \\ returns NULL which isn't well-handled by the shadow code. To fix this \\ shadow bug, if the salt is invalid, we'll call crypt() using a good SHA512 \\ salt, prepend "!!" to the hash that we get back, and have pw_encrypt() \\ return this as the result. The effect is identical to the previous \\ behavior -- unless the exact same malformed hash happens to be the hash in \\ /etc/shadow (it won't be), the login will fail. While I see no way that \\ these 6 lines of code could be less secure than the original code, I \\ welcome additional review. Also, if anyone spots anything else that was \\ adversely affected by the change to crypt()'s behavior, please let me know. \\ Thanks to Michael L. Semon for informing me of the /bin/login problem. * [[slackware.14.1>xfce/tumbler-0.1.25-i486-3.txz]] \\ Reverted to tumbler-0.1.25, since later versions require gstreamer-1.0, and \\ patched a bug that caused tumbler to hold files open preventing volumes from \\ being ejected. ==== Upgraded ==== * [[slackware.14.1>kde/networkmanagement-0.9.0.8-i486-1.txz]] * [[slackware.14.1>extra/partitionmanager/partitionmanager-1.0.3_20130328svn-i486-1.txz]] {{tag>slackware changelog slackware-14.1 2013/03}} news/2013/03/28/slackware-14.1-changelog.txt Last modified: 9 years agoby Giuseppe Di Terlizzi Log In