%bcond_with fipstest %if 0%{?__isa_bits} == 64 %bcond_without check %else %bcond_with check %endif Name: libxcrypt Summary: Extended crypt library for descrypt, md5crypt, bcrypt, and others Version: 4.4.36 Release: 1%{?_dist_release} Group: system Vendor: Project Vine Distribution: Vine Linux # For explicit license breakdown, see the # LICENSING file in the source tarball. License: LGPLv2+ and BSD and Public Domain URL: https://github.com/besser82/%{name} Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz # Patch 0000 - 2999: Backported patches from upstream. # Patch 3000 - 5999: Backported patches from pull requests. # Patch 6000 - 9999: Downstream patches. %define build_compat32 %{?_with_compat32:1}%{!?_with_compat32:0} # Build with new api? %bcond_without new_api # Build the compat package? %bcond_without compat_pkg # Shared object version of libcrypt. %if %{with new_api} %global soc 2 %global sol 0 %global sof 0 %global sov %{soc}.%{sol}.%{sof} %if %{with compat_pkg} %global csoc 1 %global csol 1 %global csof 0 %global csov %{csoc}.%{csol}.%{csof} %endif %else %global soc 1 %global sol 1 %global sof 0 %global sov %{soc}.%{sol}.%{sof} %endif # Hash methods and API supported by libcrypt. # NEVER EVER touch this, if you do NOT know what you are doing! %if %{with new_api} %global hash_methods all %global obsolete_api no %if %{with compat_pkg} %global compat_methods glibc %global compat_api glibc %endif %else %global hash_methods all %global obsolete_api glibc %endif # Needed for the distribution README file. %global distname .vine # Needed for out-of-tree builds. %global _configure ../"configure" # Common configure options. %global common_configure_options \\\ --libdir=/%{_lib} \\\ --disable-failure-tokens \\\ --disable-silent-rules \\\ --enable-shared \\\ --enable-static \\\ --disable-valgrind \\\ --srcdir=.. \\\ --with-pkgconfigdir=%{_libdir}/pkgconfig %if %{with fipstest} # Add generation of HMAC checksums of the final stripped # binaries. %%define with lazy globbing is used here # intentionally, because using %%global does not work. BuildRequires: fipscheck %define __spec_install_post \ %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ %{_bindir}/fipshmac %{buildroot}/%{_lib}/libcrypt.a \ %{__ln_s} .libcrypt.a.hmac \\\ %{buildroot}/%{_lib}/.libxcrypt.a.hmac \ %{_bindir}/fipshmac %{buildroot}/%{_lib}/libcrypt.so.%{sov} \ %{__ln_s} .libcrypt.so.%{sov}.hmac \\\ %{buildroot}/%{_lib}/.libcrypt.so.%{soc}.hmac \ if [[ %{with new_api} == 1 && %{with compat_pkg} == 1 ]]; then \ %{_bindir}/fipshmac %{buildroot}/%{_lib}/libcrypt.so.%{csov} \ %{__ln_s} .libcrypt.so.%{csov}.hmac \\\ %{buildroot}/%{_lib}/.libcrypt.so.%{csoc}.hmac \ fi \ %{nil} %endif BuildRequires: libtool %if %{with check} BuildRequires: glibc-debuginfo %endif # We do not need to keep this forever. # We need a version of glibc, that doesn't build libcrypt anymore. Requires: glibc%{?_isa} >= 2.26.9000-46 # libxcrypt >= 4.4.22 is not compatible with pam < 1.5.1-2 Conflicts: pam < 1.5.1-2 %if 0%{?fedora} >= 30 Recommends: mkpasswd %endif %description libxcrypt is a modern library for one-way hashing of passwords. It supports a wide variety of both modern and historical hashing methods: yescrypt, gost-yescrypt, scrypt, bcrypt, sha512crypt, sha256crypt, %if %{with new_api} md5crypt, and descrypt. %else md5crypt, SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt, and descrypt. %endif It provides the traditional Unix crypt and crypt_r interfaces, as well as a set of extended interfaces pioneered by Openwall Linux, crypt_rn, crypt_ra, crypt_gensalt, crypt_gensalt_rn, and crypt_gensalt_ra. libxcrypt is intended to be used by login(1), passwd(1), and other similar programs; that is, to hash a small number of passwords during an interactive authentication dialogue with a human. It is not suitable for use in bulk password-cracking applications, or in any other situation where speed is more important than careful handling of sensitive data. However, it is intended to be fast and lightweight enough for use in servers that must field thousands of login attempts per minute. %if %{with new_api} This version of the library does not provide the legacy API functions that have been provided by glibc's libcrypt.so.1. %endif %if %{with new_api} && %{with compat_pkg} %package compat Summary: Compatibility library providing legacy API functions Group: system Requires: %{name}%{?_isa} == %{version}-%{release} %description compat This package contains the library providing the compatibility API for applications that are linked against glibc's libxcrypt, or that are still using the unsafe and deprecated, encrypt, encrypt_r, setkey, setkey_r, and fcrypt functions, which are still required by recent versions of POSIX, the Single UNIX Specification, and various other standards. All existing binary executables linked against glibc's libcrypt should work unmodified with the library supplied by this package. %endif %package devel Summary: Development files for %{name} Group: programming Conflicts: man-pages < 4.15-3 Requires: %{name}%{?_isa} == %{version}-%{release} Requires: glibc-devel%{?_isa} %description devel The %{name}-devel package contains libraries and header files for developing applications that use %{name}. %package static Summary: Static library for -static linking with %{name} Group: programming Requires: %{name}-devel%{?_isa} == %{version}-%{release} Requires: glibc-static%{?_isa} %description static This package contains the libxcrypt static library for -static linking. You don't need this, unless you link statically, which is highly discouraged. %package -n compat32-%{name} Summary: Extended crypt library for descrypt, md5crypt, bcrypt, and others Group: system,legacy %description -n compat32-%{name} libxcrypt is a modern library for one-way hashing of passwords. It supports a wide variety of both modern and historical hashing methods: yescrypt, gost-yescrypt, scrypt, bcrypt, sha512crypt, sha256crypt, %if %{with new_api} md5crypt, and descrypt. %else md5crypt, SunMD5, sha1crypt, NT, bsdicrypt, bigcrypt, and descrypt. %endif It provides the traditional Unix crypt and crypt_r interfaces, as well as a set of extended interfaces pioneered by Openwall Linux, crypt_rn, crypt_ra, crypt_gensalt, crypt_gensalt_rn, and crypt_gensalt_ra. libxcrypt is intended to be used by login(1), passwd(1), and other similar programs; that is, to hash a small number of passwords during an interactive authentication dialogue with a human. It is not suitable for use in bulk password-cracking applications, or in any other situation where speed is more important than careful handling of sensitive data. However, it is intended to be fast and lightweight enough for use in servers that must field thousands of login attempts per minute. %if %{with new_api} This version of the library does not provide the legacy API functions that have been provided by glibc's libcrypt.so.1. %endif %package -n compat32-%{name}-devel Summary: Development files for cpmpat32-%{name} Group: programming,legacy Requires: %{name}-devel == %{version}-%{release} Requires: compat32-glibc-devel %description -n compat32-%{name}-devel The compat32-%{name}-devel package contains libraries and header files for developing applications that use compat32-%{name}. %debug_package %prep %autosetup -p 1 ./autogen.sh %if %{with new_api} %{__cat} << EOF >> README%{distname} This version of the %{name} package ships the libcrypt.so.2 library and does not provide the legacy API functions that have been provided by glibc's libcrypt.so.1. The removed functions by name are encrypt, encrypt_r, setkey, setkey_r, and fcrypt. %if %{with compat_pkg} If you are using a third-party application that links against those functions, or that is linked against glibc's libcrypt, you may need to install the %{name}-compat package manually. All existing binary executables linked against glibc's libcrypt should work unmodified with the libcrypt.so.1 library supplied by the %{name}-compat package. %endif EOF %endif %{__mkdir_p} %{_vpath_builddir}{,-compat} %build # Build the default system library. pushd %{_vpath_builddir} %configure \ %{common_configure_options} \ --enable-hashes=%{hash_methods} \ --enable-obsolete-api=%{obsolete_api} %make_build popd %if %{with new_api} && %{with compat_pkg} # Build the compatibility library. pushd %{_vpath_builddir}-compat %configure \ %{common_configure_options} \ --enable-hashes=%{compat_methods} \ --enable-obsolete-api=%{compat_api} %make_build popd %endif %install rm -rf %{buildroot} %if %{with new_api} && %{with compat_pkg} # Install the compatibility library. %make_install -C %{_vpath_builddir}-compat # Cleanup everything we do not need from the compatibility library. %{__rm} -fr %{buildroot}%{_bindir} \ %{buildroot}%{_includedir} \ %{buildroot}/%{_lib}/lib{,x}crypt.{a,so} \ %{buildroot}%{_libdir}/pkgconfig \ %{buildroot}%{_mandir} \ %{buildroot}%{_sbindir} %endif # Install the default system library. %make_install -C %{_vpath_builddir} # Get rid of libtool crap. %{_bindir}/find %{buildroot} -name '*.la' -print -delete %if %{with check} %check build_dirs="%{_vpath_builddir}" %if %{with new_api} && %{with compat_pkg} build_dirs="${build_dirs} %{_vpath_builddir}-compat" %endif for dir in ${build_dirs}; do %make_build -C ${dir} check || \ { rc=$?; echo "-----BEGIN TESTLOG: ${dir}-----"; %{__cat} ${dir}/test-suite.log; echo "-----END TESTLOG: ${dir}-----"; exit $rc; } done %endif %files %doc NEWS README* THANKS %license AUTHORS COPYING.LIB LICENSING %if %{with fipstest} /%{_lib}/.libcrypt.so.%{soc}.hmac /%{_lib}/.libcrypt.so.%{sov}.hmac %endif /%{_lib}/libcrypt.so.%{soc} /%{_lib}/libcrypt.so.%{sov} %{_mandir}/man5/crypt.5.* %if %{with new_api} && %{with compat_pkg} %files compat %if %{with fipstest} /%{_lib}/.libcrypt.so.%{csoc}.hmac /%{_lib}/.libcrypt.so.%{csov}.hmac %endif /%{_lib}/libcrypt.so.%{csoc} /%{_lib}/libcrypt.so.%{csov} %endif %files devel %doc ChangeLog TODO /%{_lib}/lib*crypt.so %{_includedir}/*crypt.h %{_libdir}/pkgconfig/libcrypt.pc %{_libdir}/pkgconfig/%{name}.pc %{_mandir}/man3/crypt*.3* %files static %if %{with fipstest} /%{_lib}/.lib*crypt.a.hmac %endif /%{_lib}/lib*crypt.a %if 0%{?build_compat32} %files -n compat32-%{name} %if %{with fipstest} /%{_lib}/.libcrypt.so.%{soc}.hmac /%{_lib}/.libcrypt.so.%{sov}.hmac %endif /%{_lib}/libcrypt.so.%{soc} /%{_lib}/libcrypt.so.%{sov} %files -n compat32-%{name}-devel /%{_lib}/lib*crypt.so %{_libdir}/pkgconfig/libcrypt.pc %{_libdir}/pkgconfig/%{name}.pc %endif %changelog * Sat Sep 23 2023 Tomohiro "Tomo-p" KATO - 4.4.36-1 - new upstream release. * Thu Aug 05 2021 Tomohiro "Tomo-p" KATO - 4.4.24-1 - new upstream release. * Sat Apr 10 2021 Tomohiro "Tomo-p" KATO - 4.4.19-1 - new upstream release. - dropped ldconfig scriptlets. * Tue Feb 09 2021 Tomohiro "Tomo-p" KATO - 4.4.17-1 - new upstream release. * Sat Mar 28 2020 Tomohiro "Tomo-p" KATO - 4.4.15-1 - new upstream release. * Sat Jan 19 2019 Tomohiro "Tomo-p" KATO - 4.4.2-6 - initial build for Vine Linux. * Mon Jan 14 2019 Björn Esser - 4.4.2-5 - Build the compat package with glibc hashing methods only - Add an option to disable the compat-package for future use * Mon Jan 14 2019 Björn Esser - 4.4.2-4 - Bump SO-name for Fedora >= 30 and enable compat package (#1666033) - Add distribution README file - Update description of the compat package - Conditionally remove non-built hashing methods from description * Sun Dec 23 2018 Björn Esser - 4.4.2-3 - Remove architecture bits from Recommends * Sun Dec 23 2018 Björn Esser - 4.4.2-2 - Update summary * Sat Dec 22 2018 Björn Esser - 4.4.2-1 - New upstream release * Thu Dec 06 2018 Björn Esser - 4.4.1-1 - New upstream release * Tue Dec 04 2018 Björn Esser - 4.4.0-5 - Sync -fno-plt patch with upstream commit * Tue Dec 04 2018 Björn Esser - 4.4.0-4 - Backport upstream commit to fix a memory leak from a static pointer * Tue Dec 04 2018 Björn Esser - 4.4.0-3 - Backport upstream PR to build with -fno-plt optimization * Mon Nov 26 2018 Björn Esser - 4.4.0-2 - Backport upstream commit to use a safer strcpy for the NT method - Backport upstream generating base64 encoded output for NT gensalt - Backport upstream commit to require less rbytes for NT gensalt - Backport upstream commit to test incremental hmac-sha256 computation - Add Recommends: mkpasswd for Fedora >= 30 * Tue Nov 20 2018 Björn Esser - 4.4.0-1 - New upstream release * Wed Nov 14 2018 Björn Esser - 4.3.4-1 - New upstream release * Wed Nov 14 2018 Björn Esser - 4.3.3-4 - Bump release for proper obsoletion of former common sub-package * Wed Nov 14 2018 Björn Esser - 4.3.3-3 - Add two upstream patches with minor fixes - Add HMAC checksum file for the static library - Drop the common sub-package - Some spec-file optimizations * Tue Nov 13 2018 Björn Esser - 4.3.3-2 - Add a patch to define crypt_gensalt_r as macro, so applications link the identical crypt_gensalt_rn directly * Sun Nov 11 2018 Björn Esser - 4.3.3-1 - New upstream release * Sun Nov 11 2018 Björn Esser - 4.3.2-1 - New upstream release * Sun Nov 11 2018 Björn Esser - 4.3.1-2 - Backport two patches from upstream fixing the gensalt function for NT to properly terminate its returned output * Sat Nov 10 2018 Björn Esser - 4.3.1-1 - New upstream release * Sat Nov 10 2018 Björn Esser - 4.3.0-1 - New upstream release * Fri Oct 26 2018 Björn Esser - 4.2.3-1 - New upstream release * Thu Oct 25 2018 Björn Esser - 4.2.2-2 - Add patch updating to recent development version - Run valgrind-memcheck - Use bootstrap script * Thu Oct 18 2018 Björn Esser - 4.2.2-1 - New upstream release * Mon Oct 01 2018 Björn Esser - 4.2.1-3 - Drop compat-devel package - Set configure options from globals * Sun Sep 30 2018 Björn Esser - 4.2.1-2 - Build out-of-tree - Split off noarch-bits into common sub-package - Update %%description - Prepare to remove legacy API from library and to provide a compatibilty package for the legacy API * Sat Sep 29 2018 Björn Esser - 4.2.1-1 - New upstream release - Add new manpages * Sat Sep 29 2018 Björn Esser - 4.2.0-1 - New upstream release * Fri Aug 24 2018 Björn Esser - 4.1.2-1 - New upstream release * Wed Aug 08 2018 Björn Esser - 4.1.1-4 - Move *.3 manpages to devel subpackage (#1613762) - Add needed Conflicts: man-pages < 4.15-3 * Wed Aug 08 2018 Björn Esser - 4.1.1-3 - Make crypt{,_r} return NULL on failure (#1611784) * Sat Aug 04 2018 Björn Esser - 4.1.1-2 - Add manpages for crypt{,_r,_ra}.3 (#1610307) * Wed Aug 01 2018 Björn Esser - 4.1.1-1 - New upstream release * Fri Jul 13 2018 Björn Esser - 4.1.0-1 - New upstream release * Fri Jul 13 2018 Björn Esser - 4.0.1-6 - Make testsuite fail on error again - Update patch0 with more upstream fixes * Fri Jul 13 2018 Björn Esser - 4.0.1-5 - Add patch to update to recent development branch - Re-enable SUNMD5 support as it is BSD licensed now - Build compatibility symbols for glibc only - Skip failing testsuite once * Fri Jul 13 2018 Fedora Release Engineering - 4.0.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Fri Jun 29 2018 Florian Weimer - 4.0.1-3 - Remove CDDL from license list (#1592445) * Fri Jun 29 2018 Florian Weimer - 4.0.1-2 - Remove SUNMD5 support (#1592445) * Wed May 16 2018 Björn Esser - 4.0.1-1 - New upstream release * Sat Feb 17 2018 Björn Esser - 4.0.0-5 - Switch to %%ldconfig_scriptlets * Wed Feb 07 2018 Fedora Release Engineering - 4.0.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Feb 01 2018 Björn Esser - 4.0.0-3 - Add patch to fix unintialize value in badsalt test * Wed Jan 31 2018 Björn Esser - 4.0.0-2 - Add patch to fix bcrypt test with GCC8 * Sat Jan 27 2018 Björn Esser - 4.0.0-1 - New upstream release * Mon Jan 22 2018 Igor Gnatenko - 4.0.0-0.204.20180120git3436e7b - Fix Obsoletes * Sat Jan 20 2018 Björn Esser - 4.0.0-0.203.20180120git3436e7b - Update to new snapshot fixing cast-align * Sat Jan 20 2018 Björn Esser - 4.0.0-0.202.20180120gitde99d27 - Update to new snapshot (rhbz#1536752) * Sat Jan 20 2018 Björn Esser - 4.0.0-0.201.20171109git15447aa - Use archful Obsoletes for libcrypt - Add versioned Requires on glibc packages not shipping libcrypt - Add comments about the packaging logic for replacing former libcrypt * Fri Jan 12 2018 Björn Esser - 4.0.0-0.200.20171109git15447aa - Initial import (rhbz#1532794) - Add Obsoletes/Provides for libcrypt * Wed Jan 10 2018 Björn Esser - 4.0.0-0.101.20171109git15447aa - Fix style of %%git_{rel,ver} * Tue Jan 09 2018 Björn Esser - 4.0.0-0.100.git20171109.15447aa - Initial rpm release (rhbz#1532794) - Start revision at 0.100 to superseed builds from COPR