public inbox for glibc-cvs@sourceware.org help / color / mirror / Atom feed
From: Florian Weimer <fw@sourceware.org> To: glibc-cvs@sourceware.org Subject: [glibc] posix: Revert the removal of the crypt prototype from <unistd.h> Date: Wed, 22 Nov 2023 07:40:32 +0000 (GMT) [thread overview] Message-ID: <20231122074032.CC9A8385841A@sourceware.org> (raw) https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5d7f1bce7d8eea31f4baeb68bcc3124b35acc751 commit 5d7f1bce7d8eea31f4baeb68bcc3124b35acc751 Author: Florian Weimer <fweimer@redhat.com> Date: Wed Nov 22 08:38:33 2023 +0100 posix: Revert the removal of the crypt prototype from <unistd.h> Many applications still rely on this prototype. Rebuilds without this prototype result in an implicit function declaration, which can introduce security vulnerabilities due to 32-bit pointer truncation. Diff: --- NEWS | 5 ++++- posix/unistd.h | 13 +++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 139cfef1b0..8c1c149f91 100644 --- a/NEWS +++ b/NEWS @@ -52,7 +52,10 @@ Deprecated and removed features, and other changes affecting compatibility: * libcrypt has been removed from the GNU C Library. The configure options "--enable-crypt" and "--enable-nss-crypt" are no longer available. <crypt.h>, libcrypt.a, and libcrypt.so.1 will not be - installed, and <unistd.h> will not declare the crypt function. + installed. For now <unistd.h> continues to declare the crypt + function by default, to avoid introducing vulnerabilities into + existing applications due to a missing prototype. This declaration + is deprecated and may be removed in a future glibc release. The replacement for libcrypt is libxcrypt, maintained separately from GNU libc, but available under compatible licensing terms, and providing diff --git a/posix/unistd.h b/posix/unistd.h index 1f9cd8cbf0..5b91ad4aaa 100644 --- a/posix/unistd.h +++ b/posix/unistd.h @@ -1150,6 +1150,19 @@ ssize_t copy_file_range (int __infd, __off64_t *__pinoff, extern int fdatasync (int __fildes); #endif /* Use POSIX199309 */ +#ifdef __USE_MISC +/* One-way hash PHRASE, returning a string suitable for storage in the + user database. SALT selects the one-way function to use, and + ensures that no two users' hashes are the same, even if they use + the same passphrase. The return value points to static storage + which will be overwritten by the next call to crypt. + + This declaration is deprecated; applications should include + <crypt.h> instead. */ +extern char *crypt (const char *__key, const char *__salt) + __THROW __nonnull ((1, 2)); +#endif + #ifdef __USE_XOPEN /* Swab pairs bytes in the first N bytes of the area pointed to by FROM and copy the result to TO. The value of TO must not be in the
reply other threads:[~2023-11-22 7:40 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20231122074032.CC9A8385841A@sourceware.org \ --to=fw@sourceware.org \ --cc=glibc-cvs@sourceware.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).