Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request: crypt_blowfish 8-bit character mishandling
From: Solar Designer <solar () openwall com>
Date: Thu, 14 Jul 2011 19:31:18 +0400

On Thu, Jul 14, 2011 at 04:37:36PM +0200, Ludwig Nussel wrote:
Well, you need to modify that in %post to automatically get 2y for
new passwords then.

Not in %post - we'll just provide the new file, which is marked
%config(noreplace).  Yes, it does mean that if there were any local
changes, the admin will need to merge the changes and/or rename the file
from *.rpmnew manually.

Which is kind of ugly as that's a file the admin may have modified.

You're right.  In a sense, having the change in code only would have
been better.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]