oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: crypt_blowfish 8-bit character mishandling

From: Solar Designer <solar () openwall com>
Date: Thu, 14 Jul 2011 19:31:18 +0400
On Thu, Jul 14, 2011 at 04:37:36PM +0200, Ludwig Nussel wrote:

Well, you need to modify that in %post to automatically get 2y for
new passwords then.


Not in %post - we'll just provide the new file, which is marked
%config(noreplace).  Yes, it does mean that if there were any local
changes, the admin will need to merge the changes and/or rename the file
from *.rpmnew manually.


Which is kind of ugly as that's a file the admin may have modified.


You're right.  In a sense, having the change in code only would have
been better.

Alexander
Previous By Date Next
Previous By Thread Next

Current thread: