upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-04-15 22:10:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/contrib/pgcrypto
History
Tom Lane ca43ce9eba Apply upstream fix for blowfish signed-character bug (CVE-2011-2483). 
A password containing a character with the high bit set was misprocessed
on machines where char is signed (which is most).  This could cause the
preceding one to three characters to fail to affect the hashed result,
thus weakening the password.  The result was also unportable, and failed
to match some other blowfish implementations such as OpenBSD's.

Since the fix changes the output for such passwords, upstream chose
to provide a compatibility hack: password salts beginning with $2x$
(instead of the usual $2a$ for blowfish) are intentionally processed
"wrong" to give the same hash as before.  Stored password hashes can
thus be modified if necessary to still match, though it'd be better
to change any affected passwords.

In passing, sync a couple other upstream changes that marginally improve
performance and/or tighten error checking.

Back-patch to all supported branches.  Since this issue is already
public, no reason not to commit the fix ASAP.
2011-06-21 14:42:26 -04:00
..
expected Fix a few contrib regression test scripts that hadn't gotten the word 2007-11-13 06:29:04 +00:00
sql Fix a few contrib regression test scripts that hadn't gotten the word 2007-11-13 06:29:04 +00:00
.gitignore Some more gitignore cleanups: cover contrib and PL regression test outputs. 2010-09-22 17:23:05 -04:00
blf.c pgindent run for 8.3. 2007-11-15 21:14:46 +00:00
blf.h pgindent run for 8.3. 2007-11-15 21:14:46 +00:00
crypt-blowfish.c Apply upstream fix for blowfish signed-character bug (CVE-2011-2483). 2011-06-21 14:42:26 -04:00
crypt-des.c "Annual" pgcrypto update from Marko Kreen: 2006-07-13 04:15:25 +00:00
crypt-gensalt.c pgindent run for 8.2. 2006-10-04 00:30:14 +00:00
crypt-md5.c Remove beer-ware license from crypt-md5.c, per 2009-04-15 18:58:34 +00:00
fortuna.c pgindent run for 8.2. 2006-10-04 00:30:14 +00:00
fortuna.h Standard pgindent run for 8.1. 2005-10-15 02:49:52 +00:00
imath.c Silence Solaris compiler warning, per buildfarm. 2007-07-15 22:43:40 +00:00
imath.h pgindent run for 8.3. 2007-11-15 21:14:46 +00:00
internal-sha2.c pgindent run for 8.2. 2006-10-04 00:30:14 +00:00
internal.c pgindent run for 8.3. 2007-11-15 21:14:46 +00:00
Makefile Remove references to READMEs from /contrib Makefiles. 2007-11-10 23:59:52 +00:00
mbuf.c Get rid of overly cute, unportable, probably not very efficient substitute 2007-07-15 23:57:13 +00:00
mbuf.h Standard pgindent run for 8.1. 2005-10-15 02:49:52 +00:00
md5.c Now that core functionality is depending on autoconf's AC_C_BIGENDIAN to be 2007-04-06 05:36:51 +00:00
md5.h Standard pgindent run for 8.1. 2005-10-15 02:49:52 +00:00
openssl.c pgindent run for 8.3. 2007-11-15 21:14:46 +00:00
pgcrypto.c Replace direct assignments to VARATT_SIZEP(x) with SET_VARSIZE(x, len). 2007-02-27 23:48:10 +00:00
pgcrypto.h Remove pgcrypto functions that were deprecated and slated for removal. 2006-09-05 21:26:48 +00:00
pgcrypto.sql.in Add CVS version labels to all install/uninstall scripts. 2007-11-13 04:24:29 +00:00
pgp-armor.c Standard pgindent run for 8.1. 2005-10-15 02:49:52 +00:00
pgp-cfb.c Standard pgindent run for 8.1. 2005-10-15 02:49:52 +00:00
pgp-compress.c pgindent run for 8.3. 2007-11-15 21:14:46 +00:00
pgp-decrypt.c Re-run pgindent, fixing a problem where comment lines after a blank 2005-11-22 18:17:34 +00:00
pgp-encrypt.c Standard pgindent run for 8.1. 2005-10-15 02:49:52 +00:00
pgp-info.c Standard pgindent run for 8.1. 2005-10-15 02:49:52 +00:00
pgp-mpi-internal.c pgindent run for 8.2. 2006-10-04 00:30:14 +00:00
pgp-mpi-openssl.c Standard pgindent run for 8.1. 2005-10-15 02:49:52 +00:00
pgp-mpi.c Standard pgindent run for 8.1. 2005-10-15 02:49:52 +00:00
pgp-pgsql.c Replace direct assignments to VARATT_SIZEP(x) with SET_VARSIZE(x, len). 2007-02-27 23:48:10 +00:00
pgp-pubdec.c Standard pgindent run for 8.1. 2005-10-15 02:49:52 +00:00
pgp-pubenc.c If pk is NULL, the backend would segfault when accessing ->algo and the 2010-10-20 22:25:12 +03:00
pgp-pubkey.c Standard pgindent run for 8.1. 2005-10-15 02:49:52 +00:00
pgp-s2k.c Standard pgindent run for 8.1. 2005-10-15 02:49:52 +00:00
pgp.c Standard pgindent run for 8.1. 2005-10-15 02:49:52 +00:00
pgp.h Fix old thinko in pgp.h: the idea is to declare some named enum types, 2009-03-25 15:03:19 +00:00
px-crypt.c Apply upstream fix for blowfish signed-character bug (CVE-2011-2483). 2011-06-21 14:42:26 -04:00
px-crypt.h "Annual" pgcrypto update from Marko Kreen: 2006-07-13 04:15:25 +00:00
px-hmac.c More pgcrypto fixes: avoid bogus alignment assumptions in sha2, 2005-07-11 15:07:59 +00:00
px.c pgindent run for 8.3. 2007-11-15 21:14:46 +00:00
px.h Fix combo_decrypt() to throw an error for zero-length input when using a 2007-08-23 16:15:51 +00:00
random.c Add missing 3rd argument to open(). 2006-06-08 03:29:30 +00:00
rijndael.c Now that core functionality is depending on autoconf's AC_C_BIGENDIAN to be 2007-04-06 05:36:51 +00:00
rijndael.h pgcrypto uses non-standard type uint, which causes compile 2001-11-20 15:50:53 +00:00
rijndael.tbl Add missing pgcrypto file. 2001-08-21 01:32:01 +00:00
sha1.c Now that core functionality is depending on autoconf's AC_C_BIGENDIAN to be 2007-04-06 05:36:51 +00:00
sha1.h make sure the $Id tags are converted to $PostgreSQL as well ... 2003-11-29 22:41:33 +00:00
sha2.c pgindent run for 8.3. 2007-11-15 21:14:46 +00:00
sha2.h "Annual" pgcrypto update from Marko Kreen: 2006-07-13 04:15:25 +00:00
uninstall_pgcrypto.sql Add CVS version labels to all install/uninstall scripts. 2007-11-13 04:24:29 +00:00