mirror/postgresql
2
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2024-12-21 08:29:39 +08:00
Code Issues Packages Projects Releases Wiki Activity
8cca49d8a0
postgresql/contrib/pgcrypto
History
Tom Lane ca59dfa6f7 Apply upstream fix for blowfish signed-character bug (CVE-2011-2483). 
A password containing a character with the high bit set was misprocessed
on machines where char is signed (which is most).  This could cause the
preceding one to three characters to fail to affect the hashed result,
thus weakening the password.  The result was also unportable, and failed
to match some other blowfish implementations such as OpenBSD's.

Since the fix changes the output for such passwords, upstream chose
to provide a compatibility hack: password salts beginning with $2x$
(instead of the usual $2a$ for blowfish) are intentionally processed
"wrong" to give the same hash as before.  Stored password hashes can
thus be modified if necessary to still match, though it'd be better
to change any affected passwords.

In passing, sync a couple other upstream changes that marginally improve
performance and/or tighten error checking.

Back-patch to all supported branches.  Since this issue is already
public, no reason not to commit the fix ASAP.
2011-06-21 14:41:05 -04:00
..
expected Convert contrib modules to use the extension facility. 2011-02-13 22:54:49 -05:00
sql Convert contrib modules to use the extension facility. 2011-02-13 22:54:49 -05:00
.gitignore Support "make check" in contrib 2011-04-25 22:27:11 +03:00
blf.c
blf.h
crypt-blowfish.c Apply upstream fix for blowfish signed-character bug (CVE-2011-2483). 2011-06-21 14:41:05 -04:00
crypt-des.c
crypt-gensalt.c
crypt-md5.c
fortuna.c
fortuna.h
imath.c
imath.h
internal-sha2.c
internal.c
Makefile Convert contrib modules to use the extension facility. 2011-02-13 22:54:49 -05:00
mbuf.c
mbuf.h
md5.c
md5.h
openssl.c
pgcrypto--1.0.sql Avoid use of CREATE OR REPLACE FUNCTION in extension installation files. 2011-02-13 22:54:52 -05:00
pgcrypto--unpackaged--1.0.sql Convert contrib modules to use the extension facility. 2011-02-13 22:54:49 -05:00
pgcrypto.c
pgcrypto.control Convert contrib modules to use the extension facility. 2011-02-13 22:54:49 -05:00
pgcrypto.h
pgp-armor.c
pgp-cfb.c
pgp-compress.c
pgp-decrypt.c
pgp-encrypt.c
pgp-info.c
pgp-mpi-internal.c
pgp-mpi-openssl.c
pgp-mpi.c
pgp-pgsql.c
pgp-pubdec.c
pgp-pubenc.c
pgp-pubkey.c
pgp-s2k.c Clean up most -Wunused-but-set-variable warnings from gcc 4.6 2011-04-11 22:28:45 +03:00
pgp.c
pgp.h
px-crypt.c Apply upstream fix for blowfish signed-character bug (CVE-2011-2483). 2011-06-21 14:41:05 -04:00
px-crypt.h
px-hmac.c Clean up most -Wunused-but-set-variable warnings from gcc 4.6 2011-04-11 22:28:45 +03:00
px.c Clean up most -Wunused-but-set-variable warnings from gcc 4.6 2011-04-11 22:28:45 +03:00
px.h
random.c
rijndael.c
rijndael.h
rijndael.tbl Remove useless whitespace at end of lines 2010-11-23 22:34:55 +02:00
sha1.c
sha1.h
sha2.c
sha2.h