All releases of crypt_blowfish
Release Notes: Support for the "$2y$" prefix (denoting correctly computed hashes) has been added. A countermeasure to avoid one-correct to many-buggy collisions with the "$2a$" prefix has been added (which is desirable when upgrading systems with existing "$2a$" hashes computed using pre-1.1 versions of crypt_blowfish). The "make check" tests and the runtime quick self-test have been improved. A patch for glibc 2.13 and 2.14 has been added. The documentation has been updated.
Release Notes: The 8-bit character handling vulnerability (CVE-2011-2483) has been fixed. 8-bit test vectors and a quick self-test on every use of the password hashing function have been added.
Release Notes: The check for unsupported iteration counts has been corrected to reject certain iteration counts that would previously be misinterpreted. Section .note.GNU-stack has been added to the x86 assembly file to avoid the stack area unnecessarily being made executable on Linux systems that use this convention.
Release Notes: The glibc integration wrapper and patches have been revised for builds by recent versions of gcc.
Release Notes: An optimization specific to x86-64 has been applied.
Release Notes: The source code for the self-test has been modified to use sysconf(_SC_CLK_TCK) instead of CLK_TCK when _SC_CLK_TCK is known to be available or CLK_TCK is not (needed for glibc 2.3.90+).
Release Notes: This version corrects a bug in the way salts for extended DES-based and for MD5-based password hashes are generated with the crypt_gensalt*() family of functions. The bug would result in a higher than expected number of matching salts with large numbers of password hashes of the affected types. crypt_gensalt*()'s functionality for Blowfish-based (bcrypt) hashes that crypt_blowfish itself implements and for traditional DES-based crypt(3) hashes was not affected.
Release Notes: The crypt(3) man page has been enhanced to include Solaris 10 and NetBSD compatibility notes.
Release Notes: This version adds a patch for easy integration of crypt_blowfish into glibc versions 2.2 through 2.3.2 (as well as 2.1 through 2.1.3, which were supported previously). Other minor updates are included as well.
No changes have been submitted for this release.
