path: root/NEWS

libxcrypt NEWS -- history of user-visible changes.

Please send bug reports, questions and suggestions to
<https://github.com/besser82/libxcrypt/issues>.

Version 4.3.2

Version 4.3.1
* Reduce the number of methods that can be the default for new hashes.
  We don’t want to accidentally encourage use of gost-yescrypt,
  scrypt, or the bug-compatibility bcrypt variants by people who do
  not have a specific need for them.
* sha256crypt ($5$) is not considered to be strong anymore.  Thus
  it was dropped from the STRONG and DEFAULT sets.
* The four variants of bcrypt ($2b$, $2a$, $2y$, $2x$) are now
  independently selectable at configure time.  The $2x$ variant has
  been dropped from the STRONG set, because it has a severe bug
  causing it to be easy to find collisions for some passwords.  The
  $2x$ and $2y$ variants have been dropped from the FreeBSD, NetBSD,
  OpenBSD, and Solaris compatibility sets, because those operating
  systems never supported those variants.

Version 4.3.0
* Implement the gost-yescrypt ($gy$) hashing algorithm.
* Remove all of the nonnull annotations, which are a questionable
  optimization that have caused problems in the past and may cause
  future problems on some systems.
* Rename all hash methods to match naming in John the Ripper.
* Make the configure switches --enable-obsolete-api and
  --enable-hashes process their arguments case-insensitively; for
  instance, "--enable-hashes=OpenBSD" and "--enable-hashes=openbsd"
  are now understood as synonymous.
* Fix gensalt for bigcrypt if descrypt hash method is not selected
  at compile time.
* Fix the bigcrypt hash method to reject too short settings and/or
  descrypt hashes with a truncated phrase.  Hashes with a setting
  shorter than 13 characters and phrases shorter than 8 characters
  are valid bigcrypt hashes, although they are identical with the
  output generated by descrypt under the same conditions.
  This only applies when the descrypt hash method is not selected
  at compile time.
* Implement crypt_checksalt, which can be used by portable users of
  libxcrypt to check whether the desired hash method is supported.
* Make a default prefix available whenever at least one strong hash
  is enabled.
* Fix the definition of 'CRYPT_GENSALT_IMPLEMENTS_DEFAULT_PREFIX'
  to reflect whether the default prefix is available or not.

Version 4.2.3
* Add bootstrap script.  If building from a Git checkout instead of a
  tarball release, use './bootstrap' to create the configure script.
* Use sha512 implementation from Colin Percival.  Thus we now have a
  sha512 implementation under the BSD license.
* Use md5 implementation from Alexander Peslyak.  Thus we now have a
  md5 implementation in the public domain.
* 'make dist' now generates bzip2 and xz compressed tarballs along
  with the default gzip compressed tarball.
* The group 'altlinux' has been renamed to 'alt' in --enable-hashes,
  as the ALTLINUX distribution has been rebranded to ALT some time ago.
* New tagged versions are automatically submitted for Coverity Scan:
  https://scan.coverity.com/projects/besser82-libxcrypt

Version 4.2.2
* Convert existing manpages to BSD mdoc format.

Version 4.2.1
* Fix tests for yescrypt and scrypt, when failure-tokens have been
  disabled.

Version 4.2.0
* Implement yescrypt ($y$) and scrypt ($7$) hashing algorithms.
* For scrypt the implemented gensalt function ensures every new hash
  is computed using at least 32 MiBytes of RAM.
* yescrypt is the new default method used for new hashes.
* --enable-hashes now supports additional groups of hashing methods:
  'altlinux', 'owl', and 'suse', which select the methods historically
  supported on those operating systems.
* Added 'XCRYPT_VERSION_*' macros.

Version 4.1.2
* Add optional 'check-valgrind' target to the Makefile.
* Replace crypt-sha{256,512}.c with an implementation in the Public
  Domain.
* Add alias man-pages for other crypt functions.
* Add configure option --disable-failure-tokens, which causes crypt
  and crypt_r to return NULL on failure, as crypt_rn and crypt_ra do,
  instead of a special "failure token".  Using this option improves
  compatibility with programs written on the assumption that, like
  most C library functions, crypt and crypt_r will return NULL on
  failure; but it breaks compatibility with programs that assume these
  functions never return NULL.  We're not sure which type of program
  is more common.  Please let us know if you encounter either.
* Improved handling of out-of-range cost parameters in gensalt.
  The behavior is now:
  - for hashes with a fixed cost parameter (DES/trad, DES/big, NTHASH,
    MD5/bsd), crypt_gensalt only accepts 0 as the rounds argument.
  - for hashes with a linear cost parameter (DES/bsdi, MD5/sun, SHA1,
    SHA256, SHA512), crypt_gensalt accepts 0 or any value in the range
    [1, ULONG_MAX] and clips it to the actual valid range for the hash
    function, if necessary.  In the case of DES/bsdi, even numbers
    become odd, as well.
  - for hashes with an exponential cost parameter (bcrypt),
    crypt_gensalt only accepts 0 or a value in the actual valid range.
  - the documented valid range for SHA1 is now [4, 4294967295] instead
    of [1, 4294967295].
  - all of this is tested.

Version 4.1.1
* --enable-hashes now supports additional groups of hashing methods:
  'freebsd', 'netbsd', 'openbsd', 'osx', and 'solaris', which select
  the hashes historically supported on those operating systems.
* Predictable behavior when arguments to crypt() are NULL or invalid
  (issue #15).
* Hash formats $5, $6, and $md5 once again allow an explicit rounds
  parameter specifying the default number of rounds (issue #16).
* The library no longer uses swapcontext(), for ease of debugging and
  better compatibility with hardening mechanisms like Intel CET
  (issue #18).
* Can now be built with versions of GNU ld older than 2.26.2.
* crypt_gensalt_ra no longer leaks memory on failure.

Version 4.1.0
* Fix spelling of SUSE.
* Lower the minimum required automake version to 1.14.
* Fix build with USE_SWAPCONTEXT turned off.
* Extend --enable-weak-hashes configure option to accept optional
  "glibc" parameter.  When specified, it enables only those of
  weak hashes that are supported by historic versions of the
  GNU libc.
* Fix the leak of obtained random bytes.
* Check expected output strings for deterministic methods.
* Fix memory leak in crypt_sha1crypt_rn.
* Fix read of random bytes out of bounds in gensalt_sha1crypt_rn.
* Make it possible to disable individual hashes at configure time.
  The default is --enable-hashes=all.  --enable-hashes=strong is the
  equivalent of the old --disable-weak-hashes.  You could even do
  --enable-hashes=bcrypt,des to get a binary-compatible libcrypt.so.1
  that still supports almost nothing other than bcrypt.
* Make salt validation pickier.
* Replace crypt-sunmd5.c with BSD-licensed cleanroom reimplementation.
* Make crypt_gensalt for $sha1 deterministic.
* Fix incorrect output-size computation in crypt_sha1crypt_rn.
* Add docs for SHA1, MD5/Sun, NTHASH.
* Introduce CRYPT_GENSALT_IMPLEMENTS_* feature test macros.
* Install libcrypt.pc symlink along with libxcrypt.pc.
* Extend --enable-obsolete-api configure option.
  Make vendor specific parts of compatibility ABI that are enabled by
  --enable-obsolete-api option configurable.
  This allows vendors to enable only those parts of compatibility ABI
  that are relevant to them.
* Extend overall test coverage.

Version 4.0.1
* Fixes for GCC v8.x
* Add symbol version for riscv64
* Fixed an uninitialized value in test-crypt-badsalt

Version 4.0.0
* Full binary backward compatibility with glibc libcrypt; all programs
  compiled with glibc libcrypt, including vendor-patched versions that
  include the Openwall extensions, should work with this libcrypt
  (however, programs compiled against this libcrypt will NOT work with
  glibc libcrypt).
* struct crypt_data is now only 32kB (from 128kB), and divided into a
  public-API section and a properly opaque internal section.

* New feature: supplying a null pointer as the "prefix" argument to
  any of the crypt_gencrypt functions will cause it to select the best
  available hash function (in this release, bcrypt in mode 'a').
  CAUTION: it must be a null pointer, not an empty string.  If you
  supply an empty string, that selects DES, which is the *worst*
  available hash function.
* New feature: supplying a null pointer as the "rbytes" argument to
  any of the crypt_gencrypt functions will cause it to acquire random
  bytes from the operating system.

* The legacy functions bigcrypt, fcrypt, encrypt, encrypt_r,
  setkey, and setkey_r are no longer available for use by new programs.
  All of these (except fcrypt, which was just another name for crypt)
  force the use of DES, which is no longer safe for any application.
* New configure option --disable-obsolete-api removes the above
  functions from the library.  Since this breaks compatibility with
  glibc's libcrypt, when this option is used the shared library will
  be libcrypt.so.2 instead of libcrypt.so.1, and all of the
  compatibility symbol versions for the crypt* functions will be
  omitted.  This option is the default on all operating systems where
  there is no GNU C Library to be compatible with.
* New configure option --disable-weak-hashes removes all support for
  DES and MD5 hashes from the library.  This option implies
  --disable-obsolete-api, and will prevent DES and MD5 password hashes
  from being *verified* -- accounts with such hashes are effectively
  locked.  It is intended for use in high-security new installations.

* Sensitive intermediate data is now thoroughly scrubbed from the
  stack and CPU registers before the crypt functions return to their
  callers.
* UFC-crypt has been replaced with FreeSec; this enables the reduction in
  size of crypt_data, and adds full support for BSD extended DES hashes.
* Extensive code cleanup and portability work.  The static library
  should now be buildable with any C99 compiler, although some
  features may not be available (notably acquiring random bytes from
  the operating system and scrubbing the stack).  The shared library
  does still require some GNU extensions for symbol versioning.
* The configure options --enable-Wno-cast-align and --enable-bootstrap
  are no longer necessary and have been removed.
* If building from a Git checkout instead of a tarball release, use
  'autoreconf -i' to create the configure script; autogen.sh has been
  removed.
* More thoroughly tested.

Version 3.1.1
* Add '--enable-Wno-cast-align' to silence 'cast increases required alignment'
* Whitespace clean-up

Version 3.1.0
* Update upstream-contact
* Add './configure --enable-bootstrap' to skip some tests on initial build
* Add bootstrap-script for Autotools
* Add LICENSE for bcrypt
* Update crypt_blowfish to v1.3
* Add '-Wextra' to CFLAGS
* Fix warnings generated by gcc 5.1.1
* Update Autotools

Version 3.0.4
* Fix warnings generated by gcc 4.6

Version 3.0.3
* Fix memory leak
* Fix compiler warnings

Version 3.0.2
* Fix generating salts for MD5

Version 3.0.1
* Fix build failures

Version 3.0
* Add sha256 and sha512 hashes
* Move all hashes into plugins

Version 2.4
* Sync with crypt_blowfish 1.0

Version 2.3
* Fix problems with gcc > 4.0

Version 2.2
* Fix realloc call in md5-crypt

Version 2.1
* Enable x86.S for i386 again

Version 2.0
* Rename all crypt* functions to xcrypt* to avoid clash with normal
  libcrypt from glibc

Version 1.4
* Fix compiling with glibc > 2.3.1
* Sync with crypt_blowfish 0.4.5

Version 1.3
* Sync with current glibc CVS (fix for not correct initialication of
  internal data structs)

Version 1.2
* Fix building with glibc 2.3.x
* Add support for HPPA

Version 1.1
* merge md5.h with xcrypt.h
* Add SHA1 functions and crypt

Version 1.0
* First release