NEWS


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124

libxcrypt NEWS -- history of user-visible changes.

Please send bug reports, questions and suggestions to
<https://github.com/besser82/libxcrypt/issues>.

Version 4.0.0
* Full binary backward compatibility with glibc libcrypt; all programs
  compiled with glibc libcrypt, including vendor-patched versions that
  include the Openwall extensions, should work with this libcrypt
  (however, programs compiled against this libcrypt will NOT work with
  glibc libcrypt).
* struct crypt_data is now only 32kB (from 128kB), and divided into a
  public-API section and a properly opaque internal section.

* New feature: supplying a null pointer as the "prefix" argument to
  any of the crypt_gencrypt functions will cause it to select the best
  available hash function (in this release, bcrypt in mode 'a').
  CAUTION: it must be a null pointer, not an empty string.  If you
  supply an empty string, that selects DES, which is the *worst*
  available hash function.
* New feature: supplying a null pointer as the "rbytes" argument to
  any of the crypt_gencrypt functions will cause it to acquire random
  bytes from the operating system.

* The legacy functions bigcrypt, fcrypt, encrypt, encrypt_r,
  setkey, and setkey_r are no longer available for use by new programs.
  All of these (except fcrypt, which was just another name for crypt)
  force the use of DES, which is no longer safe for any application.
* New configure option --disable-obsolete-api removes the above
  functions from the library.  Since this breaks compatibility with
  glibc's libcrypt, when this option is used the shared library will
  be libcrypt.so.2 instead of libcrypt.so.1, and all of the
  compatibility symbol versions for the crypt* functions will be
  omitted.  This option is the default on all operating systems where
  there is no GNU C Library to be compatible with.
* New configure option --disable-weak-hashes removes all support for
  DES and MD5 hashes from the library.  This option implies
  --disable-obsolete-api, and will prevent DES and MD5 password hashes
  from being *verified* -- accounts with such hashes are effectively
  locked.  It is intended for use in high-security new installations.

* Sensitive intermediate data is now thoroughly scrubbed from the
  stack and CPU registers before the crypt functions return to their
  callers.
* UFC-crypt has been replaced with FreeSec; this enables the reduction in
  size of crypt_data, and adds full support for BSD extended DES hashes.
* Extensive code cleanup and portability work.  The static library
  should now be buildable with any C99 compiler, although some
  features may not be available (notably acquiring random bytes from
  the operating system and scrubbing the stack).  The shared library
  does still require some GNU extensions for symbol versioning.
* The configure options --enable-Wno-cast-align and --enable-bootstrap
  are no longer necessary and have been removed.
* If building from a Git checkout instead of a tarball release, use
  'autoreconf -i' to create the configure script; autogen.sh has been
  removed.
* More thoroughly tested.

Version 3.1.1
* add '--enable-Wno-cast-align' to silence 'cast increases required alignment'
* whitespace clean-up

Version 3.1.0
* update upstream-contact
* add './configure --enable-bootstrap' to skip some tests on initial build
* add bootstrap-script for Autotools
* add LICENSE for bcrypt
* update crypt_blowfish to v1.3
* add '-Wextra' to CFLAGS
* fix warnings generated by gcc 5.1.1
* update Autotools

Version 3.0.4
* Fix warnings generated by gcc 4.6

Version 3.0.3
* Fix memory leak
* Fix compiler warnings

Version 3.0.2
* Fix generating salts for MD5

Version 3.0.1
* Fix build failures

Version 3.0
* Add sha256 and sha512 hashes
* Move all hashes into plugins

Version 2.4
* Sync with crypt_blowfish 1.0

Version 2.3
* Fix problems with gcc > 4.0

Version 2.2
* Fix realloc call in md5-crypt

Version 2.1
* Enable x86.S for i386 again

Version 2.0
* Rename all crypt* functions to xcrypt* to avoid clash with normal
  libcrypt from glibc

Version 1.4
* Fix compiling with glibc > 2.3.1
* Sync with crypt_blowfish 0.4.5

Version 1.3
* Sync with current glibc CVS (fix for not correct initialication of
  internal data structs)

Version 1.2
* Fix building with glibc 2.3.x
* Add support for HPPA

Version 1.1
* merge md5.h with xcrypt.h
* Add SHA1 functions and crypt

Version 1.0
* First release