PR#340: 292 - libcrypt.so.1 changes - fedora-docs/release-notes

fedora-docs / release-notes

#340 292 - libcrypt.so.1 changes

Merged 4 years ago by pbokoc. Opened 4 years ago by pbokoc.

fedora-docs/ pbokoc/release-notes iss292 into f30

Petr Bokoc • 4 years ago

94404a1

<a class="font-weight-bold ml-2" href="/fork/pbokoc/fedora-docs/release-notes/blob/17d42fb51a1789a9fcf9bbacba18de0d5cbead11/f/modules/release-notes/pages/sysadmin/Security.adoc" title="View file as of 17d42fb">modules/release-notes/pages/sysadmin/Security.adoc</a>

<div class="btn btn-outline-secondary disabled opacity-100 border-0 font-weight-bold"> file modified </div> <div class="btn-group"> <span class="btn btn-success btn-sm font-weight-bold disabled opacity-100">+8</span> </div> <a class="btn btn-outline-primary btn-sm ml-2" href="/fork/pbokoc/fedora-docs/release-notes/blob/17d42fb51a1789a9fcf9bbacba18de0d5cbead11/f/modules/release-notes/pages/sysadmin/Security.adoc" title="View file as of 17d42fb"> <i class="fa fa-file-code-o fa-fw"></i> </a> <a class="btn btn-sm btn-outline-primary diffhighlightcollapse ml-2 pointer" data-toggle="collapse" data-target="#diffhighlight_1"> <i class="fa fa-fw fa-caret-up"></i> </a>

		`@@ -17,3 +17,11 @@`
		`LUKS1 continues to be supported.`

		`Note that older boot media (Fedora 27 and earlier) do not provide a version of cryptsetup that can unlock LUKS2-encrypted volumes. This means a Fedora 27 or earlier installation ISO can not be used to rescue a system with LUKS2 encryption.`
		`+`
		`+ == Changes to libcrypt.so.1`
		`+`
		+ The version of the `libcrypt.so.1` library included with Fedora 30 for POSIX compatibility has entirely removed the functionality of the `encrypt`, `encrypt_r`, `setkey`, `setkey_r`, and `fcrypt` functions, while keeping fully binary compatibility with existing (third party) applications possibly still using those functions. If such an application attempts to call one of these functions, the corresponding function will indicate that it is not supported by the system in a POSIX-compliant way.
		`+`
		+ For security reasons, the `encrypt{,r}` functions will also overwrite their data-block argument with random bits.
		`+`
		+ All existing binary executables linked against glibc's `libcrypt` should work unmodified with this version of the `libcrypt.so.1` library supplied by the `libxcrypt-compat` package.