From 5d7f1bce7d8eea31f4baeb68bcc3124b35acc751 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Wed, 22 Nov 2023 08:38:33 +0100 Subject: posix: Revert the removal of the crypt prototype from Many applications still rely on this prototype. Rebuilds without this prototype result in an implicit function declaration, which can introduce security vulnerabilities due to 32-bit pointer truncation. --- NEWS | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 139cfef..8c1c149 100644 --- a/NEWS +++ b/NEWS @@ -52,7 +52,10 @@ Deprecated and removed features, and other changes affecting compatibility: * libcrypt has been removed from the GNU C Library. The configure options "--enable-crypt" and "--enable-nss-crypt" are no longer available. , libcrypt.a, and libcrypt.so.1 will not be - installed, and will not declare the crypt function. + installed. For now continues to declare the crypt + function by default, to avoid introducing vulnerabilities into + existing applications due to a missing prototype. This declaration + is deprecated and may be removed in a future glibc release. The replacement for libcrypt is libxcrypt, maintained separately from GNU libc, but available under compatible licensing terms, and providing -- cgit v1.1