[debian-edu-commits] debian-edu/pkg-team/ 04/12: debian/patches: Add 0012_using-the-correct-encryption-method.patch. Use aes-256-ecb, not -cbc as encryption method in cred_encrypt() function. (Closes: #892546).
Mike Gabriel
sunweaver at debian.org
Fri Apr 20 13:24:10 BST 2018
This is an automated email from the git hooks/post-receive script.
sunweaver pushed a commit to branch master
in repository gosa.
commit 17e85a80004bfe770f003950c5d21527b7ad56b0
Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
Date: Fri Apr 20 13:17:02 2018 +0200
debian/patches: Add 0012_using-the-correct-encryption-method.patch. Use aes-256-ecb, not -cbc as encryption method in cred_encrypt() function. (Closes: #892546).
---
.../0012_using-the-correct-encryption-method.patch | 25 ++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 26 insertions(+)
diff --git a/debian/patches/0012_using-the-correct-encryption-method.patch b/debian/patches/0012_using-the-correct-encryption-method.patch
new file mode 100644
index 0000000..ddee10e
--- /dev/null
+++ b/debian/patches/0012_using-the-correct-encryption-method.patch
@@ -0,0 +1,25 @@
+From a389ec1e5ab8815afb9314555094fc11dce4caf6 Mon Sep 17 00:00:00 2001
+From: bzapiec <benjamin.zapiec at gonicus.de>
+Date: Wed, 4 Apr 2018 13:35:59 +0200
+Subject: [PATCH] (see #13) using the correct encryption method
+
+---
+ gosa-core/bin/gosa-encrypt-passwords | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/gosa-core/bin/gosa-encrypt-passwords b/gosa-core/bin/gosa-encrypt-passwords
+index 3347449fd..d2b76e309 100755
+--- a/gosa-core/bin/gosa-encrypt-passwords
++++ b/gosa-core/bin/gosa-encrypt-passwords
+@@ -1,7 +1,7 @@
+ #!/usr/bin/php
+ <?php
+
+-function cred_encrypt($input, $password, $cipher = "aes-256-cbc") {
++function cred_encrypt($input, $password, $cipher = "aes-256-ecb") {
+ if (in_array($cipher, openssl_get_cipher_methods())) {
+ $ivlen = openssl_cipher_iv_length($cipher);
+ $iv = openssl_random_pseudo_bytes($ivlen);
+--
+2.11.0
+
diff --git a/debian/patches/series b/debian/patches/series
index 85bf03d..3f333d7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -48,6 +48,7 @@
0009_mcrypt2openssl_systems-no-gosasi.patch
0010_mcrypt2openssl_goto-no-gosasi.patch
0011_mcrypt2openssl_mail-no-gosasi.patch
+0012_using-the-correct-encryption-method.patch
2001_fix-smarty-location.patch
2002_fix-template-location.patch
2003_fix-class-mapping.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/pkg-team/gosa.git
More information about the debian-edu-commits
mailing list