Bug 2055882
| Summary: | Authen::Passphrase::SaltedDigest from_rfc2307 / as_rfc2307 misses support for SHA256 or SHA512 | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Peter Bieringer <pb> |
| Component: | perl-Authen-Passphrase | Assignee: | Robert-André Mauchin 🐧 <zebob.m> |
| Status: | NEW --- | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 37 | CC: | zebob.m |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I can't do anything myself about the code. There is a bug open on CPAN: https://rt.cpan.org/Public/Bug/Display.html?id=98485 But I don't think it is very well maintained. This message is a reminder that Fedora Linux 35 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 35 on 2022-12-13. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '35'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 35 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed. issue still exists on F37. perl-Crypt-SaltedHash -> not exiting on F37 perl-Authen-Passphrase-0.008-16.fc37.noarch -> still same version related files are: /usr/share/perl5/vendor_perl/Authen/Passphrase.pm /usr/share/perl5/vendor_perl/Authen/Passphrase/SaltedDigest.pm This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component. This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component. |
Description of problem: two in the Perl module implemented functions are not supporting hash methods like HSA256 or SHA512: Authen::Passphrase::SaltedDigest->from_rfc2307(...) $ppr->as_rfc2307 Version-Release number of selected component (if applicable): perl-Authen-Passphrase-0.008-13 How reproducible: always From module code: my %rfc2307_scheme_meaning = ( "MD4" => ["MD4", 16, 0], "MD5" => ["MD5", 16, 0], "RMD160" => ["Crypt::RIPEMD160-", 20, 0], "SHA" => ["SHA-1", 20, 0], "SMD5" => ["MD5", 16, 1], "SSHA" => ["SHA-1", 20, 1], ); my %rfc2307_scheme_for_digest_name = ( "MD4" => "MD4", "MD5" => "MD5", "SHA-1" => "SHA", "SHA1" => "SHA", ); my %rfc2307_scheme_for_package_name = ( "Crypt::RIPEMD160" => "RMD160", "Digest::MD4" => "MD4", "Digest::MD5" => "MD5", "Digest::MD5::Perl" => "MD5", "Digest::Perl::MD4" => "MD4", "Digest::SHA" => "SHA", "Digest::SHA::PurePerl" => "SHA", "Digest::SHA1" => "SHA", "MD5" => "MD5", "RIPEMD160" => "RMD160", ); -> neither SHA256 nor SHA512 are mentioned. Would be good if one can extend the code to support modern salted hashed passwords. Additional info: perl-Crypt-SaltedHash has such support, but unfortunately, it was only packaged for EPEL7, so not usable out-of-the-box on Fedora 35 or EL8.