>Number:         23027
>Category:       pkg
>Synopsis:       openssl's crypt() overlaps system's crypt()
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Oct 01 10:31:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Pavel Arnost
>Release:        RedHat Linux 7.3
>Organization:
CL-NET s.r.o.
>Environment:
Linux mail.clnet.cz 2.4.20-20.7 #1 Mon Sep 15 10:48:58 CEST 2003 i686 unknown

>Description:
openssl's crypt() overlaps system's crypt()

openssl's crypt() doesn't have md5/blowfish support, this causes problems with for example net/pure-ftpd

>How-To-Repeat:
install security/openssl

nm /usr/pkg/lib/libcrypto.so.300|grep "T crypt"
00036a20 T crypt


>Fix:
we should use something similar to redhat's patch:

--- openssl-0.9.5a/crypto/des/fcrypt.c.glibc    Thu Nov  2 15:51:29 2000
+++ openssl-0.9.5a/crypto/des/fcrypt.c  Thu Nov  2 15:51:38 2000
@@ -61,7 +61,7 @@
 void fcrypt_body(DES_LONG *out,des_key_schedule ks,
        DES_LONG Eswap0, DES_LONG Eswap1);

-#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT)
+#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(__GLIBC__)
 char *crypt(const char *buf, const char *salt)
        {
        return(des_crypt(buf, salt));
--- openssl-0.9.5a/test/Makefile.ssl.glibc      Mon Mar 20 02:27:35 2000
+++ openssl-0.9.5a/test/Makefile.ssl    Thu Nov  2 15:22:19 2000
@@ -27,7 +27,7 @@

 DLIBCRYPTO= ../libcrypto.a
 DLIBSSL= ../libssl.a
-LIBCRYPTO= -L.. -lcrypto
+LIBCRYPTO= -L.. -lcrypto -lcrypt
 LIBSSL= -L.. -lssl

 BNTEST=                bntest

>Release-Note:
>Audit-Trail:
>Unformatted: