Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 4 Jul 2006 15:06:12 -0600
From: Vincent Danen <>
Subject: Re: tcb and friends with shadow-utils 4.0.12

* Solar Designer <> [2006-07-04 10:30:36 +0400]:

> > > >
> > > 
> > > This confirms my guess.  This patch has:
> > > 
> > > -#define BF_ASM				1
> > > +#define BF_ASM				0
> > > 
> > > This disables the assembly implementation, thus avoiding the problem
> > > with BF_FRAME being too small.
> On Tue, Jul 04, 2006 at 12:18:00AM -0600, Vincent Danen wrote:
> > I noticed that part, but didn't think too much of it because I didn't
> > know what that was.  I'm assuming then that, despite putting x86 into
> > the libcrypt-routines part of the Makefile, it wasn't actually being
> > used, correct?
> Exactly.

Ok, that makes sense.

> > Ok, I see BF_FRAME is set to 0x200, but I have no idea what would be
> > sufficient to increase it too.  Care to give me something I can replace
> > that with and recompile?
> As I wrote to you in a private e-mail -
> I suggest that you first try to set BF_FRAME really high - say, to 0x4000 - 
> to confirm that this does indeed resolve the problem.  Then decrease it
> to a value that is 0x100 to 0x200 bytes higher than the required minimum
> (such that it doesn't fail on another build with a similar version of gcc).

I'll be trying that tonight... unfortunately, weekend is over and there
are other things to patch.

> > It would probably be faster than me
> > recompiling glibc a few times to find something suitable.
> Also from that private e-mail -
> You don't need to recompile your glibc just to test this initially.  You
> can use "make check" within the crypt_blowfish directory.

Yeah, I didn't know that.  But as I responded to that private email,
make check works, even with nothing changed.  So I'm at a bit of a loss,
but will fiddle around with it tonight.

> > I think one long weekend invested turned out not too bad.  =)
> Yes.  If I knew it'd take you an entire weekend, I'd offer to debug the
> problem on your system.

No worries... if I had gotten you to do it, how would I learn?  Half the
reason I decided to venture out into my own distro has to learn more
(and that, at least, has succeeded quite well).  I can't *always* have
people doing things for me... =)

Might take a bit longer, but the hints work well enough for me.

{FEE30AD4 : 7F6C A60C 06C2 4811 FA1C  A2BC 2EBC 5E32 FEE3 0AD4}
mysql> SELECT * FROM users WHERE clue > 0;
Empty set (0.00sec)
:: Annvix - Secure Linux Server: ::

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.