glibc 2.17 changed the behaviour of the crypt() libc function in that it now returns NULL when the input (especially the salt) is broken. hylafax(plus) does not handle NULL returns from crypt() in the server daemon, and as such will simply segfault when trying to pass the NULL return to strcmp() in the corresponding server routines. The attached patch fixes the corresponding usage in the server component of hylafaxplus, replacing all crypt() calls in the server code with corresponding calls to a Sys::crypt() wrapper which returns the empty string in case crypt() returns NULL. As the user setup in hfaxd will always set up something other than the empty string in passWd - which the crypt output is checked against - in case the authentication is delegated to PAM or to the users file, or isn't found in either, this is okay (and will fail the strcmp() tests). Please recheck the corresponding fix and include it in the distribution for hylafaxplus.
Created attachment 363194 [details, diff] Patch to fix crypt() calls by wrapping in error checking method. This adds a new static Sys.h include which contains the appropriate wrapper to return an invalid string in case crypt() returns NULL.
Thanks for reporting this and also for looking into what is required for a fix, we probably need to bump the ebuilds in the tree to the newest upstream first before considering the patch, but if this is blocking stabilizing a newer glibc..it's certainly a priority.
(In reply to Matthew Marlowe from comment #2) > Thanks for reporting this and also for looking into what is required for a > fix, we probably need to bump the ebuilds in the tree to the newest upstream > first before considering the patch, but if this is blocking stabilizing a > newer glibc..it's certainly a priority. Huh? The latest version (5.5.4) was released upstream on Aug 6 2013 and was added to portage Sept 27. Your comment is from November 15th...? Anyway, the newest version is now in portage, and this is the last bug (minus glibc-2.16.0 stabilization) blocking glibc-2.17.
Patch in CVS for testing (5.5.4-r1)
Fix hit stable tree, closing