diff options
Diffstat (limited to 'deps/cracklib')
-rw-r--r-- | deps/cracklib/.url | 1 | ||||
-rwxr-xr-x | deps/cracklib/cracklib.SlackBuild | 142 | ||||
-rw-r--r-- | deps/cracklib/patches/cracklib-2.9.6-cve-2016-6318.patch | 108 | ||||
-rw-r--r-- | deps/cracklib/slack-desc | 20 |
4 files changed, 0 insertions, 271 deletions
diff --git a/deps/cracklib/.url b/deps/cracklib/.url deleted file mode 100644 index ef871d8..0000000 --- a/deps/cracklib/.url +++ /dev/null @@ -1 +0,0 @@ -https://github.com/cracklib/cracklib/releases/download/cracklib-2.9.6/cracklib-2.9.6.tar.gz diff --git a/deps/cracklib/cracklib.SlackBuild b/deps/cracklib/cracklib.SlackBuild deleted file mode 100755 index 20fcd55..0000000 --- a/deps/cracklib/cracklib.SlackBuild +++ /dev/null @@ -1,142 +0,0 @@ -#!/bin/sh - -# Copyright 2017 Eric Hameleers, Eindhoven, NL -# Copyright 2017 Patrick J. Volkerding, Sebeka, MN, USA -# All rights reserved. -# -# Permission to use, copy, modify, and distribute this software for -# any purpose with or without fee is hereby granted, provided that -# the above copyright notice and this permission notice appear in all -# copies. -# -# THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED -# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -# IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR -# CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF -# USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND -# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, -# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT -# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -# SUCH DAMAGE. -# ----------------------------------------------------------------------------- - - -PKGNAM=cracklib -VERSION=${VERSION:-2.9.6} -BUILD=${BUILD:-1} - -DICTPATH=/usr/share/cracklib/pw_dict - -CWD=$(pwd) -TMP=${TMP:-/tmp} -PKG=$TMP/package-$PKGNAM - -# Automatically determine the architecture we're building on: -if [ -z "$ARCH" ]; then - case "$(uname -m)" in - i?86) ARCH=i486 ;; - arm*) readelf /usr/bin/file -A | egrep -q "Tag_CPU.*[4,5]" && ARCH=arm || ARCH=armv7hl ;; - # Unless $ARCH is already set, use uname -m for all other archs: - *) ARCH=$(uname -m) ;; - esac - export ARCH -fi - -case "$ARCH" in - i486) SLKCFLAGS="-O2 -march=i486 -mtune=i686" - SLKLDFLAGS=""; LIBDIRSUFFIX="" - ;; - x86_64) SLKCFLAGS="-O2 -fPIC" - SLKLDFLAGS="-L/usr/lib64"; LIBDIRSUFFIX="64" - ;; - armv7hl) SLKCFLAGS="-O2 -march=armv7-a -mfpu=vfpv3-d16" - SLKLDFLAGS=""; LIBDIRSUFFIX="" - ;; - armv6hl) SLKCFLAGS="-O2 -march=armv6 -mfpu=vfp -mfloat-abi=hard" - SLKLDFLAGS=""; LIBDIRSUFFIX="" - ;; - *) SLKCFLAGS=${SLKCFLAGS:-"O2"} - SLKLDFLAGS=${SLKLDFLAGS:-""}; LIBDIRSUFFIX=${LIBDIRSUFFIX:-""} - ;; -esac - -case "$ARCH" in - arm*) TARGET=$ARCH-slackware-linux-gnueabi ;; - *) TARGET=$ARCH-slackware-linux ;; -esac - -rm -rf $PKG -mkdir -p $TMP $PKG -cd $TMP -rm -rf $PKGNAM-$VERSION -tar xvf $CWD/$PKGNAM-$VERSION.tar.gz || exit 1 -cd $PKGNAM-$VERSION || exit 1 - -# CVE-2016-6318 - avoid overflows in GECOS handling and mangling password: -cat $CWD/patches/cracklib-2.9.6-cve-2016-6318.patch \ - | patch -p2 --verbose || exit 1 - -chown -R root:root . -find -L . \ - \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 -o -perm 511 \) \ - -exec chmod 755 {} \; -o \ - \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ - -exec chmod 644 {} \; - -[ ! -x configure ] && ./autogen.sh - -LDFLAGS="$SLKLDFLAGS" \ -CXXFLAGS="$SLKCFLAGS" \ -CFLAGS="$SLKCFLAGS" \ -./configure \ - --prefix=/usr \ - --libdir=/usr/lib${LIBDIRSUFFIX} \ - --mandir=/usr/man \ - --docdir=/usr/doc/$PKGNAM-$VERSION \ - --localstatedir=/var \ - --sysconfdir=/etc \ - --program-prefix= \ - --program-suffix= \ - --disable-static \ - --without-python \ - --with-default-dict=${DICTPATH} \ - --build=$TARGET - -# Build and install: -make || exit 1 -make DESTDIR=$PKG install || exit 1 - -# Generate a dictionary from the included 'cracklib-small'; -# If you want, you can download a larger file from the project web site: -mkdir -p $PKG/usr/share/dict -ln -sf /usr/share/cracklib/cracklib-small $PKG/usr/share/dict/cracklib-small -sh util/cracklib-format dicts/cracklib-small \ - | ./util/cracklib-packer $PKG/${DICTPATH} - -# Add documentation: -mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION -cp -a \ - AUTHORS INSTALL NEWS README* \ - $PKG/usr/doc/$PKGNAM-$VERSION - -# Compress the man page(s): -if [ -d $PKG/usr/man ]; then - find $PKG/usr/man -type f -name "*.?" -exec gzip -9f {} \; - for i in $(find $PKG/usr/man -type l -name "*.?") ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done -fi - -# Strip binaries (if any): -find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \ - | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true - -# Add a package description: -mkdir -p $PKG/install -cat $CWD/slack-desc > $PKG/install/slack-desc - -# Build the package: -cd $PKG -/sbin/makepkg -l y -c n $TMP/${PKGNAM}-${VERSION}-${ARCH}-${BUILD}.txz - diff --git a/deps/cracklib/patches/cracklib-2.9.6-cve-2016-6318.patch b/deps/cracklib/patches/cracklib-2.9.6-cve-2016-6318.patch deleted file mode 100644 index bc47734..0000000 --- a/deps/cracklib/patches/cracklib-2.9.6-cve-2016-6318.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 47e5dec521ab6243c9b249dd65b93d232d90d6b1 Mon Sep 17 00:00:00 2001 -From: Jan Dittberner <jan@dittberner.info> -Date: Thu, 25 Aug 2016 17:13:49 +0200 -Subject: [PATCH] Apply patch to fix CVE-2016-6318 - -This patch fixes an issue with a stack-based buffer overflow whne -parsing large GECOS field. See -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 and -https://security-tracker.debian.org/tracker/CVE-2016-6318 for more -information. ---- - src/NEWS | 1 + - src/lib/fascist.c | 57 ++++++++++++++++++++++++++++++++----------------------- - 2 files changed, 34 insertions(+), 24 deletions(-) - -diff --git a/src/NEWS b/src/NEWS -index 26abeee..361a207 100644 ---- a/src/NEWS -+++ b/src/NEWS -@@ -1,3 +1,4 @@ -+v2.9.x apply patch to fix CVE-2016-6318 Stack-based buffer overflow when parsing large GECOS field - v2.9.6 updates to cracklib-words to add a bunch of other dictionary lists - migration to github - patch to add some particularly bad cases to the cracklib small dictionary (Matthew Miller) -diff --git a/src/lib/fascist.c b/src/lib/fascist.c -index a996509..d4deb15 100644 ---- a/src/lib/fascist.c -+++ b/src/lib/fascist.c -@@ -502,7 +502,7 @@ FascistGecosUser(char *password, const char *user, const char *gecos) - char gbuffer[STRINGSIZE]; - char tbuffer[STRINGSIZE]; - char *uwords[STRINGSIZE]; -- char longbuffer[STRINGSIZE * 2]; -+ char longbuffer[STRINGSIZE]; - - if (gecos == NULL) - gecos = ""; -@@ -583,38 +583,47 @@ FascistGecosUser(char *password, const char *user, const char *gecos) - { - for (i = 0; i < j; i++) - { -- strcpy(longbuffer, uwords[i]); -- strcat(longbuffer, uwords[j]); -- -- if (GTry(longbuffer, password)) -+ if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE) - { -- return _("it is derived from your password entry"); -- } -+ strcpy(longbuffer, uwords[i]); -+ strcat(longbuffer, uwords[j]); - -- strcpy(longbuffer, uwords[j]); -- strcat(longbuffer, uwords[i]); -+ if (GTry(longbuffer, password)) -+ { -+ return _("it is derived from your password entry"); -+ } - -- if (GTry(longbuffer, password)) -- { -- return _("it's derived from your password entry"); -- } -+ strcpy(longbuffer, uwords[j]); -+ strcat(longbuffer, uwords[i]); - -- longbuffer[0] = uwords[i][0]; -- longbuffer[1] = '\0'; -- strcat(longbuffer, uwords[j]); -+ if (GTry(longbuffer, password)) -+ { -+ return _("it's derived from your password entry"); -+ } -+ } - -- if (GTry(longbuffer, password)) -+ if (strlen(uwords[j]) < STRINGSIZE - 1) - { -- return _("it is derivable from your password entry"); -+ longbuffer[0] = uwords[i][0]; -+ longbuffer[1] = '\0'; -+ strcat(longbuffer, uwords[j]); -+ -+ if (GTry(longbuffer, password)) -+ { -+ return _("it is derivable from your password entry"); -+ } - } - -- longbuffer[0] = uwords[j][0]; -- longbuffer[1] = '\0'; -- strcat(longbuffer, uwords[i]); -- -- if (GTry(longbuffer, password)) -+ if (strlen(uwords[i]) < STRINGSIZE - 1) - { -- return _("it's derivable from your password entry"); -+ longbuffer[0] = uwords[j][0]; -+ longbuffer[1] = '\0'; -+ strcat(longbuffer, uwords[i]); -+ -+ if (GTry(longbuffer, password)) -+ { -+ return _("it's derivable from your password entry"); -+ } - } - } - } diff --git a/deps/cracklib/slack-desc b/deps/cracklib/slack-desc deleted file mode 100644 index 0f475fb..0000000 --- a/deps/cracklib/slack-desc +++ /dev/null @@ -1,20 +0,0 @@ -# HOW TO EDIT THIS FILE: -# The "handy ruler" below makes it easier to edit a package description. -# Line up the first '|' above the ':' following the base package name, and -# the '|' on the right side marks the last column you can put a character in. -# You must make exactly 11 lines for the formatting to be correct. It's also -# customary to leave one space after the ':' except on otherwise blank lines. - - |-----handy-ruler------------------------------------------------------| -cracklib: cracklib (password crack library) -cracklib: -cracklib: CrackLib is a library allowing a "passwd"-like program to filter out -cracklib: passwords that are considered easy to crack by brute-force. -cracklib: Cracklib uses dictionary lists of easy to guess passwords. -cracklib: -cracklib: -cracklib: -cracklib: -cracklib: See also: https://github.com/cracklib/cracklib -cracklib: - |