Slackware 14.1slackware-14.1

Mon Nov 4 17:08:47 UTC 2013 Slackware 14.1 x86_64 stable is released! It's been another interesting release cycle here at Slackware bringing new features like support for UEFI machines, updated compilers and development tools, the switch from MySQL to MariaDB, and many more improvements throughout the system. Thanks to the team, the upstream developers, the dedicated Slackware community, and everyone else who pitched in to help make this release a reality. The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware project by picking up a copy from store.slackware.com. We're taking pre-orders now, and offer a discount if you sign up for a subscription. Have fun! :-)
author: Patrick J Volkerding <volkerdi@slackware.com> 2013-11-04 17:08:47 +0000
committer: Eric Hameleers <alien@slackware.com> 2018-05-31 22:57:36 +0200
commit: 76fc4757ac91ac7947a01fb7b53dddf9a78a01d1 (patch)
tree: 9b98e6e193c7870cb27ac861394c1c4592850922 /source/a/shadow/shadow.glibc217-crypt.diff
parent: 9664bee729d487bcc0a0bc35859f8e13d5421c75 (diff)
download: current-76fc4757ac91ac7947a01fb7b53dddf9a78a01d1.tar.gz
current-76fc4757ac91ac7947a01fb7b53dddf9a78a01d1.tar.xz
1 files changed, 258 insertions, 0 deletions
diff --git a/source/a/shadow/shadow.glibc217-crypt.diff b/source/a/shadow/shadow.glibc217-crypt.diff
new file mode 100644
index 000000000..e26ca10bb
--- /dev/null
+++ b/source/a/shadow/shadow.glibc217-crypt.diff
@@ -0,0 +1,258 @@
+From a616a72160c17fa193ad6ad95eb2c869633f4fe9 Mon Sep 17 00:00:00 2001
+From: mancha <mancha1@hush.com>
+Date: Fri, 4 Oct 2013 11:25:43
+Subject: [PATCH] Improve handling of NULL returns from crypt().
+
+Signed-off-by: mancha <mancha1@hush.com>
+---
+ ChangeLog       |   15 +++++++++++++++
+ lib/encrypt.c   |    7 +++----
+ lib/pwauth.c    |    7 ++++++-
+ libmisc/valid.c |    1 +
+ src/chgpasswd.c |    4 ++++
+ src/chpasswd.c  |    4 ++++
+ src/gpasswd.c   |    4 ++++
+ src/newgrp.c    |    3 ++-
+ src/newusers.c  |   26 +++++++++++++++++++++-----
+ src/passwd.c    |   15 +++++++++++++++
+ 10 files changed, 75 insertions(+), 11 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index aab00ae..1416a38 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,18 @@
++2013-05-06  mancha            <mancha1@hush.com>
++
++        * lib/encrypt.c: crypt() in glibc/eglibc 2.17 now fails if passed
++          a salt that violates specs. On Linux, crypt() also fails with
++          DES/MD5 salts in FIPS140 mode. Rather than exit() on NULL returns
++          we send them back to the caller for appropriate handling.
++        * lib/pwauth.c: Handle NULL return from crypt().
++        * libmisc/valid.c: Likewise.
++        * src/chgpasswd.c: Likewise.
++        * src/chpasswd.c: Likewise.
++        * src/gpasswd.c: Likewise.
++        * src/newgrp.c: Likewise.
++        * src/newusers.c: Likewise.
++        * src/passwd.c: Likewise.
++
+ 2012-05-25  Nicolas François  <nicolas.francois@centraliens.net>
+ 
+ 	* NEWS: Set release date.
+diff --git a/lib/encrypt.c b/lib/encrypt.c
+index 7daa8da..49cb691 100644
+--- a/lib/encrypt.c
++++ b/lib/encrypt.c
+@@ -49,11 +49,10 @@
+ 	if (!cp) {
+ 		/*
+ 		 * Single Unix Spec: crypt() may return a null pointer,
+-		 * and set errno to indicate an error.  The caller doesn't
+-		 * expect us to return NULL, so...
++		 * and set errno to indicate an error. In this case return
++		 * the NULL so the caller can handle appropriately.
+ 		 */
+-		perror ("crypt");
+-		exit (EXIT_FAILURE);
++		return cp;
+ 	}
+ 
+ 	/* The GNU crypt does not return NULL if the algorithm is not
+diff --git a/lib/pwauth.c b/lib/pwauth.c
+index 4b26daa..086a72e 100644
+--- a/lib/pwauth.c
++++ b/lib/pwauth.c
+@@ -73,6 +73,7 @@ int pw_auth (const char *cipher,
+ 	char prompt[1024];
+ 	char *clear = NULL;
+ 	const char *cp;
++	const char *encrypted;
+ 	int retval;
+ 
+ #ifdef	SKEY
+@@ -177,7 +178,11 @@ int pw_auth (const char *cipher,
+ 	 * the results there as well.
+ 	 */
+ 
+-	retval = strcmp (pw_encrypt (input, cipher), cipher);
++	encrypted = pw_encrypt (input, cipher);
++	if (encrypted!=NULL)
++		retval = strcmp (encrypted, cipher);
++	else
++		retval = -1;
+ 
+ #ifdef  SKEY
+ 	/*
+diff --git a/libmisc/valid.c b/libmisc/valid.c
+index aa0390a..4b85d67 100644
+--- a/libmisc/valid.c
++++ b/libmisc/valid.c
+@@ -95,6 +95,7 @@ bool valid (const char *password, const struct passwd *ent)
+ 	 */
+ 
+ 	if (   (NULL != ent->pw_name)
++	    && (NULL != encrypted)
+ 	    && (strcmp (encrypted, ent->pw_passwd) == 0)) {
+ 		return true;
+ 	} else {
+diff --git a/src/chgpasswd.c b/src/chgpasswd.c
+index 0f41d0b..6c42a09 100644
+--- a/src/chgpasswd.c
++++ b/src/chgpasswd.c
+@@ -469,6 +469,10 @@ int main (int argc, char **argv)
+ #endif
+ 			cp = pw_encrypt (newpwd,
+ 			                 crypt_make_salt (crypt_method, arg));
++			if (cp == NULL) {
++				perror ("crypt");
++				exit (EXIT_FAILURE);
++			}	
+ 		}
+ 
+ 		/*
+diff --git a/src/chpasswd.c b/src/chpasswd.c
+index 928e2d7..4968b0d 100644
+--- a/src/chpasswd.c
++++ b/src/chpasswd.c
+@@ -492,6 +492,10 @@ int main (int argc, char **argv)
+ #endif
+ 			cp = pw_encrypt (newpwd,
+ 			                 crypt_make_salt(crypt_method, arg));
++			if (cp == NULL) {
++				perror ("crypt");
++				exit (EXIT_FAILURE);
++			}
+ 		}
+ 
+ 		/*
+diff --git a/src/gpasswd.c b/src/gpasswd.c
+index df8d714..0043610 100644
+--- a/src/gpasswd.c
++++ b/src/gpasswd.c
+@@ -939,6 +939,10 @@ static void change_passwd (struct group *gr)
+ 	}
+ 
+ 	cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL));
++	if (cp==NULL) {
++		perror ("crypt");
++		exit (EXIT_FAILURE);
++	}
+ 	memzero (pass, sizeof pass);
+ #ifdef SHADOWGRP
+ 	if (is_shadowgrp) {
+diff --git a/src/newgrp.c b/src/newgrp.c
+index 9330c72..6b87761 100644
+--- a/src/newgrp.c
++++ b/src/newgrp.c
+@@ -184,7 +184,8 @@ static void check_perms (const struct group *grp,
+ 		cpasswd = pw_encrypt (cp, grp->gr_passwd);
+ 		strzero (cp);
+ 
+-		if (grp->gr_passwd[0] == '\0' ||
++		if (cpasswd == NULL ||
++		    grp->gr_passwd[0] == '\0' ||
+ 		    strcmp (cpasswd, grp->gr_passwd) != 0) {
+ #ifdef WITH_AUDIT
+ 			snprintf (audit_buf, sizeof(audit_buf),
+diff --git a/src/newusers.c b/src/newusers.c
+index 994898e..5f83a6a 100644
+--- a/src/newusers.c
++++ b/src/newusers.c
+@@ -387,6 +387,7 @@ static int add_user (const char *name, uid_t uid, gid_t gid)
+ static void update_passwd (struct passwd *pwd, const char *password)
+ {
+ 	void *crypt_arg = NULL;
++	char *cp;
+ 	if (crypt_method != NULL) {
+ #ifdef USE_SHA_CRYPT
+ 		if (sflg) {
+@@ -398,9 +399,13 @@ static void update_passwd (struct passwd *pwd, const char *password)
+ 	if ((crypt_method != NULL) && (0 == strcmp(crypt_method, "NONE"))) {
+ 		pwd->pw_passwd = (char *)password;
+ 	} else {
+-		pwd->pw_passwd = pw_encrypt (password,
+-		                             crypt_make_salt (crypt_method,
+-		                                              crypt_arg));
++		cp=pw_encrypt (password, crypt_make_salt (crypt_method, 
++		                                          crypt_arg));
++		if (cp == NULL) {
++			perror ("crypt");
++			exit (EXIT_FAILURE);
++		}
++		pwd->pw_passwd = cp;
+ 	}
+ }
+ #endif				/* !USE_PAM */
+@@ -412,6 +417,7 @@ static int add_passwd (struct passwd *pwd, const char *password)
+ {
+ 	const struct spwd *sp;
+ 	struct spwd spent;
++	char *cp;
+ 
+ #ifndef USE_PAM
+ 	void *crypt_arg = NULL;
+@@ -448,7 +454,12 @@ static int add_passwd (struct passwd *pwd, const char *password)
+ 		} else {
+ 			const char *salt = crypt_make_salt (crypt_method,
+ 			                                    crypt_arg);
+-			spent.sp_pwdp = pw_encrypt (password, salt);
++			cp = pw_encrypt (password, salt);
++			if (cp == NULL) {
++				perror ("crypt");
++				exit (EXIT_FAILURE);
++			}
++			spent.sp_pwdp = cp;
+ 		}
+ 		spent.sp_lstchg = (long) time ((time_t *) 0) / SCALE;
+ 		if (0 == spent.sp_lstchg) {
+@@ -492,7 +503,12 @@ static int add_passwd (struct passwd *pwd, const char *password)
+ 		spent.sp_pwdp = (char *)password;
+ 	} else {
+ 		const char *salt = crypt_make_salt (crypt_method, crypt_arg);
+-		spent.sp_pwdp = pw_encrypt (password, salt);
++		cp = pw_encrypt (password, salt);
++		if (cp == NULL) {
++			perror ("crypt");
++			exit (EXIT_FAILURE);
++		}
++		spent.sp_pwdp = cp;
+ 	}
+ #else
+ 	/*
+diff --git a/src/passwd.c b/src/passwd.c
+index ac90aa3..ae26666 100644
+--- a/src/passwd.c
++++ b/src/passwd.c
+@@ -242,6 +242,17 @@ static int new_password (const struct pa
+ 		}
+ 
+ 		cipher = pw_encrypt (clear, crypt_passwd);
++		if (cipher == NULL) {
++			strzero (clear);
++			(void) fprintf (stderr,
++			                _("Failed to crypt password for %s.\n"),
++			                pw->pw_name);
++			SYSLOG ((LOG_INFO,
++			 	 "failed to crypt password for %s",
++			 	 pw->pw_name));
++			return -1;
++		}
++		
+ 		if (strcmp (cipher, crypt_passwd) != 0) {
+ 			strzero (clear);
+ 			strzero (cipher);
+@@ -349,6 +360,10 @@ static int new_password (const struct pa
+ 	 * Encrypt the password, then wipe the cleartext password.
+ 	 */
+ 	cp = pw_encrypt (pass, crypt_make_salt (NULL, NULL));
++	if (cp == NULL) {
++		perror ("crypt");
++		exit (EXIT_FAILURE);
++	}
+ 	memzero (pass, sizeof pass);
+ 
+ #ifdef HAVE_LIBCRACK_HIST
+-- 
+1.7.11.4
+
author	Patrick J Volkerding <volkerdi@slackware.com>	2013-11-04 17:08:47 +0000
committer	Eric Hameleers <alien@slackware.com>	2018-05-31 22:57:36 +0200
commit	76fc4757ac91ac7947a01fb7b53dddf9a78a01d1 (patch)
tree	9b98e6e193c7870cb27ac861394c1c4592850922 /source/a/shadow/shadow.glibc217-crypt.diff
parent	9664bee729d487bcc0a0bc35859f8e13d5421c75 (diff)
download	current-76fc4757ac91ac7947a01fb7b53dddf9a78a01d1.tar.gz current-76fc4757ac91ac7947a01fb7b53dddf9a78a01d1.tar.xz