Slackware 14.1slackware-14.1

Mon Nov 4 17:08:47 UTC 2013 Slackware 14.1 x86_64 stable is released! It's been another interesting release cycle here at Slackware bringing new features like support for UEFI machines, updated compilers and development tools, the switch from MySQL to MariaDB, and many more improvements throughout the system. Thanks to the team, the upstream developers, the dedicated Slackware community, and everyone else who pitched in to help make this release a reality. The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided 32-bit/64-bit x86/x86_64 DVD. Please consider supporting the Slackware project by picking up a copy from store.slackware.com. We're taking pre-orders now, and offer a discount if you sign up for a subscription. Have fun! :-)
author: Patrick J Volkerding <volkerdi@slackware.com> 2013-11-04 17:08:47 +0000
committer: Eric Hameleers <alien@slackware.com> 2018-05-31 22:57:36 +0200
commit: 76fc4757ac91ac7947a01fb7b53dddf9a78a01d1 (patch)
tree: 9b98e6e193c7870cb27ac861394c1c4592850922 /source/n/cyrus-sasl
parent: 9664bee729d487bcc0a0bc35859f8e13d5421c75 (diff)
download: current-76fc4757ac91ac7947a01fb7b53dddf9a78a01d1.tar.gz
current-76fc4757ac91ac7947a01fb7b53dddf9a78a01d1.tar.xz
3 files changed, 111 insertions, 3 deletions
diff --git a/source/n/cyrus-sasl/cyrus-sasl-2.1.23-glibc217-crypt.diff b/source/n/cyrus-sasl/cyrus-sasl-2.1.23-glibc217-crypt.diff
new file mode 100644
index 000000000..2cbb48605
--- /dev/null
+++ b/source/n/cyrus-sasl/cyrus-sasl-2.1.23-glibc217-crypt.diff
@@ -0,0 +1,105 @@
+From 0626e86d2e1d0be63a56918371a15d98cfad19d1 Mon Sep 17 00:00:00 2001
+From: mancha <mancha1@hush.com>
+Date: Tue, 9 Jul 2013
+Subject: Handle NULL returns from glibc 2.17+ crypt().
+
+Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
+(w/ NULL return) if the salt violates specifications. Additionally,
+on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
+passed to crypt() fail with EPERM (w/ NULL return).
+
+When using glibc's crypt(), check return value to avoid a possible
+NULL pointer dereference.
+---
+ pwcheck/pwcheck_getpwnam.c | 3 ++-
+ pwcheck/pwcheck_getspnam.c | 3 ++-
+ saslauthd/auth_getpwent.c  | 3 ++-
+ saslauthd/auth_shadow.c    | 7 ++-----
+ 4 files changed, 8 insertions(+), 8 deletions(-)
+
+--- a/pwcheck/pwcheck_getpwnam.c
++++ b/pwcheck/pwcheck_getpwnam.c
+@@ -32,6 +32,7 @@ extern char *crypt();
+ char *password;
+ {
+     char* r;
++    char* crpt_passwd;
+     struct passwd *pwd;
+
+     pwd = getpwnam(userid);
+@@ -41,7 +42,7 @@ char *password;
+     else if (pwd->pw_passwd[0] == '*') {
+ 	r = "Account disabled";
+     }
+-    else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
++    else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
+ 	r = "Incorrect password";
+     }
+     else {
+--- a/pwcheck/pwcheck_getspnam.c
++++ b/pwcheck/pwcheck_getspnam.c
+@@ -30,6 +30,7 @@ extern char *crypt();
+ char *pwcheck(userid, password)
+ char *userid;
+ char *password;
++char *crpt_passwd;
+ {
+     struct spwd *pwd;
+ 
+@@ -38,7 +39,7 @@ char *password;
+ 	return "Userid not found";
+     }
+     
+-    if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
++    if (!(crpt_passwd = crypt(password, pwd->sp_pwdp)) || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
+ 	return "Incorrect password";
+     }
+     else {
+--- a/saslauthd/auth_getpwent.c
++++ b/saslauthd/auth_getpwent.c
+@@ -70,6 +70,7 @@ auth_getpwent (
+ {
+     /* VARIABLES */
+     struct passwd *pw;			/* pointer to passwd file entry */
++    char *crpt_passwd;			/* encrypted password */
+     /* END VARIABLES */
+   
+     pw = getpwnam(login);
+@@ -79,7 +80,7 @@ auth_getpwent (
+ 	RETURN("NO");
+     }
+ 
+-    if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
++    if (!(crpt_passwd = crypt(password, pw->pw_passwd)) || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
+ 	RETURN("NO");
+     }
+ 
+--- a/saslauthd/auth_shadow.c
++++ b/saslauthd/auth_shadow.c
+@@ -180,16 +180,13 @@ auth_shadow (
+      * not returning any information about a login until we have validated
+      * the password.
+      */
+-    cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
+-    if (strcmp(sp->sp_pwdp, cpw)) {
++    if (!(cpw = crypt(password, sp->sp_pwdp)) || strcmp(sp->sp_pwdp, (const char *)cpw)) {
+ 	if (flags & VERBOSE) {
+ 	    syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
+ 		   sp->sp_pwdp, cpw);
+ 	}
+-	free(cpw);
+ 	RETURN("NO");
+     }
+-    free(cpw);
+ 
+     /*
+      * The following fields will be set to -1 if:
+@@ -251,7 +250,7 @@ auth_shadow (
+ 	RETURN("NO");
+     }
+   
+-    if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
++    if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
+ 	if (flags & VERBOSE) {
+ 	    syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
+ 		   password, upw->upw_passwd);
diff --git a/source/n/cyrus-sasl/cyrus-sasl.SlackBuild b/source/n/cyrus-sasl/cyrus-sasl.SlackBuild
index eea8e1905..c47821d55 100755
--- a/source/n/cyrus-sasl/cyrus-sasl.SlackBuild
+++ b/source/n/cyrus-sasl/cyrus-sasl.SlackBuild
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright 2008, 2009, 2010  Patrick J. Volkerding, Sebeka, Minnesota, USA
+# Copyright 2008, 2009, 2010, 2013  Patrick J. Volkerding, Sebeka, Minnesota, USA
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@@ -22,7 +22,7 @@
 
 PKGNAM=cyrus-sasl
 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-4}
+BUILD=${BUILD:-5}
 
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
@@ -62,6 +62,9 @@ cd cyrus-sasl-$VERSION || exit 1
 # Fix compiling:
 zcat $CWD/cyrus-sasl.bad_elif.diff.gz | patch -p1 --verbose || exit 1
 
+# Fix for glibc-2.17 crypt() NULL return:
+zcat $CWD/cyrus-sasl-2.1.23-glibc217-crypt.diff.gz | patch -p1 --verbose || exit 1
+
 chown -R root:root .
 find . -perm 777 -exec chmod 755 {} \;
 find . -perm 664 -exec chmod 644 {} \;
diff --git a/source/n/cyrus-sasl/rc.saslauthd b/source/n/cyrus-sasl/rc.saslauthd
index 8b69a710c..8a01ac65e 100644
--- a/source/n/cyrus-sasl/rc.saslauthd
+++ b/source/n/cyrus-sasl/rc.saslauthd
@@ -3,7 +3,7 @@
 #
 # saslauthd is a daemon process that handles plaintext authentication
 # requests on behalf of the SASL library.  The CMU Cyrus SASL library
-# is a general purpose authentication library for sever and client
+# is a general purpose authentication library for server and client
 # applications.  It is mostly used to authenticate to mail servers.
 #
 # saslauthd should be started from the system boot scripts when going
author	Patrick J Volkerding <volkerdi@slackware.com>	2013-11-04 17:08:47 +0000
committer	Eric Hameleers <alien@slackware.com>	2018-05-31 22:57:36 +0200
commit	76fc4757ac91ac7947a01fb7b53dddf9a78a01d1 (patch)
tree	9b98e6e193c7870cb27ac861394c1c4592850922 /source/n/cyrus-sasl
parent	9664bee729d487bcc0a0bc35859f8e13d5421c75 (diff)
download	current-76fc4757ac91ac7947a01fb7b53dddf9a78a01d1.tar.gz current-76fc4757ac91ac7947a01fb7b53dddf9a78a01d1.tar.xz