From 8ff4f2f51a6cf07fc33742ce3bee81328896e49b Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Fri, 25 May 2018 23:29:36 +0000
Subject: Fri May 25 23:29:36 UTC 2018

patches/packages/glibc-zoneinfo-2018e-noarch-2_slack14.1.txz:  Rebuilt.
  Handle removal of US/Pacific-New timezone. If we see that the machine is
  using this, it will be automatically switched to US/Pacific.
---
 .../yptools/yp-tools-2.14-glibc217-crypt.diff      | 86 ++++++++++++++++++++++
 1 file changed, 86 insertions(+)
 create mode 100644 patches/source/yptools/yp-tools-2.14-glibc217-crypt.diff

(limited to 'patches/source/yptools/yp-tools-2.14-glibc217-crypt.diff')

diff --git a/patches/source/yptools/yp-tools-2.14-glibc217-crypt.diff b/patches/source/yptools/yp-tools-2.14-glibc217-crypt.diff
new file mode 100644
index 000000000..148b06632
--- /dev/null
+++ b/patches/source/yptools/yp-tools-2.14-glibc217-crypt.diff
@@ -0,0 +1,86 @@
+Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
+(w/ NULL return) if the salt violates specifications. Additionally,
+on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
+passed to crypt() fail with EPERM (w/ NULL return).
+
+If using glibc's crypt(), check return value to avoid a possible
+NULL pointer dereference.
+
+Author: mancha
+
+====
+
+--- yp-tools-2.14/src/yppasswd.c.orig	2010-04-21
++++ yp-tools-2.14/src/yppasswd.c	2013-05-22
+@@ -423,6 +423,7 @@ static int /* return values: 0 = not ok,
+ verifypassword (struct passwd *pwd, char *pwdstr, uid_t uid)
+ {
+   char *p, *q;
++  char *crypted_pass;
+   int ucase, lcase, other, r;
+   int passwdlen;
+ 
+@@ -448,12 +449,19 @@ verifypassword (struct passwd *pwd, char
+     }
+ 
+   passwdlen = get_passwd_len (pwd->pw_passwd);
+-  if (pwd->pw_passwd[0]
+-      && !strncmp (pwd->pw_passwd, crypt (pwdstr, pwd->pw_passwd), passwdlen)
+-      && uid)
++  if (pwd->pw_passwd[0] && uid)
+     {
+-      fputs (_("You cannot reuse the old password.\n"), stderr);
+-      return 0;
++      crypted_pass = crypt (pwdstr, pwd->pw_passwd);
++      if (crypted_pass == NULL)
++        {
++          fputs (_("crypt() call failed.\n"), stderr);
++          return 0;
++        }
++      if (!strncmp (pwd->pw_passwd, crypted_pass, passwdlen))
++        {
++          fputs (_("You cannot reuse the old password.\n"), stderr);
++          return 0;
++        }
+     }
+ 
+   r = 0;
+@@ -517,6 +525,7 @@ int
+ main (int argc, char **argv)
+ {
+   char *s, *progname, *domainname = NULL, *user = NULL, *master = NULL;
++  char *crypted_pass;
+   int f_flag = 0, l_flag = 0, p_flag = 0, error, status;
+   int hash_id = DES;
+   char rounds[11] = "\0"; /* max length is '999999999$' */
+@@ -738,7 +747,13 @@ main (int argc, char **argv)
+ 	  char *sane_passwd = alloca (passwdlen + 1);
+ 	  strncpy (sane_passwd, pwd->pw_passwd, passwdlen);
+ 	  sane_passwd[passwdlen] = 0;
+-	  if (strcmp (crypt (s, sane_passwd), sane_passwd))
++	  crypted_pass = crypt (s, sane_passwd);
++	  if (crypted_pass == NULL)
++	    {
++	      fprintf (stderr, _("crypt() call failed.\n"));
++	      return 1;
++	    }
++	  if (strcmp (crypted_pass, sane_passwd))
+ 	    {
+ 	      fprintf (stderr, _("Sorry.\n"));
+ 	      return 1;
+@@ -833,7 +848,14 @@ main (int argc, char **argv)
+ 	  break;
+ 	}
+ 
+-      yppwd.newpw.pw_passwd = strdup (crypt (buf, salt));
++      crypted_pass = crypt (buf, salt);
++      if (crypted_pass == NULL)
++        {
++	  printf (_("crypt() call failed - password unchanged.\n"));
++	  return 1;
++        }
++
++      yppwd.newpw.pw_passwd = strdup (crypted_pass);
+     }
+ 
+   if (f_flag)
-- 
cgit v1.2.3