From 76fc4757ac91ac7947a01fb7b53dddf9a78a01d1 Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Mon, 4 Nov 2013 17:08:47 +0000
Subject: Slackware 14.1

Mon Nov  4 17:08:47 UTC 2013
Slackware 14.1 x86_64 stable is released!

It's been another interesting release cycle here at Slackware bringing
new features like support for UEFI machines, updated compilers and
development tools, the switch from MySQL to MariaDB, and many more
improvements throughout the system.  Thanks to the team, the upstream
developers, the dedicated Slackware community, and everyone else who
pitched in to help make this release a reality.

The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a
dual-sided
32-bit/64-bit x86/x86_64 DVD.  Please consider supporting the Slackware
project by picking up a copy from store.slackware.com.  We're taking
pre-orders now, and offer a discount if you sign up for a subscription.

Have fun!  :-)
---
 source/n/yptools/yp-tools-2.12.tar.bz2.sign        |  8 --
 source/n/yptools/yp-tools-2.14-glibc217-crypt.diff | 86 ++++++++++++++++++++++
 source/n/yptools/ypbind-mt-1.32.tar.sign           |  8 --
 source/n/yptools/ypserv-2.24.tar.sign              |  8 --
 source/n/yptools/yptools.SlackBuild                | 11 +--
 5 files changed, 92 insertions(+), 29 deletions(-)
 delete mode 100644 source/n/yptools/yp-tools-2.12.tar.bz2.sign
 create mode 100644 source/n/yptools/yp-tools-2.14-glibc217-crypt.diff
 delete mode 100644 source/n/yptools/ypbind-mt-1.32.tar.sign
 delete mode 100644 source/n/yptools/ypserv-2.24.tar.sign

(limited to 'source/n/yptools')

diff --git a/source/n/yptools/yp-tools-2.12.tar.bz2.sign b/source/n/yptools/yp-tools-2.12.tar.bz2.sign
deleted file mode 100644
index a06fde67a..000000000
--- a/source/n/yptools/yp-tools-2.12.tar.bz2.sign
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.9 (GNU/Linux)
-Comment: See http://www.kernel.org/signature.html for info
-
-iD8DBQBLzsykyGugalF9Dw4RAtmgAJ4sG0TJzmNkAz7Z+JJFfOjvGlbTGACgir1a
-+uaNv6XQNH7Vu+Saqy/OsL8=
-=EcSX
------END PGP SIGNATURE-----
diff --git a/source/n/yptools/yp-tools-2.14-glibc217-crypt.diff b/source/n/yptools/yp-tools-2.14-glibc217-crypt.diff
new file mode 100644
index 000000000..cce3ad44a
--- /dev/null
+++ b/source/n/yptools/yp-tools-2.14-glibc217-crypt.diff
@@ -0,0 +1,86 @@
+Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
+(w/ NULL return) if the salt violates specifications. Additionally,
+on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
+passed to crypt() fail with EPERM (w/ NULL return).
+
+If using glibc's crypt(), check return value to avoid a possible
+NULL pointer dereference.
+
+Author: mancha
+
+====
+
+--- yp-tools-2.14/src/yppasswd.c.orig	2010-04-21
++++ yp-tools-2.14/src/yppasswd.c	2013-05-22
+@@ -423,6 +423,7 @@ static int /* return values: 0 = not ok,
+ verifypassword (struct passwd *pwd, char *pwdstr, uid_t uid)
+ {
+   char *p, *q;
++  char *crypted_pass;
+   int ucase, lcase, other, r;
+   int passwdlen;
+ 
+@@ -448,12 +449,19 @@ verifypassword (struct passwd *pwd, char
+     }
+ 
+   passwdlen = get_passwd_len (pwd->pw_passwd);
+-  if (pwd->pw_passwd[0]
+-      && !strncmp (pwd->pw_passwd, crypt (pwdstr, pwd->pw_passwd), passwdlen)
+-      && uid)
++  if (pwd->pw_passwd[0] && uid)
+     {
+-      fputs (_("You cannot reuse the old password.\n"), stderr);
+-      return 0;
++      crypted_pass = crypt (pwdstr, pwd->pw_passwd);
++      if (crypted_pass == NULL)
++        {
++          fputs (_("crypt() call failed.\n"), stderr);
++          return 0;
++        }
++      if (!strncmp (pwd->pw_passwd, crypted_pass, passwdlen))
++        {
++          fputs (_("You cannot reuse the old password.\n"), stderr);
++          return 0;
++        }
+     }
+ 
+   r = 0;
+@@ -517,6 +525,7 @@ int
+ main (int argc, char **argv)
+ {
+   char *s, *progname, *domainname = NULL, *user = NULL, *master = NULL;
++  char *crypted_pass;
+   int f_flag = 0, l_flag = 0, p_flag = 0, error, status;
+   int hash_id = DES;
+   char rounds[11] = "\0"; /* max length is '999999999$' */
+@@ -738,7 +747,13 @@ main (int argc, char **argv)
+ 	  char *sane_passwd = alloca (passwdlen + 1);
+ 	  strncpy (sane_passwd, pwd->pw_passwd, passwdlen);
+ 	  sane_passwd[passwdlen] = 0;
+-	  if (strcmp (crypt (s, sane_passwd), sane_passwd))
++	  crypted_pass = crypt (s, sane_passwd);
++	  if (crypted_pass == NULL)
++	    {
++	      fprintf (stderr, _("crypt() call failed.\n"));
++	      return 1;
++	    }
++	  if (strcmp (crypted_pass, sane_passwd))
+ 	    {
+ 	      fprintf (stderr, _("Sorry.\n"));
+ 	      return 1;
+@@ -833,7 +848,14 @@ main (int argc, char **argv)
+ 	  break;
+ 	}
+ 
+-      yppwd.newpw.pw_passwd = strdup (crypt (buf, salt));
++      crypted_pass = crypt (buf, salt);
++      if (crypted_pass == NULL);
++        {
++	  printf (_("crypt() call failed - password unchanged.\n"));
++	  return 1;
++        }
++
++      yppwd.newpw.pw_passwd = strdup (crypted_pass);
+     }
+ 
+   if (f_flag)
diff --git a/source/n/yptools/ypbind-mt-1.32.tar.sign b/source/n/yptools/ypbind-mt-1.32.tar.sign
deleted file mode 100644
index 4db7167ee..000000000
--- a/source/n/yptools/ypbind-mt-1.32.tar.sign
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.9 (GNU/Linux)
-Comment: See http://www.kernel.org/signature.html for info
-
-iD8DBQBMNHqQyGugalF9Dw4RAiHyAKCMjVXlCljwufPauK/O88jDzHZzsQCePyhN
-lqHDK8Fw5zaXPE4744ydtXY=
-=JpZO
------END PGP SIGNATURE-----
diff --git a/source/n/yptools/ypserv-2.24.tar.sign b/source/n/yptools/ypserv-2.24.tar.sign
deleted file mode 100644
index 061f09789..000000000
--- a/source/n/yptools/ypserv-2.24.tar.sign
+++ /dev/null
@@ -1,8 +0,0 @@
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.9 (GNU/Linux)
-Comment: See http://www.kernel.org/signature.html for info
-
-iD8DBQBMnHqzyGugalF9Dw4RAtUtAJ4gowJGR0cUlcNEhtLR1EOs6BDvcgCfRu0r
-yTGYZzi5YnUQctBC1d9qgs0=
-=r3GH
------END PGP SIGNATURE-----
diff --git a/source/n/yptools/yptools.SlackBuild b/source/n/yptools/yptools.SlackBuild
index 42d96a30b..7baeeb619 100755
--- a/source/n/yptools/yptools.SlackBuild
+++ b/source/n/yptools/yptools.SlackBuild
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright 2008, 2009, 2010, 2011, 2012  Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2008, 2009, 2010, 2011, 2012, 2013  Patrick J. Volkerding, Sebeka, MN, USA
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@@ -22,13 +22,13 @@
 
 
 # Package version number:
-VERSION=2.12
-BUILD=${BUILD:-3}
+VERSION=2.14
+BUILD=${BUILD:-2}
 
 YPTOOLS=$VERSION
-YPBINDMT=1.32
+YPBINDMT=1.37.1
 #YPMAKE=0.11
-YPSERV=2.24
+YPSERV=2.31
 
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
@@ -70,6 +70,7 @@ zcat $CWD/nsswitch.conf-nis.gz > $PKG/etc/nsswitch.conf-nis.new
 rm -rf yp-tools-$YPTOOLS
 tar xvf $CWD/yp-tools-$YPTOOLS.tar.bz2 || exit 1
 cd yp-tools-$YPTOOLS || exit 1
+zcat $CWD/yp-tools-2.14-glibc217-crypt.diff.gz | patch -p1 --verbose || exit 1
 ./configure \
   --prefix=/usr \
   --libdir=/usr/lib${LIBDIRSUFFIX} \
-- 
cgit v1.2.3