diff options
Diffstat (limited to 'meta/recipes-extended/cracklib')
5 files changed, 54 insertions, 208 deletions
diff --git a/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch b/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch deleted file mode 100644 index b251ac9056..0000000000 --- a/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 47e5dec521ab6243c9b249dd65b93d232d90d6b1 Mon Sep 17 00:00:00 2001 -From: Jan Dittberner <jan@dittberner.info> -Date: Thu, 25 Aug 2016 17:13:49 +0200 -Subject: [PATCH] Apply patch to fix CVE-2016-6318 - -This patch fixes an issue with a stack-based buffer overflow when -parsing large GECOS field. See -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 and -https://security-tracker.debian.org/tracker/CVE-2016-6318 for more -information. - -Upstream-Status: Backport [https://github.com/cracklib/cracklib/commit/47e5dec521ab6243c9b249dd65b93d232d90d6b1] -CVE: CVE-2016-6318 -Signed-off-by: Dengke Du <dengke.du@windriver.com> ---- - lib/fascist.c | 57 ++++++++++++++++++++++++++++++++----------------------- - 1 file changed, 33 insertions(+), 24 deletions(-) - -diff --git a/lib/fascist.c b/lib/fascist.c -index a996509..d4deb15 100644 ---- a/lib/fascist.c -+++ b/lib/fascist.c -@@ -502,7 +502,7 @@ FascistGecosUser(char *password, const char *user, const char *gecos) - char gbuffer[STRINGSIZE]; - char tbuffer[STRINGSIZE]; - char *uwords[STRINGSIZE]; -- char longbuffer[STRINGSIZE * 2]; -+ char longbuffer[STRINGSIZE]; - - if (gecos == NULL) - gecos = ""; -@@ -583,38 +583,47 @@ FascistGecosUser(char *password, const char *user, const char *gecos) - { - for (i = 0; i < j; i++) - { -- strcpy(longbuffer, uwords[i]); -- strcat(longbuffer, uwords[j]); -- -- if (GTry(longbuffer, password)) -+ if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE) - { -- return _("it is derived from your password entry"); -- } -+ strcpy(longbuffer, uwords[i]); -+ strcat(longbuffer, uwords[j]); - -- strcpy(longbuffer, uwords[j]); -- strcat(longbuffer, uwords[i]); -+ if (GTry(longbuffer, password)) -+ { -+ return _("it is derived from your password entry"); -+ } - -- if (GTry(longbuffer, password)) -- { -- return _("it's derived from your password entry"); -- } -+ strcpy(longbuffer, uwords[j]); -+ strcat(longbuffer, uwords[i]); - -- longbuffer[0] = uwords[i][0]; -- longbuffer[1] = '\0'; -- strcat(longbuffer, uwords[j]); -+ if (GTry(longbuffer, password)) -+ { -+ return _("it's derived from your password entry"); -+ } -+ } - -- if (GTry(longbuffer, password)) -+ if (strlen(uwords[j]) < STRINGSIZE - 1) - { -- return _("it is derivable from your password entry"); -+ longbuffer[0] = uwords[i][0]; -+ longbuffer[1] = '\0'; -+ strcat(longbuffer, uwords[j]); -+ -+ if (GTry(longbuffer, password)) -+ { -+ return _("it is derivable from your password entry"); -+ } - } - -- longbuffer[0] = uwords[j][0]; -- longbuffer[1] = '\0'; -- strcat(longbuffer, uwords[i]); -- -- if (GTry(longbuffer, password)) -+ if (strlen(uwords[i]) < STRINGSIZE - 1) - { -- return _("it's derivable from your password entry"); -+ longbuffer[0] = uwords[j][0]; -+ longbuffer[1] = '\0'; -+ strcat(longbuffer, uwords[i]); -+ -+ if (GTry(longbuffer, password)) -+ { -+ return _("it's derivable from your password entry"); -+ } - } - } - } --- -2.8.1 - diff --git a/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch b/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch index adbe7dfff4..35229ae890 100644 --- a/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch +++ b/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch @@ -1,7 +1,7 @@ -From 8a6e43726ad0ae41bd1cc2c248d91deb31459357 Mon Sep 17 00:00:00 2001 +From aae03b7e626d5f62ab929d51d11352a5a2ff6b2d Mon Sep 17 00:00:00 2001 From: Lei Maohui <leimaohui@cn.fujitsu.com> Date: Tue, 9 Jun 2015 11:11:48 +0900 -Subject: [PATCH] packlib.c: support dictionary byte order dependent +Subject: [PATCH 1/2] packlib.c: support dictionary byte order dependent The previous dict files are NOT byte-order independent, in fact they are probably ARCHITECTURE SPECIFIC. @@ -9,7 +9,7 @@ Create the dict files in big endian, and convert to host endian while load them. This could fix the endian issue on multiple platform. Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> -Upstream-Status: Pending +Upstream-Status: Submitted [https://github.com/cracklib/cracklib/pull/41] We can't use the endian.h, htobe* and be*toh functions because they are not available on older versions of glibc, such as that found in RHEL @@ -22,11 +22,11 @@ Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com> --- - lib/packlib.c | 214 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- + lib/packlib.c | 214 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 210 insertions(+), 4 deletions(-) diff --git a/lib/packlib.c b/lib/packlib.c -index f851424..3aac805 100644 +index 9396e1d..d0bb181 100644 --- a/lib/packlib.c +++ b/lib/packlib.c @@ -16,6 +16,12 @@ @@ -41,8 +41,8 @@ index f851424..3aac805 100644 +#include <byteswap.h> #include "packer.h" - static const char vers_id[] = "packlib.c : v2.3p2 Alec Muffett 18 May 1993"; -@@ -45,6 +51,185 @@ typedef struct + #define DEBUG 0 +@@ -43,6 +49,185 @@ typedef struct char data_get[NUMWORDS][MAXWORDLEN]; } PWDICT64; @@ -228,7 +228,7 @@ index f851424..3aac805 100644 static int _PWIsBroken64(FILE *ifp) -@@ -57,6 +242,7 @@ _PWIsBroken64(FILE *ifp) +@@ -55,6 +240,7 @@ _PWIsBroken64(FILE *ifp) return 0; } @@ -236,7 +236,7 @@ index f851424..3aac805 100644 return (pdesc64.header.pih_magic == PIH_MAGIC); } -@@ -149,7 +335,11 @@ PWOpen(prefix, mode) +@@ -147,7 +333,11 @@ PWOpen(prefix, mode) pdesc.header.pih_blocklen = NUMWORDS; pdesc.header.pih_numwords = 0; @@ -249,7 +249,7 @@ index f851424..3aac805 100644 } else { pdesc.flags &= ~PFOR_WRITE; -@@ -173,6 +363,7 @@ PWOpen(prefix, mode) +@@ -171,6 +361,7 @@ PWOpen(prefix, mode) return NULL; } @@ -257,7 +257,7 @@ index f851424..3aac805 100644 if ((pdesc.header.pih_magic == 0) || (pdesc.header.pih_numwords == 0)) { /* uh-oh. either a broken "64-bit" file or a garbage file. */ -@@ -195,6 +386,7 @@ PWOpen(prefix, mode) +@@ -193,6 +384,7 @@ PWOpen(prefix, mode) } return NULL; } @@ -265,7 +265,7 @@ index f851424..3aac805 100644 if (pdesc64.header.pih_magic != PIH_MAGIC) { /* nope, not "64-bit" after all */ -@@ -290,6 +482,7 @@ PWOpen(prefix, mode) +@@ -288,6 +480,7 @@ PWOpen(prefix, mode) { pdesc.flags &= ~PFOR_USEHWMS; } @@ -273,7 +273,7 @@ index f851424..3aac805 100644 for (i = 0; i < sizeof(pdesc.hwms) / sizeof(pdesc.hwms[0]); i++) { pdesc.hwms[i] = pdesc64.hwms[i]; -@@ -299,6 +492,7 @@ PWOpen(prefix, mode) +@@ -297,6 +490,7 @@ PWOpen(prefix, mode) { pdesc.flags &= ~PFOR_USEHWMS; } @@ -281,7 +281,7 @@ index f851424..3aac805 100644 #if DEBUG for (i=1; i<=0xff; i++) { -@@ -332,7 +526,11 @@ PWClose(pwp) +@@ -330,7 +524,11 @@ PWClose(pwp) return (-1); } @@ -294,7 +294,7 @@ index f851424..3aac805 100644 { fprintf(stderr, "index magic fwrite failed\n"); return (-1); -@@ -351,7 +549,12 @@ PWClose(pwp) +@@ -349,7 +547,12 @@ PWClose(pwp) printf("hwm[%02x] = %d\n", i, pwp->hwms[i]); #endif } @@ -303,12 +303,12 @@ index f851424..3aac805 100644 + PWDICT tmp_pwp; + + memcpy(&tmp_pwp, pwp, sizeof(PWDICT)); -+ HwmsHostToBigEndian(tmp_pwp.hwms, sizeof(tmp_pwp.hwms), en_is32); ++ HwmsHostToBigEndian((char *)tmp_pwp.hwms, sizeof(tmp_pwp.hwms), en_is32); + fwrite(tmp_pwp.hwms, 1, sizeof(tmp_pwp.hwms), pwp->wfp); } } -@@ -405,7 +608,8 @@ PutPW(pwp, string) +@@ -403,7 +606,8 @@ PutPW(pwp, string) datum = (uint32_t) ftell(pwp->dfp); @@ -317,8 +317,8 @@ index f851424..3aac805 100644 + fwrite((char *) &tmpdatum, sizeof(tmpdatum), 1, pwp->ifp); fputs(pwp->data_put[0], pwp->dfp); - putc(0, pwp->dfp); -@@ -464,6 +668,7 @@ GetPW(pwp, number) + putc(0, (FILE*) pwp->dfp); +@@ -462,6 +666,7 @@ GetPW(pwp, number) perror("(index fread failed)"); return NULL; } @@ -326,7 +326,7 @@ index f851424..3aac805 100644 datum = datum64; } else { if (fseek(pwp->ifp, sizeof(struct pi_header) + (thisblock * sizeof(uint32_t)), 0)) -@@ -477,6 +682,7 @@ GetPW(pwp, number) +@@ -475,6 +680,7 @@ GetPW(pwp, number) perror("(index fread failed)"); return NULL; } @@ -335,5 +335,5 @@ index f851424..3aac805 100644 int r = 1; -- -1.8.4.2 +2.20.1 diff --git a/meta/recipes-extended/cracklib/cracklib/0002-craklib-fix-testnum-and-teststr-failed.patch b/meta/recipes-extended/cracklib/cracklib/0002-craklib-fix-testnum-and-teststr-failed.patch deleted file mode 100644 index 6210e82121..0000000000 --- a/meta/recipes-extended/cracklib/cracklib/0002-craklib-fix-testnum-and-teststr-failed.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 06f9a88b5dd5597f9198ea0cb34f5e96f180e6e3 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Sat, 27 Apr 2013 16:02:30 +0800 -Subject: [PATCH] craklib:fix testnum and teststr failed - -Error log: -... -$ ./testnum -(null).pwd.gz: No such file or directory -PWOpen: No such file or directory - -$ ./util/teststr -(null).pwd.gz: No such file or directory -PWOpen: No such file or directory -... -Set DEFAULT_CRACKLIB_DICT as the path of PWOpen - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> -Upstream-Status: Pending ---- - util/testnum.c | 2 +- - util/teststr.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/util/testnum.c b/util/testnum.c -index ae2246d..ca210ff 100644 ---- a/util/testnum.c -+++ b/util/testnum.c -@@ -20,7 +20,7 @@ main () - PWDICT *pwp; - char buffer[STRINGSIZE]; - -- if (!(pwp = PWOpen (NULL, "r"))) -+ if (!(pwp = PWOpen (DEFAULT_CRACKLIB_DICT, "r"))) - { - perror ("PWOpen"); - return (-1); -diff --git a/util/teststr.c b/util/teststr.c -index 2a31fa4..9fb9cda 100644 ---- a/util/teststr.c -+++ b/util/teststr.c -@@ -15,7 +15,7 @@ main () - PWDICT *pwp; - char buffer[STRINGSIZE]; - -- if (!(pwp = PWOpen (NULL, "r"))) -+ if (!(pwp = PWOpen (DEFAULT_CRACKLIB_DICT, "r"))) - { - perror ("PWOpen"); - return (-1); --- -1.7.10.4 - diff --git a/meta/recipes-extended/cracklib/cracklib_2.9.11.bb b/meta/recipes-extended/cracklib/cracklib_2.9.11.bb new file mode 100644 index 0000000000..34ef2b65a1 --- /dev/null +++ b/meta/recipes-extended/cracklib/cracklib_2.9.11.bb @@ -0,0 +1,33 @@ +SUMMARY = "Password strength checker library" +HOMEPAGE = "https://github.com/cracklib/cracklib" +DESCRIPTION = "${SUMMARY}" + +LICENSE = "LGPL-2.1-or-later" +LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=e3eda01d9815f8d24aae2dbd89b68b06" + +DEPENDS = "cracklib-native zlib" + +EXTRA_OECONF = "--without-python --libdir=${base_libdir}" + +SRC_URI = "git://github.com/cracklib/cracklib;protocol=https;branch=main \ + file://0001-packlib.c-support-dictionary-byte-order-dependent.patch \ + " + +SRCREV = "4cf5125250c6325ef0a2dc085eabff875227edc3" +S = "${WORKDIR}/git/src" + +inherit autotools gettext + +# This is custom stuff from upstream's autogen.sh +do_configure:prepend() { + mkdir -p ${S}/m4 + echo EXTRA_DIST = *.m4 > ${S}/m4/Makefile.am + touch ${S}/ABOUT-NLS +} + +do_install:append:class-target() { + create-cracklib-dict -o ${D}${datadir}/cracklib/pw_dict ${D}${datadir}/cracklib/cracklib-small +} + +BBCLASSEXTEND = "native nativesdk" + diff --git a/meta/recipes-extended/cracklib/cracklib_2.9.5.bb b/meta/recipes-extended/cracklib/cracklib_2.9.5.bb deleted file mode 100644 index 82995219dc..0000000000 --- a/meta/recipes-extended/cracklib/cracklib_2.9.5.bb +++ /dev/null @@ -1,29 +0,0 @@ -SUMMARY = "Password strength checker library" -HOMEPAGE = "http://sourceforge.net/projects/cracklib" - -LICENSE = "LGPLv2.1+" -LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=e3eda01d9815f8d24aae2dbd89b68b06" - -DEPENDS = "cracklib-native zlib" - -EXTRA_OECONF = "--without-python --libdir=${base_libdir}" - -SRC_URI = "${SOURCEFORGE_MIRROR}/cracklib/cracklib-${PV}.tar.gz \ - file://0001-packlib.c-support-dictionary-byte-order-dependent.patch \ - file://0001-Apply-patch-to-fix-CVE-2016-6318.patch \ - file://0002-craklib-fix-testnum-and-teststr-failed.patch" - -SRC_URI[md5sum] = "376790a95c1fb645e59e6e9803c78582" -SRC_URI[sha256sum] = "59ab0138bc8cf90cccb8509b6969a024d5e58d2d02bcbdccbb9ba9b88be3fa33" - -UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/cracklib/files/cracklib/" -UPSTREAM_CHECK_REGEX = "/cracklib/(?P<pver>(\d+[\.\-_]*)+)/" - -inherit autotools gettext - -do_install_append_class-target() { - create-cracklib-dict -o ${D}${datadir}/cracklib/pw_dict ${D}${datadir}/cracklib/cracklib-small -} - -BBCLASSEXTEND = "native nativesdk" - |