summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Deutschmann <whissi@gentoo.org>2016-09-14 22:55:05 +0200
committerThomas Deutschmann <whissi@gentoo.org>2016-09-14 22:57:44 +0200
commitaac5b4f4a65ce70854e77014fa096b7bd2d34e43 (patch)
tree23bd92f6ccbef14b54fab35d2049275fd41818b9 /sys-libs/cracklib
parentsci-visualization/kst: add patch to fix build failure with USE="qt5" (diff)
downloadgentoo-aac5b4f4a65ce70854e77014fa096b7bd2d34e43.tar.gz
gentoo-aac5b4f4a65ce70854e77014fa096b7bd2d34e43.tar.bz2
gentoo-aac5b4f4a65ce70854e77014fa096b7bd2d34e43.zip
sys-libs/cracklib: Revision bump to address CVE-2016-6318 and another buffer overflow
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> Gentoo-Bug: https://bugs.gentoo.org/591456 Package-Manager: portage-2.3.0
Diffstat (limited to 'sys-libs/cracklib')
-rw-r--r--sys-libs/cracklib/cracklib-2.9.6-r1.ebuild108
-rw-r--r--sys-libs/cracklib/files/cracklib-2.9.6-CVE-2016-6318.patch108
-rw-r--r--sys-libs/cracklib/files/cracklib-2.9.6-fix-long-word-bufferoverflow.patch43
3 files changed, 259 insertions, 0 deletions
diff --git a/sys-libs/cracklib/cracklib-2.9.6-r1.ebuild b/sys-libs/cracklib/cracklib-2.9.6-r1.ebuild
new file mode 100644
index 000000000000..3767e647c751
--- /dev/null
+++ b/sys-libs/cracklib/cracklib-2.9.6-r1.ebuild
@@ -0,0 +1,108 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+PYTHON_COMPAT=( python2_7 )
+DISTUTILS_OPTIONAL=1
+
+inherit eutils distutils-r1 libtool multilib-minimal toolchain-funcs
+
+MY_P=${P/_}
+DESCRIPTION="Password Checking Library"
+HOMEPAGE="https://github.com/cracklib/cracklib/"
+SRC_URI="https://github.com/${PN}/${PN}/releases/download/${P}/${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~x86-interix ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x86-macos ~m68k-mint"
+IUSE="nls python static-libs test zlib"
+
+RDEPEND="zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+ python? (
+ dev-python/setuptools[${PYTHON_USEDEP}]
+ test? ( dev-python/nose[${PYTHON_USEDEP}] )
+ )"
+RDEPEND="${RDEPEND}
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r6
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+
+S=${WORKDIR}/${MY_P}
+
+do_python() {
+ multilib_is_native_abi || return 0
+ use python || return 0
+ pushd python > /dev/null || die
+ distutils-r1_src_${EBUILD_PHASE}
+ popd > /dev/null
+}
+
+pkg_setup() {
+ # workaround #195017
+ if has unmerge-orphans ${FEATURES} && has_version "<${CATEGORY}/${PN}-2.8.10" ; then
+ eerror "Upgrade path is broken with FEATURES=unmerge-orphans"
+ eerror "Please run: FEATURES=-unmerge-orphans emerge cracklib"
+ die "Please run: FEATURES=-unmerge-orphans emerge cracklib"
+ fi
+}
+
+src_prepare() {
+ epatch "${FILESDIR}"/cracklib-2.9.6-CVE-2016-6318.patch
+ epatch "${FILESDIR}"/cracklib-2.9.6-fix-long-word-bufferoverflow.patch
+
+ elibtoolize #269003
+ do_python
+}
+
+multilib_src_configure() {
+ export ac_cv_header_zlib_h=$(usex zlib)
+ export ac_cv_search_gzopen=$(usex zlib -lz no)
+ # use /usr/lib so that the dictionary is shared between ABIs
+ ECONF_SOURCE=${S} \
+ econf \
+ --with-default-dict='/usr/lib/cracklib_dict' \
+ --without-python \
+ $(use_enable nls) \
+ $(use_enable static-libs static)
+}
+
+multilib_src_compile() {
+ default
+ do_python
+}
+
+multilib_src_test() {
+ do_python
+}
+
+python_test() {
+ nosetests -w "${S}"/python || die "Tests fail with ${EPYTHON}"
+}
+
+multilib_src_install() {
+ default
+ # move shared libs to /
+ gen_usr_ldscript -a crack
+
+ do_python
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ prune_libtool_files
+ rm -r "${ED}"/usr/share/cracklib
+
+ insinto /usr/share/dict
+ doins dicts/cracklib-small || die
+}
+
+pkg_postinst() {
+ if [[ ${ROOT} == "/" ]] ; then
+ ebegin "Regenerating cracklib dictionary"
+ create-cracklib-dict "${EPREFIX}"/usr/share/dict/* > /dev/null
+ eend $?
+ fi
+}
diff --git a/sys-libs/cracklib/files/cracklib-2.9.6-CVE-2016-6318.patch b/sys-libs/cracklib/files/cracklib-2.9.6-CVE-2016-6318.patch
new file mode 100644
index 000000000000..bc47734759e2
--- /dev/null
+++ b/sys-libs/cracklib/files/cracklib-2.9.6-CVE-2016-6318.patch
@@ -0,0 +1,108 @@
+From 47e5dec521ab6243c9b249dd65b93d232d90d6b1 Mon Sep 17 00:00:00 2001
+From: Jan Dittberner <jan@dittberner.info>
+Date: Thu, 25 Aug 2016 17:13:49 +0200
+Subject: [PATCH] Apply patch to fix CVE-2016-6318
+
+This patch fixes an issue with a stack-based buffer overflow whne
+parsing large GECOS field. See
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 and
+https://security-tracker.debian.org/tracker/CVE-2016-6318 for more
+information.
+---
+ src/NEWS | 1 +
+ src/lib/fascist.c | 57 ++++++++++++++++++++++++++++++++-----------------------
+ 2 files changed, 34 insertions(+), 24 deletions(-)
+
+diff --git a/src/NEWS b/src/NEWS
+index 26abeee..361a207 100644
+--- a/src/NEWS
++++ b/src/NEWS
+@@ -1,3 +1,4 @@
++v2.9.x apply patch to fix CVE-2016-6318 Stack-based buffer overflow when parsing large GECOS field
+ v2.9.6 updates to cracklib-words to add a bunch of other dictionary lists
+ migration to github
+ patch to add some particularly bad cases to the cracklib small dictionary (Matthew Miller)
+diff --git a/src/lib/fascist.c b/src/lib/fascist.c
+index a996509..d4deb15 100644
+--- a/src/lib/fascist.c
++++ b/src/lib/fascist.c
+@@ -502,7 +502,7 @@ FascistGecosUser(char *password, const char *user, const char *gecos)
+ char gbuffer[STRINGSIZE];
+ char tbuffer[STRINGSIZE];
+ char *uwords[STRINGSIZE];
+- char longbuffer[STRINGSIZE * 2];
++ char longbuffer[STRINGSIZE];
+
+ if (gecos == NULL)
+ gecos = "";
+@@ -583,38 +583,47 @@ FascistGecosUser(char *password, const char *user, const char *gecos)
+ {
+ for (i = 0; i < j; i++)
+ {
+- strcpy(longbuffer, uwords[i]);
+- strcat(longbuffer, uwords[j]);
+-
+- if (GTry(longbuffer, password))
++ if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE)
+ {
+- return _("it is derived from your password entry");
+- }
++ strcpy(longbuffer, uwords[i]);
++ strcat(longbuffer, uwords[j]);
+
+- strcpy(longbuffer, uwords[j]);
+- strcat(longbuffer, uwords[i]);
++ if (GTry(longbuffer, password))
++ {
++ return _("it is derived from your password entry");
++ }
+
+- if (GTry(longbuffer, password))
+- {
+- return _("it's derived from your password entry");
+- }
++ strcpy(longbuffer, uwords[j]);
++ strcat(longbuffer, uwords[i]);
+
+- longbuffer[0] = uwords[i][0];
+- longbuffer[1] = '\0';
+- strcat(longbuffer, uwords[j]);
++ if (GTry(longbuffer, password))
++ {
++ return _("it's derived from your password entry");
++ }
++ }
+
+- if (GTry(longbuffer, password))
++ if (strlen(uwords[j]) < STRINGSIZE - 1)
+ {
+- return _("it is derivable from your password entry");
++ longbuffer[0] = uwords[i][0];
++ longbuffer[1] = '\0';
++ strcat(longbuffer, uwords[j]);
++
++ if (GTry(longbuffer, password))
++ {
++ return _("it is derivable from your password entry");
++ }
+ }
+
+- longbuffer[0] = uwords[j][0];
+- longbuffer[1] = '\0';
+- strcat(longbuffer, uwords[i]);
+-
+- if (GTry(longbuffer, password))
++ if (strlen(uwords[i]) < STRINGSIZE - 1)
+ {
+- return _("it's derivable from your password entry");
++ longbuffer[0] = uwords[j][0];
++ longbuffer[1] = '\0';
++ strcat(longbuffer, uwords[i]);
++
++ if (GTry(longbuffer, password))
++ {
++ return _("it's derivable from your password entry");
++ }
+ }
+ }
+ }
diff --git a/sys-libs/cracklib/files/cracklib-2.9.6-fix-long-word-bufferoverflow.patch b/sys-libs/cracklib/files/cracklib-2.9.6-fix-long-word-bufferoverflow.patch
new file mode 100644
index 000000000000..59dc9e539eb3
--- /dev/null
+++ b/sys-libs/cracklib/files/cracklib-2.9.6-fix-long-word-bufferoverflow.patch
@@ -0,0 +1,43 @@
+From 33d7fa4585247cd2247a1ffa032ad245836c6edb Mon Sep 17 00:00:00 2001
+From: Jan Dittberner <jan@dittberner.info>
+Date: Thu, 25 Aug 2016 17:17:53 +0200
+Subject: [PATCH] Fix a buffer overflow processing long words
+
+A buffer overflow processing long words has been discovered. This commit
+applies the patch from
+https://build.opensuse.org/package/view_file/Base:System/cracklib/0004-overflow-processing-long-words.patch
+by Howard Guo.
+
+See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835386 and
+http://www.openwall.com/lists/oss-security/2016/08/23/8
+---
+ src/NEWS | 1 +
+ src/lib/rules.c | 5 ++---
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/NEWS b/src/NEWS
+index 361a207..f1df3b0 100644
+--- a/src/NEWS
++++ b/src/NEWS
+@@ -1,4 +1,5 @@
+ v2.9.x apply patch to fix CVE-2016-6318 Stack-based buffer overflow when parsing large GECOS field
++ fix a buffer overflow processing long words
+ v2.9.6 updates to cracklib-words to add a bunch of other dictionary lists
+ migration to github
+ patch to add some particularly bad cases to the cracklib small dictionary (Matthew Miller)
+diff --git a/src/lib/rules.c b/src/lib/rules.c
+index d193cc0..3a2aa46 100644
+--- a/src/lib/rules.c
++++ b/src/lib/rules.c
+@@ -434,9 +434,8 @@ Mangle(input, control) /* returns a pointer to a controlled Mangle */
+ {
+ int limit;
+ register char *ptr;
+- static char area[STRINGSIZE];
+- char area2[STRINGSIZE];
+- area[0] = '\0';
++ static char area[STRINGSIZE * 2] = {0};
++ char area2[STRINGSIZE * 2] = {0};
+ strcpy(area, input);
+
+ for (ptr = control; *ptr; ptr++)