diff options
| author |   Thomas Deutschmann <whissi@gentoo.org> | 2016-09-14 22:55:05 +0200 |
|---|---|---|
| committer | Thomas Deutschmann <whissi@gentoo.org> | 2016-09-14 22:57:44 +0200 |
| commit | aac5b4f4a65ce70854e77014fa096b7bd2d34e43 (patch) | |
| tree | 23bd92f6ccbef14b54fab35d2049275fd41818b9 | |
| parent | sci-visualization/kst: add patch to fix build failure with USE="qt5" (diff) | |
| download | gentoo-aac5b4f4a65ce70854e77014fa096b7bd2d34e43.tar.gz gentoo-aac5b4f4a65ce70854e77014fa096b7bd2d34e43.tar.bz2 gentoo-aac5b4f4a65ce70854e77014fa096b7bd2d34e43.zip | |
sys-libs/cracklib: Revision bump to address CVE-2016-6318 and another buffer overflow
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Gentoo-Bug: https://bugs.gentoo.org/591456
Package-Manager: portage-2.3.0
3 files changed, 259 insertions, 0 deletions
diff --git a/sys-libs/cracklib/cracklib-2.9.6-r1.ebuild b/sys-libs/cracklib/cracklib-2.9.6-r1.ebuild new file mode 100644 index 000000000000..3767e647c751 --- /dev/null +++ b/sys-libs/cracklib/cracklib-2.9.6-r1.ebuild @@ -0,0 +1,108 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" +PYTHON_COMPAT=( python2_7 ) +DISTUTILS_OPTIONAL=1 + +inherit eutils distutils-r1 libtool multilib-minimal toolchain-funcs + +MY_P=${P/_} +DESCRIPTION="Password Checking Library" +HOMEPAGE="https://github.com/cracklib/cracklib/" +SRC_URI="https://github.com/${PN}/${PN}/releases/download/${P}/${P}.tar.gz" + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~x86-interix ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x86-macos ~m68k-mint" +IUSE="nls python static-libs test zlib" + +RDEPEND="zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )" +DEPEND="${RDEPEND} + python? ( + dev-python/setuptools[${PYTHON_USEDEP}] + test? ( dev-python/nose[${PYTHON_USEDEP}] ) + )" +RDEPEND="${RDEPEND} + abi_x86_32? ( + !<=app-emulation/emul-linux-x86-baselibs-20140508-r6 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] + )" + +S=${WORKDIR}/${MY_P} + +do_python() { + multilib_is_native_abi || return 0 + use python || return 0 + pushd python > /dev/null || die + distutils-r1_src_${EBUILD_PHASE} + popd > /dev/null +} + +pkg_setup() { + # workaround #195017 + if has unmerge-orphans ${FEATURES} && has_version "<${CATEGORY}/${PN}-2.8.10" ; then + eerror "Upgrade path is broken with FEATURES=unmerge-orphans" + eerror "Please run: FEATURES=-unmerge-orphans emerge cracklib" + die "Please run: FEATURES=-unmerge-orphans emerge cracklib" + fi +} + +src_prepare() { + epatch "${FILESDIR}"/cracklib-2.9.6-CVE-2016-6318.patch + epatch "${FILESDIR}"/cracklib-2.9.6-fix-long-word-bufferoverflow.patch + + elibtoolize #269003 + do_python +} + +multilib_src_configure() { + export ac_cv_header_zlib_h=$(usex zlib) + export ac_cv_search_gzopen=$(usex zlib -lz no) + # use /usr/lib so that the dictionary is shared between ABIs + ECONF_SOURCE=${S} \ + econf \ + --with-default-dict='/usr/lib/cracklib_dict' \ + --without-python \ + $(use_enable nls) \ + $(use_enable static-libs static) +} + +multilib_src_compile() { + default + do_python +} + +multilib_src_test() { + do_python +} + +python_test() { + nosetests -w "${S}"/python || die "Tests fail with ${EPYTHON}" +} + +multilib_src_install() { + default + # move shared libs to / + gen_usr_ldscript -a crack + + do_python +} + +multilib_src_install_all() { + einstalldocs + prune_libtool_files + rm -r "${ED}"/usr/share/cracklib + + insinto /usr/share/dict + doins dicts/cracklib-small || die +} + +pkg_postinst() { + if [[ ${ROOT} == "/" ]] ; then + ebegin "Regenerating cracklib dictionary" + create-cracklib-dict "${EPREFIX}"/usr/share/dict/* > /dev/null + eend $? + fi +} diff --git a/sys-libs/cracklib/files/cracklib-2.9.6-CVE-2016-6318.patch b/sys-libs/cracklib/files/cracklib-2.9.6-CVE-2016-6318.patch new file mode 100644 index 000000000000..bc47734759e2 --- /dev/null +++ b/sys-libs/cracklib/files/cracklib-2.9.6-CVE-2016-6318.patch @@ -0,0 +1,108 @@ +From 47e5dec521ab6243c9b249dd65b93d232d90d6b1 Mon Sep 17 00:00:00 2001 +From: Jan Dittberner <jan@dittberner.info> +Date: Thu, 25 Aug 2016 17:13:49 +0200 +Subject: [PATCH] Apply patch to fix CVE-2016-6318 + +This patch fixes an issue with a stack-based buffer overflow whne +parsing large GECOS field. See +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 and +https://security-tracker.debian.org/tracker/CVE-2016-6318 for more +information. +--- + src/NEWS | 1 + + src/lib/fascist.c | 57 ++++++++++++++++++++++++++++++++----------------------- + 2 files changed, 34 insertions(+), 24 deletions(-) + +diff --git a/src/NEWS b/src/NEWS +index 26abeee..361a207 100644 +--- a/src/NEWS ++++ b/src/NEWS +@@ -1,3 +1,4 @@ ++v2.9.x apply patch to fix CVE-2016-6318 Stack-based buffer overflow when parsing large GECOS field + v2.9.6 updates to cracklib-words to add a bunch of other dictionary lists + migration to github + patch to add some particularly bad cases to the cracklib small dictionary (Matthew Miller) +diff --git a/src/lib/fascist.c b/src/lib/fascist.c +index a996509..d4deb15 100644 +--- a/src/lib/fascist.c ++++ b/src/lib/fascist.c +@@ -502,7 +502,7 @@ FascistGecosUser(char *password, const char *user, const char *gecos) + char gbuffer[STRINGSIZE]; + char tbuffer[STRINGSIZE]; + char *uwords[STRINGSIZE]; +- char longbuffer[STRINGSIZE * 2]; ++ char longbuffer[STRINGSIZE]; + + if (gecos == NULL) + gecos = ""; +@@ -583,38 +583,47 @@ FascistGecosUser(char *password, const char *user, const char *gecos) + { + for (i = 0; i < j; i++) + { +- strcpy(longbuffer, uwords[i]); +- strcat(longbuffer, uwords[j]); +- +- if (GTry(longbuffer, password)) ++ if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE) + { +- return _("it is derived from your password entry"); +- } ++ strcpy(longbuffer, uwords[i]); ++ strcat(longbuffer, uwords[j]); + +- strcpy(longbuffer, uwords[j]); +- strcat(longbuffer, uwords[i]); ++ if (GTry(longbuffer, password)) ++ { ++ return _("it is derived from your password entry"); ++ } + +- if (GTry(longbuffer, password)) +- { +- return _("it's derived from your password entry"); +- } ++ strcpy(longbuffer, uwords[j]); ++ strcat(longbuffer, uwords[i]); + +- longbuffer[0] = uwords[i][0]; +- longbuffer[1] = '\0'; +- strcat(longbuffer, uwords[j]); ++ if (GTry(longbuffer, password)) ++ { ++ return _("it's derived from your password entry"); ++ } ++ } + +- if (GTry(longbuffer, password)) ++ if (strlen(uwords[j]) < STRINGSIZE - 1) + { +- return _("it is derivable from your password entry"); ++ longbuffer[0] = uwords[i][0]; ++ longbuffer[1] = '\0'; ++ strcat(longbuffer, uwords[j]); ++ ++ if (GTry(longbuffer, password)) ++ { ++ return _("it is derivable from your password entry"); ++ } + } + +- longbuffer[0] = uwords[j][0]; +- longbuffer[1] = '\0'; +- strcat(longbuffer, uwords[i]); +- +- if (GTry(longbuffer, password)) ++ if (strlen(uwords[i]) < STRINGSIZE - 1) + { +- return _("it's derivable from your password entry"); ++ longbuffer[0] = uwords[j][0]; ++ longbuffer[1] = '\0'; ++ strcat(longbuffer, uwords[i]); ++ ++ if (GTry(longbuffer, password)) ++ { ++ return _("it's derivable from your password entry"); ++ } + } + } + } diff --git a/sys-libs/cracklib/files/cracklib-2.9.6-fix-long-word-bufferoverflow.patch b/sys-libs/cracklib/files/cracklib-2.9.6-fix-long-word-bufferoverflow.patch new file mode 100644 index 000000000000..59dc9e539eb3 --- /dev/null +++ b/sys-libs/cracklib/files/cracklib-2.9.6-fix-long-word-bufferoverflow.patch @@ -0,0 +1,43 @@ +From 33d7fa4585247cd2247a1ffa032ad245836c6edb Mon Sep 17 00:00:00 2001 +From: Jan Dittberner <jan@dittberner.info> +Date: Thu, 25 Aug 2016 17:17:53 +0200 +Subject: [PATCH] Fix a buffer overflow processing long words + +A buffer overflow processing long words has been discovered. This commit +applies the patch from +https://build.opensuse.org/package/view_file/Base:System/cracklib/0004-overflow-processing-long-words.patch +by Howard Guo. + +See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835386 and +http://www.openwall.com/lists/oss-security/2016/08/23/8 +--- + src/NEWS | 1 + + src/lib/rules.c | 5 ++--- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/NEWS b/src/NEWS +index 361a207..f1df3b0 100644 +--- a/src/NEWS ++++ b/src/NEWS +@@ -1,4 +1,5 @@ + v2.9.x apply patch to fix CVE-2016-6318 Stack-based buffer overflow when parsing large GECOS field ++ fix a buffer overflow processing long words + v2.9.6 updates to cracklib-words to add a bunch of other dictionary lists + migration to github + patch to add some particularly bad cases to the cracklib small dictionary (Matthew Miller) +diff --git a/src/lib/rules.c b/src/lib/rules.c +index d193cc0..3a2aa46 100644 +--- a/src/lib/rules.c ++++ b/src/lib/rules.c +@@ -434,9 +434,8 @@ Mangle(input, control) /* returns a pointer to a controlled Mangle */ + { + int limit; + register char *ptr; +- static char area[STRINGSIZE]; +- char area2[STRINGSIZE]; +- area[0] = '\0'; ++ static char area[STRINGSIZE * 2] = {0}; ++ char area2[STRINGSIZE * 2] = {0}; + strcpy(area, input); + + for (ptr = control; *ptr; ptr++) |