From d54fbdec265cf449cdb4910268b2d242e4f1f997 Mon Sep 17 00:00:00 2001 From: Eric Hameleers Date: Sat, 15 Feb 2020 17:50:19 +0100 Subject: Remove deps that are now part of Slackware OpenAL got added to Slackware as 'openal-soft'; SDL_sound is now part of the Slackware 'sdl' package; libxkbcommon and qt5 were added to Slackware in the 'L' series. --- deps/cracklib/.url | 2 + deps/cracklib/cracklib-words-2.9.7.bz2 | Bin 0 -> 6951761 bytes deps/cracklib/cracklib.SlackBuild | 135 +++++++++++++++++++++ .../patches/cracklib-2.9.6-cve-2016-6318.patch | 108 +++++++++++++++++ deps/cracklib/slack-desc | 20 +++ 5 files changed, 265 insertions(+) create mode 100644 deps/cracklib/.url create mode 100644 deps/cracklib/cracklib-words-2.9.7.bz2 create mode 100755 deps/cracklib/cracklib.SlackBuild create mode 100644 deps/cracklib/patches/cracklib-2.9.6-cve-2016-6318.patch create mode 100644 deps/cracklib/slack-desc (limited to 'deps/cracklib') diff --git a/deps/cracklib/.url b/deps/cracklib/.url new file mode 100644 index 0000000..257cdea --- /dev/null +++ b/deps/cracklib/.url @@ -0,0 +1,2 @@ +https://github.com/cracklib/cracklib/releases/download/v2.9.7/cracklib-2.9.7.tar.bz2 +https://github.com/cracklib/cracklib/releases/download/v2.9.7/cracklib-words-2.9.7.bz2 diff --git a/deps/cracklib/cracklib-words-2.9.7.bz2 b/deps/cracklib/cracklib-words-2.9.7.bz2 new file mode 100644 index 0000000..b29dbf1 Binary files /dev/null and b/deps/cracklib/cracklib-words-2.9.7.bz2 differ diff --git a/deps/cracklib/cracklib.SlackBuild b/deps/cracklib/cracklib.SlackBuild new file mode 100755 index 0000000..f1825a7 --- /dev/null +++ b/deps/cracklib/cracklib.SlackBuild @@ -0,0 +1,135 @@ +#!/bin/sh + +# Copyright 2010,2011 Vincent Batts, Vienna, VA, USA +# Copyright 2010, 2018 Patrick J. Volkerding, Sebeka, Minnesota, USA +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +cd $(dirname $0) ; CWD=$(pwd) + +PKGNAM=cracklib +VERSION=${VERSION:-2.9.7} +BUILD=${BUILD:-1} + +# Automatically determine the architecture we're building on: +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) export ARCH=i586 ;; + arm*) export ARCH=arm ;; + # Unless $ARCH is already set, use uname -m for all other archs: + *) export ARCH=$( uname -m ) ;; + esac +fi + +# If the variable PRINT_PACKAGE_NAME is set, then this script will report what +# the name of the created package would be, and then exit. This information +# could be useful to other scripts. +if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then + echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz" + exit 0 +fi + +NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "} + +TMP=${TMP:-/tmp} +PKG=$TMP/package-$PKGNAM + +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "s390" ]; then + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +rm -rf $PKG +mkdir -p $TMP $PKG +cd $TMP +rm -rf $PKGNAM-$VERSION +tar xf $CWD/$PKGNAM-$VERSION.tar.bz2 || exit 1 +cd $PKGNAM-$VERSION || exit 1 +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \+ -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \+ + +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --sbindir=/sbin \ + --libdir=/usr/lib${LIBDIRSUFFIX} \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --mandir=/usr/man \ + --docdir=/usr/doc/$PKGNAM-$VERSION \ + --disable-static \ + --build=$ARCH-slackware-linux || exit 1 + +make $NUMJOBS || exit 1 +make install DESTDIR=$PKG || exit 1 + +# Don't ship .la files: +rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la + +mkdir -p $PKG/usr/share/cracklib + +# If there's a large word list in the source directory, use it. +# Otherwise go with the bundled list. +if [ -r $CWD/cracklib-words-$VERSION.bz2 ]; then + bzcat $CWD/cracklib-words-$VERSION.bz2 | gzip -c > words.gz + PATH=$(pwd)/util:$PATH \ + ./util/create-cracklib-dict \ + -o $PKG/usr/share/cracklib/pw_dict \ + dicts/cracklib-small words.gz +else + PATH=$(pwd)/util:$PATH \ + ./util/create-cracklib-dict \ + -o $PKG/usr/share/cracklib/pw_dict \ + dicts/cracklib-small +fi + +mkdir -p $PKG/var/cache/cracklib +( cd $PKG/var/cache/cracklib +ln -s /usr/share/cracklib/pw_dict.pwd cracklib_dict.pwd +ln -s /usr/share/cracklib/pw_dict.pwi cracklib_dict.pwi +) + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION +cp -a \ + AUTHORS COPYING.LIB ChangeLog INSTALL NEWS README* \ + $PKG/usr/doc/$PKGNAM-$VERSION + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz + diff --git a/deps/cracklib/patches/cracklib-2.9.6-cve-2016-6318.patch b/deps/cracklib/patches/cracklib-2.9.6-cve-2016-6318.patch new file mode 100644 index 0000000..bc47734 --- /dev/null +++ b/deps/cracklib/patches/cracklib-2.9.6-cve-2016-6318.patch @@ -0,0 +1,108 @@ +From 47e5dec521ab6243c9b249dd65b93d232d90d6b1 Mon Sep 17 00:00:00 2001 +From: Jan Dittberner +Date: Thu, 25 Aug 2016 17:13:49 +0200 +Subject: [PATCH] Apply patch to fix CVE-2016-6318 + +This patch fixes an issue with a stack-based buffer overflow whne +parsing large GECOS field. See +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 and +https://security-tracker.debian.org/tracker/CVE-2016-6318 for more +information. +--- + src/NEWS | 1 + + src/lib/fascist.c | 57 ++++++++++++++++++++++++++++++++----------------------- + 2 files changed, 34 insertions(+), 24 deletions(-) + +diff --git a/src/NEWS b/src/NEWS +index 26abeee..361a207 100644 +--- a/src/NEWS ++++ b/src/NEWS +@@ -1,3 +1,4 @@ ++v2.9.x apply patch to fix CVE-2016-6318 Stack-based buffer overflow when parsing large GECOS field + v2.9.6 updates to cracklib-words to add a bunch of other dictionary lists + migration to github + patch to add some particularly bad cases to the cracklib small dictionary (Matthew Miller) +diff --git a/src/lib/fascist.c b/src/lib/fascist.c +index a996509..d4deb15 100644 +--- a/src/lib/fascist.c ++++ b/src/lib/fascist.c +@@ -502,7 +502,7 @@ FascistGecosUser(char *password, const char *user, const char *gecos) + char gbuffer[STRINGSIZE]; + char tbuffer[STRINGSIZE]; + char *uwords[STRINGSIZE]; +- char longbuffer[STRINGSIZE * 2]; ++ char longbuffer[STRINGSIZE]; + + if (gecos == NULL) + gecos = ""; +@@ -583,38 +583,47 @@ FascistGecosUser(char *password, const char *user, const char *gecos) + { + for (i = 0; i < j; i++) + { +- strcpy(longbuffer, uwords[i]); +- strcat(longbuffer, uwords[j]); +- +- if (GTry(longbuffer, password)) ++ if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE) + { +- return _("it is derived from your password entry"); +- } ++ strcpy(longbuffer, uwords[i]); ++ strcat(longbuffer, uwords[j]); + +- strcpy(longbuffer, uwords[j]); +- strcat(longbuffer, uwords[i]); ++ if (GTry(longbuffer, password)) ++ { ++ return _("it is derived from your password entry"); ++ } + +- if (GTry(longbuffer, password)) +- { +- return _("it's derived from your password entry"); +- } ++ strcpy(longbuffer, uwords[j]); ++ strcat(longbuffer, uwords[i]); + +- longbuffer[0] = uwords[i][0]; +- longbuffer[1] = '\0'; +- strcat(longbuffer, uwords[j]); ++ if (GTry(longbuffer, password)) ++ { ++ return _("it's derived from your password entry"); ++ } ++ } + +- if (GTry(longbuffer, password)) ++ if (strlen(uwords[j]) < STRINGSIZE - 1) + { +- return _("it is derivable from your password entry"); ++ longbuffer[0] = uwords[i][0]; ++ longbuffer[1] = '\0'; ++ strcat(longbuffer, uwords[j]); ++ ++ if (GTry(longbuffer, password)) ++ { ++ return _("it is derivable from your password entry"); ++ } + } + +- longbuffer[0] = uwords[j][0]; +- longbuffer[1] = '\0'; +- strcat(longbuffer, uwords[i]); +- +- if (GTry(longbuffer, password)) ++ if (strlen(uwords[i]) < STRINGSIZE - 1) + { +- return _("it's derivable from your password entry"); ++ longbuffer[0] = uwords[j][0]; ++ longbuffer[1] = '\0'; ++ strcat(longbuffer, uwords[i]); ++ ++ if (GTry(longbuffer, password)) ++ { ++ return _("it's derivable from your password entry"); ++ } + } + } + } diff --git a/deps/cracklib/slack-desc b/deps/cracklib/slack-desc new file mode 100644 index 0000000..0f475fb --- /dev/null +++ b/deps/cracklib/slack-desc @@ -0,0 +1,20 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +cracklib: cracklib (password crack library) +cracklib: +cracklib: CrackLib is a library allowing a "passwd"-like program to filter out +cracklib: passwords that are considered easy to crack by brute-force. +cracklib: Cracklib uses dictionary lists of easy to guess passwords. +cracklib: +cracklib: +cracklib: +cracklib: +cracklib: See also: https://github.com/cracklib/cracklib +cracklib: + -- cgit v1.2.3