summaryrefslogtreecommitdiffstats
path: root/deps/cracklib
diff options
context:
space:
mode:
Diffstat (limited to 'deps/cracklib')
-rw-r--r--deps/cracklib/.url2
-rw-r--r--deps/cracklib/cracklib-words-2.9.7.bz2bin0 -> 6951761 bytes
-rwxr-xr-xdeps/cracklib/cracklib.SlackBuild135
-rw-r--r--deps/cracklib/patches/cracklib-2.9.6-cve-2016-6318.patch108
-rw-r--r--deps/cracklib/slack-desc20
5 files changed, 265 insertions, 0 deletions
diff --git a/deps/cracklib/.url b/deps/cracklib/.url
new file mode 100644
index 0000000..257cdea
--- /dev/null
+++ b/deps/cracklib/.url
@@ -0,0 +1,2 @@
+https://github.com/cracklib/cracklib/releases/download/v2.9.7/cracklib-2.9.7.tar.bz2
+https://github.com/cracklib/cracklib/releases/download/v2.9.7/cracklib-words-2.9.7.bz2
diff --git a/deps/cracklib/cracklib-words-2.9.7.bz2 b/deps/cracklib/cracklib-words-2.9.7.bz2
new file mode 100644
index 0000000..b29dbf1
--- /dev/null
+++ b/deps/cracklib/cracklib-words-2.9.7.bz2
Binary files differ
diff --git a/deps/cracklib/cracklib.SlackBuild b/deps/cracklib/cracklib.SlackBuild
new file mode 100755
index 0000000..f1825a7
--- /dev/null
+++ b/deps/cracklib/cracklib.SlackBuild
@@ -0,0 +1,135 @@
+#!/bin/sh
+
+# Copyright 2010,2011 Vincent Batts, Vienna, VA, USA
+# Copyright 2010, 2018 Patrick J. Volkerding, Sebeka, Minnesota, USA
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+cd $(dirname $0) ; CWD=$(pwd)
+
+PKGNAM=cracklib
+VERSION=${VERSION:-2.9.7}
+BUILD=${BUILD:-1}
+
+# Automatically determine the architecture we're building on:
+if [ -z "$ARCH" ]; then
+ case "$( uname -m )" in
+ i?86) export ARCH=i586 ;;
+ arm*) export ARCH=arm ;;
+ # Unless $ARCH is already set, use uname -m for all other archs:
+ *) export ARCH=$( uname -m ) ;;
+ esac
+fi
+
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+ echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
+ exit 0
+fi
+
+NUMJOBS=${NUMJOBS:-" -j$(expr $(nproc) + 1) "}
+
+TMP=${TMP:-/tmp}
+PKG=$TMP/package-$PKGNAM
+
+if [ "$ARCH" = "i586" ]; then
+ SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "s390" ]; then
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+rm -rf $PKG
+mkdir -p $TMP $PKG
+cd $TMP
+rm -rf $PKGNAM-$VERSION
+tar xf $CWD/$PKGNAM-$VERSION.tar.bz2 || exit 1
+cd $PKGNAM-$VERSION || exit 1
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \+ -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \+
+
+CFLAGS="$SLKCFLAGS" \
+CXXFLAGS="$SLKCFLAGS" \
+./configure \
+ --prefix=/usr \
+ --sbindir=/sbin \
+ --libdir=/usr/lib${LIBDIRSUFFIX} \
+ --sysconfdir=/etc \
+ --localstatedir=/var \
+ --mandir=/usr/man \
+ --docdir=/usr/doc/$PKGNAM-$VERSION \
+ --disable-static \
+ --build=$ARCH-slackware-linux || exit 1
+
+make $NUMJOBS || exit 1
+make install DESTDIR=$PKG || exit 1
+
+# Don't ship .la files:
+rm -f $PKG/{,usr/}lib${LIBDIRSUFFIX}/*.la
+
+mkdir -p $PKG/usr/share/cracklib
+
+# If there's a large word list in the source directory, use it.
+# Otherwise go with the bundled list.
+if [ -r $CWD/cracklib-words-$VERSION.bz2 ]; then
+ bzcat $CWD/cracklib-words-$VERSION.bz2 | gzip -c > words.gz
+ PATH=$(pwd)/util:$PATH \
+ ./util/create-cracklib-dict \
+ -o $PKG/usr/share/cracklib/pw_dict \
+ dicts/cracklib-small words.gz
+else
+ PATH=$(pwd)/util:$PATH \
+ ./util/create-cracklib-dict \
+ -o $PKG/usr/share/cracklib/pw_dict \
+ dicts/cracklib-small
+fi
+
+mkdir -p $PKG/var/cache/cracklib
+( cd $PKG/var/cache/cracklib
+ln -s /usr/share/cracklib/pw_dict.pwd cracklib_dict.pwd
+ln -s /usr/share/cracklib/pw_dict.pwi cracklib_dict.pwi
+)
+
+find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
+ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
+
+mkdir -p $PKG/usr/doc/$PKGNAM-$VERSION
+cp -a \
+ AUTHORS COPYING.LIB ChangeLog INSTALL NEWS README* \
+ $PKG/usr/doc/$PKGNAM-$VERSION
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $TMP/$PKGNAM-$VERSION-$ARCH-$BUILD.txz
+
diff --git a/deps/cracklib/patches/cracklib-2.9.6-cve-2016-6318.patch b/deps/cracklib/patches/cracklib-2.9.6-cve-2016-6318.patch
new file mode 100644
index 0000000..bc47734
--- /dev/null
+++ b/deps/cracklib/patches/cracklib-2.9.6-cve-2016-6318.patch
@@ -0,0 +1,108 @@
+From 47e5dec521ab6243c9b249dd65b93d232d90d6b1 Mon Sep 17 00:00:00 2001
+From: Jan Dittberner <jan@dittberner.info>
+Date: Thu, 25 Aug 2016 17:13:49 +0200
+Subject: [PATCH] Apply patch to fix CVE-2016-6318
+
+This patch fixes an issue with a stack-based buffer overflow whne
+parsing large GECOS field. See
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 and
+https://security-tracker.debian.org/tracker/CVE-2016-6318 for more
+information.
+---
+ src/NEWS | 1 +
+ src/lib/fascist.c | 57 ++++++++++++++++++++++++++++++++-----------------------
+ 2 files changed, 34 insertions(+), 24 deletions(-)
+
+diff --git a/src/NEWS b/src/NEWS
+index 26abeee..361a207 100644
+--- a/src/NEWS
++++ b/src/NEWS
+@@ -1,3 +1,4 @@
++v2.9.x apply patch to fix CVE-2016-6318 Stack-based buffer overflow when parsing large GECOS field
+ v2.9.6 updates to cracklib-words to add a bunch of other dictionary lists
+ migration to github
+ patch to add some particularly bad cases to the cracklib small dictionary (Matthew Miller)
+diff --git a/src/lib/fascist.c b/src/lib/fascist.c
+index a996509..d4deb15 100644
+--- a/src/lib/fascist.c
++++ b/src/lib/fascist.c
+@@ -502,7 +502,7 @@ FascistGecosUser(char *password, const char *user, const char *gecos)
+ char gbuffer[STRINGSIZE];
+ char tbuffer[STRINGSIZE];
+ char *uwords[STRINGSIZE];
+- char longbuffer[STRINGSIZE * 2];
++ char longbuffer[STRINGSIZE];
+
+ if (gecos == NULL)
+ gecos = "";
+@@ -583,38 +583,47 @@ FascistGecosUser(char *password, const char *user, const char *gecos)
+ {
+ for (i = 0; i < j; i++)
+ {
+- strcpy(longbuffer, uwords[i]);
+- strcat(longbuffer, uwords[j]);
+-
+- if (GTry(longbuffer, password))
++ if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE)
+ {
+- return _("it is derived from your password entry");
+- }
++ strcpy(longbuffer, uwords[i]);
++ strcat(longbuffer, uwords[j]);
+
+- strcpy(longbuffer, uwords[j]);
+- strcat(longbuffer, uwords[i]);
++ if (GTry(longbuffer, password))
++ {
++ return _("it is derived from your password entry");
++ }
+
+- if (GTry(longbuffer, password))
+- {
+- return _("it's derived from your password entry");
+- }
++ strcpy(longbuffer, uwords[j]);
++ strcat(longbuffer, uwords[i]);
+
+- longbuffer[0] = uwords[i][0];
+- longbuffer[1] = '\0';
+- strcat(longbuffer, uwords[j]);
++ if (GTry(longbuffer, password))
++ {
++ return _("it's derived from your password entry");
++ }
++ }
+
+- if (GTry(longbuffer, password))
++ if (strlen(uwords[j]) < STRINGSIZE - 1)
+ {
+- return _("it is derivable from your password entry");
++ longbuffer[0] = uwords[i][0];
++ longbuffer[1] = '\0';
++ strcat(longbuffer, uwords[j]);
++
++ if (GTry(longbuffer, password))
++ {
++ return _("it is derivable from your password entry");
++ }
+ }
+
+- longbuffer[0] = uwords[j][0];
+- longbuffer[1] = '\0';
+- strcat(longbuffer, uwords[i]);
+-
+- if (GTry(longbuffer, password))
++ if (strlen(uwords[i]) < STRINGSIZE - 1)
+ {
+- return _("it's derivable from your password entry");
++ longbuffer[0] = uwords[j][0];
++ longbuffer[1] = '\0';
++ strcat(longbuffer, uwords[i]);
++
++ if (GTry(longbuffer, password))
++ {
++ return _("it's derivable from your password entry");
++ }
+ }
+ }
+ }
diff --git a/deps/cracklib/slack-desc b/deps/cracklib/slack-desc
new file mode 100644
index 0000000..0f475fb
--- /dev/null
+++ b/deps/cracklib/slack-desc
@@ -0,0 +1,20 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+ |-----handy-ruler------------------------------------------------------|
+cracklib: cracklib (password crack library)
+cracklib:
+cracklib: CrackLib is a library allowing a "passwd"-like program to filter out
+cracklib: passwords that are considered easy to crack by brute-force.
+cracklib: Cracklib uses dictionary lists of easy to guess passwords.
+cracklib:
+cracklib:
+cracklib:
+cracklib:
+cracklib: See also: https://github.com/cracklib/cracklib
+cracklib:
+