pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/libcrack add a patch for CVE-2016-6318 from



details:   https://anonhg.NetBSD.org/pkgsrc/rev/5474ae434f94
branches:  trunk
changeset: 354463:5474ae434f94
user:      spz <spz%pkgsrc.org@localhost>
date:      Sun Oct 30 20:49:57 2016 +0000

description:
add a patch for CVE-2016-6318 from
https://bugzilla.redhat.com/attachment.cgi?id=1188599

diffstat:

 security/libcrack/Makefile                    |   4 +-
 security/libcrack/distinfo                    |   3 +-
 security/libcrack/patches/patch-CVE-2016-6318 |  89 +++++++++++++++++++++++++++
 3 files changed, 93 insertions(+), 3 deletions(-)

diffs (123 lines):

diff -r 5acd42b40d7f -r 5474ae434f94 security/libcrack/Makefile
--- a/security/libcrack/Makefile        Sun Oct 30 18:10:32 2016 +0000
+++ b/security/libcrack/Makefile        Sun Oct 30 20:49:57 2016 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.18 2014/10/09 14:06:52 wiz Exp $
+# $NetBSD: Makefile,v 1.19 2016/10/30 20:49:57 spz Exp $
 #
 
 DISTNAME=      cracklib,2.7
 PKGNAME=       libcrack-2.7
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    security
 MASTER_SITES=  http://www.crypticide.com/alecm/security/cracklib/
 
diff -r 5acd42b40d7f -r 5474ae434f94 security/libcrack/distinfo
--- a/security/libcrack/distinfo        Sun Oct 30 18:10:32 2016 +0000
+++ b/security/libcrack/distinfo        Sun Oct 30 20:49:57 2016 +0000
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.7 2015/11/04 01:17:48 agc Exp $
+$NetBSD: distinfo,v 1.8 2016/10/30 20:49:57 spz Exp $
 
 SHA1 (cracklib,2.7.tar.gz) = 903bb7e2400c7e486f432aab026dd6584815d2c1
 RMD160 (cracklib,2.7.tar.gz) = 8c1710580ed5778f54d30b709cac0b4b07543aed
 SHA512 (cracklib,2.7.tar.gz) = 2d63ed30d78a8fb07caeb21b2eeeb88941b224fe9c94da6c5eaecc4d23510117c836a373e77dffc1ff827dbd8bc02a07d07434caa4fc39b48d515bef425819e9
 Size (cracklib,2.7.tar.gz) = 21059 bytes
+SHA1 (patch-CVE-2016-6318) = 8cfb44a70c1b9e23a9739edc393fc017a7327902
 SHA1 (patch-aa) = 8119a733f4bdb0a5a41e41ab53e9923564a70855
 SHA1 (patch-ab) = b9a0b5929936a1335f08cab93710bbe66c74183d
 SHA1 (patch-ac) = 43031370c2bb08c7b43c6afad0fabe8060ac66b3
diff -r 5acd42b40d7f -r 5474ae434f94 security/libcrack/patches/patch-CVE-2016-6318
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/libcrack/patches/patch-CVE-2016-6318     Sun Oct 30 20:49:57 2016 +0000
@@ -0,0 +1,89 @@
+patch to cracklib 2.7 based on a patch for cracklib 2.9 from
+https://bugzilla.redhat.com/attachment.cgi?id=1188599 :
+
+It is not safe to pass words longer than STRINGSIZE further to cracklib
+so the longbuffer cannot be longer than STRINGSIZE.
+
+--- ./cracklib/fascist.c.orig  1997-12-31 10:26:46.000000000 +0000
++++ ./cracklib/fascist.c       2016-10-27 19:00:46.000000000 +0000
+@@ -490,7 +490,7 @@ FascistGecos(password, uid)
+     char gbuffer[STRINGSIZE];
+     char tbuffer[STRINGSIZE];
+     char *uwords[STRINGSIZE];
+-    char longbuffer[STRINGSIZE * 2];
++    char longbuffer[STRINGSIZE];
+ 
+     if (!(pwp = getpwuid(uid)))
+     {
+@@ -573,38 +573,47 @@ FascistGecos(password, uid)
+     {
+       for (i = 0; i < j; i++)
+       {
+-          strcpy(longbuffer, uwords[i]);
+-          strcat(longbuffer, uwords[j]);
+-
+-          if (GTry(longbuffer, password))
++          if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE)
+           {
+-              return ("it is derived from your password entry");
+-          }
+-
+-          strcpy(longbuffer, uwords[j]);
+-          strcat(longbuffer, uwords[i]);
++              strcpy(longbuffer, uwords[i]);
++              strcat(longbuffer, uwords[j]);
+ 
+-          if (GTry(longbuffer, password))
+-          {
+-              return ("it's derived from your password entry");
++              if (GTry(longbuffer, password))
++              {
++                  return ("it is derived from your password entry");
++              }
++
++              strcpy(longbuffer, uwords[j]);
++              strcat(longbuffer, uwords[i]);
++
++              if (GTry(longbuffer, password))
++              {
++                  return ("it's derived from your password entry");
++              }
+           }
+ 
+-          longbuffer[0] = uwords[i][0];
+-          longbuffer[1] = '\0';
+-          strcat(longbuffer, uwords[j]);
+-
+-          if (GTry(longbuffer, password))
++          if (strlen(uwords[j]) < STRINGSIZE - 1)
+           {
+-              return ("it is derivable from your password entry");
++              longbuffer[0] = uwords[i][0];
++              longbuffer[1] = '\0';
++              strcat(longbuffer, uwords[j]);
++
++              if (GTry(longbuffer, password))
++              {
++                  return ("it is derivable from your password entry");
++              }
+           }
+ 
+-          longbuffer[0] = uwords[j][0];
+-          longbuffer[1] = '\0';
+-          strcat(longbuffer, uwords[i]);
+-
+-          if (GTry(longbuffer, password))
++          if (strlen(uwords[i]) < STRINGSIZE - 1)
+           {
+-              return ("it's derivable from your password entry");
++              longbuffer[0] = uwords[j][0];
++              longbuffer[1] = '\0';
++              strcat(longbuffer, uwords[i]);
++
++              if (GTry(longbuffer, password))
++              {
++                  return ("it's derivable from your password entry");
++              }
+           }
+       }
+     }



Home | Main Index | Thread Index | Old Index