CVS commit: pkgsrc/security/libcrack

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/libcrack
From: "Nia Alarie" <nia%netbsd.org@localhost>
Date: Thu, 18 Jun 2026 14:27:56 +0000

Module Name:    pkgsrc
Committed By:   nia
Date:           Thu Jun 18 14:27:56 UTC 2026

Modified Files:
        pkgsrc/security/libcrack: Makefile distinfo
        pkgsrc/security/libcrack/patches: patch-CVE-2016-6318
Added Files:
        pkgsrc/security/libcrack/patches: patch-cracklib_packer.h

Log Message:
libcrack: Fix various build problems with GCC 14 and GCC 15.

Unfortunately, libcrack relied on quite a lot of implicit
declarations of internal functions.

It makes use of syntax that predates standardized C, so force
an older standard version as insurance against future C compilers
getting stricter.


To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 pkgsrc/security/libcrack/Makefile
cvs rdiff -u -r1.11 -r1.12 pkgsrc/security/libcrack/distinfo
cvs rdiff -u -r1.1 -r1.2 pkgsrc/security/libcrack/patches/patch-CVE-2016-6318
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/security/libcrack/patches/patch-cracklib_packer.h

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/libcrack/Makefile
diff -u pkgsrc/security/libcrack/Makefile:1.23 pkgsrc/security/libcrack/Makefile:1.24
--- pkgsrc/security/libcrack/Makefile:1.23      Thu Dec 21 08:57:01 2023
+++ pkgsrc/security/libcrack/Makefile   Thu Jun 18 14:27:56 2026
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.23 2023/12/21 08:57:01 spz Exp $
+# $NetBSD: Makefile,v 1.24 2026/06/18 14:27:56 nia Exp $
 #
 
 DISTNAME=      cracklib,2.7
@@ -13,6 +13,12 @@ COMMENT=     Password checking library
 
 USE_LIBTOOL=   YES
 
+# This uses K&R style function definitions and is unlikely to
+# be happy with an evolving C standard. gnu99 is chosen for
+# being the minimum bootstrap requirement and safety against
+# APIs being hidden in strict standards mode.
+FORCE_C_STD=   gnu99
+
 INSTALLATION_DIRS=     bin include/cracklib lib libdata
 
 post-install:

Index: pkgsrc/security/libcrack/distinfo
diff -u pkgsrc/security/libcrack/distinfo:1.11 pkgsrc/security/libcrack/distinfo:1.12
--- pkgsrc/security/libcrack/distinfo:1.11      Tue Oct 26 11:17:12 2021
+++ pkgsrc/security/libcrack/distinfo   Thu Jun 18 14:27:56 2026
@@ -1,9 +1,10 @@
-$NetBSD: distinfo,v 1.11 2021/10/26 11:17:12 nia Exp $
+$NetBSD: distinfo,v 1.12 2026/06/18 14:27:56 nia Exp $
 
 BLAKE2s (cracklib,2.7.tar.gz) = cf8702fecf41a790d238b4caf43027035e5c020b77ae7a587ba54e32a4559d49
 SHA512 (cracklib,2.7.tar.gz) = 2d63ed30d78a8fb07caeb21b2eeeb88941b224fe9c94da6c5eaecc4d23510117c836a373e77dffc1ff827dbd8bc02a07d07434caa4fc39b48d515bef425819e9
 Size (cracklib,2.7.tar.gz) = 21059 bytes
-SHA1 (patch-CVE-2016-6318) = 8cfb44a70c1b9e23a9739edc393fc017a7327902
+SHA1 (patch-CVE-2016-6318) = 14cf27cc349ef3425809de9845e52623aff373fc
 SHA1 (patch-aa) = 8119a733f4bdb0a5a41e41ab53e9923564a70855
 SHA1 (patch-ab) = b69fafe0b49de13a977df43fbaf8c01c06e0c2a8
 SHA1 (patch-ac) = 44677705081bfd13523469137cd73fe2d9a3aadb
+SHA1 (patch-cracklib_packer.h) = 5fc0e572748ee0e21370dc7b45054382d040bfe3

Index: pkgsrc/security/libcrack/patches/patch-CVE-2016-6318
diff -u pkgsrc/security/libcrack/patches/patch-CVE-2016-6318:1.1 pkgsrc/security/libcrack/patches/patch-CVE-2016-6318:1.2
--- pkgsrc/security/libcrack/patches/patch-CVE-2016-6318:1.1    Sun Oct 30 20:49:57 2016
+++ pkgsrc/security/libcrack/patches/patch-CVE-2016-6318        Thu Jun 18 14:27:56 2026
@@ -4,9 +4,17 @@ https://bugzilla.redhat.com/attachment.c
 It is not safe to pass words longer than STRINGSIZE further to cracklib
 so the longbuffer cannot be longer than STRINGSIZE.
 
---- ./cracklib/fascist.c.orig  1997-12-31 10:26:46.000000000 +0000
-+++ ./cracklib/fascist.c       2016-10-27 19:00:46.000000000 +0000
-@@ -490,7 +490,7 @@ FascistGecos(password, uid)
+--- cracklib/fascist.c.orig    1997-12-31 10:26:46.000000000 +0000
++++ cracklib/fascist.c
+@@ -10,6 +10,7 @@ static char vers_id[] = "fascist.c : v2.3p3 Alec Muffe
+ 
+ #include "packer.h"
+ #include <sys/types.h>
++#include <unistd.h>
+ #include <pwd.h>
+ 
+ #define ISSKIP(x) (isspace(x) || ispunct(x))
+@@ -490,7 +491,7 @@ FascistGecos(password, uid)
      char gbuffer[STRINGSIZE];
      char tbuffer[STRINGSIZE];
      char *uwords[STRINGSIZE];
@@ -15,7 +23,7 @@ so the longbuffer cannot be longer than 
  
      if (!(pwp = getpwuid(uid)))
      {
-@@ -573,38 +573,47 @@ FascistGecos(password, uid)
+@@ -573,38 +574,47 @@ FascistGecos(password, uid)
      {
        for (i = 0; i < j; i++)
        {
@@ -27,20 +35,19 @@ so the longbuffer cannot be longer than 
            {
 -              return ("it is derived from your password entry");
 -          }
--
--          strcpy(longbuffer, uwords[j]);
--          strcat(longbuffer, uwords[i]);
 +              strcpy(longbuffer, uwords[i]);
 +              strcat(longbuffer, uwords[j]);
  
--          if (GTry(longbuffer, password))
--          {
--              return ("it's derived from your password entry");
+-          strcpy(longbuffer, uwords[j]);
+-          strcat(longbuffer, uwords[i]);
 +              if (GTry(longbuffer, password))
 +              {
 +                  return ("it is derived from your password entry");
 +              }
-+
+ 
+-          if (GTry(longbuffer, password))
+-          {
+-              return ("it's derived from your password entry");
 +              strcpy(longbuffer, uwords[j]);
 +              strcat(longbuffer, uwords[i]);
 +

Added files:

Index: pkgsrc/security/libcrack/patches/patch-cracklib_packer.h
diff -u /dev/null pkgsrc/security/libcrack/patches/patch-cracklib_packer.h:1.1
--- /dev/null   Thu Jun 18 14:27:56 2026
+++ pkgsrc/security/libcrack/patches/patch-cracklib_packer.h    Thu Jun 18 14:27:56 2026
@@ -0,0 +1,31 @@
+$NetBSD: patch-cracklib_packer.h,v 1.1 2026/06/18 14:27:56 nia Exp $
+
+Fix implicit declarations in various files, including packlib.c and
+fascist.c.
+
+--- cracklib/packer.h.orig     1997-12-31 10:26:01.000000000 +0000
++++ cracklib/packer.h
+@@ -7,6 +7,8 @@
+  */
+ 
+ #include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
+ #include <ctype.h>
+ 
+ #define STRINGSIZE    1024
+@@ -52,7 +54,14 @@ extern PWDICT *PWOpen();
+ #define PIH_MAGIC 0x70775631
+ 
+ extern PWDICT *PWOpen();
++extern int PutPW(PWDICT *, char *);
++extern int PMatch(register char *, register char *);
++extern int PWClose(PWDICT *);
++extern int32 FindPW(PWDICT *, char *);
++extern char *GetPW(PWDICT *, int32);
+ extern char *Mangle();
++extern char *Trim(register char *);
++extern char Chop(register char *string);
+ extern char *FascistCheck();
+ 
+ #define CRACK_TOLOWER(a)      (isupper(a)?tolower(a):(a))

Prev by Date: CVS commit: pkgsrc/www/php-nextcloud
Next by Date: CVS commit: pkgsrc/textproc/eb
Previous by Thread: CVS commit: pkgsrc/www/php-nextcloud
Next by Thread: CVS commit: pkgsrc/textproc/eb
Indexes:

Home | Main Index | Thread Index | Old Index