diff options
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-extended/cracklib')
2 files changed, 109 insertions, 22 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch b/import-layers/yocto-poky/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch new file mode 100644 index 0000000000..b251ac9056 --- /dev/null +++ b/import-layers/yocto-poky/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch @@ -0,0 +1,105 @@ +From 47e5dec521ab6243c9b249dd65b93d232d90d6b1 Mon Sep 17 00:00:00 2001 +From: Jan Dittberner <jan@dittberner.info> +Date: Thu, 25 Aug 2016 17:13:49 +0200 +Subject: [PATCH] Apply patch to fix CVE-2016-6318 + +This patch fixes an issue with a stack-based buffer overflow when +parsing large GECOS field. See +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 and +https://security-tracker.debian.org/tracker/CVE-2016-6318 for more +information. + +Upstream-Status: Backport [https://github.com/cracklib/cracklib/commit/47e5dec521ab6243c9b249dd65b93d232d90d6b1] +CVE: CVE-2016-6318 +Signed-off-by: Dengke Du <dengke.du@windriver.com> +--- + lib/fascist.c | 57 ++++++++++++++++++++++++++++++++----------------------- + 1 file changed, 33 insertions(+), 24 deletions(-) + +diff --git a/lib/fascist.c b/lib/fascist.c +index a996509..d4deb15 100644 +--- a/lib/fascist.c ++++ b/lib/fascist.c +@@ -502,7 +502,7 @@ FascistGecosUser(char *password, const char *user, const char *gecos) + char gbuffer[STRINGSIZE]; + char tbuffer[STRINGSIZE]; + char *uwords[STRINGSIZE]; +- char longbuffer[STRINGSIZE * 2]; ++ char longbuffer[STRINGSIZE]; + + if (gecos == NULL) + gecos = ""; +@@ -583,38 +583,47 @@ FascistGecosUser(char *password, const char *user, const char *gecos) + { + for (i = 0; i < j; i++) + { +- strcpy(longbuffer, uwords[i]); +- strcat(longbuffer, uwords[j]); +- +- if (GTry(longbuffer, password)) ++ if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE) + { +- return _("it is derived from your password entry"); +- } ++ strcpy(longbuffer, uwords[i]); ++ strcat(longbuffer, uwords[j]); + +- strcpy(longbuffer, uwords[j]); +- strcat(longbuffer, uwords[i]); ++ if (GTry(longbuffer, password)) ++ { ++ return _("it is derived from your password entry"); ++ } + +- if (GTry(longbuffer, password)) +- { +- return _("it's derived from your password entry"); +- } ++ strcpy(longbuffer, uwords[j]); ++ strcat(longbuffer, uwords[i]); + +- longbuffer[0] = uwords[i][0]; +- longbuffer[1] = '\0'; +- strcat(longbuffer, uwords[j]); ++ if (GTry(longbuffer, password)) ++ { ++ return _("it's derived from your password entry"); ++ } ++ } + +- if (GTry(longbuffer, password)) ++ if (strlen(uwords[j]) < STRINGSIZE - 1) + { +- return _("it is derivable from your password entry"); ++ longbuffer[0] = uwords[i][0]; ++ longbuffer[1] = '\0'; ++ strcat(longbuffer, uwords[j]); ++ ++ if (GTry(longbuffer, password)) ++ { ++ return _("it is derivable from your password entry"); ++ } + } + +- longbuffer[0] = uwords[j][0]; +- longbuffer[1] = '\0'; +- strcat(longbuffer, uwords[i]); +- +- if (GTry(longbuffer, password)) ++ if (strlen(uwords[i]) < STRINGSIZE - 1) + { +- return _("it's derivable from your password entry"); ++ longbuffer[0] = uwords[j][0]; ++ longbuffer[1] = '\0'; ++ strcat(longbuffer, uwords[i]); ++ ++ if (GTry(longbuffer, password)) ++ { ++ return _("it's derivable from your password entry"); ++ } + } + } + } +-- +2.8.1 + diff --git a/import-layers/yocto-poky/meta/recipes-extended/cracklib/cracklib_2.9.5.bb b/import-layers/yocto-poky/meta/recipes-extended/cracklib/cracklib_2.9.5.bb index 3bd3f93674..82995219dc 100644 --- a/import-layers/yocto-poky/meta/recipes-extended/cracklib/cracklib_2.9.5.bb +++ b/import-layers/yocto-poky/meta/recipes-extended/cracklib/cracklib_2.9.5.bb @@ -4,15 +4,13 @@ HOMEPAGE = "http://sourceforge.net/projects/cracklib" LICENSE = "LGPLv2.1+" LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=e3eda01d9815f8d24aae2dbd89b68b06" -DEPENDS = "cracklib-native zlib python" -RDEPEND_${PN}-python += "python" +DEPENDS = "cracklib-native zlib" -PACKAGES += "${PN}-python" - -EXTRA_OECONF = "--with-python --libdir=${base_libdir}" +EXTRA_OECONF = "--without-python --libdir=${base_libdir}" SRC_URI = "${SOURCEFORGE_MIRROR}/cracklib/cracklib-${PV}.tar.gz \ file://0001-packlib.c-support-dictionary-byte-order-dependent.patch \ + file://0001-Apply-patch-to-fix-CVE-2016-6318.patch \ file://0002-craklib-fix-testnum-and-teststr-failed.patch" SRC_URI[md5sum] = "376790a95c1fb645e59e6e9803c78582" @@ -21,27 +19,11 @@ SRC_URI[sha256sum] = "59ab0138bc8cf90cccb8509b6969a024d5e58d2d02bcbdccbb9ba9b88b UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/cracklib/files/cracklib/" UPSTREAM_CHECK_REGEX = "/cracklib/(?P<pver>(\d+[\.\-_]*)+)/" -inherit autotools gettext pythonnative python-dir +inherit autotools gettext do_install_append_class-target() { create-cracklib-dict -o ${D}${datadir}/cracklib/pw_dict ${D}${datadir}/cracklib/cracklib-small } -do_install_append() { - src_dir="${D}${base_libdir}/${PYTHON_DIR}/site-packages" - rm -f $src_dir/test_cracklib.py* - - if [ "${base_libdir}" != "${libdir}" ] ; then - # Move python files from ${base_libdir} to ${libdir} since used --libdir=${base_libdir} - install -d -m 0755 ${D}${PYTHON_SITEPACKAGES_DIR}/ - mv $src_dir/* ${D}${PYTHON_SITEPACKAGES_DIR} - rm -fr ${D}${base_libdir}/${PYTHON_DIR} - fi -} - BBCLASSEXTEND = "native nativesdk" -FILES_${PN}-python = "${PYTHON_SITEPACKAGES_DIR}/cracklib.py* \ - ${PYTHON_SITEPACKAGES_DIR}/_cracklib.*" - -FILES_${PN}-staticdev += "${PYTHON_SITEPACKAGES_DIR}/_cracklib.a" |