diff options
Diffstat (limited to 'import-layers/yocto-poky/meta/recipes-extended/cracklib')
4 files changed, 0 insertions, 526 deletions
diff --git a/import-layers/yocto-poky/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch b/import-layers/yocto-poky/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch deleted file mode 100644 index b251ac905..000000000 --- a/import-layers/yocto-poky/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 47e5dec521ab6243c9b249dd65b93d232d90d6b1 Mon Sep 17 00:00:00 2001 -From: Jan Dittberner <jan@dittberner.info> -Date: Thu, 25 Aug 2016 17:13:49 +0200 -Subject: [PATCH] Apply patch to fix CVE-2016-6318 - -This patch fixes an issue with a stack-based buffer overflow when -parsing large GECOS field. See -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 and -https://security-tracker.debian.org/tracker/CVE-2016-6318 for more -information. - -Upstream-Status: Backport [https://github.com/cracklib/cracklib/commit/47e5dec521ab6243c9b249dd65b93d232d90d6b1] -CVE: CVE-2016-6318 -Signed-off-by: Dengke Du <dengke.du@windriver.com> ---- - lib/fascist.c | 57 ++++++++++++++++++++++++++++++++----------------------- - 1 file changed, 33 insertions(+), 24 deletions(-) - -diff --git a/lib/fascist.c b/lib/fascist.c -index a996509..d4deb15 100644 ---- a/lib/fascist.c -+++ b/lib/fascist.c -@@ -502,7 +502,7 @@ FascistGecosUser(char *password, const char *user, const char *gecos) - char gbuffer[STRINGSIZE]; - char tbuffer[STRINGSIZE]; - char *uwords[STRINGSIZE]; -- char longbuffer[STRINGSIZE * 2]; -+ char longbuffer[STRINGSIZE]; - - if (gecos == NULL) - gecos = ""; -@@ -583,38 +583,47 @@ FascistGecosUser(char *password, const char *user, const char *gecos) - { - for (i = 0; i < j; i++) - { -- strcpy(longbuffer, uwords[i]); -- strcat(longbuffer, uwords[j]); -- -- if (GTry(longbuffer, password)) -+ if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE) - { -- return _("it is derived from your password entry"); -- } -+ strcpy(longbuffer, uwords[i]); -+ strcat(longbuffer, uwords[j]); - -- strcpy(longbuffer, uwords[j]); -- strcat(longbuffer, uwords[i]); -+ if (GTry(longbuffer, password)) -+ { -+ return _("it is derived from your password entry"); -+ } - -- if (GTry(longbuffer, password)) -- { -- return _("it's derived from your password entry"); -- } -+ strcpy(longbuffer, uwords[j]); -+ strcat(longbuffer, uwords[i]); - -- longbuffer[0] = uwords[i][0]; -- longbuffer[1] = '\0'; -- strcat(longbuffer, uwords[j]); -+ if (GTry(longbuffer, password)) -+ { -+ return _("it's derived from your password entry"); -+ } -+ } - -- if (GTry(longbuffer, password)) -+ if (strlen(uwords[j]) < STRINGSIZE - 1) - { -- return _("it is derivable from your password entry"); -+ longbuffer[0] = uwords[i][0]; -+ longbuffer[1] = '\0'; -+ strcat(longbuffer, uwords[j]); -+ -+ if (GTry(longbuffer, password)) -+ { -+ return _("it is derivable from your password entry"); -+ } - } - -- longbuffer[0] = uwords[j][0]; -- longbuffer[1] = '\0'; -- strcat(longbuffer, uwords[i]); -- -- if (GTry(longbuffer, password)) -+ if (strlen(uwords[i]) < STRINGSIZE - 1) - { -- return _("it's derivable from your password entry"); -+ longbuffer[0] = uwords[j][0]; -+ longbuffer[1] = '\0'; -+ strcat(longbuffer, uwords[i]); -+ -+ if (GTry(longbuffer, password)) -+ { -+ return _("it's derivable from your password entry"); -+ } - } - } - } --- -2.8.1 - diff --git a/import-layers/yocto-poky/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch b/import-layers/yocto-poky/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch deleted file mode 100644 index adbe7dfff..000000000 --- a/import-layers/yocto-poky/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch +++ /dev/null @@ -1,339 +0,0 @@ -From 8a6e43726ad0ae41bd1cc2c248d91deb31459357 Mon Sep 17 00:00:00 2001 -From: Lei Maohui <leimaohui@cn.fujitsu.com> -Date: Tue, 9 Jun 2015 11:11:48 +0900 -Subject: [PATCH] packlib.c: support dictionary byte order dependent - -The previous dict files are NOT byte-order independent, in fact they are -probably ARCHITECTURE SPECIFIC. -Create the dict files in big endian, and convert to host endian while -load them. This could fix the endian issue on multiple platform. - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> -Upstream-Status: Pending - -We can't use the endian.h, htobe* and be*toh functions because they are -not available on older versions of glibc, such as that found in RHEL -5.9. - -Change to checking endian and directly calling bswap_* as defined in -byteswap.h. - -Signed-off-by: Mark Hatle <mark.hatle@windriver.com> - -Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com> ---- - lib/packlib.c | 214 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 210 insertions(+), 4 deletions(-) - -diff --git a/lib/packlib.c b/lib/packlib.c -index f851424..3aac805 100644 ---- a/lib/packlib.c -+++ b/lib/packlib.c -@@ -16,6 +16,12 @@ - #ifdef HAVE_STDINT_H - #include <stdint.h> - #endif -+ -+#ifndef _BSD_SOURCE -+#define _BSD_SOURCE /* See feature_test_macros(7) */ -+#endif -+#include <endian.h> -+#include <byteswap.h> - #include "packer.h" - - static const char vers_id[] = "packlib.c : v2.3p2 Alec Muffett 18 May 1993"; -@@ -45,6 +51,185 @@ typedef struct - char data_get[NUMWORDS][MAXWORDLEN]; - } PWDICT64; - -+enum{ -+ en_is32, -+ en_is64 -+}; -+ -+static int -+IheaderHostToBigEndian(char *pHeader, int nBitType) -+{ -+ if (nBitType == en_is64 && __BYTE_ORDER == __LITTLE_ENDIAN) -+ { -+ struct pi_header64 *pHeader64 = (struct pi_header64*)pHeader; -+ -+ pHeader64->pih_magic = bswap_64(pHeader64->pih_magic); -+ pHeader64->pih_numwords = bswap_64(pHeader64->pih_numwords); -+ pHeader64->pih_blocklen = bswap_16(pHeader64->pih_blocklen); -+ pHeader64->pih_pad = bswap_16(pHeader64->pih_pad); -+ -+#if DEBUG -+ printf("Header64: magic %x, numwords %x, blocklen %x, pad %x\n", -+ pHeader64->pih_magic, pHeader64->pih_numwords, -+ pHeader64->pih_blocklen, pHeader64->pih_pad); -+#endif -+ } -+ else if (nBitType == en_is32 && __BYTE_ORDER == __LITTLE_ENDIAN) -+ { -+ struct pi_header *pHeader32 = (struct pi_header*)pHeader; -+ -+ pHeader32->pih_magic = bswap_32(pHeader32->pih_magic); -+ pHeader32->pih_numwords = bswap_32(pHeader32->pih_numwords); -+ pHeader32->pih_blocklen = bswap_16(pHeader32->pih_blocklen); -+ pHeader32->pih_pad = bswap_16(pHeader32->pih_pad); -+ -+#if DEBUG -+ printf("Header32: magic %x, numwords %x, blocklen %x, pad %x\n", -+ pHeader32->pih_magic, pHeader32->pih_numwords, -+ pHeader32->pih_blocklen, pHeader32->pih_pad); -+#endif -+ } -+ else if (__BYTE_ORDER == __LITTLE_ENDIAN) -+ { -+ fprintf(stderr, "Neither 32 or 64: %d\n", nBitType); -+ return (-1); -+ } -+ -+ return 0; -+} -+ -+static int -+IheaderBigEndianToHost(char *pHeader, int nBitType) -+{ -+ if (nBitType == en_is64 && __BYTE_ORDER == __LITTLE_ENDIAN) -+ { -+ struct pi_header64 *pHeader64 = (struct pi_header64*)pHeader; -+ -+ pHeader64->pih_magic = bswap_64(pHeader64->pih_magic); -+ pHeader64->pih_numwords = bswap_64(pHeader64->pih_numwords); -+ pHeader64->pih_blocklen = bswap_16(pHeader64->pih_blocklen); -+ pHeader64->pih_pad = bswap_16(pHeader64->pih_pad); -+ -+#if DEBUG -+ printf("Header64: magic %x, numwords %x, blocklen %x, pad %x\n", -+ pHeader64->pih_magic, pHeader64->pih_numwords, -+ pHeader64->pih_blocklen, pHeader64->pih_pad); -+#endif -+ } -+ else if (nBitType == en_is32 && __BYTE_ORDER == __LITTLE_ENDIAN) -+ { -+ struct pi_header *pHeader32 = (struct pi_header*)pHeader; -+ -+ pHeader32->pih_magic = bswap_32(pHeader32->pih_magic); -+ pHeader32->pih_numwords = bswap_32(pHeader32->pih_numwords); -+ pHeader32->pih_blocklen = bswap_16(pHeader32->pih_blocklen); -+ pHeader32->pih_pad = bswap_16(pHeader32->pih_pad); -+ -+#if DEBUG -+ printf("Header32: magic %x, numwords %x, blocklen %x, pad %x\n", -+ pHeader32->pih_magic, pHeader32->pih_numwords, -+ pHeader32->pih_blocklen, pHeader32->pih_pad); -+#endif -+ } -+ else if (__BYTE_ORDER == __LITTLE_ENDIAN) -+ { -+ fprintf(stderr, "Neither 32 or 64: %d\n", nBitType); -+ return (-1); -+ } -+ -+ return 0; -+} -+ -+static int -+HwmsHostToBigEndian(char *pHwms, int nLen,int nBitType) -+{ -+ int i = 0; -+ -+ if (nBitType == en_is64 && __BYTE_ORDER == __LITTLE_ENDIAN) -+ { -+ uint64_t *pHwms64 = (uint64_t*)pHwms; -+ -+ for (i = 0; i < nLen / sizeof(uint64_t); i++) -+ { -+ *pHwms64 = bswap_64(*pHwms64); -+ *pHwms64++; -+ } -+ -+ } -+ else if (nBitType == en_is32 && __BYTE_ORDER == __LITTLE_ENDIAN) -+ { -+ uint32_t *pHwms32 = (uint32_t*)pHwms; -+ -+ for (i = 0; i < nLen / sizeof(uint32_t); i++) -+ { -+ *pHwms32 = bswap_32(*pHwms32); -+ *pHwms32++; -+ } -+ -+ } -+ else if (__BYTE_ORDER == __LITTLE_ENDIAN) -+ { -+ fprintf(stderr, "Neither 32 or 64: %d\n", nBitType); -+ return (-1); -+ } -+ -+#if DEBUG -+ for (i = 0; i < nLen; i+=8) -+ { -+ printf("hwms%s: %02X %02X %02X %02X %02X %02X %02X %02X\n", -+ nBitType==en_is64?"64":"32", pHwms[i+0]&0xFF, pHwms[i+1]&0xFF, -+ pHwms[i+2]&0xFF, pHwms[i+3]&0xFF, pHwms[i+4]&0xFF, -+ pHwms[i+5]&0xFF, pHwms[i+6]&0xFF, pHwms[i+7]&0xFF); -+ } -+#endif -+ -+ return 0; -+} -+ -+static int -+HwmsBigEndianToHost(char *pHwms, int nLen, int nBitType) -+{ -+ int i = 0; -+ -+ if (nBitType == en_is64 && __BYTE_ORDER == __LITTLE_ENDIAN) -+ { -+ uint64_t *pHwms64 = (uint64_t*)pHwms; -+ -+ for (i = 0; i < nLen / sizeof(uint64_t); i++) -+ { -+ *pHwms64++ = bswap_64(*pHwms64); -+ } -+ -+ } -+ else if (nBitType == en_is32 && __BYTE_ORDER == __LITTLE_ENDIAN) -+ { -+ uint32_t *pHwms32 = (uint32_t*)pHwms; -+ -+ for (i = 0; i < nLen / sizeof(uint32_t); i++) -+ { -+ *pHwms32 = bswap_32(*pHwms32); -+ *pHwms32++; -+ } -+ -+ } -+ else if (__BYTE_ORDER == __LITTLE_ENDIAN) -+ { -+ fprintf(stderr, "Neither 32 or 64: %d\n", nBitType); -+ return (-1); -+ } -+ -+#if DEBUG -+ for (i = 0; i < nLen; i+=8) -+ { -+ printf("hwms%s: %02X %02X %02X %02X %02X %02X %02X %02X\n", -+ nBitType==en_is64?"64":"32", pHwms[i+0]&0xFF, pHwms[i+1]&0xFF, -+ pHwms[i+2]&0xFF, pHwms[i+3]&0xFF, pHwms[i+4]&0xFF, -+ pHwms[i+5]&0xFF, pHwms[i+6]&0xFF, pHwms[i+7]&0xFF); -+ } -+#endif -+ -+ return 0; -+} - - static int - _PWIsBroken64(FILE *ifp) -@@ -57,6 +242,7 @@ _PWIsBroken64(FILE *ifp) - return 0; - } - -+ IheaderBigEndianToHost((char *) &pdesc64.header, en_is64); - return (pdesc64.header.pih_magic == PIH_MAGIC); - } - -@@ -149,7 +335,11 @@ PWOpen(prefix, mode) - pdesc.header.pih_blocklen = NUMWORDS; - pdesc.header.pih_numwords = 0; - -- fwrite((char *) &pdesc.header, sizeof(pdesc.header), 1, ifp); -+ struct pi_header tmpheader32; -+ -+ memcpy(&tmpheader32, &pdesc.header, sizeof(pdesc.header)); -+ IheaderHostToBigEndian((char *) &tmpheader32, en_is32); -+ fwrite((char *) &tmpheader32, sizeof(tmpheader32), 1, ifp); - } else - { - pdesc.flags &= ~PFOR_WRITE; -@@ -173,6 +363,7 @@ PWOpen(prefix, mode) - return NULL; - } - -+ IheaderBigEndianToHost((char *) &pdesc.header, en_is32); - if ((pdesc.header.pih_magic == 0) || (pdesc.header.pih_numwords == 0)) - { - /* uh-oh. either a broken "64-bit" file or a garbage file. */ -@@ -195,6 +386,7 @@ PWOpen(prefix, mode) - } - return NULL; - } -+ IheaderBigEndianToHost((char *) &pdesc64.header, en_is64); - if (pdesc64.header.pih_magic != PIH_MAGIC) - { - /* nope, not "64-bit" after all */ -@@ -290,6 +482,7 @@ PWOpen(prefix, mode) - { - pdesc.flags &= ~PFOR_USEHWMS; - } -+ HwmsBigEndianToHost((char*)pdesc64.hwms, sizeof(pdesc64.hwms), en_is64); - for (i = 0; i < sizeof(pdesc.hwms) / sizeof(pdesc.hwms[0]); i++) - { - pdesc.hwms[i] = pdesc64.hwms[i]; -@@ -299,6 +492,7 @@ PWOpen(prefix, mode) - { - pdesc.flags &= ~PFOR_USEHWMS; - } -+ HwmsBigEndianToHost((char*)pdesc.hwms, sizeof(pdesc.hwms), en_is32); - #if DEBUG - for (i=1; i<=0xff; i++) - { -@@ -332,7 +526,11 @@ PWClose(pwp) - return (-1); - } - -- if (!fwrite((char *) &pwp->header, sizeof(pwp->header), 1, pwp->ifp)) -+ struct pi_header tmpheader32; -+ -+ memcpy(&tmpheader32, &pwp->header, sizeof(pwp->header)); -+ IheaderHostToBigEndian((char *) &tmpheader32, en_is32); -+ if (!fwrite((char *) &tmpheader32, sizeof(tmpheader32), 1, pwp->ifp)) - { - fprintf(stderr, "index magic fwrite failed\n"); - return (-1); -@@ -351,7 +549,12 @@ PWClose(pwp) - printf("hwm[%02x] = %d\n", i, pwp->hwms[i]); - #endif - } -- fwrite(pwp->hwms, 1, sizeof(pwp->hwms), pwp->wfp); -+ -+ PWDICT tmp_pwp; -+ -+ memcpy(&tmp_pwp, pwp, sizeof(PWDICT)); -+ HwmsHostToBigEndian(tmp_pwp.hwms, sizeof(tmp_pwp.hwms), en_is32); -+ fwrite(tmp_pwp.hwms, 1, sizeof(tmp_pwp.hwms), pwp->wfp); - } - } - -@@ -405,7 +608,8 @@ PutPW(pwp, string) - - datum = (uint32_t) ftell(pwp->dfp); - -- fwrite((char *) &datum, sizeof(datum), 1, pwp->ifp); -+ uint32_t tmpdatum = (__BYTE_ORDER == __LITTLE_ENDIAN) ? bswap_32(datum) : datum; -+ fwrite((char *) &tmpdatum, sizeof(tmpdatum), 1, pwp->ifp); - - fputs(pwp->data_put[0], pwp->dfp); - putc(0, pwp->dfp); -@@ -464,6 +668,7 @@ GetPW(pwp, number) - perror("(index fread failed)"); - return NULL; - } -+ datum64 = (__BYTE_ORDER == __LITTLE_ENDIAN) ? bswap_64(datum64) : datum64; - datum = datum64; - } else { - if (fseek(pwp->ifp, sizeof(struct pi_header) + (thisblock * sizeof(uint32_t)), 0)) -@@ -477,6 +682,7 @@ GetPW(pwp, number) - perror("(index fread failed)"); - return NULL; - } -+ datum = (__BYTE_ORDER == __LITTLE_ENDIAN) ? bswap_32(datum) : datum; - } - - int r = 1; --- -1.8.4.2 - diff --git a/import-layers/yocto-poky/meta/recipes-extended/cracklib/cracklib/0002-craklib-fix-testnum-and-teststr-failed.patch b/import-layers/yocto-poky/meta/recipes-extended/cracklib/cracklib/0002-craklib-fix-testnum-and-teststr-failed.patch deleted file mode 100644 index 6210e8212..000000000 --- a/import-layers/yocto-poky/meta/recipes-extended/cracklib/cracklib/0002-craklib-fix-testnum-and-teststr-failed.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 06f9a88b5dd5597f9198ea0cb34f5e96f180e6e3 Mon Sep 17 00:00:00 2001 -From: Hongxu Jia <hongxu.jia@windriver.com> -Date: Sat, 27 Apr 2013 16:02:30 +0800 -Subject: [PATCH] craklib:fix testnum and teststr failed - -Error log: -... -$ ./testnum -(null).pwd.gz: No such file or directory -PWOpen: No such file or directory - -$ ./util/teststr -(null).pwd.gz: No such file or directory -PWOpen: No such file or directory -... -Set DEFAULT_CRACKLIB_DICT as the path of PWOpen - -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> -Upstream-Status: Pending ---- - util/testnum.c | 2 +- - util/teststr.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/util/testnum.c b/util/testnum.c -index ae2246d..ca210ff 100644 ---- a/util/testnum.c -+++ b/util/testnum.c -@@ -20,7 +20,7 @@ main () - PWDICT *pwp; - char buffer[STRINGSIZE]; - -- if (!(pwp = PWOpen (NULL, "r"))) -+ if (!(pwp = PWOpen (DEFAULT_CRACKLIB_DICT, "r"))) - { - perror ("PWOpen"); - return (-1); -diff --git a/util/teststr.c b/util/teststr.c -index 2a31fa4..9fb9cda 100644 ---- a/util/teststr.c -+++ b/util/teststr.c -@@ -15,7 +15,7 @@ main () - PWDICT *pwp; - char buffer[STRINGSIZE]; - -- if (!(pwp = PWOpen (NULL, "r"))) -+ if (!(pwp = PWOpen (DEFAULT_CRACKLIB_DICT, "r"))) - { - perror ("PWOpen"); - return (-1); --- -1.7.10.4 - diff --git a/import-layers/yocto-poky/meta/recipes-extended/cracklib/cracklib_2.9.5.bb b/import-layers/yocto-poky/meta/recipes-extended/cracklib/cracklib_2.9.5.bb deleted file mode 100644 index 82995219d..000000000 --- a/import-layers/yocto-poky/meta/recipes-extended/cracklib/cracklib_2.9.5.bb +++ /dev/null @@ -1,29 +0,0 @@ -SUMMARY = "Password strength checker library" -HOMEPAGE = "http://sourceforge.net/projects/cracklib" - -LICENSE = "LGPLv2.1+" -LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=e3eda01d9815f8d24aae2dbd89b68b06" - -DEPENDS = "cracklib-native zlib" - -EXTRA_OECONF = "--without-python --libdir=${base_libdir}" - -SRC_URI = "${SOURCEFORGE_MIRROR}/cracklib/cracklib-${PV}.tar.gz \ - file://0001-packlib.c-support-dictionary-byte-order-dependent.patch \ - file://0001-Apply-patch-to-fix-CVE-2016-6318.patch \ - file://0002-craklib-fix-testnum-and-teststr-failed.patch" - -SRC_URI[md5sum] = "376790a95c1fb645e59e6e9803c78582" -SRC_URI[sha256sum] = "59ab0138bc8cf90cccb8509b6969a024d5e58d2d02bcbdccbb9ba9b88be3fa33" - -UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/cracklib/files/cracklib/" -UPSTREAM_CHECK_REGEX = "/cracklib/(?P<pver>(\d+[\.\-_]*)+)/" - -inherit autotools gettext - -do_install_append_class-target() { - create-cracklib-dict -o ${D}${datadir}/cracklib/pw_dict ${D}${datadir}/cracklib/cracklib-small -} - -BBCLASSEXTEND = "native nativesdk" - |