[OE-core] [PATCH 29/33] cracklib: update 2.9.5 -> 2.9.7

[Alexander Kanavin]

Signed-off-by: Alexander Kanavin <a...@linutronix.de>
---
 ...001-Apply-patch-to-fix-CVE-2016-6318.patch | 105 ------------------
 ...port-dictionary-byte-order-dependent.patch |  12 +-
 ...aklib-fix-testnum-and-teststr-failed.patch |  10 +-
 .../{cracklib_2.9.5.bb => cracklib_2.9.7.bb}  |  17 +--
 4 files changed, 21 insertions(+), 123 deletions(-)
 delete mode 100644 
meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch
 rename meta/recipes-extended/cracklib/{cracklib_2.9.5.bb => cracklib_2.9.7.bb} 
(61%)

diff --git 
a/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch
 
b/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch
deleted file mode 100644
index b251ac9056..0000000000
--- 
a/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch
+++ /dev/null
@@ -1,105 +0,0 @@
-From 47e5dec521ab6243c9b249dd65b93d232d90d6b1 Mon Sep 17 00:00:00 2001
-From: Jan Dittberner <j...@dittberner.info>
-Date: Thu, 25 Aug 2016 17:13:49 +0200
-Subject: [PATCH] Apply patch to fix CVE-2016-6318
-
-This patch fixes an issue with a stack-based buffer overflow when
-parsing large GECOS field. See
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 and
-https://security-tracker.debian.org/tracker/CVE-2016-6318 for more
-information.
-
-Upstream-Status: Backport 
[https://github.com/cracklib/cracklib/commit/47e5dec521ab6243c9b249dd65b93d232d90d6b1]
-CVE: CVE-2016-6318
-Signed-off-by: Dengke Du <dengke...@windriver.com>
----
- lib/fascist.c | 57 ++++++++++++++++++++++++++++++++-----------------------
- 1 file changed, 33 insertions(+), 24 deletions(-)
-
-diff --git a/lib/fascist.c b/lib/fascist.c
-index a996509..d4deb15 100644
---- a/lib/fascist.c
-+++ b/lib/fascist.c
-@@ -502,7 +502,7 @@ FascistGecosUser(char *password, const char *user, const 
char *gecos)
-     char gbuffer[STRINGSIZE];
-     char tbuffer[STRINGSIZE];
-     char *uwords[STRINGSIZE];
--    char longbuffer[STRINGSIZE * 2];
-+    char longbuffer[STRINGSIZE];
- 
-     if (gecos == NULL)
-       gecos = "";
-@@ -583,38 +583,47 @@ FascistGecosUser(char *password, const char *user, const 
char *gecos)
-     {
-       for (i = 0; i < j; i++)
-       {
--          strcpy(longbuffer, uwords[i]);
--          strcat(longbuffer, uwords[j]);
--
--          if (GTry(longbuffer, password))
-+          if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE)
-           {
--              return _("it is derived from your password entry");
--          }
-+              strcpy(longbuffer, uwords[i]);
-+              strcat(longbuffer, uwords[j]);
- 
--          strcpy(longbuffer, uwords[j]);
--          strcat(longbuffer, uwords[i]);
-+              if (GTry(longbuffer, password))
-+              {
-+                  return _("it is derived from your password entry");
-+              }
- 
--          if (GTry(longbuffer, password))
--          {
--              return _("it's derived from your password entry");
--          }
-+              strcpy(longbuffer, uwords[j]);
-+              strcat(longbuffer, uwords[i]);
- 
--          longbuffer[0] = uwords[i][0];
--          longbuffer[1] = '\0';
--          strcat(longbuffer, uwords[j]);
-+              if (GTry(longbuffer, password))
-+              {
-+                 return _("it's derived from your password entry");
-+              }
-+          }
- 
--          if (GTry(longbuffer, password))
-+          if (strlen(uwords[j]) < STRINGSIZE - 1)
-           {
--              return _("it is derivable from your password entry");
-+              longbuffer[0] = uwords[i][0];
-+              longbuffer[1] = '\0';
-+              strcat(longbuffer, uwords[j]);
-+
-+              if (GTry(longbuffer, password))
-+              {
-+                  return _("it is derivable from your password entry");
-+              }
-           }
- 
--          longbuffer[0] = uwords[j][0];
--          longbuffer[1] = '\0';
--          strcat(longbuffer, uwords[i]);
--
--          if (GTry(longbuffer, password))
-+          if (strlen(uwords[i]) < STRINGSIZE - 1)
-           {
--              return _("it's derivable from your password entry");
-+              longbuffer[0] = uwords[j][0];
-+              longbuffer[1] = '\0';
-+              strcat(longbuffer, uwords[i]);
-+
-+              if (GTry(longbuffer, password))
-+              {
-+                  return _("it's derivable from your password entry");
-+              }
-           }
-       }
-     }
--- 
-2.8.1
-
diff --git 
a/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch
 
b/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch
index adbe7dfff4..082933e471 100644
--- 
a/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch
+++ 
b/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch
@@ -1,7 +1,7 @@
-From 8a6e43726ad0ae41bd1cc2c248d91deb31459357 Mon Sep 17 00:00:00 2001
+From aae03b7e626d5f62ab929d51d11352a5a2ff6b2d Mon Sep 17 00:00:00 2001
 From: Lei Maohui <leimao...@cn.fujitsu.com>
 Date: Tue, 9 Jun 2015 11:11:48 +0900
-Subject: [PATCH] packlib.c: support dictionary byte order dependent
+Subject: [PATCH 1/2] packlib.c: support dictionary byte order dependent
 
 The previous dict files are NOT byte-order independent, in fact they are
 probably ARCHITECTURE SPECIFIC.
@@ -22,11 +22,11 @@ Signed-off-by: Mark Hatle <mark.ha...@windriver.com>
 
 Signed-off-by: Lei Maohui <leimao...@cn.fujitsu.com>
 ---
- lib/packlib.c | 214 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
+ lib/packlib.c | 214 +++++++++++++++++++++++++++++++++++++++++++++-
  1 file changed, 210 insertions(+), 4 deletions(-)
 
 diff --git a/lib/packlib.c b/lib/packlib.c
-index f851424..3aac805 100644
+index 8acb7be..a9d8750 100644
 --- a/lib/packlib.c
 +++ b/lib/packlib.c
 @@ -16,6 +16,12 @@
@@ -317,7 +317,7 @@ index f851424..3aac805 100644
 +      fwrite((char *) &tmpdatum, sizeof(tmpdatum), 1, pwp->ifp);
  
        fputs(pwp->data_put[0], pwp->dfp);
-       putc(0, pwp->dfp);
+       putc(0, (FILE*) pwp->dfp);
 @@ -464,6 +668,7 @@ GetPW(pwp, number)
             perror("(index fread failed)");
             return NULL;
@@ -335,5 +335,5 @@ index f851424..3aac805 100644
  
        int r = 1;
 -- 
-1.8.4.2
+2.20.1
 
diff --git 
a/meta/recipes-extended/cracklib/cracklib/0002-craklib-fix-testnum-and-teststr-failed.patch
 
b/meta/recipes-extended/cracklib/cracklib/0002-craklib-fix-testnum-and-teststr-failed.patch
index 6210e82121..27a4fcbec2 100644
--- 
a/meta/recipes-extended/cracklib/cracklib/0002-craklib-fix-testnum-and-teststr-failed.patch
+++ 
b/meta/recipes-extended/cracklib/cracklib/0002-craklib-fix-testnum-and-teststr-failed.patch
@@ -1,7 +1,7 @@
-From 06f9a88b5dd5597f9198ea0cb34f5e96f180e6e3 Mon Sep 17 00:00:00 2001
+From 7250328d7f77069726603ef7132826c9260d3c92 Mon Sep 17 00:00:00 2001
 From: Hongxu Jia <hongxu....@windriver.com>
 Date: Sat, 27 Apr 2013 16:02:30 +0800
-Subject: [PATCH] craklib:fix testnum and teststr failed
+Subject: [PATCH 2/2] craklib:fix testnum and teststr failed
 
 Error log:
 ...
@@ -18,8 +18,8 @@ Set DEFAULT_CRACKLIB_DICT as the path of  PWOpen
 Signed-off-by: Hongxu Jia <hongxu....@windriver.com>
 Upstream-Status: Pending
 ---
- util/testnum.c |    2 +-
- util/teststr.c |    2 +-
+ util/testnum.c | 2 +-
+ util/teststr.c | 2 +-
  2 files changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/util/testnum.c b/util/testnum.c
@@ -49,5 +49,5 @@ index 2a31fa4..9fb9cda 100644
        perror ("PWOpen");
        return (-1);
 -- 
-1.7.10.4
+2.20.1
 
diff --git a/meta/recipes-extended/cracklib/cracklib_2.9.5.bb 
b/meta/recipes-extended/cracklib/cracklib_2.9.7.bb
similarity index 61%
rename from meta/recipes-extended/cracklib/cracklib_2.9.5.bb
rename to meta/recipes-extended/cracklib/cracklib_2.9.7.bb
index c2677184b4..2537962336 100644
--- a/meta/recipes-extended/cracklib/cracklib_2.9.5.bb
+++ b/meta/recipes-extended/cracklib/cracklib_2.9.7.bb
@@ -9,19 +9,22 @@ DEPENDS = "cracklib-native zlib"
 
 EXTRA_OECONF = "--without-python --libdir=${base_libdir}"
 
-SRC_URI = "${SOURCEFORGE_MIRROR}/cracklib/cracklib-${PV}.tar.gz \
+SRC_URI = "git://github.com/cracklib/cracklib;protocol=https;branch=master \
            file://0001-packlib.c-support-dictionary-byte-order-dependent.patch 
\
-           file://0001-Apply-patch-to-fix-CVE-2016-6318.patch \
            file://0002-craklib-fix-testnum-and-teststr-failed.patch"
 
-SRC_URI[md5sum] = "376790a95c1fb645e59e6e9803c78582"
-SRC_URI[sha256sum] = 
"59ab0138bc8cf90cccb8509b6969a024d5e58d2d02bcbdccbb9ba9b88be3fa33"
-
-UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/cracklib/files/cracklib/";
-UPSTREAM_CHECK_REGEX = "/cracklib/(?P<pver>(\d+[\.\-_]*)+)/"
+SRCREV = "f83934cf3cced0c9600c7d81332f4169f122a2cf"
+S = "${WORKDIR}/git/src"
 
 inherit autotools gettext
 
+# This is custom stuff from upstream's autogen.sh
+do_configure:prepend() {
+    mkdir -p ${S}/m4
+    echo EXTRA_DIST = *.m4 > ${S}/m4/Makefile.am
+    touch ${S}/ABOUT-NLS
+}
+
 do_install:append:class-target() {
        create-cracklib-dict -o ${D}${datadir}/cracklib/pw_dict 
${D}${datadir}/cracklib/cracklib-small
 }
-- 
2.20.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#157767): 
https://lists.openembedded.org/g/openembedded-core/message/157767
Mute This Topic: https://lists.openembedded.org/mt/86761740/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-