[gentoo-commits] repo/gentoo:master commit in: sys-libs/cracklib/files/, sys-libs/cracklib/
commit: 27b7d30f1513c8aa741f0118ebd8af45984ea6c6 Author: Sam James gentoo org> AuthorDate: Fri Mar 17 02:24:43 2023 + Commit: Sam James gentoo org> CommitDate: Fri Mar 17 02:24:58 2023 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27b7d30f sys-libs/cracklib: fix Python bindings - Fix Python bindings build and clean it up to be more idiomatic - Use PEP517 for Python build too Closes: https://bugs.gentoo.org/901719 Signed-off-by: Sam James gentoo.org> ...lib-2.9.10.ebuild => cracklib-2.9.10-r1.ebuild} | 45 ++ .../files/cracklib-2.9.10-python-inc.patch | 20 ++ 2 files changed, 48 insertions(+), 17 deletions(-) diff --git a/sys-libs/cracklib/cracklib-2.9.10.ebuild b/sys-libs/cracklib/cracklib-2.9.10-r1.ebuild similarity index 74% rename from sys-libs/cracklib/cracklib-2.9.10.ebuild rename to sys-libs/cracklib/cracklib-2.9.10-r1.ebuild index 71fddeb64779..0553dfd808a8 100644 --- a/sys-libs/cracklib/cracklib-2.9.10.ebuild +++ b/sys-libs/cracklib/cracklib-2.9.10-r1.ebuild @@ -6,6 +6,7 @@ EAPI=8 # Note: ideally bump with sys-apps/cracklib-words DISTUTILS_OPTIONAL=1 +DISTUTILS_USE_PEP517=setuptools PYTHON_COMPAT=( python3_{9..11} ) inherit distutils-r1 libtool multilib-minimal usr-ldscript @@ -31,19 +32,14 @@ DEPEND=" " BDEPEND=" nls? ( sys-devel/gettext ) - python? ( - dev-python/setuptools[${PYTHON_USEDEP}] - ) + python? ( ${DISTUTILS_DEPS} ) " -do_python() { - multilib_is_native_abi || return 0 - use python || return 0 +PATCHES=( + "${FILESDIR}"/${PN}-2.9.10-python-inc.patch +) - pushd python > /dev/null || die - distutils-r1_src_${EBUILD_PHASE} - popd > /dev/null || die -} +distutils_enable_tests unittest pkg_setup() { # Workaround bug #195017 @@ -57,10 +53,12 @@ pkg_setup() { src_prepare() { default - # bug ##269003 + # bug #269003 elibtoolize - do_python + if use python ; then + distutils-r1_src_prepare + fi } multilib_src_configure() { @@ -81,18 +79,28 @@ multilib_src_configure() { multilib_src_compile() { default - do_python + if multilib_is_native_abi && use python ; then + local -x CFLAGS="${CFLAGS} -DLOCALEDIR='\"${EPREFIX}/usr/share/locale\"' -DDEFAULT_CRACKLIB_DICT=\'${EPREFIX}/usr/lib/cracklib_dict\'" + cd python || die + distutils-r1_src_compile + fi } multilib_src_test() { default - # Make sure we load the freshly built library - LD_LIBRARY_PATH="${BUILD_DIR}/lib/.libs:${LD_LIBRARY_PATH}" do_python + if multilib_is_native_abi && use python ; then + distutils-r1_src_test + fi } python_test() { - ${EPYTHON} -m unittest test_cracklib || die "Tests fail with ${EPYTHON}" + cd "${S}"/python || die + + # Make sure we load the freshly built library + local -x LD_LIBRARY_PATH="${BUILD_DIR/-${EPYTHON/./_}}/lib/.libs:${BUILD_DIR}/lib:${LD_LIBRARY_PATH}" + + eunittest } multilib_src_install() { @@ -101,7 +109,10 @@ multilib_src_install() { # Move shared libs to / gen_usr_ldscript -a crack - do_python + if multilib_is_native_abi && use python ; then + cd python || die + distutils-r1_src_install + fi } multilib_src_install_all() { diff --git a/sys-libs/cracklib/files/cracklib-2.9.10-python-inc.patch b/sys-libs/cracklib/files/cracklib-2.9.10-python-inc.patch new file mode 100644 index ..fd9960df0e8f --- /dev/null +++ b/sys-libs/cracklib/files/cracklib-2.9.10-python-inc.patch @@ -0,0 +1,20 @@ +https://github.com/cracklib/cracklib/pull/61 + +From 802cbc426779489d44d7fc19e695e7d962c65665 Mon Sep 17 00:00:00 2001 +From: Sam James +Date: Fri, 17 Mar 2023 02:20:19 + +Subject: [PATCH] python: adjust include path for builddir + +We need this for config.h added by 2e0f854bada720ff4fbd13aed4f87087d466274d. +--- a/python/setup.py.in b/python/setup.py.in +@@ -22,7 +22,7 @@ from setuptools import setup, Extension + extensions = [ + Extension("_cracklib", + ["@srcdir@/_cracklib.c"], +-include_dirs = ["@top_srcdir@/lib"], ++include_dirs = ["@top_builddir@", "@top_srcdir@/lib"], + libraries = ["crack"], + library_dirs = ["@top_builddir@/lib/.libs"]), + ] +
[gentoo-commits] repo/gentoo:master commit in: sys-libs/cracklib/files/, sys-libs/cracklib/
commit: aac5b4f4a65ce70854e77014fa096b7bd2d34e43 Author: Thomas Deutschmann gentoo org> AuthorDate: Wed Sep 14 20:55:05 2016 + Commit: Thomas Deutschmann gentoo org> CommitDate: Wed Sep 14 20:57:44 2016 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aac5b4f4 sys-libs/cracklib: Revision bump to address CVE-2016-6318 and another buffer overflow Signed-off-by: Lars Wendler gentoo.org> Gentoo-Bug: https://bugs.gentoo.org/591456 Package-Manager: portage-2.3.0 sys-libs/cracklib/cracklib-2.9.6-r1.ebuild | 108 + .../files/cracklib-2.9.6-CVE-2016-6318.patch | 108 + ...acklib-2.9.6-fix-long-word-bufferoverflow.patch | 43 3 files changed, 259 insertions(+) diff --git a/sys-libs/cracklib/cracklib-2.9.6-r1.ebuild b/sys-libs/cracklib/cracklib-2.9.6-r1.ebuild new file mode 100644 index ..3767e64 --- /dev/null +++ b/sys-libs/cracklib/cracklib-2.9.6-r1.ebuild @@ -0,0 +1,108 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI="5" +PYTHON_COMPAT=( python2_7 ) +DISTUTILS_OPTIONAL=1 + +inherit eutils distutils-r1 libtool multilib-minimal toolchain-funcs + +MY_P=${P/_} +DESCRIPTION="Password Checking Library" +HOMEPAGE="https://github.com/cracklib/cracklib/"; +SRC_URI="https://github.com/${PN}/${PN}/releases/download/${P}/${P}.tar.gz"; + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd ~x86-interix ~amd64-linux ~ia64-linux ~x86-linux ~ppc-macos ~x86-macos ~m68k-mint" +IUSE="nls python static-libs test zlib" + +RDEPEND="zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )" +DEPEND="${RDEPEND} + python? ( + dev-python/setuptools[${PYTHON_USEDEP}] + test? ( dev-python/nose[${PYTHON_USEDEP}] ) + )" +RDEPEND="${RDEPEND} + abi_x86_32? ( + !<=app-emulation/emul-linux-x86-baselibs-20140508-r6 + !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)] + )" + +S=${WORKDIR}/${MY_P} + +do_python() { + multilib_is_native_abi || return 0 + use python || return 0 + pushd python > /dev/null || die + distutils-r1_src_${EBUILD_PHASE} + popd > /dev/null +} + +pkg_setup() { + # workaround #195017 + if has unmerge-orphans ${FEATURES} && has_version "<${CATEGORY}/${PN}-2.8.10" ; then + eerror "Upgrade path is broken with FEATURES=unmerge-orphans" + eerror "Please run: FEATURES=-unmerge-orphans emerge cracklib" + die "Please run: FEATURES=-unmerge-orphans emerge cracklib" + fi +} + +src_prepare() { + epatch "${FILESDIR}"/cracklib-2.9.6-CVE-2016-6318.patch + epatch "${FILESDIR}"/cracklib-2.9.6-fix-long-word-bufferoverflow.patch + + elibtoolize #269003 + do_python +} + +multilib_src_configure() { + export ac_cv_header_zlib_h=$(usex zlib) + export ac_cv_search_gzopen=$(usex zlib -lz no) + # use /usr/lib so that the dictionary is shared between ABIs + ECONF_SOURCE=${S} \ + econf \ + --with-default-dict='/usr/lib/cracklib_dict' \ + --without-python \ + $(use_enable nls) \ + $(use_enable static-libs static) +} + +multilib_src_compile() { + default + do_python +} + +multilib_src_test() { + do_python +} + +python_test() { + nosetests -w "${S}"/python || die "Tests fail with ${EPYTHON}" +} + +multilib_src_install() { + default + # move shared libs to / + gen_usr_ldscript -a crack + + do_python +} + +multilib_src_install_all() { + einstalldocs + prune_libtool_files + rm -r "${ED}"/usr/share/cracklib + + insinto /usr/share/dict + doins dicts/cracklib-small || die +} + +pkg_postinst() { + if [[ ${ROOT} == "/" ]] ; then + ebegin "Regenerating cracklib dictionary" + create-cracklib-dict "${EPREFIX}"/usr/share/dict/* > /dev/null + eend $? + fi +} diff --git a/sys-libs/cracklib/files/cracklib-2.9.6-CVE-2016-6318.patch b/sys-libs/cracklib/files/cracklib-2.9.6-CVE-2016-6318.patch new file mode 100644 index ..bc47734 --- /dev/null +++ b/sys-libs/cracklib/files/cracklib-2.9.6-CVE-2016-6318.patch @@ -0,0 +1,108 @@ +From 47e5dec521ab6243c9b249dd65b93d232d90d6b1 Mon Sep 17 00:00:00 2001 +From: Jan Dittberner +Date: Thu, 25 Aug 2016 17:13:49 +0200 +Subject: [PATCH] Apply patch to fix CVE-2016-6318 + +This patch fixes an issue with a stack-based buffer overflow whne +parsing large GECOS field. See +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 and +https://security-tracker.debian.org/tracker/CVE-2016-6318 for more +information. +--- + src/NEWS | 1 + + src/lib/fascist.c | 57 --- + 2 files changed,