[gentoo-commits] repo/gentoo:master commit in: sys-libs/cracklib/files/, sys-libs/cracklib/
commit: 27b7d30f1513c8aa741f0118ebd8af45984ea6c6
Author: Sam James gentoo org>
AuthorDate: Fri Mar 17 02:24:43 2023 +
Commit: Sam James gentoo org>
CommitDate: Fri Mar 17 02:24:58 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27b7d30f
sys-libs/cracklib: fix Python bindings
- Fix Python bindings build and clean it up to be more idiomatic
- Use PEP517 for Python build too
Closes: https://bugs.gentoo.org/901719
Signed-off-by: Sam James gentoo.org>
...lib-2.9.10.ebuild => cracklib-2.9.10-r1.ebuild} | 45 ++
.../files/cracklib-2.9.10-python-inc.patch | 20 ++
2 files changed, 48 insertions(+), 17 deletions(-)
diff --git a/sys-libs/cracklib/cracklib-2.9.10.ebuild
b/sys-libs/cracklib/cracklib-2.9.10-r1.ebuild
similarity index 74%
rename from sys-libs/cracklib/cracklib-2.9.10.ebuild
rename to sys-libs/cracklib/cracklib-2.9.10-r1.ebuild
index 71fddeb64779..0553dfd808a8 100644
--- a/sys-libs/cracklib/cracklib-2.9.10.ebuild
+++ b/sys-libs/cracklib/cracklib-2.9.10-r1.ebuild
@@ -6,6 +6,7 @@ EAPI=8
# Note: ideally bump with sys-apps/cracklib-words
DISTUTILS_OPTIONAL=1
+DISTUTILS_USE_PEP517=setuptools
PYTHON_COMPAT=( python3_{9..11} )
inherit distutils-r1 libtool multilib-minimal usr-ldscript
@@ -31,19 +32,14 @@ DEPEND="
"
BDEPEND="
nls? ( sys-devel/gettext )
- python? (
- dev-python/setuptools[${PYTHON_USEDEP}]
- )
+ python? ( ${DISTUTILS_DEPS} )
"
-do_python() {
- multilib_is_native_abi || return 0
- use python || return 0
+PATCHES=(
+ "${FILESDIR}"/${PN}-2.9.10-python-inc.patch
+)
- pushd python > /dev/null || die
- distutils-r1_src_${EBUILD_PHASE}
- popd > /dev/null || die
-}
+distutils_enable_tests unittest
pkg_setup() {
# Workaround bug #195017
@@ -57,10 +53,12 @@ pkg_setup() {
src_prepare() {
default
- # bug ##269003
+ # bug #269003
elibtoolize
- do_python
+ if use python ; then
+ distutils-r1_src_prepare
+ fi
}
multilib_src_configure() {
@@ -81,18 +79,28 @@ multilib_src_configure() {
multilib_src_compile() {
default
- do_python
+ if multilib_is_native_abi && use python ; then
+ local -x CFLAGS="${CFLAGS}
-DLOCALEDIR='\"${EPREFIX}/usr/share/locale\"'
-DDEFAULT_CRACKLIB_DICT=\'${EPREFIX}/usr/lib/cracklib_dict\'"
+ cd python || die
+ distutils-r1_src_compile
+ fi
}
multilib_src_test() {
default
- # Make sure we load the freshly built library
- LD_LIBRARY_PATH="${BUILD_DIR}/lib/.libs:${LD_LIBRARY_PATH}" do_python
+ if multilib_is_native_abi && use python ; then
+ distutils-r1_src_test
+ fi
}
python_test() {
- ${EPYTHON} -m unittest test_cracklib || die "Tests fail with ${EPYTHON}"
+ cd "${S}"/python || die
+
+ # Make sure we load the freshly built library
+ local -x
LD_LIBRARY_PATH="${BUILD_DIR/-${EPYTHON/./_}}/lib/.libs:${BUILD_DIR}/lib:${LD_LIBRARY_PATH}"
+
+ eunittest
}
multilib_src_install() {
@@ -101,7 +109,10 @@ multilib_src_install() {
# Move shared libs to /
gen_usr_ldscript -a crack
- do_python
+ if multilib_is_native_abi && use python ; then
+ cd python || die
+ distutils-r1_src_install
+ fi
}
multilib_src_install_all() {
diff --git a/sys-libs/cracklib/files/cracklib-2.9.10-python-inc.patch
b/sys-libs/cracklib/files/cracklib-2.9.10-python-inc.patch
new file mode 100644
index ..fd9960df0e8f
--- /dev/null
+++ b/sys-libs/cracklib/files/cracklib-2.9.10-python-inc.patch
@@ -0,0 +1,20 @@
+https://github.com/cracklib/cracklib/pull/61
+
+From 802cbc426779489d44d7fc19e695e7d962c65665 Mon Sep 17 00:00:00 2001
+From: Sam James
+Date: Fri, 17 Mar 2023 02:20:19 +
+Subject: [PATCH] python: adjust include path for builddir
+
+We need this for config.h added by 2e0f854bada720ff4fbd13aed4f87087d466274d.
+--- a/python/setup.py.in
b/python/setup.py.in
+@@ -22,7 +22,7 @@ from setuptools import setup, Extension
+ extensions = [
+ Extension("_cracklib",
+ ["@srcdir@/_cracklib.c"],
+-include_dirs = ["@top_srcdir@/lib"],
++include_dirs = ["@top_builddir@", "@top_srcdir@/lib"],
+ libraries = ["crack"],
+ library_dirs = ["@top_builddir@/lib/.libs"]),
+ ]
+
[gentoo-commits] repo/gentoo:master commit in: sys-libs/cracklib/files/, sys-libs/cracklib/
commit: aac5b4f4a65ce70854e77014fa096b7bd2d34e43
Author: Thomas Deutschmann gentoo org>
AuthorDate: Wed Sep 14 20:55:05 2016 +
Commit: Thomas Deutschmann gentoo org>
CommitDate: Wed Sep 14 20:57:44 2016 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aac5b4f4
sys-libs/cracklib: Revision bump to address CVE-2016-6318 and another buffer
overflow
Signed-off-by: Lars Wendler gentoo.org>
Gentoo-Bug: https://bugs.gentoo.org/591456
Package-Manager: portage-2.3.0
sys-libs/cracklib/cracklib-2.9.6-r1.ebuild | 108 +
.../files/cracklib-2.9.6-CVE-2016-6318.patch | 108 +
...acklib-2.9.6-fix-long-word-bufferoverflow.patch | 43
3 files changed, 259 insertions(+)
diff --git a/sys-libs/cracklib/cracklib-2.9.6-r1.ebuild
b/sys-libs/cracklib/cracklib-2.9.6-r1.ebuild
new file mode 100644
index ..3767e64
--- /dev/null
+++ b/sys-libs/cracklib/cracklib-2.9.6-r1.ebuild
@@ -0,0 +1,108 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI="5"
+PYTHON_COMPAT=( python2_7 )
+DISTUTILS_OPTIONAL=1
+
+inherit eutils distutils-r1 libtool multilib-minimal toolchain-funcs
+
+MY_P=${P/_}
+DESCRIPTION="Password Checking Library"
+HOMEPAGE="https://github.com/cracklib/cracklib/";
+SRC_URI="https://github.com/${PN}/${PN}/releases/download/${P}/${P}.tar.gz";
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390
~sh ~sparc ~x86 ~x86-fbsd ~x86-interix ~amd64-linux ~ia64-linux ~x86-linux
~ppc-macos ~x86-macos ~m68k-mint"
+IUSE="nls python static-libs test zlib"
+
+RDEPEND="zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+ python? (
+ dev-python/setuptools[${PYTHON_USEDEP}]
+ test? ( dev-python/nose[${PYTHON_USEDEP}] )
+ )"
+RDEPEND="${RDEPEND}
+ abi_x86_32? (
+ !<=app-emulation/emul-linux-x86-baselibs-20140508-r6
+ !app-emulation/emul-linux-x86-baselibs[-abi_x86_32(-)]
+ )"
+
+S=${WORKDIR}/${MY_P}
+
+do_python() {
+ multilib_is_native_abi || return 0
+ use python || return 0
+ pushd python > /dev/null || die
+ distutils-r1_src_${EBUILD_PHASE}
+ popd > /dev/null
+}
+
+pkg_setup() {
+ # workaround #195017
+ if has unmerge-orphans ${FEATURES} && has_version
"<${CATEGORY}/${PN}-2.8.10" ; then
+ eerror "Upgrade path is broken with FEATURES=unmerge-orphans"
+ eerror "Please run: FEATURES=-unmerge-orphans emerge cracklib"
+ die "Please run: FEATURES=-unmerge-orphans emerge cracklib"
+ fi
+}
+
+src_prepare() {
+ epatch "${FILESDIR}"/cracklib-2.9.6-CVE-2016-6318.patch
+ epatch "${FILESDIR}"/cracklib-2.9.6-fix-long-word-bufferoverflow.patch
+
+ elibtoolize #269003
+ do_python
+}
+
+multilib_src_configure() {
+ export ac_cv_header_zlib_h=$(usex zlib)
+ export ac_cv_search_gzopen=$(usex zlib -lz no)
+ # use /usr/lib so that the dictionary is shared between ABIs
+ ECONF_SOURCE=${S} \
+ econf \
+ --with-default-dict='/usr/lib/cracklib_dict' \
+ --without-python \
+ $(use_enable nls) \
+ $(use_enable static-libs static)
+}
+
+multilib_src_compile() {
+ default
+ do_python
+}
+
+multilib_src_test() {
+ do_python
+}
+
+python_test() {
+ nosetests -w "${S}"/python || die "Tests fail with ${EPYTHON}"
+}
+
+multilib_src_install() {
+ default
+ # move shared libs to /
+ gen_usr_ldscript -a crack
+
+ do_python
+}
+
+multilib_src_install_all() {
+ einstalldocs
+ prune_libtool_files
+ rm -r "${ED}"/usr/share/cracklib
+
+ insinto /usr/share/dict
+ doins dicts/cracklib-small || die
+}
+
+pkg_postinst() {
+ if [[ ${ROOT} == "/" ]] ; then
+ ebegin "Regenerating cracklib dictionary"
+ create-cracklib-dict "${EPREFIX}"/usr/share/dict/* > /dev/null
+ eend $?
+ fi
+}
diff --git a/sys-libs/cracklib/files/cracklib-2.9.6-CVE-2016-6318.patch
b/sys-libs/cracklib/files/cracklib-2.9.6-CVE-2016-6318.patch
new file mode 100644
index ..bc47734
--- /dev/null
+++ b/sys-libs/cracklib/files/cracklib-2.9.6-CVE-2016-6318.patch
@@ -0,0 +1,108 @@
+From 47e5dec521ab6243c9b249dd65b93d232d90d6b1 Mon Sep 17 00:00:00 2001
+From: Jan Dittberner
+Date: Thu, 25 Aug 2016 17:13:49 +0200
+Subject: [PATCH] Apply patch to fix CVE-2016-6318
+
+This patch fixes an issue with a stack-based buffer overflow whne
+parsing large GECOS field. See
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 and
+https://security-tracker.debian.org/tracker/CVE-2016-6318 for more
+information.
+---
+ src/NEWS | 1 +
+ src/lib/fascist.c | 57 ---
+ 2 files changed,
