diff options
Diffstat (limited to 'source/n/yptools')
-rw-r--r-- | source/n/yptools/yp-tools-2.12.tar.bz2.sign | 8 | ||||
-rw-r--r-- | source/n/yptools/yp-tools-2.14-glibc217-crypt.diff | 86 | ||||
-rw-r--r-- | source/n/yptools/ypbind-mt-1.32.tar.sign | 8 | ||||
-rw-r--r-- | source/n/yptools/ypserv-2.24.tar.sign | 8 | ||||
-rwxr-xr-x | source/n/yptools/yptools.SlackBuild | 11 |
5 files changed, 92 insertions, 29 deletions
diff --git a/source/n/yptools/yp-tools-2.12.tar.bz2.sign b/source/n/yptools/yp-tools-2.12.tar.bz2.sign deleted file mode 100644 index a06fde67..00000000 --- a/source/n/yptools/yp-tools-2.12.tar.bz2.sign +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.9 (GNU/Linux) -Comment: See http://www.kernel.org/signature.html for info - -iD8DBQBLzsykyGugalF9Dw4RAtmgAJ4sG0TJzmNkAz7Z+JJFfOjvGlbTGACgir1a -+uaNv6XQNH7Vu+Saqy/OsL8= -=EcSX ------END PGP SIGNATURE----- diff --git a/source/n/yptools/yp-tools-2.14-glibc217-crypt.diff b/source/n/yptools/yp-tools-2.14-glibc217-crypt.diff new file mode 100644 index 00000000..cce3ad44 --- /dev/null +++ b/source/n/yptools/yp-tools-2.14-glibc217-crypt.diff @@ -0,0 +1,86 @@ +Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL +(w/ NULL return) if the salt violates specifications. Additionally, +on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords +passed to crypt() fail with EPERM (w/ NULL return). + +If using glibc's crypt(), check return value to avoid a possible +NULL pointer dereference. + +Author: mancha + +==== + +--- yp-tools-2.14/src/yppasswd.c.orig 2010-04-21 ++++ yp-tools-2.14/src/yppasswd.c 2013-05-22 +@@ -423,6 +423,7 @@ static int /* return values: 0 = not ok, + verifypassword (struct passwd *pwd, char *pwdstr, uid_t uid) + { + char *p, *q; ++ char *crypted_pass; + int ucase, lcase, other, r; + int passwdlen; + +@@ -448,12 +449,19 @@ verifypassword (struct passwd *pwd, char + } + + passwdlen = get_passwd_len (pwd->pw_passwd); +- if (pwd->pw_passwd[0] +- && !strncmp (pwd->pw_passwd, crypt (pwdstr, pwd->pw_passwd), passwdlen) +- && uid) ++ if (pwd->pw_passwd[0] && uid) + { +- fputs (_("You cannot reuse the old password.\n"), stderr); +- return 0; ++ crypted_pass = crypt (pwdstr, pwd->pw_passwd); ++ if (crypted_pass == NULL) ++ { ++ fputs (_("crypt() call failed.\n"), stderr); ++ return 0; ++ } ++ if (!strncmp (pwd->pw_passwd, crypted_pass, passwdlen)) ++ { ++ fputs (_("You cannot reuse the old password.\n"), stderr); ++ return 0; ++ } + } + + r = 0; +@@ -517,6 +525,7 @@ int + main (int argc, char **argv) + { + char *s, *progname, *domainname = NULL, *user = NULL, *master = NULL; ++ char *crypted_pass; + int f_flag = 0, l_flag = 0, p_flag = 0, error, status; + int hash_id = DES; + char rounds[11] = "\0"; /* max length is '999999999$' */ +@@ -738,7 +747,13 @@ main (int argc, char **argv) + char *sane_passwd = alloca (passwdlen + 1); + strncpy (sane_passwd, pwd->pw_passwd, passwdlen); + sane_passwd[passwdlen] = 0; +- if (strcmp (crypt (s, sane_passwd), sane_passwd)) ++ crypted_pass = crypt (s, sane_passwd); ++ if (crypted_pass == NULL) ++ { ++ fprintf (stderr, _("crypt() call failed.\n")); ++ return 1; ++ } ++ if (strcmp (crypted_pass, sane_passwd)) + { + fprintf (stderr, _("Sorry.\n")); + return 1; +@@ -833,7 +848,14 @@ main (int argc, char **argv) + break; + } + +- yppwd.newpw.pw_passwd = strdup (crypt (buf, salt)); ++ crypted_pass = crypt (buf, salt); ++ if (crypted_pass == NULL); ++ { ++ printf (_("crypt() call failed - password unchanged.\n")); ++ return 1; ++ } ++ ++ yppwd.newpw.pw_passwd = strdup (crypted_pass); + } + + if (f_flag) diff --git a/source/n/yptools/ypbind-mt-1.32.tar.sign b/source/n/yptools/ypbind-mt-1.32.tar.sign deleted file mode 100644 index 4db7167e..00000000 --- a/source/n/yptools/ypbind-mt-1.32.tar.sign +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.9 (GNU/Linux) -Comment: See http://www.kernel.org/signature.html for info - -iD8DBQBMNHqQyGugalF9Dw4RAiHyAKCMjVXlCljwufPauK/O88jDzHZzsQCePyhN -lqHDK8Fw5zaXPE4744ydtXY= -=JpZO ------END PGP SIGNATURE----- diff --git a/source/n/yptools/ypserv-2.24.tar.sign b/source/n/yptools/ypserv-2.24.tar.sign deleted file mode 100644 index 061f0978..00000000 --- a/source/n/yptools/ypserv-2.24.tar.sign +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.9 (GNU/Linux) -Comment: See http://www.kernel.org/signature.html for info - -iD8DBQBMnHqzyGugalF9Dw4RAtUtAJ4gowJGR0cUlcNEhtLR1EOs6BDvcgCfRu0r -yTGYZzi5YnUQctBC1d9qgs0= -=r3GH ------END PGP SIGNATURE----- diff --git a/source/n/yptools/yptools.SlackBuild b/source/n/yptools/yptools.SlackBuild index 42d96a30..7baeeb61 100755 --- a/source/n/yptools/yptools.SlackBuild +++ b/source/n/yptools/yptools.SlackBuild @@ -1,6 +1,6 @@ #!/bin/sh -# Copyright 2008, 2009, 2010, 2011, 2012 Patrick J. Volkerding, Sebeka, MN, USA +# Copyright 2008, 2009, 2010, 2011, 2012, 2013 Patrick J. Volkerding, Sebeka, MN, USA # All rights reserved. # # Redistribution and use of this script, with or without modification, is @@ -22,13 +22,13 @@ # Package version number: -VERSION=2.12 -BUILD=${BUILD:-3} +VERSION=2.14 +BUILD=${BUILD:-2} YPTOOLS=$VERSION -YPBINDMT=1.32 +YPBINDMT=1.37.1 #YPMAKE=0.11 -YPSERV=2.24 +YPSERV=2.31 # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then @@ -70,6 +70,7 @@ zcat $CWD/nsswitch.conf-nis.gz > $PKG/etc/nsswitch.conf-nis.new rm -rf yp-tools-$YPTOOLS tar xvf $CWD/yp-tools-$YPTOOLS.tar.bz2 || exit 1 cd yp-tools-$YPTOOLS || exit 1 +zcat $CWD/yp-tools-2.14-glibc217-crypt.diff.gz | patch -p1 --verbose || exit 1 ./configure \ --prefix=/usr \ --libdir=/usr/lib${LIBDIRSUFFIX} \ |