packages/libpwquality
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!2 update libpwquality to 1.4.2

Browse Source 
Merge pull request !2 from Hugel/master
This commit is contained in:
openeuler-ci-bot 2020-07-24 14:08:04 +08:00 committed by Gitee
commit 99d4701cc6
5 changed files with 11 additions and 124 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
0001-Fix-harmless-one-byte-buffer-underflow-on-read.patch
View File

@ -1,46 +0,0 @@
From 9d6140b4c37f39cdd0c1947adf07dc5ca1762055 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Tue, 26 Mar 2019 10:12:09 +0100
Subject: [PATCH 1/2] Fix harmless one byte buffer underflow on read
When settings file has comments spanning a whole line there
is harmless one byte read before the line buffer.
Thanks Emiel Bruijntjes for finding the issue.
---
src/settings.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/settings.c b/src/settings.c
index 4f11537..922a55d 100644
--- a/src/settings.c
+++ b/src/settings.c
@@ -134,7 +134,8 @@ read_config_file(pwquality_settings_t *pwq, const char *cfgfile, void **auxerror
int eq;
len = strlen(linebuf);
- if (linebuf[len - 1] != '\n' && !feof(f)) {
+ /* len cannot be 0 unless there is a bug in fgets */
+ if (len && linebuf[len - 1] != '\n' && !feof(f)) {
(void) fclose(f);
return PWQ_ERROR_CFGFILE_MALFORMED;
}
@@ -146,13 +147,13 @@ read_config_file(pwquality_settings_t *pwq, const char *cfgfile, void **auxerror
}
/* drop terminating whitespace including the \n */
- do {
+ while (ptr > linebuf) {
if (!isspace(*(ptr-1))) {
*ptr = '\0';
break;
}
--ptr;
- } while (ptr > linebuf);
+ }
/* skip initial whitespace */
for (ptr = linebuf; isspace(*ptr); ptr++);
--
1.8.3.1

69
0006-pam_pwquality-Abort-the-retry-loop-when-user-cancels.patch
View File

@ -1,69 +0,0 @@
From bddd1dfe5a13e39e04ed1593cba4263dfd528fad Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Thu, 17 May 2018 15:32:16 +0200
Subject: [PATCH 06/11] pam_pwquality: Abort the retry loop when user cancels
prompt
The retry loop must be aborted for any pam_get_authtok() error
except for PAM_TRY_AGAIN.
Fixes: #7
---
src/pam_pwquality.c | 26 +++++++++++++++-----------
1 file changed, 15 insertions(+), 11 deletions(-)
diff --git a/src/pam_pwquality.c b/src/pam_pwquality.c
index dd72380..9c9849d 100644
--- a/src/pam_pwquality.c
+++ b/src/pam_pwquality.c
@@ -209,11 +209,12 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
*/
retval = pam_get_authtok_noverify(pamh, &newtoken, NULL);
- if (retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_ERR, "pam_get_authtok_noverify returned error: %s",
- pam_strerror(pamh, retval));
- continue;
- } else if (newtoken == NULL) { /* user aborted password change, quit */
+ if (retval != PAM_SUCCESS || newtoken == NULL) {
+ if (retval == PAM_AUTHTOK_ERR || newtoken == NULL)
+ pam_syslog(pamh, LOG_INFO, "user aborted password change");
+ else
+ pam_syslog(pamh, LOG_ERR, "pam_get_authtok_noverify returned error: %s",
+ pam_strerror(pamh, retval));
pwquality_free_settings(options.pwq);
return PAM_AUTHTOK_ERR;
}
@@ -248,12 +249,15 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
}
retval = pam_get_authtok_verify(pamh, &newtoken, NULL);
- if (retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_ERR, "pam_get_authtok_verify returned error: %s",
- pam_strerror(pamh, retval));
+ if (retval != PAM_SUCCESS || newtoken == NULL) {
pam_set_item(pamh, PAM_AUTHTOK, NULL);
- continue;
- } else if (newtoken == NULL) { /* user aborted password change, quit */
+ if (retval == PAM_TRY_AGAIN)
+ continue;
+ if (retval == PAM_AUTHTOK_ERR || newtoken == NULL)
+ pam_syslog(pamh, LOG_INFO, "user aborted password change");
+ else
+ pam_syslog(pamh, LOG_ERR, "pam_get_authtok_verify returned error: %s",
+ pam_strerror(pamh, retval));
pwquality_free_settings(options.pwq);
return PAM_AUTHTOK_ERR;
}
@@ -270,7 +274,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
if (options.retry_times > 1)
return PAM_MAXTRIES;
else
- return retval;
+ return PAM_AUTHTOK_ERR;
} else {
pwquality_free_settings(options.pwq);
if (ctrl & PAM_DEBUG_ARG)
--
1.8.3.1

BIN
libpwquality-1.4.0.tar.bz2
View File

Binary file not shown.

BIN
libpwquality-1.4.2.tar.bz2 Normal file
View File

Binary file not shown.

20
libpwquality.spec
View File

@ -2,20 +2,15 @@
%define _secconfdir %{_sysconfdir}/security
Name: libpwquality
Version: 1.4.0
Release: 11
Version: 1.4.2
Release: 1
Summary: Library for password quality checking and generating random passwords.
License: BSD or GPLv2+
URL: https://github.com/libpwquality/libpwquality/
Source0: https://github.com/libpwquality/libpwquality/releases/download/libpwquality-%{version}/libpwquality-%{version}.tar.bz2
#patch from Fedora
Patch6000: 0006-pam_pwquality-Abort-the-retry-loop-when-user-cancels.patch
#patch from Fedora
Patch6001: 0001-Fix-harmless-one-byte-buffer-underflow-on-read.patch
Patch9000: modify-pwquality_conf.patch
Patch9001: fix-password-similarity.patch
Patch0: modify-pwquality_conf.patch
Patch1: fix-password-similarity.patch
BuildRequires: gcc cracklib-devel gettext pam-devel
BuildRequires: python2-devel python3-devel
@ -126,6 +121,13 @@ mkdir %{buildroot}%{_secconfdir}/pwquality.conf.d
%{_mandir}/man5/*
%{_mandir}/man3/*
%{_mandir}/man8/*
%changelog
* Thu Jul 23 2020 Hugel <gengqihu1@huawei.com> - 1.4.2-1
- Type:enhancement
- ID:NA
- SUG:NA
- DESC:update to 1.4.2
* Wed Sep 4 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.4.0-11
- Package init