!2 update libpwquality to 1.4.2

Merge pull request !2 from Hugel/master
2020-07-24 14:08:04 +08:00 · 2020-07-24 14:08:04 +08:00 · 99d4701cc6
commit 99d4701cc6
parent 4fe4a27b47 d044dbd11b
5 changed files with 11 additions and 124 deletions
--- a/0001-Fix-harmless-one-byte-buffer-underflow-on-read.patch
+++ b/0001-Fix-harmless-one-byte-buffer-underflow-on-read.patch
@ -1,46 +0,0 @@
 From 9d6140b4c37f39cdd0c1947adf07dc5ca1762055 Mon Sep 17 00:00:00 2001
 From: Tomas Mraz <tmraz@fedoraproject.org>
 Date: Tue, 26 Mar 2019 10:12:09 +0100
 Subject: [PATCH 1/2] Fix harmless one byte buffer underflow on read
 When settings file has comments spanning a whole line there
 is harmless one byte read before the line buffer.
 Thanks Emiel Bruijntjes for finding the issue.
 ---
 src/settings.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)
 diff --git a/src/settings.c b/src/settings.c
 index 4f11537..922a55d 100644
 --- a/src/settings.c
 +++ b/src/settings.c
@@ -134,7 +134,8 @@ read_config_file(pwquality_settings_t *pwq, const char *cfgfile, void **auxerror
                 int eq;
                 len = strlen(linebuf);
 -                if (linebuf[len - 1] != '\n' && !feof(f)) {
 +                /* len cannot be 0 unless there is a bug in fgets */
 +                if (len && linebuf[len - 1] != '\n' && !feof(f)) {
                         (void) fclose(f);
                         return PWQ_ERROR_CFGFILE_MALFORMED;
                 }
@@ -146,13 +147,13 @@ read_config_file(pwquality_settings_t *pwq, const char *cfgfile, void **auxerror
                 }
                 /* drop terminating whitespace including the \n */
 -                do {
 +                while (ptr > linebuf) {
                         if (!isspace(*(ptr-1))) {
                                 *ptr = '\0';
                                 break;
                         }
                         --ptr;
 -                } while (ptr > linebuf);
 +                }
                 /* skip initial whitespace */
                 for (ptr = linebuf; isspace(*ptr); ptr++);
 -- 
 1.8.3.1
--- a/0006-pam_pwquality-Abort-the-retry-loop-when-user-cancels.patch
+++ b/0006-pam_pwquality-Abort-the-retry-loop-when-user-cancels.patch
@ -1,69 +0,0 @@
 From bddd1dfe5a13e39e04ed1593cba4263dfd528fad Mon Sep 17 00:00:00 2001
 From: Tomas Mraz <tmraz@fedoraproject.org>
 Date: Thu, 17 May 2018 15:32:16 +0200
 Subject: [PATCH 06/11] pam_pwquality: Abort the retry loop when user cancels
 prompt
 The retry loop must be aborted for any pam_get_authtok() error
 except for PAM_TRY_AGAIN.
 Fixes: #7
 ---
 src/pam_pwquality.c | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)
 diff --git a/src/pam_pwquality.c b/src/pam_pwquality.c
 index dd72380..9c9849d 100644
 --- a/src/pam_pwquality.c
 +++ b/src/pam_pwquality.c
@@ -209,11 +209,12 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
                          */
                         retval = pam_get_authtok_noverify(pamh, &newtoken, NULL);
 -                        if (retval != PAM_SUCCESS) {
 -                                pam_syslog(pamh, LOG_ERR, "pam_get_authtok_noverify returned error: %s",
 -                                        pam_strerror(pamh, retval));
 -                                continue;
 -                        } else if (newtoken == NULL) { /* user aborted password change, quit */
 +                        if (retval != PAM_SUCCESS || newtoken == NULL) {
 +                                if (retval == PAM_AUTHTOK_ERR || newtoken == NULL)
 +                                        pam_syslog(pamh, LOG_INFO, "user aborted password change");
 +                                else 
 +                                        pam_syslog(pamh, LOG_ERR, "pam_get_authtok_noverify returned error: %s",
 +                                               pam_strerror(pamh, retval));
                                 pwquality_free_settings(options.pwq);
                                 return PAM_AUTHTOK_ERR;
                         }
@@ -248,12 +249,15 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
                         }
                         retval = pam_get_authtok_verify(pamh, &newtoken, NULL);
 -                        if (retval != PAM_SUCCESS) {
 -                                pam_syslog(pamh, LOG_ERR, "pam_get_authtok_verify returned error: %s",
 -                                pam_strerror(pamh, retval));
 +                        if (retval != PAM_SUCCESS || newtoken == NULL) {
                                 pam_set_item(pamh, PAM_AUTHTOK, NULL);
 -                                continue;
 -                        } else if (newtoken == NULL) {      /* user aborted password change, quit */
 +                                if (retval == PAM_TRY_AGAIN)
 +                                        continue;
 +                                if (retval == PAM_AUTHTOK_ERR || newtoken == NULL)
 +                                        pam_syslog(pamh, LOG_INFO, "user aborted password change");
 +                                else 
 +                                        pam_syslog(pamh, LOG_ERR, "pam_get_authtok_verify returned error: %s",
 +                                               pam_strerror(pamh, retval));
                                 pwquality_free_settings(options.pwq);
                                 return PAM_AUTHTOK_ERR;
                         }
@@ -270,7 +274,7 @@ pam_sm_chauthtok(pam_handle_t *pamh, int flags,
                 if (options.retry_times > 1)
                         return PAM_MAXTRIES;
                 else
 -                        return retval;
 +                        return PAM_AUTHTOK_ERR;
         } else {
                 pwquality_free_settings(options.pwq);
                 if (ctrl & PAM_DEBUG_ARG)
 -- 
 1.8.3.1
--- a/libpwquality-1.4.0.tar.bz2
+++ b/libpwquality-1.4.0.tar.bz2
--- a/libpwquality-1.4.2.tar.bz2
+++ b/libpwquality-1.4.2.tar.bz2
--- a/libpwquality.spec
+++ b/libpwquality.spec
@ -2,20 +2,15 @@
 %define _secconfdir %{_sysconfdir}/security
 Name: libpwquality
-Version: 1.4.0
+Version: 1.4.2
-Release: 11
+Release: 1
 Summary: Library for password quality checking and generating random passwords.
 License: BSD or GPLv2+
 URL:     https://github.com/libpwquality/libpwquality/
 Source0: https://github.com/libpwquality/libpwquality/releases/download/libpwquality-%{version}/libpwquality-%{version}.tar.bz2
-#patch from Fedora
+Patch0: modify-pwquality_conf.patch
-Patch6000: 0006-pam_pwquality-Abort-the-retry-loop-when-user-cancels.patch
+Patch1: fix-password-similarity.patch
 #patch from Fedora
 Patch6001: 0001-Fix-harmless-one-byte-buffer-underflow-on-read.patch
 Patch9000: modify-pwquality_conf.patch
 Patch9001: fix-password-similarity.patch
 BuildRequires: gcc cracklib-devel gettext pam-devel
 BuildRequires: python2-devel python3-devel
@ -126,6 +121,13 @@ mkdir %{buildroot}%{_secconfdir}/pwquality.conf.d
 %{_mandir}/man5/*
 %{_mandir}/man3/*
 %{_mandir}/man8/*
 %changelog
 * Thu Jul 23 2020 Hugel <gengqihu1@huawei.com> - 1.4.2-1
 - Type:enhancement
 - ID:NA
 - SUG:NA
 - DESC:update to 1.4.2
 * Wed Sep 4 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.4.0-11
 - Package init