reinit the tree, so we can have metadata

5 files changed, 275 insertions, 0 deletions

diff --git a/sys-libs/cracklib/Manifest b/sys-libs/cracklib/Manifest
new file mode 100644
index 000000000000..cabba446b37a
--- /dev/null
+++ b/sys-libs/cracklib/Manifest
@@ -0,0 +1,7 @@
+AUX cracklib-2.9.6-CVE-2016-6318.patch 3288 SHA256 16f033cb2192cb27d77e992b5399a4f2b99f7a0afa13f112f98a82b5ad826eee SHA512 232f632034fb602ea464885cd9f07aa30a3feb04bd231e7c2f2854f47493e027d87910454c089dc2c567aa01f6882bed7ee2a86d929fa36178746cf2a7dbf346 WHIRLPOOL 898cc6e66dc5b0801b324836a80004a7d0f97c710a46c618f29ff12b72e22c924cd7d82cad1163df1b47597f5676a84ec64955ddad7297ce64c98323ca127288
+AUX cracklib-2.9.6-fix-long-word-bufferoverflow.patch 1614 SHA256 b26ea5ff656e606f27baceccf2c11503fc2deeea912397b44f31ebd0dbdd7ddd SHA512 e4a2f9f467d3f0ce8acd4c9ea6ca19787dca6bd2bfaa80ddbf9ec1214a5e2b519c088b07760349adac9bd6805a4b512c015181863d679643cc12c68104c29a6d WHIRLPOOL abea9574414390a474561313e501b240457da22cd8fb18109ad42ab5af9a504ee20c4a2a3d9d4b9ea7bd148d26604ba5c1826a511f68d08f43c9b69b18d27f8f
+DIST cracklib-2.9.6.tar.gz 642402 SHA256 17cf76943de272fd579ed831a1fd85339b393f8d00bf9e0d17c91e972f583343 SHA512 2b09672e5b412d670e7ed911ebf0c0023fe2901ea05c9c02eefb7a58a13cddbc27a65d75bb20be9f8cebf4c90a9a56dfe1a3b656dff62b1d6048f5376e671786 WHIRLPOOL 2b7b908952166e07aedfca7d17423a8dff0ec145a5f34a7ec01571cb591f0e92e57dd25ab6ffff15f1ec276bfefa455072fc7741e664115a4fafdd7f75d580e1
+EBUILD cracklib-2.9.6-r1.ebuild 2586 SHA256 00bef078c5d6ba19c76edaa79d58c091bd1f02d3cc6ffbb39e2c3e38c3956edd SHA512 0154faa441e253340b73b681ca939cc63bb3a3e6fc165f94593da6036478bd3b849557ac53f6b260028d4627414b269434d7bbb3f5dc1e5bccb149abf10add2c WHIRLPOOL 1898e3f398636ab985472db34af285dd910ed6834eb65e32e423a8c194dff398a14d652dcfe9e8ce0b6dec0d2ae392521074c5265900f67d1e5b5b863f37de01
+MISC ChangeLog 7657 SHA256 66e9eed15ff1a8dd2ca9ed3e7a2476fffeb90433f933c0c687b5fb887b6d7034 SHA512 344ec06e6b80812a30572f2fed8a5c6ae6345ed8f0b1b61e144fe189e57a897c127b6363bbcd6b2a6761d123c4d328e8685931eca2ae4399bc5e3a1f4108d5e0 WHIRLPOOL b836a6a114602930c3feb150448f03faca5cf109f72dd079b0eb22d0aaa4cb6c3aa52dfa7a2b7f5fb05363b039e9b6f660c89cb1edba00bd61a100f0171f6f27
+MISC ChangeLog-2015 27435 SHA256 f4e21158fda642097c81941e1bfbd1ca009335d73a21fefe18e41d322dcafa6e SHA512 73625d98457b1e96cc9b77585a457a3375b34fce199cac90db905616013934ea4edbf05a2d6f1419dba58c3c9e158e900d652c39a8eb7583b91678c293da0592 WHIRLPOOL 7ee06f55d10d379fd01caef49525c803413a551e5dc4573fa01d652b4152c6c4eaf486781fc71ed5e76fb2686e00bc98435a7b8538ec5c4899d4d0d32a3a326c
+MISC metadata.xml 384 SHA256 7634a3d5aca060298d77d31e2b9048b1e4e3c6be42c080f618d882a65f347232 SHA512 773287176f56f1a0f11edc6cd1ca85453f998ad8e58b1e608562335f814aab18124bfb850063dd4fa35aba525b776bf2c202d8afa6d4b51e354276678f324bd1 WHIRLPOOL b94fe41a178eba9f8fcfa6519a8de0e091b14fe3157d3e6c9b7260a069915f10bc66c314e62062e4d5047978944a30c3a978d9f9e08b94a7607a4755530df5e9
diff --git a/sys-libs/cracklib/cracklib-2.9.6-r1.ebuild b/sys-libs/cracklib/cracklib-2.9.6-r1.ebuild
new file mode 100644
index 000000000000..101aef422958
--- /dev/null
+++ b/sys-libs/cracklib/cracklib-2.9.6-r1.ebuild
@@ -0,0 +1,105 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+DISTUTILS_OPTIONAL=1
+
+inherit eutils distutils-r1 libtool multilib-minimal toolchain-funcs
+
+MY_P=${P/_}
+DESCRIPTION="Password Checking Library"
+HOMEPAGE="https://github.com/cracklib/cracklib/"
+SRC_URI="https://github.com/${PN}/${PN}/releases/download/${P}/${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~m68k-mint"
+IUSE="nls python static-libs zlib"
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+RDEPEND="python? ( ${PYTHON_DEPS} )
+	zlib? ( >=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	python? (
+		dev-python/setuptools[${PYTHON_USEDEP}]
+	)"
+
+S=${WORKDIR}/${MY_P}
+
+do_python() {
+	multilib_is_native_abi || return 0
+	use python || return 0
+	pushd python > /dev/null || die
+	distutils-r1_src_${EBUILD_PHASE}
+	popd > /dev/null
+}
+
+pkg_setup() {
+	# workaround #195017
+	if has unmerge-orphans ${FEATURES} && has_version "<${CATEGORY}/${PN}-2.8.10" ; then
+		eerror "Upgrade path is broken with FEATURES=unmerge-orphans"
+		eerror "Please run: FEATURES=-unmerge-orphans emerge cracklib"
+		die "Please run: FEATURES=-unmerge-orphans emerge cracklib"
+	fi
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/cracklib-2.9.6-CVE-2016-6318.patch
+	epatch "${FILESDIR}"/cracklib-2.9.6-fix-long-word-bufferoverflow.patch
+
+	elibtoolize #269003
+	do_python
+}
+
+multilib_src_configure() {
+	export ac_cv_header_zlib_h=$(usex zlib)
+	export ac_cv_search_gzopen=$(usex zlib -lz no)
+	# use /usr/lib so that the dictionary is shared between ABIs
+	ECONF_SOURCE=${S} \
+	econf \
+		--with-default-dict='/usr/lib/cracklib_dict' \
+		--without-python \
+		$(use_enable nls) \
+		$(use_enable static-libs static)
+}
+
+multilib_src_compile() {
+	default
+	do_python
+}
+
+multilib_src_test() {
+	# Make sure we load the freshly built library
+	LD_LIBRARY_PATH="${BUILD_DIR}/lib/.libs" do_python
+}
+
+python_test() {
+	${EPYTHON} -m unittest test_cracklib || die "Tests fail with ${EPYTHON}"
+}
+
+multilib_src_install() {
+	default
+	# move shared libs to /
+	gen_usr_ldscript -a crack
+
+	do_python
+}
+
+multilib_src_install_all() {
+	einstalldocs
+	prune_libtool_files
+	rm -r "${ED}"/usr/share/cracklib
+
+	insinto /usr/share/dict
+	doins dicts/cracklib-small || die
+}
+
+pkg_postinst() {
+	if [[ ${ROOT} == "/" ]] ; then
+		ebegin "Regenerating cracklib dictionary"
+		create-cracklib-dict "${EPREFIX}"/usr/share/dict/* > /dev/null
+		eend $?
+	fi
+}
diff --git a/sys-libs/cracklib/files/cracklib-2.9.6-CVE-2016-6318.patch b/sys-libs/cracklib/files/cracklib-2.9.6-CVE-2016-6318.patch
new file mode 100644
index 000000000000..bc47734759e2
--- /dev/null
+++ b/sys-libs/cracklib/files/cracklib-2.9.6-CVE-2016-6318.patch
@@ -0,0 +1,108 @@
+From 47e5dec521ab6243c9b249dd65b93d232d90d6b1 Mon Sep 17 00:00:00 2001
+From: Jan Dittberner <jan@dittberner.info>
+Date: Thu, 25 Aug 2016 17:13:49 +0200
+Subject: [PATCH] Apply patch to fix CVE-2016-6318
+
+This patch fixes an issue with a stack-based buffer overflow whne
+parsing large GECOS field. See
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 and
+https://security-tracker.debian.org/tracker/CVE-2016-6318 for more
+information.
+---
+ src/NEWS          |  1 +
+ src/lib/fascist.c | 57 ++++++++++++++++++++++++++++++++-----------------------
+ 2 files changed, 34 insertions(+), 24 deletions(-)
+
+diff --git a/src/NEWS b/src/NEWS
+index 26abeee..361a207 100644
+--- a/src/NEWS
++++ b/src/NEWS
+@@ -1,3 +1,4 @@
++v2.9.x apply patch to fix CVE-2016-6318 Stack-based buffer overflow when parsing large GECOS field
+ v2.9.6 updates to cracklib-words to add a bunch of other dictionary lists
+        migration to github
+        patch to add some particularly bad cases to the cracklib small dictionary (Matthew Miller)
+diff --git a/src/lib/fascist.c b/src/lib/fascist.c
+index a996509..d4deb15 100644
+--- a/src/lib/fascist.c
++++ b/src/lib/fascist.c
+@@ -502,7 +502,7 @@ FascistGecosUser(char *password, const char *user, const char *gecos)
+     char gbuffer[STRINGSIZE];
+     char tbuffer[STRINGSIZE];
+     char *uwords[STRINGSIZE];
+-    char longbuffer[STRINGSIZE * 2];
++    char longbuffer[STRINGSIZE];
+ 
+     if (gecos == NULL)
+ 	gecos = "";
+@@ -583,38 +583,47 @@ FascistGecosUser(char *password, const char *user, const char *gecos)
+     {
+ 	for (i = 0; i < j; i++)
+ 	{
+-	    strcpy(longbuffer, uwords[i]);
+-	    strcat(longbuffer, uwords[j]);
+-
+-	    if (GTry(longbuffer, password))
++	    if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE)
+ 	    {
+-		return _("it is derived from your password entry");
+-	    }
++		strcpy(longbuffer, uwords[i]);
++		strcat(longbuffer, uwords[j]);
+ 
+-	    strcpy(longbuffer, uwords[j]);
+-	    strcat(longbuffer, uwords[i]);
++		if (GTry(longbuffer, password))
++		{
++		    return _("it is derived from your password entry");
++		}
+ 
+-	    if (GTry(longbuffer, password))
+-	    {
+-		return _("it's derived from your password entry");
+-	    }
++		strcpy(longbuffer, uwords[j]);
++		strcat(longbuffer, uwords[i]);
+ 
+-	    longbuffer[0] = uwords[i][0];
+-	    longbuffer[1] = '\0';
+-	    strcat(longbuffer, uwords[j]);
++		if (GTry(longbuffer, password))
++		{
++		   return _("it's derived from your password entry");
++		}
++	    }
+ 
+-	    if (GTry(longbuffer, password))
++	    if (strlen(uwords[j]) < STRINGSIZE - 1)
+ 	    {
+-		return _("it is derivable from your password entry");
++		longbuffer[0] = uwords[i][0];
++		longbuffer[1] = '\0';
++		strcat(longbuffer, uwords[j]);
++
++		if (GTry(longbuffer, password))
++		{
++		    return _("it is derivable from your password entry");
++		}
+ 	    }
+ 
+-	    longbuffer[0] = uwords[j][0];
+-	    longbuffer[1] = '\0';
+-	    strcat(longbuffer, uwords[i]);
+-
+-	    if (GTry(longbuffer, password))
++	    if (strlen(uwords[i]) < STRINGSIZE - 1)
+ 	    {
+-		return _("it's derivable from your password entry");
++		longbuffer[0] = uwords[j][0];
++		longbuffer[1] = '\0';
++		strcat(longbuffer, uwords[i]);
++
++		if (GTry(longbuffer, password))
++		{
++		    return _("it's derivable from your password entry");
++		}
+ 	    }
+ 	}
+     }
diff --git a/sys-libs/cracklib/files/cracklib-2.9.6-fix-long-word-bufferoverflow.patch b/sys-libs/cracklib/files/cracklib-2.9.6-fix-long-word-bufferoverflow.patch
new file mode 100644
index 000000000000..59dc9e539eb3
--- /dev/null
+++ b/sys-libs/cracklib/files/cracklib-2.9.6-fix-long-word-bufferoverflow.patch
@@ -0,0 +1,43 @@
+From 33d7fa4585247cd2247a1ffa032ad245836c6edb Mon Sep 17 00:00:00 2001
+From: Jan Dittberner <jan@dittberner.info>
+Date: Thu, 25 Aug 2016 17:17:53 +0200
+Subject: [PATCH] Fix a buffer overflow processing long words
+
+A buffer overflow processing long words has been discovered. This commit
+applies the patch from
+https://build.opensuse.org/package/view_file/Base:System/cracklib/0004-overflow-processing-long-words.patch
+by Howard Guo.
+
+See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835386 and
+http://www.openwall.com/lists/oss-security/2016/08/23/8
+---
+ src/NEWS        | 1 +
+ src/lib/rules.c | 5 ++---
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/NEWS b/src/NEWS
+index 361a207..f1df3b0 100644
+--- a/src/NEWS
++++ b/src/NEWS
+@@ -1,4 +1,5 @@
+ v2.9.x apply patch to fix CVE-2016-6318 Stack-based buffer overflow when parsing large GECOS field
++       fix a buffer overflow processing long words
+ v2.9.6 updates to cracklib-words to add a bunch of other dictionary lists
+        migration to github
+        patch to add some particularly bad cases to the cracklib small dictionary (Matthew Miller)
+diff --git a/src/lib/rules.c b/src/lib/rules.c
+index d193cc0..3a2aa46 100644
+--- a/src/lib/rules.c
++++ b/src/lib/rules.c
+@@ -434,9 +434,8 @@ Mangle(input, control)		/* returns a pointer to a controlled Mangle */
+ {
+     int limit;
+     register char *ptr;
+-    static char area[STRINGSIZE];
+-    char area2[STRINGSIZE];
+-    area[0] = '\0';
++    static char area[STRINGSIZE * 2] = {0};
++    char area2[STRINGSIZE * 2] = {0};
+     strcpy(area, input);
+ 
+     for (ptr = control; *ptr; ptr++)
diff --git a/sys-libs/cracklib/metadata.xml b/sys-libs/cracklib/metadata.xml
new file mode 100644
index 000000000000..0bd584bf7040
--- /dev/null
+++ b/sys-libs/cracklib/metadata.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer type="project">
+	<email>base-system@gentoo.org</email>
+	<name>Gentoo Base System</name>
+</maintainer>
+<upstream>
+	<remote-id type="sourceforge">cracklib</remote-id>
+	<remote-id type="github">cracklib/cracklib</remote-id>
+</upstream>
+</pkgmetadata>