diff --git a/SOURCES/libpwquality-1.2.3-generate-buf.patch b/SOURCES/libpwquality-1.2.3-generate-buf.patch new file mode 100644 index 0000000..f9049bb --- /dev/null +++ b/SOURCES/libpwquality-1.2.3-generate-buf.patch @@ -0,0 +1,12 @@ +diff -up libpwquality-1.2.3/src/generate.c.generate-buf libpwquality-1.2.3/src/generate.c +--- libpwquality-1.2.3/src/generate.c.generate-buf 2012-08-07 12:20:31.000000000 +0200 ++++ libpwquality-1.2.3/src/generate.c 2017-11-15 11:16:50.954530937 +0100 +@@ -100,7 +100,7 @@ consume_entropy(char *buf, int bits, int + int + pwquality_generate(pwquality_settings_t *pwq, int entropy_bits, char **password) + { +- char entropy[PWQ_MAX_ENTROPY_BITS/8 + 1]; ++ char entropy[(PWQ_MAX_ENTROPY_BITS+PWQ_MAX_ENTROPY_BITS/9)/8 + 2]; + char *tmp; + int maxlen; + int try = 0; diff --git a/SOURCES/libpwquality-1.2.3-settings.patch b/SOURCES/libpwquality-1.2.3-settings.patch new file mode 100644 index 0000000..f1ca2d1 --- /dev/null +++ b/SOURCES/libpwquality-1.2.3-settings.patch @@ -0,0 +1,42 @@ +diff -up libpwquality-1.2.3/src/settings.c.settings libpwquality-1.2.3/src/settings.c +--- libpwquality-1.2.3/src/settings.c.settings 2013-09-12 12:48:34.000000000 +0200 ++++ libpwquality-1.2.3/src/settings.c 2017-11-15 11:31:52.860620974 +0100 +@@ -42,6 +42,7 @@ pwquality_free_settings(pwquality_settin + { + if (pwq) { + free(pwq->dict_path); ++ free(pwq->bad_words); + free(pwq); + } + } +@@ -150,9 +151,11 @@ pwquality_read_config(pwquality_settings + if (*ptr == '\0') + continue; + ++ eq = 0; + name = ptr; + while (*ptr != '\0') { +- if (isspace(*ptr)) { ++ if (isspace(*ptr) || *ptr == '=') { ++ eq = *ptr == '='; + *ptr = '\0'; + ++ptr; + break; +@@ -160,7 +163,6 @@ pwquality_read_config(pwquality_settings + ++ptr; + } + +- eq = 0; + while (*ptr != '\0') { + if (*ptr != '=' || eq) { + if (!isspace(*ptr)) { +@@ -322,6 +324,9 @@ pwquality_get_int_value(pwquality_settin + case PWQ_SETTING_MAX_CLASS_REPEAT: + *value = pwq->max_class_repeat; + break; ++ case PWQ_SETTING_MAX_SEQUENCE: ++ *value = pwq->max_sequence; ++ break; + case PWQ_SETTING_GECOS_CHECK: + *value = pwq->gecos_check; + break; diff --git a/SPECS/libpwquality.spec b/SPECS/libpwquality.spec index 4fd4327..9eb2299 100644 --- a/SPECS/libpwquality.spec +++ b/SPECS/libpwquality.spec @@ -1,13 +1,15 @@ Summary: A library for password generation and password quality checking Name: libpwquality Version: 1.2.3 -Release: 4%{?dist} +Release: 5%{?dist} # The package is BSD licensed with option to relicense as GPLv2+ # - this option is redundant as the BSD license allows that anyway. License: BSD or GPLv2+ Group: System Environment/Base -Source0: http://fedorahosted.org/releases/l/i/libpwquality/libpwquality-%{version}.tar.bz2 +Source0: https://github.com/libpwquality/libpwquality/releases/download/libpwquality-%{version}/libpwquality-%{version}.tar.bz2 Patch1: libpwquality-1.2.3-translation-updates.patch +Patch2: libpwquality-1.2.3-generate-buf.patch +Patch3: libpwquality-1.2.3-settings.patch %global _pwqlibdir %{_libdir} %global _moduledir %{_libdir}/security @@ -20,7 +22,7 @@ BuildRequires: gettext BuildRequires: pam-devel BuildRequires: python2-devel -URL: http://libpwquality.fedorahosted.org/ +URL: https://github.com/libpwquality/libpwquality/ # we don't want to provide private python extension libs %define __provides_exclude_from ^%{python_sitearch}/.*\.so$. @@ -56,6 +58,8 @@ pronounceable passwords from Python applications. %prep %setup -q %patch1 -p2 -b .translations +%patch2 -p1 -b .generate-buf +%patch3 -p1 -b .settings %build %configure \ @@ -110,6 +114,10 @@ rm -f $RPM_BUILD_ROOT%{_moduledir}/*.la %{python_sitearch}/pwquality.so %changelog +* Wed Nov 15 2017 Tomáš Mráz 1.2.3-5 +- fix brittle configuration settings (#1259633) +- fix abort when generating large passwords on some architectures + * Fri Jan 24 2014 Daniel Mach - 1.2.3-4 - Mass rebuild 2014-01-24