From 1feeb2e035a628f788d370fd26fb873f33ae108f Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Tue, 20 Dec 2016 05:11:23 +0100 Subject: gnu: argon2: Update to 20161029. * gnu/packages/password-utils.scm (argon2): Update to 20161029. --- gnu/packages/password-utils.scm | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'gnu/packages/password-utils.scm') diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm index 8f6210880c..c0d8d39a63 100644 --- a/gnu/packages/password-utils.scm +++ b/gnu/packages/password-utils.scm @@ -317,18 +317,17 @@ through the pass command.") (define-public argon2 (package (name "argon2") - (version "20160406") + (version "20161029") (source (origin (method url-fetch) (uri - (string-append - "https://codeload.github.com/P-H-C/phc-winner-" - name "/tar.gz/" version)) + (string-append "https://github.com/P-H-C/phc-winner-argon2/archive/" + version ".tar.gz")) (file-name (string-append name "-" version ".tar.gz")) (sha256 (base32 - "0g6wa94sh639xl1qc8z21q43r1mp8y77r1zf8nwx5pfsxd8fmyzv")))) + "1rymikbysasdadm325jx69i0q19d9srqkny69jwmhswlidr4j07y")))) (build-system gnu-build-system) (arguments `(#:test-target "test" -- cgit 1.4.1 From f339f2773da39cf8ea312c3ba06a4660bf557e84 Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Mon, 2 Jan 2017 19:24:33 -0500 Subject: gnu: assword: Update to 0.10. * gnu/packages/password-utils.scm (assword): Update to 0.10. [arguments]: Use Python 3 instead of Python 2. [inputs]: Use Python 3 variants of inputs. Replace python2-pygpgme with python-gpg. Remove python2-pygtk. Add python-pygobject. [native-inputs]: Replace help2man with txt2man. [arguments]: Remove PYTHONPATH from 'Makefile' in the 'manpage' phase. --- gnu/packages/password-utils.scm | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to 'gnu/packages/password-utils.scm') diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm index c0d8d39a63..f8111b2abf 100644 --- a/gnu/packages/password-utils.scm +++ b/gnu/packages/password-utils.scm @@ -7,6 +7,7 @@ ;;; Copyright © 2016 Andreas Enge ;;; Copyright © 2016 Lukas Gradl ;;; Copyright © 2016 Alex Griffin +;;; Copyright © 2017 Leo Famulari ;;; ;;; This file is part of GNU Guix. ;;; @@ -33,8 +34,8 @@ #:use-module (gnu packages admin) #:use-module (gnu packages base) #:use-module (gnu packages compression) + #:use-module (gnu packages glib) #:use-module (gnu packages gnupg) - #:use-module (gnu packages gtk) #:use-module (gnu packages guile) #:use-module (gnu packages linux) #:use-module (gnu packages man) @@ -216,7 +217,7 @@ random passwords that pass the checks.") (define-public assword (package (name "assword") - (version "0.8") + (version "0.10") (source (origin (method url-fetch) (uri (list @@ -225,10 +226,9 @@ random passwords that pass the checks.") "assword_" version ".orig.tar.gz"))) (sha256 (base32 - "0dl4wizbi0r21wxzykm8s445xbvqim5nabi799dmpkdnnh8i546i")))) + "0l6170y6my1gprqkazvzabgjkrkr9v2q7z48vjflna4r323yqira")))) (arguments - `(#:python ,python-2 - ;; irritatingly, tests do run but not there are two problems: + `(;; irritatingly, tests do run but not there are two problems: ;; - "import gtk" fails for unknown reasons here despite it the ;; program working (indeed, I've found I have to do a logout and log ;; back in in after an install order for some mumbo jumbo environment @@ -242,17 +242,21 @@ random passwords that pass the checks.") (add-after 'install 'manpage (lambda* (#:key outputs #:allow-other-keys) (and + ;; Without this substitution, it fails with + ;; ImportError: No module named 'gpg' + (substitute* "Makefile" + (("PYTHONPATH=.") "")) (zero? (system* "make" "assword.1")) (install-file "assword.1" (string-append (assoc-ref outputs "out") "/share/man/man1")))))))) (build-system python-build-system) (native-inputs - `(("help2man" ,help2man))) + `(("txt2man" ,txt2man))) (inputs - `(("python2-xdo" ,python2-xdo) - ("python2-pygpgme" ,python2-pygpgme) - ("python2-pygtk" ,python2-pygtk))) + `(("python-xdo" ,python-xdo) + ("python-gpg" ,python-gpg) + ("python-pygobject" ,python-pygobject))) (propagated-inputs `(("xclip" ,xclip))) (home-page "https://finestructure.net/assword/") -- cgit 1.4.1 From b0a567640cf66f396de3fb4a827f9cf8a7ee0abb Mon Sep 17 00:00:00 2001 From: Leo Famulari Date: Tue, 10 Jan 2017 15:27:44 -0500 Subject: gnu: cracklib: Fix buffer overflow. * gnu/packages/patches/cracklib-fix-buffer-overflow.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/password-utils.scm (cracklib)[source]: Use it. --- gnu/local.mk | 1 + gnu/packages/password-utils.scm | 3 +- .../patches/cracklib-fix-buffer-overflow.patch | 39 ++++++++++++++++++++++ 3 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/cracklib-fix-buffer-overflow.patch (limited to 'gnu/packages/password-utils.scm') diff --git a/gnu/local.mk b/gnu/local.mk index e34ae17796..21580a3870 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -511,6 +511,7 @@ dist_patch_DATA = \ %D%/packages/patches/cpio-CVE-2016-2037.patch \ %D%/packages/patches/cpufrequtils-fix-aclocal.patch \ %D%/packages/patches/cracklib-CVE-2016-6318.patch \ + %D%/packages/patches/cracklib-fix-buffer-overflow.patch \ %D%/packages/patches/crda-optional-gcrypt.patch \ %D%/packages/patches/crossmap-allow-system-pysam.patch \ %D%/packages/patches/csound-header-ordering.patch \ diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm index f8111b2abf..cb8dacc3ea 100644 --- a/gnu/packages/password-utils.scm +++ b/gnu/packages/password-utils.scm @@ -173,7 +173,8 @@ and vice versa.") (uri (string-append "https://github.com/cracklib/cracklib/" "releases/download/" name "-" version "/" name "-" version ".tar.gz")) - (patches (search-patches "cracklib-CVE-2016-6318.patch")) + (patches (search-patches "cracklib-CVE-2016-6318.patch" + "cracklib-fix-buffer-overflow.patch")) (sha256 (base32 "0hrkb0prf7n92w6rxgq0ilzkk6rkhpys2cfqkrbzswp27na7dkqp")))) diff --git a/gnu/packages/patches/cracklib-fix-buffer-overflow.patch b/gnu/packages/patches/cracklib-fix-buffer-overflow.patch new file mode 100644 index 0000000000..b1c990f282 --- /dev/null +++ b/gnu/packages/patches/cracklib-fix-buffer-overflow.patch @@ -0,0 +1,39 @@ +Fix buffer overflow processing long words in Mangle(). + +Patch adpated from upstream commit, omitting changes to 'NEWS': + +https://github.com/cracklib/cracklib/commit/33d7fa4585247cd2247a1ffa032ad245836c6edb + +From 33d7fa4585247cd2247a1ffa032ad245836c6edb Mon Sep 17 00:00:00 2001 +From: Jan Dittberner +Date: Thu, 25 Aug 2016 17:17:53 +0200 +Subject: [PATCH] Fix a buffer overflow processing long words + +A buffer overflow processing long words has been discovered. This commit +applies the patch from +https://build.opensuse.org/package/view_file/Base:System/cracklib/0004-overflow-processing-long-words.patch +by Howard Guo. + +See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835386 and +http://www.openwall.com/lists/oss-security/2016/08/23/8 +--- + src/NEWS | 1 + + src/lib/rules.c | 5 ++--- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/lib/rules.c b/src/lib/rules.c +index d193cc0..3a2aa46 100644 +--- a/lib/rules.c ++++ b/lib/rules.c +@@ -434,9 +434,8 @@ Mangle(input, control) /* returns a pointer to a controlled Mangle */ + { + int limit; + register char *ptr; +- static char area[STRINGSIZE]; +- char area2[STRINGSIZE]; +- area[0] = '\0'; ++ static char area[STRINGSIZE * 2] = {0}; ++ char area2[STRINGSIZE * 2] = {0}; + strcpy(area, input); + + for (ptr = control; *ptr; ptr++) -- cgit 1.4.1