Fix regression in dictionary creation and lookup

2018-11-26 16:44:58 +01:00 · 2018-11-26 16:44:58 +01:00 · bc61ed0119
commit bc61ed0119
parent 6d35644e4b
3 changed files with 67 additions and 2 deletions
--- a/cracklib-2.9.6-lookup.patch
+++ b/cracklib-2.9.6-lookup.patch
@ -0,0 +1,60 @@
+diff -up cracklib-2.9.6/lib/packlib.c.lookup cracklib-2.9.6/lib/packlib.c
+--- cracklib-2.9.6/lib/packlib.c.lookup	2018-10-10 14:19:06.988958835 +0200
+++ cracklib-2.9.6/lib/packlib.c	2018-11-26 16:04:34.648256614 +0100
+@@ -585,12 +585,11 @@ fprintf(stderr, "look for (%s)\n", strin
+     fprintf(stderr, "---- %lu, %lu ----\n", lwm, hwm);
+ #endif
+ 
+-    middle = lwm + ((hwm - lwm + 1) / 2);
+-
+     for (;;)
+     {
+ 	int cmp;
+ 
+	middle = lwm + ((hwm - lwm + 1) / 2);
+ 
+ #if DEBUG
+ 	fprintf(stderr, "lwm = %lu,  middle = %lu,  hwm = %lu\n", lwm, middle, hwm);
+@@ -617,24 +616,28 @@ fprintf(stderr, "look for (%s)\n", strin
+ 	    return(middle);
+         }
+ 
+-        if (middle == hwm)
+-        {
+-#if DEBUG
+-		fprintf(stderr, "at terminal subdivision, stopping search\n");
+-#endif
+-		break;
+-        }
+-
+ 	if (cmp < 0)
+ 	{
+-	    hwm = middle;
+-	    middle = lwm + ((hwm - lwm ) / 2);
+-	}
+	    if (middle == lwm)
+	    {
+#if DEBUG 
+		fprintf(stderr, "at terminal subdivision from right, stopping search\n");
+#endif
+		break;
+	    }
+	    hwm = middle - 1;
+	} 
+ 	else if (cmp > 0)
+ 	{
+-	    lwm = middle;
+-	    middle = lwm + ((hwm - lwm + 1) / 2);
+-	}
+	    if (middle == hwm)
+	    {
+#if DEBUG 
+		fprintf(stderr, "at terminal subdivision from left, stopping search\n");
+#endif
+		break;
+	    }
+	    lwm = middle + 1;
+	} 
+     }
+ 
+     return (PW_WORDS(pwp));
--- a/cracklib-2.9.6-simplistic.patch
+++ b/cracklib-2.9.6-simplistic.patch
@ -106,7 +106,7 @@ diff -up cracklib-2.9.6/util/cracklib-format.simplistic cracklib-2.9.6/util/crac
 -    tr '[A-Z]' '[a-z]' |
 -    tr -cd '\012[a-z][0-9]' |
 -    env LC_ALL=C sort -u
-+    grep -a -E -v '^.{30,}$' |
+    grep -a -E -v '^.{32,}$' |
 +    tr '[:upper:]' '[:lower:]' |
 +    tr -cd '\n[:graph:]' |
 +    sort -u
--- a/cracklib.spec
+++ b/cracklib.spec
@ -5,7 +5,7 @@
 Summary: A password-checking library
 Name: cracklib
 Version: 2.9.6
-Release: 17%{?dist}
+Release: 18%{?dist}
 Group: System Environment/Libraries
 Source0: https://github.com/cracklib/cracklib/releases/download/cracklib-%{version}/cracklib-%{version}.tar.gz
 Source1: https://github.com/cracklib/cracklib/releases/download/cracklib-%{version}/cracklib-words-%{version}.gz
@ -27,6 +27,7 @@ Patch6: cracklib-2.9.6-simplistic.patch
 Patch7: cracklib-2.9.6-translation-updates.patch
 Patch8: cracklib-2.9.6-cve-2016-6318.patch
 Patch9: cracklib-2.9.6-coverity.patch
+Patch10: cracklib-2.9.6-lookup.patch
 URL: http://sourceforge.net/projects/cracklib/
 License: LGPLv2+
 Buildroot: %{_tmppath}/%{name}-%{version}-root
@ -112,6 +113,7 @@ install -p -m 644 %{SOURCE3} po/zh_CN.po
 %patch7 -p1 -b .translations
 %patch8 -p1 -b .overflow
 %patch9 -p1 -b .coverity
+%patch10 -p1 -b .lookup

 mkdir cracklib-dicts
 for dict in %{SOURCE10} %{SOURCE1}
@ -235,6 +237,9 @@ EOF
 %endif

 %changelog
+* Mon Nov 26 2018 Tomáš Mráz <tmraz@redhat.com> - 2.9.6-18
+- Fix regression in dictionary creation and lookup
+
 * Wed Oct 10 2018 Tomáš Mráz <tmraz@redhat.com> - 2.9.6-17
 - Fix minor bug found in the Coverity scan