Update to passwd-0.80

- resolves RHBZ #1293929
This commit is contained in:
Jiri Kucera 2018-03-29 14:53:05 +02:00
parent 9291a1c7dd
commit 8536247c0e
4 changed files with 15 additions and 46 deletions

1
.gitignore vendored
View File

@ -2,3 +2,4 @@
passwd-0.78.tar.bz2
/passwd-0.78.99.tar.bz2
/passwd-0.79.tar.bz2
/passwd-0.80.tar.bz2

View File

@ -1,40 +0,0 @@
Support passwords up to PAM_MAX_RESP_SIZE - 1 with --stdin
diff -r a3adceb0d42d -r 41908bb68e45 passwd.c
--- a/passwd.c Sat May 23 06:52:54 2015 +0200
+++ b/passwd.c Mon Nov 02 19:20:24 2015 +0100
@@ -479,17 +479,32 @@
/* If we need to read the new password from stdin, read it and switch
* to the really-quiet stdin conversation function. */
if (passwd_flags & PASSWD_STDIN) {
- char *ptr, newPassword[80];
+ /* PAM's documentation says that PAM_MAX_RESP_SIZE is the
+ * maximum supported length of the password, but in practice
+ * the code (including examples in the OSF RFC) often truncates
+ * data at PAM_MAX_RESP_SIZE - 1. So, refuse to use anything
+ * longer than PAM_MAX_RESP_SIZE - 1, to prevent users from
+ * setting a password they won't be able to use to log in. */
+ char *ptr, newPassword[PAM_MAX_RESP_SIZE];
int i;
i = read(STDIN_FILENO, newPassword,
- sizeof(newPassword) - 1);
+ sizeof(newPassword));
if (i < 0) {
fprintf(stderr,
_("%s: error reading from stdin: %s\n"), progname,
strerror(errno));
exit(1);
}
+ if (i == sizeof(newPassword)) {
+ if (newPassword[i - 1] != '\n') {
+ fprintf(stderr,
+ _("%s: password too long, maximum is %zu"),
+ progname, sizeof(newPassword) - 1);
+ exit(1);
+ }
+ i--;
+ }
newPassword[i] = '\0';
ptr = strchr(newPassword, '\n');

View File

@ -6,20 +6,24 @@
%endif
Summary: An utility for setting or changing passwords using PAM
Name: passwd
Version: 0.79
Release: 15%{?dist}
Version: 0.80
Release: 1%{?dist}
License: BSD or GPL+
Group: System Environment/Base
URL: https://pagure.io/passwd
Source: https://releases.pagure.org/passwd/passwd-%{version}.tar.bz2
# Upstream changeset ca46cac76757082322d19f736a88cbf81bd70063
Patch0: passwd-0.79-stdin-length.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: pam >= 1.0.90, /etc/pam.d/system-auth
%if %{WITH_SELINUX}
Requires: libselinux >= 2.1.6-3
BuildRequires: libselinux-devel >= 2.1.6-3
%endif
# Provides autoreconf
BuildRequires: autoconf
# Provides autopoint
BuildRequires: gettext-devel
# Provides aclocal
BuildRequires: automake
# https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/IJFYI5Q2BYZKIGDFS2WLOBDUSEGWHIKV/
BuildRequires: gcc
BuildRequires: glib2-devel, libuser-devel, pam-devel, libuser >= 0.53-1
@ -36,7 +40,7 @@ Modules) library.
%prep
%setup -q -n %{name}-%{version}
%patch0 -p1 -b .stdin-length
autoreconf -fis -Wall
%build
%configure \
@ -76,6 +80,10 @@ done
%{_mandir}/man1/passwd.1*
%changelog
* Thu Mar 29 2018 Jiri Kucera <jkucera@redhat.com> - 0.80-1
- Update to passwd-0.80
Resolves: #1293929
* Thu Mar 29 2018 Jiri Kucera <jkucera@redhat.com> - 0.79-15
- Mercurial changeset ID changed to the corresponding Git
changeset ID

View File

@ -1 +1 @@
529f7ab99ef4bcde410936477b680c5c passwd-0.79.tar.bz2
SHA512 (passwd-0.80.tar.bz2) = 95e16e740bb245a055d3872e9d080f951e4a378e450fa4fd7f7033573f348c9aa3ce6be256e2db32cd7d2d181faca7efff4c2f3f64ec1fb7cd411f5176eed0b4