parent
9291a1c7dd
commit
8536247c0e
1
.gitignore
vendored
1
.gitignore
vendored
@ -2,3 +2,4 @@
|
||||
passwd-0.78.tar.bz2
|
||||
/passwd-0.78.99.tar.bz2
|
||||
/passwd-0.79.tar.bz2
|
||||
/passwd-0.80.tar.bz2
|
||||
|
||||
@ -1,40 +0,0 @@
|
||||
Support passwords up to PAM_MAX_RESP_SIZE - 1 with --stdin
|
||||
|
||||
diff -r a3adceb0d42d -r 41908bb68e45 passwd.c
|
||||
--- a/passwd.c Sat May 23 06:52:54 2015 +0200
|
||||
+++ b/passwd.c Mon Nov 02 19:20:24 2015 +0100
|
||||
@@ -479,17 +479,32 @@
|
||||
/* If we need to read the new password from stdin, read it and switch
|
||||
* to the really-quiet stdin conversation function. */
|
||||
if (passwd_flags & PASSWD_STDIN) {
|
||||
- char *ptr, newPassword[80];
|
||||
+ /* PAM's documentation says that PAM_MAX_RESP_SIZE is the
|
||||
+ * maximum supported length of the password, but in practice
|
||||
+ * the code (including examples in the OSF RFC) often truncates
|
||||
+ * data at PAM_MAX_RESP_SIZE - 1. So, refuse to use anything
|
||||
+ * longer than PAM_MAX_RESP_SIZE - 1, to prevent users from
|
||||
+ * setting a password they won't be able to use to log in. */
|
||||
+ char *ptr, newPassword[PAM_MAX_RESP_SIZE];
|
||||
int i;
|
||||
|
||||
i = read(STDIN_FILENO, newPassword,
|
||||
- sizeof(newPassword) - 1);
|
||||
+ sizeof(newPassword));
|
||||
if (i < 0) {
|
||||
fprintf(stderr,
|
||||
_("%s: error reading from stdin: %s\n"), progname,
|
||||
strerror(errno));
|
||||
exit(1);
|
||||
}
|
||||
+ if (i == sizeof(newPassword)) {
|
||||
+ if (newPassword[i - 1] != '\n') {
|
||||
+ fprintf(stderr,
|
||||
+ _("%s: password too long, maximum is %zu"),
|
||||
+ progname, sizeof(newPassword) - 1);
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ i--;
|
||||
+ }
|
||||
|
||||
newPassword[i] = '\0';
|
||||
ptr = strchr(newPassword, '\n');
|
||||
18
passwd.spec
18
passwd.spec
@ -6,20 +6,24 @@
|
||||
%endif
|
||||
Summary: An utility for setting or changing passwords using PAM
|
||||
Name: passwd
|
||||
Version: 0.79
|
||||
Release: 15%{?dist}
|
||||
Version: 0.80
|
||||
Release: 1%{?dist}
|
||||
License: BSD or GPL+
|
||||
Group: System Environment/Base
|
||||
URL: https://pagure.io/passwd
|
||||
Source: https://releases.pagure.org/passwd/passwd-%{version}.tar.bz2
|
||||
# Upstream changeset ca46cac76757082322d19f736a88cbf81bd70063
|
||||
Patch0: passwd-0.79-stdin-length.patch
|
||||
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
Requires: pam >= 1.0.90, /etc/pam.d/system-auth
|
||||
%if %{WITH_SELINUX}
|
||||
Requires: libselinux >= 2.1.6-3
|
||||
BuildRequires: libselinux-devel >= 2.1.6-3
|
||||
%endif
|
||||
# Provides autoreconf
|
||||
BuildRequires: autoconf
|
||||
# Provides autopoint
|
||||
BuildRequires: gettext-devel
|
||||
# Provides aclocal
|
||||
BuildRequires: automake
|
||||
# https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/IJFYI5Q2BYZKIGDFS2WLOBDUSEGWHIKV/
|
||||
BuildRequires: gcc
|
||||
BuildRequires: glib2-devel, libuser-devel, pam-devel, libuser >= 0.53-1
|
||||
@ -36,7 +40,7 @@ Modules) library.
|
||||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}
|
||||
%patch0 -p1 -b .stdin-length
|
||||
autoreconf -fis -Wall
|
||||
|
||||
%build
|
||||
%configure \
|
||||
@ -76,6 +80,10 @@ done
|
||||
%{_mandir}/man1/passwd.1*
|
||||
|
||||
%changelog
|
||||
* Thu Mar 29 2018 Jiri Kucera <jkucera@redhat.com> - 0.80-1
|
||||
- Update to passwd-0.80
|
||||
Resolves: #1293929
|
||||
|
||||
* Thu Mar 29 2018 Jiri Kucera <jkucera@redhat.com> - 0.79-15
|
||||
- Mercurial changeset ID changed to the corresponding Git
|
||||
changeset ID
|
||||
|
||||
Loading…
Reference in New Issue
Block a user