Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cracklib: 2.9.6 -> 2.9.7, generate dictionary from wordlists #56805

Merged
merged 3 commits into from Apr 5, 2019
Merged

cracklib: 2.9.6 -> 2.9.7, generate dictionary from wordlists #56805

merged 3 commits into from Apr 5, 2019

Conversation

dtzWill
Copy link
Member

@dtzWill dtzWill commented Mar 4, 2019

Motivation for this change

Fixes #56179.

Dictionary is generated from optionally-specified (override'able)
list of files to include.

This isn't entirely optimal
(dictionary changes will trigger rebuild, and many packages depending)
but provides better default behavior and can be improved in the future
should that be found to be warranted.

Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Assured whether relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@dtzWill
cracklib: 2.9.6 -> 2.9.7
a3eccfd 
https://github.com/cracklib/cracklib/releases/tag/v2.9.7

I haven't looked into the details but notes mention:

> apply patch to fix CVE-2016-6318 Stack-based buffer overflow when parsing large GECOS field
> fix a buffer overflow processing long words
@dtzWill
cracklib: build default dictionary, run test
8867dfd
@dtzWill
cracklib: add wordlist from upstream, generate default dict with it
66dae3b
@dtzWill dtzWill changed the title cracklist: 2.9.6 -> 2.9.7, generate dictionary from wordlists cracklib: 2.9.6 -> 2.9.7, generate dictionary from wordlists Mar 4, 2019
@hedning hedning mentioned this pull request Mar 29, 2019
Merged
28 tasks
@worldofpeace
Copy link
Contributor

@hedning Looks like we needed a share/cracklib/pw_dict.pwd.gz?

Output of this build is

result
├── bin
│   ├── cracklib-check
│   ├── cracklib-format
│   ├── cracklib-packer
│   ├── cracklib-unpacker
│   └── create-cracklib-dict
├── include
│   ├── crack.h
│   └── packer.h
├── lib
│   ├── libcrack.la
│   ├── libcrack.so -> libcrack.so.2.9.0
│   ├── libcrack.so.2 -> libcrack.so.2.9.0
│   └── libcrack.so.2.9.0
├── sbin -> bin
└── share
    ├── cracklib
    │   ├── cracklib.magic
    │   ├── cracklib-small
    │   ├── pw_dict.hwm
    │   ├── pw_dict.pwd
    │   └── pw_dict.pwi
...(locales excluded)

@hedning
Copy link
Contributor

hedning commented Mar 30, 2019

Not sure why it complains about the .gz file, the fix seems to work (at least echo foobar | cracklib-check complains about the .gz file without the fix, but works with it).

@jtojnar
Copy link
Contributor

jtojnar commented Apr 2, 2019

Not sure why it complains about the .gz file, the fix seems to work (at least echo foobar | cracklib-check complains about the .gz file without the fix, but works with it).

That is just due to the way the code is structured:

https://github.com/cracklib/cracklib/blob/a1379d0081e14958b2ada6dcc1fcb7f128e4bd94/src/lib/packlib.c#L96-L106

@hedning
Copy link
Contributor

hedning commented Apr 2, 2019

Picked this into #57027 btw.

@jtojnar
Copy link
Contributor

jtojnar commented Apr 5, 2019

Let’s merge.

@jtojnar jtojnar merged commit 79b3d1b into NixOS:staging Apr 5, 2019
@lopsided98
Copy link
Contributor

lopsided98 commented Apr 17, 2019
edited

This broke the cross build:

create-cracklib-dict "."/dicts/*
/nix/store/yjkch3aia9ny4dq42dbcjrdwqb1y8c33-bash-4.4-p23/bin/bash: line 4: create-cracklib-dict: command not found

Adding buildPackages.cracklib to nativeBuildInputs gets a little further, but it still needs more debugging.

@lopsided98 lopsided98 mentioned this pull request Apr 18, 2019
Merged
10 tasks
@lopsided98
Copy link
Contributor

See #59802

@dtzWill dtzWill deleted the update/cracklib-2.9.7 branch April 29, 2019 17:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lovek323 lovek323 Awaiting requested review from lovek323

Assignees
No one assigned
Labels
8.has: package (update) 10.rebuild-darwin: 1-10 10.rebuild-linux: 501+ 10.rebuild-linux: 5001+
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@dtzWill @worldofpeace @hedning @jtojnar @lopsided98 @infinisil @GrahamcOfBorg