5 files changed, 54 insertions, 208 deletions
diff --git a/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch b/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch
deleted file mode 100644
index b251ac9056..0000000000
--- a/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch
+++ /dev/null
@@ -1,105 +0,0 @@
-From 47e5dec521ab6243c9b249dd65b93d232d90d6b1 Mon Sep 17 00:00:00 2001
-From: Jan Dittberner <jan@dittberner.info>
-Date: Thu, 25 Aug 2016 17:13:49 +0200
-Subject: [PATCH] Apply patch to fix CVE-2016-6318
-This patch fixes an issue with a stack-based buffer overflow when
-parsing large GECOS field. See
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 and
-https://security-tracker.debian.org/tracker/CVE-2016-6318 for more
-information.
-Upstream-Status: Backport [https://github.com/cracklib/cracklib/commit/47e5dec521ab6243c9b249dd65b93d232d90d6b1]
-CVE: CVE-2016-6318
-Signed-off-by: Dengke Du <dengke.du@windriver.com>
---
- lib/fascist.c | 57 ++++++++++++++++++++++++++++++++-----------------------
- 1 file changed, 33 insertions(+), 24 deletions(-)
-diff --git a/lib/fascist.c b/lib/fascist.c
-index a996509..d4deb15 100644
--- a/lib/fascist.c
-+++ b/lib/fascist.c
-@@ -502,7 +502,7 @@ FascistGecosUser(char *password, const char *user, const char *gecos)
-     char gbuffer[STRINGSIZE];
-     char tbuffer[STRINGSIZE];
-     char *uwords[STRINGSIZE];
-    char longbuffer[STRINGSIZE * 2];
-+    char longbuffer[STRINGSIZE];
- 
-     if (gecos == NULL)
-        gecos = "";
-@@ -583,38 +583,47 @@ FascistGecosUser(char *password, const char *user, const char *gecos)
-     {
-        for (i = 0; i < j; i++)
-        {
-           strcpy(longbuffer, uwords[i]);
-           strcat(longbuffer, uwords[j]);
-
-           if (GTry(longbuffer, password))
-+           if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE)
-            {
-               return _("it is derived from your password entry");
-           }
-+               strcpy(longbuffer, uwords[i]);
-+               strcat(longbuffer, uwords[j]);
- 
-           strcpy(longbuffer, uwords[j]);
-           strcat(longbuffer, uwords[i]);
-+               if (GTry(longbuffer, password))
-+               {
-+                   return _("it is derived from your password entry");
-+               }
- 
-           if (GTry(longbuffer, password))
-           {
-               return _("it's derived from your password entry");
-           }
-+               strcpy(longbuffer, uwords[j]);
-+               strcat(longbuffer, uwords[i]);
- 
-           longbuffer[0] = uwords[i][0];
-           longbuffer[1] = '\0';
-           strcat(longbuffer, uwords[j]);
-+               if (GTry(longbuffer, password))
-+               {
-+                  return _("it's derived from your password entry");
-+               }
-+           }
- 
-           if (GTry(longbuffer, password))
-+           if (strlen(uwords[j]) < STRINGSIZE - 1)
-            {
-               return _("it is derivable from your password entry");
-+               longbuffer[0] = uwords[i][0];
-+               longbuffer[1] = '\0';
-+               strcat(longbuffer, uwords[j]);
-+
-+               if (GTry(longbuffer, password))
-+               {
-+                   return _("it is derivable from your password entry");
-+               }
-            }
- 
-           longbuffer[0] = uwords[j][0];
-           longbuffer[1] = '\0';
-           strcat(longbuffer, uwords[i]);
-
-           if (GTry(longbuffer, password))
-+           if (strlen(uwords[i]) < STRINGSIZE - 1)
-            {
-               return _("it's derivable from your password entry");
-+               longbuffer[0] = uwords[j][0];
-+               longbuffer[1] = '\0';
-+               strcat(longbuffer, uwords[i]);
-+
-+               if (GTry(longbuffer, password))
-+               {
-+                   return _("it's derivable from your password entry");
-+               }
-            }
-        }
-     }
-- 
-2.8.1
diff --git a/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch b/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch
index adbe7dfff4..35229ae890 100644
--- a/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch
+++ b/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch
@@ -1,7 +1,7 @@
-From 8a6e43726ad0ae41bd1cc2c248d91deb31459357 Mon Sep 17 00:00:00 2001
+From aae03b7e626d5f62ab929d51d11352a5a2ff6b2d Mon Sep 17 00:00:00 2001
 From: Lei Maohui <leimaohui@cn.fujitsu.com>
 Date: Tue, 9 Jun 2015 11:11:48 +0900
-Subject: [PATCH] packlib.c: support dictionary byte order dependent
+Subject: [PATCH 1/2] packlib.c: support dictionary byte order dependent
 The previous dict files are NOT byte-order independent, in fact they are
 probably ARCHITECTURE SPECIFIC.
@@ -9,7 +9,7 @@ Create the dict files in big endian, and convert to host endian while
 load them. This could fix the endian issue on multiple platform.
 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
-Upstream-Status: Pending
+Upstream-Status: Submitted [https://github.com/cracklib/cracklib/pull/41]
 We can't use the endian.h, htobe* and be*toh functions because they are
 not available on older versions of glibc, such as that found in RHEL
@@ -22,11 +22,11 @@ Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
 Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
 ---
- lib/packlib.c | 214 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
+ lib/packlib.c | 214 +++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 210 insertions(+), 4 deletions(-)
 diff --git a/lib/packlib.c b/lib/packlib.c
-index f851424..3aac805 100644
+index 9396e1d..d0bb181 100644
 --- a/lib/packlib.c
 +++ b/lib/packlib.c
 @@ -16,6 +16,12 @@
@@ -41,8 +41,8 @@ index f851424..3aac805 100644
 +#include <byteswap.h>
 #include "packer.h"
 
- static const char vers_id[] = "packlib.c : v2.3p2 Alec Muffett 18 May 1993";
+ #define DEBUG 0
-@@ -45,6 +51,185 @@ typedef struct
+@@ -43,6 +49,185 @@ typedef struct
     char data_get[NUMWORDS][MAXWORDLEN];
 } PWDICT64;
 
@@ -228,7 +228,7 @@ index f851424..3aac805 100644
 
 static int
 _PWIsBroken64(FILE *ifp)
-@@ -57,6 +242,7 @@ _PWIsBroken64(FILE *ifp)
+@@ -55,6 +240,7 @@ _PWIsBroken64(FILE *ifp)
        return 0;
     }
 
@@ -236,7 +236,7 @@ index f851424..3aac805 100644
     return (pdesc64.header.pih_magic == PIH_MAGIC);
 }
 
-@@ -149,7 +335,11 @@ PWOpen(prefix, mode)
+@@ -147,7 +333,11 @@ PWOpen(prefix, mode)
        pdesc.header.pih_blocklen = NUMWORDS;
        pdesc.header.pih_numwords = 0;
 
@@ -249,7 +249,7 @@ index f851424..3aac805 100644
     } else
     {
        pdesc.flags &= ~PFOR_WRITE;
-@@ -173,6 +363,7 @@ PWOpen(prefix, mode)
+@@ -171,6 +361,7 @@ PWOpen(prefix, mode)
            return NULL;
        }
 
@@ -257,7 +257,7 @@ index f851424..3aac805 100644
         if ((pdesc.header.pih_magic == 0) || (pdesc.header.pih_numwords == 0))
         {
             /* uh-oh. either a broken "64-bit" file or a garbage file. */
-@@ -195,6 +386,7 @@ PWOpen(prefix, mode)
+@@ -193,6 +384,7 @@ PWOpen(prefix, mode)
                }
                 return NULL;
             }
@@ -265,7 +265,7 @@ index f851424..3aac805 100644
             if (pdesc64.header.pih_magic != PIH_MAGIC)
             {
                 /* nope, not "64-bit" after all */
-@@ -290,6 +482,7 @@ PWOpen(prefix, mode)
+@@ -288,6 +480,7 @@ PWOpen(prefix, mode)
                 {
                     pdesc.flags &= ~PFOR_USEHWMS;
                 }
@@ -273,7 +273,7 @@ index f851424..3aac805 100644
                 for (i = 0; i < sizeof(pdesc.hwms) / sizeof(pdesc.hwms[0]); i++)
                 {
                     pdesc.hwms[i] = pdesc64.hwms[i];
-@@ -299,6 +492,7 @@ PWOpen(prefix, mode)
+@@ -297,6 +490,7 @@ PWOpen(prefix, mode)
            {
                pdesc.flags &= ~PFOR_USEHWMS;
            }
@@ -281,7 +281,7 @@ index f851424..3aac805 100644
 #if DEBUG
             for (i=1; i<=0xff; i++)
             {
-@@ -332,7 +526,11 @@ PWClose(pwp)
+@@ -330,7 +524,11 @@ PWClose(pwp)
            return (-1);
        }
 
@@ -294,7 +294,7 @@ index f851424..3aac805 100644
        {
            fprintf(stderr, "index magic fwrite failed\n");
            return (-1);
-@@ -351,7 +549,12 @@ PWClose(pwp)
+@@ -349,7 +547,12 @@ PWClose(pwp)
                printf("hwm[%02x] = %d\n", i, pwp->hwms[i]);
 #endif
            }
@@ -303,12 +303,12 @@ index f851424..3aac805 100644
 +           PWDICT tmp_pwp;
 +
 +           memcpy(&tmp_pwp, pwp, sizeof(PWDICT));
-+           HwmsHostToBigEndian(tmp_pwp.hwms, sizeof(tmp_pwp.hwms), en_is32);
+           HwmsHostToBigEndian((char *)tmp_pwp.hwms, sizeof(tmp_pwp.hwms), en_is32);
 +           fwrite(tmp_pwp.hwms, 1, sizeof(tmp_pwp.hwms), pwp->wfp);
        }
     }
 
-@@ -405,7 +608,8 @@ PutPW(pwp, string)
+@@ -403,7 +606,8 @@ PutPW(pwp, string)
 
        datum = (uint32_t) ftell(pwp->dfp);
 
@@ -317,8 +317,8 @@ index f851424..3aac805 100644
 +       fwrite((char *) &tmpdatum, sizeof(tmpdatum), 1, pwp->ifp);
 
        fputs(pwp->data_put[0], pwp->dfp);
-        putc(0, pwp->dfp);
+        putc(0, (FILE*) pwp->dfp);
-@@ -464,6 +668,7 @@ GetPW(pwp, number)
+@@ -462,6 +666,7 @@ GetPW(pwp, number)
            perror("(index fread failed)");
            return NULL;
        }
@@ -326,7 +326,7 @@ index f851424..3aac805 100644
        datum = datum64;
     } else {
        if (fseek(pwp->ifp, sizeof(struct pi_header) + (thisblock * sizeof(uint32_t)), 0))
-@@ -477,6 +682,7 @@ GetPW(pwp, number)
+@@ -475,6 +680,7 @@ GetPW(pwp, number)
            perror("(index fread failed)");
            return NULL;
        }
@@ -335,5 +335,5 @@ index f851424..3aac805 100644
 
        int r = 1;
 -- 
-1.8.4.2
+2.20.1
diff --git a/meta/recipes-extended/cracklib/cracklib/0002-craklib-fix-testnum-and-teststr-failed.patch b/meta/recipes-extended/cracklib/cracklib/0002-craklib-fix-testnum-and-teststr-failed.patch
deleted file mode 100644
index 6210e82121..0000000000
--- a/meta/recipes-extended/cracklib/cracklib/0002-craklib-fix-testnum-and-teststr-failed.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 06f9a88b5dd5597f9198ea0cb34f5e96f180e6e3 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Sat, 27 Apr 2013 16:02:30 +0800
-Subject: [PATCH] craklib:fix testnum and teststr failed
-Error log:
-...
-$ ./testnum
-(null).pwd.gz: No such file or directory
-PWOpen: No such file or directory
-$ ./util/teststr
-(null).pwd.gz: No such file or directory
-PWOpen: No such file or directory
-...
-Set DEFAULT_CRACKLIB_DICT as the path of  PWOpen
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
-Upstream-Status: Pending
---
- util/testnum.c |    2 +-
- util/teststr.c |    2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-diff --git a/util/testnum.c b/util/testnum.c
-index ae2246d..ca210ff 100644
--- a/util/testnum.c
-+++ b/util/testnum.c
-@@ -20,7 +20,7 @@ main ()
-     PWDICT *pwp;
-     char buffer[STRINGSIZE];
- 
-    if (!(pwp = PWOpen (NULL, "r")))
-+    if (!(pwp = PWOpen (DEFAULT_CRACKLIB_DICT, "r")))
-     {
-        perror ("PWOpen");
-        return (-1);
-diff --git a/util/teststr.c b/util/teststr.c
-index 2a31fa4..9fb9cda 100644
--- a/util/teststr.c
-+++ b/util/teststr.c
-@@ -15,7 +15,7 @@ main ()
-     PWDICT *pwp;
-     char buffer[STRINGSIZE];
- 
-    if (!(pwp = PWOpen (NULL, "r")))
-+    if (!(pwp = PWOpen (DEFAULT_CRACKLIB_DICT, "r")))
-     {
-        perror ("PWOpen");
-        return (-1);
-- 
-1.7.10.4
diff --git a/meta/recipes-extended/cracklib/cracklib_2.9.11.bb b/meta/recipes-extended/cracklib/cracklib_2.9.11.bb
new file mode 100644
index 0000000000..34ef2b65a1
--- /dev/null
+++ b/meta/recipes-extended/cracklib/cracklib_2.9.11.bb
@@ -0,0 +1,33 @@
+SUMMARY = "Password strength checker library"
+HOMEPAGE = "https://github.com/cracklib/cracklib"
+DESCRIPTION = "${SUMMARY}"
+LICENSE = "LGPL-2.1-or-later"
+LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=e3eda01d9815f8d24aae2dbd89b68b06"
+DEPENDS = "cracklib-native zlib"
+EXTRA_OECONF = "--without-python --libdir=${base_libdir}"
+SRC_URI = "git://github.com/cracklib/cracklib;protocol=https;branch=main \
+           file://0001-packlib.c-support-dictionary-byte-order-dependent.patch \
+           "
+SRCREV = "4cf5125250c6325ef0a2dc085eabff875227edc3"
+S = "${WORKDIR}/git/src"
+inherit autotools gettext
+# This is custom stuff from upstream's autogen.sh
+do_configure:prepend() {
+    mkdir -p ${S}/m4
+    echo EXTRA_DIST = *.m4 > ${S}/m4/Makefile.am
+    touch ${S}/ABOUT-NLS
+}
+do_install:append:class-target() {
+        create-cracklib-dict -o ${D}${datadir}/cracklib/pw_dict ${D}${datadir}/cracklib/cracklib-small
+}
+BBCLASSEXTEND = "native nativesdk"
diff --git a/meta/recipes-extended/cracklib/cracklib_2.9.5.bb b/meta/recipes-extended/cracklib/cracklib_2.9.5.bb
deleted file mode 100644
index 82995219dc..0000000000
--- a/meta/recipes-extended/cracklib/cracklib_2.9.5.bb
+++ /dev/null
@@ -1,29 +0,0 @@
-SUMMARY = "Password strength checker library"
-HOMEPAGE = "http://sourceforge.net/projects/cracklib"
-LICENSE = "LGPLv2.1+"
-LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=e3eda01d9815f8d24aae2dbd89b68b06"
-DEPENDS = "cracklib-native zlib"
-EXTRA_OECONF = "--without-python --libdir=${base_libdir}"
-SRC_URI = "${SOURCEFORGE_MIRROR}/cracklib/cracklib-${PV}.tar.gz \
-           file://0001-packlib.c-support-dictionary-byte-order-dependent.patch \
-           file://0001-Apply-patch-to-fix-CVE-2016-6318.patch \
-           file://0002-craklib-fix-testnum-and-teststr-failed.patch"
-SRC_URI[md5sum] = "376790a95c1fb645e59e6e9803c78582"
-SRC_URI[sha256sum] = "59ab0138bc8cf90cccb8509b6969a024d5e58d2d02bcbdccbb9ba9b88be3fa33"
-UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/cracklib/files/cracklib/"
-UPSTREAM_CHECK_REGEX = "/cracklib/(?P<pver>(\d+[\.\-_]*)+)/"
-inherit autotools gettext
-do_install_append_class-target() {
-        create-cracklib-dict -o ${D}${datadir}/cracklib/pw_dict ${D}${datadir}/cracklib/cracklib-small
-}
-BBCLASSEXTEND = "native nativesdk"

diff --git a/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch b/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch deleted file mode 100644 index b251ac9056..0000000000 --- a/meta/recipes-extended/cracklib/cracklib/0001-Apply-patch-to-fix-CVE-2016-6318.patch +++ /dev/null
@@ -1,105 +0,0 @@
1	From 47e5dec521ab6243c9b249dd65b93d232d90d6b1 Mon Sep 17 00:00:00 2001
2	From: Jan Dittberner <jan@dittberner.info>
3	Date: Thu, 25 Aug 2016 17:13:49 +0200
4	Subject: [PATCH] Apply patch to fix CVE-2016-6318
5
6	This patch fixes an issue with a stack-based buffer overflow when
7	parsing large GECOS field. See
8	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6318 and
9	https://security-tracker.debian.org/tracker/CVE-2016-6318 for more
10	information.
11
12	Upstream-Status: Backport [https://github.com/cracklib/cracklib/commit/47e5dec521ab6243c9b249dd65b93d232d90d6b1]
13	CVE: CVE-2016-6318
14	Signed-off-by: Dengke Du <dengke.du@windriver.com>
15	---
16	lib/fascist.c \| 57 ++++++++++++++++++++++++++++++++-----------------------
17	1 file changed, 33 insertions(+), 24 deletions(-)
18
19	diff --git a/lib/fascist.c b/lib/fascist.c
20	index a996509..d4deb15 100644
21	--- a/lib/fascist.c
22	+++ b/lib/fascist.c
23	@@ -502,7 +502,7 @@ FascistGecosUser(char password, const char user, const char *gecos)
24	char gbuffer[STRINGSIZE];
25	char tbuffer[STRINGSIZE];
26	char *uwords[STRINGSIZE];
27	- char longbuffer[STRINGSIZE * 2];
28	+ char longbuffer[STRINGSIZE];
29
30	if (gecos == NULL)
31	gecos = "";
32	@@ -583,38 +583,47 @@ FascistGecosUser(char password, const char user, const char *gecos)
33	{
34	for (i = 0; i < j; i++)
35	{
36	- strcpy(longbuffer, uwords[i]);
37	- strcat(longbuffer, uwords[j]);
38	-
39	- if (GTry(longbuffer, password))
40	+ if (strlen(uwords[i]) + strlen(uwords[j]) < STRINGSIZE)
41	{
42	- return _("it is derived from your password entry");
43	- }
44	+ strcpy(longbuffer, uwords[i]);
45	+ strcat(longbuffer, uwords[j]);
46
47	- strcpy(longbuffer, uwords[j]);
48	- strcat(longbuffer, uwords[i]);
49	+ if (GTry(longbuffer, password))
50	+ {
51	+ return _("it is derived from your password entry");
52	+ }
53
54	- if (GTry(longbuffer, password))
55	- {
56	- return _("it's derived from your password entry");
57	- }
58	+ strcpy(longbuffer, uwords[j]);
59	+ strcat(longbuffer, uwords[i]);
60
61	- longbuffer[0] = uwords[i][0];
62	- longbuffer[1] = '\0';
63	- strcat(longbuffer, uwords[j]);
64	+ if (GTry(longbuffer, password))
65	+ {
66	+ return _("it's derived from your password entry");
67	+ }
68	+ }
69
70	- if (GTry(longbuffer, password))
71	+ if (strlen(uwords[j]) < STRINGSIZE - 1)
72	{
73	- return _("it is derivable from your password entry");
74	+ longbuffer[0] = uwords[i][0];
75	+ longbuffer[1] = '\0';
76	+ strcat(longbuffer, uwords[j]);
77	+
78	+ if (GTry(longbuffer, password))
79	+ {
80	+ return _("it is derivable from your password entry");
81	+ }
82	}
83
84	- longbuffer[0] = uwords[j][0];
85	- longbuffer[1] = '\0';
86	- strcat(longbuffer, uwords[i]);
87	-
88	- if (GTry(longbuffer, password))
89	+ if (strlen(uwords[i]) < STRINGSIZE - 1)
90	{
91	- return _("it's derivable from your password entry");
92	+ longbuffer[0] = uwords[j][0];
93	+ longbuffer[1] = '\0';
94	+ strcat(longbuffer, uwords[i]);
95	+
96	+ if (GTry(longbuffer, password))
97	+ {
98	+ return _("it's derivable from your password entry");
99	+ }
100	}
101	}
102	}
103	--
104	2.8.1
105


diff --git a/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch b/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch index adbe7dfff4..35229ae890 100644 --- a/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch +++ b/meta/recipes-extended/cracklib/cracklib/0001-packlib.c-support-dictionary-byte-order-dependent.patch
@@ -1,7 +1,7 @@
1	From 8a6e43726ad0ae41bd1cc2c248d91deb31459357 Mon Sep 17 00:00:00 2001	1	From aae03b7e626d5f62ab929d51d11352a5a2ff6b2d Mon Sep 17 00:00:00 2001
2	From: Lei Maohui <leimaohui@cn.fujitsu.com>	2	From: Lei Maohui <leimaohui@cn.fujitsu.com>
3	Date: Tue, 9 Jun 2015 11:11:48 +0900	3	Date: Tue, 9 Jun 2015 11:11:48 +0900
4	Subject: [PATCH] packlib.c: support dictionary byte order dependent	4	Subject: [PATCH 1/2] packlib.c: support dictionary byte order dependent
5		5
6	The previous dict files are NOT byte-order independent, in fact they are	6	The previous dict files are NOT byte-order independent, in fact they are
7	probably ARCHITECTURE SPECIFIC.	7	probably ARCHITECTURE SPECIFIC.
@@ -9,7 +9,7 @@ Create the dict files in big endian, and convert to host endian while
9	load them. This could fix the endian issue on multiple platform.	9	load them. This could fix the endian issue on multiple platform.
10		10
11	Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>	11	Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
12	Upstream-Status: Pending	12	Upstream-Status: Submitted [https://github.com/cracklib/cracklib/pull/41]
13		13
14	We can't use the endian.h, htobe* and be*toh functions because they are	14	We can't use the endian.h, htobe* and be*toh functions because they are
15	not available on older versions of glibc, such as that found in RHEL	15	not available on older versions of glibc, such as that found in RHEL
@@ -22,11 +22,11 @@ Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
22		22
23	Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>	23	Signed-off-by: Lei Maohui <leimaohui@cn.fujitsu.com>
24	---	24	---
25	lib/packlib.c \| 214 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++--	25	lib/packlib.c \| 214 +++++++++++++++++++++++++++++++++++++++++++++-
26	1 file changed, 210 insertions(+), 4 deletions(-)	26	1 file changed, 210 insertions(+), 4 deletions(-)
27		27
28	diff --git a/lib/packlib.c b/lib/packlib.c	28	diff --git a/lib/packlib.c b/lib/packlib.c
29	index f851424..3aac805 100644	29	index 9396e1d..d0bb181 100644
30	--- a/lib/packlib.c	30	--- a/lib/packlib.c
31	+++ b/lib/packlib.c	31	+++ b/lib/packlib.c
32	@@ -16,6 +16,12 @@	32	@@ -16,6 +16,12 @@
@@ -41,8 +41,8 @@ index f851424..3aac805 100644
41	+#include <byteswap.h>	41	+#include <byteswap.h>
42	#include "packer.h"	42	#include "packer.h"
43		43
44	static const char vers_id[] = "packlib.c : v2.3p2 Alec Muffett 18 May 1993";	44	#define DEBUG 0
45	@@ -45,6 +51,185 @@ typedef struct	45	@@ -43,6 +49,185 @@ typedef struct
46	char data_get[NUMWORDS][MAXWORDLEN];	46	char data_get[NUMWORDS][MAXWORDLEN];
47	} PWDICT64;	47	} PWDICT64;
48		48
@@ -228,7 +228,7 @@ index f851424..3aac805 100644
228		228
229	static int	229	static int
230	_PWIsBroken64(FILE *ifp)	230	_PWIsBroken64(FILE *ifp)
231	@@ -57,6 +242,7 @@ _PWIsBroken64(FILE *ifp)	231	@@ -55,6 +240,7 @@ _PWIsBroken64(FILE *ifp)
232	return 0;	232	return 0;
233	}	233	}
234		234
@@ -236,7 +236,7 @@ index f851424..3aac805 100644
236	return (pdesc64.header.pih_magic == PIH_MAGIC);	236	return (pdesc64.header.pih_magic == PIH_MAGIC);
237	}	237	}
238		238
239	@@ -149,7 +335,11 @@ PWOpen(prefix, mode)	239	@@ -147,7 +333,11 @@ PWOpen(prefix, mode)
240	pdesc.header.pih_blocklen = NUMWORDS;	240	pdesc.header.pih_blocklen = NUMWORDS;
241	pdesc.header.pih_numwords = 0;	241	pdesc.header.pih_numwords = 0;
242		242
@@ -249,7 +249,7 @@ index f851424..3aac805 100644
249	} else	249	} else
250	{	250	{
251	pdesc.flags &= ~PFOR_WRITE;	251	pdesc.flags &= ~PFOR_WRITE;
252	@@ -173,6 +363,7 @@ PWOpen(prefix, mode)	252	@@ -171,6 +361,7 @@ PWOpen(prefix, mode)
253	return NULL;	253	return NULL;
254	}	254	}
255		255
@@ -257,7 +257,7 @@ index f851424..3aac805 100644
257	if ((pdesc.header.pih_magic == 0) \|\| (pdesc.header.pih_numwords == 0))	257	if ((pdesc.header.pih_magic == 0) \|\| (pdesc.header.pih_numwords == 0))
258	{	258	{
259	/* uh-oh. either a broken "64-bit" file or a garbage file. */	259	/* uh-oh. either a broken "64-bit" file or a garbage file. */
260	@@ -195,6 +386,7 @@ PWOpen(prefix, mode)	260	@@ -193,6 +384,7 @@ PWOpen(prefix, mode)
261	}	261	}
262	return NULL;	262	return NULL;
263	}	263	}
@@ -265,7 +265,7 @@ index f851424..3aac805 100644
265	if (pdesc64.header.pih_magic != PIH_MAGIC)	265	if (pdesc64.header.pih_magic != PIH_MAGIC)
266	{	266	{
267	/* nope, not "64-bit" after all */	267	/* nope, not "64-bit" after all */
268	@@ -290,6 +482,7 @@ PWOpen(prefix, mode)	268	@@ -288,6 +480,7 @@ PWOpen(prefix, mode)
269	{	269	{
270	pdesc.flags &= ~PFOR_USEHWMS;	270	pdesc.flags &= ~PFOR_USEHWMS;
271	}	271	}
@@ -273,7 +273,7 @@ index f851424..3aac805 100644
273	for (i = 0; i < sizeof(pdesc.hwms) / sizeof(pdesc.hwms[0]); i++)	273	for (i = 0; i < sizeof(pdesc.hwms) / sizeof(pdesc.hwms[0]); i++)
274	{	274	{
275	pdesc.hwms[i] = pdesc64.hwms[i];	275	pdesc.hwms[i] = pdesc64.hwms[i];
276	@@ -299,6 +492,7 @@ PWOpen(prefix, mode)	276	@@ -297,6 +490,7 @@ PWOpen(prefix, mode)
277	{	277	{
278	pdesc.flags &= ~PFOR_USEHWMS;	278	pdesc.flags &= ~PFOR_USEHWMS;
279	}	279	}
@@ -281,7 +281,7 @@ index f851424..3aac805 100644
281	#if DEBUG	281	#if DEBUG
282	for (i=1; i<=0xff; i++)	282	for (i=1; i<=0xff; i++)
283	{	283	{
284	@@ -332,7 +526,11 @@ PWClose(pwp)	284	@@ -330,7 +524,11 @@ PWClose(pwp)
285	return (-1);	285	return (-1);
286	}	286	}
287		287
@@ -294,7 +294,7 @@ index f851424..3aac805 100644
294	{	294	{
295	fprintf(stderr, "index magic fwrite failed\n");	295	fprintf(stderr, "index magic fwrite failed\n");
296	return (-1);	296	return (-1);
297	@@ -351,7 +549,12 @@ PWClose(pwp)	297	@@ -349,7 +547,12 @@ PWClose(pwp)
298	printf("hwm[%02x] = %d\n", i, pwp->hwms[i]);	298	printf("hwm[%02x] = %d\n", i, pwp->hwms[i]);
299	#endif	299	#endif
300	}	300	}
@@ -303,12 +303,12 @@ index f851424..3aac805 100644
303	+ PWDICT tmp_pwp;	303	+ PWDICT tmp_pwp;
304	+	304	+
305	+ memcpy(&tmp_pwp, pwp, sizeof(PWDICT));	305	+ memcpy(&tmp_pwp, pwp, sizeof(PWDICT));
306	+ HwmsHostToBigEndian(tmp_pwp.hwms, sizeof(tmp_pwp.hwms), en_is32);	306	+ HwmsHostToBigEndian((char *)tmp_pwp.hwms, sizeof(tmp_pwp.hwms), en_is32);
307	+ fwrite(tmp_pwp.hwms, 1, sizeof(tmp_pwp.hwms), pwp->wfp);	307	+ fwrite(tmp_pwp.hwms, 1, sizeof(tmp_pwp.hwms), pwp->wfp);
308	}	308	}
309	}	309	}
310		310
311	@@ -405,7 +608,8 @@ PutPW(pwp, string)	311	@@ -403,7 +606,8 @@ PutPW(pwp, string)
312		312
313	datum = (uint32_t) ftell(pwp->dfp);	313	datum = (uint32_t) ftell(pwp->dfp);
314		314
@@ -317,8 +317,8 @@ index f851424..3aac805 100644
317	+ fwrite((char *) &tmpdatum, sizeof(tmpdatum), 1, pwp->ifp);	317	+ fwrite((char *) &tmpdatum, sizeof(tmpdatum), 1, pwp->ifp);
318		318
319	fputs(pwp->data_put[0], pwp->dfp);	319	fputs(pwp->data_put[0], pwp->dfp);
320	putc(0, pwp->dfp);	320	putc(0, (FILE*) pwp->dfp);
321	@@ -464,6 +668,7 @@ GetPW(pwp, number)	321	@@ -462,6 +666,7 @@ GetPW(pwp, number)
322	perror("(index fread failed)");	322	perror("(index fread failed)");
323	return NULL;	323	return NULL;
324	}	324	}
@@ -326,7 +326,7 @@ index f851424..3aac805 100644
326	datum = datum64;	326	datum = datum64;
327	} else {	327	} else {
328	if (fseek(pwp->ifp, sizeof(struct pi_header) + (thisblock * sizeof(uint32_t)), 0))	328	if (fseek(pwp->ifp, sizeof(struct pi_header) + (thisblock * sizeof(uint32_t)), 0))
329	@@ -477,6 +682,7 @@ GetPW(pwp, number)	329	@@ -475,6 +680,7 @@ GetPW(pwp, number)
330	perror("(index fread failed)");	330	perror("(index fread failed)");
331	return NULL;	331	return NULL;
332	}	332	}
@@ -335,5 +335,5 @@ index f851424..3aac805 100644
335		335
336	int r = 1;	336	int r = 1;
337	--	337	--
338	1.8.4.2	338	2.20.1
339		339


diff --git a/meta/recipes-extended/cracklib/cracklib/0002-craklib-fix-testnum-and-teststr-failed.patch b/meta/recipes-extended/cracklib/cracklib/0002-craklib-fix-testnum-and-teststr-failed.patch deleted file mode 100644 index 6210e82121..0000000000 --- a/meta/recipes-extended/cracklib/cracklib/0002-craklib-fix-testnum-and-teststr-failed.patch +++ /dev/null
@@ -1,53 +0,0 @@
1	From 06f9a88b5dd5597f9198ea0cb34f5e96f180e6e3 Mon Sep 17 00:00:00 2001
2	From: Hongxu Jia <hongxu.jia@windriver.com>
3	Date: Sat, 27 Apr 2013 16:02:30 +0800
4	Subject: [PATCH] craklib:fix testnum and teststr failed
5
6	Error log:
7	...
8	$ ./testnum
9	(null).pwd.gz: No such file or directory
10	PWOpen: No such file or directory
11
12	$ ./util/teststr
13	(null).pwd.gz: No such file or directory
14	PWOpen: No such file or directory
15	...
16	Set DEFAULT_CRACKLIB_DICT as the path of PWOpen
17
18	Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
19	Upstream-Status: Pending
20	---
21	util/testnum.c \| 2 +-
22	util/teststr.c \| 2 +-
23	2 files changed, 2 insertions(+), 2 deletions(-)
24
25	diff --git a/util/testnum.c b/util/testnum.c
26	index ae2246d..ca210ff 100644
27	--- a/util/testnum.c
28	+++ b/util/testnum.c
29	@@ -20,7 +20,7 @@ main ()
30	PWDICT *pwp;
31	char buffer[STRINGSIZE];
32
33	- if (!(pwp = PWOpen (NULL, "r")))
34	+ if (!(pwp = PWOpen (DEFAULT_CRACKLIB_DICT, "r")))
35	{
36	perror ("PWOpen");
37	return (-1);
38	diff --git a/util/teststr.c b/util/teststr.c
39	index 2a31fa4..9fb9cda 100644
40	--- a/util/teststr.c
41	+++ b/util/teststr.c
42	@@ -15,7 +15,7 @@ main ()
43	PWDICT *pwp;
44	char buffer[STRINGSIZE];
45
46	- if (!(pwp = PWOpen (NULL, "r")))
47	+ if (!(pwp = PWOpen (DEFAULT_CRACKLIB_DICT, "r")))
48	{
49	perror ("PWOpen");
50	return (-1);
51	--
52	1.7.10.4
53


diff --git a/meta/recipes-extended/cracklib/cracklib_2.9.11.bb b/meta/recipes-extended/cracklib/cracklib_2.9.11.bb new file mode 100644 index 0000000000..34ef2b65a1 --- /dev/null +++ b/meta/recipes-extended/cracklib/cracklib_2.9.11.bb
@@ -0,0 +1,33 @@
		1	SUMMARY = "Password strength checker library"
		2	HOMEPAGE = "https://github.com/cracklib/cracklib"
		3	DESCRIPTION = "${SUMMARY}"
		4
		5	LICENSE = "LGPL-2.1-or-later"
		6	LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=e3eda01d9815f8d24aae2dbd89b68b06"
		7
		8	DEPENDS = "cracklib-native zlib"
		9
		10	EXTRA_OECONF = "--without-python --libdir=${base_libdir}"
		11
		12	SRC_URI = "git://github.com/cracklib/cracklib;protocol=https;branch=main \
		13	file://0001-packlib.c-support-dictionary-byte-order-dependent.patch \
		14	"
		15
		16	SRCREV = "4cf5125250c6325ef0a2dc085eabff875227edc3"
		17	S = "${WORKDIR}/git/src"
		18
		19	inherit autotools gettext
		20
		21	# This is custom stuff from upstream's autogen.sh
		22	do_configure:prepend() {
		23	mkdir -p ${S}/m4
		24	echo EXTRA_DIST = *.m4 > ${S}/m4/Makefile.am
		25	touch ${S}/ABOUT-NLS
		26	}
		27
		28	do_install:append:class-target() {
		29	create-cracklib-dict -o ${D}${datadir}/cracklib/pw_dict ${D}${datadir}/cracklib/cracklib-small
		30	}
		31
		32	BBCLASSEXTEND = "native nativesdk"
		33


diff --git a/meta/recipes-extended/cracklib/cracklib_2.9.5.bb b/meta/recipes-extended/cracklib/cracklib_2.9.5.bb deleted file mode 100644 index 82995219dc..0000000000 --- a/meta/recipes-extended/cracklib/cracklib_2.9.5.bb +++ /dev/null
@@ -1,29 +0,0 @@
1	SUMMARY = "Password strength checker library"
2	HOMEPAGE = "http://sourceforge.net/projects/cracklib"
3
4	LICENSE = "LGPLv2.1+"
5	LIC_FILES_CHKSUM = "file://COPYING.LIB;md5=e3eda01d9815f8d24aae2dbd89b68b06"
6
7	DEPENDS = "cracklib-native zlib"
8
9	EXTRA_OECONF = "--without-python --libdir=${base_libdir}"
10
11	SRC_URI = "${SOURCEFORGE_MIRROR}/cracklib/cracklib-${PV}.tar.gz \
12	file://0001-packlib.c-support-dictionary-byte-order-dependent.patch \
13	file://0001-Apply-patch-to-fix-CVE-2016-6318.patch \
14	file://0002-craklib-fix-testnum-and-teststr-failed.patch"
15
16	SRC_URI[md5sum] = "376790a95c1fb645e59e6e9803c78582"
17	SRC_URI[sha256sum] = "59ab0138bc8cf90cccb8509b6969a024d5e58d2d02bcbdccbb9ba9b88be3fa33"
18
19	UPSTREAM_CHECK_URI = "http://sourceforge.net/projects/cracklib/files/cracklib/"
20	UPSTREAM_CHECK_REGEX = "/cracklib/(?P<pver>(\d+[\.\-_]*)+)/"
21
22	inherit autotools gettext
23
24	do_install_append_class-target() {
25	create-cracklib-dict -o ${D}${datadir}/cracklib/pw_dict ${D}${datadir}/cracklib/cracklib-small
26	}
27
28	BBCLASSEXTEND = "native nativesdk"
29