From a3eccfd5b0a77f1ea040bb125d28743475c2c595 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Sun, 3 Mar 2019 22:37:13 -0600 Subject: [PATCH 1/3] cracklib: 2.9.6 -> 2.9.7 https://github.com/cracklib/cracklib/releases/tag/v2.9.7 I haven't looked into the details but notes mention: > apply patch to fix CVE-2016-6318 Stack-based buffer overflow when parsing large GECOS field > fix a buffer overflow processing long words --- pkgs/development/libraries/cracklib/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/cracklib/default.nix b/pkgs/development/libraries/cracklib/default.nix index b75f03fab7c7..a2670bff6b7a 100644 --- a/pkgs/development/libraries/cracklib/default.nix +++ b/pkgs/development/libraries/cracklib/default.nix @@ -1,11 +1,12 @@ { stdenv, fetchurl, zlib, gettext }: stdenv.mkDerivation rec { - name = "cracklib-2.9.6"; + pname = "cracklib"; + version = "2.9.7"; src = fetchurl { - url = "https://github.com/cracklib/cracklib/releases/download/${name}/${name}.tar.gz"; - sha256 = "0hrkb0prf7n92w6rxgq0ilzkk6rkhpys2cfqkrbzswp27na7dkqp"; + url = "https://github.com/${pname}/${pname}/releases/download/v${version}/${pname}-${version}.tar.bz2"; + sha256 = "1rimpjsdnmw8f5b7k558cic41p2qy2n2yrlqp5vh7mp4162hk0py"; }; buildInputs = [ zlib gettext ]; From 8867dfd0161a084657275946e67fb80586d4ea01 Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Sun, 3 Mar 2019 23:17:20 -0600 Subject: [PATCH 2/3] cracklib: build default dictionary, run test --- pkgs/development/libraries/cracklib/default.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/pkgs/development/libraries/cracklib/default.nix b/pkgs/development/libraries/cracklib/default.nix index a2670bff6b7a..a761582f1c20 100644 --- a/pkgs/development/libraries/cracklib/default.nix +++ b/pkgs/development/libraries/cracklib/default.nix @@ -1,5 +1,6 @@ { stdenv, fetchurl, zlib, gettext }: +# TODO: wordlist? https://github.com/cracklib/cracklib/releases/download/v2.9.7/cracklib-words-2.9.7.gz is a start! stdenv.mkDerivation rec { pname = "cracklib"; version = "2.9.7"; @@ -11,6 +12,17 @@ stdenv.mkDerivation rec { buildInputs = [ zlib gettext ]; + postPatch = '' + chmod +x util/cracklib-format + patchShebangs util + ''; + + postInstall = '' + make dict + ''; + doInstallCheck = true; + installCheckTarget = "test"; + meta = with stdenv.lib; { homepage = https://github.com/cracklib/cracklib; description = "A library for checking the strength of passwords"; From 66dae3b1f048b5fd0a769c0b0d315b9f1a3409cd Mon Sep 17 00:00:00 2001 From: Will Dietz Date: Sun, 3 Mar 2019 23:50:37 -0600 Subject: [PATCH 3/3] cracklib: add wordlist from upstream, generate default dict with it --- pkgs/development/libraries/cracklib/default.nix | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/pkgs/development/libraries/cracklib/default.nix b/pkgs/development/libraries/cracklib/default.nix index a761582f1c20..d335a286c87b 100644 --- a/pkgs/development/libraries/cracklib/default.nix +++ b/pkgs/development/libraries/cracklib/default.nix @@ -1,9 +1,14 @@ -{ stdenv, fetchurl, zlib, gettext }: +let version = "2.9.7"; in +{ stdenv, fetchurl, zlib, gettext +, wordlists ? [ (fetchurl { + url = "https://github.com/cracklib/cracklib/releases/download/v${version}/cracklib-words-${version}.gz"; + sha256 = "12fk8w06q628v754l357cf8kfjna98wj09qybpqr892az3x4a33z"; +}) ] +}: -# TODO: wordlist? https://github.com/cracklib/cracklib/releases/download/v2.9.7/cracklib-words-2.9.7.gz is a start! stdenv.mkDerivation rec { pname = "cracklib"; - version = "2.9.7"; + inherit version; src = fetchurl { url = "https://github.com/${pname}/${pname}/releases/download/v${version}/${pname}-${version}.tar.bz2"; @@ -15,6 +20,8 @@ stdenv.mkDerivation rec { postPatch = '' chmod +x util/cracklib-format patchShebangs util + + ln -vs ${toString wordlists} dicts/ ''; postInstall = ''