diff --git a/cracklib-2.9.7-simplistic.patch b/cracklib-2.9.7-simplistic.patch new file mode 100644 index 0000000000000000000000000000000000000000..00fd8576290c827cfd02168ed67bf5fcff1cbd3a --- /dev/null +++ b/cracklib-2.9.7-simplistic.patch @@ -0,0 +1,117 @@ +diff --git a/lib/fascist.c b/lib/fascist.c +index c5a018c..dc74ca9 100644 +--- a/lib/fascist.c ++++ b/lib/fascist.c +@@ -55,7 +55,6 @@ static char *r_destructors[] = { + + "/?p@?p", /* purging out punctuation/symbols/junk */ + "/?s@?s", +- "/?X@?X", + + /* attempt reverse engineering of password strings */ + +@@ -452,6 +451,12 @@ GTry(rawtext, password) + continue; + } + ++ if (len - strlen(mp) >= 3) ++ { ++ /* purged too much */ ++ continue; ++ } ++ + #ifdef DEBUG + printf("%-16s = %-16s (destruct %s)\n", mp, rawtext, r_destructors[i]); + #endif +@@ -478,6 +483,12 @@ GTry(rawtext, password) + continue; + } + ++ if (len - strlen(mp) >= 3) ++ { ++ /* purged too much */ ++ continue; ++ } ++ + #ifdef DEBUG + printf("%-16s = %-16s (construct %s)\n", mp, password, r_constructors[i]); + #endif +@@ -705,6 +716,7 @@ FascistLookUser(PWDICT *pwp, char *instring, + char *password; + char rpassword[STRINGSIZE]; + uint32_t notfound; ++ int len; + + notfound = PW_WORDS(pwp); + /* already truncated if from FascistCheck() */ +@@ -754,6 +766,7 @@ FascistLookUser(PWDICT *pwp, char *instring, + return _("it is all whitespace"); + } + ++ len = strlen(password); + i = 0; + ptr = password; + while (ptr[0] && ptr[1]) +@@ -765,10 +778,9 @@ FascistLookUser(PWDICT *pwp, char *instring, + ptr++; + } + +- /* Change by Ben Karsin from ITS at University of Hawaii at Manoa. Static MAXSTEP +- would generate many false positives for long passwords. */ +- maxrepeat = 3+(0.09*strlen(password)); +- if (i > maxrepeat) ++ /* We were still generating false positives for long passwords. ++ Just count systematic double as a single character. */ ++ if (len - i < MINLEN) + { + return _("it is too simplistic/systematic"); + } +@@ -801,6 +813,12 @@ FascistLookUser(PWDICT *pwp, char *instring, + continue; + } + ++ if (len - strlen(a) >= 3) ++ { ++ /* purged too much */ ++ continue; ++ } ++ + #ifdef DEBUG + printf("%-16s (dict)\n", a); + #endif +@@ -821,6 +839,13 @@ FascistLookUser(PWDICT *pwp, char *instring, + { + continue; + } ++ ++ if (len - strlen(a) >= 3) ++ { ++ /* purged too much */ ++ continue; ++ } ++ + #ifdef DEBUG + printf("%-16s (reversed dict)\n", a); + #endif +diff --git a/util/cracklib-format b/util/cracklib-format +index 1d7be5b..0a2caa5 100644 +--- a/util/cracklib-format ++++ b/util/cracklib-format +@@ -3,8 +3,10 @@ + # This preprocesses a set of word lists into a suitable form for input + # into cracklib-packer + # ++LC_ALL=C ++export LC_ALL + gzip -cdf "$@" | +- grep -v '^\(#\|$\)' | +- tr '[A-Z]' '[a-z]' | +- tr -cd '\012[a-z][0-9]' | +- env LC_ALL=C sort -u ++ grep -a -E -v '^.{32,}$' | ++ tr '[:upper:]' '[:lower:]' | ++ tr -cd '\n[:graph:]' | ++ sort -u +-- +2.34.1 + diff --git a/cracklib-words-2.9.7.bz2 b/cracklib-words-2.9.7.bz2 new file mode 100644 index 0000000000000000000000000000000000000000..b29dbf1ae58e566f3beb5ac80cf5555eec350c37 Binary files /dev/null and b/cracklib-words-2.9.7.bz2 differ diff --git a/cracklib.spec b/cracklib.spec index 613fd066075ae726604dd6827ef3d2caf2d95bbd..419554772ed873404d1c3583d27ba6bd389d289a 100644 --- a/cracklib.spec +++ b/cracklib.spec @@ -1,4 +1,4 @@ -%define anolis_release 1 +%define anolis_release 2 %bcond_without python3 %define dictdir %{_datadir}/cracklib @@ -12,6 +12,8 @@ Summary: A password-checking library License: LGPLv2+ URL: http://sourceforge.net/projects/cracklib/ Source0: https://github.com/cracklib/cracklib/releases/download/v%{version}/cracklib-%{version}.tar.bz2 +Source1: https://github.com/cracklib/cracklib/releases/download/v%{version}/cracklib-words-%{version}.bz2 +Patch1: cracklib-2.9.7-simplistic.patch BuildRequires: gcc, words, gettext, gettext-autopoint, zlib-devel %if %{with python3} @@ -58,6 +60,12 @@ written in the Python 3 programming language to use cracklib. %prep %autosetup -n %{name}-%{version} -p1 +mkdir cracklib-dicts +for dict in %{SOURCE1} +do + cp -fv ${dict} cracklib-dicts/ +done + chmod +x util/cracklib-format %build @@ -141,5 +149,8 @@ make test %endif %changelog +* Mon Aug 15 2022 Chunmei Xu - 2.9.7-2 +- fix cracklib dicts + * Tue Mar 08 2022 pangqing - 2.9.7-1 - Init for anolisOS 23