Slackware 14.1slackware-14.1

Mon Nov  4 17:08:47 UTC 2013
Slackware 14.1 x86_64 stable is released!

It's been another interesting release cycle here at Slackware bringing
new features like support for UEFI machines, updated compilers and
development tools, the switch from MySQL to MariaDB, and many more
improvements throughout the system.  Thanks to the team, the upstream
developers, the dedicated Slackware community, and everyone else who
pitched in to help make this release a reality.

The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a
dual-sided
32-bit/64-bit x86/x86_64 DVD.  Please consider supporting the Slackware
project by picking up a copy from store.slackware.com.  We're taking
pre-orders now, and offer a discount if you sign up for a subscription.

Have fun!  :-)

3 files changed, 111 insertions, 3 deletions

diff --git a/source/n/cyrus-sasl/cyrus-sasl-2.1.23-glibc217-crypt.diff b/source/n/cyrus-sasl/cyrus-sasl-2.1.23-glibc217-crypt.diff
new file mode 100644
index 00000000..2cbb4860
--- /dev/null
+++ b/source/n/cyrus-sasl/cyrus-sasl-2.1.23-glibc217-crypt.diff
@@ -0,0 +1,105 @@
+From 0626e86d2e1d0be63a56918371a15d98cfad19d1 Mon Sep 17 00:00:00 2001
+From: mancha <mancha1@hush.com>
+Date: Tue, 9 Jul 2013
+Subject: Handle NULL returns from glibc 2.17+ crypt().
+
+Starting with glibc 2.17 (eglibc 2.17), crypt() fails with EINVAL
+(w/ NULL return) if the salt violates specifications. Additionally,
+on FIPS-140 enabled Linux systems, DES/MD5-encrypted passwords
+passed to crypt() fail with EPERM (w/ NULL return).
+
+When using glibc's crypt(), check return value to avoid a possible
+NULL pointer dereference.
+---
+ pwcheck/pwcheck_getpwnam.c | 3 ++-
+ pwcheck/pwcheck_getspnam.c | 3 ++-
+ saslauthd/auth_getpwent.c  | 3 ++-
+ saslauthd/auth_shadow.c    | 7 ++-----
+ 4 files changed, 8 insertions(+), 8 deletions(-)
+
+--- a/pwcheck/pwcheck_getpwnam.c
++++ b/pwcheck/pwcheck_getpwnam.c
+@@ -32,6 +32,7 @@ extern char *crypt();
+ char *password;
+ {
+     char* r;
++    char* crpt_passwd;
+     struct passwd *pwd;
+
+     pwd = getpwnam(userid);
+@@ -41,7 +42,7 @@ char *password;
+     else if (pwd->pw_passwd[0] == '*') {
+ 	r = "Account disabled";
+     }
+-    else if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
++    else if (!(crpt_passwd = crypt(password, pwd->pw_passwd)) || strcmp(pwd->pw_passwd, (const char *)crpt_passwd) != 0) {
+ 	r = "Incorrect password";
+     }
+     else {
+--- a/pwcheck/pwcheck_getspnam.c
++++ b/pwcheck/pwcheck_getspnam.c
+@@ -30,6 +30,7 @@ extern char *crypt();
+ char *pwcheck(userid, password)
+ char *userid;
+ char *password;
++char *crpt_passwd;
+ {
+     struct spwd *pwd;
+ 
+@@ -38,7 +39,7 @@ char *password;
+ 	return "Userid not found";
+     }
+     
+-    if (strcmp(pwd->sp_pwdp, crypt(password, pwd->sp_pwdp)) != 0) {
++    if (!(crpt_passwd = crypt(password, pwd->sp_pwdp)) || strcmp(pwd->sp_pwdp, (const char *)crpt_passwd) != 0) {
+ 	return "Incorrect password";
+     }
+     else {
+--- a/saslauthd/auth_getpwent.c
++++ b/saslauthd/auth_getpwent.c
+@@ -70,6 +70,7 @@ auth_getpwent (
+ {
+     /* VARIABLES */
+     struct passwd *pw;			/* pointer to passwd file entry */
++    char *crpt_passwd;			/* encrypted password */
+     /* END VARIABLES */
+   
+     pw = getpwnam(login);
+@@ -79,7 +80,7 @@ auth_getpwent (
+ 	RETURN("NO");
+     }
+ 
+-    if (strcmp(pw->pw_passwd, (const char *)crypt(password, pw->pw_passwd))) {
++    if (!(crpt_passwd = crypt(password, pw->pw_passwd)) || strcmp(pw->pw_passwd, (const char *)crpt_passwd)) {
+ 	RETURN("NO");
+     }
+ 
+--- a/saslauthd/auth_shadow.c
++++ b/saslauthd/auth_shadow.c
+@@ -180,16 +180,13 @@ auth_shadow (
+      * not returning any information about a login until we have validated
+      * the password.
+      */
+-    cpw = strdup((const char *)crypt(password, sp->sp_pwdp));
+-    if (strcmp(sp->sp_pwdp, cpw)) {
++    if (!(cpw = crypt(password, sp->sp_pwdp)) || strcmp(sp->sp_pwdp, (const char *)cpw)) {
+ 	if (flags & VERBOSE) {
+ 	    syslog(LOG_DEBUG, "DEBUG: auth_shadow: pw mismatch: '%s' != '%s'",
+ 		   sp->sp_pwdp, cpw);
+ 	}
+-	free(cpw);
+ 	RETURN("NO");
+     }
+-    free(cpw);
+ 
+     /*
+      * The following fields will be set to -1 if:
+@@ -251,7 +250,7 @@ auth_shadow (
+ 	RETURN("NO");
+     }
+   
+-    if (strcmp(upw->upw_passwd, crypt(password, upw->upw_passwd)) != 0) {
++    if (!(cpw = crypt(password, upw->upw_passwd)) || (strcmp(upw->upw_passwd, (const char *)cpw) != 0)) {
+ 	if (flags & VERBOSE) {
+ 	    syslog(LOG_DEBUG, "auth_shadow: pw mismatch: %s != %s",
+ 		   password, upw->upw_passwd);
diff --git a/source/n/cyrus-sasl/cyrus-sasl.SlackBuild b/source/n/cyrus-sasl/cyrus-sasl.SlackBuild
index eea8e190..c47821d5 100755
--- a/source/n/cyrus-sasl/cyrus-sasl.SlackBuild
+++ b/source/n/cyrus-sasl/cyrus-sasl.SlackBuild
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright 2008, 2009, 2010  Patrick J. Volkerding, Sebeka, Minnesota, USA
+# Copyright 2008, 2009, 2010, 2013  Patrick J. Volkerding, Sebeka, Minnesota, USA
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@@ -22,7 +22,7 @@
 
 PKGNAM=cyrus-sasl
 VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-4}
+BUILD=${BUILD:-5}
 
 # Automatically determine the architecture we're building on:
 if [ -z "$ARCH" ]; then
@@ -62,6 +62,9 @@ cd cyrus-sasl-$VERSION || exit 1
 # Fix compiling:
 zcat $CWD/cyrus-sasl.bad_elif.diff.gz | patch -p1 --verbose || exit 1
 
+# Fix for glibc-2.17 crypt() NULL return:
+zcat $CWD/cyrus-sasl-2.1.23-glibc217-crypt.diff.gz | patch -p1 --verbose || exit 1
+
 chown -R root:root .
 find . -perm 777 -exec chmod 755 {} \;
 find . -perm 664 -exec chmod 644 {} \;
diff --git a/source/n/cyrus-sasl/rc.saslauthd b/source/n/cyrus-sasl/rc.saslauthd
index 8b69a710..8a01ac65 100644
--- a/source/n/cyrus-sasl/rc.saslauthd
+++ b/source/n/cyrus-sasl/rc.saslauthd
@@ -3,7 +3,7 @@
 #
 # saslauthd is a daemon process that handles plaintext authentication
 # requests on behalf of the SASL library.  The CMU Cyrus SASL library
-# is a general purpose authentication library for sever and client
+# is a general purpose authentication library for server and client
 # applications.  It is mostly used to authenticate to mail servers.
 #
 # saslauthd should be started from the system boot scripts when going