From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: cracklib: Fix buffer overflow Date: Tue, 10 Jan 2017 22:44:29 +0100 Message-ID: <87y3yiy4hu.fsf@gnu.org> References: <20160915153646.GA31020@jasmine> <20170110203331.GA9807@jasmine> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:36975) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cR4Da-0000MM-Lb for guix-devel@gnu.org; Tue, 10 Jan 2017 16:44:35 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cR4DX-00020i-IU for guix-devel@gnu.org; Tue, 10 Jan 2017 16:44:34 -0500 In-Reply-To: <20170110203331.GA9807@jasmine> (Leo Famulari's message of "Tue, 10 Jan 2017 15:33:31 -0500") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Leo Famulari Cc: guix-devel@gnu.org Leo Famulari skribis: > On Thu, Sep 15, 2016 at 11:36:46AM -0400, Leo Famulari wrote: >> This patch cherry-picks an upstream commit to fix a buffer overflow in >> cracklib. Please see the patch file for more information about the bug. > >> From 62f8f1763ba1766e92e8dc05686bd9353eaf2ad5 Mon Sep 17 00:00:00 2001 >> From: Leo Famulari >> Date: Thu, 15 Sep 2016 11:34:49 -0400 >> Subject: [PATCH] gnu: cracklib: Fix buffer overflow. >>=20 >> * gnu/packages/patches/cracklib-fix-buffer-overflow.patch: New file. >> * gnu/local.mk (dist_patch_DATA): Add it. >> * gnu/packages/password-utils.scm (cracklib)[source]: Use it. > > I forgot about this patch. > > Debian applied it: > https://anonscm.debian.org/cgit/pkg-cracklib/pkg-cracklib.git/tree/debian= /patches/overflow-processing-long-words.patch > > I'll push it today if I hear no objections. Sounds good, thanks for the heads-up. Ludo=E2=80=99.