Compare commits
No commits in common. "4eb2c79f505cf7dce0ad452999d58b496492a937" and "919b9705c6fd975ef22e86e387114fcb41937b74" have entirely different histories.
4eb2c79f50
...
919b9705c6
@ -1 +1 @@
|
||||
DIST timescaledb-2.3.1.tar.lzma 1256454 BLAKE2B 43ec4a5a5f802f2e096bfa126765b4e9b3f5b80bb08cae80f5a005767f4063c844b2b17a20de5cc494a9d9d19d2f8ff62af450cde2efbbb386e6c5ab0031dbaf SHA512 68c5af6265979d418559db3454adb75c83862bedba20f5a7014599374da659902d7c57a3f016e17c1e56a4907ab85b7bac7bfc97246ae895e01c48a4df1d3627
|
||||
DIST timescaledb-2.3.0.tar.lzma 1244809 BLAKE2B 56e91c7323cc539b53baf68d3e2e42cfdd1ba233094cc2abb526a7a95597a9b87b38af11404918c58751990c86d6be91589d7cbcadc8fe77f16c23dd7ef9722b SHA512 ec6fc767a4fe602e7fc5aab718f32519e8fbe5f6866abba231b23719e369128430a1ed3c6ee532bdb8fbbb4e0be38c235e9fa02aa20878e3709d8d4afe1726d5
|
||||
|
@ -1 +1 @@
|
||||
DIST aiohttp-json-rpc-0.13.3.tar.gz 28657 BLAKE2B 8d359b36fe9ae7464262787d3db4e6e89c788ef52f07ea476f0f5cd384ee7159c2b63f3813a6f0222ab7e101f665839b27dde253a34691692ffd241c49db5100 SHA512 6418c0b0ef79d989b1a4649030c740da9c9f9017ced778b5de9b2dd735c35808a7618ea1128ecb5846c7ea5ee7d0fb4524fd5d15d54fe459066937728611553d
|
||||
DIST aiohttp-json-rpc-0.13.1.tar.gz 28520 BLAKE2B 1373330eadb6282817a045e5a3ee421625eafd051c0b6d261f7c9de74a40885cba42ee4b424293dfe8aae90ab98898b0252d172eb139dd62c1e5363fb133378b SHA512 bb4f7a394dc5978e88a2e4dffd23ee3bcaa1d515418a8a8d087d887c65a167c1092fc4b5a2ae9d9e63922a77a6431253c7b228ae3a71a2e8e722fee7baf50d7f
|
||||
|
@ -3,7 +3,7 @@
|
||||
|
||||
EAPI="7"
|
||||
|
||||
PYTHON_COMPAT=( python3_9 )
|
||||
PYTHON_COMPAT=( python3_8 )
|
||||
DISTUTILS_USE_SETUPTOOLS="rdepend"
|
||||
|
||||
inherit distutils-r1
|
@ -1 +1 @@
|
||||
DIST aiosqlite-0.17.0.tar.gz 25941 BLAKE2B 869d165bc8c791cb94159f6508f5113d915f5531117d0d79ac1f297de16cbb78574a7eaafc1bceccc9e4397f88f490b90d49becb4b7cc2c0d51e14f0afd7561b SHA512 50f9965ef7dafe91a2f41dc41489395e437080aa4b7853800d806d21f4f8042d92ff6cfd2aeadefa7ca5e4debd14f39d93ca28c89f3116b3b61b2e8829533e6e
|
||||
DIST aiosqlite-0.15.0.tar.gz 24363 BLAKE2B eb22c1c3f21d00b72d63c9e684b92808de03f3516c31f83e1b54a64a3900301d012fcb66969b80a49a60bcea0805600b59ddd9272e504dca14cf018bf43dd7eb SHA512 8f23caa28b3f7659cea0c6f7c2d1e3eeee0d278ae2ba26e2e3290eb7de7c037581718b98745bd69fd1aa058aa2c263ecf7130ca9cc007b023d6b4b3ae0ee4b5a
|
||||
|
@ -3,7 +3,7 @@
|
||||
|
||||
EAPI="7"
|
||||
|
||||
PYTHON_COMPAT=( python3_9 )
|
||||
PYTHON_COMPAT=( python3_8 )
|
||||
DISTUTILS_USE_SETUPTOOLS="no"
|
||||
|
||||
inherit distutils-r1
|
||||
@ -21,9 +21,4 @@ RESTRICT="test"
|
||||
|
||||
DOCS=( CHANGELOG.md README.rst )
|
||||
|
||||
PATCHES=(
|
||||
# https://github.com/omnilib/aiosqlite/commit/a157e0b7d126daeeda4e5b7dcf2b6cb9cf9ac274
|
||||
"${FILESDIR}/${P}-typing.patch"
|
||||
)
|
||||
|
||||
distutils_enable_sphinx docs
|
@ -1,38 +0,0 @@
|
||||
From a157e0b7d126daeeda4e5b7dcf2b6cb9cf9ac274 Mon Sep 17 00:00:00 2001
|
||||
From: John Reese <john@noswap.com>
|
||||
Date: Sun, 16 May 2021 14:18:18 -0700
|
||||
Subject: [PATCH] Drop dependency on typing_extensions, fix #114
|
||||
|
||||
---
|
||||
aiosqlite/context.py | 4 +---
|
||||
pyproject.toml | 2 +-
|
||||
2 files changed, 2 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/aiosqlite/context.py b/aiosqlite/context.py
|
||||
index 2a2fa4e..316845f 100644
|
||||
--- a/aiosqlite/context.py
|
||||
+++ b/aiosqlite/context.py
|
||||
@@ -3,9 +3,7 @@
|
||||
|
||||
|
||||
from functools import wraps
|
||||
-from typing import Any, Callable, Coroutine, Generator, TypeVar
|
||||
-
|
||||
-from typing_extensions import AsyncContextManager
|
||||
+from typing import Any, AsyncContextManager, Callable, Coroutine, Generator, TypeVar
|
||||
|
||||
from .cursor import Cursor
|
||||
|
||||
diff --git a/pyproject.toml b/pyproject.toml
|
||||
index 4d44707..16a4013 100644
|
||||
--- a/pyproject.toml
|
||||
+++ b/pyproject.toml
|
||||
@@ -8,7 +8,7 @@ author = "John Reese"
|
||||
author-email = "john@noswap.com"
|
||||
description-file = "README.rst"
|
||||
home-page = "https://aiosqlite.omnilib.dev"
|
||||
-requires = ["typing_extensions>=3.7.2"]
|
||||
+requires = []
|
||||
requires-python = ">=3.6"
|
||||
classifiers = [
|
||||
"Development Status :: 5 - Production/Stable",
|
@ -1 +0,0 @@
|
||||
DIST argparse-manpage-1.5.tar.gz 34290 BLAKE2B 598a0eb0d4816a764c1ba4093b18e28d7865c9a113db1910793748eb24394636a9e1caad86fef5416933ae5341026048d1e39ce928131a8796a5d66a40e36853 SHA512 bfdea19fa62ac029754d6df26c4fb51c18f7fee4fae681c1117253627e724cf1ff1db5196ad0690fd436cebbe403536905f157cb7eae7be50d321c663b491fd0
|
@ -1,18 +0,0 @@
|
||||
# Copyright 2020-2021 Gentoo Authors
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
|
||||
EAPI=7
|
||||
|
||||
PYTHON_COMPAT=( python3_{7..10} )
|
||||
DISTUTILS_USE_SETUPTOOLS=rdepend
|
||||
inherit distutils-r1
|
||||
|
||||
DESCRIPTION="Automatically build man-pages for your Python project"
|
||||
HOMEPAGE="https://github.com/praiskup/argparse-manpage https://pypi.org/project/argparse-manpage/"
|
||||
SRC_URI="https://github.com/praiskup/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
|
||||
|
||||
LICENSE="Apache-2.0"
|
||||
SLOT="0"
|
||||
KEYWORDS="~amd64 ~x86"
|
||||
|
||||
distutils_enable_tests pytest
|
@ -1,13 +0,0 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
|
||||
<pkgmetadata>
|
||||
<maintainer type="person">
|
||||
<email>chutzpah@gentoo.org</email>
|
||||
<name>Patrick McLean</name>
|
||||
</maintainer>
|
||||
<stabilize-allarches/>
|
||||
<upstream>
|
||||
<remote-id type="pypi">argparse-manpage</remote-id>
|
||||
<remote-id type="github">praiskup/argparse-manpage</remote-id>
|
||||
</upstream>
|
||||
</pkgmetadata>
|
@ -1 +1 @@
|
||||
DIST nfs-ganesha-4.0_beta63.tar.gz 1887627 BLAKE2B 12a615ed14039c9d00be7c63a5e7ea86edad50f3c6169000d5f322a04a47b9150fd35faba3534c90dd599287ef5e6274d7216e6320ee22044aabb45f9e459df4 SHA512 f9dc1886002e944bc3b1495d310cfe4e695577f38f4930acb593ebfb01fb56b65513604d7f10e97a180b3ec1d4d947e7069405d9760e27e352bc7c43500708d8
|
||||
DIST nfs-ganesha-4.0_beta49.tar.gz 1877085 BLAKE2B a6e6d9c4dfe710be9ad0d90115a99137f2da9a9687f21670ba8e7e7dcb9443eb836314363bb417bc37628f861efae0017efd0107e76a1e018d737cabf4776b72 SHA512 f78d3cb02d20cd132b6a0c55cd8cd09a660c6084d0721c6e1d29602b4361619c17c6ed770a61efb367b01e409b6c45a40427eafdbee23b40dcfe2426e2fd094f
|
||||
|
@ -20,19 +20,16 @@ fi
|
||||
LICENSE="LGPL-3"
|
||||
SLOT="0"
|
||||
KEYWORDS="~amd64"
|
||||
IUSE="btrfs dbus debug gssapi gui +nfs3 nfsidmap tools vsock"
|
||||
IUSE="dbus debug gssapi gui +nfs3 nfsidmap tools vsock"
|
||||
FS_SUPPORT=" ceph glusterfs gpfs lustre mem null panfs proxy-v3 proxy-v4 rgw vfs xfs"
|
||||
IUSE+=" ${FS_SUPPORT// / ganesha_fs_}"
|
||||
|
||||
REQUIRED_USE="gui? ( tools )
|
||||
btrfs? ( ganesha_fs_vfs )"
|
||||
REQUIRED_USE="gui? ( tools )"
|
||||
|
||||
RDEPEND="
|
||||
dev-libs/jemalloc
|
||||
dev-libs/userspace-rcu:=
|
||||
net-libs/libnfsidmap
|
||||
>=net-libs/ntirpc-3.4:=[gssapi]
|
||||
btrfs? ( sys-fs/btrfs-progs )
|
||||
gssapi? ( virtual/krb5 )
|
||||
dbus? ( sys-apps/dbus )
|
||||
ganesha_fs_ceph? ( sys-cluster/ceph )
|
||||
@ -76,7 +73,6 @@ src_configure() {
|
||||
-DALLOCATOR=jemalloc
|
||||
-DUSE_SYSTEM_NTIRPC=ON
|
||||
-DTIRPC_EPOLL=ON
|
||||
-DUSE_BTRFSUTIL=$(usex btrfs)
|
||||
-DUSE_GSS=$(usex gssapi)
|
||||
-DUSE_DBUS=$(usex dbus)
|
||||
-DUSE_NFSIDMAP=$(usex nfsidmap)
|
||||
@ -133,6 +129,7 @@ src_configure() {
|
||||
#/var/tmp/portage/net-fs/nfs-ganesha-2.4.3/work/nfs-ganesha-2.4.3/src/CMakeLists.txt:option(_NO_XATTRD "disable ghost xattr directory and files support" ON)
|
||||
#/var/tmp/portage/net-fs/nfs-ganesha-2.4.3/work/nfs-ganesha-2.4.3/src/CMakeLists.txt:option(_VALGRIND_MEMCHECK "Initialize buffers passed to GPFS ioctl that valgrind doesn't understand" OFF)
|
||||
#/var/tmp/portage/net-fs/nfs-ganesha-2.4.3/work/nfs-ganesha-2.4.3/src/CMakeLists.txt:option(USE_CUNIT "Use Cunit test framework" OFF)
|
||||
#/var/tmp/portage/net-fs/nfs-ganesha-2.4.3/work/nfs-ganesha-2.4.3/src/CMakeLists.txt:option(USE_BLKIN "Use Blkin/Zipkin trace framework" OFF)
|
||||
#/var/tmp/portage/net-fs/nfs-ganesha-2.4.3/work/nfs-ganesha-2.4.3/src/CMakeLists.txt:option(BLKIN_PREFIX "Blkin installation prefix" "/opt/blkin")
|
||||
#/var/tmp/portage/net-fs/nfs-ganesha-2.4.3/work/nfs-ganesha-2.4.3/src/CMakeLists.txt:option(USE_GTEST "Use Google Test test framework" OFF)
|
||||
#/var/tmp/portage/net-fs/nfs-ganesha-2.4.3/work/nfs-ganesha-2.4.3/src/CMakeLists.txt:option(GTEST_PREFIX "Google Test installation prefix"
|
@ -4,7 +4,7 @@
|
||||
EAPI=7
|
||||
|
||||
LUA_COMPAT=( lua5-{1..2} luajit )
|
||||
PYTHON_COMPAT=( python3_{8..10} )
|
||||
PYTHON_COMPAT=( python3_{8..9} )
|
||||
|
||||
inherit flag-o-matic lua-single python-any-r1 scons-utils toolchain-funcs
|
||||
|
||||
|
@ -23,14 +23,15 @@ else
|
||||
test? ( ${GTEST_URL} )
|
||||
"
|
||||
KEYWORDS="~amd64 ~arm ~arm64 ~x86"
|
||||
# "If you upgrade your ZNC version you must recompile all your modules."
|
||||
# - https://wiki.znc.in/Compiling_modules
|
||||
SLOT="0/${PV}"
|
||||
S=${WORKDIR}/${MY_P}
|
||||
fi
|
||||
|
||||
HOMEPAGE="https://znc.in"
|
||||
LICENSE="Apache-2.0"
|
||||
# "If you upgrade your ZNC version you must recompile all your modules."
|
||||
# - https://wiki.znc.in/Compiling_modules
|
||||
SLOT="0/${PV}"
|
||||
SLOT="0"
|
||||
IUSE="+ipv6 +icu nls perl python +ssl sasl tcl test +zlib"
|
||||
RESTRICT="!test? ( test )"
|
||||
|
||||
|
@ -129,7 +129,6 @@ DEPEND="
|
||||
')
|
||||
)
|
||||
systemd? ( >=sys-apps/systemd-244 )
|
||||
virtual/libcrypt:=
|
||||
"
|
||||
|
||||
BDEPEND=">=sys-devel/autoconf-2.69-r5
|
||||
@ -172,7 +171,6 @@ RDEPEND="${DEPEND}
|
||||
S="${WORKDIR}/${PN}-${P}"
|
||||
|
||||
PATCHES=(
|
||||
"${FILESDIR}/${P}-crypt-import.patch"
|
||||
"${FILESDIR}/${PN}-db-gentoo.patch"
|
||||
)
|
||||
|
||||
|
@ -1,118 +0,0 @@
|
||||
From c1926dfc6591b55c4d33f9944de4d7ebe077e964 Mon Sep 17 00:00:00 2001
|
||||
From: Firstyear <william@blackhats.net.au>
|
||||
Date: Fri, 9 Jul 2021 11:53:35 +1000
|
||||
Subject: [PATCH] Issue 4817 - BUG - locked crypt accounts on import may allow
|
||||
all passwords (#4819)
|
||||
|
||||
Bug Description: Due to mishanding of short dbpwd hashes, the
|
||||
crypt_r algorithm was misused and was only comparing salts
|
||||
in some cases, rather than checking the actual content
|
||||
of the password.
|
||||
|
||||
Fix Description: Stricter checks on dbpwd lengths to ensure
|
||||
that content passed to crypt_r has at least 2 salt bytes and
|
||||
1 hash byte, as well as stricter checks on ct_memcmp to ensure
|
||||
that compared values are the same length, rather than potentially
|
||||
allowing overruns/short comparisons.
|
||||
|
||||
fixes: https://github.com/389ds/389-ds-base/issues/4817
|
||||
|
||||
Author: William Brown <william@blackhats.net.au>
|
||||
|
||||
Review by: @mreynolds389
|
||||
---
|
||||
.../password/pwd_crypt_asterisk_test.py | 50 +++++++++++++++++++
|
||||
ldap/servers/plugins/pwdstorage/crypt_pwd.c | 20 +++++---
|
||||
2 files changed, 64 insertions(+), 6 deletions(-)
|
||||
create mode 100644 dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
|
||||
|
||||
diff --git a/dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py b/dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
|
||||
new file mode 100644
|
||||
index 000000000..d76614db1
|
||||
--- /dev/null
|
||||
+++ b/dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
|
||||
@@ -0,0 +1,50 @@
|
||||
+# --- BEGIN COPYRIGHT BLOCK ---
|
||||
+# Copyright (C) 2021 William Brown <william@blackhats.net.au>
|
||||
+# All rights reserved.
|
||||
+#
|
||||
+# License: GPL (version 3 or any later version).
|
||||
+# See LICENSE for details.
|
||||
+# --- END COPYRIGHT BLOCK ---
|
||||
+#
|
||||
+import ldap
|
||||
+import pytest
|
||||
+from lib389.topologies import topology_st
|
||||
+from lib389.idm.user import UserAccounts
|
||||
+from lib389._constants import (DEFAULT_SUFFIX, PASSWORD)
|
||||
+
|
||||
+pytestmark = pytest.mark.tier1
|
||||
+
|
||||
+def test_password_crypt_asterisk_is_rejected(topology_st):
|
||||
+ """It was reported that {CRYPT}* was allowing all passwords to be
|
||||
+ valid in the bind process. This checks that we should be rejecting
|
||||
+ these as they should represent locked accounts. Similar, {CRYPT}!
|
||||
+
|
||||
+ :id: 0b8f1a6a-f3eb-4443-985e-da14d0939dc3
|
||||
+ :setup: Single instance
|
||||
+ :steps: 1. Set a password hash in with CRYPT and the content *
|
||||
+ 2. Test a bind
|
||||
+ 3. Set a password hash in with CRYPT and the content !
|
||||
+ 4. Test a bind
|
||||
+ :expectedresults:
|
||||
+ 1. Successfully set the values
|
||||
+ 2. The bind fails
|
||||
+ 3. Successfully set the values
|
||||
+ 4. The bind fails
|
||||
+ """
|
||||
+ topology_st.standalone.config.set('nsslapd-allow-hashed-passwords', 'on')
|
||||
+ topology_st.standalone.config.set('nsslapd-enable-upgrade-hash', 'off')
|
||||
+
|
||||
+ users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
|
||||
+ user = users.create_test_user()
|
||||
+
|
||||
+ user.set('userPassword', "{CRYPT}*")
|
||||
+
|
||||
+ # Attempt to bind with incorrect password.
|
||||
+ with pytest.raises(ldap.INVALID_CREDENTIALS):
|
||||
+ badconn = user.bind('badpassword')
|
||||
+
|
||||
+ user.set('userPassword', "{CRYPT}!")
|
||||
+ # Attempt to bind with incorrect password.
|
||||
+ with pytest.raises(ldap.INVALID_CREDENTIALS):
|
||||
+ badconn = user.bind('badpassword')
|
||||
+
|
||||
diff --git a/ldap/servers/plugins/pwdstorage/crypt_pwd.c b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
|
||||
index 9031b2199..1b37d41ed 100644
|
||||
--- a/ldap/servers/plugins/pwdstorage/crypt_pwd.c
|
||||
+++ b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
|
||||
@@ -48,15 +48,23 @@ static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
|
||||
int
|
||||
crypt_pw_cmp(const char *userpwd, const char *dbpwd)
|
||||
{
|
||||
- int rc;
|
||||
- char *cp;
|
||||
+ int rc = -1;
|
||||
+ char *cp = NULL;
|
||||
+ size_t dbpwd_len = strlen(dbpwd);
|
||||
struct crypt_data data;
|
||||
data.initialized = 0;
|
||||
|
||||
- /* we use salt (first 2 chars) of encoded password in call to crypt_r() */
|
||||
- cp = crypt_r(userpwd, dbpwd, &data);
|
||||
- if (cp) {
|
||||
- rc = slapi_ct_memcmp(dbpwd, cp, strlen(dbpwd));
|
||||
+ /*
|
||||
+ * there MUST be at least 2 chars of salt and some pw bytes, else this is INVALID and will
|
||||
+ * allow any password to bind as we then only compare SALTS.
|
||||
+ */
|
||||
+ if (dbpwd_len >= 3) {
|
||||
+ /* we use salt (first 2 chars) of encoded password in call to crypt_r() */
|
||||
+ cp = crypt_r(userpwd, dbpwd, &data);
|
||||
+ }
|
||||
+ /* If these are not the same length, we can not proceed safely with memcmp. */
|
||||
+ if (cp && dbpwd_len == strlen(cp)) {
|
||||
+ rc = slapi_ct_memcmp(dbpwd, cp, dbpwd_len);
|
||||
} else {
|
||||
rc = -1;
|
||||
}
|
@ -1 +1 @@
|
||||
DIST sssd-2.5.2.tar.gz 7579208 BLAKE2B ec5d9aeaf5b5e05b56c01f9137f6f24db05544dbd48458d742285b60e7beb6d48af865f3415e11ce89e187f4643bbecf15bbb321859ec80cfe458eb781cea6c9 SHA512 a9bac7b2cc23022dce3bcda314c9c26a0a0914c448f6d5a51c5ba18670f04c1fd1a94cb20173235b6285df1dcc9251cb6b3f3e71a220037b4eb66668e6f33c48
|
||||
DIST sssd-2.5.1.tar.gz 7492275 BLAKE2B 9f19d12cb0e071b15bd8fe2660ab9a2223d53267549602c4837f35ed852fa60022514a0bbd03c684c1f398d763120c5f706999d86432d9fe03c3715cb0d43000 SHA512 7441df3b5f1cc1eadb0c6853b048d780ecb36761876aaeb26b9a2d87729211d3ceeae01085dc3ec4fd1c5328f951c8abe854b1d01d91fae25466f930fe16e44a
|
||||
|
Loading…
Reference in New Issue
Block a user