Compare commits

..

9 Commits

18 changed files with 212 additions and 15 deletions

View File

@ -1 +1 @@
DIST timescaledb-2.3.0.tar.lzma 1244809 BLAKE2B 56e91c7323cc539b53baf68d3e2e42cfdd1ba233094cc2abb526a7a95597a9b87b38af11404918c58751990c86d6be91589d7cbcadc8fe77f16c23dd7ef9722b SHA512 ec6fc767a4fe602e7fc5aab718f32519e8fbe5f6866abba231b23719e369128430a1ed3c6ee532bdb8fbbb4e0be38c235e9fa02aa20878e3709d8d4afe1726d5 DIST timescaledb-2.3.1.tar.lzma 1256454 BLAKE2B 43ec4a5a5f802f2e096bfa126765b4e9b3f5b80bb08cae80f5a005767f4063c844b2b17a20de5cc494a9d9d19d2f8ff62af450cde2efbbb386e6c5ab0031dbaf SHA512 68c5af6265979d418559db3454adb75c83862bedba20f5a7014599374da659902d7c57a3f016e17c1e56a4907ab85b7bac7bfc97246ae895e01c48a4df1d3627

View File

@ -1 +1 @@
DIST aiohttp-json-rpc-0.13.1.tar.gz 28520 BLAKE2B 1373330eadb6282817a045e5a3ee421625eafd051c0b6d261f7c9de74a40885cba42ee4b424293dfe8aae90ab98898b0252d172eb139dd62c1e5363fb133378b SHA512 bb4f7a394dc5978e88a2e4dffd23ee3bcaa1d515418a8a8d087d887c65a167c1092fc4b5a2ae9d9e63922a77a6431253c7b228ae3a71a2e8e722fee7baf50d7f DIST aiohttp-json-rpc-0.13.3.tar.gz 28657 BLAKE2B 8d359b36fe9ae7464262787d3db4e6e89c788ef52f07ea476f0f5cd384ee7159c2b63f3813a6f0222ab7e101f665839b27dde253a34691692ffd241c49db5100 SHA512 6418c0b0ef79d989b1a4649030c740da9c9f9017ced778b5de9b2dd735c35808a7618ea1128ecb5846c7ea5ee7d0fb4524fd5d15d54fe459066937728611553d

View File

@ -3,7 +3,7 @@
EAPI="7" EAPI="7"
PYTHON_COMPAT=( python3_8 ) PYTHON_COMPAT=( python3_9 )
DISTUTILS_USE_SETUPTOOLS="rdepend" DISTUTILS_USE_SETUPTOOLS="rdepend"
inherit distutils-r1 inherit distutils-r1

View File

@ -1 +1 @@
DIST aiosqlite-0.15.0.tar.gz 24363 BLAKE2B eb22c1c3f21d00b72d63c9e684b92808de03f3516c31f83e1b54a64a3900301d012fcb66969b80a49a60bcea0805600b59ddd9272e504dca14cf018bf43dd7eb SHA512 8f23caa28b3f7659cea0c6f7c2d1e3eeee0d278ae2ba26e2e3290eb7de7c037581718b98745bd69fd1aa058aa2c263ecf7130ca9cc007b023d6b4b3ae0ee4b5a DIST aiosqlite-0.17.0.tar.gz 25941 BLAKE2B 869d165bc8c791cb94159f6508f5113d915f5531117d0d79ac1f297de16cbb78574a7eaafc1bceccc9e4397f88f490b90d49becb4b7cc2c0d51e14f0afd7561b SHA512 50f9965ef7dafe91a2f41dc41489395e437080aa4b7853800d806d21f4f8042d92ff6cfd2aeadefa7ca5e4debd14f39d93ca28c89f3116b3b61b2e8829533e6e

View File

@ -3,7 +3,7 @@
EAPI="7" EAPI="7"
PYTHON_COMPAT=( python3_8 ) PYTHON_COMPAT=( python3_9 )
DISTUTILS_USE_SETUPTOOLS="no" DISTUTILS_USE_SETUPTOOLS="no"
inherit distutils-r1 inherit distutils-r1
@ -21,4 +21,9 @@ RESTRICT="test"
DOCS=( CHANGELOG.md README.rst ) DOCS=( CHANGELOG.md README.rst )
PATCHES=(
# https://github.com/omnilib/aiosqlite/commit/a157e0b7d126daeeda4e5b7dcf2b6cb9cf9ac274
"${FILESDIR}/${P}-typing.patch"
)
distutils_enable_sphinx docs distutils_enable_sphinx docs

View File

@ -0,0 +1,38 @@
From a157e0b7d126daeeda4e5b7dcf2b6cb9cf9ac274 Mon Sep 17 00:00:00 2001
From: John Reese <john@noswap.com>
Date: Sun, 16 May 2021 14:18:18 -0700
Subject: [PATCH] Drop dependency on typing_extensions, fix #114
---
aiosqlite/context.py | 4 +---
pyproject.toml | 2 +-
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/aiosqlite/context.py b/aiosqlite/context.py
index 2a2fa4e..316845f 100644
--- a/aiosqlite/context.py
+++ b/aiosqlite/context.py
@@ -3,9 +3,7 @@
from functools import wraps
-from typing import Any, Callable, Coroutine, Generator, TypeVar
-
-from typing_extensions import AsyncContextManager
+from typing import Any, AsyncContextManager, Callable, Coroutine, Generator, TypeVar
from .cursor import Cursor
diff --git a/pyproject.toml b/pyproject.toml
index 4d44707..16a4013 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -8,7 +8,7 @@ author = "John Reese"
author-email = "john@noswap.com"
description-file = "README.rst"
home-page = "https://aiosqlite.omnilib.dev"
-requires = ["typing_extensions>=3.7.2"]
+requires = []
requires-python = ">=3.6"
classifiers = [
"Development Status :: 5 - Production/Stable",

View File

@ -0,0 +1 @@
DIST argparse-manpage-1.5.tar.gz 34290 BLAKE2B 598a0eb0d4816a764c1ba4093b18e28d7865c9a113db1910793748eb24394636a9e1caad86fef5416933ae5341026048d1e39ce928131a8796a5d66a40e36853 SHA512 bfdea19fa62ac029754d6df26c4fb51c18f7fee4fae681c1117253627e724cf1ff1db5196ad0690fd436cebbe403536905f157cb7eae7be50d321c663b491fd0

View File

@ -0,0 +1,18 @@
# Copyright 2020-2021 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
EAPI=7
PYTHON_COMPAT=( python3_{7..10} )
DISTUTILS_USE_SETUPTOOLS=rdepend
inherit distutils-r1
DESCRIPTION="Automatically build man-pages for your Python project"
HOMEPAGE="https://github.com/praiskup/argparse-manpage https://pypi.org/project/argparse-manpage/"
SRC_URI="https://github.com/praiskup/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="~amd64 ~x86"
distutils_enable_tests pytest

View File

@ -0,0 +1,13 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
<maintainer type="person">
<email>chutzpah@gentoo.org</email>
<name>Patrick McLean</name>
</maintainer>
<stabilize-allarches/>
<upstream>
<remote-id type="pypi">argparse-manpage</remote-id>
<remote-id type="github">praiskup/argparse-manpage</remote-id>
</upstream>
</pkgmetadata>

View File

@ -1 +1 @@
DIST nfs-ganesha-4.0_beta49.tar.gz 1877085 BLAKE2B a6e6d9c4dfe710be9ad0d90115a99137f2da9a9687f21670ba8e7e7dcb9443eb836314363bb417bc37628f861efae0017efd0107e76a1e018d737cabf4776b72 SHA512 f78d3cb02d20cd132b6a0c55cd8cd09a660c6084d0721c6e1d29602b4361619c17c6ed770a61efb367b01e409b6c45a40427eafdbee23b40dcfe2426e2fd094f DIST nfs-ganesha-4.0_beta63.tar.gz 1887627 BLAKE2B 12a615ed14039c9d00be7c63a5e7ea86edad50f3c6169000d5f322a04a47b9150fd35faba3534c90dd599287ef5e6274d7216e6320ee22044aabb45f9e459df4 SHA512 f9dc1886002e944bc3b1495d310cfe4e695577f38f4930acb593ebfb01fb56b65513604d7f10e97a180b3ec1d4d947e7069405d9760e27e352bc7c43500708d8

View File

@ -20,16 +20,19 @@ fi
LICENSE="LGPL-3" LICENSE="LGPL-3"
SLOT="0" SLOT="0"
KEYWORDS="~amd64" KEYWORDS="~amd64"
IUSE="dbus debug gssapi gui +nfs3 nfsidmap tools vsock" IUSE="btrfs dbus debug gssapi gui +nfs3 nfsidmap tools vsock"
FS_SUPPORT=" ceph glusterfs gpfs lustre mem null panfs proxy-v3 proxy-v4 rgw vfs xfs" FS_SUPPORT=" ceph glusterfs gpfs lustre mem null panfs proxy-v3 proxy-v4 rgw vfs xfs"
IUSE+=" ${FS_SUPPORT// / ganesha_fs_}" IUSE+=" ${FS_SUPPORT// / ganesha_fs_}"
REQUIRED_USE="gui? ( tools )" REQUIRED_USE="gui? ( tools )
btrfs? ( ganesha_fs_vfs )"
RDEPEND=" RDEPEND="
dev-libs/jemalloc dev-libs/jemalloc
dev-libs/userspace-rcu:=
net-libs/libnfsidmap net-libs/libnfsidmap
>=net-libs/ntirpc-3.4:=[gssapi] >=net-libs/ntirpc-3.4:=[gssapi]
btrfs? ( sys-fs/btrfs-progs )
gssapi? ( virtual/krb5 ) gssapi? ( virtual/krb5 )
dbus? ( sys-apps/dbus ) dbus? ( sys-apps/dbus )
ganesha_fs_ceph? ( sys-cluster/ceph ) ganesha_fs_ceph? ( sys-cluster/ceph )
@ -73,6 +76,7 @@ src_configure() {
-DALLOCATOR=jemalloc -DALLOCATOR=jemalloc
-DUSE_SYSTEM_NTIRPC=ON -DUSE_SYSTEM_NTIRPC=ON
-DTIRPC_EPOLL=ON -DTIRPC_EPOLL=ON
-DUSE_BTRFSUTIL=$(usex btrfs)
-DUSE_GSS=$(usex gssapi) -DUSE_GSS=$(usex gssapi)
-DUSE_DBUS=$(usex dbus) -DUSE_DBUS=$(usex dbus)
-DUSE_NFSIDMAP=$(usex nfsidmap) -DUSE_NFSIDMAP=$(usex nfsidmap)
@ -129,7 +133,6 @@ src_configure() {
#/var/tmp/portage/net-fs/nfs-ganesha-2.4.3/work/nfs-ganesha-2.4.3/src/CMakeLists.txt:option(_NO_XATTRD "disable ghost xattr directory and files support" ON) #/var/tmp/portage/net-fs/nfs-ganesha-2.4.3/work/nfs-ganesha-2.4.3/src/CMakeLists.txt:option(_NO_XATTRD "disable ghost xattr directory and files support" ON)
#/var/tmp/portage/net-fs/nfs-ganesha-2.4.3/work/nfs-ganesha-2.4.3/src/CMakeLists.txt:option(_VALGRIND_MEMCHECK "Initialize buffers passed to GPFS ioctl that valgrind doesn't understand" OFF) #/var/tmp/portage/net-fs/nfs-ganesha-2.4.3/work/nfs-ganesha-2.4.3/src/CMakeLists.txt:option(_VALGRIND_MEMCHECK "Initialize buffers passed to GPFS ioctl that valgrind doesn't understand" OFF)
#/var/tmp/portage/net-fs/nfs-ganesha-2.4.3/work/nfs-ganesha-2.4.3/src/CMakeLists.txt:option(USE_CUNIT "Use Cunit test framework" OFF) #/var/tmp/portage/net-fs/nfs-ganesha-2.4.3/work/nfs-ganesha-2.4.3/src/CMakeLists.txt:option(USE_CUNIT "Use Cunit test framework" OFF)
#/var/tmp/portage/net-fs/nfs-ganesha-2.4.3/work/nfs-ganesha-2.4.3/src/CMakeLists.txt:option(USE_BLKIN "Use Blkin/Zipkin trace framework" OFF)
#/var/tmp/portage/net-fs/nfs-ganesha-2.4.3/work/nfs-ganesha-2.4.3/src/CMakeLists.txt:option(BLKIN_PREFIX "Blkin installation prefix" "/opt/blkin") #/var/tmp/portage/net-fs/nfs-ganesha-2.4.3/work/nfs-ganesha-2.4.3/src/CMakeLists.txt:option(BLKIN_PREFIX "Blkin installation prefix" "/opt/blkin")
#/var/tmp/portage/net-fs/nfs-ganesha-2.4.3/work/nfs-ganesha-2.4.3/src/CMakeLists.txt:option(USE_GTEST "Use Google Test test framework" OFF) #/var/tmp/portage/net-fs/nfs-ganesha-2.4.3/work/nfs-ganesha-2.4.3/src/CMakeLists.txt:option(USE_GTEST "Use Google Test test framework" OFF)
#/var/tmp/portage/net-fs/nfs-ganesha-2.4.3/work/nfs-ganesha-2.4.3/src/CMakeLists.txt:option(GTEST_PREFIX "Google Test installation prefix" #/var/tmp/portage/net-fs/nfs-ganesha-2.4.3/work/nfs-ganesha-2.4.3/src/CMakeLists.txt:option(GTEST_PREFIX "Google Test installation prefix"

View File

@ -4,7 +4,7 @@
EAPI=7 EAPI=7
LUA_COMPAT=( lua5-{1..2} luajit ) LUA_COMPAT=( lua5-{1..2} luajit )
PYTHON_COMPAT=( python3_{8..9} ) PYTHON_COMPAT=( python3_{8..10} )
inherit flag-o-matic lua-single python-any-r1 scons-utils toolchain-funcs inherit flag-o-matic lua-single python-any-r1 scons-utils toolchain-funcs

View File

@ -23,15 +23,14 @@ else
test? ( ${GTEST_URL} ) test? ( ${GTEST_URL} )
" "
KEYWORDS="~amd64 ~arm ~arm64 ~x86" KEYWORDS="~amd64 ~arm ~arm64 ~x86"
# "If you upgrade your ZNC version you must recompile all your modules."
# - https://wiki.znc.in/Compiling_modules
SLOT="0/${PV}"
S=${WORKDIR}/${MY_P} S=${WORKDIR}/${MY_P}
fi fi
HOMEPAGE="https://znc.in" HOMEPAGE="https://znc.in"
LICENSE="Apache-2.0" LICENSE="Apache-2.0"
SLOT="0" # "If you upgrade your ZNC version you must recompile all your modules."
# - https://wiki.znc.in/Compiling_modules
SLOT="0/${PV}"
IUSE="+ipv6 +icu nls perl python +ssl sasl tcl test +zlib" IUSE="+ipv6 +icu nls perl python +ssl sasl tcl test +zlib"
RESTRICT="!test? ( test )" RESTRICT="!test? ( test )"

View File

@ -129,6 +129,7 @@ DEPEND="
') ')
) )
systemd? ( >=sys-apps/systemd-244 ) systemd? ( >=sys-apps/systemd-244 )
virtual/libcrypt:=
" "
BDEPEND=">=sys-devel/autoconf-2.69-r5 BDEPEND=">=sys-devel/autoconf-2.69-r5
@ -171,6 +172,7 @@ RDEPEND="${DEPEND}
S="${WORKDIR}/${PN}-${P}" S="${WORKDIR}/${PN}-${P}"
PATCHES=( PATCHES=(
"${FILESDIR}/${P}-crypt-import.patch"
"${FILESDIR}/${PN}-db-gentoo.patch" "${FILESDIR}/${PN}-db-gentoo.patch"
) )

View File

@ -0,0 +1,118 @@
From c1926dfc6591b55c4d33f9944de4d7ebe077e964 Mon Sep 17 00:00:00 2001
From: Firstyear <william@blackhats.net.au>
Date: Fri, 9 Jul 2021 11:53:35 +1000
Subject: [PATCH] Issue 4817 - BUG - locked crypt accounts on import may allow
all passwords (#4819)
Bug Description: Due to mishanding of short dbpwd hashes, the
crypt_r algorithm was misused and was only comparing salts
in some cases, rather than checking the actual content
of the password.
Fix Description: Stricter checks on dbpwd lengths to ensure
that content passed to crypt_r has at least 2 salt bytes and
1 hash byte, as well as stricter checks on ct_memcmp to ensure
that compared values are the same length, rather than potentially
allowing overruns/short comparisons.
fixes: https://github.com/389ds/389-ds-base/issues/4817
Author: William Brown <william@blackhats.net.au>
Review by: @mreynolds389
---
.../password/pwd_crypt_asterisk_test.py | 50 +++++++++++++++++++
ldap/servers/plugins/pwdstorage/crypt_pwd.c | 20 +++++---
2 files changed, 64 insertions(+), 6 deletions(-)
create mode 100644 dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
diff --git a/dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py b/dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
new file mode 100644
index 000000000..d76614db1
--- /dev/null
+++ b/dirsrvtests/tests/suites/password/pwd_crypt_asterisk_test.py
@@ -0,0 +1,50 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2021 William Brown <william@blackhats.net.au>
+# All rights reserved.
+#
+# License: GPL (version 3 or any later version).
+# See LICENSE for details.
+# --- END COPYRIGHT BLOCK ---
+#
+import ldap
+import pytest
+from lib389.topologies import topology_st
+from lib389.idm.user import UserAccounts
+from lib389._constants import (DEFAULT_SUFFIX, PASSWORD)
+
+pytestmark = pytest.mark.tier1
+
+def test_password_crypt_asterisk_is_rejected(topology_st):
+ """It was reported that {CRYPT}* was allowing all passwords to be
+ valid in the bind process. This checks that we should be rejecting
+ these as they should represent locked accounts. Similar, {CRYPT}!
+
+ :id: 0b8f1a6a-f3eb-4443-985e-da14d0939dc3
+ :setup: Single instance
+ :steps: 1. Set a password hash in with CRYPT and the content *
+ 2. Test a bind
+ 3. Set a password hash in with CRYPT and the content !
+ 4. Test a bind
+ :expectedresults:
+ 1. Successfully set the values
+ 2. The bind fails
+ 3. Successfully set the values
+ 4. The bind fails
+ """
+ topology_st.standalone.config.set('nsslapd-allow-hashed-passwords', 'on')
+ topology_st.standalone.config.set('nsslapd-enable-upgrade-hash', 'off')
+
+ users = UserAccounts(topology_st.standalone, DEFAULT_SUFFIX)
+ user = users.create_test_user()
+
+ user.set('userPassword', "{CRYPT}*")
+
+ # Attempt to bind with incorrect password.
+ with pytest.raises(ldap.INVALID_CREDENTIALS):
+ badconn = user.bind('badpassword')
+
+ user.set('userPassword', "{CRYPT}!")
+ # Attempt to bind with incorrect password.
+ with pytest.raises(ldap.INVALID_CREDENTIALS):
+ badconn = user.bind('badpassword')
+
diff --git a/ldap/servers/plugins/pwdstorage/crypt_pwd.c b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
index 9031b2199..1b37d41ed 100644
--- a/ldap/servers/plugins/pwdstorage/crypt_pwd.c
+++ b/ldap/servers/plugins/pwdstorage/crypt_pwd.c
@@ -48,15 +48,23 @@ static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
int
crypt_pw_cmp(const char *userpwd, const char *dbpwd)
{
- int rc;
- char *cp;
+ int rc = -1;
+ char *cp = NULL;
+ size_t dbpwd_len = strlen(dbpwd);
struct crypt_data data;
data.initialized = 0;
- /* we use salt (first 2 chars) of encoded password in call to crypt_r() */
- cp = crypt_r(userpwd, dbpwd, &data);
- if (cp) {
- rc = slapi_ct_memcmp(dbpwd, cp, strlen(dbpwd));
+ /*
+ * there MUST be at least 2 chars of salt and some pw bytes, else this is INVALID and will
+ * allow any password to bind as we then only compare SALTS.
+ */
+ if (dbpwd_len >= 3) {
+ /* we use salt (first 2 chars) of encoded password in call to crypt_r() */
+ cp = crypt_r(userpwd, dbpwd, &data);
+ }
+ /* If these are not the same length, we can not proceed safely with memcmp. */
+ if (cp && dbpwd_len == strlen(cp)) {
+ rc = slapi_ct_memcmp(dbpwd, cp, dbpwd_len);
} else {
rc = -1;
}

View File

@ -1 +1 @@
DIST sssd-2.5.1.tar.gz 7492275 BLAKE2B 9f19d12cb0e071b15bd8fe2660ab9a2223d53267549602c4837f35ed852fa60022514a0bbd03c684c1f398d763120c5f706999d86432d9fe03c3715cb0d43000 SHA512 7441df3b5f1cc1eadb0c6853b048d780ecb36761876aaeb26b9a2d87729211d3ceeae01085dc3ec4fd1c5328f951c8abe854b1d01d91fae25466f930fe16e44a DIST sssd-2.5.2.tar.gz 7579208 BLAKE2B ec5d9aeaf5b5e05b56c01f9137f6f24db05544dbd48458d742285b60e7beb6d48af865f3415e11ce89e187f4643bbecf15bbb321859ec80cfe458eb781cea6c9 SHA512 a9bac7b2cc23022dce3bcda314c9c26a0a0914c448f6d5a51c5ba18670f04c1fd1a94cb20173235b6285df1dcc9251cb6b3f3e71a220037b4eb66668e6f33c48