/trunk/debian/source/format |
---|
File deleted |
/trunk/debian/control |
---|
4,8 → 4,8 |
Maintainer: Magnus Holmgren <holmgren@debian.org> |
Uploaders: Stefan Pfetzing <dreamind@dreamind.de> |
Standards-Version: 3.9.1 |
Build-Depends: debhelper (>= 7), dh-autoreconf, automake, |
libgmp10-dev, zlib1g-dev | libz-dev, liboop-dev, libxau-dev, nettle-dev (>= 2.1~), nettle-bin, |
Build-Depends: cdbs, debhelper (>= 5), dpatch, autotools-dev, |
libgmp3-dev, zlib1g-dev | libz-dev, liboop-dev, libxau-dev, nettle-dev, |
texinfo (>= 4.2), guile-1.6 | scsh-0.6, heimdal-dev, libwrap0-dev | libwrap-dev, |
libpam0g-dev | libpam-dev, libreadline-dev, m4 |
Homepage: http://www.lysator.liu.se/~nisse/lsh/ |
/trunk/debian/changelog |
---|
1,29 → 1,3 |
lsh-utils (2.0.4-dfsg-8) unstable; urgency=low |
* Change source format to 3.0 (quilt), renaming all patches |
from *.dpatch to *.patch and dropping the numbers. |
* While 30_nonettle.dpatch was a script that used sed to modify |
instances of Makefile.in, nonettle.patch patches Makefile.am files as |
well as configure.ac. dh-autoremake is used to call autoremake before |
configure and to restore the effects in the clean target. The |
src/nettle subdirectory still needs to be renamed to avoid its header |
files from being found; that is now done in debian/rules. |
* Switch from CDBS to a more old-style debian/rules to get better |
control over the build process. |
* Increase Debhelper compat level to 7. |
* blacklist.patch: Don't reject when blacklisted_key() returns -1, |
indicating no blacklist file for the key type and/or size in question |
exists. |
* nettle-2.1.patch (new): Build with Nettle 2.1. |
* Enable tests. |
testsuite-mini-inetd-localhost.patch (new): When told to bind to |
"localhost", mini-inetd, which is used in certain (optional) tests, |
seems to bind to 255.255.255.255, which is of course no good. Tell it |
to bind to 127.0.0.1 instead. |
* debian/lsh-doc.doc-base: Change section to the new `Network/Remote Access'. |
-- Magnus Holmgren <holmgren@debian.org> Sun, 20 Mar 2011 01:30:08 +0100 |
lsh-utils (2.0.4-dfsg-7) unstable; urgency=low |
* terminate_on_connection_failure.dpatch (new): Make sure that lsh exits |
/trunk/debian/patches/testsuite-mini-inetd-localhost.patch |
---|
File deleted |
/trunk/debian/patches/nettle-2.0.patch |
---|
File deleted |
/trunk/debian/patches/nettle-2.1.patch |
---|
File deleted |
/trunk/debian/patches/better-errmsg-when-dotlsh-missing.patch |
---|
File deleted |
Property changes: |
Deleted: svn:executable |
## -1 +0,0 ## |
-* |
\ No newline at end of property |
Index: patches/series |
=================================================================== |
--- patches/series (.../tags/2.0.4-dfsg-8/debian) (revision 89) |
+++ patches/series (.../trunk/debian) (nonexistent) |
@@ -1,9 +0,0 @@ |
-nonettle.patch |
-sftp-server-mansection.patch |
-better-errmsg-when-dotlsh-missing.patch |
-nettle-2.0.patch |
-nettle-2.1.patch |
-blacklist.patch |
-terminate-on-connection-failure.patch |
-ipv6-v6only.patch |
-testsuite-mini-inetd-localhost.patch |
Index: patches/sftp-server-mansection.patch |
=================================================================== |
--- patches/sftp-server-mansection.patch (.../tags/2.0.4-dfsg-8/debian) (revision 89) |
+++ patches/sftp-server-mansection.patch (.../trunk/debian) (nonexistent) |
@@ -1,16 +0,0 @@ |
-Description: Invent manual section 8lsh for lsh's sftp-server |
- (To avoid conflicts without having to rename the sftp-server binary.) |
-Author: Magnus Holmgren <holmgren@debian.org> |
- |
-diff -urNad trunk~/src/sftp/sftp-server.8 trunk/src/sftp/sftp-server.8 |
---- trunk~/src/sftp/sftp-server.8 2006-05-08 21:11:17.000000000 +0200 |
-+++ trunk/src/sftp/sftp-server.8 2007-10-03 20:48:35.000000000 +0200 |
-@@ -22,7 +22,7 @@ |
- .\" maintainers of the package you received this manual from and make your |
- .\" modified versions available to them. |
- .\" |
--.TH SFTP-SERVER 8 "NOVEMBER 2004" SFTP-SERVER "Lsh Manuals" |
-+.TH SFTP-SERVER 8lsh "NOVEMBER 2004" SFTP-SERVER "Lsh Manuals" |
- .SH NAME |
- sftp-server - Server for the sftp subsystem |
- .SH SYNOPSIS |
/patches/sftp-server-mansection.patch |
---|
Property changes: |
Deleted: svn:executable |
## -1 +0,0 ## |
-* |
\ No newline at end of property |
Index: patches/ipv6-v6only.patch |
=================================================================== |
--- patches/ipv6-v6only.patch (.../tags/2.0.4-dfsg-8/debian) (revision 89) |
+++ patches/ipv6-v6only.patch (.../trunk/debian) (nonexistent) |
@@ -1,22 +0,0 @@ |
-Author: Magnus Holmgren <holmgren@debian.org> |
-Description: Set the IPV6_V6ONLY socket option on AF_INET6 sockets |
- Since lshd by default enumerates available address families and calls |
- bind() once for each, conflicts will occur otherwise. |
- |
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' trunk~/src/io.c trunk/src/io.c |
---- trunk~/src/io.c 2006-01-23 18:49:58.000000000 +0100 |
-+++ trunk/src/io.c 2010-07-27 02:17:04.000000000 +0200 |
-@@ -1690,6 +1690,13 @@ |
- { |
- int yes = 1; |
- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char*)&yes, sizeof yes); |
-+#if WITH_IPV6 && defined (IPV6_V6ONLY) |
-+ if (local->sa_family == AF_INET6) |
-+ { |
-+ if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &yes, sizeof(yes)) < 0) |
-+ werror("setsockopt IPV6_V6ONLY failed: %e.\n", errno); |
-+ } |
-+#endif |
- } |
- |
- if (bind(s, local, length) < 0) |
/patches/ipv6-v6only.patch |
---|
Property changes: |
Deleted: svn:executable |
## -1 +0,0 ## |
-* |
\ No newline at end of property |
Index: patches/nonettle.patch |
=================================================================== |
--- patches/nonettle.patch (.../tags/2.0.4-dfsg-8/debian) (revision 89) |
+++ patches/nonettle.patch (.../trunk/debian) (nonexistent) |
@@ -1,214 +0,0 @@ |
---- a/configure.ac |
-+++ b/configure.ac |
-@@ -778,7 +778,6 @@ if test x$enable_ipv6 = xyes ; then |
- fi |
- |
- AC_CONFIG_SUBDIRS(src/argp) |
--AC_CONFIG_SUBDIRS(src/nettle) |
- AC_CONFIG_SUBDIRS(src/spki) |
- AC_CONFIG_SUBDIRS(src/sftp) |
- |
---- a/src/Makefile.am |
-+++ b/src/Makefile.am |
-@@ -1,15 +1,12 @@ |
- # Process this file with automake to produce Makefile.in |
- |
--SUBDIRS = argp rsync nettle scm sftp spki . testsuite |
-+SUBDIRS = argp rsync scm sftp spki . testsuite |
- |
- include .dist_classes |
- include .dist_headers |
- |
- BUILT_SOURCES = environ.h |
- |
--# Kludge needed for finding the nettle/nettle-types.h file in the build tree |
--AM_CPPFLAGS = -I./nettle |
-- |
- SCHEME = $(SCHEME_PROGRAM) -l $(srcdir)/scm/$(SCHEME_NAME)-compat.scm |
- |
- EXTRA_PROGRAMS = lsh-krb-checkpw lsh-pam-checkpw srp-gen |
-@@ -116,7 +113,7 @@ lsh_krb_checkpw_LDADD=@KRB_LIBS@ |
- |
- lsh_execuv_LDADD= |
- |
--LDADD = liblsh.a spki/libspki.a nettle/libnettle.a @LIBARGP@ |
-+LDADD = liblsh.a spki/libspki.a -lnettle @LIBARGP@ |
- |
- # To avoid having to link lshg with nettle, link with dummy.o. |
- |
---- a/src/rsync/Makefile.am |
-+++ b/src/rsync/Makefile.am |
-@@ -3,10 +3,6 @@ |
- noinst_LIBRARIES = librsync.a |
- noinst_HEADERS = rsync.h |
- |
--# Needed for finding the nettle include files in the source tree |
--# and nettle-types.h in the build tree. |
--AM_CPPFLAGS = -I$(srcdir)/.. -I../nettle |
-- |
- librsync_a_SOURCES = generate.c receive.c checksum.c send.c |
- |
- |
---- a/src/sftp/Makefile.am |
-+++ b/src/sftp/Makefile.am |
-@@ -1,8 +1,5 @@ |
- SUBDIRS = . testsuite |
- |
--# Needed for finding nettle-types.h in the build tree. |
--AM_CPPFLAGS = -I.. |
-- |
- AUTOMAKE_OPTIONS = foreign |
- |
- bin_PROGRAMS = lsftp |
---- a/src/spki/Makefile.am |
-+++ b/src/spki/Makefile.am |
-@@ -1,8 +1,5 @@ |
- SUBDIRS = . tools testsuite |
- |
--# FIXME: Create a link to nettle directory instead? |
--AM_CPPFLAGS = -I$(srcdir)/.. -I../nettle |
-- |
- noinst_LIBRARIES = libspki.a |
- # libspkiincludedir = $(includedir)/nettle |
- |
---- a/src/spki/testsuite/Makefile.am |
-+++ b/src/spki/testsuite/Makefile.am |
-@@ -1,8 +1,4 @@ |
- |
--# FIXME: Create a link to nettle directory instead? |
--AM_CPPFLAGS = -O0 -I$(top_srcdir) -I$(top_srcdir)/.. -I../../nettle |
--AM_LDFLAGS = -L../../nettle |
-- |
- TS_PROGS = principal-test date-test tag-test read-acl-test \ |
- lookup-acl-test read-cert-test cdsa-reduce-test |
- |
---- a/src/spki/tools/Makefile.am |
-+++ b/src/spki/tools/Makefile.am |
-@@ -1,16 +1,12 @@ |
- noinst_PROGRAMS = spki-check-signature spki-make-signature \ |
- spki-delegate spki-reduce |
- |
--# FIXME: Create a link to nettle directory instead? |
--AM_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/.. -I../../nettle |
--AM_LDFLAGS = -L.. -L../../nettle/ |
-- |
- # libnettle.a and libspki.a are added at the end to make sure all |
- # programs depend on it. It seems there's no DEPENDENCIES variable |
- # that affects all programs. |
- |
- LDADD = misc.o getopt.o getopt1.o \ |
-- -lspki -lnettle ../libspki.a ../../nettle/libnettle.a |
-+ ../libspki.a -lnettle |
- |
- spki_make_signature_SOURCES = spki-make-signature.c sign.c |
- spki_delegate_SOURCES = spki-delegate.c sign.c |
---- a/src/testsuite/Makefile.am |
-+++ b/src/testsuite/Makefile.am |
-@@ -3,7 +3,7 @@ |
- # -O0 is not recogniced on AIX |
- # AM_CFLAGS = -O0 |
- |
--AM_CPPFLAGS = -I$(srcdir)/.. -I.. -I../nettle |
-+AM_CPPFLAGS = -I$(srcdir)/.. |
- |
- TS_PROGS = arcfour-test aes-test blowfish-test cast128-test \ |
- des-test \ |
-@@ -34,7 +34,7 @@ noinst_PROGRAMS = $(TS_PROGS) |
- # Workaround to get automake to keep dependencies for testutils.o |
- EXTRA_PROGRAMS = testutils |
- |
--LDADD = testutils.o ../liblsh.a ../spki/libspki.a ../nettle/libnettle.a \ |
-+LDADD = testutils.o ../liblsh.a ../spki/libspki.a -lnettle \ |
- $(DOTDOT_LIBARGP) |
- |
- include .dist_rapid7 |
-@@ -59,6 +59,6 @@ all: |
- |
- # sexp-conv may be dynamically linked |
- check: $(TS_ALL) |
-- LD_LIBRARY_PATH="`pwd`/../nettle/.lib" srcdir=$(srcdir) \ |
-+ srcdir=$(srcdir) \ |
- $(srcdir)/run-tests $(TS_ALL) |
- |
---- a/src/spki/testsuite/check-signature-test |
-+++ b/src/spki/testsuite/check-signature-test |
-@@ -1,7 +1,7 @@ |
- #! /bin/sh |
- |
- conv () { |
-- echo "$1" | ../../nettle/tools/sexp-conv -s transport | tee test.in |
-+ echo "$1" | sexp-conv -s transport | tee test.in |
- } |
- |
- die () { |
---- a/src/spki/testsuite/delegate-test |
-+++ b/src/spki/testsuite/delegate-test |
-@@ -1,7 +1,7 @@ |
- #! /bin/sh |
- |
- conv () { |
-- ../../nettle/tools/sexp-conv -s transport | tee test.in |
-+ sexp-conv -s transport | tee test.in |
- } |
- |
- die () { |
-@@ -12,7 +12,7 @@ die () { |
- check_sexp () { |
- file="$1" |
- shift |
-- ../../nettle/tools/sexp-conv -s canonical > test.canonical || die "sexp-conv failed" |
-+ sexp-conv -s canonical > test.canonical || die "sexp-conv failed" |
- cmp "$file" test.canonical || die "$@" |
- } |
- |
---- a/src/spki/testsuite/make-signature-test |
-+++ b/src/spki/testsuite/make-signature-test |
-@@ -1,7 +1,7 @@ |
- #! /bin/sh |
- |
- conv () { |
-- echo "$1" | ../../nettle/tools/sexp-conv -s transport | tee test.in |
-+ echo "$1" | sexp-conv -s transport | tee test.in |
- } |
- |
- die () { |
-@@ -10,7 +10,7 @@ die () { |
- } |
- |
- echo foo | ../tools/spki-make-signature "$srcdir/key-1" \ |
-- | ../../nettle/tools/sexp-conv -s transport > test.in |
-+ | sexp-conv -s transport > test.in |
- |
- echo foo | ../tools/spki-check-signature "`cat test.in`" \ |
- || die "Valid signature failed" |
---- a/src/spki/testsuite/reduce-test |
-+++ b/src/spki/testsuite/reduce-test |
-@@ -3,7 +3,7 @@ |
- # Test case from Oscar Cánovas Reverte |
- |
- conv () { |
-- ../../nettle/tools/sexp-conv -s transport |
-+ sexp-conv -s transport |
- } |
- |
- die () { |
-@@ -14,7 +14,7 @@ die () { |
- check_sexp () { |
- file="$1" |
- shift |
-- ../../nettle/tools/sexp-conv -s canonical > test.canonical || die "sexp-conv failed" |
-+ sexp-conv -s canonical > test.canonical || die "sexp-conv failed" |
- cmp "$file" test.canonical || die "$@" |
- } |
- |
---- a/src/testsuite/functions.sh |
-+++ b/src/testsuite/functions.sh |
-@@ -9,7 +9,7 @@ set -e |
- : ${LSH_YARROW_SEED_FILE:="$TEST_HOME/.lsh/yarrow-seed-file"} |
- |
- # For lsh-authorize |
--: ${SEXP_CONV:="`pwd`/../nettle/tools/sexp-conv"} |
-+: ${SEXP_CONV:="sexp-conv"} |
- |
- export LSH_YARROW_SEED_FILE SEXP_CONV |
- |
Index: patches/terminate-on-connection-failure.patch |
=================================================================== |
--- patches/terminate-on-connection-failure.patch (.../tags/2.0.4-dfsg-8/debian) (revision 89) |
+++ patches/terminate-on-connection-failure.patch (.../trunk/debian) (nonexistent) |
@@ -1,16 +0,0 @@ |
-Author: Magnus Holmgren <holmgren@debian.org> |
-Description: Call exit() in lsh's default exception handler on EXC_IO_CONNECT |
- Otherwise lsh won't terminate. |
- |
-diff -urNad trunk~/src/lsh.c trunk/src/lsh.c |
---- trunk~/src/lsh.c 2005-03-16 21:06:23.000000000 +0100 |
-+++ trunk/src/lsh.c 2010-01-09 22:32:51.000000000 +0100 |
-@@ -959,6 +959,8 @@ |
- *self->status = EXIT_FAILURE; |
- |
- werror("%z, (errno = %i)\n", e->msg, exc->error); |
-+ if (e->type == EXC_IO_CONNECT) |
-+ exit(*self->status); |
- } |
- else |
- switch(e->type) |
/patches/terminate-on-connection-failure.patch |
---|
Property changes: |
Deleted: svn:executable |
## -1 +0,0 ## |
-* |
\ No newline at end of property |
Index: patches/blacklist.patch |
=================================================================== |
--- patches/blacklist.patch (.../tags/2.0.4-dfsg-8/debian) (revision 89) |
+++ patches/blacklist.patch (.../trunk/debian) (nonexistent) |
@@ -1,382 +0,0 @@ |
-Author: Magnus Holmgren <holmgren@debian.org> |
-Description: Check keys against openssh-blacklist |
- Check keys before accepting for pubkey authentication as well as on conversion |
- by lsh-writekey and lsh-decode-key. |
- . |
- blacklist.c code copied from the openssh package and adapted for LSH. |
- |
---- a/src/Makefile.am |
-+++ b/src/Makefile.am |
-@@ -69,7 +69,8 @@ liblsh_a_SOURCES = abstract_io.c abstrac |
- unix_interact.c unix_process.c unix_random.c unix_user.c \ |
- userauth.c \ |
- werror.c write_buffer.c write_packet.c \ |
-- xalloc.c xauth.c zlib.c |
-+ xalloc.c xauth.c zlib.c \ |
-+ blacklist.c |
- |
- liblsh_a_LIBADD = @LIBOBJS@ |
- |
---- a/src/abstract_crypto.h |
-+++ b/src/abstract_crypto.h |
-@@ -162,7 +162,9 @@ MAC_DIGEST((instance), lsh_string_alloc( |
- (public_key method (string)) |
- |
- ; Returns (public-key (<pub-sig-alg-id> <s-expr>*)) |
-- (public_spki_key method (string) "int transport"))) |
-+ (public_spki_key method (string) "int transport") |
-+ |
-+ (key_size method uint32_t))) |
- */ |
- |
- #define VERIFY(verifier, algorithm, length, data, slength, sdata) \ |
-@@ -170,7 +172,7 @@ MAC_DIGEST((instance), lsh_string_alloc( |
- |
- #define PUBLIC_KEY(verifier) ((verifier)->public_key((verifier))) |
- #define PUBLIC_SPKI_KEY(verifier, t) ((verifier)->public_spki_key((verifier), (t))) |
-- |
-+#define KEY_SIZE(verifier) ((verifier)->key_size((verifier))) |
- |
- /* GABA: |
- (class |
---- a/src/abstract_crypto.h.x |
-+++ b/src/abstract_crypto.h.x |
-@@ -161,6 +161,7 @@ struct verifier |
- int (*(verify))(struct verifier *self,int algorithm,uint32_t length,const uint8_t *data,uint32_t signature_length,const uint8_t *signature_data); |
- struct lsh_string *(*(public_key))(struct verifier *self); |
- struct lsh_string *(*(public_spki_key))(struct verifier *self,int transport); |
-+ uint32_t *(*(key_size))(struct verifier *self); |
- }; |
- extern struct lsh_class verifier_class; |
- #endif /* !GABA_DEFINE */ |
---- /dev/null |
-+++ b/src/blacklist.c |
-@@ -0,0 +1,152 @@ |
-+#if HAVE_CONFIG_H |
-+#include "config.h" |
-+#endif |
-+ |
-+#include <assert.h> |
-+ |
-+#include "atoms.h" |
-+#include "format.h" |
-+#include "lsh_string.h" |
-+#include "werror.h" |
-+#include "crypto.h" |
-+ |
-+#include <sys/types.h> |
-+#include <sys/stat.h> |
-+#include <unistd.h> |
-+#include <fcntl.h> |
-+#include <string.h> |
-+ |
-+int blacklisted_key(struct verifier *v, int method); |
-+ |
-+/* Scan a blacklist of known-vulnerable keys in blacklist_file. */ |
-+static int |
-+blacklisted_key_in_file(struct lsh_string *lsh_hash, struct lsh_string *blacklist_file) |
-+{ |
-+ int fd = -1; |
-+ const char *hash = 0; |
-+ uint32_t line_len; |
-+ struct stat st; |
-+ char buf[256]; |
-+ off_t start, lower, upper; |
-+ int ret = 0; |
-+ |
-+ debug("Checking blacklist file %S\n", blacklist_file); |
-+ fd = open(lsh_get_cstring(blacklist_file), O_RDONLY); |
-+ if (fd < 0) { |
-+ ret = -1; |
-+ goto out; |
-+ } |
-+ |
-+ hash = lsh_get_cstring(lsh_hash) + 12; |
-+ line_len = strlen(hash); |
-+ if (line_len != 20) |
-+ goto out; |
-+ |
-+ /* Skip leading comments */ |
-+ start = 0; |
-+ for (;;) { |
-+ ssize_t r; |
-+ char *newline; |
-+ |
-+ r = read(fd, buf, sizeof(buf)); |
-+ if (r <= 0) |
-+ goto out; |
-+ if (buf[0] != '#') |
-+ break; |
-+ |
-+ newline = memchr(buf, '\n', sizeof(buf)); |
-+ if (!newline) |
-+ goto out; |
-+ start += newline + 1 - buf; |
-+ if (lseek(fd, start, SEEK_SET) < 0) |
-+ goto out; |
-+ } |
-+ |
-+ /* Initialise binary search record numbers */ |
-+ if (fstat(fd, &st) < 0) |
-+ goto out; |
-+ lower = 0; |
-+ upper = (st.st_size - start) / (line_len + 1); |
-+ |
-+ while (lower != upper) { |
-+ off_t cur; |
-+ int cmp; |
-+ |
-+ cur = lower + (upper - lower) / 2; |
-+ |
-+ /* Read this line and compare to digest; this is |
-+ * overflow-safe since cur < max(off_t) / (line_len + 1) */ |
-+ if (lseek(fd, start + cur * (line_len + 1), SEEK_SET) < 0) |
-+ break; |
-+ if (read(fd, buf, line_len) != line_len) |
-+ break; |
-+ cmp = memcmp(buf, hash, line_len); |
-+ if (cmp < 0) { |
-+ if (cur == lower) |
-+ break; |
-+ lower = cur; |
-+ } else if (cmp > 0) { |
-+ if (cur == upper) |
-+ break; |
-+ upper = cur; |
-+ } else { |
-+ ret = 1; |
-+ break; |
-+ } |
-+ } |
-+ |
-+out: |
-+ if (fd >= 0) |
-+ close(fd); |
-+ return ret; |
-+} |
-+ |
-+/* |
-+ * Scan blacklists of known-vulnerable keys. If a vulnerable key is found, |
-+ * its fingerprint is returned in *fp, unless fp is NULL. |
-+ */ |
-+int |
-+blacklisted_key(struct verifier *v, int method) |
-+{ |
-+ const char *keytype; |
-+ int ret = -1; |
-+ const char *paths[] = { "/usr/share/ssh/blacklist", "/etc/ssh/blacklist", NULL }; |
-+ const char **pp; |
-+ struct lsh_string *lsh_hash = ssh_format("%lfxS", |
-+ hash_string(&crypto_md5_algorithm, |
-+ PUBLIC_KEY(v), 1)); |
-+ uint32_t keysize = KEY_SIZE(v); |
-+ |
-+ switch (method) |
-+ { |
-+ case ATOM_SSH_DSS: |
-+ case ATOM_DSA: |
-+ keytype = "DSA"; |
-+ break; |
-+ case ATOM_SSH_RSA: |
-+ case ATOM_RSA_PKCS1_SHA1: |
-+ case ATOM_RSA_PKCS1_MD5: |
-+ case ATOM_RSA_PKCS1: |
-+ keytype = "RSA"; |
-+ break; |
-+ default: |
-+ werror("Unrecognized key type"); |
-+ return -1; |
-+ } |
-+ |
-+ for (pp = paths; *pp && ret <= 0; pp++) { |
-+ struct lsh_string *blacklist_file = ssh_format("%lz.%lz-%di", |
-+ *pp, keytype, keysize); |
-+ int r = blacklisted_key_in_file(lsh_hash, blacklist_file); |
-+ lsh_string_free(blacklist_file); |
-+ if (r > ret) ret = r; |
-+ } |
-+ |
-+ if (ret > 0) { |
-+ werror("Key is compromised: %z %i %fS\n", keytype, keysize, |
-+ lsh_string_colonize(lsh_hash, 2, 0)); |
-+ } else if (ret < 0) { |
-+ verbose("No blacklist for key type %z size %i", keytype, keysize); |
-+ } |
-+ return ret; |
-+} |
---- a/src/dsa.c |
-+++ b/src/dsa.c |
-@@ -189,6 +189,14 @@ do_dsa_public_spki_key(struct verifier * |
- "y", self->key.y); |
- } |
- |
-+static uint32_t |
-+do_dsa_key_size(struct verifier *v) |
-+{ |
-+ CAST(dsa_verifier, self, v); |
-+ |
-+ return mpz_sizeinbase(self->key.p, 2); |
-+} |
-+ |
- static void |
- init_dsa_verifier(struct dsa_verifier *self) |
- { |
-@@ -199,6 +207,7 @@ init_dsa_verifier(struct dsa_verifier *s |
- self->super.verify = do_dsa_verify; |
- self->super.public_spki_key = do_dsa_public_spki_key; |
- self->super.public_key = do_dsa_public_key; |
-+ self->super.key_size = do_dsa_key_size; |
- } |
- |
- |
---- a/src/lsh-decode-key.c |
-+++ b/src/lsh-decode-key.c |
-@@ -133,6 +133,10 @@ lsh_decode_key(struct lsh_string *conten |
- werror("Invalid dsa key.\n"); |
- return NULL; |
- } |
-+ else if (blacklisted_key(v, type) > 0) |
-+ { |
-+ return NULL; |
-+ } |
- else |
- return PUBLIC_SPKI_KEY(v, 1); |
- } |
-@@ -150,6 +154,10 @@ lsh_decode_key(struct lsh_string *conten |
- werror("Invalid rsa key.\n"); |
- return NULL; |
- } |
-+ else if (blacklisted_key(v, type) > 0) |
-+ { |
-+ return NULL; |
-+ } |
- else |
- return PUBLIC_SPKI_KEY(v, 1); |
- } |
---- a/src/lsh-writekey.c |
-+++ b/src/lsh-writekey.c |
-@@ -397,14 +397,18 @@ process_public(const struct lsh_string * |
- { |
- struct signer *s; |
- struct verifier *v; |
-+ int algorithm_name; |
- |
-- s = spki_make_signer(options->signature_algorithms, key, NULL); |
-+ s = spki_make_signer(options->signature_algorithms, key, &algorithm_name); |
- |
- if (!s) |
- return NULL; |
- |
- v = SIGNER_GET_VERIFIER(s); |
- assert(v); |
-+ if (blacklisted_key(v, algorithm_name) > 0) { |
-+ return NULL; |
-+ } |
- |
- return PUBLIC_SPKI_KEY(v, 1); |
- } |
-@@ -416,7 +420,8 @@ main(int argc, char **argv) |
- int private_fd; |
- int public_fd; |
- struct lsh_string *input; |
-- struct lsh_string *output; |
-+ struct lsh_string *priv_output; |
-+ struct lsh_string *pub_output; |
- const struct exception *e; |
- |
- argp_parse(&main_argp, argc, argv, 0, NULL, options); |
-@@ -439,16 +444,22 @@ main(int argc, char **argv) |
- return EXIT_FAILURE; |
- } |
- |
-- output = process_private(input, options); |
-- if (!output) |
-+ pub_output = process_public(input, options); |
-+ if (!pub_output) |
-+ return EXIT_FAILURE; |
-+ |
-+ priv_output = process_private(input, options); |
-+ if (!priv_output) |
- return EXIT_FAILURE; |
- |
-+ lsh_string_free(input); |
-+ |
- private_fd = open_file(options->private_file); |
- if (private_fd < 0) |
- return EXIT_FAILURE; |
- |
-- e = write_raw(private_fd, STRING_LD(output)); |
-- lsh_string_free(output); |
-+ e = write_raw(private_fd, STRING_LD(priv_output)); |
-+ lsh_string_free(priv_output); |
- |
- if (e) |
- { |
-@@ -457,18 +468,12 @@ main(int argc, char **argv) |
- return EXIT_FAILURE; |
- } |
- |
-- output = process_public(input, options); |
-- lsh_string_free(input); |
-- |
-- if (!output) |
-- return EXIT_FAILURE; |
-- |
- public_fd = open_file(options->public_file); |
- if (public_fd < 0) |
- return EXIT_FAILURE; |
- |
-- e = write_raw(public_fd, STRING_LD(output)); |
-- lsh_string_free(output); |
-+ e = write_raw(public_fd, STRING_LD(pub_output)); |
-+ lsh_string_free(pub_output); |
- |
- if (e) |
- { |
---- a/src/publickey_crypto.h |
-+++ b/src/publickey_crypto.h |
-@@ -203,5 +203,7 @@ parse_ssh_dss_public(struct simple_buffe |
- struct verifier * |
- make_ssh_dss_verifier(const struct lsh_string *public); |
- |
-+int |
-+blacklisted_key(struct verifier *v, int method); |
- |
- #endif /* LSH_PUBLICKEY_CRYPTO_H_INCLUDED */ |
---- a/src/rsa.c |
-+++ b/src/rsa.c |
-@@ -167,6 +167,14 @@ do_rsa_public_spki_key(struct verifier * |
- self->key.n, self->key.e); |
- } |
- |
-+static uint32_t |
-+do_rsa_key_size(struct verifier *v) |
-+{ |
-+ CAST(rsa_verifier, self, v); |
-+ |
-+ return mpz_sizeinbase(self->key.n, 2); |
-+} |
-+ |
- |
- /* NOTE: To initialize an rsa verifier, one must |
- * |
-@@ -184,6 +192,7 @@ init_rsa_verifier(struct rsa_verifier *s |
- self->super.verify = do_rsa_verify; |
- self->super.public_key = do_rsa_public_key; |
- self->super.public_spki_key = do_rsa_public_spki_key; |
-+ self->super.key_size = do_rsa_key_size; |
- } |
- |
- /* Alternative constructor using a key of type ssh-rsa, when the atom |
---- a/src/server_authorization.c |
-+++ b/src/server_authorization.c |
-@@ -93,7 +93,8 @@ do_key_lookup(struct lookup_verifier *c, |
- PUBLIC_SPKI_KEY(v, 0), |
- 1)); |
- |
-- if (USER_FILE_EXISTS(keyholder, filename, 1)) |
-+ if (USER_FILE_EXISTS(keyholder, filename, 1) |
-+ && blacklisted_key(v, method) < 1) |
- return v; |
- |
- return NULL; |
/patches/blacklist.patch |
---|
Property changes: |
Deleted: svn:executable |
## -1 +0,0 ## |
-* |
\ No newline at end of property |
Index: patches/ipv6_v6only.dpatch |
=================================================================== |
--- patches/ipv6_v6only.dpatch (.../tags/2.0.4-dfsg-8/debian) (nonexistent) |
+++ patches/ipv6_v6only.dpatch (.../trunk/debian) (revision 77) |
@@ -0,0 +1,25 @@ |
+#! /bin/sh /usr/share/dpatch/dpatch-run |
+## ipv6_v6only.dpatch by Magnus Holmgren <holmgren@debian.org> |
+## |
+## DP: Set the IPV6_V6ONLY socket option on AF_INET6 sockets; since |
+## DP: lshd by default enumerates available address families and calls |
+## DP: bind() once for each, conflicts will occur otherwise. |
+ |
+@DPATCH@ |
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' trunk~/src/io.c trunk/src/io.c |
+--- trunk~/src/io.c 2006-01-23 18:49:58.000000000 +0100 |
++++ trunk/src/io.c 2010-07-27 02:17:04.000000000 +0200 |
+@@ -1690,6 +1690,13 @@ |
+ { |
+ int yes = 1; |
+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char*)&yes, sizeof yes); |
++#if WITH_IPV6 && defined (IPV6_V6ONLY) |
++ if (local->sa_family == AF_INET6) |
++ { |
++ if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &yes, sizeof(yes)) < 0) |
++ werror("setsockopt IPV6_V6ONLY failed: %e.\n", errno); |
++ } |
++#endif |
+ } |
+ |
+ if (bind(s, local, length) < 0) |
/patches/ipv6_v6only.dpatch |
---|
Property changes: |
Added: svn:executable |
## -0,0 +1 ## |
+* |
\ No newline at end of property |
Index: patches/00list |
=================================================================== |
--- patches/00list (.../tags/2.0.4-dfsg-8/debian) (nonexistent) |
+++ patches/00list (.../trunk/debian) (revision 77) |
@@ -0,0 +1,7 @@ |
+20_sftp-server_mansection |
+30_nonettle |
+40_better_errmsg_when_dotlsh_missing |
+nettle_2.0 |
+blacklist |
+terminate_on_connection_failure |
+ipv6_v6only |
Index: patches/terminate_on_connection_failure.dpatch |
=================================================================== |
--- patches/terminate_on_connection_failure.dpatch (.../tags/2.0.4-dfsg-8/debian) (nonexistent) |
+++ patches/terminate_on_connection_failure.dpatch (.../trunk/debian) (revision 77) |
@@ -0,0 +1,19 @@ |
+#! /bin/sh /usr/share/dpatch/dpatch-run |
+## terminate_on_connection_failure.dpatch by Magnus Holmgren <holmgren@debian.org> |
+## |
+## DP: Call exit() in lsh's default exception handler on EXC_IO_CONNECT; otherwise |
+## DP: lsh won't terminate. |
+ |
+@DPATCH@ |
+diff -urNad trunk~/src/lsh.c trunk/src/lsh.c |
+--- trunk~/src/lsh.c 2005-03-16 21:06:23.000000000 +0100 |
++++ trunk/src/lsh.c 2010-01-09 22:32:51.000000000 +0100 |
+@@ -959,6 +959,8 @@ |
+ *self->status = EXIT_FAILURE; |
+ |
+ werror("%z, (errno = %i)\n", e->msg, exc->error); |
++ if (e->type == EXC_IO_CONNECT) |
++ exit(*self->status); |
+ } |
+ else |
+ switch(e->type) |
/patches/terminate_on_connection_failure.dpatch |
---|
Property changes: |
Added: svn:executable |
## -0,0 +1 ## |
+* |
\ No newline at end of property |
Index: patches/blacklist.dpatch |
=================================================================== |
--- patches/blacklist.dpatch (.../tags/2.0.4-dfsg-8/debian) (nonexistent) |
+++ patches/blacklist.dpatch (.../trunk/debian) (revision 77) |
@@ -0,0 +1,423 @@ |
+#! /bin/sh /usr/share/dpatch/dpatch-run |
+## blacklist.dpatch by Magnus Holmgren <holmgren@debian.org> |
+## blacklist.c code copied from the openssh package and adapted for LSH. |
+## |
+## DP: Check keys against openssh-blacklist before accepting for |
+## DP: pubkey authentication as well as on conversion by lsh-writekey |
+## DP: and lsh-decode-key. |
+ |
+@DPATCH@ |
+diff -urNad trunk~/src/Makefile.am trunk/src/Makefile.am |
+--- trunk~/src/Makefile.am 2004-11-18 22:52:16.000000000 +0100 |
++++ trunk/src/Makefile.am 2009-11-0 23:57:07.000000000 +0100 |
+@@ -72,7 +72,8 @@ |
+ unix_interact.c unix_process.c unix_random.c unix_user.c \ |
+ userauth.c \ |
+ werror.c write_buffer.c write_packet.c \ |
+- xalloc.c xauth.c zlib.c |
++ xalloc.c xauth.c zlib.c \ |
++ blacklist.c |
+ |
+ liblsh_a_LIBADD = @LIBOBJS@ |
+ |
+diff -urNad trunk~/src/Makefile.in trunk/src/Makefile.in |
+--- trunk~/src/Makefile.in 2009-11-07 23:57:06.000000000 +0100 |
++++ trunk/src/Makefile.in 2009-11-07 23:57:07.000000000 +0100 |
+@@ -91,7 +91,8 @@ |
+ tty.$(OBJEXT) unix_interact.$(OBJEXT) unix_process.$(OBJEXT) \ |
+ unix_random.$(OBJEXT) unix_user.$(OBJEXT) userauth.$(OBJEXT) \ |
+ werror.$(OBJEXT) write_buffer.$(OBJEXT) write_packet.$(OBJEXT) \ |
+- xalloc.$(OBJEXT) xauth.$(OBJEXT) zlib.$(OBJEXT) |
++ xalloc.$(OBJEXT) xauth.$(OBJEXT) zlib.$(OBJEXT) \ |
++ blacklist.$(OBJEXT) |
+ liblsh_a_OBJECTS = $(am_liblsh_a_OBJECTS) |
+ am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" \ |
+ "$(DESTDIR)$(bindir)" |
+@@ -510,7 +511,8 @@ |
+ unix_interact.c unix_process.c unix_random.c unix_user.c \ |
+ userauth.c \ |
+ werror.c write_buffer.c write_packet.c \ |
+- xalloc.c xauth.c zlib.c |
++ xalloc.c xauth.c zlib.c \ |
++ blacklist.c |
+ |
+ liblsh_a_LIBADD = @LIBOBJS@ |
+ |
+@@ -705,6 +707,7 @@ |
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/algorithms.Po@am__quote@ |
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/alist.Po@am__quote@ |
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/atoms.Po@am__quote@ |
++@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/blacklist.Po@am__quote@ |
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/channel.Po@am__quote@ |
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/channel_commands.Po@am__quote@ |
+ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/channel_forward.Po@am__quote@ |
+diff -urNad trunk~/src/abstract_crypto.h trunk/src/abstract_crypto.h |
+--- trunk~/src/abstract_crypto.h 2003-11-16 19:10:30.000000000 +0100 |
++++ trunk/src/abstract_crypto.h 2009-11-07 23:57:37.000000000 +0100 |
+@@ -162,7 +162,9 @@ |
+ (public_key method (string)) |
+ |
+ ; Returns (public-key (<pub-sig-alg-id> <s-expr>*)) |
+- (public_spki_key method (string) "int transport"))) |
++ (public_spki_key method (string) "int transport") |
++ |
++ (key_size method uint32_t))) |
+ */ |
+ |
+ #define VERIFY(verifier, algorithm, length, data, slength, sdata) \ |
+@@ -170,7 +172,7 @@ |
+ |
+ #define PUBLIC_KEY(verifier) ((verifier)->public_key((verifier))) |
+ #define PUBLIC_SPKI_KEY(verifier, t) ((verifier)->public_spki_key((verifier), (t))) |
+- |
++#define KEY_SIZE(verifier) ((verifier)->key_size((verifier))) |
+ |
+ /* GABA: |
+ (class |
+diff -urNad trunk~/src/abstract_crypto.h.x trunk/src/abstract_crypto.h.x |
+--- trunk~/src/abstract_crypto.h.x 2007-06-04 22:18:39.000000000 +0200 |
++++ trunk/src/abstract_crypto.h.x 2009-11-07 23:57:07.000000000 +0100 |
+@@ -161,6 +161,7 @@ |
+ int (*(verify))(struct verifier *self,int algorithm,uint32_t length,const uint8_t *data,uint32_t signature_length,const uint8_t *signature_data); |
+ struct lsh_string *(*(public_key))(struct verifier *self); |
+ struct lsh_string *(*(public_spki_key))(struct verifier *self,int transport); |
++ uint32_t *(*(key_size))(struct verifier *self); |
+ }; |
+ extern struct lsh_class verifier_class; |
+ #endif /* !GABA_DEFINE */ |
+diff -urNad trunk~/src/blacklist.c trunk/src/blacklist.c |
+--- trunk~/src/blacklist.c 1970-01-01 01:00:00.000000000 +0100 |
++++ trunk/src/blacklist.c 2009-11-07 23:57:07.000000000 +0100 |
+@@ -0,0 +1,150 @@ |
++#if HAVE_CONFIG_H |
++#include "config.h" |
++#endif |
++ |
++#include <assert.h> |
++ |
++#include "atoms.h" |
++#include "format.h" |
++#include "lsh_string.h" |
++#include "werror.h" |
++#include "crypto.h" |
++ |
++#include <sys/types.h> |
++#include <sys/stat.h> |
++#include <unistd.h> |
++#include <fcntl.h> |
++#include <string.h> |
++ |
++int blacklisted_key(struct verifier *v, int method); |
++ |
++/* Scan a blacklist of known-vulnerable keys in blacklist_file. */ |
++static int |
++blacklisted_key_in_file(struct lsh_string *lsh_hash, struct lsh_string *blacklist_file) |
++{ |
++ int fd = -1; |
++ const char *hash = 0; |
++ uint32_t line_len; |
++ struct stat st; |
++ char buf[256]; |
++ off_t start, lower, upper; |
++ int ret = 0; |
++ |
++ debug("Checking blacklist file %S\n", blacklist_file); |
++ fd = open(lsh_get_cstring(blacklist_file), O_RDONLY); |
++ if (fd < 0) { |
++ ret = -1; |
++ goto out; |
++ } |
++ |
++ hash = lsh_get_cstring(lsh_hash) + 12; |
++ line_len = strlen(hash); |
++ if (line_len != 20) |
++ goto out; |
++ |
++ /* Skip leading comments */ |
++ start = 0; |
++ for (;;) { |
++ ssize_t r; |
++ char *newline; |
++ |
++ r = read(fd, buf, sizeof(buf)); |
++ if (r <= 0) |
++ goto out; |
++ if (buf[0] != '#') |
++ break; |
++ |
++ newline = memchr(buf, '\n', sizeof(buf)); |
++ if (!newline) |
++ goto out; |
++ start += newline + 1 - buf; |
++ if (lseek(fd, start, SEEK_SET) < 0) |
++ goto out; |
++ } |
++ |
++ /* Initialise binary search record numbers */ |
++ if (fstat(fd, &st) < 0) |
++ goto out; |
++ lower = 0; |
++ upper = (st.st_size - start) / (line_len + 1); |
++ |
++ while (lower != upper) { |
++ off_t cur; |
++ int cmp; |
++ |
++ cur = lower + (upper - lower) / 2; |
++ |
++ /* Read this line and compare to digest; this is |
++ * overflow-safe since cur < max(off_t) / (line_len + 1) */ |
++ if (lseek(fd, start + cur * (line_len + 1), SEEK_SET) < 0) |
++ break; |
++ if (read(fd, buf, line_len) != line_len) |
++ break; |
++ cmp = memcmp(buf, hash, line_len); |
++ if (cmp < 0) { |
++ if (cur == lower) |
++ break; |
++ lower = cur; |
++ } else if (cmp > 0) { |
++ if (cur == upper) |
++ break; |
++ upper = cur; |
++ } else { |
++ ret = 1; |
++ break; |
++ } |
++ } |
++ |
++out: |
++ if (fd >= 0) |
++ close(fd); |
++ return ret; |
++} |
++ |
++/* |
++ * Scan blacklists of known-vulnerable keys. If a vulnerable key is found, |
++ * its fingerprint is returned in *fp, unless fp is NULL. |
++ */ |
++int |
++blacklisted_key(struct verifier *v, int method) |
++{ |
++ const char *keytype; |
++ int ret = -1; |
++ const char *paths[] = { "/usr/share/ssh/blacklist", "/etc/ssh/blacklist", NULL }; |
++ const char **pp; |
++ struct lsh_string *lsh_hash = ssh_format("%lfxS", |
++ hash_string(&crypto_md5_algorithm, |
++ PUBLIC_KEY(v), 1)); |
++ uint32_t keysize = KEY_SIZE(v); |
++ |
++ switch (method) |
++ { |
++ case ATOM_SSH_DSS: |
++ case ATOM_DSA: |
++ keytype = "DSA"; |
++ break; |
++ case ATOM_SSH_RSA: |
++ case ATOM_RSA_PKCS1_SHA1: |
++ case ATOM_RSA_PKCS1_MD5: |
++ case ATOM_RSA_PKCS1: |
++ keytype = "RSA"; |
++ break; |
++ default: |
++ werror("Unrecognized key type"); |
++ return -1; |
++ } |
++ |
++ for (pp = paths; *pp && ret <= 0; pp++) { |
++ struct lsh_string *blacklist_file = ssh_format("%lz.%lz-%di", |
++ *pp, keytype, keysize); |
++ int r = blacklisted_key_in_file(lsh_hash, blacklist_file); |
++ lsh_string_free(blacklist_file); |
++ if (r > ret) ret = r; |
++ } |
++ |
++ if (ret > 0) { |
++ werror("Key is compromised: %z %i %fS\n", keytype, keysize, |
++ lsh_string_colonize(lsh_hash, 2, 0)); |
++ } |
++ return ret; |
++} |
+diff -urNad trunk~/src/dsa.c trunk/src/dsa.c |
+--- trunk~/src/dsa.c 2004-06-08 20:00:45.000000000 +0200 |
++++ trunk/src/dsa.c 2009-11-07 23:57:07.000000000 +0100 |
+@@ -189,6 +189,14 @@ |
+ "y", self->key.y); |
+ } |
+ |
++static uint32_t |
++do_dsa_key_size(struct verifier *v) |
++{ |
++ CAST(dsa_verifier, self, v); |
++ |
++ return mpz_sizeinbase(self->key.p, 2); |
++} |
++ |
+ static void |
+ init_dsa_verifier(struct dsa_verifier *self) |
+ { |
+@@ -199,6 +207,7 @@ |
+ self->super.verify = do_dsa_verify; |
+ self->super.public_spki_key = do_dsa_public_spki_key; |
+ self->super.public_key = do_dsa_public_key; |
++ self->super.key_size = do_dsa_key_size; |
+ } |
+ |
+ |
+diff -urNad trunk~/src/lsh-decode-key.c trunk/src/lsh-decode-key.c |
+--- trunk~/src/lsh-decode-key.c 2005-09-06 14:43:15.000000000 +0200 |
++++ trunk/src/lsh-decode-key.c 2009-11-07 23:57:07.000000000 +0100 |
+@@ -133,6 +133,10 @@ |
+ werror("Invalid dsa key.\n"); |
+ return NULL; |
+ } |
++ else if (blacklisted_key(v, type)) |
++ { |
++ return NULL; |
++ } |
+ else |
+ return PUBLIC_SPKI_KEY(v, 1); |
+ } |
+@@ -150,6 +154,10 @@ |
+ werror("Invalid rsa key.\n"); |
+ return NULL; |
+ } |
++ else if (blacklisted_key(v, type)) |
++ { |
++ return NULL; |
++ } |
+ else |
+ return PUBLIC_SPKI_KEY(v, 1); |
+ } |
+diff -urNad trunk~/src/lsh-writekey.c trunk/src/lsh-writekey.c |
+--- trunk~/src/lsh-writekey.c 2004-11-17 11:55:11.000000000 +0100 |
++++ trunk/src/lsh-writekey.c 2009-11-07 23:57:07.000000000 +0100 |
+@@ -397,14 +397,18 @@ |
+ { |
+ struct signer *s; |
+ struct verifier *v; |
++ int algorithm_name; |
+ |
+- s = spki_make_signer(options->signature_algorithms, key, NULL); |
++ s = spki_make_signer(options->signature_algorithms, key, &algorithm_name); |
+ |
+ if (!s) |
+ return NULL; |
+ |
+ v = SIGNER_GET_VERIFIER(s); |
+ assert(v); |
++ if (blacklisted_key(v, algorithm_name)) { |
++ return NULL; |
++ } |
+ |
+ return PUBLIC_SPKI_KEY(v, 1); |
+ } |
+@@ -416,7 +420,8 @@ |
+ int private_fd; |
+ int public_fd; |
+ struct lsh_string *input; |
+- struct lsh_string *output; |
++ struct lsh_string *priv_output; |
++ struct lsh_string *pub_output; |
+ const struct exception *e; |
+ |
+ argp_parse(&main_argp, argc, argv, 0, NULL, options); |
+@@ -439,16 +444,22 @@ |
+ return EXIT_FAILURE; |
+ } |
+ |
+- output = process_private(input, options); |
+- if (!output) |
++ pub_output = process_public(input, options); |
++ if (!pub_output) |
++ return EXIT_FAILURE; |
++ |
++ priv_output = process_private(input, options); |
++ if (!priv_output) |
+ return EXIT_FAILURE; |
+ |
++ lsh_string_free(input); |
++ |
+ private_fd = open_file(options->private_file); |
+ if (private_fd < 0) |
+ return EXIT_FAILURE; |
+ |
+- e = write_raw(private_fd, STRING_LD(output)); |
+- lsh_string_free(output); |
++ e = write_raw(private_fd, STRING_LD(priv_output)); |
++ lsh_string_free(priv_output); |
+ |
+ if (e) |
+ { |
+@@ -457,18 +468,12 @@ |
+ return EXIT_FAILURE; |
+ } |
+ |
+- output = process_public(input, options); |
+- lsh_string_free(input); |
+- |
+- if (!output) |
+- return EXIT_FAILURE; |
+- |
+ public_fd = open_file(options->public_file); |
+ if (public_fd < 0) |
+ return EXIT_FAILURE; |
+ |
+- e = write_raw(public_fd, STRING_LD(output)); |
+- lsh_string_free(output); |
++ e = write_raw(public_fd, STRING_LD(pub_output)); |
++ lsh_string_free(pub_output); |
+ |
+ if (e) |
+ { |
+diff -urNad trunk~/src/publickey_crypto.h trunk/src/publickey_crypto.h |
+--- trunk~/src/publickey_crypto.h 2004-06-15 13:32:51.000000000 +0200 |
++++ trunk/src/publickey_crypto.h 2009-11-07 23:57:07.000000000 +0100 |
+@@ -203,5 +203,7 @@ |
+ struct verifier * |
+ make_ssh_dss_verifier(const struct lsh_string *public); |
+ |
++int |
++blacklisted_key(struct verifier *v, int method); |
+ |
+ #endif /* LSH_PUBLICKEY_CRYPTO_H_INCLUDED */ |
+diff -urNad trunk~/src/rsa.c trunk/src/rsa.c |
+--- trunk~/src/rsa.c 2003-11-16 19:49:12.000000000 +0100 |
++++ trunk/src/rsa.c 2009-11-07 23:57:07.000000000 +0100 |
+@@ -167,6 +167,14 @@ |
+ self->key.n, self->key.e); |
+ } |
+ |
++static uint32_t |
++do_rsa_key_size(struct verifier *v) |
++{ |
++ CAST(rsa_verifier, self, v); |
++ |
++ return mpz_sizeinbase(self->key.n, 2); |
++} |
++ |
+ |
+ /* NOTE: To initialize an rsa verifier, one must |
+ * |
+@@ -184,6 +192,7 @@ |
+ self->super.verify = do_rsa_verify; |
+ self->super.public_key = do_rsa_public_key; |
+ self->super.public_spki_key = do_rsa_public_spki_key; |
++ self->super.key_size = do_rsa_key_size; |
+ } |
+ |
+ /* Alternative constructor using a key of type ssh-rsa, when the atom |
+diff -urNad trunk~/src/server_authorization.c trunk/src/server_authorization.c |
+--- trunk~/src/server_authorization.c 2004-06-08 20:01:15.000000000 +0200 |
++++ trunk/src/server_authorization.c 2009-11-07 23:57:07.000000000 +0100 |
+@@ -93,7 +93,8 @@ |
+ PUBLIC_SPKI_KEY(v, 0), |
+ 1)); |
+ |
+- if (USER_FILE_EXISTS(keyholder, filename, 1)) |
++ if (USER_FILE_EXISTS(keyholder, filename, 1) |
++ && blacklisted_key(v, method) < 1) |
+ return v; |
+ |
+ return NULL; |
/patches/blacklist.dpatch |
---|
Property changes: |
Added: svn:executable |
## -0,0 +1 ## |
+* |
\ No newline at end of property |
Index: patches/40_better_errmsg_when_dotlsh_missing.dpatch |
=================================================================== |
--- patches/40_better_errmsg_when_dotlsh_missing.dpatch (.../tags/2.0.4-dfsg-8/debian) (nonexistent) |
+++ patches/40_better_errmsg_when_dotlsh_missing.dpatch (.../trunk/debian) (revision 77) |
@@ -0,0 +1,36 @@ |
+#! /bin/sh /usr/share/dpatch/dpatch-run |
+## 40_mkdir_dotlsh.dpatch by Magnus Holmgren <holmgren@debian.org> |
+## |
+## DP: Show the intended error message, instead of one about a locking |
+## DP: error, when no seed file exists |
+ |
+@DPATCH@ |
+diff -urNad trunk~/src/unix_random.c trunk/src/unix_random.c |
+--- trunk~/src/unix_random.c 2006-01-23 18:47:10.000000000 +0100 |
++++ trunk/src/unix_random.c 2008-06-24 22:29:29.000000000 +0200 |
+@@ -353,6 +353,15 @@ |
+ |
+ yarrow256_init(&self->yarrow, RANDOM_NSOURCES, self->sources); |
+ |
++ if (access(lsh_get_cstring(seed_file_name), F_OK) < 0) |
++ { |
++ werror("No seed file. Please create one by running\n"); |
++ werror("lsh-make-seed -o \"%S\".\n", seed_file_name); |
++ |
++ KILL(self); |
++ return NULL; |
++ } |
++ |
+ verbose("Reading seed-file `%S'\n", seed_file_name); |
+ |
+ self->lock |
+@@ -374,8 +383,7 @@ |
+ self->seed_file_fd = open(lsh_get_cstring(seed_file_name), O_RDWR); |
+ if (self->seed_file_fd < 0) |
+ { |
+- werror("No seed file. Please create one by running\n"); |
+- werror("lsh-make-seed -o \"%S\".\n", seed_file_name); |
++ werror("Could not open seed file \"%S\".\n", seed_file_name); |
+ |
+ KILL_RESOURCE(lock); |
+ KILL(self); |
/patches/40_better_errmsg_when_dotlsh_missing.dpatch |
---|
Property changes: |
Added: svn:executable |
## -0,0 +1 ## |
+* |
\ No newline at end of property |
Index: patches/20_sftp-server_mansection.dpatch |
=================================================================== |
--- patches/20_sftp-server_mansection.dpatch (.../tags/2.0.4-dfsg-8/debian) (nonexistent) |
+++ patches/20_sftp-server_mansection.dpatch (.../trunk/debian) (revision 77) |
@@ -0,0 +1,18 @@ |
+#! /bin/sh /usr/share/dpatch/dpatch-run |
+## 20_sftp-server_mansection.dpatch by Magnus Holmgren <holmgren@debian.org> |
+## |
+## DP: Invent manual section 8lsh for lsh's sftp-server |
+ |
+@DPATCH@ |
+diff -urNad trunk~/src/sftp/sftp-server.8 trunk/src/sftp/sftp-server.8 |
+--- trunk~/src/sftp/sftp-server.8 2006-05-08 21:11:17.000000000 +0200 |
++++ trunk/src/sftp/sftp-server.8 2007-10-03 20:48:35.000000000 +0200 |
+@@ -22,7 +22,7 @@ |
+ .\" maintainers of the package you received this manual from and make your |
+ .\" modified versions available to them. |
+ .\" |
+-.TH SFTP-SERVER 8 "NOVEMBER 2004" SFTP-SERVER "Lsh Manuals" |
++.TH SFTP-SERVER 8lsh "NOVEMBER 2004" SFTP-SERVER "Lsh Manuals" |
+ .SH NAME |
+ sftp-server - Server for the sftp subsystem |
+ .SH SYNOPSIS |
/patches/20_sftp-server_mansection.dpatch |
---|
Property changes: |
Added: svn:executable |
## -0,0 +1 ## |
+* |
\ No newline at end of property |
Index: patches/30_nonettle.dpatch |
=================================================================== |
--- patches/30_nonettle.dpatch (.../tags/2.0.4-dfsg-8/debian) (nonexistent) |
+++ patches/30_nonettle.dpatch (.../trunk/debian) (revision 77) |
@@ -0,0 +1,27 @@ |
+#!/bin/sh |
+## 30_nonettle.dpatch by Magnus Holmgren <holmgren@debian.org> |
+## |
+## DP: Link dynamically with libnettle-dev instead of the bundled version |
+ |
+set -e |
+FILES=`find src -name nettle -prune -o -name Makefile.in -print` |
+ |
+dpatch_patch() { |
+ if [ ! -f debian/patched/30_nonettle_orig.tar.gz ]; then |
+ tar -czf debian/patched/30_nonettle_orig.tar.gz $FILES |
+ sed -ri -e '/^LDADD/,+1s%(\.\.?/)*nettle/libnettle\.a|-lnettle%-lnettle -lhogweed%' \ |
+ -e 's%\s*(-[IL]\s*)?(\.\.?/)*\bnettle(/libnettle\.a)?\b%%g' $FILES |
+ mv src/nettle src/nettle-unused |
+ fi |
+} |
+ |
+dpatch_unpatch() { |
+ if [ -f debian/patched/30_nonettle_orig.tar.gz ]; then |
+ mv src/nettle-unused src/nettle |
+ tar -xzf debian/patched/30_nonettle_orig.tar.gz |
+ fi |
+} |
+ |
+DPATCH_LIB_NO_DEFAULT=1 |
+ |
+. /usr/share/dpatch/dpatch.lib.sh |
Index: patches/nettle_2.0.dpatch |
=================================================================== |
--- patches/nettle_2.0.dpatch (.../tags/2.0.4-dfsg-8/debian) (nonexistent) |
+++ patches/nettle_2.0.dpatch (.../trunk/debian) (revision 77) |
@@ -0,0 +1,200 @@ |
+#! /bin/sh /usr/share/dpatch/dpatch-run |
+## nettle_2.0.dpatch by Magnus Holmgren <holmgren@debian.org> |
+## |
+## DP: Adapt to Nettle 2.0 |
+ |
+@DPATCH@ |
+diff -ur lsh-2.0.4/src/crypto.c /var/cache/users/magnus/svn-buildpackage/lsh-utils/lsh-utils-2.0.4-dfsg/src/crypto.c |
+--- lsh-2.0.4/src/crypto.c 2005-11-26 18:13:55.000000000 +0100 |
++++ lsh-utils-2.0.4-dfsg/src/crypto.c 2009-08-04 23:57:22.000000000 +0200 |
+@@ -71,7 +71,7 @@ |
+ assert(!(length % 8)); |
+ |
+ lsh_string_crypt(dst, di, src, si, length, |
+- (nettle_crypt_func) arcfour_crypt, &self->ctx); |
++ (nettle_crypt_func*) arcfour_crypt, &self->ctx); |
+ } |
+ |
+ static struct crypto_instance * |
+@@ -114,7 +114,7 @@ |
+ |
+ lsh_string_cbc_encrypt(dst, di, src, si, length, |
+ AES_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) aes_encrypt, |
++ (nettle_crypt_func*) aes_encrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -128,7 +128,7 @@ |
+ |
+ lsh_string_cbc_decrypt(dst, di, src, si, length, |
+ AES_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) aes_decrypt, |
++ (nettle_crypt_func*) aes_decrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -185,7 +185,7 @@ |
+ |
+ lsh_string_ctr_crypt(dst, di, src, si, length, |
+ AES_BLOCK_SIZE, self->ctx.ctr, |
+- (nettle_crypt_func) aes_encrypt, |
++ (nettle_crypt_func*) aes_encrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -227,7 +227,7 @@ |
+ |
+ lsh_string_cbc_encrypt(dst, di, src, si, length, |
+ DES3_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) des3_encrypt, |
++ (nettle_crypt_func*) des3_encrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -241,7 +241,7 @@ |
+ |
+ lsh_string_cbc_decrypt(dst, di, src, si, length, |
+ DES3_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) des3_decrypt, |
++ (nettle_crypt_func*) des3_decrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -303,7 +303,7 @@ |
+ |
+ lsh_string_cbc_encrypt(dst, di, src, si, length, |
+ CAST128_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) cast128_encrypt, |
++ (nettle_crypt_func*) cast128_encrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -317,7 +317,7 @@ |
+ |
+ lsh_string_cbc_decrypt(dst, di, src, si, length, |
+ CAST128_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) cast128_decrypt, |
++ (nettle_crypt_func*) cast128_decrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -363,7 +363,7 @@ |
+ |
+ lsh_string_cbc_encrypt(dst, di, src, si, length, |
+ TWOFISH_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) twofish_encrypt, |
++ (nettle_crypt_func*) twofish_encrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -377,7 +377,7 @@ |
+ |
+ lsh_string_cbc_decrypt(dst, di, src, si, length, |
+ TWOFISH_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) twofish_decrypt, |
++ (nettle_crypt_func*) twofish_decrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -422,7 +422,7 @@ |
+ |
+ lsh_string_cbc_encrypt(dst, di, src, si, length, |
+ BLOWFISH_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) blowfish_encrypt, |
++ (nettle_crypt_func*) blowfish_encrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -436,7 +436,7 @@ |
+ |
+ lsh_string_cbc_decrypt(dst, di, src, si, length, |
+ BLOWFISH_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) blowfish_decrypt, |
++ (nettle_crypt_func*) blowfish_decrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -488,7 +488,7 @@ |
+ |
+ lsh_string_cbc_encrypt(dst, di, src, si, length, |
+ SERPENT_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) serpent_encrypt, |
++ (nettle_crypt_func*) serpent_encrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -502,7 +502,7 @@ |
+ |
+ lsh_string_cbc_decrypt(dst, di, src, si, length, |
+ SERPENT_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) serpent_decrypt, |
++ (nettle_crypt_func*) serpent_decrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+diff -ur lsh-2.0.4/src/lsh-make-seed.c /var/cache/users/magnus/svn-buildpackage/lsh-utils/lsh-utils-2.0.4-dfsg/src/lsh-make-seed.c |
+--- lsh-2.0.4/src/lsh-make-seed.c 2006-01-23 18:51:06.000000000 +0100 |
++++ lsh-utils-2.0.4-dfsg/src/lsh-make-seed.c 2009-08-05 00:24:58.000000000 +0200 |
+@@ -1219,6 +1219,7 @@ |
+ |
+ struct yarrow256_ctx yarrow; |
+ struct yarrow_source sources[NSOURCES]; |
++ uint8_t seed[YARROW256_SEED_FILE_SIZE]; |
+ |
+ argp_parse(&main_argp, argc, argv, 0, NULL, options); |
+ |
+@@ -1371,7 +1372,8 @@ |
+ } |
+ } |
+ |
+- e = write_raw(fd, sizeof(yarrow.seed_file), yarrow.seed_file); |
++ yarrow256_random(&yarrow, sizeof(seed), seed); |
++ e = write_raw(fd, sizeof(seed), seed); |
+ |
+ if (e) |
+ { |
+diff -ur lsh-2.0.4/src/unix_random.c /var/cache/users/magnus/svn-buildpackage/lsh-utils/lsh-utils-2.0.4-dfsg/src/unix_random.c |
+--- lsh-2.0.4/src/unix_random.c 2006-01-23 18:47:10.000000000 +0100 |
++++ lsh-utils-2.0.4-dfsg/src/unix_random.c 2009-08-05 00:28:31.000000000 +0200 |
+@@ -81,6 +81,7 @@ |
+ int fd) |
+ { |
+ const struct exception *e; |
++ uint8_t seed[YARROW256_SEED_FILE_SIZE]; |
+ |
+ if (lseek(fd, 0, SEEK_SET) < 0) |
+ { |
+@@ -88,7 +89,8 @@ |
+ return 0; |
+ } |
+ |
+- e = write_raw(fd, YARROW256_SEED_FILE_SIZE, ctx->seed_file); |
++ yarrow256_random(ctx, sizeof(seed), seed); |
++ e = write_raw(fd, sizeof(seed), seed); |
+ |
+ if (e) |
+ { |
+@@ -183,17 +183,19 @@ |
+ { |
+ struct lsh_string *s = read_seed_file(self->seed_file_fd); |
+ |
+- write_seed_file(&self->yarrow, self->seed_file_fd); |
+- KILL_RESOURCE(lock); |
+- |
+ /* Mix in the old seed file, it might have picked up |
+ * some randomness. */ |
+ if (s) |
+ { |
++ self->yarrow.sources[RANDOM_SOURCE_NEW_SEED].next = YARROW_FAST; |
+ yarrow256_update(&self->yarrow, RANDOM_SOURCE_NEW_SEED, |
+ 0, STRING_LD(s)); |
+ lsh_string_free(s); |
++ yarrow256_fast_reseed(&self->yarrow); |
+ } |
++ |
++ write_seed_file(&self->yarrow, self->seed_file_fd); |
++ KILL_RESOURCE(lock); |
+ } |
+ } |
+ |
Index: README.source |
=================================================================== |
--- README.source (.../tags/2.0.4-dfsg-8/debian) (nonexistent) |
+++ README.source (.../trunk/debian) (revision 77) |
@@ -0,0 +1,8 @@ |
+This package uses dpatch to manage all modifications to the upstream |
+source. Changes are stored in the source package as diffs in |
+debian/patches and applied during the build. For basic usage |
+information, see |
+ |
+ /usr/share/doc/dpatch/README.source.gz |
+ |
+(after installing dpatch). |
Index: rules |
=================================================================== |
--- rules (.../tags/2.0.4-dfsg-8/debian) (revision 89) |
+++ rules (.../trunk/debian) (revision 77) |
@@ -1,117 +1,18 @@ |
#!/usr/bin/make -f |
-# -*- makefile -*- |
-# Sample debian/rules that uses debhelper. |
-# GNU copyright 1997 to 1999 by Joey Hess. |
-# Uncomment this to turn on verbose mode. |
-#export DH_VERBOSE=1 |
+include /usr/share/cdbs/1/class/autotools.mk |
+include /usr/share/cdbs/1/rules/debhelper.mk |
+include /usr/share/cdbs/1/rules/dpatch.mk |
-# These are used for cross-compiling and for saving the configure script |
-# from having to guess our platform (since we know it already) |
-DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) |
-DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) |
- |
-ifeq ($(DEB_BUILD_GNU_TYPE), $(DEB_HOST_GNU_TYPE)) |
- buildflags = --build=$(DEB_BUILD_GNU_TYPE) |
-else |
- buildflags = --build=$(DEB_BUILD_GNU_TYPE) --host=$(DEB_HOST_GNU_TYPE) |
-endif |
- |
-parallel = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) |
-ifneq (,$(parallel)) |
-jobsflag = -j$(parallel) |
-endif |
- |
-config.status: configure.ac |
- dh_testdir |
- # Add here commands to configure the package. |
- [ -d src/nettle-dontuse -a ! -d src/nettle ] || mv src/nettle src/nettle-dontuse |
- dh_autoreconf |
- ./configure $(buildflags) \ |
- --prefix=/usr \ |
- --disable-dependency-tracking \ |
- --enable-pam --enable-kerberos --enable-srp \ |
+# the used configure parameters for ./configure |
+DEB_CONFIGURE_EXTRA_FLAGS := --enable-pam --enable-kerberos --enable-srp \ |
--with-pty --enable-tcp-forward --enable-x11-forward \ |
--enable-agent-forward --enable-ipv6 --enable-utmp \ |
--with-zlib --with-tcpwrappers --with-sshd1=/usr/sbin/sshd \ |
- --with-x XAUTH_PROGRAM=/usr/bin/xauth \ |
- CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS) -Wl,-z,defs -Wl,--as-needed" |
+ --with-x XAUTH_PROGRAM=/usr/bin/xauth |
-build: build-stamp |
-build-stamp: config.status |
- dh_testdir |
+DEB_INSTALL_CHANGELOGS_ALL := ChangeLog |
+DEB_INSTALL_DOCS_ALL := README |
+DEB_DH_INSTALL_SOURCEDIR := debian/tmp |
- # Add here commands to compile the package. |
- $(MAKE) $(jobsflag) MAKEINFO='makeinfo --enable-encoding' |
-ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS))) |
- $(MAKE) check |
-endif |
- |
- touch build-stamp |
- |
-clean: |
- dh_testdir |
- dh_testroot |
- rm -f build-stamp |
- |
- # Add here commands to clean up after the build process. |
- [ ! -f Makefile ] || $(MAKE) distclean |
- dh_autoreconf_clean |
- dh_clean |
- [ -d src/nettle -a ! -d src/nettle-dontuse ] || mv src/nettle-dontuse src/nettle |
- |
-install: build |
- dh_testdir |
- dh_testroot |
- dh_prep |
- dh_installdirs |
- |
- # Add here commands to install the package into debian/tmp |
- $(MAKE) install DESTDIR=$(CURDIR)/debian/tmp |
- |
-build-indep build-arch: build |
- |
-# Build architecture-independent files here. |
-binary-indep: build-indep install |
- dh_testdir |
- dh_testroot |
- dh_install -i --sourcedir=debian/tmp |
- dh_link -i |
- dh_installchangelogs -i ChangeLog |
- dh_installdocs -i -A README |
- dh_installinfo -i |
- dh_installman -i |
- dh_installdebconf -i |
- dh_compress -i |
- dh_fixperms -i |
- dh_makeshlibs -i |
- dh_installdeb -i |
- dh_shlibdeps -i |
- dh_gencontrol -i |
- dh_md5sums -i |
- dh_builddeb -i |
- |
-# Build architecture-dependent files here. |
-binary-arch: build-arch install |
- dh_testdir |
- dh_testroot |
- dh_install -a --sourcedir=debian/tmp |
- dh_link -a |
- dh_installchangelogs -a ChangeLog |
- dh_installdocs -a -A README |
- dh_installexamples -a |
- dh_installman -a |
- dh_installinit -a |
- dh_installdebconf -a |
- dh_strip -a |
- dh_compress -a |
- dh_fixperms -a |
- dh_makeshlibs -a |
- dh_installdeb -a |
- dh_shlibdeps -a |
- dh_gencontrol -a |
- dh_md5sums -a |
- dh_builddeb -a |
- |
-binary: binary-arch binary-indep |
-.PHONY: build-indep build-arch build clean clean-patched binary-indep binary-arch binary install |
+LDFLAGS += -Wl,-z,defs -Wl,--as-needed |
/trunk/debian/compat |
---|
1,0 → 0,0 |
7 |
5 |
/trunk/debian/lsh-doc.doc-base |
---|
2,7 → 2,7 |
Title: LSH documentation |
Author: Niels Möller |
Abstract: This document describes `lsh' and related programs. |
Section: Network/Remote Access |
Section: Network |
Format: HTML |
Index: /usr/share/doc/lsh-doc/lsh.html |