WebSVN - lsh - Path Comparison - /tags/ Rev 103 and /tags/ Rev 102

Ignore whitespace Rev 103 → Rev 102

/tags/2.0.4-dfsg-11/debian/patches/better-errmsg-when-dotlsh-missing.patch
File deleted

Property changes:
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: 2.0.4-dfsg-11/debian/patches/terminate-on-connection-failure.patch
===================================================================
--- 2.0.4-dfsg-11/debian/patches/terminate-on-connection-failure.patch (revision 103)
+++ 2.0.4-dfsg-11/debian/patches/terminate-on-connection-failure.patch (nonexistent)
@@ -1,16 +0,0 @@
-Author: Magnus Holmgren <holmgren@debian.org>
-Description: Call exit() in lsh's default exception handler on EXC_IO_CONNECT
- Otherwise lsh won't terminate.
-
-diff -urNad trunk~/src/lsh.c trunk/src/lsh.c
---- trunk~/src/lsh.c 2005-03-16 21:06:23.000000000 +0100
-+++ trunk/src/lsh.c 2010-01-09 22:32:51.000000000 +0100
-@@ -959,6 +959,8 @@
- *self->status = EXIT_FAILURE;
-
- werror("%z, (errno = %i)\n", e->msg, exc->error);
-+ if (e->type == EXC_IO_CONNECT)
-+ exit(*self->status);
- }
- else
- switch(e->type)

/2.0.4-dfsg-11/debian/patches/terminate-on-connection-failure.patch
Property changes:
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: 2.0.4-dfsg-11/debian/patches/nettle-2.0.patch
===================================================================
--- 2.0.4-dfsg-11/debian/patches/nettle-2.0.patch (revision 103)
+++ 2.0.4-dfsg-11/debian/patches/nettle-2.0.patch (nonexistent)
@@ -1,238 +0,0 @@
-Author: Magnus Holmgren <holmgren@debian.org>
-Description: Adapt to Nettle 2.0
-
---- a/src/crypto.c
-+++ b/src/crypto.c
-@@ -71,7 +71,7 @@ do_crypt_arcfour(struct crypto_instance
- assert(!(length % 8));
-
- lsh_string_crypt(dst, di, src, si, length,
-- (nettle_crypt_func) arcfour_crypt, &self->ctx);
-+ (nettle_crypt_func*) arcfour_crypt, &self->ctx);
- }
-
- static struct crypto_instance *
-@@ -114,7 +114,7 @@ do_aes_cbc_encrypt(struct crypto_instanc
-
- lsh_string_cbc_encrypt(dst, di, src, si, length,
- AES_BLOCK_SIZE, self->ctx.iv,
-- (nettle_crypt_func) aes_encrypt,
-+ (nettle_crypt_func*) aes_encrypt,
- &self->ctx.ctx);
- }
-
-@@ -128,7 +128,7 @@ do_aes_cbc_decrypt(struct crypto_instanc
-
- lsh_string_cbc_decrypt(dst, di, src, si, length,
- AES_BLOCK_SIZE, self->ctx.iv,
-- (nettle_crypt_func) aes_decrypt,
-+ (nettle_crypt_func*) aes_decrypt,
- &self->ctx.ctx);
- }
-
-@@ -185,7 +185,7 @@ do_aes_ctr_crypt(struct crypto_instance
-
- lsh_string_ctr_crypt(dst, di, src, si, length,
- AES_BLOCK_SIZE, self->ctx.ctr,
-- (nettle_crypt_func) aes_encrypt,
-+ (nettle_crypt_func*) aes_encrypt,
- &self->ctx.ctx);
- }
-
-@@ -227,7 +227,7 @@ do_des3_encrypt(struct crypto_instance *
-
- lsh_string_cbc_encrypt(dst, di, src, si, length,
- DES3_BLOCK_SIZE, self->ctx.iv,
-- (nettle_crypt_func) des3_encrypt,
-+ (nettle_crypt_func*) des3_encrypt,
- &self->ctx.ctx);
- }
-
-@@ -241,7 +241,7 @@ do_des3_decrypt(struct crypto_instance *
-
- lsh_string_cbc_decrypt(dst, di, src, si, length,
- DES3_BLOCK_SIZE, self->ctx.iv,
-- (nettle_crypt_func) des3_decrypt,
-+ (nettle_crypt_func*) des3_decrypt,
- &self->ctx.ctx);
- }
-
-@@ -303,7 +303,7 @@ do_cast128_encrypt(struct crypto_instanc
-
- lsh_string_cbc_encrypt(dst, di, src, si, length,
- CAST128_BLOCK_SIZE, self->ctx.iv,
-- (nettle_crypt_func) cast128_encrypt,
-+ (nettle_crypt_func*) cast128_encrypt,
- &self->ctx.ctx);
- }
-
-@@ -317,7 +317,7 @@ do_cast128_decrypt(struct crypto_instanc
-
- lsh_string_cbc_decrypt(dst, di, src, si, length,
- CAST128_BLOCK_SIZE, self->ctx.iv,
-- (nettle_crypt_func) cast128_decrypt,
-+ (nettle_crypt_func*) cast128_decrypt,
- &self->ctx.ctx);
- }
-
-@@ -363,7 +363,7 @@ do_twofish_encrypt(struct crypto_instanc
-
- lsh_string_cbc_encrypt(dst, di, src, si, length,
- TWOFISH_BLOCK_SIZE, self->ctx.iv,
-- (nettle_crypt_func) twofish_encrypt,
-+ (nettle_crypt_func*) twofish_encrypt,
- &self->ctx.ctx);
- }
-
-@@ -377,7 +377,7 @@ do_twofish_decrypt(struct crypto_instanc
-
- lsh_string_cbc_decrypt(dst, di, src, si, length,
- TWOFISH_BLOCK_SIZE, self->ctx.iv,
-- (nettle_crypt_func) twofish_decrypt,
-+ (nettle_crypt_func*) twofish_decrypt,
- &self->ctx.ctx);
- }
-
-@@ -422,7 +422,7 @@ do_blowfish_encrypt(struct crypto_instan
-
- lsh_string_cbc_encrypt(dst, di, src, si, length,
- BLOWFISH_BLOCK_SIZE, self->ctx.iv,
-- (nettle_crypt_func) blowfish_encrypt,
-+ (nettle_crypt_func*) blowfish_encrypt,
- &self->ctx.ctx);
- }
-
-@@ -436,7 +436,7 @@ do_blowfish_decrypt(struct crypto_instan
-
- lsh_string_cbc_decrypt(dst, di, src, si, length,
- BLOWFISH_BLOCK_SIZE, self->ctx.iv,
-- (nettle_crypt_func) blowfish_decrypt,
-+ (nettle_crypt_func*) blowfish_decrypt,
- &self->ctx.ctx);
- }
-
-@@ -488,7 +488,7 @@ do_serpent_encrypt(struct crypto_instanc
-
- lsh_string_cbc_encrypt(dst, di, src, si, length,
- SERPENT_BLOCK_SIZE, self->ctx.iv,
-- (nettle_crypt_func) serpent_encrypt,
-+ (nettle_crypt_func*) serpent_encrypt,
- &self->ctx.ctx);
- }
-
-@@ -502,7 +502,7 @@ do_serpent_decrypt(struct crypto_instanc
-
- lsh_string_cbc_decrypt(dst, di, src, si, length,
- SERPENT_BLOCK_SIZE, self->ctx.iv,
-- (nettle_crypt_func) serpent_decrypt,
-+ (nettle_crypt_func*) serpent_decrypt,
- &self->ctx.ctx);
- }
-
---- a/src/lsh-make-seed.c
-+++ b/src/lsh-make-seed.c
-@@ -1219,6 +1219,7 @@ main(int argc, char **argv)
-
- struct yarrow256_ctx yarrow;
- struct yarrow_source sources[NSOURCES];
-+ uint8_t seed[YARROW256_SEED_FILE_SIZE];
-
- argp_parse(&main_argp, argc, argv, 0, NULL, options);
-
-@@ -1371,7 +1372,8 @@ main(int argc, char **argv)
- }
- }
-
-- e = write_raw(fd, sizeof(yarrow.seed_file), yarrow.seed_file);
-+ yarrow256_random(&yarrow, sizeof(seed), seed);
-+ e = write_raw(fd, sizeof(seed), seed);
-
- if (e)
- {
---- a/src/unix_random.c
-+++ b/src/unix_random.c
-@@ -81,6 +81,7 @@ write_seed_file(struct yarrow256_ctx *ct
- int fd)
- {
- const struct exception *e;
-+ uint8_t seed[YARROW256_SEED_FILE_SIZE];
-
- if (lseek(fd, 0, SEEK_SET) < 0)
- {
-@@ -88,7 +89,8 @@ write_seed_file(struct yarrow256_ctx *ct
- return 0;
- }
-
-- e = write_raw(fd, YARROW256_SEED_FILE_SIZE, ctx->seed_file);
-+ yarrow256_random(ctx, sizeof(seed), seed);
-+ e = write_raw(fd, sizeof(seed), seed);
-
- if (e)
- {
-@@ -183,17 +185,19 @@ update_seed_file(struct unix_random *sel
- {
- struct lsh_string *s = read_seed_file(self->seed_file_fd);
-
-- write_seed_file(&self->yarrow, self->seed_file_fd);
-- KILL_RESOURCE(lock);
--
- /* Mix in the old seed file, it might have picked up
- * some randomness. */
- if (s)
- {
-+ self->yarrow.sources[RANDOM_SOURCE_NEW_SEED].next = YARROW_FAST;
- yarrow256_update(&self->yarrow, RANDOM_SOURCE_NEW_SEED,
- 0, STRING_LD(s));
- lsh_string_free(s);
-+ yarrow256_fast_reseed(&self->yarrow);
- }
-+
-+ write_seed_file(&self->yarrow, self->seed_file_fd);
-+ KILL_RESOURCE(lock);
- }
- }
-
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -113,7 +113,7 @@ lsh_krb_checkpw_LDADD=@KRB_LIBS@
-
- lsh_execuv_LDADD=
-
--LDADD = liblsh.a spki/libspki.a -lnettle @LIBARGP@
-+LDADD = liblsh.a spki/libspki.a -lnettle -lhogweed @LIBARGP@
-
- # To avoid having to link lshg with nettle, link with dummy.o.
-
---- a/src/spki/testsuite/Makefile.am
-+++ b/src/spki/testsuite/Makefile.am
-@@ -9,7 +9,7 @@ TS_ALL = $(TS_PROGS) $(TS_SH)
-
- noinst_PROGRAMS = $(TS_PROGS)
-
--LDADD = testutils.o ../libspki.a -lnettle
-+LDADD = testutils.o ../libspki.a -lnettle -lhogweed
-
- include .dist_cdsa
-
---- a/src/spki/tools/Makefile.am
-+++ b/src/spki/tools/Makefile.am
-@@ -6,7 +6,7 @@ noinst_PROGRAMS = spki-check-signature s
- # that affects all programs.
-
- LDADD = misc.o getopt.o getopt1.o \
-- ../libspki.a -lnettle
-+ ../libspki.a -lnettle -lhogweed
-
- spki_make_signature_SOURCES = spki-make-signature.c sign.c
- spki_delegate_SOURCES = spki-delegate.c sign.c
---- a/src/testsuite/Makefile.am
-+++ b/src/testsuite/Makefile.am
-@@ -34,7 +34,7 @@ noinst_PROGRAMS = $(TS_PROGS)
- # Workaround to get automake to keep dependencies for testutils.o
- EXTRA_PROGRAMS = testutils
-
--LDADD = testutils.o ../liblsh.a ../spki/libspki.a -lnettle \
-+LDADD = testutils.o ../liblsh.a ../spki/libspki.a -lnettle -lhogweed \
- $(DOTDOT_LIBARGP)
-
- include .dist_rapid7
Index: 2.0.4-dfsg-11/debian/patches/nonettle.patch
===================================================================
--- 2.0.4-dfsg-11/debian/patches/nonettle.patch (revision 103)
+++ 2.0.4-dfsg-11/debian/patches/nonettle.patch (nonexistent)
@@ -1,214 +0,0 @@
---- a/configure.ac
-+++ b/configure.ac
-@@ -778,7 +778,6 @@ if test x$enable_ipv6 = xyes ; then
- fi
-
- AC_CONFIG_SUBDIRS(src/argp)
--AC_CONFIG_SUBDIRS(src/nettle)
- AC_CONFIG_SUBDIRS(src/spki)
- AC_CONFIG_SUBDIRS(src/sftp)
-
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -1,15 +1,12 @@
- # Process this file with automake to produce Makefile.in
-
--SUBDIRS = argp rsync nettle scm sftp spki . testsuite
-+SUBDIRS = argp rsync scm sftp spki . testsuite
-
- include .dist_classes
- include .dist_headers
-
- BUILT_SOURCES = environ.h
-
--# Kludge needed for finding the nettle/nettle-types.h file in the build tree
--AM_CPPFLAGS = -I./nettle
--
- SCHEME = $(SCHEME_PROGRAM) -l $(srcdir)/scm/$(SCHEME_NAME)-compat.scm
-
- EXTRA_PROGRAMS = lsh-krb-checkpw lsh-pam-checkpw srp-gen
-@@ -116,7 +113,7 @@ lsh_krb_checkpw_LDADD=@KRB_LIBS@
-
- lsh_execuv_LDADD=
-
--LDADD = liblsh.a spki/libspki.a nettle/libnettle.a @LIBARGP@
-+LDADD = liblsh.a spki/libspki.a -lnettle @LIBARGP@
-
- # To avoid having to link lshg with nettle, link with dummy.o.
-
---- a/src/rsync/Makefile.am
-+++ b/src/rsync/Makefile.am
-@@ -3,10 +3,6 @@
- noinst_LIBRARIES = librsync.a
- noinst_HEADERS = rsync.h
-
--# Needed for finding the nettle include files in the source tree
--# and nettle-types.h in the build tree.
--AM_CPPFLAGS = -I$(srcdir)/.. -I../nettle
--
- librsync_a_SOURCES = generate.c receive.c checksum.c send.c
-
-
---- a/src/sftp/Makefile.am
-+++ b/src/sftp/Makefile.am
-@@ -1,8 +1,5 @@
- SUBDIRS = . testsuite
-
--# Needed for finding nettle-types.h in the build tree.
--AM_CPPFLAGS = -I..
--
- AUTOMAKE_OPTIONS = foreign
-
- bin_PROGRAMS = lsftp
---- a/src/spki/Makefile.am
-+++ b/src/spki/Makefile.am
-@@ -1,8 +1,5 @@
- SUBDIRS = . tools testsuite
-
--# FIXME: Create a link to nettle directory instead?
--AM_CPPFLAGS = -I$(srcdir)/.. -I../nettle
--
- noinst_LIBRARIES = libspki.a
- # libspkiincludedir = $(includedir)/nettle
-
---- a/src/spki/testsuite/Makefile.am
-+++ b/src/spki/testsuite/Makefile.am
-@@ -1,8 +1,4 @@
-
--# FIXME: Create a link to nettle directory instead?
--AM_CPPFLAGS = -O0 -I$(top_srcdir) -I$(top_srcdir)/.. -I../../nettle
--AM_LDFLAGS = -L../../nettle
--
- TS_PROGS = principal-test date-test tag-test read-acl-test \
- lookup-acl-test read-cert-test cdsa-reduce-test
-
---- a/src/spki/tools/Makefile.am
-+++ b/src/spki/tools/Makefile.am
-@@ -1,16 +1,12 @@
- noinst_PROGRAMS = spki-check-signature spki-make-signature \
- spki-delegate spki-reduce
-
--# FIXME: Create a link to nettle directory instead?
--AM_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/.. -I../../nettle
--AM_LDFLAGS = -L.. -L../../nettle/
--
- # libnettle.a and libspki.a are added at the end to make sure all
- # programs depend on it. It seems there's no DEPENDENCIES variable
- # that affects all programs.
-
- LDADD = misc.o getopt.o getopt1.o \
-- -lspki -lnettle ../libspki.a ../../nettle/libnettle.a
-+ ../libspki.a -lnettle
-
- spki_make_signature_SOURCES = spki-make-signature.c sign.c
- spki_delegate_SOURCES = spki-delegate.c sign.c
---- a/src/testsuite/Makefile.am
-+++ b/src/testsuite/Makefile.am
-@@ -3,7 +3,7 @@
- # -O0 is not recogniced on AIX
- # AM_CFLAGS = -O0
-
--AM_CPPFLAGS = -I$(srcdir)/.. -I.. -I../nettle
-+AM_CPPFLAGS = -I$(srcdir)/..
-
- TS_PROGS = arcfour-test aes-test blowfish-test cast128-test \
- des-test \
-@@ -34,7 +34,7 @@ noinst_PROGRAMS = $(TS_PROGS)
- # Workaround to get automake to keep dependencies for testutils.o
- EXTRA_PROGRAMS = testutils
-
--LDADD = testutils.o ../liblsh.a ../spki/libspki.a ../nettle/libnettle.a \
-+LDADD = testutils.o ../liblsh.a ../spki/libspki.a -lnettle \
- $(DOTDOT_LIBARGP)
-
- include .dist_rapid7
-@@ -59,6 +59,6 @@ all:
-
- # sexp-conv may be dynamically linked
- check: $(TS_ALL)
-- LD_LIBRARY_PATH="`pwd`/../nettle/.lib" srcdir=$(srcdir) \
-+ srcdir=$(srcdir) \
- $(srcdir)/run-tests $(TS_ALL)
-
---- a/src/spki/testsuite/check-signature-test
-+++ b/src/spki/testsuite/check-signature-test
-@@ -1,7 +1,7 @@
- #! /bin/sh
-
- conv () {
-- echo "$1" \| ../../nettle/tools/sexp-conv -s transport \| tee test.in
-+ echo "$1" \| sexp-conv -s transport \| tee test.in
- }
-
- die () {
---- a/src/spki/testsuite/delegate-test
-+++ b/src/spki/testsuite/delegate-test
-@@ -1,7 +1,7 @@
- #! /bin/sh
-
- conv () {
-- ../../nettle/tools/sexp-conv -s transport \| tee test.in
-+ sexp-conv -s transport \| tee test.in
- }
-
- die () {
-@@ -12,7 +12,7 @@ die () {
- check_sexp () {
- file="$1"
- shift
-- ../../nettle/tools/sexp-conv -s canonical > test.canonical \|\| die "sexp-conv failed"
-+ sexp-conv -s canonical > test.canonical \|\| die "sexp-conv failed"
- cmp "$file" test.canonical \|\| die "$@"
- }
-
---- a/src/spki/testsuite/make-signature-test
-+++ b/src/spki/testsuite/make-signature-test
-@@ -1,7 +1,7 @@
- #! /bin/sh
-
- conv () {
-- echo "$1" \| ../../nettle/tools/sexp-conv -s transport \| tee test.in
-+ echo "$1" \| sexp-conv -s transport \| tee test.in
- }
-
- die () {
-@@ -10,7 +10,7 @@ die () {
- }
-
- echo foo \| ../tools/spki-make-signature "$srcdir/key-1" \
-- \| ../../nettle/tools/sexp-conv -s transport > test.in
-+ \| sexp-conv -s transport > test.in
-
- echo foo \| ../tools/spki-check-signature "`cat test.in`" \
- \|\| die "Valid signature failed"
---- a/src/spki/testsuite/reduce-test
-+++ b/src/spki/testsuite/reduce-test
-@@ -3,7 +3,7 @@
- # Test case from Oscar Cánovas Reverte
-
- conv () {
-- ../../nettle/tools/sexp-conv -s transport
-+ sexp-conv -s transport
- }
-
- die () {
-@@ -14,7 +14,7 @@ die () {
- check_sexp () {
- file="$1"
- shift
-- ../../nettle/tools/sexp-conv -s canonical > test.canonical \|\| die "sexp-conv failed"
-+ sexp-conv -s canonical > test.canonical \|\| die "sexp-conv failed"
- cmp "$file" test.canonical \|\| die "$@"
- }
-
---- a/src/testsuite/functions.sh
-+++ b/src/testsuite/functions.sh
-@@ -9,7 +9,7 @@ set -e
- : ${LSH_YARROW_SEED_FILE:="$TEST_HOME/.lsh/yarrow-seed-file"}
-
- # For lsh-authorize
--: ${SEXP_CONV:="`pwd`/../nettle/tools/sexp-conv"}
-+: ${SEXP_CONV:="sexp-conv"}
-
- export LSH_YARROW_SEED_FILE SEXP_CONV
-
Index: 2.0.4-dfsg-11/debian/patches/blacklist.patch
===================================================================
--- 2.0.4-dfsg-11/debian/patches/blacklist.patch (revision 103)
+++ 2.0.4-dfsg-11/debian/patches/blacklist.patch (nonexistent)
@@ -1,382 +0,0 @@
-Author: Magnus Holmgren <holmgren@debian.org>
-Description: Check keys against openssh-blacklist
- Check keys before accepting for pubkey authentication as well as on conversion
- by lsh-writekey and lsh-decode-key.
- .
- blacklist.c code copied from the openssh package and adapted for LSH.
-
---- a/src/Makefile.am
-+++ b/src/Makefile.am
-@@ -69,7 +69,8 @@ liblsh_a_SOURCES = abstract_io.c abstrac
- unix_interact.c unix_process.c unix_random.c unix_user.c \
- userauth.c \
- werror.c write_buffer.c write_packet.c \
-- xalloc.c xauth.c zlib.c
-+ xalloc.c xauth.c zlib.c \
-+ blacklist.c
-
- liblsh_a_LIBADD = @LIBOBJS@
-
---- a/src/abstract_crypto.h
-+++ b/src/abstract_crypto.h
-@@ -162,7 +162,9 @@ MAC_DIGEST((instance), lsh_string_alloc(
- (public_key method (string))
-
- ; Returns (public-key (<pub-sig-alg-id> <s-expr>*))
-- (public_spki_key method (string) "int transport")))
-+ (public_spki_key method (string) "int transport")
-+
-+ (key_size method uint32_t)))
- */
-
- #define VERIFY(verifier, algorithm, length, data, slength, sdata) \
-@@ -170,7 +172,7 @@ MAC_DIGEST((instance), lsh_string_alloc(
-
- #define PUBLIC_KEY(verifier) ((verifier)->public_key((verifier)))
- #define PUBLIC_SPKI_KEY(verifier, t) ((verifier)->public_spki_key((verifier), (t)))
--
-+#define KEY_SIZE(verifier) ((verifier)->key_size((verifier)))
-
- /* GABA:
- (class
---- a/src/abstract_crypto.h.x
-+++ b/src/abstract_crypto.h.x
-@@ -161,6 +161,7 @@ struct verifier
- int ((verify))(struct verifier self,int algorithm,uint32_t length,const uint8_t data,uint32_t signature_length,const uint8_t signature_data);
- struct lsh_string ((public_key))(struct verifier *self);
- struct lsh_string ((public_spki_key))(struct verifier *self,int transport);
-+ uint32_t ((key_size))(struct verifier *self);
- };
- extern struct lsh_class verifier_class;
- #endif /* !GABA_DEFINE */
---- /dev/null
-+++ b/src/blacklist.c
-@@ -0,0 +1,152 @@
-+#if HAVE_CONFIG_H
-+#include "config.h"
-+#endif
-+
-+#include <assert.h>
-+
-+#include "atoms.h"
-+#include "format.h"
-+#include "lsh_string.h"
-+#include "werror.h"
-+#include "crypto.h"
-+
-+#include <sys/types.h>
-+#include <sys/stat.h>
-+#include <unistd.h>
-+#include <fcntl.h>
-+#include <string.h>
-+
-+int blacklisted_key(struct verifier *v, int method);
-+
-+/* Scan a blacklist of known-vulnerable keys in blacklist_file. */
-+static int
-+blacklisted_key_in_file(struct lsh_string lsh_hash, struct lsh_string blacklist_file)
-+{
-+ int fd = -1;
-+ const char *hash = 0;
-+ uint32_t line_len;
-+ struct stat st;
-+ char buf[256];
-+ off_t start, lower, upper;
-+ int ret = 0;
-+
-+ debug("Checking blacklist file %S\n", blacklist_file);
-+ fd = open(lsh_get_cstring(blacklist_file), O_RDONLY);
-+ if (fd < 0) {
-+ ret = -1;
-+ goto out;
-+ }
-+
-+ hash = lsh_get_cstring(lsh_hash) + 12;
-+ line_len = strlen(hash);
-+ if (line_len != 20)
-+ goto out;
-+
-+ /* Skip leading comments */
-+ start = 0;
-+ for (;;) {
-+ ssize_t r;
-+ char *newline;
-+
-+ r = read(fd, buf, sizeof(buf));
-+ if (r <= 0)
-+ goto out;
-+ if (buf[0] != '#')
-+ break;
-+
-+ newline = memchr(buf, '\n', sizeof(buf));
-+ if (!newline)
-+ goto out;
-+ start += newline + 1 - buf;
-+ if (lseek(fd, start, SEEK_SET) < 0)
-+ goto out;
-+ }
-+
-+ /* Initialise binary search record numbers */
-+ if (fstat(fd, &st) < 0)
-+ goto out;
-+ lower = 0;
-+ upper = (st.st_size - start) / (line_len + 1);
-+
-+ while (lower != upper) {
-+ off_t cur;
-+ int cmp;
-+
-+ cur = lower + (upper - lower) / 2;
-+
-+ /* Read this line and compare to digest; this is
-+ * overflow-safe since cur < max(off_t) / (line_len + 1) */
-+ if (lseek(fd, start + cur * (line_len + 1), SEEK_SET) < 0)
-+ break;
-+ if (read(fd, buf, line_len) != line_len)
-+ break;
-+ cmp = memcmp(buf, hash, line_len);
-+ if (cmp < 0) {
-+ if (cur == lower)
-+ break;
-+ lower = cur;
-+ } else if (cmp > 0) {
-+ if (cur == upper)
-+ break;
-+ upper = cur;
-+ } else {
-+ ret = 1;
-+ break;
-+ }
-+ }
-+
-+out:
-+ if (fd >= 0)
-+ close(fd);
-+ return ret;
-+}
-+
-+/*
-+ * Scan blacklists of known-vulnerable keys. If a vulnerable key is found,
-+ * its fingerprint is returned in *fp, unless fp is NULL.
-+ */
-+int
-+blacklisted_key(struct verifier *v, int method)
-+{
-+ const char *keytype;
-+ int ret = -1;
-+ const char *paths[] = { "/usr/share/ssh/blacklist", "/etc/ssh/blacklist", NULL };
-+ const char **pp;
-+ struct lsh_string *lsh_hash = ssh_format("%lfxS",
-+ hash_string(&crypto_md5_algorithm,
-+ PUBLIC_KEY(v), 1));
-+ uint32_t keysize = KEY_SIZE(v);
-+
-+ switch (method)
-+ {
-+ case ATOM_SSH_DSS:
-+ case ATOM_DSA:
-+ keytype = "DSA";
-+ break;
-+ case ATOM_SSH_RSA:
-+ case ATOM_RSA_PKCS1_SHA1:
-+ case ATOM_RSA_PKCS1_MD5:
-+ case ATOM_RSA_PKCS1:
-+ keytype = "RSA";
-+ break;
-+ default:
-+ werror("Unrecognized key type");
-+ return -1;
-+ }
-+
-+ for (pp = paths; *pp && ret <= 0; pp++) {
-+ struct lsh_string *blacklist_file = ssh_format("%lz.%lz-%di",
-+ *pp, keytype, keysize);
-+ int r = blacklisted_key_in_file(lsh_hash, blacklist_file);
-+ lsh_string_free(blacklist_file);
-+ if (r > ret) ret = r;
-+ }
-+
-+ if (ret > 0) {
-+ werror("Key is compromised: %z %i %fS\n", keytype, keysize,
-+ lsh_string_colonize(lsh_hash, 2, 0));
-+ } else if (ret < 0) {
-+ verbose("No blacklist for key type %z size %i", keytype, keysize);
-+ }
-+ return ret;
-+}
---- a/src/dsa.c
-+++ b/src/dsa.c
-@@ -189,6 +189,14 @@ do_dsa_public_spki_key(struct verifier *
- "y", self->key.y);
- }
-
-+static uint32_t
-+do_dsa_key_size(struct verifier *v)
-+{
-+ CAST(dsa_verifier, self, v);
-+
-+ return mpz_sizeinbase(self->key.p, 2);
-+}
-+
- static void
- init_dsa_verifier(struct dsa_verifier *self)
- {
-@@ -199,6 +207,7 @@ init_dsa_verifier(struct dsa_verifier *s
- self->super.verify = do_dsa_verify;
- self->super.public_spki_key = do_dsa_public_spki_key;
- self->super.public_key = do_dsa_public_key;
-+ self->super.key_size = do_dsa_key_size;
- }
-
-
---- a/src/lsh-decode-key.c
-+++ b/src/lsh-decode-key.c
-@@ -133,6 +133,10 @@ lsh_decode_key(struct lsh_string *conten
- werror("Invalid dsa key.\n");
- return NULL;
- }
-+ else if (blacklisted_key(v, type) > 0)
-+ {
-+ return NULL;
-+ }
- else
- return PUBLIC_SPKI_KEY(v, 1);
- }
-@@ -150,6 +154,10 @@ lsh_decode_key(struct lsh_string *conten
- werror("Invalid rsa key.\n");
- return NULL;
- }
-+ else if (blacklisted_key(v, type) > 0)
-+ {
-+ return NULL;
-+ }
- else
- return PUBLIC_SPKI_KEY(v, 1);
- }
---- a/src/lsh-writekey.c
-+++ b/src/lsh-writekey.c
-@@ -397,14 +397,18 @@ process_public(const struct lsh_string *
- {
- struct signer *s;
- struct verifier *v;
-+ int algorithm_name;
-
-- s = spki_make_signer(options->signature_algorithms, key, NULL);
-+ s = spki_make_signer(options->signature_algorithms, key, &algorithm_name);
-
- if (!s)
- return NULL;
-
- v = SIGNER_GET_VERIFIER(s);
- assert(v);
-+ if (blacklisted_key(v, algorithm_name) > 0) {
-+ return NULL;
-+ }
-
- return PUBLIC_SPKI_KEY(v, 1);
- }
-@@ -416,7 +420,8 @@ main(int argc, char **argv)
- int private_fd;
- int public_fd;
- struct lsh_string *input;
-- struct lsh_string *output;
-+ struct lsh_string *priv_output;
-+ struct lsh_string *pub_output;
- const struct exception *e;
-
- argp_parse(&main_argp, argc, argv, 0, NULL, options);
-@@ -439,16 +444,22 @@ main(int argc, char **argv)
- return EXIT_FAILURE;
- }
-
-- output = process_private(input, options);
-- if (!output)
-+ pub_output = process_public(input, options);
-+ if (!pub_output)
-+ return EXIT_FAILURE;
-+
-+ priv_output = process_private(input, options);
-+ if (!priv_output)
- return EXIT_FAILURE;
-
-+ lsh_string_free(input);
-+
- private_fd = open_file(options->private_file);
- if (private_fd < 0)
- return EXIT_FAILURE;
-
-- e = write_raw(private_fd, STRING_LD(output));
-- lsh_string_free(output);
-+ e = write_raw(private_fd, STRING_LD(priv_output));
-+ lsh_string_free(priv_output);
-
- if (e)
- {
-@@ -457,18 +468,12 @@ main(int argc, char **argv)
- return EXIT_FAILURE;
- }
-
-- output = process_public(input, options);
-- lsh_string_free(input);
--
-- if (!output)
-- return EXIT_FAILURE;
--
- public_fd = open_file(options->public_file);
- if (public_fd < 0)
- return EXIT_FAILURE;
-
-- e = write_raw(public_fd, STRING_LD(output));
-- lsh_string_free(output);
-+ e = write_raw(public_fd, STRING_LD(pub_output));
-+ lsh_string_free(pub_output);
-
- if (e)
- {
---- a/src/publickey_crypto.h
-+++ b/src/publickey_crypto.h
-@@ -203,5 +203,7 @@ parse_ssh_dss_public(struct simple_buffe
- struct verifier *
- make_ssh_dss_verifier(const struct lsh_string *public);
-
-+int
-+blacklisted_key(struct verifier *v, int method);
-
- #endif /* LSH_PUBLICKEY_CRYPTO_H_INCLUDED */
---- a/src/rsa.c
-+++ b/src/rsa.c
-@@ -167,6 +167,14 @@ do_rsa_public_spki_key(struct verifier *
- self->key.n, self->key.e);
- }
-
-+static uint32_t
-+do_rsa_key_size(struct verifier *v)
-+{
-+ CAST(rsa_verifier, self, v);
-+
-+ return mpz_sizeinbase(self->key.n, 2);
-+}
-+
-
- /* NOTE: To initialize an rsa verifier, one must
- *
-@@ -184,6 +192,7 @@ init_rsa_verifier(struct rsa_verifier *s
- self->super.verify = do_rsa_verify;
- self->super.public_key = do_rsa_public_key;
- self->super.public_spki_key = do_rsa_public_spki_key;
-+ self->super.key_size = do_rsa_key_size;
- }
-
- /* Alternative constructor using a key of type ssh-rsa, when the atom
---- a/src/server_authorization.c
-+++ b/src/server_authorization.c
-@@ -93,7 +93,8 @@ do_key_lookup(struct lookup_verifier *c,
- PUBLIC_SPKI_KEY(v, 0),
- 1));
-
-- if (USER_FILE_EXISTS(keyholder, filename, 1))
-+ if (USER_FILE_EXISTS(keyholder, filename, 1)
-+ && blacklisted_key(v, method) < 1)
- return v;
-
- return NULL;

/2.0.4-dfsg-11/debian/patches/blacklist.patch
Property changes:
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: 2.0.4-dfsg-11/debian/patches/nettle-2.1.patch
===================================================================
--- 2.0.4-dfsg-11/debian/patches/nettle-2.1.patch (revision 103)
+++ 2.0.4-dfsg-11/debian/patches/nettle-2.1.patch (nonexistent)
@@ -1,133 +0,0 @@
-Author: Magnus Holmgren <holmgren@debian.org>
-Description: Adapt to Nettle 2.1
-
---- a/src/spki/verify.c
-+++ b/src/spki/verify.c
-@@ -75,11 +75,11 @@ spki_verify_dsa(const uint8_t *digest,
- dsa_signature_init(&rs);
-
- res = (dsa_keypair_from_sexp_alist(&dsa, NULL,
-- RSA_KEYSIZE_LIMIT, &key->sexp)
-+ RSA_KEYSIZE_LIMIT, DSA_SHA1_Q_BITS, &key->sexp)
- && spki_parse_type(key)
-- && dsa_signature_from_sexp(&rs, &signature->sexp)
-+ && dsa_signature_from_sexp(&rs, &signature->sexp, DSA_SHA1_Q_BITS)
- && spki_parse_type(signature)
-- && dsa_verify_digest(&dsa, digest, &rs));
-+ && dsa_sha1_verify_digest(&dsa, digest, &rs));
-
- dsa_signature_clear(&rs);
- dsa_public_key_clear(&dsa);
---- a/src/dsa.c
-+++ b/src/dsa.c
-@@ -118,7 +118,7 @@ do_dsa_verify(struct verifier *c, int al
- && (atom == ATOM_SSH_DSS)
- && parse_string(&buffer, &buf_length, &buf)
- && !(buf_length % 2)
-- && (buf_length <= (2 * DSA_Q_OCTETS))
-+ && (buf_length <= (2 * DSA_SHA1_Q_OCTETS))
- && parse_eod(&buffer)))
- goto fail;
-
-@@ -143,8 +143,8 @@ do_dsa_verify(struct verifier *c, int al
- if (! (sexp_iterator_first(&i, signature_length, signature_data)
- && sexp_iterator_enter_list(&i)
- && sexp_iterator_assoc(&i, 2, names, values)
-- && nettle_mpz_set_sexp(sv.r, DSA_Q_BITS, &values[0])
-- && nettle_mpz_set_sexp(sv.s, DSA_Q_BITS, &values[1])) )
-+ && nettle_mpz_set_sexp(sv.r, DSA_SHA1_Q_BITS, &values[0])
-+ && nettle_mpz_set_sexp(sv.s, DSA_SHA1_Q_BITS, &values[1])) )
- goto fail;
-
- break;
-@@ -156,7 +156,7 @@ do_dsa_verify(struct verifier *c, int al
- sha1_init(&hash);
- sha1_update(&hash, length, msg);
-
-- res = dsa_verify(&self->key, &hash, &sv);
-+ res = dsa_sha1_verify(&self->key, &hash, &sv);
- fail:
-
- dsa_signature_clear(&sv);
-@@ -212,7 +212,7 @@ parse_ssh_dss_public(struct simple_buffe
-
- if (parse_bignum(buffer, res->key.p, DSA_MAX_OCTETS)
- && (mpz_sgn(res->key.p) == 1)
-- && parse_bignum(buffer, res->key.q, DSA_Q_OCTETS)
-+ && parse_bignum(buffer, res->key.q, DSA_SHA1_Q_OCTETS)
- && (mpz_sgn(res->key.q) == 1)
- && (mpz_cmp(res->key.q, res->key.p) < 0) /* q < p */
- && parse_bignum(buffer, res->key.g, DSA_MAX_OCTETS)
-@@ -269,7 +269,7 @@ do_dsa_sign(struct signer *c,
- dsa_signature_init(&sv);
- sha1_init(&hash);
- sha1_update(&hash, msg_length, msg);
-- dsa_sign(&self->verifier->key, &self->key,
-+ dsa_sha1_sign(&self->verifier->key, &self->key,
- self->random, lsh_random, &hash, &sv);
-
- debug("do_dsa_sign: r = %xn, s = %xn\n", sv.r, sv.s);
-@@ -323,7 +323,7 @@ make_dsa_verifier(struct signature_algor
- NEW(dsa_verifier, res);
- init_dsa_verifier(res);
-
-- if (dsa_keypair_from_sexp_alist(&res->key, NULL, DSA_MAX_BITS, i))
-+ if (dsa_keypair_from_sexp_alist(&res->key, NULL, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i))
- return &res->super;
-
- KILL(res);
-@@ -342,7 +342,7 @@ make_dsa_signer(struct signature_algorit
-
- dsa_private_key_init(&res->key);
-
-- if (dsa_keypair_from_sexp_alist(&verifier->key, &res->key, DSA_MAX_BITS, i))
-+ if (dsa_keypair_from_sexp_alist(&verifier->key, &res->key, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i))
- {
- res->random = self->random;
- res->verifier = verifier;
---- a/src/crypto.c
-+++ b/src/crypto.c
-@@ -251,10 +251,6 @@ make_des3_cbc_instance(struct crypto_alg
- const uint8_t key, const uint8_t iv)
- {
- NEW(des3_instance, self);
-- uint8_t pkey[DES3_KEY_SIZE];
--
-- /* Fix odd parity */
-- des_fix_parity(DES3_KEY_SIZE, pkey, key);
-
- self->super.block_size = DES3_BLOCK_SIZE;
- self->super.crypt = ( (mode == CRYPTO_ENCRYPT)
-@@ -263,19 +259,13 @@ make_des3_cbc_instance(struct crypto_alg
-
- CBC_SET_IV(&self->ctx, iv);
-
-- if (des3_set_key(&self->ctx.ctx, pkey))
-+ if (des3_set_key(&self->ctx.ctx, key))
- return(&self->super);
--
-- switch(self->ctx.ctx.status)
-+ else
- {
-- case DES_BAD_PARITY:
-- fatal("Internal error! Bad parity in make_des3_instance.\n");
-- case DES_WEAK_KEY:
- werror("Detected weak DES key.\n");
- KILL(self);
- return NULL;
-- default:
-- fatal("Internal error!\n");
- }
- }
-
---- a/src/lsh-keygen.c
-+++ b/src/lsh-keygen.c
-@@ -217,7 +217,7 @@ dsa_generate_key(struct randomness *r, u
- if (dsa_generate_keypair(&public, &private,
- r, lsh_random,
- NULL, progress,
-- 512 + 64 * level))
-+ 512 + 64 * level, DSA_SHA1_Q_BITS))
- {
- key =
- lsh_string_format_sexp(0,
Index: 2.0.4-dfsg-11/debian/patches/testsuite-mini-inetd-localhost.patch
===================================================================
--- 2.0.4-dfsg-11/debian/patches/testsuite-mini-inetd-localhost.patch (revision 103)
+++ 2.0.4-dfsg-11/debian/patches/testsuite-mini-inetd-localhost.patch (nonexistent)
@@ -1,15 +0,0 @@
-Description: Tell mini-inetd to bind to 127.0.0.1 instead of "localhost".
- When told to bind to "localhost", mini-inetd seems to bind to 255.255.255.255.
-Author: Magnus Holmgren <holmgren@debian.org>
-
---- a/src/testsuite/functions.sh
-+++ b/src/testsuite/functions.sh
-@@ -155,7 +155,7 @@ spawn_lshg () {
- # at_connect local-port max-connections shell-command
- at_connect () {
- # sleep 1 # Allow some time for earlier processes to die
-- mini-inetd -m $2 -- localhost:$1 /bin/sh sh -c "$3" &
-+ mini-inetd -m $2 -- 127.0.0.1:$1 /bin/sh sh -c "$3" &
- at_exit "kill $!"
- }
-
Index: 2.0.4-dfsg-11/debian/patches/series
===================================================================
--- 2.0.4-dfsg-11/debian/patches/series (revision 103)
+++ 2.0.4-dfsg-11/debian/patches/series (nonexistent)
@@ -1,10 +0,0 @@
-nonettle.patch
-sftp-server-mansection.patch
-better-errmsg-when-dotlsh-missing.patch
-nettle-2.0.patch
-nettle-2.1.patch
-blacklist.patch
-terminate-on-connection-failure.patch
-ipv6-v6only.patch
-testsuite-mini-inetd-localhost.patch
-serpent-byteorder.patch
Index: 2.0.4-dfsg-11/debian/patches/serpent-byteorder.patch
===================================================================
--- 2.0.4-dfsg-11/debian/patches/serpent-byteorder.patch (revision 103)
+++ 2.0.4-dfsg-11/debian/patches/serpent-byteorder.patch (nonexistent)
@@ -1,31 +0,0 @@
-Author: Niels Möller <nisse@lysator.liu.se>
-Description: Correct Serpent test case that depended on broken Serpent implementation in Nettle < 2.2
-Origin: upstream, http://cvs.lysator.liu.se/viewcvs/viewcvs.cgi/lsh/src/testsuite/serpent-test.c?root=lsh&r1=1.1&r2=1.2
-
-===================================================================
-RCS file: /cvsroot/lsh/lsh/src/testsuite/serpent-test.c,v
-retrieving revision 1.1
-retrieving revision 1.2
-diff -u -r1.1 -r1.2
---- lsh/src/testsuite/serpent-test.c 2002/03/05 11:55:41 1.1
-+++ lsh/src/testsuite/serpent-test.c 2011/05/02 12:54:26 1.2
-@@ -1,5 +1,8 @@
- #include "testutils.h"
-
-+/* Note: In Nettle up to version 2.1, the serpent implementation did
-+ some broken byte reversal on input and output. This testcase will
-+ fail with old versions of nettle. */
- int
- test_main(void)
- {
-@@ -8,8 +11,8 @@
- "0011223344556677 8899AABBCCDDEEFF"),
- H("0000000000000000 0000000000000000"
- "1111111111111111 1111111111111111"),
-- H("687a151886b6dc16 8d2b667c3b8d5226"
-- "e63a6c8b3009859c 8ee559565befb77e"),
-+ H("c170ed586cfda8fe 084f01ef04475883"
-+ "b9eb25819813023f 2938e97bdf4597c8"),
- H("0011223344556677 8899AABBCCDDEEFF"));
- SUCCESS();
- }
Index: 2.0.4-dfsg-11/debian/patches/sftp-server-mansection.patch
===================================================================
--- 2.0.4-dfsg-11/debian/patches/sftp-server-mansection.patch (revision 103)
+++ 2.0.4-dfsg-11/debian/patches/sftp-server-mansection.patch (nonexistent)
@@ -1,16 +0,0 @@
-Description: Invent manual section 8lsh for lsh's sftp-server
- (To avoid conflicts without having to rename the sftp-server binary.)
-Author: Magnus Holmgren <holmgren@debian.org>
-
-diff -urNad trunk~/src/sftp/sftp-server.8 trunk/src/sftp/sftp-server.8
---- trunk~/src/sftp/sftp-server.8 2006-05-08 21:11:17.000000000 +0200
-+++ trunk/src/sftp/sftp-server.8 2007-10-03 20:48:35.000000000 +0200
-@@ -22,7 +22,7 @@
- .\" maintainers of the package you received this manual from and make your
- .\" modified versions available to them.
- .\"
--.TH SFTP-SERVER 8 "NOVEMBER 2004" SFTP-SERVER "Lsh Manuals"
-+.TH SFTP-SERVER 8lsh "NOVEMBER 2004" SFTP-SERVER "Lsh Manuals"
- .SH NAME
- sftp-server - Server for the sftp subsystem
- .SH SYNOPSIS

/2.0.4-dfsg-11/debian/patches/sftp-server-mansection.patch
Property changes:
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: 2.0.4-dfsg-11/debian/patches/ipv6-v6only.patch
===================================================================
--- 2.0.4-dfsg-11/debian/patches/ipv6-v6only.patch (revision 103)
+++ 2.0.4-dfsg-11/debian/patches/ipv6-v6only.patch (nonexistent)
@@ -1,22 +0,0 @@
-Author: Magnus Holmgren <holmgren@debian.org>
-Description: Set the IPV6_V6ONLY socket option on AF_INET6 sockets
- Since lshd by default enumerates available address families and calls
- bind() once for each, conflicts will occur otherwise.
-
-diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' trunk~/src/io.c trunk/src/io.c
---- trunk~/src/io.c 2006-01-23 18:49:58.000000000 +0100
-+++ trunk/src/io.c 2010-07-27 02:17:04.000000000 +0200
-@@ -1690,6 +1690,13 @@
- {
- int yes = 1;
- setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char*)&yes, sizeof yes);
-+#if WITH_IPV6 && defined (IPV6_V6ONLY)
-+ if (local->sa_family == AF_INET6)
-+ {
-+ if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &yes, sizeof(yes)) < 0)
-+ werror("setsockopt IPV6_V6ONLY failed: %e.\n", errno);
-+ }
-+#endif
- }
-
- if (bind(s, local, length) < 0)

/2.0.4-dfsg-11/debian/patches/ipv6-v6only.patch
Property changes:
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: 2.0.4-dfsg-11/debian/changelog
===================================================================
--- 2.0.4-dfsg-11/debian/changelog (revision 103)
+++ 2.0.4-dfsg-11/debian/changelog (nonexistent)
@@ -1,631 +0,0 @@
-lsh-utils (2.0.4-dfsg-11) unstable; urgency=low
-
- * Review templates and package description by the debian-l10n-english team
- (Closes: #686212). Thanks to David Prévot for coordinating.
-
- [ Debconf translations ]
- * Portuguese, Rui Branco (Closes: #687146).
- * Russian, Yuri Kozlov (Closes: #687188).
- * Czech, Martin Šín (Closes: #687263).
- * Polish, Michał Kułach (Closes: #687549).
- * Italian, Beatrice Torracca (Closes: #687773).
- * French, David Prévot (Closes: #687810).
- * Danish, Joe Hansen (Closes: #687833).
- * German, Holger Wansing (Closes: #687979).
- * Japanese, Hideki Yamane.
- * Vietnamese, Nguyen Vu Hung (Closes: #688175).
- * Slovak, Slavko (Closes: #688193).
- * Swedish, Martin Bagge (edited slightly by me) (Closes: #688419).
- * Spanish, Javier Fernández-Sanguino (Closes: #688925).
-
- -- Magnus Holmgren <holmgren@debian.org> Sun, 30 Sep 2012 22:54:03 +0200
-
-lsh-utils (2.0.4-dfsg-10) unstable; urgency=low
-
- * Default to deleting host key on purge (Closes: #670433). It's only a
- host key, not significant amounts of user-generated data, so there's
- no good reason that a purge shouldn't delete it.
- * Correct misspelling of debconf key, which caused the host key never to
- be deleted.
- * Add Italian debconf localization. (Closes: #666425). Thanks to
- Beatrice Torracca and the Italian localization team.
- * Read settings from /etc/default/lsh-server in the config script
- (Closes: #620809) and add an EXTRA_ARGS variable that can be used to
- specify additional arguments to lshd (Closes: #592595).
- * Bump Standards-Version to 3.9.3.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 30 Jun 2012 17:58:46 +0200
-
-lsh-utils (2.0.4-dfsg-9) unstable; urgency=low
-
- * serpent-byteorder.patch: Correct Serpent test case that depended on
- broken Serpent implementation in Nettle prior to 2.2 (Closes: #646653,
- I hope). Build-depend on nettle-dev >= 2.2 for the same reason.
- * Build-depend on libgmp-dev, which is now the real package, instead of
- libgmp10-dev.
- * Use dpkg-buildflags.
- * Bump Standards-Version to 3.9.2.
-
- -- Magnus Holmgren <holmgren@debian.org> Thu, 10 Nov 2011 23:19:52 +0100
-
-lsh-utils (2.0.4-dfsg-8) unstable; urgency=low
-
- * Change source format to 3.0 (quilt), renaming all patches
- from .dpatch to .patch and dropping the numbers.
- * While 30_nonettle.dpatch was a script that used sed to modify
- instances of Makefile.in, nonettle.patch patches Makefile.am files as
- well as configure.ac. dh-autoremake is used to call autoremake before
- configure and to restore the effects in the clean target. The
- src/nettle subdirectory still needs to be renamed to avoid its header
- files from being found; that is now done in debian/rules.
- * Switch from CDBS to a more old-style debian/rules to get better
- control over the build process.
- * Increase Debhelper compat level to 7.
- * blacklist.patch: Don't reject when blacklisted_key() returns -1,
- indicating no blacklist file for the key type and/or size in question
- exists.
- * nettle-2.1.patch (new): Build with Nettle 2.1.
- * Enable tests.
- testsuite-mini-inetd-localhost.patch (new): When told to bind to
- "localhost", mini-inetd, which is used in certain (optional) tests,
- seems to bind to 255.255.255.255, which is of course no good. Tell it
- to bind to 127.0.0.1 instead.
- * debian/lsh-doc.doc-base: Change section to the new `Network/Remote Access'.
-
- -- Magnus Holmgren <holmgren@debian.org> Sun, 20 Mar 2011 01:30:08 +0100
-
-lsh-utils (2.0.4-dfsg-7) unstable; urgency=low
-
- * terminate_on_connection_failure.dpatch (new): Make sure that lsh exits
- if it fails to connect to the remote host (Closes: #485812).
- * ipv6_v6only.dpatch (new): Set the IPV6_V6ONLY socket option on
- AF_INET6 sockets; since lshd by default enumerates available address
- families and calls bind() once for each, conflicts will occur
- otherwise.
- * lsh-server.postinst: If openssh-server is installed and lsh-server is
- configured to use port 22, shut down sshd in addition to disabling it
- (Closes: #567945).
- * lsh-server.postinst: Close fd 3 (opened by debconf) to avoid "Closed
- spurious fd" warnings.
- * debian/control: Declare Breaks instead of Conflicts for files moved
- between packages.
- * Upgraded to Standards-Version 3.9.1 with the preceding change.
- * debian/control (lsh-server): Drop old Conflicts: lsh-utils (<<
- 1.0.2-3).
-
- -- Magnus Holmgren <holmgren@debian.org> Sun, 01 Aug 2010 20:52:37 +0200
-
-lsh-utils (2.0.4-dfsg-6) unstable; urgency=low
-
- * Change libreadline build dependency to just libreadline-dev
- (Closes: #553804).
- * Add new debconf template translations:
- + Japanese from Hideki Yamane (Closes: #558082)
- + Spanish from Shukoh (Closes: #557008)
- Credit to the respective Debian translation teams.
- * Fix a spelling error in one of the debconf templates, run
- debconf-updatepo, clean out the old obsolete translation entries, and
- perform some trivial maintenance on the Nynorsk file.
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 28 Nov 2009 17:57:30 +0100
-
-lsh-utils (2.0.4-dfsg-5) unstable; urgency=low
-
- * lsh-server.init.d: Don't suppress start/stop messages when $VERBOSE =
- "no". /etc/init.d/skeleton is not a good example in this matter.
- * blacklist.dpatch: Check keys against openssh-blacklist before
- accepting for pubkey authentication as well as on conversion by
- lsh-writekey and lsh-decode-key.
- * lsh-server: Depend on openssh-blacklist, recommend -blacklist-extra.
- lsh-utils: Recommend openssh-blacklist and -blacklist-extra.
- * Move seed and key creation back to postinst and import RSA key from
- openssh-server if it exists (Closes: #211252).
- * debian/mans/lcp.1: Fix errors.
-
- -- Magnus Holmgren <holmgren@debian.org> Sun, 08 Nov 2009 20:18:17 +0100
-
-lsh-utils (2.0.4-dfsg-4) unstable; urgency=high
-
- * lsh-server.init.d: Fix critical exit status ($?) handling mistake
- (Closes: #545090).
-
- -- Magnus Holmgren <holmgren@debian.org> Sat, 05 Sep 2009 00:44:45 +0200
-
-lsh-utils (2.0.4-dfsg-3) unstable; urgency=low
-
- * lsh-doc: Depend on dpkg (>= 1.15.4) \| install-info as recommended for
- the transition to triggerized install-info.
- * Add ${misc:Depends} to Depends in case Debhelper needs it in the
- future.
- * Increase Debhelper compat level to 5.
- * Build with Nettle 2.0 (nettle-dev) (Closes: #543131).
- * nettle_2.0.dpatch created to adapt to API changes.
- * 30_nonettle.dpatch modified to add -lhogweed to LDADD where
- appropriate.
- * Add ANNOUNCE to lsh-doc.
- * Rewrite lsh-server.init.d a bit:
- * Use LSB logging functions.
- * Let lshd daemonize and create/delete its pid file by itself.
- * Change the Provides: line in the LSB header to "lsh-server" and
- declare that it should start before the services that depend on an
- SSH server (Closes: #542689). Thanks to Petter Reinholdtsen.
- * Support the status action.
- * Drop the no longer useful lsh-server-config script.
- * Upgrade to Standards-Version 3.8.3:
- * Add README.source.
- * Drop obsolete manpages from debian/mans.
-
- -- Magnus Holmgren <holmgren@debian.org> Thu, 03 Sep 2009 00:55:45 +0200
-
-lsh-utils (2.0.4-dfsg-2) unstable; urgency=low
-
- * 40_better_errmsg_when_dotlsh_missing.dpatch (new): In unix_random.c,
- check whether the seed file exists before trying to lock it, and give
- the hint about running lsh-make-seed if it doesn't (Closes: #485856).
- * Update doc-base section of lsh-doc to match current structure.
- * Remove inactive maintainer as requested by the MIA team and put myself
- in charge (Closes: #487137).
- * Upgrade lsh-client's Recommends of lsh-utils to a Depends. It's not
- huge and lsh-client is almost useless without it in most cases
- (Closes: #481073).
- * Use --as-needed to avoid unnecessary dependencies.
-
- -- Magnus Holmgren <holmgren@debian.org> Wed, 25 Jun 2008 16:40:16 +0200
-
-lsh-utils (2.0.4-dfsg-1) unstable; urgency=low
-
- * New upstream release (Closes: #422199)
- - Repackaged without non-free RFC (src/nettle/testsuite/rfc1750.txt)
- (Closes: #408490).
- - Drop 01_fix_manpages.dpatch; incorporated upstream.
- - Fixes X11 forwarding bug.
- * New co-maintainer added.
- * Rename lsh-utils-doc as lsh-doc. We'll rename the source package after
- Sarge is gone.
- * Drop the tarball-in-tarball format and ship a "normal" .orig.tar.gz.
- - Drop 02_fix_perms.dpatch.
- - Add some extra cleanup in debian/rules.
- * Increase Standards-Version to 3.7.3. No changes needed.
- * Put some more docs in the packages: README and ChangeLog is now in all
- packages, AUTHORS in lsh-utils. Update debian/copyright to refer to
- /usr/share/doc/lsh-utils/AUTHORS (Closes: #421108).
- * debian/control: Use ${binary:Version} substitution variable instead of
- ${source-version}.
- * Review Build-depends: Drop patchutils, comerr-dev (redundant),
- po-debconf (redundant), xutils (makes no difference); add
- autotools-dev, scsh-0.6 (as alternative to guile-1.6).
- * Drop lshc, the deprecated alias for lsh (Closes: #417426).
- * 30_nonettle.dpatch: Link dynamically with libnettle-dev instead of
- statically with the bundled nettle (Closes: #412138).
- * Don't provide sexp-conv; let lsh-client depend on nettle-bin instead.
- * Move lsftp and lcp to lsh-client.
- * Put sftp-server in /usr/lib/lsh-server and put the manpage in section
- 8lsh instead of renaming it (new 20_sftp-server_mansection.dpatch).
- * Ship lsh.html in lsh-doc.
- * Add doc-base entry.
- * debian/control: Add Homepage field.
- * debian/watch: Update dversionmangle to strip -dfsg suffix.
-
- -- Magnus Holmgren <holmgren@debian.org> Thu, 01 May 2008 19:22:18 +0200
-
-lsh-utils (2.0.2-1.1) unstable; urgency=low
-
- * Non-maintainer upload to fix longstanding l10n issues
- * Debconf templates translations:
- - Swedish added. Closes: #351641
- - Portuguese added. Sent during the call for updates of the NMU campaign.
- * Lintian fixes:
- - Do not Build-depend on build-essential
- - Add a very basic LSB header to the init script
-
- -- Christian Perrier <bubulle@debian.org> Wed, 13 Dec 2006 22:02:11 +0100
-
-lsh-utils (2.0.2-1) unstable; urgency=low
-
- * New upstream release
- * The fd leak in the server is known as CVE-2006-0353
- * Support for aes256-ctr.
- * Newer nettle library.
- * Fix for some more fd leaks, but none in the debian default
- configuration.
-
- -- Stefan Pfetzing <dreamind@dreamind.de> Sat, 28 Jan 2006 05:42:16 +0100
-
-lsh-utils (2.0.1cdbs-4) unstable; urgency=high
-
- * Remove silly debconf questions and correct others. (Closes: Bug#337026)
- * Switch to dpatch.
- * Make lsh-utils build on a grsecurity system.
- * Remove /var/spool/lsh upon purge.
- * Update Vietnamese debconf translation.
- * Update German debconf translation.
- * Update Danish debconf translation.
- * Update Czech debconf translation.
- * Update Dutch debconf translation.
- * Update Russian debconf translation. (Closes: Bug#349180)
- * Update French debconf translation. (Closes: Bug#348822)
- * Have lsh-server provide ssh-server. (Closes: Bug#348844)
- * Update the watch file format version to the latest (3).
- * Have uscan remove the "cdbs" version extension.
- * Fix fd leak in the lsh-server.
- This is to be security related, so upload it with a high urgency.
- (Closes: Bug#349303)
-
- -- Stefan Pfetzing <dreamind@dreamind.de> Sun, 22 Jan 2006 06:30:43 +0100
-
-lsh-utils (2.0.1cdbs-3) unstable; urgency=low
-
- * The 2.0 release removed the "pesky" identity file error.
- (Closes: Bug#214167)
- * Update Danish debconf translation.
- * Update Vietnamese debconf translation.
- * Update French debconf translation. (Closes: Bug#347543)
- * Update Russian debconf translation. (Closes: Bug#348138)
- * Do not regenerate debian/rules. (Closes: Bug#347891)
-
- -- Stefan Pfetzing <dreamind@dreamind.de> Sun, 15 Jan 2006 21:02:36 +0100
-
-lsh-utils (2.0.1cdbs-2) unstable; urgency=low
-
- * No longer build-depend on xlibs-dev, use libxau-dev instead.
- (Closes: Bug#347143)
- * Depend on comerr-dev too, otherwise kerberos support would be broken.
-
- -- Stefan Pfetzing <dreamind@dreamind.de> Thu, 12 Jan 2006 19:34:23 +0100
-
-lsh-utils (2.0.1cdbs-1) unstable; urgency=low
-
- * Change the build system to cdbs.
- (And hopefully don't introduce any new bugs.)
- * Make lintian happy with the odieresis in the manpages.
- * Fix debian/control, so it can be autogenerated by cdbs.
- * Conflict lsh, and rename lshc to lsh.
- * Include a small shell script to notify users.
- * Make stop act the same way graceful-stop was doing already.
- This helps not to accidently kill your own lsh connection.
- * Update debconf po files.
- * Update the German debconf translation.
- * Remove the SSH1 notice from lsh-server's package description.
- * Make the lsh-server package suggest lsh-client or openssh-client.
- * Add a small note on how to use the lsh client. (Closes: Bug#109899)
- * No longer FTBFS because of wrong debian/rules. (Closes: Bug#344747)
- * Update Czech translation. (Closes: Bug#345141)
-
- -- Stefan Pfetzing <dreamind@dreamind.de> Mon, 9 Jan 2006 00:36:44 +0100
-
-lsh-utils (2.0.1-5) unstable; urgency=low
-
- * Make lsh-utils depend on lsh-client. (Closes: Bug#338014)
- * Fix lshg to look for lshc instead of lsh. (Closes: Bug#320554)
- * Fix lcp to look for lshc instead of lsh. (Closes: Bug#338015)
- * Add lcp manpage. (Closes: Bug#338017)
- * Clarify package description. lsh should be considered stable now.
- (Closes: Bug#211317)
- * Update Russian debconf translation. (Closes: Bug#338170)
- * Update French debconf translation. (Closes: Bug#338104)
- * Update Danish debconf translation. (Closes: Bug#337017)
- * Change guile1.4-slib to guile-1.6 since slib.scm is included
- with guile-1.6-libs, and we need the scheme interpreter.
- * Add myself to the uploaders list.
- * Approve NMUs.
- (Closes: Bug#300496,Bug#318211,Bug#326328,Bug#326329,Bug#332012)
- (Closes: Bug#271911,Bug#312617,Bug#313975,Bug#304697,Bug#319933)
-
- -- Stefan Pfetzing <dreamind@dreamind.de> Thu, 10 Nov 2005 21:36:44 +0100
-
-lsh-utils (2.0.1-4.2) unstable; urgency=low
-
- * NMU.
- * Make sftp support availible via debconf. (Closes: Bug#304697)
- * Rebuild against libreadline5 and change build-deps.
- (Closes: Bug#326328,Bug#326329)
- * Rebuild with fixed debconf deps. (Closes: Bug#332012)
- * Update FSF address in debian/copyright.
- * Add czech po file. (Closes: Bug#319933)
-
- -- Stefan Pfetzing <dreamind@dreamind.de> Mon, 31 Oct 2005 14:21:54 +0100
-
-lsh-utils (2.0.1-4.1) unstable; urgency=low
-
- * NMU.
- * Trigger a rebuild to build against libgmp3c2. (Closes: Bug#318211)
- * Make lsh-server suggest openssh-client or ssh.
- * Fix Package description (Closes: Bug#271911)
- * Add vietnamese debconf localization. (Closes: Bug#312617)
- * Update german debconf localization. (Closes: Bug#313975)
- * Rebuild fixes lshc host-acls (Closes: Bug#300496)
- * Bump standards-version, no changes needed. (make lintian happy)
-
- -- Stefan Pfetzing <dreamind@dreamind.de> Sun, 14 Aug 2005 17:04:55 +0200
-
-lsh-utils (2.0.1-4) unstable; urgency=high
-
- * Trigger a rebuild, because the i386 package wasn't built properly.
- (Closes: Bug#309365)
-
- -- Simon Law <sfllaw@debian.org> Mon, 16 May 2005 16:54:00 -0400
-
-lsh-utils (2.0.1-3) unstable; urgency=high
-
- * Remove the unnecessary nettle-lfib-stream program. (Closes: Bug#308233)
-
- -- Simon Law <sfllaw@debian.org> Mon, 9 May 2005 19:25:56 -0400
-
-lsh-utils (2.0.1-2.1) unstable; urgency=high
-
- * NMU
- * Remove --nist-level option to lsh-keygen since it has changed to using RSA
- keys now and the old --nist-level setting breaks it. Closes: #301968
- * High urgency upload since 2.0.1 is needed in testing due to the security
- fix.
-
- -- Joey Hess <joeyh@debian.org> Sat, 9 Apr 2005 15:02:22 -0400
-
-lsh-utils (2.0.1-2) unstable; urgency=high
-
- * Fix up path resolution problems. (Closes: Bug#301039)
- Thanks to Stefan Pfetzing <dreamind@dreamind.de>
- * Added a build-depends on m4. (Closes: Bug#300874)
- * Denial of service attack is now known as CAN-2005-0814.
-
- -- Simon Law <sfllaw@debian.org> Sat, 26 Mar 2005 13:29:27 -0500
-
-lsh-utils (2.0.1-1) unstable; urgency=high
-
- * New upstream release
- - Fix denial of service attack documented in CAN-2005-0389
-
- -- Simon Law <sfllaw@debian.org> Fri, 18 Mar 2005 17:24:10 -0500
-
-lsh-utils (2.0-1) unstable; urgency=high
-
- * New upstream release.
- * Remove extraneous symlinks. (Closes: Bug#291010)
- * Acknowledge NMUs. (Closes: Bug#293020, Bug#255643)
-
- -- Simon Law <sfllaw@debian.org> Thu, 17 Mar 2005 18:51:12 -0500
-
-lsh-utils (1.4.2-8.2) unstable; urgency=low
-
- * Non-maintainer upload with maintainer"s agreement
- * Fix FTBFS with gcc-4.0 for amd64 builds
- Thanks to Andreas Jochens for providing the patch
- Closes: #293020
-
- -- Christian Perrier <bubulle@debian.org> Tue, 1 Feb 2005 07:10:17 +0100
-
-lsh-utils (1.4.2-8.1) unstable; urgency=low
-
- * Non-maintainer upload with maintainer's agreement
- for fixing longstanding l10n issues
- * Translations:
- - French added. Closes: #255643
- - Danish added. Thanks to Claus Hindsgaul
- - Russian added. Thanks to Yuri Kozlov
- - Norwegian Nynorsk added. Thanks to Håvard Korsvoll
- - Dutch added. Thanks to Luk Claes.
- * Typo fixes in templates (translations unfuzzied):
- - s/woul dlike/would like
- - s/ifyou/if you
-
- -- Christian Perrier <bubulle@debian.org> Thu, 13 Jan 2005 23:29:09 +0100
-
-lsh-utils (1.4.2-8) unstable; urgency=medium
-
- * Register sexp-conv with the alternatives system so that it doesn't
- conflict with the binary of the same name (and function) shipped with
- nettle-bin (Closes: Bug#274772)
- - This kludge brought to you by Marek Habersack <grendel@debian.org>.
-
- -- Simon Law <sfllaw@debian.org> Sun, 5 Dec 2004 15:15:59 -0500
-
-lsh-utils (1.4.2-7) unstable; urgency=low
-
- * New maintainer.
- * Fix build problem. (Closes: Bug#242040)
- * Use gettext-based Debconf templates. Thanks to Martin Quinson.
- (Closes: Bug#239870)
- * Upgraded to Policy 3.6.1.
- * Upgraded to Debhelper 4.
-
- -- Simon Law <sfllaw@debian.org> Wed, 2 Jun 2004 17:56:39 -0400
-
-lsh-utils (1.4.2-6) unstable; urgency=HIGH
-
- * Applied patch to fix root security hole (closes: #211662)
- * Build kerberos support against heimdal rather than krb (closes: #199067)
-
- -- Timshel Knoll <timshel@debian.org> Sat, 20 Sep 2003 11:42:27 +1000
-
-lsh-utils (1.4.2-5) unstable; urgency=low
-
- * debian/control: Removed alternative of scsh in place of guile1.4-slib from
- Build-Depends, we really need the latter to build lsh. (closes: #192771)
-
- -- Timshel Knoll <timshel@debian.org> Sun, 8 Jun 2003 17:44:58 +1000
-
-lsh-utils (1.4.2-4) unstable; urgency=low
-
- * Just Build-Depend on liboop-dev, not liboop4-dev \| liboop-dev (there is
- no liboop4-dev, whoops!) (closes: #192172)
- * lsh-server: Added lintian override for missing-debconf-dependency
- (lsh-server falls back to asking the user if debconf isn't installed)
-
- -- Timshel Knoll <timshel@debian.org> Thu, 8 May 2003 02:24:52 +1000
-
-lsh-utils (1.4.2-3) unstable; urgency=low
-
- * debian/control: Priority: extra; lsh-utils-doc changed to Section: doc
- * Policy 3.5.9
- * Re-compile against liboop4
-
- -- Timshel Knoll <timshel@debian.org> Wed, 30 Apr 2003 23:08:41 +1000
-
-lsh-utils (1.4.2-2) unstable; urgency=low
-
- * debian/control: Build-Depend on xutils (closes: #160666)
- * Rename sftp-server to sftp-server.lsh to work around name conflict with
- ssh's sftp-server. (closes: #160611) Maybe this should eventually be
- handled with alternatives?
-
- -- Timshel Knoll <timshel@debian.org> Fri, 13 Sep 2002 11:14:43 +1000
-
-lsh-utils (1.4.2-1) unstable; urgency=low
-
- * New upstream release, a number of new programs come in this release
- * debian/control: Added lots of new Build-Depends: for 1.4.x series:
- + liboop-dev required for main lsh servers
- + xlibs-dev the lshc client now supports X11 forwarding and hence
- links with libXau: yay!
- + libkrb5-dev for the lsh-krb-checkpw password helper program. This is
- still not working however, see README.Debian for details,
- but I've left the Build-Dep here in stubborn hope :-)
- + libwrap-dev For lots of the lsh programs to use the TCP wrappers
- + libpam-dev Required for the lsh-pam-checkpw password helper program
- + libreadline-dev Required for lsftp's the interactive mode
- * debian/lsh-server.{config,templates,postrm}: ask whether to remove
- host keys when lsh-server is purged, all versions of lshd from now on
- should not disconnect users when the server is restarted - very useful
- when lsh'd into a box doing an "apt-get install lsh-server" !!! :-)
- * debian/lsh-server.config: modularised. Now uses a function
- for each debconf question, and has an array of function references.
- Check it out :-)
- * debian/mans/<lots-of-stuff>:
- Added manpages for new programs, updated some existing manpages
- * lshd now needs a random seed file, which needs to be generated before lshd
- can be run. Unfortunately, this operation requires user input, so this
- can't really be done in the postinst (problems with debconf etc.). This
- also means that the host key can't be generated in the postinst, since
- lsh-keygen and lsh-writekey both need the random seed to exist.
- * debian/lsh-server.init.d: generate the host key here if the random seed
- exists, fail if it doesn't.
-
- -- Timshel Knoll <timshel@debian.org> Wed, 11 Sep 2002 12:42:56 +1000
-
-lsh-utils (1.2.5-3) unstable; urgency=low
-
- * debian/control:
- - Updated description to remove "export from US is illegal" information
- - Removed France from the list of countries where crypto may be illegal
- * debian/mans/{srp-gen.1,sexp-conv.1}: manpage neatened / errors fixed
- * debian/scripts/lsh-server-config, debian/lsh-server.postrm:
- Also create / remove /etc/ssh/sshd_not_to_be_run at appropriate times to
- prevent sshd from being run, not just /etc/ssh/NOSERVER
- * debian/lsh-server.init.d: fixed issues with ssh1 fallback, it didn't work
- before (typo in variable names)
-
- -- Timshel Knoll <timshel@debian.org> Mon, 15 Apr 2002 22:41:58 +1000
-
-lsh-utils (1.2.5-2) unstable; urgency=low
-
- * Packages moved into main from non-US, yay! Now Section: net
- * Fixed &>/dev/null bash-ism redirects in upstream's lsh-authorize
- replaced with >/dev/null 2>&1
- * debian/control: fixed misspelling in -doc package description
- (closes: #125097)
- * src/lsh.c: changed "lsh" references to "lshc" (closes: #109898)
-
- -- Timshel Knoll <timshel@debian.org> Wed, 27 Mar 2002 01:07:34 +1100
-
-lsh-utils (1.2.5-1) unstable; urgency=low
-
- * New upstream release
- * Added German debconf translation (thanks to Sebastian Feltel)
- (closes: #114339)
- * debian/copyright: fixed misspelling, common-licences -> common-licenses
-
- -- Timshel Knoll <timshel@debian.org> Tue, 30 Oct 2001 15:44:43 +1100
-
-lsh-utils (1.2.3-1) unstable; urgency=low
-
- * New upstream release
- * debian/control: Don't Build-Depend on libgmp2-dev (closes: #104285)
-
- -- Timshel Knoll <timshel@debian.org> Thu, 12 Jul 2001 11:26:47 +1000
-
-lsh-utils (1.2.2-2) unstable; urgency=low
-
- * Applied Niel's IPv6 patch, to get lshd working on systems without IPv6
- (closes: Bug#97623)
-
- -- Timshel Knoll <timshel@debian.org> Wed, 23 May 2001 09:38:03 +1000
-
-lsh-utils (1.2.2-1) unstable; urgency=low
-
- * New upstream release
-
- -- Timshel Knoll <timshel@debian.org> Sat, 12 May 2001 23:58:20 +1000
-
-lsh-utils (1.2.1-1) unstable; urgency=low
-
- * New upstream release
-
- -- Timshel Knoll <timshel@debian.org> Sat, 21 Apr 2001 21:52:01 +1000
-
-lsh-utils (1.2-1) unstable; urgency=low
-
- * New upstream release
- * Fixes do debian/installmans.pl's manpage section regex and sanity
- checking
- * Added manpage for new binary lshg (in lsh-client package), did
- some updates for the lshc binary as options have been added.
- * Heaps of packaging fixes/updates.
-
- -- Timshel Knoll <timshel@debian.org> Thu, 12 Apr 2001 13:02:27 +1000
-
-lsh-utils (1.0.2-3) unstable; urgency=low
-
- * debian/control: Split into 4 packages, lsh-utils, lsh-client,
- lsh-server and lsh-utils-doc, Standards-Version: 3.5.2,
- Build-Depends: zlib1g-dev -> libz-dev, added guile1.4-slib \| scsh
- * Pulled original upstream configure script back in and modified that
- rather than re-generating with autoconf, which made for a huge .diff.gz.
- * lsh-server package debconf-ized, lsh-server-config script added
- to configure lshd.
- * debian/rules: Added support for DEB_BUILD_OPTIONS=nostrip,debug
-
- -- Timshel Knoll <timshel@debian.org> Mon, 9 Apr 2001 23:59:47 -0700
-
-lsh-utils (1.0.2-2) unstable; urgency=low
-
- * Changed order of ./configure checks for gmp.h and gmp2/gmp.h to fix
- compile failure - this now checks for gmp2/gmp.h first and thus fixes
- the problem. This compile is against libgmp3.
- * debian/installmans.pl: perl Debian::Debhelper program to install manpages
- properly - this replaces the dh_installmanpages call in debian/rules
- which will mean that manpages are installed under their correct names.
- (ie. lsh.1 will be installed as lshc.1) (closes: Bug#88197).
- * debian/control: Standards-Version: 3.1.1, Build-Depends: added
- (including texinfo and libgmp2-dev \| libgmp3-dev
- - (closes: Bug#79645, Bug#84532)).
- * debian/rules: Removed call to obsolete dh_suidregister.
- * debian/init.d: changed default port of lshd from 2223 to 2222 (it should
- have been this from the start, since ssh runs on port 22 _not_ 23). :-)
-
- -- Timshel Knoll <timshel@debian.org> Tue, 13 Mar 2001 09:54:33 +1100
-
-lsh-utils (1.0.2-1) unstable; urgency=low
-
- * New upstream release (closes: Bug#75042)
-
- -- Timshel Knoll <timshel@debian.org> Tue, 12 Dec 2000 11:38:13 +1100
-
-lsh-utils (1.0.1-2) unstable; urgency=low
-
- * Fixed typo in debian/postinst (lsh_writekey needs -o before output
- filename) (closes: Bug#71240)
-
- -- Timshel Knoll <timshel@debian.org> Mon, 18 Sep 2000 23:52:02 +1100
-
-lsh-utils (1.0.1-1) unstable; urgency=low
-
- * New upstream release
-
- -- Timshel Knoll <timshel@debian.org> Tue, 18 Jul 2000 19:10:12 +1000
-
-lsh-utils (0.9.9-1) unstable; urgency=low
-
- * Initial Release.
-
- -- Timshel Knoll <timshel@debian.org> Thu, 15 Jun 2000 16:30:33 +1000
-
Index: 2.0.4-dfsg-11/debian/lsh-server.templates
===================================================================
--- 2.0.4-dfsg-11/debian/lsh-server.templates (revision 103)
+++ 2.0.4-dfsg-11/debian/lsh-server.templates (nonexistent)
@@ -1,41 +0,0 @@
-# These templates have been reviewed by the debian-l10n-english
-# team
-#
-# If modifications/additions/rewording are needed, please ask
-# debian-l10n-english@lists.debian.org for advice.
-#
-# Even minor modifications require translation updates and such
-# changes should be coordinated with translators and reviewers.
-
-Template: lsh-server/lshd_port
-Type: string
-Default: 22
-_Description: lsh server port:
- The default port for lshd is 22. If lshd should run on a different port,
- please specify the alternative port here. If you specify 22, you will
- need to manually disable any other SSH servers running on port 22, other
- than OpenSSH (from the package openssh-server), which will be disabled
- automatically if you choose 22 here.
-
-Template: lsh-server/sftp
-Type: boolean
-Default: false
-_Description: Enable the SFTP subsystem?
- Please choose whether you want to use the EXPERIMENTAL lsh SFTP support.
- .
- Since it is experimental, the default is for it to be disabled, but it
- can be enabled now or later by manually changing /etc/default/lsh-server.
-
-Template: lsh-server/purge_hostkey
-Type: boolean
-Default: true
-_Description: Remove host key on purge?
- When this package is installed, a host key is generated to authenticate
- your host.
- .
- Please choose whether you want to purge the host key when the package
- is removed.
-
-Template: lsh-server/extra_args
-Type: string
-_Description: Additional arguments to pass to lshd:
Index: 2.0.4-dfsg-11/debian/lsh-utils.install
===================================================================
--- 2.0.4-dfsg-11/debian/lsh-utils.install (revision 103)
+++ 2.0.4-dfsg-11/debian/lsh-utils.install (nonexistent)
@@ -1,11 +0,0 @@
-usr/bin/lsh-authorize
-usr/bin/lsh-decode-key
-usr/bin/lsh-decrypt-key
-usr/bin/lsh-export-key
-usr/bin/lsh-keygen
-usr/bin/lsh-make-seed
-usr/bin/lsh-upgrade
-usr/bin/lsh-upgrade-key
-usr/bin/lsh-writekey
-usr/bin/srp-gen
-usr/bin/ssh-conv
Index: 2.0.4-dfsg-11/debian/rules
===================================================================
--- 2.0.4-dfsg-11/debian/rules (revision 103)
+++ 2.0.4-dfsg-11/debian/rules (nonexistent)
@@ -1,117 +0,0 @@
-#!/usr/bin/make -f
-# -- makefile --
-# Sample debian/rules that uses debhelper.
-# GNU copyright 1997 to 1999 by Joey Hess.
-
-# Uncomment this to turn on verbose mode.
-#export DH_VERBOSE=1
-
-# These are used for cross-compiling and for saving the configure script
-# from having to guess our platform (since we know it already)
-DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
-DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
-
-ifeq ($(DEB_BUILD_GNU_TYPE), $(DEB_HOST_GNU_TYPE))
- buildflags = --build=$(DEB_BUILD_GNU_TYPE)
-else
- buildflags = --build=$(DEB_BUILD_GNU_TYPE) --host=$(DEB_HOST_GNU_TYPE)
-endif
-
-parallel = $(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS)))
-ifneq (,$(parallel))
-jobsflag = -j$(parallel)
-endif
-
-config.status: configure.ac
- dh_testdir
- # Add here commands to configure the package.
- [ -d src/nettle-dontuse -a ! -d src/nettle ] \|\| mv src/nettle src/nettle-dontuse
- dh_autoreconf
- ./configure $(buildflags) \
- --prefix=/usr \
- --disable-dependency-tracking \
- --enable-pam --enable-kerberos --enable-srp \
- --with-pty --enable-tcp-forward --enable-x11-forward \
- --enable-agent-forward --enable-ipv6 --enable-utmp \
- --with-zlib --with-tcpwrappers --with-sshd1=/usr/sbin/sshd \
- --with-x XAUTH_PROGRAM=/usr/bin/xauth \
- $(shell DEB_LDFLAGS_MAINT_PREPEND="-Wl,-z,defs -Wl,--as-needed" dpkg-buildflags --export=configure)
-
-build: build-stamp
-build-stamp: config.status
- dh_testdir
-
- # Add here commands to compile the package.
- $(MAKE) $(jobsflag) MAKEINFO='makeinfo --enable-encoding'
-ifeq (,$(filter nocheck,$(DEB_BUILD_OPTIONS)))
- $(MAKE) check
-endif
-
- touch build-stamp
-
-clean:
- dh_testdir
- dh_testroot
- rm -f build-stamp
-
- # Add here commands to clean up after the build process.
- [ ! -f Makefile ] \|\| $(MAKE) distclean
- dh_autoreconf_clean
- dh_clean
- [ -d src/nettle -a ! -d src/nettle-dontuse ] \|\| mv src/nettle-dontuse src/nettle
-
-install: build
- dh_testdir
- dh_testroot
- dh_prep
- dh_installdirs
-
- # Add here commands to install the package into debian/tmp
- $(MAKE) install DESTDIR=$(CURDIR)/debian/tmp
-
-build-indep build-arch: build
-
-# Build architecture-independent files here.
-binary-indep: build-indep install
- dh_testdir
- dh_testroot
- dh_install -i --sourcedir=debian/tmp
- dh_link -i
- dh_installchangelogs -i ChangeLog
- dh_installdocs -i -A README
- dh_installinfo -i
- dh_installman -i
- dh_installdebconf -i
- dh_compress -i
- dh_fixperms -i
- dh_makeshlibs -i
- dh_installdeb -i
- dh_shlibdeps -i
- dh_gencontrol -i
- dh_md5sums -i
- dh_builddeb -i
-
-# Build architecture-dependent files here.
-binary-arch: build-arch install
- dh_testdir
- dh_testroot
- dh_install -a --sourcedir=debian/tmp
- dh_link -a
- dh_installchangelogs -a ChangeLog
- dh_installdocs -a -A README
- dh_installexamples -a
- dh_installman -a
- dh_installinit -a
- dh_installdebconf -a
- dh_strip -a
- dh_compress -a
- dh_fixperms -a
- dh_makeshlibs -a
- dh_installdeb -a
- dh_shlibdeps -a
- dh_gencontrol -a
- dh_md5sums -a
- dh_builddeb -a
-
-binary: binary-arch binary-indep
-.PHONY: build-indep build-arch build clean clean-patched binary-indep binary-arch binary install

/2.0.4-dfsg-11/debian/rules
Property changes:
Deleted: svn:executable
## -1 +0,0 ##
-*
\ No newline at end of property
Index: 2.0.4-dfsg-11/debian/lsh-client.manpages
===================================================================
--- 2.0.4-dfsg-11/debian/lsh-client.manpages (revision 103)
+++ 2.0.4-dfsg-11/debian/lsh-client.manpages (nonexistent)
@@ -1,4 +0,0 @@
-debian/mans/lcp.1
-doc/lsh.1
-doc/lshg.1
-src/sftp/lsftp.1
Index: 2.0.4-dfsg-11/debian/lsh-server.config
===================================================================
--- 2.0.4-dfsg-11/debian/lsh-server.config (revision 103)
+++ 2.0.4-dfsg-11/debian/lsh-server.config (nonexistent)
@@ -1,119 +0,0 @@
-#!/usr/bin/perl -w
-#
-# debconf config script for lsh-server
-#
-# Copyright (c) 2000, 2001, 2002 Timshel Knoll <timshel@debian.org>
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-#
-# On Debian systems, see /usr/share/common-licenses/GPL for the GNU GPL.
-#
-use strict;
-use Debconf::Client::ConfModule ':all';
-
-
-sub ask_whether_to_purge_hostkey {
- &input ("medium", "lsh-server/purge_hostkey");
- my @ret = &go ();
-
- return ($ret[0] == 30 ? -1 : 1);
-}
-
-
-sub get_lshd_port {
- &input ("medium", "lsh-server/lshd_port");
- my @ret = &go ();
-
- my $port = &get ("lsh-server/lshd_port");
-
- if ($port and $port !~ m/^\d+$/) {
- $port = (getservbyname ($port, "tcp"))[2];
- }
-
- unless ($port) {
- # invalid service entered: wasn't a number, and
- # getservbyname failed, try again ...
- # FIXME: try putting some sort of error message here?
- &reset ("lsh-server/lshd_port");
- return 0;
- }
-
- return ($ret[0] == 30 ? -1 : 1);
-}
-
-
-
-sub ask_whether_to_enable_sftp {
- &input ("medium", "lsh-server/sftp");
- my @ret = &go ();
-
- return ($ret[0] == 30 ? -1 : 1);
-}
-
-
-sub configure () {
- my $state = 0;
-
- # The list of things to do, in order
- # Aren't really long, descriptive function names fun ;-)
- my @states = (
- \&ask_whether_to_purge_hostkey,
- \&get_lshd_port,
- \&ask_whether_to_enable_sftp
- );
-
- # This is 1 or -1, depending on whether we're going forward or backward
- # Required because otherwise when we back up to a question doesn't need
- # to be asked, the engine will go forward again :-(
- my $step = 1;
-
- until ($state > $#states) {
- if ($state < 0) {
- $state = 0;
- # We may have got here because of "backing up" to a question which
- # was skipped, so make sure we're going forward from here to avoid
- # an infinite loop
- $step = 1;
- }
-
- $step = &{ $states[$state] } ($step);
-
- $state += $step;
- }
-}
-
-
-
-die "Syntax error: no argument" if (@ARGV <= 0);
-
-version ('2.0');
-
-my $capb = &capb ('backup');
-
-system {'sh'} 'sh', '-c', <<'EOF';
-[ -e /etc/default/lsh-server ] \|\| exit 0
-. /etc/default/lsh-server
-. /usr/share/debconf/confmodule
-
-db_set lsh-server/lshd_port "$LSHD_PORT" \|\| true
-db_set lsh-server/sftp "$ENABLE_SFTP" \|\| true
-db_set lsh-server/extra_args "$EXTRA_ARGS" \|\| true
-EOF
-
-if ($ARGV[0] eq "configure" \|\| $ARGV[0] eq "reconfigure") {
- &configure ();
-}
-
-
-
Index: 2.0.4-dfsg-11/debian/mans/lsh-execuv.8
===================================================================
--- 2.0.4-dfsg-11/debian/mans/lsh-execuv.8 (revision 103)
+++ 2.0.4-dfsg-11/debian/mans/lsh-execuv.8 (nonexistent)
@@ -1,70 +0,0 @@
-.\" Hey, EMACS: -- nroff --
-.\" First parameter, NAME, should be all caps
-.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
-.\" other parameters are allowed: see man(7), man(1)
-.TH LSH-EXECUV 8 "Jul 05 2002" lsh-execuv "lsh manuals"
-.\" Please adjust this date whenever revising the manpage.
-.\"
-.\" Some roff macros, for reference:
-.\" .nh disable hyphenation
-.\" .hy enable hyphenation
-.\" .ad l left justify
-.\" .ad b justify to both left and right margins
-.\" .nf disable filling
-.\" .fi enable filling
-.\" .br insert line break
-.\" .sp <n> insert n+1 empty lines
-.\" for manpage-specific macros, see man(7)
-.SH NAME
-lsh-execuv \- program to securely execute a program as another user
-.SH SYNOPSIS
-.B lsh-execuv
-.RI [ options ] " program " [ -- ] " real-argv"
-.SH DESCRIPTION
-This manual page documents briefly the
-.B lsh-execuv
-command.
-This manual page was written for the Debian distribution
-because the original program does not have a manual page.
-.PP
-.\" TeX users may be more comfortable with the \fB<whatever>\fP and
-.\" \fI<whatever>\fP escape sequences to invode bold face and italics,
-.\" respectively.
-\fBlsh-execuv\fP is a utility program for the lsh server that securely executes
-a program as a different user.
-another user.
-.SH OPTIONS
-A summary of options is included below.
-.TP
-.B \-u \fIuid\fP
-setuid to numeric \fIuid\fP before running \fIprogram\fP. Usernames are
-not supported, only numeric uids.
-.TP
-.B \-g \fIgid\fP
-setgid to numeric \fIgid\fP before running \fIprogram\fP. Group names are
-not supported, only numeric gids.
-.TP
-.B \-n \fIuser-name\fP
-User name, needed for initgroups
-.TP
-.B \-i
-Call initgroups, requires that -n \fIuser-name\fP be specified.
-.TP
-.B \-c
-Clear the list of supplimentary groups.
-.TP
-.B \-p
-Use $PATH variable to search for program.
-.TP
-.B \-?
-Show summary of options.
-.SH SEE ALSO
-.BR lsh (1),
-.BR lshd (8).
-.BR
-The programs are documented fully by
-.IR "Lsh" ,
-available via the Info system.
-.SH AUTHOR
-This manual page was written by Timshel Knoll <timshel@debian.org>,
-for the Debian GNU/Linux system (but may be used by others).
Index: 2.0.4-dfsg-11/debian/mans/lsh-pam-checkpw.8
===================================================================
--- 2.0.4-dfsg-11/debian/mans/lsh-pam-checkpw.8 (revision 103)
+++ 2.0.4-dfsg-11/debian/mans/lsh-pam-checkpw.8 (nonexistent)
@@ -1,53 +0,0 @@
-.\" Hey, EMACS: -- nroff --
-.\" First parameter, NAME, should be all caps
-.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
-.\" other parameters are allowed: see man(7), man(1)
-.TH LSH-PAM-CHECKPW 8 "Jul 05 2002" lsh-pam-checkpw "lsh manuals"
-.\" Please adjust this date whenever revising the manpage.
-.\"
-.\" Some roff macros, for reference:
-.\" .nh disable hyphenation
-.\" .hy enable hyphenation
-.\" .ad l left justify
-.\" .ad b justify to both left and right margins
-.\" .nf disable filling
-.\" .fi enable filling
-.\" .br insert line break
-.\" .sp <n> insert n+1 empty lines
-.\" for manpage-specific macros, see man(7)
-.SH NAME
-lsh-pam-checkpw \- program to check a PAM username/password combination
-.SH SYNOPSIS
-.B lsh-pam-checkpw
-.RI username-to-check
-.SH DESCRIPTION
-This manual page documents briefly the
-.B lsh-pam-checkpw
-command.
-This manual page was written for the Debian distribution
-because the original program does not have a manual page.
-Instead, it has documentation in the GNU Info format; see below.
-.PP
-.\" TeX users may be more comfortable with the \fB<whatever>\fP and
-.\" \fI<whatever>\fP escape sequences to invode bold face and italics,
-.\" respectively.
-\fBlsh-pam-checkpw\fP is a program that checks if a username and password
-combination is valid for login by doing a PAM lookup. It is designed to be
-used as a password helper program for \fBlshd (8)\fP, (eg.
-\fB\-\-password\-helper=/usr/sbin/lsh-pam-checkpw\fP.
-.PP
-.B lsh-pam-checkpw
-takes one required argument, which is the username, and reads the password from
-stdin, then returns 0 if the password is valid, or 1 otherwise. Note that the
-password must be supplied exactly, ie. there must be no newline after the
-password, so if invoking from a shell, just type "<your-password><CTRL-D>".
-.SH SEE ALSO
-.BR lsh (1),
-.BR lshd (8).
-.BR
-The programs are documented fully by
-.IR "Lsh" ,
-available via the Info system.
-.SH AUTHOR
-This manual page was written by Timshel Knoll <timshel@debian.org>,
-for the Debian GNU/Linux system (but may be used by others).
Index: 2.0.4-dfsg-11/debian/mans/lsh-export-key.1
===================================================================
--- 2.0.4-dfsg-11/debian/mans/lsh-export-key.1 (revision 103)
+++ 2.0.4-dfsg-11/debian/mans/lsh-export-key.1 (nonexistent)
@@ -1,77 +0,0 @@
-.\" Hey, EMACS: -- nroff --
-.\" First parameter, NAME, should be all caps
-.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
-.\" other parameters are allowed: see man(7), man(1)
-.TH LSH-EXPORT-KEY 1 "Apr 19, 2002" lsh-export-key "lsh manuals"
-.\" Please adjust this date whenever revising the manpage.
-.\"
-.\" Some roff macros, for reference:
-.\" .nh disable hyphenation
-.\" .hy enable hyphenation
-.\" .ad l left justify
-.\" .ad b justify to both left and right margins
-.\" .nf disable filling
-.\" .fi enable filling
-.\" .br insert line break
-.\" .sp <n> insert n+1 empty lines
-.\" for manpage-specific macros, see man(7)
-.SH NAME
-lsh-export-key \- Converts an s-expression to the OpenSSH/SSH2 encoding format.
-.SH SYNOPSIS
-.B lsh-export-key
-.RI [ options ]
-.SH DESCRIPTION
-\fBlsh-export-key\fP is a utility which reads an s-expression on stdin,
-and writes the same s-expression to stdout, using the OpenSSH/SSH2
-encoding format.
-.SH OPTIONS
-These programs follow the usual GNU command line syntax, with long
-options starting with two dashes (`-').
-A summary of options is included below.
-.TP
-.B \-c, \-\-comment=\fIcomment\fP
-Adds \fIcomment\fP to output key as its comment
-.TP
-.B \-o, \-\-output\-file=\fIfilename\fP
-Write output key to \fIfilename\fP, default is stdout
-.TP
-.B \-r, \-\-input\-file=\fIfilename\fP
-Read input key from \fIfilename\fP, default is stdin
-.TP
-.B \-s, \-\-subject=\fIsubject\fP
-Adds \fIsubject\fP to the output key as its subject
-.TP
-.B \-\-debug
-Prints huge amounts of debug information
-.TP
-.B \-q, \-\-quiet
-Suppress all warnings and diagnostic messages
-.TP
-.B \-\-trace
-Detailed program trace
-.TP
-.B \-\-verbose
-verbose diagnostic messages
-.TP
-.B \-i, \-\-input\-format=\fIformat\fP
-Input is in the \fIformat\fP variant of s-expression syntax, \fIformat\fP must
-be one of "transport", "canonical", "advanced" or "international"
-.TP
-.B \-?, \-\-help
-Show summary of options
-.TP
-.B \-\-usage
-Prints a short usage message
-.TP
-.B \-V, \-\-version
-Prints the program version
-.SH SEE ALSO
-.BR lsh (1),
-.BR lshd (8),
-.BR sexp-conv (1),
-.BR ssh-conv (1),
-.BR lsh-decode-key (1).
-.br
-.SH AUTHOR
-This manual page was written by Timshel Knoll <timshel@debian.org>,
-for the Debian GNU/Linux system (but may be used by others).
Index: 2.0.4-dfsg-11/debian/mans/srp-gen.1
===================================================================
--- 2.0.4-dfsg-11/debian/mans/srp-gen.1 (revision 103)
+++ 2.0.4-dfsg-11/debian/mans/srp-gen.1 (nonexistent)
@@ -1,90 +0,0 @@
-.\" Hey, EMACS: -- nroff --
-.\" First parameter, NAME, should be all caps
-.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
-.\" other parameters are allowed: see man(7), man(1)
-.TH SRP-GEN 1 "Apr 10, 2002" srp-gen "lsh manuals"
-.\" Please adjust this date whenever revising the manpage.
-.\"
-.\" Some roff macros, for reference:
-.\" .nh disable hyphenation
-.\" .hy enable hyphenation
-.\" .ad l left justify
-.\" .ad b justify to both left and right margins
-.\" .nf disable filling
-.\" .fi enable filling
-.\" .br insert line break
-.\" .sp <n> insert n+1 empty lines
-.\" for manpage-specific macros, see man(7)
-.SH NAME
-srp-gen \- generate a password verifier for the SRP protocol.
-.SH SYNOPSIS
-.B srp-gen
-.RI [ options ]
-.SH DESCRIPTION
-This manual page documents briefly the
-.B srp-gen
-command.
-This manual page was written for the Debian GNU/Linux distribution
-because the original program does not have a manual page.
-Instead, it has documentation in the GNU Info format; see below.
-.PP
-.\" TeX users may be more comfortable with the \fB<whatever>\fP and
-.\" \fI<whatever>\fP escape sequences to invode bold face and italics,
-.\" respectively.
-\fBsrp-gen\fP is a program that generates a password verifier for the Secure
-Remote Password protocol. The password verifier should be stored as
-~/.lsh/srp-verifier on the target (remote) machine on which you want to
-authenticate using SRP.
-
-For more information about SRP, see the "srp" node of the "Getting started"
-section of the Lsh manual available via the info system.
-.SH OPTIONS
-This program follows the usual GNU command line syntax, with long
-options starting with two dashes (`-').
-A summary of options is included below.
-For a complete description, see the Info files.
-.TP
-.B \-l, \-\-user=\fIusername\fP
-User name.
-.TP
-.B \-o, \-\-output\-file=\fIfilename\fP
-The file to output to. Default is to output to stdout.
-.TP
-.B \-p, \-\-password=\fIpassword\fP
-The password to use.
-.TP
-.B \-\-debug
-Print lots of debug information.
-.TP
-.B \-q, \-\-quiet
-Suppress all warnings and diagnostic messages.
-.TP
-.B \-\-trace
-Detailed trace.
-.TP
-.B \-v, \-\-verbose
-Print verbose diagnostic messages.
-.TP
-.B \-f, \-\-output\-format=format
-The S-expression output format. Valid sexp formats are: transport, canonical,
-advanced and international.
-.TP
-.B \-?, \-\-help
-Show summary of options.
-.TP
-.B \-\-usage
-Show a short usage message.
-.TP
-.B \-V, \-\-version
-Show version of program.
-.SH SEE ALSO
-.BR lsh (1),
-.BR lshd (1),
-.BR sexp-conv (1).
-.br
-The lsh programs (including this one) are documented fully by
-.IR "Lsh" ,
-available via the Info system.
-.SH AUTHOR
-This manual page was written by Timshel Knoll <timshel@debian.org>,
-for the Debian GNU/Linux system (but may be used by others).
Index: 2.0.4-dfsg-11/debian/mans/lsh-krb-checkpw.8
===================================================================
--- 2.0.4-dfsg-11/debian/mans/lsh-krb-checkpw.8 (revision 103)
+++ 2.0.4-dfsg-11/debian/mans/lsh-krb-checkpw.8 (nonexistent)
@@ -1,53 +0,0 @@
-.\" Hey, EMACS: -- nroff --
-.\" First parameter, NAME, should be all caps
-.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
-.\" other parameters are allowed: see man(7), man(1)
-.TH LSH-KRB-CHECKPW 8 "Nov 15 2005" lsh-krb-checkpw "lsh manuals"
-.\" Please adjust this date whenever revising the manpage.
-.\"
-.\" Some roff macros, for reference:
-.\" .nh disable hyphenation
-.\" .hy enable hyphenation
-.\" .ad l left justify
-.\" .ad b justify to both left and right margins
-.\" .nf disable filling
-.\" .fi enable filling
-.\" .br insert line break
-.\" .sp <n> insert n+1 empty lines
-.\" for manpage-specific macros, see man(7)
-.SH NAME
-lsh-krb-checkpw \- program to check a Kerberos username/password combination
-.SH SYNOPSIS
-.B lsh-krb-checkpw
-.RI username-to-check
-.SH DESCRIPTION
-This manual page documents briefly the
-.B lsh-krb-checkpw
-command.
-This manual page was written for the Debian distribution
-because the original program does not have a manual page.
-Instead, it has documentation in the GNU Info format; see below.
-.PP
-.\" TeX users may be more comfortable with the \fB<whatever>\fP and
-.\" \fI<whatever>\fP escape sequences to invode bold face and italics,
-.\" respectively.
-\fBlsh-krb-checkpw\fP is a program that checks if a username and password
-combination is valid for login by doing a kerberos lookup. It is designed to be
-used as a password helper program for \fBlshd (8)\fP, (eg.
-\fB\-\-password\-helper=/usr/sbin/lsh-krb-checkpw\fP.
-.PP
-.B lsh-krb-checkpw
-takes one required argument, which is the username, and reads the password from
-stdin, then returns 0 if the password is valid, or 1 otherwise. Note that the
-password must be supplied exactly, ie. there must be no newline after the
-password, so if invoking from a shell, just type "<your-password><CTRL-D>".
-.SH SEE ALSO
-.BR lsh (1),
-.BR lshd (8).
-.BR
-The programs are documented fully by
-.IR "Lsh" ,
-available via the Info system.
-.SH AUTHOR
-This manual page was written by Timshel Knoll <timshel@debian.org>,
-for the Debian GNU/Linux system (but may be used by others).
Index: 2.0.4-dfsg-11/debian/mans/lcp.1
===================================================================
--- 2.0.4-dfsg-11/debian/mans/lcp.1 (revision 103)
+++ 2.0.4-dfsg-11/debian/mans/lcp.1 (nonexistent)
@@ -1,73 +0,0 @@
-.\" -- nroff --
-.\"
-.\" lcp.1
-.\"
-.Dd November 8, 2005
-.Dt LCP 1
-.Os
-.Sh NAME
-.Nm lcp
-.Nd Secure remote file copy
-.Sh SYNOPSIS
-.Nm lcp
-.Bk -words
-.Op Fl fvn
-.Sm off
-.Oo
-.Op Ar user No @
-.Ar host1 No :
-.Oc Ns Ar file1
-.Sm on
-.Sm off
-.Oo
-.Op Ar user No @
-.Ar host2 No :
-.Oc Ar file2
-.Sm on
-.Ek
-.\"
-.Sh DESCRIPTION
-.Nm
-is a program that securely copies files between two hosts on a
-network. This is intended as a secure replacement for
-.Xr rcp 1 .
-Note
-that both the source and the destination can be on remote machines.
-.\"
-.Sh OPTIONS
-Available options:
-.\"
-.Bl -tag -width Ds
-.It Fl \-help
-Show summary of options.
-.It Fl f, \-force
-Overwrite existing files.
-.It Fl v, \-version
-Display commands before they are executed.
-.It Fl n, \-dry\-run
-Don't execute any commands. Implies -v.
-.El
-.\"
-.\"
-.Sh ENVIRONMENT
-.Bl -tag -width ".Ev LSFTP_RSH"
-.It Ev LSFTP_RSH
-The program to use for the SSH tunnel. If the variable is not set, lcp
-defaults to using lsh.
-.El
-.\"
-.Sh "REPORTING BUGS"
-Report bugs to <bug-lsh@gnu.org>.
-.\"
-.Sh AUTHOR
-The lsh program suite is written mainly by Niels M\[:o]ller <nisse@lysator.liu.se>.
-.\"
-This man-page was written for
-the Debian GNU/Linux system by Charles Fry <debian@frogcircus.org>.
-.\"
-.Sh "SEE ALSO"
-.Xr rcp 1 ,
-.Xr scp 1 ,
-.Xr lsftp 1 ,
-.Xr lsh 1 ,
-.Xr lshd 8
Index: 2.0.4-dfsg-11/debian/mans/lsh_proxy.8
===================================================================
--- 2.0.4-dfsg-11/debian/mans/lsh_proxy.8 (revision 103)
+++ 2.0.4-dfsg-11/debian/mans/lsh_proxy.8 (nonexistent)
@@ -1,129 +0,0 @@
-.\" Hey, EMACS: -- nroff --
-.\" First parameter, NAME, should be all caps
-.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
-.\" other parameters are allowed: see man(7), man(1)
-.TH LSH_PROXY 1 "Apr 19, 2000" lsh_proxy "Lsh manuals"
-.\" Please adjust this date whenever revising the manpage.
-.\"
-.\" Some roff macros, for reference:
-.\" .nh disable hyphenation
-.\" .hy enable hyphenation
-.\" .ad l left justify
-.\" .ad b justify to both left and right margins
-.\" .nf disable filling
-.\" .fi enable filling
-.\" .br insert line break
-.\" .sp <n> insert n+1 empty lines
-.\" for manpage-specific macros, see man(7)
-.SH NAME
-lsh_proxy \- Server for the ssh-2 protocol.
-.SH SYNOPSIS
-.B lsh_proxy
-.RI [ options ]
-.SH DESCRIPTION
-This manual page documents briefly the
-.B lsh_proxy
-command.
-.SH OPTIONS
-These programs follow the usual GNU command line syntax, with long
-options starting with two dashes (`-').
-A summary of options is included below.
-For a complete description, see the Info files.
-.TP
-.B \-D, \-\-destination=\fIdestination:port\fP
-Destination ssh server address (transparent if not given).
-.TP
-.B \-h, \-\-host\-key=\fIkey\-file\fP
-Location of the server's public key.
-.TP
-.B \-\-interface=\fIinterface\fP
-Listen on this network interface.
-.TP
-.B \-\-no\-tcp\-forward
-Disable TCP/IP forwarding.
-.TP
-.B \-p, \-\-port=\fIport\fP
-Listen on this port.
-.TP
-.B \-\-tcp\-forward
-Enable TCP/IP forwarding (default).
-.TP
-.B \-c, \-\-crypto=\fIcrypto\-algorithm\fP
-The crypto algorithm to use. Supported types of \fIcrypto\-algorithm\fP (in
-order of preference) are "3des-cbc", "twofish-cbc", "cast128-cbc",
-"serpent-cbc@lysator.liu.se", "rijndael@lysator.liu.se", "blowfish-cbc",
-"arcfour", "none". The default is to use triple-DES in CBC mode ("3des-cbc").
-You may also specify "all" to enable all supported crypto
-algorithms (except "none").
-.TP
-.B \-\-hostkey\-algorithm=\fIhostkey\-algorithm\fP
-The hostkey algorithm to use. Supported types of \fIhostkey\-algorithm\fP (in
-order of preference) are "ssh-dss", "spki", "none".
-.TP
-.B \-m, \-\-mac=\fImac\-algorithm\fP
-The MAC (message authentication) algorithm to use. Supported types of
-\fImac\-algorithm\fP (in order of preference) are "hmac-sha1", "hmac-md5",
-"none".
-.TP
-.B \-z, \-\-compression[=\fIcompression\-algorithm\fP]
-The compression algorithm to use. Supported types of
-\fIcompression\-algorithm\fP are "none", "zlib". The default preference list
-supports zlib compression, but prefers not to use it. If \-z or \-\-compression
-is specified with no argument, the compression algorithm list is changed to
-"zlib", "none", which means that zlib is the preferred method of compression.
-A somewhat unobvious consequence of -z having an optional argument is that if
-you provide an argument, it must follow directly after the option letter, no
-spaces allowed.
-.TP
-.B \-\-list\-algorithms
-List supported crypto, compression, MAC and hostkey algorithms.
-.TP
-.B \-i, \-\-input\-format=\fIformat\fP
-Accept S-expressions of format \fIformat\fP.
-.TP
-.B \-\-daemonic
-Run in the background, redirect stdio to /dev/null, chdir to /.
-.TP
-.B \-\-enable\-core
-Dump core on fatal errors (disabled by default).
-.TP
-.B \-\-no\-daemonic
-Run in the foreground, with messages to stderr (default).
-.TP
-.B \-\-no\-pid\-file
-Don't use any pid file. Default in non-daemonic mode.
-.TP
-.B \-\-pid\-file=\fIpid\-file\fP
-Create pid file \fIpid\-file\fP. When running in daemonic mode, the default is
-/var/run/lsh_proxy.pid.
-.TP
-.B \-\-debug
-Print huge amounts of debug information.
-.TP
-.B \-q, \-\-quiet
-Suppress all warnings and diagnostic messages.
-.TP
-.B \-\-trace
-Print a detailed program trace.
-.TP
-.B \-\-verbose
-Print verbose diagnostic messages.
-.TP
-.B \-?, \-\-help
-Show summary of options.
-.TP
-.B \-\-usage
-Give a short usage message.
-.TP
-.B \-V, \-\-version
-Show version of program.
-.SH SEE ALSO
-.BR lsh (1).
-.BR lshd (8)
-.BR
-The programs are documented fully by
-.IR "Lsh" ,
-available via the Info system.
-.SH AUTHOR
-This manual page was written by Robert Bihlmeyer <robbe@orcus.priv.at>,
-for the Debian GNU/Linux system (but may be used by others).
Index: 2.0.4-dfsg-11/debian/lsh-server.install
===================================================================
--- 2.0.4-dfsg-11/debian/lsh-server.install (revision 103)
+++ 2.0.4-dfsg-11/debian/lsh-server.install (nonexistent)
@@ -1,5 +0,0 @@
-usr/sbin/lshd
-usr/sbin/lsh-execuv
-usr/sbin/lsh-krb-checkpw
-usr/sbin/lsh-pam-checkpw
-usr/sbin/sftp-server usr/lib/lsh-server
Index: 2.0.4-dfsg-11/debian/source/format
===================================================================
--- 2.0.4-dfsg-11/debian/source/format (revision 103)
+++ 2.0.4-dfsg-11/debian/source/format (nonexistent)
@@ -1 +0,0 @@
-3.0 (quilt)
Index: 2.0.4-dfsg-11/debian/lsh-doc.doc-base
===================================================================
--- 2.0.4-dfsg-11/debian/lsh-doc.doc-base (revision 103)
+++ 2.0.4-dfsg-11/debian/lsh-doc.doc-base (nonexistent)
@@ -1,13 +0,0 @@
-Document: lsh
-Title: LSH documentation
-Author: Niels Möller
-Abstract: This document describes `lsh' and related programs.
-Section: Network/Remote Access
-
-Format: HTML
-Index: /usr/share/doc/lsh-doc/lsh.html
-Files: /usr/share/doc/lsh-doc/lsh.html
-
-Format: Info
-Index: /usr/share/info/lsh.info.gz
-Files: /usr/share/info/lsh.info.gz
Index: 2.0.4-dfsg-11/debian/watch
===================================================================
--- 2.0.4-dfsg-11/debian/watch (revision 103)
+++ 2.0.4-dfsg-11/debian/watch (nonexistent)
@@ -1,5 +0,0 @@
-# use the newest watch file format.
-version=3
-# Site+Directory Pattern Version Script
-opts=dversionmangle=s/-dfsg$// \
-ftp://ftp.lysator.liu.se/pub/security/lsh/lsh-([^-]*)\.tar\.gz debian uupdate
Index: 2.0.4-dfsg-11/debian/lsh-client.install
===================================================================
--- 2.0.4-dfsg-11/debian/lsh-client.install (revision 103)
+++ 2.0.4-dfsg-11/debian/lsh-client.install (nonexistent)
@@ -1,4 +0,0 @@
-usr/bin/lsh
-usr/bin/lshg
-usr/bin/lcp
-usr/bin/lsftp
Index: 2.0.4-dfsg-11/debian/copyright
===================================================================
--- 2.0.4-dfsg-11/debian/copyright (revision 103)
+++ 2.0.4-dfsg-11/debian/copyright (nonexistent)
@@ -1,45 +0,0 @@
-This package was debianized by Timshel Knoll <timshel@debian.org> on
-Thu, 25 May 2000 13:13:39 +1000. Package based on initial work by
-Robert Bihlmeyer <robbe@orcus.priv.at>
-
-It was downloaded from ftp://ftp.lysator.liu.se/pub/security/lsh/
-
-The original upstream tarball has been repacked because it bundles
-Nettle 1.14 (actually a snapshot between 1.14 and 1.15), which
-contains a non-free RFC.
-
-Upstream Authors: Niels Möller <nisse@lysator.liu.se>
- Balázs Scheidler
- Many others, too numerous to list here. See the file
- `/usr/share/doc/lsh-utils/AUTHORS' for a more complete list of
- the authors and licenses the of various lsh components.
-
-Copyright:
-
- Copyright (C) 1999 Niels Möller
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
-
-On Debian GNU/Linux systems, the complete text of the GNU General
-Public License can be found in `/usr/share/common-licenses/GPL'.
-
-Some of the components of lsh are licensed under the GNU Lesser
-General Public License (LGPL) which can be found (on Debian GNU
-systems) in the file `/usr/share/common-licenses/LGPL'
-
-Other components of lsh are from the public domain. For a more
-complete list of the authors and licenses of various components
-within lsh, see the file `/usr/share/doc/lsh-utils/AUTHORS'
-
-The Debian patch debian/patches/blacklist.dpatch contains code from
-the openssh package, apparently written by Colin Watson (cjwatson) and
-released under a BSD license.
Index: 2.0.4-dfsg-11/debian/lsh-utils.docs
===================================================================
--- 2.0.4-dfsg-11/debian/lsh-utils.docs (revision 103)
+++ 2.0.4-dfsg-11/debian/lsh-utils.docs (nonexistent)
@@ -1 +0,0 @@
-AUTHORS
Index: 2.0.4-dfsg-11/debian/lsh-server.postinst
===================================================================
--- 2.0.4-dfsg-11/debian/lsh-server.postinst (revision 103)
+++ 2.0.4-dfsg-11/debian/lsh-server.postinst (nonexistent)
@@ -1,168 +0,0 @@
-#!/bin/sh
-# postinst script for lsh-server
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * <postinst> `configure' <most-recently-configured-version>
-# * <old-postinst> `abort-upgrade' <new version>
-# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
-# <new-version>
-# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
-# <failed-install-package> <version> `removing'
-# <conflicting-package> <version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-#
-# quoting from the policy:
-# Any necessary prompting should almost always be confined to the
-# post-installation script, and should be protected with a conditional
-# so that unnecessary prompting doesn't happen if a package's
-# installation fails and the `postinst' is called with `abort-upgrade',
-# `abort-remove' or `abort-deconfigure'.
-
-create_seed_and_key() {
- RANDOM_SEED="/var/spool/lsh/yarrow-seed-file"
- HOST_KEY="/etc/lsh_host_key"
- OPENSSH_HOST_KEY="/etc/ssh/ssh_host_rsa_key"
-
- if [ ! -f "$RANDOM_SEED" ]; then
- echo -n "Creating lsh random seed file (this may take a while) ..."
- DIR=$(dirname "$RANDOM_SEED")
- if install -d -m 700 "$DIR" &&
- dd if=/dev/random "of=$RANDOM_SEED" bs=1 count=32 2>/dev/null &&
- chmod 600 "$RANDOM_SEED"; then
- echo " done."
- else
- echo " failed!"
- return 1
- fi
- fi
-
- if [ ! -f "$HOST_KEY" ]; then
- if [ -r "$OPENSSH_HOST_KEY" ]; then
- echo -n "Converting existing OpenSSH RSA host key ... "
- if pkcs1-conv < "$OPENSSH_HOST_KEY" \| lsh-writekey --server &&
- [ -f "$HOST_KEY" -a -f "$HOST_KEY.pub" ]; then
- chmod +r "$HOST_KEY.pub"
- echo "done."
- return 0
- fi
- rm -f "$HOST_KEY" "$HOST_KEY.pub"
- echo "failed. Will generate a new key instead."
- fi
- echo -n "Creating lsh host key ... "
- if lsh-keygen --server \| lsh-writekey --server &&
- [ -f "$HOST_KEY" -a -f "$HOST_KEY.pub" ]; then
- chmod +r "$HOST_KEY.pub"
- echo "done."
- else
- echo "failed!"
- return 1
- fi
- fi
- return 0
-}
-
-LSHD_DEFAULTS=/etc/default/lsh-server
-
-case "$1" in
- configure)
-
- # This needs to be fixed. If we do stuff this way, strange things will
- # happen ... the user can specify stuff to debconf and old options can
- # still be written to the config file :-(
- # First, get default options
- #[ -e "$LSHD_DEFAULTS" ] && . "$LSHD_DEFAULTS"
-
- # Fall back to default options if necessary
- LSHD_PORT=${LSHD_PORT:-2222}
- ENABLE_SFTP=${ENABLE_SFTP:-false}
-
- # Make sure ENABLE_SFTP is either "true" or "false", set up option
- case "$ENABLE_SFTP" in
- true\|TRUE\|y\|Y)
- ENABLE_SFTP=true
- ;;
- *)
- ENABLE_SFTP=false
- ;;
- esac
-
- . /usr/share/debconf/confmodule
-
- db_get "lsh-server/lshd_port"; LSHD_PORT="$RET"
- db_get "lsh-server/sftp"; ENABLE_SFTP="$RET"
- db_get "lsh-server/extra_args"; EXTRA_ARGS="$RET"
- exec 3>&-
-
- # OK, now make the config file
-
- cat <<"EOF" >"$LSHD_DEFAULTS"
-# Configuration file generated by lsh-server.postinst.
-# You can change the lsh-server configuration either by editing
-# this file, or by running dpkg-reconfigure lsh-server.
-#
-EOF
-
- echo "LSHD_PORT=\"$LSHD_PORT\"" >>"$LSHD_DEFAULTS"
- echo "ENABLE_SFTP=\"$ENABLE_SFTP\"" >> "$LSHD_DEFAULTS"
- echo "EXTRA_ARGS=\"$EXTRA_ARGS\"" >> "$LSHD_DEFAULTS"
-
- # Versions before 2.0.1cdbs-4 have a security issue, therefore
- # have the random seed regenerated.
- if [ "$2" ] && [ -e "/var/spool/lsh/yarrow-seed-file" ] \
- && dpkg --compare-versions "$2" lt "2.0.1cdbs-4"; then
- echo " Removing /var/spool/lsh/yarrow-seed-file, because of you are upgrading from a"
- echo " version with a known security bug, so we can't trust the seed any more."
- echo " It will be automatically regenerated from /dev/random."
- rm /var/spool/lsh/yarrow-seed-file
- fi
-
- # Disable ssh if needed
- if [ "$LSHD_PORT" -eq 22 ] ; then
- if [ ! -d /etc/ssh ] ; then
- mkdir -p /etc/ssh
- fi
-
- file=/etc/ssh/sshd_not_to_be_run
- if [ ! -f "$file" ] ; then
-# stop ssh from starting at bootup
- cat <<"EOF" >"$file"
-LSH_SERVER_CONFIG_GENERATED
-# Generated by lsh-server.postinst
-# Please don't remove this file unless you have first disabled lsh, and don't
-# change the first line ... otherwise lsh-server won't recognise it!!!
-EOF
-
- if [ -x "/etc/init.d/ssh" ]; then
- if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
- invoke-rc.d ssh stop \|\| true
- else
- /etc/init.d/ssh stop \|\| true
- fi
- fi
- fi
- fi
-
- create_seed_and_key
- ;;
-
- abort-upgrade\|abort-remove\|abort-deconfigure)
-
- ;;
-
- *)
- echo "postinst called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts
-
-#DEBHELPER#
-
-exit 0
Index: 2.0.4-dfsg-11/debian/NEWS
===================================================================
--- 2.0.4-dfsg-11/debian/NEWS (revision 103)
+++ 2.0.4-dfsg-11/debian/NEWS (nonexistent)
@@ -1,26 +0,0 @@
-lsh-utils (2.0.1cdbs-4) unstable; urgency=low
-
- lsh-server now automatically generates it's random seed file, if it's not
- already existant.
-
- I personally don't see a reason for the lsh-make-seed command, the
- lsh-server init script now uses dd to get 32 bytes of random data out of
- /dev/random.
-
- If thats not ok to you, feel free to use lsh-make-seed instead and have
- /var/spool/lsh/yarrow-seed-file regenerated.
-
- -- Stefan Pfetzing <dreamind@dreamind.de> Thu, 19 Jan 2006 01:08:16 +0100
-
-lsh-utils (2.0.1-6) unstable; urgency=low
-
- To make the current maintenance situation easier, 'lshc' has been again
- renamed to it's original name 'lsh'.
-
- So please switch from now on to using 'lsh' instead of 'lshc'.
-
- As for your convenience a small script named 'lshc', which simply notifies
- you about the name change and afterwards executing 'lsh' is included.
-
- -- Stefan Pfetzing <dreamind@dreamind.de> Tue, 15 Nov 2005 05:44:46 +0100
-
Index: 2.0.4-dfsg-11/debian/lsh-server.postrm
===================================================================
--- 2.0.4-dfsg-11/debian/lsh-server.postrm (revision 103)
+++ 2.0.4-dfsg-11/debian/lsh-server.postrm (nonexistent)
@@ -1,74 +0,0 @@
-#!/bin/sh
-# postrm script for lsh-server
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-# * <postrm> `remove'
-# * <postrm> `purge'
-# * <old-postrm> `upgrade' <new-version>
-# * <new-postrm> `failed-upgrade' <old-version>
-# * <new-postrm> `abort-install'
-# * <new-postrm> `abort-install' <old-version>
-# * <new-postrm> `abort-upgrade' <old-version>
-# * <disappearer's-postrm> `disappear' <r>overwrit>r> <new-version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-if [ -f /usr/share/debconf/confmodule ] ; then
- . /usr/share/debconf/confmodule
-
- db_get "lsh-server/purge_hostkey" \|\| true
-
- PURGE_HOSTKEYS="$RET"
-fi
-
-case "$1" in
- purge\|remove\|upgrade\|failed-upgrade\|abort-install\|abort-upgrade\|disappear)
-
- for file in /etc/ssh/NOSERVER /etc/ssh/sshd_not_to_be_run ; do
- if [ -e "$file" ] && \
- grep -q '^LSH_SERVER_CONFIG_GENERATED$' "$file" ; then
- rm -f "$file"
- fi
- done
-
- # Try to remove ssh directory - if ssh is purged we should be
- # able to do this ...
- if [ -d "/etc/ssh" ] ; then
- rmdir --ignore-fail-on-non-empty /etc/ssh
- fi
-
- # Try to remove the random seed file.
- if [ "$1" = "purge" ] && [ -e "/var/spool/lsh/yarrow-seed-file" ] ; then
- rm -f /var/spool/lsh/yarrow-seed-file
- rmdir --ignore-fail-on-non-empty /var/spool/lsh
- fi
-
- ;;
-
- *)
- echo "postrm called with unknown argument \`$1'" >&2
- exit 1
- ;;
-esac
-
-if [ "$1" = "purge" ]; then
- case "$PURGE_HOSTKEYS" in
- true\|TRUE\|y\|Y\|"")
- rm -f /etc/lsh_host_key /etc/lsh_host_key.pub
- ;;
- esac
-
- # trash defaults file
- rm -f /etc/default/lsh-server
-fi
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts
-
-#DEBHELPER#
-
-exit 0
Index: 2.0.4-dfsg-11/debian
===================================================================
--- 2.0.4-dfsg-11/debian (revision 103)
+++ 2.0.4-dfsg-11/debian (nonexistent)

Subversion Repositories lsh

Compare Revisions

Ignore whitespace Rev 103 → Rev 102