Subversion Repositories lsh

Compare Revisions

Ignore whitespace Rev 104 → Rev 103

/trunk/debian/changelog
1,16 → 1,3
lsh-utils (2.1-1) unstable; urgency=low
 
* New upstream release.
* Upstream distribution no longer embeds old version of the Nettle
library containing non-free RFC document; drop nonettle.patch.
* Also drop better-errmsg-when-dotlsh-missing.patch, nettle-2.0.patch,
nettle-2.1.patch, terminate-on-connection-failure.patch,
ipv6-v6only.patch, and serpent-byteorder.patch, all incorporated
upstream; and testsuite-mini-inetd-localhost.patch, made unneeded by
new included version of mini-inetd.
 
-- Magnus Holmgren <holmgren@debian.org> Sun, 07 Jul 2013 18:46:50 +0200
 
lsh-utils (2.0.4-dfsg-11) unstable; urgency=low
 
* Review templates and package description by the debian-l10n-english team
/trunk/debian/patches/series
1,2 → 1,10
nonettle.patch
sftp-server-mansection.patch
better-errmsg-when-dotlsh-missing.patch
nettle-2.0.patch
nettle-2.1.patch
blacklist.patch
terminate-on-connection-failure.patch
ipv6-v6only.patch
testsuite-mini-inetd-localhost.patch
serpent-byteorder.patch
/trunk/debian/patches/serpent-byteorder.patch
0,0 → 1,31
Author: Niels Möller <nisse@lysator.liu.se>
Description: Correct Serpent test case that depended on broken Serpent implementation in Nettle < 2.2
Origin: upstream, http://cvs.lysator.liu.se/viewcvs/viewcvs.cgi/lsh/src/testsuite/serpent-test.c?root=lsh&r1=1.1&r2=1.2
 
===================================================================
RCS file: /cvsroot/lsh/lsh/src/testsuite/serpent-test.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- lsh/src/testsuite/serpent-test.c 2002/03/05 11:55:41 1.1
+++ lsh/src/testsuite/serpent-test.c 2011/05/02 12:54:26 1.2
@@ -1,5 +1,8 @@
#include "testutils.h"
+/* Note: In Nettle up to version 2.1, the serpent implementation did
+ some broken byte reversal on input and output. This testcase will
+ fail with old versions of nettle. */
int
test_main(void)
{
@@ -8,8 +11,8 @@
"0011223344556677 8899AABBCCDDEEFF"),
H("0000000000000000 0000000000000000"
"1111111111111111 1111111111111111"),
- H("687a151886b6dc16 8d2b667c3b8d5226"
- "e63a6c8b3009859c 8ee559565befb77e"),
+ H("c170ed586cfda8fe 084f01ef04475883"
+ "b9eb25819813023f 2938e97bdf4597c8"),
H("0011223344556677 8899AABBCCDDEEFF"));
SUCCESS();
}
/trunk/debian/patches/testsuite-mini-inetd-localhost.patch
0,0 → 1,15
Description: Tell mini-inetd to bind to 127.0.0.1 instead of "localhost".
When told to bind to "localhost", mini-inetd seems to bind to 255.255.255.255.
Author: Magnus Holmgren <holmgren@debian.org>
 
--- a/src/testsuite/functions.sh
+++ b/src/testsuite/functions.sh
@@ -155,7 +155,7 @@ spawn_lshg () {
# at_connect local-port max-connections shell-command
at_connect () {
# sleep 1 # Allow some time for earlier processes to die
- mini-inetd -m $2 -- localhost:$1 /bin/sh sh -c "$3" &
+ mini-inetd -m $2 -- 127.0.0.1:$1 /bin/sh sh -c "$3" &
at_exit "kill $!"
}
/trunk/debian/patches/nettle-2.1.patch
0,0 → 1,133
Author: Magnus Holmgren <holmgren@debian.org>
Description: Adapt to Nettle 2.1
 
--- a/src/spki/verify.c
+++ b/src/spki/verify.c
@@ -75,11 +75,11 @@ spki_verify_dsa(const uint8_t *digest,
dsa_signature_init(&rs);
res = (dsa_keypair_from_sexp_alist(&dsa, NULL,
- RSA_KEYSIZE_LIMIT, &key->sexp)
+ RSA_KEYSIZE_LIMIT, DSA_SHA1_Q_BITS, &key->sexp)
&& spki_parse_type(key)
- && dsa_signature_from_sexp(&rs, &signature->sexp)
+ && dsa_signature_from_sexp(&rs, &signature->sexp, DSA_SHA1_Q_BITS)
&& spki_parse_type(signature)
- && dsa_verify_digest(&dsa, digest, &rs));
+ && dsa_sha1_verify_digest(&dsa, digest, &rs));
dsa_signature_clear(&rs);
dsa_public_key_clear(&dsa);
--- a/src/dsa.c
+++ b/src/dsa.c
@@ -118,7 +118,7 @@ do_dsa_verify(struct verifier *c, int al
&& (atom == ATOM_SSH_DSS)
&& parse_string(&buffer, &buf_length, &buf)
&& !(buf_length % 2)
- && (buf_length <= (2 * DSA_Q_OCTETS))
+ && (buf_length <= (2 * DSA_SHA1_Q_OCTETS))
&& parse_eod(&buffer)))
goto fail;
@@ -143,8 +143,8 @@ do_dsa_verify(struct verifier *c, int al
if (! (sexp_iterator_first(&i, signature_length, signature_data)
&& sexp_iterator_enter_list(&i)
&& sexp_iterator_assoc(&i, 2, names, values)
- && nettle_mpz_set_sexp(sv.r, DSA_Q_BITS, &values[0])
- && nettle_mpz_set_sexp(sv.s, DSA_Q_BITS, &values[1])) )
+ && nettle_mpz_set_sexp(sv.r, DSA_SHA1_Q_BITS, &values[0])
+ && nettle_mpz_set_sexp(sv.s, DSA_SHA1_Q_BITS, &values[1])) )
goto fail;
break;
@@ -156,7 +156,7 @@ do_dsa_verify(struct verifier *c, int al
sha1_init(&hash);
sha1_update(&hash, length, msg);
- res = dsa_verify(&self->key, &hash, &sv);
+ res = dsa_sha1_verify(&self->key, &hash, &sv);
fail:
dsa_signature_clear(&sv);
@@ -212,7 +212,7 @@ parse_ssh_dss_public(struct simple_buffe
if (parse_bignum(buffer, res->key.p, DSA_MAX_OCTETS)
&& (mpz_sgn(res->key.p) == 1)
- && parse_bignum(buffer, res->key.q, DSA_Q_OCTETS)
+ && parse_bignum(buffer, res->key.q, DSA_SHA1_Q_OCTETS)
&& (mpz_sgn(res->key.q) == 1)
&& (mpz_cmp(res->key.q, res->key.p) < 0) /* q < p */
&& parse_bignum(buffer, res->key.g, DSA_MAX_OCTETS)
@@ -269,7 +269,7 @@ do_dsa_sign(struct signer *c,
dsa_signature_init(&sv);
sha1_init(&hash);
sha1_update(&hash, msg_length, msg);
- dsa_sign(&self->verifier->key, &self->key,
+ dsa_sha1_sign(&self->verifier->key, &self->key,
self->random, lsh_random, &hash, &sv);
debug("do_dsa_sign: r = %xn, s = %xn\n", sv.r, sv.s);
@@ -323,7 +323,7 @@ make_dsa_verifier(struct signature_algor
NEW(dsa_verifier, res);
init_dsa_verifier(res);
- if (dsa_keypair_from_sexp_alist(&res->key, NULL, DSA_MAX_BITS, i))
+ if (dsa_keypair_from_sexp_alist(&res->key, NULL, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i))
return &res->super;
KILL(res);
@@ -342,7 +342,7 @@ make_dsa_signer(struct signature_algorit
dsa_private_key_init(&res->key);
- if (dsa_keypair_from_sexp_alist(&verifier->key, &res->key, DSA_MAX_BITS, i))
+ if (dsa_keypair_from_sexp_alist(&verifier->key, &res->key, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i))
{
res->random = self->random;
res->verifier = verifier;
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -251,10 +251,6 @@ make_des3_cbc_instance(struct crypto_alg
const uint8_t *key, const uint8_t *iv)
{
NEW(des3_instance, self);
- uint8_t pkey[DES3_KEY_SIZE];
-
- /* Fix odd parity */
- des_fix_parity(DES3_KEY_SIZE, pkey, key);
self->super.block_size = DES3_BLOCK_SIZE;
self->super.crypt = ( (mode == CRYPTO_ENCRYPT)
@@ -263,19 +259,13 @@ make_des3_cbc_instance(struct crypto_alg
CBC_SET_IV(&self->ctx, iv);
- if (des3_set_key(&self->ctx.ctx, pkey))
+ if (des3_set_key(&self->ctx.ctx, key))
return(&self->super);
-
- switch(self->ctx.ctx.status)
+ else
{
- case DES_BAD_PARITY:
- fatal("Internal error! Bad parity in make_des3_instance.\n");
- case DES_WEAK_KEY:
werror("Detected weak DES key.\n");
KILL(self);
return NULL;
- default:
- fatal("Internal error!\n");
}
}
--- a/src/lsh-keygen.c
+++ b/src/lsh-keygen.c
@@ -217,7 +217,7 @@ dsa_generate_key(struct randomness *r, u
if (dsa_generate_keypair(&public, &private,
r, lsh_random,
NULL, progress,
- 512 + 64 * level))
+ 512 + 64 * level, DSA_SHA1_Q_BITS))
{
key =
lsh_string_format_sexp(0,
/trunk/debian/patches/better-errmsg-when-dotlsh-missing.patch
0,0 → 1,33
Author: Magnus Holmgren <holmgren@debian.org>
Description: Show the intended error message when no seed file exists
(instead of one about a locking error)
 
diff -urNad trunk~/src/unix_random.c trunk/src/unix_random.c
--- trunk~/src/unix_random.c 2006-01-23 18:47:10.000000000 +0100
+++ trunk/src/unix_random.c 2008-06-24 22:29:29.000000000 +0200
@@ -353,6 +353,15 @@
yarrow256_init(&self->yarrow, RANDOM_NSOURCES, self->sources);
+ if (access(lsh_get_cstring(seed_file_name), F_OK) < 0)
+ {
+ werror("No seed file. Please create one by running\n");
+ werror("lsh-make-seed -o \"%S\".\n", seed_file_name);
+
+ KILL(self);
+ return NULL;
+ }
+
verbose("Reading seed-file `%S'\n", seed_file_name);
self->lock
@@ -374,8 +383,7 @@
self->seed_file_fd = open(lsh_get_cstring(seed_file_name), O_RDWR);
if (self->seed_file_fd < 0)
{
- werror("No seed file. Please create one by running\n");
- werror("lsh-make-seed -o \"%S\".\n", seed_file_name);
+ werror("Could not open seed file \"%S\".\n", seed_file_name);
KILL_RESOURCE(lock);
KILL(self);
Property changes:
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: patches/terminate-on-connection-failure.patch
===================================================================
--- patches/terminate-on-connection-failure.patch (nonexistent)
+++ patches/terminate-on-connection-failure.patch (revision 103)
@@ -0,0 +1,16 @@
+Author: Magnus Holmgren <holmgren@debian.org>
+Description: Call exit() in lsh's default exception handler on EXC_IO_CONNECT
+ Otherwise lsh won't terminate.
+
+diff -urNad trunk~/src/lsh.c trunk/src/lsh.c
+--- trunk~/src/lsh.c 2005-03-16 21:06:23.000000000 +0100
++++ trunk/src/lsh.c 2010-01-09 22:32:51.000000000 +0100
+@@ -959,6 +959,8 @@
+ *self->status = EXIT_FAILURE;
+
+ werror("%z, (errno = %i)\n", e->msg, exc->error);
++ if (e->type == EXC_IO_CONNECT)
++ exit(*self->status);
+ }
+ else
+ switch(e->type)
/patches/terminate-on-connection-failure.patch
Property changes:
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: patches/nettle-2.0.patch
===================================================================
--- patches/nettle-2.0.patch (nonexistent)
+++ patches/nettle-2.0.patch (revision 103)
@@ -0,0 +1,238 @@
+Author: Magnus Holmgren <holmgren@debian.org>
+Description: Adapt to Nettle 2.0
+
+--- a/src/crypto.c
++++ b/src/crypto.c
+@@ -71,7 +71,7 @@ do_crypt_arcfour(struct crypto_instance
+ assert(!(length % 8));
+
+ lsh_string_crypt(dst, di, src, si, length,
+- (nettle_crypt_func) arcfour_crypt, &self->ctx);
++ (nettle_crypt_func*) arcfour_crypt, &self->ctx);
+ }
+
+ static struct crypto_instance *
+@@ -114,7 +114,7 @@ do_aes_cbc_encrypt(struct crypto_instanc
+
+ lsh_string_cbc_encrypt(dst, di, src, si, length,
+ AES_BLOCK_SIZE, self->ctx.iv,
+- (nettle_crypt_func) aes_encrypt,
++ (nettle_crypt_func*) aes_encrypt,
+ &self->ctx.ctx);
+ }
+
+@@ -128,7 +128,7 @@ do_aes_cbc_decrypt(struct crypto_instanc
+
+ lsh_string_cbc_decrypt(dst, di, src, si, length,
+ AES_BLOCK_SIZE, self->ctx.iv,
+- (nettle_crypt_func) aes_decrypt,
++ (nettle_crypt_func*) aes_decrypt,
+ &self->ctx.ctx);
+ }
+
+@@ -185,7 +185,7 @@ do_aes_ctr_crypt(struct crypto_instance
+
+ lsh_string_ctr_crypt(dst, di, src, si, length,
+ AES_BLOCK_SIZE, self->ctx.ctr,
+- (nettle_crypt_func) aes_encrypt,
++ (nettle_crypt_func*) aes_encrypt,
+ &self->ctx.ctx);
+ }
+
+@@ -227,7 +227,7 @@ do_des3_encrypt(struct crypto_instance *
+
+ lsh_string_cbc_encrypt(dst, di, src, si, length,
+ DES3_BLOCK_SIZE, self->ctx.iv,
+- (nettle_crypt_func) des3_encrypt,
++ (nettle_crypt_func*) des3_encrypt,
+ &self->ctx.ctx);
+ }
+
+@@ -241,7 +241,7 @@ do_des3_decrypt(struct crypto_instance *
+
+ lsh_string_cbc_decrypt(dst, di, src, si, length,
+ DES3_BLOCK_SIZE, self->ctx.iv,
+- (nettle_crypt_func) des3_decrypt,
++ (nettle_crypt_func*) des3_decrypt,
+ &self->ctx.ctx);
+ }
+
+@@ -303,7 +303,7 @@ do_cast128_encrypt(struct crypto_instanc
+
+ lsh_string_cbc_encrypt(dst, di, src, si, length,
+ CAST128_BLOCK_SIZE, self->ctx.iv,
+- (nettle_crypt_func) cast128_encrypt,
++ (nettle_crypt_func*) cast128_encrypt,
+ &self->ctx.ctx);
+ }
+
+@@ -317,7 +317,7 @@ do_cast128_decrypt(struct crypto_instanc
+
+ lsh_string_cbc_decrypt(dst, di, src, si, length,
+ CAST128_BLOCK_SIZE, self->ctx.iv,
+- (nettle_crypt_func) cast128_decrypt,
++ (nettle_crypt_func*) cast128_decrypt,
+ &self->ctx.ctx);
+ }
+
+@@ -363,7 +363,7 @@ do_twofish_encrypt(struct crypto_instanc
+
+ lsh_string_cbc_encrypt(dst, di, src, si, length,
+ TWOFISH_BLOCK_SIZE, self->ctx.iv,
+- (nettle_crypt_func) twofish_encrypt,
++ (nettle_crypt_func*) twofish_encrypt,
+ &self->ctx.ctx);
+ }
+
+@@ -377,7 +377,7 @@ do_twofish_decrypt(struct crypto_instanc
+
+ lsh_string_cbc_decrypt(dst, di, src, si, length,
+ TWOFISH_BLOCK_SIZE, self->ctx.iv,
+- (nettle_crypt_func) twofish_decrypt,
++ (nettle_crypt_func*) twofish_decrypt,
+ &self->ctx.ctx);
+ }
+
+@@ -422,7 +422,7 @@ do_blowfish_encrypt(struct crypto_instan
+
+ lsh_string_cbc_encrypt(dst, di, src, si, length,
+ BLOWFISH_BLOCK_SIZE, self->ctx.iv,
+- (nettle_crypt_func) blowfish_encrypt,
++ (nettle_crypt_func*) blowfish_encrypt,
+ &self->ctx.ctx);
+ }
+
+@@ -436,7 +436,7 @@ do_blowfish_decrypt(struct crypto_instan
+
+ lsh_string_cbc_decrypt(dst, di, src, si, length,
+ BLOWFISH_BLOCK_SIZE, self->ctx.iv,
+- (nettle_crypt_func) blowfish_decrypt,
++ (nettle_crypt_func*) blowfish_decrypt,
+ &self->ctx.ctx);
+ }
+
+@@ -488,7 +488,7 @@ do_serpent_encrypt(struct crypto_instanc
+
+ lsh_string_cbc_encrypt(dst, di, src, si, length,
+ SERPENT_BLOCK_SIZE, self->ctx.iv,
+- (nettle_crypt_func) serpent_encrypt,
++ (nettle_crypt_func*) serpent_encrypt,
+ &self->ctx.ctx);
+ }
+
+@@ -502,7 +502,7 @@ do_serpent_decrypt(struct crypto_instanc
+
+ lsh_string_cbc_decrypt(dst, di, src, si, length,
+ SERPENT_BLOCK_SIZE, self->ctx.iv,
+- (nettle_crypt_func) serpent_decrypt,
++ (nettle_crypt_func*) serpent_decrypt,
+ &self->ctx.ctx);
+ }
+
+--- a/src/lsh-make-seed.c
++++ b/src/lsh-make-seed.c
+@@ -1219,6 +1219,7 @@ main(int argc, char **argv)
+
+ struct yarrow256_ctx yarrow;
+ struct yarrow_source sources[NSOURCES];
++ uint8_t seed[YARROW256_SEED_FILE_SIZE];
+
+ argp_parse(&main_argp, argc, argv, 0, NULL, options);
+
+@@ -1371,7 +1372,8 @@ main(int argc, char **argv)
+ }
+ }
+
+- e = write_raw(fd, sizeof(yarrow.seed_file), yarrow.seed_file);
++ yarrow256_random(&yarrow, sizeof(seed), seed);
++ e = write_raw(fd, sizeof(seed), seed);
+
+ if (e)
+ {
+--- a/src/unix_random.c
++++ b/src/unix_random.c
+@@ -81,6 +81,7 @@ write_seed_file(struct yarrow256_ctx *ct
+ int fd)
+ {
+ const struct exception *e;
++ uint8_t seed[YARROW256_SEED_FILE_SIZE];
+
+ if (lseek(fd, 0, SEEK_SET) < 0)
+ {
+@@ -88,7 +89,8 @@ write_seed_file(struct yarrow256_ctx *ct
+ return 0;
+ }
+
+- e = write_raw(fd, YARROW256_SEED_FILE_SIZE, ctx->seed_file);
++ yarrow256_random(ctx, sizeof(seed), seed);
++ e = write_raw(fd, sizeof(seed), seed);
+
+ if (e)
+ {
+@@ -183,17 +185,19 @@ update_seed_file(struct unix_random *sel
+ {
+ struct lsh_string *s = read_seed_file(self->seed_file_fd);
+
+- write_seed_file(&self->yarrow, self->seed_file_fd);
+- KILL_RESOURCE(lock);
+-
+ /* Mix in the old seed file, it might have picked up
+ * some randomness. */
+ if (s)
+ {
++ self->yarrow.sources[RANDOM_SOURCE_NEW_SEED].next = YARROW_FAST;
+ yarrow256_update(&self->yarrow, RANDOM_SOURCE_NEW_SEED,
+ 0, STRING_LD(s));
+ lsh_string_free(s);
++ yarrow256_fast_reseed(&self->yarrow);
+ }
++
++ write_seed_file(&self->yarrow, self->seed_file_fd);
++ KILL_RESOURCE(lock);
+ }
+ }
+
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -113,7 +113,7 @@ lsh_krb_checkpw_LDADD=@KRB_LIBS@
+
+ lsh_execuv_LDADD=
+
+-LDADD = liblsh.a spki/libspki.a -lnettle @LIBARGP@
++LDADD = liblsh.a spki/libspki.a -lnettle -lhogweed @LIBARGP@
+
+ # To avoid having to link lshg with nettle, link with dummy.o.
+
+--- a/src/spki/testsuite/Makefile.am
++++ b/src/spki/testsuite/Makefile.am
+@@ -9,7 +9,7 @@ TS_ALL = $(TS_PROGS) $(TS_SH)
+
+ noinst_PROGRAMS = $(TS_PROGS)
+
+-LDADD = testutils.o ../libspki.a -lnettle
++LDADD = testutils.o ../libspki.a -lnettle -lhogweed
+
+ include .dist_cdsa
+
+--- a/src/spki/tools/Makefile.am
++++ b/src/spki/tools/Makefile.am
+@@ -6,7 +6,7 @@ noinst_PROGRAMS = spki-check-signature s
+ # that affects all programs.
+
+ LDADD = misc.o getopt.o getopt1.o \
+- ../libspki.a -lnettle
++ ../libspki.a -lnettle -lhogweed
+
+ spki_make_signature_SOURCES = spki-make-signature.c sign.c
+ spki_delegate_SOURCES = spki-delegate.c sign.c
+--- a/src/testsuite/Makefile.am
++++ b/src/testsuite/Makefile.am
+@@ -34,7 +34,7 @@ noinst_PROGRAMS = $(TS_PROGS)
+ # Workaround to get automake to keep dependencies for testutils.o
+ EXTRA_PROGRAMS = testutils
+
+-LDADD = testutils.o ../liblsh.a ../spki/libspki.a -lnettle \
++LDADD = testutils.o ../liblsh.a ../spki/libspki.a -lnettle -lhogweed \
+ $(DOTDOT_LIBARGP)
+
+ include .dist_rapid7
Index: patches/nonettle.patch
===================================================================
--- patches/nonettle.patch (nonexistent)
+++ patches/nonettle.patch (revision 103)
@@ -0,0 +1,214 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -778,7 +778,6 @@ if test x$enable_ipv6 = xyes ; then
+ fi
+
+ AC_CONFIG_SUBDIRS(src/argp)
+-AC_CONFIG_SUBDIRS(src/nettle)
+ AC_CONFIG_SUBDIRS(src/spki)
+ AC_CONFIG_SUBDIRS(src/sftp)
+
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -1,15 +1,12 @@
+ # Process this file with automake to produce Makefile.in
+
+-SUBDIRS = argp rsync nettle scm sftp spki . testsuite
++SUBDIRS = argp rsync scm sftp spki . testsuite
+
+ include .dist_classes
+ include .dist_headers
+
+ BUILT_SOURCES = environ.h
+
+-# Kludge needed for finding the nettle/nettle-types.h file in the build tree
+-AM_CPPFLAGS = -I./nettle
+-
+ SCHEME = $(SCHEME_PROGRAM) -l $(srcdir)/scm/$(SCHEME_NAME)-compat.scm
+
+ EXTRA_PROGRAMS = lsh-krb-checkpw lsh-pam-checkpw srp-gen
+@@ -116,7 +113,7 @@ lsh_krb_checkpw_LDADD=@KRB_LIBS@
+
+ lsh_execuv_LDADD=
+
+-LDADD = liblsh.a spki/libspki.a nettle/libnettle.a @LIBARGP@
++LDADD = liblsh.a spki/libspki.a -lnettle @LIBARGP@
+
+ # To avoid having to link lshg with nettle, link with dummy.o.
+
+--- a/src/rsync/Makefile.am
++++ b/src/rsync/Makefile.am
+@@ -3,10 +3,6 @@
+ noinst_LIBRARIES = librsync.a
+ noinst_HEADERS = rsync.h
+
+-# Needed for finding the nettle include files in the source tree
+-# and nettle-types.h in the build tree.
+-AM_CPPFLAGS = -I$(srcdir)/.. -I../nettle
+-
+ librsync_a_SOURCES = generate.c receive.c checksum.c send.c
+
+
+--- a/src/sftp/Makefile.am
++++ b/src/sftp/Makefile.am
+@@ -1,8 +1,5 @@
+ SUBDIRS = . testsuite
+
+-# Needed for finding nettle-types.h in the build tree.
+-AM_CPPFLAGS = -I..
+-
+ AUTOMAKE_OPTIONS = foreign
+
+ bin_PROGRAMS = lsftp
+--- a/src/spki/Makefile.am
++++ b/src/spki/Makefile.am
+@@ -1,8 +1,5 @@
+ SUBDIRS = . tools testsuite
+
+-# FIXME: Create a link to nettle directory instead?
+-AM_CPPFLAGS = -I$(srcdir)/.. -I../nettle
+-
+ noinst_LIBRARIES = libspki.a
+ # libspkiincludedir = $(includedir)/nettle
+
+--- a/src/spki/testsuite/Makefile.am
++++ b/src/spki/testsuite/Makefile.am
+@@ -1,8 +1,4 @@
+
+-# FIXME: Create a link to nettle directory instead?
+-AM_CPPFLAGS = -O0 -I$(top_srcdir) -I$(top_srcdir)/.. -I../../nettle
+-AM_LDFLAGS = -L../../nettle
+-
+ TS_PROGS = principal-test date-test tag-test read-acl-test \
+ lookup-acl-test read-cert-test cdsa-reduce-test
+
+--- a/src/spki/tools/Makefile.am
++++ b/src/spki/tools/Makefile.am
+@@ -1,16 +1,12 @@
+ noinst_PROGRAMS = spki-check-signature spki-make-signature \
+ spki-delegate spki-reduce
+
+-# FIXME: Create a link to nettle directory instead?
+-AM_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/.. -I../../nettle
+-AM_LDFLAGS = -L.. -L../../nettle/
+-
+ # libnettle.a and libspki.a are added at the end to make sure all
+ # programs depend on it. It seems there's no DEPENDENCIES variable
+ # that affects all programs.
+
+ LDADD = misc.o getopt.o getopt1.o \
+- -lspki -lnettle ../libspki.a ../../nettle/libnettle.a
++ ../libspki.a -lnettle
+
+ spki_make_signature_SOURCES = spki-make-signature.c sign.c
+ spki_delegate_SOURCES = spki-delegate.c sign.c
+--- a/src/testsuite/Makefile.am
++++ b/src/testsuite/Makefile.am
+@@ -3,7 +3,7 @@
+ # -O0 is not recogniced on AIX
+ # AM_CFLAGS = -O0
+
+-AM_CPPFLAGS = -I$(srcdir)/.. -I.. -I../nettle
++AM_CPPFLAGS = -I$(srcdir)/..
+
+ TS_PROGS = arcfour-test aes-test blowfish-test cast128-test \
+ des-test \
+@@ -34,7 +34,7 @@ noinst_PROGRAMS = $(TS_PROGS)
+ # Workaround to get automake to keep dependencies for testutils.o
+ EXTRA_PROGRAMS = testutils
+
+-LDADD = testutils.o ../liblsh.a ../spki/libspki.a ../nettle/libnettle.a \
++LDADD = testutils.o ../liblsh.a ../spki/libspki.a -lnettle \
+ $(DOTDOT_LIBARGP)
+
+ include .dist_rapid7
+@@ -59,6 +59,6 @@ all:
+
+ # sexp-conv may be dynamically linked
+ check: $(TS_ALL)
+- LD_LIBRARY_PATH="`pwd`/../nettle/.lib" srcdir=$(srcdir) \
++ srcdir=$(srcdir) \
+ $(srcdir)/run-tests $(TS_ALL)
+
+--- a/src/spki/testsuite/check-signature-test
++++ b/src/spki/testsuite/check-signature-test
+@@ -1,7 +1,7 @@
+ #! /bin/sh
+
+ conv () {
+- echo "$1" | ../../nettle/tools/sexp-conv -s transport | tee test.in
++ echo "$1" | sexp-conv -s transport | tee test.in
+ }
+
+ die () {
+--- a/src/spki/testsuite/delegate-test
++++ b/src/spki/testsuite/delegate-test
+@@ -1,7 +1,7 @@
+ #! /bin/sh
+
+ conv () {
+- ../../nettle/tools/sexp-conv -s transport | tee test.in
++ sexp-conv -s transport | tee test.in
+ }
+
+ die () {
+@@ -12,7 +12,7 @@ die () {
+ check_sexp () {
+ file="$1"
+ shift
+- ../../nettle/tools/sexp-conv -s canonical > test.canonical || die "sexp-conv failed"
++ sexp-conv -s canonical > test.canonical || die "sexp-conv failed"
+ cmp "$file" test.canonical || die "$@"
+ }
+
+--- a/src/spki/testsuite/make-signature-test
++++ b/src/spki/testsuite/make-signature-test
+@@ -1,7 +1,7 @@
+ #! /bin/sh
+
+ conv () {
+- echo "$1" | ../../nettle/tools/sexp-conv -s transport | tee test.in
++ echo "$1" | sexp-conv -s transport | tee test.in
+ }
+
+ die () {
+@@ -10,7 +10,7 @@ die () {
+ }
+
+ echo foo | ../tools/spki-make-signature "$srcdir/key-1" \
+- | ../../nettle/tools/sexp-conv -s transport > test.in
++ | sexp-conv -s transport > test.in
+
+ echo foo | ../tools/spki-check-signature "`cat test.in`" \
+ || die "Valid signature failed"
+--- a/src/spki/testsuite/reduce-test
++++ b/src/spki/testsuite/reduce-test
+@@ -3,7 +3,7 @@
+ # Test case from Oscar Cánovas Reverte
+
+ conv () {
+- ../../nettle/tools/sexp-conv -s transport
++ sexp-conv -s transport
+ }
+
+ die () {
+@@ -14,7 +14,7 @@ die () {
+ check_sexp () {
+ file="$1"
+ shift
+- ../../nettle/tools/sexp-conv -s canonical > test.canonical || die "sexp-conv failed"
++ sexp-conv -s canonical > test.canonical || die "sexp-conv failed"
+ cmp "$file" test.canonical || die "$@"
+ }
+
+--- a/src/testsuite/functions.sh
++++ b/src/testsuite/functions.sh
+@@ -9,7 +9,7 @@ set -e
+ : ${LSH_YARROW_SEED_FILE:="$TEST_HOME/.lsh/yarrow-seed-file"}
+
+ # For lsh-authorize
+-: ${SEXP_CONV:="`pwd`/../nettle/tools/sexp-conv"}
++: ${SEXP_CONV:="sexp-conv"}
+
+ export LSH_YARROW_SEED_FILE SEXP_CONV
+
Index: patches/ipv6-v6only.patch
===================================================================
--- patches/ipv6-v6only.patch (nonexistent)
+++ patches/ipv6-v6only.patch (revision 103)
@@ -0,0 +1,22 @@
+Author: Magnus Holmgren <holmgren@debian.org>
+Description: Set the IPV6_V6ONLY socket option on AF_INET6 sockets
+ Since lshd by default enumerates available address families and calls
+ bind() once for each, conflicts will occur otherwise.
+
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' trunk~/src/io.c trunk/src/io.c
+--- trunk~/src/io.c 2006-01-23 18:49:58.000000000 +0100
++++ trunk/src/io.c 2010-07-27 02:17:04.000000000 +0200
+@@ -1690,6 +1690,13 @@
+ {
+ int yes = 1;
+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char*)&yes, sizeof yes);
++#if WITH_IPV6 && defined (IPV6_V6ONLY)
++ if (local->sa_family == AF_INET6)
++ {
++ if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &yes, sizeof(yes)) < 0)
++ werror("setsockopt IPV6_V6ONLY failed: %e.\n", errno);
++ }
++#endif
+ }
+
+ if (bind(s, local, length) < 0)
/patches/ipv6-v6only.patch
Property changes:
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: copyright
===================================================================
--- copyright (revision 104)
+++ copyright (revision 103)
@@ -4,6 +4,10 @@
It was downloaded from ftp://ftp.lysator.liu.se/pub/security/lsh/
+The original upstream tarball has been repacked because it bundles
+Nettle 1.14 (actually a snapshot between 1.14 and 1.15), which
+contains a non-free RFC.
+
Upstream Authors: Niels Möller <nisse@lysator.liu.se>
Balázs Scheidler
Many others, too numerous to list here. See the file
@@ -36,6 +40,6 @@
complete list of the authors and licenses of various components
within lsh, see the file `/usr/share/doc/lsh-utils/AUTHORS'
-The Debian patch debian/patches/blacklist.patch contains code from
+The Debian patch debian/patches/blacklist.dpatch contains code from
the openssh package, apparently written by Colin Watson (cjwatson) and
released under a BSD license.