/trunk/debian/patches/series |
---|
1,2 → 1,10 |
nonettle.patch |
sftp-server-mansection.patch |
better-errmsg-when-dotlsh-missing.patch |
nettle-2.0.patch |
nettle-2.1.patch |
blacklist.patch |
terminate-on-connection-failure.patch |
ipv6-v6only.patch |
testsuite-mini-inetd-localhost.patch |
serpent-byteorder.patch |
/trunk/debian/patches/serpent-byteorder.patch |
---|
0,0 → 1,31 |
Author: Niels Möller <nisse@lysator.liu.se> |
Description: Correct Serpent test case that depended on broken Serpent implementation in Nettle < 2.2 |
Origin: upstream, http://cvs.lysator.liu.se/viewcvs/viewcvs.cgi/lsh/src/testsuite/serpent-test.c?root=lsh&r1=1.1&r2=1.2 |
=================================================================== |
RCS file: /cvsroot/lsh/lsh/src/testsuite/serpent-test.c,v |
retrieving revision 1.1 |
retrieving revision 1.2 |
diff -u -r1.1 -r1.2 |
--- lsh/src/testsuite/serpent-test.c 2002/03/05 11:55:41 1.1 |
+++ lsh/src/testsuite/serpent-test.c 2011/05/02 12:54:26 1.2 |
@@ -1,5 +1,8 @@ |
#include "testutils.h" |
+/* Note: In Nettle up to version 2.1, the serpent implementation did |
+ some broken byte reversal on input and output. This testcase will |
+ fail with old versions of nettle. */ |
int |
test_main(void) |
{ |
@@ -8,8 +11,8 @@ |
"0011223344556677 8899AABBCCDDEEFF"), |
H("0000000000000000 0000000000000000" |
"1111111111111111 1111111111111111"), |
- H("687a151886b6dc16 8d2b667c3b8d5226" |
- "e63a6c8b3009859c 8ee559565befb77e"), |
+ H("c170ed586cfda8fe 084f01ef04475883" |
+ "b9eb25819813023f 2938e97bdf4597c8"), |
H("0011223344556677 8899AABBCCDDEEFF")); |
SUCCESS(); |
} |
/trunk/debian/patches/testsuite-mini-inetd-localhost.patch |
---|
0,0 → 1,15 |
Description: Tell mini-inetd to bind to 127.0.0.1 instead of "localhost". |
When told to bind to "localhost", mini-inetd seems to bind to 255.255.255.255. |
Author: Magnus Holmgren <holmgren@debian.org> |
--- a/src/testsuite/functions.sh |
+++ b/src/testsuite/functions.sh |
@@ -155,7 +155,7 @@ spawn_lshg () { |
# at_connect local-port max-connections shell-command |
at_connect () { |
# sleep 1 # Allow some time for earlier processes to die |
- mini-inetd -m $2 -- localhost:$1 /bin/sh sh -c "$3" & |
+ mini-inetd -m $2 -- 127.0.0.1:$1 /bin/sh sh -c "$3" & |
at_exit "kill $!" |
} |
/trunk/debian/patches/nettle-2.1.patch |
---|
0,0 → 1,133 |
Author: Magnus Holmgren <holmgren@debian.org> |
Description: Adapt to Nettle 2.1 |
--- a/src/spki/verify.c |
+++ b/src/spki/verify.c |
@@ -75,11 +75,11 @@ spki_verify_dsa(const uint8_t *digest, |
dsa_signature_init(&rs); |
res = (dsa_keypair_from_sexp_alist(&dsa, NULL, |
- RSA_KEYSIZE_LIMIT, &key->sexp) |
+ RSA_KEYSIZE_LIMIT, DSA_SHA1_Q_BITS, &key->sexp) |
&& spki_parse_type(key) |
- && dsa_signature_from_sexp(&rs, &signature->sexp) |
+ && dsa_signature_from_sexp(&rs, &signature->sexp, DSA_SHA1_Q_BITS) |
&& spki_parse_type(signature) |
- && dsa_verify_digest(&dsa, digest, &rs)); |
+ && dsa_sha1_verify_digest(&dsa, digest, &rs)); |
dsa_signature_clear(&rs); |
dsa_public_key_clear(&dsa); |
--- a/src/dsa.c |
+++ b/src/dsa.c |
@@ -118,7 +118,7 @@ do_dsa_verify(struct verifier *c, int al |
&& (atom == ATOM_SSH_DSS) |
&& parse_string(&buffer, &buf_length, &buf) |
&& !(buf_length % 2) |
- && (buf_length <= (2 * DSA_Q_OCTETS)) |
+ && (buf_length <= (2 * DSA_SHA1_Q_OCTETS)) |
&& parse_eod(&buffer))) |
goto fail; |
@@ -143,8 +143,8 @@ do_dsa_verify(struct verifier *c, int al |
if (! (sexp_iterator_first(&i, signature_length, signature_data) |
&& sexp_iterator_enter_list(&i) |
&& sexp_iterator_assoc(&i, 2, names, values) |
- && nettle_mpz_set_sexp(sv.r, DSA_Q_BITS, &values[0]) |
- && nettle_mpz_set_sexp(sv.s, DSA_Q_BITS, &values[1])) ) |
+ && nettle_mpz_set_sexp(sv.r, DSA_SHA1_Q_BITS, &values[0]) |
+ && nettle_mpz_set_sexp(sv.s, DSA_SHA1_Q_BITS, &values[1])) ) |
goto fail; |
break; |
@@ -156,7 +156,7 @@ do_dsa_verify(struct verifier *c, int al |
sha1_init(&hash); |
sha1_update(&hash, length, msg); |
- res = dsa_verify(&self->key, &hash, &sv); |
+ res = dsa_sha1_verify(&self->key, &hash, &sv); |
fail: |
dsa_signature_clear(&sv); |
@@ -212,7 +212,7 @@ parse_ssh_dss_public(struct simple_buffe |
if (parse_bignum(buffer, res->key.p, DSA_MAX_OCTETS) |
&& (mpz_sgn(res->key.p) == 1) |
- && parse_bignum(buffer, res->key.q, DSA_Q_OCTETS) |
+ && parse_bignum(buffer, res->key.q, DSA_SHA1_Q_OCTETS) |
&& (mpz_sgn(res->key.q) == 1) |
&& (mpz_cmp(res->key.q, res->key.p) < 0) /* q < p */ |
&& parse_bignum(buffer, res->key.g, DSA_MAX_OCTETS) |
@@ -269,7 +269,7 @@ do_dsa_sign(struct signer *c, |
dsa_signature_init(&sv); |
sha1_init(&hash); |
sha1_update(&hash, msg_length, msg); |
- dsa_sign(&self->verifier->key, &self->key, |
+ dsa_sha1_sign(&self->verifier->key, &self->key, |
self->random, lsh_random, &hash, &sv); |
debug("do_dsa_sign: r = %xn, s = %xn\n", sv.r, sv.s); |
@@ -323,7 +323,7 @@ make_dsa_verifier(struct signature_algor |
NEW(dsa_verifier, res); |
init_dsa_verifier(res); |
- if (dsa_keypair_from_sexp_alist(&res->key, NULL, DSA_MAX_BITS, i)) |
+ if (dsa_keypair_from_sexp_alist(&res->key, NULL, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i)) |
return &res->super; |
KILL(res); |
@@ -342,7 +342,7 @@ make_dsa_signer(struct signature_algorit |
dsa_private_key_init(&res->key); |
- if (dsa_keypair_from_sexp_alist(&verifier->key, &res->key, DSA_MAX_BITS, i)) |
+ if (dsa_keypair_from_sexp_alist(&verifier->key, &res->key, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i)) |
{ |
res->random = self->random; |
res->verifier = verifier; |
--- a/src/crypto.c |
+++ b/src/crypto.c |
@@ -251,10 +251,6 @@ make_des3_cbc_instance(struct crypto_alg |
const uint8_t *key, const uint8_t *iv) |
{ |
NEW(des3_instance, self); |
- uint8_t pkey[DES3_KEY_SIZE]; |
- |
- /* Fix odd parity */ |
- des_fix_parity(DES3_KEY_SIZE, pkey, key); |
self->super.block_size = DES3_BLOCK_SIZE; |
self->super.crypt = ( (mode == CRYPTO_ENCRYPT) |
@@ -263,19 +259,13 @@ make_des3_cbc_instance(struct crypto_alg |
CBC_SET_IV(&self->ctx, iv); |
- if (des3_set_key(&self->ctx.ctx, pkey)) |
+ if (des3_set_key(&self->ctx.ctx, key)) |
return(&self->super); |
- |
- switch(self->ctx.ctx.status) |
+ else |
{ |
- case DES_BAD_PARITY: |
- fatal("Internal error! Bad parity in make_des3_instance.\n"); |
- case DES_WEAK_KEY: |
werror("Detected weak DES key.\n"); |
KILL(self); |
return NULL; |
- default: |
- fatal("Internal error!\n"); |
} |
} |
--- a/src/lsh-keygen.c |
+++ b/src/lsh-keygen.c |
@@ -217,7 +217,7 @@ dsa_generate_key(struct randomness *r, u |
if (dsa_generate_keypair(&public, &private, |
r, lsh_random, |
NULL, progress, |
- 512 + 64 * level)) |
+ 512 + 64 * level, DSA_SHA1_Q_BITS)) |
{ |
key = |
lsh_string_format_sexp(0, |
/trunk/debian/patches/better-errmsg-when-dotlsh-missing.patch |
---|
0,0 → 1,33 |
Author: Magnus Holmgren <holmgren@debian.org> |
Description: Show the intended error message when no seed file exists |
(instead of one about a locking error) |
diff -urNad trunk~/src/unix_random.c trunk/src/unix_random.c |
--- trunk~/src/unix_random.c 2006-01-23 18:47:10.000000000 +0100 |
+++ trunk/src/unix_random.c 2008-06-24 22:29:29.000000000 +0200 |
@@ -353,6 +353,15 @@ |
yarrow256_init(&self->yarrow, RANDOM_NSOURCES, self->sources); |
+ if (access(lsh_get_cstring(seed_file_name), F_OK) < 0) |
+ { |
+ werror("No seed file. Please create one by running\n"); |
+ werror("lsh-make-seed -o \"%S\".\n", seed_file_name); |
+ |
+ KILL(self); |
+ return NULL; |
+ } |
+ |
verbose("Reading seed-file `%S'\n", seed_file_name); |
self->lock |
@@ -374,8 +383,7 @@ |
self->seed_file_fd = open(lsh_get_cstring(seed_file_name), O_RDWR); |
if (self->seed_file_fd < 0) |
{ |
- werror("No seed file. Please create one by running\n"); |
- werror("lsh-make-seed -o \"%S\".\n", seed_file_name); |
+ werror("Could not open seed file \"%S\".\n", seed_file_name); |
KILL_RESOURCE(lock); |
KILL(self); |
Property changes: |
Added: svn:executable |
## -0,0 +1 ## |
+* |
\ No newline at end of property |
Index: terminate-on-connection-failure.patch |
=================================================================== |
--- terminate-on-connection-failure.patch (nonexistent) |
+++ terminate-on-connection-failure.patch (revision 90) |
@@ -0,0 +1,16 @@ |
+Author: Magnus Holmgren <holmgren@debian.org> |
+Description: Call exit() in lsh's default exception handler on EXC_IO_CONNECT |
+ Otherwise lsh won't terminate. |
+ |
+diff -urNad trunk~/src/lsh.c trunk/src/lsh.c |
+--- trunk~/src/lsh.c 2005-03-16 21:06:23.000000000 +0100 |
++++ trunk/src/lsh.c 2010-01-09 22:32:51.000000000 +0100 |
+@@ -959,6 +959,8 @@ |
+ *self->status = EXIT_FAILURE; |
+ |
+ werror("%z, (errno = %i)\n", e->msg, exc->error); |
++ if (e->type == EXC_IO_CONNECT) |
++ exit(*self->status); |
+ } |
+ else |
+ switch(e->type) |
/terminate-on-connection-failure.patch |
---|
Property changes: |
Added: svn:executable |
## -0,0 +1 ## |
+* |
\ No newline at end of property |
Index: nettle-2.0.patch |
=================================================================== |
--- nettle-2.0.patch (nonexistent) |
+++ nettle-2.0.patch (revision 90) |
@@ -0,0 +1,238 @@ |
+Author: Magnus Holmgren <holmgren@debian.org> |
+Description: Adapt to Nettle 2.0 |
+ |
+--- a/src/crypto.c |
++++ b/src/crypto.c |
+@@ -71,7 +71,7 @@ do_crypt_arcfour(struct crypto_instance |
+ assert(!(length % 8)); |
+ |
+ lsh_string_crypt(dst, di, src, si, length, |
+- (nettle_crypt_func) arcfour_crypt, &self->ctx); |
++ (nettle_crypt_func*) arcfour_crypt, &self->ctx); |
+ } |
+ |
+ static struct crypto_instance * |
+@@ -114,7 +114,7 @@ do_aes_cbc_encrypt(struct crypto_instanc |
+ |
+ lsh_string_cbc_encrypt(dst, di, src, si, length, |
+ AES_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) aes_encrypt, |
++ (nettle_crypt_func*) aes_encrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -128,7 +128,7 @@ do_aes_cbc_decrypt(struct crypto_instanc |
+ |
+ lsh_string_cbc_decrypt(dst, di, src, si, length, |
+ AES_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) aes_decrypt, |
++ (nettle_crypt_func*) aes_decrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -185,7 +185,7 @@ do_aes_ctr_crypt(struct crypto_instance |
+ |
+ lsh_string_ctr_crypt(dst, di, src, si, length, |
+ AES_BLOCK_SIZE, self->ctx.ctr, |
+- (nettle_crypt_func) aes_encrypt, |
++ (nettle_crypt_func*) aes_encrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -227,7 +227,7 @@ do_des3_encrypt(struct crypto_instance * |
+ |
+ lsh_string_cbc_encrypt(dst, di, src, si, length, |
+ DES3_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) des3_encrypt, |
++ (nettle_crypt_func*) des3_encrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -241,7 +241,7 @@ do_des3_decrypt(struct crypto_instance * |
+ |
+ lsh_string_cbc_decrypt(dst, di, src, si, length, |
+ DES3_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) des3_decrypt, |
++ (nettle_crypt_func*) des3_decrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -303,7 +303,7 @@ do_cast128_encrypt(struct crypto_instanc |
+ |
+ lsh_string_cbc_encrypt(dst, di, src, si, length, |
+ CAST128_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) cast128_encrypt, |
++ (nettle_crypt_func*) cast128_encrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -317,7 +317,7 @@ do_cast128_decrypt(struct crypto_instanc |
+ |
+ lsh_string_cbc_decrypt(dst, di, src, si, length, |
+ CAST128_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) cast128_decrypt, |
++ (nettle_crypt_func*) cast128_decrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -363,7 +363,7 @@ do_twofish_encrypt(struct crypto_instanc |
+ |
+ lsh_string_cbc_encrypt(dst, di, src, si, length, |
+ TWOFISH_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) twofish_encrypt, |
++ (nettle_crypt_func*) twofish_encrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -377,7 +377,7 @@ do_twofish_decrypt(struct crypto_instanc |
+ |
+ lsh_string_cbc_decrypt(dst, di, src, si, length, |
+ TWOFISH_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) twofish_decrypt, |
++ (nettle_crypt_func*) twofish_decrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -422,7 +422,7 @@ do_blowfish_encrypt(struct crypto_instan |
+ |
+ lsh_string_cbc_encrypt(dst, di, src, si, length, |
+ BLOWFISH_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) blowfish_encrypt, |
++ (nettle_crypt_func*) blowfish_encrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -436,7 +436,7 @@ do_blowfish_decrypt(struct crypto_instan |
+ |
+ lsh_string_cbc_decrypt(dst, di, src, si, length, |
+ BLOWFISH_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) blowfish_decrypt, |
++ (nettle_crypt_func*) blowfish_decrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -488,7 +488,7 @@ do_serpent_encrypt(struct crypto_instanc |
+ |
+ lsh_string_cbc_encrypt(dst, di, src, si, length, |
+ SERPENT_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) serpent_encrypt, |
++ (nettle_crypt_func*) serpent_encrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+@@ -502,7 +502,7 @@ do_serpent_decrypt(struct crypto_instanc |
+ |
+ lsh_string_cbc_decrypt(dst, di, src, si, length, |
+ SERPENT_BLOCK_SIZE, self->ctx.iv, |
+- (nettle_crypt_func) serpent_decrypt, |
++ (nettle_crypt_func*) serpent_decrypt, |
+ &self->ctx.ctx); |
+ } |
+ |
+--- a/src/lsh-make-seed.c |
++++ b/src/lsh-make-seed.c |
+@@ -1219,6 +1219,7 @@ main(int argc, char **argv) |
+ |
+ struct yarrow256_ctx yarrow; |
+ struct yarrow_source sources[NSOURCES]; |
++ uint8_t seed[YARROW256_SEED_FILE_SIZE]; |
+ |
+ argp_parse(&main_argp, argc, argv, 0, NULL, options); |
+ |
+@@ -1371,7 +1372,8 @@ main(int argc, char **argv) |
+ } |
+ } |
+ |
+- e = write_raw(fd, sizeof(yarrow.seed_file), yarrow.seed_file); |
++ yarrow256_random(&yarrow, sizeof(seed), seed); |
++ e = write_raw(fd, sizeof(seed), seed); |
+ |
+ if (e) |
+ { |
+--- a/src/unix_random.c |
++++ b/src/unix_random.c |
+@@ -81,6 +81,7 @@ write_seed_file(struct yarrow256_ctx *ct |
+ int fd) |
+ { |
+ const struct exception *e; |
++ uint8_t seed[YARROW256_SEED_FILE_SIZE]; |
+ |
+ if (lseek(fd, 0, SEEK_SET) < 0) |
+ { |
+@@ -88,7 +89,8 @@ write_seed_file(struct yarrow256_ctx *ct |
+ return 0; |
+ } |
+ |
+- e = write_raw(fd, YARROW256_SEED_FILE_SIZE, ctx->seed_file); |
++ yarrow256_random(ctx, sizeof(seed), seed); |
++ e = write_raw(fd, sizeof(seed), seed); |
+ |
+ if (e) |
+ { |
+@@ -183,17 +185,19 @@ update_seed_file(struct unix_random *sel |
+ { |
+ struct lsh_string *s = read_seed_file(self->seed_file_fd); |
+ |
+- write_seed_file(&self->yarrow, self->seed_file_fd); |
+- KILL_RESOURCE(lock); |
+- |
+ /* Mix in the old seed file, it might have picked up |
+ * some randomness. */ |
+ if (s) |
+ { |
++ self->yarrow.sources[RANDOM_SOURCE_NEW_SEED].next = YARROW_FAST; |
+ yarrow256_update(&self->yarrow, RANDOM_SOURCE_NEW_SEED, |
+ 0, STRING_LD(s)); |
+ lsh_string_free(s); |
++ yarrow256_fast_reseed(&self->yarrow); |
+ } |
++ |
++ write_seed_file(&self->yarrow, self->seed_file_fd); |
++ KILL_RESOURCE(lock); |
+ } |
+ } |
+ |
+--- a/src/Makefile.am |
++++ b/src/Makefile.am |
+@@ -113,7 +113,7 @@ lsh_krb_checkpw_LDADD=@KRB_LIBS@ |
+ |
+ lsh_execuv_LDADD= |
+ |
+-LDADD = liblsh.a spki/libspki.a -lnettle @LIBARGP@ |
++LDADD = liblsh.a spki/libspki.a -lnettle -lhogweed @LIBARGP@ |
+ |
+ # To avoid having to link lshg with nettle, link with dummy.o. |
+ |
+--- a/src/spki/testsuite/Makefile.am |
++++ b/src/spki/testsuite/Makefile.am |
+@@ -9,7 +9,7 @@ TS_ALL = $(TS_PROGS) $(TS_SH) |
+ |
+ noinst_PROGRAMS = $(TS_PROGS) |
+ |
+-LDADD = testutils.o ../libspki.a -lnettle |
++LDADD = testutils.o ../libspki.a -lnettle -lhogweed |
+ |
+ include .dist_cdsa |
+ |
+--- a/src/spki/tools/Makefile.am |
++++ b/src/spki/tools/Makefile.am |
+@@ -6,7 +6,7 @@ noinst_PROGRAMS = spki-check-signature s |
+ # that affects all programs. |
+ |
+ LDADD = misc.o getopt.o getopt1.o \ |
+- ../libspki.a -lnettle |
++ ../libspki.a -lnettle -lhogweed |
+ |
+ spki_make_signature_SOURCES = spki-make-signature.c sign.c |
+ spki_delegate_SOURCES = spki-delegate.c sign.c |
+--- a/src/testsuite/Makefile.am |
++++ b/src/testsuite/Makefile.am |
+@@ -34,7 +34,7 @@ noinst_PROGRAMS = $(TS_PROGS) |
+ # Workaround to get automake to keep dependencies for testutils.o |
+ EXTRA_PROGRAMS = testutils |
+ |
+-LDADD = testutils.o ../liblsh.a ../spki/libspki.a -lnettle \ |
++LDADD = testutils.o ../liblsh.a ../spki/libspki.a -lnettle -lhogweed \ |
+ $(DOTDOT_LIBARGP) |
+ |
+ include .dist_rapid7 |
Index: nonettle.patch |
=================================================================== |
--- nonettle.patch (nonexistent) |
+++ nonettle.patch (revision 90) |
@@ -0,0 +1,214 @@ |
+--- a/configure.ac |
++++ b/configure.ac |
+@@ -778,7 +778,6 @@ if test x$enable_ipv6 = xyes ; then |
+ fi |
+ |
+ AC_CONFIG_SUBDIRS(src/argp) |
+-AC_CONFIG_SUBDIRS(src/nettle) |
+ AC_CONFIG_SUBDIRS(src/spki) |
+ AC_CONFIG_SUBDIRS(src/sftp) |
+ |
+--- a/src/Makefile.am |
++++ b/src/Makefile.am |
+@@ -1,15 +1,12 @@ |
+ # Process this file with automake to produce Makefile.in |
+ |
+-SUBDIRS = argp rsync nettle scm sftp spki . testsuite |
++SUBDIRS = argp rsync scm sftp spki . testsuite |
+ |
+ include .dist_classes |
+ include .dist_headers |
+ |
+ BUILT_SOURCES = environ.h |
+ |
+-# Kludge needed for finding the nettle/nettle-types.h file in the build tree |
+-AM_CPPFLAGS = -I./nettle |
+- |
+ SCHEME = $(SCHEME_PROGRAM) -l $(srcdir)/scm/$(SCHEME_NAME)-compat.scm |
+ |
+ EXTRA_PROGRAMS = lsh-krb-checkpw lsh-pam-checkpw srp-gen |
+@@ -116,7 +113,7 @@ lsh_krb_checkpw_LDADD=@KRB_LIBS@ |
+ |
+ lsh_execuv_LDADD= |
+ |
+-LDADD = liblsh.a spki/libspki.a nettle/libnettle.a @LIBARGP@ |
++LDADD = liblsh.a spki/libspki.a -lnettle @LIBARGP@ |
+ |
+ # To avoid having to link lshg with nettle, link with dummy.o. |
+ |
+--- a/src/rsync/Makefile.am |
++++ b/src/rsync/Makefile.am |
+@@ -3,10 +3,6 @@ |
+ noinst_LIBRARIES = librsync.a |
+ noinst_HEADERS = rsync.h |
+ |
+-# Needed for finding the nettle include files in the source tree |
+-# and nettle-types.h in the build tree. |
+-AM_CPPFLAGS = -I$(srcdir)/.. -I../nettle |
+- |
+ librsync_a_SOURCES = generate.c receive.c checksum.c send.c |
+ |
+ |
+--- a/src/sftp/Makefile.am |
++++ b/src/sftp/Makefile.am |
+@@ -1,8 +1,5 @@ |
+ SUBDIRS = . testsuite |
+ |
+-# Needed for finding nettle-types.h in the build tree. |
+-AM_CPPFLAGS = -I.. |
+- |
+ AUTOMAKE_OPTIONS = foreign |
+ |
+ bin_PROGRAMS = lsftp |
+--- a/src/spki/Makefile.am |
++++ b/src/spki/Makefile.am |
+@@ -1,8 +1,5 @@ |
+ SUBDIRS = . tools testsuite |
+ |
+-# FIXME: Create a link to nettle directory instead? |
+-AM_CPPFLAGS = -I$(srcdir)/.. -I../nettle |
+- |
+ noinst_LIBRARIES = libspki.a |
+ # libspkiincludedir = $(includedir)/nettle |
+ |
+--- a/src/spki/testsuite/Makefile.am |
++++ b/src/spki/testsuite/Makefile.am |
+@@ -1,8 +1,4 @@ |
+ |
+-# FIXME: Create a link to nettle directory instead? |
+-AM_CPPFLAGS = -O0 -I$(top_srcdir) -I$(top_srcdir)/.. -I../../nettle |
+-AM_LDFLAGS = -L../../nettle |
+- |
+ TS_PROGS = principal-test date-test tag-test read-acl-test \ |
+ lookup-acl-test read-cert-test cdsa-reduce-test |
+ |
+--- a/src/spki/tools/Makefile.am |
++++ b/src/spki/tools/Makefile.am |
+@@ -1,16 +1,12 @@ |
+ noinst_PROGRAMS = spki-check-signature spki-make-signature \ |
+ spki-delegate spki-reduce |
+ |
+-# FIXME: Create a link to nettle directory instead? |
+-AM_CPPFLAGS = -I$(top_srcdir) -I$(top_srcdir)/.. -I../../nettle |
+-AM_LDFLAGS = -L.. -L../../nettle/ |
+- |
+ # libnettle.a and libspki.a are added at the end to make sure all |
+ # programs depend on it. It seems there's no DEPENDENCIES variable |
+ # that affects all programs. |
+ |
+ LDADD = misc.o getopt.o getopt1.o \ |
+- -lspki -lnettle ../libspki.a ../../nettle/libnettle.a |
++ ../libspki.a -lnettle |
+ |
+ spki_make_signature_SOURCES = spki-make-signature.c sign.c |
+ spki_delegate_SOURCES = spki-delegate.c sign.c |
+--- a/src/testsuite/Makefile.am |
++++ b/src/testsuite/Makefile.am |
+@@ -3,7 +3,7 @@ |
+ # -O0 is not recogniced on AIX |
+ # AM_CFLAGS = -O0 |
+ |
+-AM_CPPFLAGS = -I$(srcdir)/.. -I.. -I../nettle |
++AM_CPPFLAGS = -I$(srcdir)/.. |
+ |
+ TS_PROGS = arcfour-test aes-test blowfish-test cast128-test \ |
+ des-test \ |
+@@ -34,7 +34,7 @@ noinst_PROGRAMS = $(TS_PROGS) |
+ # Workaround to get automake to keep dependencies for testutils.o |
+ EXTRA_PROGRAMS = testutils |
+ |
+-LDADD = testutils.o ../liblsh.a ../spki/libspki.a ../nettle/libnettle.a \ |
++LDADD = testutils.o ../liblsh.a ../spki/libspki.a -lnettle \ |
+ $(DOTDOT_LIBARGP) |
+ |
+ include .dist_rapid7 |
+@@ -59,6 +59,6 @@ all: |
+ |
+ # sexp-conv may be dynamically linked |
+ check: $(TS_ALL) |
+- LD_LIBRARY_PATH="`pwd`/../nettle/.lib" srcdir=$(srcdir) \ |
++ srcdir=$(srcdir) \ |
+ $(srcdir)/run-tests $(TS_ALL) |
+ |
+--- a/src/spki/testsuite/check-signature-test |
++++ b/src/spki/testsuite/check-signature-test |
+@@ -1,7 +1,7 @@ |
+ #! /bin/sh |
+ |
+ conv () { |
+- echo "$1" | ../../nettle/tools/sexp-conv -s transport | tee test.in |
++ echo "$1" | sexp-conv -s transport | tee test.in |
+ } |
+ |
+ die () { |
+--- a/src/spki/testsuite/delegate-test |
++++ b/src/spki/testsuite/delegate-test |
+@@ -1,7 +1,7 @@ |
+ #! /bin/sh |
+ |
+ conv () { |
+- ../../nettle/tools/sexp-conv -s transport | tee test.in |
++ sexp-conv -s transport | tee test.in |
+ } |
+ |
+ die () { |
+@@ -12,7 +12,7 @@ die () { |
+ check_sexp () { |
+ file="$1" |
+ shift |
+- ../../nettle/tools/sexp-conv -s canonical > test.canonical || die "sexp-conv failed" |
++ sexp-conv -s canonical > test.canonical || die "sexp-conv failed" |
+ cmp "$file" test.canonical || die "$@" |
+ } |
+ |
+--- a/src/spki/testsuite/make-signature-test |
++++ b/src/spki/testsuite/make-signature-test |
+@@ -1,7 +1,7 @@ |
+ #! /bin/sh |
+ |
+ conv () { |
+- echo "$1" | ../../nettle/tools/sexp-conv -s transport | tee test.in |
++ echo "$1" | sexp-conv -s transport | tee test.in |
+ } |
+ |
+ die () { |
+@@ -10,7 +10,7 @@ die () { |
+ } |
+ |
+ echo foo | ../tools/spki-make-signature "$srcdir/key-1" \ |
+- | ../../nettle/tools/sexp-conv -s transport > test.in |
++ | sexp-conv -s transport > test.in |
+ |
+ echo foo | ../tools/spki-check-signature "`cat test.in`" \ |
+ || die "Valid signature failed" |
+--- a/src/spki/testsuite/reduce-test |
++++ b/src/spki/testsuite/reduce-test |
+@@ -3,7 +3,7 @@ |
+ # Test case from Oscar Cánovas Reverte |
+ |
+ conv () { |
+- ../../nettle/tools/sexp-conv -s transport |
++ sexp-conv -s transport |
+ } |
+ |
+ die () { |
+@@ -14,7 +14,7 @@ die () { |
+ check_sexp () { |
+ file="$1" |
+ shift |
+- ../../nettle/tools/sexp-conv -s canonical > test.canonical || die "sexp-conv failed" |
++ sexp-conv -s canonical > test.canonical || die "sexp-conv failed" |
+ cmp "$file" test.canonical || die "$@" |
+ } |
+ |
+--- a/src/testsuite/functions.sh |
++++ b/src/testsuite/functions.sh |
+@@ -9,7 +9,7 @@ set -e |
+ : ${LSH_YARROW_SEED_FILE:="$TEST_HOME/.lsh/yarrow-seed-file"} |
+ |
+ # For lsh-authorize |
+-: ${SEXP_CONV:="`pwd`/../nettle/tools/sexp-conv"} |
++: ${SEXP_CONV:="sexp-conv"} |
+ |
+ export LSH_YARROW_SEED_FILE SEXP_CONV |
+ |
Index: ipv6-v6only.patch |
=================================================================== |
--- ipv6-v6only.patch (nonexistent) |
+++ ipv6-v6only.patch (revision 90) |
@@ -0,0 +1,22 @@ |
+Author: Magnus Holmgren <holmgren@debian.org> |
+Description: Set the IPV6_V6ONLY socket option on AF_INET6 sockets |
+ Since lshd by default enumerates available address families and calls |
+ bind() once for each, conflicts will occur otherwise. |
+ |
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' trunk~/src/io.c trunk/src/io.c |
+--- trunk~/src/io.c 2006-01-23 18:49:58.000000000 +0100 |
++++ trunk/src/io.c 2010-07-27 02:17:04.000000000 +0200 |
+@@ -1690,6 +1690,13 @@ |
+ { |
+ int yes = 1; |
+ setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (char*)&yes, sizeof yes); |
++#if WITH_IPV6 && defined (IPV6_V6ONLY) |
++ if (local->sa_family == AF_INET6) |
++ { |
++ if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &yes, sizeof(yes)) < 0) |
++ werror("setsockopt IPV6_V6ONLY failed: %e.\n", errno); |
++ } |
++#endif |
+ } |
+ |
+ if (bind(s, local, length) < 0) |
/ipv6-v6only.patch |
---|
Property changes: |
Added: svn:executable |
## -0,0 +1 ## |
+* |
\ No newline at end of property |