Subversion Repositories lsh

Compare Revisions

Ignore whitespace Rev 127 → Rev 137

/tags/2.1-8/debian/NEWS
1,14 → 1,14
lsh-utils (2.0.1cdbs-4) unstable; urgency=low
 
lsh-server now automatically generates it's random seed file, if it's not
already existant.
lsh-server now automatically generates it's random seed file, if it
doesn't already exist.
 
I personally don't see a reason for the lsh-make-seed command, the
lsh-server init script now uses dd to get 32 bytes of random data out of
/dev/random.
 
If thats not ok to you, feel free to use lsh-make-seed instead and have
/var/spool/lsh/yarrow-seed-file regenerated.
If that's not ok to you, feel free to use lsh-make-seed instead and
have /var/spool/lsh/yarrow-seed-file regenerated.
 
-- Stefan Pfetzing <dreamind@dreamind.de> Thu, 19 Jan 2006 01:08:16 +0100
 
/tags/2.1-8/debian/changelog
1,3 → 1,29
lsh-utils (2.1-8) unstable; urgency=low
 
* Build with MIT Kerberos instead of Heimdal (Closes: #806266, #812813).
Note: the Kerberos password helper has limited functionality and is
not recommended to use.
 
-- Magnus Holmgren <holmgren@debian.org> Sun, 07 Feb 2016 21:11:10 +0100
 
lsh-utils (2.1-7) unstable; urgency=low
 
* nettle3.patch: fix pointer type mismatches, mainly changing length
variables from unsigned to size_t.
 
-- Magnus Holmgren <holmgren@debian.org> Wed, 03 Jun 2015 00:06:24 +0200
 
lsh-utils (2.1-6) unstable; urgency=low
 
* skip-argp.patch (new): Make sure we don't touch the embedded argp copy
when not needed. It fails to build with GCC 5, which defaults to C99,
which has different inline function rules, and we don't need it.
(Closes: #777990).
* nettle3.patch (new): Adapt to API changes in Nettle 3.0 using the
compat layer.
 
-- Magnus Holmgren <holmgren@debian.org> Tue, 02 Jun 2015 16:10:53 +0200
 
lsh-utils (2.1-5) unstable; urgency=low
 
* bsd_connreset_test_fail.patch (new): Fix random test failures on kFreeBSD.
/tags/2.1-8/debian/control
5,8 → 5,8
Uploaders: Stefan Pfetzing <dreamind@dreamind.de>
Standards-Version: 3.9.6
Build-Depends: dpkg-dev (>= 1.15.7), debhelper (>= 7), dh-autoreconf, dh-systemd (>= 1.5), automake,
libgmp-dev, zlib1g-dev | libz-dev, liboop-dev, libxau-dev, nettle-dev (>= 2.2~), nettle-bin,
texinfo (>= 4.2), heimdal-dev, libwrap0-dev | libwrap-dev,
libgmp-dev, zlib1g-dev | libz-dev, liboop-dev, libxau-dev, nettle-dev (>= 3.0~), nettle-bin,
texinfo (>= 4.2), libkrb5-dev, libwrap0-dev | libwrap-dev,
libpam0g-dev | libpam-dev, libreadline-dev, m4
Homepage: http://www.lysator.liu.se/~nisse/lsh/
 
/tags/2.1-8/debian/patches/mit-kerberos.patch
0,0 → 1,61
Description: Modify lsh-krb-checkpw to work with MIT Kerberos instead of Heimdal.
Building with the latest release of Heimdal (as of February 2016)
fails and their maintainers want to orphan it.
Bug: https://bugs.debian.org/812813
 
--- a/configure.ac
+++ b/configure.ac
@@ -475,7 +475,7 @@ if test x$enable_kerberos = xyes; then
LSH_CHECK_KRB_LIB(asn1, der_get_octet_string)
# Check for krb5_cc_gen_new too?
# krb5_verify_user_lrealm seems to be unique to heimdal
- LSH_CHECK_KRB_LIB(krb5, krb5_verify_user_lrealm,, [enable_kerberos=no])
+ LSH_CHECK_KRB_LIB(krb5, krb5_get_init_creds_password,, [enable_kerberos=no])
fi
AH_TEMPLATE([WITH_KERBEROS], [For kerberos])
--- a/src/lsh-krb-checkpw.c
+++ b/src/lsh-krb-checkpw.c
@@ -97,6 +97,8 @@ main(int argc, char **argv)
krb5_context context;
krb5_ccache ccache;
krb5_principal p;
+ krb5_creds creds;
+ krb5_principal server;
char *name;
char *pw;
@@ -121,18 +123,31 @@ main(int argc, char **argv)
if (krb5_init_context (&context))
die("krb5_init_context failed.");
- if (krb5_make_principal(context, &p, NULL, name, NULL))
- die("krb5_make_principal failed.");
+ if (krb5_parse_name(context, name, &p)) {
+ die("krb5_parse_name failed.");
+ }
+
+ if (krb5_get_init_creds_password(context, &creds, p, pw,
+ NULL, NULL, 0, NULL, NULL)) {
+ die("krb5_get_init_creds_password failed.");
+ }
+
+ if (krb5_verify_init_creds(context, &creds, server,
+ NULL, NULL, NULL)) {
+ die("krb5_verify_init_creds failed");
+ }
if (!krb5_kuserok(context, p, name))
die("krb5_kuserok doesn't know the user.");
+ /*
if (krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache))
die("krb5_cc_gen_new failed.");
if (krb5_verify_user_lrealm(context, p, ccache, pw, TRUE, NULL))
die("krb5_verify_user_lrealm failed.");
+ */
/* Authentication successful. */
/* TODO: Keep the credential cache in some way. Perhaps write it to
/tags/2.1-8/debian/patches/nettle3.patch
0,0 → 1,270
Description: Support Nettle 3.x
Author: Magnus Holmgren <holmgren@debian.org>
Forwarded: yes
 
--- a/src/spki/verify.c
+++ b/src/spki/verify.c
@@ -25,7 +25,7 @@
#endif
#include <nettle/bignum.h>
-#include <nettle/dsa.h>
+#include <nettle/dsa-compat.h>
#include <nettle/rsa.h>
#include "certificate.h"
@@ -74,7 +74,7 @@ spki_verify_dsa(const uint8_t *digest,
dsa_public_key_init(&dsa);
dsa_signature_init(&rs);
- res = (dsa_keypair_from_sexp_alist(&dsa, NULL,
+ res = (dsa_keypair_from_sexp_alist((struct dsa_params *)&dsa, dsa.y, NULL,
RSA_KEYSIZE_LIMIT, DSA_SHA1_Q_BITS, &key->sexp)
&& spki_parse_type(key)
&& dsa_signature_from_sexp(&rs, &signature->sexp, DSA_SHA1_Q_BITS)
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -322,7 +322,7 @@ make_cast128_cbc_instance(struct crypto_
? do_cast128_encrypt
: do_cast128_decrypt);
- cast128_set_key(&self->ctx.ctx, algorithm->key_size, key);
+ cast5_set_key(&self->ctx.ctx, algorithm->key_size, key);
CBC_SET_IV(&self->ctx, iv);
return(&self->super);
--- a/src/dsa.c
+++ b/src/dsa.c
@@ -28,7 +28,7 @@
#include <assert.h>
#include <nettle/bignum.h>
-#include <nettle/dsa.h>
+#include <nettle/dsa-compat.h>
#include <nettle/sexp.h>
#include <nettle/sha.h>
@@ -322,7 +322,7 @@ make_dsa_verifier(struct signature_algor
NEW(dsa_verifier, res);
init_dsa_verifier(res);
- if (dsa_keypair_from_sexp_alist(&res->key, NULL, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i))
+ if (dsa_keypair_from_sexp_alist((struct dsa_params *)&res->key, res->key.y, NULL, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i))
return &res->super;
KILL(res);
@@ -341,7 +341,7 @@ make_dsa_signer(struct signature_algorit
dsa_private_key_init(&res->key);
- if (dsa_keypair_from_sexp_alist(&verifier->key, &res->key, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i))
+ if (dsa_keypair_from_sexp_alist((struct dsa_params *)&verifier->key, verifier->key.y, res->key.x, DSA_MAX_BITS, DSA_SHA1_Q_BITS, i))
{
res->random = self->random;
res->verifier = verifier;
--- a/src/dummy.c
+++ b/src/dummy.c
@@ -41,84 +41,84 @@
#include "lsh.h"
/* Referenced by ssh_format.c */
-unsigned
+size_t
nettle_mpz_sizeinbase_256_s(const mpz_t x UNUSED)
{ abort(); }
-unsigned
+size_t
nettle_mpz_sizeinbase_256_u(const mpz_t x UNUSED)
{ abort(); }
void
-cbc_encrypt(void *ctx UNUSED, nettle_crypt_func f UNUSED,
- unsigned block_size UNUSED, uint8_t *iv UNUSED,
- unsigned length UNUSED, uint8_t *dst UNUSED,
+cbc_encrypt(const void *ctx UNUSED, nettle_cipher_func *f UNUSED,
+ size_t block_size UNUSED, uint8_t *iv UNUSED,
+ size_t length UNUSED, uint8_t *dst UNUSED,
const uint8_t *src UNUSED)
{ abort(); }
void
-cbc_decrypt(void *ctx UNUSED, nettle_crypt_func f UNUSED,
- unsigned block_size UNUSED, uint8_t *iv UNUSED,
- unsigned length UNUSED, uint8_t *dst UNUSED,
+cbc_decrypt(const void *ctx UNUSED, nettle_cipher_func *f UNUSED,
+ size_t block_size UNUSED, uint8_t *iv UNUSED,
+ size_t length UNUSED, uint8_t *dst UNUSED,
const uint8_t *src UNUSED)
{ abort(); }
void
-ctr_crypt(void *ctx UNUSED, nettle_crypt_func f UNUSED,
- unsigned block_size UNUSED, uint8_t *iv UNUSED,
- unsigned length UNUSED, uint8_t *dst UNUSED,
+ctr_crypt(const void *ctx UNUSED, nettle_cipher_func *f UNUSED,
+ size_t block_size UNUSED, uint8_t *iv UNUSED,
+ size_t length UNUSED, uint8_t *dst UNUSED,
const uint8_t *src UNUSED)
{ abort(); }
void
hmac_digest(const void *outer UNUSED, const void *inner UNUSED, void *state UNUSED,
const struct nettle_hash *hash UNUSED,
- unsigned length UNUSED, uint8_t *digest UNUSED)
+ size_t length UNUSED, uint8_t *digest UNUSED)
{ abort(); }
-unsigned
+size_t
sexp_vformat(struct nettle_buffer *buffer UNUSED,
const char *format UNUSED, va_list args UNUSED)
{ abort(); }
-unsigned
+size_t
sexp_transport_vformat(struct nettle_buffer *buffer UNUSED,
const char *format UNUSED, va_list args UNUSED)
{ abort(); }
int
sexp_transport_iterator_first(struct sexp_iterator *iterator UNUSED,
- unsigned length UNUSED, uint8_t *input UNUSED)
+ size_t length UNUSED, uint8_t *input UNUSED)
{ abort(); }
void
nettle_buffer_init_size(struct nettle_buffer *buffer UNUSED,
- unsigned length UNUSED, uint8_t *space UNUSED)
+ size_t length UNUSED, uint8_t *space UNUSED)
{ abort(); }
/* Referenced by lsh_string.c */
-uint8_t *
-memxor(uint8_t *dst UNUSED, const uint8_t *src UNUSED, size_t n UNUSED)
+void *
+memxor(void *dst UNUSED, const void *src UNUSED, size_t n UNUSED)
{ abort(); }
void
-nettle_mpz_get_str_256(unsigned length UNUSED, uint8_t *s UNUSED, const mpz_t x UNUSED)
+nettle_mpz_get_str_256(size_t length UNUSED, uint8_t *s UNUSED, const mpz_t x UNUSED)
{ abort(); }
void
base64_encode_init(struct base64_encode_ctx *ctx UNUSED)
{ abort(); }
-unsigned
+size_t
base64_encode_update(struct base64_encode_ctx *ctx UNUSED,
uint8_t *dst UNUSED,
- unsigned length UNUSED,
+ size_t length UNUSED,
const uint8_t *src UNUSED)
{ abort(); }
-unsigned
+size_t
base64_encode_final(struct base64_encode_ctx *ctx UNUSED,
uint8_t *dst UNUSED)
{ abort(); }
@@ -129,9 +129,9 @@ base64_decode_init(struct base64_decode_
int
base64_decode_update(struct base64_decode_ctx *ctx UNUSED,
- unsigned *dst_length UNUSED,
+ size_t *dst_length UNUSED,
uint8_t *dst UNUSED,
- unsigned src_length UNUSED,
+ size_t src_length UNUSED,
const uint8_t *src UNUSED)
{ abort(); }
@@ -142,7 +142,7 @@ base64_decode_final(struct base64_decode
/* Referenced by parse.c */
void
nettle_mpz_set_str_256_s(mpz_t x UNUSED,
- unsigned length UNUSED, const uint8_t *s UNUSED)
+ size_t length UNUSED, const uint8_t *s UNUSED)
{ abort(); }
/* Referenced by werror.c */
--- a/src/lsh-keygen.c
+++ b/src/lsh-keygen.c
@@ -39,7 +39,7 @@
#include <unistd.h>
#endif
-#include <nettle/dsa.h>
+#include <nettle/dsa-compat.h>
#include <nettle/rsa.h>
#include "crypto.h"
@@ -214,7 +214,7 @@ dsa_generate_key(struct randomness *r, u
assert(r->quality == RANDOM_GOOD);
- if (dsa_generate_keypair(&public, &private,
+ if (dsa_compat_generate_keypair(&public, &private,
r, lsh_random,
NULL, progress,
512 + 64 * level, DSA_SHA1_Q_BITS))
--- a/src/lsh_string.c
+++ b/src/lsh_string.c
@@ -367,10 +367,10 @@ lsh_string_format_sexp(int transport, co
{
struct lsh_string *s;
va_list args;
- unsigned length;
+ size_t length;
struct nettle_buffer buffer;
- unsigned (*vformat)(struct nettle_buffer *, const char *, va_list)
+ size_t (*vformat)(struct nettle_buffer *, const char *, va_list)
= transport ? sexp_transport_vformat : sexp_vformat;
va_start(args, format);
@@ -415,7 +415,7 @@ int
lsh_string_base64_decode(struct lsh_string *s)
{
struct base64_decode_ctx ctx;
- uint32_t done = s->length;
+ size_t done = s->length;
base64_decode_init(&ctx);
--- a/src/randomness.c
+++ b/src/randomness.c
@@ -35,7 +35,7 @@
/* Wrapper for using lsh's randomness generator with nettle
* functions. */
void
-lsh_random(void *x, unsigned length, uint8_t *data)
+lsh_random(void *x, size_t length, uint8_t *data)
{
CAST_SUBTYPE(randomness, r, x);
RANDOM(r, length, data);
--- a/src/randomness.h
+++ b/src/randomness.h
@@ -84,6 +84,6 @@ make_system_random(void);
/* Randomness function matching nettle's expectations. */
void
-lsh_random(void *x, unsigned length, uint8_t *data);
+lsh_random(void *x, size_t length, uint8_t *data);
#endif /* LSH_RANDOMNESS_H_INCLUDED */
--- a/src/sexp.c
+++ b/src/sexp.c
@@ -97,7 +97,7 @@ lsh_sexp_to_string(struct sexp_iterator
struct lsh_string *
lsh_sexp_copy(struct sexp_iterator *i)
{
- unsigned length;
+ size_t length;
const uint8_t *subexpr = sexp_iterator_subexpr(i, &length);
return subexpr ? ssh_format("%ls", length, subexpr) : NULL;
/tags/2.1-8/debian/patches/series
3,3 → 3,6
new-readline-completion-function-typedef.patch
rl_completion-segfault.patch
bsd_connreset_test_fail.patch
skip-argp.patch
nettle3.patch
mit-kerberos.patch
/tags/2.1-8/debian/patches/skip-argp.patch
0,0 → 1,65
Description: Make sure we don't touch the embedded argp copy when not needed
To avoid inline functions causing build failures under C99 standards
Author: Magnus Holmgren <holmgren@debian.org>
Bug-Debian: https://bugs.debian.org/777990
Forwarded: yes
 
--- a/configure.ac
+++ b/configure.ac
@@ -577,15 +577,18 @@ fi
# We don't use LIBOBJS for this, as the LIBOBJS are added to
# liblsh.a, and we can't add an archive to an archive.
+ARGP=""
LIBARGP=""
DOTDOT_LIBARGP=""
if test x$with_system_argp = xno ; then
+ ARGP="argp"
# FIXME: Perhaps it's better to use an absolute path?
LIBARGP="argp/libargp.a"
# Needed for linking in src/testsuite.
DOTDOT_LIBARGP="../argp/libargp.a"
fi
+AC_SUBST(ARGP)
AC_SUBST(LIBARGP)
AC_SUBST(DOTDOT_LIBARGP)
@@ -776,7 +779,9 @@ if test x$enable_ipv6 = xyes ; then
AC_DEFINE(WITH_IPV6)
fi
+if test x$with_system_argp = xno ; then
AC_CONFIG_SUBDIRS(src/argp)
+fi
AC_CONFIG_SUBDIRS(src/spki)
AC_CONFIG_SUBDIRS(src/sftp)
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1,6 +1,6 @@
# Process this file with automake to produce Makefile.in
-SUBDIRS = argp rsync scm sftp spki . testsuite
+SUBDIRS = @ARGP@ rsync scm sftp spki . testsuite
include .dist_classes
include .dist_headers
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -190,6 +190,7 @@ AC_DEFUN([LSH_LIB_ARGP],
ac_argp_save_LDFLAGS="$LDFLAGS"
ac_argp_ok=no
# First check if we can link with argp.
+ AH_TEMPLATE([HAVE_ARGP_PARSE], [Define if system has argp_parse()])
AC_SEARCH_LIBS(argp_parse, argp,
[ LSH_RPATH_FIX
AC_CACHE_CHECK([for working argp],
@@ -294,6 +295,7 @@ int main(int argc, char **argv)
if test x$lsh_cv_lib_argp_works = xyes ; then
ac_argp_ok=yes
+ AC_DEFINE(HAVE_ARGP_PARSE)
else
# Reset link flags
LIBS="$ac_argp_save_LIBS"