/trunk/debian/patches/disable_ssl3.patch |
---|
File deleted |
/trunk/debian/patches/series |
---|
6,4 → 6,3 |
template_sdk.patch |
no_db_version_check.patch |
hurd.patch |
disable_ssl3.patch |
/trunk/debian/patches/hurd.patch |
---|
11,17 → 11,3 |
# define SPT_TYPE SPT_REUSEARGV |
# define SPT_PADCHAR '\0' /* pad process title with nulls */ |
#elif (defined(BSD) && BSD >= 199306) |
--- a/accountd/authenticate.c |
+++ b/accountd/authenticate.c |
@@ -8,11 +8,7 @@ |
#include "accountd.h" |
-#ifdef BSD4_4 |
-#define HAVE_SHADOW 0 |
-#else |
#define HAVE_SHADOW 1 |
-#endif |
#include <pwd.h> |
#if HAVE_SHADOW |
/trunk/debian/patches/dlopen_templates.patch |
---|
50,12 → 50,12 |
-CFLAGS = $(BASECFLAGS) |
-LDFLAGS = $(BASELDFLAGS) |
+MYCFLAGS = $(BASECFLAGS) -fPIC |
+MYLDFLAGS = $(BASELDFLAGS) -fPIC |
+CFLAGS = $(BASECFLAGS) -fPIC |
+LDFLAGS = $(BASELDFLAGS) -fPIC |
+LDFLAGS_TEMPLATELIB = \ |
+ -Wl,--defsym=template_map=template_map_$(TYPE) \ |
+ -Wl,--defsym=template_map_count=template_map_$(TYPE)_count |
+MYLDFLAGS += $(LDFLAGS_TEMPLATELIB) |
+LDFLAGS += $(LDFLAGS_TEMPLATELIB) |
TYPE=cam |
64,22 → 64,19 |
T_FILES_FRONTEND=login.t login_hermes.t \ |
frontend_login_error.t frontend_security.t frontend_session.t \ |
@@ -111,8 +115,14 @@ templates.a: $(O_FILES) |
@@ -111,6 +115,12 @@ templates.a: $(O_FILES) |
rm -f templates.a |
ar q templates.a $(O_FILES) |
+$(TYPE)_frontend.so: $(O_FILES_FRONTEND) |
+ $(CC) $(MYLDFLAGS) -shared -o $@ $(O_FILES_FRONTEND) |
+ $(CC) $(LDFLAGS) -shared -o $@ $(O_FILES_FRONTEND) |
+ |
+$(TYPE).so: $(O_FILES) |
+ $(CC) $(MYLDFLAGS) -shared -o $@ $(O_FILES) |
+ $(CC) $(LDFLAGS) -shared -o $@ $(O_FILES) |
+ |
%.o: %.c Makefile |
- $(CC) $(CFLAGS) -I../../lib -c $< |
+ $(CC) $(MYCFLAGS) -I../../lib -c $< |
$(CC) $(CFLAGS) -I../../lib -c $< |
_template_index_frontend.c: |
../src/build_index.pl $(TYPE) $(T_FILES_FRONTEND) > _template_index_frontend.c |
@@ -129,6 +139,10 @@ install: |
cp *.t $(BROOT)$(PREFIX)/templates/$(TYPE) |
cp *.vars $(BROOT)$(PREFIX)/templates/$(TYPE) |
99,12 → 96,12 |
-CFLAGS = $(BASECFLAGS) |
-LDFLAGS = $(BASELDFLAGS) |
+MYCFLAGS = $(BASECFLAGS) -fPIC |
+MYLDFLAGS = $(BASELDFLAGS) -fPIC |
+CFLAGS = $(BASECFLAGS) -fPIC |
+LDFLAGS = $(BASELDFLAGS) -fPIC |
+LDFLAGS_TEMPLATELIB = \ |
+ -Wl,--defsym=template_map=template_map_$(TYPE) \ |
+ -Wl,--defsym=template_map_count=template_map_$(TYPE)_count |
+MYLDFLAGS += $(LDFLAGS_TEMPLATELIB) |
+LDFLAGS += $(LDFLAGS_TEMPLATELIB) |
TYPE=old |
113,22 → 110,19 |
T_FILES_FRONTEND=login.t \ |
frontend_login_error.t frontend_security.t frontend_session.t \ |
@@ -110,8 +114,14 @@ templates.a: $(O_FILES) |
@@ -110,6 +114,12 @@ templates.a: $(O_FILES) |
rm -f templates.a |
ar q templates.a $(O_FILES) |
+$(TYPE)_frontend.so: $(O_FILES_FRONTEND) |
+ $(CC) $(MYLDFLAGS) -shared -o $@ $(O_FILES_FRONTEND) |
+ $(CC) $(LDFLAGS) -shared -o $@ $(O_FILES_FRONTEND) |
+ |
+$(TYPE).so: $(O_FILES) |
+ $(CC) $(MYLDFLAGS) -shared -o $@ $(O_FILES) |
+ $(CC) $(LDFLAGS) -shared -o $@ $(O_FILES) |
+ |
%.o: %.c Makefile |
- $(CC) $(CFLAGS) -I../../lib -c $< |
+ $(CC) $(MYCFLAGS) -I../../lib -c $< |
$(CC) $(CFLAGS) -I../../lib -c $< |
_template_index_frontend.c: |
../src/build_index.pl $(TYPE) $(T_FILES_FRONTEND) > _template_index_frontend.c |
@@ -128,6 +138,10 @@ install: |
cp *.t $(BROOT)$(PREFIX)/templates/$(TYPE) |
cp *.vars $(BROOT)$(PREFIX)/templates/$(TYPE) |
187,9 → 181,9 |
endif |
-PRAYER_LIBS = $(BASE_LIBS) $(SERVER_SSL_LIBS) |
-SESSION_LIBS = $(CCLIENT_LIBS) $(BASE_LIBS) |
-SESSION_LIBS = $(BASE_LIBS) $(CCLIENT_LIBS) |
+PRAYER_LIBS = $(BASE_LIBS) $(SERVER_SSL_LIBS) -ldl |
+SESSION_LIBS = $(CCLIENT_LIBS) $(BASE_LIBS) -ldl |
+SESSION_LIBS = $(BASE_LIBS) $(CCLIENT_LIBS) -ldl |
# Add SSL if c-client needs SSL |
ifeq ($(strip $(CCLIENT_SSL_ENABLE)), true) |
223,7 → 217,7 |
ifeq ($(strip $(ACCOUNTD_ENABLE)), true) |
--- a/servers/session_exchange.c |
+++ b/servers/session_exchange.c |
@@ -146,6 +146,8 @@ BOOL session_exchange(struct session * s |
@@ -144,6 +144,8 @@ BOOL session_exchange(struct session * s |
else |
template_set = config->template_set; /* Safe default */ |
/trunk/debian/patches/makefile_install_config.patch |
---|
87,17 → 87,17 |
# EGD socket, if system has no /dev/urandom |
#egd_socket = "/var/prngd/urandom" |
@@ -374,13 +375,15 @@ sendmail_path = /usr/lib/sendmail |
@@ -376,13 +364,15 @@ sendmail_path = /usr/lib/sendmail |
ispell_path = /usr/bin/ispell |
# Message of the day file |
-motd_path = "$prefix/etc/motd.html" |
- |
-# HTML to insert into login page |
-#login_insert1_path = "$prefix/etc/ucsnews.html" |
+#motd_path = "/etc/prayer/motd.html" |
-# HTML to insert into login page |
-#login_insert1_path = "$prefix/etc/ucsnews.html" |
- |
-# HTML to insert into login page |
-#login_insert2_path = "$prefix/etc/ucsnews.html" |
+# HTML to make available to login template as $login_insert1 |
+# (only used in "cam" template set). |
109,7 → 109,7 |
# Login security: Prayer's front page defaults to a login form. |
# If the user does not connect via SSL then this can be changed |
@@ -409,10 +412,11 @@ bin_dir = "__BIN_DIR__" |
@@ -411,10 +401,11 @@ bin_dir = "__BIN_DIR__" |
# Various directories used by the running system |
# Logs stored in $log_dir |
123,7 → 123,7 |
# $socket_dir is location for unix domain sockets which connect frontend |
# to backend in proxy mode of operation. |
@@ -420,7 +424,7 @@ socket_dir = "$var_prefix/socke |
@@ -422,7 +413,7 @@ socket_dir = "$var_prefix/socke |
# Split socket directory into 64 subdirs keyed on first letter of sessionID |
# Code provides compatibility in both directions: can switch back and forward |
132,7 → 132,7 |
# Name of Unix domain socket (in $socket_dir) used for initial handshake |
# between prayer and prayer-session processes when a user logs in |
@@ -434,7 +438,7 @@ ssl_session_dir = "$var_prefix/ssl_s |
@@ -436,7 +427,7 @@ ssl_session_dir = "$var_prefix/ssl_s |
tmp_dir = "$var_prefix/tmp" |
# Location for PID files for prayer and prayer-session master processes. |
141,7 → 141,7 |
# Interface to Hermes finger database |
#lookup_rpasswd = "/data/finger/rpasswd.cdb" |
@@ -452,7 +456,7 @@ pid_dir = "$var_prefix/pid" |
@@ -454,7 +445,7 @@ pid_dir = "$var_prefix/pid" |
# Template stuff |
template_path = "__PREFIX__/templates" |
150,7 → 150,7 |
template_use_compiled = TRUE |
template old "Traditional" |
@@ -601,14 +605,14 @@ hiersep = "/" |
@@ -603,14 +594,14 @@ hiersep = "/" |
dualuse = FALSE |
# Names of postponed_folder and sent_mail_folder, relative to maildir |
/trunk/debian/patches/templates_fallback_to_compiled.patch |
---|
34,7 → 34,7 |
"Template %s not found (top level template_expand())\n", |
--- a/files/etc/prayer.cf.SRC |
+++ b/files/etc/prayer.cf.SRC |
@@ -455,7 +455,7 @@ pid_dir = "$var_prefix" |
@@ -444,7 +444,7 @@ pid_dir = "$var_prefix" |
###################################################################### |
# Template stuff |
/trunk/debian/control |
---|
5,7 → 5,7 |
Build-Depends: cdbs, debhelper (>= 7), |
libc-client2007e-dev | libc-client-dev, |
libldap2-dev, zlib1g-dev, libssl-dev (>= 0.9.6), libdb-dev, libtidy-dev |
Standards-Version: 3.9.4 |
Standards-Version: 3.9.2 |
Vcs-Svn: svn://svn.kibibyte.se/prayer/trunk |
Vcs-Browser: http://svn.kibibyte.se/prayer |
Homepage: http://www-uxsup.csx.cam.ac.uk/~dpc22/prayer/ |
29,6 → 29,13 |
the IMAP server rather than in a SQL database. It does however implement a |
full range of features and user preference settings. |
Package: prayer-templates |
Architecture: all |
Depends: prayer-templates-src, ${misc:Depends} |
Description: dummy package depending on prayer-templates-src |
The Prayer template source package is now called prayer-templates-src. |
This package can safely be removed after upgrade. |
Package: prayer-templates-src |
Architecture: all |
Depends: ${misc:Depends} |
/trunk/debian/changelog |
---|
1,37 → 1,3 |
prayer (1.3.5-dfsg1-3) unstable; urgency=low |
* disable_ssl3.patch (new): Disable SSL 3.0 due to CVE-2014-3566 |
(POODLE). |
* debian/Config: Disable ACCOUNTD_SSL_ENABLE since the SSL/TLS support |
in prayer-accountd and prayer-session is incomplete and never was |
functional. |
-- Magnus Holmgren <holmgren@debian.org> Wed, 29 Oct 2014 22:32:18 +0100 |
prayer (1.3.5-dfsg1-2) unstable; urgency=high |
* dlopen_templates.patch: Use MYCFLAGS (which is initialized to the |
value of CFLAGS from dpkg-buildflags in the Config file) instead of |
CFLAGS in templates/{src,cam,old}/Makefile (Closes: #715310, LP: |
#1201216). The --defsym options were lost when we let CDBS override |
CFLAGS in the previous upload. |
-- Magnus Holmgren <holmgren@debian.org> Thu, 18 Jul 2013 22:47:08 +0200 |
prayer (1.3.5-dfsg1-1) unstable; urgency=low |
* New upstream release. |
* Refresh patches. |
* Drop dummy package prayer-templates. |
* No longer override CDBS overriding CFLAGS, thereby allowing hardening |
flags to be properly propagated. I think it caused internal include |
flags to be lost, but since at least 1.3.2 that's no longer the case. |
* Bump Standards-Version to 3.9.4. |
* hurd.patch: Always define HAVE_SHADOW. The test for BSD4_4 seems |
bogus; it is defined on Hurd, but crypt(3) is available there. |
-- Magnus Holmgren <holmgren@debian.org> Wed, 12 Jun 2013 00:09:05 +0200 |
prayer (1.3.4-dfsg1-1) unstable; urgency=low |
* New upstream release. |
/trunk/debian/rules |
---|
10,7 → 10,9 |
include /usr/share/cdbs/1/class/makefile.mk |
include /usr/share/cdbs/1/rules/debhelper.mk |
DEB_MAKE_INVOKE = $(DEB_MAKE_ENVVARS) $(MAKE) |
DEB_MAKE_INSTALL_TARGET = install BROOT=$(CURDIR)/debian/tmp |
DEB_INSTALL_CHANGELOGS_ALL = docs/DONE |
DEB_INSTALL_DOCS_prayer-templates = --link-doc=prayer-templates-src |
DEB_DH_INSTALL_SOURCEDIR = debian/tmp |
DEB_INSTALL_MANPAGES_prayer = "--language=C" |
/trunk/debian/Config |
---|
22,7 → 22,7 |
# Probably don't need the following |
ACCOUNTD_ENABLE = true # Only of use in Cambridge at the moment. |
ACCOUNTD_SSL_ENABLE = false # Enable SSL support in account management daemon |
ACCOUNTD_SSL_ENABLE = true # Enable SSL support in account management daemon |
ACCOUNTD_PAM_ENABLE = true # Enable PAM support in account management daemon |
ACCOUNTD_USE_BSD_PTY = false # Use Berkeley PTYs rather than Sys V PTYs |
/trunk/debian/watch |
---|
1,3 → 1,9 |
# Example watch control file for uscan |
# Rename this file to "watch" and then you can run the "uscan" command |
# to check for upstream updates and more. |
# See uscan(1) for format |
# Compulsory line, this is a version 3 file |
version=3 |
opts=dversionmangle=s/-dfsg\d*$// \ |