Dear Jan,
TL;DR please review the attached debdiff. ;)
Am 26.01.2012 17:38, schrieb Fabian Greffrath:
BTW, is /usr/share/cracklib/cracklib-small considered at all? It gets
installed as part of libcrack2, but I do not find it used anywhere.
honestly, I think the /usr/share/cracklib/cracklib-small file is
installed in the wrong location! It is a, though minimal, word list
and should thus get installed into /usr/share/dict. Furthermore it
should not be part of the libcrack2 shared library package, but of
cracklib-runtime. So there will always be at least cracklib's own
provided minimal word list to compile a database from, even if no
other package providing a word list (though recommended) is installed.
Instead of providing the "500 worst passwords" as a separate wordlist
alongside cracklib-small, I'd suggest to extend the latter with the
entries that do not fail the regular cracklib test and are not duplicates.
Furthermore, the other file installed into the same directory,
/usr/share/cracklib/cracklib.magic, can be safely omitted from the
package. It is not installed into the right directory to provide
information for the file(1) tool anyway and recent releases of the
file tool (at least since 2005, [1]) are capable of detecting cracklib
databases on their own.
- Fabian
[1]
https://github.com/glensc/file/commit/55b56780b30093bd8257f9ed4665a1d331eeaae9#magic/Magdir/cracklib
diff -Nru cracklib2-2.8.18/debian/changelog cracklib2-2.8.18/debian/changelog
--- cracklib2-2.8.18/debian/changelog 2011-06-11 22:29:28.000000000 +0200
+++ cracklib2-2.8.18/debian/changelog 2012-01-27 10:52:47.000000000 +0100
@@ -1,3 +1,24 @@
+cracklib2 (2.8.18-3.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Extend the tiny example wordlist included with the cracklib package
+ itself with the words from the list of "The Top 500 Worst Passwords
+ of All Time" [1], modulo the ones that fail the regular cracklib tests
+ anyway (Closes: 657464).
+ [1] <http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time>
+ * Move the /usr/share/cracklib/cracklib-small wordlist file from the
+ libcrack2 to the cracklib-runtime package and install it into
+ /usr/share/dict. So there will always be at least the tiny example
+ wordlist to compile a database from, even if no other package providing
+ a wordlist (though recommended) is installed.
+ * Do not install the /usr/share/cracklib/cracklib.magic file anymore.
+ It was installed in the wrong location anyway and the file(1) tool
+ is able to independently detect cracklib databases since at least 2005.
+ * Remove config.h.in in the clean rule in debian/rules,
+ fixes FTBFS twice in a row.
+
+ -- Fabian Greffrath <[email protected]> Fri, 27 Jan 2012 10:51:50
+0100
+
cracklib2 (2.8.18-3) unstable; urgency=low
* switch from python-support to dh_python2
diff -Nru cracklib2-2.8.18/debian/cracklib-runtime.install
cracklib2-2.8.18/debian/cracklib-runtime.install
--- cracklib2-2.8.18/debian/cracklib-runtime.install 2011-06-11
22:29:28.000000000 +0200
+++ cracklib2-2.8.18/debian/cracklib-runtime.install 2012-01-27
10:38:39.000000000 +0100
@@ -5,3 +5,4 @@
debian/tmp/usr/sbin/cracklib-packer usr/sbin
debian/tmp/usr/sbin/cracklib-unpacker usr/sbin
debian/tmp/usr/sbin/create-cracklib-dict usr/sbin
+debian/tmp/usr/share/cracklib/cracklib-small usr/share/dict
diff -Nru cracklib2-2.8.18/debian/libcrack2.install
cracklib2-2.8.18/debian/libcrack2.install
--- cracklib2-2.8.18/debian/libcrack2.install 2011-06-11 22:29:28.000000000
+0200
+++ cracklib2-2.8.18/debian/libcrack2.install 2012-01-27 10:39:43.000000000
+0100
@@ -1,4 +1,2 @@
debian/tmp/usr/lib/libcrack.so.2.8.1 usr/lib
-debian/tmp/usr/share/cracklib/cracklib-small usr/share/cracklib
-debian/tmp/usr/share/cracklib/cracklib.magic usr/share/cracklib
debian/tmp/usr/share/locale/* usr/share/locale
diff -Nru cracklib2-2.8.18/debian/patches/series
cracklib2-2.8.18/debian/patches/series
--- cracklib2-2.8.18/debian/patches/series 1970-01-01 01:00:00.000000000
+0100
+++ cracklib2-2.8.18/debian/patches/series 2012-01-27 10:18:57.000000000
+0100
@@ -0,0 +1 @@
+top-500-worst-passwords.patch
diff -Nru cracklib2-2.8.18/debian/patches/top-500-worst-passwords.patch
cracklib2-2.8.18/debian/patches/top-500-worst-passwords.patch
--- cracklib2-2.8.18/debian/patches/top-500-worst-passwords.patch
1970-01-01 01:00:00.000000000 +0100
+++ cracklib2-2.8.18/debian/patches/top-500-worst-passwords.patch
2012-01-27 10:41:45.000000000 +0100
@@ -0,0 +1,169 @@
+Description: Extend the tiny example wordlist included with the cracklib
+ package itself with the words from the list of "The Top 500 Worst Passwords
+ of All Time", modulo the ones that fail the regular cracklib tests anyway.
+Origin: http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657464
+Author: Fabian Greffrath <[email protected]>
+
+--- cracklib2-2.8.18.orig/dicts/cracklib-small
++++ cracklib2-2.8.18/dicts/cracklib-small
+@@ -6,6 +6,7 @@
+ 5th
+ 6th
+ 7th
++8675309
+ 8th
+ 9th
+ a
+@@ -90,6 +91,7 @@ abetter
+ abetting
+ abeyance
+ abeyant
++abgrtyu
+ abhor
+ abhorred
+ abhorrent
+@@ -3228,6 +3230,7 @@ ascribed
+ ascribes
+ ascribing
+ ascription
++asdfgh
+ aseptic
+ asexual
+ ash
+@@ -7685,6 +7688,7 @@ butternut
+ butters
+ buttery
+ buttes
++butthead
+ butting
+ buttock
+ buttock's
+@@ -19308,6 +19312,7 @@ fire
+ firearm
+ firearm's
+ firearms
++firebird
+ fireboat
+ firebreak
+ firebug
+@@ -20770,6 +20775,7 @@ gamin
+ gaming
+ gamma
+ gamut
++gandalf
+ gander
+ gang
+ ganges
+@@ -22572,6 +22578,7 @@ hardbake
+ hardboard
+ hardboiled
+ hardcopy
++hardcore
+ harden
+ harder
+ hardest
+@@ -24288,6 +24295,7 @@ illustrious
+ illustriousness
+ illy
+ ilona
++iloveyou
+ ilyushin
+ i'm
+ image
+@@ -26413,6 +26421,7 @@ ivies
+ ivory
+ ivy
+ ivy's
++iwantu
+ ix
+ izvestia
+ j
+@@ -28036,6 +28045,7 @@ lethargic
+ lethargy
+ lethe
+ letitia
++letmein
+ let's
+ lets
+ letter
+@@ -31899,6 +31909,7 @@ nbs
+ nc
+ ncaa
+ ncar
++ncc1701
+ nco
+ ncr
+ nd
+@@ -36095,6 +36106,7 @@ pony's
+ pooch
+ poodle
+ pooh
++pookie
+ pool
+ poole
+ pooled
+@@ -37815,6 +37827,7 @@ pythagorean
+ python
+ q
+ qatar
++qazwsx
+ qed
+ q's
+ qua
+@@ -38088,6 +38101,8 @@ quotes
+ quoth
+ quotient
+ quoting
++qwerty
++qwertyui
+ r
+ rabat
+ rabbet
+@@ -41054,6 +41069,7 @@ rural
+ rurally
+ ruse
+ rush
++rush2112
+ rushed
+ rusher
+ rushes
+@@ -41774,6 +41790,7 @@ scold
+ scolded
+ scolding
+ scolds
++scooby
+ scoop
+ scooped
+ scooping
+@@ -44957,6 +44974,7 @@ squirrels
+ squirt
+ squishy
+ sri
++srinivas
+ s's
+ sse
+ sst
+@@ -45161,6 +45179,7 @@ starve
+ starved
+ starves
+ starving
++starwars
+ stash
+ stasis
+ state
+@@ -48107,6 +48126,7 @@ thwack
+ thwart
+ thwarted
+ thwarting
++thx1138
+ thy
+ thyme
+ thymine
+@@ -52845,4 +52865,6 @@ zounds
+ z's
+ zucchini
+ zurich
++zxcvbn
++zxcvbnm
+ zygote
diff -Nru cracklib2-2.8.18/debian/rules cracklib2-2.8.18/debian/rules
--- cracklib2-2.8.18/debian/rules 2011-06-11 22:29:28.000000000 +0200
+++ cracklib2-2.8.18/debian/rules 2012-01-27 10:51:44.000000000 +0100
@@ -43,7 +43,7 @@
dicts/Makefile.in doc/Makefile.in lib/Makefile.in m4/Makefile.in
\
py-compile python/Makefile.in util/Makefile.in ltmain.sh
\
m4/ltoptions.m4 m4/ltversion.m4 m4/libtool.m4 m4/ltsugar.m4
\
- m4/lt~obsolete.m4
+ m4/lt~obsolete.m4 config.h.in
override_dh_auto_install:
$(MAKE) -C debian/tmpbuild DESTDIR=`pwd`/debian/tmp install
