tag 606922 patch thanks On Fri, Dec 17, 2010 at 12:53 AM, Russ Allbery wrote: > Michael Gilbert <michael.s.gilb...@gmail.com> writes: > >> I apologize ahead of time for the bts ping pong, but according to the >> build log (which is where I checked for my original bug report) jpake >> is indeed built. > >> $ debuild | grep jpake > > jpake.c is run through the compiler, but the entire file is stubbed out if > the preprocessor define JPAKE is not enabled, and I don't see anything in > the build system that would set this. From the upstream ChangeLog (note > the last bit):
This appears to be true, but I would be more comfortable if the object code were explicitly not built and thus 100% known to not be used or available in any of the libs. Attached is a patch that does that. Mike
diff -Nru openssh-5.5p1/debian/changelog openssh-5.5p1/debian/changelog --- openssh-5.5p1/debian/changelog 2010-08-23 17:59:04.000000000 -0400 +++ openssh-5.5p1/debian/changelog 2010-12-17 02:09:14.000000000 -0500 @@ -1,3 +1,9 @@ +openssh (1:5.5p1-5local1) unstable; urgency=low + + * Don't build JPAKE object code (closes: #606922). + + -- Michael Gilbert <michael.s.gilb...@gmail.com> Fri, 17 Dec 2010 02:08:49 -0500 + openssh (1:5.5p1-5) unstable; urgency=low * Use an architecture wildcard for libselinux1-dev (closes: #591740). diff -Nru openssh-5.5p1/debian/patches/disable-jpake.patch openssh-5.5p1/debian/patches/disable-jpake.patch --- openssh-5.5p1/debian/patches/disable-jpake.patch 1969-12-31 19:00:00.000000000 -0500 +++ openssh-5.5p1/debian/patches/disable-jpake.patch 2010-12-17 02:11:00.000000000 -0500 @@ -0,0 +1,23 @@ +Description: Don't build JPAKE object code (closes: #606922). +Author: Michael Gilbert <michael.s.gilb...@gmail.com> +Bug-Debian: http://bugs.debian.org/606922 +--- openssh-5.5p1.orig/Makefile.in ++++ openssh-5.5p1/Makefile.in +@@ -75,7 +75,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b + atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \ + monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \ + kexgex.o kexdhc.o kexgexc.o msg.o progressmeter.o dns.o \ +- entropy.o gss-genr.o umac.o jpake.o schnorr.o \ ++ entropy.o gss-genr.o umac.o schnorr.o \ + ssh-pkcs11.o kexgssc.o + + SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ +@@ -87,7 +87,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw + auth.o auth1.o auth2.o auth-options.o session.o \ + auth-chall.o auth2-chall.o groupaccess.o \ + auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ +- auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-jpake.o \ ++ auth2-none.o auth2-passwd.o auth2-pubkey.o \ + monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \ + auth-krb5.o \ + auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o\ diff -Nru openssh-5.5p1/debian/patches/series openssh-5.5p1/debian/patches/series --- openssh-5.5p1/debian/patches/series 2010-04-16 05:19:27.000000000 -0400 +++ openssh-5.5p1/debian/patches/series 2010-12-17 02:10:28.000000000 -0500 @@ -42,3 +42,4 @@ # Debian-specific configuration gnome-ssh-askpass2-icon.patch debian-config.patch +disable-jpake.patch
