tag 375850 patch
tag 403855 patch
thanks
Included is a patch which drops conffile modification from john. This
package might become considerable for etch if someone uploads
sufficiently soon (this might require filterdiff including only the
"control" and maintscript modifications).
You can also rm -fr ./po/ ./templates ./config, since debconf is no
longer used (All these did was ask a question about enabling the
provided system cronjob).
Justin
diff -u john-1.6/debian/extra/cronjob john-1.6/debian/extra/cronjob
--- john-1.6/debian/extra/cronjob
+++ john-1.6/debian/extra/cronjob
@@ -171,7 +171,7 @@
and, if John is not running, remove /var/lock/john and/or $PIDDIR/john.pid
EOF
else
- mail -s "There are John cron's stale files" root <<EOF
+ mail -s "There are stale files from a John cronjob" root <<EOF
There are stale files of a John cronjob at $HOSTNAME
Please investigate this situation and remove /var/lock/john
and/or $PIDDIR/john.pid
diff -u john-1.6/debian/extra/john john-1.6/debian/extra/john
--- john-1.6/debian/extra/john
+++ john-1.6/debian/extra/john
@@ -1,4 +1,7 @@
-#!/bin/bash -e
+#!/bin/bash
+# Choose the fastest john executable supported by the processor. This
+# requires bash exec -a, otherwise john doesn't run.
+set -e
MYNAME=john
if [ -n $0 ]; then
@@ -9,6 +12,6 @@
- exec -a $MYNAME /usr/lib/john/john-mmx $*
-else
- exec -a $MYNAME /usr/lib/john/john-any $*
+ exec -a john /usr/lib/john/john-mmx "$@"
+ exit 1
fi
-exit 0
+exec -a john /usr/lib/john/john-any "$@"
+exit 1
diff -u john-1.6/debian/patches/makefile.diff
john-1.6/debian/patches/makefile.diff
--- john-1.6/debian/patches/makefile.diff
+++ john-1.6/debian/patches/makefile.diff
@@ -5,14 +5,14 @@
$(MAKE) $(PROJ) \
JOHN_OBJS="$(JOHN_OBJS) x86.o" \
- CFLAGS="$(CFLAGS) -m486"
-+ CFLAGS="$(CFLAGS) -mcpu=i486"
++ CFLAGS="$(CFLAGS) -march=i486"
linux-x86-mmx-elf:
$(LN) x86-mmx.h arch.h
$(MAKE) $(PROJ) \
JOHN_OBJS="$(JOHN_OBJS) x86.o" \
- CFLAGS="$(CFLAGS) -m486"
-+ CFLAGS="$(CFLAGS) -mcpu=i486"
++ CFLAGS="$(CFLAGS) -march=i486"
linux-x86-k6-elf:
$(LN) x86-k6.h arch.h
@@ -21,7 +21,7 @@
$(MAKE) $(PROJ) \
JOHN_OBJS="$(JOHN_OBJS) x86.o" \
- CFLAGS="$(CFLAGS) -m486" \
-+ CFLAGS="$(CFLAGS) -mcpu=i486" \
++ CFLAGS="$(CFLAGS) -march=i486" \
ASFLAGS="$(ASFLAGS) -DUNDERSCORES -DALIGN_LOG"
-linux-alpha:
@@ -47,7 +47,7 @@
$(MAKE) $(PROJ) \
JOHN_OBJS="$(JOHN_OBJS) x86.o" \
- CFLAGS="$(CFLAGS) -m486" \
-+ CFLAGS="$(CFLAGS) -mcpu=i486" \
++ CFLAGS="$(CFLAGS) -march=i486" \
ASFLAGS="$(ASFLAGS) -DUNDERSCORES -DALIGN_LOG -DBSD"
freebsd-x86-k6-a.out:
@@ -56,7 +56,7 @@
$(MAKE) $(PROJ) \
JOHN_OBJS="$(JOHN_OBJS) x86.o" \
- CFLAGS="$(CFLAGS) -m486" \
-+ CFLAGS="$(CFLAGS) -mcpu=i486" \
++ CFLAGS="$(CFLAGS) -march=i486" \
ASFLAGS="$(ASFLAGS) -DBSD"
freebsd-x86-mmx-elf:
@@ -64,7 +64,7 @@
$(MAKE) $(PROJ) \
JOHN_OBJS="$(JOHN_OBJS) x86.o" \
- CFLAGS="$(CFLAGS) -m486" \
-+ CFLAGS="$(CFLAGS) -mcpu=i486" \
++ CFLAGS="$(CFLAGS) -march=i486" \
ASFLAGS="$(ASFLAGS) -DBSD"
freebsd-x86-k6-elf:
@@ -73,7 +73,7 @@
$(MAKE) $(PROJ) \
JOHN_OBJS="$(JOHN_OBJS) x86.o" \
- CFLAGS="$(CFLAGS) -m486" \
-+ CFLAGS="$(CFLAGS) -mcpu=i486" \
++ CFLAGS="$(CFLAGS) -march=i486" \
ASFLAGS="$(ASFLAGS) -DUNDERSCORES -DALIGN_LOG -DBSD"
openbsd-x86-k6:
@@ -82,7 +82,7 @@
SHELL=/bin/sh \
JOHN_OBJS="$(JOHN_OBJS) solaris-x86.o" \
- CFLAGS="$(CFLAGS) -m486"
-+ CFLAGS="$(CFLAGS) -mcpu=i486"
++ CFLAGS="$(CFLAGS) -march=i486"
solaris-x86-k6:
$(RM) arch.h
@@ -91,7 +91,7 @@
$(MAKE) $(PROJ_DOS) \
JOHN_OBJS="$(JOHN_OBJS) x86.o" \
- CFLAGS="$(CFLAGS) -m486" \
-+ CFLAGS="$(CFLAGS) -mcpu=i486" \
++ CFLAGS="$(CFLAGS) -march=i486" \
ASFLAGS="$(ASFLAGS) -DUNDERSCORES -DALIGN_LOG"
dos-djgpp-x86-mmx:
@@ -99,7 +99,7 @@
$(MAKE) $(PROJ_DOS) \
JOHN_OBJS="$(JOHN_OBJS) x86.o" \
- CFLAGS="$(CFLAGS) -m486" \
-+ CFLAGS="$(CFLAGS) -mcpu=i486" \
++ CFLAGS="$(CFLAGS) -march=i486" \
ASFLAGS="$(ASFLAGS) -DUNDERSCORES -DALIGN_LOG"
dos-djgpp-x86-k6:
diff -u john-1.6/debian/control john-1.6/debian/control
--- john-1.6/debian/control
+++ john-1.6/debian/control
@@ -4,11 +4,11 @@
Maintainer: Guilherme de S. Pastore <[EMAIL PROTECTED]>
Uploaders: Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]>
Standards-Version: 3.6.2
-Build-Depends: cdbs, debhelper (>= 4.1.16), po-debconf
+Build-Depends: cdbs, debhelper (>= 4.1.16)
Package: john
Architecture: any
-Depends: ${shlibs:Depends}, dpkg (>= 1.10.16), debconf | debconf-2.0
+Depends: ${shlibs:Depends}, dpkg (>= 1.10.16)
Suggests: wenglish | wordlist
Description: active password cracking tool
john, mostly known as John the Ripper, is a tool designed to help systems
@@ -23 +23 @@
- Homepage: http://www.openwall.com/john/
+ Homepage: http://www.openwall.com/john/
diff -u john-1.6/debian/postinst john-1.6/debian/postinst
--- john-1.6/debian/postinst
+++ john-1.6/debian/postinst
@@ -2,60 +2,53 @@
+set -e
-# Let's make a smooth transition for the conffiles
-if [ $1 = "configure" ] && dpkg --compare-versions "$2" le 1.6-27; then
- for file in john.ini john-mail.conf john-mail.msg; do
- if [ -f "/etc/$file" ]; then
- mv /etc/$file /etc/john
- fi
- done
-fi
-
-CONFFILE='/etc/john/john.conf'
-# Source debconf library
-if [ -f /usr/share/debconf/confmodule ]; then
- . /usr/share/debconf/confmodule
-
- db_get john/cronjob-replacement || RET="true"
- if [ "$RET" = "true" ]; then
- if [ -f /etc/cron.daily/john ] && [ ! -L /etc/cron.daily/john ]; then
- rm /etc/cron.daily/john
- fi
- fi
-
-# Set the cronjob
- db_get john/cronjob ; INSTCRON="$RET"
- cronfile=/etc/cron.d/john
- tmp=`tempfile`
- if [ "$INSTCRON" = "true" ] && [ -f $cronfile ]; then
- cat $cronfile | sed -e 's/^#00/00/' >$tmp
- mv $tmp $cronfile
- else
- # We have two options here, leave the file as it is (the user
- # might have modified it) or revert the previous change. I'm
- # opting for the second case to make the debconf operation
- # idempotent (jfs)
- if [ -f $cronfile ] ; then
- cat $cronfile | sed -e 's/^00/#00/' >$tmp
- mv $tmp $cronfile
- else
- rm $tmp
- fi
- fi
-
- # This could be improved to be a choice list of installed dictionaries
- # at /usr/share/dict/. However this is much more versatile (since the
- # admin can download wordlist from any sources and have them added here)
- # This could be done by reading the files and using db_subst in
- # a choice list template BTW (jfs)
- db_get john/wordlist; WORDLIST="$RET"
- if [ -f "$WORDLIST" ] ; then
- if [ -f "$CONFFILE" ] ; then
- TEMPFILE=`tempfile -d /etc/ -m 644`
- # Warn: Wordlist contains / so we use ',' instead, if the
- # user uses ',' the script will break (he shouldnt do that)
- sed -e "s,^Wordfile = .*,Wordfile = $WORDLIST," $CONFFILE >$TEMPFILE
- mv $TEMPFILE $CONFFILE
- fi
- fi
-fi
+# Versions earlier than 1.6-34 and later than (perhaps) 1.6-19 include
+# /var/run/john as mode 0755, which could allow users to read cracked
+# passwords. Later versions fixed the permissions of the included
+# directory, but dpkg doesn't automatically make changes to directory
+# modes.
+fixperms ()
+{
+ p=/var/run/john
+ # If the admin has an override, don't touch it
+ # (even if the override is to mode 0700?)
+ dpkg-statoverride --list $p >/dev/null && return
+ curmod=`stat -c %a $p`
+ (( ( "0$curmod" & 07077 ) == 0 )) && return
+ chmod -v 0700 $p
+}
+
+# Commit conffile move from preinst
+rm_conffile_do ()
+{
+ c=0
+ # a=1 is a search if the files exist,
+ # a=2 is removal of those which do
+ for a in 1 2; do
+ for f in john-mail.conf john-mail.msg john.ini; do
+ g=/etc/$f.moved_by_preinst
+ [ -e $g ] || continue
+ let ++c
+ [ "$a" = 1 ] && break
+ echo -n " "
+ rm -fv $g
+ done
+
+ [ "$c" -eq 0 ] && return
+ [ "$a" -eq 1 ] || continue
+ echo "Committing removal of unmodified conffiles:"
+ done
+} >&2
+
+case $1 in
+configure|abort-upgrade|abort-remove|abort-deconfigure)
+ fixperms
+ rm_conffile_do
+ ;;
+
+*)
+ echo "$0: undocumented call $@" >&2
+ exit 1
+ ;;
+esac
-#DEBHELPER#
\ No newline at end of file
+#DEBHELPER#
diff -u john-1.6/debian/preinst john-1.6/debian/preinst
--- john-1.6/debian/preinst
+++ john-1.6/debian/preinst
@@ -1,11 +1,63 @@
-#!/bin/sh -e
+#!/bin/sh
+set -e
-if [ $1 = "upgrade" ] && dpkg --compare-versions "$2" le 1.6-27; then
- for file in john.conf john-mail.conf john-mail.msg; do
- if [ -e "/etc/john/$file"]; then
- mv /etc/john/$file /etc/john/$file.old
+dpkgstat=/var/lib/dpkg/status
+
+# Relocate a conffile from one location to another; it is removed iff
+# unmodified, and moved iff modified.
+# The undo path is postrm abort-install|abort-upgrade.
+# $1 is the old pathname of the conffile,
+# $2 is the new pathname of the conffile.
+mv_conffile ()
+{
+ [ ! -f "$1" ] && return
+ if [ -f "$2" ]; then
+ echo "Not moving conffile $1 to $2; new file exists"
+ return
fi
- done
-fi
+
+ orgmd5=`sed -nre "/^Conffiles:/,/^[^ ]/{ \\'$1' {s///; s/^ *//; s/
.*//; p;}}" $dpkgstat`
+ curmd5=`md5sum $1 |sed -e 's/ .*//'`
+ if [ "$orgmd5" = "$curmd5" ]; then
+ # conffile unmodified; prepare to remove it, allowing
+ # dpkg to install a new copy to the new location
+ # before "configuration"
+ echo "Preparing to remove unmodified conffile:"
+ echo -n " "
+ mv -fv $1 $1.moved_by_preinst
+ else
+ # conffile modified by admin; relocate it, causing
+ # dpkg to prompt, as intended
+ echo "Relocating modified conffile to new location:"
+ echo -n " "
+ mv -fvT $1 $2
+ fi >&2
+}
+
+p1=/etc
+p2=/etc/john
+case $1 in
+install|upgrade)
+ [ -d $p2 ] || mkdir $p2
+ if dpkg --compare-versions "$2" le-nl 1.6-27; then
+ mv_conffile $p1/john.ini $p2/john.conf
+ mv_conffile $p1/john-mail.conf $p2/john-mail.conf
+ mv_conffile $p1/john-mail.msg $p2/john-mail.msg
+
+ # No need to remove the obsolete conffile
+ # /etc/cron.daily/john, since old postrm does so
+ # unconditionally (and there is nothing we can do to stop it)
+ fi
+ ;;
+
+abort-upgrade)
+ # This case needs no actions here
+ ;;
+
+*)
+ echo "$0: undocumented call: $@"
+ exit 1
+ ;;
+esac
#DEBHELPER#
diff -u john-1.6/debian/postrm john-1.6/debian/postrm
--- john-1.6/debian/postrm
+++ john-1.6/debian/postrm
@@ -1,16 +1,61 @@
-#!/bin/sh -e
+#!/bin/sh
+set -e
-if [ "$1" = purge ]; then
- if [ -e /usr/share/debconf/confmodule ]; then
- . /usr/share/debconf/confmodule
- db_purge
- fi
-
- for location in /var/lib/john /etc/john /var/run/john; do
- if [ -d $location ]; then
- find $location -type f | xargs rm -f
+# Revert relocation of a conffile from one location to another.
+# The forward path is preinst install|upgrade.
+# $1 is the original pathname of the conffile,
+# $2 is the pathname of the current conffile.
+unmv_conffile ()
+{
+ if [ -e $1 ]; then
+ echo "Not reverting conffile relocation to $2;\
+ original pathname $1 exists."
+ elif [ -e $1.moved_by_preinst ]; then
+ echo "Reverting removal of unmodified conffile:"
+ echo -n " "
+ mv -v $1.moved_by_preinst $1
+ elif [ -e $2 ]; then
+ echo "Reverting relocation of modified conffile to original
location:"
+ echo -n " "
+ mv -fvT $2 $1
+ fi >&2
+}
+
+case $1 in
+disappear|remove)
+ # These are the restore and cracked-password file used by the
+ # cronjob for attacking the system password file for a short
+ # period each day:
+ d=/var/lib/john
+ rm -f $d/restore $d/john.pot
+ d=/var/run/john
+# FIXME: this is configurable...
+ rm -f $d/john.pid $d/cronpasswd.*
+ ;;
+
+abort-install|abort-upgrade)
+ # Revert relocation of conffiles:
+ p1=/etc
+ p2=/etc/john
+ if dpkg --compare-versions "$2" le-nl 1.6-27; then
+ unmv_conffile $p1/john.ini $p2/john.conf
+ unmv_conffile $p1/john-mail.conf $p2/john-mail.conf
+ unmv_conffile $p1/john-mail.msg $p2/john-mail.msg
+
+ # "Display the warning, but don't fail if nonempty":
+ rmdir $p2 || rmdir --ignore-fail-on-non-empty $p2
fi
- done
-fi
+ ;;
+
+purge|upgrade|failed-upgrade)
+ # These cases need no actions here
+ :
+ ;;
+
+*)
+ echo "$0: undocumented call: $@" >&2
+ exit 1
+ ;;
+esac
#DEBHELPER#
diff -u john-1.6/debian/prerm john-1.6/debian/prerm
--- john-1.6/debian/prerm
+++ john-1.6/debian/prerm
@@ -2,21 +2,19 @@
+set -e
-# Remove runtime file when purging john.
+case $1 in
+remove)
+ /usr/share/john/cronjob stop
+ ;;
-if [ "$1" = "remove" ]; then
- . /usr/share/debconf/confmodule
- rm -f /usr/share/john/restore
-# Also deinstall the cronjob since it will not be working properly
- db_get john/cronjob ; INSTCRON="$RET"
- cronfile=/etc/cron.d/john
- tmp=`tempfile`
-# If the user enabled the cronjob through debconf remove it, otherwise
-# keep it as it is since it is a local change.
- if [ "$INSTCRON" = "true" ]; then
- cat $cronfile | sed -e 's/^00/#00/' >$tmp
- mv $tmp $cronfile || rm $tmp
- fi
-fi
+upgrade|failed-upgrade|deconfigure)
+ # These cases need no actions here
+ :
+ ;;
-#DEBHELPER#
+*)
+ echo "$0: undocumented call: $@" >&2
+ exit 1
+ ;;
+esac
-exit 0
+#DEBHELPER#
diff -u john-1.6/debian/changelog john-1.6/debian/changelog
--- john-1.6/debian/changelog
+++ john-1.6/debian/changelog
@@ -1,3 +1,32 @@
+john (1.6-40.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * High-urgency for RC bugfix, weeks after initial release schedule;
+ * Neither remove nor edit conffiles; Closes: 375850;
+ - the debconf settings are not necessary for package operation,
+ so just don't use debconf
+ - preserves settings in preinst, rather than moving conffiles to
+ foo.old
+ - do the conffile relocation in preinst (not postinst, which
+ inhibits dpkg diffs when they should be displayed)
+ - remove the obsoleted cronjob if it is unmodified, and comment
+ it out if it is; alert the admin in all cases;
+ - the cronjob does nothing if the executable isn't +x, so doesn't
+ need to be commented out on uninstallation;
+ * Set /var/run/john to mode 0700 unless a dpkg-statoverride exists;
+ Closes: #403855
+ * Remove restore file from /var/lib, not /usr/share; and do so in
+ postrm remove, not prerm remove;
+ * Don't litter tempfiles (again);
+ * Indent Homepage pseudofield;
+ * Set /var/run/john to mode 0700 in postinst unless it there exists
+ a statoverride; Closes: 403855.
+ * Cosmetic change of "stale" mail message subject
+ * /usr/sbin/john: don't split arguments with spaces
+ * makefile.diff: silence gcc warnings with s/-mcpu/-march/
+
+ -- Justin Pryzby <[EMAIL PROTECTED]> Thu, 28 Dec 2006 15:03:17 -0500
+
john (1.6-40) unstable; urgency=low
* debian/control: updated my e-mail address.
diff -u john-1.6/debian/README john-1.6/debian/README
--- john-1.6/debian/README
+++ john-1.6/debian/README
@@ -13,24 +13,17 @@
define when to start the cronjob and how long it should run daily. The
cronjob will then be automatically stopped after that time and the
- current state saved. When the cronjob is then started again the next
- day, it will pick off where it stopped. If you don't want to the
- cronjob to continue an old session, but instead start with a fresh copy
- of the password file, you need to remove the file
- /var/lib/john/restore.
+ current state saved. When the cronjob is started again the next day, it
+ will restart off where it stopped. If you don't want the cronjob to
+ continue an old session, but instead start with a fresh copy of the
+ password file, you need to remove the file /var/lib/john/restore.
- The package ugrade already installed the new cronjob and offered to
- remove the old cronjob. In case that you let the package upgrade remove
- the old cronjob, you now need to edit the file /etc/cron.d/john to
- define at which time the cronjob shall be started and at which time it
- should be stopped.
+ The package upgrade installs the new cronjob, and removes the old one.
+ If you want the new cronjob to run, you must uncomment the active lines
+ from /etc/cron.d/john; you might also modify the times when the cronjob
+ will be started and stopped.
- In case that you didn't allow the package upgrade to remove the old
- cronjob, you will need to remove the file /etc/cron.daily/john
- manually. You can then also edit the file /etc/cron.d/john as described
- in the paragraph above.
-
- The new cronjob will only be started after you edited /etc/cron.d/john.
- If you don't edit the file, the cronjob will not be started and you can
- run john from the command line.
+ The new cronjob will only be active after editting /etc/cron.d/john.
+ If you don't edit the file, the cronjob will not be started, but you
+ can still run john from the command line.
-- Christian Kurz <[EMAIL PROTECTED]>, Tue, 02 Sep 2003 22:52:46 +0200
only in patch2:
unchanged:
--- john-1.6.orig/debian/TODO
+++ john-1.6/debian/TODO
@@ -0,0 +1,7 @@
+/etc/defaults/john for "nice" and cronjob setup
+extra/mailer,cronjob:
+ /bin/sh
+ set -e
+ exit 1
+cronjob:
+ sed -nre '/^ *passfile *= */!d; s///; s/#.*//; p; d;'
/etc/john/john-mail.conf
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
