Justin Pryzby wrote:
> On Tue, Mar 13, 2007 at 11:25:27PM -0700, Kevin B. McCarty wrote:
>> Hi Justin,
>>
>> Not having heard from you yet, since there is now a new urgency
>> resulting from the latest release announcement [0], I am planning to go
>> ahead and NMU the RC bugs in "john" tomorrow morning (also wishlist
>> #412797, gl.po for debconf, while I am at it). I hope that you don't mind!
>>
>> [0] http://lists.debian.org/debian-devel-announce/2007/03/msg00012.html
> Hi Kevin,
>
> This is probably for the best. Thanks.
OK, I am uploading the NMU (diff since 1.6-40 attached) immediately.
Thank you for your work in putting the patch together!
best regards,
--
Kevin B. McCarty <[EMAIL PROTECTED]> Physics Department
WWW: http://www.princeton.edu/~kmccarty/ Princeton University
GPG: public key ID 4F83C751 Princeton, NJ 08544
diff -ur john-1.6.old/debian/README john-1.6/debian/README
--- john-1.6.old/debian/README 2007-03-14 17:26:41.000000000 -0400
+++ john-1.6/debian/README 2007-03-14 13:11:44.388616615 -0400
@@ -8,7 +8,7 @@
and run until either all passwords were found or it wasn't able to
crack them.
- So starting with this version of the package (1.6.19) the new cronjob
+ So starting with version 1.6-19 of the package, the new cronjob
is a lot more flexible. The system administrator will now be able to
define when to start the cronjob and how long it should run daily. The
cronjob will then be automatically stopped after that time and the
@@ -18,17 +18,12 @@
of the password file, you need to remove the file
/var/lib/john/restore.
- The package ugrade already installed the new cronjob and offered to
- remove the old cronjob. In case that you let the package upgrade remove
- the old cronjob, you now need to edit the file /etc/cron.d/john to
- define at which time the cronjob shall be started and at which time it
+ The package upgrade already installed the new cronjob and removed the
+ old one. If you want the new cronjob to run, you must uncomment the
+ active lines from /etc/cron.d/john; you might also modify it to
+ change at which time the cronjob shall be started and at which time it
should be stopped.
- In case that you didn't allow the package upgrade to remove the old
- cronjob, you will need to remove the file /etc/cron.daily/john
- manually. You can then also edit the file /etc/cron.d/john as described
- in the paragraph above.
-
The new cronjob will only be started after you edited /etc/cron.d/john.
If you don't edit the file, the cronjob will not be started and you can
run john from the command line.
diff -ur john-1.6.old/debian/changelog john-1.6/debian/changelog
--- john-1.6.old/debian/changelog 2007-03-14 17:26:41.000000000 -0400
+++ john-1.6/debian/changelog 2007-03-14 17:06:55.879739617 -0400
@@ -1,3 +1,29 @@
+john (1.6-40.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * High-urgency for RC bugfix.
+ * The following bug fixes are mostly cherry-picked from an omnibus patch
+ by Justin Pryzby <[EMAIL PROTECTED]>:
+ * Complete rewrite of maintainer scripts to neither remove nor edit
+ conffiles (Closes: #375850)
+ - the debconf settings are not necessary for package operation,
+ so just don't use debconf, and remove debconf-related files from
+ debian directory (incidentally closes: #412797)
+ - preserves settings in preinst, rather than moving conffiles to
+ foo.old
+ - do the conffile relocation in preinst (not postinst, which
+ inhibits dpkg diffs when they should be displayed)
+ - the cronjob in /etc/cron.d does nothing if the executable isn't
+ +x, so doesn't need to be commented out on uninstallation
+ - minor edits to debian/README to reflect these changes
+ * Set /var/run/john to mode 0700 in postinst configure unless a
+ dpkg-statoverride exists (Closes: #403855)
+ * On uninstallation, remove restore file from /var/lib, not /usr/share;
+ and do so in postrm remove, not prerm remove. On upgrade, if restore
+ file exists in /usr/share but not in /var/lib, move it in postinst.
+
+ -- Kevin B. McCarty <[EMAIL PROTECTED]> Wed, 14 Mar 2007 17:06:16 -0400
+
john (1.6-40) unstable; urgency=low
* debian/control: updated my e-mail address.
Only in john-1.6.old/debian: config
diff -ur john-1.6.old/debian/control john-1.6/debian/control
--- john-1.6.old/debian/control 2007-03-14 17:26:41.000000000 -0400
+++ john-1.6/debian/control 2007-03-14 13:03:53.676373234 -0400
@@ -4,11 +4,11 @@
Maintainer: Guilherme de S. Pastore <[EMAIL PROTECTED]>
Uploaders: Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]>
Standards-Version: 3.6.2
-Build-Depends: cdbs, debhelper (>= 4.1.16), po-debconf
+Build-Depends: cdbs, debhelper (>= 4.1.16)
Package: john
Architecture: any
-Depends: ${shlibs:Depends}, dpkg (>= 1.10.16), debconf | debconf-2.0
+Depends: ${shlibs:Depends}, dpkg (>= 1.10.16)
Suggests: wenglish | wordlist
Description: active password cracking tool
john, mostly known as John the Ripper, is a tool designed to help systems
Only in john-1.6.old/debian: po
diff -ur john-1.6.old/debian/postinst john-1.6/debian/postinst
--- john-1.6.old/debian/postinst 2007-03-14 17:26:41.000000000 -0400
+++ john-1.6/debian/postinst 2007-03-14 17:06:11.073205520 -0400
@@ -1,61 +1,66 @@
#!/bin/sh
+set -e
-# Let's make a smooth transition for the conffiles
-if [ $1 = "configure" ] && dpkg --compare-versions "$2" le 1.6-27; then
- for file in john.ini john-mail.conf john-mail.msg; do
- if [ -f "/etc/$file" ]; then
- mv /etc/$file /etc/john
+# Versions earlier than 1.6-34 and later than (perhaps) 1.6-19 include
+# /var/run/john as mode 0755, which could allow users to read cracked
+# passwords. Later versions fixed the permissions of the included
+# directory, but dpkg doesn't automatically make changes to directory
+# modes.
+fixperms ()
+{
+ p=/var/run/john
+ # If the admin has an override, don't touch it
+ # (even if the override is to mode 0700?)
+ dpkg-statoverride --list $p >/dev/null && return
+ curmod=`stat -c %a $p`
+ [ $(( 0$curmod & 07077 )) -eq 0 ] && return
+ chmod -v 0700 $p
+}
+
+# Commit conffile move from preinst
+rm_conffile_do ()
+{
+ c=0
+ # a=1 is a search if the files exist,
+ # a=2 is removal of those which do
+ for a in 1 2; do
+ for f in john-mail.conf john-mail.msg john.ini; do
+ g=/etc/$f.moved_by_preinst
+ [ -e $g ] || continue
+ c=$(( $c + 1 ))
+ [ "$a" -eq 1 ] && break
+ echo -n " "
+ rm -fv $g
+ done
+
+ [ "$c" -eq 0 ] && return
+ [ "$a" -eq 1 ] || continue
+ echo "Committing removal of unmodified conffiles:"
+ done >&2
+}
+
+case $1 in
+configure|abort-upgrade|abort-remove|abort-deconfigure)
+ fixperms
+ rm_conffile_do
+
+ # this state file has moved to /var/lib/john quite some time ago
+ old=/usr/share/john/restore
+ new=/var/lib/john/restore
+
+ if [ -e $old ] ; then
+ if [ -e $new ] ; then
+ rm -f $old
+ else
+ mv -f $old $new
+ fi
fi
- done
-fi
+ ;;
-CONFFILE='/etc/john/john.conf'
-# Source debconf library
-if [ -f /usr/share/debconf/confmodule ]; then
- . /usr/share/debconf/confmodule
-
- db_get john/cronjob-replacement || RET="true"
- if [ "$RET" = "true" ]; then
- if [ -f /etc/cron.daily/john ] && [ ! -L /etc/cron.daily/john ]; then
- rm /etc/cron.daily/john
- fi
- fi
-
-# Set the cronjob
- db_get john/cronjob ; INSTCRON="$RET"
- cronfile=/etc/cron.d/john
- tmp=`tempfile`
- if [ "$INSTCRON" = "true" ] && [ -f $cronfile ]; then
- cat $cronfile | sed -e 's/^#00/00/' >$tmp
- mv $tmp $cronfile
- else
- # We have two options here, leave the file as it is (the user
- # might have modified it) or revert the previous change. I'm
- # opting for the second case to make the debconf operation
- # idempotent (jfs)
- if [ -f $cronfile ] ; then
- cat $cronfile | sed -e 's/^00/#00/' >$tmp
- mv $tmp $cronfile
- else
- rm $tmp
- fi
- fi
-
- # This could be improved to be a choice list of installed dictionaries
- # at /usr/share/dict/. However this is much more versatile (since the
- # admin can download wordlist from any sources and have them added here)
- # This could be done by reading the files and using db_subst in
- # a choice list template BTW (jfs)
- db_get john/wordlist; WORDLIST="$RET"
- if [ -f "$WORDLIST" ] ; then
- if [ -f "$CONFFILE" ] ; then
- TEMPFILE=`tempfile -d /etc/ -m 644`
- # Warn: Wordlist contains / so we use ',' instead, if the
- # user uses ',' the script will break (he shouldnt do that)
- sed -e "s,^Wordfile = .*,Wordfile = $WORDLIST," $CONFFILE >$TEMPFILE
- mv $TEMPFILE $CONFFILE
- fi
- fi
-fi
+*)
+ echo "$0: undocumented call $@" >&2
+ exit 1
+ ;;
+esac
-#DEBHELPER#
\ No newline at end of file
+#DEBHELPER#
diff -ur john-1.6.old/debian/postrm john-1.6/debian/postrm
--- john-1.6.old/debian/postrm 2007-03-14 17:26:41.000000000 -0400
+++ john-1.6/debian/postrm 2007-03-14 16:31:45.104821115 -0400
@@ -1,16 +1,61 @@
-#!/bin/sh -e
+#!/bin/sh
+set -e
-if [ "$1" = purge ]; then
- if [ -e /usr/share/debconf/confmodule ]; then
- . /usr/share/debconf/confmodule
- db_purge
- fi
-
- for location in /var/lib/john /etc/john /var/run/john; do
- if [ -d $location ]; then
- find $location -type f | xargs rm -f
+# Revert relocation of a conffile from one location to another.
+# The forward path is preinst install|upgrade.
+# $1 is the original pathname of the conffile,
+# $2 is the pathname of the current conffile.
+unmv_conffile ()
+{
+ if [ -e "$1" ] ; then
+ echo "Not reverting conffile relocation to $2;"
+ echo "original pathname $1 exists."
+ elif [ -e "$1.moved_by_preinst" ] ; then
+ echo "Reverting removal of unmodified conffile:"
+ echo -n " "
+ mv -v "$1.moved_by_preinst" "$1"
+ elif [ -e "$2" ] ; then
+ echo "Reverting relocation of modified conffile to original
location:"
+ echo -n " "
+ mv -fv $2 $1
+ fi >&2
+}
+
+case $1 in
+disappear|remove)
+ # These are the restore and cracked-password file used by the
+ # cronjob for attacking the system password file for a short
+ # period each day:
+ d=/var/lib/john
+ rm -f $d/restore $d/john.pot
+ d=/var/run/john
+# FIXME: this is configurable...
+ rm -f $d/john.pid $d/cronpasswd.*
+ ;;
+
+abort-install|abort-upgrade)
+ # Revert relocation of conffiles:
+ p1=/etc
+ p2=/etc/john
+ if dpkg --compare-versions "$2" le-nl 1.6-27; then
+ unmv_conffile $p1/john.ini $p2/john.conf
+ unmv_conffile $p1/john-mail.conf $p2/john-mail.conf
+ unmv_conffile $p1/john-mail.msg $p2/john-mail.msg
+
+ # "Display the warning, but don't fail if nonempty":
+ rmdir $p2 || rmdir --ignore-fail-on-non-empty $p2
fi
- done
-fi
+ ;;
+
+purge|upgrade|failed-upgrade)
+ # These cases need no actions here
+ :
+ ;;
+
+*)
+ echo "$0: undocumented call: $@" >&2
+ exit 1
+ ;;
+esac
#DEBHELPER#
diff -ur john-1.6.old/debian/preinst john-1.6/debian/preinst
--- john-1.6.old/debian/preinst 2007-03-14 17:26:41.000000000 -0400
+++ john-1.6/debian/preinst 2007-03-14 16:33:35.821422362 -0400
@@ -1,11 +1,63 @@
-#!/bin/sh -e
+#!/bin/sh
+set -e
-if [ $1 = "upgrade" ] && dpkg --compare-versions "$2" le 1.6-27; then
- for file in john.conf john-mail.conf john-mail.msg; do
- if [ -e "/etc/john/$file"]; then
- mv /etc/john/$file /etc/john/$file.old
+dpkgstat=/var/lib/dpkg/status
+
+# Relocate a conffile from one location to another; it is removed iff
+# unmodified, and moved iff modified.
+# The undo path is postrm abort-install|abort-upgrade.
+# $1 is the old pathname of the conffile,
+# $2 is the new pathname of the conffile.
+mv_conffile ()
+{
+ [ ! -f "$1" ] && return
+ if [ -e "$2" ] ; then
+ echo "Not moving conffile $1 to $2; new file exists"
+ return
fi
- done
-fi
+
+ orgmd5=`sed -nre "/^Conffiles:/,/^[^ ]/{ \\'$1' {s///; s/^ *//; s/
.*//; p;}}" $dpkgstat`
+ curmd5=`md5sum $1 |sed -e 's/ .*//'`
+ if [ "$orgmd5" = "$curmd5" ]; then
+ # conffile unmodified; prepare to remove it, allowing
+ # dpkg to install a new copy to the new location
+ # before "configuration"
+ echo "Preparing to remove unmodified conffile:"
+ echo -n " "
+ mv -fv $1 $1.moved_by_preinst
+ else
+ # conffile modified by admin; relocate it, causing
+ # dpkg to prompt, as intended
+ echo "Relocating modified conffile to new location:"
+ echo -n " "
+ mv -fv $1 $2
+ fi >&2
+}
+
+p1=/etc
+p2=/etc/john
+case $1 in
+install|upgrade)
+ [ -d $p2 ] || mkdir $p2
+ if dpkg --compare-versions "$2" le-nl 1.6-27; then
+ mv_conffile $p1/john.ini $p2/john.conf
+ mv_conffile $p1/john-mail.conf $p2/john-mail.conf
+ mv_conffile $p1/john-mail.msg $p2/john-mail.msg
+
+ # No need to remove the obsolete conffile
+ # /etc/cron.daily/john, since old prerm does so
+ # unconditionally (and there is nothing we can do to stop it)
+ fi
+ ;;
+
+abort-upgrade)
+ # This case needs no actions here
+ ;;
+
+*)
+ echo "$0: undocumented call: $@"
+ exit 1
+ ;;
+esac
#DEBHELPER#
diff -ur john-1.6.old/debian/prerm john-1.6/debian/prerm
--- john-1.6.old/debian/prerm 2007-03-14 17:26:41.000000000 -0400
+++ john-1.6/debian/prerm 2007-03-14 13:03:53.683371750 -0400
@@ -1,22 +1,20 @@
#!/bin/sh
+set -e
-# Remove runtime file when purging john.
+case $1 in
+remove)
+ /usr/share/john/cronjob stop
+ ;;
-if [ "$1" = "remove" ]; then
- . /usr/share/debconf/confmodule
- rm -f /usr/share/john/restore
-# Also deinstall the cronjob since it will not be working properly
- db_get john/cronjob ; INSTCRON="$RET"
- cronfile=/etc/cron.d/john
- tmp=`tempfile`
-# If the user enabled the cronjob through debconf remove it, otherwise
-# keep it as it is since it is a local change.
- if [ "$INSTCRON" = "true" ]; then
- cat $cronfile | sed -e 's/^00/#00/' >$tmp
- mv $tmp $cronfile || rm $tmp
- fi
-fi
+upgrade|failed-upgrade|deconfigure)
+ # These cases need no actions here
+ :
+ ;;
-#DEBHELPER#
+*)
+ echo "$0: undocumented call: $@" >&2
+ exit 1
+ ;;
+esac
-exit 0
+#DEBHELPER#
Only in john-1.6.old/debian: templates
