On Wed, Feb 20, 2019 at 08:51:16AM +0100, Moritz Muehlenhoff wrote:
> On Wed, Feb 20, 2019 at 12:28:48AM +0100, Sebastian Andrzej Siewior wrote:
> > On 2017-10-12 23:44:37 [+0200], To 859...@bugs.debian.org wrote:
> > > this is a remainder about the openssl transition [0]. We really want to
> > > remove libssl1.0-dev from unstable for Buster. I will raise the severity
> > > of this bug to serious in a month. Please react before that happens.
> >
> > There has been no action on pidentd and it is out of testing during
> > soft-freeze. Should there be a RM bug filled? We do have alternative
> > ident daemons in the archive. This package is holding back the removal
> > of openssl 1.0.2 in the archive.
>
> Or alternatively we can simply drop the idecrypt binary package, and remove
> --with-des* from the configure (and the build dep). I doubt anyone really
> uses the DES feature of ident...
Like the attached patch.
Cheers,
Moritz
diff -Nru pidentd-3.0.19.ds1/debian/changelog
pidentd-3.0.19.ds1/debian/changelog
--- pidentd-3.0.19.ds1/debian/changelog 2016-11-25 18:27:16.000000000 +0100
+++ pidentd-3.0.19.ds1/debian/changelog 2019-02-20 23:02:49.000000000 +0100
@@ -1,3 +1,11 @@
+pidentd (3.0.19.ds1-8.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Remove DES support and the idecrypt package, incompatible with
+ OpenSSL 1.1 (Closes: #859553)
+
+ -- Moritz Muehlenhoff <j...@debian.org> Wed, 20 Feb 2019 23:02:49 +0100
+
pidentd (3.0.19.ds1-8) unstable; urgency=medium
* Fix uses-deprecated-compression-for-data-tarball.
diff -Nru pidentd-3.0.19.ds1/debian/control pidentd-3.0.19.ds1/debian/control
--- pidentd-3.0.19.ds1/debian/control 2016-11-25 18:23:17.000000000 +0100
+++ pidentd-3.0.19.ds1/debian/control 2019-02-20 23:02:49.000000000 +0100
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: Anibal Monsalve Salazar <ani...@debian.org>
Standards-Version: 3.9.8
-Build-Depends: autotools-dev, debhelper (>= 7), libssl1.0-dev | libssl-dev (<<
1.1.0~), linux-libc-dev (>= 2.6.16)
+Build-Depends: autotools-dev, debhelper (>= 7), linux-libc-dev (>= 2.6.16)
Homepage: http://www.lysator.liu.se/~pen/pidentd/
Package: pidentd
@@ -14,18 +14,6 @@
Replaces: netstd, pidentd-des (<< 3.0.14)
Priority: optional
Section: net
-Description: TCP/IP IDENT protocol server with DES support
+Description: TCP/IP IDENT protocol server
Identd is a server which implements the TCP/IP proposed standard IDENT user
identification protocol as specified in the RFC 1413 document.
- .
- This package has been built with DES support.
-
-Package: idecrypt
-Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
-Replaces: pidentd-des (<< 3.0.14)
-Priority: optional
-Section: utils
-Description: decrypt an encrypted response from pidentd
- This package contains the idecrypt(8) utility which is used to decrypt
- encrypted responses from a pidentd server with DES encryption turned on.
diff -Nru pidentd-3.0.19.ds1/debian/idecrypt.8
pidentd-3.0.19.ds1/debian/idecrypt.8
--- pidentd-3.0.19.ds1/debian/idecrypt.8 2008-09-23 11:48:19.000000000
+0200
+++ pidentd-3.0.19.ds1/debian/idecrypt.8 1970-01-01 01:00:00.000000000
+0100
@@ -1,50 +0,0 @@
-.\" $Id: idecrypt.8,v 1.1 2000/04/28 22:44:01 herbert Exp $
-.\" Copyright (c) 2000 Herbert Xu <herb...@debian.org>
-.\" This manual page is released into the public domain."
-.TH idecrypt 8 "28 Apr 2000"
-.SH NAME
-idecrypt \- Encrypted IDENT response decryption utility
-.SH SYNOPSIS
-.B idecrypt
-[\fIfile\fR]...
-.SH DESCRIPTION
-.B Idecrypt
-decrypts authentication tokens returned by an
-.BR identd (8)
-server that supports encryption. The tokens can be supplied in
-.IR file ,
-or from the standard input. The decrypted tokens are displayed
-on the standard output.
-.PP
-This program will attempt to decrypt a token with all
-the keys stored in the key file until it succeeds (or have tried
-all the keys).
-.SH FILES
-.TP
-.B /etc/identd.key
-If compiled with
-.I DES
-encryption enabled, the 1024 first bytes of this file is used to specify
-the secret key for encrypting replies.
-.SH AVAILABILITY
-The daemon is free software. You can redistribute it and/or
-modify it as you wish - as long as you don't claim that you wrote
-it.
-.PP
-The source code for the latest version of the daemon can always be
-FTP'd from one of the following addresses:
-.TP 12
-.B Main site:
-ftp://ftp.lysator.liu.se/pub/ident/servers/
-.TP 12
-.B Mirror:
-ftp://ftp.uu.net/networking/ident/servers/
-.PP
-The author can be contacted at:
-.TP 12
-.B Email:
-.B Peter Eriksson <p...@lysator.liu.se>
-.SH "SEE ALSO"
-.BR identd (8)
-,
-.BR ikeygen (8)
diff -Nru pidentd-3.0.19.ds1/debian/idecrypt.dirs
pidentd-3.0.19.ds1/debian/idecrypt.dirs
--- pidentd-3.0.19.ds1/debian/idecrypt.dirs 2008-09-23 11:48:19.000000000
+0200
+++ pidentd-3.0.19.ds1/debian/idecrypt.dirs 1970-01-01 01:00:00.000000000
+0100
@@ -1,2 +0,0 @@
-usr/sbin
-usr/share/man/man8
diff -Nru pidentd-3.0.19.ds1/debian/rules pidentd-3.0.19.ds1/debian/rules
--- pidentd-3.0.19.ds1/debian/rules 2016-06-08 22:50:52.000000000 +0200
+++ pidentd-3.0.19.ds1/debian/rules 2019-02-20 23:02:49.000000000 +0100
@@ -34,8 +34,7 @@
cp -f /usr/share/misc/config.guess aux/config.guess
endif
- ./configure --with-des \
- --with-des-includes=/usr/include/openssl \
+ ./configure --without-des \
--mandir='$${prefix}/share/man' \
--sysconfdir=/etc
@@ -81,9 +80,6 @@
cp etc/identd.conf debian/$(package)/etc
cp debian/ikeygen.8 debian/$(package)/usr/share/man/man8
- mv debian/$(package)/usr/sbin/idecrypt debian/idecrypt/usr/sbin
- cp debian/idecrypt.8 debian/idecrypt/usr/share/man/man8
-
# This single target is used to build all the packages, all at once, or
# one at a time. So keep in mind: any options passed to commands here will
# affect _all_ packages. Anything you want to only affect one package
