On Wed, Feb 20, 2019 at 08:51:16AM +0100, Moritz Muehlenhoff wrote: > On Wed, Feb 20, 2019 at 12:28:48AM +0100, Sebastian Andrzej Siewior wrote: > > On 2017-10-12 23:44:37 [+0200], To 859...@bugs.debian.org wrote: > > > this is a remainder about the openssl transition [0]. We really want to > > > remove libssl1.0-dev from unstable for Buster. I will raise the severity > > > of this bug to serious in a month. Please react before that happens. > > > > There has been no action on pidentd and it is out of testing during > > soft-freeze. Should there be a RM bug filled? We do have alternative > > ident daemons in the archive. This package is holding back the removal > > of openssl 1.0.2 in the archive. > > Or alternatively we can simply drop the idecrypt binary package, and remove > --with-des* from the configure (and the build dep). I doubt anyone really > uses the DES feature of ident...
Like the attached patch. Cheers, Moritz
diff -Nru pidentd-3.0.19.ds1/debian/changelog pidentd-3.0.19.ds1/debian/changelog --- pidentd-3.0.19.ds1/debian/changelog 2016-11-25 18:27:16.000000000 +0100 +++ pidentd-3.0.19.ds1/debian/changelog 2019-02-20 23:02:49.000000000 +0100 @@ -1,3 +1,11 @@ +pidentd (3.0.19.ds1-8.1) unstable; urgency=medium + + * Non-maintainer upload. + * Remove DES support and the idecrypt package, incompatible with + OpenSSL 1.1 (Closes: #859553) + + -- Moritz Muehlenhoff <j...@debian.org> Wed, 20 Feb 2019 23:02:49 +0100 + pidentd (3.0.19.ds1-8) unstable; urgency=medium * Fix uses-deprecated-compression-for-data-tarball. diff -Nru pidentd-3.0.19.ds1/debian/control pidentd-3.0.19.ds1/debian/control --- pidentd-3.0.19.ds1/debian/control 2016-11-25 18:23:17.000000000 +0100 +++ pidentd-3.0.19.ds1/debian/control 2019-02-20 23:02:49.000000000 +0100 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Anibal Monsalve Salazar <ani...@debian.org> Standards-Version: 3.9.8 -Build-Depends: autotools-dev, debhelper (>= 7), libssl1.0-dev | libssl-dev (<< 1.1.0~), linux-libc-dev (>= 2.6.16) +Build-Depends: autotools-dev, debhelper (>= 7), linux-libc-dev (>= 2.6.16) Homepage: http://www.lysator.liu.se/~pen/pidentd/ Package: pidentd @@ -14,18 +14,6 @@ Replaces: netstd, pidentd-des (<< 3.0.14) Priority: optional Section: net -Description: TCP/IP IDENT protocol server with DES support +Description: TCP/IP IDENT protocol server Identd is a server which implements the TCP/IP proposed standard IDENT user identification protocol as specified in the RFC 1413 document. - . - This package has been built with DES support. - -Package: idecrypt -Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends} -Replaces: pidentd-des (<< 3.0.14) -Priority: optional -Section: utils -Description: decrypt an encrypted response from pidentd - This package contains the idecrypt(8) utility which is used to decrypt - encrypted responses from a pidentd server with DES encryption turned on. diff -Nru pidentd-3.0.19.ds1/debian/idecrypt.8 pidentd-3.0.19.ds1/debian/idecrypt.8 --- pidentd-3.0.19.ds1/debian/idecrypt.8 2008-09-23 11:48:19.000000000 +0200 +++ pidentd-3.0.19.ds1/debian/idecrypt.8 1970-01-01 01:00:00.000000000 +0100 @@ -1,50 +0,0 @@ -.\" $Id: idecrypt.8,v 1.1 2000/04/28 22:44:01 herbert Exp $ -.\" Copyright (c) 2000 Herbert Xu <herb...@debian.org> -.\" This manual page is released into the public domain." -.TH idecrypt 8 "28 Apr 2000" -.SH NAME -idecrypt \- Encrypted IDENT response decryption utility -.SH SYNOPSIS -.B idecrypt -[\fIfile\fR]... -.SH DESCRIPTION -.B Idecrypt -decrypts authentication tokens returned by an -.BR identd (8) -server that supports encryption. The tokens can be supplied in -.IR file , -or from the standard input. The decrypted tokens are displayed -on the standard output. -.PP -This program will attempt to decrypt a token with all -the keys stored in the key file until it succeeds (or have tried -all the keys). -.SH FILES -.TP -.B /etc/identd.key -If compiled with -.I DES -encryption enabled, the 1024 first bytes of this file is used to specify -the secret key for encrypting replies. -.SH AVAILABILITY -The daemon is free software. You can redistribute it and/or -modify it as you wish - as long as you don't claim that you wrote -it. -.PP -The source code for the latest version of the daemon can always be -FTP'd from one of the following addresses: -.TP 12 -.B Main site: -ftp://ftp.lysator.liu.se/pub/ident/servers/ -.TP 12 -.B Mirror: -ftp://ftp.uu.net/networking/ident/servers/ -.PP -The author can be contacted at: -.TP 12 -.B Email: -.B Peter Eriksson <p...@lysator.liu.se> -.SH "SEE ALSO" -.BR identd (8) -, -.BR ikeygen (8) diff -Nru pidentd-3.0.19.ds1/debian/idecrypt.dirs pidentd-3.0.19.ds1/debian/idecrypt.dirs --- pidentd-3.0.19.ds1/debian/idecrypt.dirs 2008-09-23 11:48:19.000000000 +0200 +++ pidentd-3.0.19.ds1/debian/idecrypt.dirs 1970-01-01 01:00:00.000000000 +0100 @@ -1,2 +0,0 @@ -usr/sbin -usr/share/man/man8 diff -Nru pidentd-3.0.19.ds1/debian/rules pidentd-3.0.19.ds1/debian/rules --- pidentd-3.0.19.ds1/debian/rules 2016-06-08 22:50:52.000000000 +0200 +++ pidentd-3.0.19.ds1/debian/rules 2019-02-20 23:02:49.000000000 +0100 @@ -34,8 +34,7 @@ cp -f /usr/share/misc/config.guess aux/config.guess endif - ./configure --with-des \ - --with-des-includes=/usr/include/openssl \ + ./configure --without-des \ --mandir='$${prefix}/share/man' \ --sysconfdir=/etc @@ -81,9 +80,6 @@ cp etc/identd.conf debian/$(package)/etc cp debian/ikeygen.8 debian/$(package)/usr/share/man/man8 - mv debian/$(package)/usr/sbin/idecrypt debian/idecrypt/usr/sbin - cp debian/idecrypt.8 debian/idecrypt/usr/share/man/man8 - # This single target is used to build all the packages, all at once, or # one at a time. So keep in mind: any options passed to commands here will # affect _all_ packages. Anything you want to only affect one package