Bug#859054: libpam-ssh: Please migrate to openssl1.1 in buster

2018-12-18 Thread John Stamp 
On 05/22/18 08:52 PM, Jerome BENOIT wrote:
> Hello,
> 
> 
> 
> On 22/05/18 23:52, Moritz Muehlenhoff wrote:
> > Hi Jerome,
> > 
> > On Fri, Oct 13, 2017 at 07:05:26PM +0400, Jerome BENOIT wrote:
> >> Dear Sebastian, thanks for your warning.
> >>
> >> The amount of change might be too heavy for me.
> >> Second, pam_ssh seems no more maintained.
> >>
> >> I have just contacted the upstream maintainer.
> > 
> > Did you get a reply?
> 
> No.
> 
> I will have a look if time permit.
> And, of course, any patch is welcome.
> 
> Cheers,
> Jerome

OpenSUSE has an OpenSSL 1.1 patch in their package:

  
https://build.opensuse.org/package/view_file/openSUSE:Factory/pam_ssh/pam_ssh-openssl11.patch

Changelog here:

  https://build.opensuse.org/request/show/547009

I'm attaching the patch.  It will try to modify `configure' which isn't
in Debian's source tarball, but if you remove that bit, it applies
cleanly.  It seems to work OK on my locally-built package.

John

===
Index: pam_ssh-2.1/cipher.c
===
--- pam_ssh-2.1.orig/cipher.c	2015-05-03 13:30:39.0 +0200
+++ pam_ssh-2.1/cipher.c	2017-11-30 15:31:05.770390639 +0100
@@ -326,26 +326,26 @@ cipher_init(struct sshcipher_ctx *cc, co
 	return SSH_ERR_INVALID_ARGUMENT;
 #else
 	type = (*cipher->evptype)();
-	EVP_CIPHER_CTX_init(&cc->evp);
-	if (EVP_CipherInit(&cc->evp, type, NULL, (u_char *)iv,
+	cc->evp = EVP_CIPHER_CTX_new();
+	if (EVP_CipherInit(cc->evp, type, NULL, (u_char *)iv,
 	(do_encrypt == CIPHER_ENCRYPT)) == 0) {
 		ret = SSH_ERR_LIBCRYPTO_ERROR;
 		goto bad;
 	}
 	if (cipher_authlen(cipher) &&
-	!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_SET_IV_FIXED,
+	!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_IV_FIXED,
 	-1, (u_char *)iv)) {
 		ret = SSH_ERR_LIBCRYPTO_ERROR;
 		goto bad;
 	}
-	klen = EVP_CIPHER_CTX_key_length(&cc->evp);
+	klen = EVP_CIPHER_CTX_key_length(cc->evp);
 	if (klen > 0 && keylen != (u_int)klen) {
-		if (EVP_CIPHER_CTX_set_key_length(&cc->evp, keylen) == 0) {
+		if (EVP_CIPHER_CTX_set_key_length(cc->evp, keylen) == 0) {
 			ret = SSH_ERR_LIBCRYPTO_ERROR;
 			goto bad;
 		}
 	}
-	if (EVP_CipherInit(&cc->evp, NULL, (u_char *)key, NULL, -1) == 0) {
+	if (EVP_CipherInit(cc->evp, NULL, (u_char *)key, NULL, -1) == 0) {
 		ret = SSH_ERR_LIBCRYPTO_ERROR;
 		goto bad;
 	}
@@ -358,14 +358,14 @@ cipher_init(struct sshcipher_ctx *cc, co
 			ret = SSH_ERR_ALLOC_FAIL;
 			goto bad;
 		}
-		ret = EVP_Cipher(&cc->evp, discard, junk, cipher->discard_len);
+		ret = EVP_Cipher(cc->evp, discard, junk, cipher->discard_len);
 		explicit_bzero(discard, cipher->discard_len);
 		free(junk);
 		free(discard);
 		if (ret != 1) {
 			ret = SSH_ERR_LIBCRYPTO_ERROR;
  bad:
-			EVP_CIPHER_CTX_cleanup(&cc->evp);
+			EVP_CIPHER_CTX_cleanup(cc->evp);
 			return ret;
 		}
 	}
@@ -412,33 +412,33 @@ cipher_crypt(struct sshcipher_ctx *cc, u
 		if (authlen != cipher_authlen(cc->cipher))
 			return SSH_ERR_INVALID_ARGUMENT;
 		/* increment IV */
-		if (!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_IV_GEN,
+		if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
 		1, lastiv))
 			return SSH_ERR_LIBCRYPTO_ERROR;
 		/* set tag on decyption */
 		if (!cc->encrypt &&
-		!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_SET_TAG,
+		!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_SET_TAG,
 		authlen, (u_char *)src + aadlen + len))
 			return SSH_ERR_LIBCRYPTO_ERROR;
 	}
 	if (aadlen) {
 		if (authlen &&
-		EVP_Cipher(&cc->evp, NULL, (u_char *)src, aadlen) < 0)
+		EVP_Cipher(cc->evp, NULL, (u_char *)src, aadlen) < 0)
 			return SSH_ERR_LIBCRYPTO_ERROR;
 		memcpy(dest, src, aadlen);
 	}
 	if (len % cc->cipher->block_size)
 		return SSH_ERR_INVALID_ARGUMENT;
-	if (EVP_Cipher(&cc->evp, dest + aadlen, (u_char *)src + aadlen,
+	if (EVP_Cipher(cc->evp, dest + aadlen, (u_char *)src + aadlen,
 	len) < 0)
 		return SSH_ERR_LIBCRYPTO_ERROR;
 	if (authlen) {
 		/* compute tag (on encrypt) or verify tag (on decrypt) */
-		if (EVP_Cipher(&cc->evp, NULL, NULL, 0) < 0)
+		if (EVP_Cipher(cc->evp, NULL, NULL, 0) < 0)
 			return cc->encrypt ?
 			SSH_ERR_LIBCRYPTO_ERROR : SSH_ERR_MAC_INVALID;
 		if (cc->encrypt &&
-		!EVP_CIPHER_CTX_ctrl(&cc->evp, EVP_CTRL_GCM_GET_TAG,
+		!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_GET_TAG,
 		authlen, dest + aadlen + len))
 			return SSH_ERR_LIBCRYPTO_ERROR;
 	}
@@ -471,7 +471,7 @@ cipher_cleanup(struct sshcipher_ctx *cc)
 	else if ((cc->cipher->flags & CFLAG_AESCTR) != 0)
 		explicit_bzero(&cc->ac_ctx, sizeof(cc->ac_ctx));
 #ifdef WITH_OPENSSL
-	else if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
+	else if (EVP_CIPHER_CTX_cleanup(cc->evp) == 0)
 		return SSH_ERR_LIBCRYPTO_ERROR;
 #endif
 	return 0;
@@ -518,7 +518,7 @@ cipher_get_keyiv_len(const struct sshcip
 		ivlen = 0;
 #ifdef WITH_OPENSSL
 	else
-		ivlen = EVP_CIPHER_CTX_iv_length(&cc->evp);
+		ivlen = EVP_CIPHER_CTX_iv_length(cc->evp);
 #endif

Bug#524584: lastfm_1:1.5.1.31879.dfsg-2(mips/unstable): FTBFS on mips

2009-04-18 Thread John Stamp 
There are only a few minor changes between -1 and -2, and mips 
successfully completed a bin-NMU of -1+b2 on March 11.

Here's the relevant snippet from the build of -1+b2:

> /usr/bin/uic-qt4 confirmdialog.ui -o ../../build/ui_confirmdialog.h
> g++ -c -pipe -g -O2 -g -Wall -O2 -w -D_REENTRANT -fPIC -DNBREAKPAD
> -DLINUX -DQT_NO_DEBUG -DQT_GUI_LIB -DQT_NETWORK_LIB -DQT_CORE_LIB
> -DQT_SHARED -I/usr/share/qt4/mkspecs/linux-g++ -I.
> -I/usr/include/qt4/QtCore -I/usr/include/qt4/QtCore
> -I/usr/include/qt4/QtNetwork -I/usr/include/qt4/QtNetwork
> -I/usr/include/qt4/QtGui -I/usr/include/qt4/QtGui -I/usr/include/qt4
> -I. -I../libUnicorn -I../../src -I../../build
> -I../../build/Moose/release -I../../build
> -o ../../build/Moose/release/confirmdialog.o confirmdialog.cpp

And the same section just before the errors that you cited for -2:

> /usr/bin/uic-qt4 confirmdialog.ui -o ../../../../ui_confirmdialog.h
> g++ -c -pipe -g -O2 -g -Wall -O2 -w -D_REENTRANT -fPIC -DNBREAKPAD
> -DLINUX -DQT_NO_DEBUG -DQT_GUI_LIB -DQT_NETWORK_LIB -DQT_CORE_LIB
> -DQT_SHARED -I/usr/share/qt4/mkspecs/linux-g++ -I.
> -I/usr/include/qt4/QtCore -I/usr/include/qt4/QtCore
> -I/usr/include/qt4/QtNetwork -I/usr/include/qt4/QtNetwork
> -I/usr/include/qt4/QtGui -I/usr/include/qt4/QtGui -I/usr/include/qt4
> -I/src/libMoose -I/src/libUnicorn -I/src -I/build
> -I../../../../Moose/release -I/build
> -o ../../../../Moose/release/confirmdialog.o confirmdialog.cpp

As you can see, a number of include and destination paths are broken.  
e.g.:
  -I/src/libMoose -I/src/libUnicorn -I/src -I/build

I suspect the problem is related to lastfm's definitions.pro.inc, where 
it defines:

ROOT_DIR = $$system( pwd )

and proceeds from there:

BIN_DIR = $$ROOT_DIR/bin
DESTDIR = $$BIN_DIR
[...]
INCLUDEPATH += $$ROOT_DIR/src/libMoose $$ROOT_DIR/src/libUnicorn
[...]

Any idea why this now a problem?




-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#516412: knemo: Depends on kicker, kicker going away

2009-02-22 Thread John Stamp 
FYI: A new version compatible with kde4 was just released on kde-apps.




-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#476998: Patch to fix 476998

2008-04-27 Thread John Stamp 
On Sunday 27 April 2008, Kumar Appaiah wrote:
> On Sun, Apr 27, 2008 at 08:28:27AM -0700, John Stamp wrote:
> > > Hi!
> > >
> > > Please find attached a patch to fix this bug by including
> > > zlib1g-dev.
> > >
> > > HTH.
> > >
> > > Kumar
> >
> > Thanks for providing the patch!  I took care of this a few days
> > ago...just waiting for my sponsor to upload.  I'll update the tags.
>
> Henceforth, PLEASE tag bugs as patches to save effort and CPU cycles
> for others. This holds especially for RC bugs.
>
> Thank you.
>
> Kumar

Definitely.  I am very sorry to have caused the wasted effort.

John Stamp




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#476998: Patch to fix 476998

2008-04-27 Thread John Stamp 
On Sunday 27 April 2008, Kumar Appaiah wrote:
> tags 476998 + patch
> thanks
>
> Hi!
>
> Please find attached a patch to fix this bug by including zlib1g-dev.
>
> HTH.
>
> Kumar

Thanks for providing the patch!  I took care of this a few days 
ago...just waiting for my sponsor to upload.  I'll update the tags.

Cheers,

John



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#426955: I can only hear terrible noise instead of music

2007-05-31 Thread John Stamp 
Strange.  I haven't heard of that happening before, but then I 
saw this in one of the forums today:

  http://www.last.fm/forum/34905/_/288262

There are a few more bits of info I'd like:

If you downgrade to 1.1.90-4 that fixes the problem?  Upgrading to 
1:1.1.3.0-3 plays static again?

What card/device does the client report in Tools | Options | Radio?

Please attach ~/.lastfm/playback.log and ~/.lastfm/transcode.log?

Cheers,

John


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]