Bug#649463: libpam-rsa: diff for NMU version 0.8-9-2.3

Tue, 13 Mar 2012 10:33:20 -0700 

On Tue, 13 Mar 2012 00:15:45 +0100, Jakub Wilk wrote:

> (I'm not the maintainer, just a neutral observer.)

Thanks for your feedback!
 
> >-O=${OPENSSL-openssl}
> >-CF=${PAMRSAKPCNF-/etc/security/pamrsakp.cnf}
> >+O=${OPENSSL:-openssl}
> >+CF=${PAMRSAKPCNF:-/etc/security/pamrsakp.cnf}
> Why? This is not explained in the changelog.

Right, I forgot to mention it.

I changed it because I thought first that this was the reason for the
problem, and because I didn't find the syntax in bash(1).

Apparently it works nevertheless:

$ unset OPENSSL; O=${OPENSSL-openssl}; echo $O
openssl

$ OPENSSL=foo; O=${OPENSSL-openssl}; echo $O
foo

> >-    PRIVKEY=`echo -n ${USER} | ${O} dgst -sha1 | cut -b -8`.pem
> >+    PRIVKEY=`echo -n ${USER} | shasum -a 1 -t | cut -b -8`.pem
> Any reason for not using sha1sum (which is in coreutils at least
> since lenny)?

Just that perl's shasum came to my mind earlier :)


Ok, NMU cancelled, first hunk reverted, shasum replaced with sha1sum,
dependency on perl removed again, re-uploaded to DELAYED/1.

New diff attached.

Cheers,
gregor 
 
-- 
 .''`.  Homepage: http://info.comodo.priv.at/ - OpenPGP key 0xBB3A68018649AA06
 : :' : Debian GNU/Linux user, admin, and developer  -  http://www.debian.org/
 `. `'  Member of VIBE!AT & SPI, fellow of the Free Software Foundation Europe
   `-   NP: Element of Crime: You shouldn't be lonely

--- libpam-rsa-0.8-9/debian/changelog
+++ libpam-rsa-0.8-9/debian/changelog
@@ -1,3 +1,12 @@
+libpam-rsa (0.8-9-2.3) unstable; urgency=low
+
+  * Non-maintainer upload.
+  * Fix "code to hash hostname and username is broken": openssl output has
+    changed, use sha1sum from coreutils in the pamrsakp script.
+    (Closes: #649463)
+
+ -- gregor herrmann <[email protected]>  Tue, 13 Mar 2012 18:19:53 +0100
+
 libpam-rsa (0.8-9-2.2) unstable; urgency=low
 
   * Non-maintainer upload.
only in patch2:
unchanged:
--- libpam-rsa-0.8-9.orig/script/pamrsakp
+++ libpam-rsa-0.8-9/script/pamrsakp
@@ -46,7 +46,7 @@
 
 
 if [ x${HASHTYPE} = "xsha1" ]; then
-	PRIVKEY=`echo -n ${USER} | ${O} dgst -sha1 | cut -b -8`.pem
+	PRIVKEY=`echo -n ${USER} | sha1sum -t | cut -b -8`.pem
 elif [ x${HASHTYPE} = "xnone" ]; then
 	PRIVKEY=${USER}.pem
 else 
@@ -60,7 +60,7 @@
 fi
 
 
-HOSTHASH=`echo -n ${TARGETHOST} | ${O} dgst -sha1 | cut -b -8`
+HOSTHASH=`echo -n ${TARGETHOST} | sha1sum -t | cut -b -8`
 
 
 # Create the public and private key directories if they do not exist

Attachment: signature.asc
Description: Digital signature

Reply via email to