FreeBSD Bugzilla – Attachment 223792 Details for
Bug 254748
security/pidentd: Remove from tree
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for pidentd
remove-pidentd.patch (text/plain), 9.84 KB, created by
Daniel Engberg
on 2021-04-03 20:49:32 UTC
(
hide
)
Description:
Patch for pidentd
Filename:
MIME Type:
Creator:
Daniel Engberg
Created:
2021-04-03 20:49:32 UTC
Size:
9.84 KB
patch
obsolete
>diff --git a/security/Makefile b/security/Makefile >index e698cfd85f78..f173c41e0a8e 100644 >--- a/security/Makefile >+++ b/security/Makefile >@@ -794,7 +794,6 @@ > SUBDIR += php80-sodium > SUBDIR += phpsecinfo > SUBDIR += picosha2 >- SUBDIR += pidentd > SUBDIR += pidgin-encryption > SUBDIR += pidgin-otr > SUBDIR += pinentry >diff --git a/security/pidentd/Makefile b/security/pidentd/Makefile >deleted file mode 100644 >index f5b1833b2fa6..000000000000 >--- a/security/pidentd/Makefile >+++ /dev/null >@@ -1,50 +0,0 @@ >-# Created by: torstenb >-# $FreeBSD$ >- >-PORTNAME= pidentd >-PORTVERSION= 3.0.19 >-PORTREVISION= 4 >-CATEGORIES= security >-MASTER_SITES= ftp://ftp.lysator.liu.se/pub/unix/ident/servers/ \ >- ftp://ftp.stack.nl/pub/users/johans/pidentd/ >- >-PATCH_SITES= ftp://ftp.stack.nl/pub/users/johans/pidentd/ \ >- ftp://mud.stack.nl/pub/pidentd/ >-PATCHFILES= pidentd-${PORTVERSION}-ipv6-20080101.diff.gz >-PATCH_DIST_STRIP= -p0 >- >-MAINTAINER= ports@FreeBSD.org >-COMMENT= RFC1413 identification server >- >-BROKEN_FreeBSD_12= fails to compile: k_freebsd2.c: storage size of 'pcbp' isn't known >-BROKEN_FreeBSD_13= fails to compile: k_freebsd2.c: storage size of 'pcbp' isn't known >- >-CONFLICTS_INSTALL= fakeident-[0-9]* >- >-GNU_CONFIGURE= yes >-USES= ssl >- >-PLIST_FILES= sbin/ibench sbin/identd sbin/idecrypt sbin/ikeygen \ >- man/man8/identd.8.gz man/man8/idecrypt.8.gz >- >-CFLAGS+= -DINCLUDE_CRYPT -DOPENSSL_DES_LIBDES_COMPATIBILITY >-LDFLAGS+= -L${OPENSSLLIB} -lcrypto >- >-post-extract: >- ${CP} ${FILESDIR}/idecrypt.8 ${WRKSRC}/doc/idecrypt.8 >- >-post-patch: >- @${REINPLACE_CMD} \ >- -e 's| /etc/identd.conf| ${PREFIX}/etc/identd.conf|' \ >- -e 's| /etc/identd.key| ${PREFIX}/etc/identd.key|' \ >- ${WRKSRC}/doc/identd.8 ${WRKSRC}/doc/idecrypt.8 >- @${REINPLACE_CMD} -e 's|freebsd.4.7.|freebsd|' ${WRKSRC}/configure >- @${REINPLACE_CMD} -e 's|$$(sbindir)|$${DESTDIR}&|' \ >- -e 's|-m 755|-s &|' ${WRKSRC}/src/Makefile.in >- @${REINPLACE_CMD} -e 's|$$(mandir)|$${DESTDIR}&|' ${WRKSRC}/Makefile.in >- >-post-install: >- ${INSTALL_MAN} -m 644 ${WRKSRC}/doc/idecrypt.8 \ >- ${STAGEDIR}${MANPREFIX}/man/man8 >- >-.include <bsd.port.mk> >diff --git a/security/pidentd/distinfo b/security/pidentd/distinfo >deleted file mode 100644 >index 02f1732008a0..000000000000 >--- a/security/pidentd/distinfo >+++ /dev/null >@@ -1,4 +0,0 @@ >-SHA256 (pidentd-3.0.19.tar.gz) = 4c57574f3f64aca62a852935a17055999f1b6a61ab5b01b6e5201c8887293b30 >-SIZE (pidentd-3.0.19.tar.gz) = 145505 >-SHA256 (pidentd-3.0.19-ipv6-20080101.diff.gz) = 57ac0abd67ef71c8324ec560ce9356c1a8cf1f651a5070e04db3de350a7bff5d >-SIZE (pidentd-3.0.19-ipv6-20080101.diff.gz) = 7931 >diff --git a/security/pidentd/files/idecrypt.8 b/security/pidentd/files/idecrypt.8 >deleted file mode 100644 >index f5de49dfdd34..000000000000 >--- a/security/pidentd/files/idecrypt.8 >+++ /dev/null >@@ -1,94 +0,0 @@ >-.TH IDECRYPT 8 "19 May 1996" >-.SH NAME >-idecrypt \- Decrypt tokens obtained from identd >-.SH SYNOPSIS >-.B idecrypt >-.SH DESCRIPTION >-.B idecrypt >-is a utility for decrypting the encrypted tokens that >-.BR identd (8) >-provided instead of usernames when it is >-run in encrypted-token mode (that is, with the >-.B \-C >-flag). >-.PP >-.B idecrypt >-reads up to 1024 lines from the >-.B /etc/identd.key >-file, converting each line to a DES key using >-.BR des_string_to_key (3). >-It then reads standard input, searching for encrypted tokens >-in the format produced by >-.BR identd (8), >-decrypts the tokens if possible, and copies all unrecognised text from >-standard input to standard output without modification. >-.PP >-If more than one key appears in the key file, then >-.BR identd (8) >-will use the first key for encryption, and >-.B idecrypt >-will attempt to use all the keys for decryption. >-This allows new keys to be used by >-.BR identd (8) >-without losing the ability for >-.B idecrypt >-to decrypt old tokens (until there are more than 1024 keys in the key file). >-.PP >-Each encrypted token consists of 32 base64 characters, enclosed in >-square brackets. To make it easier to process logs generated by >-versions of >-.B tcpd (8) >-that convert the square brackets to underlines, >-.B idecrypt >-permits underline characters instead of square brackets >-in its input. >-.PP >-.BR idecrypt 's >-output from decrypting each token is a human readable string >-containing the timestamp (displayed as a local time in >-.BR ctime (3) >-format), the numeric uid, the local IP address, the local port number, >-the remote IP address and the remote port number. >-.SH EXAMPLE >-Suppose that the local host has IP address 10.2.3.4, the local >-.B /etc/identd.key >-file contains >-.PP >-foobar >-.PP >-and the local host is running the >-.BR identd (8) >-server in encrypted-token mode. >-.PP >-Now, if a local user >-with uid 501 telnets to a remote host with IP address 10.9.8.7, >-the remote host may choose to make an ident query back to the >-local host, in order to obtain some information to be logged for >-possible use later. The local >-.BR identd (8) >-might send the following encrypted token to the remote host >-instead of sending a username: >-.PP >-[aALdNYxh2496K4DDTel2Nk0Jzj5mRbok] >-.PP >-If the administrator of the remote host later provides the administrator >-of the local host with a copy of the encrypted token, and if >-the secret key has not been removed from the local >-.B /etc/identd.key >-file, then the administrator of the local host can run >-.B idecrypt >-and can provide the encrypted token in standard input. >-.PP >-.B idecrypt >-will then print the following decrypted information: >-.PP >-Sun May 19 00:25:23 1996 501 10.2.3.4 2304 10.9.8.7 23 >-.PP >-This represents the time the encrypted token was created, >-the local user id, the local IP address and port number, and the >-remote IP address and port number. >-.SH SEE ALSO >-.BR identd (8) >-.BR tcpd (8) >-.SH BUGS >-The handling of fatal errors could be better. >diff --git a/security/pidentd/files/patch-src_idecrypt.c b/security/pidentd/files/patch-src_idecrypt.c >deleted file mode 100644 >index 7d3d2624ebf1..000000000000 >--- a/security/pidentd/files/patch-src_idecrypt.c >+++ /dev/null >@@ -1,46 +0,0 @@ >---- src/idecrypt.c.orig 2015-02-28 20:14:56.633084000 +0100 >-+++ src/idecrypt.c 2015-02-28 20:19:20.661476344 +0100 >-@@ -100,8 +100,8 @@ >- char buf1[40], buf2[40]; >- struct sockaddr_gen ip_local, ip_remote; >- int keyfile_fd; >-- des_cblock key_bin; >-- des_key_schedule sched; >-+ DES_cblock key_bin; >-+ DES_key_schedule sched; >- static char readable[256]; >- >- >-@@ -118,8 +118,8 @@ >- while (read(keyfile_fd, keybuf, sizeof(keybuf)-1) == sizeof(keybuf)-1) >- { >- keybuf[sizeof(keybuf)-1] = '\0'; >-- des_string_to_key(keybuf, &key_bin); >-- des_set_key(&key_bin, sched); >-+ DES_string_to_key(keybuf, &key_bin); >-+ DES_set_key(&key_bin, &sched); >- >- count = (len == 32) ? 24 : 48; >- for (i = 0, j = 0; i < count; i += 3, j += 4) >-@@ -131,15 +131,15 @@ >- >- count = (len == 32) ? 2 : 8; >- for (i = count; i >= 0; i -= 2) { >-- des_ecb_encrypt((des_cblock *)&(r.longs[i+2]), >-- (des_cblock *)&(r.longs[i+2]), >-- sched, DES_DECRYPT); >-+ DES_ecb_encrypt((DES_cblock *)&(r.longs[i+2]), >-+ (DES_cblock *)&(r.longs[i+2]), >-+ &sched, DES_DECRYPT); >- r.longs[i+2] ^= r.longs[i ]; >- r.longs[i+3] ^= r.longs[i+1]; >- } >-- des_ecb_encrypt((des_cblock *)&(r.longs[0]), >-- (des_cblock *)&(r.longs[0]), >-- sched, DES_DECRYPT); >-+ DES_ecb_encrypt((DES_cblock *)&(r.longs[0]), >-+ (DES_cblock *)&(r.longs[0]), >-+ &sched, DES_DECRYPT); >- >- count = (len == 32) ? 6 : 12; >- for (i = 1; i < count; i++) >diff --git a/security/pidentd/files/patch-src_pides.c b/security/pidentd/files/patch-src_pides.c >deleted file mode 100644 >index d102e7053918..000000000000 >--- a/security/pidentd/files/patch-src_pides.c >+++ /dev/null >@@ -1,52 +0,0 @@ >---- src/pdes.c.orig 2015-02-28 20:14:56.633084000 +0100 >-+++ src/pdes.c 2015-02-28 20:17:14.869504878 +0100 >-@@ -46,7 +46,7 @@ >- >- >- >--static des_key_schedule sched; >-+static DES_key_schedule sched; >- >- >- >-@@ -55,7 +55,7 @@ >- { >- char keybuf[1024+1]; >- int fd, res; >-- des_cblock key_bin; >-+ DES_cblock key_bin; >- >- >- if (keyfile == NULL) >-@@ -100,8 +100,8 @@ >- } >- >- keybuf[sizeof(keybuf)-1] = '\0'; >-- des_string_to_key(keybuf, &key_bin); >-- des_set_key(&key_bin, sched); >-+ DES_string_to_key(keybuf, &key_bin); >-+ DES_set_key(&key_bin, &sched); >- >- return 0; >- } >-@@ -162,16 +162,16 @@ >- for (i = 1; i < count; i++) >- r.longs[0] ^= r.longs[i]; >- >-- des_ecb_encrypt((des_cblock *)&(r.longs[0]), (des_cblock *)&(r.longs[0]), >-- sched, DES_ENCRYPT); >-+ DES_ecb_encrypt((DES_cblock *)&(r.longs[0]), (DES_cblock *)&(r.longs[0]), >-+ &sched, DES_ENCRYPT); >- >- count = (family == AF_INET) ? 4 : 10; >- for (i = 0; i < count; i += 2) { >- r.longs[i+2] ^= r.longs[i ]; >- r.longs[i+3] ^= r.longs[i+1]; >- >-- des_ecb_encrypt((des_cblock *)&(r.longs[i+2]), >-- (des_cblock *)&(r.longs[i+2]), sched, DES_ENCRYPT); >-+ DES_ecb_encrypt((DES_cblock *)&(r.longs[i+2]), >-+ (DES_cblock *)&(r.longs[i+2]), &sched, DES_ENCRYPT); >- } >- >- count = (family == AF_INET) ? 24 : 48; >diff --git a/security/pidentd/pkg-descr b/security/pidentd/pkg-descr >deleted file mode 100644 >index 324cb8161dbf..000000000000 >--- a/security/pidentd/pkg-descr >+++ /dev/null >@@ -1,12 +0,0 @@ >-This is a program that implements the RFC1413 identification server. It >-was very much inspired by Dan Bernstein's original 'authd' (but unlike >-that program doesn't use 'netstat' to get some of the information) It >-uses the kernel information directly. (And is due to that fact a lot >-faster). Dan has now written another version of the 'authd' daemon that >-uses his 'kstuff' to read the kernel information. Unlike that daemon, >-this will use only normally available kernel access functions (and is due >-to that more limited in the different machines it support). Please note >-that this daemon used to be called pauthd but has changed name to better >-reflect what it does (and to conform to the new RFC). >- >-WWW: http://www.lysator.liu.se/~pen/pidentd/
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=223792">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 254748
: 223792