Bug 198348 - [PATCH] security/john: Replace deprecated des_ and fix LibreSSL build
Summary: [PATCH] security/john: Replace deprecated des_ and fix LibreSSL build
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Alexey Dokuchaev
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2015-03-06 11:14 UTC by Bernard Spil
Modified: 2015-03-30 03:10 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (danfe)


Attachments
svn diff for security/john (3.18 KB, patch)
2015-03-06 11:14 UTC, Bernard Spil
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Bernard Spil freebsd_committer 2015-03-06 11:14:50 UTC
Created attachment 153891 [details]
svn diff for security/john

John the Ripper uses deprecated des_ methods and types that were marked deprecated by OpenSSL 0.9.7 and will be removed in OpenSSL 1.1.0 . This patch replaces the des_ methods and types with their new DES_ counterparts.

Emailed the john-dev mailinglist http://www.openwall.com/lists/john-dev/2015/03/ (moderated?)
Comment 1 Bernard Spil freebsd_committer 2015-03-07 12:18:04 UTC
Response from upstream:

http://www.openwall.com/lists/john-dev/2015/03/06/8

It'll be part of the next release.

Thank you, Bernard!

On Sat, Mar 07, 2015 at 12:51:32AM +0100, magnum wrote:

    I had no idea there was any such problem. I will gladly commit your
    patches but I'm hoping someone else will agree before I do. Does anyone
    see any problem with committing this? I take it we'll still support at
    least OpenSSL 0.9.7 so I see no problem.

I agree this should be committed, and we should test-build on a few
systems with different OpenSSL versions.

There were many more instances of the deprecated des_old identifiers
in JtR formats contributed over a decade ago, which we've updated years
ago - but apparently a few remained.  And keychain_fmt_plug.c is a
fairly recent addition, so apparently it was written that way recently.

Alexander
Comment 2 commit-hook freebsd_committer 2015-03-30 03:05:06 UTC
A commit references this bug:

Author: danfe
Date: Mon Mar 30 03:04:26 UTC 2015
New revision: 382632
URL: https://svnweb.freebsd.org/changeset/ports/382632

Log:
  Replace methods and types that were marked deprecated by OpenSSL 0.9.7
  and will be removed in OpenSSL 1.1.0.

  PR:		198348, 198352
  Submitted by:	Bernard Spil

Changes:
  head/security/john/Makefile
  head/security/ophcrack/files/
  head/security/ophcrack/files/patch-src_lmtable.c
  head/security/ophcrack/files/patch-src_samdump2_samdump2.c
Comment 3 Alexey Dokuchaev freebsd_committer 2015-03-30 03:08:46 UTC
Committed as part of revision ports r382632, thanks!