diff -Nru apg-2.2.3.dfsg.1/debian/apg.conf apg-2.2.3.dfsg.1/debian/apg.conf --- apg-2.2.3.dfsg.1/debian/apg.conf 2022-11-26 02:02:10.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/apg.conf 2017-10-01 22:19:40.000000000 +0000 @@ -1,4 +1,15 @@ -# this file sets defaults for apg if apg is called without parameters - -APG_PARM="-M NCL -a 0 -s -m 8 -x 12 -t" +#APG_PARM sets the defaults if apg is executed without any command arguments +# +# +#Examples: +# +#Pronounceable passwords with special characters: +#APG_PARM="-c /dev/urandom -m 8 -x 14 -M SNCL -t" +# +#Pronounceable passwords without special characters: +#APG_PARM="-c /dev/urandom -m 8 -x 14 -M NCL -t" +# +#Random passwords: +#APG_PARM="-c /dev/urandom -m 20 -x 20 -a 1 -M SNCL" +APG_PARM="-c /dev/urandom -m 8 -x 14 -M SNCL -t" diff -Nru apg-2.2.3.dfsg.1/debian/apg.wrapper apg-2.2.3.dfsg.1/debian/apg.wrapper --- apg-2.2.3.dfsg.1/debian/apg.wrapper 2022-11-26 02:02:10.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/apg.wrapper 2017-10-01 22:19:40.000000000 +0000 @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh CONFFILE="/etc/apg.conf" diff -Nru apg-2.2.3.dfsg.1/debian/changelog apg-2.2.3.dfsg.1/debian/changelog --- apg-2.2.3.dfsg.1/debian/changelog 2022-11-26 02:02:10.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/changelog 2022-11-26 01:58:07.000000000 +0000 @@ -1,14 +1,61 @@ -apg (2.2.3.dfsg.1-2ubuntu1) trusty; urgency=medium +apg (2.2.3.dfsg.1-5~16.04.sav0) xenial; urgency=low - * Support cross-building. + * Backport to Xenial - -- Colin Watson Fri, 10 Jan 2014 14:14:15 +0000 + -- Rob Savoury Fri, 25 Nov 2022 17:58:07 -0800 -apg (2.2.3.dfsg.1-2build1) quantal; urgency=low +apg (2.2.3.dfsg.1-5) unstable; urgency=low - * Rebuild for new armel compiler default of ARMv5t. + * add warning to package description about FIPS 181 deprecation. + Thanks to kwadronaut (Closes: #849109) + * patch debian/rules to help with reproduibility. + Thanks to Jathan and Vadgrant Cascadian (Closes: #870890) + * Standards-Version: 4.1.0 (no changes necessary) + + -- Marc Haber Sun, 01 Oct 2017 22:19:40 +0000 + +apg (2.2.3.dfsg.1-4) unstable; urgency=low + + * add patch from Steve Langasek to use correct compiler (Closes: #734870) + * add patch from Daniel Shahaf to help reproducible builds (Closes: #833141) + * fix watch file, add dversionmangle + * Standards-Version: 3.9.8 (no changes needed) + + -- Marc Haber Fri, 05 Aug 2016 12:04:46 +0200 + +apg (2.2.3.dfsg.1-3) unstable; urgency=low + + * Source-format: 3.0 (quilt): add debian/source/{format,local-options} + (Closes: #664375) + * move from cdbs to debhelper 9 + * move dpatch patches to quilt, add DEP-3 headers + * use gzip --no-name to be reproducible. + Thanks to Chris Lamb (Closes: #778215) + * fix crash on dictionary starting with whitespace. + Thanks to Jonathan Vollebregt (Closes: #759477) + * Use getent passwd root instead of grepping /etc/passwd. + Thanks to Edmund Grimley Evans (Closes: #783695) + * Fix typo in apg.1 man page. + Thanks to Jens Kubieziel (Closes: #488034) + * fix wrong mode letters in man page. + Thanks to Xavier Hienne (Closes: #609837) + * multiple improvements to man page. + Thanks to Christoph Anton Mitterer (Closes: #764411) + * improve apg.conf. + Thanks to Christoph Anton Mitterer (Closes: #541631) + * apg-wrapper is now a /bin/sh script. + Thanks to Troy Benjegerdes (Closes: #763202) + * add Homepage field + * add Vcs-Git and Vcs-Browser to debian/control + * debian/watch comment that upstream web page was unreachable + * debian/control remove upstream url from description + * debian/control add reference to Ganesan / Davis and upstream abandonment + * machine-readable debian/copyright + * standards-version 3.9.7 (no other changes necessary) + * Makefile: add dpkg-buildflags for hardening + * move package to collab-maint - -- Colin Watson Mon, 01 Oct 2012 16:42:56 +0100 + -- Marc Haber Fri, 11 Mar 2016 22:04:02 +0100 apg (2.2.3.dfsg.1-2) unstable; urgency=low diff -Nru apg-2.2.3.dfsg.1/debian/compat apg-2.2.3.dfsg.1/debian/compat --- apg-2.2.3.dfsg.1/debian/compat 2022-11-26 02:02:10.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/compat 2017-10-01 22:19:40.000000000 +0000 @@ -1 +1 @@ -4 +9 diff -Nru apg-2.2.3.dfsg.1/debian/control apg-2.2.3.dfsg.1/debian/control --- apg-2.2.3.dfsg.1/debian/control 2022-11-26 02:02:10.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/control 2017-10-01 22:19:40.000000000 +0000 @@ -1,14 +1,16 @@ Source: apg Section: admin Priority: optional -Maintainer: Ubuntu Developers -XSBC-Original-Maintainer: Marc Haber -Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 4.1.0), dpatch, patchutils -Standards-Version: 3.7.2.2 +Maintainer: Marc Haber +Build-Depends: debhelper (>= 9) +Standards-Version: 4.1.0 +Homepage: http://www.adel.nursat.kz/apg/ +Vcs-Git: git://git.debian.org/git/collab-maint/apg.git +Vcs-Browser: http://git.debian.org/?p=collab-maint/apg.git;a=summary Package: apg Architecture: any -Depends: ${shlibs:Depends} +Depends: ${shlibs:Depends}, ${misc:Depends} Description: Automated Password Generator - Standalone version APG (Automated Password Generator) is the tool set for random password generation. It generates some random words of required type @@ -37,4 +39,21 @@ generation The client/server version of apg has been deliberately omitted. . - Upstream URL: http://www.adel.nursat.kz/apg/download.shtml + Please note that there are security flaws in pronounceable + password generation schemes (see Ganesan / Davis "A New Attack on + Random Pronounceable Password Generators", in "Proceedings of the 17th + National Computer Security Conference (NCSC), Oct. 11-14, 1994 + (Volume 1)", http://csrc.nist.gov/publications/history/nissc/ + 1994-17th-NCSC-proceedings-vol-1.pdf, pages 203-216) + . + Also note that the FIPS 181 standard from 1993 has been withdrawn by NIST in + 2015 with no superseding publication. This means that the document is + considered by its publicher as obsolete and not been updated to reference + current or revised voluntary industry standards, federal specifications, or + federal data standards. + . + apg has not seen upstream attention since 2003, upstream is not + answering e-mail, and the upstream web page does not look like it is + in good working order. The Debian maintainer plans to discontinue apg + maintenance as soon as an actually maintained software with a + compariable feature set becomes available. diff -Nru apg-2.2.3.dfsg.1/debian/control.in apg-2.2.3.dfsg.1/debian/control.in --- apg-2.2.3.dfsg.1/debian/control.in 2022-11-26 02:02:10.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/control.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,40 +0,0 @@ -Source: apg -Section: admin -Priority: optional -Maintainer: Ubuntu Developers -XSBC-Original-Maintainer: Marc Haber -Build-Depends: @cdbs@ -Standards-Version: 3.6.1 - -Package: apg -Architecture: any -Depends: ${shlibs:Depends} -Description: Automated Password Generator - Standalone version - APG (Automated Password Generator) is the tool set for random - password generation. It generates some random words of required type - and prints them to standard output. This binary package contains only - the standalone version of apg. - Advantages: - * Built-in ANSI X9.17 RNG (Random Number Generator)(CAST/SHA1) - * Built-in password quality checking system (now it has support for Bloom - filter for faster access) - * Two Password Generation Algorithms: - 1. Pronounceable Password Generation Algorithm (according to NIST - FIPS 181) - 2. Random Character Password Generation Algorithm with 35 - configurable modes of operation - * Configurable password length parameters - * Configurable amount of generated passwords - * Ability to initialize RNG with user string - * Support for /dev/random - * Ability to crypt() generated passwords and print them as additional output. - * Special parameters to use APG in script - * Ability to log password generation requests for network version - * Ability to control APG service access using tcpd - * Ability to use password generation service from any type of box (Mac, - WinXX, etc.) that connected to network - * Ability to enforce remote users to use only allowed type of password - generation - The client/server version of apg has been deliberately omitted. - . - Upstream URL: http://www.adel.nursat.kz/apg/download.shtml diff -Nru apg-2.2.3.dfsg.1/debian/copyright apg-2.2.3.dfsg.1/debian/copyright --- apg-2.2.3.dfsg.1/debian/copyright 2022-11-26 02:02:10.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/copyright 2017-10-01 22:19:40.000000000 +0000 @@ -1,19 +1,20 @@ -This package was debianized by Marc Haber on -Fri, 1 Jun 2001 15:13:54 +0000. +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: apg +Source: http://www.adel.nursat.kz/apg/ -It was downloaded from http://www.adel.nursat.kz/apg/ +Files: * +Copyright: 1999, 2000, 2001 Adel I. Mirzazhanov. All rights reserved +License: BSD-3-Clause -Upstream Author: Adel I. Mirzazhanov +Files: debian/* +Copyright: 2001-2016 Marc Haber +License: BSD-3-Clause -Copyright: - -Copyright (c) 1999, 2000, 2001 -Adel I. Mirzazhanov. All rights reserved - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: - +License: BSD-3-Clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + . 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above @@ -23,15 +24,15 @@ 3. The name of the author may not be used to endorse or promote products derived from this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS -OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY -DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE -GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + . + THIS SOFTWARE IS PROVIDED BY THE AUTHOR `AS IS'' AND ANY EXPRESS + OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff -Nru apg-2.2.3.dfsg.1/debian/patches/00list apg-2.2.3.dfsg.1/debian/patches/00list --- apg-2.2.3.dfsg.1/debian/patches/00list 2022-11-26 02:02:10.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/patches/00list 1970-01-01 00:00:00.000000000 +0000 @@ -1,6 +0,0 @@ -01_index.php_binary_path -02_Makefile -03_apgd_docs_remove -04_fix-excessive-random-usage -05_saltbuffer-337116 -10_prelim-412618 \ No newline at end of file diff -Nru apg-2.2.3.dfsg.1/debian/patches/01_index.php_binary_path.dpatch apg-2.2.3.dfsg.1/debian/patches/01_index.php_binary_path.dpatch --- apg-2.2.3.dfsg.1/debian/patches/01_index.php_binary_path.dpatch 2022-11-26 02:02:10.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/patches/01_index.php_binary_path.dpatch 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 01_index.php_binary_path.dpatch by Marc Haber -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: No description. - -@DPATCH@ -diff -urNad apg/php/apgonline/index.php /tmp/dpep.Xgzj3Z/apg/php/apgonline/index.php ---- apg/php/apgonline/index.php 2002-09-13 08:10:49.000000000 +0000 -+++ /tmp/dpep.Xgzj3Z/apg/php/apgonline/index.php 2004-12-20 12:16:37.000000000 +0000 -@@ -7,7 +7,7 @@ - - $apg_title = "Automated Password Generator Online" ; - -- $generator = "/usr/local/bin/apg -q" ; # APG location -+ $generator = "/usr/bin/apg -q" ; # APG location - # - # Default options - # diff -Nru apg-2.2.3.dfsg.1/debian/patches/02_Makefile.dpatch apg-2.2.3.dfsg.1/debian/patches/02_Makefile.dpatch --- apg-2.2.3.dfsg.1/debian/patches/02_Makefile.dpatch 2022-11-26 02:02:10.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/patches/02_Makefile.dpatch 1970-01-01 00:00:00.000000000 +0000 @@ -1,39 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 02_Makefile.dpatch by Marc Haber -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: No description. - -@DPATCH@ -diff -urNad ./Makefile /tmp/dpep-work.B8bqpE/trunk/Makefile ---- ./Makefile 2003-08-07 15:40:30.000000000 +0000 -+++ /tmp/dpep-work.B8bqpE/trunk/Makefile 2005-02-27 11:36:49.781144504 +0000 -@@ -34,16 +34,16 @@ - # DO NOT EDIT THE LINE BELOW !!! - USE_SHA = APG_USE_SHA - # Coment this if you want to use PRNG X9.17 with SHA-1 --USE_SHA = APG_DONOTUSE_SHA -+# USE_SHA = APG_DONOTUSE_SHA - - ################################################################## - # Directories - # Install dirs - INSTALL_PREFIX = /usr/local - APG_BIN_DIR = /bin --APG_MAN_DIR = /man/man1 -+APG_MAN_DIR = /share/man/man1 - APGD_BIN_DIR = /sbin --APGD_MAN_DIR = /man/man8 -+APGD_MAN_DIR = /share/man/man8 - - #################################################################### - # If you plan to install APG daemon you should look at lines below # -@@ -59,7 +59,7 @@ - # Linux - # - # Uncoment line below for LINUX --#CS_LIBS = -lnsl -+CS_LIBS = -lnsl - - #################################################################### - # Solaris diff -Nru apg-2.2.3.dfsg.1/debian/patches/03_apgd_docs_remove.dpatch apg-2.2.3.dfsg.1/debian/patches/03_apgd_docs_remove.dpatch --- apg-2.2.3.dfsg.1/debian/patches/03_apgd_docs_remove.dpatch 2022-11-26 02:02:10.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/patches/03_apgd_docs_remove.dpatch 1970-01-01 00:00:00.000000000 +0000 @@ -1,31 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 03_apgd_docs_remove.dpatch by Marc Haber -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: No description. - -@DPATCH@ -diff -urNad --exclude=CVS --exclude=.svn ./doc/man/apg.1 /tmp/dpep-work.dFyQOr/apg/doc/man/apg.1 ---- ./doc/man/apg.1 2003-08-07 15:40:30.000000000 +0000 -+++ /tmp/dpep-work.dFyQOr/apg/doc/man/apg.1 2005-07-23 10:43:48.000000000 +0000 -@@ -272,7 +272,7 @@ - .B None. - If you've found one, please send bug description to the author. - .SH "SEE ALSO" --\fBapgd\fP(8), \fBapgbfm\fP(1) -+\fBapgbfm\fP(1) - .SH "AUTHOR" - Adel I. Mirzazhanov, - .br -diff -urNad --exclude=CVS --exclude=.svn ./doc/man/apgbfm.1 /tmp/dpep-work.dFyQOr/apg/doc/man/apgbfm.1 ---- ./doc/man/apgbfm.1 2003-08-07 15:40:30.000000000 +0000 -+++ /tmp/dpep-work.dFyQOr/apg/doc/man/apgbfm.1 2005-07-23 10:43:42.000000000 +0000 -@@ -125,7 +125,7 @@ - .PP - This man page is Alpha too. - .SH "SEE ALSO" --\fBapgd\fP(8), \fBapg\fP(1) -+\fBapg\fP(1) - .SH "AUTHOR" - Adel I. Mirzazhanov, - .br diff -Nru apg-2.2.3.dfsg.1/debian/patches/04_fix-excessive-random-usage.dpatch apg-2.2.3.dfsg.1/debian/patches/04_fix-excessive-random-usage.dpatch --- apg-2.2.3.dfsg.1/debian/patches/04_fix-excessive-random-usage.dpatch 2022-11-26 02:02:10.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/patches/04_fix-excessive-random-usage.dpatch 1970-01-01 00:00:00.000000000 +0000 @@ -1,57 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 04_fix-excessive-random-usage.dpatch by Marc Haber -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: No description. - -@DPATCH@ -diff -urNad --exclude=CVS --exclude=.svn ./rnd.c /tmp/dpep-work.HP9NDI/apg/rnd.c ---- ./rnd.c 2003-08-07 15:40:30.000000000 +0000 -+++ /tmp/dpep-work.HP9NDI/apg/rnd.c 2005-08-09 10:42:38.000000000 +0000 -@@ -36,6 +36,7 @@ - #include - #include - #include -+#include - #include "rnd.h" - - #ifndef APG_USE_SHA -@@ -176,25 +177,31 @@ - void - x917_setseed (UINT32 seed, int quiet) - { -- FILE * dr; -+ int fd; - UINT32 drs[2]; - UINT32 pid = 0; - - pid = (UINT32)getpid(); -+ -+ /* NOTE: this function intentionally does not use -+ * the regular API because fread may -+ * read much more data than requested (up to -+ * 4K), which is extremely bad with /dev/random -+ */ - -- if ( (dr = fopen(APG_DEVRANDOM, "r")) != NULL) -+ if ( (fd = open(APG_DEVRANDOM, O_RDONLY)) != -1) - { -- (void)fread( (void *)&drs[0], 8, 1, dr); -+ read(fd, (void *)&drs[0], 8); - __rnd_seed[0] = seed ^ drs[0]; - __rnd_seed[1] = seed ^ drs[1]; -- (void) fclose(dr); -+ close(fd); - } -- else if ( (dr = fopen(APG_DEVURANDOM, "r")) != NULL) -+ else if ( (fd = open(APG_DEVURANDOM, O_RDONLY)) != -1) - { -- (void)fread( (void *)&drs[0], 8, 1, dr); -+ read(fd, &drs[0], 8); - __rnd_seed[0] = seed ^ drs[0]; - __rnd_seed[1] = seed ^ drs[1]; -- (void) fclose(dr); -+ close(fd); - } - else - { diff -Nru apg-2.2.3.dfsg.1/debian/patches/05_saltbuffer-337116.dpatch apg-2.2.3.dfsg.1/debian/patches/05_saltbuffer-337116.dpatch --- apg-2.2.3.dfsg.1/debian/patches/05_saltbuffer-337116.dpatch 2022-11-26 02:02:10.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/patches/05_saltbuffer-337116.dpatch 1970-01-01 00:00:00.000000000 +0000 @@ -1,19 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 05_saltbuffer-337116.dpatch by Marc Haber -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: Fix segfaults with -y option, #337116 - -@DPATCH@ -diff -urNad trunk~/apg.c trunk/apg.c ---- trunk~/apg.c 2003-09-12 17:46:27.000000000 +0000 -+++ trunk/apg.c 2006-10-17 10:07:54.000000000 +0000 -@@ -662,7 +662,7 @@ - */ - char * crypt_passstring (const char *p) - { -- char salt[10]; -+ char salt[11]; - gen_rand_pass (salt, 10, 10, S_SL|S_CL|S_NB); - return (crypt(p, salt)); - } diff -Nru apg-2.2.3.dfsg.1/debian/patches/10_prelim-412618.dpatch apg-2.2.3.dfsg.1/debian/patches/10_prelim-412618.dpatch --- apg-2.2.3.dfsg.1/debian/patches/10_prelim-412618.dpatch 2022-11-26 02:02:10.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/patches/10_prelim-412618.dpatch 1970-01-01 00:00:00.000000000 +0000 @@ -1,40 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 10_prelim-412618.dpatch by Marc Haber -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: preliminary patch to improve password quality on 64bit arches. -## DP: submitted by Kaare Hviid (BTS #412618) - -@DPATCH@ -diff -urNad trunk~/sha/sha.c trunk/sha/sha.c ---- trunk~/sha/sha.c 2003-08-07 17:40:30.000000000 +0200 -+++ trunk/sha/sha.c 2007-06-20 17:06:33.000000000 +0200 -@@ -13,6 +13,7 @@ - */ - - #include -+#include - #include "sha.h" - - /* The SHA f()-functions */ -@@ -39,7 +40,7 @@ - - /* 32-bit rotate - kludged with shifts */ - --typedef unsigned long UL ; /* to save space */ -+typedef u_int32_t UL ; /* to save space */ - - #define S(n,X) ( ( ((UL)X) << n ) | ( ((UL)X) >> ( 32 - n ) ) ) - -diff -urNad trunk~/sha/sha.h trunk/sha/sha.h ---- trunk~/sha/sha.h 2003-08-07 17:40:30.000000000 +0200 -+++ trunk/sha/sha.h 2007-06-20 17:06:49.000000000 +0200 -@@ -16,7 +16,7 @@ - /* Useful defines/typedefs */ - - typedef unsigned char BYTE ; --typedef unsigned long LONG ; -+typedef u_int32_t LONG ; - - /* The SHA block size and message digest sizes, in bytes */ - diff -Nru apg-2.2.3.dfsg.1/debian/patches/320307-fix-excessive-random-usage apg-2.2.3.dfsg.1/debian/patches/320307-fix-excessive-random-usage --- apg-2.2.3.dfsg.1/debian/patches/320307-fix-excessive-random-usage 1970-01-01 00:00:00.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/patches/320307-fix-excessive-random-usage 2017-10-01 22:19:40.000000000 +0000 @@ -0,0 +1,54 @@ +Description: fix excessive random usage +Forwarded: a-del@iname.com on 2005-07-30 +Author: Johannes Berg +Last-Update: 2005-07-28 +Bug-Debian: http://bugs.debian.org/320307 +--- a/rnd.c ++++ b/rnd.c +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include + #include "rnd.h" + + #ifndef APG_USE_SHA +@@ -176,25 +177,31 @@ x917sha1_rnd (void) + void + x917_setseed (UINT32 seed, int quiet) + { +- FILE * dr; ++ int fd; + UINT32 drs[2]; + UINT32 pid = 0; + + pid = (UINT32)getpid(); ++ ++ /* NOTE: this function intentionally does not use ++ * the regular API because fread may ++ * read much more data than requested (up to ++ * 4K), which is extremely bad with /dev/random ++ */ + +- if ( (dr = fopen(APG_DEVRANDOM, "r")) != NULL) ++ if ( (fd = open(APG_DEVRANDOM, O_RDONLY)) != -1) + { +- (void)fread( (void *)&drs[0], 8, 1, dr); ++ read(fd, (void *)&drs[0], 8); + __rnd_seed[0] = seed ^ drs[0]; + __rnd_seed[1] = seed ^ drs[1]; +- (void) fclose(dr); ++ close(fd); + } +- else if ( (dr = fopen(APG_DEVURANDOM, "r")) != NULL) ++ else if ( (fd = open(APG_DEVURANDOM, O_RDONLY)) != -1) + { +- (void)fread( (void *)&drs[0], 8, 1, dr); ++ read(fd, &drs[0], 8); + __rnd_seed[0] = seed ^ drs[0]; + __rnd_seed[1] = seed ^ drs[1]; +- (void) fclose(dr); ++ close(fd); + } + else + { diff -Nru apg-2.2.3.dfsg.1/debian/patches/337116-saltbuffer apg-2.2.3.dfsg.1/debian/patches/337116-saltbuffer --- apg-2.2.3.dfsg.1/debian/patches/337116-saltbuffer 1970-01-01 00:00:00.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/patches/337116-saltbuffer 2017-10-01 22:19:40.000000000 +0000 @@ -0,0 +1,16 @@ +Description: fix salt buffer length +Forwarded: a-del@iname.com on 2005-11-02 +Author: Paul Martin +Last-Update: 2006-05-08 +Bug-Debian: http://bugs.debian.org/337116 +--- a/apg.c ++++ b/apg.c +@@ -662,7 +662,7 @@ print_help (void) + */ + char * crypt_passstring (const char *p) + { +- char salt[10]; ++ char salt[11]; + gen_rand_pass (salt, 10, 10, S_SL|S_CL|S_NB); + return (crypt(p, salt)); + } diff -Nru apg-2.2.3.dfsg.1/debian/patches/412618-preliminary apg-2.2.3.dfsg.1/debian/patches/412618-preliminary --- apg-2.2.3.dfsg.1/debian/patches/412618-preliminary 1970-01-01 00:00:00.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/patches/412618-preliminary 2017-10-01 22:19:40.000000000 +0000 @@ -0,0 +1,35 @@ +Description: fix password quality on amd64 +Forwarded: a-del@iname.com on 2007-03-19 +Author: Kaare Hviid +Last-Update: 2007-03-19 +Bug-Debian: http://bugs.debian.org/412618 +--- a/sha/sha.c ++++ b/sha/sha.c +@@ -13,6 +13,7 @@ + */ + + #include ++#include + #include "sha.h" + + /* The SHA f()-functions */ +@@ -39,7 +40,7 @@ + + /* 32-bit rotate - kludged with shifts */ + +-typedef unsigned long UL ; /* to save space */ ++typedef u_int32_t UL ; /* to save space */ + + #define S(n,X) ( ( ((UL)X) << n ) | ( ((UL)X) >> ( 32 - n ) ) ) + +--- a/sha/sha.h ++++ b/sha/sha.h +@@ -16,7 +16,7 @@ + /* Useful defines/typedefs */ + + typedef unsigned char BYTE ; +-typedef unsigned long LONG ; ++typedef u_int32_t LONG ; + + /* The SHA block size and message digest sizes, in bytes */ + diff -Nru apg-2.2.3.dfsg.1/debian/patches/488034-609837-764411-manpage-improvements apg-2.2.3.dfsg.1/debian/patches/488034-609837-764411-manpage-improvements --- apg-2.2.3.dfsg.1/debian/patches/488034-609837-764411-manpage-improvements 1970-01-01 00:00:00.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/patches/488034-609837-764411-manpage-improvements 2017-10-01 22:19:40.000000000 +0000 @@ -0,0 +1,235 @@ +Description: multiple improvements to man page +Forwarded: no +Author: Christoph Anton Mitterer , + Xavier Hienne , + Jens Kubieziel , + Raphaƫl Bleuse +Last-Update: 2016-03-12 +Bug-Debian: http://bugs.debian.org/488034, + http://bugs.debian.org/609837, + http://bugs.debian.org/764411 +--- a/doc/man/apg.1 ++++ b/doc/man/apg.1 +@@ -36,20 +36,14 @@ implementation described in + Another algorithm is simple random character generation algorithm, but it + uses four user-defined symbol sets to produce random password. It means that + user can choose type of symbols that should appear in password. Symbol sets +-are: numeric symbol set +-.I (0,...,9) +-, capital letters symbol set +-.I (A,...,Z) +-, small letters symbol set +-.I (a,...,z) +-and special symbols symbol set +-.I (#,@,!,...). ++are: numeric symbol set (0,...,9), capital letters symbol set (A,...,Z), ++small letters symbol set (a,...,z) and special symbols symbol set (#,@,!,...). + .PP + Built-in pseudo random number generator is an implementation of algorithm + described in + .B Appendix C of ANSI X9.17 + or +-.B RFC1750 ++.B RFC 1750 + with exception that it uses + .I CAST + or +@@ -81,30 +75,30 @@ techniques to check passwords (like patt + .SS "Password generation modes options" + .TP + .B -a algorithm +-use ++Use + .B algorithm + for password generation. + .RS + .B 0 +-- (default) pronounceable password generation ++- pronounceable password generation (default) + .br + .B 1 + - random character password generation + .RE + .TP + .B -n num_of_pass +-generate ++Generate + .B num_of_pass + number of passwords. Default is 6. + .TP + .B -m min_pass_len +-generate password with minimum length ++Generate password with minimum length + .B min_pass_len. + If \fBmin_pass_len > max_pass_len\fP then \fBmax_pass_len = min_pass_len\fP. + Default minimum password length is 8. + .TP + .B -x max_pass_len +-generate password with maximum length ++Generate password with maximum length + .B max_pass_len. + If \fBmin_pass_len > max_pass_len\fP then \fBmax_pass_len = min_pass_len\fP. + Default maximum password length is 10. +@@ -116,33 +110,33 @@ Use symbolsets specified with \fBmode\fP + .RS + .TP + .B S +-generator \fBmust\fP use special symbol set for every generated password. ++Generator \fBmust\fP use special symbol set for every generated password. + .TP + .B s +-generator \fBshould\fP use special symbol set for password generation. ++Generator \fBshould\fP use special symbol set for password generation. + .TP + .B N +-generator \fBmust\fP use numeral symbol set for every generated password. ++Generator \fBmust\fP use numeral symbol set for every generated password. + .TP + .B n +-generator \fBshould\fP use numeral symbol set for password generation. ++Generator \fBshould\fP use numeral symbol set for password generation. + .TP + .B C +-generator \fBmust\fP use capital symbol set for every generated password. ++Generator \fBmust\fP use capital symbol set for every generated password. + .TP + .B c +-generator \fBshould\fP use capital symbol set for password generation. ++Generator \fBshould\fP use capital symbol set for password generation. + .TP + .B L +-generator \fBmust\fP use small letters symbol set for every generated password ++Generator \fBmust\fP use small letters symbol set for every generated password + (always present if pronounceable password + generation algorithm is used). + .TP + .B l +-generator \fBshould\fP use small letters symbol set for password generation. ++Generator \fBshould\fP use small letters symbol set for password generation. + .TP + .B R,r +-not supported any more. Use \fB-E char_string\fP option instead. ++Not supported any more. Use \fB-E char_string\fP option instead. + .RE + .RS + .br +@@ -151,15 +145,19 @@ length. + .PP + .B Note: + .br +-Usage of L, M, N, C will slow down password generation process. ++Usage of L, M, S, C will slow down password generation process. + .PP + .B Examples: + .br +-\fB-M sncl\fP or \fB-M SNCL\fP or \fB-M Cn\fP ++\fB-M sncl\fP ++.br ++\fB-M SNCL\fP ++.br ++\fB-M Cn\fP + .RE + .TP + .B -E char_string +-exclude characters in \fBchar_string\fP from password generation process (in pronounceable ++Exclude characters in \fBchar_string\fP from password generation process (in pronounceable + password generation mode you can not exclude small letters). To include special symbols that + can be recognized by shell (apostrophe, quotes, dollar sign, etc.) in \fBchar_string\fP use + the backslashed versions. +@@ -168,7 +166,7 @@ the backslashed versions. + .B Examples: + .PP + Command \fBapg -a 1 -M n -n 3 -m 8 -E 23456789\fP will generate a set of passwords that +-will look like this ++will look like this: + .br + \fB10100110\fP + .br +@@ -178,7 +176,7 @@ will look like this + .br + .PP + Command \fBapg -a 1 -M nc -n 3 -m 26 -E GHIJKLMNOPQRSTUVWXYZ\fP will generate a set of passwords +-that will look like this ++that will look like this: + .br + \fB16A1653CD4DE5E7BD9584A3476\fP + .br +@@ -190,16 +188,16 @@ that will look like this + .SS "Password quality control options" + .TP + .B -r \fIdictfile\fP +-check generated passwords for their appearance in ++Check generated passwords for their appearance in + .I dictfile + .TP + .B -b \fIfilter_file\fP +-check generated passwords for their appearance in +-\fIfilter_file\fP. \fIfilter_file\fP should be created with \fBapgbfm\fP(1) ++Check generated passwords for their appearance in ++\fIfilter_file\fP. \fIfilter_file\fP should be created with the \fBapgbfm\fP(1) + utility. + .TP + .B -p min_substr_len +-this option tells \fBapg\fP(1) to check every substring of the generated ++This option tells \fBapg\fP(1) to check every substring of the generated + password for appearance in \fIfilter_file\fP. If any of such substrings would + be found in the \fIfilter_file\fP then generated password would be rejected + and apg(1) will generate another one. +@@ -208,41 +206,48 @@ This option is active only if \fB-b\fP o + .SS "Pseudo random number generator options" + .TP + .B -s +-ask user for random sequence for password generation ++Ask user for random sequence for password generation + .TP + .B -c cl_seed +-use ++Use + .B cl_seed + as a random seed for password generation. I use it when i have to generate + passwords in a shell script. ++.RS ++.B Examples: ++.br ++\fB-c /dev/urandom\fP ++.br ++\fB-c /tmp/seed_file\fP ++.RE + .SS "Password output options" + .br + .TP + .B -d +-do NOT use any delimiters between generated passwords. I use it when i have to generate ++Do NOT use any delimiters between generated passwords. I use it when i have to generate + passwords in a shell script. + .TP + .B -y +-print generated passwords and crypted passwords (see man \fBcrypt\fP(3)) ++Print generated passwords and crypted passwords (see \fBcrypt\fP(3)) + .TP + .B -q +-quiet mode (do not print warnings) ++Quiet mode (do not print warnings) + .TP + .B -l +-spell genetated passwords. Useful when you want to read generated password by telephone. ++Spell generated passwords. Useful when you want to read generated password by telephone. + .RS + .B WARNING: + Think twice before read your password by phone. + .RE + .TP + .B -t +-print pronunciation for generated pronounceable password ++Print pronunciation for generated pronounceable password. Ignored if \fB-a 1\fP is set. + .TP + .B -h +-print help information and exit ++Print help information and exit + .TP + .B -v +-print version information and exit ++Print version information and exit + .SH "DEFAULT OPTIONS" + \fBapg -a 0 -M sncl -n 6 -x 10 -m 8\fP (new style) + .PP diff -Nru apg-2.2.3.dfsg.1/debian/patches/759477-dictionary-parsing apg-2.2.3.dfsg.1/debian/patches/759477-dictionary-parsing --- apg-2.2.3.dfsg.1/debian/patches/759477-dictionary-parsing 1970-01-01 00:00:00.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/patches/759477-dictionary-parsing 2017-10-01 22:19:40.000000000 +0000 @@ -0,0 +1,23 @@ +Description: fix crash on dictionary starting with whitespace +Forwarded: no +Author: Jonathan Vollebregt +Last-Update: 2016-03-12 +Bug-Debian: http://bugs.debian.org/759477 +--- a/restrict.c ++++ b/restrict.c +@@ -70,12 +70,10 @@ check_pass(char *pass, char *dict) + while ((fgets(string, MAX_DICT_STRING_SIZE, dct) != NULL)) + { + tmp = strtok (string," \t\n\0"); +- if( tmp != NULL) +- string = tmp; +- else ++ if( tmp == NULL) + continue; +- if(strlen(string) != strlen(pass)) continue; +- else if (strncmp(string, pass, strlen(pass)) == 0) ++ if(strlen(tmp) != strlen(pass)) continue; ++ else if (strncmp(tmp, pass, strlen(pass)) == 0) + { + free ( (void *)string); + fclose (dct); diff -Nru apg-2.2.3.dfsg.1/debian/patches/apgd_docs_remove apg-2.2.3.dfsg.1/debian/patches/apgd_docs_remove --- apg-2.2.3.dfsg.1/debian/patches/apgd_docs_remove 1970-01-01 00:00:00.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/patches/apgd_docs_remove 2017-10-01 22:19:40.000000000 +0000 @@ -0,0 +1,25 @@ +Description: remove references to apgd from man pages +Origin: vendor +Forwarded: not-needed +--- a/doc/man/apg.1 ++++ b/doc/man/apg.1 +@@ -272,7 +272,7 @@ message about it. + .B None. + If you've found one, please send bug description to the author. + .SH "SEE ALSO" +-\fBapgd\fP(8), \fBapgbfm\fP(1) ++\fBapgbfm\fP(1) + .SH "AUTHOR" + Adel I. Mirzazhanov, + .br +--- a/doc/man/apgbfm.1 ++++ b/doc/man/apgbfm.1 +@@ -125,7 +125,7 @@ If you've found one, please send bug des + .PP + This man page is Alpha too. + .SH "SEE ALSO" +-\fBapgd\fP(8), \fBapg\fP(1) ++\fBapg\fP(1) + .SH "AUTHOR" + Adel I. Mirzazhanov, + .br diff -Nru apg-2.2.3.dfsg.1/debian/patches/index.php_binary_path apg-2.2.3.dfsg.1/debian/patches/index.php_binary_path --- apg-2.2.3.dfsg.1/debian/patches/index.php_binary_path 1970-01-01 00:00:00.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/patches/index.php_binary_path 2017-10-01 22:19:40.000000000 +0000 @@ -0,0 +1,14 @@ +Description: Fix path to apg executable +Origin: vendor +Forwarded: not-needed +--- a/php/apgonline/index.php ++++ b/php/apgonline/index.php +@@ -7,7 +7,7 @@ + + $apg_title = "Automated Password Generator Online" ; + +- $generator = "/usr/local/bin/apg -q" ; # APG location ++ $generator = "/usr/bin/apg -q" ; # APG location + # + # Default options + # diff -Nru apg-2.2.3.dfsg.1/debian/patches/Makefile apg-2.2.3.dfsg.1/debian/patches/Makefile --- apg-2.2.3.dfsg.1/debian/patches/Makefile 1970-01-01 00:00:00.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/patches/Makefile 2017-10-01 22:19:40.000000000 +0000 @@ -0,0 +1,56 @@ +Description: Makefile customizations for Debian package + Activate PRNG X9.17 with SHA-1 + activate libraries needed for build on Linux + set correct install paths + add dpkg-buildflags for hardening +Origin: vendor +Forwarded: not-needed +--- a/Makefile ++++ b/Makefile +@@ -6,7 +6,7 @@ CC = gcc + ################################################################## + # Compilation flags + # You should comment the line below for AIX+native cc +-FLAGS = -Wall ++FLAGS = -Wall `dpkg-buildflags --get CFLAGS` `dpkg-buildflags --get LDFLAGS` + + ################################################################## + # Libraries +@@ -34,16 +34,16 @@ CRYPTED_PASS = APG_USE_CRYPT + # DO NOT EDIT THE LINE BELOW !!! + USE_SHA = APG_USE_SHA + # Coment this if you want to use PRNG X9.17 with SHA-1 +-USE_SHA = APG_DONOTUSE_SHA ++# USE_SHA = APG_DONOTUSE_SHA + + ################################################################## + # Directories + # Install dirs + INSTALL_PREFIX = /usr/local + APG_BIN_DIR = /bin +-APG_MAN_DIR = /man/man1 ++APG_MAN_DIR = /share/man/man1 + APGD_BIN_DIR = /sbin +-APGD_MAN_DIR = /man/man8 ++APGD_MAN_DIR = /share/man/man8 + + #################################################################### + # If you plan to install APG daemon you should look at lines below # +@@ -59,7 +59,7 @@ APGD_MAN_DIR = /man/man8 + # Linux + # + # Uncoment line below for LINUX +-#CS_LIBS = -lnsl ++CS_LIBS = -lnsl + + #################################################################### + # Solaris +@@ -75,7 +75,7 @@ APGD_MAN_DIR = /man/man8 + + # ====== YOU DO NOT NEED TO MODIFY ANYTHING BELOW THIS LINE ====== + # Find group ID for user root +-FIND_GROUP = `grep '^root:' /etc/passwd | awk -F: '{ print $$4 }'` ++FIND_GROUP = `getent passwd root | awk -F: '{ print $$4 }'` + + PROGNAME = apg + CS_PROGNAME = apgd diff -Nru apg-2.2.3.dfsg.1/debian/patches/series apg-2.2.3.dfsg.1/debian/patches/series --- apg-2.2.3.dfsg.1/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/patches/series 2017-10-01 22:19:40.000000000 +0000 @@ -0,0 +1,8 @@ +index.php_binary_path +Makefile +apgd_docs_remove +320307-fix-excessive-random-usage +337116-saltbuffer +412618-preliminary +759477-dictionary-parsing +488034-609837-764411-manpage-improvements diff -Nru apg-2.2.3.dfsg.1/debian/rules apg-2.2.3.dfsg.1/debian/rules --- apg-2.2.3.dfsg.1/debian/rules 2022-11-26 02:02:10.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/rules 2017-10-01 22:19:40.000000000 +0000 @@ -1,30 +1,27 @@ #!/usr/bin/make -f -# to re-generate debian/control, invoke -# fakeroot debian/rules debian/control DEB_AUTO_UPDATE_DEBIAN_CONTROL:=yes +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) -# automatic debian/control generation disabled, cdbs bug #311724. +ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE)) +CC="$(DEB_HOST_GNU_TYPE)-gcc" +else +CC=gcc +endif -DEB_MAKE_CLEAN_TARGET := clean -DEB_MAKE_BUILD_TARGET := standalone -DEB_MAKE_INSTALL_TARGET := install INSTALL_PREFIX=$(CURDIR)/debian/apg/usr +%: + dh $@ -include /usr/share/cdbs/1/rules/debhelper.mk -include /usr/share/cdbs/1/rules/dpatch.mk -include /usr/share/cdbs/1/class/makefile.mk +override_dh_auto_build: + make standalone CC=$(CC) -DEB_MAKE_EXTRA_ARGS := $(if $(cdbs_crossbuild),CC="$(DEB_HOST_GNU_TYPE)-gcc") - -cleanbuilddir/apg:: - rm -f build-stamp configure-stamp php.tar.gz - -install/apg:: +override_dh_auto_install: + make install INSTALL_PREFIX=$(CURDIR)/debian/apg/usr mv $(CURDIR)/debian/apg/usr/bin/apg $(CURDIR)/debian/apg/usr/lib/apg/apg - tar --create --gzip --file php.tar.gz --directory $(CURDIR)/php/apgonline/ . + tar --create --file - --directory $(CURDIR)/php/apgonline/ . \ + --clamp-mtime --mtime="$(SOURCE_DATE_EPOCH)" \ + --mode=u=rwX,go=rX --sort=name | gzip --no-name > php.tar.gz install -D --mode=0644 php.tar.gz $(CURDIR)/debian/apg/usr/share/doc/apg/php.tar.gz rm php.tar.gz install -D --mode=0755 $(CURDIR)/debian/apg.wrapper $(CURDIR)/debian/apg/usr/bin/apg install -D --mode=0644 $(CURDIR)/debian/apg.conf $(CURDIR)/debian/apg/etc/apg.conf - -# bug #284231 -unpatch: deapply-dpatches diff -Nru apg-2.2.3.dfsg.1/debian/source/format apg-2.2.3.dfsg.1/debian/source/format --- apg-2.2.3.dfsg.1/debian/source/format 1970-01-01 00:00:00.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/source/format 2017-10-01 22:19:40.000000000 +0000 @@ -0,0 +1 @@ +3.0 (quilt) diff -Nru apg-2.2.3.dfsg.1/debian/watch apg-2.2.3.dfsg.1/debian/watch --- apg-2.2.3.dfsg.1/debian/watch 2022-11-26 02:02:10.000000000 +0000 +++ apg-2.2.3.dfsg.1/debian/watch 2017-10-01 22:19:40.000000000 +0000 @@ -1,3 +1,3 @@ version=2 - +opts=dversionmangle=s/\.dfsg.[0-9]*// \ http://www.adel.nursat.kz/apg/download.shtml download/apg-([^b]+)\.tar\.gz debian