Bug#606922: closed by Colin Watson <cjwatson@debian.org> (Re: Bug#606922: jpake not enabled in sid)
tag 606922 patch
thanks
On Fri, Dec 17, 2010 at 12:53 AM, Russ Allbery wrote:
> Michael Gilbert <michael.s.gilbert@gmail.com> writes:
>
>> I apologize ahead of time for the bts ping pong, but according to the
>> build log (which is where I checked for my original bug report) jpake
>> is indeed built.
>
>> $ debuild | grep jpake
>
> jpake.c is run through the compiler, but the entire file is stubbed out if
> the preprocessor define JPAKE is not enabled, and I don't see anything in
> the build system that would set this. From the upstream ChangeLog (note
> the last bit):
This appears to be true, but I would be more comfortable if the object
code were explicitly not built and thus 100% known to not be used or
available in any of the libs.
Attached is a patch that does that.
Mike
diff -Nru openssh-5.5p1/debian/changelog openssh-5.5p1/debian/changelog
--- openssh-5.5p1/debian/changelog 2010-08-23 17:59:04.000000000 -0400
+++ openssh-5.5p1/debian/changelog 2010-12-17 02:09:14.000000000 -0500
@@ -1,3 +1,9 @@
+openssh (1:5.5p1-5local1) unstable; urgency=low
+
+ * Don't build JPAKE object code (closes: #606922).
+
+ -- Michael Gilbert <michael.s.gilbert@gmail.com> Fri, 17 Dec 2010 02:08:49 -0500
+
openssh (1:5.5p1-5) unstable; urgency=low
* Use an architecture wildcard for libselinux1-dev (closes: #591740).
diff -Nru openssh-5.5p1/debian/patches/disable-jpake.patch openssh-5.5p1/debian/patches/disable-jpake.patch
--- openssh-5.5p1/debian/patches/disable-jpake.patch 1969-12-31 19:00:00.000000000 -0500
+++ openssh-5.5p1/debian/patches/disable-jpake.patch 2010-12-17 02:11:00.000000000 -0500
@@ -0,0 +1,23 @@
+Description: Don't build JPAKE object code (closes: #606922).
+Author: Michael Gilbert <michael.s.gilbert@gmail.com>
+Bug-Debian: http://bugs.debian.org/606922
+--- openssh-5.5p1.orig/Makefile.in
++++ openssh-5.5p1/Makefile.in
+@@ -75,7 +75,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
+ atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
+ monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
+ kexgex.o kexdhc.o kexgexc.o msg.o progressmeter.o dns.o \
+- entropy.o gss-genr.o umac.o jpake.o schnorr.o \
++ entropy.o gss-genr.o umac.o schnorr.o \
+ ssh-pkcs11.o kexgssc.o
+
+ SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
+@@ -87,7 +87,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
+ auth.o auth1.o auth2.o auth-options.o session.o \
+ auth-chall.o auth2-chall.o groupaccess.o \
+ auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
+- auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-jpake.o \
++ auth2-none.o auth2-passwd.o auth2-pubkey.o \
+ monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o \
+ auth-krb5.o \
+ auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o\
diff -Nru openssh-5.5p1/debian/patches/series openssh-5.5p1/debian/patches/series
--- openssh-5.5p1/debian/patches/series 2010-04-16 05:19:27.000000000 -0400
+++ openssh-5.5p1/debian/patches/series 2010-12-17 02:10:28.000000000 -0500
@@ -42,3 +42,4 @@
# Debian-specific configuration
gnome-ssh-askpass2-icon.patch
debian-config.patch
+disable-jpake.patch
Reply to: