Accepting request 205118 from security

- Use the generic target for m68k - update to 1.8.0: + Revised the incremental mode to let the current character counts grow for each character position independently, with the aim to improve efficiency in terms of successful guesses per candidate passwords tested. + Revised the pre-defined incremental modes, as well as external mode filters that are used to generate .chr files. + Added makechr, a script to (re-)generate .chr files. + Enhanced the status reporting to include four distinct speed metrics (g/s, p/s, c/s, and C/s). + Added the "--fork=N" and "--node=MIN[-MAX]/TOTAL" options for trivial parallel and distributed processing. + In the external mode compiler, treat character literals as unsigned. + Renamed many of the formats. + Updated the documentation. + Relaxed the license for many source files to cut-down BSD. + Relaxed the license for John the Ripper as a whole from GPLv2 (exact version) to GPLv2 or newer with optional OpenSSL and unRAR exceptions. + Assorted other changes have been made. - add simple man pages for relbench and mailer scripts - disable jumbo patch for now until a version for 1.8.0 is out OBS-URL: https://build.opensuse.org/request/show/205118 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/john?expand=0&rev=23
2013-10-30 14:37:36 +00:00 · 2013-10-30 14:37:36 +00:00 · 102bab2e8c
commit 102bab2e8c
parent 0edd7e37a7 89ec81c5cd
11 changed files with 692047 additions and 36 deletions
--- a/john-1.7.9-jumbo-7.tar.bz2
+++ b/john-1.7.9-jumbo-7.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fa7e5a1a31e61d516a97318fac27758ca40b1a626f4dbf353ecece8a41f54d32
-size 1595514
--- a/john-1.7.9-jumbo-7.tar.bz2.sign
+++ b/john-1.7.9-jumbo-7.tar.bz2.sign
@ -1,10 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.10 (GNU/Linux)
-Comment: http://www.openwall.com/signatures/
-
-iQCVAwUAUFs5Y3K5fbEpUCnxAQLmvwP8CN8NBfzF+8cMVfFb0i630IuHiijE7NAZ
-RAbvL1Vyn9uBfuZJ+tKIpsvxwUqeopOygKZip1imQdxKbwKduziLf9qE76ufT+BN
-h8ZRMDmhgJ/0aFk/gb5a3kkgyD/eHI9q9h+KB4yYXwxPqF0tEq1aSLZOLAMqMqzn
-xF8aXLEir/A=
-=DE4E
-----END PGP SIGNATURE-----
--- a/john-1.7.9.tar.bz2
+++ b/john-1.7.9.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1d40083e37a7bc1ba1177651cbb27898dcf2a812b8ccf1430db0c372ac6dc199
-size 717505
--- a/john-1.7.9.tar.bz2.sign
+++ b/john-1.7.9.tar.bz2.sign
@ -1,10 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.10 (GNU/Linux)
-Comment: http://www.openwall.com/signatures/
-
-iQCVAwUATszbSHK5fbEpUCnxAQL82gP9FIpG9doN7BHXG118pmH5jCeGBKtHr67h
-R4jCNFU5obOd2bzXuFkoGCjCjzHlSGZcqRtlhLLtaheGfH7IYfUoDsqnSlYhVolL
-VPiPL+j/8KcmOWeqjURM/4xKEgDKoVoNg8C6x9lhaTtDvK3o/poGTavVCpNtvhQc
-FNV+H5b0QKE=
-=hDv+
-----END PGP SIGNATURE-----
--- a/john-1.8.0.tar.xz
+++ b/john-1.8.0.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:952cf68369fb5b27f2d112ce7ca1eb16b975c85cbce8c658abb8bc5a20e1b266
+size 4468704
--- a/john-1.8.0.tar.xz.sign
+++ b/john-1.8.0.tar.xz.sign
@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.13 (GNU/Linux)
+Comment: http://www.openwall.com/signatures/
+
+iQCVAwUAUabVcHK5fbEpUCnxAQKnHwP+ObhRe4Bv0pUzL8ZFGIRzXxdVnFpQvhLs
+luQYjDFwFtc2i7XKkfC80/eLUBfQAnUW1pvmroSdooUi9zx4LIZi/nE2z4035hAD
+ZBQZ+gYw8ETS4UhY/SU3/mOQmep5G4xgXBjgtEV1LGCkSiuQSLfPEXk6hiTOaY7X
+IXJDXhcyZBk=
+=EgdW
+-----END PGP SIGNATURE-----
--- a/john.changes
+++ b/john.changes
@ -1,3 +1,34 @@
+-------------------------------------------------------------------
+Mon Oct 28 13:23:53 UTC 2013 - schwab@suse.de
+
+- Use the generic target for m68k
+
+-------------------------------------------------------------------
+Wed Oct  9 16:00:16 UTC 2013 - lars@linux-schulserver.de
+
+- update to 1.8.0:
+  + Revised the incremental mode to let the current character counts 
+    grow for each character position independently, with the aim to 
+    improve efficiency in terms of successful guesses per candidate 
+    passwords tested.
+  + Revised the pre-defined incremental modes, as well as external
+    mode filters that are used to generate .chr files.
+  + Added makechr, a script to (re-)generate .chr files.
+  + Enhanced the status reporting to include four distinct speed 
+    metrics (g/s, p/s, c/s, and C/s).
+  + Added the "--fork=N" and "--node=MIN[-MAX]/TOTAL" options for 
+    trivial parallel and distributed processing.
+  + In the external mode compiler, treat character literals as unsigned.
+  + Renamed many of the formats.
+  + Updated the documentation.
+  + Relaxed the license for many source files to cut-down BSD.
+  + Relaxed the license for John the Ripper as a whole from GPLv2 
+    (exact version) to GPLv2 or newer with optional OpenSSL and 
+    unRAR exceptions.
+  + Assorted other changes have been made.
+- add simple man pages for relbench and mailer scripts
+- disable jumbo patch for now until a version for 1.8.0 is out
+
 -------------------------------------------------------------------
 Sun Mar 17 20:20:13 UTC 2013 - schwab@suse.de

--- a/john.keyring
+++ b/john.keyring
--- a/john.spec
+++ b/john.spec
@ -17,18 +17,21 @@


 Name:           john
-Version:        1.7.9
+Version:        1.8.0
 Release:        0
 Summary:        Detects Weak Passwords
 License:        GPL-2.0+
 Group:          Productivity/Security
 Url:            http://www.openwall.com/john/
-Source:         http://www.openwall.com/john/g/%{name}-%{version}.tar.bz2
-Source1:        http://www.openwall.com/john/g/%{name}-%{version}.tar.bz2.sign
+Source:         http://www.openwall.com/john/j/%{name}-%{version}.tar.xz
+Source1:        http://www.openwall.com/john/j/%{name}-%{version}.tar.xz.sign
 Source2:        %{name}.8.gz
 Source3:        %{name}-rpmlintrc
-Source4:        http://www.openwall.com/john/g/%{name}-%{version}-jumbo-7.tar.bz2
-Source5:        http://www.openwall.com/john/g/%{name}-%{version}-jumbo-7.tar.bz2.sign
+Source4:        %{name}.keyring
+# Source4:        http://www.openwall.com/john/g/%{name}-%{version}-jumbo-7.tar.bz2
+# Source5:        http://www.openwall.com/john/g/%{name}-%{version}-jumbo-7.tar.bz2.sign
+Source6:        mailer.8
+Source7:        relbench.8
 BuildRequires:  openssl-devel
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %define         johndir /var/lib/john
@ -44,8 +47,6 @@ number of other hash types are supported as well.

 %prep
 %setup -q
-# apply the jumbo patch
-gzip -dc %{SOURCE4} | patch -p1
 # adapt the configs
 perl -pi -e "s#Wordlist = (.*)#Wordlist = %{johndir}/password.lst#g" $RPM_BUILD_DIR/%{name}-%{version}/run/john.conf
 perl -pi -e 's#^(\#define JOHN_SYSTEMWIDE_EXEC)\s.+$#$1\t\"%{johndir}\"#g' $RPM_BUILD_DIR/%{name}-%{version}/src/params.h
@ -82,7 +83,7 @@ perl -pi -e 's#^(\#define JOHN_SYSTEMWIDE_HOME)\s.+$#$1\t\"%{johndir}\"#g' $RPM_
 %ifarch x86_64
 		TARGET=linux-x86-64
 %endif
-%ifarch %arm aarch64
+%ifarch %arm aarch64 m68k
 		TARGET=generic
 %endif
 %ifarch %ix86
@ -108,11 +109,14 @@ install -m755 run/relbench %{buildroot}%{_bindir}/
 install -m 644 -p run/{password.lst,*.chr} %{buildroot}%johndir/
 install -m 644 -p run/john.conf %{buildroot}%{_sysconfdir}/
 install -m 755 -p run/mailer %{buildroot}%{_bindir}/
-install -m 644 -p %{SOURCE2} %{buildroot}%{_mandir}/man8/
 # handle documentation - makes rpmlint happy
 mkdir -p %{buildroot}%{_defaultdocdir}/%{name}
 cp doc/* %{buildroot}%{_defaultdocdir}/%{name}/
 rm %{buildroot}%{_defaultdocdir}/%{name}/INSTALL
+# install man pages
+install -m 644 -p %{SOURCE2} %{buildroot}%{_mandir}/man8/
+install -Dm644 %{SOURCE6} %{buildroot}%{_mandir}/man8/mailer.8
+install -Dm644 %{SOURCE7} %{buildroot}%{_mandir}/man8/relbench.8

 %clean
 rm -rf %{buildroot}
@ -120,7 +124,9 @@ rm -rf %{buildroot}
 %files
 %defattr(-,root,root)
 %doc %{_defaultdocdir}/%{name}/
-%doc %{_mandir}/man8/john.8.gz
+%doc %{_mandir}/man8/john.8*
+%doc %{_mandir}/man8/mailer.8*
+%doc %{_mandir}/man8/relbench.8*
 %{_bindir}/un*
 %{_bindir}/relbench
 %dir %{johndir}
--- a/mailer.8
+++ b/mailer.8
@ -0,0 +1,41 @@
+.TH mailer "8" "October 2013" "Lars Vogdt" "John"
+.SH NAME
+Mailer \- notify users about crackable passwords
+
+.SH SYNOPSIS
+.B mailer <password-file>
+.br
+
+.SH DESCRIPTION
+.B mailer
+is a script to send mail to all users whose passwords got cracked.
+This is not always a good idea, though, since lots of people do not
+check their e-mail or ignore such messages, and the messages can be a
+hint for crackers.
+
+You should probably deploy proactive password strength checking, such as
+with passwdqc, before you ask users to change their passwords - whether
+using this script or otherwise.  And you should edit the message inside
+the script before possibly using it.
+
+ Copyright (c) 1996-98 by Solar Designer
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted.
+# There's ABSOLUTELY NO WARRANTY, express or implied.
+# (This is a heavily cut-down "BSD license".)
+#
+
+.SH OPTIONS
+.TP
+\fBpassword-file\fR
+The file containing all the passwords (for example /etc/shadow on modern 
+Linux systems.
+.SH FILES
+.TP
+.IP /usr/sbin/mailer
+.SH AUTHOR
+John the Ripper password cracker is free and Open Source software. 
+Copyright (c) 1996-98 by Solar Designer.
+
+This manual page was written by Lars Vogdt for the openSUSE operating system 
+(but it may be freely used, modified, and redistributed by others).
--- a/relbench.8
+++ b/relbench.8
@ -0,0 +1,49 @@
+.TH relbench "8" "October 2013" "Lars Vogdt" "John"
+.SH NAME
+relbench \- John the Ripper benchmark output comparison tool
+
+.SH SYNOPSIS
+.B relbench <BENCHMARK-FILE-1> <BENCHMARK-FILE-2>
+.br
+
+.SH DESCRIPTION
+.B relbench
+is a Perl script to compare two "john --test" benchmark runs, such as for
+different machines, "make" targets, C compilers, optimization options, or/and
+versions of John the Ripper.
+
+To use it, redirect the output of each "john --test" run to a file, then run the
+script on the two files.  
+
+Most values output by the script indicate relative performance seen on the
+second benchmark run as compared to the first one, with the value of 1.0
+indicating no change, values higher than 1.0 indicating speedup, and values
+lower than 1.0 indicating slowdown.  Specifically, the script outputs the
+minimum, maximum, median, and geometric mean for the speedup (or slowdown) seen
+across the many individual benchmarks that "john --test" performs.  
+
+It also outputs the median absolute deviation (relative to the median) and
+geometric standard deviation (relative to the geometric mean).  Of these two, a
+median absolute deviation of 0.0 would indicate that no deviation from the
+median is prevalent, whereas a geometric standard deviation of 1.0 would
+indicate that all benchmarks were sped up or slowed down by the exact same
+ratio or their speed remained unchanged.  
+
+In practice, these values will tend to deviate from 0.0 and 1.0, respectively.
+.SH OPTIONS
+.TP
+\fBBENCHMARK-FILE-1\fR
+File containing benchmark results from the first test run via \fBjohn \-\-test\fR.
+.TP
+\fBBENCHMARK-FILE-2\fR
+File containing benchmark results from the second test run via \fBjohn \-\-test\fR.
+
+.SH FILES
+.TP
+.IP /usr/sbin/relbench
+.SH AUTHOR
+John the Ripper password cracker is free and Open Source software. 
+Copyright (c) 2011 by Solar Designer.
+
+This manual page was written by Lars Vogdt for the openSUSE operating system 
+(but it may be freely used, modified, and redistributed by others).