Initial import #221759.

(Portage version: 2.2_pre5.spank.spunk)
author: Mike Frysinger <vapier@gentoo.org> 2008-05-31 09:47:51 +0000
committer: Mike Frysinger <vapier@gentoo.org> 2008-05-31 09:47:51 +0000
commit: 6b7a37f0870be539e7512f9b103446a0b6c9e874 (patch)
tree: 35f06202e11e4598187fa3ded51b0541cd926893 /net-misc/openssh-blacklist
parent: New version for GNOME-2.22.2. Fix build with LINGUAS and parallel build. (diff)
download: gentoo-2-6b7a37f0870be539e7512f9b103446a0b6c9e874.tar.gz
gentoo-2-6b7a37f0870be539e7512f9b103446a0b6c9e874.tar.bz2
gentoo-2-6b7a37f0870be539e7512f9b103446a0b6c9e874.zip
5 files changed, 309 insertions, 0 deletions
diff --git a/net-misc/openssh-blacklist/ChangeLog b/net-misc/openssh-blacklist/ChangeLog
new file mode 100644
index 000000000000..0a85296bd4c1
--- /dev/null
+++ b/net-misc/openssh-blacklist/ChangeLog
@@ -0,0 +1,9 @@
+# ChangeLog for net-misc/openssh-blacklist
+# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh-blacklist/ChangeLog,v 1.1 2008/05/31 09:47:51 vapier Exp $
+
+*openssh-blacklist-0.4.1 (31 May 2008)
+
+  31 May 2008; Mike Frysinger <vapier@gentoo.org> +files/blacklist-encode.c,
+  +metadata.xml, +openssh-blacklist-0.4.1.ebuild:
+  Initial import #221759.
diff --git a/net-misc/openssh-blacklist/Manifest b/net-misc/openssh-blacklist/Manifest
new file mode 100644
index 000000000000..b02541ad1cd3
--- /dev/null
+++ b/net-misc/openssh-blacklist/Manifest
@@ -0,0 +1,5 @@
+AUX blacklist-encode.c 6532 RMD160 9f1e7bc4266cacf29ab1cbeeb1b521d0c9f8ff54 SHA1 b9937f42a28388993f957624c6bcf3436bfb339e SHA256 a16b03ad275150116e88c31bcc0b119cbe5705c50af8c140b14c2aefadf0a185
+DIST openssh-blacklist_0.4.1.tar.gz 7519666 RMD160 a3566915763f317524d078d71b56b68101cde95a SHA1 0170885d95764ebbb1bf8c34837c39e1367970b9 SHA256 5add49d4d2118a224c04c3b0c72c20b216e3d2035c1acc4cec39de2a804c2c09
+EBUILD openssh-blacklist-0.4.1.ebuild 929 RMD160 2e7ebcced05b215342f0ad57b35a9a17c49533e0 SHA1 bf41c48a73ea0be6e0a3edcb67473da704fb25aa SHA256 14924d7da9c2e4f028fa01f20f8ae2c106002af21fac091a69894e7f32f3a359
+MISC ChangeLog 410 RMD160 0027cff6983f80fc6b56164b8b434bcb70526c18 SHA1 3ff38200b7507ea021076128571dbcc447d0716c SHA256 a204077a7a02a8af48f6bb5466c44ea26fd41b66629ecb3740eb72dd7618aaa2
+MISC metadata.xml 164 RMD160 f43cbec30b7074319087c9acffdb9354b17b0db3 SHA1 9c213f5803676c56439df3716be07d6692588856 SHA256 f5f2891f2a4791cd31350bb2bb572131ad7235cd0eeb124c9912c187ac10ce92
diff --git a/net-misc/openssh-blacklist/files/blacklist-encode.c b/net-misc/openssh-blacklist/files/blacklist-encode.c
new file mode 100644
index 000000000000..717c3e6575ff
--- /dev/null
+++ b/net-misc/openssh-blacklist/files/blacklist-encode.c
@@ -0,0 +1,249 @@
+/*
+ * The blacklist encoder for RSA/DSA key blacklisting based on partial
+ * fingerprints,
+ * developed under Openwall Project for Owl - http://www.openwall.com/Owl/
+ *
+ * Copyright (c) 2008 Dmitry V. Levin <ldv at cvs.openwall.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * The blacklist encoding was designed by Solar Designer and Dmitry V. Levin.
+ * No intellectual property rights to the encoding scheme are claimed.
+ *
+ * This effort was supported by CivicActions - http://www.civicactions.com
+ *
+ * The file size to encode 294,903 of 48-bit fingerprints is just 1.3 MB,
+ * which corresponds to less than 4.5 bytes per fingerprint.
+ */
+
+#ifndef _GNU_SOURCE
+# define _GNU_SOURCE
+#endif
+
+#include <string.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <errno.h>
+#include <error.h>
+#include <limits.h>
+
+static void *
+xmalloc(size_t size)
+{
+	void   *r = malloc(size);
+
+	if (!r)
+		error(EXIT_FAILURE, errno, "malloc: allocating %lu bytes",
+		      (unsigned long) size);
+	return r;
+}
+
+static void *
+xcalloc(size_t nmemb, size_t size)
+{
+	void   *r = calloc(nmemb, size);
+
+	if (!r)
+		error(EXIT_FAILURE, errno, "calloc: allocating %lu*%lu bytes",
+		      (unsigned long) nmemb, (unsigned long) size);
+	return r;
+}
+
+static void *
+xrealloc(void *ptr, size_t nmemb, size_t elem_size)
+{
+	if (nmemb && ULONG_MAX / nmemb < elem_size)
+		error(EXIT_FAILURE, 0, "realloc: nmemb*size > ULONG_MAX");
+
+	size_t  size = nmemb * elem_size;
+	void   *r = realloc(ptr, size);
+
+	if (!r)
+		error(EXIT_FAILURE, errno,
+		      "realloc: allocating %lu*%lu bytes",
+		      (unsigned long) nmemb, (unsigned long) elem_size);
+	return r;
+}
+
+static char *
+xstrdup(const char *s)
+{
+	size_t  len = strlen(s);
+	char   *r = xmalloc(len + 1);
+
+	memcpy(r, s, len + 1);
+	return r;
+}
+
+static unsigned
+c2u(uint8_t c)
+{
+	return (c >= 'a') ? (c - 'a' + 10) : (c - '0');
+}
+
+static char **records = NULL;
+static unsigned records_count = 0;
+
+static int
+comparator(const void *p1, const void *p2)
+{
+	return strcmp(*(char *const *) p1, *(char *const *) p2);
+}
+
+static void
+read_stream(FILE *fp, unsigned bytes)
+{
+	char   *line = NULL;
+	unsigned size = 0, allocated = 0, len = bytes * 2;
+	int     n;
+
+	while ((n = getline(&line, &size, fp)) >= 0)
+	{
+		if (n > 0 && line[n - 1] == '\n')
+			line[--n] = '\0';
+		if (n < len || strspn(line, "0123456789abcdef") < n)
+			continue;	/* ignore short or invalid lines */
+		line[len] = '\0';
+
+		if (!records)
+			records = xcalloc(allocated = 1024, sizeof(*records));
+		if (records_count >= allocated)
+			records = xrealloc(records, allocated *= 2,
+					   sizeof(*records));
+		records[records_count++] = xstrdup(line);
+	}
+	free(line);
+	records = xrealloc(records, records_count, sizeof(*records));
+	if (records_count >= (1U << 24))
+		error(EXIT_FAILURE, 0, "too many records: %u", records_count);
+
+	qsort(records, records_count, sizeof(*records), comparator);
+}
+
+static void
+print_uint8(FILE *fp, uint8_t v)
+{
+	fprintf(fp, "%c", v);
+}
+
+static void
+print_uint16(FILE *fp, uint16_t v)
+{
+	fprintf(fp, "%c%c", v >> 8, v & 0xff);
+}
+
+static void
+print_uint24(FILE *fp, uint32_t v)
+{
+	fprintf(fp, "%c%c%c", (v >> 16) & 0xff, (v >> 8) & 0xff, v & 0xff);
+}
+
+int
+main(int ac, const char **av)
+{
+	unsigned count, i, record_bytes, first_index = 0, prev_index = 0;
+	int     min_offset, max_offset;
+	int    *offsets;
+
+	if (ac < 2)
+		error(EXIT_FAILURE, 0, "insufficient arguments");
+	if (ac > 2)
+		error(EXIT_FAILURE, 0, "too many arguments");
+	record_bytes = atoi(av[1]);
+	if (record_bytes < 6 || record_bytes > 16)
+		error(EXIT_FAILURE, 0, "fingerprint size out of bounds");
+
+	read_stream(stdin, record_bytes);
+
+	/* initialize global records offset table */
+	offsets = xcalloc(65536, sizeof(*offsets));
+	for (count = 0; count < records_count; ++count, prev_index = i)
+	{
+		const char *r = records[count];
+
+		i = (((((c2u(r[0]) << 4) + c2u(r[1])) << 4) +
+		      c2u(r[2])) << 4) + c2u(r[3]);
+		if (count == 0)
+			first_index = i;
+		else if (i == prev_index)
+			continue;
+		offsets[i] = count;
+	}
+
+	/* set offsets for indices without records */
+	if (offsets[65536 - 1] == 0)
+		offsets[65536 - 1] = records_count;
+	for (i = 65536 - 2; i > first_index; --i)
+		if (offsets[i] == 0)
+			offsets[i] = offsets[i + 1];
+
+	/* make global records offset table relative to
+	   expected position assuming uniform distribution. */
+	for (i = 0, min_offset = 0, max_offset = 0; i < 65536; ++i)
+	{
+		offsets[i] -= (i * (unsigned long long) records_count) >> 16;
+		if (offsets[i] < min_offset)
+			min_offset = offsets[i];
+		if (offsets[i] > max_offset)
+			max_offset = offsets[i];
+	}
+	min_offset = -min_offset;
+	if (min_offset < 0)
+		error(EXIT_FAILURE, 0,
+		      "invalid offset shift: %d", min_offset);
+	for (i = 0; i < 65536; ++i)
+	{
+		offsets[i] += min_offset;
+		if (offsets[i] < 0 || offsets[i] >= 65536)
+			error(EXIT_FAILURE, 0,
+			      "offset overflow for index %#x: %d",
+			      i, offsets[i]);
+	}
+	max_offset += min_offset;
+
+	/* Header, 16 bytes */
+
+	/* format version identifier */
+	printf("SSH-FP00");
+	/* index size, in bits */
+	print_uint8(stdout, 16);
+	/* offset size, in bits */
+	print_uint8(stdout, 16);
+	/* record size, in bits */
+	print_uint8(stdout, record_bytes * 8);
+	/* records count */
+	print_uint24(stdout, records_count);
+	/* offset shift */
+	print_uint16(stdout, min_offset);
+	fprintf(stderr, "records=%u, offset shift=%d, max offset=%d\n",
+		records_count, min_offset, max_offset);
+
+	/* Index, 65536 * 2 bytes */
+	for (i = 0; i < 65536; ++i)
+		print_uint16(stdout, offsets[i]);
+
+	/* Fingerprints, records_count * (record_bytes-2) bytes */
+	for (count = 0; count < records_count; ++count)
+	{
+		const char *r = records[count] + 4;
+
+		for (i = 0; i < record_bytes - 2; ++i)
+			print_uint8(stdout,
+				    c2u(r[i * 2]) * 16 + c2u(r[i * 2 + 1]));
+	}
+
+	if (fclose(stdout))
+		error(EXIT_FAILURE, errno, "stdout");
+	return 0;
+}
diff --git a/net-misc/openssh-blacklist/metadata.xml b/net-misc/openssh-blacklist/metadata.xml
new file mode 100644
index 000000000000..96a2d586367d
--- /dev/null
+++ b/net-misc/openssh-blacklist/metadata.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<herd>base-system</herd>
+</pkgmetadata>
diff --git a/net-misc/openssh-blacklist/openssh-blacklist-0.4.1.ebuild b/net-misc/openssh-blacklist/openssh-blacklist-0.4.1.ebuild
new file mode 100644
index 000000000000..48ce6920854d
--- /dev/null
+++ b/net-misc/openssh-blacklist/openssh-blacklist-0.4.1.ebuild
@@ -0,0 +1,41 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/openssh-blacklist/openssh-blacklist-0.4.1.ebuild,v 1.1 2008/05/31 09:47:51 vapier Exp $
+
+inherit toolchain-funcs
+
+DESCRIPTION="Source files of vuln Debian keys"
+HOMEPAGE="http://packages.qa.debian.org/o/openssh-blacklist.html"
+SRC_URI="mirror://debian/pool/main/${PN:0:1}/${PN}/${PN}_${PV}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE=""
+
+DEPEND=""
+
+maint_pkg_create() {
+	wget http://cvsweb.openwall.com/cgi/cvsweb.cgi/~checkout~/Owl/packages/openssh/blacklist-encode.c -O "${FILESDIR}"/blacklist-encode.c
+}
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	cp "${FILESDIR}"/blacklist-encode.c . || die
+}
+
+src_compile() {
+	emake \
+		CC="$(tc-getBUILD_CC)" \
+		CFLAGS="${BUILD_CFLAGS}" \
+		CPPFLAGS="${BUILD_CPPFLAGS}" \
+		LDFLAGS="${BUILD_LDFLAGS}" \
+		blacklist-encode || die
+	cat [DR]SA-* | ./blacklist-encode 6 > blacklist
+}
+
+src_install() {
+	insinto /etc/ssh
+	doins blacklist || die
+}
author	Mike Frysinger <vapier@gentoo.org>	2008-05-31 09:47:51 +0000
committer	Mike Frysinger <vapier@gentoo.org>	2008-05-31 09:47:51 +0000
commit	6b7a37f0870be539e7512f9b103446a0b6c9e874 (patch)
tree	35f06202e11e4598187fa3ded51b0541cd926893 /net-misc/openssh-blacklist
parent	New version for GNOME-2.22.2. Fix build with LINGUAS and parallel build. (diff)
download	gentoo-2-6b7a37f0870be539e7512f9b103446a0b6c9e874.tar.gz gentoo-2-6b7a37f0870be539e7512f9b103446a0b6c9e874.tar.bz2 gentoo-2-6b7a37f0870be539e7512f9b103446a0b6c9e874.zip