[solar@openwall.com: Re: Upload of john 1.7 to experimental]
Javier Fernández-Sanguino Peña
jfs at computer.org
Mon Feb 20 16:55:49 UTC 2006
Sd messages don't go through...
----- Forwarded message from Solar Designer <solar at openwall.com> -----
From: Solar Designer <solar at openwall.com>
Date: Mon, 20 Feb 2006 02:56:16 +0300
To: pkg-john-devel at lists.alioth.debian.org
Cc: jfs at computer.org
Subject: Re: Upload of john 1.7 to experimental
User-Agent: Mutt/1.4.2.1i
On Sun, Feb 19, 2006 at 02:17:18PM +0100, Javier Fern?ndez-Sanguino Pe?a wrote:
> > > Hi guys, I know I've not been active with John for a while so, to make
> > > ammends, I have uploaded a working version of 1.7 to experimental based on
> > > the latest John packages in unstable. This version uses the new 'system-wide'
> > > functions of John and patches have been reduced.
> On Fri, Feb 17, 2006 at 11:34:52PM +0300, Solar Designer wrote:
> > Where can I have a look at it? (I am not a Debian user.)
>
> It's available at ftp://ftp.debian.org/debian/pool/main/j/john/
> and mirrors worlwide.
Thanks. I just had a look. To me, this looks like a lot of questionable
stuff added on top of John 1.7. Surely, I would advice Debian users to
use the official 1.7 release instead of the Debian package to avoid any
confusion with the cron jobs, etc.
I'll comment on a few specific things, though:
+if grep -q '^flags.* mmx' /proc/cpuinfo; then
+ exec -a $MYNAME /usr/lib/john/john-mmx $*
+else
+ exec -a $MYNAME /usr/lib/john/john-any $*
+fi
I think this wrapper should be dropped in favor of the runtime fallback
feature that John 1.7 implements itself. For an example of that feature
in use, see:
http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/john/john.spec?rev=HEAD
+-linux-alpha:
++linux-alpha: alpha.h
+-linux-alpha-ccc:
++linux-alpha-ccc: alpha.h
I don't think there's any need for that, and for doing it for alpha only.
+++ john-1.7/debian/patches/amd64.diff
What are these changes for? If something didn't build otherwise or if
there were compiler warnings, I'd appreciate a proper bug report.
Otherwise, please drop this patch.
+ Q: Where do I get wordlists for use with John?
+ A: http://www.openwall.com/wordlists/
++A: You can also find some at:
++ ftp://ftp.zedz.net/pub/crypto/wordlists/
++ ftp://ftp.cerias.purdue.edu/pub/dict/
++ ftp://ftp.ox.ac.uk/pub/wordlists/
This is up to you, but I intentionally did not include those references
in the official FAQ, and that's not only to bump up my CD sales. ;-)
The Openwall wordlists collection - including the free downloadable
version - includes _all_ of the wordlists found in the ox.ac.uk
collection (and a lot more) rolled into the processed wordlist files.
zedz.net and the CERIAS archive are just copies of the ox.ac.uk
collection (I think zedz had the files uncompressed, though).
+++ john-1.7/debian/patches/amd64.diff.old
Drop it?
+++ john-1.7/debian/man/john.8
This man page is a little bit oudated. Some options have been renamed
(e.g., 1.7 uses --wordlist instead of --wordfile) and the GNU-style
syntax is now preferred (--option=VALUE instead of -option:VALUE).
Also, I suggest that you obfuscate all e-mail addresses in man pages.
This stuff gets on the web, attracting more spam to people. s/@/ at /
for e-mail addresses would do for now. That's what we're doing in Owl.
Does the Debian policy permit that? I hope so; if not, it needs to be
fixed.
+++ john-1.7/debian/docs
This does not list all of the docs. In particular, it misses CHANGES
and CONTACT. I understand that you may want to omit INSTALL and LICENSE.
+# TODO add support for other architectures, like amd64
Yes, this should be done, and also the MMX build with runtime fallback
should be done on i386.
> > > I have tested it only
> > > minimally (against local files) and some things need to be fixed (MMX
> > > binaries for i386 will not compile).
> >
> > Is this something I could help with? I'd be interested in seeing the
> > compiler error messages you're getting.
>
> I haven't investigated it yet, it seems related to the patches in the Debian
> package (because the unpatched sources build fine) so I still have check out
> what happened. I will keep you guys informed.
I've just tried building for linux-x86-mmx with the Debian patches
applied - and the package built, albeit with one added warning (because
of a bug in a Debian patch). But I did that on an Owl system.
Thanks again,
--
/sd
----- End forwarded message -----
More information about the Pkg-john-devel
mailing list