]> eyrie.org Git - kerberos/krb5-strength.git/log
kerberos/krb5-strength.git
5 months agoUse new support for SPDX check exclusions main
Russ Allbery [Sun, 31 Dec 2023 00:55:21 +0000 (16:55 -0800)]
Use new support for SPDX check exclusions

Update the SPDX check and test configuration machinery from
rra-c-util and use the new support for excluding paths from SPDX
checks.

5 months agoUpdate util/xmalloc.c from rra-c-util
Russ Allbery [Sun, 31 Dec 2023 00:53:09 +0000 (16:53 -0800)]
Update util/xmalloc.c from rra-c-util

Fixes some additional formatting issues uncovered after krb5-strength
was released.

5 months agoRelease 3.3 release/3.3
Russ Allbery [Tue, 26 Dec 2023 02:32:01 +0000 (18:32 -0800)]
Release 3.3

Add portable/reallocarray to the list of tests.

5 months agoUpdate hash iterations in heimdal-history
Russ Allbery [Mon, 25 Dec 2023 23:12:29 +0000 (15:12 -0800)]
Update hash iterations in heimdal-history

Rebenchmark (admittedly not really on that newer of hardware) and
bump the hash iterations by about 10%.

5 months agoAdd NEWS entry for spec file
Russ Allbery [Mon, 25 Dec 2023 23:11:15 +0000 (15:11 -0800)]
Add NEWS entry for spec file

5 months agoAdd license statement to RPM spec file
Russ Allbery [Mon, 25 Dec 2023 23:04:29 +0000 (15:04 -0800)]
Add license statement to RPM spec file

5 months agoUpdate DocKnot configuration
Russ Allbery [Mon, 25 Dec 2023 23:00:57 +0000 (15:00 -0800)]
Update DocKnot configuration

Update the old DocKnot configuration to use the new YAML
configuration file instead of the old JSON syntax, and regenerate
the documentation.

5 months agoTweak RPM spec file
Russ Allbery [Mon, 25 Dec 2023 22:46:09 +0000 (14:46 -0800)]
Tweak RPM spec file

Update Perl dependencies for the history package and fix the
license metadata.

5 months agoMerge pull request #4 from dariaphoebe/main
Russ Allbery [Mon, 25 Dec 2023 22:42:29 +0000 (14:42 -0800)]
Merge pull request #4 from dariaphoebe/main

add a specfile for building on RPM platforms

5 months agoMerge pull request #5 from rra/dependabot/github_actions/actions/checkout-4
Russ Allbery [Mon, 25 Dec 2023 22:32:27 +0000 (14:32 -0800)]
Merge pull request #5 from rra/dependabot/github_actions/actions/checkout-4

Bump actions/checkout from 2 to 4

5 months agoBump actions/checkout from 2 to 4
dependabot[bot] [Mon, 25 Dec 2023 22:26:21 +0000 (22:26 +0000)]
Bump actions/checkout from 2 to 4

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
5 months agoMake xmalloc diagnostic suppression conditional
Russ Allbery [Mon, 25 Dec 2023 22:25:11 +0000 (14:25 -0800)]
Make xmalloc diagnostic suppression conditional

It looks like -Wuse-after-free was added in GCC 12, although it
doesn't appear in the changes. Make suppressing diagnostics about
it in util/xmalloc.c conditional on that version to avoid problems
on GitHub CI with an older GCC version.

5 months agoUpdate default GCC warning flags
Russ Allbery [Mon, 25 Dec 2023 22:24:45 +0000 (14:24 -0800)]
Update default GCC warning flags

Review changes to GCC warning flags between GCC 9.2 and 13.2 and
add some additional flags.

5 months agoFix branch name in GitHub CI configuration
Russ Allbery [Mon, 25 Dec 2023 21:42:29 +0000 (13:42 -0800)]
Fix branch name in GitHub CI configuration

Run checks on pull requests to main, rather than master.

5 months agoAdd dependabot configuration
Russ Allbery [Mon, 25 Dec 2023 21:42:06 +0000 (13:42 -0800)]
Add dependabot configuration

Tell dependabot to create PRs to update GitHub Actions.

5 months agoUpdate package installations for CI
Russ Allbery [Mon, 25 Dec 2023 21:40:29 +0000 (13:40 -0800)]
Update package installations for CI

Reflect the changed dependencies (add Const::Fast and JSON::MaybeXS,
remove Readonly and JSON).

5 months agoFix cppcheck errors
Russ Allbery [Mon, 25 Dec 2023 21:29:50 +0000 (13:29 -0800)]
Fix cppcheck errors

Fix a few legitimate cppcheck errors and suppress three new false
positives due to cppcheck apparently misparsing noreturn annotations.

5 months agoFix Kerberos warning flags
Russ Allbery [Mon, 25 Dec 2023 21:24:26 +0000 (13:24 -0800)]
Fix Kerberos warning flags

The update to rra-c-util changed the Makefile variable used to
enable warnings with Kerberos code. Fix the reference to match.

5 months agoAvoid Clang warnings in util/xmalloc.c
Russ Allbery [Mon, 25 Dec 2023 21:23:27 +0000 (13:23 -0800)]
Avoid Clang warnings in util/xmalloc.c

The preprocessor code to suppress false positive GCC warnings needs
to be wrapped in a conditional since Clang doesn't understand that
warning flag.

5 months agoFix make-c-data for Const::Fast
Russ Allbery [Mon, 25 Dec 2023 21:22:35 +0000 (13:22 -0800)]
Fix make-c-data for Const::Fast

The change from Readonly to Const::Fast broke make-c-data because
of how it was using a hash of flags. Use exists explicitly so that
it still works with a read-only hash.

5 months agoDisable Clang -Wunsafe-buffer-usage
Russ Allbery [Mon, 25 Dec 2023 21:21:27 +0000 (13:21 -0800)]
Disable Clang -Wunsafe-buffer-usage

This new warning flag is designed for C++ code where it is now
possible to never use raw C pointers to manipulate buffers.  C code
still requires this, so it should be disabled.

5 months agoExplicitly erase Heimdal password copy
Russ Allbery [Mon, 25 Dec 2023 21:04:06 +0000 (13:04 -0800)]
Explicitly erase Heimdal password copy

Explicitly erase the copy of the password made in the Heimdal
plugin before freeing memory.

5 months agoUpdate to rra-c-util 10.5
Russ Allbery [Mon, 25 Dec 2023 19:59:59 +0000 (11:59 -0800)]
Update to rra-c-util 10.5

* Assume a working snprintf rather than supplying a replacement.
* Fix detection of reallocarray on NetBSD.
* Check that Kerberos header files were found during configure.
* Use AS_ECHO in all Autoconf macros.
* Always use lib32 or lib64 if it exists, even on Debian.
* Fix rejection of unknown Clang warning flags.
* Disable -Wreserved-identifier for Clang warning builds.

Reformat and restructure Perl code for new perlcritic and perltidy
rules.

heimdal-history now requires the Perl modules Const::Fast and
JSON::MaybeXS instead of Readonly and JSON.

7 months agoadd a specfile for building on RPM platforms
Daria Phoebe Brashear [Wed, 15 Nov 2023 18:22:58 +0000 (13:22 -0500)]
add a specfile for building on RPM platforms

defaults to heimdal but will build with krb5 with --with-krb5

defaults to not building heimdal-history given not all redhat platforms
package all the needed rpms.

7 months agoMerge pull request #3 from dariaphoebe/master
Russ Allbery [Wed, 15 Nov 2023 17:18:08 +0000 (09:18 -0800)]
Merge pull request #3 from dariaphoebe/master

correct upstream contributor name

7 months agocorrect upstream contributor name
Daria Phoebe Brashear [Wed, 15 Nov 2023 17:14:37 +0000 (12:14 -0500)]
correct upstream contributor name

4 years agoStop installing sqlite for CI
Russ Allbery [Mon, 18 May 2020 01:15:57 +0000 (18:15 -0700)]
Stop installing sqlite for CI

This shouldn't be necessary.  All of the tools and tests use the
Perl DBI module or the C library.

4 years agoAdd new files to the distribution release/3.2
Russ Allbery [Sun, 17 May 2020 03:54:19 +0000 (20:54 -0700)]
Add new files to the distribution

4 years agoAdd NEWS entry for better AIX support
Russ Allbery [Sun, 17 May 2020 03:32:30 +0000 (20:32 -0700)]
Add NEWS entry for better AIX support

Refreshing rra-c-util brought in a replacement for the krb5_profile
functions on AIX where they're not part of the Kerberos library.

4 years agoRelease 3.2
Russ Allbery [Sun, 17 May 2020 03:29:39 +0000 (20:29 -0700)]
Release 3.2

4 years agoIncrease iterations for history hashing
Russ Allbery [Sun, 17 May 2020 02:41:15 +0000 (19:41 -0700)]
Increase iterations for history hashing

Increase hash iterations for heimdal-history by roughly a factor of
four to increase the time required for a password hash to about 0.1
seconds on modern hardware.  This will affect newly-stored history
entries but will not invalidate existing password history entries.

4 years agoAdd new --check-only option to heimdal-history
Russ Allbery [Sun, 17 May 2020 02:24:53 +0000 (19:24 -0700)]
Add new --check-only option to heimdal-history

Add new -c (--check-only) option to heimdal-history to check whether a
password would be accepted without updating the history or password
length databases.  Based on work by macrotex.

Closes #1

4 years agoRewrite and simplify CrackLib Autoconf macro
Russ Allbery [Sun, 17 May 2020 01:55:28 +0000 (18:55 -0700)]
Rewrite and simplify CrackLib Autoconf macro

Make use of the lib-helper.m4 framework and move the extra tests
we were doing in configure.ac into cracklib.m4.

4 years agoFix tests when built without CrackLib
Russ Allbery [Sun, 17 May 2020 01:55:04 +0000 (18:55 -0700)]
Fix tests when built without CrackLib

The count of skipped tests when compiled without CrackLib support
was off by one.

4 years agoRemove initializations older cppcheck doesn't like
Russ Allbery [Sun, 17 May 2020 01:02:25 +0000 (18:02 -0700)]
Remove initializations older cppcheck doesn't like

Current cppcheck is better about ignoring initializations that
don't matter, but the older version running on GitHub Actions
complaints.  Fix a couple of those initializations to fix tests.

4 years agoFix tests when built with system CrackLib
Russ Allbery [Sun, 17 May 2020 00:59:23 +0000 (17:59 -0700)]
Fix tests when built with system CrackLib

Skip tests that require the stronger rule configuration in the
embedded CrackLib when built against system CrackLib.  This avoids
test failures when built with system CrackLib.

4 years agoRe-add dropped make warnings in ci/test
Russ Allbery [Sun, 17 May 2020 00:01:47 +0000 (17:01 -0700)]
Re-add dropped make warnings in ci/test

It helps to actually build the code when testing it.

4 years agoModernize krb5-strength-wordlist slightly
Russ Allbery [Sat, 16 May 2020 23:59:02 +0000 (16:59 -0700)]
Modernize krb5-strength-wordlist slightly

krb5-strength-wordlist now requires Perl 5.010 or later.  This
allows use of autodie and say, which simplifies the code somewhat.

While updating the version requirements, note that this package
has not recently been tested with Heimdal versions older than 7.0.

4 years agoMove test-suite-only dependencies to TESTING
Russ Allbery [Sat, 16 May 2020 23:47:52 +0000 (16:47 -0700)]
Move test-suite-only dependencies to TESTING

In the README, move test-suite-only dependencies out of the main
REQUIREMENTS section to the TESTING section.

4 years agoUpdate documentation metadata and regenerate
Russ Allbery [Sat, 16 May 2020 23:43:16 +0000 (16:43 -0700)]
Update documentation metadata and regenerate

Pick up template changes from DocKnot 3.04.  Adds badges for
GitHub workflows and for the Debian package.

4 years agoEnable valgrind and cppcheck testing for CI
Russ Allbery [Sat, 16 May 2020 23:41:48 +0000 (16:41 -0700)]
Enable valgrind and cppcheck testing for CI

Run both MIT and Heimdal GCC tests under valgrind, and use the
MIT plus GCC build to run cppcheck.

4 years agoRework valgrind testing
Russ Allbery [Sat, 16 May 2020 23:40:36 +0000 (16:40 -0700)]
Rework valgrind testing

Rework the check-valgrind target to use the new C TAP Harness valgrind
support and automatically check the valgrind log files for errors at
the end of the test suite.

4 years agoAdd SPDX-License-Identifier headers
Russ Allbery [Sat, 16 May 2020 23:18:02 +0000 (16:18 -0700)]
Add SPDX-License-Identifier headers

Add SPDX-License-Identifier headers to all substantial source files
other than those in the bundled version of CrackLib.

4 years agoFix Clang warning when built with Heimdal
Russ Allbery [Sat, 16 May 2020 22:51:41 +0000 (15:51 -0700)]
Fix Clang warning when built with Heimdal

The symbol exposed by the Heimdal plugin needed a forward
declaration.

4 years agoAdd check-cppcheck target and fix errors
Russ Allbery [Sat, 16 May 2020 22:49:14 +0000 (15:49 -0700)]
Add check-cppcheck target and fix errors

Add a check-cppcheck target for running cppcheck on all of the
code, and fix the errors it found.

4 years agoUse explicit_bzero to overwrite passwords
Russ Allbery [Sat, 16 May 2020 22:42:42 +0000 (15:42 -0700)]
Use explicit_bzero to overwrite passwords

Use explicit_bzero instead of memset, where available, to overwrite
copies of passwords before freeing memory.  This reduces the lifetime
of passwords in memory.

4 years agoFix make-c-data typo in copyright notice
Russ Allbery [Sat, 16 May 2020 22:40:45 +0000 (15:40 -0700)]
Fix make-c-data typo in copyright notice

4 years agoFix warnings with Clang 10
Russ Allbery [Sat, 16 May 2020 22:35:53 +0000 (15:35 -0700)]
Fix warnings with Clang 10

Fix warnings from both the compiler and the static analyzer.
Reword cracklib/HISTORY to consistently use the past tense.

4 years agoDo not install libtest-spelling-perl for CI
Russ Allbery [Sat, 16 May 2020 21:59:09 +0000 (14:59 -0700)]
Do not install libtest-spelling-perl for CI

Installing the libtest-spelling-perl package also installs
libperl-critic-perl, and although we later install a newer version,
Perl::Critic dynamically picks up all of its policy modules.  This
means that installing the Ubuntu package will install obsolete
policy modules that will then be run during the test suite, causing
spurious failures.

4 years agoSwitch to GitHub Actions
Russ Allbery [Sat, 16 May 2020 20:58:20 +0000 (13:58 -0700)]
Switch to GitHub Actions

Replace the Travis-CI configuration with GitHub Actions and move
the code to install prerequisites and run the tests into files in
the ci directory.

4 years agoAdd change comments to cracklib/rules.c
Russ Allbery [Sat, 16 May 2020 20:39:36 +0000 (13:39 -0700)]
Add change comments to cracklib/rules.c

4 years agoUpdate to rra-c-util 8.2 and C TAP Harness 4.7
Russ Allbery [Sat, 16 May 2020 20:34:17 +0000 (13:34 -0700)]
Update to rra-c-util 8.2 and C TAP Harness 4.7

Update to rra-c-util 8.2:

* Implement explicit_bzero with memset if it is not available.
* Reformat all C source using clang-format 10.
* Work around Test::Strict not skipping .git directories.
* Fix warnings with perltidy 20190601 and Perl::Critic 1.134.
* Improve check for obsolete strings.
* Use a more standard all-permissive license.
* Add SPDX-License-Identifier headers to all substantial source files.
* Skip more build system files when running the test suite.
* Fix warnings with Clang 10, GCC 10, and the Clang static analyzer.
* Exclude more valgrind false positives with Kerberos libraries.

Update to C TAP Harness 4.7:

* Fix warnings with GCC 10.
* Reformat all C source using clang-format 10.
* Fixed malloc error checking in bstrndup.
* Add support for valgrind testing via test list options.
* Report test failures as left and right, not wanted and seen.
* Fix is_string comparisons involving NULL pointers and "(null)".
* Add SPDX-License-Identifier headers to all substantial source files.

4 years agoReformat with clang-format
Russ Allbery [Sat, 16 May 2020 19:26:56 +0000 (12:26 -0700)]
Reformat with clang-format

Import the clang-format rules and Makefile target from rra-c-util
8.2.  Exclude the cracklib directory.

Complete a mangled comment in the SQLite dictionary implementation.

7 years agoDocument heimdal-history keeps infinite history
Russ Allbery [Sat, 27 May 2017 18:52:54 +0000 (11:52 -0700)]
Document heimdal-history keeps infinite history

Also reformat the POD file to 78 columns (my normal convention) while
I was editing it anyway.

7 years agoFix formatting to make older perltidy happy
Russ Allbery [Mon, 22 May 2017 03:04:09 +0000 (20:04 -0700)]
Fix formatting to make older perltidy happy

7 years agoSupport building without CrackLib support
Russ Allbery [Mon, 22 May 2017 02:35:52 +0000 (19:35 -0700)]
Support building without CrackLib support

Support building without CrackLib support by passing
--without-cracklib to configure.  This makes the code a bit simpler
and lighter if you don't intend to ever use the CrackLib support.

7 years agoFix a few bits of DocKnot metadata
Russ Allbery [Sun, 12 Feb 2017 05:07:35 +0000 (21:07 -0800)]
Fix a few bits of DocKnot metadata

The Git repository URL was wrong, and one of the documentation
links for the web site used the incorrect URL.

7 years agoAdd missing DocKnot metadata for Debian packaging
Russ Allbery [Sun, 25 Dec 2016 21:37:20 +0000 (13:37 -0800)]
Add missing DocKnot metadata for Debian packaging

This only affects the thread output, not the documentation
included in the package.

7 years agoUpdate files included in the distribution release/3.1
Russ Allbery [Sun, 25 Dec 2016 19:09:04 +0000 (11:09 -0800)]
Update files included in the distribution

7 years agoRelease 3.1
Russ Allbery [Sun, 25 Dec 2016 19:07:59 +0000 (11:07 -0800)]
Release 3.1

7 years agoAdd NEWS entry for require_classes of a number of classes
Russ Allbery [Sun, 25 Dec 2016 19:07:33 +0000 (11:07 -0800)]
Add NEWS entry for require_classes of a number of classes

7 years agoCoding style cleanup and tests for minimum classes
Russ Allbery [Fri, 23 Dec 2016 19:43:11 +0000 (11:43 -0800)]
Coding style cleanup and tests for minimum classes

Add tests for specifying a minimum number of classes, refactor for
coding style a bit, and add new tests for the new syntax errors.

7 years agoAdd support for requiring a number of character classes
Toby Blake [Mon, 19 Dec 2016 21:17:44 +0000 (13:17 -0800)]
Add support for requiring a number of character classes

Extend the required_classes config option to allow requiring at
least a given number of different character classes (whatever they
are).

7 years agoHandle errors in heimdal-strength tests better
Russ Allbery [Mon, 19 Dec 2016 02:58:34 +0000 (18:58 -0800)]
Handle errors in heimdal-strength tests better

In Travis CI, the heimdal-strength test was failing with a broken
pipe.  Apparently the timing was such that the child process would
exit with an error before IPC::Run could try to write the input,
and then IPC::Run would die with a broken pipe.  Work around this
by allowing a flag to be passed to run_heimdal_strength saying whether
to expect an error, and don't send input in that case.

7 years agoAdd DocKnot metadata and regenerate README
Russ Allbery [Sun, 18 Dec 2016 19:24:27 +0000 (11:24 -0800)]
Add DocKnot metadata and regenerate README

This also adds a Markdown version of README, mostly for GitHub.

7 years agoMove configuration instructions to man pages
Russ Allbery [Sat, 26 Nov 2016 07:02:05 +0000 (23:02 -0800)]
Move configuration instructions to man pages

Create a new krb5-strength man page that gets the configuration
instructions for the plugins (with the proper path substituted in
by the Makefile) and move other configuration details to the
heimdal-strength and heimdal-history man pages.  Duplicate the
documentation for cracklib_maxlen in the heimdal-strength man page.

This will make it easier to automate generation of the README file,
since it will now require less complex formatting.

7 years agoFix some sorting bugs in embedded CrackLib
Russ Allbery [Mon, 7 Nov 2016 06:23:13 +0000 (22:23 -0800)]
Fix some sorting bugs in embedded CrackLib

Patch the mkdict and packer in the embedded copy of CrackLib to force
C locale when sorting (avoiding a corrupted dictionary) and warn and
skip out-of-order words rather than creating a corrupted dictionary.
Patch from Mark Sirota.

7 years agoAlso check cracklib_maxlen with heimdal-strength
Russ Allbery [Mon, 7 Nov 2016 05:59:54 +0000 (21:59 -0800)]
Also check cracklib_maxlen with heimdal-strength

7 years agoFinalize Travis-CI configuration
Russ Allbery [Mon, 7 Nov 2016 03:08:42 +0000 (19:08 -0800)]
Finalize Travis-CI configuration

Now that all the bugs are fixed.  (Probably should have done that
in a branch with a pull request.  Oh well.)

7 years agoOne more attempt to fix perltidy on Travis-CI
Russ Allbery [Mon, 7 Nov 2016 03:03:38 +0000 (19:03 -0800)]
One more attempt to fix perltidy on Travis-CI

7 years agoHopefully fix perltidy failure in Travis-CI
Russ Allbery [Mon, 7 Nov 2016 02:58:24 +0000 (18:58 -0800)]
Hopefully fix perltidy failure in Travis-CI

7 years agoMore Travis-CI debugging of test failure
Russ Allbery [Mon, 7 Nov 2016 02:52:51 +0000 (18:52 -0800)]
More Travis-CI debugging of test failure

7 years agoTemporarily run perl/critic test verbose for Travis
Russ Allbery [Mon, 7 Nov 2016 02:45:40 +0000 (18:45 -0800)]
Temporarily run perl/critic test verbose for Travis

Need to figure out why this is failing.

7 years agoAdd Travis-CI configuration
Russ Allbery [Mon, 7 Nov 2016 02:36:09 +0000 (18:36 -0800)]
Add Travis-CI configuration

7 years agoUpdate to rra-c-util 5.7 and C TAP Harness 4.1
Russ Allbery [Mon, 7 Nov 2016 02:27:57 +0000 (18:27 -0800)]
Update to rra-c-util 5.7 and C TAP Harness 4.1

Update to rra-c-util 6.2:

* Use calloc in preference to malloc wherever appropriate.
* Use reallocarray in preference to realloc wherever appropriate.
* Suppress warnings from Kerberos headers under make warnings.
* Support the embedded Kerberos in Solaris 10 in library probes.
* Add missing va_end in xasprintf implementation.
* Fix logic in Test::RRA::Automake for new Automake dist checking.
* Fix all return-value checks for snprintf to avoid off-by-one error.
* Update warning flags for make warnings to GCC 6.1.0.
* Fix Test::RRA::Config for new "do" semantics in Perl 5.22.2.
* Add a new test for obsolete eyrie.org URLs.
* Require Test::Strict 0.25 or newer for Perl strictness checks.

Update to C TAP Harness 4.1:

* Replace all remaining uses of sprintf.
* Test lists may now have comments and blank lines.
* runtests -v will show the complete output from a test.
* Fix segfault in runtests when given an empty test list.
* Tests use C_TAP_SOURCE and C_TAP_BUILD instead of SOURCE and BUILD.

7 years agoFix Perl critic error in tests/tools/wordlist-t
Russ Allbery [Mon, 7 Nov 2016 02:11:16 +0000 (18:11 -0800)]
Fix Perl critic error in tests/tools/wordlist-t

Don't pass $_ explicitly as an argument to length().

7 years agoRename autogen to bootstrap
Russ Allbery [Mon, 7 Nov 2016 01:36:04 +0000 (17:36 -0800)]
Rename autogen to bootstrap

Rename the script to bootstrap from a Git checkout to bootstrap,
matching the emerging consensus in the Autoconf world.

7 years agoAdd NEWS, documentation, and test suite for cracklib_maxlen
Russ Allbery [Sun, 6 Nov 2016 23:37:17 +0000 (15:37 -0800)]
Add NEWS, documentation, and test suite for cracklib_maxlen

Also fix a few coding style nits.

7 years agoFix misuse of Readonly in make-c-data
Russ Allbery [Sun, 6 Nov 2016 23:36:45 +0000 (15:36 -0800)]
Fix misuse of Readonly in make-c-data

This script was initializing variables with Readonly via assignment
rather than the fat arrow.  The latter is the correct syntax.

7 years agoAdd option to bypass CrackLib for longer passwords
Jorj Bauer [Sun, 6 Nov 2016 23:08:57 +0000 (15:08 -0800)]
Add option to bypass CrackLib for longer passwords

Add a trapdoor length, after which cracklib doesn't function.  This is
done via a cracklib_maxlen option to krb5.conf. passwords of that length
or shorter are still vetted.  (0, the default, performs the cracklib
fascist check at any length.)

CrackLib was designed to work with passwords, when passwords were 5-8
characters long.  CrackLib makes working with passphrases difficult,
rejecting some good ones.  The SQLite dictionary can be seeded with
Engligh trigrams, providing a compensating control.  Ergo, CrackLib
shouldn't be vetting passphrases; we should leave that to SQLite.

7 years agoAdd a NEWS entry for CrackLib security issues
Russ Allbery [Wed, 19 Oct 2016 16:20:54 +0000 (09:20 -0700)]
Add a NEWS entry for CrackLib security issues

7 years agoRemove remaking CrackLib FascistGecos reference
Russ Allbery [Wed, 19 Oct 2016 16:15:19 +0000 (09:15 -0700)]
Remove remaking CrackLib FascistGecos reference

All this code was previously removed, but there was still a
reference protected by #ifdef.  Get rid of that too.

7 years agoDouble buffer size in Mangle to allow for duplicate rules
Russ Allbery [Wed, 19 Oct 2016 16:12:30 +0000 (09:12 -0700)]
Double buffer size in Mangle to allow for duplicate rules

No duplicating rules are enabled for the default rule set that is
run by the krb5-strength package, but close the latent security
vulnerability anyway.

Patch from Howard Guo <hguo@suse.com>.

10 years agoFix heimdal-history with the default DB_File::Lock
Russ Allbery [Thu, 15 May 2014 05:03:42 +0000 (22:03 -0700)]
Fix heimdal-history with the default DB_File::Lock

Change the DB_File::Lock calling method in heimdal-history to work
properly with the (buggy) CPAN version of DB_File::Lock, instead of
relying on Debian's patched version.  Thanks to Bernt Jernberg for the
report.

10 years agoBegin error messages with a capital letter
Russ Allbery [Thu, 27 Mar 2014 19:58:58 +0000 (12:58 -0700)]
Begin error messages with a capital letter

Change the error messages returned for passwords that fail strength
checking to start with a capital letter.  This appears to be more
consistent with the error message conventions used inside Heimdal.

10 years agoDocument minimum_different in heimdal-strength man page release/3.0
Russ Allbery [Wed, 26 Mar 2014 06:48:04 +0000 (23:48 -0700)]
Document minimum_different in heimdal-strength man page

10 years agoFurther README changes for the addition of SQLite and history
Russ Allbery [Wed, 26 Mar 2014 06:47:23 +0000 (23:47 -0700)]
Further README changes for the addition of SQLite and history

10 years agoRelease 3.0
Russ Allbery [Wed, 26 Mar 2014 06:33:48 +0000 (23:33 -0700)]
Release 3.0

10 years agoRemove duplicate copyright declaration from heimdal-history
Russ Allbery [Wed, 26 Mar 2014 06:32:07 +0000 (23:32 -0700)]
Remove duplicate copyright declaration from heimdal-history

This confuses build-license

10 years agoAdd license statement to autogen
Russ Allbery [Wed, 26 Mar 2014 06:31:47 +0000 (23:31 -0700)]
Add license statement to autogen

It's now long enough that build-license cares about it.

10 years agoSkip more tests for valgrind checking
Russ Allbery [Wed, 26 Mar 2014 06:23:23 +0000 (23:23 -0700)]
Skip more tests for valgrind checking

Also fully-qualify the path to the suppression file, which may
matter if the tests change working directories.

10 years agoFix a memory leak during SQLite dictionary initialization
Russ Allbery [Wed, 26 Mar 2014 06:23:09 +0000 (23:23 -0700)]
Fix a memory leak during SQLite dictionary initialization

10 years agoFix skipped test count with Heimdal and no SQLite
Russ Allbery [Wed, 26 Mar 2014 06:08:42 +0000 (23:08 -0700)]
Fix skipped test count with Heimdal and no SQLite

10 years agoStick to SQLite interfaces in 3.7
Russ Allbery [Wed, 26 Mar 2014 03:58:30 +0000 (20:58 -0700)]
Stick to SQLite interfaces in 3.7

Use sqlite3_close instead of sqlite3_close_v2.  We don't need the
new semantics of sqlite3_close_v2.  Also use sqlite3_errmsg instead
of sqlite3_errstr, which actually appears to be better, assuming it
works as documented.

10 years agoReplace remaining references to cdbmake-wordlist
Russ Allbery [Tue, 25 Mar 2014 23:25:09 +0000 (16:25 -0700)]
Replace remaining references to cdbmake-wordlist

10 years agoAdd additional Perl module requirements for bootstrap
Russ Allbery [Tue, 25 Mar 2014 22:52:15 +0000 (15:52 -0700)]
Add additional Perl module requirements for bootstrap

10 years agoUpdate to rra-c-util 5.4
Russ Allbery [Tue, 25 Mar 2014 22:49:20 +0000 (15:49 -0700)]
Update to rra-c-util 5.4

* Use Lancaster Consensus environment variables to control tests.
* Work around perltidy bug that leaves behind stray log files.

RELEASE_TESTING, AUTOMATED_TESTING, and AUTHOR_TESTING are now used
to control whether to run tests that may not be of interest to the
end user.

10 years agoPerformance tuning of krb5-strength-wordlist for SQLite
Russ Allbery [Tue, 25 Mar 2014 22:28:35 +0000 (15:28 -0700)]
Performance tuning of krb5-strength-wordlist for SQLite

Apply some performance tuning from various threads at Perl Monks
to increase the speed of the bulk creation of the SQLite database.

10 years agoFix typo in the wordlist-sqlite-t test
Russ Allbery [Tue, 25 Mar 2014 22:28:17 +0000 (15:28 -0700)]
Fix typo in the wordlist-sqlite-t test

10 years agoRefactor krb5-strength-wordlist
Russ Allbery [Tue, 25 Mar 2014 20:06:37 +0000 (13:06 -0700)]
Refactor krb5-strength-wordlist

Separate the filter construction into a separate function and use
a hash for command-line arguments to make perlcritic happier with
the complexity of the main routine.