Russ Allbery [Tue, 26 Dec 2023 03:12:04 +0000 (19:12 -0800)]
Fiddle with debian/copyright a bit
The copyright format doesn't really take into account the way that
Libtool now has a GPL-2 or Expat license. Fiddle with the format a
bit to make something that sort of works.
Russ Allbery [Mon, 25 Dec 2023 22:25:11 +0000 (14:25 -0800)]
Make xmalloc diagnostic suppression conditional
It looks like -Wuse-after-free was added in GCC 12, although it
doesn't appear in the changes. Make suppressing diagnostics about
it in util/xmalloc.c conditional on that version to avoid problems
on GitHub CI with an older GCC version.
Russ Allbery [Mon, 25 Dec 2023 21:22:35 +0000 (13:22 -0800)]
Fix make-c-data for Const::Fast
The change from Readonly to Const::Fast broke make-c-data because
of how it was using a hash of flags. Use exists explicitly so that
it still works with a read-only hash.
Russ Allbery [Mon, 25 Dec 2023 21:21:27 +0000 (13:21 -0800)]
Disable Clang -Wunsafe-buffer-usage
This new warning flag is designed for C++ code where it is now
possible to never use raw C pointers to manipulate buffers. C code
still requires this, so it should be disabled.
Russ Allbery [Mon, 25 Dec 2023 19:59:59 +0000 (11:59 -0800)]
Update to rra-c-util 10.5
* Assume a working snprintf rather than supplying a replacement.
* Fix detection of reallocarray on NetBSD.
* Check that Kerberos header files were found during configure.
* Use AS_ECHO in all Autoconf macros.
* Always use lib32 or lib64 if it exists, even on Debian.
* Fix rejection of unknown Clang warning flags.
* Disable -Wreserved-identifier for Clang warning builds.
Reformat and restructure Perl code for new perlcritic and perltidy
rules.
heimdal-history now requires the Perl modules Const::Fast and
JSON::MaybeXS instead of Readonly and JSON.
Russ Allbery [Thu, 31 Dec 2020 01:33:10 +0000 (17:33 -0800)]
Mark build dependencies with <!nocheck>
* Mark build dependencies used only for the test suite with <!nocheck>.
Thanks, Helmut Grohne. (Closes: #978723)
* Remove Build-Dependency on libfile-slurp-perl, which was not used.
Russ Allbery [Sun, 17 May 2020 06:10:15 +0000 (23:10 -0700)]
Update debian/copyright and include cracklib license
* Include the full text of the license of the embedded copy of cracklib
(not used in the Debian build) in debian/copyright, since it's not
identical to the Artistic license included in common-licenses.
Russ Allbery [Sun, 17 May 2020 02:41:15 +0000 (19:41 -0700)]
Increase iterations for history hashing
Increase hash iterations for heimdal-history by roughly a factor of
four to increase the time required for a password hash to about 0.1
seconds on modern hardware. This will affect newly-stored history
entries but will not invalidate existing password history entries.
Russ Allbery [Sun, 17 May 2020 02:24:53 +0000 (19:24 -0700)]
Add new --check-only option to heimdal-history
Add new -c (--check-only) option to heimdal-history to check whether a
password would be accepted without updating the history or password
length databases. Based on work by macrotex.
Russ Allbery [Sun, 17 May 2020 01:02:25 +0000 (18:02 -0700)]
Remove initializations older cppcheck doesn't like
Current cppcheck is better about ignoring initializations that
don't matter, but the older version running on GitHub Actions
complaints. Fix a couple of those initializations to fix tests.
Russ Allbery [Sun, 17 May 2020 00:59:23 +0000 (17:59 -0700)]
Fix tests when built with system CrackLib
Skip tests that require the stronger rule configuration in the
embedded CrackLib when built against system CrackLib. This avoids
test failures when built with system CrackLib.
Russ Allbery [Sat, 16 May 2020 23:40:36 +0000 (16:40 -0700)]
Rework valgrind testing
Rework the check-valgrind target to use the new C TAP Harness valgrind
support and automatically check the valgrind log files for errors at
the end of the test suite.
Russ Allbery [Sat, 16 May 2020 22:42:42 +0000 (15:42 -0700)]
Use explicit_bzero to overwrite passwords
Use explicit_bzero instead of memset, where available, to overwrite
copies of passwords before freeing memory. This reduces the lifetime
of passwords in memory.
Russ Allbery [Sat, 16 May 2020 21:59:09 +0000 (14:59 -0700)]
Do not install libtest-spelling-perl for CI
Installing the libtest-spelling-perl package also installs
libperl-critic-perl, and although we later install a newer version,
Perl::Critic dynamically picks up all of its policy modules. This
means that installing the Ubuntu package will install obsolete
policy modules that will then be run during the test suite, causing
spurious failures.
Russ Allbery [Sat, 16 May 2020 20:34:17 +0000 (13:34 -0700)]
Update to rra-c-util 8.2 and C TAP Harness 4.7
Update to rra-c-util 8.2:
* Implement explicit_bzero with memset if it is not available.
* Reformat all C source using clang-format 10.
* Work around Test::Strict not skipping .git directories.
* Fix warnings with perltidy 20190601 and Perl::Critic 1.134.
* Improve check for obsolete strings.
* Use a more standard all-permissive license.
* Add SPDX-License-Identifier headers to all substantial source files.
* Skip more build system files when running the test suite.
* Fix warnings with Clang 10, GCC 10, and the Clang static analyzer.
* Exclude more valgrind false positives with Kerberos libraries.
Update to C TAP Harness 4.7:
* Fix warnings with GCC 10.
* Reformat all C source using clang-format 10.
* Fixed malloc error checking in bstrndup.
* Add support for valgrind testing via test list options.
* Report test failures as left and right, not wanted and seen.
* Fix is_string comparisons involving NULL pointers and "(null)".
* Add SPDX-License-Identifier headers to all substantial source files.
Russ Allbery [Sun, 25 Dec 2016 19:50:14 +0000 (11:50 -0800)]
Change CrackLib tests for system CrackLib
The upstream test suite contains a few tests that fail with the
normal system CrackLib rules. Modify them to expect passes so
that we can run the full test suite during the build.
Also remove CrackLib when testing character classes, since it
rejects the passwords used for minimum_different testing as too
simplistic.
Gbp-Pq: Name 0001-Change-CrackLib-tests-for-system-CrackLib.patch
Russ Allbery [Fri, 31 Aug 2018 23:53:16 +0000 (16:53 -0700)]
Update standards version to 4.2.1
* Update standards version to 4.2.1.
- Enable verbose test output.
- Install the upstream release notes as NEWS.gz, not changelog.gz.
- Add Rules-Requires-Root: no.
- Use https for URLs in debian/copyright.
- Change priority to optional.
Russ Allbery [Mon, 22 May 2017 02:35:52 +0000 (19:35 -0700)]
Support building without CrackLib support
Support building without CrackLib support by passing
--without-cracklib to configure. This makes the code a bit simpler
and lighter if you don't intend to ever use the CrackLib support.