feat: update john to 1.9.0-2

debian/changelog

@@ -1,3 +1,30 @@
+john (1.9.0-2) unstable; urgency=medium
+
+  * Team upload.
+  * Restrict current testsuite to amd64 and i386 architectures as
+    --method=crypt and multialgorithm hash files are not supported
+    in all architectures.
+
+ -- Marcos Fouces <[email protected]>  Sun, 14 Aug 2022 00:40:53 +0200
+
+john (1.9.0-1) unstable; urgency=medium
+
+  [ Marcos Fouces ]
+  * Team upload.
+  * New upstream version 1.9.0
+  * Rework patches for new upstream release.
+  * Remove acute accent in john.8 manual page.
+  * Conversion of 'CREDITS' file to utf-8 encoding.
+
+  [ Axel Beckert ]
+  * Salsa CI: Ignore a specific assembler line in blhc. Adding $CPPFLAGS
+    to it causes an unexpected FTBFS due to a missing file.
+
+  [ Jan Gru ]
+  * Add autopkgtests
+
+ -- Marcos Fouces <[email protected]>  Sat, 06 Aug 2022 20:29:52 +0200
+
 john (1.8.0-4) unstable; urgency=medium
 
   * Also unconditionally and always call "mkdir -p $RUNDIR" in cron

debian/copyright

@@ -39,6 +39,10 @@ Copyright: © 1999-2001, Jordi Mallach <[email protected]>
            © 1999-2001, Jeronimo Pellegrini <[email protected]>
 License: GPL-2+
 
+Files: debian/tests/*
+Copyright: © 2021, Jan Gruber <[email protected]>
+License: GPL-2+
+
 Files:src/MD5_std.*
 Copyright: © 1996-2006, Solar Designer <[email protected]>
 License: GPL-2+

debian/man/john.8

@@ -148,8 +148,8 @@ not always continue the latest one.
 .B \-shells:[\-]SHELL[,..]
 This option is useful to load accounts with a valid shell only, or not to
 load accounts with a bad shell. You can omit the path before a shell name,
-so '\-shells:csh' will match both '/bin/csh' and '/usr/bin/csh', while
-\'\-shells:/bin/csh' will only match '/bin/csh'.
+so '\-shells:csh' will match both '/bin/csh' and '/usr/bin/csh', 
+while '\-shells:/bin/csh' will only match '/bin/csh'.
 .TP
 .B \-show
 Shows the cracked passwords in a convenient form. You should also specify

debian/patches/allow-cflags-overriding.diff

@@ -3,10 +3,8 @@ Author: Ruben Molina <[email protected]>
 Last-Update: 2013-06-04
 Forwarded: no
 
-Index: john-1.8.0/src/Makefile
-===================================================================
---- john-1.8.0.orig/src/Makefile	2013-05-29 18:21:25.000000000 -0500
-+++ john-1.8.0/src/Makefile	2013-06-04 01:17:22.272040456 -0500
+--- a/src/Makefile
++++ b/src/Makefile
 @@ -18,7 +18,7 @@
  TR = tr
  SED = sed
@@ -16,12 +14,12 @@ Index: john-1.8.0/src/Makefile
  OMPFLAGS =
  # gcc with OpenMP
  #OMPFLAGS = -fopenmp
-@@ -28,11 +28,11 @@
- #OMPFLAGS = -fopenmp -D_FORTIFY_SOURCE=0
+@@ -30,11 +30,11 @@
+ #OMPFLAGS = -openmp
  # Sun Studio with OpenMP (set the OMP_NUM_THREADS env var at runtime)
  #OMPFLAGS = -xopenmp
--CFLAGS = -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer $(OMPFLAGS)
-+CFLAGS += -c -Wall -Wdeclaration-after-statement -O2 -fomit-frame-pointer $(OMPFLAGS)
+-CFLAGS = -c -Wall -O2 -fomit-frame-pointer $(OMPFLAGS)
++CFLAGS += -c -Wall -O2 -fomit-frame-pointer $(OMPFLAGS)
  # CFLAGS for use on the main john.c file only
  CFLAGS_MAIN = $(CFLAGS)
  ASFLAGS = -c $(OMPFLAGS)

debian/patches/arm-unroll-loops-ftbfs-476460.diff

@@ -6,11 +6,9 @@ Bug-Debian: http://bugs.debian.org/476460
 Last-Update: 2013-06-04
 Forwarded: no
 
-Index: john-1.8.0/src/Makefile
-===================================================================
---- john-1.8.0.orig/src/Makefile	2013-06-04 01:19:37.244046143 -0500
-+++ john-1.8.0/src/Makefile	2013-06-04 01:19:38.876046194 -0500
-@@ -33,7 +33,6 @@
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -35,7 +35,6 @@
  CFLAGS_MAIN = $(CFLAGS)
  ASFLAGS = -c $(OMPFLAGS)
  LDFLAGS += -s $(OMPFLAGS)

debian/patches/define-cfg-name.diff

@@ -1,25 +1,20 @@
-Description: allows CFG_FULL_NAME/CFG_ALT_NAME modification from debian/rules
-Author: Kees Cook <[email protected]>
-Reviewed-By: Ruben Molina <[email protected]>
-Last-Update: 2013-06-04
+Description: allows CFG_FULL_NAME/CFG_ALT_NAME modification from debian/rules. 
+Modified by Marcos Fouces to adjust to upstream release 1.9.0.
+Author: Kees Cook <[email protected]>, Marcos Fouces <[email protected]>
+Last-Update: 2022-08-07
 Forwarded: no
 
-Index: john-1.8.0/src/params.h
-===================================================================
---- john-1.8.0.orig/src/params.h	2013-05-29 22:32:02.000000000 -0500
-+++ john-1.8.0/src/params.h	2013-06-04 01:20:08.292047105 -0500
-@@ -135,8 +135,12 @@
+--- a/src/params.h
++++ b/src/params.h
+@@ -135,11 +135,6 @@
  /*
   * File names.
   */
+-#ifdef __DJGPP__
+-#define CFG_FULL_NAME			"$JOHN/john.ini"
+-#else
 -#define CFG_FULL_NAME			"$JOHN/john.conf"
--#define CFG_ALT_NAME			"$JOHN/john.ini"
-+#ifndef CFG_FULL_NAME
-+#define CFG_FULL_NAME                   "$JOHN/john.conf"
-+#endif
-+#ifndef CFG_ALT_NAME
-+#define CFG_ALT_NAME                    "$JOHN/john.ini"
-+#endif
+-#endif
  #if JOHN_SYSTEMWIDE
- #define CFG_PRIVATE_FULL_NAME		JOHN_PRIVATE_HOME "/john.conf"
- #define CFG_PRIVATE_ALT_NAME		JOHN_PRIVATE_HOME "/john.ini"
+ #ifdef __DJGPP__
+ #define CFG_PRIVATE_FULL_NAME		JOHN_PRIVATE_HOME "/john.ini"

debian/patches/kfreebsd-c3_fmt.diff

@@ -4,11 +4,9 @@ Reviewed-By: Ruben Molina <[email protected]>
 Last-Update: 2013-06-04
 Forwarded: no
 
-Index: john-1.8.0/src/Makefile
-===================================================================
---- john-1.8.0.orig/src/Makefile	2013-06-04 01:19:38.876046194 -0500
-+++ john-1.8.0/src/Makefile	2013-06-04 01:20:00.164046852 -0500
-@@ -308,24 +308,24 @@
+--- a/src/Makefile
++++ b/src/Makefile
+@@ -406,24 +406,24 @@
  freebsd-x86-64:
  	$(LN) x86-64.h arch.h
  	$(MAKE) $(PROJ) \

debian/patches/series

@@ -1,5 +1,5 @@
+define-cfg-name.diff
 allow-cflags-overriding.diff
 arm-unroll-loops-ftbfs-476460.diff
 kfreebsd-c3_fmt.diff
-define-cfg-name.diff
 enable-openmp-support.diff

debian/rules

@@ -16,7 +16,7 @@ OS := $(shell dpkg-architecture -qDEB_HOST_ARCH_OS)
 # This is to add missing hardening fortify functions export
 CFLAGS += $(shell dpkg-buildflags --get CPPFLAGS)
 
-CFLAGS += -DJOHN_SYSTEMWIDE
+CFLAGS += -DJOHN_SYSTEMWIDE=1
 # See src/params.h
 
 ifeq ($(OS),kfreebsd)
@@ -110,6 +110,10 @@ endif
 override_dh_auto_install:
 	# install the selected target
 	dh_auto_install
+	find . -name CREDITS -type f -exec \
+	iconv -f ISO-8859-1 -t UTF-8 '{}' -o '{}'.utf8 \; -exec \
+	mv -f '{}'.utf8 '{}' \;
+
 	# install fallbacks as needed
 ifeq ($(HAVEMMX),1)
 	dh_install run/john-non-mmx /usr/lib/john

debian/salsa-ci.yml

@@ -1,3 +1,6 @@
 include:
   - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
   - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
+
+variables:
+  SALSA_CI_BLHC_ARGS: "--ignore-line .*\\.S"

debian/tests/control

@@ -0,0 +1,3 @@
+Tests: smoke, crack-crypt-with-wordlist, crack-std-formats-with-stdin
+Restrictions: needs-root, allow-stderr
+Architecture: amd64 i386

debian/tests/crack-crypt-with-wordlist

@@ -0,0 +1,44 @@
+#!/bin/sh
+
+# Exit on the first command fail
+set -e
+
+# Defines expected results
+EXPECTED=$(cat <<'EOF'
+user_yescrypt:12345
+user_gost-yescrypt:password
+EOF
+)
+
+# Defines hashes to crack
+HASHES=$(cat <<'EOF'
+user_yescrypt:$y$j85$OGMIErbGNrEYiwnutN6HG0$PtiyyQc3fxPh8Ig0/GQhT7idvp9reiBI9x/Q0U6pAB/
+user_gost-yescrypt:$gy$j85$n3MaZu3hmSksDCUuQG3gs/$Hi2WJKbS6cz9cPAg.e9/uFq8Kwv/Vqc5g2SAFwNNWm5
+EOF
+)
+
+# Temporary hash file to use
+TMP="tmp_hashes"
+echo "$HASHES" > $TMP
+
+# Default wordlist installed with john
+DEFAULT="/usr/share/john/password.lst"
+
+# Performs hash cracking by reading the default wordlist 
+john --format=crypt --wordlist=${DEFAULT} ${TMP}
+
+# Retrieves results
+ACTUAL=$(john --show $TMP)
+
+echo "${EXPECTED}" |
+    while read line
+    do
+        echo "${ACTUAL}" | grep ${line} 	
+    done 
+
+# Clean up, even if not needed in testbed
+rm ${TMP}
+
+# Exit success
+exit 0
+

debian/tests/crack-std-formats-with-stdin

@@ -0,0 +1,52 @@
+#!/bin/sh
+
+# Exit on the first command fail
+set -e
+
+# Defines expected results
+EXPECTED=$(cat <<'EOF'
+user_sha-512:Debian
+user_sha-256:Debian
+user_sunmd5:Debian
+user_md5:Debian
+user_descrypt:Debian
+user_bsdicrypt:Debian
+user_nt:Debian
+EOF
+)
+
+# Defines hashes to crack
+HASHES=$(cat <<'EOF'
+user_yescrypt:$y$j85$8Az64q0npQQ3ebW/rMAI/1$58l5q0z1tvYHAwnn7U20eFrZWiCNECPMXROIoqsU1W2
+user_gost-yescrypt:$gy$j85$qWNNmIkIlg.RCQkB7.1t40$LGG/rXpEog2HUbyg.MLtzUOIhbJkfaKsTQK7ekgK2N4
+user_sha-512:$6$JJKKLLMM$q1XDHeP3sK5ZNmJc9PaKdvJMyimnEmDeU6ybTOAMhmrfZejaBAAKJk99v.ztGC3xJ2e3pQn7Ne/ugSHrGeV/U0
+user_sha-256:$5$IIJJKKLL$.aKwC3TsL1ssQqEOFSQ8i3A8JeYfs.ewGBrotVlMrG4
+user_sunmd5:$md5$rounds=2$AABBCCDD$6HXyDGrhiaPHoQAZLmgrF/
+user_md5:$1$EEFFGGHH$FPC7VX4nfLBmkjXlBJHMW1
+user_descrypt:AAPKdMk19oAEA
+user_nt:$3$$32cef4869babf377aabbe284f13465ac
+user_bsdicrypt:_J9..B74QVPVqrMjJx2M
+EOF
+)
+
+# Temporary hash file to use
+TMP="tmp_hashes"
+echo "$HASHES" > ${TMP}
+
+# Performs hash cracking by reading the wordlist from stdin
+echo "debian Debian" | xargs -n1 | john --stdin ${TMP}
+
+# Retrieves results
+ACTUAL=$(john --show $TMP)
+
+echo "${EXPECTED}" |
+    while read line
+    do
+	echo "${ACTUAL}" | grep -q ${line} 
+    done
+
+# Clean up, even if not needed in testbed
+rm ${TMP}
+
+# Exit success
+exit 0

debian/tests/helper/make-hashes.sh

@@ -0,0 +1,29 @@
+#!/bin/sh
+# Note: This script requires mkpasswd from package whois
+
+# Yescrypt
+echo "12345" | mkpasswd --method=yescrypt --rounds=2 --stdin | awk '{print "user_yescrypt:"$1}'
+
+# Gost-yescrypt
+echo "password" | mkpasswd --method=gost-yescrypt --rounds=2 --stdin | awk '{print "user_gost-yescrypt:"$1}'
+
+# SHA-512
+echo "Debian" | mkpasswd --method=sha512crypt --salt=JJKKLLMM --stdin | awk '{print "user_sha-512:"$1}'
+
+# SHA-256
+echo "Debian" | mkpasswd --method=sha256crypt --salt=IIJJKKLL --stdin | awk '{print "user_sha-256:"$1}'
+
+# SunMD5
+echo "Debian" | mkpasswd --method=sunmd5 --salt=AABBCCDD --rounds=2 --stdin  | awk '{print "user_sunmd5:"$1}'
+
+# MD5
+echo "Debian" | mkpasswd --method=md5crypt --salt=EEFFGGHH --rounds=2 --stdin | awk '{print "user_md5:"$1}'
+
+# DESCrypt
+echo "Debian" | mkpasswd --method=descrypt --salt=AA --rounds=2 --stdin  | awk '{print "user_descrypt:"$1}'
+
+# NT
+echo "Debian" | mkpasswd --method=nt --stdin  | awk '{print "user_nt:"$1}'
+
+# BSDIcrypt
+echo "Debian" | mkpasswd --method=bsdicrypt  --stdin  | awk '{print "user_bsdicrypt:"$1}'

debian/tests/smoke

@@ -0,0 +1,2 @@
+#!/bin/sh
+john

doc/CHANGES

@@ -1,3 +1,52 @@
+The following changes have been made between John 1.8.0 and 1.9.0:
+
+* Increased the interleaving for bcrypt on x86-64 from 2x to 3x for a major
+speedup on CPUs without SMT.  Unfortunately, this sometimes results in a minor
+performance regression when running multiple threads on CPUs with SMT.
+* Recognize the $2b$ bcrypt prefix.
+* In the generic crypt(3) format, detect descrypt with valid vs. invalid salts
+as separate id's for our heuristics on supported hash types.
+* Introduced a number of optimizations for faster handling of large password
+hash files, including loading, cracking, and "--show".  Some of these use more
+memory than before, yet in a more efficient manner.
+* Benchmark using all-different candidate passwords of length 7 by default.
+* Dropped undocumented special handling of "Mc" in 'c' and 'C' rule commands.
+* Dropped undocumented limitation of the 'M' and 'Q' rule commands where they
+would sometimes memorize/check only up to the current hash type's length limit
+yet this optimization wouldn't necessarily be transparent (e.g., if a later
+command would extract a substring from above the hash type's length limit and
+bring it to within the limit).
+* Implemented special-case handling of repeated rule commands '$', '^', '[',
+']', '{', and '}', as well as faster handling of the 'D' command.
+* When built with "--fork" support, disallow session names with all-digit
+suffixes since these clash with those produced by "--fork".
+* Forward SIGTERM to --fork'ed children.
+* Set stdout to line buffered (rather than potentially fully buffered), except
+for "--stdout", "--show", and auxiliary programs such as "unshadow".
+* On Windows, restore normal processing of Ctrl-C in case our parent (such as
+Johnny the GUI) had disabled it.
+* Added linux-x86*-avx512 and linux-x86*-avx2 make targets, which use
+respectively AVX-512 and AVX2 for bitslice DES.
+* Added linux-mic make target for Intel MIC (first generation Xeon Phi, aka
+Knights Corner), which uses its 512-bit SIMD intrinsics for bitslice DES.
+(For second generation Xeon Phi, aka Knights Landing, use linux-x86-64-avx512.)
+* Added linux-arm64le, linux-arm32le-neon, and linux-arm32le make targets.
+(The first two of these make use of ASIMD or NEON for bitslice DES.)
+* Added linux-sparc64 make target.
+* Made a minor optimization to MMX and SSE2 assembly code for LM hash.
+* Dropped Ultrix and SCO support.
+* Don't probe for alternate config file names (like john.ini when on Unix).
+* "DokuWiki" external mode sample has been added to the default john.conf.
+* Fixed operator precedence in the external mode compiler to be the same as C.
+* Fixed an out of bounds write bug in the external mode virtual machine.
+* Fixed a bug introduced in version 1.7.4 in the wordlist rules engine, where
+some sequences of rule commands could overflow a word buffer.
+* Fixed a bug where unaligned access SSE/AVX instructions would unnecessarily
+be generated by GCC 4.6+ in the bitslice DES code in non-OpenMP builds.
+* Fixed a bug where "Warning: no OpenMP support for this hash type" could be
+printed in "--stdout" mode.
+* Made assorted other bugfixes, portability and documentation enhancements.
+
 The following changes have been made between John 1.7.9.8 and 1.8.0:
 
 * Revised the incremental mode to let the current character counts grow for
@@ -91,7 +140,7 @@ generating the code from the supplied C source files (with intrinsics where
 relevant).  The S-box expressions that we were using before had a 21% larger
 gate count, so theoretically this could provide a 21% speedup.  In practice,
 though, a 12% to 14% speedup at DES-based crypt(3) hashes is typical.
-This effort has been sponsored by Rapid7: http://www.rapid7.com
+This effort has been sponsored by Rapid7: https://www.rapid7.com
 * Corrected support for bcrypt (OpenBSD Blowfish) hashes of passwords
 containing non-ASCII characters (that is, characters with the 8th bit set).
 Added support for such hashes produced by crypt_blowfish up to 1.0.4, which
@@ -328,4 +377,4 @@ Mac OS X (PowerPC and x86), SCO, BeOS.
 * Bug and portability fixes, and new bugs.
 * Bonus: "Strip" cracker included in the default john.conf (john.ini).
 
-$Owl: Owl/packages/john/john/doc/CHANGES,v 1.91 2013/05/30 03:11:02 solar Exp $
+$Owl: Owl/packages/john/john/doc/CHANGES,v 1.117 2019/04/12 01:03:53 solar Exp $