[Forensics-changes] [hashrat] 02/02: Import Debian changes 1.8.11+dfsg-1
Giovani Augusto Ferreira
giovani at moszumanska.debian.org
Thu Nov 2 11:01:58 UTC 2017
This is an automated email from the git hooks/post-receive script.
giovani pushed a commit to branch debian
in repository hashrat.
commit d55f0693933af96c05290056594e40c598119b4e
Merge: c24334a 11f14b4
Author: Giovani Augusto Ferreira <giovani at debian.org>
Date: Wed Oct 25 23:09:35 2017 -0200
Import Debian changes 1.8.11+dfsg-1
hashrat (1.8.11+dfsg-1) unstable; urgency=medium
* New upstream release.
* debian/control:
- Bumped Standards-Version to 4.1.1.
* debian/patches/fix-integer-truncation.patch:
- Removed, the Upstream fixed in source code.
Makefile | 70 -----------------------------
README | 9 +++-
check-hash.c | 8 +---
check.sh | 25 +++++++++--
common.c | 42 +++++++++--------
common.h | 4 +-
debian/changelog | 10 +++++
debian/control | 2 +-
debian/patches/fix-integer-truncation.patch | 27 -----------
debian/patches/fix-spelling.patch | 34 +++++++-------
debian/patches/series | 1 -
files.c | 35 ++++++++-------
hashrat.1 | 5 +--
"tests/bad'file name\".txt" | 1 +
14 files changed, 104 insertions(+), 169 deletions(-)
diff --cc debian/changelog
index 0273f2c,0000000..e9368da
mode 100644,000000..100644
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,146 -1,0 +1,156 @@@
++hashrat (1.8.11+dfsg-1) unstable; urgency=medium
++
++ * New upstream release.
++ * debian/control:
++ - Bumped Standards-Version to 4.1.1.
++ * debian/patches/fix-integer-truncation.patch:
++ - Removed, the Upstream fixed in source code.
++
++ -- Giovani Augusto Ferreira <giovani at debian.org> Wed, 25 Oct 2017 23:09:35 -0200
++
+hashrat (1.8.9+dfsg-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/control:
+ - Bumped Standards-Version to 4.0.1.
+ - Dropped dh-autoreconf from Build-Depends, this is deprecated now.
+ * debian/patches/fix-integer-truncation.patch:
+ - Added to avoid integer truncation on the big files.
+ Thanks to Bernhard Übelacker for the patch. (Closes: #863460)
+
+ -- Giovani Augusto Ferreira <giovani at debian.org> Sun, 03 Sep 2017 16:13:30 -0300
+
+hashrat (1.8.7+dfsg-2) unstable; urgency=medium
+
+ * Upload to unstable.
+ * Maintained support for filesystem Extended Attributes. (Closes: #835268)
+
+ -- Giovani Augusto Ferreira <giovani at debian.org> Sun, 02 Jul 2017 16:21:56 -0300
+
+hashrat (1.8.7+dfsg-1) experimental; urgency=medium
+
+ * New upstream release.
+ * Updated my email address.
+ * debian/control:
+ - Bumped Standards-Version to 4.0.0.
+ * debian/copyright: updated the packaging copyright years.
+ * debian/patches/fix-install.patch:
+ - Added to improve GCC hardening.
+ * debian/rules:
+ - Enabled support for filesystem Extended Attributes. (see: #835268)
+
+ -- Giovani Augusto Ferreira <giovani at debian.org> Sun, 25 Jun 2017 20:31:13 -0300
+
+hashrat (1.8.3+dfsg-2) unstable; urgency=medium
+
+ * Update DH level to 10.
+ * debian/compat: updated to 10.
+ * debian/rules: removed the '--with autoreconf' because it is default
+ in DH 10.
+
+ -- Giovani Augusto Ferreira <giovani at riseup.net> Fri, 16 Dec 2016 23:12:24 -0200
+
+hashrat (1.8.3+dfsg-1) unstable; urgency=medium
+
+ * New upstream release
+ * Added the 'dfsg' suffix.
+ * debian/copyright: updated version from libUseful* files.
+ * debian/patches:
+ - fix-help and fix-spelling-manpage was merged to fix-spelling.patch.
+ - fix-manpage-patch was removed, the Upstream fixed in source code.
+ * debian/README.source: created to explain about the dfsg action.
+ * debian/watch: added a mangle rule to handle the '+dfsg' suffix.
+
+ -- Giovani Augusto Ferreira <giovani at riseup.net> Sun, 25 Sep 2016 18:51:56 -0300
+
+hashrat (1.8.1-2) unstable; urgency=medium
+
+ * debian/watch:
+ -fixed to pick up new versions, previous Debian release
+ without adjustment. (Closes: #832141)
+
+ -- Giovani Augusto Ferreira <giovani at riseup.net> Tue, 26 Jul 2016 07:50:36 -0300
+
+hashrat (1.8.1-1) unstable; urgency=medium
+
+ * New upstream release
+ * debian/control:
+ - Bumped Standards-Version to 3.9.8.
+ * debian/patches/*:
+ - updated the version to 1.8.1 in all files.
+ * debian/watch:
+ - improved to catch new versions starting with the letter 'v'.
+ Thanks Samuel Henrique for patch. (Closes: #832141)
+
+ -- Giovani Augusto Ferreira <giovani at riseup.net> Sat, 23 Jul 2016 23:42:11 -0300
+
+hashrat (1.8.0-1) unstable; urgency=medium
+
+ * New upstream release
+ * debian/control:
+ - Changed from cgit to git in Vcs-Browser field.
+ * debian/watch:
+ - Bumped to version 4.
+ - Leaving only a repository to avoid conflicting on uscan system.
+
+ -- Giovani Augusto Ferreira <giovani at riseup.net> Wed, 23 Mar 2016 23:34:15 -0300
+
+hashrat (1.6.1-4) unstable; urgency=medium
+
+ * New co-maintainer. Thanks a lot to Eriberto Mota, the initial
+ maintainer of this package.
+ * debian/control:
+ - Bumped Standards-Version to 3.9.7.
+ - Fixed a word in long description.
+ - Updated Vcs-* fields.
+ * debian/copyright: added my name at debian/* block.
+
+ -- Giovani Augusto Ferreira <giovani at riseup.net> Sat, 20 Feb 2016 23:55:35 -0300
+
+hashrat (1.6.1-3) unstable; urgency=medium
+
+ * debian/patches/fix-spelling-manpage: added to fix some issues in manpage.
+
+ -- Joao Eriberto Mota Filho <eriberto at debian.org> Sun, 13 Sep 2015 19:14:42 -0300
+
+hashrat (1.6.1-2) unstable; urgency=medium
+
+ * debian/rules: disabled the tests (temporarily) to avoid FTBFS in some
+ architectures.
+
+ -- Joao Eriberto Mota Filho <eriberto at debian.org> Mon, 03 Aug 2015 11:24:46 -0300
+
+hashrat (1.6.1-1) unstable; urgency=medium
+
+ * New upstream release.
+ * debian/clean: removed.
+ * debian/copyright:
+ - Updated the Source field in header.
+ - Updated all information about libUseful-2.1 directory (previously
+ called libUseful-2.0).
+ * debian/docs: created to install the README file.
+ * debian/manpages: removed. The upstream is using the manpage created for
+ Debian. Thanks!
+ * debian/patches/:
+ - fix-help: updated.
+ - fix-manpage-path: created to install the upstream manpage in right
+ place.
+ * debian/source.lintian-overrides: removed. The upstream fixed the source
+ code. Thanks.
+ * debian/rules: re-enabled the autotests (removed the override_dh_auto_test
+ target). The upstream fixed the code. Thanks.
+
+ -- Joao Eriberto Mota Filho <eriberto at debian.org> Thu, 23 Jul 2015 22:03:16 -0300
+
+hashrat (1.5-2) unstable; urgency=medium
+
+ * Upload to unstable.
+ * debian/copyright: dropping dot-zero from GPL license short name.
+
+ -- Joao Eriberto Mota Filho <eriberto at debian.org> Wed, 22 Jul 2015 13:51:05 -0300
+
+hashrat (1.5-1) experimental; urgency=low
+
+ * Initial release. (Closes: #776499)
+
+ -- Joao Eriberto Mota Filho <eriberto at debian.org> Wed, 28 Jan 2015 10:32:25 -0200
diff --cc debian/control
index 295ccd9,0000000..f98afd0
mode 100644,000000..100644
--- a/debian/control
+++ b/debian/control
@@@ -1,29 -1,0 +1,29 @@@
+Source: hashrat
+Section: utils
+Priority: optional
+Maintainer: Debian Forensics <forensics-devel at lists.alioth.debian.org>
+Uploaders: Giovani Augusto Ferreira <giovani at debian.org>
+Build-Depends: debhelper (>= 10)
- Standards-Version: 4.0.1
++Standards-Version: 4.1.1
+Homepage: http://www.cjpaget.co.uk/Code/Hashrat
+Vcs-Git: https://anonscm.debian.org/git/forensics/hashrat.git
+Vcs-Browser: https://anonscm.debian.org/git/forensics/hashrat.git
+
+Package: hashrat
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}
+Description: hashing tool supporting several hashes and recursivity
+ Hashrat is a hash-generation utility that supports the md5, sha1, sha256,
+ sha512, whirlpool, jh-244, jh256, jh-384 and jh-512 hash functions, and
+ also the HMAC versions of those functions. It can output in 'traditional'
+ format (same as md5sum and shasum and the like), or it's own format.
+ .
+ Hashes can be output in octal, decimal, hexadecimal, uppercase hexadecimal
+ or base64.
+ .
+ Hashrat also supports directory recursion, hashing entire devices,
+ generating a hash for an entire directory, operations in remote machines
+ and several other features. It has a 'CGI' mode that can be used as a
+ web-page to lookup hashes.
+ .
+ This tool is useful in forensics investigations and network security.
diff --cc debian/patches/fix-spelling.patch
index 5cf83c4,0000000..29cc448
mode 100644,000000..100644
--- a/debian/patches/fix-spelling.patch
+++ b/debian/patches/fix-spelling.patch
@@@ -1,120 -1,0 +1,120 @@@
+Description: fix some spelling errors in manpage and source code.
+Author: Joao Eriberto Mota Filho <eriberto at debian.org>
+Reviewed-by: Giovani Augusto Ferreira <giovani at debian.org>
+Last-Update: 2016-09-25
- Index: hashrat-1.8.7+dfsg/hashrat.1
++Index: hashrat-1.8.11/hashrat.1
+===================================================================
- --- hashrat-1.8.7+dfsg.orig/hashrat.1
- +++ hashrat-1.8.7+dfsg/hashrat.1
- @@ -221,11 +221,11 @@ DevMode: read from a \fIfile\fP EVEN OF
++--- hashrat-1.8.11.orig/hashrat.1
+++++ hashrat-1.8.11/hashrat.1
++@@ -218,11 +218,11 @@ DevMode: read from a \fIfile\fP EVEN OF
+ .TP
+ .B
+ \fB-lines\fP
+-Read lines from stdin and \fIhash\fP each line independantly.
++Read lines from stdin and \fIhash\fP each line independently.
+ .TP
+ .B
+ \fB-rl\fP, \fB-rawlines\fP
+-Read lines from stdin and \fIhash\fP each line independantly, INCLUDING any trailing whitespace. This is compatible with 'echo text | md5sum'.
++Read lines from stdin and \fIhash\fP each line independently, INCLUDING any trailing whitespace. This is compatible with 'echo text | md5sum'.
+ .TP
+ .B
+ \fB-cgi\fP
- @@ -425,7 +425,7 @@ you use the 'echo' method shown above yo
++@@ -422,7 +422,7 @@ you use the 'echo' method shown above yo
+ This reads lines from stdin, so type into \fBhashrat\fP and then press ENTER, and you'll be given the \fIhash\fP \fIof\fP the line you typed. By this method your password is neither
+ visible in 'ps ax', nor is ever stored on disk.
+ .PP
+-A \fB-lines\fP will produce a different \fIhash\fP \fIto\fP the 'echo' method listed above, because it strips any trailing whiespace off the lines read. If you want strict compatiblity
++A \fB-lines\fP will produce a different \fIhash\fP \fIto\fP the 'echo' method listed above, because it strips any trailing whiespace off the lines read. If you want strict compatibility
+ with 'echo' (by default echo adds a newline \fIto\fP the end \fIof\fP the text \fIto\fP output) then use rawlines mode:
+ .PP
+ .nf
- @@ -527,7 +527,7 @@ Using the \fB-dups\fP flag (usually in c
++@@ -524,7 +524,7 @@ Using the \fB-dups\fP flag (usually in c
+ CGI Mode
+ .PP
+ If \fBhashrat\fP is run with the \fB-cgi\fP flag, or if it's run with a name \fIof\fP hashrat.cgi (either by renaming the \fBhashrat\fP executable, or via a symbolic link) it will output a
+-webpage that allows users \fIto\fP look up \fIhashes\fP over the web. This allows \fIto\fP look-up your strong passwords even if youI don't have access \fIto\fP a local version \fIof\fP \fBhashrat\fP.
++webpage that allows users \fIto\fP look up \fIhashes\fP over the web. This allows \fIto\fP look-up your strong passwords even if you don't have access \fIto\fP a local version \fIof\fP \fBhashrat\fP.
+ .SH EXTENDED FILESYSTEM ATTRIBUTES
+
+ Hashrat can use extended filesystem attributes where these are supported. This allows a \fIhash\fP \fIto\fP be stored in the filesystem metadata \fIof\fP the target \fIfile\fP. This can
- @@ -550,7 +550,7 @@ And using the \fB-txattr\fP flag \fIto\f
++@@ -547,7 +547,7 @@ And using the \fB-txattr\fP flag \fIto\f
+
+ .fam T
+ .fi
+-When checking either flag can be used, but \fBhashrat\fP will always use trusted attributes when running as root, if those are avaialable, otherwise it will fall
++When checking either flag can be used, but \fBhashrat\fP will always use trusted attributes when running as root, if those are available, otherwise it will fall
+ back \fIto\fP user attributes.
+ .PP
+ .nf
- Index: hashrat-1.8.7+dfsg/command-line-args.c
++Index: hashrat-1.8.11/command-line-args.c
+===================================================================
- --- hashrat-1.8.7+dfsg.orig/command-line-args.c
- +++ hashrat-1.8.7+dfsg/command-line-args.c
++--- hashrat-1.8.11.orig/command-line-args.c
+++++ hashrat-1.8.11/command-line-args.c
+@@ -550,13 +550,13 @@ printf(" %-15s %s\n","-fs", "Stay on on
+ printf(" %-15s %s\n","-dir", "DirMode: Read all files in directory and create one hash for them!");
+ printf(" %-15s %s\n","-dirmode", "DirMode: Read all files in directory and create one hash for them!");
+ printf(" %-15s %s\n","-devmode", "DevMode: read from a file EVEN OF IT'S A DEVNODE");
+-printf(" %-15s %s\n","-lines", "Read lines from stdin and hash each line independantly.");
+-printf(" %-15s %s\n","-rawlines", "Read lines from stdin and hash each line independantly, INCLUDING any trailing whitespace. (This is compatible with 'echo text | md5sum')");
+-printf(" %-15s %s\n","-rl", "Read lines from stdin and hash each line independantly, INCLUDING any trailing whitespace. (This is compatible with 'echo text | md5sum')");
++printf(" %-15s %s\n","-lines", "Read lines from stdin and hash each line independently.");
++printf(" %-15s %s\n","-rawlines", "Read lines from stdin and hash each line independently, INCLUDING any trailing whitespace. (This is compatible with 'echo text | md5sum')");
++printf(" %-15s %s\n","-rl", "Read lines from stdin and hash each line independently, INCLUDING any trailing whitespace. (This is compatible with 'echo text | md5sum')");
+ printf(" %-15s %s\n","-cgi", "Run in HTTP CGI mode");
+ printf(" %-15s %s\n","-net", "Treat 'file' arguments as either ssh or http URLs, and pull files over the network and then hash them (Allows hashing of files on remote machines).");
+ printf(" %-15s %s\n","", "URLs are in the format ssh://[username]:[password]@[host]:[port] or http://[username]:[password]@[host]:[port]..");
+-printf(" %-15s %s\n","-idfile <path>", "Path to an ssh private key file to use to authenticate INSTEAD OF A PASSWORD when pulling files via ssh.");
++printf(" %-15s %s\n","-idfile <path>", "Path to a ssh private key file to use to authenticate INSTEAD OF A PASSWORD when pulling files via ssh.");
+ printf(" %-15s %s\n","-xattr", "Use eXtended file ATTRibutes. In hash mode, store hashes in the file attributes, in check mode compare against hashes stored in file attributes.");
+ printf(" %-15s %s\n","-txattr", "Use TRUSTED eXtended file ATTRibutes. In hash mode, store hashes in 'trusted' file attributes. 'trusted' attributes can only be read and written by root. Under freebsd this menas SYSTEM attributes.");
+ printf(" %-15s %s\n","-attrs", "comma-separated list of filesystem attribute names to be set to the value of the hash.");
- Index: hashrat-1.8.7+dfsg/README
++Index: hashrat-1.8.11/README
+===================================================================
- --- hashrat-1.8.7+dfsg.orig/README
- +++ hashrat-1.8.7+dfsg/README
++--- hashrat-1.8.11.orig/README
+++++ hashrat-1.8.11/README
+@@ -102,7 +102,7 @@ Options:
+ -cgi Run in HTTP CGI mode
+ -net Treat 'file' arguments as either ssh or http URLs, and pull files over the network and then hash them (Allows hashing of files on remote machines).
+ URLs are in the format ssh://[username]:[password]@[host]:[port] or http://[username]:[password]@[host]:[port]..
+- -idfile <path> Path to an ssh private key file to use to authenticate INSTEAD OF A PASSWORD when pulling files via ssh.
++ -idfile <path> Path to a ssh private key file to use to authenticate INSTEAD OF A PASSWORD when pulling files via ssh.
+ -xattr Use eXtended file ATTRibutes. In hash mode, store hashes in the file attributes, in check mode compare against hashes stored in file attributes.
+ -txattr Use TRUSTED eXtended file ATTRibutes. In hash mode, store hashes in 'trusted' file attributes. 'trusted' attributes can only be read and written by root.
+ -attrs comma-separated list of filesystem attribute names to be set to the value of the hash.
- @@ -132,7 +132,7 @@ USE EXAMPLES:
++@@ -137,7 +137,7 @@ USE EXAMPLES:
+
+ hashrat
+
+- Generate an md5 hash of data read from stdin (default hash type is md5).
++ Generate a md5 hash of data read from stdin (default hash type is md5).
+
+ hashrat -jh256
+
- @@ -140,7 +140,7 @@ USE EXAMPLES:
++@@ -145,7 +145,7 @@ USE EXAMPLES:
+
+ hashrat -sha256 -64
+
+- Generate an sha-256 hash of data read from stdin, output with base64 encoding.
++ Generate a sha-256 hash of data read from stdin, output with base64 encoding.
+
+ hashrat -sha256 -64 -lines
+
- @@ -148,7 +148,7 @@ USE EXAMPLES:
++@@ -153,7 +153,7 @@ USE EXAMPLES:
+
+ hashrat -md5 -trad -rawlines
+
+- Read lines from stdin, and generate an md5 hash in 'traditional' format for every line INCLUDING TRAILING WHITESPACE. This is compatible with 'echo text | md5sum' where 'text' is one line, as 'echo' adds a newline to the end of the text it outputs.
++ Read lines from stdin, and generate a md5 hash in 'traditional' format for every line INCLUDING TRAILING WHITESPACE. This is compatible with 'echo text | md5sum' where 'text' is one line, as 'echo' adds a newline to the end of the text it outputs.
+
+ hashrat -type sha256,whirl,md5
+
- @@ -215,7 +215,7 @@ USES FOR HASHRAT
++@@ -220,7 +220,7 @@ USES FOR HASHRAT
+
+ echo "facebook.com password 1234" | hashrat -sha1 -64
+
+- Obviously, my password isn't 'password' and my pin isn't '1234', but you get the idea. This gives me a 28-character string that should take "8.02 trillion trillion centuries" to crack with a "massive cracking array" according to Steve Gibson's 'Password haystacks' utility, https://www.grc.com/haystack.htm. This is what I then use as my password. Unfortunately some websites won't take a 28-character password, and for these I have to truncate to the appropriate length (using the -n flag [...]
++ Obviously, my password isn't 'password' and my pin isn't '1234', but you get the idea. This gives me a 28-character string that should take "8.02 trillion centuries" to crack with a "massive cracking array" according to Steve Gibson's 'Password haystacks' utility, https://www.grc.com/haystack.htm. This is what I then use as my password. Unfortunately some websites won't take a 28-character password, and for these I have to truncate to the appropriate length (using the -n flag), but th [...]
+
+ There are some dangers to using the 'echo' method shown above if you are on a shared machine, or if someone gets hold of your computer/harddrive. On a shared machine someone could type 'ps ax' to see all commands running, and if they time it right, they might see your command-line with your password in it. Another danger lies in using a shell (like bash) that will record your typed commands so you can recall them later. Bash stores this information on disk in the file .bash_history, s [...]
+
diff --cc debian/patches/series
index 5450d48,0000000..06a4de6
mode 100644,000000..100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@@ -1,3 -1,0 +1,2 @@@
+fix-install.patch
+fix-spelling.patch
- fix-integer-truncation.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/hashrat.git
More information about the forensics-changes
mailing list