Debian

Available patches from Ubuntu

To see Ubuntu differences wrt. to Debian, write down a grep-dctrl query identifying the packages you're interested in:
grep-dctrl -n -sPackage Sources.Debian
(e.g. -FPackage linux-ntfs or linux-ntfs)

Modified packages are listed below:

Debian ( Changelog | PTS | Bugs ) Ubuntu ( Changelog | txt | LP | Bugs ) | Diff from Ubuntu

Source: pam-mysql

pam-mysql (0.8.0-1ubuntu3) eoan; urgency=medium * No change rebuild for libmysqlclient21. -- Robie Basak <robie.basak@ubuntu.com> Mon, 12 Aug 2019 11:32:31 +0000 pam-mysql (0.8.0-1ubuntu2) bionic; urgency=high * No change rebuild against openssl1.1. -- Dimitri John Ledkov <xnox@ubuntu.com> Mon, 05 Feb 2018 16:51:38 +0000 pam-mysql (0.8.0-1ubuntu1) artful; urgency=medium * debian/patches/fix-mysql-password-hash.patch: Calculate the correct hash for mysql PASSWORD(). (LP: #1574911, LP: #1574900) -- Andreas Hasenack <andreas@canonical.com> Wed, 06 Sep 2017 19:22:51 -0300

Modifications :
  1. Download patch debian/control

    --- 0.8.0-1/debian/control 2016-12-01 10:19:24.000000000 +0000 +++ 0.8.0-1ubuntu3/debian/control 2017-09-06 22:22:51.000000000 +0000 @@ -1,7 +1,8 @@ Source: pam-mysql Section: admin Priority: extra -Maintainer: Ferenc Wágner <wferi@debian.org> +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> +XSBC-Original-Maintainer: Ferenc Wágner <wferi@debian.org> Standards-Version: 3.9.8 Build-Depends: debhelper (>= 9),
  2. Download patch debian/patches/series

    --- 0.8.0-1/debian/patches/series 2016-12-01 10:19:24.000000000 +0000 +++ 0.8.0-1ubuntu3/debian/patches/series 2017-09-06 22:22:51.000000000 +0000 @@ -3,3 +3,4 @@ Don-t-destroy-CPPFLAGS.patch Eliminate-obsolete-AC_OUTPUT-argument.patch AC_CONFIG_FILES-are-automatically-distributed.patch Fix-spelling-in-README-slogs-slows.patch +fix-mysql-password-hash.patch
  3. Download patch debian/patches/fix-mysql-password-hash.patch

    --- 0.8.0-1/debian/patches/fix-mysql-password-hash.patch 1970-01-01 00:00:00.000000000 +0000 +++ 0.8.0-1ubuntu3/debian/patches/fix-mysql-password-hash.patch 2017-09-06 22:22:51.000000000 +0000 @@ -0,0 +1,72 @@ +Description: Calculate the correct hash for mysql PASSWORD() + my_make_scrambled_password() is not a replacement for the old + make_scrambled_password() function that the mysql client library stopped + exporting a while ago. In fact, there is no equivalent function anymore. + Since it's just a double SHA1 hash converted into hex and we are already + linking with openssl, we can use its SHA1() function and hexify the result. + . + Upstream took the route of directly pulling in SHA1 and other crypto code, + see https://git.io/v5HDI for the commit. + . + This patch isn't needed anymore starting with upstream version 0.8.1. +Author: Andreas Hasenack <andreas@canonical.com> +Bug: https://bugs.mysql.com/bug.php?id=86357 +Bug-Ubuntu: https://launchpad.net/bugs/1574911 +Bug-Ubuntu: https://launchpad.net/bugs/1574900 +Last-Update: 2017-09-14 + +--- a/pam_mysql.c ++++ b/pam_mysql.c +@@ -548,6 +548,25 @@ + } + /* }}} */ + ++#ifdef HAVE_OPENSSL ++/* This mimics the server-side PASSWORD() SQL, which is: ++ * "*" + "hex(sha1(sha1(password)))" + "\0" ++ * length is 2*SHA_DIGEST_LENGTH + 2 ++ */ ++#define PAM_MYSQL_PASSWORD ++static void pam_mysql_password(const unsigned char *d, unsigned int sz, char *md) ++{ ++ int i; ++ unsigned char hash1[SHA_DIGEST_LENGTH], hash2[SHA_DIGEST_LENGTH]; ++ ++ SHA1(d, sz, hash1); ++ SHA1(hash1, SHA_DIGEST_LENGTH, hash2); ++ *md = '*'; ++ for (i=0; i < SHA_DIGEST_LENGTH; i++) ++ sprintf(&md[i*2+1], "%02X", hash2[i]); ++} ++#endif ++ + /* {{{ pam_mysql_md5_data + * + * AFAIK, only FreeBSD has MD5Data() defined in md5.h +@@ -2892,10 +2911,12 @@ + } else { + my_make_scrambled_password(buf, passwd, strlen(passwd)); + } ++#elif defined(PAM_MYSQL_PASSWORD) ++ pam_mysql_password(passwd, strlen(passwd), buf); + #else +- my_make_scrambled_password(buf, passwd, strlen(passwd)); ++ syslog(LOG_AUTHPRIV | LOG_ERR, PAM_MYSQL_LOG_PREFIX "No support for MySQL's PASSWORD in this build"); ++ break; + #endif +- + vresult = strcmp(row[0], buf); + { + char *p = buf - 1; +@@ -3137,8 +3158,10 @@ + } else { + my_make_scrambled_password(encrypted_passwd, new_passwd, strlen(new_passwd)); + } ++#elif defined (PAM_MYSQL_PASSWORD) ++ pam_mysql_password(new_passwd, strlen(new_passwd), encrypted_passwd); + #else +- my_make_scrambled_password(encrypted_passwd, new_passwd, strlen(new_passwd)); ++ syslog(LOG_AUTHPRIV | LOG_ERR, PAM_MYSQL_LOG_PREFIX "No support for MySQL's PASSWORD in this build"); + #endif + break; +
  1. pam-mysql