On Wed, Apr 09, 2014 at 01:09:40PM +0200, Agustin Martin wrote: > On Mon, Apr 07, 2014 at 12:38:16PM +0200, Agustin Martin wrote: > > If something Debian-only is to be done with this package to keep it > > available, it could be disabling encryption, together with a descriptive > > error message. This would be a minimal intervention and have the advantages > > of (1) and (2). > > > > This should be documented in the package description and would allow users > > to decrypt already encrypted data (you never know where that may appear), > > but not to encrypt. > > > > What maintainer thinks about this? > > > > Note that this package has been proposed for removal (See cc'ed > > http://bugs.debian.org/740748), so if any action is intended to keep this > > package in the archive it should happen soon. > > Although my C skills are not good I played a bit with this. > > I'd expected attached patch to handle the encryption disabling.
Since I heard nothing from maintainer I plan a 0-day NMU with attached patch. I noticed that I still have some stuff encrypted with bcrypt and would not like to prepare a personal package just to deal with those not yet found. ftpmasters, what should I do regarding removal bug #740748? I plan to upload encription-disabled bcrypt package closing #700758, wait for it to reach testing in case any problem appear and then reassign #740748 to bcrypt and forcemerge it with #700758. Do you prefer both bug reports being closed on upload? -- Agustin
>From 4de49e57ba2cf5261951841ac68c44b55cfabef1 Mon Sep 17 00:00:00 2001 From: Agustin Martin Domingo <agmar...@debian.org> Date: Tue, 8 Apr 2014 18:56:40 +0200 Subject: [PATCH] Disable encryption support. See http://bugs.debian.org/700758 [Bcrypt exposes patterns in data, it is broken] --- debian/changelog | 8 +++++ debian/control | 4 ++- debian/patches/00list | 1 + .../patches/04_main.c_abort-on-encryption.dpatch | 39 ++++++++++++++++++++++ debian/patches/05_big_files.dpatch | 0 5 files changed, 51 insertions(+), 1 deletion(-) create mode 100755 debian/patches/04_main.c_abort-on-encryption.dpatch mode change 100644 => 100755 debian/patches/05_big_files.dpatch diff --git a/debian/changelog b/debian/changelog index 6a4195d..4cd20b7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +bcrypt (1.1-8.1) unstable; urgency=low + + * Non-maintainer upload. + * Disable RC broken encryption support (Closes: #700758). Make this a + decrypt-only package for already created files. + + -- Agustin Martin Domingo <agmar...@debian.org> Thu, 08 May 2014 11:46:38 +0200 + bcrypt (1.1-8) unstable; urgency=low * Additional RC bug closed with patch added version 1.1-7. Closes: #693460. diff --git a/debian/control b/debian/control index 62b2f6e..0365c77 100644 --- a/debian/control +++ b/debian/control @@ -9,7 +9,9 @@ Standards-Version: 3.8.3 Package: bcrypt Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} -Description: Cross platform file encryption utility using blowfish +Description: Cross platform file encryption utility using blowfish (Decrypt only) + WARNING: decrypt-only Debian package. Encryption disabled. + See http://bugs.debian.org/700758. Bcrypt is a cross platform file encryption utility. Encrypted files are portable across all supported operating systems and processors. In addition to encrypting your data, bcrypt will by default overwrite the original input diff --git a/debian/patches/00list b/debian/patches/00list index 052aff1..3401a60 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -1 +1,2 @@ +04_main.c_abort-on-encryption 05_big_files diff --git a/debian/patches/04_main.c_abort-on-encryption.dpatch b/debian/patches/04_main.c_abort-on-encryption.dpatch new file mode 100755 index 0000000..66ab07f --- /dev/null +++ b/debian/patches/04_main.c_abort-on-encryption.dpatch @@ -0,0 +1,39 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 04_main.c_abort-on-encryption.dpatch by Agustin Martin <agmar...@debian.org> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Disable encryption support. See http://bugs.debian.org/700758 +## DP: Bcrypt exposes patterns in data, it is broken] + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' bcrypt~/main.c bcrypt/main.c +--- bcrypt~/main.c 2014-04-08 18:38:59.000000000 +0200 ++++ bcrypt/main.c 2014-04-08 18:39:57.855694078 +0200 +@@ -51,6 +51,11 @@ + exit(1); + } + ++int abort_on_encryption() { ++ fprintf(stderr, "Encryption support disabled. See http://bugs.debian.org/700758\n"); ++ exit(1); ++} ++ + int parseArgs(int *argc, char **argv, BCoptions *options) { + signed char ch; + char *progname; +@@ -141,6 +146,7 @@ + if (memcmp(*infile+(strlen(*infile) - 4), ".bfe", 4) == 0) + return(1); + ++ abort_on_encryption(); + strcat(*outfile, ".bfe"); + options->type = ENCRYPT; + +@@ -148,6 +154,7 @@ + return(1); + + } else if ((!key) || (options->type == ENCRYPT)) { ++ abort_on_encryption(); + strcat(*outfile, ".bfe"); + options->type = ENCRYPT; + } else diff --git a/debian/patches/05_big_files.dpatch b/debian/patches/05_big_files.dpatch old mode 100644 new mode 100755 -- 2.0.0.rc0