On Mon, Apr 07, 2014 at 12:38:16PM +0200, Agustin Martin wrote: > On Mon, Feb 24, 2014 at 04:55:50PM +0100, Ulrik wrote: > > Hi, > > > > Fixing the flaw is not a good idea. A debian-developed new encrypted > > file format just to salvage this package? Not a good idea. > > > > Alternatives: > > > > 1) Remove it > > 2) Document the flaw directly in the package description, recommend > > a better solution (gpg) directly in the package description. > > > > Alternative (2) would allow users (if any) to decrypt/migrate their data. > > Hi, > > If something Debian-only is to be done with this package to keep it > available, it could be disabling encryption, together with a descriptive > error message. This would be a minimal intervention and have the advantages > of (1) and (2). > > This should be documented in the package description and would allow users > to decrypt already encrypted data (you never know where that may appear), > but not to encrypt. > > What maintainer thinks about this? > > Note that this package has been proposed for removal (See cc'ed > http://bugs.debian.org/740748), so if any action is intended to keep this > package in the archive it should happen soon.
Although my C skills are not good I played a bit with this. I'd expected attached patch to handle the encryption disabling. Regards, -- Agustin
>From 29d4b4e73f945cbd8a757659e665a70c1ff4b56f Mon Sep 17 00:00:00 2001 From: Agustin Martin Domingo <agmar...@debian.org> Date: Tue, 8 Apr 2014 18:56:40 +0200 Subject: [PATCH] Disable encryption support. See http://bugs.debian.org/700758 --- debian/control | 2 ++ debian/patches/00list | 1 + .../patches/04_main.c_abort-on-encryption.dpatch | 38 ++++++++++++++++++++++ debian/patches/05_big_files.dpatch | 0 4 files changed, 41 insertions(+) create mode 100755 debian/patches/04_main.c_abort-on-encryption.dpatch mode change 100644 => 100755 debian/patches/05_big_files.dpatch diff --git a/debian/control b/debian/control index 62b2f6e..6a220bd 100644 --- a/debian/control +++ b/debian/control @@ -10,6 +10,8 @@ Package: bcrypt Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: Cross platform file encryption utility using blowfish + WARNING: decrypt-only Debian package. Encryption disabled. + See http://bugs.debian.org/700758. Bcrypt is a cross platform file encryption utility. Encrypted files are portable across all supported operating systems and processors. In addition to encrypting your data, bcrypt will by default overwrite the original input diff --git a/debian/patches/00list b/debian/patches/00list index 052aff1..3401a60 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -1 +1,2 @@ +04_main.c_abort-on-encryption 05_big_files diff --git a/debian/patches/04_main.c_abort-on-encryption.dpatch b/debian/patches/04_main.c_abort-on-encryption.dpatch new file mode 100755 index 0000000..694f305 --- /dev/null +++ b/debian/patches/04_main.c_abort-on-encryption.dpatch @@ -0,0 +1,38 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 04_main.c_abort-on-encryption.dpatch by Agustin Martin <agmar...@debian.org> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Disable encryption support. See http://bugs.debian.org/700758 + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' bcrypt~/main.c bcrypt/main.c +--- bcrypt~/main.c 2014-04-08 18:38:59.000000000 +0200 ++++ bcrypt/main.c 2014-04-08 18:39:57.855694078 +0200 +@@ -51,6 +51,11 @@ + exit(1); + } + ++int abort_on_encryption() { ++ fprintf(stderr, "Encryption support removed. See http://bugs.debian.org/700758\n";); ++ exit(1); ++} ++ + int parseArgs(int *argc, char **argv, BCoptions *options) { + signed char ch; + char *progname; +@@ -141,6 +146,7 @@ + if (memcmp(*infile+(strlen(*infile) - 4), ".bfe", 4) == 0) + return(1); + ++ abort_on_encryption(); + strcat(*outfile, ".bfe"); + options->type = ENCRYPT; + +@@ -148,6 +154,7 @@ + return(1); + + } else if ((!key) || (options->type == ENCRYPT)) { ++ abort_on_encryption(); + strcat(*outfile, ".bfe"); + options->type = ENCRYPT; + } else diff --git a/debian/patches/05_big_files.dpatch b/debian/patches/05_big_files.dpatch old mode 100644 new mode 100755 -- 1.9.1
