--- bcrypt-1.1.orig/Makefile +++ bcrypt-1.1/Makefile @@ -4,18 +4,18 @@ COMPILE = ${CC} ${CFLAGS} OBJS = main.o blowfish.o rwfile.o keys.o wrapbf.o endian.o wrapzl.o LDFLAGS = -L/usr/local/lib -lz -PREFIX = /usr/local +PREFIX = ${DESTDIR}/usr/ bcrypt: ${OBJS} Makefile ${COMPILE} -o bcrypt ${OBJS} ${LDFLAGS} install: bcrypt Makefile mkdir -p ${PREFIX}/bin;\ - mkdir -p ${PREFIX}/man/man1;\ + mkdir -p ${PREFIX}/share/man/man1;\ cp bcrypt ${PREFIX}/bin;\ - cp bcrypt.1 ${PREFIX}/man/man1;\ + cp bcrypt.1 ${PREFIX}/share/man/man1;\ chmod 755 ${PREFIX}/bin/bcrypt;\ - chmod 644 ${PREFIX}/man/man1/bcrypt.1 + chmod 644 ${PREFIX}/share/man/man1/bcrypt.1 main.o: main.c ${DEFAULTS} ${COMPILE} -c main.c @@ -38,6 +38,8 @@ endian.o: endian.c ${DEFAULTS} ${COMPILE} -c endian.c +distclean: clean + clean: rm -rf *.o bcrypt bcrypt.core core bcrypt.tgz --- bcrypt-1.1.orig/debian/README.source +++ bcrypt-1.1/debian/README.source @@ -0,0 +1 @@ +Please see /usr/share/doc/dpatch/README.source.gz --- bcrypt-1.1.orig/debian/changelog +++ bcrypt-1.1/debian/changelog @@ -0,0 +1,80 @@ +bcrypt (1.1-8.1) unstable; urgency=low + + * Non-maintainer upload. + * Disable RC broken encryption support (Closes: #700758). Make this a + decrypt-only package for already created files. + + -- Agustin Martin Domingo Thu, 08 May 2014 11:46:38 +0200 + +bcrypt (1.1-8) unstable; urgency=low + + * Additional RC bug closed with patch added version 1.1-7. Closes: #693460. + + -- Kevin Coyner Sun, 02 Dec 2012 17:15:26 +0000 + +bcrypt (1.1-7) unstable; urgency=low + + * Added new patch to deal with bcrypt trying to load entire file into memory + regardless of size. Thanks to Michael Stapelberg. Closes: #694091. + * Removed unneeded amd_memory patch. + + -- Kevin Coyner Sun, 02 Dec 2012 14:53:40 +0000 + +bcrypt (1.1-6) unstable; urgency=low + + * Applied patch to deal with memory problem on amd64 platforms. Closes: + #494469 + * debian/control: + + Moved homepage from description to its own header. + + Added dpatch to Build-Depends. + + Bumped Standards-Version to 3.8.3. + + Bumped debhelper version to 7.4~. + * debian/rules: + + Added dpatch entries. + + Added dh_auto_clean to build stanza. + + Changed dh_clean -k to dh_prep in install stanza. + * Added new file debian/README.source per Debian Policy. + * Bumped debian/compat to 7 from 5. + + -- Kevin Coyner Thu, 08 Oct 2009 21:42:59 -0400 + +bcrypt (1.1-5) unstable; urgency=low + + * New maintainer e-mail address in debian/control, copyright and changelog. + * Changed a clean invocation in debian/rules. + + -- Kevin Coyner Sun, 05 Aug 2007 16:32:57 -0400 + +bcrypt (1.1-4) unstable; urgency=low + + * New maintainer. Closes: #424712 + * Cleaned up debian/rules. + * Bumped debian/compat to 5. + * Bumped debhelper to version 5 and Standards-Version to 3.7.2 in + debian/control. Added homepage URL in the description. + * Removed debian/docs and listed file to be installed in debian/rules. + * Removed unneeded debian/dirs file. + * Reformatted debian/copyright file. + * Added debian/watch file. + * Added lintian source overrides file for CVS in source package. + + -- Kevin Coyner Wed, 16 May 2007 21:20:47 -0400 + +bcrypt (1.1-3) unstable; urgency=low + + * Added a better description (Closes: #354605) + + -- Samuele Giovanni Tonon Fri, 17 Mar 2006 12:42:22 +0100 + +bcrypt (1.1-2) unstable; urgency=low + + * Fixed Missing Build Depends + + -- Samuele Giovanni Tonon Mon, 19 Jan 2004 09:42:36 +0100 + +bcrypt (1.1-1) unstable; urgency=low + + * Initial Release. + + -- Samuele Giovanni Tonon Wed, 17 Dec 2003 21:50:47 +0100 + --- bcrypt-1.1.orig/debian/compat +++ bcrypt-1.1/debian/compat @@ -0,0 +1 @@ +7 --- bcrypt-1.1.orig/debian/control +++ bcrypt-1.1/debian/control @@ -0,0 +1,21 @@ +Source: bcrypt +Section: utils +Priority: optional +Maintainer: Kevin Coyner +Build-Depends: debhelper (>= 7.4~), libz-dev, dpatch +Homepage: http://bcrypt.sourceforge.net/ +Standards-Version: 3.8.3 + +Package: bcrypt +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Cross platform file encryption utility using blowfish (Decrypt only) + WARNING: decrypt-only Debian package. Encryption disabled. + See http://bugs.debian.org/700758. + Bcrypt is a cross platform file encryption utility. Encrypted files are + portable across all supported operating systems and processors. In addition + to encrypting your data, bcrypt will by default overwrite the original input + file with random garbage three times before deleting it in order to thwart + data recovery attempts by persons who may gain access to your computer. + Bcrypt uses the blowfish encryption algorithm published by Bruce Schneier in + 1993. --- bcrypt-1.1.orig/debian/copyright +++ bcrypt-1.1/debian/copyright @@ -0,0 +1,43 @@ +This package was debianized by Samuele Giovanni Tonon on +Wed, 17 Dec 2003 21:50:47 +0100. + +It was downloaded from http://bcrypt.sourceforge.net/index.html + +Upstream Author: Johnny Shelley + +License: + +Copyright (c) 2002 Johnny Shelley + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + 3. Neither the name of the author nor any contributors may be used to + endorse or promote products derived from this software without specific + prior written permission. + + THIS SOFTWARE IS PROVIDED BY COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' + AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER + CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + +On Debian systems, the complete text of the BSD License can be found in +/usr/share/common-licenses/BSD. + +The Debian packaging is (C) 2007, Kevin Coyner and +is licensed under the GPL, see `/usr/share/common-licenses/GPL'. --- bcrypt-1.1.orig/debian/patches/00list +++ bcrypt-1.1/debian/patches/00list @@ -0,0 +1,2 @@ +04_main.c_abort-on-encryption +05_big_files --- bcrypt-1.1.orig/debian/patches/04_main.c_abort-on-encryption.dpatch +++ bcrypt-1.1/debian/patches/04_main.c_abort-on-encryption.dpatch @@ -0,0 +1,39 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 04_main.c_abort-on-encryption.dpatch by Agustin Martin +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Disable encryption support. See http://bugs.debian.org/700758 +## DP: Bcrypt exposes patterns in data, it is broken] + +@DPATCH@ +diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' bcrypt~/main.c bcrypt/main.c +--- bcrypt~/main.c 2014-04-08 18:38:59.000000000 +0200 ++++ bcrypt/main.c 2014-04-08 18:39:57.855694078 +0200 +@@ -51,6 +51,11 @@ + exit(1); + } + ++int abort_on_encryption() { ++ fprintf(stderr, "Encryption support disabled. See http://bugs.debian.org/700758\n"); ++ exit(1); ++} ++ + int parseArgs(int *argc, char **argv, BCoptions *options) { + signed char ch; + char *progname; +@@ -141,6 +146,7 @@ + if (memcmp(*infile+(strlen(*infile) - 4), ".bfe", 4) == 0) + return(1); + ++ abort_on_encryption(); + strcat(*outfile, ".bfe"); + options->type = ENCRYPT; + +@@ -148,6 +154,7 @@ + return(1); + + } else if ((!key) || (options->type == ENCRYPT)) { ++ abort_on_encryption(); + strcat(*outfile, ".bfe"); + options->type = ENCRYPT; + } else --- bcrypt-1.1.orig/debian/patches/05_big_files.dpatch +++ bcrypt-1.1/debian/patches/05_big_files.dpatch @@ -0,0 +1,434 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 05_big_files.dpatch by Kevin Coyner +## Thanks to Michael Stapelberg for the patch. +## +## DP: big_files + +@DPATCH@ + +diff -ur bcrypt-1.1.O/functions.h bcrypt-1.1/functions.h +--- bcrypt-1.1.O/functions.h 2002-09-12 11:09:38.000000000 +0200 ++++ bcrypt-1.1/functions.h 2012-11-25 12:12:29.451956678 +0100 +@@ -11,10 +11,8 @@ + #include "blowfish.h" + + /* from wrapbf.c */ +-uLong BFEncrypt(char **input, char *key, uLong sz, +- BCoptions *options); +-uLong BFDecrypt(char **input, char *key, char *key2, +- uLong sz, BCoptions *options); ++off_t BFEncrypt(int infd, int outfd, char *key, BCoptions *options); ++off_t BFDecrypt(int infd, int outfd, char *key, char *key2, BCoptions *options); + + /* from keys.c */ + char * getkey(int type); +diff -ur bcrypt-1.1.O/main.c bcrypt-1.1/main.c +--- bcrypt-1.1.O/main.c 2002-09-12 11:50:12.000000000 +0200 ++++ bcrypt-1.1/main.c 2012-11-25 12:12:41.835771398 +0100 +@@ -6,6 +6,10 @@ + * for details + * ==================================================================== + */ ++#include ++#include ++#include ++ + + #include "includes.h" + #include "defines.h" +@@ -156,8 +160,8 @@ + } + + int main(int argc, char *argv[]) { +- uLong sz = 0; +- char *input = NULL, *key = NULL, *key2 = NULL; ++ off_t sz = 0; ++ char *key = NULL, *key2 = NULL; + char *infile = NULL, *outfile = NULL; + struct stat statbuf; + BCoptions options; +@@ -174,42 +178,35 @@ + mutateKey(&key, &key2); + } + +- sz = readfile(infile, &input, options.type, key, statbuf); +- +- if ((options.type == DECRYPT) && (testEndian(input))) +- swapCompressed(&input, sz); ++ int infd = open(infile, O_RDONLY); ++ if (infd == -1) { ++ perror("open(infile)"); ++ continue; ++ } + +- if ((options.compression == 1) && (options.type == ENCRYPT)) { +- options.origsize = sz; +- sz = docompress(&input, sz); ++ int outfd = open(outfile, O_CREAT | O_TRUNC | O_RDWR, 0644); ++ if (outfd == -1) { ++ perror("open(infile)"); ++ continue; + } + + if (options.type == ENCRYPT) { +- sz = attachKey(&input, key, sz); +- sz = padInput(&input, sz); +- } ++ options.origsize = statbuf.st_size; + +- if (options.type == ENCRYPT) +- sz = BFEncrypt(&input, key, sz, &options); +- else if (options.type == DECRYPT) +- if ((sz = BFDecrypt(&input, key, key2, sz, &options)) == 0) { ++ sz = BFEncrypt(infd, outfd, key, &options); ++ } else { ++ if ((sz = BFDecrypt(infd, outfd, key, key2, &options)) == 0) { + fprintf(stderr, "Invalid encryption key for file: %s\n", infile); + exit(1); + } ++ ftruncate(outfd, sz); ++ } + +- if ((options.compression == 1) && (options.type == DECRYPT)) +- sz = douncompress(&input, sz, options); +- +- writefile(outfile, input, sz, options, statbuf); +- +- if ((input = realloc(input, sizeof(char *))) == NULL) +- memerror(); ++ close(infd); ++ close(outfd); + + if (options.remove == 1) + deletefile(infile, options, key, statbuf); +- +- if (input != NULL) +- free(input); + } + + if(!sz) +diff -ur bcrypt-1.1.O/Makefile bcrypt-1.1/Makefile +--- bcrypt-1.1.O/Makefile 2012-11-25 12:31:43.000000000 +0100 ++++ bcrypt-1.1/Makefile 2012-11-25 12:07:31.035957620 +0100 +@@ -1,6 +1,6 @@ + DEFAULTS = Makefile includes.h blowfish.h functions.h config.h + CC = gcc +-CFLAGS = -O2 -Wall ++CFLAGS = -O2 -Wall -D_FILE_OFFSET_BITS=64 + COMPILE = ${CC} ${CFLAGS} + OBJS = main.o blowfish.o rwfile.o keys.o wrapbf.o endian.o wrapzl.o + LDFLAGS = -L/usr/local/lib -lz +diff -ur bcrypt-1.1.O/wrapbf.c bcrypt-1.1/wrapbf.c +--- bcrypt-1.1.O/wrapbf.c 2002-09-13 08:55:04.000000000 +0200 ++++ bcrypt-1.1/wrapbf.c 2012-11-25 12:12:27.531985410 +0100 +@@ -11,107 +11,244 @@ + #include "defines.h" + #include "functions.h" + +-uLong BFEncrypt(char **input, char *key, uLong sz, BCoptions *options) { +- uInt32 L, R; +- uLong i; ++#include ++#include ++#include ++ ++/* 256 KiB, as recommended by http://www.zlib.net/zlib_how.html */ ++#define ZCHUNK (256 * 1024) ++ ++off_t BFEncrypt(int infd, int outfd, char *key, BCoptions *options) { + BLOWFISH_CTX ctx; +- int j; ++ const int block_size = (sizeof(uint32_t) * 2); + unsigned char *myEndian = NULL; +- j = sizeof(uInt32); ++ uLong sz = 0; ++ ++ /* zlib variables */ ++ int ret, flush; ++ unsigned have; ++ z_stream strm; ++ uint8_t in[ZCHUNK]; ++ uint8_t out[ZCHUNK]; ++ ++ strm.zalloc = Z_NULL; ++ strm.zfree = Z_NULL; ++ strm.opaque = Z_NULL; ++ ret = deflateInit(&strm, Z_DEFAULT_COMPRESSION); ++ if (ret != Z_OK) ++ exit(2); ++ + + getEndian(&myEndian); + +- memmove(*input+2, *input, sz); ++ write(outfd, myEndian, sizeof(uint8_t)); ++ write(outfd, &options->compression, sizeof(uint8_t)); ++ ++ Blowfish_Init (&ctx, (unsigned char*)key, MAXKEYBYTES); + +- memcpy(*input, myEndian, 1); +- memcpy(*input+1, &options->compression, 1); ++ int n; ++ /* 2 * ZCHUNK for the overhead when compressing */ ++ uint8_t rest[2 * ZCHUNK]; ++ int restidx = 0; ++ uint32_t *rwalk = (uint32_t*)rest; ++ do { ++ if ((n = read(infd, in, ZCHUNK)) < 0) { ++ exit(3); ++ } ++ strm.avail_in = n; ++ strm.next_in = in; ++ flush = ((n == 0) ? Z_FINISH : Z_NO_FLUSH); ++ if (options->compression) { ++ do { ++ strm.avail_out = ZCHUNK; ++ strm.next_out = out; ++ ret = deflate(&strm, flush); ++ ++ have = ZCHUNK - strm.avail_out; ++ memcpy(rest + restidx, out, have); ++ restidx += have; ++ sz += have; ++ } while (strm.avail_out == 0); ++ } else { ++ memcpy(rest + restidx, in, n); ++ restidx += n; ++ sz += n; ++ } + +- sz += 2; /* add room for endian and compress flags */ ++ /* Encrypt as many blocks (each block_size bytes big) as we can */ ++ int i; ++ /* i adresses sizeof(uint32_t) = 4 byte blocks, ++ * but we use (restidx / block_size) loop up to full blocks */ ++ for (i = 0; i < 2 * (restidx / block_size); i += 2) { ++ Blowfish_Encrypt(&ctx, &rwalk[i], &rwalk[i + 1]); ++ write(outfd, &rwalk[i], block_size); ++ } ++ if (i > 0) { ++ int remaining = restidx - (i * sizeof(uint32_t)); ++ memmove(rest, &rwalk[i], remaining); ++ restidx = remaining; ++ } ++ } while (flush != Z_FINISH); + +- Blowfish_Init (&ctx, key, MAXKEYBYTES); ++ /* Now append the key (MAXKEYBYTES bytes) */ ++ memcpy(rest + restidx, key, MAXKEYBYTES); ++ restidx += MAXKEYBYTES; ++ sz += MAXKEYBYTES; ++ ++ /* Pad the rest with 0-bytes */ ++ int r; ++ if (sz >= block_size) ++ r = getremain(sz, block_size); ++ else ++ r = block_size - sz; + +- for (i = 2; i < sz; i+=(j*2)) { /* start just after tags */ +- memcpy(&L, *input+i, j); +- memcpy(&R, *input+i+j, j); +- Blowfish_Encrypt(&ctx, &L, &R); +- memcpy(*input+i, &L, j); +- memcpy(*input+i+j, &R, j); ++ memset(rest + restidx, '\0', r); ++ restidx += r; ++ sz += r; ++ ++ /* Encrypt the rest */ ++ int i; ++ for (i = 0; i < (restidx / sizeof(uint32_t)); i += 2) { ++ Blowfish_Encrypt(&ctx, &rwalk[i], &rwalk[i+1]); ++ write(outfd, rwalk + i, block_size); + } + +- if (options->compression == 1) { +- if ((*input = realloc(*input, sz + j + 1)) == NULL) +- memerror(); +- +- memset(*input+sz, 0, j + 1); +- memcpy(*input+sz, &options->origsize, j); +- sz += j; /* make room for the original size */ +- } ++ if (options->compression) ++ write(outfd, &options->origsize, sizeof(uint32_t)); + + free(myEndian); + return(sz); ++ + } + +-uLong BFDecrypt(char **input, char *key, char *key2, uLong sz, +- BCoptions *options) { +- uInt32 L, R; +- uLong i; ++off_t BFDecrypt(int infd, int outfd, char *key, char *key2, BCoptions *options) { + BLOWFISH_CTX ctx; +- int j, swap = 0; +- unsigned char *myEndian = NULL; ++ const int block_size = (sizeof(uint32_t) * 2); + char *mykey = NULL; ++ int swap = 0; ++ ++ /* zlib variables */ ++ int ret; ++ unsigned have; ++ z_stream strm; ++ uint8_t in[ZCHUNK]; ++ uint8_t out[ZCHUNK]; ++ ++ strm.zalloc = Z_NULL; ++ strm.zfree = Z_NULL; ++ strm.opaque = Z_NULL; ++ strm.avail_in = 0; ++ strm.next_in = Z_NULL; ++ ret = inflateInit(&strm); ++ if (ret != Z_OK) ++ exit(2); + +- j = sizeof(uInt32); + +- if ((mykey = malloc(MAXKEYBYTES + 1)) == NULL) ++ if ((mykey = calloc(MAXKEYBYTES + 1, 1)) == NULL) + memerror(); + +- memset(mykey, 0, MAXKEYBYTES + 1); ++ uint8_t endianness, compressed; ++ read(infd, &endianness, sizeof(uint8_t)); ++ read(infd, &compressed, sizeof(uint8_t)); + +- if ((swap = testEndian(*input)) == 1) ++ if ((swap = testEndian(&endianness)) == 1) + memcpy(mykey, key2, MAXKEYBYTES); + else + memcpy(mykey, key, MAXKEYBYTES); + +- memcpy(&options->compression, *input+1, 1); +- +- if (options->compression == 1) { +- memcpy(&options->origsize, *input+(sz - j), j); +- sz -= j; /* dump the size tag */ +- } +- +- sz -= 2; /* now dump endian and compress flags */ +- +- Blowfish_Init (&ctx, mykey, MAXKEYBYTES); ++ Blowfish_Init (&ctx, (unsigned char*)mykey, MAXKEYBYTES); + +- for (i = 0; i < sz; i+=(j*2)) { +- memcpy(&L, *input+i+2, j); +- memcpy(&R, *input+i+j+2, j); +- +- if (swap == 1) { +- L = swapEndian(L); +- R = swapEndian(R); ++ int n; ++ /* 2 * ZCHUNK for the overhead when compressing */ ++ uint8_t rest[2 * ZCHUNK]; ++ int restidx = 0; ++ uint32_t *inwalk = (uint32_t*)in; ++ do { ++ if ((n = read(infd, in, ZCHUNK)) < 0) { ++ exit(3); + } + +- Blowfish_Decrypt(&ctx, &L, &R); ++ /* Decrypt as many blocks (each block_size bytes big) as we can */ ++ int i; ++ /* i adresses sizeof(uint32_t) = 4 byte blocks, ++ * but we use (restidx / block_size) loop up to full blocks */ ++ for (i = 0; i < 2 * (n / block_size); i += 2) { ++ if (swap) { ++ inwalk[i] = swapEndian(inwalk[i]); ++ inwalk[i + 1] = swapEndian(inwalk[i + 1]); ++ } ++ Blowfish_Decrypt(&ctx, &inwalk[i], &inwalk[i + 1]); ++ if (swap) { ++ inwalk[i] = swapEndian(inwalk[i]); ++ inwalk[i + 1] = swapEndian(inwalk[i + 1]); ++ } ++ } + +- if (swap == 1) { +- L = swapEndian(L); +- R = swapEndian(R); ++ strm.avail_in = n; ++ strm.next_in = in; ++ if (compressed) { ++ do { ++ strm.avail_out = ZCHUNK; ++ strm.next_out = out; ++ ret = inflate(&strm, Z_NO_FLUSH); ++ switch (ret) { ++ case Z_NEED_DICT: ++ ret = Z_DATA_ERROR; ++ /* fall-through */ ++ case Z_DATA_ERROR: ++ case Z_MEM_ERROR: ++ exit(10); ++ } ++ ++ have = ZCHUNK - strm.avail_out; ++ memcpy(rest + restidx, out, have); ++ write(outfd, out, have); ++ } while (strm.avail_out == 0); ++ ++ /* If zlib is done and we still have data in our buffer, that extra data ++ * needs to be written out to file. It contains the key + padding + ++ * original filesize. */ ++ if (strm.avail_in > sizeof(uint32_t)) { ++ /* We don't write the original file size since it is not stored for ++ * uncompressed files either. Actually, we don't need it at all and ++ * just support it for compatibility with earlier versions. */ ++ write(outfd, strm.next_in, strm.avail_in - sizeof(uint32_t)); ++ } ++ } else { ++ /* Abort the loop on EOF when the file is not compressed */ ++ if (n == 0) ++ ret = Z_STREAM_END; ++ ++ /* XXX: If we would buffer blocks as large as the maximum amount of ++ * padding + key can be, we could almost reliably detect the end of file ++ * and handle stdin to stdout decryptions correctly. */ ++ write(outfd, in, n); + } ++ } while (ret != Z_STREAM_END); + +- memcpy(*input+i, &L, j); +- memcpy(*input+i+j, &R, j); ++ /* Strip off the padding */ ++ uint8_t lastbyte; ++ off_t seek_offset = -1, cur_offset; ++ do { ++ cur_offset = lseek(outfd, seek_offset, SEEK_CUR); ++ if (cur_offset == (off_t)-1) { ++ exit(8); ++ } ++ read(outfd, &lastbyte, sizeof(uint8_t)); ++ seek_offset = -2; ++ } while (lastbyte == '\0'); ++ ++ cur_offset = lseek(outfd, -MAXKEYBYTES, SEEK_CUR); ++ if (cur_offset == (off_t)-1) { ++ exit(9); + } + +- while (memcmp(*input+(sz-1), "\0", 1) == 0) /* strip excess nulls */ +- sz--; /* from decrypted files */ ++ /* Verify that the stored key matches our key */ ++ uint8_t savedkey[MAXKEYBYTES]; ++ read(outfd, savedkey, MAXKEYBYTES); + +- sz -= MAXKEYBYTES; ++ if (memcmp(savedkey, mykey, MAXKEYBYTES) != 0) ++ return 0; + +- if (memcmp(*input+sz, mykey, MAXKEYBYTES) != 0) +- return(0); +- +- free(mykey); +- free(myEndian); +- return(sz); ++ return cur_offset; + } --- bcrypt-1.1.orig/debian/rules +++ bcrypt-1.1/debian/rules @@ -0,0 +1,82 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif +ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) + INSTALL_PROGRAM += -s +endif + +configure: configure-stamp +configure-stamp: + dh_testdir + touch configure-stamp + +build: patch build-stamp + +build-stamp: configure-stamp + dh_testdir + $(MAKE) + dh_auto_clean + touch build-stamp + +clean: clean-patched unpatch + +clean-patched: + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + [ ! -f Makefile ] || $(MAKE) clean + dh_clean + +patch: patch-stamp + +patch-stamp: + dpatch apply-all + dpatch cat-all >patch-stamp + +unpatch: + dpatch deapply-all + rm -rf patch-stamp debian/patched + +install: build + dh_testdir + dh_testroot + dh_prep + dh_installdirs + $(MAKE) install DESTDIR=$(CURDIR)/debian/bcrypt + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs + dh_installdocs README + dh_installexamples + dh_installman + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- bcrypt-1.1.orig/debian/source.lintian-overrides +++ bcrypt-1.1/debian/source.lintian-overrides @@ -0,0 +1 @@ +bcrypt source: source-contains-CVS-dir --- bcrypt-1.1.orig/debian/watch +++ bcrypt-1.1/debian/watch @@ -0,0 +1,2 @@ +version=3 +http://sf.net/bcrypt/bcrypt-(.*)\.tar\.gz