--- seccure-0.3.orig/Makefile +++ seccure-0.3/Makefile @@ -28,8 +28,8 @@ seccure-key: seccure.o numtheory.o ecc.o serialize.o protocol.o curves.o aes256ctr.o - $(CC) $(CFLAGS) -o seccure-key -lgcrypt seccure.o numtheory.o ecc.o \ - curves.o serialize.o protocol.o aes256ctr.o + $(CC) $(CFLAGS) -o seccure-key seccure.o numtheory.o ecc.o \ + curves.o serialize.o protocol.o aes256ctr.o -lgcrypt seccure-encrypt: seccure-key ln -f seccure-key seccure-encrypt --- seccure-0.3.orig/debian/changelog +++ seccure-0.3/debian/changelog @@ -0,0 +1,52 @@ +seccure (0.3-3ubuntu2) trusty; urgency=medium + + * debian/control: Prefer libgcrypt11-dev for deterministic dependencies, + this can and should be dropped when we have only one gcrypt again. + + -- Adam Conrad Sat, 15 Mar 2014 11:36:48 -0600 + +seccure (0.3-3ubuntu1) oneiric; urgency=low + + * Fix FTBFS with ld --as-needed. LP: #832880. + + -- Matthias Klose Tue, 13 Sep 2011 20:14:55 +0200 + +seccure (0.3-3) unstable; urgency=low + + * Modify the patch added in the last upload to enable gcrypt's secure + memory, as apparently not disabling it is different to enabling it. + (Closes: #489835) + + -- James Westby Tue, 16 Sep 2008 14:41:18 +0100 + +seccure (0.3-2) unstable; urgency=low + + * Make failure to mlock all memory only a warning, and re-enable gcrypt's + memory locking. Changes in pam since etch mean that the kernel's defaults + for memory locking are now respected, and seccure tries to lock more + memory than that, which means that the program can't be started. The patch + is from the upstream author, who considers it a stop-gap, but doesn't + anticipate having a proper fix before lenny. (Closes: #489835) + * Don't ignore "$(MAKE) clean" errors. The normal reason for this is the use + of autotools leading to the makefile not necessarily being present when + the clean target is run, be this package doesn't use autotools, so that + won't happen. + * Add a description to debian/patches/10-man-hyphen.dpatch. + * Update the standards version to 3.8.0 (no changes required). + * Release team: this isn't the diff that I sent you, I apologise. My sponsor + suggested that fixing these small things wouldn't be a problem. + + -- James Westby Wed, 06 Aug 2008 11:33:27 +0100 + +seccure (0.3-1) unstable; urgency=low + + * New upstream release. + + -- James Westby Thu, 7 Sep 2006 20:34:30 +0100 + +seccure (0.2-1) unstable; urgency=low + + * Initial release (Closes: #378987) + + -- James Westby Tue, 25 Jul 2006 03:42:20 +0100 + --- seccure-0.3.orig/debian/compat +++ seccure-0.3/debian/compat @@ -0,0 +1 @@ +5 --- seccure-0.3.orig/debian/control +++ seccure-0.3/debian/control @@ -0,0 +1,38 @@ +Source: seccure +Section: utils +Priority: optional +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: James Westby +Build-Depends: debhelper (>= 5), libgcrypt11-dev | libgcrypt-dev, dpatch, xmltoman +Standards-Version: 3.8.0 + +Package: seccure +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: tools for using algorithms based on elliptic curve cryptography (ECC) + The seccure toolset implements a selection of asymmetric algorithms + based on elliptic curve cryptography (ECC). In particular, it offers + public key encryption / decryption and signature generation / + verification. ECC schemes offer a much better key size to security + ratio than classical systems (RSA, DSA). Keys are short enough to make + direct specification of keys on the command line possible (sometimes + this is more convenient than the management of PGP-like key + rings). seccure builds on this feature and therefore is the tool of + choice whenever lightweight asymmetric cryptography -- independent of + key servers, revocation certificates, the Web of Trust, or even + configuration files -- is required. + . + The toolkit implements Diffie-Hellman key exchange, allowing you to agree a + key with another party over an insecure channel. The Diffie Helman protocol + affords forward secrecy, and requires no previous contact with the other + party. + . + The seccure toolset allows you to select the curve that the operations are + performed on, so that different cryptographic needs can be supported. This + is currently the only ECC package in Debian GNU/Linux to offer a choice of + curves and MAC lengths. + . + It is currently missing some of the functionality of the sks-ecc package, + including encrypting to multiple recipients at once, and creating different + signature formats. + --- seccure-0.3.orig/debian/copyright +++ seccure-0.3/debian/copyright @@ -0,0 +1,31 @@ +This package was debianized by James Westby on +Tue, 25 Jul 2006 03:42:20 +0100. + +It was downloaded from http://point-at-infinity.org/seccure/ + +Upstream Author: B. Poettering (seccure AT point-at-infinity.org) + +Copyright: 2006 B. Poettering + +License: + + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this package; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +On Debian systems, the complete text of the GNU General +Public License version 2 can be found in `/usr/share/common-licenses/GPL-2'. + +The Debian packaging is is placed in the public domain by James Westby +. + --- seccure-0.3.orig/debian/dirs +++ seccure-0.3/debian/dirs @@ -0,0 +1,2 @@ +usr/bin +usr/share/man/man1 --- seccure-0.3.orig/debian/docs +++ seccure-0.3/debian/docs @@ -0,0 +1,4 @@ +README +TODO +HISTORY +PATENTS --- seccure-0.3.orig/debian/links +++ seccure-0.3/debian/links @@ -0,0 +1,8 @@ +usr/share/man/man1/seccure.1 usr/share/man/man1/seccure-key.1 +usr/share/man/man1/seccure.1 usr/share/man/man1/seccure-encrypt.1 +usr/share/man/man1/seccure.1 usr/share/man/man1/seccure-decrypt.1 +usr/share/man/man1/seccure.1 usr/share/man/man1/seccure-sign.1 +usr/share/man/man1/seccure.1 usr/share/man/man1/seccure-verify.1 +usr/share/man/man1/seccure.1 usr/share/man/man1/seccure-dh.1 +usr/share/man/man1/seccure.1 usr/share/man/man1/seccure-signcrypt.1 +usr/share/man/man1/seccure.1 usr/share/man/man1/seccure-veridec.1 --- seccure-0.3.orig/debian/patches/00list +++ seccure-0.3/debian/patches/00list @@ -0,0 +1,2 @@ +10-man-hyphen +20-mlockall-failure-non-fatal --- seccure-0.3.orig/debian/patches/10-man-hyphen.dpatch +++ seccure-0.3/debian/patches/10-man-hyphen.dpatch @@ -0,0 +1,69 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 10-man-hyphen.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Correct the man page to use \- instead of - so that the correct +## DP: character is used in the output. + +@DPATCH@ +diff -urNad seccure-0.3~/seccure.manpage.xml seccure-0.3/seccure.manpage.xml +--- seccure-0.3~/seccure.manpage.xml 2006-08-16 21:13:57.000000000 +0100 ++++ seccure-0.3/seccure.manpage.xml 2006-08-31 22:47:20.000000000 +0100 +@@ -29,14 +29,14 @@ + desc="SECCURE Elliptic Curve Crypto Utility for Reliable Encryption"> + + +- seccure-key [-c curve] [-F pwfile] [-d] [-v] [-q] +- seccure-encrypt [-m maclen] [-c curve] [-i infile] [-o outfile] [-v] [-q] key +- seccure-decrypt [-m maclen] [-c curve] [-i infile] [-o outfile] [-F pwfile] [-d] [-v] [-q] +- seccure-sign [-f] [-b] [-a] [-c curve] [-s sigfile] [-i infile] [-o outfile] [-F pwfile] [-d] [-v] [-q] +- seccure-verify [-f] [-b] [-a] [-c curve] [-s sigfile] [-i infile] [-o outfile] [-v] [-q] key [sig] +- seccure-signcrypt [-c sig_curve [-c enc_curve]] [-i infile] [-o outfile] [-F pwfile] [-d] [-v] [-q] key +- seccure-veridec [-c enc_curve [-c sig_curve]] [-i infile] [-o outfile] [-F pwfile] [-d] [-v] [-q] key +- seccure-dh [-c curve] [-v] [-q] ++ seccure-key [\-c curve] [\-F pwfile] [\-d] [\-v] [\-q] ++ seccure-encrypt [\-m maclen] [\-c curve] [\-i infile] [\-o outfile] [\-v] [\-q] key ++ seccure-decrypt [\-m maclen] [\-c curve] [\-i infile] [\-o outfile] [\-F pwfile] [\-d] [\-v] [\-q] ++ seccure-sign [\-f] [\-b] [\-a] [\-c curve] [\-s sigfile] [\-i infile] [\-o outfile] [\-F pwfile] [\-d] [\-v] [\-q] ++ seccure-verify [\-f] [\-b] [\-a] [\-c curve] [\-s sigfile] [\-i infile] [\-o outfile] [\-v] [\-q] key [sig] ++ seccure-signcrypt [\-c sig_curve [\-c enc_curve]] [\-i infile] [\-o outfile] [\-F pwfile] [\-d] [\-v] [\-q] key ++ seccure-veridec [\-c enc_curve [\-c sig_curve]] [\-i infile] [\-o outfile] [\-F pwfile] [\-d] [\-v] [\-q] key ++ seccure-dh [\-c curve] [\-v] [\-q] + + + +@@ -78,7 +78,7 @@ + with public key key.

+ +

seccure-signcrypt: Sign a message first, encrypt +- it subsequently (in -b -a and -m 0 mode, ++ it subsequently (in \-b \-a and \-m 0 mode, + respectively). This is basically a shortcut for two separate + seccure invocations.

+ +@@ -214,21 +214,21 @@ + +

To encrypt the file 'document.msg' with that key run

+ +-

seccure-encrypt -i document.msg -o document.enc '2@DupCaCKykHBe-QHpAP%d%B['

++

seccure-encrypt \-i document.msg \-o document.enc '2@DupCaCKykHBe-QHpAP%d%B['

+ +

The message can be recovered with

+ +-

seccure-decrypt -i document.enc

++

seccure-decrypt \-i document.enc

+ +

To sign the file run

+ +-

seccure-sign -i document.msg -s document.sig

++

seccure-sign \-i document.msg \-s document.sig

+ +

and enter the passphrase. The signature is + stored in 'document.sig' and can be verified with +

+ +-

seccure-verify -i document.msg -s document.sig ++

seccure-verify \-i document.msg \-s document.sig + '2@DupCaCKykHBe-QHpAP%d%B['

+ + --- seccure-0.3.orig/debian/patches/20-mlockall-failure-non-fatal.dpatch +++ seccure-0.3/debian/patches/20-mlockall-failure-non-fatal.dpatch @@ -0,0 +1,51 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 20-mlockall-failure-non-fatal.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Changes in pam mean that seccure isn't allowed to lock all of +## DP: the memory that it wants. This patch makes that non-fatal, and +## DP: tells libgcrypt to initialize secure memory instead of disabling +## DP: it as seccure provides its own. This patch is a stop-gap from +## DP: the upstream developer, who is working on a better fix. +## DP: (Closes: #489835) + +@DPATCH@ +diff -urNad seccure-0.3~/seccure.c seccure-0.3/seccure.c +--- seccure-0.3~/seccure.c 2006-08-16 21:13:57.000000000 +0100 ++++ seccure-0.3/seccure.c 2008-09-16 14:40:53.000000000 +0100 +@@ -90,6 +90,18 @@ + #endif + } + ++void warning(const char *msg) ++{ ++ beep_on_terminal(stderr); ++ fprintf(stderr, "WARNING: %s.\n", msg); ++} ++ ++void warning_errno(const char *msg, int err) ++{ ++ beep_on_terminal(stderr); ++ fprintf(stderr, "WARNING: %s: %s.\n", msg, strerror(err)); ++} ++ + void fatal(const char *msg) + { + beep_on_terminal(stderr); +@@ -1061,13 +1073,12 @@ + + #if ! NOMEMLOCK + if (mlockall(MCL_CURRENT | MCL_FUTURE) < 0) +- fatal_errno("Cannot obtain memory lock", errno); ++ warning_errno("Cannot obtain memory lock", errno); + #endif + +- /* As we already have locked all memory we don't need gcrypt's mlocking */ +- err = gcry_control(GCRYCTL_DISABLE_SECMEM, 0); ++ err = gcry_control(GCRYCTL_INIT_SECMEM, 16384, 0); + if (gcry_err_code(err)) +- fatal_gcrypt("Cannot disable gcrypt's secure memory", err); ++ fatal_gcrypt("Cannot initialize gcrypt's secure memory", err); + + if (getuid() != geteuid()) + seteuid(getuid()); --- seccure-0.3.orig/debian/rules +++ seccure-0.3/debian/rules @@ -0,0 +1,64 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +include /usr/share/dpatch/dpatch.make + +CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +build: build-stamp + +build-stamp: patch + dh_testdir + + $(MAKE) CFLAGS="$(CFLAGS)" + $(MAKE) seccure.1 + + touch $@ + +clean: unpatch + dh_testdir + dh_testroot + rm -f build-stamp + + $(MAKE) clean + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(MAKE) install DESTDIR=$(CURDIR)/debian/seccure + + +binary-indep: build install +# We have nothing to do by default. + +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs + dh_installdocs + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure