[Forensics-changes] [wipe] 01/01: Imported Debian patch 0.22-4
Joao Eriberto Mota Filho
eriberto at moszumanska.debian.org
Thu Sep 8 19:13:17 UTC 2016
This is an automated email from the git hooks/post-receive script.
eriberto pushed a commit to branch debian
in repository wipe.
commit 59cd0340b6eca4af19fb4e5ee7702e731876c90d
Author: Joao Eriberto Mota Filho <eriberto at debian.org>
Date: Tue Sep 6 14:44:36 2016 -0300
Imported Debian patch 0.22-4
---
debian/README.source | 8 +
debian/changelog | 37 ++-
debian/control | 22 +-
debian/copyright | 2 +-
debian/patches/001_fix-manpages.diff | 323 ---------------------
.../{002-add-hardening => 10_add-hardening.patch} | 0
debian/patches/20_fix-manpage.patch | 89 ++++++
debian/patches/30_fix-spelling-binary.patch | 25 ++
debian/patches/40-fix_warnings.patch | 39 +++
debian/patches/50_hide-filenames.patch | 262 +++++++++++++++++
debian/patches/60_fix-warnings.patch | 26 ++
debian/patches/series | 8 +-
debian/rules | 22 +-
debian/watch | 2 +-
14 files changed, 511 insertions(+), 354 deletions(-)
diff --git a/debian/README.source b/debian/README.source
new file mode 100644
index 0000000..7d541f6
--- /dev/null
+++ b/debian/README.source
@@ -0,0 +1,8 @@
+wipe for Debian
+---------------
+
+There is a new upstream's repository in GitHub[1]. However, it seems dead.
+
+[1] https://github.com/berke/wipe
+
+ -- Joao Eriberto Mota Filho <eriberto at debian.org> Tue, 06 Sep 2016 14:44:36 -0300
diff --git a/debian/changelog b/debian/changelog
index 8439067..ba0a6ea 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,38 @@
+wipe (0.22-4) unstable; urgency=medium
+
+ * debian/control:
+ - Bumped Standards-Version to 3.9.8.
+ - Improved the long description.
+ - Updated the Vcs-* fields to use https instead of http and git.
+ * debian/copyright: updated packaging copyright years.
+ * debian/patches/:
+ - 001_fix-manpages.diff: removed. No longer necessary escape hyphens in
+ manpages.
+ - 002-add-hardening: renamed to 10_add-hardening.patch.
+ - 20_fix-manpage.patch:
+ ~ Added to fix a spelling error and remove invalid macro SP.
+ ~ Fix a wrong example. Thanks to (No Name)
+ <petes-bugs at thegoldenear.org>. (Closes: #411971)
+ ~ Make clearer the -Q option use. (LP: #801472)
+ ~ Make the man page clear about number of default passes. For this,
+ thanks to Runa Sandvik <runa.sandvik at gmail.com> (Closes: #544774)
+ - 30_fix-spelling-binary.patch: added to fix a spelling error in final
+ binary.
+ - 40-fix_warnings.patch: added to fix some GCC warnings.
+ - 50_hide-filenames.patch: added to really delete filenames of deleted
+ files. Thanks to Timo Boettcher <timo.boettcher at redteam-pentesting.de,
+ debian at timoboettcher.name> (Closes: #726388)
+ - 60_fix-warnings.patch: added to fix some GCC warnings in previous
+ patch.
+ * debian/README.source: added to tell about new upstream's repository.
+ * debian/rules:
+ - Added specific rules to build to GNU/kFreeBSD.
+ - Removed unnecessary lines because the current upstream Makefile already
+ provides all necessary flags.
+ * debian/watch: bumped to version 4.
+
+ -- Joao Eriberto Mota Filho <eriberto at debian.org> Tue, 06 Sep 2016 14:44:36 -0300
+
wipe (0.22-3) unstable; urgency=medium
* Upload to unstable.
@@ -72,7 +107,7 @@ wipe (0.21-7) unstable; urgency=low
wipe (0.21-6) unstable; urgency=low
- * Fixing git-dch email address misstake.
+ * Fixing git-dch email address mistake.
* Updating to standards 3.8.0.
* Upgrading package to debhelper 7.
* Sorting vcs fields in control file.
diff --git a/debian/control b/debian/control
index b56d89d..133ba84 100644
--- a/debian/control
+++ b/debian/control
@@ -4,21 +4,23 @@ Priority: extra
Maintainer: Debian Forensics <forensics-devel at lists.alioth.debian.org>
Uploaders: Joao Eriberto Mota Filho <eriberto at debian.org>
Build-Depends: debhelper (>= 9)
-Standards-Version: 3.9.6
+Standards-Version: 3.9.8
Homepage: http://lambda-diode.com/software/wipe
-Vcs-Browser: http://anonscm.debian.org/cgit/forensics/wipe.git
-Vcs-Git: git://anonscm.debian.org/forensics/wipe.git
+Vcs-Browser: https://anonscm.debian.org/git/forensics/wipe.git
+Vcs-Git: https://anonscm.debian.org/git/forensics/wipe.git
Package: wipe
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends}
Description: secure file deletion
- Recovery of supposedly erased data from magnetic media is easier than what many
- people would like to believe. A technique called Magnetic Force Microscopy
- (MFM) allows any moderately funded opponent to recover the last two or three
- layers of data written to disk. Wipe repeatedly writes special patterns to the
- files to be destroyed, using the fsync() call and/or the O_SYNC bit to force
- disk access.
+ Recovery of supposedly erased data from magnetic media is easier than
+ what many people would like to believe. A technique called Magnetic
+ Force Microscopy (MFM) allows any moderately funded opponent to recover
+ the last two or three layers of data written to disk. Wipe repeatedly
+ writes special patterns to the files to be destroyed, using the fsync()
+ call and/or the O_SYNC bit to force disk access.
+ .
+ Wipe can permanently delete data in hard disks and flash drives (caution!
+ several writes can damage solid medias).
.
This program is useful in anti-forensics and security activities.
-
diff --git a/debian/copyright b/debian/copyright
index 0298bc5..a866fc1 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -15,7 +15,7 @@ Copyright: 1999-2006 Thomas Schoepf <schoepf at debian.org>
2006 Alexander Wirt <formorer at debian.org>
2006-2009 Daniel Baumann <daniel at debian.org>
2011 Julien Valroff <julien at debian.org>
- 2015 Joao Eriberto Mota Filho <eriberto at debian.org>
+ 2015-2016 Joao Eriberto Mota Filho <eriberto at debian.org>
License: GPL-2+
License: GPL-2 or GPL-2+
diff --git a/debian/patches/001_fix-manpages.diff b/debian/patches/001_fix-manpages.diff
deleted file mode 100644
index c12617c..0000000
--- a/debian/patches/001_fix-manpages.diff
+++ /dev/null
@@ -1,323 +0,0 @@
-Description: fix nroff syntax
-Author: Julien Valroff <julien at debian.org>
-Last-Update: 2011-09-17
-
---- a/wipe.1
-+++ b/wipe.1
-@@ -114,8 +114,8 @@
- directly on the corresponding block device with the appropriate options. However
- .I THIS IS AN EXTREMELY DANGEROUS THING TO DO.
- Be sure to be sober. Give the right options. In particular : don't wipe a whole
--harddisk (eg. wipe -kD /dev/hda is bad) since this will destroy your master boot
--record. Bad idea. Prefer wiping partitions (eg. wipe -kD /dev/hda2) is good,
-+harddisk (eg. wipe \-kD /dev/hda is bad) since this will destroy your master boot
-+record. Bad idea. Prefer wiping partitions (eg. wipe \-kD /dev/hda2) is good,
- provided, of course, that you have backed up all necessary data.
-
- .PP
-@@ -172,14 +172,14 @@
- With this option which requires an argument you can specify an
- alternate /dev/random device, or a command who's standard output
- will be hashed using MD5-hashed. The distinction can be made using
--the -S option.
-+the \-S option.
-
- .TP 0.5i
--.B -S (random seed method)
-+.B \-S (random seed method)
-
- This option takes a single-character argument, which specifies
- how the random device/random seed argument is to be used. The default random device
--is /dev/random. It can be set using the -R option.
-+is /dev/random. It can be set using the \-R option.
- .PP
- .PD 0
- The possible single-character arguments are:
-@@ -203,10 +203,9 @@
- time, its process id. etc. (the random device
- argument will not be used). This is of course
- the least secure setting.
--.SP
-
- .TP 0.5i
--.B -M (select pseudo-random number generator algorythm)
-+.B \-M (select pseudo-random number generator algorythm)
-
- .PP
- .PD 0
-@@ -234,12 +233,11 @@
- of RC6, which is faster. In order to be able to use RC6, wipe must be compiled
- with ENABLE_RC6 defined; see the Makefile for warnings about patent issues.
-
--.SP
- In all cases the PRNG is seeded with the data gathered from the random device
--(see -R and -S options).
-+(see \-R and \-S options).
-
- .TP 0.5i
--.B -l <length>
-+.B \-l <length>
- As there can be some problems in determining the actual size of a block device
- (as some devices do not even have fixed sizes, such as floppy disks or tapes),
- you might need to specify the size of the device by hand; <length> is the
-@@ -263,26 +261,26 @@
- 114M32K = 114*1024*1024+32*1024.
-
- .TP 0.5i
--.B -o <offset>
-+.B \-o <offset>
- This allows you to specify an offset inside the file or device to be wiped. The
- syntax of <offset> is the same as for the
--.B -l
-+.B \-l
- option.
-
- .TP 0.5i
--.B -e
-+.B \-e
- Use exact file size: do not round up file size to wipe possible remaining junk
- on the last block.
-
- .TP 0.5i
--.B -Z
-+.B \-Z
- Don't try to wipe file sizes by repeatedly halving the file size. Note that
- this is only attempted on regular files so there is no use if you use
- .B wipe
- for cleaning a block or special device.
-
- .TP 0.5i
--.B -F
-+.B \-F
- Don't try to wipe file names. Normally,
- .B wipe
- tries to cover file names by renaming them; this does NOT guarantee that the
-@@ -294,72 +292,72 @@
- after every rename () makes filename wiping extremely slow.
-
- .TP 0.5i
--.B -k
-+.B \-k
- Keep files: do not unlink the files after they have been overwritten. Useful if
- you want to wipe a device, while keeping the device special file. This implies
--.B -F.
-+.B \-F.
-
- .TP 0.5i
--.B -D
-+.B \-D
- Dereference symlinks: by default, wipe will never follow symlinks. If you
--specify -D however, wipe will consent to, well, wipe the targets of any
-+specify \-D however, wipe will consent to, well, wipe the targets of any
- symlinks you might happen to name on the command line. You can't specify both
---D and -r (recursive) options, first because of possible cycles in the
-+\-D and \-r (recursive) options, first because of possible cycles in the
- symlink-enhanced directory graph, I'd have to keep track of visited files to
- guarantee termination, which, you'll easily admit, is a pain in C, and, second,
- for fear of having a (surprise!!) block device buried somewhere unexpected.
-
- .TP 0.5i
--.B -v
-+.B \-v
- Show version information and quit.
-
- .TP 0.5i
--.B -h
-+.B \-h
- Display help.
-
- .SH EXAMPLES
- .PP
-
- .TP 0.5i
--.B wipe -rcf /home/berke/plaintext/
--Wipe every file and every directory (option -r) listed under
-+.B wipe \-rcf /home/berke/plaintext/
-+Wipe every file and every directory (option \-r) listed under
- /home/berke/plaintext/, including /home/berke/plaintext/.
-
- Regular files will be wiped with 34 passes and their sizes will then be halved
- a random number of times. Special files (character and block devices, FIFOs...)
- will not. All directory entries (files, special files and directories) will be
- renamed 10 times and then unlinked. Things with inappropriate permissions will
--be chmod()'ed (option -c). All of this will happen without user confirmation
--(option -f).
-+be chmod()'ed (option \-c). All of this will happen without user confirmation
-+(option \-f).
-
- .TP 0.5i
--.B wipe -kq /dev/hda3
-+.B wipe \-kq /dev/hda3
- Assuming /dev/hda3 is the block device corresponding to the third partition of
- the master drive on the primary IDE interface, it will be wiped in quick mode
--(option -q) i.e. with four random passes. The inode won't be renamed or
--unlinked (option -k). Before starting, it will ask you to type ``yes''.
-+(option \-q) i.e. with four random passes. The inode won't be renamed or
-+unlinked (option \-k). Before starting, it will ask you to type ``yes''.
-
- .TP 0.5i
--.B wipe -kqD /dev/floppy
-+.B wipe \-kqD /dev/floppy
- Since
- .B wipe
- never follows symlinks unless explicitly told to do so, if you want to wipe
- /dev/floppy which happens to be a symlink to /dev/fd0u1440 you will have to
--specify the -D option. Before starting, it will ask you to type ``yes''.
-+specify the \-D option. Before starting, it will ask you to type ``yes''.
-
- .TP 0.5i
--.B wipe -rfi >wipe.log /var/log/*
--Here, wipe will recursively (option -r) destroy everything under /var/log,
-+.B wipe \-rfi >wipe.log /var/log/*
-+Here, wipe will recursively (option \-r) destroy everything under /var/log,
- excepting /var/log. It will not attempt to chmod() things. It will however be
--verbose (option -i). It won't ask you to type ``yes'' because of the -f option.
-+verbose (option \-i). It won't ask you to type ``yes'' because of the \-f option.
-
- .TP 0.5i
--.B wipe -Kq -l 1440k /dev/fd0
-+.B wipe \-Kq \-l 1440k /dev/fd0
- Due to various idiosyncracies of the operating system, it's not always easy
- to obtain the number of bytes a given device might contain (in fact, that
- quantity can be variable). This is why you sometimes need to tell
- .B wipe
--the amount of bytes to destroy. That's what the -l option is for. Plus,
-+the amount of bytes to destroy. That's what the \-l option is for. Plus,
- you can use b,K,M and G as multipliers, respectively for 2^9 (512),
- 2^10 (1024 or a Kilo), 2^20 (a Mega) and 2^30 (a Giga) bytes.
- You can even combine more than one multiplier !! So that 1M416K = 1474560 bytes.
-@@ -379,7 +377,7 @@
- For wiping floppy disks, at least under Linux, there is no way, besides obscure
- floppy-driver specific ioctl's to determine the block size of the disk. In
- particular, the BLKGETSIZE ioctl is not implemented in the floppy driver. So,
--for wiping floppies, you must specify the size of the floppy disk using the -l
-+for wiping floppies, you must specify the size of the floppy disk using the \-l
- option, as in the last example. This option is normally not needed for other
- fixed block devices, like IDE and SCSI devices.
-
---- a/wipe.tr.1
-+++ b/wipe.tr.1
-@@ -3,7 +3,7 @@
- wipe \- dosyaların manyetik ortamdan güvenli bir şekilde silinmesini sağlar
- .SH ÖZET
-
--wipe [-f][-c][-r][-q][-i] <filespec>
-+wipe [\-f][\-c][\-r][\-q][\-i] <filespec>
- .br
-
- .SH UYARI
-@@ -32,58 +32,58 @@
- .PP
- .SH "KOMUT SATIRI SEÇENEKLERİ"
- .TP 0.5i
--.B -f (onay sorusunu etkisizleştir)
-+.B \-f (onay sorusunu etkisizleştir)
- Bu seçenek belirtilmediği takdirde
- .B wipe
- silinecek dosya ve dizinlerin sayılarını belirtip onay istiyecektir.
- Bu onay sorusuna "yes" veya "no" cevabı vermeniz gerekiyor.
-
- .TP 0.5i
--.B -r (altdizinlere gir)
-+.B \-r (altdizinlere gir)
- Tüm altdizinleriyle beraber dizinlerin silinmesine olanak sağlar. Simgesel
- bağlar takip edilmez.
-
- .TP 0.5i
--.B -c (gerekirse dosya izin bitlerini değiştir)
-+.B \-c (gerekirse dosya izin bitlerini değiştir)
- Bu seçenek, eğer silinecek bir dosyanın (dizinin) yazma (yazma, okuma veya çalıştırma)
- izin bitleri kapalı ise izinleri değiştirmek için chmod () sistem çağrısını
- kullanılmasını sağlar.
-
- .TP 0.5i
--.B -i (ayrıntılı bilgi konumu)
-+.B \-i (ayrıntılı bilgi konumu)
- Bu konum stdout'a ayrıntılı bilgi yazılmasını sağlar. Olağan konumda
- bütün iletiler stderr'e yazılır.
-
- .TP 0.5i
--.B -s (sessiz çalışma konumu)
-+.B \-s (sessiz çalışma konumu)
- Bu konumda hata iletileri ile başlangıçtaki onay sorusu dışındaki bütün iletileri
- kaldırır.
-
- .TP 0.5i
--.B -q (hızlı silme konumu)
-+.B \-q (hızlı silme konumu)
- Bu konumda
- .B wipe
- her dosya üstünde sadece 4 geçiş yapacaktır. Bu geçişlerde rasgele bilgi
- yazacaktır.
-
- .TP 0.5i
--.B -a (hata durumda işlemi iptal et)
-+.B \-a (hata durumda işlemi iptal et)
- Program kurtarılamaz bir hata durumunda EXIT_FAILURE koduyla çıkacaktır.
-
- .TP 0.5i
--.B -R <rasgele bilgi aygıtı VEYA rasgele tohum komutu>
-+.B \-R <rasgele bilgi aygıtı VEYA rasgele tohum komutu>
-
- Bir tane parametre gerektiren bu seçenekle farklı bir
- /dev/random aygıtı veya olağan çıktısı MD5 öz çıkarma algoritmasıyla
- kıyılacak bir komut belirtebilirsiniz. Bu parametrenin
--tam anlamı -S seçeneği ile belli edilir.
-+tam anlamı \-S seçeneği ile belli edilir.
-
- .TP 0.5i
--.B -S (rasgele tohumlama yöntemi)
-+.B \-S (rasgele tohumlama yöntemi)
-
- Bu seçenek tek harflik bir parametre alır; bu harf rasgele bilgi aygıtı/rasgele
- tohum komutunu parametresinin nasıl kullanılacağını belirler. Olağan
--rasgele bilgi aygıtı /dev/random'dur, farklı değerleri -R seçeneği ile
-+rasgele bilgi aygıtı /dev/random'dur, farklı değerleri \-R seçeneği ile
- belirtilebilir.
- .PP
- .PD 0
-@@ -113,10 +113,9 @@
- çevre değişkenlerini, tarihi ve zamanı,
- program numarasını vs. kullanarak elde
- edecektir.
--.SP
-
- .TP 0.5i
--.B -M (l|a|r|p) (sözde rasgele sayı üretici algoritması)
-+.B \-M (l|a|r|p) (sözde rasgele sayı üretici algoritması)
-
- .PP
- .PD 0
-@@ -155,26 +154,25 @@
- ise wipe'ı ENABLE_RC6 ile derlemeniz
- gerekir.
-
--.SP
- Her durumda SRSÜ rasgele bilgi aygıtının çıktısıyla
--tohumlanır (-R ve -S seçeneklerine bakınız).
-+tohumlanır (\-R ve \-S seçeneklerine bakınız).
-
- .TP 0.5i
--.B -v (sürüm)
-+.B \-v (sürüm)
- Sürüm bilgisini gösterir ve çıkar.
-
- .TP 0.5i
--.B -h (yardım)
-+.B \-h (yardım)
- Bununla kısa bir yardım bilgisi gösterir.
-
- .SH ÖRNEKLER
- .PP
-
--wipe -rcf /home/berke/plaintext/*
-+wipe \-rcf /home/berke/plaintext/*
-
--wipe -q /dev/hda3
-+wipe \-q /dev/hda3
-
--wipe -rfi >wipe.log /var/log/auth.*
-+wipe \-rfi >wipe.log /var/log/auth.*
-
- .SH HATALAR/SINIRLAMALAR
- .PP
diff --git a/debian/patches/002-add-hardening b/debian/patches/10_add-hardening.patch
similarity index 100%
rename from debian/patches/002-add-hardening
rename to debian/patches/10_add-hardening.patch
diff --git a/debian/patches/20_fix-manpage.patch b/debian/patches/20_fix-manpage.patch
new file mode 100644
index 0000000..d7a7dc3
--- /dev/null
+++ b/debian/patches/20_fix-manpage.patch
@@ -0,0 +1,89 @@
+Description: - Add an information about number of passes. (Closes: #544774)
+Author: Runa Sandvik <runa.sandvik at gmail.com>
+Last-Update: 2009-09-04
+
+Description: - Fix a spelling error.
+ - Fix [kK] in an example. (Closes: #411971)
+ - Make clearer the -Q option use. (LP: #801472)
+ - Remove invalid macro SP.
+Author: Joao Eriberto Mota Filho <eriberto at debian.org>
+Last-Update: 2016-09-06
+Index: wipe-0.22/wipe.1
+===================================================================
+--- wipe-0.22.orig/wipe.1
++++ wipe-0.22/wipe.1
+@@ -25,8 +25,9 @@ repeatedly overwrites special patterns t
+ fsync() call and/or the O_SYNC bit to force disk access. In normal mode, 34
+ patterns are used (of which 8 are random). These patterns were recommended in
+ an article from Peter Gutmann (pgut001 at cs.auckland.ac.nz) entitled "Secure
+-Deletion of Data from Magnetic and Solid-State Memory". A quick mode allows you
+-to use only 4 passes with random patterns, which is of course much less secure.
++Deletion of Data from Magnetic and Solid-State Memory". The normal mode takes
++35 passes (0-34). A quick mode allows you to use only 4 passes with random
++patterns, which is of course much less secure.
+
+ .SH NOTE ABOUT JOURNALING FILESYSTEMS AND SOME RECOMMENDATIONS (JUNE 2004)
+ Journaling filesystems (such as Ext3 or ReiserFS) are now being used by
+@@ -85,7 +86,7 @@ Let's make this very clear. I want you t
+ that will wipe out parts of your files that you didn't want it to wipe. So whatever
+ happens after you launch
+ .B wipe
+-is your entire responsiblity. In particular, no one guarantees that
++is your entire responsibility. In particular, no one guarantees that
+ .B wipe
+ will conform to the specifications given in this manual page.
+
+@@ -160,7 +161,7 @@ random data. See option
+
+ .TP 0.5i
+ .B -Q <number-of-passes>
+-Sets the number of passes for quick wiping. Default is 4.
++Sets the number of passes for quick wiping. Default is 4. This option requires -q.
+
+ .TP 0.5i
+ .B -a (abort on error)
+@@ -203,7 +204,6 @@ environment variables, the current date
+ time, its process id. etc. (the random device
+ argument will not be used). This is of course
+ the least secure setting.
+-.SP
+
+ .TP 0.5i
+ .B -M (select pseudo-random number generator algorythm)
+@@ -234,7 +234,6 @@ random(); the compile-time option WEAK_R
+ of RC6, which is faster. In order to be able to use RC6, wipe must be compiled
+ with ENABLE_RC6 defined; see the Makefile for warnings about patent issues.
+
+-.SP
+ In all cases the PRNG is seeded with the data gathered from the random device
+ (see -R and -S options).
+
+@@ -354,7 +353,7 @@ excepting /var/log. It will not attempt
+ verbose (option -i). It won't ask you to type ``yes'' because of the -f option.
+
+ .TP 0.5i
+-.B wipe -Kq -l 1440k /dev/fd0
++.B wipe -kq -l 1440K /dev/fd0
+ Due to various idiosyncracies of the operating system, it's not always easy
+ to obtain the number of bytes a given device might contain (in fact, that
+ quantity can be variable). This is why you sometimes need to tell
+Index: wipe-0.22/wipe.tr.1
+===================================================================
+--- wipe-0.22.orig/wipe.tr.1
++++ wipe-0.22/wipe.tr.1
+@@ -113,7 +113,6 @@ belirtiniz: wipe gerekli tohumlarını
+ çevre değişkenlerini, tarihi ve zamanı,
+ program numarasını vs. kullanarak elde
+ edecektir.
+-.SP
+
+ .TP 0.5i
+ .B -M (l|a|r|p) (sözde rasgele sayı üretici algoritması)
+@@ -155,7 +154,6 @@ okuyup, orda belirtilen koşullar uygun
+ ise wipe'ı ENABLE_RC6 ile derlemeniz
+ gerekir.
+
+-.SP
+ Her durumda SRSÜ rasgele bilgi aygıtının çıktısıyla
+ tohumlanır (-R ve -S seçeneklerine bakınız).
+
diff --git a/debian/patches/30_fix-spelling-binary.patch b/debian/patches/30_fix-spelling-binary.patch
new file mode 100644
index 0000000..aa19d34
--- /dev/null
+++ b/debian/patches/30_fix-spelling-binary.patch
@@ -0,0 +1,25 @@
+Description: fix a spelling error in final binary.
+Author: Joao Eriberto Mota Filho <eriberto at debian.org>
+Last-Update: 2016-09-03
+Index: wipe-0.22/wipe.c
+===================================================================
+--- wipe-0.22.orig/wipe.c
++++ wipe-0.22/wipe.c
+@@ -1625,7 +1625,7 @@ user_aborted:
+ fprintf (stderr, "\rOperation finished.\n"
+ "%d file%s (of which %d special) in %d director%s wiped, "
+ "%d symlink%s removed and their targets wiped, "
+- "%d error%s occured.\n",
++ "%d error%s occurred.\n",
+ num_files+num_spec, (1==num_files+num_spec)?"":"s",
+ num_spec,
+ num_dirs, (1==num_dirs)?"y":"ies",
+@@ -1635,7 +1635,7 @@ user_aborted:
+ fprintf (stderr, "\rOperation finished.\n"
+ "%d file%s wiped and %d special file%s ignored in %d director%s, "
+ "%d symlink%s removed but not followed, "
+- "%d error%s occured.\n",
++ "%d error%s occurred.\n",
+ num_files,(1==num_files)?"":"s",
+ num_spec,(1==num_spec)?"":"s",
+ num_dirs, (1==num_dirs)?"y":"ies",
diff --git a/debian/patches/40-fix_warnings.patch b/debian/patches/40-fix_warnings.patch
new file mode 100644
index 0000000..ea4a29d
--- /dev/null
+++ b/debian/patches/40-fix_warnings.patch
@@ -0,0 +1,39 @@
+Description: fix some GCC warnings.
+Author: Joao Eriberto Mota Filho <eriberto at debian.org>
+Last-Update: 2016-09-06
+Index: wipe-0.22/wipe.c
+===================================================================
+--- wipe-0.22.orig/wipe.c
++++ wipe-0.22/wipe.c
+@@ -1220,7 +1220,8 @@ void banner ()
+ "Author's e-mail address: echo berke1lambda-diode2com|tr 12 @.\n"
+ "Web site: http://lambda-diode.com/software/wipe/\n"
+ "Release date: " WIPE_DATE "\n"
+- "Compiled: " __DATE__ "\n"
++// FIX to allow reproducible builds (warning: macro "__DATE__" might prevent reproducible builds [-Wdate-time])
++// "Compiled: " __DATE__ "\n"
+ "Git version: " WIPE_GIT "\n"
+ "\n"
+ "Based on data from \"Secure Deletion of Data from Magnetic and Solid-State\n"
+@@ -1602,6 +1603,8 @@ user_aborted:
+
+ for (i = optind; i<argc; i++) {
+ int r;
++ // Fix warning: variable ‘r’ set but not used [-Wunused-but-set-variable]
++ (void)r;
+
+ if (o_recurse) r = recursive (argv[i]);
+ else r = dothejob (argv[i]);
+@@ -1614,7 +1617,11 @@ user_aborted:
+ dothejob (0);
+
+ /* final synchronisation */
+- if (!o_silent) fprintf (stderr, "Syncing..."); fflush (stderr);
++ // FIX -Wmisleading-indentation
++ if (!o_silent) {
++ fprintf (stderr, "Syncing...");
++ fflush (stderr);
++ }
+ #ifdef SYNC_WAITS_FOR_SYNC
+ sync ();
+ #else
diff --git a/debian/patches/50_hide-filenames.patch b/debian/patches/50_hide-filenames.patch
new file mode 100644
index 0000000..6bfc2f8
--- /dev/null
+++ b/debian/patches/50_hide-filenames.patch
@@ -0,0 +1,262 @@
+Description: really delete filenames of deleted files. (Closes: #726388)
+Author: Timo Boettcher <timo.boettcher at redteam-pentesting.de,
+ debian at timoboettcher.name>
+Last-Update: 2013-10-15
+Index: wipe-0.22/wipe.c
+===================================================================
+--- wipe-0.22.orig/wipe.c
++++ wipe-0.22/wipe.c
+@@ -77,6 +77,7 @@
+ #ifdef HAVE_GETOPT
+ #include <getopt.h>
+ #endif
++#include <assert.h>
+ #include <ctype.h>
+ #include <string.h>
+ #include <errno.h>
+@@ -174,6 +175,9 @@ int o_skip_passes = 0;
+
+ /* End of Options ***/
+
++static int ignorable_sync_errno (int errno_val);
++static int dosync (int fd, char const *qname);
++static int incname (char *name, size_t len);
+ static int wipe_filename_and_remove (char *fn);
+
+ /*** do_remove */
+@@ -501,73 +505,176 @@ inline static int directory_name_length
+ static char valid_filename_chars[64] =
+ "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-.";
+
++static int
++ignorable_sync_errno (int errno_val)
++{
++ return (errno_val == EINVAL
++ || errno_val == EBADF
++ /* HP-UX does this */
++ || errno_val == EISDIR);
++}
++
++
++#define HAVE_FDATASYNC 1
++static int
++dosync (int fd, char const *qname)
++{
++ int err;
++
++#if HAVE_FDATASYNC
++ if (fdatasync (fd) == 0)
++ return 0;
++ err = errno;
++ if ( ! ignorable_sync_errno (err)) {
++ fprintf (stderr, "%s: fdatasync failed", qname);
++ errno = err;
++ return -1;
++ }
++#endif
++
++ if (fsync (fd) == 0)
++ return 0;
++ err = errno;
++ if ( ! ignorable_sync_errno (err)) {
++ fprintf (stderr, "%s: fsync failed", qname);
++ errno = err;
++ return -1;
++ }
++
++ sync ();
++ return 0;
++}
++
++static int
++incname (char *name, size_t len)
++{
++ while (len--) {
++ char const *p = strchr (valid_filename_chars, name[len]);
++
++ /* Given that NAME is composed of bytes from NAMESET,
++ P will never be NULL here. */
++ assert (p);
++
++ /* If this character has a successor, use it. */
++ if (p[1]) {
++ name[len] = p[1];
++ return 0;
++ }
++
++ /* Otherwise, set this digit to 0 and increment the prefix. */
++ name[len] = valid_filename_chars[0];
++ }
++
++ return -1;
++}
++
++#ifndef ISSLASH
++# define ISSLASH(C) ((C) == '/')
++#endif
++
++char *
++last_component (char const *name)
++{
++ char const *base = name;
++ char const *p;
++ int saw_slash = -1;
++
++ while (ISSLASH (*base))
++ base++;
++
++ for (p = base; *p; p++) {
++ if (ISSLASH (*p))
++ saw_slash = -1;
++ else if (saw_slash) {
++ base = p;
++ saw_slash = 0;
++ }
++ }
++
++ return (char *) base;
++}
++
++
+ /*** wipe_filename_and_remove */
+
+ /* actually, after renaming a file, the only way to make sure that the
+ * name change is physically carried out is to call sync (), which flushes
+ * out ALL the disk caches of the system, whereas for
+- * reading and writing one can use the O_SYNC bit to get syncrhonous
++ * reading and writing one can use the O_SYNC bit to get synchronous
+ * I/O for one file. as sync () is very slow, calling sync () after
+ * every rename () makes wipe extremely slow.
+ */
+
+ static int wipe_filename_and_remove (char *fn)
+ {
+- int i, j, k, l;
++ int len;
+ int r = -1;
+ int fn_l, dn_l;
+- /* char *dn; */
+- char *buf[2];
++ char *oldname, *newname;
++ char *dir, *dirc;
++ dirc = strdup(fn);
++ dir = dirname(dirc);
+ struct stat st;
+- int t_l; /* target length */
+
+- /* dn = directory_name (fn); */
+ fn_l = strlen (fn);
+ dn_l = directory_name_length (fn);
+
+- buf[0] = malloc (fn_l + NAME_MAX + 1);
+- buf[1] = malloc (fn_l + NAME_MAX + 1);
++ oldname = malloc (fn_l + NAME_MAX + 1);
++ newname = malloc (fn_l + NAME_MAX + 1);
+
+ r = 0;
+
+- t_l = fn_l - dn_l; /* first target length */
++ if (oldname && newname) {
++ strcpy (oldname, fn);
++ strcpy (newname, fn);
++
++ int dir_fd = open (dir, O_RDONLY | O_DIRECTORY | O_NOCTTY | O_NONBLOCK);
++
++
++ char *base = last_component(newname);
++ len = strlen(base);
++ fprintf (stderr, "\n");
++ while (len) {
++ memset (base, valid_filename_chars[0], len);
++ base[len] = 0;
++ do {
++ if (lstat (newname, &st) < 0) {
++ if (!o_silent) {
++ fprintf (stderr, "\rRenaming %32.32s -> %32.32s", oldname, newname);
++ middle_of_line = 1;
++ fflush (stderr);
++ }
++ if (rename (oldname, newname) == 0) {
++ if (0 <= dir_fd && dosync (dir_fd, dir) != 0)
++ r = -1;
++ memcpy (oldname + (base - newname), base, len + 1);
++ break;
++ } else {
++ /* The rename failed: give up on this length. */
++ fprintf (stderr, "%.32s: could not rename '%s' to '%s': %s (%d)\n", fn, oldname, newname, strerror (errno), errno);
++ break;
++ }
++ } else {
++ //fprintf (stderr, "%.32s: rename target '%s' exists\n", fn, newname);
++ }
++ } while (incname (base, len));
++ len--;
++ }
+
+- if (buf[0] && buf[1]) {
+- strcpy (buf[0], fn);
+- strcpy (buf[1], fn);
+- for (j = 1, i = 0; i < o_name_max_passes; j ^= 1, i++) {
+- for (k = o_name_max_tries; k; k--) {
+- l = t_l;
+- fill_random_from_table (buf[j] + dn_l, l,
+- valid_filename_chars, 0x3f);
+- buf[j][dn_l + l] = 0;
+- if (stat (buf[j], &st)) break;
+- }
+
+- if (k) {
+- if (!o_silent) {
+- fprintf (stderr, "\rRenaming %32.32s -> %32.32s", buf[j^1], buf[j]);
+- middle_of_line = 1;
+- fflush (stderr);
+- }
+- if (rename (buf[j^1], buf[j])) {
+- FLUSH_MIDDLE
+- fprintf (stderr, "%.32s: could not rename '%s' to '%s': %s (%d)\n",
+- fn, buf[j^1], buf[j], strerror (errno), errno);
+- r = -1;
+- break;
+- }
+- (void) sync ();
+- } else {
+- /* we could not find a target name of desired length, so
+- * increase target length until we find one. */
+- t_l ++;
+- j ^= 1;
++ if (remove (oldname)) {
++ fprintf (stderr, "%.32s: failed to unlink '%s'\n", fn, oldname);
++ r = -1;
++ }
++ if (0 <= dir_fd) {
++ dosync (dir_fd, dir);
++ if (close (dir_fd) != 0) {
++ fprintf (stderr, "%s: failed to close\n", dir);
++ r = -1;
+ }
+ }
+- if (remove (buf[j^1])) r = -1;
+ }
+- free (buf[0]); free (buf[1]);
++ free (oldname); free (newname); free(dirc);
+ return r;
+ }
+
+@@ -1017,7 +1124,7 @@ static int dothejob (char *fn)
+ }
+
+ #ifndef HAVE_OSYNC
+- if (fsync (fd)) {
++ if (dosync (fd,fn)) {
+ fnerror ("fsync error [1]");
+ close (fd);
+ return -1;
+@@ -1025,7 +1132,7 @@ static int dothejob (char *fn)
+ #endif
+ }
+
+- if (fsync (fd)) {
++ if (dosync (fd,fn)) {
+ fnerror ("fsync error [2]");
+ close (fd);
+ return -1;
diff --git a/debian/patches/60_fix-warnings.patch b/debian/patches/60_fix-warnings.patch
new file mode 100644
index 0000000..509c300
--- /dev/null
+++ b/debian/patches/60_fix-warnings.patch
@@ -0,0 +1,26 @@
+Description: fix new warnings caused by 50 patch.
+Author: Joao Eriberto Mota Filho <eriberto at debian.org>
+Last-Update: 2016-09-06
+Index: wipe-0.22/wipe.c
+===================================================================
+--- wipe-0.22.orig/wipe.c
++++ wipe-0.22/wipe.c
+@@ -93,6 +93,9 @@
+ #include "misc.h"
+ #include "version.h"
+
++// FIX warning: implicit declaration of function ‘dirname’ [-Wimplicit-function-declaration]
++#include <libgen.h>
++
+ /* includes ***/
+
+ /*** more defines */
+@@ -610,6 +613,8 @@ static int wipe_filename_and_remove (cha
+ int len;
+ int r = -1;
+ int fn_l, dn_l;
++ // FIX [-Wunused-but-set-variable]
++ (void)dn_l;
+ char *oldname, *newname;
+ char *dir, *dirc;
+ dirc = strdup(fn);
diff --git a/debian/patches/series b/debian/patches/series
index 6ee328a..f219527 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,6 @@
-002-add-hardening
-001_fix-manpages.diff
+10_add-hardening.patch
+20_fix-manpage.patch
+30_fix-spelling-binary.patch
+40-fix_warnings.patch
+50_hide-filenames.patch
+60_fix-warnings.patch
diff --git a/debian/rules b/debian/rules
index a87d3a8..3b683ad 100755
--- a/debian/rules
+++ b/debian/rules
@@ -4,27 +4,17 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all
DEB_HOST_GNU_SYSTEM := $(shell dpkg-architecture -qDEB_HOST_GNU_SYSTEM)
+# Define the OS
ifeq ($(DEB_HOST_GNU_SYSTEM), linux-gnu)
- target = linux
+ target = linux
+else ifeq ($(DEB_HOST_GNU_SYSTEM), kfreebsd-gnu)
+ target = freebsd
else
- target = generic
-endif
-
-CFLAGS += -Wall -g -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64
-
-ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
- CFLAGS += -O0
-else
- CFLAGS += -pipe -fomit-frame-pointer
- ifeq ($(target), generic)
- CFLAGS += -O6
- else
- CFLAGS += -O9 -finline-functions -funroll-loops -fstrength-reduce
- endif
+ target = generic
endif
%:
dh $@
override_dh_auto_build:
- dh_auto_build -- $(target) CFLAGS="$(CFLAGS)"
+ dh_auto_build -- $(target)
diff --git a/debian/watch b/debian/watch
index aa15e12..6a9f095 100644
--- a/debian/watch
+++ b/debian/watch
@@ -1,3 +1,3 @@
-version=3
+version=4
http://lambda-diode.com/software/wipe .*/wipe/wipe-(\d\S+)\.tar\.(?:bz2|gz|xz)
https://github.com/berke/wipe/releases .*/archive/v?(\d\S+)\.tar\.(?:bz2|gz|xz)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/wipe.git
More information about the forensics-changes
mailing list