summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/patches/manpage.diff81
-rw-r--r--debian/patches/series1
2 files changed, 82 insertions, 0 deletions
diff --git a/debian/patches/manpage.diff b/debian/patches/manpage.diff
new file mode 100644
index 0000000..aa55769
--- /dev/null
+++ b/debian/patches/manpage.diff
@@ -0,0 +1,81 @@
+From: Benjamin Barenblat <bbaren@mit.edu>
+Subject: Remove Debian-irrelevant data from man page
+Forwarded: not-needed
+
+Remove references to cryptlib from the man page, as Debian builds this package
+using OpenSSL.
+
+Remove recommendation to statically link the binary, as this should’t be a
+decision the user has to make.
+--- a/secpwgen.1
++++ b/secpwgen.1
+@@ -1,4 +1,5 @@
+ .\" (c) 2004-2005 Zeljko Vrba <zvrba@globalnet.hr>
++.\" (c) 2015 Benjamin Barenblat <bbaren@mit.edu>
+ .\"
+ .\" Permission is hereby granted, free of charge, to any person obtaining
+ .\" a copy of this software and associated documentation files (the
+@@ -166,7 +167,7 @@ case mlock is used with reduced security
+ .It
+ Disabling core-dumps in the event of crash.
+ .It
+-Cryptographically strong random number generator (using OpenSSL or cryptlib).
++Cryptographically strong random number generator (using OpenSSL).
+ The exact method for generation is described in its respective source file.
+ .El
+ .Pp
+@@ -176,11 +177,6 @@ the following used components: C library
+ random number generation, the kernel, and, ultimately, the system
+ administrator (although not a SW component :), a malicious sysadmin can modify
+ the kernel or system libraries to log somewhere all output of a program).
+-.Pp
+-You should build the program as statically linked, if at all possible. There
+-are numerous ways in which dynamic linking can be used to subvert this
+-programs' security. Unfortunately, there is no reliable nor portable way to
+-discover at run-time if the program is statically or dynamically linked.
+ .Ss OPENSSL NOTES
+ This program does not take any steps to initialize the entropy pool. OpenSSL
+ uses the system-provided /dev/[u]random as the source of randomness.
+@@ -192,11 +188,6 @@ error then
+ if you want really secure and unguessable passwords. There are many real-life
+ examples where the system security was compromised because of poor random
+ number generators.
+-.Ss CRYPTLIB NOTES
+-For maximum security, it is recommended to use cryptlib if at all possible.
+-Citing its manual, it is designed around a B3 kernel and tries very hard to
+-protect and sanitize all sensitive data (including locking it in memory if
+-possible). Also, there are no issues about initializing the entropy pool.
+ .Sh EXAMPLES
+ Generate an 4-word enhanced passphrase from the diceware dictionary:
+ .Nm
+@@ -245,11 +236,6 @@ recompiled.
+ This is a real bug in the program. Report this to the author
+ along with the exact command-line arguments, the compiler used,
+ operating system, etc.
+-.It "ERROR: some garbage left to cryptlib."
+-This is an indication of the bug in the program. Report this to the author
+-along with other data described above. Nothing "bad" happened; everything
+-was properly cleaned by cryptlib on exit. It is just an indication that
+-some objects were not freed by the program before shutting down cryptlib.
+ .El
+ .Sh SEE ALSO
+ .Xr pwgen 1 ,
+@@ -269,17 +255,13 @@ some objects were not freed by the progr
+ .%T "RFC2289: A One-Time Password System"
+ .Re
+ .Rs
+-.%A Peter Gutmann
+-.%T cryptlib
+-.%O http://www.cs.auckland.ac.nz/~pgut001/cryptlib/
+-.Re
+-.Rs
+ .%T OpenSSL
+ .%O http://www.openssl.org
+ .Re
+ .Sh AUTHORS
+ The secpwgen program and this manual page were written by
+ .An Zeljko Vrba Aq zvrba@globalnet.hr .
++Benjamin Barenblat modified it for the Debian project.
+ .Sh BUGS
+ The program
+ .Sy will crash
diff --git a/debian/patches/series b/debian/patches/series
index 20af343..e4d3955 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
makefile.diff
spelling.diff
+manpage.diff