From nobody Sun Jan 28 21:53:59 2024 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TNQDl3mgTz59Mrk; Sun, 28 Jan 2024 21:53:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TNQDl3XMzz4Ps9; Sun, 28 Jan 2024 21:53:59 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1706478839; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=32vzEiW3wfjsuY4vhn14kkh1WQgTL0uQbp3YagJmEEk=; b=caZteE2N8SdLbJGaz5m7LlcH0EvhHOg7esZCpcimqWO3YqMJ041g1FtSI+G2RDA4pGFVau 7KZWSRdRJzN8IyCwNu2Qe2WLuB9Rk1Fa5vx8lGWhEHRogcrbELfVFqX97gsqDwML8+Er1a N0aP4zJNC/6AR2rEgQTL9Hop3bnEwC1Uc8ahGz2l6L4LymbMiRts9tGczoF7MY5ASjgOd6 +UrOJBktnvOUseQ8drywv+aJ7TqwnchZ8Om9flOhratrcgm1TZBb2RSbYAlYRwkm0PxVHw I+paCqRtrVzFZEL7aaKocEOcSNqjPb8DQmPV5oaE7R8rwnc9dNhddIBXGJaspg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1706478839; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=32vzEiW3wfjsuY4vhn14kkh1WQgTL0uQbp3YagJmEEk=; b=bgZNJBj5OHwPngM8mWLvw4eDswxKLam6k1PcemKm3zimjr0mTuOobK9WwvjqK/wkSUouGw MG2PXcyKSziv1xU7Ayn1N0U+WBt2YYrF0nz1e+0d2uttAINTjMpS1xu2wfbmyF6m6aQIlP URs3NpEhN+JhhAdCBLupPVQ7j9+t7SOIkDHjhJNqvCJwIUNhvNXTLGojxfhL6LWuSFY3WN cXwPo4ZXiyVxFnzS32KLdIc3ZKtRB/kziWBzKC/q2W5g/dSPcp34HjJk6j4eT2IJS3r1c0 WOlZQtPYoZ9LzuqYB7hhxSZY0M3m4GvP1TCW2954MNVCjLfEZ7hwwL56tf61VA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1706478839; a=rsa-sha256; cv=none; b=t610Z+UiB8r0Cr8mnLOr3qHv2CRyi6MNz4oD5jrlbmlmWw5F2NA2BDNWN89h4vAgHvBWLs KDPboLDRq5Z+tWVhZpv3nkwh7iMXjL2wkLfMgDIs1eW0ZzSOmE0hlkjeVsr5LivnIc++7i GXoGD5szOOqtutRaczbz1VYErj2C6iEIGhl62B8cTMs/9GFZ7NnOf+MpbiK1MtLEMW+40S D0lhaTr3cNTUz7SmV3MS1IX1nu2UYuDdML/FumJR9Y7hIa23cVCjTaEsb8YOo8FaO9C0t7 W9cfcyI1ioQJV25sUc6nkOmnOsBxPOAtCreMD+amelWO5AOYPHEpws61WTEjhw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4TNQDl2d5bzQ4Z; Sun, 28 Jan 2024 21:53:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 40SLrxAC016712; Sun, 28 Jan 2024 21:53:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 40SLrxT5016708; Sun, 28 Jan 2024 21:53:59 GMT (envelope-from git) Date: Sun, 28 Jan 2024 21:53:59 GMT Message-Id: <202401282153.40SLrxT5016708@gitrepo.freebsd.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Daniel Engberg Subject: git: 862511e5784e - main - security/ssss: Update to 0.5.7 List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-ports-main@freebsd.org X-BeenThere: dev-commits-ports-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: diizzy X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 862511e5784e381e08d88246358188dfcffc6901 Auto-Submitted: auto-generated The branch main has been updated by diizzy: URL: https://cgit.FreeBSD.org/ports/commit/?id=862511e5784e381e08d88246358188dfcffc6901 commit 862511e5784e381e08d88246358188dfcffc6901 Author: Daniel Engberg AuthorDate: 2024-01-28 12:56:01 +0000 Commit: Daniel Engberg CommitDate: 2024-01-28 21:53:05 +0000 security/ssss: Update to 0.5.7 Switch to fork which fixes a few issues and while at it tidy up Makefile Changelog: https://github.com/MrJoy/ssss/compare/releases/v0.5...releases/v0.5.7 --- security/ssss/Makefile | 30 ++++- security/ssss/distinfo | 5 +- security/ssss/files/patch-Makefile | 31 ----- security/ssss/files/patch-manpage | 227 ------------------------------------- security/ssss/files/patch-ssss.1 | 68 +++++++++++ security/ssss/files/patch-ssss.c | 11 -- 6 files changed, 95 insertions(+), 277 deletions(-) diff --git a/security/ssss/Makefile b/security/ssss/Makefile index caa5dc30dd41..ed70d272644d 100644 --- a/security/ssss/Makefile +++ b/security/ssss/Makefile @@ -1,18 +1,36 @@ PORTNAME= ssss -PORTVERSION= 0.5 -PORTREVISION= 4 +DISTVERSIONPREFIX= releases/v +DISTVERSION= 0.5.7 CATEGORIES= security -MASTER_SITES= http://point-at-infinity.org/ssss/ MAINTAINER= ports@FreeBSD.org COMMENT= Shamir's Secret Sharing Scheme WWW= http://point-at-infinity.org/ssss/ +LICENSE= GPLv2 +LICENSE_FILE= ${WRKSRC}/LICENSE + LIB_DEPENDS= libgmp.so:math/gmp -PLIST_FILES= bin/ssss-combine bin/ssss-split man/man1/ssss.1.gz +USES= localbase:ldflags + +USE_GITHUB= yes +GH_ACCOUNT= MrJoy + +PLIST_FILES= bin/ssss-combine \ + bin/ssss-split \ + share/man/man1/ssss.1.gz + +do-build: + cd ${BUILD_WRKSRC} && \ + ${CC} ${CFLAGS} ${LDFLAGS} -Wall -o ssss-split ssss.c -lgmp + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/ssss-split ${STAGEDIR}${PREFIX}/bin + ${RLN} ${STAGEDIR}${PREFIX}/bin/ssss-split ${STAGEDIR}${PREFIX}/bin/ssss-combine + ${INSTALL_MAN} ${WRKSRC}/ssss.1 ${STAGEDIR}${PREFIX}/share/man/man1 -post-patch: - ${REINPLACE_CMD} 's,(DESTDIR),&$$(PREFIX),' ${WRKSRC}/Makefile +post-install: + ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/ssss-split .include diff --git a/security/ssss/distinfo b/security/ssss/distinfo index 4b5a87b29299..c97f53476755 100644 --- a/security/ssss/distinfo +++ b/security/ssss/distinfo @@ -1,2 +1,3 @@ -SHA256 (ssss-0.5.tar.gz) = 5d165555105606b8b08383e697fc48cf849f51d775f1d9a74817f5709db0f995 -SIZE (ssss-0.5.tar.gz) = 17435 +TIMESTAMP = 1706443223 +SHA256 (MrJoy-ssss-releases-v0.5.7_GH0.tar.gz) = dbb1f03797cb3fa69594530f9b2c36010f66705b9d5fbbc27293dce72b9c9473 +SIZE (MrJoy-ssss-releases-v0.5.7_GH0.tar.gz) = 21774 diff --git a/security/ssss/files/patch-Makefile b/security/ssss/files/patch-Makefile deleted file mode 100644 index 13e2cc7d5a3f..000000000000 --- a/security/ssss/files/patch-Makefile +++ /dev/null @@ -1,31 +0,0 @@ ---- Makefile.orig Thu Aug 30 17:28:27 2007 -+++ Makefile Thu Aug 30 18:06:38 2007 -@@ -1,17 +1,19 @@ --all: ssss-split ssss-combine ssss.1 ssss.1.html -+DESTDIR=/usr/local -+ -+all: ssss-split ssss-combine - - ssss-split: ssss.c -- $(CC) -W -Wall -O2 -lgmp -o ssss-split ssss.c -+ $(CC) -W -Wall -O2 -I/usr/local/include -L/usr/local/lib -lgmp -o ssss-split ssss.c - strip ssss-split -+ mv ssss.manpage.xml ssss.1 - - ssss-combine: ssss-split - ln -f ssss-split ssss-combine - --ssss.1: ssss.manpage.xml -- xmltoman ssss.manpage.xml > ssss.1 -- --ssss.1.html: ssss.manpage.xml -- xmlmantohtml ssss.manpage.xml > ssss.1.html -- - clean: -- rm -rf ssss-split ssss-combine ssss.1 ssss.1.html -+ rm -rf ssss-split ssss-combine ssss.1 -+ -+install: all -+ install -m0755 ssss-split $(DESTDIR)/bin -+ install -m0755 ssss-combine $(DESTDIR)/bin -+ install -m0644 ssss.1 $(DESTDIR)/man/man1 diff --git a/security/ssss/files/patch-manpage b/security/ssss/files/patch-manpage deleted file mode 100644 index 55f4b3ddd118..000000000000 --- a/security/ssss/files/patch-manpage +++ /dev/null @@ -1,227 +0,0 @@ ---- ssss.manpage.xml.orig Sun Jan 15 12:10:01 2006 -+++ ssss.manpage.xml Sat Mar 10 23:58:04 2007 -@@ -1,162 +1,62 @@ -- -- -- -- -- -- -- -- -- ssss-split -t threshold -n shares [-w token] -- [-s level] [-x] [-q] [-Q] [-D] [-v] -- ssss-combine -t threshold [-x] [-q] [-Q] [-D] [-v] -- -- -- --

ssss is an implementation of Shamir's Secret Sharing Scheme. The --program suite does both: the generation of shares for a known secret, --and the reconstruction of a secret using user-provided shares.

-- -- --
--

ssss-split: prompt the user for a secret and generate a set of -- corresponding shares.

-- --

ssss-combine: read in a set of shares and reconstruct -- the secret.

--
-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
--

-- In case you want to protect your login password with a set of ten -- shares in such a way that any three of them can reconstruct the -- password, you simply run the command --

-- --

-- ssss-split -t 3 -n 10 -w passwd --

-- --

-- To reconstruct the password pass three of the generated shares -- (in any order) to --

-- --

-- ssss-combine -t 3 --

-- --
--
--

--To protect a secret larger than 1024 bits a hybrid technique has to be --applied: encrypt the secret with a block cipher and apply secret --sharing to just the key. Among others openssl and gpg can do the --encryption part: --

--

--openssl bf -e < file.plain > file.encrypted --

--

--gpg -c < file.plain > file.encrypted --

-- --
-- --
--

--ssss tries to lock its virtual address space into RAM for --privacy reasons. But this may fail for two reasons: either the current uid --doesn't permit page locking, or the RLIMIT_MEMLOCK is set too --low. After printing a warning message ssss will run even without --obtaining the desired mlock. --

-- --
-- --
-- This software (v0.5) was written in 2006 by B. Poettering -- (ssss AT point-at-infinity.org). Find the newest version of -- ssss on the project's homepage: . --
-- --
-- --
-- -- -- -+.TH ssss 1 User Manuals -+.SH NAME -+ssss \- Split and Combine Secrets using Shamir's Secret Sharing Scheme. -+.SH SYNOPSIS -+\fBssss-split -t \fIthreshold\fB -n \fIshares\fB [-w \fItoken\fB] [-s \fIlevel\fB] [-x] [-q] [-Q] [-D] [-v] -+ -+ssss-combine -t \fIthreshold\fB [-x] [-q] [-Q] [-D] [-v] -+\f1 -+.SH DESCRIPTION -+ssss is an implementation of Shamir's Secret Sharing Scheme. The program suite does both: the generation of shares for a known secret, and the reconstruction of a secret using user-provided shares. -+.SH COMMANDS -+\fBssss-split\f1: prompt the user for a secret and generate a set of corresponding shares. -+ -+\fBssss-combine\f1: read in a set of shares and reconstruct the secret. -+.SH OPTIONS -+.TP -+\fB-t \fIthreshold\fB\f1 -+Specify the number of shares necessary to reconstruct the secret. -+.TP -+\fB-n \fIshares\fB\f1 -+Specify the number of shares to be generated. -+.TP -+\fB-w \fItoken\fB\f1 -+Text token to name shares in order to avoid confusion in case one utilizes secret sharing to protect several independent secrets. The generated shares are prefixed by these tokens. -+.TP -+\fB-s \fIlevel\fB\f1 -+Enforce the scheme's security level (in bits). This option implies an upper bound for the length of the shared secret (shorter secrets are padded). Only multiples of 8 in the range from 8 to 1024 are allowed. If this option is ommitted (or the value given is 0) the security level is chosen automatically depending on the secret's length. The security level directly determines the length of the shares. -+.TP -+\fB-x\f1 -+Hex mode: use hexadecimal digits in place of ASCII characters for I/O. This is useful if one wants to protect binary data, like block cipher keys. -+.TP -+\fB-q\f1 -+Quiet mode: disable all unnecessary output. Useful in scripts. -+.TP -+\fB-Q\f1 -+Extra quiet mode: like \fB-q\f1, but also suppress warnings. -+.TP -+\fB-D\f1 -+Disable the diffusion layer added in version 0.2. This option is needed when shares are combined that where generated with ssss version 0.1. -+.TP -+\fB-v\f1 -+Print version information. -+.SH EXAMPLE -+In case you want to protect your login password with a set of ten shares in such a way that any three of them can reconstruct the password, you simply run the command -+ -+ssss-split -t 3 -n 10 -w passwd -+ -+To reconstruct the password pass three of the generated shares (in any order) to -+ -+ssss-combine -t 3 -+.SH NOTES -+To protect a secret larger than 1024 bits a hybrid technique has to be applied: encrypt the secret with a block cipher and apply secret sharing to just the key. Among others openssl and gpg can do the encryption part: -+ -+openssl bf -e < file.plain > file.encrypted -+ -+gpg -c < file.plain > file.encrypted -+.SH SECURITY -+\fBssss\f1 tries to lock its virtual address space into RAM for privacy reasons. But this may fail for two reasons: either the current uid doesn't permit page locking, or the RLIMIT_MEMLOCK is set too low. After printing a warning message \fBssss\f1 will run even without obtaining the desired mlock. -+.SH AUTHOR -+This software (v0.5) was written in 2006 by B. Poettering (ssss AT point-at-infinity.org). Find the newest version of ssss on the project's homepage: \fBhttp://point-at-infinity.org/ssss/\f1. -+.SH FURTHER READING -+\fBhttp://en.wikipedia.org/wiki/Secret_sharing\f1 diff --git a/security/ssss/files/patch-ssss.1 b/security/ssss/files/patch-ssss.1 new file mode 100644 index 000000000000..4ead81a9e598 --- /dev/null +++ b/security/ssss/files/patch-ssss.1 @@ -0,0 +1,68 @@ +--- ssss.1.orig 2024-01-28 12:45:24 UTC ++++ ssss.1 +@@ -0,0 +1,65 @@ ++.TH ssss 1 User Manuals ++.SH NAME ++ssss \- Split and Combine Secrets using Shamir's Secret Sharing Scheme. ++.SH SYNOPSIS ++\fBssss-split -t \fIthreshold\fB -n \fIshares\fB [-w \fItoken\fB] [-s \fIlevel\fB] [-x] [-q] [-Q] [-D] [-v] ++ ++ssss-combine -t \fIthreshold\fB [-r -n \fIshares\fB] [-x] [-q] [-Q] [-D] [-v] ++\f1 ++.SH DESCRIPTION ++ssss is an implementation of Shamir's Secret Sharing Scheme. The program suite does both: the generation of shares for a known secret, and the reconstruction of a secret using user-provided shares. ++.SH COMMANDS ++\fBssss-split\f1: prompt the user for a secret and generate a set of corresponding shares. ++ ++\fBssss-combine\f1: read in a set of shares and reconstruct the secret. ++.SH OPTIONS ++.TP ++\fB-t \fIthreshold\fB\f1 ++Specify the number of shares necessary to reconstruct the secret. ++.TP ++\fB-n \fIshares\fB\f1 ++Specify the number of shares to be generated. ++.TP ++\fB-w \fItoken\fB\f1 ++Text token to name shares in order to avoid confusion in case one utilizes secret sharing to protect several independent secrets. The generated shares are prefixed by these tokens. ++.TP ++\fB-s \fIlevel\fB\f1 ++Enforce the scheme's security level (in bits). This option implies an upper bound for the length of the shared secret (shorter secrets are padded). Only multiples of 8 in the range from 8 to 1024 are allowed. If this option is ommitted (or the value given is 0) the security level is chosen automatically depending on the secret's length. The security level directly determines the length of the shares. ++.TP ++\fB-r\f1 ++Recovery mode: ssss-combine reads in a set of \fB-t\f1 shares and reconstruct \fBn\f1 shares again. ssss-split doesn't generate shares randomly, but asks the secret and \fB-t\f1 - 1 shares (secret is treated here as a share). Usable to recover forgotten shares. ++.TP ++\fB-x\f1 ++Hex mode: use hexadecimal digits in place of ASCII characters for I/O. This is useful if one wants to protect binary data, like block cipher keys. ++.TP ++\fB-q\f1 ++Quiet mode: disable all unnecessary output. Useful in scripts. ++.TP ++\fB-Q\f1 ++Extra quiet mode: like \fB-q\f1, but also suppress warnings. ++.TP ++\fB-D\f1 ++Disable the diffusion layer added in version 0.2. This option is needed when shares are combined that where generated with ssss version 0.1. ++.TP ++\fB-v\f1 ++Print version information. ++.SH EXAMPLE ++In case you want to protect your login password with a set of ten shares in such a way that any three of them can reconstruct the password, you simply run the command ++ ++ssss-split -t 3 -n 10 -w passwd ++ ++To reconstruct the password pass three of the generated shares (in any order) to ++ ++ssss-combine -t 3 ++.SH NOTES ++To protect a secret larger than 1024 bits a hybrid technique has to be applied: encrypt the secret with a block cipher and apply secret sharing to just the key. Among others openssl and gpg can do the encryption part: ++ ++openssl bf -e < file.plain > file.encrypted ++ ++gpg -c < file.plain > file.encrypted ++.SH SECURITY ++\fBssss\f1 tries to lock its virtual address space into RAM for privacy reasons. But this may fail for two reasons: either the current uid doesn't permit page locking, or the RLIMIT_MEMLOCK is set too low. After printing a warning message \fBssss\f1 will run even without obtaining the desired mlock. ++.SH AUTHOR ++The original software (v0.5) was written in 2006 by B. Poettering (ssss AT point-at-infinity.org). The amended versions (v0.5.1+) were written between 2011..2020 by Jon D Frisby (jfrisby AT mrjoy.com). Find the newest version of ssss on the project's homepage: \fBhttps://github.com/MrJoy/ssss/\f1. ++.SH FURTHER READING ++\fBhttp://en.wikipedia.org/wiki/Secret_sharing\f1 diff --git a/security/ssss/files/patch-ssss.c b/security/ssss/files/patch-ssss.c deleted file mode 100644 index 5ff2714c3a23..000000000000 --- a/security/ssss/files/patch-ssss.c +++ /dev/null @@ -1,11 +0,0 @@ ---- ssss.c.orig Sun Sep 9 10:24:42 2007 -+++ ssss.c Sun Sep 9 10:24:48 2007 -@@ -348,7 +348,7 @@ - #define MPZ_SWAP(A, B) \ - do { mpz_set(h, A); mpz_set(A, B); mpz_set(B, h); } while(0) - --int restore_secret(int n, mpz_t (*A)[n], mpz_t b[]) -+int restore_secret(int n, void *A, mpz_t b[]) - { - mpz_t (*AA)[n] = (mpz_t (*)[n])A; - int i, j, k, found;