Debian Bug report logs -
#667796
slock: Please package slock 1.0 (CVE-2012-1620)
Reported by: Thijs Kinkhorst <thijs@debian.org>
Date: Fri, 6 Apr 2012 16:27:01 UTC
Severity: normal
Fixed in version suckless-tools/39-1
Done: Vasudev Kamath <kamathvasudev@gmail.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, michael@stummi.org, Kai Hendry <hendry@iki.fi>:
Bug#667796; Package suckless-tools.
(Fri, 06 Apr 2012 16:27:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Thijs Kinkhorst <thijs@debian.org>:
New Bug report received and forwarded. Copy sent to michael@stummi.org, Kai Hendry <hendry@iki.fi>.
(Fri, 06 Apr 2012 16:27:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: suckless-tools
Severity: normal
Hi Michael,
slock 1.0 is available since early February. It addresses a mild
security issue related to unlocking the screen (CVE-2012-1620).
I saw your package on mentors; I can review and sponsor it if you
include an upgrade to slock 1.0 in it.
Because of the mild nature of this issue, no updates for stable
are necessary.
cheers,
Thijs
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Information forwarded
to debian-bugs-dist@lists.debian.org, Kai Hendry <hendry@iki.fi>:
Bug#667796; Package suckless-tools.
(Mon, 09 Apr 2012 10:03:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Stummvoll <michael@stummi.org>:
Extra info received and forwarded to list. Copy sent to Kai Hendry <hendry@iki.fi>.
(Mon, 09 Apr 2012 10:03:04 GMT) (full text, mbox, link).
Message #10 received at 667796@bugs.debian.org (full text, mbox, reply):
Hi, sorry for the late reply.
I don't have much time at the moment for suckless-tools, currently its
maintained in a git repository on collab-maint. However, currently it
hangs cause git-buildpackage does not support multiple origin tars, what
we have on suckless tools, so it needs some more work, where i haven't
the time for atm. If somebody want, he can feel free to find a way to
fix that.
Kind regards,
Michael
Reply sent
to Vasudev Kamath <kamathvasudev@gmail.com>:
You have taken responsibility.
(Thu, 15 Nov 2012 20:51:26 GMT) (full text, mbox, link).
Notification sent
to Thijs Kinkhorst <thijs@debian.org>:
Bug acknowledged by developer.
(Thu, 15 Nov 2012 20:51:26 GMT) (full text, mbox, link).
Message #15 received at 667796-close@bugs.debian.org (full text, mbox, reply):
Source: suckless-tools
Source-Version: 39-1
We believe that the bug you reported is fixed in the latest version of
suckless-tools, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 667796@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Vasudev Kamath <kamathvasudev@gmail.com> (supplier of updated suckless-tools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 15 Nov 2012 12:28:34 +0530
Source: suckless-tools
Binary: suckless-tools
Architecture: source i386
Version: 39-1
Distribution: experimental
Urgency: low
Maintainer: Vasudev Kamath <kamathvasudev@gmail.com>
Changed-By: Vasudev Kamath <kamathvasudev@gmail.com>
Description:
suckless-tools - simple commands for minimalistic window managers
Closes: 378175 610478 627662 636030 642307 650573 650574 658386 665884 667796 692737
Changes:
suckless-tools (39-1) experimental; urgency=low
.
[ Michael Stummvoll ]
* Added manpage for dmenu_run (Closes: #610478)
* Updated manpages for slock, ssid, swarp and wmname (Closes: #636030)
* Updated manpage for sselp (Closes: #378175)
* Removed st from the package. Suggests stterm now. Since st is
no longer part of this package it doesn't install st.256color.
(Closes: #642307,#665884)
* Fixed a typo in the wmname manpage
* Added some docs
.
[ Vasudev Kamath ]
* debian/control:
+ Increased minimum debhelper required to 9
+ Bumped Standards-Version to 3.9.4. This did not require any change
to package.
+ Added Michael Stummvoll as Uploader
+ Added dependency on dpkg-dev >= 1.16.1.1 to introduce hardening flags
using dpkg-buildflags.
* Set debian/compat to 9
* Created new version 39
+ Imported new version of lsw (Closes: #650573)
+ Updated dmenu (Closes: #650574, #658386)
+ Added sprop and lsx (Closes: #627662)
+ Imported new version of slock. This resolves CVE-2012-1620
(Closes: #667796, #692737)
+ Imported new version of tabbed
* debian/rules:
+ Added get-orig-source target to get upstream source tarball for included
package
* debian/patches:
+ Added patch to do setgid shadow instead of setuid root on slock Makefile
(01_fix_setuid_slock.patch).
+ Added patch to introduce hardening flags and allow DEB_BUILD_OPTIONS=noopt
(02_dpkg-buildflags.patch).
+ Added patch to make command execution visible in Makefiles
(03_transparent-makefiles.patch).
+ Added patch to escape '-' symbol in manpage for tabbed and use temp files
in secure way (04_tabbed-manpage-hyphen-fix.patch).
* debian/README.source:
+ Updated this file with proper instruction on how to recreate the original
source tarballs required for package building.
* debian/create_orig_source shell script is added which will be invoked when
get-orig-source target in debian/rules is invoked
* debian/watch:
+ Empty watch file added with only version=3 string in it to avoid lintian
warning
* debian/README.slock.Debian:
+ This file is added giving instruction on how to use the slock command.
* debian/copyright:
+ Fixed the Copyright fields for lsw, dmenu, tabbed.
+ Changed short license name from MIT to Expat.
* Switched to source format 3.0 (quilt)
Checksums-Sha1:
afc13dceb1d911bd994718570e74e80113c9bc64 4657 suckless-tools_39-1.dsc
70c1a13b950b7b0cb1bc35e30c6e861a78359953 11543 suckless-tools_39.orig-dmenu.tar.gz
ae32c246216094b748cb2c3edd5ec1a4612a5434 2946 suckless-tools_39.orig-lsw.tar.gz
7a9f311873b0b1bd9d5f2b0772f64a2f15c68a9a 2130 suckless-tools_39.orig-lsx.tar.gz
3eb71d2ddabdfc9d7d6d4d6fbd39d2f83fad351e 4604 suckless-tools_39.orig-slock.tar.gz
aef9f869c9760152c745b8405a751460842394ac 2750 suckless-tools_39.orig-sprop.tar.gz
8a89cb11388f09458d7e9c549cdf394c8abada04 2562 suckless-tools_39.orig-sselp.tar.gz
f73e203aa6105b1288376758b7ced16f1cad4306 2072 suckless-tools_39.orig-ssid.tar.gz
0d602b971f3d9fe0197143a9106a5c2e5044fd01 2277 suckless-tools_39.orig-swarp.tar.gz
7529360b088df30b66f05aa960712f1feda46e91 9868 suckless-tools_39.orig-tabbed.tar.gz
7bce60306ccc9c9a5fc60d9874e81a013efa8871 2512 suckless-tools_39.orig-wmname.tar.gz
e1b9c9fbf43afc7ba3b7177dd25bf33cc7a25108 119 suckless-tools_39.orig.tar.gz
871f961b3750a5347eff0bc2b0c7a4080d70de8d 12268 suckless-tools_39-1.debian.tar.gz
e29d64e5aa936e01a57d0f7ad5babe97af0faec1 47914 suckless-tools_39-1_i386.deb
Checksums-Sha256:
b879864b776a37566caf9ceb5c6e2478d999272e6cf3118c2c2101a86554e871 4657 suckless-tools_39-1.dsc
082cd698d82125ca0b3989006fb84ac4675c2a5585bf5bb8af0ea09cfb95a850 11543 suckless-tools_39.orig-dmenu.tar.gz
307dcb49d5fd814ca58e3c7cae06008a0c68343b69847e59ddf0e34a555d5f60 2946 suckless-tools_39.orig-lsw.tar.gz
b30f8282f2de25bd59edb2dfdc033320539adf56199351a6b5d80e05965add94 2130 suckless-tools_39.orig-lsx.tar.gz
e04ae5070c646c78251780d386e14d16fd100367e877dd5cf616dc7aedd0e0e4 4604 suckless-tools_39.orig-slock.tar.gz
c1b786d9fbd81a57addd7e21a34c5a121543cbf9f38fe309e7b452ba94b69ab5 2750 suckless-tools_39.orig-sprop.tar.gz
cd0f95ec0eb571a6dd3c48ba3aa931080eb33bc81805bd72832cc04c01b8b822 2562 suckless-tools_39.orig-sselp.tar.gz
a4c477e58743ed04a7a68a76cd5863bf1919545d5a0fc5db6c6ccfa15134d1e6 2072 suckless-tools_39.orig-ssid.tar.gz
ef5730fe8ee00879cbec1e91e22a7f0f7817a63375d790d775f5b7427886d45f 2277 suckless-tools_39.orig-swarp.tar.gz
f6feeff380725b74482ffdb2aad5be632ecd9b5fa67c4a869debc4b71875f2f6 9868 suckless-tools_39.orig-tabbed.tar.gz
559ad188b2913167dcbb37ecfbb7ed474a7ec4bbcb0129d8d5d08cb9208d02c5 2512 suckless-tools_39.orig-wmname.tar.gz
79e67ac460a86dc11861ac8e0cc682134d5730d7a8e8d33d4f7aecb457a2d6e0 119 suckless-tools_39.orig.tar.gz
32a62726aa57d72a70a153b239b9942c576bce786fd7ddc6bdb9cddae0d708c8 12268 suckless-tools_39-1.debian.tar.gz
6148a7e7bfb739c300f05fd144fab08447a473d020f8469ddb4924b13e45d276 47914 suckless-tools_39-1_i386.deb
Files:
7d9e953ba0e5439151fb37badeea3003 4657 x11 optional suckless-tools_39-1.dsc
9c46169ed703732ec52ed946c27d84b4 11543 x11 optional suckless-tools_39.orig-dmenu.tar.gz
5ddd61d04ff084a39494b2aa06c00b65 2946 x11 optional suckless-tools_39.orig-lsw.tar.gz
d48fdce9868b13bf5ef3e7834768f89f 2130 x11 optional suckless-tools_39.orig-lsx.tar.gz
e3b25abdfd54c81562de4d63d3565be7 4604 x11 optional suckless-tools_39.orig-slock.tar.gz
7586fc99580a1f79194f2e83f9ef3e9e 2750 x11 optional suckless-tools_39.orig-sprop.tar.gz
b74d6558790d8df897db40bca90bc0f6 2562 x11 optional suckless-tools_39.orig-sselp.tar.gz
8740013208d79ef4d7ce7fe0c1f12e87 2072 x11 optional suckless-tools_39.orig-ssid.tar.gz
b674dd2f33c45cbd789e4b6e09b7b55e 2277 x11 optional suckless-tools_39.orig-swarp.tar.gz
855ee1245386193a17af3fb3fedf1281 9868 x11 optional suckless-tools_39.orig-tabbed.tar.gz
6903d299f84d335e529fbd2c1d6e49fe 2512 x11 optional suckless-tools_39.orig-wmname.tar.gz
cb587a38758f88c32eaa1d0fd6bb9be1 119 x11 optional suckless-tools_39.orig.tar.gz
ffa66a44df42bf0c2913bbd5e2db2662 12268 x11 optional suckless-tools_39-1.debian.tar.gz
6d02a8705d2ed487383a226bbf6d00ca 47914 x11 optional suckless-tools_39-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJQpUTkAAoJEC1Os6YBVHX1uBMQAKpVp4JvSzOuIZA7/1W3Jkah
SJ4akfBKzPbVTFgnLOlXxpsDIU6O37VtfV1Jfx82CUG5AQUbrmdbojSVBWlxC9Qa
QlWm5otQkcppXPMwGIAQ3JMAQMw7roMp9ZAyA88kDiTmAsJ6I95EwUTDJjVkucCM
NKvCtH5kWrGLWj6zXfxdkiVmbTuDwzZF4R+hwIoypJT4tnmgfeWszSVlA2cjBYy4
ZTf/PzUyOZetzsru+iSjZLN4DGOh4U3ePjePzSEhPa7S/19IDL+20aAU+dim4edc
k3ra3NVUvW4RAB7rzhdJ0mZ0lt2sTzCmGGv42gxbGMtHPnnGsZfrqeh4g4as011m
iUOZsaOp6oDEMWqV74Q/9TkKYvpQHgirL/g4hn+im/m/0g17KiP+GSV1LilLs+fe
Oadin/lXvoc0pV0KBj/FSrlx9RHGdVOiOMi7ldIP99Yq9XqaLMORNVVHavn5/Rfy
80g00cYYW174v3P+4N99AJjAGZQnrgaNt8Myh7OAG8dyOAme9Eeo/6fuxiFT9Xdk
niAF7Kv/Cp3MyWEOVD1xd69viXz+RUzbXFLQIsvjySQAh4jO7qBDqzvZPHRcZM8w
DB/NBrO5HUPKQ3evj6LfjXrI7OGUJm/GPbaIc0bV0iT1j2u1RtCwGagC+9D120QH
Vvt2Fumkmfra2ZRGiYEB
=cYxB
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 20 Jan 2014 07:33:28 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:53:19 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon