[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#816033: marked as done (jessie-pu: package suckless-tools/40-1)

Your message dated Sat, 02 Apr 2016 14:20:04 +0100
with message-id <1459603204.2441.216.camel@adam-barratt.org.uk>
and subject line Fix included in stable
has caused the Debian Bug report #816033,
regarding jessie-pu: package suckless-tools/40-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
816033: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816033
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu


Dear Release Team,

I would like to update suckless-tools in jessie in order to fix a bug in
the slock command. Slock is a simple X display locker.

Recently, slock v1.3 was released and it fixes a bug that can be
considered security related. More specifically, the cover window would
not resize correctly when new screens were added or the resolution was
changed while the lock was active, leading to a part of the screen
beings visible (information leakage). The upstream patch that fixes the
above bug can be found here[1].

I contacted the Security Team about this, and they decided this is
not severe enough to warrant a DSA.

Attached is a full debdiff.

Thanks,
Ilias

[1] http://git.suckless.org/slock/commit/?id=f5ef1b8eb5555da1

diff -Nru suckless-tools-40/debian/changelog suckless-tools-40/debian/changelog
--- suckless-tools-40/debian/changelog	2013-09-15 20:03:11.000000000 +0300
+++ suckless-tools-40/debian/changelog	2016-02-26 13:07:26.000000000 +0200
@@ -1,3 +1,14 @@
+suckless-tools (40-1+deb8u1) stable-proposed-updates; urgency=medium
+
+  * Set myself as the maintainer.
+    Package has already been adopted in unstable (ITA: #776482).
+  * Patch slock to properly resize the cover window.
+    The cover window now resizes correctly when new screens are added
+    or the resolution is changed while the lock is active.
+  * Add libxrandr-dev to build dependencies (needed by the above patch).
+
+ -- Ilias Tsitsimpis <i.tsitsimpis@gmail.com>  Fri, 26 Feb 2016 13:05:03 +0200
+
 suckless-tools (40-1) unstable; urgency=low
 
   * Suggest surf which can be used with tabbed.
diff -Nru suckless-tools-40/debian/control suckless-tools-40/debian/control
--- suckless-tools-40/debian/control	2013-06-23 12:30:20.000000000 +0300
+++ suckless-tools-40/debian/control	2016-02-26 13:04:11.000000000 +0200
@@ -1,8 +1,7 @@
 Source: suckless-tools
 Section: x11
 Priority: optional
-Maintainer: Vasudev Kamath <kamathvasudev@gmail.com>
-Uploaders: Michael Stummvoll <michael@stummi.org>
+Maintainer: Ilias Tsitsimpis <i.tsitsimpis@gmail.com>
 Build-Depends: debhelper (>= 9),
  libx11-dev,
  libxinerama-dev,
@@ -10,6 +9,7 @@
  dpkg-dev (>= 1.16.1.1),
  libxss-dev,
  libxft-dev,
+ libxrandr-dev,
  libfreetype6-dev
 Standards-Version: 3.9.4
 Homepage: http://www.suckless.org
diff -Nru suckless-tools-40/debian/patches/0001_resize_lockscreen.patch suckless-tools-40/debian/patches/0001_resize_lockscreen.patch
--- suckless-tools-40/debian/patches/0001_resize_lockscreen.patch	1970-01-01 02:00:00.000000000 +0200
+++ suckless-tools-40/debian/patches/0001_resize_lockscreen.patch	2016-02-26 13:22:15.000000000 +0200
@@ -0,0 +1,76 @@
+Description: Patch slock to correctly resize the cover window
+ Resize the cover window when new screens are added or the resolution is
+ changed while the lock is active. This prevents potential information leakage.
+Author: Markus Teich <markus.teich@stusta.mhn.de>
+Orig: upstream, http://git.suckless.org/slock/commit/?id=f5ef1b8eb555
+
+Index: suckless-tools-40/slock/config.mk
+===================================================================
+--- suckless-tools-40.orig/slock/config.mk
++++ suckless-tools-40/slock/config.mk
+@@ -7,7 +7,7 @@ VERSION = 1.1
+ PREFIX = /usr/local
+ 
+ # includes and libs
+-LIBS = -lc -lcrypt -lX11 -lXext
++LIBS = -lc -lcrypt -lX11 -lXext -lXrandr
+ 
+ # flags
+ CPPFLAGS += -DVERSION=\"${VERSION}\" -DHAVE_SHADOW_H -DCOLOR1=\"black\" -DCOLOR2=\"\#005577\"
+Index: suckless-tools-40/slock/slock.c
+===================================================================
+--- suckless-tools-40.orig/slock/slock.c
++++ suckless-tools-40/slock/slock.c
+@@ -14,6 +14,7 @@
+ #include <string.h>
+ #include <unistd.h>
+ #include <sys/types.h>
++#include <X11/extensions/Xrandr.h>
+ #include <X11/keysym.h>
+ #include <X11/Xlib.h>
+ #include <X11/Xutil.h>
+@@ -33,6 +34,9 @@ typedef struct {
+ static Lock **locks;
+ static int nscreens;
+ static Bool running = True;
++static Bool rr;
++static int rrevbase;
++static int rrerrbase;
+ 
+ static void
+ die(const char *errstr, ...) {
+@@ -146,8 +150,15 @@ readpw(Display *dpy, const char *pws)
+ 				}
+ 			}
+ 			llen = len;
+-		}
+-		else for(screen = 0; screen < nscreens; screen++)
++		} else if (rr && ev.type == rrevbase + RRScreenChangeNotify) {
++			XRRScreenChangeNotifyEvent *rre = (XRRScreenChangeNotifyEvent*)&ev;
++			for (screen = 0; screen < nscreens; screen++) {
++				if (locks[screen]->win == rre->window) {
++					XResizeWindow(dpy, locks[screen]->win, rre->width, rre->height);
++					XClearWindow(dpy, locks[screen]->win);
++				}
++			}
++		} else for (screen = 0; screen < nscreens; screen++)
+ 			XRaiseWindow(dpy, locks[screen]->win);
+ 	}
+ }
+@@ -199,6 +210,8 @@ lockscreen(Display *dpy, int screen) {
+ 	invisible = XCreatePixmapCursor(dpy, lock->pmap, lock->pmap, &color, &color, 0, 0);
+ 	XDefineCursor(dpy, lock->win, invisible);
+ 	XMapRaised(dpy, lock->win);
++	if (rr)
++		XRRSelectInput(dpy, lock->win, RRScreenChangeNotifyMask);
+ 	for(len = 1000; len; len--) {
+ 		if(XGrabPointer(dpy, lock->root, False, ButtonPressMask | ButtonReleaseMask | PointerMotionMask,
+ 			GrabModeAsync, GrabModeAsync, None, invisible, CurrentTime) == GrabSuccess)
+@@ -253,6 +266,7 @@ main(int argc, char **argv) {
+ 
+ 	if(!(dpy = XOpenDisplay(0)))
+ 		die("slock: cannot open display");
++	rr = XRRQueryExtension(dpy, &rrevbase, &rrerrbase);
+ 	/* Get the number of screens in display "dpy" and blank them all. */
+ 	nscreens = ScreenCount(dpy);
+ 	locks = malloc(sizeof(Lock *) * nscreens);
diff -Nru suckless-tools-40/debian/patches/series suckless-tools-40/debian/patches/series
--- suckless-tools-40/debian/patches/series	2013-09-15 19:58:13.000000000 +0300
+++ suckless-tools-40/debian/patches/series	2016-02-26 13:08:45.000000000 +0200
@@ -3,3 +3,4 @@
 2002_dpkg_buildflags.patch
 2003_transparent-makefiles.patch
 2004_use_system_searchpaths.patch
+0001_resize_lockscreen.patch

--- End Message ---
--- Begin Message --- 
Version: 8.4

Hi,

The packages referenced by these bugs were included in today's stable
point release.

Regards,

Adam

--- End Message ---
Reply to: