tomb: RC bug fixed, please review and upload
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hello Team,
I fixed bug #924042 in tomb [1]. Please review and upload.
Cheers,
Sven
[1] https://salsa.debian.org/pkg-security-team/tomb
On Friday, 08.03.2019, 20:34 +0100 Axel Beckert wrote:
> Package: tomb
> Version: 2.5+dfsg1-2
> Severity: serious
>
> tomb's exhume subcommand calls steghide:
>
> ~ → tomb exhume /tmp/example.jpg
> tomb [E] Steghide not installed: cannot exhume keys from images.
> ~ → dgrep steghide tomb
> /usr/bin/tomb: _deps=(gettext dcfldd shred steghide)
> /usr/bin/tomb: # Check for steghide
> /usr/bin/tomb: command -v steghide 1>/dev/null 2>/dev/null ||
> STEGHIDE=0
> /usr/bin/tomb:# Requires steghide(1) to be installed
> /usr/bin/tomb: | steghide embed --embedfile - --coverfile
> ${imagefile} \
> /usr/bin/tomb: _warning "Encoding error: steghide reports
> problems."
> /usr/bin/tomb: TOMBKEY=$(steghide extract -sf $imagefile -p
> $tombpass -xf -)
> /usr/bin/tomb: steghide extract -sf $imagefile -p ${tombpass} -xf
> $destkey
>
> But steghide is neither in a Recommends or Suggests header.
>
> And when looking at that grep output above, it becomes clear that
> there
> are even more optional dependencies missing. Citing from tomb's
> source
> code:
>
> _list_optional_tools() {
> typeset -a _deps
> _deps=(gettext dcfldd shred steghide)
> _deps+=(resize2fs tomb-kdb-pbkdf2 qrencode swish-e unoconv
> lsof)
> for d in $_deps; do
> _print "`which $d`"
> done
> return 0
> }
>
> So the following packages are missing in tomb's package relations. I
> leave the package maintainers to decide, which of them go into
> Suggests
> and which into Recommends:
>
> * gettext-base: /usr/bin/gettext
> * dcfldd: /usr/bin/dcfldd
> * steghide: /usr/bin/steghide
> * qrencode: /usr/bin/qrencode
> * unoconv: /usr/bin/unoconv
> * lsof: /usr/bin/lsof
> * swish-e: /usr/bin/swish-e
>
> Will file a separate bug report for the missing tomb-kdb-pbkdf2
> binary.
>
> -- System Information:
> Debian Release: buster/sid
> APT prefers unstable
> APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable-
> debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1,
> 'experimental-debug'), (1, 'buildd-experimental')
> Architecture: amd64 (x86_64)
>
> Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores)
> Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8),
> LANGUAGE=C.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: sysvinit (via /sbin/init)
> LSM: AppArmor: enabled
>
> Versions of packages tomb depends on:
> ii cryptsetup-bin 2:2.1.0-2
> ii e2fsprogs 1.44.6-1
> ii gnupg 2.2.13-1
> ii pinentry-curses [pinentry] 1.1.0-1+b1
> ii pinentry-fltk [pinentry] 1.1.0-1+b1
> ii pinentry-gnome3 [pinentry] 1.1.0-1+b1
> ii pinentry-gtk2 [pinentry] 1.1.0-1+b1
> ii pinentry-qt [pinentry] 1.1.0-1+b1
> ii pinentry-tty [pinentry] 1.1.0-1+b1
> ii sudo 1.8.27-1
> ii zsh 5.7.1-1
>
> tomb recommends no packages.
>
> tomb suggests no packages.
>
> -- no debconf information
>
>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEPfXoqkP8n9/QhvGVrfUO2vit1YUFAlyE+5MACgkQrfUO2vit
1YVdxw//QiwPR4AOpq0ixIX1468mvnAvkMLnIiEW/R7bw7UmOC36eRdxKTPgc6Uo
DmysEPExWw4IBVORh17pD6exXybbaLVjbxzABYURoQ23UWpFGW46DwL9GLVgB5dq
WlYsEmFLIRxzcINgyx7AOYCfSQLXWb1rndrvLnBiigK+ziPiJCWmhlvVaUmO9grF
6t8qKyyJ75cI2YDWAMpNmpYWhT+RcNHtd4zsWFdXxripKJsMS24sakQSCfrKQ6y5
hFtE54Zbt8ep5csQFpF4w+6euhKE6c5MoWqzZTg93HHbXEcKnpMv6nj+O4srohVw
duk4t+pXRNtTZABMyZXwh699NTGnt6Tr1vuLuLIUVrCvlSeUuX4VVt/pzYfFccO6
GddCp1UFBXn4zpDTxvHloWOnF8azonSE4XMiJzpzmuzh+KPN11Jn+JkhcY874uw6
rIDpy9MCZnLAJarZSoO4XMzFUsR2VBcOKN/85vTz+JIwe0bq5rrVbkJEiNrNCWkB
FNbnSAAMCsy4cVvvOI1zVuf116zgY+g4lSaS7OfTAxQELMh5nFaKzI3OhahxXoZe
46+mqgGoC0sJI9Wny4N50wZKGKdTTNo1AS66WC0tyKHlEGVjhJkVCovK/uGWXpnI
JgICy0EZ1OBBuk8HIRH5Z+kkXln90aQ9JTLVuws1t6UVw6AB8+A=
=lXx3
-----END PGP SIGNATURE-----
Reply to: