xtrlock (2.8+deb10u1) buster; urgency=high * CVE-2016-10894: Attempt to grab multitouch devices which are not intercepted via XGrabPointer. xtrlock did not block multitouch events so an attacker could still input and thus control various programs such as Chromium, etc. via so-called "multitouch" events such as pan scrolling, "pinch and zoom", or even being able to provide regular mouse clicks by depressing the touchpad once and then clicking with a secondary finger. This fix does not the situation where Eve plugs in a multitouch device *after* the screen has been locked. For more information on this angle, please see . (Closes: #830726) -- Chris Lamb Thu, 16 Jan 2020 16:00:52 +0000 xtrlock (2.8) unstable; urgency=low * patch from Simon Tatham to add a -f option [fork, and return success from parent once lock acquired] (Closes: #823685) -- Matthew Vernon Sat, 21 May 2016 19:08:12 +0100 xtrlock (2.7) unstable; urgency=low * patch from Chris Lamb to make builds reproducible by adding -n to gzip invocations (Closes: #777351) -- Matthew Vernon Sat, 07 Mar 2015 22:34:45 +0000 xtrlock (2.6) unstable; urgency=low * patch from Simon Ruderich to correctly add hardening flags * check returns of setuid and setgid * build-depend on dpkg-dev -- Matthew Vernon Tue, 07 Jan 2014 14:22:55 +0000 xtrlock (2.5) unstable; urgency=low * correct contributor name (sorry!) * add hardening flags * update version number -- Matthew Vernon Sun, 05 Jan 2014 16:27:52 +0000 xtrlock (2.4) unstable; urgency=low * add a -b option to blank the screen (code based on patch by Markus, waldeck@gmx.de, for which thanks; documentation by myself. (Closes: #636993) -- Matthew Vernon Sun, 05 Jan 2014 12:01:48 +0000 xtrlock (2.3) unstable; urgency=low * remove reference to xlock, which is no longer in Debian (Closes: #721724) -- Matthew Vernon Wed, 04 Sep 2013 15:37:38 +0100 xtrlock (2.2) unstable; urgency=low * Move menu entry to /usr/share/menu * Change menu section to Screen/Locking * Update standards-version * Add a lintian override for being setgid shadow -- Matthew Vernon Tue, 26 Jun 2012 20:22:20 +0100 xtrlock (2.1) unstable; urgency=low * never exit non-zero without saying why. * try repeatedly, with waits, to grab the keyboard (Closes: #316343). * include a copy of the GPL in the source package (Closes: #519327). * honour nostrip DEB_BUILD_OPTION (Closes: #438346). * Debian's package is essentially upstream; only include one changelog in the binary package (rather than one and a symlink) * Don't install README.Debian any more, as it's mostly just build instructions -- Matthew Vernon Tue, 26 Jun 2012 19:12:02 +0100 xtrlock (2.0-14) unstable; urgency=low * remove obsolete build-depends on xutils (closes: #579036) -- Matthew Vernon Thu, 13 May 2010 18:01:51 +0100 xtrlock (2.0-13) unstable; urgency=low * build-depend on x11proto-core-dev rather than the old x-dev * build-depend on xutils-dev (closes: #485728) -- Matthew Vernon Tue, 23 Dec 2008 11:36:04 +0000 xtrlock (2.0-12) unstable; urgency=low * Install into /usr not /usr/X11R6 (closes: #362206, #363293) -- Matthew Vernon Tue, 18 Apr 2006 17:19:10 +0100 xtrlock (2.0-11) unstable; urgency=low * Fix build-depends: for new etch (closes: #346840) -- Matthew Vernon Sat, 14 Jan 2006 15:30:28 +0000 xtrlock (2.0-10) unstable; urgency=low * Take over this package, since I seem to have some tuits * Correct the Author's address in the manpage to something sensible * Similarly the original packager's. * For reference, the security problem fixed in -9 was CAN-2005-0079 -- Matthew Vernon Thu, 20 Jan 2005 14:02:10 +0000 xtrlock (2.0-9) unstable; urgency=high * Fix the problem whereby we unlocked on long input (closes: #278191, #278190) * tidy up a switch statement (closes: #264173) -- Matthew Vernon Mon, 17 Jan 2005 10:47:09 +0000 xtrlock (2.0-8) unstable; urgency=low * Uploading with maintainer set to QA group -- Andrew Pollock Sun, 15 Feb 2004 18:32:12 +1100 xtrlock (2.0-7) unstable; urgency=low * Maintainer upload. * Update to standards version 3.5.6. * Removes buffer overrun potentiality (closes: #154738) * Drop setgid privileges (closes: #154740) -- Martin Mitchell Sun, 1 Sep 2002 14:49:26 +1000 xtrlock (2.0-6.1) unstable; urgency=low * NMU * Removed the buffer overrun potentiallity (closes: #154738) * Update the code for remove the possibilty to read shadow file (closes: #154740) * Fix spelling error in the copyright file * Fix the place where is stored the common-licenses * Update the debian/rules to: - strip the /usr/X11R6/bin/xtrlock - include the section and priority in control * Update the debian/control file: - include the build-depends - update the standard-version to 3.5.6 -- Otavio Salvador Sat, 31 Aug 2002 16:23:21 -0300 xtrlock (2.0-6) unstable; urgency=low * Update to standards version 3.0.1. * Add menu entry. (closes: #46201) -- Martin Mitchell Thu, 28 Oct 1999 18:38:14 +1000 xtrlock (2.0-5) unstable; urgency=low * Correct installation path during package build. (#25055) * Update to standards version 2.4.1. * Update copyright file. -- Martin Mitchell Sun, 2 Aug 1998 13:01:29 +1000 xtrlock (2.0-4) unstable; urgency=low * Make xtrlock setgid shadow, instead of setuid root. (#7635,#8543) -- Martin Mitchell Thu, 4 Dec 1997 00:27:07 +1100 xtrlock (2.0-3) unstable; urgency=low * New maintainer. -- Martin Mitchell Thu, 27 Nov 1997 01:34:14 +1100 xtrlock (2.0-2.2) unstable; urgency=low * Non-maintainer release. * Libc6 compile. * Update from pre-2.0.0.0 standards. -- Martin Mitchell Wed, 22 Oct 1997 18:07:31 +1000 xtrlock-2.0 Debian 3 - Michael Meskes Include shadow patches Add architecture field (Bug#4041) Minor changes to debian.rules gzip manpage xtrlock-2.0 Debian 0 - sde Initial release.