-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello Team,
I fixed bug #924042 in tomb [1]. Please review and upload. Cheers, Sven [1] https://salsa.debian.org/pkg-security-team/tomb On Friday, 08.03.2019, 20:34 +0100 Axel Beckert wrote: > Package: tomb > Version: 2.5+dfsg1-2 > Severity: serious > > tomb's exhume subcommand calls steghide: > > ~ → tomb exhume /tmp/example.jpg > tomb [E] Steghide not installed: cannot exhume keys from images. > ~ → dgrep steghide tomb > /usr/bin/tomb: _deps=(gettext dcfldd shred steghide) > /usr/bin/tomb: # Check for steghide > /usr/bin/tomb: command -v steghide 1>/dev/null 2>/dev/null || > STEGHIDE=0 > /usr/bin/tomb:# Requires steghide(1) to be installed > /usr/bin/tomb: | steghide embed --embedfile - --coverfile > ${imagefile} \ > /usr/bin/tomb: _warning "Encoding error: steghide reports > problems." > /usr/bin/tomb: TOMBKEY=$(steghide extract -sf $imagefile -p > $tombpass -xf -) > /usr/bin/tomb: steghide extract -sf $imagefile -p ${tombpass} -xf > $destkey > > But steghide is neither in a Recommends or Suggests header. > > And when looking at that grep output above, it becomes clear that > there > are even more optional dependencies missing. Citing from tomb's > source > code: > > _list_optional_tools() { > typeset -a _deps > _deps=(gettext dcfldd shred steghide) > _deps+=(resize2fs tomb-kdb-pbkdf2 qrencode swish-e unoconv > lsof) > for d in $_deps; do > _print "`which $d`" > done > return 0 > } > > So the following packages are missing in tomb's package relations. I > leave the package maintainers to decide, which of them go into > Suggests > and which into Recommends: > > * gettext-base: /usr/bin/gettext > * dcfldd: /usr/bin/dcfldd > * steghide: /usr/bin/steghide > * qrencode: /usr/bin/qrencode > * unoconv: /usr/bin/unoconv > * lsof: /usr/bin/lsof > * swish-e: /usr/bin/swish-e > > Will file a separate bug report for the missing tomb-kdb-pbkdf2 > binary. > > -- System Information: > Debian Release: buster/sid > APT prefers unstable > APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable- > debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, > 'experimental-debug'), (1, 'buildd-experimental') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores) > Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), > LANGUAGE=C.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: sysvinit (via /sbin/init) > LSM: AppArmor: enabled > > Versions of packages tomb depends on: > ii cryptsetup-bin 2:2.1.0-2 > ii e2fsprogs 1.44.6-1 > ii gnupg 2.2.13-1 > ii pinentry-curses [pinentry] 1.1.0-1+b1 > ii pinentry-fltk [pinentry] 1.1.0-1+b1 > ii pinentry-gnome3 [pinentry] 1.1.0-1+b1 > ii pinentry-gtk2 [pinentry] 1.1.0-1+b1 > ii pinentry-qt [pinentry] 1.1.0-1+b1 > ii pinentry-tty [pinentry] 1.1.0-1+b1 > ii sudo 1.8.27-1 > ii zsh 5.7.1-1 > > tomb recommends no packages. > > tomb suggests no packages. > > -- no debconf information > > -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEPfXoqkP8n9/QhvGVrfUO2vit1YUFAlyE+5MACgkQrfUO2vit 1YVdxw//QiwPR4AOpq0ixIX1468mvnAvkMLnIiEW/R7bw7UmOC36eRdxKTPgc6Uo DmysEPExWw4IBVORh17pD6exXybbaLVjbxzABYURoQ23UWpFGW46DwL9GLVgB5dq WlYsEmFLIRxzcINgyx7AOYCfSQLXWb1rndrvLnBiigK+ziPiJCWmhlvVaUmO9grF 6t8qKyyJ75cI2YDWAMpNmpYWhT+RcNHtd4zsWFdXxripKJsMS24sakQSCfrKQ6y5 hFtE54Zbt8ep5csQFpF4w+6euhKE6c5MoWqzZTg93HHbXEcKnpMv6nj+O4srohVw duk4t+pXRNtTZABMyZXwh699NTGnt6Tr1vuLuLIUVrCvlSeUuX4VVt/pzYfFccO6 GddCp1UFBXn4zpDTxvHloWOnF8azonSE4XMiJzpzmuzh+KPN11Jn+JkhcY874uw6 rIDpy9MCZnLAJarZSoO4XMzFUsR2VBcOKN/85vTz+JIwe0bq5rrVbkJEiNrNCWkB FNbnSAAMCsy4cVvvOI1zVuf116zgY+g4lSaS7OfTAxQELMh5nFaKzI3OhahxXoZe 46+mqgGoC0sJI9Wny4N50wZKGKdTTNo1AS66WC0tyKHlEGVjhJkVCovK/uGWXpnI JgICy0EZ1OBBuk8HIRH5Z+kkXln90aQ9JTLVuws1t6UVw6AB8+A= =lXx3 -----END PGP SIGNATURE-----