-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello Team,
is there still a chance to get this into buster? Can someone please review and upload the fix? Sven On Sunday, 10.03.2019, 12:57 +0100 Sven Geuer wrote: > Hello Team, > > I fixed bug #924042 in tomb [1]. Please review and upload. > > Cheers, > Sven > > [1] https://salsa.debian.org/pkg-security-team/tomb > > On Friday, 08.03.2019, 20:34 +0100 Axel Beckert wrote: > > Package: tomb > > Version: 2.5+dfsg1-2 > > Severity: serious > > > > tomb's exhume subcommand calls steghide: > > > > ~ → tomb exhume /tmp/example.jpg > > tomb [E] Steghide not installed: cannot exhume keys from images. > > ~ → dgrep steghide tomb > > /usr/bin/tomb: _deps=(gettext dcfldd shred steghide) > > /usr/bin/tomb: # Check for steghide > > /usr/bin/tomb: command -v steghide 1>/dev/null 2>/dev/null || > > STEGHIDE=0 > > /usr/bin/tomb:# Requires steghide(1) to be installed > > /usr/bin/tomb: | steghide embed --embedfile - --coverfile > > ${imagefile} \ > > /usr/bin/tomb: _warning "Encoding error: steghide reports > > problems." > > /usr/bin/tomb: TOMBKEY=$(steghide extract -sf $imagefile > > -p > > $tombpass -xf -) > > /usr/bin/tomb: steghide extract -sf $imagefile -p ${tombpass} -xf > > $destkey > > > > But steghide is neither in a Recommends or Suggests header. > > > > And when looking at that grep output above, it becomes clear that > > there > > are even more optional dependencies missing. Citing from tomb's > > source > > code: > > > > _list_optional_tools() { > > typeset -a _deps > > _deps=(gettext dcfldd shred steghide) > > _deps+=(resize2fs tomb-kdb-pbkdf2 qrencode swish-e unoconv > > lsof) > > for d in $_deps; do > > _print "`which $d`" > > done > > return 0 > > } > > > > So the following packages are missing in tomb's package relations. > > I > > leave the package maintainers to decide, which of them go into > > Suggests > > and which into Recommends: > > > > * gettext-base: /usr/bin/gettext > > * dcfldd: /usr/bin/dcfldd > > * steghide: /usr/bin/steghide > > * qrencode: /usr/bin/qrencode > > * unoconv: /usr/bin/unoconv > > * lsof: /usr/bin/lsof > > * swish-e: /usr/bin/swish-e > > > > Will file a separate bug report for the missing tomb-kdb-pbkdf2 > > binary. > > > > -- System Information: > > Debian Release: buster/sid > > APT prefers unstable > > APT policy: (990, 'unstable'), (600, 'testing'), (500, 'unstable- > > debug'), (500, 'buildd-unstable'), (110, 'experimental'), (1, > > 'experimental-debug'), (1, 'buildd-experimental') > > Architecture: amd64 (x86_64) > > > > Kernel: Linux 4.19.0-2-amd64 (SMP w/4 CPU cores) > > Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), > > LANGUAGE=C.UTF-8 (charmap=UTF-8) > > Shell: /bin/sh linked to /bin/dash > > Init: sysvinit (via /sbin/init) > > LSM: AppArmor: enabled > > > > Versions of packages tomb depends on: > > ii cryptsetup-bin 2:2.1.0-2 > > ii e2fsprogs 1.44.6-1 > > ii gnupg 2.2.13-1 > > ii pinentry-curses [pinentry] 1.1.0-1+b1 > > ii pinentry-fltk [pinentry] 1.1.0-1+b1 > > ii pinentry-gnome3 [pinentry] 1.1.0-1+b1 > > ii pinentry-gtk2 [pinentry] 1.1.0-1+b1 > > ii pinentry-qt [pinentry] 1.1.0-1+b1 > > ii pinentry-tty [pinentry] 1.1.0-1+b1 > > ii sudo 1.8.27-1 > > ii zsh 5.7.1-1 > > > > tomb recommends no packages. > > > > tomb suggests no packages. > > > > -- no debconf information > > > > > > -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEPfXoqkP8n9/QhvGVrfUO2vit1YUFAlyJT9oACgkQrfUO2vit 1YVbcw//cXdjsN2+pojZGQphu41iwbx2NMwnKqyexRksYFL/M/DJXQVdv7GUsvG7 4iJXvrIP6MF29u+2DJ78lidr96BPdSC0Kx/IVmBJjVAHpB7qVF7/WQCZ9DKHnmxV v920cp/gvTIecNHEPJ7/cn9rQOnS+7MZjFhY4/KJ7ONZ07GWq3quVj87F1i3T3N9 OuUKh7dovlGAreNQTxuvJlOLnhA0nV8LoU9vc6tapLAGbxQSoJHRVr/sIJE0xQz2 duns5CMiBAcVJXW7GjXKEMGb+0OhRRRW0pQWnJl7Zrtex9UXhvXoJXkNJ07DFl8a Kv6vTrn5ssMAfwHCm3eTs037BTv7Jom6/m74cmOtHp0eQMQ7DwJnpAyQOMaypluJ wvRKhQrvQq7TaSP3zRxHBxaOuOdNoFgC4gQw/xMwph4MgsPBAbSbgLZKQ21qBRbx 4v1fKFFtSQTxmnl6fv26HcSzUvRb/cPH7FsML8iNYMk+JADH+cieZ//9qgTAejki 7QjwlyniyaVZS9988MWlY8JCFelzFvi8D31B0ci/XpGyiHEtRH9Szp094H7mGzzB OHJ7DPaKF5crNwVPfmSqAnhyWEMFPS7UChSuDbRP7ElV4Fz9AHRfzl5G13S9HtHw qmEQNXk5x853vcmNyhALtfKR7ntfplNo5YY4b/UeMdWZF3hkvYU= =FKTr -----END PGP SIGNATURE-----