xtrlock (2.8+deb9u1) stretch; urgency=high

  * CVE-2016-10894: Attempt to grab multitouch devices which are not
    intercepted via XGrabPointer.

    xtrlock did not block multitouch events so an attacker could still input
    and thus control various programs such as Chromium, etc. via so-called
    "multitouch" events such as pan scrolling, "pinch and zoom", or even being
    able to provide regular mouse clicks by depressing the touchpad once and
    then clicking with a secondary finger.

    This fix does not the situation where Eve plugs in a multitouch device
    *after* the screen has been locked. For more information on this angle,
    please see <https://bugs.debian.org/830726#115>. (Closes: #830726)

 -- Chris Lamb <lamby@debian.org>  Thu, 16 Jan 2020 16:00:52 +0000

xtrlock (2.8) unstable; urgency=low

  * patch from Simon Tatham to add a -f option [fork, and return success
    from parent once lock acquired] (Closes: #823685)

 -- Matthew Vernon <matthew@debian.org>  Sat, 21 May 2016 19:08:12 +0100

xtrlock (2.7) unstable; urgency=low

  * patch from Chris Lamb to make builds reproducible by adding -n to gzip
    invocations (Closes: #777351)

 -- Matthew Vernon <matthew@debian.org>  Sat, 07 Mar 2015 22:34:45 +0000

xtrlock (2.6) unstable; urgency=low

  * patch from Simon Ruderich to correctly add hardening flags
  * check returns of setuid and setgid
  * build-depend on dpkg-dev
  
 -- Matthew Vernon <matthew@debian.org>  Tue, 07 Jan 2014 14:22:55 +0000

xtrlock (2.5) unstable; urgency=low

  * correct contributor name (sorry!)
  * add hardening flags
  * update version number

 -- Matthew Vernon <matthew@debian.org>  Sun, 05 Jan 2014 16:27:52 +0000

xtrlock (2.4) unstable; urgency=low

  * add a -b option to blank the screen (code based on patch by Markus,
    waldeck@gmx.de, for which thanks; documentation by myself. 
    (Closes: #636993)

 -- Matthew Vernon <matthew@debian.org>  Sun, 05 Jan 2014 12:01:48 +0000

xtrlock (2.3) unstable; urgency=low

  * remove reference to xlock, which is no longer in Debian (Closes: #721724)

 -- Matthew Vernon <matthew@debian.org>  Wed, 04 Sep 2013 15:37:38 +0100

xtrlock (2.2) unstable; urgency=low

  * Move menu entry to /usr/share/menu
  * Change menu section to Screen/Locking
  * Update standards-version
  * Add a lintian override for being setgid shadow
  
 -- Matthew Vernon <matthew@debian.org>  Tue, 26 Jun 2012 20:22:20 +0100

xtrlock (2.1) unstable; urgency=low

  * never exit non-zero without saying why.
  * try repeatedly, with waits, to grab the keyboard (Closes: #316343).
  * include a copy of the GPL in the source package (Closes: #519327).
  * honour nostrip DEB_BUILD_OPTION (Closes: #438346).
  * Debian's package is essentially upstream; only include one changelog
    in the binary package (rather than one and a symlink)
  * Don't install README.Debian any more, as it's mostly just build
    instructions
  
 -- Matthew Vernon <matthew@debian.org>  Tue, 26 Jun 2012 19:12:02 +0100

xtrlock (2.0-14) unstable; urgency=low

  * remove obsolete build-depends on xutils (closes: #579036)

 -- Matthew Vernon <matthew@debian.org>  Thu, 13 May 2010 18:01:51 +0100

xtrlock (2.0-13) unstable; urgency=low

  * build-depend on x11proto-core-dev rather than the old x-dev
  * build-depend on xutils-dev (closes: #485728)

 -- Matthew Vernon <matthew@debian.org>  Tue, 23 Dec 2008 11:36:04 +0000

xtrlock (2.0-12) unstable; urgency=low

  * Install into /usr not /usr/X11R6 (closes: #362206, #363293)

 -- Matthew Vernon <matthew@debian.org>  Tue, 18 Apr 2006 17:19:10 +0100

xtrlock (2.0-11) unstable; urgency=low
  * Fix build-depends: for new etch (closes: #346840)

 -- Matthew Vernon <matthew@debian.org>  Sat, 14 Jan 2006 15:30:28 +0000
	
xtrlock (2.0-10) unstable; urgency=low

  * Take over this package, since I seem to have some tuits
  * Correct the Author's address in the manpage to something sensible
  * Similarly the original packager's.
  * For reference, the security problem fixed in -9 was CAN-2005-0079
	
 -- Matthew Vernon <matthew@debian.org>  Thu, 20 Jan 2005 14:02:10 +0000
	
xtrlock (2.0-9) unstable; urgency=high

  * Fix the problem whereby we unlocked on long input (closes: #278191, #278190)
  * tidy up a switch statement (closes: #264173)

 -- Matthew Vernon <matthew@debian.org>  Mon, 17 Jan 2005 10:47:09 +0000
	
xtrlock (2.0-8) unstable; urgency=low

  * Uploading with maintainer set to QA group

 -- Andrew Pollock <apollock@debian.org>  Sun, 15 Feb 2004 18:32:12 +1100

xtrlock (2.0-7) unstable; urgency=low

  * Maintainer upload.
  * Update to standards version 3.5.6.
  * Removes buffer overrun potentiality (closes: #154738)
  * Drop setgid privileges (closes: #154740)

 -- Martin Mitchell <martin@debian.org>  Sun,  1 Sep 2002 14:49:26 +1000

xtrlock (2.0-6.1) unstable; urgency=low

  * NMU
  * Removed the buffer overrun potentiallity (closes: #154738)
  * Update the code for remove the possibilty to read shadow file 
  (closes: #154740)
  * Fix spelling error in the copyright file
  * Fix the place where is stored the common-licenses 
  * Update the debian/rules to:
    - strip the /usr/X11R6/bin/xtrlock
    - include the section and priority in control
  * Update the debian/control file:
    - include the build-depends
    - update the standard-version to 3.5.6

 -- Otavio Salvador <otavio@debian.org>  Sat, 31 Aug 2002 16:23:21 -0300

xtrlock (2.0-6) unstable; urgency=low

  * Update to standards version 3.0.1.
  * Add menu entry. (closes: #46201)

 -- Martin Mitchell <martin@debian.org>  Thu, 28 Oct 1999 18:38:14 +1000

xtrlock (2.0-5) unstable; urgency=low

  * Correct installation path during package build. (#25055)
  * Update to standards version 2.4.1.
  * Update copyright file.

 -- Martin Mitchell <martin@debian.org>  Sun,  2 Aug 1998 13:01:29 +1000

xtrlock (2.0-4) unstable; urgency=low

  * Make xtrlock setgid shadow, instead of setuid root. (#7635,#8543)

 -- Martin Mitchell <martin@debian.org>  Thu,  4 Dec 1997 00:27:07 +1100

xtrlock (2.0-3) unstable; urgency=low

  * New maintainer.

 -- Martin Mitchell <martin@debian.org>  Thu, 27 Nov 1997 01:34:14 +1100

xtrlock (2.0-2.2) unstable; urgency=low
  
  * Non-maintainer release.
  * Libc6 compile.
  * Update from pre-2.0.0.0 standards.

 -- Martin Mitchell <martin@debian.org>  Wed, 22 Oct 1997 18:07:31 +1000

xtrlock-2.0 Debian 3 - Michael Meskes <meskes@debian.org>
Include shadow patches
Add architecture field (Bug#4041)
Minor changes to debian.rules
gzip manpage

xtrlock-2.0 Debian 0 - sde

Initial release.



