tabbed/tabbed.1 | 18 9 + 9 - 0 !
1 file changed, 9 insertions(+), 9 deletions(-)

 escapes "-" symbol in manpage and use temp file in secure way
 Manpage for tabbed was using "-" symbol without escape which will
 be considered by groff as hyphen. This patch escapes the "-" in man-
 pages. This patch also replaces existing example given by upstream to embed
 an app into tabbed with a version which uses the secure temp files using
 mktemp.
 .

slock/Makefile | 9 5 + 4 - 0 !
1 file changed, 5 insertions(+), 4 deletions(-)

 remove setsid bit on slock binary
 Upstream Makefile was installing slock with setsid bit
 on. This patch make slock to belong shadow group and sets
 sgid bit

dmenu/config.mk | 6 3 + 3 - 0 !
lsw/config.mk | 6 3 + 3 - 0 !
lsx/config.mk | 4 2 + 2 - 0 !
slock/config.mk | 6 3 + 3 - 0 !
sprop/config.mk | 6 3 + 3 - 0 !
sselp/config.mk | 6 3 + 3 - 0 !
ssid/config.mk | 4 2 + 2 - 0 !
swarp/config.mk | 4 2 + 2 - 0 !
tabbed/config.mk | 6 3 + 3 - 0 !
wmname/config.mk | 6 3 + 3 - 0 !
xssstate/config.mk | 6 3 + 3 - 0 !
11 files changed, 30 insertions(+), 30 deletions(-)

 patch to allow injection of hardening flags
 This patch allows the hardening flags injection into all Makefile
 during build time. It also removes -Os and -O0 from upstream
 config.mk to allow DEB_BUILD_OPTIONS=noopt. This patch also removes
 -s option to allow proper working of nostrip value for
 DEB_BUILD_OPTIONS.
 .

dmenu/Makefile | 54 27 + 27 - 0 !
lsw/Makefile | 34 16 + 18 - 0 !
lsx/Makefile | 28 13 + 15 - 0 !
slock/Makefile | 20 9 + 11 - 0 !
sprop/Makefile | 36 17 + 19 - 0 !
sselp/Makefile | 26 12 + 14 - 0 !
ssid/Makefile | 28 13 + 15 - 0 !
swarp/Makefile | 28 13 + 15 - 0 !
tabbed/Makefile | 43 22 + 21 - 0 !
wmname/Makefile | 28 13 + 15 - 0 !
xssstate/Makefile | 32 16 + 16 - 0 !
11 files changed, 171 insertions(+), 186 deletions(-)

 makes command execution in makefile transparent
 This patch makes all compile install clean and other targets related
 command execution transparent by removing preceding @ symbol. This
 is required for a verbose output generation when DH_VERBOSE=1
 .

dmenu/config.mk | 8 2 + 6 - 0 !
lsw/config.mk | 8 2 + 6 - 0 !
lsx/config.mk | 5 2 + 3 - 0 !
slock/config.mk | 8 2 + 6 - 0 !
sprop/config.mk | 8 2 + 6 - 0 !
sselp/config.mk | 8 2 + 6 - 0 !
ssid/config.mk | 5 2 + 3 - 0 !
swarp/config.mk | 8 2 + 6 - 0 !
tabbed/config.mk | 5 2 + 3 - 0 !
wmname/config.mk | 8 2 + 6 - 0 !
xssstate/config.mk | 5 2 + 3 - 0 !
11 files changed, 22 insertions(+), 54 deletions(-)

 fix ftbfs on mipsel* due to custom library search paths.
 This patch removes library search -L/usr/lib and include paths
 defined by upstream. Since all the libraries and headers needed are
 available in default path these flags are redundant also since

slock/config.mk | 2 1 + 1 - 0 !
slock/slock.c | 18 16 + 2 - 0 !
2 files changed, 17 insertions(+), 3 deletions(-)

 patch slock to correctly resize the cover window
 Resize the cover window when new screens are added or the resolution is
 changed while the lock is active. This prevents potential information leakage.

slock/slock.c | 10 8 + 2 - 0 !
1 file changed, 8 insertions(+), 2 deletions(-)

 fix cve-2016-6866
 Fix SEGV in slock when users account has been disabled.
 .
 The screen locking application slock called crypt(3) and used the return
 value for strcmp(3) without checking to see if the return value of crypt(3)
 was a NULL pointer.
 .
 If the hash returned by (getspnam()->sp_pwdp) was invalid, crypt(3) would
 return NULL and set errno to EINVAL. This would cause slock to segfault
 which then leaves the machine unprotected.