fix: audit fixes — CString zeroize, FP account check, PAM timeout, blur downscale (v0.6.5)
Update PKGBUILD version / update-pkgver (push) Successful in 1s
Update PKGBUILD version / update-pkgver (push) Successful in 1s
Address findings from second triple audit (quality, performance, security): - Wrap PAM CString password in Zeroizing<CString> to wipe on drop (S-H1) - Add check_account() for pam_acct_mgmt after fingerprint unlock, with resume_async() to restart FP on transient failure (S-M1) - 30s PAM timeout with generation counter to prevent stale result interference from parallel auth attempts (S-M3) - Downscale wallpaper to max 1920px before GPU blur, reducing work by ~4x on 4K wallpapers (P-M1) - exit(1) instead of return on no-monitor after lock.lock() (Q-2.1)
This commit is contained in:
+2
-2
@@ -1,6 +1,6 @@
|
||||
[package]
|
||||
name = "moonlock"
|
||||
version = "0.6.4"
|
||||
version = "0.6.5"
|
||||
edition = "2024"
|
||||
description = "A secure Wayland lockscreen with GTK4, PAM and fingerprint support"
|
||||
license = "MIT"
|
||||
@@ -16,7 +16,7 @@ toml = "0.8"
|
||||
serde = { version = "1", features = ["derive"] }
|
||||
graphene-rs = { version = "0.22", package = "graphene-rs" }
|
||||
nix = { version = "0.29", features = ["user"] }
|
||||
zeroize = { version = "1", features = ["derive"] }
|
||||
zeroize = { version = "1", features = ["derive", "std"] }
|
||||
libc = "0.2"
|
||||
log = "0.4"
|
||||
systemd-journal-logger = "2.2"
|
||||
|
||||
Reference in New Issue
Block a user