[Pkg-kde-commits] rev 296 - in trunk/packages/kdelibs/debian: . patches

Adeodato Sim?? dato-guest@haydn.debian.org
Sat, 11 Dec 2004 10:53:36 -0700 

Author: dato-guest
Date: 2004-12-11 10:50:53 -0700 (Sat, 11 Dec 2004)
New Revision: 296

Added:
   trunk/packages/kdelibs/debian/patches/post-3.3.1-kdelibs-khtml.diff
   trunk/packages/kdelibs/debian/patches/post-3.3.1-kdelibs-kio.diff
Modified:
   trunk/packages/kdelibs/debian/changelog
   trunk/packages/kdelibs/debian/control
Log:
Commited kdelibs 3.3.1-2 packaging.

Modified: trunk/packages/kdelibs/debian/changelog
===================================================================
--- trunk/packages/kdelibs/debian/changelog	2004-12-11 02:05:35 UTC (rev 295)
+++ trunk/packages/kdelibs/debian/changelog	2004-12-11 17:50:53 UTC (rev 296)
@@ -1,3 +1,30 @@
+kdelibs (4:3.3.1-2) unstable; urgency=medium
+
+  * New upload to aid with transition of KDE 3.3 to sarge and to fix security
+    hole. Urgency set to medium because of these reasons.
+
+  * Add versioned conflicts (<< 4:3.3.0) for all KDE official modules in
+    kdelibs. This will permit the testing transition to happen all at once.
+  
+  * Fixed kdewebdev conflict (was << 4:3.3.0, while kdewebdev in sid
+    is 1:3.3.0 -Riku
+
+  * Include patch to fix CAN-2004-1171 ("plain text password exposure").
+    Closes half of #285126. Notes about the patches:
+
+    - post-3.3.1-kdelibs-khtml.diff: dropped hunks #2 and #3 of patch to
+      khtml_part.cpp, since they were whitespace adjustments and were causing
+      failures to apply.
+
+    - post-3.3.1-kdelibs-kio.diff: the patch as given in the KDE Advisory
+      can't be used, since kdelibs 3.3.1-1 includes a KDE_3_3_BRANCH pull that
+      already modifies kio/kio/job.cpp and makes the supplied patch unusable.
+
+      Regenerated patch from CVS: Diff for /kdelibs/kio/kio/job.cpp between
+      version 1.397.2.7 and 1.397.2.8.
+
+ -- Adeodato Simó <asp16@alu.ua.es>  Sat, 11 Dec 2004 00:23:09 +0100
+
 kdelibs (4:3.3.1-1) unstable; urgency=low
 
   * New upstream release.

Modified: trunk/packages/kdelibs/debian/control
===================================================================
--- trunk/packages/kdelibs/debian/control	2004-12-11 02:05:35 UTC (rev 295)
+++ trunk/packages/kdelibs/debian/control	2004-12-11 17:50:53 UTC (rev 296)
@@ -2,15 +2,16 @@
 Section: libs
 Priority: optional
 Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
-Uploaders: Christopher L Cheney <ccheney@debian.org>
+Uploaders: Christopher L Cheney <ccheney@debian.org>, Adeodato Simó <asp16@alu.ua.es>
 Build-Depends: automake1.9, debhelper (>> 4.2.0), docbook-to-man, gawk, gettext, libart-2.0-dev, libarts1-dev (>> 1.3.0), libaspell-dev, libbz2-dev, libcupsys2-dev, libdb4.2-dev, libfam-dev, libidn11-dev, libjasper-1.701-dev, libldap2-dev, libopenexr-dev (>= 1.2.1), libpam0g-dev, libpcre3-dev, libsasl2-dev, libssl-dev, libtiff4-dev, libxml2-dev, libxml2-utils, libxrender-dev, libxslt1-dev, qt3-doc, sharutils, texinfo, xlibmesa-glu-dev
 Build-Depends-Indep: doxygen, qt3-doc
-Standards-Version: 3.6.1.0
+Standards-Version: 3.6.1
 
 Package: kdelibs
 Section: kde
 Architecture: all
 Depends: kdelibs4 (>= ${Source-Version}), kdelibs-bin (>= ${Source-Version}), kdelibs-data (>= ${Source-Version})
+Conflicts: kdeaccessibility (<< 4:3.3.0), kdeaddons (<< 4:3.3.0), kdeadmin (<< 4:3.3.0), kdeartwork (<< 4:3.3.0), kdebase (<< 4:3.3.0), kdebindings (<< 4:3.3.0), kdeedu (<< 4:3.3.0), kdegames (<< 4:3.3.0), kdegraphics (<< 4:3.3.0), kde-i18n (<< 4:3.3.0), kdemultimedia (<< 4:3.3.0), kdenetwork (<< 4:3.3.0), kdepim (<< 4:3.3.0), kdesdk (<< 4:3.3.0), kdetoys (<< 4:3.3.0), kdeutils (<< 4:3.3.0), kdewebdev (<< 1:3.3.0)
 Description: KDE core libraries metapackage
  KDE is a powerful Open Source graphical desktop environment
  for Unix workstations. It combines ease of use, contemporary

Added: trunk/packages/kdelibs/debian/patches/post-3.3.1-kdelibs-khtml.diff
===================================================================
--- trunk/packages/kdelibs/debian/patches/post-3.3.1-kdelibs-khtml.diff	2004-12-11 02:05:35 UTC (rev 295)
+++ trunk/packages/kdelibs/debian/patches/post-3.3.1-kdelibs-khtml.diff	2004-12-11 17:50:53 UTC (rev 296)
@@ -0,0 +1,68 @@
+diff -u -5 -d -p -r1.103 khtml_ext.cpp
+--- kdelibs/khtml/khtml_ext.cpp	25 Oct 2004 12:21:23 -0000	1.103
++++ kdelibs/khtml/khtml_ext.cpp	8 Nov 2004 05:29:24 -0000
+@@ -543,40 +543,44 @@ void KHTMLPopupGUIClient::slotSaveImageA
+   saveURL( d->m_khtml->widget(), i18n( "Save Image As" ), d->m_imageURL, metaData, QString::null, 0, d->m_suggestedFilename );
+ }
+ 
+ void KHTMLPopupGUIClient::slotCopyLinkLocation()
+ {
++  KURL safeURL(d->m_url);
++  safeURL.setPass(QString::null);
+ #ifndef QT_NO_MIMECLIPBOARD
+   // Set it in both the mouse selection and in the clipboard
+   KURL::List lst;
+-  lst.append( d->m_url );
++  lst.append( safeURL );
+   QApplication::clipboard()->setSelectionMode(true);
+   QApplication::clipboard()->setData( new KURLDrag( lst ) );
+   QApplication::clipboard()->setSelectionMode(false);
+   QApplication::clipboard()->setData( new KURLDrag( lst ) );
+ #else
+-  QApplication::clipboard()->setText( d->m_url.url() ); //FIXME(E): Handle multiple entries
++  QApplication::clipboard()->setText( safeURL.url() ); //FIXME(E): Handle multiple entries
+ #endif
+ }
+ 
+ void KHTMLPopupGUIClient::slotStopAnimations()
+ {
+   d->m_khtml->stopAnimations();
+ }
+ 
+ void KHTMLPopupGUIClient::slotCopyImageLocation()
+ {
++  KURL safeURL(d->m_imageURL);
++  safeURL.setPass(QString::null);
+ #ifndef QT_NO_MIMECLIPBOARD
+   // Set it in both the mouse selection and in the clipboard
+   KURL::List lst;
+-  lst.append( d->m_imageURL);
++  lst.append( safeURL );
+   QApplication::clipboard()->setSelectionMode(true);
+   QApplication::clipboard()->setData( new KURLDrag( lst ) );
+   QApplication::clipboard()->setSelectionMode(false);
+   QApplication::clipboard()->setData( new KURLDrag( lst ) );
+ #else
+-  QApplication::clipboard()->setText(d->m_imageURL.url()); //FIXME(E): Handle multiple entries
++  QApplication::clipboard()->setText( safeURL.url() ); //FIXME(E): Handle multiple entries
+ #endif
+ }
+ 
+ void KHTMLPopupGUIClient::slotViewImage()
+ {
+diff -u -5 -d -p -r1.1046 khtml_part.cpp
+--- kdelibs/khtml/khtml_part.cpp	7 Nov 2004 13:56:07 -0000	1.1046
++++ kdelibs/khtml/khtml_part.cpp	8 Nov 2004 05:29:27 -0000
+@@ -5978,10 +5978,12 @@ void KHTMLPart::khtmlMouseMoveEvent( kht
+       // Text or image link...
+       u = completeURL( d->m_strSelectedURL );
+       pix = KMimeType::pixmapForURL(u, 0, KIcon::Desktop, KIcon::SizeMedium);
+     }
+ 
++    u.setPass(QString::null);
++
+     KURLDrag* urlDrag = new KURLDrag( u, img ? 0 : d->m_view->viewport() );
+     if ( !d->m_referrer.isEmpty() )
+       urlDrag->metaData()["referrer"] = d->m_referrer;
+ 
+     if( img ) {

Added: trunk/packages/kdelibs/debian/patches/post-3.3.1-kdelibs-kio.diff
===================================================================
--- trunk/packages/kdelibs/debian/patches/post-3.3.1-kdelibs-kio.diff	2004-12-11 02:05:35 UTC (rev 295)
+++ trunk/packages/kdelibs/debian/patches/post-3.3.1-kdelibs-kio.diff	2004-12-11 17:50:53 UTC (rev 296)
@@ -0,0 +1,36 @@
+    This is *not* the original patch from:
+
+	ftp://ftp.kde.org/pub/kde/security_patches
+
+    Since debian/patches/01_kdelibs_branch.diff.uu modifies job.cpp,
+    I've pulled the patch from CVS (diff between the version that
+    01_kdelibs_branch.diff includes and the latest KDE_3_3_BRANCH
+    version).
+
+    The results of applying the original patch and those obtained by
+    applying first 01_kdelibs_branch.diff and then this patch are
+    identical in the affected hunk.
+
+    -- Adeodato Simó, 2004-12-11
+===================================================================
+RCS file: /home/kde/kdelibs/kio/kio/job.cpp,v
+retrieving revision 1.397.2.7
+retrieving revision 1.397.2.8
+diff -u -r1.397.2.7 -r1.397.2.8
+--- kdelibs/kio/kio/job.cpp	2004/12/03 10:48:29	1.397.2.7
++++ kdelibs/kio/kio/job.cpp	2004/12/08 01:08:15	1.397.2.8
+@@ -3121,10 +3121,10 @@
+                            f.close();
+                            KSimpleConfig config( path );
+                            config.setDesktopGroup();
+-                           config.writePathEntry( QString::fromLatin1("URL"), (*it).uSource.url() );
+-                           KURL urlName = (*it).uSource;
+-                           urlName.setPass( "" );
+-                           config.writeEntry( QString::fromLatin1("Name"), urlName.url() );
++                           KURL url = (*it).uSource;
++                           url.setPass( "" );
++                           config.writePathEntry( QString::fromLatin1("URL"), url.url() );
++                           config.writeEntry( QString::fromLatin1("Name"), url.url() );
+                            config.writeEntry( QString::fromLatin1("Type"), QString::fromLatin1("Link") );
+                            QString protocol = (*it).uSource.protocol();
+                            if ( protocol == QString::fromLatin1("ftp") )