rev 7143 - in kde-extras/konversation/trunk/debian: . patches

Modestas Vainius modax-guest at alioth.debian.org
Thu Aug 30 08:50:01 UTC 2007 

Author: modax-guest
Date: 2007-08-30 08:50:01 +0000 (Thu, 30 Aug 2007)
New Revision: 7143

Added:
   kde-extras/konversation/trunk/debian/patches/15_CVE-2007-4400.diff
Modified:
   kde-extras/konversation/trunk/debian/changelog
   kde-extras/konversation/trunk/debian/konversation.menu
   kde-extras/konversation/trunk/debian/patches/series
Log:
1.0.1-4: Security (CVE-2007-4400) fix and new menu section

Modified: kde-extras/konversation/trunk/debian/changelog
===================================================================
--- kde-extras/konversation/trunk/debian/changelog	2007-08-30 08:34:53 UTC (rev 7142)
+++ kde-extras/konversation/trunk/debian/changelog	2007-08-30 08:50:01 UTC (rev 7143)
@@ -1,3 +1,13 @@
+konversation (1.0.1-4) unstable; urgency=low
+
+  [ Modestas Vainius ]
+  * Add new patch 15_CVE-2007-4400.diff to fix CVE-2007-4400 vulnerability.
+    The patch is based on upstream SVN commits #602433 and #602435
+    (Closes: #439837).
+  * Change Debian menu section to Applications/Network/Communication.
+
+ -- Debian KDE Extras Team <pkg-kde-extras at lists.alioth.debian.org>  Thu, 30 Aug 2007 11:35:35 +0300
+
 konversation (1.0.1-3) unstable; urgency=low
 
   [ Modestas Vainius ]

Modified: kde-extras/konversation/trunk/debian/konversation.menu
===================================================================
--- kde-extras/konversation/trunk/debian/konversation.menu	2007-08-30 08:34:53 UTC (rev 7142)
+++ kde-extras/konversation/trunk/debian/konversation.menu	2007-08-30 08:50:01 UTC (rev 7143)
@@ -1,6 +1,6 @@
 ?package(konversation):\
 	needs="X11"\
-	section="Apps/Net"\
+	section="Applications/Network/Communication"\
 	title="Konversation IRC Client"\
 	hints="KDE,IRC Clients"\
         icon="/usr/share/pixmaps/konversation32x32.xpm"\

Added: kde-extras/konversation/trunk/debian/patches/15_CVE-2007-4400.diff
===================================================================
--- kde-extras/konversation/trunk/debian/patches/15_CVE-2007-4400.diff	                        (rev 0)
+++ kde-extras/konversation/trunk/debian/patches/15_CVE-2007-4400.diff	2007-08-30 08:50:01 UTC (rev 7143)
@@ -0,0 +1,40 @@
+diff -u trunk/extragear/network/konversation/src/konvdcop.cpp trunk/extragear/network/konversation/src/konvdcop.cpp
+--- konversation-1.0.1/konversation/src/konvdcop.cpp	(revision 602433)
++++ konversation-1.0.1/konversation/src/konvdcop.cpp	(revision 602435)
+@@ -82,15 +82,23 @@
+     emit dcopMultiServerRaw("me " + message);
+ }
+ 
+-void KonvDCOP::say(const QString& server,const QString& target,const QString& command)
++void KonvDCOP::say(const QString& _server,const QString& _target,const QString& _command)
+ {
++    //Sadly, copy on write doesn't exist with QString::replace
++    QString server(_server), target(_target), command(_command);
++
+     // TODO: this just masks a greater problem - Server::addQuery will return a query for '' --argonel
+     // TODO: other DCOP calls need argument checking too --argonel
+     if (server.isEmpty() || target.isEmpty() || command.isEmpty())
+         kdDebug() <<  "KonvDCOP::say() requires 3 arguments." << endl;
+     else
+     {
+-        kdDebug() << "KonvDCOP::say()" << endl;
++        command.replace('\n',"\\n");
++        command.replace('\r',"\\r");
++        target.remove('\n');
++        target.remove('\r');
++        server.remove('\n');
++        server.remove('\r');
+         // Act as if the user typed it
+         emit dcopSay(server,target,command);
+     }
+--- konversation-1.0.1/konversation/src/channel.cpp	(revision 602432)
++++ konversation-1.0.1/konversation/src/channel.cpp	(revision 602433)
+@@ -890,7 +890,7 @@
+     }
+ 
+     // Send all strings, one after another
+-    QStringList outList=QStringList::split('\n',outputAll);
++    QStringList outList=QStringList::split(QRegExp("[\r\n]+"),outputAll);
+     for(unsigned int index=0;index<outList.count();index++)
+     {
+         QString output(outList[index]);

Modified: kde-extras/konversation/trunk/debian/patches/series
===================================================================
--- kde-extras/konversation/trunk/debian/patches/series	2007-08-30 08:34:53 UTC (rev 7142)
+++ kde-extras/konversation/trunk/debian/patches/series	2007-08-30 08:50:01 UTC (rev 7143)
@@ -8,4 +8,5 @@
 12_dbug405384_dccsendfile.diff
 13_dbug412894_lowercase_nick.diff
 14_dbug412803_assert_crash.diff
+15_CVE-2007-4400.diff
 98_buildprep.diff

More information about the pkg-kde-commits mailing list