rev 7143 - in kde-extras/konversation/trunk/debian: . patches
Modestas Vainius
modax-guest at alioth.debian.org
Thu Aug 30 08:50:01 UTC 2007
Author: modax-guest
Date: 2007-08-30 08:50:01 +0000 (Thu, 30 Aug 2007)
New Revision: 7143
Added:
kde-extras/konversation/trunk/debian/patches/15_CVE-2007-4400.diff
Modified:
kde-extras/konversation/trunk/debian/changelog
kde-extras/konversation/trunk/debian/konversation.menu
kde-extras/konversation/trunk/debian/patches/series
Log:
1.0.1-4: Security (CVE-2007-4400) fix and new menu section
Modified: kde-extras/konversation/trunk/debian/changelog
===================================================================
--- kde-extras/konversation/trunk/debian/changelog 2007-08-30 08:34:53 UTC (rev 7142)
+++ kde-extras/konversation/trunk/debian/changelog 2007-08-30 08:50:01 UTC (rev 7143)
@@ -1,3 +1,13 @@
+konversation (1.0.1-4) unstable; urgency=low
+
+ [ Modestas Vainius ]
+ * Add new patch 15_CVE-2007-4400.diff to fix CVE-2007-4400 vulnerability.
+ The patch is based on upstream SVN commits #602433 and #602435
+ (Closes: #439837).
+ * Change Debian menu section to Applications/Network/Communication.
+
+ -- Debian KDE Extras Team <pkg-kde-extras at lists.alioth.debian.org> Thu, 30 Aug 2007 11:35:35 +0300
+
konversation (1.0.1-3) unstable; urgency=low
[ Modestas Vainius ]
Modified: kde-extras/konversation/trunk/debian/konversation.menu
===================================================================
--- kde-extras/konversation/trunk/debian/konversation.menu 2007-08-30 08:34:53 UTC (rev 7142)
+++ kde-extras/konversation/trunk/debian/konversation.menu 2007-08-30 08:50:01 UTC (rev 7143)
@@ -1,6 +1,6 @@
?package(konversation):\
needs="X11"\
- section="Apps/Net"\
+ section="Applications/Network/Communication"\
title="Konversation IRC Client"\
hints="KDE,IRC Clients"\
icon="/usr/share/pixmaps/konversation32x32.xpm"\
Added: kde-extras/konversation/trunk/debian/patches/15_CVE-2007-4400.diff
===================================================================
--- kde-extras/konversation/trunk/debian/patches/15_CVE-2007-4400.diff (rev 0)
+++ kde-extras/konversation/trunk/debian/patches/15_CVE-2007-4400.diff 2007-08-30 08:50:01 UTC (rev 7143)
@@ -0,0 +1,40 @@
+diff -u trunk/extragear/network/konversation/src/konvdcop.cpp trunk/extragear/network/konversation/src/konvdcop.cpp
+--- konversation-1.0.1/konversation/src/konvdcop.cpp (revision 602433)
++++ konversation-1.0.1/konversation/src/konvdcop.cpp (revision 602435)
+@@ -82,15 +82,23 @@
+ emit dcopMultiServerRaw("me " + message);
+ }
+
+-void KonvDCOP::say(const QString& server,const QString& target,const QString& command)
++void KonvDCOP::say(const QString& _server,const QString& _target,const QString& _command)
+ {
++ //Sadly, copy on write doesn't exist with QString::replace
++ QString server(_server), target(_target), command(_command);
++
+ // TODO: this just masks a greater problem - Server::addQuery will return a query for '' --argonel
+ // TODO: other DCOP calls need argument checking too --argonel
+ if (server.isEmpty() || target.isEmpty() || command.isEmpty())
+ kdDebug() << "KonvDCOP::say() requires 3 arguments." << endl;
+ else
+ {
+- kdDebug() << "KonvDCOP::say()" << endl;
++ command.replace('\n',"\\n");
++ command.replace('\r',"\\r");
++ target.remove('\n');
++ target.remove('\r');
++ server.remove('\n');
++ server.remove('\r');
+ // Act as if the user typed it
+ emit dcopSay(server,target,command);
+ }
+--- konversation-1.0.1/konversation/src/channel.cpp (revision 602432)
++++ konversation-1.0.1/konversation/src/channel.cpp (revision 602433)
+@@ -890,7 +890,7 @@
+ }
+
+ // Send all strings, one after another
+- QStringList outList=QStringList::split('\n',outputAll);
++ QStringList outList=QStringList::split(QRegExp("[\r\n]+"),outputAll);
+ for(unsigned int index=0;index<outList.count();index++)
+ {
+ QString output(outList[index]);
Modified: kde-extras/konversation/trunk/debian/patches/series
===================================================================
--- kde-extras/konversation/trunk/debian/patches/series 2007-08-30 08:34:53 UTC (rev 7142)
+++ kde-extras/konversation/trunk/debian/patches/series 2007-08-30 08:50:01 UTC (rev 7143)
@@ -8,4 +8,5 @@
12_dbug405384_dccsendfile.diff
13_dbug412894_lowercase_nick.diff
14_dbug412803_assert_crash.diff
+15_CVE-2007-4400.diff
98_buildprep.diff
More information about the pkg-kde-commits
mailing list