rev 6564 - in kde-extras/ktorrent/trunk/debian: . patches

Mon Jun 25 19:46:02 UTC 2007

Author: modax-guest
Date: 2007-06-25 19:46:02 +0000 (Mon, 25 Jun 2007)
New Revision: 6564

Added:
   kde-extras/ktorrent/trunk/debian/patches/14_wz_tooltip_CVE-2007-3154.diff
Modified:
   kde-extras/ktorrent/trunk/debian/changelog
Log:
Add patch for CVE-2007-3154

Modified: kde-extras/ktorrent/trunk/debian/changelog
===================================================================

--- kde-extras/ktorrent/trunk/debian/changelog	2007-06-25 07:41:26 UTC (rev 6563)
+++ kde-extras/ktorrent/trunk/debian/changelog	2007-06-25 19:46:02 UTC (rev 6564)
@@ -1,3 +1,11 @@
+ktorrent (2.2~rc1.dfsg.1-2) experimental; urgency=low
+
+  * New patch 14_wz_tooltip_CVE-2007-3154.diff - fixes CVE-2007-3154.
+    The patch is based on wz_tooltip.js from eGroupWare 1.4.001
+    (Closes: #429209).
+
+ -- Debian KDE Extras Team <pkg-kde-extras at lists.alioth.debian.org>  Mon, 25 Jun 2007 22:33:20 +0300
+
 ktorrent (2.2~rc1.dfsg.1-1) experimental; urgency=low
 
   [Modestas Vainius]

Added: kde-extras/ktorrent/trunk/debian/patches/14_wz_tooltip_CVE-2007-3154.diff
===================================================================
--- kde-extras/ktorrent/trunk/debian/patches/14_wz_tooltip_CVE-2007-3154.diff	                        (rev 0)
+++ kde-extras/ktorrent/trunk/debian/patches/14_wz_tooltip_CVE-2007-3154.diff	2007-06-25 19:46:02 UTC (rev 6564)
@@ -0,0 +1,56 @@
+--- ktorrent-2.2~rc1.dfsg.1/plugins/webinterface/www/default/wz_tooltip.js	2007-06-13 19:30:10.000000000 +0300
++++ ktorrent-2.2~rc1.dfsg.1/plugins/webinterface/www/default/wz_tooltip.js	2007-06-04 10:47:14.000000000 +0300
+@@ -1,6 +1,6 @@
+ /* This notice must be untouched at all times.
+ 
+-wz_tooltip.js    v. 3.44
++wz_tooltip.js    v. 3.45
+ 
+ The latest version is available at
+ http://www.walterzorn.com
+@@ -9,7 +9,7 @@
+ 
+ Copyright (c) 2002-2005 Walter Zorn. All rights reserved.
+ Created 1. 12. 2002 by Walter Zorn (Web: http://www.walterzorn.com )
+-Last modified: 6. 12. 2006
++Last modified: 22. 1. 2007
+ 
+ Cross-browser tooltips working even in Opera 5 and 6,
+ as well as in NN 4, Gecko-Browsers, IE4+, Opera 7+ and Konqueror.
+@@ -41,6 +41,7 @@
+ var ttBorderColor = "#D00000";
+ var ttBorderWidth = 1;
+ var ttDelay       = 350;          // time span until tooltip shows up [milliseconds]
++var ttClickClose  = false;
+ var ttFontColor   = "#000000";
+ var ttFontFace    = "arial,helvetica,sans-serif";
+ var ttFontSize    = "11px";
+@@ -339,7 +340,7 @@
+ 		tt_tag = null;
+ 	}
+ }
+-function tt_Show(t_e, t_id, t_sup, t_delay, t_fix, t_left, t_offx, t_offy, t_static, t_sticky, t_temp)
++function tt_Show(t_e, t_id, t_sup, t_clk, t_delay, t_fix, t_left, t_offx, t_offy, t_static, t_sticky, t_temp)
+ {
+ 	if(tt_obj) tt_Hide();
+ 	tt_mf = document.onmousemove || null;
+@@ -391,9 +392,9 @@
+ 		var t_txt = 'tt_ShowDiv(\'true\');';
+ 		if(t_sticky) t_txt += '{'+
+ 				'tt_ReleasMov();'+
+-				'window.tt_upFunc = document.onmouseup || null;'+
++				(t_clk? ('window.tt_upFunc = document.onmouseup || null;'+
+ 				'if(tt_ce) document.captureEvents(Event.MOUSEUP);'+
+-				'document.onmouseup = new Function("window.setTimeout(\'tt_Hide();\', 10);");'+
++				'document.onmouseup = new Function("window.setTimeout(\'tt_Hide();\', 10);");') : '')+
+ 			'}';
+ 		else if(t_static) t_txt += 'tt_ReleasMov();';
+ 		if(t_temp > 0) t_txt += 'window.tt_rtm = window.setTimeout(\'tt_sticky = false; tt_Hide();\','+t_temp+');';
+@@ -476,6 +477,7 @@
+ 					'if(window.tt_Show && tt_Show) tt_Show(e,'+
+ 					'"tOoLtIp' +i+''+j+ '",'+
+ 					((typeof t_tj.T_ABOVE != tt_u)? t_tj.T_ABOVE : ttAbove)+','+
++					((typeof t_tj.T_CLICKCLOSE != tt_u)? t_tj.T_CLICKCLOSE : ttClickClose)+','+
+ 					((typeof t_tj.T_DELAY != tt_u)? t_tj.T_DELAY : ttDelay)+','+
+ 					((typeof t_tj.T_FIX != tt_u)? '"'+t_tj.T_FIX+'"' : '""')+','+
+ 					((typeof t_tj.T_LEFT != tt_u)? t_tj.T_LEFT : ttLeft)+','+


