[SCM] KDE Development Platform Libraries module packaging branch, master, updated. debian/4.6.3-3-15-gb95f699
Modestas Vainius
modax at alioth.debian.org
Mon Jun 13 22:30:59 UTC 2011
The following commit has been merged in the master branch:
commit b95f6993b2eca702a56e688a9fd5f0076b6aa98e
Merge: b13459b4a0401ba118fc44bc1f960b543e995489 6c63cfe3c61ab260e433d790ece7d2ea48fda12c
Author: Modestas Vainius <modax at debian.org>
Date: Tue Jun 14 01:24:41 2011 +0300
Merge commit 'debian/4.4.5-2+squeeze2'
Add ktar_header_checksum_fix.diff and adapt to upstream changes.
Add ktar_longlink_length_in_bytes.diff and adapt to upstream changes.
Conflicts:
debian/changelog
debian/patches/series
debian/changelog | 26 ++++++
debian/patches/ktar_header_checksum_fix.diff | 94 +++++++++++++++++++++
debian/patches/ktar_longlink_length_in_bytes.diff | 50 +++++++++++
debian/patches/series | 2 +
4 files changed, 172 insertions(+), 0 deletions(-)
diff --cc debian/changelog
index b292179,00d29d8..dd8d1cd
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,206 -1,26 +1,232 @@@
+kde4libs (4:4.6.4-0r2) UNRELEASED; urgency=low
+
+ * New upstream release.
+
+ [ Modestas Vainius ]
+ * FindPythonLibrary.cmake: if build type is Debian, pass --layout=deb to
+ FindLibPython.py (patch findpythonlibrary_layout_deb_on_debian.diff).
++ * Merge 4:4.4.5-2+squeeze2:
++ - add ktar_header_checksum_fix.diff and adapt to upstream changes;
++ - add ktar_longlink_length_in_bytes.diff and adapt to upstream changes.
+
+ [ José Manuel Santamaría Lema ]
+ * Remove upstream_fix_job-on-hold_reuse_logic.diff, applied upstream.
+ * Update symbols files.
+
+ -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Sat, 11 Jun 2011 19:57:51 +0200
+
+kde4libs (4:4.6.3-3) unstable; urgency=low
+
+ [ Pino Toscano ]
+ * Move kdeui.upd to kdelibs5-plugins, and make it break/replace
+ kdelibs5-data << 4:4.6.3-3~. (Closes: #629188)
+
+ -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Sat, 04 Jun 2011 22:18:48 +0300
+
+kde4libs (4:4.6.3-2) unstable; urgency=low
+
+ [ Felix Geyer ]
+ * Drop duplicate build-dependency on libenchant-dev.
+ * kdelibs5-plugins breaks/replaces kdelibs5-dev as the Qt Designer plugins
+ have been moved there.
+
+ [ Pino Toscano ]
+ * Drop the go.xml kate syntax highlighting, as kate-syntax-go will provide
+ it. (Closes: #628161)
+ * hurd_support.diff: do not turn the linker warnings as errors.
+
+ [ Modestas Vainius ]
+ * Confirm symbol files on all Debian arches.
+
+ -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Mon, 30 May 2011 17:31:10 +0300
+
+kde4libs (4:4.6.3-1) unstable; urgency=low
+
+ * New upstream release.
+
+ [ Modestas Vainius ]
+ * Confirm symbol files on more debian arches.
+ * Merge 4:4.4.5-4 and 4:4.4.5-5:
+ - drop cve_2011_1168_konqueror_xss.diff, cve_2010_3170_cn_wildcards.diff,
+ cve_2011_1094_ssl_verify_hostname.diff - merged upstream;
+ - drop 32_missing_include_cstddef.diff - merged upstream;
+ - drop qdbus_exports_changed.diff - fixed upstream.
+ * libsolid4 4.6 Breaks kde-config-tablet (<< 1.2.5) making it crash kdeinit4.
+ See #624432 for more information.
+ * Break kdevelop (<< 4:4.2) in kdelibs5-plugins. Prior kdevelop versions do
+ not work due to removed kate interfaces in 4.6. (Closes: #625937)
+ * Add DLRestrictions library checking to the plugin loader and other helper
+ utils to ease DLRestrictions support in other KDE packages which ship
+ shared libraries (patch add_dlrestrictions_support.diff).
+
+ [ José Manuel Santamaría Lema ]
+ * Update symbols files.
+ * Bump S-V to 3.9.2; no changes needed.
+
+ [ Pino Toscano ]
+ * Move the libxml2-utils dependency from kdelibs-bin to kdoctools (as xmllint
+ is invoked by meinproc4).
+ * Backport the upstream commit 92db24adfa941003db1d885df01157056617f30b to fix
+ double-POST regression (patch upstream_fix_job-on-hold_reuse_logic.diff).
+
+ -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Thu, 26 May 2011 02:55:23 +0300
+
+kde4libs (4:4.6.2-1) experimental; urgency=low
+
+ * New upstream release:
+ - fixes VHDL syntax highlighting with large files (Closes: #533727)
+ - fixes "Common Lisp" being categorized as "script" instead of "source"
+ for syntax highlighting (Closes: #486342)
+ - replaces "<qt>" tags with "<html>" tags in desktop notifications
+ (Closes: #580229)
+ - fixes strigi using 100% cpu load when suspended (Closes: #585117)
+ - fixes QPainter error message flood in khtml (Closes: #598975)
+ - kio_ftp can copy 0 bytes (empty) files (Closes: #550121)
+ - kio_ftp supports FTP URL typecodes (Closes: #277792)
+ - fix printing of a HTML file with KHTML (Closes: #415559)
+ * Update installed files.
+ * Update symbol files.
+ * Refresh patches.
+
+ [ Modestas Vainius ]
+ * Bump Standards-Version to 3.9.1: add Breaks next to Replaces where needed.
+ * Switch debian/rules engine to dhmk based qt-kde-team/2/*.
+ * Drop kdelibs5 transitional package.
+ * Remove sequence numbers from debian/patches.
+ * Drop kaboom support, no longer needed.
+ * Remove ~/.kde4 -> ~/.kde transition templates, no longer needed.
+ * Set ENABLE_LIBKDEINIT_RUNPATH to ON if build type is Debian
+ (patch make_libkdeinit4_private.diff altered).
+ * Require pkg-kde-tools 0.12 due to ENABLE_LIBKDEINIT_RUNPATH change above.
+ * Pass required kdelibs cmake flags to dh_auto_configure.
+ qt-kde-team/2/debian-qt-kde.mk no longer passes them implicitly.
+ * Remove a deprecated link to the BSD license from debian/copyright.
+ * Drop redundant kjscmd from kdelibs5-data Conflicts.
+ * Do not use asterisk in kdelibs5-data.NEWS.
+
+ [ George Kiagiadakis ]
+ * Change my email address in uploaders.
+ * Adjust build dependencies:
+ - Bump required cmake version to 2.6.4.
+ - Add build dependencies on:
+ - libdbusmenu-qt-dev
+ - docbook-xml
+ - docbook-xsl
+ - libxrender-dev
+ - libkrb5-dev
+ - Remove unused build dependencies:
+ - libcups2-dev
+ - libdbus-1-dev
+ - libasound2-dev
+ - libkeyutils-dev
+ - xsltproc
+ - libxcursor-dev
+ - libxtst-dev
+ * Add packages for the new libararies: libkatepartinterfaces4,
+ libkcmutils4, libkidletime4, libkemoticons4, libkprintutils4.
+ * Add symbol files for the new libraries.
+ * Remove libkutils4.symbols as kutils is now a dummy
+ transitional library with no symbols.
+ * Add docbook-xml dependency on the kdoctools package,
+ as it is required for building all of kde's documentation.
+ * Bump kdebase-runtime Breaks/Recommends to version 4.6.
+
+ [ Didier Raboud ]
+ * Adjust build-dependencies:
+ - Bump required:
+ - Qt to 4:4.7.0.
+ - libattica to 0.1.90.
+ - soprano to 2.5.60.
+ - polkit-qt-1 to 0.99.0.
+ - shared-desktop-ontologies to 0.5.
+ - Add build dependencies on:
+ - libudev-dev
+ - libqtwebkit-dev
+ * Add libnepomukutils4 package.
+
+ [ Pino Toscano ]
+ * Make libknewstuff2-4 and libknewstuff3-4 recommend gnupg, as they can use
+ `gpg' for checking validity and signatures of downloaded content.
+ * Add docbook-xsl dependency on the kdoctools package, for same reason as
+ docbook-xml.
+ * Improve Depends and Recommends of libsolid:
+ - Linux archs: depend on udev, and recommend udisks and upower
+ - non-Linux archs: depend on hal
+ * Drop patch 28_find_old_kde4_html_documentation.diff, which was temporary
+ for migration to Squeeze.
+
+ [ José Manuel Santamaría Lema ]
+ * Disable 23_solid_no_double_build.diff, produces FTBFS.
+ * kdelibs5-data breaks/replaces kdebase-runtime-data (<< 4:4.5.85).
+ * Moved Qt Designer plugins to kdelibs5-plugins, they could be used by plasma
+ js bindings to dynamically create ui files. Thanks to Pino Toscano for
+ pointing the problem.
+ * Drop pre-squeeze Replaces/Breaks whenever possible.
+ * Update lintian overrides.
+ * Remove articles from short descriptions.
+ * Add myself to Uploaders.
+
+ -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Wed, 27 Apr 2011 12:23:37 +0300
+
+kde4libs (4:4.4.5-5) unstable; urgency=low
+
+ * Team Upload
+ * Add missing include <cstddef> to kjs/collector.h (Closes: #625625)
+ 32_missing_include_cstddef.diff
+
+ -- Scott Kitterman <scott at kitterman.com> Wed, 04 May 2011 13:52:13 -0400
+
+kde4libs (4:4.4.5-4) unstable; urgency=low
+
+ [ Sune Vuorela ]
+ * Fix build failures
+ - QDBUS_EXPORT => Q_DBUS_EXPORT (Closes: #618111)
+ - libqtwebkit-dev build-dep
+
+ [ José Manuel Santamaría Lema ]
+ * Fix CVE-2011-1168 (Konqueror partially universal XSS in error pages) by
+ cve_2011_1168_konqueror_xss.diff.
+ * Fix CVE-2010-3170 (browser wildcard cerficate validation weakness) for
+ Konqueror by cve_2010_3170_cn_wildcards.diff.
+ * Fix CVE-2011-1094 (kdelibs does not properly verify that the server hostname
+ matches the Common Name of the Subject of an X.509 certificate if that CN is
+ an IP address) by cve_2011_1094_ssl_verify_hostname.diff.
+
+ -- Sune Vuorela <sune at debian.org> Tue, 15 Mar 2011 23:05:06 +0100
+
+kde4libs (4:4.4.5-3) unstable; urgency=high
+
+ * Add a kconf_update script (migrate_from_kde3_icon_theme) to migrate away
+ from old KDE 3 icon themes which are KDE 4 incompatible (e.g. crystalsvg).
+ (Closes: #588374)
+ * Urgency=high, the fix is solely targeted at fixing lenny->squeeze upgrades
+ though it might not get there in time.
+
+ -- Modestas Vainius <modax at debian.org> Sun, 23 Jan 2011 00:36:28 +0200
+
+ kde4libs (4:4.4.5-2+squeeze2) stable; urgency=low
+
+ [ José Manuel Santamaría Lema ]
+ * Fix CVE-2011-1168 (Konqueror partially universal XSS in error pages) by
+ cve_2011_1168_konqueror_xss.diff.
+ * Fix CVE-2010-3170 (browser wildcard cerficate validation weakness) for
+ Konqueror by cve_2010_3170_cn_wildcards.diff.
+ * Fix CVE-2011-1094 (kdelibs does not properly verify that the server hostname
+ matches the Common Name of the Subject of an X.509 certificate if that CN is
+ an IP address) by cve_2011_1094_ssl_verify_hostname.diff.
+
+ [ Modestas Vainius ]
+ * KTar: use unsigned arithmetic when calculating checksum of tar header record
+ (as per ustar specification). However, when reading archive, verify
+ checksum by calculating it both ways (unsigned and signed) and accept if
+ either matches (partially solves #612675). Implemented in
+ ktar_header_checksum_fix.diff patch.
+ * Fix KTar longlink support when filenames are encoded in the UTF-8 (or other
+ multibyte) locale. Implemented in ktar_longlink_length_in_bytes.diff patch
+ (thanks to Ibragimov Rinat). Closes: #612675
+
+ -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Tue, 14 Jun 2011 00:13:57 +0300
+
kde4libs (4:4.4.5-2+squeeze1) stable-proposed-updates; urgency=low
* Add a kconf_update script (migrate_from_kde3_icon_theme) to migrate away
diff --cc debian/patches/ktar_header_checksum_fix.diff
index 0000000,297aaac..208fc92
mode 000000,100644..100644
--- a/debian/patches/ktar_header_checksum_fix.diff
+++ b/debian/patches/ktar_header_checksum_fix.diff
@@@ -1,0 -1,94 +1,94 @@@
+ From: Modestas Vainius <modax at debian.org>
+ Subject: Use unsigned arithmetic when calculating tar header checksum
+ Forwarded: yes
+ Bug: https://bugs.kde.org/show_bug.cgi?id=266141
+ Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612675
-Last-Update: 2011-05-14
++Last-Update: 2011-06-14
+ Origin: vendor
+
+ According to the ustar specification, implementations must use unsigned
+ arithmetic when calculating checksum field of the tar header record. KTar prior
+ to this patch used signed arithmetic for checksum calculation when writing an
+ archive. The patch fixes this.
+
+ However, there are more broken tar implementations out there (including former
+ KTar itself) so the patch also makes KTar to verify checksums using both
+ unsigned and signed arithmetic when reading archives. If either of checksums
+ matches, archive is accepted.
+
---- a/kio/kio/ktar.cpp
-+++ b/kio/kio/ktar.cpp
-@@ -198,26 +198,41 @@ qint64 KTar::KTarPrivate::readRawHeader(
++--- a/kdecore/io/ktar.cpp
+++++ b/kdecore/io/ktar.cpp
++@@ -184,26 +184,41 @@ qint64 KTar::KTarPrivate::readRawHeader(
+ if (strncmp(buffer + 257, "ustar", 5)) {
+ // The magic isn't there (broken/old tars), but maybe a correct checksum?
+
+ - int check = 0;
+ - for( uint j = 0; j < 0x200; ++j )
+ - check += buffer[j];
+ + // Checksum is supposed to be a sum of unsigned bytes but some
+ + // implementations sum signed chars. Therefore, just check both.
+ + int check_unsigned = 0, check_signed = 0;
+ + for( uint j = 0; j < 0x200; ++j ) {
+ + check_unsigned += (unsigned char) buffer[j];
+ + check_signed += buffer[j];
+ + }
+
+ // adjust checksum to count the checksum fields as blanks
+ - for( uint j = 0; j < 8 /*size of the checksum field including the
--
KDE Development Platform Libraries module packaging
More information about the pkg-kde-commits
mailing list