[SCM] KDE Plasma Addons module packaging branch, master, updated. debian/4.13.1-1-333-g5d6336c
Maximiliano Curia
maxy at moszumanska.debian.org
Fri Aug 1 09:05:38 UTC 2014
Gitweb-URL: http://git.debian.org/?p=pkg-kde/kde-sc/kdeplasma-addons.git;a=commitdiff;h=3de0e35
The following commit has been merged in the master branch:
commit 3de0e35366912c247a65d9953c5f4220f1055fd9
Author: Jonathan Riddell <jriddell at ubuntu.com>
Date: Tue Jun 4 16:21:06 2013 +0100
add debian/patches/kubuntu_02_random_password_generator.diff
---
debian/changelog | 8 +++
.../kubuntu_02_random_password_generator.diff | 75 ++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 84 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 5b3e6e1..f29c6cb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,14 @@ kdeplasma-addons (4:4.10.4-0ubuntu1) UNRELEASED; urgency=low
-- Rohan Garg <rohangarg at kubuntu.org> Sat, 01 Jun 2013 13:40:49 +0100
+kdeplasma-addons (4:4.10.3-0ubuntu3) saucy; urgency=low
+
+ * Add kubuntu_02_random_password_generator.diff from upstream
+ fixes paste widget password generator uses insecure randomness
+ LP: #1179380
+
+ -- Jonathan Riddell <jriddell at ubuntu.com> Tue, 04 Jun 2013 11:51:38 +0100
+
kdeplasma-addons (4:4.10.3-0ubuntu2) saucy; urgency=low
* plasma-widgets-addons breaks/replaces
diff --git a/debian/patches/kubuntu_02_random_password_generator.diff b/debian/patches/kubuntu_02_random_password_generator.diff
new file mode 100644
index 0000000..efcef28
--- /dev/null
+++ b/debian/patches/kubuntu_02_random_password_generator.diff
@@ -0,0 +1,75 @@
+commit 36a1fe49cb70f717c4a6e9eeee2c9186503a8dce
+Author: Aaron Seigo <aseigo at kde.org>
+Date: Mon Jun 3 19:16:32 2013 +0200
+
+ use KRandom, avoid modulo bias
+
+diff --git a/applets/paste/pastemacroexpander.cpp b/applets/paste/pastemacroexpander.cpp
+index ea6163f..d0a8b49 100644
+--- a/applets/paste/pastemacroexpander.cpp
++++ b/applets/paste/pastemacroexpander.cpp
+@@ -27,6 +27,7 @@
+ #include <KDebug>
+ #include <KLocale>
+ #include <KMessageBox>
++#include <KRandom>
+
+ class PasteMacroExpanderSingleton
+ {
+@@ -142,35 +143,49 @@ QString PasteMacroExpander::password(const QString& args)
+ << "01234567890"
+ << "!\"#$%&'()*+,-./:;<=>?@[\]^_`{|}~";
+
+- int charCount;
++ int charCount = 8;
+ QString chars;
+ QString result;
+
+ if (a.count() > 0) {
+- charCount = qMax(a[0].trimmed().toInt(), 1);
+- } else {
+- charCount = 8;
++ charCount = qMax(a[0].trimmed().toInt(), 8);
+ }
++
+ if (a.count() < 2) {
+ chars = characterSets.join("");
+ }
++
+ if (a.count() > 1) {
+ chars += (a[1].trimmed() == "true") ? characterSets[0] : "";
+ }
++
+ if (a.count() > 2) {
+ chars += (a[2].trimmed() == "true") ? characterSets[1] : "";
+ }
++
+ if (a.count() > 3) {
+ chars += (a[3].trimmed() == "true") ? characterSets[2] : "";
+ }
++
+ if (a.count() > 4) {
+ chars += (a[4].trimmed() == "true") ? characterSets[3] : "";
+ }
+
+- QDateTime now = QDateTime::currentDateTime();
+- qsrand(now.toTime_t() / now.time().msec());
++ const int setSize = chars.count();
++ const int top = (RAND_MAX / setSize) * setSize;
++ kDebug() << "topping out at " << setSize << RAND_MAX << top;
+ for (int i = 0; i < charCount; ++i) {
+- result += chars[qrand() % chars.count()];
++ // to prevent modulo bias, discard random numbers at the
++ // 'top end' of INT_MAX
++ int rand = -1;
++ do {
++ if (rand > 0) {
++ kDebug() << "Ha!" << rand;
++ }
++ rand = KRandom::random();
++ } while (rand >= top);
++
++ result += chars[rand % setSize];
+ }
+ //kDebug() << result;
+ return result;
diff --git a/debian/patches/series b/debian/patches/series
index 203c746..d069241 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
kubuntu_01_news_applet_name.diff
marble-4.7-compat.diff
+kubuntu_02_random_password_generator.diff
--
KDE Plasma Addons module packaging
More information about the pkg-kde-commits
mailing list