--- ktorrent-2.1.orig/debian/control +++ ktorrent-2.1/debian/control @@ -0,0 +1,20 @@ +Source: ktorrent +Section: kde +Priority: optional +Maintainer: Ubuntu Core Developers +XSBC-Original-Maintainer: Anthony Mercatante +Build-Depends: debhelper (>= 5.0), cdbs, docbook2x, autotools-dev, kdelibs4-dev, libpcre3-dev, libx11-dev, libgmp3-dev +Standards-Version: 3.7.2 + +Package: ktorrent +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends} +Suggests: php5-cli +Description: BitTorrent client for KDE + KTorrent is a BitTorrent program for KDE. Its features include speed capping + (both down and up), integrated searching, UDP tracker support, preview of + certain file types (video and audio) and integration into the KDE Panel + enabling background downloading. + . + Homepage: http:/i/ktorrent.org + --- ktorrent-2.1.orig/debian/rules +++ ktorrent-2.1/debian/rules @@ -0,0 +1,13 @@ +#!/usr/bin/make -f + +include /usr/share/cdbs/1/rules/debhelper.mk +include /usr/share/cdbs/1/rules/simple-patchsys.mk +include /usr/share/cdbs/1/class/kde.mk + +DEB_INSTALL_MANPAGES_ktorrent = ktorrent.1 + +build/ktorrent:: + docbook2x-man debian/ktorrent.1.docbook + +clean:: + rm -f ktorrent.1 --- ktorrent-2.1.orig/debian/changelog +++ ktorrent-2.1/debian/changelog @@ -0,0 +1,244 @@ +ktorrent (2.1-0ubuntu2) feisty; urgency=low + + * SECURITY UPDATE: allows .. in file name which could cause + the user to overwrite files (if ran as root, system files). + DoS or heap corruption possible if idx is to small (negative) + or to large. + * Add 'debian/patches/kubuntu_01_security_fix.diff': backported + upstream fix + * References + http://websvn.kde.org/?view=rev&revision=640661 + CVE-2007-1384 CVE-2007-1385 + + -- Richard A. Johnson Sun, 11 Mar 2007 10:37:17 -0500 + +ktorrent (2.1-0ubuntu1) feisty; urgency=low + + * New upstream release + + -- Anthony Mercatante Mon, 5 Feb 2007 20:52:18 +0100 + +ktorrent (2.1~rc1-0ubuntu3) feisty; urgency=low + + * debian/patches/kubuntu_03_remove_nasty_search_engines.patch: + - isohunt is just back online. + + -- Anthony Mercatante Mon, 22 Jan 2007 16:51:45 +0100 + +ktorrent (2.1~rc1-0ubuntu1) feisty; urgency=low + + * New upstream release + * uTorrent-compatible Peer Exchange + * Zeroconf LAN peer finder + * Misc bugfixes + * dropped debian/patches/kubuntu_01_autoconf2.60.patch, included upstream + * dropped debian/patches/kubuntu_02_kdepot.patch, no longer needed + + -- John Dong Wed, 3 Jan 2007 15:21:56 -0500 + +ktorrent (2.1~beta1-0ubuntu2) feisty; urgency=low + + * Corrected builddeps (docbook2x instead of docbook) + + -- Anthony Mercatante Mon, 18 Dec 2006 16:09:09 +0100 + +ktorrent (2.1~beta1-0ubuntu1) feisty; urgency=low + + * New upstream release + * Cleaned packaging, switching to cdbs + * Removed obsolete kubuntu_03_powerpc_compile_fix.diff + + -- Anthony Mercatante Tue, 05 Dec 2006 18:14:05 +0100 + +ktorrent (2.0.3+dfsg1-0ubuntu2) feisty; urgency=low + + * Add kubuntu_03_remove_nasty_search_engines.diff to remove + nasty search engines + + -- Anthony Mercatante Tue, 11 Nov 2006 15:56:19 -0800 + +ktorrent (2.0.3+dfsg1-0ubuntu1) edgy; urgency=low + + * built with GeoIP support enabled, but removed the database file + and country flags due to licensing restrictions (see README.Debian) + + -- Jonathan Riddell Fri, 20 Oct 2006 12:56:19 +0100 + +ktorrent (2.0.3-0ubuntu4) edgy; urgency=low + + * Add kubuntu_00_autoconf2.60.diff to allow relibtoolise with autoconf 2.6 + * Add kubuntu_02_powerpc_compile_fix.diff to fix fail to build on powerpc, + Closes https://launchpad.net/malone/66169 + + -- Jonathan Riddell Sun, 15 Oct 2006 22:41:14 +0100 + +ktorrent (2.0.3-0ubuntu3) edgy; urgency=low + + * Removed kubuntu_04_ktshell_bash.patch, included + upstream + + -- Anthony Mercatante Thu, 11 Oct 2006 16:30:01 +0200 + +ktorrent (2.0.3-0ubuntu2) edgy; urgency=low + + * Removed kubuntu_02_r586445_choke.patch and + kubuntu_03_r588047_faster_download.patch adopted upstream + + -- Brandon Holtsclaw Tue, 10 Oct 2006 17:46:01 -0500 + +ktorrent (2.0.3-0ubuntu1) edgy; urgency=low + + * New Upstream Version ( uvfe approved by mdz ) + * Closes Malone: #65066 + + -- Brandon Holtsclaw Tue, 10 Oct 2006 17:46:01 -0500 + +ktorrent (2.0.2-0ubuntu3) edgy; urgency=low + + * Added kubuntu_04_ktshell_bash.patch, closes Malone + #61324 + + -- Anthony Mercatante Mon, 02 Oct 2006 21:01:07 +0200 + +ktorrent (2.0.2-0ubuntu2) edgy; urgency=low + + * Backport SVN revisions 586445 and 588047, fixes download speed oscillation + and instances where all peers are choked/snubbed. + + -- John Dong Wed, 27 Sep 2006 02:07:07 -0400 + +ktorrent (2.0.2-0ubuntu1) edgy; urgency=low + + * New Upstream Release + * UVFe approved by Colin Watson ( https://launchpad.net/bugs/58139 ) + + -- Brandon Holtsclaw Mon, 18 Sep 2006 13:28:37 -0500 + +ktorrent (2.0.1-0ubuntu1) edgy; urgency=low + + * New Upstream Version approved by mdz at https://launchpad.net/bugs/57219 + + -- Brandon Holtsclaw Tue, 22 Aug 2006 09:51:44 -0500 + +ktorrent (2.0-0ubuntu2) edgy; urgency=low + + * Fixed install issue by removing debian/ktorrent/usr/share/applnk and + debian/ktorrent/usr/share/mimelnk in debian/rules already provided by kdelibs-data + * Closes Malone Bug #55969 + + -- Brandon Holtsclaw Wed, 09 Aug 2006 09:51:44 -0500 + +ktorrent (2.0-0ubuntu1) edgy; urgency=low + + * New Upstream Version + * Updated admin/ directory so .pot would generate correctly + * commented debian/patches/kubuntu_01_kdepot.patch from debian/rules , not needed + * added libgmp3-dev to build depends as required to build 2.0 + + -- Brandon Holtsclaw Wed, 09 Aug 2006 09:51:44 -0500 + +ktorrent (1.2-1ubuntu3) edgy; urgency=low + + * debian/rules: moved the fix from clean to install rule, to fix the ftbfs, + really + + -- Stephan Hermann Thu, 13 Jul 2006 09:51:44 +0200 + +ktorrent (1.2-1ubuntu2) edgy; urgency=low + + * debian/rules: Removed translations/nb/messages/ktorrent.po to be friendly + to our buildds + + -- Stephan Hermann Wed, 12 Jul 2006 18:37:00 +0200 + +ktorrent (1.2-1ubuntu1) edgy; urgency=low + + * Merge from debian unstable. + + -- Stephan Hermann Thu, 6 Jul 2006 13:53:48 +0200 + +ktorrent (1.2-1) unstable; urgency=low + + * Acknowledge NMU (Closes: 349983) + Actually removed debian libtoolization temporarily due to + package inclusion of a library in upstream. Soon to be reapplied + with proper support for avoiding redundant dependencies. + * New upstream release (Closes: 348605) + + Doesn't freeze/lock anymore (Closes: 340766) + + Properly builds with G++ 4.1 (Closes: 357096) + * add shlib support and post{inst,rm} via debhelper for new shared library + * Set --enable-final as configure directive + * Update copyright file to reflect additional files and changed dir layout + * patch upstream Makefile.in to include translations directory + * Update upstream homepage URL in control + + -- Joel Johnson Tue, 6 Jun 2006 22:07:58 -0700 + +ktorrent (1.2-0ubuntu5) dapper; urgency=low + + * added debian/patches/kubuntu_01_kdepot.patch + * debian/rules: added generation of po/ktorrent.pot + + -- Bastian Holst Tue, 23 May 2006 17:37:34 +0200 + +ktorrent (1.2-0ubuntu4) dapper; urgency=low + + * debian/rules: Remove ./translations/nb/messages/ktorrent.po since it's + empty (and thus invalid). + + -- Martin Pitt Tue, 23 May 2006 12:25:14 +0200 + +ktorrent (1.2-0ubuntu3) dapper; urgency=low + + * Added dh_iconcache + + -- Brandon Holtsclaw Tue, 23 May 2006 17:05:49 +0100 + +ktorrent (1.2-0ubuntu2) dapper; urgency=low + + * Make debian/rules relibtoolise, installs .po translation files + closes Malone #45791 + + -- Jonathan Riddell Mon, 22 May 2006 17:05:49 +0100 + +ktorrent (1.2-0ubuntu1) dapper; urgency=low + + * New Upstream Version + * Sponsored upload for Sarah Hobbs + + -- Jonathan Riddell Fri, 10 Feb 2006 12:02:16 +1100 + +ktorrent (1.1-2.1) unstable; urgency=low + + * Non-maintainer upload by sponsor due to no maintainer reaction. + * Relibtoolize _after_ setting AM_MAINTAINER_MODE (Closes: #349983) + + -- Florian Ernst Tue, 7 Feb 2006 13:15:30 +0100 + +ktorrent (1.1-2) unstable; urgency=low + + * Limit build dependencies to what we directly depend on + and set AM_MAINTAINER_MODE in configure.in.in + * Change section from net to kde + * Remove sponsor as Uploader as requested + + -- Joel Johnson Thu, 1 Dec 2005 13:11:22 -0800 + +ktorrent (1.1-1build1) dapper; urgency=low + + * Rebulid for libstdc++ transition + + -- Jonathan Riddell Sat, 17 Dec 2005 15:20:35 +0000 + +ktorrent (1.1-1) unstable; urgency=low + + * Initial Debian Upload (Closes: #313659) + * Update copyright file with new FSF address + * Incorporate changes to a previous package version + - disable rpath in ./configure + - add lintian override (missing manpage) + Thanks to Jonathan Riddell + * Add linda override (missing manpage) + + -- Joel Johnson Thu, 24 Oct 2005 08:47:09 -0700 + --- ktorrent-2.1.orig/debian/compat +++ ktorrent-2.1/debian/compat @@ -0,0 +1 @@ +5 --- ktorrent-2.1.orig/debian/README.Debian +++ ktorrent-2.1/debian/README.Debian @@ -0,0 +1,26 @@ +Due to licensing restrictions, the source and binary packages of ktorrent do +not include a GeoIP database. The binary package *is* built to support it +however (the API is GPL, but data used from ARIN to generate the data files +is *not* DFSG compliant). If you wish to use the GeoIP support, there are free +databases made available at the following URL: + +http://www.maxmind.com/app/geoip_country + +Place the uncompressed database file in /usr/share/apps/ktorrent/geoip/ and +the country information will be displayed in the peers tab. The commercial +version offered *should* also work, but I have no means to confirm or deny +this. + +The flag images are also not distributed with this package. Although the +original author seems to wish the grant free use, the verbage used in +granting it restricts their use to websites. I've tried, and will continue +to try to contact him and find a resolution. + +---- + +The upstream source was modified in the following ways: + removed ./plugins/infowidget/geoip/geoip.dat + removed ./plugins/infowidget/geoip/*.png + removed ./plugins/infowidget/geoip/FLAGS_LICENSE + modified ./plugins/infowidget/Makefile.{am,in} to not depend on above + appended "+dfsg" to base directory name --- ktorrent-2.1.orig/debian/ktorrent.1.docbook +++ ktorrent-2.1/debian/ktorrent.1.docbook @@ -0,0 +1,113 @@ + + + + + + Mercatante + Anthony + tonio@ubuntu.com + + + 2006 + Anthony Mercatante + + + + 2006-12-205 + + + + ktorrent + 1 + + + ktorrent + BitTorrent client for KDE + + + + ktorrent + + + + + + + + + + DESCRIPTION + + BitTorrent client for KDE. + + + KTorrent is a BitTorrent program for KDE. Its features include speed capping (both down and up), integrated searching, UDP tracker support, preview of certain file types (video and audio) and integration into the KDE Panel enabling background downloading. + + + + OPTIONS + + All KDE and Qt + programs accept a some common command-line options. ktorrent has no + application-specific options. + + + + Generic options: + + + Show help about options + + + + Show Qt specific options + + + + Show KDE specific options + + + + Show all options + + + + Show author information + + + , + Show version information + + + + Show license information + + + + Indicates end of options + + + + + + + COPYRIGHT + + This manual page was written by Anthony Mercatante + tonio@ubuntu.com for the + Debian system (but may be used by others). + Permission is granted to copy, distribute and/or modify this document + under the terms of the GNU General Public License, + Version 2 or any later version published by the Free Software Foundation. + + + On Debian systems, the complete text of the GNU General Public + License can be found in + /usr/share/common-licenses/GPL. + + + + --- ktorrent-2.1.orig/debian/patches/kubuntu_03_remove_nasty_search_engines.patch +++ ktorrent-2.1/debian/patches/kubuntu_03_remove_nasty_search_engines.patch @@ -0,0 +1,34 @@ +diff -Nur ktorrent-2.1~rc1/plugins/search/searchenginelist.cpp ktorrent-2.1~rc1.new/plugins/search/searchenginelist.cpp +--- ktorrent-2.1~rc1/plugins/search/searchenginelist.cpp 2007-01-02 19:44:27.000000000 +0100 ++++ ktorrent-2.1~rc1.new/plugins/search/searchenginelist.cpp 2007-01-22 16:50:53.000000000 +0100 +@@ -108,11 +108,8 @@ + out << "bittorrent.com http://www.bittorrent.com/search_result.myt?search=FOOBAR" << ::endl; + out << "isohunt.com http://isohunt.com/torrents.php?ihq=FOOBAR&op=and" << ::endl; + out << "mininova.org http://www.mininova.org/search.php?search=FOOBAR" << ::endl; +- out << "thepiratebay.org http://thepiratebay.org/search.php?q=FOOBAR" << ::endl; + out << "bitoogle.com http://search.bitoogle.com/search.php?q=FOOBAR&st=t" << ::endl; + out << "bytenova.org http://www.bitenova.org/search.php?search=FOOBAR&start=0&start=0&ie=utf-8&oe=utf-8" << ::endl; +- out << "torrentspy.com http://torrentspy.com/search.asp?query=FOOBAR" << ::endl; +- out << "torrentz.com http://www.torrentz.com/search_FOOBAR" << ::endl; + } + + KURL SearchEngineList::getSearchURL(bt::Uint32 engine) const +diff -Nur ktorrent-2.1~rc1/plugins/search/searchprefpage.cpp ktorrent-2.1~rc1.new/plugins/search/searchprefpage.cpp +--- ktorrent-2.1~rc1/plugins/search/searchprefpage.cpp 2007-01-02 19:44:27.000000000 +0100 ++++ ktorrent-2.1~rc1.new/plugins/search/searchprefpage.cpp 2007-01-22 16:50:26.000000000 +0100 +@@ -158,15 +158,9 @@ + + se = new QListViewItem(m_engines, "mininova.org", "http://www.mininova.org/search.php?search=FOOBAR"); + +- se = new QListViewItem(m_engines, "thepiratebay.org", "http://thepiratebay.org/search.php?q=FOOBAR"); +- + se = new QListViewItem(m_engines, "bitoogle.com", "http://search.bitoogle.com/search.php?q=FOOBAR&st=t"); + + se = new QListViewItem(m_engines, "bytenova.org", "http://www.bitenova.org/search.php?search=FOOBAR&start=0&start=0&ie=utf-8&oe=utf-8"); +- +- se = new QListViewItem(m_engines, "torrentspy.com", "http://torrentspy.com/search.asp?query=FOOBAR"); +- +- se = new QListViewItem(m_engines, "torrentz.com", "http://www.torrentz.com/search_FOOBAR"); + } + + void SearchPrefPageWidget::removeAllClicked() --- ktorrent-2.1.orig/debian/patches/kubuntu_01_security_fix.diff +++ ktorrent-2.1/debian/patches/kubuntu_01_security_fix.diff @@ -0,0 +1,67 @@ +diff -Nru ktorrent-2.1.orig/libktorrent/torrent/chunkcounter.cpp ktorrent-2.1/libktorrent/torrent/chunkcounter.cpp +--- ktorrent-2.1.orig/libktorrent/torrent/chunkcounter.cpp 2007-02-04 07:22:45.000000000 -0600 ++++ ktorrent-2.1/libktorrent/torrent/chunkcounter.cpp 2007-03-11 10:31:32.000000000 -0500 +@@ -59,12 +59,13 @@ + + void ChunkCounter::inc(Uint32 idx) + { ++ if (idx < cnt.size()) + cnt[idx]++; + } + + void ChunkCounter::dec(Uint32 idx) + { +- if (cnt[idx] > 0) ++ if (idx < cnt.size() && cnt[idx] > 0) + cnt[idx]--; + } + +diff -Nru ktorrent-2.1.orig/libktorrent/torrent/peer.cpp ktorrent-2.1/libktorrent/torrent/peer.cpp +--- ktorrent-2.1.orig/libktorrent/torrent/peer.cpp 2007-02-04 07:22:45.000000000 -0600 ++++ ktorrent-2.1/libktorrent/torrent/peer.cpp 2007-03-11 10:59:10.000000000 -0500 +@@ -193,11 +193,21 @@ + { + Out() << "len err HAVE" << endl; + kill(); +- return; + } +- +- haveChunk(this,ReadUint32(tmp_buf,1)); +- pieces.set(ReadUint32(tmp_buf,1),true); ++ else ++ { ++ Uint32 ch = ReadUint32(tmp_buf,1); ++ if (ch < pieces.getNumBits()) ++ { ++ haveChunk(this,ch); ++ pieces.set(ch,true); ++ } ++ else ++ { ++ Out(SYS_CON|LOG_NOTICE) << "Received invalid have value, kicking peer" << endl; ++ kill(); ++ } ++ } + break; + case BITFIELD: + if (len != 1 + pieces.getNumBytes()) +diff -Nru ktorrent-2.1.orig/libktorrent/torrent/torrent.cpp ktorrent-2.1/libktorrent/torrent/torrent.cpp +--- ktorrent-2.1.orig/libktorrent/torrent/torrent.cpp 2007-02-04 07:22:45.000000000 -0600 ++++ ktorrent-2.1/libktorrent/torrent/torrent.cpp 2007-03-11 10:35:47.000000000 -0500 +@@ -163,9 +163,13 @@ + if (!v || v->data().getType() != Value::STRING) + throw Error(i18n("Corrupted torrent!")); + +- path += v->data().toString(encoding); +- if (j + 1 < ln->getNumChildren()) +- path += bt::DirSeparator(); ++ QString sd = v->data().toString(encoding); ++ if (sd != "..") ++ { ++ path += sd; ++ if (j + 1 < ln->getNumChildren()) ++ path += bt::DirSeparator(); ++ } + } + + // we do not want empty dirs --- ktorrent-2.1.orig/debian/copyright +++ ktorrent-2.1/debian/copyright @@ -0,0 +1,74 @@ +This package was debianized by Joel Johnson on +Tue, 21 Jun 2005 11:19:46 -0700. + +The original source was downloaded from +http://ktorrent.org/downloads/1.2/ktorrent-1.2.tar.gz + +Copyright 2005 Joris Guisson unless otherwise indicated below + +Copyright (C) 2005 by +Joris Guisson +Ivan Vasic + + apps/ktorrent/ktorrent.cpp + apps/ktorrent/ktorrentcore.cpp + apps/ktorrent/pastedialog.h + apps/ktorrent/pastedialog.cpp + apps/ktorrent/ktorrentview.h + apps/ktorrent/ktorrentview.cpp + apps/ktorrent/trayicon.h + apps/ktorrent/trayicon.cpp + libktorrent/interfaces/ipblockinginterface.h + libktorrent/interfaces/ipblockinginterface.cpp + libktorrent/torrent/ipblocklist.h + libktorrent/torrent/ipblocklist.cpp + libktorrent/torrent/torrentfile.h + libktorrent/torrent/torrentfile.cpp + libktorrent/torrent/torrent.h + libktorrent/torrent/torrent.cpp + libktorrent/torrent/chunkmanager.cpp + libktorrent/torrent/torrentcontrol.h + libktorrent/torrent/torrentcontrol.cpp + libktorrent/torrent/queuemanager.h + libktorrent/torrent/queuemanager.cpp + plugins/infowidget/infowidget.h + plugins/infowidget/infowidget.cpp + plugins/ipfilter/ipblockingprefpage.h + plugins/ipfilter/ipblockingprefpage.cpp + plugins/ipfilter/ipfilterplugin.h + plugins/ipfilter/ipfilterplugin.cpp + plugins/ipfilter/antip2p.h + plugins/ipfilter/antip2p.cpp + +Copyright (C) 2005 by Ivan Vasic + apps/ktorrent/queuedialog.h + apps/ktorrent/queuedialog.cpp + +Copyright (C) 2005 by +Joris Guisson +Vincent Wagelaar + plugins/infowidget/chunkbar.h + plugins/infowidget/chunkbar.cpp + +Copyright (C) 2005 by Adam Treat + apps/ktorrent/ktorrentapp.h + apps/ktorrent/ktorrentapp.cpp + +License (for all components): + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +On Debian systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'.