Change logs for kdelibs source package in Jaunty

kdelibs (4:3.5.10.dfsg.1-1ubuntu8.4) jaunty-security; urgency=low

  [ Jamie Strandboge ]
  * SECURITY UPDATE: fix buffer overflow when converting string to
    float
    - debian/patches/security_05_CVE-2009-0689.diff: adjust Kmax to handle
      large field numbers in kjs/dtoa.cpp
    - CVE-2009-0689

  [ Jonathan Riddell ]
  * SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
    - Ark and KMail performs insufficient validation which leads to
      specially crafted archive files, using unknown MIME types, to be
      rendered using a KHTML instance, this can trigger uncontrolled
      XMLHTTPRequests to remote sites
    - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
      restricts xmlhttprequest to http protocols only
    - http://www.kde.org/info/security/advisory-20091027-1.txt
    - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
    - CVE-2009-XXXX
 -- Jamie Strandboge <email address hidden>   Mon, 07 Dec 2009 15:10:37 -0600

kdelibs (4:3.5.10.dfsg.1-1ubuntu8.2) jaunty-security; urgency=low

  * SECURITY UPDATE: fix vulnerability with NULL byte in Subject Alternate
    Names field of X.509 certificates
    - debian/patches/security_04_CVE-2009-2702.diff: verify that the
      QString length of the SAN is not shorter than the ASN1 length
    - CVE-2009-2702

 -- Jamie Strandboge <email address hidden>   Tue, 15 Sep 2009 15:03:15 -0500

kdelibs (4:3.5.10.dfsg.1-1ubuntu8.1) jaunty-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via JavaScript garbage
    collector allocation failures
    - debian/patches/security_01_CVE-2009-1687.diff: make sure we don't
      overflow before doing the realloc in kjs/collector.cpp.
    - CVE-2009-1687
  * SECURITY UPDATE: arbitrary code execution via use-after-free
    - debian/patches/security_02_CVE-2009-1690.diff: use head.get() in
      khtml/html/htmlparser.cpp, and backport khtml/html/{AlwaysInline,
      htmlparser,Platform,RefPtr}.h.
    - CVE-2009-1690
  * SECURITY UPDATE: arbitrary code execution via CSS attr function call
    with a large numerical argument
    - debian/patches/security_03_CVE-2009-1698.diff: add extra checks to
      khtml/css/cssparser.cpp and implement CSSPrimitiveValue::CSS_ATTR in
      khtml/css/css_valueimpl.cpp.
    - CVE-2009-1698
  * debian/control{.in}: Added pkg-kde-tools to Build-Depends to fix FTBFS

 -- Marc Deslauriers <email address hidden>   Fri, 21 Aug 2009 08:17:26 -0400

kdelibs (4:3.5.10.dfsg.1-1ubuntu8) jaunty; urgency=low

  * Don't build with arts support (LP: #320915)
  * Don't build apidox. We don't install them anyway

 -- Harald Sitter <email address hidden>   Sat, 24 Jan 2009 20:28:13 +0100

kdelibs (4:3.5.10.dfsg.1-1ubuntu7) jaunty; urgency=low

  * Don't install anything to usr/share/doc/kde/HTML, this path will now be
    used by KDE 4 (drop all content in favor of KDE 4) (LP: #284915)
  * Drop the package kdelibs4-doc completely. It contained API documentation
    which is now obsolete, but still available via api.kde.org.

 -- Harald Sitter <email address hidden>   Sun, 18 Jan 2009 20:37:31 +0100

kdelibs (4:3.5.10.dfsg.1-1ubuntu6) jaunty; urgency=low

  * Add kubuntu_98_fix_khc_invocation.diff to invoke khelpcenter's exectuable
    directly instead of trying to access it via DCOP or start it using it's
    service file. Both are not available without KDE 3's kdebase (LP: #310135)

 -- Harald Sitter <email address hidden>   Sun, 18 Jan 2009 14:24:38 +0100

kdelibs (4:3.5.10.dfsg.1-1ubuntu5) jaunty; urgency=low

  * Add back 97_automake_cleanup.diff (as kubuntu_97_automake_cleanup.diff),
    needed to make libkhtml link to libkjs

 -- Jonathan Riddell <email address hidden>   Wed, 10 Dec 2008 18:29:29 +0000

kdelibs (4:3.5.10.dfsg.1-1ubuntu4) jaunty; urgency=low

  * Added kubuntu_arm_ftbfs.diff (LP: #300873)
    - Fixed ARM FTBFS by adding missing headers

 -- Michael Casadevall <email address hidden>   Fri, 21 Nov 2008 13:16:05 -0500

kdelibs (4:3.5.10.dfsg.1-1ubuntu3) jaunty; urgency=low

  * Fix build failure, due to missing header includes.

 -- Matthias Klose <email address hidden>   Thu, 20 Nov 2008 12:11:25 +0100

kdelibs (4:3.5.10.dfsg.1-1ubuntu2) jaunty; urgency=low

  * Added kubuntu_glibc_2.8_ftbfs.diff
    - Corrected FTBFS due to inotify/glibc headers mismatch (LP: #299909)
  * Updated kubuntu_51_launchpad_integration.diff
    - Explicately added #include <kstandarddirs.h> in khelpmenu.cpp to
      resolve a FTBFS on armel

 -- Michael Casadevall <email address hidden>   Wed, 19 Nov 2008 16:34:30 -0500

kdelibs (4:3.5.10.dfsg.1-1ubuntu1) jaunty; urgency=low

  * Merge with Debian, remaining changes:
   - --with-distribution="Kubuntu (`lsb_release --codename --short`) $(DEB_VERSION)"
   - binary-install/kdelibs-data installs aboutkde-kubuntu.png.uu and cr*-device-system.png.uu
   - don't build-dep on libgamin-dev, libfam-dev
   - stop kdelibs4-dev depending on gamin/fam
   - don't install .svgz icons in kdelibs-data.install
   - rosetta support in rules common-install-prehook-impl:: [and common-post-build-arch:: ?] and include debian/kubuntu-desktop-i18n/
   - build-dep on: gettext-kde, kdesdk-scripts, lsb-release, base-files, sudo
   - cdbs build-dep 0.4.41ubuntu2
   - kdelibs4-dev depends on gettext-kde, kdesdk-scripts
   - copy debian/icons over
   - Make kdelibs4c2a depend on launchpad-integration, sudo.  Recommends on xdg-user-dirs
   - Remove 19_debianize_useragent.diff (changed to kubuntu_19_debianize_useragent.diff) s/Debian/Kubuntu
   - remove kdelibs4c2a depends on menu-xdg
   - include kubuntu_01_kdepot.diff and kde.pot in debian/patches/common
   - use a local copy of kde.mk without the common-install-prehook-impl:: rule; edit debian-qt-kde.mk to include debian/cdbs/kde.mk
   - build with --with-sudo-kdesu-backend and build-dep on sudo and make kdelibs4c2a depend on sudo
   - kdelibs-data.install : Add nzb mimetype
   - Make kdelibs4-dev replace more recent kdelibs4c2a for overlapping files
   - remove /usr/bin/preparetips from kdelibs4-dev package
   - Remove ksvgtopng from kdelibs4-dev (conflicts with kdebase-runtime)
  * Remove kubuntu_66_konsole_pty.diff, no longer needed

kdelibs (4:3.5.10.dfsg.1-1) unstable; urgency=low

  +++ Changes by Ana Beatriz Guerrero Lopez:

  * New upstream release.
    - Most of the changes were already provided by the patches:
      - 01_kdelibs_branch_r828883.diff
      - 02_kate_regression_r777286.diff
      - 03_start_kdeinit_integer_overflow.diff (provided for CVE-2008-1671)
      - 05_kate_debianchangelog_default_context_r799980.diff
      - 06_khtml_rendering_r786289.diff
    that have been dropped now.
    - New changes:
      - Changes for showing KDE 3.5.10 instead of 3.5.9 in the KDE apps.
      - Fix while saving sessions for multiple scripts. (KDE SVN r837226,
        KDE bug 166598).
      - Fix in kdeprint. (KDE SVN r848634)
      - Avoid showing authentication-dialogue being put behind the application
        window. (KDE SVN r849216, KDE bug 121803).

  +++ Changes by Raúl Sánchez Siles:

  * kdeprint: Wrong initscript name (cupsys instead of cups) (Closes:
    #496110)
  * Fixed 98_buildprep.patch so double compilation works.
  * Fixed wrong http header parsing, added 61_httpheader_backport.diff
  * Fixed wrong Google Maps rendering, added 62_fix_googlemaps_backport.diff
  * Change dependencies from obsolete libcupsys2-dev to libcups2-dev.
  * konqueror: Crash on eBay page (Closes: #502459) with recently added
    63_fixed-layout-table.diff

 -- Jonathan Riddell <email address hidden>   Thu, 06 Nov 2008 13:18:46 +0000

kdelibs (4:3.5.10-0ubuntu6) intrepid; urgency=low

  * Don't install launchpad.png icon, now in kdelibs5-data

 -- Jonathan Riddell <email address hidden>   Mon, 06 Oct 2008 15:39:39 +0100