Change logs for kdelibs source package in Lucid

  • kdelibs (4:3.5.10.dfsg.1-3ubuntu2.10.04.1) lucid-security; urgency=low
    
      * SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability. (LP: #661416)
        - Ark and KMail performs insufficient validation which leads to
          specially crafted archive files, using unknown MIME types, to be
          rendered using a KHTML instance, this can trigger uncontrolled
          XMLHTTPRequests to remote sites.
        - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
          restricts xmlhttprequest to http protocols only.
          This patch has been accidentally dropped in 4:3.5.10.dfsg.1-3ubuntu1.
        - http://www.kde.org/info/security/advisory-20091027-1.txt
        - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
        - CVE n/a
      * Fix FTBFS: disable parallel building.
     -- Felix Geyer <email address hidden>   Fri, 15 Oct 2010 21:19:11 +0200
  • kdelibs (4:3.5.10.dfsg.1-3ubuntu2) lucid; urgency=low
    
      * Remove kubuntu_97_kde4_menu_applications.diff, obsolete and can
        cause breakage
     -- Jonathan Riddell <email address hidden>   Fri, 29 Jan 2010 00:19:10 +0000
  • kdelibs (4:3.5.10.dfsg.1-3ubuntu1) lucid; urgency=low
    
      * Merge from Debian Testing.  Remaining Ubuntu changes:
        - make sure control and control.in are in sync
        - --with-distribution="Kubuntu (`lsb_release --codename --short`)
          $(DEB_VERSION)"
        - binary-install/kdelibs-data installs aboutkde-kubuntu.png.uu and
          cr*-device-system.png.uu
        - don't build-dep on libgamin-dev, libfam-dev
        - stop kdelibs4-dev depending on gamin/fam
        - don't install .svgz icons, docs or all_languages in kdelibs-data.install
        - rosetta support in rules common-install-prehook-impl:: [and
          common-post-build-arch:: ?] and include debian/kubuntu-desktop-i18n/
        - build-dep on: gettext-kde, kdesdk-scripts, lsb-release, base-files, sudo
        - cdbs build-dep 0.4.41ubuntu2
        - kdelibs4-dev depends on gettext-kde, kdesdk-scripts
        - copy debian/icons over
        - Make kdelibs4c2a depend on launchpad-integration, sudo.  Recommends on
          xdg-user-dirs
        - Remove 19_debianize_useragent.diff (changed to
          kubuntu_19_debianize_useragent.diff) s/Debian/Kubuntu
        - remove kdelibs4c2a depends on menu-xdg
        - include kubuntu_01_kdepot.diff and kde.pot in debian/patches/common
        - use a local copy of kde.mk without the common-install-prehook-impl::
          rule; edit debian-qt-kde.mk to include debian/cdbs/kde.mk
        - build with --with-sudo-kdesu-backend and build-dep on sudo and make
          kdelibs4c2a depend on sudo
        - kdelibs-data.install : Add nzb mimetype
        - Make kdelibs4-dev replace more recent kdelibs4c2a for overlapping files
        - remove /usr/bin/preparetips, arts files and ksvntopng from
          kdelibs4-dev.install
        - Drop the package kdelibs4-doc completely. It contained API documentation
          which is now obsolete, but still available via api.kde.org.
        - make sure control and control.in are in sync
        - in debian/rule remove .pot files outside .po directory
        - 97_automake_cleanup.diff becomes kubuntu_97_automake_cleanup.diff
      * Remove libarts1-dev from build-depends and kdelibs4-dev depends from control.in
      * Drop debian/patches/kubuntu_62_flash_installer.diff (obsolete and broken)
      * Drop debian/patches/kubuntu_gcc4.4_ftbfs.diff, now included from Debian as
        debian/patches/65_gcc4.4_ftbfs.diff
      * Drop debian/patches/security_05_CVE-2009-0689.diff, now included from
        Debian as debian/patches/CVE-2009-0689.diff
    
    kdelibs (4:3.5.10.dfsg.1-3) unstable; urgency=high
    
      +++ Changes by Scott Kitterman (patches from Kubuntu):
    
      * SECURITY UPDATE: fix buffer overflow when converting string to float.
        - debian/patches/CVE-2009-0689.diff: adjust Kmax to handle large field
          numbers in kjs/dtoa.cpp (Closes: #559265)
        - CVE-2009-0689
      * SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability.
       - Ark and KMail performs insufficient validation which leads to
         specially crafted archive files, using unknown MIME types, to be
         rendered using a KHTML instance, this can trigger uncontrolled
         XMLHTTPRequests to remote sites.
       - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
         restricts xmlhttprequest to http protocols only.
       - http://www.kde.org/info/security/advisory-20091027-1.txt
       - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
       - CVE n/a
      * Fix FTBFS with gcc 4.4.
       - Add debian/patches/gcc4.4_ftbfs.diff (Closes: #556564)
      * Update Vcs* in debian/control for new location.
    
      +++ Changes by Ana Beatriz Guerrero Lopez:
    
      * Add a depend on ${shlibs:Depends} to kdelibs5-dev to make lintian happy.
      * Remove Sune from Uploaders per his request.
      * Update Armin and Modestas emails.
     -- Scott Kitterman <email address hidden>   Sat, 09 Jan 2010 13:49:59 -0500
  • kdelibs (4:3.5.10.dfsg.1-2.1ubuntu4) lucid; urgency=low
    
      * SECURITY UPDATE: fix buffer overflow when converting string to float
        - debian/patches/security_05_CVE-2009-0689.diff: adjust Kmax to handle
          large field numbers in kjs/dtoa.cpp
        - CVE-2009-0689
     -- Jamie Strandboge <email address hidden>   Mon, 07 Dec 2009 15:19:01 -0600
  • kdelibs (4:3.5.10.dfsg.1-2.1ubuntu3) lucid; urgency=low
    
      * SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
       - Ark and KMail performs insufficient validation which leads to
         specially crafted archive files, using unknown MIME types, to be
         rendered using a KHTML instance, this can trigger uncontrolled
         XMLHTTPRequests to remote sites
       - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
         restricts xmlhttprequest to http protocols only
       - http://www.kde.org/info/security/advisory-20091027-1.txt
       - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
       - CVE n/a
     -- Jonathan Riddell <email address hidden>   Mon, 07 Dec 2009 17:42:13 +0000
  • kdelibs (4:3.5.10.dfsg.1-2.1ubuntu2) lucid; urgency=low
    
      * Update kubuntu_38_no_generate_kdepot.diff to generate correct kde.pot
     -- Jonathan Riddell <email address hidden>   Tue, 10 Nov 2009 12:23:54 +0000
  • kdelibs (4:3.5.10.dfsg.1-2.1ubuntu1) lucid; urgency=low
    
      * Merge with Debian, remaining changes
       - make sure control and control.in are in sync
       - --with-distribution="Kubuntu (`lsb_release --codename --short`) $(DEB_VERSION)"
       - binary-install/kdelibs-data installs aboutkde-kubuntu.png.uu and cr*-device-system.png.uu
       - don't build-dep on libgamin-dev, libfam-dev
       - stop kdelibs4-dev depending on gamin/fam
       - don't install .svgz icons, docs or all_languages in kdelibs-data.install
       - rosetta support in rules common-install-prehook-impl:: [and common-post-build-arch:: ?] and include debian/kubuntu-desktop-i18n/
       - build-dep on: gettext-kde, kdesdk-scripts, lsb-release, base-files, sudo
       - cdbs build-dep 0.4.41ubuntu2
       - kdelibs4-dev depends on gettext-kde, kdesdk-scripts
       - copy debian/icons over
       - Make kdelibs4c2a depend on launchpad-integration, sudo.  Recommends on xdg-user-dirs
       - Remove 19_debianize_useragent.diff (changed to kubuntu_19_debianize_useragent.diff) s/Debian/Kubuntu
       - remove kdelibs4c2a depends on menu-xdg
       - include kubuntu_01_kdepot.diff and kde.pot in debian/patches/common
       - use a local copy of kde.mk without the common-install-prehook-impl:: rule; edit debian-qt-kde.mk to include debian/cdbs/kde.mk
       - build with --with-sudo-kdesu-backend and build-dep on sudo and make kdelibs4c2a depend on sudo
       - kdelibs-data.install : Add nzb mimetype
       - Make kdelibs4-dev replace more recent kdelibs4c2a for overlapping files
       - remove /usr/bin/preparetips, arts files and ksvntopng from kdelibs4-dev.install
       - Drop the package kdelibs4-doc completely. It contained API documentation  which is now obsolete, but still available via api.kde.org.
       - make sure control and control.in are in sync
       - in debian/rule remove .pot files outside .po directory
       - 97_automake_cleanup.diff becomes kubuntu_97_automake_cleanup.diff
    
    kdelibs (4:3.5.10.dfsg.1-2.1) unstable; urgency=high
    
      * Non-maintainer upload by the testing Security Team.
      * Fixed CVE-2009-1687: An integer overflow, leading to heap-based buffer
        overflow was found in the KDE implementation of garbage collector for the
        JavaScript language (KJS).
      * Fixed CVE-2009-1690: KDE HTML parser incorrectly handled content, forming
        the HTML page <head> element. A remote attacker could use this flaw to
        cause a denial of service (konqueror crash) or, potentially, execute
        arbitrary code, with the privileges of the user running "konqueror" web
        browser, if the victim was tricked to open a specially-crafted HTML page.
        (Closes: #534949)
      * Fixed CVE-2009-1698: KDE's Cascading Style Sheets (CSS) parser incorrectly
        handled content, forming the value of CSS "style" attribute. A remote
        attacker could use this flaw to cause a denial of service (konqueror crash)
        or potentially execute arbitrary code with the privileges of the user
        running "konqueror" web browser, if the victim visited a specially-crafted
        CSS equipped HTML page. (Closes: #534949)
      * Fixed CVE-2009-2702: KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not
        properly handle a '\0' character in a domain name in the Subject
        Alternative Name field of an X.509 certificate, which allows
        man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
        certificate issued by a legitimate Certification Authority (Closes: #546212)
     -- Jonathan Riddell <email address hidden>   Mon, 09 Nov 2009 17:43:28 +0000
  • kdelibs (4:3.5.10.dfsg.1-2ubuntu7) karmic; urgency=low
    
      * Move the pot removal to common-binary-predeb-indep so it does not
        cause mid-build break, also prevent it from removing pot files that reside
        in ./debian/, to prevent dh_install from failing (LP: #432378)
    
     -- Harald Sitter <email address hidden>   Sat, 19 Sep 2009 00:02:34 +0200