rev 12466 - in kde-extras/kvirc/trunk/debian: . patches
Raúl Sánchez Siles
kebianizao-guest at alioth.debian.org
Sat Oct 25 18:40:33 UTC 2008
Author: kebianizao-guest
Date: 2008-10-25 18:40:32 +0000 (Sat, 25 Oct 2008)
New Revision: 12466
Added:
kde-extras/kvirc/trunk/debian/patches/31_r1997-irchandler-exploit-bug503401.patch
Modified:
kde-extras/kvirc/trunk/debian/changelog
kde-extras/kvirc/trunk/debian/patches/series
Log:
* try to start command via irc:// handler (Closes: #503401)
* Urgency high due to security bug fix.
Modified: kde-extras/kvirc/trunk/debian/changelog
===================================================================
--- kde-extras/kvirc/trunk/debian/changelog 2008-10-25 15:04:57 UTC (rev 12465)
+++ kde-extras/kvirc/trunk/debian/changelog 2008-10-25 18:40:32 UTC (rev 12466)
@@ -1,3 +1,10 @@
+kvirc (2:3.4.0-3) UNRELEASED; urgency=high
+
+ * try to start command via irc:// handler (Closes: #503401)
+ * Urgency high due to security bug fix.
+
+ -- Raúl Sánchez Siles <rasasi78 at gmail.com> Sat, 25 Oct 2008 20:23:28 +0200
+
kvirc (2:3.4.0-2) unstable; urgency=low
* Adding 30_security-cipherlist-bad-order_r1990.patch collected upstream.This
Added: kde-extras/kvirc/trunk/debian/patches/31_r1997-irchandler-exploit-bug503401.patch
===================================================================
--- kde-extras/kvirc/trunk/debian/patches/31_r1997-irchandler-exploit-bug503401.patch (rev 0)
+++ kde-extras/kvirc/trunk/debian/patches/31_r1997-irchandler-exploit-bug503401.patch 2008-10-25 18:40:32 UTC (rev 12466)
@@ -0,0 +1,149 @@
+Index: 3.4.0/src/kvirc/sparser/kvi_sp_ctcp.cpp
+===================================================================
+--- 3.4.0/src/kvirc/sparser/kvi_sp_ctcp.cpp (revisión: 1996)
++++ 3.4.0/src/kvirc/sparser/kvi_sp_ctcp.cpp (revisión: 1997)
+@@ -60,6 +60,11 @@
+
+ #include <qdatetime.h>
+
++#ifdef COMPILE_USE_QT4
++ #include <QTextDocument>
++#else
++ #include <qstylesheet.h>
++#endif
+
+
+
+@@ -1445,7 +1450,11 @@
+ QString szMsg = "<b>";
+ szMsg += msg->pSource->nick();
+ szMsg += "</b> ";
+- szMsg += szData;
++ #ifdef COMPILE_USE_QT4
++ szMsg += Qt::escape(szData);
++ #else
++ szMsg += QStyleSheet::escape(szData);
++ #endif
+ //debug("kvi_sp_ctcp.cpp:975 debug: %s",szMsg.data());
+ g_pApp->notifierMessage(pOut,KVI_OPTION_MSGTYPE(KVI_OUT_ACTION).pixId(),szMsg,90);
+ }
+Index: 3.4.0/src/kvirc/sparser/kvi_sp_literal.cpp
+===================================================================
+--- 3.4.0/src/kvirc/sparser/kvi_sp_literal.cpp (revisión: 1996)
++++ 3.4.0/src/kvirc/sparser/kvi_sp_literal.cpp (revisión: 1997)
+@@ -72,6 +72,12 @@
+ //#include "kvi_iconmanager.h"
+ #include <qdatetime.h>
+
++#ifdef COMPILE_USE_QT4
++ #include <QTextDocument>
++#else
++ #include <qstylesheet.h>
++#endif
++
+ extern KviNickServRuleSet * g_pNickServRuleSet;
+
+ ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+@@ -910,15 +916,12 @@
+ {
+ // don't send the message to the notifier twice
+ iFlags |= KviConsole::NoNotifier;
+- QString szMsg = "";
+- //QString szMsg = "<b><";
+- //szMsg += szNick;
+- //szMsg += "></b> ";
+- QString szHtml = szMsgText;
+- szHtml.replace("<","<");
+- szHtml.replace(">",">");
+- szMsg += szHtml;
+- //debug("kvi_sp_literal.cpp:908 debug: %s",szHtml.data());
++ #ifdef COMPILE_USE_QT4
++ QString szMsg = Qt::escape(szMsgText);
++ #else
++ QString szMsg = QStyleSheet::escape(szMsgText);
++ #endif
++ //debug("kvi_sp_literal.cpp:908 debug: %s",szMsg.data());
+ g_pApp->notifierMessage(query,KVI_SMALLICON_QUERYPRIVMSG,szMsg,1800);
+ }
+ }
+@@ -1271,15 +1274,12 @@
+ {
+ // don't send the message twice to the notifier
+ iFlags |= KviConsole::NoNotifier;
+- QString szMsg = "";
+- //QString szMsg = "<b><";
+- //szMsg += szNick;
+- //szMsg += "></b> ";
+- QString szHtml = szMsgText;
+- szHtml.replace("<","<");
+- szHtml.replace(">",">");
+- szMsg += szHtml;
+- //debug("kvi_sp_literal.cpp:1262 debug: %s",szHtml.data());
++ #ifdef COMPILE_USE_QT4
++ QString szMsg = Qt::escape(szMsgText);
++ #else
++ QString szMsg = QStyleSheet::escape(szMsgText);
++ #endif
++ //debug("kvi_sp_literal.cpp:908 debug: %s",szMsg.data());
+ g_pApp->notifierMessage(query,KVI_SMALLICON_QUERYNOTICE,szMsg,1800);
+ }
+ }
+Index: 3.4.0/src/kvirc/kernel/kvi_app.cpp
+===================================================================
+--- 3.4.0/src/kvirc/kernel/kvi_app.cpp (revisión: 1996)
++++ 3.4.0/src/kvirc/kernel/kvi_app.cpp (revisión: 1997)
+@@ -109,6 +109,12 @@
+ #endif
+ #endif
+
++#ifdef COMPILE_USE_QT4
++ #include <QTextDocument>
++#else
++ #include <qstylesheet.h>
++#endif
++
+ KVIRC_API KviApp * g_pApp = 0; // global application pointer
+
+ KviConfig * g_pWinPropertiesConfig = 0;
+@@ -1048,7 +1054,11 @@
+ szMsg += szLocalFileName;
+ szMsg += ")";
+ }
+- notifierMessage(0,iIconId,szMsg,30);
++#ifdef COMPILE_USE_QT4
++ notifierMessage(0,iIconId,Qt::escape(szMsg),30);
++#else
++ notifierMessage(0,iIconId,QStyleSheet::escape(szMsg),30);
++#endif
+ }
+ return;
+ }
+Index: 3.4.0/src/kvirc/ui/kvi_console.cpp
+===================================================================
+--- 3.4.0/src/kvirc/ui/kvi_console.cpp (revisión: 1996)
++++ 3.4.0/src/kvirc/ui/kvi_console.cpp (revisión: 1997)
+@@ -97,6 +97,11 @@
+ #define __KVI_DEBUG__
+ #include "kvi_debug.h"
+
++#ifdef COMPILE_USE_QT4
++ #include <QTextDocument>
++#else
++ #include <qstylesheet.h>
++#endif
+
+ extern KVIRC_API KviIrcServerDataBase * g_pIrcServerDataBase;
+ extern KVIRC_API KviProxyDataBase * g_pProxyDataBase;
+@@ -762,7 +767,11 @@
+ QString szMsg = "<b><";
+ szMsg += nick;
+ szMsg += "></b> ";
+- szMsg += szDecodedMessage;
++ #ifdef COMPILE_USE_QT4
++ szMsg += Qt::escape(szDecodedMessage);
++ #else
++ szMsg += QStyleSheet::escape(szDecodedMessage);
++ #endif
+ //debug("kvi_console.cpp:629 debug: %s",szMsg.data());
+ g_pApp->notifierMessage(wnd,KVI_OPTION_MSGTYPE(iSaveType).pixId(),szMsg,90);
+ }
Modified: kde-extras/kvirc/trunk/debian/patches/series
===================================================================
--- kde-extras/kvirc/trunk/debian/patches/series 2008-10-25 15:04:57 UTC (rev 12465)
+++ kde-extras/kvirc/trunk/debian/patches/series 2008-10-25 18:40:32 UTC (rev 12466)
@@ -7,6 +7,7 @@
17_awaybackaction.patch
20_fixman.patch
30_security-cipherlist-bad-order_r1990.patch
+31_r1997-irchandler-exploit-bug503401.patch
51_PERL_SYS_INIT3_r2271-bug495064.patch
52_windowmenu-crashes_r1991.patch
98_buildprep.diff -p0
More information about the pkg-kde-commits
mailing list