Author: Steve Langasek
Revision Date: 2011-04-02 12:59:05 UTC

debian/rules: clean the dependency_libs out of .la files at build
time, per Policy 10.2

Author: Steve Langasek
Revision Date: 2011-04-02 12:59:05 UTC

debian/rules: clean the dependency_libs out of .la files at build
time, per Policy 10.2

Author: Steve Langasek
Revision Date: 2011-04-02 12:59:05 UTC

debian/rules: clean the dependency_libs out of .la files at build
time, per Policy 10.2

Author: Steve Langasek
Revision Date: 2011-04-02 12:59:05 UTC

debian/rules: clean the dependency_libs out of .la files at build
time, per Policy 10.2

Author: Steve Langasek
Revision Date: 2011-04-02 12:59:05 UTC

debian/rules: clean the dependency_libs out of .la files at build
time, per Policy 10.2

Author: Steve Langasek
Revision Date: 2011-04-02 12:59:05 UTC

debian/rules: clean the dependency_libs out of .la files at build
time, per Policy 10.2

Author: Steve Langasek
Revision Date: 2011-04-02 12:59:05 UTC

debian/rules: clean the dependency_libs out of .la files at build
time, per Policy 10.2

Author: Steve Langasek
Revision Date: 2011-04-02 12:59:05 UTC

debian/rules: clean the dependency_libs out of .la files at build
time, per Policy 10.2

Author: Steve Langasek
Revision Date: 2011-04-02 12:59:05 UTC

debian/rules: clean the dependency_libs out of .la files at build
time, per Policy 10.2

Author: Steve Langasek
Revision Date: 2011-04-02 12:59:05 UTC

debian/rules: clean the dependency_libs out of .la files at build
time, per Policy 10.2

Author: Felix Geyer
Revision Date: 2010-10-15 21:19:11 UTC

* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability. (LP: #661416)
  - Ark and KMail performs insufficient validation which leads to
    specially crafted archive files, using unknown MIME types, to be
    rendered using a KHTML instance, this can trigger uncontrolled
    XMLHTTPRequests to remote sites.
  - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
    restricts xmlhttprequest to http protocols only.
    This patch has been accidentally dropped in 4:3.5.10.dfsg.1-3ubuntu1.
  - http://www.kde.org/info/security/advisory-20091027-1.txt
  - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
  - CVE n/a
* Fix FTBFS: disable parallel building.

Author: Felix Geyer
Revision Date: 2010-10-15 21:19:11 UTC

* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability. (LP: #661416)
  - Ark and KMail performs insufficient validation which leads to
    specially crafted archive files, using unknown MIME types, to be
    rendered using a KHTML instance, this can trigger uncontrolled
    XMLHTTPRequests to remote sites.
  - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
    restricts xmlhttprequest to http protocols only.
    This patch has been accidentally dropped in 4:3.5.10.dfsg.1-3ubuntu1.
  - http://www.kde.org/info/security/advisory-20091027-1.txt
  - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
  - CVE n/a
* Fix FTBFS: disable parallel building.

Author: Felix Geyer
Revision Date: 2010-10-15 21:19:11 UTC

* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability. (LP: #661416)
  - Ark and KMail performs insufficient validation which leads to
    specially crafted archive files, using unknown MIME types, to be
    rendered using a KHTML instance, this can trigger uncontrolled
    XMLHTTPRequests to remote sites.
  - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
    restricts xmlhttprequest to http protocols only.
    This patch has been accidentally dropped in 4:3.5.10.dfsg.1-3ubuntu1.
  - http://www.kde.org/info/security/advisory-20091027-1.txt
  - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
  - CVE n/a
* Fix FTBFS: disable parallel building.

Author: Felix Geyer
Revision Date: 2010-10-15 21:19:11 UTC

* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability. (LP: #661416)
  - Ark and KMail performs insufficient validation which leads to
    specially crafted archive files, using unknown MIME types, to be
    rendered using a KHTML instance, this can trigger uncontrolled
    XMLHTTPRequests to remote sites.
  - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
    restricts xmlhttprequest to http protocols only.
    This patch has been accidentally dropped in 4:3.5.10.dfsg.1-3ubuntu1.
  - http://www.kde.org/info/security/advisory-20091027-1.txt
  - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
  - CVE n/a
* Fix FTBFS: disable parallel building.

Author: Jonathan Riddell
Revision Date: 2010-01-29 00:19:10 UTC

Remove kubuntu_97_kde4_menu_applications.diff, obsolete and can
cause breakage

Author: Jamie Strandboge
Revision Date: 2009-12-07 15:14:25 UTC

[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to
  float
  - debian/patches/security_05_CVE-2009-0689.diff: adjust Kmax to handle
    large field numbers in kjs/dtoa.cpp
  - CVE-2009-0689

[ Jonathan Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
  - Ark and KMail performs insufficient validation which leads to
    specially crafted archive files, using unknown MIME types, to be
    rendered using a KHTML instance, this can trigger uncontrolled
    XMLHTTPRequests to remote sites
  - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
    restricts xmlhttprequest to http protocols only
  - http://www.kde.org/info/security/advisory-20091027-1.txt
  - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
  - CVE-2009-XXXX

Author: Jamie Strandboge
Revision Date: 2009-12-07 15:14:25 UTC

[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to
  float
  - debian/patches/security_05_CVE-2009-0689.diff: adjust Kmax to handle
    large field numbers in kjs/dtoa.cpp
  - CVE-2009-0689

[ Jonathan Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
  - Ark and KMail performs insufficient validation which leads to
    specially crafted archive files, using unknown MIME types, to be
    rendered using a KHTML instance, this can trigger uncontrolled
    XMLHTTPRequests to remote sites
  - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
    restricts xmlhttprequest to http protocols only
  - http://www.kde.org/info/security/advisory-20091027-1.txt
  - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
  - CVE-2009-XXXX

Author: Harald Sitter
Revision Date: 2009-09-19 00:02:34 UTC

Move the pot removal to common-binary-predeb-indep so it does not
cause mid-build break, also prevent it from removing pot files that reside
in ./debian/, to prevent dh_install from failing (LP: #432378)

Author: Jamie Strandboge
Revision Date: 2009-12-07 15:10:37 UTC

[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to
  float
  - debian/patches/security_05_CVE-2009-0689.diff: adjust Kmax to handle
    large field numbers in kjs/dtoa.cpp
  - CVE-2009-0689

[ Jonathan Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
  - Ark and KMail performs insufficient validation which leads to
    specially crafted archive files, using unknown MIME types, to be
    rendered using a KHTML instance, this can trigger uncontrolled
    XMLHTTPRequests to remote sites
  - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
    restricts xmlhttprequest to http protocols only
  - http://www.kde.org/info/security/advisory-20091027-1.txt
  - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
  - CVE-2009-XXXX

Author: Jamie Strandboge
Revision Date: 2009-12-07 15:10:37 UTC

[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to
  float
  - debian/patches/security_05_CVE-2009-0689.diff: adjust Kmax to handle
    large field numbers in kjs/dtoa.cpp
  - CVE-2009-0689

[ Jonathan Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
  - Ark and KMail performs insufficient validation which leads to
    specially crafted archive files, using unknown MIME types, to be
    rendered using a KHTML instance, this can trigger uncontrolled
    XMLHTTPRequests to remote sites
  - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
    restricts xmlhttprequest to http protocols only
  - http://www.kde.org/info/security/advisory-20091027-1.txt
  - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
  - CVE-2009-XXXX

Author: Harald Sitter
Revision Date: 2009-01-24 20:28:13 UTC

* Don't build with arts support (LP: #320915)
* Don't build apidox. We don't install them anyway

Author: Jamie Strandboge
Revision Date: 2009-12-07 15:09:53 UTC

[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to
  float
  - debian/patches/security_05_CVE-2009-0689.diff: adjust Kmax to handle
    large field numbers in kjs/dtoa.cpp
  - CVE-2009-0689

[ Jonathon Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
  - Ark and KMail performs insufficient validation which leads to
    specially crafted archive files, using unknown MIME types, to be
    rendered using a KHTML instance, this can trigger uncontrolled
    XMLHTTPRequests to remote sites
  - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
    restricts xmlhttprequest to http protocols only
  - http://www.kde.org/info/security/advisory-20091027-1.txt
  - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
  - CVE-2009-XXXX

Author: Jamie Strandboge
Revision Date: 2009-12-07 15:09:53 UTC

[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to
  float
  - debian/patches/security_05_CVE-2009-0689.diff: adjust Kmax to handle
    large field numbers in kjs/dtoa.cpp
  - CVE-2009-0689

[ Jonathon Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
  - Ark and KMail performs insufficient validation which leads to
    specially crafted archive files, using unknown MIME types, to be
    rendered using a KHTML instance, this can trigger uncontrolled
    XMLHTTPRequests to remote sites
  - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
    restricts xmlhttprequest to http protocols only
  - http://www.kde.org/info/security/advisory-20091027-1.txt
  - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
  - CVE-2009-XXXX

Author: Jonathan Riddell
Revision Date: 2008-10-06 15:39:39 UTC

Don't install launchpad.png icon, now in kdelibs5-data

Author: Scott Kitterman
Revision Date: 2008-08-25 23:37:18 UTC

* Upstream bug fix release (LP: #261366)
  - Dropped kubuntu_98_kate_paste_cursor.diff applied upstream
  - Dropped kubuntu_9903_kinit_integer_overflow.diff applied upstream

Author: Jamie Strandboge
Revision Date: 2009-12-07 15:06:48 UTC

* SECURITY UPDATE: fix buffer overflow when converting string to
  float
  - debian/patches/security_05_CVE-2009-0689.diff: adjust Kmax to handle
    large field numbers in kjs/dtoa.cpp
  - CVE-2009-0689
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
  - Ark and KMail performs insufficient validation which leads to
    specially crafted archive files, using unknown MIME types, to be
    rendered using a KHTML instance, this can trigger uncontrolled
    XMLHTTPRequests to remote sites
  - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
    restricts xmlhttprequest to http protocols only
  - based on patch by Jonathan Riddell
  - http://www.kde.org/info/security/advisory-20091027-1.txt
  - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
  - CVE-2009-XXXX

Author: Jamie Strandboge
Revision Date: 2009-12-07 15:06:48 UTC

* SECURITY UPDATE: fix buffer overflow when converting string to
  float
  - debian/patches/security_05_CVE-2009-0689.diff: adjust Kmax to handle
    large field numbers in kjs/dtoa.cpp
  - CVE-2009-0689
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
  - Ark and KMail performs insufficient validation which leads to
    specially crafted archive files, using unknown MIME types, to be
    rendered using a KHTML instance, this can trigger uncontrolled
    XMLHTTPRequests to remote sites
  - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
    restricts xmlhttprequest to http protocols only
  - based on patch by Jonathan Riddell
  - http://www.kde.org/info/security/advisory-20091027-1.txt
  - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
  - CVE-2009-XXXX

Author: Jonathan Riddell
Revision Date: 2008-04-10 00:03:28 UTC

Update debian/patches/kubuntu_55_printer_sharing.diff to run
system-config-printer-kde to let users enable printer sharing
rather than the old cups settings scripts. Closes LP: #208381

Author: Jamie Strandboge
Revision Date: 2008-04-28 10:39:57 UTC

* SECURITY UPDATE: integer overflow in start_kdeinit. The start_kdeinit
  processing of user-influenceable input is faulty. A local user
  might be able to send unix signals to other processes, cause
  a denial of service or even possibly execute arbitrary code.
* Add kubuntu_9903_kinit_integer_overflow.diff, edits
  kinit/start_kdeinit.c, patch from upstream KDE
* References
  http://www.kde.org/info/security/advisory-20080426-2.txt
  CVE-2008-1671

Author: Jonathan Riddell
Revision Date: 2008-01-29 23:46:01 UTC

* Stable release update, support new Flash in Konqueror
* Add kubuntu_96_flash_xembed.diff, adds xembed support to plugins
* LP: #184149
* Closes LP: #184149

Author: Jonathan Riddell
Revision Date: 2008-01-29 19:26:29 UTC

* Stable release update, support new Flash in Konqueror
* Add kubuntu_96_flash_xembed.diff, adds xembed support to plugins
* Closes LP: #184149

Author: Jonathan Riddell
Revision Date: 2008-01-29 23:46:01 UTC

* Stable release update, support new Flash in Konqueror
* Add kubuntu_96_flash_xembed.diff, adds xembed support to plugins
* Closes LP: #184149

Author: Jamie Strandboge
Revision Date: 2008-04-28 10:39:57 UTC

* SECURITY UPDATE: integer overflow in start_kdeinit. The start_kdeinit
  processing of user-influenceable input is faulty. A local user
  might be able to send unix signals to other processes, cause
  a denial of service or even possibly execute arbitrary code.
* Add kubuntu_9903_kinit_integer_overflow.diff, edits
  kinit/start_kdeinit.c, patch from upstream KDE
* References
  http://www.kde.org/info/security/advisory-20080426-2.txt
  CVE-2008-1671

Author: Jonathan Riddell
Revision Date: 2007-10-16 16:29:24 UTC

Add kubuntu_93_https_fix.diff closes LP: #152449
HTTPS not working with Konqueror 3.5.8

Author: Jonathan Riddell
Revision Date: 2008-04-22 16:25:43 UTC

* SECURITY UPDATE: integer overflow in start_kdeinit. The start_kdeinit
  processing of user-influenceable input is faulty. A local user
  might be able to send unix signals to other processes, cause
  a denial of service or even possibly execute arbitrary code.
* Add kubuntu_9903_kinit_integer_overflow.diff, edits
  kinit/start_kdeinit.c, patch from upstream KDE
* References
  http://www.kde.org/info/security/advisory-20080426-2.txt
  CVE-2008-1671

Author: Jonathan Riddell
Revision Date: 2008-04-22 16:25:43 UTC

* SECURITY UPDATE: integer overflow in start_kdeinit. The start_kdeinit
  processing of user-influenceable input is faulty. A local user
  might be able to send unix signals to other processes, cause
  a denial of service or even possibly execute arbitrary code.
* Add kubuntu_9903_kinit_integer_overflow.diff, edits
  kinit/start_kdeinit.c, patch from upstream KDE
* References
  http://www.kde.org/info/security/advisory-20080426-2.txt
  CVE-2008-1671

Author: Kees Cook
Revision Date: 2007-04-10 11:19:42 UTC

* SECURITY UPDATE: possible XSS via incorrect UTF8 truncation.
* Add kubuntu_97_kjs_utf8_fixes.diff: upstream fixes.
* References
  CVE-2007-0242

Author: Jonathan Riddell
Revision Date: 2008-01-29 23:46:01 UTC

* Stable release update, support new Flash in Konqueror
* Add kubuntu_96_flash_xembed.diff, adds xembed support to plugins
* LP: #184149
* Closes LP: #184149

Author: Kees Cook
Revision Date: 2007-08-21 17:39:54 UTC

* SECURITY UPDATE: URL spoofing via trailing spaces
* Add kubuntu_98_trailing_spaces_fix.diff: upstream fixes.
* References
  CVE-2007-4225

Author: Jonathan Riddell
Revision Date: 2008-01-29 23:46:01 UTC

* Stable release update, support new Flash in Konqueror
* Add kubuntu_96_flash_xembed.diff, adds xembed support to plugins
* Closes LP: #184149

Author: Jonathan Riddell
Revision Date: 2006-10-22 19:57:23 UTC

Update kubuntu_56_langpacks_desktop_files.diff to fix
malone No 63325

Author: Jonathan Riddell
Revision Date: 2008-01-29 23:46:01 UTC

* Stable release update, support new Flash in Konqueror
* Add kubuntu_96_flash_xembed.diff, adds xembed support to plugins
* Closes LP: #184149

Author: Kees Cook
Revision Date: 2007-08-21 17:39:54 UTC

* SECURITY UPDATE: URL spoofing via trailing spaces
* Add kubuntu_98_trailing_spaces_fix.diff: upstream fixes.
* References
  CVE-2007-4225

Author: Jonathan Riddell
Revision Date: 2006-05-12 20:18:48 UTC

Use msgcat not cat to join together two .pot files

Author: Kees Cook
Revision Date: 2007-04-10 11:19:42 UTC

* SECURITY UPDATE: possible XSS via incorrect UTF8 truncation.
* Add kubuntu_97_kjs_utf8_fixes.diff: upstream fixes.
* References
  CVE-2007-0242

Author: Jonathan Riddell
Revision Date: 2005-10-07 13:13:04 UTC

* New upstream release
* Move 19_debianize_useragent.diff to
  kubuntu_19_debianize_useragent.diff and change string to Kubuntu
* Add kubuntu_08_kdesu_terminal.diff output to terminal by default

Author: Jonathan Riddell
Revision Date: 2005-08-09 00:45:59 UTC

Add Replaces on kdelibs-data for old knetworkconf

Author: Jonathan Riddell
Revision Date: 2006-07-21 10:52:32 UTC

* SECURITY UPDATE: fix remote browser crash
* KDE Konqueror allows remote attackers to cause a denial
  of service (application crash) by calling the replaceChild method on a
  DOM object, which triggers a null dereference, as demonstrated by calling
  document.replaceChild with a 0 (zero) argument.
* Add kubuntu_00_CVE-2006-3672.diff
* References:
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3672
  http://www.mandriva.com/security/advisories?name=MDKSA-2006:130

Author: Jonathan Riddell
Revision Date: 2005-03-24 04:32:44 UTC

Move TextEditors from Utilities More to Utilities

Author: Jonathan Riddell
Revision Date: 2005-03-16 15:35:45 UTC

* SECURITY UPDATE: prevent International Domain Names Homograph attack
* Include patch to fix CAN-2005-0237, The International Domain Name (IDN)
  support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof
  domain names using punycode encoded domain names that are decoded in
  URLs and SSL certificates in a way that uses homograph characters from
  other character sets, which facilitates phishing attacks.
* References:
  CAN-2005-0237
  http://bugs.kde.org/show_bug.cgi?id=98788
  http://www.kde.org/info/security/advisory-20050316-2.txt
* SECURITY UPDATE: fix local DCOP denial of service vulnerability
* Include patch to fix CAN-2005-0396
* References:
  CAN-2005-0396
  http://www.kde.org/info/security/advisory-20050316-1.txt

Author: Tollef Fog Heen
Revision Date: 2004-08-19 10:09:35 UTC

libtiff transition

Author: Jonathan Riddell
Revision Date: 2010-01-29 00:19:10 UTC

Remove kubuntu_97_kde4_menu_applications.diff, obsolete and can
cause breakage