Author: Colin Watson
Revision Date: 2014-08-21 12:50:01 UTC

Rebuild for Perl 5.20.0.

Author: Colin Watson
Revision Date: 2014-08-21 12:50:01 UTC

Rebuild for Perl 5.20.0.

Author: Colin Watson
Revision Date: 2014-08-21 12:50:01 UTC

Rebuild for Perl 5.20.0.

Author: Colin Watson
Revision Date: 2014-08-21 12:50:01 UTC

Rebuild for Perl 5.20.0.

Author: Colin Watson
Revision Date: 2013-10-21 13:14:59 UTC

Rebuild for Perl 5.18.

Author: Colin Watson
Revision Date: 2013-10-21 13:14:59 UTC

Rebuild for Perl 5.18.

Author: Mark Purcell
Revision Date: 2013-05-18 19:36:33 UTC

Upload to unstable

Author: Mark Purcell
Revision Date: 2013-05-18 19:36:33 UTC

Upload to unstable

Author: Raúl Sánchez Siles
Revision Date: 2012-07-19 21:56:08 UTC

* Updated debhelper build-depends to better cope with multiarch.
* Fix "must not be "Multi-Arch: same"" kvirc is Multi-Arch: foreign
  (Closes: #658058)
* Actually provide valid -dbg package. Added 30_upstream_build-g
* Fix "Hardening flags missing". Applying suggested changes.
  (Closes: #669189) Thanks to Simon Ruderich.

Author: Raúl Sánchez Siles
Revision Date: 2012-07-19 21:56:08 UTC

* Updated debhelper build-depends to better cope with multiarch.
* Fix "must not be "Multi-Arch: same"" kvirc is Multi-Arch: foreign
  (Closes: #658058)
* Actually provide valid -dbg package. Added 30_upstream_build-g
* Fix "Hardening flags missing". Applying suggested changes.
  (Closes: #669189) Thanks to Simon Ruderich.

Author: Kai Wasserbäch
Revision Date: 2011-11-24 13:26:20 UTC

The "Land Equilibrium" release.

Synced to upstream's SVN revision 5988.

Author: Scott Kitterman
Revision Date: 2011-08-18 23:21:32 UTC

No change rebuild for libcrypto++ transition

Author: Nathan Handler
Revision Date: 2011-03-12 20:00:18 UTC

* SECURITY UPDATE: The IRC Protocol component in KVIrc 3.x and 4.x before
  r4693 does not properly handle \ (backslash) characters, which allows
  remote authenticated users to execute arbitrary CTCP commands via vectors
  involving \r and \40 sequences, a different vulnerability than CVE-2010-2451
  and CVE-2010-2452.
  - 33_upstream_security_#858.patch
    - Patch based on upstream SVN revision 4693.
  - CVE-2010-2785:
    - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-2785
  - LP: #612682

Author: Nathan Handler
Revision Date: 2011-03-12 20:00:18 UTC

* SECURITY UPDATE: The IRC Protocol component in KVIrc 3.x and 4.x before
  r4693 does not properly handle \ (backslash) characters, which allows
  remote authenticated users to execute arbitrary CTCP commands via vectors
  involving \r and \40 sequences, a different vulnerability than CVE-2010-2451
  and CVE-2010-2452.
  - 33_upstream_security_#858.patch
    - Patch based on upstream SVN revision 4693.
  - CVE-2010-2785:
    - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-2785
  - LP: #612682

Author: Kai Wasserbäch
Revision Date: 2011-02-23 13:19:39 UTC

The "Cunning Advisor" release.

* Synced to upstream's SVN revision 5507.
* debian/kvirc-data.preinst: Removed. Upgrades from stable won't need it.
* debian/watch: Replace the "latest" part with "([\d\.]+)" to make us
  independent of the upstream symlink.
* debian/README.Debian:
  - Removed obsolete parts about Python and upgrades from 3.4.
  - Added notice about handling default script issues.
* debian/README.source: Updated for 4.1.1.
* debian/{compat,control,rules}: Updates for debhelper 8.
* debian/patches/10_fix_desktop_entry.patch: Refreshed.

Author: Andreas Wenning
Revision Date: 2010-07-05 00:41:51 UTC

* SECURITY UPDATE: Two security issues have been discovered in the DCC
  protocol support code of kvirc, a KDE-based next generation IRC client,
  which allow the overwriting of local files through directory traversal
  and the execution of arbitrary code through a format string attack.
  - kubuntu_01_CVE-2010-2451_CVE-2010-2451_DCC_fix.patch
    - Patch based on upstream SVN revision 4317.
  - CVE-2010-2451, CVE-2010-2452:
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2451
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2452
  - LP: #601702

Author: Andreas Wenning
Revision Date: 2010-07-05 00:45:44 UTC

* SECURITY UPDATE: Two security issues have been discovered in the DCC
  protocol support code of kvirc, a KDE-based next generation IRC client,
  which allow the overwriting of local files through directory traversal
  and the execution of arbitrary code through a format string attack.
  - kubuntu_01_CVE-2010-2451_CVE-2010-2451_DCC_fix.patch
    - Patch based on upstream SVN revision 4317.
  - CVE-2010-2451, CVE-2010-2452:
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2451
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2452
  - LP: #601702

Author: Andreas Wenning
Revision Date: 2010-07-05 00:41:51 UTC

* SECURITY UPDATE: Two security issues have been discovered in the DCC
  protocol support code of kvirc, a KDE-based next generation IRC client,
  which allow the overwriting of local files through directory traversal
  and the execution of arbitrary code through a format string attack.
  - kubuntu_01_CVE-2010-2451_CVE-2010-2451_DCC_fix.patch
    - Patch based on upstream SVN revision 4317.
  - CVE-2010-2451, CVE-2010-2452:
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2451
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2452
  - LP: #601702

Author: Andreas Wenning
Revision Date: 2010-07-05 00:45:44 UTC

* SECURITY UPDATE: Two security issues have been discovered in the DCC
  protocol support code of kvirc, a KDE-based next generation IRC client,
  which allow the overwriting of local files through directory traversal
  and the execution of arbitrary code through a format string attack.
  - kubuntu_01_CVE-2010-2451_CVE-2010-2451_DCC_fix.patch
    - Patch based on upstream SVN revision 4317.
  - CVE-2010-2451, CVE-2010-2452:
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2451
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2452
  - LP: #601702

Author: Kai Wasserbäch
Revision Date: 2010-07-28 13:57:14 UTC

The "Sliver Queen" release.

* Urgency high as 00_upstream_patches_for_4.0.patch fixes a serious security
    flaw in the DCC module (other, rather minor in comparison, security
    fixes are also included). (Closes: #590745)
    http://dev.carbon-project.org/debian/kvirc/kvirc_4.0.0-3.dsc
* debian/rules:
  - Removed override_dh_strip and added --dbg-package to the general dh
    invocation.
  - Made dh_install run parallel aware.
* debian/patches:
  - Removed patches 00 through 04 and replaced them by a single patch
    containing all upstream bug fixes to the 4.0 branch.
* debian/kvirc.lintian-overrides: change kvirc: no-symbols-control-file to
  the correct library file name.
* debian/control: Bumped Standards-Version to 3.9.1, required change:
  - debian/copyright: Remove the complete GPLv1 and point to
    common-licenses.

Author: Kai Wasserbäch
Revision Date: 2010-01-28 15:57:08 UTC

The »Vampire Nighthawk« release.

[ Kai Wasserbäch ]
* Synced to upstream's SVN revision 3900:
  - A lot of bug fixes (including crashes).
  - Some (minor) translation improvements.
  - Corrected spelling for mistakes found by Lintian.
* debian/README.source:
  - Corrected some minor mistakes.
  - Expanded the file (mention get-orig-source).
* debian/control:
  - Added libxss-dev to Build-Depends for XScreensaver support in
    src/modules/my/idle_x11.cpp.
  - Bumped Standards-Version to 3.8.4, no further changes needed.
* debian/patches:
  - 30_r3902_update_motd.patch: Added (taken from r3902).
  - 20_rm_python_stub.patch: DEP-3 header added.

[ Raúl Sánchez Siles ]
* Improved debian/README.source.
* Added DEP3-compliant header to patches.

Author: Rich Johnson
Revision Date: 2007-07-02 13:10:10 UTC

* SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
  when building the command for KVIrc's internet script system. This can
  be exploited to inject and execute commands for the KVIrc script system
  (including the "run" command, which can be leveraged to execute shell
  commands) by e.g. tricking a user into opening a specially crafted
  "irc://" or similar URI.
* Add debian/patches/10_parseIrcUrl_security_fix.patch: properly sanitizes
  URI strings, as done in upstream SVN. (Fixes LP: #123037)
* References:
  - http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
  - http://secunia.com/secunia_research/2007-56/advisory/
  - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
  - https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp)
* Add debian/control: Debian Maintainer Field

Author: Rich Johnson
Revision Date: 2007-07-02 13:12:22 UTC

* SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
  when building the command for KVIrc's internet script system. This can
  be exploited to inject and execute commands for the KVIrc script system
  (including the "run" command, which can be leveraged to execute shell
  commands) by e.g. tricking a user into opening a specially crafted
  "irc://" or similar URI.
* Add debian/patches/09_parseIrcUrl_security_fix.patch: properly sanitizes
  URI strings, as done in upstream SVN. (Fixes LP: #123037)
* References:
  - http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
  - http://secunia.com/secunia_research/2007-56/advisory/
  - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
  - https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp)

Author: Alessandro Ghersi
Revision Date: 2009-02-25 05:32:10 UTC

[ Alessandro Ghersi ]
* Fix missing icon in menu (LP: #335023)
* Add kubuntu_02_fix_cmakelist_icons.patch and refresh 05_xpmicon.patch

[ Alessio Treglia ]
* Section field in kvirc-data duplicates the value inherited from source package,
  fixed.

Author: Andreas Wenning
Revision Date: 2008-10-27 01:57:34 UTC

Added Added 31_r1997-irchandler-exploit.patch which prevents known
exploit for executing commands as user using the irc:// handler. Patch
is taken directly from debian version 2:3.4.0-3. (LP: #289695)

Author: Rich Johnson
Revision Date: 2008-02-10 17:55:27 UTC

* Merge from Debian unstable, remaining Ubuntu changes:
  - 10_parseIrcUrl_security_fix.patch
* New changes:
  - debian/rules: change dh_iconcache to dh_icons

Author: Rich Johnson
Revision Date: 2007-07-02 13:16:11 UTC

* SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
  when building the command for KVIrc's internet script system. This can
  be exploited to inject and execute commands for the KVIrc script system
  (including the "run" command, which can be leveraged to execute shell
  commands) by e.g. tricking a user into opening a specially crafted
  "irc://" or similar URI.
* Add debian/patches/10_parseIrcUrl_security_fix.patch: properly sanitizes
  URI strings, as done in upstream SVN. (Fixes LP: #123037)
* References:
  - http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
  - http://secunia.com/secunia_research/2007-56/advisory/
  - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
  - https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp)
* Add debian/control: Debian Maintainer Field

Author: Rich Johnson
Revision Date: 2007-07-02 13:10:10 UTC

* SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
  when building the command for KVIrc's internet script system. This can
  be exploited to inject and execute commands for the KVIrc script system
  (including the "run" command, which can be leveraged to execute shell
  commands) by e.g. tricking a user into opening a specially crafted
  "irc://" or similar URI.
* Add debian/patches/10_parseIrcUrl_security_fix.patch: properly sanitizes
  URI strings, as done in upstream SVN. (Fixes LP: #123037)
* References:
  - http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
  - http://secunia.com/secunia_research/2007-56/advisory/
  - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
  - https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp)
* Add debian/control: Debian Maintainer Field

Author: Rich Johnson
Revision Date: 2007-07-02 13:14:30 UTC

* SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
  when building the command for KVIrc's internet script system. This can
  be exploited to inject and execute commands for the KVIrc script system
  (including the "run" command, which can be leveraged to execute shell
  commands) by e.g. tricking a user into opening a specially crafted
  "irc://" or similar URI.
* Add debian/patches/09_parseIrcUrl_security_fix.patch: propery sanitizes
  URI strings, as done in upstream SVN. (Fixes LP: #123037)
* References:
  - http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
  - http://secunia.com/secunia_research/2007-56/advisory/
  - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
  - https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp)

Author: Rich Johnson
Revision Date: 2006-11-15 11:11:39 UTC

* Merge from Debian unstable
* Added dh_iconcache

Author: Rich Johnson
Revision Date: 2007-07-02 13:12:22 UTC

* SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
  when building the command for KVIrc's internet script system. This can
  be exploited to inject and execute commands for the KVIrc script system
  (including the "run" command, which can be leveraged to execute shell
  commands) by e.g. tricking a user into opening a specially crafted
  "irc://" or similar URI.
* Add debian/patches/09_parseIrcUrl_security_fix.patch: properly sanitizes
  URI strings, as done in upstream SVN. (Fixes LP: #123037)
* References:
  - http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
  - http://secunia.com/secunia_research/2007-56/advisory/
  - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
  - https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp)

Author: Brandon Holtsclaw
Revision Date: 2006-08-12 01:17:12 UTC

Merge from debian unstable ( again ).

Author: Rich Johnson
Revision Date: 2007-07-02 13:14:30 UTC

* SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
  when building the command for KVIrc's internet script system. This can
  be exploited to inject and execute commands for the KVIrc script system
  (including the "run" command, which can be leveraged to execute shell
  commands) by e.g. tricking a user into opening a specially crafted
  "irc://" or similar URI.
* Add debian/patches/09_parseIrcUrl_security_fix.patch: propery sanitizes
  URI strings, as done in upstream SVN. (Fixes LP: #123037)
* References:
  - http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
  - http://secunia.com/secunia_research/2007-56/advisory/
  - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
  - https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp)

Author: Brandon Holtsclaw
Revision Date: 2006-05-13 22:49:53 UTC

added dh_iconcache.

Author: Stephan Rügamer
Revision Date: 2005-08-07 17:59:09 UTC

rebuild for unmet deps

Author: Robin Verduijn
Revision Date: 2004-12-14 15:32:19 UTC

* Change Recommends on xmms to a Suggests.
* Rebuild against KDE 3.3.1

Author: Robin Verduijn
Revision Date: 2004-05-20 12:15:01 UTC

* Remove unnecessary depends on (build-essential) dpkg-dev package
* Fix warnings produced by automake1.8

Author: Kai Wasserbäch
Revision Date: 2009-06-05 01:01:01 UTC

The »Dream Team« release.

[ Raúl Sánchez Siles ]
* Fix "kvirc website, upstream 3.4.2" New upstream release. (Closes: #526886)
* rules:
  - Using Debian pkg-kde-tools kde4.mk
  - Added debhelper.mk
  - Added patchsys-quilt.mk
* Patches:
  - Removed kubuntu_02_fix_cmakelist_icons.patch. Included upstream.
  - Removed 10_gcc4.3_fix.patch. Included upstream.
  - Removed 17_awaybackaction.patch. Included upstream
  - Removed 20_fixman.patch. Fixed upstream.
* Copyright:
  - Fixed pointer to GPLv2 in copyright file.
  - More detailed and updated copyright file.
* Menu:
  - Fixed menu file syntax error.
  - Correctly point to 32x32 icon.
  - Reworked 05_xpmicon.patch to only include 32x32 icons.
* Bump Standards-Version to 3.8.1. No changes needed.
* Added DEB_DH_ALWAYS_EXCLUDE
* Fixed installing files per package paths.
* Setting back maintainer to Debian KDE Extras Team.
* Moved desktop file from kvirc-data to kvirc package.
* Disabled coexistence with kvirc3.
* Moving manpage from kvirc-data to kvirc package. kvirc replaces kvirc-data
* Fix "kvirc has circular Depends on kvirc-data". Now kvirc-data suggests
  kvirc (Closes: #525037)
* Pointing upstream license path to Debian copyright file.
* Using shared-mime-info to add filetypes to system mime database.

[ Kai Wasserbäch ]
* Synced to upstream's SVN r3240:
  - Including patch from Debian to fix the xterm issue. (Closes: #530311)
  - Fixes »kvirc doesn't obey LC_MESSAGES environment variable«.
    (Closes: #426838)
  - Fixes »kvirc: embedding perl needs PERL_SYS_INIT3()« for real (upstream
    changeset <https://svn.kvirc.de/kvirc/changeset/3023>). (Was bug:
    #495064)
    See README.Debian for a quick note on this.
  - Includes OFTC/irc.debian.org in the standard server list.
  - Refreshed patches.
* debian/control:
  - Added zlib1g-dev, libssl-dev, libx11-dev and libxrender-dev to
    Build-Depends. Three fix a FTBS, libssl-dev adds SSL support.
  - Added myself to Uploaders on Raúl's invitation. Thanks!
  - Changed Vcs-* fields to point to the hg repository, which is where the
    package development takes place today.
  - Added ${misc:Depends} to kvirc.
* debian/rules: Added »-DWITHOUT_PYTHON=YES«, module wasn't built anyway so
  far, so we can safe the buildds the tests.
* debian/TODO.Debian: Added.
* debian/source.lintian-overrides: Added.
  - »kvirc source: debhelper-but-no-misc-depends« added for
    kvirc-{dev,data}.
* debian/watch: Added (using ftp.kvirc.de instead of primary FTP server,
  because the primary is down atm). (Issue found by lintian.)
* debian/patches: Added short explanations to the patches (thanks lintian).
* debian/kvirc-data.links: Raúl noticed, that
  <file:///usr/share/kvirc/4.0/license/COPYING> didn't end up in the kvirc
  package and the intended link to <file:///usr/share/doc/kvirc/copyright>
  wasn't set. Added an entry to address that.