Author: Felix Geyer
Revision Date: 2012-09-12 11:32:36 UTC

* Merge from Debian unstable, remaining changes:
  - Do not package ibase/firebird and sqlite2 package
    + remove from debian/control
    + libqt4-sql doesn't recommend libqt4-sql-ibase and libqt4-sql-sqlite2
  - libqt4-dbus recommends instead of depends on qdbus
  - build with -no-phonon
  - Do not build libqt4-phonon, disable in debian/control
  - Add MessagesQt.sh
  - Rules to create Messages.sh link to MessagesQt.sh and rules to create po
    dir and execute extract-messages.sh in override_dh_auto_install
  - Add and install Trolltech.conf in libqtcore4.install
  - Build QtWebkit and use it only for QtAssistant
    + Rule to put qt_webkit_version.pri in mkspecs/modules
    + Rule to remove libQtWebKit* after build
    + Exclude usr/bin/assistant-qt4 from dh_shlibdeps
* Fixes crash in Qt Assistant during startup. (LP: #1045755)
* Update symbols files.

Author: Felix Geyer
Revision Date: 2012-09-12 11:32:36 UTC

* Merge from Debian unstable, remaining changes:
  - Do not package ibase/firebird and sqlite2 package
    + remove from debian/control
    + libqt4-sql doesn't recommend libqt4-sql-ibase and libqt4-sql-sqlite2
  - libqt4-dbus recommends instead of depends on qdbus
  - build with -no-phonon
  - Do not build libqt4-phonon, disable in debian/control
  - Add MessagesQt.sh
  - Rules to create Messages.sh link to MessagesQt.sh and rules to create po
    dir and execute extract-messages.sh in override_dh_auto_install
  - Add and install Trolltech.conf in libqtcore4.install
  - Build QtWebkit and use it only for QtAssistant
    + Rule to put qt_webkit_version.pri in mkspecs/modules
    + Rule to remove libQtWebKit* after build
    + Exclude usr/bin/assistant-qt4 from dh_shlibdeps
* Fixes crash in Qt Assistant during startup. (LP: #1045755)
* Update symbols files.

Author: Felix Geyer
Revision Date: 2012-09-12 11:32:36 UTC

* Merge from Debian unstable, remaining changes:
  - Do not package ibase/firebird and sqlite2 package
    + remove from debian/control
    + libqt4-sql doesn't recommend libqt4-sql-ibase and libqt4-sql-sqlite2
  - libqt4-dbus recommends instead of depends on qdbus
  - build with -no-phonon
  - Do not build libqt4-phonon, disable in debian/control
  - Add MessagesQt.sh
  - Rules to create Messages.sh link to MessagesQt.sh and rules to create po
    dir and execute extract-messages.sh in override_dh_auto_install
  - Add and install Trolltech.conf in libqtcore4.install
  - Build QtWebkit and use it only for QtAssistant
    + Rule to put qt_webkit_version.pri in mkspecs/modules
    + Rule to remove libQtWebKit* after build
    + Exclude usr/bin/assistant-qt4 from dh_shlibdeps
* Fixes crash in Qt Assistant during startup. (LP: #1045755)
* Update symbols files.

Author: Felix Geyer
Revision Date: 2012-09-12 11:32:36 UTC

* Merge from Debian unstable, remaining changes:
  - Do not package ibase/firebird and sqlite2 package
    + remove from debian/control
    + libqt4-sql doesn't recommend libqt4-sql-ibase and libqt4-sql-sqlite2
  - libqt4-dbus recommends instead of depends on qdbus
  - build with -no-phonon
  - Do not build libqt4-phonon, disable in debian/control
  - Add MessagesQt.sh
  - Rules to create Messages.sh link to MessagesQt.sh and rules to create po
    dir and execute extract-messages.sh in override_dh_auto_install
  - Add and install Trolltech.conf in libqtcore4.install
  - Build QtWebkit and use it only for QtAssistant
    + Rule to put qt_webkit_version.pri in mkspecs/modules
    + Rule to remove libQtWebKit* after build
    + Exclude usr/bin/assistant-qt4 from dh_shlibdeps
* Fixes crash in Qt Assistant during startup. (LP: #1045755)
* Update symbols files.

Author: Felix Geyer
Revision Date: 2012-09-12 11:32:36 UTC

* Merge from Debian unstable, remaining changes:
  - Do not package ibase/firebird and sqlite2 package
    + remove from debian/control
    + libqt4-sql doesn't recommend libqt4-sql-ibase and libqt4-sql-sqlite2
  - libqt4-dbus recommends instead of depends on qdbus
  - build with -no-phonon
  - Do not build libqt4-phonon, disable in debian/control
  - Add MessagesQt.sh
  - Rules to create Messages.sh link to MessagesQt.sh and rules to create po
    dir and execute extract-messages.sh in override_dh_auto_install
  - Add and install Trolltech.conf in libqtcore4.install
  - Build QtWebkit and use it only for QtAssistant
    + Rule to put qt_webkit_version.pri in mkspecs/modules
    + Rule to remove libQtWebKit* after build
    + Exclude usr/bin/assistant-qt4 from dh_shlibdeps
* Fixes crash in Qt Assistant during startup. (LP: #1045755)
* Update symbols files.

Author: Felix Geyer
Revision Date: 2012-09-12 11:32:36 UTC

* Merge from Debian unstable, remaining changes:
  - Do not package ibase/firebird and sqlite2 package
    + remove from debian/control
    + libqt4-sql doesn't recommend libqt4-sql-ibase and libqt4-sql-sqlite2
  - libqt4-dbus recommends instead of depends on qdbus
  - build with -no-phonon
  - Do not build libqt4-phonon, disable in debian/control
  - Add MessagesQt.sh
  - Rules to create Messages.sh link to MessagesQt.sh and rules to create po
    dir and execute extract-messages.sh in override_dh_auto_install
  - Add and install Trolltech.conf in libqtcore4.install
  - Build QtWebkit and use it only for QtAssistant
    + Rule to put qt_webkit_version.pri in mkspecs/modules
    + Rule to remove libQtWebKit* after build
    + Exclude usr/bin/assistant-qt4 from dh_shlibdeps
* Fixes crash in Qt Assistant during startup. (LP: #1045755)
* Update symbols files.

Author: Felix Geyer
Revision Date: 2012-09-12 11:32:36 UTC

* Merge from Debian unstable, remaining changes:
  - Do not package ibase/firebird and sqlite2 package
    + remove from debian/control
    + libqt4-sql doesn't recommend libqt4-sql-ibase and libqt4-sql-sqlite2
  - libqt4-dbus recommends instead of depends on qdbus
  - build with -no-phonon
  - Do not build libqt4-phonon, disable in debian/control
  - Add MessagesQt.sh
  - Rules to create Messages.sh link to MessagesQt.sh and rules to create po
    dir and execute extract-messages.sh in override_dh_auto_install
  - Add and install Trolltech.conf in libqtcore4.install
  - Build QtWebkit and use it only for QtAssistant
    + Rule to put qt_webkit_version.pri in mkspecs/modules
    + Rule to remove libQtWebKit* after build
    + Exclude usr/bin/assistant-qt4 from dh_shlibdeps
* Fixes crash in Qt Assistant during startup. (LP: #1045755)
* Update symbols files.

Author: Jonathan Riddell
Revision Date: 2012-07-14 18:26:51 UTC

Add kubuntu_35_text_cursor_position.diff fixes LP: #1024402
"Text cursor in wrong cell in calligrawords"

Author: Jonathan Riddell
Revision Date: 2012-07-14 18:26:51 UTC

Add kubuntu_35_text_cursor_position.diff fixes LP: #1024402
"Text cursor in wrong cell in calligrawords"

Author: Jamie Strandboge
Revision Date: 2012-07-09 17:40:00 UTC

* SECURITY UPDATE: fix buffer overflow in HarfBuzz
  - debian/patches/CVE-2011-3193.patch: adjust Lookup_MarkMarkPos() in
    harfbuzz-gpos.c to properly perform input validation when processing
    certain fonts
  - CVE-2011-3193
* SECURITY UPDATE: fix potential buffer overflow and crash in TIFF reader
  - debian/patches/CVE-2011-3194.patch: adjust QTiffHandler::read() to
    properly calculate the bits per pixel for greyscale TIFF images
  - CVE-2011-3194

Author: Jamie Strandboge
Revision Date: 2012-07-09 17:40:00 UTC

* SECURITY UPDATE: fix buffer overflow in HarfBuzz
  - debian/patches/CVE-2011-3193.patch: adjust Lookup_MarkMarkPos() in
    harfbuzz-gpos.c to properly perform input validation when processing
    certain fonts
  - CVE-2011-3193
* SECURITY UPDATE: fix potential buffer overflow and crash in TIFF reader
  - debian/patches/CVE-2011-3194.patch: adjust QTiffHandler::read() to
    properly calculate the bits per pixel for greyscale TIFF images
  - CVE-2011-3194

Author: Jamie Strandboge
Revision Date: 2012-07-09 16:01:14 UTC

* SECURITY: fix for wildcard domains and IP addresses
  - debian/patches/CVE-2010-5076.patch: adjust certificate verification to
    properly validate hostnames and IP addresses
  - CVE-2010-5076
* SECURITY UPDATE: fix buffer overflow in HarfBuzz
  - debian/patches/CVE-2011-3193.patch: adjust Lookup_MarkMarkPos() in
    harfbuzz-gpos.c to properly perform input validation when processing
    certain fonts
  - CVE-2011-3193
* SECURITY UPDATE: fix potential buffer overflow and crash in TIFF reader
  - debian/patches/CVE-2011-3194.patch: adjust QTiffHandler::read() to
    properly calculate the bits per pixel for greyscale TIFF images
  - CVE-2011-3194

Author: Jamie Strandboge
Revision Date: 2012-07-09 16:01:14 UTC

* SECURITY: fix for wildcard domains and IP addresses
  - debian/patches/CVE-2010-5076.patch: adjust certificate verification to
    properly validate hostnames and IP addresses
  - CVE-2010-5076
* SECURITY UPDATE: fix buffer overflow in HarfBuzz
  - debian/patches/CVE-2011-3193.patch: adjust Lookup_MarkMarkPos() in
    harfbuzz-gpos.c to properly perform input validation when processing
    certain fonts
  - CVE-2011-3193
* SECURITY UPDATE: fix potential buffer overflow and crash in TIFF reader
  - debian/patches/CVE-2011-3194.patch: adjust QTiffHandler::read() to
    properly calculate the bits per pixel for greyscale TIFF images
  - CVE-2011-3194

Author: Jonathan Riddell
Revision Date: 2012-04-12 16:32:11 UTC

Rebuild for .pot generation

Author: Jonathan Riddell
Revision Date: 2012-01-09 13:58:07 UTC

* Fixes LP: #914033, threading crashes in Libreoffice using KDE theme
* Add kubuntu_30_xlib_calls_threadsafe.diff
 - let Qt call XInitThreads(), so that it knows it's been called
   Otherwise QPixmap complains when used outside of the main Qt
   thread and resets itself to null pixmap, eventually leading to
   crashes.

Author: Jonathan Riddell
Revision Date: 2012-01-09 13:58:07 UTC

* Fixes LP: #914033, threading crashes in Libreoffice using KDE theme
* Add kubuntu_30_xlib_calls_threadsafe.diff
 - let Qt call XInitThreads(), so that it knows it's been called
   Otherwise QPixmap complains when used outside of the main Qt
   thread and resets itself to null pixmap, eventually leading to
   crashes.

Author: Didier Roche-Tolomelli
Revision Date: 2011-09-30 11:46:32 UTC

* debian/patches/kubuntu_93_disable_overlay_scrollbars.diff:
  - using the new and correct gtk symbols (LP: #805303)

Author: Micah Gersten
Revision Date: 2011-09-09 15:43:49 UTC

* SECURITY UPDATE: Blacklist Diginotar root and intermediate certificates;
  Fraudulent certificates were mis-issued that could allow an attacker to
  monitor secure communication through a man-in-the-middle (MITM) attack
  - add debian/patches/kubuntu_31_blacklist_ssl_certificates_part2.diff
  - LP: #837557

Author: Micah Gersten
Revision Date: 2011-09-09 15:43:49 UTC

* SECURITY UPDATE: Blacklist Diginotar root and intermediate certificates;
  Fraudulent certificates were mis-issued that could allow an attacker to
  monitor secure communication through a man-in-the-middle (MITM) attack
  - add debian/patches/kubuntu_31_blacklist_ssl_certificates_part2.diff
  - LP: #837557

Author: Chase Douglas
Revision Date: 2011-06-23 11:23:20 UTC

* Update kubuntu_28_xi2.1.patch
  - Fix touch end event handling, LP: #785433
  - Re-enable Wacom pressure handling, LP: #762938

Author: Jonathan Riddell
Revision Date: 2011-03-27 23:43:32 UTC

* SECURITY UPDATE: Fake SSL certificates produced by Comodo, LP: #742377
  - Add kubuntu_30_blacklist_ssl_certificates.diff from upstream staging,
    lists and blocks known bad certificates
  - http://qt.gitorious.org/+qt-developers/qt/staging/commit/04e074e8d7c097295505e63565abdc7ca2b49f7b
  - http://bugreports.qt.nokia.com/browse/QTBUG-18338
  - http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html

Author: Jonathan Riddell
Revision Date: 2011-03-29 14:18:08 UTC

* SECURITY UPDATE: Fake SSL certificates produced by Comodo, LP: #742377
  - Add kubuntu_30_blacklist_ssl_certificates.diff from upstream staging,
    lists and blocks known bad certificates
  - http://qt.gitorious.org/+qt-developers/qt/staging/commit/04e074e8d7c097295505e63565abdc7ca2b49f7b
  - http://bugreports.qt.nokia.com/browse/QTBUG-18338
  - http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html

Author: Jonathan Riddell
Revision Date: 2011-03-27 23:43:32 UTC

* SECURITY UPDATE: Fake SSL certificates produced by Comodo, LP: #742377
  - Add kubuntu_30_blacklist_ssl_certificates.diff from upstream staging,
    lists and blocks known bad certificates
  - http://qt.gitorious.org/+qt-developers/qt/staging/commit/04e074e8d7c097295505e63565abdc7ca2b49f7b
  - http://bugreports.qt.nokia.com/browse/QTBUG-18338
  - http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html

Author: Jonathan Riddell
Revision Date: 2011-03-29 14:18:08 UTC

* SECURITY UPDATE: Fake SSL certificates produced by Comodo, LP: #742377
  - Add kubuntu_30_blacklist_ssl_certificates.diff from upstream staging,
    lists and blocks known bad certificates
  - http://qt.gitorious.org/+qt-developers/qt/staging/commit/04e074e8d7c097295505e63565abdc7ca2b49f7b
  - http://bugreports.qt.nokia.com/browse/QTBUG-18338
  - http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html

Author: Jonathan Riddell
Revision Date: 2011-03-25 12:13:17 UTC

* SECURITY UPDATE: Fake SSL certificates produced by Comodo, LP: #742377
  - Add kubuntu_30_blacklist_ssl_certificates.diff from upstream staging, lists
    and blocks known bad certificates
  - http://qt.gitorious.org/+qt-developers/qt/staging/commit/04e074e8d7c097295505e63565abdc7ca2b49f7b
  - http://bugreports.qt.nokia.com/browse/QTBUG-18338
  - http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html

Author: Jonathan Riddell
Revision Date: 2011-03-25 17:31:29 UTC

* SECURITY UPDATE: Fake SSL certificates produced by Comodo, LP: #742377
* Update kubuntu_30_blacklist_ssl_certificates.diff from upstream staging
  - in qsslsocket_openssl.cpp block bad certificates
  - http://qt.gitorious.org/+qt-developers/qt/staging/commit/b87528a71b66e786c11804d7b79e408aae612748
  - http://bugreports.qt.nokia.com/browse/QTBUG-18338
  - http://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html

Author: Chase Douglas
Revision Date: 2011-02-23 16:32:16 UTC

* Add multitouch support through preliminary XInput 2.1
  - Add debian/patches/200_xi2.1.patch
  - Add build dependency on new libxi-dev with XInput 2.1 support

Author: Oliver Grawert
Revision Date: 2010-10-21 14:45:54 UTC

disable NEON on armel builds (LP: #664431)

Author: Alessandro Ghersi
Revision Date: 2010-10-03 04:14:04 UTC

* Fix Lucid -> Maverick upgrade (LP: #652029)
  - libqt4-help replaces libqtcore4 (<< 4:4.7.0)

Author: Apoorv Parle
Revision Date: 2010-09-10 14:32:24 UTC

Add kubuntu_13_qtwebkit_initialise_gtk.diff prevent crashes due
to Gtk based plugin such as flashplugin 10.1 by explicitly forcing
the initializing of Gtk LP: #634774

Author: Alessandro Ghersi
Revision Date: 2010-04-09 05:57:00 UTC

[ Alessandro Ghersi ]
* Update applications icons (LP: #350312)
* Fix watch file to report only stable versions
* Sync patches with Debian:
  - 02_launch_assistant-qt4.diff
  - 10_config_tests_fixes.diff
  - 15_fix_qmake_makefile_generation.diff
  - 16_hide_std_symbols_on_qtwebkit.diff
  - 40_alpha_ice.diff
* Fix qdbus.1 manpage
* Sync desktop files with Debian to fix lintian warning
* Fix lintian warning: binary-control-field-duplicates-source
* Add upstream patch 0002_qmake_qfileinfo_absolutepath.diff
  - Fixed QFileInfo::absolutePath() warning when running "qmake -project"
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23574043

[ Jonathan Thomas ]
* Update upstream's libphonon patch. This will correct build system issues
  that caused both the PulseAudio integration to fail as well as the
  libphonon version to be under-reported (LP: #557514)

Author: Jonathan Thomas
Revision Date: 2009-04-23 08:29:55 UTC

Add kubuntu_10_disable_ft_lcdfilter.diff from suse to fix font corruption
on vertically-hinted LCD screens (LP: #334657)

Author: Jonathan Riddell
Revision Date: 2009-10-14 16:14:19 UTC

Revert back to 4.5.2. Our 4.5.3 package does not compile in the
build daemons and we are unable to recreate the problem so a
solution looks unlikely before freeze.

Author: Jonathan Thomas
Revision Date: 2009-01-14 11:51:36 UTC

Add 0260-fix-qgraphicswidget-deletionclearFocus.diff from KDE's qt-copy
Fixes KDE bug 168278 observable in the file watcher plasmoid (LP: #272399)

Author: Marc Deslauriers
Revision Date: 2009-10-23 10:41:00 UTC

* SECURITY UPDATE: remote code execution via document with a SVGPathList
  data structure containing a negative index.
  - debian/patches/security_CVE-2009-0945.diff: make sure index is valid
    in src/3rdparty/webkit/WebCore/svg/SVGList.h.
  - CVE-2009-0945
* SECURITY UPDATE: denial of service or arbitrary code execution via
  JavaScript garbage collector allocation failures.
  - debian/patches/security_CVE-2009-1687.diff: make sure numBlocks is
    valid in src/3rdparty/webkit/JavaScriptCore/runtime/Collector.cpp.
  - CVE-2009-1687
* SECURITY UPDATE: denial of service or arbitrary code execution via
  use-after-free.
  - debian/patches/security_CVE-2009-1690.diff: Fix incorrect handling of
    head element in src/3rdparty/webkit/WebCore/html/HTMLParser.{h,cpp}.
  - CVE-2009-1690
* SECURITY UPDATE: denial of service or arbitrary code execution via
  attr function call with a large numerical argument.
  - debian/patches/security_CVE-2009-1698.diff: fix attr handling in
    src/3rdparty/webkit/WebCore/css/{CSSParser,CSSPrimitiveValue}.cpp.
  - CVE-2009-1698
* SECURITY UPDATE: arbitrary code execution via remote loading of
  local java applets.
  - debian/patches/security_CVE-2009-1712.diff: Use same rule for loading
    java applets as webkit does for images in
    src/3rdparty/webkit/WebCore/html/HTMLAppletElement.cpp,
    src/3rdparty/webkit/WebCore/loader/FrameLoader.cpp.
  - CVE-2009-1712
* SECURITY UPDATE: denial of service or arbitrary code execution via
  numeric character references.
  - debian/patches/security_CVE-2009-1725.diff: increase size of
    checkBuffer() in src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp.
  - CVE-2009-1725

Author: Marc Deslauriers
Revision Date: 2009-10-23 10:41:00 UTC

* SECURITY UPDATE: remote code execution via document with a SVGPathList
  data structure containing a negative index.
  - debian/patches/security_CVE-2009-0945.diff: make sure index is valid
    in src/3rdparty/webkit/WebCore/svg/SVGList.h.
  - CVE-2009-0945
* SECURITY UPDATE: denial of service or arbitrary code execution via
  JavaScript garbage collector allocation failures.
  - debian/patches/security_CVE-2009-1687.diff: make sure numBlocks is
    valid in src/3rdparty/webkit/JavaScriptCore/runtime/Collector.cpp.
  - CVE-2009-1687
* SECURITY UPDATE: denial of service or arbitrary code execution via
  use-after-free.
  - debian/patches/security_CVE-2009-1690.diff: Fix incorrect handling of
    head element in src/3rdparty/webkit/WebCore/html/HTMLParser.{h,cpp}.
  - CVE-2009-1690
* SECURITY UPDATE: denial of service or arbitrary code execution via
  attr function call with a large numerical argument.
  - debian/patches/security_CVE-2009-1698.diff: fix attr handling in
    src/3rdparty/webkit/WebCore/css/{CSSParser,CSSPrimitiveValue}.cpp.
  - CVE-2009-1698
* SECURITY UPDATE: arbitrary code execution via remote loading of
  local java applets.
  - debian/patches/security_CVE-2009-1712.diff: Use same rule for loading
    java applets as webkit does for images in
    src/3rdparty/webkit/WebCore/html/HTMLAppletElement.cpp,
    src/3rdparty/webkit/WebCore/loader/FrameLoader.cpp.
  - CVE-2009-1712
* SECURITY UPDATE: denial of service or arbitrary code execution via
  numeric character references.
  - debian/patches/security_CVE-2009-1725.diff: increase size of
    checkBuffer() in src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp.
  - CVE-2009-1725

Author: Steve Langasek
Revision Date: 2009-04-05 08:44:43 UTC

debian/patches/90_ia64_boilerplate.diff: don't try to use special
hand assembly for printing the boilerplate message on ia64, since it
causes a build failure due to undefined symbols.

Author: Marc Deslauriers
Revision Date: 2009-10-26 15:08:47 UTC

* SECURITY UPDATE: remote code execution via document with a SVGPathList
  data structure containing a negative index.
  - debian/patches/security_CVE-2009-0945.diff: make sure index is valid
    in src/3rdparty/webkit/WebCore/svg/SVGList.h.
  - CVE-2009-0945
* SECURITY UPDATE: denial of service or arbitrary code execution via
  JavaScript garbage collector allocation failures.
  - debian/patches/security_CVE-2009-1687.diff: make sure numBlocks is
    valid in src/3rdparty/webkit/JavaScriptCore/runtime/Collector.cpp.
  - CVE-2009-1687
* SECURITY UPDATE: denial of service or arbitrary code execution via
  use-after-free.
  - debian/patches/security_CVE-2009-1690.diff: Fix incorrect handling of
    head element in src/3rdparty/webkit/WebCore/html/HTMLParser.{h,cpp}.
  - CVE-2009-1690
* SECURITY UPDATE: denial of service or arbitrary code execution via
  attr function call with a large numerical argument.
  - debian/patches/security_CVE-2009-1698.diff: fix attr handling in
    src/3rdparty/webkit/WebCore/css/{CSSParser,CSSPrimitiveValue}.cpp.
  - CVE-2009-1698
* SECURITY UPDATE: arbitrary file disclosure via crafted DTD.
  - debian/patches/security_CVE-2009-1698.diff: fix
    shouldAllowExternalLoad logic in
    src/3rdparty/webkit/WebCore/dom/XMLTokenizer.cpp.
  - CVE-2009-1699
* SECURITY UPDATE: denial of service or arbitrary code execution via
  crafted HTML document with Attr DOM objects.
  - debian/patches/security_CVE-2009-1711.diff: add isMappedAttribute
    and remove attributeItem, getAttributeItem in
    src/3rdparty/webkit/WebCore/css/CSSStyleSelector.cpp,
    src/3rdparty/webkit/WebCore/dom/{Attribute.h,MappedAttribute.h,
    NamedMappedAttrMap.*,StyledElement.cpp},
    src/3rdparty/webkit/WebCore/html/HTMLInputElement.cpp.
  - CVE-2009-1711
* SECURITY UPDATE: arbitrary code execution via remote loading of
  local java applets.
  - debian/patches/security_CVE-2009-1712.diff: Use same rule for loading
    java applets as webkit does for images in
    src/3rdparty/webkit/WebCore/html/HTMLAppletElement.cpp,
    src/3rdparty/webkit/WebCore/loader/FrameLoader.cpp.
  - CVE-2009-1712
* SECURITY UPDATE: arbitrary file disclosure via XSLT functionality
  - debian/patches/security_CVE-2009-1713.diff: Test that the XSL
    document() function doesn't load a document from a foreign origin in
    src/3rdparty/webkit/WebCore/xml/XSLTProcessor.cpp.
  - CVE-2009-1713
* SECURITY UPDATE: denial of service or arbitrary code execution via
  numeric character references.
  - debian/patches/security_CVE-2009-1725.diff: increase size of
    checkBuffer() in src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp.
  - CVE-2009-1725

Author: Marc Deslauriers
Revision Date: 2009-10-26 15:08:47 UTC

* SECURITY UPDATE: remote code execution via document with a SVGPathList
  data structure containing a negative index.
  - debian/patches/security_CVE-2009-0945.diff: make sure index is valid
    in src/3rdparty/webkit/WebCore/svg/SVGList.h.
  - CVE-2009-0945
* SECURITY UPDATE: denial of service or arbitrary code execution via
  JavaScript garbage collector allocation failures.
  - debian/patches/security_CVE-2009-1687.diff: make sure numBlocks is
    valid in src/3rdparty/webkit/JavaScriptCore/runtime/Collector.cpp.
  - CVE-2009-1687
* SECURITY UPDATE: denial of service or arbitrary code execution via
  use-after-free.
  - debian/patches/security_CVE-2009-1690.diff: Fix incorrect handling of
    head element in src/3rdparty/webkit/WebCore/html/HTMLParser.{h,cpp}.
  - CVE-2009-1690
* SECURITY UPDATE: denial of service or arbitrary code execution via
  attr function call with a large numerical argument.
  - debian/patches/security_CVE-2009-1698.diff: fix attr handling in
    src/3rdparty/webkit/WebCore/css/{CSSParser,CSSPrimitiveValue}.cpp.
  - CVE-2009-1698
* SECURITY UPDATE: arbitrary file disclosure via crafted DTD.
  - debian/patches/security_CVE-2009-1698.diff: fix
    shouldAllowExternalLoad logic in
    src/3rdparty/webkit/WebCore/dom/XMLTokenizer.cpp.
  - CVE-2009-1699
* SECURITY UPDATE: denial of service or arbitrary code execution via
  crafted HTML document with Attr DOM objects.
  - debian/patches/security_CVE-2009-1711.diff: add isMappedAttribute
    and remove attributeItem, getAttributeItem in
    src/3rdparty/webkit/WebCore/css/CSSStyleSelector.cpp,
    src/3rdparty/webkit/WebCore/dom/{Attribute.h,MappedAttribute.h,
    NamedMappedAttrMap.*,StyledElement.cpp},
    src/3rdparty/webkit/WebCore/html/HTMLInputElement.cpp.
  - CVE-2009-1711
* SECURITY UPDATE: arbitrary code execution via remote loading of
  local java applets.
  - debian/patches/security_CVE-2009-1712.diff: Use same rule for loading
    java applets as webkit does for images in
    src/3rdparty/webkit/WebCore/html/HTMLAppletElement.cpp,
    src/3rdparty/webkit/WebCore/loader/FrameLoader.cpp.
  - CVE-2009-1712
* SECURITY UPDATE: arbitrary file disclosure via XSLT functionality
  - debian/patches/security_CVE-2009-1713.diff: Test that the XSL
    document() function doesn't load a document from a foreign origin in
    src/3rdparty/webkit/WebCore/xml/XSLTProcessor.cpp.
  - CVE-2009-1713
* SECURITY UPDATE: denial of service or arbitrary code execution via
  numeric character references.
  - debian/patches/security_CVE-2009-1725.diff: increase size of
    checkBuffer() in src/3rdparty/webkit/WebCore/html/HTMLTokenizer.cpp.
  - CVE-2009-1725

Author: Roderick B. Greening
Revision Date: 2008-09-29 13:59:56 UTC

* New Upstream Release - bump config from ubuntu 4.4.2 deb
* Update copyright info from debian copyright
* Re-sync with Debian svn
  - Add following qt-copy patches:
    0245-fix-randr-changes-detecting.diff
    0248-fix-qwidget-scroll-slowness.diff
    0249-webkit-stale-frame-pointer.diff
    0254-fix-qgraphicsproxywidget-deletion-crash.diff
  - Remove following qt-copy patches (prev disabled):
    0214-fix-qgraphicsproxywidget-tab-crash.diff
    0220-no-x-recursion-in-xerrhandler.diff
    0223-fix-qpixmap-hasalpha.diff
    0227-qdatastream-regression.diff
    0228-qsortfilterproxymodel-invalidate-noscroll.diff
    0237-printdialog-assert.diff
    0240-printdialog-print-into-real-printer.diff
  - Remove following Debian patches (prev disabled):
    90_gcc43.diff
  - Add following debian patches:
    16_hide_std_symbols_on_qtwebkit.diff
    17_add_postgresql_8.3_support.diff
    30_webkit_unaligned_access.diff
    71_hppa_unaligned_access_fix_458133.diff
    81_hurd_more_max_path.diff
  - Cosmetic cleanup in control
    replace Qt4 with Qt 4 as per Debian
    some grammer clean-up in comments/notes
  - libqt4-dev.install (insert missing help - usr/include/qt4/QtHelp/QHelpGlobal)
  - Updated some patches (line numbering changed - cosmetic only)
    0167-fix-group-reading.diff
    0180-window-role.diff
    0195-compositing-properties.diff
    0203-qtexthtmlparser-link-color.diff
    0216-allow-isystem-for-headers.diff
    0224-fast-qpixmap-fill.diff
    0226-qtreeview-column_resize_when_needed.diff
    0234-fix-mysql-threaded.diff
    0238-fix-qt-qttabbar-size.diff
    05_append_qt4_target.diff
    50_kfreebsd_build_fix.diff
  - Patches with some re-write changes/fixes (non-cosmetic):
    14_add_libraries_to_gui_build_where_actually_needed.diff
    20_mips_atomic_ops.diff

Author: Jonathan Riddell
Revision Date: 2008-02-20 00:26:45 UTC

* SECURITY UPDATE: a potential vulnerability in QSslSocket, which
  might cause a certificate verification in SSL connections not to
  be performed. As a consequence, code using QSslSocket might be
  misled into thinking the certificate was verified correctly when
  it actually failed in one or more criteria.
* Added kubuntu_02_qsslsocket_verification.dpatch from
  http://www.trolltech.com/developer/download/190133.patch: ensure
  certificates are verified. (Fixes LP: #191218)
* References
  http://trolltech.com/company/newsroom/announcements/press.2007-12-21.2182567220
  CVE-2007-5965

Author: Steve Magoun
Revision Date: 2008-03-27 15:58:25 UTC

Add LPIA support to
07_trust_dpkg-arch_over_uname-m.diff (renamed to
kubuntu_07_trust_dpkg-arch_over_uname-m.diff) (LP: #207863)

Author: Ubuntu Archive Auto-Sync
Revision Date: 2008-05-06 17:08:00 UTC

Automated backport upload; no source changes.

Author: Jonathan Riddell
Revision Date: 2008-02-20 00:26:45 UTC

* SECURITY UPDATE: a potential vulnerability in QSslSocket, which
  might cause a certificate verification in SSL connections not to
  be performed. As a consequence, code using QSslSocket might be
  misled into thinking the certificate was verified correctly when
  it actually failed in one or more criteria.
* Added kubuntu_02_qsslsocket_verification.dpatch from
  http://www.trolltech.com/developer/download/190133.patch: ensure
  certificates are verified. (Fixes LP: #191218)
* References
  http://trolltech.com/company/newsroom/announcements/press.2007-12-21.2182567220
  CVE-2007-5965

Author: Jonathan Riddell
Revision Date: 2007-11-05 16:42:40 UTC

Stable release update to close LP: #155784
Add kubuntu_01_load_ssl.dpatch
Fixes loading of libssl

Author: Jonathan Riddell
Revision Date: 2007-10-08 12:51:57 UTC

Disable 00_0172-prefer-xrandr-over-xinerama.dpatch, causes menus
to appear on the primary screen even when app is on a second screen
Closes LP: #135882

Author: Jonathan Riddell
Revision Date: 2007-07-19 19:18:56 UTC

Automated backport upload; no source changes.

Author: Jonathan Riddell
Revision Date: 2007-03-16 09:43:14 UTC

Ensure sources are clean before upload

Author: Jonathan Riddell
Revision Date: 2006-10-20 18:20:13 UTC

* SECURITY UPDATE: integer overflow flaw
* An integer overflow flaw was discovered in the way Qt 3.x and 4.x handles
  pixmap images. This issue can occur when transforming
  specially prepared images from untrusted sources.
* Add kubuntu_05_CVE-2006-4811-qt3_pixmap.dpatch fix
* References:
 - CVE-2006-4811
 - http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733

Author: Jonathan Riddell
Revision Date: 2006-10-20 18:20:13 UTC

* SECURITY UPDATE: integer overflow flaw
* An integer overflow flaw was discovered in the way Qt 3.x and 4.x handles
  pixmap images. This issue can occur when transforming
  specially prepared images from untrusted sources.
* Add kubuntu_01_CVE-2006-4811-qt4_pixmap.dpatch fix
* References:
 - CVE-2006-4811
 - http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733

Author: Jonathan Riddell
Revision Date: 2006-10-20 18:20:13 UTC

* SECURITY UPDATE: integer overflow flaw
* An integer overflow flaw was discovered in the way Qt 3.x and 4.x handles
  pixmap images. This issue can occur when transforming
  specially prepared images from untrusted sources.
* Add kubuntu_01_CVE-2006-4811-qt4_pixmap.dpatch fix
* References:
 - CVE-2006-4811
 - http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733

Author: Jonathan Riddell
Revision Date: 2006-05-12 14:05:14 UTC

* Sync with Debian
* Add back 16_hppa_ldcw_fix.dpatch
* Add back libgl1-mesa-dev as build-dependency alternate.

Author: Jonathan Riddell
Revision Date: 2006-10-20 18:20:13 UTC

* SECURITY UPDATE: integer overflow flaw
* An integer overflow flaw was discovered in the way Qt 3.x and 4.x handles
  pixmap images. This issue can occur when transforming
  specially prepared images from untrusted sources.
* Add kubuntu_05_CVE-2006-4811-qt4_pixmap.dpatch fix
* References:
 - CVE-2006-4811
 - http://www.trolltech.com/company/newsroom/announcements/press.2006-10-19.5434451733

Author: Adam Conrad
Revision Date: 2005-08-24 04:09:09 UTC

Update {build-,}depends for xorg -> mesa transition.