Created by James Westby on 2010-02-22 and last modified on 2010-08-07
Get this branch:
bzr branch lp:debian/kdelibs
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Ubuntu branches

Recent revisions

20. By Modestas Vainius <email address hidden> on 2010-08-07

* Change by email address to @debian.org.
* Drop common HTML docs from kdelibs-data package. Instead suggest
  kdelibs5-data which ships them (Closes: #591609). What's more, whoever
  wants to view docs, will have to install khelpcenter4 which pulls in
  kdelibs5-data anyway.
* Switch to dpkg-source format 3.0 (quilt):
  - drop simple-patchsys.mk from debian/rules;
  - add debian/patches/series file.
* Fix corruption of zip files caused by wrong encoding of umlauts in kzip
  (patch 67_kio_zip_file_encoding.diff). (Closes: #563942) Thanks to Bjoern
  Ricks for the patch.
* Support opening of KDE 4 khelpcenter in Help -> Handbook. (Closes: #525621)
  Thanks to Ben Burton for the patch.
* Do not recurse into .pc subdirectory with doxygen
  (patch debian/patches/02_exclude_pc_from_dox.diff).
* Urgency=medium due to multiple RC bug fixes.

19. By Debian Qt/KDE Maintainers <email address hidden> on 2010-08-03

[ Pino Toscano ]
* Pull upstream r1074155 to fix build with GCC 4.5. (Closes: #565013)

[ Modestas Vainius ]
* Do not ship all_languages in kdelibs-data.

[ Moritz Muehlenhoff ]
* Update copyright file. (Closes: #520485)
* License for certbundle files has been clarified. (Closes: #520977)
* Document scope of security support in Squeeze.

[ Ana Beatriz Guerrero Lopez ]
* Update to Standards-Version 3.9.1, no changes required.
* Add missing ${misc:Depends}.

18. By Debian Qt/KDE Maintainers <email address hidden> on 2010-01-04

+++ Changes by Scott Kitterman (patches from Kubuntu):

* SECURITY UPDATE: fix buffer overflow when converting string to float.
  - debian/patches/CVE-2009-0689.diff: adjust Kmax to handle large field
    numbers in kjs/dtoa.cpp (Closes: #559265)
  - CVE-2009-0689
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability.
 - Ark and KMail performs insufficient validation which leads to
   specially crafted archive files, using unknown MIME types, to be
   rendered using a KHTML instance, this can trigger uncontrolled
   XMLHTTPRequests to remote sites.
 - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
   restricts xmlhttprequest to http protocols only.
 - http://www.kde.org/info/security/advisory-20091027-1.txt
 - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
 - CVE n/a
* Fix FTBFS with gcc 4.4.
 - Add debian/patches/gcc4.4_ftbfs.diff (Closes: #556564)
* Update Vcs* in debian/control for new location.

+++ Changes by Ana Beatriz Guerrero Lopez:

* Add a depend on ${shlibs:Depends} to kdelibs5-dev to make lintian happy.
* Remove Sune from Uploaders per his request.
* Update Armin and Modestas emails.

17. By Giuseppe Iuculano on 2009-10-14

* Non-maintainer upload by the testing Security Team.
* Fixed CVE-2009-1687: An integer overflow, leading to heap-based buffer
  overflow was found in the KDE implementation of garbage collector for the
  JavaScript language (KJS).
* Fixed CVE-2009-1690: KDE HTML parser incorrectly handled content, forming
  the HTML page <head> element. A remote attacker could use this flaw to
  cause a denial of service (konqueror crash) or, potentially, execute
  arbitrary code, with the privileges of the user running "konqueror" web
  browser, if the victim was tricked to open a specially-crafted HTML page.
  (Closes: #534949)
* Fixed CVE-2009-1698: KDE's Cascading Style Sheets (CSS) parser incorrectly
  handled content, forming the value of CSS "style" attribute. A remote
  attacker could use this flaw to cause a denial of service (konqueror crash)
  or potentially execute arbitrary code with the privileges of the user
  running "konqueror" web browser, if the victim visited a specially-crafted
  CSS equipped HTML page. (Closes: #534949)
* Fixed CVE-2009-2702: KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not
  properly handle a '\0' character in a domain name in the Subject
  Alternative Name field of an X.509 certificate, which allows
  man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
  certificate issued by a legitimate Certification Authority (Closes: #546212)

16. By Debian Qt/KDE Maintainers <email address hidden> on 2009-03-18

Add 64_use_sys_inotify.diff patch to fix ftbfs caused by linux/inotify.
(Closes: #519881)

15. By Debian Qt/KDE Maintainers <email address hidden> on 2008-10-26

+++ Changes by Ana Beatriz Guerrero Lopez:

* New upstream release.
  - Most of the changes were already provided by the patches:
    - 01_kdelibs_branch_r828883.diff
    - 02_kate_regression_r777286.diff
    - 03_start_kdeinit_integer_overflow.diff (provided for CVE-2008-1671)
    - 05_kate_debianchangelog_default_context_r799980.diff
    - 06_khtml_rendering_r786289.diff
  that have been dropped now.
  - New changes:
    - Changes for showing KDE 3.5.10 instead of 3.5.9 in the KDE apps.
    - Fix while saving sessions for multiple scripts. (KDE SVN r837226,
      KDE bug 166598).
    - Fix in kdeprint. (KDE SVN r848634)
    - Avoid showing authentication-dialogue being put behind the application
      window. (KDE SVN r849216, KDE bug 121803).

+++ Changes by Raúl Sánchez Siles:

* kdeprint: Wrong initscript name (cupsys instead of cups) (Closes:
* Fixed 98_buildprep.patch so double compilation works.
* Fixed wrong http header parsing, added 61_httpheader_backport.diff
* Fixed wrong Google Maps rendering, added 62_fix_googlemaps_backport.diff
* Change dependencies from obsolete libcupsys2-dev to libcups2-dev.
* konqueror: Crash on eBay page (Closes: #502459) with recently added

14. By Ana Beatriz Guerrero López on 2008-07-08

Fix kdepart freeze with some replacements. (Closes: #482268)
Many thanks to Steve Cotton.

13. By Richard Birnie on 2008-05-01

Import upstream version 3.5.9.dfsg.1

12. By Jonathan Riddell on 2008-02-14

Import upstream version 3.5.9

11. By Jonathan Riddell on 2007-10-09

Import upstream version 3.5.8

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.