Ubuntu
kvirc package

lp:ubuntu/jaunty-updates/kvirc

  1. Jaunty (9.04)
  2. jaunty-updates
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/jaunty-updates/kvirc
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

16. By Andreas Wenning

* SECURITY UPDATE: Two security issues have been discovered in the DCC
  protocol support code of kvirc, a KDE-based next generation IRC client,
  which allow the overwriting of local files through directory traversal
  and the execution of arbitrary code through a format string attack.
  - kubuntu_01_CVE-2010-2451_CVE-2010-2451_DCC_fix.patch
    - Patch based on upstream SVN revision 4317.
  - CVE-2010-2451, CVE-2010-2452:
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2451
    - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2452
  - LP: #601702

15. By Alessandro Ghersi

[ Alessandro Ghersi ]
* Fix missing icon in menu (LP: #335023)
* Add kubuntu_02_fix_cmakelist_icons.patch and refresh 05_xpmicon.patch

[ Alessio Treglia ]
* Section field in kvirc-data duplicates the value inherited from source package,
  fixed.

14. By Roderick B. Greening

* SVN pre-release (2009/01/26)
* Update debian/copyright
* Update packaging to use kde4.mk and cmake
* Update build deps
* Update compat (debhelper >= 6)
* Update standards to 3.8.0
* Update *.install to comply with new standards version
* Fix post/pre scripts to update alternatives for irc.protocol
* Remove unnecessary patches
  - 01_am_maintainer_mode.patch
  - 02_rpath.patch
  - 09_plugin_dir.patch
  - 13_eula.patch
  - 30_security-cipherlist-bad-order_r1990.patch
  - 31_r1997-irchandler-exploit-bug503401.patch
  - 51_PERL_SYS_INIT3_r2271-bug495064.patch
  - 52_windowmenu-crashes_r1991.patch
  - 98_buildprep.diff
* New patches
  - kubuntu_01_fix_desktop_entry.patch
* Update patches
  - 05_xpmicon.patch

13. By Andreas Wenning

No change rebuild to remove support for arts. (LP: #320915)

12. By Raúl Sánchez Siles <email address hidden>

* try to start command via irc:// handler (Closes: #503401).
  Added 31_r1997-irchandler-exploit-bug503401.patch
* Urgency medium due to potential security bug fix.

11. By Andreas Wenning

Added Added 31_r1997-irchandler-exploit.patch which prevents known
exploit for executing commands as user using the irc:// handler. Patch
is taken directly from debian version 2:3.4.0-3. (LP: #289695)

10. By Raúl Sánchez Siles <email address hidden>

* New upstream release.
* New version (3.4) available. (Closes: #473454)
* Adopt package after pinging several times maintainer without answer. See
  bug #473454.
* Patches:
  + Removed patches 05_Kvi_Avatar_Resize and 06_resizeavatar.patch. Applied
    upstream.
  + Added patches for build system preparation: 01_am_maintainer_mode and
    98_buildprep.
  + Added patch 20_fixman to fix a typo on man package.
  + Refreshed patch 09_plugin_dir to modify admin/acinclude.m4.in.
  + Reworked 02_rpath to deal with rpath removal on build.
* Dependencies:
  + Tighting depends for kvirc and kvirc-data.
  + Addind automake1.10 to build-deps.
* Bump policy to 3.7.3: Updated menu file to menu policy 1.4.
* Changed 3.2 references in rules,kvirc-data installation scripts to 3.4.
* Maintainer scripts:
  + Removing empty: kvirc-dev and kvirc.prerm.
  + Removing not needed: kvirc.postrm, kvirc.postinst.
* Removing link to manpage for kvi_make_scriptdist.sh no longer existing.
* Fixing installation paths for some files in kvirc and kvirc-data, taking
  those paths from a patch.
* Adding some more new .desktop files.
* Adding Homepage field in control file. Removing from package description.
* Updated copyright file with information about repackaging and upstream
  copyright holders.
* Adding Vcs-Svn and Vcs-Browser control fields.

9. By Rich Johnson

* Merge from Debian unstable, remaining Ubuntu changes:
  - 10_parseIrcUrl_security_fix.patch
* New changes:
  - debian/rules: change dh_iconcache to dh_icons

8. By Rich Johnson

* SECURITY UPDATE: parseIrcUrl() do not properly sanitize parts of the URI
  when building the command for KVIrc's internet script system. This can
  be exploited to inject and execute commands for the KVIrc script system
  (including the "run" command, which can be leveraged to execute shell
  commands) by e.g. tricking a user into opening a specially crafted
  "irc://" or similar URI.
* Add debian/patches/10_parseIrcUrl_security_fix.patch: properly sanitizes
  URI strings, as done in upstream SVN. (Fixes LP: #123037)
* References:
  - http://www.kvirc.net/?id=news&story=2007.06.29.22.00.1.story&dir=latest
  - http://secunia.com/secunia_research/2007-56/advisory/
  - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2951
  - https://svn.kvirc.de/kvirc/changeset/630/#file3 (fix to kvi_ircurl.cpp)
* Add debian/control: Debian Maintainer Field

7. By Rich Johnson

* Merge from Debian unstable
* Added dh_iconcache

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/natty/kvirc
This branch contains Public information 
Everyone can see this information.

Subscribers