Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please consider unblocking of planned upload of package x2goclient * debian/patches: -> This package pulls in two commits from upstream fixing the following issues: + Add 0001_use-QUrl::toPercentEncoding-for-encoding-broker-passwords.patch. Correctly encode passwords before sending them to the session broker via http(s). (Closes: #773348). -> Passwords sent to an X2Go Session Broker are not URL-encoded properly in x2goclient 4.0.3.1-1 Furthermore, passwords containing ampersands could be used to inject unwanted URL parameters into the broker http(s) request. + Add 0002_fix-GUI-for-session-profile-subfolders.patch. Fix a GUI layout/resizing issue for session profiles with profile subfolders. -> This second patch fixes a nasty layout issue when resizing the X2Go Client GUI window for people using the new session profile subfoldering feature. See [1]. [1] http://bugs.x2go.org/cgi-bin/bugreport.cgi?msg=5;filename=session-folder-placement.png;att=1;bug=681 unblock x2goclient/4.0.3.1-2 -- System Information: Debian Release: 8.0 APT prefers stable APT policy: (990, 'stable'), (500, 'testing-updates'), (500, 'testing-proposed-updates'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
diff -Nru x2goclient-4.0.3.1/debian/changelog x2goclient-4.0.3.1/debian/changelog --- x2goclient-4.0.3.1/debian/changelog 2014-11-27 11:09:12.000000000 +0100 +++ x2goclient-4.0.3.1/debian/changelog 2015-01-06 05:58:24.000000000 +0100 @@ -1,3 +1,14 @@ +x2goclient (4.0.3.1-2) unstable; urgency=medium + + * debian/patches: + + Add 0001_use-QUrl::toPercentEncoding-for-encoding-broker-passwords.patch. + Correctly encode passwords before sending them to the session broker via + http(s). (Closes: #773348). + + Add 0002_fix-GUI-for-session-profile-subfolders.patch. Fix a GUI + layout/resizing issue for session profiles with profile subfolders. + + -- Mike Gabriel <sunwea...@debian.org> Tue, 06 Jan 2015 05:57:53 +0100 + x2goclient (4.0.3.1-1) unstable; urgency=medium * New upstream release. diff -Nru x2goclient-4.0.3.1/debian/patches/0001_use-QUrl::toPercentEncoding-for-encoding-broker-passwords.patch x2goclient-4.0.3.1/debian/patches/0001_use-QUrl::toPercentEncoding-for-encoding-broker-passwords.patch --- x2goclient-4.0.3.1/debian/patches/0001_use-QUrl::toPercentEncoding-for-encoding-broker-passwords.patch 1970-01-01 01:00:00.000000000 +0100 +++ x2goclient-4.0.3.1/debian/patches/0001_use-QUrl::toPercentEncoding-for-encoding-broker-passwords.patch 2015-01-06 05:45:56.000000000 +0100 @@ -0,0 +1,63 @@ +From: Jason Alavaliant <alavali...@ra09.com> +Date: Wed, 17 Dec 2014 10:14:02 +0000 (+0100) +Subject: Use QUrl::toPercentEncoding() method to properly encode passwords sent to X2Go Sessio... +X-Git-Url: http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff_plain;h=db7c2f3009d9f39cdf8a85327c632dcb643f631c + +Use QUrl::toPercentEncoding() method to properly encode passwords sent to X2Go Session Broker. (Fixes: #705). +--- + +#diff --git a/debian/changelog b/debian/changelog +#index 1a034f3..1a2701d 100644 +#--- a/debian/changelog +#+++ b/debian/changelog +#@@ -9,6 +9,11 @@ x2goclient (4.0.3.2-0x2go1) UNRELEASED; urgency=medium +# * New upstream release (4.0.3.2): +# - Provide empty Turkish translation file. +# +#+ [ Jason Alavaliant ] +#+ * New upstream verson (4.0.3.2): +#+ - Use QUrl::toPercentEncoding() method to properly encode passwords sent +#+ to X2Go Session Broker. (Fixes: #705). +#+ +# [ Mike DePaulo ] +# * New upstream release (4.0.3.2): +# - Windows: Fix compatibility with PulseAudio 6.0 +diff --git a/httpbrokerclient.cpp b/httpbrokerclient.cpp +index fc4d891..3701c12 100644 +--- a/httpbrokerclient.cpp ++++ b/httpbrokerclient.cpp +@@ -251,8 +251,8 @@ void HttpBrokerClient::getUserSessions() + QString req; + QTextStream ( &req ) << + "task=listsessions&"<< +- "user="<<brokerUser<<"&"<< +- "password="<<config->brokerPass<<"&"<< ++ "user="<<QUrl::toPercentEncoding(brokerUser)<<"&"<< ++ "password="<<QUrl::toPercentEncoding(config->brokerPass)<<"&"<< + "authid="<<nextAuthId; + + x2goDebug << "sending request: "<< req.toUtf8(); +@@ -290,8 +290,8 @@ void HttpBrokerClient::selectUserSession(const QString& session) + QTextStream ( &req ) << + "task=selectsession&"<< + "sid="<<session<<"&"<< +- "user="<<brokerUser<<"&"<< +- "password="<<config->brokerPass<<"&"<< ++ "user="<<QUrl::toPercentEncoding(brokerUser)<<"&"<< ++ "password="<<QUrl::toPercentEncoding(config->brokerPass)<<"&"<< + "authid="<<nextAuthId; + x2goDebug << "sending request: "<< req.toUtf8(); + QNetworkRequest request(QUrl(config->brokerurl)); +@@ -324,9 +324,9 @@ void HttpBrokerClient::changePassword(QString newPass) + QString req; + QTextStream ( &req ) << + "task=setpass&"<< +- "newpass="<<newPass<<"&"<< +- "user="<<brokerUser<<"&"<< +- "password="<<config->brokerPass<<"&"<< ++ "newpass="<<QUrl::toPercentEncoding(newPass)<<"&"<< ++ "user="<<QUrl::toPercentEncoding(brokerUser)<<"&"<< ++ "password="<<QUrl::toPercentEncoding(config->brokerPass)<<"&"<< + "authid="<<nextAuthId; + x2goDebug << "sending request: "<< req.toUtf8(); + QNetworkRequest request(QUrl(config->brokerurl)); diff -Nru x2goclient-4.0.3.1/debian/patches/0002_fix-GUI-for-session-profile-subfolders.patch x2goclient-4.0.3.1/debian/patches/0002_fix-GUI-for-session-profile-subfolders.patch --- x2goclient-4.0.3.1/debian/patches/0002_fix-GUI-for-session-profile-subfolders.patch 1970-01-01 01:00:00.000000000 +0100 +++ x2goclient-4.0.3.1/debian/patches/0002_fix-GUI-for-session-profile-subfolders.patch 2015-01-06 05:48:40.000000000 +0100 @@ -0,0 +1,56 @@ +From: Oleksandr Shneyder <o.shney...@phoca-gmbh.de> +Date: Thu, 27 Nov 2014 10:37:28 +0000 (+0100) +Subject: Fix placement of session folders in session card column. +X-Git-Url: http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff_plain;h=cd1ae314378c6cd7c0dc80b6accc31828965e2bd;hp=05365223d5620215181b8380160f90bcd1912180 + +Fix placement of session folders in session card column. +--- + +#diff --git a/debian/changelog b/debian/changelog +#index c4ae8a9..cb576b8 100644 +#--- a/debian/changelog +#+++ b/debian/changelog +#@@ -20,6 +20,7 @@ x2goclient (4.0.3.1-0x2go1) unstable; urgency=medium +# - Split Sessions config widget into Input/output and Media widgets. +# (Fixes: #643). +# - Reformat onmainwindow.cpp +#+ - Fix placement of session folders in session card column. +# +# -- Mike Gabriel <mike.gabr...@das-netzwerkteam.de> Thu, 27 Nov 2014 11:00:17 +0100 +# +diff --git a/onmainwindow.cpp b/onmainwindow.cpp +index 0c3bce8..fa6c8f1 100644 +--- a/onmainwindow.cpp ++++ b/onmainwindow.cpp +@@ -1272,6 +1272,19 @@ void ONMainWindow::slotResize ( const QSize sz ) + } + else + { ++ QList<FolderButton*>::iterator fit; ++ QList<FolderButton*>::iterator fend=sessionExplorer->getFoldersList()->end(); ++ for ( fit=sessionExplorer->getFoldersList()->begin(); fit!=fend; fit++ ) ++ { ++ if ( !miniMode ) ++ ( *fit )->move ( ++ ( usize-360 ) /2, ++ ( *fit )->pos().y() ); ++ else ++ ( *fit )->move ( ++ ( usize-250 ) /2, ++ ( *fit )->pos().y() ); ++ } + QList<SessionButton*>::iterator it; + QList<SessionButton*>::iterator end=sessionExplorer->getSessionsList()->end(); + for ( it=sessionExplorer->getSessionsList()->begin(); it!=end; it++ ) +diff --git a/onmainwindow_privat.h b/onmainwindow_privat.h +index 037483f..d04de8a 100644 +--- a/onmainwindow_privat.h ++++ b/onmainwindow_privat.h +@@ -137,6 +137,7 @@ + #include "configdialog.h" + #include "editconnectiondialog.h" + #include "sessionbutton.h" ++#include "folderbutton.h" + #include "sessionexplorer.h" + #include "sessionmanagedialog.h" + #include "x2gologdebug.h" diff -Nru x2goclient-4.0.3.1/debian/patches/series x2goclient-4.0.3.1/debian/patches/series --- x2goclient-4.0.3.1/debian/patches/series 2014-10-21 13:13:04.000000000 +0200 +++ x2goclient-4.0.3.1/debian/patches/series 2015-01-06 05:56:47.000000000 +0100 @@ -1 +1,3 @@ +0001_use-QUrl::toPercentEncoding-for-encoding-broker-passwords.patch +0002_fix-GUI-for-session-profile-subfolders.patch 1001_deprecated-apache2-config.patch