subject:"Bug#885087\: Slightly improved version"

Processed: Re: Bug#885087: Slightly improved version

2018-06-08 Thread Debian Bug Tracking System

Processing control commands:

> tags -1 + confirmed
Bug #885087 [release.debian.org] jessie-pu: package kildclient/3.0.0-2+deb8u1
Added tag(s) confirmed.

-- 
885087: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885087
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#885087: Slightly improved version

2018-06-08 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Sat, 2018-01-20 at 11:22 -0200, Eduardo M KALINOWSKI wrote:
> I've made a small change to the package, changing the new dependency
> from gvfs to desktop-file-utils, since that's what's really necessary
> (as discovered in #885086).
> 
> The new debdiff is attached.
> 

Please go ahead; sorry for the delay.

Regards,

Adam

Bug#885087: Slightly improved version

2018-01-20 Thread Eduardo M KALINOWSKI

I've made a small change to the package, changing the new dependency
from gvfs to desktop-file-utils, since that's what's really necessary
(as discovered in #885086).

The new debdiff is attached.

-- 
Eduardo M KALINOWSKI
edua...@kalinowski.com.br


diff -Nru kildclient-3.0.0/debian/changelog kildclient-3.0.0/debian/changelog
--- kildclient-3.0.0/debian/changelog	2014-12-09 20:20:51.0 -0200
+++ kildclient-3.0.0/debian/changelog	2018-01-20 11:06:39.0 -0200
@@ -1,3 +1,10 @@
+kildclient (3.0.0-2+deb8u1) jessie; urgency=low
+
+  * Fix for CVE-2017-17511. New dependency 'desktop-file-utils' required
+in order to use GTK+ function for opening URLs. Closes: #885007
+
+ -- Eduardo M Kalinowski   Sat, 20 Jan 2018 11:06:37 -0200
+
 kildclient (3.0.0-2) unstable; urgency=medium
 
   * Added work-around to enable scroll-to-end feature to work with
diff -Nru kildclient-3.0.0/debian/control kildclient-3.0.0/debian/control
--- kildclient-3.0.0/debian/control	2014-12-09 20:20:51.0 -0200
+++ kildclient-3.0.0/debian/control	2018-01-20 11:06:18.0 -0200
@@ -10,7 +10,7 @@
 
 Package: kildclient
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, liblocale-gettext-perl, libjson-perl
+Depends: ${shlibs:Depends}, ${misc:Depends}, liblocale-gettext-perl, libjson-perl, desktop-file-utils
 Suggests: kildclient-doc, libgtk3-perl
 Description: powerful MUD client with a built-in Perl interpreter
  KildClient is a MUD Client written with the GTK+ windowing toolkit.
diff -Nru kildclient-3.0.0/debian/NEWS.Debian kildclient-3.0.0/debian/NEWS.Debian
--- kildclient-3.0.0/debian/NEWS.Debian	2014-12-09 20:20:51.0 -0200
+++ kildclient-3.0.0/debian/NEWS.Debian	2018-01-20 11:17:50.0 -0200
@@ -1,3 +1,11 @@
+kildclient (3.0.0-2+deb8u1) jessie-security; urgency=high
+
+  * The option to define the command used to run a web browser has been
+removed; the default browser (as selected by MIME types database) is
+now used.
+
+ -- Eduardo M Kalinowski   Sat, 20 Jan 2018 11:06:37 -0200
+
 kildclient (2.8.1-1) experimental; urgency=low
 
   The HTML manual is now in the package kildclient-doc.
diff -Nru kildclient-3.0.0/debian/patches/cve-2017-17511.patch kildclient-3.0.0/debian/patches/cve-2017-17511.patch
--- kildclient-3.0.0/debian/patches/cve-2017-17511.patch	1969-12-31 21:00:00.0 -0300
+++ kildclient-3.0.0/debian/patches/cve-2017-17511.patch	2018-01-20 11:05:35.0 -0200
@@ -0,0 +1,221 @@
+Description: Fix for CVE-2017-17511
+ Uses a GTK+ function to open URLs, instead of using a command
+ supplied by the user or $BROWSER.
+Author: Eduardo M KALINOWSKI 
+Last-Update: 2017-12-16
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+--- a/src/kildclient.h
 b/src/kildclient.h
+@@ -633,7 +633,6 @@
+   GtkPositionType  tab_position;
+   gboolean hide_single_tab;
+   gboolean urgency_hint;
+-  char*browser_command;
+   char*audio_player_command;
+   char*last_open_world;
+   gboolean no_plugin_help_msg;
+--- a/src/prefs.c
 b/src/prefs.c
+@@ -92,7 +92,6 @@
+   GObject  *txtProxyUser;
+   GObject  *txtProxyPassword;
+ #ifndef __WIN32__
+-  GObject  *txtBrowserCommand;
+   GObject  *txtAudioPlayerCommand;
+ #else
+   GtkWidget*tabPrograms;
+@@ -178,12 +177,6 @@
+ 
+ #ifndef __WIN32__
+ /* Load commands */
+-txtBrowserCommand = gtk_builder_get_object(main_builder, "txtBrowserCommand");
+-gtk_entry_set_text(GTK_ENTRY(txtBrowserCommand),
+-   globalPrefs.browser_command);
+-g_signal_connect(txtBrowserCommand, "focus_out_event",
+- G_CALLBACK(txt_cmd_focus_out_cb),
+- _command);
+ txtAudioPlayerCommand
+   = gtk_builder_get_object(main_builder, "txtAudioPlayerCommand");
+ gtk_entry_set_text(GTK_ENTRY(txtAudioPlayerCommand),
+@@ -319,9 +312,6 @@
+   }
+ 
+   /* Has the commands been set? */
+-  if (!globalPrefs.browser_command) {
+-globalPrefs.browser_command = g_strdup("${BROWSER} \"%s\" &");
+-  }
+   if (!globalPrefs.audio_player_command) {
+ globalPrefs.audio_player_command = g_strdup("play \"%s\" &");
+   }
+@@ -380,8 +370,6 @@
+   globalPrefs.hide_single_tab = atoi(line + pos + 1);
+ } else if (strcmp(first_word, "urgencyhint") == 0) {
+   globalPrefs.urgency_hint = atoi(line + pos + 1);
+-} else if (strcmp(first_word, "browsercommand") == 0) {
+-  globalPrefs.browser_command = g_strdup(line + pos + 1);
+ } else if (strcmp(first_word, "audioplayercommand") == 0) {
+   globalPrefs.audio_player_command = g_strdup(line + pos + 1);
+ } else if (strcmp(first_word, "lastopenworld") == 0) {
+@@ -475,8 +463,6 @@
+   g_string_append_printf(str, "urgencyhint %d\n", globalPrefs.urgency_hint);
+ 
+   g_string_append_printf(str,
+-

Processed: Re: Bug#885087: Slightly improved version

Bug#885087: Slightly improved version

Bug#885087: Slightly improved version

3 matches

Site Navigation

Mail list logo

Footer information