pkg kde talk - May 2005 - Please allow kdenetwork and kdelibs into Sarge

--nextPart2337504.MzxYFnTM2k
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Hello,

kdenetwork 4:3.3.2-3, replacing 4:3.3.2-1 in Sarge, fixes a number of bugs,=20
including several that are RC. These packages have been in Sid for some=20
time, but held out due to missing buildds, so they''ve proven
themselves=20
solid. The most recent upload, from late April, contained only packaging=20
changes:

kdenetwork (4:3.3.2-3) unstable; urgency=3Dhigh

  * Urgency high because we fix a recently discovered FTBFS that prevents=20
the previous medium-urgency upload to migrate to testing. Only=20
debian/control is changed in this upload.

  +++ Changes by Adeodato Sim=F3:

  * xmms-dev has recently moved from depending on xlibs-dev to specifying=20
the exact list of development libraries needed (see Bug#302059), which=20
makes kdenetwork fail to build from source now, Add libxtst-dev to=20
Build-Depends. (Closes: #305942)

  * Make ksirc recommend libio-socket-ssl-perl, so that SSL connections=20
work. Mention this in the package description. (Closes: #294331)

 -- Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>  Sat, 23
Apr=20
2005 04:51:30 +0200

kdenetwork (4:3.3.2-2) unstable; urgency=3Dmedium

  +++ Changes by Christopher Martin:

  * KDE_3_3_BRANCH update. Kopete loses rich-text support in ICQ, but works=20
around an exploitable crash when contacted by icq5 clients. Bump urgency to=20
medium since these fixes are RC. (Closes: #295265, #297861)

  * Change kopete''s section to kde. (Closes: #292398)

  * Include the GFDL in debian/copyright, since the Handbooks are licensed=20
under it.

  * Daniel Stone has kindly relicensed man pages written by him from GDFL to=20
GPL, update copyright notice in kopete.1.

  +++ Changes by Adeodato Sim=F3:

  * kopete no longer depends on XMMS, which it did simply because the Now=20
Listening plugin was linked against libxmms. Added a patch to dlopen=20
libxmms at runtime and use it if present, so that the plugin remains=20
functional even if XMMS is not installed. (Closes: #238368, #276586,=20
#292963, #293191)

 -- Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>  Wed, 30
Mar=20
2005 11:49:58 +0200

As for kdelibs, the sole change between 4:3.3.2-5 and 4:3.3.2-6 is that we=20
added a very small patch (from upstream) to upstream''s latest security
fix,=20
which caused regressions reading some image files. Definitely worth getting=20
into Sarge, even if the problem doesn''t seem to have security
implications.

23_kimgio_fix.diff
=2D-- kde.orig/kimgio/rgb.cpp
+++ kde.patched/kimgio/rgb.cpp
@@ -272,7 +272,8 @@ bool SGIImage::readImage(QImage& img)
        // sanity ckeck
        if (m_rle)
                for (uint o =3D 0; o < m_numrows; o++)
=2D                       if (m_starttab[o] + m_lengthtab[o] >=3D
m_data.size())=20
{
+                       // do not convert to >=3D
+                       if (m_starttab[o] + m_lengthtab[o] >
m_data.size())=20
{
                                kdDebug(399) << "image corrupt
(sanity check=20
failed)" << endl;
                                return false;
                        }

Thanks for all your work,
Christopher Martin

--nextPart2337504.MzxYFnTM2k
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Signed by Christopher Martin <chrsmrtn@freeshell.org>

iD8DBQBCf1h8U+gWW+vtsysRAsBcAJ4pvj5SBbUlRDgFZ73rr7HfVb2ekQCfaxKi
8v8bKSIIvkwZ5uRLOzgiiGk=+PUx
-----END PGP SIGNATURE-----

--nextPart2337504.MzxYFnTM2k--

--oC1+HKm2/end4ao3
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, May 09, 2005 at 08:32:54AM -0400, Christopher Martin
wrote:
> kdenetwork 4:3.3.2-3, replacing 4:3.3.2-1 in Sarge, fixes a number of
bugs,=20
> including several that are RC. These packages have been in Sid for some=20
> time, but held out due to missing buildds, so they''ve proven
themselves=20
> solid. The most recent upload, from late April, contained only packaging=20
> changes:
Approved (though still waiting on a sarge upload).

Going forward, it would be nice if you would check whether uuencoding
something that''s already a diff (and, er, not changing the name of a
diff
just because the date changed), so that changes can be reviewed using
interdiff alone.  I imagine this is being done here to guard against
dpkg''s
failure to use -a when generating diffs, and I suspect it''s not
actually
necessary if you''ve got everything in a diff file *anyway*, because the
diff
header itself ought to mark the file as ascii.
> As for kdelibs, the sole change between 4:3.3.2-5 and 4:3.3.2-6 is that
we=20
> added a very small patch (from upstream) to upstream''s latest
security fix,=20
> which caused regressions reading some image files. Definitely worth
getting=20
> into Sarge, even if the problem doesn''t seem to have security
implications.
>=20
> 23_kimgio_fix.diff
> --- kde.orig/kimgio/rgb.cpp
> +++ kde.patched/kimgio/rgb.cpp
> @@ -272,7 +272,8 @@ bool SGIImage::readImage(QImage& img)
>         // sanity ckeck
>         if (m_rle)
>                 for (uint o =3D 0; o < m_numrows; o++)
> -                       if (m_starttab[o] + m_lengthtab[o] >=3D
m_data.size())=20
> {
> +                       // do not convert to >=3D
> +                       if (m_starttab[o] + m_lengthtab[o] >
m_data.size())=20
> {
>                                 kdDebug(399) << "image corrupt
(sanity check=20
> failed)" << endl;
>                                 return false;
>                         }
The accompanying changelog isn''t very enlightening; what filetypes are
broken, and why?  Can you offer a pointer to discussion of this bug?

--=20
Steve Langasek
postmodern programmer

--oC1+HKm2/end4ao3
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCgJ7FKN6ufymYLloRAkP2AKDAi2dswjApKUA1GkTmOWA3v+EfWQCgm0Gp
mSlfqX/dJBCtiYvYAzB9+Gs=yaOk
-----END PGP SIGNATURE-----

--oC1+HKm2/end4ao3--

--nextPart2130839.zIpHcg7gtY
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On May 10, 2005 07:45, Steve Langasek wrote:
> On Mon, May 09, 2005 at 08:32:54AM -0400, Christopher Martin wrote:
> > kdenetwork 4:3.3.2-3, replacing 4:3.3.2-1 in Sarge, fixes a number of
> > bugs, including several that are RC. These packages have been in Sid
> > for some time, but held out due to missing buildds, so
they''ve proven
> > themselves solid. The most recent upload, from late April, contained
> > only packaging changes:
>
> Approved (though still waiting on a sarge upload).
Thanks.
> Going forward, it would be nice if you would check whether uuencoding
> something that''s already a diff (and, er, not changing the name of
a diff
> just because the date changed), so that changes can be reviewed using
> interdiff alone.  I imagine this is being done here to guard against
> dpkg''s failure to use -a when generating diffs, and I suspect
it''s not
> actually necessary if you''ve got everything in a diff file
*anyway*,
> because the diff header itself ought to mark the file as ascii.
Sorry about the hassle - the kdenetwork uploads were made before the freeze,=20
which is when we started thinking in terms of ease-of-readability. As for=20
uuencoding, it is, unfortunately, necessary when binary files are=20
added/updated in a diff. The use of -a when generating a diff doesn''t
seem=20
to prevent dpkg from choking on it. While for the KDE 3.3 packages all=20
branch diffs are uuencoded (more out of tradition than anything else),=20
we''re being more  selective with the post-Sarge 3.4 branch pulls.
> > As for kdelibs, the sole change between 4:3.3.2-5 and 4:3.3.2-6 is
that
> > we added a very small patch (from upstream) to upstream''s
latest
> > security fix, which caused regressions reading some image files.
> > Definitely worth getting into Sarge, even if the problem
doesn''t seem
> > to have security implications.
> >
> > 23_kimgio_fix.diff
> > --- kde.orig/kimgio/rgb.cpp
> > +++ kde.patched/kimgio/rgb.cpp
> > @@ -272,7 +272,8 @@ bool SGIImage::readImage(QImage& img)
> >         // sanity ckeck
> >         if (m_rle)
> >                 for (uint o =3D 0; o < m_numrows; o++)
> > -                       if (m_starttab[o] + m_lengthtab[o] >=3D
> > m_data.size()) {
> > +                       // do not convert to >=3D
> > +                       if (m_starttab[o] + m_lengthtab[o] >
> > m_data.size()) {
> >                                 kdDebug(399) << "image
corrupt (sanity
> > check failed)" << endl;
> >                                 return false;
> >                         }
>
> The accompanying changelog isn''t very enlightening; what filetypes
are
> broken, and why?  Can you offer a pointer to discussion of this bug?
Certainly. The security advisory can be found at=20
http://www.kde.org/info/security/advisory-20050504-1.txt. In summary, most=20
RGB files (an older SGI format, but it''s still around) can no longer
be=20
read. The one-line change (from upstream) we added between -5 and -6 fixes=20
this regression.

Cheers,
Christopher Martin

--nextPart2130839.zIpHcg7gtY
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Signed by Christopher Martin <chrsmrtn@freeshell.org>

iD8DBQBCgLcJU+gWW+vtsysRAug3AJwNu0qedCQXZQVV8En/f1h/NOnEcACgge3J
a6nNbfSVhC8g//OeECZLIeo=cp1L
-----END PGP SIGNATURE-----

--nextPart2130839.zIpHcg7gtY--

--a8Wt8u1KmwUX3Y2C
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi Christopher,

On Tue, May 10, 2005 at 09:28:36AM -0400, Christopher Martin wrote:
> > > As for kdelibs, the sole change between 4:3.3.2-5 and 4:3.3.2-6
is that
> > > we added a very small patch (from upstream) to
upstream''s latest
> > > security fix, which caused regressions reading some image files.
> > > Definitely worth getting into Sarge, even if the problem
doesn''t seem
> > > to have security implications.
> > > 23_kimgio_fix.diff
> > > --- kde.orig/kimgio/rgb.cpp
> > > +++ kde.patched/kimgio/rgb.cpp
> > > @@ -272,7 +272,8 @@ bool SGIImage::readImage(QImage& img)
> > >         // sanity ckeck
> > >         if (m_rle)
> > >                 for (uint o =3D 0; o < m_numrows; o++)
> > > -                       if (m_starttab[o] + m_lengthtab[o]
>=3D
> > > m_data.size()) {
> > > +                       // do not convert to >=3D
> > > +                       if (m_starttab[o] + m_lengthtab[o] >
> > > m_data.size()) {
> > >                                 kdDebug(399) << "image
corrupt (sanity
> > > check failed)" << endl;
> > >                                 return false;
> > >                         }
> > The accompanying changelog isn''t very enlightening; what
filetypes are
> > broken, and why?  Can you offer a pointer to discussion of this bug?
> Certainly. The security advisory can be found at=20
> http://www.kde.org/info/security/advisory-20050504-1.txt. In summary,
most=20
> RGB files (an older SGI format, but it''s still around) can no
longer be=20
> read. The one-line change (from upstream) we added between -5 and -6
fixes=20
> this regression.
Ok, also approved.

Thanks,
--=20
Steve Langasek
postmodern programmer

--a8Wt8u1KmwUX3Y2C
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCgeMBKN6ufymYLloRAsliAKCC7h0ILtxZxb47cGxRWh67HhCp5gCghJx0
TnorgBRah1TjwmYCn4K+PDA=OwsM
-----END PGP SIGNATURE-----

--a8Wt8u1KmwUX3Y2C--