Please unblock kadu-0.6.0.2-3

To: debian-release@lists.debian.org
Subject: Please unblock kadu-0.6.0.2-3
From: Patryk Cisek <patryk@prezu.one.pl>
Date: Mon, 17 Nov 2008 11:29:24 +0100
Message-id: <200811171129.30427.patryk@prezu.one.pl>

Hi,

Can you please unblock kadu-0.6.0.2-3? This upload contains a fix for 
CVE-2008-4776 (#504429, #504430)

Here's a debdiff between 0.6.0.2-2 and 0.6.0.2-3:
diff -u kadu-0.6.0.2/debian/watch kadu-0.6.0.2/debian/watch
--- kadu-0.6.0.2/debian/watch
+++ kadu-0.6.0.2/debian/watch
@@ -1,3 +1,3 @@
 version=3
-opts=uversionmangle=s/(alpha|beta|rc)/~$1/ \
+opts=uversionmangle=s/-(alpha|beta|rc)/~$1/ \
 http://www.kadu.net/download/stable/kadu-(.*)\.tar\.bz2
diff -u kadu-0.6.0.2/debian/changelog kadu-0.6.0.2/debian/changelog
--- kadu-0.6.0.2/debian/changelog
+++ kadu-0.6.0.2/debian/changelog
@@ -1,3 +1,11 @@
+kadu (0.6.0.2-3) unstable; urgency=high
+
+  * Now Kadu is linked against libgadu provided by libgadu3 package, instead
+    of the one shipped in Kadu's tarball. This fixes CVE-2008-4776
+    (Closes: #504429, #504430)
+
+ -- Patryk Cisek <patryk@prezu.one.pl>  Tue, 04 Nov 2008 15:37:05 +0100
+
 kadu (0.6.0.2-2) unstable; urgency=low

   [ Patryk Cisek ]
diff -u kadu-0.6.0.2/debian/rules kadu-0.6.0.2/debian/rules
--- kadu-0.6.0.2/debian/rules
+++ kadu-0.6.0.2/debian/rules
@@ -9,6 +9,8 @@

 DEB_COMPRESS_EXCLUDE           := AUTHORS THANKS LICENSE about-changes-
tab.txt
 DEB_BUILD_ARCH_OS               := $(shell dpkg-architecture -
qDEB_BUILD_ARCH_OS)
+DEB_CONFIGURE_EXTRA_FLAGS       := --with-existing-libgadu
+
 makebuilddir/kadu::
        sh debian/extract.sh $(CURDIR) $(DEB_BUILDDIR)
        find . -name '*.o' -delete
diff -u kadu-0.6.0.2/debian/control kadu-0.6.0.2/debian/control
--- kadu-0.6.0.2/debian/control
+++ kadu-0.6.0.2/debian/control
@@ -2,7 +2,7 @@
 Section: net
 Priority: optional
 Maintainer: Patryk Cisek <patryk@prezu.one.pl>
-Build-Depends: cdbs (>= 0.4.23-1.1), autotools-dev, debhelper (>= 5), 
patchutils (>= 0.2.25), sharutils, bzip2, libqt3-mt-dev, libao-dev, 
libsndfile1-dev (>= 1.0), kdelibs4-dev, libcurl3-gnutls-dev, libaudio-dev, 
libgtk1.2-dev, libxosd-dev, audacious-dev, libxtst-dev
+Build-Depends: cdbs (>= 0.4.23-1.1), autotools-dev, debhelper (>= 5), 
patchutils (>= 0.2.25), sharutils, bzip2, libqt3-mt-dev, libao-dev, 
libsndfile1-dev (>= 1.0), kdelibs4-dev, libcurl3-gnutls-dev, libaudio-dev, 
libgtk1.2-dev, libxosd-dev, audacious-dev, libxtst-dev, libgadu-dev
 Standards-Version: 3.8.0
 Homepage: http://kadu.net

@@ -33,7 +33,6 @@
 Package: kadu-dev
 Architecture: all
 Recommends: kadu
-Conflicts: libgadu-dev
 Section: libdevel
 Description: Development files for Kadu
  Gadu-Gadu is a Windows instant messenger, very popular in Poland.

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Follow-Ups:
- Re: Please unblock kadu-0.6.0.2-3
  - From: Nico Golde <debian-release+ml@ngolde.de>

Prev by Date: please allow calendarserver 1.2.dfsg-8 into lenny
Next by Date: Bug#504726: pre-approving universalindentgui/0.8.1-1.2 (and uploading it)
Previous by thread: Re: please allow calendarserver 1.2.dfsg-8 into lenny
Next by thread: Re: Please unblock kadu-0.6.0.2-3
Index(es):
- Date
- Thread