Control: tags -1 - moreinfo On Fri 24 Aug 2012 04:41:44 Niels Thykier escribió: [snip] > The file you attached is not a diff, but some html page with a > redirect. Could you please attach the real debdiff? Oh, my mistake. My apologies for that. Please find the correct diff attached :-) Kinds regards, Lisandro. -- Lisandro Damián Nicanor Pérez Meyer http://perezmeyer.com.ar/ http://perezmeyer.blogspot.com/
diff -Nru calligra-2.4.3/debian/calligra-data.install calligra-2.4.3/debian/calligra-data.install
--- calligra-2.4.3/debian/calligra-data.install 2012-06-29 09:29:56.000000000 -0300
+++ calligra-2.4.3/debian/calligra-data.install 2012-08-19 14:54:05.000000000 -0300
@@ -399,11 +399,3 @@
usr/share/kde4/servicetypes/texteditingplugin.desktop
usr/share/kde4/servicetypes/textvariableplugin.desktop
usr/share/mime/packages/msooxml-all.xml
-usr/share/templates/.source/Illustration.karbon
-usr/share/templates/.source/Presentation.kpt
-usr/share/templates/.source/SpreadSheet.kst
-usr/share/templates/.source/TextDocument.kwt
-usr/share/templates/Illustration.desktop
-usr/share/templates/Presentation.desktop
-usr/share/templates/SpreadSheet.desktop
-usr/share/templates/TextDocument.desktop
diff -Nru calligra-2.4.3/debian/calligrasheets.install calligra-2.4.3/debian/calligrasheets.install
--- calligra-2.4.3/debian/calligrasheets.install 2012-06-29 09:29:56.000000000 -0300
+++ calligra-2.4.3/debian/calligrasheets.install 2012-08-19 14:54:05.000000000 -0300
@@ -80,3 +80,5 @@
usr/share/kde4/services/spreadsheetshape-deferred.desktop
usr/share/kde4/services/spreadsheetshape.desktop
usr/share/kde4/servicetypes/sheets_plugin.desktop
+usr/share/templates/.source/SpreadSheet.kst
+usr/share/templates/SpreadSheet.desktop
diff -Nru calligra-2.4.3/debian/calligrastage.install calligra-2.4.3/debian/calligrastage.install
--- calligra-2.4.3/debian/calligrastage.install 2012-06-29 09:29:56.000000000 -0300
+++ calligra-2.4.3/debian/calligrastage.install 2012-08-19 14:54:05.000000000 -0300
@@ -50,3 +50,5 @@
usr/share/kde4/services/stagepart.desktop
usr/share/kde4/servicetypes/kpr_pageeffect.desktop
usr/share/kde4/servicetypes/kpr_shapeanimation.desktop
+usr/share/templates/.source/Presentation.kpt
+usr/share/templates/Presentation.desktop
diff -Nru calligra-2.4.3/debian/calligrawords-data.install calligra-2.4.3/debian/calligrawords-data.install
--- calligra-2.4.3/debian/calligrawords-data.install 2012-06-29 09:29:56.000000000 -0300
+++ calligra-2.4.3/debian/calligrawords-data.install 2012-08-19 14:54:05.000000000 -0300
@@ -8,3 +8,5 @@
usr/share/kde4/apps/xsltfilter/export/words/xslfo/main.xsl
usr/share/kde4/apps/xsltfilter/export/words/xslfo/words2xslfo-table.xsl
usr/share/kde4/config/wordsrc
+usr/share/templates/.source/TextDocument.kwt
+usr/share/templates/TextDocument.desktop
diff -Nru calligra-2.4.3/debian/changelog calligra-2.4.3/debian/changelog
--- calligra-2.4.3/debian/changelog 2012-06-29 09:33:15.000000000 -0300
+++ calligra-2.4.3/debian/changelog 2012-08-19 15:06:51.000000000 -0300
@@ -1,3 +1,24 @@
+calligra (1:2.4.3-2) unstable; urgency=low
+
+ * Team upload.
+
+ [ Adrien Grellier ]
+ * Fix karbon: extra space for paragraph separation in the package
+ description. (Closes: #679731)
+ * Split the templates from calligra-data to the application's packages.
+ (Closes: #682763)
+
+ [ Pino Toscano ]
+ * Backport upstream commit 7d72f7dd8d28d18c59a08a7d43bd4e0654043103 to fix
+ a buffer overflow in the msword import filter (CVE-2012-3456); patch
+ upstream_Make-sure-not-to-write-behind-the-allocated-memory.patch.
+ (Closes: #684004)
+ * Force the "kde" build system to dh_auto_configure, so the proper kdeinit
+ handling is applied.
+ * Fix description of krita to be within 80 columns.
+
+ -- Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org> Sun, 19 Aug 2012 15:06:46 -0300
+
calligra (1:2.4.3-1) unstable; urgency=low
* Team upload.
diff -Nru calligra-2.4.3/debian/control calligra-2.4.3/debian/control
--- calligra-2.4.3/debian/control 2012-06-29 09:29:56.000000000 -0300
+++ calligra-2.4.3/debian/control 2012-08-19 14:54:05.000000000 -0300
@@ -82,13 +82,15 @@
Section: graphics
Depends: ${misc:Depends}, ${shlibs:Depends}, calligra-libs (= ${binary:Version})
Recommends: pstoedit
+Breaks: calligra-data (<< 1:2.4.3-2)
+Replaces: calligra-data (<< 1:2.4.3-2)
Homepage: http://www.calligra-suite.org/karbon/
Description: vector graphics application for the Calligra Suite
Karbon is a vector drawing application with an user interface that is easy to
use, highly customizable and extensible. That makes Karbon a great application
for users starting to explore the world of vector graphics as well as for
artists wanting to create breathtaking vector art. Features include:
- .
+ .
* Loading support for ODG, SVG, WMF, WPG, EPS/PS
* Writing support for ODG, SVG, WMF, PNG, PDF
* Customizable user interface with freely placeable toolbars and dockers
@@ -299,11 +301,11 @@
pluggable brush engines, some supporting brush resources like Gimp brush files,
others offering sophisticated simulation of real brushes, and others again
offering color mixing and image deformations. Moreover, Krita has full
- support for graphics tablets, including such features as pressure, tilt and rate,
- making it a great choice for artists. There are easy to use tools for drawing
- lines, ellipses and rectangles, and the freehand tool is supported by pluggable
- "drawing assistants" that help you draw shapes that still have a freehand
- feeling to them.
+ support for graphics tablets, including such features as pressure, tilt and
+ rate, making it a great choice for artists. There are easy to use tools for
+ drawing lines, ellipses and rectangles, and the freehand tool is supported by
+ pluggable "drawing assistants" that help you draw shapes that still have a
+ freehand feeling to them.
.
This package is part of the Calligra Suite.
@@ -337,8 +339,8 @@
Package: calligrasheets
Architecture: any
Section: math
-Replaces: kspread (<< 1:2.4)
-Breaks: kspread (<< 1:2.4)
+Replaces: kspread (<< 1:2.4), calligra-data (<< 1:2.4.3-2)
+Breaks: kspread (<< 1:2.4), calligra-data (<< 1:2.4.3-2)
Depends: ${misc:Depends}, ${shlibs:Depends}, calligra-libs (= ${binary:Version})
Suggests: khelpcenter4
Homepage: http://www.calligra-suite.org/sheets/
@@ -384,6 +386,8 @@
Architecture: all
Section: text
Depends: ${misc:Depends}
+Breaks: calligra-data (<< 1:2.4.3-2)
+Replaces: calligra-data (<< 1:2.4.3-2)
Homepage: http://www.calligra-suite.org/words/
Description: data files for Words word processor
This package contains architecture-independent data files for Words,
@@ -396,8 +400,8 @@
Package: calligrastage
Architecture: any
Section: kde
-Replaces: kpresenter (<< 1:2.4)
-Breaks: kpresenter (<< 1:2.4)
+Replaces: kpresenter (<< 1:2.4), calligra-data (<< 1:2.4.3-2)
+Breaks: kpresenter (<< 1:2.4), calligra-data (<< 1:2.4.3-2)
Depends: ${misc:Depends}, ${shlibs:Depends}, calligra-libs (= ${binary:Version})
Suggests: khelpcenter4
Homepage: http://www.calligra-suite.org/stage/
diff -Nru calligra-2.4.3/debian/karbon.install calligra-2.4.3/debian/karbon.install
--- calligra-2.4.3/debian/karbon.install 2012-06-29 09:29:56.000000000 -0300
+++ calligra-2.4.3/debian/karbon.install 2012-08-19 14:54:05.000000000 -0300
@@ -44,3 +44,5 @@
usr/share/kde4/services/karbonpart.desktop
usr/share/kde4/services/karbontools.desktop
usr/share/kde4/servicetypes/karbon_module.desktop
+usr/share/templates/.source/Illustration.karbon
+usr/share/templates/Illustration.desktop
diff -Nru calligra-2.4.3/debian/patches/series calligra-2.4.3/debian/patches/series
--- calligra-2.4.3/debian/patches/series 2012-06-29 09:29:56.000000000 -0300
+++ calligra-2.4.3/debian/patches/series 2012-08-19 14:54:05.000000000 -0300
@@ -1 +1,2 @@
do_not_link_blas.diff
+upstream_Make-sure-not-to-write-behind-the-allocated-memory.patch
diff -Nru calligra-2.4.3/debian/patches/upstream_Make-sure-not-to-write-behind-the-allocated-memory.patch calligra-2.4.3/debian/patches/upstream_Make-sure-not-to-write-behind-the-allocated-memory.patch
--- calligra-2.4.3/debian/patches/upstream_Make-sure-not-to-write-behind-the-allocated-memory.patch 1969-12-31 21:00:00.000000000 -0300
+++ calligra-2.4.3/debian/patches/upstream_Make-sure-not-to-write-behind-the-allocated-memory.patch 2012-08-19 14:54:05.000000000 -0300
@@ -0,0 +1,31 @@
+From 7d72f7dd8d28d18c59a08a7d43bd4e0654043103 Mon Sep 17 00:00:00 2001
+From: Thorsten Zachmann <t.zachmann@zagge.de>
+Date: Sat, 4 Aug 2012 06:42:14 +0200
+Subject: [PATCH] Make sure not to write behind the allocated memory
+
+Validate the input data to not write behind the allocated memory. This fixes a
+buffer overflow found by Charlie Miller.
+(cherry picked from commit 8652ab672eaaa145dfb3782f5011de58aa4cc046)
+---
+ filters/words/msword-odf/wv2/src/styles.cpp | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/filters/words/msword-odf/wv2/src/styles.cpp b/filters/words/msword-odf/wv2/src/styles.cpp
+index c3132f0..0d691f5 100644
+--- a/filters/words/msword-odf/wv2/src/styles.cpp
++++ b/filters/words/msword-odf/wv2/src/styles.cpp
+@@ -248,6 +248,11 @@ throw(InvalidFormatException)
+ #ifdef WV2_DEBUG_STYLESHEET
+ wvlog << "cbUPX: " << cbUPX << endl;
+ #endif
++ // do not overflow the allocated buffer grupx
++ if (offset + cbUPX > grupxLen) {
++ wvlog << "====> Error: grupx would overflow!" << endl;
++ return false;
++ }
+ for ( U16 j = 0; j < cbUPX; ++j ) {
+ grupx[ offset + j ] = stream->readU8(); // read the whole UPX
+ #ifdef WV2_DEBUG_STYLESHEET
+--
+1.7.10.4
+
diff -Nru calligra-2.4.3/debian/rules calligra-2.4.3/debian/rules
--- calligra-2.4.3/debian/rules 2012-06-29 09:29:56.000000000 -0300
+++ calligra-2.4.3/debian/rules 2012-08-19 14:54:05.000000000 -0300
@@ -11,7 +11,7 @@
dh $@ --parallel --with kde --with sodeps
override_dh_auto_configure:
- dh_auto_configure -- -DIHAVEPATCHEDQT=ON
+ dh_auto_configure -Skde -- -DIHAVEPATCHEDQT=ON
override_dh_install:
dh_install --list-missing
Attachment:
signature.asc
Description: This is a digitally signed message part.