Bug#688402: unblock : keepass2 2.19+dfsg-2

[Julian Taylor <jtaylor.debian@googlemail.com>]

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi,
please unblock keepass2  2.19+dfsg-2 it fixes an insecure tempfile
creation issue and an works around an important issue in mono winforms
which can prevent the program from starting (#686017).

thanks
Julian Taylor

diff -Nru keepass2-2.19+dfsg/debian/changelog keepass2-2.19+dfsg/debian/changelog
--- keepass2-2.19+dfsg/debian/changelog	2012-05-02 19:21:30.000000000 +0200
+++ keepass2-2.19+dfsg/debian/changelog	2012-09-17 21:32:24.000000000 +0200
@@ -1,4 +1,14 @@
-keepass2 (2.19+dfsg-1) UNRELEASED; urgency=low
+keepass2 (2.19+dfsg-2) unstable; urgency=medium
+
+  * fix-insecure-tempfile-use.patch:
+    - create small tempfiles in user owned directory instead of /tmp
+  * enforce-minimum-window-and-slider-size.patch:
+    - Closes: #686017
+  * suggest mono-dmcs needed to compile plugins
+
+ -- Julian Taylor <jtaylor.debian@googlemail.com>  Mon, 17 Sep 2012 19:31:53 +0000
+
+keepass2 (2.19+dfsg-1) unstable; urgency=low
 
   * New upstream release (LP: #990557)
     - drop upstream applied fix-winforms-eventordering.patch
diff -Nru keepass2-2.19+dfsg/debian/control keepass2-2.19+dfsg/debian/control
--- keepass2-2.19+dfsg/debian/control	2012-05-02 19:21:30.000000000 +0200
+++ keepass2-2.19+dfsg/debian/control	2012-09-17 21:32:24.000000000 +0200
@@ -19,7 +19,7 @@
 Package: keepass2
 Architecture: all
 Depends: ${cli:Depends}, ${misc:Depends}
-Suggests: keepass2-doc, xdotool
+Suggests: keepass2-doc, mono-dmcs, xdotool
 Description: Password manager
  KeePass is a easy-to-use password manager for Windows, Linux, Mac OS X and
  mobile devices. You can store your passwords in highly-encrypted databases,
diff -Nru keepass2-2.19+dfsg/debian/patches/enforce-minimum-window-and-slider-size.patch keepass2-2.19+dfsg/debian/patches/enforce-minimum-window-and-slider-size.patch
--- keepass2-2.19+dfsg/debian/patches/enforce-minimum-window-and-slider-size.patch	1970-01-01 01:00:00.000000000 +0100
+++ keepass2-2.19+dfsg/debian/patches/enforce-minimum-window-and-slider-size.patch	2012-09-17 21:32:24.000000000 +0200
@@ -0,0 +1,52 @@
+From: Julian Taylor <jtaylor.debian@googlemail.com>
+Date: Mon, 17 Sep 2012 21:15:05 +0200
+Subject: enforce minimum window and slider size
+
+Winforms crashes when the listview elements are not visible on loading.
+As the windows sizes are recalled on each start this can prevent keepass
+from opening.
+To avoid this set a minimum window and slider size so the elements are
+always visible.
+
+Applied-Upstream: 2.20
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686017
+---
+ KeePass/Forms/MainForm.cs |   18 +++++++++++++++++-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+--- a/KeePass/Forms/MainForm.cs
++++ b/KeePass/Forms/MainForm.cs
+@@ -239,7 +239,17 @@
+ 
+ 			if((sizeX != AppDefs.InvalidWindowValue) &&
+ 				(sizeY != AppDefs.InvalidWindowValue) && bWndValid)
++			{
++				if(MonoWorkarounds.IsRequired) // Debian 686017
++				{
++					sizeX = Math.Max(250, sizeX);
++					sizeY = Math.Max(250, sizeY);
++				}
++
+ 				this.Size = new Size(sizeX, sizeY);
++			}
++			if(MonoWorkarounds.IsRequired) // Debian 686017
++				this.MinimumSize = new Size(250, 250);
+ 
+ 			Rectangle rectRestWindow = new Rectangle(wndX, wndY,
+ 				this.Size.Width, this.Size.Height);
+@@ -323,8 +333,14 @@
+ 			{
+ 				float fSplitPos = mw.SplitterHorizontalFrac;
+ 				if(fSplitPos == float.Epsilon) fSplitPos = 0.8333f;
+-				m_splitHorizontal.SplitterDistance = (int)Math.Round(fSplitPos *
++				// m_splitHorizontal.SplitterDistance = (int)Math.Round(fSplitPos *
++				//	(double)m_splitHorizontal.Height);
++				int iSplitDist = (int)Math.Round(fSplitPos *
+ 					(double)m_splitHorizontal.Height);
++				if(MonoWorkarounds.IsRequired) // Debian 686017
++					m_splitHorizontal.SplitterDistance = Math.Max(35, iSplitDist);
++				else
++					m_splitHorizontal.SplitterDistance = iSplitDist;
+ 
+ 				fSplitPos = mw.SplitterVerticalFrac;
+ 				if(fSplitPos == float.Epsilon) fSplitPos = 0.25f;
diff -Nru keepass2-2.19+dfsg/debian/patches/fix-insecure-tempfile-use.patch keepass2-2.19+dfsg/debian/patches/fix-insecure-tempfile-use.patch
--- keepass2-2.19+dfsg/debian/patches/fix-insecure-tempfile-use.patch	1970-01-01 01:00:00.000000000 +0100
+++ keepass2-2.19+dfsg/debian/patches/fix-insecure-tempfile-use.patch	2012-09-17 21:32:24.000000000 +0200
@@ -0,0 +1,156 @@
+From: Julian Taylor <jtaylor.debian@googlemail.com>
+Date: Sun, 16 Sep 2012 17:03:31 +0200
+Subject: fix insecure tempfile use
+
+create messaging and mutex files in XDG_{RUNTIME,DATA}_DIR instead of
+/tmp
+Applied-Upstream: 2.21
+---
+ KeePass/Plugins/PlgxPlugin.cs      |    2 +-
+ KeePass/Program.cs                 |    2 +-
+ KeePass/Util/GlobalMutexPool.cs    |    3 ++-
+ KeePass/Util/IpcBroadcast.Fsw.cs   |    5 +++--
+ KeePass/Util/IpcUtilEx.cs          |    2 +-
+ KeePass/Util/WinUtil.cs            |    2 +-
+ KeePassLib/Native/NativeMethods.cs |   21 +++++++++++++++++++++
+ KeePassLib/Utility/UrlUtil.cs      |   17 +++++++++++++++++
+ 8 files changed, 47 insertions(+), 7 deletions(-)
+
+--- a/KeePass/Plugins/PlgxPlugin.cs
++++ b/KeePass/Plugins/PlgxPlugin.cs
+@@ -270,7 +270,7 @@
+ 
+ 		private static string CreateTempDirectory()
+ 		{
+-			string strTmpRoot = Path.GetTempPath();
++			string strTmpRoot = UrlUtil.GetTempPath();
+ 			strTmpRoot = UrlUtil.EnsureTerminatingSeparator(strTmpRoot, false);
+ 			strTmpRoot += (new PwUuid(true)).ToHexString();
+ 
+--- a/KeePass/Program.cs
++++ b/KeePass/Program.cs
+@@ -279,7 +279,7 @@
+ 				try
+ 				{
+ 					string strFileOut = UrlUtil.EnsureTerminatingSeparator(
+-						Path.GetTempPath(), false) + "KeePass_UrlOverride.tmp";
++						UrlUtil.GetTempPath(), false) + "KeePass_UrlOverride.tmp";
+ 					string strContent = ("[KeePass]\r\nKeeURLOverride=" +
+ 						Program.Config.Integration.UrlOverride + "\r\n");
+ 					File.WriteAllText(strFileOut, strContent);
+--- a/KeePass/Util/GlobalMutexPool.cs
++++ b/KeePass/Util/GlobalMutexPool.cs
+@@ -201,7 +201,8 @@
+ 
+ 		private static string GetMutexPath(string strName)
+ 		{
+-			string strDir = UrlUtil.EnsureTerminatingSeparator(Path.GetTempPath(), false);
++			string strDir = UrlUtil.EnsureTerminatingSeparator(
++				UrlUtil.GetTempPath(), false);
+ 			return (strDir + IpcUtilEx.IpcMsgFilePreID + IpcBroadcast.GetUserID() +
+ 				"-Mutex-" + strName + ".tmp");
+ 		}
+--- a/KeePass/Util/IpcBroadcast.Fsw.cs
++++ b/KeePass/Util/IpcBroadcast.Fsw.cs
+@@ -49,7 +49,8 @@
+ 		{
+ 			if(m_strMsgFilePath != null) return;
+ 
+-			string strDir = UrlUtil.EnsureTerminatingSeparator(Path.GetTempPath(), false);
++			string strDir = UrlUtil.EnsureTerminatingSeparator(
++				UrlUtil.GetTempPath(), false);
+ 			m_strMsgFileName = IpcUtilEx.IpcMsgFilePreID + GetUserID() +
+ 				IpcUtilEx.IpcMsgFilePostID;
+ 			m_strMsgFilePath = strDir + m_strMsgFileName;
+@@ -109,7 +110,7 @@
+ 		{
+ 			FswEnsurePaths();
+ 
+-			m_fsw = new FileSystemWatcher(Path.GetTempPath(), m_strMsgFileName);
++			m_fsw = new FileSystemWatcher(UrlUtil.GetTempPath(), m_strMsgFileName);
+ 			m_fsw.IncludeSubdirectories = false;
+ 			m_fsw.NotifyFilter = (NotifyFilters.CreationTime | NotifyFilters.LastWrite);
+ 
+--- a/KeePass/Util/IpcUtilEx.cs
++++ b/KeePass/Util/IpcUtilEx.cs
+@@ -115,7 +115,7 @@
+ 		{
+ 			try
+ 			{
+-				string str = Path.GetTempPath();
++				string str = UrlUtil.GetTempPath();
+ 				str = UrlUtil.EnsureTerminatingSeparator(str, false);
+ 				
+ 				return (str + IpcMsgFilePreID + nId.ToString() + ".tmp");
+--- a/KeePass/Util/WinUtil.cs
++++ b/KeePass/Util/WinUtil.cs
+@@ -381,7 +381,7 @@
+ 				char chCur = char.ToUpper(strCur[0]);
+ 				if(chPar != chCur) return string.Empty;
+ 
+-				string strTemp = Path.GetTempPath();
++				string strTemp = UrlUtil.GetTempPath();
+ 				Directory.SetCurrentDirectory(strTemp);
+ 
+ 				return strCur;
+--- a/KeePassLib/Native/NativeMethods.cs
++++ b/KeePassLib/Native/NativeMethods.cs
+@@ -21,6 +21,10 @@
+ using System.Text;
+ using System.Security;
+ using System.Runtime.InteropServices;
++using System.IO;
++using System.Diagnostics;
++
++using KeePassLib.Utility;
+ 
+ namespace KeePassLib.Native
+ {
+@@ -150,5 +154,22 @@
+ 			return StrCmpLogicalW(x, y);
+ #endif
+ 		}
++
++		internal static string GetUserRuntimeDir()
++		{
++			string strRtDir = Environment.GetEnvironmentVariable("XDG_RUNTIME_DIR");
++			if(string.IsNullOrEmpty(strRtDir))
++				strRtDir = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData);
++			if(string.IsNullOrEmpty(strRtDir))
++			{
++				Debug.Assert(false);
++				return Path.GetTempPath(); // Not UrlUtil (otherwise cyclic)
++			}
++
++			strRtDir = UrlUtil.EnsureTerminatingSeparator(strRtDir, false);
++			strRtDir += PwDefs.ShortProductName;
++
++			return strRtDir;
++		}
+ 	}
+ }
+--- a/KeePassLib/Utility/UrlUtil.cs
++++ b/KeePassLib/Utility/UrlUtil.cs
+@@ -588,5 +588,22 @@
+ 
+ 			return false;
+ 		}
++
++		public static string GetTempPath()
++		{
++			string strDir;
++			if(NativeLib.IsUnix())
++				strDir = NativeMethods.GetUserRuntimeDir();
++			else strDir = Path.GetTempPath();
++
++			try
++			{
++				if(Directory.Exists(strDir) == false)
++					Directory.CreateDirectory(strDir);
++			}
++			catch(Exception) { Debug.Assert(false); }
++
++			return strDir;
++		}
+ 	}
+ }
diff -Nru keepass2-2.19+dfsg/debian/patches/series keepass2-2.19+dfsg/debian/patches/series
--- keepass2-2.19+dfsg/debian/patches/series	2012-05-02 19:21:30.000000000 +0200
+++ keepass2-2.19+dfsg/debian/patches/series	2012-09-17 21:32:24.000000000 +0200
@@ -7,3 +7,5 @@
 enable-local-help.patch
 work-around-issues-with-autotype-and-keyboard-layout.patch
 disable-autoupdate-dialog.patch
+fix-insecure-tempfile-use.patch
+enforce-minimum-window-and-slider-size.patch

Attachment: signature.asc
Description: OpenPGP digital signature