Bug#688402: marked as done (unblock : keepass2 2.19+dfsg-2)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Sat, 22 Sep 2012 18:03:17 +0100
with message-id <1348333397.7146.22.camel@jacala.jungle.funky-badger.org>
and subject line Re: Bug#688402: unblock : keepass2  2.19+dfsg-2
has caused the Debian Bug report #688402,
regarding unblock : keepass2  2.19+dfsg-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
688402: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688402
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock : keepass2 2.19+dfsg-2
• From: Julian Taylor <jtaylor.debian@googlemail.com>
• Date: Sat, 22 Sep 2012 14:55:27 +0200
• Message-id: <[🔎] 505DB53F.6060203@googlemail.com>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hi,
please unblock keepass2  2.19+dfsg-2 it fixes an insecure tempfile
creation issue and an works around an important issue in mono winforms
which can prevent the program from starting (#686017).

thanks
Julian Taylor

diff -Nru keepass2-2.19+dfsg/debian/changelog keepass2-2.19+dfsg/debian/changelog
--- keepass2-2.19+dfsg/debian/changelog	2012-05-02 19:21:30.000000000 +0200
+++ keepass2-2.19+dfsg/debian/changelog	2012-09-17 21:32:24.000000000 +0200
@@ -1,4 +1,14 @@
-keepass2 (2.19+dfsg-1) UNRELEASED; urgency=low
+keepass2 (2.19+dfsg-2) unstable; urgency=medium
+
+  * fix-insecure-tempfile-use.patch:
+    - create small tempfiles in user owned directory instead of /tmp
+  * enforce-minimum-window-and-slider-size.patch:
+    - Closes: #686017
+  * suggest mono-dmcs needed to compile plugins
+
+ -- Julian Taylor <jtaylor.debian@googlemail.com>  Mon, 17 Sep 2012 19:31:53 +0000
+
+keepass2 (2.19+dfsg-1) unstable; urgency=low
 
   * New upstream release (LP: #990557)
     - drop upstream applied fix-winforms-eventordering.patch
diff -Nru keepass2-2.19+dfsg/debian/control keepass2-2.19+dfsg/debian/control
--- keepass2-2.19+dfsg/debian/control	2012-05-02 19:21:30.000000000 +0200
+++ keepass2-2.19+dfsg/debian/control	2012-09-17 21:32:24.000000000 +0200
@@ -19,7 +19,7 @@
 Package: keepass2
 Architecture: all
 Depends: ${cli:Depends}, ${misc:Depends}
-Suggests: keepass2-doc, xdotool
+Suggests: keepass2-doc, mono-dmcs, xdotool
 Description: Password manager
  KeePass is a easy-to-use password manager for Windows, Linux, Mac OS X and
  mobile devices. You can store your passwords in highly-encrypted databases,
diff -Nru keepass2-2.19+dfsg/debian/patches/enforce-minimum-window-and-slider-size.patch keepass2-2.19+dfsg/debian/patches/enforce-minimum-window-and-slider-size.patch
--- keepass2-2.19+dfsg/debian/patches/enforce-minimum-window-and-slider-size.patch	1970-01-01 01:00:00.000000000 +0100
+++ keepass2-2.19+dfsg/debian/patches/enforce-minimum-window-and-slider-size.patch	2012-09-17 21:32:24.000000000 +0200
@@ -0,0 +1,52 @@
+From: Julian Taylor <jtaylor.debian@googlemail.com>
+Date: Mon, 17 Sep 2012 21:15:05 +0200
+Subject: enforce minimum window and slider size
+
+Winforms crashes when the listview elements are not visible on loading.
+As the windows sizes are recalled on each start this can prevent keepass
+from opening.
+To avoid this set a minimum window and slider size so the elements are
+always visible.
+
+Applied-Upstream: 2.20
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686017
+---
+ KeePass/Forms/MainForm.cs |   18 +++++++++++++++++-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+--- a/KeePass/Forms/MainForm.cs
++++ b/KeePass/Forms/MainForm.cs
+@@ -239,7 +239,17 @@
+ 
+ 			if((sizeX != AppDefs.InvalidWindowValue) &&
+ 				(sizeY != AppDefs.InvalidWindowValue) && bWndValid)
++			{
++				if(MonoWorkarounds.IsRequired) // Debian 686017
++				{
++					sizeX = Math.Max(250, sizeX);
++					sizeY = Math.Max(250, sizeY);
++				}
++
+ 				this.Size = new Size(sizeX, sizeY);
++			}
++			if(MonoWorkarounds.IsRequired) // Debian 686017
++				this.MinimumSize = new Size(250, 250);
+ 
+ 			Rectangle rectRestWindow = new Rectangle(wndX, wndY,
+ 				this.Size.Width, this.Size.Height);
+@@ -323,8 +333,14 @@
+ 			{
+ 				float fSplitPos = mw.SplitterHorizontalFrac;
+ 				if(fSplitPos == float.Epsilon) fSplitPos = 0.8333f;
+-				m_splitHorizontal.SplitterDistance = (int)Math.Round(fSplitPos *
++				// m_splitHorizontal.SplitterDistance = (int)Math.Round(fSplitPos *
++				//	(double)m_splitHorizontal.Height);
++				int iSplitDist = (int)Math.Round(fSplitPos *
+ 					(double)m_splitHorizontal.Height);
++				if(MonoWorkarounds.IsRequired) // Debian 686017
++					m_splitHorizontal.SplitterDistance = Math.Max(35, iSplitDist);
++				else
++					m_splitHorizontal.SplitterDistance = iSplitDist;
+ 
+ 				fSplitPos = mw.SplitterVerticalFrac;
+ 				if(fSplitPos == float.Epsilon) fSplitPos = 0.25f;
diff -Nru keepass2-2.19+dfsg/debian/patches/fix-insecure-tempfile-use.patch keepass2-2.19+dfsg/debian/patches/fix-insecure-tempfile-use.patch
--- keepass2-2.19+dfsg/debian/patches/fix-insecure-tempfile-use.patch	1970-01-01 01:00:00.000000000 +0100
+++ keepass2-2.19+dfsg/debian/patches/fix-insecure-tempfile-use.patch	2012-09-17 21:32:24.000000000 +0200
@@ -0,0 +1,156 @@
+From: Julian Taylor <jtaylor.debian@googlemail.com>
+Date: Sun, 16 Sep 2012 17:03:31 +0200
+Subject: fix insecure tempfile use
+
+create messaging and mutex files in XDG_{RUNTIME,DATA}_DIR instead of
+/tmp
+Applied-Upstream: 2.21
+---
+ KeePass/Plugins/PlgxPlugin.cs      |    2 +-
+ KeePass/Program.cs                 |    2 +-
+ KeePass/Util/GlobalMutexPool.cs    |    3 ++-
+ KeePass/Util/IpcBroadcast.Fsw.cs   |    5 +++--
+ KeePass/Util/IpcUtilEx.cs          |    2 +-
+ KeePass/Util/WinUtil.cs            |    2 +-
+ KeePassLib/Native/NativeMethods.cs |   21 +++++++++++++++++++++
+ KeePassLib/Utility/UrlUtil.cs      |   17 +++++++++++++++++
+ 8 files changed, 47 insertions(+), 7 deletions(-)
+
+--- a/KeePass/Plugins/PlgxPlugin.cs
++++ b/KeePass/Plugins/PlgxPlugin.cs
+@@ -270,7 +270,7 @@
+ 
+ 		private static string CreateTempDirectory()
+ 		{
+-			string strTmpRoot = Path.GetTempPath();
++			string strTmpRoot = UrlUtil.GetTempPath();
+ 			strTmpRoot = UrlUtil.EnsureTerminatingSeparator(strTmpRoot, false);
+ 			strTmpRoot += (new PwUuid(true)).ToHexString();
+ 
+--- a/KeePass/Program.cs
++++ b/KeePass/Program.cs
+@@ -279,7 +279,7 @@
+ 				try
+ 				{
+ 					string strFileOut = UrlUtil.EnsureTerminatingSeparator(
+-						Path.GetTempPath(), false) + "KeePass_UrlOverride.tmp";
++						UrlUtil.GetTempPath(), false) + "KeePass_UrlOverride.tmp";
+ 					string strContent = ("[KeePass]\r\nKeeURLOverride=" +
+ 						Program.Config.Integration.UrlOverride + "\r\n");
+ 					File.WriteAllText(strFileOut, strContent);
+--- a/KeePass/Util/GlobalMutexPool.cs
++++ b/KeePass/Util/GlobalMutexPool.cs
+@@ -201,7 +201,8 @@
+ 
+ 		private static string GetMutexPath(string strName)
+ 		{
+-			string strDir = UrlUtil.EnsureTerminatingSeparator(Path.GetTempPath(), false);
++			string strDir = UrlUtil.EnsureTerminatingSeparator(
++				UrlUtil.GetTempPath(), false);
+ 			return (strDir + IpcUtilEx.IpcMsgFilePreID + IpcBroadcast.GetUserID() +
+ 				"-Mutex-" + strName + ".tmp");
+ 		}
+--- a/KeePass/Util/IpcBroadcast.Fsw.cs
++++ b/KeePass/Util/IpcBroadcast.Fsw.cs
+@@ -49,7 +49,8 @@
+ 		{
+ 			if(m_strMsgFilePath != null) return;
+ 
+-			string strDir = UrlUtil.EnsureTerminatingSeparator(Path.GetTempPath(), false);
++			string strDir = UrlUtil.EnsureTerminatingSeparator(
++				UrlUtil.GetTempPath(), false);
+ 			m_strMsgFileName = IpcUtilEx.IpcMsgFilePreID + GetUserID() +
+ 				IpcUtilEx.IpcMsgFilePostID;
+ 			m_strMsgFilePath = strDir + m_strMsgFileName;
+@@ -109,7 +110,7 @@
+ 		{
+ 			FswEnsurePaths();
+ 
+-			m_fsw = new FileSystemWatcher(Path.GetTempPath(), m_strMsgFileName);
++			m_fsw = new FileSystemWatcher(UrlUtil.GetTempPath(), m_strMsgFileName);
+ 			m_fsw.IncludeSubdirectories = false;
+ 			m_fsw.NotifyFilter = (NotifyFilters.CreationTime | NotifyFilters.LastWrite);
+ 
+--- a/KeePass/Util/IpcUtilEx.cs
++++ b/KeePass/Util/IpcUtilEx.cs
+@@ -115,7 +115,7 @@
+ 		{
+ 			try
+ 			{
+-				string str = Path.GetTempPath();
++				string str = UrlUtil.GetTempPath();
+ 				str = UrlUtil.EnsureTerminatingSeparator(str, false);
+ 				
+ 				return (str + IpcMsgFilePreID + nId.ToString() + ".tmp");
+--- a/KeePass/Util/WinUtil.cs
++++ b/KeePass/Util/WinUtil.cs
+@@ -381,7 +381,7 @@
+ 				char chCur = char.ToUpper(strCur[0]);
+ 				if(chPar != chCur) return string.Empty;
+ 
+-				string strTemp = Path.GetTempPath();
++				string strTemp = UrlUtil.GetTempPath();
+ 				Directory.SetCurrentDirectory(strTemp);
+ 
+ 				return strCur;
+--- a/KeePassLib/Native/NativeMethods.cs
++++ b/KeePassLib/Native/NativeMethods.cs
+@@ -21,6 +21,10 @@
+ using System.Text;
+ using System.Security;
+ using System.Runtime.InteropServices;
++using System.IO;
++using System.Diagnostics;
++
++using KeePassLib.Utility;
+ 
+ namespace KeePassLib.Native
+ {
+@@ -150,5 +154,22 @@
+ 			return StrCmpLogicalW(x, y);
+ #endif
+ 		}
++
++		internal static string GetUserRuntimeDir()
++		{
++			string strRtDir = Environment.GetEnvironmentVariable("XDG_RUNTIME_DIR");
++			if(string.IsNullOrEmpty(strRtDir))
++				strRtDir = Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData);
++			if(string.IsNullOrEmpty(strRtDir))
++			{
++				Debug.Assert(false);
++				return Path.GetTempPath(); // Not UrlUtil (otherwise cyclic)
++			}
++
++			strRtDir = UrlUtil.EnsureTerminatingSeparator(strRtDir, false);
++			strRtDir += PwDefs.ShortProductName;
++
++			return strRtDir;
++		}
+ 	}
+ }
+--- a/KeePassLib/Utility/UrlUtil.cs
++++ b/KeePassLib/Utility/UrlUtil.cs
+@@ -588,5 +588,22 @@
+ 
+ 			return false;
+ 		}
++
++		public static string GetTempPath()
++		{
++			string strDir;
++			if(NativeLib.IsUnix())
++				strDir = NativeMethods.GetUserRuntimeDir();
++			else strDir = Path.GetTempPath();
++
++			try
++			{
++				if(Directory.Exists(strDir) == false)
++					Directory.CreateDirectory(strDir);
++			}
++			catch(Exception) { Debug.Assert(false); }
++
++			return strDir;
++		}
+ 	}
+ }
diff -Nru keepass2-2.19+dfsg/debian/patches/series keepass2-2.19+dfsg/debian/patches/series
--- keepass2-2.19+dfsg/debian/patches/series	2012-05-02 19:21:30.000000000 +0200
+++ keepass2-2.19+dfsg/debian/patches/series	2012-09-17 21:32:24.000000000 +0200
@@ -7,3 +7,5 @@
 enable-local-help.patch
 work-around-issues-with-autotype-and-keyboard-layout.patch
 disable-autoupdate-dialog.patch
+fix-insecure-tempfile-use.patch
+enforce-minimum-window-and-slider-size.patch

Attachment: signature.asc
Description: OpenPGP digital signature

--- End Message ---

--- Begin Message ---

• To: Julian Taylor <jtaylor.debian@googlemail.com>, 688402-done@bugs.debian.org
• Subject: Re: Bug#688402: unblock : keepass2 2.19+dfsg-2
• From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
• Date: Sat, 22 Sep 2012 18:03:17 +0100
• Message-id: <1348333397.7146.22.camel@jacala.jungle.funky-badger.org>
• In-reply-to: <[🔎] 505DB53F.6060203@googlemail.com>
• References: <[🔎] 505DB53F.6060203@googlemail.com>

On Sat, 2012-09-22 at 14:55 +0200, Julian Taylor wrote:
> please unblock keepass2  2.19+dfsg-2 it fixes an insecure tempfile
> creation issue and an works around an important issue in mono winforms
> which can prevent the program from starting (#686017).

Unblocked; thanks.

Regards,

Adam

--- End Message ---