Bug#774680: unblock (pre-approval): x2goclient/4.0.3.1-2
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please consider unblocking of planned upload of package x2goclient
* debian/patches:
-> This package pulls in two commits from upstream fixing the following
issues:
+ Add 0001_use-QUrl::toPercentEncoding-for-encoding-broker-passwords.patch.
Correctly encode passwords before sending them to the session broker via
http(s). (Closes: #773348).
-> Passwords sent to an X2Go Session Broker are not URL-encoded properly
in x2goclient 4.0.3.1-1 Furthermore, passwords containing ampersands could
be used to inject unwanted URL parameters into the broker http(s)
request.
+ Add 0002_fix-GUI-for-session-profile-subfolders.patch. Fix a GUI
layout/resizing issue for session profiles with profile subfolders.
-> This second patch fixes a nasty layout issue when resizing the X2Go
Client GUI window for people using the new session profile subfoldering
feature. See [1].
[1] http://bugs.x2go.org/cgi-bin/bugreport.cgi?msg=5;filename=session-folder-placement.png;att=1;bug=681
unblock x2goclient/4.0.3.1-2
-- System Information:
Debian Release: 8.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'testing-updates'), (500, 'testing-proposed-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru x2goclient-4.0.3.1/debian/changelog x2goclient-4.0.3.1/debian/changelog
--- x2goclient-4.0.3.1/debian/changelog 2014-11-27 11:09:12.000000000 +0100
+++ x2goclient-4.0.3.1/debian/changelog 2015-01-06 05:58:24.000000000 +0100
@@ -1,3 +1,14 @@
+x2goclient (4.0.3.1-2) unstable; urgency=medium
+
+ * debian/patches:
+ + Add 0001_use-QUrl::toPercentEncoding-for-encoding-broker-passwords.patch.
+ Correctly encode passwords before sending them to the session broker via
+ http(s). (Closes: #773348).
+ + Add 0002_fix-GUI-for-session-profile-subfolders.patch. Fix a GUI
+ layout/resizing issue for session profiles with profile subfolders.
+
+ -- Mike Gabriel <sunweaver@debian.org> Tue, 06 Jan 2015 05:57:53 +0100
+
x2goclient (4.0.3.1-1) unstable; urgency=medium
* New upstream release.
diff -Nru x2goclient-4.0.3.1/debian/patches/0001_use-QUrl::toPercentEncoding-for-encoding-broker-passwords.patch x2goclient-4.0.3.1/debian/patches/0001_use-QUrl::toPercentEncoding-for-encoding-broker-passwords.patch
--- x2goclient-4.0.3.1/debian/patches/0001_use-QUrl::toPercentEncoding-for-encoding-broker-passwords.patch 1970-01-01 01:00:00.000000000 +0100
+++ x2goclient-4.0.3.1/debian/patches/0001_use-QUrl::toPercentEncoding-for-encoding-broker-passwords.patch 2015-01-06 05:45:56.000000000 +0100
@@ -0,0 +1,63 @@
+From: Jason Alavaliant <alavaliant@ra09.com>
+Date: Wed, 17 Dec 2014 10:14:02 +0000 (+0100)
+Subject: Use QUrl::toPercentEncoding() method to properly encode passwords sent to X2Go Sessio...
+X-Git-Url: http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff_plain;h=db7c2f3009d9f39cdf8a85327c632dcb643f631c
+
+Use QUrl::toPercentEncoding() method to properly encode passwords sent to X2Go Session Broker. (Fixes: #705).
+---
+
+#diff --git a/debian/changelog b/debian/changelog
+#index 1a034f3..1a2701d 100644
+#--- a/debian/changelog
+#+++ b/debian/changelog
+#@@ -9,6 +9,11 @@ x2goclient (4.0.3.2-0x2go1) UNRELEASED; urgency=medium
+# * New upstream release (4.0.3.2):
+# - Provide empty Turkish translation file.
+#
+#+ [ Jason Alavaliant ]
+#+ * New upstream verson (4.0.3.2):
+#+ - Use QUrl::toPercentEncoding() method to properly encode passwords sent
+#+ to X2Go Session Broker. (Fixes: #705).
+#+
+# [ Mike DePaulo ]
+# * New upstream release (4.0.3.2):
+# - Windows: Fix compatibility with PulseAudio 6.0
+diff --git a/httpbrokerclient.cpp b/httpbrokerclient.cpp
+index fc4d891..3701c12 100644
+--- a/httpbrokerclient.cpp
++++ b/httpbrokerclient.cpp
+@@ -251,8 +251,8 @@ void HttpBrokerClient::getUserSessions()
+ QString req;
+ QTextStream ( &req ) <<
+ "task=listsessions&"<<
+- "user="<<brokerUser<<"&"<<
+- "password="<<config->brokerPass<<"&"<<
++ "user="<<QUrl::toPercentEncoding(brokerUser)<<"&"<<
++ "password="<<QUrl::toPercentEncoding(config->brokerPass)<<"&"<<
+ "authid="<<nextAuthId;
+
+ x2goDebug << "sending request: "<< req.toUtf8();
+@@ -290,8 +290,8 @@ void HttpBrokerClient::selectUserSession(const QString& session)
+ QTextStream ( &req ) <<
+ "task=selectsession&"<<
+ "sid="<<session<<"&"<<
+- "user="<<brokerUser<<"&"<<
+- "password="<<config->brokerPass<<"&"<<
++ "user="<<QUrl::toPercentEncoding(brokerUser)<<"&"<<
++ "password="<<QUrl::toPercentEncoding(config->brokerPass)<<"&"<<
+ "authid="<<nextAuthId;
+ x2goDebug << "sending request: "<< req.toUtf8();
+ QNetworkRequest request(QUrl(config->brokerurl));
+@@ -324,9 +324,9 @@ void HttpBrokerClient::changePassword(QString newPass)
+ QString req;
+ QTextStream ( &req ) <<
+ "task=setpass&"<<
+- "newpass="<<newPass<<"&"<<
+- "user="<<brokerUser<<"&"<<
+- "password="<<config->brokerPass<<"&"<<
++ "newpass="<<QUrl::toPercentEncoding(newPass)<<"&"<<
++ "user="<<QUrl::toPercentEncoding(brokerUser)<<"&"<<
++ "password="<<QUrl::toPercentEncoding(config->brokerPass)<<"&"<<
+ "authid="<<nextAuthId;
+ x2goDebug << "sending request: "<< req.toUtf8();
+ QNetworkRequest request(QUrl(config->brokerurl));
diff -Nru x2goclient-4.0.3.1/debian/patches/0002_fix-GUI-for-session-profile-subfolders.patch x2goclient-4.0.3.1/debian/patches/0002_fix-GUI-for-session-profile-subfolders.patch
--- x2goclient-4.0.3.1/debian/patches/0002_fix-GUI-for-session-profile-subfolders.patch 1970-01-01 01:00:00.000000000 +0100
+++ x2goclient-4.0.3.1/debian/patches/0002_fix-GUI-for-session-profile-subfolders.patch 2015-01-06 05:48:40.000000000 +0100
@@ -0,0 +1,56 @@
+From: Oleksandr Shneyder <o.shneyder@phoca-gmbh.de>
+Date: Thu, 27 Nov 2014 10:37:28 +0000 (+0100)
+Subject: Fix placement of session folders in session card column.
+X-Git-Url: http://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff_plain;h=cd1ae314378c6cd7c0dc80b6accc31828965e2bd;hp=05365223d5620215181b8380160f90bcd1912180
+
+Fix placement of session folders in session card column.
+---
+
+#diff --git a/debian/changelog b/debian/changelog
+#index c4ae8a9..cb576b8 100644
+#--- a/debian/changelog
+#+++ b/debian/changelog
+#@@ -20,6 +20,7 @@ x2goclient (4.0.3.1-0x2go1) unstable; urgency=medium
+# - Split Sessions config widget into Input/output and Media widgets.
+# (Fixes: #643).
+# - Reformat onmainwindow.cpp
+#+ - Fix placement of session folders in session card column.
+#
+# -- Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Thu, 27 Nov 2014 11:00:17 +0100
+#
+diff --git a/onmainwindow.cpp b/onmainwindow.cpp
+index 0c3bce8..fa6c8f1 100644
+--- a/onmainwindow.cpp
++++ b/onmainwindow.cpp
+@@ -1272,6 +1272,19 @@ void ONMainWindow::slotResize ( const QSize sz )
+ }
+ else
+ {
++ QList<FolderButton*>::iterator fit;
++ QList<FolderButton*>::iterator fend=sessionExplorer->getFoldersList()->end();
++ for ( fit=sessionExplorer->getFoldersList()->begin(); fit!=fend; fit++ )
++ {
++ if ( !miniMode )
++ ( *fit )->move (
++ ( usize-360 ) /2,
++ ( *fit )->pos().y() );
++ else
++ ( *fit )->move (
++ ( usize-250 ) /2,
++ ( *fit )->pos().y() );
++ }
+ QList<SessionButton*>::iterator it;
+ QList<SessionButton*>::iterator end=sessionExplorer->getSessionsList()->end();
+ for ( it=sessionExplorer->getSessionsList()->begin(); it!=end; it++ )
+diff --git a/onmainwindow_privat.h b/onmainwindow_privat.h
+index 037483f..d04de8a 100644
+--- a/onmainwindow_privat.h
++++ b/onmainwindow_privat.h
+@@ -137,6 +137,7 @@
+ #include "configdialog.h"
+ #include "editconnectiondialog.h"
+ #include "sessionbutton.h"
++#include "folderbutton.h"
+ #include "sessionexplorer.h"
+ #include "sessionmanagedialog.h"
+ #include "x2gologdebug.h"
diff -Nru x2goclient-4.0.3.1/debian/patches/series x2goclient-4.0.3.1/debian/patches/series
--- x2goclient-4.0.3.1/debian/patches/series 2014-10-21 13:13:04.000000000 +0200
+++ x2goclient-4.0.3.1/debian/patches/series 2015-01-06 05:56:47.000000000 +0100
@@ -1 +1,3 @@
+0001_use-QUrl::toPercentEncoding-for-encoding-broker-passwords.patch
+0002_fix-GUI-for-session-profile-subfolders.patch
1001_deprecated-apache2-config.patch
Reply to: