[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1113750: trixie-pu: package stardict/3.0.7+git20220909+dfsg-8+deb13u1(CVE-2025-55014)

Package: release.debian.org
Severity: normal
Tags: trixie
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: atzlinux@debian.org
Control: affects -1 + src:stardict

[ Reason ]
Closes: #1110370 CVE-2025-55014
Closes: #806960

[ Impact ]
User will not install network-dictionary plugin default.
If user need to use network-dictionary function, it need to install new
stardict-plugin-network-dictionary package.

[ Tests ]
I installed the updated package on my notebook and tested it,
bugs and CVE fixed.

[ Risks ]
No known risks.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
 1. disable build and not install stardict_dictdotcn.so, Closes: #806960
 2. move stardict_youdaodict.so plugin from stardict-plugin package to a new
    binary package stardict-plugin-network-dictionary,
    these changes Closes: #1110370 CVE-2025-55014

[ Other info ]
 No.

This is my first stable update ever, please be gentle in case I
missed something :-)

Cheers!

xiao sheng wen (atzlinux)

diff -Nru stardict-3.0.7+git20220909+dfsg/debian/changelog stardict-3.0.7+git20220909+dfsg/debian/changelog
--- stardict-3.0.7+git20220909+dfsg/debian/changelog	2024-08-16 15:48:15.000000000 +0800
+++ stardict-3.0.7+git20220909+dfsg/debian/changelog	2025-09-02 10:34:26.000000000 +0800
@@ -1,3 +1,26 @@
+stardict (3.0.7+git20220909+dfsg-8+deb13u1) trixie; urgency=medium
+
+  * Update d/gbp.conf for trixie-specific
+
+ -- xiao sheng wen <atzlinux@sina.com>  Tue, 02 Sep 2025 10:34:26 +0800
+
+stardict (3.0.7+git20220909+dfsg-8) unstable; urgency=medium
+
+  * remove stardict_youdaodict.so plugin from stardict-plugin package,
+    Closes: #1110370 CVE-2025-55014
+  * split network-dictionary plugin to a new binary package
+    stardict-plugin-network-dictionary
+  * add d/NEWS.Debian
+
+ -- xiao sheng wen <atzlinux@sina.com>  Mon, 11 Aug 2025 10:46:11 +0800
+
+stardict (3.0.7+git20220909+dfsg-7) unstable; urgency=medium
+
+  * d/stardict-plugin.install:not install stardict_dictdotcn.so, Closes: #806960
+  * d/rules:Added --disable-dictdotcn option, dictdotcn is not provid server now
+
+ -- xiao sheng wen <atzlinux@sina.com>  Wed, 06 Aug 2025 14:09:39 +0800
+
 stardict (3.0.7+git20220909+dfsg-6) unstable; urgency=medium
 
   * add d/p/fix-gcc14-FTBFS#1078396.patch (Closes: #1078396) Thanks Nilesh Patra
diff -Nru stardict-3.0.7+git20220909+dfsg/debian/control stardict-3.0.7+git20220909+dfsg/debian/control
--- stardict-3.0.7+git20220909+dfsg/debian/control	2024-07-06 16:38:36.000000000 +0800
+++ stardict-3.0.7+git20220909+dfsg/debian/control	2025-09-02 10:23:51.000000000 +0800
@@ -237,6 +237,35 @@
  To use this info plugin, please input "info" prefix before string.
  For example: "info printf".
 
+Package: stardict-plugin-network-dictionary
+Architecture: any
+Depends:
+ ${misc:Depends}, ${shlibs:Depends},
+ stardict-gtk (= ${binary:Version}),
+Recommends: stardict-plugin (= ${binary:Version})
+Replaces: stardict-plugin
+Description: International dictionary lookup program - network dictionary plugin
+ StarDict is a cross-platform international dictionary lookup program.
+ .
+ Main features:
+  * Glob-style pattern matching search
+  * Fuzzy search
+  * Working from system tray
+  * Scanning mouse selection and showing pop-up windows with translation of
+    selected words
+  * Pronouncing of the translated words
+  * Plugins support
+  * ..and more
+ .
+ This package contains network-dictionary plugin for StarDict which can query
+ word through the network.
+ .
+ *Warning*
+  * The query word will send through the network use plain-text in this plugin!
+  * Please do *NOT* selects any confidential data to query dictionary
+  * When enable "Scan" function on stardict, the selected text will sended on
+    the net at once.
+
 Package: stardict-plugin
 Architecture: any
 Depends:
@@ -251,6 +280,7 @@
  stardict-plugin-cal (= ${binary:Version}),
  stardict-plugin-fortune (= ${binary:Version}),
  stardict-plugin-info (= ${binary:Version}),
+ stardict-plugin-network-dictionary (= ${binary:Version}),
 Description: International dictionary lookup program - common plugins
  StarDict is a cross-platform international dictionary lookup program.
  .
@@ -277,7 +307,6 @@
   - stardict_flite plugin
   - stardict_gucharmap plugin
   - stardict_update_info plugin
-  - stardict_youdaodict plugin
   - stardict_multi_cmd plugin(add in 3.0.7+git20220909)
 
 Package: stardict-common
diff -Nru stardict-3.0.7+git20220909+dfsg/debian/gbp.conf stardict-3.0.7+git20220909+dfsg/debian/gbp.conf
--- stardict-3.0.7+git20220909+dfsg/debian/gbp.conf	2024-07-06 16:38:36.000000000 +0800
+++ stardict-3.0.7+git20220909+dfsg/debian/gbp.conf	2025-09-02 10:33:19.000000000 +0800
@@ -1,4 +1,5 @@
 [DEFAULT]
+debian-branch = debian/trixie
 pristine-tar = True
 
 [pq]
diff -Nru stardict-3.0.7+git20220909+dfsg/debian/NEWS.Debian stardict-3.0.7+git20220909+dfsg/debian/NEWS.Debian
--- stardict-3.0.7+git20220909+dfsg/debian/NEWS.Debian	1970-01-01 08:00:00.000000000 +0800
+++ stardict-3.0.7+git20220909+dfsg/debian/NEWS.Debian	2025-09-02 10:23:51.000000000 +0800
@@ -0,0 +1,13 @@
+stardict (3.0.7+git20220909+dfsg-8) unstable; urgency=medium
+
+  The stardict_youdaodict.so plugin is remove from stardict-plugin package,
+  and move them to a new binary package stardict-plugin-network-dictionary.
+
+ -- xiao sheng wen <atzlinux@debian.org>  Mon, 11 Aug 2025 10:36:28 +0800
+
+stardict (3.0.7+git20220909+dfsg-7) unstable; urgency=medium
+
+  This version disable the stardict_dictdotcn.so plugin in stardict-plugin
+  package, as dictdotcn is not in services.
+
+ -- xiao sheng wen <atzlinux@sina.com>  Wed, 06 Aug 2025 14:09:39 +0800
diff -Nru stardict-3.0.7+git20220909+dfsg/debian/rules stardict-3.0.7+git20220909+dfsg/debian/rules
--- stardict-3.0.7+git20220909+dfsg/debian/rules	2024-07-06 16:38:36.000000000 +0800
+++ stardict-3.0.7+git20220909+dfsg/debian/rules	2025-09-02 10:23:51.000000000 +0800
@@ -14,6 +14,7 @@
 
 override_dh_auto_configure:
 	dh_auto_configure -- \
+               --disable-dictdotcn \
                --disable-gnome-support
 
 execute_after_dh_auto_build:
diff -Nru stardict-3.0.7+git20220909+dfsg/debian/stardict-plugin.install stardict-3.0.7+git20220909+dfsg/debian/stardict-plugin.install
--- stardict-3.0.7+git20220909+dfsg/debian/stardict-plugin.install	2024-07-06 16:38:36.000000000 +0800
+++ stardict-3.0.7+git20220909+dfsg/debian/stardict-plugin.install	2025-09-02 10:23:51.000000000 +0800
@@ -6,11 +6,9 @@
 usr/lib/*/stardict/plugins/stardict_powerword_parsedata.so
 usr/lib/*/stardict/plugins/stardict_wordnet_parsedata.so
 usr/lib/*/stardict/plugins/stardict_wiki_parsedata.so
-usr/lib/*/stardict/plugins/stardict_dictdotcn.so
 usr/lib/*/stardict/plugins/customdict.so
 usr/lib/*/stardict/plugins/stardict_espeak_ng.so
 usr/lib/*/stardict/plugins/stardict_flite.so
 usr/lib/*/stardict/plugins/stardict_gucharmap.so
 usr/lib/*/stardict/plugins/stardict_update_info.so
-usr/lib/*/stardict/plugins/stardict_youdaodict.so
 usr/lib/*/stardict/plugins/stardict_multi_cmd.so
diff -Nru stardict-3.0.7+git20220909+dfsg/debian/stardict-plugin-network-dictionary.install stardict-3.0.7+git20220909+dfsg/debian/stardict-plugin-network-dictionary.install
--- stardict-3.0.7+git20220909+dfsg/debian/stardict-plugin-network-dictionary.install	1970-01-01 08:00:00.000000000 +0800
+++ stardict-3.0.7+git20220909+dfsg/debian/stardict-plugin-network-dictionary.install	2025-09-02 10:23:51.000000000 +0800
@@ -0,0 +1 @@
+usr/lib/*/stardict/plugins/stardict_youdaodict.so
Reply to: