[Pkg-kde-talk] Re: Please allow kdenetwork and kdelibs into Sarge

Steve Langasek vorlon@debian.org
Wed, 11 May 2005 03:48:38 -0700 

--a8Wt8u1KmwUX3Y2C
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi Christopher,

On Tue, May 10, 2005 at 09:28:36AM -0400, Christopher Martin wrote:

> > > As for kdelibs, the sole change between 4:3.3.2-5 and 4:3.3.2-6 is th=
at
> > > we added a very small patch (from upstream) to upstream's latest
> > > security fix, which caused regressions reading some image files.
> > > Definitely worth getting into Sarge, even if the problem doesn't seem
> > > to have security implications.

> > > 23_kimgio_fix.diff
> > > --- kde.orig/kimgio/rgb.cpp
> > > +++ kde.patched/kimgio/rgb.cpp
> > > @@ -272,7 +272,8 @@ bool SGIImage::readImage(QImage& img)
> > >         // sanity ckeck
> > >         if (m_rle)
> > >                 for (uint o =3D 0; o < m_numrows; o++)
> > > -                       if (m_starttab[o] + m_lengthtab[o] >=3D
> > > m_data.size()) {
> > > +                       // do not convert to >=3D
> > > +                       if (m_starttab[o] + m_lengthtab[o] >
> > > m_data.size()) {
> > >                                 kdDebug(399) << "image corrupt (sanity
> > > check failed)" << endl;
> > >                                 return false;
> > >                         }

> > The accompanying changelog isn't very enlightening; what filetypes are
> > broken, and why?  Can you offer a pointer to discussion of this bug?

> Certainly. The security advisory can be found at=20
> http://www.kde.org/info/security/advisory-20050504-1.txt. In summary, mos=
t=20
> RGB files (an older SGI format, but it's still around) can no longer be=
=20
> read. The one-line change (from upstream) we added between -5 and -6 fixe=
s=20
> this regression.

Ok, also approved.

Thanks,
--=20
Steve Langasek
postmodern programmer

--a8Wt8u1KmwUX3Y2C
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCgeMBKN6ufymYLloRAsliAKCC7h0ILtxZxb47cGxRWh67HhCp5gCghJx0
TnorgBRah1TjwmYCn4K+PDA=
=OwsM
-----END PGP SIGNATURE-----

--a8Wt8u1KmwUX3Y2C--