Hi, Attached is the diff for my ktorrent 2.0.3+dfsg1-2.2 NMU.
This one is without touching the build-system (no quilt dependency). @the RM: please unblock this one that is less intrusive. @the maintainer: you can keep the 2.1 NMU in your packaging the 2.2 is IMHO gross, but the previous one was not complying with the FREEZE requirements. Cheers, -- ·O· Pierre Habouzit ··O [EMAIL PROTECTED] OOO http://www.madism.org
diff -u ktorrent-2.0.3+dfsg1/debian/changelog ktorrent-2.0.3+dfsg1/debian/changelog --- ktorrent-2.0.3+dfsg1/debian/changelog +++ ktorrent-2.0.3+dfsg1/debian/changelog @@ -1,3 +1,21 @@ +ktorrent (2.0.3+dfsg1-2.2) unstable; urgency=low + + * Non-maintainer upload. + * Redo the previous patch without kilt, integrating it into the buildsystem + directly (yuck !). + + -- Pierre Habouzit <[EMAIL PROTECTED]> Thu, 22 Mar 2007 16:41:39 +0100 + +ktorrent (2.0.3+dfsg1-2.1) unstable; urgency=high + + * Non-maintainer upload. + * Fix security issue (Closes: 414832, 414830): + + drop patch from #414832 in debian/patches. + + use quilt as a patches management system to deal with it. + + urgency set to high due to RC bugfix. + + -- Pierre Habouzit <[EMAIL PROTECTED]> Thu, 22 Mar 2007 11:11:20 +0100 + ktorrent (2.0.3+dfsg1-2) unstable; urgency=low * Resolve FTBFS - remove nonportable "-z now" from LDFLAGS (Closes: 395897) only in patch2: unchanged: --- ktorrent-2.0.3+dfsg1.orig/libktorrent/torrent/peer.cpp +++ ktorrent-2.0.3+dfsg1/libktorrent/torrent/peer.cpp @@ -182,11 +182,21 @@ { Out() << "len err HAVE" << endl; kill(); - return; } - - haveChunk(this,ReadUint32(tmp_buf,1)); - pieces.set(ReadUint32(tmp_buf,1),true); + else + { + Uint32 ch = ReadUint32(tmp_buf,1); + if (ch < pieces.getNumBits()) + { + haveChunk(this,ch); + pieces.set(ch,true); + } + else + { + Out(SYS_CON|LOG_NOTICE) << "Received invalid have value, kicking peer" << endl; + kill(); + } + } break; case BITFIELD: if (len != 1 + pieces.getNumBytes()) only in patch2: unchanged: --- ktorrent-2.0.3+dfsg1.orig/libktorrent/torrent/torrent.cpp +++ ktorrent-2.0.3+dfsg1/libktorrent/torrent/torrent.cpp @@ -141,9 +141,13 @@ if (!v || v->data().getType() != Value::STRING) throw Error(i18n("Corrupted torrent!")); - path += v->data().toString(encoding); - if (j + 1 < ln->getNumChildren()) - path += bt::DirSeparator(); + QString sd = v->data().toString(encoding); + if (sd != "..") + { + path += sd; + if (j + 1 < ln->getNumChildren()) + path += bt::DirSeparator(); + } } // we do not want empty dirs only in patch2: unchanged: --- ktorrent-2.0.3+dfsg1.orig/libktorrent/torrent/chunkcounter.cpp +++ ktorrent-2.0.3+dfsg1/libktorrent/torrent/chunkcounter.cpp @@ -59,12 +59,13 @@ void ChunkCounter::inc(Uint32 idx) { + if (idx < cnt.size()) cnt[idx]++; } void ChunkCounter::dec(Uint32 idx) { - if (cnt[idx] > 0) + if (idx < cnt.size() && cnt[idx] > 0) cnt[idx]--; }
signature.asc
Description: Digital signature