Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Hi, please unblock keepass2 2.19+dfsg-2 it fixes an insecure tempfile creation issue and an works around an important issue in mono winforms which can prevent the program from starting (#686017). thanks Julian Taylor
diff -Nru keepass2-2.19+dfsg/debian/changelog
keepass2-2.19+dfsg/debian/changelog
--- keepass2-2.19+dfsg/debian/changelog 2012-05-02 19:21:30.000000000 +0200
+++ keepass2-2.19+dfsg/debian/changelog 2012-09-17 21:32:24.000000000 +0200
@@ -1,4 +1,14 @@
-keepass2 (2.19+dfsg-1) UNRELEASED; urgency=low
+keepass2 (2.19+dfsg-2) unstable; urgency=medium
+
+ * fix-insecure-tempfile-use.patch:
+ - create small tempfiles in user owned directory instead of /tmp
+ * enforce-minimum-window-and-slider-size.patch:
+ - Closes: #686017
+ * suggest mono-dmcs needed to compile plugins
+
+ -- Julian Taylor <jtaylor.deb...@googlemail.com> Mon, 17 Sep 2012 19:31:53
+0000
+
+keepass2 (2.19+dfsg-1) unstable; urgency=low
* New upstream release (LP: #990557)
- drop upstream applied fix-winforms-eventordering.patch
diff -Nru keepass2-2.19+dfsg/debian/control keepass2-2.19+dfsg/debian/control
--- keepass2-2.19+dfsg/debian/control 2012-05-02 19:21:30.000000000 +0200
+++ keepass2-2.19+dfsg/debian/control 2012-09-17 21:32:24.000000000 +0200
@@ -19,7 +19,7 @@
Package: keepass2
Architecture: all
Depends: ${cli:Depends}, ${misc:Depends}
-Suggests: keepass2-doc, xdotool
+Suggests: keepass2-doc, mono-dmcs, xdotool
Description: Password manager
KeePass is a easy-to-use password manager for Windows, Linux, Mac OS X and
mobile devices. You can store your passwords in highly-encrypted databases,
diff -Nru
keepass2-2.19+dfsg/debian/patches/enforce-minimum-window-and-slider-size.patch
keepass2-2.19+dfsg/debian/patches/enforce-minimum-window-and-slider-size.patch
---
keepass2-2.19+dfsg/debian/patches/enforce-minimum-window-and-slider-size.patch
1970-01-01 01:00:00.000000000 +0100
+++
keepass2-2.19+dfsg/debian/patches/enforce-minimum-window-and-slider-size.patch
2012-09-17 21:32:24.000000000 +0200
@@ -0,0 +1,52 @@
+From: Julian Taylor <jtaylor.deb...@googlemail.com>
+Date: Mon, 17 Sep 2012 21:15:05 +0200
+Subject: enforce minimum window and slider size
+
+Winforms crashes when the listview elements are not visible on loading.
+As the windows sizes are recalled on each start this can prevent keepass
+from opening.
+To avoid this set a minimum window and slider size so the elements are
+always visible.
+
+Applied-Upstream: 2.20
+Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686017
+---
+ KeePass/Forms/MainForm.cs | 18 +++++++++++++++++-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+--- a/KeePass/Forms/MainForm.cs
++++ b/KeePass/Forms/MainForm.cs
+@@ -239,7 +239,17 @@
+
+ if((sizeX != AppDefs.InvalidWindowValue) &&
+ (sizeY != AppDefs.InvalidWindowValue) &&
bWndValid)
++ {
++ if(MonoWorkarounds.IsRequired) // Debian 686017
++ {
++ sizeX = Math.Max(250, sizeX);
++ sizeY = Math.Max(250, sizeY);
++ }
++
+ this.Size = new Size(sizeX, sizeY);
++ }
++ if(MonoWorkarounds.IsRequired) // Debian 686017
++ this.MinimumSize = new Size(250, 250);
+
+ Rectangle rectRestWindow = new Rectangle(wndX, wndY,
+ this.Size.Width, this.Size.Height);
+@@ -323,8 +333,14 @@
+ {
+ float fSplitPos = mw.SplitterHorizontalFrac;
+ if(fSplitPos == float.Epsilon) fSplitPos =
0.8333f;
+- m_splitHorizontal.SplitterDistance =
(int)Math.Round(fSplitPos *
++ // m_splitHorizontal.SplitterDistance =
(int)Math.Round(fSplitPos *
++ // (double)m_splitHorizontal.Height);
++ int iSplitDist = (int)Math.Round(fSplitPos *
+ (double)m_splitHorizontal.Height);
++ if(MonoWorkarounds.IsRequired) // Debian 686017
++ m_splitHorizontal.SplitterDistance =
Math.Max(35, iSplitDist);
++ else
++ m_splitHorizontal.SplitterDistance =
iSplitDist;
+
+ fSplitPos = mw.SplitterVerticalFrac;
+ if(fSplitPos == float.Epsilon) fSplitPos =
0.25f;
diff -Nru keepass2-2.19+dfsg/debian/patches/fix-insecure-tempfile-use.patch
keepass2-2.19+dfsg/debian/patches/fix-insecure-tempfile-use.patch
--- keepass2-2.19+dfsg/debian/patches/fix-insecure-tempfile-use.patch
1970-01-01 01:00:00.000000000 +0100
+++ keepass2-2.19+dfsg/debian/patches/fix-insecure-tempfile-use.patch
2012-09-17 21:32:24.000000000 +0200
@@ -0,0 +1,156 @@
+From: Julian Taylor <jtaylor.deb...@googlemail.com>
+Date: Sun, 16 Sep 2012 17:03:31 +0200
+Subject: fix insecure tempfile use
+
+create messaging and mutex files in XDG_{RUNTIME,DATA}_DIR instead of
+/tmp
+Applied-Upstream: 2.21
+---
+ KeePass/Plugins/PlgxPlugin.cs | 2 +-
+ KeePass/Program.cs | 2 +-
+ KeePass/Util/GlobalMutexPool.cs | 3 ++-
+ KeePass/Util/IpcBroadcast.Fsw.cs | 5 +++--
+ KeePass/Util/IpcUtilEx.cs | 2 +-
+ KeePass/Util/WinUtil.cs | 2 +-
+ KeePassLib/Native/NativeMethods.cs | 21 +++++++++++++++++++++
+ KeePassLib/Utility/UrlUtil.cs | 17 +++++++++++++++++
+ 8 files changed, 47 insertions(+), 7 deletions(-)
+
+--- a/KeePass/Plugins/PlgxPlugin.cs
++++ b/KeePass/Plugins/PlgxPlugin.cs
+@@ -270,7 +270,7 @@
+
+ private static string CreateTempDirectory()
+ {
+- string strTmpRoot = Path.GetTempPath();
++ string strTmpRoot = UrlUtil.GetTempPath();
+ strTmpRoot =
UrlUtil.EnsureTerminatingSeparator(strTmpRoot, false);
+ strTmpRoot += (new PwUuid(true)).ToHexString();
+
+--- a/KeePass/Program.cs
++++ b/KeePass/Program.cs
+@@ -279,7 +279,7 @@
+ try
+ {
+ string strFileOut =
UrlUtil.EnsureTerminatingSeparator(
+- Path.GetTempPath(), false) +
"KeePass_UrlOverride.tmp";
++ UrlUtil.GetTempPath(), false) +
"KeePass_UrlOverride.tmp";
+ string strContent =
("[KeePass]\r\nKeeURLOverride=" +
+
Program.Config.Integration.UrlOverride + "\r\n");
+ File.WriteAllText(strFileOut,
strContent);
+--- a/KeePass/Util/GlobalMutexPool.cs
++++ b/KeePass/Util/GlobalMutexPool.cs
+@@ -201,7 +201,8 @@
+
+ private static string GetMutexPath(string strName)
+ {
+- string strDir =
UrlUtil.EnsureTerminatingSeparator(Path.GetTempPath(), false);
++ string strDir = UrlUtil.EnsureTerminatingSeparator(
++ UrlUtil.GetTempPath(), false);
+ return (strDir + IpcUtilEx.IpcMsgFilePreID +
IpcBroadcast.GetUserID() +
+ "-Mutex-" + strName + ".tmp");
+ }
+--- a/KeePass/Util/IpcBroadcast.Fsw.cs
++++ b/KeePass/Util/IpcBroadcast.Fsw.cs
+@@ -49,7 +49,8 @@
+ {
+ if(m_strMsgFilePath != null) return;
+
+- string strDir =
UrlUtil.EnsureTerminatingSeparator(Path.GetTempPath(), false);
++ string strDir = UrlUtil.EnsureTerminatingSeparator(
++ UrlUtil.GetTempPath(), false);
+ m_strMsgFileName = IpcUtilEx.IpcMsgFilePreID +
GetUserID() +
+ IpcUtilEx.IpcMsgFilePostID;
+ m_strMsgFilePath = strDir + m_strMsgFileName;
+@@ -109,7 +110,7 @@
+ {
+ FswEnsurePaths();
+
+- m_fsw = new FileSystemWatcher(Path.GetTempPath(),
m_strMsgFileName);
++ m_fsw = new FileSystemWatcher(UrlUtil.GetTempPath(),
m_strMsgFileName);
+ m_fsw.IncludeSubdirectories = false;
+ m_fsw.NotifyFilter = (NotifyFilters.CreationTime |
NotifyFilters.LastWrite);
+
+--- a/KeePass/Util/IpcUtilEx.cs
++++ b/KeePass/Util/IpcUtilEx.cs
+@@ -115,7 +115,7 @@
+ {
+ try
+ {
+- string str = Path.GetTempPath();
++ string str = UrlUtil.GetTempPath();
+ str = UrlUtil.EnsureTerminatingSeparator(str,
false);
+
+ return (str + IpcMsgFilePreID + nId.ToString()
+ ".tmp");
+--- a/KeePass/Util/WinUtil.cs
++++ b/KeePass/Util/WinUtil.cs
+@@ -381,7 +381,7 @@
+ char chCur = char.ToUpper(strCur[0]);
+ if(chPar != chCur) return string.Empty;
+
+- string strTemp = Path.GetTempPath();
++ string strTemp = UrlUtil.GetTempPath();
+ Directory.SetCurrentDirectory(strTemp);
+
+ return strCur;
+--- a/KeePassLib/Native/NativeMethods.cs
++++ b/KeePassLib/Native/NativeMethods.cs
+@@ -21,6 +21,10 @@
+ using System.Text;
+ using System.Security;
+ using System.Runtime.InteropServices;
++using System.IO;
++using System.Diagnostics;
++
++using KeePassLib.Utility;
+
+ namespace KeePassLib.Native
+ {
+@@ -150,5 +154,22 @@
+ return StrCmpLogicalW(x, y);
+ #endif
+ }
++
++ internal static string GetUserRuntimeDir()
++ {
++ string strRtDir =
Environment.GetEnvironmentVariable("XDG_RUNTIME_DIR");
++ if(string.IsNullOrEmpty(strRtDir))
++ strRtDir =
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData);
++ if(string.IsNullOrEmpty(strRtDir))
++ {
++ Debug.Assert(false);
++ return Path.GetTempPath(); // Not UrlUtil
(otherwise cyclic)
++ }
++
++ strRtDir = UrlUtil.EnsureTerminatingSeparator(strRtDir,
false);
++ strRtDir += PwDefs.ShortProductName;
++
++ return strRtDir;
++ }
+ }
+ }
+--- a/KeePassLib/Utility/UrlUtil.cs
++++ b/KeePassLib/Utility/UrlUtil.cs
+@@ -588,5 +588,22 @@
+
+ return false;
+ }
++
++ public static string GetTempPath()
++ {
++ string strDir;
++ if(NativeLib.IsUnix())
++ strDir = NativeMethods.GetUserRuntimeDir();
++ else strDir = Path.GetTempPath();
++
++ try
++ {
++ if(Directory.Exists(strDir) == false)
++ Directory.CreateDirectory(strDir);
++ }
++ catch(Exception) { Debug.Assert(false); }
++
++ return strDir;
++ }
+ }
+ }
diff -Nru keepass2-2.19+dfsg/debian/patches/series
keepass2-2.19+dfsg/debian/patches/series
--- keepass2-2.19+dfsg/debian/patches/series 2012-05-02 19:21:30.000000000
+0200
+++ keepass2-2.19+dfsg/debian/patches/series 2012-09-17 21:32:24.000000000
+0200
@@ -7,3 +7,5 @@
enable-local-help.patch
work-around-issues-with-autotype-and-keyboard-layout.patch
disable-autoupdate-dialog.patch
+fix-insecure-tempfile-use.patch
+enforce-minimum-window-and-slider-size.patch
signature.asc
Description: OpenPGP digital signature
