Hello,

KTorrent has recently changed maintainer in Debian. Now it is maintained by Debian KDE Extras Team and I'm one of the maintainers responsible for it. As you might already know, Debian cannot ship a few KTorrent components due to licensing issues, namely GeoIP Country Lite database and flag images. More information is available here and here

I've developed a few patches to lessen impact of the issues above on the users and it would be great if they were applied upstream. 2.1.4 with most of these patches has been in Debian unstable for 3 weeks now and we haven't received a single bug report yet. When applied, the patches below would not change default KTorrent behaviour unless new parameters are passed to configure:

use-system-geoip.diff - adds support for the --enable-system-geoip configure parameter. It makes ktorrent build against system-wide GeoIP library (libgeoip1) and use libgeoip1 default GeoIP Country database.

flagdb-alternative-source.diff - adds support for the --disable-builtin-country-flags configure parameter. It allows to skip installation of ktorrent builtin country flags. In addition, the patch adds support for the "flag database" that lets ktorrent get country flag images from more than one filesystem source transparently and caches images in memory. It also adds additional (and the only for the debian package) source - flag images shipped with kdebase.

In addition please apply patches for these bugfixes too:

gnu_kfreebsd.diff - fixes compilation on GNU/kFreeBSD
inst_apps.diff - Skip generation of Makefiles for utests directory. Makes 'maintainer-clean' target fully clean the source after build and not leave garbage around
wz_tooltip Security fix for CVE-2007-3154 The patch is based on wz_tolltip.js from eGroupWare 1.4.001

Sorry for submitting patches so late in 2.2 development cycle. Hopefully you can still apply them.

Provided they don't modify any i18n strings we can apply them all.

I'm gonna check out all of them.

Btw, who should I credit in the about dialog ?

I have committed all the patches except the flagdb one (still need to check that out)

George wrote:Btw, who should I credit in the about dialog ?

I'm Modestas Vainius <modestas@vainius.eu>

MoDaX wrote:wz_tooltip Security fix for CVE-2007-3154 The patch is based on wz_tolltip.js from eGroupWare 1.4.001

This CVE-2007-3154 is misleading (it got version numbers wrong) and probably the version that was previously in ktorrent (v3.44) was not affected. Anyway, upgrade to v3.45 didn't hurt...

I have committed your last patch to.

Say, do you know when those flags started shipping with kdebase ? I'm kind of surprised that we didn't notice this when we added this feature.

If kdebase is shipping them, it's a bit redundant for us to ship another set of flags.

George wrote:I have committed your last patch to.

Thanks

George wrote:Say, do you know when those flags started shipping with kdebase ? I'm kind of surprised that we didn't notice this when we added this feature.

It seems that kde3 has had them from the beginning. If kde svn does not lie here it is kdebase 3.0 US flag.

George wrote:If kdebase is shipping them, it's a bit redundant for us to ship another set of flags.

Not necessarily. The flags you currently ship are prettier and better looking (somewhat softer) and this way you avoid dependency on kdebase for non-KDE users using KTorrent. On the other hand, license of these flags is somewhat obscure and seems to limit usage to web sites, which KTorrent obviously isn't.

The bug & patch still as at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432433 applies to ktorrent 2.2 (I have checked). It would be nice to have this little fix applied in 2.2.1.

MoDaX wrote:The bug & patch still as at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=432433

A more complete patch at http://bugs.debian.org/cgi-bin/bugrepor ... bug=432655

OK, both patches have been committed

Due to change in commit #682031 to plugins/infowidget/Makefile.am, now:

Code: Select all

$ make -f admin/Makefile.common
*** automake (GNU automake) 1.9.6 found.
*** Creating acinclude.m4
*** Creating list of subdirectories
*** Creating configure.files
*** Creating configure.in
*** Creating aclocal.m4
*** Creating configure
*** Creating config.h template
*** Creating Makefile templates
*** Postprocessing Makefile templates
Error: $(am__append_2) is listed in a _SOURCE line in plugins/infowidget/Makefile.in, but doesn't exist yet. Put it in DISTCLEANFILES!
*** Creating date/time stamp
*** Finished


Reverting the change to Makefile.am eliminates this error.

But this doesn't prevent you from compiling the code, right ?

George wrote:But this doesn't prevent you from compiling the code, right ?

Apparently, it doesn't. But still current way goes against AM documentation which states (in FAQ, iirc) that all _SOURCES must always be known in advance.

As long as it doesn't prevent stuff from compiling I'm not gonna change it. Automake is on the way out anyway.