Your message dated Sat, 20 May 2023 12:38:20 +0300
with message-id <[email protected]>
and subject line Re: Bug#981466: kiwix: switch data feed and download URLs to
https
has caused the Debian Bug report #981466,
regarding kiwix: switch data feed and download URLs to https
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
981466: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=981466
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: kiwix
Version: 2.0.5-2
Severity: important
Tags: security
I noticed that the data feed is not downloaded using https, so network
attackers could modify the data feed to change my choice of downloads
to something I didn't want to download.
Also most of the datasets point at http instead of https URLs even
though the servers do support https. It would be good if kiwix had a
list of download servers that support https and then always use https
to contact those download servers.
$ kiwix-desktop
QSocketNotifier: Can only be used with threads started with QThread
Compiled with Qt Version 5.15.1
Runtime Qt Version 5.15.2
add widget
(kiwix-desktop:1410327): GLib-GObject-WARNING **: 23:11:12.766: The property
GtkSettings:gtk-fallback-icon-theme is deprecated and shouldn't be used
anymore. It will be removed in a future version.
Downloading "http://library.kiwix.org:80/catalog/search?lang=eng&count=0";
session saved
-- System Information:
Debian Release: bullseye/sid
APT prefers testing-debug
APT policy: (900, 'testing-debug'), (900, 'testing'), (800,
'unstable-debug'), (800, 'unstable'), (790, 'buildd-unstable'), (700,
'experimental-debug'), (700, 'experimental'), (690, 'buildd-experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-2-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
Locale: LANG=en_AU.utf8, LC_CTYPE=en_AU.utf8 (charmap=UTF-8), LANGUAGE=en_AU:en
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages kiwix depends on:
ii libc6 2.31-9
ii libgcc-s1 10.2.1-6
ii libkiwix9 9.4.1+dfsg-1
ii libqt5core5a 5.15.2+dfsg-2
ii libqt5gui5 5.15.2+dfsg-2
ii libqt5network5 5.15.2+dfsg-2
ii libqt5printsupport5 5.15.2+dfsg-2
ii libqt5webchannel5 5.15.2-2
ii libqt5webenginecore5 5.15.2+dfsg-3
ii libqt5webenginewidgets5 5.15.2+dfsg-3
ii libqt5widgets5 5.15.2+dfsg-2
ii libstdc++6 10.2.1-6
kiwix recommends no packages.
kiwix suggests no packages.
-- no debconf information
--
bye,
pabs
https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
On 1/5/23 10:49, Emmanuel Engelhart wrote:
I wonder why this ticket is still open? AFAIK all of this has been fixed
quite a while ago (HTTPS feed included).
Marking as done accordingly, thanks!
-- Kunal
--- End Message ---
