Re: [SECURITY] CVE-2019-7443 (kauth) in kdelibs
El dimarts, 19 de març de 2019, a les 11:39:54 CET, Hugo Lefeuvre va escriure: > Hi, > > I'm Hugo Lefeuvre, from the Debian LTS team. I am currently working on > CVE-2019-7443 which appears to affect not only kauth but also kdelibs > since it ships a very similar kdecore/auth/backends/dbus/DBusHelperProxy.cpp > file[0]. > > As far as I am aware the fix for CVE-2019-7443 was not applied to > kdelibs. Is there a specific reason for that? Do you plan addressing this > potential vulnerability in kdelibs as well? kdelibs last release was 4.14.35 in August 2017. kdelibs is no longer maintained. Qt 4 last release was 4.8.7 in May 2015. Qt 4 is no longer maintained. Our suggestion is to stop using any qt4/kdelibs based software and move to the future if you're concerned about security and/or want to use maintained software. Best Regards, Albert > > CC-ing publicly-archived debian-...@lists.debian.org > > regards, > Hugo Lefeuvre > > [0] https://bugs.debian.org/922727 > >
[SECURITY] CVE-2019-7443 (kauth) in kdelibs
Hi, I'm Hugo Lefeuvre, from the Debian LTS team. I am currently working on CVE-2019-7443 which appears to affect not only kauth but also kdelibs since it ships a very similar kdecore/auth/backends/dbus/DBusHelperProxy.cpp file[0]. As far as I am aware the fix for CVE-2019-7443 was not applied to kdelibs. Is there a specific reason for that? Do you plan addressing this potential vulnerability in kdelibs as well? CC-ing publicly-archived debian-...@lists.debian.org regards, Hugo Lefeuvre [0] https://bugs.debian.org/922727 -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Re: Symmy in kde-review
I'm bumping this thread again to get a decision on symmy passing kdereview. The technical problems have been fixed. The question of whether it would be better to add to kgpg is open but as it has not been added to kgpg and nobody is planning to do so it's a moot point. So give symmy a final review if you wish else I'll put it into extragear. Jonathan On Sat, 25 Nov 2017 at 13:31, Elvis Angelaccio wrote: > > Hi, > symmy has been moved to kde-review for the usual review process. > > It's a tiny frontend for the symmetric encryption functionality of GPG. It > doesn't handle signing or public/private keys, as we already have kgpg or > kleopatra for that. > > Symmy can be useful if you have to send some sensitive file to someone, of > if you want to store it on some proprietary cloud service. > > It comes with a CLI application and plugins for GUI integration with > Dolphin/Plasma. > > I'd like to move it to either extragear-utils or kde-utils, if everything > looks good. > > Thanks, > Elvis
Re: KDiff3 1.8 release.
On Sat, Mar 16, 2019, 1:14 PM Jonathan Riddell wrote: > Looks good from a quick compile and run. > > I take it you have no access to the obsolete sourceforge webpage? > > I see Debian has a 1.7 release, where is that available? > If it's truly 1.7 its based off a partial kf5 port that was never released. Don't remember off hand who created. 1.7.90 would be an older version of my code not officially released. > > Do you have any access to update > https://www.linux-apps.com/content/show.php?content=9807 ? > No. > > I'm adding this to KDE neon dev unstable edition. > > Eike is the Debian packaging managed in a repo somewhere? Are you > interested in making it part of the KDE Qt Debian team? > Yes. > Jonathan > > > > On Sat, 16 Mar 2019 at 14:11, Michael Reeves wrote: > > > > Fixed now. > > > > On Thu, Mar 14, 2019, 4:31 AM Wolfgang Bauer wrote: > >> > >> The latest change > >> ( > https://cgit.kde.org/kdiff3.git/commit/?id=638bd5a02893dde4a1927abd0c8a611b3b3ab6a1 > ) > >> unfortunately breaks the build here: > >> > >> /usr/lib/gcc/i586-suse-linux/8/../../../../i586-suse-linux/bin/ld: > >> CMakeFiles/kdiff3part.dir/pdiff.cpp.o: in function > >> `debugLineCheck(Diff3LineList&, int, e_SrcSelector)': > >> /home/abuild/rpmbuild/BUILD/kdiff3-1.7.95git/src/pdiff.cpp:82: undefined > >> reference to `kdeMain()' > >> /usr/lib/gcc/i586-suse-linux/8/../../../../i586-suse-linux/bin/ld: > >> /home/abuild/rpmbuild/BUILD/kdiff3-1.7.95git/src/pdiff.cpp:96: undefined > >> reference to `kdeMain()' > >> ... > >> and so on. > >> > >> Kind Regards, > >> Wolfgang > >> >
Re: KDiff3 1.8 release.
Hi! Am Samstag, 16. März 2019, 17:19:17 CET schrieben Sie: > On Sat, Mar 16, 2019, 1:14 PM Jonathan Riddell wrote: > > I see Debian has a 1.7 release, where is that available? > > If it's truly 1.7 its based off a partial kf5 port that was never released. > Don't remember off hand who created. 1.7.90 would be an older version of my > code not officially released. I uploaded an untagged 1.7.90 version to Debian so it could still make it in the next Debian release buster (which is supposed to get rid of QT4). => https://packages.debian.org/buster/kdiff3 > > Eike is the Debian packaging managed in a repo somewhere? Are you > > interested in making it part of the KDE Qt Debian team? KDiff3 Debian packaging is managed all old-fashioned on my local PC (for over 15 years now...). :) I didn't yet engage in team packaging... Ciao, Eike signature.asc Description: This is a digitally signed message part.
Re: welcome plasma-active-window-control
On Sat, Mar 16, 2019 at 6:53 PM Jonathan Riddell wrote: > > Just passed kdereview and moved into extra/base is Plasma Active Window > Control. > > Plasma Active Window Control is a plasma widget that you can embed in > your panel to control your active window with e.g. close or maximise > operations. Useful for decorationless window management. > > New maintainer is Chris Holland. Do say hello. > > Jonathan Hello, do you have a link with some more information? Sounds neat. Cheers, Roman
