As we announced last week, the KDE Project has released kdelibs-2.1.2 to address a security issue and fix some bugs. Besides fixing the KDEsu security exploit, particularly joyful to many of you who use Konqueror will be the fix of the "protocol for http://x.y.z died unexpectedly" bug. "Read more" for the full text of the announcement, including a list of changes.

 

DATELINE APRIL 30, 2001

FOR IMMEDIATE RELEASE

SECURITY: New KDE Libraries Released

KDE Adds Security and Bug Fixes to Core Libraries

April 30, 2001 (The INTERNET).
The KDE
Project today announced the release of kdelibs 2.1.2,
a security and bugfix release of the core KDE libraries. The other
core KDE packages, including kdebase, have not been updated. The KDE Project
recommends that all KDE users upgrade to kdelibs 2.1.2 and KDE 2.1.1.

This release provides the following fixes:

• Security fixes:




• KDEsu. The KDEsu which shipped with earlier releases of KDE 2
  writes a (very) temporary but world-readable file with authentication
  information. A local user can potentially abuse this behavior to gain
  access to the X server and, if KDEsu is used to perform tasks that require
  root-access, can result in comprimise of the root account.




• Bug fixes:




• kio_http. Fixed problems with "protocol for http://x.y.z died unexpectedly" and with proxy authentication with Konqueror.


• kparts. Fixed crash in KOffice 1.1 when splitting views.


• khtml. Fixed memory leak in Konqueror. Fixed minor HTML
  rendering problems.


• kcookiejar. Fixed minor problems with HTTP cookies.


• kconfig. Fixed problem with leading/trailing spaces in
  configuration values.


• kdebug. Fixed memory leak in debug output.


• klineedit. Fixed problem with klineedit emitting "return
  pressed" twice.

For more information about the KDE 2.1 series, please see the
KDE 2.1.1
press release and the KDE
2.1.1 Info Page, which is an evolving FAQ about the latest stable release.
Information on using anti-aliased fonts with KDE is available
here.

Downloading and Compiling kdelibs 2.1.2

The source package for kdelibs 2.1.2 (including a diff file against 2.1.1) is
available for free download at
http://ftp.kde.org/stable/2.1.2/distribution/src/
or in the equivalent directory at one of the many KDE ftp server
mirrors. KDE 2.1.2 requires
qt-2.2.3, which is available from
Trolltech at
ftp://ftp.trolltech.com/qt/source/
under the name qt-x11-2.2.3.tar.gz,
although
qt-2.2.4or
qt-2.3.0is recommended (for anti-aliased fonts,
qt-2.3.0and XFree 4.0.3 or
newer is required).
kdelibs 2.1.2 will not work with versions of Qt older than 2.2.3.

For further instructions on compiling and installing KDE, please consult
the installation
instructions and, if you encounter problems, the
compilation FAQ.

Installing Binary Packages

Some distributors choose to provide binary packages of KDE for certain
versions of their distribution. Some of these binary packages for
kdelibs 2.1.2 will be available for free download under
http://ftp.kde.org/stable/2.1.2/distribution/
or under the equivalent directory at one of the many KDE ftp server
mirrors. Please note that the
KDE team is not responsible for these packages as they are provided by third
parties -- typically, but not always, the distributor of the relevant
distribution (if you have any questions, please read the
KDE Binary Packages Policy).

kdelibs 2.1.2 requires qt-2.2.3, the free version of which is available
from the above locations usually under the name qt-x11-2.2.3, although
qt-2.2.4 or qt-2.3.0 is recommended (for anti-aliased fonts,
qt-2.3.0 and XFree 4.0.3 or newer is required).
KDE 2.1.2 will not work with versions of Qt older than 2.2.3.

At the time of this release, pre-compiled packages are available for:

• Caldera eDesktop 2.4: i386

Debian GNU/Linux stable (2.2): i386 and PPC; please also check the main directory for common files

• Linux-Mandrake 7.2: i586

-->

• RedHat Linux: 7.1: i386

Wolverine: i386; please also check the common directory for common files

7.0: i386 and Alpha; please also check the common directory for common files

6.x: i386, Alpha and Sparc; please also check the common directory for common files

-->

SuSE Linux (README):

• 7.1: i386, Sparc and PPC

7.0: i386, PPC, and S390

6.4: i386

6.3: i386

Tru64 Systems: 4.0e,f,g, or 5.x (README)

FreeBSD
-->

Please check the servers periodically for pre-compiled packages for other
distributions. More binary packages may become available over the
coming days and weeks.

About KDE

KDE is an independent, collaborative project by hundreds of developers
worldwide to create a sophisticated, customizable and stable desktop environment
employing a component-based, network-transparent architecture.
KDE is working proof of the power of the Open Source "Bazaar-style" software
development model to create first-rate technologies on par with
and superior to even the most complex commercial software.

KDE and all its components are available for free under
Open Source licenses from the KDE server
and its mirrors and can
also be obtained on CD-ROM.
As a result of the dedicated efforts of hundreds of translators,
KDE is available in 34
languages and dialects. KDE includes the core KDE libraries, the core
desktop environment (including
Konqueror), developer packages
(including KDevelop), as well as the
over 100 applications from the other standard base KDE packages
(administration, games, graphics, multimedia, network, PIM and utilities).

For more information about KDE, please visit KDE's
web site.
More information about KDE 2 is available in two
(1,
2) slideshow
presentations and on
KDE's web site, including an evolving
FAQ to answer questions about
migrating to KDE 2.1 from KDE 1.x,
anti-aliased font tutorials, a
number of
screenshots, developer information and
a developer's
KDE 1 - KDE 2 porting guide.

Trademarks Notices.
KDE and K Desktop Environment are trademarks of KDE e.V.
Linux is a registered trademark of Linus Torvalds.
Unix is a registered trademark of The Open Group.
Trolltech and Qt are trademarks of Trolltech AS.
All other trademarks and copyrights referred to in this announcement are the property of their respective owners.

Press Contacts:

United States:

Kurt Granroth
granroth@kde.org
(1) 480 732 1752 
Andreas Pour
pour@kde.org
(1) 917 312 3122

Europe (French and English):

David Faure
faure@kde.org
(44) 1225 837409

Europe (English and German):

Martin Konold
konold@kde.org
(49) 179 2252249