[KDE Dot News]
 faq
 flatforty
 contribute
 subscribe
 configure
 search
 rdf
 main


  SECURITY: New KDE Libraries Released
KDE Official News Posted by Dre on Monday 30/Apr/2001, @13:39
from the get-it-now dept.
As we announced last week, the KDE Project has released kdelibs-2.1.2 to address a security issue and fix some bugs. Besides fixing the KDEsu security exploit, particularly joyful to many of you who use Konqueror will be the fix of the "protocol for http://x.y.z died unexpectedly" bug. "Read more" for the full text of the announcement, including a list of changes.

 

DATELINE APRIL 30, 2001

FOR IMMEDIATE RELEASE

SECURITY: New KDE Libraries Released

KDE Adds Security and Bug Fixes to Core Libraries

April 30, 2001 (The INTERNET). The KDE Project today announced the release of kdelibs 2.1.2, a security and bugfix release of the core KDE libraries. The other core KDE packages, including kdebase, have not been updated. The KDE Project recommends that all KDE users upgrade to kdelibs 2.1.2 and KDE 2.1.1.

This release provides the following fixes:

  • Security fixes:
    • KDEsu. The KDEsu which shipped with earlier releases of KDE 2 writes a (very) temporary but world-readable file with authentication information. A local user can potentially abuse this behavior to gain access to the X server and, if KDEsu is used to perform tasks that require root-access, can result in comprimise of the root account.
  • Bug fixes:
    • kio_http. Fixed problems with "protocol for http://x.y.z died unexpectedly" and with proxy authentication with Konqueror.
    • kparts. Fixed crash in KOffice 1.1 when splitting views.
    • khtml. Fixed memory leak in Konqueror. Fixed minor HTML rendering problems.
    • kcookiejar. Fixed minor problems with HTTP cookies.
    • kconfig. Fixed problem with leading/trailing spaces in configuration values.
    • kdebug. Fixed memory leak in debug output.
    • klineedit. Fixed problem with klineedit emitting "return pressed" twice.

For more information about the KDE 2.1 series, please see the KDE 2.1.1 press release and the KDE 2.1.1 Info Page, which is an evolving FAQ about the latest stable release. Information on using anti-aliased fonts with KDE is available here.

Downloading and Compiling kdelibs 2.1.2

The source package for kdelibs 2.1.2 (including a diff file against 2.1.1) is available for free download at http://ftp.kde.org/stable/2.1.2/distribution/src/ or in the equivalent directory at one of the many KDE ftp server mirrors. KDE 2.1.2 requires qt-2.2.3, which is available from Trolltech at ftp://ftp.trolltech.com/qt/source/ under the name qt-x11-2.2.3.tar.gz, although qt-2.2.4or qt-2.3.0is recommended (for anti-aliased fonts, qt-2.3.0and XFree 4.0.3 or newer is required). kdelibs 2.1.2 will not work with versions of Qt older than 2.2.3.

For further instructions on compiling and installing KDE, please consult the installation instructions and, if you encounter problems, the compilation FAQ.

Installing Binary Packages

Some distributors choose to provide binary packages of KDE for certain versions of their distribution. Some of these binary packages for kdelibs 2.1.2 will be available for free download under http://ftp.kde.org/stable/2.1.2/distribution/ or under the equivalent directory at one of the many KDE ftp server mirrors. Please note that the KDE team is not responsible for these packages as they are provided by third parties -- typically, but not always, the distributor of the relevant distribution (if you have any questions, please read the KDE Binary Packages Policy).

kdelibs 2.1.2 requires qt-2.2.3, the free version of which is available from the above locations usually under the name qt-x11-2.2.3, although qt-2.2.4 or qt-2.3.0 is recommended (for anti-aliased fonts, qt-2.3.0 and XFree 4.0.3 or newer is required). KDE 2.1.2 will not work with versions of Qt older than 2.2.3.

At the time of this release, pre-compiled packages are available for:

Please check the servers periodically for pre-compiled packages for other distributions. More binary packages may become available over the coming days and weeks.

About KDE

KDE is an independent, collaborative project by hundreds of developers worldwide to create a sophisticated, customizable and stable desktop environment employing a component-based, network-transparent architecture. KDE is working proof of the power of the Open Source "Bazaar-style" software development model to create first-rate technologies on par with and superior to even the most complex commercial software.

KDE and all its components are available for free under Open Source licenses from the KDE server and its mirrors and can also be obtained on CD-ROM. As a result of the dedicated efforts of hundreds of translators, KDE is available in 34 languages and dialects. KDE includes the core KDE libraries, the core desktop environment (including Konqueror), developer packages (including KDevelop), as well as the over 100 applications from the other standard base KDE packages (administration, games, graphics, multimedia, network, PIM and utilities).

For more information about KDE, please visit KDE's web site. More information about KDE 2 is available in two (1, 2) slideshow presentations and on KDE's web site, including an evolving FAQ to answer questions about migrating to KDE 2.1 from KDE 1.x, anti-aliased font tutorials, a number of screenshots, developer information and a developer's KDE 1 - KDE 2 porting guide.

Trademarks Notices. KDE and K Desktop Environment are trademarks of KDE e.V. Linux is a registered trademark of Linus Torvalds. Unix is a registered trademark of The Open Group. Trolltech and Qt are trademarks of Trolltech AS. All other trademarks and copyrights referred to in this announcement are the property of their respective owners.
Press Contacts:
United States: Kurt Granroth
granroth@kde.org
(1) 480 732 1752
 
Andreas Pour
pour@kde.org
(1) 917 312 3122
Europe (French and English): David Faure
faure@kde.org
(44) 1225 837409
Europe (English and German): Martin Konold
konold@kde.org
(49) 179 2252249


<  |  >

 
  Related Links
 ·   Articles on KDE Official News
 ·   Also by Dre
 ·   Contact author

Thread Threshold:

The Fine Print: The following comments are owned by whomever posted them.
( Reply )

Re: SECURITY: New KDE Libraries Released
by Dummy on Monday 30/Apr/2001, @17:18
Dumb question:

what proper rpm syntax to install on stock suse 7.1 with kde 2.1.1?

thanks
[ Reply To This | View ]
  • Re: SECURITY: New KDE Libraries Released
    by Evandro on Monday 30/Apr/2001, @17:58
    rpm -Uvh <filename>

    where filename is the package(s) you've downloaded.

    you can also use yast.
    [ Reply To This | View ]
    • Re: SECURITY: New KDE Libraries Released
      by Dummy on Monday 30/Apr/2001, @21:17
      That is what i do and got message "conflicts with file from package klibs-1.1.2-217"
      [ Reply To This | View ]
      • Re: SECURITY: New KDE Libraries Released
        by Rune Laursen on Monday 30/Apr/2001, @21:43
        Just use rpm -Uvh --force --nodeps *.rpm instead.
        Rune
        [ Reply To This | View ]
        • how to prove if installation was succesfull
          by gabriel on Wednesday 02/May/2001, @03:50
          Hello Rune Laursen,

          i made what you wrote:

          rpm -Uvh --force --nodeps kdelibs.rpm

          kdelibs-devel-1.2.2-0.rpm

          but i am not sure if it worked for two reasons

          a: i installed the rpm with the name kdelibs.rpm instead of kdelibs-1.2.2.rpm (i suppose that makes a difference or doesn´t it)

          b: i got lots of warnings like can not
          overwrite *icons* because it is not empty


          But my kde is still running<p>

          Thanks for any help

          go on kde - you are just great
          [ Reply To This | View ]
      • Re: SECURITY: New KDE Libraries Released
        by Evandro on Tuesday 01/May/2001, @11:24
        try removing this old version of kdelibs by running:

        rpm -e klibs-1.1.2-217

        it will probably give some dependency errors, because you may have old programs that use the old kdelibs installed. in this case, i recommend you to remove those packages too.
        [ Reply To This | View ]
      • Re: SECURITY: New KDE Libraries Released
        by Eric Nicholson on Tuesday 01/May/2001, @11:44
        Isn't that the version of klibs that came with KDE 1.1? I'm not sure, but you probably need a 2.x version of KDE for the libraries to be applicable.
        [ Reply To This | View ]
Doesn't work :-(
by fura on Monday 30/Apr/2001, @23:30
I get following compilation errors in khtml/dom:

In file included from libkhtmldom_la.all_cpp.cpp:4:
html_inline.cpp: In method `void DOM::HTMLAnchorElement::blur()':
html_inline.cpp:204: no matching function for call to `DOM::DocumentImpl::focusN
ode ()'
html_inline.cpp:205: no matching function for call to `DOM::DocumentImpl::setFoc
usNode (int)'
html_inline.cpp: In method `void DOM::HTMLAnchorElement::focus()':
html_inline.cpp:211: no matching function for call to `DOM::DocumentImpl::setFoc
usNode (DOM::ElementImpl *&)'
In file included from libkhtmldom_la.all_cpp.cpp:7:
html_document.cpp: In method `DOM::HTMLDocument::HTMLDocument()':
html_document.cpp:42: cannot allocate an object of type `DOM::HTMLDocumentImpl'
html_document.cpp:42: since the following virtual functions are abstract:
../../khtml/xml/dom_nodeimpl.h:110: class DOM::NodeImpl * DOM::NodeImpl::clo
neNode(bool, int &)
html_document.cpp: In method `DOM::HTMLDocument::HTMLDocument(KHTMLView *)':
html_document.cpp:50: cannot allocate an object of type `DOM::HTMLDocumentImpl'
html_document.cpp:50: since type `DOM::HTMLDocumentImpl' has abstract virtual
functions
In file included from libkhtmldom_la.all_cpp.cpp:16:
dom_doc.cpp: In method `DOM::Document::Document()':
dom_doc.cpp:91: cannot allocate an object of type `DOM::DocumentImpl'
dom_doc.cpp:91: since the following virtual functions are abstract:
../../khtml/xml/dom_nodeimpl.h:110: class DOM::NodeImpl * DOM::NodeImpl::clo
neNode(bool, int &)
dom_doc.cpp: In method `DOM::Document::Document(bool)':
dom_doc.cpp:100: cannot allocate an object of type `DOM::DocumentImpl'
dom_doc.cpp:100: since type `DOM::DocumentImpl' has abstract virtual functions

and so on.
I'm using gcc version 2.95.2 on FreeBSD 4.1.1.

Is it a known problem ?
[ Reply To This | View ]
  • Re: Doesn't work :-(
    by Theo van Klaveren on Tuesday 01/May/2001, @04:09
    This looks like --enable-final breakage. Remove it from the configure arguments, and try again.
    [ Reply To This | View ]
Waste of time
by ac on Tuesday 01/May/2001, @01:25
Why are they wasting their time fixing obscure security bugs when they should be trying to catch up to Ximian GNOME 1.4?
[ Reply To This | View ]
  • Troll
    by St on Tuesday 01/May/2001, @02:14
    Is slashdot.org not enough fun anymore?
    [ Reply To This | View ]
    • Re: Troll
      by Brian on Tuesday 01/May/2001, @08:01
      To be honest I really think that /. suffers a lot less than here due to the mod system. The trolls have unfortunatly found a new home. Very good troll though.
      [ Reply To This | View ]
  • Re: Waste of time
    by ld6772 on Tuesday 01/May/2001, @04:40
    It's not a waste of time to fix the bugs. This is the sort of thing that makes KDE a stable, usable desktop for linux so it can help to enduce windows users to move accross.

    Joe user won't change from microsoft if he thinks that the alternative is only trying to look good and not to atain stablility. Even though Windows is not as stable, the open source community has to try to dispell the inaccurate belief, among desktop users, that it is full of bugs. The KDE team are doing a good job of working towards this.

    Well done guys, keep it up!
    [ Reply To This | View ]
  • can we see you on stage ???
    by cylab on Tuesday 01/May/2001, @07:44
    *ROTFL*...<br>
    this is really a good one !!! ;)
    [ Reply To This | View ]
  • Re: Waste of time
    by saiyine on Thursday 03/May/2001, @16:48
    Must be kidding, kde 2.1.1 overhelms Gnome 1.4...
    [ Reply To This | View ]
Re: SECURITY: New KDE Libraries Released
by Björn Svensson on Thursday 03/May/2001, @03:48
Where are all the Mandrake 8.0 binary packages?? *sob*
[ Reply To This | View ]
Re: SECURITY: New KDE Libraries Released
by Dan Clayton on Monday 07/May/2001, @14:29
Great work! I didn't look at the security
aspect but konqueror works much better now.
It was my main browser before but sometimes
didn't work with a site. I suppose there
are still sites that don't work but a quick
test for a few hours didn't find any. KDE is
so cool.

Guess I'll have to try Koffice sometime.

Dan Clayton
[ Reply To This | View ]
The Fine Print: The previous comments are owned by whomever posted them.
( Reply )
  "If there is smoke, there could be a fire." -- Konqi
KDE®, "K Desktop Environment", "KDE Dot News", "got the dot?" and the KDE Logo® are trademarks or registered trademarks of KDE e.V. in the European Union, the United States and other countries. All other trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the poster. The rest: Copyright © 2000-2008 KDE e.V. for The KDE Project. For further information or comments on this site, please contact the Webmaster.
[ home | post article | flat forty | subscribe | search | rdf ]