KDE-CVS-Digest for November 29, 2002

I have started doing a weekly review of the kde-cvs updates. Check out the latest issue and please comment. Any ideas that would make the information more useful is welcome. My purpose is to give links into the code, and some pertinent discussion. This hopefully will add to the body of discussion and information available to users and developers of kde. Please be easy on the server...

Dot Categories: 


by DiCkE (not verified)

Relax, better a stable and secure product than a quick release. There are some issues to take care of so let em do that! Anyways we got a very nice 3.0.5 to use in the mean time:)

by myself (not verified)

Of course, but a little bit of more info woul not be bad.... why so secretive?

by Kennet (not verified)

I am crying, I want my kde 3.1, and I want it now!!!

by myself (not verified)

You'll have to wait, according to latest news, it's going to be delayed at least until after Xmas...

by Johan Veenstra (not verified)

KDE 3.1: delayed
From:Dirk Mueller
Reply-To:[email protected]
Date:Friday 06 December 2002 01:50:12 am
no references


The KDE 3.1 release has to be delayed further. Here is why.

On November 26th, we've been notified by FozZy from the "Hackademy
Audit Project" about security problems in KDE. They can, after user
interaction, cause unwanted execution of commands with the
privileges of the user who runs KDE. We fixed those on the same day and
updated the "hopefully final" KDE 3.1 tarballs. Unfortunately, it was
becoming clear after a quick search in the KDE CVS that the
problematic code is repeated in many places and in many variations.

Yesterday, on the targetted announcement date of KDE 3.1, Waldo and I
realized that while we only had audited maybe 30% of the code yet, we have
found enough occasions for them to be a big showstopper.

A short query on the packagers mailinglist showed that for the majority
there is no big pressure on having a KDE 3.1 to be released
according to the schedule. I'm considering a 3.1 with known security bugs a
no-go anyway, even though we first thought that those are minor that the fix
can wait for 3.1.1, I no longer think that this is the case.

Waldo, George, Lubos and I think that we can finish the audit by middle/end
of next week. This however brings us in a bad position: its unlikely that we
get many binary packages so short before christmas holidays, which means
that KDE 3.1 would go out, if released this year, probably with few or
none binary packages at the announcement date.

So, to sum up, we have two options:

a) Try to finish ASAP and try to get it out before christmas. December
12 could be a good tagging date.

b) Take the time and schedule for a release next year. Something around
January 8, 2003 sounds like a good candidate (tagging date,
announcement rougly a week later)

I neither like any of them, but I prefer to go with b), as it also allows
for other bugs which have been reported to be fixed. For an impression just
have a look at the lately steadily rising open bug count on

In any way I'll tar up and release the current 3_1_BRANCH as 3.1RC5 in a few
hours. Many fixes for the above mentioned security problems are in there,
but there are still big chunks of code and patches pending for review. There
will be no binary packages as those which were made during the last week
refer to be "KDE 3.1 final" and are anyway not up to date.

As soon as the code review is finished we will have to release updates for
KDE 3.0.x (and at least patches for KDE 2.x) anyway.

Comments, opinions, suggestions, flames welcome.


by Janne (not verified)

Dunno 'bout you guys, but I LOVE this!


by Kyro (not verified)

Oh, yes, the kicker alternative mockups that are floating around. I quite like the way that particular one looks - reminds me somewhat of Cloud9:ine, SharpE and similar shell replacements of Windows, and a bit of the BeOS tracker, too, but far more elegant. Would *love* to see a kicker like that. :)

by user (not verified)

source='crypto.cpp' object='crypto.lo' libtool=yes \
depfile='.deps/crypto.Plo' tmpdepfile='.deps/crypto.TPlo' \
depmode=gcc3 /bin/sh ../../admin/depcomp \
/bin/sh ../../libtool --silent --mode=compile --tag=CXX g++ -DHAVE_CONFIG_H -I. -I. -I../.. -I/opt/kde/include -I/opt/qt//include -I/usr/X11R6/include -DQT_THREAD_SUPPORT -D_REENTRANT -Wnon-virtual-dtor -Wno-long-long -Wundef -Wall -pedantic -W -Wpointer-arith -Wmissing-prototypes -Wwrite-strings -ansi -D_XOPEN_SOURCE=500 -D_BSD_SOURCE -Wcast-align -Wconversion -O2 -fno-exceptions -fno-check-new -DQT_CLEAN_NAMESPACE -DQT_NO_COMPAT -DQT_NO_ASCII_CAST -D_GNU_SOURCE -c -o crypto.lo `test -f crypto.cpp || echo './'`crypto.cpp
crypto.cpp: In member function `void KCryptoConfig::slotVerifyCert()':
crypto.cpp:1382: `SSLServer' is not a member of type `KSSLCertificate'
crypto.cpp: In member function `void KCryptoConfig::slotYourVerify()':
crypto.cpp:1667: `SSLClient' is not a member of type `KSSLCertificate'
crypto.cpp:1669: `SMIMEEncrypt' is not a member of type `KSSLCertificate'
crypto.cpp:1671: `SMIMESign' is not a member of type `KSSLCertificate'
make[3]: *** [crypto.lo] Error 1
make[3]: Leaving directory `/home/user/cvs/kde31/cvs/kdebase/kcontrol/crypto'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/home/user/cvs/kde31/cvs/kdebase/kcontrol'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/user/cvs/kde31/cvs/kdebase'
make: *** [all] Error 2

what am i doing wrong?

by myself (not verified)

You're doing several things wrong:

1) Posting this message here ;-) You can post in the mailing-lists better: lists.kde.org. It's a better place for questions like this
2) You don't specify what version you're trying to use, so it's difficult to say why you're having that problem (at least for me)
3) You are not using a stable version, or you are mixing libraries from a different version, according to your output, since it looks like the members of class KSSLCertificate don't corresponde to the program you are using.