KDE 3.0.5a: Security Release
Sunday, 22 December 2002 | Dre
The KDE Project today released a security advisory affecting all versions of KDE 2 and KDE 3. The advisory is the culmination of the security audit which delayed the release of KDE 3.1 until January. The KDE Project strongly encourages all KDE users to upgrade to KDE 3.0.5a, which was also announced today, or to apply the patches provided for KDE 2.2.2. Due to the year-end Holidays, few binary packages are available at this time. Please check the KDE 3.0.5a information page and your vendor's website periodically for available packages. Note that some vendors are expected to incorporate the security improvements into new builds of KDE 3.0.5.
Comments:
Customized builds - KDE User - 2002-12-22
While downloading the source for 3.0.5a and thinking of the long compile ahead on my Athlon 800 (yes, I need to compile, I make modifications to a number of the programs in KDE), I got to realizing that there aren't really that many programs in the base KDE distribution that I use. For example, all I use from kdegames is Shisen-Sho, and all I use from kdenetwork are kmail and kdict. I was just wondering how hard it would be to be able to do "customized" build, as in: ./configure --enable-apps=kmail,kdict --etc and just compile/install the requested programs. Currently, for kdegames, I just do a make install in libkdegames and kshisen, but that's kind of ugly. I would be eternally grateful if I could pick and choose my base applications, so compile times and disk usage would be greatly diminished.
Re: Customized builds - Andy - 2002-12-22
Hi! I just want to make sure: do you know 'setenv DO_NOT_COMPILE 'foo bar ....''? Andy
Re: Customized builds - KDE User - 2002-12-22
You are my hero! Thank you so much.
KDE 3.0.5a on Debian - Ken Arnold - 2002-12-22
As of this writing, Debian packages of KDE 3.0.5a have not yet been uploaded to download.us.kde.org. Debian users who are using something like: deb http://download.us.kde.org/pub/kde/stable/latest/... in /etc/apt/sources.list will get an HTTP 404 error when trying to update. Either wait until the Debian packages are updated, replace '/latest/' with '/3.0.5/', or wait until Debian includes KDE 3.x in the distribution (whenever that is...?).
Version number - Stefan Nikolaus - 2002-12-22
Why do you use 3.0.5a as version number? Why not 3.0.6?
Re: Version number - Nicolas Hadacek - 2002-12-22
If I remember well, KDE_3_0_6 branch was already used in early development of KDE 3.1 ...
Re: Version number - JC - 2002-12-22
It should be exactly the same as kde-3.0.5 plus the security fixes. No others bug fixes. May be a kde-3.0.5.1 would be better :-)
Error compiling kdepim-3.0.5a - yellowfish - 2002-12-22
I got the following error when compiling kdepim: make[3]: Entering directory `/usr/src/kde-3.0.5a/kdepim-3.0.5a/kalarm' cp ../kalarmd/alarmguiiface.h . ...... g++ -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../libical/src/libical -I../libical/src/libical -I/opt/kde-3.0.5a/include -I/opt/qt/include -I/usr/X11R6/include -DQT_THREAD_SUPPORT -D_REENTRANT -DNDEBUG -DNO_DEBUG -O2 -fno-exceptions -fno-check-new -c -o kalarm.all_cpp.o `test -f kalarm.all_cpp.cpp || echo './'`kalarm.all_cpp.cpp In file included from ../libical/src/libical/ical.h:2583, from alarmcalendar.cpp:40, from kalarm.all_cpp.cpp:9: ../config.h:201: warning: `VERSION' redefined kalarm.h:30: warning: this is the location of the previous definition In file included from editdlg.cpp:35, from kalarm.all_cpp.cpp:4: /opt/qt/include/qdir.h:80: parse error before `0' /opt/qt/include/qdir.h:86: missing ';' before right brace /opt/qt/include/qdir.h:88: parse error before `(' /opt/qt/include/qdir.h:89: parse error before `const' /opt/qt/include/qdir.h:91: parse error before `const' ...... /opt/qt/include/qdir.h:128: non-member function `encodedEntryList(int, int)' cannot have `const' method qualifier /opt/qt/include/qdir.h:130: `DefaultFilter' was not declared in this scope /opt/qt/include/qdir.h:131: `DefaultSort' was not declared in this scope /opt/qt/include/qdir.h:131: virtual outside class declaration /opt/qt/include/qdir.h:131: non-member function `encodedEntryList(const QString &, int, int)' cannot have `const' method qualifier /opt/qt/include/qdir.h:132: `DefaultFilter' was not declared in this scope /opt/qt/include/qdir.h:133: `DefaultSort' was not declared in this scope /opt/qt/include/qdir.h:133: virtual outside class declaration /opt/qt/include/qdir.h:133: non-member function `entryList(int, int)' cannot have `const' method qualifier /opt/qt/include/qdir.h:135: `DefaultFilter' was not declared in this scope /opt/qt/include/qdir.h:136: `DefaultSort' was not declared in this scope /opt/qt/include/qdir.h:136: virtual outside class declaration ...... /opt/qt/include/qdir.h:230: no `bool QDir::operator !=(const QDir &) const' member function declared in class `QDir' In file included from /opt/kde-3.0.5a/include/kfiledialog.h:32, from editdlg.cpp:40, from kalarm.all_cpp.cpp:4: /opt/kde-3.0.5a/include/kfile.h: In function `static bool KFile::isSortByName(const QDir::SortSpec &)': /opt/kde-3.0.5a/include/kfile.h:75: confused by earlier errors, bailing out make[3]: *** [kalarm.all_cpp.o] Error 1 make[3]: Leaving directory `/usr/src/kde-3.0.5a/kdepim-3.0.5a/kalarm' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/usr/src/kde-3.0.5a/kdepim-3.0.5a/kalarm' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/src/kde-3.0.5a/kdepim-3.0.5a' make: *** [all] Error 2 Anyone could help? Linux From Scratch 3.3 GCC 2.95.3
Re: Error compiling kdepim-3.0.5a - Waldo Bastian - 2002-12-23
Yup, I can confirm. Either don't configure with --enable-final or move kalarmapp.cpp in the Makefile till after spinbox2.cpp Cheers, Waldo
Re: Error compiling kdepim-3.0.5a - yellowfish - 2002-12-23
Great! I compile sucessfully when configure without --enable-final. A lot of thanks, Waldo.
And 'nothing' will stop me... - antialias - 2002-12-23
Krootwarning: ------------------------ 'You are running a graphical interface as root. This is a bad idea because as root, you can damage your system, and nothing will stop you.' --------------------------------------------------------------------------------------- I am just curious. Who is the 'nothing' ? Why and when is he going to stop me? After I had damaged my system or maybe before? Is the 'nothing' FBI? Maybe I am too paranoic. Is it possible to send Kroot's warning to bugs.kde.org for a semantic & syntactic cleanup?
Re: And 'nothing' will stop me... - anon - 2002-12-23
Or maybe... you're using the wrong language? Try .dk for a change.
Re: And 'nothing' will stop me... - antialias - 2002-12-23
'Or maybe... you're using the wrong language?' Yes, you're right, I always knew english was the wrong language. And I am sorry if I offended you but I can't stop laughing when I read this one: ' This is a bad idea because as root, you can damage your system, and nothing will stop you.' 'Try .dk for a change.' Thanks for the advice 'anon. coward'. Ooops, sorry again, you are only 'anon'. Cheers, antialias
Re: And 'nothing' will stop me... - KamiKaze - 2002-12-23
Dude... Stick to your day job. You will die of hunger as a comedian.
Re: And 'nothing' will stop me... - Sad Eagle - 2002-12-23
No, it';s not possible to send it to bugs.kde.org because it's not part of KDE. Try https://qa.mandrakesoft.com instead.
Re: And 'nothing' will stop me... - Beefy - 2002-12-24
I don't see any errors in this message.
Kudos to the developers - Deephack - 2002-12-23
Dunno if someone has already said this but hats off to the KDE developers for doing the security audit. I'm sure it's not much fun going over all that code looking for these bugs. Their efforts are appreciated by many people I'm sure. Regards, Deephack
What happened to Mandrake Binaries for 3.0.5? - Magnus Pym - 2002-12-25
There have been no Mandrake Binaries for 3.0.5 or 3.0.5a. They are usually very prompt in releasing KDE binaries. Anyone know what happened? Magnus.
Re: What happened to Mandrake Binaries for 3.0.5? - JC - 2002-12-25
They probably enjoy their Christmas break. Wait for a few days :-)