[prev in list] [next in list] [prev in thread] [next in thread]
List: kc-kde
Subject: [kc-kde] dec12 from dkite
From: Derek Kite <dkite () netidea ! com>
Date: 2002-12-05 16:36:53
[Download RAW message or body]
Zack: Here is my stuff for the week. Let me know if I screwed up royally.
Derek
<kc version="0.1.0">
<title>Kernel Cousin KDE</title>
<editor email="zack@kde.org">Zack Rusin</editor>
<issue num="47" date="2002/12/09" />
<intro>
</intro>
<section
title="New addition to KDE-Cousin"
author="Derek B. Kite"
contact="mailto:dkite@shaw.ca"
subject="kde-cvs digest"
archive=""
posts=""
startdate=""
enddate=""
>
<p>I was pleasantly surprised with the reaction when I showed the world my
digests of the kde cvs mailing list.
<a href="http://members.shaw.ca/dkite/index.html"></a>Here</p> are the
archives. The KC-KDE crew asked me to
contribute, and here I am. If they are willing to put up with me, I'll stick
around. I will attempt to cover the
cvs commits, with other pertinent information on the development process.
There were many suggestions on how
to improve the page on <a href="http://dot.kde.org">The Dot</a>, most of them
boiling down to having more
information on the page rather than links. Please comment on what you read, if
you have any suggestions, or see
any stupid mistakes, please let me know.
And I will try to do this weekly. This is week 5, so far so good.
</section>
<section
title="Patience is a Virtue"
author="Derek B. Kite"
contact="mailto:dkite@shaw.ca"
subject="3.1 Release?"
archive=""
posts=""
startdate="03 Nov 2002 18:50:04"
enddate="04 Nov 2002 22:37:02"
>
<p>emerge -u kde No such directory `pub/kde/stable/3.1/src'.</p>
<p>KDE 3.1 hasn't shown up even in the bleeding edge distributions such as
<a href="http://www.gentoo.org">Gentoo</a>. The tarballs have been made up and
released to the packagers.
What is the holdup? The usual 'allow time for testing' is one factor of
course. How much effect does the appearance
of a whole bunch of security fixes in the cvs repository? More on that
later.</p>
</section>
<section
title="Release manager"
author="Derek B. Kite"
contact="mailto:dkite@shaw.ca"
subject="New release manager"
archive="http://lists.kde.org/?l=kde-i18n-doc&m=103868200821678&w=2"
posts="5"
startdate="Nov 30 2002 18:43:34"
enddate="Dec 2 2002 22:54:36"
>
Dirk Mueller, who has been KDE release manager since sometime in August 2001
said in a
<a
href="http://rvce.ac.in/modules.php?op=modload&name=News&file=article&sid=3">Linux
and Main interview</a>
<quote who="Dirk Mueller"> Waldo Bastian, the release coordinator for KDE 2.2,
asked for volunteers for
coordinating the KDE 3.x release cycle. For reasons I can't explain anymore I
volunteered. My candidacy
was broadly accepted by the other core developers and contributors.</quote>
Dirk Mueller announced
<quote who="Dirk Mueller">
Now that KDE 3.1 is finally finished, there are some things to announce.
Most importantly, while I will still coordinate the KDE 3.1.x patch
releases, I won't do the KDE 3.2 release any more.
I've asked around the last few days and Stephan Kulow volunteered to be
release dude for 3.2. Therefore, if there is nobody else who'd like to
volunteer, he's going to be the successor.
I'd suggest the following procedure:
- If nobody else volunteered till December 7th, Stephan Kulow is going
to be the release dude for 3.2
- If there are other volunteers, we have to do a vote.
</quote>
Waldo Bastian replied <quote who="Waldo Bastian">
I would like to thank you for all the hard work you have put in all the KDE
3.x releases. It can be a very tedious job at times, but I think you have
done great. I don't think many people will be able to put up with it for two
major releases like you did. Thank you very much!
</quote>
Christopher Molnar also replied <quote who="Christopher Molnar">
I want to thank you for the wonderful job you have done! I do not envy
anyone in that position. (And NO I do not volunteer :-) )
No you get to have a life! </quote>
<p>Others added how much they appreciated Dirk's work, and agreed with Stephan
Kulow as successor.
I imagine the job of a release manager on a free software project is akin to
herding cats. My deepest
respect goes to those who have done the job, and those who would take it
on.</p>
</section>
<section
title="Bug fixes"
author="Derek B. Kite"
contact="mailto:dkite@shaw.ca"
subject="bug fixes"
archive=""
posts=""
startdate=""
enddate=""
>
<p>I hope to have a weekly changelog for the next edition.</p>
Bugs.kde.org<br>
<a href="http://bugs.kde.org/show_bug.cgi?id=51324">Bug 51324 - Application
version is not registered</a><br>
Cervisia<br>
<a href="http://bugs.kde.org/show_bug.cgi?id=50735">Bug 50735 - commit dialog
box waaaaaay too big</a><br>
I18N<br>
<a href="http://bugs.kde.org/show_bug.cgi?id=50895">Bug 50895 - Untranslatable
string in KWeather</a><br>
Kaddressbook<br>
<a href="http://bugs.kde.org/show_bug.cgi?id=47361">Bug 47361 - location
feature with kaddressbook</a><br>
Khtml<br>
<a href="http://lists.kde.org/?l=kde-cvs&m=103867800318941&w=2">
fix crash on navigation of http://www.ote.gr/</a><br>
<a href="http://lists.kde.org/?l=kde-cvs&m=103884444331794&w=2">fix mem
leaks</a><br>
Klaptopdaemon<br>
<a href="http://bugs.kde.org/show_bug.cgi?id=48657">Bug 48657 - compilation of
portable.cpp fails on Solaris</a><br>
Klickety<br>
<a href="http://bugs.kde.org/show_bug.cgi?id=49245">Bug 49245 - klickety
crashes when closing it</a><br>
KMail<br>
<a href="http://lists.kde.org/?l=kde-cvs&m=103849728330041&w=2">Folder
compaction speedup</a><br>
Knewsticker<br>
<a href="http://bugs.kde.org/show_bug.cgi?id=48837">Bug 48837 - Another RDF
feed wish</a><br>
Kompare<br>
<a href="http://bugs.kde.org/show_bug.cgi?id=49214">Bug 49214 - Filenames with
spaces do not work</a><br>
Kopete<br>
<a href="http://bugs.kde.org/show_bug.cgi?id=49365">Bug 49365 - ICQ-Plugin
Crashes wenn deleting entrys</a><br>
ICQ Plugin <a href="http://bugs.kde.org/show_bug.cgi?id=51345">Bug 51345 -
gravely bad memory consumption</a><br>
MSN Plugin <a href="http://bugs.kde.org/show_bug.cgi?id=50343">Bug 50343 - MSN
error 223 on connect</a><br>
MSN Plugin <a href="http://bugs.kde.org/show_bug.cgi?id=50352">Bug 50352 -
Friendly names with Unicode characters are not properly
displayed</a><br>
MSN Plugin <a href="http://bugs.kde.org/show_bug.cgi?id=50595">Bug 50595 -
keeps recieving messages when logged off of msn</a><br>
Krdc<br>
<a href="http://bugs.kde.org/show_bug.cgi?id=49213">Bug 49213 - posibility to
specify session password from commandline</a><br>
Kscreensaver<br>
<a href="http://bugs.kde.org/show_bug.cgi?id=48681">Bug 48681 - compilation of
kscreensaver/kdesavers/Flux.cpp fails on Solaris</a
><br>
Ksirc<br>
<a href="http://bugs.kde.org/show_bug.cgi?id=44599">Bug 44599 - Cannot drag
HTTP links</a><br>
Kspread<br>
<a href="http://bugs.kde.org/show_bug.cgi?id=51346">Bug 51346 - special paste
screws up row height</a><br>
</section>
<section
title="Security"
author="Derek B. Kite"
contact="mailto:dkite@shaw.ca"
subject="security fixes"
archive=""
posts=""
startdate=""
enddate=""
>
<p>Starting last week, a number of fixes with
<a href="http://lists.kde.org/?l=kde-cvs&m=103852212520796&w=2">Clean up temp
file usage</a> as comment.
Then <a href="http://lists.kde.org/?l=kde-cvs&m=103896492919538&w=2">
"fix passing parameters to shell and a few of the possible buffer
overflows"</a>. Again, this time in KMail,
<a href="http://lists.kde.org/?l=kde-cvs&m=103886484424206&w=2">fix unsafe
usage of system()</a>. There are dozens
of similar fixes throughout KDE. Dirk Mueller, Waldo Bastian and George
Staikos were authors of the fixes.
What is happening? I asked Waldo Bastian this question. "I've noticed you and
Dirk doing commits such as
"Properly quote arguments for system() call" and other system() call changes.
Care to give an illuminating
and lucid comment about what you're doing?" He replied:</p>
<quote who="Waldo Bastian">
<p>We were contacted on security@kde.org about a possible security problem
related to the usage of the system() function in a specific application.
Since system() starts a shell it is important that any arguments passed in
such command, such as filenames, are properly quoted. If that's not the case
a carefully crafted filename could result in the execution of undesired shell
commands. </p> </quote>
<p>He then gave an example of a rather creative way to manipulate the files in
your directory. He then continued:</p>
<quote who="Waldo Bastian">
We are now busy reviewing (and fixing) all uses of system() in KDE CVS.
Probably followed by reviews for some other functions that traditionally lead
to problems.
Cheers,
Waldo
</quote>
<p>This review will obviously take a while, with one type of vulnerability
checked and fixed, then the next.
To assist in finding the common cases, scripts were written, which triggered a
few false alarms.
Oswald Buddenhagen commented after the script found "gets" in a comment
</p><quote who="Oswald Buddenhagen">
this is annoying. idea: a rudimentary c++ parser would preprocess the
old and the new revision by stripping comments and text in strings.
_these_ would be diffed and grepped.
the same preprocessor would of course be used to update the files in
kdesecurity.
no false hits any more ... *dream*
volunteers make one step ahead ... [/me makes one step aback] :) </quote>
<p>then he actually writes one..</p><quote who="Oswald Buddenhagen">
actually, the preprocessor is almost trivial. attached.
possible todo: special-casing for strings in #includes.
dirk: have fun with it. :) </quote>
<p>The scripts are written in perl, and
<a
href="http://webcvs.kde.org/cgi-bin/cvsweb.cgi/kdesecurity/review/scripts/">available
here</a>. The fixes
were applied against head, and the KDE_3_0_BRANCH and KDE_3_1_BRANCH. So we
should soon be seeing updates in
the various distributions. Maybe the 3.1 unavailablility has something to do
with this.</p>
</section>
<section
title="New Features"
author="Derek B. Kite"
contact="mailto:dkite@shaw.ca"
subject="new features"
archive=""
posts=""
startdate=""
enddate=""
>
<b>KMail</b><p>Last week the Kroupware branch of Kmail was merged into head.
Stephan Kulow
<a href="http://lists.kde.org/?l=kde-cvs&m=103849248424899&w=2">ported Don's
KMKernel::config into HEAD</a>.
Don being Don Sanders, who has contributed much to the make_it_cool branch.
Then Mark Mutz committed
<a href="http://lists.kde.org/?l=kde-cvs&m=103856040609265&w=2">from
kroupware_branch:
starting to merge the kmaccount refactoring</a>. Stephan Kulow then
<a href="http://lists.kde.org/?l=kde-cvs&m=103869531030326&w=2">commits</a> a
large portion of
make_it_cool to head, with</p> <quote who="Stephan Kulow">
<p>a little warning: I tested if kmail compiles, starts up and if I can
receive and read mail and all of that is true. Unfortunatly I found
out after the commit that replying is broken.</p>
<p>So please don't update your CVS if you rely on kmail from CVS.</p>
</quote>
<p>This was on Saturday, Nov 30.</p>
<b>Konqueror plugins</b><p>Who was the actor who played Frodo? Instead of
"gg:actor who played frodo", now
there will be another option. Dirk Mueller made
<a href="http://lists.kde.org/?l=kde-cvs&m=103884770503349&w=2">this
commit</a> with this comment:</p>
<quote who="Dirk Mueller">imdb: shortcut (based on .desktop file by Lauri,
thanks!)</quote>
<p>imdb, AKA The Internet Movie Database (IMDb)</p>
Carsten Pfeiffer wrote <quote who="Carsten Pfeiffer">support for mp3-leeching
;) Show all links of
the current html-page in a listview and allow downloading them quickly without
asking for every
filename</quote>
<b>Konsole</b><p>Waldo Bastian added a new feature to Konsole.
<a href="http://lists.kde.org/?l=kde-cvs&m=103849778630611&w=2">ZModem
support</a>.</p>
<b>Kate</b><p>Alain Gibaud added
<a href="http://lists.kde.org/?l=kde-cvs&m=103904316506239&w=2">Highlighing
for Microchip PIC Assembler</a>.</p>
</section>
<section
title="Kword Modes"
author="Derek B. Kite"
contact="mailto:dkite@shaw.ca"
subject="kword modes"
archive=""
posts=""
startdate=""
enddate=""
>
<p>Last week, there was a reference to DTP and WP modes in Kword. I asked
David Faure what this meant.
He replied </p><quote who="David Faure">
<p>WP is the word processing mode, the one in which Word closely resembles
MSWord or OpenOffice's OOWriter. There's a main frameset, which is responsible
for the number of pages that the document has - it will simply show as many
pages as necessary for the text it wants to show.</p>
<p>DTP is a more frame-based mode. Think of a magazine, where many frames
contain
different articles. There's no more "main frameset". In this mode, one can now
append or remove pages more easily.</p>
<p>The way for a user to choose between one and the other mode, is to choose
an appropriate template. Ah, this reminds me that I forgot to commit the empty
DTP template. Will do so now. (The other DTP template is the one called
"Page Layout / Simple Layout").</p>
<p>Maybe I should also add a way to go from WP to DTP and the other way round,
on a given document, but this can be a little bit tricky in some cases.</p>
<p>> Is there a document somewhere that describes the direction you are
taking?</p>
<p>I don't know what the user-documentation says (shame on me :) ... but this
isn't actually a new direction - WP and DTP modes have always existed in
KWord,
and this new stuff is actually coming from user requests.
See for instance wishlists #28235 and #48781 on http://bugs.kde.org.</p>
</quote>
I asked him "Is it ok to use this on the web page?"
He replied
<quote who="David Faure">
Yes - although looking at the discussion that followed up on koffice-devel,
it would be better if you used "Text oriented" instead of what I call "WP"
and "Page Layout" instead of what I call "DTP".
</quote>
<p>While on the subject, I noticed KOffice 1.2.1 was released.</p>
</section>
_______________________________________________
kc-kde mailing list
kc-kde@mail.kde.org
http://mail.kde.org/mailman/listinfo/kc-kde
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic