'Re: KDE 2.2.1: Ready to roll?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: KDE 2.2.1: Ready to roll?
From:       Dawit Alemayehu <adawit () kde ! org>
Date:       2001-09-03 6:46:59
[Download RAW message or body]

On Monday 03 September 2001 02:18, Waldo Bastian wrote:
> Hiya,
>
> I'm about to make packages for KDE 2.2.1 but before I do I would like to
> know the status of the following:
>
> *) Desktop problems, I have seen a number of problems with icon-locations
> on the desktop coming by... is this still an open issue or is it fixed?
>
> *) Security: access of ports like telnet with HTTP POST requests among
> others. A patch for this was committed to CVS and then withdrawn again, is
> this going to be fixed?
>
> *) Security: Access of "unexpected" protocols like "cdrom:" or "pop3:"
> should be restricted. Any plans to fix this?
>
> Cheers,

Hi Waldo,

Please hold off a week on this since there are a couple of issues that IMHO need 
to be fixed for the 2.2.1 release unless ofcourse we are going to do a 2.2.2 release
as well.  The issues I am working on are:

- Proxy tunneling problems in http one of which is a SECURITY fix since we end up
  sending incorrect headers to a tunneled connection.  See commit messages in the
  head brach for kio_http.  However, this mainly applies to those people that use an
  authenticating proxy server.  On the other hand though the incorrect HEADER format 
 we use after we tunneled through indeed has a subtle effect on all proxy users.

- Cookie handling problems with the cookiejar.  We still have cookie issues and I think
  I have it figured out now as I indicated on the REQUEST I posted.  This bug/problem 
  has been the single cause for problem in logging into mail.lycos.com.  I am also willing 
  to bet that it is the the cause for almost all the open cookie related problems that are
  still in the bug database.  Anyways, if you need details on the problem let me know and 
  I will explain.  The fix I commited into HEAD branch to deal with this is not entirely correct 
  as pointed out to me by David and which is absolutely correct.  I am fixing that as we 
  speak and I would need people to test it.

Anyways, I would really like to see this make the 2.2.1 cut, but if not I want to see at
least one more 2.2.x release where these fixes can be incorporated into...

Regards,
Dawit A.

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic