The KDE Project today released a
security advisory
affecting all versions of KDE 2 and KDE 3. The advisory is the culmination of
the security audit which delayed
the release of KDE 3.1 until January. The KDE Project strongly encourages all KDE users to upgrade to
KDE 3.0.5a, which was also
announced
today, or to apply the
patches provided
for KDE 2.2.2. Due to the year-end Holidays, few binary packages are
available at this time. Please check
the KDE 3.0.5a information
page and your vendor's website periodically for available packages.
Note that some vendors are expected to incorporate
the security improvements into new builds of KDE 3.0.5.
Dot Categories:
Comments
While downloading the source for 3.0.5a and thinking of the long compile ahead on my Athlon 800 (yes, I need to compile, I make modifications to a number of the programs in KDE), I got to realizing that there aren't really that many programs in the base KDE distribution that I use. For example, all I use from kdegames is Shisen-Sho, and all I use from kdenetwork are kmail and kdict.
I was just wondering how hard it would be to be able to do "customized" build, as in: ./configure --enable-apps=kmail,kdict --etc and just compile/install the requested programs. Currently, for kdegames, I just do a make install in libkdegames and kshisen, but that's kind of ugly. I would be eternally grateful if I could pick and choose my base applications, so compile times and disk usage would be greatly diminished.
Hi!
I just want to make sure: do you know 'setenv DO_NOT_COMPILE 'foo bar ....''?
Andy
You are my hero! Thank you so much.
As of this writing, Debian packages of KDE 3.0.5a have not yet been uploaded to download.us.kde.org. Debian users who are using something like:
deb http://download.us.kde.org/pub/kde/stable/latest/...
in /etc/apt/sources.list will get an HTTP 404 error when trying to update. Either wait until the Debian packages are updated, replace '/latest/' with '/3.0.5/', or wait until Debian includes KDE 3.x in the distribution (whenever that is...?).
Why do you use 3.0.5a as version number? Why not 3.0.6?
If I remember well, KDE_3_0_6 branch was already used in early development of KDE 3.1 ...
It should be exactly the same as kde-3.0.5 plus the security fixes. No others bug fixes.
May be a kde-3.0.5.1 would be better :-)
I got the following error when compiling kdepim:
make[3]: Entering directory `/usr/src/kde-3.0.5a/kdepim-3.0.5a/kalarm'
cp ../kalarmd/alarmguiiface.h .
......
g++ -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I../libical/src/libical -I../libical/src/libical -I/opt/kde-3.0.5a/include -I/opt/qt/include -I/usr/X11R6/include -DQT_THREAD_SUPPORT -D_REENTRANT -DNDEBUG -DNO_DEBUG -O2 -fno-exceptions -fno-check-new -c -o kalarm.all_cpp.o `test -f kalarm.all_cpp.cpp || echo './'`kalarm.all_cpp.cpp
In file included from ../libical/src/libical/ical.h:2583,
from alarmcalendar.cpp:40,
from kalarm.all_cpp.cpp:9:
../config.h:201: warning: `VERSION' redefined
kalarm.h:30: warning: this is the location of the previous definition
In file included from editdlg.cpp:35,
from kalarm.all_cpp.cpp:4:
/opt/qt/include/qdir.h:80: parse error before `0'
/opt/qt/include/qdir.h:86: missing ';' before right brace
/opt/qt/include/qdir.h:88: parse error before `('
/opt/qt/include/qdir.h:89: parse error before `const'
/opt/qt/include/qdir.h:91: parse error before `const'
......
/opt/qt/include/qdir.h:128: non-member function `encodedEntryList(int, int)' cannot have `const' method qualifier
/opt/qt/include/qdir.h:130: `DefaultFilter' was not declared in this scope
/opt/qt/include/qdir.h:131: `DefaultSort' was not declared in this scope
/opt/qt/include/qdir.h:131: virtual outside class declaration
/opt/qt/include/qdir.h:131: non-member function `encodedEntryList(const QString &, int, int)' cannot have `const' method qualifier
/opt/qt/include/qdir.h:132: `DefaultFilter' was not declared in this scope
/opt/qt/include/qdir.h:133: `DefaultSort' was not declared in this scope
/opt/qt/include/qdir.h:133: virtual outside class declaration
/opt/qt/include/qdir.h:133: non-member function `entryList(int, int)' cannot have `const' method qualifier
/opt/qt/include/qdir.h:135: `DefaultFilter' was not declared in this scope
/opt/qt/include/qdir.h:136: `DefaultSort' was not declared in this scope
/opt/qt/include/qdir.h:136: virtual outside class declaration
......
/opt/qt/include/qdir.h:230: no `bool QDir::operator !=(const QDir &) const' member function declared in class `QDir'
In file included from /opt/kde-3.0.5a/include/kfiledialog.h:32,
from editdlg.cpp:40,
from kalarm.all_cpp.cpp:4:
/opt/kde-3.0.5a/include/kfile.h: In function `static bool KFile::isSortByName(const QDir::SortSpec &)':
/opt/kde-3.0.5a/include/kfile.h:75: confused by earlier errors, bailing out
make[3]: *** [kalarm.all_cpp.o] Error 1
make[3]: Leaving directory `/usr/src/kde-3.0.5a/kdepim-3.0.5a/kalarm'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/usr/src/kde-3.0.5a/kdepim-3.0.5a/kalarm'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/usr/src/kde-3.0.5a/kdepim-3.0.5a'
make: *** [all] Error 2
Anyone could help?
Linux From Scratch 3.3
GCC 2.95.3
Yup, I can confirm.
Either don't configure with --enable-final or move kalarmapp.cpp in the Makefile till after spinbox2.cpp
Cheers,
Waldo
Great! I compile sucessfully when configure without --enable-final.
A lot of thanks, Waldo.
Krootwarning:
------------------------
'You are running a graphical interface as root.
This is a bad idea because as root, you can damage your system, and nothing will stop you.'
---------------------------------------------------------------------------------------
I am just curious.
Who is the 'nothing' ? Why and when is he going to stop me? After I had damaged my system or maybe before? Is the 'nothing' FBI?
Maybe I am too paranoic. Is it possible to send Kroot's warning to bugs.kde.org for a semantic & syntactic cleanup?
Or maybe... you're using the wrong language? Try .dk for a change.
'Or maybe... you're using the wrong language?'
Yes, you're right, I always knew english was the wrong language. And I am sorry if I offended you but I can't stop laughing when I read this one: ' This is a bad idea because as root, you can damage your system, and nothing will stop you.'
'Try .dk for a change.'
Thanks for the advice 'anon. coward'. Ooops, sorry again, you are only 'anon'.
Cheers,
antialias
Dude... Stick to your day job. You will die of hunger as a comedian.
No, it';s not possible to send it to bugs.kde.org because it's not part of KDE. Try https://qa.mandrakesoft.com instead.
I don't see any errors in this message.
Dunno if someone has already said this but hats off to the KDE developers for doing the security audit. I'm sure it's not much fun going over all that code looking for these bugs. Their efforts are appreciated by many people I'm sure.
Regards,
Deephack
There have been no Mandrake Binaries for 3.0.5 or 3.0.5a.
They are usually very prompt in releasing KDE binaries.
Anyone know what happened?
Magnus.
They probably enjoy their Christmas break. Wait for a few days :-)