|
| This Week... |
|
A security fix developed for KDM, covering KDE 3.3.0 to 3.5.7. A KioBrowser data engine, HDD monitor applet, and general layout work in Plasma. More refinements in Parley (formerly KVocTrain). GeoData subproject in Marble to support popular geographic data formats. An AI player added to Kombination. Development renewed on the KPicross game. Basic printing support in Gwenview. Improved mimetype detection, as per the cross-desktop specifications. More work on text highlighting in Kate. Continued developments and optimisations in Akonadi, including the OpenChange (Exchange) connector. Further work on the GStreamer Phonon backend. Colourspace work in Krita, greater definition given to KChart2. File management part in Konqueror is replaced by a shared Dolphin part usage. More KDE SVN reorganisations.
|
Brad Hards discusses work on the OpenChange plugin for Akonadi:
|
Microsoft Exchange support has been a long-requested feature for KMail (add bug number). Of course, if the Exchange administrator has enabled IMAP, then you can use that to get your email. However if you want all the groupware features, then you really need to be able to use the native protocols.
The native protocols are normally called "MAPI", which is slightly misleading, but convenient. There are really two protocols that run over Microsoft Remote Procedure Call (RPC) - one for the message store (the EMSMDB protocol), and one for the address book (the NSPI protocol).
Akonadi is the next-generation groupware infrastructure, currently under development as part of KDE-PIM. Akonadi components communicate using D-Bus (rather than the normally shared library arrangement we normally have within KDE), so to provide "native MAPI" within Akonadi, we need an application that conceptually translates Akonadi D-Bus calls into matching Exchange RPC calls. That would be a lot of work to do from scratch, but fortunately, we don't need to.
There are a couple of applications in the Open Source/Free Software world that have extensive experience with Microsoft RPC - Wireshark and Samba.
OpenChange is a project that builds on Samba (Wireshark is also used for development, but not at run-time) to provide support for the client-side and server-side "MAPI protocols". The client-side consists of two libraries and some command-line applications, and the server-side consists of a server plugin for Samba. Both client and server components rely on Samba 4, which has some architectural changes that really help to build add-ons like OpenChange - certainly it wouldn't be possible to build OpenChange with Samba 3.
The Akonadi resource that I've been working on uses one of the client-side OpenChange libraries to provide access to a Microsoft Exchange server from an Akonadi client application. It will also provide access to an OpenChange server when this is complete. There is a long way to go, but we do have proof-of-concept access to mail and contact information from a Microsoft Exchange server (any of Exchange 5.5, Exchange 2000, Exchange 2003, Small Business Server or Exchange 2007).
The Akonadi OpenChange resource doesn't have much of a GUI, and screenshots of debugging output are pretty boring, but if you use the akonadiconsole demo application, you can see the resource in action.
Note that the folder names are as returned from the server, and all the data in the contact is from the server (created using Outlook 2003 and saved to an Exchange 2007 server). Even the fish image is from the contact created in Outlook.
The Akonadi OpenChange resource can't actually be distributed as a binary at this stage, because of the Samba 4 dependency which introduces a GPLv2 / GPLv3 conflict. I'm confident that will be resolved at some stage in the future though - hopefully for KDE 4.1 which is where Akonadi should become more widely used.
There is still a very long way to go, and (as always) more help is needed in many areas:- OpenChange could use some development assistance, and much more testing. Assistance with getting the Windows port to work would also be most welcome.
- Akonadi is progressing, but still needs some more work. It would be particularly useful if there were more Models and Views. This can be done without access to an Exchange server.
- I'd love some help with the Akonadi OpenChange resource, especially if you're at all familiar with Outlook/Exchange/MAPI, or Akonadi.
- Akonadi isn't really designed to send mail (of any kind), but we do need to support sending mail over MAPI protocols. That will require changes to the MailTransport classes within kdepimlibs.
If you'd like to get involved, please get in contact with me. I'd like to see some corporate involvement too - especially for OpenChange which has potential benefits well beyond KDE (note that I'm not looking for any financial support myself).
|
|
Dirk Mueller announces a KDE Security Advisory: KDM passwordless login vulnerability:
|
Original Release Date: 2007-09-19
URL: http://www.kde.org/info/security/advisory-20070919-1.txt
0. References
CVE-2007-4569
1. Systems affected
KDM as shipped with KDE 3.3.0 up to including 3.5.7. KDE 3.2.x and older and newer versions than KDE 3.5.7 are not affected.
2. Overview
KDM can be tricked into performing a password-less login even for accounts with a password set under certain circumstances, namely autologin to be configured and "shutdown with password" enabled.
This vulnerability was discovered and reported by Kees Huijgen.
3. Impact
KDM might allow a normal user to login as another user or even root without properly supplying login credentials.
4. Solution
Source code patches have been made available which fix these vulnerabilities. Contact your OS vendor / binary package provider for information about how to obtain updated binary packages.
5. Patch
A patch for KDE 3.5.0 - KDE 3.5.7 is available from ftp://ftp.kde.org/pub/kde/security_patches:
ee6c57046902c5b5a32a4699558baafc post-3.5.7-kdebase-kdm.diff
A patch for KDE 3.3.0 - KDE 3.4.2 is available from ftp://ftp.kde.org/pub/kde/security_patches:
ad7333a336bdbaef7fae5e74cd12119b post-3.4.2-kdebase-kdm.diff
|
|
It has been a while since I last congratulated a contributor on their weekly bug killing score (this reduced bug killing rate really reflects the strong shift in development towards KDE 4, where bugs haven't started to be filed yet), but I feel a hearty thumbs up should go to Urs Wolfer, who closed 38 bugs this week (many of them due to the recent merge of the KRDC Summer of Code project back into trunk)!
Also of note is the "interesting" composition and relatively low percentages of the KDE 4 internationalisation (i18n) status - this will rapidly change once KDE 4 is in string freeze and the translators have a solid target to aim for.
|
|
| Statistics |
|
| Contents |
|
|
Bug Fixes |
Features |
Optimise |
Security |
Other |
|
Accessibility |
 |
|
|
|
|
|
Development Tools |
|
![[*]](/images/standard/features) |
|
|
![[*]](/images/standard/other) |
|
Educational |
![[*]](/images/standard/bugfixes) |
|
|
|
|
|
Graphics |
|
|
|
|
|
|
KDE-Base |
|
|
![[*]](/images/standard/optimise) |
![[*]](/images/standard/security) |
|
|
KDE-PIM |
|
|
|
|
|
|
Office |
|
|
|
|
|
|
Konqueror |
|
|
|
|
|
|
Multimedia |
|
|
|
|
|
|
Networking Tools |
|
|
|
|
|
|
User Interface |
|
|
|
|
|
|
Utilities |
|
|
|
|
|
|
Games |
|
|
|
|
|
|
Other |
|
|
|
|
|
|
|
Bug Fixes |
|
|
|
|
|
|
|
|
|
|
|
Sebastian Trueg committed changes in /branches/work/soprano2/backends:
|
Found an impressive threading bugp
I used to lock QReadWriteLock twice for reading when creating an iterator. Once for the method itself with a QReadLocker and once for the iterator. Sometimes that would block.
The problem is that QReadWriteLock favors write locks over read locks, i.e. if a write lock is pending no read lock can be aquired, even a recursive one like the one I did would not get through.
Now for example listStatement would lock, then create the iterator, and then try to lock again. But if between the first and second lock a write operation started, the second read lock would block and wait for the write which in turn waits for the first read lock. -> dead lock.
Wow, it took me hours and hours to find that bug. But it really shows how tricky threaded programming is. :) |
|
|
|
|
|
|
|
|
|
|
David Faure committed changes in /trunk/KDE/kdelibs/kio:
|
Fix adding symlinks to archives (QFileInfo::symLinkTarget() resolves to a full path, which we don't want in an archive!)
Fix extraction of symlinks |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Urs Wolfer committed a change to /trunk/KDE/kdenetwork/krfb/manageinvitationsdialog.cpp:
|
Fix two issues reported by Dirk:
* don't crash after deleting the first invitation in the list if there are more than one* be able to connect to the VNC server right after the invitation has been created; don't wait until the dialog has been closed |
|
|
|
|
|
|
Office |
|
John Tapsell committed changes in /trunk/koffice/kformula/flake:
|
This bug took us all day to track down.
Basically QPainter:drawLine and QPainter::drawRect takes 4 ints, not reals, so this lack of precision causes rounding errors at high zooms. |
|
|
|
|
|
|
|
|
Utilities |
|
Rolf Eike Beer committed a change to /trunk/KDE/kdeutils/kgpg/keylistview.cpp:
|
Fix list of selected items
Make sure that only visible items are in the list of selected ones. Otherwise the behaviour is very strange:
startup -> mark all -> refresh keys possible
expand a key -> collapse it -> mark all -> refresh keys not possible
This is because in the second example all items get selected, including the invisible signatures. |
|
|
|
|
|
|
Rolf Eike Beer committed changes in /trunk/KDE/kdeutils/kgpg:
|
Fix UTF8 in Options dialog
I just wanted to replace "--with-colon" with "--with-colons". But then I noticed that this is another place where listing the keys is duplicated and again the UTF8 decoding was wrong. So I moved the more general stuff into KgpgInterface and removed all that hand-made key listing stuff.
An additional goodie is that now the key pairs are listed first in the combo boxes. Since the "always encrypt with" key is usuall one of your secret ones this allows the user to select it much faster than before. |
|
|
|
|
|
|
Features |
|
|
|
|
|
|
|
Educational |
|
Aleix Pol Gonzalez committed changes in /trunk/KDE/kdeedu/kalgebra/src:
|
Modified 2D Functions structure, now it will be easier to add new function types.
FIXED a couple of bugs that I added in one of the last commits (shame on me :P)
libanalitza is not shared anymore. I prefer to have statically linked by now so I don't have to install on every change. |
|
|
|
|
|
|
|
|
|
|
Frederik Gladhorn committed changes in /trunk/KDE/kdeedu:
|
Make the grammar practice selection much better.
In the config dialog one can check the grammar tests to use now. This also allows for adverb (mixed with adjective or alone) tests.
Give the doc default grammar when using the wizard.
Rewrite the type for test selection funtion as checkType.
Deprecate a function that probably doesn't work, esp if multiple word types are allowed to share a special type. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Pino Toscano committed changes in /branches/kig/post-kde-3.5/kig/filters:
|
Improve the compatibility with Cabri1.0:
- read object names
- read Text objects (though, the arguments are untested)
- recognize a font line when present (not used at the moment)
- handle angles correctly
improve the internal readText() function. |
|
|
|
|
|
|
Peter Hedlund committed changes in /trunk/KDE/kdeedu/kwordquiz/src:
|
|
A KPageWidget-based interface for KWQ. Better use of screen space and actually quite limited code and string changes. Also simplifies the menu and toolbars. |
|
|
|
|
|
|
Frederik Gladhorn committed changes in /trunk/KDE/kdeedu:
|
Rewrite the article class using enums, only one get/set function is needed now.
So far we only read/write singular. But support is there for plural and dual.
Deprecated old constructor with arguments, but leave it for now, since porting will take some time.
This breaks compability with articles in kvtml2 docs!
Port parley to use that stuff. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Rafael Fernández López committed changes in /trunk/KDE/kdebase/apps/dolphin/src:
|
Create the new architecture for KCategorizedView. Now DolphinModel is created, inheriting KDirModel for returning valid data for the role of the category of an item. DolphinSortFilterProxyModel implements now methods lessThanCategoryMethod and lessThanGeneralMethod from KCategorizedSortFilterProxyModel.
The only thing that needs to be adapted is the keyboard navigation on the KCategorizedView. |
|
|
|
|
|
|
Richard Dale committed changes in /trunk/playground/base/plasma/applets/ruby-clock:
|
* Added a patch from Matthias Kretz to change the way a ruby applet is loaded and use generic plugin code. Thanks to Matthias for the patch.
* The next step is to move the plugin to kdebindings/ruby/korundum as it can be used by any ruby plugin |
|
|
|
|
|
|
David Faure committed changes in /trunk/KDE/kdelibs/kdecore:
|
Support for multiple occurences of the same key in a ksycocadict, with unit test for both modes (hash and multihash).
This is going to be used very soon for a extension->mimetype sycoca hash. |
|
|
|
|
|
|
David Faure committed changes in /trunk/KDE/kdelibs:
|
Improve mimetype detection as discussed on the XDG list (thread "Shared-mime checking order"), implementing algorithm suggested by Alexander Larsson.
This makes mimetype detection more reliable (same results in all apps, instead of KFileItem not knowing when to refine the mimetype later), faster (when a single extension matches, no mime-magic is needed), and more flexible (we finally handle the case of conflicting extension definitions, like *.ogg or *.doc which can be msword or plain text, we figure out which one it is using mime-magic).
Ported the binary search in the "fast patterns" list to an actual multi-hash in ksycoca (KSycocaDict), which allows to get "all mimetypes matching a given extension", and which should also be much faster (less seeks).
Now I just hope that those changes to the spec will be accepted, otherwise we'll have a useless spec on one hand and a nice implementation in gnome and kde on the other hand... |
|
|
|
|
|
|
|
|
Rivo Laks committed changes in /trunk/KDE/kdebase/workspace/kwin:
|
Add automatic driver detection for compositing options.
This is used to set sane defaults and work around possible driver bugs.
Also, if you have a "whitelisted" driver (nvidia >= 96.39 or intel >= 20061017) then compositing will be enabled by default for you. |
|
|
|
|
|
|
|
|
|
|
Aaron J. Seigo committed changes in /trunk/KDE/kdebase/workspace/plasma/plasma:
|
- form factors are no longer global to Corona, so we just beging to ignore them from the application code
- the context menu is once again handled by things in the library
- one desktopview per screen (xinerama)
this leaves the panel completely broken (so we don't create one). this is the next thing to tackle |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Sebastian Pipping committed a change to /trunk/KDE/kdelibs/kate/utils/katesearchbar.cpp:
|
|
(1) Pressing hotkeys again (Ctrl+F and Ctrl+R by default) selects the line edits current text (2) pattern now inited from selection in incremental mode as well (3) fix for bug leaving one highlighted char when deleting the last remaining letter of a previously matching pattern |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Robert Zwerus committed changes in /branches/work/arzie_akonadi:
|
|
Finished revision checking, including added unit test. Allow ItemStoreJob with only a DataReference (instead of an Item). Update Resources to support revision checking. |
|
|
|
|
|
|
Jason vanRijn Kasper committed changes in /trunk/KDE/kdepim/kpilot:
|
- phew.
- porting effort required for kpluginfactory changes
- thanks to help from PutHuhn and bbroeksema
- there's no telling whether we're functionally equivalent to what was here before. especially suspect is anything that used arguments to our plugins/conduits. but at least now our config widgets show up correctly in kpilot's configuration screen again. |
|
|
|
|
|
|
Brad Hards committed changes in /trunk/KDE/kdepim/akonadi/resources/openchange:
|
Big update of the OpenChange akonadi resource.
This resource can now download a Contact (essentially an address book entry) from the Exchange server and present it as a KABC::Adressee object. Renders OK in akonadiconsole.
Also add in the start of a decompressor for the compressed RTF that is found in several places in Exchange RPC data.
This is being ported from code that mostly does the same thing, but definitely needs more work before being deployed. |
|
|
|
|
|
|
|
|
|
|
Nikolaj Hald Nielsen committed changes in /trunk/extragear/multimedia/amarok/src:
|
|
Just as a relaxing sunday evening project, try to create a simple, alternate playlist view displaying data from the playlist model. Switch views by pressing star icon in playlist toolbar. I know this is somewhat controverisal and might face immediate removal, but I wanted to try it out none the less :-) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Tim Beaulen committed changes in /trunk/playground/multimedia/phonon-backends/gst:
|
I'll need a way to visualise what's going on otherwise it's going to be too hard and too abstract.
This little program will (in the future) show the complete phonon pipeline and in each item the respective gstreamer pads. |
|
|
|
|
|
|
|
|
|
|
|
|
Networking Tools |
|
Matt Rogers committed changes in /branches/work/kopete/break-the-contactlist/kopete:
|
Separate the model creation from the view class.
Use KopeteWindow to be the controlling object for both the view and them model. Since we'll most likely being using proxy models to implement the contact grouping schemes, we need to have an external entity controlling what model the view uses. Besides, the view knowing about it's model is just wrong anyways. :) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Thomas Zander committed changes in /trunk/koffice/libs/flake:
|
You know; on zoom we never actually called 'update'. We just accidentally updated the selection if called from the tool, which left repainting artifacts if the selection was not full screen.
Fix that by actually updating the canvas. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Matthew Woehlke committed changes in /trunk/KDE/kdebase/runtime/kstyles/oxygen:
|
|
improve scrollbar helper code (don't need height), grow scrollbar sliders to fill their groove... this simplifies the drawing code quite a lot and "fixes" the not-bug "can't move vartical scrollbar slider all the way to the top" |
|
|
|
|
|
|
|
|
Matthew Woehlke committed changes in /trunk/KDE/kdebase/runtime/kstyles/oxygen:
|
Bring improved scrollbars into the style; split the scrollbar class into its own file (hmm, this makes copying code from/to the toys much easier...). Scrollbars are now drawn in their final inactive color.
TODO: draw scrollbars in hover color when hovered (and if possible, when their associated view has focus?) |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Optimise |
|
KDE-Base |
|
Marc Mutz committed changes in /trunk/KDE/kdelibs/kdeui/icons:
|
|
Constructing a KIcon must surely be one of the more often-used parts in program startup. The funnier that this is prematurely pessimized by passing around and assinging a QStringList that's unused in 99.99% of cases. Shy away from default arguments. Esp. if you go ahead and switch on them in the function body! This is BC+SC |
|
|
|
|
|
|
|
|
KDE-PIM |
|
Volker Krause committed changes in /trunk/KDE/kdepim/akonadi/server/src/storage:
|
Add a simple cache for record objects. So far only used for small, rarely changing tables since it doesn't have any memory limit yet and ensuring cache consistency requires quite some work.
Nevertheless, it reduces database access by about 30% on average which currently is equivalent to overall performance improvement. |
|
|
|
|
|
|
|
|
Other |
|
|
|
Matt Rogers committed changes in /trunk/KDE/kdesdk:
|
Remove the required dependance on kdepimlibs.
kdepimlibs is only used for the kbugbuster kcal resource plugin and shouldn't keep all of kdesdk from compiling. So we make it optional and everything is all fun and good again. :) |
|
|
|
|
|
|
|
|
|
|
|
|
Tom Albers committed changes in /tags/unmaintained/4:
|
|
These were moved from kdegames to playground/games, but they should have been moved to this place. |
|
|
|
|
|
|
Andreas Beckermann committed changes in /:
|
|
kpoker was moved from kdegames to playground, that's correct, but in the meantime it was heavily updated and (even if development is not currently active) is not unmaintained. it belongs to playground. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
KDE-Base |
|
Albert Astals Cid committed changes in /trunk/KDE/kdebase:
|
set some X-KDE-System-Settings-Parent-Category so that the kcm appear at the same place they do on kubuntu 7.04
Some places are discussable, but for starters better showing them somewhere that nowhere
There are some kcm that still aren't shown anywhere |
|
|
|
|
|
|
|
|
|
|
Ivan Čukić committed changes in /trunk:
|
|
According to the meeting decisions, moving filebrowser engine to plasma's trunk |
|
|
|
|
|
|
Dominik Haumann committed changes in /trunk/KDE/kdelibs:
|
in favour of KDE's configuration mechanism/KPluginSelector remove from KTE::Plugin interface:
* bool supportsConfigDialog()
* void configDialog(QWidget*)
* void readConfig(KConfig*)
* void writeConfig(KConfig*)
Small BIC change within kdelibs. should not affect any other modules. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
