KDE Security Advisory: URI Handler Vulnerabilities
For the record : KDE.org has published a security bulletin : http://www.kde.org/info/security/advisory-20040517-1.txt There are various problems, but this appears to be the worst bit : The telnet, rlogin, ssh and mailto URI handlers in KDE do not check for '-' at the beginning of the hostname passed, which makes it possible to pass an option to the programs started by the handlers. Impact: [...] A remote attacker could entice a user to open a carefully crafted mailto URI which may start the KMail program with its display redirected to a remote machine under control of the attacker. An attacker can then use this to gain full access to the victims personal files and account. [...] It would appear the right advice is to stop using Konqueror to surf the web until we have our KDEs fixed. As a Woody KDE user I'm aware that the usual packager suspects^H^H^H^H^H^H^H^Hheros are all somewhat preoccupied, so I guess self-help may be required here - but I've never built a Debian KDE package, so if somebody could post a pointer to a simple howto on doing this from a source deb and patches I'd be grateful. Or does anyone know of a plan by some hero to package up KDE 3.2.2(3 ?) for Woody ? [ This comment : "The current schedule is that the Debian backports will be fully public and operational by June 27th, 2004. Thank you for your understanding. Andreas Mueller, Fri Apr 23 2004" is still present at ftp://ftp.plig.org/pub/kde/stable/3.2.2/Debian/README ] Or I suppose switching to Mozilla for a while may be a sensible option ... Cheers Nick Boyce Bristol, UK -- 'If you don't pray in my school, I won't think in your church'
Re: Font Woes - Solved!!!
Nathaniel W. Turner wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 17 May 2004 07:39 pm, Bruce Park wrote: Nathaniel W. Turner wrote: Try putting the following stanza in either your /etc/fonts/local.conf or ~/.fonts.conf: Can you explain what stanzas are? A stanza is a group of lines, like in a poem. So I meant that you should put the following group of lines into your /etc/fonts/local.conf. I'll attach my entire /etc/fonts/local.conf so you can see it in context. false Cheers, nate - -- Make sure your vote will count. http://www.verifiedvoting.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAqVSz25cAeUrFyDIRAqa5AKDHMxL3h/2qt5TMJSwq2noC4fSPBwCgwOPt OoOXJv6yrGWhPDWJPftLgKw= =FtFR -END PGP SIGNATURE- Nathan, OMG! Thank you so much for that tip. Although the font is not as clear as it used to be, at least it's proportional (which is what I wanted). I've been waiting so long to solve this problem for sometime, I really don't know what else I can write here to express my gratitude. bp
Re: Font Woes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 17 May 2004 07:39 pm, Bruce Park wrote: > Nathaniel W. Turner wrote: > > Try putting the following stanza in either your /etc/fonts/local.conf or > > ~/.fonts.conf: > > Can you explain what stanzas are? A stanza is a group of lines, like in a poem. So I meant that you should put the following group of lines into your /etc/fonts/local.conf. I'll attach my entire /etc/fonts/local.conf so you can see it in context. > > > > > > > > false > > > > Cheers, nate - -- Make sure your vote will count. http://www.verifiedvoting.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAqVSz25cAeUrFyDIRAqa5AKDHMxL3h/2qt5TMJSwq2noC4fSPBwCgwOPt OoOXJv6yrGWhPDWJPftLgKw= =FtFR -END PGP SIGNATURE- /var/lib/defoma/fontconfig.d/fonts.conf false
Re: Font Woes
Nathaniel W. Turner wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, On Monday 17 May 2004 12:52 am, Bruce Park wrote: I'm currently using the Luxi Sans font (part of ttf-xfree86-nonfree) on my desktop. For some strange reason, the font looks very ugly. I suspect you dislike the fact that some parts of the characters seem to be uneven. I suggest you try turning off hinting. This will give the font renderer more freedom to make the characters the correct shape, instead of trying so hard to align them on pixel boundaries. Hinting is essential when using non-antialiased fonts, but when using antialiasing (which you are), the limitations imposed by hinting do not improve the smoothness of the font rendering, and often make it worse. Luxi Sans with hinting: http://houseofnate.net/tmp/hinting.png Luxi Sans without hinting: http://houseofnate.net/tmp/no-hinting.png Try putting the following stanza in either your /etc/fonts/local.conf or ~/.fonts.conf: Can you explain what stanzas are? false (All that said, Luxi Sans isn't a great-quality font. And it's non-free. You can do better than that! =) Yes, indeed. These fonts are _non_free. This of course goes against what Debian and free software stands for but sometimes, looks do count. I'm currently using Bitstream Vera Sans for my other fonts but I would really like to get this working just so that I know that I can fix it. Cheers, nate - -- Make sure your vote will count. http://www.verifiedvoting.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAqOfb25cAeUrFyDIRAjVvAJ49dmqrgqCt7gz5wZaE820YdfYjVgCfbYlE rNwLO5MswawJq09KZG7OykQ= =u1S3 -END PGP SIGNATURE-
Re: Font Woes
Sean J. Fraley wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 17 May 2004 12:52 am, Bruce Park wrote: I'm currently using the Luxi Sans font (part of ttf-xfree86-nonfree) on my desktop. For some strange reason, the font looks very ugly. http://www.dolda2000.com/~bpark/snapshot7.png Does anyone have any suggestions on how I can fix this problem? bp Is there any reason to believe that it should look better? Some fonts just look ugl. Sean -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAqIEc+vaNXagSMEIRAl//AJ9Mvvw+RmxbTyN1+JnxKODypQgbPACdHFYs RCq2s1dHOebG95CjM0UdKtQ= =U/mq -END PGP SIGNATURE- Initially, I just gave up on the fact that in Debian, I'll never have these fonts but if Fedora (and RH) can handle them so nicely, there's no reason why Debian can't do the same. bp
Re: kmail and multiple smtp profiles
Am Montag, 17. Mai 2004 17:44 schrieb Kevin Krammer: > On Monday 17 May 2004 12:59, Tobias Kraus wrote: > > Hi all, > > in kmail, I have to use different smtp profiles depending on the > > network I'm connected to. Is it possible that kmail automatically > > tries to use the secondary smtp-server if the primary isn't > > available? If the current primary server is not accessible (due > > to firewall settings) I have to define the secondary as primary > > server manually. > > You can generate the value for a KDE application's config entry > with an application. > http://www.kde.org/areas/sysadmin/config_file.php#shell_expansion Hi Kevin, it didn't work, as the order of the smtp-server are coded in the headers of the configuration entries ([Transport 1] and [Transport 2]) Only the [Transport 1] setting is used for sending emails. To use the [Transport 2], you have to change the order in the settings dialog box - and it seems that it is not possible to use the output of a program to change the name of the group header. Thank you anyway - maybe its useful in future time, Tobias > > Maybe you can use this. > > Cheers, > Kevin -- Diese Email-Adresse dient nur als Spam-Ziel. Nachrichten an diese Adresse werden nicht gelesen! This email address is a spam-tarpit. Mails sent to this address are not read!
FW: Trying to contact Mark S. Masse
Please send reply not to LIBRARY, but to [EMAIL PROTECTED] -Original Message- From: UWW Library [mailto:[EMAIL PROTECTED] Sent: Mon 5/17/2004 12:19 PM To: debian-kde@lists.debian.org Cc: Perham, Faustine L Subject: Trying to contact Mark S. Masse My name is Dr. Perham with the University of Wisconsin System([EMAIL PROTECTED]). I am tryiing to contact Mark S.Masse who has an L-system apple on the web, but within the last few days, it has been blocked out. I tried the email address [EMAIL PROTECTED], but it didn't go through. Do I have the right Masse? If so, could you please halp me and have him contact me, since it involves a deadlline for a published paper.
Trying to contact Mark S. Masse
My name is Dr. Perham with the University of Wisconsin System([EMAIL PROTECTED]). I am tryiing to contact Mark S.Masse who has an L-system apple on the web, but within the last few days, it has been blocked out. I tried the email address [EMAIL PROTECTED], but it didn't go through. Do I have the right Masse? If so, could you please halp me and have him contact me, since it involves a deadlline for a published paper.
Re: Font Woes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, On Monday 17 May 2004 12:52 am, Bruce Park wrote: > I'm currently using the Luxi Sans font (part of ttf-xfree86-nonfree) on my > desktop. For some strange reason, the font looks very ugly. I suspect you dislike the fact that some parts of the characters seem to be uneven. I suggest you try turning off hinting. This will give the font renderer more freedom to make the characters the correct shape, instead of trying so hard to align them on pixel boundaries. Hinting is essential when using non-antialiased fonts, but when using antialiasing (which you are), the limitations imposed by hinting do not improve the smoothness of the font rendering, and often make it worse. Luxi Sans with hinting: http://houseofnate.net/tmp/hinting.png Luxi Sans without hinting: http://houseofnate.net/tmp/no-hinting.png Try putting the following stanza in either your /etc/fonts/local.conf or ~/.fonts.conf: false (All that said, Luxi Sans isn't a great-quality font. And it's non-free. You can do better than that! =) Cheers, nate - -- Make sure your vote will count. http://www.verifiedvoting.org/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAqOfb25cAeUrFyDIRAjVvAJ49dmqrgqCt7gz5wZaE820YdfYjVgCfbYlE rNwLO5MswawJq09KZG7OykQ= =u1S3 -END PGP SIGNATURE-
Re: kmail and multiple smtp profiles
On Monday 17 May 2004 5:59 am, Tobias Kraus wrote: > Hi all, > in kmail, I have to use different smtp profiles depending on the > network I'm connected to. Is it possible that kmail automatically > tries to use the secondary smtp-server if the primary isn't > available? I have 10 smtp profiles listed, and I've never seen that behavior. Kmail uses the 1st in the list, and if that doesn't work, it stops looking. Scott -- R. Scott Granneman [EMAIL PROTECTED] ~ www.granneman.com Join GranneNotes! Information at www.granneman.com Read my blog at http://radio.weblogs.com/0100530 "It is a good thing for an uneducated man to read books of quotations." ---Sir Winston Churchill
Re: Move kmail mail dir
On Sunday 16 May 2004 8:31 pm, Caveman wrote: > Hey all, > By default kmail stores its email messages in ~/Mail > I am wondering if anyone know a way to move this, I also use sylpheed which > uses the ~/Mail folder too. > I use kmail for all my mailing lists and the like, which I want to keep in > a different folder. Go to the Kmail Web site - I think it's kmail.kde.org - and look at the FAQ. Instructions are there. Scott -- R. Scott Granneman [EMAIL PROTECTED] ~ www.granneman.com Join GranneNotes! Information at www.granneman.com Read my blog at http://radio.weblogs.com/0100530 "It is a good thing for an uneducated man to read books of quotations." ---Sir Winston Churchill
Re: kmail and multiple smtp profiles
On Monday 17 May 2004 12:59, Tobias Kraus wrote: > Hi all, > in kmail, I have to use different smtp profiles depending on the > network I'm connected to. Is it possible that kmail automatically > tries to use the secondary smtp-server if the primary isn't > available? If the current primary server is not accessible (due to > firewall settings) I have to define the secondary as primary server > manually. You can generate the value for a KDE application's config entry with an application. http://www.kde.org/areas/sysadmin/config_file.php#shell_expansion Maybe you can use this. Cheers, Kevin pgpD6408LWiHd.pgp Description: signature
Re: Move kmail mail dir
On Monday 17 May 2004 03:31, Caveman wrote: > Hey all, > By default kmail stores its email messages in ~/Mail > I am wondering if anyone know a way to move this, I also use sylpheed which > uses the ~/Mail folder too. > I use kmail for all my mailing lists and the like, which I want to keep in > a different folder. > > I looked around in the kmail options, but I cant find anything. > > Any ideas ? http://kmail.kde.org/manual/faq.html#id2792815 Cheers, Kevin pgpHVXGwazkOy.pgp Description: signature
Konqueror prints in A3 size
Hi folks, I have a strange problem. The only way to print out a webpage from Konqueror in A4, is to print it out in A3 size into a postscript file, resize the ps file to A4 and print out the resulting A4 sized postscript with kghostview. Konqueror print to file (out.ps) -> paper size: A3 psresize out.ps (A3 -> A4) kghostview -> print out.ps Otherwise the webpage is distorted. However, I could print out a webpage in the right size from my wife's KDE profile (same machine, same printer, different settings). Konqueror -> paper size: A4 -> OK :-) I do not know where to search for the differences in these two settings. Thanking you in advance, Tamas
Re: background: world time zones
On Monday 17 May 2004 14:58, Uwe Brauer wrote: > Thanks for you help, it is really odd, now kcontrol tells me that I am > in kde.3.2.2 (during installation of kworldclock several upgrades were > performed, however this kde version is not part neither woody, sarge > nor sid). KDE 3.2.2 has been in sid for a couple of weeks now - and I now suspect you have a mix of packages from 3.2.2 and a previous version which may explain strange problems you're having - could you try a full dist-upgrade to bring everything on your system to a concurrent level? > In any case under Did you mean to leave this sentence half-finished? I do that a lot! :) > no it is not there, the option to use a appear only the option > bleeding. > Strange Uwe, I think the language barrier has come between us - I simply don't understand what you're trying to say :( Could you perhaps post a screenshot of what your 'Advanced Options' window looks like (use the 'ksnapshot' package to do this) Mine looks like http://bum.net/snapshot1.jpg Cheers, Gavin.
Re: background: world time zones
On 17 May 2004, [EMAIL PROTECTED] wrote: > > As above.. kcontrol -> Appearance and Themes -> Background .. now Thanks for you help, it is really odd, now kcontrol tells me that I am in kde.3.2.2 (during installation of kworldclock several upgrades were performed, however this kde version is not part neither woody, sarge nor sid). In any case under > look on the right just underneath the picture of the monitor, > there's "Advanced Options", now select "use the following program > for drawing the background" and you should then be able to select no it is not there, the option to use a appear only the option bleeding. Strange > "kdeworld" from the list. > > Cheers, Gavin.
Re: background: world time zones
On Monday 17 May 2004 14:29, Uwe Brauer wrote: > Well, I found kworldclock, which seems pretty much what you are > describing, however I fail to configure it as a background, since I > don't find the corresponding walletpaper. As above.. kcontrol -> Appearance and Themes -> Background .. now look on the right just underneath the picture of the monitor, there's "Advanced Options", now select "use the following program for drawing the background" and you should then be able to select "kdeworld" from the list. Cheers, Gavin.
Re: background: world time zones
On 17 May 2004, [EMAIL PROTECTED] wrote: > On Monday 17 May 2004 10:53, Uwe Brauer wrote: > >>> kcontrol -> Appearance and Themes -> Background -> Advanced -> [x] >>> Use the following program... -> kdeworld >> >> Thanks, but seems not to be in kde 3.1.5, I might upgrade then > > The Debian package you need is called 'kworldwatch' - I'm sure it > was part of KDE 3.1.5, but you simply may need to install this > package :) > > Cheers, Gavin. Well, I found kworldclock, which seems pretty much what you are describing, however I fail to configure it as a background, since I don't find the corresponding walletpaper. Uwe
kmail and multiple smtp profiles
Hi all, in kmail, I have to use different smtp profiles depending on the network I'm connected to. Is it possible that kmail automatically tries to use the secondary smtp-server if the primary isn't available? If the current primary server is not accessible (due to firewall settings) I have to define the secondary as primary server manually. Thanks, Tobias -- Diese Email-Adresse dient nur als Spam-Ziel. Nachrichten an diese Adresse werden nicht gelesen! This email address is a spam-tarpit. Mails sent to this address are not read!
Re: background: world time zones
On Monday 17 May 2004 10:53, Uwe Brauer wrote: > > kcontrol -> Appearance and Themes -> Background -> Advanced -> [x] > > Use the following program... -> kdeworld > > Thanks, but seems not to be in kde 3.1.5, I might upgrade then The Debian package you need is called 'kworldwatch' - I'm sure it was part of KDE 3.1.5, but you simply may need to install this package :) Cheers, Gavin.
Re: background: world time zones
On 15 May 2004, [EMAIL PROTECTED] wrote: > On Friday 14 May 2004 11:39 am, Uwe Brauer wrote: >> Hello >> >> Windows XP comes with nice background, the world time zones. Is >> there anything similar in kde/debian. > > I haven't seen the thing you're talking about, but we have a world > map background thing. > > Um... > > kcontrol -> Appearance and Themes -> Background -> Advanced -> [x] > Use the following program... -> kdeworld > Thanks, but seems not to be in kde 3.1.5, I might upgrade then
Re: Font Woes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 17 May 2004 12:52 am, Bruce Park wrote: > I'm currently using the Luxi Sans font (part of ttf-xfree86-nonfree) on my > desktop. For some strange reason, the font looks very ugly. > > http://www.dolda2000.com/~bpark/snapshot7.png > > Does anyone have any suggestions on how I can fix this problem? > > bp Is there any reason to believe that it should look better? Some fonts just look ugl. Sean -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAqIEc+vaNXagSMEIRAl//AJ9Mvvw+RmxbTyN1+JnxKODypQgbPACdHFYs RCq2s1dHOebG95CjM0UdKtQ= =U/mq -END PGP SIGNATURE-