[systemsettings] [Bug 492726] Shift key on neo layout not handled correctly
https://bugs.kde.org/show_bug.cgi?id=492726 Florian Bruhin changed: What|Removed |Added CC||kde@the-compiler.org -- You are receiving this mail because: You are watching all bug changes.
[Falkon] [Bug 434203] Never Ending Loading on Falkon Pages
https://bugs.kde.org/show_bug.cgi?id=434203 Florian Bruhin changed: What|Removed |Added CC||kde@the-compiler.org -- You are receiving this mail because: You are watching all bug changes.
[Falkon] [Bug 420902] Site info falsely claims that connection is secure after certificate exception
https://bugs.kde.org/show_bug.cgi?id=420902 --- Comment #7 from Florian Bruhin --- > It's a simple choice between maintaining a temporary or permanent, per-domain > list of exceptions once a user chooses to ignore the cert error. Which is what I already proposed in comment 1 above. The problem with that is that it will still mark the connection as insecure even after the certificate has been fixed. But we're going in circles here, that's all already explained in the comments above. -- You are receiving this mail because: You are watching all bug changes.
[Falkon] [Bug 420902] Site info falsely claims that connection is secure after certificate exception
https://bugs.kde.org/show_bug.cgi?id=420902 --- Comment #5 from Florian Bruhin --- TW3: No, because there's no way to ask "does the current page have a certificate error" - there's only the QWebEnginePage::certificateError signal which doesn't get emitted anymore after an exception was granted. -- You are receiving this mail because: You are watching all bug changes.
[Falkon] [Bug 420902] Site info falsely claims that connection is secure after certificate exception
https://bugs.kde.org/show_bug.cgi?id=420902 --- Comment #3 from Florian Bruhin --- Agreed that there isn't a proper, clean fix for this. Still, remembering insecure hostnames and always treating them as insecure seems like an acceptable workaround: While still showing "insecure" when the problem is fixed server-side is unfortunate, it's still much better than showing "secure" when the connection isn't. FWIW I added a comment here: https://bugreports.qt.io/browse/QTBUG-80860?focusedCommentId=510104&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-510104 -- You are receiving this mail because: You are watching all bug changes.
[Falkon] [Bug 420902] Site info falsely claims that connection is secure after certificate exception
https://bugs.kde.org/show_bug.cgi?id=420902 --- Comment #1 from Florian Bruhin --- I've looked at how other projects using QtWebEngine handle this case. The only approaches I have found are: - Open a second connection via QSslSocket to check the certificate: https://github.com/vicr123/theweb/commit/5f6cbc6093a1adb4fdf3db829b182139e065319b - Save a set of insecure hosts in the certificateError signals, and assume those are always insecure until a restart, from Viper Browser: https://github.com/LeFroid/Viper-Browser/blob/master/src/core/network/SecurityManager.cpp I decided to go for the latter with qutebrowser - I already did set a flag in this situation so the UI was correct for the first load, but not for subsequent loads. The preliminary qutebrowser fix (currently waiting for CI) is here: https://github.com/qutebrowser/qutebrowser/commit/c7a0a150b2e991cc1c2fe8b883b074a800c2c40e -- You are receiving this mail because: You are watching all bug changes.
[Falkon] [Bug 420902] New: Site info falsely claims that connection is secure after certificate exception
https://bugs.kde.org/show_bug.cgi?id=420902 Bug ID: 420902 Summary: Site info falsely claims that connection is secure after certificate exception Product: Falkon Version: unspecified Platform: Other OS: Linux Status: REPORTED Severity: normal Priority: NOR Component: general Assignee: now...@gmail.com Reporter: kde@the-compiler.org Target Milestone: --- When opening https://expired.badssl.com/ and granting a certificate exception, the site info panel (when clicking the site's favicon) claims "Your connection to this site is *secured*" despite that not being the case. When loading the site again in a new tab (or even just reloading it), QtWebEngine remembers the certificate exemption and doesn't ask again - those two things combined might provide users with a false sense of security that a connection is secure, despite that not being the case. I noticed this while fixing a similar issue in qutebrowser: https://github.com/qutebrowser/qutebrowser/issues/5403 While I consider this a security-relevant bug (and will request a CVE for qutebrowser), there's nothing to be exploited by a bad actor, hence I'm opening this publicly. This is on Archlinux, with Qt 5.14.2 and Falkon 3.1.0. -- You are receiving this mail because: You are watching all bug changes.
[neon] [Bug 403434] New: Incompatible version of Qt/qutebrowser packaged
https://bugs.kde.org/show_bug.cgi?id=403434 Bug ID: 403434 Summary: Incompatible version of Qt/qutebrowser packaged Product: neon Version: unspecified Platform: Other OS: Linux Status: REPORTED Severity: normal Priority: NOR Component: general Assignee: neon-b...@kde.org Reporter: kde@the-compiler.org CC: j...@jriddell.org, neon-b...@kde.org, sit...@kde.org Target Milestone: --- Hi! I'm the upstream of qutebrowser: https://www.qutebrowser.org/ KDE Neon has a qutebrowser package from Ubuntu 18.04 available, v1.1.1. Unfortunately, due to changes in Qt 5.11, qutebrowser versions before v1.3.0 crash immediately when starting. So far, I've received about 80 crash reports from KDE Neon users about this (three today alone). Dealing with those and explaining the problem to people takes time I'd rather spend on something else, and frankly, I'm a bit tired of it. I've been asking in IRC about this before, and I've been told there's little that can be done unless qutebrowser becomes a KDE project so it lands in KDE Neon in an updated version (which I'd rather not do, at least at the moment). I'm not sure how a workable solution would look, but the current situation is quite bad IMHO. I'd even be fine with something like blacklisting qutebrowser so it can't be installed via apt, if that's possible. I guess I could also try to backport patches to v1.1.1, but there are typically more issues with every Qt upgrade (QtWebEngine isn't exactly backwards-compatible if you use enough details of it). -- You are receiving this mail because: You are watching all bug changes.
[Falkon] [Bug 393358] Web Extensions support
https://bugs.kde.org/show_bug.cgi?id=393358 Florian Bruhin changed: What|Removed |Added CC||kde@the-compiler.org -- You are receiving this mail because: You are watching all bug changes.
[trojita] [Bug 378684] Incorrect page width for plain text messages
https://bugs.kde.org/show_bug.cgi?id=378684 Florian Bruhin changed: What|Removed |Added CC||kde@the-compiler.org -- You are receiving this mail because: You are watching all bug changes.
[kmail2] [Bug 369514] KMail crash on starting (nouveau-related)
https://bugs.kde.org/show_bug.cgi?id=369514 Florian Bruhin changed: What|Removed |Added CC||kde@the-compiler.org -- You are receiving this mail because: You are watching all bug changes.
[kde] [Bug 374808] Dependency on QtWebEngine might make KDE non-(free/libre)
https://bugs.kde.org/show_bug.cgi?id=374808 Florian Bruhin changed: What|Removed |Added CC||kde@the-compiler.org -- You are receiving this mail because: You are watching all bug changes.
[Akonadi] [Bug 360097] Getting 401 error when synchronizing Baikal resource after upgrading to baikal 0.3.5
https://bugs.kde.org/show_bug.cgi?id=360097 Florian Bruhin changed: What|Removed |Added CC||kde@the-compiler.org -- You are receiving this mail because: You are watching all bug changes.