Re: Review Request 120543: Update FindPostgreSQL.cmake
On 10 October 2014 08:05, Rolf Eike Beer wrote: >> Update FindPostgreSQL.cmake to make is useful. Based on cmake's (3.x) one >> but further improved PostgreSQL_TYPE_INCLUDE_DIR lookup. The fix comes from >> libpredicate (master). > > I see no upstream bug report for this. Would a bug report for Calligra master be OK for you? This is the only user of the PostgreSQL_TYPE_INCLUDE_DIR in entire KDE I the know about: http://lxr.kde.org/search?_filestring=&_string=PostgreSQL_INCLUDE_DIR I am sorry if I misunderstood. Good thing that the file disappears in KF5, since cmake has pretty good own copy (not sufficient but I'll try to patch in the upstream). -- regards, Jaroslaw Staniek KDE: : A world-wide network of software engineers, artists, writers, translators : and facilitators committed to Free Software development - http://kde.org Calligra Suite: : A graphic art and office suite - http://calligra.org Kexi: : A visual database applications creator tool - http://calligra.org/kexi Qt Certified Specialist: : http://www.linkedin.com/in/jstaniek
Re: Review Request 120543: Update FindPostgreSQL.cmake
> Update FindPostgreSQL.cmake to make is useful. Based on cmake's (3.x) one > but further improved PostgreSQL_TYPE_INCLUDE_DIR lookup. The fix comes from > libpredicate (master). I see no upstream bug report for this. Eike signature.asc Description: This is a digitally signed message part.
Re: Review Request 120431: Fix and future-proof Dr Konqi security methods on Bugzilla
--- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/120431/ --- (Updated Oct. 9, 2014, 11:30 p.m.) Status -- This change has been marked as submitted. Review request for KDE Software on Mac OS X, KDE Runtime, Ben Cooksley, Darío Andrés Rodríguez, George Kiagiadakis, Jekyll Wu, and Matthias Fuchs. Bugs: 337742 http://bugs.kde.org/show_bug.cgi?id=337742 Repository: kde-runtime Description --- When bugs.kde.org changed over to Bugzilla 4.4.5 in July 2014, the security method used by Bugzilla changed from cookies to tokens that had to be supplied as parameters with every secure remote-procedure call. Further changes to security methods have been announced by Bugzilla and are documented for unstable 4.5.x versions of Bugzilla software. Tokens will be deprecated and then discontinued. When this happens, Dr Konqi will need to supply a user-login name and a password with every secure remote-procedure call. Furthermore, the traditional "User.login" call presently used by Dr Konqi will be deprecated and discontinued. This patch fixes the tokens problem, which has given rise to several bug reports https://bugs.kde.org/show_bug.cgi?id=337742 and duplicates. It also provides for automatic switching to passwords-only security as and when the Bugzilla version changes again. This uses a general data-driven approach which can be easily updated, ahead of time, next time Bugzilla announces a change that affects Dr Konqi, whether it be in security methods or some other feature. NOTES: 1. This patch is intended to be forward-portable to Frameworks/KF5, but I work on Apple OS X, where it is not yet possible to run Frameworks/KF5 and do the porting and testing. So could someone else please do it? 2. Another Review Request https://git.reviewboard.kde.org/r/120376/ addresses the tokens issue only, but it should be reviewed and shipped as a matter of urgency, both in KDE 4 and Frameworks, the next bug-fixing release for KDE 4.14 being due for tagging on Thursday, 9 October. That will leave more time for this review (120431) of my more long-term and more general patch. 3. The passwords-only part of my patch is currently storing the password in clear. Suggestions re encryption are welcomed --- or the code could be changed to make use of KWalletD mandatory (but that might not be fully portable to all platforms). 4. When the Bugzilla call "User.login" is discontinued, some re-sequencing of the flow of KAssistantDialog pages will be needed. I have not attempted to do that at this stage. Probably the entry of the user name and password should be delayed until the report has been accepted by the Dr Konqi logic and it is just about to be sent to bugs.kde.org or attached to an existing bug report. REFERENCES: http://www.bugzilla.org/docs/ http://www.bugzilla.org/docs/tip/en/html/api/Bugzilla/WebService.html#LOGGING_IN Bugzilla 4.5.x (future) API doco re security http://www.bugzilla.org/docs/4.4/en/html/api/Bugzilla/WebService.html#LOGGING_IN Bugzilla 4.4.5 (current) API doco re security http://www.bugzilla.org/docs/tip/en/html/api/Bugzilla/WebService/User.html#login User.login will be DEPRECATED in 4.5.x Diffs - drkonqi/bugzillalib.h 570169b drkonqi/bugzillalib.cpp f74753c drkonqi/reportassistantpages_bugzilla.h b7af5b8 drkonqi/reportassistantpages_bugzilla.cpp 22183f0 Diff: https://git.reviewboard.kde.org/r/120431/diff/ Testing --- Used the bugstest.kde.org database and KDE 4 master on KDE/kde-runtime repository. Tested a range of version numbers (see commented-out test data) against a range of 5 or 6 hypothetical and real Bugzilla versions at which things could or will change. This was to test the basic version-checking and feature-choosing algorithm. Tested submitting both full reports and attached reports, using both the token method and the passwords-only method. Also tested with KWalletD supplying the username and password on Dr Konqi's login dialog. Thanks, Ian Wadham
Review Request 120543: Update FindPostgreSQL.cmake
--- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/120543/ --- Review request for kdelibs and Alexander Neundorf. Repository: kdelibs Description --- Update FindPostgreSQL.cmake to make is useful. Based on cmake's (3.x) one but further improved PostgreSQL_TYPE_INCLUDE_DIR lookup. The fix comes from libpredicate (master). With this improvement, copying FindPostgreSQL.cmake to projects such as Calligra/Kexi is no longer needed. Diffs - cmake/modules/FindPostgreSQL.cmake 7955612 Diff: https://git.reviewboard.kde.org/r/120543/diff/ Testing --- Configuration works for as different include dir setups as openSUSE and Ubuntu. Behaviour on Windows/Mac not modified compared to what cmake originally provides. Thanks, Jarosław Staniek
Re: Review Request 120431: Fix and future-proof Dr Konqi security methods on Bugzilla
> On Oct. 7, 2014, 1:13 p.m., Thomas Lübking wrote: > > My 2¢ > > Bugzilla will require an update anyway and that means at some point it'll > > be (then "silently") broken in KDE SC4 again and somebody has to step up > > and fix it with another patch. > > In the meantime we've diverging codebases for KDE 4 & 5 - meh. > > > > I agree with Albert that this patch looks a bit scaringly complex (at least > > compared to Frédéric's patch), but believe that the complexity can be > > vastly reduced and like a forward compatible and 4+5 common patch better. > > Albert Astals Cid wrote: > You have a point here, if it's possible that Frédéric's patch gets broken > in the timeframe we still have users around using kde-runtime4 then that > would be a good reason to use this patch. I'd appreciate an assesment on how > much more future-proof this patch is versus Frédéric's one. > > Thomas Lübking wrote: > Afaiu it will "break" when the bugzilla server upgrades to 5.0 (the token > security model will be dropped) but I could not find a schedule for future > bugzilla releases (nor know about bugs.kde.org update policy) > > -> Ben? > > If "users around using kde-runtime4" is the critical condition, this > seems a likely threat, though (given eg. RHEL lifetimes - RHEL7 extended > support ends 2027 ;-) > > Ben Cooksley wrote: > bugs.kde.org is updated when it becomes necessary (security issues) or > when someone gets around to deploying the latest release. > There isn't really a schedule as such. Based on the above comment, i'd > suggest making Dr Konqi as capable as possible - although do remember that we > probably don't want to receive bug reports from extremely old versions of our > software, even if RHEL is supporting it. > > Ian Wadham wrote: > @Albert: I had to cherry-pick Revision 681446e1 from master into KDE/4.14 > today. This was committed to master over 2 weeks ago, but I did not realise > then that it had to go into KDE/4.14 too. > > It fixes a bug in the backtrace formatting on all platforms, makes sure > the Dr Konqi window is on top of the crashed app's window on all platforms > and has a workaround for a crash caused by KCookieJar not being found on > Apple OS X. The third item has to go into the repository first, because the > patch for this present review (which avoids using cookies) affects the same > area of code. Sorry for the noise. > > Albert Astals Cid wrote: > > cherry-pick Revision 681446e1 > > In which repo? That fix is 681446e1 in the (KDE 4) kde-runtime repo, KDE/14.4 branch, and it is 25ec1c8d in kde-runtime, master branch. I cherry-picked it from master to KDE/14.4 in my local repo, then I pushed it to origin KDE/14.4. - Ian --- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/120431/#review68051 --- On Oct. 9, 2014, 12:06 a.m., Ian Wadham wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://git.reviewboard.kde.org/r/120431/ > --- > > (Updated Oct. 9, 2014, 12:06 a.m.) > > > Review request for KDE Software on Mac OS X, KDE Runtime, Ben Cooksley, Darío > Andrés Rodríguez, George Kiagiadakis, Jekyll Wu, and Matthias Fuchs. > > > Bugs: 337742 > http://bugs.kde.org/show_bug.cgi?id=337742 > > > Repository: kde-runtime > > > Description > --- > > When bugs.kde.org changed over to Bugzilla 4.4.5 in July 2014, the security > method used by Bugzilla changed from cookies to tokens that had to be > supplied as parameters with every secure remote-procedure call. Further > changes to security methods have been announced by Bugzilla and are > documented for unstable 4.5.x versions of Bugzilla software. Tokens will be > deprecated and then discontinued. When this happens, Dr Konqi will need to > supply a user-login name and a password with every secure remote-procedure > call. Furthermore, the traditional "User.login" call presently used by Dr > Konqi will be deprecated and discontinued. > > This patch fixes the tokens problem, which has given rise to several bug > reports https://bugs.kde.org/show_bug.cgi?id=337742 and duplicates. It also > provides for automatic switching to passwords-only security as and when the > Bugzilla version changes again. This uses > a general data-driven approach which can be easily updated, ahead of time, > next time Bugzilla announces a change that affects Dr Konqi, whether it be in > security methods or some other feature. > > NOTES: > 1. This patch is intended to be forward-portable to Frameworks/KF5, but I > work on Apple OS X, where it is not yet possible to run Frameworks/KF5 and do > the porting and testing. So could someone else please do it
Re: Review Request 120431: Fix and future-proof Dr Konqi security methods on Bugzilla
--- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/120431/#review68187 --- Ship it! Ship It! - Albert Astals Cid On oct. 9, 2014, 12:06 a.m., Ian Wadham wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://git.reviewboard.kde.org/r/120431/ > --- > > (Updated oct. 9, 2014, 12:06 a.m.) > > > Review request for KDE Software on Mac OS X, KDE Runtime, Ben Cooksley, Darío > Andrés Rodríguez, George Kiagiadakis, Jekyll Wu, and Matthias Fuchs. > > > Bugs: 337742 > http://bugs.kde.org/show_bug.cgi?id=337742 > > > Repository: kde-runtime > > > Description > --- > > When bugs.kde.org changed over to Bugzilla 4.4.5 in July 2014, the security > method used by Bugzilla changed from cookies to tokens that had to be > supplied as parameters with every secure remote-procedure call. Further > changes to security methods have been announced by Bugzilla and are > documented for unstable 4.5.x versions of Bugzilla software. Tokens will be > deprecated and then discontinued. When this happens, Dr Konqi will need to > supply a user-login name and a password with every secure remote-procedure > call. Furthermore, the traditional "User.login" call presently used by Dr > Konqi will be deprecated and discontinued. > > This patch fixes the tokens problem, which has given rise to several bug > reports https://bugs.kde.org/show_bug.cgi?id=337742 and duplicates. It also > provides for automatic switching to passwords-only security as and when the > Bugzilla version changes again. This uses > a general data-driven approach which can be easily updated, ahead of time, > next time Bugzilla announces a change that affects Dr Konqi, whether it be in > security methods or some other feature. > > NOTES: > 1. This patch is intended to be forward-portable to Frameworks/KF5, but I > work on Apple OS X, where it is not yet possible to run Frameworks/KF5 and do > the porting and testing. So could someone else please do it? > 2. Another Review Request https://git.reviewboard.kde.org/r/120376/ addresses > the tokens issue only, but it should be reviewed and shipped as a matter of > urgency, both in KDE 4 and Frameworks, the next bug-fixing release for KDE > 4.14 being due for tagging on Thursday, 9 October. That will leave more time > for this review (120431) of my more long-term and more general patch. > 3. The passwords-only part of my patch is currently storing the password in > clear. Suggestions re encryption are welcomed --- or the code could be > changed to make use of KWalletD mandatory (but that might not be fully > portable to all platforms). > 4. When the Bugzilla call "User.login" is discontinued, some re-sequencing of > the flow of KAssistantDialog pages will be needed. I have not attempted to do > that at this stage. Probably the entry of the user name and password should > be delayed until the report has been accepted by the Dr Konqi logic and it is > just about to be sent to bugs.kde.org or attached to an existing bug report. > > REFERENCES: > http://www.bugzilla.org/docs/ > http://www.bugzilla.org/docs/tip/en/html/api/Bugzilla/WebService.html#LOGGING_IN > Bugzilla 4.5.x (future) API doco re security > http://www.bugzilla.org/docs/4.4/en/html/api/Bugzilla/WebService.html#LOGGING_IN > Bugzilla 4.4.5 (current) API doco re security > http://www.bugzilla.org/docs/tip/en/html/api/Bugzilla/WebService/User.html#login > User.login will be DEPRECATED in 4.5.x > > > Diffs > - > > drkonqi/bugzillalib.h 570169b > drkonqi/bugzillalib.cpp f74753c > drkonqi/reportassistantpages_bugzilla.h b7af5b8 > drkonqi/reportassistantpages_bugzilla.cpp 22183f0 > > Diff: https://git.reviewboard.kde.org/r/120431/diff/ > > > Testing > --- > > Used the bugstest.kde.org database and KDE 4 master on KDE/kde-runtime > repository. > > Tested a range of version numbers (see commented-out test data) against a > range of 5 or 6 hypothetical and real Bugzilla versions at which things could > or will change. This was to test the basic version-checking and > feature-choosing algorithm. > > Tested submitting both full reports and attached reports, using both the > token method and the passwords-only method. > > Also tested with KWalletD supplying the username and password on Dr Konqi's > login dialog. > > > Thanks, > > Ian Wadham > >
Re: Review Request 120431: Fix and future-proof Dr Konqi security methods on Bugzilla
> On oct. 9, 2014, 8:06 p.m., Ian Wadham wrote: > > A simplified patch for Dr Konqi went in for review about 20 hours ago. > > There are now about 4 hours till the KDE 4.14.2 deadline and there has been > > no feedback re the new patch, but it does follow previous reviewers' > > suggestions. > > > > So I propose to commit this code and thus fix > > https://bugs.kde.org/show_bug.cgi?id=337742 and also protect Dr Konqi from > > token-based security being discontinued in the future in Bugzilla software. > > Thomas Lübking wrote: > No functional objections from my side (some coding style, but I don't > maintain that code and it's not kdelibs) > > It would be really great if anyone with a record on DrKonqi could have > commented, but fact is that DrKonqi is broken right now and could hardly > break more. And a broken bug report tool (that shows it's brokeness *after* > the user took the effort to report a bug) makes KDE look really bad. > > If Albert (or his release team hat) doesn't veto, you should push it - as > alternative, Albert (representing the release team) could offer to pick it > between tag and release. Just commit it :) - Albert --- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/120431/#review68183 --- On oct. 9, 2014, 12:06 a.m., Ian Wadham wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://git.reviewboard.kde.org/r/120431/ > --- > > (Updated oct. 9, 2014, 12:06 a.m.) > > > Review request for KDE Software on Mac OS X, KDE Runtime, Ben Cooksley, Darío > Andrés Rodríguez, George Kiagiadakis, Jekyll Wu, and Matthias Fuchs. > > > Bugs: 337742 > http://bugs.kde.org/show_bug.cgi?id=337742 > > > Repository: kde-runtime > > > Description > --- > > When bugs.kde.org changed over to Bugzilla 4.4.5 in July 2014, the security > method used by Bugzilla changed from cookies to tokens that had to be > supplied as parameters with every secure remote-procedure call. Further > changes to security methods have been announced by Bugzilla and are > documented for unstable 4.5.x versions of Bugzilla software. Tokens will be > deprecated and then discontinued. When this happens, Dr Konqi will need to > supply a user-login name and a password with every secure remote-procedure > call. Furthermore, the traditional "User.login" call presently used by Dr > Konqi will be deprecated and discontinued. > > This patch fixes the tokens problem, which has given rise to several bug > reports https://bugs.kde.org/show_bug.cgi?id=337742 and duplicates. It also > provides for automatic switching to passwords-only security as and when the > Bugzilla version changes again. This uses > a general data-driven approach which can be easily updated, ahead of time, > next time Bugzilla announces a change that affects Dr Konqi, whether it be in > security methods or some other feature. > > NOTES: > 1. This patch is intended to be forward-portable to Frameworks/KF5, but I > work on Apple OS X, where it is not yet possible to run Frameworks/KF5 and do > the porting and testing. So could someone else please do it? > 2. Another Review Request https://git.reviewboard.kde.org/r/120376/ addresses > the tokens issue only, but it should be reviewed and shipped as a matter of > urgency, both in KDE 4 and Frameworks, the next bug-fixing release for KDE > 4.14 being due for tagging on Thursday, 9 October. That will leave more time > for this review (120431) of my more long-term and more general patch. > 3. The passwords-only part of my patch is currently storing the password in > clear. Suggestions re encryption are welcomed --- or the code could be > changed to make use of KWalletD mandatory (but that might not be fully > portable to all platforms). > 4. When the Bugzilla call "User.login" is discontinued, some re-sequencing of > the flow of KAssistantDialog pages will be needed. I have not attempted to do > that at this stage. Probably the entry of the user name and password should > be delayed until the report has been accepted by the Dr Konqi logic and it is > just about to be sent to bugs.kde.org or attached to an existing bug report. > > REFERENCES: > http://www.bugzilla.org/docs/ > http://www.bugzilla.org/docs/tip/en/html/api/Bugzilla/WebService.html#LOGGING_IN > Bugzilla 4.5.x (future) API doco re security > http://www.bugzilla.org/docs/4.4/en/html/api/Bugzilla/WebService.html#LOGGING_IN > Bugzilla 4.4.5 (current) API doco re security > http://www.bugzilla.org/docs/tip/en/html/api/Bugzilla/WebService/User.html#login > User.login will be DEPRECATED in 4.5.x > > > Diffs > - > > drkonqi/bugzillalib.h 570169b > drkonqi/bugzillalib.cpp f74753c >
Re: Review Request 120431: Fix and future-proof Dr Konqi security methods on Bugzilla
> On oct. 7, 2014, 1:13 p.m., Thomas Lübking wrote: > > My 2¢ > > Bugzilla will require an update anyway and that means at some point it'll > > be (then "silently") broken in KDE SC4 again and somebody has to step up > > and fix it with another patch. > > In the meantime we've diverging codebases for KDE 4 & 5 - meh. > > > > I agree with Albert that this patch looks a bit scaringly complex (at least > > compared to Frédéric's patch), but believe that the complexity can be > > vastly reduced and like a forward compatible and 4+5 common patch better. > > Albert Astals Cid wrote: > You have a point here, if it's possible that Frédéric's patch gets broken > in the timeframe we still have users around using kde-runtime4 then that > would be a good reason to use this patch. I'd appreciate an assesment on how > much more future-proof this patch is versus Frédéric's one. > > Thomas Lübking wrote: > Afaiu it will "break" when the bugzilla server upgrades to 5.0 (the token > security model will be dropped) but I could not find a schedule for future > bugzilla releases (nor know about bugs.kde.org update policy) > > -> Ben? > > If "users around using kde-runtime4" is the critical condition, this > seems a likely threat, though (given eg. RHEL lifetimes - RHEL7 extended > support ends 2027 ;-) > > Ben Cooksley wrote: > bugs.kde.org is updated when it becomes necessary (security issues) or > when someone gets around to deploying the latest release. > There isn't really a schedule as such. Based on the above comment, i'd > suggest making Dr Konqi as capable as possible - although do remember that we > probably don't want to receive bug reports from extremely old versions of our > software, even if RHEL is supporting it. > > Ian Wadham wrote: > @Albert: I had to cherry-pick Revision 681446e1 from master into KDE/4.14 > today. This was committed to master over 2 weeks ago, but I did not realise > then that it had to go into KDE/4.14 too. > > It fixes a bug in the backtrace formatting on all platforms, makes sure > the Dr Konqi window is on top of the crashed app's window on all platforms > and has a workaround for a crash caused by KCookieJar not being found on > Apple OS X. The third item has to go into the repository first, because the > patch for this present review (which avoids using cookies) affects the same > area of code. Sorry for the noise. > cherry-pick Revision 681446e1 In which repo? - Albert --- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/120431/#review68051 --- On oct. 9, 2014, 12:06 a.m., Ian Wadham wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://git.reviewboard.kde.org/r/120431/ > --- > > (Updated oct. 9, 2014, 12:06 a.m.) > > > Review request for KDE Software on Mac OS X, KDE Runtime, Ben Cooksley, Darío > Andrés Rodríguez, George Kiagiadakis, Jekyll Wu, and Matthias Fuchs. > > > Bugs: 337742 > http://bugs.kde.org/show_bug.cgi?id=337742 > > > Repository: kde-runtime > > > Description > --- > > When bugs.kde.org changed over to Bugzilla 4.4.5 in July 2014, the security > method used by Bugzilla changed from cookies to tokens that had to be > supplied as parameters with every secure remote-procedure call. Further > changes to security methods have been announced by Bugzilla and are > documented for unstable 4.5.x versions of Bugzilla software. Tokens will be > deprecated and then discontinued. When this happens, Dr Konqi will need to > supply a user-login name and a password with every secure remote-procedure > call. Furthermore, the traditional "User.login" call presently used by Dr > Konqi will be deprecated and discontinued. > > This patch fixes the tokens problem, which has given rise to several bug > reports https://bugs.kde.org/show_bug.cgi?id=337742 and duplicates. It also > provides for automatic switching to passwords-only security as and when the > Bugzilla version changes again. This uses > a general data-driven approach which can be easily updated, ahead of time, > next time Bugzilla announces a change that affects Dr Konqi, whether it be in > security methods or some other feature. > > NOTES: > 1. This patch is intended to be forward-portable to Frameworks/KF5, but I > work on Apple OS X, where it is not yet possible to run Frameworks/KF5 and do > the porting and testing. So could someone else please do it? > 2. Another Review Request https://git.reviewboard.kde.org/r/120376/ addresses > the tokens issue only, but it should be reviewed and shipped as a matter of > urgency, both in KDE 4 and Frameworks, the next bug-fixing release for KDE > 4.14 being due for taggi
Re: Review Request 120431: Fix and future-proof Dr Konqi security methods on Bugzilla
> On Okt. 9, 2014, 8:06 nachm., Ian Wadham wrote: > > A simplified patch for Dr Konqi went in for review about 20 hours ago. > > There are now about 4 hours till the KDE 4.14.2 deadline and there has been > > no feedback re the new patch, but it does follow previous reviewers' > > suggestions. > > > > So I propose to commit this code and thus fix > > https://bugs.kde.org/show_bug.cgi?id=337742 and also protect Dr Konqi from > > token-based security being discontinued in the future in Bugzilla software. No functional objections from my side (some coding style, but I don't maintain that code and it's not kdelibs) It would be really great if anyone with a record on DrKonqi could have commented, but fact is that DrKonqi is broken right now and could hardly break more. And a broken bug report tool (that shows it's brokeness *after* the user took the effort to report a bug) makes KDE look really bad. If Albert (or his release team hat) doesn't veto, you should push it - as alternative, Albert (representing the release team) could offer to pick it between tag and release. - Thomas --- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/120431/#review68183 --- On Okt. 9, 2014, 12:06 vorm., Ian Wadham wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://git.reviewboard.kde.org/r/120431/ > --- > > (Updated Okt. 9, 2014, 12:06 vorm.) > > > Review request for KDE Software on Mac OS X, KDE Runtime, Ben Cooksley, Darío > Andrés Rodríguez, George Kiagiadakis, Jekyll Wu, and Matthias Fuchs. > > > Bugs: 337742 > http://bugs.kde.org/show_bug.cgi?id=337742 > > > Repository: kde-runtime > > > Description > --- > > When bugs.kde.org changed over to Bugzilla 4.4.5 in July 2014, the security > method used by Bugzilla changed from cookies to tokens that had to be > supplied as parameters with every secure remote-procedure call. Further > changes to security methods have been announced by Bugzilla and are > documented for unstable 4.5.x versions of Bugzilla software. Tokens will be > deprecated and then discontinued. When this happens, Dr Konqi will need to > supply a user-login name and a password with every secure remote-procedure > call. Furthermore, the traditional "User.login" call presently used by Dr > Konqi will be deprecated and discontinued. > > This patch fixes the tokens problem, which has given rise to several bug > reports https://bugs.kde.org/show_bug.cgi?id=337742 and duplicates. It also > provides for automatic switching to passwords-only security as and when the > Bugzilla version changes again. This uses > a general data-driven approach which can be easily updated, ahead of time, > next time Bugzilla announces a change that affects Dr Konqi, whether it be in > security methods or some other feature. > > NOTES: > 1. This patch is intended to be forward-portable to Frameworks/KF5, but I > work on Apple OS X, where it is not yet possible to run Frameworks/KF5 and do > the porting and testing. So could someone else please do it? > 2. Another Review Request https://git.reviewboard.kde.org/r/120376/ addresses > the tokens issue only, but it should be reviewed and shipped as a matter of > urgency, both in KDE 4 and Frameworks, the next bug-fixing release for KDE > 4.14 being due for tagging on Thursday, 9 October. That will leave more time > for this review (120431) of my more long-term and more general patch. > 3. The passwords-only part of my patch is currently storing the password in > clear. Suggestions re encryption are welcomed --- or the code could be > changed to make use of KWalletD mandatory (but that might not be fully > portable to all platforms). > 4. When the Bugzilla call "User.login" is discontinued, some re-sequencing of > the flow of KAssistantDialog pages will be needed. I have not attempted to do > that at this stage. Probably the entry of the user name and password should > be delayed until the report has been accepted by the Dr Konqi logic and it is > just about to be sent to bugs.kde.org or attached to an existing bug report. > > REFERENCES: > http://www.bugzilla.org/docs/ > http://www.bugzilla.org/docs/tip/en/html/api/Bugzilla/WebService.html#LOGGING_IN > Bugzilla 4.5.x (future) API doco re security > http://www.bugzilla.org/docs/4.4/en/html/api/Bugzilla/WebService.html#LOGGING_IN > Bugzilla 4.4.5 (current) API doco re security > http://www.bugzilla.org/docs/tip/en/html/api/Bugzilla/WebService/User.html#login > User.login will be DEPRECATED in 4.5.x > > > Diffs > - > > drkonqi/bugzillalib.h 570169b > drkonqi/bugzillalib.cpp f74753c > drkonqi/reportassistantpages_bugzilla.h b7af5b8 > drkonqi/reportassistantpage
Re: Review Request 120431: Fix and future-proof Dr Konqi security methods on Bugzilla
--- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/120431/#review68183 --- A simplified patch for Dr Konqi went in for review about 20 hours ago. There are now about 4 hours till the KDE 4.14.2 deadline and there has been no feedback re the new patch, but it does follow previous reviewers' suggestions. So I propose to commit this code and thus fix https://bugs.kde.org/show_bug.cgi?id=337742 and also protect Dr Konqi from token-based security being discontinued in the future in Bugzilla software. - Ian Wadham On Oct. 9, 2014, 12:06 a.m., Ian Wadham wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://git.reviewboard.kde.org/r/120431/ > --- > > (Updated Oct. 9, 2014, 12:06 a.m.) > > > Review request for KDE Software on Mac OS X, KDE Runtime, Ben Cooksley, Darío > Andrés Rodríguez, George Kiagiadakis, Jekyll Wu, and Matthias Fuchs. > > > Bugs: 337742 > http://bugs.kde.org/show_bug.cgi?id=337742 > > > Repository: kde-runtime > > > Description > --- > > When bugs.kde.org changed over to Bugzilla 4.4.5 in July 2014, the security > method used by Bugzilla changed from cookies to tokens that had to be > supplied as parameters with every secure remote-procedure call. Further > changes to security methods have been announced by Bugzilla and are > documented for unstable 4.5.x versions of Bugzilla software. Tokens will be > deprecated and then discontinued. When this happens, Dr Konqi will need to > supply a user-login name and a password with every secure remote-procedure > call. Furthermore, the traditional "User.login" call presently used by Dr > Konqi will be deprecated and discontinued. > > This patch fixes the tokens problem, which has given rise to several bug > reports https://bugs.kde.org/show_bug.cgi?id=337742 and duplicates. It also > provides for automatic switching to passwords-only security as and when the > Bugzilla version changes again. This uses > a general data-driven approach which can be easily updated, ahead of time, > next time Bugzilla announces a change that affects Dr Konqi, whether it be in > security methods or some other feature. > > NOTES: > 1. This patch is intended to be forward-portable to Frameworks/KF5, but I > work on Apple OS X, where it is not yet possible to run Frameworks/KF5 and do > the porting and testing. So could someone else please do it? > 2. Another Review Request https://git.reviewboard.kde.org/r/120376/ addresses > the tokens issue only, but it should be reviewed and shipped as a matter of > urgency, both in KDE 4 and Frameworks, the next bug-fixing release for KDE > 4.14 being due for tagging on Thursday, 9 October. That will leave more time > for this review (120431) of my more long-term and more general patch. > 3. The passwords-only part of my patch is currently storing the password in > clear. Suggestions re encryption are welcomed --- or the code could be > changed to make use of KWalletD mandatory (but that might not be fully > portable to all platforms). > 4. When the Bugzilla call "User.login" is discontinued, some re-sequencing of > the flow of KAssistantDialog pages will be needed. I have not attempted to do > that at this stage. Probably the entry of the user name and password should > be delayed until the report has been accepted by the Dr Konqi logic and it is > just about to be sent to bugs.kde.org or attached to an existing bug report. > > REFERENCES: > http://www.bugzilla.org/docs/ > http://www.bugzilla.org/docs/tip/en/html/api/Bugzilla/WebService.html#LOGGING_IN > Bugzilla 4.5.x (future) API doco re security > http://www.bugzilla.org/docs/4.4/en/html/api/Bugzilla/WebService.html#LOGGING_IN > Bugzilla 4.4.5 (current) API doco re security > http://www.bugzilla.org/docs/tip/en/html/api/Bugzilla/WebService/User.html#login > User.login will be DEPRECATED in 4.5.x > > > Diffs > - > > drkonqi/bugzillalib.h 570169b > drkonqi/bugzillalib.cpp f74753c > drkonqi/reportassistantpages_bugzilla.h b7af5b8 > drkonqi/reportassistantpages_bugzilla.cpp 22183f0 > > Diff: https://git.reviewboard.kde.org/r/120431/diff/ > > > Testing > --- > > Used the bugstest.kde.org database and KDE 4 master on KDE/kde-runtime > repository. > > Tested a range of version numbers (see commented-out test data) against a > range of 5 or 6 hypothetical and real Bugzilla versions at which things could > or will change. This was to test the basic version-checking and > feature-choosing algorithm. > > Tested submitting both full reports and attached reports, using both the > token method and the passwords-only method. > > Also tested with KWalletD supplying the username and password on Dr Konqi's >
Re: kdelibs coding style.
Jeremy Whiting ha scritto: > Are we suggesting the opposite for > that section at least? Should we put together a Frameworks coding > policy (since kdelibs coding policy is what is documented there, but > frameworks aren't kdelibs) or update that page to what we suggest for > frameworks coding policy? I would create a new page for Frameworks and keep the kdelibs page as reference, because kdelibs will follow that style... forever :) It can always be useful when going back in history and for maintenance, I think we will release bugfixes for kdelibs 4 for a while (at least as long as we release 4.x-based applications) and then some bugfixes from long-term distributions are always possible. IMHO Ciao -- Luigi
Re: Review Request 120535: attica: Add const to getter methods.
> On Oct. 8, 2014, 9:22 p.m., Albert Astals Cid wrote: > > According to > > https://techbase.kde.org/Policies/Binary_Compatibility_Issues_With_C++ > > "changing the const/volatile qualifiers of the function" is BIC > > > > Now the thing is if we allow BIC changes in frameworks like attica or not > > is for someone else to answer. > > Jeremy Whiting wrote: > Yes, I saw that, the real question is if we allow BIC changes or not. > Also I guess if we don't allow BIC changes in frameworks anymore we should > change that page to not say BIC changes should all happen on Monday's anymore > :) > > Aleix Pol Gonzalez wrote: > Also you can add a TODO KF5 comment. And yes, fix the wiki... :/ > > Jeremy Whiting wrote: > Do you mean TODO KF6 ? If it's released as part of Frameworks, we don't allow BIC changes. - Sebastian --- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/120535/#review68095 --- On Oct. 8, 2014, 9:20 p.m., Jeremy Whiting wrote: > > --- > This is an automatically generated e-mail. To reply, visit: > https://git.reviewboard.kde.org/r/120535/ > --- > > (Updated Oct. 8, 2014, 9:20 p.m.) > > > Review request for KDE Frameworks, kdelibs and Frederik Gladhorn. > > > Repository: attica > > > Description > --- > > Add const to getter methods. > > > Diffs > - > > src/downloaddescription.h 08796c9283d1412386f6e096b981c3afa2b1f55e > src/downloaddescription.cpp f76a1601a53e66b836623f4ac7a67ceeb543c1f0 > > Diff: https://git.reviewboard.kde.org/r/120535/diff/ > > > Testing > --- > > This builds and an improved knewstuff (with const AtticaDescription &foo, > bar) in foreach lines builds. > > My only question about committing this is if it's allowed since it's a binary > incompatible change. If it's not allowed I will add duplicates of these > methods that are const and deprecate these non-const ones instead. > > > Thanks, > > Jeremy Whiting > >
