-
Notifications
You must be signed in to change notification settings - Fork 244
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Please create new release #610
Comments
This is the error I get trying to build 1.4.1 with kddockwidgets 2.0.0:
|
1.4.1 builds fine with kddockwidgets 1.7.0, but 2 tests failed:
|
Apparently 1.4.1 (and current master it seems) also contains a potential vulnerability, known as CVE-2023-28144. |
The CVE has been fixed since fa4ddd9 (about 9 months ago) |
1.4.1 is affected (if you use this feature). Most distros have this fixed by disabling the feature. In master we use a different approach that fixes this vulnerability to my knowledge. 1.4 does not support KDDW 2. Generally: yes, we need to make an official new release. In the meantime, if you want to compile stuff yourself, just use master or an appimage from one of the recent master builds. |
Which feature should be disabled and how to do it? |
Via the cmake option The CVE is only a vulnerability if disable the enter password dialog via polkit. |
@Vascom Can you please provide these patches as a PR? Otherwise "a new release" won't help with the KDDW2 part either... |
I guess this patches already in hotspot's master branch. |
@Vascom I created a new branch 1.4.2 which is the 1.4.1 release with the hotfix for the cve and kddw 2.0 support |
I do wonder if it makes to also update perfparser there, possibly also the "GUI <-> cmdline commits 1d1d278, 25e880c and 88bbd96 to fix #613 then doing a 1.4.2 release from that branch? This would allow to work on a newer version in master with stable disassembly (a bunch of things are broken but I think most have a PR in line) to then aim for possibly a new feature release from master in May (or whenever time permits that)? |
This is more a quick fix than a solution. We are trying to create a new release soon. |
Build with kddockwidgets 2.0 succesfull. |
Hi.
I maintain kddockwidgets at Fedora GNU/Linux and want update it to 2.0.0. But hotspot 1.4.1 not support build with this version and require many patches to add it.
Can you please create new hotspot release with kddockwidgets 2.0.0 support?
The text was updated successfully, but these errors were encountered: