| Summary: | Security - Plasma Add-on installer doesn't download the list from HTTPS | ||
|---|---|---|---|
| Product: | [Plasma] plasmashell | Reporter: | Damian Nowak <oferty> |
| Component: | Panel | Assignee: | Plasma Bugs List <plasma-bugs-null> |
| Status: | RESOLVED FIXED | ||
| Severity: | critical | CC: | aleixpol |
| Priority: | NOR | ||
| Version First Reported In: | 5.10.4 | ||
| Target Milestone: | 1.0 | ||
| Platform: | Other | ||
| OS: | Linux | ||
| Latest Commit: | https://commits.kde.org/kate/54b55374185bc24857b9d1c83724c95840ed119c | Version Fixed/Implemented In: | |
| Sentry Crash Report: | |||
Git commit d6da5e89338afa23aba050fedfbb149b5a04bb26 by Aleix Pol. Committed on 28/07/2017 at 11:21. Pushed by apol into branch 'Plasma/5.10'. Prefer using https for kns providers M +1 -1 kcms/colors/colorschemes.knsrc M +1 -1 kcms/cursortheme/xcursor/xcursor.knsrc M +1 -1 kcms/desktoptheme/plasma-themes.knsrc M +1 -1 kcms/emoticons/emoticons.knsrc M +1 -1 kcms/icons/icons.knsrc M +1 -1 kcms/kfontinst/kcmfontinst/kfontinst.knsrc https://commits.kde.org/plasma-desktop/d6da5e89338afa23aba050fedfbb149b5a04bb26 Git commit ae943198bf74d563adcb1f3d36ee4ba1b7b274a9 by Aleix Pol. Committed on 28/07/2017 at 11:21. Pushed by apol into branch 'Plasma/5.10'. Prefer using https for kns providers M +1 -1 components/shellprivate/widgetexplorer/plasmoids.knsrc M +1 -1 wallpapers/image/wallpaper.knsrc https://commits.kde.org/plasma-workspace/ae943198bf74d563adcb1f3d36ee4ba1b7b274a9 Fixed for plasma, other projects might still be on http, feel free to report there and link here for reference. Git commit 63e2d65bc86184e1e7062809dbafc0204444fb34 by David Edmundson. Committed on 28/07/2017 at 11:34. Pushed by davidedmundson into branch 'Applications/17.08'. Use https for knsrc providers M +1 -1 src/settings/services/servicemenu.knsrc https://commits.kde.org/dolphin/63e2d65bc86184e1e7062809dbafc0204444fb34 Git commit 54b55374185bc24857b9d1c83724c95840ed119c by David Edmundson. Committed on 28/07/2017 at 11:38. Pushed by davidedmundson into branch 'Applications/17.08'. Update kate code snippet to use https for KNS providers M +1 -1 addons/snippets/ktexteditor_codesnippets_core.knsrc https://commits.kde.org/kate/54b55374185bc24857b9d1c83724c95840ed119c Git commit 351b46a1852f4a003b41fdaabf12f736d8111ed5 by David Edmundson. Committed on 28/07/2017 at 11:46. Pushed by davidedmundson into branch 'Plasma/5.10'. Update comic KNS providers to https M +1 -1 applets/comic/comic.knsrc https://commits.kde.org/kdeplasma-addons/351b46a1852f4a003b41fdaabf12f736d8111ed5 Git commit 308ab764286090326ffe8304acaf50afa7e74b16 by David Edmundson. Committed on 28/07/2017 at 11:51. Pushed by davidedmundson into branch 'Plasma/5.10'. Update KNS providers to https M +1 -1 kcmkwin/kwincompositing/kwineffect.knsrc M +1 -1 kcmkwin/kwinscripts/kwinscripts.knsrc M +1 -1 kcmkwin/kwintabbox/kwinswitcher.knsrc M +1 -1 plugins/kdecorations/aurorae/src/aurorae.knsrc https://commits.kde.org/kwin/308ab764286090326ffe8304acaf50afa7e74b16 |
> Loading of providers from file: http://download.kde.org/ocs/providers.xml failed I don't care about the error as much as I care about the fact Plasma Add-on Installer tries to download stuff over an insecure channel.