Backporting of Discover/KNS fixes

Ben Cooksley bcooksley at kde.org
Mon Feb 21 10:09:39 GMT 2022


On Mon, Feb 21, 2022 at 10:25 PM Fabian Vogt <fabian at ritter-vogt.de> wrote:

> Moin,
>

Morning,


>
> Am Samstag, 19. Februar 2022, 10:11:06 CET schrieb Ben Cooksley:
> > Dear Distributions,
> >
> > It has recently come to my attention that some distributions have missed
> > emails sent to this list recently regarding issues with Discover/KNS.
>
> That sounds like you know which distributions - I assume you reached out to
> those directly as well?
>

Yes, the distribution(s) in question that I noticed have been contacted and
are now in the process of performing the backport.
They're not named as that won't help what this thread is aiming to
accomplish :)

In a day or so i'll be starting to contact those distributions that have
not responded regarding this.


>
> > As
> > these issues are rather critical I am now requiring all distributions to
> > explicitly acknowledge receipt of these emails and to declare the actions
> > they have taken. As a reminder, end-user systems without these patches
> are
> > participating in a distributed denial of service attack on KDE.org
> > infrastructure.
> >
> > The two emails which distributions need to keep in mind are:
> > - https://mail.kde.org/pipermail/distributions/2022-February/001140.html
> > - https://mail.kde.org/pipermail/distributions/2022-February/001142.html
> >
> > These patches should be backported to all versions currently in support.
> >
> > For those distributions that have already backported these patches -
> thank
> > you and apologies for the further inconvenience regarding this.
>
> openSUSE Tumbleweed and Leap 15.4 have Plasma 5.24.1 and aren't affected.
>
> Leap 15.3 has Plasma 5.18, so isn't affected either. It also has the
> knewstuff
> User-Agent commit backported (as requested by
> https://mail.kde.org/pipermail/distributions/2021-October/001054.html), so
> it would identify itself in the traffic log.
>
> I noticed that the previews for fonts still linked to download.kde.org
> and thus
> failed to load, but that appears to be fixed meanwhile.
>

Yes, this was brought to my attention and the metadata has been updated to
use cdn.kde.org instead of relying on compatibility redirects that I
removed.


>
> Cheers,
> Fabian
>

Cheers,
Ben


>
> > Thanks,
> > Ben Cooksley
> > KDE Sysadmin
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/distributions/attachments/20220221/002f554a/attachment.htm>


More information about the Distributions mailing list