Informsec2013: Report for Milestone #1

Delivered: 2013-05-17

1. What we have done for milestone #1

2. Updates of Gpg4win components and libraries

We checked (and if required updated) all in Gpg4win integrated packages. An overview of updated packages:

Package                 old version             new version

kleopatra               2.1.0 (20110204)        2.1.1 (20130516)
from KDE                4.1.4                   4.10.3
-qt                     4.4.0                   4.8.4
-dbus                   20090701                1.4.24-20130417
-oxygen-icons           20100218                4.10.3
gnupg2                  2.0.19                  2.0.20
-adns                   1.4-g10-2               1.4-g10-3
-dirmngr                1.1.0                   1.1.1
-gpgme                  1.3.2.                  1.4.1
-libassuan              2.0.3                   2.1.0
-libgcrypt              1.5.0                   1.5.2
-libgpg-error           1.10                    1.11
-libksba                1.2.0                   1.3.0
-paperkey               1.2                     1.3
-pinentry               0.8.1                   0.8.3
claws-mail              3.8.0cvs30              claws-mail-3.9.1
-curl                   7.19.0                  7.30.0
-gtkhtml2_viewer        0.32cvs2                0.34
-libetpan               0.58                    0.58-g10-1
gpa                     0.9.2                   0.9.4
gdk-pixbuf              2.26.0                  2.26.5
glib                    2.32.0                  2.34.3
gnutls                  2.8.6                   2.12.21
gtk+                    2.24.10                 2.24.17
libffi                  3.0.10                  3.0.13
libgsasl                1.4.4                   1.8.0
libpng                  1.4.10                  1.4.12
libtasn1                2.2                     2.14
w32pth                  2.0.2                   2.0.5
zlib                    1.2.5                   1.2.7

2.1 Library updates for Kleopatra

To make use of improvements developed by the KDE community Gpg4Win now used the KDE-Windows buildsystem emerge. Emerge is a tool to automatically compile the KDE sources into Windows binaries. There is a community around it that keeps the build scripts up to date and works on build problems that exist for Windows. We created a special Gpg4Win branch that can automatically build a kleopatra binary package from scratch with dependencies tailored to the need of Gpg4Win.

This makes the packaging of Kleopatra more transparent and reproducable, and enables us to have a more maintainable update process for kleopatra in the future because we are now using a build process that is maintained by a larger community. The repository of the build scripts can be reviewed under http://quickgit.kde.org/?p=emerge.git&a=shortlog&h=6fd6551b2af111b11ec2ad5fcfdb244f5dadbbcf .

The packaging of Kleopatra (which files should be installed where) also had to be reworked as we needed an automated way to create such a package. This work resulted in a reduced set of files actually needed in Gpg4Win reducing the size of a Kleopatra installation from 65MB to 51MB.

Details:

DBus:
The interprocess communication system used by Kleopatra has been updated to the release dbus-1.4.26 from freedesktop.org. This release is officially supported for Windows and brings improved stability and a better performance. Additionally DBus instances on Windows are now better isolated from each other. This improves the mulituser support and allows multiple installations of different DBus instances on one System. This update was also a requirement for a portable gpg4win installation.

Challenges:

Qt:
The Qt Framework used by Kleopatra has been updated to the latest stable release 4.8.4. This update brings 4 years of Qt development and is a Qt release that is supported for Windows 8, Windows 7 and Windows Vista. This improves the look and feel of kleopatra on modern Windows Systems and additionaly fixes several bugs that existed in the previously used 4.4 release of Qt.

Challenges were to create a reduced set of Icon.

Icons:
The Icons used by Kleopatra have been updated to their current look in KDE 4.10.3.

Challenges:

Kdelibs / Kdepimlibs:
The KDE libraries have been updated to Version 4.10.3, providing Kleopatra with an updated and maintainable base. This is a dependency for many of the improvements and bugfixes (like using Kleopatra with a non-latin locale) in the course of this project.

Challenges:

Kleopatra:
A new development branch for Kleopatra has been created that is based on on KDE 4.10.3. Changes made to Kleopatra for previous versions of Gpg4Win have been merged into this branch and into the mainstream development branch of KDE. This makes Kleopatra much more maintainable as the difference between the Kleopatra version used and developed by the KDE community and the Version contained in Gpg4Win could be reduced to a minimum.

Challenges: - Checking for gpg4win specific changes and ensuring that they were also contained in KDE 4.10.2, forwardporting old changes. - A regression in the smart card communication code causing kleopatra GUI to become frozen. - Building and installing the Kleopatra documentation so that it can be opened in a browser.

3. Kleopatra bug reports

We checked all open Kleopatra bug reports in bugs.kde.org. Here is an overview of all 132 visited issues (without state 'resolved|verified|closed'):

https://bugs.kde.org/buglist.cgi?query_format=advanced&list_id=642325&bug_status=UNCONFIRMED&bug_status=CONFIRMED&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=NEEDSINFO&product=kleopatra

Use https://bugs.kde.org/show_bug.cgi?id=NUMBER to open an issue with a given number.

In Ggp4win's bug tracker there were 8 Kleopatra related issues which we checked and answered.

https://wald.intevation.org/tracker/?atid=126&group_id=11&func=browse

Informsec2013/milestone1 (last edited 2013-11-06 12:30:27 by emanuel)