Hello community,
here is the log from the commit of package kde-cli-tools5.5683 for
openSUSE:13.2:Update checked in at 2016-10-11 15:50:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:13.2:Update/kde-cli-tools5.5683 (Old)
and /work/SRC/openSUSE:13.2:Update/.kde-cli-tools5.5683.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kde-cli-tools5.5683"
Changes:
--------
New Changes file:
--- /dev/null 2016-09-15 12:42:18.240042505 +0200
+++
/work/SRC/openSUSE:13.2:Update/.kde-cli-tools5.5683.new/kde-cli-tools5.changes
2016-10-11 15:50:31.000000000 +0200
@@ -0,0 +1,190 @@
+-------------------------------------------------------------------
+Fri Sep 30 07:12:42 UTC 2016 - [email protected]
+
+- Add 0001-Make-sure-people-are-not-trying-to-sneak-invisible-c.patch
+ to prevent users from sneaking in unicode string terminators
+ (boo#1001916, CVE-2016-7787)
+
+-------------------------------------------------------------------
+Fri Jul 22 10:43:13 UTC 2016 - [email protected]
+
+- Add kdesu-Do-not-change-minimum-size.patch to prevent the
+ displayed command line text running into the password field
+ (boo#958785)
+
+-------------------------------------------------------------------
+Mon Jun 20 15:55:12 UTC 2016 - [email protected]
+
+- Add keditfiletype-create-directory.patch: fixes saving changes
+ in the filetype editor on a fresh user account, when
+ ~/.local/share/mime/packages doesn't exist yet (boo#985608, kde#356237)
+
+-------------------------------------------------------------------
+Sun Jun 28 18:31:43 UTC 2015 - [email protected]
+
+- Update to 5.3.2:
+ * Bugfix release
+ * For more details please see:
+ https://www.kde.org/announcements/plasma-5.3.2.php
+
+-------------------------------------------------------------------
+Fri May 22 15:29:29 UTC 2015 - [email protected]
+
+- Update to 5.3.1:
+ * Bugfix release
+ * For more details please see:
+ https://www.kde.org/announcements/plasma-5.3.1.php
+
+-------------------------------------------------------------------
+Thu Apr 23 13:27:19 UTC 2015 - [email protected]
+
+- Update to 5.3 Final:
+ * For more details please see:
+ https://www.kde.org/announcements/plasma-5.3.0.php
+
+-------------------------------------------------------------------
+Sat Apr 11 18:53:33 UTC 2015 - [email protected]
+
+- Update to 5.2.95 aka 5.3 beta:
+ * New feature release
+ * For more details please see:
+ https://www.kde.org/announcements/plasma-5.2.95.php
+- Update required Qt version to 5.4.0
+
+-------------------------------------------------------------------
+Thu Mar 19 17:42:30 UTC 2015 - [email protected]
+
+- Update to 5.2.2:
+ * Bugfix release
+ * For more details please see:
+ https://www.kde.org/announcements/plasma-5.2.2.php
+
+-------------------------------------------------------------------
+Fri Feb 20 02:43:50 UTC 2015 - [email protected]
+
+- Update to 5.2.1:
+ * Bugfix release
+ * For more details please see:
+ https://www.kde.org/announcements/plasma-5.2.1.php
+
+-------------------------------------------------------------------
+Mon Jan 26 19:49:15 UTC 2015 - [email protected]
+
+- Update to 5.2 Final:
+ * For more details please see:
+ https://www.kde.org/announcements/plasma-5.2.0.php
+
+-------------------------------------------------------------------
+Tue Jan 13 16:34:54 UTC 2015 - [email protected]
+
+- Update to 5.2 Beta aka 5.1.95:
+ * Undo changes to Plasma desktop layout
+ * Smarter sorting of results in KRunner
+ * Breeze window decoration theme adds a new look to your
+ desktop and is now used by default
+ * New white mouse cursor theme for Breeze.
+ * New plasma widgets: 15 puzzle, web browser, show desktop
+ * Over 300 bugs fixed throughout Plasma modules.
+ * For more details please see:
+ https://www.kde.org/announcements/plasma-5.1.95.php
+
+-------------------------------------------------------------------
+Thu Dec 11 17:59:46 UTC 2014 - [email protected]
+
+- Update to 5.1.2:
+ * Bugfix release
+ * Use QFile::decodeName for command in KDEsuDialog to fix encoding
+ * Port away from Q_WS_X11
+ * For more details please see:
+ https://www.kde.org/announcements/plasma-5.1.2.php
+
+-------------------------------------------------------------------
+Fri Nov 21 18:42:23 UTC 2014 - [email protected]
+
+- Forward port kdesu-add-some-i18n-love.patch from kdebase4-runtime,
+ boo#852256
+
+-------------------------------------------------------------------
+Thu Nov 6 20:14:11 UTC 2014 - [email protected]
+
+- Update to 5.1.1:
+ * Bugfix release
+ * Added licenses
+ * For more details please see:
+ https://www.kde.org/announcements/plasma-5.1.1.php
+- Install license files
+
+-------------------------------------------------------------------
+Sat Oct 25 17:26:11 UTC 2014 - [email protected]
+
+- Recommend lang subpackage
+
+-------------------------------------------------------------------
+Thu Oct 9 21:24:27 UTC 2014 - [email protected]
+
+- Update to 5.1 Final:
+ * Bugfixes since RC1
+ * For more details please see:
+ https://www.kde.org/announcements/plasma-5.1.0.php
+
+-------------------------------------------------------------------
+Thu Sep 25 22:37:17 UTC 2014 - [email protected]
+
+- Update to 5.0.95
+ * No changes since previous update
+- Install translations
+- Add rpmlintrc file for file-not-in-%lang warnings: we don't use
+ find_lang macro as it doesn't searches in subdirectories
+
+-------------------------------------------------------------------
+Fri Sep 12 13:53:58 UTC 2014 - [email protected]
+
+- Update to 5.0.95~git20140912 (rd615bac):
+ * More compliance with mime-apps-spec 1.0.1
+
+-------------------------------------------------------------------
+Fri Aug 8 17:31:10 UTC 2014 - [email protected]
+
+- Update to 5.0.1
+ * Translation updates
+- Install kdesu via update-alternatives
+- Require kdbusaddons-tools package
+
+-------------------------------------------------------------------
+Fri Jul 11 18:33:06 UTC 2014 - [email protected]
+
+- Update to 5.0.0
+ * Plasma 5.0 Final
+
+-------------------------------------------------------------------
+Thu Jul 3 17:35:40 UTC 2014 - [email protected]
+
+- Update to 4.98.0
+ * Plasma 5 RC release
+
+-------------------------------------------------------------------
+Wed Jun 11 23:03:05 UTC 2014 - [email protected]
+
+- Update to 4.97.0
+ * Beta 2 of Plasma 5 release
+- Drop update_to_latest_head.patch
+
+-------------------------------------------------------------------
+Wed Jun 4 09:50:49 UTC 2014 - [email protected]
+
+- Add Source URL
+- Added update_to_latest_head.patch, to sync with latest KF5 API
+- Added kiconthemes-devel, ki18n-devel, kwindowsystem-devel and
+ pkgconfig(Qt5DBus) BuildRequires, needed by above patch
+- Bump Qt requires to 5.3.0
+
+-------------------------------------------------------------------
+Mon May 19 13:07:04 UTC 2014 - [email protected]
+
+- Mark license as GPL-2.0+
+
+-------------------------------------------------------------------
+Sat May 10 22:12:36 UTC 2014 - [email protected]
+
+- Activate kde-cli-tools5 package
+
New:
----
0001-Make-sure-people-are-not-trying-to-sneak-invisible-c.patch
kde-cli-tools-5.3.2.tar.xz
kde-cli-tools5-rpmlintrc
kde-cli-tools5.changes
kde-cli-tools5.spec
kdesu-Do-not-change-minimum-size.patch
kdesu-add-some-i18n-love.patch
keditfiletype-create-directory.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kde-cli-tools5.spec ++++++
#
# spec file for package kde-cli-tools5
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
%bcond_without lang
Name: kde-cli-tools5
Version: 5.3.2
Release: 0
Summary: Additional CLI tools for KDE applications
License: GPL-2.0+
Group: System/GUI/KDE
Url: http://www.kde.org
Source: kde-cli-tools-%{version}.tar.xz
Source99: %{name}-rpmlintrc
# PATCH-FIX-OPENSUSE kdesu-add-some-i18n-love.patch -- boo#852256
Patch0: kdesu-add-some-i18n-love.patch
# PATCH-FIX-UPSTREAM keditfiletype-create-directory.patch boo#985608 -- fixes
saving changes in the filetype editor on a fresh user account, when
~/.local/share/mime/packages doesn't exist yet
Patch1: keditfiletype-create-directory.patch
# PATCH-FIX-UPSTREAM kdesu-Do-not-change-minimum-size.patch boo#958785 --
prevent the displayed command line text running into the password field
Patch2: kdesu-Do-not-change-minimum-size.patch
# PATCH-FIX-UPSTREAM
0001-Make-sure-people-are-not-trying-to-sneak-invisible-c.patch CVE-2016-7787
-- kdesu: Displayed command truncated by unicode string terminator
Patch3: 0001-Make-sure-people-are-not-trying-to-sneak-invisible-c.patch
BuildRequires: kcmutils-devel
BuildRequires: kconfig-devel
BuildRequires: kdelibs4support-devel
BuildRequires: kdesu-devel
BuildRequires: kf5-filesystem
BuildRequires: ki18n-devel
BuildRequires: kiconthemes-devel
BuildRequires: kwindowsystem-devel
BuildRequires: xz
BuildRequires: pkgconfig(Qt5DBus) >= 5.4.0
BuildRequires: pkgconfig(Qt5Svg) >= 5.4.0
BuildRequires: pkgconfig(Qt5Test) >= 5.4.0
BuildRequires: pkgconfig(Qt5Widgets) >= 5.4.0
BuildRequires: pkgconfig(Qt5X11Extras) >= 5.4.0
BuildRequires: pkgconfig(x11)
# for kquitapp5
Requires: kdbusaddons-tools
%if %{with lang}
Recommends: %{name}-lang
%endif
Requires(post): update-alternatives
Requires(postun): update-alternatives
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
Additional CLI tools for KDE applications and workspaces.
%lang_package
%prep
%setup -q -n kde-cli-tools-%{version}
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%build
%cmake_kf5 -d build -- -DCMAKE_INSTALL_LOCALEDIR=share/locale/kf5
%make_jobs
%install
%kf5_makeinstall -C build
# create a dummy target for /etc/alternatives/kdesu
install -d -m 755 %{buildroot}%{_sysconfdir}/alternatives/
touch %{buildroot}%{_sysconfdir}/alternatives/kdesu
chmod +x %{buildroot}%{_sysconfdir}/alternatives/kdesu
ln -s -f %{_sysconfdir}/alternatives/kdesu %{buildroot}%{_kf5_bindir}/kdesu
touch %{buildroot}%{_sysconfdir}/alternatives/kdesu.1%{?ext_man}
mv %{buildroot}%{_kf5_mandir}/man1/kdesu.1
%{buildroot}%{_kf5_mandir}/man1/kdesu-5.1
ln -s -f %{_sysconfdir}/alternatives/kdesu.1%{?ext_man}
%{buildroot}%{_kf5_mandir}/man1/kdesu.1%{?ext_man}
%post
/sbin/ldconfig
%{_sbindir}/update-alternatives \
--install %{_kf5_bindir}/kdesu kdesu %{_kf5_libexecdir}/kdesu 15 \
--slave %{_kf5_mandir}/man1/kdesu.1.gz kdesu.1%{?ext_man}
%{_kf5_mandir}/man1/kdesu-5.1%{?ext_man}
%postun
/sbin/ldconfig
if [ $1 -eq 0 ]; then
%{_sbindir}/update-alternatives --remove kdesu \
%{_kf5_libexecdir}/kdesu
fi
%files
%defattr(-,root,root)
%doc COPYING*
%{_kf5_bindir}/kdesu
%{_kf5_bindir}/kcmshell5
%{_kf5_bindir}/kdecp5
%{_kf5_bindir}/kdemv5
%{_kf5_bindir}/kde-open5
%{_kf5_bindir}/keditfiletype5
%{_kf5_bindir}/kioclient5
%{_kf5_bindir}/kmimetypefinder5
%{_kf5_bindir}/ksvgtopng5
%{_kf5_bindir}/kstart5
%{_kf5_bindir}/ktraderclient5
%{_kf5_servicesdir}/
%{_kf5_libdir}/libkdeinit5_kcmshell5.so
%{_kf5_libexecdir}/
%ghost %{_sysconfdir}/alternatives/kdesu
%{_kf5_plugindir}/
%ghost %{_sysconfdir}/alternatives/kdesu.1%{?ext_man}
%doc %{_kf5_htmldir}/
%{_kf5_mandir}/man1/kdesu*.*
%if %{with lang}
%files lang
%defattr(-,root,root)
%{_kf5_localedir}/
%endif
%changelog
++++++ 0001-Make-sure-people-are-not-trying-to-sneak-invisible-c.patch ++++++
>From 5eda179a099ba68a20dc21dc0da63e85a565a171 Mon Sep 17 00:00:00 2001
From: Martin Sandsmark <[email protected]>
Date: Fri, 9 Sep 2016 09:05:57 +0200
Subject: [PATCH] Make sure people are not trying to sneak invisible characters
on the kdesu label
i18n: Sorry for the new string
CCMAIL: [email protected]
---
kdesu/kdesu.cpp | 10 ++++++++++
1 file changed, 10 insertions(+)
Index: kde-cli-tools-5.5.5/kdesu/kdesu.cpp
===================================================================
--- kde-cli-tools-5.5.5.orig/kdesu/kdesu.cpp
+++ kde-cli-tools-5.5.5/kdesu/kdesu.cpp
@@ -146,6 +146,10 @@ int main(int argc, char *argv[])
{
KMessageBox::sorry(0, i18n("Cannot execute command '%1'.",
QString::fromUtf8(command)));
}
+ if (result == -2)
+ {
+ KMessageBox::sorry(0, i18n("Cannot execute command '%1'. It contains
invalid characters.", QString::fromLocal8Bit(command)));
+ }
return result;
}
@@ -371,6 +375,12 @@ static int startApp(QCommandLineParser&
qDebug() << "Don't need password!!\n";
}
+ for (const QChar character : QString::fromLocal8Bit(command)) {
+ if (!character.isPrint() && character.category() !=
QChar::Other_Surrogate) {
+ return -2;
+ }
+ }
+
// Start the dialog
QString password;
if (needpw)
++++++ kde-cli-tools5-rpmlintrc ++++++
# we don't use find_lang macro as it doesn't searches in subdirectories
addFilter("file-not-in-%lang .*")++++++ kdesu-Do-not-change-minimum-size.patch
++++++
From: Christoph Feck <[email protected]>
Date: Thu, 21 Jul 2016 21:34:02 +0000
Subject: Do not change minimumSize()
X-Git-Url:
http://quickgit.kde.org/?p=kde-cli-tools.git&a=commitdiff&h=dc023ba3cbd6e6fcbe8a6b13e1796a2c0744a5a2
---
Do not change minimumSize()
KPasswordDialog knows better.
---
--- a/kdesu/sudlg.cpp
+++ b/kdesu/sudlg.cpp
@@ -59,8 +59,6 @@
if( withIgnoreButton ) {
connect(buttonBox()->button(QDialogButtonBox::Ignore),
SIGNAL(clicked()), SLOT(slotUser1()));
}
-
- setMinimumSize(minimumSizeHint());
}
++++++ kdesu-add-some-i18n-love.patch ++++++
>From abee9c239f74f60a77c0931be23ad1d8670feda6 Mon Sep 17 00:00:00 2001
From: Hrvoje Senjan <[email protected]>
Date: Tue, 3 Dec 2013 19:31:13 +0100
Subject: [PATCH 1/1] kdesu Add some love
From/toUTF8 in practice covers more ground than 8bit.
Furthermore, make the kdesu 'command' translatable, it's used
in openSUSE with dolphin and konsole 'Start as root'
BUG: boo#852256
---
kdesu/kdesu.cpp | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/kdesu/kdesu.cpp b/kdesu/kdesu.cpp
index 9e7f173..f553422 100644
--- a/kdesu/kdesu.cpp
+++ b/kdesu/kdesu.cpp
@@ -140,7 +140,7 @@ int main(int argc, char *argv[])
if (result == 127)
{
- KMessageBox::sorry(0, i18n("Cannot execute command '%1'.",
QString::fromLocal8Bit(command)));
+ KMessageBox::sorry(0, i18n("Cannot execute command '%1'.",
QString::fromUtf8(command)));
}
return result;
@@ -175,7 +175,7 @@ static int startApp(QCommandLineParser& p)
prompt = false;
// Get target uid
- QByteArray user = p.value("u").toLocal8Bit();
+ QByteArray user = p.value("u").toUtf8();
QByteArray auth_user = user;
struct passwd *pw = getpwnam(user);
if (pw == 0L)
@@ -235,7 +235,7 @@ static int startApp(QCommandLineParser& p)
// Get command
if (p.isSet("c"))
{
- command = p.value("c").toLocal8Bit();
+ command = p.value("c").toUtf8();
// Accepting additional arguments here is somewhat weird,
// but one can conceive use cases: have a complex command with
// redirections and additional file names which need to be quoted
@@ -323,7 +323,7 @@ static int startApp(QCommandLineParser& p)
// }
KUser u;
- env << (QByteArray) ("KDESU_USER=" + u.loginName().toLocal8Bit());
+ env << (QByteArray) ("KDESU_USER=" + u.loginName().toUtf8());
if (keep && !terminal && !just_started)
{
@@ -429,7 +429,7 @@ static int startApp(QCommandLineParser& p)
}
else if (keep && have_daemon)
{
- client.setPass(password.toLocal8Bit(), timeout);
+ client.setPass(password.toUtf8(), timeout);
client.setPriority(priority);
client.setScheduler(scheduler);
int result = client.exec(command, user, options, env);
@@ -448,7 +448,7 @@ static int startApp(QCommandLineParser& p)
proc.setPriority(priority);
proc.setScheduler(scheduler);
proc.setCommand(command);
- int result = proc.exec(password.toLocal8Bit());
+ int result = proc.exec(password.toUtf8());
return result;
}
return -1;
--
1.8.4.4
++++++ keditfiletype-create-directory.patch ++++++
From: Wolfgang Bauer <[email protected]>
Date: Mon, 30 May 2016 13:49:31 +0000
Subject: Create ~/.local/share/mime/packages/ if it doesn't exist
X-Git-Tag: v5.6.5
X-Git-Url:
http://quickgit.kde.org/?p=kde-cli-tools.git&a=commitdiff&h=c2aa2a46d51793d26dc6e93e60b5933cb1193e56
---
Create ~/.local/share/mime/packages/ if it doesn't exist
QStandardDirs::writableLocation() doesn't guarantee that the returned
directory actually exists.
So create it, otherwise saving the changes will fail if it isn't there.
BUG: 356237
FIXED-IN: 5.6.5
REVIEW: 128055
---
--- a/keditfiletype/mimetypewriter.cpp
+++ b/keditfiletype/mimetypewriter.cpp
@@ -21,6 +21,7 @@
#include "mimetypewriter.h"
#include <QDebug>
+#include <QDir>
#include <QFile>
#include <QMimeDatabase>
#include <QMimeType>
@@ -146,7 +147,10 @@
// and in ~/.local we don't really expect other packages to be installed
anyway...
QString baseName = m_mimeType;
baseName.replace('/', '-');
- return
QStandardPaths::writableLocation(QStandardPaths::GenericDataLocation) +
QLatin1String("/mime/") + "packages/" + baseName + ".xml" ;
+ QString packagesDirName =
QStandardPaths::writableLocation(QStandardPaths::GenericDataLocation) +
QLatin1String("/mime/") + "packages/";
+ // create the directory, the saving will fail if it doesn't exist
(bug#356237)
+ QDir(packagesDirName).mkpath(QStringLiteral("."));
+ return packagesDirName + baseName + ".xml" ;
}
static QString existingDefinitionFile(const QString& mimeType)
