Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package kdenetwork-filesharing for
openSUSE:Factory checked in at 2021-04-19 21:05:48
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kdenetwork-filesharing (Old)
and /work/SRC/openSUSE:Factory/.kdenetwork-filesharing.new.12324 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kdenetwork-filesharing"
Mon Apr 19 21:05:48 2021 rev:18 rq:877079 version:20.12.3
Changes:
--------
---
/work/SRC/openSUSE:Factory/kdenetwork-filesharing/kdenetwork-filesharing.changes
2020-11-10 13:48:32.747406563 +0100
+++
/work/SRC/openSUSE:Factory/.kdenetwork-filesharing.new.12324/kdenetwork-filesharing.changes
2021-04-19 21:06:05.324037412 +0200
@@ -1,0 +2,64 @@
+Thu Mar 4 06:10:09 UTC 2021 - Luca Beltrame <lbeltr...@kde.org>
+
+- Update to 20.12.3
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/releases/20.12.3
+- No code change since 20.12.2
+
+-------------------------------------------------------------------
+Tue Mar 2 07:55:02 UTC 2021 - Christophe Giboudeaux <christo...@krop.fr>
+
+- Add patch to strengthen username validation when
+ using Samba (boo#1182005, kde#432757)
+ * 0001-run-input-user-group-names-through-input-validation.patch
+
+-------------------------------------------------------------------
+Wed Feb 3 08:28:27 UTC 2021 - Christophe Giboudeaux <christo...@krop.fr>
+
+- Update to 20.12.2
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/releases/2021-02-apps-update
+- No code change since 20.12.1
+
+-------------------------------------------------------------------
+Tue Jan 5 12:25:25 UTC 2021 - Luca Beltrame <lbeltr...@kde.org>
+
+- Update to 20.12.1
+ * New bugfix release
+ * For more details please see:
+ * https://kde.org/announcements/releases/2021-01-apps-update
+- No code change since 20.12.0
+
+-------------------------------------------------------------------
+Sat Dec 5 23:16:05 UTC 2020 - Luca Beltrame <lbeltr...@kde.org>
+
+- Update to 20.12.0
+ * New feature release
+ * For more details please see:
+ * https://kde.org/announcements/releases/2020-12-apps-update
+- No code change since 20.11.90
+
+-------------------------------------------------------------------
+Fri Nov 27 15:16:20 UTC 2020 - Christophe Giboudeaux <christo...@krop.fr>
+
+- Update to 20.11.90
+ * New feature release
+- No code change since 20.11.80
+
+-------------------------------------------------------------------
+Sat Nov 14 00:01:15 UTC 2020 - Christophe Giboudeaux <christo...@krop.fr>
+
+- Update to 20.11.80
+ * New feature release
+- Too many changes since 20.08.3, only listing bugfixes:
+ * add a group management page (kde#407846)
+ * only enable guest checkbox if the smb.conf allows it (kde#425203)
+ * resolve paths to their canonical representation (kde#425678)
+ * fix multiple opening of properties (kde#425591)
+ * add smb user management support (kde#334875)
+ * rejigger acl page and add a sheet to be shown when using a denial
(kde#422554)
+ * give add/remove errors a GUI (kde#334618)
+
+-------------------------------------------------------------------
Old:
----
kdenetwork-filesharing-20.08.3.tar.xz
kdenetwork-filesharing-20.08.3.tar.xz.sig
New:
----
0001-run-input-user-group-names-through-input-validation.patch
kdenetwork-filesharing-20.12.3.tar.xz
kdenetwork-filesharing-20.12.3.tar.xz.sig
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kdenetwork-filesharing.spec ++++++
--- /var/tmp/diff_new_pack.ln8H5d/_old 2021-04-19 21:06:05.784038102 +0200
+++ /var/tmp/diff_new_pack.ln8H5d/_new 2021-04-19 21:06:05.784038102 +0200
@@ -1,7 +1,7 @@
#
# spec file for package kdenetwork-filesharing
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,21 +21,25 @@
%{!?_kapp_version: %define _kapp_version %(echo %{version}| awk -F. '{print
$1"."$2}')}
%bcond_without lang
Name: kdenetwork-filesharing
-Version: 20.08.3
+Version: 20.12.3
Release: 0
Summary: KDE Network Libraries
License: GPL-2.0-or-later
Group: Productivity/Networking/System
URL: https://www.kde.org
Source:
https://download.kde.org/stable/release-service/%{version}/src/%{name}-%{version}.tar.xz
+# PATCH-FIX-UPSTREAM
+Patch0: 0001-run-input-user-group-names-through-input-validation.patch
BuildRequires: PackageKit-Qt5-devel
BuildRequires: extra-cmake-modules
BuildRequires: cmake(KF5Completion)
BuildRequires: cmake(KF5CoreAddons)
+BuildRequires: cmake(KF5Declarative)
BuildRequires: cmake(KF5I18n)
BuildRequires: cmake(KF5KIO)
BuildRequires: cmake(KF5WidgetsAddons)
BuildRequires: cmake(Qt5Core)
+BuildRequires: cmake(Qt5Qml)
BuildRequires: cmake(Qt5Widgets)
Recommends: %{name}-lang
Enhances: dolphin
@@ -55,33 +59,38 @@
%lang_package
%prep
-%setup -q
+%autosetup -p1
%build
%ifarch ppc ppc64
export RPM_OPT_FLAGS="%{optflags} -mminimal-toc"
%endif
- %cmake_kf5 -d build
- %cmake_build
+
+%cmake_kf5 -d build
+%cmake_build
%install
- %kf5_makeinstall -C build
- %if %{with lang}
+%kf5_makeinstall -C build
+%if %{with lang}
%find_lang %{name} --with-man --all-name
- %endif
+%endif
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files
-%license COPYING COPYING.DOC
+%license LICENSES/*
%{_kf5_appstreamdir}/org.kde.kdenetwork-filesharing.metainfo.xml
%{_kf5_plugindir}/sambausershareplugin.so
%{_kf5_servicesdir}/sambausershareplugin.desktop
+%{_kf5_libdir}/libexec/kauth/authhelper
+%{_kf5_sharedir}/dbus-1/system-services/org.kde.filesharing.samba.service
+%{_kf5_sharedir}/dbus-1/system.d/org.kde.filesharing.samba.conf
+%{_kf5_sharedir}/polkit-1/actions/org.kde.filesharing.samba.policy
%if %{with lang}
%files lang -f %{name}.lang
-%license COPYING*
+%license LICENSES/*
%endif
%changelog
++++++ 0001-run-input-user-group-names-through-input-validation.patch ++++++
>From 6415cbc2e8046f62a261d014ea01f0d2ba860914 Mon Sep 17 00:00:00 2001
From: Harald Sitter <sit...@kde.org>
Date: Tue, 16 Feb 2021 15:40:58 +0100
Subject: [PATCH] run input user/group names through input validation
to harden against abuse we'll match them against a regex that should
only match what could possibly be a valid user or group name.
thanks to Wolfgang Frisch and SUSE for the suggestion
BUG: 432757
FIXED-IN: 20.12.3
---
samba/filepropertiesplugin/authhelper.cpp | 16 ++++++++++++----
1 file changed, 12 insertions(+), 4 deletions(-)
diff --git a/samba/filepropertiesplugin/authhelper.cpp
b/samba/filepropertiesplugin/authhelper.cpp
index 9a0f62e..8343f82 100644
--- a/samba/filepropertiesplugin/authhelper.cpp
+++ b/samba/filepropertiesplugin/authhelper.cpp
@@ -1,16 +1,24 @@
/*
SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only OR
LicenseRef-KDE-Accepted-GPL
- SPDX-FileCopyrightText: 2020 Harald Sitter <sit...@kde.org>
+ SPDX-FileCopyrightText: 2020-2021 Harald Sitter <sit...@kde.org>
*/
#include "authhelper.h"
#include <QProcess>
+#include <QRegularExpression>
+
+static bool isValidUserName(const QString &name)
+{
+ // https://systemd.io/USER_NAMES/
+ static QRegularExpression expr(QStringLiteral("^[a-z_][a-z0-9_-]*$"));
+ return expr.match(name).hasMatch();
+}
ActionReply AuthHelper::isuserknown(const QVariantMap &args)
{
const auto username = args.value(QStringLiteral("username")).toString();
- if (username.isEmpty()) {
+ if (!isValidUserName(username)) {
return ActionReply::HelperErrorReply();
}
@@ -35,7 +43,7 @@ ActionReply AuthHelper::createuser(const QVariantMap &args)
{
const auto username = args.value(QStringLiteral("username")).toString();
const auto password = args.value(QStringLiteral("password")).toString();
- if (username.isEmpty() || password.isEmpty()) {
+ if (!isValidUserName(username) || password.isEmpty()) {
return ActionReply::HelperErrorReply();
}
@@ -73,7 +81,7 @@ ActionReply AuthHelper::addtogroup(const QVariantMap &args)
{
const auto user = args.value(QStringLiteral("user")).toString();
const auto group = args.value(QStringLiteral("group")).toString();
- if (user.isEmpty() || group.isEmpty()) {
+ if (!isValidUserName(user) || !isValidUserName(group)) {
return ActionReply::HelperErrorReply();
}
// Harden against some input abuse.
--
2.30.1
++++++ applications.keyring ++++++
Binary files /var/tmp/diff_new_pack.ln8H5d/_old and
/var/tmp/diff_new_pack.ln8H5d/_new differ
++++++ kdenetwork-filesharing-20.08.3.tar.xz ->
kdenetwork-filesharing-20.12.3.tar.xz ++++++
++++ 28410 lines of diff (skipped)
