Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package qt6-networkauth for openSUSE:Factory
checked in at 2026-02-03 21:27:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/qt6-networkauth (Old)
and /work/SRC/openSUSE:Factory/.qt6-networkauth.new.1995 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "qt6-networkauth"
Tue Feb 3 21:27:09 2026 rev:40 rq:1330588 version:6.10.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/qt6-networkauth/qt6-networkauth.changes
2025-11-25 15:48:58.300669958 +0100
+++
/work/SRC/openSUSE:Factory/.qt6-networkauth.new.1995/qt6-networkauth.changes
2026-02-03 21:27:39.538960177 +0100
@@ -1,0 +2,6 @@
+Sat Jan 31 08:10:38 UTC 2026 - Christophe Marin <[email protected]>
+
+- Update to 6.10.2:
+ * https://www.qt.io/blog/qt-6.10.2-released
+
+-------------------------------------------------------------------
Old:
----
qtnetworkauth-everywhere-src-6.10.1.tar.xz
New:
----
qtnetworkauth-everywhere-src-6.10.2.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ qt6-networkauth.spec ++++++
--- /var/tmp/diff_new_pack.elDeyw/_old 2026-02-03 21:27:40.286991573 +0100
+++ /var/tmp/diff_new_pack.elDeyw/_new 2026-02-03 21:27:40.290991741 +0100
@@ -1,7 +1,7 @@
#
# spec file for package qt6-networkauth
#
-# Copyright (c) 2025 SUSE LLC and contributors
+# Copyright (c) 2026 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,7 +16,7 @@
#
-%define real_version 6.10.1
+%define real_version 6.10.2
%define short_version 6.10
%define short_name qtnetworkauth
%define tar_name qtnetworkauth-everywhere-src
@@ -28,7 +28,7 @@
%endif
#
Name: qt6-networkauth%{?pkg_suffix}
-Version: 6.10.1
+Version: 6.10.2
Release: 0
Summary: Set of APIs to obtain limited access to online accounts and
HTTP services
License: GPL-3.0-only WITH Qt-GPL-exception-1.0
++++++ qtnetworkauth-everywhere-src-6.10.1.tar.xz ->
qtnetworkauth-everywhere-src-6.10.2.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/qtnetworkauth-everywhere-src-6.10.1/.cmake.conf
new/qtnetworkauth-everywhere-src-6.10.2/.cmake.conf
--- old/qtnetworkauth-everywhere-src-6.10.1/.cmake.conf 2025-11-13
17:35:26.000000000 +0100
+++ new/qtnetworkauth-everywhere-src-6.10.2/.cmake.conf 2026-01-20
05:15:31.000000000 +0100
@@ -1,5 +1,7 @@
-set(QT_REPO_MODULE_VERSION "6.10.1")
+set(QT_REPO_MODULE_VERSION "6.10.2")
set(QT_REPO_MODULE_PRERELEASE_VERSION_SEGMENT "alpha1")
-set(QT_EXTRA_INTERNAL_TARGET_DEFINES "QT_NO_AS_CONST=1")
-list(APPEND QT_EXTRA_INTERNAL_TARGET_DEFINES "QT_NO_FOREACH=1")
-list(APPEND QT_EXTRA_INTERNAL_TARGET_DEFINES "QT_NO_CONTEXTLESS_CONNECT=1")
+set(QT_EXTRA_INTERNAL_TARGET_DEFINES
+ "QT_NO_CONTEXTLESS_CONNECT=1"
+ "QT_NO_FOREACH=1"
+ "QT_NO_QASCONST=1"
+)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/qtnetworkauth-everywhere-src-6.10.1/.tag
new/qtnetworkauth-everywhere-src-6.10.2/.tag
--- old/qtnetworkauth-everywhere-src-6.10.1/.tag 2025-11-13
17:35:26.000000000 +0100
+++ new/qtnetworkauth-everywhere-src-6.10.2/.tag 2026-01-20
05:15:31.000000000 +0100
@@ -1 +1 @@
-4287152362078f54171d69e43d40ed523e80b869
+b3999f9967d65320369bb96b0ae91d810fd3fc38
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/qtnetworkauth-everywhere-src-6.10.1/dependencies.yaml
new/qtnetworkauth-everywhere-src-6.10.2/dependencies.yaml
--- old/qtnetworkauth-everywhere-src-6.10.1/dependencies.yaml 2025-11-13
17:35:26.000000000 +0100
+++ new/qtnetworkauth-everywhere-src-6.10.2/dependencies.yaml 2026-01-20
05:15:31.000000000 +0100
@@ -1,4 +1,4 @@
dependencies:
../qtbase:
- ref: 90b845d15ffb97693dba527385db83510ebd121a
+ ref: 000d6c62f7880bb8d3054724e8da0b8ae244130e
required: true
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/qtnetworkauth-everywhere-src-6.10.1/src/oauth/doc/qtnetworkauth.qdocconf
new/qtnetworkauth-everywhere-src-6.10.2/src/oauth/doc/qtnetworkauth.qdocconf
---
old/qtnetworkauth-everywhere-src-6.10.1/src/oauth/doc/qtnetworkauth.qdocconf
2025-11-13 17:35:26.000000000 +0100
+++
new/qtnetworkauth-everywhere-src-6.10.2/src/oauth/doc/qtnetworkauth.qdocconf
2026-01-20 05:15:31.000000000 +0100
@@ -14,15 +14,20 @@
qhp.QtNetworkAuth.indexTitle = Qt Network Authorization
qhp.QtNetworkAuth.indexRoot =
-qhp.QtNetworkAuth.subprojects = overview classes
-qhp.QtNetworkAuth.subprojects.overview.title = Overview
-qhp.QtNetworkAuth.subprojects.overview.indexTitle = OAuth 2.0 Overview
-qhp.QtNetworkAuth.subprojects.overview.selectors = group:none
-
-qhp.QtNetworkAuth.subprojects.classes.title = C++ Classes
-qhp.QtNetworkAuth.subprojects.classes.indexTitle = Qt Network Authorization
C++ Classes
-qhp.QtNetworkAuth.subprojects.classes.selectors = class doc:headerfile
-qhp.QtNetworkAuth.subprojects.classes.sortPages = true
+qhp.QtNetworkAuth.subprojects = manual examples classes
+qhp.QtNetworkAuth.subprojects.manual.title = Qt Network Authorization
+qhp.QtNetworkAuth.subprojects.manual.indexTitle = Qt Network Authorization
module topics
+qhp.QtNetworkAuth.subprojects.manual.type = manual
+
+qhp.QtNetworkAuth.subprojects.examples.title = Examples
+qhp.QtNetworkAuth.subprojects.examples.indexTitle = Qt Network Authorization
Examples
+qhp.QtNetworkAuth.subprojects.examples.selectors = example
+qhp.QtNetworkAuth.subprojects.examples.sortPages = true
+
+qhp.QtNetworkAuth.subprojects.classes.title = C++ Classes
+qhp.QtNetworkAuth.subprojects.classes.indexTitle = Qt Network Authorization
C++ Classes
+qhp.QtNetworkAuth.subprojects.classes.selectors = class doc:headerfile
+qhp.QtNetworkAuth.subprojects.classes.sortPages = true
tagfile = qtnetworkauth.tags
@@ -40,5 +45,9 @@
navigation.landingpage = "Qt Network Authorization"
navigation.cppclassespage = "Qt Network Authorization C++ Classes"
+# Autogenerate navigation linking based on "Qt Network Authorization module
topics":
+navigation.toctitles = "Qt Network Authorization module topics"
+navigation.toctitles.inclusive = false
+
# Enforce zero documentation warnings
warninglimit = 0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/qtnetworkauth-everywhere-src-6.10.1/src/oauth/doc/src/qtnetworkauth-security.qdoc
new/qtnetworkauth-everywhere-src-6.10.2/src/oauth/doc/src/qtnetworkauth-security.qdoc
---
old/qtnetworkauth-everywhere-src-6.10.1/src/oauth/doc/src/qtnetworkauth-security.qdoc
1970-01-01 01:00:00.000000000 +0100
+++
new/qtnetworkauth-everywhere-src-6.10.2/src/oauth/doc/src/qtnetworkauth-security.qdoc
2026-01-20 05:15:31.000000000 +0100
@@ -0,0 +1,138 @@
+// Copyright (C) 2025 The Qt Company Ltd.
+// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR
GFDL-1.3-no-invariants-only
+
+/*!
+ \page qtnetworkauth-security
+ \title Qt Network Authorization Security Considerations
+ \ingroup security-considerations
+ \brief Access control, authorization, and authentication issues.
+
+ This page covers security considerations for applications using
+ \l{Qt Network Authorization}. Much of the content here focuses on
+ OAuth 2.0 Authorization Framework and OpenID.
+
+ Refer to \l{RFC 6749} for the OAuth 2.0 protocol flow and \l{RFC 8252} for
+ security issues regarding native applications.
+
+ \section1 Access control
+
+ Access control involves provisioning resources to users using a system for
+ checking identities and permissions. Access control then includes
+ authorization, authentication, and logging services. Qt Network
+ Authorization's API implements access control with focus on
+ OAuth 2.0 Authorization Framework. Qt Network Authorization supports the
+ Authorization Code flow (with PKCE) and the Device Authorization flow.
+
+ For systems, a deliberate separation according to privileges and
+ permissions is the first step of access control. User categories can
+ dictate the groups that may access certain resources and services.
+ Likewise, permissions on resources or services can dictate the available
+ actions on them. Request only the OAuth scopes your application needs.
+ Limiting scope reduces the potential impact if tokens are compromised.
+
+ Systems also must implement access management for flexibility and for
+ supervision. Provisioning access and services must be part of the system
+ design so that it is easy to add or remove users and resources without
+ compromising security. Activity logs aid audits and security
+ analysis.
+
+ A well known design is the \e {role-based access control} (RBAC).
+
+ \section1 Authentication and single sign-on
+
+ \e Authentication is checking for the identity of a user. Weak
+ authentication methods lead to granting access to the wrong users and can
+ result in private data exposure and execution of malicious actions.
+
+ Connected applications need to verify the identities of users that use
+ restricted resources. Typically, applications verify users by checking user
+ credentials such as username and password in an existing database. This
+ method is vulnerable to false authentications and data breaches. Many
+ mitigation techniques are about user behavior and applications can
+ enforce security policies such as requiring \e strong passwords.
+ Applications can use Qt's validators and widgets to guide users with
+ messages and by restricting the creation of weak passwords.
+
+ Using a centralized authentication system such as a single sign-on (SSO)
+ can minimize the mismanagement of passwords and identities.
+
+ \l{Qt Network Authorization} can retrieve JSON Web Tokens (JWT)
+ through OpenID Connect, an identity layer on top of OAuth 2.0.
+ Often, authentication and authorization are part of the same system.
+ Treat access tokens, refresh tokens, and ID tokens as sensitive data.
+ Store them securely using platform secure storage or encryption.
+ Do not store tokens in plain text.
+
+ \section1 Authorization and resource provision
+
+ \e Authorization is checking if a user has access to a resource based on
+ the user privileges and permissions on that resource. Without proper
+ authorization, users can access a resource and perform actions even though
+ they do not have the permission. Attackers can modify and reduce the
+ integrity of data or abuse resources, causing a denial of service.
+
+ As basic precaution, perform authorization checks before executing actions
+ that can lead to misuse of resources. This check can happen whenever users
+ access server-side resources. The users' privileges and the permissions on
+ the resources determine if the user may execute an action on the resource.
+ Additional authorization checks may be necessary according to the resource.
+ Revoke access and refresh tokens when users log out or when your
+ application no longer needs them.
+
+ \section1 Use an external user-agent
+
+ According to \l{RFC 8252}, applications can use either an
+ \e external or an \e embedded user-agent for the authorization
+ endpoint, as defined in \l{RFC 6749}{OAuth 2.0}. Embedded
+ user-agents are typically the webviews provided and controlled
+ within the application. External user-agents are the
+ system browsers or other applications not controlled by the
+ requesting application.
+
+ \l{RFC 8252} recommends using external user-agents rather than
+ embedded web views for authorization.
+ The application controls the embedded user-agent and fails to separate the
+ privileged access between the application and authorization node. This
+ setup is unsafe as the application can record keystrokes and can trick
+ users with a false sense of security. However, properly configured
+ embedded browsers like Qt WebEngine can also be used when external
+ user-agents are not practical.
+
+ Also, with the system browser as the external user-agent, browser
+ tabs and stored credentials can simplify the user experience. For
+ example, users can use their saved usernames and passwords in the
+ browser. Similarly, using password managers as the external
+ user-agent increases simplicity and trust.
+
+ \section1 PKCE and state parameter
+
+ \l{RFC 7636}{Proof Key for Code Exchange (PKCE)} protects against
+ authorization code interception attacks in the Authorization Code flow. Qt
+ Network Authorization enables PKCE by default.
+
+ Qt Network Authorization generates random state values by default to
+ prevent cross-site request forgery (CSRF) attacks. If you override
+ the state parameter, avoid using hard-coded strings.
+
+ \section1 Platform considerations
+
+ Redirect URI handling varies by platform. On \l{Mobile Platforms}
+ {mobile platforms}, HTTPS redirect URIs can be handled securely
+ through app-claimed URLs. On \l{desktop platforms}, HTTP redirect
+ URIs to localhost remain a valid option for native
+ applications.
+
+ \section1 Security resources for connected applications
+
+ Here are resources for cybersecurity guidance:
+
+ \list
+ \li \l{https://cwe.mitre.org/index.html}{Common Weakness Enumeration}
+ - A catalog of known issues and possible mitigation techniques.
+ \li \l{https://cheatsheetseries.owasp.org}{OWASP Cheat Sheet Series}
+ - A listing of various topics for securing applications.
+ \li \l{RFC 6749} - OAuth 2.0 Authorization Framework
+ \li \l{RFC 8252} - OAuth 2.0 for Native Apps
+ \li \l{RFC 7636} - Proof Key for Code Exchange (PKCE)
+ \endlist
+*/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/qtnetworkauth-everywhere-src-6.10.1/src/oauth/doc/src/qtnetworkauth-toc.qdoc
new/qtnetworkauth-everywhere-src-6.10.2/src/oauth/doc/src/qtnetworkauth-toc.qdoc
---
old/qtnetworkauth-everywhere-src-6.10.1/src/oauth/doc/src/qtnetworkauth-toc.qdoc
1970-01-01 01:00:00.000000000 +0100
+++
new/qtnetworkauth-everywhere-src-6.10.2/src/oauth/doc/src/qtnetworkauth-toc.qdoc
2026-01-20 05:15:31.000000000 +0100
@@ -0,0 +1,15 @@
+
+// Copyright (C) 2025 The Qt Company Ltd.
+// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR
GFDL-1.3-no-invariants-only
+/*!
+ \page qtnetworkauth-toc.html
+ \title Qt Network Authorization module topics
+ The following list has links to all the individual topics (HTML files)
+ in the Qt Network Authorization module.
+
+ \list
+ \li \l {OAuth 2.0 Overview}{Overview}
+ \li \l {Qt OAuth2 Browser Support}{Browser Support}
+ \li \l {Qt Network Authorization Security Considerations}{Security
Considerations}
+\endlist
+*/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/qtnetworkauth-everywhere-src-6.10.1/src/oauth/doc/src/qtnetworkauth.qdoc
new/qtnetworkauth-everywhere-src-6.10.2/src/oauth/doc/src/qtnetworkauth.qdoc
---
old/qtnetworkauth-everywhere-src-6.10.1/src/oauth/doc/src/qtnetworkauth.qdoc
2025-11-13 17:35:26.000000000 +0100
+++
new/qtnetworkauth-everywhere-src-6.10.2/src/oauth/doc/src/qtnetworkauth.qdoc
2026-01-20 05:15:31.000000000 +0100
@@ -67,6 +67,8 @@
\list
\li \l {OAuth 2.0 Overview}
\li \l {Qt OAuth2 Browser Support}
+ \li \l {Qt Network Authorization Security Considerations}
+ {Security Considerations}
\endlist
\section1 Licenses
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/qtnetworkauth-everywhere-src-6.10.1/src/oauth/qabstractoauth.h
new/qtnetworkauth-everywhere-src-6.10.2/src/oauth/qabstractoauth.h
--- old/qtnetworkauth-everywhere-src-6.10.1/src/oauth/qabstractoauth.h
2025-11-13 17:35:26.000000000 +0100
+++ new/qtnetworkauth-everywhere-src-6.10.2/src/oauth/qabstractoauth.h
2026-01-20 05:15:31.000000000 +0100
@@ -30,9 +30,6 @@
{
Q_OBJECT
- Q_ENUMS(Status)
- Q_ENUMS(Stage)
- Q_ENUMS(Error)
Q_PROPERTY(QString clientIdentifier
READ clientIdentifier
WRITE setClientIdentifier
@@ -56,6 +53,7 @@
Granted,
RefreshingToken
};
+ Q_ENUM(Status)
enum class Stage {
RequestingTemporaryCredentials,
@@ -63,6 +61,7 @@
RequestingAccessToken,
RefreshingAccessToken
};
+ Q_ENUM(Stage)
enum class Error {
NoError,
@@ -76,6 +75,7 @@
ClientError,
ExpiredError,
};
+ Q_ENUM(Error)
enum class ContentType {
WwwFormUrlEncoded,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/qtnetworkauth-everywhere-src-6.10.1/src/oauth/qabstractoauth2.cpp
new/qtnetworkauth-everywhere-src-6.10.2/src/oauth/qabstractoauth2.cpp
--- old/qtnetworkauth-everywhere-src-6.10.1/src/oauth/qabstractoauth2.cpp
2025-11-13 17:35:26.000000000 +0100
+++ new/qtnetworkauth-everywhere-src-6.10.2/src/oauth/qabstractoauth2.cpp
2026-01-20 05:15:31.000000000 +0100
@@ -768,8 +768,8 @@
// RFC 6749, Section 5.2 Error Response
const QString uri =
data.value(QtOAuth2RfcKeywords::errorUri).toString();
const QString description =
data.value(QtOAuth2RfcKeywords::errorDescription).toString();
- qCWarning(loggingCategory, "Authorization stage: AuthenticationError:
%s(%s): %s",
- qPrintable(error), qPrintable(uri), qPrintable(description));
+ qCWarning(loggingCategory, "Authorization stage: AuthenticationError:
%ls(%ls): %ls",
+ qUtf16Printable(error), qUtf16Printable(uri),
qUtf16Printable(description));
#if QT_DEPRECATED_SINCE(6, 13)
QT_IGNORE_DEPRECATIONS(Q_EMIT q->error(error, description, uri);)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/qtnetworkauth-everywhere-src-6.10.1/src/oauth/qoauth2deviceauthorizationflow.cpp
new/qtnetworkauth-everywhere-src-6.10.2/src/oauth/qoauth2deviceauthorizationflow.cpp
---
old/qtnetworkauth-everywhere-src-6.10.1/src/oauth/qoauth2deviceauthorizationflow.cpp
2025-11-13 17:35:26.000000000 +0100
+++
new/qtnetworkauth-everywhere-src-6.10.2/src/oauth/qoauth2deviceauthorizationflow.cpp
2026-01-20 05:15:31.000000000 +0100
@@ -205,10 +205,10 @@
const auto receivedExpiresIn =
data.value(QtOAuth2RfcKeywords::expiresIn).toInt();
QUrl receivedVerificationUrl;
// The RFC keyword is 'verification_uri', but some auth servers provide
'verification_url'
- if (data.contains(QtOAuth2RfcKeywords::verificationUri))
- receivedVerificationUrl =
data.value(QtOAuth2RfcKeywords::verificationUri).toString();
- else if (data.contains(QtOAuth2RfcKeywords::verificationUrl))
- receivedVerificationUrl =
data.value(QtOAuth2RfcKeywords::verificationUrl).toString();
+ if (auto it = data.find(QtOAuth2RfcKeywords::verificationUri); it !=
data.end())
+ receivedVerificationUrl.setUrl(it->toString());
+ else if (auto it = data.find(QtOAuth2RfcKeywords::verificationUrl); it !=
data.end())
+ receivedVerificationUrl.setUrl(it->toString());
if (receivedDeviceCode.isEmpty() || receivedUserCode.isEmpty()
|| receivedVerificationUrl.isEmpty() || receivedExpiresIn <= 0) {
@@ -244,13 +244,10 @@
QUrl receivedVerificationUrlComplete;
// The RFC keyword is 'verification_uri_complete', but some auth servers
// use 'verification_url_complete'
- if (data.contains(QtOAuth2RfcKeywords::completeVerificationUri)) {
- receivedVerificationUrlComplete =
-
data.value(QtOAuth2RfcKeywords::completeVerificationUri).toString();
- } else if (data.contains(QtOAuth2RfcKeywords::completeVerificationUrl)) {
- receivedVerificationUrlComplete =
-
data.value(QtOAuth2RfcKeywords::completeVerificationUrl).toString();
- }
+ if (auto it = data.find(QtOAuth2RfcKeywords::completeVerificationUri); it
!= data.end())
+ receivedVerificationUrlComplete.setUrl(it->toString());
+ else if (auto it =
data.find(QtOAuth2RfcKeywords::completeVerificationUrl); it != data.end())
+ receivedVerificationUrlComplete.setUrl(it->toString());
deviceCode = std::move(receivedDeviceCode);
setUserCode(receivedUserCode);
