Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kmime for openSUSE:Factory checked in at 2026-05-11 16:49:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kmime (Old) and /work/SRC/openSUSE:Factory/.kmime.new.1966 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kmime" Mon May 11 16:49:45 2026 rev:129 rq:1351683 version:26.04.1 Changes: -------- --- /work/SRC/openSUSE:Factory/kmime/kmime.changes 2026-04-17 21:49:06.632663935 +0200 +++ /work/SRC/openSUSE:Factory/.kmime.new.1966/kmime.changes 2026-05-11 16:50:45.520479863 +0200 @@ -1,0 +2,10 @@ +Thu May 7 08:02:58 UTC 2026 - Christophe Marin <[email protected]> + +- Update to 26.04.1 + * New bugfix release + * For more details please see: + * https://kde.org/announcements/gear/26.04.1/ +- Changes since 26.04.0: + * Harden RFC 2047 parsing against null bytes in the charset, take II (kde#519599) + +------------------------------------------------------------------- Old: ---- kmime-26.04.0.tar.xz kmime-26.04.0.tar.xz.sig New: ---- kmime-26.04.1.tar.xz kmime-26.04.1.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kmime.spec ++++++ --- /var/tmp/diff_new_pack.Uk6lNv/_old 2026-05-11 16:50:46.076502741 +0200 +++ /var/tmp/diff_new_pack.Uk6lNv/_new 2026-05-11 16:50:46.080502905 +0200 @@ -21,7 +21,7 @@ %bcond_without released Name: kmime -Version: 26.04.0 +Version: 26.04.1 Release: 0 Summary: KDE PIM libraries MIME support License: LGPL-2.1-or-later ++++++ kmime-26.04.0.tar.xz -> kmime-26.04.1.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kmime-26.04.0/CMakeLists.txt new/kmime-26.04.1/CMakeLists.txt --- old/kmime-26.04.0/CMakeLists.txt 2026-04-09 15:41:53.000000000 +0200 +++ new/kmime-26.04.1/CMakeLists.txt 2026-05-03 05:52:33.000000000 +0200 @@ -1,5 +1,5 @@ cmake_minimum_required(VERSION 3.27) -set(PIM_VERSION "6.7.0") +set(PIM_VERSION "6.7.1") project(KMime VERSION ${PIM_VERSION}) @@ -27,7 +27,7 @@ include(ECMCheckOutboundLicense) include(ECMPoQmTools) -set(QT_REQUIRED_VERSION "6.7.0") +set(QT_REQUIRED_VERSION "6.7.1") find_package(Qt6 ${QT_REQUIRED_VERSION} CONFIG REQUIRED Core) Binary files old/kmime-26.04.0/autotests/data/bug519599.mbox and new/kmime-26.04.1/autotests/data/bug519599.mbox differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kmime-26.04.0/autotests/messagetest.cpp new/kmime-26.04.1/autotests/messagetest.cpp --- old/kmime-26.04.0/autotests/messagetest.cpp 2026-04-09 15:41:53.000000000 +0200 +++ new/kmime-26.04.1/autotests/messagetest.cpp 2026-05-03 05:52:33.000000000 +0200 @@ -726,6 +726,21 @@ QTest::newRow("yenc-corrupt-size") << u"yenc-single-part.yenc"_s; QTest::newRow("yenc-mail-part") << u"yenc-mail-part.txt"_s; QTest::newRow("uuencode-no-filename") << u"clusterfuzz-testcase-minimized-kmime_fuzzer-6349101081100288"_s; + QTest::newRow("bug519599") << u"bug519599.mbox"_s; +} + +// same as ossfuzz/kmime_fuzzer.cc, so we also see the same memory accesss issues here +static void traverseContent(const KMime::Content *content) +{ + for (const auto c : content->contents()) { + const auto decodedBody = c->decodedBody(); + const auto decodedText = c->decodedText(); + for (const auto header : c->headers()) { + const auto headerAs7BitString = header->as7BitString(); + const auto headerAsUnicodeString = header->asUnicodeString(); + } + traverseContent(c); + } } void MessageTest::testGarbage() @@ -734,6 +749,7 @@ QFETCH(QString, filename); auto msg = readAndParseMail(filename); QVERIFY(msg); + traverseContent(msg.get()); } void MessageTest::testUuencode() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kmime-26.04.0/poqm/lt/libkmime6_qt.po new/kmime-26.04.1/poqm/lt/libkmime6_qt.po --- old/kmime-26.04.0/poqm/lt/libkmime6_qt.po 2026-04-09 15:41:53.000000000 +0200 +++ new/kmime-26.04.1/poqm/lt/libkmime6_qt.po 2026-05-03 05:52:33.000000000 +0200 @@ -6,7 +6,7 @@ "Project-Id-Version: libkmime\n" "Report-Msgid-Bugs-To: https://bugs.kde.org\n"; "POT-Creation-Date: 2023-11-20 01:59+0000\n" -"PO-Revision-Date: 2009-03-07 16:19+0300\n" +"PO-Revision-Date: 2026-05-02 15:26+0300\n" "Last-Translator: Andrius Štikonas <[email protected]>\n" "Language-Team: Lithuanian <[email protected]>\n" "Language: lt\n" @@ -16,95 +16,69 @@ "Plural-Forms: nplurals=4; plural=(n==1 ? 0 : n%10>=2 && (n%100<10 || n" "%100>=20) ? 1 : n%10==0 || (n%100>10 && n%100<20) ? 2 : 3);\n" "X-Qt-Contexts: true\n" +"X-Generator: Poedit 3.8\n" #: mdn.cpp:53 -#, fuzzy -#| msgid "" -#| "The message sent on ${date} to ${to} with subject \"${subject}\" has been " -#| "displayed. This is no guarantee that the message has been read or " -#| "understood." msgctxt "DispositionModifier|" msgid "" "The message sent on ${date} to ${to} with subject \"${subject}\" has been " "displayed. This is no guarantee that the message has been read or understood." msgstr "" -"Laiškas išsiųstas ${date} adresu ${to} tema „${subject}“ buvo parodytas. " -"Nėra garantijų, kad laiškas buvo perskaitytas ar suprastas." +"Laiškas, kuris ${date} buvo išsiųstas adresu ${to} ir kurio tema " +"„${subject}“, buvo parodytas. Tai nereiškia, kad laiškas buvo perskaitytas " +"ar suprastas." #: mdn.cpp:60 -#, fuzzy -#| msgid "" -#| "The message sent on ${date} to ${to} with subject \"${subject}\" has been " -#| "deleted unseen. This is no guarantee that the message will not be " -#| "\"undeleted\" and nonetheless read later on." msgctxt "DispositionModifier|" msgid "" "The message sent on ${date} to ${to} with subject \"${subject}\" has been " "deleted unseen. This is no guarantee that the message will not be \"undeleted" "\" and nonetheless read later on." msgstr "" -"Laiškas išsiųstas ${date} adresu ${to} tema „${subject}“ buvo ištrintas " -"adresatui jo nepamačius. Nėra garantijos, kad laiško statusas nebus vėliau " -"pakeistas į „neištrintą“ ir jis nebus perskaitytas." +"Laiškas, kuris ${date} buvo išsiųstas adresu ${to} ir kurio tema " +"„${subject}“, buvo ištrintas adresatui jo neperžiūrėjus. Tai nereiškia, kad " +"laiškas nebus atkurtas iš ištrintų laiškų ir vėliau nebus perskaitytas." #: mdn.cpp:68 -#, fuzzy -#| msgid "" -#| "The message sent on ${date} to ${to} with subject \"${subject}\" has been " -#| "dispatched. This is no guarantee that the message will not be read later " -#| "on." msgctxt "DispositionModifier|" msgid "" "The message sent on ${date} to ${to} with subject \"${subject}\" has been " "dispatched. This is no guarantee that the message will not be read later on." msgstr "" -"Laiškas išsiųstas ${date} adresu ${to} pavadintas „${subject}“ buvo " -"apdorotas (pvz., persiųstas). Tai nereiškia, kad laiškas vėliau nebus " -"perskaitytas." +"Laiškas, kuris ${date} buvo išsiųstas adresu ${to} ir kurio tema " +"„${subject}“, buvo sutvarkytas (pvz., persiųstas). Tai nereiškia, kad " +"laiškas vėliau nebus perskaitytas." #: mdn.cpp:75 -#, fuzzy -#| msgid "" -#| "The message sent on ${date} to ${to} with subject \"${subject}\" has been " -#| "processed by some automatic means." msgctxt "DispositionModifier|" msgid "" "The message sent on ${date} to ${to} with subject \"${subject}\" has been " "processed by some automatic means." msgstr "" -"Laiškas išsiųstas ${date} adresu ${to} tema „${subject}“ buvo apdorotas " -"kažkokia automatine priemone." +"Laiškas, kuris ${date} buvo išsiųstas adresu ${to} ir kurio tema " +"„${subject}“, buvo apdorotas naudojant kažkokią automatinę priemonę." #: mdn.cpp:81 -#, fuzzy -#| msgid "" -#| "The message sent on ${date} to ${to} with subject \"${subject}\" has been " -#| "acted upon. The sender does not wish to disclose more details to you than " -#| "that." msgctxt "DispositionModifier|" msgid "" "The message sent on ${date} to ${to} with subject \"${subject}\" has been " "acted upon. The sender does not wish to disclose more details to you than " "that." msgstr "" -"Laiškas išsiųstas ${date} adresu ${to} tema „${subject}“ buvo apdorotas. " -"Siuntėjas nenori atskleisti daugiau detalių apie veiksmą." +"Su laišku, kuris ${date} buvo išsiųstas adresu ${to} ir kurio tema " +"„${subject}“, buvo atlikti tam tikri veiksmai. Siuntėjas nenori jums " +"atskleisti išsamesnės informacijos." #: mdn.cpp:88 -#, fuzzy -#| msgid "" -#| "Generation of a Message Disposition Notification for the message sent on " -#| "${date} to ${to} with subject \"${subject}\" failed. Reason is given in " -#| "the Failure: header field below." msgctxt "DispositionModifier|" msgid "" "Generation of a Message Disposition Notification for the message sent on " "${date} to ${to} with subject \"${subject}\" failed. Reason is given in the " "Failure: header field below." msgstr "" -"Pranešimo apie laiško, išsiųsto ${date} adresu ${to} tema „${subject}“ " -"pristatymą generavimas nepavyko. Priežastis yra pateikta Nesėkmė: antraštės " -"lauke žemiau." +"Nepavyko sugeneruoti pranešimą apie laiško, kuris ${date} buvo išsiųstas " +"adresu ${to} ir kurio tema „${subject}“, pristatymą. Priežastis nurodyta " +"žemiau esančiame „Nesėkmė:“ antraštės lauke." #~ msgctxt "invalid time specified" #~ msgid "unknown" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kmime-26.04.0/src/headerparsing.cpp new/kmime-26.04.1/src/headerparsing.cpp --- old/kmime-26.04.0/src/headerparsing.cpp 2026-04-09 15:41:53.000000000 +0200 +++ new/kmime-26.04.1/src/headerparsing.cpp 2026-05-03 05:52:33.000000000 +0200 @@ -93,7 +93,8 @@ // QByteArrayView maybeLanguage(languageStart, scursor - languageStart); // extract charset information (keep in mind: the size given to the // ctor is one off due to the \0 terminator): - QByteArrayView maybeCharset(charsetStart, (languageStart ? languageStart - 1 : scursor) - charsetStart); + // harden this against null bytes in the input, Qt crashes on that + QByteArrayView maybeCharset(charsetStart, std::min<qsizetype>((languageStart ? languageStart - 1 : scursor) - charsetStart, std::strlen(charsetStart))); // // STEP 2:
