Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ksystemstats6 for openSUSE:Factory checked in at 2026-07-02 20:08:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ksystemstats6 (Old) and /work/SRC/openSUSE:Factory/.ksystemstats6.new.1982 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ksystemstats6" Thu Jul 2 20:08:31 2026 rev:44 rq:1363498 version:6.7.2 Changes: -------- --- /work/SRC/openSUSE:Factory/ksystemstats6/ksystemstats6.changes 2026-06-25 10:49:00.932362138 +0200 +++ /work/SRC/openSUSE:Factory/.ksystemstats6.new.1982/ksystemstats6.changes 2026-07-02 20:11:00.232612584 +0200 @@ -1,0 +2,17 @@ +Wed Jul 1 21:50:36 UTC 2026 - Fabian Vogt <[email protected]> + +- Prepare for CAP_PERFMON on ksystemstats_intel_helper +- Add patch for hardening (boo#1262779): + * 0001-Guard-ksystemstats_intel_helper-against-path-travers.patch +- Remove workaroud for Leap 16, works meanwhile + +------------------------------------------------------------------- +Tue Jun 30 20:12:18 UTC 2026 - Fabian Vogt <[email protected]> + +- Update to 6.7.2: + * New bugfix release + * For more details see https://kde.org/announcements/plasma/6/6.7.2 +- Changes since 6.7.1: + * Update version for new release 6.7.2 + +------------------------------------------------------------------- Old: ---- ksystemstats-6.7.1.tar.xz ksystemstats-6.7.1.tar.xz.sig New: ---- 0001-Guard-ksystemstats_intel_helper-against-path-travers.patch ksystemstats-6.7.2.tar.xz ksystemstats-6.7.2.tar.xz.sig ----------(New B)---------- New:- Add patch for hardening (boo#1262779): * 0001-Guard-ksystemstats_intel_helper-against-path-travers.patch - Remove workaroud for Leap 16, works meanwhile ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ksystemstats6.spec ++++++ --- /var/tmp/diff_new_pack.ZwfqIR/_old 2026-07-02 20:11:02.056675863 +0200 +++ /var/tmp/diff_new_pack.ZwfqIR/_new 2026-07-02 20:11:02.076676557 +0200 @@ -23,7 +23,7 @@ %define rname ksystemstats %bcond_without released Name: ksystemstats6 -Version: 6.7.1 +Version: 6.7.2 Release: 0 # Full Plasma 6 version (e.g. 6.0.0) %{!?_plasma6_bugfix: %define _plasma6_bugfix %{version}} @@ -38,6 +38,8 @@ Source1: https://download.kde.org/stable/plasma/%{version}/%{rname}-%{version}.tar.xz.sig Source2: plasma.keyring %endif +# PATCH-FIX-UPSTREAM https://invent.kde.org/plasma/ksystemstats/-/merge_requests/141 +Patch1: 0001-Guard-ksystemstats_intel_helper-against-path-travers.patch BuildRequires: cmake >= 3.16 # For %%check BuildRequires: dbus-1 @@ -55,6 +57,9 @@ BuildRequires: cmake(Qt6Test) >= %{qt6_version} BuildRequires: pkgconfig(libnl-3.0) BuildRequires: pkgconfig(libudev) +# For post and verifyscript +Requires(post): permissions +Requires(verify): permissions Conflicts: ksysguard5 < 5.21.80 Provides: ksystemstats5 = %{version} Obsoletes: ksystemstats5 < %{version} @@ -91,11 +96,15 @@ %{systemd_user_preun plasma-ksystemstats.service} %post +%set_permissions %{_libexecdir}/ksystemstats_intel_helper %{systemd_user_post plasma-ksystemstats.service} %postun %{systemd_user_postun plasma-ksystemstats.service} +%verifyscript +%verify_permissions -e %{_libexecdir}/ksystemstats_intel_helper + %files %license LICENSES/* %{_kf6_bindir}/ksystemstats @@ -104,10 +113,7 @@ %dir %{_kf6_plugindir}/ksystemstats/ %{_kf6_plugindir}/ksystemstats/ksystemstats_plugin_{cpu,disk,gpu,lmsensors,memory,network,osinfo,power,pressure}.so %{_kf6_sharedir}/dbus-1/services/org.kde.ksystemstats1.service -# Leap 16 doesn't have /usr/include/drm/xe_drm.h, use a wildcard to fix build failure -# The reason is that linux-glibc-headers there is missing the drm/ directory, so it's not -# a pure version thing either. -%{_libexecdir}/ksystemstats_*_helper +%verify(not caps) %{_libexecdir}/ksystemstats_intel_helper %{_userunitdir}/plasma-ksystemstats.service %files lang -f %{name}.lang ++++++ 0001-Guard-ksystemstats_intel_helper-against-path-travers.patch ++++++ >From c1a96714560a804f93cb6caa0b38ee8e0973fd70 Mon Sep 17 00:00:00 2001 From: Fabian Vogt <[email protected]> Date: Wed, 1 Jul 2026 23:52:11 +0200 Subject: [PATCH] Guard ksystemstats_intel_helper against path traversal Reject any slashes in the given argument. Authored-by: Matthias Gerstner <[email protected]> --- plugins/gpu/IntelHelper.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/plugins/gpu/IntelHelper.cpp b/plugins/gpu/IntelHelper.cpp index 807a8a3..34f1309 100644 --- a/plugins/gpu/IntelHelper.cpp +++ b/plugins/gpu/IntelHelper.cpp @@ -118,6 +118,10 @@ std::filesystem::path deviceDirectory(std::string_view pciId) int main(int argc, char **argv) { const char *requestedDevice = argc > 1 ? argv[1] : igpuPciId; + if (std::string_view{requestedDevice}.find('/') != std::string_view::npos) { + std::cerr << "Illegal characters found in '" << requestedDevice << "'\n"; + exit(1); + } const auto deviceDir = deviceDirectory(requestedDevice); if (!(std::filesystem::exists(deviceDir) && std::filesystem::is_directory(deviceDir))) { std::cerr << "Device directory " << deviceDir << " does not exist\n"; -- 2.54.0 ++++++ ksystemstats-6.7.1.tar.xz -> ksystemstats-6.7.2.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ksystemstats-6.7.1/CMakeLists.txt new/ksystemstats-6.7.2/CMakeLists.txt --- old/ksystemstats-6.7.1/CMakeLists.txt 2026-06-23 10:12:09.000000000 +0200 +++ new/ksystemstats-6.7.2/CMakeLists.txt 2026-06-30 14:30:49.000000000 +0200 @@ -3,7 +3,7 @@ cmake_minimum_required(VERSION 3.16) -set(PROJECT_VERSION "6.7.1") +set(PROJECT_VERSION "6.7.2") project(ksystemstats VERSION ${PROJECT_VERSION}) set(PROJECT_DEP_VERSION "6.7.0") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ksystemstats-6.7.1/po/nn/ksystemstats_plugins.po new/ksystemstats-6.7.2/po/nn/ksystemstats_plugins.po --- old/ksystemstats-6.7.1/po/nn/ksystemstats_plugins.po 2026-06-23 10:12:09.000000000 +0200 +++ new/ksystemstats-6.7.2/po/nn/ksystemstats_plugins.po 2026-06-30 14:30:49.000000000 +0200 @@ -1,13 +1,12 @@ # Translation of ksystemstats_plugins to Norwegian Nynorsk # -# Karl Ove Hufthammer <[email protected]>, 2021, 2022. # Øystein Steffensen-Alværvik <[email protected]>, 2022. msgid "" msgstr "" "Project-Id-Version: ksysguard\n" "Report-Msgid-Bugs-To: https://bugs.kde.org\n" "POT-Creation-Date: 2026-04-09 00:46+0000\n" -"PO-Revision-Date: 2022-10-30 09:55+0100\n" +"PO-Revision-Date: 2026-06-23 18:23+0200\n" "Last-Translator: Karl Ove Hufthammer <[email protected]>\n" "Language-Team: Norwegian Nynorsk <[email protected]>\n" "Language: nn\n" @@ -15,7 +14,7 @@ "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" -"X-Generator: Lokalize 22.08.2\n" +"X-Generator: Lokalize 26.07.70\n" "X-Environment: kde\n" "X-Accelerator-Marker: &\n" "X-Text-Markup: kde4\n" @@ -52,10 +51,10 @@ msgstr "System" #: cpu/cpu.cpp:46 -#, fuzzy, kde-format +#, kde-format msgctxt "@title, Short for '%1 System Usage'" msgid "%1 System" -msgstr "System" +msgstr "%1-system" #: cpu/cpu.cpp:52 #, kde-format @@ -70,10 +69,10 @@ msgstr "Brukar" #: cpu/cpu.cpp:53 -#, fuzzy, kde-format +#, kde-format msgctxt "@title, Short for '%1 User Usage'" msgid "%1 User" -msgstr "Brukar" +msgstr "%1-brukar" #: cpu/cpu.cpp:59 #, kde-format @@ -88,10 +87,10 @@ msgstr "Venting" #: cpu/cpu.cpp:60 -#, fuzzy, kde-format +#, kde-format msgctxt "@title, Short for '%1 Wait Load'" msgid "%1 Wait" -msgstr "Venting" +msgstr "%1-venting" #: cpu/cpu.cpp:85 #, kde-format @@ -524,12 +523,10 @@ msgstr "Grafikkprosessor" #: gpu/LinuxIntelGpu.cpp:40 -#, fuzzy, kde-format -#| msgctxt "@title" -#| msgid "User Usage" +#, kde-format msgctxt "@title" msgid "Video Usage" -msgstr "Brukarbruk" +msgstr "Videobruk" #: lmsensors/lmsensors.cpp:22 #, kde-format @@ -1124,13 +1121,13 @@ #, kde-format msgctxt "@title" msgid "Pressure" -msgstr "" +msgstr "Trykk" #: pressure/pressure.cpp:136 -#, fuzzy, kde-format +#, kde-format msgctxt "@title" msgid "Memory Pressure" -msgstr "Minnefrekvens" +msgstr "Minnetrykk" #: pressure/pressure.cpp:137 pressure/pressure.cpp:165 #: pressure/pressure.cpp:195
