Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package ksystemstats6 for openSUSE:Factory 
checked in at 2026-07-02 20:08:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ksystemstats6 (Old)
 and      /work/SRC/openSUSE:Factory/.ksystemstats6.new.1982 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "ksystemstats6"

Thu Jul  2 20:08:31 2026 rev:44 rq:1363498 version:6.7.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/ksystemstats6/ksystemstats6.changes      
2026-06-25 10:49:00.932362138 +0200
+++ /work/SRC/openSUSE:Factory/.ksystemstats6.new.1982/ksystemstats6.changes    
2026-07-02 20:11:00.232612584 +0200
@@ -1,0 +2,17 @@
+Wed Jul  1 21:50:36 UTC 2026 - Fabian Vogt <[email protected]>
+
+- Prepare for CAP_PERFMON on ksystemstats_intel_helper
+- Add patch for hardening (boo#1262779):
+  * 0001-Guard-ksystemstats_intel_helper-against-path-travers.patch
+- Remove workaroud for Leap 16, works meanwhile
+
+-------------------------------------------------------------------
+Tue Jun 30 20:12:18 UTC 2026 - Fabian Vogt <[email protected]>
+
+- Update to 6.7.2:
+  * New bugfix release
+  * For more details see https://kde.org/announcements/plasma/6/6.7.2
+- Changes since 6.7.1:
+  * Update version for new release 6.7.2
+
+-------------------------------------------------------------------

Old:
----
  ksystemstats-6.7.1.tar.xz
  ksystemstats-6.7.1.tar.xz.sig

New:
----
  0001-Guard-ksystemstats_intel_helper-against-path-travers.patch
  ksystemstats-6.7.2.tar.xz
  ksystemstats-6.7.2.tar.xz.sig

----------(New B)----------
  New:- Add patch for hardening (boo#1262779):
  * 0001-Guard-ksystemstats_intel_helper-against-path-travers.patch
- Remove workaroud for Leap 16, works meanwhile
----------(New E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ ksystemstats6.spec ++++++
--- /var/tmp/diff_new_pack.ZwfqIR/_old  2026-07-02 20:11:02.056675863 +0200
+++ /var/tmp/diff_new_pack.ZwfqIR/_new  2026-07-02 20:11:02.076676557 +0200
@@ -23,7 +23,7 @@
 %define rname ksystemstats
 %bcond_without released
 Name:           ksystemstats6
-Version:        6.7.1
+Version:        6.7.2
 Release:        0
 # Full Plasma 6 version (e.g. 6.0.0)
 %{!?_plasma6_bugfix: %define _plasma6_bugfix %{version}}
@@ -38,6 +38,8 @@
 Source1:        
https://download.kde.org/stable/plasma/%{version}/%{rname}-%{version}.tar.xz.sig
 Source2:        plasma.keyring
 %endif
+# PATCH-FIX-UPSTREAM 
https://invent.kde.org/plasma/ksystemstats/-/merge_requests/141
+Patch1:         0001-Guard-ksystemstats_intel_helper-against-path-travers.patch
 BuildRequires:  cmake >= 3.16
 # For %%check
 BuildRequires:  dbus-1
@@ -55,6 +57,9 @@
 BuildRequires:  cmake(Qt6Test) >= %{qt6_version}
 BuildRequires:  pkgconfig(libnl-3.0)
 BuildRequires:  pkgconfig(libudev)
+# For post and verifyscript
+Requires(post): permissions
+Requires(verify): permissions
 Conflicts:      ksysguard5 < 5.21.80
 Provides:       ksystemstats5 = %{version}
 Obsoletes:      ksystemstats5 < %{version}
@@ -91,11 +96,15 @@
 %{systemd_user_preun plasma-ksystemstats.service}
 
 %post
+%set_permissions %{_libexecdir}/ksystemstats_intel_helper
 %{systemd_user_post plasma-ksystemstats.service}
 
 %postun
 %{systemd_user_postun plasma-ksystemstats.service}
 
+%verifyscript
+%verify_permissions -e %{_libexecdir}/ksystemstats_intel_helper
+
 %files
 %license LICENSES/*
 %{_kf6_bindir}/ksystemstats
@@ -104,10 +113,7 @@
 %dir %{_kf6_plugindir}/ksystemstats/
 
%{_kf6_plugindir}/ksystemstats/ksystemstats_plugin_{cpu,disk,gpu,lmsensors,memory,network,osinfo,power,pressure}.so
 %{_kf6_sharedir}/dbus-1/services/org.kde.ksystemstats1.service
-# Leap 16 doesn't have /usr/include/drm/xe_drm.h, use a wildcard to fix build 
failure
-# The reason is that linux-glibc-headers there is missing the drm/ directory, 
so it's not
-# a pure version thing either.
-%{_libexecdir}/ksystemstats_*_helper
+%verify(not caps) %{_libexecdir}/ksystemstats_intel_helper
 %{_userunitdir}/plasma-ksystemstats.service
 
 %files lang -f %{name}.lang

++++++ 0001-Guard-ksystemstats_intel_helper-against-path-travers.patch ++++++
>From c1a96714560a804f93cb6caa0b38ee8e0973fd70 Mon Sep 17 00:00:00 2001
From: Fabian Vogt <[email protected]>
Date: Wed, 1 Jul 2026 23:52:11 +0200
Subject: [PATCH] Guard ksystemstats_intel_helper against path traversal

Reject any slashes in the given argument.

Authored-by: Matthias Gerstner <[email protected]>
---
 plugins/gpu/IntelHelper.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/plugins/gpu/IntelHelper.cpp b/plugins/gpu/IntelHelper.cpp
index 807a8a3..34f1309 100644
--- a/plugins/gpu/IntelHelper.cpp
+++ b/plugins/gpu/IntelHelper.cpp
@@ -118,6 +118,10 @@ std::filesystem::path deviceDirectory(std::string_view 
pciId)
 int main(int argc, char **argv)
 {
     const char *requestedDevice = argc > 1 ? argv[1] : igpuPciId;
+    if (std::string_view{requestedDevice}.find('/') != std::string_view::npos) 
{
+        std::cerr << "Illegal characters found in '" << requestedDevice << 
"'\n";
+        exit(1);
+    }
     const auto deviceDir = deviceDirectory(requestedDevice);
     if (!(std::filesystem::exists(deviceDir) && 
std::filesystem::is_directory(deviceDir))) {
         std::cerr << "Device directory " << deviceDir << " does not exist\n";
-- 
2.54.0


++++++ ksystemstats-6.7.1.tar.xz -> ksystemstats-6.7.2.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ksystemstats-6.7.1/CMakeLists.txt 
new/ksystemstats-6.7.2/CMakeLists.txt
--- old/ksystemstats-6.7.1/CMakeLists.txt       2026-06-23 10:12:09.000000000 
+0200
+++ new/ksystemstats-6.7.2/CMakeLists.txt       2026-06-30 14:30:49.000000000 
+0200
@@ -3,7 +3,7 @@
 
 cmake_minimum_required(VERSION 3.16)
 
-set(PROJECT_VERSION "6.7.1")
+set(PROJECT_VERSION "6.7.2")
 project(ksystemstats VERSION ${PROJECT_VERSION})
 
 set(PROJECT_DEP_VERSION "6.7.0")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/ksystemstats-6.7.1/po/nn/ksystemstats_plugins.po 
new/ksystemstats-6.7.2/po/nn/ksystemstats_plugins.po
--- old/ksystemstats-6.7.1/po/nn/ksystemstats_plugins.po        2026-06-23 
10:12:09.000000000 +0200
+++ new/ksystemstats-6.7.2/po/nn/ksystemstats_plugins.po        2026-06-30 
14:30:49.000000000 +0200
@@ -1,13 +1,12 @@
 # Translation of ksystemstats_plugins to Norwegian Nynorsk
 #
-# Karl Ove Hufthammer <[email protected]>, 2021, 2022.
 # Øystein Steffensen-Alværvik <[email protected]>, 2022.
 msgid ""
 msgstr ""
 "Project-Id-Version: ksysguard\n"
 "Report-Msgid-Bugs-To: https://bugs.kde.org\n";
 "POT-Creation-Date: 2026-04-09 00:46+0000\n"
-"PO-Revision-Date: 2022-10-30 09:55+0100\n"
+"PO-Revision-Date: 2026-06-23 18:23+0200\n"
 "Last-Translator: Karl Ove Hufthammer <[email protected]>\n"
 "Language-Team: Norwegian Nynorsk <[email protected]>\n"
 "Language: nn\n"
@@ -15,7 +14,7 @@
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=n != 1;\n"
-"X-Generator: Lokalize 22.08.2\n"
+"X-Generator: Lokalize 26.07.70\n"
 "X-Environment: kde\n"
 "X-Accelerator-Marker: &\n"
 "X-Text-Markup: kde4\n"
@@ -52,10 +51,10 @@
 msgstr "System"
 
 #: cpu/cpu.cpp:46
-#, fuzzy, kde-format
+#, kde-format
 msgctxt "@title, Short for '%1 System Usage'"
 msgid "%1 System"
-msgstr "System"
+msgstr "%1-system"
 
 #: cpu/cpu.cpp:52
 #, kde-format
@@ -70,10 +69,10 @@
 msgstr "Brukar"
 
 #: cpu/cpu.cpp:53
-#, fuzzy, kde-format
+#, kde-format
 msgctxt "@title, Short for '%1 User Usage'"
 msgid "%1 User"
-msgstr "Brukar"
+msgstr "%1-brukar"
 
 #: cpu/cpu.cpp:59
 #, kde-format
@@ -88,10 +87,10 @@
 msgstr "Venting"
 
 #: cpu/cpu.cpp:60
-#, fuzzy, kde-format
+#, kde-format
 msgctxt "@title, Short for '%1 Wait Load'"
 msgid "%1 Wait"
-msgstr "Venting"
+msgstr "%1-venting"
 
 #: cpu/cpu.cpp:85
 #, kde-format
@@ -524,12 +523,10 @@
 msgstr "Grafikkprosessor"
 
 #: gpu/LinuxIntelGpu.cpp:40
-#, fuzzy, kde-format
-#| msgctxt "@title"
-#| msgid "User Usage"
+#, kde-format
 msgctxt "@title"
 msgid "Video Usage"
-msgstr "Brukarbruk"
+msgstr "Videobruk"
 
 #: lmsensors/lmsensors.cpp:22
 #, kde-format
@@ -1124,13 +1121,13 @@
 #, kde-format
 msgctxt "@title"
 msgid "Pressure"
-msgstr ""
+msgstr "Trykk"
 
 #: pressure/pressure.cpp:136
-#, fuzzy, kde-format
+#, kde-format
 msgctxt "@title"
 msgid "Memory Pressure"
-msgstr "Minnefrekvens"
+msgstr "Minnetrykk"
 
 #: pressure/pressure.cpp:137 pressure/pressure.cpp:165
 #: pressure/pressure.cpp:195

Reply via email to