Hello community, here is the log from the commit of package kauth for openSUSE:Factory checked in at 2019-02-14 14:23:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kauth (Old) and /work/SRC/openSUSE:Factory/.kauth.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kauth" Thu Feb 14 14:23:24 2019 rev:67 rq:674218 version:5.55.0 Changes: -------- --- /work/SRC/openSUSE:Factory/kauth/kauth.changes 2019-01-21 10:18:56.466160244 +0100 +++ /work/SRC/openSUSE:Factory/.kauth.new.28833/kauth.changes 2019-02-14 14:23:29.999927217 +0100 @@ -1,0 +2,11 @@ +Sun Feb 10 22:03:00 UTC 2019 - [email protected] + +- Update to 5.55.0 + * New feature release + * For more details please see: + * https://www.kde.org/announcements/kde-frameworks-5.55.0.php +- Changes since 5.54.0: + * Remove support for passing gui QVariants to KAuth + helpers (bsc#1124863,CVE-2019-7443) + +------------------------------------------------------------------- Old: ---- kauth-5.54.0.tar.xz New: ---- kauth-5.55.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kauth.spec ++++++ --- /var/tmp/diff_new_pack.YDwQZb/_old 2019-02-14 14:23:30.647926910 +0100 +++ /var/tmp/diff_new_pack.YDwQZb/_new 2019-02-14 14:23:30.647926910 +0100 @@ -17,14 +17,14 @@ %define lname libKF5Auth5 -%define _tar_path 5.54 +%define _tar_path 5.55 # Full KF5 version (e.g. 5.33.0) %{!?_kf5_version: %global _kf5_version %{version}} # Last major and minor KF5 version (e.g. 5.33) %{!?_kf5_bugfix_version: %define _kf5_bugfix_version %(echo %{_kf5_version} | awk -F. '{print $1"."$2}')} %bcond_without lang Name: kauth -Version: 5.54.0 +Version: 5.55.0 Release: 0 Summary: Framework which lets applications perform actions as a privileged user License: LGPL-2.1-or-later ++++++ kauth-5.54.0.tar.xz -> kauth-5.55.0.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kauth-5.54.0/CMakeLists.txt new/kauth-5.55.0/CMakeLists.txt --- old/kauth-5.54.0/CMakeLists.txt 2019-01-06 21:18:44.000000000 +0100 +++ new/kauth-5.55.0/CMakeLists.txt 2019-02-03 00:53:35.000000000 +0100 @@ -1,17 +1,17 @@ cmake_minimum_required(VERSION 3.5) -set(KF5_VERSION "5.54.0") # handled by release scripts -set(KF5_DEP_VERSION "5.54.0") # handled by release scripts +set(KF5_VERSION "5.55.0") # handled by release scripts +set(KF5_DEP_VERSION "5.55.0") # handled by release scripts project(KAuth VERSION ${KF5_VERSION}) include(FeatureSummary) -find_package(ECM 5.54.0 NO_MODULE) +find_package(ECM 5.55.0 NO_MODULE) set_package_properties(ECM PROPERTIES TYPE REQUIRED DESCRIPTION "Extra CMake Modules." URL "https://projects.kde.org/projects/kdesupport/extra-cmake-modules";) feature_summary(WHAT REQUIRED_PACKAGES_NOT_FOUND FATAL_ON_MISSING_REQUIRED_PACKAGES) set(CMAKE_MODULE_PATH ${ECM_MODULE_PATH} ${ECM_KDE_MODULE_DIR}) -set(REQUIRED_QT_VERSION 5.9.0) +set(REQUIRED_QT_VERSION 5.10.0) find_package(Qt5 ${REQUIRED_QT_VERSION} CONFIG REQUIRED DBus) option(KAUTH_BUILD_CODEGENERATOR_ONLY "Only build the kauth-policy-gen code generator." OFF) if(NOT KAUTH_BUILD_CODEGENERATOR_ONLY) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kauth-5.54.0/po/ca/kauth5_qt.po new/kauth-5.55.0/po/ca/kauth5_qt.po --- old/kauth-5.54.0/po/ca/kauth5_qt.po 2019-01-06 21:18:44.000000000 +0100 +++ new/kauth-5.55.0/po/ca/kauth5_qt.po 2019-02-03 00:53:35.000000000 +0100 @@ -12,7 +12,7 @@ msgid "" msgstr "" "Project-Id-Version: kauth5_qt\n" -"Report-Msgid-Bugs-To: http://bugs.kde.org\n"; +"Report-Msgid-Bugs-To: https://bugs.kde.org\n"; "POT-Creation-Date: 2014-03-23 01:50+0000\n" "PO-Revision-Date: 2017-03-17 18:36+0100\n" "Last-Translator: Josep Ma. Ferrer <[email protected]>\n" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kauth-5.54.0/po/ca@valencia/kauth5_qt.po new/kauth-5.55.0/po/ca@valencia/kauth5_qt.po --- old/kauth-5.54.0/po/ca@valencia/kauth5_qt.po 2019-01-06 21:18:44.000000000 +0100 +++ new/kauth-5.55.0/po/ca@valencia/kauth5_qt.po 2019-02-03 00:53:35.000000000 +0100 @@ -12,7 +12,7 @@ msgid "" msgstr "" "Project-Id-Version: kauth5_qt\n" -"Report-Msgid-Bugs-To: http://bugs.kde.org\n"; +"Report-Msgid-Bugs-To: https://bugs.kde.org\n"; "POT-Creation-Date: 2014-03-23 01:50+0000\n" "PO-Revision-Date: 2017-03-17 18:36+0100\n" "Last-Translator: Josep Ma. Ferrer <[email protected]>\n" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kauth-5.54.0/po/sk/kauth5_qt.po new/kauth-5.55.0/po/sk/kauth5_qt.po --- old/kauth-5.54.0/po/sk/kauth5_qt.po 2019-01-06 21:18:44.000000000 +0100 +++ new/kauth-5.55.0/po/sk/kauth5_qt.po 2019-02-03 00:53:35.000000000 +0100 @@ -7,19 +7,20 @@ # Michal Sulek <[email protected]>, 2009, 2010, 2011. # Richard Frič <[email protected]>, 2011. # Roman Paholík <[email protected]>, 2012, 2013, 2014, 2016. +# Mthw <[email protected]>, 2019. msgid "" msgstr "" "Project-Id-Version: kdelibs4\n" "Report-Msgid-Bugs-To: http://bugs.kde.org\n"; "POT-Creation-Date: 2014-03-23 01:50+0000\n" -"PO-Revision-Date: 2016-11-04 21:50+0100\n" -"Last-Translator: Roman Paholik <[email protected]>\n" +"PO-Revision-Date: 2019-01-28 12:40+0100\n" +"Last-Translator: Mthw <[email protected]>\n" "Language-Team: Slovak <[email protected]>\n" "Language: sk\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"X-Generator: Lokalize 2.0\n" +"X-Generator: Lokalize 18.12.1\n" "Plural-Forms: nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;\n" "X-Qt-Contexts: true\n" @@ -37,7 +38,9 @@ msgid "" "DBus Backend error: connection to helper failed. %1\n" "(application: %2 helper: %3)" -msgstr "Chyba DBus: pripojenie na pomocníka zlyhalo. %1" +msgstr "" +"Chyba DBus: pripojenie na pomocníka zlyhalo. %1\n" +"(aplikácia: %2 pomocník: %3)" #: backends/dbus/DBusHelperProxy.cpp:119 #, qt-format diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kauth-5.54.0/po/zh_CN/kauth5_qt.po new/kauth-5.55.0/po/zh_CN/kauth5_qt.po --- old/kauth-5.54.0/po/zh_CN/kauth5_qt.po 2019-01-06 21:18:44.000000000 +0100 +++ new/kauth-5.55.0/po/zh_CN/kauth5_qt.po 2019-02-03 00:53:35.000000000 +0100 @@ -14,7 +14,7 @@ msgid "" msgstr "" "Project-Id-Version: kdeorg\n" -"PO-Revision-Date: 2019-01-05 20:42\n" +"PO-Revision-Date: 2019-01-27 22:57\n" "Last-Translator: guoyunhe <[email protected]>\n" "Language-Team: Chinese Simplified\n" "Language: zh_CN\n" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kauth-5.54.0/src/backends/dbus/DBusHelperProxy.cpp new/kauth-5.55.0/src/backends/dbus/DBusHelperProxy.cpp --- old/kauth-5.54.0/src/backends/dbus/DBusHelperProxy.cpp 2019-01-06 21:18:44.000000000 +0100 +++ new/kauth-5.55.0/src/backends/dbus/DBusHelperProxy.cpp 2019-02-03 00:53:35.000000000 +0100 @@ -31,6 +31,8 @@ #include "kf5authadaptor.h" #include "kauthdebug.h" +extern Q_CORE_EXPORT const QMetaTypeInterface *qMetaTypeGuiHelper; + namespace KAuth { @@ -229,10 +231,17 @@ return ActionReply::HelperBusyReply().serialized(); } + // Make sure we don't try restoring gui variants, in particular QImage/QPixmap/QIcon are super dangerous + // since they end up calling the image loaders and thus are a vector for crashing → executing code + auto origMetaTypeGuiHelper = qMetaTypeGuiHelper; + qMetaTypeGuiHelper = nullptr; + QVariantMap args; QDataStream s(&arguments, QIODevice::ReadOnly); s >> args; + qMetaTypeGuiHelper = origMetaTypeGuiHelper; + m_currentAction = action; emit remoteSignal(ActionStarted, action, QByteArray()); QEventLoop e; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kauth-5.54.0/src/kauthaction.h new/kauth-5.55.0/src/kauthaction.h --- old/kauth-5.54.0/src/kauthaction.h 2019-01-06 21:18:44.000000000 +0100 +++ new/kauth-5.55.0/src/kauthaction.h 2019-02-03 00:53:35.000000000 +0100 @@ -298,6 +298,8 @@ * This method sets the variant map that the application * can use to pass arbitrary data to the helper when executing the action. * + * Only non-gui variants are supported. + * * @param arguments The new arguments map */ void setArguments(const QVariantMap &arguments);
