Hello community, here is the log from the commit of package karchive for openSUSE:Factory checked in at 2019-08-19 21:01:21 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/karchive (Old) and /work/SRC/openSUSE:Factory/.karchive.new.22127 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "karchive" Mon Aug 19 21:01:21 2019 rev:69 rq:722444 version:5.61.0 Changes: -------- --- /work/SRC/openSUSE:Factory/karchive/karchive.changes 2019-07-26 12:10:09.098852649 +0200 +++ /work/SRC/openSUSE:Factory/.karchive.new.22127/karchive.changes 2019-08-19 21:03:41.564908274 +0200 @@ -1,0 +2,20 @@ +Wed Aug 7 17:51:07 UTC 2019 - Christophe Giboudeaux <[email protected]> + +- Update to 5.61.0 + * New feature release + * For more details please see: + * https://www.kde.org/announcements/kde-frameworks-5.61.0.php +- Changes since 5.60.0: + * KTar::openArchive: Don't assert if file has two root dirs + * KZip::openArchive: Don't assert when opening broken files + * KZip::openArchive: turn assert into if+return false + * KTar::openArchive: Remove "bad" assert + * KZip::openArchive: Remove "bad" assert + * KZip::openArchive: Return false instead of asserting in broken files + +------------------------------------------------------------------- +Fri Jul 19 11:38:24 UTC 2019 - Wolfgang Bauer <[email protected]> + +- Don't lower minimum Qt version anymore, it requires 5.11 now + +------------------------------------------------------------------- Old: ---- karchive-5.60.0.tar.xz New: ---- frameworks.keyring karchive-5.61.0.tar.xz karchive-5.61.0.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ karchive.spec ++++++ --- /var/tmp/diff_new_pack.wmk1GA/_old 2019-08-19 21:03:44.280907834 +0200 +++ /var/tmp/diff_new_pack.wmk1GA/_new 2019-08-19 21:03:44.284907834 +0200 @@ -17,20 +17,26 @@ %define lname libKF5Archive5 -%define _tar_path 5.60 +%define _tar_path 5.61 # Full KF5 version (e.g. 5.33.0) %{!?_kf5_version: %global _kf5_version %{version}} # Last major and minor KF5 version (e.g. 5.33) %{!?_kf5_bugfix_version: %define _kf5_bugfix_version %(echo %{_kf5_version} | awk -F. '{print $1"."$2}')} +# Only needed for the package signature condition +%bcond_without lang Name: karchive -Version: 5.60.0 +Version: 5.61.0 Release: 0 Summary: Qt 5 addon providing access to numerous types of archives License: LGPL-2.1-or-later Group: System/GUI/KDE URL: https://www.kde.org -Source: http://download.kde.org/stable/frameworks/%{_tar_path}/%{name}-%{version}.tar.xz -Source1: baselibs.conf +Source: https://download.kde.org/stable/frameworks/%{_tar_path}/%{name}-%{version}.tar.xz +%if %{with lang} +Source1: https://download.kde.org/stable/frameworks/%{_tar_path}/%{name}-%{version}.tar.xz.sig +Source2: frameworks.keyring +%endif +Source99: baselibs.conf BuildRequires: cmake >= 3.0 BuildRequires: extra-cmake-modules >= %{_kf5_bugfix_version} BuildRequires: fdupes @@ -76,9 +82,6 @@ %prep %setup -q -%if 0%{?suse_version} == 1500 -sed -i -e "s/^set *(REQUIRED_QT_VERSION 5.10.0)$/set(REQUIRED_QT_VERSION 5.9.0)/" CMakeLists.txt -%endif %build %cmake_kf5 -d build ++++++ karchive-5.60.0.tar.xz -> karchive-5.61.0.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/karchive-5.60.0/CMakeLists.txt new/karchive-5.61.0/CMakeLists.txt --- old/karchive-5.60.0/CMakeLists.txt 2019-07-06 15:13:25.000000000 +0200 +++ new/karchive-5.61.0/CMakeLists.txt 2019-08-03 21:30:51.000000000 +0200 @@ -1,15 +1,15 @@ cmake_minimum_required(VERSION 3.5) -set(KF5_VERSION "5.60.0") # handled by release scripts +set(KF5_VERSION "5.61.0") # handled by release scripts project(KArchive VERSION ${KF5_VERSION}) include(FeatureSummary) -find_package(ECM 5.60.0 NO_MODULE) +find_package(ECM 5.61.0 NO_MODULE) set_package_properties(ECM PROPERTIES TYPE REQUIRED DESCRIPTION "Extra CMake Modules." URL "https://projects.kde.org/projects/kdesupport/extra-cmake-modules";) feature_summary(WHAT REQUIRED_PACKAGES_NOT_FOUND FATAL_ON_MISSING_REQUIRED_PACKAGES) -set(CMAKE_MODULE_PATH ${ECM_MODULE_PATH} ${ECM_KDE_MODULE_DIR}) +set(CMAKE_MODULE_PATH ${ECM_MODULE_PATH}) include(KDEInstallDirs) include(KDEFrameworkCompilerSettings NO_POLICY_SCOPE) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/karchive-5.60.0/src/karchive_p.h new/karchive-5.61.0/src/karchive_p.h --- old/karchive-5.60.0/src/karchive_p.h 2019-07-06 15:13:25.000000000 +0200 +++ new/karchive-5.61.0/src/karchive_p.h 2019-08-03 21:30:51.000000000 +0200 @@ -48,6 +48,11 @@ KArchivePrivate(const KArchivePrivate &) = delete; KArchivePrivate &operator=(const KArchivePrivate &) = delete; + static bool hasRootDir(KArchive *archive) + { + return archive->d->rootDir; + } + void abortWriting(); static QDateTime time_tToDateTime(uint time_t); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/karchive-5.60.0/src/ktar.cpp new/karchive-5.61.0/src/ktar.cpp --- old/karchive-5.60.0/src/ktar.cpp 2019-07-06 15:13:25.000000000 +0200 +++ new/karchive-5.61.0/src/ktar.cpp 2019-08-03 21:30:51.000000000 +0200 @@ -512,9 +512,13 @@ if (pos == -1) { if (nm == QLatin1String(".")) { // special case - Q_ASSERT(isdir); if (isdir) { - setRootDir(static_cast<KArchiveDirectory *>(e)); + if (KArchivePrivate::hasRootDir(this)) { + qWarning() << "Broken tar file has two root dir entries"; + delete e; + } else { + setRootDir(static_cast<KArchiveDirectory *>(e)); + } } else { delete e; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/karchive-5.60.0/src/kzip.cpp new/karchive-5.61.0/src/kzip.cpp --- old/karchive-5.60.0/src/kzip.cpp 2019-07-06 15:13:25.000000000 +0200 +++ new/karchive-5.61.0/src/kzip.cpp 2019-08-03 21:30:51.000000000 +0200 @@ -509,7 +509,10 @@ */ // read fileName - Q_ASSERT(namelen > 0); + if (namelen <= 0) { + setErrorString(tr("Invalid ZIP file. Negative name length")); + return false; + } QByteArray fileName = dev->read(namelen); if (fileName.size() < namelen) { setErrorString(tr("Invalid ZIP file. Name not completely read (#2)")); @@ -574,9 +577,11 @@ foundSignature = true; } else { // qCDebug(KArchiveLog) << "before interesting dev->pos(): " << dev->pos(); - bool success = dev->seek(dev->pos() + compr_size); // can this fail ??? - Q_UNUSED(success); // prevent warning in release builds. - Q_ASSERT(success); // let's see... + const bool success = dev->seek(dev->pos() + compr_size); + if (!success) { + setErrorString(tr("Could not seek to file compressed size")); + return false; + } /* qCDebug(KArchiveLog) << "after interesting dev->pos(): " << dev->pos(); if (success) qCDebug(KArchiveLog) << "dev->at was successful... "; @@ -634,7 +639,10 @@ //qCDebug(KArchiveLog) << "general purpose flag=" << gpf; // length of the fileName (well, pathname indeed) int namelen = (uchar)buffer[29] << 8 | (uchar)buffer[28]; - Q_ASSERT(namelen > 0); + if (namelen <= 0) { + setErrorString(tr("Invalid ZIP file, file path name length smaller or equal to zero")); + return false; + } QByteArray bufferName = dev->read(namelen); if (bufferName.size() < namelen) { //qCWarning(KArchiveLog) << "Invalid ZIP file. Name not completely read"; @@ -713,7 +721,6 @@ } else { entryName = name.mid(pos + 1); } - Q_ASSERT(!entryName.isEmpty()); if (entryName.isEmpty()) { setErrorString(tr("Invalid ZIP file, found empty entry name")); return false; @@ -767,8 +774,7 @@ //calculate offset to next entry offset += 46 + commlen + extralen + namelen; - bool b = dev->seek(offset); - Q_ASSERT(b); + const bool b = dev->seek(offset); if (!b) { setErrorString(tr("Could not seek to next entry")); return false;
