Hello community, here is the log from the commit of package kconfig for openSUSE:Factory checked in at 2019-08-19 21:02:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kconfig (Old) and /work/SRC/openSUSE:Factory/.kconfig.new.22127 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kconfig" Mon Aug 19 21:02:16 2019 rev:73 rq:722450 version:5.61.0 Changes: -------- --- /work/SRC/openSUSE:Factory/kconfig/kconfig.changes 2019-08-09 16:51:09.137500043 +0200 +++ /work/SRC/openSUSE:Factory/.kconfig.new.22127/kconfig.changes 2019-08-19 21:04:22.708901608 +0200 @@ -1,0 +2,12 @@ +Wed Aug 7 17:51:12 UTC 2019 - Christophe Giboudeaux <christo...@krop.fr> + +- Update to 5.61.0 + * New feature release + * For more details please see: + * https://www.kde.org/announcements/kde-frameworks-5.61.0.php +- Changes since 5.60.0: + * Include definition for class used in header + * Security: remove support for $(...) in config keys with [$e] marker. (CVE-2019-14744) +- Drop 0001-Security-remove-support-for-.-in-config-keys-with-e-.patch + +------------------------------------------------------------------- @@ -4 +16 @@ -- Add patch to drop involuntary command execution (boo#1144600): +- Add patch to drop involuntary command execution (boo#1144600, CVE-2019-14744): @@ -5,0 +18,5 @@ + +------------------------------------------------------------------- +Fri Jul 19 11:39:09 UTC 2019 - Wolfgang Bauer <wba...@tmo.at> + +- Don't lower minimum Qt version anymore, it requires 5.11 now Old: ---- 0001-Security-remove-support-for-.-in-config-keys-with-e-.patch kconfig-5.60.0.tar.xz New: ---- frameworks.keyring kconfig-5.61.0.tar.xz kconfig-5.61.0.tar.xz.sig ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kconfig.spec ++++++ --- /var/tmp/diff_new_pack.sTdHpS/_old 2019-08-19 21:04:23.088901547 +0200 +++ /var/tmp/diff_new_pack.sTdHpS/_new 2019-08-19 21:04:23.088901547 +0200 @@ -17,25 +17,27 @@ %define sonum 5 -%define _tar_path 5.60 +%define _tar_path 5.61 # Full KF5 version (e.g. 5.33.0) %{!?_kf5_version: %global _kf5_version %{version}} # Last major and minor KF5 version (e.g. 5.33) %{!?_kf5_bugfix_version: %define _kf5_bugfix_version %(echo %{_kf5_version} | awk -F. '{print $1"."$2}')} %bcond_without lang Name: kconfig -Version: 5.60.0 +Version: 5.61.0 Release: 0 Summary: Advanced configuration system License: LGPL-2.1-or-later AND GPL-2.0-or-later Group: System/GUI/KDE URL: https://www.kde.org -Source: http://download.kde.org/stable/frameworks/%{_tar_path}/%{name}-%{version}.tar.xz -Source1: baselibs.conf +Source: https://download.kde.org/stable/frameworks/%{_tar_path}/%{name}-%{version}.tar.xz +%if %{with lang} +Source1: https://download.kde.org/stable/frameworks/%{_tar_path}/%{name}-%{version}.tar.xz.sig +Source2: frameworks.keyring +%endif +Source99: baselibs.conf # PATCH-FEATURE-OPENSUSE Patch0: kconfig-desktop-translations.patch -# PATCH-FIX-UPSTREAM -Patch1: 0001-Security-remove-support-for-.-in-config-keys-with-e-.patch BuildRequires: cmake >= 3.0 BuildRequires: extra-cmake-modules >= %{_kf5_bugfix_version} BuildRequires: fdupes @@ -129,12 +131,7 @@ %lang_package -n libKF5ConfigCore%{sonum} %prep -%setup -q -%patch0 -p1 -%patch1 -p1 -%if 0%{?suse_version} == 1500 -sed -i -e "s/^set *(REQUIRED_QT_VERSION 5.10.0)$/set(REQUIRED_QT_VERSION 5.9.0)/" CMakeLists.txt -%endif +%autosetup -p1 %build %cmake_kf5 -d build -- -Dlconvert_executable=%{_kf5_libdir}/qt5/bin/lconvert ++++++ kconfig-5.60.0.tar.xz -> kconfig-5.61.0.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kconfig-5.60.0/CMakeLists.txt new/kconfig-5.61.0/CMakeLists.txt --- old/kconfig-5.60.0/CMakeLists.txt 2019-07-07 20:31:29.000000000 +0200 +++ new/kconfig-5.61.0/CMakeLists.txt 2019-08-07 22:04:08.000000000 +0200 @@ -1,14 +1,14 @@ cmake_minimum_required(VERSION 3.5) -set(KF5_VERSION "5.60.0") # handled by release scripts +set(KF5_VERSION "5.61.0") # handled by release scripts project(KConfig VERSION ${KF5_VERSION}) include(FeatureSummary) -find_package(ECM 5.60.0 NO_MODULE) +find_package(ECM 5.61.0 NO_MODULE) set_package_properties(ECM PROPERTIES TYPE REQUIRED DESCRIPTION "Extra CMake Modules." URL "https://projects.kde.org/projects/kdesupport/extra-cmake-modules") feature_summary(WHAT REQUIRED_PACKAGES_NOT_FOUND FATAL_ON_MISSING_REQUIRED_PACKAGES) -set(CMAKE_MODULE_PATH ${ECM_MODULE_PATH} ${ECM_KDE_MODULE_DIR}) +set(CMAKE_MODULE_PATH ${ECM_MODULE_PATH}) set(REQUIRED_QT_VERSION 5.11.0) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kconfig-5.60.0/autotests/kconfigtest.cpp new/kconfig-5.61.0/autotests/kconfigtest.cpp --- old/kconfig-5.60.0/autotests/kconfigtest.cpp 2019-07-07 20:31:29.000000000 +0200 +++ new/kconfig-5.61.0/autotests/kconfigtest.cpp 2019-08-07 22:04:08.000000000 +0200 @@ -38,7 +38,7 @@ #include <utime.h> #endif #ifndef Q_OS_WIN -#include <unistd.h> // gethostname +#include <unistd.h> // getuid #endif KCONFIGGROUP_DECLARE_ENUM_QOBJECT(KConfigTest, Testing) @@ -546,14 +546,8 @@ QCOMPARE(group.readPathEntry("withBraces", QString()), QString("file://" + HOMEPATH)); QVERIFY(group.hasKey("URL")); QCOMPARE(group.readEntry("URL", QString()), QString("file://" + HOMEPATH)); -#if !defined(Q_OS_WIN32) && !defined(Q_OS_MAC) - // I don't know if this will work on windows - // This test hangs on OS X QVERIFY(group.hasKey("hostname")); - char hostname[256]; - QVERIFY(::gethostname(hostname, sizeof(hostname)) == 0); - QCOMPARE(group.readEntry("hostname", QString()), QString::fromLatin1(hostname)); -#endif + QCOMPARE(group.readEntry("hostname", QString()), QStringLiteral("(hostname)")); // the $ got removed because empty var name QVERIFY(group.hasKey("noeol")); QCOMPARE(group.readEntry("noeol", QString()), QString("foo")); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kconfig-5.60.0/docs/options.md new/kconfig-5.61.0/docs/options.md --- old/kconfig-5.60.0/docs/options.md 2019-07-07 20:31:29.000000000 +0200 +++ new/kconfig-5.61.0/docs/options.md 2019-08-07 22:04:08.000000000 +0200 @@ -67,18 +67,15 @@ Shell Expansion --------------- -If an entry is marked with `$e`, environment variables and shell commands will -be expanded. +If an entry is marked with `$e`, environment variables will be expanded. Name[$e]=$USER - Host[$e]=$(hostname) When the "Name" entry is read `$USER` will be replaced with the value of the -`$USER` environment variable, and `$(hostname)` will be replaced with the output -of the `hostname` command. +`$USER` environment variable. -Note that the application will replace `$USER` and `$(hostname)` with their -respective expanded values after saving. To prevent this combine the `$e` option +Note that the application will replace `$USER` with its +expanded value after saving. To prevent this combine the `$e` option with `$i` (immmutable) option. For example: Name[$ei]=$USER diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kconfig-5.60.0/po/gl/kconfig5_qt.po new/kconfig-5.61.0/po/gl/kconfig5_qt.po --- old/kconfig-5.60.0/po/gl/kconfig5_qt.po 2019-07-07 20:31:29.000000000 +0200 +++ new/kconfig-5.61.0/po/gl/kconfig5_qt.po 2019-08-07 22:04:08.000000000 +0200 @@ -19,11 +19,7 @@ "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" -"X-Generator: Lokalize 18.12.2\n" "Plural-Forms: nplurals=2; plural=n != 1;\n" -"X-Environment: kde\n" -"X-Accelerator-Marker: &\n" -"X-Text-Markup: kde4\n" "X-Qt-Contexts: true\n" #: core/kconfig.cpp:959 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kconfig-5.60.0/po/id/kconfig5_qt.po new/kconfig-5.61.0/po/id/kconfig5_qt.po --- old/kconfig-5.60.0/po/id/kconfig5_qt.po 2019-07-07 20:31:29.000000000 +0200 +++ new/kconfig-5.61.0/po/id/kconfig5_qt.po 2019-08-07 22:04:08.000000000 +0200 @@ -10,7 +10,7 @@ "Project-Id-Version: kwriteconfig\n" "Report-Msgid-Bugs-To: http://bugs.kde.org\n" "POT-Creation-Date: 2014-04-11 02:17+0000\n" -"PO-Revision-Date: 2019-05-20 20:16+0700\n" +"PO-Revision-Date: 2019-07-23 19:30+0700\n" "Last-Translator: Wantoyo <wanto...@gmail.com>\n" "Language-Team: Indonesian <kde-i18n-...@kde.org>\n" "Language: id\n" @@ -18,7 +18,7 @@ "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Plural-Forms: nplurals=2; plural=(n != 1);\n" -"X-Generator: Lokalize 18.12.3\n" +"X-Generator: Lokalize 19.04.3\n" "X-Qt-Contexts: true\n" #: core/kconfig.cpp:959 @@ -366,7 +366,7 @@ #: gui/kstandardshortcut.cpp:154 msgctxt "KStandardShortcut|@action" msgid "Spelling" -msgstr "Pengeja" +msgstr "Pengejaan" #: gui/kstandardshortcut.cpp:155 msgctxt "KStandardShortcut|@action" @@ -475,7 +475,7 @@ #: kconf_update/kconf_update.cpp:949 msgctxt "main|" msgid "File(s) to read update instructions from" -msgstr "File untuk membaca instruksi update dari" +msgstr "File untuk membaca instruksi pembaruan dari" #: kconfig_compiler/kconfig_compiler.cpp:1580 msgctxt "main|" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kconfig-5.60.0/po/zh_CN/kconfig5_qt.po new/kconfig-5.61.0/po/zh_CN/kconfig5_qt.po --- old/kconfig-5.60.0/po/zh_CN/kconfig5_qt.po 2019-07-07 20:31:29.000000000 +0200 +++ new/kconfig-5.61.0/po/zh_CN/kconfig5_qt.po 2019-08-07 22:04:08.000000000 +0200 @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: kdeorg\n" -"PO-Revision-Date: 2019-06-02 11:52\n" +"PO-Revision-Date: 2019-07-18 14:57\n" "Last-Translator: Guo Yunhe (guoyunhe)\n" "Language-Team: Chinese Simplified\n" "Language: zh_CN\n" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kconfig-5.60.0/src/core/kconfig.cpp new/kconfig-5.61.0/src/core/kconfig.cpp --- old/kconfig-5.60.0/src/core/kconfig.cpp 2019-07-07 20:31:29.000000000 +0200 +++ new/kconfig-5.61.0/src/core/kconfig.cpp 2019-08-07 22:04:08.000000000 +0200 @@ -28,19 +28,6 @@ #include <cstdlib> #include <fcntl.h> -#ifdef _MSC_VER -static inline FILE *popen(const char *cmd, const char *mode) -{ - return _popen(cmd, mode); -} -static inline int pclose(FILE *stream) -{ - return _pclose(stream); -} -#else -#include <unistd.h> -#endif - #include "kconfigbackend_p.h" #include "kconfiggroup.h" @@ -183,29 +170,7 @@ int nDollarPos = aValue.indexOf(QLatin1Char('$')); while (nDollarPos != -1 && nDollarPos + 1 < aValue.length()) { // there is at least one $ - if (aValue[nDollarPos + 1] == QLatin1Char('(')) { - int nEndPos = nDollarPos + 1; - // the next character is not $ - while ((nEndPos <= aValue.length()) && (aValue[nEndPos] != QLatin1Char(')'))) { - nEndPos++; - } - nEndPos++; - QString cmd = aValue.mid(nDollarPos + 2, nEndPos - nDollarPos - 3); - - QString result; - -// FIXME: wince does not have pipes -#ifndef _WIN32_WCE - FILE *fs = popen(QFile::encodeName(cmd).data(), "r"); - if (fs) { - QTextStream ts(fs, QIODevice::ReadOnly); - result = ts.readAll().trimmed(); - pclose(fs); - } -#endif - aValue.replace(nDollarPos, nEndPos - nDollarPos, result); - nDollarPos += result.length(); - } else if (aValue[nDollarPos + 1] != QLatin1Char('$')) { + if (aValue[nDollarPos + 1] != QLatin1Char('$')) { int nEndPos = nDollarPos + 1; // the next character is not $ QStringRef aVarName; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/kconfig-5.60.0/src/core/kconfigwatcher.h new/kconfig-5.61.0/src/core/kconfigwatcher.h --- old/kconfig-5.60.0/src/core/kconfigwatcher.h 2019-07-07 20:31:29.000000000 +0200 +++ new/kconfig-5.61.0/src/core/kconfigwatcher.h 2019-08-07 22:04:08.000000000 +0200 @@ -21,6 +21,7 @@ #define KCONFIGWATCHER_H #include <QObject> +#include <QSharedPointer> #include <KSharedConfig> #include <KConfigGroup>