Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package qt6-networkauth for openSUSE:Factory
checked in at 2024-05-27 11:45:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/qt6-networkauth (Old)
and /work/SRC/openSUSE:Factory/.qt6-networkauth.new.24587 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "qt6-networkauth"
Mon May 27 11:45:02 2024 rev:29 rq:1176060 version:6.7.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/qt6-networkauth/qt6-networkauth.changes
2024-04-08 17:38:28.895135547 +0200
+++
/work/SRC/openSUSE:Factory/.qt6-networkauth.new.24587/qt6-networkauth.changes
2024-05-27 11:46:15.416686310 +0200
@@ -1,0 +2,7 @@
+Tue May 21 08:31:36 UTC 2024 - Christophe Marin <christo...@krop.fr>
+
+- Update to 6.7.1:
+ * https://www.qt.io/blog/qt-6.7.1-released
+ * Fixes CVE-2024-36048 (boo#1224782)
+
+-------------------------------------------------------------------
Old:
----
qtnetworkauth-everywhere-src-6.7.0.tar.xz
New:
----
qtnetworkauth-everywhere-src-6.7.1.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ qt6-networkauth.spec ++++++
--- /var/tmp/diff_new_pack.ppGbi3/_old 2024-05-27 11:46:18.936815298 +0200
+++ /var/tmp/diff_new_pack.ppGbi3/_new 2024-05-27 11:46:18.940815445 +0200
@@ -16,7 +16,7 @@
#
-%define real_version 6.7.0
+%define real_version 6.7.1
%define short_version 6.7
%define short_name qtnetworkauth
%define tar_name qtnetworkauth-everywhere-src
@@ -28,12 +28,12 @@
%endif
#
Name: qt6-networkauth%{?pkg_suffix}
-Version: 6.7.0
+Version: 6.7.1
Release: 0
Summary: Set of APIs to obtain limited access to online accounts and
HTTP services
License: GPL-3.0-only WITH Qt-GPL-exception-1.0
URL: https://www.qt.io
-Source:
https://download.qt.io/official_releases/qt/%{short_version}/%{real_version}%{tar_suffix}/submodules/%{tar_name}-%{real_version}%{tar_suffix}.tar.xz
+Source0:
https://download.qt.io/official_releases/qt/%{short_version}/%{real_version}%{tar_suffix}/submodules/%{tar_name}-%{real_version}%{tar_suffix}.tar.xz
Source99: qt6-networkauth-rpmlintrc
BuildRequires: pkgconfig
BuildRequires: qt6-core-private-devel
++++++ qtnetworkauth-everywhere-src-6.7.0.tar.xz ->
qtnetworkauth-everywhere-src-6.7.1.tar.xz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/qtnetworkauth-everywhere-src-6.7.0/.cmake.conf
new/qtnetworkauth-everywhere-src-6.7.1/.cmake.conf
--- old/qtnetworkauth-everywhere-src-6.7.0/.cmake.conf 2024-03-22
12:24:03.000000000 +0100
+++ new/qtnetworkauth-everywhere-src-6.7.1/.cmake.conf 2024-05-08
16:11:36.000000000 +0200
@@ -1,4 +1,4 @@
-set(QT_REPO_MODULE_VERSION "6.7.0")
+set(QT_REPO_MODULE_VERSION "6.7.1")
set(QT_REPO_MODULE_PRERELEASE_VERSION_SEGMENT "alpha1")
set(QT_EXTRA_INTERNAL_TARGET_DEFINES "QT_NO_AS_CONST=1")
list(APPEND QT_EXTRA_INTERNAL_TARGET_DEFINES "QT_NO_FOREACH=1")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/qtnetworkauth-everywhere-src-6.7.0/.tag
new/qtnetworkauth-everywhere-src-6.7.1/.tag
--- old/qtnetworkauth-everywhere-src-6.7.0/.tag 2024-03-22 12:24:03.000000000
+0100
+++ new/qtnetworkauth-everywhere-src-6.7.1/.tag 2024-05-08 16:11:36.000000000
+0200
@@ -1 +1 @@
-33a58af35ded52c430b802e191a6faffb8e418c0
+8d0a3066457ae71a7632b214a376a3c10e90bb7d
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/qtnetworkauth-everywhere-src-6.7.0/dependencies.yaml
new/qtnetworkauth-everywhere-src-6.7.1/dependencies.yaml
--- old/qtnetworkauth-everywhere-src-6.7.0/dependencies.yaml 2024-03-22
12:24:03.000000000 +0100
+++ new/qtnetworkauth-everywhere-src-6.7.1/dependencies.yaml 2024-05-08
16:11:36.000000000 +0200
@@ -1,4 +1,4 @@
dependencies:
../qtbase:
- ref: 98602c26fc97eb41e3dd7548194ca637420a31b9
+ ref: c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85
required: true
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/qtnetworkauth-everywhere-src-6.7.0/examples/CMakeLists.txt
new/qtnetworkauth-everywhere-src-6.7.1/examples/CMakeLists.txt
--- old/qtnetworkauth-everywhere-src-6.7.0/examples/CMakeLists.txt
2024-03-22 12:24:03.000000000 +0100
+++ new/qtnetworkauth-everywhere-src-6.7.1/examples/CMakeLists.txt
2024-05-08 16:11:36.000000000 +0200
@@ -1,5 +1,5 @@
# Copyright (C) 2022 The Qt Company Ltd.
-# SPDX-License-Identifier: BSD-3-Clause
+# SPDX-License-Identifier: LicenseRef-Qt-Commercial OR BSD-3-Clause
# Generated from examples.pro.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/qtnetworkauth-everywhere-src-6.7.0/examples/oauth/CMakeLists.txt
new/qtnetworkauth-everywhere-src-6.7.1/examples/oauth/CMakeLists.txt
--- old/qtnetworkauth-everywhere-src-6.7.0/examples/oauth/CMakeLists.txt
2024-03-22 12:24:03.000000000 +0100
+++ new/qtnetworkauth-everywhere-src-6.7.1/examples/oauth/CMakeLists.txt
2024-05-08 16:11:36.000000000 +0200
@@ -1,5 +1,5 @@
# Copyright (C) 2022 The Qt Company Ltd.
-# SPDX-License-Identifier: BSD-3-Clause
+# SPDX-License-Identifier: LicenseRef-Qt-Commercial OR BSD-3-Clause
# Generated from oauth.pro.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/qtnetworkauth-everywhere-src-6.7.0/examples/oauth/redditclient/CMakeLists.txt
new/qtnetworkauth-everywhere-src-6.7.1/examples/oauth/redditclient/CMakeLists.txt
---
old/qtnetworkauth-everywhere-src-6.7.0/examples/oauth/redditclient/CMakeLists.txt
2024-03-22 12:24:03.000000000 +0100
+++
new/qtnetworkauth-everywhere-src-6.7.1/examples/oauth/redditclient/CMakeLists.txt
2024-05-08 16:11:36.000000000 +0200
@@ -1,5 +1,5 @@
# Copyright (C) 2022 The Qt Company Ltd.
-# SPDX-License-Identifier: BSD-3-Clause
+# SPDX-License-Identifier: LicenseRef-Qt-Commercial OR BSD-3-Clause
# Generated from redditclient.pro.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/qtnetworkauth-everywhere-src-6.7.0/licenseRule.json
new/qtnetworkauth-everywhere-src-6.7.1/licenseRule.json
--- old/qtnetworkauth-everywhere-src-6.7.0/licenseRule.json 1970-01-01
01:00:00.000000000 +0100
+++ new/qtnetworkauth-everywhere-src-6.7.1/licenseRule.json 2024-05-08
16:11:36.000000000 +0200
@@ -0,0 +1,89 @@
+[
+ {
+ "comment" : ["file_pattern_ending: strings matched against the end of
a file name.",
+ "location keys: regular expression matched against the
beginning of",
+ "the file path (relative to the git submodule root).",
+ "spdx: list of SPDX-License-Expression's allowed in the
matching files.",
+ "-------------------------------------------------------",
+ "Files with the following endings are Build System
licensed,",
+ "unless they are examples",
+ "Files with other endings can also be build system files"
+ ],
+ "file_pattern_ending" : ["CMakeLists.txt", ".cmake", ".pro", ".pri",
".prf",
+ "configure", "configure.bat", "cmake.in", "plist.in",
"CMakeLists.txt.in"],
+ "location" : {
+ "" : {
+ "comment" : "Default",
+ "file type" : "build system",
+ "spdx" : ["BSD-3-Clause"]
+ },
+ "(.*)(examples/|snippets/)" : {
+ "comment" : "Example takes precedence",
+ "file type" : "examples and snippets",
+ "spdx" : ["LicenseRef-Qt-Commercial OR BSD-3-Clause"]
+ },
+ "tests/manual/examples/twittertimeline/" : {
+ "comment" : "test, not example",
+ "file type" : "build system",
+ "spdx" : ["BSD-3-Clause"]
+ }
+ }
+ },
+ {
+ "comments" : ["Files with the following endings are Tool licensed,",
+ "unless they are examples.",
+ "Files with other endings can also be tool files."],
+ "file_pattern_ending" : [".sh", ".py", ".pl", ".bat", ".ps1"],
+ "location" :{
+ "" : {
+ "comment" : "Default",
+ "file type" : "tools and utils",
+ "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only WITH
Qt-GPL-exception-1.0"]
+ },
+ "(.*)(examples/|snippets/)" : {
+ "comment" : "Example takes precedence",
+ "file type" : "examples and snippets",
+ "spdx" : ["LicenseRef-Qt-Commercial OR BSD-3-Clause"]
+ }
+ }
+ },
+ {
+ "comment" : "Files with the following endings are Documentation
licensed.",
+ "file_pattern_ending" : [".qdoc", ".qdocinc" , ".qdocconf", ".txt",
"README", "qt_attribution.json"],
+ "location" :{
+ "" : {
+ "comment" : "",
+ "file type" : "documentation",
+ "spdx" : ["LicenseRef-Qt-Commercial OR
GFDL-1.3-no-invariants-only"]
+ }
+ }
+ },
+ {
+ "comment" : ["All other files",
+ "The licensing is defined only by the file location in
the Qt module repository.",
+ "NO <file_pattern_ending> key for this case!",
+ "This needs to be the last entry of the file."],
+ "location" : {
+ "" : {
+ "comment" : "Default",
+ "file type" : "module and plugin",
+ "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"]
+ },
+ "src/" : {
+ "comment" : "Default",
+ "file type" : "module and plugin",
+ "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"]
+ },
+ "tests/" : {
+ "comment" : "Default",
+ "file type" : "test",
+ "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"]
+ },
+ "(.*)(examples/|snippets/)" : {
+ "comment" : "Default",
+ "file type" : "examples and snippets",
+ "spdx" : ["LicenseRef-Qt-Commercial OR BSD-3-Clause"]
+ }
+ }
+ }
+]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/qtnetworkauth-everywhere-src-6.7.0/src/oauth/qabstractoauth.cpp
new/qtnetworkauth-everywhere-src-6.7.1/src/oauth/qabstractoauth.cpp
--- old/qtnetworkauth-everywhere-src-6.7.0/src/oauth/qabstractoauth.cpp
2024-03-22 12:24:03.000000000 +0100
+++ new/qtnetworkauth-everywhere-src-6.7.1/src/oauth/qabstractoauth.cpp
2024-05-08 16:11:36.000000000 +0200
@@ -11,7 +11,6 @@
#include <QtCore/qurl.h>
#include <QtCore/qpair.h>
#include <QtCore/qstring.h>
-#include <QtCore/qdatetime.h>
#include <QtCore/qurlquery.h>
#include <QtCore/qjsondocument.h>
#include <QtCore/qmessageauthenticationcode.h>
@@ -20,6 +19,9 @@
#include <QtNetwork/qnetworkaccessmanager.h>
#include <QtNetwork/qnetworkreply.h>
+#include <QtCore/qrandom.h>
+#include <QtCore/private/qlocking_p.h>
+
#include <random>
QT_BEGIN_NAMESPACE
@@ -273,15 +275,19 @@
}
}
+Q_CONSTINIT static QBasicMutex prngMutex;
+Q_GLOBAL_STATIC_WITH_ARGS(std::mt19937, prng, (*QRandomGenerator::system()))
+
QByteArray QAbstractOAuthPrivate::generateRandomString(quint8 length)
{
- const char characters[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
- static std::mt19937
randomEngine(QDateTime::currentDateTime().toMSecsSinceEpoch());
+ constexpr char characters[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
std::uniform_int_distribution<int> distribution(0, sizeof(characters) - 2);
QByteArray data;
data.reserve(length);
+ auto lock = qt_unique_lock(prngMutex);
for (quint8 i = 0; i < length; ++i)
- data.append(characters[distribution(randomEngine)]);
+ data.append(characters[distribution(*prng)]);
+ lock.unlock();
return data;
}
@@ -591,6 +597,7 @@
}
/*!
+ \threadsafe
Generates a random string which could be used as state or nonce.
The parameter \a length determines the size of the generated
string.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/qtnetworkauth-everywhere-src-6.7.0/tests/auto/abstractoauth/tst_abstractoauth.cpp
new/qtnetworkauth-everywhere-src-6.7.1/tests/auto/abstractoauth/tst_abstractoauth.cpp
---
old/qtnetworkauth-everywhere-src-6.7.0/tests/auto/abstractoauth/tst_abstractoauth.cpp
2024-03-22 12:24:03.000000000 +0100
+++
new/qtnetworkauth-everywhere-src-6.7.1/tests/auto/abstractoauth/tst_abstractoauth.cpp
2024-05-08 16:11:36.000000000 +0200
@@ -1,5 +1,5 @@
// Copyright (C) 2017 The Qt Company Ltd.
-// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH
Qt-GPL-exception-1.0
+// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only
#include <QtCore>
#include <QtTest>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/qtnetworkauth-everywhere-src-6.7.0/tests/auto/oauth1/tst_oauth1.cpp
new/qtnetworkauth-everywhere-src-6.7.1/tests/auto/oauth1/tst_oauth1.cpp
--- old/qtnetworkauth-everywhere-src-6.7.0/tests/auto/oauth1/tst_oauth1.cpp
2024-03-22 12:24:03.000000000 +0100
+++ new/qtnetworkauth-everywhere-src-6.7.1/tests/auto/oauth1/tst_oauth1.cpp
2024-05-08 16:11:36.000000000 +0200
@@ -1,5 +1,5 @@
// Copyright (C) 2017 The Qt Company Ltd.
-// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH
Qt-GPL-exception-1.0
+// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only
#include <QtCore>
#include <QtTest>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/qtnetworkauth-everywhere-src-6.7.0/tests/auto/oauth1signature/tst_oauth1signature.cpp
new/qtnetworkauth-everywhere-src-6.7.1/tests/auto/oauth1signature/tst_oauth1signature.cpp
---
old/qtnetworkauth-everywhere-src-6.7.0/tests/auto/oauth1signature/tst_oauth1signature.cpp
2024-03-22 12:24:03.000000000 +0100
+++
new/qtnetworkauth-everywhere-src-6.7.1/tests/auto/oauth1signature/tst_oauth1signature.cpp
2024-05-08 16:11:36.000000000 +0200
@@ -1,5 +1,5 @@
// Copyright (C) 2017 The Qt Company Ltd.
-// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH
Qt-GPL-exception-1.0
+// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only
#include <QtCore>
#include <QtTest>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/qtnetworkauth-everywhere-src-6.7.0/tests/auto/oauth2/tst_oauth2.cpp
new/qtnetworkauth-everywhere-src-6.7.1/tests/auto/oauth2/tst_oauth2.cpp
--- old/qtnetworkauth-everywhere-src-6.7.0/tests/auto/oauth2/tst_oauth2.cpp
2024-03-22 12:24:03.000000000 +0100
+++ new/qtnetworkauth-everywhere-src-6.7.1/tests/auto/oauth2/tst_oauth2.cpp
2024-05-08 16:11:36.000000000 +0200
@@ -1,5 +1,5 @@
// Copyright (C) 2017 The Qt Company Ltd.
-// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH
Qt-GPL-exception-1.0
+// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only
#include <QtTest>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/qtnetworkauth-everywhere-src-6.7.0/tests/auto/oauthhttpserverreplyhandler/tst_oauthhttpserverreplyhandler.cpp
new/qtnetworkauth-everywhere-src-6.7.1/tests/auto/oauthhttpserverreplyhandler/tst_oauthhttpserverreplyhandler.cpp
---
old/qtnetworkauth-everywhere-src-6.7.0/tests/auto/oauthhttpserverreplyhandler/tst_oauthhttpserverreplyhandler.cpp
2024-03-22 12:24:03.000000000 +0100
+++
new/qtnetworkauth-everywhere-src-6.7.1/tests/auto/oauthhttpserverreplyhandler/tst_oauthhttpserverreplyhandler.cpp
2024-05-08 16:11:36.000000000 +0200
@@ -1,5 +1,5 @@
// Copyright (C) 2017 The Qt Company Ltd.
-// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH
Qt-GPL-exception-1.0
+// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only
#include <QtNetworkAuth/qoauthhttpserverreplyhandler.h>
