Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package qt6-networkauth for openSUSE:Factory checked in at 2024-05-27 11:45:02 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/qt6-networkauth (Old) and /work/SRC/openSUSE:Factory/.qt6-networkauth.new.24587 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "qt6-networkauth" Mon May 27 11:45:02 2024 rev:29 rq:1176060 version:6.7.1 Changes: -------- --- /work/SRC/openSUSE:Factory/qt6-networkauth/qt6-networkauth.changes 2024-04-08 17:38:28.895135547 +0200 +++ /work/SRC/openSUSE:Factory/.qt6-networkauth.new.24587/qt6-networkauth.changes 2024-05-27 11:46:15.416686310 +0200 @@ -1,0 +2,7 @@ +Tue May 21 08:31:36 UTC 2024 - Christophe Marin <christo...@krop.fr> + +- Update to 6.7.1: + * https://www.qt.io/blog/qt-6.7.1-released + * Fixes CVE-2024-36048 (boo#1224782) + +------------------------------------------------------------------- Old: ---- qtnetworkauth-everywhere-src-6.7.0.tar.xz New: ---- qtnetworkauth-everywhere-src-6.7.1.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ qt6-networkauth.spec ++++++ --- /var/tmp/diff_new_pack.ppGbi3/_old 2024-05-27 11:46:18.936815298 +0200 +++ /var/tmp/diff_new_pack.ppGbi3/_new 2024-05-27 11:46:18.940815445 +0200 @@ -16,7 +16,7 @@ # -%define real_version 6.7.0 +%define real_version 6.7.1 %define short_version 6.7 %define short_name qtnetworkauth %define tar_name qtnetworkauth-everywhere-src @@ -28,12 +28,12 @@ %endif # Name: qt6-networkauth%{?pkg_suffix} -Version: 6.7.0 +Version: 6.7.1 Release: 0 Summary: Set of APIs to obtain limited access to online accounts and HTTP services License: GPL-3.0-only WITH Qt-GPL-exception-1.0 URL: https://www.qt.io -Source: https://download.qt.io/official_releases/qt/%{short_version}/%{real_version}%{tar_suffix}/submodules/%{tar_name}-%{real_version}%{tar_suffix}.tar.xz +Source0: https://download.qt.io/official_releases/qt/%{short_version}/%{real_version}%{tar_suffix}/submodules/%{tar_name}-%{real_version}%{tar_suffix}.tar.xz Source99: qt6-networkauth-rpmlintrc BuildRequires: pkgconfig BuildRequires: qt6-core-private-devel ++++++ qtnetworkauth-everywhere-src-6.7.0.tar.xz -> qtnetworkauth-everywhere-src-6.7.1.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtnetworkauth-everywhere-src-6.7.0/.cmake.conf new/qtnetworkauth-everywhere-src-6.7.1/.cmake.conf --- old/qtnetworkauth-everywhere-src-6.7.0/.cmake.conf 2024-03-22 12:24:03.000000000 +0100 +++ new/qtnetworkauth-everywhere-src-6.7.1/.cmake.conf 2024-05-08 16:11:36.000000000 +0200 @@ -1,4 +1,4 @@ -set(QT_REPO_MODULE_VERSION "6.7.0") +set(QT_REPO_MODULE_VERSION "6.7.1") set(QT_REPO_MODULE_PRERELEASE_VERSION_SEGMENT "alpha1") set(QT_EXTRA_INTERNAL_TARGET_DEFINES "QT_NO_AS_CONST=1") list(APPEND QT_EXTRA_INTERNAL_TARGET_DEFINES "QT_NO_FOREACH=1") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtnetworkauth-everywhere-src-6.7.0/.tag new/qtnetworkauth-everywhere-src-6.7.1/.tag --- old/qtnetworkauth-everywhere-src-6.7.0/.tag 2024-03-22 12:24:03.000000000 +0100 +++ new/qtnetworkauth-everywhere-src-6.7.1/.tag 2024-05-08 16:11:36.000000000 +0200 @@ -1 +1 @@ -33a58af35ded52c430b802e191a6faffb8e418c0 +8d0a3066457ae71a7632b214a376a3c10e90bb7d diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtnetworkauth-everywhere-src-6.7.0/dependencies.yaml new/qtnetworkauth-everywhere-src-6.7.1/dependencies.yaml --- old/qtnetworkauth-everywhere-src-6.7.0/dependencies.yaml 2024-03-22 12:24:03.000000000 +0100 +++ new/qtnetworkauth-everywhere-src-6.7.1/dependencies.yaml 2024-05-08 16:11:36.000000000 +0200 @@ -1,4 +1,4 @@ dependencies: ../qtbase: - ref: 98602c26fc97eb41e3dd7548194ca637420a31b9 + ref: c195fe7d33decbd5ddd47ae46dbf8e0d9c20ba85 required: true diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtnetworkauth-everywhere-src-6.7.0/examples/CMakeLists.txt new/qtnetworkauth-everywhere-src-6.7.1/examples/CMakeLists.txt --- old/qtnetworkauth-everywhere-src-6.7.0/examples/CMakeLists.txt 2024-03-22 12:24:03.000000000 +0100 +++ new/qtnetworkauth-everywhere-src-6.7.1/examples/CMakeLists.txt 2024-05-08 16:11:36.000000000 +0200 @@ -1,5 +1,5 @@ # Copyright (C) 2022 The Qt Company Ltd. -# SPDX-License-Identifier: BSD-3-Clause +# SPDX-License-Identifier: LicenseRef-Qt-Commercial OR BSD-3-Clause # Generated from examples.pro. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtnetworkauth-everywhere-src-6.7.0/examples/oauth/CMakeLists.txt new/qtnetworkauth-everywhere-src-6.7.1/examples/oauth/CMakeLists.txt --- old/qtnetworkauth-everywhere-src-6.7.0/examples/oauth/CMakeLists.txt 2024-03-22 12:24:03.000000000 +0100 +++ new/qtnetworkauth-everywhere-src-6.7.1/examples/oauth/CMakeLists.txt 2024-05-08 16:11:36.000000000 +0200 @@ -1,5 +1,5 @@ # Copyright (C) 2022 The Qt Company Ltd. -# SPDX-License-Identifier: BSD-3-Clause +# SPDX-License-Identifier: LicenseRef-Qt-Commercial OR BSD-3-Clause # Generated from oauth.pro. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtnetworkauth-everywhere-src-6.7.0/examples/oauth/redditclient/CMakeLists.txt new/qtnetworkauth-everywhere-src-6.7.1/examples/oauth/redditclient/CMakeLists.txt --- old/qtnetworkauth-everywhere-src-6.7.0/examples/oauth/redditclient/CMakeLists.txt 2024-03-22 12:24:03.000000000 +0100 +++ new/qtnetworkauth-everywhere-src-6.7.1/examples/oauth/redditclient/CMakeLists.txt 2024-05-08 16:11:36.000000000 +0200 @@ -1,5 +1,5 @@ # Copyright (C) 2022 The Qt Company Ltd. -# SPDX-License-Identifier: BSD-3-Clause +# SPDX-License-Identifier: LicenseRef-Qt-Commercial OR BSD-3-Clause # Generated from redditclient.pro. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtnetworkauth-everywhere-src-6.7.0/licenseRule.json new/qtnetworkauth-everywhere-src-6.7.1/licenseRule.json --- old/qtnetworkauth-everywhere-src-6.7.0/licenseRule.json 1970-01-01 01:00:00.000000000 +0100 +++ new/qtnetworkauth-everywhere-src-6.7.1/licenseRule.json 2024-05-08 16:11:36.000000000 +0200 @@ -0,0 +1,89 @@ +[ + { + "comment" : ["file_pattern_ending: strings matched against the end of a file name.", + "location keys: regular expression matched against the beginning of", + "the file path (relative to the git submodule root).", + "spdx: list of SPDX-License-Expression's allowed in the matching files.", + "-------------------------------------------------------", + "Files with the following endings are Build System licensed,", + "unless they are examples", + "Files with other endings can also be build system files" + ], + "file_pattern_ending" : ["CMakeLists.txt", ".cmake", ".pro", ".pri", ".prf", + "configure", "configure.bat", "cmake.in", "plist.in", "CMakeLists.txt.in"], + "location" : { + "" : { + "comment" : "Default", + "file type" : "build system", + "spdx" : ["BSD-3-Clause"] + }, + "(.*)(examples/|snippets/)" : { + "comment" : "Example takes precedence", + "file type" : "examples and snippets", + "spdx" : ["LicenseRef-Qt-Commercial OR BSD-3-Clause"] + }, + "tests/manual/examples/twittertimeline/" : { + "comment" : "test, not example", + "file type" : "build system", + "spdx" : ["BSD-3-Clause"] + } + } + }, + { + "comments" : ["Files with the following endings are Tool licensed,", + "unless they are examples.", + "Files with other endings can also be tool files."], + "file_pattern_ending" : [".sh", ".py", ".pl", ".bat", ".ps1"], + "location" :{ + "" : { + "comment" : "Default", + "file type" : "tools and utils", + "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0"] + }, + "(.*)(examples/|snippets/)" : { + "comment" : "Example takes precedence", + "file type" : "examples and snippets", + "spdx" : ["LicenseRef-Qt-Commercial OR BSD-3-Clause"] + } + } + }, + { + "comment" : "Files with the following endings are Documentation licensed.", + "file_pattern_ending" : [".qdoc", ".qdocinc" , ".qdocconf", ".txt", "README", "qt_attribution.json"], + "location" :{ + "" : { + "comment" : "", + "file type" : "documentation", + "spdx" : ["LicenseRef-Qt-Commercial OR GFDL-1.3-no-invariants-only"] + } + } + }, + { + "comment" : ["All other files", + "The licensing is defined only by the file location in the Qt module repository.", + "NO <file_pattern_ending> key for this case!", + "This needs to be the last entry of the file."], + "location" : { + "" : { + "comment" : "Default", + "file type" : "module and plugin", + "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"] + }, + "src/" : { + "comment" : "Default", + "file type" : "module and plugin", + "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"] + }, + "tests/" : { + "comment" : "Default", + "file type" : "test", + "spdx" : ["LicenseRef-Qt-Commercial OR GPL-3.0-only"] + }, + "(.*)(examples/|snippets/)" : { + "comment" : "Default", + "file type" : "examples and snippets", + "spdx" : ["LicenseRef-Qt-Commercial OR BSD-3-Clause"] + } + } + } +] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtnetworkauth-everywhere-src-6.7.0/src/oauth/qabstractoauth.cpp new/qtnetworkauth-everywhere-src-6.7.1/src/oauth/qabstractoauth.cpp --- old/qtnetworkauth-everywhere-src-6.7.0/src/oauth/qabstractoauth.cpp 2024-03-22 12:24:03.000000000 +0100 +++ new/qtnetworkauth-everywhere-src-6.7.1/src/oauth/qabstractoauth.cpp 2024-05-08 16:11:36.000000000 +0200 @@ -11,7 +11,6 @@ #include <QtCore/qurl.h> #include <QtCore/qpair.h> #include <QtCore/qstring.h> -#include <QtCore/qdatetime.h> #include <QtCore/qurlquery.h> #include <QtCore/qjsondocument.h> #include <QtCore/qmessageauthenticationcode.h> @@ -20,6 +19,9 @@ #include <QtNetwork/qnetworkaccessmanager.h> #include <QtNetwork/qnetworkreply.h> +#include <QtCore/qrandom.h> +#include <QtCore/private/qlocking_p.h> + #include <random> QT_BEGIN_NAMESPACE @@ -273,15 +275,19 @@ } } +Q_CONSTINIT static QBasicMutex prngMutex; +Q_GLOBAL_STATIC_WITH_ARGS(std::mt19937, prng, (*QRandomGenerator::system())) + QByteArray QAbstractOAuthPrivate::generateRandomString(quint8 length) { - const char characters[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; - static std::mt19937 randomEngine(QDateTime::currentDateTime().toMSecsSinceEpoch()); + constexpr char characters[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; std::uniform_int_distribution<int> distribution(0, sizeof(characters) - 2); QByteArray data; data.reserve(length); + auto lock = qt_unique_lock(prngMutex); for (quint8 i = 0; i < length; ++i) - data.append(characters[distribution(randomEngine)]); + data.append(characters[distribution(*prng)]); + lock.unlock(); return data; } @@ -591,6 +597,7 @@ } /*! + \threadsafe Generates a random string which could be used as state or nonce. The parameter \a length determines the size of the generated string. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtnetworkauth-everywhere-src-6.7.0/tests/auto/abstractoauth/tst_abstractoauth.cpp new/qtnetworkauth-everywhere-src-6.7.1/tests/auto/abstractoauth/tst_abstractoauth.cpp --- old/qtnetworkauth-everywhere-src-6.7.0/tests/auto/abstractoauth/tst_abstractoauth.cpp 2024-03-22 12:24:03.000000000 +0100 +++ new/qtnetworkauth-everywhere-src-6.7.1/tests/auto/abstractoauth/tst_abstractoauth.cpp 2024-05-08 16:11:36.000000000 +0200 @@ -1,5 +1,5 @@ // Copyright (C) 2017 The Qt Company Ltd. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QtCore> #include <QtTest> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtnetworkauth-everywhere-src-6.7.0/tests/auto/oauth1/tst_oauth1.cpp new/qtnetworkauth-everywhere-src-6.7.1/tests/auto/oauth1/tst_oauth1.cpp --- old/qtnetworkauth-everywhere-src-6.7.0/tests/auto/oauth1/tst_oauth1.cpp 2024-03-22 12:24:03.000000000 +0100 +++ new/qtnetworkauth-everywhere-src-6.7.1/tests/auto/oauth1/tst_oauth1.cpp 2024-05-08 16:11:36.000000000 +0200 @@ -1,5 +1,5 @@ // Copyright (C) 2017 The Qt Company Ltd. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QtCore> #include <QtTest> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtnetworkauth-everywhere-src-6.7.0/tests/auto/oauth1signature/tst_oauth1signature.cpp new/qtnetworkauth-everywhere-src-6.7.1/tests/auto/oauth1signature/tst_oauth1signature.cpp --- old/qtnetworkauth-everywhere-src-6.7.0/tests/auto/oauth1signature/tst_oauth1signature.cpp 2024-03-22 12:24:03.000000000 +0100 +++ new/qtnetworkauth-everywhere-src-6.7.1/tests/auto/oauth1signature/tst_oauth1signature.cpp 2024-05-08 16:11:36.000000000 +0200 @@ -1,5 +1,5 @@ // Copyright (C) 2017 The Qt Company Ltd. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QtCore> #include <QtTest> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtnetworkauth-everywhere-src-6.7.0/tests/auto/oauth2/tst_oauth2.cpp new/qtnetworkauth-everywhere-src-6.7.1/tests/auto/oauth2/tst_oauth2.cpp --- old/qtnetworkauth-everywhere-src-6.7.0/tests/auto/oauth2/tst_oauth2.cpp 2024-03-22 12:24:03.000000000 +0100 +++ new/qtnetworkauth-everywhere-src-6.7.1/tests/auto/oauth2/tst_oauth2.cpp 2024-05-08 16:11:36.000000000 +0200 @@ -1,5 +1,5 @@ // Copyright (C) 2017 The Qt Company Ltd. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QtTest> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/qtnetworkauth-everywhere-src-6.7.0/tests/auto/oauthhttpserverreplyhandler/tst_oauthhttpserverreplyhandler.cpp new/qtnetworkauth-everywhere-src-6.7.1/tests/auto/oauthhttpserverreplyhandler/tst_oauthhttpserverreplyhandler.cpp --- old/qtnetworkauth-everywhere-src-6.7.0/tests/auto/oauthhttpserverreplyhandler/tst_oauthhttpserverreplyhandler.cpp 2024-03-22 12:24:03.000000000 +0100 +++ new/qtnetworkauth-everywhere-src-6.7.1/tests/auto/oauthhttpserverreplyhandler/tst_oauthhttpserverreplyhandler.cpp 2024-05-08 16:11:36.000000000 +0200 @@ -1,5 +1,5 @@ // Copyright (C) 2017 The Qt Company Ltd. -// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only WITH Qt-GPL-exception-1.0 +// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR GPL-3.0-only #include <QtNetworkAuth/qoauthhttpserverreplyhandler.h>