Hello community, here is the log from the commit of package kdirstat.2932 for openSUSE:13.1:Update checked in at 2014-08-11 09:44:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/kdirstat.2932 (Old) and /work/SRC/openSUSE:13.1:Update/.kdirstat.2932.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kdirstat.2932" Changes: -------- New Changes file: --- /dev/null 2014-07-24 01:57:42.080040256 +0200 +++ /work/SRC/openSUSE:13.1:Update/.kdirstat.2932.new/kdirstat.changes 2014-08-11 09:44:36.000000000 +0200 @@ -0,0 +1,299 @@ +------------------------------------------------------------------- +Wed Jul 2 13:10:00 UTC 2014 - alarr...@suse.com + +- Fixed a command injection problem (CVE-2014-2528) with patch from + upstream (bnc#868682) The patch file is fix-CVE-2014-2528.diff + +------------------------------------------------------------------- +Fri Jun 1 11:55:27 CEST 2007 - co...@suse.de + +- use kde_post_install + +------------------------------------------------------------------- +Mon Sep 18 21:55:48 CEST 2006 - dmuel...@suse.de + +- build parallel + +------------------------------------------------------------------- +Tue May 30 07:52:52 CEST 2006 - adr...@suse.de + +- fix build for < 10.1 + +------------------------------------------------------------------- +Wed Feb 15 11:35:32 CET 2006 - stbin...@suse.de + +- fix Name/GenericName in .desktop file + +------------------------------------------------------------------- +Wed Jan 25 21:33:14 CET 2006 - m...@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Tue Feb 22 15:37:33 CET 2005 - s...@suse.de + +- Updated to V 2.4.4 (thorougly tested since 12/2004): + Support for hard links and sparse files + +------------------------------------------------------------------- +Thu Feb 17 13:36:18 CET 2005 - adr...@suse.de + +- menu entry moved to xdg dir + +------------------------------------------------------------------- +Wed Jan 12 13:40:20 CET 2005 - co...@suse.de + +- disable unsermake - using GNU make extensions + +------------------------------------------------------------------- +Mon Dec 6 18:17:16 CET 2004 - s...@suse.de + +- Updated to V 2.4.3: + Added "Open with" cleanup action + +------------------------------------------------------------------- +Wed Nov 24 15:34:12 CET 2004 - r...@suse.de + +- fixed filelist (file listed twice) + +------------------------------------------------------------------- +Wed Nov 24 13:18:27 CET 2004 - s...@suse.de + +Updated to V 2.4.2: +- Integrated all patches upstream (I am the upstream author) +- Fixed lots of KDE libs "deprecated" warnings +- Now using "trash:/" if running under KDE >= 3.4 +- Added config file update file (migration ~/KDesktop/Trash -> %t) + +------------------------------------------------------------------- +Tue Mar 30 11:54:37 CEST 2004 - s...@suse.de + +- Fixed KPacMan animation widget rendering in toolbar + +------------------------------------------------------------------- +Mon Mar 1 15:28:58 CET 2004 - s...@suse.de + +- Updated German translation + +------------------------------------------------------------------- +Mon Feb 23 11:41:52 CET 2004 - adr...@suse.de + +- add %suse_update_desktop_file + +------------------------------------------------------------------- +Tue Jan 13 11:03:06 CET 2004 - co...@suse.de + +- fixing Makefile problems +- use %find_lang + +------------------------------------------------------------------- +Sat Jan 10 14:27:21 CET 2004 - adr...@suse.de + +- add %defattr +- let rpm strip + +------------------------------------------------------------------- +Tue Oct 14 12:51:26 CEST 2003 - s...@suse.de + +- Fixed abuild complaints about dirs not owned by package + +------------------------------------------------------------------- +Fri Oct 10 15:18:10 CEST 2003 - s...@suse.de + +- Moved Hungarian translation into tarball +- Fixed KDE-3 doc build problems +- Bumped version to 2.4.1 + +------------------------------------------------------------------- +Mon Sep 15 17:44:23 CEST 2003 - s...@suse.de + +- Added Hungarian translaton contributed by h...@suselinux.hu + +------------------------------------------------------------------- +Mon Sep 1 11:13:33 CEST 2003 - adr...@suse.de + +- add Categories + +------------------------------------------------------------------- +Sat Aug 30 01:08:15 CEST 2003 - r...@suse.de + +- added directories to filelist + +------------------------------------------------------------------- +Fri Aug 29 14:58:54 CEST 2003 - s...@suse.de + +- Updated to 2.4.0 which is little more than 2.3.7 declared "stable" + plus a bug fix: Fixed crash on program quit while still reading + directories + +- Added German translation + +------------------------------------------------------------------- +Mon Jul 28 13:08:49 CEST 2003 - adr...@suse.de + +- add Categories + +------------------------------------------------------------------- +Sun Jun 15 18:44:44 CEST 2003 - co...@suse.de + +- package directories and use %find_lang + +------------------------------------------------------------------- +Mon May 26 13:18:48 CEST 2003 - s...@suse.de + +- update to 2.3.7: Performance boost + +------------------------------------------------------------------- +Mon Feb 3 12:38:17 CET 2003 - s...@suse.de + +- update to 2.3.6: Fixed crash on startup without config file + +------------------------------------------------------------------- +Fri Jan 31 14:30:38 CET 2003 - s...@suse.de + +- update to 2.3.5 (with colored treemaps) + +------------------------------------------------------------------- +Fri Nov 22 00:59:32 CET 2002 - r...@suse.de + +- disable-final + +------------------------------------------------------------------- +Mon Jun 3 15:40:56 CEST 2002 - adr...@suse.de + +- update to 2.2.0 final + +------------------------------------------------------------------- +Wed May 22 15:18:14 CEST 2002 - co...@suse.de + +- adding admin tarball and use common_options + +------------------------------------------------------------------- +Tue Apr 23 12:06:41 CEST 2002 - s...@suse.de + +- Updated to V 2.1.1-beta: + Improved support for Asian languages + New: Translation for Japanese + +------------------------------------------------------------------- +Thu Apr 18 16:16:27 CEST 2002 - s...@suse.de + +- Updated to V 2.1.0-beta: + KDE 3 -port (new admin/ subdirectory) + +------------------------------------------------------------------- +Fri Mar 1 15:47:39 CET 2002 - s...@suse.de + +- Updated to V 2.0.1: + Support for large files (>2GB) + The real diff is only one line in configure.in.in + (AC_SYS_LARGEFILE) and one '#include "config.h"' + in kdirtree.cpp + Checked by Andreas Jaeger + +------------------------------------------------------------------- +Mon Feb 25 12:42:10 CET 2002 - s...@suse.de + +- Updated to V 2.0.0: ++++ 102 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:13.1:Update/.kdirstat.2932.new/kdirstat.changes New: ---- fix-CVE-2014-2528.diff kdirstat-2.4.4.tar.bz2 kdirstat.changes kdirstat.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kdirstat.spec ++++++ # # spec file for package kdirstat # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: kdirstat BuildRequires: kdelibs3-devel Url: http://kdirstat.sourceforge.net Summary: Graphical Directory Statistics for Used Disk Space License: GPL-2.0+ Group: Productivity/File utilities Version: 2.4.4 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build Source0: kdirstat-%{version}.tar.bz2 # PATCH-FIX-UPSTREAM fix-CVE-2014-2528.diff -- fix performance issue with Klipper see https://bugs.kde.org/show_bug.cgi?id=238084 Patch0: fix-CVE-2014-2528.diff %description KDirStat (KDE Directory Statistics) is a utility program that sums up disk usage for directory trees--very much like the Unix 'du' command. It can also help you clean up used space. Authors: -------- Stefan Hundhammer <s...@suse.de> %prep %setup -q %patch0 %build . /etc/opt/kde3/common_options update_admin --no-unsermake ./configure $configkde --disable-final make %{?jobs:-j %jobs} %install . /etc/opt/kde3/common_options make DESTDIR=$RPM_BUILD_ROOT $INSTALL_TARGET %if %suse_version < 1010 %suse_update_desktop_file %name Filesystem %else %suse_update_desktop_file -N "KDirStat" -G "Directory Statistics" %name Filesystem %endif kde_post_install %find_lang %name %clean rm -rf $RPM_BUILD_ROOT %files -f %name.lang %defattr(-,root,root) %doc COPYING AUTHORS ChangeLog TODO README /opt/kde3/bin/kdirstat /opt/kde3/share/apps/kdirstat /opt/kde3/share/appl*/*/kdirstat* /opt/kde3/share/doc/HTML/*/kdirstat/ %dir /opt/kde3/share/icons/hicolor/16x16 %dir /opt/kde3/share/icons/hicolor/16x16/apps %dir /opt/kde3/share/icons/hicolor/32x32 %dir /opt/kde3/share/icons/hicolor/32x32/apps /opt/kde3/share/icons/??color/??x??/*/kdirstat* %dir /opt/kde3/share/apps/kconf_update /opt/kde3/share/apps/kconf_update/kdirstat.upd /opt/kde3/share/apps/kconf_update/fix_move_to_trash_bin.pl %changelog ++++++ fix-CVE-2014-2528.diff ++++++ Index: kdirstat/kcleanup.cpp =================================================================== --- kdirstat.orig/kcleanup.cpp +++ kdirstat/kcleanup.cpp @@ -311,10 +311,10 @@ KCleanup::expandVariables( const KFileIn { QString expanded = unexpanded; - expanded.replace( QRegExp( "%p" ), - "\"" + QString::fromLocal8Bit( item->url() ) + "\"" ); - expanded.replace( QRegExp( "%n" ), - "\"" + QString::fromLocal8Bit( item->name() ) + "\"" ); + QString url = QString::fromLocal8Bit( item->url() ).replace("'", "'\\''"); + expanded.replace( QRegExp( "%p" ), "'" + url + "'" ); + QString name = QString::fromLocal8Bit( item->name() ).replace("'", "'\\''"); + expanded.replace( QRegExp( "%n" ), "'" + name + "'" ); if ( KDE::versionMajor() >= 3 && KDE::versionMinor() >= 4 ) expanded.replace( QRegExp( "%t" ), "trash:/" ); -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
