From 8e1234b76b03c5fca53a4f8bee722c210e727ada Mon Sep 17 00:00:00 2001 From: krop <> Date: Jun 06 2025 20:58:57 +0000 Subject: Update liblastfm-qt6 to version 1.2.0git.20250222T104528~81e8f9d / rev 2 via SR 1283029 https://build.opensuse.org/request/show/1283029 by user krop + anag_factory --- diff --git a/.files b/.files index b00f7d8..8fa84fa 100644 Binary files a/.files and b/.files differ diff --git a/.meta b/.meta index 935672b..a38fd96 100644 --- a/.meta +++ b/.meta @@ -2,5 +2,6 @@ <title>Qt 6 port of liblastfm</title> <description>liblastfm is a collection of libraries to help you integrate Last.fm services into your applications.</description> + <devel project="KDE:Qt6" package="liblastfm-qt6"/> <url>https://github.com/Mazhoon/liblastfm</url> </package> diff --git a/.rev b/.rev index 549de6f..56d1e4e 100644 --- a/.rev +++ b/.rev @@ -7,4 +7,12 @@ <comment>Add liblastfm-qt6, used by amarok soon™</comment> <requestid>1269501</requestid> </revision> + <revision rev="2" vrev="2"> + <srcmd5>0c21ead63101187080fb4fe4aa62735e</srcmd5> + <version>1.2.0git.20250222T104528~81e8f9d</version> + <time>1749242496</time> + <user>anag_factory</user> + <comment></comment> + <requestid>1283029</requestid> + </revision> </revisionlist> diff --git a/liblastfm-qt6-Fix-use-after-free-in-platform-calling-code.diff b/liblastfm-qt6-Fix-use-after-free-in-platform-calling-code.diff new file mode 100644 index 0000000..d3aa8cc --- /dev/null +++ b/liblastfm-qt6-Fix-use-after-free-in-platform-calling-code.diff @@ -0,0 +1,32 @@ +diff --git a/src/misc.cpp b/src/misc.cpp +index 36f73a8a..de48c52e 100644 +--- a/src/misc.cpp ++++ b/src/misc.cpp +@@ -163,11 +163,11 @@ lastfm::CFStringToUtf8( CFStringRef s ) + #endif + + +-const char* ++QByteArray + lastfm::platform() + { +- static QString platform = QSysInfo::prettyProductName(); +- return qPrintable(platform); ++ static const auto platform = QSysInfo::prettyProductName().toUtf8(); ++ return platform; + } + + QString lastfm:: +diff --git a/src/misc.h b/src/misc.h +index d0f6765b..a5935301 100644 +--- a/src/misc.h ++++ b/src/misc.h +@@ -47,7 +47,7 @@ namespace lastfm + LASTFM_DLLEXPORT CFStringRef QStringToCFString( const QString& ); + LASTFM_DLLEXPORT QString CFStringToQString( CFStringRef s ); + #endif +- LASTFM_DLLEXPORT const char* platform(); ++ LASTFM_DLLEXPORT QByteArray platform(); + LASTFM_DLLEXPORT QString md5( const QByteArray& src ); + } + #endif //LASTFM_MISC_H diff --git a/liblastfm-qt6.changes b/liblastfm-qt6.changes index 6e948da..98028db 100644 --- a/liblastfm-qt6.changes +++ b/liblastfm-qt6.changes @@ -1,4 +1,9 @@ ------------------------------------------------------------------- +Thu Jun 5 05:20:51 UTC 2025 - Dmitriy Perlow <dap.darkness@gmail.com> + +- Added liblastfm-qt6-Fix-use-after-free-in-platform-calling-code.diff. + +------------------------------------------------------------------- Tue Apr 15 08:27:19 UTC 2025 - Christophe Marin <christophe@krop.fr> - Init liblastfm-qt6, a Qt 6 port of liblastfm. diff --git a/liblastfm-qt6.spec b/liblastfm-qt6.spec index 293dce8..2442cf5 100644 --- a/liblastfm-qt6.spec +++ b/liblastfm-qt6.spec @@ -23,6 +23,10 @@ Summary: Qt 6 port of liblastfm License: GPL-3.0-or-later URL: https://github.com/Mazhoon/liblastfm Source: %{name}-%{version}.tar.xz +# As per Qt docs, the return value of qPrintable() is only valid until the +# end of the expression. In fact, asan did catch this in the calling code. +# PATCH-FIX-UPSTREAM https://github.com/drfiemost/liblastfm/pull/10 +Patch0: liblastfm-qt6-Fix-use-after-free-in-platform-calling-code.diff BuildRequires: pkgconfig BuildRequires: cmake(Qt6Core) BuildRequires: cmake(Qt6DBus)