- Update to version 0.115:
- Fix CVE-2018-1116: Trusting client-supplied UID (bsc#1099031) - jsauthority: pass "%s" format string to remaining report function OBS-URL: https://build.opensuse.org/package/show/Base:System/polkit?expand=0&rev=123
This commit is contained in:
Git OBS Bridge
parent
eb1406e636
commit
9049ba1cda
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:bdf4007367d758fd794de2495975c115984d206267e52d1e6ac5ceea77e8ede6
|
||||
size 1557340
|
||||
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
wsFcBAABCAAQBQJayUecCRDptRpmWCnWVQAAtzIQAD2kwEHFTiJt4TtqBm9DDS64
|
||||
QNOE9+E4tTAQZlO+mwTtskQs/wojKDNpud+uhnhFWrMfmMGXVf2odz3PblhCmrsS
|
||||
tYleKUlgV3aoBltelCvl9Xy0otrAZ0WygCKJpeyvzsN0FwiWhuVTLXofRnmUiCFP
|
||||
jU847ldoawGw72tbH9qsFtEWRA+zbDT40ja1eO301JW5um6C+pKIs7MvNgSm4uEs
|
||||
VnEGomUPmMY9I/6akcOBFrMovujWQKHP4sr99vWPsCwMy7Ju9+UvyhHPXFyh7yCq
|
||||
AQePMOJxFnTT8tXlPyAxi+TO3ihokiqQhBY4wrRjguIm9MXaumasfuzN1LoHR7wy
|
||||
Y73FAEjYWvf5BHChW5cqFjRYv29aNol/nyEKbF8HpKTt/FFOeUSlF3xWbMqP9xs7
|
||||
tle13Ax1o22XIq05kPRM2FT6WK87IMAk/6qF669aUgbl3+36N0KFyt/NpA2M6Oiq
|
||||
Z9grgYtNgOZPzFM+UJOYijaSDSFtPpwbdEJQpEPxVqsDJ6lRKbAv/SyvBgvkZM3A
|
||||
IiUE4GN4c2JGAj+rHDzEjzjtNfT10qVeF31j2+5/uRGyR4dBeRUBclwSIz1zGLLS
|
||||
mfFRsqGnPpOxFA79NVr41aMmjv5wXfcsKQWrBUIfbkCdhZ9Hrzd8ItMO0b6xnBZ6
|
||||
348LpL6UknwI7dJA/HIv
|
||||
=Yc4b
|
||||
-----END PGP SIGNATURE-----
|
||||
3
polkit-0.115.tar.gz
Normal file
3
polkit-0.115.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:2f87ecdabfbd415c6306673ceadc59846f059b18ef2fce42bac63fe283f12131
|
||||
size 1550932
|
||||
6
polkit-0.115.tar.gz.sign
Normal file
6
polkit-0.115.tar.gz.sign
Normal file
@ -0,0 +1,6 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iF0EABECAB0WIQTBl22e2Rp0WcvOUxRaM/Zgs4R53wUCW0S8UgAKCRBaM/Zgs4R5
|
||||
3wNmAJ9YYc3MgbepSXr0mqWdiL93TmYMvwCeNf1e4EGsqndw9DP3CbpICMN7gV0=
|
||||
=mAps
|
||||
-----END PGP SIGNATURE-----
|
||||
@ -1,32 +0,0 @@
|
||||
From 373705b35e7f6c7dc83de5e0a3ce11ecd15d0409 Mon Sep 17 00:00:00 2001
|
||||
From: Ray Strode <rstrode@redhat.com>
|
||||
Date: Tue, 3 Apr 2018 15:26:37 -0400
|
||||
Subject: jsauthority: pass "%s" format string to remaining report function
|
||||
|
||||
commit 00adeee1b62 attempted to add a "%s" format string to the
|
||||
two JS_Report invocations that needed it, but somehow only got
|
||||
one them.
|
||||
|
||||
This commit gets the other one.
|
||||
|
||||
https://bugzilla.gnome.org/show_bug.cgi?id=105865
|
||||
---
|
||||
src/polkitbackend/polkitbackendjsauthority.cpp | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
|
||||
index 9746c47..517f3c6 100644
|
||||
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
|
||||
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
|
||||
@@ -1292,7 +1292,7 @@ js_polkit_log (JSContext *cx,
|
||||
JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
|
||||
|
||||
s = JS_EncodeString (cx, args[0].toString ());
|
||||
- JS_ReportWarningUTF8 (cx, s);
|
||||
+ JS_ReportWarningUTF8 (cx, "%s", s);
|
||||
JS_free (cx, s);
|
||||
|
||||
ret = true;
|
||||
--
|
||||
cgit v1.1
|
||||
|
||||
@ -1,3 +1,11 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 11 10:48:37 UTC 2018 - meissner@suse.com
|
||||
|
||||
- Update to version 0.115:
|
||||
- Fix CVE-2018-1116: Trusting client-supplied UID (bsc#1099031)
|
||||
- jsauthority: pass "%s" format string to remaining report function
|
||||
(obsoletes polkit-jsauthority-pass-format-string.patch)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 9 22:38:39 UTC 2018 - bjorn.lie@gmail.com
|
||||
|
||||
|
||||
@ -17,12 +17,12 @@
|
||||
|
||||
|
||||
Name: polkit
|
||||
Version: 0.114
|
||||
Version: 0.115
|
||||
Release: 0
|
||||
Summary: PolicyKit Authorization Framework
|
||||
License: LGPL-2.1-or-later
|
||||
Group: System/Libraries
|
||||
URL: http://www.freedesktop.org/wiki/Software/polkit/
|
||||
Url: http://www.freedesktop.org/wiki/Software/polkit/
|
||||
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
|
||||
Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign
|
||||
Source2: %{name}.keyring
|
||||
@ -34,8 +34,6 @@ Patch0: polkit-no-wheel-group.patch
|
||||
Patch1: polkit-gettext.patch
|
||||
# PATCH-FIX-UPSTREAM pkexec.patch schwab@suse.de -- pkexec: allow --version and --help even if not setuid
|
||||
Patch2: pkexec.patch
|
||||
# PATCH-FIX-UPSTREAM polkit-jsauthority-pass-format-string.patch bgo#105865 bjorn.lie@gmail.com -- jsauthority: pass "%s" format string to remaining report function
|
||||
Patch3: polkit-jsauthority-pass-format-string.patch
|
||||
|
||||
BuildRequires: gcc-c++
|
||||
BuildRequires: gtk-doc
|
||||
@ -119,7 +117,6 @@ This package provides the GObject Introspection bindings for PolicyKit.
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
|
||||
%build
|
||||
export V=1
|
||||
|
||||
Loading…
Reference in New Issue
Block a user