pool/polkit
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Update to version 0.115:

Browse Source 
- Fix CVE-2018-1116: Trusting client-supplied UID (bsc#1099031)
  - jsauthority: pass "%s" format string to remaining report function

OBS-URL: https://build.opensuse.org/package/show/Base:System/polkit?expand=0&rev=123
This commit is contained in:
Marcus Meissner 2018-07-11 10:50:47 +00:00 committed by Git OBS Bridge
parent eb1406e636
commit 9049ba1cda
7 changed files with 19 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
polkit-0.114.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:bdf4007367d758fd794de2495975c115984d206267e52d1e6ac5ceea77e8ede6
size 1557340

16
polkit-0.114.tar.gz.sign
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
wsFcBAABCAAQBQJayUecCRDptRpmWCnWVQAAtzIQAD2kwEHFTiJt4TtqBm9DDS64
QNOE9+E4tTAQZlO+mwTtskQs/wojKDNpud+uhnhFWrMfmMGXVf2odz3PblhCmrsS
tYleKUlgV3aoBltelCvl9Xy0otrAZ0WygCKJpeyvzsN0FwiWhuVTLXofRnmUiCFP
jU847ldoawGw72tbH9qsFtEWRA+zbDT40ja1eO301JW5um6C+pKIs7MvNgSm4uEs
VnEGomUPmMY9I/6akcOBFrMovujWQKHP4sr99vWPsCwMy7Ju9+UvyhHPXFyh7yCq
AQePMOJxFnTT8tXlPyAxi+TO3ihokiqQhBY4wrRjguIm9MXaumasfuzN1LoHR7wy
Y73FAEjYWvf5BHChW5cqFjRYv29aNol/nyEKbF8HpKTt/FFOeUSlF3xWbMqP9xs7
tle13Ax1o22XIq05kPRM2FT6WK87IMAk/6qF669aUgbl3+36N0KFyt/NpA2M6Oiq
Z9grgYtNgOZPzFM+UJOYijaSDSFtPpwbdEJQpEPxVqsDJ6lRKbAv/SyvBgvkZM3A
IiUE4GN4c2JGAj+rHDzEjzjtNfT10qVeF31j2+5/uRGyR4dBeRUBclwSIz1zGLLS
mfFRsqGnPpOxFA79NVr41aMmjv5wXfcsKQWrBUIfbkCdhZ9Hrzd8ItMO0b6xnBZ6
348LpL6UknwI7dJA/HIv
=Yc4b
-----END PGP SIGNATURE-----

3
polkit-0.115.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2f87ecdabfbd415c6306673ceadc59846f059b18ef2fce42bac63fe283f12131
size 1550932

6
polkit-0.115.tar.gz.sign Normal file
View File

@ -0,0 +1,6 @@
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQTBl22e2Rp0WcvOUxRaM/Zgs4R53wUCW0S8UgAKCRBaM/Zgs4R5
3wNmAJ9YYc3MgbepSXr0mqWdiL93TmYMvwCeNf1e4EGsqndw9DP3CbpICMN7gV0=
=mAps
-----END PGP SIGNATURE-----

32
polkit-jsauthority-pass-format-string.patch
View File

@ -1,32 +0,0 @@
From 373705b35e7f6c7dc83de5e0a3ce11ecd15d0409 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@redhat.com>
Date: Tue, 3 Apr 2018 15:26:37 -0400
Subject: jsauthority: pass "%s" format string to remaining report function
commit 00adeee1b62 attempted to add a "%s" format string to the
two JS_Report invocations that needed it, but somehow only got
one them.
This commit gets the other one.
https://bugzilla.gnome.org/show_bug.cgi?id=105865
---
src/polkitbackend/polkitbackendjsauthority.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
index 9746c47..517f3c6 100644
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
@@ -1292,7 +1292,7 @@ js_polkit_log (JSContext *cx,
JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
s = JS_EncodeString (cx, args[0].toString ());
- JS_ReportWarningUTF8 (cx, s);
+ JS_ReportWarningUTF8 (cx, "%s", s);
JS_free (cx, s);
ret = true;
--
cgit v1.1

8
polkit.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Wed Jul 11 10:48:37 UTC 2018 - meissner@suse.com
- Update to version 0.115:
- Fix CVE-2018-1116: Trusting client-supplied UID (bsc#1099031)
- jsauthority: pass "%s" format string to remaining report function
(obsoletes polkit-jsauthority-pass-format-string.patch)
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Apr 9 22:38:39 UTC 2018 - bjorn.lie@gmail.com Mon Apr 9 22:38:39 UTC 2018 - bjorn.lie@gmail.com

7
polkit.spec
View File

@ -17,12 +17,12 @@
Name: polkit Name: polkit
Version: 0.114 Version: 0.115
Release: 0 Release: 0
Summary: PolicyKit Authorization Framework Summary: PolicyKit Authorization Framework
License: LGPL-2.1-or-later License: LGPL-2.1-or-later
Group: System/Libraries Group: System/Libraries
URL: http://www.freedesktop.org/wiki/Software/polkit/ Url: http://www.freedesktop.org/wiki/Software/polkit/
Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz Source0: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz
Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign Source1: http://www.freedesktop.org/software/polkit/releases/%{name}-%{version}.tar.gz.sign
Source2: %{name}.keyring Source2: %{name}.keyring
@ -34,8 +34,6 @@ Patch0: polkit-no-wheel-group.patch
Patch1: polkit-gettext.patch Patch1: polkit-gettext.patch
# PATCH-FIX-UPSTREAM pkexec.patch schwab@suse.de -- pkexec: allow --version and --help even if not setuid # PATCH-FIX-UPSTREAM pkexec.patch schwab@suse.de -- pkexec: allow --version and --help even if not setuid
Patch2: pkexec.patch Patch2: pkexec.patch
# PATCH-FIX-UPSTREAM polkit-jsauthority-pass-format-string.patch bgo#105865 bjorn.lie@gmail.com -- jsauthority: pass "%s" format string to remaining report function
Patch3: polkit-jsauthority-pass-format-string.patch
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: gtk-doc BuildRequires: gtk-doc
@ -119,7 +117,6 @@ This package provides the GObject Introspection bindings for PolicyKit.
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2 -p1
%patch3 -p1
%build %build
export V=1 export V=1