Hello community, here is the log from the commit of package nemo-extensions for openSUSE:Factory checked in at 2018-08-07 09:44:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nemo-extensions (Old) and /work/SRC/openSUSE:Factory/.nemo-extensions.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nemo-extensions" Tue Aug 7 09:44:08 2018 rev:12 rq:627732 version:3.8.0 Changes: -------- --- /work/SRC/openSUSE:Factory/nemo-extensions/nemo-extensions.changes 2018-05-11 09:16:05.971244600 +0200 +++ /work/SRC/openSUSE:Factory/.nemo-extensions.new/nemo-extensions.changes 2018-08-07 09:44:11.949427063 +0200 @@ -1,0 +2,7 @@ +Mon Aug 6 14:09:43 UTC 2018 - [email protected] + +- Add nemo-share-prevent-privilege-escalation.patch: Prevent + unprivileged users from adding other users to sambashare + (commit a831e7b, bsc#1084703). + +------------------------------------------------------------------- New: ---- nemo-share-prevent-privilege-escalation.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nemo-extensions.spec ++++++ --- /var/tmp/diff_new_pack.khoRbH/_old 2018-08-07 09:44:13.821430319 +0200 +++ /var/tmp/diff_new_pack.khoRbH/_new 2018-08-07 09:44:13.821430319 +0200 @@ -36,6 +36,8 @@ Patch2: nemo-seahorse_gpg-2.2.patch # PATCH-FIX-OPENSUSE nemo-gtkhash_openssl-1.1.patch [email protected] -- Add basic OpenSSL 1.1+ compatibility in nemo-gtkhash. Patch3: nemo-gtkhash_openssl-1.1.patch +# PATCH-FIX-UPSTREAM nemo-share-prevent-privilege-escalation.patch bsc#1084703 -- Prevent unprivileged users from adding other users to sambashare (commit a831e7b). +Patch4: nemo-share-prevent-privilege-escalation.patch BuildRequires: gettext-runtime BuildRequires: gnome-common BuildRequires: intltool @@ -51,9 +53,6 @@ BuildRequires: pkgconfig BuildRequires: python-devel BuildRequires: python-gtk-devel -BuildRequires: python2-distutils-extra -BuildRequires: python2-docutils -BuildRequires: python2-setuptools BuildRequires: update-desktop-files BuildRequires: pkgconfig(cinnamon-desktop) BuildRequires: pkgconfig(cjs-1.0) @@ -76,6 +75,15 @@ BuildRequires: pkgconfig(webkit2gtk-4.0) BuildRequires: pkgconfig(xreader-document-1.5) BuildRequires: pkgconfig(xreader-view-1.5) +%if 0%{?suse_version} >= 1500 +BuildRequires: python2-distutils-extra +BuildRequires: python2-docutils +BuildRequires: python2-setuptools +%else +BuildRequires: python-distutils-extra +BuildRequires: python-docutils +BuildRequires: python-setuptools +%endif %description Set of extensions for Nemo, the Cinnamon file manager. @@ -92,7 +100,6 @@ # nemo-python was last used in openSUSE 13.2. Provides: nemo-python = %{version} Obsoletes: nemo-python < %{version} - %if 0%{?suse_version} >= 1500 Provides: python2-nemo-devel = %{version} # python-nemo was last used in openSUSE Leap 42.3. @@ -363,6 +370,7 @@ %patch1 %patch2 %patch3 +%patch4 # Remove spurious executable permission. chmod a-x nemo-audio-tab/COPYING.GPL3 nemo-emblems/COPYING.GPL3 ++++++ nemo-share-prevent-privilege-escalation.patch ++++++ --- nemo-share.orig/src/install-samba +++ nemo-share/src/install-samba @@ -33,12 +33,20 @@ class Main: if __name__ == "__main__": ml = GLib.MainLoop.new(None, True) - if len(sys.argv) == 2: - user = sys.argv[1] - else: - uid = int(os.getenv("PKEXEC_UID")) + # prefer using the uid provided by pkexec to the command line argument. if + # a user authenticated via pkexec then he should only be able to add + # himself to the group. + uid = os.getenv("PKEXEC_UID", None) + + if uid != None: + uid = int(uid) passwd = pwd.getpwuid(uid) user = passwd[0] + elif len(sys.argv) == 2: + user = sys.argv[1] + else: + print("No target uid in environment or on command line found.") + exit(-1) main = Main(user) ml.run()
