Page Menu
Home
Solus
Search
Configure Global Search
Log In
Files
F10954727
D3134.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
6 KB
Referenced Files
None
Subscribers
None
D3134.diff
View Options
diff --git a/files/security/cve-2018-12356.patch b/files/security/cve-2018-12356.patch
deleted file mode 100644
--- a/files/security/cve-2018-12356.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 8683403b77f59c56fcb1f05c61ab33b9fd61a30d Mon Sep 17 00:00:00 2001
-From: "Jason A. Donenfeld" <Jason@zx2c4.com>
-Date: Thu, 14 Jun 2018 15:05:53 +0200
-Subject: Ensure signature regexes are anchored
-
-Fixes CVE-2018-12356.
-
-Reported-by: Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
----
- src/password-store.sh | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/password-store.sh b/src/password-store.sh
-index 19b3124..b852d06 100755
---- a/src/password-store.sh
-+++ b/src/password-store.sh
-@@ -1,6 +1,6 @@
- #!/usr/bin/env bash
-
--# Copyright (C) 2012 - 2017 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
-+# Copyright (C) 2012 - 2018 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.
- # This file is licensed under the GPLv2+. Please see COPYING for more information.
-
- umask "${PASSWORD_STORE_UMASK:-077}"
-@@ -58,7 +58,7 @@ die() {
- verify_file() {
- [[ -n $PASSWORD_STORE_SIGNING_KEY ]] || return 0
- [[ -f $1.sig ]] || die "Signature for $1 does not exist."
-- local fingerprints="$($GPG $PASSWORD_STORE_GPG_OPTS --verify --status-fd=1 "$1.sig" "$1" 2>/dev/null | sed -n 's/\[GNUPG:\] VALIDSIG \([A-F0-9]\{40\}\) .* \([A-F0-9]\{40\}\)$/\1\n\2/p')"
-+ local fingerprints="$($GPG $PASSWORD_STORE_GPG_OPTS --verify --status-fd=1 "$1.sig" "$1" 2>/dev/null | sed -n 's/^\[GNUPG:\] VALIDSIG \([A-F0-9]\{40\}\) .* \([A-F0-9]\{40\}\)$/\1\n\2/p')"
- local fingerprint found=0
- for fingerprint in $PASSWORD_STORE_SIGNING_KEY; do
- [[ $fingerprint =~ ^[A-F0-9]{40}$ ]] || continue
-@@ -123,7 +123,7 @@ reencrypt_path() {
- IFS=";" eval 'GPG_RECIPIENTS+=( $group )' # http://unix.stackexchange.com/a/92190
- unset "GPG_RECIPIENTS[$index]"
- done
-- gpg_keys="$($GPG $PASSWORD_STORE_GPG_OPTS --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)"
-+ gpg_keys="$($GPG $PASSWORD_STORE_GPG_OPTS --list-keys --with-colons "${GPG_RECIPIENTS[@]}" | sed -n 's/^sub:[^:]*:[^:]*:[^:]*:\([^:]*\):[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[^:]*:[a-zA-Z]*e[a-zA-Z]*:.*/\1/p' | LC_ALL=C sort -u)"
- fi
- current_keys="$(LC_ALL=C $GPG $PASSWORD_STORE_GPG_OPTS -v --no-secmem-warning --no-permission-warning --decrypt --list-only --keyid-format long "$passfile" 2>&1 | sed -n 's/^gpg: public key is \([A-F0-9]\+\)$/\1/p' | LC_ALL=C sort -u)"
-
-@@ -334,7 +334,7 @@ cmd_init() {
- signing_keys+=( --default-key $key )
- done
- $GPG "${GPG_OPTS[@]}" "${signing_keys[@]}" --detach-sign "$gpg_id" || die "Could not sign .gpg_id."
-- key="$($GPG --verify --status-fd=1 "$gpg_id.sig" "$gpg_id" 2>/dev/null | sed -n 's/\[GNUPG:\] VALIDSIG [A-F0-9]\{40\} .* \([A-F0-9]\{40\}\)$/\1/p')"
-+ key="$($GPG --verify --status-fd=1 "$gpg_id.sig" "$gpg_id" 2>/dev/null | sed -n 's/^\[GNUPG:\] VALIDSIG [A-F0-9]\{40\} .* \([A-F0-9]\{40\}\)$/\1/p')"
- [[ -n $key ]] || die "Signing of .gpg_id unsuccessful."
- git_add_file "$gpg_id.sig" "Signing new GPG id with ${key//[$IFS]/,}."
- fi
---
-cgit v1.1-37-gf5b9
diff --git a/package.yml b/package.yml
--- a/package.yml
+++ b/package.yml
@@ -1,8 +1,8 @@
name : password-store
-version : 1.7.1
-release : 8
+version : 1.7.2
+release : 9
source :
- - https://git.zx2c4.com/password-store/snapshot/password-store-1.7.1.tar.xz : f6d2199593398aaefeaa55e21daddfb7f1073e9e096af6d887126141e99d9869
+ - https://git.zx2c4.com/password-store/snapshot/password-store-1.7.2.tar.xz : 4768c5e1965c4d2aeb28818681e484fb105b6f46cbd75a97608615c4ec6980ea
license : GPL-2.0
component : security
summary : Stores, retrieves, generates, and synchronizes passwords securely.
@@ -13,8 +13,6 @@
- gnupg
- tree
- xclip
-setup : |
- %patch -p1 < $pkgfiles/security/cve-2018-12356.patch
install : |
%make_install WITH_BASHCOMP=yes WITH_ZSHCOMP=yes WITH_FISHCOMP=yes
install -Dm00755 $installdir/usr/bin/pass $installdir/usr/bin/password-store
diff --git a/pspec_x86_64.xml b/pspec_x86_64.xml
--- a/pspec_x86_64.xml
+++ b/pspec_x86_64.xml
@@ -2,8 +2,8 @@
<Source>
<Name>password-store</Name>
<Packager>
- <Name>Peter O'Connor</Name>
- <Email>peter@solus-project.com</Email>
+ <Name>Justin Berthault</Name>
+ <Email>justin.berthault@zaclys.net</Email>
</Packager>
<License>GPL-2.0</License>
<PartOf>security</PartOf>
@@ -19,24 +19,27 @@
</Description>
<PartOf>security</PartOf>
<Files>
- <Path fileType="executable">/usr/bin</Path>
+ <Path fileType="executable">/usr/bin/pass</Path>
+ <Path fileType="executable">/usr/bin/passmenu</Path>
+ <Path fileType="executable">/usr/bin/password-store</Path>
<Path fileType="library">/usr/lib/password-store/extensions</Path>
<Path fileType="data">/usr/share/bash-completion/completions/pass</Path>
<Path fileType="data">/usr/share/bash-completion/completions/password-store</Path>
<Path fileType="data">/usr/share/fish/vendor_completions.d/pass.fish</Path>
<Path fileType="data">/usr/share/fish/vendor_completions.d/password-store.fish</Path>
- <Path fileType="man">/usr/share/man</Path>
+ <Path fileType="man">/usr/share/man/man1/pass.1</Path>
+ <Path fileType="man">/usr/share/man/man1/password-store.1</Path>
<Path fileType="data">/usr/share/zsh/site-functions/_pass</Path>
<Path fileType="data">/usr/share/zsh/site-functions/_password-store</Path>
</Files>
</Package>
<History>
- <Update release="8">
- <Date>2018-06-15</Date>
- <Version>1.7.1</Version>
+ <Update release="9">
+ <Date>2018-06-22</Date>
+ <Version>1.7.2</Version>
<Comment>Packaging update</Comment>
- <Name>Peter O'Connor</Name>
- <Email>peter@solus-project.com</Email>
+ <Name>Justin Berthault</Name>
+ <Email>justin.berthault@zaclys.net</Email>
</Update>
</History>
</PISI>
\ No newline at end of file
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Tue, Jul 18, 3:37 AM (3 w, 3 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
5802851
Default Alt Text
D3134.diff (6 KB)
Attached To
Mode
D3134: Update password-store to 1.7.2
Attached
Detach File
Event Timeline
Log In to Comment