Fixed potential security issue reported by Heiner Markert. Do not allow the cruid option to be entered via the "Additional options" line edit. Also, implement a check in Smb4KMountJob::createMountAction() that removes the cruid option from the custom options returned by Smb4KSettings::customCIFSOptions(). Full Release Notes: http://sourceforge.net/projects/smb4k/files/Smb4K%20%28stable%20releases%29/1.1.1/ Reproducible: Always
The new version works for me. Upstream changed source archiv to tar.xz So the following small patch is neccesary: --- smb4k-1.1.0.ebuild 2014-01-07 20:34:47.000000000 +0100 +++ smb4k-1.1.1.ebuild 2014-03-22 20:41:44.122210840 +0100 @@ -13,7 +13,7 @@ DESCRIPTION="The advanced network neighborhood browser for KDE" HOMEPAGE="http://sourceforge.net/projects/smb4k/" -SRC_URI="mirror://sourceforge/${PN}/${P}.tar.bz2" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.xz" LICENSE="GPL-2" SLOT="4"
Thank you for reporting. This is bumped in cvs now. + + 23 Mar 2014; Johannes Huber <johu@gentoo.org> +smb4k-1.1.1.ebuild: + Version bump wrt bug #505376. +
Arches please stabilize =net-misc/smb4k-1.1.1
Apparently cruid is used to set the uid of the owner of the credentials cache.
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
+ 23 Mar 2014; Michael Palimaka <kensington@gentoo.org> -smb4k-1.0.9.ebuild, + -smb4k-1.1.0.ebuild: + Remove old.
GLSA vote: no
GLSA Vote: No No GLSA - Closing Bug as Resolved