From: Apple <opensource@apple.com>
Date: Thu, 4 Aug 2016 19:00:45 +0000 (+0000)
Subject: Security-57337.60.2.tar.gz
X-Git-Tag: os-x-10116^0
X-Git-Url: https://git.saurik.com/apple/security.git/commitdiff_plain/ce3c8656732c924baf7e88df75eab50891bdc471

Security-57337.60.2.tar.gz
---

diff --git a/OSX/authd/authorization.plist b/OSX/authd/authorization.plist
index 4afb26f4..618ae61e 100644
--- a/OSX/authd/authorization.plist
+++ b/OSX/authd/authorization.plist
@@ -217,6 +217,17 @@ See remaining rules for examples.
             <key>shared</key>
             <false/>
         </dict>
+        <key>com.apple.Safari.allow-unsigned-app-extensions</key>
+        <dict>
+            <key>class</key>
+            <string>user</string>
+            <key>comment</key>
+            <string>This right is used by Safari to allow unsigned extensions in the Develop Menu.</string>
+            <key>session-owner</key>
+            <true/>
+            <key>shared</key>
+            <false/>
+        </dict>
         <key>com.apple.Safari.allow-javascript-in-smart-search-field</key>
         <dict>
             <key>class</key>
diff --git a/OSX/lib/en.lproj/authorization.prompts.strings b/OSX/lib/en.lproj/authorization.prompts.strings
index 5fb74261..2a7b73a3 100644
--- a/OSX/lib/en.lproj/authorization.prompts.strings
+++ b/OSX/lib/en.lproj/authorization.prompts.strings
@@ -58,6 +58,8 @@
 
 "com.apple.Safari.parental-controls" = "__APPNAME__ is trying to modify the Parental Controls settings for Safari.";
 
+"com.apple.Safari.allow-unsigned-app-extensions" = "__APPNAME__ is trying to allow unsigned extensions.";
+
 "com.apple.ServiceManagement.blesshelper" = "__APPNAME__ is trying to install a new helper tool.";
 
 "system.device.dvd.setregion.initial" = "__APPNAME__ is trying to set the DVD region code for the first time.";
diff --git a/OSX/libsecurity_sd_cspdl/lib/SDContext.cpp b/OSX/libsecurity_sd_cspdl/lib/SDContext.cpp
index 27881a9e..b6ebdc87 100644
--- a/OSX/libsecurity_sd_cspdl/lib/SDContext.cpp
+++ b/OSX/libsecurity_sd_cspdl/lib/SDContext.cpp
@@ -169,6 +169,22 @@ void SDSignatureContext::init(const Context &context, bool signing)
 			mDigestAlg = CSSM_ALGID_MD2;
 			mSigAlg = CSSM_ALGID_RSA;
 			break;
+		case CSSM_ALGID_SHA224WithRSA:
+			mDigestAlg = CSSM_ALGID_SHA224;
+			mSigAlg = CSSM_ALGID_RSA;
+			break;
+		case CSSM_ALGID_SHA256WithRSA:
+			mDigestAlg = CSSM_ALGID_SHA256;
+			mSigAlg = CSSM_ALGID_RSA;
+			break;
+		case CSSM_ALGID_SHA384WithRSA:
+			mDigestAlg = CSSM_ALGID_SHA384;
+			mSigAlg = CSSM_ALGID_RSA;
+			break;
+		case CSSM_ALGID_SHA512WithRSA:
+			mDigestAlg = CSSM_ALGID_SHA512;
+			mSigAlg = CSSM_ALGID_RSA;
+			break;
 		case CSSM_ALGID_RSA:				// Raw
 			mDigestAlg = CSSM_ALGID_NONE;
 			mSigAlg = CSSM_ALGID_RSA;