* [Buildroot] [git commit branch/2020.05.x] package/dbus: security bump to version 1.12.18
@ 2020-07-13 7:06 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2020-07-13 7:06 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=fa0687fe791d826b05723981e809bec9192ec542
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2020.05.x
- Fix CVE-2020-12049: An issue was discovered in dbus >= 1.3.0 before
1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file
descriptors when a message exceeds the per-message file descriptor
limit. A local attacker with access to the D-Bus system bus or another
system service's private AF_UNIX socket could use this to make the
system service reach its file descriptor limit, denying service to
subsequent D-Bus clients.
- Also update indentation in hash file (two spaces)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 7cee9d2659b72683f2630d47a11a26e43b837fb9)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/dbus/dbus.hash | 6 +++---
package/dbus/dbus.mk | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/dbus/dbus.hash b/package/dbus/dbus.hash
index 9529d2e04f..cfa06301f6 100644
--- a/package/dbus/dbus.hash
+++ b/package/dbus/dbus.hash
@@ -1,6 +1,6 @@
# Locally calculated after checking pgp signature
-# https://dbus.freedesktop.org/releases/dbus/dbus-1.12.16.tar.gz.asc
+# https://dbus.freedesktop.org/releases/dbus/dbus-1.12.18.tar.gz.asc
# using key 36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F
-sha256 54a22d2fa42f2eb2a871f32811c6005b531b9613b1b93a0d269b05e7549fec80 dbus-1.12.16.tar.gz
+sha256 64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306 dbus-1.12.18.tar.gz
# Locally calculated
-sha256 0e46f54efb12d04ab5c33713bacd0e140c9a35b57ae29e03c853203266e8f3a1 COPYING
+sha256 0e46f54efb12d04ab5c33713bacd0e140c9a35b57ae29e03c853203266e8f3a1 COPYING
diff --git a/package/dbus/dbus.mk b/package/dbus/dbus.mk
index bb9f17a5e0..5c2a5fb2cc 100644
--- a/package/dbus/dbus.mk
+++ b/package/dbus/dbus.mk
@@ -4,7 +4,7 @@
#
################################################################################
-DBUS_VERSION = 1.12.16
+DBUS_VERSION = 1.12.18
DBUS_SITE = https://dbus.freedesktop.org/releases/dbus
DBUS_LICENSE = AFL-2.1 or GPL-2.0+ (library, tools), GPL-2.0+ (tools)
DBUS_LICENSE_FILES = COPYING
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2020-07-13 7:06 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-13 7:06 [Buildroot] [git commit branch/2020.05.x] package/dbus: security bump to version 1.12.18 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.