aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Francois Perrad <fperrad@gmail.com>2021-01-09 13:17:19 +0100
committerGravatar Peter Korsgaard <peter@korsgaard.com>2021-01-11 22:46:25 +0100
commit8874dbc95ce58551f3401916e8af7e4d85fce743 (patch)
tree75c2cc95e64a569f4cf457eaf62900741d051bfe
parent8afc088c121dd4cf308a27bea401ea8728a18b05 (diff)
downloadbuildroot-8874dbc95ce58551f3401916e8af7e4d85fce743.tar.gz
buildroot-8874dbc95ce58551f3401916e8af7e4d85fce743.tar.bz2
package/dbus: security bump to version 1.12.20
Fixes the following security issue: - CVE-2020-35512: On Unix, avoid a use-after-free if two usernames have the same numeric uid. In older versions this could lead to a crash (denial of service) or other undefined behaviour, possibly including incorrect authorization decisions if <policy group=...> is used. Like Unix filesystems, D-Bus' model of identity cannot distinguish between users of different names with the same numeric uid, so this configuration is not advisable on systems where D-Bus will be used. Signed-off-by: Francois Perrad <francois.perrad@gadz.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit c80989aa9d6a638a8fc953320f255f367d017617) [Peter: mention security fix] Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--package/dbus/Config.in2
-rw-r--r--package/dbus/dbus.hash5
-rw-r--r--package/dbus/dbus.mk2
3 files changed, 5 insertions, 4 deletions
diff --git a/package/dbus/Config.in b/package/dbus/Config.in
index 653f7482f6..5650b5777b 100644
--- a/package/dbus/Config.in
+++ b/package/dbus/Config.in
@@ -7,7 +7,7 @@ config BR2_PACKAGE_DBUS
help
The D-Bus message bus system.
- http://www.freedesktop.org/wiki/Software/dbus
+ https://www.freedesktop.org/wiki/Software/dbus
comment "dbus needs a toolchain w/ threads"
depends on BR2_USE_MMU
diff --git a/package/dbus/dbus.hash b/package/dbus/dbus.hash
index cfa06301f6..06512e5656 100644
--- a/package/dbus/dbus.hash
+++ b/package/dbus/dbus.hash
@@ -1,6 +1,7 @@
# Locally calculated after checking pgp signature
-# https://dbus.freedesktop.org/releases/dbus/dbus-1.12.18.tar.gz.asc
+# https://dbus.freedesktop.org/releases/dbus/dbus-1.12.20.tar.gz.asc
# using key 36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F
-sha256 64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306 dbus-1.12.18.tar.gz
+sha256 f77620140ecb4cdc67f37fb444f8a6bea70b5b6461f12f1cbe2cec60fa7de5fe dbus-1.12.20.tar.gz
+
# Locally calculated
sha256 0e46f54efb12d04ab5c33713bacd0e140c9a35b57ae29e03c853203266e8f3a1 COPYING
diff --git a/package/dbus/dbus.mk b/package/dbus/dbus.mk
index 952eff1fc7..5a471eaa83 100644
--- a/package/dbus/dbus.mk
+++ b/package/dbus/dbus.mk
@@ -4,7 +4,7 @@
#
################################################################################
-DBUS_VERSION = 1.12.18
+DBUS_VERSION = 1.12.20
DBUS_SITE = https://dbus.freedesktop.org/releases/dbus
DBUS_LICENSE = AFL-2.1 or GPL-2.0+ (library, tools), GPL-2.0+ (tools)
DBUS_LICENSE_FILES = COPYING