kumquat-buildroot/package/dbus
Peter Korsgaard 992b106d1d package/dbus: security bump to version 1.12.16
Fixes the following security issues:

- CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
  authentication for identities that differ from the user running the
  DBusServer.  Previously, a local attacker could manipulate symbolic links
  in their own home directory to bypass authentication and connect to a
  DBusServer with elevated privileges.  The standard system and session
  dbus-daemons in their default configuration were immune to this attack
  because they did not allow DBUS_COOKIE_SHA1, but third-party users of
  DBusServer such as Upstart could be vulnerable.  Thanks to Joe Vennix of
  Apple Information Security.

  For details, see the advisory:
  https://www.openwall.com/lists/oss-security/2019/06/11/2

Also contains a number of other smaller fixes, including fixes for memory
leaks.  For details, see NEWS:

https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12/NEWS

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-06-13 21:12:11 +02:00
..
Config.in
dbus.hash package/dbus: security bump to version 1.12.16 2019-06-13 21:12:11 +02:00
dbus.mk package/dbus: security bump to version 1.12.16 2019-06-13 21:12:11 +02:00
S30dbus