From 6139f8c633a1f9b5e278490db0edf627d3e48bb28c1043bf0f8403bb41237ae1 Mon Sep 17 00:00:00 2001 From: Fridrich Strba Date: Mon, 10 Nov 2014 16:34:32 +0000 Subject: [PATCH] Security updated bnc#904017 OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=181 --- dbus-1-x11.changes | 10 ++++++++++ dbus-1-x11.spec | 2 +- dbus-1.8.10.tar.gz | 3 +++ dbus-1.8.8.tar.gz | 3 --- dbus-1.changes | 10 ++++++++++ dbus-1.spec | 2 +- 6 files changed, 25 insertions(+), 5 deletions(-) create mode 100644 dbus-1.8.10.tar.gz delete mode 100644 dbus-1.8.8.tar.gz diff --git a/dbus-1-x11.changes b/dbus-1-x11.changes index f4e0264..e7ee17d 100644 --- a/dbus-1-x11.changes +++ b/dbus-1-x11.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Mon Nov 10 16:26:24 UTC 2014 - fstrba@suse.com + +- Update to 1.8.10: + * Security fixes: + - Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536 + so that CVE-2014-3636 part A cannot exhaust the system bus' + file descriptors, completing the incomplete fix in 1.8.8. + (CVE-2014-7824, fd.o #85105; Simon McVittie, Alban Crequy) + ------------------------------------------------------------------- Tue Sep 30 08:20:50 UTC 2014 - fstrba@suse.com diff --git a/dbus-1-x11.spec b/dbus-1-x11.spec index e6cd344..52289b7 100644 --- a/dbus-1-x11.spec +++ b/dbus-1-x11.spec @@ -27,7 +27,7 @@ %define _unitdir %{_libexecdir}/systemd/system %endif Name: dbus-1-x11 -Version: 1.8.8 +Version: 1.8.10 Release: 0 Summary: D-Bus Message Bus System License: GPL-2.0+ or AFL-2.1 diff --git a/dbus-1.8.10.tar.gz b/dbus-1.8.10.tar.gz new file mode 100644 index 0000000..496dcb0 --- /dev/null +++ b/dbus-1.8.10.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:10bf87fdb68815edd01d53885101dbcdd80dacad7198912cca61a4fa22dfaf8e +size 1864902 diff --git a/dbus-1.8.8.tar.gz b/dbus-1.8.8.tar.gz deleted file mode 100644 index f428dfc..0000000 --- a/dbus-1.8.8.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:dfab263649a979d0fff64a30cac374891a8e9940350e41f3bbd7679af32bd1fd -size 1864881 diff --git a/dbus-1.changes b/dbus-1.changes index f4e0264..e7ee17d 100644 --- a/dbus-1.changes +++ b/dbus-1.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Mon Nov 10 16:26:24 UTC 2014 - fstrba@suse.com + +- Update to 1.8.10: + * Security fixes: + - Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536 + so that CVE-2014-3636 part A cannot exhaust the system bus' + file descriptors, completing the incomplete fix in 1.8.8. + (CVE-2014-7824, fd.o #85105; Simon McVittie, Alban Crequy) + ------------------------------------------------------------------- Tue Sep 30 08:20:50 UTC 2014 - fstrba@suse.com diff --git a/dbus-1.spec b/dbus-1.spec index 6eee676..5f63343 100644 --- a/dbus-1.spec +++ b/dbus-1.spec @@ -26,7 +26,7 @@ %define _unitdir %{_libexecdir}/systemd/system %endif Name: dbus-1 -Version: 1.8.8 +Version: 1.8.10 Release: 0 Summary: D-Bus Message Bus System License: GPL-2.0+ or AFL-2.1