Upgrading to upstream 1.8.14 release
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=186
This commit is contained in:
parent
409bcf7d4f
commit
9333f96a64
@ -1,3 +1,30 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 6 07:57:14 UTC 2015 - fstrba@suse.com
|
||||
|
||||
- Update to 1.8.14
|
||||
* Security hardening:
|
||||
- Do not allow calls to UpdateActivationEnvironment from uids
|
||||
other than the uid of the dbus-daemon. If a system service
|
||||
installs unsafe security policy rules that allow arbitrary
|
||||
method calls (such as CVE-2014-8148) then this prevents
|
||||
memory consumption and possible privilege escalation via
|
||||
UpdateActivationEnvironment.
|
||||
We believe that in practice, privilege escalation here is
|
||||
avoided by dbus-daemon-launch-helper sanitizing its
|
||||
environment; but it seems better to be safe.
|
||||
- Do not allow calls to UpdateActivationEnvironment or the
|
||||
Stats interface on object paths other than
|
||||
/org/freedesktop/DBus. Some system services install unsafe
|
||||
security policy rules that allow arbitrary method calls to
|
||||
any destination, method and interface with a specified object
|
||||
path; while less bad than allowing arbitrary method calls,
|
||||
these security policies are still harmful, since dbus-daemon
|
||||
normally offers the same API on all object paths and other
|
||||
system services might behave similarly.
|
||||
* Other fixes:
|
||||
- Add missing initialization so GetExtendedTcpTable doesn't
|
||||
crash on Windows Vista SP0 (fdo#77008, Ilya A. Tkachenko)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 25 07:43:12 UTC 2014 - fstrba@suse.com
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package dbus-1-x11
|
||||
#
|
||||
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -27,7 +27,7 @@
|
||||
%define _unitdir %{_libexecdir}/systemd/system
|
||||
%endif
|
||||
Name: dbus-1-x11
|
||||
Version: 1.8.12
|
||||
Version: 1.8.14
|
||||
Release: 0
|
||||
Summary: D-Bus Message Bus System
|
||||
License: GPL-2.0+ or AFL-2.1
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:c91428f28d2925ba32d34ffc824bfcf4d40d5e1e67befc4bcf2202f0a862501e
|
||||
size 1864609
|
3
dbus-1.8.14.tar.gz
Normal file
3
dbus-1.8.14.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:83425250a6a4c93b9ab4a349771a7700e8ddff2d73a5a088222ca47ae9ce1f1a
|
||||
size 1866141
|
@ -1,3 +1,30 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 6 07:57:14 UTC 2015 - fstrba@suse.com
|
||||
|
||||
- Update to 1.8.14
|
||||
* Security hardening:
|
||||
- Do not allow calls to UpdateActivationEnvironment from uids
|
||||
other than the uid of the dbus-daemon. If a system service
|
||||
installs unsafe security policy rules that allow arbitrary
|
||||
method calls (such as CVE-2014-8148) then this prevents
|
||||
memory consumption and possible privilege escalation via
|
||||
UpdateActivationEnvironment.
|
||||
We believe that in practice, privilege escalation here is
|
||||
avoided by dbus-daemon-launch-helper sanitizing its
|
||||
environment; but it seems better to be safe.
|
||||
- Do not allow calls to UpdateActivationEnvironment or the
|
||||
Stats interface on object paths other than
|
||||
/org/freedesktop/DBus. Some system services install unsafe
|
||||
security policy rules that allow arbitrary method calls to
|
||||
any destination, method and interface with a specified object
|
||||
path; while less bad than allowing arbitrary method calls,
|
||||
these security policies are still harmful, since dbus-daemon
|
||||
normally offers the same API on all object paths and other
|
||||
system services might behave similarly.
|
||||
* Other fixes:
|
||||
- Add missing initialization so GetExtendedTcpTable doesn't
|
||||
crash on Windows Vista SP0 (fdo#77008, Ilya A. Tkachenko)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 25 07:43:12 UTC 2014 - fstrba@suse.com
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package dbus-1
|
||||
#
|
||||
# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -26,7 +26,7 @@
|
||||
%define _unitdir %{_libexecdir}/systemd/system
|
||||
%endif
|
||||
Name: dbus-1
|
||||
Version: 1.8.12
|
||||
Version: 1.8.14
|
||||
Release: 0
|
||||
Summary: D-Bus Message Bus System
|
||||
License: GPL-2.0+ or AFL-2.1
|
||||
|
Loading…
Reference in New Issue
Block a user