Accepting request 131838 from home:thoenig:branches:Base:System
OBS-URL: https://build.opensuse.org/request/show/131838 OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=94
This commit is contained in:
parent
bd41959533
commit
ffa8a65bfb
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 27 13:54:45 CEST 2012 - thoenig@suse.de
|
||||
|
||||
- Add patch for CVE-2012-3524 to fix getenv() vulnerability in
|
||||
suids (bnc#697105)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 15 07:18:57 UTC 2012 - vuntz@opensuse.org
|
||||
|
||||
|
@ -55,6 +55,7 @@ Source4: baselibs.conf
|
||||
Patch0: dbus-log-deny.patch
|
||||
# PATCH-FIX-OPENSUSE coolo@suse.de -- force a feature configure won't accept without x11 in buildrequires
|
||||
Patch1: dbus-do-autolaunch.patch
|
||||
Patch2: dbus-cve-2012-3524.patch
|
||||
%if 0%{?suse_version} > 1100
|
||||
%bcond_without selinux
|
||||
%else
|
||||
@ -127,6 +128,7 @@ bus daemon).
|
||||
%setup -n %{_name}-%{version} -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
|
||||
%build
|
||||
autoreconf -fi
|
||||
|
28
dbus-cve-2012-3524.patch
Normal file
28
dbus-cve-2012-3524.patch
Normal file
@ -0,0 +1,28 @@
|
||||
--- dbus-1.5.12/configure.ac 2012-08-28 10:28:12.000000000 +0200
|
||||
+++ dbus-1.5.12/configure.ac 2012-08-28 10:28:17.000000000 +0200
|
||||
@@ -578,7 +578,7 @@
|
||||
AC_SEARCH_LIBS(socket,[socket network])
|
||||
AC_CHECK_FUNC(gethostbyname,,[AC_CHECK_LIB(nsl,gethostbyname)])
|
||||
|
||||
-AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull)
|
||||
+AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull __secure_getenv)
|
||||
|
||||
AC_CHECK_HEADERS([syslog.h])
|
||||
if test "x$ac_cv_header_syslog_h" = "xyes"; then
|
||||
--- dbus-1.5.12/dbus/dbus-sysdeps.c 2012-08-28 10:28:12.000000000 +0200
|
||||
+++ dbus-1.5.12/dbus/dbus-sysdeps.c 2012-08-28 10:28:17.000000000 +0200
|
||||
@@ -181,8 +181,12 @@
|
||||
*/
|
||||
const char*
|
||||
_dbus_getenv (const char *varname)
|
||||
-{
|
||||
- return getenv (varname);
|
||||
+{
|
||||
+#ifdef HAVE___SECURE_GETENV
|
||||
+ return __secure_getenv(varname);
|
||||
+#else
|
||||
+ return getenv(varname);
|
||||
+#endif
|
||||
}
|
||||
|
||||
/**
|
Loading…
Reference in New Issue
Block a user