diff mbox series

[kirkstone,10/29] dbus: upgrade 1.14.4 -> 1.14.6

Message ID 0623230fcdc02492c0a67506530b25438cf75c79.1677859897.git.steve@sakoman.com
State New, archived
Headers show
Series [kirkstone,01/29] binutils : Fix CVE-2023-22608 | expand

Commit Message

Steve Sakoman March 3, 2023, 4:17 p.m. UTC
From: Alexander Kanavin <alex.kanavin@gmail.com>

Denial of service fixes:

• Fix an incorrect assertion that could be used to crash dbus-daemon or
  other users of DBusServer prior to authentication, if libdbus was compiled
  with assertions enabled.
  We recommend that production builds of dbus, for example in OS distributions,
  should be compiled with checks but without assertions.
  (dbus#421, Ralf Habacker; thanks to Evgeny Vereshchagin)

Other fixes:

• When connected to a dbus-broker, stop dbus-monitor from incorrectly
  replying to Peer method calls that were sent to the dbus-broker with
  a NULL destination (dbus#301, Kai A. Hiller)

• Fix out-of-bounds varargs read in the dbus-daemon's config-parser.
  This is not attacker-triggerable and appears to be harmless in practice,
  but is technically undefined behaviour and is detected as such by
  AddressSanitizer. (dbus!357, Evgeny Vereshchagin)

• Avoid a data race in multi-threaded use of DBusCounter
  (dbus#426, Ralf Habacker)

• Fix a crash with some glibc versions when non-auditable SELinux events
  are logged (dbus!386, Jeremi Piotrowski)

• If dbus_message_demarshal() runs out of memory while validating a message,
  report it as NoMemory rather than InvalidArgs (dbus#420, Simon McVittie)

• Use C11 _Alignof if available, for better standards-compliance
  (dbus!389, Khem Raj)

• Stop including an outdated copy of pkg.m4 in the git tree
  (dbus!365, Simon McVittie)

• Documentation:
  · Consistently use Gitlab bug reporting URL (dbus!372, Marco Trevisan)

• Tests fixes:
  · Fix the test-apparmor-activation test after dbus#416
    (dbus!380, Dave Jones)

Internal changes:

• Fix CI builds with recent git versions (dbus#447, Simon McVittie)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
(cherry picked from commit 31245df3061c1a913bffe5e11ad6ac7fa9c83915)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
(cherry picked from commit 83e9bd1507fd5f79c680dde30b0f66df84cde6b0)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 meta/recipes-core/dbus/{dbus_1.14.4.bb => dbus_1.14.6.bb} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename meta/recipes-core/dbus/{dbus_1.14.4.bb => dbus_1.14.6.bb} (98%)
diff mbox series


diff --git a/meta/recipes-core/dbus/dbus_1.14.4.bb b/meta/recipes-core/dbus/dbus_1.14.6.bb
similarity index 98%
rename from meta/recipes-core/dbus/dbus_1.14.4.bb
rename to meta/recipes-core/dbus/dbus_1.14.6.bb
index 85db58e214..cc81047cef 100644
--- a/meta/recipes-core/dbus/dbus_1.14.4.bb
+++ b/meta/recipes-core/dbus/dbus_1.14.6.bb
@@ -14,9 +14,9 @@  SRC_URI = "https://dbus.freedesktop.org/releases/dbus/dbus-${PV}.tar.xz \
            file://run-ptest \
            file://tmpdir.patch \
            file://dbus-1.init \
+           "
-SRC_URI[sha256sum] = "7c0f9b8e5ec0ff2479383e62c0084a3a29af99edf1514e9f659b81b30d4e353e"
+SRC_URI[sha256sum] = "fd2bdf1bb89dc365a46531bff631536f22b0d1c6d5ce2c5c5e59b55265b3d66b"
 EXTRA_OECONF = "--disable-xml-docs \
                 --disable-doxygen-docs \