mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-02 21:48:20 +03:00
992b106d1d
Fixes the following security issues: - CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1 authentication for identities that differ from the user running the DBusServer. Previously, a local attacker could manipulate symbolic links in their own home directory to bypass authentication and connect to a DBusServer with elevated privileges. The standard system and session dbus-daemons in their default configuration were immune to this attack because they did not allow DBUS_COOKIE_SHA1, but third-party users of DBusServer such as Upstart could be vulnerable. Thanks to Joe Vennix of Apple Information Security. For details, see the advisory: https://www.openwall.com/lists/oss-security/2019/06/11/2 Also contains a number of other smaller fixes, including fixes for memory leaks. For details, see NEWS: https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12/NEWS Signed-off-by: Peter Korsgaard <peter@korsgaard.com>