mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-06 18:09:44 +03:00
d8b37d4fec
Fixes the following security issue:
- CVE-2020-35512: On Unix, avoid a use-after-free if two usernames have the
same numeric uid. In older versions this could lead to a crash (denial of
service) or other undefined behaviour, possibly including incorrect
authorization decisions if <policy group=...> is used. Like Unix
filesystems, D-Bus' model of identity cannot distinguish between users of
different names with the same numeric uid, so this configuration is not
advisable on systems where D-Bus will be used.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit c80989aa9d)
[Peter: mention security fix]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
15 lines
338 B
Plaintext
15 lines
338 B
Plaintext
config BR2_PACKAGE_DBUS
|
|
bool "dbus"
|
|
depends on BR2_TOOLCHAIN_HAS_THREADS
|
|
# uses fork()
|
|
depends on BR2_USE_MMU
|
|
select BR2_PACKAGE_EXPAT
|
|
help
|
|
The D-Bus message bus system.
|
|
|
|
https://www.freedesktop.org/wiki/Software/dbus
|
|
|
|
comment "dbus needs a toolchain w/ threads"
|
|
depends on BR2_USE_MMU
|
|
depends on !BR2_TOOLCHAIN_HAS_THREADS
|