Author: renodr Date: Wed Jun 12 20:59:08 2019 New Revision: 21678 Log: Update to dbus-1.12.16. This fixes CVE-2019-12749, an authentication bypass in DBUS.
Modified: trunk/BOOK/general/sysutils/dbus.xml trunk/BOOK/introduction/welcome/changelog.xml trunk/BOOK/packages.ent Modified: trunk/BOOK/general/sysutils/dbus.xml ============================================================================== --- trunk/BOOK/general/sysutils/dbus.xml Wed Jun 12 19:47:40 2019 (r21677) +++ trunk/BOOK/general/sysutils/dbus.xml Wed Jun 12 20:59:08 2019 (r21678) @@ -6,10 +6,11 @@ <!ENTITY dbus-download-http "https://dbus.freedesktop.org/releases/dbus/dbus-&dbus-version;.tar.gz";> <!ENTITY dbus-download-ftp " "> - <!ENTITY dbus-md5sum "ea11069521beeee4e47f0086596a43c8"> + <!ENTITY dbus-md5sum "2dbeae80dfc9e3632320c6a53d5e8890"> <!ENTITY dbus-size "2.0 MB"> - <!ENTITY dbus-buildsize "21 MB (add 8 MB for the tests)"> - <!ENTITY dbus-time "0.3 SBU (add 0.8 SBU for the tests)"> + <!ENTITY dbus-buildsize "21 MB (add 17 MB for the tests)"> + <!ENTITY dbus-time "0.3 SBU (add 8.5 SBU for the tests)"> + <!-- The former value was 0.8 SBU, which was far more sensible. --> ]> <sect1 id="dbus" xreflabel="dbus-&dbus-version;"> @@ -212,7 +213,7 @@ <para revision="sysv"> If you are still building your system in chroot or you did not start the daemon yet, but you want to compile some packages that require - <application>D-Bus</application>, generate + <application>D-Bus</application>, generate the <application>D-Bus</application> UUID to avoid warnings when compiling some packages with the following command as the <systemitem class="username">root</systemitem> user: @@ -513,7 +514,9 @@ <seg> /etc/dbus-1, /usr/{include,lib}/dbus-1.0, + /usr/lib/cmake/DBus1, /usr/share/dbus-1, + /usr/share/xml/dbus-1, /usr/share/doc/dbus-&dbus-version;, and /var/{lib,run}/dbus </seg> Modified: trunk/BOOK/introduction/welcome/changelog.xml ============================================================================== --- trunk/BOOK/introduction/welcome/changelog.xml Wed Jun 12 19:47:40 2019 (r21677) +++ trunk/BOOK/introduction/welcome/changelog.xml Wed Jun 12 20:59:08 2019 (r21678) @@ -45,6 +45,11 @@ <para>June 12th, 2019</para> <itemizedlist> <listitem> + <para>[renodr] - Update to dbus-1.12.16. This is a security update for + CVE-2019-12749, an authentication bypass issue. Fixes + <ulink url="&blfs-ticket-root;12073">#12073</ulink>.</para> + </listitem> + <listitem> <para>[renodr] - Update to sessreg-1.1.2 (Xorg Application). Fixes <ulink url="&blfs-ticket-root;12137">#12137</ulink>.</para> </listitem> Modified: trunk/BOOK/packages.ent ============================================================================== --- trunk/BOOK/packages.ent Wed Jun 12 19:47:40 2019 (r21677) +++ trunk/BOOK/packages.ent Wed Jun 12 20:59:08 2019 (r21678) @@ -271,7 +271,7 @@ <!ENTITY colord-version "1.4.4"> <!ENTITY cpio-version "2.12"> <!ENTITY cups-pk-helper-version "0.2.6"> -<!ENTITY dbus-version "1.12.12"> <!-- Even minors only --> +<!ENTITY dbus-version "1.12.16"> <!-- Even minors only --> <!ENTITY eudev-version "1.7"> <!ENTITY fcron-version "3.2.1"> <!ENTITY gpm-version "1.20.7"> -- http://lists.linuxfromscratch.org/listinfo/blfs-book FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
