Patches for CVE-2019-6454

2019-02-20 17:32:50 +01:00 · 2019-02-20 17:32:50 +01:00 · cda068c40d
parent 922e5d4fa4
commit cda068c40d
2 changed files with 8 additions and 4 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (systemd-241.tar.gz) = a7757574590e8aa37e1291ea0b2c5eb03a8d8062fe9462fa5b0bf50830c933e2b301d106c70d904f94afc0aa8e43a8acfd11926dfa25b1b89174580e491e545e
+SHA512 (systemd-a09c170.tar.gz) = e63057a0c951dea20e4fabe3485952823b38e80c62fa94f4a5e7b53d08e5995539bbbfbff72eaf033685dfc80f27a029c81912584aae10a5b3e6c24b64c51d25
--- a/systemd.spec
+++ b/systemd.spec
@ -1,7 +1,7 @@
-#global commit f02b5472c6f0c41e5dc8dc2c84590866baf937ff
+%global commit a09c170122cf3b37c3e4431bf082f9dbdc07fc70
 %{?commit:%global shortcommit %(c=%{commit}; echo ${c:0:7})}

-#global stable 1
+%global stable 1

 # We ship a .pc file but don't want to have a dep on pkg-config. We
 # strip the automatically generated dep here and instead co-own the
@ -15,7 +15,7 @@
 Name:           systemd
 Url:            https://www.freedesktop.org/wiki/Software/systemd
 Version:        241
-Release:        1%{?commit:.git%{shortcommit}}%{?dist}
+Release:        2%{?commit:.git%{shortcommit}}%{?dist}
 # For a breakdown of the licensing, see README
 License:        LGPLv2+ and MIT and GPLv2+
 Summary:        System and Service Manager
@ -695,6 +695,10 @@ fi
 %files tests -f .file-list-tests

 %changelog
+* Wed Feb 20 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 241-2.gita09c170
+- Prevent buffer overread in systemd-udevd
+- Properly validate dbus paths received over dbus (#1678394, CVE-2019-6454)
+
 * Sat Feb  9 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 241~rc2-2
 - Turn LTO back on