Fix CVE-2014-7824

- Add patch from upstream to increase dbus-daemon's file descriptor limit to 65536, completing the incomplete fix for CVE-2014-3636

Fix CVE-2014-7824
- Add patch from upstream to increase dbus-daemon's file descriptor limit to 65536, completing the incomplete fix for CVE-2014-3636
bdc38fe6 · Simon McVittie · 9b9b8ddf · bdc38fe6 · bdc38fe6 · bdc38fe6
Commit bdc38fe6 authored Nov 06, 2014 by Simon McVittie
Showing with 436 additions and 5 deletions

changelog debian/changelog +8 -5

0001-CVE-2014-7824-set-fd-rlimit-to-64k-for-the-system-db.patch ...VE-2014-7824-set-fd-rlimit-to-64k-for-the-system-db.patch +426 -0

series debian/patches/series +2 -0

No files found.
--- a/debian/changelog
+++ b/debian/changelog
-dbus (1.6.8-1+deb7u5) UNRELEASED; urgency=medium
-
-  * Start 'dbus-daemon --system' as root under sysvinit (it already
-    starts as root under systemd), so it can increase its file
-    descriptor limit
+dbus (1.6.8-1+deb7u5) wheezy; urgency=medium
+
+  * Fix CVE-2014-7824:
+    - Start 'dbus-daemon --system' as root under sysvinit (it already
+      starts as root under systemd), so it can increase its file
+      descriptor limit
+    - Add patch from upstream to increase dbus-daemon's file descriptor
+      limit to 65536, completing the incomplete fix for CVE-2014-3636

 -- Simon McVittie <smcv@debian.org>  Thu, 06 Nov 2014 16:31:34 +0000


--- a/debian/patches/0001-CVE-2014-7824-set-fd-rlimit-to-64k-for-the-system-db.patch
+++ b/debian/patches/0001-CVE-2014-7824-set-fd-rlimit-to-64k-for-the-system-db.patch
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -13,3 +13,5 @@ If-loader-contains-two-messages-with-fds-don-t-corru.patch
 0007-DBusConnection-implements-_dbus_connection_set_pendi.patch
 0008-bus-enforce-pending_fd_timeout.patch
 0010-_dbus_read_socket_with_unix_fds-do-not-accept-extra-.patch
+
+0001-CVE-2014-7824-set-fd-rlimit-to-64k-for-the-system-db.patch