CVS commit: [pkgsrc-2014Q2] pkgsrc/sysutils/dbus

["Matthias Scheler" <tron%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   tron
Date:           Mon Jul  7 09:23:34 UTC 2014

Modified Files:
        pkgsrc/sysutils/dbus [pkgsrc-2014Q2]: Makefile distinfo

Log Message:
Pullup ticket #4442 - requested by wiz
sysutils/dbus: security update

Revisions pulled up:
- sysutils/dbus/Makefile                                        1.72
- sysutils/dbus/distinfo                                        1.57

---
   Module Name: pkgsrc
   Committed By:        wiz
   Date:                Sun Jul  6 14:54:32 UTC 2014

   Modified Files:
        pkgsrc/sysutils/dbus: Makefile distinfo

   Log Message:
   Update to 1.8.6:

   D-Bus 1.8.6 (2014-06-02)
   ==

   Security fixes:

   • On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, silently drop
     the message. This prevents an attack in which a malicious client can
     make dbus-daemon disconnect a system service, which is a local
     denial of service.
     (fd.o #80163, CVE-2014-3532; Alban Crequy)

   • Track remaining Unix file descriptors correctly when more than one
     message in quick succession contains fds. This prevents another attack
     in which a malicious client can make dbus-daemon disconnect a system
     service.
     (fd.o #79694, fd.o #80469, CVE-2014-3533; Alejandro Martínez Suárez,
     Simon McVittie, Alban Crequy)

   Other fixes:

   • When dbus-launch --exit-with-session starts a dbus-daemon but then cannot
     attach to a session, kill the dbus-daemon as intended
     (fd.o #74698, Роман Донченко)


To generate a diff of this commit:
cvs rdiff -u -r1.71 -r1.71.2.1 pkgsrc/sysutils/dbus/Makefile
cvs rdiff -u -r1.56 -r1.56.2.1 pkgsrc/sysutils/dbus/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.