CVS commit: pkgsrc/sysutils/dbus

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/sysutils/dbus
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Mon, 10 Oct 2016 13:16:44 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Mon Oct 10 13:16:44 UTC 2016

Modified Files:
        pkgsrc/sysutils/dbus: Makefile distinfo

Log Message:
Updated dbus to 1.10.12.

D-Bus 1.10.12 (2016-10-10)
==

The “not excessively inhospitable” release.

Security fixes:

• Do not treat ActivationFailure message received from root-owned systemd
  name as a format string. In principle this is a security vulnerability,
  but we do not believe it is exploitable in practice, because only
  privileged processes can own the org.freedesktop.systemd1 bus name, and
  systemd does not appear to send activation failures that contain "%".

  Please note that this probably *was* exploitable in dbus versions
  older than 1.6.30, 1.8.16 and 1.9.10 due to a missing check which at
  the time was only thought to be a denial of service vulnerability
  (CVE-2015-0245). If you are still running one of those versions,
  patch or upgrade immediately.

  (fd.o #98157, Simon McVittie)

Other fixes:

• Harden dbus-daemon against malicious or incorrect ActivationFailure
  messages by rejecting them if they do not come from a privileged
  process, or if systemd activation is not enabled
  (fd.o #98157, Simon McVittie)

• Avoid undefined behaviour when setting reply serial number without going
  via union DBusBasicValue (fd.o #98035, Marc Mutz)

• autogen.sh: fail cleanly if autoconf fails (Simon McVittie)


To generate a diff of this commit:
cvs rdiff -u -r1.101 -r1.102 pkgsrc/sysutils/dbus/Makefile
cvs rdiff -u -r1.75 -r1.76 pkgsrc/sysutils/dbus/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/sysutils/dbus/Makefile
diff -u pkgsrc/sysutils/dbus/Makefile:1.101 pkgsrc/sysutils/dbus/Makefile:1.102
--- pkgsrc/sysutils/dbus/Makefile:1.101 Mon Aug 22 13:35:36 2016
+++ pkgsrc/sysutils/dbus/Makefile       Mon Oct 10 13:16:44 2016
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.101 2016/08/22 13:35:36 wiz Exp $
+# $NetBSD: Makefile,v 1.102 2016/10/10 13:16:44 wiz Exp $
 
-DISTNAME=      dbus-1.10.10
+DISTNAME=      dbus-1.10.12
 CATEGORIES=    sysutils
 MASTER_SITES=  http://dbus.freedesktop.org/releases/dbus/
 

Index: pkgsrc/sysutils/dbus/distinfo
diff -u pkgsrc/sysutils/dbus/distinfo:1.75 pkgsrc/sysutils/dbus/distinfo:1.76
--- pkgsrc/sysutils/dbus/distinfo:1.75  Mon Aug 22 13:35:36 2016
+++ pkgsrc/sysutils/dbus/distinfo       Mon Oct 10 13:16:44 2016
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.75 2016/08/22 13:35:36 wiz Exp $
+$NetBSD: distinfo,v 1.76 2016/10/10 13:16:44 wiz Exp $
 
-SHA1 (dbus-1.10.10.tar.gz) = f1236d1e7ab7ff26c704fa0069c7b50d3c8f0a4b
-RMD160 (dbus-1.10.10.tar.gz) = 178eada54957780857792bc37233af4c953b8843
-SHA512 (dbus-1.10.10.tar.gz) = 8875c43d1f100461c3482a247f1a9d3ffd4377ae81e97676e0111d57f0393d53beeebb965c8a06054bf3af1ae4c72e1e456fdbc42c7ababc4e153e5ce7c23489
-Size (dbus-1.10.10.tar.gz) = 1984077 bytes
+SHA1 (dbus-1.10.12.tar.gz) = 0236000d0eccae6a8b622ead67fdcbe6f88c3f0c
+RMD160 (dbus-1.10.12.tar.gz) = b9e41301165810ae3b413da929b90de0815a9c75
+SHA512 (dbus-1.10.12.tar.gz) = 6616c7b2926a6fb6158d0a0a24d1b887173ca215a2f3185b95cc5f08df64fed1977e16c86c6ae530960453b6c585ae24ea4c9976e7537a45f9c6366c43baa52d
+Size (dbus-1.10.12.tar.gz) = 1984805 bytes
 SHA1 (patch-ak) = ebb0c291297577a9cff246e7bc71412bf6157254
 SHA1 (patch-al) = c70be84ae79698cc4d83087427646bfb0500f194
 SHA1 (patch-am) = ed334bc76911c9db9f5472c58fb762c56255c5b4

Prev by Date: CVS commit: pkgsrc/databases/mongodb
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/databases/mongodb
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index