CVS commit: pkgsrc/sysutils/dbus

To: pkgsrc-changes%netbsd.org@localhost
Subject: CVS commit: pkgsrc/sysutils/dbus
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Sun, 6 Jul 2014 14:54:32 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Sun Jul  6 14:54:32 UTC 2014

Modified Files:
        pkgsrc/sysutils/dbus: Makefile distinfo

Log Message:
Update to 1.8.6:

D-Bus 1.8.6 (2014-06-02)
==

Security fixes:

• On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, silently drop
  the message. This prevents an attack in which a malicious client can
  make dbus-daemon disconnect a system service, which is a local
  denial of service.
  (fd.o #80163, CVE-2014-3532; Alban Crequy)

• Track remaining Unix file descriptors correctly when more than one
  message in quick succession contains fds. This prevents another attack
  in which a malicious client can make dbus-daemon disconnect a system
  service.
  (fd.o #79694, fd.o #80469, CVE-2014-3533; Alejandro Martínez Suárez,
  Simon McVittie, Alban Crequy)

Other fixes:

• When dbus-launch --exit-with-session starts a dbus-daemon but then cannot
  attach to a session, kill the dbus-daemon as intended
  (fd.o #74698, Роман Донченко)


To generate a diff of this commit:
cvs rdiff -u -r1.71 -r1.72 pkgsrc/sysutils/dbus/Makefile
cvs rdiff -u -r1.56 -r1.57 pkgsrc/sysutils/dbus/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Prev by Date: CVS commit: pkgsrc/databases/ruby-activerecord32
Next by Date: CVS commit: pkgsrc/lang/snobol
Previous by Thread: CVS commit: pkgsrc/databases/ruby-activerecord32
Next by Thread: CVS commit: pkgsrc/lang/snobol
Indexes:

Home | Main Index | Thread Index | Old Index