diff options
| author | wiz <wiz@pkgsrc.org> | 2015-01-05 23:25:20 +0000 |
|---|---|---|
| committer | wiz <wiz@pkgsrc.org> | 2015-01-05 23:25:20 +0000 |
| commit | 1f07a9a7f5b3e06b9efbf832acb2c5ce41628c6c (patch) | |
| tree | 1fa5f95c5b98960698b15d70098911cd76146583 /sysutils/dbus/distinfo | |
| parent | c102a7767e988212f9792a48d7035baaa2ca72c7 (diff) | |
| download | pkgsrc-1f07a9a7f5b3e06b9efbf832acb2c5ce41628c6c.tar.gz | |
Update to 1.8.14:
D-Bus 1.8.14 (2015-01-05)
==
The “40lb of roofing nails” release.
Security hardening:
• Do not allow calls to UpdateActivationEnvironment from uids other than
the uid of the dbus-daemon. If a system service installs unsafe
security policy rules that allow arbitrary method calls
(such as CVE-2014-8148) then this prevents memory consumption and
possible privilege escalation via UpdateActivationEnvironment.
We believe that in practice, privilege escalation here is avoided
by dbus-daemon-launch-helper sanitizing its environment; but
it seems better to be safe.
• Do not allow calls to UpdateActivationEnvironment or the Stats interface
on object paths other than /org/freedesktop/DBus. Some system services
install unsafe security policy rules that allow arbitrary method calls
to any destination, method and interface with a specified object path;
while less bad than allowing arbitrary method calls, these security
policies are still harmful, since dbus-daemon normally offers the
same API on all object paths and other system services might behave
similarly.
Other fixes:
• Add missing initialization so GetExtendedTcpTable doesn't crash on
Windows Vista SP0 (fd.o #77008, Илья А. Ткаченко)
Diffstat (limited to 'sysutils/dbus/distinfo')
| -rw-r--r-- | sysutils/dbus/distinfo | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/sysutils/dbus/distinfo b/sysutils/dbus/distinfo index 94263964129..b2df1f8871a 100644 --- a/sysutils/dbus/distinfo +++ b/sysutils/dbus/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.61 2014/12/01 10:59:40 wiz Exp $ +$NetBSD: distinfo,v 1.62 2015/01/05 23:25:20 wiz Exp $ -SHA1 (dbus-1.8.12.tar.gz) = 9dc3003a53892b41eb61ade20051aba57be1b4b1 -RMD160 (dbus-1.8.12.tar.gz) = 21c658eef3d9505389771474f71f6dd3655ee27c -Size (dbus-1.8.12.tar.gz) = 1864609 bytes +SHA1 (dbus-1.8.14.tar.gz) = d0b84d6d7af47b8cad7f55befee8e9001daefe01 +RMD160 (dbus-1.8.14.tar.gz) = 3ffea8e91e91b8cd6c31a89fd4786fa99288eabd +Size (dbus-1.8.14.tar.gz) = 1866141 bytes SHA1 (patch-aa) = 0c3d145979e3b2358261c9f7f34701d02eb6ecd4 SHA1 (patch-ak) = 6d05ebde29acb3f6cb6f577dd2f2b734f590e8dd SHA1 (patch-al) = 57d08196e9daf49eb6bda2b30f019ce2cad77c6f |