diff options
| author | wiz <wiz@pkgsrc.org> | 2016-10-10 13:16:44 +0000 |
|---|---|---|
| committer | wiz <wiz@pkgsrc.org> | 2016-10-10 13:16:44 +0000 |
| commit | 81e096a5f3ffb22631824469590d12ae950320d9 (patch) | |
| tree | d98d9a6ab9920744ff4b8c9129cade957e1cdee5 /sysutils/dbus | |
| parent | 1721e730f22d1f3c8b3fabf0b88f95718f7b1e44 (diff) | |
| download | pkgsrc-81e096a5f3ffb22631824469590d12ae950320d9.tar.gz | |
Updated dbus to 1.10.12.
D-Bus 1.10.12 (2016-10-10)
==
The “not excessively inhospitable” release.
Security fixes:
• Do not treat ActivationFailure message received from root-owned systemd
name as a format string. In principle this is a security vulnerability,
but we do not believe it is exploitable in practice, because only
privileged processes can own the org.freedesktop.systemd1 bus name, and
systemd does not appear to send activation failures that contain "%".
Please note that this probably *was* exploitable in dbus versions
older than 1.6.30, 1.8.16 and 1.9.10 due to a missing check which at
the time was only thought to be a denial of service vulnerability
(CVE-2015-0245). If you are still running one of those versions,
patch or upgrade immediately.
(fd.o #98157, Simon McVittie)
Other fixes:
• Harden dbus-daemon against malicious or incorrect ActivationFailure
messages by rejecting them if they do not come from a privileged
process, or if systemd activation is not enabled
(fd.o #98157, Simon McVittie)
• Avoid undefined behaviour when setting reply serial number without going
via union DBusBasicValue (fd.o #98035, Marc Mutz)
• autogen.sh: fail cleanly if autoconf fails (Simon McVittie)
Diffstat (limited to 'sysutils/dbus')
| -rw-r--r-- | sysutils/dbus/Makefile | 4 | ||||
| -rw-r--r-- | sysutils/dbus/distinfo | 10 |
2 files changed, 7 insertions, 7 deletions
diff --git a/sysutils/dbus/Makefile b/sysutils/dbus/Makefile index 7e39612c354..d25442333a9 100644 --- a/sysutils/dbus/Makefile +++ b/sysutils/dbus/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.101 2016/08/22 13:35:36 wiz Exp $ +# $NetBSD: Makefile,v 1.102 2016/10/10 13:16:44 wiz Exp $ -DISTNAME= dbus-1.10.10 +DISTNAME= dbus-1.10.12 CATEGORIES= sysutils MASTER_SITES= http://dbus.freedesktop.org/releases/dbus/ diff --git a/sysutils/dbus/distinfo b/sysutils/dbus/distinfo index 7552c159e19..6922010a22e 100644 --- a/sysutils/dbus/distinfo +++ b/sysutils/dbus/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.75 2016/08/22 13:35:36 wiz Exp $ +$NetBSD: distinfo,v 1.76 2016/10/10 13:16:44 wiz Exp $ -SHA1 (dbus-1.10.10.tar.gz) = f1236d1e7ab7ff26c704fa0069c7b50d3c8f0a4b -RMD160 (dbus-1.10.10.tar.gz) = 178eada54957780857792bc37233af4c953b8843 -SHA512 (dbus-1.10.10.tar.gz) = 8875c43d1f100461c3482a247f1a9d3ffd4377ae81e97676e0111d57f0393d53beeebb965c8a06054bf3af1ae4c72e1e456fdbc42c7ababc4e153e5ce7c23489 -Size (dbus-1.10.10.tar.gz) = 1984077 bytes +SHA1 (dbus-1.10.12.tar.gz) = 0236000d0eccae6a8b622ead67fdcbe6f88c3f0c +RMD160 (dbus-1.10.12.tar.gz) = b9e41301165810ae3b413da929b90de0815a9c75 +SHA512 (dbus-1.10.12.tar.gz) = 6616c7b2926a6fb6158d0a0a24d1b887173ca215a2f3185b95cc5f08df64fed1977e16c86c6ae530960453b6c585ae24ea4c9976e7537a45f9c6366c43baa52d +Size (dbus-1.10.12.tar.gz) = 1984805 bytes SHA1 (patch-ak) = ebb0c291297577a9cff246e7bc71412bf6157254 SHA1 (patch-al) = c70be84ae79698cc4d83087427646bfb0500f194 SHA1 (patch-am) = ed334bc76911c9db9f5472c58fb762c56255c5b4 |