diff options
author | wiz <wiz> | 2015-01-05 23:25:20 +0000 |
---|---|---|
committer | wiz <wiz> | 2015-01-05 23:25:20 +0000 |
commit | 28b852935df5975efd7b667ec4ce22bad9191548 (patch) | |
tree | 1fa5f95c5b98960698b15d70098911cd76146583 /sysutils/dbus | |
parent | 2c54d7ab30e8e096344128d73d37ca064905ae64 (diff) | |
download | pkgsrc-28b852935df5975efd7b667ec4ce22bad9191548.tar.gz |
Update to 1.8.14:
D-Bus 1.8.14 (2015-01-05)
==
The “40lb of roofing nails” release.
Security hardening:
• Do not allow calls to UpdateActivationEnvironment from uids other than
the uid of the dbus-daemon. If a system service installs unsafe
security policy rules that allow arbitrary method calls
(such as CVE-2014-8148) then this prevents memory consumption and
possible privilege escalation via UpdateActivationEnvironment.
We believe that in practice, privilege escalation here is avoided
by dbus-daemon-launch-helper sanitizing its environment; but
it seems better to be safe.
• Do not allow calls to UpdateActivationEnvironment or the Stats interface
on object paths other than /org/freedesktop/DBus. Some system services
install unsafe security policy rules that allow arbitrary method calls
to any destination, method and interface with a specified object path;
while less bad than allowing arbitrary method calls, these security
policies are still harmful, since dbus-daemon normally offers the
same API on all object paths and other system services might behave
similarly.
Other fixes:
• Add missing initialization so GetExtendedTcpTable doesn't crash on
Windows Vista SP0 (fd.o #77008, Илья А. Ткаченко)
Diffstat (limited to 'sysutils/dbus')
-rw-r--r-- | sysutils/dbus/Makefile | 4 | ||||
-rw-r--r-- | sysutils/dbus/distinfo | 8 |
2 files changed, 6 insertions, 6 deletions
diff --git a/sysutils/dbus/Makefile b/sysutils/dbus/Makefile index 263d8da1177..f51ded8bc36 100644 --- a/sysutils/dbus/Makefile +++ b/sysutils/dbus/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.76 2014/12/01 10:59:40 wiz Exp $ +# $NetBSD: Makefile,v 1.77 2015/01/05 23:25:20 wiz Exp $ -DISTNAME= dbus-1.8.12 +DISTNAME= dbus-1.8.14 CATEGORIES= sysutils MASTER_SITES= http://dbus.freedesktop.org/releases/dbus/ diff --git a/sysutils/dbus/distinfo b/sysutils/dbus/distinfo index 94263964129..b2df1f8871a 100644 --- a/sysutils/dbus/distinfo +++ b/sysutils/dbus/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.61 2014/12/01 10:59:40 wiz Exp $ +$NetBSD: distinfo,v 1.62 2015/01/05 23:25:20 wiz Exp $ -SHA1 (dbus-1.8.12.tar.gz) = 9dc3003a53892b41eb61ade20051aba57be1b4b1 -RMD160 (dbus-1.8.12.tar.gz) = 21c658eef3d9505389771474f71f6dd3655ee27c -Size (dbus-1.8.12.tar.gz) = 1864609 bytes +SHA1 (dbus-1.8.14.tar.gz) = d0b84d6d7af47b8cad7f55befee8e9001daefe01 +RMD160 (dbus-1.8.14.tar.gz) = 3ffea8e91e91b8cd6c31a89fd4786fa99288eabd +Size (dbus-1.8.14.tar.gz) = 1866141 bytes SHA1 (patch-aa) = 0c3d145979e3b2358261c9f7f34701d02eb6ecd4 SHA1 (patch-ak) = 6d05ebde29acb3f6cb6f577dd2f2b734f590e8dd SHA1 (patch-al) = 57d08196e9daf49eb6bda2b30f019ce2cad77c6f |