Created attachment 226413 [details] Update cde to 2.4.0 CDE 2.4.0 was recently released. The attached patch updates CDE to 2.4.0. It builds on amd64 however fails to build on i386 due to varargs error, with support for this wanting on i386.
^Triage: [tags] in issue Titles are deprecated Changelog notes, among many bugfixes: dtsession, DtSvc: fix CVE-2020-2696/VU#308289
(In reply to Kubilay Kocak from comment #1) Sorry, I didn't check any release notes, just that git repo had a new tag.
There's no maintainer feedback yet. Assigning this PR to myself for commit.
Ahhh, sorry, must have missed this. Please go ahead, of course- would you like to maintain it? :)
Sure, I'd be glad to take it over. I'll pop the stash and commit, and push it with a bunch of other commits this week.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=49a90dc82f1fb8f49c98f505d3b6ac811ea47884 commit 49a90dc82f1fb8f49c98f505d3b6ac811ea47884 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2021-08-09 18:18:33 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2021-08-09 20:15:04 +0000 x11/cde: Update to 2.4.0 This commit updates x11/cde from 2.3.2 to 2.4.0. 2.4.0 fixes a local privilege escalation in dteseesion, DtSvc. Other changes include: - 2.4.0 builds under FreeBSD 14-CURRENT using both poudriere (as before) and now directly on the command line using make. - i386 is now broken because it cannot bind to a temporary of type va_list. - This commit also changes maintainership to myself (cy) as requested by crees (maintainer) in PR/257148. PR: 257148 Submitted by: cy Reported by: cy Approved by: crees MFH: 2021-Q3 Security: CVE-2020-2696/VU#308289 Security: VuXML: 848bdd06-f93a-11eb-9f7d-206a8a720317 x11/cde/Makefile | 10 +- x11/cde/distinfo | 6 +- .../files/patch-lib_DtSearch_raima_dbtype.h (gone) | 13 - x11/cde/files/patch-programs_dtcm_dtcm_calendarA.c | 13 +- x11/cde/pkg-plist | 4760 ++++++++++---------- 5 files changed, 2393 insertions(+), 2409 deletions(-)
Committed.