Bug 247730 (dbus-1.12.20)

Summary: [exp-run] update devel/dbus to 1.12.20
Product: Ports & Packages Reporter: Tobias C. Berner <tcberner>
Component: Individual Port(s)Assignee: Tobias C. Berner <tcberner>
Status: Closed FIXED    
Severity: Affects Only Me CC: desktop, gnome, kde, tcberner
Priority: --- Flags: antoine: exp-run+
Version: Latest   
Hardware: Any   
OS: Any   
URL: https://github.com/freebsd/freebsd-ports-kde/tree/dbus-1.12.20
See Also: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245151
Attachments:
Description Flags
v1 none

Description Tobias C. Berner freebsd_committer freebsd_triage 2020-07-03 06:37:27 UTC 
Created attachment 216155 [details]
v1

Moin moin 

desktop@ would like to ask for an exp-run to upgrade devel/dbus to 1.12.20.

The patch is attached, and can also be found here:
https://people.freebsd.org/~tcberner/patches/dbus-1.12.20.v1.diff


mfg Tobias
Comment 1 Antoine Brodin freebsd_committer freebsd_triage 2020-07-06 05:48:56 UTC 
Exp-run looks fine
Comment 2 Tobias C. Berner freebsd_committer freebsd_triage 2020-07-06 06:22:49 UTC 
Committed. Thanks for the exp-run.
Comment 3 commit-hook freebsd_committer freebsd_triage 2020-07-06 06:23:25 UTC 
A commit references this bug:

Author: tcberner
Date: Mon Jul  6 06:22:38 UTC 2020
New revision: 541312
URL: https://svnweb.freebsd.org/changeset/ports/541312

Log:
  devel/dbus: update to 1.12.20

  From upstreams changelog [1]:

  dbus 1.12.20 (2020-07-02)
  =========================

  The ?temporary nemesis? release.

  Maybe security fixes:

  ? On Unix, avoid a use-after-free if two usernames have the same
    numeric uid. In older versions this could lead to a crash (denial of
    service) or other undefined behaviour, possibly including incorrect
    authorization decisions if <policy group=...> is used.
    Like Unix filesystems, D-Bus' model of identity cannot distinguish
    between users of different names with the same numeric uid, so this
    configuration is not advisable on systems where D-Bus will be used.
    Thanks to Daniel Onaca.
    (dbus#305, dbus!166; Simon McVittie)

  Other fixes:

  ? On Solaris and its derivatives, if a cmsg header is truncated, ensure
    that we do not overrun the buffer used for fd-passing, even if the
    kernel tells us to.
    (dbus#304, dbus!165; Andy Fiddaman)

  [1] https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12/NEWS

  PR:		247730
  Exp-run by:	antoine
  MFH:		2020Q3

Changes:
  head/devel/dbus/Makefile
  head/devel/dbus/distinfo
  head/devel/dbus/pkg-plist
Comment 4 commit-hook freebsd_committer freebsd_triage 2020-07-06 06:50:32 UTC 
A commit references this bug:

Author: tcberner
Date: Mon Jul  6 06:50:05 UTC 2020
New revision: 541319
URL: https://svnweb.freebsd.org/changeset/ports/541319

Log:
  MFH: r541312

  devel/dbus: update to 1.12.20

  From upstreams changelog [1]:

  dbus 1.12.20 (2020-07-02)
  =========================

  The ?temporary nemesis? release.

  Maybe security fixes:

  ? On Unix, avoid a use-after-free if two usernames have the same
    numeric uid. In older versions this could lead to a crash (denial of
    service) or other undefined behaviour, possibly including incorrect
    authorization decisions if <policy group=...> is used.
    Like Unix filesystems, D-Bus' model of identity cannot distinguish
    between users of different names with the same numeric uid, so this
    configuration is not advisable on systems where D-Bus will be used.
    Thanks to Daniel Onaca.
    (dbus#305, dbus!166; Simon McVittie)

  Other fixes:

  ? On Solaris and its derivatives, if a cmsg header is truncated, ensure
    that we do not overrun the buffer used for fd-passing, even if the
    kernel tells us to.
    (dbus#304, dbus!165; Andy Fiddaman)

  [1] https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12/NEWS

  PR:		247730
  Exp-run by:	antoine

  Approved by:	ports-secteam (joneum)

Changes:
_U  branches/2020Q3/
  branches/2020Q3/devel/dbus/Makefile
  branches/2020Q3/devel/dbus/distinfo
  branches/2020Q3/devel/dbus/pkg-plist