Bug 257148

Summary: x11/cde: Update to 2.4.0
Product: Ports & Packages Reporter: Cy Schubert <cy>
Component: Individual Port(s)Assignee: Cy Schubert <cy>
Status: Closed FIXED    
Severity: Affects Many People CC: crees, ports-secteam
Priority: Normal Keywords: needs-patch, needs-qa, security
Version: LatestFlags: crees: maintainer-feedback+
koobs: merge-quarterly?
Hardware: Any   
OS: Any   
URL: https://sourceforge.net/p/cdesktopenv/mailman/message/37314519/
Description Flags
Update cde to 2.4.0 none

Description Cy Schubert freebsd_committer 2021-07-12 23:39:21 UTC
Created attachment 226413 [details]
Update cde to 2.4.0

CDE 2.4.0 was recently released. The attached patch updates CDE to 2.4.0.

It builds on amd64 however fails to build on i386 due to varargs error, with support for this wanting on i386.
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2021-07-13 01:49:22 UTC
^Triage: [tags] in issue Titles are deprecated

Changelog notes, among many bugfixes:

    dtsession, DtSvc: fix CVE-2020-2696/VU#308289
Comment 2 Cy Schubert freebsd_committer 2021-07-13 02:51:22 UTC
(In reply to Kubilay Kocak from comment #1)

Sorry, I didn't check any release notes, just that git repo had a new tag.
Comment 3 Cy Schubert freebsd_committer 2021-08-09 06:27:21 UTC
There's no maintainer feedback yet. Assigning this PR to myself for commit.
Comment 4 Chris Rees freebsd_committer 2021-08-09 07:34:25 UTC
Ahhh, sorry, must have missed this.  Please go ahead, of course- would you like to maintain it? :)
Comment 5 Cy Schubert freebsd_committer 2021-08-09 17:39:51 UTC
Sure, I'd be glad to take it over.

I'll pop the stash and commit, and push it with a bunch of other commits this week.
Comment 6 commit-hook freebsd_committer 2021-08-09 20:16:51 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=49a90dc82f1fb8f49c98f505d3b6ac811ea47884

commit 49a90dc82f1fb8f49c98f505d3b6ac811ea47884
Author:     Cy Schubert <cy@FreeBSD.org>
AuthorDate: 2021-08-09 18:18:33 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2021-08-09 20:15:04 +0000

    x11/cde: Update to 2.4.0

    This commit updates x11/cde from 2.3.2 to 2.4.0. 2.4.0 fixes a local
    privilege escalation in dteseesion, DtSvc.

    Other changes include:

    - 2.4.0 builds under FreeBSD 14-CURRENT using both poudriere (as before)
      and now directly on the command line using make.

    - i386 is now broken because it cannot bind to a temporary of type va_list.

    - This commit also changes maintainership to myself (cy) as requested
      by crees (maintainer) in PR/257148.

    PR:             257148
    Submitted by:   cy
    Reported by:    cy
    Approved by:    crees
    MFH:            2021-Q3
    Security:       CVE-2020-2696/VU#308289
    Security:       VuXML: 848bdd06-f93a-11eb-9f7d-206a8a720317

 x11/cde/Makefile                                   |   10 +-
 x11/cde/distinfo                                   |    6 +-
 .../files/patch-lib_DtSearch_raima_dbtype.h (gone) |   13 -
 x11/cde/files/patch-programs_dtcm_dtcm_calendarA.c |   13 +-
 x11/cde/pkg-plist                                  | 4760 ++++++++++----------
 5 files changed, 2393 insertions(+), 2409 deletions(-)
Comment 7 Cy Schubert freebsd_committer 2021-09-14 03:47:08 UTC