|Summary:||x11/cde: Update to 2.4.0|
|Product:||Ports & Packages||Reporter:||Cy Schubert <cy>|
|Component:||Individual Port(s)||Assignee:||Cy Schubert <cy>|
|Severity:||Affects Many People||CC:||crees, ports-secteam|
|Priority:||Normal||Keywords:||needs-patch, needs-qa, security|
Description Cy Schubert 2021-07-12 23:39:21 UTC
Created attachment 226413 [details] Update cde to 2.4.0 CDE 2.4.0 was recently released. The attached patch updates CDE to 2.4.0. It builds on amd64 however fails to build on i386 due to varargs error, with support for this wanting on i386.
Comment 1 Kubilay Kocak 2021-07-13 01:49:22 UTC
^Triage: [tags] in issue Titles are deprecated Changelog notes, among many bugfixes: dtsession, DtSvc: fix CVE-2020-2696/VU#308289
Comment 2 Cy Schubert 2021-07-13 02:51:22 UTC
(In reply to Kubilay Kocak from comment #1) Sorry, I didn't check any release notes, just that git repo had a new tag.
Comment 3 Cy Schubert 2021-08-09 06:27:21 UTC
There's no maintainer feedback yet. Assigning this PR to myself for commit.
Comment 4 Chris Rees 2021-08-09 07:34:25 UTC
Ahhh, sorry, must have missed this. Please go ahead, of course- would you like to maintain it? :)
Comment 5 Cy Schubert 2021-08-09 17:39:51 UTC
Sure, I'd be glad to take it over. I'll pop the stash and commit, and push it with a bunch of other commits this week.
Comment 6 commit-hook 2021-08-09 20:16:51 UTC
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=49a90dc82f1fb8f49c98f505d3b6ac811ea47884 commit 49a90dc82f1fb8f49c98f505d3b6ac811ea47884 Author: Cy Schubert <cy@FreeBSD.org> AuthorDate: 2021-08-09 18:18:33 +0000 Commit: Cy Schubert <cy@FreeBSD.org> CommitDate: 2021-08-09 20:15:04 +0000 x11/cde: Update to 2.4.0 This commit updates x11/cde from 2.3.2 to 2.4.0. 2.4.0 fixes a local privilege escalation in dteseesion, DtSvc. Other changes include: - 2.4.0 builds under FreeBSD 14-CURRENT using both poudriere (as before) and now directly on the command line using make. - i386 is now broken because it cannot bind to a temporary of type va_list. - This commit also changes maintainership to myself (cy) as requested by crees (maintainer) in PR/257148. PR: 257148 Submitted by: cy Reported by: cy Approved by: crees MFH: 2021-Q3 Security: CVE-2020-2696/VU#308289 Security: VuXML: 848bdd06-f93a-11eb-9f7d-206a8a720317 x11/cde/Makefile | 10 +- x11/cde/distinfo | 6 +- .../files/patch-lib_DtSearch_raima_dbtype.h (gone) | 13 - x11/cde/files/patch-programs_dtcm_dtcm_calendarA.c | 13 +- x11/cde/pkg-plist | 4760 ++++++++++---------- 5 files changed, 2393 insertions(+), 2409 deletions(-)
Comment 7 Cy Schubert 2021-09-14 03:47:08 UTC