Bug 247730 (dbus-1.12.20) - [exp-run] update devel/dbus to 1.12.20
Summary: [exp-run] update devel/dbus to 1.12.20
Status: Closed FIXED
Alias: dbus-1.12.20
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Tobias C. Berner
URL: https://github.com/freebsd/freebsd-po...
Keywords:
Depends on:
Blocks:
 
Reported: 2020-07-03 06:37 UTC by Tobias C. Berner
Modified: 2020-07-06 06:50 UTC (History)
4 users (show)

See Also:
antoine: exp-run+


Attachments
v1 (1.23 KB, patch)
2020-07-03 06:37 UTC, Tobias C. Berner
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Tobias C. Berner freebsd_committer 2020-07-03 06:37:27 UTC
Created attachment 216155 [details]
v1

Moin moin 

desktop@ would like to ask for an exp-run to upgrade devel/dbus to 1.12.20.

The patch is attached, and can also be found here:
https://people.freebsd.org/~tcberner/patches/dbus-1.12.20.v1.diff


mfg Tobias
Comment 1 Antoine Brodin freebsd_committer 2020-07-06 05:48:56 UTC
Exp-run looks fine
Comment 2 Tobias C. Berner freebsd_committer 2020-07-06 06:22:49 UTC
Committed. Thanks for the exp-run.
Comment 3 commit-hook freebsd_committer 2020-07-06 06:23:25 UTC
A commit references this bug:

Author: tcberner
Date: Mon Jul  6 06:22:38 UTC 2020
New revision: 541312
URL: https://svnweb.freebsd.org/changeset/ports/541312

Log:
  devel/dbus: update to 1.12.20

  From upstreams changelog [1]:

  dbus 1.12.20 (2020-07-02)
  =========================

  The ?temporary nemesis? release.

  Maybe security fixes:

  ? On Unix, avoid a use-after-free if two usernames have the same
    numeric uid. In older versions this could lead to a crash (denial of
    service) or other undefined behaviour, possibly including incorrect
    authorization decisions if <policy group=...> is used.
    Like Unix filesystems, D-Bus' model of identity cannot distinguish
    between users of different names with the same numeric uid, so this
    configuration is not advisable on systems where D-Bus will be used.
    Thanks to Daniel Onaca.
    (dbus#305, dbus!166; Simon McVittie)

  Other fixes:

  ? On Solaris and its derivatives, if a cmsg header is truncated, ensure
    that we do not overrun the buffer used for fd-passing, even if the
    kernel tells us to.
    (dbus#304, dbus!165; Andy Fiddaman)

  [1] https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12/NEWS

  PR:		247730
  Exp-run by:	antoine
  MFH:		2020Q3

Changes:
  head/devel/dbus/Makefile
  head/devel/dbus/distinfo
  head/devel/dbus/pkg-plist
Comment 4 commit-hook freebsd_committer 2020-07-06 06:50:32 UTC
A commit references this bug:

Author: tcberner
Date: Mon Jul  6 06:50:05 UTC 2020
New revision: 541319
URL: https://svnweb.freebsd.org/changeset/ports/541319

Log:
  MFH: r541312

  devel/dbus: update to 1.12.20

  From upstreams changelog [1]:

  dbus 1.12.20 (2020-07-02)
  =========================

  The ?temporary nemesis? release.

  Maybe security fixes:

  ? On Unix, avoid a use-after-free if two usernames have the same
    numeric uid. In older versions this could lead to a crash (denial of
    service) or other undefined behaviour, possibly including incorrect
    authorization decisions if <policy group=...> is used.
    Like Unix filesystems, D-Bus' model of identity cannot distinguish
    between users of different names with the same numeric uid, so this
    configuration is not advisable on systems where D-Bus will be used.
    Thanks to Daniel Onaca.
    (dbus#305, dbus!166; Simon McVittie)

  Other fixes:

  ? On Solaris and its derivatives, if a cmsg header is truncated, ensure
    that we do not overrun the buffer used for fd-passing, even if the
    kernel tells us to.
    (dbus#304, dbus!165; Andy Fiddaman)

  [1] https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12/NEWS

  PR:		247730
  Exp-run by:	antoine

  Approved by:	ports-secteam (joneum)

Changes:
_U  branches/2020Q3/
  branches/2020Q3/devel/dbus/Makefile
  branches/2020Q3/devel/dbus/distinfo
  branches/2020Q3/devel/dbus/pkg-plist