./sysutils/dbus, Message bus system

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2014Q2, Version: 1.8.6, Package name: dbus-1.8.6, Maintainer: pkgsrc-users

D-BUS is a message bus, used for sending messages between applications.
Conceptually, it fits somewhere in between raw sockets and CORBA in terms
of complexity.

D-BUS supports broadcast messages, asynchronous messages (thus decreasing
latency), authentication, and more. It is designed to be low-overhead;
messages are sent using a binary protocol, not using XML. D-BUS also
supports a method call mapping for its messages, but it is not required;
this makes using the system quite simple.

This package provides the D-BUS core library and daemon, as well as
some utilities that complement it.

DEINSTALL [+/-]

Required to build:
[pkgtools/x11-links]

Package options: kqueue, x11

Master sites:

SHA1: ad7cb87cdce66533479a9d7c1c956bdb0243ad87
RMD160: 78dcfa48f4d780b27a8c144e481bc285fcf5fd62
Filesize: 1818.148 KB

Version history: (Expand)

CVS history: (Expand)


   2014-07-07 11:23:34 by Matthias Scheler | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #4442 - requested by wiz
sysutils/dbus: security update

Revisions pulled up:
- sysutils/dbus/Makefile                                        1.72
- sysutils/dbus/distinfo                                        1.57

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Sun Jul  6 14:54:32 UTC 2014

   Modified Files:
   	pkgsrc/sysutils/dbus: Makefile distinfo

   Log message:
   Update to 1.8.6:

   D-Bus 1.8.6 (2014-06-02)
   ==

   Security fixes:

   • On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, \ 
silently drop
     the message. This prevents an attack in which a malicious client can
     make dbus-daemon disconnect a system service, which is a local
     denial of service.
     (fd.o #80163, CVE-2014-3532; Alban Crequy)

   • Track remaining Unix file descriptors correctly when more than one
     message in quick succession contains fds. This prevents another attack
     in which a malicious client can make dbus-daemon disconnect a system
     service.
     (fd.o #79694, fd.o #80469, CVE-2014-3533; Alejandro Martínez Suárez,
     Simon McVittie, Alban Crequy)

   Other fixes:

   • When dbus-launch --exit-with-session starts a dbus-daemon but then cannot
     attach to a session, kill the dbus-daemon as intended
     (fd.o #74698, Роман Донченко)