Navigation:
Browse pkgsrc
(this page) 2021-03-29 23:00:18 by Thomas Klausner | Files touched by this commit (5) |  |
Log message: dbus: switch from pkgsrc-only var/db/dbus to default var/lib/dbus This path is what other code, notably glib2, expects. While here, remove a compatibility patch for NetBSD 5/6. Bump PKGREVISION. |
| 2021-03-14 09:31:17 by Nia Alarie | Files touched by this commit (3) |
Log message: dbus: Simplify MESSAGE, make it only appear for INIT_SYSTEM=rc.d |
| 2020-12-17 21:18:52 by Maya Rashish | Files touched by this commit (1) |
Log message: dbus: remove outdated MESSAGE portion about redhat-based systems. |
2020-07-18 01:38:56 by Thomas Klausner | Files touched by this commit (2) |  |
Log message: dbus: update to 1.12.20. dbus 1.12.20 (2020-07-02) ========================= The “temporary nemesis” release. Maybe security fixes: • On Unix, avoid a use-after-free if two usernames have the same numeric uid. In older versions this could lead to a crash (denial of service) or other undefined behaviour, possibly including incorrect authorization decisions if <policy group=...> is used. Like Unix filesystems, D-Bus' model of identity cannot distinguish between users of different names with the same numeric uid, so this configuration is not advisable on systems where D-Bus will be used. Thanks to Daniel Onaca. (dbus#305, dbus!166; Simon McVittie) Other fixes: • On Solaris and its derivatives, if a cmsg header is truncated, ensure that we do not overrun the buffer used for fd-passing, even if the kernel tells us to. (dbus#304, dbus!165; Andy Fiddaman) |
| 2020-06-09 09:13:31 by Thomas Klausner | Files touched by this commit (2) | |
Log message: dbus: update to 1.12.18. dbus 1.12.18 (2020-06-02) ========================= The “telepathic vines” release. Denial of service fixes: • CVE-2020-12049: If a message contains more file descriptors than can be sent, close those that did get through before reporting error. Previously, a local attacker could cause the system dbus-daemon (or another system service with its own DBusServer) to run out of file descriptors, by repeatedly connecting to the server and sending fds that would get leaked. Thanks to Kevin Backhouse of GitHub Security Lab. (dbus#294, GHSL-2020-057; Simon McVittie) Other fixes: • Fix a crash when the dbus-daemon is terminated while one or more monitors are active (dbus#291, dbus!140; Simon McVittie) • The dbus-send(1) man page now documents --bus and --peer instead of the old --address synonym for --peer, which has been deprecated since the introduction of --bus and --peer in 1.7.6 (fd.o #48816, dbus!115; Chris Morin) • Fix a wrong environment variable name in dbus-daemon(1) (dbus#275, dbus!122; Mubin, Philip Withnall) • Fix formatting of dbus_message_append_args example (dbus!126, Felipe Franciosi) • Avoid a test failure on Linux when built in a container as uid 0, but without the necessary privileges to increase resource limits (dbus!58, Debian #908092; Simon McVittie) • When building with CMake, cope with libX11 in a non-standard location (dbus!129, Tuomo Rinne) |
| 2020-01-19 00:36:14 by Roland Illig | Files touched by this commit (3046) |
Log message: all: migrate several HOMEPAGEs to https pkglint --only "https instead of http" -r -F With manual adjustments afterwards since pkglint 19.4.4 fixed a few indentations in unrelated lines. This mainly affects projects hosted at SourceForce, as well as freedesktop.org, CTAN and GNU. |
| 2019-11-04 22:28:59 by Roland Illig | Files touched by this commit (174) |
Log message: sysutils: align variable assignments pkglint -Wall -F --only aligned --only indent -r Manually excluded consolekit and dc-tools since pkglint didn't get the formatting correct. |
| 2019-06-11 22:04:23 by Thomas Klausner | Files touched by this commit (2) | |
Log message: dbus: update to 1.12.16. dbus 1.12.16 (2019-06-11) ========================= The “tree cat” release. Security fixes: • CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1 authentication for identities that differ from the user running the DBusServer. Previously, a local attacker could manipulate symbolic links in their own home directory to bypass authentication and connect to a DBusServer with elevated privileges. The standard system and session dbus-daemons in their default configuration were immune to this attack because they did not allow DBUS_COOKIE_SHA1, but third-party users of DBusServer such as Upstart could be vulnerable. Thanks to Joe Vennix of Apple Information Security. (dbus#269, Simon McVittie) |
| 2019-05-20 13:45:37 by Thomas Klausner | Files touched by this commit (2) | |
Log message: dbus: update to 1.12.14. dbus 1.12.14 (2019-05-17) ========================= The “reclaimed floorboards” release. Enhancements: • Raise soft fd limit to match hard limit, even if unprivileged. This makes session buses with many clients, or with clients that make heavy use of fd-passing, less likely to suffer from fd exhaustion. (dbus!103, Simon McVittie) Fixes: • If a privileged dbus-daemon has a hard fd limit greater than 64K, don't reduce it to 64K, ensuring that we can put back the original fd limits when carrying out traditional (non-systemd) activation. This fixes a regression with systemd >= 240 in which system services inherited dbus-daemon's hard and soft limit of 64K fds, instead of the intended soft limit of 1K and hard limit of 512K or 1M. (dbus!103, Debian#928877; Simon McVittie) • Fix build failures caused by an AX_CODE_COVERAGE API change in newer autoconf-archive versions (dbus#249, dbus!88; Simon McVittie) • Fix build failures with newer autoconf-archive versions that include AX_-prefixed shell variable names (dbus#249, dbus!86; Simon McVittie) • Parse section/group names in .service files according to the syntax from the Desktop Entry Specification, rejecting control characters and non-ASCII in section/group names (dbus#208, David King) • Fix various -Wlogical-op issues that cause build failure with newer gcc versions (dbus#225, dbus!109; David King) • Don't assume we can set permissions on a directory, for the benefit of MSYS and Cygwin builds (dbus#216, dbus!110; Simon McVittie) • Don't overwrite PKG_CONFIG_PATH and related environment variables when the pkg-config-based version of DBus1Config is used in a CMake project (dbus#267, dbus!96; Clemens Lang) |
| 2018-12-10 09:59:44 by Thomas Klausner | Files touched by this commit (2) | |
Log message:
dbus: update to 1.12.12.
dbus 1.12.12 (2018-12-04)
=========================
The “draconic disciple” release.
dbus version control is now hosted on freedesktop.org's Gitlab
installation, and bug reports and feature requests have switched from
Bugzilla bugs (indicated by "fd.o #nnn") to Gitlab issues \
("dbus#nnn")
and merge requests ("dbus!nnn").
Enhancements:
• Reference the freedesktop.org Code of Conduct (Simon McVittie)
Fixes:
• Stop the dbus-daemon leaking memory (an error message) if delivering
the message that triggered auto-activation is forbidden. This is
technically a denial of service because the dbus-daemon will
run out of memory eventually, but it's a very slow and noisy one,
because all the rejected messages are also very likely to have
been logged to the system log, and its scope is typically limited by
the finite number of activatable services available.
(dbus#234, Simon McVittie)
• Remove __attribute__((__malloc__)) attribute on dbus_realloc(),
which does not meet the criteria for that attribute in gcc 4.7+,
potentially leading to miscompilation (fd.o #107741, Simon McVittie)
• Fix some small O(1) memory leaks (fd.o #107320, Simon McVittie)
• Fix printf formats for pointer-sized integers on 64-bit Windows
(fd.o #105662, Ralf Habacker)
• Always use select()-based poll() emulation on Darwin-based OSs
(macOS, etc.) and on Interix, similar to what libcurl does
(dbus#232, dbus!19; Simon McVittie)
• Extend a test timeout to avoid spurious failures in CI
(dbus!26, Simon McVittie)
Tests and CI:
• Add Travis-CI builds for 64-bit Windows using mingw-w64
(fd.o #105662, Ralf Habacker)
• Add Gitlab-CI integration (fd.o #108177, Simon McVittie)
|
New packages: