Subject: CVS commit: pkgsrc/sysutils/dbus
From: Thomas Klausner
Date: 2017-02-16 17:07:05
Message id: 20170216160706.096E4FBE4@cvs.NetBSD.org

Log Message:
Updated dbus to 1.10.16.

D-Bus 1.10.16 (2017-02-16)
==

The “super digging powers” release.

The fixes in this release are arguably security fixes, but if they
affect you, please take this opportunity to rethink how you are
configuring dbus.

Enhancements:

• Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian
  stable and Debian testing in addition to the older Ubuntu that is
  the default (fd.o #98889, Simon McVittie)

Fixes:

• Prevent symlink attacks in the nonce-tcp transport on Unix that could
  allow an attacker to overwrite a file named "nonce", in a directory
  that the user running dbus-daemon can write, with a random value
  known only to the user running dbus-daemon. This is unlikely to be
  exploitable in practice, particularly since the nonce-tcp transport
  is really only useful on Windows.

  On Unix systems we strongly recommend using only the unix: and systemd:
  transports, together with EXTERNAL authentication. These are the only
  transports and authentication mechanisms enabled by default,

  (fd.o #99828, Simon McVittie)

• Avoid symlink attacks in the "embedded tests", which are not enabled
  by default and should never be enabled in production builds of dbus.
  (fd.o #99828, Simon McVittie)

Files:
RevisionActionfile
1.105modifypkgsrc/sysutils/dbus/Makefile
1.78modifypkgsrc/sysutils/dbus/distinfo