Mon Jan 5 23:25:20 2015 UTC ()

Update to 1.8.14:

D-Bus 1.8.14 (2015-01-05)
==

The “40lb of roofing nails” release.

Security hardening:

• Do not allow calls to UpdateActivationEnvironment from uids other than
  the uid of the dbus-daemon. If a system service installs unsafe
  security policy rules that allow arbitrary method calls
  (such as CVE-2014-8148) then this prevents memory consumption and
  possible privilege escalation via UpdateActivationEnvironment.

  We believe that in practice, privilege escalation here is avoided
  by dbus-daemon-launch-helper sanitizing its environment; but
  it seems better to be safe.

• Do not allow calls to UpdateActivationEnvironment or the Stats interface
  on object paths other than /org/freedesktop/DBus. Some system services
  install unsafe security policy rules that allow arbitrary method calls
  to any destination, method and interface with a specified object path;
  while less bad than allowing arbitrary method calls, these security
  policies are still harmful, since dbus-daemon normally offers the
  same API on all object paths and other system services might behave
  similarly.

Other fixes:

• Add missing initialization so GetExtendedTcpTable doesn't crash on
  Windows Vista SP0 (fd.o #77008, Илья А. Ткаченко)


(wiz)

diff -r1.76 -r1.77 pkgsrc/sysutils/dbus/Makefile
diff -r1.61 -r1.62 pkgsrc/sysutils/dbus/distinfo

--- pkgsrc/sysutils/dbus/Makefile 2014/12/01 10:59:40 1.76
+++ pkgsrc/sysutils/dbus/Makefile 2015/01/05 23:25:20 1.77

 @@ -1,16 +1,16 @@
-# $NetBSD: Makefile,v 1.76 2014/12/01 10:59:40 wiz Exp $
+# $NetBSD: Makefile,v 1.77 2015/01/05 23:25:20 wiz Exp $
-DISTNAME=	dbus-1.8.12
+DISTNAME=	dbus-1.8.14
 CATEGORIES=	sysutils
 MASTER_SITES=	http://dbus.freedesktop.org/releases/dbus/
 MAINTAINER=	pkgsrc-users@NetBSD.org
 HOMEPAGE=	http://www.freedesktop.org/Software/dbus
 COMMENT=	Message bus system
 LICENSE=	gnu-gpl-v2
 CONFLICTS+=	dbus-glib<0.71
 CONFLICTS+=	py26-dbus<0.71
 CONFLICTS+=	py27-dbus<0.71
 GNU_CONFIGURE=		YES

--- pkgsrc/sysutils/dbus/distinfo 2014/12/01 10:59:40 1.61
+++ pkgsrc/sysutils/dbus/distinfo 2015/01/05 23:25:20 1.62

 @@ -1,14 +1,14 @@
-$NetBSD: distinfo,v 1.61 2014/12/01 10:59:40 wiz Exp $
+$NetBSD: distinfo,v 1.62 2015/01/05 23:25:20 wiz Exp $
-SHA1 (dbus-1.8.12.tar.gz) = 9dc3003a53892b41eb61ade20051aba57be1b4b1
+SHA1 (dbus-1.8.14.tar.gz) = d0b84d6d7af47b8cad7f55befee8e9001daefe01
-RMD160 (dbus-1.8.12.tar.gz) = 21c658eef3d9505389771474f71f6dd3655ee27c
+RMD160 (dbus-1.8.14.tar.gz) = 3ffea8e91e91b8cd6c31a89fd4786fa99288eabd
-Size (dbus-1.8.12.tar.gz) = 1864609 bytes
+Size (dbus-1.8.14.tar.gz) = 1866141 bytes
 SHA1 (patch-aa) = 0c3d145979e3b2358261c9f7f34701d02eb6ecd4
 SHA1 (patch-ak) = 6d05ebde29acb3f6cb6f577dd2f2b734f590e8dd
 SHA1 (patch-al) = 57d08196e9daf49eb6bda2b30f019ce2cad77c6f
 SHA1 (patch-am) = 8c794ff8b0981e90243ee20c26ae1ecc72e68de8
 SHA1 (patch-ba) = f9126faf18cd19e897865748ebea1011fe516225
 SHA1 (patch-bus_dir-watch-kqueue.c) = 86a1f0f78b4d16d8ab29d351057885d8001dd39c
 SHA1 (patch-configure) = 08fb6cc6e9bc9f23825a6a0f2b8b241169d1cda7
 SHA1 (patch-dbus_dbus-sysdeps-unix.c) = 043e7bf03686f51faf763f87f43e00308b29571e
 SHA1 (patch-dbus_dbus-sysdeps-util-unix.c) = 9c967cdac585220a3e65443dc9642e7d4478567c