[Bug 247730] [exp-run] update devel/dbus to 1.12.20
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Jul 6 07:23:25 BST 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=247730
--- Comment #3 from commit-hook at freebsd.org ---
A commit references this bug:
Author: tcberner
Date: Mon Jul 6 06:22:38 UTC 2020
New revision: 541312
URL: https://svnweb.freebsd.org/changeset/ports/541312
Log:
devel/dbus: update to 1.12.20
From upstreams changelog [1]:
dbus 1.12.20 (2020-07-02)
=========================
The ?temporary nemesis? release.
Maybe security fixes:
? On Unix, avoid a use-after-free if two usernames have the same
numeric uid. In older versions this could lead to a crash (denial of
service) or other undefined behaviour, possibly including incorrect
authorization decisions if <policy group=...> is used.
Like Unix filesystems, D-Bus' model of identity cannot distinguish
between users of different names with the same numeric uid, so this
configuration is not advisable on systems where D-Bus will be used.
Thanks to Daniel Onaca.
(dbus#305, dbus!166; Simon McVittie)
Other fixes:
? On Solaris and its derivatives, if a cmsg header is truncated, ensure
that we do not overrun the buffer used for fd-passing, even if the
kernel tells us to.
(dbus#304, dbus!165; Andy Fiddaman)
[1] https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12/NEWS
PR: 247730
Exp-run by: antoine
MFH: 2020Q3
Changes:
head/devel/dbus/Makefile
head/devel/dbus/distinfo
head/devel/dbus/pkg-plist
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the kde-freebsd
mailing list