head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.4 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.2 pkgsrc-2012Q4-base:1.2 pkgsrc-2012Q2:1.1.0.16 pkgsrc-2012Q2-base:1.1 pkgsrc-2012Q1:1.1.0.14 pkgsrc-2012Q1-base:1.1 pkgsrc-2011Q4:1.1.0.12 pkgsrc-2011Q4-base:1.1 pkgsrc-2011Q3:1.1.0.10 pkgsrc-2011Q3-base:1.1 pkgsrc-2011Q2:1.1.0.8 pkgsrc-2011Q2-base:1.1 pkgsrc-2011Q1:1.1.0.6 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.4 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.2; locks; strict; comment @# @; 1.2 date 2012.08.01.17.52.21; author drochner; state dead; branches; next 1.1; 1.1 date 2010.12.29.10.49.21; author tron; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2010.12.29.10.49.21; author sbd; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2010.12.30.03.37.22; author sbd; state Exp; branches; next ; desc @@ 1.2 log @update to 1.6.4 this is a step of two major branches, to much to list here pkgsrc notes: -I've left out our NETBSD_ATOMIC_OPS patch because it is very invasive and gcc intrinsics are hopefully good enough -A workaround for non-standard behavior of vsnprintf has been added upstream, for HPUX as the comment says. We had a patch for __hpux||__sgi which is removed now - the sgi case should be checked. @ text @$NetBSD: patch-CVE-2010-4352-3,v 1.1 2010/12/29 10:49:21 tron Exp $ Fix for CVE-2010-4352 taken from here: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=5042c1e5e6df31700215c9dc0618634911b0c9f5 --- dbus/dbus-marshal-validate.h.orig 2009-05-06 18:26:48.000000000 +0100 +++ dbus/dbus-marshal-validate.h 2010-12-29 10:35:49.000000000 +0000 @@@@ -117,6 +117,7 @@@@ DBUS_INVALID_DICT_ENTRY_HAS_TOO_MANY_FIELDS = 53, DBUS_INVALID_DICT_ENTRY_NOT_INSIDE_ARRAY = 54, DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE = 55, + DBUS_INVALID_NESTED_TOO_DEEPLY = 56, DBUS_VALIDITY_LAST } DBusValidity; @ 1.1 log @Add fix for vulnerability reported in CVE-2010-4352 (SA42580) taken from the "dbus" GIT repository. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-CVE-2010-4352-3 was added on branch pkgsrc-2010Q3 on 2010-12-30 03:37:22 +0000 @ text @d1 16 @ 1.1.2.2 log @Pullup ticket #3313 - requested by tron Security patch for "sysutils/dbus" Revisions pulled up: - sysutils/dbus/Makefile 1.50 - sysutils/dbus/distinfo 1.36 - sysutils/dbus/patches/patch-CVE-2010-4352-1 1.1 - sysutils/dbus/patches/patch-CVE-2010-4352-2 1.1 - sysutils/dbus/patches/patch-CVE-2010-4352-3 1.1 - sysutils/dbus/patches/patch-CVE-2010-4352-4 1.1 ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Wed Dec 29 10:49:21 UTC 2010 Modified Files: pkgsrc/sysutils/dbus: Makefile distinfo Added Files: pkgsrc/sysutils/dbus/patches: patch-CVE-2010-4352-1 patch-CVE-2010-4352-2 patch-CVE-2010-4352-3 patch-CVE-2010-4352-4 Log Message: Add fix for vulnerability reported in CVE-2010-4352 (SA42580) taken from the "dbus" GIT repository. @ text @a0 16 $NetBSD: patch-CVE-2010-4352-3,v 1.1 2010/12/29 10:49:21 tron Exp $ Fix for CVE-2010-4352 taken from here: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=5042c1e5e6df31700215c9dc0618634911b0c9f5 --- dbus/dbus-marshal-validate.h.orig 2009-05-06 18:26:48.000000000 +0100 +++ dbus/dbus-marshal-validate.h 2010-12-29 10:35:49.000000000 +0000 @@@@ -117,6 +117,7 @@@@ DBUS_INVALID_DICT_ENTRY_HAS_TOO_MANY_FIELDS = 53, DBUS_INVALID_DICT_ENTRY_NOT_INSIDE_ARRAY = 54, DBUS_INVALID_DICT_KEY_MUST_BE_BASIC_TYPE = 55, + DBUS_INVALID_NESTED_TOO_DEEPLY = 56, DBUS_VALIDITY_LAST } DBusValidity; @