head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.4
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.2
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2012Q2:1.1.0.16
	pkgsrc-2012Q2-base:1.1
	pkgsrc-2012Q1:1.1.0.14
	pkgsrc-2012Q1-base:1.1
	pkgsrc-2011Q4:1.1.0.12
	pkgsrc-2011Q4-base:1.1
	pkgsrc-2011Q3:1.1.0.10
	pkgsrc-2011Q3-base:1.1
	pkgsrc-2011Q2:1.1.0.8
	pkgsrc-2011Q2-base:1.1
	pkgsrc-2011Q1:1.1.0.6
	pkgsrc-2011Q1-base:1.1
	pkgsrc-2010Q4:1.1.0.4
	pkgsrc-2010Q4-base:1.1
	pkgsrc-2010Q3:1.1.0.2;
locks; strict;
comment	@# @;


1.2
date	2012.08.01.17.52.22;	author drochner;	state dead;
branches;
next	1.1;

1.1
date	2010.12.29.10.49.21;	author tron;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2010.12.29.10.49.21;	author sbd;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2010.12.30.03.37.22;	author sbd;	state Exp;
branches;
next	;


desc
@@


1.2
log
@update to 1.6.4
this is a step of two major branches, to much to list here

pkgsrc notes:
-I've left out our NETBSD_ATOMIC_OPS patch because it is very invasive
 and gcc intrinsics are hopefully good enough
-A workaround for non-standard behavior of vsnprintf has been added
 upstream, for HPUX as the comment says. We had a patch for __hpux||__sgi
 which is removed now - the sgi case should be checked.
@
text
@$NetBSD: patch-CVE-2010-4352-4,v 1.1 2010/12/29 10:49:21 tron Exp $

Fix for CVE-2010-4352 taken from here:

http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=5042c1e5e6df31700215c9dc0618634911b0c9f5

--- doc/dbus-specification.xml.orig	2009-04-17 20:45:29.000000000 +0100
+++ doc/dbus-specification.xml	2010-12-29 10:35:49.000000000 +0000
@@@@ -561,12 +561,14 @@@@
 	      </row><row>
                 <entry><literal>VARIANT</literal></entry>
                 <entry>
-                  A variant type has a marshaled <literal>SIGNATURE</literal>
-                  followed by a marshaled value with the type
-                  given in the signature.
-                  Unlike a message signature, the variant signature 
-                  can contain only a single complete type.
-                  So "i", "ai" or "(ii)" is OK, but "ii" is not.
+                  A variant type has a marshaled
+                  <literal>SIGNATURE</literal> followed by a marshaled
+                  value with the type given in the signature.  Unlike
+                  a message signature, the variant signature can
+                  contain only a single complete type.  So "i", "ai"
+                  or "(ii)" is OK, but "ii" is not.  Use of variants may not
+                  cause a total message depth to be larger than 64, including
+		  other container types such as structures.
                 </entry>
                 <entry>
                   1 (alignment of the signature)
@


1.1
log
@Add fix for vulnerability reported in CVE-2010-4352 (SA42580) taken
from the "dbus" GIT repository.
@
text
@d1 1
a1 1
$NetBSD$
@


1.1.2.1
log
@file patch-CVE-2010-4352-4 was added on branch pkgsrc-2010Q3 on 2010-12-30 03:37:22 +0000
@
text
@d1 29
@


1.1.2.2
log
@Pullup ticket #3313 - requested by tron
Security patch for "sysutils/dbus"

Revisions pulled up:
- sysutils/dbus/Makefile			1.50
- sysutils/dbus/distinfo			1.36
- sysutils/dbus/patches/patch-CVE-2010-4352-1	1.1
- sysutils/dbus/patches/patch-CVE-2010-4352-2	1.1
- sysutils/dbus/patches/patch-CVE-2010-4352-3	1.1
- sysutils/dbus/patches/patch-CVE-2010-4352-4	1.1

-------------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	tron
   Date:		Wed Dec 29 10:49:21 UTC 2010

   Modified Files:
   	pkgsrc/sysutils/dbus: Makefile distinfo
   Added Files:
   	pkgsrc/sysutils/dbus/patches: patch-CVE-2010-4352-1
   	    patch-CVE-2010-4352-2 patch-CVE-2010-4352-3 patch-CVE-2010-4352-4

   Log Message:
   Add fix for vulnerability reported in CVE-2010-4352 (SA42580) taken
   from the "dbus" GIT repository.
@
text
@a0 29
$NetBSD: patch-CVE-2010-4352-4,v 1.1 2010/12/29 10:49:21 tron Exp $

Fix for CVE-2010-4352 taken from here:

http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=5042c1e5e6df31700215c9dc0618634911b0c9f5

--- doc/dbus-specification.xml.orig	2009-04-17 20:45:29.000000000 +0100
+++ doc/dbus-specification.xml	2010-12-29 10:35:49.000000000 +0000
@@@@ -561,12 +561,14 @@@@
 	      </row><row>
                 <entry><literal>VARIANT</literal></entry>
                 <entry>
-                  A variant type has a marshaled <literal>SIGNATURE</literal>
-                  followed by a marshaled value with the type
-                  given in the signature.
-                  Unlike a message signature, the variant signature 
-                  can contain only a single complete type.
-                  So "i", "ai" or "(ii)" is OK, but "ii" is not.
+                  A variant type has a marshaled
+                  <literal>SIGNATURE</literal> followed by a marshaled
+                  value with the type given in the signature.  Unlike
+                  a message signature, the variant signature can
+                  contain only a single complete type.  So "i", "ai"
+                  or "(ii)" is OK, but "ii" is not.  Use of variants may not
+                  cause a total message depth to be larger than 64, including
+		  other container types such as structures.
                 </entry>
                 <entry>
                   1 (alignment of the signature)
@