D-Bus 1.6.16 (2013-10-08)
==
The “Fortify Agility” release.
Fixes:
• Make dbus_connection_set_route_peer_messages(x, FALSE) behave as
documented. Previously, it assumed its second parameter was TRUE.
(fd.o #69165, Chengwei Yang)
• Fix a NULL pointer dereference on an unlikely error path
(fd.o #69327, Sviatoslav Chagaev)
• Unix-specific:
· If accept4() fails with EINVAL, as it can on older Linux kernels
with newer glibc, try accept() instead of going into a busy-loop.
(fd.o #69026, Chengwei Yang)
· If socket() or socketpair() fails with EINVAL or EPROTOTYPE,
for instance on Hurd or older Linux with a new glibc, try without
SOCK_CLOEXEC. (fd.o #69073; Pino Toscano, Chengwei Yang)
· Fix a file descriptor leak on an error code path.
(fd.o #69182, Sviatoslav Chagaev)
· Fix compilation if writev() is unavailable (fd.o #69409,
Vasiliy Balyasnyy)
D-Bus 1.6.14 (2013-09-05)
==
The “Restore Fatigue” release.
Fixes:
• Avoid an infinite busy-loop if a signal interrupts waitpid()
(fd.o #68945, Simon McVittie)
• Escape addresses containing non-ASCII characters correctly
(fd.o #53499, Chengwei Yang)
• If malloc() returns NULL in _dbus_string_init() or similar, don't free
an invalid pointer if the string is later freed (fd.o #65959, Chengwei Yang)
• If malloc() returns NULL in dbus_set_error(), don't va_end() a va_list
that was never va_start()ed (fd.o #66300, Chengwei Yang)
• Fix a regression test on platforms with strict alignment (fd.o #67279,
Colin Walters)
• Avoid calling function parameters "interface" since certain Windows headers
have a namespace-polluting macro of that name (fd.o #66493, Ivan Romanov)
• Make "make -j check" work (fd.o #68852, Simon McVittie)
D-Bus 1.6.12 (2013-06-13)
==
Fixes:
• CVE-2013-2168: Fix misuse of va_list that could be used as a denial
of service for system services. Vulnerability reported by Alexandru Cornea.
(Simon)
• In dbus-daemon, don't crash if a .service file starts with key=value
(fd.o #60853, Chengwei Yang)
• Unix-specific:
· Fix an assertion failure if we try to activate systemd services before
systemd connects to the bus (fd.o #50199, Chengwei Yang)
· Avoid compiler warnings for ignoring the return from write()
(Chengwei Yang)
D-Bus 1.6.10 (2013-04-24)
==
The “little-known facts about bananas” release.
• Following Unicode Corrigendum #9, the noncharacters U+nFFFE, U+nFFFF,
U+FDD0..U+FDEF are allowed in UTF-8 strings again.
(fd.o #63072, Simon McVittie)
• Diagnose incorrect use of dbus_connection_get_data() with negative slot
(i.e. before allocating the slot) rather than returning junk
(fd.o #63127, Dan Williams)
• In the activation helper, when compiled for tests, do not reset the system
bus address, fixing the regression tests. (fd.o #52202, Simon)
• Fix building with Valgrind 3.8, at the cost of causing harmless warnings
with Valgrind 3.6 on some compilers (fd.o #55932, Arun Raghavan)
• Don't leak temporary fds pointing to /dev/null (fd.o #56927, Michel HERMIER)
• Create session.d, system.d directories under CMake (fd.o #41319,
Ralf Habacker)
• Unix-specific:
· Include alloca.h for alloca() if available, fixing compilation on
Solaris 10 (fd.o #63071, Dagobert Michelsen)
D-Bus 1.6.8 (2012-09-28)
==
The "Fix one thing, break another" release.
• Follow up to CVE-2012-3524: The additional hardening
work to use __secure_getenv() as a followup to bug #52202
broke certain configurations of gnome-keyring. Given
the difficulty of making this work without extensive
changes to gnome-keyring, use of __secure_getenv() is
deferred.
D-Bus 1.6.6 (2012-09-28)
==
The "Clear the environment in your setuid binaries, please" release.
• CVE-2012-3524: Don't access environment variables (fd.o #52202)
Thanks to work and input from Colin Walters, Simon McVittie,
Geoffrey Thomas, and others.
• Unix-specific:
· Fix compilation on Solaris (fd.o #53286, Jonathan Perkin)
· Work around interdependent headers on OpenBSD by including sys/types.h
before each use of sys/socket.h (fd.o #54418, Brad Smith)
this is a step of two major branches, to much to list here
pkgsrc notes:
-I've left out our NETBSD_ATOMIC_OPS patch because it is very invasive
and gcc intrinsics are hopefully good enough
-A workaround for non-standard behavior of vsnprintf has been added
upstream, for HPUX as the comment says. We had a patch for __hpux||__sgi
which is removed now - the sgi case should be checked.
This changes the buildlink3.mk files to use an include guard for the
recursive include. The use of BUILDLINK_DEPTH, BUILDLINK_DEPENDS,
BUILDLINK_PACKAGES and BUILDLINK_ORDER is handled by a single new
variable BUILDLINK_TREE. Each buildlink3.mk file adds a pair of
enter/exit marker, which can be used to reconstruct the tree and
to determine first level includes. Avoiding := for large variables
(BUILDLINK_ORDER) speeds up parse time as += has linear complexity.
The include guard reduces system time by avoiding reading files over and
over again. For complex packages this reduces both %user and %sys time to
half of the former time.
Pkgsrc changes:
o Add BUILDLINK_TRANSFORM settings which deactivate -fPIE and -pie
in the compiler invocation. The configure script of this package
checks to see if gcc accepts those options, and uses them if it
does. However, apparently that does not mean that we universally
will be able to run the resulting executables -- on NetBSD/4.0
macppc the run-time linker says
"Unsupported relocation type 6 in non-PLT relocations"
Tested that the dbus-daemon executable remains runnable on both i386
and that it is so now on macppc.
Thanks to jmcneill@ and joerg@ for hints leading to this fix.
Pkgsrc changes:
o Modify one of the patches with a patch reported as part of
PR#40347 to make this package build on NetBSD 4.0 and probably
earlier versions as well. Many thanks to Hasso Tepper for the
patch.
in /var/folders/xx/...+++... via the TMPDIR environment and cheerfully
installs it in /usr/pkg/etc/dbus-1/session.conf meaning that only the
user who installed the package will be able to write to that directory...
except that dbus rejects directories with "+"'s in the filename so it
won't work anyway. use configure --with-session-socket-dir=/tmp
to work around this. found a description of this issue here:
http://wiki.gnucash.org/wiki/MacOSX/Quartz in the
"Running from the commandline" section.
dbus also cannot cope with $DISPLAY containing "/" chars (like in
darwin ... /tmp/launch-kcvznx/:0 ) so get rid of the ":" as described
here:
https://trac.macports.org/attachment/ticket/16833/patch-dbus-launch-x11.c.diff
* Change "${VARBASE}/lib/dbus" to "${VARBASE}/db/dbus".
* Create "${VARBASE}/db/dbus" with OWN_DIRS_PERMS at install time.
* Generate "${VARBASE}/db/dbus/machine-id" file at install time.
* Install dbus-daemon-launch-helper with mode 04550 instead of 04750.
It solves start gimp successfully without running dbus-daemon as before.
Bump PKGREVISION.
1.2.3:
* New UpdateActivationEnvironment bus API (#16669)
* Solaris Auditing (ADT) support (#15740)
* Various notable bug fixes: #16727, #16294, #15947#15588
* Other more minor bugs
