Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 250444 - [Tracker] >=sys-apps/dbus-1.2.12 security policy changes
Summary: [Tracker] >=sys-apps/dbus-1.2.12 security policy changes
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Freedesktop bugs
URL:
Whiteboard:
Keywords: Tracker
Depends on:
Blocks: CVE-2008-4311
  Show dependency tree
 
Reported: 2008-12-09 21:45 UTC by Steev Klimaszewski (RETIRED)
Modified: 2011-09-08 16:29 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
dbus-1.2.10-fix-syslog-include.diff (dbus-1.2.10-fix-syslog-include.diff,312 bytes, patch)
2009-01-04 14:20 UTC, Lars Wendler (Polynomial-C) (RETIRED) 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Steev Klimaszewski (RETIRED) gentoo-dev 2008-12-09 21:45:04 UTC 
Just opening this before any users do.  This one is going to need some changes to at least 8 other apps, and is a security release.  Going to be opening other bugs for those apps as I find them with the patches from upstream.

Upstream bugs:
https://bugs.freedesktop.org/show_bug.cgi?id=18229 DBus Security issue
https://bugs.freedesktop.org/show_bug.cgi?id=18980 Broken apps tracker
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2008-12-10 21:53:41 UTC 
*** Bug 250546 has been marked as a duplicate of this bug. ***
Comment 2 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2009-01-04 14:20:28 UTC 
Created attachment 177341 [details, diff]
dbus-1.2.10-fix-syslog-include.diff

Meanwhile dbus-1.2.10 was realeased. It doesn't compile out of the box as they forgot to include <syslog.h> in one file (see attched patch).
Comment 3 Steev Klimaszewski (RETIRED) gentoo-dev 2009-01-05 16:20:41 UTC 
Yes, I know - again, anything equal to or greater than 1.2.8 breaks stuff, so it won't be going into the tree immediately - currently all my gentoo boxen (which are at home) are offline so I can't do anything to get this fixed yet.
Comment 4 Jonathan Callen (RETIRED) gentoo-dev 2009-04-01 02:54:35 UTC 
If I'm not mistaken, there is a 1.2.4.4permissive which is equivalent to 1.2.12, except that it doesn't break the things that >=1.2.8 breaks.
Comment 5 Gilles Dartiguelongue (RETIRED) gentoo-dev 2009-05-16 10:04:58 UTC 
CCing  nirbheek so he can update us on status and attachements of this bug.
Comment 6 Gilles Dartiguelongue (RETIRED) gentoo-dev 2009-07-26 11:28:02 UTC 
ok the syslog missing include is in 1.2.12, we need to review upstream tracker though to check every apps in tree has the fixes. Fixing summary for that purpose
Comment 7 Steev Klimaszewski (RETIRED) gentoo-dev 2011-07-31 20:14:50 UTC 
Is this still needed?  Dbus 1.4.x is in the tree, and this bug is now almost 2 years old.
Comment 8 Gilles Dartiguelongue (RETIRED) gentoo-dev 2011-08-29 22:01:19 UTC 
I guess that by now we would have heard of any broken app so I'm all for closing this bug.
Comment 9 Samuli Suominen (RETIRED) gentoo-dev 2011-09-08 16:29:31 UTC 
I concur with last few comments and will close the bug now.