2013-11-27 19:50:06 +01:00
|
|
|
#
|
|
|
|
# spec file for package dbus-1-x11
|
|
|
|
#
|
Accepting request 958337 from home:iznogood:branches:Base:System
- Update to version 1.12.22:
+ On Linux, when using traditional (non-systemd) service
activation, don't log warnings about failing to reset OOM score
adjustment if the process is already more susceptible to the
OOM killer, as user processes usually are with systemd ≥ 250.
+ On Linux, when using traditional (non-systemd) system bus
activation, reset the OOM score adjustment to 0 as intended.
If the system dbus-daemon is protected from the OOM killer,
this avoids that protection unintentionally being inherited by
every system service.
+ Avoid malloc() after fork on non-GNU libc.
+ Fix build with clang 13 by using Standard C offsetof where
available.
+ Fix build of tests on FreeBSD.
+ Make documentation build more reproducible.
+ On Unix, make X11 autolaunch cope with slashes in DISPLAY.
+ Don't try to raise RLIMIT_NOFILE beyond OPEN_MAX on macOS.
+ Fix compilation if embedded tests are enabled but verbose mode
and stats are both disabled.
+ On Linux, fix a race condition in the integration test for
transient services.
- Update to version 1.12.22:
+ On Linux, when using traditional (non-systemd) service
activation, don't log warnings about failing to reset OOM score
adjustment if the process is already more susceptible to the
OOM killer, as user processes usually are with systemd ≥ 250.
+ On Linux, when using traditional (non-systemd) system bus
activation, reset the OOM score adjustment to 0 as intended.
If the system dbus-daemon is protected from the OOM killer,
this avoids that protection unintentionally being inherited by
every system service.
+ Avoid malloc() after fork on non-GNU libc.
+ Fix build with clang 13 by using Standard C offsetof where
available.
+ Fix build of tests on FreeBSD.
+ Make documentation build more reproducible.
+ On Unix, make X11 autolaunch cope with slashes in DISPLAY.
+ Don't try to raise RLIMIT_NOFILE beyond OPEN_MAX on macOS.
+ Fix compilation if embedded tests are enabled but verbose mode
and stats are both disabled.
+ On Linux, fix a race condition in the integration test for
transient services.
- Update to version 1.12.22:
+ On Linux, when using traditional (non-systemd) service
activation, don't log warnings about failing to reset OOM score
adjustment if the process is already more susceptible to the
OOM killer, as user processes usually are with systemd ≥ 250.
+ On Linux, when using traditional (non-systemd) system bus
activation, reset the OOM score adjustment to 0 as intended.
If the system dbus-daemon is protected from the OOM killer,
this avoids that protection unintentionally being inherited by
every system service.
+ Avoid malloc() after fork on non-GNU libc.
+ Fix build with clang 13 by using Standard C offsetof where
available.
+ Fix build of tests on FreeBSD.
+ Make documentation build more reproducible.
+ On Unix, make X11 autolaunch cope with slashes in DISPLAY.
+ Don't try to raise RLIMIT_NOFILE beyond OPEN_MAX on macOS.
+ Fix compilation if embedded tests are enabled but verbose mode
and stats are both disabled.
+ On Linux, fix a race condition in the integration test for
transient services.
OBS-URL: https://build.opensuse.org/request/show/958337
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=309
2022-03-03 11:22:48 +01:00
|
|
|
# Copyright (c) 2022 SUSE LLC
|
2013-11-27 19:50:06 +01:00
|
|
|
#
|
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
2018-12-19 20:15:58 +01:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2013-11-27 19:50:06 +01:00
|
|
|
#
|
|
|
|
|
|
|
|
|
|
|
|
%define _name dbus
|
2014-01-10 17:58:41 +01:00
|
|
|
%define _libname libdbus-1-3
|
2017-01-09 17:16:27 +01:00
|
|
|
%if 0%{?suse_version} <= 1320
|
|
|
|
%define _userunitdir %{_prefix}/lib/systemd/user
|
|
|
|
%endif
|
2014-09-30 10:24:18 +02:00
|
|
|
%bcond_without selinux
|
|
|
|
Name: dbus-1-x11
|
2022-03-08 19:40:09 +01:00
|
|
|
Version: 1.14.0
|
2016-12-06 11:00:23 +01:00
|
|
|
Release: 0
|
2014-09-30 10:24:18 +02:00
|
|
|
Summary: D-Bus Message Bus System
|
2021-04-08 00:36:23 +02:00
|
|
|
License: AFL-2.1 OR GPL-2.0-or-later
|
Accepting request 821367 from home:elimat:branches:Base:System
- Update to 1.12.20
* On Unix, avoid a use-after-free if two usernames have the same
numeric uid. In older versions this could lead to a crash (denial of
service) or other undefined behaviour, possibly including incorrect
authorization decisions if <policy group=...> is used.
Like Unix filesystems, D-Bus' model of identity cannot distinguish
between users of different names with the same numeric uid, so this
configuration is not advisable on systems where D-Bus will be used.
Thanks to Daniel Onaca.
(dbus#305, dbus!166; Simon McVittie)
- From 1.12.18
* CVE-2020-12049: If a message contains more file descriptors than can
be sent, close those that did get through before reporting error.
Previously, a local attacker could cause the system dbus-daemon (or
another system service with its own DBusServer) to run out of file
descriptors, by repeatedly connecting to the server and sending fds that
would get leaked.
Thanks to Kevin Backhouse of GitHub Security Lab.
(dbus#294, GHSL-2020-057; Simon McVittie)
* Fix a crash when the dbus-daemon is terminated while one or more
monitors are active (dbus#291, dbus!140; Simon McVittie)
* The dbus-send(1) man page now documents --bus and --peer instead of
the old --address synonym for --peer, which has been deprecated since
the introduction of --bus and --peer in 1.7.6
(fd.o #48816, dbus!115; Chris Morin)
* Fix a wrong environment variable name in dbus-daemon(1)
(dbus#275, dbus!122; Mubin, Philip Withnall)
* Fix formatting of dbus_message_append_args example
(dbus!126, Felipe Franciosi)
* Avoid a test failure on Linux when built in a container as uid 0, but
without the necessary privileges to increase resource limits
(dbus!58, Debian #908092; Simon McVittie)
* When building with CMake, cope with libX11 in a non-standard location
(dbus!129, Tuomo Rinne)
- Run spec-cleaner
OBS-URL: https://build.opensuse.org/request/show/821367
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=293
2020-07-17 02:09:42 +02:00
|
|
|
URL: https://dbus.freedesktop.org/
|
2022-03-08 19:40:09 +01:00
|
|
|
Source0: https://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.xz
|
|
|
|
Source1: https://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.xz.asc
|
Accepting request 754216 from home:simotek:branches:Base:System
- Verify signatures
* dbus-1.keyring - Key for Simon McVittie (smcv) from the Debian
developer keyring.
- Drop dbus_at_console.ck not needed
- Clean up sources
* Source2 dbus-1.desktop now Source4
* baselib.conf now source 3
- Update to 1.12.16
* CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
authentication for identities that differ from the user running the
DBusServer. Previously, a local attacker could manipulate symbolic
links in their own home directory to bypass authentication and connect
to a DBusServer with elevated privileges. The standard system and
session dbus-daemons in their default configuration were immune to this
attack because they did not allow DBUS_COOKIE_SHA1, but third-party
users of DBusServer such as Upstart could be vulnerable.
Thanks to Joe Vennix of Apple Information Security.
(bsc#1137832, dbus#269, Simon McVittie)
- From 1.12.14
* Raise soft fd limit to match hard limit, even if unprivileged.
This makes session buses with many clients, or with clients that make
heavy use of fd-passing, less likely to suffer from fd exhaustion.
(dbus!103, Simon McVittie)
* If a privileged dbus-daemon has a hard fd limit greater than 64K, don't
reduce it to 64K, ensuring that we can put back the original fd limits
when carrying out traditional (non-systemd) activation. This fixes a
regression with systemd >= 240 in which system services inherited
dbus-daemon's hard and soft limit of 64K fds, instead of the intended
soft limit of 1K and hard limit of 512K or 1M.
(dbus!103, Debian#928877; Simon McVittie)
* Fix build failures caused by an AX_CODE_COVERAGE API change in newer
autoconf-archive versions (dbus#249, dbus!88; Simon McVittie)
* Fix build failures with newer autoconf-archive versions that include
AX_-prefixed shell variable names (dbus#249, dbus!86; Simon McVittie)
* Parse section/group names in .service files according to the syntax
from the Desktop Entry Specification, rejecting control characters
and non-ASCII in section/group names (dbus#208, David King)
* Fix various -Wlogical-op issues that cause build failure with newer
gcc versions (dbus#225, dbus!109; David King)
* Don't assume we can set permissions on a directory, for the benefit of
MSYS and Cygwin builds (dbus#216, dbus!110; Simon McVittie)
* Don't overwrite PKG_CONFIG_PATH and related environment variables when
the pkg-config-based version of DBus1Config is used in a CMake project
(dbus#267, dbus!96; Clemens Lang)
- Drop now upstream Patches
* dbus-no-ax-check.patch
* dbus-new-autoconf-archive.patch
- Fix two inconsistencies with _libexecdir, sysusers.d and
tmpfiles.d are always in %{_prefix}/lib/.
- Drop update-desktop-files BuildRequires, once added for
mimetypes.prov which is no longer part of update-desktop-files,
and dbus-1.desktop does not even handles a single mimetype.
- Replace DISABLE_RESTART_ON_UPDATE with
%service_del_postun_without_restart
- Remove version specific code to block all updates on restart as
hopefully no tumbleweed versions still have code causing those
issues (was only present for a few snapshots)
- Remove the Leap42 conditionals that cause file conflict with
filesystem package
- Drop use of $FIRST_ARG in .spec
The use of $FIRST_ARG was probably required because of the
%service_* rpm macros were playing tricks with the shell positional
parameters. This is bad practice and error prones so let's assume
that no macros should do that anymore and hence it's safe to assume
that positional parameters remains unchanged after any rpm macro
call.
OBS-URL: https://build.opensuse.org/request/show/754216
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=287
2019-12-06 05:01:33 +01:00
|
|
|
Source2: dbus-1.keyring
|
|
|
|
Source3: baselibs.conf
|
|
|
|
Source4: dbus-1.desktop
|
2022-03-08 19:40:09 +01:00
|
|
|
|
|
|
|
# PATCH-FEATURE-OPENSUSE feature-suse-log-deny.patch
|
2017-06-19 13:30:43 +02:00
|
|
|
Patch0: feature-suse-log-deny.patch
|
2013-11-27 19:50:06 +01:00
|
|
|
# PATCH-FIX-OPENSUSE coolo@suse.de -- force a feature configure won't accept without x11 in buildrequires
|
2017-06-19 13:30:43 +02:00
|
|
|
Patch1: feature-suse-do-autolaunch.patch
|
2022-03-08 19:40:09 +01:00
|
|
|
# PATCH-FEATURE-OPENSUSE sflees@suse.de, users shouldn't be allowed to start / stop the dbus service.
|
2017-06-19 13:30:43 +02:00
|
|
|
Patch2: feature-suse-refuse-manual-start-stop.patch
|
2022-03-08 19:40:09 +01:00
|
|
|
|
|
|
|
BuildRequires: alts
|
2017-11-17 06:00:45 +01:00
|
|
|
BuildRequires: autoconf-archive
|
2014-09-30 10:24:18 +02:00
|
|
|
BuildRequires: libcap-ng-devel
|
2020-01-30 11:30:51 +01:00
|
|
|
BuildRequires: libexpat-devel >= 2.1.0
|
2014-09-30 10:24:18 +02:00
|
|
|
BuildRequires: libtool
|
2016-12-06 11:00:23 +01:00
|
|
|
BuildRequires: pkgconfig
|
2016-12-09 12:02:34 +01:00
|
|
|
BuildRequires: pkgconfig(libsystemd) >= 209
|
2016-12-06 11:00:23 +01:00
|
|
|
BuildRequires: pkgconfig(x11)
|
2022-03-08 19:40:09 +01:00
|
|
|
|
2021-09-16 11:31:14 +02:00
|
|
|
Requires: alts
|
Accepting request 821367 from home:elimat:branches:Base:System
- Update to 1.12.20
* On Unix, avoid a use-after-free if two usernames have the same
numeric uid. In older versions this could lead to a crash (denial of
service) or other undefined behaviour, possibly including incorrect
authorization decisions if <policy group=...> is used.
Like Unix filesystems, D-Bus' model of identity cannot distinguish
between users of different names with the same numeric uid, so this
configuration is not advisable on systems where D-Bus will be used.
Thanks to Daniel Onaca.
(dbus#305, dbus!166; Simon McVittie)
- From 1.12.18
* CVE-2020-12049: If a message contains more file descriptors than can
be sent, close those that did get through before reporting error.
Previously, a local attacker could cause the system dbus-daemon (or
another system service with its own DBusServer) to run out of file
descriptors, by repeatedly connecting to the server and sending fds that
would get leaked.
Thanks to Kevin Backhouse of GitHub Security Lab.
(dbus#294, GHSL-2020-057; Simon McVittie)
* Fix a crash when the dbus-daemon is terminated while one or more
monitors are active (dbus#291, dbus!140; Simon McVittie)
* The dbus-send(1) man page now documents --bus and --peer instead of
the old --address synonym for --peer, which has been deprecated since
the introduction of --bus and --peer in 1.7.6
(fd.o #48816, dbus!115; Chris Morin)
* Fix a wrong environment variable name in dbus-daemon(1)
(dbus#275, dbus!122; Mubin, Philip Withnall)
* Fix formatting of dbus_message_append_args example
(dbus!126, Felipe Franciosi)
* Avoid a test failure on Linux when built in a container as uid 0, but
without the necessary privileges to increase resource limits
(dbus!58, Debian #908092; Simon McVittie)
* When building with CMake, cope with libX11 in a non-standard location
(dbus!129, Tuomo Rinne)
- Run spec-cleaner
OBS-URL: https://build.opensuse.org/request/show/821367
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=293
2020-07-17 02:09:42 +02:00
|
|
|
Supplements: (dbus-1 and libX11-6)
|
2016-12-06 11:00:23 +01:00
|
|
|
Provides: dbus-launch
|
2013-11-27 19:50:06 +01:00
|
|
|
%if %{with selinux}
|
|
|
|
BuildRequires: libselinux-devel
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%description
|
|
|
|
D-Bus contains some tools that require Xlib to be installed, those are
|
|
|
|
in this separate package so server systems need not install X.
|
|
|
|
|
|
|
|
%prep
|
2014-09-30 10:24:18 +02:00
|
|
|
%setup -q -n %{_name}-%{version}
|
2017-06-19 13:30:43 +02:00
|
|
|
%autopatch -p1
|
2013-11-27 19:50:06 +01:00
|
|
|
|
|
|
|
%build
|
2014-07-21 13:52:56 +02:00
|
|
|
echo 'HTML_TIMESTAMP=NO' >> Doxyfile.in
|
2013-11-27 19:50:06 +01:00
|
|
|
autoreconf -fi
|
|
|
|
# We use -fpie/-pie for the whole build; this is the recommended way to harden
|
|
|
|
# the build upstream, see discussion in fdo#46570
|
2014-09-30 10:24:18 +02:00
|
|
|
export CFLAGS="%{optflags} -fno-strict-aliasing -fPIC -fpie"
|
2013-11-27 19:50:06 +01:00
|
|
|
export LDFLAGS="-pie"
|
2014-09-30 10:24:18 +02:00
|
|
|
export CXXFLAGS="%{optflags} -fno-strict-aliasing"
|
2013-11-27 19:50:06 +01:00
|
|
|
export V=1
|
|
|
|
%configure \
|
2016-12-06 11:00:23 +01:00
|
|
|
--disable-static \
|
2017-11-22 23:28:31 +01:00
|
|
|
--libexecdir=%{_libexecdir}/dbus-1 \
|
2016-12-06 11:00:23 +01:00
|
|
|
--enable-inotify \
|
|
|
|
--disable-doxygen-docs \
|
2013-11-27 19:50:06 +01:00
|
|
|
%if %{with selinux}
|
2016-12-06 11:00:23 +01:00
|
|
|
--enable-selinux \
|
2013-11-27 19:50:06 +01:00
|
|
|
%endif
|
2016-12-06 11:00:23 +01:00
|
|
|
--enable-systemd \
|
2017-01-09 15:33:05 +01:00
|
|
|
--enable-user-session \
|
2016-12-06 11:00:23 +01:00
|
|
|
--enable-libaudit \
|
|
|
|
--with-console-auth-dir=/run/dbus/at_console/ \
|
|
|
|
--with-system-pid-file=/run/dbus/pid \
|
|
|
|
--with-system-socket=/run/dbus/system_bus_socket \
|
|
|
|
--with-systemdsystemunitdir=%{_unitdir} \
|
2017-01-09 15:35:49 +01:00
|
|
|
--with-systemduserunitdir=%{_userunitdir} \
|
2017-01-09 15:33:05 +01:00
|
|
|
--with-x
|
Accepting request 821367 from home:elimat:branches:Base:System
- Update to 1.12.20
* On Unix, avoid a use-after-free if two usernames have the same
numeric uid. In older versions this could lead to a crash (denial of
service) or other undefined behaviour, possibly including incorrect
authorization decisions if <policy group=...> is used.
Like Unix filesystems, D-Bus' model of identity cannot distinguish
between users of different names with the same numeric uid, so this
configuration is not advisable on systems where D-Bus will be used.
Thanks to Daniel Onaca.
(dbus#305, dbus!166; Simon McVittie)
- From 1.12.18
* CVE-2020-12049: If a message contains more file descriptors than can
be sent, close those that did get through before reporting error.
Previously, a local attacker could cause the system dbus-daemon (or
another system service with its own DBusServer) to run out of file
descriptors, by repeatedly connecting to the server and sending fds that
would get leaked.
Thanks to Kevin Backhouse of GitHub Security Lab.
(dbus#294, GHSL-2020-057; Simon McVittie)
* Fix a crash when the dbus-daemon is terminated while one or more
monitors are active (dbus#291, dbus!140; Simon McVittie)
* The dbus-send(1) man page now documents --bus and --peer instead of
the old --address synonym for --peer, which has been deprecated since
the introduction of --bus and --peer in 1.7.6
(fd.o #48816, dbus!115; Chris Morin)
* Fix a wrong environment variable name in dbus-daemon(1)
(dbus#275, dbus!122; Mubin, Philip Withnall)
* Fix formatting of dbus_message_append_args example
(dbus!126, Felipe Franciosi)
* Avoid a test failure on Linux when built in a container as uid 0, but
without the necessary privileges to increase resource limits
(dbus!58, Debian #908092; Simon McVittie)
* When building with CMake, cope with libX11 in a non-standard location
(dbus!129, Tuomo Rinne)
- Run spec-cleaner
OBS-URL: https://build.opensuse.org/request/show/821367
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=293
2020-07-17 02:09:42 +02:00
|
|
|
%make_build
|
2014-09-30 10:24:18 +02:00
|
|
|
|
2013-11-27 19:50:06 +01:00
|
|
|
%install
|
2016-12-06 11:00:23 +01:00
|
|
|
tdir=$(mktemp -d)
|
|
|
|
make DESTDIR=$tdir install
|
2013-11-27 19:50:06 +01:00
|
|
|
mkdir -p %{buildroot}/%{_bindir}
|
2017-07-15 02:46:53 +02:00
|
|
|
mv $tdir/%{_bindir}/dbus-launch %{buildroot}/%{_bindir}/dbus-launch.x11
|
2021-09-16 11:31:14 +02:00
|
|
|
# create entries for libalternatives
|
|
|
|
ln -sf %{_bindir}/alts %{buildroot}%{_bindir}/dbus-launch
|
|
|
|
mkdir -p %{buildroot}%{_datadir}/libalternatives/dbus-launch
|
|
|
|
cat > %{buildroot}%{_datadir}/libalternatives/dbus-launch/20.conf <<EOF
|
|
|
|
binary=%{_bindir}/dbus-launch.x11
|
|
|
|
group=dbus-launch
|
|
|
|
EOF
|
2016-11-24 09:29:21 +01:00
|
|
|
|
2021-09-16 11:31:14 +02:00
|
|
|
%pre
|
|
|
|
# removing old update-alternatives entries
|
2021-09-18 03:10:28 +02:00
|
|
|
if [ "$1" -gt 0 ] && [ -f %{_sbindir}/update-alternatives ] ; then
|
2021-09-16 11:31:14 +02:00
|
|
|
%{_sbindir}/update-alternatives --remove dbus-launch %{_bindir}/dbus-launch.x11
|
2021-11-24 09:38:49 +01:00
|
|
|
fi
|
2016-11-24 12:18:50 +01:00
|
|
|
|
2013-11-27 19:50:06 +01:00
|
|
|
%files
|
2021-09-16 11:31:14 +02:00
|
|
|
%dir %{_datadir}/libalternatives
|
|
|
|
%dir %{_datadir}/libalternatives/dbus-launch
|
|
|
|
%{_datadir}/libalternatives/dbus-launch/20.conf
|
2016-11-24 11:33:11 +01:00
|
|
|
%{_bindir}/dbus-launch
|
2016-11-24 12:18:50 +01:00
|
|
|
%{_bindir}/dbus-launch.x11
|
2013-11-27 19:50:06 +01:00
|
|
|
|
|
|
|
%changelog
|