2013-11-27 19:50:06 +01:00
|
|
|
#
|
|
|
|
|
# spec file for package dbus-1-x11
|
|
|
|
|
#
|
- update to 1.14.6:
* Fix an incorrect assertion that could be used to crash
dbus-daemon or other users of DBusServer prior to
authentication, if libdbus was compiled with assertions
enabled.
We recommend that production builds of dbus, for example in
OS distributions, should be compiled with checks but
without assertions.
* When connected to a dbus-broker, stop dbus-monitor from
incorrectly replying to Peer method calls that were sent to the
dbus-broker with a NULL destination
* Fix out-of-bounds varargs read in the dbus-daemon's config-
parser. This is not attacker-triggerable and appears to be
harmless in practice, but is technically undefined behaviour
and is detected as such by AddressSanitizer.
* Avoid a data race in multi-threaded use of DBusCounter
* Fix a crash with some glibc versions when non-auditable
SELinux events are logged (dbus!386, Jeremi Piotrowski)
* If dbus_message_demarshal() runs out of memory while
validating a message, report it as NoMemory rather than
InvalidArgs (dbus#420, Simon McVittie)
* Use C11 _Alignof if available, for better standards-
compliance
* Stop including an outdated copy of pkg.m4 in the git tree
* Documentation:
* Fix the test-apparmor-activation test after dbus#416
* Internal changes:
* Fix CI builds with recent git versions (dbus#447, Simon
McVittie)
- switch to using multibuild
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=328
2023-02-09 18:09:45 +01:00
|
|
|
# Copyright (c) 2023 SUSE LLC
|
2013-11-27 19:50:06 +01:00
|
|
|
#
|
|
|
|
|
# All modifications and additions to the file contributed by third parties
|
|
|
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
|
|
|
# upon. The license for this file, and modifications and additions to the
|
|
|
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
|
|
|
# license for the pristine package is not an Open Source License, in which
|
|
|
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
|
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
|
|
|
# published by the Open Source Initiative.
|
|
|
|
|
|
2018-12-19 20:15:58 +01:00
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
2013-11-27 19:50:06 +01:00
|
|
|
#
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
%define _name dbus
|
2014-01-10 17:58:41 +01:00
|
|
|
%define _libname libdbus-1-3
|
2017-01-09 17:16:27 +01:00
|
|
|
%if 0%{?suse_version} <= 1320
|
|
|
|
|
%define _userunitdir %{_prefix}/lib/systemd/user
|
|
|
|
|
%endif
|
2014-09-30 10:24:18 +02:00
|
|
|
%bcond_without selinux
|
|
|
|
|
Name: dbus-1-x11
|
2023-09-13 10:46:45 +02:00
|
|
|
Version: 1.14.10
|
2016-12-06 11:00:23 +01:00
|
|
|
Release: 0
|
2014-09-30 10:24:18 +02:00
|
|
|
Summary: D-Bus Message Bus System
|
2021-04-08 00:36:23 +02:00
|
|
|
License: AFL-2.1 OR GPL-2.0-or-later
|
Accepting request 821367 from home:elimat:branches:Base:System
- Update to 1.12.20
* On Unix, avoid a use-after-free if two usernames have the same
numeric uid. In older versions this could lead to a crash (denial of
service) or other undefined behaviour, possibly including incorrect
authorization decisions if <policy group=...> is used.
Like Unix filesystems, D-Bus' model of identity cannot distinguish
between users of different names with the same numeric uid, so this
configuration is not advisable on systems where D-Bus will be used.
Thanks to Daniel Onaca.
(dbus#305, dbus!166; Simon McVittie)
- From 1.12.18
* CVE-2020-12049: If a message contains more file descriptors than can
be sent, close those that did get through before reporting error.
Previously, a local attacker could cause the system dbus-daemon (or
another system service with its own DBusServer) to run out of file
descriptors, by repeatedly connecting to the server and sending fds that
would get leaked.
Thanks to Kevin Backhouse of GitHub Security Lab.
(dbus#294, GHSL-2020-057; Simon McVittie)
* Fix a crash when the dbus-daemon is terminated while one or more
monitors are active (dbus#291, dbus!140; Simon McVittie)
* The dbus-send(1) man page now documents --bus and --peer instead of
the old --address synonym for --peer, which has been deprecated since
the introduction of --bus and --peer in 1.7.6
(fd.o #48816, dbus!115; Chris Morin)
* Fix a wrong environment variable name in dbus-daemon(1)
(dbus#275, dbus!122; Mubin, Philip Withnall)
* Fix formatting of dbus_message_append_args example
(dbus!126, Felipe Franciosi)
* Avoid a test failure on Linux when built in a container as uid 0, but
without the necessary privileges to increase resource limits
(dbus!58, Debian #908092; Simon McVittie)
* When building with CMake, cope with libX11 in a non-standard location
(dbus!129, Tuomo Rinne)
- Run spec-cleaner
OBS-URL: https://build.opensuse.org/request/show/821367
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=293
2020-07-17 02:09:42 +02:00
|
|
|
URL: https://dbus.freedesktop.org/
|
2022-03-08 19:40:09 +01:00
|
|
|
Source0: https://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.xz
|
|
|
|
|
Source1: https://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.xz.asc
|
Accepting request 754216 from home:simotek:branches:Base:System
- Verify signatures
* dbus-1.keyring - Key for Simon McVittie (smcv) from the Debian
developer keyring.
- Drop dbus_at_console.ck not needed
- Clean up sources
* Source2 dbus-1.desktop now Source4
* baselib.conf now source 3
- Update to 1.12.16
* CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
authentication for identities that differ from the user running the
DBusServer. Previously, a local attacker could manipulate symbolic
links in their own home directory to bypass authentication and connect
to a DBusServer with elevated privileges. The standard system and
session dbus-daemons in their default configuration were immune to this
attack because they did not allow DBUS_COOKIE_SHA1, but third-party
users of DBusServer such as Upstart could be vulnerable.
Thanks to Joe Vennix of Apple Information Security.
(bsc#1137832, dbus#269, Simon McVittie)
- From 1.12.14
* Raise soft fd limit to match hard limit, even if unprivileged.
This makes session buses with many clients, or with clients that make
heavy use of fd-passing, less likely to suffer from fd exhaustion.
(dbus!103, Simon McVittie)
* If a privileged dbus-daemon has a hard fd limit greater than 64K, don't
reduce it to 64K, ensuring that we can put back the original fd limits
when carrying out traditional (non-systemd) activation. This fixes a
regression with systemd >= 240 in which system services inherited
dbus-daemon's hard and soft limit of 64K fds, instead of the intended
soft limit of 1K and hard limit of 512K or 1M.
(dbus!103, Debian#928877; Simon McVittie)
* Fix build failures caused by an AX_CODE_COVERAGE API change in newer
autoconf-archive versions (dbus#249, dbus!88; Simon McVittie)
* Fix build failures with newer autoconf-archive versions that include
AX_-prefixed shell variable names (dbus#249, dbus!86; Simon McVittie)
* Parse section/group names in .service files according to the syntax
from the Desktop Entry Specification, rejecting control characters
and non-ASCII in section/group names (dbus#208, David King)
* Fix various -Wlogical-op issues that cause build failure with newer
gcc versions (dbus#225, dbus!109; David King)
* Don't assume we can set permissions on a directory, for the benefit of
MSYS and Cygwin builds (dbus#216, dbus!110; Simon McVittie)
* Don't overwrite PKG_CONFIG_PATH and related environment variables when
the pkg-config-based version of DBus1Config is used in a CMake project
(dbus#267, dbus!96; Clemens Lang)
- Drop now upstream Patches
* dbus-no-ax-check.patch
* dbus-new-autoconf-archive.patch
- Fix two inconsistencies with _libexecdir, sysusers.d and
tmpfiles.d are always in %{_prefix}/lib/.
- Drop update-desktop-files BuildRequires, once added for
mimetypes.prov which is no longer part of update-desktop-files,
and dbus-1.desktop does not even handles a single mimetype.
- Replace DISABLE_RESTART_ON_UPDATE with
%service_del_postun_without_restart
- Remove version specific code to block all updates on restart as
hopefully no tumbleweed versions still have code causing those
issues (was only present for a few snapshots)
- Remove the Leap42 conditionals that cause file conflict with
filesystem package
- Drop use of $FIRST_ARG in .spec
The use of $FIRST_ARG was probably required because of the
%service_* rpm macros were playing tricks with the shell positional
parameters. This is bad practice and error prones so let's assume
that no macros should do that anymore and hence it's safe to assume
that positional parameters remains unchanged after any rpm macro
call.
OBS-URL: https://build.opensuse.org/request/show/754216
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=287
2019-12-06 05:01:33 +01:00
|
|
|
Source2: dbus-1.keyring
|
|
|
|
|
Source3: baselibs.conf
|
|
|
|
|
Source4: dbus-1.desktop
|
2022-03-08 19:40:09 +01:00
|
|
|
|
|
|
|
|
# PATCH-FEATURE-OPENSUSE feature-suse-log-deny.patch
|
2017-06-19 13:30:43 +02:00
|
|
|
Patch0: feature-suse-log-deny.patch
|
2013-11-27 19:50:06 +01:00
|
|
|
# PATCH-FIX-OPENSUSE coolo@suse.de -- force a feature configure won't accept without x11 in buildrequires
|
2017-06-19 13:30:43 +02:00
|
|
|
Patch1: feature-suse-do-autolaunch.patch
|
2022-03-08 19:40:09 +01:00
|
|
|
# PATCH-FEATURE-OPENSUSE sflees@suse.de, users shouldn't be allowed to start / stop the dbus service.
|
2017-06-19 13:30:43 +02:00
|
|
|
Patch2: feature-suse-refuse-manual-start-stop.patch
|
2022-03-08 19:40:09 +01:00
|
|
|
|
|
|
|
|
BuildRequires: alts
|
2017-11-17 06:00:45 +01:00
|
|
|
BuildRequires: autoconf-archive
|
2014-09-30 10:24:18 +02:00
|
|
|
BuildRequires: libcap-ng-devel
|
2020-01-30 11:30:51 +01:00
|
|
|
BuildRequires: libexpat-devel >= 2.1.0
|
2014-09-30 10:24:18 +02:00
|
|
|
BuildRequires: libtool
|
2016-12-06 11:00:23 +01:00
|
|
|
BuildRequires: pkgconfig
|
2016-12-09 12:02:34 +01:00
|
|
|
BuildRequires: pkgconfig(libsystemd) >= 209
|
2016-12-06 11:00:23 +01:00
|
|
|
BuildRequires: pkgconfig(x11)
|
2022-03-08 19:40:09 +01:00
|
|
|
|
2021-09-16 11:31:14 +02:00
|
|
|
Requires: alts
|
Accepting request 821367 from home:elimat:branches:Base:System
- Update to 1.12.20
* On Unix, avoid a use-after-free if two usernames have the same
numeric uid. In older versions this could lead to a crash (denial of
service) or other undefined behaviour, possibly including incorrect
authorization decisions if <policy group=...> is used.
Like Unix filesystems, D-Bus' model of identity cannot distinguish
between users of different names with the same numeric uid, so this
configuration is not advisable on systems where D-Bus will be used.
Thanks to Daniel Onaca.
(dbus#305, dbus!166; Simon McVittie)
- From 1.12.18
* CVE-2020-12049: If a message contains more file descriptors than can
be sent, close those that did get through before reporting error.
Previously, a local attacker could cause the system dbus-daemon (or
another system service with its own DBusServer) to run out of file
descriptors, by repeatedly connecting to the server and sending fds that
would get leaked.
Thanks to Kevin Backhouse of GitHub Security Lab.
(dbus#294, GHSL-2020-057; Simon McVittie)
* Fix a crash when the dbus-daemon is terminated while one or more
monitors are active (dbus#291, dbus!140; Simon McVittie)
* The dbus-send(1) man page now documents --bus and --peer instead of
the old --address synonym for --peer, which has been deprecated since
the introduction of --bus and --peer in 1.7.6
(fd.o #48816, dbus!115; Chris Morin)
* Fix a wrong environment variable name in dbus-daemon(1)
(dbus#275, dbus!122; Mubin, Philip Withnall)
* Fix formatting of dbus_message_append_args example
(dbus!126, Felipe Franciosi)
* Avoid a test failure on Linux when built in a container as uid 0, but
without the necessary privileges to increase resource limits
(dbus!58, Debian #908092; Simon McVittie)
* When building with CMake, cope with libX11 in a non-standard location
(dbus!129, Tuomo Rinne)
- Run spec-cleaner
OBS-URL: https://build.opensuse.org/request/show/821367
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=293
2020-07-17 02:09:42 +02:00
|
|
|
Supplements: (dbus-1 and libX11-6)
|
2016-12-06 11:00:23 +01:00
|
|
|
Provides: dbus-launch
|
2013-11-27 19:50:06 +01:00
|
|
|
%if %{with selinux}
|
|
|
|
|
BuildRequires: libselinux-devel
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%description
|
|
|
|
|
D-Bus contains some tools that require Xlib to be installed, those are
|
|
|
|
|
in this separate package so server systems need not install X.
|
|
|
|
|
|
|
|
|
|
%prep
|
2014-09-30 10:24:18 +02:00
|
|
|
%setup -q -n %{_name}-%{version}
|
2017-06-19 13:30:43 +02:00
|
|
|
%autopatch -p1
|
2013-11-27 19:50:06 +01:00
|
|
|
|
|
|
|
|
%build
|
2014-07-21 13:52:56 +02:00
|
|
|
echo 'HTML_TIMESTAMP=NO' >> Doxyfile.in
|
2013-11-27 19:50:06 +01:00
|
|
|
# We use -fpie/-pie for the whole build; this is the recommended way to harden
|
|
|
|
|
# the build upstream, see discussion in fdo#46570
|
2014-09-30 10:24:18 +02:00
|
|
|
export CFLAGS="%{optflags} -fno-strict-aliasing -fPIC -fpie"
|
2013-11-27 19:50:06 +01:00
|
|
|
export LDFLAGS="-pie"
|
2014-09-30 10:24:18 +02:00
|
|
|
export CXXFLAGS="%{optflags} -fno-strict-aliasing"
|
2013-11-27 19:50:06 +01:00
|
|
|
export V=1
|
2022-03-18 17:09:03 +01:00
|
|
|
# --with-x=auto is a workaround until https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/263
|
|
|
|
|
# is included (1.14.1+)
|
2013-11-27 19:50:06 +01:00
|
|
|
%configure \
|
2016-12-06 11:00:23 +01:00
|
|
|
--disable-static \
|
2022-10-16 01:02:03 +02:00
|
|
|
--disable-asserts \
|
2022-03-14 11:47:02 +01:00
|
|
|
--runstatedir=%{_rundir} \
|
2017-11-22 23:28:31 +01:00
|
|
|
--libexecdir=%{_libexecdir}/dbus-1 \
|
2016-12-06 11:00:23 +01:00
|
|
|
--enable-inotify \
|
2022-03-14 11:47:02 +01:00
|
|
|
--disable-doxygen-docs \
|
2013-11-27 19:50:06 +01:00
|
|
|
%if %{with selinux}
|
2016-12-06 11:00:23 +01:00
|
|
|
--enable-selinux \
|
2013-11-27 19:50:06 +01:00
|
|
|
%endif
|
2016-12-06 11:00:23 +01:00
|
|
|
--enable-systemd \
|
2017-01-09 15:33:05 +01:00
|
|
|
--enable-user-session \
|
2016-12-06 11:00:23 +01:00
|
|
|
--enable-libaudit \
|
|
|
|
|
--with-console-auth-dir=/run/dbus/at_console/ \
|
|
|
|
|
--with-system-pid-file=/run/dbus/pid \
|
|
|
|
|
--with-system-socket=/run/dbus/system_bus_socket \
|
|
|
|
|
--with-systemdsystemunitdir=%{_unitdir} \
|
2017-01-09 15:35:49 +01:00
|
|
|
--with-systemduserunitdir=%{_userunitdir} \
|
2022-03-18 17:09:03 +01:00
|
|
|
--with-x=auto
|
Accepting request 821367 from home:elimat:branches:Base:System
- Update to 1.12.20
* On Unix, avoid a use-after-free if two usernames have the same
numeric uid. In older versions this could lead to a crash (denial of
service) or other undefined behaviour, possibly including incorrect
authorization decisions if <policy group=...> is used.
Like Unix filesystems, D-Bus' model of identity cannot distinguish
between users of different names with the same numeric uid, so this
configuration is not advisable on systems where D-Bus will be used.
Thanks to Daniel Onaca.
(dbus#305, dbus!166; Simon McVittie)
- From 1.12.18
* CVE-2020-12049: If a message contains more file descriptors than can
be sent, close those that did get through before reporting error.
Previously, a local attacker could cause the system dbus-daemon (or
another system service with its own DBusServer) to run out of file
descriptors, by repeatedly connecting to the server and sending fds that
would get leaked.
Thanks to Kevin Backhouse of GitHub Security Lab.
(dbus#294, GHSL-2020-057; Simon McVittie)
* Fix a crash when the dbus-daemon is terminated while one or more
monitors are active (dbus#291, dbus!140; Simon McVittie)
* The dbus-send(1) man page now documents --bus and --peer instead of
the old --address synonym for --peer, which has been deprecated since
the introduction of --bus and --peer in 1.7.6
(fd.o #48816, dbus!115; Chris Morin)
* Fix a wrong environment variable name in dbus-daemon(1)
(dbus#275, dbus!122; Mubin, Philip Withnall)
* Fix formatting of dbus_message_append_args example
(dbus!126, Felipe Franciosi)
* Avoid a test failure on Linux when built in a container as uid 0, but
without the necessary privileges to increase resource limits
(dbus!58, Debian #908092; Simon McVittie)
* When building with CMake, cope with libX11 in a non-standard location
(dbus!129, Tuomo Rinne)
- Run spec-cleaner
OBS-URL: https://build.opensuse.org/request/show/821367
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=293
2020-07-17 02:09:42 +02:00
|
|
|
%make_build
|
2014-09-30 10:24:18 +02:00
|
|
|
|
2013-11-27 19:50:06 +01:00
|
|
|
%install
|
2016-12-06 11:00:23 +01:00
|
|
|
tdir=$(mktemp -d)
|
|
|
|
|
make DESTDIR=$tdir install
|
2013-11-27 19:50:06 +01:00
|
|
|
mkdir -p %{buildroot}/%{_bindir}
|
2017-07-15 02:46:53 +02:00
|
|
|
mv $tdir/%{_bindir}/dbus-launch %{buildroot}/%{_bindir}/dbus-launch.x11
|
2021-09-16 11:31:14 +02:00
|
|
|
# create entries for libalternatives
|
|
|
|
|
ln -sf %{_bindir}/alts %{buildroot}%{_bindir}/dbus-launch
|
|
|
|
|
mkdir -p %{buildroot}%{_datadir}/libalternatives/dbus-launch
|
|
|
|
|
cat > %{buildroot}%{_datadir}/libalternatives/dbus-launch/20.conf <<EOF
|
|
|
|
|
binary=%{_bindir}/dbus-launch.x11
|
|
|
|
|
group=dbus-launch
|
|
|
|
|
EOF
|
2016-11-24 09:29:21 +01:00
|
|
|
|
2021-09-16 11:31:14 +02:00
|
|
|
%pre
|
|
|
|
|
# removing old update-alternatives entries
|
2021-09-18 03:10:28 +02:00
|
|
|
if [ "$1" -gt 0 ] && [ -f %{_sbindir}/update-alternatives ] ; then
|
2021-09-16 11:31:14 +02:00
|
|
|
%{_sbindir}/update-alternatives --remove dbus-launch %{_bindir}/dbus-launch.x11
|
2021-11-24 09:38:49 +01:00
|
|
|
fi
|
2016-11-24 12:18:50 +01:00
|
|
|
|
2013-11-27 19:50:06 +01:00
|
|
|
%files
|
2021-09-16 11:31:14 +02:00
|
|
|
%dir %{_datadir}/libalternatives
|
|
|
|
|
%dir %{_datadir}/libalternatives/dbus-launch
|
|
|
|
|
%{_datadir}/libalternatives/dbus-launch/20.conf
|
2016-11-24 11:33:11 +01:00
|
|
|
%{_bindir}/dbus-launch
|
2016-11-24 12:18:50 +01:00
|
|
|
%{_bindir}/dbus-launch.x11
|
2013-11-27 19:50:06 +01:00
|
|
|
|
|
|
|
|
%changelog
|
