- update to 1.14.6:

* Fix an incorrect assertion that could be used to crash
    dbus-daemon or other users of DBusServer prior to 
    authentication, if libdbus was compiled with assertions
    enabled.
    We recommend that production builds of dbus, for example in
    OS distributions, should be compiled with checks but
    without assertions.
  * When connected to a dbus-broker, stop dbus-monitor from
    incorrectly replying to Peer method calls that were sent to the
    dbus-broker with a NULL destination
  * Fix out-of-bounds varargs read in the dbus-daemon's config-
    parser.  This is not attacker-triggerable and appears to be
    harmless in practice, but is technically undefined behaviour
    and is detected as such by AddressSanitizer.
  * Avoid a data race in multi-threaded use of DBusCounter
  * Fix a crash with some glibc versions when non-auditable
    SELinux events are logged (dbus!386, Jeremi Piotrowski)
  * If dbus_message_demarshal() runs out of memory while
    validating a message, report it as NoMemory rather than
    InvalidArgs (dbus#420, Simon McVittie)
  * Use C11 _Alignof if available, for better standards-
    compliance
  * Stop including an outdated copy of pkg.m4 in the git tree
  * Documentation:
  * Fix the test-apparmor-activation test after dbus#416
  * Internal changes:
  * Fix CI builds with recent git versions (dbus#447, Simon
    McVittie)
- switch to using multibuild

OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=328

_multibuild

@@ -0,0 +1,5 @@
+<multibuild>
+<package>dbus-1</package>
+<package>dbus-1-devel-doc</package>
+<package>dbus-1-x11</package>
+</multibuild>

dbus-1-devel-doc.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package dbus-1-devel-doc
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -23,7 +23,7 @@
 %global _backup %{_sysconfdir}/sysconfig/services.rpmbak.%{name}-%{version}-%{release}
 %bcond_without selinux
 Name:           dbus-1-devel-doc
-Version:        1.14.4
+Version:        1.14.6
 Release:        0
 Summary:        Developer documentation package for D-Bus
 License:        AFL-2.1 OR GPL-2.0-or-later

dbus-1-x11.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package dbus-1-x11
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -23,7 +23,7 @@
 %endif
 %bcond_without selinux
 Name:           dbus-1-x11
-Version:        1.14.4
+Version:        1.14.6
 Release:        0
 Summary:        D-Bus Message Bus System
 License:        AFL-2.1 OR GPL-2.0-or-later

dbus-1.14.4.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7c0f9b8e5ec0ff2479383e62c0084a3a29af99edf1514e9f659b81b30d4e353e
-size 1368196

dbus-1.14.4.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmM9YggACgkQ4FrhR4+B
-TE9JAg/8CTXHPUehTP0j88B4p8CkPbG3HH8eS0XKgAAuKN2YjOHSxtX4+2rkL2Ga
-t53EJo4dTeyeRmRuVGUhrUn548Btu8WkhsLqLaWjJ2941obXHW2jkmBRwX8afBhE
-2cBbo2HtJIX4l5+d88DnOVsF9i4JLmBBkpSkQiEZrFbmQvT1kfL1LI2yySiAQjlC
-SB4RQbJGjBiMZziarSHHw8Ttiw3WEvVeInpGGibdHvHJXqvnkuzPNQAfmVWB2UqN
-kWbsWpjAS2A7epVew1VVrgr3hyxGkBwOYPuU5wXHkHmvchv5cBQ40HLFqn82lQ05
-eVFMkbxDEd7+/BSzVBVaElYB9lpqWT95h/dYqMcVsKH4cdQAYAGmVQ/4JnMENbGT
-sj2zLlpYwwHjDumzPG43ZSnaaRCFJ0hvWGMNo4kHP7c97OIronlCOX9YFPYQJg5B
-TKPXnK3GgL3Htr5cQhR17LFUnOPdH79KQi8Q6e6N4iASfkrgApnvgDr4aZBuafTm
-1N/P730mtTgTniTWyfUOPkAAmvoCtBzcq74IXIhFXGiCbUpNI/nLdd4NG5CG2kIp
-HOIFkereXW48UopGx7T4m6RCyLjziOdjmKpewu9OC1ECyh/TkIoKhm6IHg3m7JmT
-sNPcwoO5xx7dRinIci/Npw0Dlf3eaRRruJVw9yJYR9HEom7byws=
-=foU5
------END PGP SIGNATURE-----

dbus-1.14.6.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fd2bdf1bb89dc365a46531bff631536f22b0d1c6d5ce2c5c5e59b55265b3d66b
+size 1370540

dbus-1.14.6.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmPj0IkACgkQ4FrhR4+B
+TE8b6w//U29k+u6pC4LVeB93U9hjEaTdRNYb3hkR0gQJ3f8KnmNgYRQo2U2Kio4g
+tUfZ/euopGOp8NjARtxzfPIGQ+O3g/kwHtFQvhTSZi21A966nlXzMoDApUf/L/uV
+OS+sZbpc8DecE50JR2kZ/vRRr5Xss/IIqqib8Q4yhUiRbydCAiUczMbAVD61QdEG
+wVBNpCJcATQr+fivFf2nTaqwIkq9g09LNKeVWCyDPs+54z9dvfA2sOXP5w9wqV1Z
+jNIPYAEdK3X3N0fASEyRkNpIIKglZjHtzUIu7RgJ8F/8XEw6579bd+9KDN5LoUvN
+JgBzCBVinqrqluLzEzz4CvA1Pp2N8hy4vZ3wIrlNmLKtl8wO5RDek2UL7DbEpcfP
+aPlVt+C/he62iBGRRd0p32CjuZbUyCz94yCqwl1bkMqujO6tuo0L8g8QBMTo386t
+hayvobag+oi6KUGMv/1hNbfV4DprEo0koebc6bQWEVqovceIoOa4ImvkWI1CmNQw
+/Bwe3Q1NyaVoAtjFwp55UvTxaaj5JVxF938NXLHWLzORzc0ATGtl3xvijfNxnsbp
+45in6QmRL3ruIb6m8beqrvD0p3Bho2HGtobIBNkJsHfRqwyMgKb7qBq4rAY4fEX9
+9faJxlJz+6kVPMIcgCmfytTpfqYKj12t/iCBbzdYfKzGYbbHa4E=
+=XM3I
+-----END PGP SIGNATURE-----

dbus-1.changes

@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Thu Feb  9 17:04:27 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.14.6:
+  * Fix an incorrect assertion that could be used to crash
+    dbus-daemon or other users of DBusServer prior to 
+    authentication, if libdbus was compiled with assertions
+    enabled.
+    We recommend that production builds of dbus, for example in
+    OS distributions, should be compiled with checks but
+    without assertions.
+  * When connected to a dbus-broker, stop dbus-monitor from
+    incorrectly replying to Peer method calls that were sent to the
+    dbus-broker with a NULL destination
+  * Fix out-of-bounds varargs read in the dbus-daemon's config-
+    parser.  This is not attacker-triggerable and appears to be
+    harmless in practice, but is technically undefined behaviour
+    and is detected as such by AddressSanitizer.
+  * Avoid a data race in multi-threaded use of DBusCounter
+  * Fix a crash with some glibc versions when non-auditable
+    SELinux events are logged (dbus!386, Jeremi Piotrowski)
+  * If dbus_message_demarshal() runs out of memory while
+    validating a message, report it as NoMemory rather than
+    InvalidArgs (dbus#420, Simon McVittie)
+  * Use C11 _Alignof if available, for better standards-
+    compliance
+  * Stop including an outdated copy of pkg.m4 in the git tree
+  * Documentation:
+  * Fix the test-apparmor-activation test after dbus#416
+  * Internal changes:
+  * Fix CI builds with recent git versions (dbus#447, Simon
+    McVittie)
+- switch to using multibuild
+
 -------------------------------------------------------------------
 Wed Oct 26 08:53:48 UTC 2022 - Dirk Müller <dmueller@suse.com>
 

dbus-1.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package dbus-1
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -21,7 +21,7 @@
 %define _libname libdbus-1-3
 %bcond_without selinux
 Name:           dbus-1
-Version:        1.14.4
+Version:        1.14.6
 Release:        0
 Summary:        D-Bus Message Bus System
 License:        AFL-2.1 OR GPL-2.0-or-later