From 6a83c1aecfe0dde83ac3c3c93b3d5e1e3d8ebbae3a6f161d12b165d7a27c6b41 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Thu, 9 Feb 2023 17:09:45 +0000 Subject: [PATCH] - update to 1.14.6: * Fix an incorrect assertion that could be used to crash dbus-daemon or other users of DBusServer prior to authentication, if libdbus was compiled with assertions enabled. We recommend that production builds of dbus, for example in OS distributions, should be compiled with checks but without assertions. * When connected to a dbus-broker, stop dbus-monitor from incorrectly replying to Peer method calls that were sent to the dbus-broker with a NULL destination * Fix out-of-bounds varargs read in the dbus-daemon's config- parser. This is not attacker-triggerable and appears to be harmless in practice, but is technically undefined behaviour and is detected as such by AddressSanitizer. * Avoid a data race in multi-threaded use of DBusCounter * Fix a crash with some glibc versions when non-auditable SELinux events are logged (dbus!386, Jeremi Piotrowski) * If dbus_message_demarshal() runs out of memory while validating a message, report it as NoMemory rather than InvalidArgs (dbus#420, Simon McVittie) * Use C11 _Alignof if available, for better standards- compliance * Stop including an outdated copy of pkg.m4 in the git tree * Documentation: * Fix the test-apparmor-activation test after dbus#416 * Internal changes: * Fix CI builds with recent git versions (dbus#447, Simon McVittie) - switch to using multibuild OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=328 --- _multibuild | 5 +++++ dbus-1-devel-doc.spec | 4 ++-- dbus-1-x11.spec | 4 ++-- dbus-1.14.4.tar.xz | 3 --- dbus-1.14.4.tar.xz.asc | 16 ---------------- dbus-1.14.6.tar.xz | 3 +++ dbus-1.14.6.tar.xz.asc | 16 ++++++++++++++++ dbus-1.changes | 34 ++++++++++++++++++++++++++++++++++ dbus-1.spec | 4 ++-- 9 files changed, 64 insertions(+), 25 deletions(-) create mode 100644 _multibuild delete mode 100644 dbus-1.14.4.tar.xz delete mode 100644 dbus-1.14.4.tar.xz.asc create mode 100644 dbus-1.14.6.tar.xz create mode 100644 dbus-1.14.6.tar.xz.asc diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..ae14d5d --- /dev/null +++ b/_multibuild @@ -0,0 +1,5 @@ + +dbus-1 +dbus-1-devel-doc +dbus-1-x11 + diff --git a/dbus-1-devel-doc.spec b/dbus-1-devel-doc.spec index 900acf1..f3203d8 100644 --- a/dbus-1-devel-doc.spec +++ b/dbus-1-devel-doc.spec @@ -1,7 +1,7 @@ # # spec file for package dbus-1-devel-doc # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,7 +23,7 @@ %global _backup %{_sysconfdir}/sysconfig/services.rpmbak.%{name}-%{version}-%{release} %bcond_without selinux Name: dbus-1-devel-doc -Version: 1.14.4 +Version: 1.14.6 Release: 0 Summary: Developer documentation package for D-Bus License: AFL-2.1 OR GPL-2.0-or-later diff --git a/dbus-1-x11.spec b/dbus-1-x11.spec index a8ef5b9..9386078 100644 --- a/dbus-1-x11.spec +++ b/dbus-1-x11.spec @@ -1,7 +1,7 @@ # # spec file for package dbus-1-x11 # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -23,7 +23,7 @@ %endif %bcond_without selinux Name: dbus-1-x11 -Version: 1.14.4 +Version: 1.14.6 Release: 0 Summary: D-Bus Message Bus System License: AFL-2.1 OR GPL-2.0-or-later diff --git a/dbus-1.14.4.tar.xz b/dbus-1.14.4.tar.xz deleted file mode 100644 index df2c692..0000000 --- a/dbus-1.14.4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7c0f9b8e5ec0ff2479383e62c0084a3a29af99edf1514e9f659b81b30d4e353e -size 1368196 diff --git a/dbus-1.14.4.tar.xz.asc b/dbus-1.14.4.tar.xz.asc deleted file mode 100644 index 4acced1..0000000 --- a/dbus-1.14.4.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmM9YggACgkQ4FrhR4+B -TE9JAg/8CTXHPUehTP0j88B4p8CkPbG3HH8eS0XKgAAuKN2YjOHSxtX4+2rkL2Ga -t53EJo4dTeyeRmRuVGUhrUn548Btu8WkhsLqLaWjJ2941obXHW2jkmBRwX8afBhE -2cBbo2HtJIX4l5+d88DnOVsF9i4JLmBBkpSkQiEZrFbmQvT1kfL1LI2yySiAQjlC -SB4RQbJGjBiMZziarSHHw8Ttiw3WEvVeInpGGibdHvHJXqvnkuzPNQAfmVWB2UqN -kWbsWpjAS2A7epVew1VVrgr3hyxGkBwOYPuU5wXHkHmvchv5cBQ40HLFqn82lQ05 -eVFMkbxDEd7+/BSzVBVaElYB9lpqWT95h/dYqMcVsKH4cdQAYAGmVQ/4JnMENbGT -sj2zLlpYwwHjDumzPG43ZSnaaRCFJ0hvWGMNo4kHP7c97OIronlCOX9YFPYQJg5B -TKPXnK3GgL3Htr5cQhR17LFUnOPdH79KQi8Q6e6N4iASfkrgApnvgDr4aZBuafTm -1N/P730mtTgTniTWyfUOPkAAmvoCtBzcq74IXIhFXGiCbUpNI/nLdd4NG5CG2kIp -HOIFkereXW48UopGx7T4m6RCyLjziOdjmKpewu9OC1ECyh/TkIoKhm6IHg3m7JmT -sNPcwoO5xx7dRinIci/Npw0Dlf3eaRRruJVw9yJYR9HEom7byws= -=foU5 ------END PGP SIGNATURE----- diff --git a/dbus-1.14.6.tar.xz b/dbus-1.14.6.tar.xz new file mode 100644 index 0000000..e2aaa15 --- /dev/null +++ b/dbus-1.14.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fd2bdf1bb89dc365a46531bff631536f22b0d1c6d5ce2c5c5e59b55265b3d66b +size 1370540 diff --git a/dbus-1.14.6.tar.xz.asc b/dbus-1.14.6.tar.xz.asc new file mode 100644 index 0000000..18f7173 --- /dev/null +++ b/dbus-1.14.6.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmPj0IkACgkQ4FrhR4+B +TE8b6w//U29k+u6pC4LVeB93U9hjEaTdRNYb3hkR0gQJ3f8KnmNgYRQo2U2Kio4g +tUfZ/euopGOp8NjARtxzfPIGQ+O3g/kwHtFQvhTSZi21A966nlXzMoDApUf/L/uV +OS+sZbpc8DecE50JR2kZ/vRRr5Xss/IIqqib8Q4yhUiRbydCAiUczMbAVD61QdEG +wVBNpCJcATQr+fivFf2nTaqwIkq9g09LNKeVWCyDPs+54z9dvfA2sOXP5w9wqV1Z +jNIPYAEdK3X3N0fASEyRkNpIIKglZjHtzUIu7RgJ8F/8XEw6579bd+9KDN5LoUvN +JgBzCBVinqrqluLzEzz4CvA1Pp2N8hy4vZ3wIrlNmLKtl8wO5RDek2UL7DbEpcfP +aPlVt+C/he62iBGRRd0p32CjuZbUyCz94yCqwl1bkMqujO6tuo0L8g8QBMTo386t +hayvobag+oi6KUGMv/1hNbfV4DprEo0koebc6bQWEVqovceIoOa4ImvkWI1CmNQw +/Bwe3Q1NyaVoAtjFwp55UvTxaaj5JVxF938NXLHWLzORzc0ATGtl3xvijfNxnsbp +45in6QmRL3ruIb6m8beqrvD0p3Bho2HGtobIBNkJsHfRqwyMgKb7qBq4rAY4fEX9 +9faJxlJz+6kVPMIcgCmfytTpfqYKj12t/iCBbzdYfKzGYbbHa4E= +=XM3I +-----END PGP SIGNATURE----- diff --git a/dbus-1.changes b/dbus-1.changes index 2fd479d..9d5186b 100644 --- a/dbus-1.changes +++ b/dbus-1.changes @@ -1,3 +1,37 @@ +------------------------------------------------------------------- +Thu Feb 9 17:04:27 UTC 2023 - Dirk Müller + +- update to 1.14.6: + * Fix an incorrect assertion that could be used to crash + dbus-daemon or other users of DBusServer prior to + authentication, if libdbus was compiled with assertions + enabled. + We recommend that production builds of dbus, for example in + OS distributions, should be compiled with checks but + without assertions. + * When connected to a dbus-broker, stop dbus-monitor from + incorrectly replying to Peer method calls that were sent to the + dbus-broker with a NULL destination + * Fix out-of-bounds varargs read in the dbus-daemon's config- + parser. This is not attacker-triggerable and appears to be + harmless in practice, but is technically undefined behaviour + and is detected as such by AddressSanitizer. + * Avoid a data race in multi-threaded use of DBusCounter + * Fix a crash with some glibc versions when non-auditable + SELinux events are logged (dbus!386, Jeremi Piotrowski) + * If dbus_message_demarshal() runs out of memory while + validating a message, report it as NoMemory rather than + InvalidArgs (dbus#420, Simon McVittie) + * Use C11 _Alignof if available, for better standards- + compliance + * Stop including an outdated copy of pkg.m4 in the git tree + * Documentation: + * Fix the test-apparmor-activation test after dbus#416 + * Internal changes: + * Fix CI builds with recent git versions (dbus#447, Simon + McVittie) +- switch to using multibuild + ------------------------------------------------------------------- Wed Oct 26 08:53:48 UTC 2022 - Dirk Müller diff --git a/dbus-1.spec b/dbus-1.spec index 9e3f93b..2df361a 100644 --- a/dbus-1.spec +++ b/dbus-1.spec @@ -1,7 +1,7 @@ # # spec file for package dbus-1 # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ %define _libname libdbus-1-3 %bcond_without selinux Name: dbus-1 -Version: 1.14.4 +Version: 1.14.6 Release: 0 Summary: D-Bus Message Bus System License: AFL-2.1 OR GPL-2.0-or-later