Accepting request 284953 from Base:System

Update to 1.8.16, security update bnc#916343

OBS-URL: https://build.opensuse.org/request/show/284953
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dbus-1?expand=0&rev=128

dbus-1-x11.changes

@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Mon Feb  9 19:37:23 UTC 2015 - fstrba@suse.com
+
+- Update to 1.8.16:
+  * Security fixes:
+    - Do not allow non-uid-0 processes to send forged
+      ActivationFailure messages. On Linux systems with systemd
+      activation, this would allow a local denial of service:
+      unprivileged processes could flood the bus with these forged
+      messages, winning the race with the actual service activation
+      and causing an error reply to be sent back when service
+      auto-activation was requested. This does not prevent the real
+      service from being started, so it only works while the real
+      service is not running. (CVE-2015-0245, fdo#88811, bnc#916343;
+      Simon McVittie)
+  * Other fixes:
+    - fix a Windows build failure (fdo#88009, Ralf Habacker)
+    - on Windows, allow up to 8K connections to the dbus-daemon
+      instead of the previous 64, completing a previous fix which
+      only worked under Autotools (fdo#71297, Ralf Habacker)
+
 -------------------------------------------------------------------
 Tue Jan  6 07:57:14 UTC 2015 - fstrba@suse.com
 

dbus-1-x11.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package dbus-1-x11
 #
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -27,7 +27,7 @@
 %define _unitdir %{_libexecdir}/systemd/system
 %endif
 Name:           dbus-1-x11
-Version:        1.8.14
+Version:        1.8.16
 Release:        0
 Summary:        D-Bus Message Bus System
 License:        GPL-2.0+ or AFL-2.1

dbus-1.8.14.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:83425250a6a4c93b9ab4a349771a7700e8ddff2d73a5a088222ca47ae9ce1f1a
-size 1866141

dbus-1.8.16.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7f795268efd343ff0498786acb35097564390d40b1b6158daf1b4f742b522b07
+size 1866436

dbus-1.changes

@@ -1,3 +1,24 @@
+-------------------------------------------------------------------
+Mon Feb  9 19:37:23 UTC 2015 - fstrba@suse.com
+
+- Update to 1.8.16:
+  * Security fixes:
+    - Do not allow non-uid-0 processes to send forged
+      ActivationFailure messages. On Linux systems with systemd
+      activation, this would allow a local denial of service:
+      unprivileged processes could flood the bus with these forged
+      messages, winning the race with the actual service activation
+      and causing an error reply to be sent back when service
+      auto-activation was requested. This does not prevent the real
+      service from being started, so it only works while the real
+      service is not running. (CVE-2015-0245, fdo#88811, bnc#916343;
+      Simon McVittie)
+  * Other fixes:
+    - fix a Windows build failure (fdo#88009, Ralf Habacker)
+    - on Windows, allow up to 8K connections to the dbus-daemon
+      instead of the previous 64, completing a previous fix which
+      only worked under Autotools (fdo#71297, Ralf Habacker)
+
 -------------------------------------------------------------------
 Tue Jan  6 07:57:14 UTC 2015 - fstrba@suse.com
 

dbus-1.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package dbus-1
 #
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -26,7 +26,7 @@
 %define _unitdir %{_libexecdir}/systemd/system
 %endif
 Name:           dbus-1
-Version:        1.8.14
+Version:        1.8.16
 Release:        0
 Summary:        D-Bus Message Bus System
 License:        GPL-2.0+ or AFL-2.1