From 3aa97ec44acad6359690ccb6eec7cbe210a41e929002b7251b733b612b724158 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Mon, 12 Jun 2023 21:16:15 +0000 Subject: [PATCH 1/2] - update to 1.14.8: * Denial-of-service fixes: * Fix an assertion failure in dbus-daemon when a privileged Monitoring connection (dbus-monitor, busctl monitor, gdbus monitor or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to rules or outgoing message quota. This is a denial of service if triggered maliciously by a local attacker. * Fix compilation on compilers not supporting __FUNCTION__ * Fix some memory leaks on out-of-memory conditions * Fix syntax of a code sample in dbus-api-design OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=335 --- dbus-1-devel-doc.spec | 2 +- dbus-1-x11.spec | 2 +- dbus-1.14.6.tar.xz | 3 --- dbus-1.14.6.tar.xz.asc | 16 ---------------- dbus-1.14.8.tar.xz | 3 +++ dbus-1.14.8.tar.xz.asc | 16 ++++++++++++++++ dbus-1.changes | 16 ++++++++++++++++ dbus-1.spec | 2 +- 8 files changed, 38 insertions(+), 22 deletions(-) delete mode 100644 dbus-1.14.6.tar.xz delete mode 100644 dbus-1.14.6.tar.xz.asc create mode 100644 dbus-1.14.8.tar.xz create mode 100644 dbus-1.14.8.tar.xz.asc diff --git a/dbus-1-devel-doc.spec b/dbus-1-devel-doc.spec index f3203d8..662efd4 100644 --- a/dbus-1-devel-doc.spec +++ b/dbus-1-devel-doc.spec @@ -23,7 +23,7 @@ %global _backup %{_sysconfdir}/sysconfig/services.rpmbak.%{name}-%{version}-%{release} %bcond_without selinux Name: dbus-1-devel-doc -Version: 1.14.6 +Version: 1.14.8 Release: 0 Summary: Developer documentation package for D-Bus License: AFL-2.1 OR GPL-2.0-or-later diff --git a/dbus-1-x11.spec b/dbus-1-x11.spec index 9386078..887df9d 100644 --- a/dbus-1-x11.spec +++ b/dbus-1-x11.spec @@ -23,7 +23,7 @@ %endif %bcond_without selinux Name: dbus-1-x11 -Version: 1.14.6 +Version: 1.14.8 Release: 0 Summary: D-Bus Message Bus System License: AFL-2.1 OR GPL-2.0-or-later diff --git a/dbus-1.14.6.tar.xz b/dbus-1.14.6.tar.xz deleted file mode 100644 index e2aaa15..0000000 --- a/dbus-1.14.6.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fd2bdf1bb89dc365a46531bff631536f22b0d1c6d5ce2c5c5e59b55265b3d66b -size 1370540 diff --git a/dbus-1.14.6.tar.xz.asc b/dbus-1.14.6.tar.xz.asc deleted file mode 100644 index 18f7173..0000000 --- a/dbus-1.14.6.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmPj0IkACgkQ4FrhR4+B -TE8b6w//U29k+u6pC4LVeB93U9hjEaTdRNYb3hkR0gQJ3f8KnmNgYRQo2U2Kio4g -tUfZ/euopGOp8NjARtxzfPIGQ+O3g/kwHtFQvhTSZi21A966nlXzMoDApUf/L/uV -OS+sZbpc8DecE50JR2kZ/vRRr5Xss/IIqqib8Q4yhUiRbydCAiUczMbAVD61QdEG -wVBNpCJcATQr+fivFf2nTaqwIkq9g09LNKeVWCyDPs+54z9dvfA2sOXP5w9wqV1Z -jNIPYAEdK3X3N0fASEyRkNpIIKglZjHtzUIu7RgJ8F/8XEw6579bd+9KDN5LoUvN -JgBzCBVinqrqluLzEzz4CvA1Pp2N8hy4vZ3wIrlNmLKtl8wO5RDek2UL7DbEpcfP -aPlVt+C/he62iBGRRd0p32CjuZbUyCz94yCqwl1bkMqujO6tuo0L8g8QBMTo386t -hayvobag+oi6KUGMv/1hNbfV4DprEo0koebc6bQWEVqovceIoOa4ImvkWI1CmNQw -/Bwe3Q1NyaVoAtjFwp55UvTxaaj5JVxF938NXLHWLzORzc0ATGtl3xvijfNxnsbp -45in6QmRL3ruIb6m8beqrvD0p3Bho2HGtobIBNkJsHfRqwyMgKb7qBq4rAY4fEX9 -9faJxlJz+6kVPMIcgCmfytTpfqYKj12t/iCBbzdYfKzGYbbHa4E= -=XM3I ------END PGP SIGNATURE----- diff --git a/dbus-1.14.8.tar.xz b/dbus-1.14.8.tar.xz new file mode 100644 index 0000000..5e3b6db --- /dev/null +++ b/dbus-1.14.8.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a6bd5bac5cf19f0c3c594bdae2565a095696980a683a0ef37cb6212e093bde35 +size 1371236 diff --git a/dbus-1.14.8.tar.xz.asc b/dbus-1.14.8.tar.xz.asc new file mode 100644 index 0000000..ab971b1 --- /dev/null +++ b/dbus-1.14.8.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmR/MFcACgkQ4FrhR4+B +TE/tMQ/9F3CR1xVgRpvfueZ2MorwyshMYUSpbeKypUipQds/w8t3jD01z/afnjnT +AOoQ0kzNa5nBBdWvGCh71GnzZpSWsvOOvt4i9Rb/5f2v7tKtKwqON71XhUtWs2uI ++E/l5NuLPylM1N2zHVwX/ImK12rQqtDuA93DIn/Pr3sAd8rBKYe70OwR32SEn/fK ++LNFu5GYny0ymBZEyWRFxTQ0dP4EYpB7/Aov4utWEYfVy/7rqJf0VOwX4bAaTJOZ +Svy7TQ7CHTsHNUAIAV0C1q7MCy9pV2h9lOCyGt5SDs6VGc2MkLwYEPlypOCiBmkL +AnpyoJeV4BT7jNvL32FDDUaEfRi6E4BqOyFgy0EPaGf4NuIdDK7PzpX+DsGKZ4OV +Fc3YNwLkETQdhODlgxyLsyNbf3C+DzC8uIhZmuLgvCNWJJxeOet76AiU7nMak7B/ +jo8PiFoQyTzeGqlPKtwttIdehtwNnhRX83bplSPr9dz6oWwM6Dhas3IamvaWSWAs +mrp6dFyyqlap6aR6prXf0I1xYj/CiPHRfZ7uqCNtRYSTpQDg5hHmlyLGbbnPFzmf +l/W/ICIWe/0B5RuPKNRKEO8hsoaoPdcdZJYR/mwVQa9pcVCNmu12rHH9ZWoOdLca +wcc6/Xokq+TbU6QDbjBRrViAI7TyVkv4geDjtYbn1kdQLxfrVl4= +=6hJs +-----END PGP SIGNATURE----- diff --git a/dbus-1.changes b/dbus-1.changes index 7038e2e..0ce8198 100644 --- a/dbus-1.changes +++ b/dbus-1.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Mon Jun 12 21:14:39 UTC 2023 - Dirk Müller + +- update to 1.14.8: + * Denial-of-service fixes: + * Fix an assertion failure in dbus-daemon when a privileged + Monitoring connection (dbus-monitor, busctl monitor, gdbus + monitor or similar) is active, and a message from the bus + driver cannot be delivered to a client connection due to + rules or outgoing message quota. This + is a denial of service if triggered maliciously by a local + attacker. + * Fix compilation on compilers not supporting __FUNCTION__ + * Fix some memory leaks on out-of-memory conditions + * Fix syntax of a code sample in dbus-api-design + ------------------------------------------------------------------- Thu Feb 23 14:48:12 UTC 2023 - Callum Farmer diff --git a/dbus-1.spec b/dbus-1.spec index c750f8f..0808d79 100644 --- a/dbus-1.spec +++ b/dbus-1.spec @@ -21,7 +21,7 @@ %define _libname libdbus-1-3 %bcond_without selinux Name: dbus-1 -Version: 1.14.6 +Version: 1.14.8 Release: 0 Summary: D-Bus Message Bus System License: AFL-2.1 OR GPL-2.0-or-later From dcd95237cf1ba98cbadb3683af8f0c626fa8b3b0c248aad6ae0bd09dc0ae89e7 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Mon, 12 Jun 2023 21:17:59 +0000 Subject: [PATCH 2/2] - update to 1.14.8 (bsc#1212126, CVE-2023-34969): OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=336 --- dbus-1.changes | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dbus-1.changes b/dbus-1.changes index 0ce8198..f8f9026 100644 --- a/dbus-1.changes +++ b/dbus-1.changes @@ -1,7 +1,7 @@ ------------------------------------------------------------------- Mon Jun 12 21:14:39 UTC 2023 - Dirk Müller -- update to 1.14.8: +- update to 1.14.8 (bsc#1212126, CVE-2023-34969): * Denial-of-service fixes: * Fix an assertion failure in dbus-daemon when a privileged Monitoring connection (dbus-monitor, busctl monitor, gdbus