From d7b82cbd75dcccfa8801e61402a0ef1ec1d02f4a458f394d9ec1ce270fcc6923 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cristian=20Rodr=C3=ADguez?= Date: Sun, 18 Nov 2012 22:12:46 +0000 Subject: [PATCH] Accepting request 141794 from home:tittiatcoke:branches:Base:System Update to version 1.6.8 OBS-URL: https://build.opensuse.org/request/show/141794 OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=110 --- dbus-1-x11.changes | 87 ++++++++++++++++++++++++++++++++++++++++ dbus-1-x11.spec | 4 +- dbus-1.5.12.tar.gz | 3 -- dbus-1.6.8.tar.gz | 3 ++ dbus-1.changes | 87 ++++++++++++++++++++++++++++++++++++++++ dbus-1.spec | 4 +- dbus-cve-2012-3524.patch | 28 ------------- 7 files changed, 179 insertions(+), 37 deletions(-) delete mode 100644 dbus-1.5.12.tar.gz create mode 100644 dbus-1.6.8.tar.gz delete mode 100644 dbus-cve-2012-3524.patch diff --git a/dbus-1-x11.changes b/dbus-1-x11.changes index ffbb515..e3dae1f 100644 --- a/dbus-1-x11.changes +++ b/dbus-1-x11.changes @@ -1,3 +1,90 @@ +------------------------------------------------------------------- +Sun Nov 18 17:59:23 UTC 2012 - hrvoje.senjan@gmail.com + +- Update to 1.6.8 +- remove patch dbus-cve-2012-3524.patch as incorporated upstream + +Changes since 1.5.12 +• Follow up to CVE-2012-3524: The additional hardening + work to use __secure_getenv() as a followup to bug #52202 + broke certain configurations of gnome-keyring. Given + the difficulty of making this work without extensive + changes to gnome-keyring, use of __secure_getenv() is + deferred. + +• CVE-2012-3524: Don't access environment variables (fd.o #52202) + Thanks to work and input from Colin Walters, Simon McVittie, + Geoffrey Thomas, and others. + +• Detect that users are "at the console" correctly when configured with + a non-default path such as --enable-console-auth-dir=/run/console + (fd.o #51521, Dave Reisner) + +• Remove an incorrect assertion from DBusTransport (fd.o #51657, + Simon McVittie) + +• Change how we create /var/lib/dbus so it works under Automake >= 1.11.4 + (fd.o #51406, Simon McVittie) + +• Don't return from dbus_pending_call_set_notify with a lock held on OOM + (fd.o #51032, Simon McVittie) + +• Disconnect "developer mode" (assertions, verbose mode etc.) from + Automake maintainer mode. D-Bus developers should now configure with + --enable-developer. Automake maintainer mode is now on by default; + distributions can disable it with --disable-maintainer-mode. + (fd.o #34671, Simon McVittie) + +• Unix-specific: + · Check for libpthread under CMake on Unix (fd.o #47237, Simon McVittie) + +• New requirements + · PTHREAD_MUTEX_RECURSIVE on Unix + · compiler support for 64-bit integers (int64_t or equivalent) + +• D-Bus Specification v0.19 + +• New dbus-daemon features + · rules allow the service to + own names like com.example.Service.Instance3 + · optional systemd integration when checking at_console policies + · --nopidfile option, mainly for use by systemd + · path_namespace and arg0namespace may appear in match rules + · eavesdropping is disabled unless the match rule contains eavesdrop=true + +• New public API + · functions to validate various string types (dbus_validate_path() etc.) + · dbus_type_is_valid() + · DBusBasicValue, a union of every basic type + +• Bug fixes + · removed an unsafe reimplementation of recursive mutexes + · dbus-daemon no longer busy-loops if it has far too many file descriptors + · dbus-daemon.exe --print-address works on Windows + · all the other bug fixes from 1.4.20 + +• Other major implementation changes + · on Linux, dbus-daemon uses epoll if supported, for better scalability + · dbus_threads_init() ignores its argument and behaves like + dbus_threads_init_default() instead + · removed the per-connection link cache, improving dbus-daemon performance + +• Developer features + · optional Valgrind instrumentation (--with-valgrind) + · optional Stats interface on the dbus-daemon (--enable-stats) + · optionally abort whenever malloc() fails (--enable-embedded-tests + and export DBUS_MALLOC_CANNOT_FAIL=1) + +• Be more careful about monotonic time vs. real time, fixing DBUS_COOKIE_SHA1 + spec-compliance (fd.o #48580, David Zeuthen) + +• Don't use install(1) within the source/build trees, fixing the build as + non-root when using OpenBSD install(1) (fd.o #48217, Antoine Jacoutot) + +• Add missing commas in some tcp and nonce-tcp addresses, and remove + an unused duplicate copy of the nonce-tcp transport in Windows builds + (fd.o #45896, Simon McVittie) + ------------------------------------------------------------------- Fri Nov 16 12:56:04 UTC 2012 - dimstar@opensuse.org diff --git a/dbus-1-x11.spec b/dbus-1-x11.spec index 449927f..e5c25b7 100644 --- a/dbus-1-x11.spec +++ b/dbus-1-x11.spec @@ -46,7 +46,7 @@ BuildRequires: update-desktop-files BuildRequires: pkgconfig(libsystemd-daemon) BuildRequires: pkgconfig(libsystemd-login) %endif -Version: 1.5.12 +Version: 1.6.8 Release: 0 # bug437293 %ifarch ppc64 @@ -61,7 +61,6 @@ Source4: baselibs.conf Patch0: dbus-log-deny.patch # PATCH-FIX-OPENSUSE coolo@suse.de -- force a feature configure won't accept without x11 in buildrequires Patch1: dbus-do-autolaunch.patch -Patch2: dbus-cve-2012-3524.patch %if 0%{?suse_version} > 1100 %bcond_without selinux %else @@ -85,7 +84,6 @@ in this separate package so server systems need not install X. %setup -n %{_name}-%{version} -q %patch0 -p1 %patch1 -p1 -%patch2 -p1 %build autoreconf -fi diff --git a/dbus-1.5.12.tar.gz b/dbus-1.5.12.tar.gz deleted file mode 100644 index 491fe01..0000000 --- a/dbus-1.5.12.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5d3e09a831259ca64b15357cfa1c60a5a7ab06ef469d5b82c2308de9cadf1094 -size 1925770 diff --git a/dbus-1.6.8.tar.gz b/dbus-1.6.8.tar.gz new file mode 100644 index 0000000..673b72d --- /dev/null +++ b/dbus-1.6.8.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fc1370ef38abeeb13f55c905ec002e60705fb0bfde3b8d21c8d6eb8056c11bac +size 1929630 diff --git a/dbus-1.changes b/dbus-1.changes index ffbb515..e3dae1f 100644 --- a/dbus-1.changes +++ b/dbus-1.changes @@ -1,3 +1,90 @@ +------------------------------------------------------------------- +Sun Nov 18 17:59:23 UTC 2012 - hrvoje.senjan@gmail.com + +- Update to 1.6.8 +- remove patch dbus-cve-2012-3524.patch as incorporated upstream + +Changes since 1.5.12 +• Follow up to CVE-2012-3524: The additional hardening + work to use __secure_getenv() as a followup to bug #52202 + broke certain configurations of gnome-keyring. Given + the difficulty of making this work without extensive + changes to gnome-keyring, use of __secure_getenv() is + deferred. + +• CVE-2012-3524: Don't access environment variables (fd.o #52202) + Thanks to work and input from Colin Walters, Simon McVittie, + Geoffrey Thomas, and others. + +• Detect that users are "at the console" correctly when configured with + a non-default path such as --enable-console-auth-dir=/run/console + (fd.o #51521, Dave Reisner) + +• Remove an incorrect assertion from DBusTransport (fd.o #51657, + Simon McVittie) + +• Change how we create /var/lib/dbus so it works under Automake >= 1.11.4 + (fd.o #51406, Simon McVittie) + +• Don't return from dbus_pending_call_set_notify with a lock held on OOM + (fd.o #51032, Simon McVittie) + +• Disconnect "developer mode" (assertions, verbose mode etc.) from + Automake maintainer mode. D-Bus developers should now configure with + --enable-developer. Automake maintainer mode is now on by default; + distributions can disable it with --disable-maintainer-mode. + (fd.o #34671, Simon McVittie) + +• Unix-specific: + · Check for libpthread under CMake on Unix (fd.o #47237, Simon McVittie) + +• New requirements + · PTHREAD_MUTEX_RECURSIVE on Unix + · compiler support for 64-bit integers (int64_t or equivalent) + +• D-Bus Specification v0.19 + +• New dbus-daemon features + · rules allow the service to + own names like com.example.Service.Instance3 + · optional systemd integration when checking at_console policies + · --nopidfile option, mainly for use by systemd + · path_namespace and arg0namespace may appear in match rules + · eavesdropping is disabled unless the match rule contains eavesdrop=true + +• New public API + · functions to validate various string types (dbus_validate_path() etc.) + · dbus_type_is_valid() + · DBusBasicValue, a union of every basic type + +• Bug fixes + · removed an unsafe reimplementation of recursive mutexes + · dbus-daemon no longer busy-loops if it has far too many file descriptors + · dbus-daemon.exe --print-address works on Windows + · all the other bug fixes from 1.4.20 + +• Other major implementation changes + · on Linux, dbus-daemon uses epoll if supported, for better scalability + · dbus_threads_init() ignores its argument and behaves like + dbus_threads_init_default() instead + · removed the per-connection link cache, improving dbus-daemon performance + +• Developer features + · optional Valgrind instrumentation (--with-valgrind) + · optional Stats interface on the dbus-daemon (--enable-stats) + · optionally abort whenever malloc() fails (--enable-embedded-tests + and export DBUS_MALLOC_CANNOT_FAIL=1) + +• Be more careful about monotonic time vs. real time, fixing DBUS_COOKIE_SHA1 + spec-compliance (fd.o #48580, David Zeuthen) + +• Don't use install(1) within the source/build trees, fixing the build as + non-root when using OpenBSD install(1) (fd.o #48217, Antoine Jacoutot) + +• Add missing commas in some tcp and nonce-tcp addresses, and remove + an unused duplicate copy of the nonce-tcp transport in Windows builds + (fd.o #45896, Simon McVittie) + ------------------------------------------------------------------- Fri Nov 16 12:56:04 UTC 2012 - dimstar@opensuse.org diff --git a/dbus-1.spec b/dbus-1.spec index f05ff27..4234cf2 100644 --- a/dbus-1.spec +++ b/dbus-1.spec @@ -45,7 +45,7 @@ BuildRequires: update-desktop-files BuildRequires: pkgconfig(libsystemd-daemon) BuildRequires: pkgconfig(libsystemd-login) %endif -Version: 1.5.12 +Version: 1.6.8 Release: 0 # bug437293 %ifarch ppc64 @@ -60,7 +60,6 @@ Source4: baselibs.conf Patch0: dbus-log-deny.patch # PATCH-FIX-OPENSUSE coolo@suse.de -- force a feature configure won't accept without x11 in buildrequires Patch1: dbus-do-autolaunch.patch -Patch2: dbus-cve-2012-3524.patch %if 0%{?suse_version} > 1100 %bcond_without selinux %else @@ -136,7 +135,6 @@ bus daemon). %setup -n %{_name}-%{version} -q %patch0 -p1 %patch1 -p1 -%patch2 -p1 %build autoreconf -fi diff --git a/dbus-cve-2012-3524.patch b/dbus-cve-2012-3524.patch deleted file mode 100644 index f780314..0000000 --- a/dbus-cve-2012-3524.patch +++ /dev/null @@ -1,28 +0,0 @@ ---- dbus-1.5.12/configure.ac 2012-08-28 10:28:12.000000000 +0200 -+++ dbus-1.5.12/configure.ac 2012-08-28 10:28:17.000000000 +0200 -@@ -578,7 +578,7 @@ - AC_SEARCH_LIBS(socket,[socket network]) - AC_CHECK_FUNC(gethostbyname,,[AC_CHECK_LIB(nsl,gethostbyname)]) - --AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull) -+AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull __secure_getenv) - - AC_CHECK_HEADERS([syslog.h]) - if test "x$ac_cv_header_syslog_h" = "xyes"; then ---- dbus-1.5.12/dbus/dbus-sysdeps.c 2012-08-28 10:28:12.000000000 +0200 -+++ dbus-1.5.12/dbus/dbus-sysdeps.c 2012-08-28 10:28:17.000000000 +0200 -@@ -181,8 +181,12 @@ - */ - const char* - _dbus_getenv (const char *varname) --{ -- return getenv (varname); -+{ -+#ifdef HAVE___SECURE_GETENV -+ return __secure_getenv(varname); -+#else -+ return getenv(varname); -+#endif - } - - /**