- Update to version 1.12.22:
+ On Linux, when using traditional (non-systemd) service
activation, don't log warnings about failing to reset OOM score
adjustment if the process is already more susceptible to the
OOM killer, as user processes usually are with systemd ≥ 250.
+ On Linux, when using traditional (non-systemd) system bus
activation, reset the OOM score adjustment to 0 as intended.
If the system dbus-daemon is protected from the OOM killer,
this avoids that protection unintentionally being inherited by
every system service.
+ Avoid malloc() after fork on non-GNU libc.
+ Fix build with clang 13 by using Standard C offsetof where
available.
+ Fix build of tests on FreeBSD.
+ Make documentation build more reproducible.
+ On Unix, make X11 autolaunch cope with slashes in DISPLAY.
+ Don't try to raise RLIMIT_NOFILE beyond OPEN_MAX on macOS.
+ Fix compilation if embedded tests are enabled but verbose mode
and stats are both disabled.
+ On Linux, fix a race condition in the integration test for
transient services.
- Update to version 1.12.22:
+ On Linux, when using traditional (non-systemd) service
activation, don't log warnings about failing to reset OOM score
adjustment if the process is already more susceptible to the
OOM killer, as user processes usually are with systemd ≥ 250.
+ On Linux, when using traditional (non-systemd) system bus
activation, reset the OOM score adjustment to 0 as intended.
If the system dbus-daemon is protected from the OOM killer,
this avoids that protection unintentionally being inherited by
every system service.
+ Avoid malloc() after fork on non-GNU libc.
+ Fix build with clang 13 by using Standard C offsetof where
available.
+ Fix build of tests on FreeBSD.
+ Make documentation build more reproducible.
+ On Unix, make X11 autolaunch cope with slashes in DISPLAY.
+ Don't try to raise RLIMIT_NOFILE beyond OPEN_MAX on macOS.
+ Fix compilation if embedded tests are enabled but verbose mode
and stats are both disabled.
+ On Linux, fix a race condition in the integration test for
transient services.
- Update to version 1.12.22:
+ On Linux, when using traditional (non-systemd) service
activation, don't log warnings about failing to reset OOM score
adjustment if the process is already more susceptible to the
OOM killer, as user processes usually are with systemd ≥ 250.
+ On Linux, when using traditional (non-systemd) system bus
activation, reset the OOM score adjustment to 0 as intended.
If the system dbus-daemon is protected from the OOM killer,
this avoids that protection unintentionally being inherited by
every system service.
+ Avoid malloc() after fork on non-GNU libc.
+ Fix build with clang 13 by using Standard C offsetof where
available.
+ Fix build of tests on FreeBSD.
+ Make documentation build more reproducible.
+ On Unix, make X11 autolaunch cope with slashes in DISPLAY.
+ Don't try to raise RLIMIT_NOFILE beyond OPEN_MAX on macOS.
+ Fix compilation if embedded tests are enabled but verbose mode
and stats are both disabled.
+ On Linux, fix a race condition in the integration test for
transient services.
OBS-URL: https://build.opensuse.org/request/show/958337
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=309
- Update to 1.12.20
* On Unix, avoid a use-after-free if two usernames have the same
numeric uid. In older versions this could lead to a crash (denial of
service) or other undefined behaviour, possibly including incorrect
authorization decisions if <policy group=...> is used.
Like Unix filesystems, D-Bus' model of identity cannot distinguish
between users of different names with the same numeric uid, so this
configuration is not advisable on systems where D-Bus will be used.
Thanks to Daniel Onaca.
(dbus#305, dbus!166; Simon McVittie)
- From 1.12.18
* CVE-2020-12049: If a message contains more file descriptors than can
be sent, close those that did get through before reporting error.
Previously, a local attacker could cause the system dbus-daemon (or
another system service with its own DBusServer) to run out of file
descriptors, by repeatedly connecting to the server and sending fds that
would get leaked.
Thanks to Kevin Backhouse of GitHub Security Lab.
(dbus#294, GHSL-2020-057; Simon McVittie)
* Fix a crash when the dbus-daemon is terminated while one or more
monitors are active (dbus#291, dbus!140; Simon McVittie)
* The dbus-send(1) man page now documents --bus and --peer instead of
the old --address synonym for --peer, which has been deprecated since
the introduction of --bus and --peer in 1.7.6
(fd.o #48816, dbus!115; Chris Morin)
* Fix a wrong environment variable name in dbus-daemon(1)
(dbus#275, dbus!122; Mubin, Philip Withnall)
* Fix formatting of dbus_message_append_args example
(dbus!126, Felipe Franciosi)
* Avoid a test failure on Linux when built in a container as uid 0, but
without the necessary privileges to increase resource limits
(dbus!58, Debian #908092; Simon McVittie)
* When building with CMake, cope with libX11 in a non-standard location
(dbus!129, Tuomo Rinne)
- Run spec-cleaner
OBS-URL: https://build.opensuse.org/request/show/821367
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=293
- Verify signatures
* dbus-1.keyring - Key for Simon McVittie (smcv) from the Debian
developer keyring.
- Drop dbus_at_console.ck not needed
- Clean up sources
* Source2 dbus-1.desktop now Source4
* baselib.conf now source 3
- Update to 1.12.16
* CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
authentication for identities that differ from the user running the
DBusServer. Previously, a local attacker could manipulate symbolic
links in their own home directory to bypass authentication and connect
to a DBusServer with elevated privileges. The standard system and
session dbus-daemons in their default configuration were immune to this
attack because they did not allow DBUS_COOKIE_SHA1, but third-party
users of DBusServer such as Upstart could be vulnerable.
Thanks to Joe Vennix of Apple Information Security.
(bsc#1137832, dbus#269, Simon McVittie)
- From 1.12.14
* Raise soft fd limit to match hard limit, even if unprivileged.
This makes session buses with many clients, or with clients that make
heavy use of fd-passing, less likely to suffer from fd exhaustion.
(dbus!103, Simon McVittie)
* If a privileged dbus-daemon has a hard fd limit greater than 64K, don't
reduce it to 64K, ensuring that we can put back the original fd limits
when carrying out traditional (non-systemd) activation. This fixes a
regression with systemd >= 240 in which system services inherited
dbus-daemon's hard and soft limit of 64K fds, instead of the intended
soft limit of 1K and hard limit of 512K or 1M.
(dbus!103, Debian#928877; Simon McVittie)
* Fix build failures caused by an AX_CODE_COVERAGE API change in newer
autoconf-archive versions (dbus#249, dbus!88; Simon McVittie)
* Fix build failures with newer autoconf-archive versions that include
AX_-prefixed shell variable names (dbus#249, dbus!86; Simon McVittie)
* Parse section/group names in .service files according to the syntax
from the Desktop Entry Specification, rejecting control characters
and non-ASCII in section/group names (dbus#208, David King)
* Fix various -Wlogical-op issues that cause build failure with newer
gcc versions (dbus#225, dbus!109; David King)
* Don't assume we can set permissions on a directory, for the benefit of
MSYS and Cygwin builds (dbus#216, dbus!110; Simon McVittie)
* Don't overwrite PKG_CONFIG_PATH and related environment variables when
the pkg-config-based version of DBus1Config is used in a CMake project
(dbus#267, dbus!96; Clemens Lang)
- Drop now upstream Patches
* dbus-no-ax-check.patch
* dbus-new-autoconf-archive.patch
- Fix two inconsistencies with _libexecdir, sysusers.d and
tmpfiles.d are always in %{_prefix}/lib/.
- Drop update-desktop-files BuildRequires, once added for
mimetypes.prov which is no longer part of update-desktop-files,
and dbus-1.desktop does not even handles a single mimetype.
- Replace DISABLE_RESTART_ON_UPDATE with
%service_del_postun_without_restart
- Remove version specific code to block all updates on restart as
hopefully no tumbleweed versions still have code causing those
issues (was only present for a few snapshots)
- Remove the Leap42 conditionals that cause file conflict with
filesystem package
- Drop use of $FIRST_ARG in .spec
The use of $FIRST_ARG was probably required because of the
%service_* rpm macros were playing tricks with the shell positional
parameters. This is bad practice and error prones so let's assume
that no macros should do that anymore and hence it's safe to assume
that positional parameters remains unchanged after any rpm macro
call.
OBS-URL: https://build.opensuse.org/request/show/754216
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=287
- Update to 1.12.12:
* Reference the freedesktop.org Code of Conduct (Simon McVittie)
* Stop the dbus-daemon leaking memory (an error message) if delivering
the message that triggered auto-activation is forbidden. This is
technically a denial of service because the dbus-daemon will
run out of memory eventually, but it's a very slow and noisy one,
because all the rejected messages are also very likely to have
been logged to the system log, and its scope is typically limited by
the finite number of activatable services available.
(dbus#234, Simon McVittie)
* Remove __attribute__((__malloc__)) attribute on dbus_realloc(),
which does not meet the criteria for that attribute in gcc 4.7+,
potentially leading to miscompilation (fd.o #107741, Simon McVittie)
* Fix some small O(1) memory leaks (fd.o #107320, Simon McVittie)
* Fix printf formats for pointer-sized integers on 64-bit Windows
(fd.o #105662, Ralf Habacker)
* Always use select()-based poll() emulation on Darwin-based OSs
(macOS, etc.) and on Interix, similar to what libcurl does
(dbus#232, dbus!19; Simon McVittie)
* Extend a test timeout to avoid spurious failures in CI
(dbus!26, Simon McVittie)
- Add patch to build with new autoconf-archive, there is now
bash variable AX_BLA that gets detected and autoreconf aborts;
thus rather just disable the pointless check:
* dbus-no-ax-check.patch
- Add patch to fix codecoverage m4 macro changes in autoconf-archive:
* dbus-new-autoconf-archive.patch
- Update to 1.12.12:
OBS-URL: https://build.opensuse.org/request/show/670264
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=277
- Update to 1.12.10
* Changelog for 1.12.10
• Prevent reading up to 3 bytes beyond the end of a truncated message.
This could in principle be an information leak or denial of service
on the system bus, but is not believed to be exploitable to crash
the system bus or leak interesting information in practice.
(fd.o #107332, Simon McVittie)
• Fix build with gcc 8 -Werror=cast-function-type
(fd.o #107349, Simon McVittie)
• Fix warning from gcc 8 about suspicious use of strncpy() when
populating struct sockaddr_un (fd.o #107350, Simon McVittie)
• Fix a minor memory leak when a DBusServer listens on a new address
(fd.o #107194, Simon McVittie)
• Fix an invalid NULL argument to rmdir() if a nonce-tcp DBusServer
runs out of memory (fd.o #107194, Simon McVittie)
• Don't use misleading errno-derived error names if getaddrinfo() or
getnameinfo() fails with a code other than EAI_SYSTEM
(fd.o #106395, Simon McVittie)
• Skip tests that require working TCP if we are in a container environment
where 127.0.0.1 cannot be resolved (fd.o #106812, Simon McVittie)
* Changelog for 1.12.8
• The Devhelp documentation index is now in version 2 format
(fd.o #106186, Simon McVittie)
• Give the dbus-daemon man page some scarier warnings about
<allow_anonymous/> and non-local TCP, which are insecure and should
not be used, particularly for the standard system and session buses
(fd.o #106004, Simon McVittie)
• Fix installation of Ducktype documentation with newer yelp-build
versions (fd.o #106171, Simon McVittie)
OBS-URL: https://build.opensuse.org/request/show/630995
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=268
- Set libexecdir to /usr/lib/dbus-1 rather then /lib/dbus-1
- boo#1027201 dbus-daemon not found
- boo#978477 systemd reseting under heavy load
* fix-upstream-timeout-reset-1.patch
* fix-upstream-timeout-reset-2.patch
- boo#1027200 don't generate machine-id in %post systemd will do it
on first boot.
- swap usage of /bin/false to /usr/bin/false
- Use libexecdir=%{_libdir}/dbus-1 rather then /lib/dbus-1
OBS-URL: https://build.opensuse.org/request/show/523461
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=257
- swap to /usr/bin bsc#1029968
- Add the following fixes from SLE12
* bsc#980928 increase listen() backlog of AF_UNIX sockets to
SOMAXCONN fix-upstream-increase-backlog.patch
- The following bugs were already fixed but are missing changelog
entries
* bsc#867256 (No longer applicable)
* bsc#916785 (No longer applicable)
* bsc#1012564 (Not applicable)
* fdo#90004 (Fixed Upstream)
- Rename the following patches as a tidy up
* dbus-log-deny.patch to feature-suse-log-deny.patch
* dbus-do-autolaunch.patch feature-suse-do-autolaunch.patch
* 0001-Add-RefuseManualStartStop.patch to
feature-suse-refuse-manual-start-stop.patch
* 0001-Drop-Install-sections-from-user-services.patch to
fix-upstream-drop-install-sections-from-user-services.patch
- swap to /usr/bin bsc#1029968
- Add the following fixes from SLE12
* bsc#980928 increase listen() backlog of AF_UNIX sockets to
SOMAXCONN fix-upstream-increase-backlog.patch
- The following bugs were already fixed but are missing changelog
entries
* bsc#867256 (No longer applicable)
* bsc#916785 (No longer applicable)
* bsc#1012564 (Not applicable)
* fdo#90004 (Fixed Upstream)
- Rename the following patches as a tidy up
* dbus-log-deny.patch to feature-suse-log-deny.patch
OBS-URL: https://build.opensuse.org/request/show/503558
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=250
- Create new subpackage: dbus-1-nox11
- contains dbus-launch without x11 support
- Rename dbus-launch to dbus-launch.x11
- use update-alternatives to switch between dbus-launch with and
without X11
- Solves [bnc#934214]
- Create new subpackage: dbus-1-nox11
- contains dbus-launch without x11 support
- Rename dbus-launch to dbus-launch.x11
- use update-alternatives to switch between dbus-launch with and
without X11
- Solves [bnc#934214]
OBS-URL: https://build.opensuse.org/request/show/441304
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=221
