dbus-1/dbus-1.spec
Simon Lees 8b4cd106c1 Accepting request 821367 from home:elimat:branches:Base:System
- Update to 1.12.20
  * On Unix, avoid a use-after-free if two usernames have the same
    numeric uid. In older versions this could lead to a crash (denial of
    service) or other undefined behaviour, possibly including incorrect
    authorization decisions if <policy group=...> is used.
    Like Unix filesystems, D-Bus' model of identity cannot distinguish
    between users of different names with the same numeric uid, so this
    configuration is not advisable on systems where D-Bus will be used.
    Thanks to Daniel Onaca.
    (dbus#305, dbus!166; Simon McVittie)
- From 1.12.18
  * CVE-2020-12049: If a message contains more file descriptors than can
    be sent, close those that did get through before reporting error.
    Previously, a local attacker could cause the system dbus-daemon (or
    another system service with its own DBusServer) to run out of file
    descriptors, by repeatedly connecting to the server and sending fds that
    would get leaked.
    Thanks to Kevin Backhouse of GitHub Security Lab.
    (dbus#294, GHSL-2020-057; Simon McVittie)
  * Fix a crash when the dbus-daemon is terminated while one or more
    monitors are active (dbus#291, dbus!140; Simon McVittie)
  * The dbus-send(1) man page now documents --bus and --peer instead of
    the old --address synonym for --peer, which has been deprecated since
	the introduction of --bus and --peer in 1.7.6
	(fd.o #48816, dbus!115; Chris Morin)
  * Fix a wrong environment variable name in dbus-daemon(1)
    (dbus#275, dbus!122; Mubin, Philip Withnall)
  * Fix formatting of dbus_message_append_args example
	(dbus!126, Felipe Franciosi)
  * Avoid a test failure on Linux when built in a container as uid 0, but
    without the necessary privileges to increase resource limits
	(dbus!58, Debian #908092; Simon McVittie)
  * When building with CMake, cope with libX11 in a non-standard location
	(dbus!129, Tuomo Rinne)
- Run spec-cleaner

OBS-URL: https://build.opensuse.org/request/show/821367
OBS-URL: https://build.opensuse.org/package/show/Base:System/dbus-1?expand=0&rev=293
2020-07-17 00:09:42 +00:00

286 lines
9.8 KiB
RPMSpec

#
# spec file for package dbus-1
#
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define with_systemd 1
%define _name dbus
%define _libname libdbus-1-3
%bcond_without selinux
Name: dbus-1
Version: 1.12.20
Release: 0
Summary: D-Bus Message Bus System
License: GPL-2.0-or-later OR AFL-2.1
URL: https://dbus.freedesktop.org/
Source0: http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz
Source1: http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz.asc
Source2: dbus-1.keyring
Source3: baselibs.conf
Source4: dbus-1.desktop
Source5: messagebus.conf
Patch0: feature-suse-log-deny.patch
# PATCH-FIX-OPENSUSE coolo@suse.de -- force a feature configure won't accept without x11 in buildrequires
Patch1: feature-suse-do-autolaunch.patch
# Patch-Feature-opensuse sflees@suse.de, users shouldn't be allowed to start / stop the dbus service.
Patch2: feature-suse-refuse-manual-start-stop.patch
BuildRequires: audit-devel
BuildRequires: libcap-ng-devel
BuildRequires: libexpat-devel >= 2.1.0
BuildRequires: permissions
BuildRequires: pkgconfig
BuildRequires: sysuser-shadow
BuildRequires: sysuser-tools
BuildRequires: xmlto
BuildRequires: pkgconfig(libsystemd) >= 209
Requires(post): %{_libname} = %{version}
Requires(post): update-alternatives
Requires(pre): permissions
Requires(preun): update-alternatives
Provides: dbus-launch
%sysusers_requires
%if %{with selinux}
BuildRequires: libselinux-devel
%endif
%package -n %{_libname}
Summary: Library package for D-Bus
%package devel
Summary: Developer package for D-Bus
Requires: %{_libname} = %{version}
Requires: dbus-1 = %{version}
Requires: glibc-devel
%description
D-Bus is a message bus system, a simple way for applications to talk to
one another. D-Bus supplies both a system daemon and a
per-user-login-session daemon. Also, the message bus is built on top of
a general one-to-one message passing framework, which can be used by
any two apps to communicate directly (without going through the message
bus daemon).
%description -n %{_libname}
D-Bus is a message bus system, a simple way for applications to talk to
one another. D-Bus supplies both a system daemon and a
per-user-login-session daemon. Also, the message bus is built on top of
a general one-to-one message passing framework, which can be used by
any two apps to communicate directly (without going through the message
bus daemon).
%description devel
D-Bus is a message bus system, a simple way for applications to talk to
one another. D-Bus supplies both a system daemon and a
per-user-login-session daemon. Also, the message bus is built on top of
a general one-to-one message passing framework, which can be used by
any two apps to communicate directly (without going through the message
bus daemon).
%prep
%setup -q -n %{_name}-%{version}
%autopatch -p1
%build
echo 'HTML_TIMESTAMP=NO' >> Doxyfile.in
# We use -fpie/-pie for the whole build; this is the recommended way to harden
# the build upstream, see discussion in fdo#46570
export CFLAGS="%{optflags} -fno-strict-aliasing -fPIC -fpie"
export LDFLAGS="-pie"
export CXXFLAGS="%{optflags} -fno-strict-aliasing"
export V=1
%configure \
--disable-static \
--libexecdir=%{_libexecdir}/dbus-1 \
--enable-inotify \
--disable-doxygen-docs \
%if %{with selinux}
--enable-selinux \
%endif
--enable-systemd \
--enable-user-session \
--enable-libaudit \
--with-console-auth-dir=/run/dbus/at_console/ \
--with-system-pid-file=/run/dbus/pid \
--with-system-socket=/run/dbus/system_bus_socket \
--with-systemdsystemunitdir=%{_unitdir} \
--with-systemduserunitdir=%{_userunitdir} \
--without-x
%make_build
# The original dbus sysusers config does not create our account,
# overwrite it with our user definition
cp %{SOURCE5} bus/sysusers.d/dbus.conf
%sysusers_generate_pre %{SOURCE5} messagebus
%check
%make_build check
%install
%make_install
mkdir -p %{buildroot}/lib/dbus-1/system-services
# dbus-launch, too
mv -f %{buildroot}/%{_bindir}/dbus-launch %{buildroot}%{_bindir}/dbus-launch.nox11
mkdir -p %{buildroot}%{_sbindir}
ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcdbus
install -d %{buildroot}/run/dbus
mkdir -p %{buildroot}/%{_libdir}/pkgconfig
mkdir -p %{buildroot}/lib/dbus-1/system-services
for i in %{_sysconfdir}/dbus-1/session.d %{_sysconfdir}/dbus-1/system.d \
%{_datadir}/dbus-1/interfaces %{_datadir}/dbus-1/services \
%{_datadir}/dbus-1/system.d %{_datadir}/dbus-1/system-services; do
mkdir -p %{buildroot}$i
done
mkdir -p %{buildroot}%{_localstatedir}/lib/dbus
# Link the binaries that were in /bin back to /bin for compat (maybe remove for SLE-16)
# Currently required to make upower work together with systemd
mkdir -p %{buildroot}/bin
ln -sf /%{_bindir}/dbus-cleanup-sockets %{buildroot}/bin/dbus-cleanup-sockets
ln -sf /%{_bindir}/dbus-daemon %{buildroot}/bin/dbus-daemon
ln -sf /%{_bindir}/dbus-monitor %{buildroot}/bin/dbus-monitor
ln -sf /%{_bindir}/dbus-send %{buildroot}/bin/dbus-send
ln -sf /%{_bindir}/dbus-test-tool %{buildroot}/bin/dbus-test-tool
ln -sf /%{_bindir}/dbus-update-activation-environment %{buildroot}/bin/dbus-update-activation-environment
ln -sf /%{_bindir}/dbus-uuidgen %{buildroot}/bin/dbus-uuidgen
mkdir -p %{buildroot}%{_sysconfdir}/alternatives
ln -s -f %{_sysconfdir}/alternatives/dbus-launch %{buildroot}%{_bindir}/dbus-launch
find %{buildroot} -type f -name "*.la" -delete -print
rm -Rf %{buildroot}%{_datadir}/doc/dbus
%verifyscript -n dbus-1
%verify_permissions -e %{_libexecdir}/dbus-1/dbus-daemon-launch-helper
%post -n %{_libname} -p /sbin/ldconfig
%postun -n %{_libname} -p /sbin/ldconfig
%pre -f messagebus.pre
%service_add_pre dbus.service dbus.socket
%post
if [ -e %{_localstatedir}/lib/dbus/machine-id -a -e %{_sysconfdir}/machine-id ]; then
cmp -s %{_localstatedir}/lib/dbus/machine-id %{_sysconfdir}/machine-id > /dev/null
if [ $? ]; then
rm -f %{_localstatedir}/lib/dbus/machine-id
fi
fi
if [ ! -L %{_localstatedir}/lib/dbus/machine-id ]; then
mkdir -p %{_localstatedir}/lib/dbus/
ln -s %{_sysconfdir}/machine-id %{_localstatedir}/lib/dbus/machine-id
fi
/sbin/ldconfig
%set_permissions %{_libexecdir}/dbus-1/dbus-daemon-launch-helper
%{_sbindir}/update-alternatives --install %{_bindir}/dbus-launch dbus-launch %{_bindir}/dbus-launch.nox11 10
%service_add_post dbus.service dbus.socket
%tmpfiles_create %{_prefix}/lib/tmpfiles.d/dbus.conf
%preun
if [ "$1" = 0 ] ; then
%{_sbindir}/update-alternatives --remove dbus-launch %{_bindir}/dbus-launch.nox11
fi
%service_del_preun dbus.service dbus.socket
%postun
%service_del_postun_without_restart dbus.service dbus.socket
%files
%dir %{_localstatedir}/lib/dbus
%dir /lib/dbus-1
%dir /lib/dbus-1/system-services
%dir %{_libexecdir}/dbus-1/
%license COPYING
%doc AUTHORS NEWS README
%config(noreplace) %{_sysconfdir}/dbus-1/session.conf
%config(noreplace) %{_sysconfdir}/dbus-1/system.conf
%{_datadir}/dbus-1/session.conf
%{_datadir}/dbus-1/system.conf
%{_bindir}/dbus-cleanup-sockets
%{_bindir}/dbus-daemon
%{_bindir}/dbus-monitor
%{_bindir}/dbus-run-session
%{_bindir}/dbus-send
%{_bindir}/dbus-test-tool
%{_bindir}/dbus-update-activation-environment
%{_bindir}/dbus-uuidgen
/bin/dbus-cleanup-sockets
/bin/dbus-daemon
/bin/dbus-monitor
/bin/dbus-send
/bin/dbus-test-tool
/bin/dbus-update-activation-environment
/bin/dbus-uuidgen
%{_mandir}/man1/dbus-cleanup-sockets.1%{?ext_man}
%{_mandir}/man1/dbus-daemon.1%{?ext_man}
%{_mandir}/man1/dbus-monitor.1%{?ext_man}
%{_mandir}/man1/dbus-run-session.1%{?ext_man}
%{_mandir}/man1/dbus-send.1%{?ext_man}
%{_mandir}/man1/dbus-test-tool.1%{?ext_man}
%{_mandir}/man1/dbus-update-activation-environment.1%{?ext_man}
%{_mandir}/man1/dbus-uuidgen.1%{?ext_man}
%{_mandir}/man1/dbus-launch.1%{?ext_man}
%{_sbindir}/rcdbus
# See doc/system-activation.txt in source tarball for the rationale
# behind these permissions
%attr(4750,root,messagebus) %verify(not mode) %{_libexecdir}/dbus-1/dbus-daemon-launch-helper
%ghost /run/dbus
%ghost %{_localstatedir}/lib/dbus/machine-id
%{_prefix}/lib/sysusers.d/dbus.conf
%{_prefix}/lib/tmpfiles.d/dbus.conf
%{_unitdir}/dbus.service
%{_unitdir}/dbus.socket
# %%dir %%{_unitdir}/dbus.target.wants
# %%{_unitdir}/dbus.target.wants/dbus.socket
%dir %{_unitdir}/multi-user.target.wants
%{_unitdir}/multi-user.target.wants/dbus.service
%dir %{_unitdir}/sockets.target.wants
%{_unitdir}/sockets.target.wants/dbus.socket
%{_userunitdir}/dbus.service
%{_userunitdir}/dbus.socket
%dir %{_userunitdir}/sockets.target.wants
%{_userunitdir}/sockets.target.wants/dbus.socket
%ghost %{_sysconfdir}/alternatives/dbus-launch
%{_bindir}/dbus-launch.nox11
%{_bindir}/dbus-launch
%files -n %{_libname}
%{_libdir}/libdbus-1.so.*
# Own those directories in the library instead of dbus-1, since dbus users
# often ship files there
%dir %{_sysconfdir}/dbus-1
%dir %{_sysconfdir}/dbus-1/session.d
%dir %{_sysconfdir}/dbus-1/system.d
%dir %{_datadir}/dbus-1
%dir %{_datadir}/dbus-1/interfaces
%dir %{_datadir}/dbus-1/services
%dir %{_datadir}/dbus-1/system.d
%dir %{_datadir}/dbus-1/system-services
%files devel
%{_includedir}/*
%{_libdir}/libdbus-1.so
%dir %{_libdir}/dbus-1.0
%{_libdir}/dbus-1.0/include
%{_libdir}/pkgconfig/dbus-1.pc
%{_libdir}/cmake/
%{_datadir}/xml/dbus-1
%changelog