------------------------------------------------------------------- Thu Sep 21 07:56:38 UTC 2023 - Simon Lees - Make dbus-broker start by default as it is now the only supported system bus. - Add feature-suse-refuse-manual-start-stop.patch We don't allow dbus services to be restarted as it breaks many many things. ------------------------------------------------------------------- Fri Feb 3 11:07:22 UTC 2023 - Jan Engelhardt - Update to release 33 * Fix a race-condition when starting systemd-services from the launcher. * Changes in dbus service-files will no longer affect ongoing activation attempts. ------------------------------------------------------------------- Fri Aug 5 10:15:47 UTC 2022 - Jan Engelhardt - Update to release 32 * Fix several bugs in the d-bus marshalling layer c-dvar, including out-of-bound reads. * Fix ubsan and asan warnings in c-stdaux and related subprojects. ------------------------------------------------------------------- Thu May 26 03:14:09 UTC 2022 - Simon Lees - Provide dbus-service so from a packaging perspective its easier to replace dbus-daemon in the future. ------------------------------------------------------------------- Mon May 16 10:27:31 UTC 2022 - Jan Engelhardt - Update to release 31 * Fix assertion failures in the user accounting, uncovered by the changes to accounting in v30. * Fix a memory leak in service-file re-loading, in particular in the command-line argument handling. ------------------------------------------------------------------- Tue May 10 11:10:02 UTC 2022 - Jan Engelhardt - Update to release 30 * Failed service activations now report more detailed information on the activation failure back through the activating client. * The broker now runs in `session.slice` if applicable. * The `GetStats()` call on `org.freedeskop.DBus.Debug` now properly returns reply-owner statistics. Before, those were always set to 0. ------------------------------------------------------------------- Wed Jun 2 13:23:40 UTC 2021 - Jan Engelhardt - Update to release 29 * Improve SELinux audit messages. * Linux >=4.17 is now a hard requirement. * Fix startup failures when at-console users have consecutive UIDs. ------------------------------------------------------------------- Wed Mar 17 15:10:16 UTC 2021 - Jan Engelhardt - Update to release 28 * Further improvements to the service activation tracking. This better tracks units in systemd and closes some races where a repeated activation would incorrectly fail. * Fix a crash where duplicate monitor matches would be incorrectly installed in the broker. ------------------------------------------------------------------- Mon Feb 15 10:47:52 UTC 2021 - Jan Engelhardt - Update to release 27 * Fix several bugs with the new service-activation tracking, including a race-condition when restarting activatable services. * Be more verbose about denied configuration access and print the file-path for better diagnostics. ------------------------------------------------------------------- Thu Jan 21 13:28:09 UTC 2021 - Jan Engelhardt - Update to release 26 * Improve the service activation tracking of the compatibility launcher. We now track spawned systemd units for their entire lifetime, so we can properly detect when activations fail. * Work around a kernel off-by-one error in the socket queue accounting to fix a race-condition where dbus clients might not be dispatched. * Support running without `shmem` configured in the kernel. This will make the broker run better on limited embedded devices. ------------------------------------------------------------------- Thu Dec 3 11:34:56 UTC 2020 - Jan Engelhardt - Update to release 25 * Fix an assertion failure when disconnecting monitors with active unique-name matches. * Fix the selinux error-handling to no longer mark all errors as auditable by default. ------------------------------------------------------------------- Fri Sep 4 08:09:00 UTC 2020 - Jan Engelhardt - Update to release 24 * Make audit-events properly typed and prevent non-auditable events from being forwarded to the linux audit system. ------------------------------------------------------------------- Tue May 12 15:27:29 UTC 2020 - Jan Engelhardt - Update to release 23 * Expose supplementary groups as `UnixGroupIDs` as defined by the dbus specification in 0.53. * The broker now uses the peer-pid from `SO_PEERCRED` on the controller socket, rather than relying on `getppid()`. This allows creating the broker from intermediate processes without having any credentials of the intermediate leak into the broker. ------------------------------------------------------------------- Mon Feb 24 17:52:17 UTC 2020 - Jan Engelhardt - Update to release 22 * Implement org.freedesktop.DBus.Debug.Stats in the driver. * Support no-op activation files. * The new configuration option `linux-4-17`, if set to true (default is false), makes dbus-broker assume it runs on linux-v4.17 or newer. It will make use of features introduced up to linux-v4.17. This allows to forcibly disable workarounds for old kernels. ------------------------------------------------------------------- Tue Jun 11 12:06:26 UTC 2019 - Jan Engelhardt - Update to new upstream release 21 * Previously, resource limits were incorrectly calculated, leading too limits that were higher than intended. * Messages are now directly forwarded to the journal and amended with additional fields. The journal-catalog now contains entries with background information on runtime log messages. ------------------------------------------------------------------- Thu Feb 21 13:09:08 UTC 2019 - Jan Engelhardt - Update to new upstream release 18 * The compatibility launcher is no longer isolated in its own network namespace, since the SELinux APIs require access to the root network namespace. ------------------------------------------------------------------- Mon Jan 28 11:06:43 UTC 2019 - Jan Engelhardt - Update RPM group. ------------------------------------------------------------------- Wed Jan 2 00:38:38 UTC 2019 - Jan Engelhardt - Update to new upstream release 17 * The compatibility launcher now namespaces transient systemd units based on its own name on the scope-bus. * The launcher now respects the `NAME' configuration and correctly drops privileges of the broker and itself after startup. * Messages with file-descriptors will now be refused if the client did not negotiate file-descriptor passing before. - Drop use-system-deps.diff ------------------------------------------------------------------- Mon Mar 5 20:16:26 UTC 2018 - jengelh@inai.de - Update to new upstream release 11 * The policy-type of the dbus-broker API has been simplified. It is now reduced to a policy-batch indexed by uids, in combination with a policy-batch indexed either by gid or uid-range. * The launcher now supports a `--config-file PATH` commandline option to override the root configuration file, which is still deduced based on the passed scope parameter. ------------------------------------------------------------------- Tue Feb 6 00:37:19 UTC 2018 - jengelh@inai.de - Update to new upstream release 9 * AddListener() on org.bus1.DBus.Broker now supports UID ranges. * dbus-broker.service unit is now ordered before basic.target. * The launcher now uses instantiated systemd template units when activating a service that has no associated systemd service file. * The launcher now supports configuration reloading. * Activated units now inherit their user from the actual D-Bus service, if provided. ------------------------------------------------------------------- Sun Sep 10 23:30:34 UTC 2017 - jengelh@inai.de - Update to new upstream release 4 * Support for sending SELinux AVC violations to audit rather than syslog. * Units will now be activated via explicit calls to StartUnit() rather than faking a ActivationRequest directed signal. This allows to catch startup failures (or rejections) and allows to reject all pending activation requests right away. * The broker now logs policy violations to the system log. - Add use-system-deps.diff ------------------------------------------------------------------- Fri Aug 25 10:54:00 UTC 2017 - jengelh@inai.de - Initial package (version 3) for build.opensuse.org