Revisions of dbus-1
Dirk Mueller (dirkmueller)
committed
(revision 328)
- update to 1.14.6:
* Fix an incorrect assertion that could be used to crash
dbus-daemon or other users of DBusServer prior to
authentication, if libdbus was compiled with assertions
enabled.
We recommend that production builds of dbus, for example in
OS distributions, should be compiled with checks but
without assertions.
* When connected to a dbus-broker, stop dbus-monitor from
incorrectly replying to Peer method calls that were sent to the
dbus-broker with a NULL destination
* Fix out-of-bounds varargs read in the dbus-daemon's config-
parser. This is not attacker-triggerable and appears to be
harmless in practice, but is technically undefined behaviour
and is detected as such by AddressSanitizer.
* Avoid a data race in multi-threaded use of DBusCounter
* Fix a crash with some glibc versions when non-auditable
SELinux events are logged (dbus!386, Jeremi Piotrowski)
* If dbus_message_demarshal() runs out of memory while
validating a message, report it as NoMemory rather than
InvalidArgs (dbus#420, Simon McVittie)
* Use C11 _Alignof if available, for better standards-
compliance
* Stop including an outdated copy of pkg.m4 in the git tree
* Documentation:
* Fix the test-apparmor-activation test after dbus#416
* Internal changes:
* Fix CI builds with recent git versions (dbus#447, Simon
McVittie)
- switch to using multibuild
buildservice-autocommit
accepted
request 1031295
from
Dirk Mueller (dirkmueller)
(revision 327)
Dirk Mueller (dirkmueller)
(revision 327)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
committed
(revision 326)
- update to 1.14.4 (bsc#1204111, CVE-2022-42010,
bsc#1204112, CVE-2022-42011,
bsc#1204113, CVE-2022-42012):
This is a security update for the dbus 1.14.x stable branch, fixing
denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying
security hardening (dbus#416).
Behaviour changes:
* On Linux, dbus-daemon and other uses of DBusServer now create a
path-based Unix socket, unix:path=..., when asked to listen on a
unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to
unix:dir=... on all platforms.
Previous versions would have created an abstract socket, unix:abstract=...,
in this situation.
This change primarily affects the well-known session bus when run via
dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring
dbus with --enable-user-session and running it on a systemd system,
already used path-based Unix sockets and is unaffected by this change.
This behaviour change prevents a sandbox escape via the session bus socket
in sandboxing frameworks that can share the network namespace with the host
system, such as Flatpak.
This change might cause a regression in situations where the abstract socket
is intentionally shared between the host system and a chroot or container,
such as some use-cases of schroot(1). That regression can be resolved by
using a bind-mount to share either the D-Bus socket, or the whole /tmp
directory, with the chroot or container.
(dbus#416, Simon McVittie)
* Denial of service fixes:
- Evgeny Vereshchagin discovered several ways in which an authenticated
local attacker could cause a crash (denial of service) in
dbus-daemon --system or a custom DBusServer. In uncommon configurations
buildservice-autocommit
accepted
request 1011186
from
Simon Lees (simotek)
(revision 325)
Simon Lees (simotek)
(revision 325)
baserev update by copy to link target
Simon Lees (simotek)
accepted
request 1011151
from
Bjørn Lie (iznogood)
(revision 324)
- Disable asserts in dbus-1-x11.spec and dbus-1-devel-doc.spec too
buildservice-autocommit
accepted
request 1010413
from
Dirk Mueller (dirkmueller)
(revision 323)
Dirk Mueller (dirkmueller)
(revision 323)
baserev update by copy to link target
buildservice-autocommit
accepted
request 981473
from
Dirk Mueller (dirkmueller)
(revision 321)
Dirk Mueller (dirkmueller)
(revision 321)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
committed
(revision 320)
- update to 2.23: * Python now waits on child processes with os.wait() * open() call with O_CREAT now passes permissions * -Ttext-segment argument on aarch64 passes page size in hex * Build system improvements - add disable-morecore.patch: fix build and working with glibc >= 2.34 - rediff patches
Dirk Mueller (dirkmueller)
committed
(revision 319)
- version provides - add split provides - remove unused/obsolete pre_checkin.sh
Dirk Mueller (dirkmueller)
accepted
request 979267
from
Simon Lees (simotek)
(revision 318)
- The great dbus package split of 22, in preperation for replacing
dbus-daemon with dbus-broker currently there is no functional
difference that will change later, this follows a similar setup
to RedHat and Debian.
* dbus-daemon is now in its own separate package
* Create a dbus-1-common package with all the files and config
that are shared between the dbus-daemon and dbus-broker
implementations.
* Create a dbus-1-tools package with the tools eventually we will
likely want to move to only recommending this package Redhat and
Debian have both already gone down this path.
buildservice-autocommit
accepted
request 962877
from
Dirk Mueller (dirkmueller)
(revision 317)
Dirk Mueller (dirkmueller)
(revision 317)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
accepted
request 962625
from
Fabian Vogt (favogt)
(revision 316)
- Use --with-x=auto to actually enable X11 integration (boo#1197258,
workaround https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/263)
- Drop use of %{with libalternatives}, there's no such bcond defined
and in many other places it's not optional anyway (boo#1197258)
buildservice-autocommit
accepted
request 961966
from
Dirk Mueller (dirkmueller)
(revision 315)
Dirk Mueller (dirkmueller)
(revision 315)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
committed
(revision 314)
buildservice-autocommit
accepted
request 960278
from
Dirk Mueller (dirkmueller)
(revision 312)
Dirk Mueller (dirkmueller)
(revision 312)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
accepted
request 960246
from
Bjørn Lie (iznogood)
(revision 311)
Resub, no multibuild. The multibuild with several specs are a valid approch - but fine, I'll remove it. See https://openbuildservice.org/help/manuals/obs-user-guide/cha.obs.multibuild.html
buildservice-autocommit
accepted
request 958730
from
Dirk Mueller (dirkmueller)
(revision 310)
Dirk Mueller (dirkmueller)
(revision 310)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
accepted
request 958337
from
Bjørn Lie (iznogood)
(revision 309)
- Update to version 1.12.22:
+ On Linux, when using traditional (non-systemd) service
activation, don't log warnings about failing to reset OOM score
adjustment if the process is already more susceptible to the
OOM killer, as user processes usually are with systemd ≥ 250.
+ On Linux, when using traditional (non-systemd) system bus
activation, reset the OOM score adjustment to 0 as intended.
If the system dbus-daemon is protected from the OOM killer,
this avoids that protection unintentionally being inherited by
every system service.
+ Avoid malloc() after fork on non-GNU libc.
+ Fix build with clang 13 by using Standard C offsetof where
available.
+ Fix build of tests on FreeBSD.
+ Make documentation build more reproducible.
+ On Unix, make X11 autolaunch cope with slashes in DISPLAY.
+ Don't try to raise RLIMIT_NOFILE beyond OPEN_MAX on macOS.
+ Fix compilation if embedded tests are enabled but verbose mode
and stats are both disabled.
+ On Linux, fix a race condition in the integration test for
transient services.
- Update to version 1.12.22:
+ On Linux, when using traditional (non-systemd) service
activation, don't log warnings about failing to reset OOM score
adjustment if the process is already more susceptible to the
OOM killer, as user processes usually are with systemd ≥ 250.
+ On Linux, when using traditional (non-systemd) system bus
activation, reset the OOM score adjustment to 0 as intended.
If the system dbus-daemon is protected from the OOM killer,
this avoids that protection unintentionally being inherited by
every system service.
+ Avoid malloc() after fork on non-GNU libc.
+ Fix build with clang 13 by using Standard C offsetof where
available.
+ Fix build of tests on FreeBSD.
+ Make documentation build more reproducible.
+ On Unix, make X11 autolaunch cope with slashes in DISPLAY.
+ Don't try to raise RLIMIT_NOFILE beyond OPEN_MAX on macOS.
+ Fix compilation if embedded tests are enabled but verbose mode
and stats are both disabled.
+ On Linux, fix a race condition in the integration test for
transient services.
- Update to version 1.12.22:
+ On Linux, when using traditional (non-systemd) service
activation, don't log warnings about failing to reset OOM score
adjustment if the process is already more susceptible to the
OOM killer, as user processes usually are with systemd ≥ 250.
+ On Linux, when using traditional (non-systemd) system bus
activation, reset the OOM score adjustment to 0 as intended.
If the system dbus-daemon is protected from the OOM killer,
this avoids that protection unintentionally being inherited by
every system service.
+ Avoid malloc() after fork on non-GNU libc.
+ Fix build with clang 13 by using Standard C offsetof where
available.
+ Fix build of tests on FreeBSD.
+ Make documentation build more reproducible.
+ On Unix, make X11 autolaunch cope with slashes in DISPLAY.
+ Don't try to raise RLIMIT_NOFILE beyond OPEN_MAX on macOS.
+ Fix compilation if embedded tests are enabled but verbose mode
and stats are both disabled.
+ On Linux, fix a race condition in the integration test for
transient services.
Displaying revisions 21 - 40 of 348
