Revisions of dbus-1
Dirk Mueller (dirkmueller)
committed
(revision 328)
- update to 1.14.6: * Fix an incorrect assertion that could be used to crash dbus-daemon or other users of DBusServer prior to authentication, if libdbus was compiled with assertions enabled. We recommend that production builds of dbus, for example in OS distributions, should be compiled with checks but without assertions. * When connected to a dbus-broker, stop dbus-monitor from incorrectly replying to Peer method calls that were sent to the dbus-broker with a NULL destination * Fix out-of-bounds varargs read in the dbus-daemon's config- parser. This is not attacker-triggerable and appears to be harmless in practice, but is technically undefined behaviour and is detected as such by AddressSanitizer. * Avoid a data race in multi-threaded use of DBusCounter * Fix a crash with some glibc versions when non-auditable SELinux events are logged (dbus!386, Jeremi Piotrowski) * If dbus_message_demarshal() runs out of memory while validating a message, report it as NoMemory rather than InvalidArgs (dbus#420, Simon McVittie) * Use C11 _Alignof if available, for better standards- compliance * Stop including an outdated copy of pkg.m4 in the git tree * Documentation: * Fix the test-apparmor-activation test after dbus#416 * Internal changes: * Fix CI builds with recent git versions (dbus#447, Simon McVittie) - switch to using multibuild
buildservice-autocommit
accepted
request 1031295
from
Dirk Mueller (dirkmueller)
(revision 327)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
committed
(revision 326)
- update to 1.14.4 (bsc#1204111, CVE-2022-42010, bsc#1204112, CVE-2022-42011, bsc#1204113, CVE-2022-42012): This is a security update for the dbus 1.14.x stable branch, fixing denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying security hardening (dbus#416). Behaviour changes: * On Linux, dbus-daemon and other uses of DBusServer now create a path-based Unix socket, unix:path=..., when asked to listen on a unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to unix:dir=... on all platforms. Previous versions would have created an abstract socket, unix:abstract=..., in this situation. This change primarily affects the well-known session bus when run via dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring dbus with --enable-user-session and running it on a systemd system, already used path-based Unix sockets and is unaffected by this change. This behaviour change prevents a sandbox escape via the session bus socket in sandboxing frameworks that can share the network namespace with the host system, such as Flatpak. This change might cause a regression in situations where the abstract socket is intentionally shared between the host system and a chroot or container, such as some use-cases of schroot(1). That regression can be resolved by using a bind-mount to share either the D-Bus socket, or the whole /tmp directory, with the chroot or container. (dbus#416, Simon McVittie) * Denial of service fixes: - Evgeny Vereshchagin discovered several ways in which an authenticated local attacker could cause a crash (denial of service) in dbus-daemon --system or a custom DBusServer. In uncommon configurations
buildservice-autocommit
accepted
request 1011186
from
Simon Lees (simotek)
(revision 325)
baserev update by copy to link target
Simon Lees (simotek)
accepted
request 1011151
from
Bjørn Lie (iznogood)
(revision 324)
- Disable asserts in dbus-1-x11.spec and dbus-1-devel-doc.spec too
buildservice-autocommit
accepted
request 1010413
from
Dirk Mueller (dirkmueller)
(revision 323)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
committed
(revision 322)
- Disable asserts (bsc#1087072)
buildservice-autocommit
accepted
request 981473
from
Dirk Mueller (dirkmueller)
(revision 321)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
committed
(revision 320)
- update to 2.23: * Python now waits on child processes with os.wait() * open() call with O_CREAT now passes permissions * -Ttext-segment argument on aarch64 passes page size in hex * Build system improvements - add disable-morecore.patch: fix build and working with glibc >= 2.34 - rediff patches
Dirk Mueller (dirkmueller)
committed
(revision 319)
- version provides - add split provides - remove unused/obsolete pre_checkin.sh
Dirk Mueller (dirkmueller)
accepted
request 979267
from
Simon Lees (simotek)
(revision 318)
- The great dbus package split of 22, in preperation for replacing dbus-daemon with dbus-broker currently there is no functional difference that will change later, this follows a similar setup to RedHat and Debian. * dbus-daemon is now in its own separate package * Create a dbus-1-common package with all the files and config that are shared between the dbus-daemon and dbus-broker implementations. * Create a dbus-1-tools package with the tools eventually we will likely want to move to only recommending this package Redhat and Debian have both already gone down this path.
buildservice-autocommit
accepted
request 962877
from
Dirk Mueller (dirkmueller)
(revision 317)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
accepted
request 962625
from
Fabian Vogt (favogt)
(revision 316)
- Use --with-x=auto to actually enable X11 integration (boo#1197258, workaround https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/263) - Drop use of %{with libalternatives}, there's no such bcond defined and in many other places it's not optional anyway (boo#1197258)
buildservice-autocommit
accepted
request 961966
from
Dirk Mueller (dirkmueller)
(revision 315)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
committed
(revision 314)
Dirk Mueller (dirkmueller)
committed
(revision 313)
- set runstatedir correctly
buildservice-autocommit
accepted
request 960278
from
Dirk Mueller (dirkmueller)
(revision 312)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
accepted
request 960246
from
Bjørn Lie (iznogood)
(revision 311)
Resub, no multibuild. The multibuild with several specs are a valid approch - but fine, I'll remove it. See https://openbuildservice.org/help/manuals/obs-user-guide/cha.obs.multibuild.html
buildservice-autocommit
accepted
request 958730
from
Dirk Mueller (dirkmueller)
(revision 310)
baserev update by copy to link target
Dirk Mueller (dirkmueller)
accepted
request 958337
from
Bjørn Lie (iznogood)
(revision 309)
- Update to version 1.12.22: + On Linux, when using traditional (non-systemd) service activation, don't log warnings about failing to reset OOM score adjustment if the process is already more susceptible to the OOM killer, as user processes usually are with systemd ≥ 250. + On Linux, when using traditional (non-systemd) system bus activation, reset the OOM score adjustment to 0 as intended. If the system dbus-daemon is protected from the OOM killer, this avoids that protection unintentionally being inherited by every system service. + Avoid malloc() after fork on non-GNU libc. + Fix build with clang 13 by using Standard C offsetof where available. + Fix build of tests on FreeBSD. + Make documentation build more reproducible. + On Unix, make X11 autolaunch cope with slashes in DISPLAY. + Don't try to raise RLIMIT_NOFILE beyond OPEN_MAX on macOS. + Fix compilation if embedded tests are enabled but verbose mode and stats are both disabled. + On Linux, fix a race condition in the integration test for transient services. - Update to version 1.12.22: + On Linux, when using traditional (non-systemd) service activation, don't log warnings about failing to reset OOM score adjustment if the process is already more susceptible to the OOM killer, as user processes usually are with systemd ≥ 250. + On Linux, when using traditional (non-systemd) system bus activation, reset the OOM score adjustment to 0 as intended. If the system dbus-daemon is protected from the OOM killer, this avoids that protection unintentionally being inherited by every system service. + Avoid malloc() after fork on non-GNU libc. + Fix build with clang 13 by using Standard C offsetof where available. + Fix build of tests on FreeBSD. + Make documentation build more reproducible. + On Unix, make X11 autolaunch cope with slashes in DISPLAY. + Don't try to raise RLIMIT_NOFILE beyond OPEN_MAX on macOS. + Fix compilation if embedded tests are enabled but verbose mode and stats are both disabled. + On Linux, fix a race condition in the integration test for transient services. - Update to version 1.12.22: + On Linux, when using traditional (non-systemd) service activation, don't log warnings about failing to reset OOM score adjustment if the process is already more susceptible to the OOM killer, as user processes usually are with systemd ≥ 250. + On Linux, when using traditional (non-systemd) system bus activation, reset the OOM score adjustment to 0 as intended. If the system dbus-daemon is protected from the OOM killer, this avoids that protection unintentionally being inherited by every system service. + Avoid malloc() after fork on non-GNU libc. + Fix build with clang 13 by using Standard C offsetof where available. + Fix build of tests on FreeBSD. + Make documentation build more reproducible. + On Unix, make X11 autolaunch cope with slashes in DISPLAY. + Don't try to raise RLIMIT_NOFILE beyond OPEN_MAX on macOS. + Fix compilation if embedded tests are enabled but verbose mode and stats are both disabled. + On Linux, fix a race condition in the integration test for transient services.
Displaying revisions 21 - 40 of 348