rpms
/
dbus-broker
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import dbus-broker-28-5.el9

This commit is contained in:
CentOS Sources 2021-11-03 22:07:57 -04:00 committed by Stepan Oksanichenko
commit ed0fac2aa5
5 changed files with 374 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.dbus-broker.metadata Normal file
View File

@ -0,0 +1 @@
2602b87b336875bc1fd6866004f16013e6cf3fe4 SOURCES/dbus-broker-28.tar.xz

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/dbus-broker-28.tar.xz

38
SOURCES/1add8a7d60e46806e0ef87994d3024245db0d84a.patch Normal file
View File

@ -0,0 +1,38 @@
From 1add8a7d60e46806e0ef87994d3024245db0d84a Mon Sep 17 00:00:00 2001
From: David Rheinsberg <david.rheinsberg@gmail.com>
Date: Thu, 18 Mar 2021 11:10:02 +0100
Subject: [PATCH] launch/policy: fix incorrect assertion for at_console
We write at_console policies for ranges of uids. If one of those ranges
is 0, an overflow assertion will incorrectly fire. Fix this and simplify
the assertions for better readability.
Note that such empty ranges will happen if more than one user on the
system is considered `at_console` **and** those users have consecutive
UIDs. Another possibility for empty ranges is when uid 0 is considered
at_console.
In any case, the assertion will abort the application incorrectly. So
this is not a security issue, but merely an incorrect assertion.
Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com>
---
src/launch/policy.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/launch/policy.c b/src/launch/policy.c
index f91f11b..75eb0d3 100644
--- a/src/launch/policy.c
+++ b/src/launch/policy.c
@@ -934,7 +934,10 @@ static int policy_export_xmit(Policy *policy, CList *list1, CList *list2, sd_bus
static int policy_export_console(Policy *policy, sd_bus_message *m, PolicyEntries *entries, uint32_t uid_start, uint32_t n_uid) {
int r;
- c_assert(((uint32_t)-1) - n_uid + 1 >= uid_start);
+ /* check for overflow */
+ c_assert(uid_start + n_uid >= uid_start);
+ /* check for encoding into dbus `u` type */
+ c_assert(uid_start + n_uid <= (uint32_t)-1);
if (n_uid == 0)
return 0;

30
SOURCES/b82b670bfec6600d0144bcb9ca635fb07c80118f.patch Normal file
View File

@ -0,0 +1,30 @@
From b82b670bfec6600d0144bcb9ca635fb07c80118f Mon Sep 17 00:00:00 2001
From: David Rheinsberg <david.rheinsberg@gmail.com>
Date: Thu, 18 Mar 2021 12:13:16 +0100
Subject: [PATCH] launch/policy: fix at_console range assertion again
The previous fix did not actually consider that a full range can span up
until (uint32_t)-1. Fix this properly now, and just check manually for
an empty range before checking that the highest entry in the range can
be represented.
Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com>
---
src/launch/policy.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/launch/policy.c b/src/launch/policy.c
index 75eb0d3..6999ceb 100644
--- a/src/launch/policy.c
+++ b/src/launch/policy.c
@@ -935,9 +935,7 @@ static int policy_export_console(Policy *policy, sd_bus_message *m, PolicyEntrie
int r;
/* check for overflow */
- c_assert(uid_start + n_uid >= uid_start);
- /* check for encoding into dbus `u` type */
- c_assert(uid_start + n_uid <= (uint32_t)-1);
+ c_assert(n_uid == 0 || uid_start + n_uid - 1 >= uid_start);
if (n_uid == 0)
return 0;

304
SPECS/dbus-broker.spec Normal file
View File

@ -0,0 +1,304 @@
%global dbus_user_id 81
Name: dbus-broker
Version: 28
Release: 5%{?dist}
Summary: Linux D-Bus Message Broker
License: ASL 2.0
URL: https://github.com/bus1/dbus-broker
Source0: https://github.com/bus1/dbus-broker/releases/download/v%{version}/dbus-broker-%{version}.tar.xz
Patch0000: https://github.com/bus1/dbus-broker/commit/1add8a7d60e46806e0ef87994d3024245db0d84a.patch
Patch0001: https://github.com/bus1/dbus-broker/commit/b82b670bfec6600d0144bcb9ca635fb07c80118f.patch
%{?systemd_requires}
BuildRequires: pkgconfig(audit)
BuildRequires: pkgconfig(expat)
BuildRequires: pkgconfig(dbus-1)
BuildRequires: pkgconfig(libcap-ng)
BuildRequires: pkgconfig(libselinux)
BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(systemd)
BuildRequires: gcc
BuildRequires: glibc-devel
BuildRequires: meson
BuildRequires: python3-docutils
Requires: dbus-common
Requires(pre): shadow-utils
Requires(post): /usr/bin/systemctl
# for triggerpostun
Requires: /usr/bin/systemctl
%description
dbus-broker is an implementation of a message bus as defined by the D-Bus
specification. Its aim is to provide high performance and reliability, while
keeping compatibility to the D-Bus reference implementation. It is exclusively
written for Linux systems, and makes use of many modern features provided by
recent Linux kernel releases.
%prep
%autosetup -p1
%build
%meson -Dselinux=true -Daudit=true -Ddocs=true -Dsystem-console-users=gdm -Dlinux-4-17=true
%meson_build
%install
%meson_install
%check
%meson_test
%pre
# create dbus user and group
getent group dbus >/dev/null || groupadd -f -g %{dbus_user_id} -r dbus
if ! getent passwd dbus >/dev/null ; then
if ! getent passwd %{dbus_user_id} >/dev/null ; then
useradd -r -u %{dbus_user_id} -g %{dbus_user_id} -d '/' -s /sbin/nologin -c "System message bus" dbus
else
useradd -r -g %{dbus_user_id} -d '/' -s /sbin/nologin -c "System message bus" dbus
fi
fi
exit 0
%post
%systemd_post dbus-broker.service
%systemd_user_post dbus-broker.service
%journal_catalog_update
%preun
%systemd_preun dbus-broker.service
%systemd_user_preun dbus-broker.service
%postun
%systemd_postun dbus-broker.service
%systemd_user_postun dbus-broker.service
%triggerpostun -- dbus-daemon
if [ $2 -eq 0 ] ; then
# The `dbus-daemon` package used to provide the default D-Bus
# implementation. We continue to make sure that if you uninstall it, we
# re-evaluate whether to enable dbus-broker to replace it. If we didnt,
# you might end up without any bus implementation active.
systemctl --no-reload preset dbus-broker.service || :
systemctl --no-reload --global preset dbus-broker.service || :
fi
%files
%license AUTHORS
%license LICENSE
%{_bindir}/dbus-broker
%{_bindir}/dbus-broker-launch
%{_journalcatalogdir}/dbus-broker.catalog
%{_journalcatalogdir}/dbus-broker-launch.catalog
%{_mandir}/man1/dbus-broker.1*
%{_mandir}/man1/dbus-broker-launch.1*
%{_unitdir}/dbus-broker.service
%{_userunitdir}/dbus-broker.service
%changelog
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 28-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 28-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Thu Mar 18 2021 David Rheinsberg <david.rheinsberg@gmail.com> - 28-3
- Apply another fix for incorrect at_console range assertion.
* Thu Mar 18 2021 David Rheinsberg <david.rheinsberg@gmail.com> - 28-2
- Apply fix for incorrect at_console range assertion.
* Thu Mar 18 2021 David Rheinsberg <david.rheinsberg@gmail.com> - 28-1
- Update to upstream v28.
- Drop unused c-util based bundling annotations.
* Wed Feb 17 2021 David Rheinsberg <david.rheinsberg@gmail.com> - 27-2
- Apply activation-tracking bugfixes from upstream.
* Mon Feb 15 2021 David Rheinsberg <david.rheinsberg@gmail.com> - 27-1
- Update to upstream v27.
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 26-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jan 20 2021 David Rheinsberg <david.rheinsberg@gmail.com> - 26-1
- Update to upstream v26.
* Wed Jan 6 2021 Jeff Law <law@redhat.com> - 24-2
- Bump NVR to force rebuild with gcc-11
* Fri Sep 4 2020 David Rheinsberg <david.rheinsberg@gmail.com> - 24-1
- Update to upstream v24. Only minor changes to the diagnostic messages as
well as audit-events.
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 23-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon May 11 2020 Adam Williamson <awilliam@redhat.com> - 23-2
- Fix missing % in macro invocations in %post
* Mon May 11 2020 David Rheinsberg <david.rheinsberg@gmail.com> - 23-1
- Update to upstream v23.
* Mon May 4 2020 David Rheinsberg <david.rheinsberg@gmail.com> - 22-3
- Drop dbus-daemon -> dbus-broker live system conversion. New setups will
automatically pick up dbus-broker as default implementation. If you upgrade
from pre-F30, you will not get any auto upgrade anymore. Deinstalling the
dbus-daemon package will, however, automatically pick up dbus-broker.
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 21-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 21-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sun Jul 14 2019 Neal Gompa <ngompa13@gmail.com> - 21-5
- Fix reference to dbus_user_id macro in scriptlet
* Wed Jul 10 2019 Jonathan Brielmaier <jbrielmaier@suse.de> - 21-4
- Make creation of dbus user/group more robust, fixes #1717925
* Thu May 9 2019 Tom Gundersen <teg@jklm.no> - 21-2
- Gracefully handle missing FDs in received messages, #1706883
- Minor bugfixes
* Fri May 3 2019 Tom Gundersen <teg@jklm.no> - 21-1
- Don't fail on EACCESS when reading config, fixes #1704920
* Thu May 2 2019 Tom Gundersen <teg@jklm.no> - 21-1
- Minor bugfixes related to config reload for #1704488
* Wed Apr 17 2019 Tom Gundersen <teg@jklm.no> - 20-4
- Fix assert due to failing reload #1700514
* Tue Apr 16 2019 Adam Williamson <awilliam@redhat.com> - 20-3
- Rebuild with Meson fix for #1699099
* Thu Apr 11 2019 Tom Gundersen <teg@jklm.no> - 20-2
- Fix the c_assert macro
* Wed Apr 10 2019 Tom Gundersen <teg@jklm.no> - 20-1
- Improve handling of broken or deprecated configuration
- Avoid at_console workaround if possible
* Tue Apr 9 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 19-2
- Add a temporary generator to fix switching from dbus-daemon to
dbus-broker (#1674045)
* Thu Mar 28 2019 Tom Gundersen <teg@jklm.no> - 19-1
- Minor bug fixes
* Thu Feb 21 2019 Tom Gundersen <teg@jklm.no> - 18-1
- Minor bug fixes
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 17-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Tom Gundersen <teg@jklm.no> - 17-3
- run in the root network namespace
* Sat Jan 12 2019 Tom Gundersen <teg@jklm.no> - 17-2
- ignore config files that cannot be opened (fix rhbz #1665450)
* Wed Jan 2 2019 Tom Gundersen <teg@jklm.no> - 17-1
- apply more sandboxing through systemd
- improve logging on disconnect
- don't send FDs to clients who don't declare support
* Wed Nov 28 2018 Tom Gundersen <teg@jklm.no> - 16-8
- don't apply presets on updates to dbus-daemon
* Mon Nov 26 2018 Tom Gundersen <teg@jklm.no> - 16-7
- enable service file correctly at install
* Mon Nov 26 2018 Tom Gundersen <teg@jklm.no> - 16-5
- use full paths when calling binaries from rpm scripts
* Sun Nov 25 2018 Tom Gundersen <teg@jklm.no> - 16-4
- fix SELinux bug
* Tue Oct 30 2018 Tom Gundersen <teg@jklm.no> - 16-3
- add explicit systemctl dependency
* Tue Oct 23 2018 David Herrmann <dh.herrmann@gmail.com> - 16-2
- create dbus user and group if non-existant
- add explicit %%postlets to switch over to the broker as default
* Fri Oct 12 2018 Tom Gundersen <teg@jklm.no> - 16-1
- make resource limits configurable
- rerun presets in case dbus-daemon is disabled
* Thu Aug 30 2018 Tom Gundersen <teg@jklm.no> - 15-4
- depend on dbus-common rather than dbus
* Wed Aug 29 2018 Tom Gundersen <teg@jklm.no> - 15-3
- run %%systemd_user rpm macros
* Mon Aug 27 2018 Tom Gundersen <teg@jklm.no> - 15-2
- add back --verbose switch for backwards compatibility
* Wed Aug 08 2018 Tom Gundersen <teg@jklm.no> - 15-1
- fix audit support
- make logging about invalid config less verbose
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 14-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jul 03 2018 Tom Gundersen <teg@jklm.no> - 14-1
- use inotify to reload config automatically
- run as the right user
- new compatibility features, bugfixes and performance enhancements
* Mon Apr 23 2018 Tom Gundersen <teg@jklm.no> - 13-1
- Namespace transient systemd units per launcher instance
- Reduce reliance on NSS
- Fix deadlock with nss-systemd
* Wed Feb 21 2018 Tom Gundersen <teg@jklm.no> - 11-1
- The 'gdm' user is now considered at_console=true
- Bugfixes and performance enhancements
* Wed Feb 07 2018 Tom Gundersen <teg@jklm.no> - 10-1
- Bugfixes and performance enhancements
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Nov 30 2017 Tom Gundersen <teg@jklm.no> - 9-1
- Avoid nss deadlock at start-up
- Support ExecReload
- Respect User= in service files
* Tue Oct 17 2017 Tom Gundersen <teg@jklm.no> - 8-1
- Dont clean-up children of activated services by default
- Dont use audit from the user instance
- Support the ReloadConfig() API
* Tue Oct 17 2017 Tom Gundersen <teg@jklm.no> - 7-1
- Upstream bugfix release
* Mon Oct 16 2017 Tom Gundersen <teg@jklm.no> - 6-1
- Upstream bugfix release
* Tue Oct 10 2017 Tom Gundersen <teg@jklm.no> - 5-1
- Drop downstream SELinux module
- Support (in a limited way) at_console= policies
- Order dbus-broker before basic.target
* Fri Sep 08 2017 Tom Gundersen <teg@jklm.no> - 4-1
- Use audit for SELinux logging
- Support full search-paths for service files
- Log policy failures
* Fri Aug 18 2017 Tom Gundersen <teg@jklm.no> - 3-1
- Add manpages
* Wed Aug 16 2017 Tom Gundersen <teg@jklm.no> - 2-2
- Add license to package
* Wed Aug 16 2017 Tom Gundersen <teg@jklm.no> - 2-1
- Add SELinux support
* Sun Aug 13 2017 Tom Gundersen <teg@jklm.no> - 1-1
- Initial RPM release