Auto sync2gitlab import of dbus-1.12.8-18.el8_6.1.src.rpm
This commit is contained in:
parent
70cf12da82
commit
57de567f99
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
/dbus-1.12.8.tar.gz
|
14
00-start-message-bus.sh
Executable file
14
00-start-message-bus.sh
Executable file
@ -0,0 +1,14 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# Copyright (C) 2008 Red Hat, Inc.
|
||||||
|
#
|
||||||
|
# All rights reserved. This copyrighted material is made available to anyone
|
||||||
|
# wishing to use, modify, copy, or redistribute it subject to the terms and
|
||||||
|
# conditions of the GNU General Public License version 2.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program; if not, write to the Free Software
|
||||||
|
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||||||
|
#
|
||||||
|
if [ -z "$DBUS_SESSION_BUS_ADDRESS" ]; then
|
||||||
|
eval `dbus-launch --sh-syntax --exit-with-session`
|
||||||
|
fi
|
22
0001-tools-Use-Python3-for-GetAllMatchRules.patch
Normal file
22
0001-tools-Use-Python3-for-GetAllMatchRules.patch
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
From 59ddde9e1ed5de03b060ff3ce27e35509707dff2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Colin Walters <walters@verbum.org>
|
||||||
|
Date: Tue, 31 Jul 2018 12:33:59 -0400
|
||||||
|
Subject: [PATCH] tools: Use Python3 for GetAllMatchRules
|
||||||
|
|
||||||
|
---
|
||||||
|
tools/GetAllMatchRules.py | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/tools/GetAllMatchRules.py b/tools/GetAllMatchRules.py
|
||||||
|
index 6a7e4cd9..f7e340d6 100755
|
||||||
|
--- a/tools/GetAllMatchRules.py
|
||||||
|
+++ b/tools/GetAllMatchRules.py
|
||||||
|
@@ -1,4 +1,4 @@
|
||||||
|
-#!/usr/bin/env python
|
||||||
|
+#!/usr/bin/python3
|
||||||
|
|
||||||
|
import sys
|
||||||
|
import argparse
|
||||||
|
--
|
||||||
|
2.17.1
|
||||||
|
|
119
dbus-1.12.8-fix-CVE-2019-12749.patch
Normal file
119
dbus-1.12.8-fix-CVE-2019-12749.patch
Normal file
@ -0,0 +1,119 @@
|
|||||||
|
From 47b1a4c41004bf494b87370987b222c934b19016 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simon McVittie <smcv@collabora.com>
|
||||||
|
Date: Thu, 30 May 2019 12:53:03 +0100
|
||||||
|
Subject: [PATCH] auth: Reject DBUS_COOKIE_SHA1 for users other than the server
|
||||||
|
owner
|
||||||
|
|
||||||
|
The DBUS_COOKIE_SHA1 authentication mechanism aims to prove ownership
|
||||||
|
of a shared home directory by having the server write a secret "cookie"
|
||||||
|
into a .dbus-keyrings subdirectory of the desired identity's home
|
||||||
|
directory with 0700 permissions, and having the client prove that it can
|
||||||
|
read the cookie. This never actually worked for non-malicious clients in
|
||||||
|
the case where server uid != client uid (unless the server and client
|
||||||
|
both have privileges, such as Linux CAP_DAC_OVERRIDE or traditional
|
||||||
|
Unix uid 0) because an unprivileged server would fail to write out the
|
||||||
|
cookie, and an unprivileged client would be unable to read the resulting
|
||||||
|
file owned by the server.
|
||||||
|
|
||||||
|
Additionally, since dbus 1.7.10 we have checked that ~/.dbus-keyrings
|
||||||
|
is owned by the uid of the server (a side-effect of a check added to
|
||||||
|
harden our use of XDG_RUNTIME_DIR), further ruling out successful use
|
||||||
|
by a non-malicious client with a uid differing from the server's.
|
||||||
|
|
||||||
|
Joe Vennix of Apple Information Security discovered that the
|
||||||
|
implementation of DBUS_COOKIE_SHA1 was susceptible to a symbolic link
|
||||||
|
attack: a malicious client with write access to its own home directory
|
||||||
|
could manipulate a ~/.dbus-keyrings symlink to cause the DBusServer to
|
||||||
|
read and write in unintended locations. In the worst case this could
|
||||||
|
result in the DBusServer reusing a cookie that is known to the
|
||||||
|
malicious client, and treating that cookie as evidence that a subsequent
|
||||||
|
client connection came from an attacker-chosen uid, allowing
|
||||||
|
authentication bypass.
|
||||||
|
|
||||||
|
This is mitigated by the fact that by default, the well-known system
|
||||||
|
dbus-daemon (since 2003) and the well-known session dbus-daemon (in
|
||||||
|
stable releases since dbus 1.10.0 in 2015) only accept the EXTERNAL
|
||||||
|
authentication mechanism, and as a result will reject DBUS_COOKIE_SHA1
|
||||||
|
at an early stage, before manipulating cookies. As a result, this
|
||||||
|
vulnerability only applies to:
|
||||||
|
|
||||||
|
* system or session dbus-daemons with non-standard configuration
|
||||||
|
* third-party dbus-daemon invocations such as at-spi2-core (although
|
||||||
|
in practice at-spi2-core also only accepts EXTERNAL by default)
|
||||||
|
* third-party uses of DBusServer such as the one in Upstart
|
||||||
|
|
||||||
|
Avoiding symlink attacks in a portable way is difficult, because APIs
|
||||||
|
like openat() and Linux /proc/self/fd are not universally available.
|
||||||
|
However, because DBUS_COOKIE_SHA1 already doesn't work in practice for
|
||||||
|
a non-matching uid, we can solve this vulnerability in an easier way
|
||||||
|
without regressions, by rejecting it early (before looking at
|
||||||
|
~/.dbus-keyrings) whenever the requested identity doesn't match the
|
||||||
|
identity of the process hosting the DBusServer.
|
||||||
|
|
||||||
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
||||||
|
Closes: https://gitlab.freedesktop.org/dbus/dbus/issues/269
|
||||||
|
Closes: CVE-2019-12749
|
||||||
|
---
|
||||||
|
dbus/dbus-auth.c | 32 ++++++++++++++++++++++++++++++++
|
||||||
|
1 file changed, 32 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c
|
||||||
|
index 37d8d4c9..7390a9d5 100644
|
||||||
|
--- a/dbus/dbus-auth.c
|
||||||
|
+++ b/dbus/dbus-auth.c
|
||||||
|
@@ -529,6 +529,7 @@ sha1_handle_first_client_response (DBusAuth *auth,
|
||||||
|
DBusString tmp2;
|
||||||
|
dbus_bool_t retval = FALSE;
|
||||||
|
DBusError error = DBUS_ERROR_INIT;
|
||||||
|
+ DBusCredentials *myself = NULL;
|
||||||
|
|
||||||
|
_dbus_string_set_length (&auth->challenge, 0);
|
||||||
|
|
||||||
|
@@ -565,6 +566,34 @@ sha1_handle_first_client_response (DBusAuth *auth,
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
+ myself = _dbus_credentials_new_from_current_process ();
|
||||||
|
+
|
||||||
|
+ if (myself == NULL)
|
||||||
|
+ goto out;
|
||||||
|
+
|
||||||
|
+ if (!_dbus_credentials_same_user (myself, auth->desired_identity))
|
||||||
|
+ {
|
||||||
|
+ /*
|
||||||
|
+ * DBUS_COOKIE_SHA1 is not suitable for authenticating that the
|
||||||
|
+ * client is anyone other than the user owning the process
|
||||||
|
+ * containing the DBusServer: we probably aren't allowed to write
|
||||||
|
+ * to other users' home directories. Even if we can (for example
|
||||||
|
+ * uid 0 on traditional Unix or CAP_DAC_OVERRIDE on Linux), we
|
||||||
|
+ * must not, because the other user controls their home directory,
|
||||||
|
+ * and could carry out symlink attacks to make us read from or
|
||||||
|
+ * write to unintended locations. It's difficult to avoid symlink
|
||||||
|
+ * attacks in a portable way, so we just don't try. This isn't a
|
||||||
|
+ * regression, because DBUS_COOKIE_SHA1 never worked for other
|
||||||
|
+ * users anyway.
|
||||||
|
+ */
|
||||||
|
+ _dbus_verbose ("%s: client tried to authenticate as \"%s\", "
|
||||||
|
+ "but that doesn't match this process",
|
||||||
|
+ DBUS_AUTH_NAME (auth),
|
||||||
|
+ _dbus_string_get_const_data (data));
|
||||||
|
+ retval = send_rejected (auth);
|
||||||
|
+ goto out;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* we cache the keyring for speed, so here we drop it if it's the
|
||||||
|
* wrong one. FIXME caching the keyring here is useless since we use
|
||||||
|
* a different DBusAuth for every connection.
|
||||||
|
@@ -679,6 +708,9 @@ sha1_handle_first_client_response (DBusAuth *auth,
|
||||||
|
_dbus_string_zero (&tmp2);
|
||||||
|
_dbus_string_free (&tmp2);
|
||||||
|
|
||||||
|
+ if (myself != NULL)
|
||||||
|
+ _dbus_credentials_unref (myself);
|
||||||
|
+
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.21.0
|
||||||
|
|
74
dbus-1.12.8-fix-CVE-2020-12049.patch
Normal file
74
dbus-1.12.8-fix-CVE-2020-12049.patch
Normal file
@ -0,0 +1,74 @@
|
|||||||
|
From 872b085f12f56da25a2dbd9bd0b2dff31d5aea63 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simon McVittie <smcv@collabora.com>
|
||||||
|
Date: Thu, 16 Apr 2020 14:45:11 +0100
|
||||||
|
Subject: [PATCH] sysdeps-unix: On MSG_CTRUNC, close the fds we did receive
|
||||||
|
|
||||||
|
MSG_CTRUNC indicates that we have received fewer fds that we should
|
||||||
|
have done because the buffer was too small, but we were treating it
|
||||||
|
as though it indicated that we received *no* fds. If we received any,
|
||||||
|
we still have to make sure we close them, otherwise they will be leaked.
|
||||||
|
|
||||||
|
On the system bus, if an attacker can induce us to leak fds in this
|
||||||
|
way, that's a local denial of service via resource exhaustion.
|
||||||
|
|
||||||
|
Reported-by: Kevin Backhouse, GitHub Security Lab
|
||||||
|
Fixes: dbus#294
|
||||||
|
Fixes: CVE-2020-12049
|
||||||
|
Fixes: GHSL-2020-057
|
||||||
|
---
|
||||||
|
dbus/dbus-sysdeps-unix.c | 32 ++++++++++++++++++++------------
|
||||||
|
1 file changed, 20 insertions(+), 12 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
|
||||||
|
index b5fc24663..b176dae1a 100644
|
||||||
|
--- a/dbus/dbus-sysdeps-unix.c
|
||||||
|
+++ b/dbus/dbus-sysdeps-unix.c
|
||||||
|
@@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
|
||||||
|
struct cmsghdr *cm;
|
||||||
|
dbus_bool_t found = FALSE;
|
||||||
|
|
||||||
|
- if (m.msg_flags & MSG_CTRUNC)
|
||||||
|
- {
|
||||||
|
- /* Hmm, apparently the control data was truncated. The bad
|
||||||
|
- thing is that we might have completely lost a couple of fds
|
||||||
|
- without chance to recover them. Hence let's treat this as a
|
||||||
|
- serious error. */
|
||||||
|
-
|
||||||
|
- errno = ENOSPC;
|
||||||
|
- _dbus_string_set_length (buffer, start);
|
||||||
|
- return -1;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm))
|
||||||
|
if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS)
|
||||||
|
{
|
||||||
|
@@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
|
||||||
|
if (!found)
|
||||||
|
*n_fds = 0;
|
||||||
|
|
||||||
|
+ if (m.msg_flags & MSG_CTRUNC)
|
||||||
|
+ {
|
||||||
|
+ unsigned int i;
|
||||||
|
+
|
||||||
|
+ /* Hmm, apparently the control data was truncated. The bad
|
||||||
|
+ thing is that we might have completely lost a couple of fds
|
||||||
|
+ without chance to recover them. Hence let's treat this as a
|
||||||
|
+ serious error. */
|
||||||
|
+
|
||||||
|
+ /* We still need to close whatever fds we *did* receive,
|
||||||
|
+ * otherwise they'll never get closed. (CVE-2020-12049) */
|
||||||
|
+ for (i = 0; i < *n_fds; i++)
|
||||||
|
+ close (fds[i]);
|
||||||
|
+
|
||||||
|
+ *n_fds = 0;
|
||||||
|
+ errno = ENOSPC;
|
||||||
|
+ _dbus_string_set_length (buffer, start);
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* put length back (doesn't actually realloc) */
|
||||||
|
_dbus_string_set_length (buffer, start + bytes_read);
|
||||||
|
|
||||||
|
--
|
||||||
|
GitLab
|
||||||
|
|
201
dbus-1.12.8-fix-fd-limit-change.patch
Normal file
201
dbus-1.12.8-fix-fd-limit-change.patch
Normal file
@ -0,0 +1,201 @@
|
|||||||
|
From 94bacc6955e563a7e698e53151a75323279a9f45 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Simon McVittie <smcv@collabora.com>
|
||||||
|
Date: Mon, 11 Mar 2019 09:03:39 +0000
|
||||||
|
Subject: [PATCH] bus: Try to raise soft fd limit to match hard limit
|
||||||
|
|
||||||
|
Linux systems have traditionally set the soft limit to 1024 and the hard
|
||||||
|
limit to 4096. Recent versions of systemd keep the soft fd limit at
|
||||||
|
1024 to avoid breaking programs that still use select(), but raise the
|
||||||
|
hard limit to 512*1024, while in recent Debian versions a complicated
|
||||||
|
interaction between components gives a soft limit of 1024 and a hard
|
||||||
|
limit of 1024*1024. If we can, we might as well elevate our soft limit
|
||||||
|
to match the hard limit, minimizing the chance that we will run out of
|
||||||
|
file descriptor slots.
|
||||||
|
|
||||||
|
Unlike the previous code to raise the hard and soft limits to at least
|
||||||
|
65536, we do this even if we don't have privileges: privileges are
|
||||||
|
unnecessary to raise the soft limit up to the hard limit.
|
||||||
|
|
||||||
|
If we *do* have privileges, we also continue to raise the hard and soft
|
||||||
|
limits to at least 65536 if they weren't already that high, making
|
||||||
|
it harder to carry out a denial of service attack on the system bus on
|
||||||
|
systems that use the traditional limit (CVE-2014-7824).
|
||||||
|
|
||||||
|
As was previously the case on the system bus, we'll drop the limits back
|
||||||
|
to our initial limits before we execute a subprocess for traditional
|
||||||
|
(non-systemd) activation, if enabled.
|
||||||
|
|
||||||
|
systemd activation doesn't involve us starting subprocesses at all,
|
||||||
|
so in both cases activated services will still inherit the same limits
|
||||||
|
they did previously.
|
||||||
|
|
||||||
|
This change also fixes a bug when the hard limit is very large but
|
||||||
|
the soft limit is not, for example seen as a regression when upgrading
|
||||||
|
to systemd >= 240 (Debian #928877). In such environments, dbus-daemon
|
||||||
|
would previously have changed its fd limit to 64K soft/64K hard. Because
|
||||||
|
this hard limit is less than its original hard limit, it was unable to
|
||||||
|
restore its original hard limit as intended when carrying out traditional
|
||||||
|
activation, leaving activated subprocesses with unintended limits (while
|
||||||
|
logging a warning).
|
||||||
|
|
||||||
|
Reviewed-by: Lennart Poettering <lennart@poettering.net>
|
||||||
|
[smcv: Correct a comment based on Lennart's review, reword commit message]
|
||||||
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
||||||
|
(cherry picked from commit 7eacbfece70f16bb54d0f3ac51f87ae398759ef5)
|
||||||
|
[smcv: Mention that this also fixes Debian #928877]
|
||||||
|
---
|
||||||
|
bus/bus.c | 8 ++---
|
||||||
|
dbus/dbus-sysdeps-util-unix.c | 64 +++++++++++++++++++++--------------
|
||||||
|
dbus/dbus-sysdeps-util-win.c | 3 +-
|
||||||
|
dbus/dbus-sysdeps.h | 3 +-
|
||||||
|
4 files changed, 44 insertions(+), 34 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/bus/bus.c b/bus/bus.c
|
||||||
|
index 30ce4e10..2ad8e789 100644
|
||||||
|
--- a/bus/bus.c
|
||||||
|
+++ b/bus/bus.c
|
||||||
|
@@ -693,11 +693,11 @@ raise_file_descriptor_limit (BusContext *context)
|
||||||
|
/* We used to compute a suitable rlimit based on the configured number
|
||||||
|
* of connections, but that breaks down as soon as we allow fd-passing,
|
||||||
|
* because each connection is allowed to pass 64 fds to us, and if
|
||||||
|
- * they all did, we'd hit kernel limits. We now hard-code 64k as a
|
||||||
|
- * good limit, like systemd does: that's enough to avoid DoS from
|
||||||
|
- * anything short of multiple uids conspiring against us.
|
||||||
|
+ * they all did, we'd hit kernel limits. We now hard-code a good
|
||||||
|
+ * limit that is enough to avoid DoS from anything short of multiple
|
||||||
|
+ * uids conspiring against us, much like systemd does.
|
||||||
|
*/
|
||||||
|
- if (!_dbus_rlimit_raise_fd_limit_if_privileged (65536, &error))
|
||||||
|
+ if (!_dbus_rlimit_raise_fd_limit (&error))
|
||||||
|
{
|
||||||
|
bus_context_log (context, DBUS_SYSTEM_LOG_WARNING,
|
||||||
|
"%s: %s", error.name, error.message);
|
||||||
|
diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c
|
||||||
|
index 2be5b779..7c4c3604 100644
|
||||||
|
--- a/dbus/dbus-sysdeps-util-unix.c
|
||||||
|
+++ b/dbus/dbus-sysdeps-util-unix.c
|
||||||
|
@@ -406,23 +406,15 @@ _dbus_rlimit_save_fd_limit (DBusError *error)
|
||||||
|
return self;
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* Enough fds that we shouldn't run out, even if several uids work
|
||||||
|
+ * together to carry out a denial-of-service attack. This happens to be
|
||||||
|
+ * the same number that systemd < 234 would normally use. */
|
||||||
|
+#define ENOUGH_FDS 65536
|
||||||
|
+
|
||||||
|
dbus_bool_t
|
||||||
|
-_dbus_rlimit_raise_fd_limit_if_privileged (unsigned int desired,
|
||||||
|
- DBusError *error)
|
||||||
|
+_dbus_rlimit_raise_fd_limit (DBusError *error)
|
||||||
|
{
|
||||||
|
- struct rlimit lim;
|
||||||
|
-
|
||||||
|
- /* No point to doing this practically speaking
|
||||||
|
- * if we're not uid 0. We expect the system
|
||||||
|
- * bus to use this before we change UID, and
|
||||||
|
- * the session bus takes the Linux default,
|
||||||
|
- * currently 1024 for cur and 4096 for max.
|
||||||
|
- */
|
||||||
|
- if (getuid () != 0)
|
||||||
|
- {
|
||||||
|
- /* not an error, we're probably the session bus */
|
||||||
|
- return TRUE;
|
||||||
|
- }
|
||||||
|
+ struct rlimit old, lim;
|
||||||
|
|
||||||
|
if (getrlimit (RLIMIT_NOFILE, &lim) < 0)
|
||||||
|
{
|
||||||
|
@@ -431,22 +423,43 @@ _dbus_rlimit_raise_fd_limit_if_privileged (unsigned int desired,
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (lim.rlim_cur == RLIM_INFINITY || lim.rlim_cur >= desired)
|
||||||
|
+ old = lim;
|
||||||
|
+
|
||||||
|
+ if (getuid () == 0)
|
||||||
|
{
|
||||||
|
- /* not an error, everything is fine */
|
||||||
|
- return TRUE;
|
||||||
|
+ /* We are privileged, so raise the soft limit to at least
|
||||||
|
+ * ENOUGH_FDS, and the hard limit to at least the desired soft
|
||||||
|
+ * limit. This assumes we can exercise CAP_SYS_RESOURCE on Linux,
|
||||||
|
+ * or other OSs' equivalents. */
|
||||||
|
+ if (lim.rlim_cur != RLIM_INFINITY &&
|
||||||
|
+ lim.rlim_cur < ENOUGH_FDS)
|
||||||
|
+ lim.rlim_cur = ENOUGH_FDS;
|
||||||
|
+
|
||||||
|
+ if (lim.rlim_max != RLIM_INFINITY &&
|
||||||
|
+ lim.rlim_max < lim.rlim_cur)
|
||||||
|
+ lim.rlim_max = lim.rlim_cur;
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* Ignore "maximum limit", assume we have the "superuser"
|
||||||
|
- * privileges. On Linux this is CAP_SYS_RESOURCE.
|
||||||
|
- */
|
||||||
|
- lim.rlim_cur = lim.rlim_max = desired;
|
||||||
|
+ /* Raise the soft limit to match the hard limit, which we can do even
|
||||||
|
+ * if we are unprivileged. In particular, systemd >= 240 will normally
|
||||||
|
+ * set rlim_cur to 1024 and rlim_max to 512*1024, recent Debian
|
||||||
|
+ * versions end up setting rlim_cur to 1024 and rlim_max to 1024*1024,
|
||||||
|
+ * and older and non-systemd Linux systems would typically set rlim_cur
|
||||||
|
+ * to 1024 and rlim_max to 4096. */
|
||||||
|
+ if (lim.rlim_max == RLIM_INFINITY || lim.rlim_cur < lim.rlim_max)
|
||||||
|
+ lim.rlim_cur = lim.rlim_max;
|
||||||
|
+
|
||||||
|
+ /* Early-return if there is nothing to do. */
|
||||||
|
+ if (lim.rlim_max == old.rlim_max &&
|
||||||
|
+ lim.rlim_cur == old.rlim_cur)
|
||||||
|
+ return TRUE;
|
||||||
|
|
||||||
|
if (setrlimit (RLIMIT_NOFILE, &lim) < 0)
|
||||||
|
{
|
||||||
|
dbus_set_error (error, _dbus_error_from_errno (errno),
|
||||||
|
- "Failed to set fd limit to %u: %s",
|
||||||
|
- desired, _dbus_strerror (errno));
|
||||||
|
+ "Failed to set fd limit to %lu: %s",
|
||||||
|
+ (unsigned long) lim.rlim_cur,
|
||||||
|
+ _dbus_strerror (errno));
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -485,8 +498,7 @@ _dbus_rlimit_save_fd_limit (DBusError *error)
|
||||||
|
}
|
||||||
|
|
||||||
|
dbus_bool_t
|
||||||
|
-_dbus_rlimit_raise_fd_limit_if_privileged (unsigned int desired,
|
||||||
|
- DBusError *error)
|
||||||
|
+_dbus_rlimit_raise_fd_limit (DBusError *error)
|
||||||
|
{
|
||||||
|
fd_limit_not_supported (error);
|
||||||
|
return FALSE;
|
||||||
|
diff --git a/dbus/dbus-sysdeps-util-win.c b/dbus/dbus-sysdeps-util-win.c
|
||||||
|
index 1ef4ae6c..1c1d9f7d 100644
|
||||||
|
--- a/dbus/dbus-sysdeps-util-win.c
|
||||||
|
+++ b/dbus/dbus-sysdeps-util-win.c
|
||||||
|
@@ -273,8 +273,7 @@ _dbus_rlimit_save_fd_limit (DBusError *error)
|
||||||
|
}
|
||||||
|
|
||||||
|
dbus_bool_t
|
||||||
|
-_dbus_rlimit_raise_fd_limit_if_privileged (unsigned int desired,
|
||||||
|
- DBusError *error)
|
||||||
|
+_dbus_rlimit_raise_fd_limit (DBusError *error)
|
||||||
|
{
|
||||||
|
fd_limit_not_supported (error);
|
||||||
|
return FALSE;
|
||||||
|
diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h
|
||||||
|
index ef786ecc..0b9d7696 100644
|
||||||
|
--- a/dbus/dbus-sysdeps.h
|
||||||
|
+++ b/dbus/dbus-sysdeps.h
|
||||||
|
@@ -698,8 +698,7 @@ dbus_bool_t _dbus_replace_install_prefix (DBusString *path);
|
||||||
|
typedef struct DBusRLimit DBusRLimit;
|
||||||
|
|
||||||
|
DBusRLimit *_dbus_rlimit_save_fd_limit (DBusError *error);
|
||||||
|
-dbus_bool_t _dbus_rlimit_raise_fd_limit_if_privileged (unsigned int desired,
|
||||||
|
- DBusError *error);
|
||||||
|
+dbus_bool_t _dbus_rlimit_raise_fd_limit (DBusError *error);
|
||||||
|
dbus_bool_t _dbus_rlimit_restore_fd_limit (DBusRLimit *saved,
|
||||||
|
DBusError *error);
|
||||||
|
void _dbus_rlimit_free (DBusRLimit *lim);
|
||||||
|
--
|
||||||
|
GitLab
|
||||||
|
|
17
dbus-kill-process-with-session
Normal file
17
dbus-kill-process-with-session
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# This script ensures the dbus-daemon is killed when the session closes.
|
||||||
|
# It's used by SSH sessions that have X forwarding (since the X display
|
||||||
|
# may outlive the session in those cases)
|
||||||
|
[ $# != 1 ] && exit 1
|
||||||
|
|
||||||
|
exec >& /dev/null
|
||||||
|
|
||||||
|
trap 'kill -TERM $1 $(jobs -p)' EXIT
|
||||||
|
|
||||||
|
export GVFS_DISABLE_FUSE=1
|
||||||
|
coproc SESSION_MONITOR (gio monitor -f "/run/systemd/sessions/${XDG_SESSION_ID}")
|
||||||
|
|
||||||
|
while grep -q ^State=active <(loginctl show-session $XDG_SESSION_ID)
|
||||||
|
do
|
||||||
|
read -u ${SESSION_MONITOR[0]}
|
||||||
|
done
|
1
sources
Normal file
1
sources
Normal file
@ -0,0 +1 @@
|
|||||||
|
SHA512 (dbus-1.12.8.tar.gz) = 8177898bf2db22e5c6abff0d9ffec8f248f0d155a83b7ae906c1ce3b61d289e7ba7bef9799102e6de3ca64198c7d293dccecf92c7e8b7403c1d9b1bb86e99ea3
|
10
ssh-x-forwarding.csh
Normal file
10
ssh-x-forwarding.csh
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# DBus session bus over SSH with X11 forwarding
|
||||||
|
if ( $?SSH_CONNECTION == 0 ) exit
|
||||||
|
if ( $?DISPLAY == 0 ) exit
|
||||||
|
if ( $SHLVL > 1 ) exit
|
||||||
|
setenv GDK_BACKEND x11
|
||||||
|
|
||||||
|
eval `dbus-launch --csh-syntax`
|
||||||
|
|
||||||
|
if ( $?DBUS_SESSION_BUS_PID == 0 ) exit
|
||||||
|
setsid -f /usr/libexec/dbus-1/dbus-kill-process-with-session $DBUS_SESSION_BUS_PID
|
12
ssh-x-forwarding.sh
Normal file
12
ssh-x-forwarding.sh
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
# DBus session bus over SSH with X11 forwarding
|
||||||
|
[ -z "$SSH_CONNECTION" ] && return
|
||||||
|
[ -z "$DISPLAY" ] && return
|
||||||
|
[ "${DISPLAY:0:1}" = ":" ] && return
|
||||||
|
[ "$SHLVL" -ne 1 ] && return
|
||||||
|
|
||||||
|
export GDK_BACKEND=x11
|
||||||
|
|
||||||
|
eval `dbus-launch --sh-syntax`
|
||||||
|
|
||||||
|
[ -z "$DBUS_SESSION_BUS_PID" ] && return
|
||||||
|
setsid -f /usr/libexec/dbus-1/dbus-kill-process-with-session "$DBUS_SESSION_BUS_PID"
|
Loading…
Reference in New Issue
Block a user