Compare commits
No commits in common. "c9s" and "c8" have entirely different histories.
1
.dbus.metadata
Normal file
1
.dbus.metadata
Normal file
@ -0,0 +1 @@
|
||||
8e50e46796e8297eaa633da3a61cdc79a500e34a SOURCES/dbus-1.12.8.tar.gz
|
@ -1 +0,0 @@
|
||||
1
|
51
.gitignore
vendored
51
.gitignore
vendored
@ -1,50 +1 @@
|
||||
/*.log
|
||||
/dbus-*/
|
||||
/*.src.rpm
|
||||
/noarch/
|
||||
/x86_64/
|
||||
/dbus-1.3.2.885483.tar.gz
|
||||
/dbus-1.4.0.tar.gz
|
||||
/dbus-1.4.10.tar.gz
|
||||
/dbus-1.4.20.tar.gz
|
||||
/dbus-1.6.0.tar.gz
|
||||
/dbus-1.6.6.tar.gz
|
||||
/dbus-1.6.8.tar.gz
|
||||
/dbus-1.6.12.tar.gz
|
||||
/dbus-1.6.18.tar.gz
|
||||
/dbus-1.8.4.tar.gz
|
||||
/dbus-1.8.6.tar.gz
|
||||
/dbus-1.8.12.tar.gz
|
||||
/dbus-1.8.14.tar.gz
|
||||
/dbus-1.8.16.tar.gz
|
||||
/dubs-1.9.14.tar.gz
|
||||
/dbus-1.9.16.tar.gz
|
||||
/dbus-1.9.18.tar.gz
|
||||
/dbus-1.9.20.tar.gz
|
||||
/dbus-1.10.0.tar.gz
|
||||
/dbus-1.10.2.tar.gz
|
||||
/dbus-1.10.4.tar.gz
|
||||
/dbus-1.10.6.tar.gz
|
||||
/dbus-1.11.0.tar.gz
|
||||
/dbus-1.11.2.tar.gz
|
||||
/dbus-1.11.4.tar.gz
|
||||
/dbus-1.11.6.tar.gz
|
||||
/dbus-1.11.8.tar.gz
|
||||
/dbus-1.11.10.tar.gz
|
||||
/dbus-1.11.12.tar.gz
|
||||
/dbus-1.11.14.tar.gz
|
||||
/dbus-1.11.16.tar.gz
|
||||
/dbus-1.11.18.tar.gz
|
||||
/dbus-1.11.20.tar.gz
|
||||
/dbus-1.11.22.tar.gz
|
||||
/dbus-1.12.0.tar.gz
|
||||
/dbus-1.12.8.tar.gz
|
||||
/dbus-1.12.10.tar.gz
|
||||
/dbus-1.12.12.tar.gz
|
||||
/dbus-1.12.14.tar.gz
|
||||
/dbus-1.12.16.tar.gz
|
||||
/dbus-1.12.16.tar.gz.asc
|
||||
/dbus-1.12.18.tar.gz
|
||||
/dbus-1.12.18.tar.gz.asc
|
||||
/dbus-1.12.20.tar.gz
|
||||
/dbus-1.12.20.tar.gz.asc
|
||||
SOURCES/dbus-1.12.8.tar.gz
|
||||
|
119
SOURCES/dbus-1.12.8-fix-CVE-2019-12749.patch
Normal file
119
SOURCES/dbus-1.12.8-fix-CVE-2019-12749.patch
Normal file
@ -0,0 +1,119 @@
|
||||
From 47b1a4c41004bf494b87370987b222c934b19016 Mon Sep 17 00:00:00 2001
|
||||
From: Simon McVittie <smcv@collabora.com>
|
||||
Date: Thu, 30 May 2019 12:53:03 +0100
|
||||
Subject: [PATCH] auth: Reject DBUS_COOKIE_SHA1 for users other than the server
|
||||
owner
|
||||
|
||||
The DBUS_COOKIE_SHA1 authentication mechanism aims to prove ownership
|
||||
of a shared home directory by having the server write a secret "cookie"
|
||||
into a .dbus-keyrings subdirectory of the desired identity's home
|
||||
directory with 0700 permissions, and having the client prove that it can
|
||||
read the cookie. This never actually worked for non-malicious clients in
|
||||
the case where server uid != client uid (unless the server and client
|
||||
both have privileges, such as Linux CAP_DAC_OVERRIDE or traditional
|
||||
Unix uid 0) because an unprivileged server would fail to write out the
|
||||
cookie, and an unprivileged client would be unable to read the resulting
|
||||
file owned by the server.
|
||||
|
||||
Additionally, since dbus 1.7.10 we have checked that ~/.dbus-keyrings
|
||||
is owned by the uid of the server (a side-effect of a check added to
|
||||
harden our use of XDG_RUNTIME_DIR), further ruling out successful use
|
||||
by a non-malicious client with a uid differing from the server's.
|
||||
|
||||
Joe Vennix of Apple Information Security discovered that the
|
||||
implementation of DBUS_COOKIE_SHA1 was susceptible to a symbolic link
|
||||
attack: a malicious client with write access to its own home directory
|
||||
could manipulate a ~/.dbus-keyrings symlink to cause the DBusServer to
|
||||
read and write in unintended locations. In the worst case this could
|
||||
result in the DBusServer reusing a cookie that is known to the
|
||||
malicious client, and treating that cookie as evidence that a subsequent
|
||||
client connection came from an attacker-chosen uid, allowing
|
||||
authentication bypass.
|
||||
|
||||
This is mitigated by the fact that by default, the well-known system
|
||||
dbus-daemon (since 2003) and the well-known session dbus-daemon (in
|
||||
stable releases since dbus 1.10.0 in 2015) only accept the EXTERNAL
|
||||
authentication mechanism, and as a result will reject DBUS_COOKIE_SHA1
|
||||
at an early stage, before manipulating cookies. As a result, this
|
||||
vulnerability only applies to:
|
||||
|
||||
* system or session dbus-daemons with non-standard configuration
|
||||
* third-party dbus-daemon invocations such as at-spi2-core (although
|
||||
in practice at-spi2-core also only accepts EXTERNAL by default)
|
||||
* third-party uses of DBusServer such as the one in Upstart
|
||||
|
||||
Avoiding symlink attacks in a portable way is difficult, because APIs
|
||||
like openat() and Linux /proc/self/fd are not universally available.
|
||||
However, because DBUS_COOKIE_SHA1 already doesn't work in practice for
|
||||
a non-matching uid, we can solve this vulnerability in an easier way
|
||||
without regressions, by rejecting it early (before looking at
|
||||
~/.dbus-keyrings) whenever the requested identity doesn't match the
|
||||
identity of the process hosting the DBusServer.
|
||||
|
||||
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
||||
Closes: https://gitlab.freedesktop.org/dbus/dbus/issues/269
|
||||
Closes: CVE-2019-12749
|
||||
---
|
||||
dbus/dbus-auth.c | 32 ++++++++++++++++++++++++++++++++
|
||||
1 file changed, 32 insertions(+)
|
||||
|
||||
diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c
|
||||
index 37d8d4c9..7390a9d5 100644
|
||||
--- a/dbus/dbus-auth.c
|
||||
+++ b/dbus/dbus-auth.c
|
||||
@@ -529,6 +529,7 @@ sha1_handle_first_client_response (DBusAuth *auth,
|
||||
DBusString tmp2;
|
||||
dbus_bool_t retval = FALSE;
|
||||
DBusError error = DBUS_ERROR_INIT;
|
||||
+ DBusCredentials *myself = NULL;
|
||||
|
||||
_dbus_string_set_length (&auth->challenge, 0);
|
||||
|
||||
@@ -565,6 +566,34 @@ sha1_handle_first_client_response (DBusAuth *auth,
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
+ myself = _dbus_credentials_new_from_current_process ();
|
||||
+
|
||||
+ if (myself == NULL)
|
||||
+ goto out;
|
||||
+
|
||||
+ if (!_dbus_credentials_same_user (myself, auth->desired_identity))
|
||||
+ {
|
||||
+ /*
|
||||
+ * DBUS_COOKIE_SHA1 is not suitable for authenticating that the
|
||||
+ * client is anyone other than the user owning the process
|
||||
+ * containing the DBusServer: we probably aren't allowed to write
|
||||
+ * to other users' home directories. Even if we can (for example
|
||||
+ * uid 0 on traditional Unix or CAP_DAC_OVERRIDE on Linux), we
|
||||
+ * must not, because the other user controls their home directory,
|
||||
+ * and could carry out symlink attacks to make us read from or
|
||||
+ * write to unintended locations. It's difficult to avoid symlink
|
||||
+ * attacks in a portable way, so we just don't try. This isn't a
|
||||
+ * regression, because DBUS_COOKIE_SHA1 never worked for other
|
||||
+ * users anyway.
|
||||
+ */
|
||||
+ _dbus_verbose ("%s: client tried to authenticate as \"%s\", "
|
||||
+ "but that doesn't match this process",
|
||||
+ DBUS_AUTH_NAME (auth),
|
||||
+ _dbus_string_get_const_data (data));
|
||||
+ retval = send_rejected (auth);
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
/* we cache the keyring for speed, so here we drop it if it's the
|
||||
* wrong one. FIXME caching the keyring here is useless since we use
|
||||
* a different DBusAuth for every connection.
|
||||
@@ -679,6 +708,9 @@ sha1_handle_first_client_response (DBusAuth *auth,
|
||||
_dbus_string_zero (&tmp2);
|
||||
_dbus_string_free (&tmp2);
|
||||
|
||||
+ if (myself != NULL)
|
||||
+ _dbus_credentials_unref (myself);
|
||||
+
|
||||
return retval;
|
||||
}
|
||||
|
||||
--
|
||||
2.21.0
|
||||
|
74
SOURCES/dbus-1.12.8-fix-CVE-2020-12049.patch
Normal file
74
SOURCES/dbus-1.12.8-fix-CVE-2020-12049.patch
Normal file
@ -0,0 +1,74 @@
|
||||
From 872b085f12f56da25a2dbd9bd0b2dff31d5aea63 Mon Sep 17 00:00:00 2001
|
||||
From: Simon McVittie <smcv@collabora.com>
|
||||
Date: Thu, 16 Apr 2020 14:45:11 +0100
|
||||
Subject: [PATCH] sysdeps-unix: On MSG_CTRUNC, close the fds we did receive
|
||||
|
||||
MSG_CTRUNC indicates that we have received fewer fds that we should
|
||||
have done because the buffer was too small, but we were treating it
|
||||
as though it indicated that we received *no* fds. If we received any,
|
||||
we still have to make sure we close them, otherwise they will be leaked.
|
||||
|
||||
On the system bus, if an attacker can induce us to leak fds in this
|
||||
way, that's a local denial of service via resource exhaustion.
|
||||
|
||||
Reported-by: Kevin Backhouse, GitHub Security Lab
|
||||
Fixes: dbus#294
|
||||
Fixes: CVE-2020-12049
|
||||
Fixes: GHSL-2020-057
|
||||
---
|
||||
dbus/dbus-sysdeps-unix.c | 32 ++++++++++++++++++++------------
|
||||
1 file changed, 20 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
|
||||
index b5fc24663..b176dae1a 100644
|
||||
--- a/dbus/dbus-sysdeps-unix.c
|
||||
+++ b/dbus/dbus-sysdeps-unix.c
|
||||
@@ -435,18 +435,6 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
|
||||
struct cmsghdr *cm;
|
||||
dbus_bool_t found = FALSE;
|
||||
|
||||
- if (m.msg_flags & MSG_CTRUNC)
|
||||
- {
|
||||
- /* Hmm, apparently the control data was truncated. The bad
|
||||
- thing is that we might have completely lost a couple of fds
|
||||
- without chance to recover them. Hence let's treat this as a
|
||||
- serious error. */
|
||||
-
|
||||
- errno = ENOSPC;
|
||||
- _dbus_string_set_length (buffer, start);
|
||||
- return -1;
|
||||
- }
|
||||
-
|
||||
for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm))
|
||||
if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS)
|
||||
{
|
||||
@@ -501,6 +489,26 @@ _dbus_read_socket_with_unix_fds (DBusSocket fd,
|
||||
if (!found)
|
||||
*n_fds = 0;
|
||||
|
||||
+ if (m.msg_flags & MSG_CTRUNC)
|
||||
+ {
|
||||
+ unsigned int i;
|
||||
+
|
||||
+ /* Hmm, apparently the control data was truncated. The bad
|
||||
+ thing is that we might have completely lost a couple of fds
|
||||
+ without chance to recover them. Hence let's treat this as a
|
||||
+ serious error. */
|
||||
+
|
||||
+ /* We still need to close whatever fds we *did* receive,
|
||||
+ * otherwise they'll never get closed. (CVE-2020-12049) */
|
||||
+ for (i = 0; i < *n_fds; i++)
|
||||
+ close (fds[i]);
|
||||
+
|
||||
+ *n_fds = 0;
|
||||
+ errno = ENOSPC;
|
||||
+ _dbus_string_set_length (buffer, start);
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
/* put length back (doesn't actually realloc) */
|
||||
_dbus_string_set_length (buffer, start + bytes_read);
|
||||
|
||||
--
|
||||
GitLab
|
||||
|
@ -1,7 +1,50 @@
|
||||
From b159849e031000d1dbc1ab876b5fc78a3ce9b534 Mon Sep 17 00:00:00 2001
|
||||
From 3a1b1e9a4010e581e2e940e61d37c4f617eb5eff Mon Sep 17 00:00:00 2001
|
||||
From: Simon McVittie <smcv@collabora.com>
|
||||
Date: Mon, 5 Jun 2023 17:56:33 +0100
|
||||
Subject: [PATCH 1/3] monitor test: Log the messages that we monitored
|
||||
|
||||
This is helpful while debugging test failures.
|
||||
|
||||
Helps: dbus/dbus#457
|
||||
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
||||
(cherry picked from commit 8ee5d3e04420975107c27073b50f8758871a998b)
|
||||
---
|
||||
test/monitor.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/test/monitor.c b/test/monitor.c
|
||||
index df5a7180..182110f8 100644
|
||||
--- a/test/monitor.c
|
||||
+++ b/test/monitor.c
|
||||
@@ -196,6 +196,10 @@ _log_message (DBusMessage *m,
|
||||
not_null (dbus_message_get_signature (m)));
|
||||
g_test_message ("\terror name: %s",
|
||||
not_null (dbus_message_get_error_name (m)));
|
||||
+ g_test_message ("\tserial number: %u",
|
||||
+ dbus_message_get_serial (m));
|
||||
+ g_test_message ("\tin reply to: %u",
|
||||
+ dbus_message_get_reply_serial (m));
|
||||
|
||||
if (strcmp ("s", dbus_message_get_signature (m)) == 0)
|
||||
{
|
||||
@@ -339,6 +343,9 @@ monitor_filter (DBusConnection *connection,
|
||||
{
|
||||
Fixture *f = user_data;
|
||||
|
||||
+ g_test_message ("Monitor received message:");
|
||||
+ log_message (message);
|
||||
+
|
||||
g_assert_cmpstr (dbus_message_get_interface (message), !=,
|
||||
"com.example.Tedious");
|
||||
|
||||
--
|
||||
2.41.0
|
||||
|
||||
|
||||
From 37a4dc5835731a1f7a81f1b67c45b8dfb556dd1c Mon Sep 17 00:00:00 2001
|
||||
From: hongjinghao <q1204531485@163.com>
|
||||
Date: Mon, 5 Jun 2023 18:17:06 +0100
|
||||
Subject: [PATCH 1/2] bus: Assign a serial number for messages from the driver
|
||||
Subject: [PATCH 2/3] bus: Assign a serial number for messages from the driver
|
||||
|
||||
Normally, it's enough to rely on a message being given a serial number
|
||||
by the DBusConnection just before it is actually sent. However, in the
|
||||
@ -23,6 +66,7 @@ the vulnerable code is not reached.
|
||||
|
||||
Co-authored-by: Simon McVittie <smcv@collabora.com>
|
||||
Resolves: dbus/dbus#457
|
||||
(cherry picked from commit b159849e031000d1dbc1ab876b5fc78a3ce9b534)
|
||||
---
|
||||
bus/connection.c | 15 +++++++++++++++
|
||||
dbus/dbus-connection-internal.h | 2 ++
|
||||
@ -30,10 +74,10 @@ Resolves: dbus/dbus#457
|
||||
3 files changed, 27 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/bus/connection.c b/bus/connection.c
|
||||
index a41b790b..4d46992c 100644
|
||||
index b3583433..215f0230 100644
|
||||
--- a/bus/connection.c
|
||||
+++ b/bus/connection.c
|
||||
@@ -2376,6 +2376,21 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
|
||||
@@ -2350,6 +2350,21 @@ bus_transaction_send_from_driver (BusTransaction *transaction,
|
||||
if (!dbus_message_set_sender (message, DBUS_SERVICE_DBUS))
|
||||
return FALSE;
|
||||
|
||||
@ -56,10 +100,10 @@ index a41b790b..4d46992c 100644
|
||||
{
|
||||
if (!dbus_message_set_destination (message,
|
||||
diff --git a/dbus/dbus-connection-internal.h b/dbus/dbus-connection-internal.h
|
||||
index 912b546e..747e6e54 100644
|
||||
index 48357321..ba79b192 100644
|
||||
--- a/dbus/dbus-connection-internal.h
|
||||
+++ b/dbus/dbus-connection-internal.h
|
||||
@@ -57,6 +57,8 @@ DBUS_PRIVATE_EXPORT
|
||||
@@ -54,6 +54,8 @@ DBUS_PRIVATE_EXPORT
|
||||
DBusConnection * _dbus_connection_ref_unlocked (DBusConnection *connection);
|
||||
DBUS_PRIVATE_EXPORT
|
||||
void _dbus_connection_unref_unlocked (DBusConnection *connection);
|
||||
@ -69,10 +113,10 @@ index 912b546e..747e6e54 100644
|
||||
DBusList *link);
|
||||
dbus_bool_t _dbus_connection_has_messages_to_send_unlocked (DBusConnection *connection);
|
||||
diff --git a/dbus/dbus-connection.c b/dbus/dbus-connection.c
|
||||
index 105bdf4e..34380293 100644
|
||||
index c525b6dc..09cef278 100644
|
||||
--- a/dbus/dbus-connection.c
|
||||
+++ b/dbus/dbus-connection.c
|
||||
@@ -1461,7 +1461,16 @@ _dbus_connection_unref_unlocked (DBusConnection *connection)
|
||||
@@ -1456,7 +1456,16 @@ _dbus_connection_unref_unlocked (DBusConnection *connection)
|
||||
_dbus_connection_last_unref (connection);
|
||||
}
|
||||
|
||||
@ -91,13 +135,13 @@ index 105bdf4e..34380293 100644
|
||||
{
|
||||
dbus_uint32_t serial;
|
||||
--
|
||||
2.40.1
|
||||
2.41.0
|
||||
|
||||
|
||||
From 986611ad0f7f67a3693e5672cd66bc608c00b228 Mon Sep 17 00:00:00 2001
|
||||
From 2c699f6ba9c162878c69d0728298c1ab7308db72 Mon Sep 17 00:00:00 2001
|
||||
From: Simon McVittie <smcv@collabora.com>
|
||||
Date: Mon, 5 Jun 2023 18:51:22 +0100
|
||||
Subject: [PATCH 2/2] monitor test: Reproduce dbus/dbus#457
|
||||
Subject: [PATCH 3/3] monitor test: Reproduce dbus/dbus#457
|
||||
|
||||
The exact failure mode reported in dbus/dbus#457 is quite difficult
|
||||
to achieve in a reliable way in a unit test, because we'd have to send
|
||||
@ -108,6 +152,7 @@ slightly different way by not allowing the client to receive a
|
||||
particular message. I chose NameAcquired.
|
||||
|
||||
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
||||
(cherry picked from commit 986611ad0f7f67a3693e5672cd66bc608c00b228)
|
||||
---
|
||||
.../valid-config-files/forbidding.conf.in | 3 +
|
||||
test/monitor.c | 77 ++++++++++++++++---
|
||||
@ -127,7 +172,7 @@ index d145613c..58b3cc6a 100644
|
||||
</policy>
|
||||
</busconfig>
|
||||
diff --git a/test/monitor.c b/test/monitor.c
|
||||
index d5a54b00..846a980c 100644
|
||||
index 182110f8..42e0734d 100644
|
||||
--- a/test/monitor.c
|
||||
+++ b/test/monitor.c
|
||||
@@ -155,6 +155,21 @@ static Config side_effects_config = {
|
||||
@ -199,7 +244,7 @@ index d5a54b00..846a980c 100644
|
||||
/* This is called after processing pending replies to our own method
|
||||
* calls, but before anything else.
|
||||
*/
|
||||
@@ -727,6 +761,11 @@ test_become_monitor (Fixture *f,
|
||||
@@ -797,6 +831,11 @@ test_become_monitor (Fixture *f,
|
||||
test_assert_no_error (&f->e);
|
||||
g_assert_cmpint (ret, ==, DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER);
|
||||
|
||||
@ -211,7 +256,7 @@ index d5a54b00..846a980c 100644
|
||||
while (!got_unique || !got_a || !got_b || !got_c)
|
||||
{
|
||||
if (g_queue_is_empty (&f->monitored))
|
||||
@@ -1378,6 +1417,7 @@ test_dbus_daemon (Fixture *f,
|
||||
@@ -1448,6 +1487,7 @@ test_dbus_daemon (Fixture *f,
|
||||
{
|
||||
DBusMessage *m;
|
||||
int res;
|
||||
@ -219,7 +264,7 @@ index d5a54b00..846a980c 100644
|
||||
|
||||
if (f->address == NULL)
|
||||
return;
|
||||
@@ -1393,7 +1433,12 @@ test_dbus_daemon (Fixture *f,
|
||||
@@ -1463,7 +1503,12 @@ test_dbus_daemon (Fixture *f,
|
||||
test_assert_no_error (&f->e);
|
||||
g_assert_cmpint (res, ==, DBUS_RELEASE_NAME_REPLY_RELEASED);
|
||||
|
||||
@ -233,7 +278,7 @@ index d5a54b00..846a980c 100644
|
||||
test_main_context_iterate (f->ctx, TRUE);
|
||||
|
||||
m = g_queue_pop_head (&f->monitored);
|
||||
@@ -1406,10 +1451,12 @@ test_dbus_daemon (Fixture *f,
|
||||
@@ -1476,10 +1521,12 @@ test_dbus_daemon (Fixture *f,
|
||||
"NameOwnerChanged", "sss", NULL);
|
||||
dbus_message_unref (m);
|
||||
|
||||
@ -249,7 +294,7 @@ index d5a54b00..846a980c 100644
|
||||
dbus_message_unref (m);
|
||||
|
||||
m = g_queue_pop_head (&f->monitored);
|
||||
@@ -1631,8 +1678,14 @@ static void
|
||||
@@ -1701,8 +1748,14 @@ static void
|
||||
expect_new_connection (Fixture *f)
|
||||
{
|
||||
DBusMessage *m;
|
||||
@ -265,7 +310,7 @@ index d5a54b00..846a980c 100644
|
||||
test_main_context_iterate (f->ctx, TRUE);
|
||||
|
||||
m = g_queue_pop_head (&f->monitored);
|
||||
@@ -1649,7 +1702,11 @@ expect_new_connection (Fixture *f)
|
||||
@@ -1719,7 +1772,11 @@ expect_new_connection (Fixture *f)
|
||||
dbus_message_unref (m);
|
||||
|
||||
m = g_queue_pop_head (&f->monitored);
|
||||
@ -278,7 +323,7 @@ index d5a54b00..846a980c 100644
|
||||
dbus_message_unref (m);
|
||||
}
|
||||
|
||||
@@ -1988,6 +2045,8 @@ main (int argc,
|
||||
@@ -2044,6 +2101,8 @@ main (int argc,
|
||||
setup, test_method_call, teardown);
|
||||
g_test_add ("/monitor/forbidden-method", Fixture, &forbidding_config,
|
||||
setup, test_forbidden_method_call, teardown);
|
||||
@ -288,5 +333,5 @@ index d5a54b00..846a980c 100644
|
||||
setup, test_dbus_daemon, teardown);
|
||||
g_test_add ("/monitor/selective", Fixture, &selective_config,
|
||||
--
|
||||
2.40.1
|
||||
2.41.0
|
||||
|
201
SOURCES/dbus-1.12.8-fix-fd-limit-change.patch
Normal file
201
SOURCES/dbus-1.12.8-fix-fd-limit-change.patch
Normal file
@ -0,0 +1,201 @@
|
||||
From 94bacc6955e563a7e698e53151a75323279a9f45 Mon Sep 17 00:00:00 2001
|
||||
From: Simon McVittie <smcv@collabora.com>
|
||||
Date: Mon, 11 Mar 2019 09:03:39 +0000
|
||||
Subject: [PATCH] bus: Try to raise soft fd limit to match hard limit
|
||||
|
||||
Linux systems have traditionally set the soft limit to 1024 and the hard
|
||||
limit to 4096. Recent versions of systemd keep the soft fd limit at
|
||||
1024 to avoid breaking programs that still use select(), but raise the
|
||||
hard limit to 512*1024, while in recent Debian versions a complicated
|
||||
interaction between components gives a soft limit of 1024 and a hard
|
||||
limit of 1024*1024. If we can, we might as well elevate our soft limit
|
||||
to match the hard limit, minimizing the chance that we will run out of
|
||||
file descriptor slots.
|
||||
|
||||
Unlike the previous code to raise the hard and soft limits to at least
|
||||
65536, we do this even if we don't have privileges: privileges are
|
||||
unnecessary to raise the soft limit up to the hard limit.
|
||||
|
||||
If we *do* have privileges, we also continue to raise the hard and soft
|
||||
limits to at least 65536 if they weren't already that high, making
|
||||
it harder to carry out a denial of service attack on the system bus on
|
||||
systems that use the traditional limit (CVE-2014-7824).
|
||||
|
||||
As was previously the case on the system bus, we'll drop the limits back
|
||||
to our initial limits before we execute a subprocess for traditional
|
||||
(non-systemd) activation, if enabled.
|
||||
|
||||
systemd activation doesn't involve us starting subprocesses at all,
|
||||
so in both cases activated services will still inherit the same limits
|
||||
they did previously.
|
||||
|
||||
This change also fixes a bug when the hard limit is very large but
|
||||
the soft limit is not, for example seen as a regression when upgrading
|
||||
to systemd >= 240 (Debian #928877). In such environments, dbus-daemon
|
||||
would previously have changed its fd limit to 64K soft/64K hard. Because
|
||||
this hard limit is less than its original hard limit, it was unable to
|
||||
restore its original hard limit as intended when carrying out traditional
|
||||
activation, leaving activated subprocesses with unintended limits (while
|
||||
logging a warning).
|
||||
|
||||
Reviewed-by: Lennart Poettering <lennart@poettering.net>
|
||||
[smcv: Correct a comment based on Lennart's review, reword commit message]
|
||||
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
||||
(cherry picked from commit 7eacbfece70f16bb54d0f3ac51f87ae398759ef5)
|
||||
[smcv: Mention that this also fixes Debian #928877]
|
||||
---
|
||||
bus/bus.c | 8 ++---
|
||||
dbus/dbus-sysdeps-util-unix.c | 64 +++++++++++++++++++++--------------
|
||||
dbus/dbus-sysdeps-util-win.c | 3 +-
|
||||
dbus/dbus-sysdeps.h | 3 +-
|
||||
4 files changed, 44 insertions(+), 34 deletions(-)
|
||||
|
||||
diff --git a/bus/bus.c b/bus/bus.c
|
||||
index 30ce4e10..2ad8e789 100644
|
||||
--- a/bus/bus.c
|
||||
+++ b/bus/bus.c
|
||||
@@ -693,11 +693,11 @@ raise_file_descriptor_limit (BusContext *context)
|
||||
/* We used to compute a suitable rlimit based on the configured number
|
||||
* of connections, but that breaks down as soon as we allow fd-passing,
|
||||
* because each connection is allowed to pass 64 fds to us, and if
|
||||
- * they all did, we'd hit kernel limits. We now hard-code 64k as a
|
||||
- * good limit, like systemd does: that's enough to avoid DoS from
|
||||
- * anything short of multiple uids conspiring against us.
|
||||
+ * they all did, we'd hit kernel limits. We now hard-code a good
|
||||
+ * limit that is enough to avoid DoS from anything short of multiple
|
||||
+ * uids conspiring against us, much like systemd does.
|
||||
*/
|
||||
- if (!_dbus_rlimit_raise_fd_limit_if_privileged (65536, &error))
|
||||
+ if (!_dbus_rlimit_raise_fd_limit (&error))
|
||||
{
|
||||
bus_context_log (context, DBUS_SYSTEM_LOG_WARNING,
|
||||
"%s: %s", error.name, error.message);
|
||||
diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c
|
||||
index 2be5b779..7c4c3604 100644
|
||||
--- a/dbus/dbus-sysdeps-util-unix.c
|
||||
+++ b/dbus/dbus-sysdeps-util-unix.c
|
||||
@@ -406,23 +406,15 @@ _dbus_rlimit_save_fd_limit (DBusError *error)
|
||||
return self;
|
||||
}
|
||||
|
||||
+/* Enough fds that we shouldn't run out, even if several uids work
|
||||
+ * together to carry out a denial-of-service attack. This happens to be
|
||||
+ * the same number that systemd < 234 would normally use. */
|
||||
+#define ENOUGH_FDS 65536
|
||||
+
|
||||
dbus_bool_t
|
||||
-_dbus_rlimit_raise_fd_limit_if_privileged (unsigned int desired,
|
||||
- DBusError *error)
|
||||
+_dbus_rlimit_raise_fd_limit (DBusError *error)
|
||||
{
|
||||
- struct rlimit lim;
|
||||
-
|
||||
- /* No point to doing this practically speaking
|
||||
- * if we're not uid 0. We expect the system
|
||||
- * bus to use this before we change UID, and
|
||||
- * the session bus takes the Linux default,
|
||||
- * currently 1024 for cur and 4096 for max.
|
||||
- */
|
||||
- if (getuid () != 0)
|
||||
- {
|
||||
- /* not an error, we're probably the session bus */
|
||||
- return TRUE;
|
||||
- }
|
||||
+ struct rlimit old, lim;
|
||||
|
||||
if (getrlimit (RLIMIT_NOFILE, &lim) < 0)
|
||||
{
|
||||
@@ -431,22 +423,43 @@ _dbus_rlimit_raise_fd_limit_if_privileged (unsigned int desired,
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
- if (lim.rlim_cur == RLIM_INFINITY || lim.rlim_cur >= desired)
|
||||
+ old = lim;
|
||||
+
|
||||
+ if (getuid () == 0)
|
||||
{
|
||||
- /* not an error, everything is fine */
|
||||
- return TRUE;
|
||||
+ /* We are privileged, so raise the soft limit to at least
|
||||
+ * ENOUGH_FDS, and the hard limit to at least the desired soft
|
||||
+ * limit. This assumes we can exercise CAP_SYS_RESOURCE on Linux,
|
||||
+ * or other OSs' equivalents. */
|
||||
+ if (lim.rlim_cur != RLIM_INFINITY &&
|
||||
+ lim.rlim_cur < ENOUGH_FDS)
|
||||
+ lim.rlim_cur = ENOUGH_FDS;
|
||||
+
|
||||
+ if (lim.rlim_max != RLIM_INFINITY &&
|
||||
+ lim.rlim_max < lim.rlim_cur)
|
||||
+ lim.rlim_max = lim.rlim_cur;
|
||||
}
|
||||
|
||||
- /* Ignore "maximum limit", assume we have the "superuser"
|
||||
- * privileges. On Linux this is CAP_SYS_RESOURCE.
|
||||
- */
|
||||
- lim.rlim_cur = lim.rlim_max = desired;
|
||||
+ /* Raise the soft limit to match the hard limit, which we can do even
|
||||
+ * if we are unprivileged. In particular, systemd >= 240 will normally
|
||||
+ * set rlim_cur to 1024 and rlim_max to 512*1024, recent Debian
|
||||
+ * versions end up setting rlim_cur to 1024 and rlim_max to 1024*1024,
|
||||
+ * and older and non-systemd Linux systems would typically set rlim_cur
|
||||
+ * to 1024 and rlim_max to 4096. */
|
||||
+ if (lim.rlim_max == RLIM_INFINITY || lim.rlim_cur < lim.rlim_max)
|
||||
+ lim.rlim_cur = lim.rlim_max;
|
||||
+
|
||||
+ /* Early-return if there is nothing to do. */
|
||||
+ if (lim.rlim_max == old.rlim_max &&
|
||||
+ lim.rlim_cur == old.rlim_cur)
|
||||
+ return TRUE;
|
||||
|
||||
if (setrlimit (RLIMIT_NOFILE, &lim) < 0)
|
||||
{
|
||||
dbus_set_error (error, _dbus_error_from_errno (errno),
|
||||
- "Failed to set fd limit to %u: %s",
|
||||
- desired, _dbus_strerror (errno));
|
||||
+ "Failed to set fd limit to %lu: %s",
|
||||
+ (unsigned long) lim.rlim_cur,
|
||||
+ _dbus_strerror (errno));
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -485,8 +498,7 @@ _dbus_rlimit_save_fd_limit (DBusError *error)
|
||||
}
|
||||
|
||||
dbus_bool_t
|
||||
-_dbus_rlimit_raise_fd_limit_if_privileged (unsigned int desired,
|
||||
- DBusError *error)
|
||||
+_dbus_rlimit_raise_fd_limit (DBusError *error)
|
||||
{
|
||||
fd_limit_not_supported (error);
|
||||
return FALSE;
|
||||
diff --git a/dbus/dbus-sysdeps-util-win.c b/dbus/dbus-sysdeps-util-win.c
|
||||
index 1ef4ae6c..1c1d9f7d 100644
|
||||
--- a/dbus/dbus-sysdeps-util-win.c
|
||||
+++ b/dbus/dbus-sysdeps-util-win.c
|
||||
@@ -273,8 +273,7 @@ _dbus_rlimit_save_fd_limit (DBusError *error)
|
||||
}
|
||||
|
||||
dbus_bool_t
|
||||
-_dbus_rlimit_raise_fd_limit_if_privileged (unsigned int desired,
|
||||
- DBusError *error)
|
||||
+_dbus_rlimit_raise_fd_limit (DBusError *error)
|
||||
{
|
||||
fd_limit_not_supported (error);
|
||||
return FALSE;
|
||||
diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h
|
||||
index ef786ecc..0b9d7696 100644
|
||||
--- a/dbus/dbus-sysdeps.h
|
||||
+++ b/dbus/dbus-sysdeps.h
|
||||
@@ -698,8 +698,7 @@ dbus_bool_t _dbus_replace_install_prefix (DBusString *path);
|
||||
typedef struct DBusRLimit DBusRLimit;
|
||||
|
||||
DBusRLimit *_dbus_rlimit_save_fd_limit (DBusError *error);
|
||||
-dbus_bool_t _dbus_rlimit_raise_fd_limit_if_privileged (unsigned int desired,
|
||||
- DBusError *error);
|
||||
+dbus_bool_t _dbus_rlimit_raise_fd_limit (DBusError *error);
|
||||
dbus_bool_t _dbus_rlimit_restore_fd_limit (DBusRLimit *saved,
|
||||
DBusError *error);
|
||||
void _dbus_rlimit_free (DBusRLimit *lim);
|
||||
--
|
||||
GitLab
|
||||
|
30
SOURCES/dbus-kill-process-with-session
Normal file
30
SOURCES/dbus-kill-process-with-session
Normal file
@ -0,0 +1,30 @@
|
||||
#!/bin/bash
|
||||
# This script ensures the dbus-daemon is killed when the session closes.
|
||||
# It's used by SSH sessions that have X forwarding (since the X display
|
||||
# may outlive the session in those cases)
|
||||
[ $# != 1 ] && exit 1
|
||||
|
||||
exec >& /dev/null
|
||||
|
||||
MONITOR_READY_FILE=$(mktemp dbus-session-monitor.XXXXXX --tmpdir)
|
||||
DBUS_SESSIONS="${XDG_RUNTIME_DIR}/dbus-1/sessions"
|
||||
DBUS_SESSION_ADDRESS_FILE="${DBUS_SESSIONS}/${XDG_SESSION_ID}"
|
||||
|
||||
trap 'rm -f "${MONITOR_READY_FILE}"; rm -f "${DBUS_SESSION_ADDRESS_FILE}"; kill -TERM $1; kill -HUP $(jobs -p)' EXIT
|
||||
|
||||
export GVFS_DISABLE_FUSE=1
|
||||
coproc SESSION_MONITOR (gio monitor -f "/run/systemd/sessions/${XDG_SESSION_ID}" "${MONITOR_READY_FILE}")
|
||||
|
||||
# Poll until the gio monitor command is actively monitoring
|
||||
until
|
||||
touch "${MONITOR_READY_FILE}"
|
||||
read -t 0.5 -u ${SESSION_MONITOR[0]}
|
||||
do
|
||||
continue
|
||||
done
|
||||
|
||||
# Block until the session is closed
|
||||
while grep -q ^State=active <(loginctl show-session $XDG_SESSION_ID)
|
||||
do
|
||||
read -u ${SESSION_MONITOR[0]}
|
||||
done
|
24
SOURCES/ssh-x-forwarding.csh
Normal file
24
SOURCES/ssh-x-forwarding.csh
Normal file
@ -0,0 +1,24 @@
|
||||
# DBus session bus over SSH with X11 forwarding
|
||||
if ( $?SSH_CONNECTION == 0 ) exit
|
||||
if ( $?XDG_SESSION_ID == 0) exit
|
||||
if ( $?DISPLAY == 0 ) exit
|
||||
if ( $SHLVL > 1 ) exit
|
||||
|
||||
set DBUS_SESSIONS = "${XDG_RUNTIME_DIR}/dbus-1/sessions"
|
||||
set DBUS_SESSION_ADDRESS_FILE = "${DBUS_SESSIONS}/${XDG_SESSION_ID}"
|
||||
|
||||
if ( -e "${DBUS_SESSION_ADDRESS_FILE}" ) then
|
||||
setenv DBUS_SESSION_BUS_ADDRESS "`cat ${DBUS_SESSION_ADDRESS_FILE}`"
|
||||
exit
|
||||
endif
|
||||
|
||||
setenv GDK_BACKEND x11
|
||||
|
||||
eval `dbus-launch --csh-syntax`
|
||||
|
||||
if ( $?DBUS_SESSION_BUS_PID == 0 ) exit
|
||||
|
||||
mkdir -p "${DBUS_SESSIONS}"
|
||||
echo "${DBUS_SESSION_BUS_ADDRESS}" > "${DBUS_SESSION_ADDRESS_FILE}"
|
||||
|
||||
setsid -f /usr/libexec/dbus-1/dbus-kill-process-with-session $DBUS_SESSION_BUS_PID
|
25
SOURCES/ssh-x-forwarding.sh
Normal file
25
SOURCES/ssh-x-forwarding.sh
Normal file
@ -0,0 +1,25 @@
|
||||
# DBus session bus over SSH with X11 forwarding
|
||||
[ -z "$SSH_CONNECTION" ] && return
|
||||
[ -z "$XDG_SESSION_ID" ] && return
|
||||
[ -z "$DISPLAY" ] && return
|
||||
[ "${DISPLAY:0:1}" = ":" ] && return
|
||||
[ "$SHLVL" -ne 1 ] && return
|
||||
|
||||
DBUS_SESSIONS="${XDG_RUNTIME_DIR}/dbus-1/sessions"
|
||||
DBUS_SESSION_ADDRESS_FILE="${DBUS_SESSIONS}/${XDG_SESSION_ID}"
|
||||
|
||||
if [ -e "${DBUS_SESSION_ADDRESS_FILE}" ]; then
|
||||
export DBUS_SESSION_BUS_ADDRESS="$(cat ${DBUS_SESSION_ADDRESS_FILE})"
|
||||
return
|
||||
fi
|
||||
|
||||
export GDK_BACKEND=x11
|
||||
|
||||
eval `dbus-launch --sh-syntax`
|
||||
|
||||
[ -z "$DBUS_SESSION_BUS_PID" ] && return
|
||||
|
||||
mkdir -p "${DBUS_SESSIONS}"
|
||||
echo "${DBUS_SESSION_BUS_ADDRESS}" > "${DBUS_SESSION_ADDRESS_FILE}"
|
||||
|
||||
setsid -f /usr/libexec/dbus-1/dbus-kill-process-with-session "$DBUS_SESSION_BUS_PID"
|
@ -5,10 +5,6 @@
|
||||
|
||||
%global libselinux_version 2.0.86
|
||||
|
||||
# fedora-release-30-0.2 and generic-release-0.1 added required presets to enable systemd-unit symlinks
|
||||
%global fedora_release_version 30-0.2
|
||||
%global generic_release_version 30-0.1
|
||||
|
||||
%global dbus_user_uid 81
|
||||
|
||||
%global dbus_common_config_opts --enable-libaudit --enable-selinux=yes --with-system-socket=/run/dbus/system_bus_socket --with-dbus-user=dbus --libexecdir=/%{_libexecdir}/dbus-1 --enable-user-session --docdir=%{_pkgdocdir} --enable-installed-tests
|
||||
@ -22,40 +18,41 @@
|
||||
|
||||
Name: dbus
|
||||
Epoch: 1
|
||||
Version: 1.12.20
|
||||
Release: 8%{?dist}
|
||||
Version: 1.12.8
|
||||
Release: 26%{?dist}
|
||||
Summary: D-BUS message bus
|
||||
|
||||
Group: System Environment/Libraries
|
||||
# The effective license of the majority of the package, including the shared
|
||||
# library, is "GPL-2+ or AFL-2.1". Certain utilities are "GPL-2+" only.
|
||||
License: (GPLv2+ or AFL) and GPLv2+
|
||||
URL: http://www.freedesktop.org/Software/dbus/
|
||||
#VCS: git:git://git.freedesktop.org/git/dbus/dbus
|
||||
Source0: https://dbus.freedesktop.org/releases/%{name}/%{name}-%{version}.tar.gz
|
||||
Source1: https://dbus.freedesktop.org/releases/%{name}/%{name}-%{version}.tar.gz.asc
|
||||
# gpg --keyserver keyring.debian.org --recv-keys 36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F
|
||||
# gpg --export --export-options export-minimal > gpgkey-36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F.gpg
|
||||
Source2: gpgkey-36EC5A6448A4F5EF79BEFE98E05AE1478F814C4F.gpg
|
||||
Source3: 00-start-message-bus.sh
|
||||
Source4: dbus.socket
|
||||
Source5: dbus-daemon.service
|
||||
Source6: dbus.user.socket
|
||||
Source7: dbus-daemon.user.service
|
||||
Source8: dbus-systemd-sysusers.conf
|
||||
Source1: 00-start-message-bus.sh
|
||||
Source2: ssh-x-forwarding.csh
|
||||
Source3: ssh-x-forwarding.sh
|
||||
Source4: dbus-kill-process-with-session
|
||||
Source5: dbus-systemd-sysusers.conf
|
||||
Patch0: 0001-tools-Use-Python3-for-GetAllMatchRules.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2133647
|
||||
Patch1: dbus-1.12.20-CVE-2022-42010.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2133641
|
||||
Patch2: dbus-1.12.20-CVE-2022-42011.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2133635
|
||||
Patch3: dbus-1.12.20-CVE-2022-42012.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2213402
|
||||
Patch4: dbus-1.12.20-CVE-2023-34969.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1725570
|
||||
Patch1: dbus-1.12.8-fix-CVE-2019-12749.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1851997
|
||||
Patch2: dbus-1.12.8-fix-CVE-2020-12049.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1839753
|
||||
Patch3: dbus-1.12.8-fix-fd-limit-change.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2133645
|
||||
Patch4: dbus-1.20.8-CVE-2022-42010.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2133639
|
||||
Patch5: dbus-1.20.8-CVE-2022-42011.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2133633
|
||||
Patch6: dbus-1.20.8-CVE-2022-42012.patch
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2213400
|
||||
Patch7: dbus-1.12.8-fix-CVE-2023-34969.patch
|
||||
|
||||
BuildRequires: autoconf-archive
|
||||
BuildRequires: libtool
|
||||
BuildRequires: audit-libs-devel >= 0.9
|
||||
BuildRequires: gnupg2
|
||||
BuildRequires: libX11-devel
|
||||
BuildRequires: libcap-ng-devel
|
||||
BuildRequires: pkgconfig(expat)
|
||||
@ -75,6 +72,7 @@ BuildRequires: cmake
|
||||
%endif
|
||||
|
||||
#For macroized scriptlets.
|
||||
%{?systemd_requires}
|
||||
BuildRequires: systemd
|
||||
|
||||
# Note: These is only required for --with-tests; when bootstrapping, you can
|
||||
@ -87,10 +85,8 @@ BuildRequires: python3-gobject
|
||||
%if %{with check}
|
||||
BuildRequires: /usr/bin/Xvfb
|
||||
%endif
|
||||
BuildRequires: make
|
||||
|
||||
# Since F30 the default implementation is dbus-broker over dbus-daemon
|
||||
Requires: dbus-broker >= 16-4
|
||||
Requires: %{name}-daemon = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description
|
||||
D-BUS is a system for sending messages between applications. It is
|
||||
@ -99,10 +95,8 @@ per-user-login-session messaging facility.
|
||||
|
||||
%package common
|
||||
Summary: D-BUS message bus configuration
|
||||
Group: System Environment/Libraries
|
||||
BuildArch: noarch
|
||||
%{?systemd_requires}
|
||||
Conflicts: fedora-release < %{fedora_release_version}
|
||||
Conflicts: generic-release < %{generic_release_version}
|
||||
Requires: /usr/bin/systemctl
|
||||
|
||||
%description common
|
||||
@ -111,14 +105,12 @@ implementations to provide a System and User Message Bus.
|
||||
|
||||
%package daemon
|
||||
Summary: D-BUS message bus
|
||||
%{?systemd_requires}
|
||||
Conflicts: fedora-release < %{fedora_release_version}
|
||||
Conflicts: generic-release < %{generic_release_version}
|
||||
Group: System Environment/Libraries
|
||||
Requires(pre): /usr/sbin/useradd
|
||||
Requires: libselinux%{?_isa} >= %{libselinux_version}
|
||||
Requires: dbus-common = %{epoch}:%{version}-%{release}
|
||||
Requires: dbus-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Requires: dbus-tools = %{epoch}:%{version}-%{release}
|
||||
Requires: /usr/bin/systemctl
|
||||
|
||||
%description daemon
|
||||
D-BUS is a system for sending messages between applications. It is
|
||||
@ -127,6 +119,7 @@ per-user-login-session messaging facility.
|
||||
|
||||
%package tools
|
||||
Summary: D-BUS Tools and Utilities
|
||||
Group: Development/Libraries
|
||||
Requires: dbus-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description tools
|
||||
@ -135,22 +128,16 @@ the reference implementation.
|
||||
|
||||
%package libs
|
||||
Summary: Libraries for accessing D-BUS
|
||||
Group: Development/Libraries
|
||||
|
||||
%description libs
|
||||
This package contains lowlevel libraries for accessing D-BUS.
|
||||
|
||||
%package doc
|
||||
Summary: Developer documentation for D-BUS
|
||||
Requires: %{name}-daemon = %{epoch}:%{version}-%{release}
|
||||
BuildArch: noarch
|
||||
|
||||
%description doc
|
||||
This package contains developer documentation for D-Bus along with
|
||||
other supporting documentation such as the introspect dtd file.
|
||||
|
||||
%package devel
|
||||
Summary: Development files for D-BUS
|
||||
Requires: dbus-libs%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
Group: Development/Libraries
|
||||
# The server package can be a different architecture.
|
||||
Requires: %{name}-daemon = %{epoch}:%{version}-%{release}
|
||||
# For xml directory ownership.
|
||||
Requires: xml-common
|
||||
|
||||
@ -160,6 +147,7 @@ developing software that uses D-BUS.
|
||||
|
||||
%package tests
|
||||
Summary: Tests for the %{name}-daemon package
|
||||
Group: Development/Libraries
|
||||
Requires: %{name}-daemon%{?_isa} = %{epoch}:%{version}-%{release}
|
||||
|
||||
%description tests
|
||||
@ -168,8 +156,11 @@ the functionality of the installed %{name}-daemon package.
|
||||
|
||||
%package x11
|
||||
Summary: X11-requiring add-ons for D-BUS
|
||||
Group: Development/Libraries
|
||||
# The server package can be a different architecture.
|
||||
Requires: %{name}-daemon = %{epoch}:%{version}-%{release}
|
||||
# Used by SSH daemon helper script.
|
||||
Requires: /usr/bin/gio
|
||||
|
||||
%description x11
|
||||
D-BUS contains some tools that require Xlib to be installed, those are
|
||||
@ -177,7 +168,6 @@ in this separate package so server systems need not install X.
|
||||
|
||||
|
||||
%prep
|
||||
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
|
||||
%autosetup -p1
|
||||
|
||||
|
||||
@ -188,14 +178,14 @@ if test -f autogen.sh; then env NOCONFIGURE=1 ./autogen.sh; else autoreconf --ve
|
||||
# Call configure here (before the extra directories for the multiple builds
|
||||
# have been created) to ensure that the hardening flag hack is applied to
|
||||
# ltmain.sh
|
||||
%configure %{dbus_common_config_opts} --enable-doxygen-docs --enable-ducktype-docs --enable-xml-docs --disable-asserts
|
||||
%configure %{dbus_common_config_opts} --disable-doxygen-docs %--enable-ducktype-docs --enable-xml-docs --disable-asserts
|
||||
make distclean
|
||||
|
||||
mkdir build
|
||||
pushd build
|
||||
# See /usr/lib/rpm/macros
|
||||
%global _configure ../configure
|
||||
%configure %{dbus_common_config_opts} --enable-doxygen-docs --enable-ducktype-docs --enable-xml-docs --disable-asserts
|
||||
%configure %{dbus_common_config_opts} --disable-doxygen-docs --enable-ducktype-docs --enable-xml-docs --disable-asserts
|
||||
make V=1 %{?_smp_mflags}
|
||||
popd
|
||||
|
||||
@ -216,6 +206,10 @@ popd
|
||||
# Delete python2 code
|
||||
rm -f %{buildroot}/%{_pkgdocdir}/examples/GetAllMatchRules.py
|
||||
|
||||
# Delete docs
|
||||
rm -f %{buildroot}/%{_pkgdocdir}/examples/*.conf
|
||||
rm -f %{buildroot}/%{_datadir}/gtk-doc
|
||||
|
||||
find %{buildroot} -name '*.a' -type f -delete
|
||||
find %{buildroot} -name '*.la' -type f -delete
|
||||
|
||||
@ -223,21 +217,13 @@ find %{buildroot} -name '*.la' -type f -delete
|
||||
rm -rf %{buildroot}%{_libdir}/cmake
|
||||
%endif
|
||||
|
||||
# Delete upstream units
|
||||
rm -f %{buildroot}%{_unitdir}/dbus.{socket,service}
|
||||
rm -f %{buildroot}%{_unitdir}/sockets.target.wants/dbus.socket
|
||||
rm -f %{buildroot}%{_unitdir}/multi-user.target.wants/dbus.service
|
||||
rm -f %{buildroot}%{_userunitdir}/dbus.{socket,service}
|
||||
rm -f %{buildroot}%{_userunitdir}/sockets.target.wants/dbus.socket
|
||||
rm -f %{buildroot}%{_sysusersdir}/dbus.conf
|
||||
|
||||
# Install downstream units
|
||||
install -Dp -m755 %{SOURCE3} %{buildroot}%{_sysconfdir}/X11/xinit/xinitrc.d/00-start-message-bus.sh
|
||||
install -Dp -m644 %{SOURCE4} %{buildroot}%{_unitdir}/dbus.socket
|
||||
install -Dp -m644 %{SOURCE5} %{buildroot}%{_unitdir}/dbus-daemon.service
|
||||
install -Dp -m644 %{SOURCE6} %{buildroot}%{_userunitdir}/dbus.socket
|
||||
install -Dp -m644 %{SOURCE7} %{buildroot}%{_userunitdir}/dbus-daemon.service
|
||||
install -Dp -m644 %{SOURCE8} %{buildroot}%{_sysusersdir}/dbus.conf
|
||||
install -Dp -m755 %{SOURCE1} %{buildroot}%{_sysconfdir}/X11/xinit/xinitrc.d/00-start-message-bus.sh
|
||||
install -Dp -m644 %{SOURCE2} %{buildroot}%{_sysconfdir}/profile.d/ssh-x-forwarding.csh
|
||||
install -p -m644 %{SOURCE3} %{buildroot}%{_sysconfdir}/profile.d/
|
||||
install -Dp -m755 %{SOURCE4} %{buildroot}%{_libexecdir}/dbus-1/dbus-kill-process-with-session
|
||||
install -Dp -m644 %{SOURCE5} %{buildroot}%{_sysusersdir}/dbus.conf
|
||||
|
||||
# Obsolete, but still widely used, for drop-in configuration snippets.
|
||||
install --directory %{buildroot}%{_sysconfdir}/dbus-1/session.d
|
||||
@ -245,6 +231,11 @@ install --directory %{buildroot}%{_sysconfdir}/dbus-1/system.d
|
||||
|
||||
install --directory %{buildroot}%{_datadir}/dbus-1/interfaces
|
||||
|
||||
# Make sure that when somebody asks for D-Bus under the name of the
|
||||
# old SysV script, that he ends up with the standard dbus.service name
|
||||
# now.
|
||||
ln -s dbus.service %{buildroot}%{_unitdir}/messagebus.service
|
||||
|
||||
## %find_lang %{gettext_package}
|
||||
|
||||
install --directory %{buildroot}/var/lib/dbus
|
||||
@ -253,10 +244,6 @@ install --directory %{buildroot}/run/dbus
|
||||
install -pm 644 -t %{buildroot}%{_pkgdocdir} \
|
||||
doc/introspect.dtd doc/introspect.xsl doc/system-activation.txt
|
||||
|
||||
# Make sure that the documentation shows up in Devhelp.
|
||||
install --directory %{buildroot}%{_datadir}/gtk-doc/html
|
||||
ln -s %{_pkgdocdir} %{buildroot}%{_datadir}/gtk-doc/html/dbus
|
||||
|
||||
# Shell wrapper for installed tests, modified from Debian package.
|
||||
cat > dbus-run-installed-tests <<EOF
|
||||
#!/bin/sh
|
||||
@ -316,39 +303,27 @@ popd
|
||||
|
||||
|
||||
%pre daemon
|
||||
%sysusers_create_compat %{SOURCE8}
|
||||
|
||||
%post common
|
||||
%systemd_post dbus.socket
|
||||
%systemd_user_post dbus.socket
|
||||
# Add the "dbus" user and group
|
||||
/usr/sbin/groupadd -r -g %{dbus_user_uid} dbus 2>/dev/null || :
|
||||
/usr/sbin/useradd -c 'System message bus' -u %{dbus_user_uid} -g %{dbus_user_uid} \
|
||||
-s /sbin/nologin -r -d '/' dbus 2> /dev/null || :
|
||||
|
||||
%post daemon
|
||||
%systemd_post dbus-daemon.service
|
||||
%systemd_user_post dbus-daemon.service
|
||||
%systemd_post dbus.service dbus.socket
|
||||
%systemd_user_post dbus.service dbus.socket
|
||||
|
||||
%preun common
|
||||
%systemd_preun dbus.socket
|
||||
%systemd_user_preun dbus.socket
|
||||
%post libs -p /sbin/ldconfig
|
||||
|
||||
%preun daemon
|
||||
%systemd_preun dbus-daemon.service
|
||||
%systemd_user_preun dbus-daemon.service
|
||||
|
||||
%postun common
|
||||
%systemd_postun dbus.socket
|
||||
%systemd_user_postun dbus.socket
|
||||
%systemd_preun dbus.service dbus.socket
|
||||
%systemd_user_preun dbus.service dbus.socket
|
||||
|
||||
%postun daemon
|
||||
%systemd_postun dbus-daemon.service
|
||||
%systemd_user_postun dbus-daemon.service
|
||||
%systemd_postun dbus.service dbus.socket
|
||||
%systemd_user_postun dbus.service dbus.socket
|
||||
|
||||
%triggerpostun common -- dbus-common < 1:1.12.10-4
|
||||
systemctl --no-reload preset dbus.socket &>/dev/null || :
|
||||
systemctl --no-reload --global preset dbus.socket &>/dev/null || :
|
||||
%postun libs -p /sbin/ldconfig
|
||||
|
||||
%triggerpostun daemon -- dbus-daemon < 1:1.12.10-7
|
||||
systemctl --no-reload preset dbus-daemon.service &>/dev/null || :
|
||||
systemctl --no-reload --global preset dbus-daemon.service &>/dev/null || :
|
||||
|
||||
%files
|
||||
# The 'dbus' package is only retained for compatibility purposes. It will
|
||||
@ -365,25 +340,19 @@ systemctl --no-reload --global preset dbus-daemon.service &>/dev/null || :
|
||||
%config %{_sysconfdir}/dbus-1/session.conf
|
||||
%config %{_sysconfdir}/dbus-1/system.conf
|
||||
%dir %{_datadir}/dbus-1
|
||||
%dir %{_datadir}/dbus-1/session.d
|
||||
%dir %{_datadir}/dbus-1/system.d
|
||||
%{_datadir}/dbus-1/session.conf
|
||||
%{_datadir}/dbus-1/system.conf
|
||||
%{_datadir}/dbus-1/services
|
||||
%{_datadir}/dbus-1/system-services
|
||||
%{_datadir}/dbus-1/interfaces
|
||||
%{_sysusersdir}/dbus.conf
|
||||
%{_unitdir}/dbus.socket
|
||||
%{_userunitdir}/dbus.socket
|
||||
|
||||
%files daemon
|
||||
# Strictly speaking, we could remove the COPYING from this subpackage and
|
||||
# just have it be in libs, because dbus Requires dbus-libs.
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license COPYING
|
||||
%doc AUTHORS ChangeLog CONTRIBUTING.md NEWS README
|
||||
%exclude %{_pkgdocdir}/api
|
||||
%exclude %{_pkgdocdir}/dbus.devhelp
|
||||
%doc AUTHORS ChangeLog HACKING NEWS README
|
||||
%exclude %{_pkgdocdir}/diagram.*
|
||||
%exclude %{_pkgdocdir}/introspect.*
|
||||
%exclude %{_pkgdocdir}/system-activation.txt
|
||||
@ -404,8 +373,14 @@ systemctl --no-reload --global preset dbus-daemon.service &>/dev/null || :
|
||||
%attr(4750,root,dbus) %{_libexecdir}/dbus-1/dbus-daemon-launch-helper
|
||||
%exclude %{_libexecdir}/dbus-1/dbus-run-installed-tests
|
||||
%{_tmpfilesdir}/dbus.conf
|
||||
%{_unitdir}/dbus-daemon.service
|
||||
%{_userunitdir}/dbus-daemon.service
|
||||
%{_unitdir}/dbus.service
|
||||
%{_unitdir}/dbus.socket
|
||||
%{_unitdir}/messagebus.service
|
||||
%{_unitdir}/multi-user.target.wants/dbus.service
|
||||
%{_unitdir}/sockets.target.wants/dbus.socket
|
||||
%{_userunitdir}/dbus.service
|
||||
%{_userunitdir}/dbus.socket
|
||||
%{_userunitdir}/sockets.target.wants/dbus.socket
|
||||
|
||||
%files tools
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
@ -431,18 +406,11 @@ systemctl --no-reload --global preset dbus-daemon.service &>/dev/null || :
|
||||
|
||||
%files x11
|
||||
%{_bindir}/dbus-launch
|
||||
%{_libexecdir}/dbus-1/dbus-kill-process-with-session
|
||||
%{_mandir}/man1/dbus-launch.1*
|
||||
%{_sysconfdir}/profile.d/ssh-x-forwarding.*
|
||||
%{_sysconfdir}/X11/xinit/xinitrc.d/00-start-message-bus.sh
|
||||
|
||||
%files doc
|
||||
%{_pkgdocdir}/*
|
||||
%{_datadir}/gtk-doc
|
||||
%exclude %{_pkgdocdir}/AUTHORS
|
||||
%exclude %{_pkgdocdir}/ChangeLog
|
||||
%exclude %{_pkgdocdir}/HACKING
|
||||
%exclude %{_pkgdocdir}/NEWS
|
||||
%exclude %{_pkgdocdir}/README
|
||||
|
||||
%files devel
|
||||
%{_datadir}/xml/dbus-1
|
||||
%{_libdir}/lib*.so
|
||||
@ -454,124 +422,84 @@ systemctl --no-reload --global preset dbus-daemon.service &>/dev/null || :
|
||||
%{_libdir}/pkgconfig/dbus-1.pc
|
||||
%{_includedir}/*
|
||||
|
||||
|
||||
%changelog
|
||||
* Mon Jun 12 2023 David King <amigadave@amigadave.com> - 1:1.12.20-8
|
||||
- Fix CVE-2023-34969 (#2213402)
|
||||
* Mon Jun 19 2023 David King <amigadave@amigadave.com> - 1.12.8-26
|
||||
- Fix CVE-2023-34969 (#2213400)
|
||||
|
||||
* Tue Oct 18 2022 David King <amigadave@amigadave.com> - 1:1.12.20-7
|
||||
- Fix CVE-2022-42010 (#2133647)
|
||||
- Fix CVE-2022-42011 (#2133641)
|
||||
- Fix CVE-2022-42012 (#2133635)
|
||||
* Mon Apr 24 2023 Ray Strode <rstrode@redhat.com> - 1.12.8-25
|
||||
- Ensure only one dbus-daemon is spawned for all shells sharing
|
||||
a single connection.
|
||||
Resolves: #2189201
|
||||
|
||||
* Wed Aug 17 2022 David King <amigadave@amigadave.com> - 1:1.12.20-6
|
||||
- Override upstream sysusers.d confguration (#2118226)
|
||||
* Wed Oct 19 2022 David King <dking@redhat.com> - 1:1.12.8-24
|
||||
- Fix CVE-2022-42010 (#2133645)
|
||||
- Fix CVE-2022-42011 (#2133639)
|
||||
- Fix CVE-2022-42011 (#2133633)
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.12.20-5
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
* Tue Sep 06 2022 Ray Strode <rstrode@redhat.com> - 1:1.12.8-23
|
||||
- Address race for very short running sessions in SSH
|
||||
session monitoring script.
|
||||
Related: #2089362
|
||||
|
||||
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 1:1.12.20-4
|
||||
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||
* Tue Aug 09 2022 Ray Strode <rstrode@redhat.com> - 1:1.12.8-22
|
||||
- Use hangup signal instead of termination signal to
|
||||
kill sesssion monitoring script to appeach tcsh.
|
||||
Related: #2089362
|
||||
|
||||
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.20-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
* Mon Aug 08 2022 David King <dking@redhat.com> - 1:1.12.8-20
|
||||
- Override sysusers configuration (#2090397)
|
||||
|
||||
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.20-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
* Thu Jun 16 2022 Ray Strode <rstrode@redhat.com> - 1:1.12.8-19
|
||||
- Ensure SSH session monitoring script is cleaned up when the
|
||||
session exits.
|
||||
Resolves: #2089362
|
||||
|
||||
* Thu Jul 02 2020 David King <amigadave@amigadave.com> - 1:1.12.20-1
|
||||
- Update to 1.12.20
|
||||
* Mon Dec 06 2021 Ray Strode <rstrode@redhat.com> - 1.12.8-18
|
||||
- Ensure session bus started for SSH sessions gets used by those
|
||||
sessions.
|
||||
Related: #1940067
|
||||
|
||||
* Tue Jun 02 2020 David King <amigadave@amigadave.com> - 1:1.12.18-1
|
||||
- Update to 1.12.18
|
||||
* Mon Nov 08 2021 David King <dking@redhat.com> - 1:1.12.8-17
|
||||
- Improve SSH session bus starting (#1940067)
|
||||
|
||||
* Wed Feb 19 2020 David King <amigadave@amigadave.com> - 1:1.12.16-5
|
||||
- Verify GPG signature of sources
|
||||
- Improve permissions on ghosted /run/dbus
|
||||
* Thu Jun 10 2021 David King <dking@redhat.com> - 1:1.12.8-16
|
||||
- Add Conflicts on older redhat-release versions (#1941642)
|
||||
|
||||
* Fri Jan 31 2020 David King <amigadave@amigadave.com> - 1:1.12.16-4
|
||||
- Update python2- to python3-gobject
|
||||
* Wed May 26 2021 David King <dking@redhat.com> - 1:1.12.8-15
|
||||
- Packaging updates from Fedora (#1941642)
|
||||
|
||||
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.16-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
* Tue Apr 27 2021 David King <dking@redhat.com> - 1:1.12.8-14
|
||||
- Fix dbus-launch call in sh snippet (#1940348)
|
||||
|
||||
* Thu Aug 01 2019 David King <amigadave@amigadave.com> - 1:1.12.16-3
|
||||
- Ensure that patches are applied
|
||||
* Tue Mar 23 2021 David King <dking@redhat.com> - 1:1.12.8-13
|
||||
- Fix raising hard fd limit (#1839753)
|
||||
|
||||
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.16-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
* Mon Nov 23 2020 David King <dking@redhat.com> - 1:1.12.8-12
|
||||
- Install X11 SSH forwarding snippets (#1874282)
|
||||
|
||||
* Tue Jun 11 2019 David King <amigadave@amigadave.com> - 1:1.12.16-1
|
||||
- Update to 1.12.16
|
||||
* Tue Jun 30 2020 David King <dking@redhat.com> - 1:1.12.8-11
|
||||
- Fix CVE-2020-12049 (#1851997)
|
||||
|
||||
* Fri May 17 2019 David King <amigadave@amigadave.com> - 1:1.12.14-1
|
||||
- Update to 1.12.14
|
||||
* Mon Apr 06 2020 David King <dking@redhat.com> - 1:1.12.8-10
|
||||
- Improve permissions on ghosted /run/dbus (#1797833)
|
||||
|
||||
* Tue Apr 09 2019 David King <amigadave@amigadave.com> - 1:1.12.12-7
|
||||
- Improve user and group creation (#1698001)
|
||||
* Thu Aug 01 2019 David King <dking@redhat.com> - 1:1.12.8-9
|
||||
- Ensure that patches are applied (#1725570)
|
||||
|
||||
* Thu Apr 04 2019 David King <amigadave@amigadave.com> - 1:1.12.12-6
|
||||
- Own system.d and session.d directories (#1696385)
|
||||
* Tue Jul 09 2019 David King <dking@redhat.com> - 1:1.12.8-8
|
||||
- Fix CVE-2019-12749 (#1725570)
|
||||
|
||||
* Sun Mar 03 2019 Leigh Scott <leigh123linux@googlemail.com> - 1:1.12.12-5
|
||||
- Fix f30 FTBFS
|
||||
* Wed Oct 24 2018 Martin Pitt <mpitt@redhat.com> - 1:1.12.8-7
|
||||
- Fix useradd dependency of dbus-daemon rhbz#1634496
|
||||
|
||||
* Mon Feb 04 2019 Kalev Lember <klember@redhat.com> - 1:1.12.12-4
|
||||
- Update requires for pygobject3 -> python2-gobject rename
|
||||
* Thu Oct 18 2018 Martin Pitt <mpitt@redhat.com>
|
||||
- Drop unpublished -doc package to fix FTBFS rhbz#1640736
|
||||
- Add dist-git smoketest rhbz#1625683
|
||||
- Move dbus system user creation to correct package rhbz#1634496
|
||||
|
||||
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1:1.12.12-3
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Fri Dec 14 2018 David King <amigadave@amigadave.com> - 1:1.12.12-2
|
||||
- Change -devel subpackage to depend on -libs
|
||||
|
||||
* Tue Dec 04 2018 David King <amigadave@amigadave.com> - 1:1.12.12-1
|
||||
- Update to 1.12.12
|
||||
|
||||
* Thu Nov 22 2018 David Herrmann <dh.herrmann@gmail.com> - 1:1.12.10-9
|
||||
- Switch to dbus-broker as the default implementation
|
||||
|
||||
* Wed Nov 07 2018 Stephen Gallagher <sgallagh@redhat.com> - 1:1.12.10-8
|
||||
- Fix requirement on system-release
|
||||
|
||||
* Tue Nov 06 2018 Tom Gundersen <teg@jklm.no> - 1:1.12.10-7
|
||||
- Fix the messagebus.service alias
|
||||
|
||||
* Mon Nov 05 2018 David King <amigadave@amigadave.com> - 1:1.12.10-6
|
||||
- Add further Requires to subpackages
|
||||
|
||||
* Tue Oct 23 2018 David Herrmann <dh.herrmann@gmail.com> - 1:1.12.10-5
|
||||
- Move useradd dependency to daemon subpackage
|
||||
|
||||
* Fri Oct 19 2018 David King <amigadave@amigadave.com> - 1:1.12.10-4
|
||||
- Move user and group creation to daemon subpackage
|
||||
- Move systemd to Requires of common subpackage (#1638910)
|
||||
- Remove unnecessary ldconfig calls
|
||||
|
||||
* Fri Aug 31 2018 Tom Gundersen <teg@jklm.no> - 1:1.12.10-3
|
||||
- Make sure presets are applied when upgrading from packages before the presets
|
||||
existed
|
||||
|
||||
* Thu Aug 30 2018 David Herrmann <dh.herrmann@gmail.com> - 1:1.12.10-2
|
||||
- Change 'system-release' dependency to 'fedora-release', since otherwise hard
|
||||
version dependencies are ignored.
|
||||
|
||||
* Fri Aug 10 2018 David Herrmann <dh.herrmann@gmail.com> - 1:1.12.10-2
|
||||
- Move generic units into 'dbus-common', so other dbus implementations can use
|
||||
them as well.
|
||||
|
||||
* Fri Aug 10 2018 David Herrmann <dh.herrmann@gmail.com> - 1:1.12.10-1
|
||||
- Add [Install] sections to unit files, rather than creating the symlinks
|
||||
manually during the installation. This will pick up the systemd-presets
|
||||
global to Fedora from the 'fedora-release' package.
|
||||
|
||||
* Fri Aug 10 2018 David Herrmann <dh.herrmann@gmail.com> - 1:1.12.10-1
|
||||
- Provide custom systemd unit files to replace the upstream units. Also rename
|
||||
the service to 'dbus-daemon.service', but provide an alias to 'dbus.service'.
|
||||
|
||||
* Fri Aug 03 2018 David King <amigadave@amigadave.com> - 1:1.12.10-1
|
||||
- Update to 1.12.10
|
||||
* Sat Aug 11 2018 Troy Dawson <tdawson@redhat.com>
|
||||
- BuildRequire python3-gobject instead of pygobject3
|
||||
- Related: bug#1614611
|
||||
|
||||
* Tue Jul 31 2018 Colin Walters <walters@verbum.org> - 1:1.12.8-5
|
||||
- More python3
|
@ -1,15 +0,0 @@
|
||||
[Unit]
|
||||
Description=D-Bus System Message Bus
|
||||
Documentation=man:dbus-daemon(1)
|
||||
Requires=dbus.socket
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
|
||||
ExecReload=/usr/bin/dbus-send --print-reply --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig
|
||||
OOMScoreAdjust=-900
|
||||
|
||||
[Install]
|
||||
# Make sure that services can still refer to this under the name of the
|
||||
# old SysV script (messagebus).
|
||||
Alias=dbus.service messagebus.service
|
||||
WantedBy=multi-user.target
|
@ -1,11 +0,0 @@
|
||||
[Unit]
|
||||
Description=D-Bus User Message Bus
|
||||
Documentation=man:dbus-daemon(1)
|
||||
Requires=dbus.socket
|
||||
|
||||
[Service]
|
||||
ExecStart=/usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
|
||||
ExecReload=/usr/bin/dbus-send --print-reply --session --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig
|
||||
|
||||
[Install]
|
||||
Alias=dbus.service
|
@ -1,8 +0,0 @@
|
||||
[Unit]
|
||||
Description=D-Bus System Message Bus Socket
|
||||
|
||||
[Socket]
|
||||
ListenStream=/run/dbus/system_bus_socket
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
@ -1,9 +0,0 @@
|
||||
[Unit]
|
||||
Description=D-Bus User Message Bus Socket
|
||||
|
||||
[Socket]
|
||||
ListenStream=%t/bus
|
||||
ExecStartPost=-/usr/bin/systemctl --user set-environment DBUS_SESSION_BUS_ADDRESS=unix:path=%t/bus
|
||||
|
||||
[Install]
|
||||
WantedBy=sockets.target
|
@ -1,6 +0,0 @@
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-9
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: desktop-qe.desktop-ci.tier1-gating.functional}
|
Binary file not shown.
10
main.fmf
10
main.fmf
@ -1,10 +0,0 @@
|
||||
summary: Run internal dbus
|
||||
discover:
|
||||
- name: Internal dbus gating tests
|
||||
how: fmf
|
||||
url: https://gitlab.cee.redhat.com/desktopqe/dbus.git
|
||||
path: /
|
||||
ref: rhel-9
|
||||
filter: 'tag:rhivos'
|
||||
execute:
|
||||
how: tmt
|
@ -1,4 +0,0 @@
|
||||
---
|
||||
emptyrpm:
|
||||
expected_empty:
|
||||
- dbus
|
2
sources
2
sources
@ -1,2 +0,0 @@
|
||||
SHA512 (dbus-1.12.20.tar.gz) = 0964683bc6859374cc94e42e1ec0cdb542cca67971c205fcba4352500b6c0891665b0718e7d85eb060c81cb82e3346c313892bc02384da300ddd306c7eef0056
|
||||
SHA512 (dbus-1.12.20.tar.gz.asc) = a31207b5abb0dc81ad16eeae99b510045d57bcd6da1bb640d32efaa1f1519394fad452b455e7d4d1eaa5f1542ade5f7ba410c91ac5d2a80adec14e54ee7bd705
|
Loading…
Reference in New Issue
Block a user