dbus-1-x11-1.12.2-lp150.1.3 >  A ZR/=„{Mr X RnP14.yFL~il~/)zE! gUT~ʇ<8;Y\2̉d =_ë*+'bc*?1p2+D5 x0( Α #SdQn> bk':a&~Oaf5d8aa03c79b17f3360416352ab0a5543931be9b440fd1945cc1f518e0f31a7c5833bd9b4f3e558b56589710ba088fc949f1f51LZR/=„ш`kTh滊$LɖBJf?F*йj,%njQ7'{_qAI B챟=#")x@|qQ{{x[^B[{6|\VI fsp4 fSiJ[1Ԕ>r=#$_ʯӄX R(VQt}S-{IGsY1GcPk;r=SRꋦRTkDIޟuAhcG-)D Plp>pE ? d   7 )FLS , 2 8 D  0(8p9p:p>k?sF{GHIXY\]^b-cd7e<f?lAuTv`wxy z    4 8 < B Cdbus-1-x111.12.2lp150.1.3D-Bus Message Bus SystemD-Bus contains some tools that require Xlib to be installed, those are in this separate package so server systems need not install X.Z.s@lamb13jopenSUSE Leap 15.0openSUSEGPL-2.0+ or AFL-2.1https://bugs.opensuse.orgSystem/Daemonshttp://dbus.freedesktop.org/linuxx86_64/usr/sbin/update-alternatives --install /usr/bin/dbus-launch dbus-launch /usr/bin/dbus-launch.x11 20if [ "$1" = 0 ] ; then /usr/sbin/update-alternatives --remove dbus-launch /usr/bin/dbus-launch.x11 fijȀZRZRZR18157220603288f04463f37aef1afb3675f08a7c246a8caa6f1d0092add8b7d2/etc/alternatives/dbus-launch@rootrootrootrootrootrootdbus-1-x11-1.12.2-lp150.1.3.src.rpmdbus-1-x11dbus-1-x11(x86-64)dbus-launch @@@@@@@@@@@@@    /bin/sh/bin/shlibX11.so.6()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.15)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libdbus-1.so.3()(64bit)libdbus-1.so.3(LIBDBUS_1_3)(64bit)libdbus-1.so.3(LIBDBUS_PRIVATE_1.12.2)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libsystemd.so.0()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)update-alternativesupdate-alternatives3.0.4-14.6.0-14.0-15.2-14.14.1Z.s@Z-!ZfZ }YzYY_wYV=@Y?X@XX@X@Xs{@XJXIK@XF@X2W@W@W@VV`.VV@VKUYUeUY@UTء@T@Tto@T`T*@T@T&@S]S@S@SDSd@RRRΏ@R@R@RsRUE@RR@RNRH@RB@R+@QɆ@QőQőQyQw@Q']Q"Q"@PP*P*PP@P{@P@PqnP;a@P@OE@OO@OOr@OKp@OG{OG{ODO/N@N/N@Nu@N6@N N @MӴM‘@MM3@MMwkM hL@LMLLLJL and rules in dbus-daemon configuration can now include send_broadcast="true", send_broadcast="false", max_unix_fds="N", min_unix_fds="N" (for some integer N). See the release notes for 1.11.18. • dbus_try_get_local_machine_id() is like dbus_get_local_machine_id(), but returns a DBusError. • New APIs around DBusMessageIter to simplify cleanup. See the release notes for 1.11.16. • The message bus daemon now implements the standard Introspectable, Peer and Properties interfaces. See the release notes for dbus 1.11.14 and spec version 0.31. • DTDs for introspection XML and bus configuration are installed. • [Unix] A new unix:dir=… address family resembles unix:tmpdir=… but never uses Linux abstract sockets, which is advantageous for containers. On non-Linux it is equivalent to unix:tmpdir=…. See the release notes for dbus 1.11.14 and spec version 0.31. • [Unix] New option "dbus-launch --exit-with-x11". • [Unix] Session managers can create transient .service files in $XDG_RUNTIME_DIR/dbus-1/services. See the release notes for 1.11.12. • [Unix] A sysusers.d snippet can create the messagebus user on-demand. Miscellaneous behaviour changes: • [Unix] The session bus now logs to syslog if it was started by dbus-launch. • [Unix] Internal warnings are logged to syslog if configured. • [Unix] Exceeding an anti-DoS limit is logged to syslog if configured, or to stderr. - Enabled "make check test suite" - Patches removed, fixed upstream * fix-upstream-drop-install-sections-from-user-services.patch * fix-upstream-increase-backlog.patch * fix-upstream-timeout-reset-1.patch * fix-upstream-timeout-reset-2.patch- boo#1027201 dbus-daemon not found - boo#978477 systemd reseting under heavy load * fix-upstream-timeout-reset-1.patch * fix-upstream-timeout-reset-2.patch- boo#1027200 don't generate machine-id in %post systemd will do it on first boot. - swap usage of /bin/false to /usr/bin/false - Use libexecdir=%{_libdir}/dbus-1 rather then /lib/dbus-1- No need to set --libdir anymore now that prefix is /usr/bin, * fixes boo#1047532 - No need to set --bindir, bindir in dbus-1-x11 was incorrect - Other fixes required to properly change prefix - Don't pass --with-initscripts we don't use them anymore.- Update to 1.10.20 * Fixes: + Fix a reference leak when blocking on a pending call on a connection that has been disconnected (fdo#101481, Shin-ichi MORITA) + Don't put timestamps in the Doxygen-generated documentation, for closer-to-reproducible builds (fdo#100692, Simon McVittie) + Avoid an assertion failure when connecting to a semicolon-separated series of addresses, one of which fails (fdo#101257, Simon McVittie) * Documentation: + Update git URIs in HACKING document to sync up with cgit.freedesktop.org (fdo#100715, Simon McVittie)- swap to /usr/bin bsc#1029968 - Add the following fixes from SLE12 * bsc#980928 increase listen() backlog of AF_UNIX sockets to SOMAXCONN fix-upstream-increase-backlog.patch - The following bugs were already fixed but are missing changelog entries * bsc#867256 (No longer applicable) * bsc#916785 (No longer applicable) * bsc#1012564 (Not applicable) * fdo#90004 (Fixed Upstream) - Rename the following patches as a tidy up * dbus-log-deny.patch to feature-suse-log-deny.patch * dbus-do-autolaunch.patch feature-suse-do-autolaunch.patch * 0001-Add-RefuseManualStartStop.patch to feature-suse-refuse-manual-start-stop.patch * 0001-Drop-Install-sections-from-user-services.patch to fix-upstream-drop-install-sections-from-user-services.patch- Update to 1.10.18 * Fixes + Re-order dbus-daemon startup so that on SELinux systems, the thread that reads AVC notifications retains the ability to write to the audit log (fdo#92832, Debian #857660; Laurent Bigonville) + Fix a harmless read overflow and some memory leaks in a unit test (fdo#100568, Philip Withnall)- Update to 1.10.16 Fixes: * Prevent symlink attacks in the nonce-tcp transport on Unix that could allow an attacker to overwrite a file named "nonce", in a directory that the user running dbus-daemon can write, with a random value known only to the user running dbus-daemon. This is unlikely to be exploitable in practice, particularly since the nonce-tcp transport is really only useful on Windows. (fd.o #99828, Simon McVittie) (bsc#1025950) * Avoid symlink attacks in the "embedded tests", which are not enabled by default and should never be enabled in production builds of dbus. (fd.o #99828, Simon McVittie) (bsc#1025951) * Work around an undesired effect of the fix for CVE-2014-3637 (fd.o #80559), in which processes that frequently send fds, such as logind during a flood of new PAM sessions, can get disconnected for continuously having at least one fd "in flight" for too long; dbus-daemon interprets that as a potential denial of service attack. The workaround is to disable that check for uid 0 process such as logind, with a message in the system log. The bug remains open while we look for a more general solution. (fd.o #95263, LP#1591411; Simon McVittie) * Don't run the test test-dbus-launch-x11.sh if X11 autolaunching was disabled at compile time. That test is not expected to work in that configuration. (fd.o #98665, Simon McVittie) Enhancements: * Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian stable and Debian testing in addition to the older Ubuntu that is the default (fd.o #98889, Simon McVittie)- A note for scripts bsc#974092 (remove sysvinit script) is already fixed here.- Don't restart dbus on upgrade - Includes temporary work around for last version boo#1020301 - Add 0001-Add-RefuseManualStartStop.patch don't allow users to Manually start or stop dbus.- Add systemd unit files to start session bus via systemd - Added patch: * 0001-Drop-Install-sections-from-user-services.patch + remove install section from socket unit because it does not need to be enabled explicitly (see fdo#92402)- Requires systemd >= 209 and drop the compatibility pkg-config names that don't exist in newer systemd- Drop useless --with-pic which is only for static libs - Abort installation when user/group creation fails - Avoid calling %service_* more than once- Build the dbus-1 package without X in the dbus-1.spec - Move the dbus-launch.nox11 to the dbus-1 package and install it by default - Build devel-doc package in dbus-1.spec and don't build any documentation in dbus-1-x11 - Make dbus-1-x11 package contains only the X11-enabled dbus-launch - Fix some rpmlint warnings - Delete the dbus-1-x11.spec.in file, since maintaining it is more complicated then keeping in sync a dbus-1-x11.spec file of less then 120 lines- Create new subpackage: dbus-1-nox11 - contains dbus-launch without x11 support - Rename dbus-launch to dbus-launch.x11 - use update-alternatives to switch between dbus-launch with and without X11 - Solves [bnc#934214]- Update to 1.10.12 * Security fixes: + Do not treat ActivationFailure message received from root-owned systemd name as a format string. In principle this is a security vulnerability, but we do not believe it is exploitable in practice, because only privileged processes can own the org.freedesktop.systemd1 bus name, and systemd does not appear to send activation failures that contain "%". Please note that this probably *was* exploitable in dbus versions older than 1.6.30, 1.8.16 and 1.9.10 due to a missing check which at the time was only thought to be a denial of service vulnerability (CVE-2015-0245). If you are still running one of those versions, patch or upgrade immediately. (fdo#98157, bsc#1003898, Simon McVittie) * Other fixes: + Harden dbus-daemon against malicious or incorrect ActivationFailure messages by rejecting them if they do not come from a privileged process, or if systemd activation is not enabled (fdo#98157, Simon McVittie) + Avoid undefined behaviour when setting reply serial number without going via union DBusBasicValue (fdo#98035, Marc Mutz) + autogen.sh: fail cleanly if autoconf fails (Simon McVittie)- Moved dbus-run-session from dbus-1-x11 to dbus-1 (bdo#836296)- Update to 1.10.10 * Fixes: + On Linux, when dbus-daemon is run with reduced susceptibility to the OOM killer (typically via systemd), do not let child processes inherit that setting (fdo#32851; Kimmo Hämäläinen, WaLyong Cho) + Output valid shell syntax in ~/.dbus/session-bus/ if the bus address contains a semicolon (fdo#94746, Thiago Macieira) + Fix memory leaks and thread safety in subprocess starting on Windows (fdo#95191, Ralf Habacker) + Do not require systemd to have a service file if using it for activation (fdo#93194; Simon McVittie; backport from 1.11.0) + Stop test-dbus-daemon incorrectly failing on platforms that cannot discover the process ID of clients (fdo#96653, Руслан Ижбулатов) + In tests that exercise correct handling of crashing D-Bus services, suppress Windows crash handler (fdo#95155; Yiyang Fei, Ralf Habacker) + Explicitly check for stdint.h (Ioan-Adrian Ratiu) + update-activation-environment: produce better diagnostics on error (fdo#96653, Simon McVittie) + Don't fail the build with an unused const variable warning under gcc 6 (fdo#97282; Thomas Zimmermann, Simon McVittie) + Merge dbus-1.10-ci branch, containing backports from 1.11.0 in build/test code to support continuous integration (fdo#93194, Simon McVittie) - Avoid -Wunused-label when compiling with libselinux but no libaudit - In development builds, allow OOM tests to be disabled as documented - Accept and ignore the --tap argument in all "embedded tests", and run all automated tests with that argument for better diagnostics - Fix the systemd activation test under CMake by installing the required files - In Automake, fix shell syntax for installcheck-local with no DESTDIR - In Automake, don't try to run manual tests in installcheck - In CMake, don't run manual-tcp test as an automated test - Add travis-ci.org build machinery- Update to 1.10.8 * Fixes: + Enable "large file support" on systems where it exists: dbus-daemon is not expected to open large files, but it might need to stat files that happen to have large inode numbers (fdo#93545, Hongxu Jia) + Eliminate padding inside DBusMessageIter on 64-bit platforms, which might result in a pedantic C compiler not copying the entire contents of a DBusMessageIter; statically assert that this is not an ABI change in practice (fdo#94136, Simon McVittie) + Document dbus-test-tool echo --sleep-ms=N instead of incorrect --sleep=N (fdo#94244, Dmitri Iouchtchenko) + Correctly report test failures in C tests from run-test.sh (fdo#93379; amit tewari, Simon McVittie) + When tests are enabled, run all the marshal-validate tests, not just the even-numbered ones (fdo#93908, Nick Lewycky) + Correct the expected error from one marshal-validate test, which was previously not run due to the above bug(fdo#93908, Simon McVittie)- Update to 1.10.6 * Fixes: - On Unix when running tests as root, don't assert that root and the dbus-daemon user can still call UpdateActivationEnvironment; assert that those privileged users can call BecomeMonitor instead (fdo#93036, Simon McVittie) - On Windows, fix a memory leak in the autolaunch transport (fdo#92899, Simon McVittie) - On Windows Autotools builds, don't run tests that rely on dbus-run-session and other Unix-specifics (fdo#92899, Simon McVittie)- Update to 1.10.4 * Changes between 1.10.2 and 1.10.4 - Enhancements: + GetConnectionCredentials, GetConnectionUnixUser and GetConnectionUnixProcessID with argument "org.freedesktop.DBus" will now return details of the dbus-daemon itself. This is required to be able to call SetEnvironment on systemd. (fdo#92857, Jan Alexander Steffens) - Fixes: + Make UpdateActivationEnvironment always fail with AccessDenied on the system bus. Previously, it was possible to configure it so root could call it, but the environment variables were not actually used, because the launch helper would discard them. (fdo#92857, Jan Alexander Steffens) + On Unix with --systemd-activation on a user bus, make UpdateActivationEnvironment pass on its arguments to systemd's SetEnvironment method, solving inconsistency between the environments used for traditional activation and systemd user-service activation. (fdo#92857, Jan Alexander Steffens) + On Windows, don't crash if or --syslog is used (fdo#92538, Ralf Habacker) + On Windows, fix a memory leak when setting a DBusError from a Windows error (fdo#92721, Ralf Habacker) + On Windows, don't go into infinite recursion if we abort the process with backtraces enabled (fdo#92721, Ralf Habacker) + Fix various failing tests, variously on Windows and cross-platform: . don't test system.conf features (users, groups) that only make sense on the system bus, which is not supported on Windows . don't call _dbus_warn() when we skip a test, since it is fatal . fix computation of expected . when running TAP tests, translate newlines to Unix format, fixing cross-compiled tests under Wine on Linux . don't stress-test refcounting under Wine, where it's really slow . stop assuming that a message looped-back to the test will be received immediately . skip some system bus tests on Windows since they make no sense there (fdo#92538, fdo#92721; Ralf Habacker, Simon McVittie) * Changes between 1.10.0 and 1.10.2 - Fixes: + Correct error handling for activation: if there are multiple attempts to activate the same service and it fails immediately, the first attempt would get the correct reply, but the rest would time out. We now send the same error reply to each attempt. (fdo#92200, Simon McVittie) + If BecomeMonitor is called with a syntactically invalid match rule, don't crash with an assertion failure, fixing a regression in 1.9.10. This was not exploitable as a denial of service, because the check for a privileged user is done first. (fdo#92298, Simon McVittie) + On Linux with --enable-user-session, add the bus address to the environment of systemd services for better backwards compatibility (fdo#92612, Jan Alexander Steffens) + On Windows, fix the logic for replacing the installation prefix in service files' Exec lines (fdo#83539; Milan Crha, Simon McVittie) + On Windows, if installed in the conventional layout with ${prefix}/etc and ${prefix}/share, use relative paths between bus configuration files to allow the tree to be relocated (fdo#92028, Simon McVittie) + Make more of the regression tests pass in Windows builds (fdo#92538, Simon McVittie) * Summary of major changes since 1.8.0: - The basic setup for the well-known system and session buses is now done in read-only files in ${datadir} (normally /usr/share). - AppArmor integration has been merged, with features similar to the pre-existing SELinux integration. It is mostly compatible with the patches previously shipped by Ubuntu, with one significant change: Ubuntu's GetConnectionAppArmorSecurityContext method has been superseded by GetConnectionCredentials and was not included. - The --enable-user-session configure option can be enabled by OS integrators intending to use systemd to provide a session bus per user (in effect, treating all concurrent graphical and non-graphical login sessions as one large session). - The new listenable address mode "unix:runtime=yes" listens on $XDG_RUNTIME_DIR/bus, the same AF_UNIX socket used by the systemd user session. libdbus and "dbus-launch --autolaunch" will connect to this address by default. GLib >= 2.45.3 and sd-bus >= 209 have a matching default. - All executables are now dynamically linked to libdbus-1. Previously, some executables, most notably dbus-daemon, were statically linked to a specially-compiled variant of libdbus. This results in various private functions in the _dbus namespace being exposed by the shared library. These are not API, and must not be used outside the dbus source tree. - On platforms with ELF symbol versioning, all public symbols are versioned LIBDBUS_1_3. * New bus APIs: - org.freedesktop.DBus.GetConnectionCredentials returns LinuxSecurityLabel where supported - org.freedesktop.DBus.Monitoring interface (privileged) . BecomeMonitor method supersedes match rules with eavesdrop=true, which are now deprecated - org.freedesktop.DBus.Stats interface (semi-privileged) . now enabled by default . new GetAllMatchRules method - org.freedesktop.DBus.Verbose interface (not normally compiled) . toggles the effect of DBUS_VERBOSE * New executables: - dbus-test-tool - dbus-update-activation-environment * New optional dependencies: - The systemd: pseudo-transport requires libsystemd or libsd-daemon - Complete documentation requires Ducktype and yelp-tools - Full test coverage requires GLib 2.36 and PyGI - AppArmor integration requires libapparmor and optionally libaudit * Dependencies removed: - dbus-glib- Update to 1.8.20: * Fixes: - Fix a memory leak when GetConnectionCredentials() succeeds (fdo#91008, Jacek Bukarewicz) - Ensure that dbus-monitor does not reply to messages intended for others (fdo#90952, Simon McVittie)- Account for openSUSE:Leap in the conditional for chosing right local state directories (boo#941352)- Move common-begin sections around to make pre_checkin work again - Unconditionally build with systemd features, there are no cycles now, systemd no longer buildrequires dbus-1-devel- Update to 1.8.18: * Security hardening: - On Unix platforms, change the default configuration for the session bus to only allow EXTERNAL authentication (secure kernel-mediated credentials-passing), as was already done for the system bus. This avoids falling back to DBUS_COOKIE_SHA1, which relies on strongly unpredictable pseudo-random numbers; under certain circumstances (/dev/urandom unreadable or malloc() returns NULL), dbus could fall back to using rand(), which does not have the desired unpredictability. The fallback to rand() has not been changed in this stable-branch since the necessary code changes for correct error-handling are rather intrusive. If you are using D-Bus over the (unencrypted!) tcp: or nonce-tcp: transport, in conjunction with DBUS_COOKIE_SHA1 and a shared home directory using NFS or similar, you will need to reconfigure the session bus to accept DBUS_COOKIE_SHA1 by commenting out the element. This configuration is not recommended. (bsc#931066, fdo#90414, Simon McVittie) * Other fixes: - Add locking to DBusCounter's reference count and notify function (fdo#89297, Adrian Szyndela) - Ensure that DBusTransport's reference count is protected by the corresponding DBusConnection's lock (fdo#90312, Adrian Szyndela) - On Windows, listen on the same port for IPv4 and IPv6 (previously broken by an endianness mistake), and fix a failure to bind TCP sockets on approximately 1 attempt in 256 (fdo#87999, Ralf Habacker) - Correctly release DBusServer mutex before early-return if we run out of memory while copying authentication mechanisms (fdo#90021, Ralf Habacker) - Correctly initialize all fields of DBusTypeReader (fdo#90021, Ralf Habacker, Simon McVittie) - Fix some missing \n in verbose (debug log) messages (fdo#90021, Ralf Habacker) - Clean up some memory leaks in test code (fdo#90021, Ralf Habacker)- Sync changes from SLE12 conditionalized for suse_version <= 1315- Update to 1.8.16: * Security fixes: - Do not allow non-uid-0 processes to send forged ActivationFailure messages. On Linux systems with systemd activation, this would allow a local denial of service: unprivileged processes could flood the bus with these forged messages, winning the race with the actual service activation and causing an error reply to be sent back when service auto-activation was requested. This does not prevent the real service from being started, so it only works while the real service is not running. (CVE-2015-0245, fdo#88811, bnc#916343; Simon McVittie) * Other fixes: - fix a Windows build failure (fdo#88009, Ralf Habacker) - on Windows, allow up to 8K connections to the dbus-daemon instead of the previous 64, completing a previous fix which only worked under Autotools (fdo#71297, Ralf Habacker)- Update to 1.8.14 * Security hardening: - Do not allow calls to UpdateActivationEnvironment from uids other than the uid of the dbus-daemon. If a system service installs unsafe security policy rules that allow arbitrary method calls (such as CVE-2014-8148) then this prevents memory consumption and possible privilege escalation via UpdateActivationEnvironment. We believe that in practice, privilege escalation here is avoided by dbus-daemon-launch-helper sanitizing its environment; but it seems better to be safe. - Do not allow calls to UpdateActivationEnvironment or the Stats interface on object paths other than /org/freedesktop/DBus. Some system services install unsafe security policy rules that allow arbitrary method calls to any destination, method and interface with a specified object path; while less bad than allowing arbitrary method calls, these security policies are still harmful, since dbus-daemon normally offers the same API on all object paths and other system services might behave similarly. * Other fixes: - Add missing initialization so GetExtendedTcpTable doesn't crash on Windows Vista SP0 (fdo#77008, Ilya A. Tkachenko)- Update to 1.8.12: * Fixes: - Partially revert the CVE-2014-3639 patch by increasing the default authentication timeout on the system bus from 5 seconds back to 30 seconds, since this has been reported to cause boot regressions for some users, mostly with parallel boot (systemd) on slower hardware. On fast systems where local users are considered particularly hostile, administrators can return to the 5 second timeout (or any other value in milliseconds) by saving this as /etc/dbus-1/system-local.conf: 5000 (fdo#86431, Simon McVittie) - Add a message in syslog/the Journal when the auth_timeout is exceeded (fdo#86431, Simon McVittie) - Send back an AccessDenied error if the addressed recipient is not allowed to receive a message (and in builds with assertions enabled, don't assert under the same conditions). (fdo#86194, Jacek Bukarewicz)- Update to 1.8.10: * Security fixes: - Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536 so that CVE-2014-3636 part A cannot exhaust the system bus' file descriptors, completing the incomplete fix in 1.8.8. (CVE-2014-7824, fdo#85105; Simon McVittie, Alban Crequy)- Reformat the spec file using spec-cleaner- Update baselibs.conf: Provides dbus-1-32bit in lib package- Update to 1.8.8: + Security fixes: - Do not accept an extra fd in the padding of a cmsg message, which could lead to a 4-byte heap buffer overrun. (CVE-2014-3635, fdo#83622, bnc#896453; Simon McVittie) - Reduce default for maximum Unix file descriptors passed per message from 1024 to 16, preventing a uid with the default maximum number of connections from exhausting the system bus' file descriptors under Linux's default rlimit. Distributors or system administrators with a more restrictive fd limit may wish to reduce these limits further. Additionally, on Linux this prevents a second denial of service in which the dbus-daemon can be made to exceed the maximum number of fds per sendmsg() and disconnect the process that would have received them. (CVE-2014-3636, fdo#82820, bnc#896453; Alban Crequy) - Disconnect connections that still have a fd pending unmarshalling after a new configurable limit, pending_fd_timeout (defaulting to 150 seconds), removing the possibility of creating an abusive connection that cannot be disconnected by setting up a circular reference to a connection's file descriptor. (CVE-2014-3637, fdo#80559, bnc#896453; Alban Crequy) - Reduce default for maximum pending replies per connection from 8192 to 128, mitigating an algorithmic complexity denial-of-service attack (CVE-2014-3638, fdo#81053, bnc#896453; Alban Crequy) - Reduce default for authentication timeout on the system bus from 30 seconds to 5 seconds, avoiding denial of service by using up all unauthenticated connection slots; and when all unauthenticated connection slots are used up, make new connection attempts block instead of disconnecting them. (CVE-2014-3639, fdo#80919, bnc#896453; Alban Crequy) + Other fixes: - Check for libsystemd from systemd >= 209, falling back to the older separate libraries if not found (Umut Tezduyar Lindskog, Simon McVittie) - On Linux, use prctl() to disable core dumps from a test executable that deliberately raises SIGSEGV to test dbus-daemon's handling of that condition (fdo#83772, Simon McVittie) - Fix compilation with --enable-stats (fdo#81043, Gentoo #507232; Alban Crequy) - Improve documentation for running tests on Windows (fdo#41252, Ralf Habacker)- Remove all remains of sysvinit compatibility. - Do not force-fed -fstack-protector in CFLAGS, already there and obsoleted by stack-protector-strong in gcc 4.9. - Ensure doxygen never generates timestampted html docs.- Update baselibs.conf: Obsoletes dbus-1-32bit in lib package.- Update to 1.8.6: + Security fixes: - On Linux >= 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, silently drop the message. This prevents an attack in which a malicious client can make dbus-daemon disconnect a system service, which is a local denial of service. (bnc#885241 fdo#80163, CVE-2014-3532; Alban Crequy) - Track remaining Unix file descriptors correctly when more than one message in quick succession contains fds. This prevents another attack in which a malicious client can make dbus-daemon disconnect a system service. (bnc#885241 fdo#79694, fd0#80469, CVE-2014-3533; Alejandro Martínez Suárez, Simon McVittie, Alban Crequy) + Other fixes: - When dbus-launch --exit-with-session starts a dbus-daemon but then cannot attach to a session, kill the dbus-daemon as intended (fdo#74698, Роман Донченко)- Update to 1.8.4: + Security fix: - Alban Crequy at Collabora Ltd. discovered and fixed a denial-of-service flaw in dbus-daemon, part of the reference implementation of D-Bus. Additionally, in highly unusual environments the same flaw could lead to a side channel between processes that should not be able to communicate. (CVE-2014-3477, fdo#78979, bnc#881137)- Update to 1.8.2: + Enhancements: - in the CMake build system, add some hints for Linux users cross-compiling Windows D-Bus binaries to be able to run tests under Wine (fdo#41252) - add Documentation key to dbus.service (fdo#77447) + Fixes: - in "dbus-uuidgen --ensure", try to copy systemd's /etc/machine-id to /var/lib/dbus/machine-id instead of generating an entirely new ID (fdo#77941) - if dbus-launch receives an X error very quickly, do not kill unrelated processes (fdo#74698) - on Windows, allow up to 8K connections to the dbus-daemon, instead of the previous 64 (fdo#71297) - cope with \r\n newlines in regression tests, since on Windows, dbus-daemon.exe uses text mode (fdo#75863)- Update to 1.8.0 final: + This starts a new stable branch. The 1.6.x branch is now considered to be outdated, and will only receive fixes for serious bugs such as security flaws. The 1.4.x and 1.2.x branches no longer have upstream support and are unlikely to get any more releases, but if distributors still need to support them, please share security patches via upstream. + Enhancements since 1.7.10: - Enhance the CMake build system to check for GLib and compile/run a subset of the regression tests (fdo#41252, fdo#73495) + Fixes since 1.7.10: - don't rely on va_copy(), use DBUS_VA_COPY() wrapper (fdo#72840) - fix compilation of systemd journal support on older systemd versions where sd-journal.h doesn't include syslog.h (fdo#73455) - fix compilation on older MSVC versions by including stdlib.h (fdo#73455) - Allow to appear in an included configuration file (fdo#73475) + Test behaviour changes since 1.7.10: - If the tests crash with an assertion failure, they no longer default to blocking for a debugger to be attached. Set DBUS_BLOCK_ON_ABORT in the environment if you want the old behaviour. - To improve debuggability, the dbus-daemon and dbus-daemon-eavesdrop tests can be run with an external dbus-daemon by setting DBUS_TEST_DAEMON_ADDRESS in the environment. Test-cases that require an unusually-configured dbus-daemon are skipped.- Remove checks for obsolete openSUSE versions - Make sure that dbus-1 requires libdbus-1-3 during %post (detected when built against DBus-less systemd 209)- Try hard to assure that /var/lib/dbus/machine-id and /etc/machine-id are the same (bnc#857377)- Update to 1.7.10 (1.8.0 rc1) + D-Bus Specification 0.23: - don't require messages with no INTERFACE to be dispatched (fdo#68597) - document "tcp:bind=..." and "nonce-tcp:bind=..." (fdo#72301) - define "listenable" and "connectable" addresses, and discuss the difference (fdo#61303) + Enhancements: - support printing Unix file descriptors in dbus-send, dbus-monitor (fdo#70592) - don't install systemd units if --disable-systemd is given (fdo#71818) + Fixes: - don't leak memory on out-of-memory while listing activatable or active services (fdo#71526) - fix undefined behaviour in a regression test (fdo#69924) - escape Unix socket addresses correctly (fdo#46013) - on SELinux systems, don't assume that SECCLASS_DBUS, DBUS__ACQUIRE_SVC and DBUS__SEND_MSG are numerically equal to their values in the reference policy (fdo#88719) - define PROCESS_QUERY_LIMITED_INFORMATION if missing from MinGW < 4 headers (fdo#71366) - define WIN32_LEAN_AND_MEAN to avoid conflicts between winsock.h and winsock2.h (fdo#71405) - do not return failure from _dbus_read_nonce() with no error set, preventing a potential crash (fdo#72298) - on BSD systems, avoid some O(1)-per-process memory and fd leaks in kqueue, preventing test failures (fdo#69332, fdo#72213) - fix warning spam on Hurd by not trying to set SO_REUSEADDR on Unix sockets, which doesn't do anything anyway on at least Linux and FreeBSD (fdo#69492) - fix use of TCP sockets on FreeBSD and Hurd by tolerating EINVAL from sendmsg() with SCM_CREDS (retrying with plain send()), and looking for credentials more correctly (fdo#69492) - ensure that tests run with a temporary XDG_RUNTIME_DIR to avoid getting mixed up in XDG/systemd "user sessions" (fdo#61301) - refresh cached policy rules for existing connections when bus configuration changes (fdo#39463)- Drop the dbus-fall-back-to-old-run-directory.patch, and the sed workaround from dbus-1-x11 %post, now that transition from 12.3 (/var/run) to 13.1 (/run) is done- Update to 1.7.8 + Dependencies: - If systemd support is enabled, libsystemd-journal is now required. + Enhancements: - When activating a non-systemd service under systemd, annotate its stdout/stderr with its bus name in the Journal. Known limitation: because the socket is opened before forking, the process will still be logged as if it had dbus-daemon's process ID and user ID. (fdo#68559) - Document more configuration elements in dbus-daemon(1) (fdo#69125) + Fixes: - Don't leak string arrays or fds if dbus_message_iter_get_args_valist() unpacks them and then encounters an error (fdo#21259) - If compiled with libaudit, retain CAP_AUDIT_WRITE so we can write disallowed method calls to the audit log, fixing a regression in 1.7.6 (fdo#49062) - path_namespace='/' in match rules incorrectly matched nothing; it now matches everything. (fdo#70799)- Update to 1.7.6 + Build-time configuration changes: - Directory change notification via dnotify on Linux is no longer supported; it hadn't compiled successfully since 2010 in any case. If you don't have inotify (Linux) or kqueue (*BSD), you will need to send SIGHUP to the dbus-daemon when its configuration changes. (fdo#33001) - Compiling with --disable-userdb-cache is no longer supported; it didn't work since at least 2008, and would lead to an extremely slow dbus-daemon even it worked. (fdo#15589,fdo#17133,fdo#66947) - The DBUS_DISABLE_ASSERTS CMake option didn't actually disable most assertions. It has been renamed to DBUS_DISABLE_ASSERT to be consistent with the Autotools build system. (fdo#66142) - --with-valgrind=auto enables Valgrind instrumentation if and only if valgrind headers are available. The default is still - -with-valgrind=no. (fdo#56925) + Dependencies: - Platforms with no 64-bit integer type are no longer supported. (fdo#65429) - GNU make is now (documented to be) required. (fdo#48277) - Full test coverage no longer requires dbus-glib, although the tests do not exercise the shared library (only a static copy) if dbus-glib is missing. (fdo#68852) + Enhancements: - D-Bus Specification 0.22 - Document GetAdtAuditSessionData() and GetConnectionSELinuxSecurityContext() (fdo#54445) - Fix example .service file (fdo#66481) - Don't claim D-Bus is "low-latency" (lower than what?), just give factual statements about it supporting async use (fdo#65141) - Document the contents of .service files, and the fact that system services' filenames are constrained (fdo#66608) - Be thread-safe by default on all platforms, even if dbus_threads_init_default() has not been called. For compatibility with older libdbus, library users should continue to call dbus_threads_init_default(): it is harmless to do so. (fdo#54972) - Add GetConnectionCredentials() method (fdo#54445) - New API: dbus_setenv(), a simple wrapper around setenv(). Note that this is not thread-safe. (fdo#39196,) - Add dbus-send --peer=ADDRESS (connect to a given peer-to-peer connection, like --address=ADDRESS in previous versions) and dbus-send --bus=ADDRESS (connect to a given bus, like dbus-monitor --address=ADDRESS). dbus-send --address still exists for backwards compatibility, but is no longer documented. (fdo#48816) + Fixes: - Avoid an infinite busy-loop if a signal interrupts waitpid() (fdo#68945) - Clean up memory for parent nodes when objects are unexported (fdo#60176) - Make dbus_connection_set_route_peer_messages(x, FALSE) behave as documented. Previously, it assumed its second parameter was TRUE. (fdo#69165) - Escape addresses containing non-ASCII characters correctly (fdo#53499) - Document search order correctly (fdo#66994) - Don't crash on "dbus-send --session / x.y.z" which regressed in 1.7.4. (fdo#65923) - If malloc() returns NULL in _dbus_string_init() or similar, don't free an invalid pointer if the string is later freed (fdo#65959) - If malloc() returns NULL in dbus_set_error(), don't va_end() a va_list that was never va_start()ed (fdo#66300) - fix build failure with --enable-stats (fdo#66004) - fix a regression test on platforms with strict alignment (fdo#67279) - Avoid calling function parameters "interface" since certain Windows headers have a namespace-polluting macro of that name (fdo#66493) - Assorted Doxygen fixes (fdo#65755) - Various thread-safety improvements to static variables (fdo#68610) - Make "make -j check" work (fdo#68852) - Fix a NULL pointer dereference on an unlikely error path (fdo#69327) - Improve valgrind memory pool tracking (fdo#69326) - Don't over-allocate memory in dbus-monitor (fdo#69329) - dbus-monitor can monitor dbus-daemon < 1.5.6 again (fdo#66107) + Unix-specific: - If accept4() fails with EINVAL, as it can on older Linux kernels with newer glibc, try accept() instead of going into a busy-loop. (fdo#69026) - If socket() or socketpair() fails with EINVAL or EPROTOTYPE, for instance on Hurd or older Linux with a new glibc, try without SOCK_CLOEXEC. (fdo#69073) - Fix a file descriptor leak on an error code path. (fdo#69182) - dbus-run-session: clear some unwanted environment variables (fdo#39196) - dbus-run-session: compile on FreeBSD (fdo#66197) - Don't fail the autolaunch test if there is no DISPLAY (fdo#40352) - Use dbus-launch from the builddir for testing, not the installed copy (fdo#37849) - Fix compilation if writev() is unavailable (fdo#69409) - Remove broken support for LOCAL_CREDS credentials passing, and document where each credential-passing scheme is used (fdo#60340) - Make autogen.sh work on *BSD by not assuming GNU coreutils functionality (fdo#35881, fdo#69787) - dbus-monitor: be portable to NetBSD (fdo#69842) - dbus-launch: stop using non-portable asprintf (fdo#37849) - Improve error reporting from the setuid activation helper (fdo#66728) + Internal changes: - add DBUS_ENABLE_ASSERT, DBUS_ENABLE_CHECKS for less confusing conditionals (fdo#66142) - improve verbose-mode output (fdo#63047) - consolidate Autotools and CMake build (fdo#64875) - fix various unused variables, unusual build configurations etc. (fdo#65712, fdo#65990, fdo#66005, fdo#66257, fdo#69165, fdo#69410, fdo#70218) - Dropped 0001-_dbus_babysitter_unref-avoid-infinite-loop-if-waitpi.patch, included in this release- Create /var/lib/dbus/machine-id only if there is no /etc/machine-id present on the system. Dbus knows how to use the system-wide machine-id file and this solves problems where the two files have different values (bnc#831626)- Check for existence of /var/lib/old_run_path: if found, only then is dbus ListenStream swapped for old run path. This is done for supporting 12.3 to 13.1 upgrade (bnc#802525) - Fix rpmlint warnings about %verifyscript and %set_permissions- Revert to previous version of dbus-fall-back-to-old-run-directory.patch as latest version causes a fallout- Amend dbus-fall-back-to-old-run-directory.patch to prevent a new class of hangs while upgrading D-Bus along with other services (bnc#802525).- Added 0001-_dbus_babysitter_unref-avoid-infinite-loop-if-waitpi.patch from upstream for resolving fdo#68945, bnc#782909- to avoid a cycle with systemd, build the daemon in dbus-x11.spec. It would be wise to rename dbus-1.spec to dbus-1-libs.spec and dbus-1-x11.spec to dbus-1.spec, but I first wanted to hear feedback- Update to 1.7.4 + CVE-2013-2168: Fix misuse of va_list that could be used as a denial of service for system services. + It should now be safe to call dbus_threads_init_default() from any thread, at any time + In dbus-daemon, don't crash if a .service file starts with key=value + Fix an assertion failure if we try to activate systemd services before systemd connects to the bus (fdo#50199) - Adjusted dbus-do-autolaunch.patch for this release- Remove the override that was added in solving bnc#802525, as it causes similar situation when upgrading dbus and systemd simultaneously. - Adjusted rc.boot.dbus script so it uses /run instead of /var/run- Update to 1.7.2 + Diagnose incorrect use of dbus_connection_get_data() with negative slot (i.e. before allocating the slot) rather than returning junk (fdo #63127) + The --with-dbus-session-bus-default-address configure option is no longer supported + Under systemd, log to syslog only, not stderr, avoiding duplication (fdo#61399, fdo#39987) + Under systemd, remove unnecessary dependency on syslog.socket (fdo#63531) + Allow use of systemd-logind without the rest of systemd (fdo#62585) - Dropped dbus-move-everything-to-run-directory.patch, since we can define location of system pid and socket with configure flags and set the flags accordingly - Added xmlto BuildRequires, it is needed now for man files- Update to 1.6.10 + Following Unicode Corrigendum #9, the noncharacters U+nFFFE, U+nFFFF, U+FDD0..U+FDEF are allowed in UTF-8 strings again. (fdo#63072) + Diagnose incorrect use of dbus_connection_get_data() with negative slot (i.e. before allocating the slot) rather than returning junk (fdo#63127) + In the activation helper, when compiled for tests, do not reset the system bus address, fixing the regression tests. (fdo#52202) + Fix building with Valgrind 3.8, at the cost of causing harmless warnings with Valgrind 3.6 on some compilers (fdo#55932) + Don't leak temporary fds pointing to /dev/null (fdo#56927,) + Create session.d, system.d directories under CMake (fdo#41319) + Include alloca.h for alloca() if available, fixing compilation on Solaris 10 (fdo#63071)- Spec file changes moving files from /var/run to /run. - Add dbus-move-everything-to-run-directory.patch by rmilasan. This moves everything (pid files, lock files, etc.) to /run. - Add dbus-fall-back-to-old-run-directory.patch (bnc#802525).- Revert patch: dbus-move-everything-to-run-directory.patch (bnc#802525).- Move everything (pid files, lock files, etc.) to /run. add: dbus-move-everything-to-run-directory.patch- Update to 1.6.8 * Follow up to CVE-2012-3524: The additional hardening work to use __secure_getenv() as a followup to bug #52202 broke certain configurations of gnome-keyring. Given the difficulty of making this work without extensive changes to gnome-keyring, use of __secure_getenv() is deferred. * CVE-2012-3524: Don't access environment variables (fdo#52202) Thanks to work and input from Colin Walters, Simon McVittie, Geoffrey Thomas, and others. * Detect that users are "at the console" correctly when configured with a non-default path such as --enable-console-auth-dir=/run/console (fdo#51521, Dave Reisner) * Remove an incorrect assertion from DBusTransport (fdo#51657, Simon McVittie) * Change how we create /var/lib/dbus so it works under Automake >= 1.11.4 (fdo#51406, Simon McVittie) * Don't return from dbus_pending_call_set_notify with a lock held on OOM (fdo#51032, Simon McVittie) * Disconnect "developer mode" (assertions, verbose mode etc.) from Automake maintainer mode. D-Bus developers should now configure with - -enable-developer. Automake maintainer mode is now on by default; distributions can disable it with --disable-maintainer-mode. (fdo#34671, Simon McVittie) * Unix-specific: - Check for libpthread under CMake on Unix (fdo#47237, Simon McVittie) * New requirements - PTHREAD_MUTEX_RECURSIVE on Unix - compiler support for 64-bit integers (int64_t or equivalent) * D-Bus Specification v0.19 * New dbus-daemon features - rules allow the service to own names like com.example.Service.Instance3 - optional systemd integration when checking at_console policies - --nopidfile option, mainly for use by systemd - path_namespace and arg0namespace may appear in match rules - eavesdropping is disabled unless the match rule contains eavesdrop=true * New public API - functions to validate various string types (dbus_validate_path() etc.) - dbus_type_is_valid() - DBusBasicValue, a union of every basic type * Bug fixes - removed an unsafe reimplementation of recursive mutexes - dbus-daemon no longer busy-loops if it has far too many file descriptors - dbus-daemon.exe --print-address works on Windows - all the other bug fixes from 1.4.20 * Other major implementation changes - on Linux, dbus-daemon uses epoll if supported, for better scalability - dbus_threads_init() ignores its argument and behaves like dbus_threads_init_default() instead - removed the per-connection link cache, improving dbus-daemon performance * Developer features - optional Valgrind instrumentation (--with-valgrind) - optional Stats interface on the dbus-daemon (--enable-stats) - optionally abort whenever malloc() fails (--enable-embedded-tests and export DBUS_MALLOC_CANNOT_FAIL=1) * Be more careful about monotonic time vs. real time, fixing DBUS_COOKIE_SHA1 spec-compliance (fdo#48580, David Zeuthen) * Don't use install(1) within the source/build trees, fixing the build as non-root when using OpenBSD install(1) (fdo#48217, Antoine Jacoutot) * Add missing commas in some tcp and nonce-tcp addresses, and remove an unused duplicate copy of the nonce-tcp transport in Windows builds (fdo#45896, Simon McVittie) - remove patch dbus-cve-2012-3524.patch as incorporated upstream- Enable systemd integration (with_systemd 1): follow the rest of the distribution enabling systemd support. As agreed, systemd is the main supported way for 12.3.- Move default home from /var/run/dbus to /run/dbus - Fix useradd invocation: -o is useless without -u and newer versions of pwdutils/shadowutils fail on this now.- Link /usr/bin/dbus-send to /bin/dbus-send. Upower uses dbus-send to receive signals from systemd regarding resuming, however looks for the moment in the wrong directory.- Fix factory breakage on systemd units directory- remove sysvinit requires from the package - remove %run_permissions macro- baselibs: dbus-1-devel-32bit must require libdbus-1-3-32bit- remove libzio build dependency- dbus-cve-2012-3524.patch: Add patch for CVE-2012-3524 to fix getenv() vulnerability in setuid root binaries (bnc#697105)- Add pkgconfig(x11) as BuildRequires instead of xorg-x11-devel so we don't depend on Mesa and create a build cycle.- Move ownership of /etc/dbus-1/{session.d,system.d} and /usr/share/dbus-1/{interfaces,services,system-services} to libdbus-1-3 instead of dbus-1: many dbus users put files there, and it's annoying to force them to own those directories.- added libdbus-1-3 to build for -32bit... - adeed post and postun sections for libdbus-1-3- More news from the dependency hell: Let dbus-1-devel require dbus-1.- Split dbus-1 into libdbus-1 and dbus-1.- Update to version 1.5.12: - Add public API to validate various string types: dbus_validate_path(), dbus_validate_interface(), dbus_validate_member(), dbus_validate_error_name(), dbus_validate_bus_name(), dbus_validate_utf8() (fdo#39549, Simon McVittie) - Turn DBusBasicValue into public API so bindings don't need to invent their own "union of everything" type (fdo#11191, Simon McVittie) - Enumerate data files included in the build rather than using find(1) (fdo#33840, Simon McVittie) - Add support for policy rules like in dbus-daemon (fdo#46273, Alban Crequy) - Windows-specific: - make dbus-daemon.exe --print-address (and --print-pid) work again on Win32, but not on WinCE (fdo#46049, Simon McVittie) - fix duplicate case value when compiling against mingw-w64 (fdo#47321, Andoni Morales Alastruey)- Revert my last change completely, and go back to using -fpie in CFLAGS and -pie in LDFLAGS for the whole build: after discussion upstream in fdo#46570, it appears that this is the recommended way to harden the build.- Change the way we pass -fpie/-pie: + Stop changing CFLAGS/LDFLAGS in %build to add -fpie/-pie. + Add dbus-1-suid_flags.patch: respect SUID_CFLAGS/SUID_LDFLAGS when building the suid binary (dbus-daemon-launch-helper). + Set SUID_CFLAGS to -fPIE and SUID_LDFLAGS to -pie in %build.- move with_systemd definition into COMMON part to fix dbus-1-x11- Update to version 1.5.10: + D-Bus Specification 0.19: - Formally define unique connection names and well-known bus names, and document best practices for interface, bus, member and error names, and object paths (fdo#37095) - Document the search path for session and system services on Unix, and where they should be installed by build systems (fdo#21620, fdo#35306) - Document the systemd transport (fdo#35232) + Make dbus_threads_init() use the same built-in threading implementation as dbus_threads_init_default(); the user-specified primitives that it takes as a parameter are now ignored (fdo#43744) + Allow all configured auth mechanisms, not just one (fdo#45106) + Improve cmake build system. + Build tests successfully with older GLib, as found in e.g. Debian 6 (fdo#41219) + Avoid use of deprecated GThread API (fdo#44413) + Build documentation correctly if man2html doesn't support filenames on its command-line (fdo#43875) + Improve test coverage. To get even more coverage, run the tests with DBUS_TEST_SLOW=1 (fdo#38285, fdo#42811) + Reduce the size of the shared library by moving functionality only used by dbus-daemon, tests etc. into their internal library and deleting unused code (fdo#34976, fdo#39759) + Add dbus-daemon --nopidfile option, overriding the configuration, for setups where the default configuration must include to avoid breaking traditional init, but the pid file is in fact unnecessary; use it under systemd to improve startup time a bit (fdo#45520) + Optionally (if configured --with-valgrind) add instrumentation to debug libdbus and associated tools more meaningfully under Valgrind (fdo#37286) + Improve the dbus-send(1) man page (fdo#14005) + Make dbus-protocol.h compatible with C++11 (fdo#46147) + If tests are enabled and DBUS_MALLOC_CANNOT_FAIL is set in the environment, abort on failure to malloc() (like GLib does), to turn runaway memory leaks into a debuggable core-dump if a resource limit is applied (fdo#41048) + Don't crash if realloc() returns NULL in a debug build (fdo#41048) + Unix-specific: - Replace our broken reimplementation of recursive mutexes, which has been broken since 2006, with an ordinary pthreads recursive mutex (fdo#43744) - Use epoll(7) for a more efficient main loop in Linux; equivalent patches welcomed for other OSs' equivalents like kqueue, /dev/poll, or Solaris event ports (fdo#33337) - When running under systemd, use it instead of ConsoleKit to check whether to apply at_console policies (fdo#39609) - Avoid a highly unlikely fd leak (fdo#29881) - Don't close invalid fd -1 if getaddrinfo fails (fdo#37258) - Don't touch ~/.dbus and ~/.dbus-keyrings when running 'make installcheck' (fdo#41218) - Stop pretending we respect XDG_DATA_DIRS for system services: the launch helper doesn't obey environment variables to avoid privilege escalation attacks, so make the system bus follow the same rules (fdo#21620) + Windows-specific fixes. - Get ready for a switch to systemd: + Add a with_systemd macro, currently set to 0 as the systemd support would introduce a build cycle between dbus-1 and systemd. + Add pkgconfig(libsystemd-daemon) and pkgconfig(libsystemd-login) BuildRequires and pass - -enable-systemd to configure if we build systemd support.- fixed bnc#743149 - added position independent flags to compilation and linking(-fpie/-pie)- add patch to enable X11 autolaunch even if configure thinks it can't be done (bnc#707817)- update to version 1.5.8: * Clean up dead code, and make more warnings fatal in development builds (fdo#39231, fdo#41012; Simon McVittie) * Add a regression test for fdo#38005 (fdo#39836, Simon McVittie) * Add _DBUS_STATIC_ASSERT and use it to check invariants * Fix a small memory leak, and a failure to report errors, when updating a service file entry for activation (fdo#39230, Simon McVittie) * Clean up (non-abstract) Unix sockets on bus daemon exit * On systems that use libcap-ng but not systemd, drop supplemental groups when switching to the daemon user (Red Hat #726953, Steve Grubb)- add libtool as buildrequire to make the spec file more reliable- Remove redundant tags/sections from specfile (cf. packaging guidelines)- Update to version 1.5.6: + Potentially incompatible (Bustle and similar debugging tools will need changes to work as intended): - Do not allow match rules to "eavesdrop" (receive messages intended for a different recipient) by mistake: eavesdroppers must now opt-in to this behaviour by putting "eavesdrop='true'" in the match rule, which will not have any practical effect on buses where eavesdropping is not allowed (fdo#37890) + Other changes: - D-Bus Specification version 0.18 (fdo#37890, fdo#39450, fdo#38252): . add the "eavesdrop" keyword to match rules . define eavesdropping, unicast messages and broadcast messages . stop claiming that match rules are needed to match unicast messages to you . promote the type system to be a top-level section - Use DBUS_ERROR_OBJECT_PATH_IN_USE if dbus_connection_try_register_object_path or dbus_connection_try_register_fallback fails, not ...ADDRESS_IN_USE, and simplify object-path registration (fdo#38874) - Consistently use atomic operations on everything that is ever manipulated via atomic ops, as was done for changes to DBusConnection's refcount in 1.4.12 (fdo#38005) - Fix a file descriptor leak when connecting to a TCP socket (fdo#37258) - Make "make check" in a clean tree work, by not running tests until test data has been set up (fdo#34405) - The dbus-daemon no longer busy-loops if it has a very large number of file descriptors (fdo#23194) - Refactor message flow through dispatching to avoid locking violations if the bus daemon's message limit is hit; remove the per-connection link cache, which was meant to improve performance, but now reduces it (fdo#34393) - Some cmake fixes - Remove dead code, mainly from DBusString (fdo#38570, fdo#39610) - Stop storing two extra byte order indicators in each D-Bus message (fdo#38287) - Add an optional Stats interface which can be used to get statistics from a running dbus-daemon if enabled at configure time with --enable-stats (fdo#34040) - Fix various typos (fdo#27227, fdo#38284) - Documentation (fdo#36156): . let xsltproc be overridden as usual: ./configure XSLTPROC=myxsltproc . install more documentation automatically, including man2html output . put dbus.devhelp in the right place (it must go in ${htmldir}) - Unix-specific: . look for system services in /lib/dbus-1/system-services in addition to all the other well-known locations; note that this should always be /lib, even on platforms where shared libraries on the root FS would go in /lib64, /lib/x86_64-linux-gnu or similar (fdo#35229) . opt-in to fd passing on Solaris (fdo#33465) - Windows-specific: . fix use of a mutex for autolaunch server detection . don't crash on malloc failure in _dbus_printf_string_upper_bound - Manually create /lib/dbus-1/system-services in %install so that we can own it.- Update to version 1.5.4: + Security (local denial of service): - Byte-swap foreign-endian messages correctly, preventing a long-standing local DoS if foreign-endian messages are relayed through the dbus-daemon (fdo#38120, deb#629938, no CVE number yet) + New things: - The constant to use for an infinite timeout now has a name, DBUS_TIMEOUT_INFINITE. - If GLib and DBus-GLib are already installed, more tests will be built, providing better coverage.(fdo#34570) + Changes: - Consistently use atomic operations for the DBusConnection's refcount, fixing potential threading problems (fdo#38005) - Don't use -Wl,--gc-sections by default: in practice the size decrease is small (300KiB on x86-64) and it frequently doesn't work in unusual toolchains. (fdo#33466) - Use #!/bin/sh for run-with-tmp-session-bus.sh, making it work on *BSD (fdo#35880) - Use ln -fs to set up dbus for systemd, which should fix reinstallation when not using a DESTDIR (fdo#37870) - Windows-specific changes: . don't try to build dbus-daemon-launch-helper (fdo#37838) - Changes from version 1.5.2: + Notes for distributors: - This version of D-Bus no longer uses -fPIE by default. + Changes: + D-Bus Specification v0.17 . Reserve the extra characters used in signatures by GVariant (fdo#34529) . Define the ObjectManager interface (fdo#34869) + Don't force -fPIE: distributions and libtool know better than we do whether it's desirable (fdo#16621, fdo#27215) + Allow --disable-gc-sections, in case your toolchain offers the -ffunction-sections, -fdata-sections and - Wl,--gc-sections options but they're broken, as seen on Solaris (fdo#33466) + Install dbus-daemon and dbus-daemon-launch-helper in a more normal way (fdo#14512) + Ensure that maintainers upload documentation with the right permissions (fdo#36130) + Don't force users of libdbus to be linked against - lpthread, -lrt (fdo#32827) + Log system-bus activation information to syslog (fdo#35705) + Log messages dropped due to quotas to syslog (fdo#35358) + Make the nonce-tcp transport work on Unix (fdo#34569) + On Unix, if /var/lib/dbus/machine-id cannot be read, try /etc/machine-id (fdo#35228) + In the regression tests, don't report fds as "leaked" if they were open on startup (fdo#35173) + Make dbus-monitor bail out if asked to monitor more than one bus, rather than silently using the last one (fdo#26548) + Clarify documentation (fdo#35182) + Clean up minor dead code and some incorrect error handling (fdo#33128, fdo#29881) + Check that compiler options are supported before using them (fdo#19681) + Windows: . Remove obsolete workaround for winioctl.h (fdo#35083)- Fix filelist to own a directory. - Do not package html files twice.- buildrequire update-desktop-files for mimetypes.prov- switch to download_files service- changes license to GPL2+ or AFL 2.1- Update to 1.5.0 * D-Bus Specification v0.16 - Add support for path_namespace and arg0namespace in match rules (fdo#24317, #34870; Will Thompson, David Zeuthen, Simon McVittie) - Make argNpath support object paths, not just object-path-like strings, and document it better (fdo#31818, Will Thompson) * Let the bus daemon implement more than one interface (fdo#33757, Simon McVittie) * Optimize _dbus_string_replace_len to reduce waste (fdo#21261, Roberto Guido) * Require user intervention to compile with missing 64-bit support (fdo#35114, Simon McVittie) * Add dbus_type_is_valid as public API (fdo#20496, Simon McVittie) * Raise UnknownObject instead of UnknownMethod for calls to methods on paths that are not part of the object tree, and UnknownInterface for calls to unknown interfaces in the bus daemon (fdo#34527, Lennart Poettering)- Update to 1.4.8 * Rename configure.in to configure.ac, and update it to modern conventions (fdo#32245; Javier Jardón, Simon McVittie) * Correctly give XDG_DATA_HOME priority over XDG_DATA_DIRS (fdo#34496, Anders Kaseorg) * Prevent X11 autolaunching if $DISPLAY is unset or empty, and add - -disable-x11-autolaunch configure option to prevent it altogether in embedded environments (fdo#19997, NB#219964; Simon McVittie) * Install the documentation, and an index for Devhelp (fdo#13495, Debian #454142; Simon McVittie, Matthias Clasen) * If checks are not disabled, check validity of string-like types and booleans when sending them (fdo#16338, NB#223152; Simon McVittie) * Add UnknownObject, UnknownInterface, UnknownProperty and PropertyReadOnly errors to dbus-shared.h (fdo#34527, Lennart Poettering) * Break up a huge conditional in config-parser so gcov can produce coverage data (fdo#10887, Simon McVittie) * List which parts of the Desktop Entry specification are applicable to .service files (fdo#19159, Sven Herzberg) * Don't suppress service activation if two services have the same Exec= (fdo#35750, Colin Walters) * Windows: - Avoid the name ELEMENT_TYPE due to namespace-pollution from winioctl.h (Andre Heinecke) - Include _dbus_path_is_absolute in libdbus on Windows, fixing compilation (fdo#32805, Mark Brand)- Update to 1.4.6 * Remove unfinished changes intended to support GTest-based tests, which were mistakenly included in 1.4.4 - Update to 1.4.4 * Switch back to using even micro versions for stable releases; 1.4.1 should have been called 1.4.2, so skip that version number * Don't leave bad file descriptors being watched when spawning processes, which could result in a busy-loop (fdo#32992, NB#200248; possibly also LP#656134, LP#680444, LP#713157) * Check for MSG_NOSIGNAL correctly * Fix failure to detect abstract socket support (fdo#29895) * Make _dbus_system_logv actually exit with DBUS_SYSTEM_LOG_FATAL (fdo#32262, NB#180486) * Improve some error code paths (fdo#29981, fdo#32264, fdo#32262, fdo#33128, fdo#33277, fdo#33126, NB#180486) * Avoid possible symlink attacks in /tmp during compilation (fdo#32854) * Tidy up dead code (fdo#25306, fdo#33128, fdo#34292, NB#180486) * Improve gcc malloc annotations (fdo#32710) * If the system bus is launched via systemd, protect it from the OOM killer * Documentation improvements (fdo#11190) * Avoid readdir_r, which is difficult to use correctly (fdo#8284, fdo#15922, LP#241619) * Cope with invalid files in session.d, system.d (fdo#19186, Debian #230231) * Don't distribute generated files that embed our builddir (fdo#30285, fdo#34292) * Raise the system bus's fd limit to be sufficient for its configuration (fdo#33474, LP#381063) * Fix syslog string processing * Ignore -Waddress * Remove broken gcov parsing code and --enable-gcov, and replace them with lcov HTML reports and --enable-compiler-coverage (fdo#10887) * Windows: - avoid live-lock in Windows CE due to unfair condition variables * OpenBSD: - support credentials-passing (fdo#32542) * Solaris: - opt-in to thread safety (fdo#33464)- Update to 1.4.1 + Fix for CVE-2010-4352: sending messages with excessively-nested variants can crash the bus. The existing restriction to 64-levels of nesting previously only applied to the static type signature; now it also applies to dynamic nesting using variants. Thanks to Rémi Denis-Courmont for discoving this issue. + Various bug fixes. + For details, see http://lists.freedesktop.org/archives/dbus/2010-December/013861.html- Fix package list, own /lib/systemd directories.- ConsoleKit may not be installed on the system, so kill the process at "stop" only if it is running- add missimg BuildRequires on libcap-ng-devel so dbus can drop capabilities when needed.- version 1.4.0 - make dbus-uuidgen atomic - fix socket descriptor leak in _dbus_connect_tcp_socket_with_nonce - unconditionally enable D-Bus on systemd boots- update systemd service installation- drop systemd-units- update to 1.3.2 snapshot - New standardized PropertiesChanged signal in the properties interface - Support forking bus services, for compatibility - install systemd service files- use %_smp_mflags- Update to version 1.2.24: + For details, see http://lists.freedesktop.org/archives/dbus/2010-March/012436.html + Highlights: - Fix a critical crasher bug in the syslog code + [bus] While creating a syslog, correctly get pointer data from DBusString + [bus] Don't install a SIGTERM handler + [64 bit printf] Update to use DBUS_PID_FORMAT, print (omitted) + Move dispatching to destination to bus_dispatch_matches() + Dispatch post-activation messages to anyone interested + Build changes. - Changes from version 1.2.22: + For details, see http://lists.freedesktop.org/archives/dbus/2010-March/012395.html + Highlights: - Fix to avoid UI freezes in newer Evolution versions (and any other program that makes synchronous DBus calls from a non-main thread). - Monitor service directories for changes + When handling a watch, return if another thread is doing I/O + Monitor service directories for changes + Sync up UNICODE_VALID with glib, add documentation + Support inotify on older kernels + Handle OOM in reload watch + Refactor _dbus_log_info, _dbus_log_security into _dbus_log_system + Add DBUS_SYSTEM_LOG_FATAL severity + Add _dbus_credentials_to_string_append + Add a prefix to our syslog messages + Make SELinux initialization failure fatal + Don't send an reply for driver messages if one isn't requested + Fix double-free in error case. + Other simple fixes, build fixes. + Explicitly specify in the spec lower-case hex must be used + Use AM_SILENT_RULES if available - Changes from version 1.2.20: + For details, see http://lists.freedesktop.org/archives/dbus/2010-February/012156.html + Fix inotify shutdown + Fix compilation in --disable-selinux case - Changes from version 1.2.18: + For details, see http://lists.freedesktop.org/archives/dbus/2010-February/012150.html + Ignore exit code zero from activated services + Switch to libcap-ng, avoid linking libdbus against libcap[-ng] + Don't drop pending activations when reloading configuration + Update messagebus.in init script to start earlier + Clean up inotify watch handling + Don't crash when reloading if we haven't loaded user database yet + fdo#23502 - corrected wrong verbose-output + Correct timeout handling + dbus-monitor: use unbuffered stdout instead of handling SIGINT + fdo#25697 - Fix memory leak in policy reload + fdo#23977 - dbus-launch --exit-with-session not killing dbus-daemon on SIGINT + Use monotonic clock for _dbus_get_current_time() if it's available. + Make array-printing code easier to follow + Forbid zero serial numbers + Include reason when reporting corrupt messages + Add an accessor for the loader's corruption reason + Print byte arrays as nicely-formatted hex. + Print all-printable-ASCII byte arrays as strings + Build fixes, including fdo#19432, fdo#22788, fdo#22805- add baselibs.conf as a source - package documentation as noarch- Implemented /etc/init.d/dbus reload (bnc#503074).- fix %changelog- added dbus-1-devel to baselibs.conf- fix --libexecdir to be the proper /lib/dbus-1/ directory- update to 1.2.16 release - Avoid race conditions reading message from exited process - Ensure initialized variable in dbus_connection_remove_filter - Don't fail autolaunching if process has SIGCHLD handler - Ensure inotify fd is set close on exec - Make sure a pending call timeout isn't assumed - Allow a pending call to block forever - Don't allocate DBusTimeout for pending call when passed INT_MAX - Update documentation now that INT_MAX means no timeout - Fix issue where timeouts can overflow - Remove 6 hour timeout restriction - Unrestrict session bus timeout- use --disable-static instead of removing static libraries- Make boot script smart/bin/sh/bin/shlamb13 15129936001.12.2-lp150.1.31.12.2-lp150.1.3dbus-launchdbus-launchdbus-launch.x11/etc/alternatives//usr/bin/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Leap:15.0/standard/2af0dbcb797cdaf90858a6b9cfe27003-dbus-1-x11cpioxz5x86_64-suse-linuxcannot open `/home/abuild/rpmbuild/BUILDROOT/dbus-1-x11-1.12.2-lp150.1.3.x86_64/etc/alternatives/dbus-launch' (No such file or directory)ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=79dfaece61c9784e23a97ebe7245c825b7a75b8a, stripped R R R RRRRRR R RRR"-l[`9vpackageand(dbus-1:libX11-6)utf-8f3a2254f68a0156ab2e99795092740a8ddbf6773ea6106479ee939c91d8a07b2?7zXZ !t/lo'] cNDfW*6*=5'=;DpXBOe"n^![al &vczz #G%a|y3Ү2ӫUS qPdz.p|J\Z)TYJF!-,p [{@FrAUWf +u]fQaaٽj;I Kܵk.#Zl/"z4tNRꆜsj_z-p7|Tݮۡ: Q3+P',pVK٬*L8l ׉ld}6nfyku 0y~Jdr⑰Oҽ' ;6+}%'iMN),s?;XTtX_*> =dgbe  ĚrL.י UL2!΁2697زUOz'ۥSvHnWUzKP50Pej⨐G0phrVZ9n?(Y!ݸMK&Ve@aC4!ՃS۞Die g*ƥ·qv^/&QӄV;vm >@#__UJ5D$ =UuXk fz& ݔ-mn*?z2 /m=iQj+ZQ&0-H"|cv%_1N{!\ @qΌ= qH2ZPXILGKˆ<NN4k\$>G;=w:%pTEP_aY1-\ g]_ծ-)\3 Pn$)*T1:xhx%se#Xkn,ȑbԢ`$.mjC<*8 )"ӡ9ň%B<()3 )F@Me [dp+y+@tgEa:#9R}WU*T4&j -eEETIJYt5L`ښuD@{ys;4h?EqrpAc C "vx9km G7ԙ,5.!p "@_ׅSRqWAR, G V{b_w9i>s1U%eQ @qL]5cȕ/F&wWb;wDP }t-tz=^U>95S [{pIѩG!Bןɶ "5Š/Q&$¼o6*f{-Rm]ڵc\L*wTGuǿ(GאVU)3Nd-l،z7YfQqo\H&9l…S CZfKzV4 XEڞYs6Ca{wS&TOϿSlnl1CdkXpR |L$=JpT/.A\c}٬ɨٸlG@%6>{*b ;~aa盧!Zy>A mܚ Ik < Z|lir#tTRa*=GJ7nB|*p=￐_Ԛ䓆{6Źtր?.n@׫a~r#mCbd]B_ƒd}BԁsaˢRiQ_i\ /-QpTC~Ȫ4ee|!ϱ/!vX:m;O|u)`8!ǿQ{_pB@B&~:p Uh4Ucç,wbB@j7U2ӭe,wZی(٪l/q&HvIU- eq+&„`Tz<" b&n2Ϸ0lk$봿[Zyy^\7pvY짱)#o% ¨w#B8P"ȜU,㠻]Z"Z7c73!1z:L.X)C۠[y]k an^cqƘl[(R"wɀJ`Z/ O&B4~v69\/ny=NRЯy5ֹ8j,A۩{3egՔ$Lz_}r K-0ZjP~!Lk\0cYCX㦙=aS%μMYh Vr>sGC5G/91( (h$Ys?ਗE@#Qt!J2]MB:/id>Ҡ1]; "RF#7Krhkl}~:c1]| AI.GScc^9"j2эA,p2cA2+V}SoE9[WS.ޙPB&D,2֣(QX%T+W٣J6{ŻOO%zkw>G4N` М)!njGtI0_%m> 30a#JNߨl5";Q\~Rh<^RdH5"1bj/ HYohm.6w'N侓>%(֬92 V/xObK;5?!z26_ e\~ p2Pk\ 6!Ү }u>TS54u?ӣݭ+ܐ\ L}J A57sw幺 lm aݴډ5TYYj̠F@,@>â-uV~$.P`igy`g:vc},v >[0pH%I%Ug̴(O|'L%}eIGrSJI @`\dH.%Lvpъ!+Ǎq%^_Fk﹥I#fƝyB B _f>z|jӤ c~=4wB!=SI1hA 0PJ)g `f1)'$4& 8#{`*P#2Lee2]Ɓaؐkstm1ߘzv^pknG#mP`: ߅mB-h5BT` 據Vl #]#?Į&!=|X9*`hyO(stڥNU}?Qvl\+ ̌Bg$_CQd-&T-<Z.RS1BdFUIC%$WYX%?-OB}2;of-c~/4R8M QVSYIp%Ώlמ8)ŗ/\9Ǩњo(.mZTlGhQ?8 _/NHZM6H~Χu䨛YH%Tʹaip-?>Qʼnn}l2ʩQ.uZhMg(6J}w|Wk2{O n^WVd3J,{AMpD2|Ծ_bk$DY"'y kʲ=did~."i㈥&;̚bDe U<`Hnj"7?MghcYLժ,jf ̳N- BY *vm z[Ha}j@3!j+T`e$(&ڑL @2gȢriw"RLk u!?4>g02?\bF&@E¤r:O[*n41B}qoJhڽP "XjԽÑVBт GōK]|@ Q'W@ؘf+LޔaD9ǜ)tw\h}^]`r͖tROa?(Ʀi6:Waj3dbo7aBUT1D|}FwحLݬDy"kNFNK0} z2HVŊv™ 5^^@C1ΚH2uzV5N ?QXWjng^;6ï[hF㜓`˴p't; Iq q`: 3 x9'2Ө|FLA0Y.h*dƷgkRėG豵Y^ު]Um8/;#8Peew W;XEP w+@}װ Ј s.HLz_"CNF`uPCE"I#PVRl2ofZ5QU3PC]÷s OV'o׺h_ڭ g!WHYoi 1&K<߁;p f((7/}f$yץA'w\kX_dL4p*u2M2Ω\Ƚ`O K0ŎB#v-yF㚵f y:=kꇯ$teJBŚ%N{ ==1:kpL#H@kUe-Xf"6X`~0$Fdv\=y A&?73洄0O{ WBfcfzm'|u[0g|er/G='(25z]"RR y NBߺߴ ~Ö &GOpp$whf`wb {13uH|Gm$Q$oSjCzM mΉ`aK]#И)[$~hW^b~c6m_m\=4&%r#m J c `@XMbkդJ֛&(LK`0adK{͟dOnAG,I+лV-}|] w"^_mم ~FJJ9=>qvt9R|шVWJ<#/ԚCsTD G/(Ӽ~҅V"+QWm LQ$h j8/[{cuNt8 ^,/)8N esPU?`<޵OWk 믵?- ASD7jvdu0{cnP"=B EAi#Π&Pfl)tsZlg?5^y IG|]kp֠rpEYXZ㐅=d,| ?znW=MzN }BuƊ|O5לxZqA rs[D  UNq$T&djU:s3-bM)qT")C e--@lz4rM?.Fg` 9KL]#REB6͍@Bw]|DzTݡ?QMH޴<"g?K YhYGAX9:onl3WE u|  ?s&kEPϏݫfﰷF$BX']\xtح08E~ 4Yp²[GwkeM^?E -̮ǃ٨é;z 挢 Ҳ]HdITO{K5㧼 W)Ѓ5C`ym\y>tγM!(Q/AS,6\*p!c_X7A1m``ۃ jzJR \/!qsŵ_ oͦ]dG43u$MJ `tui]Acc5o#LX63ېtC[m󰿂J(=\;|pD/0B+o$7%CnK g3ڴa1Pe1`auSځl#aۼbc՝AꔥD_0e+.V_mU(kI Uⴥݡ?B^_Kj1&Y f8zcrBΜCVj@Y\&P:FInŘgIEg>xeCISpkhsVXOĪ YZ