Hello community, here is the log from the commit of package dbus-1 for openSUSE:Factory checked in at 2020-08-19 18:44:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dbus-1 (Old) and /work/SRC/openSUSE:Factory/.dbus-1.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dbus-1" Wed Aug 19 18:44:38 2020 rev:162 rq:826904 version:1.12.20 Changes: -------- New Changes file: --- /dev/null 2020-08-06 00:20:10.149648038 +0200 +++ /work/SRC/openSUSE:Factory/.dbus-1.new.3399/dbus-1-devel-doc.changes 2020-08-19 18:45:09.723475335 +0200 @@ -0,0 +1,3220 @@ +------------------------------------------------------------------- +Thu Jul 16 21:28:10 UTC 2020 - Matthias Eliasson <eli...@opensuse.org> + +- Update to 1.12.20 + * On Unix, avoid a use-after-free if two usernames have the same + numeric uid. In older versions this could lead to a crash (denial of + service) or other undefined behaviour, possibly including incorrect + authorization decisions if <policy group=...> is used. + Like Unix filesystems, D-Bus' model of identity cannot distinguish + between users of different names with the same numeric uid, so this + configuration is not advisable on systems where D-Bus will be used. + Thanks to Daniel Onaca. + (dbus#305, dbus!166; Simon McVittie) +- From 1.12.18 + * CVE-2020-12049: If a message contains more file descriptors than can + be sent, close those that did get through before reporting error. + Previously, a local attacker could cause the system dbus-daemon (or + another system service with its own DBusServer) to run out of file + descriptors, by repeatedly connecting to the server and sending fds that + would get leaked. + Thanks to Kevin Backhouse of GitHub Security Lab. + (dbus#294, GHSL-2020-057; Simon McVittie) + * Fix a crash when the dbus-daemon is terminated while one or more + monitors are active (dbus#291, dbus!140; Simon McVittie) + * The dbus-send(1) man page now documents --bus and --peer instead of + the old --address synonym for --peer, which has been deprecated since + the introduction of --bus and --peer in 1.7.6 + (fd.o #48816, dbus!115; Chris Morin) + * Fix a wrong environment variable name in dbus-daemon(1) + (dbus#275, dbus!122; Mubin, Philip Withnall) + * Fix formatting of dbus_message_append_args example + (dbus!126, Felipe Franciosi) + * Avoid a test failure on Linux when built in a container as uid 0, but + without the necessary privileges to increase resource limits + (dbus!58, Debian #908092; Simon McVittie) + * When building with CMake, cope with libX11 in a non-standard location + (dbus!129, Tuomo Rinne) +- Run spec-cleaner + +------------------------------------------------------------------- +Sun Jan 19 02:59:34 UTC 2020 - Stefan Brüns <stefan.bru...@rwth-aachen.de> + +- Move generation of API docs to a separate package, avoid doxygen + dependency for building main package. +- Build x11 and devel-doc (API doc) using _multibuild. + +------------------------------------------------------------------- +Sun Jan 19 01:53:25 UTC 2020 - Stefan Brüns <stefan.bru...@rwth-aachen.de> + +- Drop no longer required call to autoreconf, remove obsolete + BuildRequires for libtool and autoconf-archive. + +------------------------------------------------------------------- +Fri Jan 17 13:02:10 UTC 2020 - Thorsten Kukuk <ku...@suse.com> + +- Remove left overs from blocking restart on update from May 29th 2019 +- Use sysusers.d to create messagebus user + +------------------------------------------------------------------- +Tue Dec 3 01:16:18 UTC 2019 - Simon Lees <sfl...@suse.de> + +- Verify signatures + * dbus-1.keyring - Key for Simon McVittie (smcv) from the Debian + developer keyring. +- Drop dbus_at_console.ck not needed +- Clean up sources + * Source2 dbus-1.desktop now Source4 + * baselib.conf now source 3 +- Update to 1.12.16 + * CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1 + authentication for identities that differ from the user running the + DBusServer. Previously, a local attacker could manipulate symbolic + links in their own home directory to bypass authentication and connect + to a DBusServer with elevated privileges. The standard system and + session dbus-daemons in their default configuration were immune to this + attack because they did not allow DBUS_COOKIE_SHA1, but third-party + users of DBusServer such as Upstart could be vulnerable. + Thanks to Joe Vennix of Apple Information Security. + (bsc#1137832, dbus#269, Simon McVittie) +- From 1.12.14 + * Raise soft fd limit to match hard limit, even if unprivileged. + This makes session buses with many clients, or with clients that make + heavy use of fd-passing, less likely to suffer from fd exhaustion. + (dbus!103, Simon McVittie) + * If a privileged dbus-daemon has a hard fd limit greater than 64K, don't + reduce it to 64K, ensuring that we can put back the original fd limits + when carrying out traditional (non-systemd) activation. This fixes a + regression with systemd >= 240 in which system services inherited + dbus-daemon's hard and soft limit of 64K fds, instead of the intended + soft limit of 1K and hard limit of 512K or 1M. + (dbus!103, Debian#928877; Simon McVittie) + * Fix build failures caused by an AX_CODE_COVERAGE API change in newer + autoconf-archive versions (dbus#249, dbus!88; Simon McVittie) + * Fix build failures with newer autoconf-archive versions that include + AX_-prefixed shell variable names (dbus#249, dbus!86; Simon McVittie) + * Parse section/group names in .service files according to the syntax + from the Desktop Entry Specification, rejecting control characters + and non-ASCII in section/group names (dbus#208, David King) + * Fix various -Wlogical-op issues that cause build failure with newer + gcc versions (dbus#225, dbus!109; David King) + * Don't assume we can set permissions on a directory, for the benefit of + MSYS and Cygwin builds (dbus#216, dbus!110; Simon McVittie) + * Don't overwrite PKG_CONFIG_PATH and related environment variables when + the pkg-config-based version of DBus1Config is used in a CMake project + (dbus#267, dbus!96; Clemens Lang) +- Drop now upstream Patches + * dbus-no-ax-check.patch + * dbus-new-autoconf-archive.patch + +------------------------------------------------------------------- +Wed Nov 20 20:09:53 UTC 2019 - Stefan Brüns <stefan.bru...@rwth-aachen.de> + +- Fix two inconsistencies with _libexecdir, sysusers.d and + tmpfiles.d are always in %{_prefix}/lib/. +- Drop update-desktop-files BuildRequires, once added for + mimetypes.prov which is no longer part of update-desktop-files, + and dbus-1.desktop does not even handles a single mimetype. + +------------------------------------------------------------------- +Wed May 29 13:25:43 UTC 2019 - Simon Lees <sfl...@suse.de> + +- Replace DISABLE_RESTART_ON_UPDATE with + %service_del_postun_without_restart +- Remove version specific code to block all updates on restart as + hopefully no tumbleweed versions still have code causing those + issues (was only present for a few snapshots) + +------------------------------------------------------------------- +Wed Apr 24 09:27:11 UTC 2019 - Tomáš Chvátal <tchva...@suse.com> + +- Remove the Leap42 conditionals that cause file conflict with + filesystem package + +------------------------------------------------------------------- +Fri Feb 22 06:58:00 UTC 2019 - Franck Bui <f...@suse.com> + +- Drop use of $FIRST_ARG in .spec + + The use of $FIRST_ARG was probably required because of the + %service_* rpm macros were playing tricks with the shell positional + parameters. This is bad practice and error prones so let's assume + that no macros should do that anymore and hence it's safe to assume + that positional parameters remains unchanged after any rpm macro + call. + +------------------------------------------------------------------- +Wed Jan 30 13:03:19 UTC 2019 - Tomáš Chvátal <tchva...@suse.com> + +- Update to 1.12.12: + * Reference the freedesktop.org Code of Conduct (Simon McVittie) + * Stop the dbus-daemon leaking memory (an error message) if delivering + the message that triggered auto-activation is forbidden. This is + technically a denial of service because the dbus-daemon will + run out of memory eventually, but it's a very slow and noisy one, + because all the rejected messages are also very likely to have + been logged to the system log, and its scope is typically limited by + the finite number of activatable services available. + (dbus#234, Simon McVittie) + * Remove __attribute__((__malloc__)) attribute on dbus_realloc(), + which does not meet the criteria for that attribute in gcc 4.7+, + potentially leading to miscompilation (fd.o #107741, Simon McVittie) + * Fix some small O(1) memory leaks (fd.o #107320, Simon McVittie) + * Fix printf formats for pointer-sized integers on 64-bit Windows + (fd.o #105662, Ralf Habacker) + * Always use select()-based poll() emulation on Darwin-based OSs + (macOS, etc.) and on Interix, similar to what libcurl does + (dbus#232, dbus!19; Simon McVittie) + * Extend a test timeout to avoid spurious failures in CI + (dbus!26, Simon McVittie) + +------------------------------------------------------------------- +Wed Jan 30 12:52:25 UTC 2019 - Tomáš Chvátal <tchva...@suse.com> + +- Add patch to build with new autoconf-archive, there is now + bash variable AX_BLA that gets detected and autoreconf aborts; + thus rather just disable the pointless check: + * dbus-no-ax-check.patch +- Add patch to fix codecoverage m4 macro changes in autoconf-archive: + * dbus-new-autoconf-archive.patch + +------------------------------------------------------------------- +Tue Jan 15 11:04:14 UTC 2019 - alarr...@suse.com + +- Make libdbus-1-3 own the %{_datadir}/dbus-1/system.d directory + +------------------------------------------------------------------- +Mon Jan 14 14:45:30 CET 2019 - ku...@suse.de + +- Use %license instead of %doc [bsc#1082318] + +------------------------------------------------------------------- +Wed Dec 19 16:17:39 UTC 2018 - Jan Engelhardt <jeng...@inai.de> + +- Avoid bashisms in scriptlets. + +------------------------------------------------------------------- +Tue Nov 20 23:37:09 UTC 2018 - e...@suse.com ++++ 3023 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Factory/.dbus-1.new.3399/dbus-1-devel-doc.changes --- /work/SRC/openSUSE:Factory/dbus-1/dbus-1-x11.changes 2019-12-11 11:59:13.808889134 +0100 +++ /work/SRC/openSUSE:Factory/.dbus-1.new.3399/dbus-1-x11.changes 2020-08-19 18:45:13.095477127 +0200 @@ -1,0 +2,58 @@ +Thu Jul 16 21:28:10 UTC 2020 - Matthias Eliasson <eli...@opensuse.org> + +- Update to 1.12.20 + * On Unix, avoid a use-after-free if two usernames have the same + numeric uid. In older versions this could lead to a crash (denial of + service) or other undefined behaviour, possibly including incorrect + authorization decisions if <policy group=...> is used. + Like Unix filesystems, D-Bus' model of identity cannot distinguish + between users of different names with the same numeric uid, so this + configuration is not advisable on systems where D-Bus will be used. + Thanks to Daniel Onaca. + (dbus#305, dbus!166; Simon McVittie) +- From 1.12.18 + * CVE-2020-12049: If a message contains more file descriptors than can + be sent, close those that did get through before reporting error. + Previously, a local attacker could cause the system dbus-daemon (or + another system service with its own DBusServer) to run out of file + descriptors, by repeatedly connecting to the server and sending fds that + would get leaked. + Thanks to Kevin Backhouse of GitHub Security Lab. + (dbus#294, GHSL-2020-057; Simon McVittie) + * Fix a crash when the dbus-daemon is terminated while one or more + monitors are active (dbus#291, dbus!140; Simon McVittie) + * The dbus-send(1) man page now documents --bus and --peer instead of + the old --address synonym for --peer, which has been deprecated since + the introduction of --bus and --peer in 1.7.6 + (fd.o #48816, dbus!115; Chris Morin) + * Fix a wrong environment variable name in dbus-daemon(1) + (dbus#275, dbus!122; Mubin, Philip Withnall) + * Fix formatting of dbus_message_append_args example + (dbus!126, Felipe Franciosi) + * Avoid a test failure on Linux when built in a container as uid 0, but + without the necessary privileges to increase resource limits + (dbus!58, Debian #908092; Simon McVittie) + * When building with CMake, cope with libX11 in a non-standard location + (dbus!129, Tuomo Rinne) +- Run spec-cleaner + +------------------------------------------------------------------- +Sun Jan 19 02:59:34 UTC 2020 - Stefan Brüns <stefan.bru...@rwth-aachen.de> + +- Move generation of API docs to a separate package, avoid doxygen + dependency for building main package. +- Build x11 and devel-doc (API doc) using _multibuild. + +------------------------------------------------------------------- +Sun Jan 19 01:53:25 UTC 2020 - Stefan Brüns <stefan.bru...@rwth-aachen.de> + +- Drop no longer required call to autoreconf, remove obsolete + BuildRequires for libtool and autoconf-archive. + +------------------------------------------------------------------- +Fri Jan 17 13:02:10 UTC 2020 - Thorsten Kukuk <ku...@suse.com> + +- Remove left overs from blocking restart on update from May 29th 2019 +- Use sysusers.d to create messagebus user + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/dbus-1/dbus-1.changes 2020-01-25 13:23:06.516008908 +0100 +++ /work/SRC/openSUSE:Factory/.dbus-1.new.3399/dbus-1.changes 2020-08-19 18:45:25.371483651 +0200 @@ -1,0 +2,52 @@ +Thu Jul 16 21:28:10 UTC 2020 - Matthias Eliasson <eli...@opensuse.org> + +- Update to 1.12.20 + * On Unix, avoid a use-after-free if two usernames have the same + numeric uid. In older versions this could lead to a crash (denial of + service) or other undefined behaviour, possibly including incorrect + authorization decisions if <policy group=...> is used. + Like Unix filesystems, D-Bus' model of identity cannot distinguish + between users of different names with the same numeric uid, so this + configuration is not advisable on systems where D-Bus will be used. + Thanks to Daniel Onaca. + (dbus#305, dbus!166; Simon McVittie) +- From 1.12.18 + * CVE-2020-12049: If a message contains more file descriptors than can + be sent, close those that did get through before reporting error. + Previously, a local attacker could cause the system dbus-daemon (or + another system service with its own DBusServer) to run out of file + descriptors, by repeatedly connecting to the server and sending fds that + would get leaked. + Thanks to Kevin Backhouse of GitHub Security Lab. + (dbus#294, GHSL-2020-057; Simon McVittie) + * Fix a crash when the dbus-daemon is terminated while one or more + monitors are active (dbus#291, dbus!140; Simon McVittie) + * The dbus-send(1) man page now documents --bus and --peer instead of + the old --address synonym for --peer, which has been deprecated since + the introduction of --bus and --peer in 1.7.6 + (fd.o #48816, dbus!115; Chris Morin) + * Fix a wrong environment variable name in dbus-daemon(1) + (dbus#275, dbus!122; Mubin, Philip Withnall) + * Fix formatting of dbus_message_append_args example + (dbus!126, Felipe Franciosi) + * Avoid a test failure on Linux when built in a container as uid 0, but + without the necessary privileges to increase resource limits + (dbus!58, Debian #908092; Simon McVittie) + * When building with CMake, cope with libX11 in a non-standard location + (dbus!129, Tuomo Rinne) +- Run spec-cleaner + +------------------------------------------------------------------- +Sun Jan 19 02:59:34 UTC 2020 - Stefan Brüns <stefan.bru...@rwth-aachen.de> + +- Move generation of API docs to a separate package, avoid doxygen + dependency for building main package. +- Build x11 and devel-doc (API doc) using _multibuild. + +------------------------------------------------------------------- +Sun Jan 19 01:53:25 UTC 2020 - Stefan Brüns <stefan.bru...@rwth-aachen.de> + +- Drop no longer required call to autoreconf, remove obsolete + BuildRequires for libtool and autoconf-archive. + +------------------------------------------------------------------- Old: ---- dbus-1.12.16.tar.gz dbus-1.12.16.tar.gz.asc New: ---- dbus-1-devel-doc.changes dbus-1-devel-doc.spec dbus-1.12.20.tar.gz dbus-1.12.20.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dbus-1-devel-doc.spec ++++++ # # spec file for package dbus-1-devel-doc # # Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define with_systemd 1 %define _name dbus %define _libname libdbus-1-3 # Temporary code to disable service restart on update sfl...@suse.de boo#1020301 %global _backup %{_sysconfdir}/sysconfig/services.rpmbak.%{name}-%{version}-%{release} %bcond_without selinux Name: dbus-1-devel-doc Version: 1.12.20 Release: 0 Summary: Developer documentation package for D-Bus License: GPL-2.0-or-later OR AFL-2.1 URL: https://dbus.freedesktop.org/ Source0: http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz Source1: http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz.asc Source2: dbus-1.keyring Source3: baselibs.conf Source4: dbus-1.desktop Patch0: feature-suse-log-deny.patch # PATCH-FIX-OPENSUSE co...@suse.de -- force a feature configure won't accept without x11 in buildrequires Patch1: feature-suse-do-autolaunch.patch # Patch-Feature-opensuse sfl...@suse.de, users shouldn't be allowed to start / stop the dbus service. Patch2: feature-suse-refuse-manual-start-stop.patch BuildRequires: doxygen BuildRequires: libexpat-devel >= 2.1.0 BuildRequires: xmlto Requires: dbus-1 = %{version} BuildArch: noarch %description D-Bus is a message bus system, a simple way for applications to talk to one another. D-BUS supplies both a system daemon and a per-user-login-session daemon. Also, the message bus is built on top of a general one-to-one message passing framework, which can be used by any two apps to communicate directly (without going through the message bus daemon). %prep %setup -q -n %{_name}-%{version} %autopatch -p1 %build echo 'HTML_TIMESTAMP=NO' >> Doxyfile.in # Skip generation of API doc manpages we do not ship echo 'GENERATE_MAN=NO' >> Doxyfile.in %configure \ --disable-static \ --libexecdir=%{_libexecdir}/dbus-1 \ --enable-doxygen-docs \ --with-console-auth-dir=/run/dbus/at_console/ \ --with-system-pid-file=/run/dbus/pid \ --with-system-socket=/run/dbus/system_bus_socket \ --with-systemdsystemunitdir=%{_unitdir} \ --with-systemduserunitdir=%{_userunitdir} \ --without-x doxygen -u %make_build -C doc %install %make_install -C doc # Remove manpages for commandline tools (shipped in main package) rm -Rf %{buildroot}/%{_mandir}/man1/* rmdir -p --ignore-fail-on-non-empty %{buildroot}/%{_mandir}/man1 # Remove DTDs (shipped in devel subpackage) rm -Rf %{buildroot}/%{_datadir}/xml/dbus-1/*dtd rmdir -p --ignore-fail-on-non-empty %{buildroot}/%{_datadir}/xml/dbus-1 mkdir -p %{buildroot}/%{_datadir}/susehelp/meta/Development/Libraries/ install -m 0644 %{SOURCE4} \ %{buildroot}/%{_datadir}/susehelp/meta/Development/Libraries/dbus-1.desktop mkdir -p %{buildroot}/%{_libdir}/pkgconfig mkdir -p %{buildroot}/lib/dbus-1/system-services mkdir -p %{buildroot}%{_datadir}/doc/dbus/examples/ install -m 0644 tools/GetAllMatchRules.py %{buildroot}%{_datadir}/doc/dbus/examples/ install -m 0644 bus/example-*-stats.conf %{buildroot}%{_datadir}/doc/dbus/examples/ %files %dir %{_datadir}/doc/dbus %dir %{_datadir}/doc/dbus/examples %{_datadir}/doc/dbus/api/ %doc %{_datadir}/doc/dbus/dbus-faq.html %doc %{_datadir}/doc/dbus/dbus-specification.html %doc %{_datadir}/doc/dbus/dbus-test-plan.html %doc %{_datadir}/doc/dbus/dbus-tutorial.html %doc %{_datadir}/doc/dbus/diagram.* %doc %{_datadir}/doc/dbus/system-activation.txt %doc %{_datadir}/doc/dbus/dbus-cleanup-sockets.1.html %doc %{_datadir}/doc/dbus/dbus-daemon.1.html %doc %{_datadir}/doc/dbus/dbus-launch.1.html %doc %{_datadir}/doc/dbus/dbus-run-session.1.html %doc %{_datadir}/doc/dbus/dbus-monitor.1.html %doc %{_datadir}/doc/dbus/dbus-send.1.html %doc %{_datadir}/doc/dbus/dbus-uuidgen.1.html %doc %{_datadir}/doc/dbus/dbus.devhelp2 %doc %{_datadir}/doc/dbus/dbus-test-tool.1.html %doc %{_datadir}/doc/dbus/dbus-update-activation-environment.1.html %doc %{_datadir}/doc/dbus/examples/GetAllMatchRules.py %doc %{_datadir}/doc/dbus/examples/example-session-disable-stats.conf %doc %{_datadir}/doc/dbus/examples/example-system-enable-stats.conf %doc doc/*.txt doc/file-boilerplate.c doc/TODO %{_datadir}/susehelp %changelog ++++++ dbus-1-x11.spec ++++++ --- /var/tmp/diff_new_pack.lwkuYd/_old 2020-08-19 18:45:32.311487339 +0200 +++ /var/tmp/diff_new_pack.lwkuYd/_new 2020-08-19 18:45:32.315487341 +0200 @@ -23,12 +23,11 @@ %endif %bcond_without selinux Name: dbus-1-x11 -Version: 1.12.16 +Version: 1.12.20 Release: 0 Summary: D-Bus Message Bus System License: GPL-2.0-or-later OR AFL-2.1 -Group: System/Daemons -URL: http://dbus.freedesktop.org/ +URL: https://dbus.freedesktop.org/ Source0: http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz Source1: http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz.asc Source2: dbus-1.keyring @@ -41,14 +40,14 @@ Patch2: feature-suse-refuse-manual-start-stop.patch BuildRequires: autoconf-archive BuildRequires: libcap-ng-devel -BuildRequires: libexpat-devel +BuildRequires: libexpat-devel >= 2.1.0 BuildRequires: libtool BuildRequires: pkgconfig BuildRequires: pkgconfig(libsystemd) >= 209 BuildRequires: pkgconfig(x11) Requires(post): update-alternatives Requires(preun): update-alternatives -Supplements: packageand(dbus-1:libX11-6) +Supplements: (dbus-1 and libX11-6) Provides: dbus-launch %if %{with selinux} BuildRequires: libselinux-devel @@ -88,7 +87,7 @@ --with-systemdsystemunitdir=%{_unitdir} \ --with-systemduserunitdir=%{_userunitdir} \ --with-x -make %{?_smp_mflags} +%make_build %install tdir=$(mktemp -d) ++++++ dbus-1.spec ++++++ --- /var/tmp/diff_new_pack.lwkuYd/_old 2020-08-19 18:45:32.343487356 +0200 +++ /var/tmp/diff_new_pack.lwkuYd/_new 2020-08-19 18:45:32.347487358 +0200 @@ -19,15 +19,13 @@ %define with_systemd 1 %define _name dbus %define _libname libdbus-1-3 - %bcond_without selinux Name: dbus-1 -Version: 1.12.16 +Version: 1.12.20 Release: 0 Summary: D-Bus Message Bus System License: GPL-2.0-or-later OR AFL-2.1 -Group: System/Daemons -URL: http://dbus.freedesktop.org/ +URL: https://dbus.freedesktop.org/ Source0: http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz Source1: http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz.asc Source2: dbus-1.keyring @@ -40,11 +38,8 @@ # Patch-Feature-opensuse sfl...@suse.de, users shouldn't be allowed to start / stop the dbus service. Patch2: feature-suse-refuse-manual-start-stop.patch BuildRequires: audit-devel -BuildRequires: autoconf-archive -BuildRequires: doxygen BuildRequires: libcap-ng-devel BuildRequires: libexpat-devel >= 2.1.0 -BuildRequires: libtool BuildRequires: permissions BuildRequires: pkgconfig BuildRequires: sysuser-shadow @@ -56,28 +51,20 @@ Requires(pre): permissions Requires(preun): update-alternatives Provides: dbus-launch +%sysusers_requires %if %{with selinux} BuildRequires: libselinux-devel %endif -%sysusers_requires %package -n %{_libname} Summary: Library package for D-Bus -Group: Development/Libraries/Other %package devel Summary: Developer package for D-Bus -Group: Development/Libraries/Other Requires: %{_libname} = %{version} Requires: dbus-1 = %{version} Requires: glibc-devel -%package devel-doc -Summary: Developer documentation package for D-Bus -Group: Development/Libraries/Other -Requires: dbus-1 = %{version} -BuildArch: noarch - %description D-Bus is a message bus system, a simple way for applications to talk to one another. D-Bus supplies both a system daemon and a @@ -102,21 +89,12 @@ any two apps to communicate directly (without going through the message bus daemon). -%description devel-doc -D-Bus is a message bus system, a simple way for applications to talk to -one another. D-BUS supplies both a system daemon and a -per-user-login-session daemon. Also, the message bus is built on top of -a general one-to-one message passing framework, which can be used by -any two apps to communicate directly (without going through the message -bus daemon). - %prep %setup -q -n %{_name}-%{version} %autopatch -p1 %build echo 'HTML_TIMESTAMP=NO' >> Doxyfile.in -autoreconf -fi # We use -fpie/-pie for the whole build; this is the recommended way to harden # the build upstream, see discussion in fdo#46570 export CFLAGS="%{optflags} -fno-strict-aliasing -fPIC -fpie" @@ -127,7 +105,7 @@ --disable-static \ --libexecdir=%{_libexecdir}/dbus-1 \ --enable-inotify \ - --enable-doxygen-docs \ + --disable-doxygen-docs \ %if %{with selinux} --enable-selinux \ %endif @@ -140,17 +118,14 @@ --with-systemdsystemunitdir=%{_unitdir} \ --with-systemduserunitdir=%{_userunitdir} \ --without-x -make %{?_smp_mflags} +%make_build # The original dbus sysusers config does not create our account, # overwrite it with our user definition cp %{SOURCE5} bus/sysusers.d/dbus.conf %sysusers_generate_pre %{SOURCE5} messagebus -doxygen -u && doxygen -./cleanup-man-pages.sh - %check -make %{?_smp_mflags} check +%make_build check %install %make_install @@ -161,9 +136,6 @@ mkdir -p %{buildroot}%{_sbindir} ln -sf %{_sbindir}/service %{buildroot}/%{_sbindir}/rcdbus install -d %{buildroot}/run/dbus -mkdir -p %{buildroot}/%{_datadir}/susehelp/meta/Development/Libraries/ -install -m 0644 %{SOURCE4} \ - %{buildroot}/%{_datadir}/susehelp/meta/Development/Libraries/dbus-1.desktop mkdir -p %{buildroot}/%{_libdir}/pkgconfig mkdir -p %{buildroot}/lib/dbus-1/system-services @@ -175,9 +147,6 @@ mkdir -p %{buildroot}%{_localstatedir}/lib/dbus -# don't ship executables in doc -chmod -x %{buildroot}%{_datadir}/doc/dbus/examples/GetAllMatchRules.py - # Link the binaries that were in /bin back to /bin for compat (maybe remove for SLE-16) # Currently required to make upower work together with systemd mkdir -p %{buildroot}/bin @@ -195,12 +164,13 @@ find %{buildroot} -type f -name "*.la" -delete -print +rm -Rf %{buildroot}%{_datadir}/doc/dbus + %verifyscript -n dbus-1 %verify_permissions -e %{_libexecdir}/dbus-1/dbus-daemon-launch-helper %post -n %{_libname} -p /sbin/ldconfig %postun -n %{_libname} -p /sbin/ldconfig - %pre -f messagebus.pre %service_add_pre dbus.service dbus.socket @@ -312,30 +282,4 @@ %{_libdir}/cmake/ %{_datadir}/xml/dbus-1 -%files devel-doc -%dir %{_datadir}/doc/dbus -%dir %{_datadir}/doc/dbus/examples -%{_datadir}/doc/dbus/api/ -%doc %{_datadir}/doc/dbus/dbus-faq.html -%doc %{_datadir}/doc/dbus/dbus-specification.html -%doc %{_datadir}/doc/dbus/dbus-test-plan.html -%doc %{_datadir}/doc/dbus/dbus-tutorial.html -%doc %{_datadir}/doc/dbus/diagram.* -%doc %{_datadir}/doc/dbus/system-activation.txt -%doc %{_datadir}/doc/dbus/dbus-cleanup-sockets.1.html -%doc %{_datadir}/doc/dbus/dbus-daemon.1.html -%doc %{_datadir}/doc/dbus/dbus-launch.1.html -%doc %{_datadir}/doc/dbus/dbus-run-session.1.html -%doc %{_datadir}/doc/dbus/dbus-monitor.1.html -%doc %{_datadir}/doc/dbus/dbus-send.1.html -%doc %{_datadir}/doc/dbus/dbus-uuidgen.1.html -%doc %{_datadir}/doc/dbus/dbus.devhelp2 -%doc %{_datadir}/doc/dbus/dbus-test-tool.1.html -%doc %{_datadir}/doc/dbus/dbus-update-activation-environment.1.html -%doc %{_datadir}/doc/dbus/examples/GetAllMatchRules.py -%doc %{_datadir}/doc/dbus/examples/example-session-disable-stats.conf -%doc %{_datadir}/doc/dbus/examples/example-system-enable-stats.conf -%doc doc/*.txt doc/file-boilerplate.c doc/TODO -%{_datadir}/susehelp - %changelog ++++++ dbus-1.12.16.tar.gz -> dbus-1.12.20.tar.gz ++++++ ++++ 1771 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.16/NEWS new/dbus-1.12.20/NEWS --- old/dbus-1.12.16/NEWS 2019-06-09 14:09:13.000000000 +0200 +++ new/dbus-1.12.20/NEWS 2020-07-02 12:08:54.000000000 +0200 @@ -1,3 +1,66 @@ +dbus 1.12.20 (2020-07-02) +========================= + +The “temporary nemesis” release. + +Maybe security fixes: + +• On Unix, avoid a use-after-free if two usernames have the same + numeric uid. In older versions this could lead to a crash (denial of + service) or other undefined behaviour, possibly including incorrect + authorization decisions if <policy group=...> is used. + Like Unix filesystems, D-Bus' model of identity cannot distinguish + between users of different names with the same numeric uid, so this + configuration is not advisable on systems where D-Bus will be used. + Thanks to Daniel Onaca. + (dbus#305, dbus!166; Simon McVittie) + +Other fixes: + +• On Solaris and its derivatives, if a cmsg header is truncated, ensure + that we do not overrun the buffer used for fd-passing, even if the + kernel tells us to. + (dbus#304, dbus!165; Andy Fiddaman) + +dbus 1.12.18 (2020-06-02) +========================= + +The “telepathic vines” release. + +Denial of service fixes: + +• CVE-2020-12049: If a message contains more file descriptors than can + be sent, close those that did get through before reporting error. + Previously, a local attacker could cause the system dbus-daemon (or + another system service with its own DBusServer) to run out of file + descriptors, by repeatedly connecting to the server and sending fds that + would get leaked. + Thanks to Kevin Backhouse of GitHub Security Lab. + (dbus#294, GHSL-2020-057; Simon McVittie) + +Other fixes: + +• Fix a crash when the dbus-daemon is terminated while one or more + monitors are active (dbus#291, dbus!140; Simon McVittie) + +• The dbus-send(1) man page now documents --bus and --peer instead of + the old --address synonym for --peer, which has been deprecated since + the introduction of --bus and --peer in 1.7.6 + (fd.o #48816, dbus!115; Chris Morin) + +• Fix a wrong environment variable name in dbus-daemon(1) + (dbus#275, dbus!122; Mubin, Philip Withnall) + +• Fix formatting of dbus_message_append_args example + (dbus!126, Felipe Franciosi) + +• Avoid a test failure on Linux when built in a container as uid 0, but + without the necessary privileges to increase resource limits + (dbus!58, Debian #908092; Simon McVittie) + +• When building with CMake, cope with libX11 in a non-standard location + (dbus!129, Tuomo Rinne) + dbus 1.12.16 (2019-06-11) ========================= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.16/aminclude_static.am new/dbus-1.12.20/aminclude_static.am --- old/dbus-1.12.16/aminclude_static.am 2019-06-09 14:09:33.000000000 +0200 +++ new/dbus-1.12.20/aminclude_static.am 2020-07-02 12:10:39.000000000 +0200 @@ -1,6 +1,6 @@ # aminclude_static.am generated automatically by Autoconf -# from AX_AM_MACROS_STATIC on Sun Jun 9 13:09:33 BST 2019 +# from AX_AM_MACROS_STATIC on Thu Jul 2 11:10:39 BST 2020 # Code coverage diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.16/build-aux/compile new/dbus-1.12.20/build-aux/compile --- old/dbus-1.12.16/build-aux/compile 2018-11-05 05:03:34.000000000 +0100 +++ new/dbus-1.12.20/build-aux/compile 2020-04-12 20:14:58.000000000 +0200 @@ -3,7 +3,7 @@ scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# Copyright (C) 1999-2020 Free Software Foundation, Inc. # Written by Tom Tromey <tro...@cygnus.com>. # # This program is free software; you can redistribute it and/or modify @@ -53,7 +53,7 @@ MINGW*) file_conv=mingw ;; - CYGWIN*) + CYGWIN* | MSYS*) file_conv=cygwin ;; *) @@ -67,7 +67,7 @@ mingw/*) file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` ;; - cygwin/*) + cygwin/* | msys/*) file=`cygpath -m "$file" || echo "$file"` ;; wine/*) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.16/build-aux/missing new/dbus-1.12.20/build-aux/missing --- old/dbus-1.12.16/build-aux/missing 2018-11-05 05:03:34.000000000 +0100 +++ new/dbus-1.12.20/build-aux/missing 2020-04-12 20:14:58.000000000 +0200 @@ -3,7 +3,7 @@ scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1996-2018 Free Software Foundation, Inc. +# Copyright (C) 1996-2020 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard <pin...@iro.umontreal.ca>, 1996. # This program is free software; you can redistribute it and/or modify diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.16/build-aux/tap-driver.sh new/dbus-1.12.20/build-aux/tap-driver.sh --- old/dbus-1.12.16/build-aux/tap-driver.sh 2018-11-05 05:03:34.000000000 +0100 +++ new/dbus-1.12.20/build-aux/tap-driver.sh 2020-04-12 20:14:58.000000000 +0200 @@ -1,5 +1,5 @@ #! /bin/sh -# Copyright (C) 2011-2018 Free Software Foundation, Inc. +# Copyright (C) 2011-2020 Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.16/bus/connection.c new/dbus-1.12.20/bus/connection.c --- old/dbus-1.12.16/bus/connection.c 2017-11-10 17:22:20.000000000 +0100 +++ new/dbus-1.12.20/bus/connection.c 2020-02-20 13:24:25.000000000 +0100 @@ -537,9 +537,6 @@ _dbus_assert (connections->n_incomplete == 0); - /* drop all monitors */ - _dbus_list_clear (&connections->monitors); - /* drop all real connections */ while (connections->completed != NULL) { @@ -555,6 +552,10 @@ _dbus_assert (connections->n_completed == 0); + /* disconnecting all the connections should have emptied the list of + * monitors (each link is removed in bus_connection_disconnected) */ + _dbus_assert (connections->monitors == NULL); + bus_expire_list_free (connections->pending_replies); _dbus_loop_remove_timeout (bus_context_get_loop (connections->context), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.16/cmake/tools/CMakeLists.txt new/dbus-1.12.20/cmake/tools/CMakeLists.txt --- old/dbus-1.12.16/cmake/tools/CMakeLists.txt 2017-10-30 13:26:18.000000000 +0100 +++ new/dbus-1.12.20/cmake/tools/CMakeLists.txt 2020-04-20 20:33:53.000000000 +0200 @@ -48,6 +48,7 @@ ${dbus_launch_SOURCES} ../../tools/dbus-launch-x11.c ) +include_directories(${X11_INCLUDE_DIR}) endif(DBUS_BUILD_X11) set (dbus_cleanup_sockets_SOURCES diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.16/configure.ac new/dbus-1.12.20/configure.ac --- old/dbus-1.12.16/configure.ac 2019-06-09 14:09:13.000000000 +0200 +++ new/dbus-1.12.20/configure.ac 2020-07-02 12:09:52.000000000 +0200 @@ -3,7 +3,7 @@ m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [12]) -m4_define([dbus_micro_version], [16]) +m4_define([dbus_micro_version], [20]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) @@ -42,7 +42,7 @@ ## increment any time the source changes; set to ## 0 if you increment CURRENT -LT_REVISION=11 +LT_REVISION=13 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.16/dbus/dbus-message.c new/dbus-1.12.20/dbus/dbus-message.c --- old/dbus-1.12.16/dbus/dbus-message.c 2017-10-30 13:26:18.000000000 +0100 +++ new/dbus-1.12.20/dbus/dbus-message.c 2020-04-20 21:06:41.000000000 +0200 @@ -1773,10 +1773,16 @@ * To append an array of fixed-length basic types (except Unix file * descriptors), pass in the DBUS_TYPE_ARRAY typecode, the element * typecode, the address of the array pointer, and a 32-bit integer - * giving the number of elements in the array. So for example: @code - * const dbus_int32_t array[] = { 1, 2, 3 }; const dbus_int32_t - * *v_ARRAY = array; dbus_message_append_args (message, - * DBUS_TYPE_ARRAY, DBUS_TYPE_INT32, &v_ARRAY, 3, DBUS_TYPE_INVALID); + * giving the number of elements in the array. So for example: + * + * @code + * + * const dbus_int32_t array[] = { 1, 2, 3 }; + * const dbus_int32_t *v_ARRAY = array; + * dbus_message_append_args (message, + * DBUS_TYPE_ARRAY, DBUS_TYPE_INT32, &v_ARRAY, 3, + * DBUS_TYPE_INVALID); + * * @endcode * * This function does not support arrays of Unix file descriptors. If diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.16/dbus/dbus-sysdeps-unix.c new/dbus-1.12.20/dbus/dbus-sysdeps-unix.c --- old/dbus-1.12.16/dbus/dbus-sysdeps-unix.c 2019-05-13 11:33:56.000000000 +0200 +++ new/dbus-1.12.20/dbus/dbus-sysdeps-unix.c 2020-07-02 11:08:39.000000000 +0200 @@ -435,31 +435,38 @@ struct cmsghdr *cm; dbus_bool_t found = FALSE; - if (m.msg_flags & MSG_CTRUNC) - { - /* Hmm, apparently the control data was truncated. The bad - thing is that we might have completely lost a couple of fds - without chance to recover them. Hence let's treat this as a - serious error. */ - - errno = ENOSPC; - _dbus_string_set_length (buffer, start); - return -1; - } - for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm)) if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS) { size_t i; int *payload = (int *) CMSG_DATA (cm); size_t payload_len_bytes = (cm->cmsg_len - CMSG_LEN (0)); - size_t payload_len_fds = payload_len_bytes / sizeof (int); + size_t payload_len_fds; size_t fds_to_use; /* Every unsigned int fits in a size_t without truncation, so * casting (size_t) *n_fds is OK */ _DBUS_STATIC_ASSERT (sizeof (size_t) >= sizeof (unsigned int)); + if ((m.msg_flags & MSG_CTRUNC) && CMSG_NXTHDR(&m, cm) == NULL && + (char *) payload + payload_len_bytes > + (char *) m.msg_control + m.msg_controllen) + { + /* This is the last cmsg in a truncated message and using + * cmsg_len would apparently overrun the allocated buffer. + * Some operating systems (illumos and Solaris are known) do + * not adjust cmsg_len in the last cmsg when truncation occurs. + * Adjust the payload length here. The calculation for + * payload_len_fds below will discard any trailing bytes that + * belong to an incomplete file descriptor - the kernel will + * have already closed that (at least for illumos and Solaris) + */ + payload_len_bytes = m.msg_controllen - + ((char *) payload - (char *) m.msg_control); + } + + payload_len_fds = payload_len_bytes / sizeof (int); + if (_DBUS_LIKELY (payload_len_fds <= (size_t) *n_fds)) { /* The fds in the payload will fit in our buffer */ @@ -501,6 +508,26 @@ if (!found) *n_fds = 0; + if (m.msg_flags & MSG_CTRUNC) + { + unsigned int i; + + /* Hmm, apparently the control data was truncated. The bad + thing is that we might have completely lost a couple of fds + without chance to recover them. Hence let's treat this as a + serious error. */ + + /* We still need to close whatever fds we *did* receive, + * otherwise they'll never get closed. (CVE-2020-12049) */ + for (i = 0; i < *n_fds; i++) + close (fds[i]); + + *n_fds = 0; + errno = ENOSPC; + _dbus_string_set_length (buffer, start); + return -1; + } + /* put length back (doesn't actually realloc) */ _dbus_string_set_length (buffer, start + bytes_read); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.16/dbus/dbus-sysdeps-unix.h new/dbus-1.12.20/dbus/dbus-sysdeps-unix.h --- old/dbus-1.12.16/dbus/dbus-sysdeps-unix.h 2017-10-30 13:26:18.000000000 +0100 +++ new/dbus-1.12.20/dbus/dbus-sysdeps-unix.h 2020-07-02 11:08:49.000000000 +0200 @@ -105,6 +105,7 @@ */ struct DBusUserInfo { + size_t refcount; /**< Reference count */ dbus_uid_t uid; /**< UID */ dbus_gid_t primary_gid; /**< GID */ dbus_gid_t *group_ids; /**< Groups IDs, *including* above primary group */ @@ -118,6 +119,7 @@ */ struct DBusGroupInfo { + size_t refcount; /**< Reference count */ dbus_gid_t gid; /**< GID */ char *groupname; /**< Group name */ }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.16/dbus/dbus-userdb-util.c new/dbus-1.12.20/dbus/dbus-userdb-util.c --- old/dbus-1.12.16/dbus/dbus-userdb-util.c 2017-10-30 13:26:18.000000000 +0100 +++ new/dbus-1.12.20/dbus/dbus-userdb-util.c 2020-07-02 11:08:49.000000000 +0200 @@ -38,6 +38,15 @@ * @{ */ +static DBusGroupInfo * +_dbus_group_info_ref (DBusGroupInfo *info) +{ + _dbus_assert (info->refcount > 0); + _dbus_assert (info->refcount < SIZE_MAX); + info->refcount++; + return info; +} + /** * Checks to see if the UID sent in is the console user * @@ -240,9 +249,9 @@ * @param gid the group ID or #DBUS_GID_UNSET * @param groupname group name or #NULL * @param error error to fill in - * @returns the entry in the database + * @returns the entry in the database (borrowed, do not free) */ -DBusGroupInfo* +const DBusGroupInfo * _dbus_user_database_lookup_group (DBusUserDatabase *db, dbus_gid_t gid, const DBusString *groupname, @@ -287,13 +296,14 @@ dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); return NULL; } + info->refcount = 1; if (gid != DBUS_GID_UNSET) { if (!_dbus_group_info_fill_gid (info, gid, error)) { _DBUS_ASSERT_ERROR_IS_SET (error); - _dbus_group_info_free_allocated (info); + _dbus_group_info_unref (info); return NULL; } } @@ -302,7 +312,7 @@ if (!_dbus_group_info_fill (info, groupname, error)) { _DBUS_ASSERT_ERROR_IS_SET (error); - _dbus_group_info_free_allocated (info); + _dbus_group_info_unref (info); return NULL; } } @@ -311,23 +321,37 @@ gid = DBUS_GID_UNSET; groupname = NULL; - if (!_dbus_hash_table_insert_uintptr (db->groups, info->gid, info)) + if (_dbus_hash_table_insert_uintptr (db->groups, info->gid, info)) + { + _dbus_group_info_ref (info); + } + else { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); - _dbus_group_info_free_allocated (info); + _dbus_group_info_unref (info); return NULL; } - if (!_dbus_hash_table_insert_string (db->groups_by_name, - info->groupname, - info)) + if (_dbus_hash_table_insert_string (db->groups_by_name, + info->groupname, + info)) + { + _dbus_group_info_ref (info); + } + else { _dbus_hash_table_remove_uintptr (db->groups, info->gid); + _dbus_group_info_unref (info); dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); return NULL; } - + + /* Release the original reference */ + _dbus_group_info_unref (info); + + /* Return a borrowed reference to the DBusGroupInfo owned by the + * two hash tables */ return info; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.16/dbus/dbus-userdb.c new/dbus-1.12.20/dbus/dbus-userdb.c --- old/dbus-1.12.16/dbus/dbus-userdb.c 2017-10-30 13:26:18.000000000 +0100 +++ new/dbus-1.12.20/dbus/dbus-userdb.c 2020-07-02 11:08:49.000000000 +0200 @@ -35,34 +35,57 @@ * @{ */ +static DBusUserInfo * +_dbus_user_info_ref (DBusUserInfo *info) +{ + _dbus_assert (info->refcount > 0); + _dbus_assert (info->refcount < SIZE_MAX); + info->refcount++; + return info; +} + /** - * Frees the given #DBusUserInfo's members with _dbus_user_info_free() + * Decrements the reference count. If it reaches 0, + * frees the given #DBusUserInfo's members with _dbus_user_info_free() * and also calls dbus_free() on the block itself * * @param info the info */ void -_dbus_user_info_free_allocated (DBusUserInfo *info) +_dbus_user_info_unref (DBusUserInfo *info) { if (info == NULL) /* hash table will pass NULL */ return; + _dbus_assert (info->refcount > 0); + _dbus_assert (info->refcount < SIZE_MAX); + + if (--info->refcount > 0) + return; + _dbus_user_info_free (info); dbus_free (info); } /** - * Frees the given #DBusGroupInfo's members with _dbus_group_info_free() + * Decrements the reference count. If it reaches 0, + * frees the given #DBusGroupInfo's members with _dbus_group_info_free() * and also calls dbus_free() on the block itself * * @param info the info */ void -_dbus_group_info_free_allocated (DBusGroupInfo *info) +_dbus_group_info_unref (DBusGroupInfo *info) { if (info == NULL) /* hash table will pass NULL */ return; + _dbus_assert (info->refcount > 0); + _dbus_assert (info->refcount < SIZE_MAX); + + if (--info->refcount > 0) + return; + _dbus_group_info_free (info); dbus_free (info); } @@ -122,9 +145,9 @@ * @param uid the user ID or #DBUS_UID_UNSET * @param username username or #NULL * @param error error to fill in - * @returns the entry in the database + * @returns the entry in the database (borrowed, do not free) */ -DBusUserInfo* +const DBusUserInfo * _dbus_user_database_lookup (DBusUserDatabase *db, dbus_uid_t uid, const DBusString *username, @@ -170,13 +193,14 @@ dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); return NULL; } + info->refcount = 1; if (uid != DBUS_UID_UNSET) { if (!_dbus_user_info_fill_uid (info, uid, error)) { _DBUS_ASSERT_ERROR_IS_SET (error); - _dbus_user_info_free_allocated (info); + _dbus_user_info_unref (info); return NULL; } } @@ -185,7 +209,7 @@ if (!_dbus_user_info_fill (info, username, error)) { _DBUS_ASSERT_ERROR_IS_SET (error); - _dbus_user_info_free_allocated (info); + _dbus_user_info_unref (info); return NULL; } } @@ -195,22 +219,35 @@ username = NULL; /* insert into hash */ - if (!_dbus_hash_table_insert_uintptr (db->users, info->uid, info)) + if (_dbus_hash_table_insert_uintptr (db->users, info->uid, info)) + { + _dbus_user_info_ref (info); + } + else { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); - _dbus_user_info_free_allocated (info); + _dbus_user_info_unref (info); return NULL; } - if (!_dbus_hash_table_insert_string (db->users_by_name, - info->username, - info)) + if (_dbus_hash_table_insert_string (db->users_by_name, + info->username, + info)) + { + _dbus_user_info_ref (info); + } + else { _dbus_hash_table_remove_uintptr (db->users, info->uid); dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); + _dbus_user_info_unref (info); return NULL; } - + + _dbus_user_info_unref (info); + + /* Return a borrowed pointer to the DBusUserInfo owned by the + * hash tables */ return info; } } @@ -568,24 +605,24 @@ db->refcount = 1; db->users = _dbus_hash_table_new (DBUS_HASH_UINTPTR, - NULL, (DBusFreeFunction) _dbus_user_info_free_allocated); + NULL, (DBusFreeFunction) _dbus_user_info_unref); if (db->users == NULL) goto failed; db->groups = _dbus_hash_table_new (DBUS_HASH_UINTPTR, - NULL, (DBusFreeFunction) _dbus_group_info_free_allocated); + NULL, (DBusFreeFunction) _dbus_group_info_unref); if (db->groups == NULL) goto failed; db->users_by_name = _dbus_hash_table_new (DBUS_HASH_STRING, - NULL, NULL); + NULL, (DBusFreeFunction) _dbus_user_info_unref); if (db->users_by_name == NULL) goto failed; db->groups_by_name = _dbus_hash_table_new (DBUS_HASH_STRING, - NULL, NULL); + NULL, (DBusFreeFunction) _dbus_group_info_unref); if (db->groups_by_name == NULL) goto failed; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.16/dbus/dbus-userdb.h new/dbus-1.12.20/dbus/dbus-userdb.h --- old/dbus-1.12.16/dbus/dbus-userdb.h 2017-10-30 13:26:18.000000000 +0100 +++ new/dbus-1.12.20/dbus/dbus-userdb.h 2020-07-02 11:08:49.000000000 +0200 @@ -76,19 +76,19 @@ DBusError *error); DBUS_PRIVATE_EXPORT -DBusUserInfo* _dbus_user_database_lookup (DBusUserDatabase *db, +const DBusUserInfo *_dbus_user_database_lookup (DBusUserDatabase *db, dbus_uid_t uid, const DBusString *username, DBusError *error); DBUS_PRIVATE_EXPORT -DBusGroupInfo* _dbus_user_database_lookup_group (DBusUserDatabase *db, - dbus_gid_t gid, - const DBusString *groupname, - DBusError *error); -DBUS_PRIVATE_EXPORT -void _dbus_user_info_free_allocated (DBusUserInfo *info); +const DBusGroupInfo* _dbus_user_database_lookup_group (DBusUserDatabase *db, + dbus_gid_t gid, + const DBusString *groupname, + DBusError *error); + +void _dbus_user_info_unref (DBusUserInfo *info); DBUS_PRIVATE_EXPORT -void _dbus_group_info_free_allocated (DBusGroupInfo *info); +void _dbus_group_info_unref (DBusGroupInfo *info); #endif /* DBUS_USERDB_INCLUDES_PRIVATE */ DBUS_PRIVATE_EXPORT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.16/doc/dbus-daemon.1.xml.in new/dbus-1.12.20/doc/dbus-daemon.1.xml.in --- old/dbus-1.12.16/doc/dbus-daemon.1.xml.in 2018-04-25 17:49:38.000000000 +0200 +++ new/dbus-1.12.20/doc/dbus-daemon.1.xml.in 2020-04-20 20:07:29.000000000 +0200 @@ -267,7 +267,7 @@ and the DBUS_SESSION_BUS_ADDRESS environment variable will be set to the address of the session bus. Likewise, if the type of the message bus is "system", then the DBUS_STARTER_BUS_TYPE environment -variable will be set to "system" and the DBUS_SESSION_BUS_ADDRESS +variable will be set to "system" and the DBUS_SYSTEM_BUS_ADDRESS environment variable will be set to the address of the system bus (which is normally well known anyway).</para> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.16/doc/dbus-send.1.xml.in new/dbus-1.12.20/doc/dbus-send.1.xml.in --- old/dbus-1.12.16/doc/dbus-send.1.xml.in 2017-10-30 13:26:18.000000000 +0100 +++ new/dbus-1.12.20/doc/dbus-send.1.xml.in 2020-04-20 20:29:20.000000000 +0200 @@ -21,7 +21,7 @@ <refsynopsisdiv id='synopsis'> <cmdsynopsis> <command>dbus-send</command> - <group choice='opt'><arg choice='plain'>--system </arg><arg choice='plain'>--session </arg><arg choice='plain'>--address=<replaceable>ADDRESS</replaceable></arg></group> + <group choice='opt'><arg choice='plain'>--system </arg><arg choice='plain'>--session </arg><arg choice='plain'>--bus=<replaceable>ADDRESS</replaceable></arg><arg choice='plain'>--peer=<replaceable>ADDRESS</replaceable></arg></group> <arg choice='opt'>--dest=<replaceable>NAME</replaceable></arg> <arg choice='opt'><arg choice='plain'>--print-reply </arg><arg choice='opt'><replaceable>=literal</replaceable></arg></arg> <arg choice='opt'>--reply-timeout=<replaceable>MSEC</replaceable></arg> @@ -137,9 +137,15 @@ </listitem> </varlistentry> <varlistentry> - <term><option>--address=</option><replaceable>ADDRESS</replaceable></term> + <term><option>--bus=</option><replaceable>ADDRESS</replaceable></term> <listitem> -<para>Send to <replaceable>ADDRESS</replaceable>.</para> +<para>Register on a message bus at <replaceable>ADDRESS</replaceable>, typically a <command>dbus-daemon</command>.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>--peer=</option><replaceable>ADDRESS</replaceable></term> + <listitem> +<para>Send to a non-message-bus D-Bus server at <replaceable>ADDRESS</replaceable>. In this case <command>dbus-send</command> will not call the <literal>Hello</literal> method.</para> </listitem> </varlistentry> <varlistentry> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.16/m4/libtool.m4 new/dbus-1.12.20/m4/libtool.m4 --- old/dbus-1.12.16/m4/libtool.m4 2019-06-09 13:33:56.000000000 +0200 +++ new/dbus-1.12.20/m4/libtool.m4 2020-07-02 11:26:33.000000000 +0200 @@ -1041,8 +1041,8 @@ _LT_EOF echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&AS_MESSAGE_LOG_FD $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&AS_MESSAGE_LOG_FD - echo "$AR cru libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD - $AR cru libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD + echo "$AR cr libconftest.a conftest.o" >&AS_MESSAGE_LOG_FD + $AR cr libconftest.a conftest.o 2>&AS_MESSAGE_LOG_FD echo "$RANLIB libconftest.a" >&AS_MESSAGE_LOG_FD $RANLIB libconftest.a 2>&AS_MESSAGE_LOG_FD cat > conftest.c << _LT_EOF @@ -1492,7 +1492,7 @@ m4_defun([_LT_PROG_AR], [AC_CHECK_TOOLS(AR, [ar], false) : ${AR=ar} -: ${AR_FLAGS=cru} +: ${AR_FLAGS=cr} _LT_DECL([], [AR], [1], [The archiver]) _LT_DECL([], [AR_FLAGS], [1], [Flags to create an archive]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.16/test/dbus-daemon.c new/dbus-1.12.20/test/dbus-daemon.c --- old/dbus-1.12.16/test/dbus-daemon.c 2018-12-03 17:31:46.000000000 +0100 +++ new/dbus-1.12.20/test/dbus-daemon.c 2020-05-15 12:23:15.000000000 +0200 @@ -2040,6 +2040,7 @@ { #ifdef HAVE_PRLIMIT struct rlimit lim; + struct rlimit new_limit; const struct passwd *pwd = NULL; #endif @@ -2067,7 +2068,7 @@ } if (prlimit (getpid (), RLIMIT_NOFILE, NULL, &lim) < 0) - g_error ("prlimit(): %s", g_strerror (errno)); + g_error ("get prlimit (self): %s", g_strerror (errno)); g_test_message ("our RLIMIT_NOFILE: rlim_cur: %ld, rlim_max: %ld", (long) lim.rlim_cur, (long) lim.rlim_max); @@ -2079,8 +2080,33 @@ return; } + new_limit = lim; + new_limit.rlim_cur = DESIRED_RLIMIT; + new_limit.rlim_max = DESIRED_RLIMIT; + + /* Try to increase the rlimit ourselves. If we're root in an + * unprivileged Linux container, then we won't have CAP_SYS_RESOURCE + * and this will fail with EPERM. If so, the dbus-daemon wouldn't be + * able to increase its rlimit either. */ + if (prlimit (getpid (), RLIMIT_NOFILE, &new_limit, NULL) < 0) + { + gchar *message; + + message = g_strdup_printf ("Cannot test, we cannot change the rlimit so " + "presumably neither can the dbus-daemon: %s", + g_strerror (errno)); + g_test_skip (message); + g_free (message); + return; + } + + /* Immediately put our original limit back so it won't interfere with + * subsequent tests. This should always succeed. */ + if (prlimit (getpid (), RLIMIT_NOFILE, &lim, NULL) < 0) + g_error ("Cannot restore our original limits: %s", g_strerror (errno)); + if (prlimit (f->daemon_pid, RLIMIT_NOFILE, NULL, &lim) < 0) - g_error ("prlimit(): %s", g_strerror (errno)); + g_error ("get prlimit (dbus-daemon): %s", g_strerror (errno)); g_test_message ("dbus-daemon's RLIMIT_NOFILE: rlim_cur: %ld, rlim_max: %ld", (long) lim.rlim_cur, (long) lim.rlim_max); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/dbus-1.12.16/test/fdpass.c new/dbus-1.12.20/test/fdpass.c --- old/dbus-1.12.16/test/fdpass.c 2018-06-04 18:56:05.000000000 +0200 +++ new/dbus-1.12.20/test/fdpass.c 2020-06-02 11:43:34.000000000 +0200 @@ -50,6 +50,14 @@ #include "test-utils-glib.h" +#ifdef DBUS_ENABLE_EMBEDDED_TESTS +#include <dbus/dbus-message-internal.h> +#else +typedef struct _DBusInitialFDs DBusInitialFDs; +#define _dbus_check_fdleaks_enter() NULL +#define _dbus_check_fdleaks_leave(fds) do {} while (0) +#endif + /* Arbitrary; included here to avoid relying on the default */ #define MAX_MESSAGE_UNIX_FDS 20 /* This test won't work on Linux unless this is true. */ @@ -92,6 +100,7 @@ GQueue messages; int fd_before; + DBusInitialFDs *initial_fds; } Fixture; static void oom (const gchar *doing) G_GNUC_NORETURN; @@ -176,6 +185,8 @@ if (f->skip) return; + f->initial_fds = _dbus_check_fdleaks_enter (); + g_assert (f->left_server_conn == NULL); g_assert (f->right_server_conn == NULL); @@ -871,6 +882,9 @@ if (f->fd_before >= 0 && close (f->fd_before) < 0) g_error ("%s", g_strerror (errno)); #endif + + if (f->initial_fds != NULL) + _dbus_check_fdleaks_leave (f->initial_fds); } int ++++++ pre_checkin.sh ++++++ --- /var/tmp/diff_new_pack.lwkuYd/_old 2020-08-19 18:45:32.799487598 +0200 +++ /var/tmp/diff_new_pack.lwkuYd/_new 2020-08-19 18:45:32.799487598 +0200 @@ -2,6 +2,4 @@ # vim:sw=4 et # This script is called automatically during autobuild checkin. -cp -lf dbus-1.changes dbus-1-x11.changes - osc service localrun format_spec_file