Hello community, here is the log from the commit of package dbus-1.937 for openSUSE:12.2:Update checked in at 2012-10-04 17:34:39 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/dbus-1.937 (Old) and /work/SRC/openSUSE:12.2:Update/.dbus-1.937.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dbus-1.937", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2012-08-23 02:41:28.555381587 +0200 +++ /work/SRC/openSUSE:12.2:Update/.dbus-1.937.new/dbus-1-x11.changes 2012-10-04 17:34:40.000000000 +0200 @@ -0,0 +1,1727 @@ +------------------------------------------------------------------- +Wed Sep 19 16:06:02 CEST 2012 - thoe...@suse.de + +- Add patch for CVE-2012-3524 to fix getenv() vulnerability in + suids (bnc#697105) + +------------------------------------------------------------------- +Tue May 15 07:18:57 UTC 2012 - vu...@opensuse.org + +- Move ownership of /etc/dbus-1/{session.d,system.d} and + /usr/share/dbus-1/{interfaces,services,system-services} to + libdbus-1-3 instead of dbus-1: many dbus users put files there, + and it's annoying to force them to own those directories. + +------------------------------------------------------------------- +Sun Apr 22 16:28:41 UTC 2012 - alinm.el...@gmail.com + +- added libdbus-1-3 to build for -32bit... +- adeed post and postun sections for libdbus-1-3 + +------------------------------------------------------------------- +Thu Apr 19 20:44:39 CEST 2012 - thoe...@suse.de + +- More news from the dependency hell: Let dbus-1-devel require + dbus-1. + +------------------------------------------------------------------- +Wed Apr 18 11:54:42 CEST 2012 - thoe...@suse.de + +- Split dbus-1 into libdbus-1 and dbus-1. + +------------------------------------------------------------------- +Wed Mar 28 09:19:14 CEST 2012 - thoe...@suse.de + +- Update to version 1.5.12: + - Add public API to validate various string types: + dbus_validate_path(), dbus_validate_interface(), + dbus_validate_member(), dbus_validate_error_name(), + dbus_validate_bus_name(), dbus_validate_utf8() + (fd.o #39549, Simon McVittie) + + - Turn DBusBasicValue into public API so bindings don't need to + invent their own "union of everything" type (fd.o #11191, Simon + McVittie) + + - Enumerate data files included in the build rather than using + find(1) (fd.o #33840, Simon McVittie) + + - Add support for policy rules like + <allow own_prefix="com.example.Service"/> in dbus-daemon + (fd.o #46273, Alban Crequy) + + - Windows-specific: + - make dbus-daemon.exe --print-address (and --print-pid) work + again on Win32, but not on WinCE (fd.o #46049, Simon + McVittie) + - fix duplicate case value when compiling against mingw-w64 + (fd.o #47321, Andoni Morales Alastruey) + +------------------------------------------------------------------- +Mon Feb 27 10:18:53 UTC 2012 - vu...@opensuse.org + +- Revert my last change completely, and go back to using -fpie in + CFLAGS and -pie in LDFLAGS for the whole build: after discussion + upstream in fdo#46570, it appears that this is the recommended + way to harden the build. + +------------------------------------------------------------------- +Fri Feb 24 12:50:17 UTC 2012 - vu...@opensuse.org + +- Change the way we pass -fpie/-pie: + + Stop changing CFLAGS/LDFLAGS in %build to add -fpie/-pie. + + Add dbus-1-suid_flags.patch: respect SUID_CFLAGS/SUID_LDFLAGS + when building the suid binary (dbus-daemon-launch-helper). + + Set SUID_CFLAGS to -fPIE and SUID_LDFLAGS to -pie in %build. + +------------------------------------------------------------------- +Fri Feb 24 12:40:26 UTC 2012 - co...@suse.com + +- move with_systemd definition into COMMON part to fix dbus-1-x11 + +------------------------------------------------------------------- +Wed Feb 22 08:21:30 UTC 2012 - vu...@opensuse.org + +- Update to version 1.5.10: + + D-Bus Specification 0.19: + - Formally define unique connection names and well-known bus + names, and document best practices for interface, bus, member + and error names, and object paths (fdo#37095) + - Document the search path for session and system services on + Unix, and where they should be installed by build systems + (fdo#21620, fdo#35306) + - Document the systemd transport (fdo#35232) + + Make dbus_threads_init() use the same built-in threading + implementation as dbus_threads_init_default(); the + user-specified primitives that it takes as a parameter are now + ignored (fdo#43744) + + Allow all configured auth mechanisms, not just one (fdo#45106) + + Improve cmake build system. + + Build tests successfully with older GLib, as found in e.g. + Debian 6 (fdo#41219) + + Avoid use of deprecated GThread API (fdo#44413) + + Build documentation correctly if man2html doesn't support + filenames on its command-line (fdo#43875) + + Improve test coverage. To get even more coverage, run the tests + with DBUS_TEST_SLOW=1 (fdo#38285, fdo#42811) + + Reduce the size of the shared library by moving functionality + only used by dbus-daemon, tests etc. into their internal + library and deleting unused code (fdo#34976, fdo#39759) + + Add dbus-daemon --nopidfile option, overriding the + configuration, for setups where the default configuration must + include <pidfile/> to avoid breaking traditional init, but the + pid file is in fact unnecessary; use it under systemd to + improve startup time a bit (fdo#45520) + + Optionally (if configured --with-valgrind) add instrumentation + to debug libdbus and associated tools more meaningfully under + Valgrind (fdo#37286) + + Improve the dbus-send(1) man page (fdo#14005) + + Make dbus-protocol.h compatible with C++11 (fdo#46147) + + If tests are enabled and DBUS_MALLOC_CANNOT_FAIL is set in the + environment, abort on failure to malloc() (like GLib does), to + turn runaway memory leaks into a debuggable core-dump if a + resource limit is applied (fdo#41048) + + Don't crash if realloc() returns NULL in a debug build (fdo#41048) + + Unix-specific: + - Replace our broken reimplementation of recursive mutexes, + which has been broken since 2006, with an ordinary pthreads + recursive mutex (fdo#43744) + - Use epoll(7) for a more efficient main loop in Linux; + equivalent patches welcomed for other OSs' equivalents like + kqueue, /dev/poll, or Solaris event ports (fdo#33337) + - When running under systemd, use it instead of ConsoleKit to + check whether to apply at_console policies (fdo#39609) + - Avoid a highly unlikely fd leak (fdo#29881) + - Don't close invalid fd -1 if getaddrinfo fails (fdo#37258) + - Don't touch ~/.dbus and ~/.dbus-keyrings when running 'make + installcheck' (fdo#41218) + - Stop pretending we respect XDG_DATA_DIRS for system services: + the launch helper doesn't obey environment variables to avoid + privilege escalation attacks, so make the system bus follow + the same rules (fdo#21620) + + Windows-specific fixes. +- Get ready for a switch to systemd: + + Add a with_systemd macro, currently set to 0 as the systemd + support would introduce a build cycle between dbus-1 and + systemd. + + Add pkgconfig(libsystemd-daemon) and + pkgconfig(libsystemd-login) BuildRequires and pass + --enable-systemd to configure if we build systemd support. + +------------------------------------------------------------------- +Mon Feb 6 10:12:53 UTC 2012 - dlova...@suse.com + +- fixed bnc#743149 - added position independent flags to compilation and linking(-fpie/-pie) + +------------------------------------------------------------------- +Wed Oct 12 09:47:55 UTC 2011 - co...@suse.com + +- add patch to enable X11 autolaunch even if configure thinks + it can't be done (bnc#707817) + +------------------------------------------------------------------- +Wed Oct 12 00:32:50 CEST 2011 - dmuel...@suse.de + +- update to version 1.5.8: + * Clean up dead code, and make more warnings fatal in development builds + (fd.o #39231, fd.o #41012; Simon McVittie) + * Add a regression test for fd.o #38005 (fd.o #39836, Simon McVittie) + * Add _DBUS_STATIC_ASSERT and use it to check invariants + * Fix a small memory leak, and a failure to report errors, when updating + a service file entry for activation (fd.o #39230, Simon McVittie) + * Clean up (non-abstract) Unix sockets on bus daemon exit + * On systems that use libcap-ng but not systemd, drop supplemental groups + when switching to the daemon user (Red Hat #726953, Steve Grubb) + +------------------------------------------------------------------- +Fri Sep 30 20:07:53 UTC 2011 - co...@suse.com + +- add libtool as buildrequire to make the spec file more reliable + +------------------------------------------------------------------- +Sun Sep 18 17:17:12 UTC 2011 - jeng...@medozas.de + +- Remove redundant tags/sections from specfile + (cf. packaging guidelines) + +------------------------------------------------------------------- +Mon Aug 1 14:37:16 CEST 2011 - vu...@opensuse.org + +- Update to version 1.5.6: + + Potentially incompatible (Bustle and similar debugging tools + will need changes to work as intended): + - Do not allow match rules to "eavesdrop" (receive messages + intended for a different recipient) by mistake: eavesdroppers + must now opt-in to this behaviour by putting + "eavesdrop='true'" in the match rule, which will not have any + practical effect on buses where eavesdropping is not allowed ++++ 1530 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.2:Update/.dbus-1.937.new/dbus-1-x11.changes New Changes file: --- /dev/null 2012-08-23 02:41:28.555381587 +0200 +++ /work/SRC/openSUSE:12.2:Update/.dbus-1.937.new/dbus-1.changes 2012-10-04 17:34:43.000000000 +0200 @@ -0,0 +1,1727 @@ +------------------------------------------------------------------- +Wed Sep 19 16:03:39 CEST 2012 - thoe...@suse.de + +- Add patch for CVE-2012-3524 to fix getenv() vulnerability in + suids (bnc#697105) + +------------------------------------------------------------------- +Tue May 15 07:18:57 UTC 2012 - vu...@opensuse.org + +- Move ownership of /etc/dbus-1/{session.d,system.d} and + /usr/share/dbus-1/{interfaces,services,system-services} to + libdbus-1-3 instead of dbus-1: many dbus users put files there, + and it's annoying to force them to own those directories. + +------------------------------------------------------------------- +Sun Apr 22 16:28:41 UTC 2012 - alinm.el...@gmail.com + +- added libdbus-1-3 to build for -32bit... +- adeed post and postun sections for libdbus-1-3 + +------------------------------------------------------------------- +Thu Apr 19 20:44:39 CEST 2012 - thoe...@suse.de + +- More news from the dependency hell: Let dbus-1-devel require + dbus-1. + +------------------------------------------------------------------- +Wed Apr 18 11:54:42 CEST 2012 - thoe...@suse.de + +- Split dbus-1 into libdbus-1 and dbus-1. + +------------------------------------------------------------------- +Wed Mar 28 09:19:14 CEST 2012 - thoe...@suse.de + +- Update to version 1.5.12: + - Add public API to validate various string types: + dbus_validate_path(), dbus_validate_interface(), + dbus_validate_member(), dbus_validate_error_name(), + dbus_validate_bus_name(), dbus_validate_utf8() + (fd.o #39549, Simon McVittie) + + - Turn DBusBasicValue into public API so bindings don't need to + invent their own "union of everything" type (fd.o #11191, Simon + McVittie) + + - Enumerate data files included in the build rather than using + find(1) (fd.o #33840, Simon McVittie) + + - Add support for policy rules like + <allow own_prefix="com.example.Service"/> in dbus-daemon + (fd.o #46273, Alban Crequy) + + - Windows-specific: + - make dbus-daemon.exe --print-address (and --print-pid) work + again on Win32, but not on WinCE (fd.o #46049, Simon + McVittie) + - fix duplicate case value when compiling against mingw-w64 + (fd.o #47321, Andoni Morales Alastruey) + +------------------------------------------------------------------- +Mon Feb 27 10:18:53 UTC 2012 - vu...@opensuse.org + +- Revert my last change completely, and go back to using -fpie in + CFLAGS and -pie in LDFLAGS for the whole build: after discussion + upstream in fdo#46570, it appears that this is the recommended + way to harden the build. + +------------------------------------------------------------------- +Fri Feb 24 12:50:17 UTC 2012 - vu...@opensuse.org + +- Change the way we pass -fpie/-pie: + + Stop changing CFLAGS/LDFLAGS in %build to add -fpie/-pie. + + Add dbus-1-suid_flags.patch: respect SUID_CFLAGS/SUID_LDFLAGS + when building the suid binary (dbus-daemon-launch-helper). + + Set SUID_CFLAGS to -fPIE and SUID_LDFLAGS to -pie in %build. + +------------------------------------------------------------------- +Fri Feb 24 12:40:26 UTC 2012 - co...@suse.com + +- move with_systemd definition into COMMON part to fix dbus-1-x11 + +------------------------------------------------------------------- +Wed Feb 22 08:21:30 UTC 2012 - vu...@opensuse.org + +- Update to version 1.5.10: + + D-Bus Specification 0.19: + - Formally define unique connection names and well-known bus + names, and document best practices for interface, bus, member + and error names, and object paths (fdo#37095) + - Document the search path for session and system services on + Unix, and where they should be installed by build systems + (fdo#21620, fdo#35306) + - Document the systemd transport (fdo#35232) + + Make dbus_threads_init() use the same built-in threading + implementation as dbus_threads_init_default(); the + user-specified primitives that it takes as a parameter are now + ignored (fdo#43744) + + Allow all configured auth mechanisms, not just one (fdo#45106) + + Improve cmake build system. + + Build tests successfully with older GLib, as found in e.g. + Debian 6 (fdo#41219) + + Avoid use of deprecated GThread API (fdo#44413) + + Build documentation correctly if man2html doesn't support + filenames on its command-line (fdo#43875) + + Improve test coverage. To get even more coverage, run the tests + with DBUS_TEST_SLOW=1 (fdo#38285, fdo#42811) + + Reduce the size of the shared library by moving functionality + only used by dbus-daemon, tests etc. into their internal + library and deleting unused code (fdo#34976, fdo#39759) + + Add dbus-daemon --nopidfile option, overriding the + configuration, for setups where the default configuration must + include <pidfile/> to avoid breaking traditional init, but the + pid file is in fact unnecessary; use it under systemd to + improve startup time a bit (fdo#45520) + + Optionally (if configured --with-valgrind) add instrumentation + to debug libdbus and associated tools more meaningfully under + Valgrind (fdo#37286) + + Improve the dbus-send(1) man page (fdo#14005) + + Make dbus-protocol.h compatible with C++11 (fdo#46147) + + If tests are enabled and DBUS_MALLOC_CANNOT_FAIL is set in the + environment, abort on failure to malloc() (like GLib does), to + turn runaway memory leaks into a debuggable core-dump if a + resource limit is applied (fdo#41048) + + Don't crash if realloc() returns NULL in a debug build (fdo#41048) + + Unix-specific: + - Replace our broken reimplementation of recursive mutexes, + which has been broken since 2006, with an ordinary pthreads + recursive mutex (fdo#43744) + - Use epoll(7) for a more efficient main loop in Linux; + equivalent patches welcomed for other OSs' equivalents like + kqueue, /dev/poll, or Solaris event ports (fdo#33337) + - When running under systemd, use it instead of ConsoleKit to + check whether to apply at_console policies (fdo#39609) + - Avoid a highly unlikely fd leak (fdo#29881) + - Don't close invalid fd -1 if getaddrinfo fails (fdo#37258) + - Don't touch ~/.dbus and ~/.dbus-keyrings when running 'make + installcheck' (fdo#41218) + - Stop pretending we respect XDG_DATA_DIRS for system services: + the launch helper doesn't obey environment variables to avoid + privilege escalation attacks, so make the system bus follow + the same rules (fdo#21620) + + Windows-specific fixes. +- Get ready for a switch to systemd: + + Add a with_systemd macro, currently set to 0 as the systemd + support would introduce a build cycle between dbus-1 and + systemd. + + Add pkgconfig(libsystemd-daemon) and + pkgconfig(libsystemd-login) BuildRequires and pass + --enable-systemd to configure if we build systemd support. + +------------------------------------------------------------------- +Mon Feb 6 10:12:53 UTC 2012 - dlova...@suse.com + +- fixed bnc#743149 - added position independent flags to compilation and linking(-fpie/-pie) + +------------------------------------------------------------------- +Wed Oct 12 09:47:55 UTC 2011 - co...@suse.com + +- add patch to enable X11 autolaunch even if configure thinks + it can't be done (bnc#707817) + +------------------------------------------------------------------- +Wed Oct 12 00:32:50 CEST 2011 - dmuel...@suse.de + +- update to version 1.5.8: + * Clean up dead code, and make more warnings fatal in development builds + (fd.o #39231, fd.o #41012; Simon McVittie) + * Add a regression test for fd.o #38005 (fd.o #39836, Simon McVittie) + * Add _DBUS_STATIC_ASSERT and use it to check invariants + * Fix a small memory leak, and a failure to report errors, when updating + a service file entry for activation (fd.o #39230, Simon McVittie) + * Clean up (non-abstract) Unix sockets on bus daemon exit + * On systems that use libcap-ng but not systemd, drop supplemental groups + when switching to the daemon user (Red Hat #726953, Steve Grubb) + +------------------------------------------------------------------- +Fri Sep 30 20:07:53 UTC 2011 - co...@suse.com + +- add libtool as buildrequire to make the spec file more reliable + +------------------------------------------------------------------- +Sun Sep 18 17:17:12 UTC 2011 - jeng...@medozas.de + +- Remove redundant tags/sections from specfile + (cf. packaging guidelines) + +------------------------------------------------------------------- +Mon Aug 1 14:37:16 CEST 2011 - vu...@opensuse.org + +- Update to version 1.5.6: + + Potentially incompatible (Bustle and similar debugging tools + will need changes to work as intended): + - Do not allow match rules to "eavesdrop" (receive messages + intended for a different recipient) by mistake: eavesdroppers + must now opt-in to this behaviour by putting + "eavesdrop='true'" in the match rule, which will not have any + practical effect on buses where eavesdropping is not allowed ++++ 1530 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.2:Update/.dbus-1.937.new/dbus-1.changes New: ---- baselibs.conf dbus-1-x11.changes dbus-1-x11.spec dbus-1-x11.spec.in dbus-1.5.12.tar.gz dbus-1.changes dbus-1.desktop dbus-1.spec dbus-cve-2012-3524.patch dbus-do-autolaunch.patch dbus-log-deny.patch dbus_at_console.ck pre_checkin.sh rc.boot.dbus ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dbus-1-x11.spec ++++++ # # spec file for package dbus-1-x11 # # Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: dbus-1-x11 %define _name dbus BuildRequires: xorg-x11-devel Url: http://dbus.freedesktop.org/ Summary: D-Bus Message Bus System License: GPL-2.0+ or AFL-2.1 Group: System/Daemons # COMMON1-BEGIN # COMMON1-BEGIN # We can't enable this right now, because it will create a build cycle between # dbus-1 and systemd. Fun! %define with_systemd 0 BuildRequires: audit-devel BuildRequires: doxygen BuildRequires: libexpat-devel BuildRequires: libtool BuildRequires: libzio BuildRequires: pkg-config BuildRequires: update-desktop-files %if %{with_systemd} BuildRequires: pkgconfig(libsystemd-daemon) BuildRequires: pkgconfig(libsystemd-login) %endif Version: 1.5.12 Release: 0 # bug437293 %ifarch ppc64 Obsoletes: dbus-1-64bit %endif # Source0: http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz Source1: rc.boot.dbus Source2: dbus-1.desktop Source3: dbus_at_console.ck Source4: baselibs.conf Patch0: dbus-log-deny.patch # PATCH-FIX-OPENSUSE co...@suse.de -- force a feature configure won't accept without x11 in buildrequires Patch1: dbus-do-autolaunch.patch Patch2: dbus-cve-2012-3524.patch %if 0%{?suse_version} > 1100 %bcond_without selinux %else %bcond_with selinux %endif %if %{with selinux} BuildRequires: libselinux-devel %endif BuildRequires: libcap-ng-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build # COMMON1-END # COMMON1-END %description D-Bus contains some tools that require Xlib to be installed, those are in this separate package so server systems need not install X. %prep # COMMON2-BEGIN # COMMON2-BEGIN %setup -n %{_name}-%{version} -q %patch0 -p1 %patch1 -p1 %patch2 -p1 %build autoreconf -fi # We use -fpie/-pie for the whole build; this is the recommended way to harden # the build upstream, see discussion in fdo#46570 export CFLAGS="${RPM_OPT_FLAGS} -fno-strict-aliasing -fPIC -fpie" export LDFLAGS="-pie" export CXXFLAGS="${RPM_OPT_FLAGS} -fno-strict-aliasing" %if 0%{?suse_version} > 1000 export CFLAGS="$CFLAGS -fstack-protector" export CXXFLAGS="$CXXFLAGS -fstack-protector" export V=1 %endif %configure \ --disable-static \ --with-pic \ --bindir=/bin \ --libexecdir=/lib/%{name} \ --libdir=/%{_lib} \ --with-init-scripts=suse \ --enable-inotify \ --enable-doxygen-docs \ %if %{with selinux} --enable-selinux \ %endif %if %{with_systemd} --enable-systemd \ %endif --enable-libaudit \ --with-console-auth-dir=/var/run/dbus/at_console/ \ --with-systemdsystemunitdir=/lib/systemd/system make %{?_smp_mflags} doxygen -u && doxygen ./cleanup-man-pages.sh %install # COMMON2-END # COMMON2-END tdir=$(mktemp -d) make DESTDIR=$tdir install mkdir -p %{buildroot}/%{_bindir} mkdir -p %{buildroot}/%{_mandir}/man1 mv $tdir/bin/dbus-launch %{buildroot}/%{_bindir} mv $tdir/%{_mandir}/man1/dbus-launch.1* %{buildroot}/%{_mandir}/man1 rm -rf $tdir %clean %{__rm} -rf %{buildroot} %files %defattr(-,root,root) %{_bindir}/dbus-launch %{_mandir}/man1/dbus-launch.1* %changelog ++++++ dbus-1.spec ++++++ # # spec file for package dbus-1 # # Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: dbus-1 %define _name dbus %define _libname libdbus-1-3 Url: http://dbus.freedesktop.org/ Summary: D-Bus Message Bus System License: GPL-2.0+ or AFL-2.1 Group: System/Daemons # COMMON1-BEGIN # We can't enable this right now, because it will create a build cycle between # dbus-1 and systemd. Fun! %define with_systemd 0 BuildRequires: audit-devel BuildRequires: doxygen BuildRequires: libexpat-devel BuildRequires: libtool BuildRequires: libzio BuildRequires: pkg-config BuildRequires: update-desktop-files %if %{with_systemd} BuildRequires: pkgconfig(libsystemd-daemon) BuildRequires: pkgconfig(libsystemd-login) %endif Version: 1.5.12 Release: 0 # bug437293 %ifarch ppc64 Obsoletes: dbus-1-64bit %endif # Source0: http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz Source1: rc.boot.dbus Source2: dbus-1.desktop Source3: dbus_at_console.ck Source4: baselibs.conf Patch0: dbus-log-deny.patch # PATCH-FIX-OPENSUSE co...@suse.de -- force a feature configure won't accept without x11 in buildrequires Patch1: dbus-do-autolaunch.patch Patch2: dbus-cve-2012-3524.patch %if 0%{?suse_version} > 1100 %bcond_without selinux %else %bcond_with selinux %endif %if %{with selinux} BuildRequires: libselinux-devel %endif BuildRequires: libcap-ng-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build # COMMON1-END PreReq: permissions /usr/sbin/groupadd /usr/sbin/useradd /sbin/insserv /etc/init.d/boot.localfs %package -n %{_libname} Summary: Library package for D-Bus Group: Development/Libraries/Other %package -n dbus-1-devel Summary: Developer package for D-Bus Group: Development/Libraries/Other Requires: %{_libname} = %{version} Requires: dbus-1 Requires: glibc-devel %package -n dbus-1-devel-doc Summary: Developer documentation package for D-Bus Group: Development/Libraries/Other Requires: %{name} = %{version} %if 0%{?suse_version} >= 1120 BuildArch: noarch %endif %description D-Bus is a message bus system, a simple way for applications to talk to one another. D-Bus supplies both a system daemon and a per-user-login-session daemon. Also, the message bus is built on top of a general one-to-one message passing framework, which can be used by any two apps to communicate directly (without going through the message bus daemon). %description -n %{_libname} D-Bus is a message bus system, a simple way for applications to talk to one another. D-Bus supplies both a system daemon and a per-user-login-session daemon. Also, the message bus is built on top of a general one-to-one message passing framework, which can be used by any two apps to communicate directly (without going through the message bus daemon). %description -n dbus-1-devel D-Bus is a message bus system, a simple way for applications to talk to one another. D-Bus supplies both a system daemon and a per-user-login-session daemon. Also, the message bus is built on top of a general one-to-one message passing framework, which can be used by any two apps to communicate directly (without going through the message bus daemon). %description -n dbus-1-devel-doc D-Bus is a message bus system, a simple way for applications to talk to one another. D-BUS supplies both a system daemon and a per-user-login-session daemon. Also, the message bus is built on top of a general one-to-one message passing framework, which can be used by any two apps to communicate directly (without going through the message bus daemon). %prep # COMMON2-BEGIN %setup -n %{_name}-%{version} -q %patch0 -p1 %patch1 -p1 %patch2 -p1 %build autoreconf -fi # We use -fpie/-pie for the whole build; this is the recommended way to harden # the build upstream, see discussion in fdo#46570 export CFLAGS="${RPM_OPT_FLAGS} -fno-strict-aliasing -fPIC -fpie" export LDFLAGS="-pie" export CXXFLAGS="${RPM_OPT_FLAGS} -fno-strict-aliasing" %if 0%{?suse_version} > 1000 export CFLAGS="$CFLAGS -fstack-protector" export CXXFLAGS="$CXXFLAGS -fstack-protector" export V=1 %endif %configure \ --disable-static \ --with-pic \ --bindir=/bin \ --libexecdir=/lib/%{name} \ --libdir=/%{_lib} \ --with-init-scripts=suse \ --enable-inotify \ --enable-doxygen-docs \ %if %{with selinux} --enable-selinux \ %endif %if %{with_systemd} --enable-systemd \ %endif --enable-libaudit \ --with-console-auth-dir=/var/run/dbus/at_console/ \ --with-systemdsystemunitdir=/lib/systemd/system make %{?_smp_mflags} doxygen -u && doxygen ./cleanup-man-pages.sh %install # COMMON2-END make DESTDIR=%{buildroot} install mkdir -p %{buildroot}/etc/init.d mkdir -p %{buildroot}/usr/sbin install -m 755 %{SOURCE1} %{buildroot}/%{_sysconfdir}/init.d/dbus ln -sf %{_sysconfdir}/init.d/dbus %{buildroot}/%{_sbindir}/rcdbus install -d %{buildroot}/%{_localstatedir}/run/dbus mkdir -p %{buildroot}/%{_datadir}/susehelp/meta/Development/Libraries/ install -m 0644 %SOURCE2 \ %{buildroot}/%{_datadir}/susehelp/meta/Development/Libraries/dbus-1.desktop mkdir -p %{buildroot}/%{_libdir}/pkgconfig mkdir -p %{buildroot}/lib/dbus-1/system-services mkdir -p %{buildroot}/%{_datadir}/dbus-1/system-services mkdir -p %{buildroot}/%{_datadir}/dbus-1/interfaces mkdir -p %{buildroot}/%{_libdir}/dbus-1.0/include/ mv -f %{buildroot}/%{_lib}/dbus-1.0/include/* %{buildroot}/%{_libdir}/dbus-1.0/include/ rm -f %{buildroot}/%{_lib}/*.la # devel stuff must not be in /lib %{__ln_s} -v /%{_lib}/$(readlink %{buildroot}/%{_lib}/lib%{name}.so) %{buildroot}%{_libdir}/lib%{name}.so %{__rm} -v %{buildroot}/%{_lib}/lib%{name}.so # fix up pkgconfig file sed -e 's@^\(libdir=\).*@\1%{_libdir}@' %{buildroot}/%{_lib}/pkgconfig/dbus-1.pc > %{buildroot}/%{_libdir}/pkgconfig/dbus-1.pc rm -f %{buildroot}/%{_lib}/pkgconfig/dbus-1.pc # rm -f %{buildroot}/bin/dbus-launch rm -f %{buildroot}/%{_mandir}/man1/dbus-launch.1* chmod a-x AUTHORS COPYING HACKING NEWS README doc/*.txt doc/file-boilerplate.c doc/TODO # install -d %{buildroot}%{_sysconfdir}/ConsoleKit/run-session.d install -m 755 %{SOURCE3} %{buildroot}%{_sysconfdir}/ConsoleKit/run-session.d mkdir -p %{buildroot}%{_localstatedir}/lib/dbus touch %{buildroot}/%{_localstatedir}/lib/dbus/machine-id %pre /usr/sbin/groupadd -r messagebus 2> /dev/null || : /usr/sbin/useradd -r -o -s /bin/false -c "User for D-Bus" -d /var/run/dbus -g messagebus messagebus 2> /dev/null || : %if 0%{?suse_version:1} %preun %{stop_on_removal dbus} %post /bin/dbus-uuidgen --ensure %{insserv_force_if_yast dbus} /sbin/ldconfig %{run_permissions} %verifyscript %verify_permissions -e /lib/dbus-1/dbus-daemon-launch-helper %postun %{insserv_cleanup} /sbin/ldconfig %endif %post -n %{_libname} -p /sbin/ldconfig %postun -n %{_libname} -p /sbin/ldconfig %files %defattr(-, root, root) %dir %{_localstatedir}/lib/dbus %dir /lib/dbus-1 %dir /lib/dbus-1/system-services %doc AUTHORS COPYING HACKING NEWS README %config(noreplace) %{_sysconfdir}/dbus-1/session.conf %config(noreplace) %{_sysconfdir}/dbus-1/system.conf %{_sysconfdir}/init.d/dbus %{_sysconfdir}/ConsoleKit /bin/dbus-cleanup-sockets /bin/dbus-daemon /bin/dbus-monitor /bin/dbus-send /bin/dbus-uuidgen %{_mandir}/man1/dbus-cleanup-sockets.1.* %{_mandir}/man1/dbus-daemon.1.* %{_mandir}/man1/dbus-monitor.1.* %{_mandir}/man1/dbus-send.1.* %{_mandir}/man1/dbus-uuidgen.1.* %{_sbindir}/rcdbus # See doc/system-activation.txt in source tarball for the rationale # behind these permissions %attr(4750,root,messagebus) %verify(not mode) /lib/%{name}/dbus-daemon-launch-helper %ghost %{_localstatedir}/run/dbus %ghost %{_localstatedir}/lib/dbus/machine-id %dir /lib/systemd %dir /lib/systemd/system /lib/systemd/system/dbus.service /lib/systemd/system/dbus.socket %dir /lib/systemd/system/dbus.target.wants /lib/systemd/system/dbus.target.wants/dbus.socket %dir /lib/systemd/system/multi-user.target.wants /lib/systemd/system/multi-user.target.wants/dbus.service %dir /lib/systemd/system/sockets.target.wants /lib/systemd/system/sockets.target.wants/dbus.socket %files -n %{_libname} %defattr(-, root, root) /%{_lib}/libdbus-1.so.* # Own those directories in the library instead of dbus-1, since dbus users # often ship files there %dir %{_sysconfdir}/dbus-1 %dir %{_sysconfdir}/dbus-1/session.d %dir %{_sysconfdir}/dbus-1/system.d %dir %{_datadir}/dbus-1 %dir %{_datadir}/dbus-1/interfaces %dir %{_datadir}/dbus-1/services %dir %{_datadir}/dbus-1/system-services %files -n dbus-1-devel %defattr(-,root,root) %{_includedir}/* %{_libdir}/libdbus-1.so %dir %{_libdir}/dbus-1.0 %{_libdir}/dbus-1.0/include %{_libdir}/pkgconfig/dbus-1.pc %files -n dbus-1-devel-doc %defattr(-,root,root) %dir %{_datadir}/doc/dbus %{_datadir}/doc/dbus/api/ %doc %{_datadir}/doc/dbus/dbus-faq.html %doc %{_datadir}/doc/dbus/dbus-specification.html %doc %{_datadir}/doc/dbus/dbus-test-plan.html %doc %{_datadir}/doc/dbus/dbus-tutorial.html %doc %{_datadir}/doc/dbus/diagram.* %doc %{_datadir}/doc/dbus/system-activation.txt %doc doc/*.txt doc/file-boilerplate.c doc/TODO %{_datadir}/susehelp %changelog ++++++ baselibs.conf ++++++ dbus-1 dbus-1-devel libdbus-1-3 ++++++ dbus-1-x11.spec.in ++++++ # # spec file for package dbus-1-x11 (Version 1.4.1) # # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild Name: dbus-1-x11 %define _name dbus BuildRequires: xorg-x11-devel Url: http://dbus.freedesktop.org/ License: GPL2+ or AFL 2.1 Group: System/Daemons Summary: D-Bus Message Bus System # COMMON1-BEGIN # COMMON1-END %description D-Bus contains some tools that require Xlib to be installed, those are in this separate package so server systems need not install X. %prep # COMMON2-BEGIN # COMMON2-END tdir=$(mktemp -d) make DESTDIR=$tdir install mkdir -p %{buildroot}/%{_bindir} mkdir -p %{buildroot}/%{_mandir}/man1 mv $tdir/bin/dbus-launch %{buildroot}/%{_bindir} mv $tdir/%{_mandir}/man1/dbus-launch.1* %{buildroot}/%{_mandir}/man1 rm -rf $tdir %clean %{__rm} -rf %{buildroot} %files %defattr(-,root,root) %{_bindir}/dbus-launch %{_mandir}/man1/dbus-launch.1* %changelog ++++++ dbus-1.desktop ++++++ [Desktop Entry] Name=D-Bus API Documentation DocPath=/usr/share/doc/packages/dbus-1-devel/html/index.html X-DOC-SearchMethod=htdig ++++++ dbus-cve-2012-3524.patch ++++++ --- a/configure.ac 2012-03-27 18:25:10.000000000 +0200 +++ b/configure.ac 2012-09-19 15:47:54.000000000 +0200 @@ -578,7 +578,7 @@ AC_SEARCH_LIBS(socket,[socket network]) AC_CHECK_FUNC(gethostbyname,,[AC_CHECK_LIB(nsl,gethostbyname)]) -AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull) +AC_CHECK_FUNCS(vsnprintf vasprintf nanosleep usleep setenv clearenv unsetenv socketpair getgrouplist fpathconf setrlimit poll setlocale localeconv strtoll strtoull __secure_getenv) AC_CHECK_HEADERS([syslog.h]) if test "x$ac_cv_header_syslog_h" = "xyes"; then --- a/dbus/dbus-sysdeps.c 2012-03-27 15:49:00.000000000 +0200 +++ b/dbus/dbus-sysdeps.c 2012-09-19 15:47:54.000000000 +0200 @@ -181,8 +181,12 @@ */ const char* _dbus_getenv (const char *varname) -{ - return getenv (varname); +{ +#ifdef HAVE___SECURE_GETENV + return __secure_getenv(varname); +#else + return getenv(varname); +#endif } /** ++++++ dbus-do-autolaunch.patch ++++++ From: Stephan Kulow <co...@suse.de> We want x11 autolaunch even if we have no x11 in the build environment Index: dbus-1.5.8/dbus/dbus-sysdeps-unix.c =================================================================== --- dbus-1.5.8.orig/dbus/dbus-sysdeps-unix.c 2011-09-21 19:20:06.000000000 +0200 +++ dbus-1.5.8/dbus/dbus-sysdeps-unix.c 2011-10-12 11:39:26.099779864 +0200 @@ -3339,7 +3339,7 @@ _dbus_get_autolaunch_address (const char DBusString *address, DBusError *error) { -#ifdef DBUS_ENABLE_X11_AUTOLAUNCH +#if 1 /* Perform X11-based autolaunch. (We also support launchd-based autolaunch, * but that's done elsewhere, and if it worked, this function wouldn't * be called.) */ ++++++ dbus-log-deny.patch ++++++ --- a/bus/system.conf.in +++ b/bus/system.conf.in @@ -48,7 +48,7 @@ <!-- Holes must be punched in service configuration files for name ownership and sending method calls --> <deny own="*"/> - <deny send_type="method_call"/> + <deny send_type="method_call" log="true"/> <!-- Signals and reply messages (method returns, errors) are allowed by default --> ++++++ dbus_at_console.ck ++++++ #!/bin/bash # # use consolekit to support legacy at_console setting # reason="$1" dir=/var/run/dbus/at_console # for at_console we are only interested in local sessions test "$CK_SESSION_IS_LOCAL" = true || exit 0 test "$reason" = "session_added" -o "$reason" = "session_removed" || exit 0 sessid=${CK_SESSION_ID##*/} sessid=${sessid//[^A-Za-z0-9]/_} test -n "$sessid" || exit 1 name=`getent passwd "$CK_SESSION_USER_UID" 2>/dev/null | awk -F: '{print $1}'` test -n "$name" || exit 1 if test "$reason" = "session_added"; then mkdir -p "$dir/$name" touch "$dir/$name/$sessid" else rm "$dir/$name/$sessid" rmdir "$dir/$name" fi ++++++ pre_checkin.sh ++++++ #!/bin/bash # vim:sw=4 et # This script is called automatically during autobuild checkin. cp -lf dbus-1.changes dbus-1-x11.changes for spec in dbus-1-x11.spec; do cp -f $spec.in $spec for n in $(seq 1 10); do grep -q "COMMON$n-BEGIN" dbus-1.spec || continue { sed -n -e "1,/COMMON$n-BEGIN/p" $spec sed -n -e "/COMMON$n-BEGIN/,/COMMON$n-END/p" dbus-1.spec sed -n -e "/COMMON$n-END/,\$p" $spec.in; } > $spec.tmp && mv $spec.tmp $spec done # assuming hilbert has no such dir #if test -x /mounts/work/src/bin/tools/prepare_spec; then # /mounts/work/src/bin/tools/prepare_spec $spec > $spec.tmp && mv $spec.tmp $spec #fi done osc service localrun format_spec_file ++++++ rc.boot.dbus ++++++ #!/bin/sh # Author: Timo Hoenig <thoe...@suse.de> # # /etc/init.d/dbus # ### BEGIN INIT INFO # Provides: dbus # Required-Start: $local_fs # Should-Start: # Required-Stop: $local_fs # Should-Stop: # Default-Start: 2 3 5 # Default-Stop: # Short-Description: D-Bus is a message bus system for applications to talk to one another. # Description: D-Bus supplies both a system daemon and a per-user-login-session daemon. # Also, the message bus is built on top of a general one-to-one message # passing framework, which can be used by any two apps to communicate # directly (without going through the message bus daemon). ### END INIT INFO DBUS_DAEMON_BIN=/bin/dbus-daemon test -x $DBUS_DAEMON_BIN || exit 5 DBUS_DAEMON_PARAMETER="--system"; DBUS_DAEMON_PID_DIR="/var/run/dbus" DBUS_DAEMON_PID=$DBUS_DAEMON_PID_DIR/pid DBUS_MACHINE_ID_DIR="/var/lib/dbus" DBUS_MACHINE_ID=$DBUS_MACHINE_ID_DIR/machine-id DBUS_UUIIDGEN_BIN=/bin/dbus-uuidgen CONSOLEKIT_DAEMON_BIN="/usr/sbin/console-kit-daemon" CONSOLEKIT_PID_DIR="/var/run/ConsoleKit" CONSOLEKIT_PID=$CONSOLEKIT_PID_DIR/pid # Source LSB init functions # providing start_daemon, killproc, pidofproc, # log_success_msg, log_failure_msg and log_warning_msg. # This is currently not used by UnitedLinux based distributions and # not needed for init scripts for UnitedLinux only. If it is used, # the functions from rc.status should not be sourced or used. #. /lib/lsb/init-functions . /etc/rc.status # Reset status of this service rc_reset case "$1" in start) if [ -x $DBUS_UUIIDGEN_BIN -a ! -e $DBUS_MACHINE_ID ] ; then if [ ! -d $DBUS_MACHINE_ID_DIR ] ; then mkdir -p $DBUS_MACHINE_ID_DIR chown messagebus:messagebus $DBUS_MACHINE_ID_DIR fi echo -n "Creating universally unique ID..." $DBUS_UUIIDGEN_BIN --ensure rc_status -v fi if checkproc -k -p $DBUS_DAEMON_PID $DBUS_DAEMON_BIN ; then echo "D-Bus already started. Not starting." exit 0 fi if [ ! -d $DBUS_DAEMON_PID_DIR ] ; then mkdir -p $DBUS_DAEMON_PID_DIR chown messagebus:messagebus $DBUS_DAEMON_PID_DIR fi if [ -e $DBUS_DAEMON_PID ] ; then echo "Removing stale PID file $DBUS_DAEMON_PID." rm -f $DBUS_DAEMON_PID fi echo -n "Starting D-Bus daemon" start_daemon -f $DBUS_DAEMON_BIN $DBUS_DAEMON_PARAMETER rc_status -v ;; stop) echo -n "Shutting down D-Bus daemon" if [ -x $CONSOLEKIT_DAEMON_BIN ] ; then killproc -p $CONSOLEKIT_PID -TERM $CONSOLEKIT_DAEMON_BIN fi killproc -p $DBUS_DAEMON_PID -TERM $DBUS_DAEMON_BIN rc_status -v ;; try-restart) $0 status >/dev/null && $0 restart rc_status ;; restart) $0 stop $0 start rc_status ;; force-reload) $0 reload rc_status ;; reload) echo -n "Reload service D-Bus daemon" dbus-send --type=method_call --system --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig rc_status -v ;; status) echo -n "Checking for service D-Bus daemon" checkproc -k -p $DBUS_DAEMON_PID $DBUS_DAEMON_BIN if [ $? -eq 7 ]; then rc_failed 3 fi rc_status -v ;; probe) ## Optional: Probe for the necessity of a reload, print out the ## argument to this init script which is required for a reload. ## Note: probe is not (yet) part of LSB (as of 1.2) # test /etc/FOO/FOO.conf -nt /var/run/FOO.pid && echo reload ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 ;; esac rc_exit -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org