Hello community, here is the log from the commit of package dbus-1.1807 for openSUSE:12.3:Update checked in at 2013-07-02 11:15:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/dbus-1.1807 (Old) and /work/SRC/openSUSE:12.3:Update/.dbus-1.1807.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dbus-1.1807" Changes: -------- New Changes file: --- /dev/null 2013-07-02 09:26:14.908030755 +0200 +++ /work/SRC/openSUSE:12.3:Update/.dbus-1.1807.new/dbus-1-x11.changes 2013-07-02 11:15:43.000000000 +0200 @@ -0,0 +1,1878 @@ +------------------------------------------------------------------- +Sun Jun 23 22:02:19 UTC 2013 - hrvoje.sen...@gmail.com + +- Added CVE-2013-2168.patch, fixes referenced vulnerability (bnc#824607) + +------------------------------------------------------------------- +Mon Feb 18 13:06:24 UTC 2013 - rmila...@suse.com + +- Revert patch: dbus-move-everything-to-run-directory.patch (bnc#802525). + +------------------------------------------------------------------- +Thu Jan 24 10:51:29 UTC 2013 - rmila...@suse.com + +- Move everything (pid files, lock files, etc.) to /run. + add: dbus-move-everything-to-run-directory.patch + +------------------------------------------------------------------- +Sun Nov 18 17:59:23 UTC 2012 - hrvoje.sen...@gmail.com + +- Update to 1.6.8 +- remove patch dbus-cve-2012-3524.patch as incorporated upstream + +Changes since 1.5.12 +• Follow up to CVE-2012-3524: The additional hardening + work to use __secure_getenv() as a followup to bug #52202 + broke certain configurations of gnome-keyring. Given + the difficulty of making this work without extensive + changes to gnome-keyring, use of __secure_getenv() is + deferred. + +• CVE-2012-3524: Don't access environment variables (fd.o #52202) + Thanks to work and input from Colin Walters, Simon McVittie, + Geoffrey Thomas, and others. + +• Detect that users are "at the console" correctly when configured with + a non-default path such as --enable-console-auth-dir=/run/console + (fd.o #51521, Dave Reisner) + +• Remove an incorrect assertion from DBusTransport (fd.o #51657, + Simon McVittie) + +• Change how we create /var/lib/dbus so it works under Automake >= 1.11.4 + (fd.o #51406, Simon McVittie) + +• Don't return from dbus_pending_call_set_notify with a lock held on OOM + (fd.o #51032, Simon McVittie) + +• Disconnect "developer mode" (assertions, verbose mode etc.) from + Automake maintainer mode. D-Bus developers should now configure with + --enable-developer. Automake maintainer mode is now on by default; + distributions can disable it with --disable-maintainer-mode. + (fd.o #34671, Simon McVittie) + +• Unix-specific: + · Check for libpthread under CMake on Unix (fd.o #47237, Simon McVittie) + +• New requirements + · PTHREAD_MUTEX_RECURSIVE on Unix + · compiler support for 64-bit integers (int64_t or equivalent) + +• D-Bus Specification v0.19 + +• New dbus-daemon features + · <allow own_prefix="com.example.Service"/> rules allow the service to + own names like com.example.Service.Instance3 + · optional systemd integration when checking at_console policies + · --nopidfile option, mainly for use by systemd + · path_namespace and arg0namespace may appear in match rules + · eavesdropping is disabled unless the match rule contains eavesdrop=true + +• New public API + · functions to validate various string types (dbus_validate_path() etc.) + · dbus_type_is_valid() + · DBusBasicValue, a union of every basic type + +• Bug fixes + · removed an unsafe reimplementation of recursive mutexes + · dbus-daemon no longer busy-loops if it has far too many file descriptors + · dbus-daemon.exe --print-address works on Windows + · all the other bug fixes from 1.4.20 + +• Other major implementation changes + · on Linux, dbus-daemon uses epoll if supported, for better scalability + · dbus_threads_init() ignores its argument and behaves like + dbus_threads_init_default() instead + · removed the per-connection link cache, improving dbus-daemon performance + +• Developer features + · optional Valgrind instrumentation (--with-valgrind) + · optional Stats interface on the dbus-daemon (--enable-stats) + · optionally abort whenever malloc() fails (--enable-embedded-tests + and export DBUS_MALLOC_CANNOT_FAIL=1) + +• Be more careful about monotonic time vs. real time, fixing DBUS_COOKIE_SHA1 + spec-compliance (fd.o #48580, David Zeuthen) + +• Don't use install(1) within the source/build trees, fixing the build as + non-root when using OpenBSD install(1) (fd.o #48217, Antoine Jacoutot) + +• Add missing commas in some tcp and nonce-tcp addresses, and remove + an unused duplicate copy of the nonce-tcp transport in Windows builds + (fd.o #45896, Simon McVittie) + +------------------------------------------------------------------- +Fri Nov 16 12:56:04 UTC 2012 - dims...@opensuse.org + +- Enable systemd integration (with_systemd 1): follow the rest of + the distribution enabling systemd support. As agreed, systemd is + the main supported way for 12.3. + +------------------------------------------------------------------- +Fri Nov 16 11:57:13 UTC 2012 - fcro...@suse.com + +- Move default home from /var/run/dbus to /run/dbus +- Fix useradd invocation: -o is useless without -u and newer + versions of pwdutils/shadowutils fail on this now. + +------------------------------------------------------------------- +Thu Nov 8 15:38:22 UTC 2012 - tittiatc...@gmail.com + +- Link /usr/bin/dbus-send to /bin/dbus-send. Upower uses + dbus-send to receive signals from systemd regarding resuming, + however looks for the moment in the wrong directory. + +------------------------------------------------------------------- +Sat Nov 3 16:33:15 UTC 2012 - crrodrig...@opensuse.org + +- Fix factory breakage on systemd units directory + +------------------------------------------------------------------- +Fri Oct 26 06:07:21 UTC 2012 - co...@suse.com + +- remove sysvinit requires from the package +- remove %run_permissions macro + +------------------------------------------------------------------- +Wed Oct 24 21:11:19 UTC 2012 - jeng...@inai.de + +- baselibs: dbus-1-devel-32bit must require libdbus-1-3-32bit + +------------------------------------------------------------------- +Sun Oct 7 16:57:56 UTC 2012 - co...@suse.com + +- remove libzio build dependency + +------------------------------------------------------------------- +Mon Aug 27 13:54:45 CEST 2012 - thoe...@suse.de + +- dbus-cve-2012-3524.patch: Add patch for CVE-2012-3524 to fix getenv() + vulnerability in setuid root binaries (bnc#697105) + +------------------------------------------------------------------- +Wed Aug 1 10:00:06 UTC 2012 - idon...@suse.com + +- Add pkgconfig(x11) as BuildRequires instead of xorg-x11-devel so + we don't depend on Mesa and create a build cycle. + +------------------------------------------------------------------- +Tue May 15 07:18:57 UTC 2012 - vu...@opensuse.org + +- Move ownership of /etc/dbus-1/{session.d,system.d} and + /usr/share/dbus-1/{interfaces,services,system-services} to + libdbus-1-3 instead of dbus-1: many dbus users put files there, + and it's annoying to force them to own those directories. + +------------------------------------------------------------------- +Sun Apr 22 16:28:41 UTC 2012 - alinm.el...@gmail.com + +- added libdbus-1-3 to build for -32bit... +- adeed post and postun sections for libdbus-1-3 + +------------------------------------------------------------------- +Thu Apr 19 20:44:39 CEST 2012 - thoe...@suse.de + +- More news from the dependency hell: Let dbus-1-devel require + dbus-1. + +------------------------------------------------------------------- +Wed Apr 18 11:54:42 CEST 2012 - thoe...@suse.de + +- Split dbus-1 into libdbus-1 and dbus-1. + +------------------------------------------------------------------- +Wed Mar 28 09:19:14 CEST 2012 - thoe...@suse.de + +- Update to version 1.5.12: + - Add public API to validate various string types: + dbus_validate_path(), dbus_validate_interface(), + dbus_validate_member(), dbus_validate_error_name(), + dbus_validate_bus_name(), dbus_validate_utf8() + (fd.o #39549, Simon McVittie) + + - Turn DBusBasicValue into public API so bindings don't need to + invent their own "union of everything" type (fd.o #11191, Simon + McVittie) + + - Enumerate data files included in the build rather than using ++++ 1681 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.dbus-1.1807.new/dbus-1-x11.changes New Changes file: dbus-1.changes: same change New: ---- CVE-2013-2168.patch baselibs.conf dbus-1-x11.changes dbus-1-x11.spec dbus-1-x11.spec.in dbus-1.6.8.tar.gz dbus-1.changes dbus-1.desktop dbus-1.spec dbus-do-autolaunch.patch dbus-log-deny.patch dbus_at_console.ck pre_checkin.sh rc.boot.dbus ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dbus-1-x11.spec ++++++ # # spec file for package dbus-1-x11 # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: dbus-1-x11 %define _name dbus BuildRequires: pkgconfig(x11) Url: http://dbus.freedesktop.org/ Summary: D-Bus Message Bus System License: GPL-2.0+ or AFL-2.1 Group: System/Daemons # COMMON1-BEGIN # COMMON1-BEGIN %define with_systemd 1 %if ! %{with_systemd} %if 0%{?suse_version} < 1230 %define _unitdir /lib/systemd/system %else %define _unitdir /usr/lib/systemd/system %endif %endif BuildRequires: audit-devel BuildRequires: doxygen BuildRequires: libexpat-devel BuildRequires: libtool BuildRequires: pkg-config BuildRequires: update-desktop-files %if %{with_systemd} BuildRequires: pkgconfig(libsystemd-daemon) BuildRequires: pkgconfig(libsystemd-login) %endif Version: 1.6.8 Release: 0 # bug437293 %ifarch ppc64 Obsoletes: dbus-1-64bit %endif # Source0: http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz Source1: rc.boot.dbus Source2: dbus-1.desktop Source3: dbus_at_console.ck Source4: baselibs.conf Patch0: dbus-log-deny.patch # PATCH-FIX-OPENSUSE co...@suse.de -- force a feature configure won't accept without x11 in buildrequires Patch1: dbus-do-autolaunch.patch # PATCH-FIX-UPSTREAM CVE-2013-2168.patch Patch2: CVE-2013-2168.patch %if 0%{?suse_version} > 1100 %bcond_without selinux %else %bcond_with selinux %endif %if %{with selinux} BuildRequires: libselinux-devel %endif BuildRequires: libcap-ng-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build # COMMON1-END # COMMON1-END %description D-Bus contains some tools that require Xlib to be installed, those are in this separate package so server systems need not install X. %prep # COMMON2-BEGIN # COMMON2-BEGIN %setup -n %{_name}-%{version} -q %patch0 -p1 %patch1 -p1 %patch2 -p1 %build autoreconf -fi # We use -fpie/-pie for the whole build; this is the recommended way to harden # the build upstream, see discussion in fdo#46570 export CFLAGS="${RPM_OPT_FLAGS} -fno-strict-aliasing -fPIC -fpie" export LDFLAGS="-pie" export CXXFLAGS="${RPM_OPT_FLAGS} -fno-strict-aliasing" %if 0%{?suse_version} > 1000 export CFLAGS="$CFLAGS -fstack-protector" export CXXFLAGS="$CXXFLAGS -fstack-protector" export V=1 %endif %configure \ --disable-static \ --with-pic \ --bindir=/bin \ --libexecdir=/lib/%{name} \ --libdir=/%{_lib} \ --with-init-scripts=suse \ --enable-inotify \ --enable-doxygen-docs \ %if %{with selinux} --enable-selinux \ %endif %if %{with_systemd} --enable-systemd \ %endif --enable-libaudit \ --with-console-auth-dir=/var/run/dbus/at_console/ \ --with-systemdsystemunitdir=%{_unitdir} make %{?_smp_mflags} doxygen -u && doxygen ./cleanup-man-pages.sh %install # COMMON2-END # COMMON2-END tdir=$(mktemp -d) make DESTDIR=$tdir install mkdir -p %{buildroot}/%{_bindir} mkdir -p %{buildroot}/%{_mandir}/man1 mv $tdir/bin/dbus-launch %{buildroot}/%{_bindir} mv $tdir/%{_mandir}/man1/dbus-launch.1* %{buildroot}/%{_mandir}/man1 rm -rf $tdir %files %defattr(-,root,root) %{_bindir}/dbus-launch %{_mandir}/man1/dbus-launch.1* %changelog ++++++ dbus-1.spec ++++++ # # spec file for package dbus-1 # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: dbus-1 %define _name dbus %define _libname libdbus-1-3 Url: http://dbus.freedesktop.org/ Summary: D-Bus Message Bus System License: GPL-2.0+ or AFL-2.1 Group: System/Daemons # COMMON1-BEGIN %define with_systemd 1 %if ! %{with_systemd} %if 0%{?suse_version} < 1230 %define _unitdir /lib/systemd/system %else %define _unitdir /usr/lib/systemd/system %endif %endif BuildRequires: audit-devel BuildRequires: doxygen BuildRequires: libexpat-devel BuildRequires: libtool BuildRequires: pkg-config BuildRequires: update-desktop-files %if %{with_systemd} BuildRequires: pkgconfig(libsystemd-daemon) BuildRequires: pkgconfig(libsystemd-login) %endif Version: 1.6.8 Release: 0 # bug437293 %ifarch ppc64 Obsoletes: dbus-1-64bit %endif # Source0: http://dbus.freedesktop.org/releases/dbus/%{_name}-%{version}.tar.gz Source1: rc.boot.dbus Source2: dbus-1.desktop Source3: dbus_at_console.ck Source4: baselibs.conf Patch0: dbus-log-deny.patch # PATCH-FIX-OPENSUSE co...@suse.de -- force a feature configure won't accept without x11 in buildrequires Patch1: dbus-do-autolaunch.patch # PATCH-FIX-UPSTREAM CVE-2013-2168.patch Patch2: CVE-2013-2168.patch %if 0%{?suse_version} > 1100 %bcond_without selinux %else %bcond_with selinux %endif %if %{with selinux} BuildRequires: libselinux-devel %endif BuildRequires: libcap-ng-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build # COMMON1-END %if 0%{?suse_version} < 1230 PreReq: /sbin/insserv /etc/init.d/boot.localfs %endif PreReq: permissions /usr/sbin/groupadd /usr/sbin/useradd %package -n %{_libname} Summary: Library package for D-Bus Group: Development/Libraries/Other %package -n dbus-1-devel Summary: Developer package for D-Bus Group: Development/Libraries/Other Requires: %{_libname} = %{version} Requires: dbus-1 Requires: glibc-devel %package -n dbus-1-devel-doc Summary: Developer documentation package for D-Bus Group: Development/Libraries/Other Requires: %{name} = %{version} %if 0%{?suse_version} >= 1120 BuildArch: noarch %endif %description D-Bus is a message bus system, a simple way for applications to talk to one another. D-Bus supplies both a system daemon and a per-user-login-session daemon. Also, the message bus is built on top of a general one-to-one message passing framework, which can be used by any two apps to communicate directly (without going through the message bus daemon). %description -n %{_libname} D-Bus is a message bus system, a simple way for applications to talk to one another. D-Bus supplies both a system daemon and a per-user-login-session daemon. Also, the message bus is built on top of a general one-to-one message passing framework, which can be used by any two apps to communicate directly (without going through the message bus daemon). %description -n dbus-1-devel D-Bus is a message bus system, a simple way for applications to talk to one another. D-Bus supplies both a system daemon and a per-user-login-session daemon. Also, the message bus is built on top of a general one-to-one message passing framework, which can be used by any two apps to communicate directly (without going through the message bus daemon). %description -n dbus-1-devel-doc D-Bus is a message bus system, a simple way for applications to talk to one another. D-BUS supplies both a system daemon and a per-user-login-session daemon. Also, the message bus is built on top of a general one-to-one message passing framework, which can be used by any two apps to communicate directly (without going through the message bus daemon). %prep # COMMON2-BEGIN %setup -n %{_name}-%{version} -q %patch0 -p1 %patch1 -p1 %patch2 -p1 %build autoreconf -fi # We use -fpie/-pie for the whole build; this is the recommended way to harden # the build upstream, see discussion in fdo#46570 export CFLAGS="${RPM_OPT_FLAGS} -fno-strict-aliasing -fPIC -fpie" export LDFLAGS="-pie" export CXXFLAGS="${RPM_OPT_FLAGS} -fno-strict-aliasing" %if 0%{?suse_version} > 1000 export CFLAGS="$CFLAGS -fstack-protector" export CXXFLAGS="$CXXFLAGS -fstack-protector" export V=1 %endif %configure \ --disable-static \ --with-pic \ --bindir=/bin \ --libexecdir=/lib/%{name} \ --libdir=/%{_lib} \ --with-init-scripts=suse \ --enable-inotify \ --enable-doxygen-docs \ %if %{with selinux} --enable-selinux \ %endif %if %{with_systemd} --enable-systemd \ %endif --enable-libaudit \ --with-console-auth-dir=/var/run/dbus/at_console/ \ --with-systemdsystemunitdir=%{_unitdir} make %{?_smp_mflags} doxygen -u && doxygen ./cleanup-man-pages.sh %install # COMMON2-END make DESTDIR=%{buildroot} install mkdir -p %{buildroot}/etc/init.d mkdir -p %{buildroot}/usr/sbin install -m 755 %{SOURCE1} %{buildroot}/%{_sysconfdir}/init.d/dbus ln -sf %{_sysconfdir}/init.d/dbus %{buildroot}/%{_sbindir}/rcdbus install -d %{buildroot}/var/run/dbus mkdir -p %{buildroot}/%{_datadir}/susehelp/meta/Development/Libraries/ install -m 0644 %SOURCE2 \ %{buildroot}/%{_datadir}/susehelp/meta/Development/Libraries/dbus-1.desktop mkdir -p %{buildroot}/%{_libdir}/pkgconfig mkdir -p %{buildroot}/lib/dbus-1/system-services mkdir -p %{buildroot}/%{_datadir}/dbus-1/system-services mkdir -p %{buildroot}/%{_datadir}/dbus-1/interfaces mkdir -p %{buildroot}/%{_libdir}/dbus-1.0/include/ mv -f %{buildroot}/%{_lib}/dbus-1.0/include/* %{buildroot}/%{_libdir}/dbus-1.0/include/ rm -f %{buildroot}/%{_lib}/*.la # devel stuff must not be in /lib %{__ln_s} -v /%{_lib}/$(readlink %{buildroot}/%{_lib}/lib%{name}.so) %{buildroot}%{_libdir}/lib%{name}.so %{__rm} -v %{buildroot}/%{_lib}/lib%{name}.so # fix up pkgconfig file sed -e 's@^\(libdir=\).*@\1%{_libdir}@' %{buildroot}/%{_lib}/pkgconfig/dbus-1.pc > %{buildroot}/%{_libdir}/pkgconfig/dbus-1.pc rm -f %{buildroot}/%{_lib}/pkgconfig/dbus-1.pc # rm -f %{buildroot}/bin/dbus-launch rm -f %{buildroot}/%{_mandir}/man1/dbus-launch.1* chmod a-x AUTHORS COPYING HACKING NEWS README doc/*.txt doc/file-boilerplate.c doc/TODO # install -d %{buildroot}%{_sysconfdir}/ConsoleKit/run-session.d install -m 755 %{SOURCE3} %{buildroot}%{_sysconfdir}/ConsoleKit/run-session.d mkdir -p %{buildroot}%{_localstatedir}/lib/dbus touch %{buildroot}/%{_localstatedir}/lib/dbus/machine-id # Link the /bin/dbus-send binary to /usr/bin/dbus-send. This should be removed once dbus has been fully migrated to /usr # Currently required to make upower work together with systemd mkdir -p %{buildroot}/usr/bin ln -sf /bin/dbus-send %{buildroot}/usr/bin/dbus-send %pre /usr/sbin/groupadd -r messagebus 2> /dev/null || : /usr/sbin/useradd -r -s /bin/false -c "User for D-Bus" -d /var/run/dbus -g messagebus messagebus 2> /dev/null || : %if 0%{?suse_version:1} %preun %{stop_on_removal dbus} %post /bin/dbus-uuidgen --ensure %{insserv_force_if_yast dbus} /sbin/ldconfig %verifyscript %verify_permissions -e /lib/dbus-1/dbus-daemon-launch-helper %postun %{insserv_cleanup} /sbin/ldconfig %endif %post -n %{_libname} -p /sbin/ldconfig %postun -n %{_libname} -p /sbin/ldconfig %files %defattr(-, root, root) %dir %{_localstatedir}/lib/dbus %dir /lib/dbus-1 %dir /lib/dbus-1/system-services %doc AUTHORS COPYING HACKING NEWS README %config(noreplace) %{_sysconfdir}/dbus-1/session.conf %config(noreplace) %{_sysconfdir}/dbus-1/system.conf %{_sysconfdir}/init.d/dbus %{_sysconfdir}/ConsoleKit /bin/dbus-cleanup-sockets /bin/dbus-daemon /bin/dbus-monitor /bin/dbus-send /usr/bin/dbus-send /bin/dbus-uuidgen %{_mandir}/man1/dbus-cleanup-sockets.1.* %{_mandir}/man1/dbus-daemon.1.* %{_mandir}/man1/dbus-monitor.1.* %{_mandir}/man1/dbus-send.1.* %{_mandir}/man1/dbus-uuidgen.1.* %{_sbindir}/rcdbus # See doc/system-activation.txt in source tarball for the rationale # behind these permissions %attr(4750,root,messagebus) %verify(not mode) /lib/%{name}/dbus-daemon-launch-helper %ghost /var/run/dbus %ghost %{_localstatedir}/lib/dbus/machine-id %if ! %{with_systemd} %if 0%{?suse_version} < 1230 %dir /lib/systemd %else %dir /usr/lib/systemd %dir %{_unitdir} %endif %endif %{_unitdir}/dbus.service %{_unitdir}/dbus.socket %dir %{_unitdir}/dbus.target.wants %{_unitdir}/dbus.target.wants/dbus.socket %dir %{_unitdir}/multi-user.target.wants %{_unitdir}/multi-user.target.wants/dbus.service %dir %{_unitdir}/sockets.target.wants %{_unitdir}/sockets.target.wants/dbus.socket %files -n %{_libname} %defattr(-, root, root) /%{_lib}/libdbus-1.so.* # Own those directories in the library instead of dbus-1, since dbus users # often ship files there %dir %{_sysconfdir}/dbus-1 %dir %{_sysconfdir}/dbus-1/session.d %dir %{_sysconfdir}/dbus-1/system.d %dir %{_datadir}/dbus-1 %dir %{_datadir}/dbus-1/interfaces %dir %{_datadir}/dbus-1/services %dir %{_datadir}/dbus-1/system-services %files -n dbus-1-devel %defattr(-,root,root) %{_includedir}/* %{_libdir}/libdbus-1.so %dir %{_libdir}/dbus-1.0 %{_libdir}/dbus-1.0/include %{_libdir}/pkgconfig/dbus-1.pc %files -n dbus-1-devel-doc %defattr(-,root,root) %dir %{_datadir}/doc/dbus %{_datadir}/doc/dbus/api/ %doc %{_datadir}/doc/dbus/dbus-faq.html %doc %{_datadir}/doc/dbus/dbus-specification.html %doc %{_datadir}/doc/dbus/dbus-test-plan.html %doc %{_datadir}/doc/dbus/dbus-tutorial.html %doc %{_datadir}/doc/dbus/diagram.* %doc %{_datadir}/doc/dbus/system-activation.txt %doc doc/*.txt doc/file-boilerplate.c doc/TODO %{_datadir}/susehelp %changelog ++++++ CVE-2013-2168.patch ++++++ >From 954d75b2b64e4799f360d2a6bf9cff6d9fee37e7 Mon Sep 17 00:00:00 2001 From: Simon McVittie <simon.mcvit...@collabora.co.uk> Date: Mon, 10 Jun 2013 17:06:47 +0000 Subject: CVE-2013-2168: _dbus_printf_string_upper_bound: copy the va_list for each use Using a va_list more than once is non-portable: it happens to work under the ABI of (for instance) x86 Linux, but not x86-64 Linux. This led to _dbus_printf_string_upper_bound() crashing if it should have returned exactly 1024 bytes. Many system services can be induced to process a caller-controlled string in ways that end up using _dbus_printf_string_upper_bound(), so this is a denial of service. Reviewed-by: Thiago Macieira <thi...@kde.org> --- diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c index fc67799..e31c735 100644 --- a/dbus/dbus-sysdeps-unix.c +++ b/dbus/dbus-sysdeps-unix.c @@ -3121,8 +3121,11 @@ _dbus_printf_string_upper_bound (const char *format, char static_buf[1024]; int bufsize = sizeof (static_buf); int len; + va_list args_copy; - len = vsnprintf (static_buf, bufsize, format, args); + DBUS_VA_COPY (args_copy, args); + len = vsnprintf (static_buf, bufsize, format, args_copy); + va_end (args_copy); /* If vsnprintf() returned non-negative, then either the string fits in * static_buf, or this OS has the POSIX and C99 behaviour where vsnprintf @@ -3138,8 +3141,12 @@ _dbus_printf_string_upper_bound (const char *format, * or the real length could be coincidentally the same. Which is it? * If vsnprintf returns the truncated length, we'll go to the slow * path. */ - if (vsnprintf (static_buf, 1, format, args) == 1) + DBUS_VA_COPY (args_copy, args); + + if (vsnprintf (static_buf, 1, format, args_copy) == 1) len = -1; + + va_end (args_copy); } /* If vsnprintf() returned negative, we have to do more work. @@ -3155,7 +3162,10 @@ _dbus_printf_string_upper_bound (const char *format, if (buf == NULL) return -1; - len = vsnprintf (buf, bufsize, format, args); + DBUS_VA_COPY (args_copy, args); + len = vsnprintf (buf, bufsize, format, args_copy); + va_end (args_copy); + dbus_free (buf); /* If the reported length is exactly the buffer size, round up to the diff --git a/dbus/dbus-sysdeps-win.c b/dbus/dbus-sysdeps-win.c index bc4951b..c42316f 100644 --- a/dbus/dbus-sysdeps-win.c +++ b/dbus/dbus-sysdeps-win.c @@ -538,9 +538,12 @@ int _dbus_printf_string_upper_bound (const char *format, char buf[1024]; int bufsize; int len; + va_list args_copy; bufsize = sizeof (buf); - len = _vsnprintf (buf, bufsize - 1, format, args); + DBUS_VA_COPY (args_copy, args); + len = _vsnprintf (buf, bufsize - 1, format, args_copy); + va_end (args_copy); while (len == -1) /* try again */ { @@ -553,7 +556,9 @@ int _dbus_printf_string_upper_bound (const char *format, if (p == NULL) return -1; - len = _vsnprintf (p, bufsize - 1, format, args); + DBUS_VA_COPY (args_copy, args); + len = _vsnprintf (p, bufsize - 1, format, args_copy); + va_end (args_copy); free (p); } -- cgit v0.9.0.2-2-gbebe ++++++ baselibs.conf ++++++ dbus-1 dbus-1-devel requires "libdbus-1-3-<targettype> = <version>" libdbus-1-3 ++++++ dbus-1-x11.spec.in ++++++ # # spec file for package dbus-1-x11 (Version 1.4.1) # # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: dbus-1-x11 %define _name dbus BuildRequires: pkgconfig(x11) Url: http://dbus.freedesktop.org/ License: GPL2+ or AFL 2.1 Group: System/Daemons Summary: D-Bus Message Bus System # COMMON1-BEGIN # COMMON1-END %description D-Bus contains some tools that require Xlib to be installed, those are in this separate package so server systems need not install X. %prep # COMMON2-BEGIN # COMMON2-END tdir=$(mktemp -d) make DESTDIR=$tdir install mkdir -p %{buildroot}/%{_bindir} mkdir -p %{buildroot}/%{_mandir}/man1 mv $tdir/bin/dbus-launch %{buildroot}/%{_bindir} mv $tdir/%{_mandir}/man1/dbus-launch.1* %{buildroot}/%{_mandir}/man1 rm -rf $tdir %files %defattr(-,root,root) %{_bindir}/dbus-launch %{_mandir}/man1/dbus-launch.1* %changelog ++++++ dbus-1.desktop ++++++ [Desktop Entry] Name=D-Bus API Documentation DocPath=/usr/share/doc/packages/dbus-1-devel/html/index.html X-DOC-SearchMethod=htdig ++++++ dbus-do-autolaunch.patch ++++++ From: Stephan Kulow <co...@suse.de> We want x11 autolaunch even if we have no x11 in the build environment Index: dbus-1.6.8/dbus/dbus-sysdeps-unix.c =================================================================== --- dbus-1.6.8.orig/dbus/dbus-sysdeps-unix.c +++ dbus-1.6.8/dbus/dbus-sysdeps-unix.c @@ -3424,7 +3424,7 @@ _dbus_get_autolaunch_address (const char DBusString *address, DBusError *error) { -#ifdef DBUS_ENABLE_X11_AUTOLAUNCH +#if 1 /* Perform X11-based autolaunch. (We also support launchd-based autolaunch, * but that's done elsewhere, and if it worked, this function wouldn't * be called.) */ ++++++ dbus-log-deny.patch ++++++ --- a/bus/system.conf.in +++ b/bus/system.conf.in @@ -48,7 +48,7 @@ <!-- Holes must be punched in service configuration files for name ownership and sending method calls --> <deny own="*"/> - <deny send_type="method_call"/> + <deny send_type="method_call" log="true"/> <!-- Signals and reply messages (method returns, errors) are allowed by default --> ++++++ dbus_at_console.ck ++++++ #!/bin/bash # # use consolekit to support legacy at_console setting # reason="$1" dir=/var/run/dbus/at_console # for at_console we are only interested in local sessions test "$CK_SESSION_IS_LOCAL" = true || exit 0 test "$reason" = "session_added" -o "$reason" = "session_removed" || exit 0 sessid=${CK_SESSION_ID##*/} sessid=${sessid//[^A-Za-z0-9]/_} test -n "$sessid" || exit 1 name=`getent passwd "$CK_SESSION_USER_UID" 2>/dev/null | awk -F: '{print $1}'` test -n "$name" || exit 1 if test "$reason" = "session_added"; then mkdir -p "$dir/$name" touch "$dir/$name/$sessid" else rm "$dir/$name/$sessid" rmdir "$dir/$name" fi ++++++ pre_checkin.sh ++++++ #!/bin/bash # vim:sw=4 et # This script is called automatically during autobuild checkin. cp -lf dbus-1.changes dbus-1-x11.changes for spec in dbus-1-x11.spec; do cp -f $spec.in $spec for n in $(seq 1 10); do grep -q "COMMON$n-BEGIN" dbus-1.spec || continue { sed -n -e "1,/COMMON$n-BEGIN/p" $spec sed -n -e "/COMMON$n-BEGIN/,/COMMON$n-END/p" dbus-1.spec sed -n -e "/COMMON$n-END/,\$p" $spec.in; } > $spec.tmp && mv $spec.tmp $spec done # assuming hilbert has no such dir #if test -x /mounts/work/src/bin/tools/prepare_spec; then # /mounts/work/src/bin/tools/prepare_spec $spec > $spec.tmp && mv $spec.tmp $spec #fi done osc service localrun format_spec_file ++++++ rc.boot.dbus ++++++ #!/bin/sh # Author: Timo Hoenig <thoe...@suse.de> # # /etc/init.d/dbus # ### BEGIN INIT INFO # Provides: dbus # Required-Start: $local_fs # Should-Start: # Required-Stop: $local_fs # Should-Stop: # Default-Start: 2 3 5 # Default-Stop: # Short-Description: D-Bus is a message bus system for applications to talk to one another. # Description: D-Bus supplies both a system daemon and a per-user-login-session daemon. # Also, the message bus is built on top of a general one-to-one message # passing framework, which can be used by any two apps to communicate # directly (without going through the message bus daemon). ### END INIT INFO DBUS_DAEMON_BIN=/bin/dbus-daemon test -x $DBUS_DAEMON_BIN || exit 5 DBUS_DAEMON_PARAMETER="--system"; DBUS_DAEMON_PID_DIR="/var/run/dbus" DBUS_DAEMON_PID=$DBUS_DAEMON_PID_DIR/pid DBUS_MACHINE_ID_DIR="/var/lib/dbus" DBUS_MACHINE_ID=$DBUS_MACHINE_ID_DIR/machine-id DBUS_UUIIDGEN_BIN=/bin/dbus-uuidgen CONSOLEKIT_DAEMON_BIN="/usr/sbin/console-kit-daemon" CONSOLEKIT_PID_DIR="/var/run/ConsoleKit" CONSOLEKIT_PID=$CONSOLEKIT_PID_DIR/pid # Source LSB init functions # providing start_daemon, killproc, pidofproc, # log_success_msg, log_failure_msg and log_warning_msg. # This is currently not used by UnitedLinux based distributions and # not needed for init scripts for UnitedLinux only. If it is used, # the functions from rc.status should not be sourced or used. #. /lib/lsb/init-functions . /etc/rc.status # Reset status of this service rc_reset case "$1" in start) if [ -x $DBUS_UUIIDGEN_BIN -a ! -e $DBUS_MACHINE_ID ] ; then if [ ! -d $DBUS_MACHINE_ID_DIR ] ; then mkdir -p $DBUS_MACHINE_ID_DIR chown messagebus:messagebus $DBUS_MACHINE_ID_DIR fi echo -n "Creating universally unique ID..." $DBUS_UUIIDGEN_BIN --ensure rc_status -v fi if checkproc -k -p $DBUS_DAEMON_PID $DBUS_DAEMON_BIN ; then echo "D-Bus already started. Not starting." exit 0 fi if [ ! -d $DBUS_DAEMON_PID_DIR ] ; then mkdir -p $DBUS_DAEMON_PID_DIR chown messagebus:messagebus $DBUS_DAEMON_PID_DIR fi if [ -e $DBUS_DAEMON_PID ] ; then echo "Removing stale PID file $DBUS_DAEMON_PID." rm -f $DBUS_DAEMON_PID fi echo -n "Starting D-Bus daemon" start_daemon -f $DBUS_DAEMON_BIN $DBUS_DAEMON_PARAMETER rc_status -v ;; stop) echo -n "Shutting down D-Bus daemon" if [ -x $CONSOLEKIT_DAEMON_BIN ] ; then killproc -p $CONSOLEKIT_PID -TERM $CONSOLEKIT_DAEMON_BIN fi killproc -p $DBUS_DAEMON_PID -TERM $DBUS_DAEMON_BIN rc_status -v ;; try-restart) $0 status >/dev/null && $0 restart rc_status ;; restart) $0 stop $0 start rc_status ;; force-reload) $0 reload rc_status ;; reload) echo -n "Reload service D-Bus daemon" dbus-send --type=method_call --system --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig rc_status -v ;; status) echo -n "Checking for service D-Bus daemon" checkproc -k -p $DBUS_DAEMON_PID $DBUS_DAEMON_BIN if [ $? -eq 7 ]; then rc_failed 3 fi rc_status -v ;; probe) ## Optional: Probe for the necessity of a reload, print out the ## argument to this init script which is required for a reload. ## Note: probe is not (yet) part of LSB (as of 1.2) # test /etc/FOO/FOO.conf -nt /var/run/FOO.pid && echo reload ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 ;; esac rc_exit -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org