Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

dbus-1-x11-1.12.20-5.4 RPM for i586

From OpenSuSE Tumbleweed for i586

Name: dbus-1-x11 Distribution: openSUSE Tumbleweed
Version: 1.12.20 Vendor: openSUSE
Release: 5.4 Build date: Sat Sep 18 13:05:08 2021
Group: Unspecified Build host: old-atreju3
Size: 30521 Source RPM: dbus-1-x11-1.12.20-5.4.src.rpm
Packager: https://bugs.opensuse.org
Url: https://dbus.freedesktop.org/
Summary: D-Bus Message Bus System
D-Bus contains some tools that require Xlib to be installed, those are
in this separate package so server systems need not install X.

Provides

Requires

License

AFL-2.1 OR GPL-2.0-or-later

Changelog

* Thu Jul 16 2020 Matthias Eliasson <elimat@opensuse.org>
  - Update to 1.12.20
    * On Unix, avoid a use-after-free if two usernames have the same
      numeric uid. In older versions this could lead to a crash (denial of
      service) or other undefined behaviour, possibly including incorrect
      authorization decisions if <policy group=...> is used.
      Like Unix filesystems, D-Bus' model of identity cannot distinguish
      between users of different names with the same numeric uid, so this
      configuration is not advisable on systems where D-Bus will be used.
      Thanks to Daniel Onaca.
      (dbus#305, dbus!166; Simon McVittie)
  - From 1.12.18
    * CVE-2020-12049: If a message contains more file descriptors than can
      be sent, close those that did get through before reporting error.
      Previously, a local attacker could cause the system dbus-daemon (or
      another system service with its own DBusServer) to run out of file
      descriptors, by repeatedly connecting to the server and sending fds that
      would get leaked.
      Thanks to Kevin Backhouse of GitHub Security Lab.
      (dbus#294, GHSL-2020-057; Simon McVittie)
    * Fix a crash when the dbus-daemon is terminated while one or more
      monitors are active (dbus#291, dbus!140; Simon McVittie)
    * The dbus-send(1) man page now documents --bus and --peer instead of
      the old --address synonym for --peer, which has been deprecated since
    the introduction of --bus and --peer in 1.7.6
    (fd.o #48816, dbus!115; Chris Morin)
    * Fix a wrong environment variable name in dbus-daemon(1)
      (dbus#275, dbus!122; Mubin, Philip Withnall)
    * Fix formatting of dbus_message_append_args example
    (dbus!126, Felipe Franciosi)
    * Avoid a test failure on Linux when built in a container as uid 0, but
      without the necessary privileges to increase resource limits
    (dbus!58, Debian #908092; Simon McVittie)
    * When building with CMake, cope with libX11 in a non-standard location
    (dbus!129, Tuomo Rinne)
  - Run spec-cleaner
* Sun Jan 19 2020 Stefan Brüns <stefan.bruens@rwth-aachen.de>
  - Move generation of API docs to a separate package, avoid doxygen
    dependency for building main package.
  - Build x11 and devel-doc (API doc) using _multibuild.
* Sun Jan 19 2020 Stefan Brüns <stefan.bruens@rwth-aachen.de>
  - Drop no longer required call to autoreconf, remove obsolete
    BuildRequires for libtool and autoconf-archive.
* Fri Jan 17 2020 Thorsten Kukuk <kukuk@suse.com>
  - Remove left overs from blocking restart on update from May 29th 2019
  - Use sysusers.d to create messagebus user
* Tue Dec 03 2019 Simon Lees <sflees@suse.de>
  - Verify signatures
    * dbus-1.keyring - Key for Simon McVittie (smcv) from the Debian
    developer keyring.
  - Drop dbus_at_console.ck not needed
  - Clean up sources
    * Source2 dbus-1.desktop now Source4
    * baselib.conf now source 3
  - Update to 1.12.16
    * CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
      authentication for identities that differ from the user running the
      DBusServer. Previously, a local attacker could manipulate symbolic
      links in their own home directory to bypass authentication and connect
      to a DBusServer with elevated privileges. The standard system and
      session dbus-daemons in their default configuration were immune to this
      attack because they did not allow DBUS_COOKIE_SHA1, but third-party
      users of DBusServer such as Upstart could be vulnerable.
      Thanks to Joe Vennix of Apple Information Security.
      (bsc#1137832, dbus#269, Simon McVittie)
  - From 1.12.14
    * Raise soft fd limit to match hard limit, even if unprivileged.
      This makes session buses with many clients, or with clients that make
      heavy use of fd-passing, less likely to suffer from fd exhaustion.
      (dbus!103, Simon McVittie)
    * If a privileged dbus-daemon has a hard fd limit greater than 64K, don't
      reduce it to 64K, ensuring that we can put back the original fd limits
      when carrying out traditional (non-systemd) activation. This fixes a
      regression with systemd >= 240 in which system services inherited
      dbus-daemon's hard and soft limit of 64K fds, instead of the intended
      soft limit of 1K and hard limit of 512K or 1M.
      (dbus!103, Debian#928877; Simon McVittie)
    * Fix build failures caused by an AX_CODE_COVERAGE API change in newer
      autoconf-archive versions (dbus#249, dbus!88; Simon McVittie)
    * Fix build failures with newer autoconf-archive versions that include
      AX_-prefixed shell variable names (dbus#249, dbus!86; Simon McVittie)
    * Parse section/group names in .service files according to the syntax
      from the Desktop Entry Specification, rejecting control characters
      and non-ASCII in section/group names (dbus#208, David King)
    * Fix various -Wlogical-op issues that cause build failure with newer
      gcc versions (dbus#225, dbus!109; David King)
    * Don't assume we can set permissions on a directory, for the benefit of
      MSYS and Cygwin builds (dbus#216, dbus!110; Simon McVittie)
    * Don't overwrite PKG_CONFIG_PATH and related environment variables when
      the pkg-config-based version of DBus1Config is used in a CMake project
      (dbus#267, dbus!96; Clemens Lang)
  - Drop now upstream Patches
    * dbus-no-ax-check.patch
    * dbus-new-autoconf-archive.patch
* Wed Nov 20 2019 Stefan Brüns <stefan.bruens@rwth-aachen.de>
  - Fix two inconsistencies with _libexecdir, sysusers.d and
    tmpfiles.d are always in %{_prefix}/lib/.
  - Drop update-desktop-files BuildRequires, once added for
    mimetypes.prov which is no longer part of update-desktop-files,
    and dbus-1.desktop does not even handles a single mimetype.
* Wed May 29 2019 Simon Lees <sflees@suse.de>
  - Replace DISABLE_RESTART_ON_UPDATE with
    %service_del_postun_without_restart
  - Remove version specific code to block all updates on restart as
    hopefully no tumbleweed versions still have code causing those
    issues (was only present for a few snapshots)
* Wed Apr 24 2019 Tomáš Chvátal <tchvatal@suse.com>
  - Remove the Leap42 conditionals that cause file conflict with
    filesystem package
* Fri Feb 22 2019 Franck Bui <fbui@suse.com>
  - Drop use of $FIRST_ARG in .spec
    The use of $FIRST_ARG was probably required because of the
    %service_* rpm macros were playing tricks with the shell positional
    parameters. This is bad practice and error prones so let's assume
    that no macros should do that anymore and hence it's safe to assume
    that positional parameters remains unchanged after any rpm macro
    call.
* Wed Jan 30 2019 Tomáš Chvátal <tchvatal@suse.com>
  - Update to 1.12.12:
    * Reference the freedesktop.org Code of Conduct (Simon McVittie)
    * Stop the dbus-daemon leaking memory (an error message) if delivering
      the message that triggered auto-activation is forbidden. This is
      technically a denial of service because the dbus-daemon will
      run out of memory eventually, but it's a very slow and noisy one,
      because all the rejected messages are also very likely to have
      been logged to the system log, and its scope is typically limited by
      the finite number of activatable services available.
      (dbus#234, Simon McVittie)
    * Remove __attribute__((__malloc__)) attribute on dbus_realloc(),
      which does not meet the criteria for that attribute in gcc 4.7+,
      potentially leading to miscompilation (fd.o #107741, Simon McVittie)
    * Fix some small O(1) memory leaks (fd.o #107320, Simon McVittie)
    * Fix printf formats for pointer-sized integers on 64-bit Windows
      (fd.o #105662, Ralf Habacker)
    * Always use select()-based poll() emulation on Darwin-based OSs
      (macOS, etc.) and on Interix, similar to what libcurl does
      (dbus#232, dbus!19; Simon McVittie)
    * Extend a test timeout to avoid spurious failures in CI
      (dbus!26, Simon McVittie)
* Wed Jan 30 2019 Tomáš Chvátal <tchvatal@suse.com>
  - Add patch to build with new autoconf-archive, there is now
    bash variable AX_BLA that gets detected and autoreconf aborts;
    thus rather just disable the pointless check:
    * dbus-no-ax-check.patch
  - Add patch to fix codecoverage m4 macro changes in autoconf-archive:
    * dbus-new-autoconf-archive.patch
* Tue Jan 15 2019 alarrosa@suse.com
  - Make libdbus-1-3 own the %{_datadir}/dbus-1/system.d directory
* Mon Jan 14 2019 kukuk@suse.de
  - Use %license instead of %doc [bsc#1082318]
* Wed Dec 19 2018 Jan Engelhardt <jengelh@inai.de>
  - Avoid bashisms in scriptlets.
* Tue Nov 20 2018 eich@suse.com
  - Avoid ugly error message from %pre(install) script when installing
    for the first time.
* Wed Aug 22 2018 sflees@suse.de
  - Update to 1.12.10
    * Changelog for 1.12.10
    * Prevent reading up to 3 bytes beyond the end of a truncated message.
      This could in principle be an information leak or denial of service
      on the system bus, but is not believed to be exploitable to crash
      the system bus or leak interesting information in practice.
      (fd.o #107332, Simon McVittie)
    * Fix build with gcc 8 -Werror=cast-function-type
      (fd.o #107349, Simon McVittie)
    * Fix warning from gcc 8 about suspicious use of strncpy() when
      populating struct sockaddr_un (fd.o #107350, Simon McVittie)
    * Fix a minor memory leak when a DBusServer listens on a new address
      (fd.o #107194, Simon McVittie)
    * Fix an invalid NULL argument to rmdir() if a nonce-tcp DBusServer
      runs out of memory (fd.o #107194, Simon McVittie)
    * Don't use misleading errno-derived error names if getaddrinfo() or
      getnameinfo() fails with a code other than EAI_SYSTEM
      (fd.o #106395, Simon McVittie)
    * Skip tests that require working TCP if we are in a container environment
      where 127.0.0.1 cannot be resolved (fd.o #106812, Simon McVittie)
    * Changelog for 1.12.8
    * The Devhelp documentation index is now in version 2 format
      (fd.o #106186, Simon McVittie)
    * Give the dbus-daemon man page some scarier warnings about
      <allow_anonymous/> and non-local TCP, which are insecure and should
      not be used, particularly for the standard system and session buses
      (fd.o #106004, Simon McVittie)
    * Fix installation of Ducktype documentation with newer yelp-build
      versions (fd.o #106171, Simon McVittie)
* Fri Mar 23 2018 sflees@suse.de
  - Update to 1.12.6
    * Changelog for 1.12.6
    * Increase system dbus-daemon's RLIMIT_NOFILE rlimit before it drops
      privileges, because it won't have permission afterwards. This fixes a
      regression in dbus 1.10.18 and 1.11.0 which made the standard system bus
      more susceptible to deliberate or accidental denial of service.
      (fdo#105165, David King)
    * Changelog for 1.12.4
    * When iterating the DBusConnection while blocking on a pending call,
      don't wait for I/O if that pending call already has a result; and make
      sure that whether it has a result is propagated in a thread-safe way.
      This prevents certain multi-threaded calling patterns from blocking
      until their timeout even when they should have succeeded sooner.
      (fdo#102839; Manish Narang, Michael Searle)
    * Report the correct error if OOM is reached while trying to listen
      on a TCP socket (fdo#89104, Simon McVittie)
    * Fix assertion failures in recovery from OOM while setting up a
      DBusServer (fdo#89104, Simon McVittie)
    * Add a missing space to a warning message (fdo#103729, Thomas Zajic)
    * Expand ${bindir} correctly when pkg-config is asked for dbus_daemondir
      (fdo#104265, Benedikt Heine)
    * On Linux systems with systemd < 237, if ${localstatedir}/dbus doesn't
      exist, create it before trying to create ${localstatedir}/dbus/machine-id
      (fdo#104577, Chris Lesiak)
    * Fix escaping in dbus-api-design document (fdo#104925, Philip Withnall)
* Thu Mar 08 2018 dimstar@opensuse.org
  - Don't spit out a warning if /usr/bin/dbus-daemon does not exist
    when we run the pre-script.

Files

/etc/alternatives/dbus-launch
/usr/bin/dbus-launch
/usr/bin/dbus-launch.x11


Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Oct 21 23:12:41 2021