Overview
Request 754216 accepted
- Verify signatures
* dbus-1.keyring - Key for Simon McVittie (smcv) from the Debian
developer keyring.
- Drop dbus_at_console.ck not needed
- Clean up sources
* Source2 dbus-1.desktop now Source4
* baselib.conf now source 3
- Update to 1.12.16
* CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
authentication for identities that differ from the user running the
DBusServer. Previously, a local attacker could manipulate symbolic
links in their own home directory to bypass authentication and connect
to a DBusServer with elevated privileges. The standard system and
session dbus-daemons in their default configuration were immune to this
attack because they did not allow DBUS_COOKIE_SHA1, but third-party
users of DBusServer such as Upstart could be vulnerable.
Thanks to Joe Vennix of Apple Information Security.
(bsc#1137832, dbus#269, Simon McVittie)
- From 1.12.14
* Raise soft fd limit to match hard limit, even if unprivileged.
This makes session buses with many clients, or with clients that make
heavy use of fd-passing, less likely to suffer from fd exhaustion.
(dbus!103, Simon McVittie)
* If a privileged dbus-daemon has a hard fd limit greater than 64K, don't
reduce it to 64K, ensuring that we can put back the original fd limits
when carrying out traditional (non-systemd) activation. This fixes a
regression with systemd >= 240 in which system services inherited
dbus-daemon's hard and soft limit of 64K fds, instead of the intended
soft limit of 1K and hard limit of 512K or 1M.
(dbus!103, Debian#928877; Simon McVittie)
* Fix build failures caused by an AX_CODE_COVERAGE API change in newer
autoconf-archive versions (dbus#249, dbus!88; Simon McVittie)
* Fix build failures with newer autoconf-archive versions that include
AX_-prefixed shell variable names (dbus#249, dbus!86; Simon McVittie)
* Parse section/group names in .service files according to the syntax
from the Desktop Entry Specification, rejecting control characters
and non-ASCII in section/group names (dbus#208, David King)
* Fix various -Wlogical-op issues that cause build failure with newer
gcc versions (dbus#225, dbus!109; David King)
* Don't assume we can set permissions on a directory, for the benefit of
MSYS and Cygwin builds (dbus#216, dbus!110; Simon McVittie)
* Don't overwrite PKG_CONFIG_PATH and related environment variables when
the pkg-config-based version of DBus1Config is used in a CMake project
(dbus#267, dbus!96; Clemens Lang)
- Drop now upstream Patches
* dbus-no-ax-check.patch
* dbus-new-autoconf-archive.patch
- Fix two inconsistencies with _libexecdir, sysusers.d and
tmpfiles.d are always in %{_prefix}/lib/.
- Drop update-desktop-files BuildRequires, once added for
mimetypes.prov which is no longer part of update-desktop-files,
and dbus-1.desktop does not even handles a single mimetype.
- Replace DISABLE_RESTART_ON_UPDATE with
%service_del_postun_without_restart
- Remove version specific code to block all updates on restart as
hopefully no tumbleweed versions still have code causing those
issues (was only present for a few snapshots)
- Remove the Leap42 conditionals that cause file conflict with
filesystem package
- Drop use of $FIRST_ARG in .spec
The use of $FIRST_ARG was probably required because of the
%service_* rpm macros were playing tricks with the shell positional
parameters. This is bad practice and error prones so let's assume
that no macros should do that anymore and hence it's safe to assume
that positional parameters remains unchanged after any rpm macro
call.
- Created by simotek
- In state accepted
- 4 package maintainers
Request History
simotek created request
- Verify signatures
* dbus-1.keyring - Key for Simon McVittie (smcv) from the Debian
developer keyring.
- Drop dbus_at_console.ck not needed
- Clean up sources
* Source2 dbus-1.desktop now Source4
* baselib.conf now source 3
- Update to 1.12.16
* CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
authentication for identities that differ from the user running the
DBusServer. Previously, a local attacker could manipulate symbolic
links in their own home directory to bypass authentication and connect
to a DBusServer with elevated privileges. The standard system and
session dbus-daemons in their default configuration were immune to this
attack because they did not allow DBUS_COOKIE_SHA1, but third-party
users of DBusServer such as Upstart could be vulnerable.
Thanks to Joe Vennix of Apple Information Security.
(bsc#1137832, dbus#269, Simon McVittie)
- From 1.12.14
* Raise soft fd limit to match hard limit, even if unprivileged.
This makes session buses with many clients, or with clients that make
heavy use of fd-passing, less likely to suffer from fd exhaustion.
(dbus!103, Simon McVittie)
* If a privileged dbus-daemon has a hard fd limit greater than 64K, don't
reduce it to 64K, ensuring that we can put back the original fd limits
when carrying out traditional (non-systemd) activation. This fixes a
regression with systemd >= 240 in which system services inherited
dbus-daemon's hard and soft limit of 64K fds, instead of the intended
soft limit of 1K and hard limit of 512K or 1M.
(dbus!103, Debian#928877; Simon McVittie)
* Fix build failures caused by an AX_CODE_COVERAGE API change in newer
autoconf-archive versions (dbus#249, dbus!88; Simon McVittie)
* Fix build failures with newer autoconf-archive versions that include
AX_-prefixed shell variable names (dbus#249, dbus!86; Simon McVittie)
* Parse section/group names in .service files according to the syntax
from the Desktop Entry Specification, rejecting control characters
and non-ASCII in section/group names (dbus#208, David King)
* Fix various -Wlogical-op issues that cause build failure with newer
gcc versions (dbus#225, dbus!109; David King)
* Don't assume we can set permissions on a directory, for the benefit of
MSYS and Cygwin builds (dbus#216, dbus!110; Simon McVittie)
* Don't overwrite PKG_CONFIG_PATH and related environment variables when
the pkg-config-based version of DBus1Config is used in a CMake project
(dbus#267, dbus!96; Clemens Lang)
- Drop now upstream Patches
* dbus-no-ax-check.patch
* dbus-new-autoconf-archive.patch
- Fix two inconsistencies with _libexecdir, sysusers.d and
tmpfiles.d are always in %{_prefix}/lib/.
- Drop update-desktop-files BuildRequires, once added for
mimetypes.prov which is no longer part of update-desktop-files,
and dbus-1.desktop does not even handles a single mimetype.
- Replace DISABLE_RESTART_ON_UPDATE with
%service_del_postun_without_restart
- Remove version specific code to block all updates on restart as
hopefully no tumbleweed versions still have code causing those
issues (was only present for a few snapshots)
- Remove the Leap42 conditionals that cause file conflict with
filesystem package
- Drop use of $FIRST_ARG in .spec
The use of $FIRST_ARG was probably required because of the
%service_* rpm macros were playing tricks with the shell positional
parameters. This is bad practice and error prones so let's assume
that no macros should do that anymore and hence it's safe to assume
that positional parameters remains unchanged after any rpm macro
call.
simotek accepted request
