diff --git a/SOURCES/00-start-message-bus.sh b/SOURCES/00-start-message-bus.sh new file mode 100755 index 00000000..41d3a2a4 --- /dev/null +++ b/SOURCES/00-start-message-bus.sh @@ -0,0 +1,17 @@ +#!/bin/sh +# Copyright (C) 2008 Red Hat, Inc. +# +# All rights reserved. This copyrighted material is made available to anyone +# wishing to use, modify, copy, or redistribute it subject to the terms and +# conditions of the GNU General Public License version 2. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# + +DBUS_SESSION_BUS_ADDRESS=`printenv DBUS_SESSION_BUS_ADDRESS` + +if [ -z "$DBUS_SESSION_BUS_ADDRESS" ]; then + eval `dbus-launch --sh-syntax --exit-with-session` +fi diff --git a/SOURCES/0001-bus-raise-fd-limits-before-dropping-privs.patch b/SOURCES/0001-bus-raise-fd-limits-before-dropping-privs.patch new file mode 100644 index 00000000..5d20dd03 --- /dev/null +++ b/SOURCES/0001-bus-raise-fd-limits-before-dropping-privs.patch @@ -0,0 +1,28 @@ +From 8e3c46c33f32290bc2f205de62a7d9ba01994f72 Mon Sep 17 00:00:00 2001 +From: David King +Date: Wed, 7 Feb 2018 14:37:24 +0000 +Subject: [PATCH] bus: raise fd limits before dropping privs + +https://bugzilla.redhat.com/show_bug.cgi?id=1529044 +--- + bus/bus.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/bus/bus.c b/bus/bus.c +index a6f8db47..4b922a89 100644 +--- a/bus/bus.c ++++ b/bus/bus.c +@@ -940,6 +940,11 @@ bus_context_new (const DBusString *confi + */ + if (context->user != NULL) + { ++ /* Raise the file descriptor limits before dropping the privileges ++ * required to do so. ++ */ ++ raise_file_descriptor_limit (context); ++ + if (!_dbus_change_to_daemon_user (context->user, error)) + { + _DBUS_ASSERT_ERROR_IS_SET (error); +-- +2.14.3 diff --git a/SOURCES/dbus-1.10.22-reduce-session-conf-fd-limits.patch b/SOURCES/dbus-1.10.22-reduce-session-conf-fd-limits.patch new file mode 100644 index 00000000..f95d3059 --- /dev/null +++ b/SOURCES/dbus-1.10.22-reduce-session-conf-fd-limits.patch @@ -0,0 +1,27 @@ +From f988e7327e5d8f372cc0c7d1478d12a74be113d3 Mon Sep 17 00:00:00 2001 +From: David King +Date: Fri, 15 Sep 2017 14:01:53 +0100 +Subject: [PATCH] Reduce default session bus max fd limits + +https://bugzilla.redhat.com/show_bug.cgi?id=1133732 +--- + bus/session.conf.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/bus/session.conf.in b/bus/session.conf.in +index affa7f1d..294a051d 100644 +--- a/bus/session.conf.in ++++ b/bus/session.conf.in +@@ -69,8 +69,8 @@ + 120000 + 240000 + 150000 +- 100000 +- 10000 ++ 900 ++ 92 + 100000 + 10000 + 50000 +-- +2.13.5 diff --git a/SOURCES/dbus-1.10.24-dbus-launch-chdir.patch b/SOURCES/dbus-1.10.24-dbus-launch-chdir.patch new file mode 100644 index 00000000..19cec178 --- /dev/null +++ b/SOURCES/dbus-1.10.24-dbus-launch-chdir.patch @@ -0,0 +1,500 @@ +From dc2074588d3e7b5a216cb8c0b82094157c3cf773 Mon Sep 17 00:00:00 2001 +From: David King +Date: Mon, 25 Jun 2018 14:46:14 -0400 +Subject: [PATCH] daemon: use HOME as the working directory + +Session buses started as part of a systemd --user session are launched +with the current working directory being the home directory of the user. +Applications which are launched via dbus activation inherit the working +directory from the session bus dbus-daemon. + +When dbus-launch is used to start dbus-daemon, as is commonly the case +with a session manager such as gnome-session, this leads to applications +having a default working directory of "/", which is undesirable (as an +example, the default directory in a GTK+ save dialog becomes "/"). + +As an improvement, make dbus-launch use the value of the environment +variable HOME, if it is set, as the current working directory. + +Signed-off-by: David King +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106987 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1470310 +--- + bus/bus.c | 9 +++++++++ + dbus/dbus-sysdeps-util-unix.c | 8 +++++--- + dbus/dbus-sysdeps-util-win.c | 2 ++ + dbus/dbus-sysdeps.h | 1 + + doc/dbus-launch.1.xml.in | 4 ++++ + tools/dbus-launch.c | 22 ++++++++++++++-------- + 6 files changed, 35 insertions(+), 11 deletions(-) + +diff --git a/bus/bus.c b/bus/bus.c +index f788e677..da2b2c1f 100644 +--- a/bus/bus.c ++++ b/bus/bus.c +@@ -870,63 +870,72 @@ bus_context_new (const DBusString *config_file, + + context->matchmaker = bus_matchmaker_new (); + if (context->matchmaker == NULL) + { + BUS_SET_OOM (error); + goto failed; + } + + /* check user before we fork */ + if (context->user != NULL) + { + if (!_dbus_verify_daemon_user (context->user)) + { + dbus_set_error (error, DBUS_ERROR_FAILED, + "Could not get UID and GID for username \"%s\"", + context->user); + goto failed; + } + } + + /* Now become a daemon if appropriate and write out pid file in any case */ + { + DBusString u; + + if (context->pidfile) + _dbus_string_init_const (&u, context->pidfile); + + if (((flags & BUS_CONTEXT_FLAG_FORK_NEVER) == 0 && context->fork) || + (flags & BUS_CONTEXT_FLAG_FORK_ALWAYS)) + { ++ const char *working_dir = NULL; ++ + _dbus_verbose ("Forking and becoming daemon\n"); + ++ if (context->type != NULL && strcmp (context->type, "session") == 0) ++ working_dir = _dbus_getenv ("HOME"); ++ ++ if (working_dir == NULL) ++ working_dir = "/"; ++ + if (!_dbus_become_daemon (context->pidfile ? &u : NULL, ++ working_dir, + print_pid_pipe, + error, + context->keep_umask)) + { + _DBUS_ASSERT_ERROR_IS_SET (error); + goto failed; + } + } + else + { + _dbus_verbose ("Fork not requested\n"); + + /* Need to write PID file and to PID pipe for ourselves, + * not for the child process. This is a no-op if the pidfile + * is NULL and print_pid_pipe is NULL. + */ + if (!_dbus_write_pid_to_file_and_pipe (context->pidfile ? &u : NULL, + print_pid_pipe, + _dbus_getpid (), + error)) + { + _DBUS_ASSERT_ERROR_IS_SET (error); + goto failed; + } + } + } + + if (print_pid_pipe && _dbus_pipe_is_valid (print_pid_pipe) && + !_dbus_pipe_is_stdout_or_stderr (print_pid_pipe)) + _dbus_pipe_close (print_pid_pipe, NULL); +diff --git a/dbus/dbus-sysdeps-util-unix.c b/dbus/dbus-sysdeps-util-unix.c +index 9b724cc9..30bb1441 100644 +--- a/dbus/dbus-sysdeps-util-unix.c ++++ b/dbus/dbus-sysdeps-util-unix.c +@@ -49,82 +49,84 @@ + #include + #include + #include + + #ifdef HAVE_SYSLOG_H + #include + #endif + + #ifdef HAVE_SYS_SYSLIMITS_H + #include + #endif + + #ifdef HAVE_SYSTEMD + #include + #endif + + #ifndef O_BINARY + #define O_BINARY 0 + #endif + + /** + * @addtogroup DBusInternalsUtils + * @{ + */ + + + /** + * Does the chdir, fork, setsid, etc. to become a daemon process. + * + * @param pidfile #NULL, or pidfile to create ++ * @param working_dir directory to chdir to + * @param print_pid_pipe pipe to print daemon's pid to, or -1 for none + * @param error return location for errors + * @param keep_umask #TRUE to keep the original umask + * @returns #FALSE on failure + */ + dbus_bool_t + _dbus_become_daemon (const DBusString *pidfile, ++ const char *working_dir, + DBusPipe *print_pid_pipe, + DBusError *error, + dbus_bool_t keep_umask) + { + const char *s; + pid_t child_pid; + int dev_null_fd; + + _dbus_verbose ("Becoming a daemon...\n"); + +- _dbus_verbose ("chdir to /\n"); +- if (chdir ("/") < 0) ++ _dbus_verbose ("chdir to %s\n", working_dir); ++ if (chdir (working_dir) < 0) + { + dbus_set_error (error, DBUS_ERROR_FAILED, +- "Could not chdir() to root directory"); ++ "Could not chdir() to working directory (%s)", working_dir); + return FALSE; + } + + _dbus_verbose ("forking...\n"); + switch ((child_pid = fork ())) + { + case -1: + _dbus_verbose ("fork failed\n"); + dbus_set_error (error, _dbus_error_from_errno (errno), + "Failed to fork daemon: %s", _dbus_strerror (errno)); + return FALSE; + break; + + case 0: + _dbus_verbose ("in child, closing std file descriptors\n"); + + /* silently ignore failures here, if someone + * doesn't have /dev/null we may as well try + * to continue anyhow + */ + + dev_null_fd = open ("/dev/null", O_RDWR); + if (dev_null_fd >= 0) + { + dup2 (dev_null_fd, 0); + dup2 (dev_null_fd, 1); + + s = _dbus_getenv ("DBUS_DEBUG_OUTPUT"); + if (s == NULL || *s == '\0') + dup2 (dev_null_fd, 2); +diff --git a/dbus/dbus-sysdeps-util-win.c b/dbus/dbus-sysdeps-util-win.c +index 3b754dbf..bfc1cb90 100644 +--- a/dbus/dbus-sysdeps-util-win.c ++++ b/dbus/dbus-sysdeps-util-win.c +@@ -27,67 +27,69 @@ + #define STRSAFE_NO_DEPRECATE + + #include "dbus-sysdeps.h" + #include "dbus-internals.h" + #include "dbus-protocol.h" + #include "dbus-string.h" + #include "dbus-sysdeps.h" + #include "dbus-sysdeps-win.h" + #include "dbus-sockets-win.h" + #include "dbus-memory.h" + #include "dbus-pipe.h" + + #include + #include + #if HAVE_ERRNO_H + #include + #endif + #include // WSA error codes + + #ifndef DBUS_WINCE + #include + #include + #include + #endif + + + /** + * Does the chdir, fork, setsid, etc. to become a daemon process. + * + * @param pidfile #NULL, or pidfile to create ++ * @param working_dir directory to chdir to + * @param print_pid_pipe file descriptor to print daemon's pid to, or -1 for none + * @param error return location for errors + * @param keep_umask #TRUE to keep the original umask + * @returns #FALSE on failure + */ + dbus_bool_t + _dbus_become_daemon (const DBusString *pidfile, ++ const char *working_dir, + DBusPipe *print_pid_pipe, + DBusError *error, + dbus_bool_t keep_umask) + { + dbus_set_error (error, DBUS_ERROR_NOT_SUPPORTED, + "Cannot daemonize on Windows"); + return FALSE; + } + + /** + * Creates a file containing the process ID. + * + * @param filename the filename to write to + * @param pid our process ID + * @param error return location for errors + * @returns #FALSE on failure + */ + static dbus_bool_t + _dbus_write_pid_file (const DBusString *filename, + unsigned long pid, + DBusError *error) + { + const char *cfilename; + HANDLE hnd; + char pidstr[20]; + int total; + int bytes_to_write; + + _DBUS_ASSERT_ERROR_IS_CLEAR (error); + +diff --git a/dbus/dbus-sysdeps.h b/dbus/dbus-sysdeps.h +index 0ee45c97..e569b545 100644 +--- a/dbus/dbus-sysdeps.h ++++ b/dbus/dbus-sysdeps.h +@@ -498,60 +498,61 @@ int _dbus_printf_string_upper_bound (const char *format, + va_list args); + + + /** + * Portable struct with stat() results + */ + typedef struct + { + unsigned long mode; /**< File mode */ + unsigned long nlink; /**< Number of hard links */ + dbus_uid_t uid; /**< User owning file */ + dbus_gid_t gid; /**< Group owning file */ + unsigned long size; /**< Size of file */ + unsigned long atime; /**< Access time */ + unsigned long mtime; /**< Modify time */ + unsigned long ctime; /**< Creation time */ + } DBusStat; + + dbus_bool_t _dbus_stat (const DBusString *filename, + DBusStat *statbuf, + DBusError *error); + DBUS_PRIVATE_EXPORT + dbus_bool_t _dbus_socketpair (DBusSocket *fd1, + DBusSocket *fd2, + dbus_bool_t blocking, + DBusError *error); + + void _dbus_print_backtrace (void); + + dbus_bool_t _dbus_become_daemon (const DBusString *pidfile, ++ const char *working_dir, + DBusPipe *print_pid_pipe, + DBusError *error, + dbus_bool_t keep_umask); + + dbus_bool_t _dbus_verify_daemon_user (const char *user); + dbus_bool_t _dbus_change_to_daemon_user (const char *user, + DBusError *error); + + dbus_bool_t _dbus_write_pid_to_file_and_pipe (const DBusString *pidfile, + DBusPipe *print_pid_pipe, + dbus_pid_t pid_to_write, + DBusError *error); + + dbus_bool_t _dbus_command_for_pid (unsigned long pid, + DBusString *str, + int max_len, + DBusError *error); + + /** A UNIX signal handler */ + typedef void (* DBusSignalHandler) (int sig); + + void _dbus_set_signal_handler (int sig, + DBusSignalHandler handler); + + dbus_bool_t _dbus_user_at_console (const char *username, + DBusError *error); + + void _dbus_init_system_log (dbus_bool_t is_daemon); + + typedef enum { +diff --git a/doc/dbus-launch.1.xml.in b/doc/dbus-launch.1.xml.in +index 5135d9ca..606c65be 100644 +--- a/doc/dbus-launch.1.xml.in ++++ b/doc/dbus-launch.1.xml.in +@@ -23,60 +23,64 @@ + dbus-launch + --version + --help + --sh-syntax + --csh-syntax + --auto-syntax + --binary-syntax + --close-stderr + --exit-with-session + --autolaunch=MACHINEID + --config-file=FILENAME + PROGRAM + ARGS + + + + + + DESCRIPTION + The dbus-launch command is used to start a session bus + instance of dbus-daemon from a shell script. + It would normally be called from a user's login + scripts. Unlike the daemon itself, dbus-launch exits, so + backticks or the $() construct can be used to read information from + dbus-launch. + + With no arguments, dbus-launch will launch a session bus + instance and print the address and PID of that instance to standard + output. + ++If the environment variable HOME is set, it is used as the current ++working directory. Otherwise, the root directory (/) is ++used. ++ + You may specify a program to be run; in this case, dbus-launch + will launch a session bus instance, set the appropriate environment + variables so the specified program can find the bus, and then execute the + specified program, with the specified arguments. See below for + examples. + + If you launch a program, dbus-launch will not print the + information about the new bus to standard output. + + When dbus-launch prints bus information to standard output, by + default it is in a simple key-value pairs format. However, you may + request several alternate syntaxes using the --sh-syntax, --csh-syntax, + --binary-syntax, or + --auto-syntax options. Several of these cause dbus-launch to emit shell code + to set up the environment. + + With the --auto-syntax option, dbus-launch looks at the value + of the SHELL environment variable to determine which shell syntax + should be used. If SHELL ends in "csh", then csh-compatible code is + emitted; otherwise Bourne shell code is emitted. Instead of passing + --auto-syntax, you may explicitly specify a particular one by using + --sh-syntax for Bourne syntax, or --csh-syntax for csh syntax. + In scripts, it's more robust to avoid --auto-syntax and you hopefully + know which shell your script is written in. + + + See http://www.freedesktop.org/software/dbus/ for more information + about D-Bus. See also the man page for dbus-daemon. + + +diff --git a/tools/dbus-launch.c b/tools/dbus-launch.c +index 80e4a241..a956684c 100644 +--- a/tools/dbus-launch.c ++++ b/tools/dbus-launch.c +@@ -592,71 +592,77 @@ kill_bus_when_session_ends (void) + /* This shouldn't happen I don't think; to avoid + * spinning on the fd forever we exit. + */ + fprintf (stderr, "dbus-launch: error reading from stdin: %s\n", + strerror (errno)); + kill_bus_and_exit (0); + } + } + else if (FD_ISSET (tty_fd, &err_set)) + { + verbose ("TTY has error condition\n"); + + kill_bus_and_exit (0); + } + } + } + } + + static void + babysit (int exit_with_session, + pid_t child_pid, + int read_bus_pid_fd) /* read pid from here */ + { + int ret; + int dev_null_fd; + const char *s; + + verbose ("babysitting, exit_with_session = %d, child_pid = %ld, read_bus_pid_fd = %d\n", + exit_with_session, (long) child_pid, read_bus_pid_fd); + +- /* We chdir ("/") since we are persistent and daemon-like, and fork +- * again so dbus-launch can reap the parent. However, we don't +- * setsid() or close fd 0 because the idea is to remain attached +- * to the tty and the X server in order to kill the message bus +- * when the session ends. ++ /* We chdir () since we are persistent and daemon-like, either to $HOME ++ * to match the behaviour of a session bus started by systemd --user, or ++ * otherwise "/". We fork again so dbus-launch can reap the parent. ++ * However, we don't setsid() or close fd 0 because the idea is to ++ * remain attached to the tty and the X server in order to kill the ++ * message bus when the session ends. + */ + +- if (chdir ("/") < 0) ++ s = getenv ("HOME"); ++ ++ if (s == NULL || *s == '\0') ++ s = "/"; ++ ++ if (chdir (s) < 0) + { +- fprintf (stderr, "Could not change to root directory: %s\n", +- strerror (errno)); ++ fprintf (stderr, "Could not change to working directory \"%s\": %s\n", ++ s, strerror (errno)); + exit (1); + } + + /* Close stdout/stderr so we don't block an "eval" or otherwise + * lock up. stdout is still chaining through to dbus-launch + * and in turn to the parent shell. + */ + dev_null_fd = open ("/dev/null", O_RDWR); + if (dev_null_fd >= 0) + { + if (!exit_with_session) + dup2 (dev_null_fd, 0); + dup2 (dev_null_fd, 1); + s = getenv ("DBUS_DEBUG_OUTPUT"); + if (s == NULL || *s == '\0') + dup2 (dev_null_fd, 2); + close (dev_null_fd); + } + else + { + fprintf (stderr, "Failed to open /dev/null: %s\n", + strerror (errno)); + /* continue, why not */ + } + + ret = fork (); + + if (ret < 0) + { + fprintf (stderr, "fork() failed in babysitter: %s\n", +-- +2.17.1 diff --git a/SOURCES/dbus-1.10.24-dbus-send-man-page-typo.patch b/SOURCES/dbus-1.10.24-dbus-send-man-page-typo.patch new file mode 100644 index 00000000..5f572883 --- /dev/null +++ b/SOURCES/dbus-1.10.24-dbus-send-man-page-typo.patch @@ -0,0 +1,26 @@ +From b98c85f2803434eec3192cdc3e9e86425fe33428 Mon Sep 17 00:00:00 2001 +From: David King +Date: Tue, 3 Oct 2017 13:34:03 +0100 +Subject: [PATCH] doc: Fix dbus-send.1 uint16 typo + +https://bugs.freedesktop.org/show_bug.cgi?id=103075 +https://bugzilla.redhat.com/show_bug.cgi?id=1467415 +--- + doc/dbus-send.1.xml.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/dbus-send.1.xml.in b/doc/dbus-send.1.xml.in +index 67b6dfd2..271435ca 100644 +--- a/doc/dbus-send.1.xml.in ++++ b/doc/dbus-send.1.xml.in +@@ -65,7 +65,7 @@ may include containers (arrays, dicts, and variants) as described below. + <array> ::= array:<type>:<value>[,<value>...] + <dict> ::= dict:<type>:<type>:<key>,<value>[,<key>,<value>...] + <variant> ::= variant:<type>:<value> +-<type> ::= string | int16 | uint 16 | int32 | uint32 | int64 | uint64 | double | byte | boolean | objpath ++<type> ::= string | int16 | uint16 | int32 | uint32 | int64 | uint64 | double | byte | boolean | objpath + + + D-Bus supports more types than these, but dbus-send currently +-- +2.13.6 diff --git a/SOURCES/dbus-1.10.24-mls-listnames.patch b/SOURCES/dbus-1.10.24-mls-listnames.patch new file mode 100644 index 00000000..0fe80640 --- /dev/null +++ b/SOURCES/dbus-1.10.24-mls-listnames.patch @@ -0,0 +1,268 @@ +diff -urN dbus-1.10.24.old/bus/driver.c dbus-1.10.24/bus/driver.c +--- dbus-1.10.24.old/bus/driver.c 2017-09-25 16:20:08.000000000 +0100 ++++ dbus-1.10.24/bus/driver.c 2018-02-13 10:15:09.570439595 +0000 +@@ -555,6 +555,9 @@ + char **services; + BusRegistry *registry; + int i; ++#ifdef HAVE_SELINUX ++ dbus_bool_t mls_enabled; ++#endif + DBusMessageIter iter; + DBusMessageIter sub; + +@@ -601,9 +604,58 @@ + } + } + ++#ifdef HAVE_SELINUX ++ mls_enabled = bus_selinux_mls_enabled (); ++#endif + i = 0; + while (i < len) + { ++#ifdef HAVE_SELINUX ++ if (mls_enabled) ++ { ++ const char *requester; ++ BusService *service; ++ DBusString str; ++ DBusConnection *service_conn; ++ DBusConnection *requester_conn; ++ ++ requester = dbus_message_get_destination (reply); ++ _dbus_string_init_const (&str, requester); ++ service = bus_registry_lookup (registry, &str); ++ ++ if (service == NULL) ++ { ++ _dbus_warn_check_failed ("service lookup failed: %s", requester); ++ ++i; ++ continue; ++ } ++ requester_conn = bus_service_get_primary_owners_connection (service); ++ _dbus_string_init_const (&str, services[i]); ++ service = bus_registry_lookup (registry, &str); ++ if (service == NULL) ++ { ++ _dbus_warn_check_failed ("service lookup failed: %s", services[i]); ++ ++i; ++ continue; ++ } ++ service_conn = bus_service_get_primary_owners_connection (service); ++ ++ if (!bus_selinux_allows_name (requester_conn, service_conn, error)) ++ { ++ if (dbus_error_is_set (error) && ++ dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY)) ++ { ++ dbus_free_string_array (services); ++ dbus_message_unref (reply); ++ return FALSE; ++ } ++ ++ /* Skip any services which are disallowed by SELinux policy. */ ++ ++i; ++ continue; ++ } ++ } ++#endif + if (!dbus_message_iter_append_basic (&sub, DBUS_TYPE_STRING, + &services[i])) + { +diff -urN dbus-1.10.24.old/bus/selinux.c dbus-1.10.24/bus/selinux.c +--- dbus-1.10.24.old/bus/selinux.c 2017-07-28 07:24:16.000000000 +0100 ++++ dbus-1.10.24/bus/selinux.c 2018-02-13 10:35:14.311477447 +0000 +@@ -61,6 +61,9 @@ + /* Store the value telling us if SELinux is enabled in the kernel. */ + static dbus_bool_t selinux_enabled = FALSE; + ++/* Store the value telling us if SELinux with MLS is enabled in the kernel. */ ++static dbus_bool_t selinux_mls_enabled = FALSE; ++ + /* Store an avc_entry_ref to speed AVC decisions. */ + static struct avc_entry_ref aeref; + +@@ -273,6 +276,20 @@ + } + + /** ++ * Return whether or not SELinux with MLS support is enabled; must be ++ * called after bus_selinux_init. ++ */ ++dbus_bool_t ++bus_selinux_mls_enabled (void) ++{ ++#ifdef HAVE_SELINUX ++ return selinux_mls_enabled; ++#else ++ return FALSE; ++#endif /* HAVE_SELINUX */ ++} ++ ++/** + * Do early initialization; determine whether SELinux is enabled. + */ + dbus_bool_t +@@ -292,6 +309,16 @@ + } + + selinux_enabled = r != 0; ++ ++ r = is_selinux_mls_enabled (); ++ if (r < 0) ++ { ++ _dbus_warn ("Could not tell if SELinux MLS is enabled: %s\n", ++ _dbus_strerror (errno)); ++ return FALSE; ++ } ++ ++ selinux_mls_enabled = r != 0; + return TRUE; + #else + return TRUE; +@@ -304,14 +331,18 @@ + */ + /* security dbus class constants */ + #define SECCLASS_DBUS 1 ++#define SECCLASS_CONTEXT 2 + + /* dbus's per access vector constants */ + #define DBUS__ACQUIRE_SVC 1 + #define DBUS__SEND_MSG 2 + ++#define CONTEXT__CONTAINS 1 ++ + #ifdef HAVE_SELINUX + static struct security_class_mapping dbus_map[] = { + { "dbus", { "acquire_svc", "send_msg", NULL } }, ++ { "context", { "contains", NULL } }, + { NULL } + }; + #endif /* HAVE_SELINUX */ +@@ -734,6 +765,102 @@ + #endif /* HAVE_SELINUX */ + + /** ++ * Check if SELinux security controls allow one connection to determine the ++ * name of the other, taking into account MLS considerations. ++ * ++ * @param source the requester of the name. ++ * @param destination the name being requested. ++ * @returns whether the name should be visible by the source of the request ++ */ ++dbus_bool_t ++bus_selinux_allows_name (DBusConnection *source, ++ DBusConnection *destination, ++ DBusError *error) ++{ ++#ifdef HAVE_SELINUX ++ int err; ++ char *policy_type; ++ unsigned long spid, tpid; ++ BusSELinuxID *source_sid; ++ BusSELinuxID *dest_sid; ++ dbus_bool_t ret; ++ dbus_bool_t string_alloced; ++ DBusString auxdata; ++ ++ if (!selinux_mls_enabled) ++ return TRUE; ++ ++ err = selinux_getpolicytype (&policy_type); ++ if (err < 0) ++ { ++ dbus_set_error_const (error, DBUS_ERROR_IO_ERROR, ++ "Failed to get SELinux policy type"); ++ return FALSE; ++ } ++ ++ /* Only check against MLS policy if running under that policy. */ ++ if (strcmp (policy_type, "mls") != 0) ++ { ++ free (policy_type); ++ return TRUE; ++ } ++ ++ free (policy_type); ++ ++ _dbus_assert (source != NULL); ++ _dbus_assert (destination != NULL); ++ ++ if (!source || !dbus_connection_get_unix_process_id (source, &spid)) ++ spid = 0; ++ if (!destination || !dbus_connection_get_unix_process_id (destination, &tpid)) ++ tpid = 0; ++ ++ string_alloced = FALSE; ++ if (!_dbus_string_init (&auxdata)) ++ goto oom; ++ string_alloced = TRUE; ++ ++ if (spid) ++ { ++ if (!_dbus_string_append (&auxdata, " spid=")) ++ goto oom; ++ ++ if (!_dbus_string_append_uint (&auxdata, spid)) ++ goto oom; ++ } ++ ++ if (tpid) ++ { ++ if (!_dbus_string_append (&auxdata, " tpid=")) ++ goto oom; ++ ++ if (!_dbus_string_append_uint (&auxdata, tpid)) ++ goto oom; ++ } ++ ++ source_sid = bus_connection_get_selinux_id (source); ++ dest_sid = bus_connection_get_selinux_id (destination); ++ ++ ret = bus_selinux_check (source_sid, ++ dest_sid, ++ SECCLASS_CONTEXT, ++ CONTEXT__CONTAINS, ++ &auxdata); ++ ++ _dbus_string_free (&auxdata); ++ return ret; ++ ++ oom: ++ if (string_alloced) ++ _dbus_string_free (&auxdata); ++ BUS_SET_OOM (error); ++ return FALSE; ++#else ++ return TRUE; ++#endif /* HAVE_SELINUX */ ++} ++ ++/** + * Read the SELinux ID from the connection. + * + * @param connection the connection to read from +Binary files dbus-1.10.24.old/bus/.selinux.c.swp and dbus-1.10.24/bus/.selinux.c.swp differ +diff -urN dbus-1.10.24.old/bus/selinux.h dbus-1.10.24/bus/selinux.h +--- dbus-1.10.24.old/bus/selinux.h 2017-07-28 07:24:16.000000000 +0100 ++++ dbus-1.10.24/bus/selinux.h 2018-02-13 10:15:09.573439444 +0000 +@@ -32,6 +32,7 @@ + void bus_selinux_shutdown (void); + + dbus_bool_t bus_selinux_enabled (void); ++dbus_bool_t bus_selinux_mls_enabled (void); + + void bus_selinux_id_ref (BusSELinuxID *sid); + void bus_selinux_id_unref (BusSELinuxID *sid); +@@ -54,6 +55,10 @@ + const char *service_name, + DBusError *error); + ++dbus_bool_t bus_selinux_allows_name (DBusConnection *source, ++ DBusConnection *destination, ++ DBusError *error); ++ + dbus_bool_t bus_selinux_allows_send (DBusConnection *sender, + DBusConnection *proposed_recipient, + const char *msgtype, /* Supplementary audit data */ diff --git a/SOURCES/dbus-1.6.12-auth-process-ok-message-dispatch-test-fix.patch b/SOURCES/dbus-1.6.12-auth-process-ok-message-dispatch-test-fix.patch new file mode 100644 index 00000000..b04a3e7b --- /dev/null +++ b/SOURCES/dbus-1.6.12-auth-process-ok-message-dispatch-test-fix.patch @@ -0,0 +1,46 @@ +From b17615cda8a7ec80692d84e544b71e8183461aa5 Mon Sep 17 00:00:00 2001 +From: Roy Li +Date: Wed, 21 Jan 2015 09:28:53 +0000 +Subject: [PATCH] dbus: clear guid_from_server if send_negotiate_unix_fd failed + +Once send_negotiate_unix_fd failed, this failure will happen, since +auth->guid_from_server has been set to some value before +send_negotiate_unix_fd. send_negotiate_unix_fd failure will lead to this +auth be handled by process_ok again, but this auth->guid_from_server is +not zero. + +So we should clear auth->guid_from_server if send_negotiate_unix_fd +failed. + +http://lists.freedesktop.org/archives/dbus/2014-February/016122.html +https://bugs.freedesktop.org/show_bug.cgi?id=75589 +https://bugzilla.redhat.com/show_bug.cgi?id=1183755 + +Signed-off-by: Roy Li +--- + dbus/dbus-auth.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/dbus/dbus-auth.c b/dbus/dbus-auth.c +index d2c37a7..dd6e61d 100644 +--- a/dbus/dbus-auth.c ++++ b/dbus/dbus-auth.c +@@ -1572,7 +1572,15 @@ process_ok(DBusAuth *auth, + _dbus_string_get_const_data (& DBUS_AUTH_CLIENT (auth)->guid_from_server)); + + if (auth->unix_fd_possible) +- return send_negotiate_unix_fd(auth); ++ { ++ if (!send_negotiate_unix_fd (auth)) ++ { ++ _dbus_string_set_length (& DBUS_AUTH_CLIENT (auth)->guid_from_server, 0); ++ return FALSE; ++ } ++ ++ return TRUE; ++ } + + _dbus_verbose("Not negotiating unix fd passing, since not possible\n"); + return send_begin (auth); +-- +2.2.1 diff --git a/SOURCES/dbus-1.6.12-avoid-selinux-context-translation.patch b/SOURCES/dbus-1.6.12-avoid-selinux-context-translation.patch new file mode 100644 index 00000000..60d0cc3e --- /dev/null +++ b/SOURCES/dbus-1.6.12-avoid-selinux-context-translation.patch @@ -0,0 +1,66 @@ +From a82e1be24d0211d4358d8ff3b8cd06dae71a9993 Mon Sep 17 00:00:00 2001 +From: David King +Date: Mon, 22 Aug 2016 09:43:29 +0100 +Subject: [PATCH] Use _raw() calls to avoid SELinux context translation + +When the credentials obtained from the client socket are used in future +security checks, no context translation should be performed, so +getpeercon() should be replaced with getpeercon_raw(), and similar +changes should me be made for other calls such as avc_sid_to_context() +and getcon(). + +https://bugzilla.redhat.com/show_bug.cgi?id=1356141 +--- + bus/selinux.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/bus/selinux.c b/bus/selinux.c +index 2fb4a8b..13361aa 100644 +--- a/bus/selinux.c ++++ b/bus/selinux.c +@@ -412,14 +412,14 @@ bus_selinux_full_init (void) + bus_context = NULL; + bus_sid = SECSID_WILD; + +- if (getcon (&bus_context) < 0) ++ if (getcon_raw (&bus_context) < 0) + { + _dbus_verbose ("Error getting context of bus: %s\n", + _dbus_strerror (errno)); + return FALSE; + } + +- if (avc_context_to_sid (bus_context, &bus_sid) < 0) ++ if (avc_context_to_sid_raw (bus_context, &bus_sid) < 0) + { + _dbus_verbose ("Error getting SID from bus context: %s\n", + _dbus_strerror (errno)); +@@ -713,7 +713,7 @@ bus_selinux_append_context (DBusMessage *message, + #ifdef HAVE_SELINUX + char *context; + +- if (avc_sid_to_context (SELINUX_SID_FROM_BUS (sid), &context) < 0) ++ if (avc_sid_to_context_raw (SELINUX_SID_FROM_BUS (sid), &context) < 0) + { + if (errno == ENOMEM) + BUS_SET_OOM (error); +@@ -766,7 +766,7 @@ bus_connection_read_selinux_context (DBusConnection *connection, + return FALSE; + } + +- if (getpeercon (fd, con) < 0) ++ if (getpeercon_raw (fd, con) < 0) + { + _dbus_verbose ("Error getting context of socket peer: %s\n", + _dbus_strerror (errno)); +@@ -901,7 +901,7 @@ bus_selinux_init_connection_id (DBusConnection *connection, + + _dbus_verbose ("Converting context to SID to store on connection\n"); + +- if (avc_context_to_sid (con, &sid) < 0) ++ if (avc_context_to_sid_raw (con, &sid) < 0) + { + if (errno == ENOMEM) + BUS_SET_OOM (error); +-- +2.7.4 diff --git a/SPECS/dbus.spec b/SPECS/dbus.spec new file mode 100644 index 00000000..3e328add --- /dev/null +++ b/SPECS/dbus.spec @@ -0,0 +1,1238 @@ +%global _hardened_build 1 +%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} + +%global gettext_package dbus-1 + +%global expat_version 1.95.5 +%global libselinux_version 1.15.2 + +%global dbus_user_uid 81 + +%global dbus_common_config_opts --enable-libaudit --enable-selinux=yes --with-init-scripts=redhat --with-system-socket=/run/dbus/system_bus_socket --with-system-pid-file=/run/dbus/messagebus.pid --with-dbus-user=dbus --libexecdir=/%{_libexecdir}/dbus-1 --docdir=%{_pkgdocdir} --enable-installed-tests + +# Allow extra dependencies required for some tests to be disabled. +%bcond_without tests +# Disabled in June 2014: http://lists.freedesktop.org/archives/dbus/2014-June/016223.html +%bcond_with check + +Name: dbus +Epoch: 1 +Version: 1.10.24 +Release: 12%{?dist} +Summary: D-BUS message bus + +Group: System Environment/Libraries +# The effective license of the majority of the package, including the shared +# library, is "GPL-2+ or AFL-2.1". Certain utilities are "GPL-2+" only. +License: (GPLv2+ or AFL) and GPLv2+ +URL: http://www.freedesktop.org/Software/dbus/ +#VCS: git:git://git.freedesktop.org/git/dbus/dbus +Source0: http://dbus.freedesktop.org/releases/%{name}/%{name}-%{version}.tar.gz +Source1: 00-start-message-bus.sh + +# https://bugzilla.redhat.com/show_bug.cgi?id=1118399 +Patch0: dbus-1.10.24-mls-listnames.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1183755 +Patch1: dbus-1.6.12-auth-process-ok-message-dispatch-test-fix.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1133732 +Patch2: dbus-1.10.22-reduce-session-conf-fd-limits.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1356141 +Patch3: dbus-1.6.12-avoid-selinux-context-translation.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1467415 +Patch4: dbus-1.10.24-dbus-send-man-page-typo.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1529044 +Patch5: 0001-bus-raise-fd-limits-before-dropping-privs.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1470310 +Patch6: dbus-1.10.24-dbus-launch-chdir.patch + +BuildRequires: libtool +BuildRequires: expat-devel >= %{expat_version} +BuildRequires: libselinux-devel >= %{libselinux_version} +BuildRequires: audit-libs-devel >= 0.9 +BuildRequires: libX11-devel +BuildRequires: libcap-ng-devel +BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(systemd) +BuildRequires: doxygen +# For building XML documentation. +BuildRequires: /usr/bin/xsltproc +BuildRequires: xmlto + +#For macroized scriptlets. +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +BuildRequires: systemd + +Requires: libselinux%{?_isa} >= %{libselinux_version} +Requires: dbus-libs%{?_isa} = %{epoch}:%{version}-%{release} +Requires(pre): /usr/sbin/useradd + +# Note: These is only required for --with-tests; when bootstrapping, you can +# pass --without-tests. +%if %{with tests} +BuildRequires: pkgconfig(gio-2.0) +BuildRequires: dbus-python +BuildRequires: pygobject3 +%endif +%if %{with check} +BuildRequires: /usr/bin/Xvfb +%endif + +# https://bugzilla.redhat.com/show_bug.cgi?id=1498029 +# Remove and fix dependent packages to use /usr/bin/dbus-send in RHEL 8. +Provides: /bin/dbus-send + +%description +D-BUS is a system for sending messages between applications. It is +used both for the system-wide message bus service, and as a +per-user-login-session messaging facility. + +%package libs +Summary: Libraries for accessing D-BUS +Group: Development/Libraries + +%description libs +This package contains lowlevel libraries for accessing D-BUS. + +%package doc +Summary: Developer documentation for D-BUS +Group: Documentation +Requires: %{name} = %{epoch}:%{version}-%{release} +BuildArch: noarch + +%description doc +This package contains developer documentation for D-Bus along with +other supporting documentation such as the introspect dtd file. + +%package devel +Summary: Development files for D-BUS +Group: Development/Libraries +# The server package can be a different architecture. +Requires: %{name} = %{epoch}:%{version}-%{release} + +%description devel +This package contains libraries and header files needed for +developing software that uses D-BUS. + +%package tests +Summary: Tests for the %{name} package +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} + +%description tests +The %{name}-tests package contains tests that can be used to verify +the functionality of the installed %{name} package. + +%package x11 +Summary: X11-requiring add-ons for D-BUS +Group: Development/Libraries +# The server package can be a different architecture. +Requires: %{name} = %{epoch}:%{version}-%{release} +Requires: xorg-x11-xinit + +%description x11 +D-BUS contains some tools that require Xlib to be installed, those are +in this separate package so server systems need not install X. + + +%prep +%setup -q +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 + +%build +# Avoid rpath. +if test -f autogen.sh; then env NOCONFIGURE=1 ./autogen.sh; else autoreconf --verbose --force --install; fi + +# Call configure here (before the extra directories for the multiple builds +# have been created) to ensure that the hardening flag hack is applied to +# ltmain.sh +%configure %{dbus_common_config_opts} --enable-doxygen-docs --enable-xml-docs --disable-asserts +make distclean + +mkdir build +pushd build +# See /usr/lib/rpm/macros +%global _configure ../configure +%configure %{dbus_common_config_opts} --enable-doxygen-docs --enable-xml-docs --disable-asserts +make V=1 %{?_smp_mflags} +popd + +%if %{with check} +mkdir build-check +pushd build-check +%configure %{dbus_common_config_opts} --enable-asserts --enable-verbose-mode --enable-tests +make V=1 %{?_smp_mflags} +popd +%endif + + +%install +pushd build +make install DESTDIR=%{buildroot} INSTALL="install -p" +popd + +find %{buildroot} -name '*.a' -type f -delete +find %{buildroot} -name '*.la' -type f -delete + +install -Dp -m755 %{SOURCE1} %{buildroot}%{_sysconfdir}/X11/xinit/xinitrc.d/00-start-message-bus.sh + +# Obsolete, but still widely used, for drop-in configuration snippets. +install --directory %{buildroot}%{_sysconfdir}/dbus-1/session.d +install --directory %{buildroot}%{_sysconfdir}/dbus-1/system.d + +# This directory is a somewhat unofficial downstream addition +install --directory %{buildroot}%{_datadir}/dbus-1/interfaces + +# Make sure that when somebody asks for D-Bus under the name of the +# old SysV script, that he ends up with the standard dbus.service name +# now. +ln -s dbus.service %{buildroot}%{_unitdir}/messagebus.service + +## %find_lang %{gettext_package} +# Delete the old legacy sysv init script +rm -rf %{buildroot}%{_initrddir} + +# Ensure that the ghosted directory has reasonable permissions. +install --directory %{buildroot}/run/dbus + +install --directory %{buildroot}/var/lib/dbus + +install -pm 644 -t %{buildroot}%{_pkgdocdir} \ + doc/introspect.dtd doc/introspect.xsl doc/system-activation.txt + +# Make sure that the documentation shows up in Devhelp. +install --directory %{buildroot}%{_datadir}/gtk-doc/html +ln -s %{_pkgdocdir} %{buildroot}%{_datadir}/gtk-doc/html/dbus + +# dbus.target was removed, in favor of dbus.socket, from systemd 21. +rm -r %{buildroot}%{_unitdir}/dbus.target.wants + +# Shell wrapper for installed tests, modified from Debian package. +cat > dbus-run-installed-tests < "\$tmpdir/result" + ( set +e; \$timeout \$t; echo "\$?" > "\$tmpdir/result" ) 2>&1 | sed 's/^/# /' + e="\$(cat "\$tmpdir/result")" + case "\$e" in + (0) + echo "ok \$i - \$t" + ;; + (77) + echo "ok \$i # SKIP \$t" + ;; + (*) + echo "not ok \$i - \$t (\$e)" + ret=1 + ;; + esac +done + +rm -rf tmpdir +echo "1..\$i" +exit \$ret +EOF + +install -pm 755 -t %{buildroot}%{_libexecdir}/dbus-1 dbus-run-installed-tests + + +%if %{with check} +%check +pushd build-check + +# TODO: better script for this... +export DISPLAY=42 +{ Xvfb :${DISPLAY} -nolisten tcp -auth /dev/null >/dev/null 2>&1 & + trap "kill -15 $! || true" 0 HUP INT QUIT TRAP TERM; }; +if ! env DBUS_TEST_SLOW=1 make check; then + echo "Tests failed, finding all Automake logs..." 1>&2; + find . -type f -name '*.trs' | while read trs; do cat ${trs}; cat ${trs%%.trs}.log; done + echo "Exiting abnormally due to make check failure above" 1>&2; + exit 1; +fi +popd +%endif + + +%pre +# Add the "dbus" user and group +/usr/sbin/groupadd -r -g %{dbus_user_uid} dbus 2>/dev/null || : +/usr/sbin/useradd -c 'System message bus' -u %{dbus_user_uid} -g %{dbus_user_uid} \ + -s /sbin/nologin -r -d '/' dbus 2> /dev/null || : + +%post libs -p /sbin/ldconfig + +%preun +%systemd_preun stop dbus.service dbus.socket + +%postun libs -p /sbin/ldconfig + +%postun +%systemd_postun + + +%files +# Strictly speaking, we could remove the COPYING from this subpackage and +# just have it be in libs, because dbus Requires dbus-libs. +%{!?_licensedir:%global license %%doc} +%license COPYING +%doc AUTHORS ChangeLog HACKING NEWS README +%exclude %{_pkgdocdir}/api +%exclude %{_pkgdocdir}/dbus.devhelp +%exclude %{_pkgdocdir}/diagram.* +%exclude %{_pkgdocdir}/introspect.* +%exclude %{_pkgdocdir}/system-activation.txt +%exclude %{_pkgdocdir}/*.html +%dir %{_sysconfdir}/dbus-1 +%dir %{_sysconfdir}/dbus-1/session.d +%dir %{_sysconfdir}/dbus-1/system.d +%config %{_sysconfdir}/dbus-1/session.conf +%config %{_sysconfdir}/dbus-1/system.conf +%ghost %dir /run/%{name} +%dir %{_localstatedir}/lib/dbus/ +%{_bindir}/dbus-daemon +%{_bindir}/dbus-send +%{_bindir}/dbus-cleanup-sockets +%{_bindir}/dbus-run-session +%{_bindir}/dbus-monitor +%{_bindir}/dbus-test-tool +%{_bindir}/dbus-update-activation-environment +%{_bindir}/dbus-uuidgen +%{_mandir}/man1/dbus-cleanup-sockets.1* +%{_mandir}/man1/dbus-daemon.1* +%{_mandir}/man1/dbus-run-session.1* +%{_mandir}/man1/dbus-monitor.1* +%{_mandir}/man1/dbus-send.1* +%{_mandir}/man1/dbus-test-tool.1* +%{_mandir}/man1/dbus-update-activation-environment.1* +%{_mandir}/man1/dbus-uuidgen.1* +%dir %{_datadir}/dbus-1 +%{_datadir}/dbus-1/session.conf +%{_datadir}/dbus-1/system.conf +%{_datadir}/dbus-1/services +%{_datadir}/dbus-1/system-services +%{_datadir}/dbus-1/interfaces +%dir %{_libexecdir}/dbus-1 +# See doc/system-activation.txt in source tarball for the rationale +# behind these permissions +%attr(4750,root,dbus) %{_libexecdir}/dbus-1/dbus-daemon-launch-helper +%exclude %{_libexecdir}/dbus-1/dbus-run-installed-tests +%{_unitdir}/dbus.service +%{_unitdir}/dbus.socket +%{_unitdir}/messagebus.service +%{_unitdir}/multi-user.target.wants/dbus.service +%{_unitdir}/sockets.target.wants/dbus.socket + +%files libs +%{!?_licensedir:%global license %%doc} +%license COPYING +%{_libdir}/*dbus-1*.so.* + +%files tests +%{_libexecdir}/dbus-1/installed-tests +%{_libexecdir}/dbus-1/dbus-run-installed-tests +%{_datadir}/installed-tests + +%files x11 +%{_bindir}/dbus-launch +%{_mandir}/man1/dbus-launch.1* +%{_sysconfdir}/X11/xinit/xinitrc.d/00-start-message-bus.sh + +%files doc +%{_pkgdocdir}/* +%{_datadir}/gtk-doc +%exclude %{_pkgdocdir}/AUTHORS +%exclude %{_pkgdocdir}/ChangeLog +%exclude %{_pkgdocdir}/HACKING +%exclude %{_pkgdocdir}/NEWS +%exclude %{_pkgdocdir}/README + +%files devel +%{_libdir}/lib*.so +%dir %{_libdir}/dbus-1.0 +%{_libdir}/dbus-1.0/include/ +%{_libdir}/pkgconfig/dbus-1.pc +%{_includedir}/* + +%changelog +* Tue Aug 21 2018 Ray Strode - 1:1.10.24-12 +- Use HOME as dbus-daemon --session working directory (#1470310) + +* Fri Jun 22 2018 David King - 1:1.10.24-11 +- Use HOME as dbus-launch working directory (#1470310) + +* Thu Feb 15 2018 David King - 1:1.10.24-7 +- Improve permissions on /run/dbus (#1510773) + +* Tue Feb 13 2018 David King - 1:1.10.24-6 +- Rebase MLS patch (#1534902) + +* Mon Feb 12 2018 Ray Strode - 1:1.10.24-5 +- Raise FD limits before dropping privileges + Resolves: #1529044 + +* Tue Jan 09 2018 David King - 1:1.10.24-4 +- Make xinit script work with set -u (#1452539) + +* Wed Oct 04 2017 David King - 1:1.10.24-3 +- Add a Provides for old dbus-send (#1498029) + +* Tue Oct 03 2017 David King - 1:1.10.24-2 +- Fix dbus-send.1 man page typo (#1467415) + +* Thu Sep 28 2017 David King - 1:1.10.24-1 +- Rebase to 1.10.24 (#1480264) + +* Fri Sep 15 2017 David King - 1:1.10.22-1 +- Rebase to 1.10.22 (#1480264) + +* Tue Nov 15 2016 David King - 1:1.6.12-18 +- Fix fd leak in error path (#1370381) + +* Mon Sep 12 2016 David King - 1:1.6.12-17 +- Improve SELinux context translation patch (#1356141) + +* Mon Aug 22 2016 David King - 1:1.6.12-16 +- Fix SELinux MLS context translation (#1356141) + +* Mon Aug 08 2016 David King - 1:1.6.12-15 +- Avoid hardcoded SELinux constants (#1364485) + +* Tue Apr 26 2016 David King - 1:1.6.12-14 +- Close multiple fds correctly (#1325870) + +* Fri May 29 2015 David King - 1:1.6.12-13 +- Fix bogus dates in changelog (#1054193) + +* Fri May 29 2015 David King - 1:1.6.12-13 +- Refresh man pages and add dbus-launch options (#949022) + +* Fri May 29 2015 David King - 1:1.6.12-13 +- Reduce fd limits in default session.conf (#1133732) + +* Wed Jan 21 2015 David King - 1:1.6.12-12 +- Fix message dispatch test failure (#1183755) + +* Fri Nov 28 2014 David King - 1:1.6.12-11 +- Fix scope after if statement for MLS check (#1118399) + +* Thu Nov 27 2014 David King - 1:1.6.12-10 +- Check current policy type before performing MLS check (#1118399) + +* Tue Nov 25 2014 David King - 1:1.6.12-9 +- Add MLS checking for listing service names (#1118399) + +* Fri Jan 24 2014 Daniel Mach - 1:1.6.12-8 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 1:1.6.12-7 +- Mass rebuild 2013-12-27 + +* Thu Sep 05 2013 Colin Walters - 1:1.6.12-6 +- Backport patch to avoid periodic busy looping + Resolves: #1029013 + +* Thu Sep 05 2013 Colin Walters - 1:1.6.12-5 +- Add patch from Matěj Cepl to log more clearly when tests + pass or fail + +* Wed Jul 24 2013 Colin Walters - 1:1.6.12-4 +- Add patch to fix test-marshal on s390. + +* Thu Jul 18 2013 Colin Walters - 1:1.6.12-3 +- Find all logs automake has hidden and cat them for visibility + into the mock logs. + +* Thu Jul 18 2013 Colin Walters - 1:1.6.12-2 +- Enable all upstream tests + Resolves: #955532 + This is fairly hacky; a much better replacement would be + something like the InstalledTests system. But we have to live + with rpm and stuff for now... + +* Mon Jun 17 2013 Colin Walters - 1:1.6.12-1 +- New upstream release +- CVE-2013-2168 + +* Thu Apr 18 2013 Matthias Clasen - 1:1.6.8-5 +- Hardened build + +* Tue Feb 05 2013 Colin Walters - 1:1.6.8-4 +- Add patch from Matej Cepl to enable check section, modified by me + to use common configure opts. + +* Sun Oct 14 2012 Rex Dieter - 1:1.6.8-3 +- minor .spec cleanups +- tighten lib deps via %%{?_isa} +- drop old Conflicts/Obsoletes/patches + +* Wed Oct 3 2012 Bill Nottingham - 1:1.6.8-2 +- Drop systemd-sysv-convert in trigger, and resulting dependency (#852822) + +* Fri Sep 28 2012 Colin Walters - 1:1.6.8-1 +- 1.6.8 + +* Fri Sep 28 2012 Colin Walters - 1:1.6.6-1 +- 1.6.6 + +* Thu Sep 13 2012 Colin Walters - 1:1.6.0-3 +- CVE-2012-3524 + +* Wed Jul 18 2012 Fedora Release Engineering - 1:1.6.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Tue Jun 5 2012 Colin Walters - 1:1.6.0-1 +- Update to 1.6.0 + +* Sun Apr 22 2012 Lennart Poettering - 1:1.4.20-2 +- Make D-Bus work in containers + +* Fri Apr 13 2012 Colin Walters +- Update to 1.4.20; closes #806082 +- Ensure /var/lib/dbus exists; this seems to have been + dropped from upstream build rules. +- Adapt to documentation actually being installed + +* Fri Jan 13 2012 Fedora Release Engineering - 1:1.4.10-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Mon Aug 22 2011 Lennart Poettering - 1:1.4.10-3 +- Don't restart D-Bus on upgrades, dont' enable D-Bus, since it is statically enabled. +- https://bugzilla.redhat.com/show_bug.cgi?id=732426 + +* Wed Aug 03 2011 David Zeuthen - 1:1.4.10-2 +- Drop SysV support, #697523 (from Jóhann B. Guðmundsson ) + +* Thu Jun 2 2011 Colin Walters - 1:1.4.10-1 +- New upstream version +- Drop XML docs patch which is now upstream +- Drop devhelp stuff; people should be using GDBus now. If you + don't, the raw doxygen is fine. + +* Tue Feb 08 2011 Fedora Release Engineering - 1:1.4.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Jan 28 2011 Matthias Clasen - 1:1.4.0-2 +- %%ghost /var/run content (#656571) + +* Mon Sep 6 2010 Lennart Poettering - 1:1.4.0-1 +- New upstream release + +* Thu Jul 29 2010 Lennart Poettering - 1:1.3.2-0.1.885483%{?dist} +- Conversion from systemd-install to systemctl + +* Fri Jul 9 2010 Lennart Poettering - 1:1.3.2-0.0.885483 +- git Snapshot with systemd activation + +* Wed Jun 23 2010 Lennart Poettering - 1:1.3.1-1 +- New upstream release + +* Wed Mar 24 2010 Colin Walters - 1:1.2.24-1 +- New upstream release +- Drop upstreamed patch + +* Mon Mar 22 2010 Colin Walters - 1:1.2.22-2 +- Add patch to fix syslog crasher + +* Wed Mar 17 2010 Colin Walters - 1:1.2.22-1 +- New upstream release + +* Wed Feb 03 2010 Colin Walters - 1:1.2.20-1 +- New upstream release +- Actually add start-early.patch + +* Tue Feb 02 2010 Colin Walters - 1:1.2.18-1 +- New upstream release + Drop all upstreamed patches. +- start-early.patch had both bindir changes and start-early; the + latter was upstreamed, so start-early is now bindir.patch. + Ideally later get this partial-bindir stuff upstream. + +* Thu Jan 21 2010 Colin Walters - 1:1.2.16-11 +- Drop dbus-libs requiring dbus; this was unnecessary for programs + which happened to speak the dbus protocol but don't require + the daemon. + Note that libdbus does support autolaunching dbus-daemon in + the session as an emergency fallback for legacy situations; however, + these cases were likely to have dbus installed already (via comps). + If they don't, well one turned to the wrong page in the choose your + own adventure book. + +* Tue Jan 12 2010 Matthias Clasen - 1:1.2.16-10 +- Don't link libdub against libcap-ng + +* Fri Dec 18 2009 Ray Strode - 1:1.2.16-9 +- Fix activation of daemons (#545267) +- Fix reload memleak (fdo #24697) +- Don't forget about pending activations on reload (fdo #24350) +- Fix reload race (fdo #21597) + +* Wed Oct 7 2009 Matthias Clasen - 1:1.2.16-8 +- Drop capabilities (#518541) + +* Wed Oct 7 2009 Matthias Clasen - 1:1.2.16-7 +- Add missing diagrams to the docs (#527650) + +* Thu Oct 1 2009 Matthias Clasen - 1:1.2.16-6 +- Fix timeout accounting + +* Fri Aug 21 2009 Tomas Mraz - 1:1.2.16-5 +- rebuilt with new audit + +* Fri Jul 24 2009 Fedora Release Engineering - 1:1.2.16-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Thu Jul 23 2009 Colin Walters - 1:1.2.16-3 +- Remove conflicting -U option to useradd + +* Wed Jul 22 2009 Colin Walters - 1:1.2.16-2 +- Explicitly add a dbus group id, fixes dbus files getting a + random group id in cases where the RPM install order varies. + Fixes https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=458183 + +* Tue Jul 14 2009 Colin Walters - 1:1.2.16-1 +- Upstream 1.2.16 +- Remove inotify patch, now upstreamed +- Remove timeout patch, obsolete with upstream change to infinite + timeout maximum by default + +* Sat Jun 27 2009 Matthias Clasen - 1:1.2.14-2 +- Don't leak inotify fd (#505338) + +* Wed Apr 22 2009 Colin Walters - 1:1.2.14-1 +- CVE-2009-1189 + * Update to 1.2.14 + +* Thu Mar 12 2009 Colin Walters - 1:1.2.12-1 +- Switch to non-permissive branch: + http://fedoraproject.org/wiki/Features/DBusPolicy + +* Fri Feb 27 2009 Matthias Clasen - 1:1.2.4.4permissive-4 +- Mark -doc content as %%doc + +* Tue Feb 24 2009 Matthias Clasen - 1:1.2.4.4permissive-2 +- Make -doc noarch + +* Tue Feb 24 2009 Fedora Release Engineering - 1:1.2.4.4permissive-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Tue Jan 06 2009 Colin Walters - 1:1.2.4.4.permissive-1 +- New upstream + +* Thu Dec 18 2008 Colin Walters - 1:1.2.4.2.permissive-1 +- New upstream + +* Fri Dec 12 2008 Colin Walters - 1:1.2.4-2 +- Revert to upstream 1.2.4, add epoch + +* Thu Dec 11 2008 Colin Walters - 1.2.8-4 +- And drop it again, needs more work + +* Wed Dec 10 2008 Colin Walters - 1.2.8-3 +- Add back working syslog patch + +* Tue Dec 09 2008 Colin Walters - 1.2.8-2 +- Remove accidentally added syslog patch + +* Tue Dec 09 2008 Colin Walters - 1.2.8-1 +- New upstream 1.2.8 + Allows signals by default. + +* Fri Dec 05 2008 Colin Walters - 1.2.6-1 +- New upstream 1.2.6 + +* Fri Nov 21 2008 Matthias Clasen - 1.2.4-2 +- Tweak descriptions + +* Mon Oct 06 2008 Colin Walters - 1.2.4-1 +- New upstream 1.2.4 + +* Thu Sep 25 2008 David Zeuthen - 1.2.3-2%{?dist} +- Avoid using noreplace for files that aren't really config files + +* Wed Aug 06 2008 Colin Walters - 1.2.3-1 +- New upstream 1.2.2 +- Drop patches that were upstreamed + +* Wed Jul 23 2008 Matthias Clasen - 1.2.1-7 +- Own /usr/share/dbus-1/interfaces + +* Fri Jul 18 2008 Matthias Clasen - 1.2.1-6 +- Add a patch from upstream git that adds a method + for changing the activation environment on the session bus + +* Thu Jul 17 2008 Casey Dahlin - 1.2.1-5 +- Patch to increase max method timeout + +* Thu May 29 2008 Casey Dahlin - 1.2.1-4 +- Patches for fd.o bugs 15635, 15571, 15588, 15570 + +* Mon May 12 2008 Ray Strode - 1.2.1-3 +- drop last patch after discussion on dbus list + +* Mon May 12 2008 Ray Strode - 1.2.1-2 +- ensure uuid is created at post time + +* Fri Apr 04 2008 John (J5) Palmieri - 1.2.1-1 +- update to latest upstream +- major version change is really a maint release for 1.1.20 + please read the NEWS file in the source for more information + +* Wed Feb 27 2008 David Zeuthen - 1.1.20-1%{?dist} +- Update to latest upstream release. Includes fix for CVE-2008-0595. +- Drop some patches that went upstream already + +* Wed Feb 20 2008 Mamoru Tasaka - 1.1.4-6 +- Really rebuild against new libcap + +* Sun Feb 17 2008 Adam Tkac - 1.1.4-5 +- rebuild against new libcap + +* Tue Feb 5 2008 Matthias Clasen - 1.1.4-4 +- Fix a dbus-launch problem (#430412) + +* Mon Feb 4 2008 Ray Strode - 1.1.4-3 +- Start message bus from xinitrc.d instead of hard coding it +at the end of Xsession + +* Mon Feb 4 2008 Matthias Clasen - 1.1.4-2 +- Make it build against the latest gcc/glibc + +* Thu Jan 17 2008 John (J5) Palmieri - 1.1.4-1 +- new upstream version +- fixes inotify patch which was consuming 100% cpu and memory + +* Wed Jan 16 2008 John (J5) Palmieri - 1.1.3-1 +- new upstream version which obsoletes a number of our patches +- doc section added for the devhelp docs + +* Thu Nov 15 2007 John (J5) Palmieri - 1.1.2-9 +- clean up spec file as per the merge review (#225676) + +* Thu Oct 25 2007 Bill Nottingham - 1.1.2-8 +- have -libs obsolete older versions of the main package so that yum upgrades work + +* Thu Oct 4 2007 Matthias Clasen - 1.1.2-7 +- Make the daemon a PIE executable (#210039) + +* Fri Sep 14 2007 Bill Nottingham - 1.1.2-6%{?dist} +- fix daemon abort when SELinux denies passing on a message (#283231) + +* Fri Sep 14 2007 Dan Walsh - 1.1.2-5%{?dist} +- Reverse we_were_root check to setpcap if we were root. Also only init +audit if we were root. So error dbus message will not show up when policy +reload happens. dbus -session will no longer try to send audit message, +only system will. + +* Tue Aug 28 2007 David Zeuthen - 1.1.2-4%{?dist} +- Make dbus require dbus-libs (#261721) + +* Mon Aug 27 2007 Adel Gadllah - 1.1.2-3 +- Add libs to a libs subpackage +- Update license tag + +* Wed Aug 01 2007 David Zeuthen - 1.1.2-2%{?dist} +- Move system bus activation helper to /{lib,lib64}/dbus-1. Also set + the correct mode and permissions. +- Own the directory /usr/share/dbus-1/system-services +- Delete the diretory /{lib,lib64}/dbus-1.0 as it's not used +- Pass 'dbus' instead of 81 as --with-dbus-user; otherwise the setuid + system bus activation helper fails + +* Sat Jul 28 2007 Matthias Clasen - 1.1.2-1 +- Update to 1.1.2 + +* Fri Jul 6 2007 Matthias Clasen - 1.1.1-3 +- Add LSB header to init script (#246902) + +* Thu Jun 28 2007 Ray Strode - 1.1.1-2 +- include session.d directory in package manifest + +* Thu Jun 28 2007 Ray Strode - 1.1.1-1 +- Update to 1.1.1 + +* Fri Jun 22 2007 Matthias Clasen - 1.0.2-6 +- Don't require libxml-python needlessly (#245300) + +* Sun Jun 17 2007 Matthias Clasen - 1.0.2-5 +- Require pkgconfig in -devel, not in -x11 (#244385) + +* Sat Apr 14 2007 Matthias Clasen - 1.0.2-4 +- Move the dbus-launch man page to the x11 subpackage + +* Thu Apr 12 2007 David Zeuthen - 1.0.2-3 +- Start SELinux thread after setuid call (#221168) + +* Wed Mar 28 2007 Matthias Clasen - 1.0.2-2 +- Require pkgconfig in the -devel package + +* Sun Mar 25 2007 Matthias Clasen - 1.0.2-1 +- Update to 1.0.2 +- Drop obsolete patches +- Fix directory ownership issues (#233753) + +* Fri Dec 15 2006 David Zeuthen - 1.0.1-3%{?dist} +- CVE-2006-6107: D-Bus denial of service + +* Sun Nov 26 2006 Matthias Clasen - 1.0.1-2 +- Include docs, and make them show up in devhelp + +* Mon Nov 20 2006 Ray Strode - 1.0.1-1 +- Update to 1.0.1 +- Apply patch from Thiago Macieira to + fix failed assertion in threading implementation +- Drop some crazy looking build time speed optimization + +* Tue Nov 14 2006 John (J5) Palmieri - 1.0.0-2 +- add patch to fix dbus_threads_init_default + +* Mon Nov 13 2006 John (J5) Palmieri - 1.0.0-1 +- update to D-Bus 1.0.0 "Blue Bird" +- build with verbose mode on but tests and asserts off + +* Sun Nov 12 2006 Ray Strode - 0.95-3 +- dont let dbus-launch session sitter crash in the + non-autolaunch code path (bug 214649) + +* Mon Nov 06 2006 John (J5) Palmieri - 0.95-2 +- Add /var/lib/dbus directory to %%files + +* Fri Nov 03 2006 John (J5) Palmieri - 0.95-1 +- Update to D-Bus 1.0 RC 3 (0.95) +- don't build with tests on + +* Sat Oct 14 2006 John (J5) Palmieri - 0.94-1 +- Update to D-Bus 1.0 RC 2 (0.94) + +* Sun Oct 01 2006 Jesse Keating - 0.93-3 +- rebuilt for unwind info generation, broken in gcc-4.1.1-21 + +* Tue Sep 19 2006 Matthias Clasen - 0.93-2 +- Add a Requires for libxml2-python (#201877) + +* Thu Sep 14 2006 John (J5) Palmieri - 0.93-1 +- Updated from upstream D-Bus 1.0 RC 1 (0.93) + +* Wed Sep 6 2006 Dan Walsh - 0.92-2 +- Only audit on the system bus + +* Fri Aug 18 2006 John (J5) Palmieri - 0.92-1 +- Update to 0.92 +- remove old patches + +* Sat Jul 22 2006 John (J5) Palmieri - 0.90-8 +- add patch to fix timeout removal assertion + +* Thu Jul 20 2006 John (J5) Palmieri - 0.90-7 +- add patch to fix taking a connection ref when it is locked + +* Wed Jul 19 2006 John (J5) Palmieri - 0.90-6 +- change the arch-deps.h include directory to /usr/lib[64] instead of /lib[64] + in the dbus-1.pc file after compile + +* Wed Jul 19 2006 John (J5) Palmieri - 0.90-5 +- Move arch include file from lib to libdir + +* Tue Jul 18 2006 John (J5) Palmieri - 0.90-4 +- add patch that pregenerates the xml introspect file so d-bus doesn't + have to be running suring the build. + +* Tue Jul 18 2006 John (J5) Palmieri - 0.90-3 +- s/--libdir=\/lib/--libdir=%%{_lib}/ in configure stage +- add / before %%{_lib} + +* Tue Jul 18 2006 John (J5) Palmieri - 0.90-2 +- Remove some remnants of the GLIB bindings from configure.in + +* Mon Jul 17 2006 John (J5) Palmieri - 0.90-1 +- Update to upstream 0.90 +- Split out bindings + +* Wed Jul 12 2006 Jesse Keating - 0.62-1.1 +- rebuild + +* Mon Jun 12 2006 John (J5) Palmieri - 0.62-1 +- Update to upstream 0.62 +- Remove mono for s390s + +* Tue Jun 6 2006 Matthias Clasen 0.61-6 +- Rebuild + +* Wed May 17 2006 Karsten Hopp 0.61-5.2 +- add buildrequires libICE-devel, libSM-devel, libcap-devel +- change buildrequires form libX11 to libX11-devel + +* Mon May 15 2006 John (J5) Palmieri - 0.61-5.1 +- Bump and rebuild. Add a BR and R for libX11 + +* Tue Apr 25 2006 John (J5) Palmieri - 0.61-5 +- Backport patch from dbus-connection.c + - Allows interfaces to be NULL in the message header as per the spec + - Fixes a problem with pendings calls blocking on a data starved socket + +* Mon Apr 17 2006 John (J5) Palmieri 0.61-4 +- New audit patch + +* Fri Feb 24 2006 John (J5) Palmieri 0.61-3 +- ABI hasn't changed so add patch that makes dbus-sharp think + it is still 0.60 (mono uses hard version names so any change + means apps need to recompile) + +* Fri Feb 24 2006 John (J5) Palmieri 0.61-2 +- Make sure chkconfig rests the priorities so we can start earlier + +* Fri Feb 24 2006 John (J5) Palmieri 0.61-1 +- Upgrade to upstream version 0.61 +- remove python callchain patch +- update avc patch + +* Fri Feb 10 2006 Jesse Keating - 0.60-7.2 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 0.60-7.1 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Mon Jan 23 2006 John (J5) Palmieri 0.60-7 +- Add patch to fix the python callchain +- Symlink dbus-send to /usr/bin because some applications + look for it there + +* Fri Jan 20 2006 John (J5) Palmieri 0.60-6 +- Fix up patch to init script so it refrences /bin not /usr/bin + +* Fri Jan 20 2006 John (J5) Palmieri 0.60-5 +- move base libraries and binaries to /bin and /lib so they can be started + before /usr is mounted on network mounted /usr systems +- have D-Bus start early + +* Thu Jan 19 2006 Alexander Larsson 0.60-4 +- mono now built on s390x + +* Mon Jan 9 2006 Alexander Larsson 0.60-3 +- Don't exclude non-mono arches + +* Mon Jan 9 2006 Alexander Larsson - 0.60-2 +- Add dbus-sharp sub-package + +* Fri Dec 09 2005 Jesse Keating - 0.60-1.1 +- rebuilt + +* Thu Dec 01 2005 John (J5) Palmieri - 0.60-1 +- upgrade to 0.60 + +* Thu Sep 08 2005 John (J5) Palmieri - 0.50-1 +- upgrade to 0.50 + +* Mon Aug 29 2005 John (J5) Palmieri - 0.36.2-1 +- upgrade to 0.36.2 which fixes an exploit where + users can attach to another user's session bus (CAN-2005-0201) + +* Wed Aug 24 2005 John (J5) Palmieri - 0.36.1-1 +- Upgrade to dbus-0.36.1 +- Install all files to lib64/ on 64bit machines + +* Tue Aug 23 2005 John (J5) Palmieri - 0.36-1 +- Upgrade to dbus-0.36 +- Split modules that go into %%{_lib}/python2.4/site-packages/dbus +and those that go into %%{python_sitelib}/dbus (they differ on 64bit) +- Renable Qt bindings since packages in core can use them + +* Mon Jul 18 2005 John (J5) Palmieri - 0.35.2-1 +- Upgrade to dbus-0.35.2 +- removed dbus-0.34-kill-babysitter.patch +- removed dbus-0.34-python-threadsync.patch +- removed dbus-0.23-selinux-avc-audit.patch +- added dbus-0.35.2-selinux-avc-audit.patch +- take out restarts on upgrade + +* Tue Jun 28 2005 John (J5) Palmieri - 0.34-1 +- Upgrade to dbus-0.34 +- added dbus-0.34-kill-babysitter.patch +- added dbus-0.34-python-threadsync.patch +- remove dbus-0.32-print_child_pid.patch +- remove dbus-0.32-deadlock-fix.patch +- remove dbus-0.33-types.patch + +* Sat Jun 18 2005 John (J5) Palmieri - 0.33-4 +- Add new libaudit patch from Steve Grub and enable in configure + (Bug #159218) + +* Mon May 23 2005 Bill Nottingham - 0.33-3 +- remove static libraries from python bindings + +* Sun May 01 2005 John (J5) Palmieri - 0.33-2 +- Backport patch from CVS that fixes int32's being marshaled as +uint16's in the python bindings + +* Mon Apr 25 2005 John (J5) Palmieri - 0.33-1 +- update to upstream 0.33 +- renable selinux audit patch + +* Tue Apr 12 2005 John (J5) Palmieri - 0.32-6 +- Added patch to fix deadlocks when using recursive g_mains + +* Tue Apr 12 2005 John (J5) Palmieri - 0.32-5 +- replace selinux_init patch with selinux_chroot_workaround patch + to work around bad selinux interactions when using chroots + on the beehive build machines + +* Mon Apr 11 2005 John (J5) Palmieri - 0.32-4 +- add print_child_pid patch which make sure we prin the child's pid if we fork + +* Thu Apr 7 2005 David Zeuthen - 0.32-3 +- add fix for glib infinite loop (fdo #2889) + +* Thu Mar 31 2005 John (J5) Palmieri - 0.32-2 +- add selinux-init patch to fix dbus from segfaulting when + building on machines that don't have selinux enabled + +* Thu Mar 31 2005 John (J5) Palmieri - 0.32-1 +- update to upstream version 0.32 + +* Wed Mar 23 2005 John (J5) Palmieri - 0.31-4 +- Pyrex has been patched to generate gcc4.0 complient code +- Rebuild for gcc4.0 + +* Wed Mar 16 2005 John (J5) Palmieri - 0.31-3 +- change compat-gcc requirement to compat-gcc-32 +- rebuild with gcc 3.2 + +* Tue Mar 08 2005 John (J5) Palmieri - 0.31-2 +- Remove precompiled init script and let the sources generate it + +* Mon Mar 07 2005 John (J5) Palmieri - 0.31-1 +- update to upstream version 0.31 +- take out user has same id patch (merged upstream) +- udi patch updated +- dbus-daemon-1 renamed to dbus-daemon +- dbus-glib-tool renamed to dbus-binding-tool +- force gcc33 because pyrex generate improper lvalue code +- disable audit patch for now + +* Tue Feb 01 2005 John (J5) Palmieri - 0.23-4 +- Explicitly pass in the pid file location to ./configure instead of + letting it guess based on the build enviornment + +* Mon Jan 31 2005 John (J5) Palmieri - 0.23-3 +- Add patch to fix random users from connecting to a users session bus + +* Fri Jan 21 2005 John (J5) Palmieri - 0.23-2 +- Add Steve Grubb's SE-Linux audit patch (Bug# 144920) + +* Fri Jan 21 2005 John (J5) Palmieri - 0.23-1 +- Update to upstream version 0.23 +- Drop all patches except for the UDI patch as they have been + integrated upstream +- List of API changes: + * add setgroups() to drop supplementary groups + * removed dbus_bug_get_with_g_main since it's been replaced by dbus_g_bus_get + * added support for int64 and uint64 to the python bindings + * use SerivceOwnerChanges signal instead of ServiceCreated and ServiceDeleted + +* Mon Nov 8 2004 Jeremy Katz - 0.22-12 +- rebuild against python 2.4 + +* Tue Nov 02 2004 John (J5) Palmieri +- Add a requires for glib2-devel in the devel package +- Add SE-Linux backport from Colin Walters that fixes + messages getting lost in SE-Linux contexts + +* Wed Oct 13 2004 John (J5) Palmieri +- Bump up release and rebuild + +* Mon Oct 11 2004 Tim Waugh +- Run /sbin/ldconfig for glib sub-package (bug #134062). + +* Wed Sep 22 2004 John (J5) Palmieri +- Fixed patch to use dbus-1 instead of dbus-1.0 +- (configure.in): Exported just the datadir instead of + the full path to the dbus datadir for consistency + +* Wed Sep 22 2004 John (J5) Palmieri +- Adding patch to move /usr/lib/dbus-1.0/services to + /usr/share/dbus-1.0/services + +* Thu Sep 16 2004 John (J5) Palmieri +- reverting BuildRequires: redhat-release because of issues with build system +- added precompiled version of the messagebus init script + +* Thu Sep 16 2004 John (J5) Palmieri +- changed /etc/redhat-release to the package redhat-release + +* Thu Sep 16 2004 John (J5) Palmieri +- added python int64 patch from davidz + +* Thu Sep 16 2004 John (J5) Palmieri +- added BuildRequires: /etc/redhat-release (RH Bug #132436) + +* Wed Aug 18 2004 John (J5) Palmieri +- Added Steve Grubb's spec file patch (RH Bug #130201) + +* Mon Aug 16 2004 John (J5) Palmieri +- Disabled dbus-gtk since dbus-viewer doesn't do anything right now + +* Mon Aug 16 2004 John (J5) Palmieri +- Moved dbus-viewer to new dbus-gtk package so that dbus-glib + no longer requires X or GTK libraries. (RH Bug #130029) + +* Thu Aug 12 2004 John (J5) Palmieri +- Update to new 0.22 release + +* Thu Aug 05 2004 John (J5) Palmieri +- Added BuildRequires for libselinux-devel and Requires for libselinux + +* Mon Aug 02 2004 Colin Walters +- Add SE-DBus patch + +* Fri Jul 30 2004 John (J5) Palmieri +- Added lib64 workaround for python bindings installing to + the wrong lib directory on 64 bit archs + +* Fri Jul 30 2004 John (J5) Palmieri +- Updated console-auth patch +- rebuild + +* Thu Jul 22 2004 John (J5) Palmieri +- Update to upstream CVS build +- Added console-auth patch + +* Fri Jun 25 2004 John (J5) Palmieri +- Workaround added to fix gcc-3.4 bug on ia64 + +* Fri Jun 25 2004 John (J5) Palmieri +- require new Pyrex version and see if it builds this time + +* Fri Jun 25 2004 John (J5) Palmieri +- rebuild with updated Pyrex (0.9.2.1) + +* Tue Jun 15 2004 Elliot Lee +- rebuilt + +* Fri Jun 04 2004 John (J5) Palmieri +- Moved dbus-viewer, dbus-monitor and dbus-glib-tool + into the dbus-glib package so that the main dbus + package does not depend on glib (Bug #125285) + +* Thu Jun 03 2004 John (J5) Palmieri +- rebuilt + +* Thu May 27 2004 John (J5) Palmieri +- added my Python patch +- took out the qt build requires +- added a gtk+ build requires + +* Fri Apr 23 2004 John (J5) Palmieri +- Changed build requirement to version 0.9-3 of Pyrex + to fix problem with builing on x86_64 + +* Tue Apr 20 2004 John (J5) Palmieri +- update to upstream 0.21 +- removed dbus-0.20-varargs.patch patch (fixed upstream) + +* Mon Apr 19 2004 John (J5) Palmieri +- added a dbus-python package to generate python bindings +- added Pyrex build dependacy + +* Tue Mar 02 2004 Elliot Lee +- rebuilt + +* Wed Feb 25 2004 Bill Nottingham 0.20-4 +- fix dbus error functions on x86-64 (#116324) +- add prereq (#112027) + +* Fri Feb 13 2004 Elliot Lee +- rebuilt + +* Fri Feb 13 2004 Tim Waugh +- Conflict with cups prior to configuration file change, so that the + %%postun service condrestart works. + +* Wed Feb 11 2004 Havoc Pennington 0.20-2 +- rebuild in fc2, cups now updated + +* Wed Jan 7 2004 Bill Nottingham 0.20-1 +- update to upstream 0.20 + +* Thu Oct 16 2003 Havoc Pennington 0.13-6 +- hmm, dbus doesn't support uids in the config file. fix. + +* Thu Oct 16 2003 Havoc Pennington 0.13-5 +- put uid instead of username in the config file, to keep things working with name change + +* Thu Oct 16 2003 Havoc Pennington 0.13-4 +- make subpackages require the specific release, not just version, of base package + +* Thu Oct 16 2003 Havoc Pennington 0.13-3 +- change system user "messagebus" -> "dbus" to be under 8 chars + +* Mon Sep 29 2003 Havoc Pennington 0.13-2 +- see if removing qt subpackage for now will get us through the build system, + qt bindings not useful yet anyway + +* Sun Sep 28 2003 Havoc Pennington 0.13-1 +- 0.13 fixes a little security oops + +* Mon Aug 4 2003 Havoc Pennington 0.11.91-3 +- break the tiny dbus-launch that depends on X into separate package + so a CUPS server doesn't need X installed + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Sat May 17 2003 Havoc Pennington 0.11.91-1 +- 0.11.91 cvs snap properly merges system.d + +* Fri May 16 2003 Havoc Pennington 0.11.90-1 +- build a cvs snap with a few more fixes + +* Fri May 16 2003 Havoc Pennington 0.11-2 +- fix a crash that was breaking cups + +* Thu May 15 2003 Havoc Pennington 0.11-1 +- 0.11 + +* Thu May 15 2003 Havoc Pennington 0.10.90-1 +- use rc.d/init.d not init.d, bug #90192 +- include the new man pages + +* Fri Apr 11 2003 Havoc Pennington 0.9-1 +- 0.9 +- export QTDIR explicitly +- re-enable qt, the problem was most likely D-BUS configure + +* Tue Apr 1 2003 Havoc Pennington 0.6.94-1 +- update from CVS with a fix to set uid after gid + +* Tue Apr 1 2003 Havoc Pennington 0.6.93-1 +- new cvs snap that actually forks to background and changes + user it's running as and so forth +- create our system user in pre + +* Mon Mar 31 2003 Havoc Pennington 0.6.92-1 +- fix for "make check" test that required a home directory + +* Mon Mar 31 2003 Havoc Pennington 0.6.91-1 +- disable qt for now because beehive hates me +- pull a slightly newer cvs snap that creates socket directory +- cat the make check log after make check fails + +* Mon Mar 31 2003 Havoc Pennington 0.6.90-1 +- initial build