From 9703b1401059bf2180e2c6ad95c54f1935dbd7f0 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Apr 10 2018 05:25:30 +0000 Subject: import dbus-1.10.24-7.el7 --- diff --git a/.dbus.metadata b/.dbus.metadata index b83c4c9..853c182 100644 --- a/.dbus.metadata +++ b/.dbus.metadata @@ -1 +1 @@ -96f7ae2edb8711fe4fb42718d03fdb00a90416d5 SOURCES/dbus-1.6.12.tar.gz +85585fdfbaf83b7183f70eb840727172206592f9 SOURCES/dbus-1.10.24.tar.gz diff --git a/.gitignore b/.gitignore index b50cc85..9ae94ac 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/dbus-1.6.12.tar.gz +SOURCES/dbus-1.10.24.tar.gz diff --git a/SOURCES/00-start-message-bus.sh b/SOURCES/00-start-message-bus.sh index 582b424..41d3a2a 100755 --- a/SOURCES/00-start-message-bus.sh +++ b/SOURCES/00-start-message-bus.sh @@ -9,6 +9,9 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # + +DBUS_SESSION_BUS_ADDRESS=`printenv DBUS_SESSION_BUS_ADDRESS` + if [ -z "$DBUS_SESSION_BUS_ADDRESS" ]; then eval `dbus-launch --sh-syntax --exit-with-session` fi diff --git a/SOURCES/0001-_dbus_babysitter_unref-avoid-infinite-loop-if-waitpi.patch b/SOURCES/0001-_dbus_babysitter_unref-avoid-infinite-loop-if-waitpi.patch deleted file mode 100644 index 358ebac..0000000 --- a/SOURCES/0001-_dbus_babysitter_unref-avoid-infinite-loop-if-waitpi.patch +++ /dev/null @@ -1,48 +0,0 @@ -From a4f11f83a4b8ba8c7feecd37c7606d0d792d7fe6 Mon Sep 17 00:00:00 2001 -From: Simon McVittie -Date: Wed, 4 Sep 2013 17:53:23 +0100 -Subject: [PATCH] _dbus_babysitter_unref: avoid infinite loop if waitpid() - returns EINTR - -If waitpid() failed with EINTR, we'd go back for another go, but -because ret is nonzero, we'd skip the waitpid() and just keep looping. - -Also avoid an unnecessary "goto" in favour of a proper loop, to make it -more clearly correct. - -Bug: https://bugs.freedesktop.org/show_bug.cgi?id=68945 ---- - dbus/dbus-spawn.c | 13 ++++++++----- - 1 file changed, 8 insertions(+), 5 deletions(-) - -diff --git a/dbus/dbus-spawn.c b/dbus/dbus-spawn.c -index ef00801..6e42f55 100644 ---- a/dbus/dbus-spawn.c -+++ b/dbus/dbus-spawn.c -@@ -308,15 +308,18 @@ _dbus_babysitter_unref (DBusBabysitter *sitter) - if (ret == 0) - kill (sitter->sitter_pid, SIGKILL); - -- again: - if (ret == 0) -- ret = waitpid (sitter->sitter_pid, &status, 0); -+ { -+ do -+ { -+ ret = waitpid (sitter->sitter_pid, &status, 0); -+ } -+ while (_DBUS_UNLIKELY (ret < 0 && errno == EINTR)); -+ } - - if (ret < 0) - { -- if (errno == EINTR) -- goto again; -- else if (errno == ECHILD) -+ if (errno == ECHILD) - _dbus_warn ("Babysitter process not available to be reaped; should not happen\n"); - else - _dbus_warn ("Unexpected error %d in waitpid() for babysitter: %s\n", --- -1.8.4.rc3 - diff --git a/SOURCES/0001-bus-raise-fd-limits-before-dropping-privs.patch b/SOURCES/0001-bus-raise-fd-limits-before-dropping-privs.patch new file mode 100644 index 0000000..4da2379 --- /dev/null +++ b/SOURCES/0001-bus-raise-fd-limits-before-dropping-privs.patch @@ -0,0 +1,28 @@ +From 8e3c46c33f32290bc2f205de62a7d9ba01994f72 Mon Sep 17 00:00:00 2001 +From: David King +Date: Wed, 7 Feb 2018 14:37:24 +0000 +Subject: [PATCH] bus: raise fd limits before dropping privs + +https://bugzilla.redhat.com/show_bug.cgi?id=1529044 +--- + bus/bus.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/bus/bus.c b/bus/bus.c +index a6f8db47..4b922a89 100644 +--- a/bus/bus.c ++++ b/bus/bus.c +@@ -940,6 +940,11 @@ bus_context_new (const DBusString *confi + */ + if (context->user != NULL) + { ++ /* Raise the file descriptor limits before dropping the privileges ++ * required to do so. ++ */ ++ raise_file_descriptor_limit (context); ++ + if (!_dbus_change_to_daemon_user (context->user, error)) + { + _DBUS_ASSERT_ERROR_IS_SET (error); +-- +2.14.3 diff --git a/SOURCES/0001-name-test-Don-t-run-test-autolaunch-if-we-don-t-have.patch b/SOURCES/0001-name-test-Don-t-run-test-autolaunch-if-we-don-t-have.patch deleted file mode 100644 index 1f2db48..0000000 --- a/SOURCES/0001-name-test-Don-t-run-test-autolaunch-if-we-don-t-have.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 116f212581c93dba56ce5bc7b3f28237b2940145 Mon Sep 17 00:00:00 2001 -From: Colin Walters -Date: Thu, 18 Jul 2013 15:14:58 -0400 -Subject: [PATCH] name-test: Don't run test-autolaunch if we don't have dbus-launch - -libdbus will look for its compiled-in path to find dbus-launch, and -not find it when running in a buildroot that doesn't have dbus -installed (the typical case for pbuilder/mock). ---- - test/name-test/run-test.sh | 6 +++++- - 1 files changed, 5 insertions(+), 1 deletions(-) - -diff --git a/test/name-test/run-test.sh b/test/name-test/run-test.sh -index cad5937..0bb0aee 100755 ---- a/test/name-test/run-test.sh -+++ b/test/name-test/run-test.sh -@@ -57,4 +57,8 @@ elif ! $PYTHON $DBUS_TOP_SRCDIR/test/name-test/test-activation-forking.py; then - fi - - echo "running test-autolaunch" --${DBUS_TOP_BUILDDIR}/libtool --mode=execute $DEBUG $DBUS_TOP_BUILDDIR/test/name-test/test-autolaunch || die "test-autolaunch failed" -+if which dbus-launch 2>/dev/null; then -+ ${DBUS_TOP_BUILDDIR}/libtool --mode=execute $DEBUG $DBUS_TOP_BUILDDIR/test/name-test/test-autolaunch || die "test-autolaunch failed" -+else -+ echo "Skipping test-autolaunch, no dbus-launch in $PATH" -+fi --- -1.7.1 - diff --git a/SOURCES/0001-test-marshal-Ensure-we-use-suitably-aligned-buffers.patch b/SOURCES/0001-test-marshal-Ensure-we-use-suitably-aligned-buffers.patch deleted file mode 100644 index d7cea52..0000000 --- a/SOURCES/0001-test-marshal-Ensure-we-use-suitably-aligned-buffers.patch +++ /dev/null @@ -1,64 +0,0 @@ -From 1a09d46b3cad370e4bd2c59ec6215fbf65351834 Mon Sep 17 00:00:00 2001 -From: Colin Walters -Date: Wed, 24 Jul 2013 21:48:58 +0100 -Subject: [PATCH] test/marshal: Ensure we use suitably aligned buffers - -This test was failing on s390; though it could fail -on other platforms too. Basically we need to be sure -we're passing at least word-aligned buffers to the -demarshalling code. malloc() will do that for us. ---- - test/marshal.c | 27 ++++++++++++++++++++++----- - 1 file changed, 22 insertions(+), 5 deletions(-) - -diff --git a/test/marshal.c b/test/marshal.c -index e9ac7e3..e65ee7c 100644 ---- a/test/marshal.c -+++ b/test/marshal.c -@@ -27,6 +27,7 @@ - #include - - #include -+#include - - #include - #include -@@ -244,14 +245,30 @@ int - main (int argc, - char **argv) - { -+ int ret; -+ char *aligned_le_blob; -+ char *aligned_be_blob; -+ - g_test_init (&argc, &argv, NULL); - -- g_test_add ("/demarshal/le", Fixture, le_blob, setup, test_endian, teardown); -- g_test_add ("/demarshal/be", Fixture, be_blob, setup, test_endian, teardown); -- g_test_add ("/demarshal/needed/le", Fixture, le_blob, setup, test_needed, -+ /* We have to pass in a buffer that's at least "default aligned", -+ * i.e. on GNU systems to 8 or 16. The linker may have only given -+ * us byte-alignment for the char[] static variables. -+ */ -+ aligned_le_blob = g_malloc (sizeof (le_blob)); -+ memcpy (aligned_le_blob, le_blob, sizeof (le_blob)); -+ aligned_be_blob = g_malloc (sizeof (be_blob)); -+ memcpy (aligned_be_blob, be_blob, sizeof (be_blob)); -+ -+ g_test_add ("/demarshal/le", Fixture, aligned_le_blob, setup, test_endian, teardown); -+ g_test_add ("/demarshal/be", Fixture, aligned_be_blob, setup, test_endian, teardown); -+ g_test_add ("/demarshal/needed/le", Fixture, aligned_le_blob, setup, test_needed, - teardown); -- g_test_add ("/demarshal/needed/be", Fixture, be_blob, setup, test_needed, -+ g_test_add ("/demarshal/needed/be", Fixture, aligned_be_blob, setup, test_needed, - teardown); - -- return g_test_run (); -+ ret = g_test_run (); -+ g_free (aligned_le_blob); -+ g_free (aligned_be_blob); -+ return ret; - } --- -1.8.1.4 - diff --git a/SOURCES/0001-tests-Disable-name-test.patch b/SOURCES/0001-tests-Disable-name-test.patch deleted file mode 100644 index 5693d9f..0000000 --- a/SOURCES/0001-tests-Disable-name-test.patch +++ /dev/null @@ -1,27 +0,0 @@ -From e0034acc5253a443eeb9232b316eb987c44ce3e7 Mon Sep 17 00:00:00 2001 -From: Colin Walters -Date: Mon, 11 Nov 2013 15:55:26 -0500 -Subject: [PATCH] tests: Disable name-test - -This wants to access $DISPLAY, which isn't available in mock. ---- - test/name-test/Makefile.am | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/test/name-test/Makefile.am b/test/name-test/Makefile.am -index 6aaf178..48a9cda 100644 ---- a/test/name-test/Makefile.am -+++ b/test/name-test/Makefile.am -@@ -13,7 +13,8 @@ AM_LDFLAGS = @R_DYNAMIC_LDFLAG@ - ## TESTS - if DBUS_BUILD_TESTS - TESTS_ENVIRONMENT=DBUS_TOP_BUILDDIR=@abs_top_builddir@ DBUS_TOP_SRCDIR=@abs_top_srcdir@ PYTHON=@PYTHON@ --TESTS=run-test.sh run-test-systemserver.sh -+# Disabling due to attempting to access $DISPLAY -+#TESTS=run-test.sh run-test-systemserver.sh - else - TESTS= - endif --- -1.8.3.1 - diff --git a/SOURCES/avoid-undefined-7c00ed22d9b5c33f5b33221e906946b11a9bde3b.patch b/SOURCES/avoid-undefined-7c00ed22d9b5c33f5b33221e906946b11a9bde3b.patch deleted file mode 100644 index 3f13319..0000000 --- a/SOURCES/avoid-undefined-7c00ed22d9b5c33f5b33221e906946b11a9bde3b.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 7c00ed22d9b5c33f5b33221e906946b11a9bde3b Mon Sep 17 00:00:00 2001 -From: DreamNik -Date: Sun, 29 Sep 2013 10:45:58 +0000 -Subject: make_and_run_test_nodes: avoid undefined behaviour - -In code that looks like n[i] = v(&i), where v increments i, C leaves it -undefined whether the old or new value of i is used to locate n[i]. -As it happens, gcc used the pre-increment value of i, but MSVC -used the post-increment value. - -Fix this by inserting a sequence point to disambiguate the intended order. - -Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69924 -Reviewed-by: Chengwei Yang -Reviewed-by: Simon McVittie -[wrote commit message, fixed whitespace -smcv] -Signed-off-by: Simon McVittie ---- -diff --git a/dbus/dbus-marshal-recursive-util.c b/dbus/dbus-marshal-recursive-util.c -index 9512414..a2aaaf9 100644 ---- a/dbus/dbus-marshal-recursive-util.c -+++ b/dbus/dbus-marshal-recursive-util.c -@@ -1785,10 +1785,13 @@ make_and_run_test_nodes (void) - start_next_test ("All values in one big toplevel %d iteration\n", 1); - { - TestTypeNode *nodes[N_VALUES]; -+ TestTypeNode *node; - - i = 0; -- while ((nodes[i] = value_generator (&i))) -- ; -+ while ((node = value_generator (&i))) -+ { -+ nodes[i - 1] = node; -+ } - - run_test_nodes (nodes, N_VALUES); - --- -cgit v0.9.0.2-2-gbebe diff --git a/SOURCES/bindir.patch b/SOURCES/bindir.patch deleted file mode 100644 index c5324fc..0000000 --- a/SOURCES/bindir.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up dbus-1.2.1/bus/messagebus.in.start-early dbus-1.2.1/bus/messagebus.in ---- dbus-1.2.1/bus/messagebus.in.start-early 2008-04-04 11:24:08.000000000 -0400 -+++ dbus-1.2.1/bus/messagebus.in 2008-07-18 19:50:19.000000000 -0400 -@@ -21,7 +21,7 @@ - ### END INIT INFO - - # Sanity checks. --[ -x @EXPANDED_BINDIR@/dbus-daemon ] || exit 0 -+[ -x /bin/dbus-daemon ] || exit 0 - - # Source function library. - . @EXPANDED_SYSCONFDIR@/rc.d/init.d/functions diff --git a/SOURCES/dbus-1.10.22-reduce-session-conf-fd-limits.patch b/SOURCES/dbus-1.10.22-reduce-session-conf-fd-limits.patch new file mode 100644 index 0000000..16edb9b --- /dev/null +++ b/SOURCES/dbus-1.10.22-reduce-session-conf-fd-limits.patch @@ -0,0 +1,28 @@ +From f988e7327e5d8f372cc0c7d1478d12a74be113d3 Mon Sep 17 00:00:00 2001 +From: David King +Date: Fri, 15 Sep 2017 14:01:53 +0100 +Subject: [PATCH] Reduce default session bus max fd limits + +https://bugzilla.redhat.com/show_bug.cgi?id=1133732 +--- + bus/session.conf.in | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/bus/session.conf.in b/bus/session.conf.in +index affa7f1d..294a051d 100644 +--- a/bus/session.conf.in ++++ b/bus/session.conf.in +@@ -69,8 +69,8 @@ + 120000 + 240000 + 150000 +- 100000 +- 10000 ++ 900 ++ 92 + 100000 + 10000 + 50000 +-- +2.13.5 + diff --git a/SOURCES/dbus-1.10.24-dbus-send-man-page-typo.patch b/SOURCES/dbus-1.10.24-dbus-send-man-page-typo.patch new file mode 100644 index 0000000..7d3724b --- /dev/null +++ b/SOURCES/dbus-1.10.24-dbus-send-man-page-typo.patch @@ -0,0 +1,27 @@ +From b98c85f2803434eec3192cdc3e9e86425fe33428 Mon Sep 17 00:00:00 2001 +From: David King +Date: Tue, 3 Oct 2017 13:34:03 +0100 +Subject: [PATCH] doc: Fix dbus-send.1 uint16 typo + +https://bugs.freedesktop.org/show_bug.cgi?id=103075 +https://bugzilla.redhat.com/show_bug.cgi?id=1467415 +--- + doc/dbus-send.1.xml.in | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/doc/dbus-send.1.xml.in b/doc/dbus-send.1.xml.in +index 67b6dfd2..271435ca 100644 +--- a/doc/dbus-send.1.xml.in ++++ b/doc/dbus-send.1.xml.in +@@ -65,7 +65,7 @@ may include containers (arrays, dicts, and variants) as described below. + <array> ::= array:<type>:<value>[,<value>...] + <dict> ::= dict:<type>:<type>:<key>,<value>[,<key>,<value>...] + <variant> ::= variant:<type>:<value> +-<type> ::= string | int16 | uint 16 | int32 | uint32 | int64 | uint64 | double | byte | boolean | objpath ++<type> ::= string | int16 | uint16 | int32 | uint32 | int64 | uint64 | double | byte | boolean | objpath + + + D-Bus supports more types than these, but dbus-send currently +-- +2.13.6 + diff --git a/SOURCES/dbus-1.10.24-mls-listnames.patch b/SOURCES/dbus-1.10.24-mls-listnames.patch new file mode 100644 index 0000000..54fb08f --- /dev/null +++ b/SOURCES/dbus-1.10.24-mls-listnames.patch @@ -0,0 +1,268 @@ +diff -urN dbus-1.10.24.old/bus/driver.c dbus-1.10.24/bus/driver.c +--- dbus-1.10.24.old/bus/driver.c 2017-09-25 16:20:08.000000000 +0100 ++++ dbus-1.10.24/bus/driver.c 2018-02-13 10:15:09.570439595 +0000 +@@ -555,6 +555,9 @@ + char **services; + BusRegistry *registry; + int i; ++#ifdef HAVE_SELINUX ++ dbus_bool_t mls_enabled; ++#endif + DBusMessageIter iter; + DBusMessageIter sub; + +@@ -601,9 +604,58 @@ + } + } + ++#ifdef HAVE_SELINUX ++ mls_enabled = bus_selinux_mls_enabled (); ++#endif + i = 0; + while (i < len) + { ++#ifdef HAVE_SELINUX ++ if (mls_enabled) ++ { ++ const char *requester; ++ BusService *service; ++ DBusString str; ++ DBusConnection *service_conn; ++ DBusConnection *requester_conn; ++ ++ requester = dbus_message_get_destination (reply); ++ _dbus_string_init_const (&str, requester); ++ service = bus_registry_lookup (registry, &str); ++ ++ if (service == NULL) ++ { ++ _dbus_warn_check_failed ("service lookup failed: %s", requester); ++ ++i; ++ continue; ++ } ++ requester_conn = bus_service_get_primary_owners_connection (service); ++ _dbus_string_init_const (&str, services[i]); ++ service = bus_registry_lookup (registry, &str); ++ if (service == NULL) ++ { ++ _dbus_warn_check_failed ("service lookup failed: %s", services[i]); ++ ++i; ++ continue; ++ } ++ service_conn = bus_service_get_primary_owners_connection (service); ++ ++ if (!bus_selinux_allows_name (requester_conn, service_conn, error)) ++ { ++ if (dbus_error_is_set (error) && ++ dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY)) ++ { ++ dbus_free_string_array (services); ++ dbus_message_unref (reply); ++ return FALSE; ++ } ++ ++ /* Skip any services which are disallowed by SELinux policy. */ ++ ++i; ++ continue; ++ } ++ } ++#endif + if (!dbus_message_iter_append_basic (&sub, DBUS_TYPE_STRING, + &services[i])) + { +diff -urN dbus-1.10.24.old/bus/selinux.c dbus-1.10.24/bus/selinux.c +--- dbus-1.10.24.old/bus/selinux.c 2017-07-28 07:24:16.000000000 +0100 ++++ dbus-1.10.24/bus/selinux.c 2018-02-13 10:35:14.311477447 +0000 +@@ -61,6 +61,9 @@ + /* Store the value telling us if SELinux is enabled in the kernel. */ + static dbus_bool_t selinux_enabled = FALSE; + ++/* Store the value telling us if SELinux with MLS is enabled in the kernel. */ ++static dbus_bool_t selinux_mls_enabled = FALSE; ++ + /* Store an avc_entry_ref to speed AVC decisions. */ + static struct avc_entry_ref aeref; + +@@ -273,6 +276,20 @@ + } + + /** ++ * Return whether or not SELinux with MLS support is enabled; must be ++ * called after bus_selinux_init. ++ */ ++dbus_bool_t ++bus_selinux_mls_enabled (void) ++{ ++#ifdef HAVE_SELINUX ++ return selinux_mls_enabled; ++#else ++ return FALSE; ++#endif /* HAVE_SELINUX */ ++} ++ ++/** + * Do early initialization; determine whether SELinux is enabled. + */ + dbus_bool_t +@@ -292,6 +309,16 @@ + } + + selinux_enabled = r != 0; ++ ++ r = is_selinux_mls_enabled (); ++ if (r < 0) ++ { ++ _dbus_warn ("Could not tell if SELinux MLS is enabled: %s\n", ++ _dbus_strerror (errno)); ++ return FALSE; ++ } ++ ++ selinux_mls_enabled = r != 0; + return TRUE; + #else + return TRUE; +@@ -304,14 +331,18 @@ + */ + /* security dbus class constants */ + #define SECCLASS_DBUS 1 ++#define SECCLASS_CONTEXT 2 + + /* dbus's per access vector constants */ + #define DBUS__ACQUIRE_SVC 1 + #define DBUS__SEND_MSG 2 + ++#define CONTEXT__CONTAINS 1 ++ + #ifdef HAVE_SELINUX + static struct security_class_mapping dbus_map[] = { + { "dbus", { "acquire_svc", "send_msg", NULL } }, ++ { "context", { "contains", NULL } }, + { NULL } + }; + #endif /* HAVE_SELINUX */ +@@ -734,6 +765,102 @@ + #endif /* HAVE_SELINUX */ + + /** ++ * Check if SELinux security controls allow one connection to determine the ++ * name of the other, taking into account MLS considerations. ++ * ++ * @param source the requester of the name. ++ * @param destination the name being requested. ++ * @returns whether the name should be visible by the source of the request ++ */ ++dbus_bool_t ++bus_selinux_allows_name (DBusConnection *source, ++ DBusConnection *destination, ++ DBusError *error) ++{ ++#ifdef HAVE_SELINUX ++ int err; ++ char *policy_type; ++ unsigned long spid, tpid; ++ BusSELinuxID *source_sid; ++ BusSELinuxID *dest_sid; ++ dbus_bool_t ret; ++ dbus_bool_t string_alloced; ++ DBusString auxdata; ++ ++ if (!selinux_mls_enabled) ++ return TRUE; ++ ++ err = selinux_getpolicytype (&policy_type); ++ if (err < 0) ++ { ++ dbus_set_error_const (error, DBUS_ERROR_IO_ERROR, ++ "Failed to get SELinux policy type"); ++ return FALSE; ++ } ++ ++ /* Only check against MLS policy if running under that policy. */ ++ if (strcmp (policy_type, "mls") != 0) ++ { ++ free (policy_type); ++ return TRUE; ++ } ++ ++ free (policy_type); ++ ++ _dbus_assert (source != NULL); ++ _dbus_assert (destination != NULL); ++ ++ if (!source || !dbus_connection_get_unix_process_id (source, &spid)) ++ spid = 0; ++ if (!destination || !dbus_connection_get_unix_process_id (destination, &tpid)) ++ tpid = 0; ++ ++ string_alloced = FALSE; ++ if (!_dbus_string_init (&auxdata)) ++ goto oom; ++ string_alloced = TRUE; ++ ++ if (spid) ++ { ++ if (!_dbus_string_append (&auxdata, " spid=")) ++ goto oom; ++ ++ if (!_dbus_string_append_uint (&auxdata, spid)) ++ goto oom; ++ } ++ ++ if (tpid) ++ { ++ if (!_dbus_string_append (&auxdata, " tpid=")) ++ goto oom; ++ ++ if (!_dbus_string_append_uint (&auxdata, tpid)) ++ goto oom; ++ } ++ ++ source_sid = bus_connection_get_selinux_id (source); ++ dest_sid = bus_connection_get_selinux_id (destination); ++ ++ ret = bus_selinux_check (source_sid, ++ dest_sid, ++ SECCLASS_CONTEXT, ++ CONTEXT__CONTAINS, ++ &auxdata); ++ ++ _dbus_string_free (&auxdata); ++ return ret; ++ ++ oom: ++ if (string_alloced) ++ _dbus_string_free (&auxdata); ++ BUS_SET_OOM (error); ++ return FALSE; ++#else ++ return TRUE; ++#endif /* HAVE_SELINUX */ ++} ++ ++/** + * Read the SELinux ID from the connection. + * + * @param connection the connection to read from +Binary files dbus-1.10.24.old/bus/.selinux.c.swp and dbus-1.10.24/bus/.selinux.c.swp differ +diff -urN dbus-1.10.24.old/bus/selinux.h dbus-1.10.24/bus/selinux.h +--- dbus-1.10.24.old/bus/selinux.h 2017-07-28 07:24:16.000000000 +0100 ++++ dbus-1.10.24/bus/selinux.h 2018-02-13 10:15:09.573439444 +0000 +@@ -32,6 +32,7 @@ + void bus_selinux_shutdown (void); + + dbus_bool_t bus_selinux_enabled (void); ++dbus_bool_t bus_selinux_mls_enabled (void); + + void bus_selinux_id_ref (BusSELinuxID *sid); + void bus_selinux_id_unref (BusSELinuxID *sid); +@@ -54,6 +55,10 @@ + const char *service_name, + DBusError *error); + ++dbus_bool_t bus_selinux_allows_name (DBusConnection *source, ++ DBusConnection *destination, ++ DBusError *error); ++ + dbus_bool_t bus_selinux_allows_send (DBusConnection *sender, + DBusConnection *proposed_recipient, + const char *msgtype, /* Supplementary audit data */ diff --git a/SOURCES/dbus-1.6.12-avoid-corrupting-multiple-fds.patch b/SOURCES/dbus-1.6.12-avoid-corrupting-multiple-fds.patch deleted file mode 100644 index ec49262..0000000 --- a/SOURCES/dbus-1.6.12-avoid-corrupting-multiple-fds.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 07f4c12efe3b9bd45d109bc5fbaf6d9dbf69d78e Mon Sep 17 00:00:00 2001 -From: Simon McVittie -Date: Wed, 11 Jun 2014 12:24:20 +0100 -Subject: If loader contains two messages with fds, don't corrupt the second - -There were two bugs here: we would previously overwrite the unused -fds with the already-used fds instead of the other way round, and -we would copy n bytes where we should have copied n ints. - -Additionally, sending crafted messages in a chosen sequence to a victim -system service could cause an invalid file descriptor to be present -when dbus-daemon tries to forward one of those crafted messages to the -victim, causing sendmsg() to fail with EBADF, which resulted in -disconnecting the victim service, which would likely respond to that -by exiting. This is a denial of service (fd.o #80469, CVE-2014-3533). - -Bug: https://bugs.freedesktop.org/show_bug.cgi?id=79694 -Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80469 -Reviewed-by: Alban Crequy - -diff --git a/dbus/dbus-message.c b/dbus/dbus-message.c -index c6953d0..78df755 100644 ---- a/dbus/dbus-message.c -+++ b/dbus/dbus-message.c -@@ -4204,7 +4204,7 @@ load_message (DBusMessageLoader *loader, - - message->n_unix_fds_allocated = message->n_unix_fds = n_unix_fds; - loader->n_unix_fds -= n_unix_fds; -- memmove(loader->unix_fds + n_unix_fds, loader->unix_fds, loader->n_unix_fds); -+ memmove (loader->unix_fds, loader->unix_fds + n_unix_fds, loader->n_unix_fds * sizeof (loader->unix_fds[0])); - } - else - message->unix_fds = NULL; --- -cgit v0.10.2 - diff --git a/SOURCES/dbus-1.6.12-avoid-hardcoded-selinux-constants.patch b/SOURCES/dbus-1.6.12-avoid-hardcoded-selinux-constants.patch deleted file mode 100644 index 91e3f6d..0000000 --- a/SOURCES/dbus-1.6.12-avoid-hardcoded-selinux-constants.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 4b4747fe3533a6a34a901ec6cf1a99cef9f1dd2b Mon Sep 17 00:00:00 2001 -From: osmond sun -Date: Wed, 6 Nov 2013 00:53:18 +0800 -Subject: [PATCH 1/2] selinux: Use selinux_set_mapping() to avoid hardcoded - constants for policy - -Previous to the introduction of selinux_set_mapping(), DBus pulled -constants generated from the system's policy at build time. But this -means it's impossible to replace the system policy without rebuilding -userspace components. - -This patch maps from arbitrary class/perm indices used by D-Bus and -the policy values and handles all the translation at runtime on -avc_has_perm() calls. - -Bug: https://bugs.freedesktop.org/attachment.cgi?id=88719 -Reviewed-By: Colin Walters -Tested-By: Colin Walters ---- - bus/bus.c | 2 +- - bus/selinux.c | 30 +++++++++++++++++++++++++++--- - 2 files changed, 28 insertions(+), 4 deletions(-) - -diff --git a/bus/bus.c b/bus/bus.c -index 59274ee..f4fad5b 100644 ---- a/bus/bus.c -+++ b/bus/bus.c -@@ -902,7 +902,7 @@ bus_context_new (const DBusString *config_file, - - if (!bus_selinux_full_init ()) - { -- bus_context_log (context, DBUS_SYSTEM_LOG_FATAL, "SELinux enabled but AVC initialization failed; check system log\n"); -+ bus_context_log (context, DBUS_SYSTEM_LOG_FATAL, "SELinux enabled but D-Bus initialization failed; check system log\n"); - } - - if (!process_config_postinit (context, parser, error)) -diff --git a/bus/selinux.c b/bus/selinux.c -index 6442b79..9a1d4b4 100644 ---- a/bus/selinux.c -+++ b/bus/selinux.c -@@ -44,8 +44,6 @@ - #include - #include - #include --#include --#include - #include - #include - #include -@@ -341,8 +339,27 @@ bus_selinux_pre_init (void) - #endif - } - -+/* -+ * Private Flask definitions; the order of these constants must -+ * exactly match that of the structure array below! -+ */ -+/* security dbus class constants */ -+#define SECCLASS_DBUS 1 -+ -+/* dbus's per access vector constants */ -+#define DBUS__ACQUIRE_SVC 1 -+#define DBUS__SEND_MSG 2 -+ -+#ifdef HAVE_SELINUX -+static struct security_class_mapping dbus_map[] = { -+ { "dbus", { "acquire_svc", "send_msg", NULL } }, -+ { NULL } -+}; -+#endif /* HAVE_SELINUX */ -+ - /** -- * Initialize the user space access vector cache (AVC) for D-Bus and set up -+ * Establish dynamic object class and permission mapping and -+ * initialize the user space access vector cache (AVC) for D-Bus and set up - * logging callbacks. - */ - dbus_bool_t -@@ -361,6 +378,13 @@ bus_selinux_full_init (void) - - _dbus_verbose ("SELinux is enabled in this kernel.\n"); - -+ if (selinux_set_mapping (dbus_map) < 0) -+ { -+ _dbus_warn ("Failed to set up security class mapping (selinux_set_mapping():%s).\n", -+ strerror (errno)); -+ return FALSE; -+ } -+ - avc_entry_ref_init (&aeref); - if (avc_init ("avc", &mem_cb, &log_cb, &thread_cb, &lock_cb) < 0) - { --- -2.7.4 - - -From 1859b1e672ca2cbcc05b43cf20aba3df2ca48317 Mon Sep 17 00:00:00 2001 -From: David King -Date: Mon, 8 Aug 2016 13:25:14 +0200 -Subject: [PATCH 2/2] Rebase MLS change against new SELinux checks - -https://bugzilla.redhat.com/show_bug.cgi?id=1364485 ---- - bus/selinux.c | 4 ++++ - 1 file changed, 4 insertions(+) - -diff --git a/bus/selinux.c b/bus/selinux.c -index 9a1d4b4..2fb4a8b 100644 ---- a/bus/selinux.c -+++ b/bus/selinux.c -@@ -345,14 +345,18 @@ bus_selinux_pre_init (void) - */ - /* security dbus class constants */ - #define SECCLASS_DBUS 1 -+#define SECCLASS_CONTEXT 2 - - /* dbus's per access vector constants */ - #define DBUS__ACQUIRE_SVC 1 - #define DBUS__SEND_MSG 2 - -+#define CONTEXT__CONTAINS 1 -+ - #ifdef HAVE_SELINUX - static struct security_class_mapping dbus_map[] = { - { "dbus", { "acquire_svc", "send_msg", NULL } }, -+ { "context", { "contains", NULL } }, - { NULL } - }; - #endif /* HAVE_SELINUX */ --- -2.7.4 - diff --git a/SOURCES/dbus-1.6.12-mls-listnames.patch b/SOURCES/dbus-1.6.12-mls-listnames.patch deleted file mode 100644 index f648f86..0000000 --- a/SOURCES/dbus-1.6.12-mls-listnames.patch +++ /dev/null @@ -1,266 +0,0 @@ -From 8b74179ee31652bbaaf979777b9e829b426053ef Mon Sep 17 00:00:00 2001 -From: David King -Date: Tue, 4 Nov 2014 10:10:36 +0000 -Subject: [PATCH] selinux: Check ListNames permissions with MLS - -https://bugzilla.redhat.com/show_bug.cgi?id=1118399 ---- - bus/driver.c | 52 +++++++++++++++++++++++++ - bus/selinux.c | 123 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ - bus/selinux.h | 5 +++ - 3 files changed, 180 insertions(+) - -diff --git a/bus/driver.c b/bus/driver.c -index 574e0f3..20cc940 100644 ---- a/bus/driver.c -+++ b/bus/driver.c -@@ -379,6 +379,9 @@ bus_driver_handle_list_services (DBusConnection *connection, - char **services; - BusRegistry *registry; - int i; -+#ifdef HAVE_SELINUX -+ dbus_bool_t mls_enabled; -+#endif - DBusMessageIter iter; - DBusMessageIter sub; - -@@ -425,9 +428,58 @@ bus_driver_handle_list_services (DBusConnection *connection, - } - } - -+#ifdef HAVE_SELINUX -+ mls_enabled = bus_selinux_mls_enabled (); -+#endif - i = 0; - while (i < len) - { -+#ifdef HAVE_SELINUX -+ if (mls_enabled) -+ { -+ const char *requester; -+ BusService *service; -+ DBusString str; -+ DBusConnection *service_conn; -+ DBusConnection *requester_conn; -+ -+ requester = dbus_message_get_destination (reply); -+ _dbus_string_init_const (&str, requester); -+ service = bus_registry_lookup (registry, &str); -+ -+ if (service == NULL) -+ { -+ _dbus_warn_check_failed ("service lookup failed: %s", requester); -+ ++i; -+ continue; -+ } -+ requester_conn = bus_service_get_primary_owners_connection (service); -+ _dbus_string_init_const (&str, services[i]); -+ service = bus_registry_lookup (registry, &str); -+ if (service == NULL) -+ { -+ _dbus_warn_check_failed ("service lookup failed: %s", services[i]); -+ ++i; -+ continue; -+ } -+ service_conn = bus_service_get_primary_owners_connection (service); -+ -+ if (!bus_selinux_allows_name (requester_conn, service_conn, error)) -+ { -+ if (dbus_error_is_set (error) && -+ dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY)) -+ { -+ dbus_free_string_array (services); -+ dbus_message_unref (reply); -+ return FALSE; -+ } -+ -+ /* Skip any services which are disallowed by SELinux policy. */ -+ ++i; -+ continue; -+ } -+ } -+#endif - if (!dbus_message_iter_append_basic (&sub, DBUS_TYPE_STRING, - &services[i])) - { -diff --git a/bus/selinux.c b/bus/selinux.c -index 36287e9..6442b79 100644 ---- a/bus/selinux.c -+++ b/bus/selinux.c -@@ -63,6 +63,9 @@ - /* Store the value telling us if SELinux is enabled in the kernel. */ - static dbus_bool_t selinux_enabled = FALSE; - -+/* Store the value telling us if SELinux with MLS is enabled in the kernel. */ -+static dbus_bool_t selinux_mls_enabled = FALSE; -+ - /* Store an avc_entry_ref to speed AVC decisions. */ - static struct avc_entry_ref aeref; - -@@ -289,6 +292,20 @@ bus_selinux_enabled (void) - } - - /** -+ * Return whether or not SELinux with MLS support is enabled; must be -+ * called after bus_selinux_init. -+ */ -+dbus_bool_t -+bus_selinux_mls_enabled (void) -+{ -+#ifdef HAVE_SELINUX -+ return selinux_mls_enabled; -+#else -+ return FALSE; -+#endif /* HAVE_SELINUX */ -+} -+ -+/** - * Do early initialization; determine whether SELinux is enabled. - */ - dbus_bool_t -@@ -308,6 +325,16 @@ bus_selinux_pre_init (void) - } - - selinux_enabled = r != 0; -+ -+ r = is_selinux_mls_enabled (); -+ if (r < 0) -+ { -+ _dbus_warn ("Could not tell if SELinux MLS is enabled: %s\n", -+ _dbus_strerror (errno)); -+ return FALSE; -+ } -+ -+ selinux_mls_enabled = r != 0; - return TRUE; - #else - return TRUE; -@@ -724,6 +751,102 @@ bus_connection_read_selinux_context (DBusConnection *connection, - #endif /* HAVE_SELINUX */ - - /** -+ * Check if SELinux security controls allow one connection to determine the -+ * name of the other, taking into account MLS considerations. -+ * -+ * @param source the requester of the name. -+ * @param destination the name being requested. -+ * @returns whether the name should be visible by the source of the request -+ */ -+dbus_bool_t -+bus_selinux_allows_name (DBusConnection *source, -+ DBusConnection *destination, -+ DBusError *error) -+{ -+#ifdef HAVE_SELINUX -+ int err; -+ char *policy_type; -+ unsigned long spid, tpid; -+ BusSELinuxID *source_sid; -+ BusSELinuxID *dest_sid; -+ dbus_bool_t ret; -+ dbus_bool_t string_alloced; -+ DBusString auxdata; -+ -+ if (!selinux_mls_enabled) -+ return TRUE; -+ -+ err = selinux_getpolicytype (&policy_type); -+ if (err < 0) -+ { -+ dbus_set_error_const (error, DBUS_ERROR_IO_ERROR, -+ "Failed to get SELinux policy type"); -+ return FALSE; -+ } -+ -+ /* Only check against MLS policy if running under that policy. */ -+ if (strcmp (policy_type, "mls") != 0) -+ { -+ free (policy_type); -+ return TRUE; -+ } -+ -+ free (policy_type); -+ -+ _dbus_assert (source != NULL); -+ _dbus_assert (destination != NULL); -+ -+ if (!source || !dbus_connection_get_unix_process_id (source, &spid)) -+ spid = 0; -+ if (!destination || !dbus_connection_get_unix_process_id (destination, &tpid)) -+ tpid = 0; -+ -+ string_alloced = FALSE; -+ if (!_dbus_string_init (&auxdata)) -+ goto oom; -+ string_alloced = TRUE; -+ -+ if (spid) -+ { -+ if (!_dbus_string_append (&auxdata, " spid=")) -+ goto oom; -+ -+ if (!_dbus_string_append_uint (&auxdata, spid)) -+ goto oom; -+ } -+ -+ if (tpid) -+ { -+ if (!_dbus_string_append (&auxdata, " tpid=")) -+ goto oom; -+ -+ if (!_dbus_string_append_uint (&auxdata, tpid)) -+ goto oom; -+ } -+ -+ source_sid = bus_connection_get_selinux_id (source); -+ dest_sid = bus_connection_get_selinux_id (destination); -+ -+ ret = bus_selinux_check (source_sid, -+ dest_sid, -+ SECCLASS_CONTEXT, -+ CONTEXT__CONTAINS, -+ &auxdata); -+ -+ _dbus_string_free (&auxdata); -+ return ret; -+ -+ oom: -+ if (string_alloced) -+ _dbus_string_free (&auxdata); -+ BUS_SET_OOM (error); -+ return FALSE; -+#else -+ return TRUE; -+#endif /* HAVE_SELINUX */ -+} -+ -+/** - * Read the SELinux ID from the connection. - * - * @param connection the connection to read from -diff --git a/bus/selinux.h b/bus/selinux.h -index 3bab36d..fcaac5f 100644 ---- a/bus/selinux.h -+++ b/bus/selinux.h -@@ -32,6 +32,7 @@ dbus_bool_t bus_selinux_full_init(void); - void bus_selinux_shutdown (void); - - dbus_bool_t bus_selinux_enabled (void); -+dbus_bool_t bus_selinux_mls_enabled (void); - - void bus_selinux_id_ref (BusSELinuxID *sid); - void bus_selinux_id_unref (BusSELinuxID *sid); -@@ -54,6 +55,10 @@ dbus_bool_t bus_selinux_allows_acquire_service (DBusConnection *connection, - const char *service_name, - DBusError *error); - -+dbus_bool_t bus_selinux_allows_name (DBusConnection *source, -+ DBusConnection *destination, -+ DBusError *error); -+ - dbus_bool_t bus_selinux_allows_send (DBusConnection *sender, - DBusConnection *proposed_recipient, - const char *msgtype, /* Supplementary audit data */ --- -2.1.0 - diff --git a/SOURCES/dbus-1.6.12-reduce-session-conf-fd-limits.patch b/SOURCES/dbus-1.6.12-reduce-session-conf-fd-limits.patch deleted file mode 100644 index e6c26e5..0000000 --- a/SOURCES/dbus-1.6.12-reduce-session-conf-fd-limits.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -urN dbus-1.6.12.old/bus/session.conf.in dbus-1.6.12/bus/session.conf.in ---- dbus-1.6.12.old/bus/session.conf.in 2013-02-12 11:45:32.000000000 +0000 -+++ dbus-1.6.12/bus/session.conf.in 2015-02-10 19:28:00.203226659 +0000 -@@ -52,8 +52,8 @@ - 4096 - 120000 - 240000 -- 100000 -- 10000 -+ 900 -+ 92 - 100000 - 10000 - 50000 diff --git a/SOURCES/dbus-1.6.12-refresh-man-pages-and-dbus-launch-help.patch b/SOURCES/dbus-1.6.12-refresh-man-pages-and-dbus-launch-help.patch deleted file mode 100644 index 6249055..0000000 --- a/SOURCES/dbus-1.6.12-refresh-man-pages-and-dbus-launch-help.patch +++ /dev/null @@ -1,66 +0,0 @@ -diff -urN dbus-1.6.12.old/doc/dbus-launch.1 dbus-1.6.12/doc/dbus-launch.1 ---- dbus-1.6.12.old/doc/dbus-launch.1 2012-08-13 19:08:25.000000000 +0100 -+++ dbus-1.6.12/doc/dbus-launch.1 2015-05-29 13:32:50.450058799 +0100 -@@ -7,7 +7,7 @@ - dbus\-launch \- Utility to start a message bus from a shell script - .SH SYNOPSIS - .PP --.B dbus\-launch [\-\-version] [\-\-sh\-syntax] [\-\-csh\-syntax] [\-\-auto\-syntax] [\-\-exit\-with\-session] [\-\-autolaunch=MACHINEID] [\-\-config\-file=FILENAME] [PROGRAM] [ARGS...] -+.B dbus\-launch [\-\-version] [\-\-help] [\-\-sh\-syntax] [\-\-csh\-syntax] [\-\-auto\-syntax] [\-\-binary\-syntax] [\-\-close\-stderr] [\-\-exit\-with\-session] [\-\-autolaunch=MACHINEID] [\-\-config\-file=FILENAME] [PROGRAM] [ARGS...] - - .SH DESCRIPTION - -@@ -190,6 +190,10 @@ - .I "\-\-version" - Print the version of dbus\-launch - -+.TP -+.I "\-\-help" -+Print the help info of dbus\-launch -+ - .SH NOTES - - If you run -diff -urN dbus-1.6.12.old/doc/dbus-send.1 dbus-1.6.12/doc/dbus-send.1 ---- dbus-1.6.12.old/doc/dbus-send.1 2012-06-06 11:45:55.000000000 +0100 -+++ dbus-1.6.12/doc/dbus-send.1 2015-05-29 13:21:58.335924252 +0100 -@@ -8,7 +8,8 @@ - .SH SYNOPSIS - .PP - .B dbus\-send --[\fB\-\-system\fP | \fB\-\-session\fP] -+[\fB\-\-help\fP] -+[\fB\-\-system\fP | \fB\-\-session\fP | \fB\-\-address=\fIADDRESS\fP] - [\fB\-\-dest=\fINAME\fP] - [\fB\-\-print\-reply\fP[\fB=literal\fP]] - [\fB\-\-reply\-timeout=\fIMSEC\fP] -@@ -98,8 +99,14 @@ - .B "\-\-session" - Send to the session message bus. (This is the default.) - .TP -+.BI \-\-address= ADDRESS -+Send to \fIADDRESS\fP. -+.TP - .BI \-\-type= TYPE - Specify \fBmethod_call\fP or \fBsignal\fP (defaults to "\fBsignal\fP"). -+.TP -+.B "\-\-help" -+Print the help info of dbus\-send. - - .SH AUTHOR - dbus\-send was written by Philip Blundell. -diff -urN dbus-1.6.12.old/tools/dbus-launch.c dbus-1.6.12/tools/dbus-launch.c ---- dbus-1.6.12.old/tools/dbus-launch.c 2013-06-12 13:55:29.000000000 +0100 -+++ dbus-1.6.12/tools/dbus-launch.c 2015-05-29 13:36:25.645035413 +0100 -@@ -181,7 +181,10 @@ - static void - usage (int ecode) - { -- fprintf (stderr, "dbus-launch [--version] [--help] [--sh-syntax] [--csh-syntax] [--auto-syntax] [--exit-with-session]\n"); -+ fprintf (stderr, "dbus-launch [--version] [--help] [--sh-syntax]" -+ " [--csh-syntax] [--auto-syntax] [--binary-syntax] [--close-stderr]" -+ " [--exit-with-session] [--autolaunch=MACHINEID]" -+ " [--config-file=FILENAME] [PROGRAM] [ARGS...]\n"); - exit (ecode); - } - diff --git a/SPECS/dbus.spec b/SPECS/dbus.spec index ba92e0a..886583d 100644 --- a/SPECS/dbus.spec +++ b/SPECS/dbus.spec @@ -1,26 +1,47 @@ %global _hardened_build 1 +%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} -%define gettext_package dbus +%global gettext_package dbus-1 -%define expat_version 1.95.5 -%define libselinux_version 1.15.2 +%global expat_version 1.95.5 +%global libselinux_version 1.15.2 -%define dbus_user_uid 81 +%global dbus_user_uid 81 -%define dbus_common_config_opts --enable-libaudit --enable-selinux=yes --with-init-scripts=redhat --with-system-pid-file=%{_localstatedir}/run/messagebus.pid --with-dbus-user=dbus --libdir=/%{_lib} --bindir=/bin --sysconfdir=/etc --exec-prefix=/ --libexecdir=/%{_lib}/dbus-1 --with-systemdsystemunitdir=/lib/systemd/system/ --enable-doxygen-docs --enable-xml-docs --disable-silent-rules +%global dbus_common_config_opts --enable-libaudit --enable-selinux=yes --with-init-scripts=redhat --with-system-socket=/run/dbus/system_bus_socket --with-system-pid-file=/run/dbus/messagebus.pid --with-dbus-user=dbus --libexecdir=/%{_libexecdir}/dbus-1 --docdir=%{_pkgdocdir} --enable-installed-tests +# Allow extra dependencies required for some tests to be disabled. +%bcond_without tests +# Disabled in June 2014: http://lists.freedesktop.org/archives/dbus/2014-June/016223.html +%bcond_with check + +Name: dbus +Epoch: 1 +Version: 1.10.24 +Release: 7%{?dist} Summary: D-BUS message bus -Name: dbus -Epoch: 1 -Version: 1.6.12 -Release: 17%{?dist} -URL: http://www.freedesktop.org/software/dbus/ -#VCS: git:git://git.freedesktop.org/git/dbus/dbus -Source0: http://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.gz -Source2: 00-start-message-bus.sh -License: GPLv2+ or AFL -Group: System Environment/Libraries -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +Group: System Environment/Libraries +# The effective license of the majority of the package, including the shared +# library, is "GPL-2+ or AFL-2.1". Certain utilities are "GPL-2+" only. +License: (GPLv2+ or AFL) and GPLv2+ +URL: http://www.freedesktop.org/Software/dbus/ +#VCS: git:git://git.freedesktop.org/git/dbus/dbus +Source0: http://dbus.freedesktop.org/releases/%{name}/%{name}-%{version}.tar.gz +Source1: 00-start-message-bus.sh + +# https://bugzilla.redhat.com/show_bug.cgi?id=1118399 +Patch0: dbus-1.10.24-mls-listnames.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1183755 +Patch1: dbus-1.6.12-auth-process-ok-message-dispatch-test-fix.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1133732 +Patch2: dbus-1.10.22-reduce-session-conf-fd-limits.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1356141 +Patch3: dbus-1.6.12-avoid-selinux-context-translation.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1467415 +Patch4: dbus-1.10.24-dbus-send-man-page-typo.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1529044 +Patch5: 0001-bus-raise-fd-limits-before-dropping-privs.patch BuildRequires: libtool BuildRequires: expat-devel >= %{expat_version} @@ -28,48 +49,37 @@ BuildRequires: libselinux-devel >= %{libselinux_version} BuildRequires: audit-libs-devel >= 0.9 BuildRequires: libX11-devel BuildRequires: libcap-ng-devel -BuildRequires: gettext +BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(systemd) BuildRequires: doxygen +# For building XML documentation. +BuildRequires: /usr/bin/xsltproc BuildRequires: xmlto -BuildRequires: libxslt -BuildRequires: systemd-units -Requires(post): systemd-units chkconfig -Requires(preun): systemd-units -Requires(postun): systemd-units -Requires: libselinux%{?_isa} >= %{libselinux_version} -Requires: dbus-libs%{?_isa} = %{epoch}:%{version}-%{release} + +#For macroized scriptlets. +Requires(post): systemd +Requires(preun): systemd +Requires(postun): systemd +BuildRequires: systemd + +Requires: libselinux%{?_isa} >= %{libselinux_version} +Requires: dbus-libs%{?_isa} = %{epoch}:%{version}-%{release} Requires(pre): /usr/sbin/useradd -# Note: These is only required for --enable-tests; when bootstrapping, -# you can remove this and drop the --enable-tests configure argument. +# Note: These is only required for --with-tests; when bootstrapping, you can +# pass --without-tests. +%if %{with tests} BuildRequires: pkgconfig(gio-2.0) -BuildRequires: pkgconfig(dbus-glib-1) BuildRequires: dbus-python -BuildRequires: pygobject2 +BuildRequires: pygobject3 +%endif +%if %{with check} BuildRequires: /usr/bin/Xvfb +%endif -# FIXME this should be upstreamed; need --daemon-bindir=/bin and --bindir=/usr/bin or something? -Patch0: bindir.patch -Patch1: 0001-name-test-Don-t-run-test-autolaunch-if-we-don-t-have.patch -Patch2: 0001-test-marshal-Ensure-we-use-suitably-aligned-buffers.patch -Patch3: 0001-_dbus_babysitter_unref-avoid-infinite-loop-if-waitpi.patch -Patch4: avoid-undefined-7c00ed22d9b5c33f5b33221e906946b11a9bde3b.patch -Patch5: 0001-tests-Disable-name-test.patch -Patch6: dbus-1.6.12-mls-listnames.patch -Patch7: dbus-1.6.12-auth-process-ok-message-dispatch-test-fix.patch -Patch8: dbus-1.6.12-reduce-session-conf-fd-limits.patch - -# https://bugzilla.redhat.com/show_bug.cgi?id=949022 -Patch9: dbus-1.6.12-refresh-man-pages-and-dbus-launch-help.patch - -# https://bugzilla.redhat.com/show_bug.cgi?id=1325870 -Patch10: dbus-1.6.12-avoid-corrupting-multiple-fds.patch - -# https://bugzilla.redhat.com/show_bug.cgi?id=1364485 -Patch11: dbus-1.6.12-avoid-hardcoded-selinux-constants.patch - -# https://bugzilla.redhat.com/show_bug.cgi?id=1356141 -Patch12: dbus-1.6.12-avoid-selinux-context-translation.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1498029 +# Remove and fix dependent packages to use /usr/bin/dbus-send in RHEL 8. +Provides: /bin/dbus-send %description D-BUS is a system for sending messages between applications. It is @@ -96,186 +106,297 @@ other supporting documentation such as the introspect dtd file. %package devel Summary: Development files for D-BUS Group: Development/Libraries +# The server package can be a different architecture. Requires: %{name} = %{epoch}:%{version}-%{release} %description devel This package contains libraries and header files needed for developing software that uses D-BUS. +%package tests +Summary: Tests for the %{name} package +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{epoch}:%{version}-%{release} + +%description tests +The %{name}-tests package contains tests that can be used to verify +the functionality of the installed %{name} package. + %package x11 Summary: X11-requiring add-ons for D-BUS Group: Development/Libraries +# The server package can be a different architecture. Requires: %{name} = %{epoch}:%{version}-%{release} +Requires: xorg-x11-xinit %description x11 D-BUS contains some tools that require Xlib to be installed, those are in this separate package so server systems need not install X. -%prep -%setup -q -n %{name}-%{version} - -# For some reason upstream ships these files as executable -# Make sure they are not -/bin/chmod 0644 COPYING ChangeLog NEWS -%patch0 -p1 -b .bindir +%prep +%setup -q +%patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 %build -if test -f autogen.sh; then env NOCONFIGURE=1 ./autogen.sh; else autoreconf -v -f -i; fi -%configure %{dbus_common_config_opts} --disable-tests --disable-asserts -make - -%install -rm -rf %{buildroot} - -make install DESTDIR=%{buildroot} +# Avoid rpath. +if test -f autogen.sh; then env NOCONFIGURE=1 ./autogen.sh; else autoreconf --verbose --force --install; fi + +# Call configure here (before the extra directories for the multiple builds +# have been created) to ensure that the hardening flag hack is applied to +# ltmain.sh +%configure %{dbus_common_config_opts} --enable-doxygen-docs --enable-xml-docs --disable-asserts +make distclean + +mkdir build +pushd build +# See /usr/lib/rpm/macros +%global _configure ../configure +%configure %{dbus_common_config_opts} --enable-doxygen-docs --enable-xml-docs --disable-asserts +make V=1 %{?_smp_mflags} +popd + +%if %{with check} +mkdir build-check +pushd build-check +%configure %{dbus_common_config_opts} --enable-asserts --enable-verbose-mode --enable-tests +make V=1 %{?_smp_mflags} +popd +%endif -mkdir -p %{buildroot}/%{_libdir}/pkgconfig -#change the arch-deps.h include directory to /usr/lib[64] instead of /lib[64] -sed -e 's@-I${libdir}@-I${prefix}/%{_lib}@' %{buildroot}/%{_lib}/pkgconfig/dbus-1.pc > %{buildroot}/%{_libdir}/pkgconfig/dbus-1.pc -rm -f %{buildroot}/%{_lib}/pkgconfig/dbus-1.pc +%install +pushd build +make install DESTDIR=%{buildroot} INSTALL="install -p" +popd -mkdir -p %{buildroot}/%{_bindir} -mv -f %{buildroot}/bin/dbus-launch %{buildroot}/%{_bindir} -mkdir -p %{buildroot}/%{_libdir}/dbus-1.0/include/ -mv -f %{buildroot}/%{_lib}/dbus-1.0/include/* %{buildroot}/%{_libdir}/dbus-1.0/include/ -rm -rf %{buildroot}/%{_lib}/dbus-1.0 +find %{buildroot} -name '*.a' -type f -delete +find %{buildroot} -name '*.la' -type f -delete -rm -f %{buildroot}/%{_lib}/*.a -rm -f %{buildroot}/%{_lib}/*.la +install -Dp -m755 %{SOURCE1} %{buildroot}%{_sysconfdir}/X11/xinit/xinitrc.d/00-start-message-bus.sh -install -D -m755 %{SOURCE2} %{buildroot}%{_sysconfdir}/X11/xinit/xinitrc.d/00-start-message-bus.sh +# Obsolete, but still widely used, for drop-in configuration snippets. +install --directory %{buildroot}%{_sysconfdir}/dbus-1/session.d +install --directory %{buildroot}%{_sysconfdir}/dbus-1/system.d -mkdir -p %{buildroot}%{_datadir}/dbus-1/interfaces +install --directory %{buildroot}%{_datadir}/dbus-1/interfaces # Make sure that when somebody asks for D-Bus under the name of the # old SysV script, that he ends up with the standard dbus.service name # now. -ln -s dbus.service %{buildroot}/lib/systemd/system/messagebus.service +ln -s dbus.service %{buildroot}%{_unitdir}/messagebus.service ## %find_lang %{gettext_package} # Delete the old legacy sysv init script rm -rf %{buildroot}%{_initrddir} -mkdir -p %{buildroot}/var/lib/dbus - +# Ensure that the ghosted directory has reasonable permissions. +install --directory %{buildroot}/run/dbus + +install --directory %{buildroot}/var/lib/dbus + +install -pm 644 -t %{buildroot}%{_pkgdocdir} \ + doc/introspect.dtd doc/introspect.xsl doc/system-activation.txt + +# Make sure that the documentation shows up in Devhelp. +install --directory %{buildroot}%{_datadir}/gtk-doc/html +ln -s %{_pkgdocdir} %{buildroot}%{_datadir}/gtk-doc/html/dbus + +# dbus.target was removed, in favor of dbus.socket, from systemd 21. +rm -r %{buildroot}%{_unitdir}/dbus.target.wants + +# Shell wrapper for installed tests, modified from Debian package. +cat > dbus-run-installed-tests < "\$tmpdir/result" + ( set +e; \$timeout \$t; echo "\$?" > "\$tmpdir/result" ) 2>&1 | sed 's/^/# /' + e="\$(cat "\$tmpdir/result")" + case "\$e" in + (0) + echo "ok \$i - \$t" + ;; + (77) + echo "ok \$i # SKIP \$t" + ;; + (*) + echo "not ok \$i - \$t (\$e)" + ret=1 + ;; + esac +done + +rm -rf tmpdir +echo "1..\$i" +exit \$ret +EOF + +install -pm 755 -t %{buildroot}%{_libexecdir}/dbus-1 dbus-run-installed-tests + + +%if %{with check} %check -if test -f autogen.sh; then env NOCONFIGURE=1 ./autogen.sh; else autoreconf -v -f -i; fi -%configure %{dbus_common_config_opts} --enable-asserts --enable-verbose-mode --enable-tests +pushd build-check -make clean # TODO: better script for this... export DISPLAY=42 -{ Xvfb :${DISPLAY} -nolisten tcp -auth /dev/null & +{ Xvfb :${DISPLAY} -nolisten tcp -auth /dev/null >/dev/null 2>&1 & trap "kill -15 $! || true" 0 HUP INT QUIT TRAP TERM; }; if ! env DBUS_TEST_SLOW=1 make check; then - echo "TESTS FAIL, finding all Automake logs..." 1>&2; + echo "Tests failed, finding all Automake logs..." 1>&2; find . -type f -name '*.trs' | while read trs; do cat ${trs}; cat ${trs%%.trs}.log; done echo "Exiting abnormally due to make check failure above" 1>&2; exit 1; -else - echo "TESTS PASS" fi +popd +%endif -%clean -rm -rf %{buildroot} %pre # Add the "dbus" user and group /usr/sbin/groupadd -r -g %{dbus_user_uid} dbus 2>/dev/null || : /usr/sbin/useradd -c 'System message bus' -u %{dbus_user_uid} -g %{dbus_user_uid} \ - -s /sbin/nologin -r -d '/' dbus 2> /dev/null || : + -s /sbin/nologin -r -d '/' dbus 2> /dev/null || : %post libs -p /sbin/ldconfig %preun -if [ $1 = 0 ]; then - /bin/systemctl stop dbus.service dbus.socket > /dev/null 2>&1 || : -fi +%systemd_preun stop dbus.service dbus.socket %postun libs -p /sbin/ldconfig %postun -/bin/systemctl daemon-reload >/dev/null 2>&1 || : +%systemd_postun -%triggerun -- dbus < 1.4.10-2 -/sbin/chkconfig --del messagebus >/dev/null 2>&1 || : %files -%defattr(-,root,root) - -%doc COPYING - +# Strictly speaking, we could remove the COPYING from this subpackage and +# just have it be in libs, because dbus Requires dbus-libs. +%{!?_licensedir:%global license %%doc} +%license COPYING +%doc AUTHORS ChangeLog HACKING NEWS README +%exclude %{_pkgdocdir}/api +%exclude %{_pkgdocdir}/dbus.devhelp +%exclude %{_pkgdocdir}/diagram.* +%exclude %{_pkgdocdir}/introspect.* +%exclude %{_pkgdocdir}/system-activation.txt +%exclude %{_pkgdocdir}/*.html %dir %{_sysconfdir}/dbus-1 -%config %{_sysconfdir}/dbus-1/*.conf -%dir %{_sysconfdir}/dbus-1/system.d %dir %{_sysconfdir}/dbus-1/session.d -%ghost %dir %{_localstatedir}/run/dbus +%dir %{_sysconfdir}/dbus-1/system.d +%config %{_sysconfdir}/dbus-1/session.conf +%config %{_sysconfdir}/dbus-1/system.conf +%ghost %dir /run/%{name} %dir %{_localstatedir}/lib/dbus/ -/bin/dbus-daemon -/bin/dbus-send -/bin/dbus-cleanup-sockets -/bin/dbus-monitor -/bin/dbus-uuidgen -%{_mandir}/man*/dbus-cleanup-sockets.1.gz -%{_mandir}/man*/dbus-daemon.1.gz -%{_mandir}/man*/dbus-monitor.1.gz -%{_mandir}/man*/dbus-send.1.gz -%{_mandir}/man*/dbus-uuidgen.1.gz +%{_bindir}/dbus-daemon +%{_bindir}/dbus-send +%{_bindir}/dbus-cleanup-sockets +%{_bindir}/dbus-run-session +%{_bindir}/dbus-monitor +%{_bindir}/dbus-test-tool +%{_bindir}/dbus-update-activation-environment +%{_bindir}/dbus-uuidgen +%{_mandir}/man1/dbus-cleanup-sockets.1* +%{_mandir}/man1/dbus-daemon.1* +%{_mandir}/man1/dbus-run-session.1* +%{_mandir}/man1/dbus-monitor.1* +%{_mandir}/man1/dbus-send.1* +%{_mandir}/man1/dbus-test-tool.1* +%{_mandir}/man1/dbus-update-activation-environment.1* +%{_mandir}/man1/dbus-uuidgen.1* %dir %{_datadir}/dbus-1 +%{_datadir}/dbus-1/session.conf +%{_datadir}/dbus-1/system.conf %{_datadir}/dbus-1/services %{_datadir}/dbus-1/system-services %{_datadir}/dbus-1/interfaces -%dir /%{_lib}/dbus-1 +%dir %{_libexecdir}/dbus-1 # See doc/system-activation.txt in source tarball for the rationale # behind these permissions -%attr(4750,root,dbus) /%{_lib}/dbus-1/dbus-daemon-launch-helper -/lib/systemd/system/dbus.service -/lib/systemd/system/dbus.socket -/lib/systemd/system/dbus.target.wants/dbus.socket -/lib/systemd/system/messagebus.service -/lib/systemd/system/multi-user.target.wants/dbus.service -/lib/systemd/system/sockets.target.wants/dbus.socket +%attr(4750,root,dbus) %{_libexecdir}/dbus-1/dbus-daemon-launch-helper +%exclude %{_libexecdir}/dbus-1/dbus-run-installed-tests +%{_unitdir}/dbus.service +%{_unitdir}/dbus.socket +%{_unitdir}/messagebus.service +%{_unitdir}/multi-user.target.wants/dbus.service +%{_unitdir}/sockets.target.wants/dbus.socket %files libs -%defattr(-,root,root,-) -/%{_lib}/*dbus-1*.so.* +%{!?_licensedir:%global license %%doc} +%license COPYING +%{_libdir}/*dbus-1*.so.* -%files x11 -%defattr(-,root,root) +%files tests +%{_libexecdir}/dbus-1/installed-tests +%{_libexecdir}/dbus-1/dbus-run-installed-tests +%{_datadir}/installed-tests +%files x11 %{_bindir}/dbus-launch -%{_datadir}/man/man*/dbus-launch.1.gz +%{_mandir}/man1/dbus-launch.1* %{_sysconfdir}/X11/xinit/xinitrc.d/00-start-message-bus.sh %files doc -%defattr(-,root,root) -%doc doc/introspect.dtd doc/introspect.xsl doc/system-activation.txt -%doc %{_datadir}/doc/dbus +%{_pkgdocdir}/* +%{_datadir}/gtk-doc +%exclude %{_pkgdocdir}/AUTHORS +%exclude %{_pkgdocdir}/ChangeLog +%exclude %{_pkgdocdir}/HACKING +%exclude %{_pkgdocdir}/NEWS +%exclude %{_pkgdocdir}/README %files devel -%defattr(-,root,root) - -/%{_lib}/lib*.so +%{_libdir}/lib*.so %dir %{_libdir}/dbus-1.0 %{_libdir}/dbus-1.0/include/ %{_libdir}/pkgconfig/dbus-1.pc %{_includedir}/* %changelog +* Thu Feb 15 2018 David King - 1:1.10.24-7 +- Improve permissions on /run/dbus (#1510773) + +* Tue Feb 13 2018 David King - 1:1.10.24-6 +- Rebase MLS patch (#1534902) + +* Mon Feb 12 2018 Ray Strode - 1:1.10.24-5 +- Raise FD limits before dropping privileges + Resolves: #1529044 + +* Tue Jan 09 2018 David King - 1:1.10.24-4 +- Make xinit script work with set -u (#1452539) + +* Wed Oct 04 2017 David King - 1:1.10.24-3 +- Add a Provides for old dbus-send (#1498029) + +* Tue Oct 03 2017 David King - 1:1.10.24-2 +- Fix dbus-send.1 man page typo (#1467415) + +* Thu Sep 28 2017 David King - 1:1.10.24-1 +- Rebase to 1.10.24 (#1480264) + +* Fri Sep 15 2017 David King - 1:1.10.22-1 +- Rebase to 1.10.22 (#1480264) + +* Tue Nov 15 2016 David King - 1:1.6.12-18 +- Fix fd leak in error path (#1370381) + * Mon Sep 12 2016 David King - 1:1.6.12-17 - Improve SELinux context translation patch (#1356141)