From cc8a76962667f012019de6dd6c39b008f1914cff Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: May 17 2022 10:39:29 +0000 Subject: import dbus-broker-28-5.el9 --- diff --git a/.dbus-broker.metadata b/.dbus-broker.metadata new file mode 100644 index 0000000..05e5a35 --- /dev/null +++ b/.dbus-broker.metadata @@ -0,0 +1 @@ +2602b87b336875bc1fd6866004f16013e6cf3fe4 SOURCES/dbus-broker-28.tar.xz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e8177c7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/dbus-broker-28.tar.xz diff --git a/SOURCES/1add8a7d60e46806e0ef87994d3024245db0d84a.patch b/SOURCES/1add8a7d60e46806e0ef87994d3024245db0d84a.patch new file mode 100644 index 0000000..76db910 --- /dev/null +++ b/SOURCES/1add8a7d60e46806e0ef87994d3024245db0d84a.patch @@ -0,0 +1,38 @@ +From 1add8a7d60e46806e0ef87994d3024245db0d84a Mon Sep 17 00:00:00 2001 +From: David Rheinsberg +Date: Thu, 18 Mar 2021 11:10:02 +0100 +Subject: [PATCH] launch/policy: fix incorrect assertion for at_console + +We write at_console policies for ranges of uids. If one of those ranges +is 0, an overflow assertion will incorrectly fire. Fix this and simplify +the assertions for better readability. + +Note that such empty ranges will happen if more than one user on the +system is considered `at_console` **and** those users have consecutive +UIDs. Another possibility for empty ranges is when uid 0 is considered +at_console. + +In any case, the assertion will abort the application incorrectly. So +this is not a security issue, but merely an incorrect assertion. + +Signed-off-by: David Rheinsberg +--- + src/launch/policy.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/launch/policy.c b/src/launch/policy.c +index f91f11b..75eb0d3 100644 +--- a/src/launch/policy.c ++++ b/src/launch/policy.c +@@ -934,7 +934,10 @@ static int policy_export_xmit(Policy *policy, CList *list1, CList *list2, sd_bus + static int policy_export_console(Policy *policy, sd_bus_message *m, PolicyEntries *entries, uint32_t uid_start, uint32_t n_uid) { + int r; + +- c_assert(((uint32_t)-1) - n_uid + 1 >= uid_start); ++ /* check for overflow */ ++ c_assert(uid_start + n_uid >= uid_start); ++ /* check for encoding into dbus `u` type */ ++ c_assert(uid_start + n_uid <= (uint32_t)-1); + + if (n_uid == 0) + return 0; diff --git a/SOURCES/b82b670bfec6600d0144bcb9ca635fb07c80118f.patch b/SOURCES/b82b670bfec6600d0144bcb9ca635fb07c80118f.patch new file mode 100644 index 0000000..7f73592 --- /dev/null +++ b/SOURCES/b82b670bfec6600d0144bcb9ca635fb07c80118f.patch @@ -0,0 +1,30 @@ +From b82b670bfec6600d0144bcb9ca635fb07c80118f Mon Sep 17 00:00:00 2001 +From: David Rheinsberg +Date: Thu, 18 Mar 2021 12:13:16 +0100 +Subject: [PATCH] launch/policy: fix at_console range assertion again + +The previous fix did not actually consider that a full range can span up +until (uint32_t)-1. Fix this properly now, and just check manually for +an empty range before checking that the highest entry in the range can +be represented. + +Signed-off-by: David Rheinsberg +--- + src/launch/policy.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/src/launch/policy.c b/src/launch/policy.c +index 75eb0d3..6999ceb 100644 +--- a/src/launch/policy.c ++++ b/src/launch/policy.c +@@ -935,9 +935,7 @@ static int policy_export_console(Policy *policy, sd_bus_message *m, PolicyEntrie + int r; + + /* check for overflow */ +- c_assert(uid_start + n_uid >= uid_start); +- /* check for encoding into dbus `u` type */ +- c_assert(uid_start + n_uid <= (uint32_t)-1); ++ c_assert(n_uid == 0 || uid_start + n_uid - 1 >= uid_start); + + if (n_uid == 0) + return 0; diff --git a/SPECS/dbus-broker.spec b/SPECS/dbus-broker.spec new file mode 100644 index 0000000..1be1236 --- /dev/null +++ b/SPECS/dbus-broker.spec @@ -0,0 +1,304 @@ +%global dbus_user_id 81 + +Name: dbus-broker +Version: 28 +Release: 5%{?dist} +Summary: Linux D-Bus Message Broker +License: ASL 2.0 +URL: https://github.com/bus1/dbus-broker +Source0: https://github.com/bus1/dbus-broker/releases/download/v%{version}/dbus-broker-%{version}.tar.xz +Patch0000: https://github.com/bus1/dbus-broker/commit/1add8a7d60e46806e0ef87994d3024245db0d84a.patch +Patch0001: https://github.com/bus1/dbus-broker/commit/b82b670bfec6600d0144bcb9ca635fb07c80118f.patch +%{?systemd_requires} +BuildRequires: pkgconfig(audit) +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(dbus-1) +BuildRequires: pkgconfig(libcap-ng) +BuildRequires: pkgconfig(libselinux) +BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(systemd) +BuildRequires: gcc +BuildRequires: glibc-devel +BuildRequires: meson +BuildRequires: python3-docutils +Requires: dbus-common +Requires(pre): shadow-utils +Requires(post): /usr/bin/systemctl +# for triggerpostun +Requires: /usr/bin/systemctl + +%description +dbus-broker is an implementation of a message bus as defined by the D-Bus +specification. Its aim is to provide high performance and reliability, while +keeping compatibility to the D-Bus reference implementation. It is exclusively +written for Linux systems, and makes use of many modern features provided by +recent Linux kernel releases. + +%prep +%autosetup -p1 + +%build +%meson -Dselinux=true -Daudit=true -Ddocs=true -Dsystem-console-users=gdm -Dlinux-4-17=true +%meson_build + +%install +%meson_install + +%check +%meson_test + +%pre +# create dbus user and group +getent group dbus >/dev/null || groupadd -f -g %{dbus_user_id} -r dbus +if ! getent passwd dbus >/dev/null ; then + if ! getent passwd %{dbus_user_id} >/dev/null ; then + useradd -r -u %{dbus_user_id} -g %{dbus_user_id} -d '/' -s /sbin/nologin -c "System message bus" dbus + else + useradd -r -g %{dbus_user_id} -d '/' -s /sbin/nologin -c "System message bus" dbus + fi +fi +exit 0 + +%post +%systemd_post dbus-broker.service +%systemd_user_post dbus-broker.service +%journal_catalog_update + +%preun +%systemd_preun dbus-broker.service +%systemd_user_preun dbus-broker.service + +%postun +%systemd_postun dbus-broker.service +%systemd_user_postun dbus-broker.service + +%triggerpostun -- dbus-daemon +if [ $2 -eq 0 ] ; then + # The `dbus-daemon` package used to provide the default D-Bus + # implementation. We continue to make sure that if you uninstall it, we + # re-evaluate whether to enable dbus-broker to replace it. If we didnt, + # you might end up without any bus implementation active. + systemctl --no-reload preset dbus-broker.service || : + systemctl --no-reload --global preset dbus-broker.service || : +fi + +%files +%license AUTHORS +%license LICENSE +%{_bindir}/dbus-broker +%{_bindir}/dbus-broker-launch +%{_journalcatalogdir}/dbus-broker.catalog +%{_journalcatalogdir}/dbus-broker-launch.catalog +%{_mandir}/man1/dbus-broker.1* +%{_mandir}/man1/dbus-broker-launch.1* +%{_unitdir}/dbus-broker.service +%{_userunitdir}/dbus-broker.service + +%changelog +* Mon Aug 09 2021 Mohan Boddu - 28-5 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu Apr 15 2021 Mohan Boddu - 28-4 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Thu Mar 18 2021 David Rheinsberg - 28-3 +- Apply another fix for incorrect at_console range assertion. + +* Thu Mar 18 2021 David Rheinsberg - 28-2 +- Apply fix for incorrect at_console range assertion. + +* Thu Mar 18 2021 David Rheinsberg - 28-1 +- Update to upstream v28. +- Drop unused c-util based bundling annotations. + +* Wed Feb 17 2021 David Rheinsberg - 27-2 +- Apply activation-tracking bugfixes from upstream. + +* Mon Feb 15 2021 David Rheinsberg - 27-1 +- Update to upstream v27. + +* Tue Jan 26 2021 Fedora Release Engineering - 26-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jan 20 2021 David Rheinsberg - 26-1 +- Update to upstream v26. + +* Wed Jan 6 2021 Jeff Law - 24-2 +- Bump NVR to force rebuild with gcc-11 + +* Fri Sep 4 2020 David Rheinsberg - 24-1 +- Update to upstream v24. Only minor changes to the diagnostic messages as + well as audit-events. + +* Mon Jul 27 2020 Fedora Release Engineering - 23-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon May 11 2020 Adam Williamson - 23-2 +- Fix missing % in macro invocations in %post + +* Mon May 11 2020 David Rheinsberg - 23-1 +- Update to upstream v23. + +* Mon May 4 2020 David Rheinsberg - 22-3 +- Drop dbus-daemon -> dbus-broker live system conversion. New setups will + automatically pick up dbus-broker as default implementation. If you upgrade + from pre-F30, you will not get any auto upgrade anymore. Deinstalling the + dbus-daemon package will, however, automatically pick up dbus-broker. + +* Tue Jan 28 2020 Fedora Release Engineering - 21-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Jul 24 2019 Fedora Release Engineering - 21-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sun Jul 14 2019 Neal Gompa - 21-5 +- Fix reference to dbus_user_id macro in scriptlet + +* Wed Jul 10 2019 Jonathan Brielmaier - 21-4 +- Make creation of dbus user/group more robust, fixes #1717925 + +* Thu May 9 2019 Tom Gundersen - 21-2 +- Gracefully handle missing FDs in received messages, #1706883 +- Minor bugfixes + +* Fri May 3 2019 Tom Gundersen - 21-1 +- Don't fail on EACCESS when reading config, fixes #1704920 + +* Thu May 2 2019 Tom Gundersen - 21-1 +- Minor bugfixes related to config reload for #1704488 + +* Wed Apr 17 2019 Tom Gundersen - 20-4 +- Fix assert due to failing reload #1700514 + +* Tue Apr 16 2019 Adam Williamson - 20-3 +- Rebuild with Meson fix for #1699099 + +* Thu Apr 11 2019 Tom Gundersen - 20-2 +- Fix the c_assert macro + +* Wed Apr 10 2019 Tom Gundersen - 20-1 +- Improve handling of broken or deprecated configuration +- Avoid at_console workaround if possible + +* Tue Apr 9 2019 Zbigniew Jędrzejewski-Szmek - 19-2 +- Add a temporary generator to fix switching from dbus-daemon to + dbus-broker (#1674045) + +* Thu Mar 28 2019 Tom Gundersen - 19-1 +- Minor bug fixes + +* Thu Feb 21 2019 Tom Gundersen - 18-1 +- Minor bug fixes + +* Thu Jan 31 2019 Fedora Release Engineering - 17-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Jan 14 2019 Tom Gundersen - 17-3 +- run in the root network namespace + +* Sat Jan 12 2019 Tom Gundersen - 17-2 +- ignore config files that cannot be opened (fix rhbz #1665450) + +* Wed Jan 2 2019 Tom Gundersen - 17-1 +- apply more sandboxing through systemd +- improve logging on disconnect +- don't send FDs to clients who don't declare support + +* Wed Nov 28 2018 Tom Gundersen - 16-8 +- don't apply presets on updates to dbus-daemon + +* Mon Nov 26 2018 Tom Gundersen - 16-7 +- enable service file correctly at install + +* Mon Nov 26 2018 Tom Gundersen - 16-5 +- use full paths when calling binaries from rpm scripts + +* Sun Nov 25 2018 Tom Gundersen - 16-4 +- fix SELinux bug + +* Tue Oct 30 2018 Tom Gundersen - 16-3 +- add explicit systemctl dependency + +* Tue Oct 23 2018 David Herrmann - 16-2 +- create dbus user and group if non-existant +- add explicit %%postlets to switch over to the broker as default + +* Fri Oct 12 2018 Tom Gundersen - 16-1 +- make resource limits configurable +- rerun presets in case dbus-daemon is disabled + +* Thu Aug 30 2018 Tom Gundersen - 15-4 +- depend on dbus-common rather than dbus + +* Wed Aug 29 2018 Tom Gundersen - 15-3 +- run %%systemd_user rpm macros + +* Mon Aug 27 2018 Tom Gundersen - 15-2 +- add back --verbose switch for backwards compatibility + +* Wed Aug 08 2018 Tom Gundersen - 15-1 +- fix audit support +- make logging about invalid config less verbose + +* Thu Jul 12 2018 Fedora Release Engineering - 14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jul 03 2018 Tom Gundersen - 14-1 +- use inotify to reload config automatically +- run as the right user +- new compatibility features, bugfixes and performance enhancements + +* Mon Apr 23 2018 Tom Gundersen - 13-1 +- Namespace transient systemd units per launcher instance +- Reduce reliance on NSS +- Fix deadlock with nss-systemd + +* Wed Feb 21 2018 Tom Gundersen - 11-1 +- The 'gdm' user is now considered at_console=true +- Bugfixes and performance enhancements + +* Wed Feb 07 2018 Tom Gundersen - 10-1 +- Bugfixes and performance enhancements + +* Wed Feb 07 2018 Fedora Release Engineering - 9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Nov 30 2017 Tom Gundersen - 9-1 +- Avoid nss deadlock at start-up +- Support ExecReload +- Respect User= in service files + +* Tue Oct 17 2017 Tom Gundersen - 8-1 +- Dont clean-up children of activated services by default +- Dont use audit from the user instance +- Support the ReloadConfig() API + +* Tue Oct 17 2017 Tom Gundersen - 7-1 +- Upstream bugfix release + +* Mon Oct 16 2017 Tom Gundersen - 6-1 +- Upstream bugfix release + +* Tue Oct 10 2017 Tom Gundersen - 5-1 +- Drop downstream SELinux module +- Support (in a limited way) at_console= policies +- Order dbus-broker before basic.target + +* Fri Sep 08 2017 Tom Gundersen - 4-1 +- Use audit for SELinux logging +- Support full search-paths for service files +- Log policy failures + +* Fri Aug 18 2017 Tom Gundersen - 3-1 +- Add manpages + +* Wed Aug 16 2017 Tom Gundersen - 2-2 +- Add license to package + +* Wed Aug 16 2017 Tom Gundersen - 2-1 +- Add SELinux support + +* Sun Aug 13 2017 Tom Gundersen - 1-1 +- Initial RPM release +