openSUSE Build Service

Ana Guerrero (anag+factory) accepted request 1208286 from

Simon Lees (simotek) about 1 month ago (revision 182)

Ana Guerrero (anag+factory) accepted request 1170809 from

Simon Lees (simotek) 3 months ago (revision 181)

Dominique Leuenberger (dimstar_suse) committed almost 1 year ago (revision 180)

Expedited checkin of diffutils -> cmp migration

Ana Guerrero (anag+factory) accepted request 1112496 from

Factory Maintainer (factory-maintainer) about 1 year ago (revision 179)

Automatic submission by obs-autosubmit

Dominique Leuenberger (dimstar_suse) accepted request 1092691 from

Dirk Mueller (dirkmueller) over 1 year ago (revision 178)

- update to 1.14.8 (bsc#1212126, CVE-2023-34969):
  * Denial-of-service fixes:
  * Fix an assertion failure in dbus-daemon when a privileged
    Monitoring connection (dbus-monitor, busctl monitor, gdbus
    monitor or similar) is active, and a message from the bus
    driver cannot be delivered to a client connection due to
    <deny> rules or outgoing message quota. This
    is a denial of service if triggered maliciously by a local
    attacker.
  * Fix compilation on compilers not supporting __FUNCTION__
  * Fix some memory leaks on out-of-memory conditions
  * Fix syntax of a code sample in dbus-api-design

Dominique Leuenberger (dimstar_suse) accepted request 1067484 from

Simon Lees (simotek) over 1 year ago (revision 177)

Dominique Leuenberger (dimstar_suse) accepted request 1064302 from

Fridrich Strba (fstrba) almost 2 years ago (revision 176)

fix multibuild

Dominique Leuenberger (dimstar_suse) accepted request 1031295 from

Dirk Mueller (dirkmueller) about 2 years ago (revision 175)

- update to 1.14.4 (bsc#1204111, CVE-2022-42010, 
                    bsc#1204112, CVE-2022-42011,
                    bsc#1204113, CVE-2022-42012):
  This is a security update for the dbus 1.14.x stable branch, fixing
  denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying
  security hardening (dbus#416).
  Behaviour changes:
  * On Linux, dbus-daemon and other uses of DBusServer now create a
     path-based Unix socket, unix:path=..., when asked to listen on a
     unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to
     unix:dir=... on all platforms.
     Previous versions would have created an abstract socket, unix:abstract=...,
     in this situation.
     This change primarily affects the well-known session bus when run via
     dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring
     dbus with --enable-user-session and running it on a systemd system,
     already used path-based Unix sockets and is unaffected by this change.
     This behaviour change prevents a sandbox escape via the session bus socket
     in sandboxing frameworks that can share the network namespace with the host
     system, such as Flatpak.
     This change might cause a regression in situations where the abstract socket
     is intentionally shared between the host system and a chroot or container,
     such as some use-cases of schroot(1). That regression can be resolved by
     using a bind-mount to share either the D-Bus socket, or the whole /tmp
     directory, with the chroot or container.
     (dbus#416, Simon McVittie)
  * Denial of service fixes:
    - Evgeny Vereshchagin discovered several ways in which an authenticated
      local attacker could cause a crash (denial of service) in
      dbus-daemon --system or a custom DBusServer. In uncommon configurations

Dominique Leuenberger (dimstar_suse) accepted request 1011186 from

Simon Lees (simotek) about 2 years ago (revision 174)

Dominique Leuenberger (dimstar_suse) accepted request 1010413 from

Dirk Mueller (dirkmueller) about 2 years ago (revision 173)

- Disable asserts (bsc#1087072)

Dominique Leuenberger (dimstar_suse) accepted request 981473 from

Dirk Mueller (dirkmueller) over 2 years ago (revision 172)

- version provides
- add split provides
- remove unused/obsolete pre_checkin.sh

- The great dbus package split of 22, in preperation for replacing
  dbus-daemon with dbus-broker currently there is no functional
  difference that will change later, this follows a similar setup
  to RedHat and Debian.
  * dbus-daemon is now in its own separate package
  * Create a dbus-1-common package with all the files and config
    that are shared between the dbus-daemon and dbus-broker
    implementations.
  * Create a dbus-1-tools package with the tools eventually we will
    likely want to move to only recommending this package Redhat and
    Debian have both already gone down this path.

Dominique Leuenberger (dimstar_suse) accepted request 962877 from

Dirk Mueller (dirkmueller) over 2 years ago (revision 171)

Dominique Leuenberger (dimstar_suse) accepted request 961966 from

Dirk Mueller (dirkmueller) over 2 years ago (revision 170)

- set runstatedir correctly

Dominique Leuenberger (dimstar_suse) accepted request 960278 from

Dirk Mueller (dirkmueller) over 2 years ago (revision 169)

Dominique Leuenberger (dimstar_suse) accepted request 958730 from

Dirk Mueller (dirkmueller) over 2 years ago (revision 168)

Dominique Leuenberger (dimstar_suse) accepted request 933402 from

Dirk Mueller (dirkmueller) almost 3 years ago (revision 167)

Dominique Leuenberger (dimstar_suse) accepted request 883704 from

Dirk Mueller (dirkmueller) over 3 years ago (revision 166)

- avoid listing cmake directory - owned by cmake package

Dominique Leuenberger (dimstar_suse) accepted request 876715 from

Simon Lees (simotek) over 3 years ago (revision 165)

Dominique Leuenberger (dimstar_suse) accepted request 850346 from

Simon Lees (simotek) almost 4 years ago (revision 164)

Dominique Leuenberger (dimstar_suse) accepted request 828602 from

Simon Lees (simotek) about 4 years ago (revision 163)

Places

Revisions of dbus-1

Places