Blame SPECS/dbus-broker.spec

3bac29
%global dbus_user_id 81
3bac29
3bac29
Name:                 dbus-broker
3bac29
Version:              28
bb4389
Release:              7%{?dist}
3bac29
Summary:              Linux D-Bus Message Broker
3bac29
License:              ASL 2.0
3bac29
URL:                  https://github.com/bus1/dbus-broker
3bac29
Source0:              https://github.com/bus1/dbus-broker/releases/download/v%{version}/dbus-broker-%{version}.tar.xz
3bac29
Patch0000:            https://github.com/bus1/dbus-broker/commit/1add8a7d60e46806e0ef87994d3024245db0d84a.patch
3bac29
Patch0001:            https://github.com/bus1/dbus-broker/commit/b82b670bfec6600d0144bcb9ca635fb07c80118f.patch
bb4389
Patch0002:            cve-2022-31212.patch
bb4389
Patch0003:            cve-2022-31213.patch
bb4389
Patch0004:            https://github.com/bus1/dbus-broker/commit/33e0595b1c7cf8fa0e7ca3a353f4380c1307dc25.patch
3bac29
%{?systemd_requires}
3bac29
BuildRequires:        pkgconfig(audit)
3bac29
BuildRequires:        pkgconfig(expat)
3bac29
BuildRequires:        pkgconfig(dbus-1)
3bac29
BuildRequires:        pkgconfig(libcap-ng)
3bac29
BuildRequires:        pkgconfig(libselinux)
3bac29
BuildRequires:        pkgconfig(libsystemd)
3bac29
BuildRequires:        pkgconfig(systemd)
3bac29
BuildRequires:        gcc
3bac29
BuildRequires:        glibc-devel
3bac29
BuildRequires:        meson
3bac29
BuildRequires:        python3-docutils
3bac29
Requires:             dbus-common
3bac29
Requires(pre):        shadow-utils
3bac29
Requires(post):       /usr/bin/systemctl
3bac29
# for triggerpostun
3bac29
Requires:             /usr/bin/systemctl
3bac29
3bac29
%description
3bac29
dbus-broker is an implementation of a message bus as defined by the D-Bus
3bac29
specification. Its aim is to provide high performance and reliability, while
3bac29
keeping compatibility to the D-Bus reference implementation. It is exclusively
3bac29
written for Linux systems, and makes use of many modern features provided by
3bac29
recent Linux kernel releases.
3bac29
3bac29
%prep
3bac29
%autosetup -p1
3bac29
3bac29
%build
3bac29
%meson -Dselinux=true -Daudit=true -Ddocs=true -Dsystem-console-users=gdm -Dlinux-4-17=true
3bac29
%meson_build
3bac29
3bac29
%install
3bac29
%meson_install
3bac29
3bac29
%check
3bac29
%meson_test
3bac29
3bac29
%pre
3bac29
# create dbus user and group
3bac29
getent group dbus >/dev/null || groupadd -f -g %{dbus_user_id} -r dbus
3bac29
if ! getent passwd dbus >/dev/null ; then
3bac29
    if ! getent passwd %{dbus_user_id} >/dev/null ; then
3bac29
      useradd -r -u %{dbus_user_id} -g %{dbus_user_id} -d '/' -s /sbin/nologin -c "System message bus" dbus
3bac29
    else
3bac29
      useradd -r -g %{dbus_user_id} -d '/' -s /sbin/nologin -c "System message bus" dbus
3bac29
    fi
3bac29
fi
3bac29
exit 0
3bac29
3bac29
%post
3bac29
%systemd_post dbus-broker.service
3bac29
%systemd_user_post dbus-broker.service
3bac29
%journal_catalog_update
3bac29
3bac29
%preun
3bac29
%systemd_preun dbus-broker.service
3bac29
%systemd_user_preun dbus-broker.service
3bac29
3bac29
%postun
3bac29
%systemd_postun dbus-broker.service
3bac29
%systemd_user_postun dbus-broker.service
3bac29
3bac29
%triggerpostun -- dbus-daemon
3bac29
if [ $2 -eq 0 ] ; then
3bac29
        # The `dbus-daemon` package used to provide the default D-Bus
3bac29
        # implementation. We continue to make sure that if you uninstall it, we
3bac29
        # re-evaluate whether to enable dbus-broker to replace it. If we didnt,
3bac29
        # you might end up without any bus implementation active.
3bac29
        systemctl --no-reload          preset dbus-broker.service || :
3bac29
        systemctl --no-reload --global preset dbus-broker.service || :
3bac29
fi
3bac29
3bac29
%files
3bac29
%license AUTHORS
3bac29
%license LICENSE
3bac29
%{_bindir}/dbus-broker
3bac29
%{_bindir}/dbus-broker-launch
3bac29
%{_journalcatalogdir}/dbus-broker.catalog
3bac29
%{_journalcatalogdir}/dbus-broker-launch.catalog
3bac29
%{_mandir}/man1/dbus-broker.1*
3bac29
%{_mandir}/man1/dbus-broker-launch.1*
3bac29
%{_unitdir}/dbus-broker.service
3bac29
%{_userunitdir}/dbus-broker.service
3bac29
3bac29
%changelog
bb4389
* Mon Aug 22 2022 Frantisek Sumsal <fsumsal@redhat.com> - 28-7
bb4389
- Add coverage for CVE-2022-31213 and other config-file-related issues
bb4389
Related: CVE-2022-31213
bb4389
bb4389
* Tue Aug 02 2022 Jakub Martisko <jamartis@redhat.com> - 28-6
bb4389
- Fix a stack buffer over-read in the c-shquote library
bb4389
- Fix null pointer reference when supplying a malformed XML config file
bb4389
Resolves: CVE-2022-31212
bb4389
Resolves: CVE-2022-31213
bb4389
3bac29
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 28-5
3bac29
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
3bac29
  Related: rhbz#1991688
3bac29
3bac29
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 28-4
3bac29
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
3bac29
3bac29
* Thu Mar 18 2021 David Rheinsberg <david.rheinsberg@gmail.com> - 28-3
3bac29
- Apply another fix for incorrect at_console range assertion.
3bac29
3bac29
* Thu Mar 18 2021 David Rheinsberg <david.rheinsberg@gmail.com> - 28-2
3bac29
- Apply fix for incorrect at_console range assertion.
3bac29
3bac29
* Thu Mar 18 2021 David Rheinsberg <david.rheinsberg@gmail.com> - 28-1
3bac29
- Update to upstream v28.
3bac29
- Drop unused c-util based bundling annotations.
3bac29
3bac29
* Wed Feb 17 2021 David Rheinsberg <david.rheinsberg@gmail.com> - 27-2
3bac29
- Apply activation-tracking bugfixes from upstream.
3bac29
3bac29
* Mon Feb 15 2021 David Rheinsberg <david.rheinsberg@gmail.com> - 27-1
3bac29
- Update to upstream v27.
3bac29
3bac29
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 26-2
3bac29
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
3bac29
3bac29
* Wed Jan 20 2021 David Rheinsberg <david.rheinsberg@gmail.com> - 26-1
3bac29
- Update to upstream v26.
3bac29
3bac29
* Wed Jan  6 2021 Jeff Law <law@redhat.com> - 24-2
3bac29
- Bump NVR to force rebuild with gcc-11
3bac29
3bac29
* Fri Sep  4 2020 David Rheinsberg <david.rheinsberg@gmail.com> - 24-1
3bac29
- Update to upstream v24. Only minor changes to the diagnostic messages as
3bac29
  well as audit-events.
3bac29
3bac29
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 23-3
3bac29
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
3bac29
3bac29
* Mon May 11 2020 Adam Williamson <awilliam@redhat.com> - 23-2
3bac29
- Fix missing % in macro invocations in %post
3bac29
3bac29
* Mon May 11 2020 David Rheinsberg <david.rheinsberg@gmail.com> - 23-1
3bac29
- Update to upstream v23.
3bac29
3bac29
* Mon May  4 2020 David Rheinsberg <david.rheinsberg@gmail.com> - 22-3
3bac29
- Drop dbus-daemon -> dbus-broker live system conversion. New setups will
3bac29
  automatically pick up dbus-broker as default implementation. If you upgrade
3bac29
  from pre-F30, you will not get any auto upgrade anymore. Deinstalling the
3bac29
  dbus-daemon package will, however, automatically pick up dbus-broker.
3bac29
3bac29
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 21-7
3bac29
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
3bac29
3bac29
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 21-6
3bac29
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
3bac29
3bac29
* Sun Jul 14 2019 Neal Gompa <ngompa13@gmail.com> - 21-5
3bac29
- Fix reference to dbus_user_id macro in scriptlet
3bac29
3bac29
* Wed Jul 10 2019 Jonathan Brielmaier <jbrielmaier@suse.de> - 21-4
3bac29
- Make creation of dbus user/group more robust, fixes #1717925
3bac29
3bac29
* Thu May  9 2019 Tom Gundersen <teg@jklm.no> - 21-2
3bac29
- Gracefully handle missing FDs in received messages, #1706883
3bac29
- Minor bugfixes
3bac29
3bac29
* Fri May  3 2019 Tom Gundersen <teg@jklm.no> - 21-1
3bac29
- Don't fail on EACCESS when reading config, fixes #1704920
3bac29
3bac29
* Thu May  2 2019 Tom Gundersen <teg@jklm.no> - 21-1
3bac29
- Minor bugfixes related to config reload for #1704488
3bac29
3bac29
* Wed Apr 17 2019 Tom Gundersen <teg@jklm.no> - 20-4
3bac29
- Fix assert due to failing reload #1700514
3bac29
3bac29
* Tue Apr 16 2019 Adam Williamson <awilliam@redhat.com> - 20-3
3bac29
- Rebuild with Meson fix for #1699099
3bac29
3bac29
* Thu Apr 11 2019 Tom Gundersen <teg@jklm.no> - 20-2
3bac29
- Fix the c_assert macro
3bac29
3bac29
* Wed Apr 10 2019 Tom Gundersen <teg@jklm.no> - 20-1
3bac29
- Improve handling of broken or deprecated configuration
3bac29
- Avoid at_console workaround if possible
3bac29
3bac29
* Tue Apr  9 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 19-2
3bac29
- Add a temporary generator to fix switching from dbus-daemon to
3bac29
  dbus-broker (#1674045)
3bac29
3bac29
* Thu Mar 28 2019 Tom Gundersen <teg@jklm.no> - 19-1
3bac29
- Minor bug fixes
3bac29
3bac29
* Thu Feb 21 2019 Tom Gundersen <teg@jklm.no> - 18-1
3bac29
- Minor bug fixes
3bac29
3bac29
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 17-4
3bac29
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
3bac29
3bac29
* Mon Jan 14 2019 Tom Gundersen <teg@jklm.no> - 17-3
3bac29
- run in the root network namespace
3bac29
3bac29
* Sat Jan 12 2019 Tom Gundersen <teg@jklm.no> - 17-2
3bac29
- ignore config files that cannot be opened (fix rhbz #1665450)
3bac29
3bac29
* Wed Jan 2 2019 Tom Gundersen <teg@jklm.no> - 17-1
3bac29
- apply more sandboxing through systemd
3bac29
- improve logging on disconnect
3bac29
- don't send FDs to clients who don't declare support
3bac29
3bac29
* Wed Nov 28 2018 Tom Gundersen <teg@jklm.no> - 16-8
3bac29
- don't apply presets on updates to dbus-daemon
3bac29
3bac29
* Mon Nov 26 2018 Tom Gundersen <teg@jklm.no> - 16-7
3bac29
- enable service file correctly at install
3bac29
3bac29
* Mon Nov 26 2018 Tom Gundersen <teg@jklm.no> - 16-5
3bac29
- use full paths when calling binaries from rpm scripts
3bac29
3bac29
* Sun Nov 25 2018 Tom Gundersen <teg@jklm.no> - 16-4
3bac29
- fix SELinux bug
3bac29
3bac29
* Tue Oct 30 2018 Tom Gundersen <teg@jklm.no> - 16-3
3bac29
- add explicit systemctl dependency
3bac29
3bac29
* Tue Oct 23 2018 David Herrmann <dh.herrmann@gmail.com> - 16-2
3bac29
- create dbus user and group if non-existant
3bac29
- add explicit %%postlets to switch over to the broker as default
3bac29
3bac29
* Fri Oct 12 2018 Tom Gundersen <teg@jklm.no> - 16-1
3bac29
- make resource limits configurable
3bac29
- rerun presets in case dbus-daemon is disabled
3bac29
3bac29
* Thu Aug 30 2018 Tom Gundersen <teg@jklm.no> - 15-4
3bac29
- depend on dbus-common rather than dbus
3bac29
3bac29
* Wed Aug 29 2018 Tom Gundersen <teg@jklm.no> - 15-3
3bac29
- run %%systemd_user rpm macros
3bac29
3bac29
* Mon Aug 27 2018 Tom Gundersen <teg@jklm.no> - 15-2
3bac29
- add back --verbose switch for backwards compatibility
3bac29
3bac29
* Wed Aug 08 2018 Tom Gundersen <teg@jklm.no> - 15-1
3bac29
- fix audit support
3bac29
- make logging about invalid config less verbose
3bac29
3bac29
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 14-2
3bac29
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
3bac29
3bac29
* Tue Jul 03 2018 Tom Gundersen <teg@jklm.no> - 14-1
3bac29
- use inotify to reload config automatically
3bac29
- run as the right user
3bac29
- new compatibility features, bugfixes and performance enhancements
3bac29
3bac29
* Mon Apr 23 2018 Tom Gundersen <teg@jklm.no> - 13-1
3bac29
- Namespace transient systemd units per launcher instance
3bac29
- Reduce reliance on NSS
3bac29
- Fix deadlock with nss-systemd
3bac29
3bac29
* Wed Feb 21 2018 Tom Gundersen <teg@jklm.no> - 11-1
3bac29
- The 'gdm' user is now considered at_console=true
3bac29
- Bugfixes and performance enhancements
3bac29
3bac29
* Wed Feb 07 2018 Tom Gundersen <teg@jklm.no> - 10-1
3bac29
- Bugfixes and performance enhancements
3bac29
3bac29
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 9-2
3bac29
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
3bac29
3bac29
* Thu Nov 30 2017 Tom Gundersen <teg@jklm.no> - 9-1
3bac29
- Avoid nss deadlock at start-up
3bac29
- Support ExecReload
3bac29
- Respect User= in service files
3bac29
3bac29
* Tue Oct 17 2017 Tom Gundersen <teg@jklm.no> - 8-1
3bac29
- Dont clean-up children of activated services by default
3bac29
- Dont use audit from the user instance
3bac29
- Support the ReloadConfig() API
3bac29
3bac29
* Tue Oct 17 2017 Tom Gundersen <teg@jklm.no> - 7-1
3bac29
- Upstream bugfix release
3bac29
3bac29
* Mon Oct 16 2017 Tom Gundersen <teg@jklm.no> - 6-1
3bac29
- Upstream bugfix release
3bac29
3bac29
* Tue Oct 10 2017 Tom Gundersen <teg@jklm.no> - 5-1
3bac29
- Drop downstream SELinux module
3bac29
- Support (in a limited way) at_console= policies
3bac29
- Order dbus-broker before basic.target
3bac29
3bac29
* Fri Sep 08 2017 Tom Gundersen <teg@jklm.no> - 4-1
3bac29
- Use audit for SELinux logging
3bac29
- Support full search-paths for service files
3bac29
- Log policy failures
3bac29
3bac29
* Fri Aug 18 2017 Tom Gundersen <teg@jklm.no> - 3-1
3bac29
- Add manpages
3bac29
3bac29
* Wed Aug 16 2017 Tom Gundersen <teg@jklm.no> - 2-2
3bac29
- Add license to package
3bac29
3bac29
* Wed Aug 16 2017 Tom Gundersen <teg@jklm.no> - 2-1
3bac29
- Add SELinux support
3bac29
3bac29
* Sun Aug 13 2017 Tom Gundersen <teg@jklm.no> - 1-1
3bac29
- Initial RPM release
3bac29