./emulators/suse131_libdbus, Linux compatibility package for DBus

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 13.1nb7, Package name: suse_libdbus-13.1nb7, Maintainer: pkgsrc-users

Linux compatibility package based on the openSUSE Linux distribution.
Please visit http://www.opensuse.org/ for more information about openSUSE
Linux.

This package supports running ELF binaries linked with glibc2 that
require DBus shared libraries.

DEINSTALL [+/-]

Required to run:
[emulators/suse131_base]

Master sites:


Version history: (Expand)


CVS history: (Expand)


   2015-11-03 21:31:11 by Alistair G. Crooks | Files touched by this commit (211)
Log message:
Add SHA512 digests for distfiles for emulators category

Problems found with existing digests:
	Package suse131_libSDL
	1c4d17a53bece6243cb3e6dd11c36d50f851a4f4 [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
	Package suse131_libdbus
	de99fcfa8e2c7ced28caf38c24d217d6037aaa56 [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]
	Package suse131_qt4
	94daff738912c96ed8878ce1a131cd49fb379206 [recorded]
	886206018431aee9f8a01e1fb7e46973e8dca9d9 [calculated]

Problems found locating distfiles for atari800, compat12, compat 13,
compat14, compat15, compat20, compat30, compat40, compat50,
compat50-x11, compat51, compat51-x11, compat60, compat61,
compat61-x11, fmsx, osf1_lib, vice, xbeeb, xm7.

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2015-07-28 10:49:16 by Thomas Klausner | Files touched by this commit (42) | Package updated
Log message:
Update RPMs from latest openSUSE 13.1 files.
From Rin Okuyama in PR 50082.
   2015-02-16 11:15:50 by Jonathan Perkin | Files touched by this commit (92)
Log message:
Put back PKGNAME definitions.
   2015-02-11 10:38:19 by OBATA Akio | Files touched by this commit (92)
Log message:
Revert
 define PKGNAME instead of fake DISTNAME
PKGNAME is unstable variable in current pkgsrc framework, so packages must not
rely on it.
   2015-01-23 11:34:08 by OBATA Akio | Files touched by this commit (2) | Package updated
Log message:
Apply following update for suse131_libdbus, bump PKGREVISION.

   openSUSE Security Update: Security update for dbus-1
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2015:0111-1
Rating:             moderate
References:         #912016
Cross-References:   CVE-2012-3524 CVE-2014-8148
Affected Products:
                    openSUSE 13.2
                    openSUSE 13.1
______________________________________________________________________________

   An update that fixes two vulnerabilities is now available.

Description:

         This update fixes the following security issues:
     * CVE-2014-8148:
       - Do not allow calls to UpdateActivationEnvironment from uids
         other than the uid of the dbus-daemon. If a system service installs
   unsafe security policy rules that allow arbitrary method calls (such as
   CVE-2014-8148) then this prevents memory consumption and possible
   privilege escalation via UpdateActivationEnvironment.
    * CVE-2012-3524: Don't access environment variables (bnc#912016)

References:

   http://support.novell.com/security/cve/ … -3524.html
   http://support.novell.com/security/cve/ … -8148.html
   https://bugzilla.suse.com/show_bug.cgi?id=912016
   2014-12-04 13:18:31 by OBATA Akio | Files touched by this commit (2) | Package updated
Log message:
Bump suse131_libdbus  PKGREVISION to 5.

   openSUSE Recommended Update: dbus-1
______________________________________________________________________________

Announcement ID:    openSUSE-RU-2014:1548-1
Rating:             moderate
References:
Affected Products:
                    openSUSE 13.2
                    openSUSE 13.1
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This recommended update for dbus-1 fixes the following issues:
   - Update to 1.8.12:
     + Partially revert the CVE-2014-3639 patch by increasing the default
       authentication timeout on the system bus from 5 seconds back to 30
       seconds, since this has been reported to cause boot regressions for
       some users, mostly with parallel boot (systemd) on slower hardware. On
       fast systems where local users are considered particularly hostile,
       administrators can return to the 5 second timeout (or any other value
       in milliseconds) by saving this as /etc/dbus-1/system-local.conf:
       <busconfig> <limit \ 
name="auth_timeout">5000</limit> </busconfig>
       (fdo#86431)
     + Add a message in syslog/the Journal when the auth_timeout is exceeded
       (fdo#86431)
     + Send back an AccessDenied error if the addressed recipient is not
       allowed to receive a message (and in builds with assertions enabled,
       don't assert under the same conditions). (fdo#86194)
   2014-11-20 10:14:58 by OBATA Akio | Files touched by this commit (2) | Package updated
Log message:
Bump PKGREVISION of suse131_libdbus to 5.

   openSUSE Security Update: Security update for dbus-1
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2014:1455-1
Rating:             moderate
References:
Cross-References:   CVE-2014-7824
Affected Products:
                    openSUSE 13.2
                    openSUSE 13.1
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   dbus-1 was updated to version 1.8.10 to fix one security issue and several
   other issues.

   This security issue was fixed:
   - Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536 to stop an attacker
     from exhausting the system bus' file descriptors (CVE-2014-7824).
   2014-11-03 10:11:22 by OBATA Akio | Files touched by this commit (2) | Package updated
Log message:
Apply following security update to suse131_libdbus, bump PKGREVISION to 3.

   openSUSE Security Update: dbus-1: security and bugfix update to 1.8
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2014:1228-1
Rating:             moderate
References:         #896453
Cross-References:   CVE-2012-3524 CVE-2014-3635 CVE-2014-3636
                    CVE-2014-3637 CVE-2014-3638 CVE-2014-3639

Affected Products:
                    openSUSE 13.1
______________________________________________________________________________

   An update that fixes 6 vulnerabilities is now available.

Description:

   DBUS-1 was upgraded to upstream release 1.8.

   This brings the version of dbus to the latest stable release from an
   unstable snapshot 1.7.4 that is know to have several regressions

   - Upstream changes since 1.7.4:
     + Security fixes:
       - Do not accept an extra fd in the padding of a cmsg message, which
         could lead to a 4-byte heap buffer overrun. (CVE-2014-3635,
         fdo#83622; Simon McVittie)
       - Reduce default for maximum Unix file descriptors passed per message
         from 1024 to 16, preventing a uid with the default maximum number of
         connections from exhausting the system bus' file descriptors under
         Linux's default rlimit. Distributors or system administrators with
         a  restrictive fd limit may wish to reduce these limits further.
         Additionally, on Linux this prevents a second denial of service in
         which the dbus-daemon can be made to exceed the maximum number of
         fds per sendmsg() and disconnect the process that would have
         received them. (CVE-2014-3636, fdo#82820; Alban Crequy)
       - Disconnect connections that still have a fd pending unmarshalling
         after a new configurable limit, pending_fd_timeout (defaulting to
         150 seconds), removing the possibility of creating an abusive
         connection that cannot be disconnected by setting up a circular
         reference to a connection's file descriptor. (CVE-2014-3637,
         fdo#80559; Alban Crequy)
       - Reduce default for maximum pending replies per connection from 8192
         to 128, mitigating an algorithmic complexity denial-of-service
         attack (CVE-2014-3638, fdo#81053; Alban Crequy)
       - Reduce default for authentication timeout on the system bus from 30
         seconds to 5 seconds, avoiding denial of service by using up all
         unauthenticated connection slots; and when all unauthenticated
         connection slots are used up, make new connection attempts block
         instead of disconnecting them. (CVE-2014-3639, fdo#80919; Alban
         Crequy)
       - On Linux >0 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS,
         silently drop the message. This prevents an attack in which a
         malicious client can make dbus-daemon disconnect a system service,
         which is a local denial of service. (fdo#80163, CVE-2014-3532; Alban
         Crequy)
       - Track remaining Unix file descriptors correctly when more than one
         message in quick succession contains fds. This prevents another
         attack in which a malicious client can make dbus-daemon disconnect a
         system service. (fdo#79694, fdo#80469, CVE-2014-3533; Alejandro
         Martinez Suarez, Simon McVittie, Alban Crequy)
       - Alban Crequy at Collabora Ltd. discovered and fixed a
         denial-of-service flaw in dbus-daemon, part of the reference
         implementation of D-Bus. Additionally, in highly unusual
         environments the same flaw could lead to a side channel between
         processes that should not be able to communicate. (CVE-2014-3477,
         fdo#78979)
     + Other fixes and enhancements:
       - Check for libsystemd from systemd >= 209, falling back to the
         older separate libraries if not found (Umut Tezduyar Lindskog, Simon
   McVittie)
       - On Linux, use prctl() to disable core dumps from a test executable
         that deliberately raises SIGSEGV to test dbus-daemon's handling
         of that condition (fdo#83772, Simon McVittie)
       - Fix compilation with --enable-stats (fdo#81043, Gentoo #507232;
         Alban Crequy)
       - Improve documentation for running tests on Windows (fdo#41252, Ralf
         Habacker)
       - When dbus-launch --exit-with-session starts a dbus-daemon but then
         cannot attach to a session, kill the dbus-daemon as intended
         (fdo#74698, Роман Донченко)
       - in the CMake build system, add some hints for Linux users
         cross-compiling Windows D-Bus binaries to be able to run tests under
         Wine (fdo#41252, Ralf Habacker)
       - add Documentation key to dbus.service (fdo#77447, Cameron Norman)
       - in "dbus-uuidgen --ensure", try to copy systemd's \ 
/etc/machine-id to
         /var/lib/dbus/machine-id instead of generating an entirely new ID
         (fdo#77941, Simon McVittie)
       - if dbus-launch receives an X error very quickly, do not kill
         unrelated processes (fdo#74698, Роман Донченко)
       - on Windows, allow up to 8K connections to the dbus-daemon, instead
         of the previous 64 (fdo#71297; Cristian Onet, Ralf Habacker)
       - cope with \r\n newlines in regression tests, since on Windows,
         dbus-daemon.exe uses text mode (fdo#75863, Руслан
         Ижбулатов)
       - Enhance the CMake build system to check for GLib and compile/run a
         subset of the regression tests (fdo#41252, fdo#73495; Ralf Habacker)
       - don't rely on va_copy(), use DBUS_VA_COPY() wrapper (fdo#72840, Ralf
         Habacker)
       - fix compilation of systemd journal support on older systemd versions
         where sd-journal.h doesn't include syslog.h (fdo#73455, Ralf
         Habacker)
       - fix compilation on older MSVC versions by including stdlib.h
         (fdo#73455, Ralf Habacker)
       - Allow <allow_anonymous/> to appear in an included configuration file
         (fdo#73475, Matt Hoosier)
       - If the tests crash with an assertion failure, they no longer default
         to blocking for a debugger to be attached. Set DBUS_BLOCK_ON_ABORT
         in the environment if you want the old behaviour.
       - To improve debuggability, the dbus-daemon and dbus-daemon-eavesdrop
         tests can be run with an external dbus-daemon by setting
         DBUS_TEST_DAEMON_ADDRESS in the environment. Test-cases that require
         an unusually-configured dbus-daemon are skipped.
       - don't require messages with no INTERFACE to be dispatched
         (fdo#68597, Simon McVittie)
       - document "tcp:bind=..." and "nonce-tcp:bind=..." \ 
(fdo#72301,
         Chengwei Yang)
       - define "listenable" and "connectable" addresses, \ 
and discuss the
         difference (fdo#61303, Simon McVittie)
       - support printing Unix file descriptors in dbus-send, dbus-monitor
         (fdo#70592, Robert Ancell)
       - don't install systemd units if --disable-systemd is given
         (fdo#71818, Chengwei Yang)
       - don't leak memory on out-of-memory while listing activatable or
         active services (fdo#71526, Radoslaw Pajak)
       - fix undefined behaviour in a regression test (fdo#69924, DreamNik)
       - escape Unix socket addresses correctly (fdo#46013, Chengwei Yang)
       - on SELinux systems, don't assume that SECCLASS_DBUS,
         DBUS__ACQUIRE_SVC and DBUS__SEND_MSG are numerically equal to their
         values in the reference policy (fdo#88719, osmond sun)
       - define PROCESS_QUERY_LIMITED_INFORMATION if missing from MinGW < 4
         headers (fdo#71366, Matt Fischer)
       - define WIN32_LEAN_AND_MEAN to avoid conflicts between winsock.h and
         winsock2.h (fdo#71405, Matt Fischer)
       - do not return failure from _dbus_read_nonce() with no error set,
         preventing a potential crash (fdo#72298, Chengwei Yang)
       - on BSD systems, avoid some O(1)-per-process memory and fd leaks in
         kqueue, preventing test failures (fdo#69332, fdo#72213; Chengwei
         Yang)
       - fix warning spam on Hurd by not trying to set SO_REUSEADDR on Unix
         sockets, which doesn't do anything anyway on at least Linux and
         FreeBSD (fdo#69492, Simon McVittie)
       - fix use of TCP sockets on FreeBSD and Hurd by tolerating EINVAL from
         sendmsg() with SCM_CREDS (retrying with plain send()), and looking
         for credentials more correctly (fdo#69492, Simon McVittie)
       - ensure that tests run with a temporary XDG_RUNTIME_DIR to avoid
         getting mixed up in XDG/systemd "user sessions" (fdo#61301, Simon
         McVittie)
       - refresh cached policy rules for existing connections when bus
         configuration changes (fdo#39463, Chengwei Yang)
       - If systemd support is enabled, libsystemd-journal is now required.
       - When activating a non-systemd service under systemd, annotate its
         stdout/stderr with its bus name in the Journal. Known limitation:
         because the socket is opened before forking, the process will still
         be logged as if it had dbus-daemon's process ID and user ID.
         (fdo#68559, Chengwei Yang)
       - Document more configuration elements in dbus-daemon(1) (fdo#69125,
         Chengwei Yang)
       - Don't leak string arrays or fds if
         dbus_message_iter_get_args_valist() unpacks them and then encounters
         an error (fdo#21259, Chengwei Yang)
       - If compiled with libaudit, retain CAP_AUDIT_WRITE so we can write
         disallowed method calls to the audit log, fixing a regression in
         1.7.6 (fdo#49062, Colin Walters)
       - path_namespace='/' in match rules incorrectly matched nothing; it
         now matches everything. (fdo#70799, Simon McVittie)
       - Directory change notification via dnotify on Linux is no longer
         supported; it hadn't compiled successfully since 2010 in any case.
         If you don't have inotify (Linux) or kqueue (*BSD), you will need to
         send SIGHUP to the dbus-daemon when its configuration changes.
         (fdo#33001, Chengwei Yang)
       - Compiling with --disable-userdb-cache is no longer supported; it
         didn't work since at least 2008, and would lead to an extremely slow
         dbus-daemon even it worked. (fdo#15589, fdo#17133, fdo#66947;
         Chengwei Yang)
       - The DBUS_DISABLE_ASSERTS CMake option didn't actually disable most
         assertions. It has been renamed to DBUS_DISABLE_ASSERT to be
         consistent with the Autotools build system. (fdo#66142, Chengwei
         Yang)
       - --with-valgrind=auto enables Valgrind instrumentation if and only if
         valgrind headers are available. The default is still
         --with-valgrind=no. (fdo#56925, Simon McVittie)
       - Platforms with no 64-bit integer type are no longer supported.
         (fdo#65429, Simon McVittie)
       - GNU make is now (documented to be) required. (fdo#48277, Simon
         McVittie)
       - Full test coverage no longer requires dbus-glib, although the tests
         do not exercise the shared library (only a static copy) if dbus-glib
         is missing. (fdo#68852, Simon McVittie)
       - D-Bus Specification 0.22
         * Document GetAdtAuditSessionData() and
   GetConnectionSELinuxSecurityContext() (fdo#54445, Simon)
         * Fix example .service file (fdo#66481, Chengwei Yang)
         * Don't claim D-Bus is "low-latency" (lower than what?), just give
   factual statements about it supporting async use (fdo#65141, Justin Lee)
         * Document the contents of .service files, and the fact that system
   services' filenames are constrained (fdo#66608; Simon McVittie, Chengwei
   Yang)
       - Be thread-safe by default on all platforms, even if
         dbus_threads_init_default() has not been called. For compatibility
         with older libdbus, library users should continue to call
         dbus_threads_init_default(): it is harmless to do so. (fdo#54972,
         Simon McVittie)
       - Add GetConnectionCredentials() method (fdo#54445, Simon)
       - New API: dbus_setenv(), a simple wrapper around setenv(). Note that
         this is not thread-safe. (fdo#39196, Simon)
       - Add dbus-send --peer=ADDRESS (connect to a given peer-to-peer
         connection, like --address=ADDRESS in previous versions) and
         dbus-send --bus=ADDRESS (connect to a given bus, like dbus-monitor
         --address=ADDRESS). dbus-send --address still exists for backwards
   compatibility, but is no longer documented. (fdo#48816, Andrey Mazo)
       - "dbus-daemon --nofork" is allowed on Windows again. (fdo#68852,
         Simon McVittie)
       - Avoid an infinite busy-loop if a signal interrupts waitpid()
         (fdo#68945, Simon McVittie)
       - Clean up memory for parent nodes when objects are unexported
         (fdo#60176, Thomas Fitzsimmons)
       - Make dbus_connection_set_route_peer_messages(x, FALSE) behave as
         documented. Previously, it assumed its second parameter was TRUE.
         (fdo#69165, Chengwei Yang)
       - Escape addresses containing non-ASCII characters correctly
         (fdo#53499, Chengwei Yang)
       - Document <servicedir> search order correctly (fdo#66994, Chengwei
         Yang)
       - Don't crash on "dbus-send --session / x.y.z" which regressed in
         1.7.4. (fdo#65923, Chengwei Yang)
       - If malloc() returns NULL in _dbus_string_init() or similar, don't
         free an invalid pointer if the string is later freed (fdo#65959,
         Chengwei Yang)
       - If malloc() returns NULL in dbus_set_error(), don't va_end() a
         va_list that was never va_start()ed (fdo#66300, Chengwei Yang)
       - fix build failure with --enable-stats (fdo#66004, Chengwei Yang)
       - fix a regression test on platforms with strict alignment (fdo#67279,
         Colin Walters)
       - Avoid calling function parameters "interface" since certain \ 
Windows
         headers have a namespace-polluting macro of that name (fdo#66493,
         Ivan Romanov)
       - Assorted Doxygen fixes (fdo#65755, Chengwei Yang)
       - Various thread-safety improvements to static variables (fdo#68610,
         Simon McVittie)
       - Make "make -j check" work (fdo#68852, Simon McVittie)
       - Fix a NULL pointer dereference on an unlikely error path (fdo#69327,
         Sviatoslav Chagaev)
       - Improve valgrind memory pool tracking (fdo#69326, Sviatoslav Chagaev)
       - Don't over-allocate memory in dbus-monitor (fdo#69329, Sviatoslav
         Chagaev)
       - dbus-monitor can monitor dbus-daemon < 1.5.6 again (fdo#66107,
         Chengwei Yang)
       - If accept4() fails with EINVAL, as it can on older Linux kernels
         with newer glibc, try accept() instead of going into a busy-loop.
         (fdo#69026, Chengwei Yang)
       - If socket() or socketpair() fails with EINVAL or EPROTOTYPE, for
         instance on Hurd or older Linux with a new glibc, try without
         SOCK_CLOEXEC. (fdo#69073; Pino Toscano, Chengwei Yang)
       - Fix a file descriptor leak on an error code path. (fdo#69182,
         Sviatoslav Chagaev)
       - dbus-run-session: clear some unwanted environment variables
         (fdo#39196, Simon)
       - dbus-run-session: compile on FreeBSD (fdo#66197, Chengwei Yang)
       - Don't fail the autolaunch test if there is no DISPLAY (fdo#40352,
         Simon)
       - Use dbus-launch from the builddir for testing, not the installed
         copy (fdo#37849, Chengwei Yang)
       - Fix compilation if writev() is unavailable (fdo#69409, Vasiliy
         Balyasnyy)
       - Remove broken support for LOCAL_CREDS credentials passing, and
         document where each credential-passing scheme is used (fdo#60340,
         Simon McVittie)
       - Make autogen.sh work on *BSD by not assuming GNU coreutils
         functionality fdo#35881, fdo#69787; Chengwei Yang)
       - dbus-monitor: be portable to NetBSD (fdo#69842, Chengwei Yang)
       - dbus-launch: stop using non-portable asprintf (fdo#37849, Simon)
       - Improve error reporting from the setuid activation helper
         (fdo#66728, Chengwei Yang)
       - Remove unavailable command-line options from 'dbus-daemon --help'
         (fdo#42441, Ralf Habacker)
       - Add support for looking up local TCPv4 clients' credentials on
         Windows XP via the undocumented AllocateAndGetTcpExTableFromStack
         function (fdo#66060, Ralf Habacker)
       - Fix insufficient dependency-tracking (fdo#68505, Simon McVittie)
       - Don't include wspiapi.h, fixing a compiler warning (fdo#68852, Simon
         McVittie)
       - add DBUS_ENABLE_ASSERT, DBUS_ENABLE_CHECKS for less confusing
         conditionals (fdo#66142, Chengwei Yang)
       - improve verbose-mode output (fdo#63047, Colin Walters)
       - consolidate Autotools and CMake build (fdo#64875, Ralf Habacker)
       - fix various unused variables, unusual build configurations etc.
         (fdo#65712, fdo#65990, fdo#66005, fdo#66257, fdo#69165, fdo#69410,
         fdo#70218; Chengwei Yang, Vasiliy Balyasnyy)

   - dbus-cve-2014-3533.patch: Add patch for CVE-2014-3533 to fix (fdo#63127)
     ? CVE-2012-3524: Don't access environment variables (fdo#52202)
     (fdo#51521, Dave Reisner) ? Remove an incorrect assertion from
     DBusTransport (fdo#51657, (fdo#51406, Simon McVittie) (fdo#51032, Simon
     McVittie) (fdo#34671, Simon McVittie) ・ Check for libpthread under
     CMake on Unix (fdo#47237, Simon McVittie) spec-compliance (fdo#48580,
     David Zeuthen) non-root when using OpenBSD install(1) (fdo#48217,
     Antoine Jacoutot) (fdo#45896, Simon McVittie) (fdo#39549, Simon
     McVittie) invent their own "union of everything" type (fdo#11191, \ 
Simon
     find(1) (fdo#33840, Simon McVittie) (fdo#46273, Alban Crequy) again on
     Win32, but not on WinCE (fdo#46049, Simon (fdo#47321, Andoni Morales
     Alastruey) (fdo#39231, fdo#41012; Simon McVittie)
    * Add a regression test for fdo#38005 (fdo#39836, Simon McVittie) a
      service file entry for activation (fdo#39230, Simon McVittie)
      (fdo#24317, #34870; Will Thompson, David Zeuthen, Simon McVittie) and
      document it better (fdo#31818, Will Thompson) ? Let the bus daemon
      implement more than one interface (fdo#33757, ? Optimize
      _dbus_string_replace_len to reduce waste (fdo#21261, (fdo#35114, Simon
      McVittie) ? Add dbus_type_is_valid as public API (fdo#20496, Simon
      McVittie) to unknown interfaces in the bus daemon (fdo#34527, Lennart
      Poettering) (fdo#32245; Javier Jardon, Simon McVittie) ? Correctly
      give XDG_DATA_HOME priority over XDG_DATA_DIRS (fdo#34496, in embedded
      environments (fdo#19997, NB#219964; Simon McVittie) ? Install the
      documentation, and an index for Devhelp (fdo#13495, booleans when
      sending them (fdo#16338, NB#223152; Simon McVittie) errors to
      dbus-shared.h (fdo#34527, Lennart Poettering) data (fdo#10887, Simon
      McVittie) .service files (fdo#19159, Sven Herzberg) (fdo#35750, Colin
      Walters) (fdo#32805, Mark Brand) which could result in a busy-loop
      (fdo#32992, NB#200248; possibly ? Fix failure to detect abstract
      socket support (fdo#29895) (fdo#32262, NB#180486) ? Improve some
      error code paths (fdo#29981, fdo#32264, fdo#32262, fdo#33128,
      fdo#33277, fdo#33126, NB#180486) ? Avoid possible symlink attacks in
      /tmp during compilation (fdo#32854) ? Tidy up dead code (fdo#25306,
      fdo#33128, fdo#34292, NB#180486) ? Improve gcc malloc annotations
      (fdo#32710) ? Documentation improvements (fdo#11190) ? Avoid
      readdir_r, which is difficult to use correctly (fdo#8284, fdo#15922,
      LP#241619) ? Cope with invalid files in session.d, system.d
      (fdo#19186, ? Don't distribute generated files that embed our
      builddir (fdo#30285, fdo#34292) (fdo#33474, LP#381063) with lcov HTML
      reports and --enable-compiler-coverage (fdo#10887) ・ support
      credentials-passing (fdo#32542) ・ opt-in to thread safety (fdo#33464)