./sysutils/dbus, Message bus system

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 1.14.10, Package name: dbus-1.14.10, Maintainer: pkgsrc-users

D-BUS is a message bus, used for sending messages between applications.
Conceptually, it fits somewhere in between raw sockets and CORBA in terms
of complexity.

D-BUS supports broadcast messages, asynchronous messages (thus decreasing
latency), authentication, and more. It is designed to be low-overhead;
messages are sent using a binary protocol, not using XML. D-BUS also
supports a method call mapping for its messages, but it is not required;
this makes using the system quite simple.

This package provides the D-BUS core library and daemon, as well as
some utilities that complement it.

MESSAGE.launchd [+/-]
MESSAGE.rcd [+/-]

Required to build:
[textproc/xmlto] [pkgtools/x11-links] [pkgtools/cwrappers]

Package options: kqueue, x11

Master sites:

Filesize: 1340.164 KB

Version history: (Expand)

CVS history: (Expand)

   2023-10-18 00:10:01 by Thomas Klausner | Files touched by this commit (1)
Log message:
dbus: remove reference to MESSAGE.rcd to fix build
   2023-10-16 15:53:27 by Greg Troxel | Files touched by this commit (1)
Log message:
dbus: Drop MESSAGE.rcd, which advises standard practices

The file only suggested installing the rc.d file and enabling the
daemon, which is normal practice, and thus outside the documented
guidelines for MESSAGE.
   2023-09-03 20:31:52 by pin | Files touched by this commit (2) | Package updated
Log message:
sysutils/dbus: update to 1.14.10

dbus 1.14.10 (2023-09-01)

Bug fixes:

• Avoid a dbus-daemon crash if re-creating a connection's policy fails.
  If it isn't possible to re-create its policy (for example if it belongs
  to a user account that has been deleted or if the Name Service Switch is
  broken, on a system not supporting SO_PEERGROUPS), we now log a warning,
  continue to use its current policy, and continue to reload other
  connections' policies. (dbus#343; Peter Benie, Simon McVittie)

• If getting the groups from a user ID fails, report the error correctly,
  instead of logging "(null)" (dbus#343, Simon McVittie)

• Return the primary group ID in GetConnectionCredentials()' UnixGroupIDs
  field for processes with a valid-but-empty supplementary group list
  (dbus!422, cptpcrd)
   2023-08-24 08:35:04 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
dbus: update to 1.14.8.

dbus 1.14.8 (2023-06-06)

Denial-of-service fixes:

• Fix an assertion failure in dbus-daemon when a privileged Monitoring
  connection (dbus-monitor, busctl monitor, gdbus monitor or similar)
  is active, and a message from the bus driver cannot be delivered to a
  client connection due to <deny> rules or outgoing message quota. This
  is a denial of service if triggered maliciously by a local attacker.
  (dbus#457; hongjinghao, Simon McVittie)

Other fixes:

• Fix compilation on compilers not supporting __FUNCTION__
  (dbus!404, Barnabás Pőcze)

• Fix some memory leaks on out-of-memory conditions
  (dbus!403, Barnabás Pőcze)

• Documentation:
  · Fix syntax of a code sample in dbus-api-design
    (dbus!396; Yen-Chin, Lee)

Tests and CI enhancements:

• Fix CI pipelines after freedesktop/freedesktop#540
  (dbus!405, dbus#456; Simon McVittie)
   2023-06-06 14:42:56 by Taylor R Campbell | Files touched by this commit (1319)
Log message:
Mass-change BUILD_DEPENDS to TOOL_DEPENDS outside mk/.

Almost all uses, if not all of them, are wrong, according to the
semantics of BUILD_DEPENDS (packages built for target available for
use _by_ tools at build-time) and TOOL_DEPEPNDS (packages built for
host available for use _as_ tools at build-time).

No change to BUILD_DEPENDS as used correctly inside buildlink3.

As proposed on tech-pkg:
   2023-02-14 17:19:09 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
dbus: update to 1.14.6.

dbus 1.14.6 (2023-02-08)

Denial of service fixes:

• Fix an incorrect assertion that could be used to crash dbus-daemon or
  other users of DBusServer prior to authentication, if libdbus was compiled
  with assertions enabled.
  We recommend that production builds of dbus, for example in OS distributions,
  should be compiled with checks but without assertions.
  (dbus#421, Ralf Habacker; thanks to Evgeny Vereshchagin)

Other fixes:

• When connected to a dbus-broker, stop dbus-monitor from incorrectly
  replying to Peer method calls that were sent to the dbus-broker with
  a NULL destination (dbus#301, Kai A. Hiller)

• Fix out-of-bounds varargs read in the dbus-daemon's config-parser.
  This is not attacker-triggerable and appears to be harmless in practice,
  but is technically undefined behaviour and is detected as such by
  AddressSanitizer. (dbus!357, Evgeny Vereshchagin)

• Avoid a data race in multi-threaded use of DBusCounter
  (dbus#426, Ralf Habacker)

• Fix a crash with some glibc versions when non-auditable SELinux events
  are logged (dbus!386, Jeremi Piotrowski)

• If dbus_message_demarshal() runs out of memory while validating a message,
  report it as NoMemory rather than InvalidArgs (dbus#420, Simon McVittie)

• Use C11 _Alignof if available, for better standards-compliance
  (dbus!389, Khem Raj)

• Stop including an outdated copy of pkg.m4 in the git tree
  (dbus!365, Simon McVittie)

• Documentation:
  · Consistently use Gitlab bug reporting URL (dbus!372, Marco Trevisan)

• Tests fixes:
  · Fix the test-apparmor-activation test after dbus#416
    (dbus!380, Dave Jones)

Internal changes:

• Fix CI builds with recent git versions (dbus#447, Simon McVittie)
   2022-10-06 23:29:56 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
dbus: update to 1.14.4.

dbus 1.14.4 (2022-10-05)

This is a security update for the dbus 1.14.x stable branch, fixing
denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying
security hardening (dbus#416).

Behaviour changes:

• On Linux, dbus-daemon and other uses of DBusServer now create a
  path-based Unix socket, unix:path=..., when asked to listen on a
  unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to
  unix:dir=... on all platforms.
  Previous versions would have created an abstract socket, unix:abstract=...,
  in this situation.
  This change primarily affects the well-known session bus when run via
  dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring
  dbus with --enable-user-session and running it on a systemd system,
  already used path-based Unix sockets and is unaffected by this change.
  This behaviour change prevents a sandbox escape via the session bus socket
  in sandboxing frameworks that can share the network namespace with the host
  system, such as Flatpak.
  This change might cause a regression in situations where the abstract socket
  is intentionally shared between the host system and a chroot or container,
  such as some use-cases of schroot(1). That regression can be resolved by
  using a bind-mount to share either the D-Bus socket, or the whole /tmp
  directory, with the chroot or container.
  (dbus#416, Simon McVittie)

Denial of service fixes:

Evgeny Vereshchagin discovered several ways in which an authenticated
local attacker could cause a crash (denial of service) in
dbus-daemon --system or a custom DBusServer. In uncommon configurations
these could potentially be carried out by an authenticated remote attacker.

• An invalid array of fixed-length elements where the length of the array
  is not a multiple of the length of the element would cause an assertion
  failure in debug builds or an out-of-bounds read in production builds.
  This was a regression in version 1.3.0.
  (dbus#413, CVE-2022-42011; Simon McVittie)

• A syntactically invalid type signature with incorrectly nested parentheses
  and curly brackets would cause an assertion failure in debug builds.
  Similar messages could potentially result in a crash or incorrect message
  processing in a production build, although we are not aware of a practical
  example. (dbus#418, CVE-2022-42010; Simon McVittie)

• A message in non-native endianness with out-of-band Unix file descriptors
  would cause a use-after-free and possible memory corruption in production
  builds, or an assertion failure in debug builds. This was a regression in
  version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie)
   2022-10-03 14:44:00 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
dbus: update to 1.14.2.

dbus 1.14.2 (2022-09-26)


• Fix build failure on FreeBSD (dbus!277, Alex Richardson)

• Fix build failure on macOS with launchd enabled
  (dbus!287, Dawid Wróbel)

• Preserve errno on failure to open /proc/self/oom_score_adj
  (dbus!285, Gentoo#834725; Mike Gilbert)

• On Linux, don't log warnings if oom_score_adj is read-only but does not
  need to be changed (dbus!291, Simon McVittie)

• Slightly improve error-handling for inotify
  (dbus!235, Simon McVittie)

• Don't crash if dbus-daemon is asked to watch more than 128 directories
  for changes (dbus!302, Jan Tojnar)

• Autotools build system fixes:
  · Don't treat --with-x or --with-x=yes as a request to disable X11,
    fixing a regression in 1.13.20. Instead, require X11 libraries and
    fail if they cannot be detected. (dbus!263, Lars Wendler)
  · When a CMake project uses an Autotools-built libdbus in a
    non-standard prefix, find dbus-arch-deps.h successfully
    (dbus#314, Simon McVittie)
  · Don't include generated XML catalog in source releases
    (dbus!317, Jan Tojnar)
  · Improve robustness of detecting gcc __sync atomic builtins
    (dbus!320, Alex Richardson)

• CMake build system fixes:
  · Detect endianness correctly, fixing interoperability with other D-Bus
    implementations on big-endian systems (dbus#375, Ralf Habacker)
  · When building for Unix, install session and system bus setup
    in the intended locations
    (dbus!267, dbus!297; Ralf Habacker, Alex Richardson)
  · Detect setresuid() and getresuid() (dbus!319, Alex Richardson)
  · Detect backtrace() on FreeBSD (dbus!281, Alex Richardson)
  · Don't include headers from parent directory (dbus!282, Alex Richardson)
  · Distinguish between host and target TMPDIR when cross-compiling
    (dbus!279, Alex Richardson)
  · Fix detection of atomic operations (dbus!306, Alex Richardson)

Tests and CI enhancements:

• On Unix, skip tests that switch uid if run in a container that is
  unable to do so, instead of failing (dbus#407, Simon McVittie)

• Use the latest MSYS2 packages for CI
  (Ralf Habacker, Simon McVittie)