Changelog for libdbus-1-3-1.8.12-7.3.x86_64.rpm :
Tue Nov 25 13:00:00 2014
- Update to 1.8.12:

* Fixes:
- Partially revert the CVE-2014-3639 patch by increasing the
default authentication timeout on the system bus from 5
seconds back to 30 seconds, since this has been reported to
cause boot regressions for some users, mostly with parallel
boot (systemd) on slower hardware.
On fast systems where local users are considered particularly
hostile, administrators can return to the 5 second timeout
(or any other value in milliseconds) by saving this as


(fdo#86431, Simon McVittie)
- Add a message in syslog/the Journal when the auth_timeout is
exceeded (fdo#86431, Simon McVittie)
- Send back an AccessDenied error if the addressed recipient is
not allowed to receive a message (and in builds with
assertions enabled, don\'t assert under the same conditions).
(fdo#86194, Jacek Bukarewicz)

Mon Nov 10 13:00:00 2014
- Update to 1.8.10:

* Security fixes:
- Increase dbus-daemon\'s RLIMIT_NOFILE rlimit to 65536
so that CVE-2014-3636 part A cannot exhaust the system bus\'
file descriptors, completing the incomplete fix in 1.8.8.
(CVE-2014-7824, fd.o #85105; Simon McVittie, Alban Crequy)

Tue Sep 30 14:00:00 2014
- Reformat the spec file using spec-cleaner

Thu Sep 18 14:00:00 2014
- Update baselibs.conf: Provides dbus-1-32bit in lib package

Wed Sep 17 14:00:00 2014
- Update to 1.8.8:
+ Security fixes:
- Do not accept an extra fd in the padding of a cmsg message,
which could lead to a 4-byte heap buffer overrun. (CVE-2014-3635,
fdo#83622, bnc#896453; Simon McVittie)
- Reduce default for maximum Unix file descriptors passed per
message from 1024 to 16, preventing a uid with the default maximum
number of connections from exhausting the system bus\' file
descriptors under Linux\'s default rlimit. Distributors or system
administrators with a more restrictive fd limit may wish to reduce
these limits further.
Additionally, on Linux this prevents a second denial of service
in which the dbus-daemon can be made to exceed the maximum number
of fds per sendmsg() and disconnect the process that would have
received them. (CVE-2014-3636, fdo#82820, bnc#896453; Alban Crequy)
- Disconnect connections that still have a fd pending unmarshalling
after a new configurable limit, pending_fd_timeout (defaulting to
150 seconds), removing the possibility of creating an abusive
connection that cannot be disconnected by setting up a circular
reference to a connection\'s file descriptor. (CVE-2014-3637,
fdo#80559, bnc#896453; Alban Crequy)
- Reduce default for maximum pending replies per connection from
8192 to 128, mitigating an algorithmic complexity
denial-of-service attack (CVE-2014-3638, fdo#81053, bnc#896453;
Alban Crequy)
- Reduce default for authentication timeout on the system bus from
30 seconds to 5 seconds, avoiding denial of service by using up
all unauthenticated connection slots; and when all unauthenticated
connection slots are used up, make new connection attempts block
instead of disconnecting them. (CVE-2014-3639, fdo#80919,
bnc#896453; Alban Crequy)
+ Other fixes:
- Check for libsystemd from systemd >= 209, falling back to the
older separate libraries if not found (Umut Tezduyar Lindskog,
Simon McVittie)
- On Linux, use prctl() to disable core dumps from a test executable
that deliberately raises SIGSEGV to test dbus-daemon\'s handling
of that condition (fdo#83772, Simon McVittie)
- Fix compilation with --enable-stats (fdo#81043, Gentoo #507232;
Alban Crequy)
- Improve documentation for running tests on Windows (fdo#41252,
Ralf Habacker)

Thu Jul 24 14:00:00 2014
- Remove the QA script since [Fate#313531] is being rejected

Thu Jul 10 14:00:00 2014
- Update baselibs.conf: Obsoletes dbus-1-32bit in lib package.

Wed Jul 2 14:00:00 2014
- Update to 1.8.6:
+ Security fixes:
- On Linux >= 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS,
silently drop the message. This prevents an attack in which
a malicious client can make dbus-daemon disconnect a system
service, which is a local denial of service.
(bnc#885241 fdo#80163, CVE-2014-3532; Alban Crequy)
- Track remaining Unix file descriptors correctly when more
than one message in quick succession contains fds. This
prevents another attack in which a malicious client can make
dbus-daemon disconnect a system service.
(bnc#885241 fdo#79694, fd0#80469, CVE-2014-3533; Alejandro
Martínez Suárez, Simon McVittie, Alban Crequy)
+ Other fixes:
- When dbus-launch --exit-with-session starts a dbus-daemon but
then cannot attach to a session, kill the dbus-daemon as
intended (fdo#74698, Роман Донченко)

Wed Jun 11 14:00:00 2014
- Update to 1.8.4:
+ Security fix:
- Alban Crequy at Collabora Ltd. discovered and fixed a
denial-of-service flaw in dbus-daemon, part of the reference
implementation of D-Bus.
Additionally, in highly unusual environments the same flaw
could lead to a side channel between processes that should
not be able to communicate. (CVE-2014-3477, fdo#78979,

Fri May 16 14:00:00 2014
- Put everything into /var/run instaead of /run

Thu May 15 14:00:00 2014
- Move system socket back from /run/dbus to /var/run/dbus

* From upstream reasoning:
Some specifications we want to stay compatibility actually
document /var/run, not /run, and we should stay compatible with
that. In order to make sure our D-Bus implementation works on
any system, regardless if running systemd or not, we should
always use /var/run which is the only path mandated by the
D-Bus spec.
Similar, glibc hardcodes the utmp location to /var/run, and
this is exposed in _UTMP_PATH in limits.h, hence let\'s stay in
sync with this public API, too.
We simply do not support systems where /var/run is not a
symlink -> /run. Hence both are equivalent. Staying compatible
with upstream specifications hence weighs more than cleaning up
superficial appearance.

Sat May 3 14:00:00 2014
- Update to 1.8.2:
+ Enhancements:
- in the CMake build system, add some hints for Linux users
cross-compiling Windows D-Bus binaries to be able to run
tests under Wine (fdo#41252)
- add Documentation key to dbus.service (fdo#77447)
+ Fixes:
- in \"dbus-uuidgen --ensure\", try to copy systemd\'s
/etc/machine-id to /var/lib/dbus/machine-id instead
of generating an entirely new ID (fdo#77941)
- if dbus-launch receives an X error very quickly, do not kill
unrelated processes (fdo#74698)
- on Windows, allow up to 8K connections to the dbus-daemon,
instead of the previous 64 (fdo#71297)
- cope with \\r\
newlines in regression tests, since on
Windows, dbus-daemon.exe uses text mode (fdo#75863)

Fri Mar 7 13:00:00 2014
- Fix typo in spec file (bnc#867256)

Thu Jan 23 13:00:00 2014
- Add a script allowing the QA to test whether it is safe to
restart dbus [Fate#313531]

Mon Jan 20 13:00:00 2014
- Update to 1.8.0 final:
+ This starts a new stable branch. The 1.6.x branch is now
considered to be outdated, and will only receive fixes for
serious bugs such as security flaws. The 1.4.x and 1.2.x branches
no longer have upstream support and are unlikely to get any more
releases, but if distributors still need to support them,
please share security patches via upstream.
+ Enhancements since 1.7.10:
- Enhance the CMake build system to check for GLib and
compile/run a subset of the regression tests (fdo#41252,
+ Fixes since 1.7.10:
- don\'t rely on va_copy(), use DBUS_VA_COPY() wrapper (fdo#72840)
- fix compilation of systemd journal support on older systemd
versions where sd-journal.h doesn\'t include syslog.h (fdo#73455)
- fix compilation on older MSVC versions by including stdlib.h
- Allow to appear in an included configuration
file (fdo#73475)
+ Test behaviour changes since 1.7.10:
- If the tests crash with an assertion failure, they no longer
default to blocking for a debugger to be attached. Set
DBUS_BLOCK_ON_ABORT in the environment if you want the old
- To improve debuggability, the dbus-daemon and
dbus-daemon-eavesdrop tests can be run with an external
dbus-daemon by setting DBUS_TEST_DAEMON_ADDRESS in the
environment. Test-cases that require an unusually-configured
dbus-daemon are skipped.

Fri Jan 10 13:00:00 2014
- Remove checks for obsolete openSUSE versions
- Make sure that dbus-1 requires libdbus-1-3 during %post (detected
when built against DBus-less systemd 209)

Thu Jan 9 13:00:00 2014
- Try hard to assure that /var/lib/dbus/machine-id and
/etc/machine-id are the same (bnc#857377)

Tue Jan 7 13:00:00 2014
- Update to 1.7.10 (1.8.0 rc1)
+ D-Bus Specification 0.23:
- don\'t require messages with no INTERFACE to be dispatched
- document \"tcp:bind=...\" and \"nonce-tcp:bind=...\" (fdo#72301)
- define \"listenable\" and \"connectable\" addresses, and discuss
the difference (fdo#61303)
+ Enhancements:
- support printing Unix file descriptors in dbus-send,
dbus-monitor (fdo#70592)
- don\'t install systemd units if --disable-systemd is given
+ Fixes:
- don\'t leak memory on out-of-memory while listing activatable
or active services (fdo#71526)
- fix undefined behaviour in a regression test (fdo#69924)
- escape Unix socket addresses correctly (fdo#46013)
- on SELinux systems, don\'t assume that SECCLASS_DBUS,
DBUS__ACQUIRE_SVC and DBUS__SEND_MSG are numerically equal to
their values in the reference policy (fdo#88719)
MinGW < 4 headers (fdo#71366)
- define WIN32_LEAN_AND_MEAN to avoid conflicts between
winsock.h and winsock2.h (fdo#71405)
- do not return failure from _dbus_read_nonce() with no error
set, preventing a potential crash (fdo#72298)
- on BSD systems, avoid some O(1)-per-process memory and fd
leaks in kqueue, preventing test failures
(fdo#69332, fdo#72213)
- fix warning spam on Hurd by not trying to set SO_REUSEADDR
on Unix sockets, which doesn\'t do anything anyway on at least
Linux and FreeBSD (fdo#69492)
- fix use of TCP sockets on FreeBSD and Hurd by tolerating
EINVAL from sendmsg() with SCM_CREDS (retrying with plain
send()), and looking for credentials more correctly
- ensure that tests run with a temporary XDG_RUNTIME_DIR to
avoid getting mixed up in XDG/systemd \"user sessions\"
- refresh cached policy rules for existing connections when bus
configuration changes (fdo#39463)

Wed Nov 20 13:00:00 2013
- Drop the dbus-fall-back-to-old-run-directory.patch, and the sed
workaround from dbus-1-x11 %post, now that transition from 12.3
(/var/run) to 13.1 (/run) is done

Fri Nov 1 13:00:00 2013
- Update to 1.7.8
+ Dependencies:
- If systemd support is enabled, libsystemd-journal is
now required.
+ Enhancements:
- When activating a non-systemd service under systemd,
annotate its stdout/stderr with its bus name in the Journal.
Known limitation: because the socket is opened before forking,
the process will still be logged as if it had dbus-daemon\'s
process ID and user ID. (fdo#68559)
- Document more configuration elements in dbus-daemon(1)
+ Fixes:
- Don\'t leak string arrays or fds if
dbus_message_iter_get_args_valist() unpacks them and then
encounters an error (fdo#21259)
- If compiled with libaudit, retain CAP_AUDIT_WRITE so we
can write disallowed method calls to the audit log,
fixing a regression in 1.7.6 (fdo#49062)
- path_namespace=\'/\' in match rules incorrectly matched nothing;
it now matches everything. (fdo#70799)

Wed Oct 9 14:00:00 2013
- Update to 1.7.6
+ Build-time configuration changes:
- Directory change notification via dnotify on Linux is no
longer supported; it hadn\'t compiled successfully since 2010
in any case. If you don\'t have inotify (Linux) or kqueue (
you will need to send SIGHUP to the dbus-daemon when its
configuration changes. (fdo#33001)
- Compiling with --disable-userdb-cache is no longer supported;
it didn\'t work since at least 2008, and would lead to an
extremely slow dbus-daemon even it worked.
- The DBUS_DISABLE_ASSERTS CMake option didn\'t actually disable
most assertions. It has been renamed to DBUS_DISABLE_ASSERT
to be consistent with the Autotools build system. (fdo#66142)
- --with-valgrind=auto enables Valgrind instrumentation if and only
if valgrind headers are available. The default is still
- -with-valgrind=no. (fdo#56925)
+ Dependencies:
- Platforms with no 64-bit integer type are no longer supported.
- GNU make is now (documented to be) required. (fdo#48277)
- Full test coverage no longer requires dbus-glib, although the
tests do not exercise the shared library (only a static copy)
if dbus-glib is missing. (fdo#68852)
+ Enhancements:
- D-Bus Specification 0.22
- Document GetAdtAuditSessionData() and
GetConnectionSELinuxSecurityContext() (fdo#54445)
- Fix example .service file (fdo#66481)
- Don\'t claim D-Bus is \"low-latency\" (lower than what?), just
give factual statements about it supporting async use (fdo#65141)
- Document the contents of .service files, and the fact that
system services\' filenames are constrained (fdo#66608)
- Be thread-safe by default on all platforms, even if
dbus_threads_init_default() has not been called. For
compatibility with older libdbus, library users should
continue to call dbus_threads_init_default(): it is
harmless to do so. (fdo#54972)
- Add GetConnectionCredentials() method (fdo#54445)
- New API: dbus_setenv(), a simple wrapper around setenv().
Note that this is not thread-safe. (fdo#39196,)
- Add dbus-send --peer=ADDRESS (connect to a given peer-to-peer
connection, like --address=ADDRESS in previous versions) and
dbus-send --bus=ADDRESS (connect to a given bus, like
dbus-monitor --address=ADDRESS). dbus-send --address still
exists for backwards compatibility, but is no longer documented.
+ Fixes:
- Avoid an infinite busy-loop if a signal interrupts waitpid()
- Clean up memory for parent nodes when objects are unexported
- Make dbus_connection_set_route_peer_messages(x, FALSE) behave
as documented. Previously, it assumed its second
parameter was TRUE. (fdo#69165)
- Escape addresses containing non-ASCII characters correctly
- Document search order correctly (fdo#66994)
- Don\'t crash on \"dbus-send --session / x.y.z\" which regressed
in 1.7.4. (fdo#65923)
- If malloc() returns NULL in _dbus_string_init() or similar,
don\'t free an invalid pointer if the string is later freed
- If malloc() returns NULL in dbus_set_error(), don\'t va_end()
a va_list that was never va_start()ed (fdo#66300)
- fix build failure with --enable-stats (fdo#66004)
- fix a regression test on platforms with strict alignment
- Avoid calling function parameters \"interface\" since certain
Windows headers have a namespace-polluting macro of that name
- Assorted Doxygen fixes (fdo#65755)
- Various thread-safety improvements to static variables
- Make \"make -j check\" work (fdo#68852)
- Fix a NULL pointer dereference on an unlikely error path
- Improve valgrind memory pool tracking (fdo#69326)
- Don\'t over-allocate memory in dbus-monitor (fdo#69329)
- dbus-monitor can monitor dbus-daemon < 1.5.6 again
+ Unix-specific:
- If accept4() fails with EINVAL, as it can on older Linux
kernels with newer glibc, try accept() instead of going
into a busy-loop. (fdo#69026)
- If socket() or socketpair() fails with EINVAL or EPROTOTYPE,
for instance on Hurd or older Linux with a new glibc, try
without SOCK_CLOEXEC. (fdo#69073)
- Fix a file descriptor leak on an error code path.
- dbus-run-session: clear some unwanted environment variables
- dbus-run-session: compile on FreeBSD (fdo#66197)
- Don\'t fail the autolaunch test if there is no DISPLAY
- Use dbus-launch from the builddir for testing, not the
installed copy (fdo#37849)
- Fix compilation if writev() is unavailable (fdo#69409)
- Remove broken support for LOCAL_CREDS credentials passing, and
document where each credential-passing scheme is used
- Make work on
*BSD by not assuming GNU coreutils
functionality (fdo#35881, fdo#69787)
- dbus-monitor: be portable to NetBSD (fdo#69842)
- dbus-launch: stop using non-portable asprintf (fdo#37849)
- Improve error reporting from the setuid activation helper
+ Internal changes:
conditionals (fdo#66142)
- improve verbose-mode output (fdo#63047)
- consolidate Autotools and CMake build (fdo#64875)
- fix various unused variables, unusual build configurations etc.
(fdo#65712, fdo#65990, fdo#66005, fdo#66257, fdo#69165, fdo#69410,
- Dropped 0001-_dbus_babysitter_unref-avoid-infinite-loop-if-waitpi.patch,
included in this release

Mon Oct 7 14:00:00 2013
- Create /var/lib/dbus/machine-id only if there is no /etc/machine-id
present on the system. Dbus knows how to use the system-wide
machine-id file and this solves problems where the two files have
different values (bnc#831626)

Fri Oct 4 14:00:00 2013
- Check for existence of /var/lib/old_run_path: if found, only then
is dbus ListenStream swapped for old run path. This is done for
supporting 12.3 to 13.1 upgrade (bnc#802525)
- Fix rpmlint warnings about %verifyscript and %set_permissions

Sun Sep 29 14:00:00 2013
- Revert to previous version of dbus-fall-back-to-old-run-directory.patch
as latest version causes a fallout

Wed Sep 25 14:00:00 2013
- Amend dbus-fall-back-to-old-run-directory.patch to prevent a
new class of hangs while upgrading D-Bus along with other
services (bnc#802525).

Sat Sep 7 14:00:00 2013
- Added 0001-_dbus_babysitter_unref-avoid-infinite-loop-if-waitpi.patch
from upstream for resolving fdo#68945, bnc#782909

Tue Jun 25 14:00:00 2013
- to avoid a cycle with systemd, build the daemon in dbus-x11.spec.
It would be wise to rename dbus-1.spec to dbus-1-libs.spec and
dbus-1-x11.spec to dbus-1.spec, but I first wanted to hear feedback

Sat Jun 22 14:00:00 2013
- Update to 1.7.4
+ CVE-2013-2168: Fix misuse of va_list that could be used as a
denial of service for system services.
+ It should now be safe to call dbus_threads_init_default() from
any thread, at any time
+ In dbus-daemon, don\'t crash if a .service file starts with
+ Fix an assertion failure if we try to activate systemd services
before systemd connects to the bus (fdo#50199)
- Adjusted dbus-do-autolaunch.patch for this release

Sat Jun 22 14:00:00 2013
- Remove the override that was added in solving bnc#802525, as it
causes similar situation when upgrading dbus and systemd
- Adjusted rc.boot.dbus script so it uses /run instead of /var/run

Thu Apr 25 14:00:00 2013
- Update to 1.7.2
+ Diagnose incorrect use of dbus_connection_get_data() with negative
slot (i.e. before allocating the slot) rather than returning junk
(fdo #63127)
+ The --with-dbus-session-bus-default-address configure option is no
longer supported
+ Under systemd, log to syslog only, not stderr, avoiding duplication
(fdo#61399, fdo#39987)
+ Under systemd, remove unnecessary dependency on syslog.socket
+ Allow use of systemd-logind without the rest of systemd
- Dropped dbus-move-everything-to-run-directory.patch, since we can
define location of system pid and socket with configure flags and
set the flags accordingly
- Added xmlto BuildRequires, it is needed now for man files

Wed Apr 24 14:00:00 2013
- Update to 1.6.10
+ Following Unicode Corrigendum #9, the noncharacters U+nFFFE, U+nFFFF,
U+FDD0..U+FDEF are allowed in UTF-8 strings again. (fdo#63072)
+ Diagnose incorrect use of dbus_connection_get_data() with negative slot
(i.e. before allocating the slot) rather than returning junk (fdo#63127)
+ In the activation helper, when compiled for tests, do not reset the system
bus address, fixing the regression tests. (fdo#52202)
+ Fix building with Valgrind 3.8, at the cost of causing harmless warnings
with Valgrind 3.6 on some compilers (fdo#55932)
+ Don\'t leak temporary fds pointing to /dev/null (fdo#56927,)
+ Create session.d, system.d directories under CMake (fdo#41319)
+ Include alloca.h for alloca() if available, fixing compilation on
Solaris 10 (fdo#63071)

Fri Feb 22 13:00:00 2013
- Spec file changes moving files from /var/run to /run.
- Add dbus-move-everything-to-run-directory.patch by rmilasan. This
moves everything (pid files, lock files, etc.) to /run.
- Add dbus-fall-back-to-old-run-directory.patch (bnc#802525).

Mon Feb 18 13:00:00 2013
- Revert patch: dbus-move-everything-to-run-directory.patch (bnc#802525).

Thu Jan 24 13:00:00 2013
- Move everything (pid files, lock files, etc.) to /run.
add: dbus-move-everything-to-run-directory.patch

Sun Nov 18 13:00:00 2012
- Update to 1.6.8
- remove patch dbus-cve-2012-3524.patch as incorporated upstream
Changes since 1.5.12
• Follow up to CVE-2012-3524: The additional hardening
work to use __secure_getenv() as a followup to bug #52202
broke certain configurations of gnome-keyring. Given
the difficulty of making this work without extensive
changes to gnome-keyring, use of __secure_getenv() is
• CVE-2012-3524: Don\'t access environment variables (fdo#52202)
Thanks to work and input from Colin Walters, Simon McVittie,
Geoffrey Thomas, and others.
• Detect that users are \"at the console\" correctly when configured with
a non-default path such as --enable-console-auth-dir=/run/console
(fdo#51521, Dave Reisner)
• Remove an incorrect assertion from DBusTransport (fdo#51657,
Simon McVittie)
• Change how we create /var/lib/dbus so it works under Automake >= 1.11.4
(fdo#51406, Simon McVittie)
• Don\'t return from dbus_pending_call_set_notify with a lock held on OOM
(fdo#51032, Simon McVittie)
• Disconnect \"developer mode\" (assertions, verbose mode etc.) from
Automake maintainer mode. D-Bus developers should now configure with
- -enable-developer. Automake maintainer mode is now on by default;
distributions can disable it with --disable-maintainer-mode.
(fdo#34671, Simon McVittie)
• Unix-specific:
· Check for libpthread under CMake on Unix (fdo#47237, Simon McVittie)
• New requirements
· compiler support for 64-bit integers (int64_t or equivalent)
• D-Bus Specification v0.19
• New dbus-daemon features
· rules allow the service to
own names like com.example.Service.Instance3
· optional systemd integration when checking at_console policies
· --nopidfile option, mainly for use by systemd
· path_namespace and arg0namespace may appear in match rules
· eavesdropping is disabled unless the match rule contains eavesdrop=true
• New public API
· functions to validate various string types (dbus_validate_path() etc.)
· dbus_type_is_valid()
· DBusBasicValue, a union of every basic type
• Bug fixes
· removed an unsafe reimplementation of recursive mutexes
· dbus-daemon no longer busy-loops if it has far too many file descriptors
· dbus-daemon.exe --print-address works on Windows
· all the other bug fixes from 1.4.20
• Other major implementation changes
· on Linux, dbus-daemon uses epoll if supported, for better scalability
· dbus_threads_init() ignores its argument and behaves like
dbus_threads_init_default() instead
· removed the per-connection link cache, improving dbus-daemon performance
• Developer features
· optional Valgrind instrumentation (--with-valgrind)
· optional Stats interface on the dbus-daemon (--enable-stats)
· optionally abort whenever malloc() fails (--enable-embedded-tests
• Be more careful about monotonic time vs. real time, fixing DBUS_COOKIE_SHA1
spec-compliance (fdo#48580, David Zeuthen)
• Don\'t use install(1) within the source/build trees, fixing the build as
non-root when using OpenBSD install(1) (fdo#48217, Antoine Jacoutot)
• Add missing commas in some tcp and nonce-tcp addresses, and remove
an unused duplicate copy of the nonce-tcp transport in Windows builds
(fdo#45896, Simon McVittie)

Fri Nov 16 13:00:00 2012
- Enable systemd integration (with_systemd 1): follow the rest of
the distribution enabling systemd support. As agreed, systemd is
the main supported way for 12.3.

Fri Nov 16 13:00:00 2012
- Move default home from /var/run/dbus to /run/dbus
- Fix useradd invocation: -o is useless without -u and newer
versions of pwdutils/shadowutils fail on this now.

Thu Nov 8 13:00:00 2012
- Link /usr/bin/dbus-send to /bin/dbus-send. Upower uses
dbus-send to receive signals from systemd regarding resuming,
however looks for the moment in the wrong directory.

Sat Nov 3 13:00:00 2012
- Fix factory breakage on systemd units directory

Fri Oct 26 14:00:00 2012
- remove sysvinit requires from the package
- remove %run_permissions macro

Wed Oct 24 14:00:00 2012
- baselibs: dbus-1-devel-32bit must require libdbus-1-3-32bit

Sun Oct 7 14:00:00 2012
- remove libzio build dependency

Mon Aug 27 14:00:00 2012
- dbus-cve-2012-3524.patch: Add patch for CVE-2012-3524 to fix getenv()
vulnerability in setuid root binaries (bnc#697105)

Wed Aug 1 14:00:00 2012
- Add pkgconfig(x11) as BuildRequires instead of xorg-x11-devel so
we don\'t depend on Mesa and create a build cycle.

Tue May 15 14:00:00 2012
- Move ownership of /etc/dbus-1/{session.d,system.d} and
/usr/share/dbus-1/{interfaces,services,system-services} to
libdbus-1-3 instead of dbus-1: many dbus users put files there,
and it\'s annoying to force them to own those directories.

Sun Apr 22 14:00:00 2012
- added libdbus-1-3 to build for -32bit...
- adeed post and postun sections for libdbus-1-3

Thu Apr 19 14:00:00 2012
- More news from the dependency hell: Let dbus-1-devel require

Wed Apr 18 14:00:00 2012
- Split dbus-1 into libdbus-1 and dbus-1.

Wed Mar 28 14:00:00 2012
- Update to version 1.5.12:
- Add public API to validate various string types:
dbus_validate_path(), dbus_validate_interface(),
dbus_validate_member(), dbus_validate_error_name(),
dbus_validate_bus_name(), dbus_validate_utf8()
(fdo#39549, Simon McVittie)
- Turn DBusBasicValue into public API so bindings don\'t need to
invent their own \"union of everything\" type (fdo#11191, Simon
- Enumerate data files included in the build rather than using
find(1) (fdo#33840, Simon McVittie)
- Add support for policy rules like
in dbus-daemon
(fdo#46273, Alban Crequy)
- Windows-specific:
- make dbus-daemon.exe --print-address (and --print-pid) work
again on Win32, but not on WinCE (fdo#46049, Simon
- fix duplicate case value when compiling against mingw-w64
(fdo#47321, Andoni Morales Alastruey)

Mon Feb 27 13:00:00 2012
- Revert my last change completely, and go back to using -fpie in
CFLAGS and -pie in LDFLAGS for the whole build: after discussion
upstream in fdo#46570, it appears that this is the recommended
way to harden the build.

Fri Feb 24 13:00:00 2012
- Change the way we pass -fpie/-pie:
+ Stop changing CFLAGS/LDFLAGS in %build to add -fpie/-pie.
+ Add dbus-1-suid_flags.patch: respect SUID_CFLAGS/SUID_LDFLAGS
when building the suid binary (dbus-daemon-launch-helper).
+ Set SUID_CFLAGS to -fPIE and SUID_LDFLAGS to -pie in %build.

Fri Feb 24 13:00:00 2012
- move with_systemd definition into COMMON part to fix dbus-1-x11

Wed Feb 22 13:00:00 2012
- Update to version 1.5.10:
+ D-Bus Specification 0.19:
- Formally define unique connection names and well-known bus
names, and document best practices for interface, bus, member
and error names, and object paths (fdo#37095)
- Document the search path for session and system services on
Unix, and where they should be installed by build systems
(fdo#21620, fdo#35306)
- Document the systemd transport (fdo#35232)
+ Make dbus_threads_init() use the same built-in threading
implementation as dbus_threads_init_default(); the
user-specified primitives that it takes as a parameter are now
ignored (fdo#43744)
+ Allow all configured auth mechanisms, not just one (fdo#45106)
+ Improve cmake build system.
+ Build tests successfully with older GLib, as found in e.g.
Debian 6 (fdo#41219)
+ Avoid use of deprecated GThread API (fdo#44413)
+ Build documentation correctly if man2html doesn\'t support
filenames on its command-line (fdo#43875)
+ Improve test coverage. To get even more coverage, run the tests
with DBUS_TEST_SLOW=1 (fdo#38285, fdo#42811)
+ Reduce the size of the shared library by moving functionality
only used by dbus-daemon, tests etc. into their internal
library and deleting unused code (fdo#34976, fdo#39759)
+ Add dbus-daemon --nopidfile option, overriding the
configuration, for setups where the default configuration must
include to avoid breaking traditional init, but the
pid file is in fact unnecessary; use it under systemd to
improve startup time a bit (fdo#45520)
+ Optionally (if configured --with-valgrind) add instrumentation
to debug libdbus and associated tools more meaningfully under
Valgrind (fdo#37286)
+ Improve the dbus-send(1) man page (fdo#14005)
+ Make dbus-protocol.h compatible with C++11 (fdo#46147)
+ If tests are enabled and DBUS_MALLOC_CANNOT_FAIL is set in the
environment, abort on failure to malloc() (like GLib does), to
turn runaway memory leaks into a debuggable core-dump if a
resource limit is applied (fdo#41048)
+ Don\'t crash if realloc() returns NULL in a debug build (fdo#41048)
+ Unix-specific:
- Replace our broken reimplementation of recursive mutexes,
which has been broken since 2006, with an ordinary pthreads
recursive mutex (fdo#43744)
- Use epoll(7) for a more efficient main loop in Linux;
equivalent patches welcomed for other OSs\' equivalents like
kqueue, /dev/poll, or Solaris event ports (fdo#33337)
- When running under systemd, use it instead of ConsoleKit to
check whether to apply at_console policies (fdo#39609)
- Avoid a highly unlikely fd leak (fdo#29881)
- Don\'t close invalid fd -1 if getaddrinfo fails (fdo#37258)
  - Don\'t touch ~/.dbus and ~/.dbus-keyrings when running \'make
installcheck\' (fdo#41218)
- Stop pretending we respect XDG_DATA_DIRS for system services:
the launch helper doesn\'t obey environment variables to avoid
privilege escalation attacks, so make the system bus follow
the same rules (fdo#21620)
+ Windows-specific fixes.
- Get ready for a switch to systemd:
+ Add a with_systemd macro, currently set to 0 as the systemd
support would introduce a build cycle between dbus-1 and
+ Add pkgconfig(libsystemd-daemon) and
pkgconfig(libsystemd-login) BuildRequires and pass
- -enable-systemd to configure if we build systemd support.

Mon Feb 6 13:00:00 2012
- fixed bnc#743149 - added position independent flags to compilation and linking(-fpie/-pie)

Wed Oct 12 14:00:00 2011
- add patch to enable X11 autolaunch even if configure thinks
it can\'t be done (bnc#707817)

Tue Oct 11 14:00:00 2011
- update to version 1.5.8:

* Clean up dead code, and make more warnings fatal in development builds
(fdo#39231, fdo#41012; Simon McVittie)

* Add a regression test for fdo#38005 (fdo#39836, Simon McVittie)

* Add _DBUS_STATIC_ASSERT and use it to check invariants

* Fix a small memory leak, and a failure to report errors, when updating
a service file entry for activation (fdo#39230, Simon McVittie)

* Clean up (non-abstract) Unix sockets on bus daemon exit

* On systems that use libcap-ng but not systemd, drop supplemental groups
when switching to the daemon user (Red Hat #726953, Steve Grubb)

Fri Sep 30 14:00:00 2011
- add libtool as buildrequire to make the spec file more reliable

Sun Sep 18 14:00:00 2011
- Remove redundant tags/sections from specfile
(cf. packaging guidelines)

Mon Aug 1 14:00:00 2011
- Update to version 1.5.6:
+ Potentially incompatible (Bustle and similar debugging tools
will need changes to work as intended):
- Do not allow match rules to \"eavesdrop\" (receive messages
intended for a different recipient) by mistake: eavesdroppers
must now opt-in to this behaviour by putting
\"eavesdrop=\'true\'\" in the match rule, which will not have any
practical effect on buses where eavesdropping is not allowed
+ Other changes:
- D-Bus Specification version 0.18 (fdo#37890, fdo#39450,
. add the \"eavesdrop\" keyword to match rules
. define eavesdropping, unicast messages and broadcast messages
. stop claiming that match rules are needed to match unicast
messages to you
. promote the type system to be a top-level section
dbus_connection_try_register_object_path or
dbus_connection_try_register_fallback fails, not
...ADDRESS_IN_USE, and simplify object-path registration
- Consistently use atomic operations on everything that is ever
manipulated via atomic ops, as was done for changes to
DBusConnection\'s refcount in 1.4.12 (fdo#38005)
- Fix a file descriptor leak when connecting to a TCP socket
- Make \"make check\" in a clean tree work, by not running tests
until test data has been set up (fdo#34405)
- The dbus-daemon no longer busy-loops if it has a very large
number of file descriptors (fdo#23194)
- Refactor message flow through dispatching to avoid locking
violations if the bus daemon\'s message limit is hit; remove
the per-connection link cache, which was meant to improve
performance, but now reduces it (fdo#34393)
- Some cmake fixes
- Remove dead code, mainly from DBusString (fdo#38570,
- Stop storing two extra byte order indicators in each D-Bus
message (fdo#38287)
- Add an optional Stats interface which can be used to get
statistics from a running dbus-daemon if enabled at configure
time with --enable-stats (fdo#34040)
- Fix various typos (fdo#27227, fdo#38284)
- Documentation (fdo#36156):
. let xsltproc be overridden as usual: ./configure
. install more documentation automatically, including
man2html output
. put dbus.devhelp in the right place (it must go in
- Unix-specific:
. look for system services in /lib/dbus-1/system-services in
addition to all the other well-known locations; note that
this should always be /lib, even on platforms where shared
libraries on the root FS would go in /lib64,
/lib/x86_64-linux-gnu or similar (fdo#35229)
. opt-in to fd passing on Solaris (fdo#33465)
- Windows-specific:
. fix use of a mutex for autolaunch server detection
. don\'t crash on malloc failure in
- Manually create /lib/dbus-1/system-services in %install so that
we can own it.

Fri Jul 1 14:00:00 2011
- Update to version 1.5.4:
+ Security (local denial of service):
- Byte-swap foreign-endian messages correctly, preventing a
long-standing local DoS if foreign-endian messages are
relayed through the dbus-daemon (fdo#38120, deb#629938, no
CVE number yet)
+ New things:
- The constant to use for an infinite timeout now has a name,
- If GLib and DBus-GLib are already installed, more tests will be built,
providing better coverage.(fdo#34570)
+ Changes:
- Consistently use atomic operations for the DBusConnection\'s
refcount, fixing potential threading problems (fdo#38005)
- Don\'t use -Wl,--gc-sections by default: in practice the size
decrease is small (300KiB on x86-64) and it frequently
doesn\'t work in unusual toolchains. (fdo#33466)
- Use #!/bin/sh for, making it work
*BSD (fdo#35880)
- Use ln -fs to set up dbus for systemd, which should fix
reinstallation when not using a DESTDIR (fdo#37870)
- Windows-specific changes:
. don\'t try to build dbus-daemon-launch-helper (fdo#37838)
- Changes from version 1.5.2:
+ Notes for distributors:
- This version of D-Bus no longer uses -fPIE by default.
+ Changes:
+ D-Bus Specification v0.17
. Reserve the extra characters used in signatures by GVariant
. Define the ObjectManager interface (fdo#34869)
+ Don\'t force -fPIE: distributions and libtool know better than
we do whether it\'s desirable (fdo#16621, fdo#27215)
+ Allow --disable-gc-sections, in case your toolchain offers
the -ffunction-sections, -fdata-sections and
- Wl,--gc-sections options but they\'re broken, as seen on
Solaris (fdo#33466)
+ Install dbus-daemon and dbus-daemon-launch-helper in a more
normal way (fdo#14512)
+ Ensure that maintainers upload documentation with the right
permissions (fdo#36130)
+ Don\'t force users of libdbus to be linked against
- lpthread, -lrt (fdo#32827)
+ Log system-bus activation information to syslog (fdo#35705)
+ Log messages dropped due to quotas to syslog (fdo#35358)
+ Make the nonce-tcp transport work on Unix (fdo#34569)
+ On Unix, if /var/lib/dbus/machine-id cannot be read, try
/etc/machine-id (fdo#35228)
+ In the regression tests, don\'t report fds as \"leaked\" if they
were open on startup (fdo#35173)
+ Make dbus-monitor bail out if asked to monitor more than one
bus, rather than silently using the last one (fdo#26548)
+ Clarify documentation (fdo#35182)
+ Clean up minor dead code and some incorrect error handling
(fdo#33128, fdo#29881)
+ Check that compiler options are supported before using them
+ Windows:
. Remove obsolete workaround for winioctl.h (fdo#35083)

Tue Jun 28 14:00:00 2011
- Fix filelist to own a directory.
- Do not package html files twice.

Wed May 18 14:00:00 2011
- buildrequire update-desktop-files for mimetypes.prov

Thu May 5 14:00:00 2011
- switch to download_files service

Wed Apr 20 14:00:00 2011
- changes license to GPL2+ or AFL 2.1

Fri Apr 15 14:00:00 2011
- Update to 1.5.0
• D-Bus Specification v0.16
· Add support for path_namespace and arg0namespace in match rules
(fdo#24317, #34870; Will Thompson, David Zeuthen, Simon McVittie)
· Make argNpath support object paths, not just object-path-like strings,
and document it better (fdo#31818, Will Thompson)
• Let the bus daemon implement more than one interface (fdo#33757,
Simon McVittie)
• Optimize _dbus_string_replace_len to reduce waste (fdo#21261,
Roberto Guido)
• Require user intervention to compile with missing 64-bit support
(fdo#35114, Simon McVittie)
• Add dbus_type_is_valid as public API (fdo#20496, Simon McVittie)
• Raise UnknownObject instead of UnknownMethod for calls to methods on
paths that are not part of the object tree, and UnknownInterface for calls
to unknown interfaces in the bus daemon (fdo#34527, Lennart Poettering)

Fri Apr 8 14:00:00 2011
- Update to 1.4.8
• Rename to, and update it to modern conventions
(fdo#32245; Javier Jardón, Simon McVittie)
• Correctly give XDG_DATA_HOME priority over XDG_DATA_DIRS (fdo#34496,
Anders Kaseorg)
• Prevent X11 autolaunching if $DISPLAY is unset or empty, and add
- -disable-x11-autolaunch configure option to prevent it altogether
in embedded environments (fdo#19997, NB#219964; Simon McVittie)
• Install the documentation, and an index for Devhelp (fdo#13495,
Debian #454142; Simon McVittie, Matthias Clasen)
• If checks are not disabled, check validity of string-like types and
booleans when sending them (fdo#16338, NB#223152; Simon McVittie)
• Add UnknownObject, UnknownInterface, UnknownProperty and PropertyReadOnly
errors to dbus-shared.h (fdo#34527, Lennart Poettering)
• Break up a huge conditional in config-parser so gcov can produce coverage
data (fdo#10887, Simon McVittie)
• List which parts of the Desktop Entry specification are applicable to
.service files (fdo#19159, Sven Herzberg)
• Don\'t suppress service activation if two services have the same Exec=
(fdo#35750, Colin Walters)
• Windows:
· Avoid the name ELEMENT_TYPE due to namespace-pollution from winioctl.h
(Andre Heinecke)
· Include _dbus_path_is_absolute in libdbus on Windows, fixing compilation
(fdo#32805, Mark Brand)

Wed Mar 9 13:00:00 2011
- Update to 1.4.6
• Remove unfinished changes intended to support GTest-based tests,
which were mistakenly included in 1.4.4
- Update to 1.4.4
• Switch back to using even micro versions for stable releases; 1.4.1
should have been called 1.4.2, so skip that version number
• Don\'t leave bad file descriptors being watched when spawning processes,
which could result in a busy-loop (fdo#32992, NB#200248; possibly
also LP#656134, LP#680444, LP#713157)
• Check for MSG_NOSIGNAL correctly
• Fix failure to detect abstract socket support (fdo#29895)
• Make _dbus_system_logv actually exit with DBUS_SYSTEM_LOG_FATAL
(fdo#32262, NB#180486)
• Improve some error code paths (fdo#29981, fdo#32264, fdo#32262,
fdo#33128, fdo#33277, fdo#33126, NB#180486)
• Avoid possible symlink attacks in /tmp during compilation (fdo#32854)
• Tidy up dead code (fdo#25306, fdo#33128, fdo#34292, NB#180486)
• Improve gcc malloc annotations (fdo#32710)
• If the system bus is launched via systemd, protect it from the OOM killer
• Documentation improvements (fdo#11190)
• Avoid readdir_r, which is difficult to use correctly (fdo#8284,
fdo#15922, LP#241619)
• Cope with invalid files in session.d, system.d (fdo#19186,
Debian #230231)
• Don\'t distribute generated files that embed our builddir (fdo#30285,
• Raise the system bus\'s fd limit to be sufficient for its configuration
(fdo#33474, LP#381063)
• Fix syslog string processing
• Ignore -Waddress
• Remove broken gcov parsing code and --enable-gcov, and replace them
with lcov HTML reports and --enable-compiler-coverage (fdo#10887)
• Windows:
· avoid live-lock in Windows CE due to unfair condition variables
• OpenBSD:
· support credentials-passing (fdo#32542)
• Solaris:
· opt-in to thread safety (fdo#33464)

Sun Jan 2 13:00:00 2011
- Update to 1.4.1
+ Fix for CVE-2010-4352: sending messages with excessively-nested
variants can crash the bus. The existing restriction to 64-levels
of nesting previously only applied to the static type signature;
now it also applies to dynamic nesting using variants. Thanks to
Rémi Denis-Courmont for discoving this issue.
+ Various bug fixes.
+ For details, see

Mon Nov 8 13:00:00 2010
- Fix package list, own /lib/systemd directories.

Tue Oct 12 14:00:00 2010
- ConsoleKit may not be installed on the system, so kill
the process at \"stop\" only if it is running

Fri Sep 24 14:00:00 2010
- add missimg BuildRequires on libcap-ng-devel so dbus can
drop capabilities when needed.

Mon Sep 6 14:00:00 2010
- version 1.4.0
- make dbus-uuidgen atomic
- fix socket descriptor leak in _dbus_connect_tcp_socket_with_nonce
- unconditionally enable D-Bus on systemd boots

Sat Jul 24 14:00:00 2010
- update systemd service installation

Tue Jul 13 14:00:00 2010
- drop systemd-units

Sat Jul 10 14:00:00 2010
- update to 1.3.2 snapshot
- New standardized PropertiesChanged signal in the properties interface
- Support forking bus services, for compatibility
- install systemd service files

Mon Jun 28 14:00:00 2010
- use %_smp_mflags

Thu Mar 25 13:00:00 2010
- Update to version 1.2.24:
+ For details, see
+ Highlights:
- Fix a critical crasher bug in the syslog code
+ [bus] While creating a syslog, correctly get pointer data from
+ [bus] Don\'t install a SIGTERM handler
+ [64 bit printf] Update to use DBUS_PID_FORMAT, print (omitted)
+ Move dispatching to destination to bus_dispatch_matches()
+ Dispatch post-activation messages to anyone interested
+ Build changes.
- Changes from version 1.2.22:
+ For details, see
+ Highlights:
- Fix to avoid UI freezes in newer Evolution versions (and any
other program that makes synchronous DBus calls from a
non-main thread).
- Monitor service directories for changes
+ When handling a watch, return if another thread is doing I/O
+ Monitor service directories for changes
+ Sync up UNICODE_VALID with glib, add documentation
+ Support inotify on older kernels
+ Handle OOM in reload watch
+ Refactor _dbus_log_info, _dbus_log_security into
+ Add _dbus_credentials_to_string_append
+ Add a prefix to our syslog messages
+ Make SELinux initialization failure fatal
+ Don\'t send an reply for driver messages if one isn\'t requested
+ Fix double-free in error case.
+ Other simple fixes, build fixes.
+ Explicitly specify in the spec lower-case hex must be used
+ Use AM_SILENT_RULES if available
- Changes from version 1.2.20:
+ For details, see
+ Fix inotify shutdown
+ Fix compilation in --disable-selinux case
- Changes from version 1.2.18:
+ For details, see
+ Ignore exit code zero from activated services
+ Switch to libcap-ng, avoid linking libdbus against libcap[-ng]
+ Don\'t drop pending activations when reloading configuration
+ Update init script to start earlier
+ Clean up inotify watch handling
+ Don\'t crash when reloading if we haven\'t loaded user database
+ fdo#23502 - corrected wrong verbose-output
+ Correct timeout handling
+ dbus-monitor: use unbuffered stdout instead of handling SIGINT
+ fdo#25697 - Fix memory leak in policy reload
+ fdo#23977 - dbus-launch --exit-with-session not killing
dbus-daemon on SIGINT
+ Use monotonic clock for _dbus_get_current_time() if it\'s
+ Make array-printing code easier to follow
+ Forbid zero serial numbers
+ Include reason when reporting corrupt messages
+ Add an accessor for the loader\'s corruption reason
+ Print byte arrays as nicely-formatted hex.
+ Print all-printable-ASCII byte arrays as strings
+ Build fixes, including fdo#19432, fdo#22788, fdo#22805

Mon Dec 14 13:00:00 2009
- add baselibs.conf as a source
- package documentation as noarch

Wed Sep 2 14:00:00 2009
- Implemented /etc/init.d/dbus reload (bnc#503074).

Thu Jul 23 14:00:00 2009
- fix %changelog

Fri Jul 17 14:00:00 2009
- added dbus-1-devel to baselibs.conf

Fri Jul 17 14:00:00 2009
- fix --libexecdir to be the proper /lib/dbus-1/ directory

Wed Jul 15 14:00:00 2009
- update to 1.2.16 release
- Avoid race conditions reading message from exited process
- Ensure initialized variable in dbus_connection_remove_filter
- Don\'t fail autolaunching if process has SIGCHLD handler
- Ensure inotify fd is set close on exec
- Make sure a pending call timeout isn\'t assumed
- Allow a pending call to block forever
- Don\'t allocate DBusTimeout for pending call when passed INT_MAX
- Update documentation now that INT_MAX means no timeout
- Fix issue where timeouts can overflow
- Remove 6 hour timeout restriction
- Unrestrict session bus timeout

Thu Apr 16 14:00:00 2009
- use --disable-static instead of removing static libraries

Thu Apr 2 14:00:00 2009
- Make boot script smart