Commit Graph

102 Commits

Author SHA1 Message Date
Will Dietz
6d7cdd7f8b dbus: 1.12.14 -> 1.12.16
https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12.16/NEWS

It's short and explains the CVE a bit, including below:

> CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
> authentication for identities that differ from the user running the
> DBusServer. Previously, a local attacker could manipulate symbolic
> links in their own home directory to bypass authentication and connect
> to a DBusServer with elevated privileges. The standard system and
> session dbus-daemons in their default configuration were immune to this
> attack because they did not allow DBUS_COOKIE_SHA1, but third-party
> users of DBusServer such as Upstart could be vulnerable.   Thanks to Joe
> Vennix of Apple Information Security.   (dbus#269, Simon McVittie)
2019-06-15 18:16:58 +02:00
Will Dietz
c0af744b18
dbus: 1.12.14
https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12.14/NEWS
2019-05-17 14:52:30 -05:00
Alyssa Ross
ad0d1ff6fd
makeDBusConfig: don't allow substitutions
This is rebuilt virtually every time a NixOS module is enabled or
disabled, so I don't think it makes sense to have it substituted.
It gets in the way of trivial config changes when I would otherwise be
able to rebuild my system entirely offline.
2019-03-17 16:04:08 +00:00
Will Dietz
4046248c74 dbus: 1.12.10 -> 1.12.12 2018-12-07 20:52:11 -06:00
R. RyanTM
be00dbf94c dbus: 1.12.8 -> 1.12.10 (#44789)
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/dbus/versions.
2018-08-09 18:33:17 +02:00
Silvan Mosberger
57bccb3cb8 treewide: http -> https sources (#42676)
* treewide: http -> https sources

This updates the source urls of all top-level packages from http to
https where possible.

* buildtorrent: fix url and tab -> spaces
2018-06-28 20:43:35 +02:00
R. RyanTM
bf762d13e3 dbus: 1.12.6 -> 1.12.8
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/dbus/versions.

These checks were done:

- built on NixOS
- ran ‘/nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8/bin/dbus-monitor --help’ got 0 exit code
- ran ‘/nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8/bin/dbus-update-activation-environment help’ got 0 exit code
- ran ‘/nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8/bin/dbus-cleanup-sockets -h’ got 0 exit code
- ran ‘/nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8/bin/dbus-cleanup-sockets --help’ got 0 exit code
- ran ‘/nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8/bin/dbus-cleanup-sockets help’ got 0 exit code
- ran ‘/nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8/bin/dbus-run-session -h’ got 0 exit code
- ran ‘/nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8/bin/dbus-run-session --help’ got 0 exit code
- ran ‘/nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8/bin/dbus-uuidgen --help’ got 0 exit code
- ran ‘/nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8/bin/dbus-launch -h’ got 0 exit code
- ran ‘/nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8/bin/dbus-launch --help’ got 0 exit code
- found 1.12.8 with grep in /nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8
- directory tree listing: https://gist.github.com/598fa486a7a2da2a0887e0899dd2ed27
2018-05-02 16:33:55 -07:00
R. RyanTM
e497597354 dbus: 1.10.24 -> 1.12.6
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/dbus/versions.

These checks were done:

- built on NixOS
- ran ‘/nix/store/2fb87ah2lsvnzlah1mkdiwsrv8p01yh6-dbus-1.12.6/bin/dbus-monitor --help’ got 0 exit code
- ran ‘/nix/store/2fb87ah2lsvnzlah1mkdiwsrv8p01yh6-dbus-1.12.6/bin/dbus-cleanup-sockets -h’ got 0 exit code
- ran ‘/nix/store/2fb87ah2lsvnzlah1mkdiwsrv8p01yh6-dbus-1.12.6/bin/dbus-cleanup-sockets --help’ got 0 exit code
- ran ‘/nix/store/2fb87ah2lsvnzlah1mkdiwsrv8p01yh6-dbus-1.12.6/bin/dbus-cleanup-sockets help’ got 0 exit code
- ran ‘/nix/store/2fb87ah2lsvnzlah1mkdiwsrv8p01yh6-dbus-1.12.6/bin/dbus-run-session -h’ got 0 exit code
- ran ‘/nix/store/2fb87ah2lsvnzlah1mkdiwsrv8p01yh6-dbus-1.12.6/bin/dbus-run-session --help’ got 0 exit code
- ran ‘/nix/store/2fb87ah2lsvnzlah1mkdiwsrv8p01yh6-dbus-1.12.6/bin/dbus-uuidgen --help’ got 0 exit code
- ran ‘/nix/store/2fb87ah2lsvnzlah1mkdiwsrv8p01yh6-dbus-1.12.6/bin/dbus-launch -h’ got 0 exit code
- ran ‘/nix/store/2fb87ah2lsvnzlah1mkdiwsrv8p01yh6-dbus-1.12.6/bin/dbus-launch --help’ got 0 exit code
- found 1.12.6 with grep in /nix/store/2fb87ah2lsvnzlah1mkdiwsrv8p01yh6-dbus-1.12.6
- directory tree listing: https://gist.github.com/f7926c86c6572ac1a02dab3468dbbb95
2018-04-07 17:00:36 -07:00
Tor Hedin Brønner
70e8face4c
makeDBusConf: Look for .conf files in share/dbus-1/system.d/ too
Some packages install their dbus config files to `share/dbus-1/system.d` instead
of `etc/dbus-1/system.d`, so look in both places.
2018-03-28 20:41:06 +02:00
Tuomas Tynkkynen
1874678d12 make-dbus-conf: Don't depend on unnecessary libxslt outputs
Might fix https://hydra.nixos.org/build/71580290.
2018-03-21 22:18:50 +02:00
Shea Levy
e51a76ce73
make-dbus-conf: Fix cross-compilation. 2018-02-28 15:01:33 -05:00
Orivej Desh
fb8d552026 make-dbus-conf: prefer local build 2017-11-12 03:52:21 +00:00
Vladimír Čunát
4b66f2f753
dbus: 1.10.22 -> 1.10.24 2017-10-08 18:24:13 +02:00
Vladimír Čunát
1784840b72
dbus: maintenance 1.10.20 -> 1.10.22 2017-08-13 16:27:40 +02:00
Vladimír Čunát
7d80f94f75
dbus: maintenance 1.10.18 -> 1.10.20 2017-07-15 11:46:54 +02:00
Vladimír Čunát
3efef09866
dbus: maintenance 1.10.16 -> 1.10.18 2017-04-18 18:44:22 +02:00
Nikolay Amiantov
c05ac3ea12 makeDBusConf: re-add XDG directories for session bus
Fixes #23770.
2017-03-12 22:15:51 +03:00
Vladimír Čunát
9458018a87
dbus: 1.10.14 -> 1.10.16
It's for "security" issue that's considered unexploitable with a sane
config.
2017-02-20 21:38:24 +01:00
aszlig
c5b2714bc7
dbus: Put DTDs into $out instead of $doc
First of all, these "documents" are not really documentation, so it
really doesn't make much sense to put it into $doc.

The main point however is that the installer tests are failing since
this was introduced in ac0cdc1952.

One way to circumvent this is putting dbus.doc into
system.extraDependencies of the installer tests, but given the first
point this sounds a bit odd to me.

So I went for the second way of putting it into $out, because it's now
basically necessary to build a NixOS system.

With this the NixOS installer tests should now work again, although I
have only tested this with the installer.simple test.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @abbradar
2017-02-20 03:24:38 +01:00
aszlig
fc6684054d
make-dbus-conf: Use libxslt.bin instead of .dev
The problem with using libxslt as buildInputs is that the dev output is
used for building the dbus config.

This is one of the reasons why the installer tests are failing since
ac0cdc1952, because the tests do not have
libxslt.dev in their closure and really shouldn't.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @abbradar
2017-02-20 03:24:34 +01:00
aszlig
edce2b759c
make-dbus-conf: Don't try to access network
This is the output of the builder:

building path(s) `/nix/store/khkcfb8433i9mabb6wnb8ik6p9skg644-dbus-1'
error : connection refused
error : connection refused

However, even when using --nonet we'd still get this:

I/O error : Attempt to load network entity
http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd

So in order to avoid this, we now provide an XML catalog file, mapping
the public URLs to the local DTD paths inside the store instead of using
--path (which doesn't seem to work with xsltproc).

Tested this by comparing the SHA256 (nix-hash --type sha256) of the
output path generated by:

nix-build -E '(import ./. {}).makeDBusConf {
  suidHelper = "SUIDHELPER";
  serviceDirectories = [ "SERVICEDIR1" "SERVICEDIR1" ];
}'

... with the SHA256 of the generated output path prior to this commit
and they have the same hash:

6f3f9594b12fddbff9407b85252b6f649da11f56b7fd514f761966c11399a7ab

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @abbradar
2017-02-20 03:24:26 +01:00
Nikolay Amiantov
3e23ec4450 makeDBusConf: init
Use XSLT transform to modify stock dbus configuration file. This is needed
because some dbus components doesn't support <include> so we need to put our
core configuration in the main file.
2017-02-16 15:41:23 +03:00
Nikolay Amiantov
300c9a6c3d dbus: use /etc as datadir, install dtd 2017-02-16 15:41:23 +03:00
Nikolay Amiantov
4877a5664e dbus: don't search for units in current-system 2017-02-02 00:58:45 +03:00
Vladimír Čunát
ea42d6fe62
dbus: 1.10.12 -> 1.10.14 2016-12-03 12:32:11 +01:00
Graham Christensen
bc1317c163
dbus: 1.10.10 -> 1.10.12 for CVE-2015-0245 2016-10-19 08:31:14 -04:00
Peter Hoeg
639e5401ff dbus: add socket activation but do not enable it
The following changes are included:

1) install user unit files from upstream dbus
2) use absolute paths to config for --system and --session instances
3) make socket activation of user units configurable

There has been a number of PRs to address this, so this one does the
bare minimum, which is to make the functionality available and
configurable but defaults to off.

Related PRs:
 - #18382
 - #18222

(cherry picked from commit f7215c9b5b47dfb0a6dbe87ff33d7730729a32e5)
Signed-off-by: Domen Kožar <domen@dev.si>
2016-09-30 13:14:53 +02:00
Eelco Dolstra
7c239702b5 Merge remote-tracking branch 'origin/master' into staging 2016-09-05 19:10:12 +02:00
Alexander Ried
8604117b48 dbus: remove unused imports 2016-09-05 15:03:35 +02:00
Vladimír Čunát
741527adef dbus: 1.10.8. -> 1.10.10
NEWS seem safe, and there are only "fixes" in there.
2016-09-04 20:42:28 +02:00
Tuomas Tynkkynen
a17216af4c treewide: Shuffle outputs
Make either 'bin' or 'out' the first output.
2016-08-29 14:49:51 +03:00
Thomas Tuegel
f04e0e70e8 Revert "Revert "dbus: 1.8.20 -> 1.10.8""
This reverts commit 9eb107dc52.
2016-05-02 13:01:59 -05:00
Thomas Tuegel
9eb107dc52 Revert "dbus: 1.8.20 -> 1.10.8"
This reverts commit d088e0621e.

The D-Bus update breaks logind and polkit.

(cherry picked from commit 2e06e5eb36)

Hydra had rebuilt this on staging, fixing many test problems.
There were also phonon changes in these rebuilds, but the amount of
binaries affected by them is relatively low and I'm not yet fully
convinced of their stability.
2016-04-24 20:08:39 +02:00
Thomas Tuegel
d088e0621e dbus: 1.8.20 -> 1.10.8 2016-04-20 10:01:06 -05:00
Luca Bruno
e289717414 rename moveToOutput and propagatedBuildInputs 2015-12-02 10:05:36 +01:00
Vladimír Čunát
a0ce1b48ed dbus: fix build of dbus without x11Support 2015-10-28 12:04:47 +01:00
Vladimír Čunát
783c40eb68 dbus: split into multiple outputs and fix referrers 2015-10-13 20:19:01 +02:00
Vladimír Čunát
1ff829deeb dbus: maintenance update 2015-07-23 14:42:47 +02:00
Vladimír Čunát
deb33d513f dbus: small update 2015-06-07 09:22:13 +02:00
Spencer Whitt
80edc95494 dbus: Build on Darwin 2015-05-04 10:56:49 -04:00
William A. Kennington III
232b71c6e8 Fix some platforms 2015-04-25 21:27:53 -07:00
Jan Malakhovski
380ee53fff dbus: rename useX11 option into x11Support, cleanup a bit 2015-03-29 23:28:30 +00:00
Vladimír Čunát
464212e01a dbus: security bump to fix CVE-2015-0245 2015-03-09 15:55:23 +01:00
Vladimír Čunát
8ec4c682a7 dbus.{tools,daemon}: don't provide a wrong dbus-1.pc
Fixes #6086.
I think this will rebuild most of KDE and GNOME due to strigi and upower.
2015-02-01 11:43:18 +01:00
Vladimír Čunát
1c0477c08c dbus: a security-hardening update 2015-01-13 18:01:27 +01:00
Domen Kožar
9b7b2ce8eb Revert "Introduce patchShebangsPhase ran in preConfigurePhases"
This reverts commit 512fbb280f.

See #5368
2015-01-08 10:26:49 +01:00
Domen Kožar
512fbb280f Introduce patchShebangsPhase ran in preConfigurePhases
(cherry picked from commit 91c7e8747af1fdc2a70cd98594ccbb12a5c6902d)
Signed-off-by: Domen Kožar <domen@dev.si>
2015-01-02 02:58:32 +01:00
Vladimír Čunát
443e0fcbea dbus: small update, fixing boot on slow machines
See http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.8
2014-11-24 23:06:12 +01:00
Vladimír Čunát
827ec7b3d6 dbus: security update, CVE-2014-3636 2014-11-10 21:34:02 +01:00
Vladimír Čunát
151da1950e dbus: minor update, including security fixes
CVE-2014-3635..3639
2014-09-16 20:11:06 +02:00