https://gitlab.freedesktop.org/dbus/dbus/blob/dbus-1.12.16/NEWS
It's short and explains the CVE a bit, including below:
> CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
> authentication for identities that differ from the user running the
> DBusServer. Previously, a local attacker could manipulate symbolic
> links in their own home directory to bypass authentication and connect
> to a DBusServer with elevated privileges. The standard system and
> session dbus-daemons in their default configuration were immune to this
> attack because they did not allow DBUS_COOKIE_SHA1, but third-party
> users of DBusServer such as Upstart could be vulnerable. Thanks to Joe
> Vennix of Apple Information Security. (dbus#269, Simon McVittie)
* treewide: http -> https sources
This updates the source urls of all top-level packages from http to
https where possible.
* buildtorrent: fix url and tab -> spaces
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/dbus/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8/bin/dbus-monitor --help’ got 0 exit code
- ran ‘/nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8/bin/dbus-update-activation-environment help’ got 0 exit code
- ran ‘/nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8/bin/dbus-cleanup-sockets -h’ got 0 exit code
- ran ‘/nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8/bin/dbus-cleanup-sockets --help’ got 0 exit code
- ran ‘/nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8/bin/dbus-cleanup-sockets help’ got 0 exit code
- ran ‘/nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8/bin/dbus-run-session -h’ got 0 exit code
- ran ‘/nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8/bin/dbus-run-session --help’ got 0 exit code
- ran ‘/nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8/bin/dbus-uuidgen --help’ got 0 exit code
- ran ‘/nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8/bin/dbus-launch -h’ got 0 exit code
- ran ‘/nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8/bin/dbus-launch --help’ got 0 exit code
- found 1.12.8 with grep in /nix/store/q2p724wzbngs5qrv96s2mny5bhsnm3jk-dbus-1.12.8
- directory tree listing: https://gist.github.com/598fa486a7a2da2a0887e0899dd2ed27
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.
This update was made based on information from https://repology.org/metapackage/dbus/versions.
These checks were done:
- built on NixOS
- ran ‘/nix/store/2fb87ah2lsvnzlah1mkdiwsrv8p01yh6-dbus-1.12.6/bin/dbus-monitor --help’ got 0 exit code
- ran ‘/nix/store/2fb87ah2lsvnzlah1mkdiwsrv8p01yh6-dbus-1.12.6/bin/dbus-cleanup-sockets -h’ got 0 exit code
- ran ‘/nix/store/2fb87ah2lsvnzlah1mkdiwsrv8p01yh6-dbus-1.12.6/bin/dbus-cleanup-sockets --help’ got 0 exit code
- ran ‘/nix/store/2fb87ah2lsvnzlah1mkdiwsrv8p01yh6-dbus-1.12.6/bin/dbus-cleanup-sockets help’ got 0 exit code
- ran ‘/nix/store/2fb87ah2lsvnzlah1mkdiwsrv8p01yh6-dbus-1.12.6/bin/dbus-run-session -h’ got 0 exit code
- ran ‘/nix/store/2fb87ah2lsvnzlah1mkdiwsrv8p01yh6-dbus-1.12.6/bin/dbus-run-session --help’ got 0 exit code
- ran ‘/nix/store/2fb87ah2lsvnzlah1mkdiwsrv8p01yh6-dbus-1.12.6/bin/dbus-uuidgen --help’ got 0 exit code
- ran ‘/nix/store/2fb87ah2lsvnzlah1mkdiwsrv8p01yh6-dbus-1.12.6/bin/dbus-launch -h’ got 0 exit code
- ran ‘/nix/store/2fb87ah2lsvnzlah1mkdiwsrv8p01yh6-dbus-1.12.6/bin/dbus-launch --help’ got 0 exit code
- found 1.12.6 with grep in /nix/store/2fb87ah2lsvnzlah1mkdiwsrv8p01yh6-dbus-1.12.6
- directory tree listing: https://gist.github.com/f7926c86c6572ac1a02dab3468dbbb95
First of all, these "documents" are not really documentation, so it
really doesn't make much sense to put it into $doc.
The main point however is that the installer tests are failing since
this was introduced in ac0cdc1952.
One way to circumvent this is putting dbus.doc into
system.extraDependencies of the installer tests, but given the first
point this sounds a bit odd to me.
So I went for the second way of putting it into $out, because it's now
basically necessary to build a NixOS system.
With this the NixOS installer tests should now work again, although I
have only tested this with the installer.simple test.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Cc: @abbradar
The following changes are included:
1) install user unit files from upstream dbus
2) use absolute paths to config for --system and --session instances
3) make socket activation of user units configurable
There has been a number of PRs to address this, so this one does the
bare minimum, which is to make the functionality available and
configurable but defaults to off.
Related PRs:
- #18382
- #18222
(cherry picked from commit f7215c9b5b47dfb0a6dbe87ff33d7730729a32e5)
Signed-off-by: Domen Kožar <domen@dev.si>
This reverts commit d088e0621e.
The D-Bus update breaks logind and polkit.
(cherry picked from commit 2e06e5eb36)
Hydra had rebuilt this on staging, fixing many test problems.
There were also phonon changes in these rebuilds, but the amount of
binaries affected by them is relatively low and I'm not yet fully
convinced of their stability.
