diff --git a/README.en.md b/README.en.md new file mode 100644 index 0000000000000000000000000000000000000000..7de803d95cf164c9196e2a12fca6e820a9169fc8 --- /dev/null +++ b/README.en.md @@ -0,0 +1,26 @@ +D-Bus + +D-Bus is a message bus system, a simple way for applications to talk to one another. +In addition to interprocess communication, D-Bus helps coordinate process lifecycle; it makes it simple and reliable to code a "single instance" application or daemon, and to launch applications and daemons on demand when their services are needed. + +D-Bus supplies both a system daemon (for events such as "new hardware device added" or "printer queue changed") and a per-user-login-session daemon (for general IPC needs among user applications). +Also, the message bus is built on top of a general one-to-one message passing framework, which can be used by any two apps to communicate directly (without going through the message bus daemon). +Currently the communicating applications are on one computer, or through unencrypted TCP/IP suitable for use behind a firewall with shared NFS home directories. (Help wanted with better remote transports - the transport mechanism is well-abstracted and extensible.) + +The dbus low-level API reference implementation and the D-Bus protocol have been heavily tested in the real world over several years, and are now "set in stone." Future changes will either be compatible or versioned appropriately. + +The low-level libdbus reference library has no required dependencies; the reference bus daemon's only required dependency is an XML parser (expat). +Higher-level bindings specific to particular frameworks (Qt, GLib, Java, C#, Python, etc.) add more dependencies, but can make more assumptions and are thus much simpler to use. +The bindings evolve separately from the low-level libdbus, so some are more mature and ABI-stable than others; check the docs for the binding you plan to use. + +There are also some reimplementations of the D-Bus protocol for languages such as C#, Java, and Ruby. +These do not use the libdbus reference implementation. + +It should be noted that the low-level implementation is not primarily designed for application authors to use. +Rather, it is a basis for binding authors and a reference for reimplementations. +If you are able to do so it is recommended that you use one of the higher level bindings or implementations. +A list of these can be found on the bindings page. + +The list of projects using D-Bus is growing and they provide a wealth of examples of using the various APIs to learn from. + +D-Bus is very portable to any Linux or UNIX flavor, and a port to Windows is in progress. \ No newline at end of file diff --git a/dbus -1.12.20 Changelog b/dbus -1.12.20 Changelog new file mode 100644 index 0000000000000000000000000000000000000000..6247e1f50708c9c16587fb0682dd029c8ee1c660 --- /dev/null +++ b/dbus -1.12.20 Changelog @@ -0,0 +1,80 @@ +dbus 1.12.20 (2020-07-02) +========================= + +The “temporary nemesis” release. + +Maybe security fixes: + +• On Unix, avoid a use-after-free if two usernames have the same + numeric uid. In older versions this could lead to a crash (denial of + service) or other undefined behaviour, possibly including incorrect + authorization decisions if is used. + Like Unix filesystems, D-Bus' model of identity cannot distinguish + between users of different names with the same numeric uid, so this + configuration is not advisable on systems where D-Bus will be used. + Thanks to Daniel Onaca. + (dbus#305, dbus!166; Simon McVittie) + +Other fixes: + +• On Solaris and its derivatives, if a cmsg header is truncated, ensure + that we do not overrun the buffer used for fd-passing, even if the + kernel tells us to. + (dbus#304, dbus!165; Andy Fiddaman) + +dbus 1.12.18 (2020-06-02) +========================= + +The “telepathic vines” release. + +Denial of service fixes: + +• CVE-2020-12049: If a message contains more file descriptors than can + be sent, close those that did get through before reporting error. + Previously, a local attacker could cause the system dbus-daemon (or + another system service with its own DBusServer) to run out of file + descriptors, by repeatedly connecting to the server and sending fds that + would get leaked. + Thanks to Kevin Backhouse of GitHub Security Lab. + (dbus#294, GHSL-2020-057; Simon McVittie) + +Other fixes: + +• Fix a crash when the dbus-daemon is terminated while one or more + monitors are active (dbus#291, dbus!140; Simon McVittie) + +• The dbus-send(1) man page now documents --bus and --peer instead of + the old --address synonym for --peer, which has been deprecated since + the introduction of --bus and --peer in 1.7.6 + (fd.o #48816, dbus!115; Chris Morin) + +• Fix a wrong environment variable name in dbus-daemon(1) + (dbus#275, dbus!122; Mubin, Philip Withnall) + +• Fix formatting of dbus_message_append_args example + (dbus!126, Felipe Franciosi) + +• Avoid a test failure on Linux when built in a container as uid 0, but + without the necessary privileges to increase resource limits + (dbus!58, Debian #908092; Simon McVittie) + +• When building with CMake, cope with libX11 in a non-standard location + (dbus!129, Tuomo Rinne) + +dbus 1.12.16 (2019-06-11) +========================= + +The “tree cat” release. + +Security fixes: + +• CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1 + authentication for identities that differ from the user running the + DBusServer. Previously, a local attacker could manipulate symbolic + links in their own home directory to bypass authentication and connect + to a DBusServer with elevated privileges. The standard system and + session dbus-daemons in their default configuration were immune to this + attack because they did not allow DBUS_COOKIE_SHA1, but third-party + users of DBusServer such as Upstart could be vulnerable. + Thanks to Joe Vennix of Apple Information Security. + (dbus#269, Simon McVittie) \ No newline at end of file diff --git a/dbus.spec b/dbus.spec index 6ce3b282fe8b0be87af3a2f4f27b736997d82913..3f5acb6f68a5738cc45659f384771d8b2f03b2ea 100644 --- a/dbus.spec +++ b/dbus.spec @@ -1,7 +1,7 @@ Name: dbus Epoch: 1 Version: 1.12.20 -Release: 1 +Release: 2 Summary: System Message Bus License: AFLv2.1 or GPLv2+ URL: http://www.freedesktop.org/Software/dbus/ @@ -215,6 +215,9 @@ make check %exclude %{_pkgdocdir}/README %changelog +* Tue Nov 13 2020 xielh2000 - 1:1.12.20-2 +- Add from 1.12.16 to 1.12.20 of changelog and README.en + * Wed Jul 15 2020 shenyangyang - 1:1.12.20-1 - Upgrade to 1.12.20