dbus-1-x11-1.8.22-19.1.i586.rpm


Advertisement

Description

dbus-1-x11 - D-Bus Message Bus System

Distribution: openSUSE 13.2
Repository: openSUSE Update all
Package name: dbus-1-x11
Package version: 1.8.22
Package release: 19.1
Package architecture: i586
Package type: rpm
Installed size: 40.34 KB
Download size: 72.72 KB
Official Mirror: ftp.gwdg.de
D-Bus contains some tools that require Xlib to be installed, those are in this separate package so server systems need not install X.

Provides

  • dbus-1-x11 = 1.8.22-19.1
  • dbus-1-x11(x86-32) = 1.8.22-19.1

    Download

    Install Howto

    Install dbus-1-x11 rpm package:

    # zypper install dbus-1-x11

    Files

    • /usr/bin/dbus-launch
    • /usr/bin/dbus-run-session
    • /usr/share/man/man1/dbus-launch.1.gz
    • /usr/share/man/man1/dbus-run-session.1.gz

    Changelog

    2016-10-11 - fstrba@suse.com - Update to 1.8.22: * Security fixes: + Do not treat ActivationFailure message received from root-owned systemd name as a format string. In principle this is a security vulnerability, but we do not believe it is exploitable in practice, because only privileged processes can own the org.freedesktop.systemd1 bus name, and systemd does not appear to send activation failures that contain "%". Please note that this probably *was* exploitable in dbus versions older than 1.6.30, 1.8.16 and 1.9.10 due to a missing check which at the time was only thought to be a denial of service vulnerability (CVE-2015-0245). If you are still running one of those versions, patch or upgrade immediately. (fdo#98157, bsc#1003898, Simon McVittie) * Security hardening: + On Unix platforms, change the default configuration for the session bus to only allow EXTERNAL authentication (secure kernel-mediated credentials-passing), as was already done for the system bus. This avoids falling back to DBUS_COOKIE_SHA1, which relies on strongly unpredictable pseudo-random numbers; under certain circumstances (/dev/urandom unreadable or malloc() returns NULL), dbus could fall back to using rand(), which does not have the desired unpredictability. The fallback to rand() has not been changed in this stable-branch since the necessary code changes for correct error-handling are rather intrusive. If you are using D-Bus over the (unencrypted!) tcp: or nonce-tcp: transport, in conjunction with DBUS_COOKIE_SHA1 and a shared home directory using NFS or similar, you will need to reconfigure the session bus to accept DBUS_COOKIE_SHA1 by commenting out the <auth> element. This configuration is not recommended. * Other fixes: + Fix a memory leak when GetConnectionCredentials() succeeds (fdo#91008, Jacek Bukarewicz) + Ensure that dbus-monitor does not reply to messages intended for others (fdo#90952, Simon McVittie) + Add locking to DBusCounter's reference count and notify function (fdo#89297, Adrian Szyndela) + Ensure that DBusTransport's reference count is protected by the corresponding DBusConnection's lock (fdo#90312, Adrian Szyndela) + On Windows, listen on the same port for IPv4 and IPv6 (previously broken by an endianness mistake), and fix a failure to bind TCP sockets on approximately 1 attempt in 256 (fdo#87999, Ralf Habacker) + Correctly release DBusServer mutex before early-return if we run out of memory while copying authentication mechanisms (fdo#90021, Ralf Habacker) + Correctly initialize all fields of DBusTypeReader (fdo#90021; Ralf Habacker, Simon McVittie) + Fix some missing \n in verbose (debug log) messages (fdo#90004, Ralf Habacker) + Clean up some memory leaks in test code (fdo#90021, Ralf Habacker)

    2016-07-21 - mkoutny@suse.com - Added patches: * fix-timeout-reset.patch + Correctly reset timeouts for pending file descriptors (bsc#978477) * increase-backlog.patch + increase listen() backlog of AF_UNIX sockets to SOMAXCONN (bsc#980928)

    Advertisement
    Advertisement