rpms
/
dbus-broker
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import dbus-broker-28-7.el9

Browse Source
c9 imports/c9/dbus-broker-28-7.el9
CentOS Sources 2 years ago committed by MSVSphere Packaging Team
commit 520ce24d8a
8 changed files with 643 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
.dbus-broker.metadata
Unescape View File

@ -0,0 +1 @@
2602b87b336875bc1fd6866004f16013e6cf3fe4 SOURCES/dbus-broker-28.tar.xz

1
.gitignore vendored
Unescape View File

@ -0,0 +1 @@
SOURCES/dbus-broker-28.tar.xz

38
SOURCES/1add8a7d60e46806e0ef87994d3024245db0d84a.patch
Unescape View File

@ -0,0 +1,38 @@
From 1add8a7d60e46806e0ef87994d3024245db0d84a Mon Sep 17 00:00:00 2001
From: David Rheinsberg <david.rheinsberg@gmail.com>
Date: Thu, 18 Mar 2021 11:10:02 +0100
Subject: [PATCH] launch/policy: fix incorrect assertion for at_console
We write at_console policies for ranges of uids. If one of those ranges
is 0, an overflow assertion will incorrectly fire. Fix this and simplify
the assertions for better readability.
Note that such empty ranges will happen if more than one user on the
system is considered `at_console` **and** those users have consecutive
UIDs. Another possibility for empty ranges is when uid 0 is considered
at_console.
In any case, the assertion will abort the application incorrectly. So
this is not a security issue, but merely an incorrect assertion.
Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com>
---
src/launch/policy.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/launch/policy.c b/src/launch/policy.c
index f91f11b..75eb0d3 100644
--- a/src/launch/policy.c
+++ b/src/launch/policy.c
@@ -934,7 +934,10 @@ static int policy_export_xmit(Policy *policy, CList *list1, CList *list2, sd_bus
static int policy_export_console(Policy *policy, sd_bus_message *m, PolicyEntries *entries, uint32_t uid_start, uint32_t n_uid) {
int r;
- c_assert(((uint32_t)-1) - n_uid + 1 >= uid_start);
+ /* check for overflow */
+ c_assert(uid_start + n_uid >= uid_start);
+ /* check for encoding into dbus `u` type */
+ c_assert(uid_start + n_uid <= (uint32_t)-1);
if (n_uid == 0)
return 0;

155
SOURCES/33e0595b1c7cf8fa0e7ca3a353f4380c1307dc25.patch
Unescape View File

@ -0,0 +1,155 @@
From 33e0595b1c7cf8fa0e7ca3a353f4380c1307dc25 Mon Sep 17 00:00:00 2001
From: David Rheinsberg <david.rheinsberg@gmail.com>
Date: Thu, 5 May 2022 10:50:31 +0200
Subject: [PATCH] test-config: add tests for some config samples
Add infrastructure to easily parse config-samples in our test. This
allows us to add any reports about broken configurations easily, and
making sure we will not run into the same issues again.
Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com>
---
src/launch/test-config.c | 97 +++++++++++++++++++++++++++++++++++++---
1 file changed, 91 insertions(+), 6 deletions(-)
diff --git a/src/launch/test-config.c b/src/launch/test-config.c
index 0401a434..c2f8765e 100644
--- a/src/launch/test-config.c
+++ b/src/launch/test-config.c
@@ -9,6 +9,7 @@
#include "launch/config.h"
#include "launch/nss-cache.h"
#include "util/dirwatch.h"
+#include "util/syscall.h"
static const char *test_type2str[_CONFIG_NODE_N] = {
[CONFIG_NODE_BUSCONFIG] = "busconfig",
@@ -35,12 +36,23 @@ static const char *test_type2str[_CONFIG_NODE_N] = {
[CONFIG_NODE_ASSOCIATE] = "associate",
};
-static void print_config(const char *path) {
+static int config_memfd(const char *data) {
+ ssize_t n;
+ int fd;
+
+ fd = syscall_memfd_create("dbus-broker-test-config", 0);
+ c_assert(fd >= 0);
+ n = write(fd, data, strlen(data));
+ c_assert(n == (ssize_t)strlen(data));
+
+ return fd;
+}
+
+static int parse_config(ConfigRoot **rootp, const char *path) {
_c_cleanup_(config_parser_deinit) ConfigParser parser = CONFIG_PARSER_NULL(parser);
_c_cleanup_(config_root_freep) ConfigRoot *root = NULL;
_c_cleanup_(nss_cache_deinit) NSSCache nss_cache = NSS_CACHE_INIT;
_c_cleanup_(dirwatch_freep) Dirwatch *dirwatch = NULL;
- ConfigNode *i_node;
int r;
r = dirwatch_new(&dirwatch);
@@ -49,6 +61,32 @@ static void print_config(const char *path) {
config_parser_init(&parser);
r = config_parser_read(&parser, &root, path, &nss_cache, dirwatch);
+ if (r)
+ return r;
+
+ *rootp = root;
+ root = NULL;
+ return 0;
+}
+
+static int parse_config_inline(ConfigRoot **rootp, const char *data) {
+ _c_cleanup_(c_closep) int fd = -1;
+ _c_cleanup_(c_freep) char *path = NULL;
+ int r;
+
+ fd = config_memfd(data);
+ r = asprintf(&path, "/proc/self/fd/%d", fd);
+ c_assert(r > 0);
+
+ return parse_config(rootp, path);
+}
+
+static void print_config(const char *path) {
+ _c_cleanup_(config_root_freep) ConfigRoot *root = NULL;
+ ConfigNode *i_node;
+ int r;
+
+ r = parse_config(&root, path);
c_assert(!r);
c_list_for_each_entry(i_node, &root->node_list, root_link) {
@@ -56,18 +94,65 @@ static void print_config(const char *path) {
}
}
-static void test_config(void) {
+static void test_config_base(void) {
_c_cleanup_(config_parser_deinit) ConfigParser parser = CONFIG_PARSER_NULL(parser);
config_parser_init(&parser);
config_parser_deinit(&parser);
}
+static void test_config_sample0(void) {
+ _c_cleanup_(config_root_freep) ConfigRoot *root = NULL;
+ const char *data;
+ int r;
+
+ data =
+"<?xml version=\"1.0\"?> <!--*-nxml-*-->\
+<!DOCTYPE g PUBLIC \"-/N\"\
+ \"htt\">\
+<busconfig>\
+ <policy user=\"root\">\
+ <allow own_prefix=\"oramd\"/>\
+ <allow send_interface=\"d\"/>\
+ </policy>\
+ <user ix=\"d\"/>\
+ </cy>";
+
+ r = parse_config_inline(&root, data);
+ c_assert(r == CONFIG_E_INVALID);
+}
+
+static void test_config_sample1(void) {
+ _c_cleanup_(config_root_freep) ConfigRoot *root = NULL;
+ const char *data;
+ int r;
+
+ data =
+"<?xml version=\"1.0\"?> <!--*-nxml-*-->\
+<!DOCTYPE g PUBLIC \"-/N\"\
+ \"htt\">\
+<busconfig>\
+ <policy user=\"root\">\
+ <allow own_prefix=\"oramd\"/>\
+ <allow send_interface=\"d\"/>\
+ </policy>\
+ <policy context=\"default\"/> <user ix=\"d\"/>\
+ </policy>\
+</busconfig>";
+
+ r = parse_config_inline(&root, data);
+ c_assert(r == CONFIG_E_INVALID);
+}
+
int main(int argc, char **argv) {
- if (argc < 2)
- test_config();
- else
+ if (argc > 1) {
print_config(argv[1]);
+ return 0;
+ }
+
+ test_config_base();
+ test_config_sample0();
+ test_config_sample1();
return 0;
}

30
SOURCES/b82b670bfec6600d0144bcb9ca635fb07c80118f.patch
Unescape View File

@ -0,0 +1,30 @@
From b82b670bfec6600d0144bcb9ca635fb07c80118f Mon Sep 17 00:00:00 2001
From: David Rheinsberg <david.rheinsberg@gmail.com>
Date: Thu, 18 Mar 2021 12:13:16 +0100
Subject: [PATCH] launch/policy: fix at_console range assertion again
The previous fix did not actually consider that a full range can span up
until (uint32_t)-1. Fix this properly now, and just check manually for
an empty range before checking that the highest entry in the range can
be represented.
Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com>
---
src/launch/policy.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/launch/policy.c b/src/launch/policy.c
index 75eb0d3..6999ceb 100644
--- a/src/launch/policy.c
+++ b/src/launch/policy.c
@@ -935,9 +935,7 @@ static int policy_export_console(Policy *policy, sd_bus_message *m, PolicyEntrie
int r;
/* check for overflow */
- c_assert(uid_start + n_uid >= uid_start);
- /* check for encoding into dbus `u` type */
- c_assert(uid_start + n_uid <= (uint32_t)-1);
+ c_assert(n_uid == 0 || uid_start + n_uid - 1 >= uid_start);
if (n_uid == 0)
return 0;

66
SOURCES/cve-2022-31212.patch
Unescape View File

@ -0,0 +1,66 @@
From 7fd15f8e272136955f7ffc37df29fbca9ddceca1 Mon Sep 17 00:00:00 2001
From: David Rheinsberg <david.rheinsberg@gmail.com>
Date: Tue, 19 Apr 2022 13:11:02 +0200
Subject: [PATCH] strnspn: fix buffer overflow
Fix the strnspn and strncspn functions to use a properly sized buffer.
It used to be 1 byte too short. Checking for `0xff` in a string will
thus write `0xff` once byte beyond the stack space of the local buffer.
Note that the public API does not allow to pass `0xff` to those
functions. Therefore, this is a read-only buffer overrun, possibly
causing bogus reports from the parser, but still well-defined.
Reported-by: Steffen Robertz
Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com>
---
/subprojects/c-shquote/src/c-shquote.c | 4 ++--
/subprojects/c-shquote/src/test-private.c | 6 ++++++
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a//subprojects/c-shquote/src/c-shquote.c b//subprojects/c-shquote/src/c-shquote.c
index b268906..abb55d6 100644
--- a//subprojects/c-shquote/src/c-shquote.c
+++ b//subprojects/c-shquote/src/c-shquote.c
@@ -85,7 +85,7 @@ int c_shquote_consume_char(char **outp,
size_t c_shquote_strnspn(const char *string,
size_t n_string,
const char *accept) {
- bool buffer[UCHAR_MAX] = {};
+ bool buffer[UCHAR_MAX + 1] = {};
for ( ; *accept; ++accept)
buffer[(unsigned char)*accept] = true;
@@ -100,7 +100,7 @@ size_t c_shquote_strnspn(const char *string,
size_t c_shquote_strncspn(const char *string,
size_t n_string,
const char *reject) {
- bool buffer[UCHAR_MAX] = {};
+ bool buffer[UCHAR_MAX + 1] = {};
if (strlen(reject) == 1) {
const char *p;
diff --git a//subprojects/c-shquote/src/test-private.c b//subprojects/c-shquote/src/test-private.c
index 57a7250..c6afe40 100644
--- a//subprojects/c-shquote/src/test-private.c
+++ b//subprojects/c-shquote/src/test-private.c
@@ -148,6 +148,9 @@ static void test_strnspn(void) {
len = c_shquote_strnspn("ab", 2, "bc");
c_assert(len == 0);
+
+ len = c_shquote_strnspn("ab", 2, "\xff");
+ c_assert(len == 0);
}
static void test_strncspn(void) {
@@ -167,6 +170,9 @@ static void test_strncspn(void) {
len = c_shquote_strncspn("ab", 2, "cd");
c_assert(len == 2);
+
+ len = c_shquote_strncspn("ab", 2, "\xff");
+ c_assert(len == 2);
}
static void test_discard_comment(void) {

35
SOURCES/cve-2022-31213.patch
Unescape View File

@ -0,0 +1,35 @@
From 4fefc3908ce527de4ca3d7386886c2447d6b4c14 Mon Sep 17 00:00:00 2001
From: David Rheinsberg <david.rheinsberg@gmail.com>
Date: Tue, 19 Apr 2022 13:29:53 +0200
Subject: [PATCH] launch/config: keep empty cdata around
We expect the `node->cdata` pointer to contain the actual content of an
XML entry. Make sure it is initialized to an empty string, so we can
dereference it without checking for validity everywhere.
Note that we want it to be an owned string, to allow claiming the value.
We will avoid any `n_cdata + 'static ""` here, to keep the code simple.
The performance of that strdup() merely affects XML parsing, no bus
runtime.
Reported-by: Steffen Robertz
Signed-off-by: David Rheinsberg <david.rheinsberg@gmail.com>
---
src/launch/config.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/launch/config.c b/src/launch/config.c
index 490d7b7d..cb7e3fae 100644
--- a/src/launch/config.c
+++ b/src/launch/config.c
@@ -133,6 +133,10 @@ int config_node_new(ConfigNode **nodep, ConfigNode *parent, unsigned int type) {
break;
}
+ node->cdata = strdup("");
+ if (!node->cdata)
+ return error_origin(-ENOMEM);
+
*nodep = node;
node = NULL;
return 0;

317
SPECS/dbus-broker.spec
Unescape View File

@ -0,0 +1,317 @@
%global dbus_user_id 81
Name: dbus-broker
Version: 28
Release: 7%{?dist}
Summary: Linux D-Bus Message Broker
License: ASL 2.0
URL: https://github.com/bus1/dbus-broker
Source0: https://github.com/bus1/dbus-broker/releases/download/v%{version}/dbus-broker-%{version}.tar.xz
Patch0000: https://github.com/bus1/dbus-broker/commit/1add8a7d60e46806e0ef87994d3024245db0d84a.patch
Patch0001: https://github.com/bus1/dbus-broker/commit/b82b670bfec6600d0144bcb9ca635fb07c80118f.patch
Patch0002: cve-2022-31212.patch
Patch0003: cve-2022-31213.patch
Patch0004: https://github.com/bus1/dbus-broker/commit/33e0595b1c7cf8fa0e7ca3a353f4380c1307dc25.patch
%{?systemd_requires}
BuildRequires: pkgconfig(audit)
BuildRequires: pkgconfig(expat)
BuildRequires: pkgconfig(dbus-1)
BuildRequires: pkgconfig(libcap-ng)
BuildRequires: pkgconfig(libselinux)
BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(systemd)
BuildRequires: gcc
BuildRequires: glibc-devel
BuildRequires: meson
BuildRequires: python3-docutils
Requires: dbus-common
Requires(pre): shadow-utils
Requires(post): /usr/bin/systemctl
# for triggerpostun
Requires: /usr/bin/systemctl
%description
dbus-broker is an implementation of a message bus as defined by the D-Bus
specification. Its aim is to provide high performance and reliability, while
keeping compatibility to the D-Bus reference implementation. It is exclusively
written for Linux systems, and makes use of many modern features provided by
recent Linux kernel releases.
%prep
%autosetup -p1
%build
%meson -Dselinux=true -Daudit=true -Ddocs=true -Dsystem-console-users=gdm -Dlinux-4-17=true
%meson_build
%install
%meson_install
%check
%meson_test
%pre
# create dbus user and group
getent group dbus >/dev/null || groupadd -f -g %{dbus_user_id} -r dbus
if ! getent passwd dbus >/dev/null ; then
if ! getent passwd %{dbus_user_id} >/dev/null ; then
useradd -r -u %{dbus_user_id} -g %{dbus_user_id} -d '/' -s /sbin/nologin -c "System message bus" dbus
else
useradd -r -g %{dbus_user_id} -d '/' -s /sbin/nologin -c "System message bus" dbus
fi
fi
exit 0
%post
%systemd_post dbus-broker.service
%systemd_user_post dbus-broker.service
%journal_catalog_update
%preun
%systemd_preun dbus-broker.service
%systemd_user_preun dbus-broker.service
%postun
%systemd_postun dbus-broker.service
%systemd_user_postun dbus-broker.service
%triggerpostun -- dbus-daemon
if [ $2 -eq 0 ] ; then
# The `dbus-daemon` package used to provide the default D-Bus
# implementation. We continue to make sure that if you uninstall it, we
# re-evaluate whether to enable dbus-broker to replace it. If we didnt,
# you might end up without any bus implementation active.
systemctl --no-reload preset dbus-broker.service || :
systemctl --no-reload --global preset dbus-broker.service || :
fi
%files
%license AUTHORS
%license LICENSE
%{_bindir}/dbus-broker
%{_bindir}/dbus-broker-launch
%{_journalcatalogdir}/dbus-broker.catalog
%{_journalcatalogdir}/dbus-broker-launch.catalog
%{_mandir}/man1/dbus-broker.1*
%{_mandir}/man1/dbus-broker-launch.1*
%{_unitdir}/dbus-broker.service
%{_userunitdir}/dbus-broker.service
%changelog
* Mon Aug 22 2022 Frantisek Sumsal <fsumsal@redhat.com> - 28-7
- Add coverage for CVE-2022-31213 and other config-file-related issues
Related: CVE-2022-31213
* Tue Aug 02 2022 Jakub Martisko <jamartis@redhat.com> - 28-6
- Fix a stack buffer over-read in the c-shquote library
- Fix null pointer reference when supplying a malformed XML config file
Resolves: CVE-2022-31212
Resolves: CVE-2022-31213
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 28-5
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 28-4
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Thu Mar 18 2021 David Rheinsberg <david.rheinsberg@gmail.com> - 28-3
- Apply another fix for incorrect at_console range assertion.
* Thu Mar 18 2021 David Rheinsberg <david.rheinsberg@gmail.com> - 28-2
- Apply fix for incorrect at_console range assertion.
* Thu Mar 18 2021 David Rheinsberg <david.rheinsberg@gmail.com> - 28-1
- Update to upstream v28.
- Drop unused c-util based bundling annotations.
* Wed Feb 17 2021 David Rheinsberg <david.rheinsberg@gmail.com> - 27-2
- Apply activation-tracking bugfixes from upstream.
* Mon Feb 15 2021 David Rheinsberg <david.rheinsberg@gmail.com> - 27-1
- Update to upstream v27.
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 26-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jan 20 2021 David Rheinsberg <david.rheinsberg@gmail.com> - 26-1
- Update to upstream v26.
* Wed Jan 6 2021 Jeff Law <law@redhat.com> - 24-2
- Bump NVR to force rebuild with gcc-11
* Fri Sep 4 2020 David Rheinsberg <david.rheinsberg@gmail.com> - 24-1
- Update to upstream v24. Only minor changes to the diagnostic messages as
well as audit-events.
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 23-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Mon May 11 2020 Adam Williamson <awilliam@redhat.com> - 23-2
- Fix missing % in macro invocations in %post
* Mon May 11 2020 David Rheinsberg <david.rheinsberg@gmail.com> - 23-1
- Update to upstream v23.
* Mon May 4 2020 David Rheinsberg <david.rheinsberg@gmail.com> - 22-3
- Drop dbus-daemon -> dbus-broker live system conversion. New setups will
automatically pick up dbus-broker as default implementation. If you upgrade
from pre-F30, you will not get any auto upgrade anymore. Deinstalling the
dbus-daemon package will, however, automatically pick up dbus-broker.
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 21-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 21-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Sun Jul 14 2019 Neal Gompa <ngompa13@gmail.com> - 21-5
- Fix reference to dbus_user_id macro in scriptlet
* Wed Jul 10 2019 Jonathan Brielmaier <jbrielmaier@suse.de> - 21-4
- Make creation of dbus user/group more robust, fixes #1717925
* Thu May 9 2019 Tom Gundersen <teg@jklm.no> - 21-2
- Gracefully handle missing FDs in received messages, #1706883
- Minor bugfixes
* Fri May 3 2019 Tom Gundersen <teg@jklm.no> - 21-1
- Don't fail on EACCESS when reading config, fixes #1704920
* Thu May 2 2019 Tom Gundersen <teg@jklm.no> - 21-1
- Minor bugfixes related to config reload for #1704488
* Wed Apr 17 2019 Tom Gundersen <teg@jklm.no> - 20-4
- Fix assert due to failing reload #1700514
* Tue Apr 16 2019 Adam Williamson <awilliam@redhat.com> - 20-3
- Rebuild with Meson fix for #1699099
* Thu Apr 11 2019 Tom Gundersen <teg@jklm.no> - 20-2
- Fix the c_assert macro
* Wed Apr 10 2019 Tom Gundersen <teg@jklm.no> - 20-1
- Improve handling of broken or deprecated configuration
- Avoid at_console workaround if possible
* Tue Apr 9 2019 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 19-2
- Add a temporary generator to fix switching from dbus-daemon to
dbus-broker (#1674045)
* Thu Mar 28 2019 Tom Gundersen <teg@jklm.no> - 19-1
- Minor bug fixes
* Thu Feb 21 2019 Tom Gundersen <teg@jklm.no> - 18-1
- Minor bug fixes
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 17-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 14 2019 Tom Gundersen <teg@jklm.no> - 17-3
- run in the root network namespace
* Sat Jan 12 2019 Tom Gundersen <teg@jklm.no> - 17-2
- ignore config files that cannot be opened (fix rhbz #1665450)
* Wed Jan 2 2019 Tom Gundersen <teg@jklm.no> - 17-1
- apply more sandboxing through systemd
- improve logging on disconnect
- don't send FDs to clients who don't declare support
* Wed Nov 28 2018 Tom Gundersen <teg@jklm.no> - 16-8
- don't apply presets on updates to dbus-daemon
* Mon Nov 26 2018 Tom Gundersen <teg@jklm.no> - 16-7
- enable service file correctly at install
* Mon Nov 26 2018 Tom Gundersen <teg@jklm.no> - 16-5
- use full paths when calling binaries from rpm scripts
* Sun Nov 25 2018 Tom Gundersen <teg@jklm.no> - 16-4
- fix SELinux bug
* Tue Oct 30 2018 Tom Gundersen <teg@jklm.no> - 16-3
- add explicit systemctl dependency
* Tue Oct 23 2018 David Herrmann <dh.herrmann@gmail.com> - 16-2
- create dbus user and group if non-existant
- add explicit %%postlets to switch over to the broker as default
* Fri Oct 12 2018 Tom Gundersen <teg@jklm.no> - 16-1
- make resource limits configurable
- rerun presets in case dbus-daemon is disabled
* Thu Aug 30 2018 Tom Gundersen <teg@jklm.no> - 15-4
- depend on dbus-common rather than dbus
* Wed Aug 29 2018 Tom Gundersen <teg@jklm.no> - 15-3
- run %%systemd_user rpm macros
* Mon Aug 27 2018 Tom Gundersen <teg@jklm.no> - 15-2
- add back --verbose switch for backwards compatibility
* Wed Aug 08 2018 Tom Gundersen <teg@jklm.no> - 15-1
- fix audit support
- make logging about invalid config less verbose
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 14-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Tue Jul 03 2018 Tom Gundersen <teg@jklm.no> - 14-1
- use inotify to reload config automatically
- run as the right user
- new compatibility features, bugfixes and performance enhancements
* Mon Apr 23 2018 Tom Gundersen <teg@jklm.no> - 13-1
- Namespace transient systemd units per launcher instance
- Reduce reliance on NSS
- Fix deadlock with nss-systemd
* Wed Feb 21 2018 Tom Gundersen <teg@jklm.no> - 11-1
- The 'gdm' user is now considered at_console=true
- Bugfixes and performance enhancements
* Wed Feb 07 2018 Tom Gundersen <teg@jklm.no> - 10-1
- Bugfixes and performance enhancements
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Thu Nov 30 2017 Tom Gundersen <teg@jklm.no> - 9-1
- Avoid nss deadlock at start-up
- Support ExecReload
- Respect User= in service files
* Tue Oct 17 2017 Tom Gundersen <teg@jklm.no> - 8-1
- Dont clean-up children of activated services by default
- Dont use audit from the user instance
- Support the ReloadConfig() API
* Tue Oct 17 2017 Tom Gundersen <teg@jklm.no> - 7-1
- Upstream bugfix release
* Mon Oct 16 2017 Tom Gundersen <teg@jklm.no> - 6-1
- Upstream bugfix release
* Tue Oct 10 2017 Tom Gundersen <teg@jklm.no> - 5-1
- Drop downstream SELinux module
- Support (in a limited way) at_console= policies
- Order dbus-broker before basic.target
* Fri Sep 08 2017 Tom Gundersen <teg@jklm.no> - 4-1
- Use audit for SELinux logging
- Support full search-paths for service files
- Log policy failures
* Fri Aug 18 2017 Tom Gundersen <teg@jklm.no> - 3-1
- Add manpages
* Wed Aug 16 2017 Tom Gundersen <teg@jklm.no> - 2-2
- Add license to package
* Wed Aug 16 2017 Tom Gundersen <teg@jklm.no> - 2-1
- Add SELinux support
* Sun Aug 13 2017 Tom Gundersen <teg@jklm.no> - 1-1
- Initial RPM release
Write Preview
Loading…
Cancel
Save