From 520ce24d8ad1f8c806dc37a05fc583da119c09bc Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 15 Nov 2022 02:05:39 -0500 Subject: [PATCH] import dbus-broker-28-7.el9 --- .dbus-broker.metadata | 1 + .gitignore | 1 + ...8a7d60e46806e0ef87994d3024245db0d84a.patch | 38 +++ ...595b1c7cf8fa0e7ca3a353f4380c1307dc25.patch | 155 +++++++++ ...670bfec6600d0144bcb9ca635fb07c80118f.patch | 30 ++ SOURCES/cve-2022-31212.patch | 66 ++++ SOURCES/cve-2022-31213.patch | 35 ++ SPECS/dbus-broker.spec | 317 ++++++++++++++++++ 8 files changed, 643 insertions(+) create mode 100644 .dbus-broker.metadata create mode 100644 .gitignore create mode 100644 SOURCES/1add8a7d60e46806e0ef87994d3024245db0d84a.patch create mode 100644 SOURCES/33e0595b1c7cf8fa0e7ca3a353f4380c1307dc25.patch create mode 100644 SOURCES/b82b670bfec6600d0144bcb9ca635fb07c80118f.patch create mode 100644 SOURCES/cve-2022-31212.patch create mode 100644 SOURCES/cve-2022-31213.patch create mode 100644 SPECS/dbus-broker.spec diff --git a/.dbus-broker.metadata b/.dbus-broker.metadata new file mode 100644 index 0000000..05e5a35 --- /dev/null +++ b/.dbus-broker.metadata @@ -0,0 +1 @@ +2602b87b336875bc1fd6866004f16013e6cf3fe4 SOURCES/dbus-broker-28.tar.xz diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e8177c7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/dbus-broker-28.tar.xz diff --git a/SOURCES/1add8a7d60e46806e0ef87994d3024245db0d84a.patch b/SOURCES/1add8a7d60e46806e0ef87994d3024245db0d84a.patch new file mode 100644 index 0000000..76db910 --- /dev/null +++ b/SOURCES/1add8a7d60e46806e0ef87994d3024245db0d84a.patch @@ -0,0 +1,38 @@ +From 1add8a7d60e46806e0ef87994d3024245db0d84a Mon Sep 17 00:00:00 2001 +From: David Rheinsberg +Date: Thu, 18 Mar 2021 11:10:02 +0100 +Subject: [PATCH] launch/policy: fix incorrect assertion for at_console + +We write at_console policies for ranges of uids. If one of those ranges +is 0, an overflow assertion will incorrectly fire. Fix this and simplify +the assertions for better readability. + +Note that such empty ranges will happen if more than one user on the +system is considered `at_console` **and** those users have consecutive +UIDs. Another possibility for empty ranges is when uid 0 is considered +at_console. + +In any case, the assertion will abort the application incorrectly. So +this is not a security issue, but merely an incorrect assertion. + +Signed-off-by: David Rheinsberg +--- + src/launch/policy.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/launch/policy.c b/src/launch/policy.c +index f91f11b..75eb0d3 100644 +--- a/src/launch/policy.c ++++ b/src/launch/policy.c +@@ -934,7 +934,10 @@ static int policy_export_xmit(Policy *policy, CList *list1, CList *list2, sd_bus + static int policy_export_console(Policy *policy, sd_bus_message *m, PolicyEntries *entries, uint32_t uid_start, uint32_t n_uid) { + int r; + +- c_assert(((uint32_t)-1) - n_uid + 1 >= uid_start); ++ /* check for overflow */ ++ c_assert(uid_start + n_uid >= uid_start); ++ /* check for encoding into dbus `u` type */ ++ c_assert(uid_start + n_uid <= (uint32_t)-1); + + if (n_uid == 0) + return 0; diff --git a/SOURCES/33e0595b1c7cf8fa0e7ca3a353f4380c1307dc25.patch b/SOURCES/33e0595b1c7cf8fa0e7ca3a353f4380c1307dc25.patch new file mode 100644 index 0000000..9260d5a --- /dev/null +++ b/SOURCES/33e0595b1c7cf8fa0e7ca3a353f4380c1307dc25.patch @@ -0,0 +1,155 @@ +From 33e0595b1c7cf8fa0e7ca3a353f4380c1307dc25 Mon Sep 17 00:00:00 2001 +From: David Rheinsberg +Date: Thu, 5 May 2022 10:50:31 +0200 +Subject: [PATCH] test-config: add tests for some config samples + +Add infrastructure to easily parse config-samples in our test. This +allows us to add any reports about broken configurations easily, and +making sure we will not run into the same issues again. + +Signed-off-by: David Rheinsberg +--- + src/launch/test-config.c | 97 +++++++++++++++++++++++++++++++++++++--- + 1 file changed, 91 insertions(+), 6 deletions(-) + +diff --git a/src/launch/test-config.c b/src/launch/test-config.c +index 0401a434..c2f8765e 100644 +--- a/src/launch/test-config.c ++++ b/src/launch/test-config.c +@@ -9,6 +9,7 @@ + #include "launch/config.h" + #include "launch/nss-cache.h" + #include "util/dirwatch.h" ++#include "util/syscall.h" + + static const char *test_type2str[_CONFIG_NODE_N] = { + [CONFIG_NODE_BUSCONFIG] = "busconfig", +@@ -35,12 +36,23 @@ static const char *test_type2str[_CONFIG_NODE_N] = { + [CONFIG_NODE_ASSOCIATE] = "associate", + }; + +-static void print_config(const char *path) { ++static int config_memfd(const char *data) { ++ ssize_t n; ++ int fd; ++ ++ fd = syscall_memfd_create("dbus-broker-test-config", 0); ++ c_assert(fd >= 0); ++ n = write(fd, data, strlen(data)); ++ c_assert(n == (ssize_t)strlen(data)); ++ ++ return fd; ++} ++ ++static int parse_config(ConfigRoot **rootp, const char *path) { + _c_cleanup_(config_parser_deinit) ConfigParser parser = CONFIG_PARSER_NULL(parser); + _c_cleanup_(config_root_freep) ConfigRoot *root = NULL; + _c_cleanup_(nss_cache_deinit) NSSCache nss_cache = NSS_CACHE_INIT; + _c_cleanup_(dirwatch_freep) Dirwatch *dirwatch = NULL; +- ConfigNode *i_node; + int r; + + r = dirwatch_new(&dirwatch); +@@ -49,6 +61,32 @@ static void print_config(const char *path) { + config_parser_init(&parser); + + r = config_parser_read(&parser, &root, path, &nss_cache, dirwatch); ++ if (r) ++ return r; ++ ++ *rootp = root; ++ root = NULL; ++ return 0; ++} ++ ++static int parse_config_inline(ConfigRoot **rootp, const char *data) { ++ _c_cleanup_(c_closep) int fd = -1; ++ _c_cleanup_(c_freep) char *path = NULL; ++ int r; ++ ++ fd = config_memfd(data); ++ r = asprintf(&path, "/proc/self/fd/%d", fd); ++ c_assert(r > 0); ++ ++ return parse_config(rootp, path); ++} ++ ++static void print_config(const char *path) { ++ _c_cleanup_(config_root_freep) ConfigRoot *root = NULL; ++ ConfigNode *i_node; ++ int r; ++ ++ r = parse_config(&root, path); + c_assert(!r); + + c_list_for_each_entry(i_node, &root->node_list, root_link) { +@@ -56,18 +94,65 @@ static void print_config(const char *path) { + } + } + +-static void test_config(void) { ++static void test_config_base(void) { + _c_cleanup_(config_parser_deinit) ConfigParser parser = CONFIG_PARSER_NULL(parser); + + config_parser_init(&parser); + config_parser_deinit(&parser); + } + ++static void test_config_sample0(void) { ++ _c_cleanup_(config_root_freep) ConfigRoot *root = NULL; ++ const char *data; ++ int r; ++ ++ data = ++" \ ++\ ++\ ++ \ ++ \ ++ \ ++ \ ++ \ ++ "; ++ ++ r = parse_config_inline(&root, data); ++ c_assert(r == CONFIG_E_INVALID); ++} ++ ++static void test_config_sample1(void) { ++ _c_cleanup_(config_root_freep) ConfigRoot *root = NULL; ++ const char *data; ++ int r; ++ ++ data = ++" \ ++\ ++\ ++ \ ++ \ ++ \ ++ \ ++ \ ++ \ ++"; ++ ++ r = parse_config_inline(&root, data); ++ c_assert(r == CONFIG_E_INVALID); ++} ++ + int main(int argc, char **argv) { +- if (argc < 2) +- test_config(); +- else ++ if (argc > 1) { + print_config(argv[1]); ++ return 0; ++ } ++ ++ test_config_base(); ++ test_config_sample0(); ++ test_config_sample1(); + + return 0; + } diff --git a/SOURCES/b82b670bfec6600d0144bcb9ca635fb07c80118f.patch b/SOURCES/b82b670bfec6600d0144bcb9ca635fb07c80118f.patch new file mode 100644 index 0000000..7f73592 --- /dev/null +++ b/SOURCES/b82b670bfec6600d0144bcb9ca635fb07c80118f.patch @@ -0,0 +1,30 @@ +From b82b670bfec6600d0144bcb9ca635fb07c80118f Mon Sep 17 00:00:00 2001 +From: David Rheinsberg +Date: Thu, 18 Mar 2021 12:13:16 +0100 +Subject: [PATCH] launch/policy: fix at_console range assertion again + +The previous fix did not actually consider that a full range can span up +until (uint32_t)-1. Fix this properly now, and just check manually for +an empty range before checking that the highest entry in the range can +be represented. + +Signed-off-by: David Rheinsberg +--- + src/launch/policy.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/src/launch/policy.c b/src/launch/policy.c +index 75eb0d3..6999ceb 100644 +--- a/src/launch/policy.c ++++ b/src/launch/policy.c +@@ -935,9 +935,7 @@ static int policy_export_console(Policy *policy, sd_bus_message *m, PolicyEntrie + int r; + + /* check for overflow */ +- c_assert(uid_start + n_uid >= uid_start); +- /* check for encoding into dbus `u` type */ +- c_assert(uid_start + n_uid <= (uint32_t)-1); ++ c_assert(n_uid == 0 || uid_start + n_uid - 1 >= uid_start); + + if (n_uid == 0) + return 0; diff --git a/SOURCES/cve-2022-31212.patch b/SOURCES/cve-2022-31212.patch new file mode 100644 index 0000000..0b2f460 --- /dev/null +++ b/SOURCES/cve-2022-31212.patch @@ -0,0 +1,66 @@ +From 7fd15f8e272136955f7ffc37df29fbca9ddceca1 Mon Sep 17 00:00:00 2001 +From: David Rheinsberg +Date: Tue, 19 Apr 2022 13:11:02 +0200 +Subject: [PATCH] strnspn: fix buffer overflow + +Fix the strnspn and strncspn functions to use a properly sized buffer. +It used to be 1 byte too short. Checking for `0xff` in a string will +thus write `0xff` once byte beyond the stack space of the local buffer. + +Note that the public API does not allow to pass `0xff` to those +functions. Therefore, this is a read-only buffer overrun, possibly +causing bogus reports from the parser, but still well-defined. + +Reported-by: Steffen Robertz +Signed-off-by: David Rheinsberg +--- + /subprojects/c-shquote/src/c-shquote.c | 4 ++-- + /subprojects/c-shquote/src/test-private.c | 6 ++++++ + 2 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a//subprojects/c-shquote/src/c-shquote.c b//subprojects/c-shquote/src/c-shquote.c +index b268906..abb55d6 100644 +--- a//subprojects/c-shquote/src/c-shquote.c ++++ b//subprojects/c-shquote/src/c-shquote.c +@@ -85,7 +85,7 @@ int c_shquote_consume_char(char **outp, + size_t c_shquote_strnspn(const char *string, + size_t n_string, + const char *accept) { +- bool buffer[UCHAR_MAX] = {}; ++ bool buffer[UCHAR_MAX + 1] = {}; + + for ( ; *accept; ++accept) + buffer[(unsigned char)*accept] = true; +@@ -100,7 +100,7 @@ size_t c_shquote_strnspn(const char *string, + size_t c_shquote_strncspn(const char *string, + size_t n_string, + const char *reject) { +- bool buffer[UCHAR_MAX] = {}; ++ bool buffer[UCHAR_MAX + 1] = {}; + + if (strlen(reject) == 1) { + const char *p; +diff --git a//subprojects/c-shquote/src/test-private.c b//subprojects/c-shquote/src/test-private.c +index 57a7250..c6afe40 100644 +--- a//subprojects/c-shquote/src/test-private.c ++++ b//subprojects/c-shquote/src/test-private.c +@@ -148,6 +148,9 @@ static void test_strnspn(void) { + + len = c_shquote_strnspn("ab", 2, "bc"); + c_assert(len == 0); ++ ++ len = c_shquote_strnspn("ab", 2, "\xff"); ++ c_assert(len == 0); + } + + static void test_strncspn(void) { +@@ -167,6 +170,9 @@ static void test_strncspn(void) { + + len = c_shquote_strncspn("ab", 2, "cd"); + c_assert(len == 2); ++ ++ len = c_shquote_strncspn("ab", 2, "\xff"); ++ c_assert(len == 2); + } + + static void test_discard_comment(void) { diff --git a/SOURCES/cve-2022-31213.patch b/SOURCES/cve-2022-31213.patch new file mode 100644 index 0000000..683084b --- /dev/null +++ b/SOURCES/cve-2022-31213.patch @@ -0,0 +1,35 @@ +From 4fefc3908ce527de4ca3d7386886c2447d6b4c14 Mon Sep 17 00:00:00 2001 +From: David Rheinsberg +Date: Tue, 19 Apr 2022 13:29:53 +0200 +Subject: [PATCH] launch/config: keep empty cdata around + +We expect the `node->cdata` pointer to contain the actual content of an +XML entry. Make sure it is initialized to an empty string, so we can +dereference it without checking for validity everywhere. + +Note that we want it to be an owned string, to allow claiming the value. +We will avoid any `n_cdata + 'static ""` here, to keep the code simple. +The performance of that strdup() merely affects XML parsing, no bus +runtime. + +Reported-by: Steffen Robertz +Signed-off-by: David Rheinsberg +--- + src/launch/config.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/launch/config.c b/src/launch/config.c +index 490d7b7d..cb7e3fae 100644 +--- a/src/launch/config.c ++++ b/src/launch/config.c +@@ -133,6 +133,10 @@ int config_node_new(ConfigNode **nodep, ConfigNode *parent, unsigned int type) { + break; + } + ++ node->cdata = strdup(""); ++ if (!node->cdata) ++ return error_origin(-ENOMEM); ++ + *nodep = node; + node = NULL; + return 0; diff --git a/SPECS/dbus-broker.spec b/SPECS/dbus-broker.spec new file mode 100644 index 0000000..75a05ec --- /dev/null +++ b/SPECS/dbus-broker.spec @@ -0,0 +1,317 @@ +%global dbus_user_id 81 + +Name: dbus-broker +Version: 28 +Release: 7%{?dist} +Summary: Linux D-Bus Message Broker +License: ASL 2.0 +URL: https://github.com/bus1/dbus-broker +Source0: https://github.com/bus1/dbus-broker/releases/download/v%{version}/dbus-broker-%{version}.tar.xz +Patch0000: https://github.com/bus1/dbus-broker/commit/1add8a7d60e46806e0ef87994d3024245db0d84a.patch +Patch0001: https://github.com/bus1/dbus-broker/commit/b82b670bfec6600d0144bcb9ca635fb07c80118f.patch +Patch0002: cve-2022-31212.patch +Patch0003: cve-2022-31213.patch +Patch0004: https://github.com/bus1/dbus-broker/commit/33e0595b1c7cf8fa0e7ca3a353f4380c1307dc25.patch +%{?systemd_requires} +BuildRequires: pkgconfig(audit) +BuildRequires: pkgconfig(expat) +BuildRequires: pkgconfig(dbus-1) +BuildRequires: pkgconfig(libcap-ng) +BuildRequires: pkgconfig(libselinux) +BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(systemd) +BuildRequires: gcc +BuildRequires: glibc-devel +BuildRequires: meson +BuildRequires: python3-docutils +Requires: dbus-common +Requires(pre): shadow-utils +Requires(post): /usr/bin/systemctl +# for triggerpostun +Requires: /usr/bin/systemctl + +%description +dbus-broker is an implementation of a message bus as defined by the D-Bus +specification. Its aim is to provide high performance and reliability, while +keeping compatibility to the D-Bus reference implementation. It is exclusively +written for Linux systems, and makes use of many modern features provided by +recent Linux kernel releases. + +%prep +%autosetup -p1 + +%build +%meson -Dselinux=true -Daudit=true -Ddocs=true -Dsystem-console-users=gdm -Dlinux-4-17=true +%meson_build + +%install +%meson_install + +%check +%meson_test + +%pre +# create dbus user and group +getent group dbus >/dev/null || groupadd -f -g %{dbus_user_id} -r dbus +if ! getent passwd dbus >/dev/null ; then + if ! getent passwd %{dbus_user_id} >/dev/null ; then + useradd -r -u %{dbus_user_id} -g %{dbus_user_id} -d '/' -s /sbin/nologin -c "System message bus" dbus + else + useradd -r -g %{dbus_user_id} -d '/' -s /sbin/nologin -c "System message bus" dbus + fi +fi +exit 0 + +%post +%systemd_post dbus-broker.service +%systemd_user_post dbus-broker.service +%journal_catalog_update + +%preun +%systemd_preun dbus-broker.service +%systemd_user_preun dbus-broker.service + +%postun +%systemd_postun dbus-broker.service +%systemd_user_postun dbus-broker.service + +%triggerpostun -- dbus-daemon +if [ $2 -eq 0 ] ; then + # The `dbus-daemon` package used to provide the default D-Bus + # implementation. We continue to make sure that if you uninstall it, we + # re-evaluate whether to enable dbus-broker to replace it. If we didnt, + # you might end up without any bus implementation active. + systemctl --no-reload preset dbus-broker.service || : + systemctl --no-reload --global preset dbus-broker.service || : +fi + +%files +%license AUTHORS +%license LICENSE +%{_bindir}/dbus-broker +%{_bindir}/dbus-broker-launch +%{_journalcatalogdir}/dbus-broker.catalog +%{_journalcatalogdir}/dbus-broker-launch.catalog +%{_mandir}/man1/dbus-broker.1* +%{_mandir}/man1/dbus-broker-launch.1* +%{_unitdir}/dbus-broker.service +%{_userunitdir}/dbus-broker.service + +%changelog +* Mon Aug 22 2022 Frantisek Sumsal - 28-7 +- Add coverage for CVE-2022-31213 and other config-file-related issues +Related: CVE-2022-31213 + +* Tue Aug 02 2022 Jakub Martisko - 28-6 +- Fix a stack buffer over-read in the c-shquote library +- Fix null pointer reference when supplying a malformed XML config file +Resolves: CVE-2022-31212 +Resolves: CVE-2022-31213 + +* Mon Aug 09 2021 Mohan Boddu - 28-5 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Thu Apr 15 2021 Mohan Boddu - 28-4 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Thu Mar 18 2021 David Rheinsberg - 28-3 +- Apply another fix for incorrect at_console range assertion. + +* Thu Mar 18 2021 David Rheinsberg - 28-2 +- Apply fix for incorrect at_console range assertion. + +* Thu Mar 18 2021 David Rheinsberg - 28-1 +- Update to upstream v28. +- Drop unused c-util based bundling annotations. + +* Wed Feb 17 2021 David Rheinsberg - 27-2 +- Apply activation-tracking bugfixes from upstream. + +* Mon Feb 15 2021 David Rheinsberg - 27-1 +- Update to upstream v27. + +* Tue Jan 26 2021 Fedora Release Engineering - 26-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jan 20 2021 David Rheinsberg - 26-1 +- Update to upstream v26. + +* Wed Jan 6 2021 Jeff Law - 24-2 +- Bump NVR to force rebuild with gcc-11 + +* Fri Sep 4 2020 David Rheinsberg - 24-1 +- Update to upstream v24. Only minor changes to the diagnostic messages as + well as audit-events. + +* Mon Jul 27 2020 Fedora Release Engineering - 23-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Mon May 11 2020 Adam Williamson - 23-2 +- Fix missing % in macro invocations in %post + +* Mon May 11 2020 David Rheinsberg - 23-1 +- Update to upstream v23. + +* Mon May 4 2020 David Rheinsberg - 22-3 +- Drop dbus-daemon -> dbus-broker live system conversion. New setups will + automatically pick up dbus-broker as default implementation. If you upgrade + from pre-F30, you will not get any auto upgrade anymore. Deinstalling the + dbus-daemon package will, however, automatically pick up dbus-broker. + +* Tue Jan 28 2020 Fedora Release Engineering - 21-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Wed Jul 24 2019 Fedora Release Engineering - 21-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sun Jul 14 2019 Neal Gompa - 21-5 +- Fix reference to dbus_user_id macro in scriptlet + +* Wed Jul 10 2019 Jonathan Brielmaier - 21-4 +- Make creation of dbus user/group more robust, fixes #1717925 + +* Thu May 9 2019 Tom Gundersen - 21-2 +- Gracefully handle missing FDs in received messages, #1706883 +- Minor bugfixes + +* Fri May 3 2019 Tom Gundersen - 21-1 +- Don't fail on EACCESS when reading config, fixes #1704920 + +* Thu May 2 2019 Tom Gundersen - 21-1 +- Minor bugfixes related to config reload for #1704488 + +* Wed Apr 17 2019 Tom Gundersen - 20-4 +- Fix assert due to failing reload #1700514 + +* Tue Apr 16 2019 Adam Williamson - 20-3 +- Rebuild with Meson fix for #1699099 + +* Thu Apr 11 2019 Tom Gundersen - 20-2 +- Fix the c_assert macro + +* Wed Apr 10 2019 Tom Gundersen - 20-1 +- Improve handling of broken or deprecated configuration +- Avoid at_console workaround if possible + +* Tue Apr 9 2019 Zbigniew Jędrzejewski-Szmek - 19-2 +- Add a temporary generator to fix switching from dbus-daemon to + dbus-broker (#1674045) + +* Thu Mar 28 2019 Tom Gundersen - 19-1 +- Minor bug fixes + +* Thu Feb 21 2019 Tom Gundersen - 18-1 +- Minor bug fixes + +* Thu Jan 31 2019 Fedora Release Engineering - 17-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Jan 14 2019 Tom Gundersen - 17-3 +- run in the root network namespace + +* Sat Jan 12 2019 Tom Gundersen - 17-2 +- ignore config files that cannot be opened (fix rhbz #1665450) + +* Wed Jan 2 2019 Tom Gundersen - 17-1 +- apply more sandboxing through systemd +- improve logging on disconnect +- don't send FDs to clients who don't declare support + +* Wed Nov 28 2018 Tom Gundersen - 16-8 +- don't apply presets on updates to dbus-daemon + +* Mon Nov 26 2018 Tom Gundersen - 16-7 +- enable service file correctly at install + +* Mon Nov 26 2018 Tom Gundersen - 16-5 +- use full paths when calling binaries from rpm scripts + +* Sun Nov 25 2018 Tom Gundersen - 16-4 +- fix SELinux bug + +* Tue Oct 30 2018 Tom Gundersen - 16-3 +- add explicit systemctl dependency + +* Tue Oct 23 2018 David Herrmann - 16-2 +- create dbus user and group if non-existant +- add explicit %%postlets to switch over to the broker as default + +* Fri Oct 12 2018 Tom Gundersen - 16-1 +- make resource limits configurable +- rerun presets in case dbus-daemon is disabled + +* Thu Aug 30 2018 Tom Gundersen - 15-4 +- depend on dbus-common rather than dbus + +* Wed Aug 29 2018 Tom Gundersen - 15-3 +- run %%systemd_user rpm macros + +* Mon Aug 27 2018 Tom Gundersen - 15-2 +- add back --verbose switch for backwards compatibility + +* Wed Aug 08 2018 Tom Gundersen - 15-1 +- fix audit support +- make logging about invalid config less verbose + +* Thu Jul 12 2018 Fedora Release Engineering - 14-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jul 03 2018 Tom Gundersen - 14-1 +- use inotify to reload config automatically +- run as the right user +- new compatibility features, bugfixes and performance enhancements + +* Mon Apr 23 2018 Tom Gundersen - 13-1 +- Namespace transient systemd units per launcher instance +- Reduce reliance on NSS +- Fix deadlock with nss-systemd + +* Wed Feb 21 2018 Tom Gundersen - 11-1 +- The 'gdm' user is now considered at_console=true +- Bugfixes and performance enhancements + +* Wed Feb 07 2018 Tom Gundersen - 10-1 +- Bugfixes and performance enhancements + +* Wed Feb 07 2018 Fedora Release Engineering - 9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Nov 30 2017 Tom Gundersen - 9-1 +- Avoid nss deadlock at start-up +- Support ExecReload +- Respect User= in service files + +* Tue Oct 17 2017 Tom Gundersen - 8-1 +- Dont clean-up children of activated services by default +- Dont use audit from the user instance +- Support the ReloadConfig() API + +* Tue Oct 17 2017 Tom Gundersen - 7-1 +- Upstream bugfix release + +* Mon Oct 16 2017 Tom Gundersen - 6-1 +- Upstream bugfix release + +* Tue Oct 10 2017 Tom Gundersen - 5-1 +- Drop downstream SELinux module +- Support (in a limited way) at_console= policies +- Order dbus-broker before basic.target + +* Fri Sep 08 2017 Tom Gundersen - 4-1 +- Use audit for SELinux logging +- Support full search-paths for service files +- Log policy failures + +* Fri Aug 18 2017 Tom Gundersen - 3-1 +- Add manpages + +* Wed Aug 16 2017 Tom Gundersen - 2-2 +- Add license to package + +* Wed Aug 16 2017 Tom Gundersen - 2-1 +- Add SELinux support + +* Sun Aug 13 2017 Tom Gundersen - 1-1 +- Initial RPM release +