!25 change dbus group ID to 81

From: @nettingsisyphus
Reviewed-by: @zhujianwei001,@overweight
Signed-off-by: @overweight

dbus-1.12.20-Changelog

@@ -1,80 +1,80 @@
-dbus 1.12.20 (2020-07-02)
+dbus 1.12.20 (2020-07-02)
-=========================
+=========================
-
+
-The “temporary nemesis” release.
+The “temporary nemesis” release.
-
+
-Maybe security fixes:
+Maybe security fixes:
-
+
-• On Unix, avoid a use-after-free if two usernames have the same
+• On Unix, avoid a use-after-free if two usernames have the same
-  numeric uid. In older versions this could lead to a crash (denial of
+  numeric uid. In older versions this could lead to a crash (denial of
-  service) or other undefined behaviour, possibly including incorrect
+  service) or other undefined behaviour, possibly including incorrect
-  authorization decisions if <policy group=...> is used.
+  authorization decisions if <policy group=...> is used.
-  Like Unix filesystems, D-Bus' model of identity cannot distinguish
+  Like Unix filesystems, D-Bus' model of identity cannot distinguish
-  between users of different names with the same numeric uid, so this
+  between users of different names with the same numeric uid, so this
-  configuration is not advisable on systems where D-Bus will be used.
+  configuration is not advisable on systems where D-Bus will be used.
-  Thanks to Daniel Onaca.
+  Thanks to Daniel Onaca.
-  (dbus#305, dbus!166; Simon McVittie)
+  (dbus#305, dbus!166; Simon McVittie)
-
+
-Other fixes:
+Other fixes:
-
+
-• On Solaris and its derivatives, if a cmsg header is truncated, ensure
+• On Solaris and its derivatives, if a cmsg header is truncated, ensure
-  that we do not overrun the buffer used for fd-passing, even if the
+  that we do not overrun the buffer used for fd-passing, even if the
-  kernel tells us to.
+  kernel tells us to.
-  (dbus#304, dbus!165; Andy Fiddaman)
+  (dbus#304, dbus!165; Andy Fiddaman)
-
+
-dbus 1.12.18 (2020-06-02)
+dbus 1.12.18 (2020-06-02)
-=========================
+=========================
-
+
-The “telepathic vines” release.
+The “telepathic vines” release.
-
+
-Denial of service fixes:
+Denial of service fixes:
-
+
-• CVE-2020-12049: If a message contains more file descriptors than can
+• CVE-2020-12049: If a message contains more file descriptors than can
-  be sent, close those that did get through before reporting error.
+  be sent, close those that did get through before reporting error.
-  Previously, a local attacker could cause the system dbus-daemon (or
+  Previously, a local attacker could cause the system dbus-daemon (or
-  another system service with its own DBusServer) to run out of file
+  another system service with its own DBusServer) to run out of file
-  descriptors, by repeatedly connecting to the server and sending fds that
+  descriptors, by repeatedly connecting to the server and sending fds that
-  would get leaked.
+  would get leaked.
-  Thanks to Kevin Backhouse of GitHub Security Lab.
+  Thanks to Kevin Backhouse of GitHub Security Lab.
-  (dbus#294, GHSL-2020-057; Simon McVittie)
+  (dbus#294, GHSL-2020-057; Simon McVittie)
-
+
-Other fixes:
+Other fixes:
-
+
-• Fix a crash when the dbus-daemon is terminated while one or more
+• Fix a crash when the dbus-daemon is terminated while one or more
-  monitors are active (dbus#291, dbus!140; Simon McVittie)
+  monitors are active (dbus#291, dbus!140; Simon McVittie)
-
+
-• The dbus-send(1) man page now documents --bus and --peer instead of
+• The dbus-send(1) man page now documents --bus and --peer instead of
-  the old --address synonym for --peer, which has been deprecated since
+  the old --address synonym for --peer, which has been deprecated since
-  the introduction of --bus and --peer in 1.7.6
+  the introduction of --bus and --peer in 1.7.6
-  (fd.o #48816, dbus!115; Chris Morin)
+  (fd.o #48816, dbus!115; Chris Morin)
-
+
-• Fix a wrong environment variable name in dbus-daemon(1)
+• Fix a wrong environment variable name in dbus-daemon(1)
-  (dbus#275, dbus!122; Mubin, Philip Withnall)
+  (dbus#275, dbus!122; Mubin, Philip Withnall)
-
+
-• Fix formatting of dbus_message_append_args example
+• Fix formatting of dbus_message_append_args example
-  (dbus!126, Felipe Franciosi)
+  (dbus!126, Felipe Franciosi)
-
+
-• Avoid a test failure on Linux when built in a container as uid 0, but
+• Avoid a test failure on Linux when built in a container as uid 0, but
-  without the necessary privileges to increase resource limits
+  without the necessary privileges to increase resource limits
-  (dbus!58, Debian #908092; Simon McVittie)
+  (dbus!58, Debian #908092; Simon McVittie)
-
+
-• When building with CMake, cope with libX11 in a non-standard location
+• When building with CMake, cope with libX11 in a non-standard location
-  (dbus!129, Tuomo Rinne)
+  (dbus!129, Tuomo Rinne)
-
+
-dbus 1.12.16 (2019-06-11)
+dbus 1.12.16 (2019-06-11)
-=========================
+=========================
-
+
-The “tree cat” release.
+The “tree cat” release.
-
+
-Security fixes:
+Security fixes:
-
+
-• CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
+• CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
-  authentication for identities that differ from the user running the
+  authentication for identities that differ from the user running the
-  DBusServer. Previously, a local attacker could manipulate symbolic
+  DBusServer. Previously, a local attacker could manipulate symbolic
-  links in their own home directory to bypass authentication and connect
+  links in their own home directory to bypass authentication and connect
-  to a DBusServer with elevated privileges. The standard system and
+  to a DBusServer with elevated privileges. The standard system and
-  session dbus-daemons in their default configuration were immune to this
+  session dbus-daemons in their default configuration were immune to this
-  attack because they did not allow DBUS_COOKIE_SHA1, but third-party
+  attack because they did not allow DBUS_COOKIE_SHA1, but third-party
-  users of DBusServer such as Upstart could be vulnerable.
+  users of DBusServer such as Upstart could be vulnerable.
-  Thanks to Joe Vennix of Apple Information Security.
+  Thanks to Joe Vennix of Apple Information Security.
   (dbus#269, Simon McVittie)

dbus.spec

@@ -1,9 +1,9 @@
 Name:     dbus
 Epoch:    1
 Version:  1.12.20
-Release:  2
+Release:  3
 Summary:  System Message Bus
-License:  AFLv2.1 or GPLv2+
+License:  AFLv3.0 or GPLv2+
 URL:      http://www.freedesktop.org/Software/dbus/
 Source0:  https://dbus.freedesktop.org/releases/dbus/%{name}-%{version}.tar.gz
 Source1:  00-start-message-bus.sh
@@ -120,8 +120,14 @@ make check
 
 %pre daemon
 # Add the "dbus" user and group
-%{_sbindir}/groupadd -r dbus 2>/dev/null || :
+getent group dbus > /dev/null || groupadd -f -g 81 -r dbus
-%{_sbindir}/useradd -r -c 'D-Bus' -g dbus -s /sbin/nologin -d %{_localstatedir}/run/dbus dbus 2> /dev/null || :
+if ! getent passwd dbus > /dev/null ; then
+    if ! getent passwd 81 > /dev/null ; then
+        useradd -r -u 81 -c 'D-Bus' -g dbus -s /sbin/nologin -d %{_localstatedir}/run/dbus dbus
+    else
+        useradd -r -g dbus -c 'D-Bus' -s /sbin/nologin -d %{_localstatedir}/run/dbus dbus
+    fi
+fi
 
 %preun daemon
 %systemd_preun dbus.service dbus.socket
@@ -215,6 +221,9 @@ make check
 %exclude %{_pkgdocdir}/README
 
 %changelog
+* Tue Mar 16 2021 Anakin Zhang <benjamin93@163.com> - 1:1.12.20-3
+- change dbus group ID to 81
+
 * Tue Nov 13 2020 xielh2000 <xielh2000@163.com> - 1:1.12.20-2
 - Add from 1.12.16 to 1.12.20 of changelog and README.en