Change log for dbus package in Ubuntu
| 1 → 75 of 268 results | First • Previous • Next • Last |
| Published in oracular-release |
| Published in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
dbus (1.14.10-4ubuntu4) noble; urgency=high * No change rebuild against libglib2.0-0t64. -- Julian Andres Klode <email address hidden> Mon, 08 Apr 2024 16:38:11 +0200
Available diffs
- diff from 1.14.10-4ubuntu3 to 1.14.10-4ubuntu4 (322 bytes)
dbus (1.14.10-4ubuntu3) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 00:06:36 +0000
Available diffs
- diff from 1.14.10-4ubuntu2 to 1.14.10-4ubuntu3 (309 bytes)
dbus (1.14.10-4ubuntu2) noble; urgency=medium * No-change rebuild against libglib2.0-0t64 -- Steve Langasek <email address hidden> Fri, 08 Mar 2024 04:10:25 +0000
Available diffs
- diff from 1.14.10-4ubuntu1 to 1.14.10-4ubuntu2 (313 bytes)
dbus (1.14.10-4ubuntu1) noble; urgency=medium
[ Nishit Majithia ]
* Merge with Debian unstable. Remaining changes:
- Add ubuntu specific patches:
+ d/p/u/aa-get-connection-apparmor-security-context.patch
+ d/p/u/dont-stop-dbus.patch
- debian/dbus.postinst, debian/rules: Prevent dbus from being
restarted on upgrade
[ Olivier Gayot ]
* debian/changelog: Don't drop extra newlines from changelog
* Convert to dep3 headers
- d/p/u/aa-get-connection-apparmor-security-context.patch
- d/p/u/dont-stop-dbus.patch
* debian/rules: Add comment for Ubuntu about dh_install{init,systemd}
invocation
Available diffs
| Deleted in noble-updates (Reason: superseded by release) |
| Superseded in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
dbus (1.14.10-3ubuntu1) noble; urgency=medium * Merge with Debian unstable (LP: #2045668). Remaining changes: - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. (LP #1489489). - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit (LP #1438612) - Reworked to actually make dbus.service _and_ dbus.socket to not be part of the shutdown transaction. And yet make it possible to still stop/kill/restart dbus.service if one really wants to, because it is stuck and stopped responding to any commands. This allows allows to restart dbus.service with needrestart. However a finalrd hook might still be needed, to kill dbus-daemon for good, once we pivot off rootfs. - Reworked to avoid a deadlock during boot (LP #1936948) - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Prevent dbus from being restarted on upgrade (LP #1962036) * Drop dependency on usr-is-merged; this transition is long completed in Ubuntu.
Available diffs
| Superseded in noble-release |
| Published in mantic-release |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
dbus (1.14.10-1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2036180). Remaining changes: - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit (LP #1438612) - Reworked to actually make dbus.service _and_ dbus.socket to not be part of the shutdown transaction. And yet make it possible to still stop/kill/restart dbus.service if one really wants to, because it is stuck and stopped responding to any commands. This allows allows to restart dbus.service with needrestart. However a finalrd hook might still be needed, to kill dbus-daemon for good, once we pivot off rootfs. - Reworked to avoid a deadlock during boot (LP #1936948) - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Prevent dbus from being restarted on upgrade (LP #1962036) -- Olivier Gayot <email address hidden> Fri, 15 Sep 2023 11:42:11 +0200
Available diffs
dbus (1.14.8-2ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2027991). Remaining changes: - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit (LP: #1438612) - Reworked to actually make dbus.service _and_ dbus.socket to not be part of the shutdown transaction. And yet make it possible to still stop/kill/restart dbus.service if one really wants to, because it is stuck and stopped responding to any commands. This allows allows to restart dbus.service with needrestart. However a finalrd hook might still be needed, to kill dbus-daemon for good, once we pivot off rootfs. - Reworked to avoid a deadlock during boot (LP: #1936948) - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Prevent dbus from being restarted on upgrade (LP #1962036) * Removed unnecessary delta: - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore)
Available diffs
- diff from 1.14.6-1ubuntu1 to 1.14.8-2ubuntu1 (10.0 KiB)
dbus (1.14.6-1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2023301). Remaining changes: - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ dbus.socket to not be part of the shutdown transaction. And yet make it possible to still stop/kill/restart dbus.service if one really wants to, because it is stuck and stopped responding to any commands. This allows allows to restart dbus.service with needrestart. However a finalrd hook might still be needed, to kill dbus-daemon for good, once we pivot off rootfs. - Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot (LP #1936948) - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Prevent dbus from being restarted on upgrade (LP #1962036) - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore) * Removed obsoleted patches: - d/p/u/concrete-dbus-socket.patch: Add the "real" path used by the apparmor autopkgtest to the apparmor profile in the test [merged upstream in 1.14.6] - d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common packages to permit the resolver to use them to satisfy i386 dependencies [merged in debian in 1.14.6-1]
Available diffs
- diff from 1.14.4-1ubuntu1 to 1.14.6-1ubuntu1 (24.8 KiB)
| Superseded in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
dbus (1.14.4-1ubuntu1) lunar; urgency=medium * Merge from Debian unstable (LP: #1999258). Remaining changes: - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ dbus.socket to not be part of the shutdown transaction. And yet make it possible to still stop/kill/restart dbus.service if one really wants to, because it is stuck and stopped responding to any commands. This allows allows to restart dbus.service with needrestart. However a finalrd hook might still be needed, to kill dbus-daemon for good, once we pivot off rootfs. - Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Prevent dbus from being restarted on upgrade - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore) - d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common packages to permit the resolver to use them to satisfy i386 dependencies * Removed patches obsoleted/merged by upstream: - Make autopkgtests cross-test-friendly. - SECURITY UPDATE: Assertion failure in dbus-marshal-validate - debian/patches/CVE-2022-42010.patch: Check brackets in signature nest correctly - CVE-2022-42010 - SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate - debian/patches/CVE-2022-42011.patch: Validate length of arrays of fixed-length items - CVE-2022-42011 - SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap - debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed - CVE-2022-42012 * d/p/u/concrete-dbus-socket.patch: Add the "real" path used by the apparmor autopkgtest to the apparmor profile in the test -- Dave Jones <email address hidden> Fri, 09 Dec 2022 15:00:27 +0000
Available diffs
| Superseded in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to release.) |
| Superseded in lunar-proposed |
| Obsolete in kinetic-updates |
| Obsolete in kinetic-security |
dbus (1.14.0-2ubuntu3) kinetic; urgency=medium
* SECURITY UPDATE: Assertion failure in dbus-marshal-validate
- debian/patches/CVE-2022-42010.patch: Check brackets in signature nest
correctly
- CVE-2022-42010
* SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate
- debian/patches/CVE-2022-42011.patch: Validate length of arrays of
fixed-length items
- CVE-2022-42011
* SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap
- debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed
- CVE-2022-42012
-- Nishit Majithia <email address hidden> TUe, 25 Oct 2022 18:48:42 +0530
Available diffs
dbus (1.12.20-2ubuntu4.1) jammy-security; urgency=medium
* SECURITY UPDATE: Assertion failure in dbus-marshal-validate
- debian/patches/CVE-2022-42010.patch: Check brackets in signature nest
correctly
- CVE-2022-42010
* SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate
- debian/patches/CVE-2022-42011.patch: Validate length of arrays of
fixed-length items
- CVE-2022-42011
* SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap
- debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed
- CVE-2022-42012
-- Nishit Majithia <email address hidden> Tue, 25 Oct 2022 18:45:07 +0530
Available diffs
dbus (1.12.16-2ubuntu2.3) focal-security; urgency=medium
* SECURITY UPDATE: Assertion failure in dbus-marshal-validate
- debian/patches/CVE-2022-42010.patch: Check brackets in signature nest
correctly
- CVE-2022-42010
* SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate
- debian/patches/CVE-2022-42011.patch: Validate length of arrays of
fixed-length items
- CVE-2022-42011
* SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap
- debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed
- CVE-2022-42012
-- Nishit Majithia <email address hidden> Tue, 25 Oct 2022 18:39:26 +0530
Available diffs
dbus (1.12.2-1ubuntu1.4) bionic-security; urgency=medium
* SECURITY UPDATE: Assertion failure in dbus-marshal-validate
- debian/patches/CVE-2022-42010.patch: Check brackets in signature nest
correctly
- CVE-2022-42010
* SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate
- debian/patches/CVE-2022-42011.patch: Validate length of arrays of
fixed-length items
- CVE-2022-42011
* SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap
- debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed
- CVE-2022-42012
-- Nishit Majithia <email address hidden> Tue, 25 Oct 2022 18:33:19 +0530
Available diffs
| Superseded in lunar-release |
| Obsolete in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
dbus (1.14.0-2ubuntu2) kinetic; urgency=medium
* d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common
packages to permit the resolver to use them to satisfy i386 dependencies
-- Dave Jones <email address hidden> Tue, 30 Aug 2022 15:15:24 +0100
Available diffs
- diff from 1.12.20-2ubuntu4 to 1.14.0-2ubuntu2 (804.6 KiB)
- diff from 1.14.0-2ubuntu1 to 1.14.0-2ubuntu2 (528 bytes)
| Superseded in kinetic-proposed |
dbus (1.14.0-2ubuntu1) kinetic; urgency=medium * Merge from Debian unstable (LP: #1959211). Remaining changes: - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ dbus.socket to not be part of the shutdown transaction. And yet make it possible to still stop/kill/restart dbus.service if one really wants to, because it is stuck and stopped responding to any commands. This allows allows to restart dbus.service with needrestart. However a finalrd hook might still be needed, to kill dbus-daemon for good, once we pivot off rootfs. - Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot - Make autopkgtests cross-test-friendly. - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Prevent dbus from being restarted on upgrade - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore)
Available diffs
- diff from 1.12.20-2ubuntu4 to 1.14.0-2ubuntu1 (804.5 KiB)
dbus (1.12.2-1ubuntu1.3) bionic-security; urgency=medium
* SECURITY UPDATE: use-after-free when users share UID
- debian/patches/CVE-2020-35512.patch: apply
reference-counting to the user and group data structures
in dbus/dbus-userdb.h, dbus/dbus-sysdeps-unix.h,
dbus/dbus-userdb-util.c and dbus/dbus-userdb.c.
- CVE-2020-35512
-- David Fernandez Gonzalez <email address hidden> Fri, 06 May 2022 13:08:40 +0200
Available diffs
dbus (1.12.16-2ubuntu2.2) focal-security; urgency=medium
* SECURITY UPDATE: use-after-free when users share UID
- debian/patches/CVE-2020-35512.patch: apply
reference-counting to the user and group data structures
in dbus/dbus-userdb.h, dbus/dbus-sysdeps-unix.h,
dbus/dbus-userdb-util.c and dbus/dbus-userdb.c.
- CVE-2020-35512
-- David Fernandez Gonzalez <email address hidden> Fri, 29 Apr 2022 14:03:28 +0200
Available diffs
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
dbus (1.12.20-2ubuntu4) jammy; urgency=medium * Prevent dbus from being restarted on upgrade (LP: #1962036) -- Dave Jones <email address hidden> Fri, 01 Apr 2022 18:02:54 +0100
Available diffs
- diff from 1.12.20-2ubuntu3 to 1.12.20-2ubuntu4 (525 bytes)
dbus (1.12.20-2ubuntu3) jammy; urgency=medium * No-change rebuild to update maintainer scripts, see LP: 1959054 -- Dave Jones <email address hidden> Wed, 16 Feb 2022 16:50:50 +0000
Available diffs
- diff from 1.12.20-2ubuntu2 to 1.12.20-2ubuntu3 (367 bytes)
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
dbus (1.12.20-2ubuntu2) impish; urgency=medium
* Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot
(LP: #1936948)
-- Lukas Märdian <email address hidden> Thu, 09 Sep 2021 15:45:30 +0200
Available diffs
- diff from 1.12.20-2ubuntu1 to 1.12.20-2ubuntu2 (796 bytes)
dbus (1.12.20-2ubuntu1) impish; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit.
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
- Make autopkgtests cross-test-friendly.
- Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_
dbus.socket to not be part of the shutdown transaction. And yet make
it possible to still stop/kill/restart dbus.service if one really
wants to, because it is stuck and stopped responding to any
commands. This allows allows to restart dbus.service with
needrestart. However a finalrd hook might still be needed, to kill
dbus-daemon for good, once we pivot off rootfs.
Available diffs
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: moved to Release) |
dbus (1.12.20-1ubuntu3) hirsute; urgency=medium
* Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_
dbus.socket to not be part of the shutdown transaction. And yet make
it possible to still stop/kill/restart dbus.service if one really
wants to, because it is stuck and stopped responding to any
commands. This allows allows to restart dbus.service with
needrestart. However a finalrd hook might still be needed, to kill
dbus-daemon for good, once we pivot off rootfs.
-- Dimitri John Ledkov <email address hidden> Fri, 26 Feb 2021 19:43:15 +0000
Available diffs
| Superseded in hirsute-proposed |
dbus (1.12.20-1ubuntu2) hirsute; urgency=medium * No-change rebuild to drop the udeb package. -- Matthias Klose <email address hidden> Mon, 22 Feb 2021 10:30:40 +0100
Available diffs
- diff from 1.12.20-1ubuntu1 to 1.12.20-1ubuntu2 (340 bytes)
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
dbus (1.12.20-1ubuntu1) groovy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit.
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
- Make autopkgtests cross-test-friendly.
Available diffs
dbus (1.4.18-1ubuntu1.10) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: DoS via file descriptor leak
- debian/patches/CVE-2020-12049.patch: on MSG_CTRUNC, close the fds
we did receive in dbus/dbus-sysdeps-unix.c.
- CVE-2020-12049
-- <email address hidden> (Leonidas S. Barbosa) Mon, 15 Jun 2020 13:17:29 -0300
Available diffs
dbus (1.10.6-1ubuntu3.6) xenial-security; urgency=medium
* SECURITY UPDATE: DoS via file descriptor leak
- debian/patches/CVE-2020-12049-1.patch: on MSG_CTRUNC, close the fds
we did receive in dbus/dbus-sysdeps-unix.c.
- debian/patches/CVE-2020-12049-2.patch: assert that we don't leak file
descriptors in test/fdpass.c.
- CVE-2020-12049
-- Marc Deslauriers <email address hidden> Thu, 11 Jun 2020 14:26:07 -0400
Available diffs
dbus (1.12.2-1ubuntu1.2) bionic-security; urgency=medium
* SECURITY UPDATE: DoS via file descriptor leak
- debian/patches/CVE-2020-12049-1.patch: on MSG_CTRUNC, close the fds
we did receive in dbus/dbus-sysdeps-unix.c.
- debian/patches/CVE-2020-12049-2.patch: assert that we don't leak file
descriptors in test/fdpass.c.
- CVE-2020-12049
-- Marc Deslauriers <email address hidden> Thu, 11 Jun 2020 14:25:30 -0400
Available diffs
dbus (1.12.16-2ubuntu2.1) focal-security; urgency=medium
* SECURITY UPDATE: DoS via file descriptor leak
- debian/patches/CVE-2020-12049-1.patch: on MSG_CTRUNC, close the fds
we did receive in dbus/dbus-sysdeps-unix.c.
- debian/patches/CVE-2020-12049-2.patch: assert that we don't leak file
descriptors in test/fdpass.c.
- CVE-2020-12049
-- Marc Deslauriers <email address hidden> Thu, 11 Jun 2020 14:22:13 -0400
Available diffs
dbus (1.12.14-1ubuntu2.1) eoan-security; urgency=medium
* SECURITY UPDATE: DoS via file descriptor leak
- debian/patches/CVE-2020-12049-1.patch: on MSG_CTRUNC, close the fds
we did receive in dbus/dbus-sysdeps-unix.c.
- debian/patches/CVE-2020-12049-2.patch: assert that we don't leak file
descriptors in test/fdpass.c.
- CVE-2020-12049
-- Marc Deslauriers <email address hidden> Thu, 11 Jun 2020 14:24:33 -0400
Available diffs
dbus (1.12.18-1ubuntu1) groovy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit.
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
- Make autopkgtests cross-test-friendly.
Available diffs
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
dbus (1.12.16-2ubuntu2) focal; urgency=medium * Make autopkgtests cross-test-friendly. -- Steve Langasek <email address hidden> Fri, 06 Dec 2019 21:22:40 -0800
Available diffs
- diff from 1.12.16-2ubuntu1 to 1.12.16-2ubuntu2 (668 bytes)
dbus (1.12.16-2ubuntu1) focal; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit.
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
* Removed patches included in new version:
- d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch
- d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch
Available diffs
dbus (1.10.6-1ubuntu3.5) xenial; urgency=medium * Prevent logind from leaking session files (LP: #1846787). Fixed by upstream patches: - d/p/Only-read-one-message-at-a-time-if-there-are-fds-pen.patch - d/p/bus-Fix-timeout-restarts.patch - d/p/DBusMainLoop-ensure-all-required-timeouts-are-restar.patch -- Heitor Alves de Siqueira <email address hidden> Mon, 07 Oct 2019 08:29:04 -0300
Available diffs
| Superseded in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to release) |
dbus (1.12.14-1ubuntu2) eoan; urgency=medium
* SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
- d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
reject DBUS_COOKIE_SHA1 for users other than the server owner in
dbus/dbus-auth.c.
- d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
add basic test coverage for DBUS_COOKIE_SHA1 in
dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
test/data/auth/cookie-sha1-username.auth-script,
test/data/auth/cookie-sha1.auth-script.
- CVE-2019-12749
-- Marc Deslauriers <email address hidden> Tue, 11 Jun 2019 13:04:53 -0400
Available diffs
dbus (1.12.2-1ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
- d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
reject DBUS_COOKIE_SHA1 for users other than the server owner in
dbus/dbus-auth.c.
- d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
add basic test coverage for DBUS_COOKIE_SHA1 in
dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
test/data/auth/cookie-sha1-username.auth-script,
test/data/auth/cookie-sha1.auth-script.
- CVE-2019-12749
-- Marc Deslauriers <email address hidden> Mon, 10 Jun 2019 14:05:17 -0400
Available diffs
dbus (1.10.6-1ubuntu3.4) xenial-security; urgency=medium
* SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
- d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
reject DBUS_COOKIE_SHA1 for users other than the server owner in
dbus/dbus-auth.c.
- d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
add basic test coverage for DBUS_COOKIE_SHA1 in
dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
test/data/auth/cookie-sha1-username.auth-script,
test/data/auth/cookie-sha1.auth-script.
- CVE-2019-12749
-- Marc Deslauriers <email address hidden> Mon, 10 Jun 2019 14:06:01 -0400
dbus (1.12.12-1ubuntu1.1) disco-security; urgency=medium
* SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
- d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
reject DBUS_COOKIE_SHA1 for users other than the server owner in
dbus/dbus-auth.c.
- d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
add basic test coverage for DBUS_COOKIE_SHA1 in
dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
test/data/auth/cookie-sha1-username.auth-script,
test/data/auth/cookie-sha1.auth-script.
- CVE-2019-12749
-- Marc Deslauriers <email address hidden> Mon, 10 Jun 2019 12:57:09 -0400
Available diffs
dbus (1.12.10-1ubuntu2.1) cosmic-security; urgency=medium
* SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
- d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
reject DBUS_COOKIE_SHA1 for users other than the server owner in
dbus/dbus-auth.c.
- d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
add basic test coverage for DBUS_COOKIE_SHA1 in
dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
test/data/auth/cookie-sha1-username.auth-script,
test/data/auth/cookie-sha1.auth-script.
- CVE-2019-12749
-- Marc Deslauriers <email address hidden> Mon, 10 Jun 2019 13:01:15 -0400
Available diffs
dbus (1.12.14-1ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit.
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
Available diffs
| Superseded in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
dbus (1.12.12-1ubuntu1) disco; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
(see patch header and upstream bug for details). Fixes various
causes of shutdown hangs, particularly with remote file systems.
(LP: #1438612) (LP: #1540282)
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
* Dropped changes, superseded in Debian:
- debian/tests/root: don't set ulimit on containers, since the container
may be unprivileged and "root" may not be able to raise ulimits again.
Available diffs
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
dbus (1.12.10-1ubuntu2) cosmic; urgency=medium
* debian/tests/root: don't set ulimit on containers, since the container
may be unprivileged and "root" may not be able to raise ulimits again.
-- Steve Langasek <email address hidden> Thu, 06 Sep 2018 03:56:07 +0000
Available diffs
- diff from 1.12.2-1ubuntu1 to 1.12.10-1ubuntu2 (57.1 KiB)
- diff from 1.12.10-1ubuntu1 to 1.12.10-1ubuntu2 (693 bytes)
| Superseded in cosmic-proposed |
dbus (1.12.10-1ubuntu1) cosmic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
(see patch header and upstream bug for details). Fixes various
causes of shutdown hangs, particularly with remote file systems.
(LP: #1438612) (LP: #1540282)
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
* Dropped changes, no longer needed:
- Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until
after 18.04 LTS.
Available diffs
| Superseded in cosmic-release |
| Published in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
dbus (1.12.2-1ubuntu1) bionic; urgency=medium
* Sync with Debian. Remaining changes:
- Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until
after 18.04 LTS.
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
(see patch header and upstream bug for details). Fixes various
causes of shutdown hangs, particularly with remote file systems.
(LP: #1438612) (LP: #1540282)
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
Available diffs
dbus (1.12.0-1ubuntu1) bionic; urgency=medium
* Sync with Debian. Remaining changes:
- Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until
after 18.04 LTS.
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
(see patch header and upstream bug for details). Fixes various
causes of shutdown hangs, particularly with remote file systems.
(LP: #1438612) (LP: #1540282)
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
Available diffs
- diff from 1.10.22-1ubuntu1 to 1.12.0-1ubuntu1 (323.3 KiB)
| Superseded in bionic-release |
| Obsolete in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
dbus (1.10.22-1ubuntu1) artful; urgency=medium
* Merge with Debian but don't use "really" version number since we never
had the 1.11 version in Ubuntu. Remaining changes:
- Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until
after 18.04 LTS.
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
(see patch header and upstream bug for details). Fixes various
causes of shutdown hangs, particularly with remote file systems.
(LP: #1438612) (LP: #1540282)
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
Available diffs
dbus (1.10.18-1ubuntu2) artful; urgency=medium
* Restore accidentally dropped debian/rules modification
to not start D-Bus on package installation
Available diffs
- diff from 1.10.10-1ubuntu2 to 1.10.18-1ubuntu2 (31.4 KiB)
- diff from 1.10.18-1ubuntu1 to 1.10.18-1ubuntu2 (512 bytes)
| Superseded in artful-proposed |
dbus (1.10.18-1ubuntu1) artful; urgency=medium
* Sync with Debian. Remaining changes:
- Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until
after 18.04 LTS.
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
(see patch header and upstream bug for details). Fixes various
causes of shutdown hangs, particularly with remote file systems.
(LP: #1438612) (LP: #1540282)
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
* Dropped changes:
- make-uid-0-immune-to-timeout.patch: Applied in new release
- debian/dbus.user-session.upstart
Available diffs
dbus (1.10.6-1ubuntu3.3) xenial; urgency=medium
* debian/dbus.user-session.upstart:
- Temporarily revert latest changes as those seem to cause issues in the
unity8 session on touch (LP: #1654241).
-- Łukasz 'sil2100' Zemczak <email address hidden> Thu, 12 Jan 2017 19:01:21 +0100
Available diffs
| Deleted in yakkety-proposed (Reason: SRU abandoned (not verified for over 105 days)) |
dbus (1.10.10-1ubuntu1.2) yakkety; urgency=medium
* debian/patches/make-uid-0-immune-to-timeout.patch:
- Backport fix proposed by Simon McVittie upstream to workaround bug
LP: #1591411.
-- Łukasz 'sil2100' Zemczak <email address hidden> Fri, 25 Nov 2016 18:36:48 +0100
Available diffs
| Superseded in xenial-proposed |
dbus (1.10.6-1ubuntu3.2) xenial; urgency=medium
[ Iain Lane ]
* debian/dbus.user-session.upstart: Backport zesty's version - don't launch
a duplicate session bus if there already is one (dbus-user-session). (LP:
#1644323)
[ Łukasz 'sil2100' Zemczak ]
* debian/patches/make-uid-0-immune-to-timeout.patch:
- Backport fix proposed by Simon McVittie upstream to workaround bug
LP: #1591411.
-- Iain Lane <email address hidden> Wed, 30 Nov 2016 10:48:01 +0000
Available diffs
dbus (1.6.18-0ubuntu4.5) trusty; urgency=medium
* debian/patches/unrequested-reply-mediation.patch: Don't let unrequested
reply messages through and don't audit them. Unrequested reply messages
are error or method_return messages that are sent from D-Bus connection A
to D-Bus connection B that do not correspond to any message ever sent by
D-Bus connection B. They should be quietly dropped as there's no use for
them outside of malicious activity. Patch based on upstream patches.
(LP: #1641243)
-- Tyler Hicks <email address hidden> Wed, 30 Nov 2016 21:44:48 +0000
Available diffs
| Superseded in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
dbus (1.10.10-1ubuntu2) zesty; urgency=medium
* debian/patches/make-uid-0-immune-to-timeout.patch:
- Add a test patch proposed by Simon McVittie upstream to fix bug
LP: #1591411.
-- Łukasz 'sil2100' Zemczak <email address hidden> Tue, 11 Oct 2016 20:12:43 +0200
Available diffs
dbus (1.10.10-1ubuntu1.1) yakkety-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution or denial of service via
format string vulnerability (likely limited to uid 0 only)
- debian/patches/format_string.patch: do not use non-literal format
string in bus/activation.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Wed, 12 Oct 2016 08:29:20 -0400
Available diffs
dbus (1.10.6-1ubuntu3.1) xenial-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution or denial of service via
format string vulnerability (likely limited to uid 0 only)
- debian/patches/format_string.patch: do not use non-literal format
string in bus/activation.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Wed, 12 Oct 2016 08:33:00 -0400
Available diffs
dbus (1.4.18-1ubuntu1.8) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via ActivationFailure signal race
- debian/patches/CVE-2015-0245.patch: prevent forged ActivationFailure
from non-root processes in bus/system.conf.in.
- CVE-2015-0245
* SECURITY UPDATE: arbitrary code execution or denial of service via
format string vulnerability
- debian/patches/format_string.patch: do not use non-literal format
string in bus/activation.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Wed, 12 Oct 2016 08:37:07 -0400
Available diffs
dbus (1.6.18-0ubuntu4.4) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via ActivationFailure signal race
- debian/patches/CVE-2015-0245.patch: prevent forged ActivationFailure
from non-root processes in bus/system.conf.in.
- CVE-2015-0245
* SECURITY UPDATE: arbitrary code execution or denial of service via
format string vulnerability
- debian/patches/format_string.patch: do not use non-literal format
string in bus/activation.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Wed, 12 Oct 2016 08:33:44 -0400
Available diffs
| Superseded in zesty-release |
| Obsolete in yakkety-release |
| Deleted in yakkety-proposed (Reason: moved to release) |
dbus (1.10.10-1ubuntu1) yakkety; urgency=medium [ Jeremy Bicha ] * Merge with Debian (LP: #1622401), remaining changes: - Add debian/dbus.user-session.upstart. - debian, dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service unit (see patch header and upstream bug for details). Fixes various causes of shutdown hangs, particularly with remote file systems. (LP: #1438612) (LP: #1540282) - aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. * Dropped changes: - debian/dbus.preinst: divert the dbus-daemon-launch-helper if upgrading from < 1.9.4-2~. This will make sure we keep the setuid bit during upgrade. (LP: #1555237) - Drop system upstart job. [ Martin Pitt ] * Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until after 18.04 LTS.
Available diffs
- diff from 1.10.6-1ubuntu4 to 1.10.10-1ubuntu1 (235.2 KiB)
dbus (1.10.6-1ubuntu4) yakkety; urgency=medium
* debian/dbus.user-session.upstart:
- Don't start a new session bus if there already is one (e. g. via
dbus-user-session), as this would lead to different services talking to
different buses and thus not seeing each other. As we still need the
actual job itself running, run "sleep infinity" instead in this case.
- Drop "expect fork" and "--fork" argument. There is little point in the
daemon forking, upstart already manages it. This makes debugging easier
and also avoids having to fork "sleep" in the case that dbus-daemon is
already running.
- Drop "mkdir ~/.cache/upstart". This doesn't belong into a job, isn't
necessary (upstart already creates it on start) and would be too late
anyway.
-- Martin Pitt <email address hidden> Tue, 24 May 2016 21:25:46 +0200
Available diffs
| Superseded in yakkety-release |
| Published in xenial-release |
| Deleted in xenial-proposed (Reason: moved to release) |
dbus (1.10.6-1ubuntu3) xenial; urgency=medium
* debian/dbus.preinst: divert the dbus-daemon-launch-helper if upgrading
from < 1.9.4-2~. This will make sure we keep the setuid bit during upgrade.
(LP: #1555237)
* debian/dbus.postinst: remove diversion.
-- Mathieu Trudel-Lapierre <email address hidden> Thu, 31 Mar 2016 15:07:46 -0400
Available diffs
- diff from 1.10.6-1ubuntu2 to 1.10.6-1ubuntu3 (851 bytes)
dbus (1.10.6-1ubuntu2) xenial; urgency=medium
* dont-stop-dbus.patch: Disallow manual (re)starts, as we don't (want to)
stop D-Bus on shutdown. (LP: #1540282)
* debian/rules: Don't start D-Bus on package installation, as that doesn't
work any more with the above. Instead, start dbus.socket in postinst,
which will then start D-Bus on demand after package installation.
-- Martin Pitt <email address hidden> Thu, 11 Feb 2016 12:58:02 +0100
Available diffs
dbus (1.10.6-1ubuntu1) xenial; urgency=low
* Merge with Debian, remaining changes:
- Add upstart jobs; Upstart is still supported for the system init.
+ Add debian/dbus.upstart and dbus.user-session.upstart
- Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service
unit (see patch header and upstream bug for details). Fixes various
causes of shutdown hangs, particularly with remote file systems. (LP:
#1438612)
- aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
Available diffs
dbus (1.10.4-1ubuntu2) xenial; urgency=medium
* debian/patches/0001-uid-permissions-test-don-t-assert-that-root-can-Upda.patch:
Take patch from fd.o bug #119997 to resolve 'root' test failure - root can
no longer call UpdateActivationEnvironment. Check using BecomeMonitor that
root and messagebus are privileged.
-- Iain Lane <email address hidden> Mon, 23 Nov 2015 12:51:40 +0000
Available diffs
- diff from 1.10.0-1ubuntu1 to 1.10.4-1ubuntu2 (110.6 KiB)
- diff from 1.10.4-1ubuntu1 to 1.10.4-1ubuntu2 (2.2 KiB)
| Superseded in xenial-proposed |
dbus (1.10.4-1ubuntu1) xenial; urgency=low
* Merge with Debian, remaining changes:
- Add upstart jobs; Upstart is still supported for the system init.
+ Add debian/dbus.upstart and dbus.user-session.upstart
- Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service
unit (see patch header and upstream bug for details). Fixes various
causes of shutdown hangs, particularly with remote file systems. (LP:
#1438612)
- aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
* debian/rules, debian/dbus.install: Modify upstart session job installation
to use dh-exec instead of editing debian/rules
Available diffs
- diff from 1.10.0-1ubuntu1 to 1.10.4-1ubuntu1 (108.7 KiB)
| Superseded in xenial-release |
| Obsolete in wily-release |
| Deleted in wily-proposed (Reason: moved to release) |
dbus (1.10.0-1ubuntu1) wily; urgency=medium
* Merge with Debian, remaining changes:
- Add upstart jobs; Upstart is still supported for the system init.
+ Add debian/dbus.upstart and dbus.user-session.upstart
- Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service
unit (see patch header and upstream bug for details). Fixes various
causes of shutdown hangs, particularly with remote file systems. (LP:
#1438612)
- aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
Available diffs
dbus (1.9.20-1ubuntu2) wily; urgency=medium
* debian/dbus.postinst: Check if /run/dbus exists before writing to a file
there. If it doesn't then the system bus isn't running so we don't have
anything to restart anyway.
-- Iain Lane <email address hidden> Thu, 20 Aug 2015 11:09:58 +0100
Available diffs
- diff from 1.8.12-1ubuntu6 to 1.9.20-1ubuntu2 (481.6 KiB)
- diff from 1.9.20-1ubuntu1 to 1.9.20-1ubuntu2 (567 bytes)
| Superseded in wily-proposed |
dbus (1.9.20-1ubuntu1) wily; urgency=medium * Merge with Debian (LP: #1477086), remaining changes: - Add upstart jobs; Upstart is still supported for the system init. + Add debian/dbus.upstart and dbus.user-session.upstart - Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service unit (see patch header and upstream bug for details). Fixes various causes of shutdown hangs, particularly with remote file systems. (LP: #1438612) - aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. * Dropped changes: + 81-session.conf-timeout.patch; didn't ever do anything. (LP: #1479771) + 20_system_conf_limit.patch: Dropped. This was introduced due to problems with aptdaemon and large transactions. These problems seem to no longer exists, so we will try to run without an increased limit. + All other changes merged in Debian.
Available diffs
- diff from 1.8.12-1ubuntu6 to 1.9.20-1ubuntu1 (481.5 KiB)
dbus (1.8.12-1ubuntu6) wily; urgency=medium
* debian/dbus.triggers: Switch trigger to interest-noawait to make life
slightly easier on dpkg/apt while dependency unwinding (LP: #1485970)
-- Adam Conrad <email address hidden> Tue, 18 Aug 2015 12:37:46 -0600
Available diffs
- diff from 1.8.12-1ubuntu5 to 1.8.12-1ubuntu6 (500 bytes)
| Superseded in wily-release |
| Obsolete in vivid-release |
| Deleted in vivid-proposed (Reason: moved to release) |
dbus (1.8.12-1ubuntu5) vivid; urgency=medium
* Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service
unit (see patch header and upstream bug for details). Fixes various causes
of shutdown hangs, particularly with remote file systems. (LP: #1438612)
-- Martin Pitt <email address hidden> Tue, 31 Mar 2015 18:46:06 +0200
Available diffs
dbus (1.8.12-1ubuntu4) vivid; urgency=medium
* debian/patches/ensure-dbus-machine-id.patch:
- ensure that we have /var/lib/dbus/machine-id on user's system as some
third-parties application relies on that file. It will only copy
/etc/machine-id the file is not present already.
-- Didier Roche <email address hidden> Thu, 19 Mar 2015 15:19:02 +0100
Available diffs
dbus (1.8.12-1ubuntu3) vivid; urgency=medium
* Install dbus into /usr/. It's not actually needed during early boot,
and this deviates from upstream/Debian.
* Adjust dbus.postinst to be systemd & usptart compatible when
triggering reboot notification.
-- Dimitri John Ledkov <email address hidden> Tue, 03 Mar 2015 12:30:02 +0000
Available diffs
dbus (1.8.12-1ubuntu2) vivid; urgency=medium
* Refresh the patches related to AppArmor D-Bus mediation to reflect what
landed upstream in 1.9.12.
- 0001-New-a-sv-helper-for-using-byte-arrays-as-the-variant.patch,
0002-Add-LSM-agnostic-support-for-LinuxSecurityLabel-cred.patch,
0003-Add-regression-test-for-LinuxSecurityLabel-credentia.patch,
0004-Add-LinuxSecurityLabel-to-specification.patch: Add patches that
report the AppArmor confinement context in the bus driver's
GetConnectionCredentials method. A "LinuxSecurityLabel" key will be
present in the dictionary returned by the GetConnectionCredentials
method. The corresponding value will be the AppArmor confinement context
of the connection.
- 0001-Document-AppArmor-enforcement-in-the-dbus-daemon-man.patch,
0002-Add-apparmor-element-and-attributes-to-the-bus-confi.patch,
0003-Update-autoconf-file-to-build-against-libapparmor.patch,
0004-Add-apparmor-element-support-to-bus-config-parsing.patch,
0005-Initialize-AppArmor-mediation.patch,
0006-Store-AppArmor-label-of-bus-during-initialization.patch,
0007-Store-AppArmor-label-of-connecting-processes.patch,
0008-Mediation-of-processes-that-acquire-well-known-names.patch,
0009-Do-LSM-checks-after-determining-if-the-message-is-a-.patch,
0010-Mediation-of-processes-sending-and-receiving-message.patch,
0011-Mediation-of-processes-eavesdropping.patch: Replace the patches
with the version that were merged upstream. The upstream review process
revealed a number of bugs and useful cleanups that are addressed in the
new patches.
+ No longer audit denials of unrequested reply messages (LP: #1362469)
- aa-get-connection-apparmor-security-context.patch: Update patch to
include a bug fix, from Simon McVittie, for AppArmor labels that contain
non UTF-8 characters.
- 0012-apparmor-tighten-up-terminology-for-context-vs.-labe.patch,
0013-apparmor-Fix-build-failure-with-disable-apparmor.patch: New patches
that were merged upstream to clean up the AA mediation code and fix a
build failure
- 0012-New-a-sv-helper-for-using-byte-arrays-as-the-variant.patch: Drop
this patch. It became part of the "LinuxSecurityLabel" patch set and is
added back with a new file name.
0013-Add-AppArmor-support-to-GetConnectionCredentials.patch: Drop this
patch in favor of the "LinuxSecurityLabel" patch set. This means that
the AppArmorContext and AppArmorMode keys will not be present in the
dictionary returned by GetConnectionCredentials. Ubuntu shipped this
patch in 14.10 but, as far as I know, those keys were not used by any
applications in 14.10. Since this patch was not accepted upstream,
Ubuntu should drop it and new applications should begin using
"LinuxSecurityLabel".
-- Tyler Hicks <email address hidden> Thu, 19 Feb 2015 11:06:14 -0600
Available diffs
dbus (1.8.12-1ubuntu1) vivid; urgency=low
* Merge from Debian unstable. Remaining changes:
- Install binaries into / rather than /usr:
+ debian/rules: Set --exec-prefix=/
+ debian/dbus.install, debian/dbus-x11.install: Install from /bin
- Use upstart to start:
+ Add debian/dbus.upstart and dbus.user-session.upstart
+ debian/dbus.postinst: Use upstart call instead of invoking the init.d
script for checking if we are already running.
+ debian/control: versioned dependency on netbase that emits the new
deconfiguring-networking event used in upstart script.
- 20_system_conf_limit.patch: Increase max_match_rules_per_connection for
the system bus to 5000 (LP #454093)
- 81-session.conf-timeout.patch: Raise the service startup timeout from 25
to 60 seconds. It may be too short on the live CD with slow machines.
- debian/dbus.user-session.upstart, debian/rules: Communicate session bus
to Upstart Session Init to avoid potential out-of-memory scenario
triggered by Upstart clients that do not run main loops. Store the
session bus address in XDG_RUNTIME_DIR.
(LP: #1235649, LP: #1252317).
- debian/control, debian/rules: Build against libapparmor for AppArmor
D-Bus mediation
- debian/control: Use logind for session tracking, so that "at_console"
policies work with logind instead of ConsoleKit. Add "libpam-systemd"
recommends.
- debian/rules: Adjust dbus-send path to our changed install layout.
(LP: #1325364)
- debian/dbus-Xsession: Don't start a session bus if there already is
one, i. e. $DBUS_SESSION_BUS_ADDRESS is already set. (Closes: #681241)
- 0001-Document-AppArmor-enforcement-in-the-dbus-daemon-man.patch,
0002-Add-apparmor-element-and-attributes-to-the-bus-confi.patch,
0003-Update-autoconf-file-to-build-against-libapparmor.patch,
0004-Add-apparmor-element-support-to-bus-config-parsing.patch,
0005-Initialize-AppArmor-mediation.patch,
0006-Store-AppArmor-label-of-bus-during-initialization.patch,
0007-Store-AppArmor-label-of-connecting-processes.patch,
0008-Mediation-of-processes-that-acquire-well-known-names.patch,
0009-Do-LSM-checks-after-determining-if-the-message-is-a-.patch,
0010-Mediation-of-processes-sending-and-receiving-message.patch,
0011-Mediation-of-processes-eavesdropping.patch,
0012-New-a-sv-helper-for-using-byte-arrays-as-the-variant.patch,
0013-Add-AppArmor-support-to-GetConnectionCredentials.patch: Add the
latest set of AppArmor D-Bus mediation patches. This the v3 patch set
from the upstream feature inclusion bug.
- https://bugs.freedesktop.org/show_bug.cgi?id=75113
- aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
Available diffs
- diff from 1.8.8-2ubuntu2 to 1.8.12-1ubuntu1 (11.5 KiB)
dbus (1.8.8-2ubuntu2) vivid; urgency=medium
* SECURITY UPDATE: denial of service via large number of fds
- debian/patches/CVE-2014-7824.patch: raise rlimit and restore it for
activated services in bus/activation.c, bus/bus.*,
dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c,
dbus/dbus-sysdeps.h.
- debian/dbus.init: don't launch daemon as a user so the rlimit can be
raised.
- CVE-2014-7824
* SECURITY REGRESSION: authentication timeout on certain slower systems
- debian/patches/CVE-2014-3639-regression.patch: raise auth_timeout
back up to 30 secs in bus/config-parser.c, add a warning to
bus/connection.c.
- CVE-2014-3639
-- Marc Deslauriers <email address hidden> Tue, 25 Nov 2014 14:22:42 -0500
Available diffs
dbus (1.8.8-1ubuntu2.1) utopic-security; urgency=medium
* SECURITY UPDATE: denial of service via large number of fds
- debian/patches/CVE-2014-7824.patch: raise rlimit and restore it for
activated services in bus/activation.c, bus/bus.*,
dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c,
dbus/dbus-sysdeps.h.
- debian/dbus.init: don't launch daemon as a user so the rlimit can be
raised.
- CVE-2014-7824
* SECURITY REGRESSION: authentication timeout on certain slower systems
- debian/patches/CVE-2014-3639-regression.patch: raise auth_timeout
back up to 30 secs in bus/config-parser.c, add a warning to
bus/connection.c.
- CVE-2014-3639
-- Marc Deslauriers <email address hidden> Tue, 25 Nov 2014 14:34:31 -0500
Available diffs
dbus (1.4.18-1ubuntu1.7) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via large number of fds
- debian/patches/CVE-2014-7824.patch: raise rlimit and restore it for
activated services in bus/activation.c, bus/bus.*,
dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c,
dbus/dbus-sysdeps.h.
- debian/dbus.init: don't launch daemon as a user so the rlimit can be
raised.
- CVE-2014-7824
* SECURITY REGRESSION: authentication timeout on certain slower systems
- debian/patches/CVE-2014-3639-regression.patch: raise auth_timeout
back up to 30 secs in bus/config-parser.c, add a warning to
bus/connection.c.
- CVE-2014-3639
-- Marc Deslauriers <email address hidden> Tue, 25 Nov 2014 14:46:53 -0500
Available diffs
| 1 → 75 of 268 results | First • Previous • Next • Last |
