-
dbus (1.12.10-1ubuntu2.1) cosmic-security; urgency=medium
* SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
- d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
reject DBUS_COOKIE_SHA1 for users other than the server owner in
dbus/dbus-auth.c.
- d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
add basic test coverage for DBUS_COOKIE_SHA1 in
dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
test/data/auth/cookie-sha1-username.auth-script,
test/data/auth/cookie-sha1.auth-script.
- CVE-2019-12749
-- Marc Deslauriers <email address hidden> Mon, 10 Jun 2019 13:01:15 -0400
-
dbus (1.12.10-1ubuntu2) cosmic; urgency=medium
* debian/tests/root: don't set ulimit on containers, since the container
may be unprivileged and "root" may not be able to raise ulimits again.
-- Steve Langasek <email address hidden> Thu, 06 Sep 2018 03:56:07 +0000
-
dbus (1.12.10-1ubuntu1) cosmic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
(see patch header and upstream bug for details). Fixes various
causes of shutdown hangs, particularly with remote file systems.
(LP: #1438612) (LP: #1540282)
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
* Dropped changes, no longer needed:
- Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until
after 18.04 LTS.
dbus (1.12.10-1) unstable; urgency=medium
* New upstream release
- Drop patches that were applied upstream
* Standards-Version: 4.1.5 (no changes required)
* Don't run the build-time tests for the debug build in parallel.
Some of the tests added by the debug build start many processes,
and the debug build's tests have intermittently been timing out on
reproducible-builds infrastructure, possibly because these machines
run with a high "make -j" value and more than one multi-processing
test gets run at the same time.
dbus (1.12.8-3) unstable; urgency=medium
* d/rules: If tests fail, continue to run all tests before reporting
failure
* d/rules: On success or failure, output all test logs for comparison
(in particular this lets us see how close we are to arbitrary
timeouts on slower architectures)
* d/p/debian/tests-Multiply-timeouts-by-20-on-riscv64.patch:
Compensate for the riscv64 port being bootstrapped on
qemu-system-riscv64 by multiplying arbitrary timeouts by 20
(Closes: #897607)
* d/rules: Use nss_wrapper to ensure that 127.0.0.1 and localhost
can be resolved successfully, fixing build-time tests in pbuilder
with the network namespace unshared (see #897662)
* d/rules: Make sure the X11 DISPLAY (if any) doesn't leak into the
test environment, fixing build-time tests if /tmp is unshared
* d/p/sysdeps-unix-Handle-errors-from-getaddrinfo-correctly.patch:
Add patch from upstream dbus-1.12 branch to fix getaddrinfo error
reporting for tcp: and nonce-tcp: transports
* d/p/server-oom-test-Parse-the-address-instead-of-going-direct.patch,
d/p/test-Test-the-same-things-with-unix-that-we-do-with-tcp.patch,
d/p/server-oom-test-Don-t-assume-localhost-is-resolvable.patch,
test-Skip-TCP-tests-if-getaddrinfo-doesn-t-work.patch:
Add patches from upstream dbus-1.12 branch to improve test robustness
and coverage when getaddrinfo doesn't work
dbus (1.12.8-2) unstable; urgency=medium
* Remove debian/dbus-tests.shlibs.local. It was useful before 1.11.10-2
to make dbus-tests depend on the debug build in dbus-1-dbg, but now
that the debug build is itself in dbus-tests, making dbus-tests
depend on itself is not useful. It also suppressed the generated
dependency on libdbus-1-3 (= ${binary:Version}), causing autopkgtest
failures when only dbus-tests was upgraded.
dbus (1.12.8-1) unstable; urgency=medium
* New upstream stable release
* Standards-Version: 4.1.4 (no changes required)
* tests: Use AUTOPKGTEST_TMP in preference to deprecated ADTTMP
* tests: Make sure $HOME is set to somewhere we can write (workaround for
#897170)
* Build ducktype documentation, unless building with nodoc
- Build-depend on ducktype and yelp-tools
dbus (1.12.6-2) unstable; urgency=medium
* New upstream stable release 1.12.6
* d/tests/root: Re-run test-dbus-daemon as root, since it now contains
tests that are skipped as non-root
* There was no 1.12.6-1 due to a mistake with `git tag`
dbus (1.12.4-1) unstable; urgency=medium
* New upstream stable release 1.12.4
- d/copyright: Update
* Standards-Version: 4.1.3 (no changes required)
* Use debhelper compat level 11
- Build-depend on debhelper 11.1~ for #885998 to be fixed
* Rely on dh_installman's compat level 11 behaviour instead of
installing man pages by hand. This reduces the amount of dh-exec
use needed.
* Adapt Vcs-* for migration to salsa.debian.org Gitlab
-- Steve Langasek <email address hidden> Fri, 31 Aug 2018 10:29:17 -0700
-
dbus (1.12.2-1ubuntu1) bionic; urgency=medium
* Sync with Debian. Remaining changes:
- Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until
after 18.04 LTS.
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
(see patch header and upstream bug for details). Fixes various
causes of shutdown hangs, particularly with remote file systems.
(LP: #1438612) (LP: #1540282)
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
dbus (1.12.2-1) unstable; urgency=low
* New upstream release 1.12.2
* Remove unused Lintian override now that #736360 has been fixed
* d/p/debian/Don-t-abort-on-fatal-warnings-by-default.patch:
Remove patch. This was committed not long after the addition of the
fatal-by-default _dbus_warn_check_failed() checks for programming
errors, with the changelog message "This will be set to upstream
default again at some point so if you have an application that
prints a DBus warning get it fixed".
The patch made Debian and its derivatives a little more robust
against implementation errors in projects that use libdbus, but at
the cost that upstream developers of those projects don't notice
implementation errors (that would be crashes on most OSs) if they
happen to be developing on Debian or Ubuntu. 11 years later, let's
consider "some point" to have arrived.
* Set migration urgency to low in case that breaks things.
-- Jeremy Bicha <email address hidden> Wed, 15 Nov 2017 17:22:22 -0500