-
dbus (1.12.12-1ubuntu1.1) disco-security; urgency=medium
* SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
- d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
reject DBUS_COOKIE_SHA1 for users other than the server owner in
dbus/dbus-auth.c.
- d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
add basic test coverage for DBUS_COOKIE_SHA1 in
dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
test/data/auth/cookie-sha1-username.auth-script,
test/data/auth/cookie-sha1.auth-script.
- CVE-2019-12749
-- Marc Deslauriers <email address hidden> Mon, 10 Jun 2019 12:57:09 -0400
-
dbus (1.12.12-1ubuntu1) disco; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
(see patch header and upstream bug for details). Fixes various
causes of shutdown hangs, particularly with remote file systems.
(LP: #1438612) (LP: #1540282)
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
* Dropped changes, superseded in Debian:
- debian/tests/root: don't set ulimit on containers, since the container
may be unprivileged and "root" may not be able to raise ulimits again.
dbus (1.12.12-1) unstable; urgency=medium
[ Ritesh Raj Sarraf ]
* Explicitly set session and test socket directory to /tmp, instead
of using a (possibly non-standard) TMPDIR
[ Simon McVittie ]
* New upstream stable release
* d/tests/build: Mark as superficial (see #904979)
* d/tests/build: Comment why we don't test or support static linking
here (it's because libsystemd doesn't)
* Standards-Version: 4.2.1 (no changes required)
* d/p/dbus-daemon-test-Don-t-test-fd-limits-if-in-an-unprivileg.patch:
Add proposed patch to skip fd limit tests if we are uid 0 but do not
have CAP_SYS_RESOURCE (Closes: #908092)
* dbus: Drop dependency on lsb-base. It is only needed when booting
with sysvinit and initscripts, but initscripts already Depends on
lsb-base (see #864999).
* dbus: Add Provides: dbus-system-bus and Provides: dbus-bin.
This provides a way to split the package in a later Debian version
or in derivatives. dbus-system-bus represents the well-known system
bus facility (/lib/systemd/system/dbus.service and /etc/init.d/dbus),
while dbus-bin represents the availability of executables like
dbus-daemon and dbus-send.
* d/tests/system-bus: Add a smoke-test for the system bus
-- Steve Langasek <email address hidden> Thu, 31 Jan 2019 17:47:44 -0800
-
dbus (1.12.10-1ubuntu2) cosmic; urgency=medium
* debian/tests/root: don't set ulimit on containers, since the container
may be unprivileged and "root" may not be able to raise ulimits again.
-- Steve Langasek <email address hidden> Thu, 06 Sep 2018 03:56:07 +0000
