diff -pruN 1.10.6-1/debian/changelog 1.10.6-1ubuntu4/debian/changelog --- 1.10.6-1/debian/changelog 2015-12-01 19:15:55.000000000 +0000 +++ 1.10.6-1ubuntu4/debian/changelog 2016-05-24 19:25:50.000000000 +0000 @@ -1,3 +1,58 @@ +dbus (1.10.6-1ubuntu4) yakkety; urgency=medium + + * debian/dbus.user-session.upstart: + - Don't start a new session bus if there already is one (e. g. via + dbus-user-session), as this would lead to different services talking to + different buses and thus not seeing each other. As we still need the + actual job itself running, run "sleep infinity" instead in this case. + - Drop "expect fork" and "--fork" argument. There is little point in the + daemon forking, upstart already manages it. This makes debugging easier + and also avoids having to fork "sleep" in the case that dbus-daemon is + already running. + - Drop "mkdir ~/.cache/upstart". This doesn't belong into a job, isn't + necessary (upstart already creates it on start) and would be too late + anyway. + + -- Martin Pitt Tue, 24 May 2016 21:25:46 +0200 + +dbus (1.10.6-1ubuntu3) xenial; urgency=medium + + * debian/dbus.preinst: divert the dbus-daemon-launch-helper if upgrading + from < 1.9.4-2~. This will make sure we keep the setuid bit during upgrade. + (LP: #1555237) + * debian/dbus.postinst: remove diversion. + + -- Mathieu Trudel-Lapierre Thu, 31 Mar 2016 15:07:46 -0400 + +dbus (1.10.6-1ubuntu2) xenial; urgency=medium + + * dont-stop-dbus.patch: Disallow manual (re)starts, as we don't (want to) + stop D-Bus on shutdown. (LP: #1540282) + * debian/rules: Don't start D-Bus on package installation, as that doesn't + work any more with the above. Instead, start dbus.socket in postinst, + which will then start D-Bus on demand after package installation. + + -- Martin Pitt Thu, 11 Feb 2016 12:58:02 +0100 + +dbus (1.10.6-1ubuntu1) xenial; urgency=low + + * Merge with Debian, remaining changes: + - Add upstart jobs; Upstart is still supported for the system init. + + Add debian/dbus.upstart and dbus.user-session.upstart + - Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service + unit (see patch header and upstream bug for details). Fixes various + causes of shutdown hangs, particularly with remote file systems. (LP: + #1438612) + - aa-get-connection-apparmor-security-context.patch: This is not + intended for upstream inclusion. It implements a bus method + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor + security context but upstream D-Bus has recently added a generic way of + getting a connection's security credentials (GetConnectionCredentials). + Ubuntu should carry this patch until packages in the archive are moved + over to the new, generic method of getting a connection's credentials. + + -- Iain Lane Thu, 03 Dec 2015 16:19:34 +0000 + dbus (1.10.6-1) unstable; urgency=medium * New upstream stable release 1.10.6 @@ -11,6 +66,36 @@ dbus (1.10.6-1) unstable; urgency=medium -- Simon McVittie Tue, 01 Dec 2015 19:15:47 +0000 +dbus (1.10.4-1ubuntu2) xenial; urgency=medium + + * debian/patches/0001-uid-permissions-test-don-t-assert-that-root-can-Upda.patch: + Take patch from fd.o bug #119997 to resolve 'root' test failure - root can + no longer call UpdateActivationEnvironment. Check using BecomeMonitor that + root and messagebus are privileged. + + -- Iain Lane Mon, 23 Nov 2015 12:51:40 +0000 + +dbus (1.10.4-1ubuntu1) xenial; urgency=low + + * Merge with Debian, remaining changes: + - Add upstart jobs; Upstart is still supported for the system init. + + Add debian/dbus.upstart and dbus.user-session.upstart + - Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service + unit (see patch header and upstream bug for details). Fixes various + causes of shutdown hangs, particularly with remote file systems. (LP: + #1438612) + - aa-get-connection-apparmor-security-context.patch: This is not + intended for upstream inclusion. It implements a bus method + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor + security context but upstream D-Bus has recently added a generic way of + getting a connection's security credentials (GetConnectionCredentials). + Ubuntu should carry this patch until packages in the archive are moved + over to the new, generic method of getting a connection's credentials. + * debian/rules, debian/dbus.install: Modify upstart session job installation + to use dh-exec instead of editing debian/rules + + -- Iain Lane Thu, 19 Nov 2015 12:19:17 +0000 + dbus (1.10.4-1) unstable; urgency=medium * New upstream stable release 1.10.4 @@ -73,6 +158,25 @@ dbus (1.10.0-2) unstable; urgency=medium -- Simon McVittie Fri, 11 Sep 2015 11:39:54 +0100 +dbus (1.10.0-1ubuntu1) wily; urgency=medium + + * Merge with Debian, remaining changes: + - Add upstart jobs; Upstart is still supported for the system init. + + Add debian/dbus.upstart and dbus.user-session.upstart + - Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service + unit (see patch header and upstream bug for details). Fixes various + causes of shutdown hangs, particularly with remote file systems. (LP: + #1438612) + - aa-get-connection-apparmor-security-context.patch: This is not + intended for upstream inclusion. It implements a bus method + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor + security context but upstream D-Bus has recently added a generic way of + getting a connection's security credentials (GetConnectionCredentials). + Ubuntu should carry this patch until packages in the archive are moved + over to the new, generic method of getting a connection's credentials. + + -- Iain Lane Tue, 01 Sep 2015 17:35:32 +0100 + dbus (1.10.0-1) experimental; urgency=medium [ Iain Lane ] @@ -87,6 +191,39 @@ dbus (1.10.0-1) experimental; urgency=me -- Simon McVittie Tue, 25 Aug 2015 17:12:46 +0100 +dbus (1.9.20-1ubuntu2) wily; urgency=medium + + * debian/dbus.postinst: Check if /run/dbus exists before writing to a file + there. If it doesn't then the system bus isn't running so we don't have + anything to restart anyway. + + -- Iain Lane Thu, 20 Aug 2015 11:09:58 +0100 + +dbus (1.9.20-1ubuntu1) wily; urgency=medium + + * Merge with Debian (LP: #1477086), remaining changes: + - Add upstart jobs; Upstart is still supported for the system init. + + Add debian/dbus.upstart and dbus.user-session.upstart + - Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service + unit (see patch header and upstream bug for details). Fixes various + causes of shutdown hangs, particularly with remote file systems. (LP: + #1438612) + - aa-get-connection-apparmor-security-context.patch: This is not + intended for upstream inclusion. It implements a bus method + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor + security context but upstream D-Bus has recently added a generic way of + getting a connection's security credentials (GetConnectionCredentials). + Ubuntu should carry this patch until packages in the archive are moved + over to the new, generic method of getting a connection's credentials. + * Dropped changes: + + 81-session.conf-timeout.patch; didn't ever do anything. (LP: #1479771) + + 20_system_conf_limit.patch: Dropped. This was introduced due to problems + with aptdaemon and large transactions. These problems seem to no longer + exists, so we will try to run without an increased limit. + + All other changes merged in Debian. + + -- Iain Lane Wed, 19 Aug 2015 17:11:04 +0100 + dbus (1.9.20-1) experimental; urgency=medium * New upstream release (release candidate for 1.10) @@ -352,6 +489,137 @@ dbus (1.8.12-2) unstable; urgency=medium -- Simon McVittie Sun, 21 Dec 2014 15:02:22 +0000 +dbus (1.8.12-1ubuntu5) vivid; urgency=medium + + * Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service + unit (see patch header and upstream bug for details). Fixes various causes + of shutdown hangs, particularly with remote file systems. (LP: #1438612) + + -- Martin Pitt Tue, 31 Mar 2015 18:46:06 +0200 + +dbus (1.8.12-1ubuntu4) vivid; urgency=medium + + * debian/patches/ensure-dbus-machine-id.patch: + - ensure that we have /var/lib/dbus/machine-id on user's system as some + third-parties application relies on that file. It will only copy + /etc/machine-id the file is not present already. + + -- Didier Roche Thu, 19 Mar 2015 15:19:02 +0100 + +dbus (1.8.12-1ubuntu3) vivid; urgency=medium + + * Install dbus into /usr/. It's not actually needed during early boot, + and this deviates from upstream/Debian. + * Adjust dbus.postinst to be systemd & usptart compatible when + triggering reboot notification. + + -- Dimitri John Ledkov Tue, 03 Mar 2015 12:30:02 +0000 + +dbus (1.8.12-1ubuntu2) vivid; urgency=medium + + * Refresh the patches related to AppArmor D-Bus mediation to reflect what + landed upstream in 1.9.12. + - 0001-New-a-sv-helper-for-using-byte-arrays-as-the-variant.patch, + 0002-Add-LSM-agnostic-support-for-LinuxSecurityLabel-cred.patch, + 0003-Add-regression-test-for-LinuxSecurityLabel-credentia.patch, + 0004-Add-LinuxSecurityLabel-to-specification.patch: Add patches that + report the AppArmor confinement context in the bus driver's + GetConnectionCredentials method. A "LinuxSecurityLabel" key will be + present in the dictionary returned by the GetConnectionCredentials + method. The corresponding value will be the AppArmor confinement context + of the connection. + - 0001-Document-AppArmor-enforcement-in-the-dbus-daemon-man.patch, + 0002-Add-apparmor-element-and-attributes-to-the-bus-confi.patch, + 0003-Update-autoconf-file-to-build-against-libapparmor.patch, + 0004-Add-apparmor-element-support-to-bus-config-parsing.patch, + 0005-Initialize-AppArmor-mediation.patch, + 0006-Store-AppArmor-label-of-bus-during-initialization.patch, + 0007-Store-AppArmor-label-of-connecting-processes.patch, + 0008-Mediation-of-processes-that-acquire-well-known-names.patch, + 0009-Do-LSM-checks-after-determining-if-the-message-is-a-.patch, + 0010-Mediation-of-processes-sending-and-receiving-message.patch, + 0011-Mediation-of-processes-eavesdropping.patch: Replace the patches + with the version that were merged upstream. The upstream review process + revealed a number of bugs and useful cleanups that are addressed in the + new patches. + + No longer audit denials of unrequested reply messages (LP: #1362469) + - aa-get-connection-apparmor-security-context.patch: Update patch to + include a bug fix, from Simon McVittie, for AppArmor labels that contain + non UTF-8 characters. + - 0012-apparmor-tighten-up-terminology-for-context-vs.-labe.patch, + 0013-apparmor-Fix-build-failure-with-disable-apparmor.patch: New patches + that were merged upstream to clean up the AA mediation code and fix a + build failure + - 0012-New-a-sv-helper-for-using-byte-arrays-as-the-variant.patch: Drop + this patch. It became part of the "LinuxSecurityLabel" patch set and is + added back with a new file name. + 0013-Add-AppArmor-support-to-GetConnectionCredentials.patch: Drop this + patch in favor of the "LinuxSecurityLabel" patch set. This means that + the AppArmorContext and AppArmorMode keys will not be present in the + dictionary returned by GetConnectionCredentials. Ubuntu shipped this + patch in 14.10 but, as far as I know, those keys were not used by any + applications in 14.10. Since this patch was not accepted upstream, + Ubuntu should drop it and new applications should begin using + "LinuxSecurityLabel". + + -- Tyler Hicks Thu, 19 Feb 2015 11:06:14 -0600 + +dbus (1.8.12-1ubuntu1) vivid; urgency=low + + * Merge from Debian unstable. Remaining changes: + - Install binaries into / rather than /usr: + + debian/rules: Set --exec-prefix=/ + + debian/dbus.install, debian/dbus-x11.install: Install from /bin + - Use upstart to start: + + Add debian/dbus.upstart and dbus.user-session.upstart + + debian/dbus.postinst: Use upstart call instead of invoking the init.d + script for checking if we are already running. + + debian/control: versioned dependency on netbase that emits the new + deconfiguring-networking event used in upstart script. + - 20_system_conf_limit.patch: Increase max_match_rules_per_connection for + the system bus to 5000 (LP #454093) + - 81-session.conf-timeout.patch: Raise the service startup timeout from 25 + to 60 seconds. It may be too short on the live CD with slow machines. + - debian/dbus.user-session.upstart, debian/rules: Communicate session bus + to Upstart Session Init to avoid potential out-of-memory scenario + triggered by Upstart clients that do not run main loops. Store the + session bus address in XDG_RUNTIME_DIR. + (LP: #1235649, LP: #1252317). + - debian/control, debian/rules: Build against libapparmor for AppArmor + D-Bus mediation + - debian/control: Use logind for session tracking, so that "at_console" + policies work with logind instead of ConsoleKit. Add "libpam-systemd" + recommends. + - debian/rules: Adjust dbus-send path to our changed install layout. + (LP: #1325364) + - debian/dbus-Xsession: Don't start a session bus if there already is + one, i. e. $DBUS_SESSION_BUS_ADDRESS is already set. (Closes: #681241) + - 0001-Document-AppArmor-enforcement-in-the-dbus-daemon-man.patch, + 0002-Add-apparmor-element-and-attributes-to-the-bus-confi.patch, + 0003-Update-autoconf-file-to-build-against-libapparmor.patch, + 0004-Add-apparmor-element-support-to-bus-config-parsing.patch, + 0005-Initialize-AppArmor-mediation.patch, + 0006-Store-AppArmor-label-of-bus-during-initialization.patch, + 0007-Store-AppArmor-label-of-connecting-processes.patch, + 0008-Mediation-of-processes-that-acquire-well-known-names.patch, + 0009-Do-LSM-checks-after-determining-if-the-message-is-a-.patch, + 0010-Mediation-of-processes-sending-and-receiving-message.patch, + 0011-Mediation-of-processes-eavesdropping.patch, + 0012-New-a-sv-helper-for-using-byte-arrays-as-the-variant.patch, + 0013-Add-AppArmor-support-to-GetConnectionCredentials.patch: Add the + latest set of AppArmor D-Bus mediation patches. This the v3 patch set + from the upstream feature inclusion bug. + - https://bugs.freedesktop.org/show_bug.cgi?id=75113 + - aa-get-connection-apparmor-security-context.patch: This is not + intended for upstream inclusion. It implements a bus method + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor + security context but upstream D-Bus has recently added a generic way of + getting a connection's security credentials (GetConnectionCredentials). + Ubuntu should carry this patch until packages in the archive are moved + over to the new, generic method of getting a connection's credentials. + + -- Iain Lane Fri, 12 Dec 2014 18:04:56 +0000 + dbus (1.8.12-1) unstable; urgency=medium * New upstream release 1.8.12 @@ -427,6 +695,174 @@ dbus (1.9.0-1) experimental; urgency=med -- Simon McVittie Wed, 01 Oct 2014 21:44:11 +0100 +dbus (1.8.10-1) unstable; urgency=medium + + * New upstream release 1.8.10 + - raise dbus-daemon's file descriptor limit to 65536 to avoid an + opportunity for denial of service + (CVE-2014-7824, an incomplete fix for CVE-2014-3636) + * Start 'dbus-daemon --system' as root under sysvinit (it already + starts as root under systemd), so it can increase its file + descriptor limit + + -- Simon McVittie Thu, 06 Nov 2014 16:28:22 +0000 + +dbus (1.8.8-2ubuntu2) vivid; urgency=medium + + * SECURITY UPDATE: denial of service via large number of fds + - debian/patches/CVE-2014-7824.patch: raise rlimit and restore it for + activated services in bus/activation.c, bus/bus.*, + dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c, + dbus/dbus-sysdeps.h. + - debian/dbus.init: don't launch daemon as a user so the rlimit can be + raised. + - CVE-2014-7824 + * SECURITY REGRESSION: authentication timeout on certain slower systems + - debian/patches/CVE-2014-3639-regression.patch: raise auth_timeout + back up to 30 secs in bus/config-parser.c, add a warning to + bus/connection.c. + - CVE-2014-3639 + + -- Marc Deslauriers Tue, 25 Nov 2014 14:22:42 -0500 + +dbus (1.8.8-2ubuntu1) vivid; urgency=low + + * Merge from Debian unstable. Remaining changes: + - Install binaries into / rather than /usr: + + debian/rules: Set --exec-prefix=/ + + debian/dbus.install, debian/dbus-x11.install: Install from /bin + - Use upstart to start: + + Add debian/dbus.upstart and dbus.user-session.upstart + + debian/dbus.postinst: Use upstart call instead of invoking the init.d + script for checking if we are already running. + + debian/control: versioned dependency on netbase that emits the new + deconfiguring-networking event used in upstart script. + - 20_system_conf_limit.patch: Increase max_match_rules_per_connection for + the system bus to 5000 (LP #454093) + - 81-session.conf-timeout.patch: Raise the service startup timeout from 25 + to 60 seconds. It may be too short on the live CD with slow machines. + - debian/dbus.user-session.upstart, debian/rules: Communicate session bus + to Upstart Session Init to avoid potential out-of-memory scenario + triggered by Upstart clients that do not run main loops + (LP: #1235649, LP: #1252317). + - debian/control, debian/rules: Build against libapparmor for AppArmor + D-Bus mediation + - debian/control: Use logind for session tracking, so that "at_console" + policies work with logind instead of ConsoleKit. Add "libpam-systemd" + recommends. + - debian/rules: Adjust dbus-send path to our changed install layout. + (LP: #1325364) + - debian/dbus-Xsession: Don't start a session bus if there already is + one, i. e. $DBUS_SESSION_BUS_ADDRESS is already set. (Closes: #681241) + - 0001-Document-AppArmor-enforcement-in-the-dbus-daemon-man.patch, + 0002-Add-apparmor-element-and-attributes-to-the-bus-confi.patch, + 0003-Update-autoconf-file-to-build-against-libapparmor.patch, + 0004-Add-apparmor-element-support-to-bus-config-parsing.patch, + 0005-Initialize-AppArmor-mediation.patch, + 0006-Store-AppArmor-label-of-bus-during-initialization.patch, + 0007-Store-AppArmor-label-of-connecting-processes.patch, + 0008-Mediation-of-processes-that-acquire-well-known-names.patch, + 0009-Do-LSM-checks-after-determining-if-the-message-is-a-.patch, + 0010-Mediation-of-processes-sending-and-receiving-message.patch, + 0011-Mediation-of-processes-eavesdropping.patch, + 0012-New-a-sv-helper-for-using-byte-arrays-as-the-variant.patch, + 0013-Add-AppArmor-support-to-GetConnectionCredentials.patch: Add the + latest set of AppArmor D-Bus mediation patches. This the v3 patch set + from the upstream feature inclusion bug. + - https://bugs.freedesktop.org/show_bug.cgi?id=75113 + - aa-get-connection-apparmor-security-context.patch: This is not + intended for upstream inclusion. It implements a bus method + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor + security context but upstream D-Bus has recently added a generic way of + getting a connection's security credentials (GetConnectionCredentials). + Ubuntu should carry this patch until packages in the archive are moved + over to the new, generic method of getting a connection's credentials. + - write to $XDG_RUNTIME_DIR instead of the users home when creating the + dbus-session file, so we can start our session even with 100% filled or + readonly home dir (LP: #1316978) + + -- Michael Vogt Mon, 27 Oct 2014 09:39:05 +0100 + +dbus (1.8.8-2) unstable; urgency=medium + + [ Michael Biebl ] + * Build against libsystemd-dev. In systemd v209 the various libraries were + merged into a single libsystemd library. + + [ Simon McVittie ] + * debian/dbus.bug-control: when people report bugs against dbus, + also report the status of systemd and systemd-sysv (because + those alter how system service activation works), and dbus-x11 + (because that's responsible for normal session bus setup) + * Remove Build-Profiles control field until the syntax settles down + (Closes: #764222) + * Use --with-valgrind=auto (supported since 1.7.6) for the debug build + + -- Simon McVittie Mon, 06 Oct 2014 19:17:04 +0100 + +dbus (1.8.8-1ubuntu2) utopic; urgency=medium + + * write to $XDG_RUNTIME_DIR instead of the users home when creating the + dbus-session file, so we can start our session even with 100% filled or + readonly home dir (LP: #1316978) + + -- Oliver Grawert Fri, 26 Sep 2014 15:07:05 +0200 + +dbus (1.8.8-1ubuntu1) utopic; urgency=medium + + * Resynchronize on Debian. Remaining Ubuntu changes: + - Install binaries into / rather than /usr: + + debian/rules: Set --exec-prefix=/ + + debian/dbus.install, debian/dbus-x11.install: Install from /bin + - Use upstart to start: + + Add debian/dbus.upstart and dbus.user-session.upstart + + debian/dbus.postinst: Use upstart call instead of invoking the init.d + script for checking if we are already running. + + debian/control: versioned dependency on netbase that emits the new + deconfiguring-networking event used in upstart script. + - 20_system_conf_limit.patch: Increase max_match_rules_per_connection for + the system bus to 5000 (LP #454093) + - 81-session.conf-timeout.patch: Raise the service startup timeout from 25 + to 60 seconds. It may be too short on the live CD with slow machines. + - debian/dbus.user-session.upstart, debian/rules: Communicate session bus + to Upstart Session Init to avoid potential out-of-memory scenario + triggered by Upstart clients that do not run main loops + (LP: #1235649, LP: #1252317). + - debian/control, debian/rules: Build against libapparmor for AppArmor + D-Bus mediation + - debian/control: Use logind for session tracking, so that "at_console" + policies work with logind instead of ConsoleKit. Add "libpam-systemd" + recommends. + - debian/rules: Adjust dbus-send path to our changed install layout. + (LP: #1325364) + - debian/dbus-Xsession: Don't start a session bus if there already is + one, i. e. $DBUS_SESSION_BUS_ADDRESS is already set. (Closes: #681241) + - 0001-Document-AppArmor-enforcement-in-the-dbus-daemon-man.patch, + 0002-Add-apparmor-element-and-attributes-to-the-bus-confi.patch, + 0003-Update-autoconf-file-to-build-against-libapparmor.patch, + 0004-Add-apparmor-element-support-to-bus-config-parsing.patch, + 0005-Initialize-AppArmor-mediation.patch, + 0006-Store-AppArmor-label-of-bus-during-initialization.patch, + 0007-Store-AppArmor-label-of-connecting-processes.patch, + 0008-Mediation-of-processes-that-acquire-well-known-names.patch, + 0009-Do-LSM-checks-after-determining-if-the-message-is-a-.patch, + 0010-Mediation-of-processes-sending-and-receiving-message.patch, + 0011-Mediation-of-processes-eavesdropping.patch, + 0012-New-a-sv-helper-for-using-byte-arrays-as-the-variant.patch, + 0013-Add-AppArmor-support-to-GetConnectionCredentials.patch: Add the + latest set of AppArmor D-Bus mediation patches. This the v3 patch set + from the upstream feature inclusion bug. + - https://bugs.freedesktop.org/show_bug.cgi?id=75113 + - aa-get-connection-apparmor-security-context.patch: This is not + intended for upstream inclusion. It implements a bus method + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor + security context but upstream D-Bus has recently added a generic way of + getting a connection's security credentials (GetConnectionCredentials). + Ubuntu should carry this patch until packages in the archive are moved + over to the new, generic method of getting a connection's credentials. + + -- Marc Deslauriers Wed, 17 Sep 2014 15:52:35 -0400 + dbus (1.8.8-1) unstable; urgency=medium [ Michael Biebl ] @@ -465,6 +901,93 @@ dbus (1.8.6-2) unstable; urgency=medium -- Sjoerd Simons Wed, 13 Aug 2014 22:30:38 +0200 +dbus (1.8.6-1ubuntu1) utopic; urgency=low + + * Resynchronize on Debian testing (LP: #1320422). Remaining Ubuntu changes: + - Install binaries into / rather than /usr: + + debian/rules: Set --exec-prefix=/ + + debian/dbus.install, debian/dbus-x11.install: Install from /bin + - Use upstart to start: + + Add debian/dbus.upstart and dbus.user-session.upstart + + debian/dbus.postinst: Use upstart call instead of invoking the init.d + script for checking if we are already running. + + debian/control: versioned dependency on netbase that emits the new + deconfiguring-networking event used in upstart script. + - 20_system_conf_limit.patch: Increase max_match_rules_per_connection for + the system bus to 5000 (LP #454093) + - 81-session.conf-timeout.patch: Raise the service startup timeout from 25 + to 60 seconds. It may be too short on the live CD with slow machines. + - debian/dbus.user-session.upstart, debian/rules: Communicate session bus + to Upstart Session Init to avoid potential out-of-memory scenario + triggered by Upstart clients that do not run main loops + (LP: #1235649, LP: #1252317). + - debian/control, debian/rules: Build against libapparmor for AppArmor + D-Bus mediation + - debian/control: Use logind for session tracking, so that "at_console" + policies work with logind instead of ConsoleKit. Add "libpam-systemd" + recommends. + - debian/rules: Adjust dbus-send path to our changed install layout. + (LP: #1325364) + - debian/dbus-Xsession: Don't start a session bus if there already is one, + i. e. $DBUS_SESSION_BUS_ADDRESS is already set. (Closes: #681241) + * Dropped changes: + - debian/control: Drop version bump on the libglib2.0-dev Build-Depends. + It is no longer needed. + - debian/control: use "Breaks: unity-services (<< 6.0.0-0ubuntu6)", the + new dbus eavedropping protection was creating issues with previous + versions. This can be dropped now since upgrades from Quantal are no + longer a concern. + - debian/control, debian/rules: The tests are not run during the build. + Configure with --disable-tests, drop the build dependencies needed for + the tests. The tests should now run with the debug build using + autopkgtest. + - 00git_logind_check.patch: Fix logind check. This change is present in + upstream dbus. + - Add 00git_sd_daemon_update.patch: Update to current sytemd upstream + sd_booted() to actually check for systemd init. This change is present + in upstream dbus. + - debian/patches/aa-build-tools.patch, debian/patches/aa-mediation.patch, + debian/patches/aa-mediate-eavesdropping.patch: Drop these patches in + favor of the latest set of patches submitted for upstream inclusion + - debian/patches/02_obsolete_g_thread_api.patch: This change is present in + upstream dbus + - 0001-activation-allow-for-more-variation-than-just-system.patch, + 0002-bus-change-systemd-activation-to-activation-systemd.patch, + 0003-upstart-add-upstart-as-a-possible-activation-type.patch, + 0004-upstart-add-UpstartJob-to-service-desktop-files.patch, + 0005-activation-implement-upstart-activation.patch: These patches have + been disabled since 12.10 so it should be safe to remove them at this + point + - debian/patches/CVE-2014-3477.patch, debian/patches/CVE-2014-3532.patch, + debian/patches/CVE-2014-3533.patch: These changes are present in + upstream dbus + * 0001-Document-AppArmor-enforcement-in-the-dbus-daemon-man.patch, + 0002-Add-apparmor-element-and-attributes-to-the-bus-confi.patch, + 0003-Update-autoconf-file-to-build-against-libapparmor.patch, + 0004-Add-apparmor-element-support-to-bus-config-parsing.patch, + 0005-Initialize-AppArmor-mediation.patch, + 0006-Store-AppArmor-label-of-bus-during-initialization.patch, + 0007-Store-AppArmor-label-of-connecting-processes.patch, + 0008-Mediation-of-processes-that-acquire-well-known-names.patch, + 0009-Do-LSM-checks-after-determining-if-the-message-is-a-.patch, + 0010-Mediation-of-processes-sending-and-receiving-message.patch, + 0011-Mediation-of-processes-eavesdropping.patch, + 0012-New-a-sv-helper-for-using-byte-arrays-as-the-variant.patch, + 0013-Add-AppArmor-support-to-GetConnectionCredentials.patch: Add the + latest set of AppArmor D-Bus mediation patches. This the v3 patch set from + the upstream feature inclusion bug. + - https://bugs.freedesktop.org/show_bug.cgi?id=75113 + * aa-get-connection-apparmor-security-context.patch: Refresh this patch so + that it compiles with latest AppArmor D-Bus mediation patches. It is not + intended for upstream inclusion. It implements a bus method + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor + security context but upstream D-Bus has recently added a generic way of + getting a connection's security credentials (GetConnectionCredentials). + Ubuntu should carry this patch until packages in the archive are moved + over to the new, generic method of getting a connection's credentials. + + -- Tyler Hicks Fri, 15 Aug 2014 13:37:15 -0500 + dbus (1.8.6-1) unstable; urgency=high * New upstream release @@ -626,6 +1149,92 @@ dbus (1.6.18-1) unstable; urgency=low -- Simon McVittie Fri, 01 Nov 2013 16:30:33 +0000 +dbus (1.6.18-0ubuntu10) utopic; urgency=medium + + * Drop upstart dependency. We ship init scripts for sysv, upstart, and + systemd now. (LP: #1351306) + + -- Martin Pitt Fri, 01 Aug 2014 15:19:20 +0200 + +dbus (1.6.18-0ubuntu9) utopic; urgency=medium + + * SECURITY UPDATE: denial of service via activation errors + - debian/patches/CVE-2014-3477.patch: improve error handling in + bus/activation.*, bus/services.c. + - CVE-2014-3477 + * SECURITY UPDATE: denial of service via ETOOMANYREFS + - debian/patches/CVE-2014-3532.patch: drop message on ETOOMANYREFS in + dbus/dbus-sysdeps.*, dbus/dbus-transport-socket.c. + - CVE-2014-3532 + * SECURITY UPDATE: denial of service via invalid file descriptor + - debian/patches/CVE-2014-3533.patch: fix memory handling in + dbus/dbus-message.c. + - CVE-2014-3533 + + -- Marc Deslauriers Thu, 03 Jul 2014 08:28:23 -0400 + +dbus (1.6.18-0ubuntu8) utopic; urgency=medium + + * debian/dbus-Xsession: Don't start a session bus if there already is one, + i. e. $DBUS_SESSION_BUS_ADDRESS is already set. (Closes: #681241) + + -- Martin Pitt Tue, 03 Jun 2014 11:07:54 +0200 + +dbus (1.6.18-0ubuntu7) utopic; urgency=medium + + * debian/rules: Adjust dbus-send path to our changed install layout. + (LP: #1325364) + + -- Martin Pitt Mon, 02 Jun 2014 09:05:53 +0200 + +dbus (1.6.18-0ubuntu6) utopic; urgency=high + + * No change rebuild against new dh_installinit, to call update-rc.d at + postinst. + + -- Dimitri John Ledkov Wed, 28 May 2014 10:39:49 +0100 + +dbus (1.6.18-0ubuntu5) utopic; urgency=medium + + * Do not fail starting user-session dbus, if e.g. /home is 100% or + ~/.cache is not-writable. + * Make sure that DBUS_SESSION_ADDRESS is only exported, after the + session dbus has been launched. + + -- Dimitri John Ledkov Fri, 02 May 2014 12:00:27 +0100 + +dbus (1.6.18-0ubuntu4) trusty; urgency=medium + + * Create ~/.cache/upstart if it doesn't already exist. + Thanks to Ryan Lovett for the patch. (LP: #1300516) + + -- Stéphane Graber Tue, 01 Apr 2014 17:53:17 -0400 + +dbus (1.6.18-0ubuntu3) trusty; urgency=low + + * aa-mediate-eavesdropping.patch: Query AppArmor when confined applications + attempt to eavesdrop on the bus. See the apparmor.d(5) man page for + AppArmor syntax details. (LP: #1262440) + * debian/control: Depend on the apparmor version containing the new + eavesdrop permission + + -- Tyler Hicks Mon, 13 Jan 2014 11:45:21 -0600 + +dbus (1.6.18-0ubuntu2) trusty; urgency=low + + [ James Hunt ] + * debian/dbus.user-session.upstart: Communicate session bus to Upstart + Session Init to avoid potential out-of-memory scenario triggered by + Upstart clients that do not run main loops (LP: #1235649, LP: #1252317). + + -- Dmitrijs Ledkovs Tue, 19 Nov 2013 11:14:58 +0000 + +dbus (1.6.18-0ubuntu1) trusty; urgency=low + + * New upstream version + + -- Sebastien Bacher Mon, 11 Nov 2013 18:07:24 +0100 + dbus (1.6.16-1) unstable; urgency=low * New upstream stable release 1.6.16 @@ -652,6 +1261,124 @@ dbus (1.6.12-1) unstable; urgency=high -- Simon McVittie Wed, 12 Jun 2013 14:38:34 +0100 +dbus (1.6.12-0ubuntu10) saucy; urgency=low + + * debian/patches/aa-mediation.patch: Attempt to open() the mask file in + apparmorfs/features/dbus rather than simply stat() the dbus directory. + This is an important difference because AppArmor does not mediate the + stat() syscall. This resulted in problems in an environment where + dbus-daemon, running inside of an LXC container, did not have the + necessary AppArmor rules to access apparmorfs but the stat() succeeded + so mediation was not properly disabled. (LP: #1238267) + This problem was exposed after dropping aa-kernel-compat-check.patch + because the compat check was an additional check that performed a test + query. The test query was failing in the above scenario, which did result + in mediation being disabled. + * debian/patches/aa-get-connection-apparmor-security-context.patch, + debian/patches/aa-mediate-eavesdropping.patch: Refresh these patches to + accomodate the above change + + -- Tyler Hicks Thu, 10 Oct 2013 10:40:26 -0700 + +dbus (1.6.12-0ubuntu9) saucy; urgency=low + + * debian/patches/aa-mediate-eavesdropping.patch: Fix a regression that + caused dbus-daemon to segfault when AppArmor mediation is disabled, or + unsupported by the kernel, and an application attempts to eavesdrop + (LP: #1237059) + + -- Tyler Hicks Tue, 08 Oct 2013 17:58:36 -0700 + +dbus (1.6.12-0ubuntu8) saucy; urgency=low + + * debian/patches/aa-kernel-compat-check.patch: Drop this patch. It was a + temporary compatibility check to paper over incompatibilities between + dbus-daemon, libapparmor, and the AppArmor kernel code while AppArmor + D-Bus mediation was in development. + * debian/patches/aa-mediation.patch: Fix a bug that resulted in all actions + denied by AppArmor to be audited. Auditing such actions is the default, + but it should be possible to quiet audit messages by using the "deny" + AppArmor rule modifier. (LP: #1226356) + * debian/patches/aa-mediation.patch: Fix a bug in the code that builds + AppArmor queries for the process that is receiving a message. The + message's destination was being used, as opposed to the message's source, + as the peer name in the query string. (LP: #1233895) + * debian/patches/aa-mediate-eavesdropping.patch: Don't allow applications + that are confined by AppArmor to eavesdrop. Ideally, this would be + configurable with AppArmor policy, but the parser does not yet support + any type of eavesdropping permission. For now, confined applications will + simply not be allowed to eavesdrop. (LP: #1229280) + + -- Tyler Hicks Fri, 04 Oct 2013 09:59:21 -0700 + +dbus (1.6.12-0ubuntu7) saucy; urgency=low + + * Enable log output in session dbus upstart job. + + -- Dmitrijs Ledkovs Fri, 04 Oct 2013 10:21:15 +0100 + +dbus (1.6.12-0ubuntu6) saucy; urgency=low + + * Specify --fork to dbus-daemon in upstart user-session mode, to get the + daemon readiness information and emit started dbus, when dbus is + actually ready to operate. (LP: #1234731) + + -- Dmitrijs Ledkovs Thu, 03 Oct 2013 17:32:15 +0100 + +dbus (1.6.12-0ubuntu5) saucy; urgency=low + + * Add support for mediation of D-Bus messages and services. AppArmor D-Bus + rules are described in the apparmor.d(5) man page. dbus-daemon will use + libapparmor to perform queries against the AppArmor policies to determine + if a connection should be able to send messages to another connection, if + a connection should be able to receive messages from another connection, + and if a connection should be able to bind to a well-known name. + - debian/patches/aa-build-tools.patch: Update build files to detect and + build against libapparmor + - debian/patches/aa-mediation.patch: Support AppArmor mediation of D-Bus + messages and services. By default, AppArmor mediation is enabled if + AppArmor is available. To disable AppArmor mediation, place + '' in each bus configuration file. See the + dbus-daemon(1) man page for more details. + - debian/patches/aa-get-connection-apparmor-security-context.patch: Add an + org.freedesktop.DBus.GetConnectionAppArmorSecurityContext method that + takes the unique name of a connection as input and returns the AppArmor + label attached to the connection + - debian/patches/aa-kernel-compat-check.patch: Perform a compatibility + check of dbus, libapparmor, and the AppArmor kernel code during + initialization to determine if everything is in place to perform + AppArmor mediation. This is a temporary patch to overcome some potential + incompatabilities during the Saucy development release and should be + dropped prior to Saucy's release. + - debian/control: Add libapparmor-dev as a Build-Depends + - debian/rules: Specify that D-Bus should be built against libapparmor + during the configure stage of the build + * debian/patches/aa-mediation.patch: Clean up the AppArmor initialization + - Don't treat any errors from aa_is_enabled() as fatal unless the AppArmor + D-Bus mode is set to "required". This should fix errors when various + test cases need to start dbus-daemon on buildds. (LP: #1217598) + - Don't print to stderr during initialization unless an error has + occurred (LP: #1217710) + - Don't redefine _dbus_warn() to syslog(). A previous comment left in the + code suggested that _dbus_warn() caused segfaults. Testing proves that + is not the case. + * debian/patches/aa-get-connection-apparmor-security-context.patch: Refresh + patch to fix offset warnings after modifying aa-mediation.patch + + -- Tyler Hicks Wed, 28 Aug 2013 13:26:13 -0700 + +dbus (1.6.12-0ubuntu2) saucy; urgency=low + + * dump DBUS_SESSION_BUS_ADDRESS into ~/.dbus-session, so we can source it + + -- Oliver Grawert Tue, 16 Jul 2013 19:56:35 +0200 + +dbus (1.6.12-0ubuntu1) saucy; urgency=low + + * New upstream version, drop CVE-2013-2168.patch included in the update + + -- Sebastien Bacher Wed, 19 Jun 2013 19:04:25 +0200 + dbus (1.6.10-1) unstable; urgency=low * New upstream stable release 1.6.10 @@ -672,6 +1399,79 @@ dbus (1.6.10-1) unstable; urgency=low -- Simon McVittie Wed, 08 May 2013 10:52:51 +0100 +dbus (1.6.10-0ubuntu2) saucy; urgency=low + + * SECURITY UPDATE: denial of service via _dbus_printf_string_upper_bound() + length. + - debian/patches/CVE-2013-2168.patch: use a copy of va_list in + dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-win.c, added test to + test/Makefile.am, test/internals/printf.c. + - CVE-2013-2168 + + -- Marc Deslauriers Thu, 13 Jun 2013 08:40:01 -0400 + +dbus (1.6.10-0ubuntu1) saucy; urgency=low + + * New upstream version + + -- Sebastien Bacher Mon, 13 May 2013 19:29:40 +0200 + +dbus (1.6.8-1ubuntu8) saucy; urgency=low + + * Add 00git_logind_check.patch: Fix logind check. + * Add 00git_sd_daemon_update.patch: Update to current sytemd upstream + sd_booted() to actually check for systemd init. + + -- Martin Pitt Mon, 29 Apr 2013 11:42:42 -0700 + +dbus (1.6.8-1ubuntu7) saucy; urgency=low + + * Use logind for session tracking, so that "at_console" policies work with + logind instead of ConsoleKit. Add "libpam-systemd" recommends. + + -- Martin Pitt Sun, 10 Mar 2013 13:39:46 +0100 + +dbus (1.6.8-1ubuntu6) raring; urgency=low + + * Tweak startup condition of user-job to block xsession-init until it's + started. (LP: #1155205) + + -- Stéphane Graber Mon, 25 Mar 2013 09:52:01 -0400 + +dbus (1.6.8-1ubuntu5) raring; urgency=low + + * debian/libdbus-1-3.postinst: Force an upgrade to restart Upstart + (to pick up new package version) if the running instance supports + it (LP: #1146653). + + -- James Hunt Thu, 14 Mar 2013 10:32:39 -0400 + +dbus (1.6.8-1ubuntu4) raring; urgency=low + + * Add upstart user session job for dbus. + + -- Stéphane Graber Tue, 12 Mar 2013 15:04:50 -0400 + +dbus (1.6.8-1ubuntu3) raring; urgency=low + + * Mark libdbus-1-dev as Multi-Arch same. + + -- Dmitrijs Ledkovs Mon, 07 Jan 2013 17:36:51 +0000 + +dbus (1.6.8-1ubuntu2) raring; urgency=low + + * The tests are not run diring the build. Configure with --disable-tests, + drop the build dependencies needed for the tests. + + -- Matthias Klose Mon, 07 Jan 2013 17:03:23 +0100 + +dbus (1.6.8-1ubuntu1) raring; urgency=low + + * Resynchronize on Debian, see 1.6.4-1ubuntu1 and 1.6.4-1ubuntu3 for a + summary of the Ubuntu changes + + -- Sebastien Bacher Wed, 07 Nov 2012 15:31:11 +0100 + dbus (1.6.8-1) unstable; urgency=low * Merge from experimental @@ -687,6 +1487,72 @@ dbus (1.6.8-1) unstable; urgency=low -- Simon McVittie Sat, 29 Sep 2012 13:25:50 +0100 +dbus (1.6.4-1ubuntu4) quantal-proposed; urgency=low + + * debian/patches/CVE-2012-3524-regression-fix.patch: updated to fix test + suite. + + -- Marc Deslauriers Wed, 03 Oct 2012 14:41:36 -0400 + +dbus (1.6.4-1ubuntu3) quantal-proposed; urgency=low + + * REGRESSION FIX: some applications launched with the activation helper + may need DBUS_STARTER_ADDRESS. (LP: #1058343) + - debian/patches/CVE-2012-3524-regression-fix.patch: hardcode the + starter address to the default system bus address. + * Fix unclean shutdown after dbus upgrade (LP: #740390) + - debian/libdbus-1-3.postinst: trigger an upstart re-exec before + shutdown or reboot so that it can safely unmount the root + filesystem. + + -- Marc Deslauriers Wed, 03 Oct 2012 07:14:40 -0400 + +dbus (1.6.4-1ubuntu2) quantal-proposed; urgency=low + + * SECURITY UPDATE: privilege escalation via unsanitized environment + - debian/patches/CVE-2012-3524-dbus.patch: Don't access environment + variables or run dbus-launch when setuid in configure.ac, + dbus/dbus-keyring.c, dbus/dbus-sysdeps* + - CVE-2012-3524 + + -- Marc Deslauriers Fri, 14 Sep 2012 08:57:33 -0400 + +dbus (1.6.4-1ubuntu1) quantal-proposed; urgency=low + + * Upload to quantal (lp: #1014850) + * debian/control: + - use "Breaks: unity-services (<< 6.0.0-0ubuntu6)", the new dbus + eavedropping protection was creating issues with previous versions + + [ Iain Lane ] + * Merge with Debian experimental for the new stable series. Remaining Ubuntu + changes: + - Install binaries into / rather than /usr: + + debian/rules: Set --exec-prefix=/ + + debian/dbus.install, debian/dbus-x11.install: Install from /bin + - Use upstart to start: + + Add debian/dbus.upstart. + + debian/control: Add upstart dependency. + + debian/dbus.postinst: Use upstart call instead of invoking the init.d + script for checking if we are already running. + + debian/control: versioned dependency on netbase that emits the new + deconfiguring-networking event used in upstart script. + - 20_system_conf_limit.patch: Increase max_match_rules_per_connection for + the system bus to 5000 (LP #454093) + - 81-session.conf-timeout.patch: Raise the service startup timeout from 25 + to 60 seconds. It may be too short on the live CD with slow machines. + - Add 0001-activation-allow-for-more-variation-than-just-system.patch, + 0002-bus-change-systemd-activation-to-activation-systemd.patch, + 0003-upstart-add-upstart-as-a-possible-activation-type.patch, + 0004-upstart-add-UpstartJob-to-service-desktop-files.patch, + 0005-activation-implement-upstart-activation.patch: Patches from Scott + James Remnant to implement Upstart service activation. Not upstream. + Disable patches since they do not apply and this facility is unused + anyway. + * Remove systemd BDs; not appropriate for Ubuntu. + + -- Sebastien Bacher Fri, 03 Aug 2012 12:05:38 +0200 + dbus (1.6.4-1) experimental; urgency=low * gbp.conf: switch to experimental branch @@ -972,6 +1838,86 @@ dbus (1.5.0-1) experimental; urgency=low -- Simon McVittie Mon, 11 Apr 2011 18:04:56 +0100 +dbus (1.4.18-1ubuntu1) precise; urgency=low + + * Merge with Debian unstable to pick up the new bug fix release. Remaining + Ubuntu changes: + - Install binaries into / rather than /usr: + + debian/rules: Set --exec-prefix=/ + + debian/dbus.install, debian/dbus-x11.install: Install from /bin + - Use upstart to start: + + Add debian/dbus.upstart. + + debian/control: Add upstart dependency. + + debian/dbus.postinst: Use upstart call instead of invoking the init.d + script for checking if we are already running. + + debian/control: versioned dependency on netbase that emits the new + deconfiguring-networking event used in upstart script. + - 20_system_conf_limit.patch: Increase max_match_rules_per_connection for + the system bus to 5000 (LP #454093) + - 81-session.conf-timeout.patch: Raise the service startup timeout from 25 + to 60 seconds. It may be too short on the live CD with slow machines. + - Add 0001-activation-allow-for-more-variation-than-just-system.patch, + 0002-bus-change-systemd-activation-to-activation-systemd.patch, + 0003-upstart-add-upstart-as-a-possible-activation-type.patch, + 0004-upstart-add-UpstartJob-to-service-desktop-files.patch, + 0005-activation-implement-upstart-activation.patch: Patches from Scott + James Remnant to implement Upstart service activation. Not upstream. + + -- Martin Pitt Wed, 22 Feb 2012 09:26:02 +0100 + +dbus (1.4.16-1ubuntu4) precise; urgency=low + + * debian/rules, debian/dbus-1-dbg.install: Only set --exec-prefix=/ in + the production build. This prevents the debug version of dbus-daemon + from overwriting the non-debug version, which crashes the dbus-python + test suite. This leaves the debug version in a somewhat bogus path, + but we won't worry about that for now. Solution given by Jason Conti. + Also closes https://bugs.freedesktop.org/show_bug.cgi?id=43303 + (LP: #913991) + + -- Barry Warsaw Tue, 10 Jan 2012 15:52:43 +0100 + +dbus (1.4.16-1ubuntu3) precise; urgency=low + + * Add a post-stop in the upstart script making sure /var/run/dbus/pid + doesn't exist after dbus has been stopped/died. This fixes dbus + not respawning when dying (segfault for example). + + -- Stéphane Graber Mon, 09 Jan 2012 15:15:50 +0100 + +dbus (1.4.16-1ubuntu2) precise; urgency=low + + * Add debian/patches/02_obsolete_g_thread_api.patch: Port to glib 2.31.x + g_thread API. Bump libglib2.0-dev build dep accordingly. (LP: #911125) + + -- Martin Pitt Tue, 03 Jan 2012 11:08:46 +0100 + +dbus (1.4.16-1ubuntu1) precise; urgency=low + + * Merge with Debian testing. Remaining changes: + - Install binaries into / rather than /usr: + + debian/rules: Set --exec-prefix=/ + + debian/dbus.install, debian/dbus-x11.install: Install from /bin + - Use upstart to start: + + Add debian/dbus.upstart. + + debian/control: Add upstart dependency. + + debian/dbus.postinst: Use upstart call instead of invoking the init.d + script for checking if we are already running. + + debian/control: versioned dependency on netbase that emits the new + deconfiguring-networking event used in upstart script. + - 20_system_conf_limit.patch: Increase max_match_rules_per_connection for + the system bus to 5000 (LP #454093) + - 81-session.conf-timeout.patch: Raise the service startup timeout from 25 + to 60 seconds. It may be too short on the live CD with slow machines. + - Add 0001-activation-allow-for-more-variation-than-just-system.patch, + 0002-bus-change-systemd-activation-to-activation-systemd.patch, + 0003-upstart-add-upstart-as-a-possible-activation-type.patch, + 0004-upstart-add-UpstartJob-to-service-desktop-files.patch, + 0005-activation-implement-upstart-activation.patch: Patches from Scott + James Remnant to implement Upstart service activation. Not upstream. + + -- Martin Pitt Tue, 18 Oct 2011 18:10:19 +0200 + dbus (1.4.8-1) unstable; urgency=low * New upstream version @@ -1488,7 +2434,6 @@ dbus (1.1.1-2) UNRELEASED; urgency=low -- Michael Biebl Wed, 27 Jun 2007 01:42:38 +0200 - dbus (1.1.1-1) unstable; urgency=low [ Michael Biebl ] @@ -1798,8 +2743,6 @@ dbus (0.62-2) unstable; urgency=low -- Sjoerd Simons Wed, 21 Jun 2006 10:47:00 +0200 - - dbus (0.62-1) unstable; urgency=low * New upstream release @@ -2576,3 +3519,4 @@ dbus (0.5-1) unstable; urgency=low * Initial version (Closes: #183739) -- Colin Walters Thu, 6 Mar 2003 17:58:06 -0500 + diff -pruN 1.10.6-1/debian/control 1.10.6-1ubuntu4/debian/control --- 1.10.6-1/debian/control 2015-12-01 19:15:55.000000000 +0000 +++ 1.10.6-1ubuntu4/debian/control 2015-12-02 04:42:14.000000000 +0000 @@ -1,7 +1,8 @@ Source: dbus Section: admin Priority: optional -Maintainer: Utopia Maintenance Team +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Utopia Maintenance Team Uploaders: Sjoerd Simons , Sebastian Dröge , Michael Biebl , diff -pruN 1.10.6-1/debian/dbus.install 1.10.6-1ubuntu4/debian/dbus.install --- 1.10.6-1/debian/dbus.install 2015-12-01 19:15:55.000000000 +0000 +++ 1.10.6-1ubuntu4/debian/dbus.install 2015-12-02 04:42:14.000000000 +0000 @@ -1,5 +1,6 @@ #!/usr/bin/dh-exec +debian/dbus.user-session.upstart => /usr/share/upstart/sessions/dbus.conf usr/bin/dbus-daemon usr/bin/dbus-cleanup-sockets usr/bin/dbus-run-session diff -pruN 1.10.6-1/debian/dbus.postinst 1.10.6-1ubuntu4/debian/dbus.postinst --- 1.10.6-1/debian/dbus.postinst 2015-12-01 19:15:55.000000000 +0000 +++ 1.10.6-1ubuntu4/debian/dbus.postinst 2016-04-01 15:04:42.000000000 +0000 @@ -31,6 +31,10 @@ if [ "$1" = configure ]; then --disabled-password \ --group "$MESSAGEUSER" + if [ "`dpkg-divert --listpackage "$LAUNCHER"`" = "dbus.new" ]; then + rm -f "$LAUNCHER" + dpkg-divert --remove --rename --package dbus.new --divert "$LAUNCHER.new" "$LAUNCHER" >/dev/null + fi if ! dpkg-statoverride --list "$LAUNCHER" >/dev/null; then dpkg-statoverride --update --add root "$MESSAGEUSER" 4754 "$LAUNCHER" fi @@ -92,3 +96,8 @@ fi if [ "$1" = configure ] && [ -n "$2" ]; then reload_dbus_config fi + +# We don't start dbus.service in postinst, so ensure dbus.socket is running +if [ "$1" = configure ] && [ -d /run/systemd/system ]; then + systemctl try-restart sockets.target || true +fi diff -pruN 1.10.6-1/debian/dbus.preinst 1.10.6-1ubuntu4/debian/dbus.preinst --- 1.10.6-1/debian/dbus.preinst 1970-01-01 00:00:00.000000000 +0000 +++ 1.10.6-1ubuntu4/debian/dbus.preinst 2016-04-01 01:06:34.000000000 +0000 @@ -0,0 +1,17 @@ +#!/bin/sh + +set -e + +LAUNCHER=/usr/lib/dbus-1.0/dbus-daemon-launch-helper + +if [ "$1" = upgrade ]; then + if dpkg --compare-versions "$2" lt "1.9.4-2~"; then + dpkg-divert --add --rename --package dbus.new --divert "$LAUNCHER.new" "$LAUNCHER" >/dev/null + if [ ! -x "$LAUNCHER" ]; then + cp -a "$LAUNCHER.new" "$LAUNCHER" + fi + fi +fi + +#DEBHELPER# + diff -pruN 1.10.6-1/debian/dbus.upstart 1.10.6-1ubuntu4/debian/dbus.upstart --- 1.10.6-1/debian/dbus.upstart 1970-01-01 00:00:00.000000000 +0000 +++ 1.10.6-1ubuntu4/debian/dbus.upstart 2015-09-01 16:31:53.000000000 +0000 @@ -0,0 +1,25 @@ +# dbus - D-Bus system message bus +# +# The D-Bus system message bus allows system daemons and user applications +# to communicate. + +description "D-Bus system message bus" + +start on filesystem +stop on deconfiguring-networking + +expect fork +respawn + +pre-start script + mkdir -p /var/run/dbus + chown messagebus:messagebus /var/run/dbus + + exec dbus-uuidgen --ensure +end script + +exec dbus-daemon --system --fork + +post-start exec kill -USR1 1 + +post-stop exec rm -f /var/run/dbus/pid diff -pruN 1.10.6-1/debian/dbus.user-session.upstart 1.10.6-1ubuntu4/debian/dbus.user-session.upstart --- 1.10.6-1/debian/dbus.user-session.upstart 1970-01-01 00:00:00.000000000 +0000 +++ 1.10.6-1ubuntu4/debian/dbus.user-session.upstart 2016-05-24 11:22:44.000000000 +0000 @@ -0,0 +1,32 @@ +description "DBus Session Bus" +author "Stéphane Graber " + +start on starting xsession-init + +env DBUS_DEBUG_OUTPUT=1 + +respawn + +pre-start script + if [ -z "$DBUS_SESSION_BUS_ADDRESS" ]; then + DBUS_SESSION_BUS_ADDRESS=unix:abstract=$(mktemp -u /tmp/dbus-XXXXXXXXXX) + initctl set-env do_launch=1 + fi + initctl set-env DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION_BUS_ADDRESS +end script + +script + if [ -n "$do_launch" ]; then + exec dbus-daemon --session --address="$DBUS_SESSION_BUS_ADDRESS" + else + # if there already is an existing user bus, don't launch another one, + # but keep running to start jobs that trigger on dbus + exec sleep infinity + fi +end script + +post-start script + initctl set-env --global DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION_BUS_ADDRESS + echo "DBUS_SESSION_BUS_ADDRESS=${DBUS_SESSION_BUS_ADDRESS}" >$XDG_RUNTIME_DIR/dbus-session || true + initctl notify-dbus-address "$DBUS_SESSION_BUS_ADDRESS" || true +end script diff -pruN 1.10.6-1/debian/libdbus-1-3.postinst 1.10.6-1ubuntu4/debian/libdbus-1-3.postinst --- 1.10.6-1/debian/libdbus-1-3.postinst 1970-01-01 00:00:00.000000000 +0000 +++ 1.10.6-1ubuntu4/debian/libdbus-1-3.postinst 2015-09-01 16:32:00.000000000 +0000 @@ -0,0 +1,53 @@ +#!/bin/sh + +set -e + +if [ "$1" = configure ]; then + # A dependent library of Upstart has changed, so restart Upstart + # such that it can safely unmount the root filesystem (LP: #740390) + + # Query running version of Upstart, but only when we know + # that initctl will work. + # + # The calculated version string may be the null string if + # Upstart is not running (where for example an alternative + # init is running outside a chroot environment) or if the + # query failed for some reason. However, the version check + # below handles a null version string correctly. + UPSTART_VERSION_RUNNING=$(initctl version 2>/dev/null |\ + awk '{print $3}'|tr -d ')' || :) + + if ischroot; then + # Do not honour re-exec when requested from within a + # chroot since: + # + # (a) The version of Upstart outside might not support it. + # (b) An isolated environment such as a chroot should + # not be able to modify its containing environment. + # + # A sufficiently new Upstart will actually handle a re-exec + # request coming from telinit within a chroot correctly (by + # doing nothing) but it's simple enough to perform the check + # here and save Upstart the effort. + : + elif dpkg --compare-versions "$UPSTART_VERSION_RUNNING" ge 1.6.1; then + # We are not running inside a chroot and the running version + # of Upstart supports stateful re-exec, so we can + # restart immediately. + # + # XXX: Note that the check on the running version must + # remain *indefinitely* since it's the only safe way to + # know if stateful re-exec is supported: simply checking + # packaged version numbers is not sufficient since + # the package could be upgraded multiple times without a + # reboot. + telinit u || : + else + # Before we shutdown or reboot, we need to re-exec so that we + # can safely remount the root filesystem; we can't just do that + # here because we lose state. + touch /var/run/init.upgraded || : + fi +fi + +#DEBHELPER# diff -pruN 1.10.6-1/debian/patches/aa-get-connection-apparmor-security-context.patch 1.10.6-1ubuntu4/debian/patches/aa-get-connection-apparmor-security-context.patch --- 1.10.6-1/debian/patches/aa-get-connection-apparmor-security-context.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.10.6-1ubuntu4/debian/patches/aa-get-connection-apparmor-security-context.patch 2015-02-19 16:16:18.000000000 +0000 @@ -0,0 +1,183 @@ +Description: Add DBus method to return the AA context of a connection + Allows the AppArmor label that is attached to a D-Bus connection to be + queried using the unique connection name. + . + For example, + $ dbus-send --print-reply --system --dest=org.freedesktop.DBus \ + /org/freedesktop/DBus \ + org.freedesktop.DBus.GetConnectionAppArmorSecurityContext string::1.4 + method return sender=org.freedesktop.DBus -> dest=:1.50 reply_serial=2 + string "/usr/sbin/cupsd" + . + [Altered by Simon McVittie: survive non-UTF-8 contexts which + would otherwise be a local denial of service, except that Ubuntu + inherits a non-fatal warnings patch from Debian; new commit message + taken from the Ubuntu changelog; do not emit unreachable code if + AppArmor is disabled.] +Author: Tyler Hicks +Forwarded: not-needed +--- + bus/apparmor.c | 15 ++++++++ + bus/apparmor.h | 1 + bus/driver.c | 89 +++++++++++++++++++++++++++++++++++++++++++++++++++ + dbus/dbus-protocol.h | 2 + + 4 files changed, 107 insertions(+) + +Index: dbus-1.8.12/bus/apparmor.c +=================================================================== +--- dbus-1.8.12.orig/bus/apparmor.c 2015-02-19 09:28:49.935463892 -0600 ++++ dbus-1.8.12/bus/apparmor.c 2015-02-19 09:28:49.923463949 -0600 +@@ -528,6 +528,21 @@ bus_apparmor_enabled (void) + #endif + } + ++const char* ++bus_apparmor_confinement_get_label (BusAppArmorConfinement *confinement) ++{ ++#ifdef HAVE_APPARMOR ++ if (!apparmor_enabled) ++ return NULL; ++ ++ _dbus_assert (confinement != NULL); ++ ++ return confinement->label; ++#else ++ return NULL; ++#endif ++} ++ + void + bus_apparmor_confinement_unref (BusAppArmorConfinement *confinement) + { +Index: dbus-1.8.12/bus/apparmor.h +=================================================================== +--- dbus-1.8.12.orig/bus/apparmor.h 2015-02-19 09:28:49.935463892 -0600 ++++ dbus-1.8.12/bus/apparmor.h 2015-02-19 09:28:49.923463949 -0600 +@@ -39,6 +39,7 @@ dbus_bool_t bus_apparmor_enabled (void); + + void bus_apparmor_confinement_unref (BusAppArmorConfinement *confinement); + void bus_apparmor_confinement_ref (BusAppArmorConfinement *confinement); ++const char* bus_apparmor_confinement_get_label (BusAppArmorConfinement *confinement); + BusAppArmorConfinement* bus_apparmor_init_connection_confinement (DBusConnection *connection, + DBusError *error); + +Index: dbus-1.8.12/bus/driver.c +=================================================================== +--- dbus-1.8.12.orig/bus/driver.c 2015-02-19 09:28:49.935463892 -0600 ++++ dbus-1.8.12/bus/driver.c 2015-02-19 09:28:49.927463930 -0600 +@@ -1620,6 +1620,91 @@ bus_driver_handle_get_connection_credent + } + + static dbus_bool_t ++bus_driver_handle_get_connection_apparmor_security_context (DBusConnection *connection, ++ BusTransaction *transaction, ++ DBusMessage *message, ++ DBusError *error) ++{ ++ const char *service; ++ DBusString str; ++ BusRegistry *registry; ++ BusService *serv; ++ DBusConnection *primary_connection; ++ DBusMessage *reply; ++ BusAppArmorConfinement *confinement; ++ const char *label; ++ ++ _DBUS_ASSERT_ERROR_IS_CLEAR (error); ++ ++ registry = bus_connection_get_registry (connection); ++ ++ service = NULL; ++ reply = NULL; ++ confinement = NULL; ++ ++ if (! dbus_message_get_args (message, error, DBUS_TYPE_STRING, &service, ++ DBUS_TYPE_INVALID)) ++ goto failed; ++ ++ _dbus_verbose ("asked for security context of connection %s\n", service); ++ ++ _dbus_string_init_const (&str, service); ++ serv = bus_registry_lookup (registry, &str); ++ if (serv == NULL) ++ { ++ dbus_set_error (error, ++ DBUS_ERROR_NAME_HAS_NO_OWNER, ++ "Could not get security context of name '%s': no such name", service); ++ goto failed; ++ } ++ ++ primary_connection = bus_service_get_primary_owners_connection (serv); ++ ++ reply = dbus_message_new_method_return (message); ++ if (reply == NULL) ++ goto oom; ++ ++ confinement = bus_connection_dup_apparmor_confinement (primary_connection); ++ label = bus_apparmor_confinement_get_label (confinement); ++ ++ if (label == NULL) ++ { ++ dbus_set_error (error, ++ DBUS_ERROR_APPARMOR_SECURITY_CONTEXT_UNKNOWN, ++ "Could not determine security context for '%s'", service); ++ goto failed; ++ } ++ ++ if (!dbus_validate_utf8 (label, error)) ++ goto failed; ++ ++ if (! dbus_message_append_args (reply, ++ DBUS_TYPE_STRING, ++ &label, ++ DBUS_TYPE_INVALID)) ++ goto failed; ++ ++ if (! bus_transaction_send_from_driver (transaction, connection, reply)) ++ goto oom; ++ ++ bus_apparmor_confinement_unref (confinement); ++ dbus_message_unref (reply); ++ ++ return TRUE; ++ ++ oom: ++ BUS_SET_OOM (error); ++ ++ failed: ++ _DBUS_ASSERT_ERROR_IS_SET (error); ++ if (confinement) ++ bus_apparmor_confinement_unref (confinement); ++ if (reply) ++ dbus_message_unref (reply); ++ return FALSE; ++} ++ ++static dbus_bool_t + bus_driver_handle_reload_config (DBusConnection *connection, + BusTransaction *transaction, + DBusMessage *message, +@@ -1791,6 +1876,10 @@ static const MessageHandler dbus_message + DBUS_TYPE_STRING_AS_STRING, + DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_BYTE_AS_STRING, + bus_driver_handle_get_connection_selinux_security_context }, ++ { "GetConnectionAppArmorSecurityContext", ++ DBUS_TYPE_STRING_AS_STRING, ++ DBUS_TYPE_STRING_AS_STRING, ++ bus_driver_handle_get_connection_apparmor_security_context }, + { "ReloadConfig", + "", + "", +Index: dbus-1.8.12/dbus/dbus-protocol.h +=================================================================== +--- dbus-1.8.12.orig/dbus/dbus-protocol.h 2015-02-19 09:28:49.935463892 -0600 ++++ dbus-1.8.12/dbus/dbus-protocol.h 2015-02-19 09:28:49.927463930 -0600 +@@ -439,6 +439,8 @@ extern "C" { + #define DBUS_ERROR_INVALID_FILE_CONTENT "org.freedesktop.DBus.Error.InvalidFileContent" + /** Asked for SELinux security context and it wasn't available. */ + #define DBUS_ERROR_SELINUX_SECURITY_CONTEXT_UNKNOWN "org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown" ++/** Asked for AppArmor security context and it wasn't available. */ ++#define DBUS_ERROR_APPARMOR_SECURITY_CONTEXT_UNKNOWN "org.freedesktop.DBus.Error.AppArmorSecurityContextUnknown" + /** Asked for ADT audit data and it wasn't available. */ + #define DBUS_ERROR_ADT_AUDIT_DATA_UNKNOWN "org.freedesktop.DBus.Error.AdtAuditDataUnknown" + /** There's already an object with the requested object path. */ diff -pruN 1.10.6-1/debian/patches/dont-stop-dbus.patch 1.10.6-1ubuntu4/debian/patches/dont-stop-dbus.patch --- 1.10.6-1/debian/patches/dont-stop-dbus.patch 1970-01-01 00:00:00.000000000 +0000 +++ 1.10.6-1ubuntu4/debian/patches/dont-stop-dbus.patch 2016-02-11 11:56:56.000000000 +0000 @@ -0,0 +1,38 @@ +From: Martin Pitt +Subject: Don't stop D-Bus in the service unit + +D-Bus is getting stopped too early during shutdown, so that services on the bus +are still running (and being shut down) after that. This leads to shutdown +hangs due to remote file systems not getting unmounted as wpa_supplicant is +already gone, or avahi or NetworkManager getting lots of errors because they +get disconnected, etc. As D-Bus does not keep its state between restarts, +dbus.socket also does not help us. + +Also, stopping D-Bus in a running system isn't something which we ever +supported; to the contrary, we patched several packages to avoid +restarting/stopping D-Bus in postinsts, as stopping d-bus in a running system +is shooting yourself into the foot (independent of which init system you use). +Thus leaving D-Bus running until the bitter end should be fine, it doesn't have +any file system things to do on shutdown. This also approximates the brave new +kdbus world where d-bus is basically "always available". + +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89847 +Bug-Ubuntu: https://launchpad.net/bugs/1438612 + +Index: dbus-1.10.6/bus/dbus.service.in +=================================================================== +--- dbus-1.10.6.orig/bus/dbus.service.in ++++ dbus-1.10.6/bus/dbus.service.in +@@ -2,8 +2,12 @@ + Description=D-Bus System Message Bus + Documentation=man:dbus-daemon(1) + Requires=dbus.socket ++# we don't properly stop D-Bus (see ExecStop=), thus disallow restart ++RefuseManualStart=yes + + [Service] + ExecStart=@EXPANDED_BINDIR@/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation + ExecReload=@EXPANDED_BINDIR@/dbus-send --print-reply --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig ++ExecStop=/bin/true ++KillMode=none + OOMScoreAdjust=-900 diff -pruN 1.10.6-1/debian/patches/series 1.10.6-1ubuntu4/debian/patches/series --- 1.10.6-1/debian/patches/series 2015-12-01 19:15:55.000000000 +0000 +++ 1.10.6-1ubuntu4/debian/patches/series 2015-12-03 10:45:23.000000000 +0000 @@ -1,3 +1,5 @@ Don-t-abort-on-fatal-warnings-by-default.patch Doxyfile.in-do-not-put-timestamps-in-HTML-for-reprod.patch +dont-stop-dbus.patch +aa-get-connection-apparmor-security-context.patch session.conf-system.conf-include-legacy-files-as-.dpkg-ba.patch diff -pruN 1.10.6-1/debian/rules 1.10.6-1ubuntu4/debian/rules --- 1.10.6-1/debian/rules 2015-12-01 19:15:55.000000000 +0000 +++ 1.10.6-1ubuntu4/debian/rules 2016-04-01 00:29:49.000000000 +0000 @@ -202,7 +202,7 @@ override_dh_install: dh_install --list-missing $(dh_install_options) override_dh_installinit: - dh_installinit -pdbus -r + dh_installinit -pdbus --no-start # we don't want docs for the debug symbols, just symlink to the library docs override_dh_installdocs: