diff options
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 321 | ||||
| -rw-r--r-- | debian/clean | 1 | ||||
| -rw-r--r-- | debian/control | 43 | ||||
| -rw-r--r-- | debian/copyright | 645 | ||||
| -rw-r--r-- | debian/dbus-udeb.dirs | 1 | ||||
| -rw-r--r-- | debian/dbus-udeb.install | 6 | ||||
| -rw-r--r-- | debian/dbus-udeb.postinst | 7 | ||||
| -rw-r--r-- | debian/dbus.README.Debian | 32 | ||||
| -rw-r--r-- | debian/dbus.bug-control | 1 | ||||
| -rw-r--r-- | debian/dbus.init | 2 | ||||
| -rw-r--r-- | debian/dbus.install-generic (renamed from debian/dbus.install) | 7 | ||||
| -rw-r--r-- | debian/dbus.install-systemd | 5 | ||||
| -rw-r--r-- | debian/dbus.postinst | 31 | ||||
| -rw-r--r-- | debian/dbus.postrm | 6 | ||||
| -rw-r--r-- | debian/dbus.triggers | 2 | ||||
| -rw-r--r-- | debian/libdbus-1-3.symbols | 1 | ||||
| -rwxr-xr-x | debian/rules | 75 | ||||
| -rwxr-xr-x | debian/tests/build | 36 | ||||
| -rw-r--r-- | debian/tests/control | 5 | ||||
| -rwxr-xr-x | debian/tests/installed-tests | 33 |
20 files changed, 1006 insertions, 254 deletions
diff --git a/debian/changelog b/debian/changelog index dfae0c03..160b6d75 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,324 @@ +dbus (1.8.16-1) unstable; urgency=high + + * New upstream release fixes a local denial of service + when using systemd activation (CVE-2015-0245) + + -- Simon McVittie <smcv@debian.org> Wed, 04 Feb 2015 20:14:46 +0000 + +dbus (1.8.14-2) unstable; urgency=high + + * Relax the triggers from interest to interest-noawait (Closes: #771989; + mitigates: #776063; partially reopens: #740139). + + This is not strictly correct, because the purpose of the triggers + is to set up the .conf, .service files for system services before those + services satisfy dependencies. However, it mitigates #776063 + (apt getting into a stuck state during upgrades), and should in + principle be redundant anyway, because dbus-daemon is meant to use + inotify to keep up with configuration changes. See #771989, #776063 + for details. + + -- Simon McVittie <smcv@debian.org> Tue, 03 Feb 2015 17:28:12 +0000 + +dbus (1.8.14-1) unstable; urgency=medium + + * New upstream release to harden dbus-daemon against packages that install + unsafe security policy configurations. + + -- Simon McVittie <smcv@debian.org> Thu, 01 Jan 2015 13:07:23 +0000 + +dbus (1.8.12-3) unstable; urgency=medium + + * preinst: partially revert change from 1.8.12-2. It seems that the + preinst is too late to add a useful dpkg-statoverride entry: dpkg has + already loaded the statoverride database by this point, and if we add + the entry in the preinst, dpkg-statoverride won't run and have + its --update side-effect in the postinst. (Closes: #773107, #773838) + * postinst: don't run dpkg-statoverride with 2>/dev/null: in the unlikely + event that it fails for a reason other than "not overridden" (which + results in silently exiting 1), we'll want to know about it. + + -- Simon McVittie <smcv@debian.org> Tue, 23 Dec 2014 21:21:20 +0000 + +dbus (1.8.12-2) unstable; urgency=medium + + * postinst: use dpkg-statoverride to set the permissions for + dbus-daemon-launch-helper (expected to be 04754 root:messagebus) + as suggested in Policy §10.9. This avoids a temporarily broken state + when an upgraded dbus is unpacked but not yet configured (Closes: #773107) + * preinst: opportunistically set up the same dpkg-statoverride entry + if the group already exists, to avoid the same broken state during + upgrades from older versions without needing Pre-Depends: adduser + * postrm: delete the dpkg-statoverride entry on purge + + -- Simon McVittie <smcv@debian.org> Sun, 21 Dec 2014 15:02:22 +0000 + +dbus (1.8.12-1) unstable; urgency=medium + + * New upstream release 1.8.12 + - increase auth_timeout from 5 seconds back to 30 seconds since it + appears to cause slow or failed boot on some systems, reverting a + change in 1.8.8 (Closes: #769069) + - add a README.Debian to the dbus package documenting how + sysadmins with hostile local users can get the lower timeout back, + if their systems are fast enough to boot correctly like that + + -- Simon McVittie <smcv@debian.org> Mon, 24 Nov 2014 13:46:01 +0000 + +dbus (1.8.10-1) unstable; urgency=medium + + * New upstream release 1.8.10 + - raise dbus-daemon's file descriptor limit to 65536 to avoid an + opportunity for denial of service + (CVE-2014-7824, an incomplete fix for CVE-2014-3636) + * Start 'dbus-daemon --system' as root under sysvinit (it already + starts as root under systemd), so it can increase its file + descriptor limit + + -- Simon McVittie <smcv@debian.org> Thu, 06 Nov 2014 16:28:22 +0000 + +dbus (1.8.8-2) unstable; urgency=medium + + [ Michael Biebl ] + * Build against libsystemd-dev. In systemd v209 the various libraries were + merged into a single libsystemd library. + + [ Simon McVittie ] + * debian/dbus.bug-control: when people report bugs against dbus, + also report the status of systemd and systemd-sysv (because + those alter how system service activation works), and dbus-x11 + (because that's responsible for normal session bus setup) + * Remove Build-Profiles control field until the syntax settles down + (Closes: #764222) + * Use --with-valgrind=auto (supported since 1.7.6) for the debug build + + -- Simon McVittie <smcv@debian.org> Mon, 06 Oct 2014 19:17:04 +0100 + +dbus (1.8.8-1) unstable; urgency=medium + + [ Michael Biebl ] + * Don't attempt config reload if dbus system bus is not running. + + [ Simon McVittie ] + * Bump dbus up to Priority: standard because without it, systemd-logind + does not run a getty on tty2..tty6 (matching ftp-master action in + #759293) + * New upstream release fixes several security issues + - CVE-2014-3635: do not accept an extra fd in cmsg padding, + avoiding a buffer overrun in dbus-daemon or system services + - CVE-2014-3636: reduce maximum number of file descriptors + per message from 1024 to 16, to avoid two separate denial-of-service + attacks that could cause system services to be dropped from the bus + - CVE-2014-3637: time out connections that have a + partially-sent message containing a file descriptor, so that + malicious processes cannot use self-referential file descriptors + to make a connection that will never close + - CVE-2014-3638: reduce maximum number of pending replies + per connection to avoid algorithmic complexity DoS + - CVE-2014-3639: reduce timeout for authentication and + do not accept() new connections when all unauthenticated connection + slots are in use, so that malicious processes cannot prevent new + connections to the system bus + * debian/copyright: fix glob syntax, .[ch] is not supported + + -- Simon McVittie <smcv@debian.org> Mon, 15 Sep 2014 12:58:25 +0100 + +dbus (1.8.6-2) unstable; urgency=medium + + * debian/dbus.posinst: When triggered only poke the dbus-daemon, don't run + update-rc.d/invoke-rc.d as added by dh_installinit. This prevent some + odd-corner when being triggered during init system upgrade + (Closes: #754404) + + -- Sjoerd Simons <sjoerd@debian.org> Wed, 13 Aug 2014 22:30:38 +0200 + +dbus (1.8.6-1) unstable; urgency=high + + * New upstream release + - fix two local DoS vulnerabilities (CVE-2014-3532, CVE-2014-3533) + + -- Simon McVittie <smcv@debian.org> Mon, 30 Jun 2014 15:15:58 +0100 + +dbus (1.8.4-1) unstable; urgency=high + + * New upstream release, fixing a DoS vulnerability (CVE-2014-3477) + + -- Simon McVittie <smcv@debian.org> Thu, 05 Jun 2014 15:12:02 +0100 + +dbus (1.8.2-1) unstable; urgency=medium + + * New upstream release + + -- Simon McVittie <smcv@debian.org> Wed, 30 Apr 2014 20:17:46 +0100 + +dbus (1.8.0-3) unstable; urgency=medium + + * Improve autopkgtest support + - use a shell wildcard instead of dpkg-architecture, to avoid stderr spam + failing the test if gcc is missing + - wrap each test-case in an arbitrary (5 minute) timeout so that one + test-case failing won't halt the whole build + + -- Simon McVittie <smcv@debian.org> Wed, 26 Mar 2014 09:17:20 +0000 + +dbus (1.8.0-2) unstable; urgency=low + + * debian/rules: look for DEB_BUILD_PROFILES, the new name for + DEB_BUILD_PROFILE + * Don't try to install systemd units in a stage1 build (they are + no longer installed unless libsystemd*-dev are found) (Closes: #738317) + * Mark dbus-1-doc with Build-Profiles: !stage1 + * Register a dpkg trigger on /usr/share/dbus-1/system-services and + /etc/dbus-1/system.d that calls ReloadConfig on the system dbus-daemon, + in case our inotify monitoring isn't completely reliable (see #740139) + * Clean debian/tmp-udeb in `debian/rules clean` + * Hook up the installed tests to DEP-8 metadata + * Add a simple compile/link/run test + + -- Simon McVittie <smcv@debian.org> Wed, 26 Feb 2014 13:15:14 +0000 + +dbus (1.8.0-1) unstable; urgency=low + + * New upstream stable release + - add debian/copyright stanzas for some new BSD-licensed cmake macros + + -- Simon McVittie <smcv@debian.org> Mon, 20 Jan 2014 15:05:53 +0000 + +dbus (1.7.10-2) unstable; urgency=low + + * Conditionalize libaudit and libcap-ng build-dependencies to [linux-any] + * Explicitly enable libaudit, SELinux and systemd on Linux; + do not enable them elsewhere + + -- Simon McVittie <smcv@debian.org> Tue, 07 Jan 2014 12:12:15 +0000 + +dbus (1.7.10-1) unstable; urgency=low + + * Merge from experimental into unstable + * New upstream release 1.7.10 (1.8 rc1) + * Generate debian/dbus.install from a generic part and a Linux-specific + part, since systemd metadata doesn't get installed on non-Linux any more + + -- Simon McVittie <smcv@debian.org> Mon, 06 Jan 2014 19:43:36 +0000 + +dbus (1.7.8-1) experimental; urgency=low + + [ Laurent Bigonville ] + * debian/rules: Re-add udeb_configure_flags that were lost during merge + (Closes: #727774) + + [ Simon McVittie ] + * Standards-Version: 3.9.5 (no changes needed) + * Enable libaudit support so messages that violate SELinux policy go to the + audit log (Closes: #727771) + * New upstream release + - add new dependency on libsystemd-journal-dev for linux-any + + -- Simon McVittie <smcv@debian.org> Tue, 29 Oct 2013 13:07:02 +0000 + +dbus (1.7.6-2) experimental; urgency=low + + * debian/rules: FTBFS if new symbols or libraries are added + without updating the symbols file + * debian/copyright: list copyright holders and minor licenses + (Closes: #726000) + * Merge packaging changes from unstable: + - Run `update-rc.d dbus defaults` instead of deprecated + `update-rc.d dbus start ...` (Closes: #725923) + - Add udeb packages, so the graphical installer can use AT-SPI + (Closes: #723952) + - Standards-Version: 3.9.4 (no changes needed) + + -- Simon McVittie <smcv@debian.org> Sat, 12 Oct 2013 16:30:55 +0100 + +dbus (1.7.6-1) experimental; urgency=low + + * Standards-Version: 3.9.4 (no changes needed) + * New upstream development release + - update symbols + + -- Simon McVittie <smcv@debian.org> Wed, 09 Oct 2013 16:44:43 +0100 + +dbus (1.7.4-1) experimental; urgency=low + + * New upstream development release + - CVE-2013-2168: avoid a user-triggerable crash (denial of services) + in system services that use libdbus + + -- Simon McVittie <smcv@debian.org> Wed, 12 Jun 2013 19:53:00 +0100 + +dbus (1.7.2-1) experimental; urgency=low + + * New upstream development release + * Do the debug build --with-valgrind on mipsel, too + + -- Simon McVittie <smcv@debian.org> Thu, 25 Apr 2013 13:46:10 +0100 + +dbus (1.7.0-1) experimental; urgency=low + + * Branch for experimental + * New upstream development release + * On architectures where it's currently supported, do the + debug build with --with-valgrind for better instrumentation + * debian/rules: factor out production and debug configure flags + * Add support for DEB_BUILD_OPTIONS=nodocs, which omits most documentation + (allowing doxygen and xmlto to be avoided) and the dbus-1-doc package + * Add support for DEB_BUILD_PROFILE=stage1, which does the same as nodocs + and additionally makes the debug build not insist on building all tests + * Make the development and debugging packages Multi-Arch: same, + since their arch-dependent files are all arch-segregated + (/usr/lib/TUPLE) or named according to a build-ID (/usr/lib/debug) + (Closes: #689071). This is not actually useful until pkg-config + becomes M-A: foreign (#631275). + + -- Simon McVittie <smcv@debian.org> Fri, 22 Feb 2013 15:20:10 +0000 + +dbus (1.6.18-2) unstable; urgency=medium + + * Disable valgrind integration in the debug build on armel, + since valgrind no longer supports armel (Closes: #729136) + + -- Simon McVittie <smcv@debian.org> Mon, 02 Dec 2013 10:22:39 +0000 + +dbus (1.6.18-1) unstable; urgency=low + + * Run `update-rc.d dbus defaults` instead of deprecated + `update-rc.d dbus start ...` (Closes: #725923) + * debian/rules: FTBFS if new symbols or libraries are added + without updating the symbols file + * debian/copyright: list copyright holders and minor licenses + (Closes: #726000) + * New upstream release 1.6.18 + * Standards-Version: 3.9.5 (no changes needed) + + -- Simon McVittie <smcv@debian.org> Fri, 01 Nov 2013 16:30:33 +0000 + +dbus (1.6.16-1) unstable; urgency=low + + * New upstream stable release 1.6.16 + * Backport the new dbus-run-session tool from D-Bus 1.7 + * Add udeb packages, so the graphical installer can use AT-SPI + (Closes: #723952) + * Standards-Version: 3.9.4 (no changes needed) + + -- Simon McVittie <smcv@debian.org> Tue, 08 Oct 2013 16:44:21 +0100 + +dbus (1.6.14-1) unstable; urgency=low + + * New upstream stable release 1.6.14 + - fixes an infinite busy-loop if waitpid() is interrupted by a signal + while spawning a subprocess (Closes: #721932) + + -- Simon McVittie <smcv@debian.org> Thu, 05 Sep 2013 16:42:55 +0100 + +dbus (1.6.12-1) unstable; urgency=high + + * New upstream stable release 1.6.12 + - CVE-2013-2168: avoid a user-triggerable crash (denial of services) + in system services that use libdbus + + -- Simon McVittie <smcv@debian.org> Wed, 12 Jun 2013 14:38:34 +0100 + dbus (1.6.10-1+dyson2) unstable; urgency=low * Use dh_smf; fix scripts accordingly diff --git a/debian/clean b/debian/clean index 3b6c0641..56a382f7 100644 --- a/debian/clean +++ b/debian/clean @@ -1 +1,2 @@ doc/dbus.devhelp +debian/dbus.install diff --git a/debian/control b/debian/control index 47c7a22b..da3457af 100644 --- a/debian/control +++ b/debian/control @@ -9,8 +9,9 @@ Uploaders: Sjoerd Simons <sjoerd@debian.org>, Simon McVittie <smcv@debian.org> # The following packages can be omitted for bootstrapping, but provide extra # features: -# libsystemd-daemon-dev (circular dependency) -# libsystemd-login-dev (circular dependency) +# libaudit-dev +# libcap-ng-dev +# libsystemd-dev (circular dependency) # The following packages can be omitted for bootstrapping, but provide extra # debugging support in /usr/lib/*/dbus-1.0/debug-build: # valgrind @@ -28,27 +29,30 @@ Build-Depends: automake (>= 1:1.10), dh-smf [illumos-any kopensolaris-any], doxygen, dpkg-dev (>= 1.16.1), + libaudit-dev [linux-any], + libcap-ng-dev [linux-any], libexpat-dev, libdbus-glib-1-dev, libglib2.0-dev, libbsm1-dev [illumos-any kopensolaris-any], libselinux1-dev [linux-any], - libsystemd-daemon-dev (>= 32) [linux-any], - libsystemd-login-dev (>= 32) [linux-any], + libsystemd-dev (>= 209) [linux-any], libx11-dev, python (>= 2.6), python-dbus, python-gobject, - valgrind [amd64 armel armhf i386 mips mipsel powerpc ppc64 s390x], + valgrind [amd64 armhf i386 mips mipsel powerpc ppc64 s390x], xmlto, xsltproc -Standards-Version: 3.9.3 +Standards-Version: 3.9.5 Vcs-Git: git://anonscm.debian.org/pkg-utopia/dbus.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-utopia/dbus.git Homepage: http://dbus.freedesktop.org/ +XS-Testsuite: autopkgtest Package: dbus Architecture: any +Priority: standard Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, @@ -73,6 +77,20 @@ Description: simple interprocess messaging system (daemon and utilities) The client-side library can be found in the libdbus-1-3 package, as it is no longer contained in this package. +Package: dbus-udeb +Section: debian-installer +Priority: extra +Package-Type: udeb +Architecture: any +Depends: ${shlibs:Depends}, + ${misc:Depends} +Description: simple interprocess messaging system (minimal runtime) + D-Bus is a message bus, used for sending messages between applications. + . + This package is a minimal version of the dbus and dbus-x11 packages, + for use in the Debian installer. It can run a session bus, but is not + suitable for use as a system bus. + Package: dbus-x11 Architecture: any Section: x11 @@ -116,6 +134,19 @@ Description: simple interprocess messaging system (library) . The daemon can be found in the dbus package. +Package: libdbus-1-3-udeb +Section: debian-installer +Priority: extra +Package-Type: udeb +Architecture: any +Depends: ${shlibs:Depends}, + ${misc:Depends} +Description: simple interprocess messaging system (minimal library) + D-Bus is a message bus, used for sending messages between applications. + . + This package is a minimal version of the libdbus-1-3 package, + for use in the Debian installer. + Package: dbus-1-doc Section: doc Architecture: all diff --git a/debian/copyright b/debian/copyright index 6b80b9ab..efe3d7f4 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,214 +1,431 @@ -This package was debianized by Colin Walters <walters@debian.org> on -Thu, 6 Mar 2003 18:01:37 -0500 - -It was downloaded from http://www.freedesktop.org/software/dbus - -This package is dual-licensed under the Academic Free License version 2.1, -and the GPL version 2. For a description of the GPL, see -/usr/share/common-licenses/GPL-2 on your Debian system. - -Portions of the package are only licensed under the GPL (notably -tools/dbus-cleanup-sockets.c and test/decode-gcov.c ). - -The Academic Free License follows: - -The Academic Free License -v. 2.1 - -This Academic Free License (the "License") applies to any original -work of authorship (the "Original Work") whose owner (the "Licensor") -has placed the following notice immediately following the copyright -notice for the Original Work: - -Licensed under the Academic Free License version 2.1 - -1) Grant of Copyright License. Licensor hereby grants You a -world-wide, royalty-free, non-exclusive, perpetual, sublicenseable -license to do the following: - -a) to reproduce the Original Work in copies; - -b) to prepare derivative works ("Derivative Works") based upon the Original Work; - -c) to distribute copies of the Original Work and Derivative Works to the public; - -d) to perform the Original Work publicly; and - -e) to display the Original Work publicly. - -2) Grant of Patent License. Licensor hereby grants You a world-wide, -royalty-free, non-exclusive, perpetual, sublicenseable license, under -patent claims owned or controlled by the Licensor that are embodied in -the Original Work as furnished by the Licensor, to make, use, sell and -offer for sale the Original Work and Derivative Works. - -3) Grant of Source Code License. The term "Source Code" means the -preferred form of the Original Work for making modifications to it and -all available documentation describing how to modify the Original -Work. Licensor hereby agrees to provide a machine-readable copy of the -Source Code of the Original Work along with each copy of the Original -Work that Licensor distributes. Licensor reserves the right to satisfy -this obligation by placing a machine-readable copy of the Source Code -in an information repository reasonably calculated to permit -inexpensive and convenient access by You for as long as Licensor -continues to distribute the Original Work, and by publishing the -address of that information repository in a notice immediately -following the copyright notice that applies to the Original Work. - -4) Exclusions From License Grant. Neither the names of Licensor, nor -the names of any contributors to the Original Work, nor any of their -trademarks or service marks, may be used to endorse or promote -products derived from this Original Work without express prior written -permission of the Licensor. Nothing in this License shall be deemed to -grant any rights to trademarks, copyrights, patents, trade secrets or -any other intellectual property of Licensor except as expressly stated -herein. No patent license is granted to make, use, sell or offer to -sell embodiments of any patent claims other than the licensed claims -defined in Section 2. No right is granted to the trademarks of -Licensor even if such marks are included in the Original Work. Nothing -in this License shall be interpreted to prohibit Licensor from -licensing under different terms from this License any Original Work -that Licensor otherwise would have a right to license. - -5) This section intentionally omitted. - -6) Attribution Rights. You must retain, in the Source Code of any -Derivative Works that You create, all copyright, patent or trademark -notices from the Source Code of the Original Work, as well as any -notices of licensing and any descriptive text identified therein as an -"Attribution Notice." You must cause the Source Code for any -Derivative Works that You create to carry a prominent Attribution -Notice reasonably calculated to inform recipients that You have -modified the Original Work. - -7) Warranty of Provenance and Disclaimer of Warranty. Licensor -warrants that the copyright in and to the Original Work and the patent -rights granted herein by Licensor are owned by the Licensor or are -sublicensed to You under the terms of this License with the permission -of the contributor(s) of those copyrights and patent rights. Except as -expressly stated in the immediately proceeding sentence, the Original -Work is provided under this License on an "AS IS" BASIS and WITHOUT -WARRANTY, either express or implied, including, without limitation, -the warranties of NON-INFRINGEMENT, MERCHANTABILITY or FITNESS FOR A -PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY OF THE ORIGINAL -WORK IS WITH YOU. This DISCLAIMER OF WARRANTY constitutes an essential -part of this License. No license to Original Work is granted hereunder -except under this disclaimer. - -8) Limitation of Liability. Under no circumstances and under no legal -theory, whether in tort (including negligence), contract, or -otherwise, shall the Licensor be liable to any person for any direct, -indirect, special, incidental, or consequential damages of any -character arising as a result of this License or the use of the -Original Work including, without limitation, damages for loss of -goodwill, work stoppage, computer failure or malfunction, or any and -all other commercial damages or losses. This limitation of liability -shall not apply to liability for death or personal injury resulting -from Licensor's negligence to the extent applicable law prohibits such -limitation. Some jurisdictions do not allow the exclusion or -limitation of incidental or consequential damages, so this exclusion -and limitation may not apply to You. - -9) Acceptance and Termination. If You distribute copies of the -Original Work or a Derivative Work, You must make a reasonable effort -under the circumstances to obtain the express assent of recipients to -the terms of this License. Nothing else but this License (or another -written agreement between Licensor and You) grants You permission to -create Derivative Works based upon the Original Work or to exercise -any of the rights granted in Section 1 herein, and any attempt to do -so except under the terms of this License (or another written -agreement between Licensor and You) is expressly prohibited by -U.S. copyright law, the equivalent laws of other countries, and by -international treaty. Therefore, by exercising any of the rights -granted to You in Section 1 herein, You indicate Your acceptance of -this License and all of its terms and conditions. - -10) Termination for Patent Action. This License shall terminate -automatically and You may no longer exercise any of the rights granted -to You by this License as of the date You commence an action, -including a cross-claim or counterclaim, against Licensor or any -licensee alleging that the Original Work infringes a patent. This -termination provision shall not apply for an action alleging patent -infringement by combinations of the Original Work with other software -or hardware. - -11) Jurisdiction, Venue and Governing Law. Any action or suit relating -to this License may be brought only in the courts of a jurisdiction -wherein the Licensor resides or in which Licensor conducts its primary -business, and under the laws of that jurisdiction excluding its -conflict-of-law provisions. The application of the United Nations -Convention on Contracts for the International Sale of Goods is -expressly excluded. Any use of the Original Work outside the scope of -this License or after its termination shall be subject to the -requirements and penalties of the U.S. Copyright Act, 17 U.S.C. § 101 -et seq., the equivalent laws of other countries, and international -treaty. This section shall survive the termination of this License. - -12) Attorneys Fees. In any action to enforce the terms of this License -or seeking damages relating thereto, the prevailing party shall be -entitled to recover its costs and expenses, including, without -limitation, reasonable attorneys' fees and costs incurred in -connection with such action, including any appeal of such action. This -section shall survive the termination of this License. - -13) Miscellaneous. This License represents the complete agreement -concerning the subject matter hereof. If any provision of this License -is held to be unenforceable, such provision shall be reformed only to -the extent necessary to make it enforceable. - -14) Definition of "You" in This License. "You" throughout this -License, whether in upper or lower case, means an individual or a -legal entity exercising rights under, and complying with all of the -terms of, this License. For legal entities, "You" includes any entity -that controls, is controlled by, or is under common control with -you. For purposes of this definition, "control" means (i) the power, -direct or indirect, to cause the direction or management of such -entity, whether by contract or otherwise, or (ii) ownership of fifty -percent (50%) or more of the outstanding shares, or (iii) beneficial -ownership of such entity. - -15) Right to Use. You may use the Original Work in all ways not -otherwise restricted or conditioned by this License or by law, and -Licensor promises not to interfere with or be responsible for such -uses by You. - -This license is Copyright (C) 2003-2004 Lawrence E. Rosen. All rights -reserved. Permission is hereby granted to copy and distribute this -license without modification. This license may not be modified without -the express written permission of its copyright owner. - - --- -END OF ACADEMIC FREE LICENSE. The following is intended to describe the essential -differences between the Academic Free License (AFL) version 1.0 and other -open source licenses: - -The Academic Free License is similar to the BSD, MIT, UoI/NCSA and Apache -licenses in many respects but it is intended to solve a few problems with -those licenses. - -* The AFL is written so as to make it clear what software is being -licensed (by the inclusion of a statement following the copyright notice -in the software). This way, the license functions better than a template -license. The BSD, MIT and UoI/NCSA licenses apply to unidentified software. - -* The AFL contains a complete copyright grant to the software. The BSD -and Apache licenses are vague and incomplete in that respect. - -* The AFL contains a complete patent grant to the software. The BSD, MIT, -UoI/NCSA and Apache licenses rely on an implied patent license and contain -no explicit patent grant. - -* The AFL makes it clear that no trademark rights are granted to the -licensor's trademarks. The Apache license contains such a provision, but the -BSD, MIT and UoI/NCSA licenses do not. - -* The AFL includes the warranty by the licensor that it either owns the -copyright or that it is distributing the software under a license. None of -the other licenses contain that warranty. All other warranties are disclaimed, -as is the case for the other licenses. - -* The AFL is itself copyrighted (with the right granted to copy and distribute -without modification). This ensures that the owner of the copyright to the -license will control changes. The Apache license contains a copyright notice, -but the BSD, MIT and UoI/NCSA licenses do not. +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: D-Bus +Source: http://dbus.freedesktop.org/releases/dbus/ +Comment: + The effective license of the majority of the package, including the + shared library, is "GPL-2+ or AFL-2.1". Certain utilities are + "GPL-2+" only. + +Files: * +Copyright: + © 1994 A.M. Kuchling + © 2002-2008 Red Hat, Inc + © 2002-2003 CodeFactory AB + © 2002 Michael Meeks + © 2004 Imendio HB + © 2005 Lennart Poettering + © 2005 Novell, Inc + © 2005 David A. Wheeler + © 2006-2013 Ralf Habacker + © 2006 Mandriva + © 2006 Peter Kümmel + © 2006 Christian Ehrlicher + © 2006 Thiago Macieira + © 2008 Colin Walters + © 2009 Klaralvdalens Datakonsult AB, a KDAB Group company + © 2011-2012 Nokia Corporation + © 2012-2013 Collabora Ltd. + © 2013 Intel Corporation + "modified code from libassuan, (C) FSF" +License: GPL-2+ or AFL-2.1 + +Files: + tools/dbus-cleanup-sockets.c + tools/dbus-monitor.c + tools/dbus-send.c + tools/dbus-print-message.? + tools/dbus-uuidgen.c +Copyright: + © 2002 Michael Meeks + © 2003-2006 Red Hat, Inc. + © 2003 Philip Blundell +License: GPL-2+ + +Files: + dbus/dbus-server-launchd.? + dbus/sd-daemon.? + test/corrupt.c + test/dbus-daemon-eavesdrop.c + test/dbus-daemon.c + test/internals/printf.c + test/internals/refs.c + test/internals/syslog.c + test/loopback.c + test/manual-authz.c + test/marshal.c + test/relay.c + test/syntax.c + tools/lcov.am +Copyright: + © 2007 Tanner Lovelace + © 2008-2009 Benjamin Reed + © 2008 Colin Walters + © 2009 Jonas Bähr + © 2010 Lennart Poettering + © 2008-2012 Nokia Corporation + © 2008-2012 Collabora Ltd + © 2013 Intel Corporation +License: Expat + +Files: tools/strto*ll.c +Copyright: © 1991-1993 The Regents of the University of California +License: BSD-3-clause + +Files: + cmake/modules/FindGLib2.cmake + cmake/modules/FindGObject.cmake +Copyright: + © 2008 Laurent Montel + © 2011 Raphael Kubo da Costa + © 2013 Ralf Habacker +License: BSD-3-clause-generic +Comment: + BSD-3-clause with more generic terms for the authors and copyright holders + +Files: + dbus/dbus-hash.c +Copyright: + © 1991-1993 The Regents of the University of California + © 1994 Sun Microsystems, Inc + © 2002 Red Hat, Inc. +License: GPL-2+ or AFL-2.1, and Tcl-BSDish +Comment: + The Tcl license appears to be compatible with either the GPL-2+ + or the AFL-2.1, so the effective license is "GPL-2+ or AFL-2.1". + +Files: dbus/dbus-sysdeps-util-win.c +Copyright: + © 2000 Werner Almesberger + © 2002-2005 Red Hat, Inc + © 2003 CodeFactory AB +License: GPL-2+ or AFL-2.1, and LGPL-2+ +Comment: + The presence of LGPL code in this file makes its effective license GPL-2+. + It is not used in the shared library, or on Unix platforms. + +Files: dbus/versioninfo.rc.in +Copyright: © 2005 g10 Code GmbH +License: g10-permissive + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + . + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +License: GPL-2+ + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +Comment: + On Debian systems, see /usr/share/common-licenses/GPL-2 for the full + text of the GPL version 2. + +License: Expat + Permission is hereby granted, free of charge, to any person + obtaining a copy of this software and associated documentation + files (the "Software"), to deal in the Software without + restriction, including without limitation the rights to use, copy, + modify, merge, publish, distribute, sublicense, and/or sell copies + of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT + HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, + WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + DEALINGS IN THE SOFTWARE. + +License: Tcl-BSDish + This software is copyrighted by the Regents of the University of + California, Sun Microsystems, Inc., Scriptics Corporation, and + other parties. The following terms apply to all files associated + with the software unless explicitly disclaimed in individual files. + . + The authors hereby grant permission to use, copy, modify, + distribute, and license this software and its documentation for any + purpose, provided that existing copyright notices are retained in + all copies and that this notice is included verbatim in any + distributions. No written agreement, license, or royalty fee is + required for any of the authorized uses. Modifications to this + software may be copyrighted by their authors and need not follow + the licensing terms described here, provided that the new terms are + clearly indicated on the first page of each file where they apply. + . + IN NO EVENT SHALL THE AUTHORS OR DISTRIBUTORS BE LIABLE TO ANY + PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL + DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE, ITS DOCUMENTATION, + OR ANY DERIVATIVES THEREOF, EVEN IF THE AUTHORS HAVE BEEN ADVISED + OF THE POSSIBILITY OF SUCH DAMAGE. + . + THE AUTHORS AND DISTRIBUTORS SPECIFICALLY DISCLAIM ANY WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND + NON-INFRINGEMENT. THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, + AND THE AUTHORS AND DISTRIBUTORS HAVE NO OBLIGATION TO PROVIDE + MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. + . + GOVERNMENT USE: If you are acquiring this software on behalf of the + U.S. government, the Government shall have only "Restricted Rights" + in the software and related documentation as defined in the Federal + Acquisition Regulations (FARs) in Clause 52.227.19 (c) (2). If you + are acquiring the software on behalf of the Department of Defense, + the software shall be classified as "Commercial Computer Software" + and the Government shall have only "Restricted Rights" as defined + in Clause 252.227-7013 (c) (1) of DFARs. Notwithstanding the + foregoing, the authors grant the U.S. Government and others acting + in its behalf permission to use and distribute the software in + accordance with the terms specified in this license. + +License: LGPL-2+ + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU Library General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + . + You should have received a copy of the GNU Library General Public License + along with this program; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, + Boston, MA 02110-1301, USA. +Comment: + On Debian systems, see /usr/share/common-licenses/LGPL-2 for the full + text of the LGPL version 2. + +License: BSD-3-clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 4. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + +License: BSD-3-clause-generic + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + . + 1. Redistributions of source code must retain the copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. The name of the author may not be used to endorse or promote products + derived from this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: AFL-2.1 + The Academic Free License + v. 2.1 + . + This Academic Free License (the "License") applies to any original + work of authorship (the "Original Work") whose owner (the "Licensor") + has placed the following notice immediately following the copyright + notice for the Original Work: + . + Licensed under the Academic Free License version 2.1 + . + 1) Grant of Copyright License. Licensor hereby grants You a + world-wide, royalty-free, non-exclusive, perpetual, sublicenseable + license to do the following: + . + a) to reproduce the Original Work in copies; + . + b) to prepare derivative works ("Derivative Works") based upon the + Original Work; + . + c) to distribute copies of the Original Work and Derivative Works to + the public; + . + d) to perform the Original Work publicly; and + . + e) to display the Original Work publicly. + . + 2) Grant of Patent License. Licensor hereby grants You a world-wide, + royalty-free, non-exclusive, perpetual, sublicenseable license, under + patent claims owned or controlled by the Licensor that are embodied in + the Original Work as furnished by the Licensor, to make, use, sell and + offer for sale the Original Work and Derivative Works. + . + 3) Grant of Source Code License. The term "Source Code" means the + preferred form of the Original Work for making modifications to it and + all available documentation describing how to modify the Original + Work. Licensor hereby agrees to provide a machine-readable copy of the + Source Code of the Original Work along with each copy of the Original + Work that Licensor distributes. Licensor reserves the right to satisfy + this obligation by placing a machine-readable copy of the Source Code + in an information repository reasonably calculated to permit + inexpensive and convenient access by You for as long as Licensor + continues to distribute the Original Work, and by publishing the + address of that information repository in a notice immediately + following the copyright notice that applies to the Original Work. + . + 4) Exclusions From License Grant. Neither the names of Licensor, nor + the names of any contributors to the Original Work, nor any of their + trademarks or service marks, may be used to endorse or promote + products derived from this Original Work without express prior written + permission of the Licensor. Nothing in this License shall be deemed to + grant any rights to trademarks, copyrights, patents, trade secrets or + any other intellectual property of Licensor except as expressly stated + herein. No patent license is granted to make, use, sell or offer to + sell embodiments of any patent claims other than the licensed claims + defined in Section 2. No right is granted to the trademarks of + Licensor even if such marks are included in the Original Work. Nothing + in this License shall be interpreted to prohibit Licensor from + licensing under different terms from this License any Original Work + that Licensor otherwise would have a right to license. + . + 5) This section intentionally omitted. + . + 6) Attribution Rights. You must retain, in the Source Code of any + Derivative Works that You create, all copyright, patent or trademark + notices from the Source Code of the Original Work, as well as any + notices of licensing and any descriptive text identified therein as an + "Attribution Notice." You must cause the Source Code for any + Derivative Works that You create to carry a prominent Attribution + Notice reasonably calculated to inform recipients that You have + modified the Original Work. + . + 7) Warranty of Provenance and Disclaimer of Warranty. Licensor + warrants that the copyright in and to the Original Work and the patent + rights granted herein by Licensor are owned by the Licensor or are + sublicensed to You under the terms of this License with the permission + of the contributor(s) of those copyrights and patent rights. Except as + expressly stated in the immediately proceeding sentence, the Original + Work is provided under this License on an "AS IS" BASIS and WITHOUT + WARRANTY, either express or implied, including, without limitation, + the warranties of NON-INFRINGEMENT, MERCHANTABILITY or FITNESS FOR A + PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY OF THE ORIGINAL + WORK IS WITH YOU. This DISCLAIMER OF WARRANTY constitutes an essential + part of this License. No license to Original Work is granted hereunder + except under this disclaimer. + . + 8) Limitation of Liability. Under no circumstances and under no legal + theory, whether in tort (including negligence), contract, or + otherwise, shall the Licensor be liable to any person for any direct, + indirect, special, incidental, or consequential damages of any + character arising as a result of this License or the use of the + Original Work including, without limitation, damages for loss of + goodwill, work stoppage, computer failure or malfunction, or any and + all other commercial damages or losses. This limitation of liability + shall not apply to liability for death or personal injury resulting + from Licensor's negligence to the extent applicable law prohibits such + limitation. Some jurisdictions do not allow the exclusion or + limitation of incidental or consequential damages, so this exclusion + and limitation may not apply to You. + . + 9) Acceptance and Termination. If You distribute copies of the + Original Work or a Derivative Work, You must make a reasonable effort + under the circumstances to obtain the express assent of recipients to + the terms of this License. Nothing else but this License (or another + written agreement between Licensor and You) grants You permission to + create Derivative Works based upon the Original Work or to exercise + any of the rights granted in Section 1 herein, and any attempt to do + so except under the terms of this License (or another written + agreement between Licensor and You) is expressly prohibited by + U.S. copyright law, the equivalent laws of other countries, and by + international treaty. Therefore, by exercising any of the rights + granted to You in Section 1 herein, You indicate Your acceptance of + this License and all of its terms and conditions. + . + 10) Termination for Patent Action. This License shall terminate + automatically and You may no longer exercise any of the rights granted + to You by this License as of the date You commence an action, + including a cross-claim or counterclaim, against Licensor or any + licensee alleging that the Original Work infringes a patent. This + termination provision shall not apply for an action alleging patent + infringement by combinations of the Original Work with other software + or hardware. + . + 11) Jurisdiction, Venue and Governing Law. Any action or suit relating + to this License may be brought only in the courts of a jurisdiction + wherein the Licensor resides or in which Licensor conducts its primary + business, and under the laws of that jurisdiction excluding its + conflict-of-law provisions. The application of the United Nations + Convention on Contracts for the International Sale of Goods is + expressly excluded. Any use of the Original Work outside the scope of + this License or after its termination shall be subject to the + requirements and penalties of the U.S. Copyright Act, 17 U.S.C. § 101 + et seq., the equivalent laws of other countries, and international + treaty. This section shall survive the termination of this License. + . + 12) Attorneys Fees. In any action to enforce the terms of this License + or seeking damages relating thereto, the prevailing party shall be + entitled to recover its costs and expenses, including, without + limitation, reasonable attorneys' fees and costs incurred in + connection with such action, including any appeal of such action. This + section shall survive the termination of this License. + . + 13) Miscellaneous. This License represents the complete agreement + concerning the subject matter hereof. If any provision of this License + is held to be unenforceable, such provision shall be reformed only to + the extent necessary to make it enforceable. + . + 14) Definition of "You" in This License. "You" throughout this + License, whether in upper or lower case, means an individual or a + legal entity exercising rights under, and complying with all of the + terms of, this License. For legal entities, "You" includes any entity + that controls, is controlled by, or is under common control with + you. For purposes of this definition, "control" means (i) the power, + direct or indirect, to cause the direction or management of such + entity, whether by contract or otherwise, or (ii) ownership of fifty + percent (50%) or more of the outstanding shares, or (iii) beneficial + ownership of such entity. + . + 15) Right to Use. You may use the Original Work in all ways not + otherwise restricted or conditioned by this License or by law, and + Licensor promises not to interfere with or be responsible for such + uses by You. + . + This license is Copyright (C) 2003-2004 Lawrence E. Rosen. All rights + reserved. Permission is hereby granted to copy and distribute this + license without modification. This license may not be modified without + the express written permission of its copyright owner. diff --git a/debian/dbus-udeb.dirs b/debian/dbus-udeb.dirs new file mode 100644 index 00000000..51d7f17a --- /dev/null +++ b/debian/dbus-udeb.dirs @@ -0,0 +1 @@ +/var/lib/dbus diff --git a/debian/dbus-udeb.install b/debian/dbus-udeb.install new file mode 100644 index 00000000..ff763472 --- /dev/null +++ b/debian/dbus-udeb.install @@ -0,0 +1,6 @@ +debian/tmp/etc/dbus-1/session.conf etc/dbus-1 +debian/tmp/etc/dbus-1/session.d etc/dbus-1 +debian/tmp-udeb/usr/bin/dbus-daemon usr/bin +debian/tmp-udeb/usr/bin/dbus-run-session usr/bin +debian/tmp-udeb/usr/bin/dbus-uuidgen usr/bin +debian/tmp-udeb/usr/bin/dbus-launch usr/bin diff --git a/debian/dbus-udeb.postinst b/debian/dbus-udeb.postinst new file mode 100644 index 00000000..a16950e6 --- /dev/null +++ b/debian/dbus-udeb.postinst @@ -0,0 +1,7 @@ +#!/bin/sh + +set -e + +dbus-uuidgen --ensure + +#DEBHELPER# diff --git a/debian/dbus.README.Debian b/debian/dbus.README.Debian new file mode 100644 index 00000000..60b7df4e --- /dev/null +++ b/debian/dbus.README.Debian @@ -0,0 +1,32 @@ +Adjusting limits to mitigate denial of service +============================================== + +'dbus-daemon --system' has several arbitrary limits which are a trade-off +between working correctly when not under attack, and preventing local +denial of service attacks. System administrators with particularly hostile +local users should review these limits and tune them if necessary. + +In particular, the fix for CVE-2014-3639 in dbus-1.8.8 makes it difficult +for local users to prevent connections completely, but they can still +introduce a delay which increases with larger authentication timeout +(auth_timeout) values, by opening many parallel connections from +different processes and never completing the authentication handshake. +As a result, dbus 1.8.8 also reduced the auth_timeout from 30 seconds +to 5 seconds to mitigate this delay. However, this change resulted in +boot failures on some systems because systemd could not authenticate +sufficiently quickly while the system was busy, and was reverted in 1.8.12. + +On fast systems with hostile local users, administrators can reduce this +delay by returning to the 5 second timeout (or any other value in +milliseconds), by saving this as /etc/dbus-1/system-local.conf or a file +matching /etc/dbus-1/system.d/*.conf: + + <busconfig> + <limit name="auth_timeout">5000</limit> + </busconfig> + +If applying this change, please reboot several times and check the +syslog or Journal for messages containing "Connection has not authenticated +soon enough, closing it". Seeing that message while not subject to a +denial-of-service attack indicates that the auth_timeout has been set +too short. diff --git a/debian/dbus.bug-control b/debian/dbus.bug-control new file mode 100644 index 00000000..370fc195 --- /dev/null +++ b/debian/dbus.bug-control @@ -0,0 +1 @@ +package-status: systemd systemd-sysv dbus-x11 diff --git a/debian/dbus.init b/debian/dbus.init index 9f9453a8..4f41293f 100644 --- a/debian/dbus.init +++ b/debian/dbus.init @@ -69,7 +69,7 @@ start_it_up() log_daemon_msg "Starting $DESC" "$NAME" start-stop-daemon --start --quiet --pidfile $PIDFILE \ - --user $DAEMONUSER --exec $DAEMON -- --system $PARAMS + --exec $DAEMON -- --system $PARAMS log_end_msg $? } diff --git a/debian/dbus.install b/debian/dbus.install-generic index 6c027798..327ef706 100644 --- a/debian/dbus.install +++ b/debian/dbus.install-generic @@ -1,6 +1,7 @@ debian/tmp/etc/dbus-1/ debian/tmp/usr/bin/dbus-daemon debian/tmp/usr/bin/dbus-cleanup-sockets +debian/tmp/usr/bin/dbus-run-session debian/tmp/usr/bin/dbus-send debian/tmp/usr/bin/dbus-uuidgen debian/tmp/usr/bin/dbus-monitor @@ -9,11 +10,7 @@ debian/tmp/usr/share/man/man1/dbus-daemon.1 debian/tmp/usr/share/man/man1/dbus-cleanup-sockets.1 debian/tmp/usr/share/dbus-1/services debian/tmp/usr/share/dbus-1/system-services +debian/tmp/usr/share/man/man1/dbus-run-session.1 debian/tmp/usr/share/man/man1/dbus-send.1 debian/tmp/usr/share/man/man1/dbus-uuidgen.1 debian/tmp/usr/share/man/man1/dbus-monitor.1 -debian/tmp/lib/systemd/system/dbus.service -debian/tmp/lib/systemd/system/dbus.socket -debian/tmp/lib/systemd/system/dbus.target.wants/dbus.socket -debian/tmp/lib/systemd/system/multi-user.target.wants/dbus.service -debian/tmp/lib/systemd/system/sockets.target.wants/dbus.socket diff --git a/debian/dbus.install-systemd b/debian/dbus.install-systemd new file mode 100644 index 00000000..5581de45 --- /dev/null +++ b/debian/dbus.install-systemd @@ -0,0 +1,5 @@ +debian/tmp/lib/systemd/system/dbus.service +debian/tmp/lib/systemd/system/dbus.socket +debian/tmp/lib/systemd/system/dbus.target.wants/dbus.socket +debian/tmp/lib/systemd/system/multi-user.target.wants/dbus.service +debian/tmp/lib/systemd/system/sockets.target.wants/dbus.socket diff --git a/debian/dbus.postinst b/debian/dbus.postinst index 7d16d571..64259aec 100644 --- a/debian/dbus.postinst +++ b/debian/dbus.postinst @@ -7,9 +7,23 @@ set -e MESSAGEUSER=messagebus MESSAGEHOME=/var/run/dbus LAUNCHER=/usr/lib/dbus-1.0/dbus-daemon-launch-helper - SMF_FMRI=svc:/system/dbus:default +# This is what the init script would do, but it's simpler (and less +# dependent on sysvinit vs. Upstart vs. etc.) if we do it directly. +reload_dbus_config() { + [ -S /var/run/dbus/system_bus_socket ] || return 0 + dbus-send --print-reply --system --type=method_call \ + --dest=org.freedesktop.DBus \ + / org.freedesktop.DBus.ReloadConfig > /dev/null || true +} + + +if [ "$1" = triggered ]; then + reload_dbus_config + exit 0 +fi + if [ "$1" = configure ]; then adduser --system \ --quiet \ @@ -18,9 +32,8 @@ if [ "$1" = configure ]; then --disabled-password \ --group "$MESSAGEUSER" - if ! dpkg-statoverride --list "$LAUNCHER" >/dev/null 2>&1; then - chown root:"$MESSAGEUSER" "$LAUNCHER" - chmod 4754 "$LAUNCHER" + if ! dpkg-statoverride --list "$LAUNCHER" >/dev/null; then + dpkg-statoverride --update --add root "$MESSAGEUSER" 4754 "$LAUNCHER" fi # This is idempotent, so it's OK to do every time. The system bus' init @@ -53,14 +66,8 @@ if [ "$1" = configure ] && [ -n "$2" ]; then [ -x /usr/share/update-notifier/notify-reboot-required ] && \ /usr/share/update-notifier/notify-reboot-required || true fi - - # This is what the init script would do, but it's simpler (and less - # dependent on sysvinit vs. Upstart) if we do it directly. - # If it's not running (perhaps we're in a chroot) this will just fail - # harmlessly, so there's no need to condition on status. - dbus-send --print-reply --system --type=method_call \ - --dest=org.freedesktop.DBus \ - / org.freedesktop.DBus.ReloadConfig > /dev/null || true fi +reload_dbus_config + #DEBHELPER# diff --git a/debian/dbus.postrm b/debian/dbus.postrm index 7fa3f5af..2081898b 100644 --- a/debian/dbus.postrm +++ b/debian/dbus.postrm @@ -7,6 +7,12 @@ if [ "$1" = "purge" ] ; then rm -f /var/lib/dbus/machine-id rmdir /var/lib/dbus || true + + LAUNCHER=/usr/lib/dbus-1.0/dbus-daemon-launch-helper + + if dpkg-statoverride --list "$LAUNCHER" >/dev/null 2>&1 ; then + dpkg-statoverride --remove "$LAUNCHER" + fi fi #DEBHELPER# diff --git a/debian/dbus.triggers b/debian/dbus.triggers new file mode 100644 index 00000000..d94c5cf4 --- /dev/null +++ b/debian/dbus.triggers @@ -0,0 +1,2 @@ +interest-noawait /etc/dbus-1/system.d +interest-noawait /usr/share/dbus-1/system-services diff --git a/debian/libdbus-1-3.symbols b/debian/libdbus-1-3.symbols index c628d874..28050aa5 100644 --- a/debian/libdbus-1-3.symbols +++ b/debian/libdbus-1-3.symbols @@ -198,6 +198,7 @@ libdbus-1.so.3 libdbus-1-3 #MINVER# dbus_set_error@Base 1.0.2 dbus_set_error_const@Base 1.0.2 dbus_set_error_from_message@Base 1.0.2 + dbus_setenv@Base 1.7.6 dbus_shutdown@Base 1.0.2 dbus_signature_iter_get_current_type@Base 1.0.2 dbus_signature_iter_get_element_type@Base 1.0.2 diff --git a/debian/rules b/debian/rules index fbd6b0e2..70bbd117 100755 --- a/debian/rules +++ b/debian/rules @@ -22,11 +22,22 @@ dh_options = \ common_configure_flags := \ --disable-silent-rules \ - --disable-libaudit \ --enable-installed-tests \ --libexecdir=\$${prefix}/lib/dbus-1.0 \ + $(NULL) + +ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),) +ifeq ($(DEB_HOST_ARCH_OS),linux) +# Non-bootstrap build on Linux: add Linux-specifics +with_systemd = yes +common_configure_flags += \ + --enable-libaudit \ + --enable-selinux \ + --enable-systemd \ --with-systemdsystemunitdir=/lib/systemd/system \ $(NULL) +endif +endif normal_configure_flags := \ --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \ @@ -38,11 +49,26 @@ debug_configure_flags := \ --enable-asserts \ --enable-checks \ --enable-verbose-mode \ + --with-valgrind=auto \ --prefix=/usr/lib/$(DEB_HOST_MULTIARCH)/dbus-1.0/debug-build \ --libdir='$${prefix}/lib' \ $(NULL) -ifeq ($(filter nodocs,$(DEB_BUILD_OPTIONS))$(filter stage1,$(DEB_BUILD_PROFILE)),) +udeb_configure_flags := \ + $(normal_configure_flags) \ + --disable-asserts \ + --disable-checks \ + --disable-doxygen-docs \ + --disable-libaudit \ + --disable-selinux \ + --disable-systemd \ + --disable-tests \ + --disable-verbose-mode \ + --disable-xml-docs \ + CFLAGS='$(CFLAGS) -Os' \ + $(NULL) + +ifeq ($(filter nodocs,$(DEB_BUILD_OPTIONS))$(filter stage1,$(DEB_BUILD_PROFILES)),) # documentation enabled normal_configure_flags += \ --enable-xml-docs \ @@ -58,24 +84,19 @@ normal_configure_flags += \ $(NULL) endif -ifeq ($(filter stage1,$(DEB_BUILD_PROFILE)),) +ifeq ($(filter stage1,$(DEB_BUILD_PROFILES)),) # not a stage1 build - build all the tests debug_configure_flags += \ --enable-tests \ $(NULL) endif -# libdbus doesn't have --with-valgrind=auto yet. We want to enable it -# on those architectures where it exists, while only having to modify -# debian/control when it works on more architectures. -# -# We could use --with-valgrind=auto if someone reviewed the patch on -# <https://bugs.freedesktop.org/show_bug.cgi?id=56925>. -ifeq (yes,$(shell if pkg-config --exists valgrind; then echo yes; fi)) -debug_configure_flags += --with-valgrind -endif - override_dh_auto_configure: + cp debian/dbus.install-generic debian/dbus.install + if [ -n "$(with_systemd)" ]; then \ + cat debian/dbus.install-systemd >> \ + debian/dbus.install; \ + fi dh_auto_configure \ -- \ $(common_configure_flags) \ @@ -87,18 +108,29 @@ override_dh_auto_configure: $(common_configure_flags) \ $(debug_configure_flags) \ $(NULL) + dh_auto_configure \ + --builddirectory=build-udeb \ + -- \ + $(common_configure_flags) \ + $(udeb_configure_flags) \ + $(NULL) override_dh_auto_build: dh_auto_build dh_auto_build --builddirectory=build-debug + dh_auto_build --builddirectory=build-udeb -# tests need more environmental setup at the moment +# The tests need more environmental setup at the moment: they need our +# home directory, and we can't just set HOME because the nonce-tcp +# transport uses our "official" HOME according to getpwent(), since its +# purpose is to prevent one user from impersonating another. (#630152) override_dh_auto_test: : override_dh_auto_install: dh_auto_install make -C build-debug install-exec DESTDIR=$(CURDIR)/debian/tmp + make -C build-udeb install-exec DESTDIR=$(CURDIR)/debian/tmp-udeb override_dh_link: dh_link -plibdbus-1-dev lib/$(DEB_HOST_MULTIARCH)/$$(basename $$(readlink debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libdbus-1.so)) usr/lib/$(DEB_HOST_MULTIARCH)/libdbus-1.so @@ -114,6 +146,11 @@ override_dh_install: dh_install -p$(libdbusN) \ "usr/lib/$(DEB_HOST_MULTIARCH)/$(libdbus_soname)*" \ lib/$(DEB_HOST_MULTIARCH) + dh_install -pdbus-udeb + dh_install -p$(libdbusN)-udeb \ + --sourcedir=debian/tmp-udeb \ + "usr/lib/$(DEB_HOST_MULTIARCH)/$(libdbus_soname)*" \ + lib/$(DEB_HOST_MULTIARCH) dh_install --remaining-packages --list-missing $(dh_install_options) install -m 644 -D debian/dbus-Xsession debian/dbus-x11/etc/X11/Xsession.d/75dbus_dbus-launch ifeq (illumos,$(DEB_HOST_ARCH_OS)) @@ -121,18 +158,19 @@ ifeq (illumos,$(DEB_HOST_ARCH_OS)) endif override_dh_installinit: - dh_installinit -pdbus -r -- start 12 2 3 4 5 . + dh_installinit -pdbus -r # we don't want docs for the debug symbols, just symlink to the library docs override_dh_installdocs: dh_installdocs -pdbus-1-dbg --link-doc=$(libdbusN) + dh_installdocs -pdbus-udeb -p$(libdbusN)-udeb --no-act dh_installdocs --remaining-packages --all AUTHORS NEWS README override_dh_strip: dh_strip --dbg-package=dbus-1-dbg override_dh_makeshlibs: - dh_makeshlibs -V -Ndbus-1-dbg + dh_makeshlibs -V -Ndbus-1-dbg --add-udeb=$(libdbusN)-udeb -- -c4 override_dh_autoreconf: cp INSTALL INSTALL.orig @@ -147,8 +185,13 @@ override_dh_autoreconf_clean: override_dh_auto_clean: dh_auto_clean dh_auto_clean --builddirectory=build-debug + dh_auto_clean --builddirectory=build-udeb rm -f build/test/data/valid-config-files/session.conf rm -f build/test/data/valid-config-files/system.conf rm -f build-debug/test/data/valid-config-files/session.conf rm -f build-debug/test/data/valid-config-files/system.conf rm -f dbus.devhelp + +clean: + rm -rf debian/tmp-udeb + dh $@ $(dh_options) diff --git a/debian/tests/build b/debian/tests/build new file mode 100755 index 00000000..1e27f1a1 --- /dev/null +++ b/debian/tests/build @@ -0,0 +1,36 @@ +#!/bin/sh + +set -e +exec 2>&1 +set -x + +cd "$ADTTMP" + +cat > connect.c <<EOF +#include <stdio.h> + +#include <dbus/dbus.h> + +int main (void) +{ + DBusError error; + DBusConnection *connection; + + dbus_error_init(&error); + connection = dbus_bus_get(DBUS_BUS_SESSION, &error); + + if (connection == NULL) { + fprintf(stderr, "%s: %s", error.name, error.message); + dbus_error_free(&error); + return 1; + } + + dbus_connection_unref(connection); + return 0; +} +EOF + +gcc -o connect connect.c $(pkg-config --cflags --libs dbus-1) +test -x connect +dbus-run-session -- ./connect +echo "everything seems OK" diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 00000000..0515c14b --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,5 @@ +Tests: installed-tests +Depends: dbus, libdbus-1-3, dbus-1-dbg + +Tests: build +Depends: libdbus-1-dev, dbus, build-essential diff --git a/debian/tests/installed-tests b/debian/tests/installed-tests new file mode 100755 index 00000000..9f1be3ec --- /dev/null +++ b/debian/tests/installed-tests @@ -0,0 +1,33 @@ +#!/bin/sh +# installed-tests wrapper for dbus. Outputs TAP format because why not + +set -e + +timeout="timeout 300s" +ret=0 +i=0 + +for dir in /usr/lib/*/dbus-1.0/test /usr/lib/*/dbus-1.0/debug-build/lib/dbus-1.0/test; do + for t in "$dir"/test-*; do + i=$(( $i + 1 )) + echo "# $i - $t ..." + echo "x" > "$ADTTMP/result" + ( set +e; $timeout $t; echo "$?" > "$ADTTMP/result" ) 2>&1 | sed 's/^/# /' + e="$(cat "$ADTTMP/result")" + case "$e" in + (0) + echo "ok $i - $t" + ;; + (77) + echo "ok $i # SKIP $t" + ;; + (*) + echo "not ok $i - $t ($e)" + ret=1 + ;; + esac + done +done + +echo "1..$i" +exit $ret |