| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
dbus 1.14.4 (2022-10-05)
========================
This is a security update for the dbus 1.14.x stable branch, fixing
denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying
security hardening (dbus#416).
Behaviour changes:
• On Linux, dbus-daemon and other uses of DBusServer now create a
path-based Unix socket, unix:path=..., when asked to listen on a
unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to
unix:dir=... on all platforms.
Previous versions would have created an abstract socket, unix:abstract=...,
in this situation.
This change primarily affects the well-known session bus when run via
dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring
dbus with --enable-user-session and running it on a systemd system,
already used path-based Unix sockets and is unaffected by this change.
This behaviour change prevents a sandbox escape via the session bus socket
in sandboxing frameworks that can share the network namespace with the host
system, such as Flatpak.
This change might cause a regression in situations where the abstract socket
is intentionally shared between the host system and a chroot or container,
such as some use-cases of schroot(1). That regression can be resolved by
using a bind-mount to share either the D-Bus socket, or the whole /tmp
directory, with the chroot or container.
(dbus#416, Simon McVittie)
Denial of service fixes:
Evgeny Vereshchagin discovered several ways in which an authenticated
local attacker could cause a crash (denial of service) in
dbus-daemon --system or a custom DBusServer. In uncommon configurations
these could potentially be carried out by an authenticated remote attacker.
• An invalid array of fixed-length elements where the length of the array
is not a multiple of the length of the element would cause an assertion
failure in debug builds or an out-of-bounds read in production builds.
This was a regression in version 1.3.0.
(dbus#413, CVE-2022-42011; Simon McVittie)
• A syntactically invalid type signature with incorrectly nested parentheses
and curly brackets would cause an assertion failure in debug builds.
Similar messages could potentially result in a crash or incorrect message
processing in a production build, although we are not aware of a practical
example. (dbus#418, CVE-2022-42010; Simon McVittie)
• A message in non-native endianness with out-of-band Unix file descriptors
would cause a use-after-free and possible memory corruption in production
builds, or an assertion failure in debug builds. This was a regression in
version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie)
|
|
dbus 1.14.2 (2022-09-26)
========================
Fixes:
• Fix build failure on FreeBSD (dbus!277, Alex Richardson)
• Fix build failure on macOS with launchd enabled
(dbus!287, Dawid Wróbel)
• Preserve errno on failure to open /proc/self/oom_score_adj
(dbus!285, Gentoo#834725; Mike Gilbert)
• On Linux, don't log warnings if oom_score_adj is read-only but does not
need to be changed (dbus!291, Simon McVittie)
• Slightly improve error-handling for inotify
(dbus!235, Simon McVittie)
• Don't crash if dbus-daemon is asked to watch more than 128 directories
for changes (dbus!302, Jan Tojnar)
• Autotools build system fixes:
· Don't treat --with-x or --with-x=yes as a request to disable X11,
fixing a regression in 1.13.20. Instead, require X11 libraries and
fail if they cannot be detected. (dbus!263, Lars Wendler)
· When a CMake project uses an Autotools-built libdbus in a
non-standard prefix, find dbus-arch-deps.h successfully
(dbus#314, Simon McVittie)
· Don't include generated XML catalog in source releases
(dbus!317, Jan Tojnar)
· Improve robustness of detecting gcc __sync atomic builtins
(dbus!320, Alex Richardson)
• CMake build system fixes:
· Detect endianness correctly, fixing interoperability with other D-Bus
implementations on big-endian systems (dbus#375, Ralf Habacker)
· When building for Unix, install session and system bus setup
in the intended locations
(dbus!267, dbus!297; Ralf Habacker, Alex Richardson)
· Detect setresuid() and getresuid() (dbus!319, Alex Richardson)
· Detect backtrace() on FreeBSD (dbus!281, Alex Richardson)
· Don't include headers from parent directory (dbus!282, Alex Richardson)
· Distinguish between host and target TMPDIR when cross-compiling
(dbus!279, Alex Richardson)
· Fix detection of atomic operations (dbus!306, Alex Richardson)
Tests and CI enhancements:
• On Unix, skip tests that switch uid if run in a container that is
unable to do so, instead of failing (dbus#407, Simon McVittie)
• Use the latest MSYS2 packages for CI
(Ralf Habacker, Simon McVittie)
|
|
Bump PKGREVISION as this was a configure test that was failing. The build
would succeed, but the resulting binaries would just break at runtime with
a "you do not have socketpair support" error. Thanks for that, dbus.
|
|
|
|
To fix interaction between dbus and xfce4.
Debugging by martin@
Bump PKGREVISION.
|
|
|
|
1.14.x is a new stable branch, superseding 1.12.x.
Summary of major changes between 1.12.x and 1.14.0
--------------------------------------------------
Dependencies:
• On Unix platforms, if getpwnam_r() and getgrnam_r() are implemented,
they must be POSIX-conformant. The non-POSIX signature seen in ancient
Solaris versions will no longer work.
...
Deprecations:
• Third-party software should install default dbus policies for the system
bus into ${datadir}/dbus-1/system.d (this has been supported since dbus
1.10, released in August 2015). Installing default dbus policies in
${sysconfdir}/dbus-1/system.d is now considered to be deprecated. Policy
files in ${sysconfdir}/dbus-1/system.d continue to be read, but this
directory should only be used by system administrators wishing to
override the default policies.
The ${datadir} applicable to dbus is usually /usr/share and the
${sysconfdir} is usually /etc.
• A similar pattern applies to the session bus policies in session.d.
• The dbus-send(1) man page now documents --bus and --peer instead of
the old --address synonym for --peer, which has been deprecated since
the introduction of --bus and --peer in 1.7.6
• The dbus-daemon man page now has scarier warnings about
<allow_anonymous/> and non-local TCP, which are insecure and should
not be used, particularly for the standard system and session buses
• DBusServer (and hence the dbus-daemon) no longer accepts usernames
(login names) for the recommended EXTERNAL authentication mechanism,
only numeric user IDs or the empty string. See 1.13.0 release notes
for full details.
New features:
• On Linux 4.13 or later when built against a suitable glibc version,
GetConnectionCredentials() now includes UnixGroupIDs, the effective
group IDs of the initiator of the connection, taken from
SO_PEERGROUPS.
• On Linux 4.13 or later, <policy group="…"> now uses the SO_PEERGROUPS
credentials-passing socket option to get the effective group IDs
of the initiator of the connection. See 1.13.4 release notes for details.
• Add a --sender option to dbus-send, which requests a name and holds it
until the signal has been sent
• dbus-daemon <allow> and <deny> rules can now specify a
send_destination_prefix attribute, which is like a combination of
send_destination and the arg0namespace keyword in match rules.
See 1.13.12 release notes for more details
• The dbus-daemon now filters the messages that it relays, removing
header fields that it does not understand. Clients must not rely on
this behaviour unless they have confirmed that they are connected to
a suitable message bus implementation, for example by querying its
Features property.
• The dbus-daemon now emits a signal, ActivatableServicesChanged, when
the list of activatable services may have changed. Support for this
signal can be discovered by querying the Features property.
• It is now possible to disable traditional (non-systemd) service
activation at build-time (Autotools: --disable-traditional-activation,
CMake: -DENABLE_TRADITIONAL_ACTIVATION=OFF). See 1.13.10 release notes
for details.
• The API reference manual can be built as a Qt compiled help file if
qhelpgenerator(-qt5) is available. See 1.13.16 release notes for details.
Miscellaneous behaviour changes:
• When using the "user bus" (--enable-user-session), put the dbus-daemon
in the session slice
• Several environment variables set by systemd are no longer passed
on to activated services
• If the dbus-daemon is compiled for Linux with systemd support, it
now informs systemd that it is ready for use via the sd_notify()
mechanism
|
|
|
|
Only remove -fPIE and -pie when PKGSRC_MKPIE is no.
The buildlink transforms make the tools become non-pie.
This causes the PIE checks to fail.
|
|
This takes advantage of the introduction of the SYSCONFBASE variable.
Tested on NetBSD/amd64.
Bumps PKGREVISION.
|
|
All checksums have been double-checked against existing RMD160 and
SHA512 hashes
|
|
|
|
|
|
|
|
This path is what other code, notably glib2, expects.
While here, remove a compatibility patch for NetBSD 5/6.
Bump PKGREVISION.
|
|
|
|
|
|
dbus 1.12.20 (2020-07-02)
=========================
The “temporary nemesis” release.
Maybe security fixes:
• On Unix, avoid a use-after-free if two usernames have the same
numeric uid. In older versions this could lead to a crash (denial of
service) or other undefined behaviour, possibly including incorrect
authorization decisions if <policy group=...> is used.
Like Unix filesystems, D-Bus' model of identity cannot distinguish
between users of different names with the same numeric uid, so this
configuration is not advisable on systems where D-Bus will be used.
Thanks to Daniel Onaca.
(dbus#305, dbus!166; Simon McVittie)
Other fixes:
• On Solaris and its derivatives, if a cmsg header is truncated, ensure
that we do not overrun the buffer used for fd-passing, even if the
kernel tells us to.
(dbus#304, dbus!165; Andy Fiddaman)
|
|
dbus 1.12.18 (2020-06-02)
=========================
The “telepathic vines” release.
Denial of service fixes:
• CVE-2020-12049: If a message contains more file descriptors than can
be sent, close those that did get through before reporting error.
Previously, a local attacker could cause the system dbus-daemon (or
another system service with its own DBusServer) to run out of file
descriptors, by repeatedly connecting to the server and sending fds that
would get leaked.
Thanks to Kevin Backhouse of GitHub Security Lab.
(dbus#294, GHSL-2020-057; Simon McVittie)
Other fixes:
• Fix a crash when the dbus-daemon is terminated while one or more
monitors are active (dbus#291, dbus!140; Simon McVittie)
• The dbus-send(1) man page now documents --bus and --peer instead of
the old --address synonym for --peer, which has been deprecated since
the introduction of --bus and --peer in 1.7.6
(fd.o #48816, dbus!115; Chris Morin)
• Fix a wrong environment variable name in dbus-daemon(1)
(dbus#275, dbus!122; Mubin, Philip Withnall)
• Fix formatting of dbus_message_append_args example
(dbus!126, Felipe Franciosi)
• Avoid a test failure on Linux when built in a container as uid 0, but
without the necessary privileges to increase resource limits
(dbus!58, Debian #908092; Simon McVittie)
• When building with CMake, cope with libX11 in a non-standard location
(dbus!129, Tuomo Rinne)
|
|
pkglint --only "https instead of http" -r -F
With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.
This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.
|
|
pkglint -Wall -F --only aligned --only indent -r
Manually excluded consolekit and dc-tools since pkglint didn't get the
formatting correct.
|
|
dbus 1.12.16 (2019-06-11)
=========================
The “tree cat” release.
Security fixes:
• CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
authentication for identities that differ from the user running the
DBusServer. Previously, a local attacker could manipulate symbolic
links in their own home directory to bypass authentication and connect
to a DBusServer with elevated privileges. The standard system and
session dbus-daemons in their default configuration were immune to this
attack because they did not allow DBUS_COOKIE_SHA1, but third-party
users of DBusServer such as Upstart could be vulnerable.
Thanks to Joe Vennix of Apple Information Security.
(dbus#269, Simon McVittie)
|
|
dbus 1.12.14 (2019-05-17)
=========================
The “reclaimed floorboards” release.
Enhancements:
• Raise soft fd limit to match hard limit, even if unprivileged.
This makes session buses with many clients, or with clients that make
heavy use of fd-passing, less likely to suffer from fd exhaustion.
(dbus!103, Simon McVittie)
Fixes:
• If a privileged dbus-daemon has a hard fd limit greater than 64K, don't
reduce it to 64K, ensuring that we can put back the original fd limits
when carrying out traditional (non-systemd) activation. This fixes a
regression with systemd >= 240 in which system services inherited
dbus-daemon's hard and soft limit of 64K fds, instead of the intended
soft limit of 1K and hard limit of 512K or 1M.
(dbus!103, Debian#928877; Simon McVittie)
• Fix build failures caused by an AX_CODE_COVERAGE API change in newer
autoconf-archive versions (dbus#249, dbus!88; Simon McVittie)
• Fix build failures with newer autoconf-archive versions that include
AX_-prefixed shell variable names (dbus#249, dbus!86; Simon McVittie)
• Parse section/group names in .service files according to the syntax
from the Desktop Entry Specification, rejecting control characters
and non-ASCII in section/group names (dbus#208, David King)
• Fix various -Wlogical-op issues that cause build failure with newer
gcc versions (dbus#225, dbus!109; David King)
• Don't assume we can set permissions on a directory, for the benefit of
MSYS and Cygwin builds (dbus#216, dbus!110; Simon McVittie)
• Don't overwrite PKG_CONFIG_PATH and related environment variables when
the pkg-config-based version of DBus1Config is used in a CMake project
(dbus#267, dbus!96; Clemens Lang)
|
|
dbus 1.12.12 (2018-12-04)
=========================
The “draconic disciple” release.
dbus version control is now hosted on freedesktop.org's Gitlab
installation, and bug reports and feature requests have switched from
Bugzilla bugs (indicated by "fd.o #nnn") to Gitlab issues ("dbus#nnn")
and merge requests ("dbus!nnn").
Enhancements:
• Reference the freedesktop.org Code of Conduct (Simon McVittie)
Fixes:
• Stop the dbus-daemon leaking memory (an error message) if delivering
the message that triggered auto-activation is forbidden. This is
technically a denial of service because the dbus-daemon will
run out of memory eventually, but it's a very slow and noisy one,
because all the rejected messages are also very likely to have
been logged to the system log, and its scope is typically limited by
the finite number of activatable services available.
(dbus#234, Simon McVittie)
• Remove __attribute__((__malloc__)) attribute on dbus_realloc(),
which does not meet the criteria for that attribute in gcc 4.7+,
potentially leading to miscompilation (fd.o #107741, Simon McVittie)
• Fix some small O(1) memory leaks (fd.o #107320, Simon McVittie)
• Fix printf formats for pointer-sized integers on 64-bit Windows
(fd.o #105662, Ralf Habacker)
• Always use select()-based poll() emulation on Darwin-based OSs
(macOS, etc.) and on Interix, similar to what libcurl does
(dbus#232, dbus!19; Simon McVittie)
• Extend a test timeout to avoid spurious failures in CI
(dbus!26, Simon McVittie)
Tests and CI:
• Add Travis-CI builds for 64-bit Windows using mingw-w64
(fd.o #105662, Ralf Habacker)
• Add Gitlab-CI integration (fd.o #108177, Simon McVittie)
|
|
Fix pkglint warnings while here.
dbus 1.12.10 (2018-08-02)
=========================
The “beam deflection” release.
Fixes:
• Prevent reading up to 3 bytes beyond the end of a truncated message.
This could in principle be an information leak or denial of service
on the system bus, but is not believed to be exploitable to crash
the system bus or leak interesting information in practice.
(fd.o #107332, Simon McVittie)
• Fix build with gcc 8 -Werror=cast-function-type
(fd.o #107349, Simon McVittie)
• Fix warning from gcc 8 about suspicious use of strncpy() when
populating struct sockaddr_un (fd.o #107350, Simon McVittie)
• Fix a minor memory leak when a DBusServer listens on a new address
(fd.o #107194, Simon McVittie)
• Fix an invalid NULL argument to rmdir() if a nonce-tcp DBusServer
runs out of memory (fd.o #107194, Simon McVittie)
• Don't use misleading errno-derived error names if getaddrinfo() or
getnameinfo() fails with a code other than EAI_SYSTEM
(fd.o #106395, Simon McVittie)
• Skip tests that require working TCP if we are in a container environment
where 127.0.0.1 cannot be resolved (fd.o #106812, Simon McVittie)
|
|
dbus 1.12.8 (2018-04-30)
========================
The “golden super-velociraptor” release.
Enhancements:
• The Devhelp documentation index is now in version 2 format
(fd.o #106186, Simon McVittie)
• Give the dbus-daemon man page some scarier warnings about
<allow_anonymous/> and non-local TCP, which are insecure and should
not be used, particularly for the standard system and session buses
(fd.o #106004, Simon McVittie)
Fixes:
• Fix installation of Ducktype documentation with newer yelp-build
versions (fd.o #106171, Simon McVittie)
|
|
dbus 1.12.6 (2018-03-01)
========================
The “just the one swan, actually” release.
Fixes:
• Increase system dbus-daemon's RLIMIT_NOFILE rlimit before it drops
privileges, because it won't have permission afterwards. This fixes a
regression in dbus 1.10.18 and 1.11.0 which made the standard system bus
more susceptible to deliberate or accidental denial of service.
(fd.o #105165, David King)
|
|
dbus 1.12.4 (2018-02-08)
========================
The “Stria Campania 115” release.
Fixes:
• When iterating the DBusConnection while blocking on a pending call,
don't wait for I/O if that pending call already has a result; and make
sure that whether it has a result is propagated in a thread-safe way.
This prevents certain multi-threaded calling patterns from blocking
until their timeout even when they should have succeeded sooner.
(fd.o #102839; Manish Narang, Michael Searle)
• Report the correct error if OOM is reached while trying to listen
on a TCP socket (fd.o #89104, Simon McVittie)
• Fix assertion failures in recovery from OOM while setting up a
DBusServer (fd.o #89104, Simon McVittie)
• Add a missing space to a warning message (fd.o #103729, Thomas Zajic)
• Expand ${bindir} correctly when pkg-config is asked for dbus_daemondir
(fd.o #104265, Benedikt Heine)
• On Linux systems with systemd < 237, if ${localstatedir}/dbus doesn't
exist, create it before trying to create ${localstatedir}/dbus/machine-id
(fd.o #104577, Chris Lesiak)
• Fix escaping in dbus-api-design document (fd.o #104925, Philip Withnall)
|
|
The actual fix as been done by "pkglint -F */*/buildlink3.mk", and was
reviewed manually.
There are some .include lines that still are indented with zero spaces
although the surrounding .if is indented. This is existing practice.
|
|
dbus 1.12.2 (2017-11-13)
========================
The “spider pumpkin” release.
Enhancements:
• Log a warning if a new connection cannot be accepted due to an
out-of-memory condition or failure to identify its AppArmor or
SELinux context (fd.o #103592, Simon McVittie)
Fixes:
• Make use of $(MKDIR_P) compatible with install-sh, fixing build when a
GNU-compatible `mkdir -p` is not available (fd.o #103521, ilovezfs)
• When building for Windows with Autotools, avoid `echo -e`, fixing
cross-compilation on non-GNU platforms like macOS
(fd.o #103493, Tony Theodore)
• Fix crashes in the server side of the nonce-tcp: transport under
various error conditions. This transport should normally only be used
on Windows, where AF_UNIX sockets are unavailable; the unix: transport
is the only one recommended for production use on Unix platforms.
(fd.o #103597, Simon McVittie)
Internal changes:
• Improve test coverage on Travis-CI (Simon McVittie)
dbus 1.12.0 (2017-10-30)
========================
The “gingerbread skull” release.
1.12.x is a new stable branch, recommended for use in OS
distributions.
Summary of major changes between 1.10.x and 1.12.0
--------------------------------------------------
Dependencies:
• Expat >= 2.1.0 is required.
• GLib >= 2.40 is required if full test coverage is enabled.
• [Linux] libselinux >= 2.0.86 is required if SELinux support is
enabled.
• [Unix] dbus now requires an <inttypes.h> that defines C99 constants
such as PRId64 and PRIu64, except when building for Windows.
• [Autotools] Building from git (but not from tarballs) with Autotools
now requires macros from the GNU Autoconf Archive.
• [CMake] Builds done using CMake now require CMake 3.0.2.
Build-time configuration changes:
• Expat is now found using pkg-config. See the release notes for
1.11.14.
• The --disable-compiler-optimisations and --enable-compiler-coverage
options no longer exist. See the release notes for 1.11.4 and 1.11.8.
• [Unix] The --enable-abstract-sockets and --disable-abstract-sockets
options no longer exist. See the release notes for 1.11.20.
• [Unix] Flag files in /var/run/console/${username} are no longer
checked for at_console by default. See the release notes for 1.11.18.
• [Unix, Cygwin] Init scripts are no longer provided by upstream dbus,
and packagers will now need to add these downstream (most already do).
See the release notes for 1.11.18.
• [Unix] The process ID file no longer has a different default location
on Red Hat derivatives. See the release notes for 1.11.18.
• [Unix] ${runstatedir} is now independent of ${localstatedir} with
recent Autotools versions. See the release notes for 1.11.16.
• [Windows] The WINDRES variable is no longer used. See the release
notes for 1.11.22.
Deprecations:
• Eavesdropping is officially deprecated in favour of BecomeMonitor.
See the release notes for spec version 0.31 (in dbus 1.11.14).
• [Unix] Flag files in /var/run/console/${username} are deprecated.
See the release notes for 1.11.18.
New APIs:
• <allow> and <deny> rules in dbus-daemon configuration can now
include send_broadcast="true", send_broadcast="false",
max_unix_fds="N", min_unix_fds="N" (for some integer N).
See the release notes for 1.11.18.
• dbus_try_get_local_machine_id() is like
dbus_get_local_machine_id(), but returns a DBusError.
• New APIs around DBusMessageIter to simplify cleanup.
See the release notes for 1.11.16.
• The message bus daemon now implements the standard Introspectable,
Peer and Properties interfaces. See the release notes for
dbus 1.11.14 and spec version 0.31.
• DTDs for introspection XML and bus configuration are installed.
• dbus can be compiled to be relocatable, making it more suitable for
binary bundling with other software. On Windows, this is on by
default.
• [Unix] A new unix:dir=… address family resembles unix:tmpdir=… but
never uses Linux abstract sockets, which is advantageous for
containers. On non-Linux it is equivalent to unix:tmpdir=….
See the release notes for dbus 1.11.14 and spec version 0.31.
• [Unix] New option "dbus-launch --exit-with-x11".
• [Unix] Session managers can create transient .service files in
$XDG_RUNTIME_DIR/dbus-1/services. See the release notes for 1.11.12.
• [Unix] A sysusers.d snippet can create the messagebus user on-demand.
Miscellaneous behaviour changes:
• [Unix] The session bus now logs to syslog if it was started by
dbus-launch.
• [Unix] Internal warnings are logged to syslog if configured.
• [Unix] Exceeding an anti-DoS limit is logged to syslog if configured,
or to stderr.
|
|
D-Bus 1.10.24 (2017-09-25)
==
The “pirate wizard” release.
Fixes:
• When parsing dbus-daemon configuration, tell Expat not to use
cryptographic-quality entropy as a salt for its hash tables: we trust
the configuration files, so we are not concerned about algorithmic
complexity attacks via hash table collisions. This prevents
dbus-daemon --system from holding up the boot process (and causing
early-boot system services like systemd, logind, networkd to time
out) on entropy-starved embedded systems.
(fd.o #101858, Simon McVittie)
• Increase listen() backlog of AF_UNIX sockets to the maximum possible,
minimizing failed connections under heavy load
(fd.o #95264, Lennart Poettering) (backported from 1.11.4)
• Avoid a -Werror=declaration-after-statement build failure on Solaris
(fd.o #102145, Alan Coopersmith)
• When using the Monitoring interface, match messages' destinations
(fd.o #92074, Simon McVittie) (backported from 1.11.0)
|
|
D-Bus 1.10.22 (2017-07-27)
==
The “roof terrace” release.
Fixes:
• dbus_message_iter_append_basic() no longer leaks memory if it fails to
append a file descriptor to a message. (fd.o #101568, Simon McVittie)
• dbus_message_iter_open_container() no longer leaks memory if it runs out
of memory. (fd.o #101568, Simon McVittie)
• dbus_message_append_args_valist() no longer leaks memory if given an
unsupported type. This situation is still considered to be a programming
error which needs to be corrected by the user of libdbus.
(fd.o #101568, Simon McVittie)
• Wrap test-pending-call-disconnected with dbus-run-session so that it can
pass in environments that are not already running a D-Bus session bus,
fixing a build-time test regression in 1.10.20
(fd.o #101698, Simon McVittie)
• Ensure that tests fail if they would otherwise have tried to connect to
the real session bus (fd.o #101698, Simon McVittie)
• Make build-time tests cope with finding Python 3, but not Python 2
(fd.o #101716, Simon McVittie)
|
|
D-Bus 1.10.20 (2017-06-29)
==
The “suggesting a delivery gone horribly wrong” release.
Fixes:
• Fix a reference leak when blocking on a pending call on a connection
that has been disconnected (fd.o #101481, Shin-ichi MORITA)
• Don't put timestamps in the Doxygen-generated documentation, for
closer-to-reproducible builds (fd.o #100692, Simon McVittie)
• Avoid an assertion failure when connecting to a semicolon-separated
series of addresses, one of which fails (fd.o #101257, Simon McVittie)
Documentation:
• Update git URIs in HACKING document to sync up with cgit.freedesktop.org
(fd.o #100715, Simon McVittie)
|
|
|
|
|
|
D-Bus 1.10.18 (2017-04-05)
==
The “can't handle a self-referential paradox” release.
Fixes:
• Re-order dbus-daemon startup so that on SELinux systems, the thread
that reads AVC notifications retains the ability to write to the
audit log (fd.o #92832, Debian #857660; Laurent Bigonville)
• Fix a harmless read overflow and some memory leaks in a unit test
(fd.o #100568, Philip Withnall)
|
|
Noted by Dennis Lindroos in 52071.
Only affected builds with 'x11' option turned off (non-default).
|
|
work.
|
|
D-Bus 1.10.16 (2017-02-16)
==
The “super digging powers” release.
The fixes in this release are arguably security fixes, but if they
affect you, please take this opportunity to rethink how you are
configuring dbus.
Enhancements:
• Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian
stable and Debian testing in addition to the older Ubuntu that is
the default (fd.o #98889, Simon McVittie)
Fixes:
• Prevent symlink attacks in the nonce-tcp transport on Unix that could
allow an attacker to overwrite a file named "nonce", in a directory
that the user running dbus-daemon can write, with a random value
known only to the user running dbus-daemon. This is unlikely to be
exploitable in practice, particularly since the nonce-tcp transport
is really only useful on Windows.
On Unix systems we strongly recommend using only the unix: and systemd:
transports, together with EXTERNAL authentication. These are the only
transports and authentication mechanisms enabled by default,
(fd.o #99828, Simon McVittie)
• Avoid symlink attacks in the "embedded tests", which are not enabled
by default and should never be enabled in production builds of dbus.
(fd.o #99828, Simon McVittie)
|
|
D-Bus 1.10.14 (2016-11-28)
==
The “Well, other bands know more than three chords” release.
Fixes:
• Work around an undesired effect of the fix for CVE-2014-3637
(fd.o #80559), in which processes that frequently send fds, such as
logind during a flood of new PAM sessions, can get disconnected for
continuously having at least one fd "in flight" for too long;
dbus-daemon interprets that as a potential denial of service attack.
The workaround is to disable that check for uid 0 process such as
logind, with a message in the system log. The bug remains open while
we look for a more general solution.
(fd.o #95263, LP#1591411; Simon McVittie)
• Don't run the test test-dbus-launch-x11.sh if X11 autolaunching
was disabled at compile time. That test is not expected to work
in that configuration. (fd.o #98665, Simon McVittie)
|
|
correctly handled by OWN_DIRS. Bump PKGREVISION.
|
|
D-Bus 1.10.12 (2016-10-10)
==
The “not excessively inhospitable” release.
Security fixes:
• Do not treat ActivationFailure message received from root-owned systemd
name as a format string. In principle this is a security vulnerability,
but we do not believe it is exploitable in practice, because only
privileged processes can own the org.freedesktop.systemd1 bus name, and
systemd does not appear to send activation failures that contain "%".
Please note that this probably *was* exploitable in dbus versions
older than 1.6.30, 1.8.16 and 1.9.10 due to a missing check which at
the time was only thought to be a denial of service vulnerability
(CVE-2015-0245). If you are still running one of those versions,
patch or upgrade immediately.
(fd.o #98157, Simon McVittie)
Other fixes:
• Harden dbus-daemon against malicious or incorrect ActivationFailure
messages by rejecting them if they do not come from a privileged
process, or if systemd activation is not enabled
(fd.o #98157, Simon McVittie)
• Avoid undefined behaviour when setting reply serial number without going
via union DBusBasicValue (fd.o #98035, Marc Mutz)
• autogen.sh: fail cleanly if autoconf fails (Simon McVittie)
|
|
D-Bus 1.10.10 (2016-08-15)
==
The “tungsten door” release.
Fixes:
• On Linux, when dbus-daemon is run with reduced susceptibility to the
OOM killer (typically via systemd), do not let child processes inherit
that setting (fd.o #32851; Kimmo Hämäläinen, WaLyong Cho)
• Output valid shell syntax in ~/.dbus/session-bus/ if the bus address
contains a semicolon (fd.o #94746, Thiago Macieira)
• Fix memory leaks and thread safety in subprocess starting on Windows
(fd.o #95191, Ralf Habacker)
• Do not require systemd to have a service file if using it for activation
(fd.o #93194; Simon McVittie; backport from 1.11.0)
• Stop test-dbus-daemon incorrectly failing on platforms that cannot
discover the process ID of clients (fd.o #96653, Руслан Ижбулатов)
• In tests that exercise correct handling of crashing D-Bus services,
suppress Windows crash handler (fd.o #95155; Yiyang Fei, Ralf Habacker)
• Explicitly check for stdint.h (Ioan-Adrian Ratiu)
• update-activation-environment: produce better diagnostics on error
(fd.o #96653, Simon McVittie)
• Don't fail the build with an unused const variable warning under gcc 6
(fd.o #97282; Thomas Zimmermann, Simon McVittie)
• Merge dbus-1.10-ci branch, containing backports from 1.11.0 in build/test
code to support continuous integration (fd.o #93194, Simon McVittie)
· Avoid -Wunused-label when compiling with libselinux but no libaudit
· In development builds, allow OOM tests to be disabled as documented
· Accept and ignore the --tap argument in all "embedded tests", and run
all automated tests with that argument for better diagnostics
· Fix the systemd activation test under CMake by installing the required
files
· In Automake, fix shell syntax for installcheck-local with no DESTDIR
· In Automake, don't try to run manual tests in installcheck
· In CMake, don't run manual-tcp test as an automated test
· Add travis-ci.org build machinery
|
|
|
|
original manifest.xml file and the output from "svccfg export".
|
|
|
|
|
|
|
|
g/c CONFIGURE_ARGS_GROUPS (Unused since PR pkg/50075 point 13) )
D-Bus 1.10.8 (2016-03-07)
==
The "digestive biscuits" release.
Fixes:
* Enable "large file support" on systems where it exists: dbus-daemon
is not expected to open large files, but it might need to stat files
that happen to have large inode numbers (fd.o #93545, Hongxu Jia)
* Eliminate padding inside DBusMessageIter on 64-bit platforms,
which might result in a pedantic C compiler not copying the entire contents
of a DBusMessageIter; statically assert that this is not an ABI change
in practice (fd.o #94136, Simon McVittie)
* Document dbus-test-tool echo --sleep-ms=N instead of incorrect --sleep=N
(fd.o #94244, Dmitri Iouchtchenko)
* Correctly report test failures in C tests from run-test.sh
(fd.o #93379; amit tewari, Simon McVittie)
* When tests are enabled, run all the marshal-validate tests, not just
the even-numbered ones (fd.o #93908, Nick Lewycky)
* Correct the expected error from one marshal-validate test, which was
previously not run due to the above bug (fd.o #93908, Simon McVittie)
|
|
|
