Author: Ubuntu Git Importer
Author Date: 2020-06-03 09:43:04 UTC

DSC file for 1.12.18-1

Author: Simon McVittie
Author Date: 2020-06-02 18:48:04 UTC

1.12.18-1 (patches unapplied)

Imported using git-ubuntu import.

Author: Simon McVittie
Author Date: 2020-06-02 15:52:02 UTC

1.13.16-1 (patches unapplied)

Imported using git-ubuntu import.

Author: Simon McVittie
Author Date: 2020-04-21 15:39:49 UTC

Import patches-applied version 1.13.14-1 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: b6628d192a439bb0c213ff58a8aee6d74a952549
Unapplied parent: 2281aa46228702b08c264eb73c4fe29f89f60811

New changelog entries:
  [ Simon McVittie ]
  * New upstream development release
    - Drop patches that were applied upstream
    - d/copyright: Update
  * Move to debhelper compat level 13
    - Don't restart systemd units on upgrade.
      Previously, this was handled by the dh_installinit override.
    - Add ${misc:Pre-Depends} to all binary packages.
      This is required for dbus for dh_installsystemd under dh compat
      level 12, and is harmless for the others.
    - Stop overriding HOME, which is now done by default.
  * dbus: Remove an unused Lintian override.
    Lintian used to warn twice for the statically-enabled dbus.service unit,
    but now only warns once.
  * dbus-tests: Silence package-contains-documentation-outside-usr-share-doc
    Lintian tag.
    The tests contain some READMEs that describe what is in their directory.
  * d/tests: Remove support for ancient autopkgtest versions.
    AUTOPKGTEST_TMP is now required to be set, and we do not fall back
    to the deprecated ADTTMP.
  * Introduce noinsttest build profile.
    This disables dbus-tests, and when combined with nocheck it disables
    the circular GLib dependency.
  * Remove non-standard pkg.dbus.minimal build profile.
    It was not a "safe" build profile (it altered the contents of binary
    packages, notably dropping LSM and systemd support, which could result
    in dependent packages being broken), and the combination of nocheck,
    nodoc and noinsttest achieves most of the same build-dependency
    reductions.
  * Explicitly build-depend on pkg-config.
    Previously, this was pulled in by libglib2.0-dev. (Closes: #945201)
  * d/upstream/metadata: Distinguish between Bug-Submit and Bug-Database
  * Change system bus socket to /run/dbus/system_bus_socket.
    The interoperable cross-distro path is /var/run/dbus/system_bus_socket,
    so this remains the upstream default for the benefit of distributions
    where /var/run and /run are (problematically) not guaranteed to be
    equivalent. However, Debian Policy since at least v4.1.5 guarantees
    that /var/run is a symlink to /run, and this has been implemented
    for several stable releases (since at least initscripts 2.88dsf-29
    in 2012, in the sysvinit case), so it is harmless to prefer the
    path in /run, which has advantages in a few corner cases (ability
    to unmount /var is the main one) and avoids warnings from systemd.
    (Closes: #783321, #857678, #932105, #958289)
  * Standards-Version: 4.5.0
    - Note that the user for `dbus-daemon --system` is still named
      'messagebus' for historical reasons. If it was added today,
      we'd call it _dbus as per Policy §9.2.1, but this is not the right
      package to be experimenting with renaming system users.
  * d/dbus-udeb.postinst: Remove #DEBHELPER# token.
    debhelper doesn't actually substitute this in udebs, making it just
    an ordinary comment.
  [ Debian Janitor ]
  * d/changelog: Remove trailing whitespace.
  * Use secure URI in Homepage field.
  * Re-export upstream signing key without extra signatures.
  * Set upstream metadata fields: Bug-Submit (from ./configure),
    Repository, Repository-Browse.

Author: Ubuntu Git Importer
Author Date: 2019-12-07 05:51:18 UTC

DSC file for 1.12.16-2ubuntu2

Author: Steve Langasek
Author Date: 2019-12-07 05:22:40 UTC

Import patches-unapplied version 1.12.16-2ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: 446f1eb130109a2f352e22688fb1d15b805148d8

New changelog entries:
  * Make autopkgtests cross-test-friendly.

Author: Steve Langasek
Author Date: 2019-12-07 05:22:40 UTC

Import patches-unapplied version 1.12.16-2ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: 446f1eb130109a2f352e22688fb1d15b805148d8

New changelog entries:
  * Make autopkgtests cross-test-friendly.

Author: Steve Langasek
Author Date: 2019-12-07 05:22:40 UTC

Import patches-unapplied version 1.12.16-2ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: 446f1eb130109a2f352e22688fb1d15b805148d8

New changelog entries:
  * Make autopkgtests cross-test-friendly.

Author: Steve Langasek
Author Date: 2019-12-07 05:22:40 UTC

Import patches-unapplied version 1.12.16-2ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: 446f1eb130109a2f352e22688fb1d15b805148d8

New changelog entries:
  * Make autopkgtests cross-test-friendly.

Author: Steve Langasek
Author Date: 2019-12-07 05:22:40 UTC

Import patches-unapplied version 1.12.16-2ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: 446f1eb130109a2f352e22688fb1d15b805148d8

New changelog entries:
  * Make autopkgtests cross-test-friendly.

Author: Steve Langasek
Author Date: 2019-12-07 05:22:40 UTC

Import patches-unapplied version 1.12.16-2ubuntu2 to ubuntu/focal-proposed

Imported using git-ubuntu import.

Changelog parent: 446f1eb130109a2f352e22688fb1d15b805148d8

New changelog entries:
  * Make autopkgtests cross-test-friendly.

Author: Heitor Alves de Siqueira
Author Date: 2019-10-07 11:29:04 UTC

Import patches-unapplied version 1.10.6-1ubuntu3.5 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 450c0d26295ef9014b5589dc9428eb25fa3ba697

New changelog entries:
  * Prevent logind from leaking session files (LP: #1846787). Fixed by
    upstream patches:
    - d/p/Only-read-one-message-at-a-time-if-there-are-fds-pen.patch
    - d/p/bus-Fix-timeout-restarts.patch
    - d/p/DBusMainLoop-ensure-all-required-timeouts-are-restar.patch

Author: Heitor Alves de Siqueira
Author Date: 2019-10-07 11:29:04 UTC

Import patches-unapplied version 1.10.6-1ubuntu3.5 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 450c0d26295ef9014b5589dc9428eb25fa3ba697

New changelog entries:
  * Prevent logind from leaking session files (LP: #1846787). Fixed by
    upstream patches:
    - d/p/Only-read-one-message-at-a-time-if-there-are-fds-pen.patch
    - d/p/bus-Fix-timeout-restarts.patch
    - d/p/DBusMainLoop-ensure-all-required-timeouts-are-restar.patch

Author: Heitor Alves de Siqueira
Author Date: 2019-10-07 11:29:04 UTC

Import patches-unapplied version 1.10.6-1ubuntu3.5 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 450c0d26295ef9014b5589dc9428eb25fa3ba697

New changelog entries:
  * Prevent logind from leaking session files (LP: #1846787). Fixed by
    upstream patches:
    - d/p/Only-read-one-message-at-a-time-if-there-are-fds-pen.patch
    - d/p/bus-Fix-timeout-restarts.patch
    - d/p/DBusMainLoop-ensure-all-required-timeouts-are-restar.patch

Author: Simon McVittie
Author Date: 2019-09-30 07:47:02 UTC

Import patches-applied version 1.12.16-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: a86c3e2ffca10e75495935fedfd30657bb8d6b07
Unapplied parent: 73e3c436d557d6c0a246d7c59bda0a4a7383f300

New changelog entries:
  * Add bug number to previous changelog entry
  * Standards-Version: 4.4.1 (no changes required)
    - Note that dbus-user-session still has its previous dependencies,
      and has deliberately not been switched to the new default-logind
      virtual package. dbus-user-session relies on systemd --user: it
      is not enough to have systemd-logind or a compatible replacement
      like elogind.
  * d/dbus.init: Work around #940971 in libnss-systemd.
    If we are booting with a non-systemd init but libnss-systemd is still
    installed, tell libnss-systemd not to try to connect to dbus-daemon,
    which is never going to work well from inside dbus-daemon.
  * dbus.postinst: Append dbus to /run/reboot-required.pkgs on upgrade
    (Closes: #867263)

Author: Simon McVittie
Author Date: 2019-06-09 21:42:06 UTC

Import patches-applied version 1.10.28-0+deb9u1 to applied/debian/stretch

Imported using git-ubuntu import.

Changelog parent: d7d2dd87e22ad14471b0da5ee5c421176347b769
Unapplied parent: 32e3324dc5861883bedfedea9d078ea7fc7da134

New changelog entries:
  * New upstream stable release
    - CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
      authentication for identities that differ from the user running the
      DBusServer. Previously, a local attacker could manipulate symbolic
      links in their own home directory to bypass authentication and
      connect to a DBusServer with elevated privileges. The standard
      system and session dbus-daemons in their default configuration were
      immune to this attack because they did not allow DBUS_COOKIE_SHA1,
      but third-party users of DBusServer such as Upstart could be
      vulnerable.
    - Prevent reading up to 3 bytes beyond the end of a truncated message.
      This could in principle be an information leak or denial of service
      on the system bus, but is not believed to be exploitable to crash
      the system bus or leak interesting information in practice.
    - Stop the dbus-daemon leaking memory (an error message) if delivering
      the message that triggered auto-activation is forbidden. This is
      technically a denial of service because the dbus-daemon will
      run out of memory eventually, but it's a very slow and noisy one,
      because all the rejected messages are also very likely to have
      been logged to the system log, and its scope is typically limited by
      the finite number of activatable services available.
    - Remove __attribute__((__malloc__)) attribute on dbus_realloc(),
      which does not meet the criteria for that attribute in gcc 4.7+,
      potentially leading to miscompilation.
    - Fix build with gcc 8 -Werror=cast-function-type
    - Fix warning from gcc 8 about suspicious use of strncpy() when
      populating struct sockaddr_un
    - Fix installation of Ducktype documentation with newer yelp-build
      versions
  * d/control: Update Vcs-Git, Vcs-Browser

Author: Simon McVittie
Author Date: 2019-06-09 21:42:06 UTC

Import patches-unapplied version 1.10.28-0+deb9u1 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 13034df44ba969099b74721ce4fb57af84ff8745

New changelog entries:
  * New upstream stable release
    - CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
      authentication for identities that differ from the user running the
      DBusServer. Previously, a local attacker could manipulate symbolic
      links in their own home directory to bypass authentication and
      connect to a DBusServer with elevated privileges. The standard
      system and session dbus-daemons in their default configuration were
      immune to this attack because they did not allow DBUS_COOKIE_SHA1,
      but third-party users of DBusServer such as Upstart could be
      vulnerable.
    - Prevent reading up to 3 bytes beyond the end of a truncated message.
      This could in principle be an information leak or denial of service
      on the system bus, but is not believed to be exploitable to crash
      the system bus or leak interesting information in practice.
    - Stop the dbus-daemon leaking memory (an error message) if delivering
      the message that triggered auto-activation is forbidden. This is
      technically a denial of service because the dbus-daemon will
      run out of memory eventually, but it's a very slow and noisy one,
      because all the rejected messages are also very likely to have
      been logged to the system log, and its scope is typically limited by
      the finite number of activatable services available.
    - Remove __attribute__((__malloc__)) attribute on dbus_realloc(),
      which does not meet the criteria for that attribute in gcc 4.7+,
      potentially leading to miscompilation.
    - Fix build with gcc 8 -Werror=cast-function-type
    - Fix warning from gcc 8 about suspicious use of strncpy() when
      populating struct sockaddr_un
    - Fix installation of Ducktype documentation with newer yelp-build
      versions
  * d/control: Update Vcs-Git, Vcs-Browser

Author: Simon McVittie
Author Date: 2019-06-09 20:34:34 UTC

Import patches-applied version 1.12.16-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 1dada047c8e0f9c211c745c300105fb48539595f
Unapplied parent: 9688d9dcf3c5e61a281808c96994c1bfa1af65f0

New changelog entries:
  * New upstream stable release
    - CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
      authentication for identities that differ from the user running the
      DBusServer. Previously, a local attacker could manipulate symbolic
      links in their own home directory to bypass authentication and
      connect to a DBusServer with elevated privileges. The standard
      system and session dbus-daemons in their default configuration were
      immune to this attack because they did not allow DBUS_COOKIE_SHA1,
      but third-party users of DBusServer such as Upstart could be
      vulnerable.

Author: Simon McVittie
Author Date: 2019-06-09 20:34:34 UTC

Import patches-unapplied version 1.12.16-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 42a6e771ce961940e32a937bf542b8734f7793e2

New changelog entries:
  * New upstream stable release
    - CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
      authentication for identities that differ from the user running the
      DBusServer. Previously, a local attacker could manipulate symbolic
      links in their own home directory to bypass authentication and
      connect to a DBusServer with elevated privileges. The standard
      system and session dbus-daemons in their default configuration were
      immune to this attack because they did not allow DBUS_COOKIE_SHA1,
      but third-party users of DBusServer such as Upstart could be
      vulnerable.

Author: Marc Deslauriers
Author Date: 2019-06-11 17:04:53 UTC

Import patches-unapplied version 1.12.14-1ubuntu2 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 8ac970293554c58239fabd26a252b01fbb3c9580

New changelog entries:
  * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
    - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
      reject DBUS_COOKIE_SHA1 for users other than the server owner in
      dbus/dbus-auth.c.
    - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
      add basic test coverage for DBUS_COOKIE_SHA1 in
      dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
      dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
      test/data/auth/cookie-sha1-username.auth-script,
      test/data/auth/cookie-sha1.auth-script.
    - CVE-2019-12749

Author: Marc Deslauriers
Author Date: 2019-06-11 17:04:53 UTC

Import patches-unapplied version 1.12.14-1ubuntu2 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 8ac970293554c58239fabd26a252b01fbb3c9580

New changelog entries:
  * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
    - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
      reject DBUS_COOKIE_SHA1 for users other than the server owner in
      dbus/dbus-auth.c.
    - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
      add basic test coverage for DBUS_COOKIE_SHA1 in
      dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
      dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
      test/data/auth/cookie-sha1-username.auth-script,
      test/data/auth/cookie-sha1.auth-script.
    - CVE-2019-12749

Author: Marc Deslauriers
Author Date: 2019-06-11 17:04:53 UTC

Import patches-unapplied version 1.12.14-1ubuntu2 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 8ac970293554c58239fabd26a252b01fbb3c9580

New changelog entries:
  * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
    - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
      reject DBUS_COOKIE_SHA1 for users other than the server owner in
      dbus/dbus-auth.c.
    - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
      add basic test coverage for DBUS_COOKIE_SHA1 in
      dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
      dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
      test/data/auth/cookie-sha1-username.auth-script,
      test/data/auth/cookie-sha1.auth-script.
    - CVE-2019-12749

Author: Marc Deslauriers
Author Date: 2019-06-10 16:57:09 UTC

Import patches-unapplied version 1.12.12-1ubuntu1.1 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: 9cc7dbd626695e64e125c12a5f686df78df2a610

New changelog entries:
  * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
    - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
      reject DBUS_COOKIE_SHA1 for users other than the server owner in
      dbus/dbus-auth.c.
    - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
      add basic test coverage for DBUS_COOKIE_SHA1 in
      dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
      dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
      test/data/auth/cookie-sha1-username.auth-script,
      test/data/auth/cookie-sha1.auth-script.
    - CVE-2019-12749

Author: Marc Deslauriers
Author Date: 2019-06-10 18:06:01 UTC

Import patches-unapplied version 1.10.6-1ubuntu3.4 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: a393a3b1f44e46eee95af31873f6f72df58e320a

New changelog entries:
  * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
    - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
      reject DBUS_COOKIE_SHA1 for users other than the server owner in
      dbus/dbus-auth.c.
    - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
      add basic test coverage for DBUS_COOKIE_SHA1 in
      dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
      dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
      test/data/auth/cookie-sha1-username.auth-script,
      test/data/auth/cookie-sha1.auth-script.
    - CVE-2019-12749

Author: Marc Deslauriers
Author Date: 2019-06-10 18:05:17 UTC

Import patches-unapplied version 1.12.2-1ubuntu1.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 6ad3d33de65002ceb66af3d711d2f847532f0bbf

New changelog entries:
  * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
    - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
      reject DBUS_COOKIE_SHA1 for users other than the server owner in
      dbus/dbus-auth.c.
    - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
      add basic test coverage for DBUS_COOKIE_SHA1 in
      dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
      dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
      test/data/auth/cookie-sha1-username.auth-script,
      test/data/auth/cookie-sha1.auth-script.
    - CVE-2019-12749

Author: Marc Deslauriers
Author Date: 2019-06-10 18:05:17 UTC

Import patches-unapplied version 1.12.2-1ubuntu1.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 6ad3d33de65002ceb66af3d711d2f847532f0bbf

New changelog entries:
  * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
    - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
      reject DBUS_COOKIE_SHA1 for users other than the server owner in
      dbus/dbus-auth.c.
    - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
      add basic test coverage for DBUS_COOKIE_SHA1 in
      dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
      dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
      test/data/auth/cookie-sha1-username.auth-script,
      test/data/auth/cookie-sha1.auth-script.
    - CVE-2019-12749

Author: Marc Deslauriers
Author Date: 2019-06-10 18:05:17 UTC

Import patches-unapplied version 1.12.2-1ubuntu1.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 6ad3d33de65002ceb66af3d711d2f847532f0bbf

New changelog entries:
  * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
    - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
      reject DBUS_COOKIE_SHA1 for users other than the server owner in
      dbus/dbus-auth.c.
    - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
      add basic test coverage for DBUS_COOKIE_SHA1 in
      dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
      dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
      test/data/auth/cookie-sha1-username.auth-script,
      test/data/auth/cookie-sha1.auth-script.
    - CVE-2019-12749

Author: Marc Deslauriers
Author Date: 2019-06-10 17:01:15 UTC

Import patches-unapplied version 1.12.10-1ubuntu2.1 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: dc6c47e0d4485488436647c3cff0ed75cf12590a

New changelog entries:
  * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
    - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
      reject DBUS_COOKIE_SHA1 for users other than the server owner in
      dbus/dbus-auth.c.
    - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
      add basic test coverage for DBUS_COOKIE_SHA1 in
      dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
      dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
      test/data/auth/cookie-sha1-username.auth-script,
      test/data/auth/cookie-sha1.auth-script.
    - CVE-2019-12749

Author: Marc Deslauriers
Author Date: 2019-06-10 17:01:15 UTC

Import patches-unapplied version 1.12.10-1ubuntu2.1 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: dc6c47e0d4485488436647c3cff0ed75cf12590a

New changelog entries:
  * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
    - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
      reject DBUS_COOKIE_SHA1 for users other than the server owner in
      dbus/dbus-auth.c.
    - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
      add basic test coverage for DBUS_COOKIE_SHA1 in
      dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
      dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
      test/data/auth/cookie-sha1-username.auth-script,
      test/data/auth/cookie-sha1.auth-script.
    - CVE-2019-12749

Author: Marc Deslauriers
Author Date: 2019-06-10 17:01:15 UTC

Import patches-unapplied version 1.12.10-1ubuntu2.1 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: dc6c47e0d4485488436647c3cff0ed75cf12590a

New changelog entries:
  * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
    - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
      reject DBUS_COOKIE_SHA1 for users other than the server owner in
      dbus/dbus-auth.c.
    - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
      add basic test coverage for DBUS_COOKIE_SHA1 in
      dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
      dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
      test/data/auth/cookie-sha1-username.auth-script,
      test/data/auth/cookie-sha1.auth-script.
    - CVE-2019-12749

Author: Marc Deslauriers
Author Date: 2019-06-10 16:57:09 UTC

Import patches-unapplied version 1.12.12-1ubuntu1.1 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: 9cc7dbd626695e64e125c12a5f686df78df2a610

New changelog entries:
  * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
    - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
      reject DBUS_COOKIE_SHA1 for users other than the server owner in
      dbus/dbus-auth.c.
    - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
      add basic test coverage for DBUS_COOKIE_SHA1 in
      dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
      dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
      test/data/auth/cookie-sha1-username.auth-script,
      test/data/auth/cookie-sha1.auth-script.
    - CVE-2019-12749

Author: Marc Deslauriers
Author Date: 2019-06-10 16:57:09 UTC

Import patches-unapplied version 1.12.12-1ubuntu1.1 to ubuntu/disco-security

Imported using git-ubuntu import.

Changelog parent: 9cc7dbd626695e64e125c12a5f686df78df2a610

New changelog entries:
  * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
    - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
      reject DBUS_COOKIE_SHA1 for users other than the server owner in
      dbus/dbus-auth.c.
    - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
      add basic test coverage for DBUS_COOKIE_SHA1 in
      dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
      dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
      test/data/auth/cookie-sha1-username.auth-script,
      test/data/auth/cookie-sha1.auth-script.
    - CVE-2019-12749

Author: Steve Langasek
Author Date: 2019-02-01 01:47:44 UTC

Import patches-unapplied version 1.12.12-1ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: f8241c8d6932c41b601deddfc427517c93b039e9

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
      (see patch header and upstream bug for details). Fixes various
      causes of shutdown hangs, particularly with remote file systems.
      (LP: #1438612) (LP: #1540282)
    - debian/dbus.postinst, debian/rules: Don't start D-Bus on package
      installation, as that doesn't work any more with dont-stop-dbus.patch.
      Instead, start dbus.socket in postinst, which will then start D-Bus
      on demand after package installation.
    - Add aa-get-connection-apparmor-security-context.patch: This is not
      intended for upstream inclusion. It implements a bus method
      (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
      security context but upstream D-Bus has recently added a generic way of
      getting a connection's security credentials (GetConnectionCredentials).
      Ubuntu should carry this patch until packages in the archive are moved
      over to the new, generic method of getting a connection's credentials.
  * Dropped changes, superseded in Debian:
    - debian/tests/root: don't set ulimit on containers, since the container
      may be unprivileged and "root" may not be able to raise ulimits again.

Author: Steve Langasek
Author Date: 2019-02-01 01:47:44 UTC

Import patches-unapplied version 1.12.12-1ubuntu1 to ubuntu/disco-proposed

Imported using git-ubuntu import.

Changelog parent: f8241c8d6932c41b601deddfc427517c93b039e9

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
      (see patch header and upstream bug for details). Fixes various
      causes of shutdown hangs, particularly with remote file systems.
      (LP: #1438612) (LP: #1540282)
    - debian/dbus.postinst, debian/rules: Don't start D-Bus on package
      installation, as that doesn't work any more with dont-stop-dbus.patch.
      Instead, start dbus.socket in postinst, which will then start D-Bus
      on demand after package installation.
    - Add aa-get-connection-apparmor-security-context.patch: This is not
      intended for upstream inclusion. It implements a bus method
      (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
      security context but upstream D-Bus has recently added a generic way of
      getting a connection's security credentials (GetConnectionCredentials).
      Ubuntu should carry this patch until packages in the archive are moved
      over to the new, generic method of getting a connection's credentials.
  * Dropped changes, superseded in Debian:
    - debian/tests/root: don't set ulimit on containers, since the container
      may be unprivileged and "root" may not be able to raise ulimits again.

Author: Steve Langasek
Author Date: 2018-09-06 03:56:07 UTC

Import patches-unapplied version 1.12.10-1ubuntu2 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: db235b87fc3823e3324d1842016d56e6e0ddb5a8

New changelog entries:
  * debian/tests/root: don't set ulimit on containers, since the container
    may be unprivileged and "root" may not be able to raise ulimits again.

Author: Steve Langasek
Author Date: 2018-09-06 03:56:07 UTC

Import patches-unapplied version 1.12.10-1ubuntu2 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Changelog parent: db235b87fc3823e3324d1842016d56e6e0ddb5a8

New changelog entries:
  * debian/tests/root: don't set ulimit on containers, since the container
    may be unprivileged and "root" may not be able to raise ulimits again.

Author: Ubuntu Git Importer
Author Date: 2018-03-15 18:06:22 UTC

pristine-tar data for dbus_1.10.26.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-06 22:59:11 UTC

pristine-tar data for dbus_1.12.2.orig.tar.gz

Author: Jeremy Bicha
Author Date: 2017-11-15 22:22:22 UTC

Import patches-unapplied version 1.12.2-1ubuntu1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 2ff5830655544380564f8d40e385223808b2e5cc

New changelog entries:
  * Sync with Debian. Remaining changes:
    - Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until
      after 18.04 LTS.
    - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
      (see patch header and upstream bug for details). Fixes various
      causes of shutdown hangs, particularly with remote file systems.
      (LP: #1438612) (LP: #1540282)
    - debian/dbus.postinst, debian/rules: Don't start D-Bus on package
      installation, as that doesn't work any more with dont-stop-dbus.patch.
      Instead, start dbus.socket in postinst, which will then start D-Bus
      on demand after package installation.
    - Add aa-get-connection-apparmor-security-context.patch: This is not
      intended for upstream inclusion. It implements a bus method
      (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
      security context but upstream D-Bus has recently added a generic way of
      getting a connection's security credentials (GetConnectionCredentials).
      Ubuntu should carry this patch until packages in the archive are moved
      over to the new, generic method of getting a connection's credentials.

Author: Jeremy Bicha
Author Date: 2017-11-15 22:22:22 UTC

Import patches-unapplied version 1.12.2-1ubuntu1 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 2ff5830655544380564f8d40e385223808b2e5cc

New changelog entries:
  * Sync with Debian. Remaining changes:
    - Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until
      after 18.04 LTS.
    - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
      (see patch header and upstream bug for details). Fixes various
      causes of shutdown hangs, particularly with remote file systems.
      (LP: #1438612) (LP: #1540282)
    - debian/dbus.postinst, debian/rules: Don't start D-Bus on package
      installation, as that doesn't work any more with dont-stop-dbus.patch.
      Instead, start dbus.socket in postinst, which will then start D-Bus
      on demand after package installation.
    - Add aa-get-connection-apparmor-security-context.patch: This is not
      intended for upstream inclusion. It implements a bus method
      (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
      security context but upstream D-Bus has recently added a generic way of
      getting a connection's security credentials (GetConnectionCredentials).
      Ubuntu should carry this patch until packages in the archive are moved
      over to the new, generic method of getting a connection's credentials.

Author: Jeremy Bicha
Author Date: 2017-07-28 14:20:42 UTC

Import patches-unapplied version 1.10.22-1ubuntu1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 549d9cda2b2f64397b89f77ef7468d728bc1ed06

New changelog entries:
  * Merge with Debian but don't use "really" version number since we never
    had the 1.11 version in Ubuntu. Remaining changes:
    - Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until
      after 18.04 LTS.
    - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
      (see patch header and upstream bug for details). Fixes various
      causes of shutdown hangs, particularly with remote file systems.
      (LP: #1438612) (LP: #1540282)
    - debian/dbus.postinst, debian/rules: Don't start D-Bus on package
      installation, as that doesn't work any more with dont-stop-dbus.patch.
      Instead, start dbus.socket in postinst, which will then start D-Bus
      on demand after package installation.
    - Add aa-get-connection-apparmor-security-context.patch: This is not
      intended for upstream inclusion. It implements a bus method
      (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
      security context but upstream D-Bus has recently added a generic way of
      getting a connection's security credentials (GetConnectionCredentials).
      Ubuntu should carry this patch until packages in the archive are moved
      over to the new, generic method of getting a connection's credentials.

Author: Jeremy Bicha
Author Date: 2017-07-28 14:20:42 UTC

Import patches-unapplied version 1.10.22-1ubuntu1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 549d9cda2b2f64397b89f77ef7468d728bc1ed06

New changelog entries:
  * Merge with Debian but don't use "really" version number since we never
    had the 1.11 version in Ubuntu. Remaining changes:
    - Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until
      after 18.04 LTS.
    - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
      (see patch header and upstream bug for details). Fixes various
      causes of shutdown hangs, particularly with remote file systems.
      (LP: #1438612) (LP: #1540282)
    - debian/dbus.postinst, debian/rules: Don't start D-Bus on package
      installation, as that doesn't work any more with dont-stop-dbus.patch.
      Instead, start dbus.socket in postinst, which will then start D-Bus
      on demand after package installation.
    - Add aa-get-connection-apparmor-security-context.patch: This is not
      intended for upstream inclusion. It implements a bus method
      (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
      security context but upstream D-Bus has recently added a generic way of
      getting a connection's security credentials (GetConnectionCredentials).
      Ubuntu should carry this patch until packages in the archive are moved
      over to the new, generic method of getting a connection's credentials.

Author: Jeremy Bicha
Author Date: 2017-07-28 14:20:42 UTC

Import patches-unapplied version 1.10.22-1ubuntu1 to ubuntu/artful-proposed

Imported using git-ubuntu import.

Changelog parent: 549d9cda2b2f64397b89f77ef7468d728bc1ed06

New changelog entries:
  * Merge with Debian but don't use "really" version number since we never
    had the 1.11 version in Ubuntu. Remaining changes:
    - Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until
      after 18.04 LTS.
    - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
      (see patch header and upstream bug for details). Fixes various
      causes of shutdown hangs, particularly with remote file systems.
      (LP: #1438612) (LP: #1540282)
    - debian/dbus.postinst, debian/rules: Don't start D-Bus on package
      installation, as that doesn't work any more with dont-stop-dbus.patch.
      Instead, start dbus.socket in postinst, which will then start D-Bus
      on demand after package installation.
    - Add aa-get-connection-apparmor-security-context.patch: This is not
      intended for upstream inclusion. It implements a bus method
      (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
      security context but upstream D-Bus has recently added a generic way of
      getting a connection's security credentials (GetConnectionCredentials).
      Ubuntu should carry this patch until packages in the archive are moved
      over to the new, generic method of getting a connection's credentials.

Author: Simon McVittie
Author Date: 2016-10-10 10:42:50 UTC

Import patches-applied version 1.8.22-0+deb8u1 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: b0d8a17b6729d56787d92465ed130937590cefde
Unapplied parent: 0ef3fec08ccbd5e4e284eb3a826ba9b4fd07e350

New changelog entries:
  * New upstream bugfix release
    - fix a potential format string vulnerability, which is not believed
      to be exploitable in practice
  * dbus.prerm: ensure that dbus.socket is stopped before removal,
    so that a new connection to the bus won't cause dbus.service to be
    restarted (Closes: #813970)

Author: Simon McVittie
Author Date: 2016-10-10 10:42:50 UTC

Import patches-unapplied version 1.8.22-0+deb8u1 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 40b874f928adaa53a5fd20f1f11616bf9dcd5364

New changelog entries:
  * New upstream bugfix release
    - fix a potential format string vulnerability, which is not believed
      to be exploitable in practice
  * dbus.prerm: ensure that dbus.socket is stopped before removal,
    so that a new connection to the bus won't cause dbus.service to be
    restarted (Closes: #813970)

Author: Łukasz Zemczak
Author Date: 2016-11-25 17:36:48 UTC

Import patches-unapplied version 1.10.10-1ubuntu1.2 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: e59abf61f84b2bacc2173dc2395db730efaf072c

New changelog entries:
  * debian/patches/make-uid-0-immune-to-timeout.patch:
    - Backport fix proposed by Simon McVittie upstream to workaround bug
      LP: #1591411.

Author: Łukasz Zemczak
Author Date: 2016-11-25 17:36:48 UTC

Import patches-unapplied version 1.10.10-1ubuntu1.2 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: e59abf61f84b2bacc2173dc2395db730efaf072c

New changelog entries:
  * debian/patches/make-uid-0-immune-to-timeout.patch:
    - Backport fix proposed by Simon McVittie upstream to workaround bug
      LP: #1591411.

Author: Tyler Hicks
Author Date: 2016-11-30 21:44:48 UTC

Import patches-unapplied version 1.6.18-0ubuntu4.5 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 54940afb9e921bf5895ad57e2841779f5e2164c6

New changelog entries:
  * debian/patches/unrequested-reply-mediation.patch: Don't let unrequested
    reply messages through and don't audit them. Unrequested reply messages
    are error or method_return messages that are sent from D-Bus connection A
    to D-Bus connection B that do not correspond to any message ever sent by
    D-Bus connection B. They should be quietly dropped as there's no use for
    them outside of malicious activity. Patch based on upstream patches.
    (LP: #1641243)

Author: Tyler Hicks
Author Date: 2016-11-30 21:44:48 UTC

Import patches-unapplied version 1.6.18-0ubuntu4.5 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 54940afb9e921bf5895ad57e2841779f5e2164c6

New changelog entries:
  * debian/patches/unrequested-reply-mediation.patch: Don't let unrequested
    reply messages through and don't audit them. Unrequested reply messages
    are error or method_return messages that are sent from D-Bus connection A
    to D-Bus connection B that do not correspond to any message ever sent by
    D-Bus connection B. They should be quietly dropped as there's no use for
    them outside of malicious activity. Patch based on upstream patches.
    (LP: #1641243)

Author: Tyler Hicks
Author Date: 2016-11-30 21:44:48 UTC

Import patches-unapplied version 1.6.18-0ubuntu4.5 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 54940afb9e921bf5895ad57e2841779f5e2164c6

New changelog entries:
  * debian/patches/unrequested-reply-mediation.patch: Don't let unrequested
    reply messages through and don't audit them. Unrequested reply messages
    are error or method_return messages that are sent from D-Bus connection A
    to D-Bus connection B that do not correspond to any message ever sent by
    D-Bus connection B. They should be quietly dropped as there's no use for
    them outside of malicious activity. Patch based on upstream patches.
    (LP: #1641243)

Author: Marc Deslauriers
Author Date: 2016-10-12 12:29:20 UTC

Import patches-unapplied version 1.10.10-1ubuntu1.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: efc9043510894150428947012174051df80ab0ef

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution or denial of service via
    format string vulnerability (likely limited to uid 0 only)
    - debian/patches/format_string.patch: do not use non-literal format
      string in bus/activation.c.
    - No CVE number

Author: Marc Deslauriers
Author Date: 2016-10-12 12:37:07 UTC

Import patches-unapplied version 1.4.18-1ubuntu1.8 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: cfb7906a44dd7be8cec5a233612ebc69956fb320

New changelog entries:
  * SECURITY UPDATE: denial of service via ActivationFailure signal race
    - debian/patches/CVE-2015-0245.patch: prevent forged ActivationFailure
      from non-root processes in bus/system.conf.in.
    - CVE-2015-0245
  * SECURITY UPDATE: arbitrary code execution or denial of service via
    format string vulnerability
    - debian/patches/format_string.patch: do not use non-literal format
      string in bus/activation.c.
    - No CVE number

Author: Marc Deslauriers
Author Date: 2016-10-12 12:37:07 UTC

Import patches-unapplied version 1.4.18-1ubuntu1.8 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: cfb7906a44dd7be8cec5a233612ebc69956fb320

New changelog entries:
  * SECURITY UPDATE: denial of service via ActivationFailure signal race
    - debian/patches/CVE-2015-0245.patch: prevent forged ActivationFailure
      from non-root processes in bus/system.conf.in.
    - CVE-2015-0245
  * SECURITY UPDATE: arbitrary code execution or denial of service via
    format string vulnerability
    - debian/patches/format_string.patch: do not use non-literal format
      string in bus/activation.c.
    - No CVE number

Author: Marc Deslauriers
Author Date: 2016-10-12 12:37:07 UTC

Import patches-unapplied version 1.4.18-1ubuntu1.8 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: cfb7906a44dd7be8cec5a233612ebc69956fb320

New changelog entries:
  * SECURITY UPDATE: denial of service via ActivationFailure signal race
    - debian/patches/CVE-2015-0245.patch: prevent forged ActivationFailure
      from non-root processes in bus/system.conf.in.
    - CVE-2015-0245
  * SECURITY UPDATE: arbitrary code execution or denial of service via
    format string vulnerability
    - debian/patches/format_string.patch: do not use non-literal format
      string in bus/activation.c.
    - No CVE number

Author: Marc Deslauriers
Author Date: 2016-10-12 12:33:44 UTC

Import patches-unapplied version 1.6.18-0ubuntu4.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: a46cf367929283af77d85b4df98eeae3f1430f51

New changelog entries:
  * SECURITY UPDATE: denial of service via ActivationFailure signal race
    - debian/patches/CVE-2015-0245.patch: prevent forged ActivationFailure
      from non-root processes in bus/system.conf.in.
    - CVE-2015-0245
  * SECURITY UPDATE: arbitrary code execution or denial of service via
    format string vulnerability
    - debian/patches/format_string.patch: do not use non-literal format
      string in bus/activation.c.
    - No CVE number

Author: Marc Deslauriers
Author Date: 2016-10-12 12:29:20 UTC

Import patches-unapplied version 1.10.10-1ubuntu1.1 to ubuntu/yakkety-security

Imported using git-ubuntu import.

Changelog parent: efc9043510894150428947012174051df80ab0ef

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution or denial of service via
    format string vulnerability (likely limited to uid 0 only)
    - debian/patches/format_string.patch: do not use non-literal format
      string in bus/activation.c.
    - No CVE number

Author: Łukasz Zemczak
Author Date: 2016-10-11 18:12:43 UTC

Import patches-unapplied version 1.10.10-1ubuntu2 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: efc9043510894150428947012174051df80ab0ef

New changelog entries:
  * debian/patches/make-uid-0-immune-to-timeout.patch:
    - Add a test patch proposed by Simon McVittie upstream to fix bug
      LP: #1591411.

Author: Łukasz Zemczak
Author Date: 2016-10-11 18:12:43 UTC

Import patches-unapplied version 1.10.10-1ubuntu2 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: efc9043510894150428947012174051df80ab0ef

New changelog entries:
  * debian/patches/make-uid-0-immune-to-timeout.patch:
    - Add a test patch proposed by Simon McVittie upstream to fix bug
      LP: #1591411.

Author: Łukasz Zemczak
Author Date: 2016-10-11 18:12:43 UTC

Import patches-unapplied version 1.10.10-1ubuntu2 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: efc9043510894150428947012174051df80ab0ef

New changelog entries:
  * debian/patches/make-uid-0-immune-to-timeout.patch:
    - Add a test patch proposed by Simon McVittie upstream to fix bug
      LP: #1591411.

Author: Jeremy Bicha
Author Date: 2016-09-11 08:09:45 UTC

Import patches-unapplied version 1.10.10-1ubuntu1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 3ea94f9827ee41bdeaa6aa1bcabe8d5ec1962e5d

New changelog entries:
  [ Jeremy Bicha ]
  * Merge with Debian (LP: #1622401), remaining changes:
    - Add debian/dbus.user-session.upstart.
    - debian, dbus.postinst, debian/rules: Don't start D-Bus on package
      installation, as that doesn't work any more. Instead, start dbus.socket
      in postinst, which will then start D-Bus on demand after package
      installation.
    - Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service
      unit (see patch header and upstream bug for details). Fixes various
      causes of shutdown hangs, particularly with remote file systems. (LP:
      #1438612) (LP: #1540282)
    - aa-get-connection-apparmor-security-context.patch: This is not
      intended for upstream inclusion. It implements a bus method
      (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
      security context but upstream D-Bus has recently added a generic way of
      getting a connection's security credentials (GetConnectionCredentials).
      Ubuntu should carry this patch until packages in the archive are moved
      over to the new, generic method of getting a connection's credentials.
  * Dropped changes:
    - debian/dbus.preinst: divert the dbus-daemon-launch-helper if upgrading
      from < 1.9.4-2~. This will make sure we keep the setuid bit during upgrade.
      (LP: #1555237)
    - Drop system upstart job.
  [ Martin Pitt ]
  * Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until
    after 18.04 LTS.

Author: Mathieu Trudel-Lapierre
Author Date: 2016-03-31 19:07:46 UTC

Import patches-unapplied version 1.10.6-1ubuntu3 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 3eccf30606a1fedf1101a9899791800e4da2846c

New changelog entries:
  * debian/dbus.preinst: divert the dbus-daemon-launch-helper if upgrading
    from < 1.9.4-2~. This will make sure we keep the setuid bit during upgrade.
    (LP: #1555237)
  * debian/dbus.postinst: remove diversion.

Author: Simon McVittie
Author Date: 2015-02-05 15:58:36 UTC

Import patches-unapplied version 1.6.8-1+deb7u6 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: 6d77f19ba2245cf74262a56330b2efdbce7255b2

New changelog entries:
  * Add patch for system.conf to fix a local denial of service when
    using systemd activation (CVE-2015-0245)

Author: Simon McVittie
Author Date: 2015-02-05 15:58:36 UTC

Import patches-applied version 1.6.8-1+deb7u6 to applied/debian/wheezy

Imported using git-ubuntu import.

Changelog parent: bd80a8e0030bc89a5457fccf8c734c3150128c08
Unapplied parent: 14e150d75ddc2901479483063574c2281c9a6fb0

New changelog entries:
  * Add patch for system.conf to fix a local denial of service when
    using systemd activation (CVE-2015-0245)

Author: Iain Lane
Author Date: 2015-09-01 16:35:32 UTC

Import patches-unapplied version 1.10.0-1ubuntu1 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 4421aa88d2ee5fc82ec39f3be1a25f531964edf9

New changelog entries:
  * Merge with Debian, remaining changes:
    - Add upstart jobs; Upstart is still supported for the system init.
      + Add debian/dbus.upstart and dbus.user-session.upstart
    - Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service
      unit (see patch header and upstream bug for details). Fixes various
      causes of shutdown hangs, particularly with remote file systems. (LP:
      #1438612)
    - aa-get-connection-apparmor-security-context.patch: This is not
      intended for upstream inclusion. It implements a bus method
      (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
      security context but upstream D-Bus has recently added a generic way of
      getting a connection's security credentials (GetConnectionCredentials).
      Ubuntu should carry this patch until packages in the archive are moved
      over to the new, generic method of getting a connection's credentials.

Author: Iain Lane
Author Date: 2015-09-01 16:35:32 UTC

Import patches-unapplied version 1.10.0-1ubuntu1 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 4421aa88d2ee5fc82ec39f3be1a25f531964edf9

New changelog entries:
  * Merge with Debian, remaining changes:
    - Add upstart jobs; Upstart is still supported for the system init.
      + Add debian/dbus.upstart and dbus.user-session.upstart
    - Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service
      unit (see patch header and upstream bug for details). Fixes various
      causes of shutdown hangs, particularly with remote file systems. (LP:
      #1438612)
    - aa-get-connection-apparmor-security-context.patch: This is not
      intended for upstream inclusion. It implements a bus method
      (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
      security context but upstream D-Bus has recently added a generic way of
      getting a connection's security credentials (GetConnectionCredentials).
      Ubuntu should carry this patch until packages in the archive are moved
      over to the new, generic method of getting a connection's credentials.

Author: Iain Lane
Author Date: 2015-09-01 16:35:32 UTC

Import patches-unapplied version 1.10.0-1ubuntu1 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 4421aa88d2ee5fc82ec39f3be1a25f531964edf9

New changelog entries:
  * Merge with Debian, remaining changes:
    - Add upstart jobs; Upstart is still supported for the system init.
      + Add debian/dbus.upstart and dbus.user-session.upstart
    - Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service
      unit (see patch header and upstream bug for details). Fixes various
      causes of shutdown hangs, particularly with remote file systems. (LP:
      #1438612)
    - aa-get-connection-apparmor-security-context.patch: This is not
      intended for upstream inclusion. It implements a bus method
      (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
      security context but upstream D-Bus has recently added a generic way of
      getting a connection's security credentials (GetConnectionCredentials).
      Ubuntu should carry this patch until packages in the archive are moved
      over to the new, generic method of getting a connection's credentials.

Author: Martin Pitt
Author Date: 2015-03-31 16:46:06 UTC

Import patches-unapplied version 1.8.12-1ubuntu5 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 6f71dd075d2a17f1806198fd4808430ff1c7a73a

New changelog entries:
  * Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service
    unit (see patch header and upstream bug for details). Fixes various causes
    of shutdown hangs, particularly with remote file systems. (LP: #1438612)

Author: Martin Pitt
Author Date: 2015-03-31 16:46:06 UTC

Import patches-unapplied version 1.8.12-1ubuntu5 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 6f71dd075d2a17f1806198fd4808430ff1c7a73a

New changelog entries:
  * Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service
    unit (see patch header and upstream bug for details). Fixes various causes
    of shutdown hangs, particularly with remote file systems. (LP: #1438612)

Author: Martin Pitt
Author Date: 2015-03-31 16:46:06 UTC

Import patches-unapplied version 1.8.12-1ubuntu5 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 6f71dd075d2a17f1806198fd4808430ff1c7a73a

New changelog entries:
  * Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service
    unit (see patch header and upstream bug for details). Fixes various causes
    of shutdown hangs, particularly with remote file systems. (LP: #1438612)

Author: Marc Deslauriers
Author Date: 2014-11-25 19:34:31 UTC

Import patches-unapplied version 1.8.8-1ubuntu2.1 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: dbfe0f54d66600e5900ea3359c2c8ac027c7892c

New changelog entries:
  * SECURITY UPDATE: denial of service via large number of fds
    - debian/patches/CVE-2014-7824.patch: raise rlimit and restore it for
      activated services in bus/activation.c, bus/bus.*,
      dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c,
      dbus/dbus-sysdeps.h.
    - debian/dbus.init: don't launch daemon as a user so the rlimit can be
      raised.
    - CVE-2014-7824
  * SECURITY REGRESSION: authentication timeout on certain slower systems
    - debian/patches/CVE-2014-3639-regression.patch: raise auth_timeout
      back up to 30 secs in bus/config-parser.c, add a warning to
      bus/connection.c.
    - CVE-2014-3639

Author: Marc Deslauriers
Author Date: 2014-11-25 19:34:31 UTC

Import patches-unapplied version 1.8.8-1ubuntu2.1 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: dbfe0f54d66600e5900ea3359c2c8ac027c7892c

New changelog entries:
  * SECURITY UPDATE: denial of service via large number of fds
    - debian/patches/CVE-2014-7824.patch: raise rlimit and restore it for
      activated services in bus/activation.c, bus/bus.*,
      dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c,
      dbus/dbus-sysdeps.h.
    - debian/dbus.init: don't launch daemon as a user so the rlimit can be
      raised.
    - CVE-2014-7824
  * SECURITY REGRESSION: authentication timeout on certain slower systems
    - debian/patches/CVE-2014-3639-regression.patch: raise auth_timeout
      back up to 30 secs in bus/config-parser.c, add a warning to
      bus/connection.c.
    - CVE-2014-3639

Author: Marc Deslauriers
Author Date: 2014-11-25 19:34:31 UTC

Import patches-unapplied version 1.8.8-1ubuntu2.1 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: dbfe0f54d66600e5900ea3359c2c8ac027c7892c

New changelog entries:
  * SECURITY UPDATE: denial of service via large number of fds
    - debian/patches/CVE-2014-7824.patch: raise rlimit and restore it for
      activated services in bus/activation.c, bus/bus.*,
      dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c,
      dbus/dbus-sysdeps.h.
    - debian/dbus.init: don't launch daemon as a user so the rlimit can be
      raised.
    - CVE-2014-7824
  * SECURITY REGRESSION: authentication timeout on certain slower systems
    - debian/patches/CVE-2014-3639-regression.patch: raise auth_timeout
      back up to 30 secs in bus/config-parser.c, add a warning to
      bus/connection.c.
    - CVE-2014-3639

Author: Oliver Grawert
Author Date: 2014-09-26 13:07:05 UTC

Import patches-unapplied version 1.8.8-1ubuntu2 to ubuntu/utopic-proposed

Imported using git-ubuntu import.

Changelog parent: c8cd5482cf045294ae3cf10151bb991d5ad29707

New changelog entries:
  * write to $XDG_RUNTIME_DIR instead of the users home when creating the
    dbus-session file, so we can start our session even with 100% filled or
    readonly home dir (LP: #1316978)

Author: Oliver Grawert
Author Date: 2014-09-26 13:07:05 UTC

Import patches-unapplied version 1.8.8-1ubuntu2 to ubuntu/utopic-proposed

Imported using git-ubuntu import.

Changelog parent: c8cd5482cf045294ae3cf10151bb991d5ad29707

New changelog entries:
  * write to $XDG_RUNTIME_DIR instead of the users home when creating the
    dbus-session file, so we can start our session even with 100% filled or
    readonly home dir (LP: #1316978)

Author: Marc Deslauriers
Author Date: 2014-09-17 16:27:46 UTC

Import patches-unapplied version 1.2.16-2ubuntu4.8 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: e713f7ae84909ee918e8384e357fdabc0d1e4c13

New changelog entries:
  * SECURITY UPDATE: denial of service via large number of pending replies
    - debian/patches/CVE-2014-3638.patch: reduce max_replies_per_connection
      to 128 in bus/config-parser.c.
    - CVE-2014-3638
  * SECURITY UPDATE: denial of service via incomplete connections
    - debian/patches/CVE-2014-3639.patch: reduce auth_timeout in
      bus/config-parser.c, stop listening on DBusServer sockets when
      reaching max_incomplete_connections in bus/bus.*, bus/connection.*,
      dbus/dbus-server-protected.h, dbus/dbus-server.c, dbus/dbus-watch.*.
    - CVE-2014-3639

Author: Marc Deslauriers
Author Date: 2014-09-17 16:27:46 UTC

Import patches-unapplied version 1.2.16-2ubuntu4.8 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: e713f7ae84909ee918e8384e357fdabc0d1e4c13

New changelog entries:
  * SECURITY UPDATE: denial of service via large number of pending replies
    - debian/patches/CVE-2014-3638.patch: reduce max_replies_per_connection
      to 128 in bus/config-parser.c.
    - CVE-2014-3638
  * SECURITY UPDATE: denial of service via incomplete connections
    - debian/patches/CVE-2014-3639.patch: reduce auth_timeout in
      bus/config-parser.c, stop listening on DBusServer sockets when
      reaching max_incomplete_connections in bus/bus.*, bus/connection.*,
      dbus/dbus-server-protected.h, dbus/dbus-server.c, dbus/dbus-watch.*.
    - CVE-2014-3639

Author: Marc Deslauriers
Author Date: 2014-09-17 16:27:46 UTC

Import patches-unapplied version 1.2.16-2ubuntu4.8 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: e713f7ae84909ee918e8384e357fdabc0d1e4c13

New changelog entries:
  * SECURITY UPDATE: denial of service via large number of pending replies
    - debian/patches/CVE-2014-3638.patch: reduce max_replies_per_connection
      to 128 in bus/config-parser.c.
    - CVE-2014-3638
  * SECURITY UPDATE: denial of service via incomplete connections
    - debian/patches/CVE-2014-3639.patch: reduce auth_timeout in
      bus/config-parser.c, stop listening on DBusServer sockets when
      reaching max_incomplete_connections in bus/bus.*, bus/connection.*,
      dbus/dbus-server-protected.h, dbus/dbus-server.c, dbus/dbus-watch.*.
    - CVE-2014-3639

Author: Marc Deslauriers
Author Date: 2014-07-03 12:35:59 UTC

Import patches-unapplied version 1.6.12-0ubuntu10.1 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: f93b75ebb7eb9b3dc94ab32298eeac62852d7dba

New changelog entries:
  * SECURITY UPDATE: denial of service via activation errors
    - debian/patches/CVE-2014-3477.patch: improve error handling in
      bus/activation.*, bus/services.c.
    - CVE-2014-3477
  * SECURITY UPDATE: denial of service via ETOOMANYREFS
    - debian/patches/CVE-2014-3532.patch: drop message on ETOOMANYREFS in
      dbus/dbus-sysdeps.*, dbus/dbus-transport-socket.c.
    - CVE-2014-3532
  * SECURITY UPDATE: denial of service via invalid file descriptor
    - debian/patches/CVE-2014-3533.patch: fix memory handling in
      dbus/dbus-message.c.
    - CVE-2014-3533

Author: Marc Deslauriers
Author Date: 2014-07-03 12:35:59 UTC

Import patches-unapplied version 1.6.12-0ubuntu10.1 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: f93b75ebb7eb9b3dc94ab32298eeac62852d7dba

New changelog entries:
  * SECURITY UPDATE: denial of service via activation errors
    - debian/patches/CVE-2014-3477.patch: improve error handling in
      bus/activation.*, bus/services.c.
    - CVE-2014-3477
  * SECURITY UPDATE: denial of service via ETOOMANYREFS
    - debian/patches/CVE-2014-3532.patch: drop message on ETOOMANYREFS in
      dbus/dbus-sysdeps.*, dbus/dbus-transport-socket.c.
    - CVE-2014-3532
  * SECURITY UPDATE: denial of service via invalid file descriptor
    - debian/patches/CVE-2014-3533.patch: fix memory handling in
      dbus/dbus-message.c.
    - CVE-2014-3533

Author: Marc Deslauriers
Author Date: 2014-07-03 12:35:59 UTC

Import patches-unapplied version 1.6.12-0ubuntu10.1 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: f93b75ebb7eb9b3dc94ab32298eeac62852d7dba

New changelog entries:
  * SECURITY UPDATE: denial of service via activation errors
    - debian/patches/CVE-2014-3477.patch: improve error handling in
      bus/activation.*, bus/services.c.
    - CVE-2014-3477
  * SECURITY UPDATE: denial of service via ETOOMANYREFS
    - debian/patches/CVE-2014-3532.patch: drop message on ETOOMANYREFS in
      dbus/dbus-sysdeps.*, dbus/dbus-transport-socket.c.
    - CVE-2014-3532
  * SECURITY UPDATE: denial of service via invalid file descriptor
    - debian/patches/CVE-2014-3533.patch: fix memory handling in
      dbus/dbus-message.c.
    - CVE-2014-3533

Author: Stéphane Graber
Author Date: 2014-04-01 21:53:17 UTC

Import patches-unapplied version 1.6.18-0ubuntu4 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: f815e0f1a90c47c1455cf13b9c23c8068795756f

New changelog entries:
  * Create ~/.cache/upstart if it doesn't already exist.
    Thanks to Ryan Lovett for the patch. (LP: #1300516)

Author: Tyler Hicks
Author Date: 2013-10-10 17:40:26 UTC

Import patches-unapplied version 1.6.12-0ubuntu10 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 9abec0408cff3e8943bebf9c928256cb36da082e

New changelog entries:
  * debian/patches/aa-mediation.patch: Attempt to open() the mask file in
    apparmorfs/features/dbus rather than simply stat() the dbus directory.
    This is an important difference because AppArmor does not mediate the
    stat() syscall. This resulted in problems in an environment where
    dbus-daemon, running inside of an LXC container, did not have the
    necessary AppArmor rules to access apparmorfs but the stat() succeeded
    so mediation was not properly disabled. (LP: #1238267)
    This problem was exposed after dropping aa-kernel-compat-check.patch
    because the compat check was an additional check that performed a test
    query. The test query was failing in the above scenario, which did result
    in mediation being disabled.
  * debian/patches/aa-get-connection-apparmor-security-context.patch,
    debian/patches/aa-mediate-eavesdropping.patch: Refresh these patches to
    accomodate the above change

Author: Tyler Hicks
Author Date: 2013-10-10 17:40:26 UTC

Import patches-unapplied version 1.6.12-0ubuntu10 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 9abec0408cff3e8943bebf9c928256cb36da082e

New changelog entries:
  * debian/patches/aa-mediation.patch: Attempt to open() the mask file in
    apparmorfs/features/dbus rather than simply stat() the dbus directory.
    This is an important difference because AppArmor does not mediate the
    stat() syscall. This resulted in problems in an environment where
    dbus-daemon, running inside of an LXC container, did not have the
    necessary AppArmor rules to access apparmorfs but the stat() succeeded
    so mediation was not properly disabled. (LP: #1238267)
    This problem was exposed after dropping aa-kernel-compat-check.patch
    because the compat check was an additional check that performed a test
    query. The test query was failing in the above scenario, which did result
    in mediation being disabled.
  * debian/patches/aa-get-connection-apparmor-security-context.patch,
    debian/patches/aa-mediate-eavesdropping.patch: Refresh these patches to
    accomodate the above change

Author: Marc Deslauriers
Author Date: 2013-06-13 12:44:47 UTC

Import patches-unapplied version 1.6.8-1ubuntu6.1 to ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: 6b3c707f810b9a863d699ff2e0cb8864bd157528

New changelog entries:
  * SECURITY UPDATE: denial of service via _dbus_printf_string_upper_bound()
    length.
    - debian/patches/CVE-2013-2168.patch: use a copy of va_list in
      dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-win.c, added test to
      test/Makefile.am, test/internals/printf.c.
    - CVE-2013-2168

Author: Marc Deslauriers
Author Date: 2013-06-13 14:17:02 UTC

Import patches-unapplied version 1.6.4-1ubuntu4.1 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: f48cd61e10fe74b78c58d8ce6881c543001846cb

New changelog entries:
  * SECURITY UPDATE: denial of service via _dbus_printf_string_upper_bound()
    length.
    - debian/patches/CVE-2013-2168.patch: use a copy of va_list in
      dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-win.c, added test to
      test/Makefile.am, test/internals/printf.c.
    - CVE-2013-2168

Author: Marc Deslauriers
Author Date: 2013-06-13 12:44:47 UTC

Import patches-unapplied version 1.6.8-1ubuntu6.1 to ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: 6b3c707f810b9a863d699ff2e0cb8864bd157528

New changelog entries:
  * SECURITY UPDATE: denial of service via _dbus_printf_string_upper_bound()
    length.
    - debian/patches/CVE-2013-2168.patch: use a copy of va_list in
      dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-win.c, added test to
      test/Makefile.am, test/internals/printf.c.
    - CVE-2013-2168

Author: Marc Deslauriers
Author Date: 2013-06-13 14:17:02 UTC

Import patches-unapplied version 1.6.4-1ubuntu4.1 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: f48cd61e10fe74b78c58d8ce6881c543001846cb

New changelog entries:
  * SECURITY UPDATE: denial of service via _dbus_printf_string_upper_bound()
    length.
    - debian/patches/CVE-2013-2168.patch: use a copy of va_list in
      dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-win.c, added test to
      test/Makefile.am, test/internals/printf.c.
    - CVE-2013-2168

Author: Marc Deslauriers
Author Date: 2013-06-13 14:17:02 UTC

Import patches-unapplied version 1.6.4-1ubuntu4.1 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: f48cd61e10fe74b78c58d8ce6881c543001846cb

New changelog entries:
  * SECURITY UPDATE: denial of service via _dbus_printf_string_upper_bound()
    length.
    - debian/patches/CVE-2013-2168.patch: use a copy of va_list in
      dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-win.c, added test to
      test/Makefile.am, test/internals/printf.c.
    - CVE-2013-2168

Author: Marc Deslauriers
Author Date: 2013-06-13 12:44:47 UTC

Import patches-unapplied version 1.6.8-1ubuntu6.1 to ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: 6b3c707f810b9a863d699ff2e0cb8864bd157528

New changelog entries:
  * SECURITY UPDATE: denial of service via _dbus_printf_string_upper_bound()
    length.
    - debian/patches/CVE-2013-2168.patch: use a copy of va_list in
      dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-win.c, added test to
      test/Makefile.am, test/internals/printf.c.
    - CVE-2013-2168

Author: Stéphane Graber
Author Date: 2013-03-25 13:52:01 UTC

Import patches-unapplied version 1.6.8-1ubuntu6 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: e7c163a4478ea118a55ec4608b28210e7b6c7da8

New changelog entries:
  * Tweak startup condition of user-job to block xsession-init until it's
    started. (LP: #1155205)

Author: Stéphane Graber
Author Date: 2013-03-25 13:52:01 UTC

Import patches-unapplied version 1.6.8-1ubuntu6 to ubuntu/raring-proposed

Imported using git-ubuntu import.

Changelog parent: e7c163a4478ea118a55ec4608b28210e7b6c7da8

New changelog entries:
  * Tweak startup condition of user-job to block xsession-init until it's
    started. (LP: #1155205)

Author: Simon McVittie
Author Date: 2012-10-04 07:47:10 UTC

Import patches-unapplied version 1.2.24-4+squeeze2 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 4e0c8715f723f617f2f8269731dfde4576a09e9c

New changelog entries:
  * CVE-2012-3524: apply patches from upstream 1.6.6 to avoid arbitrary
    code execution in setuid/setgid binaries that incorrectly use libdbus
    without first sanitizing the environment variables inherited from
    their less-privileged caller (Closes: #689070).
    - As per upstream 1.6.8, do not check filesystem capabilities for now,
      only setuid/setgid, fixing regressions in certain configurations of
      gnome-keyring

Author: Simon McVittie
Author Date: 2012-10-04 07:47:10 UTC

Import patches-applied version 1.2.24-4+squeeze2 to applied/debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 357709a6ac1262e177f68abfd43cd7d937920f09
Unapplied parent: 49fd4b6ad5de8d7c8c70cff88aebf0b2ad8529d5

New changelog entries:
  * CVE-2012-3524: apply patches from upstream 1.6.6 to avoid arbitrary
    code execution in setuid/setgid binaries that incorrectly use libdbus
    without first sanitizing the environment variables inherited from
    their less-privileged caller (Closes: #689070).
    - As per upstream 1.6.8, do not check filesystem capabilities for now,
      only setuid/setgid, fixing regressions in certain configurations of
      gnome-keyring

Author: Marc Deslauriers
Author Date: 2012-10-03 11:03:55 UTC

Import patches-unapplied version 1.4.6-1ubuntu6.4 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: d6cee41bce3fc4088eb03f1e97b700fae2944e5b

New changelog entries:
  * REGRESSION FIX: some applications launched with the activation helper
    may need DBUS_STARTER_ADDRESS. (LP: #1058343)
    - debian/patches/CVE-2012-3524-regression-fix.patch: hardcode the
      starter address to the default system bus address.
  * REGRESSION FIX: unclean shutdown after dbus upgrade (LP: #740390)
    - debian/libdbus-1-3.postinst: trigger an upstart re-exec before
      shutdown or reboot so that it can safely unmount the root
      filesystem.

Author: Marc Deslauriers
Author Date: 2012-10-03 11:03:55 UTC

Import patches-unapplied version 1.4.6-1ubuntu6.4 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: d6cee41bce3fc4088eb03f1e97b700fae2944e5b

New changelog entries:
  * REGRESSION FIX: some applications launched with the activation helper
    may need DBUS_STARTER_ADDRESS. (LP: #1058343)
    - debian/patches/CVE-2012-3524-regression-fix.patch: hardcode the
      starter address to the default system bus address.
  * REGRESSION FIX: unclean shutdown after dbus upgrade (LP: #740390)
    - debian/libdbus-1-3.postinst: trigger an upstart re-exec before
      shutdown or reboot so that it can safely unmount the root
      filesystem.

Author: Marc Deslauriers
Author Date: 2012-10-03 16:59:30 UTC

Import patches-unapplied version 1.1.20-1ubuntu3.9 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: b6bfcd39187c700d838f7d6e888d0000af008bab

New changelog entries:
  * REGRESSION FIX: some applications launched with the activation helper
    may need DBUS_STARTER_ADDRESS. (LP: #1058343)
    - debian/patches/87-CVE-2012-3524-regression-fix.patch: hardcode the
      starter address to the default system bus address.

Author: Marc Deslauriers
Author Date: 2012-10-03 16:59:30 UTC

Import patches-unapplied version 1.1.20-1ubuntu3.9 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: b6bfcd39187c700d838f7d6e888d0000af008bab

New changelog entries:
  * REGRESSION FIX: some applications launched with the activation helper
    may need DBUS_STARTER_ADDRESS. (LP: #1058343)
    - debian/patches/87-CVE-2012-3524-regression-fix.patch: hardcode the
      starter address to the default system bus address.

Author: Marc Deslauriers
Author Date: 2012-10-03 11:03:55 UTC

Import patches-unapplied version 1.4.6-1ubuntu6.4 to ubuntu/natty-security

Imported using git-ubuntu import.

Changelog parent: d6cee41bce3fc4088eb03f1e97b700fae2944e5b

New changelog entries:
  * REGRESSION FIX: some applications launched with the activation helper
    may need DBUS_STARTER_ADDRESS. (LP: #1058343)
    - debian/patches/CVE-2012-3524-regression-fix.patch: hardcode the
      starter address to the default system bus address.
  * REGRESSION FIX: unclean shutdown after dbus upgrade (LP: #740390)
    - debian/libdbus-1-3.postinst: trigger an upstart re-exec before
      shutdown or reboot so that it can safely unmount the root
      filesystem.

Author: Marc Deslauriers
Author Date: 2012-10-03 16:59:30 UTC

Import patches-unapplied version 1.1.20-1ubuntu3.9 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: b6bfcd39187c700d838f7d6e888d0000af008bab

New changelog entries:
  * REGRESSION FIX: some applications launched with the activation helper
    may need DBUS_STARTER_ADDRESS. (LP: #1058343)
    - debian/patches/87-CVE-2012-3524-regression-fix.patch: hardcode the
      starter address to the default system bus address.

Author: Marc Deslauriers
Author Date: 2012-10-03 11:02:41 UTC

Import patches-unapplied version 1.4.14-1ubuntu1.3 to ubuntu/oneiric-security

Imported using git-ubuntu import.

Changelog parent: 91802de78aa0dc0f97c7d6bc31cdf75f1dbcf485

New changelog entries:
  * REGRESSION FIX: some applications launched with the activation helper
    may need DBUS_STARTER_ADDRESS. (LP: #1058343)
    - debian/patches/CVE-2012-3524-regression-fix.patch: hardcode the
      starter address to the default system bus address.
  * REGRESSION FIX: unclean shutdown after dbus upgrade (LP: #740390)
    - debian/libdbus-1-3.postinst: trigger an upstart re-exec before
      shutdown or reboot so that it can safely unmount the root
      filesystem.