Author: Sebastien Bacher
Revision Date: 2013-06-19 19:04:25 UTC

New upstream version, drop CVE-2013-2168.patch included in the update

Author: Sebastien Bacher
Revision Date: 2013-06-19 19:04:25 UTC

New upstream version, drop CVE-2013-2168.patch included in the update

Author: Sebastien Bacher
Revision Date: 2013-06-19 19:04:25 UTC

New upstream version, drop CVE-2013-2168.patch included in the update

Author: Tomas Hallenberg
Revision Date: 2014-01-24 15:28:42 UTC

debian/patches/90-custom-marshalling-support.patch: Add support for custom
marshalling, needed by CommonAPI

Author: Marc Deslauriers
Revision Date: 2012-10-03 07:02:41 UTC

* REGRESSION FIX: some applications launched with the activation helper
  may need DBUS_STARTER_ADDRESS. (LP: #1058343)
  - debian/patches/CVE-2012-3524-regression-fix.patch: hardcode the
    starter address to the default system bus address.
* REGRESSION FIX: unclean shutdown after dbus upgrade (LP: #740390)
  - debian/libdbus-1-3.postinst: trigger an upstart re-exec before
    shutdown or reboot so that it can safely unmount the root
    filesystem.

Author: James Hunt
Revision Date: 2013-11-18 15:39:04 UTC

* Updated to protect against failure.

Author: Sebastien Bacher
Revision Date: 2013-06-19 19:04:25 UTC

New upstream version, drop CVE-2013-2168.patch included in the update

Author: Marc Deslauriers
Revision Date: 2013-06-13 08:44:47 UTC

* SECURITY UPDATE: denial of service via _dbus_printf_string_upper_bound()
  length.
  - debian/patches/CVE-2013-2168.patch: use a copy of va_list in
    dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-win.c, added test to
    test/Makefile.am, test/internals/printf.c.
  - CVE-2013-2168

Author: Marc Deslauriers
Revision Date: 2013-06-13 08:44:47 UTC

* SECURITY UPDATE: denial of service via _dbus_printf_string_upper_bound()
  length.
  - debian/patches/CVE-2013-2168.patch: use a copy of va_list in
    dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-win.c, added test to
    test/Makefile.am, test/internals/printf.c.
  - CVE-2013-2168

Author: Marc Deslauriers
Revision Date: 2013-06-13 10:17:02 UTC

* SECURITY UPDATE: denial of service via _dbus_printf_string_upper_bound()
  length.
  - debian/patches/CVE-2013-2168.patch: use a copy of va_list in
    dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-win.c, added test to
    test/Makefile.am, test/internals/printf.c.
  - CVE-2013-2168

Author: Marc Deslauriers
Revision Date: 2013-06-13 10:17:02 UTC

* SECURITY UPDATE: denial of service via _dbus_printf_string_upper_bound()
  length.
  - debian/patches/CVE-2013-2168.patch: use a copy of va_list in
    dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-win.c, added test to
    test/Makefile.am, test/internals/printf.c.
  - CVE-2013-2168

Author: Sebastien Bacher
Revision Date: 2013-06-19 19:04:25 UTC

New upstream version, drop CVE-2013-2168.patch included in the update

Author: Sebastien Bacher
Revision Date: 2013-06-19 19:04:25 UTC

New upstream version, drop CVE-2013-2168.patch included in the update

Author: Marc Deslauriers
Revision Date: 2013-06-13 10:23:58 UTC

* SECURITY UPDATE: denial of service via _dbus_printf_string_upper_bound()
  length.
  - debian/patches/CVE-2013-2168.patch: use a copy of va_list in
    dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-win.c, added test to
    test/Makefile.am, test/internals/printf.c.
  - CVE-2013-2168

Author: Marc Deslauriers
Revision Date: 2013-06-13 10:23:58 UTC

* SECURITY UPDATE: denial of service via _dbus_printf_string_upper_bound()
  length.
  - debian/patches/CVE-2013-2168.patch: use a copy of va_list in
    dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-win.c, added test to
    test/Makefile.am, test/internals/printf.c.
  - CVE-2013-2168

Author: Stéphane Graber
Revision Date: 2013-03-25 09:52:01 UTC

Tweak startup condition of user-job to block xsession-init until it's
started. (LP: #1155205)

Author: Stéphane Graber
Revision Date: 2013-03-25 09:52:01 UTC

Tweak startup condition of user-job to block xsession-init until it's
started. (LP: #1155205)

Author: James Hunt
Revision Date: 2013-03-14 09:07:16 UTC

debian/libdbus-1-3.postinst: Force an upgrade to restart Upstart
(to pick up new package version) if the running instance supports
it (LP: #1146653).

Author: Iain Lane
Revision Date: 2012-10-15 11:58:32 UTC

debian/control: Remove explicit versioned upstart dependency which is
unnecessary given that we have a generated dependency by dh_installinit
and the version referred to is pre-lucid.

Author: Marc Deslauriers
Revision Date: 2012-10-03 07:03:55 UTC

* REGRESSION FIX: some applications launched with the activation helper
  may need DBUS_STARTER_ADDRESS. (LP: #1058343)
  - debian/patches/CVE-2012-3524-regression-fix.patch: hardcode the
    starter address to the default system bus address.
* REGRESSION FIX: unclean shutdown after dbus upgrade (LP: #740390)
  - debian/libdbus-1-3.postinst: trigger an upstart re-exec before
    shutdown or reboot so that it can safely unmount the root
    filesystem.

Author: Marc Deslauriers
Revision Date: 2012-10-03 07:05:52 UTC

* REGRESSION FIX: some applications launched with the activation helper
  may need DBUS_STARTER_ADDRESS. (LP: #1058343)
  - debian/patches/CVE-2012-3524-regression-fix.patch: hardcode the
    starter address to the default system bus address.
* REGRESSION FIX: unclean shutdown after dbus upgrade (LP: #740390)
  - debian/libdbus-1-3.postinst: trigger an upstart re-exec before
    shutdown or reboot so that it can safely unmount the root
    filesystem.

Author: Marc Deslauriers
Revision Date: 2012-10-03 12:59:30 UTC

* REGRESSION FIX: some applications launched with the activation helper
  may need DBUS_STARTER_ADDRESS. (LP: #1058343)
  - debian/patches/87-CVE-2012-3524-regression-fix.patch: hardcode the
    starter address to the default system bus address.

Author: Marc Deslauriers
Revision Date: 2012-10-03 14:41:36 UTC

debian/patches/CVE-2012-3524-regression-fix.patch: updated to fix test
suite.

Author: Marc Deslauriers
Revision Date: 2012-10-03 12:59:30 UTC

* REGRESSION FIX: some applications launched with the activation helper
  may need DBUS_STARTER_ADDRESS. (LP: #1058343)
  - debian/patches/87-CVE-2012-3524-regression-fix.patch: hardcode the
    starter address to the default system bus address.

Author: Marc Deslauriers
Revision Date: 2012-10-03 07:05:52 UTC

* REGRESSION FIX: some applications launched with the activation helper
  may need DBUS_STARTER_ADDRESS. (LP: #1058343)
  - debian/patches/CVE-2012-3524-regression-fix.patch: hardcode the
    starter address to the default system bus address.
* REGRESSION FIX: unclean shutdown after dbus upgrade (LP: #740390)
  - debian/libdbus-1-3.postinst: trigger an upstart re-exec before
    shutdown or reboot so that it can safely unmount the root
    filesystem.

Author: Marc Deslauriers
Revision Date: 2012-10-03 07:03:55 UTC

* REGRESSION FIX: some applications launched with the activation helper
  may need DBUS_STARTER_ADDRESS. (LP: #1058343)
  - debian/patches/CVE-2012-3524-regression-fix.patch: hardcode the
    starter address to the default system bus address.
* REGRESSION FIX: unclean shutdown after dbus upgrade (LP: #740390)
  - debian/libdbus-1-3.postinst: trigger an upstart re-exec before
    shutdown or reboot so that it can safely unmount the root
    filesystem.

Author: Marc Deslauriers
Revision Date: 2012-10-03 07:02:41 UTC

* REGRESSION FIX: some applications launched with the activation helper
  may need DBUS_STARTER_ADDRESS. (LP: #1058343)
  - debian/patches/CVE-2012-3524-regression-fix.patch: hardcode the
    starter address to the default system bus address.
* REGRESSION FIX: unclean shutdown after dbus upgrade (LP: #740390)
  - debian/libdbus-1-3.postinst: trigger an upstart re-exec before
    shutdown or reboot so that it can safely unmount the root
    filesystem.

Author: Martin Pitt
Revision Date: 2012-02-22 09:10:26 UTC

* Merge with Debian unstable to pick up the new bug fix release. Remaining
  Ubuntu changes:
  - Install binaries into / rather than /usr:
    + debian/rules: Set --exec-prefix=/
    + debian/dbus.install, debian/dbus-x11.install: Install from /bin
  - Use upstart to start:
    + Add debian/dbus.upstart.
    + debian/control: Add upstart dependency.
    + debian/dbus.postinst: Use upstart call instead of invoking the init.d
      script for checking if we are already running.
    + debian/control: versioned dependency on netbase that emits the new
      deconfiguring-networking event used in upstart script.
  - 20_system_conf_limit.patch: Increase max_match_rules_per_connection for
    the system bus to 5000 (LP #454093)
  - 81-session.conf-timeout.patch: Raise the service startup timeout from 25
    to 60 seconds. It may be too short on the live CD with slow machines.
  - Add 0001-activation-allow-for-more-variation-than-just-system.patch,
    0002-bus-change-systemd-activation-to-activation-systemd.patch,
    0003-upstart-add-upstart-as-a-possible-activation-type.patch,
    0004-upstart-add-UpstartJob-to-service-desktop-files.patch,
    0005-activation-implement-upstart-activation.patch: Patches from Scott
    James Remnant to implement Upstart service activation. Not upstream.

Author: Clint Byrum
Revision Date: 2011-10-04 10:03:54 UTC

d/dbus.upstart: Add clarification of network-manager workaround

Author: Clint Byrum
Revision Date: 2011-10-04 10:03:54 UTC

d/dbus.upstart: Add clarification of network-manager workaround

Author: Jamie Strandboge
Revision Date: 2011-07-22 09:01:52 UTC

* SECURITY UPDATE: denial of service via messages with non-native byte order
  - debian/patches/99-CVE-2011-2200.patch: update dbus-marshal-header.c
    to verify header->data byte order and header->byte_order match in
    _dbus_header_byteswap()
  - CVE-2011-2200

Author: Jamie Strandboge
Revision Date: 2011-07-22 09:01:52 UTC

* SECURITY UPDATE: denial of service via messages with non-native byte order
  - debian/patches/99-CVE-2011-2200.patch: update dbus-marshal-header.c
    to verify header->data byte order and header->byte_order match in
    _dbus_header_byteswap()
  - CVE-2011-2200

Author: Didier Roche-Tolomelli
Revision Date: 2011-07-07 13:47:53 UTC

readd clarification of network-manager workaround from Clint in dbus.upstart

Author: Clint Byrum
Revision Date: 2011-05-24 21:27:51 UTC

d/dbus.upstart: Add clarification of network-manager workaround

Author: Jamie Strandboge
Revision Date: 2011-01-04 14:37:19 UTC

* SECURITY UPDATE: fix DoS with too deeply nested messages
  - debian/patches/99-CVE-2010-4352.patch: Limit nesting to 64 for dynamic
    message variants. Backported from upstream.
  - CVE-2010-4352
  - LP: #688992
* debian/control: Build-Depends on libexpat1-dev instead of libexpat-dev

Author: Alkis Georgopoulos
Revision Date: 2011-02-14 11:49:57 UTC

Prevent dbus.postinst from failing in chroots (LP: #552404).

Author: Alkis Georgopoulos
Revision Date: 2011-01-21 12:55:56 UTC

Prevent dbus.postinst from failing in chroots (LP: #552404)

Author: Jamie Strandboge
Revision Date: 2011-01-04 14:37:19 UTC

* SECURITY UPDATE: fix DoS with too deeply nested messages
  - debian/patches/99-CVE-2010-4352.patch: Limit nesting to 64 for dynamic
    message variants. Backported from upstream.
  - CVE-2010-4352
  - LP: #688992
* debian/control: Build-Depends on libexpat1-dev instead of libexpat-dev

Author: Steve Langasek
Revision Date: 2011-03-20 22:07:49 UTC

debian/rules: fix up the sed of the .pc file, we need the path to be
relative to the multiarch dir. Thanks to Lionel Le Folgoc for pointing
this out.

Author: Scott James Remnant (Canonical)
Revision Date: 2010-12-22 17:03:13 UTC

merge to fix

Author: Scott James Remnant (Canonical)
Revision Date: 2010-12-21 13:43:30 UTC

releasing version 1.4.1-0ubuntu1

Author: Scott James Remnant (Canonical)
Revision Date: 2010-12-08 19:44:26 UTC

releasing version 1.4.0-0ubuntu2

Author: Jonathan Riddell
Revision Date: 2010-09-27 13:06:32 UTC

* New upstream release
 - Fixes https://bugs.freedesktop.org/show_bug.cgi?id=17754 Race condition in protected_change_timeout
 - Requested by various upstream KDE developers http://lists.kde.org/?t=128514970000004&r=1&w=2

Author: Martin Pitt
Revision Date: 2010-03-30 14:28:11 UTC

releasing version 1.2.16-2ubuntu4

Author: Michael Vogt
Revision Date: 2009-10-23 20:10:26 UTC

* 20_system_conf_limit.patch:
  - increase max_match_rules_per_connection for the system
    bus to 5000 (LP: #454093)

Author: Marc Deslauriers
Revision Date: 2009-07-06 10:44:11 UTC

* SECURITY UPDATE: Signature spoofing via incorrect logic
  - debian/patches/82-security-CVE-2009-1189.patch: fix logic in
    dbus/dbus-marshal-validate.c and fix test in
    dbus/dbus-marshal-validate-util.c.
  - CVE-2009-1189

Author: Marc Deslauriers
Revision Date: 2009-07-06 10:44:11 UTC

* SECURITY UPDATE: Signature spoofing via incorrect logic
  - debian/patches/82-security-CVE-2009-1189.patch: fix logic in
    dbus/dbus-marshal-validate.c and fix test in
    dbus/dbus-marshal-validate-util.c.
  - CVE-2009-1189

Author: Colin Watson
Revision Date: 2009-01-27 14:25:59 UTC

Create $MESSAGEHOME (/var/run/dbus) if it's missing, rather than just
MESSAGEHOME which clearly wasn't what was intended.

Author: Marc Deslauriers
Revision Date: 2009-07-06 10:49:54 UTC

* SECURITY UPDATE: Signature spoofing via incorrect logic
  - debian/patches/82-security-CVE-2009-1189.patch: fix logic in
    dbus/dbus-marshal-validate.c and fix test in
    dbus/dbus-marshal-validate-util.c.
  - CVE-2009-1189

Author: Marc Deslauriers
Revision Date: 2009-07-06 10:49:54 UTC

* SECURITY UPDATE: Signature spoofing via incorrect logic
  - debian/patches/82-security-CVE-2009-1189.patch: fix logic in
    dbus/dbus-marshal-validate.c and fix test in
    dbus/dbus-marshal-validate-util.c.
  - CVE-2009-1189

Author: Martin Pitt
Revision Date: 2008-10-07 15:26:32 UTC

* New upstream bug fix release: (LP: #279425)
  - Fix crash on dbus_signature_validate("a{(ii)i}", NULL), which would
    unexpectedly abort the calling program. [CVE-2008-3834]
  - Close file descriptors before exec()ing helpers, to avoid locking
    hardware like video cards by eternally open file fds. (LP: #230877)
  - A small number of compilation and portability fixes.

Author: Martin Pitt
Revision Date: 2008-10-14 20:18:24 UTC

Add debian/patches/04_helper_fd_leak.patch: Close file descriptors before
exec()ing helpers, to avoid locking hardware like video cards by eternally
open file fds. (LP: #230877)

Author: Martin Pitt
Revision Date: 2008-02-28 15:08:15 UTC

* New upstream release: Tons of bug fixes, a security fix (CVE-2008-0595),
  and two small new features:
  - inotify support (to replace previous dnotify implementation); can be
    disabled with configure switch if it causes trouble
  - Add matching support for program binaries in dbus policy rules.
* Merge with Debian unstable; remaining changes:
  - debian/patches/81-session.conf-timeout.patch: Raise the service startup
    timeout from 25 to 60 seconds. It may be too short on the live CD with
    slow machines.
  - Add consolekit (>= 0.2.3-3ubuntu2) dependency, which provides
    pam_console compatible stamps in /var/run/console. This keeps
    "at_console" policies working until we get rid of them completely.
    (See policykit-integration spec)
  - debian/dbus.{postinst,prerm}: Do not restart dbus on upgrades, since it
    breaks too many applications. Instead, trigger a "reboot required"
    notification. Since this cancels the postinst early, add an explicit
    update-rc.d call to the symlink migration.
  - debian/rules: Do not install /etc/X11/Xsession.d/75dbus_dbus-launch, we
    do not need it for Gnome, KDE, and XFCE, and it causes trouble.
    (LP #62163)
  - debian/dbus.preinst: Remove obsolete conffile
    /etc/X11/Xsession.d/75dbus_dbus-launch on upgrades. This needs to be
    kept until after Hardy's release.
* Debian's forceful way of RC symlink migration should finally fix all the
  previous upgrade issues with wrong priorities. (LP: #25931)

Author: Kees Cook
Revision Date: 2008-10-13 19:10:35 UTC

* SECURITY UPDATE: policy bypass with NULL interfaces.
  - Add 82-NULL-policy-bypass.patch: upstream fixes.
  - CVE-2008-0595
* SECURITY UPDATE: application crash via corrupt signatures.
  - Add 83-signature-validation.patch: upstream fixes.
  - CVE-2008-3834

Author: Kees Cook
Revision Date: 2008-10-13 19:10:35 UTC

* SECURITY UPDATE: policy bypass with NULL interfaces.
  - Add 82-NULL-policy-bypass.patch: upstream fixes.
  - CVE-2008-0595
* SECURITY UPDATE: application crash via corrupt signatures.
  - Add 83-signature-validation.patch: upstream fixes.
  - CVE-2008-3834

Author: Sebastien Bacher
Revision Date: 2007-10-04 15:56:28 UTC

* debian/control:
  - Build-Depends on xsltproc
* debian/dbus-1-doc.install:
  - install the devhelp index
* debian/dbus-1-doc.links:
  - create a devhelp documentation symlink
* debian/doxygen_to_devhelp.xsl:
  - file from fedora used to generate a devhelp documentation index
* debian/patches/dbus-1.0.1-generate-xml-docs.patch:
  - patch from fedora, build the xml documentation
* debian/rules:
  - build and clean the devhelp index

Author: Kees Cook
Revision Date: 2008-10-13 19:48:09 UTC

* SECURITY UPDATE: policy bypass with NULL interfaces.
  - Add 82-NULL-policy-bypass.patch: upstream fixes.
  - CVE-2008-0595
* SECURITY UPDATE: application crash via corrupt signatures.
  - Add 83-signature-validation.patch: upstream fixes.
  - CVE-2008-3834

Author: Martin Pitt
Revision Date: 2007-07-26 11:08:35 UTC

* Add debian/patches/02_dbus-launch_close_pipe.patch:
  - _dbus_get_autolaunch_address(): When calling dbus-launch fails,
     close the reading end of the pipe.
  - This caused a serious fd leak in programs like cups when they repeatedly
    try to send dbus messages, dbus is not running, and dbus-launch is not
    available or otherwise fails to execute.
  - LP: #112803

Author: Kees Cook
Revision Date: 2008-10-13 19:48:09 UTC

* SECURITY UPDATE: policy bypass with NULL interfaces.
  - Add 82-NULL-policy-bypass.patch: upstream fixes.
  - CVE-2008-0595
* SECURITY UPDATE: application crash via corrupt signatures.
  - Add 83-signature-validation.patch: upstream fixes.
  - CVE-2008-3834

Author: Martin Pitt
Revision Date: 2007-03-08 13:53:22 UTC

* debian/rules: Start dbus at runlevel priority 12, so that it comes before
  gdm. This eliminates the race condition of starting the X session before
  hal is running. (LP: #25931 and two handfuls of dups)
* debian/dbus.postinst: Migrate rc?.d symlinks from 20 to 12 on upgrades to
  this version.
* debian/control: Set Ubuntu maintainer.
* debian/rules: Clean up doc/*.html (they are generated from XML sources).

Author: Kees Cook
Revision Date: 2006-12-13 18:15:00 UTC

* SECURITY UPDATE: denial of service, dbus can be made to ignore
  registered matches for other local users.
* Add debian/patches/match_removal.patch: fix from upstream CVS.
* References
  http://webcvs.freedesktop.org/dbus/dbus/bus/signals.c?r1=1.14&r2=1.14.2.1&view=patch&pathrev=DBUS_1_0
  CVE-2006-6107

Author: Kees Cook
Revision Date: 2006-12-13 18:15:00 UTC

* SECURITY UPDATE: denial of service, dbus can be made to ignore
  registered matches for other local users.
* Add debian/patches/match_removal.patch: fix from upstream CVS.
* References
  http://webcvs.freedesktop.org/dbus/dbus/bus/signals.c?r1=1.14&r2=1.14.2.1&view=patch&pathrev=DBUS_1_0
  CVE-2006-6107

Author: Sebastian Dröge
Revision Date: 2006-10-18 20:21:40 UTC

* debian/session.conf,
  debian/patches/dbus-raise-service-start-timeout.patch:
  + Raise the service activation timeout in the correct file now to 60
    seconds...

Author: Marc Deslauriers
Revision Date: 2009-07-06 11:20:45 UTC

* SECURITY UPDATE: Signature spoofing via incorrect logic
  - debian/patches/84-security-CVE-2009-1189.patch: fix logic in
    dbus/dbus-marshal-validate.c and fix test in
    dbus/dbus-marshal-validate-util.c.
  - CVE-2009-1189

Author: Marc Deslauriers
Revision Date: 2009-07-06 11:20:45 UTC

* SECURITY UPDATE: Signature spoofing via incorrect logic
  - debian/patches/84-security-CVE-2009-1189.patch: fix logic in
    dbus/dbus-marshal-validate.c and fix test in
    dbus/dbus-marshal-validate-util.c.
  - CVE-2009-1189

Author: Sebastian Dröge
Revision Date: 2006-05-15 20:02:55 UTC

Add a small hack to debian/rules to get us the content for the
monodoc-dbus-1-manual package. (Ubuntu: #44449)

Author: Kees Cook
Revision Date: 2006-12-13 13:33:05 UTC

* SECURITY UPDATE: denial of service, dbus can be made to ignore
  registered matches for other local users.
* Add debian/patches/match_removal.patch: fix from upstream CVS.
* References
  http://webcvs.freedesktop.org/dbus/dbus/bus/signals.c?r1=1.14&r2=1.14.2.1&view=patch&pathrev=DBUS_1_0
  CVE-2006-6107

Author: Martin Pitt
Revision Date: 2005-09-30 20:14:53 UTC

Use update-notifier's brand new notify-reboot-required script instead of
creating a dbus specific update notification.

Author: Matthias Klose
Revision Date: 2005-07-27 09:48:27 UTC

debian/patches/dbus-gilstate: Fix segfaults in python bindings.
Patch by Anthony Baxter. Ubuntu #7292.

Author: Daniel Stone
Revision Date: 2005-04-04 12:47:21 UTC

Really add lsb-base dependency this time (closes: Ubuntu#7766).

Author: Martin Pitt
Revision Date: 2005-06-27 07:17:30 UTC

* SECURITY UPDATE: Fix authentication bypass.
* Add debian/patches/dbus-sessionbus-checkuid.patch:
  - bus/session.conf.in: Do not allow any user to connect to any session bus
    by default.
  - bus/policy.c: "allowed" now defaults to true if the connecting user id
    matches the session bus user id.
  - This stops other users from listening and sending to other user's
    session dbus instances.
  - References:
    CAN-2005-0201
    https://bugs.freedesktop.org/show_bug.cgi?id=2436

Author: Daniel Stone
Revision Date: 2004-10-10 20:52:10 UTC

* debian/patches/dbus-monitor.patch:
  + Unbreak dbus-monitor when arguments are given.