Merge ~ogayot/ubuntu/+source/dbus:merge-lp2027991-mantic into ubuntu/+source/dbus:debian/sid
- Git
- lp:~ogayot/ubuntu/+source/dbus
- merge-lp2027991-mantic
- Merge into debian/sid
Status: | Merged | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Merge reported by: | Robie Basak | ||||||||||||||||
Merged at revision: | 58ec4ae0fc98028b13400e22ce674814e96f8ac3 | ||||||||||||||||
Proposed branch: | ~ogayot/ubuntu/+source/dbus:merge-lp2027991-mantic | ||||||||||||||||
Merge into: | ubuntu/+source/dbus:debian/sid | ||||||||||||||||
Diff against target: |
914 lines (+745/-7) (has conflicts) 7 files modified
debian/changelog (+444/-3) debian/control (+2/-1) debian/dbus.postinst (+5/-0) debian/patches/series (+2/-0) debian/patches/ubuntu/aa-get-connection-apparmor-security-context.patch (+192/-0) debian/patches/ubuntu/dont-stop-dbus.patch (+98/-0) debian/rules (+2/-3) Conflict in debian/changelog |
||||||||||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Simon Chopin (community) | Approve | ||
git-ubuntu import | Pending | ||
Review via email: mp+447077@code.launchpad.net |
Commit message
Description of the change
This is a merge of dbus 1.14.8-2 from Debian over our 1.14.6-1ubuntu1 in Ubuntu.
The changelog (upstream and in Debian) consists mainly of bug fixes and some adjustments to logging. Our delta is still needed and the rebase was trivial.
I don't have upload rights so I am requesting sponsorship :)
Upgrade is smooth (tested on amd64). I didn't test an install of dbus from scratch because Ubuntu comes with dbus installed.
The package is uploaded in the ogayot/
Autopkg tests are green [2]
Tags pushed
-----------
logical/
split/1.
reconstruct/
new/debian https:/
old/debian https:/
[1] https:/
[2] https:/
Olivier Gayot (ogayot) wrote : | # |
Bryce Harrington (bryce) wrote : | # |
Hi Olivier,
Overall, this looks good, I do have some suggestions for improving the package, although some of these are pretty minor.
- I notice a couple of the commits cover multiple bulletpoints in the changelog, i.e. a3e0e3b6 and 6140ee75. I might suggest merging the text into a single bullet point maybe with sub-bullets if desired. In a "perfect merge" I would look to one '-' bullet item per commit, with one LP# bug number referenced. I think you might be able to achieve that here with a little copyediting.
- Forwarding delta upstream, or documenting why it is not forwardable, is a useful exercise to check when doing a merge, particularly for a package like dbus that is likely to accumulate lots of delta between merges. It looks like most of this delta has been here a while, and some of the entries do indicate that forwardability has been considered previously, but it would be good to re-review and doublecheck. Each item should ideally either a) have a Debian bug or PR associated, or b) somewhere identify why it is not forwardable. For the latter, packagers sometimes annotate the commit, or the patch itself, or mention in the d/changelog entry, or even just discuss here in the MP description.
- I think there is a typo, "However a finalrd hook", unless there actually is something called "finalrd"?
- I do agree with you that the d/gbp.conf change is probably vestigial; you might investigate further as to when and why that was added. I also wonder about the value of retaining the .gitignore drop. In any case if this is kept it should have a better commit message and changelog entry to advocate it's retention.
Olivier Gayot (ogayot) wrote : | # |
Thanks Bryce!
I updated the MP once to drop the d/gbp.conf / d/.gitignore changes after reviewing with the original author.
There's something going on with the debian/sid branch that got updated with stuff from bookworm - that is causing conflicts. I'm following up on IRC.
> I think there is a typo, "However a finalrd hook", unless there actually is something called "finalrd"?
Actually there is :) https:/
I'm still doing archeology to determine if the other patches are still needed - and document them. Will keep the MP updated.
Thanks,
Olivier
Olivier Gayot (ogayot) wrote (last edit ): | # |
As discussed on #ubuntu-devel [1], I'll keep the MP as is despite the visible conflict in the diff preview. The intended diff preview can be obtained locally with the following command:
$ git diff ogayot/new/debian ogayot/
where ogayot corresponds to this remote:
$ git remote show ogayot
* remote ogayot
Fetch URL: https:/
[...]
[1] https:/
Olivier Gayot (ogayot) wrote : | # |
Updated with requested changes. I investigated the possibility of dropping d/patches/
Other patches are still needed for now. I've reworded the changelog entries and added bug numbers where applicable - to match one bullet point per commit.
Thanks
Simon Chopin (schopin) wrote : | # |
Thanks for the extra documentation, it was indeed much appreciated while reviewing.
Uploaded :)
Robie Basak (racb) wrote : | # |
Simon asked me to mark this as Merged.
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index 9dc22d9..14c36ec 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,8 +1,40 @@ |
6 | +<<<<<<< debian/changelog |
7 | dbus (1.14.8-2~deb12u1) bookworm; urgency=medium |
8 | |
9 | * Rebuild for bookworm |
10 | |
11 | -- Simon McVittie <smcv@debian.org> Tue, 11 Jul 2023 20:59:33 +0100 |
12 | +======= |
13 | +dbus (1.14.8-2ubuntu1) mantic; urgency=medium |
14 | + |
15 | + * Merge with Debian unstable (LP: #2027991). Remaining changes: |
16 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
17 | + intended for upstream inclusion. It implements a bus method |
18 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
19 | + security context but upstream D-Bus has recently added a generic way of |
20 | + getting a connection's security credentials (GetConnectionCredentials). |
21 | + Ubuntu should carry this patch until packages in the archive are moved |
22 | + over to the new, generic method of getting a connection's credentials. |
23 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit |
24 | + (LP: #1438612) |
25 | + - Reworked to actually make dbus.service _and_ dbus.socket to not |
26 | + be part of the shutdown transaction. And yet make it possible |
27 | + to still stop/kill/restart dbus.service if one really |
28 | + wants to, because it is stuck and stopped responding to any |
29 | + commands. This allows allows to restart dbus.service with |
30 | + needrestart. However a finalrd hook might still be needed, to kill |
31 | + dbus-daemon for good, once we pivot off rootfs. |
32 | + - Reworked to avoid a deadlock during boot (LP: #1936948) |
33 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
34 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
35 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
36 | + on demand after package installation. |
37 | + - Prevent dbus from being restarted on upgrade (LP #1962036) |
38 | + * Removed unnecessary delta: |
39 | + - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore) |
40 | + |
41 | + -- Olivier Gayot <olivier.gayot@canonical.com> Mon, 17 Jul 2023 18:10:48 +0200 |
42 | +>>>>>>> debian/changelog |
43 | |
44 | dbus (1.14.8-2) unstable; urgency=high |
45 | |
46 | @@ -36,6 +68,42 @@ dbus (1.14.8-1) unstable; urgency=medium |
47 | |
48 | -- Simon McVittie <smcv@debian.org> Tue, 06 Jun 2023 15:05:50 +0100 |
49 | |
50 | +dbus (1.14.6-1ubuntu1) mantic; urgency=medium |
51 | + |
52 | + * Merge with Debian unstable (LP: #2023301). Remaining changes: |
53 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
54 | + intended for upstream inclusion. It implements a bus method |
55 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
56 | + security context but upstream D-Bus has recently added a generic way of |
57 | + getting a connection's security credentials (GetConnectionCredentials). |
58 | + Ubuntu should carry this patch until packages in the archive are moved |
59 | + over to the new, generic method of getting a connection's credentials. |
60 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
61 | + - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ |
62 | + dbus.socket to not be part of the shutdown transaction. And yet make |
63 | + it possible to still stop/kill/restart dbus.service if one really |
64 | + wants to, because it is stuck and stopped responding to any |
65 | + commands. This allows allows to restart dbus.service with |
66 | + needrestart. However a finalrd hook might still be needed, to kill |
67 | + dbus-daemon for good, once we pivot off rootfs. |
68 | + - Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot |
69 | + (LP #1936948) |
70 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
71 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
72 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
73 | + on demand after package installation. |
74 | + - Prevent dbus from being restarted on upgrade (LP #1962036) |
75 | + - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore) |
76 | + * Removed obsoleted patches: |
77 | + - d/p/u/concrete-dbus-socket.patch: Add the "real" path used by the apparmor |
78 | + autopkgtest to the apparmor profile in the test |
79 | + [merged upstream in 1.14.6] |
80 | + - d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common |
81 | + packages to permit the resolver to use them to satisfy i386 dependencies |
82 | + [merged in debian in 1.14.6-1] |
83 | + |
84 | + -- Olivier Gayot <olivier.gayot@canonical.com> Thu, 08 Jun 2023 17:46:03 +0200 |
85 | + |
86 | dbus (1.14.6-1) unstable; urgency=medium |
87 | |
88 | * New upstream stable release |
89 | @@ -53,6 +121,52 @@ dbus (1.14.6-1) unstable; urgency=medium |
90 | |
91 | -- Simon McVittie <smcv@debian.org> Wed, 08 Feb 2023 13:21:47 +0000 |
92 | |
93 | +dbus (1.14.4-1ubuntu1) lunar; urgency=medium |
94 | + |
95 | + * Merge from Debian unstable (LP: #1999258). Remaining changes: |
96 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
97 | + intended for upstream inclusion. It implements a bus method |
98 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
99 | + security context but upstream D-Bus has recently added a generic way of |
100 | + getting a connection's security credentials (GetConnectionCredentials). |
101 | + Ubuntu should carry this patch until packages in the archive are moved |
102 | + over to the new, generic method of getting a connection's credentials. |
103 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
104 | + - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ |
105 | + dbus.socket to not be part of the shutdown transaction. And yet make it |
106 | + possible to still stop/kill/restart dbus.service if one really wants to, |
107 | + because it is stuck and stopped responding to any commands. This allows |
108 | + allows to restart dbus.service with needrestart. However a finalrd hook |
109 | + might still be needed, to kill dbus-daemon for good, once we pivot off |
110 | + rootfs. |
111 | + - Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot |
112 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
113 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
114 | + Instead, start dbus.socket in postinst, which will then start D-Bus on |
115 | + demand after package installation. |
116 | + - Prevent dbus from being restarted on upgrade |
117 | + - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore) |
118 | + - d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common |
119 | + packages to permit the resolver to use them to satisfy i386 dependencies |
120 | + * Removed patches obsoleted/merged by upstream: |
121 | + - Make autopkgtests cross-test-friendly. |
122 | + - SECURITY UPDATE: Assertion failure in dbus-marshal-validate |
123 | + - debian/patches/CVE-2022-42010.patch: Check brackets in signature nest |
124 | + correctly |
125 | + - CVE-2022-42010 |
126 | + - SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate |
127 | + - debian/patches/CVE-2022-42011.patch: Validate length of arrays of |
128 | + fixed-length items |
129 | + - CVE-2022-42011 |
130 | + - SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap |
131 | + - debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if |
132 | + needed |
133 | + - CVE-2022-42012 |
134 | + * d/p/u/concrete-dbus-socket.patch: Add the "real" path used by the apparmor |
135 | + autopkgtest to the apparmor profile in the test |
136 | + |
137 | + -- Dave Jones <dave.jones@canonical.com> Fri, 09 Dec 2022 15:00:27 +0000 |
138 | + |
139 | dbus (1.14.4-1) unstable; urgency=high |
140 | |
141 | * New upstream stable release 1.14.4 |
142 | @@ -75,6 +189,58 @@ dbus (1.14.2-1) unstable; urgency=medium |
143 | |
144 | -- Simon McVittie <smcv@debian.org> Mon, 26 Sep 2022 17:09:42 +0100 |
145 | |
146 | +dbus (1.14.0-2ubuntu3) kinetic; urgency=medium |
147 | + |
148 | + * SECURITY UPDATE: Assertion failure in dbus-marshal-validate |
149 | + - debian/patches/CVE-2022-42010.patch: Check brackets in signature nest |
150 | + correctly |
151 | + - CVE-2022-42010 |
152 | + * SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate |
153 | + - debian/patches/CVE-2022-42011.patch: Validate length of arrays of |
154 | + fixed-length items |
155 | + - CVE-2022-42011 |
156 | + * SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap |
157 | + - debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed |
158 | + - CVE-2022-42012 |
159 | + |
160 | + -- Nishit Majithia <nishit.majithia@canonical.com> TUe, 25 Oct 2022 18:48:42 +0530 |
161 | + |
162 | +dbus (1.14.0-2ubuntu2) kinetic; urgency=medium |
163 | + |
164 | + * d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common |
165 | + packages to permit the resolver to use them to satisfy i386 dependencies |
166 | + |
167 | + -- Dave Jones <dave.jones@canonical.com> Tue, 30 Aug 2022 15:15:24 +0100 |
168 | + |
169 | +dbus (1.14.0-2ubuntu1) kinetic; urgency=medium |
170 | + |
171 | + * Merge from Debian unstable (LP: #1959211). Remaining changes: |
172 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
173 | + intended for upstream inclusion. It implements a bus method |
174 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
175 | + security context but upstream D-Bus has recently added a generic way of |
176 | + getting a connection's security credentials (GetConnectionCredentials). |
177 | + Ubuntu should carry this patch until packages in the archive are moved |
178 | + over to the new, generic method of getting a connection's credentials. |
179 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
180 | + - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ |
181 | + dbus.socket to not be part of the shutdown transaction. And yet make it |
182 | + possible to still stop/kill/restart dbus.service if one really wants to, |
183 | + because it is stuck and stopped responding to any commands. This allows |
184 | + allows to restart dbus.service with needrestart. However a finalrd hook |
185 | + might still be needed, to kill dbus-daemon for good, once we pivot off |
186 | + rootfs. |
187 | + - Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot |
188 | + - Make autopkgtests cross-test-friendly. |
189 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
190 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
191 | + Instead, start dbus.socket in postinst, which will then start D-Bus on |
192 | + demand after package installation. |
193 | + - Prevent dbus from being restarted on upgrade |
194 | + - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore) |
195 | + |
196 | + -- Dave Jones <dave.jones@canonical.com> Tue, 23 Aug 2022 15:07:57 +0100 |
197 | + |
198 | dbus (1.14.0-2) unstable; urgency=medium |
199 | |
200 | * Revert workaround for #994204. Since debhelper 13.7, the workaround |
201 | @@ -521,6 +687,51 @@ dbus (1.12.20-3) unstable; urgency=medium |
202 | |
203 | -- Simon McVittie <smcv@debian.org> Mon, 25 Oct 2021 10:32:43 +0100 |
204 | |
205 | +dbus (1.12.20-2ubuntu4) jammy; urgency=medium |
206 | + |
207 | + * Prevent dbus from being restarted on upgrade (LP: #1962036) |
208 | + |
209 | + -- Dave Jones <dave.jones@canonical.com> Fri, 01 Apr 2022 18:02:54 +0100 |
210 | + |
211 | +dbus (1.12.20-2ubuntu3) jammy; urgency=medium |
212 | + |
213 | + * No-change rebuild to update maintainer scripts, see LP: 1959054 |
214 | + |
215 | + -- Dave Jones <dave.jones@canonical.com> Wed, 16 Feb 2022 16:50:50 +0000 |
216 | + |
217 | +dbus (1.12.20-2ubuntu2) impish; urgency=medium |
218 | + |
219 | + * Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot |
220 | + (LP: #1936948) |
221 | + |
222 | + -- Lukas Märdian <slyon@ubuntu.com> Thu, 09 Sep 2021 15:45:30 +0200 |
223 | + |
224 | +dbus (1.12.20-2ubuntu1) impish; urgency=medium |
225 | + |
226 | + * Merge from Debian unstable. Remaining changes: |
227 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
228 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
229 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
230 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
231 | + on demand after package installation. |
232 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
233 | + intended for upstream inclusion. It implements a bus method |
234 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
235 | + security context but upstream D-Bus has recently added a generic way of |
236 | + getting a connection's security credentials (GetConnectionCredentials). |
237 | + Ubuntu should carry this patch until packages in the archive are moved |
238 | + over to the new, generic method of getting a connection's credentials. |
239 | + - Make autopkgtests cross-test-friendly. |
240 | + - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ |
241 | + dbus.socket to not be part of the shutdown transaction. And yet make |
242 | + it possible to still stop/kill/restart dbus.service if one really |
243 | + wants to, because it is stuck and stopped responding to any |
244 | + commands. This allows allows to restart dbus.service with |
245 | + needrestart. However a finalrd hook might still be needed, to kill |
246 | + dbus-daemon for good, once we pivot off rootfs. |
247 | + |
248 | + -- Balint Reczey <rbalint@ubuntu.com> Tue, 18 May 2021 10:59:54 +0200 |
249 | + |
250 | dbus (1.12.20-2) unstable; urgency=medium |
251 | |
252 | * Add Provides for the split binary packages added in experimental. |
253 | @@ -536,6 +747,43 @@ dbus (1.12.20-2) unstable; urgency=medium |
254 | |
255 | -- Simon McVittie <smcv@debian.org> Sun, 21 Feb 2021 14:02:17 +0000 |
256 | |
257 | +dbus (1.12.20-1ubuntu3) hirsute; urgency=medium |
258 | + |
259 | + * Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ |
260 | + dbus.socket to not be part of the shutdown transaction. And yet make |
261 | + it possible to still stop/kill/restart dbus.service if one really |
262 | + wants to, because it is stuck and stopped responding to any |
263 | + commands. This allows allows to restart dbus.service with |
264 | + needrestart. However a finalrd hook might still be needed, to kill |
265 | + dbus-daemon for good, once we pivot off rootfs. |
266 | + |
267 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 26 Feb 2021 19:43:15 +0000 |
268 | + |
269 | +dbus (1.12.20-1ubuntu2) hirsute; urgency=medium |
270 | + |
271 | + * No-change rebuild to drop the udeb package. |
272 | + |
273 | + -- Matthias Klose <doko@ubuntu.com> Mon, 22 Feb 2021 10:30:40 +0100 |
274 | + |
275 | +dbus (1.12.20-1ubuntu1) groovy; urgency=low |
276 | + |
277 | + * Merge from Debian unstable. Remaining changes: |
278 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
279 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
280 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
281 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
282 | + on demand after package installation. |
283 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
284 | + intended for upstream inclusion. It implements a bus method |
285 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
286 | + security context but upstream D-Bus has recently added a generic way of |
287 | + getting a connection's security credentials (GetConnectionCredentials). |
288 | + Ubuntu should carry this patch until packages in the archive are moved |
289 | + over to the new, generic method of getting a connection's credentials. |
290 | + - Make autopkgtests cross-test-friendly. |
291 | + |
292 | + -- Iain Lane <iain.lane@canonical.com> Thu, 10 Sep 2020 12:25:12 +0100 |
293 | + |
294 | dbus (1.12.20-1) unstable; urgency=medium |
295 | |
296 | [ Mark Hindley ] |
297 | @@ -550,6 +798,25 @@ dbus (1.12.20-1) unstable; urgency=medium |
298 | |
299 | -- Simon McVittie <smcv@debian.org> Thu, 02 Jul 2020 14:19:21 +0100 |
300 | |
301 | +dbus (1.12.18-1ubuntu1) groovy; urgency=low |
302 | + |
303 | + * Merge from Debian unstable. Remaining changes: |
304 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
305 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
306 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
307 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
308 | + on demand after package installation. |
309 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
310 | + intended for upstream inclusion. It implements a bus method |
311 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
312 | + security context but upstream D-Bus has recently added a generic way of |
313 | + getting a connection's security credentials (GetConnectionCredentials). |
314 | + Ubuntu should carry this patch until packages in the archive are moved |
315 | + over to the new, generic method of getting a connection's credentials. |
316 | + - Make autopkgtests cross-test-friendly. |
317 | + |
318 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 09 Jun 2020 13:55:57 -0700 |
319 | + |
320 | dbus (1.12.18-1) unstable; urgency=medium |
321 | |
322 | [ Simon McVittie ] |
323 | @@ -614,6 +881,33 @@ dbus (1.12.18-1) unstable; urgency=medium |
324 | |
325 | -- Simon McVittie <smcv@debian.org> Tue, 02 Jun 2020 19:48:04 +0100 |
326 | |
327 | +dbus (1.12.16-2ubuntu2) focal; urgency=medium |
328 | + |
329 | + * Make autopkgtests cross-test-friendly. |
330 | + |
331 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 06 Dec 2019 21:22:40 -0800 |
332 | + |
333 | +dbus (1.12.16-2ubuntu1) focal; urgency=medium |
334 | + |
335 | + * Merge from Debian unstable. Remaining changes: |
336 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
337 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
338 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
339 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
340 | + on demand after package installation. |
341 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
342 | + intended for upstream inclusion. It implements a bus method |
343 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
344 | + security context but upstream D-Bus has recently added a generic way of |
345 | + getting a connection's security credentials (GetConnectionCredentials). |
346 | + Ubuntu should carry this patch until packages in the archive are moved |
347 | + over to the new, generic method of getting a connection's credentials. |
348 | + * Removed patches included in new version: |
349 | + - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch |
350 | + - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch |
351 | + |
352 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 26 Nov 2019 12:58:43 -0500 |
353 | + |
354 | dbus (1.12.16-2) unstable; urgency=medium |
355 | |
356 | * Add bug number to previous changelog entry |
357 | @@ -647,6 +941,55 @@ dbus (1.12.16-1) unstable; urgency=medium |
358 | |
359 | -- Simon McVittie <smcv@debian.org> Sun, 09 Jun 2019 21:34:34 +0100 |
360 | |
361 | +dbus (1.12.14-1ubuntu2) eoan; urgency=medium |
362 | + |
363 | + * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw |
364 | + - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch: |
365 | + reject DBUS_COOKIE_SHA1 for users other than the server owner in |
366 | + dbus/dbus-auth.c. |
367 | + - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch: |
368 | + add basic test coverage for DBUS_COOKIE_SHA1 in |
369 | + dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c, |
370 | + dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am, |
371 | + test/data/auth/cookie-sha1-username.auth-script, |
372 | + test/data/auth/cookie-sha1.auth-script. |
373 | + - CVE-2019-12749 |
374 | + |
375 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 11 Jun 2019 13:04:53 -0400 |
376 | + |
377 | +dbus (1.12.14-1ubuntu1) eoan; urgency=low |
378 | + |
379 | + * Merge from Debian unstable. Remaining changes: |
380 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
381 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
382 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
383 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
384 | + on demand after package installation. |
385 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
386 | + intended for upstream inclusion. It implements a bus method |
387 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
388 | + security context but upstream D-Bus has recently added a generic way of |
389 | + getting a connection's security credentials (GetConnectionCredentials). |
390 | + Ubuntu should carry this patch until packages in the archive are moved |
391 | + over to the new, generic method of getting a connection's credentials. |
392 | + |
393 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 22 May 2019 16:41:21 -0700 |
394 | + |
395 | +dbus (1.12.16-1) unstable; urgency=medium |
396 | + |
397 | + * New upstream stable release |
398 | + - CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1 |
399 | + authentication for identities that differ from the user running the |
400 | + DBusServer. Previously, a local attacker could manipulate symbolic |
401 | + links in their own home directory to bypass authentication and |
402 | + connect to a DBusServer with elevated privileges. The standard |
403 | + system and session dbus-daemons in their default configuration were |
404 | + immune to this attack because they did not allow DBUS_COOKIE_SHA1, |
405 | + but third-party users of DBusServer such as Upstart could be |
406 | + vulnerable. (Closes: #930375) |
407 | + |
408 | + -- Simon McVittie <smcv@debian.org> Sun, 09 Jun 2019 21:34:34 +0100 |
409 | + |
410 | dbus (1.12.14-1) unstable; urgency=medium |
411 | |
412 | * New upstream release |
413 | @@ -660,6 +1003,30 @@ dbus (1.12.14-1) unstable; urgency=medium |
414 | |
415 | -- Simon McVittie <smcv@debian.org> Sat, 18 May 2019 17:37:08 +0100 |
416 | |
417 | +dbus (1.12.12-1ubuntu1) disco; urgency=low |
418 | + |
419 | + * Merge from Debian unstable. Remaining changes: |
420 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit |
421 | + (see patch header and upstream bug for details). Fixes various |
422 | + causes of shutdown hangs, particularly with remote file systems. |
423 | + (LP: #1438612) (LP: #1540282) |
424 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
425 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
426 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
427 | + on demand after package installation. |
428 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
429 | + intended for upstream inclusion. It implements a bus method |
430 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
431 | + security context but upstream D-Bus has recently added a generic way of |
432 | + getting a connection's security credentials (GetConnectionCredentials). |
433 | + Ubuntu should carry this patch until packages in the archive are moved |
434 | + over to the new, generic method of getting a connection's credentials. |
435 | + * Dropped changes, superseded in Debian: |
436 | + - debian/tests/root: don't set ulimit on containers, since the container |
437 | + may be unprivileged and "root" may not be able to raise ulimits again. |
438 | + |
439 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Jan 2019 17:47:44 -0800 |
440 | + |
441 | dbus (1.12.12-1) unstable; urgency=medium |
442 | |
443 | [ Ritesh Raj Sarraf ] |
444 | @@ -688,6 +1055,37 @@ dbus (1.12.12-1) unstable; urgency=medium |
445 | |
446 | -- Simon McVittie <smcv@debian.org> Tue, 04 Dec 2018 15:58:18 +0000 |
447 | |
448 | +dbus (1.12.10-1ubuntu2) cosmic; urgency=medium |
449 | + |
450 | + * debian/tests/root: don't set ulimit on containers, since the container |
451 | + may be unprivileged and "root" may not be able to raise ulimits again. |
452 | + |
453 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 06 Sep 2018 03:56:07 +0000 |
454 | + |
455 | +dbus (1.12.10-1ubuntu1) cosmic; urgency=low |
456 | + |
457 | + * Merge from Debian unstable. Remaining changes: |
458 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit |
459 | + (see patch header and upstream bug for details). Fixes various |
460 | + causes of shutdown hangs, particularly with remote file systems. |
461 | + (LP: #1438612) (LP: #1540282) |
462 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
463 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
464 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
465 | + on demand after package installation. |
466 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
467 | + intended for upstream inclusion. It implements a bus method |
468 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
469 | + security context but upstream D-Bus has recently added a generic way of |
470 | + getting a connection's security credentials (GetConnectionCredentials). |
471 | + Ubuntu should carry this patch until packages in the archive are moved |
472 | + over to the new, generic method of getting a connection's credentials. |
473 | + * Dropped changes, no longer needed: |
474 | + - Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until |
475 | + after 18.04 LTS. |
476 | + |
477 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 31 Aug 2018 10:29:17 -0700 |
478 | + |
479 | dbus (1.12.10-1) unstable; urgency=medium |
480 | |
481 | * New upstream release |
482 | @@ -776,6 +1174,29 @@ dbus (1.12.4-1) unstable; urgency=medium |
483 | |
484 | -- Simon McVittie <smcv@debian.org> Thu, 08 Feb 2018 15:05:57 +0000 |
485 | |
486 | +dbus (1.12.2-1ubuntu1) bionic; urgency=medium |
487 | + |
488 | + * Sync with Debian. Remaining changes: |
489 | + - Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until |
490 | + after 18.04 LTS. |
491 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit |
492 | + (see patch header and upstream bug for details). Fixes various |
493 | + causes of shutdown hangs, particularly with remote file systems. |
494 | + (LP: #1438612) (LP: #1540282) |
495 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
496 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
497 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
498 | + on demand after package installation. |
499 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
500 | + intended for upstream inclusion. It implements a bus method |
501 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
502 | + security context but upstream D-Bus has recently added a generic way of |
503 | + getting a connection's security credentials (GetConnectionCredentials). |
504 | + Ubuntu should carry this patch until packages in the archive are moved |
505 | + over to the new, generic method of getting a connection's credentials. |
506 | + |
507 | + -- Jeremy Bicha <jbicha@ubuntu.com> Wed, 15 Nov 2017 17:22:22 -0500 |
508 | + |
509 | dbus (1.12.2-1) unstable; urgency=low |
510 | |
511 | * New upstream release 1.12.2 |
512 | @@ -797,6 +1218,29 @@ dbus (1.12.2-1) unstable; urgency=low |
513 | |
514 | -- Simon McVittie <smcv@debian.org> Mon, 13 Nov 2017 15:36:08 +0000 |
515 | |
516 | +dbus (1.12.0-1ubuntu1) bionic; urgency=medium |
517 | + |
518 | + * Sync with Debian. Remaining changes: |
519 | + - Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until |
520 | + after 18.04 LTS. |
521 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit |
522 | + (see patch header and upstream bug for details). Fixes various |
523 | + causes of shutdown hangs, particularly with remote file systems. |
524 | + (LP: #1438612) (LP: #1540282) |
525 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
526 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
527 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
528 | + on demand after package installation. |
529 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
530 | + intended for upstream inclusion. It implements a bus method |
531 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
532 | + security context but upstream D-Bus has recently added a generic way of |
533 | + getting a connection's security credentials (GetConnectionCredentials). |
534 | + Ubuntu should carry this patch until packages in the archive are moved |
535 | + over to the new, generic method of getting a connection's credentials. |
536 | + |
537 | + -- Jeremy Bicha <jbicha@ubuntu.com> Mon, 30 Oct 2017 19:25:39 -0400 |
538 | + |
539 | dbus (1.12.0-1) unstable; urgency=medium |
540 | |
541 | * New upstream stable release 1.12.0 |
542 | @@ -2706,7 +3150,6 @@ dbus (1.1.1-2) UNRELEASED; urgency=low |
543 | |
544 | -- Michael Biebl <biebl@debian.org> Wed, 27 Jun 2007 01:42:38 +0200 |
545 | |
546 | - |
547 | dbus (1.1.1-1) unstable; urgency=low |
548 | |
549 | [ Michael Biebl ] |
550 | @@ -3016,8 +3459,6 @@ dbus (0.62-2) unstable; urgency=low |
551 | |
552 | -- Sjoerd Simons <sjoerd@debian.org> Wed, 21 Jun 2006 10:47:00 +0200 |
553 | |
554 | - |
555 | - |
556 | dbus (0.62-1) unstable; urgency=low |
557 | |
558 | * New upstream release |
559 | diff --git a/debian/control b/debian/control |
560 | index 1d3b701..b24aaa5 100644 |
561 | --- a/debian/control |
562 | +++ b/debian/control |
563 | @@ -1,7 +1,8 @@ |
564 | Source: dbus |
565 | Section: admin |
566 | Priority: optional |
567 | -Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> |
568 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
569 | +XSBC-Original-Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> |
570 | Uploaders: |
571 | Sjoerd Simons <sjoerd@debian.org>, |
572 | Sebastian Dröge <slomo@debian.org>, |
573 | diff --git a/debian/dbus.postinst b/debian/dbus.postinst |
574 | index 1cfd5e1..dd04aff 100644 |
575 | --- a/debian/dbus.postinst |
576 | +++ b/debian/dbus.postinst |
577 | @@ -70,4 +70,9 @@ if [ -z "${DPKG_ROOT:-}" ] && [ "$1" = configure ] && [ -n "$2" ]; then |
578 | reload_dbus_config |
579 | fi |
580 | |
581 | +# We don't start dbus.service in postinst, so ensure dbus.socket is running |
582 | +if [ "$1" = configure ] && [ -d /run/systemd/system ]; then |
583 | + systemctl try-restart sockets.target || true |
584 | +fi |
585 | + |
586 | # vim:set sw=4 sts=4 et: |
587 | diff --git a/debian/patches/series b/debian/patches/series |
588 | index b926ef8..edf7b82 100644 |
589 | --- a/debian/patches/series |
590 | +++ b/debian/patches/series |
591 | @@ -1 +1,3 @@ |
592 | debian/tests-Multiply-timeouts-by-20-on-riscv64.patch |
593 | +ubuntu/aa-get-connection-apparmor-security-context.patch |
594 | +ubuntu/dont-stop-dbus.patch |
595 | diff --git a/debian/patches/ubuntu/aa-get-connection-apparmor-security-context.patch b/debian/patches/ubuntu/aa-get-connection-apparmor-security-context.patch |
596 | new file mode 100644 |
597 | index 0000000..4c897ae |
598 | --- /dev/null |
599 | +++ b/debian/patches/ubuntu/aa-get-connection-apparmor-security-context.patch |
600 | @@ -0,0 +1,192 @@ |
601 | +From: Tyler Hicks <tyhicks@canonical.com> |
602 | +Date: Fri, 15 Aug 2014 13:37:15 -0500 |
603 | +Subject: Add DBus method to return the AA context of a connection |
604 | + |
605 | +Allows the AppArmor label that is attached to a D-Bus connection to be |
606 | +queried using the unique connection name. |
607 | + |
608 | +For example, |
609 | +$ dbus-send --print-reply --system --dest=org.freedesktop.DBus \ |
610 | + /org/freedesktop/DBus \ |
611 | + org.freedesktop.DBus.GetConnectionAppArmorSecurityContext string::1.4 |
612 | + method return sender=org.freedesktop.DBus -> dest=:1.50 reply_serial=2 |
613 | + string "/usr/sbin/cupsd" |
614 | + |
615 | +[Altered by Simon McVittie: survive non-UTF-8 contexts which |
616 | +would otherwise be a local denial of service, except that Ubuntu |
617 | +inherits a non-fatal warnings patch from Debian; new commit message |
618 | +taken from the Ubuntu changelog; do not emit unreachable code if |
619 | +AppArmor is disabled.] |
620 | + |
621 | +22 July 2023 Updates from ogayot |
622 | + |
623 | +This method has been deprecated for a while now but some packages in Ubuntu |
624 | +still use it. See LP #1489489 |
625 | + |
626 | +Forwarded: not-needed |
627 | +--- |
628 | + bus/apparmor.c | 15 +++++++++ |
629 | + bus/apparmor.h | 1 + |
630 | + bus/driver.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++ |
631 | + dbus/dbus-protocol.h | 2 ++ |
632 | + 4 files changed, 108 insertions(+) |
633 | + |
634 | +diff --git a/bus/apparmor.c b/bus/apparmor.c |
635 | +index 985f5e9..2eba37b 100644 |
636 | +--- a/bus/apparmor.c |
637 | ++++ b/bus/apparmor.c |
638 | +@@ -502,6 +502,21 @@ bus_apparmor_enabled (void) |
639 | + #endif |
640 | + } |
641 | + |
642 | ++const char* |
643 | ++bus_apparmor_confinement_get_label (BusAppArmorConfinement *confinement) |
644 | ++{ |
645 | ++#ifdef HAVE_APPARMOR |
646 | ++ if (!apparmor_enabled) |
647 | ++ return NULL; |
648 | ++ |
649 | ++ _dbus_assert (confinement != NULL); |
650 | ++ |
651 | ++ return confinement->label; |
652 | ++#else |
653 | ++ return NULL; |
654 | ++#endif |
655 | ++} |
656 | ++ |
657 | + void |
658 | + bus_apparmor_confinement_unref (BusAppArmorConfinement *confinement) |
659 | + { |
660 | +diff --git a/bus/apparmor.h b/bus/apparmor.h |
661 | +index ed465f7..b8146df 100644 |
662 | +--- a/bus/apparmor.h |
663 | ++++ b/bus/apparmor.h |
664 | +@@ -38,6 +38,7 @@ dbus_bool_t bus_apparmor_enabled (void); |
665 | + |
666 | + void bus_apparmor_confinement_unref (BusAppArmorConfinement *confinement); |
667 | + void bus_apparmor_confinement_ref (BusAppArmorConfinement *confinement); |
668 | ++const char* bus_apparmor_confinement_get_label (BusAppArmorConfinement *confinement); |
669 | + BusAppArmorConfinement* bus_apparmor_init_connection_confinement (DBusConnection *connection, |
670 | + DBusError *error); |
671 | + |
672 | +diff --git a/bus/driver.c b/bus/driver.c |
673 | +index cd0a714..d1669cb 100644 |
674 | +--- a/bus/driver.c |
675 | ++++ b/bus/driver.c |
676 | +@@ -2005,6 +2005,91 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection, |
677 | + return FALSE; |
678 | + } |
679 | + |
680 | ++static dbus_bool_t |
681 | ++bus_driver_handle_get_connection_apparmor_security_context (DBusConnection *connection, |
682 | ++ BusTransaction *transaction, |
683 | ++ DBusMessage *message, |
684 | ++ DBusError *error) |
685 | ++{ |
686 | ++ const char *service; |
687 | ++ DBusString str; |
688 | ++ BusRegistry *registry; |
689 | ++ BusService *serv; |
690 | ++ DBusConnection *primary_connection; |
691 | ++ DBusMessage *reply; |
692 | ++ BusAppArmorConfinement *confinement; |
693 | ++ const char *label; |
694 | ++ |
695 | ++ _DBUS_ASSERT_ERROR_IS_CLEAR (error); |
696 | ++ |
697 | ++ registry = bus_connection_get_registry (connection); |
698 | ++ |
699 | ++ service = NULL; |
700 | ++ reply = NULL; |
701 | ++ confinement = NULL; |
702 | ++ |
703 | ++ if (! dbus_message_get_args (message, error, DBUS_TYPE_STRING, &service, |
704 | ++ DBUS_TYPE_INVALID)) |
705 | ++ goto failed; |
706 | ++ |
707 | ++ _dbus_verbose ("asked for security context of connection %s\n", service); |
708 | ++ |
709 | ++ _dbus_string_init_const (&str, service); |
710 | ++ serv = bus_registry_lookup (registry, &str); |
711 | ++ if (serv == NULL) |
712 | ++ { |
713 | ++ dbus_set_error (error, |
714 | ++ DBUS_ERROR_NAME_HAS_NO_OWNER, |
715 | ++ "Could not get security context of name '%s': no such name", service); |
716 | ++ goto failed; |
717 | ++ } |
718 | ++ |
719 | ++ primary_connection = bus_service_get_primary_owners_connection (serv); |
720 | ++ |
721 | ++ reply = dbus_message_new_method_return (message); |
722 | ++ if (reply == NULL) |
723 | ++ goto oom; |
724 | ++ |
725 | ++ confinement = bus_connection_dup_apparmor_confinement (primary_connection); |
726 | ++ label = bus_apparmor_confinement_get_label (confinement); |
727 | ++ |
728 | ++ if (label == NULL) |
729 | ++ { |
730 | ++ dbus_set_error (error, |
731 | ++ DBUS_ERROR_APPARMOR_SECURITY_CONTEXT_UNKNOWN, |
732 | ++ "Could not determine security context for '%s'", service); |
733 | ++ goto failed; |
734 | ++ } |
735 | ++ |
736 | ++ if (!dbus_validate_utf8 (label, error)) |
737 | ++ goto failed; |
738 | ++ |
739 | ++ if (! dbus_message_append_args (reply, |
740 | ++ DBUS_TYPE_STRING, |
741 | ++ &label, |
742 | ++ DBUS_TYPE_INVALID)) |
743 | ++ goto failed; |
744 | ++ |
745 | ++ if (! bus_transaction_send_from_driver (transaction, connection, reply)) |
746 | ++ goto oom; |
747 | ++ |
748 | ++ bus_apparmor_confinement_unref (confinement); |
749 | ++ dbus_message_unref (reply); |
750 | ++ |
751 | ++ return TRUE; |
752 | ++ |
753 | ++ oom: |
754 | ++ BUS_SET_OOM (error); |
755 | ++ |
756 | ++ failed: |
757 | ++ _DBUS_ASSERT_ERROR_IS_SET (error); |
758 | ++ if (confinement) |
759 | ++ bus_apparmor_confinement_unref (confinement); |
760 | ++ if (reply) |
761 | ++ dbus_message_unref (reply); |
762 | ++ return FALSE; |
763 | ++} |
764 | ++ |
765 | + static dbus_bool_t |
766 | + bus_driver_handle_reload_config (DBusConnection *connection, |
767 | + BusTransaction *transaction, |
768 | +@@ -2479,6 +2564,11 @@ static const MessageHandler dbus_message_handlers[] = { |
769 | + DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_BYTE_AS_STRING, |
770 | + bus_driver_handle_get_connection_selinux_security_context, |
771 | + METHOD_FLAG_ANY_PATH }, |
772 | ++ { "GetConnectionAppArmorSecurityContext", |
773 | ++ DBUS_TYPE_STRING_AS_STRING, |
774 | ++ DBUS_TYPE_STRING_AS_STRING, |
775 | ++ bus_driver_handle_get_connection_apparmor_security_context, |
776 | ++ METHOD_FLAG_ANY_PATH }, |
777 | + { "ReloadConfig", |
778 | + "", |
779 | + "", |
780 | +diff --git a/dbus/dbus-protocol.h b/dbus/dbus-protocol.h |
781 | +index 933c365..2b7fd23 100644 |
782 | +--- a/dbus/dbus-protocol.h |
783 | ++++ b/dbus/dbus-protocol.h |
784 | +@@ -444,6 +444,8 @@ extern "C" { |
785 | + #define DBUS_ERROR_INVALID_FILE_CONTENT "org.freedesktop.DBus.Error.InvalidFileContent" |
786 | + /** Asked for SELinux security context and it wasn't available. */ |
787 | + #define DBUS_ERROR_SELINUX_SECURITY_CONTEXT_UNKNOWN "org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown" |
788 | ++/** Asked for AppArmor security context and it wasn't available. */ |
789 | ++#define DBUS_ERROR_APPARMOR_SECURITY_CONTEXT_UNKNOWN "org.freedesktop.DBus.Error.AppArmorSecurityContextUnknown" |
790 | + /** Asked for ADT audit data and it wasn't available. */ |
791 | + #define DBUS_ERROR_ADT_AUDIT_DATA_UNKNOWN "org.freedesktop.DBus.Error.AdtAuditDataUnknown" |
792 | + /** There's already an object with the requested object path. */ |
793 | diff --git a/debian/patches/ubuntu/dont-stop-dbus.patch b/debian/patches/ubuntu/dont-stop-dbus.patch |
794 | new file mode 100644 |
795 | index 0000000..0313060 |
796 | --- /dev/null |
797 | +++ b/debian/patches/ubuntu/dont-stop-dbus.patch |
798 | @@ -0,0 +1,98 @@ |
799 | +From: Martin Pitt <martin.pitt@ubuntu.com> |
800 | +Date: Tue, 31 Mar 2015 18:46:06 +0200 |
801 | +Subject: Don't stop D-Bus in the service unit |
802 | + |
803 | +D-Bus is getting stopped too early during shutdown, so that services on the bus |
804 | +are still running (and being shut down) after that. This leads to shutdown |
805 | +hangs due to remote file systems not getting unmounted as wpa_supplicant is |
806 | +already gone, or avahi or NetworkManager getting lots of errors because they |
807 | +get disconnected, etc. As D-Bus does not keep its state between restarts, |
808 | +dbus.socket also does not help us. |
809 | + |
810 | +Also, stopping D-Bus in a running system isn't something which we ever |
811 | +supported; to the contrary, we patched several packages to avoid |
812 | +restarting/stopping D-Bus in postinsts, as stopping d-bus in a running system |
813 | +is shooting yourself into the foot (independent of which init system you use). |
814 | +Thus leaving D-Bus running until the bitter end should be fine, it doesn't have |
815 | +any file system things to do on shutdown. This also approximates the brave new |
816 | +kdbus world where d-bus is basically "always available". |
817 | + |
818 | +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89847 |
819 | +Bug-Ubuntu: https://launchpad.net/bugs/1438612 |
820 | + |
821 | +26 Feb 2021 Updates from xnox |
822 | + |
823 | +Whilst the original patch was okish, it didn't actually work |
824 | +right. dbus.service had Requires dbus.socket, which in turn did not |
825 | +try refuse being stopped, thus socket was being stopped / going away |
826 | +whilst the dbus service is still running. Also that happened on |
827 | +shutdown. And sometimes dbus can hang and refuses to answer, in such |
828 | +cases it is best to let people be able to kill it and restart it. Plus |
829 | +with needrestart integration we kind of can restart dbus and some |
830 | +basic services to keep machine alive. So, to actually prevent dbus |
831 | +from being stopped on shutdown undo the previous incarnation of the |
832 | +patch and instead do this: |
833 | + |
834 | +Dependencies: |
835 | +* Add DefaultDependencies=no |
836 | +* Instead of Requires/After sysinit.target, add back Wants/After sysinit.target. |
837 | +* Add back After basic.target |
838 | +* Do not add back Conflicts/Before shutdown.target |
839 | + |
840 | +Do that for _both_ dbus.service and dbus.socket. |
841 | + |
842 | +dbus.service: |
843 | +* Drop the Killmode, ExecStop things |
844 | +* Make ExecStart be @/usr/bin/dbus-daemon @dbus-daemon .... thus it |
845 | + will now be survie systemd-shutdown kill spree |
846 | + |
847 | +End result is that now one can use $ sudo |
848 | +/etc/needrestart/restart.d/dbus.service to restart dbus, and yet it is |
849 | +not part of the shutdown transactions. |
850 | + |
851 | +09 Sep 2021 Updates from slyon |
852 | + |
853 | +The previous update made it be not part of the shutdown transaction, but |
854 | +introduced a deadlock during bootup like this: |
855 | + |
856 | + systemd[1]: basic.target: starting held back, waiting for: sockets.target |
857 | + systemd[1]: dbus.socket: starting held back, waiting for: basic.target |
858 | + systemd[1]: dbus.service: starting held back, waiting for: dbus.socket |
859 | + |
860 | +Therefore we need to remove the After=basic.target dependency of dbus.socket |
861 | +to break that dependency loop. |
862 | + |
863 | +--- |
864 | + bus/dbus.service.in | 4 ++++ |
865 | + 1 file changed, 4 insertions(+) |
866 | + |
867 | +--- a/bus/dbus.service.in |
868 | ++++ b/bus/dbus.service.in |
869 | +@@ -2,10 +2,14 @@ |
870 | + Description=D-Bus System Message Bus |
871 | + Documentation=man:dbus-daemon(1) |
872 | + Requires=dbus.socket |
873 | ++# Do not stop on shutdown |
874 | ++DefaultDependencies=no |
875 | ++Wants=sysinit.target |
876 | ++After=sysinit.target basic.target |
877 | + |
878 | + [Service] |
879 | + Type=notify |
880 | + NotifyAccess=main |
881 | +-ExecStart=@EXPANDED_BINDIR@/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only |
882 | ++ExecStart=@@EXPANDED_BINDIR@/dbus-daemon @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only |
883 | + ExecReload=@EXPANDED_BINDIR@/dbus-send --print-reply --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig |
884 | + OOMScoreAdjust=-900 |
885 | +--- a/bus/dbus.socket.in |
886 | ++++ b/bus/dbus.socket.in |
887 | +@@ -1,5 +1,9 @@ |
888 | + [Unit] |
889 | + Description=D-Bus System Message Bus Socket |
890 | ++# Do not stop on shutdown |
891 | ++DefaultDependencies=no |
892 | ++Wants=sysinit.target |
893 | ++After=sysinit.target |
894 | + |
895 | + [Socket] |
896 | + ListenStream=@DBUS_SYSTEM_SOCKET@ |
897 | diff --git a/debian/rules b/debian/rules |
898 | index 16f76c8..59aab5e 100755 |
899 | --- a/debian/rules |
900 | +++ b/debian/rules |
901 | @@ -254,11 +254,10 @@ endif |
902 | override_dh_missing: |
903 | dh_missing $(dh_missing_options) |
904 | |
905 | -# Yes, we do need both --no- options here. https://bugs.debian.org/837528 |
906 | override_dh_installinit: |
907 | - dh_installinit -pdbus --no-stop-on-upgrade --no-restart-after-upgrade |
908 | + dh_installinit -pdbus --no-start --no-stop-on-upgrade |
909 | override_dh_installsystemd: |
910 | - dh_installsystemd -pdbus --no-stop-on-upgrade --no-restart-after-upgrade |
911 | + dh_installsystemd -pdbus --no-start --no-stop-on-upgrade |
912 | |
913 | override_dh_installdocs: |
914 | dh_installdocs --all AUTHORS NEWS README |
Adding a note about the debian-branch = ubuntu/bionic in gbp.conf. Suggestions welcome!