Merge ~ogayot/ubuntu/+source/dbus:merge-lp2027991-mantic into ubuntu/+source/dbus:debian/sid
- Git
- lp:~ogayot/ubuntu/+source/dbus
- merge-lp2027991-mantic
- Merge into debian/sid
Proposed by
Olivier Gayot
| Status: | Merged | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Merge reported by: | Robie Basak | ||||||||||||||||
| Merged at revision: | 58ec4ae0fc98028b13400e22ce674814e96f8ac3 | ||||||||||||||||
| Proposed branch: | ~ogayot/ubuntu/+source/dbus:merge-lp2027991-mantic | ||||||||||||||||
| Merge into: | ubuntu/+source/dbus:debian/sid | ||||||||||||||||
| Diff against target: |
914 lines (+745/-7) (has conflicts) 7 files modified
debian/changelog (+444/-3) debian/control (+2/-1) debian/dbus.postinst (+5/-0) debian/patches/series (+2/-0) debian/patches/ubuntu/aa-get-connection-apparmor-security-context.patch (+192/-0) debian/patches/ubuntu/dont-stop-dbus.patch (+98/-0) debian/rules (+2/-3) Conflict in debian/changelog |
||||||||||||||||
| Related bugs: |
|
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Simon Chopin (community) | Approve | ||
| git-ubuntu import | Pending | ||
|
Review via email:
|
|||
Commit message
Description of the change
This is a merge of dbus 1.14.8-2 from Debian over our 1.14.6-1ubuntu1 in Ubuntu.
The changelog (upstream and in Debian) consists mainly of bug fixes and some adjustments to logging. Our delta is still needed and the rebase was trivial.
I don't have upload rights so I am requesting sponsorship :)
Upgrade is smooth (tested on amd64). I didn't test an install of dbus from scratch because Ubuntu comes with dbus installed.
The package is uploaded in the ogayot/
Autopkg tests are green [2]
Tags pushed
-----------
logical/
split/1.
reconstruct/
new/debian https:/
old/debian https:/
[1] https:/
[2] https:/
To post a comment you must log in.
Revision history for this message
| Olivier Gayot (ogayot) wrote : | # |
Revision history for this message
| Bryce Harrington (bryce) wrote : | # |
Hi Olivier,
Overall, this looks good, I do have some suggestions for improving the package, although some of these are pretty minor.
- I notice a couple of the commits cover multiple bulletpoints in the changelog, i.e. a3e0e3b6 and 6140ee75. I might suggest merging the text into a single bullet point maybe with sub-bullets if desired. In a "perfect merge" I would look to one '-' bullet item per commit, with one LP# bug number referenced. I think you might be able to achieve that here with a little copyediting.
- Forwarding delta upstream, or documenting why it is not forwardable, is a useful exercise to check when doing a merge, particularly for a package like dbus that is likely to accumulate lots of delta between merges. It looks like most of this delta has been here a while, and some of the entries do indicate that forwardability has been considered previously, but it would be good to re-review and doublecheck. Each item should ideally either a) have a Debian bug or PR associated, or b) somewhere identify why it is not forwardable. For the latter, packagers sometimes annotate the commit, or the patch itself, or mention in the d/changelog entry, or even just discuss here in the MP description.
- I think there is a typo, "However a finalrd hook", unless there actually is something called "finalrd"?
- I do agree with you that the d/gbp.conf change is probably vestigial; you might investigate further as to when and why that was added. I also wonder about the value of retaining the .gitignore drop. In any case if this is kept it should have a better commit message and changelog entry to advocate it's retention.
Revision history for this message
| Olivier Gayot (ogayot) wrote : | # |
Thanks Bryce!
I updated the MP once to drop the d/gbp.conf / d/.gitignore changes after reviewing with the original author.
There's something going on with the debian/sid branch that got updated with stuff from bookworm - that is causing conflicts. I'm following up on IRC.
> I think there is a typo, "However a finalrd hook", unless there actually is something called "finalrd"?
Actually there is :) https:/
I'm still doing archeology to determine if the other patches are still needed - and document them. Will keep the MP updated.
Thanks,
Olivier
Revision history for this message
| Olivier Gayot (ogayot) wrote (last edit ): | # |
As discussed on #ubuntu-devel [1], I'll keep the MP as is despite the visible conflict in the diff preview. The intended diff preview can be obtained locally with the following command:
$ git diff ogayot/new/debian ogayot/
where ogayot corresponds to this remote:
$ git remote show ogayot
* remote ogayot
Fetch URL: https:/
[...]
[1] https:/
Revision history for this message
| Olivier Gayot (ogayot) wrote : | # |
Updated with requested changes. I investigated the possibility of dropping d/patches/
Other patches are still needed for now. I've reworded the changelog entries and added bug numbers where applicable - to match one bullet point per commit.
Thanks
Revision history for this message
| Simon Chopin (schopin) wrote : | # |
Thanks for the extra documentation, it was indeed much appreciated while reviewing.
Uploaded :)
review:
Approve
Revision history for this message
| Robie Basak (racb) wrote : | # |
Simon asked me to mark this as Merged.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
| 1 | diff --git a/debian/changelog b/debian/changelog |
| 2 | index 9dc22d9..14c36ec 100644 |
| 3 | --- a/debian/changelog |
| 4 | +++ b/debian/changelog |
| 5 | @@ -1,8 +1,40 @@ |
| 6 | +<<<<<<< debian/changelog |
| 7 | dbus (1.14.8-2~deb12u1) bookworm; urgency=medium |
| 8 | |
| 9 | * Rebuild for bookworm |
| 10 | |
| 11 | -- Simon McVittie <smcv@debian.org> Tue, 11 Jul 2023 20:59:33 +0100 |
| 12 | +======= |
| 13 | +dbus (1.14.8-2ubuntu1) mantic; urgency=medium |
| 14 | + |
| 15 | + * Merge with Debian unstable (LP: #2027991). Remaining changes: |
| 16 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
| 17 | + intended for upstream inclusion. It implements a bus method |
| 18 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
| 19 | + security context but upstream D-Bus has recently added a generic way of |
| 20 | + getting a connection's security credentials (GetConnectionCredentials). |
| 21 | + Ubuntu should carry this patch until packages in the archive are moved |
| 22 | + over to the new, generic method of getting a connection's credentials. |
| 23 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit |
| 24 | + (LP: #1438612) |
| 25 | + - Reworked to actually make dbus.service _and_ dbus.socket to not |
| 26 | + be part of the shutdown transaction. And yet make it possible |
| 27 | + to still stop/kill/restart dbus.service if one really |
| 28 | + wants to, because it is stuck and stopped responding to any |
| 29 | + commands. This allows allows to restart dbus.service with |
| 30 | + needrestart. However a finalrd hook might still be needed, to kill |
| 31 | + dbus-daemon for good, once we pivot off rootfs. |
| 32 | + - Reworked to avoid a deadlock during boot (LP: #1936948) |
| 33 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
| 34 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
| 35 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
| 36 | + on demand after package installation. |
| 37 | + - Prevent dbus from being restarted on upgrade (LP #1962036) |
| 38 | + * Removed unnecessary delta: |
| 39 | + - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore) |
| 40 | + |
| 41 | + -- Olivier Gayot <olivier.gayot@canonical.com> Mon, 17 Jul 2023 18:10:48 +0200 |
| 42 | +>>>>>>> debian/changelog |
| 43 | |
| 44 | dbus (1.14.8-2) unstable; urgency=high |
| 45 | |
| 46 | @@ -36,6 +68,42 @@ dbus (1.14.8-1) unstable; urgency=medium |
| 47 | |
| 48 | -- Simon McVittie <smcv@debian.org> Tue, 06 Jun 2023 15:05:50 +0100 |
| 49 | |
| 50 | +dbus (1.14.6-1ubuntu1) mantic; urgency=medium |
| 51 | + |
| 52 | + * Merge with Debian unstable (LP: #2023301). Remaining changes: |
| 53 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
| 54 | + intended for upstream inclusion. It implements a bus method |
| 55 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
| 56 | + security context but upstream D-Bus has recently added a generic way of |
| 57 | + getting a connection's security credentials (GetConnectionCredentials). |
| 58 | + Ubuntu should carry this patch until packages in the archive are moved |
| 59 | + over to the new, generic method of getting a connection's credentials. |
| 60 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
| 61 | + - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ |
| 62 | + dbus.socket to not be part of the shutdown transaction. And yet make |
| 63 | + it possible to still stop/kill/restart dbus.service if one really |
| 64 | + wants to, because it is stuck and stopped responding to any |
| 65 | + commands. This allows allows to restart dbus.service with |
| 66 | + needrestart. However a finalrd hook might still be needed, to kill |
| 67 | + dbus-daemon for good, once we pivot off rootfs. |
| 68 | + - Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot |
| 69 | + (LP #1936948) |
| 70 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
| 71 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
| 72 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
| 73 | + on demand after package installation. |
| 74 | + - Prevent dbus from being restarted on upgrade (LP #1962036) |
| 75 | + - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore) |
| 76 | + * Removed obsoleted patches: |
| 77 | + - d/p/u/concrete-dbus-socket.patch: Add the "real" path used by the apparmor |
| 78 | + autopkgtest to the apparmor profile in the test |
| 79 | + [merged upstream in 1.14.6] |
| 80 | + - d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common |
| 81 | + packages to permit the resolver to use them to satisfy i386 dependencies |
| 82 | + [merged in debian in 1.14.6-1] |
| 83 | + |
| 84 | + -- Olivier Gayot <olivier.gayot@canonical.com> Thu, 08 Jun 2023 17:46:03 +0200 |
| 85 | + |
| 86 | dbus (1.14.6-1) unstable; urgency=medium |
| 87 | |
| 88 | * New upstream stable release |
| 89 | @@ -53,6 +121,52 @@ dbus (1.14.6-1) unstable; urgency=medium |
| 90 | |
| 91 | -- Simon McVittie <smcv@debian.org> Wed, 08 Feb 2023 13:21:47 +0000 |
| 92 | |
| 93 | +dbus (1.14.4-1ubuntu1) lunar; urgency=medium |
| 94 | + |
| 95 | + * Merge from Debian unstable (LP: #1999258). Remaining changes: |
| 96 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
| 97 | + intended for upstream inclusion. It implements a bus method |
| 98 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
| 99 | + security context but upstream D-Bus has recently added a generic way of |
| 100 | + getting a connection's security credentials (GetConnectionCredentials). |
| 101 | + Ubuntu should carry this patch until packages in the archive are moved |
| 102 | + over to the new, generic method of getting a connection's credentials. |
| 103 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
| 104 | + - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ |
| 105 | + dbus.socket to not be part of the shutdown transaction. And yet make it |
| 106 | + possible to still stop/kill/restart dbus.service if one really wants to, |
| 107 | + because it is stuck and stopped responding to any commands. This allows |
| 108 | + allows to restart dbus.service with needrestart. However a finalrd hook |
| 109 | + might still be needed, to kill dbus-daemon for good, once we pivot off |
| 110 | + rootfs. |
| 111 | + - Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot |
| 112 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
| 113 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
| 114 | + Instead, start dbus.socket in postinst, which will then start D-Bus on |
| 115 | + demand after package installation. |
| 116 | + - Prevent dbus from being restarted on upgrade |
| 117 | + - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore) |
| 118 | + - d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common |
| 119 | + packages to permit the resolver to use them to satisfy i386 dependencies |
| 120 | + * Removed patches obsoleted/merged by upstream: |
| 121 | + - Make autopkgtests cross-test-friendly. |
| 122 | + - SECURITY UPDATE: Assertion failure in dbus-marshal-validate |
| 123 | + - debian/patches/CVE-2022-42010.patch: Check brackets in signature nest |
| 124 | + correctly |
| 125 | + - CVE-2022-42010 |
| 126 | + - SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate |
| 127 | + - debian/patches/CVE-2022-42011.patch: Validate length of arrays of |
| 128 | + fixed-length items |
| 129 | + - CVE-2022-42011 |
| 130 | + - SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap |
| 131 | + - debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if |
| 132 | + needed |
| 133 | + - CVE-2022-42012 |
| 134 | + * d/p/u/concrete-dbus-socket.patch: Add the "real" path used by the apparmor |
| 135 | + autopkgtest to the apparmor profile in the test |
| 136 | + |
| 137 | + -- Dave Jones <dave.jones@canonical.com> Fri, 09 Dec 2022 15:00:27 +0000 |
| 138 | + |
| 139 | dbus (1.14.4-1) unstable; urgency=high |
| 140 | |
| 141 | * New upstream stable release 1.14.4 |
| 142 | @@ -75,6 +189,58 @@ dbus (1.14.2-1) unstable; urgency=medium |
| 143 | |
| 144 | -- Simon McVittie <smcv@debian.org> Mon, 26 Sep 2022 17:09:42 +0100 |
| 145 | |
| 146 | +dbus (1.14.0-2ubuntu3) kinetic; urgency=medium |
| 147 | + |
| 148 | + * SECURITY UPDATE: Assertion failure in dbus-marshal-validate |
| 149 | + - debian/patches/CVE-2022-42010.patch: Check brackets in signature nest |
| 150 | + correctly |
| 151 | + - CVE-2022-42010 |
| 152 | + * SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate |
| 153 | + - debian/patches/CVE-2022-42011.patch: Validate length of arrays of |
| 154 | + fixed-length items |
| 155 | + - CVE-2022-42011 |
| 156 | + * SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap |
| 157 | + - debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed |
| 158 | + - CVE-2022-42012 |
| 159 | + |
| 160 | + -- Nishit Majithia <nishit.majithia@canonical.com> TUe, 25 Oct 2022 18:48:42 +0530 |
| 161 | + |
| 162 | +dbus (1.14.0-2ubuntu2) kinetic; urgency=medium |
| 163 | + |
| 164 | + * d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common |
| 165 | + packages to permit the resolver to use them to satisfy i386 dependencies |
| 166 | + |
| 167 | + -- Dave Jones <dave.jones@canonical.com> Tue, 30 Aug 2022 15:15:24 +0100 |
| 168 | + |
| 169 | +dbus (1.14.0-2ubuntu1) kinetic; urgency=medium |
| 170 | + |
| 171 | + * Merge from Debian unstable (LP: #1959211). Remaining changes: |
| 172 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
| 173 | + intended for upstream inclusion. It implements a bus method |
| 174 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
| 175 | + security context but upstream D-Bus has recently added a generic way of |
| 176 | + getting a connection's security credentials (GetConnectionCredentials). |
| 177 | + Ubuntu should carry this patch until packages in the archive are moved |
| 178 | + over to the new, generic method of getting a connection's credentials. |
| 179 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
| 180 | + - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ |
| 181 | + dbus.socket to not be part of the shutdown transaction. And yet make it |
| 182 | + possible to still stop/kill/restart dbus.service if one really wants to, |
| 183 | + because it is stuck and stopped responding to any commands. This allows |
| 184 | + allows to restart dbus.service with needrestart. However a finalrd hook |
| 185 | + might still be needed, to kill dbus-daemon for good, once we pivot off |
| 186 | + rootfs. |
| 187 | + - Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot |
| 188 | + - Make autopkgtests cross-test-friendly. |
| 189 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
| 190 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
| 191 | + Instead, start dbus.socket in postinst, which will then start D-Bus on |
| 192 | + demand after package installation. |
| 193 | + - Prevent dbus from being restarted on upgrade |
| 194 | + - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore) |
| 195 | + |
| 196 | + -- Dave Jones <dave.jones@canonical.com> Tue, 23 Aug 2022 15:07:57 +0100 |
| 197 | + |
| 198 | dbus (1.14.0-2) unstable; urgency=medium |
| 199 | |
| 200 | * Revert workaround for #994204. Since debhelper 13.7, the workaround |
| 201 | @@ -521,6 +687,51 @@ dbus (1.12.20-3) unstable; urgency=medium |
| 202 | |
| 203 | -- Simon McVittie <smcv@debian.org> Mon, 25 Oct 2021 10:32:43 +0100 |
| 204 | |
| 205 | +dbus (1.12.20-2ubuntu4) jammy; urgency=medium |
| 206 | + |
| 207 | + * Prevent dbus from being restarted on upgrade (LP: #1962036) |
| 208 | + |
| 209 | + -- Dave Jones <dave.jones@canonical.com> Fri, 01 Apr 2022 18:02:54 +0100 |
| 210 | + |
| 211 | +dbus (1.12.20-2ubuntu3) jammy; urgency=medium |
| 212 | + |
| 213 | + * No-change rebuild to update maintainer scripts, see LP: 1959054 |
| 214 | + |
| 215 | + -- Dave Jones <dave.jones@canonical.com> Wed, 16 Feb 2022 16:50:50 +0000 |
| 216 | + |
| 217 | +dbus (1.12.20-2ubuntu2) impish; urgency=medium |
| 218 | + |
| 219 | + * Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot |
| 220 | + (LP: #1936948) |
| 221 | + |
| 222 | + -- Lukas Märdian <slyon@ubuntu.com> Thu, 09 Sep 2021 15:45:30 +0200 |
| 223 | + |
| 224 | +dbus (1.12.20-2ubuntu1) impish; urgency=medium |
| 225 | + |
| 226 | + * Merge from Debian unstable. Remaining changes: |
| 227 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
| 228 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
| 229 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
| 230 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
| 231 | + on demand after package installation. |
| 232 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
| 233 | + intended for upstream inclusion. It implements a bus method |
| 234 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
| 235 | + security context but upstream D-Bus has recently added a generic way of |
| 236 | + getting a connection's security credentials (GetConnectionCredentials). |
| 237 | + Ubuntu should carry this patch until packages in the archive are moved |
| 238 | + over to the new, generic method of getting a connection's credentials. |
| 239 | + - Make autopkgtests cross-test-friendly. |
| 240 | + - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ |
| 241 | + dbus.socket to not be part of the shutdown transaction. And yet make |
| 242 | + it possible to still stop/kill/restart dbus.service if one really |
| 243 | + wants to, because it is stuck and stopped responding to any |
| 244 | + commands. This allows allows to restart dbus.service with |
| 245 | + needrestart. However a finalrd hook might still be needed, to kill |
| 246 | + dbus-daemon for good, once we pivot off rootfs. |
| 247 | + |
| 248 | + -- Balint Reczey <rbalint@ubuntu.com> Tue, 18 May 2021 10:59:54 +0200 |
| 249 | + |
| 250 | dbus (1.12.20-2) unstable; urgency=medium |
| 251 | |
| 252 | * Add Provides for the split binary packages added in experimental. |
| 253 | @@ -536,6 +747,43 @@ dbus (1.12.20-2) unstable; urgency=medium |
| 254 | |
| 255 | -- Simon McVittie <smcv@debian.org> Sun, 21 Feb 2021 14:02:17 +0000 |
| 256 | |
| 257 | +dbus (1.12.20-1ubuntu3) hirsute; urgency=medium |
| 258 | + |
| 259 | + * Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ |
| 260 | + dbus.socket to not be part of the shutdown transaction. And yet make |
| 261 | + it possible to still stop/kill/restart dbus.service if one really |
| 262 | + wants to, because it is stuck and stopped responding to any |
| 263 | + commands. This allows allows to restart dbus.service with |
| 264 | + needrestart. However a finalrd hook might still be needed, to kill |
| 265 | + dbus-daemon for good, once we pivot off rootfs. |
| 266 | + |
| 267 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 26 Feb 2021 19:43:15 +0000 |
| 268 | + |
| 269 | +dbus (1.12.20-1ubuntu2) hirsute; urgency=medium |
| 270 | + |
| 271 | + * No-change rebuild to drop the udeb package. |
| 272 | + |
| 273 | + -- Matthias Klose <doko@ubuntu.com> Mon, 22 Feb 2021 10:30:40 +0100 |
| 274 | + |
| 275 | +dbus (1.12.20-1ubuntu1) groovy; urgency=low |
| 276 | + |
| 277 | + * Merge from Debian unstable. Remaining changes: |
| 278 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
| 279 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
| 280 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
| 281 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
| 282 | + on demand after package installation. |
| 283 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
| 284 | + intended for upstream inclusion. It implements a bus method |
| 285 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
| 286 | + security context but upstream D-Bus has recently added a generic way of |
| 287 | + getting a connection's security credentials (GetConnectionCredentials). |
| 288 | + Ubuntu should carry this patch until packages in the archive are moved |
| 289 | + over to the new, generic method of getting a connection's credentials. |
| 290 | + - Make autopkgtests cross-test-friendly. |
| 291 | + |
| 292 | + -- Iain Lane <iain.lane@canonical.com> Thu, 10 Sep 2020 12:25:12 +0100 |
| 293 | + |
| 294 | dbus (1.12.20-1) unstable; urgency=medium |
| 295 | |
| 296 | [ Mark Hindley ] |
| 297 | @@ -550,6 +798,25 @@ dbus (1.12.20-1) unstable; urgency=medium |
| 298 | |
| 299 | -- Simon McVittie <smcv@debian.org> Thu, 02 Jul 2020 14:19:21 +0100 |
| 300 | |
| 301 | +dbus (1.12.18-1ubuntu1) groovy; urgency=low |
| 302 | + |
| 303 | + * Merge from Debian unstable. Remaining changes: |
| 304 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
| 305 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
| 306 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
| 307 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
| 308 | + on demand after package installation. |
| 309 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
| 310 | + intended for upstream inclusion. It implements a bus method |
| 311 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
| 312 | + security context but upstream D-Bus has recently added a generic way of |
| 313 | + getting a connection's security credentials (GetConnectionCredentials). |
| 314 | + Ubuntu should carry this patch until packages in the archive are moved |
| 315 | + over to the new, generic method of getting a connection's credentials. |
| 316 | + - Make autopkgtests cross-test-friendly. |
| 317 | + |
| 318 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 09 Jun 2020 13:55:57 -0700 |
| 319 | + |
| 320 | dbus (1.12.18-1) unstable; urgency=medium |
| 321 | |
| 322 | [ Simon McVittie ] |
| 323 | @@ -614,6 +881,33 @@ dbus (1.12.18-1) unstable; urgency=medium |
| 324 | |
| 325 | -- Simon McVittie <smcv@debian.org> Tue, 02 Jun 2020 19:48:04 +0100 |
| 326 | |
| 327 | +dbus (1.12.16-2ubuntu2) focal; urgency=medium |
| 328 | + |
| 329 | + * Make autopkgtests cross-test-friendly. |
| 330 | + |
| 331 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 06 Dec 2019 21:22:40 -0800 |
| 332 | + |
| 333 | +dbus (1.12.16-2ubuntu1) focal; urgency=medium |
| 334 | + |
| 335 | + * Merge from Debian unstable. Remaining changes: |
| 336 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
| 337 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
| 338 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
| 339 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
| 340 | + on demand after package installation. |
| 341 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
| 342 | + intended for upstream inclusion. It implements a bus method |
| 343 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
| 344 | + security context but upstream D-Bus has recently added a generic way of |
| 345 | + getting a connection's security credentials (GetConnectionCredentials). |
| 346 | + Ubuntu should carry this patch until packages in the archive are moved |
| 347 | + over to the new, generic method of getting a connection's credentials. |
| 348 | + * Removed patches included in new version: |
| 349 | + - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch |
| 350 | + - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch |
| 351 | + |
| 352 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 26 Nov 2019 12:58:43 -0500 |
| 353 | + |
| 354 | dbus (1.12.16-2) unstable; urgency=medium |
| 355 | |
| 356 | * Add bug number to previous changelog entry |
| 357 | @@ -647,6 +941,55 @@ dbus (1.12.16-1) unstable; urgency=medium |
| 358 | |
| 359 | -- Simon McVittie <smcv@debian.org> Sun, 09 Jun 2019 21:34:34 +0100 |
| 360 | |
| 361 | +dbus (1.12.14-1ubuntu2) eoan; urgency=medium |
| 362 | + |
| 363 | + * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw |
| 364 | + - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch: |
| 365 | + reject DBUS_COOKIE_SHA1 for users other than the server owner in |
| 366 | + dbus/dbus-auth.c. |
| 367 | + - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch: |
| 368 | + add basic test coverage for DBUS_COOKIE_SHA1 in |
| 369 | + dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c, |
| 370 | + dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am, |
| 371 | + test/data/auth/cookie-sha1-username.auth-script, |
| 372 | + test/data/auth/cookie-sha1.auth-script. |
| 373 | + - CVE-2019-12749 |
| 374 | + |
| 375 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 11 Jun 2019 13:04:53 -0400 |
| 376 | + |
| 377 | +dbus (1.12.14-1ubuntu1) eoan; urgency=low |
| 378 | + |
| 379 | + * Merge from Debian unstable. Remaining changes: |
| 380 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
| 381 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
| 382 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
| 383 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
| 384 | + on demand after package installation. |
| 385 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
| 386 | + intended for upstream inclusion. It implements a bus method |
| 387 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
| 388 | + security context but upstream D-Bus has recently added a generic way of |
| 389 | + getting a connection's security credentials (GetConnectionCredentials). |
| 390 | + Ubuntu should carry this patch until packages in the archive are moved |
| 391 | + over to the new, generic method of getting a connection's credentials. |
| 392 | + |
| 393 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 22 May 2019 16:41:21 -0700 |
| 394 | + |
| 395 | +dbus (1.12.16-1) unstable; urgency=medium |
| 396 | + |
| 397 | + * New upstream stable release |
| 398 | + - CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1 |
| 399 | + authentication for identities that differ from the user running the |
| 400 | + DBusServer. Previously, a local attacker could manipulate symbolic |
| 401 | + links in their own home directory to bypass authentication and |
| 402 | + connect to a DBusServer with elevated privileges. The standard |
| 403 | + system and session dbus-daemons in their default configuration were |
| 404 | + immune to this attack because they did not allow DBUS_COOKIE_SHA1, |
| 405 | + but third-party users of DBusServer such as Upstart could be |
| 406 | + vulnerable. (Closes: #930375) |
| 407 | + |
| 408 | + -- Simon McVittie <smcv@debian.org> Sun, 09 Jun 2019 21:34:34 +0100 |
| 409 | + |
| 410 | dbus (1.12.14-1) unstable; urgency=medium |
| 411 | |
| 412 | * New upstream release |
| 413 | @@ -660,6 +1003,30 @@ dbus (1.12.14-1) unstable; urgency=medium |
| 414 | |
| 415 | -- Simon McVittie <smcv@debian.org> Sat, 18 May 2019 17:37:08 +0100 |
| 416 | |
| 417 | +dbus (1.12.12-1ubuntu1) disco; urgency=low |
| 418 | + |
| 419 | + * Merge from Debian unstable. Remaining changes: |
| 420 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit |
| 421 | + (see patch header and upstream bug for details). Fixes various |
| 422 | + causes of shutdown hangs, particularly with remote file systems. |
| 423 | + (LP: #1438612) (LP: #1540282) |
| 424 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
| 425 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
| 426 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
| 427 | + on demand after package installation. |
| 428 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
| 429 | + intended for upstream inclusion. It implements a bus method |
| 430 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
| 431 | + security context but upstream D-Bus has recently added a generic way of |
| 432 | + getting a connection's security credentials (GetConnectionCredentials). |
| 433 | + Ubuntu should carry this patch until packages in the archive are moved |
| 434 | + over to the new, generic method of getting a connection's credentials. |
| 435 | + * Dropped changes, superseded in Debian: |
| 436 | + - debian/tests/root: don't set ulimit on containers, since the container |
| 437 | + may be unprivileged and "root" may not be able to raise ulimits again. |
| 438 | + |
| 439 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Jan 2019 17:47:44 -0800 |
| 440 | + |
| 441 | dbus (1.12.12-1) unstable; urgency=medium |
| 442 | |
| 443 | [ Ritesh Raj Sarraf ] |
| 444 | @@ -688,6 +1055,37 @@ dbus (1.12.12-1) unstable; urgency=medium |
| 445 | |
| 446 | -- Simon McVittie <smcv@debian.org> Tue, 04 Dec 2018 15:58:18 +0000 |
| 447 | |
| 448 | +dbus (1.12.10-1ubuntu2) cosmic; urgency=medium |
| 449 | + |
| 450 | + * debian/tests/root: don't set ulimit on containers, since the container |
| 451 | + may be unprivileged and "root" may not be able to raise ulimits again. |
| 452 | + |
| 453 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 06 Sep 2018 03:56:07 +0000 |
| 454 | + |
| 455 | +dbus (1.12.10-1ubuntu1) cosmic; urgency=low |
| 456 | + |
| 457 | + * Merge from Debian unstable. Remaining changes: |
| 458 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit |
| 459 | + (see patch header and upstream bug for details). Fixes various |
| 460 | + causes of shutdown hangs, particularly with remote file systems. |
| 461 | + (LP: #1438612) (LP: #1540282) |
| 462 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
| 463 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
| 464 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
| 465 | + on demand after package installation. |
| 466 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
| 467 | + intended for upstream inclusion. It implements a bus method |
| 468 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
| 469 | + security context but upstream D-Bus has recently added a generic way of |
| 470 | + getting a connection's security credentials (GetConnectionCredentials). |
| 471 | + Ubuntu should carry this patch until packages in the archive are moved |
| 472 | + over to the new, generic method of getting a connection's credentials. |
| 473 | + * Dropped changes, no longer needed: |
| 474 | + - Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until |
| 475 | + after 18.04 LTS. |
| 476 | + |
| 477 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 31 Aug 2018 10:29:17 -0700 |
| 478 | + |
| 479 | dbus (1.12.10-1) unstable; urgency=medium |
| 480 | |
| 481 | * New upstream release |
| 482 | @@ -776,6 +1174,29 @@ dbus (1.12.4-1) unstable; urgency=medium |
| 483 | |
| 484 | -- Simon McVittie <smcv@debian.org> Thu, 08 Feb 2018 15:05:57 +0000 |
| 485 | |
| 486 | +dbus (1.12.2-1ubuntu1) bionic; urgency=medium |
| 487 | + |
| 488 | + * Sync with Debian. Remaining changes: |
| 489 | + - Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until |
| 490 | + after 18.04 LTS. |
| 491 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit |
| 492 | + (see patch header and upstream bug for details). Fixes various |
| 493 | + causes of shutdown hangs, particularly with remote file systems. |
| 494 | + (LP: #1438612) (LP: #1540282) |
| 495 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
| 496 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
| 497 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
| 498 | + on demand after package installation. |
| 499 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
| 500 | + intended for upstream inclusion. It implements a bus method |
| 501 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
| 502 | + security context but upstream D-Bus has recently added a generic way of |
| 503 | + getting a connection's security credentials (GetConnectionCredentials). |
| 504 | + Ubuntu should carry this patch until packages in the archive are moved |
| 505 | + over to the new, generic method of getting a connection's credentials. |
| 506 | + |
| 507 | + -- Jeremy Bicha <jbicha@ubuntu.com> Wed, 15 Nov 2017 17:22:22 -0500 |
| 508 | + |
| 509 | dbus (1.12.2-1) unstable; urgency=low |
| 510 | |
| 511 | * New upstream release 1.12.2 |
| 512 | @@ -797,6 +1218,29 @@ dbus (1.12.2-1) unstable; urgency=low |
| 513 | |
| 514 | -- Simon McVittie <smcv@debian.org> Mon, 13 Nov 2017 15:36:08 +0000 |
| 515 | |
| 516 | +dbus (1.12.0-1ubuntu1) bionic; urgency=medium |
| 517 | + |
| 518 | + * Sync with Debian. Remaining changes: |
| 519 | + - Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until |
| 520 | + after 18.04 LTS. |
| 521 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit |
| 522 | + (see patch header and upstream bug for details). Fixes various |
| 523 | + causes of shutdown hangs, particularly with remote file systems. |
| 524 | + (LP: #1438612) (LP: #1540282) |
| 525 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
| 526 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
| 527 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
| 528 | + on demand after package installation. |
| 529 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
| 530 | + intended for upstream inclusion. It implements a bus method |
| 531 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
| 532 | + security context but upstream D-Bus has recently added a generic way of |
| 533 | + getting a connection's security credentials (GetConnectionCredentials). |
| 534 | + Ubuntu should carry this patch until packages in the archive are moved |
| 535 | + over to the new, generic method of getting a connection's credentials. |
| 536 | + |
| 537 | + -- Jeremy Bicha <jbicha@ubuntu.com> Mon, 30 Oct 2017 19:25:39 -0400 |
| 538 | + |
| 539 | dbus (1.12.0-1) unstable; urgency=medium |
| 540 | |
| 541 | * New upstream stable release 1.12.0 |
| 542 | @@ -2706,7 +3150,6 @@ dbus (1.1.1-2) UNRELEASED; urgency=low |
| 543 | |
| 544 | -- Michael Biebl <biebl@debian.org> Wed, 27 Jun 2007 01:42:38 +0200 |
| 545 | |
| 546 | - |
| 547 | dbus (1.1.1-1) unstable; urgency=low |
| 548 | |
| 549 | [ Michael Biebl ] |
| 550 | @@ -3016,8 +3459,6 @@ dbus (0.62-2) unstable; urgency=low |
| 551 | |
| 552 | -- Sjoerd Simons <sjoerd@debian.org> Wed, 21 Jun 2006 10:47:00 +0200 |
| 553 | |
| 554 | - |
| 555 | - |
| 556 | dbus (0.62-1) unstable; urgency=low |
| 557 | |
| 558 | * New upstream release |
| 559 | diff --git a/debian/control b/debian/control |
| 560 | index 1d3b701..b24aaa5 100644 |
| 561 | --- a/debian/control |
| 562 | +++ b/debian/control |
| 563 | @@ -1,7 +1,8 @@ |
| 564 | Source: dbus |
| 565 | Section: admin |
| 566 | Priority: optional |
| 567 | -Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> |
| 568 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
| 569 | +XSBC-Original-Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> |
| 570 | Uploaders: |
| 571 | Sjoerd Simons <sjoerd@debian.org>, |
| 572 | Sebastian Dröge <slomo@debian.org>, |
| 573 | diff --git a/debian/dbus.postinst b/debian/dbus.postinst |
| 574 | index 1cfd5e1..dd04aff 100644 |
| 575 | --- a/debian/dbus.postinst |
| 576 | +++ b/debian/dbus.postinst |
| 577 | @@ -70,4 +70,9 @@ if [ -z "${DPKG_ROOT:-}" ] && [ "$1" = configure ] && [ -n "$2" ]; then |
| 578 | reload_dbus_config |
| 579 | fi |
| 580 | |
| 581 | +# We don't start dbus.service in postinst, so ensure dbus.socket is running |
| 582 | +if [ "$1" = configure ] && [ -d /run/systemd/system ]; then |
| 583 | + systemctl try-restart sockets.target || true |
| 584 | +fi |
| 585 | + |
| 586 | # vim:set sw=4 sts=4 et: |
| 587 | diff --git a/debian/patches/series b/debian/patches/series |
| 588 | index b926ef8..edf7b82 100644 |
| 589 | --- a/debian/patches/series |
| 590 | +++ b/debian/patches/series |
| 591 | @@ -1 +1,3 @@ |
| 592 | debian/tests-Multiply-timeouts-by-20-on-riscv64.patch |
| 593 | +ubuntu/aa-get-connection-apparmor-security-context.patch |
| 594 | +ubuntu/dont-stop-dbus.patch |
| 595 | diff --git a/debian/patches/ubuntu/aa-get-connection-apparmor-security-context.patch b/debian/patches/ubuntu/aa-get-connection-apparmor-security-context.patch |
| 596 | new file mode 100644 |
| 597 | index 0000000..4c897ae |
| 598 | --- /dev/null |
| 599 | +++ b/debian/patches/ubuntu/aa-get-connection-apparmor-security-context.patch |
| 600 | @@ -0,0 +1,192 @@ |
| 601 | +From: Tyler Hicks <tyhicks@canonical.com> |
| 602 | +Date: Fri, 15 Aug 2014 13:37:15 -0500 |
| 603 | +Subject: Add DBus method to return the AA context of a connection |
| 604 | + |
| 605 | +Allows the AppArmor label that is attached to a D-Bus connection to be |
| 606 | +queried using the unique connection name. |
| 607 | + |
| 608 | +For example, |
| 609 | +$ dbus-send --print-reply --system --dest=org.freedesktop.DBus \ |
| 610 | + /org/freedesktop/DBus \ |
| 611 | + org.freedesktop.DBus.GetConnectionAppArmorSecurityContext string::1.4 |
| 612 | + method return sender=org.freedesktop.DBus -> dest=:1.50 reply_serial=2 |
| 613 | + string "/usr/sbin/cupsd" |
| 614 | + |
| 615 | +[Altered by Simon McVittie: survive non-UTF-8 contexts which |
| 616 | +would otherwise be a local denial of service, except that Ubuntu |
| 617 | +inherits a non-fatal warnings patch from Debian; new commit message |
| 618 | +taken from the Ubuntu changelog; do not emit unreachable code if |
| 619 | +AppArmor is disabled.] |
| 620 | + |
| 621 | +22 July 2023 Updates from ogayot |
| 622 | + |
| 623 | +This method has been deprecated for a while now but some packages in Ubuntu |
| 624 | +still use it. See LP #1489489 |
| 625 | + |
| 626 | +Forwarded: not-needed |
| 627 | +--- |
| 628 | + bus/apparmor.c | 15 +++++++++ |
| 629 | + bus/apparmor.h | 1 + |
| 630 | + bus/driver.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++ |
| 631 | + dbus/dbus-protocol.h | 2 ++ |
| 632 | + 4 files changed, 108 insertions(+) |
| 633 | + |
| 634 | +diff --git a/bus/apparmor.c b/bus/apparmor.c |
| 635 | +index 985f5e9..2eba37b 100644 |
| 636 | +--- a/bus/apparmor.c |
| 637 | ++++ b/bus/apparmor.c |
| 638 | +@@ -502,6 +502,21 @@ bus_apparmor_enabled (void) |
| 639 | + #endif |
| 640 | + } |
| 641 | + |
| 642 | ++const char* |
| 643 | ++bus_apparmor_confinement_get_label (BusAppArmorConfinement *confinement) |
| 644 | ++{ |
| 645 | ++#ifdef HAVE_APPARMOR |
| 646 | ++ if (!apparmor_enabled) |
| 647 | ++ return NULL; |
| 648 | ++ |
| 649 | ++ _dbus_assert (confinement != NULL); |
| 650 | ++ |
| 651 | ++ return confinement->label; |
| 652 | ++#else |
| 653 | ++ return NULL; |
| 654 | ++#endif |
| 655 | ++} |
| 656 | ++ |
| 657 | + void |
| 658 | + bus_apparmor_confinement_unref (BusAppArmorConfinement *confinement) |
| 659 | + { |
| 660 | +diff --git a/bus/apparmor.h b/bus/apparmor.h |
| 661 | +index ed465f7..b8146df 100644 |
| 662 | +--- a/bus/apparmor.h |
| 663 | ++++ b/bus/apparmor.h |
| 664 | +@@ -38,6 +38,7 @@ dbus_bool_t bus_apparmor_enabled (void); |
| 665 | + |
| 666 | + void bus_apparmor_confinement_unref (BusAppArmorConfinement *confinement); |
| 667 | + void bus_apparmor_confinement_ref (BusAppArmorConfinement *confinement); |
| 668 | ++const char* bus_apparmor_confinement_get_label (BusAppArmorConfinement *confinement); |
| 669 | + BusAppArmorConfinement* bus_apparmor_init_connection_confinement (DBusConnection *connection, |
| 670 | + DBusError *error); |
| 671 | + |
| 672 | +diff --git a/bus/driver.c b/bus/driver.c |
| 673 | +index cd0a714..d1669cb 100644 |
| 674 | +--- a/bus/driver.c |
| 675 | ++++ b/bus/driver.c |
| 676 | +@@ -2005,6 +2005,91 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection, |
| 677 | + return FALSE; |
| 678 | + } |
| 679 | + |
| 680 | ++static dbus_bool_t |
| 681 | ++bus_driver_handle_get_connection_apparmor_security_context (DBusConnection *connection, |
| 682 | ++ BusTransaction *transaction, |
| 683 | ++ DBusMessage *message, |
| 684 | ++ DBusError *error) |
| 685 | ++{ |
| 686 | ++ const char *service; |
| 687 | ++ DBusString str; |
| 688 | ++ BusRegistry *registry; |
| 689 | ++ BusService *serv; |
| 690 | ++ DBusConnection *primary_connection; |
| 691 | ++ DBusMessage *reply; |
| 692 | ++ BusAppArmorConfinement *confinement; |
| 693 | ++ const char *label; |
| 694 | ++ |
| 695 | ++ _DBUS_ASSERT_ERROR_IS_CLEAR (error); |
| 696 | ++ |
| 697 | ++ registry = bus_connection_get_registry (connection); |
| 698 | ++ |
| 699 | ++ service = NULL; |
| 700 | ++ reply = NULL; |
| 701 | ++ confinement = NULL; |
| 702 | ++ |
| 703 | ++ if (! dbus_message_get_args (message, error, DBUS_TYPE_STRING, &service, |
| 704 | ++ DBUS_TYPE_INVALID)) |
| 705 | ++ goto failed; |
| 706 | ++ |
| 707 | ++ _dbus_verbose ("asked for security context of connection %s\n", service); |
| 708 | ++ |
| 709 | ++ _dbus_string_init_const (&str, service); |
| 710 | ++ serv = bus_registry_lookup (registry, &str); |
| 711 | ++ if (serv == NULL) |
| 712 | ++ { |
| 713 | ++ dbus_set_error (error, |
| 714 | ++ DBUS_ERROR_NAME_HAS_NO_OWNER, |
| 715 | ++ "Could not get security context of name '%s': no such name", service); |
| 716 | ++ goto failed; |
| 717 | ++ } |
| 718 | ++ |
| 719 | ++ primary_connection = bus_service_get_primary_owners_connection (serv); |
| 720 | ++ |
| 721 | ++ reply = dbus_message_new_method_return (message); |
| 722 | ++ if (reply == NULL) |
| 723 | ++ goto oom; |
| 724 | ++ |
| 725 | ++ confinement = bus_connection_dup_apparmor_confinement (primary_connection); |
| 726 | ++ label = bus_apparmor_confinement_get_label (confinement); |
| 727 | ++ |
| 728 | ++ if (label == NULL) |
| 729 | ++ { |
| 730 | ++ dbus_set_error (error, |
| 731 | ++ DBUS_ERROR_APPARMOR_SECURITY_CONTEXT_UNKNOWN, |
| 732 | ++ "Could not determine security context for '%s'", service); |
| 733 | ++ goto failed; |
| 734 | ++ } |
| 735 | ++ |
| 736 | ++ if (!dbus_validate_utf8 (label, error)) |
| 737 | ++ goto failed; |
| 738 | ++ |
| 739 | ++ if (! dbus_message_append_args (reply, |
| 740 | ++ DBUS_TYPE_STRING, |
| 741 | ++ &label, |
| 742 | ++ DBUS_TYPE_INVALID)) |
| 743 | ++ goto failed; |
| 744 | ++ |
| 745 | ++ if (! bus_transaction_send_from_driver (transaction, connection, reply)) |
| 746 | ++ goto oom; |
| 747 | ++ |
| 748 | ++ bus_apparmor_confinement_unref (confinement); |
| 749 | ++ dbus_message_unref (reply); |
| 750 | ++ |
| 751 | ++ return TRUE; |
| 752 | ++ |
| 753 | ++ oom: |
| 754 | ++ BUS_SET_OOM (error); |
| 755 | ++ |
| 756 | ++ failed: |
| 757 | ++ _DBUS_ASSERT_ERROR_IS_SET (error); |
| 758 | ++ if (confinement) |
| 759 | ++ bus_apparmor_confinement_unref (confinement); |
| 760 | ++ if (reply) |
| 761 | ++ dbus_message_unref (reply); |
| 762 | ++ return FALSE; |
| 763 | ++} |
| 764 | ++ |
| 765 | + static dbus_bool_t |
| 766 | + bus_driver_handle_reload_config (DBusConnection *connection, |
| 767 | + BusTransaction *transaction, |
| 768 | +@@ -2479,6 +2564,11 @@ static const MessageHandler dbus_message_handlers[] = { |
| 769 | + DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_BYTE_AS_STRING, |
| 770 | + bus_driver_handle_get_connection_selinux_security_context, |
| 771 | + METHOD_FLAG_ANY_PATH }, |
| 772 | ++ { "GetConnectionAppArmorSecurityContext", |
| 773 | ++ DBUS_TYPE_STRING_AS_STRING, |
| 774 | ++ DBUS_TYPE_STRING_AS_STRING, |
| 775 | ++ bus_driver_handle_get_connection_apparmor_security_context, |
| 776 | ++ METHOD_FLAG_ANY_PATH }, |
| 777 | + { "ReloadConfig", |
| 778 | + "", |
| 779 | + "", |
| 780 | +diff --git a/dbus/dbus-protocol.h b/dbus/dbus-protocol.h |
| 781 | +index 933c365..2b7fd23 100644 |
| 782 | +--- a/dbus/dbus-protocol.h |
| 783 | ++++ b/dbus/dbus-protocol.h |
| 784 | +@@ -444,6 +444,8 @@ extern "C" { |
| 785 | + #define DBUS_ERROR_INVALID_FILE_CONTENT "org.freedesktop.DBus.Error.InvalidFileContent" |
| 786 | + /** Asked for SELinux security context and it wasn't available. */ |
| 787 | + #define DBUS_ERROR_SELINUX_SECURITY_CONTEXT_UNKNOWN "org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown" |
| 788 | ++/** Asked for AppArmor security context and it wasn't available. */ |
| 789 | ++#define DBUS_ERROR_APPARMOR_SECURITY_CONTEXT_UNKNOWN "org.freedesktop.DBus.Error.AppArmorSecurityContextUnknown" |
| 790 | + /** Asked for ADT audit data and it wasn't available. */ |
| 791 | + #define DBUS_ERROR_ADT_AUDIT_DATA_UNKNOWN "org.freedesktop.DBus.Error.AdtAuditDataUnknown" |
| 792 | + /** There's already an object with the requested object path. */ |
| 793 | diff --git a/debian/patches/ubuntu/dont-stop-dbus.patch b/debian/patches/ubuntu/dont-stop-dbus.patch |
| 794 | new file mode 100644 |
| 795 | index 0000000..0313060 |
| 796 | --- /dev/null |
| 797 | +++ b/debian/patches/ubuntu/dont-stop-dbus.patch |
| 798 | @@ -0,0 +1,98 @@ |
| 799 | +From: Martin Pitt <martin.pitt@ubuntu.com> |
| 800 | +Date: Tue, 31 Mar 2015 18:46:06 +0200 |
| 801 | +Subject: Don't stop D-Bus in the service unit |
| 802 | + |
| 803 | +D-Bus is getting stopped too early during shutdown, so that services on the bus |
| 804 | +are still running (and being shut down) after that. This leads to shutdown |
| 805 | +hangs due to remote file systems not getting unmounted as wpa_supplicant is |
| 806 | +already gone, or avahi or NetworkManager getting lots of errors because they |
| 807 | +get disconnected, etc. As D-Bus does not keep its state between restarts, |
| 808 | +dbus.socket also does not help us. |
| 809 | + |
| 810 | +Also, stopping D-Bus in a running system isn't something which we ever |
| 811 | +supported; to the contrary, we patched several packages to avoid |
| 812 | +restarting/stopping D-Bus in postinsts, as stopping d-bus in a running system |
| 813 | +is shooting yourself into the foot (independent of which init system you use). |
| 814 | +Thus leaving D-Bus running until the bitter end should be fine, it doesn't have |
| 815 | +any file system things to do on shutdown. This also approximates the brave new |
| 816 | +kdbus world where d-bus is basically "always available". |
| 817 | + |
| 818 | +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89847 |
| 819 | +Bug-Ubuntu: https://launchpad.net/bugs/1438612 |
| 820 | + |
| 821 | +26 Feb 2021 Updates from xnox |
| 822 | + |
| 823 | +Whilst the original patch was okish, it didn't actually work |
| 824 | +right. dbus.service had Requires dbus.socket, which in turn did not |
| 825 | +try refuse being stopped, thus socket was being stopped / going away |
| 826 | +whilst the dbus service is still running. Also that happened on |
| 827 | +shutdown. And sometimes dbus can hang and refuses to answer, in such |
| 828 | +cases it is best to let people be able to kill it and restart it. Plus |
| 829 | +with needrestart integration we kind of can restart dbus and some |
| 830 | +basic services to keep machine alive. So, to actually prevent dbus |
| 831 | +from being stopped on shutdown undo the previous incarnation of the |
| 832 | +patch and instead do this: |
| 833 | + |
| 834 | +Dependencies: |
| 835 | +* Add DefaultDependencies=no |
| 836 | +* Instead of Requires/After sysinit.target, add back Wants/After sysinit.target. |
| 837 | +* Add back After basic.target |
| 838 | +* Do not add back Conflicts/Before shutdown.target |
| 839 | + |
| 840 | +Do that for _both_ dbus.service and dbus.socket. |
| 841 | + |
| 842 | +dbus.service: |
| 843 | +* Drop the Killmode, ExecStop things |
| 844 | +* Make ExecStart be @/usr/bin/dbus-daemon @dbus-daemon .... thus it |
| 845 | + will now be survie systemd-shutdown kill spree |
| 846 | + |
| 847 | +End result is that now one can use $ sudo |
| 848 | +/etc/needrestart/restart.d/dbus.service to restart dbus, and yet it is |
| 849 | +not part of the shutdown transactions. |
| 850 | + |
| 851 | +09 Sep 2021 Updates from slyon |
| 852 | + |
| 853 | +The previous update made it be not part of the shutdown transaction, but |
| 854 | +introduced a deadlock during bootup like this: |
| 855 | + |
| 856 | + systemd[1]: basic.target: starting held back, waiting for: sockets.target |
| 857 | + systemd[1]: dbus.socket: starting held back, waiting for: basic.target |
| 858 | + systemd[1]: dbus.service: starting held back, waiting for: dbus.socket |
| 859 | + |
| 860 | +Therefore we need to remove the After=basic.target dependency of dbus.socket |
| 861 | +to break that dependency loop. |
| 862 | + |
| 863 | +--- |
| 864 | + bus/dbus.service.in | 4 ++++ |
| 865 | + 1 file changed, 4 insertions(+) |
| 866 | + |
| 867 | +--- a/bus/dbus.service.in |
| 868 | ++++ b/bus/dbus.service.in |
| 869 | +@@ -2,10 +2,14 @@ |
| 870 | + Description=D-Bus System Message Bus |
| 871 | + Documentation=man:dbus-daemon(1) |
| 872 | + Requires=dbus.socket |
| 873 | ++# Do not stop on shutdown |
| 874 | ++DefaultDependencies=no |
| 875 | ++Wants=sysinit.target |
| 876 | ++After=sysinit.target basic.target |
| 877 | + |
| 878 | + [Service] |
| 879 | + Type=notify |
| 880 | + NotifyAccess=main |
| 881 | +-ExecStart=@EXPANDED_BINDIR@/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only |
| 882 | ++ExecStart=@@EXPANDED_BINDIR@/dbus-daemon @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only |
| 883 | + ExecReload=@EXPANDED_BINDIR@/dbus-send --print-reply --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig |
| 884 | + OOMScoreAdjust=-900 |
| 885 | +--- a/bus/dbus.socket.in |
| 886 | ++++ b/bus/dbus.socket.in |
| 887 | +@@ -1,5 +1,9 @@ |
| 888 | + [Unit] |
| 889 | + Description=D-Bus System Message Bus Socket |
| 890 | ++# Do not stop on shutdown |
| 891 | ++DefaultDependencies=no |
| 892 | ++Wants=sysinit.target |
| 893 | ++After=sysinit.target |
| 894 | + |
| 895 | + [Socket] |
| 896 | + ListenStream=@DBUS_SYSTEM_SOCKET@ |
| 897 | diff --git a/debian/rules b/debian/rules |
| 898 | index 16f76c8..59aab5e 100755 |
| 899 | --- a/debian/rules |
| 900 | +++ b/debian/rules |
| 901 | @@ -254,11 +254,10 @@ endif |
| 902 | override_dh_missing: |
| 903 | dh_missing $(dh_missing_options) |
| 904 | |
| 905 | -# Yes, we do need both --no- options here. https://bugs.debian.org/837528 |
| 906 | override_dh_installinit: |
| 907 | - dh_installinit -pdbus --no-stop-on-upgrade --no-restart-after-upgrade |
| 908 | + dh_installinit -pdbus --no-start --no-stop-on-upgrade |
| 909 | override_dh_installsystemd: |
| 910 | - dh_installsystemd -pdbus --no-stop-on-upgrade --no-restart-after-upgrade |
| 911 | + dh_installsystemd -pdbus --no-start --no-stop-on-upgrade |
| 912 | |
| 913 | override_dh_installdocs: |
| 914 | dh_installdocs --all AUTHORS NEWS README |
Adding a note about the debian-branch = ubuntu/bionic in gbp.conf. Suggestions welcome!