Merge ~ogayot/ubuntu/+source/dbus:merge-lp2036180-mantic into ubuntu/+source/dbus:debian/sid
- Git
- lp:~ogayot/ubuntu/+source/dbus
- merge-lp2036180-mantic
- Merge into debian/sid
Status: | Merged | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Merge reported by: | Olivier Gayot | ||||||||||||||||
Merged at revision: | 37feb97a4e0e6aac3d23e3defbdd49a4b1c969e2 | ||||||||||||||||
Proposed branch: | ~ogayot/ubuntu/+source/dbus:merge-lp2036180-mantic | ||||||||||||||||
Merge into: | ubuntu/+source/dbus:debian/sid | ||||||||||||||||
Diff against target: |
942 lines (+771/-7) 7 files modified
debian/changelog (+470/-3) debian/control (+2/-1) debian/dbus.postinst (+5/-0) debian/patches/series (+2/-0) debian/patches/ubuntu/aa-get-connection-apparmor-security-context.patch (+192/-0) debian/patches/ubuntu/dont-stop-dbus.patch (+98/-0) debian/rules (+2/-3) |
||||||||||||||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Jeremy Bícha (community) | Approve | ||
git-ubuntu import | Pending | ||
Review via email:
|
This proposal supersedes a proposal from 2023-09-15.
Commit message
Description of the change
Merge of dbus 1.14.10-1 (bug fix only release) from Debian. Upstream changelog:
• Avoid a dbus-daemon crash if re-creating a connection's policy fails.
If it isn't possible to re-create its policy (for example if it belongs
to a user account that has been deleted or if the Name Service Switch is
broken, on a system not supporting SO_PEERGROUPS), we now log a warning,
continue to use its current policy, and continue to reload other
connections' policies. (dbus#343; Peter Benie, Simon McVittie)
• If getting the groups from a user ID fails, report the error correctly,
instead of logging "(null)" (dbus#343, Simon McVittie)
• Return the primary group ID in GetConnectionCr
field for processes with a valid-but-empty supplementary group list
(dbus!422, cptpcrd)
Also includes https:/
tags pushed
-----------
* reconstruct, https:/
* split, https:/
* logical, https:/
PPA
---
dbus 1.14.10-
* https:/
tests done
----------
* package upgraded from 1.14.8-2ubuntu1
* autopkgtest on amd64 https:/
* package installed on my development machine - no smoke :)
I don't have upload rights and will need sponsorship.
Preview Diff
1 | diff --git a/debian/changelog b/debian/changelog |
2 | index 82834b1..97f208b 100644 |
3 | --- a/debian/changelog |
4 | +++ b/debian/changelog |
5 | @@ -1,3 +1,31 @@ |
6 | +dbus (1.14.10-1ubuntu1) mantic; urgency=medium |
7 | + |
8 | + * Merge with Debian unstable (LP: #2036180). Remaining changes: |
9 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
10 | + intended for upstream inclusion. It implements a bus method |
11 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
12 | + security context but upstream D-Bus has recently added a generic way of |
13 | + getting a connection's security credentials (GetConnectionCredentials). |
14 | + Ubuntu should carry this patch until packages in the archive are moved |
15 | + over to the new, generic method of getting a connection's credentials. |
16 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit |
17 | + (LP #1438612) |
18 | + - Reworked to actually make dbus.service _and_ dbus.socket to not |
19 | + be part of the shutdown transaction. And yet make it possible |
20 | + to still stop/kill/restart dbus.service if one really |
21 | + wants to, because it is stuck and stopped responding to any |
22 | + commands. This allows allows to restart dbus.service with |
23 | + needrestart. However a finalrd hook might still be needed, to kill |
24 | + dbus-daemon for good, once we pivot off rootfs. |
25 | + - Reworked to avoid a deadlock during boot (LP #1936948) |
26 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
27 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
28 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
29 | + on demand after package installation. |
30 | + - Prevent dbus from being restarted on upgrade (LP #1962036) |
31 | + |
32 | + -- Olivier Gayot <olivier.gayot@canonical.com> Fri, 15 Sep 2023 11:42:11 +0200 |
33 | + |
34 | dbus (1.14.10-1) unstable; urgency=medium |
35 | |
36 | * New upstream stable release |
37 | @@ -18,6 +46,36 @@ dbus (1.14.10-1) unstable; urgency=medium |
38 | |
39 | -- Simon McVittie <smcv@debian.org> Fri, 01 Sep 2023 15:41:38 +0100 |
40 | |
41 | +dbus (1.14.8-2ubuntu1) mantic; urgency=medium |
42 | + |
43 | + * Merge with Debian unstable (LP: #2027991). Remaining changes: |
44 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
45 | + intended for upstream inclusion. It implements a bus method |
46 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
47 | + security context but upstream D-Bus has recently added a generic way of |
48 | + getting a connection's security credentials (GetConnectionCredentials). |
49 | + Ubuntu should carry this patch until packages in the archive are moved |
50 | + over to the new, generic method of getting a connection's credentials. |
51 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit |
52 | + (LP: #1438612) |
53 | + - Reworked to actually make dbus.service _and_ dbus.socket to not |
54 | + be part of the shutdown transaction. And yet make it possible |
55 | + to still stop/kill/restart dbus.service if one really |
56 | + wants to, because it is stuck and stopped responding to any |
57 | + commands. This allows allows to restart dbus.service with |
58 | + needrestart. However a finalrd hook might still be needed, to kill |
59 | + dbus-daemon for good, once we pivot off rootfs. |
60 | + - Reworked to avoid a deadlock during boot (LP: #1936948) |
61 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
62 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
63 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
64 | + on demand after package installation. |
65 | + - Prevent dbus from being restarted on upgrade (LP #1962036) |
66 | + * Removed unnecessary delta: |
67 | + - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore) |
68 | + |
69 | + -- Olivier Gayot <olivier.gayot@canonical.com> Mon, 17 Jul 2023 18:10:48 +0200 |
70 | + |
71 | dbus (1.14.8-2) unstable; urgency=high |
72 | |
73 | * dbus-daemon.postinst: Stop trying to take DPKG_ROOT into account. |
74 | @@ -42,6 +100,42 @@ dbus (1.14.8-1) unstable; urgency=medium |
75 | |
76 | -- Simon McVittie <smcv@debian.org> Tue, 06 Jun 2023 15:05:50 +0100 |
77 | |
78 | +dbus (1.14.6-1ubuntu1) mantic; urgency=medium |
79 | + |
80 | + * Merge with Debian unstable (LP: #2023301). Remaining changes: |
81 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
82 | + intended for upstream inclusion. It implements a bus method |
83 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
84 | + security context but upstream D-Bus has recently added a generic way of |
85 | + getting a connection's security credentials (GetConnectionCredentials). |
86 | + Ubuntu should carry this patch until packages in the archive are moved |
87 | + over to the new, generic method of getting a connection's credentials. |
88 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
89 | + - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ |
90 | + dbus.socket to not be part of the shutdown transaction. And yet make |
91 | + it possible to still stop/kill/restart dbus.service if one really |
92 | + wants to, because it is stuck and stopped responding to any |
93 | + commands. This allows allows to restart dbus.service with |
94 | + needrestart. However a finalrd hook might still be needed, to kill |
95 | + dbus-daemon for good, once we pivot off rootfs. |
96 | + - Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot |
97 | + (LP #1936948) |
98 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
99 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
100 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
101 | + on demand after package installation. |
102 | + - Prevent dbus from being restarted on upgrade (LP #1962036) |
103 | + - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore) |
104 | + * Removed obsoleted patches: |
105 | + - d/p/u/concrete-dbus-socket.patch: Add the "real" path used by the apparmor |
106 | + autopkgtest to the apparmor profile in the test |
107 | + [merged upstream in 1.14.6] |
108 | + - d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common |
109 | + packages to permit the resolver to use them to satisfy i386 dependencies |
110 | + [merged in debian in 1.14.6-1] |
111 | + |
112 | + -- Olivier Gayot <olivier.gayot@canonical.com> Thu, 08 Jun 2023 17:46:03 +0200 |
113 | + |
114 | dbus (1.14.6-1) unstable; urgency=medium |
115 | |
116 | * New upstream stable release |
117 | @@ -59,6 +153,52 @@ dbus (1.14.6-1) unstable; urgency=medium |
118 | |
119 | -- Simon McVittie <smcv@debian.org> Wed, 08 Feb 2023 13:21:47 +0000 |
120 | |
121 | +dbus (1.14.4-1ubuntu1) lunar; urgency=medium |
122 | + |
123 | + * Merge from Debian unstable (LP: #1999258). Remaining changes: |
124 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
125 | + intended for upstream inclusion. It implements a bus method |
126 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
127 | + security context but upstream D-Bus has recently added a generic way of |
128 | + getting a connection's security credentials (GetConnectionCredentials). |
129 | + Ubuntu should carry this patch until packages in the archive are moved |
130 | + over to the new, generic method of getting a connection's credentials. |
131 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
132 | + - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ |
133 | + dbus.socket to not be part of the shutdown transaction. And yet make it |
134 | + possible to still stop/kill/restart dbus.service if one really wants to, |
135 | + because it is stuck and stopped responding to any commands. This allows |
136 | + allows to restart dbus.service with needrestart. However a finalrd hook |
137 | + might still be needed, to kill dbus-daemon for good, once we pivot off |
138 | + rootfs. |
139 | + - Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot |
140 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
141 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
142 | + Instead, start dbus.socket in postinst, which will then start D-Bus on |
143 | + demand after package installation. |
144 | + - Prevent dbus from being restarted on upgrade |
145 | + - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore) |
146 | + - d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common |
147 | + packages to permit the resolver to use them to satisfy i386 dependencies |
148 | + * Removed patches obsoleted/merged by upstream: |
149 | + - Make autopkgtests cross-test-friendly. |
150 | + - SECURITY UPDATE: Assertion failure in dbus-marshal-validate |
151 | + - debian/patches/CVE-2022-42010.patch: Check brackets in signature nest |
152 | + correctly |
153 | + - CVE-2022-42010 |
154 | + - SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate |
155 | + - debian/patches/CVE-2022-42011.patch: Validate length of arrays of |
156 | + fixed-length items |
157 | + - CVE-2022-42011 |
158 | + - SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap |
159 | + - debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if |
160 | + needed |
161 | + - CVE-2022-42012 |
162 | + * d/p/u/concrete-dbus-socket.patch: Add the "real" path used by the apparmor |
163 | + autopkgtest to the apparmor profile in the test |
164 | + |
165 | + -- Dave Jones <dave.jones@canonical.com> Fri, 09 Dec 2022 15:00:27 +0000 |
166 | + |
167 | dbus (1.14.4-1) unstable; urgency=high |
168 | |
169 | * New upstream stable release 1.14.4 |
170 | @@ -81,6 +221,58 @@ dbus (1.14.2-1) unstable; urgency=medium |
171 | |
172 | -- Simon McVittie <smcv@debian.org> Mon, 26 Sep 2022 17:09:42 +0100 |
173 | |
174 | +dbus (1.14.0-2ubuntu3) kinetic; urgency=medium |
175 | + |
176 | + * SECURITY UPDATE: Assertion failure in dbus-marshal-validate |
177 | + - debian/patches/CVE-2022-42010.patch: Check brackets in signature nest |
178 | + correctly |
179 | + - CVE-2022-42010 |
180 | + * SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate |
181 | + - debian/patches/CVE-2022-42011.patch: Validate length of arrays of |
182 | + fixed-length items |
183 | + - CVE-2022-42011 |
184 | + * SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap |
185 | + - debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed |
186 | + - CVE-2022-42012 |
187 | + |
188 | + -- Nishit Majithia <nishit.majithia@canonical.com> TUe, 25 Oct 2022 18:48:42 +0530 |
189 | + |
190 | +dbus (1.14.0-2ubuntu2) kinetic; urgency=medium |
191 | + |
192 | + * d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common |
193 | + packages to permit the resolver to use them to satisfy i386 dependencies |
194 | + |
195 | + -- Dave Jones <dave.jones@canonical.com> Tue, 30 Aug 2022 15:15:24 +0100 |
196 | + |
197 | +dbus (1.14.0-2ubuntu1) kinetic; urgency=medium |
198 | + |
199 | + * Merge from Debian unstable (LP: #1959211). Remaining changes: |
200 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
201 | + intended for upstream inclusion. It implements a bus method |
202 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
203 | + security context but upstream D-Bus has recently added a generic way of |
204 | + getting a connection's security credentials (GetConnectionCredentials). |
205 | + Ubuntu should carry this patch until packages in the archive are moved |
206 | + over to the new, generic method of getting a connection's credentials. |
207 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
208 | + - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ |
209 | + dbus.socket to not be part of the shutdown transaction. And yet make it |
210 | + possible to still stop/kill/restart dbus.service if one really wants to, |
211 | + because it is stuck and stopped responding to any commands. This allows |
212 | + allows to restart dbus.service with needrestart. However a finalrd hook |
213 | + might still be needed, to kill dbus-daemon for good, once we pivot off |
214 | + rootfs. |
215 | + - Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot |
216 | + - Make autopkgtests cross-test-friendly. |
217 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
218 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
219 | + Instead, start dbus.socket in postinst, which will then start D-Bus on |
220 | + demand after package installation. |
221 | + - Prevent dbus from being restarted on upgrade |
222 | + - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore) |
223 | + |
224 | + -- Dave Jones <dave.jones@canonical.com> Tue, 23 Aug 2022 15:07:57 +0100 |
225 | + |
226 | dbus (1.14.0-2) unstable; urgency=medium |
227 | |
228 | * Revert workaround for #994204. Since debhelper 13.7, the workaround |
229 | @@ -527,6 +719,51 @@ dbus (1.12.20-3) unstable; urgency=medium |
230 | |
231 | -- Simon McVittie <smcv@debian.org> Mon, 25 Oct 2021 10:32:43 +0100 |
232 | |
233 | +dbus (1.12.20-2ubuntu4) jammy; urgency=medium |
234 | + |
235 | + * Prevent dbus from being restarted on upgrade (LP: #1962036) |
236 | + |
237 | + -- Dave Jones <dave.jones@canonical.com> Fri, 01 Apr 2022 18:02:54 +0100 |
238 | + |
239 | +dbus (1.12.20-2ubuntu3) jammy; urgency=medium |
240 | + |
241 | + * No-change rebuild to update maintainer scripts, see LP: 1959054 |
242 | + |
243 | + -- Dave Jones <dave.jones@canonical.com> Wed, 16 Feb 2022 16:50:50 +0000 |
244 | + |
245 | +dbus (1.12.20-2ubuntu2) impish; urgency=medium |
246 | + |
247 | + * Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot |
248 | + (LP: #1936948) |
249 | + |
250 | + -- Lukas Märdian <slyon@ubuntu.com> Thu, 09 Sep 2021 15:45:30 +0200 |
251 | + |
252 | +dbus (1.12.20-2ubuntu1) impish; urgency=medium |
253 | + |
254 | + * Merge from Debian unstable. Remaining changes: |
255 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
256 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
257 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
258 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
259 | + on demand after package installation. |
260 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
261 | + intended for upstream inclusion. It implements a bus method |
262 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
263 | + security context but upstream D-Bus has recently added a generic way of |
264 | + getting a connection's security credentials (GetConnectionCredentials). |
265 | + Ubuntu should carry this patch until packages in the archive are moved |
266 | + over to the new, generic method of getting a connection's credentials. |
267 | + - Make autopkgtests cross-test-friendly. |
268 | + - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ |
269 | + dbus.socket to not be part of the shutdown transaction. And yet make |
270 | + it possible to still stop/kill/restart dbus.service if one really |
271 | + wants to, because it is stuck and stopped responding to any |
272 | + commands. This allows allows to restart dbus.service with |
273 | + needrestart. However a finalrd hook might still be needed, to kill |
274 | + dbus-daemon for good, once we pivot off rootfs. |
275 | + |
276 | + -- Balint Reczey <rbalint@ubuntu.com> Tue, 18 May 2021 10:59:54 +0200 |
277 | + |
278 | dbus (1.12.20-2) unstable; urgency=medium |
279 | |
280 | * Add Provides for the split binary packages added in experimental. |
281 | @@ -542,6 +779,43 @@ dbus (1.12.20-2) unstable; urgency=medium |
282 | |
283 | -- Simon McVittie <smcv@debian.org> Sun, 21 Feb 2021 14:02:17 +0000 |
284 | |
285 | +dbus (1.12.20-1ubuntu3) hirsute; urgency=medium |
286 | + |
287 | + * Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ |
288 | + dbus.socket to not be part of the shutdown transaction. And yet make |
289 | + it possible to still stop/kill/restart dbus.service if one really |
290 | + wants to, because it is stuck and stopped responding to any |
291 | + commands. This allows allows to restart dbus.service with |
292 | + needrestart. However a finalrd hook might still be needed, to kill |
293 | + dbus-daemon for good, once we pivot off rootfs. |
294 | + |
295 | + -- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 26 Feb 2021 19:43:15 +0000 |
296 | + |
297 | +dbus (1.12.20-1ubuntu2) hirsute; urgency=medium |
298 | + |
299 | + * No-change rebuild to drop the udeb package. |
300 | + |
301 | + -- Matthias Klose <doko@ubuntu.com> Mon, 22 Feb 2021 10:30:40 +0100 |
302 | + |
303 | +dbus (1.12.20-1ubuntu1) groovy; urgency=low |
304 | + |
305 | + * Merge from Debian unstable. Remaining changes: |
306 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
307 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
308 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
309 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
310 | + on demand after package installation. |
311 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
312 | + intended for upstream inclusion. It implements a bus method |
313 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
314 | + security context but upstream D-Bus has recently added a generic way of |
315 | + getting a connection's security credentials (GetConnectionCredentials). |
316 | + Ubuntu should carry this patch until packages in the archive are moved |
317 | + over to the new, generic method of getting a connection's credentials. |
318 | + - Make autopkgtests cross-test-friendly. |
319 | + |
320 | + -- Iain Lane <iain.lane@canonical.com> Thu, 10 Sep 2020 12:25:12 +0100 |
321 | + |
322 | dbus (1.12.20-1) unstable; urgency=medium |
323 | |
324 | [ Mark Hindley ] |
325 | @@ -556,6 +830,25 @@ dbus (1.12.20-1) unstable; urgency=medium |
326 | |
327 | -- Simon McVittie <smcv@debian.org> Thu, 02 Jul 2020 14:19:21 +0100 |
328 | |
329 | +dbus (1.12.18-1ubuntu1) groovy; urgency=low |
330 | + |
331 | + * Merge from Debian unstable. Remaining changes: |
332 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
333 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
334 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
335 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
336 | + on demand after package installation. |
337 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
338 | + intended for upstream inclusion. It implements a bus method |
339 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
340 | + security context but upstream D-Bus has recently added a generic way of |
341 | + getting a connection's security credentials (GetConnectionCredentials). |
342 | + Ubuntu should carry this patch until packages in the archive are moved |
343 | + over to the new, generic method of getting a connection's credentials. |
344 | + - Make autopkgtests cross-test-friendly. |
345 | + |
346 | + -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 09 Jun 2020 13:55:57 -0700 |
347 | + |
348 | dbus (1.12.18-1) unstable; urgency=medium |
349 | |
350 | [ Simon McVittie ] |
351 | @@ -620,6 +913,33 @@ dbus (1.12.18-1) unstable; urgency=medium |
352 | |
353 | -- Simon McVittie <smcv@debian.org> Tue, 02 Jun 2020 19:48:04 +0100 |
354 | |
355 | +dbus (1.12.16-2ubuntu2) focal; urgency=medium |
356 | + |
357 | + * Make autopkgtests cross-test-friendly. |
358 | + |
359 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 06 Dec 2019 21:22:40 -0800 |
360 | + |
361 | +dbus (1.12.16-2ubuntu1) focal; urgency=medium |
362 | + |
363 | + * Merge from Debian unstable. Remaining changes: |
364 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
365 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
366 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
367 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
368 | + on demand after package installation. |
369 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
370 | + intended for upstream inclusion. It implements a bus method |
371 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
372 | + security context but upstream D-Bus has recently added a generic way of |
373 | + getting a connection's security credentials (GetConnectionCredentials). |
374 | + Ubuntu should carry this patch until packages in the archive are moved |
375 | + over to the new, generic method of getting a connection's credentials. |
376 | + * Removed patches included in new version: |
377 | + - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch |
378 | + - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch |
379 | + |
380 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 26 Nov 2019 12:58:43 -0500 |
381 | + |
382 | dbus (1.12.16-2) unstable; urgency=medium |
383 | |
384 | * Add bug number to previous changelog entry |
385 | @@ -653,6 +973,55 @@ dbus (1.12.16-1) unstable; urgency=medium |
386 | |
387 | -- Simon McVittie <smcv@debian.org> Sun, 09 Jun 2019 21:34:34 +0100 |
388 | |
389 | +dbus (1.12.14-1ubuntu2) eoan; urgency=medium |
390 | + |
391 | + * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw |
392 | + - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch: |
393 | + reject DBUS_COOKIE_SHA1 for users other than the server owner in |
394 | + dbus/dbus-auth.c. |
395 | + - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch: |
396 | + add basic test coverage for DBUS_COOKIE_SHA1 in |
397 | + dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c, |
398 | + dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am, |
399 | + test/data/auth/cookie-sha1-username.auth-script, |
400 | + test/data/auth/cookie-sha1.auth-script. |
401 | + - CVE-2019-12749 |
402 | + |
403 | + -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 11 Jun 2019 13:04:53 -0400 |
404 | + |
405 | +dbus (1.12.14-1ubuntu1) eoan; urgency=low |
406 | + |
407 | + * Merge from Debian unstable. Remaining changes: |
408 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. |
409 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
410 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
411 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
412 | + on demand after package installation. |
413 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
414 | + intended for upstream inclusion. It implements a bus method |
415 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
416 | + security context but upstream D-Bus has recently added a generic way of |
417 | + getting a connection's security credentials (GetConnectionCredentials). |
418 | + Ubuntu should carry this patch until packages in the archive are moved |
419 | + over to the new, generic method of getting a connection's credentials. |
420 | + |
421 | + -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 22 May 2019 16:41:21 -0700 |
422 | + |
423 | +dbus (1.12.16-1) unstable; urgency=medium |
424 | + |
425 | + * New upstream stable release |
426 | + - CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1 |
427 | + authentication for identities that differ from the user running the |
428 | + DBusServer. Previously, a local attacker could manipulate symbolic |
429 | + links in their own home directory to bypass authentication and |
430 | + connect to a DBusServer with elevated privileges. The standard |
431 | + system and session dbus-daemons in their default configuration were |
432 | + immune to this attack because they did not allow DBUS_COOKIE_SHA1, |
433 | + but third-party users of DBusServer such as Upstart could be |
434 | + vulnerable. (Closes: #930375) |
435 | + |
436 | + -- Simon McVittie <smcv@debian.org> Sun, 09 Jun 2019 21:34:34 +0100 |
437 | + |
438 | dbus (1.12.14-1) unstable; urgency=medium |
439 | |
440 | * New upstream release |
441 | @@ -666,6 +1035,30 @@ dbus (1.12.14-1) unstable; urgency=medium |
442 | |
443 | -- Simon McVittie <smcv@debian.org> Sat, 18 May 2019 17:37:08 +0100 |
444 | |
445 | +dbus (1.12.12-1ubuntu1) disco; urgency=low |
446 | + |
447 | + * Merge from Debian unstable. Remaining changes: |
448 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit |
449 | + (see patch header and upstream bug for details). Fixes various |
450 | + causes of shutdown hangs, particularly with remote file systems. |
451 | + (LP: #1438612) (LP: #1540282) |
452 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
453 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
454 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
455 | + on demand after package installation. |
456 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
457 | + intended for upstream inclusion. It implements a bus method |
458 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
459 | + security context but upstream D-Bus has recently added a generic way of |
460 | + getting a connection's security credentials (GetConnectionCredentials). |
461 | + Ubuntu should carry this patch until packages in the archive are moved |
462 | + over to the new, generic method of getting a connection's credentials. |
463 | + * Dropped changes, superseded in Debian: |
464 | + - debian/tests/root: don't set ulimit on containers, since the container |
465 | + may be unprivileged and "root" may not be able to raise ulimits again. |
466 | + |
467 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 31 Jan 2019 17:47:44 -0800 |
468 | + |
469 | dbus (1.12.12-1) unstable; urgency=medium |
470 | |
471 | [ Ritesh Raj Sarraf ] |
472 | @@ -694,6 +1087,37 @@ dbus (1.12.12-1) unstable; urgency=medium |
473 | |
474 | -- Simon McVittie <smcv@debian.org> Tue, 04 Dec 2018 15:58:18 +0000 |
475 | |
476 | +dbus (1.12.10-1ubuntu2) cosmic; urgency=medium |
477 | + |
478 | + * debian/tests/root: don't set ulimit on containers, since the container |
479 | + may be unprivileged and "root" may not be able to raise ulimits again. |
480 | + |
481 | + -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 06 Sep 2018 03:56:07 +0000 |
482 | + |
483 | +dbus (1.12.10-1ubuntu1) cosmic; urgency=low |
484 | + |
485 | + * Merge from Debian unstable. Remaining changes: |
486 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit |
487 | + (see patch header and upstream bug for details). Fixes various |
488 | + causes of shutdown hangs, particularly with remote file systems. |
489 | + (LP: #1438612) (LP: #1540282) |
490 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
491 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
492 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
493 | + on demand after package installation. |
494 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
495 | + intended for upstream inclusion. It implements a bus method |
496 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
497 | + security context but upstream D-Bus has recently added a generic way of |
498 | + getting a connection's security credentials (GetConnectionCredentials). |
499 | + Ubuntu should carry this patch until packages in the archive are moved |
500 | + over to the new, generic method of getting a connection's credentials. |
501 | + * Dropped changes, no longer needed: |
502 | + - Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until |
503 | + after 18.04 LTS. |
504 | + |
505 | + -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 31 Aug 2018 10:29:17 -0700 |
506 | + |
507 | dbus (1.12.10-1) unstable; urgency=medium |
508 | |
509 | * New upstream release |
510 | @@ -782,6 +1206,29 @@ dbus (1.12.4-1) unstable; urgency=medium |
511 | |
512 | -- Simon McVittie <smcv@debian.org> Thu, 08 Feb 2018 15:05:57 +0000 |
513 | |
514 | +dbus (1.12.2-1ubuntu1) bionic; urgency=medium |
515 | + |
516 | + * Sync with Debian. Remaining changes: |
517 | + - Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until |
518 | + after 18.04 LTS. |
519 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit |
520 | + (see patch header and upstream bug for details). Fixes various |
521 | + causes of shutdown hangs, particularly with remote file systems. |
522 | + (LP: #1438612) (LP: #1540282) |
523 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
524 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
525 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
526 | + on demand after package installation. |
527 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
528 | + intended for upstream inclusion. It implements a bus method |
529 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
530 | + security context but upstream D-Bus has recently added a generic way of |
531 | + getting a connection's security credentials (GetConnectionCredentials). |
532 | + Ubuntu should carry this patch until packages in the archive are moved |
533 | + over to the new, generic method of getting a connection's credentials. |
534 | + |
535 | + -- Jeremy Bicha <jbicha@ubuntu.com> Wed, 15 Nov 2017 17:22:22 -0500 |
536 | + |
537 | dbus (1.12.2-1) unstable; urgency=low |
538 | |
539 | * New upstream release 1.12.2 |
540 | @@ -803,6 +1250,29 @@ dbus (1.12.2-1) unstable; urgency=low |
541 | |
542 | -- Simon McVittie <smcv@debian.org> Mon, 13 Nov 2017 15:36:08 +0000 |
543 | |
544 | +dbus (1.12.0-1ubuntu1) bionic; urgency=medium |
545 | + |
546 | + * Sync with Debian. Remaining changes: |
547 | + - Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until |
548 | + after 18.04 LTS. |
549 | + - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit |
550 | + (see patch header and upstream bug for details). Fixes various |
551 | + causes of shutdown hangs, particularly with remote file systems. |
552 | + (LP: #1438612) (LP: #1540282) |
553 | + - debian/dbus.postinst, debian/rules: Don't start D-Bus on package |
554 | + installation, as that doesn't work any more with dont-stop-dbus.patch. |
555 | + Instead, start dbus.socket in postinst, which will then start D-Bus |
556 | + on demand after package installation. |
557 | + - Add aa-get-connection-apparmor-security-context.patch: This is not |
558 | + intended for upstream inclusion. It implements a bus method |
559 | + (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor |
560 | + security context but upstream D-Bus has recently added a generic way of |
561 | + getting a connection's security credentials (GetConnectionCredentials). |
562 | + Ubuntu should carry this patch until packages in the archive are moved |
563 | + over to the new, generic method of getting a connection's credentials. |
564 | + |
565 | + -- Jeremy Bicha <jbicha@ubuntu.com> Mon, 30 Oct 2017 19:25:39 -0400 |
566 | + |
567 | dbus (1.12.0-1) unstable; urgency=medium |
568 | |
569 | * New upstream stable release 1.12.0 |
570 | @@ -2712,7 +3182,6 @@ dbus (1.1.1-2) UNRELEASED; urgency=low |
571 | |
572 | -- Michael Biebl <biebl@debian.org> Wed, 27 Jun 2007 01:42:38 +0200 |
573 | |
574 | - |
575 | dbus (1.1.1-1) unstable; urgency=low |
576 | |
577 | [ Michael Biebl ] |
578 | @@ -3022,8 +3491,6 @@ dbus (0.62-2) unstable; urgency=low |
579 | |
580 | -- Sjoerd Simons <sjoerd@debian.org> Wed, 21 Jun 2006 10:47:00 +0200 |
581 | |
582 | - |
583 | - |
584 | dbus (0.62-1) unstable; urgency=low |
585 | |
586 | * New upstream release |
587 | diff --git a/debian/control b/debian/control |
588 | index 1d3b701..b24aaa5 100644 |
589 | --- a/debian/control |
590 | +++ b/debian/control |
591 | @@ -1,7 +1,8 @@ |
592 | Source: dbus |
593 | Section: admin |
594 | Priority: optional |
595 | -Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> |
596 | +Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> |
597 | +XSBC-Original-Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> |
598 | Uploaders: |
599 | Sjoerd Simons <sjoerd@debian.org>, |
600 | Sebastian Dröge <slomo@debian.org>, |
601 | diff --git a/debian/dbus.postinst b/debian/dbus.postinst |
602 | index 1cfd5e1..dd04aff 100644 |
603 | --- a/debian/dbus.postinst |
604 | +++ b/debian/dbus.postinst |
605 | @@ -70,4 +70,9 @@ if [ -z "${DPKG_ROOT:-}" ] && [ "$1" = configure ] && [ -n "$2" ]; then |
606 | reload_dbus_config |
607 | fi |
608 | |
609 | +# We don't start dbus.service in postinst, so ensure dbus.socket is running |
610 | +if [ "$1" = configure ] && [ -d /run/systemd/system ]; then |
611 | + systemctl try-restart sockets.target || true |
612 | +fi |
613 | + |
614 | # vim:set sw=4 sts=4 et: |
615 | diff --git a/debian/patches/series b/debian/patches/series |
616 | index b926ef8..edf7b82 100644 |
617 | --- a/debian/patches/series |
618 | +++ b/debian/patches/series |
619 | @@ -1 +1,3 @@ |
620 | debian/tests-Multiply-timeouts-by-20-on-riscv64.patch |
621 | +ubuntu/aa-get-connection-apparmor-security-context.patch |
622 | +ubuntu/dont-stop-dbus.patch |
623 | diff --git a/debian/patches/ubuntu/aa-get-connection-apparmor-security-context.patch b/debian/patches/ubuntu/aa-get-connection-apparmor-security-context.patch |
624 | new file mode 100644 |
625 | index 0000000..4c897ae |
626 | --- /dev/null |
627 | +++ b/debian/patches/ubuntu/aa-get-connection-apparmor-security-context.patch |
628 | @@ -0,0 +1,192 @@ |
629 | +From: Tyler Hicks <tyhicks@canonical.com> |
630 | +Date: Fri, 15 Aug 2014 13:37:15 -0500 |
631 | +Subject: Add DBus method to return the AA context of a connection |
632 | + |
633 | +Allows the AppArmor label that is attached to a D-Bus connection to be |
634 | +queried using the unique connection name. |
635 | + |
636 | +For example, |
637 | +$ dbus-send --print-reply --system --dest=org.freedesktop.DBus \ |
638 | + /org/freedesktop/DBus \ |
639 | + org.freedesktop.DBus.GetConnectionAppArmorSecurityContext string::1.4 |
640 | + method return sender=org.freedesktop.DBus -> dest=:1.50 reply_serial=2 |
641 | + string "/usr/sbin/cupsd" |
642 | + |
643 | +[Altered by Simon McVittie: survive non-UTF-8 contexts which |
644 | +would otherwise be a local denial of service, except that Ubuntu |
645 | +inherits a non-fatal warnings patch from Debian; new commit message |
646 | +taken from the Ubuntu changelog; do not emit unreachable code if |
647 | +AppArmor is disabled.] |
648 | + |
649 | +22 July 2023 Updates from ogayot |
650 | + |
651 | +This method has been deprecated for a while now but some packages in Ubuntu |
652 | +still use it. See LP #1489489 |
653 | + |
654 | +Forwarded: not-needed |
655 | +--- |
656 | + bus/apparmor.c | 15 +++++++++ |
657 | + bus/apparmor.h | 1 + |
658 | + bus/driver.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++ |
659 | + dbus/dbus-protocol.h | 2 ++ |
660 | + 4 files changed, 108 insertions(+) |
661 | + |
662 | +diff --git a/bus/apparmor.c b/bus/apparmor.c |
663 | +index 985f5e9..2eba37b 100644 |
664 | +--- a/bus/apparmor.c |
665 | ++++ b/bus/apparmor.c |
666 | +@@ -502,6 +502,21 @@ bus_apparmor_enabled (void) |
667 | + #endif |
668 | + } |
669 | + |
670 | ++const char* |
671 | ++bus_apparmor_confinement_get_label (BusAppArmorConfinement *confinement) |
672 | ++{ |
673 | ++#ifdef HAVE_APPARMOR |
674 | ++ if (!apparmor_enabled) |
675 | ++ return NULL; |
676 | ++ |
677 | ++ _dbus_assert (confinement != NULL); |
678 | ++ |
679 | ++ return confinement->label; |
680 | ++#else |
681 | ++ return NULL; |
682 | ++#endif |
683 | ++} |
684 | ++ |
685 | + void |
686 | + bus_apparmor_confinement_unref (BusAppArmorConfinement *confinement) |
687 | + { |
688 | +diff --git a/bus/apparmor.h b/bus/apparmor.h |
689 | +index ed465f7..b8146df 100644 |
690 | +--- a/bus/apparmor.h |
691 | ++++ b/bus/apparmor.h |
692 | +@@ -38,6 +38,7 @@ dbus_bool_t bus_apparmor_enabled (void); |
693 | + |
694 | + void bus_apparmor_confinement_unref (BusAppArmorConfinement *confinement); |
695 | + void bus_apparmor_confinement_ref (BusAppArmorConfinement *confinement); |
696 | ++const char* bus_apparmor_confinement_get_label (BusAppArmorConfinement *confinement); |
697 | + BusAppArmorConfinement* bus_apparmor_init_connection_confinement (DBusConnection *connection, |
698 | + DBusError *error); |
699 | + |
700 | +diff --git a/bus/driver.c b/bus/driver.c |
701 | +index cd0a714..d1669cb 100644 |
702 | +--- a/bus/driver.c |
703 | ++++ b/bus/driver.c |
704 | +@@ -2005,6 +2005,91 @@ bus_driver_handle_get_connection_credentials (DBusConnection *connection, |
705 | + return FALSE; |
706 | + } |
707 | + |
708 | ++static dbus_bool_t |
709 | ++bus_driver_handle_get_connection_apparmor_security_context (DBusConnection *connection, |
710 | ++ BusTransaction *transaction, |
711 | ++ DBusMessage *message, |
712 | ++ DBusError *error) |
713 | ++{ |
714 | ++ const char *service; |
715 | ++ DBusString str; |
716 | ++ BusRegistry *registry; |
717 | ++ BusService *serv; |
718 | ++ DBusConnection *primary_connection; |
719 | ++ DBusMessage *reply; |
720 | ++ BusAppArmorConfinement *confinement; |
721 | ++ const char *label; |
722 | ++ |
723 | ++ _DBUS_ASSERT_ERROR_IS_CLEAR (error); |
724 | ++ |
725 | ++ registry = bus_connection_get_registry (connection); |
726 | ++ |
727 | ++ service = NULL; |
728 | ++ reply = NULL; |
729 | ++ confinement = NULL; |
730 | ++ |
731 | ++ if (! dbus_message_get_args (message, error, DBUS_TYPE_STRING, &service, |
732 | ++ DBUS_TYPE_INVALID)) |
733 | ++ goto failed; |
734 | ++ |
735 | ++ _dbus_verbose ("asked for security context of connection %s\n", service); |
736 | ++ |
737 | ++ _dbus_string_init_const (&str, service); |
738 | ++ serv = bus_registry_lookup (registry, &str); |
739 | ++ if (serv == NULL) |
740 | ++ { |
741 | ++ dbus_set_error (error, |
742 | ++ DBUS_ERROR_NAME_HAS_NO_OWNER, |
743 | ++ "Could not get security context of name '%s': no such name", service); |
744 | ++ goto failed; |
745 | ++ } |
746 | ++ |
747 | ++ primary_connection = bus_service_get_primary_owners_connection (serv); |
748 | ++ |
749 | ++ reply = dbus_message_new_method_return (message); |
750 | ++ if (reply == NULL) |
751 | ++ goto oom; |
752 | ++ |
753 | ++ confinement = bus_connection_dup_apparmor_confinement (primary_connection); |
754 | ++ label = bus_apparmor_confinement_get_label (confinement); |
755 | ++ |
756 | ++ if (label == NULL) |
757 | ++ { |
758 | ++ dbus_set_error (error, |
759 | ++ DBUS_ERROR_APPARMOR_SECURITY_CONTEXT_UNKNOWN, |
760 | ++ "Could not determine security context for '%s'", service); |
761 | ++ goto failed; |
762 | ++ } |
763 | ++ |
764 | ++ if (!dbus_validate_utf8 (label, error)) |
765 | ++ goto failed; |
766 | ++ |
767 | ++ if (! dbus_message_append_args (reply, |
768 | ++ DBUS_TYPE_STRING, |
769 | ++ &label, |
770 | ++ DBUS_TYPE_INVALID)) |
771 | ++ goto failed; |
772 | ++ |
773 | ++ if (! bus_transaction_send_from_driver (transaction, connection, reply)) |
774 | ++ goto oom; |
775 | ++ |
776 | ++ bus_apparmor_confinement_unref (confinement); |
777 | ++ dbus_message_unref (reply); |
778 | ++ |
779 | ++ return TRUE; |
780 | ++ |
781 | ++ oom: |
782 | ++ BUS_SET_OOM (error); |
783 | ++ |
784 | ++ failed: |
785 | ++ _DBUS_ASSERT_ERROR_IS_SET (error); |
786 | ++ if (confinement) |
787 | ++ bus_apparmor_confinement_unref (confinement); |
788 | ++ if (reply) |
789 | ++ dbus_message_unref (reply); |
790 | ++ return FALSE; |
791 | ++} |
792 | ++ |
793 | + static dbus_bool_t |
794 | + bus_driver_handle_reload_config (DBusConnection *connection, |
795 | + BusTransaction *transaction, |
796 | +@@ -2479,6 +2564,11 @@ static const MessageHandler dbus_message_handlers[] = { |
797 | + DBUS_TYPE_ARRAY_AS_STRING DBUS_TYPE_BYTE_AS_STRING, |
798 | + bus_driver_handle_get_connection_selinux_security_context, |
799 | + METHOD_FLAG_ANY_PATH }, |
800 | ++ { "GetConnectionAppArmorSecurityContext", |
801 | ++ DBUS_TYPE_STRING_AS_STRING, |
802 | ++ DBUS_TYPE_STRING_AS_STRING, |
803 | ++ bus_driver_handle_get_connection_apparmor_security_context, |
804 | ++ METHOD_FLAG_ANY_PATH }, |
805 | + { "ReloadConfig", |
806 | + "", |
807 | + "", |
808 | +diff --git a/dbus/dbus-protocol.h b/dbus/dbus-protocol.h |
809 | +index 933c365..2b7fd23 100644 |
810 | +--- a/dbus/dbus-protocol.h |
811 | ++++ b/dbus/dbus-protocol.h |
812 | +@@ -444,6 +444,8 @@ extern "C" { |
813 | + #define DBUS_ERROR_INVALID_FILE_CONTENT "org.freedesktop.DBus.Error.InvalidFileContent" |
814 | + /** Asked for SELinux security context and it wasn't available. */ |
815 | + #define DBUS_ERROR_SELINUX_SECURITY_CONTEXT_UNKNOWN "org.freedesktop.DBus.Error.SELinuxSecurityContextUnknown" |
816 | ++/** Asked for AppArmor security context and it wasn't available. */ |
817 | ++#define DBUS_ERROR_APPARMOR_SECURITY_CONTEXT_UNKNOWN "org.freedesktop.DBus.Error.AppArmorSecurityContextUnknown" |
818 | + /** Asked for ADT audit data and it wasn't available. */ |
819 | + #define DBUS_ERROR_ADT_AUDIT_DATA_UNKNOWN "org.freedesktop.DBus.Error.AdtAuditDataUnknown" |
820 | + /** There's already an object with the requested object path. */ |
821 | diff --git a/debian/patches/ubuntu/dont-stop-dbus.patch b/debian/patches/ubuntu/dont-stop-dbus.patch |
822 | new file mode 100644 |
823 | index 0000000..0313060 |
824 | --- /dev/null |
825 | +++ b/debian/patches/ubuntu/dont-stop-dbus.patch |
826 | @@ -0,0 +1,98 @@ |
827 | +From: Martin Pitt <martin.pitt@ubuntu.com> |
828 | +Date: Tue, 31 Mar 2015 18:46:06 +0200 |
829 | +Subject: Don't stop D-Bus in the service unit |
830 | + |
831 | +D-Bus is getting stopped too early during shutdown, so that services on the bus |
832 | +are still running (and being shut down) after that. This leads to shutdown |
833 | +hangs due to remote file systems not getting unmounted as wpa_supplicant is |
834 | +already gone, or avahi or NetworkManager getting lots of errors because they |
835 | +get disconnected, etc. As D-Bus does not keep its state between restarts, |
836 | +dbus.socket also does not help us. |
837 | + |
838 | +Also, stopping D-Bus in a running system isn't something which we ever |
839 | +supported; to the contrary, we patched several packages to avoid |
840 | +restarting/stopping D-Bus in postinsts, as stopping d-bus in a running system |
841 | +is shooting yourself into the foot (independent of which init system you use). |
842 | +Thus leaving D-Bus running until the bitter end should be fine, it doesn't have |
843 | +any file system things to do on shutdown. This also approximates the brave new |
844 | +kdbus world where d-bus is basically "always available". |
845 | + |
846 | +Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89847 |
847 | +Bug-Ubuntu: https://launchpad.net/bugs/1438612 |
848 | + |
849 | +26 Feb 2021 Updates from xnox |
850 | + |
851 | +Whilst the original patch was okish, it didn't actually work |
852 | +right. dbus.service had Requires dbus.socket, which in turn did not |
853 | +try refuse being stopped, thus socket was being stopped / going away |
854 | +whilst the dbus service is still running. Also that happened on |
855 | +shutdown. And sometimes dbus can hang and refuses to answer, in such |
856 | +cases it is best to let people be able to kill it and restart it. Plus |
857 | +with needrestart integration we kind of can restart dbus and some |
858 | +basic services to keep machine alive. So, to actually prevent dbus |
859 | +from being stopped on shutdown undo the previous incarnation of the |
860 | +patch and instead do this: |
861 | + |
862 | +Dependencies: |
863 | +* Add DefaultDependencies=no |
864 | +* Instead of Requires/After sysinit.target, add back Wants/After sysinit.target. |
865 | +* Add back After basic.target |
866 | +* Do not add back Conflicts/Before shutdown.target |
867 | + |
868 | +Do that for _both_ dbus.service and dbus.socket. |
869 | + |
870 | +dbus.service: |
871 | +* Drop the Killmode, ExecStop things |
872 | +* Make ExecStart be @/usr/bin/dbus-daemon @dbus-daemon .... thus it |
873 | + will now be survie systemd-shutdown kill spree |
874 | + |
875 | +End result is that now one can use $ sudo |
876 | +/etc/needrestart/restart.d/dbus.service to restart dbus, and yet it is |
877 | +not part of the shutdown transactions. |
878 | + |
879 | +09 Sep 2021 Updates from slyon |
880 | + |
881 | +The previous update made it be not part of the shutdown transaction, but |
882 | +introduced a deadlock during bootup like this: |
883 | + |
884 | + systemd[1]: basic.target: starting held back, waiting for: sockets.target |
885 | + systemd[1]: dbus.socket: starting held back, waiting for: basic.target |
886 | + systemd[1]: dbus.service: starting held back, waiting for: dbus.socket |
887 | + |
888 | +Therefore we need to remove the After=basic.target dependency of dbus.socket |
889 | +to break that dependency loop. |
890 | + |
891 | +--- |
892 | + bus/dbus.service.in | 4 ++++ |
893 | + 1 file changed, 4 insertions(+) |
894 | + |
895 | +--- a/bus/dbus.service.in |
896 | ++++ b/bus/dbus.service.in |
897 | +@@ -2,10 +2,14 @@ |
898 | + Description=D-Bus System Message Bus |
899 | + Documentation=man:dbus-daemon(1) |
900 | + Requires=dbus.socket |
901 | ++# Do not stop on shutdown |
902 | ++DefaultDependencies=no |
903 | ++Wants=sysinit.target |
904 | ++After=sysinit.target basic.target |
905 | + |
906 | + [Service] |
907 | + Type=notify |
908 | + NotifyAccess=main |
909 | +-ExecStart=@EXPANDED_BINDIR@/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only |
910 | ++ExecStart=@@EXPANDED_BINDIR@/dbus-daemon @dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only |
911 | + ExecReload=@EXPANDED_BINDIR@/dbus-send --print-reply --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig |
912 | + OOMScoreAdjust=-900 |
913 | +--- a/bus/dbus.socket.in |
914 | ++++ b/bus/dbus.socket.in |
915 | +@@ -1,5 +1,9 @@ |
916 | + [Unit] |
917 | + Description=D-Bus System Message Bus Socket |
918 | ++# Do not stop on shutdown |
919 | ++DefaultDependencies=no |
920 | ++Wants=sysinit.target |
921 | ++After=sysinit.target |
922 | + |
923 | + [Socket] |
924 | + ListenStream=@DBUS_SYSTEM_SOCKET@ |
925 | diff --git a/debian/rules b/debian/rules |
926 | index 16f76c8..59aab5e 100755 |
927 | --- a/debian/rules |
928 | +++ b/debian/rules |
929 | @@ -254,11 +254,10 @@ endif |
930 | override_dh_missing: |
931 | dh_missing $(dh_missing_options) |
932 | |
933 | -# Yes, we do need both --no- options here. https://bugs.debian.org/837528 |
934 | override_dh_installinit: |
935 | - dh_installinit -pdbus --no-stop-on-upgrade --no-restart-after-upgrade |
936 | + dh_installinit -pdbus --no-start --no-stop-on-upgrade |
937 | override_dh_installsystemd: |
938 | - dh_installsystemd -pdbus --no-stop-on-upgrade --no-restart-after-upgrade |
939 | + dh_installsystemd -pdbus --no-start --no-stop-on-upgrade |
940 | |
941 | override_dh_installdocs: |
942 | dh_installdocs --all AUTHORS NEWS README |
Uploaded