lp:~racb/ubuntu/+source/dbus

Author: Robie Basak
Author Date: 2016-12-14 13:34:32 UTC

DSC file for 1.6.18-0ubuntu4.5

Author: Robie Basak
Author Date: 2016-12-14 13:00:41 UTC

pristine-tar data for dbus_1.2.4.orig.tar.gz

Author: Robie Basak
Author Date: 2016-12-14 13:00:41 UTC

Imported Upstream version 1.2.4

Author: Robie Basak
Author Date: 2016-12-14 12:47:23 UTC

pristine-tar data for dbus_1.10.14.orig.tar.gz

Author: Robie Basak
Author Date: 2016-12-14 12:47:20 UTC

DSC file for 1.10.14-1

Author: Tyler Hicks
Author Date: 2016-11-30 21:44:48 UTC

Import patches-unapplied version 1.6.18-0ubuntu4.5 to ubuntu/trusty-proposed

Imported using usd-importer.

Publish parent: 8bd0625e3f27f0c18eedde5375c9d0ea8a34af28
Changelog parent: bdbee5f4cd709f989b87315161c07aa1162683bb

New changelog entries:
  * debian/patches/unrequested-reply-mediation.patch: Don't let unrequested
    reply messages through and don't audit them. Unrequested reply messages
    are error or method_return messages that are sent from D-Bus connection A
    to D-Bus connection B that do not correspond to any message ever sent by
    D-Bus connection B. They should be quietly dropped as there's no use for
    them outside of malicious activity. Patch based on upstream patches.
    (LP: #1641243)

Author: Tyler Hicks
Author Date: 2016-11-30 21:44:48 UTC

Import patches-unapplied version 1.6.18-0ubuntu4.5 to ubuntu/trusty-proposed

Imported using usd-importer.

Publish parent: 8bd0625e3f27f0c18eedde5375c9d0ea8a34af28
Changelog parent: bdbee5f4cd709f989b87315161c07aa1162683bb

New changelog entries:
  * debian/patches/unrequested-reply-mediation.patch: Don't let unrequested
    reply messages through and don't audit them. Unrequested reply messages
    are error or method_return messages that are sent from D-Bus connection A
    to D-Bus connection B that do not correspond to any message ever sent by
    D-Bus connection B. They should be quietly dropped as there's no use for
    them outside of malicious activity. Patch based on upstream patches.
    (LP: #1641243)

Author: Simon McVittie
Author Date: 2016-11-28 21:58:04 UTC

Import patches-unapplied version 1.10.14-1 to debian/stretch

Imported using usd-importer.

Publish parent: 617752ff3f39c62c8d4363a19772fb4fe73c1fb7
Changelog parent: a97510a58d107e494bc8f9fb64723d6e48ea22c8

Author: Simon McVittie
Author Date: 2016-11-28 21:58:04 UTC

Import patches-unapplied version 1.10.14-1 to debian/sid

Imported using usd-importer.

Publish parent: c74430745ff101112492c9138fa5c0ff5dd3542e

New changelog entries:
  * New upstream release

Author: Simon McVittie
Author Date: 2016-11-28 23:22:39 UTC

Import patches-unapplied version 1.11.8-1 to debian/experimental

Imported using usd-importer.

Publish parent: 85b61a7eea5427313e3d7cae5d3c97e9260bd19e

New changelog entries:
  * New upstream development release
    - Bump libapparmor build-dependency to 2.10
    - Run the new test-apparmor-activation.sh as root
      (but do not test-depend on apparmor - we'll skip this test if on
      a system where AppArmor is not normally enabled)
    - Stop mentioning tools/lcov.am in d/copyright: no longer included
    - debian/copyright: Update

Author: Łukasz Zemczak
Author Date: 2016-10-11 18:12:43 UTC

Import patches-unapplied version 1.10.10-1ubuntu2 to ubuntu/zesty

Imported using usd-importer.

Publish parent: a4aa4c55c6ab699567e27b02fcae189d1ad31140
Changelog parent: 5c0e3959a4e297303e48a84380b55a6d5d798f9b

Author: Marc Deslauriers
Author Date: 2016-10-12 12:37:07 UTC

Import patches-unapplied version 1.4.18-1ubuntu1.8 to ubuntu/precise-updates

Imported using usd-importer.

Publish parent: 1707bdcbad5a4a430297937419465d6681318561
Changelog parent: d198d8afc0d7e00a1d153aee857867cb0d1da576

Author: Marc Deslauriers
Author Date: 2016-10-12 12:29:20 UTC

Import patches-unapplied version 1.10.10-1ubuntu1.1 to ubuntu/yakkety-updates

Imported using usd-importer.

Publish parent: 27aebc4f0c0007c7169859348fdb6d5260986175
Changelog parent: 0890db28796fd007f00c40d5c3905f33259be119

Author: Marc Deslauriers
Author Date: 2016-10-12 12:29:20 UTC

Import patches-unapplied version 1.10.10-1ubuntu1.1 to ubuntu/yakkety-updates

Imported using usd-importer.

Publish parent: 27aebc4f0c0007c7169859348fdb6d5260986175
Changelog parent: 0890db28796fd007f00c40d5c3905f33259be119

Author: Marc Deslauriers
Author Date: 2016-10-12 12:33:00 UTC

Import patches-unapplied version 1.10.6-1ubuntu3.1 to ubuntu/xenial-updates

Imported using usd-importer.

Publish parent: 6108cb25aa303a8d14cdcd7c1a6a9928272e3a96
Changelog parent: cc4f94d8d6f92da3c08654c21461c6d339c2136d

Author: Marc Deslauriers
Author Date: 2016-10-12 12:33:00 UTC

Import patches-unapplied version 1.10.6-1ubuntu3.1 to ubuntu/xenial-updates

Imported using usd-importer.

Publish parent: 6108cb25aa303a8d14cdcd7c1a6a9928272e3a96
Changelog parent: cc4f94d8d6f92da3c08654c21461c6d339c2136d

Author: Marc Deslauriers
Author Date: 2016-10-12 12:33:44 UTC

Import patches-unapplied version 1.6.18-0ubuntu4.4 to ubuntu/trusty-updates

Imported using usd-importer.

Publish parent: 45bf109d642524ab15c6f6e1e26a926febf32156
Changelog parent: bdbee5f4cd709f989b87315161c07aa1162683bb

Author: Marc Deslauriers
Author Date: 2016-10-12 12:37:07 UTC

Import patches-unapplied version 1.4.18-1ubuntu1.8 to ubuntu/precise-updates

Imported using usd-importer.

Publish parent: 1707bdcbad5a4a430297937419465d6681318561
Changelog parent: d198d8afc0d7e00a1d153aee857867cb0d1da576

Author: Marc Deslauriers
Author Date: 2016-10-12 12:33:00 UTC

Import patches-unapplied version 1.10.6-1ubuntu3.1 to ubuntu/xenial-security

Imported using usd-importer.

Publish parent: 6108cb25aa303a8d14cdcd7c1a6a9928272e3a96

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution or denial of service via
    format string vulnerability (likely limited to uid 0 only)
    - debian/patches/format_string.patch: do not use non-literal format
      string in bus/activation.c.
    - No CVE number

Author: Marc Deslauriers
Author Date: 2016-10-12 12:37:07 UTC

Import patches-unapplied version 1.4.18-1ubuntu1.8 to ubuntu/precise-security

Imported using usd-importer.

Publish parent: db65f00e26daa060e177985debec633cb6d98234

New changelog entries:
  * SECURITY UPDATE: denial of service via ActivationFailure signal race
    - debian/patches/CVE-2015-0245.patch: prevent forged ActivationFailure
      from non-root processes in bus/system.conf.in.
    - CVE-2015-0245
  * SECURITY UPDATE: arbitrary code execution or denial of service via
    format string vulnerability
    - debian/patches/format_string.patch: do not use non-literal format
      string in bus/activation.c.
    - No CVE number

Author: Marc Deslauriers
Author Date: 2016-10-12 12:33:44 UTC

Import patches-unapplied version 1.6.18-0ubuntu4.4 to ubuntu/trusty-security

Imported using usd-importer.

Publish parent: f6f8bd34aa60e53cec1fbd03e02a8581132b682a

New changelog entries:
  * SECURITY UPDATE: denial of service via ActivationFailure signal race
    - debian/patches/CVE-2015-0245.patch: prevent forged ActivationFailure
      from non-root processes in bus/system.conf.in.
    - CVE-2015-0245
  * SECURITY UPDATE: arbitrary code execution or denial of service via
    format string vulnerability
    - debian/patches/format_string.patch: do not use non-literal format
      string in bus/activation.c.
    - No CVE number

Author: Marc Deslauriers
Author Date: 2016-10-12 12:29:20 UTC

Import patches-unapplied version 1.10.10-1ubuntu1.1 to ubuntu/yakkety-security

Imported using usd-importer.

Publish parent: 27aebc4f0c0007c7169859348fdb6d5260986175

New changelog entries:
  * SECURITY UPDATE: arbitrary code execution or denial of service via
    format string vulnerability (likely limited to uid 0 only)
    - debian/patches/format_string.patch: do not use non-literal format
      string in bus/activation.c.
    - No CVE number

Author: Łukasz Zemczak
Author Date: 2016-10-11 18:12:43 UTC

Import patches-unapplied version 1.10.10-1ubuntu2 to ubuntu/zesty-proposed

Imported using usd-importer.

Publish parent: a4aa4c55c6ab699567e27b02fcae189d1ad31140

New changelog entries:
  * debian/patches/make-uid-0-immune-to-timeout.patch:
    - Add a test patch proposed by Simon McVittie upstream to fix bug
      LP: #1591411.

Author: Łukasz Zemczak
Author Date: 2016-10-11 18:12:43 UTC

Import patches-unapplied version 1.10.10-1ubuntu2 to ubuntu/zesty-proposed

Imported using usd-importer.

Publish parent: a4aa4c55c6ab699567e27b02fcae189d1ad31140

New changelog entries:
  * debian/patches/make-uid-0-immune-to-timeout.patch:
    - Add a test patch proposed by Simon McVittie upstream to fix bug
      LP: #1591411.

Author: Łukasz Zemczak
Author Date: 2016-10-11 18:12:43 UTC

Import patches-unapplied version 1.10.10-1ubuntu2 to ubuntu/zesty-proposed

Imported using usd-importer.

Publish parent: a4aa4c55c6ab699567e27b02fcae189d1ad31140

New changelog entries:
  * debian/patches/make-uid-0-immune-to-timeout.patch:
    - Add a test patch proposed by Simon McVittie upstream to fix bug
      LP: #1591411.

Author: Jeremy Bícha
Author Date: 2016-09-11 08:09:45 UTC

Import patches-unapplied version 1.10.10-1ubuntu1 to ubuntu/yakkety

Imported using usd-importer.

Publish parent: 928cf566fefe438a992289b3c430a7410fdda77e
Changelog parent: 9051ef11bd98e67d16f37e5517993ae853646a33

Author: Jeremy Bícha
Author Date: 2016-09-11 08:09:45 UTC

Import patches-unapplied version 1.10.10-1ubuntu1 to ubuntu/yakkety-proposed

Imported using usd-importer.

Publish parent: 63aebc1c1c9199ae44ad6c4a8aa97c20ece302e2
Changelog parent: 069fff169e8a61c26e4896dd4dbef698800c8a9f

New changelog entries:
  [ Jeremy Bicha ]
  * Merge with Debian (LP: #1622401), remaining changes:
    - Add debian/dbus.user-session.upstart.
    - debian, dbus.postinst, debian/rules: Don't start D-Bus on package
      installation, as that doesn't work any more. Instead, start dbus.socket
      in postinst, which will then start D-Bus on demand after package
      installation.
    - Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service
      unit (see patch header and upstream bug for details). Fixes various
      causes of shutdown hangs, particularly with remote file systems. (LP:
      #1438612) (LP: #1540282)
    - aa-get-connection-apparmor-security-context.patch: This is not
      intended for upstream inclusion. It implements a bus method
      (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
      security context but upstream D-Bus has recently added a generic way of
      getting a connection's security credentials (GetConnectionCredentials).
      Ubuntu should carry this patch until packages in the archive are moved
      over to the new, generic method of getting a connection's credentials.
  * Dropped changes:
    - debian/dbus.preinst: divert the dbus-daemon-launch-helper if upgrading
      from < 1.9.4-2~. This will make sure we keep the setuid bit during upgrade.
      (LP: #1555237)
    - Drop system upstart job.
  [ Martin Pitt ]
  * Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until
    after 18.04 LTS.

Author: Mathieu Trudel-Lapierre
Author Date: 2016-03-31 19:07:46 UTC

Import patches-unapplied version 1.10.6-1ubuntu3 to ubuntu/xenial

Imported using usd-importer.

Publish parent: 8cf0847051d6c9b1517c161ecdb85d737efa028e
Changelog parent: 7e8c462055cbff88464712e6538fbf98c0a77b96

Author: Mathieu Trudel-Lapierre
Author Date: 2016-03-31 19:07:46 UTC

Import patches-unapplied version 1.10.6-1ubuntu3 to ubuntu/xenial-proposed

Imported using usd-importer.

Publish parent: 253fe901be5de1160822779206fa4615abbdfe61

New changelog entries:
  * debian/dbus.preinst: divert the dbus-daemon-launch-helper if upgrading
    from < 1.9.4-2~. This will make sure we keep the setuid bit during upgrade.
    (LP: #1555237)
  * debian/dbus.postinst: remove diversion.

Author: Simon McVittie
Author Date: 2015-02-05 15:58:36 UTC

Import patches-unapplied version 1.6.8-1+deb7u6 to debian/wheezy

Imported using usd-importer.

Publish parent: 59371b73ab2c6647b96b3e20a3d29ba58f97e7d8

New changelog entries:
  * Add patch for system.conf to fix a local denial of service when
    using systemd activation (CVE-2015-0245)

Author: Simon McVittie
Author Date: 2015-07-21 16:59:42 UTC

Import patches-unapplied version 1.8.20-0+deb8u1 to debian/jessie

Imported using usd-importer.

Publish parent: f91a615965097c0690b0aec8f73614ab6866ef86

New changelog entries:
  * New upstream bugfix release
    - fix a memory leak when GetConnectionCredentials is called
    - stop dbus-monitor replying to org.freedesktop.DBus.Peer
      messages, including those that another process should have
      replied to

Author: Iain Lane
Author Date: 2015-09-01 16:35:32 UTC

Import patches-unapplied version 1.10.0-1ubuntu1 to ubuntu/wily

Imported using usd-importer.

Publish parent: 1778d3bf0c54d1069ab0588c7e854b2e741a85d5
Changelog parent: 665433b394a37e4a265baf1cc0c711099a506621

Author: Iain Lane
Author Date: 2015-09-01 16:35:32 UTC

Import patches-unapplied version 1.10.0-1ubuntu1 to ubuntu/wily-proposed

Imported using usd-importer.

Publish parent: 2c4be2dc672e430727118d41240a375794cdfc7c
Changelog parent: 31fc1e452188fdb1349c00492d31aaeaa759e656

New changelog entries:
  * Merge with Debian, remaining changes:
    - Add upstart jobs; Upstart is still supported for the system init.
      + Add debian/dbus.upstart and dbus.user-session.upstart
    - Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service
      unit (see patch header and upstream bug for details). Fixes various
      causes of shutdown hangs, particularly with remote file systems. (LP:
      #1438612)
    - aa-get-connection-apparmor-security-context.patch: This is not
      intended for upstream inclusion. It implements a bus method
      (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
      security context but upstream D-Bus has recently added a generic way of
      getting a connection's security credentials (GetConnectionCredentials).
      Ubuntu should carry this patch until packages in the archive are moved
      over to the new, generic method of getting a connection's credentials.

Author: Martin Pitt
Author Date: 2015-03-31 16:46:06 UTC

Import patches-unapplied version 1.8.12-1ubuntu5 to ubuntu/vivid

Imported using usd-importer.

Publish parent: da1e9edf3d2d1b459f1382b9719141bf53fab03b
Changelog parent: a18f24963ec3f724bcd2e49f8367ec1c1665b131

Author: Martin Pitt
Author Date: 2015-03-31 16:46:06 UTC

Import patches-unapplied version 1.8.12-1ubuntu5 to ubuntu/vivid-proposed

Imported using usd-importer.

Publish parent: 46dbbb1e60ae9b45d84267c05f14cf4529f40f74

New changelog entries:
  * Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service
    unit (see patch header and upstream bug for details). Fixes various causes
    of shutdown hangs, particularly with remote file systems. (LP: #1438612)

Author: Martin Pitt
Author Date: 2015-03-31 16:46:06 UTC

Import patches-unapplied version 1.8.12-1ubuntu5 to ubuntu/vivid-proposed

Imported using usd-importer.

Publish parent: 46dbbb1e60ae9b45d84267c05f14cf4529f40f74

New changelog entries:
  * Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service
    unit (see patch header and upstream bug for details). Fixes various causes
    of shutdown hangs, particularly with remote file systems. (LP: #1438612)

Author: Marc Deslauriers
Author Date: 2014-11-25 19:34:31 UTC

Import patches-unapplied version 1.8.8-1ubuntu2.1 to ubuntu/utopic-updates

Imported using usd-importer.

Publish parent: 634f0f8d55eae08d23c3f883b0ed63b5d73e9896
Changelog parent: c4f10bf1374b8f8f2cb62f8a6d5c98e100a262cf

Author: Marc Deslauriers
Author Date: 2014-11-25 19:34:31 UTC

Import patches-unapplied version 1.8.8-1ubuntu2.1 to ubuntu/utopic-security

Imported using usd-importer.

Publish parent: 634f0f8d55eae08d23c3f883b0ed63b5d73e9896

New changelog entries:
  * SECURITY UPDATE: denial of service via large number of fds
    - debian/patches/CVE-2014-7824.patch: raise rlimit and restore it for
      activated services in bus/activation.c, bus/bus.*,
      dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c,
      dbus/dbus-sysdeps.h.
    - debian/dbus.init: don't launch daemon as a user so the rlimit can be
      raised.
    - CVE-2014-7824
  * SECURITY REGRESSION: authentication timeout on certain slower systems
    - debian/patches/CVE-2014-3639-regression.patch: raise auth_timeout
      back up to 30 secs in bus/config-parser.c, add a warning to
      bus/connection.c.
    - CVE-2014-3639

Author: Oliver Grawert
Author Date: 2014-09-26 13:07:05 UTC

Import patches-unapplied version 1.8.8-1ubuntu2 to ubuntu/utopic

Imported using usd-importer.

Publish parent: ff134e1dcd4307b8a20a9c03aedb5114e4e08ce8
Changelog parent: e98615f5600d6e63996be55a0298a50e53119f7f

Author: Oliver Grawert
Author Date: 2014-09-26 13:07:05 UTC

Import patches-unapplied version 1.8.8-1ubuntu2 to ubuntu/utopic-proposed

Imported using usd-importer.

Publish parent: 0f28276552eb0159458fcc6477a9f34be633a960

New changelog entries:
  * write to $XDG_RUNTIME_DIR instead of the users home when creating the
    dbus-session file, so we can start our session even with 100% filled or
    readonly home dir (LP: #1316978)

Author: Marc Deslauriers
Author Date: 2014-09-17 16:27:46 UTC

Import patches-unapplied version 1.2.16-2ubuntu4.8 to ubuntu/lucid-updates

Imported using usd-importer.

Publish parent: f0a8e390da143445655163b7aa56c9bf1069b371
Changelog parent: fb0f796f15109fbb523bf73e8e432980e3450ad1

Author: Marc Deslauriers
Author Date: 2014-09-17 16:27:46 UTC

Import patches-unapplied version 1.2.16-2ubuntu4.8 to ubuntu/lucid-security

Imported using usd-importer.

Publish parent: 93ef9e4767aead6446352b5071e9eb3f26d9bacd

New changelog entries:
  * SECURITY UPDATE: denial of service via large number of pending replies
    - debian/patches/CVE-2014-3638.patch: reduce max_replies_per_connection
      to 128 in bus/config-parser.c.
    - CVE-2014-3638
  * SECURITY UPDATE: denial of service via incomplete connections
    - debian/patches/CVE-2014-3639.patch: reduce auth_timeout in
      bus/config-parser.c, stop listening on DBusServer sockets when
      reaching max_incomplete_connections in bus/bus.*, bus/connection.*,
      dbus/dbus-server-protected.h, dbus/dbus-server.c, dbus/dbus-watch.*.
    - CVE-2014-3639

Author: Marc Deslauriers
Author Date: 2014-07-03 12:35:59 UTC

Import patches-unapplied version 1.6.12-0ubuntu10.1 to ubuntu/saucy-updates

Imported using usd-importer.

Publish parent: 2d9c102e122e2b8bc7f5ac86d14f0e44cd075eda
Changelog parent: 389345ae16118649429262296507f2fc3f185d7b

Author: Marc Deslauriers
Author Date: 2014-07-03 12:35:59 UTC

Import patches-unapplied version 1.6.12-0ubuntu10.1 to ubuntu/saucy-security

Imported using usd-importer.

Publish parent: 2d9c102e122e2b8bc7f5ac86d14f0e44cd075eda

New changelog entries:
  * SECURITY UPDATE: denial of service via activation errors
    - debian/patches/CVE-2014-3477.patch: improve error handling in
      bus/activation.*, bus/services.c.
    - CVE-2014-3477
  * SECURITY UPDATE: denial of service via ETOOMANYREFS
    - debian/patches/CVE-2014-3532.patch: drop message on ETOOMANYREFS in
      dbus/dbus-sysdeps.*, dbus/dbus-transport-socket.c.
    - CVE-2014-3532
  * SECURITY UPDATE: denial of service via invalid file descriptor
    - debian/patches/CVE-2014-3533.patch: fix memory handling in
      dbus/dbus-message.c.
    - CVE-2014-3533

Author: Stéphane Graber
Author Date: 2014-04-01 21:53:17 UTC

Import patches-unapplied version 1.6.18-0ubuntu4 to ubuntu/trusty

Imported using usd-importer.

Publish parent: e12adc4abd35e581f648afd21bc0f9e9b62f5c75
Changelog parent: 8bd0625e3f27f0c18eedde5375c9d0ea8a34af28

Author: Simon McVittie
Author Date: 2014-01-20 15:05:53 UTC

Import patches-applied version 1.8.0-1 to applied/debian/jessie

Imported using usd-importer.

Publish parent: 0f63d99dc7ef1e9a3cb03ca72812387653bcfad5
Changelog parent: ef7610e93faa74f912fb19a4cbcca45ca467444c
Unapplied parent: b610919a046d33dfa944c43c63ff4aad4a0c5230

Author: Simon McVittie
Author Date: 2014-01-20 15:05:53 UTC

Import patches-applied version 1.8.0-1 to applied/debian/sid

Imported using usd-importer.

Publish parent: d17eaae28b29516667865032a6835478315b944a
Unapplied parent: 84db4a64966ac325e4555556a9a2acd18b076fa8

New changelog entries:
  * New upstream stable release
    - add debian/copyright stanzas for some new BSD-licensed cmake macros

Author: Simon McVittie
Author Date: 2013-10-29 13:07:02 UTC

Import patches-applied version 1.7.8-1 to applied/debian/experimental

Imported using usd-importer.

Publish parent: 518d88146ccdd4df6d79288cc48d98dd5abc256e
Unapplied parent: 6674c60fb635da2071f92562b00c63c78ef7e085

New changelog entries:
  [ Laurent Bigonville ]
  * debian/rules: Re-add udeb_configure_flags that were lost during merge
    (Closes: #727774)
  [ Simon McVittie ]
  * Standards-Version: 3.9.5 (no changes needed)
  * Enable libaudit support so messages that violate SELinux policy go to the
    audit log (Closes: #727771)
  * New upstream release
    - add new dependency on libsystemd-journal-dev for linux-any

Author: Simon McVittie
Author Date: 2013-06-12 13:03:19 UTC

Import patches-applied version 1.6.8-1+deb7u1 to applied/debian/wheezy

Imported using usd-importer.

Publish parent: 3e98c92a3c072f691fcb9fc0639c76ed76ca99d0
Unapplied parent: 528433dacefebc74f498aaa2346cc578dcd64c87

New changelog entries:
  * CVE-2013-2168: add patch to avoid a user-triggerable crash
    (denial of services) in system services that use libdbus

Author: Tyler Hicks
Author Date: 2013-10-10 17:40:26 UTC

Import patches-unapplied version 1.6.12-0ubuntu10 to ubuntu/saucy

Imported using usd-importer.

Publish parent: 306e5e55e5877694e4f7f60012b83daa70033498
Changelog parent: e3702b2f2d8caba07b38ee3d499d1cda92fc0996

Author: Tyler Hicks
Author Date: 2013-10-10 17:40:26 UTC

Import patches-unapplied version 1.6.12-0ubuntu10 to ubuntu/saucy-proposed

Imported using usd-importer.

Publish parent: e9acf6d6d020af2972a196d9bc71c684ff884e27

New changelog entries:
  * debian/patches/aa-mediation.patch: Attempt to open() the mask file in
    apparmorfs/features/dbus rather than simply stat() the dbus directory.
    This is an important difference because AppArmor does not mediate the
    stat() syscall. This resulted in problems in an environment where
    dbus-daemon, running inside of an LXC container, did not have the
    necessary AppArmor rules to access apparmorfs but the stat() succeeded
    so mediation was not properly disabled. (LP: #1238267)
    This problem was exposed after dropping aa-kernel-compat-check.patch
    because the compat check was an additional check that performed a test
    query. The test query was failing in the above scenario, which did result
    in mediation being disabled.
  * debian/patches/aa-get-connection-apparmor-security-context.patch,
    debian/patches/aa-mediate-eavesdropping.patch: Refresh these patches to
    accomodate the above change

Author: Marc Deslauriers
Author Date: 2013-06-13 12:44:47 UTC

Import patches-unapplied version 1.6.8-1ubuntu6.1 to ubuntu/raring-updates

Imported using usd-importer.

Publish parent: b6407ceb772848a7068f3c0a73ac84c1cae4d5fc
Changelog parent: 3f2ce4c04149f8c80e6e9a086841793bb9462e21

Author: Marc Deslauriers
Author Date: 2013-06-13 14:17:02 UTC

Import patches-unapplied version 1.6.4-1ubuntu4.1 to ubuntu/quantal-updates

Imported using usd-importer.

Publish parent: a8ee82e482323a44ad49bfe5afe44b71a8131950
Changelog parent: b31c64db832d5100d07938bc720ba235d20a1431

Author: Marc Deslauriers
Author Date: 2013-06-13 14:17:02 UTC

Import patches-unapplied version 1.6.4-1ubuntu4.1 to ubuntu/quantal-security

Imported using usd-importer.

Publish parent: a8ee82e482323a44ad49bfe5afe44b71a8131950

New changelog entries:
  * SECURITY UPDATE: denial of service via _dbus_printf_string_upper_bound()
    length.
    - debian/patches/CVE-2013-2168.patch: use a copy of va_list in
      dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-win.c, added test to
      test/Makefile.am, test/internals/printf.c.
    - CVE-2013-2168

Author: Marc Deslauriers
Author Date: 2013-06-13 12:44:47 UTC

Import patches-unapplied version 1.6.8-1ubuntu6.1 to ubuntu/raring-security

Imported using usd-importer.

Publish parent: b6407ceb772848a7068f3c0a73ac84c1cae4d5fc

New changelog entries:
  * SECURITY UPDATE: denial of service via _dbus_printf_string_upper_bound()
    length.
    - debian/patches/CVE-2013-2168.patch: use a copy of va_list in
      dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-win.c, added test to
      test/Makefile.am, test/internals/printf.c.
    - CVE-2013-2168

Author: Stéphane Graber
Author Date: 2013-03-25 13:52:01 UTC

Import patches-unapplied version 1.6.8-1ubuntu6 to ubuntu/raring

Imported using usd-importer.

Publish parent: 8627d2b70832c7690bd7b773f585a2d180f85306
Changelog parent: f9af14cb3a1a8aab0bbe21c777182899686ccfb2

Author: Stéphane Graber
Author Date: 2013-03-25 13:52:01 UTC

Import patches-unapplied version 1.6.8-1ubuntu6 to ubuntu/raring-proposed

Imported using usd-importer.

Publish parent: bf5815aa4a143708b40ae82ee804cde0b92c57b6

New changelog entries:
  * Tweak startup condition of user-job to block xsession-init until it's
    started. (LP: #1155205)

Author: Simon McVittie
Author Date: 2012-10-04 07:47:10 UTC

Import patches-applied version 1.2.24-4+squeeze2 to applied/debian/squeeze

Imported using usd-importer.

Publish parent: 503e4a5afa790b3d5b00973e5a03ee48c7e91cec
Unapplied parent: 0e22d6ac883b7d0bc07c471515a75f6ef74f74a7

New changelog entries:
  * CVE-2012-3524: apply patches from upstream 1.6.6 to avoid arbitrary
    code execution in setuid/setgid binaries that incorrectly use libdbus
    without first sanitizing the environment variables inherited from
    their less-privileged caller (Closes: #689070).
    - As per upstream 1.6.8, do not check filesystem capabilities for now,
      only setuid/setgid, fixing regressions in certain configurations of
      gnome-keyring

Author: Simon McVittie
Author Date: 2012-10-04 07:47:10 UTC

Import patches-unapplied version 1.2.24-4+squeeze2 to debian/squeeze

Imported using usd-importer.

Publish parent: 58766a898911533a4af06597015fcf067445a8e1

New changelog entries:
  * CVE-2012-3524: apply patches from upstream 1.6.6 to avoid arbitrary
    code execution in setuid/setgid binaries that incorrectly use libdbus
    without first sanitizing the environment variables inherited from
    their less-privileged caller (Closes: #689070).
    - As per upstream 1.6.8, do not check filesystem capabilities for now,
      only setuid/setgid, fixing regressions in certain configurations of
      gnome-keyring

Author: Marc Deslauriers
Author Date: 2012-10-03 16:59:30 UTC

Import patches-unapplied version 1.1.20-1ubuntu3.9 to ubuntu/hardy-updates

Imported using usd-importer.

Publish parent: 29f7bb883e2ac3c0244a60d4455e9b737d97c3e8
Changelog parent: 0bace1514fe330886bac26c7cf1f9398c86e5c34

Author: Marc Deslauriers
Author Date: 2012-10-03 11:03:55 UTC

Import patches-unapplied version 1.4.6-1ubuntu6.4 to ubuntu/natty-updates

Imported using usd-importer.

Publish parent: 7cae7bd70c8d52c165b4c84bc4647a0a48a0675e
Changelog parent: a6ff21905bf7f09a70bfa1d3b93d3ed7b20a8e3a

Author: Marc Deslauriers
Author Date: 2012-10-03 11:02:41 UTC

Import patches-unapplied version 1.4.14-1ubuntu1.3 to ubuntu/oneiric-updates

Imported using usd-importer.

Publish parent: 4a090385a42f20920f4c97cf30a0088f30bc02ac
Changelog parent: 945a983d880dbb22409d85501e6f0f8360682826

Author: Marc Deslauriers
Author Date: 2012-10-03 11:02:41 UTC

Import patches-unapplied version 1.4.14-1ubuntu1.3 to ubuntu/oneiric-security

Imported using usd-importer.

Publish parent: 84e160a5f8ac8a8dde16e3f33e25e5ffcd04184f

New changelog entries:
  * REGRESSION FIX: some applications launched with the activation helper
    may need DBUS_STARTER_ADDRESS. (LP: #1058343)
    - debian/patches/CVE-2012-3524-regression-fix.patch: hardcode the
      starter address to the default system bus address.
  * REGRESSION FIX: unclean shutdown after dbus upgrade (LP: #740390)
    - debian/libdbus-1-3.postinst: trigger an upstart re-exec before
      shutdown or reboot so that it can safely unmount the root
      filesystem.

Author: Marc Deslauriers
Author Date: 2012-10-03 11:03:55 UTC

Import patches-unapplied version 1.4.6-1ubuntu6.4 to ubuntu/natty-security

Imported using usd-importer.

Publish parent: dec7e1d4ad528aeb4ca728c8f6fe94201b5f4be5

New changelog entries:
  * REGRESSION FIX: some applications launched with the activation helper
    may need DBUS_STARTER_ADDRESS. (LP: #1058343)
    - debian/patches/CVE-2012-3524-regression-fix.patch: hardcode the
      starter address to the default system bus address.
  * REGRESSION FIX: unclean shutdown after dbus upgrade (LP: #740390)
    - debian/libdbus-1-3.postinst: trigger an upstart re-exec before
      shutdown or reboot so that it can safely unmount the root
      filesystem.

Author: Marc Deslauriers
Author Date: 2012-10-03 16:59:30 UTC

Import patches-unapplied version 1.1.20-1ubuntu3.9 to ubuntu/hardy-security

Imported using usd-importer.

Publish parent: 662d7558e5ed3c3dcbae130a5931a0fe662f4ef9

New changelog entries:
  * REGRESSION FIX: some applications launched with the activation helper
    may need DBUS_STARTER_ADDRESS. (LP: #1058343)
    - debian/patches/87-CVE-2012-3524-regression-fix.patch: hardcode the
      starter address to the default system bus address.

Author: Marc Deslauriers
Author Date: 2012-10-03 18:41:36 UTC

Import patches-unapplied version 1.6.4-1ubuntu4 to ubuntu/quantal

Imported using usd-importer.

Publish parent: de309389234ada22091e083b7b02eac4cb3fd238
Changelog parent: c9289f9b5da77d0579336488098fb9734ed3f027

Author: Marc Deslauriers
Author Date: 2012-10-03 18:41:36 UTC

Import patches-unapplied version 1.6.4-1ubuntu4 to ubuntu/quantal-proposed

Imported using usd-importer.

Publish parent: 2c0a98c8c8d7446bd992af996847a92303e72ccd

New changelog entries:
  * debian/patches/CVE-2012-3524-regression-fix.patch: updated to fix test
    suite.

Author: Martin Pitt
Author Date: 2012-02-22 08:26:02 UTC

Import patches-unapplied version 1.4.18-1ubuntu1 to ubuntu/precise

Imported using usd-importer.

Publish parent: 1a6853aaf7145a3acccd2e80859786082b79b6d7
Changelog parent: e026a1e008aa2f198d902c1704631005fe58b0cb

New changelog entries:
  * Merge with Debian unstable to pick up the new bug fix release. Remaining
    Ubuntu changes:
    - Install binaries into / rather than /usr:
      + debian/rules: Set --exec-prefix=/
      + debian/dbus.install, debian/dbus-x11.install: Install from /bin
    - Use upstart to start:
      + Add debian/dbus.upstart.
      + debian/control: Add upstart dependency.
      + debian/dbus.postinst: Use upstart call instead of invoking the init.d
        script for checking if we are already running.
      + debian/control: versioned dependency on netbase that emits the new
        deconfiguring-networking event used in upstart script.
    - 20_system_conf_limit.patch: Increase max_match_rules_per_connection for
      the system bus to 5000 (LP #454093)
    - 81-session.conf-timeout.patch: Raise the service startup timeout from 25
      to 60 seconds. It may be too short on the live CD with slow machines.
    - Add 0001-activation-allow-for-more-variation-than-just-system.patch,
      0002-bus-change-systemd-activation-to-activation-systemd.patch,
      0003-upstart-add-upstart-as-a-possible-activation-type.patch,
      0004-upstart-add-UpstartJob-to-service-desktop-files.patch,
      0005-activation-implement-upstart-activation.patch: Patches from Scott
      James Remnant to implement Upstart service activation. Not upstream.

Author: Nico Golde
Author Date: 2011-01-15 14:54:45 UTC

Import patches-applied version 1.2.1-5+lenny2 to applied/debian/lenny

Imported using usd-importer.

Publish parent: 5f4f2a7b9f34fca5271fc5f8d43629f9e2e766d8
Unapplied parent: bdd951c27cb0e289e437aa9898118c1302dbc7cf

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Backport upstream patch to fix a possible call stack overflow and thus
    denial of service, when processing messages with excessive nested variants.
    This fix restricts the nesting level to 64 (52-CVE-2010-4352.patch).

Author: Nico Golde
Author Date: 2011-01-15 14:54:45 UTC

Import patches-unapplied version 1.2.1-5+lenny2 to debian/lenny

Imported using usd-importer.

Publish parent: edd1d03691a4ccf4dda7edbbe4f9c8d4b4583a79

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * Backport upstream patch to fix a possible call stack overflow and thus
    denial of service, when processing messages with excessive nested variants.
    This fix restricts the nesting level to 64 (52-CVE-2010-4352.patch).

Author: Martin Pitt
Author Date: 2011-09-02 06:42:50 UTC

Import patches-unapplied version 1.4.14-1ubuntu1 to ubuntu/oneiric

Imported using usd-importer.

Publish parent: e07971a5e33a3d356b7834e57b1f58eea65e4cd8
Changelog parent: d19585689271183ae230ecc2bc6a7c70953ec4bd

New changelog entries:
  * Merge with Debian unstable. Remaining changes:
    - Install binaries into / rather than /usr:
      + debian/rules: Set --exec-prefix=/
      + debian/dbus.install, debian/dbus-x11.install: Install from /bin
    - Use upstart to start:
      + Add debian/dbus.upstart.
      + debian/control: Add upstart dependency.
      + debian/dbus.postinst: Use upstart call instead of invoking the init.d
        script for checking if we are already running.
      + debian/control: versioned dependency on netbase that emits the new
        deconfiguring-networking event used in upstart script.
    - 20_system_conf_limit.patch: Increase max_match_rules_per_connection for
      the system bus to 5000 (LP #454093)
    - 81-session.conf-timeout.patch: Raise the service startup timeout from 25
      to 60 seconds. It may be too short on the live CD with slow machines.
    - Add 0001-activation-allow-for-more-variation-than-just-system.patch,
      0002-bus-change-systemd-activation-to-activation-systemd.patch,
      0003-upstart-add-upstart-as-a-possible-activation-type.patch,
      0004-upstart-add-UpstartJob-to-service-desktop-files.patch,
      0005-activation-implement-upstart-activation.patch: Patches from Scott
      James Remnant to implement Upstart service activation. Not upstream.

Author: Jamie Strandboge
Author Date: 2011-07-22 14:01:52 UTC

Import patches-unapplied version 1.4.0-0ubuntu1.3 to ubuntu/maverick-updates

Imported using usd-importer.

Publish parent: 8c0ff40ab057b1e52a3a043e9ce952d502a5d906
Changelog parent: 06adaaffc33d1a3848b1e0c4d3deacd485ffdef1

Author: Jamie Strandboge
Author Date: 2011-07-22 14:01:52 UTC

Import patches-unapplied version 1.4.0-0ubuntu1.3 to ubuntu/maverick-security

Imported using usd-importer.

Publish parent: ad278058ad68965c2bfc4a36c399ebeee73c21f5
Changelog parent: 46ba84c2add91b8f89b0bd0b0b38241737ad0ed3

New changelog entries:
  * SECURITY UPDATE: denial of service via messages with non-native byte order
    - debian/patches/99-CVE-2011-2200.patch: update dbus-marshal-header.c
      to verify header->data byte order and header->byte_order match in
      _dbus_header_byteswap()
    - CVE-2011-2200

Author: Steve Langasek
Author Date: 2011-03-20 22:07:49 UTC

Import patches-unapplied version 1.4.6-1ubuntu6 to ubuntu/natty

Imported using usd-importer.

Publish parent: ce8e169fb0808016ebea8a09699ce743ef6a5b92

New changelog entries:
  * debian/rules: fix up the sed of the .pc file, we need the path to be
    relative to the multiarch dir. Thanks to Lionel Le Folgoc for pointing
    this out.

Author: Alkis Georgopoulos
Author Date: 2011-01-21 10:55:56 UTC

Import patches-unapplied version 1.2.16-2ubuntu4.2 to ubuntu/lucid-proposed

Imported using usd-importer.

Publish parent: 6beee3128f8ddebe25bf25415b23362d1bd49a37
Changelog parent: 82d84430882f38bf193c760de567b4bf666f2c94

New changelog entries:
  * Prevent dbus.postinst from failing in chroots (LP: #552404)

Author: Alkis Georgopoulos
Author Date: 2011-02-14 09:49:57 UTC

Import patches-unapplied version 1.4.0-0ubuntu1.2 to ubuntu/maverick-proposed

Imported using usd-importer.

Publish parent: 99526d061ffc500d0cfd81675a56983e1a55c18d
Changelog parent: ad278058ad68965c2bfc4a36c399ebeee73c21f5

New changelog entries:
  * Prevent dbus.postinst from failing in chroots (LP: #552404).

Author: Jamie Strandboge
Author Date: 2011-01-04 20:37:19 UTC

Import patches-unapplied version 1.2.16-0ubuntu9.1 to ubuntu/karmic-updates

Imported using usd-importer.

Publish parent: 28691694d36026b448d8281c136d54ee72aab09d
Changelog parent: cd2d0212829280ca863d13042c9b73e31fecd17f

Author: Jamie Strandboge
Author Date: 2011-01-04 20:37:19 UTC

Import patches-unapplied version 1.2.16-0ubuntu9.1 to ubuntu/karmic-security

Imported using usd-importer.

Publish parent: 28691694d36026b448d8281c136d54ee72aab09d

New changelog entries:
  * SECURITY UPDATE: fix DoS with too deeply nested messages
    - debian/patches/99-CVE-2010-4352.patch: Limit nesting to 64 for dynamic
      message variants. Backported from upstream.
    - CVE-2010-4352
    - LP: #688992
  * debian/control: Build-Depends on libexpat1-dev instead of libexpat-dev

Author: Jonathan Riddell
Author Date: 2010-09-27 12:06:32 UTC

Import patches-unapplied version 1.4.0-0ubuntu1 to ubuntu/maverick

Imported using usd-importer.

Publish parent: 2581b9c33701cea7e261bbdf658e2c6b944f9df7

New changelog entries:
  * New upstream release
   - Fixes https://bugs.freedesktop.org/show_bug.cgi?id=17754 Race condition in protected_change_timeout
   - Requested by various upstream KDE developers http://lists.kde.org/?t=128514970000004&r=1&w=2

Author: Martin Pitt
Author Date: 2010-03-30 14:28:07 UTC

Import patches-unapplied version 1.2.16-2ubuntu4 to ubuntu/lucid

Imported using usd-importer.

Publish parent: a46797fc22690af9c8d5d2e6e9744aab91a4a6db

New changelog entries:
  * Add debian/dbus.links: provide a symlink for dbus-daemon-launch-helper's
    old location in /usr, to provide a more stable upgrade from Hardy. This
    can be dropped in Lucid+1. (LP: #551672)

Author: Michael Vogt
Author Date: 2009-10-23 18:10:26 UTC

Import patches-unapplied version 1.2.16-0ubuntu9 to ubuntu/karmic

Imported using usd-importer.

Publish parent: 48bc29d476bfad44f67af6b4b16451573745dcb3

New changelog entries:
  * 20_system_conf_limit.patch:
    - increase max_match_rules_per_connection for the system
      bus to 5000 (LP: #454093)

Author: Marc Deslauriers
Author Date: 2009-07-06 14:44:11 UTC

Import patches-unapplied version 1.2.12-0ubuntu2.1 to ubuntu/jaunty-updates

Imported using usd-importer.

Publish parent: dc4bb21cd9498f2e9d3fd3ac244c76cf9cf47830
Changelog parent: c18d8446f2259cb5a46b7f5291f0da09ebb29ee8

Author: Marc Deslauriers
Author Date: 2009-07-06 14:49:54 UTC

Import patches-unapplied version 1.2.4-0ubuntu1.1 to ubuntu/intrepid-updates

Imported using usd-importer.

Publish parent: fb4997eec11edc377f02c20e1220d3f694239a5c
Changelog parent: ee6954b0a88f6703572c7d798fb4180f431187a0

Author: Marc Deslauriers
Author Date: 2009-07-06 15:20:45 UTC

Import patches-unapplied version 0.60-6ubuntu8.4 to ubuntu/dapper-updates

Imported using usd-importer.

Publish parent: 5dcb060902f2aec0b5159c23fdb6c807b744ac2e
Changelog parent: a70888096155f80c9e0d28481cc449dda63471bd

Author: Marc Deslauriers
Author Date: 2009-07-06 15:20:45 UTC

Import patches-unapplied version 0.60-6ubuntu8.4 to ubuntu/dapper-security

Imported using usd-importer.

Publish parent: 95b0238196babc6da1ffe0c96fe42ad983c5898c

New changelog entries:
  * SECURITY UPDATE: Signature spoofing via incorrect logic
    - debian/patches/84-security-CVE-2009-1189.patch: fix logic in
      dbus/dbus-marshal-validate.c and fix test in
      dbus/dbus-marshal-validate-util.c.
    - CVE-2009-1189

Author: Marc Deslauriers
Author Date: 2009-07-06 14:44:11 UTC

Import patches-unapplied version 1.2.12-0ubuntu2.1 to ubuntu/jaunty-security

Imported using usd-importer.

Publish parent: dc4bb21cd9498f2e9d3fd3ac244c76cf9cf47830

New changelog entries:
  * SECURITY UPDATE: Signature spoofing via incorrect logic
    - debian/patches/82-security-CVE-2009-1189.patch: fix logic in
      dbus/dbus-marshal-validate.c and fix test in
      dbus/dbus-marshal-validate-util.c.
    - CVE-2009-1189

Author: Marc Deslauriers
Author Date: 2009-07-06 14:49:54 UTC

Import patches-unapplied version 1.2.4-0ubuntu1.1 to ubuntu/intrepid-security

Imported using usd-importer.

Publish parent: fb4997eec11edc377f02c20e1220d3f694239a5c

New changelog entries:
  * SECURITY UPDATE: Signature spoofing via incorrect logic
    - debian/patches/82-security-CVE-2009-1189.patch: fix logic in
      dbus/dbus-marshal-validate.c and fix test in
      dbus/dbus-marshal-validate-util.c.
    - CVE-2009-1189

Author: Colin Watson
Author Date: 2009-01-27 14:25:59 UTC

Import patches-unapplied version 1.2.12-0ubuntu2 to ubuntu/jaunty

Imported using usd-importer.

Publish parent: c39740c9f864f7eeb6f3d3200f8da511a8660c3e

New changelog entries:
  * Create $MESSAGEHOME (/var/run/dbus) if it's missing, rather than just
    MESSAGEHOME which clearly wasn't what was intended.

Author: Kees Cook
Author Date: 2008-10-14 02:48:09 UTC

Import patches-unapplied version 1.0.2-1ubuntu4.2 to ubuntu/feisty-updates

Imported using usd-importer.

Publish parent: 4e45e838d5a231a044ce3f7043845a9809a35e3f
Changelog parent: fec2445a0d4ed6b04986ac2e3f23d109f35a7515

Author: Kees Cook
Author Date: 2008-10-14 02:10:35 UTC

Import patches-unapplied version 1.1.1-3ubuntu4.2 to ubuntu/gutsy-updates

Imported using usd-importer.

Publish parent: 73ad45d660cfc778da7e712334e345d36ce3253a
Changelog parent: edf2bb013c4789181e7194b4c2de7a99dd7a7104

Author: Martin Pitt
Author Date: 2008-10-14 18:18:24 UTC

Import patches-unapplied version 1.1.20-1ubuntu3.2 to ubuntu/hardy-proposed

Imported using usd-importer.

Publish parent: 9adcc53fe57ae582b771f32a0708a54c50970321
Changelog parent: d28a54d9ab5d5470b7fe6a8aeaf1abf7ac74ef4d

New changelog entries:
  * Add debian/patches/04_helper_fd_leak.patch: Close file descriptors before
    exec()ing helpers, to avoid locking hardware like video cards by eternally
    open file fds. (LP: #230877)

Author: Kees Cook
Author Date: 2008-10-14 02:48:09 UTC

Import patches-unapplied version 1.0.2-1ubuntu4.2 to ubuntu/feisty-security

Imported using usd-importer.

Publish parent: 8d926e747b20ff5d210d05137405bf73ead3bebb
Changelog parent: de8fd34367d70dbda7fe34f6a54f340b19d9fbe8

New changelog entries:
  * SECURITY UPDATE: policy bypass with NULL interfaces.
    - Add 82-NULL-policy-bypass.patch: upstream fixes.
    - CVE-2008-0595
  * SECURITY UPDATE: application crash via corrupt signatures.
    - Add 83-signature-validation.patch: upstream fixes.
    - CVE-2008-3834

Author: Kees Cook
Author Date: 2008-10-14 02:10:35 UTC

Import patches-unapplied version 1.1.1-3ubuntu4.2 to ubuntu/gutsy-security

Imported using usd-importer.

Publish parent: 73ad45d660cfc778da7e712334e345d36ce3253a

New changelog entries:
  * SECURITY UPDATE: policy bypass with NULL interfaces.
    - Add 82-NULL-policy-bypass.patch: upstream fixes.
    - CVE-2008-0595
  * SECURITY UPDATE: application crash via corrupt signatures.
    - Add 83-signature-validation.patch: upstream fixes.
    - CVE-2008-3834

Author: Martin Pitt
Author Date: 2008-10-07 13:26:32 UTC

Import patches-unapplied version 1.2.4-0ubuntu1 to ubuntu/intrepid

Imported using usd-importer.

Publish parent: 4a892911fa948b9e22f118aca8eb76fd434e46eb

New changelog entries:
  * New upstream bug fix release: (LP: #279425)
    - Fix crash on dbus_signature_validate("a{(ii)i}", NULL), which would
      unexpectedly abort the calling program. [CVE-2008-3834]
    - Close file descriptors before exec()ing helpers, to avoid locking
      hardware like video cards by eternally open file fds. (LP: #230877)
    - A small number of compilation and portability fixes.

Author: Martin Pitt
Author Date: 2008-02-28 14:08:15 UTC

Import patches-unapplied version 1.1.20-1ubuntu1 to ubuntu/hardy

Imported using usd-importer.

Publish parent: f79dfc2b08dc695d7677aaa2c821a383d67cf7fb

New changelog entries:
  * New upstream release: Tons of bug fixes, a security fix (CVE-2008-0595),
    and two small new features:
    - inotify support (to replace previous dnotify implementation); can be
      disabled with configure switch if it causes trouble
    - Add matching support for program binaries in dbus policy rules.
  * Merge with Debian unstable; remaining changes:
    - debian/patches/81-session.conf-timeout.patch: Raise the service startup
      timeout from 25 to 60 seconds. It may be too short on the live CD with
      slow machines.
    - Add consolekit (>= 0.2.3-3ubuntu2) dependency, which provides
      pam_console compatible stamps in /var/run/console. This keeps
      "at_console" policies working until we get rid of them completely.
      (See policykit-integration spec)
    - debian/dbus.{postinst,prerm}: Do not restart dbus on upgrades, since it
      breaks too many applications. Instead, trigger a "reboot required"
      notification. Since this cancels the postinst early, add an explicit
      update-rc.d call to the symlink migration.
    - debian/rules: Do not install /etc/X11/Xsession.d/75dbus_dbus-launch, we
      do not need it for Gnome, KDE, and XFCE, and it causes trouble.
      (LP #62163)
    - debian/dbus.preinst: Remove obsolete conffile
      /etc/X11/Xsession.d/75dbus_dbus-launch on upgrades. This needs to be
      kept until after Hardy's release.
  * Debian's forceful way of RC symlink migration should finally fix all the
    previous upgrade issues with wrong priorities. (LP: #25931)
  [ Loic Minier ]
  * Forcefully remove old init script symlinks on upgrades to this version to
    properly reinstall the init script when using insserv or file-rc; thanks
    Petter Reinholdtsen; closes: #466503.
  [ Michael Biebl ]
  * New upstream release.
  [ Loic Minier ]
  * Merge patch from Ubuntu to build a devhelp file; thanks Martin Pitt;
    closes: #454142.
    - Build-dep on xsltproc.
    - New patch, dbus-1.0.1-generate-xml-docs, enables generation of XML docs
      which serve as source for the devhelp generation.
    - Add a XSLT file from the Fedora package, debian/doxygen_to_devhelp.xsl.
    - Generate the devhelp file from the XML files thanks to the XSL file via
      xsltproc in build/dbus-1-doc::.
    - Install the devhelp index in dbus-1-doc and move the HTML documentation
      around; add a symlink from the gtk-doc dir.
  * Misc smallish whitespace cleanups.
  * Start dbus at runlevel priority 12 and stop at priority 88. This
    eliminates the race condition of starting the X session before hal is
    running. Migrate rc?.d symlinks from 20 to 12/88 on upgrades. This need
    to be kept until after lenny is released.
  * Set LSB Default-Stop section to 1 and only install a shutdown script for
    runlevel 1 to only stop dbus when going down to single user mode; dbus can
    simply be killed like everything else on shutdown or reboot by sendsigs;
    drop rc0 and rc6.d symlinks on upgrades.
  * Bump up dbus-x11 conflicts/replaces to << 1.1.2 to match the transition
    version in Ubuntu and reduce the delta.
  * Cleanup trailing whitespace.
  * Drop superfluous exit 0 at the end of dbus' init script which is set -e.
  * Add ${shlibs:Depends} to libdbus-1-dev.
  * Simplify dbus.postinst.
  * Rename patch dbus-1.0.1-generate-xml-docs to
    10_dbus-1.0.1-generate-xml-docs to reflect current patch stack order.
  * Set shlibs via DEB_DH_MAKESHLIBS_ARGS_ALL instead of libdbus-1-3.shlibs
    and extract libdbus-1-3 package name from control to avoid hardcoding the
    SONAME and package name.
  [ Michael Biebl ]
  * New upstream release.
  * Deprecate the ENABLED option and remove it from /etc/default/dbus. Print a
    warning message in the init script if this option is still used.
  * debian/patches/03_uuid_nul.patch
    - Removed, merged upstream.
  * debian/patches/04_dbus_launch.patch
    - Removed, merged upstream.
  * debian/control
    - Bump Standards-Version to 3.7.3. No further changes required.
  * debian/dbus.init
    - Fix LSB init header. Use $remote_fs instead of $local_fs as the
      daemon requires /usr to be mounted.
      Remove S from Should-Stop. (Closes: #459473)
    - Use mountpoint to check if /proc is mounted. (Closes: #458392)
    - Decrease retry-time to 5 secs on stop. (Closes: #462182)

Author: Kees Cook
Author Date: 2006-12-14 02:15:00 UTC

Import patches-unapplied version 0.93-0ubuntu3.1 to ubuntu/edgy-updates

Imported using usd-importer.

Publish parent: 4fdccbb0b62cd2a8aaec1cf2d50ece9dce3d010e
Changelog parent: 5d685da898ec8da869a5a48a1742e065155910ea

Author: Sebastien Bacher
Author Date: 2007-10-04 13:56:28 UTC

Import patches-unapplied version 1.1.1-3ubuntu4 to ubuntu/gutsy

Imported using usd-importer.

Publish parent: f44e2c16cd5b2d64e4e68fd815dcd48f7e41c51b

New changelog entries:
  * debian/control:
    - Build-Depends on xsltproc
  * debian/dbus-1-doc.install:
    - install the devhelp index
  * debian/dbus-1-doc.links:
    - create a devhelp documentation symlink
  * debian/doxygen_to_devhelp.xsl:
    - file from fedora used to generate a devhelp documentation index
  * debian/patches/dbus-1.0.1-generate-xml-docs.patch:
    - patch from fedora, build the xml documentation
  * debian/rules:
    - build and clean the devhelp index

Author: Martin Pitt
Author Date: 2007-07-26 09:08:35 UTC

Import patches-unapplied version 1.0.2-1ubuntu4 to ubuntu/feisty-proposed

Imported using usd-importer.

Publish parent: 8d926e747b20ff5d210d05137405bf73ead3bebb

New changelog entries:
  * Add debian/patches/02_dbus-launch_close_pipe.patch:
    - _dbus_get_autolaunch_address(): When calling dbus-launch fails,
       close the reading end of the pipe.
    - This caused a serious fd leak in programs like cups when they repeatedly
      try to send dbus messages, dbus is not running, and dbus-launch is not
      available or otherwise fails to execute.
    - LP: #112803

Author: Martin Pitt
Author Date: 2007-03-08 12:53:22 UTC

Import patches-unapplied version 1.0.2-1ubuntu3 to ubuntu/feisty

Imported using usd-importer.

Publish parent: 291d57b62d7efbd48a78dab89d897bc41a1c8916

New changelog entries:
  * debian/rules: Start dbus at runlevel priority 12, so that it comes before
    gdm. This eliminates the race condition of starting the X session before
    hal is running. (LP: #25931 and two handfuls of dups)
  * debian/dbus.postinst: Migrate rc?.d symlinks from 20 to 12 on upgrades to
    this version.
  * debian/control: Set Ubuntu maintainer.
  * debian/rules: Clean up doc/*.html (they are generated from XML sources).

Author: Kees Cook
Author Date: 2006-12-13 21:33:05 UTC

Import patches-unapplied version 0.36.2-0ubuntu7.1 to ubuntu/breezy-security

Imported using usd-importer.

Publish parent: b20513236f1c7b126b41b102e01c0f4d9c6e3853

New changelog entries:
  * SECURITY UPDATE: denial of service, dbus can be made to ignore
    registered matches for other local users.
  * Add debian/patches/match_removal.patch: fix from upstream CVS.
  * References
    http://webcvs.freedesktop.org/dbus/dbus/bus/signals.c?r1=1.14&r2=1.14.2.1&view=patch&pathrev=DBUS_1_0
    CVE-2006-6107