New changelog entries:
* debian/patches/aa-mediation.patch: Attempt to open() the mask file in
apparmorfs/features/dbus rather than simply stat() the dbus directory.
This is an important difference because AppArmor does not mediate the
stat() syscall. This resulted in problems in an environment where
dbus-daemon, running inside of an LXC container, did not have the
necessary AppArmor rules to access apparmorfs but the stat() succeeded
so mediation was not properly disabled. (LP: #1238267)
This problem was exposed after dropping aa-kernel-compat-check.patch
because the compat check was an additional check that performed a test
query. The test query was failing in the above scenario, which did result
in mediation being disabled.
* debian/patches/aa-get-connection-apparmor-security-context.patch,
debian/patches/aa-mediate-eavesdropping.patch: Refresh these patches to
accomodate the above change
New changelog entries:
* debian/patches/aa-mediate-eavesdropping.patch: Fix a regression that
caused dbus-daemon to segfault when AppArmor mediation is disabled, or
unsupported by the kernel, and an application attempts to eavesdrop
(LP: #1237059)
New changelog entries:
* debian/patches/aa-kernel-compat-check.patch: Drop this patch. It was a
temporary compatibility check to paper over incompatibilities between
dbus-daemon, libapparmor, and the AppArmor kernel code while AppArmor
D-Bus mediation was in development.
* debian/patches/aa-mediation.patch: Fix a bug that resulted in all actions
denied by AppArmor to be audited. Auditing such actions is the default,
but it should be possible to quiet audit messages by using the "deny"
AppArmor rule modifier. (LP: #1226356)
* debian/patches/aa-mediation.patch: Fix a bug in the code that builds
AppArmor queries for the process that is receiving a message. The
message's destination was being used, as opposed to the message's source,
as the peer name in the query string. (LP: #1233895)
* debian/patches/aa-mediate-eavesdropping.patch: Don't allow applications
that are confined by AppArmor to eavesdrop. Ideally, this would be
configurable with AppArmor policy, but the parser does not yet support
any type of eavesdropping permission. For now, confined applications will
simply not be allowed to eavesdrop. (LP: #1229280)
New changelog entries:
* Specify --fork to dbus-daemon in upstart user-session mode, to get the
daemon readiness information and emit started dbus, when dbus is
actually ready to operate. (LP: #1234731)
New changelog entries:
* Add support for mediation of D-Bus messages and services. AppArmor D-Bus
rules are described in the apparmor.d(5) man page. dbus-daemon will use
libapparmor to perform queries against the AppArmor policies to determine
if a connection should be able to send messages to another connection, if
a connection should be able to receive messages from another connection,
and if a connection should be able to bind to a well-known name.
- debian/patches/aa-build-tools.patch: Update build files to detect and
build against libapparmor
- debian/patches/aa-mediation.patch: Support AppArmor mediation of D-Bus
messages and services. By default, AppArmor mediation is enabled if
AppArmor is available. To disable AppArmor mediation, place
'<apparmor mode="disabled"/>' in each bus configuration file. See the
dbus-daemon(1) man page for more details.
- debian/patches/aa-get-connection-apparmor-security-context.patch: Add an
org.freedesktop.DBus.GetConnectionAppArmorSecurityContext method that
takes the unique name of a connection as input and returns the AppArmor
label attached to the connection
- debian/patches/aa-kernel-compat-check.patch: Perform a compatibility
check of dbus, libapparmor, and the AppArmor kernel code during
initialization to determine if everything is in place to perform
AppArmor mediation. This is a temporary patch to overcome some potential
incompatabilities during the Saucy development release and should be
dropped prior to Saucy's release.
- debian/control: Add libapparmor-dev as a Build-Depends
- debian/rules: Specify that D-Bus should be built against libapparmor
during the configure stage of the build
* debian/patches/aa-mediation.patch: Clean up the AppArmor initialization
- Don't treat any errors from aa_is_enabled() as fatal unless the AppArmor
D-Bus mode is set to "required". This should fix errors when various
test cases need to start dbus-daemon on buildds. (LP: #1217598)
- Don't print to stderr during initialization unless an error has
occurred (LP: #1217710)
- Don't redefine _dbus_warn() to syslog(). A previous comment left in the
code suggested that _dbus_warn() caused segfaults. Testing proves that
is not the case.
* debian/patches/aa-get-connection-apparmor-security-context.patch: Refresh
patch to fix offset warnings after modifying aa-mediation.patch
New changelog entries:
* Add support for mediation of D-Bus messages and services. AppArmor D-Bus
rules are described in the apparmor.d(5) man page. dbus-daemon will use
libapparmor to perform queries against the AppArmor policies to determine
if a connection should be able to send messages to another connection, if
a connection should be able to receive messages from another connection,
and if a connection should be able to bind to a well-known name.
- debian/patches/aa-build-tools.patch: Update build files to detect and
build against libapparmor
- debian/patches/aa-mediation.patch: Support AppArmor mediation of D-Bus
messages and services. By default, AppArmor mediation is enabled if
AppArmor is available. To disable AppArmor mediation, place
'<apparmor mode="disabled"/>' in each bus configuration file. See the
dbus-daemon(1) man page for more details.
- debian/patches/aa-get-connection-apparmor-security-context.patch: Add an
org.freedesktop.DBus.GetConnectionAppArmorSecurityContext method that
takes the unique name of a connection as input and returns the AppArmor
label attached to the connection
- debian/patches/aa-kernel-compat-check.patch: Perform a compatibility
check of dbus, libapparmor, and the AppArmor kernel code during
initialization to determine if everything is in place to perform
AppArmor mediation. This is a temporary patch to overcome some potential
incompatabilities during the Saucy development release and should be
dropped prior to Saucy's release.
- debian/control: Add libapparmor-dev as a Build-Depends
- debian/rules: Specify that D-Bus should be built against libapparmor
during the configure stage of the build
New changelog entries:
* SECURITY UPDATE: denial of service via _dbus_printf_string_upper_bound()
length.
- debian/patches/CVE-2013-2168.patch: use a copy of va_list in
dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-win.c, added test to
test/Makefile.am, test/internals/printf.c.
- CVE-2013-2168
