New changelog entries:
* SECURITY UPDATE: denial of service via large number of fds
- debian/patches/CVE-2014-7824.patch: raise rlimit and restore it for
activated services in bus/activation.c, bus/bus.*,
dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c,
dbus/dbus-sysdeps.h.
- debian/dbus.init: don't launch daemon as a user so the rlimit can be
raised.
- CVE-2014-7824
* SECURITY REGRESSION: authentication timeout on certain slower systems
- debian/patches/CVE-2014-3639-regression.patch: raise auth_timeout
back up to 30 secs in bus/config-parser.c, add a warning to
bus/connection.c.
- CVE-2014-3639
New changelog entries:
* write to $XDG_RUNTIME_DIR instead of the users home when creating the
dbus-session file, so we can start our session even with 100% filled or
readonly home dir (LP: #1316978)
New changelog entries:
* Resynchronize on Debian. Remaining Ubuntu changes:
- Install binaries into / rather than /usr:
+ debian/rules: Set --exec-prefix=/
+ debian/dbus.install, debian/dbus-x11.install: Install from /bin
- Use upstart to start:
+ Add debian/dbus.upstart and dbus.user-session.upstart
+ debian/dbus.postinst: Use upstart call instead of invoking the init.d
script for checking if we are already running.
+ debian/control: versioned dependency on netbase that emits the new deconfiguring-networking event used in upstart script.
- 20_system_conf_limit.patch: Increase max_match_rules_per_connection for
the system bus to 5000 (LP #454093)
- 81-session.conf-timeout.patch: Raise the service startup timeout from 25
to 60 seconds. It may be too short on the live CD with slow machines.
- debian/dbus.user-session.upstart, debian/rules: Communicate session bus
to Upstart Session Init to avoid potential out-of-memory scenario
triggered by Upstart clients that do not run main loops
(LP: #1235649, LP: #1252317).
- debian/control, debian/rules: Build against libapparmor for AppArmor
D-Bus mediation
- debian/control: Use logind for session tracking, so that "at_console"
policies work with logind instead of ConsoleKit. Add "libpam-systemd"
recommends.
- debian/rules: Adjust dbus-send path to our changed install layout.
(LP: #1325364)
- debian/dbus-Xsession: Don't start a session bus if there already is
one, i. e. $DBUS_SESSION_BUS_ADDRESS is already set. (Closes: #681241)
- 0001-Document-AppArmor-enforcement-in-the-dbus-daemon-man.patch,
0002-Add-apparmor-element-and-attributes-to-the-bus-confi.patch,
0003-Update-autoconf-file-to-build-against-libapparmor.patch,
0004-Add-apparmor-element-support-to-bus-config-parsing.patch,
0005-Initialize-AppArmor-mediation.patch,
0006-Store-AppArmor-label-of-bus-during-initialization.patch,
0007-Store-AppArmor-label-of-connecting-processes.patch,
0008-Mediation-of-processes-that-acquire-well-known-names.patch,
0009-Do-LSM-checks-after-determining-if-the-message-is-a-.patch,
0010-Mediation-of-processes-sending-and-receiving-message.patch,
0011-Mediation-of-processes-eavesdropping.patch,
0012-New-a-sv-helper-for-using-byte-arrays-as-the-variant.patch,
0013-Add-AppArmor-support-to-GetConnectionCredentials.patch: Add the
latest set of AppArmor D-Bus mediation patches. This the v3 patch set
from the upstream feature inclusion bug.
- https://bugs.freedesktop.org/show_bug.cgi?id=75113
- aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
New changelog entries:
[ Michael Biebl ]
* Don't attempt config reload if dbus system bus is not running.
[ Simon McVittie ]
* Bump dbus up to Priority: standard because without it, systemd-logind
does not run a getty on tty2..tty6 (matching ftp-master action in
#759293)
* New upstream release fixes several security issues
- CVE-2014-3635: do not accept an extra fd in cmsg padding,
avoiding a buffer overrun in dbus-daemon or system services
- CVE-2014-3636: reduce maximum number of file descriptors
per message from 1024 to 16, to avoid two separate denial-of-service
attacks that could cause system services to be dropped from the bus
- CVE-2014-3637: time out connections that have a partially-sent message containing a file descriptor, so that
malicious processes cannot use self-referential file descriptors
to make a connection that will never close
- CVE-2014-3638: reduce maximum number of pending replies
per connection to avoid algorithmic complexity DoS
- CVE-2014-3639: reduce timeout for authentication and
do not accept() new connections when all unauthenticated connection
slots are in use, so that malicious processes cannot prevent new
connections to the system bus
* debian/copyright: fix glob syntax, .[ch] is not supported
New changelog entries:
* debian/dbus.posinst: When triggered only poke the dbus-daemon, don't run
update-rc.d/invoke-rc.d as added by dh_installinit. This prevent some
odd-corner when being triggered during init system upgrade
(Closes: #754404)
New changelog entries:
* Resynchronize on Debian testing (LP: #1320422). Remaining Ubuntu changes:
- Install binaries into / rather than /usr:
+ debian/rules: Set --exec-prefix=/
+ debian/dbus.install, debian/dbus-x11.install: Install from /bin
- Use upstart to start:
+ Add debian/dbus.upstart and dbus.user-session.upstart
+ debian/dbus.postinst: Use upstart call instead of invoking the init.d
script for checking if we are already running.
+ debian/control: versioned dependency on netbase that emits the new deconfiguring-networking event used in upstart script.
- 20_system_conf_limit.patch: Increase max_match_rules_per_connection for
the system bus to 5000 (LP #454093)
- 81-session.conf-timeout.patch: Raise the service startup timeout from 25
to 60 seconds. It may be too short on the live CD with slow machines.
- debian/dbus.user-session.upstart, debian/rules: Communicate session bus
to Upstart Session Init to avoid potential out-of-memory scenario
triggered by Upstart clients that do not run main loops
(LP: #1235649, LP: #1252317).
- debian/control, debian/rules: Build against libapparmor for AppArmor
D-Bus mediation
- debian/control: Use logind for session tracking, so that "at_console"
policies work with logind instead of ConsoleKit. Add "libpam-systemd"
recommends.
- debian/rules: Adjust dbus-send path to our changed install layout.
(LP: #1325364)
- debian/dbus-Xsession: Don't start a session bus if there already is one,
i. e. $DBUS_SESSION_BUS_ADDRESS is already set. (Closes: #681241)
* Dropped changes:
- debian/control: Drop version bump on the libglib2.0-dev Build-Depends.
It is no longer needed.
- debian/control: use "Breaks: unity-services (<< 6.0.0-0ubuntu6)", the
new dbus eavedropping protection was creating issues with previous
versions. This can be dropped now since upgrades from Quantal are no
longer a concern.
- debian/control, debian/rules: The tests are not run during the build.
Configure with --disable-tests, drop the build dependencies needed for
the tests. The tests should now run with the debug build using
autopkgtest.
- 00git_logind_check.patch: Fix logind check. This change is present in
upstream dbus.
- Add 00git_sd_daemon_update.patch: Update to current sytemd upstream
sd_booted() to actually check for systemd init. This change is present
in upstream dbus.
- debian/patches/aa-build-tools.patch, debian/patches/aa-mediation.patch,
debian/patches/aa-mediate-eavesdropping.patch: Drop these patches in
favor of the latest set of patches submitted for upstream inclusion
- debian/patches/02_obsolete_g_thread_api.patch: This change is present in
upstream dbus
- 0001-activation-allow-for-more-variation-than-just-system.patch,
0002-bus-change-systemd-activation-to-activation-systemd.patch,
0003-upstart-add-upstart-as-a-possible-activation-type.patch,
0004-upstart-add-UpstartJob-to-service-desktop-files.patch,
0005-activation-implement-upstart-activation.patch: These patches have
been disabled since 12.10 so it should be safe to remove them at this
point
- debian/patches/CVE-2014-3477.patch, debian/patches/CVE-2014-3532.patch,
debian/patches/CVE-2014-3533.patch: These changes are present in
upstream dbus
* 0001-Document-AppArmor-enforcement-in-the-dbus-daemon-man.patch,
0002-Add-apparmor-element-and-attributes-to-the-bus-confi.patch,
0003-Update-autoconf-file-to-build-against-libapparmor.patch,
0004-Add-apparmor-element-support-to-bus-config-parsing.patch,
0005-Initialize-AppArmor-mediation.patch,
0006-Store-AppArmor-label-of-bus-during-initialization.patch,
0007-Store-AppArmor-label-of-connecting-processes.patch,
0008-Mediation-of-processes-that-acquire-well-known-names.patch,
0009-Do-LSM-checks-after-determining-if-the-message-is-a-.patch,
0010-Mediation-of-processes-sending-and-receiving-message.patch,
0011-Mediation-of-processes-eavesdropping.patch,
0012-New-a-sv-helper-for-using-byte-arrays-as-the-variant.patch,
0013-Add-AppArmor-support-to-GetConnectionCredentials.patch: Add the
latest set of AppArmor D-Bus mediation patches. This the v3 patch set from
the upstream feature inclusion bug.
- https://bugs.freedesktop.org/show_bug.cgi?id=75113
* aa-get-connection-apparmor-security-context.patch: Refresh this patch so
that it compiles with latest AppArmor D-Bus mediation patches. It is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
