lp:ubuntu/hardy-security/dbus
- Get this branch:
- bzr branch lp:ubuntu/hardy-security/dbus
Branch merges
Branch information
Recent revisions
- 58. By Marc Deslauriers
-
* REGRESSION FIX: some applications launched with the activation helper
may need DBUS_STARTER_ADDRESS. (LP: #1058343)
- debian/patches/ 87-CVE- 2012-3524- regression- fix.patch: hardcode the
starter address to the default system bus address. - 57. By Marc Deslauriers
-
* SECURITY UPDATE: privilege escalation via unsanitized environment
- debian/patches/ 86-CVE- 2012-3524. patch: Don't access environment
variables or run dbus-launch when setuid in configure.in,
dbus/dbus-keyring. c, dbus/dbus-sysdeps*
- CVE-2012-3524 - 56. By Jamie Strandboge
-
* SECURITY UPDATE: denial of service via messages with non-native byte order
- debian/patches/ 85-CVE- 2011-2200. patch: update dbus-marshal- header. c
to verify header->data byte order and header->byte_order match in
_dbus_header_ byteswap( )
- CVE-2011-2200 - 55. By Jamie Strandboge
-
* SECURITY UPDATE: fix DoS with too deeply nested messages
- debian/patches/ 84-CVE- 2010-4352. patch: Limit nesting to 64 for dynamic
message variants. Backported from upstream.
- CVE-2010-4352
- LP: #688992
* debian/control: Build-Depends on libexpat1-dev instead of libexpat-dev - 54. By Marc Deslauriers
-
* SECURITY UPDATE: Signature spoofing via incorrect logic
- debian/patches/ 83-security- CVE-2009- 1189.patch: fix logic in
dbus/dbus-marshal- validate. c and fix test in
dbus/dbus-marshal- validate- util.c.
- CVE-2009-1189 - 53. By Kees Cook
-
* SECURITY UPDATE: application crash via corrupt signatures.
- Add 82-signature-validation. patch: upstream fixes.
- CVE-2008-3834 - 52. By Martin Pitt
-
* New upstream release: Tons of bug fixes, a security fix (CVE-2008-0595),
and two small new features:
- inotify support (to replace previous dnotify implementation); can be
disabled with configure switch if it causes trouble
- Add matching support for program binaries in dbus policy rules.
* Merge with Debian unstable; remaining changes:
- debian/patches/ 81-session. conf-timeout. patch: Raise the service startup
timeout from 25 to 60 seconds. It may be too short on the live CD with
slow machines.
- Add consolekit (>= 0.2.3-3ubuntu2) dependency, which provides
pam_console compatible stamps in /var/run/console. This keeps
"at_console" policies working until we get rid of them completely.
(See policykit-integration spec)
- debian/dbus.{postinst, prerm}: Do not restart dbus on upgrades, since it
breaks too many applications. Instead, trigger a "reboot required"
notification. Since this cancels the postinst early, add an explicit
update-rc.d call to the symlink migration.
- debian/rules: Do not install /etc/X11/Xsession. d/75dbus_ dbus-launch, we
do not need it for Gnome, KDE, and XFCE, and it causes trouble.
(LP #62163)
- debian/dbus.preinst: Remove obsolete conffile
/etc/X11/Xsession. d/75dbus_ dbus-launch on upgrades. This needs to be
kept until after Hardy's release.
* Debian's forceful way of RC symlink migration should finally fix all the
previous upgrade issues with wrong priorities. (LP: #25931) - 51. By Martin Pitt
-
* debian/control: Replace libpam-foreground dependency with consolekit (>=
0.2.3-3ubuntu2), which provides pam_console compatible stamps in
/var/run/console. (See policykit-integration spec)
* Drop debian/patches/ 80-dbus- change- at-console- policy. patch: Not needed any
more now. - 50. By Martin Pitt
-
* Merge with Debian unstable. Remaining Ubuntu changes:
- devhelp integration:
o Add debian/doxygen_ to_devhelp. xsl: XSLT from Fedora to generate a
devhelp documentation index. (Forwarded to FD#13495)
o debian/patches/ dbus-1. 0.1-generate- xml-docs. patch: Enable generation
of XML documentation (which will be turned into the devhelp index).
o debian/rules: Build and clean the devhelp index. Add xsltproc build
dependency for that.
o debian/dbus-1- doc.install: Install the devhelp index, and shuffle
files around so that devhelp finds them.
o Add debian/dbus-1- doc.links: gtk-doc symlink.
o Patch forwarded to Debian #454142.
- debian/patches/ 80-dbus- change- at-console- policy. patch: Make at_console
policy work with libpam-foreground. (Not forwarded upstream: this should
go away soon when dbus gets proper ConsoleKit integration.)
- debian/patches/ 81-session. conf-timeout. patch: Raise the service startup
timeout from 25 to 60 seconds. It may be too short on the live CD with
slow machines.
- debian/rules: Start dbus at runlevel priority 12, so that it comes
before gdm. This eliminates the race condition of starting the X session
before hal is running. Also use 'multiuser' mode of update-rc.d.
- debian/dbus.{postinst, prerm}: Do not restart dbus on upgrades, since it
breaks too many applications. Instead, trigger a "reboot required"
notification.
- Upgrade transitions which need to be kept until after Hardy's release:
o debian/dbus.postinst: Migrate rc?.d symlinks from 20 to 12 on
upgrades.
o debian/dbus.preinst: Remove obsolete conffile
/etc/X11/ Xsession. d/75dbus_ dbus-launch.
o debian/control: Bump dbus-x11's Conflicts/Replaces: dbus for the
moving of dbus-launch.
* Move dbus-launch to dbus-x11 again, as in Debian. Just don't install the
Xsession.d script in debian/rules, we do not need it in Ubuntu.
* Tag our remaining patches. - 49. By Martin Pitt
-
Let dbus depend on libpam-foreground, until the "at_console" policy works
with ConsoleKit. Quick-fix for Hardy Alpha 1.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/dbus