lp:ubuntu/hardy-security/dbus

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

58. By Marc Deslauriers on 2012-10-03

* REGRESSION FIX: some applications launched with the activation helper
  may need DBUS_STARTER_ADDRESS. (LP: #1058343)
  - debian/patches/87-CVE-2012-3524-regression-fix.patch: hardcode the
    starter address to the default system bus address.

57. By Marc Deslauriers on 2012-09-19

* SECURITY UPDATE: privilege escalation via unsanitized environment
  - debian/patches/86-CVE-2012-3524.patch: Don't access environment
    variables or run dbus-launch when setuid in configure.in,
    dbus/dbus-keyring.c, dbus/dbus-sysdeps*
  - CVE-2012-3524

56. By Jamie Strandboge on 2011-07-22

* SECURITY UPDATE: denial of service via messages with non-native byte order
  - debian/patches/85-CVE-2011-2200.patch: update dbus-marshal-header.c
    to verify header->data byte order and header->byte_order match in
    _dbus_header_byteswap()
  - CVE-2011-2200

55. By Jamie Strandboge on 2011-01-04

* SECURITY UPDATE: fix DoS with too deeply nested messages
  - debian/patches/84-CVE-2010-4352.patch: Limit nesting to 64 for dynamic
    message variants. Backported from upstream.
  - CVE-2010-4352
  - LP: #688992
* debian/control: Build-Depends on libexpat1-dev instead of libexpat-dev

54. By Marc Deslauriers on 2009-07-06

* SECURITY UPDATE: Signature spoofing via incorrect logic
  - debian/patches/83-security-CVE-2009-1189.patch: fix logic in
    dbus/dbus-marshal-validate.c and fix test in
    dbus/dbus-marshal-validate-util.c.
  - CVE-2009-1189

53. By Kees Cook on 2008-10-13

* SECURITY UPDATE: application crash via corrupt signatures.
  - Add 82-signature-validation.patch: upstream fixes.
  - CVE-2008-3834

52. By Martin Pitt on 2008-02-28

* New upstream release: Tons of bug fixes, a security fix (CVE-2008-0595),
  and two small new features:
  - inotify support (to replace previous dnotify implementation); can be
    disabled with configure switch if it causes trouble
  - Add matching support for program binaries in dbus policy rules.
* Merge with Debian unstable; remaining changes:
  - debian/patches/81-session.conf-timeout.patch: Raise the service startup
    timeout from 25 to 60 seconds. It may be too short on the live CD with
    slow machines.
  - Add consolekit (>= 0.2.3-3ubuntu2) dependency, which provides
    pam_console compatible stamps in /var/run/console. This keeps
    "at_console" policies working until we get rid of them completely.
    (See policykit-integration spec)
  - debian/dbus.{postinst,prerm}: Do not restart dbus on upgrades, since it
    breaks too many applications. Instead, trigger a "reboot required"
    notification. Since this cancels the postinst early, add an explicit
    update-rc.d call to the symlink migration.
  - debian/rules: Do not install /etc/X11/Xsession.d/75dbus_dbus-launch, we
    do not need it for Gnome, KDE, and XFCE, and it causes trouble.
    (LP #62163)
  - debian/dbus.preinst: Remove obsolete conffile
    /etc/X11/Xsession.d/75dbus_dbus-launch on upgrades. This needs to be
    kept until after Hardy's release.
* Debian's forceful way of RC symlink migration should finally fix all the
  previous upgrade issues with wrong priorities. (LP: #25931)

51. By Martin Pitt on 2008-01-13

* debian/control: Replace libpam-foreground dependency with consolekit (>=
  0.2.3-3ubuntu2), which provides pam_console compatible stamps in
  /var/run/console. (See policykit-integration spec)
* Drop debian/patches/80-dbus-change-at-console-policy.patch: Not needed any
  more now.

50. By Martin Pitt on 2007-12-03

* Merge with Debian unstable. Remaining Ubuntu changes:
  - devhelp integration:
    o Add debian/doxygen_to_devhelp.xsl: XSLT from Fedora to generate a
      devhelp documentation index. (Forwarded to FD#13495)
    o debian/patches/dbus-1.0.1-generate-xml-docs.patch: Enable generation
      of XML documentation (which will be turned into the devhelp index).
    o debian/rules: Build and clean the devhelp index. Add xsltproc build
      dependency for that.
    o debian/dbus-1-doc.install: Install the devhelp index, and shuffle
      files around so that devhelp finds them.
    o Add debian/dbus-1-doc.links: gtk-doc symlink.
    o Patch forwarded to Debian #454142.
  - debian/patches/80-dbus-change-at-console-policy.patch: Make at_console
    policy work with libpam-foreground. (Not forwarded upstream: this should
    go away soon when dbus gets proper ConsoleKit integration.)
  - debian/patches/81-session.conf-timeout.patch: Raise the service startup
    timeout from 25 to 60 seconds. It may be too short on the live CD with
    slow machines.
  - debian/rules: Start dbus at runlevel priority 12, so that it comes
    before gdm. This eliminates the race condition of starting the X session
    before hal is running. Also use 'multiuser' mode of update-rc.d.
  - debian/dbus.{postinst,prerm}: Do not restart dbus on upgrades, since it
    breaks too many applications. Instead, trigger a "reboot required"
    notification.
  - Upgrade transitions which need to be kept until after Hardy's release:
    o debian/dbus.postinst: Migrate rc?.d symlinks from 20 to 12 on
      upgrades.
    o debian/dbus.preinst: Remove obsolete conffile
      /etc/X11/Xsession.d/75dbus_dbus-launch.
    o debian/control: Bump dbus-x11's Conflicts/Replaces: dbus for the
      moving of dbus-launch.
* Move dbus-launch to dbus-x11 again, as in Debian. Just don't install the
  Xsession.d script in debian/rules, we do not need it in Ubuntu.
* Tag our remaining patches.

49. By Martin Pitt on 2007-11-29

Let dbus depend on libpam-foreground, until the "at_console" policy works
with ConsoleKit. Quick-fix for Hardy Alpha 1.