lp:ubuntu/lucid-security/dbus

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

91. By Marc Deslauriers on 2012-10-03

* REGRESSION FIX: some applications launched with the activation helper
  may need DBUS_STARTER_ADDRESS. (LP: #1058343)
  - debian/patches/CVE-2012-3524-regression-fix.patch: hardcode the
    starter address to the default system bus address.
* REGRESSION FIX: unclean shutdown after dbus upgrade (LP: #740390)
  - debian/libdbus-1-3.postinst: trigger an upstart re-exec before
    shutdown or reboot so that it can safely unmount the root
    filesystem.

90. By Marc Deslauriers on 2012-09-19

* SECURITY UPDATE: privilege escalation via unsanitized environment
  - debian/patches/CVE-2012-3524-dbus.patch: Don't access environment
    variables or run dbus-launch when setuid in configure.in,
    dbus/dbus-keyring.c, dbus/dbus-sysdeps*
  - CVE-2012-3524

89. By Jamie Strandboge on 2011-07-22

* SECURITY UPDATE: denial of service via messages with non-native byte order
  - debian/patches/99-CVE-2011-2200.patch: update dbus-marshal-header.c
    to verify header->data byte order and header->byte_order match in
    _dbus_header_byteswap()
  - CVE-2011-2200

88. By Jamie Strandboge on 2011-01-04

* SECURITY UPDATE: fix DoS with too deeply nested messages
  - debian/patches/99-CVE-2010-4352.patch: Limit nesting to 64 for dynamic
    message variants. Backported from upstream.
  - CVE-2010-4352
  - LP: #688992

87. By Martin Pitt on 2010-03-30

releasing version 1.2.16-2ubuntu4

86. By Martin Pitt on 2010-03-30

Add debian/dbus.links: provide a symlink for dbus-daemon-launch-helper's
old location in /usr, to provide a more stable upgrade from Hardy. This
can be dropped in Lucid+1. (LP: #551672)

85. By Martin Pitt on 2010-02-19

debian/dbus-Xsession: Use new "has_option" function from x11-common
instead of grepping the option file, to avoid calling an external program.

84. By Martin Pitt on 2009-12-08

Fix installation of dbus-arch-deps.h.

83. By Martin Pitt on 2009-12-07

* Merge with Debian testing; Remaining Ubuntu changes:
  - Install into / rather than /usr.
  - debian/control: Depend on ConsoleKit for "at_console" policy stanza.
  - debian/dbus.postinst: Do not restart dbus on upgrades, since it breaks
    too many applications. Instead, trigger a "reboot required" notification.
  - debian/dbus.postinst: Create /var/run/dbus in postinst to handle system
    being rebooted before package is configured. LP: #275229.
  - Add debian/dbus.upstart and bump debhelper b-dep to ensure that it is
    properly installed.
  - 11_timeout_handling.patch: Fix timeout accounting. The
    elapsed_milliseconds contains the time from the start, so subtracting it
    on every iteration means that the timeout is much less than what is
    requested. Instead compare the absolute values, but pass the difference
    to calls which want a timeout so that the correct remaining time is
    used. (LP #376145)
  - 20_system_conf_limit.patch: Increase max_match_rules_per_connection for
    the system bus to 5000 (LP #454093)
  - 81-session.conf-timeout.patch: Raise the service startup timeout from 25
    to 60 seconds. It may be too short on the live CD with slow machines.

82. By Michael Vogt on 2009-10-23

* 20_system_conf_limit.patch:
  - increase max_match_rules_per_connection for the system
    bus to 5000 (LP: #454093)