ubuntu/+source/dbus:debian/stretch

Last commit made on 2019-09-07
Get this branch:
git clone -b debian/stretch https://git.launchpad.net/ubuntu/+source/dbus
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
debian/stretch
Repository:
lp:ubuntu/+source/dbus

Recent commits

9593b4f... by Simon McVittie on 2019-06-09

Import patches-unapplied version 1.10.28-0+deb9u1 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 13034df44ba969099b74721ce4fb57af84ff8745

New changelog entries:
  * New upstream stable release
    - CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
      authentication for identities that differ from the user running the
      DBusServer. Previously, a local attacker could manipulate symbolic
      links in their own home directory to bypass authentication and
      connect to a DBusServer with elevated privileges. The standard
      system and session dbus-daemons in their default configuration were
      immune to this attack because they did not allow DBUS_COOKIE_SHA1,
      but third-party users of DBusServer such as Upstart could be
      vulnerable.
    - Prevent reading up to 3 bytes beyond the end of a truncated message.
      This could in principle be an information leak or denial of service
      on the system bus, but is not believed to be exploitable to crash
      the system bus or leak interesting information in practice.
    - Stop the dbus-daemon leaking memory (an error message) if delivering
      the message that triggered auto-activation is forbidden. This is
      technically a denial of service because the dbus-daemon will
      run out of memory eventually, but it's a very slow and noisy one,
      because all the rejected messages are also very likely to have
      been logged to the system log, and its scope is typically limited by
      the finite number of activatable services available.
    - Remove __attribute__((__malloc__)) attribute on dbus_realloc(),
      which does not meet the criteria for that attribute in gcc 4.7+,
      potentially leading to miscompilation.
    - Fix build with gcc 8 -Werror=cast-function-type
    - Fix warning from gcc 8 about suspicious use of strncpy() when
      populating struct sockaddr_un
    - Fix installation of Ducktype documentation with newer yelp-build
      versions
  * d/control: Update Vcs-Git, Vcs-Browser

13034df... by Simon McVittie on 2018-03-02

Import patches-unapplied version 1.10.26-0+deb9u1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c999eb377bf167c4ede7ffbbf62e1cc607edc703

New changelog entries:
  * New upstream stable release
    - bus/bus.c: Raise file descriptor limit sooner, while we still can
      (before we drop privileges), fixing a regression in 1.10.18 which
      negated a previous fix for local denial of service via resource
      exhaustion
    - test/*, build system: Add a regression test for the above
  * d/tests/root: Re-run test-dbus-daemon as root, since it now contains
    tests that are skipped as non-root
  * d/tests/root: Allow stderr output, because test-dbus-daemon emits
    some (and it is not a problem)

c999eb3... by Simon McVittie on 2017-10-01

Import patches-unapplied version 1.10.24-0+deb9u1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 71277b4c6898f1f1bc739a75f784e57d8f5ce0dc

New changelog entries:
  * New upstream stable release
    - dbus/dbus-sysdeps-unix.c: Increase listen() backlog of
      AF_UNIX sockets to the maximum possible, minimizing failed
      connections under heavy load (Closes: #872144)
    - bus/config-loader-expat.c: When parsing dbus-daemon
      configuration, don't delay startup if high-quality entropy
      is not yet available: we trust the configuration anyway, so
      algorithmic complexity attacks via hash table collisions
      are not a concern
    - bus/*: When using the Monitoring interface, match message
      filters that specify a destination correctly
      - test/monitor.c: Add test-cases for this
    - tools/dbus-send.c: Avoid a compiler warning when gcc gets
      confused about a conditionally-initialized variable
    - dbus/dbus-sysdeps-unix.c: Avoid a compiler warning on Solaris
      (not relevant to Debian)

71277b4... by Simon McVittie on 2017-07-30

Import patches-unapplied version 1.10.22-0+deb9u1 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 6aaf08dc9d367b4c975793205f1de038bb8a8ea1

New changelog entries:
  * New upstream stable release
    - d/copyright: Update
    - Drop Doxygen reproducibility patch, applied upstream
    - d/p/backports/Replace-DBUS_USE_TEST_BINARY-(etc.).patch:
      Update backported patch to apply to 1.10.22
  * debian/gbp.conf: Set git branch to debian/stretch

6aaf08d... by Simon McVittie on 2017-04-05

Import patches-unapplied version 1.10.18-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 39b6e572f5ab51aed4aa28678886bebca1c7b103

New changelog entries:
  * New upstream stable release
    - On SELinux systems, make sure the thread that reads AVC
      notifications retains the ability to write the audit log
      (Closes: #857660)
    - Fix a read overflow and some memory leaks in a unit test
      (no effect on production systems)

39b6e57... by Simon McVittie on 2017-02-16

Import patches-unapplied version 1.10.16-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e3e1464d9e29e70538cb5c399db64e5c4eddfc36

New changelog entries:
  * New upstream release
    - Contains a security fix for a potential symlink attack in the
      nonce-tcp transport. That transport is not normally used (or
      recommended) on Unix.

e3e1464... by Simon McVittie on 2016-11-28

Import patches-unapplied version 1.10.14-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f37d5364911e11cb8a8d3e98b41ca7f218c7666e

New changelog entries:
  * New upstream release

f37d536... by Simon McVittie on 2016-10-10

Import patches-unapplied version 1.10.12-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 3ea94f9827ee41bdeaa6aa1bcabe8d5ec1962e5d

New changelog entries:
  * New upstream release
  * d/p/backports/Replace-DBUS_USE_TEST_BINARY-with-DBUS_TEST_DBUS_LAUNCH.patch:
    backport a change from 1.11.2 to make the debug build of libdbus
    reproducible under varying build paths
  * Move Debian-specific patches to debian/patches/debian (corresponding
    to "Gbp-pq: Topic debian" on the patch queue branch)
  * debian/*.lintian-overrides:
    - override systemd-service-file-missing-install-key for dbus.service,
      which is intentionally statically enabled
    - override embedded-javascript-library for Doxygen's jquery.js,
      which is not actually libjs-jquery (see #736360)
  * Move to debhelper compat level 10
    - drop options and overrides that are now the default

3ea94f9... by Simon McVittie on 2016-08-15

Import patches-unapplied version 1.10.10-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 0f936b23c865c57b9071c0e3ddbac0b882fffa99

New changelog entries:
  * New upstream stable release 1.10.10
  * Provide new virtual packages for other packages to depend on:
    - dbus-session-bus: any implementation of the D-Bus well-known session bus
      (provided by: dbus-user-session, dbus-x11)
    - default-dbus-session-bus: the recommended implementation of
      dbus-session-bus (currently provided by: dbus-user-session)
  * Add arm64, mips64el, ppc64el to the list of architectures that
    have valgrind
  * debian/gbp.conf: use DEP-14 branch names
  * Standards-Version: 3.9.8 (no changes needed)
  * debian/rules: fail the build if "make install" installs anything we
    don't package or delete. Only do this for final releases (suite
    in debian/changelog is not UNRELEASED) to facilitate future
    autobuilding of new upstream releases.
  * debian/rules: do not require symbols file to be complete if the
    suite in debian/changelog is UNRELEASED, again to facilitate
    autobuilding new upstream releases.
  * debian/source/options: don't fail dpkg-source on changes to
    build-aux/{compile,depcomp,missing}. We regenerate that directory anyway,
    and during a snapshot build they might become symlinks.
  * debian/rules: do the build in debian/build-* so it's easier to .gitignore
  * debian/.gitignore: update
  * Use the correct systemctl for Debian even if not installed on the build
    system. (Regression in 1.10.2)

0f936b2... by Simon McVittie on 2016-03-07

Import patches-unapplied version 1.10.8-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: bccf866e37b130a886690c1868bba379462ca9c2

New changelog entries:
  * New upstream release
  * dbus.prerm: ensure that dbus.socket is stopped before removal,
    so that a new connection to the bus won't cause dbus.service to be
    restarted (Closes: #813970)
  * debian/75dbus_dbus-launch: when not using systemd --user or the
    dbus-user-session package is not installed, start dbus-daemon early,
    then upload the full environment from Xsession.d later on
    (in 95dbus_update-activation-env). This more closely matches the
    behaviour with dbus-user-session. (Closes: #815503; thanks to Samuel
    Thibault)
  * Switch Vcs-Git to https (see #810378)
  * debian/upstream/signing-key.asc: add upstream signing keys
    (just my keys for now, in practice I do almost all dbus releases)
  * debian/watch: use https and describe how to download signatures
  * Standards-Version: 3.9.7 (no changes needed)
  * Sort .install files and remove unnecessary debian/tmp prefix
  * Normalize lists of packages and uploaders via wrap-and-sort -ast
  * Normalize order of packages via wrap-and-sort -b