ubuntu/+source/dbus:debian/wheezy

Last commit made on 2015-09-05
Get this branch:
git clone -b debian/wheezy https://git.launchpad.net/ubuntu/+source/dbus
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
debian/wheezy
Repository:
lp:ubuntu/+source/dbus

Recent commits

381f672... by Simon McVittie on 2015-02-05

Import patches-unapplied version 1.6.8-1+deb7u6 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: 6d77f19ba2245cf74262a56330b2efdbce7255b2

New changelog entries:
  * Add patch for system.conf to fix a local denial of service when
    using systemd activation (CVE-2015-0245)

6d77f19... by Simon McVittie on 2014-11-24

Import patches-unapplied version 1.6.8-1+deb7u5 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: 8e69c16bd25bffeaf59ffa5b525439f2a6a5eb8b

New changelog entries:
  * Fix CVE-2014-7824:
    - Start 'dbus-daemon --system' as root under sysvinit (it already
      starts as root under systemd), so it can increase its file
      descriptor limit
    - Add patch from upstream to increase dbus-daemon's file descriptor
      limit to 65536, completing the incomplete fix for CVE-2014-3636
  * Fix regression introduced in 1.6.8-1+deb7u4 (Closes: #769069):
    - Add patch from upstream to restore auth_timeout to its previous value,
      since the shorter value causes boot failures on some systems
    - Add README.Debian to dbus package, documenting how sysadmins with
      hostile local users, and systems where boot succeeds with the shorter
      value, can get the shorter value back

8e69c16... by Simon McVittie on 2014-09-15

Import patches-unapplied version 1.6.8-1+deb7u4 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: 3bbed30b188d4f01a84ab8b042f7663a0147992c

New changelog entries:
  * Fix several security issues
    - CVE-2014-3635: do not accept an extra fd in cmsg padding,
      avoiding a buffer overrun in dbus-daemon or system services
    - CVE-2014-3636: reduce maximum number of file descriptors
       per message from 1024 to 16, to avoid two separate denial-of-service
       attacks that could cause system services to be dropped from the bus
    - CVE-2014-3637: time out connections that have a
       partially-sent message containing a file descriptor, so that
       malicious processes cannot use self-referential file descriptors
       to make a connection that will never close
    - CVE-2014-3638: reduce maximum number of pending replies
      per connection to avoid algorithmic complexity DoS
    - CVE-2014-3639: reduce timeout for authentication and
      do not accept() new connections when all unauthenticated connection
      slots are in use, so that malicious processes cannot prevent new
      connections to the system bus

3bbed30... by Simon McVittie on 2014-06-30

Import patches-unapplied version 1.6.8-1+deb7u3 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: 4fc95a6a78a30d0d39d9e1607396e3ac3e98ad1e

New changelog entries:
  * CVE-2014-3532, CVE-2014-3533: add patches to avoid two separate
    local denial of service attacks involving sending file descriptors
    to system services
  * CVE-2014-3477: add patch to avoid a denial of service (failure to obtain
    bus name) in newly-activated system services that not all users are
    allowed to access

4fc95a6... by Simon McVittie on 2013-06-12

Import patches-unapplied version 1.6.8-1+deb7u1 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: ae1a60bf3110a5fae35dc8f5cd9dbd9529af8262

New changelog entries:
  * CVE-2013-2168: add patch to avoid a user-triggerable crash
    (denial of services) in system services that use libdbus

ae1a60b... by Simon McVittie on 2012-09-29

Import patches-unapplied version 1.6.8-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f3255b4b1dabedeea0ccf11b6150857c6a21cb06

New changelog entries:
  * Merge from experimental
  * New upstream stable release 1.6.6
    - CVE-2012-3524: mitigates arbitrary code execution in setuid or otherwise
      privileged binaries that use libdbus without first sanitizing the
      environment variables inherited from their less-privileged caller
      (Closes: #689070)
  * New upstream stable release 1.6.8
    - Revert part of 1.6.6 (do not check filesystem capabilities, only
      setuid/setgid), fixing regressions in certain configurations of
      gnome-keyring

f3255b4... by Simon McVittie on 2012-07-18

Import patches-unapplied version 1.6.4-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 8546b55dfdf5e36d7315a7ea67a28470087b463e

New changelog entries:
  * gbp.conf: switch to experimental branch
  * New upstream stable release
    - remove incorrect assertion and have correct default for developer mode
      (Closes: #680027, differently)

8546b55... by Simon McVittie on 2012-07-03

Import patches-unapplied version 1.6.2-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6feb0a357642e58bcdb504824501004656318f98

New changelog entries:
  * Disable "developer mode", which was intended to be off-by-default,
    but was incorrectly on-by-default in 1.6.2, causing an incorrect
    assertion to be hit when starting fcitx before dbus-launch.
    (Closes: #680027)

6feb0a3... by Simon McVittie on 2012-06-27

Import patches-unapplied version 1.6.2-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: af390652eb1cfe150399e812636b50f1818d45c2

New changelog entries:
  * New upstream stable release
    - dbus-launch --exit-with-session no longer monitors its stdin if
      run under X11 (Closes: #453755)
  * Remove the workaround for #453755 from dbus-Xsession

af39065... by Simon McVittie on 2012-06-05

Import patches-unapplied version 1.6.0-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4436b0d36828bc0d8231de5a5bebb2a8e02a26af

New changelog entries:
  * Merge from "experimental" (1.5.12 was accidentally uploaded to unstable)
  * New upstream stable release
  * debian/watch: only match stable (0.even.x) releases