ubuntu/+source/dbus:ubuntu/trusty-updates

Last commit made on 2016-12-07
Get this branch:
git clone -b ubuntu/trusty-updates https://git.launchpad.net/ubuntu/+source/dbus
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-updates
Repository:
lp:ubuntu/+source/dbus

Recent commits

e140fe9... by Tyler Hicks on 2016-11-30

Import patches-unapplied version 1.6.18-0ubuntu4.5 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 54940afb9e921bf5895ad57e2841779f5e2164c6

New changelog entries:
  * debian/patches/unrequested-reply-mediation.patch: Don't let unrequested
    reply messages through and don't audit them. Unrequested reply messages
    are error or method_return messages that are sent from D-Bus connection A
    to D-Bus connection B that do not correspond to any message ever sent by
    D-Bus connection B. They should be quietly dropped as there's no use for
    them outside of malicious activity. Patch based on upstream patches.
    (LP: #1641243)

54940af... by Marc Deslauriers on 2016-10-12

Import patches-unapplied version 1.6.18-0ubuntu4.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: a46cf367929283af77d85b4df98eeae3f1430f51

New changelog entries:
  * SECURITY UPDATE: denial of service via ActivationFailure signal race
    - debian/patches/CVE-2015-0245.patch: prevent forged ActivationFailure
      from non-root processes in bus/system.conf.in.
    - CVE-2015-0245
  * SECURITY UPDATE: arbitrary code execution or denial of service via
    format string vulnerability
    - debian/patches/format_string.patch: do not use non-literal format
      string in bus/activation.c.
    - No CVE number

a46cf36... by Marc Deslauriers on 2014-11-25

Import patches-unapplied version 1.6.18-0ubuntu4.3 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: fa8ecdbfdcc9284b881fe2eb8d0de39041136005

New changelog entries:
  * SECURITY UPDATE: denial of service via large number of fds
    - debian/patches/CVE-2014-7824.patch: raise rlimit and restore it for
      activated services in bus/activation.c, bus/bus.*,
      dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c,
      dbus/dbus-sysdeps.h.
    - debian/dbus.init: don't launch daemon as a user so the rlimit can be
      raised.
    - CVE-2014-7824
  * SECURITY REGRESSION: authentication timeout on certain slower systems
    - debian/patches/CVE-2014-3639-regression.patch: raise auth_timeout
      back up to 30 secs in bus/config-parser.c, add a warning to
      bus/connection.c.
    - CVE-2014-3639

fa8ecdb... by Marc Deslauriers on 2014-09-17

Import patches-unapplied version 1.6.18-0ubuntu4.2 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: a2fc6d7fa6ccb4905141a8df5ff6929a2f3e8806

New changelog entries:
  * SECURITY UPDATE: buffer overrun via odd max_message_unix_fds
    - debian/patches/CVE-2014-3635.patch: do not extra fds in cmsg padding
      in dbus/dbus-sysdeps-unix.c, allow using _DBUS_STATIC_ASSERT at a
      non-global scope in dbus/dbus-internals.h, dbus/dbus-macros.h.
    - CVE-2014-3635
  * SECURITY UPDATE: denial of service via large number of fds
    - debian/patches/CVE-2014-3636.patch: reduce max number of fds in
      bus/config-parser.c, bus/session.conf.in, dbus/dbus-message.c,
      dbus/dbus-sysdeps.h.
    - CVE-2014-3636
  * SECURITY UPDATE: denial of service via persistent file descriptiors
    - debian/patches/CVE-2014-3637.patch: add a timeout to expire pending
      fds in bus/bus.*, bus/config-parser.c, bus/connection.c,
      bus/session.conf.in, cmake/bus/dbus-daemon.xml,
      dbus/dbus-connection-internal.h, dbus/dbus-connection.c,
      dbus/dbus-message-internal.h, dbus/dbus-message-private.h,
      dbus/dbus-message.c, dbus/dbus-transport.*.
    - CVE-2014-3637
  * SECURITY UPDATE: denial of service via large number of pending replies
    - debian/patches/CVE-2014-3638.patch: reduce max_replies_per_connection
      to 128 in bus/config-parser.c.
    - CVE-2014-3638
  * SECURITY UPDATE: denial of service via incomplete connections
    - debian/patches/CVE-2014-3639.patch: reduce auth_timeout in
      bus/config-parser.c, stop listening on DBusServer sockets when
      reaching max_incomplete_connections in bus/bus.*, bus/connection.*,
      dbus/dbus-server-protected.h, dbus/dbus-server.c, dbus/dbus-watch.*.
    - CVE-2014-3639

a2fc6d7... by Marc Deslauriers on 2014-07-03

Import patches-unapplied version 1.6.18-0ubuntu4.1 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 83af874d76ec06cc70447a6f47732ce7914b0a2b

New changelog entries:
  * SECURITY UPDATE: denial of service via activation errors
    - debian/patches/CVE-2014-3477.patch: improve error handling in
      bus/activation.*, bus/services.c.
    - CVE-2014-3477
  * SECURITY UPDATE: denial of service via ETOOMANYREFS
    - debian/patches/CVE-2014-3532.patch: drop message on ETOOMANYREFS in
      dbus/dbus-sysdeps.*, dbus/dbus-transport-socket.c.
    - CVE-2014-3532
  * SECURITY UPDATE: denial of service via invalid file descriptor
    - debian/patches/CVE-2014-3533.patch: fix memory handling in
      dbus/dbus-message.c.
    - CVE-2014-3533

83af874... by St├ęphane Graber on 2014-04-01

Import patches-unapplied version 1.6.18-0ubuntu4 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: f815e0f1a90c47c1455cf13b9c23c8068795756f

New changelog entries:
  * Create ~/.cache/upstart if it doesn't already exist.
    Thanks to Ryan Lovett for the patch. (LP: #1300516)

f815e0f... by Tyler Hicks on 2014-01-13

Import patches-unapplied version 1.6.18-0ubuntu3 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 670b1654049ae67bd7fa2fc9053a197964958e98

New changelog entries:
  * aa-mediate-eavesdropping.patch: Query AppArmor when confined applications
    attempt to eavesdrop on the bus. See the apparmor.d(5) man page for
    AppArmor syntax details. (LP: #1262440)
  * debian/control: Depend on the apparmor version containing the new
    eavesdrop permission

670b165... by Dimitri John Ledkov on 2013-11-19

Import patches-unapplied version 1.6.18-0ubuntu2 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: eb5a55b24ba418820cd278b3078d72a9d25f8a9a

New changelog entries:
  [ James Hunt ]
  * debian/dbus.user-session.upstart: Communicate session bus to Upstart
    Session Init to avoid potential out-of-memory scenario triggered by
    Upstart clients that do not run main loops (LP: #1235649, LP: #1252317).

eb5a55b... by Sebastien Bacher on 2013-11-11

Import patches-unapplied version 1.6.18-0ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: f93b75ebb7eb9b3dc94ab32298eeac62852d7dba

New changelog entries:
  * New upstream version

f93b75e... by Tyler Hicks on 2013-10-10

Import patches-unapplied version 1.6.12-0ubuntu10 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 9abec0408cff3e8943bebf9c928256cb36da082e

New changelog entries:
  * debian/patches/aa-mediation.patch: Attempt to open() the mask file in
    apparmorfs/features/dbus rather than simply stat() the dbus directory.
    This is an important difference because AppArmor does not mediate the
    stat() syscall. This resulted in problems in an environment where
    dbus-daemon, running inside of an LXC container, did not have the
    necessary AppArmor rules to access apparmorfs but the stat() succeeded
    so mediation was not properly disabled. (LP: #1238267)
    This problem was exposed after dropping aa-kernel-compat-check.patch
    because the compat check was an additional check that performed a test
    query. The test query was failing in the above scenario, which did result
    in mediation being disabled.
  * debian/patches/aa-get-connection-apparmor-security-context.patch,
    debian/patches/aa-mediate-eavesdropping.patch: Refresh these patches to
    accomodate the above change