ubuntu/+source/dbus:ubuntu/vivid-proposed

Last commit made on 2015-03-31
Get this branch:
git clone -b ubuntu/vivid-proposed https://git.launchpad.net/ubuntu/+source/dbus
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/vivid-proposed
Repository:
lp:ubuntu/+source/dbus

Recent commits

77eb77d... by Martin Pitt on 2015-03-31

Import patches-unapplied version 1.8.12-1ubuntu5 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 6f71dd075d2a17f1806198fd4808430ff1c7a73a

New changelog entries:
  * Add debian/patches/dont-stop-dbus.patch: Don't stop D-Bus in the service
    unit (see patch header and upstream bug for details). Fixes various causes
    of shutdown hangs, particularly with remote file systems. (LP: #1438612)

6f71dd0... by Didier Roche on 2015-03-19

Import patches-unapplied version 1.8.12-1ubuntu4 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 2751861debc44410e655759011f2ce8309ffe8bd

New changelog entries:
  * debian/patches/ensure-dbus-machine-id.patch:
    - ensure that we have /var/lib/dbus/machine-id on user's system as some
      third-parties application relies on that file. It will only copy
      /etc/machine-id the file is not present already.

2751861... by Dimitri John Ledkov on 2015-03-03

Import patches-unapplied version 1.8.12-1ubuntu3 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: ab61cf7628b1e71e7a9e95e8422ee6803b4175aa

New changelog entries:
  * Install dbus into /usr/. It's not actually needed during early boot,
    and this deviates from upstream/Debian.
  * Adjust dbus.postinst to be systemd & usptart compatible when
    triggering reboot notification.

ab61cf7... by Tyler Hicks on 2015-02-19

Import patches-unapplied version 1.8.12-1ubuntu2 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 00f2b0beb6a9aa6492fed7f9356ccd3032d987cb

New changelog entries:
  * Refresh the patches related to AppArmor D-Bus mediation to reflect what
    landed upstream in 1.9.12.
    - 0001-New-a-sv-helper-for-using-byte-arrays-as-the-variant.patch,
      0002-Add-LSM-agnostic-support-for-LinuxSecurityLabel-cred.patch,
      0003-Add-regression-test-for-LinuxSecurityLabel-credentia.patch,
      0004-Add-LinuxSecurityLabel-to-specification.patch: Add patches that
      report the AppArmor confinement context in the bus driver's
      GetConnectionCredentials method. A "LinuxSecurityLabel" key will be
      present in the dictionary returned by the GetConnectionCredentials
      method. The corresponding value will be the AppArmor confinement context
      of the connection.
    - 0001-Document-AppArmor-enforcement-in-the-dbus-daemon-man.patch,
      0002-Add-apparmor-element-and-attributes-to-the-bus-confi.patch,
      0003-Update-autoconf-file-to-build-against-libapparmor.patch,
      0004-Add-apparmor-element-support-to-bus-config-parsing.patch,
      0005-Initialize-AppArmor-mediation.patch,
      0006-Store-AppArmor-label-of-bus-during-initialization.patch,
      0007-Store-AppArmor-label-of-connecting-processes.patch,
      0008-Mediation-of-processes-that-acquire-well-known-names.patch,
      0009-Do-LSM-checks-after-determining-if-the-message-is-a-.patch,
      0010-Mediation-of-processes-sending-and-receiving-message.patch,
      0011-Mediation-of-processes-eavesdropping.patch: Replace the patches
      with the version that were merged upstream. The upstream review process
      revealed a number of bugs and useful cleanups that are addressed in the
      new patches.
      + No longer audit denials of unrequested reply messages (LP: #1362469)
    - aa-get-connection-apparmor-security-context.patch: Update patch to
      include a bug fix, from Simon McVittie, for AppArmor labels that contain
      non UTF-8 characters.
    - 0012-apparmor-tighten-up-terminology-for-context-vs.-labe.patch,
      0013-apparmor-Fix-build-failure-with-disable-apparmor.patch: New patches
      that were merged upstream to clean up the AA mediation code and fix a
      build failure
    - 0012-New-a-sv-helper-for-using-byte-arrays-as-the-variant.patch: Drop
      this patch. It became part of the "LinuxSecurityLabel" patch set and is
      added back with a new file name.
      0013-Add-AppArmor-support-to-GetConnectionCredentials.patch: Drop this
      patch in favor of the "LinuxSecurityLabel" patch set. This means that
      the AppArmorContext and AppArmorMode keys will not be present in the
      dictionary returned by GetConnectionCredentials. Ubuntu shipped this
      patch in 14.10 but, as far as I know, those keys were not used by any
      applications in 14.10. Since this patch was not accepted upstream,
      Ubuntu should drop it and new applications should begin using
      "LinuxSecurityLabel".

00f2b0b... by Iain Lane on 2014-12-12

Import patches-unapplied version 1.8.12-1ubuntu1 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 34599e0f14dfe7c86a1de4bf6b223f18bfd9850d

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Install binaries into / rather than /usr:
      + debian/rules: Set --exec-prefix=/
      + debian/dbus.install, debian/dbus-x11.install: Install from /bin
    - Use upstart to start:
      + Add debian/dbus.upstart and dbus.user-session.upstart
      + debian/dbus.postinst: Use upstart call instead of invoking the init.d
        script for checking if we are already running.
      + debian/control: versioned dependency on netbase that emits the new
        deconfiguring-networking event used in upstart script.
    - 20_system_conf_limit.patch: Increase max_match_rules_per_connection for
      the system bus to 5000 (LP #454093)
    - 81-session.conf-timeout.patch: Raise the service startup timeout from 25
      to 60 seconds. It may be too short on the live CD with slow machines.
    - debian/dbus.user-session.upstart, debian/rules: Communicate session bus
      to Upstart Session Init to avoid potential out-of-memory scenario
      triggered by Upstart clients that do not run main loops. Store the
      session bus address in XDG_RUNTIME_DIR.
      (LP: #1235649, LP: #1252317).
    - debian/control, debian/rules: Build against libapparmor for AppArmor
      D-Bus mediation
    - debian/control: Use logind for session tracking, so that "at_console"
      policies work with logind instead of ConsoleKit. Add "libpam-systemd"
      recommends.
    - debian/rules: Adjust dbus-send path to our changed install layout.
      (LP: #1325364)
    - debian/dbus-Xsession: Don't start a session bus if there already is
      one, i. e. $DBUS_SESSION_BUS_ADDRESS is already set. (Closes: #681241)
    - 0001-Document-AppArmor-enforcement-in-the-dbus-daemon-man.patch,
      0002-Add-apparmor-element-and-attributes-to-the-bus-confi.patch,
      0003-Update-autoconf-file-to-build-against-libapparmor.patch,
      0004-Add-apparmor-element-support-to-bus-config-parsing.patch,
      0005-Initialize-AppArmor-mediation.patch,
      0006-Store-AppArmor-label-of-bus-during-initialization.patch,
      0007-Store-AppArmor-label-of-connecting-processes.patch,
      0008-Mediation-of-processes-that-acquire-well-known-names.patch,
      0009-Do-LSM-checks-after-determining-if-the-message-is-a-.patch,
      0010-Mediation-of-processes-sending-and-receiving-message.patch,
      0011-Mediation-of-processes-eavesdropping.patch,
      0012-New-a-sv-helper-for-using-byte-arrays-as-the-variant.patch,
      0013-Add-AppArmor-support-to-GetConnectionCredentials.patch: Add the
      latest set of AppArmor D-Bus mediation patches. This the v3 patch set
      from the upstream feature inclusion bug.
      - https://bugs.freedesktop.org/show_bug.cgi?id=75113
    - aa-get-connection-apparmor-security-context.patch: This is not
      intended for upstream inclusion. It implements a bus method
      (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
      security context but upstream D-Bus has recently added a generic way of
      getting a connection's security credentials (GetConnectionCredentials).
      Ubuntu should carry this patch until packages in the archive are moved
      over to the new, generic method of getting a connection's credentials.

34599e0... by Simon McVittie on 2014-11-24

Import patches-unapplied version 1.8.12-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 08c4230790cdf4c4c9f11b1fbdb60da6790daf13

New changelog entries:
  * New upstream release 1.8.12
    - increase auth_timeout from 5 seconds back to 30 seconds since it
      appears to cause slow or failed boot on some systems, reverting a
      change in 1.8.8 (Closes: #769069)
    - add a README.Debian to the dbus package documenting how
      sysadmins with hostile local users can get the lower timeout back,
      if their systems are fast enough to boot correctly like that

08c4230... by Simon McVittie on 2014-11-06

Import patches-unapplied version 1.8.10-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f6ab8e64e2d519d1554a84a40924c1ebd202e436

New changelog entries:
  * New upstream release 1.8.10
    - raise dbus-daemon's file descriptor limit to 65536 to avoid an
      opportunity for denial of service
      (CVE-2014-7824, an incomplete fix for CVE-2014-3636)
  * Start 'dbus-daemon --system' as root under sysvinit (it already
    starts as root under systemd), so it can increase its file
    descriptor limit

f6ab8e6... by Simon McVittie on 2014-10-06

Import patches-unapplied version 1.8.8-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 60bed05cdb1aca33047bc30b22ca064756ad02b7

New changelog entries:
  [ Michael Biebl ]
  * Build against libsystemd-dev. In systemd v209 the various libraries were
    merged into a single libsystemd library.
  [ Simon McVittie ]
  * debian/dbus.bug-control: when people report bugs against dbus,
    also report the status of systemd and systemd-sysv (because
    those alter how system service activation works), and dbus-x11
    (because that's responsible for normal session bus setup)
  * Remove Build-Profiles control field until the syntax settles down
    (Closes: #764222)
  * Use --with-valgrind=auto (supported since 1.7.6) for the debug build

60bed05... by Simon McVittie on 2014-09-15

Import patches-unapplied version 1.8.8-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f5f0c7d4690fd8a9f780057736f0d8c6fea48fa7

New changelog entries:
  [ Michael Biebl ]
  * Don't attempt config reload if dbus system bus is not running.
  [ Simon McVittie ]
  * Bump dbus up to Priority: standard because without it, systemd-logind
    does not run a getty on tty2..tty6 (matching ftp-master action in
    #759293)
  * New upstream release fixes several security issues
    - CVE-2014-3635: do not accept an extra fd in cmsg padding,
      avoiding a buffer overrun in dbus-daemon or system services
    - CVE-2014-3636: reduce maximum number of file descriptors
       per message from 1024 to 16, to avoid two separate denial-of-service
       attacks that could cause system services to be dropped from the bus
    - CVE-2014-3637: time out connections that have a
       partially-sent message containing a file descriptor, so that
       malicious processes cannot use self-referential file descriptors
       to make a connection that will never close
    - CVE-2014-3638: reduce maximum number of pending replies
      per connection to avoid algorithmic complexity DoS
    - CVE-2014-3639: reduce timeout for authentication and
      do not accept() new connections when all unauthenticated connection
      slots are in use, so that malicious processes cannot prevent new
      connections to the system bus
  * debian/copyright: fix glob syntax, .[ch] is not supported

f5f0c7d... by Sjoerd Simons on 2014-08-13

Import patches-unapplied version 1.8.6-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: fd7f86d5e83da36cffeb533262366e81955121de

New changelog entries:
  * debian/dbus.posinst: When triggered only poke the dbus-daemon, don't run
    update-rc.d/invoke-rc.d as added by dh_installinit. This prevent some
    odd-corner when being triggered during init system upgrade
    (Closes: #754404)