[ubuntu/lunar-proposed] dbus 1.14.4-1ubuntu1 (Accepted)

Dave Jones dave.jones at canonical.com
Wed Dec 14 20:53:14 UTC 2022 

dbus (1.14.4-1ubuntu1) lunar; urgency=medium

  * Merge from Debian unstable (LP: #1999258). Remaining changes:
    - Add aa-get-connection-apparmor-security-context.patch: This is not
      intended for upstream inclusion. It implements a bus method
      (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
      security context but upstream D-Bus has recently added a generic way of
      getting a connection's security credentials (GetConnectionCredentials).
      Ubuntu should carry this patch until packages in the archive are moved
      over to the new, generic method of getting a connection's credentials.
    - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit.
    - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_
      dbus.socket to not be part of the shutdown transaction. And yet make it
      possible to still stop/kill/restart dbus.service if one really wants to,
      because it is stuck and stopped responding to any commands. This allows
      allows to restart dbus.service with needrestart. However a finalrd hook
      might still be needed, to kill dbus-daemon for good, once we pivot off
      rootfs.
    - Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot
    - debian/dbus.postinst, debian/rules: Don't start D-Bus on package
      installation, as that doesn't work any more with dont-stop-dbus.patch.
      Instead, start dbus.socket in postinst, which will then start D-Bus on
      demand after package installation.
    - Prevent dbus from being restarted on upgrade
    - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore)
    - d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common
      packages to permit the resolver to use them to satisfy i386 dependencies
  * Removed patches obsoleted/merged by upstream:
    - Make autopkgtests cross-test-friendly.
    - SECURITY UPDATE: Assertion failure in dbus-marshal-validate
      - debian/patches/CVE-2022-42010.patch: Check brackets in signature nest
        correctly
      - CVE-2022-42010
    - SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate
      - debian/patches/CVE-2022-42011.patch: Validate length of arrays of
        fixed-length items
      - CVE-2022-42011
    - SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap
      - debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if
        needed
      - CVE-2022-42012
  * d/p/u/concrete-dbus-socket.patch: Add the "real" path used by the apparmor
    autopkgtest to the apparmor profile in the test

Date: Fri, 09 Dec 2022 15:00:27 +0000
Changed-By: Dave Jones <dave.jones at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: William Wilson <william.wilson at canonical.com>
https://launchpad.net/ubuntu/+source/dbus/1.14.4-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Fri, 09 Dec 2022 15:00:27 +0000
Source: dbus
Built-For-Profiles: noudeb
Architecture: source
Version: 1.14.4-1ubuntu1
Distribution: lunar
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Dave Jones <dave.jones at canonical.com>
Launchpad-Bugs-Fixed: 1999258
Changes:
 dbus (1.14.4-1ubuntu1) lunar; urgency=medium
 .
   * Merge from Debian unstable (LP: #1999258). Remaining changes:
     - Add aa-get-connection-apparmor-security-context.patch: This is not
       intended for upstream inclusion. It implements a bus method
       (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
       security context but upstream D-Bus has recently added a generic way of
       getting a connection's security credentials (GetConnectionCredentials).
       Ubuntu should carry this patch until packages in the archive are moved
       over to the new, generic method of getting a connection's credentials.
     - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit.
     - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_
       dbus.socket to not be part of the shutdown transaction. And yet make it
       possible to still stop/kill/restart dbus.service if one really wants to,
       because it is stuck and stopped responding to any commands. This allows
       allows to restart dbus.service with needrestart. However a finalrd hook
       might still be needed, to kill dbus-daemon for good, once we pivot off
       rootfs.
     - Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot
     - debian/dbus.postinst, debian/rules: Don't start D-Bus on package
       installation, as that doesn't work any more with dont-stop-dbus.patch.
       Instead, start dbus.socket in postinst, which will then start D-Bus on
       demand after package installation.
     - Prevent dbus from being restarted on upgrade
     - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore)
     - d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common
       packages to permit the resolver to use them to satisfy i386 dependencies
   * Removed patches obsoleted/merged by upstream:
     - Make autopkgtests cross-test-friendly.
     - SECURITY UPDATE: Assertion failure in dbus-marshal-validate
       - debian/patches/CVE-2022-42010.patch: Check brackets in signature nest
         correctly
       - CVE-2022-42010
     - SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate
       - debian/patches/CVE-2022-42011.patch: Validate length of arrays of
         fixed-length items
       - CVE-2022-42011
     - SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap
       - debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if
         needed
       - CVE-2022-42012
   * d/p/u/concrete-dbus-socket.patch: Add the "real" path used by the apparmor
     autopkgtest to the apparmor profile in the test
Checksums-Sha1:
 1bd628b18eb48fd374c13e705e362e7cd1ac0b2d 3755 dbus_1.14.4-1ubuntu1.dsc
 7916710d63533b8141e581cc0f98b4346d08bf6c 1368196 dbus_1.14.4.orig.tar.xz
 0396318efce0102bb8595513e7d5173713c28427 833 dbus_1.14.4.orig.tar.xz.asc
 dc21e9eb43d78b8ca7c7d3d41c7542f78c0f3e51 67708 dbus_1.14.4-1ubuntu1.debian.tar.xz
 6ea66d746eeceaefa94e7190dbb385a4a8834ed1 9033 dbus_1.14.4-1ubuntu1_source.buildinfo
Checksums-Sha256:
 1f078720b7694b0a8ccca15517aea2628f90640884bd59b6deb93e9834b30bad 3755 dbus_1.14.4-1ubuntu1.dsc
 7c0f9b8e5ec0ff2479383e62c0084a3a29af99edf1514e9f659b81b30d4e353e 1368196 dbus_1.14.4.orig.tar.xz
 da0278f451037e3c190799816aa36efacf51f77b66636f043944168a5836c575 833 dbus_1.14.4.orig.tar.xz.asc
 f70ef8d6b3cf88e758f96ffd91b6aace77ea1b33d407f6c287fbc32eefa72809 67708 dbus_1.14.4-1ubuntu1.debian.tar.xz
 847b6061b4a8468ea4e47ab4d2a4412d841aed4ad81336ccfb6777fcb09574ad 9033 dbus_1.14.4-1ubuntu1_source.buildinfo
Files:
 2e58baafa9325b5bf2c2fb852948e673 3755 admin optional dbus_1.14.4-1ubuntu1.dsc
 e36f0f160751fa7ce103782166852c6b 1368196 admin optional dbus_1.14.4.orig.tar.xz
 4e83c45341beab38f6a362d0456d36ca 833 admin optional dbus_1.14.4.orig.tar.xz.asc
 fa4b2242e5c262766483a911b8a9d5cc 67708 admin optional dbus_1.14.4-1ubuntu1.debian.tar.xz
 eebd3768d052074a8854db0e6890944c 9033 admin optional dbus_1.14.4-1ubuntu1_source.buildinfo
Original-Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>

More information about the lunar-changes mailing list