[ubuntu/utopic-proposed] dbus 1.8.8-1ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Thu Sep 18 13:40:12 UTC 2014
dbus (1.8.8-1ubuntu1) utopic; urgency=medium
* Resynchronize on Debian. Remaining Ubuntu changes:
- Install binaries into / rather than /usr:
+ debian/rules: Set --exec-prefix=/
+ debian/dbus.install, debian/dbus-x11.install: Install from /bin
- Use upstart to start:
+ Add debian/dbus.upstart and dbus.user-session.upstart
+ debian/dbus.postinst: Use upstart call instead of invoking the init.d
script for checking if we are already running.
+ debian/control: versioned dependency on netbase that emits the new
deconfiguring-networking event used in upstart script.
- 20_system_conf_limit.patch: Increase max_match_rules_per_connection for
the system bus to 5000 (LP #454093)
- 81-session.conf-timeout.patch: Raise the service startup timeout from 25
to 60 seconds. It may be too short on the live CD with slow machines.
- debian/dbus.user-session.upstart, debian/rules: Communicate session bus
to Upstart Session Init to avoid potential out-of-memory scenario
triggered by Upstart clients that do not run main loops
(LP: #1235649, LP: #1252317).
- debian/control, debian/rules: Build against libapparmor for AppArmor
D-Bus mediation
- debian/control: Use logind for session tracking, so that "at_console"
policies work with logind instead of ConsoleKit. Add "libpam-systemd"
recommends.
- debian/rules: Adjust dbus-send path to our changed install layout.
(LP: #1325364)
- debian/dbus-Xsession: Don't start a session bus if there already is
one, i. e. $DBUS_SESSION_BUS_ADDRESS is already set. (Closes: #681241)
- 0001-Document-AppArmor-enforcement-in-the-dbus-daemon-man.patch,
0002-Add-apparmor-element-and-attributes-to-the-bus-confi.patch,
0003-Update-autoconf-file-to-build-against-libapparmor.patch,
0004-Add-apparmor-element-support-to-bus-config-parsing.patch,
0005-Initialize-AppArmor-mediation.patch,
0006-Store-AppArmor-label-of-bus-during-initialization.patch,
0007-Store-AppArmor-label-of-connecting-processes.patch,
0008-Mediation-of-processes-that-acquire-well-known-names.patch,
0009-Do-LSM-checks-after-determining-if-the-message-is-a-.patch,
0010-Mediation-of-processes-sending-and-receiving-message.patch,
0011-Mediation-of-processes-eavesdropping.patch,
0012-New-a-sv-helper-for-using-byte-arrays-as-the-variant.patch,
0013-Add-AppArmor-support-to-GetConnectionCredentials.patch: Add the
latest set of AppArmor D-Bus mediation patches. This the v3 patch set
from the upstream feature inclusion bug.
- https://bugs.freedesktop.org/show_bug.cgi?id=75113
- aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
dbus (1.8.8-1) unstable; urgency=medium
[ Michael Biebl ]
* Don't attempt config reload if dbus system bus is not running.
[ Simon McVittie ]
* Bump dbus up to Priority: standard because without it, systemd-logind
does not run a getty on tty2..tty6 (matching ftp-master action in
#759293)
* New upstream release fixes several security issues
- CVE-2014-3635: do not accept an extra fd in cmsg padding,
avoiding a buffer overrun in dbus-daemon or system services
- CVE-2014-3636: reduce maximum number of file descriptors
per message from 1024 to 16, to avoid two separate denial-of-service
attacks that could cause system services to be dropped from the bus
- CVE-2014-3637: time out connections that have a
partially-sent message containing a file descriptor, so that
malicious processes cannot use self-referential file descriptors
to make a connection that will never close
- CVE-2014-3638: reduce maximum number of pending replies
per connection to avoid algorithmic complexity DoS
- CVE-2014-3639: reduce timeout for authentication and
do not accept() new connections when all unauthenticated connection
slots are in use, so that malicious processes cannot prevent new
connections to the system bus
* debian/copyright: fix glob syntax, .[ch] is not supported
dbus (1.8.6-2) unstable; urgency=medium
* debian/dbus.posinst: When triggered only poke the dbus-daemon, don't run
update-rc.d/invoke-rc.d as added by dh_installinit. This prevent some
odd-corner when being triggered during init system upgrade
(Closes: #754404)
Date: Wed, 17 Sep 2014 15:52:35 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/utopic/+source/dbus/1.8.8-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 17 Sep 2014 15:52:35 -0400
Source: dbus
Binary: dbus dbus-udeb dbus-x11 libdbus-1-3 libdbus-1-3-udeb dbus-1-doc libdbus-1-dev dbus-1-dbg
Architecture: source
Version: 1.8.8-1ubuntu1
Distribution: utopic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
dbus - simple interprocess messaging system (daemon and utilities)
dbus-1-dbg - simple interprocess messaging system (debug symbols)
dbus-1-doc - simple interprocess messaging system (documentation)
dbus-udeb - simple interprocess messaging system (minimal runtime) (udeb)
dbus-x11 - simple interprocess messaging system (X11 deps)
libdbus-1-3 - simple interprocess messaging system (library)
libdbus-1-3-udeb - simple interprocess messaging system (minimal library) (udeb)
libdbus-1-dev - simple interprocess messaging system (development headers)
Closes: 681241 754404
Launchpad-Bugs-Fixed: 1235649 1252317 1325364
Changes:
dbus (1.8.8-1ubuntu1) utopic; urgency=medium
.
* Resynchronize on Debian. Remaining Ubuntu changes:
- Install binaries into / rather than /usr:
+ debian/rules: Set --exec-prefix=/
+ debian/dbus.install, debian/dbus-x11.install: Install from /bin
- Use upstart to start:
+ Add debian/dbus.upstart and dbus.user-session.upstart
+ debian/dbus.postinst: Use upstart call instead of invoking the init.d
script for checking if we are already running.
+ debian/control: versioned dependency on netbase that emits the new
deconfiguring-networking event used in upstart script.
- 20_system_conf_limit.patch: Increase max_match_rules_per_connection for
the system bus to 5000 (LP #454093)
- 81-session.conf-timeout.patch: Raise the service startup timeout from 25
to 60 seconds. It may be too short on the live CD with slow machines.
- debian/dbus.user-session.upstart, debian/rules: Communicate session bus
to Upstart Session Init to avoid potential out-of-memory scenario
triggered by Upstart clients that do not run main loops
(LP: #1235649, LP: #1252317).
- debian/control, debian/rules: Build against libapparmor for AppArmor
D-Bus mediation
- debian/control: Use logind for session tracking, so that "at_console"
policies work with logind instead of ConsoleKit. Add "libpam-systemd"
recommends.
- debian/rules: Adjust dbus-send path to our changed install layout.
(LP: #1325364)
- debian/dbus-Xsession: Don't start a session bus if there already is
one, i. e. $DBUS_SESSION_BUS_ADDRESS is already set. (Closes: #681241)
- 0001-Document-AppArmor-enforcement-in-the-dbus-daemon-man.patch,
0002-Add-apparmor-element-and-attributes-to-the-bus-confi.patch,
0003-Update-autoconf-file-to-build-against-libapparmor.patch,
0004-Add-apparmor-element-support-to-bus-config-parsing.patch,
0005-Initialize-AppArmor-mediation.patch,
0006-Store-AppArmor-label-of-bus-during-initialization.patch,
0007-Store-AppArmor-label-of-connecting-processes.patch,
0008-Mediation-of-processes-that-acquire-well-known-names.patch,
0009-Do-LSM-checks-after-determining-if-the-message-is-a-.patch,
0010-Mediation-of-processes-sending-and-receiving-message.patch,
0011-Mediation-of-processes-eavesdropping.patch,
0012-New-a-sv-helper-for-using-byte-arrays-as-the-variant.patch,
0013-Add-AppArmor-support-to-GetConnectionCredentials.patch: Add the
latest set of AppArmor D-Bus mediation patches. This the v3 patch set
from the upstream feature inclusion bug.
- https://bugs.freedesktop.org/show_bug.cgi?id=75113
- aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
.
dbus (1.8.8-1) unstable; urgency=medium
.
[ Michael Biebl ]
* Don't attempt config reload if dbus system bus is not running.
.
[ Simon McVittie ]
* Bump dbus up to Priority: standard because without it, systemd-logind
does not run a getty on tty2..tty6 (matching ftp-master action in
#759293)
* New upstream release fixes several security issues
- CVE-2014-3635: do not accept an extra fd in cmsg padding,
avoiding a buffer overrun in dbus-daemon or system services
- CVE-2014-3636: reduce maximum number of file descriptors
per message from 1024 to 16, to avoid two separate denial-of-service
attacks that could cause system services to be dropped from the bus
- CVE-2014-3637: time out connections that have a
partially-sent message containing a file descriptor, so that
malicious processes cannot use self-referential file descriptors
to make a connection that will never close
- CVE-2014-3638: reduce maximum number of pending replies
per connection to avoid algorithmic complexity DoS
- CVE-2014-3639: reduce timeout for authentication and
do not accept() new connections when all unauthenticated connection
slots are in use, so that malicious processes cannot prevent new
connections to the system bus
* debian/copyright: fix glob syntax, .[ch] is not supported
.
dbus (1.8.6-2) unstable; urgency=medium
.
* debian/dbus.posinst: When triggered only poke the dbus-daemon, don't run
update-rc.d/invoke-rc.d as added by dh_installinit. This prevent some
odd-corner when being triggered during init system upgrade
(Closes: #754404)
Checksums-Sha1:
07e13e48d2d085bca04c46f0d27c98d79cde100a 3069 dbus_1.8.8-1ubuntu1.dsc
e0d10e8b4494383c7e366ac80a942ba45a705a96 1864881 dbus_1.8.8.orig.tar.gz
05451afe0f5928d035c5a1a635445ebefc9b6ff7 59888 dbus_1.8.8-1ubuntu1.debian.tar.xz
Checksums-Sha256:
29f0215bd2253a28873ed15a078892ce313274b978e8ad4b87b3d4872b8f94cc 3069 dbus_1.8.8-1ubuntu1.dsc
dfab263649a979d0fff64a30cac374891a8e9940350e41f3bbd7679af32bd1fd 1864881 dbus_1.8.8.orig.tar.gz
3794145c41d39bc44da495a5963d0e44c4d010de91c571a8d9fe07fad86e3cca 59888 dbus_1.8.8-1ubuntu1.debian.tar.xz
Files:
d3122dc48316bd0f778af048c4218104 3069 admin optional dbus_1.8.8-1ubuntu1.dsc
b9f4a18ee3faa1e07c04aa1d83239c43 1864881 admin optional dbus_1.8.8.orig.tar.gz
95f2476848ff3e2edef80166efa51b21 59888 admin optional dbus_1.8.8-1ubuntu1.debian.tar.xz
Original-Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUGe/NAAoJEGVp2FWnRL6Tj0QP/2SrldQX9HKUpNOuJCYSPT2t
OU1928vZW3m2obmdsfi3dMSqcVsN4v8V3J09tL5BuXUatI0MqPrjUWwdgIPksj2y
FmGdpIcmmjJLDLHvEtbcKGRYCJbpS1fYOpCQ8PY9UrMQW9+FEfzje7P7dDM5YvFg
VTqCKg7iIgFP4+Pq0YDk358CR3v8tgZWSlt1q7suYs3L2m6IsGIe4sjCd+B8GQKP
NAtO/UQUt2rLiJShRaKGpLh7hVcFivGe5Z7oHcRjVPJvCd00I3B8btXxsHEafoSL
dGDUKp8vMuaepfTzuNm2fm3bf86UnJBacDbLKvJ5UOdxJhDYPvYanN7fvo//jBr/
rH1nmN47HSHsKpcjl8siEsddQGk7Re0nuXiCkRzDVesJY/u32nY01E7MxBLyP4H2
UPRmSGtkVDPV9za6aFz7mjgPsXr6rtXtxokVu5vaNq0oRudxxRWFrbG5ugexeQkN
S3DkTHlW6F4LJbb3qq1xD1eKD/eJ4Cupvcloj7Yn9hQgZ1vkrh1bMcdexOEzg5EE
Zjb9l9m+u5ioPv0OJmmKzHEPHp0i0RcPxO8FZGqrvw+TATg9d76U85ekMU+BMluC
r0cqXP8o/djB2gwGmsGf5Z/MkIYADhCjEBKsrwItudBvHXrxAoeQAe7/SFYi81le
QnkcbVKvl0IOKV2n/WfE
=jVJY
-----END PGP SIGNATURE-----
More information about the Utopic-changes
mailing list