Change log for dbus package in Ubuntu
| 1 → 50 of 263 results | First • Previous • Next • Last |
| Published in noble-release |
| Published in mantic-release |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
dbus (1.14.10-1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2036180). Remaining changes: - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit (LP #1438612) - Reworked to actually make dbus.service _and_ dbus.socket to not be part of the shutdown transaction. And yet make it possible to still stop/kill/restart dbus.service if one really wants to, because it is stuck and stopped responding to any commands. This allows allows to restart dbus.service with needrestart. However a finalrd hook might still be needed, to kill dbus-daemon for good, once we pivot off rootfs. - Reworked to avoid a deadlock during boot (LP #1936948) - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Prevent dbus from being restarted on upgrade (LP #1962036) -- Olivier Gayot <email address hidden> Fri, 15 Sep 2023 11:42:11 +0200
Available diffs
dbus (1.14.8-2ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2027991). Remaining changes: - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit (LP: #1438612) - Reworked to actually make dbus.service _and_ dbus.socket to not be part of the shutdown transaction. And yet make it possible to still stop/kill/restart dbus.service if one really wants to, because it is stuck and stopped responding to any commands. This allows allows to restart dbus.service with needrestart. However a finalrd hook might still be needed, to kill dbus-daemon for good, once we pivot off rootfs. - Reworked to avoid a deadlock during boot (LP: #1936948) - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Prevent dbus from being restarted on upgrade (LP #1962036) * Removed unnecessary delta: - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore)
Available diffs
- diff from 1.14.6-1ubuntu1 to 1.14.8-2ubuntu1 (10.0 KiB)
dbus (1.14.6-1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2023301). Remaining changes: - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ dbus.socket to not be part of the shutdown transaction. And yet make it possible to still stop/kill/restart dbus.service if one really wants to, because it is stuck and stopped responding to any commands. This allows allows to restart dbus.service with needrestart. However a finalrd hook might still be needed, to kill dbus-daemon for good, once we pivot off rootfs. - Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot (LP #1936948) - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Prevent dbus from being restarted on upgrade (LP #1962036) - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore) * Removed obsoleted patches: - d/p/u/concrete-dbus-socket.patch: Add the "real" path used by the apparmor autopkgtest to the apparmor profile in the test [merged upstream in 1.14.6] - d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common packages to permit the resolver to use them to satisfy i386 dependencies [merged in debian in 1.14.6-1]
Available diffs
- diff from 1.14.4-1ubuntu1 to 1.14.6-1ubuntu1 (24.8 KiB)
| Superseded in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
dbus (1.14.4-1ubuntu1) lunar; urgency=medium * Merge from Debian unstable (LP: #1999258). Remaining changes: - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ dbus.socket to not be part of the shutdown transaction. And yet make it possible to still stop/kill/restart dbus.service if one really wants to, because it is stuck and stopped responding to any commands. This allows allows to restart dbus.service with needrestart. However a finalrd hook might still be needed, to kill dbus-daemon for good, once we pivot off rootfs. - Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Prevent dbus from being restarted on upgrade - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore) - d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common packages to permit the resolver to use them to satisfy i386 dependencies * Removed patches obsoleted/merged by upstream: - Make autopkgtests cross-test-friendly. - SECURITY UPDATE: Assertion failure in dbus-marshal-validate - debian/patches/CVE-2022-42010.patch: Check brackets in signature nest correctly - CVE-2022-42010 - SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate - debian/patches/CVE-2022-42011.patch: Validate length of arrays of fixed-length items - CVE-2022-42011 - SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap - debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed - CVE-2022-42012 * d/p/u/concrete-dbus-socket.patch: Add the "real" path used by the apparmor autopkgtest to the apparmor profile in the test -- Dave Jones <email address hidden> Fri, 09 Dec 2022 15:00:27 +0000
Available diffs
| Superseded in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to release.) |
| Superseded in lunar-proposed |
| Obsolete in kinetic-updates |
| Obsolete in kinetic-security |
dbus (1.14.0-2ubuntu3) kinetic; urgency=medium
* SECURITY UPDATE: Assertion failure in dbus-marshal-validate
- debian/patches/CVE-2022-42010.patch: Check brackets in signature nest
correctly
- CVE-2022-42010
* SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate
- debian/patches/CVE-2022-42011.patch: Validate length of arrays of
fixed-length items
- CVE-2022-42011
* SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap
- debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed
- CVE-2022-42012
-- Nishit Majithia <email address hidden> TUe, 25 Oct 2022 18:48:42 +0530
Available diffs
dbus (1.12.20-2ubuntu4.1) jammy-security; urgency=medium
* SECURITY UPDATE: Assertion failure in dbus-marshal-validate
- debian/patches/CVE-2022-42010.patch: Check brackets in signature nest
correctly
- CVE-2022-42010
* SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate
- debian/patches/CVE-2022-42011.patch: Validate length of arrays of
fixed-length items
- CVE-2022-42011
* SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap
- debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed
- CVE-2022-42012
-- Nishit Majithia <email address hidden> Tue, 25 Oct 2022 18:45:07 +0530
Available diffs
dbus (1.12.16-2ubuntu2.3) focal-security; urgency=medium
* SECURITY UPDATE: Assertion failure in dbus-marshal-validate
- debian/patches/CVE-2022-42010.patch: Check brackets in signature nest
correctly
- CVE-2022-42010
* SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate
- debian/patches/CVE-2022-42011.patch: Validate length of arrays of
fixed-length items
- CVE-2022-42011
* SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap
- debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed
- CVE-2022-42012
-- Nishit Majithia <email address hidden> Tue, 25 Oct 2022 18:39:26 +0530
Available diffs
dbus (1.12.2-1ubuntu1.4) bionic-security; urgency=medium
* SECURITY UPDATE: Assertion failure in dbus-marshal-validate
- debian/patches/CVE-2022-42010.patch: Check brackets in signature nest
correctly
- CVE-2022-42010
* SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate
- debian/patches/CVE-2022-42011.patch: Validate length of arrays of
fixed-length items
- CVE-2022-42011
* SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap
- debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed
- CVE-2022-42012
-- Nishit Majithia <email address hidden> Tue, 25 Oct 2022 18:33:19 +0530
Available diffs
| Superseded in lunar-release |
| Obsolete in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
dbus (1.14.0-2ubuntu2) kinetic; urgency=medium
* d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common
packages to permit the resolver to use them to satisfy i386 dependencies
-- Dave Jones <email address hidden> Tue, 30 Aug 2022 15:15:24 +0100
Available diffs
- diff from 1.12.20-2ubuntu4 to 1.14.0-2ubuntu2 (804.6 KiB)
- diff from 1.14.0-2ubuntu1 to 1.14.0-2ubuntu2 (528 bytes)
| Superseded in kinetic-proposed |
dbus (1.14.0-2ubuntu1) kinetic; urgency=medium * Merge from Debian unstable (LP: #1959211). Remaining changes: - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ dbus.socket to not be part of the shutdown transaction. And yet make it possible to still stop/kill/restart dbus.service if one really wants to, because it is stuck and stopped responding to any commands. This allows allows to restart dbus.service with needrestart. However a finalrd hook might still be needed, to kill dbus-daemon for good, once we pivot off rootfs. - Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot - Make autopkgtests cross-test-friendly. - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Prevent dbus from being restarted on upgrade - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore)
Available diffs
- diff from 1.12.20-2ubuntu4 to 1.14.0-2ubuntu1 (804.5 KiB)
dbus (1.12.2-1ubuntu1.3) bionic-security; urgency=medium
* SECURITY UPDATE: use-after-free when users share UID
- debian/patches/CVE-2020-35512.patch: apply
reference-counting to the user and group data structures
in dbus/dbus-userdb.h, dbus/dbus-sysdeps-unix.h,
dbus/dbus-userdb-util.c and dbus/dbus-userdb.c.
- CVE-2020-35512
-- David Fernandez Gonzalez <email address hidden> Fri, 06 May 2022 13:08:40 +0200
Available diffs
dbus (1.12.16-2ubuntu2.2) focal-security; urgency=medium
* SECURITY UPDATE: use-after-free when users share UID
- debian/patches/CVE-2020-35512.patch: apply
reference-counting to the user and group data structures
in dbus/dbus-userdb.h, dbus/dbus-sysdeps-unix.h,
dbus/dbus-userdb-util.c and dbus/dbus-userdb.c.
- CVE-2020-35512
-- David Fernandez Gonzalez <email address hidden> Fri, 29 Apr 2022 14:03:28 +0200
Available diffs
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
dbus (1.12.20-2ubuntu4) jammy; urgency=medium * Prevent dbus from being restarted on upgrade (LP: #1962036) -- Dave Jones <email address hidden> Fri, 01 Apr 2022 18:02:54 +0100
Available diffs
- diff from 1.12.20-2ubuntu3 to 1.12.20-2ubuntu4 (525 bytes)
dbus (1.12.20-2ubuntu3) jammy; urgency=medium * No-change rebuild to update maintainer scripts, see LP: 1959054 -- Dave Jones <email address hidden> Wed, 16 Feb 2022 16:50:50 +0000
Available diffs
- diff from 1.12.20-2ubuntu2 to 1.12.20-2ubuntu3 (367 bytes)
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
dbus (1.12.20-2ubuntu2) impish; urgency=medium
* Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot
(LP: #1936948)
-- Lukas Märdian <email address hidden> Thu, 09 Sep 2021 15:45:30 +0200
Available diffs
- diff from 1.12.20-2ubuntu1 to 1.12.20-2ubuntu2 (796 bytes)
dbus (1.12.20-2ubuntu1) impish; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit.
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
- Make autopkgtests cross-test-friendly.
- Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_
dbus.socket to not be part of the shutdown transaction. And yet make
it possible to still stop/kill/restart dbus.service if one really
wants to, because it is stuck and stopped responding to any
commands. This allows allows to restart dbus.service with
needrestart. However a finalrd hook might still be needed, to kill
dbus-daemon for good, once we pivot off rootfs.
Available diffs
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: moved to Release) |
dbus (1.12.20-1ubuntu3) hirsute; urgency=medium
* Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_
dbus.socket to not be part of the shutdown transaction. And yet make
it possible to still stop/kill/restart dbus.service if one really
wants to, because it is stuck and stopped responding to any
commands. This allows allows to restart dbus.service with
needrestart. However a finalrd hook might still be needed, to kill
dbus-daemon for good, once we pivot off rootfs.
-- Dimitri John Ledkov <email address hidden> Fri, 26 Feb 2021 19:43:15 +0000
Available diffs
| Superseded in hirsute-proposed |
dbus (1.12.20-1ubuntu2) hirsute; urgency=medium * No-change rebuild to drop the udeb package. -- Matthias Klose <email address hidden> Mon, 22 Feb 2021 10:30:40 +0100
Available diffs
- diff from 1.12.20-1ubuntu1 to 1.12.20-1ubuntu2 (340 bytes)
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
dbus (1.12.20-1ubuntu1) groovy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit.
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
- Make autopkgtests cross-test-friendly.
Available diffs
dbus (1.4.18-1ubuntu1.10) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: DoS via file descriptor leak
- debian/patches/CVE-2020-12049.patch: on MSG_CTRUNC, close the fds
we did receive in dbus/dbus-sysdeps-unix.c.
- CVE-2020-12049
-- <email address hidden> (Leonidas S. Barbosa) Mon, 15 Jun 2020 13:17:29 -0300
Available diffs
dbus (1.10.6-1ubuntu3.6) xenial-security; urgency=medium
* SECURITY UPDATE: DoS via file descriptor leak
- debian/patches/CVE-2020-12049-1.patch: on MSG_CTRUNC, close the fds
we did receive in dbus/dbus-sysdeps-unix.c.
- debian/patches/CVE-2020-12049-2.patch: assert that we don't leak file
descriptors in test/fdpass.c.
- CVE-2020-12049
-- Marc Deslauriers <email address hidden> Thu, 11 Jun 2020 14:26:07 -0400
Available diffs
dbus (1.12.2-1ubuntu1.2) bionic-security; urgency=medium
* SECURITY UPDATE: DoS via file descriptor leak
- debian/patches/CVE-2020-12049-1.patch: on MSG_CTRUNC, close the fds
we did receive in dbus/dbus-sysdeps-unix.c.
- debian/patches/CVE-2020-12049-2.patch: assert that we don't leak file
descriptors in test/fdpass.c.
- CVE-2020-12049
-- Marc Deslauriers <email address hidden> Thu, 11 Jun 2020 14:25:30 -0400
Available diffs
dbus (1.12.16-2ubuntu2.1) focal-security; urgency=medium
* SECURITY UPDATE: DoS via file descriptor leak
- debian/patches/CVE-2020-12049-1.patch: on MSG_CTRUNC, close the fds
we did receive in dbus/dbus-sysdeps-unix.c.
- debian/patches/CVE-2020-12049-2.patch: assert that we don't leak file
descriptors in test/fdpass.c.
- CVE-2020-12049
-- Marc Deslauriers <email address hidden> Thu, 11 Jun 2020 14:22:13 -0400
Available diffs
dbus (1.12.14-1ubuntu2.1) eoan-security; urgency=medium
* SECURITY UPDATE: DoS via file descriptor leak
- debian/patches/CVE-2020-12049-1.patch: on MSG_CTRUNC, close the fds
we did receive in dbus/dbus-sysdeps-unix.c.
- debian/patches/CVE-2020-12049-2.patch: assert that we don't leak file
descriptors in test/fdpass.c.
- CVE-2020-12049
-- Marc Deslauriers <email address hidden> Thu, 11 Jun 2020 14:24:33 -0400
Available diffs
dbus (1.12.18-1ubuntu1) groovy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit.
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
- Make autopkgtests cross-test-friendly.
Available diffs
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
dbus (1.12.16-2ubuntu2) focal; urgency=medium * Make autopkgtests cross-test-friendly. -- Steve Langasek <email address hidden> Fri, 06 Dec 2019 21:22:40 -0800
Available diffs
- diff from 1.12.16-2ubuntu1 to 1.12.16-2ubuntu2 (668 bytes)
dbus (1.12.16-2ubuntu1) focal; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit.
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
* Removed patches included in new version:
- d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch
- d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch
Available diffs
dbus (1.10.6-1ubuntu3.5) xenial; urgency=medium * Prevent logind from leaking session files (LP: #1846787). Fixed by upstream patches: - d/p/Only-read-one-message-at-a-time-if-there-are-fds-pen.patch - d/p/bus-Fix-timeout-restarts.patch - d/p/DBusMainLoop-ensure-all-required-timeouts-are-restar.patch -- Heitor Alves de Siqueira <email address hidden> Mon, 07 Oct 2019 08:29:04 -0300
Available diffs
| Superseded in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to release) |
dbus (1.12.14-1ubuntu2) eoan; urgency=medium
* SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
- d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
reject DBUS_COOKIE_SHA1 for users other than the server owner in
dbus/dbus-auth.c.
- d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
add basic test coverage for DBUS_COOKIE_SHA1 in
dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
test/data/auth/cookie-sha1-username.auth-script,
test/data/auth/cookie-sha1.auth-script.
- CVE-2019-12749
-- Marc Deslauriers <email address hidden> Tue, 11 Jun 2019 13:04:53 -0400
Available diffs
dbus (1.12.2-1ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
- d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
reject DBUS_COOKIE_SHA1 for users other than the server owner in
dbus/dbus-auth.c.
- d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
add basic test coverage for DBUS_COOKIE_SHA1 in
dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
test/data/auth/cookie-sha1-username.auth-script,
test/data/auth/cookie-sha1.auth-script.
- CVE-2019-12749
-- Marc Deslauriers <email address hidden> Mon, 10 Jun 2019 14:05:17 -0400
Available diffs
dbus (1.10.6-1ubuntu3.4) xenial-security; urgency=medium
* SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
- d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
reject DBUS_COOKIE_SHA1 for users other than the server owner in
dbus/dbus-auth.c.
- d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
add basic test coverage for DBUS_COOKIE_SHA1 in
dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
test/data/auth/cookie-sha1-username.auth-script,
test/data/auth/cookie-sha1.auth-script.
- CVE-2019-12749
-- Marc Deslauriers <email address hidden> Mon, 10 Jun 2019 14:06:01 -0400
dbus (1.12.12-1ubuntu1.1) disco-security; urgency=medium
* SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
- d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
reject DBUS_COOKIE_SHA1 for users other than the server owner in
dbus/dbus-auth.c.
- d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
add basic test coverage for DBUS_COOKIE_SHA1 in
dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
test/data/auth/cookie-sha1-username.auth-script,
test/data/auth/cookie-sha1.auth-script.
- CVE-2019-12749
-- Marc Deslauriers <email address hidden> Mon, 10 Jun 2019 12:57:09 -0400
Available diffs
dbus (1.12.10-1ubuntu2.1) cosmic-security; urgency=medium
* SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw
- d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch:
reject DBUS_COOKIE_SHA1 for users other than the server owner in
dbus/dbus-auth.c.
- d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch:
add basic test coverage for DBUS_COOKIE_SHA1 in
dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c,
dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am,
test/data/auth/cookie-sha1-username.auth-script,
test/data/auth/cookie-sha1.auth-script.
- CVE-2019-12749
-- Marc Deslauriers <email address hidden> Mon, 10 Jun 2019 13:01:15 -0400
Available diffs
dbus (1.12.14-1ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit.
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
Available diffs
| Superseded in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
dbus (1.12.12-1ubuntu1) disco; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
(see patch header and upstream bug for details). Fixes various
causes of shutdown hangs, particularly with remote file systems.
(LP: #1438612) (LP: #1540282)
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
* Dropped changes, superseded in Debian:
- debian/tests/root: don't set ulimit on containers, since the container
may be unprivileged and "root" may not be able to raise ulimits again.
Available diffs
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
dbus (1.12.10-1ubuntu2) cosmic; urgency=medium
* debian/tests/root: don't set ulimit on containers, since the container
may be unprivileged and "root" may not be able to raise ulimits again.
-- Steve Langasek <email address hidden> Thu, 06 Sep 2018 03:56:07 +0000
Available diffs
- diff from 1.12.2-1ubuntu1 to 1.12.10-1ubuntu2 (57.1 KiB)
- diff from 1.12.10-1ubuntu1 to 1.12.10-1ubuntu2 (693 bytes)
| Superseded in cosmic-proposed |
dbus (1.12.10-1ubuntu1) cosmic; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
(see patch header and upstream bug for details). Fixes various
causes of shutdown hangs, particularly with remote file systems.
(LP: #1438612) (LP: #1540282)
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
* Dropped changes, no longer needed:
- Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until
after 18.04 LTS.
Available diffs
| Superseded in cosmic-release |
| Published in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
dbus (1.12.2-1ubuntu1) bionic; urgency=medium
* Sync with Debian. Remaining changes:
- Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until
after 18.04 LTS.
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
(see patch header and upstream bug for details). Fixes various
causes of shutdown hangs, particularly with remote file systems.
(LP: #1438612) (LP: #1540282)
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
Available diffs
dbus (1.12.0-1ubuntu1) bionic; urgency=medium
* Sync with Debian. Remaining changes:
- Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until
after 18.04 LTS.
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
(see patch header and upstream bug for details). Fixes various
causes of shutdown hangs, particularly with remote file systems.
(LP: #1438612) (LP: #1540282)
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
Available diffs
- diff from 1.10.22-1ubuntu1 to 1.12.0-1ubuntu1 (323.3 KiB)
| Superseded in bionic-release |
| Obsolete in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
dbus (1.10.22-1ubuntu1) artful; urgency=medium
* Merge with Debian but don't use "really" version number since we never
had the 1.11 version in Ubuntu. Remaining changes:
- Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until
after 18.04 LTS.
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
(see patch header and upstream bug for details). Fixes various
causes of shutdown hangs, particularly with remote file systems.
(LP: #1438612) (LP: #1540282)
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
Available diffs
dbus (1.10.18-1ubuntu2) artful; urgency=medium
* Restore accidentally dropped debian/rules modification
to not start D-Bus on package installation
Available diffs
- diff from 1.10.10-1ubuntu2 to 1.10.18-1ubuntu2 (31.4 KiB)
- diff from 1.10.18-1ubuntu1 to 1.10.18-1ubuntu2 (512 bytes)
| Superseded in artful-proposed |
dbus (1.10.18-1ubuntu1) artful; urgency=medium
* Sync with Debian. Remaining changes:
- Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until
after 18.04 LTS.
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
(see patch header and upstream bug for details). Fixes various
causes of shutdown hangs, particularly with remote file systems.
(LP: #1438612) (LP: #1540282)
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
* Dropped changes:
- make-uid-0-immune-to-timeout.patch: Applied in new release
- debian/dbus.user-session.upstart
Available diffs
dbus (1.10.6-1ubuntu3.3) xenial; urgency=medium
* debian/dbus.user-session.upstart:
- Temporarily revert latest changes as those seem to cause issues in the
unity8 session on touch (LP: #1654241).
-- Łukasz 'sil2100' Zemczak <email address hidden> Thu, 12 Jan 2017 19:01:21 +0100
Available diffs
| Deleted in yakkety-proposed (Reason: SRU abandoned (not verified for over 105 days)) |
dbus (1.10.10-1ubuntu1.2) yakkety; urgency=medium
* debian/patches/make-uid-0-immune-to-timeout.patch:
- Backport fix proposed by Simon McVittie upstream to workaround bug
LP: #1591411.
-- Łukasz 'sil2100' Zemczak <email address hidden> Fri, 25 Nov 2016 18:36:48 +0100
Available diffs
| Superseded in xenial-proposed |
dbus (1.10.6-1ubuntu3.2) xenial; urgency=medium
[ Iain Lane ]
* debian/dbus.user-session.upstart: Backport zesty's version - don't launch
a duplicate session bus if there already is one (dbus-user-session). (LP:
#1644323)
[ Łukasz 'sil2100' Zemczak ]
* debian/patches/make-uid-0-immune-to-timeout.patch:
- Backport fix proposed by Simon McVittie upstream to workaround bug
LP: #1591411.
-- Iain Lane <email address hidden> Wed, 30 Nov 2016 10:48:01 +0000
Available diffs
dbus (1.6.18-0ubuntu4.5) trusty; urgency=medium
* debian/patches/unrequested-reply-mediation.patch: Don't let unrequested
reply messages through and don't audit them. Unrequested reply messages
are error or method_return messages that are sent from D-Bus connection A
to D-Bus connection B that do not correspond to any message ever sent by
D-Bus connection B. They should be quietly dropped as there's no use for
them outside of malicious activity. Patch based on upstream patches.
(LP: #1641243)
-- Tyler Hicks <email address hidden> Wed, 30 Nov 2016 21:44:48 +0000
Available diffs
| Superseded in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
dbus (1.10.10-1ubuntu2) zesty; urgency=medium
* debian/patches/make-uid-0-immune-to-timeout.patch:
- Add a test patch proposed by Simon McVittie upstream to fix bug
LP: #1591411.
-- Łukasz 'sil2100' Zemczak <email address hidden> Tue, 11 Oct 2016 20:12:43 +0200
Available diffs
dbus (1.10.10-1ubuntu1.1) yakkety-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution or denial of service via
format string vulnerability (likely limited to uid 0 only)
- debian/patches/format_string.patch: do not use non-literal format
string in bus/activation.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Wed, 12 Oct 2016 08:29:20 -0400
Available diffs
dbus (1.10.6-1ubuntu3.1) xenial-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution or denial of service via
format string vulnerability (likely limited to uid 0 only)
- debian/patches/format_string.patch: do not use non-literal format
string in bus/activation.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Wed, 12 Oct 2016 08:33:00 -0400
Available diffs
dbus (1.4.18-1ubuntu1.8) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via ActivationFailure signal race
- debian/patches/CVE-2015-0245.patch: prevent forged ActivationFailure
from non-root processes in bus/system.conf.in.
- CVE-2015-0245
* SECURITY UPDATE: arbitrary code execution or denial of service via
format string vulnerability
- debian/patches/format_string.patch: do not use non-literal format
string in bus/activation.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Wed, 12 Oct 2016 08:37:07 -0400
Available diffs
| 1 → 50 of 263 results | First • Previous • Next • Last |
