Change log for dbus package in Ubuntu
1 → 50 of 263 results | First • Previous • Next • Last |
Published in noble-release |
Published in mantic-release |
Deleted in mantic-proposed (Reason: Moved to mantic) |
dbus (1.14.10-1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2036180). Remaining changes: - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit (LP #1438612) - Reworked to actually make dbus.service _and_ dbus.socket to not be part of the shutdown transaction. And yet make it possible to still stop/kill/restart dbus.service if one really wants to, because it is stuck and stopped responding to any commands. This allows allows to restart dbus.service with needrestart. However a finalrd hook might still be needed, to kill dbus-daemon for good, once we pivot off rootfs. - Reworked to avoid a deadlock during boot (LP #1936948) - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Prevent dbus from being restarted on upgrade (LP #1962036) -- Olivier Gayot <email address hidden> Fri, 15 Sep 2023 11:42:11 +0200
Available diffs
dbus (1.14.8-2ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2027991). Remaining changes: - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit (LP: #1438612) - Reworked to actually make dbus.service _and_ dbus.socket to not be part of the shutdown transaction. And yet make it possible to still stop/kill/restart dbus.service if one really wants to, because it is stuck and stopped responding to any commands. This allows allows to restart dbus.service with needrestart. However a finalrd hook might still be needed, to kill dbus-daemon for good, once we pivot off rootfs. - Reworked to avoid a deadlock during boot (LP: #1936948) - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Prevent dbus from being restarted on upgrade (LP #1962036) * Removed unnecessary delta: - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore)
Available diffs
- diff from 1.14.6-1ubuntu1 to 1.14.8-2ubuntu1 (10.0 KiB)
dbus (1.14.6-1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2023301). Remaining changes: - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ dbus.socket to not be part of the shutdown transaction. And yet make it possible to still stop/kill/restart dbus.service if one really wants to, because it is stuck and stopped responding to any commands. This allows allows to restart dbus.service with needrestart. However a finalrd hook might still be needed, to kill dbus-daemon for good, once we pivot off rootfs. - Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot (LP #1936948) - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Prevent dbus from being restarted on upgrade (LP #1962036) - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore) * Removed obsoleted patches: - d/p/u/concrete-dbus-socket.patch: Add the "real" path used by the apparmor autopkgtest to the apparmor profile in the test [merged upstream in 1.14.6] - d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common packages to permit the resolver to use them to satisfy i386 dependencies [merged in debian in 1.14.6-1]
Available diffs
- diff from 1.14.4-1ubuntu1 to 1.14.6-1ubuntu1 (24.8 KiB)
Superseded in mantic-release |
Published in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
dbus (1.14.4-1ubuntu1) lunar; urgency=medium * Merge from Debian unstable (LP: #1999258). Remaining changes: - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ dbus.socket to not be part of the shutdown transaction. And yet make it possible to still stop/kill/restart dbus.service if one really wants to, because it is stuck and stopped responding to any commands. This allows allows to restart dbus.service with needrestart. However a finalrd hook might still be needed, to kill dbus-daemon for good, once we pivot off rootfs. - Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Prevent dbus from being restarted on upgrade - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore) - d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common packages to permit the resolver to use them to satisfy i386 dependencies * Removed patches obsoleted/merged by upstream: - Make autopkgtests cross-test-friendly. - SECURITY UPDATE: Assertion failure in dbus-marshal-validate - debian/patches/CVE-2022-42010.patch: Check brackets in signature nest correctly - CVE-2022-42010 - SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate - debian/patches/CVE-2022-42011.patch: Validate length of arrays of fixed-length items - CVE-2022-42011 - SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap - debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed - CVE-2022-42012 * d/p/u/concrete-dbus-socket.patch: Add the "real" path used by the apparmor autopkgtest to the apparmor profile in the test -- Dave Jones <email address hidden> Fri, 09 Dec 2022 15:00:27 +0000
Available diffs
Superseded in lunar-release |
Deleted in lunar-proposed (Reason: Moved to release.) |
Superseded in lunar-proposed |
Obsolete in kinetic-updates |
Obsolete in kinetic-security |
dbus (1.14.0-2ubuntu3) kinetic; urgency=medium * SECURITY UPDATE: Assertion failure in dbus-marshal-validate - debian/patches/CVE-2022-42010.patch: Check brackets in signature nest correctly - CVE-2022-42010 * SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate - debian/patches/CVE-2022-42011.patch: Validate length of arrays of fixed-length items - CVE-2022-42011 * SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap - debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed - CVE-2022-42012 -- Nishit Majithia <email address hidden> TUe, 25 Oct 2022 18:48:42 +0530
Available diffs
dbus (1.12.20-2ubuntu4.1) jammy-security; urgency=medium * SECURITY UPDATE: Assertion failure in dbus-marshal-validate - debian/patches/CVE-2022-42010.patch: Check brackets in signature nest correctly - CVE-2022-42010 * SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate - debian/patches/CVE-2022-42011.patch: Validate length of arrays of fixed-length items - CVE-2022-42011 * SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap - debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed - CVE-2022-42012 -- Nishit Majithia <email address hidden> Tue, 25 Oct 2022 18:45:07 +0530
Available diffs
dbus (1.12.16-2ubuntu2.3) focal-security; urgency=medium * SECURITY UPDATE: Assertion failure in dbus-marshal-validate - debian/patches/CVE-2022-42010.patch: Check brackets in signature nest correctly - CVE-2022-42010 * SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate - debian/patches/CVE-2022-42011.patch: Validate length of arrays of fixed-length items - CVE-2022-42011 * SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap - debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed - CVE-2022-42012 -- Nishit Majithia <email address hidden> Tue, 25 Oct 2022 18:39:26 +0530
Available diffs
dbus (1.12.2-1ubuntu1.4) bionic-security; urgency=medium * SECURITY UPDATE: Assertion failure in dbus-marshal-validate - debian/patches/CVE-2022-42010.patch: Check brackets in signature nest correctly - CVE-2022-42010 * SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate - debian/patches/CVE-2022-42011.patch: Validate length of arrays of fixed-length items - CVE-2022-42011 * SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap - debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed - CVE-2022-42012 -- Nishit Majithia <email address hidden> Tue, 25 Oct 2022 18:33:19 +0530
Available diffs
Superseded in lunar-release |
Obsolete in kinetic-release |
Deleted in kinetic-proposed (Reason: Moved to kinetic) |
dbus (1.14.0-2ubuntu2) kinetic; urgency=medium * d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common packages to permit the resolver to use them to satisfy i386 dependencies -- Dave Jones <email address hidden> Tue, 30 Aug 2022 15:15:24 +0100
Available diffs
- diff from 1.12.20-2ubuntu4 to 1.14.0-2ubuntu2 (804.6 KiB)
- diff from 1.14.0-2ubuntu1 to 1.14.0-2ubuntu2 (528 bytes)
Superseded in kinetic-proposed |
dbus (1.14.0-2ubuntu1) kinetic; urgency=medium * Merge from Debian unstable (LP: #1959211). Remaining changes: - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ dbus.socket to not be part of the shutdown transaction. And yet make it possible to still stop/kill/restart dbus.service if one really wants to, because it is stuck and stopped responding to any commands. This allows allows to restart dbus.service with needrestart. However a finalrd hook might still be needed, to kill dbus-daemon for good, once we pivot off rootfs. - Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot - Make autopkgtests cross-test-friendly. - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Prevent dbus from being restarted on upgrade - git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore)
Available diffs
- diff from 1.12.20-2ubuntu4 to 1.14.0-2ubuntu1 (804.5 KiB)
dbus (1.12.2-1ubuntu1.3) bionic-security; urgency=medium * SECURITY UPDATE: use-after-free when users share UID - debian/patches/CVE-2020-35512.patch: apply reference-counting to the user and group data structures in dbus/dbus-userdb.h, dbus/dbus-sysdeps-unix.h, dbus/dbus-userdb-util.c and dbus/dbus-userdb.c. - CVE-2020-35512 -- David Fernandez Gonzalez <email address hidden> Fri, 06 May 2022 13:08:40 +0200
Available diffs
dbus (1.12.16-2ubuntu2.2) focal-security; urgency=medium * SECURITY UPDATE: use-after-free when users share UID - debian/patches/CVE-2020-35512.patch: apply reference-counting to the user and group data structures in dbus/dbus-userdb.h, dbus/dbus-sysdeps-unix.h, dbus/dbus-userdb-util.c and dbus/dbus-userdb.c. - CVE-2020-35512 -- David Fernandez Gonzalez <email address hidden> Fri, 29 Apr 2022 14:03:28 +0200
Available diffs
Superseded in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
dbus (1.12.20-2ubuntu4) jammy; urgency=medium * Prevent dbus from being restarted on upgrade (LP: #1962036) -- Dave Jones <email address hidden> Fri, 01 Apr 2022 18:02:54 +0100
Available diffs
- diff from 1.12.20-2ubuntu3 to 1.12.20-2ubuntu4 (525 bytes)
dbus (1.12.20-2ubuntu3) jammy; urgency=medium * No-change rebuild to update maintainer scripts, see LP: 1959054 -- Dave Jones <email address hidden> Wed, 16 Feb 2022 16:50:50 +0000
Available diffs
- diff from 1.12.20-2ubuntu2 to 1.12.20-2ubuntu3 (367 bytes)
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
dbus (1.12.20-2ubuntu2) impish; urgency=medium * Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot (LP: #1936948) -- Lukas Märdian <email address hidden> Thu, 09 Sep 2021 15:45:30 +0200
Available diffs
- diff from 1.12.20-2ubuntu1 to 1.12.20-2ubuntu2 (796 bytes)
dbus (1.12.20-2ubuntu1) impish; urgency=medium * Merge from Debian unstable. Remaining changes: - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. - Make autopkgtests cross-test-friendly. - Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ dbus.socket to not be part of the shutdown transaction. And yet make it possible to still stop/kill/restart dbus.service if one really wants to, because it is stuck and stopped responding to any commands. This allows allows to restart dbus.service with needrestart. However a finalrd hook might still be needed, to kill dbus-daemon for good, once we pivot off rootfs.
Available diffs
Superseded in impish-release |
Obsolete in hirsute-release |
Deleted in hirsute-proposed (Reason: moved to Release) |
dbus (1.12.20-1ubuntu3) hirsute; urgency=medium * Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_ dbus.socket to not be part of the shutdown transaction. And yet make it possible to still stop/kill/restart dbus.service if one really wants to, because it is stuck and stopped responding to any commands. This allows allows to restart dbus.service with needrestart. However a finalrd hook might still be needed, to kill dbus-daemon for good, once we pivot off rootfs. -- Dimitri John Ledkov <email address hidden> Fri, 26 Feb 2021 19:43:15 +0000
Available diffs
Superseded in hirsute-proposed |
dbus (1.12.20-1ubuntu2) hirsute; urgency=medium * No-change rebuild to drop the udeb package. -- Matthias Klose <email address hidden> Mon, 22 Feb 2021 10:30:40 +0100
Available diffs
- diff from 1.12.20-1ubuntu1 to 1.12.20-1ubuntu2 (340 bytes)
Superseded in hirsute-release |
Obsolete in groovy-release |
Deleted in groovy-proposed (Reason: moved to Release) |
dbus (1.12.20-1ubuntu1) groovy; urgency=low * Merge from Debian unstable. Remaining changes: - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. - Make autopkgtests cross-test-friendly.
Available diffs
dbus (1.4.18-1ubuntu1.10) precise-security; urgency=medium [ Marc Deslauriers ] * SECURITY UPDATE: DoS via file descriptor leak - debian/patches/CVE-2020-12049.patch: on MSG_CTRUNC, close the fds we did receive in dbus/dbus-sysdeps-unix.c. - CVE-2020-12049 -- <email address hidden> (Leonidas S. Barbosa) Mon, 15 Jun 2020 13:17:29 -0300
Available diffs
dbus (1.10.6-1ubuntu3.6) xenial-security; urgency=medium * SECURITY UPDATE: DoS via file descriptor leak - debian/patches/CVE-2020-12049-1.patch: on MSG_CTRUNC, close the fds we did receive in dbus/dbus-sysdeps-unix.c. - debian/patches/CVE-2020-12049-2.patch: assert that we don't leak file descriptors in test/fdpass.c. - CVE-2020-12049 -- Marc Deslauriers <email address hidden> Thu, 11 Jun 2020 14:26:07 -0400
Available diffs
dbus (1.12.2-1ubuntu1.2) bionic-security; urgency=medium * SECURITY UPDATE: DoS via file descriptor leak - debian/patches/CVE-2020-12049-1.patch: on MSG_CTRUNC, close the fds we did receive in dbus/dbus-sysdeps-unix.c. - debian/patches/CVE-2020-12049-2.patch: assert that we don't leak file descriptors in test/fdpass.c. - CVE-2020-12049 -- Marc Deslauriers <email address hidden> Thu, 11 Jun 2020 14:25:30 -0400
Available diffs
dbus (1.12.16-2ubuntu2.1) focal-security; urgency=medium * SECURITY UPDATE: DoS via file descriptor leak - debian/patches/CVE-2020-12049-1.patch: on MSG_CTRUNC, close the fds we did receive in dbus/dbus-sysdeps-unix.c. - debian/patches/CVE-2020-12049-2.patch: assert that we don't leak file descriptors in test/fdpass.c. - CVE-2020-12049 -- Marc Deslauriers <email address hidden> Thu, 11 Jun 2020 14:22:13 -0400
Available diffs
dbus (1.12.14-1ubuntu2.1) eoan-security; urgency=medium * SECURITY UPDATE: DoS via file descriptor leak - debian/patches/CVE-2020-12049-1.patch: on MSG_CTRUNC, close the fds we did receive in dbus/dbus-sysdeps-unix.c. - debian/patches/CVE-2020-12049-2.patch: assert that we don't leak file descriptors in test/fdpass.c. - CVE-2020-12049 -- Marc Deslauriers <email address hidden> Thu, 11 Jun 2020 14:24:33 -0400
Available diffs
dbus (1.12.18-1ubuntu1) groovy; urgency=low * Merge from Debian unstable. Remaining changes: - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. - Make autopkgtests cross-test-friendly.
Available diffs
Superseded in groovy-release |
Published in focal-release |
Deleted in focal-proposed (Reason: moved to Release) |
dbus (1.12.16-2ubuntu2) focal; urgency=medium * Make autopkgtests cross-test-friendly. -- Steve Langasek <email address hidden> Fri, 06 Dec 2019 21:22:40 -0800
Available diffs
- diff from 1.12.16-2ubuntu1 to 1.12.16-2ubuntu2 (668 bytes)
dbus (1.12.16-2ubuntu1) focal; urgency=medium * Merge from Debian unstable. Remaining changes: - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. * Removed patches included in new version: - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch
Available diffs
dbus (1.10.6-1ubuntu3.5) xenial; urgency=medium * Prevent logind from leaking session files (LP: #1846787). Fixed by upstream patches: - d/p/Only-read-one-message-at-a-time-if-there-are-fds-pen.patch - d/p/bus-Fix-timeout-restarts.patch - d/p/DBusMainLoop-ensure-all-required-timeouts-are-restar.patch -- Heitor Alves de Siqueira <email address hidden> Mon, 07 Oct 2019 08:29:04 -0300
Available diffs
Superseded in focal-release |
Obsolete in eoan-release |
Deleted in eoan-proposed (Reason: moved to release) |
dbus (1.12.14-1ubuntu2) eoan; urgency=medium * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch: reject DBUS_COOKIE_SHA1 for users other than the server owner in dbus/dbus-auth.c. - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch: add basic test coverage for DBUS_COOKIE_SHA1 in dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am, test/data/auth/cookie-sha1-username.auth-script, test/data/auth/cookie-sha1.auth-script. - CVE-2019-12749 -- Marc Deslauriers <email address hidden> Tue, 11 Jun 2019 13:04:53 -0400
Available diffs
dbus (1.12.2-1ubuntu1.1) bionic-security; urgency=medium * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch: reject DBUS_COOKIE_SHA1 for users other than the server owner in dbus/dbus-auth.c. - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch: add basic test coverage for DBUS_COOKIE_SHA1 in dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am, test/data/auth/cookie-sha1-username.auth-script, test/data/auth/cookie-sha1.auth-script. - CVE-2019-12749 -- Marc Deslauriers <email address hidden> Mon, 10 Jun 2019 14:05:17 -0400
Available diffs
dbus (1.10.6-1ubuntu3.4) xenial-security; urgency=medium * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch: reject DBUS_COOKIE_SHA1 for users other than the server owner in dbus/dbus-auth.c. - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch: add basic test coverage for DBUS_COOKIE_SHA1 in dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am, test/data/auth/cookie-sha1-username.auth-script, test/data/auth/cookie-sha1.auth-script. - CVE-2019-12749 -- Marc Deslauriers <email address hidden> Mon, 10 Jun 2019 14:06:01 -0400
dbus (1.12.12-1ubuntu1.1) disco-security; urgency=medium * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch: reject DBUS_COOKIE_SHA1 for users other than the server owner in dbus/dbus-auth.c. - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch: add basic test coverage for DBUS_COOKIE_SHA1 in dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am, test/data/auth/cookie-sha1-username.auth-script, test/data/auth/cookie-sha1.auth-script. - CVE-2019-12749 -- Marc Deslauriers <email address hidden> Mon, 10 Jun 2019 12:57:09 -0400
Available diffs
dbus (1.12.10-1ubuntu2.1) cosmic-security; urgency=medium * SECURITY UPDATE: DBUS_COOKIE_SHA1 implementation flaw - d/p/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch: reject DBUS_COOKIE_SHA1 for users other than the server owner in dbus/dbus-auth.c. - d/p/0002-test-Add-basic-test-coverage-for-DBUS_COOKIE_SHA1.patch: add basic test coverage for DBUS_COOKIE_SHA1 in dbus/dbus-auth-script.c, dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h, test/Makefile.am, test/data/auth/cookie-sha1-username.auth-script, test/data/auth/cookie-sha1.auth-script. - CVE-2019-12749 -- Marc Deslauriers <email address hidden> Mon, 10 Jun 2019 13:01:15 -0400
Available diffs
dbus (1.12.14-1ubuntu1) eoan; urgency=low * Merge from Debian unstable. Remaining changes: - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit. - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials.
Available diffs
Superseded in eoan-release |
Obsolete in disco-release |
Deleted in disco-proposed (Reason: moved to release) |
dbus (1.12.12-1ubuntu1) disco; urgency=low * Merge from Debian unstable. Remaining changes: - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit (see patch header and upstream bug for details). Fixes various causes of shutdown hangs, particularly with remote file systems. (LP: #1438612) (LP: #1540282) - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. * Dropped changes, superseded in Debian: - debian/tests/root: don't set ulimit on containers, since the container may be unprivileged and "root" may not be able to raise ulimits again.
Available diffs
Superseded in disco-release |
Obsolete in cosmic-release |
Deleted in cosmic-proposed (Reason: moved to release) |
dbus (1.12.10-1ubuntu2) cosmic; urgency=medium * debian/tests/root: don't set ulimit on containers, since the container may be unprivileged and "root" may not be able to raise ulimits again. -- Steve Langasek <email address hidden> Thu, 06 Sep 2018 03:56:07 +0000
Available diffs
- diff from 1.12.2-1ubuntu1 to 1.12.10-1ubuntu2 (57.1 KiB)
- diff from 1.12.10-1ubuntu1 to 1.12.10-1ubuntu2 (693 bytes)
Superseded in cosmic-proposed |
dbus (1.12.10-1ubuntu1) cosmic; urgency=low * Merge from Debian unstable. Remaining changes: - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit (see patch header and upstream bug for details). Fixes various causes of shutdown hangs, particularly with remote file systems. (LP: #1438612) (LP: #1540282) - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. * Dropped changes, no longer needed: - Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until after 18.04 LTS.
Available diffs
Superseded in cosmic-release |
Published in bionic-release |
Deleted in bionic-proposed (Reason: moved to release) |
dbus (1.12.2-1ubuntu1) bionic; urgency=medium * Sync with Debian. Remaining changes: - Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until after 18.04 LTS. - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit (see patch header and upstream bug for details). Fixes various causes of shutdown hangs, particularly with remote file systems. (LP: #1438612) (LP: #1540282) - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials.
Available diffs
dbus (1.12.0-1ubuntu1) bionic; urgency=medium * Sync with Debian. Remaining changes: - Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until after 18.04 LTS. - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit (see patch header and upstream bug for details). Fixes various causes of shutdown hangs, particularly with remote file systems. (LP: #1438612) (LP: #1540282) - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials.
Available diffs
- diff from 1.10.22-1ubuntu1 to 1.12.0-1ubuntu1 (323.3 KiB)
Superseded in bionic-release |
Obsolete in artful-release |
Deleted in artful-proposed (Reason: moved to release) |
dbus (1.10.22-1ubuntu1) artful; urgency=medium * Merge with Debian but don't use "really" version number since we never had the 1.11 version in Ubuntu. Remaining changes: - Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until after 18.04 LTS. - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit (see patch header and upstream bug for details). Fixes various causes of shutdown hangs, particularly with remote file systems. (LP: #1438612) (LP: #1540282) - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials.
Available diffs
dbus (1.10.18-1ubuntu2) artful; urgency=medium * Restore accidentally dropped debian/rules modification to not start D-Bus on package installation
Available diffs
- diff from 1.10.10-1ubuntu2 to 1.10.18-1ubuntu2 (31.4 KiB)
- diff from 1.10.18-1ubuntu1 to 1.10.18-1ubuntu2 (512 bytes)
Superseded in artful-proposed |
dbus (1.10.18-1ubuntu1) artful; urgency=medium * Sync with Debian. Remaining changes: - Clean up /etc/init/dbus.conf on upgrades. This needs to be kept until after 18.04 LTS. - Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit (see patch header and upstream bug for details). Fixes various causes of shutdown hangs, particularly with remote file systems. (LP: #1438612) (LP: #1540282) - debian/dbus.postinst, debian/rules: Don't start D-Bus on package installation, as that doesn't work any more with dont-stop-dbus.patch. Instead, start dbus.socket in postinst, which will then start D-Bus on demand after package installation. - Add aa-get-connection-apparmor-security-context.patch: This is not intended for upstream inclusion. It implements a bus method (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor security context but upstream D-Bus has recently added a generic way of getting a connection's security credentials (GetConnectionCredentials). Ubuntu should carry this patch until packages in the archive are moved over to the new, generic method of getting a connection's credentials. * Dropped changes: - make-uid-0-immune-to-timeout.patch: Applied in new release - debian/dbus.user-session.upstart
Available diffs
dbus (1.10.6-1ubuntu3.3) xenial; urgency=medium * debian/dbus.user-session.upstart: - Temporarily revert latest changes as those seem to cause issues in the unity8 session on touch (LP: #1654241). -- Łukasz 'sil2100' Zemczak <email address hidden> Thu, 12 Jan 2017 19:01:21 +0100
Available diffs
Deleted in yakkety-proposed (Reason: SRU abandoned (not verified for over 105 days)) |
dbus (1.10.10-1ubuntu1.2) yakkety; urgency=medium * debian/patches/make-uid-0-immune-to-timeout.patch: - Backport fix proposed by Simon McVittie upstream to workaround bug LP: #1591411. -- Łukasz 'sil2100' Zemczak <email address hidden> Fri, 25 Nov 2016 18:36:48 +0100
Available diffs
Superseded in xenial-proposed |
dbus (1.10.6-1ubuntu3.2) xenial; urgency=medium [ Iain Lane ] * debian/dbus.user-session.upstart: Backport zesty's version - don't launch a duplicate session bus if there already is one (dbus-user-session). (LP: #1644323) [ Łukasz 'sil2100' Zemczak ] * debian/patches/make-uid-0-immune-to-timeout.patch: - Backport fix proposed by Simon McVittie upstream to workaround bug LP: #1591411. -- Iain Lane <email address hidden> Wed, 30 Nov 2016 10:48:01 +0000
Available diffs
dbus (1.6.18-0ubuntu4.5) trusty; urgency=medium * debian/patches/unrequested-reply-mediation.patch: Don't let unrequested reply messages through and don't audit them. Unrequested reply messages are error or method_return messages that are sent from D-Bus connection A to D-Bus connection B that do not correspond to any message ever sent by D-Bus connection B. They should be quietly dropped as there's no use for them outside of malicious activity. Patch based on upstream patches. (LP: #1641243) -- Tyler Hicks <email address hidden> Wed, 30 Nov 2016 21:44:48 +0000
Available diffs
Superseded in artful-release |
Obsolete in zesty-release |
Deleted in zesty-proposed (Reason: moved to release) |
dbus (1.10.10-1ubuntu2) zesty; urgency=medium * debian/patches/make-uid-0-immune-to-timeout.patch: - Add a test patch proposed by Simon McVittie upstream to fix bug LP: #1591411. -- Łukasz 'sil2100' Zemczak <email address hidden> Tue, 11 Oct 2016 20:12:43 +0200
Available diffs
dbus (1.10.10-1ubuntu1.1) yakkety-security; urgency=medium * SECURITY UPDATE: arbitrary code execution or denial of service via format string vulnerability (likely limited to uid 0 only) - debian/patches/format_string.patch: do not use non-literal format string in bus/activation.c. - No CVE number -- Marc Deslauriers <email address hidden> Wed, 12 Oct 2016 08:29:20 -0400
Available diffs
dbus (1.10.6-1ubuntu3.1) xenial-security; urgency=medium * SECURITY UPDATE: arbitrary code execution or denial of service via format string vulnerability (likely limited to uid 0 only) - debian/patches/format_string.patch: do not use non-literal format string in bus/activation.c. - No CVE number -- Marc Deslauriers <email address hidden> Wed, 12 Oct 2016 08:33:00 -0400
Available diffs
dbus (1.4.18-1ubuntu1.8) precise-security; urgency=medium * SECURITY UPDATE: denial of service via ActivationFailure signal race - debian/patches/CVE-2015-0245.patch: prevent forged ActivationFailure from non-root processes in bus/system.conf.in. - CVE-2015-0245 * SECURITY UPDATE: arbitrary code execution or denial of service via format string vulnerability - debian/patches/format_string.patch: do not use non-literal format string in bus/activation.c. - No CVE number -- Marc Deslauriers <email address hidden> Wed, 12 Oct 2016 08:37:07 -0400
Available diffs
1 → 50 of 263 results | First • Previous • Next • Last |