dbus (1.14.0-2ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable (LP: #1959211). Remaining changes:
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit.
- Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_
dbus.socket to not be part of the shutdown transaction. And yet make it
possible to still stop/kill/restart dbus.service if one really wants to,
because it is stuck and stopped responding to any commands. This allows
allows to restart dbus.service with needrestart. However a finalrd hook
might still be needed, to kill dbus-daemon for good, once we pivot off
rootfs.
- Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot
- Make autopkgtests cross-test-friendly.
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus on
demand after package installation.
- Prevent dbus from being restarted on upgrade
- git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore)
dbus (1.14.0-2) unstable; urgency=medium
* Revert workaround for #994204. Since debhelper 13.7, the workaround
doesn't do what we wanted either, causing unwanted dbus-daemon restarts
when rebuilt with a current debhelper.
* Explicitly build-depend on a debhelper without #994204 (either a newer
version where it is fixed, or an older version which didn't have that
problem). The failure mode caused by that bug is particularly bad
for dbus.
* Standards-Version: 4.6.1 (no changes required)
* Use XML catalog from built tree, fixing incorrect paths to DTDs
* Update Lintian overrides
dbus (1.14.0-1) unstable; urgency=medium
* Merge from experimental
- d/changelog: Reorder changelog to reflect the order of events as
seen from unstable
- d/gbp.conf, d/control: Adjust branches for 1.14.x
* New upstream stable release branch
- dbus-daemon: GetConnectionCredentials provides UnixGroupIDs from
Linux SO_PEERGROUPS
- dbus-daemon: <policy group="..."> uses Linux SO_PEERGROUPS
- dbus-daemon: add <allow send_destination_prefix="..."> (also works
on <deny>)
- dbus-daemon: removes header fields that it does not understand
- dbus-daemon: Add ActivatableServicesChanged signal
- dbus-user-session: dbus-daemon is now in session.slice
- dbus-bin: Add `dbus-send --sender`
- dbus-daemon: Installing into /etc/dbus-1/system.d is officially
reserved for the sysadmin, packages should install into
/usr/share/dbus-1/system.d
- libdbus-1-3, dbus-daemon: DBusServer no longer accepts login names
for EXTERNAL authentication, only numeric uids or the empty string
- dbus-daemon: several environment variables set by systemd are no
longer inherited by traditional (non-systemd) activated services
- dbus-daemon: notifies systemd that it is ready via sd_notify()
* d/control: Drop python3 build-dependency, no longer needed
* d/watch: Only watch for stable releases for this branch
dbus (1.13.22-1) experimental; urgency=medium
* New upstream release (release candidate for 1.14.0)
- No longer logs warnings about /proc/self/oom_score_adj with
systemd >= 250 (Closes: #1004543)
* Drop patch for #1005889, applied upstream
* Register DTDs in the XML catalog
dbus (1.13.20-2) experimental; urgency=medium
* Merge packaging from unstable
dbus (1.13.20-1) experimental; urgency=medium
* Merge packaging from unstable
* New upstream development release
* Put the shared library in /lib/MULTIARCH, as we do in unstable,
in accordance with the advice given by the Technical Committee
in #994388.
dbus (1.13.18-2) experimental; urgency=medium
[ Luca Boccassi ]
* Split tools and configs into -bin and -common packages.
User creation also moves to dbus-common. This is useful for
other D-Bus implementations like dbus-broker.
[ Simon McVittie ]
* Split dbus-common into -session-bus-common and -system-bus-common.
This allows us to install the integration files for session services
without having to create the messagebus user or run a system bus,
which is useful for CI environments that will run
session-service-dependent unit tests in a container where a system bus
is not necessary or desired, particularly in situations where creating
new uids can be problematic such as unprivileged containers.
* dbus: Provide a default-dbus-system-bus virtual package.
This allows us to signal what the default implementation of
dbus-system-bus is, even when other implementations like dbus-broker
also provide the dbus-system-bus virtual package.
* Move dbus-daemon, dbus-run-session and creation of
/var/lib/dbus/machine-id to a new dbus-daemon package.
This decouples the system integration for the well-known system bus
(still in the dbus package) from the dbus-daemon. This means that
packages that merely want to run a dbus-daemon in a small container
or chroot (for example to run integration tests or provide a minimal
session bus environment) do not need to pull in adduser, an init system,
or the setuid helper used to implement traditional activation.
dbus remains Priority: standard, because the majority of systems benefit
from having a working D-Bus system bus (in particular to communicate
with logind).
* d/watch: Watch for any archive extension.
Upstream releases switched from tar.gz to tar.xz for the 1.13.x branch.
* dbus-tests: Silence Lintian warnings for breakout-link
* Remove unnecessary Readme.txt from sha1 test data.
This causes Lintian warnings because it isn't UTF-8, and it isn't
actually useful.
* Silence more Lintian tags for D-Bus vs. dbus in package descriptions.
We're careful to say D-Bus when we mean the protocol, and dbus when we
mean the reference implementation of the protocol.
* Standards-Version: 4.5.1 (no changes required)
dbus (1.13.18-1) experimental; urgency=medium
[ Mark Hindley ]
* Fix system-bus autopkgtest detection of systemd as PID1.
The test attempts to detect whether systemd is available by testing for
/run/systemd. However, this path can exist on non-systemd systems.
Look for /run/systemd/system instead. (Closes: #962466)
[ Simon McVittie ]
* New upstream development release
- Prevent use-after-free if two usernames share a uid
dbus (1.13.16-1) experimental; urgency=medium
* New upstream development release
- CVE-2020-12049: Prevent a denial of service attack in which a local
user can make the system dbus-daemon run out of file descriptors
dbus (1.13.14-1) experimental; urgency=medium
[ Simon McVittie ]
* New upstream development release
- Drop patches that were applied upstream
- d/copyright: Update
* Move to debhelper compat level 13
- Don't restart systemd units on upgrade.
Previously, this was handled by the dh_installinit override.
- Add ${misc:Pre-Depends} to all binary packages.
This is required for dbus for dh_installsystemd under dh compat
level 12, and is harmless for the others.
- Stop overriding HOME, which is now done by default.
* dbus: Remove an unused Lintian override.
Lintian used to warn twice for the statically-enabled dbus.service unit,
but now only warns once.
* dbus-tests: Silence package-contains-documentation-outside-usr-share-doc
Lintian tag.
The tests contain some READMEs that describe what is in their directory.
* d/tests: Remove support for ancient autopkgtest versions.
AUTOPKGTEST_TMP is now required to be set, and we do not fall back
to the deprecated ADTTMP.
* Introduce noinsttest build profile.
This disables dbus-tests, and when combined with nocheck it disables
the circular GLib dependency.
* Remove non-standard pkg.dbus.minimal build profile.
It was not a "safe" build profile (it altered the contents of binary
packages, notably dropping LSM and systemd support, which could result
in dependent packages being broken), and the combination of nocheck,
nodoc and noinsttest achieves most of the same build-dependency
reductions.
* Explicitly build-depend on pkg-config.
Previously, this was pulled in by libglib2.0-dev. (Closes: #945201)
* d/upstream/metadata: Distinguish between Bug-Submit and Bug-Database
* Change system bus socket to /run/dbus/system_bus_socket.
The interoperable cross-distro path is /var/run/dbus/system_bus_socket,
so this remains the upstream default for the benefit of distributions
where /var/run and /run are (problematically) not guaranteed to be
equivalent. However, Debian Policy since at least v4.1.5 guarantees
that /var/run is a symlink to /run, and this has been implemented
for several stable releases (since at least initscripts 2.88dsf-29
in 2012, in the sysvinit case), so it is harmless to prefer the
path in /run, which has advantages in a few corner cases (ability
to unmount /var is the main one) and avoids warnings from systemd.
(Closes: #783321, #857678, #932105, #958289)
* Standards-Version: 4.5.0
- Note that the user for `dbus-daemon --system` is still named
'messagebus' for historical reasons. If it was added today,
we'd call it _dbus as per Policy ยง9.2.1, but this is not the right
package to be experimenting with renaming system users.
* d/dbus-udeb.postinst: Remove #DEBHELPER# token.
debhelper doesn't actually substitute this in udebs, making it just
an ordinary comment.
[ Debian Janitor ]
* d/changelog: Remove trailing whitespace.
* Use secure URI in Homepage field.
* Re-export upstream signing key without extra signatures.
* Set upstream metadata fields: Bug-Submit (from ./configure),
Repository, Repository-Browse.
dbus (1.13.12-2) experimental; urgency=medium
* Add bug number to 1.13.12-1 changelog entry
* Merge packaging changes from unstable
* d/p/tests-Skip-system-bus-test-if-we-are-root-but-messagebus-.patch,
d/p/tests-Skip-if-unable-to-launch-uninstalled-dbus-daemon-as.patch,
d/p/auth-Clear-GUID-from-server-if-out-of-memory.patch,
d/p/bus-Make-audit-initialization-idempotent.patch,
d/p/bus-tests-Shut-down-audit-socket.patch:
Fix test failures when build-time tests are run as root (in
particular this happens when the CI pipeline runs reprotest)
dbus (1.13.12-1) experimental; urgency=medium
* New upstream development release
- CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
authentication for identities that differ from the user running the
DBusServer. Previously, a local attacker could manipulate symbolic
links in their own home directory to bypass authentication and
connect to a DBusServer with elevated privileges. The standard
system and session dbus-daemons in their default configuration were
immune to this attack because they did not allow DBUS_COOKIE_SHA1,
but third-party users of DBusServer such as Upstart could be
vulnerable. (Closes: #930375)
dbus (1.13.10-1) experimental; urgency=medium
[ Simon McVittie ]
* New upstream development release
- Fix incorrect fd limits for services launched by the system bus
via traditional (non-systemd) activation (Closes: #928877)
- d/copyright: Update
* Explicitly enable the new --enable-traditional-activation option.
This is the upstream default anyway, but it would be a serious
regression if our dbus builds only supported systemd activation.
* d/tests/system-bus: Add a smoke-test for traditional activation,
and a smoke-test for systemd activation on systems booted with systemd.
* d/p/dbus-daemon-test-Don-t-test-fd-limits-if-in-an-unprivileg.patch:
Drop patch, applied upstream
* d/rules, d/tests: Run automated tests with DBUS_TEST_MALLOC_FAILURES=0.
Testing the code paths for memory allocation failures is too slow
to do routinely as a downstream.
* Standards-Version: 4.3.0 (no changes required)
[ Michael Biebl ]
* Move libraries to /usr/lib.
Since we can rely on /usr being available during early boot nowadays,
there is no longer a need to move any libraries to /lib.
dbus (1.13.8-1) experimental; urgency=medium
[ Ritesh Raj Sarraf ]
* Explicitly set session and test socket directory to /tmp, instead
of using a (possibly non-standard) TMPDIR
[ Simon McVittie ]
* New upstream development release
- d/copyright: Update
* d/tests/build: Mark as superficial (see #904979)
* d/tests/build: Comment why we don't test or support static linking
here (it's because libsystemd doesn't)
* dbus: Drop dependency on lsb-base. It is only needed when booting
with sysvinit and initscripts, but initscripts already Depends on
lsb-base (see #864999).
* dbus: Add Provides: dbus-system-bus and Provides: dbus-bin.
This provides a way to split the package in a later Debian version
or in derivatives. dbus-system-bus represents the well-known system
bus facility (/lib/systemd/system/dbus.service and /etc/init.d/dbus),
while dbus-bin represents the availability of executables like
dbus-daemon and dbus-send.
* Standards-Version: 4.2.1 (no changes required)
* d/p/dbus-daemon-test-Don-t-test-fd-limits-if-in-an-unprivileg.patch:
Add proposed patch to skip fd limit tests if we are uid 0 but do not
have CAP_SYS_RESOURCE (Closes: #908092)
* d/tests/system-bus: Add a smoke-test for the system bus
dbus (1.13.6-1) experimental; urgency=medium
* New upstream release
- Drop patches that were applied upstream
* Don't run the build-time tests for the debug build in parallel.
Some of the tests added by the debug build start many processes,
and the debug build's tests have intermittently been timing out on
reproducible-builds infrastructure, possibly because these machines
run with a high "make -j" value and more than one multi-processing
test gets run at the same time.
* Standards-Version: 4.1.5 (no changes required)
* Update symbols file for rename of private symbol
dbus_internal_do_not_use_get_uuid (anyone using that symbol despite
its name should expect the consequences :-)
dbus (1.13.4-3) experimental; urgency=medium
* d/control: Fix branch name in Vcs-Git
* d/rules: Use nss_wrapper to ensure that 127.0.0.1 and localhost
can be resolved successfully, fixing build-time tests in pbuilder
with the network namespace unshared (see #897662)
* d/rules: Make sure the X11 DISPLAY (if any) doesn't leak into the
test environment, fixing build-time tests if /tmp is unshared
* d/p/sysdeps-unix-Handle-errors-from-getaddrinfo-correctly.patch:
Add patch from upstream master branch to fix getaddrinfo error
reporting for tcp: and nonce-tcp: transports
* d/p/server-oom-test-Parse-the-address-instead-of-going-direct.patch,
d/p/test-Test-the-same-things-with-unix-that-we-do-with-tcp.patch,
d/p/server-oom-test-Don-t-assume-localhost-is-resolvable.patch,
test-Skip-TCP-tests-if-getaddrinfo-doesn-t-work.patch:
Add patches from upstream master branch to improve test robustness
and coverage when getaddrinfo doesn't work
* d/rules: Improve quoting
dbus (1.13.4-2) experimental; urgency=medium
* Remove debian/dbus-tests.shlibs.local. It was useful before 1.11.10-2
to make dbus-tests depend on the debug build in dbus-1-dbg, but now
that the debug build is itself in dbus-tests, making dbus-tests
depend on itself is not useful. It also suppressed the generated
dependency on libdbus-1-3 (= ${binary:Version}), causing autopkgtest
failures when only dbus-tests was upgraded.
* d/patches: Refresh via gbp-pq
* d/rules: If tests fail, continue to run all tests before reporting
failure
* d/rules: On success or failure, output all test logs for comparison
(in particular this lets us see how close we are to arbitrary
timeouts on slower architectures)
* d/p/debian/tests-Multiply-timeouts-by-20-on-riscv64.patch:
Compensate for the riscv64 port being bootstrapped on
qemu-system-riscv64 by multiplying arbitrary timeouts by 20. If this
fails, the logs will at least tell us how much more time is needed.
(Closes: #897607, hopefully)
dbus (1.13.4-1) experimental; urgency=medium
* New upstream development release
- d/copyright: cmake/modules/FindGObject.cmake no longer exists
* Standards-Version: 4.1.4 (no changes required)
* tests: Use AUTOPKGTEST_TMP in preference to deprecated ADTTMP
* tests: Make sure $HOME is set to somewhere we can write (workaround for
#897170)
* Build ducktype documentation, unless building with nodoc
- Build-depend on ducktype and yelp-tools
dbus (1.13.2-1) experimental; urgency=medium
* New upstream development release
* Update symbols file for new ABI
* d/tests/root: Re-run test-dbus-daemon as root, since it now contains
tests that are skipped as non-root
dbus (1.13.0-1) experimental; urgency=medium
* New upstream development release
dbus (1.12.22-1) unstable; urgency=medium
* New upstream bug fix release
- No longer logs warnings about /proc/self/oom_score_adj with
systemd >= 250 (Closes: #1004543)
- Improve reproducibility of documentation
* Drop patch for #1005889, included upstream
dbus (1.12.20-4) unstable; urgency=medium
* Use debhelper 13 instead of dh-exec where possible.
We still need to use dh-exec to filter files that are only installed
on Linux systems, but we no longer need it for ${DEB_HOST_MULTIARCH}
substitution.
* d/control: Build-depend on valgrind-if-available.
Thanks to Adam Borowski
* Add a patch to ensure the dbus-daemon is running for an integration test.
Hopefully closes: #1005889
* Update Lintian overrides syntax
dbus (1.12.20-3) unstable; urgency=medium
[ Luca Boccassi ]
* Split tools and configs into -bin and -common packages.
User creation also moves to dbus-common. This is useful for
other D-Bus implementations like dbus-broker.
[ Simon McVittie ]
* Split dbus-common into -session-bus-common and -system-bus-common.
This allows us to install the integration files for session services
without having to create the messagebus user or run a system bus,
which is useful for CI environments that will run
session-service-dependent unit tests in a container where a system bus
is not necessary or desired, particularly in situations where creating
new uids can be problematic such as unprivileged containers.
* dbus: Provide a default-dbus-system-bus virtual package.
This allows us to signal what the default implementation of
dbus-system-bus is, even when other implementations like dbus-broker
also provide the dbus-system-bus virtual package.
* Move dbus-daemon, dbus-run-session and creation of
/var/lib/dbus/machine-id to a new dbus-daemon package.
This decouples the system integration for the well-known system bus
(still in the dbus package) from the dbus-daemon. This means that
packages that merely want to run a dbus-daemon in a small container
or chroot (for example to run integration tests or provide a minimal
session bus environment) do not need to pull in adduser, an init system,
or the setuid helper used to implement traditional activation.
dbus remains Priority: standard, because the majority of systems benefit
from having a working D-Bus system bus (in particular to communicate
with logind).
* d/watch: Watch for any archive extension.
Upstream releases switched from tar.gz to tar.xz for the 1.13.x branch.
* Silence more Lintian tags for D-Bus vs. dbus in package descriptions.
We're careful to say D-Bus when we mean the protocol, and dbus when we
mean the reference implementation of the protocol.
* d/tests/gnome-desktop-testing: Use set -u so we'll fail on references
to unset environment variables
* Update Lintian overrides for dbus-tests
* Standards-Version: 4.6.0 (no changes required)
* d/rules, d/dbus.prerm, d/dbus.postinst: Never restart dbus-daemon.
Since debhelper 13.4, there appears to be no way to stop debhelper from
restarting services, other than telling it not to start our service and
taking responsibility for doing so ourselves. (Workaround for #994204)
* d/dbus.postinst: Remove compatibility code for Debian 8 to 9 upgrades
* All maintainer scripts: Respect $DPKG_ROOT
* d/dbus.maintscript: Remove cleanup of old conffiles.
This has been unnecessary since Debian 10 and Ubuntu 18.04.
* Don't <include> /etc/dbus-1/s*.conf.dpkg-bak in bus configuration.
This was part of the Debian 8 to Debian 9 upgrade path.
-- Dave Jones <email address hidden> Tue, 23 Aug 2022 15:07:57 +0100