-
dbus (1.2.16-2ubuntu4.8) lucid-security; urgency=medium
* SECURITY UPDATE: denial of service via large number of pending replies
- debian/patches/CVE-2014-3638.patch: reduce max_replies_per_connection
to 128 in bus/config-parser.c.
- CVE-2014-3638
* SECURITY UPDATE: denial of service via incomplete connections
- debian/patches/CVE-2014-3639.patch: reduce auth_timeout in
bus/config-parser.c, stop listening on DBusServer sockets when
reaching max_incomplete_connections in bus/bus.*, bus/connection.*,
dbus/dbus-server-protected.h, dbus/dbus-server.c, dbus/dbus-watch.*.
- CVE-2014-3639
-- Marc Deslauriers <email address hidden> Wed, 17 Sep 2014 12:27:46 -0400
-
dbus (1.2.16-2ubuntu4.7) lucid-security; urgency=low
* REGRESSION FIX: some applications launched with the activation helper
may need DBUS_STARTER_ADDRESS. (LP: #1058343)
- debian/patches/CVE-2012-3524-regression-fix.patch: hardcode the
starter address to the default system bus address.
* REGRESSION FIX: unclean shutdown after dbus upgrade (LP: #740390)
- debian/libdbus-1-3.postinst: trigger an upstart re-exec before
shutdown or reboot so that it can safely unmount the root
filesystem.
-- Marc Deslauriers <email address hidden> Wed, 03 Oct 2012 07:05:52 -0400
-
dbus (1.2.16-2ubuntu4.5) lucid-security; urgency=low
* SECURITY UPDATE: privilege escalation via unsanitized environment
- debian/patches/CVE-2012-3524-dbus.patch: Don't access environment
variables or run dbus-launch when setuid in configure.in,
dbus/dbus-keyring.c, dbus/dbus-sysdeps*
- CVE-2012-3524
-- Marc Deslauriers <email address hidden> Wed, 19 Sep 2012 15:24:02 -0400
-
dbus (1.2.16-2ubuntu4.3) lucid-security; urgency=low
* SECURITY UPDATE: denial of service via messages with non-native byte order
- debian/patches/99-CVE-2011-2200.patch: update dbus-marshal-header.c
to verify header->data byte order and header->byte_order match in
_dbus_header_byteswap()
- CVE-2011-2200
-- Jamie Strandboge <email address hidden> Fri, 22 Jul 2011 09:07:19 -0500
-
dbus (1.2.16-2ubuntu4.2) lucid-proposed; urgency=low
* Prevent dbus.postinst from failing in chroots (LP: #552404)
-- Alkis Georgopoulos <email address hidden> Fri, 21 Jan 2011 12:55:56 +0200
-
dbus (1.2.16-2ubuntu4.1) lucid-security; urgency=low
* SECURITY UPDATE: fix DoS with too deeply nested messages
- debian/patches/99-CVE-2010-4352.patch: Limit nesting to 64 for dynamic
message variants. Backported from upstream.
- CVE-2010-4352
- LP: #688992
-- Jamie Strandboge <email address hidden> Tue, 04 Jan 2011 14:33:58 -0600
-
dbus (1.2.16-2ubuntu4) lucid; urgency=low
* Add debian/dbus.links: provide a symlink for dbus-daemon-launch-helper's
old location in /usr, to provide a more stable upgrade from Hardy. This
can be dropped in Lucid+1. (LP: #551672)
-- Martin Pitt <email address hidden> Tue, 30 Mar 2010 16:28:07 +0200
-
dbus (1.2.16-2ubuntu3) lucid; urgency=low
* debian/dbus-Xsession: Use new "has_option" function from x11-common
instead of grepping the option file, to avoid calling an external program.
-- Martin Pitt <email address hidden> Fri, 19 Feb 2010 07:35:37 +0100
-
dbus (1.2.16-2ubuntu2) lucid; urgency=low
* Fix installation of dbus-arch-deps.h.
-- Martin Pitt <email address hidden> Tue, 08 Dec 2009 10:54:12 +0100
-
dbus (1.2.16-2ubuntu1) lucid; urgency=low
* Merge with Debian testing; Remaining Ubuntu changes:
- Install into / rather than /usr.
- debian/control: Depend on ConsoleKit for "at_console" policy stanza.
- debian/dbus.postinst: Do not restart dbus on upgrades, since it breaks
too many applications. Instead, trigger a "reboot required" notification.
- debian/dbus.postinst: Create /var/run/dbus in postinst to handle system
being rebooted before package is configured. LP: #275229.
- Add debian/dbus.upstart and bump debhelper b-dep to ensure that it is
properly installed.
- 11_timeout_handling.patch: Fix timeout accounting. The
elapsed_milliseconds contains the time from the start, so subtracting it
on every iteration means that the timeout is much less than what is
requested. Instead compare the absolute values, but pass the difference
to calls which want a timeout so that the correct remaining time is
used. (LP #376145)
- 20_system_conf_limit.patch: Increase max_match_rules_per_connection for
the system bus to 5000 (LP #454093)
- 81-session.conf-timeout.patch: Raise the service startup timeout from 25
to 60 seconds. It may be too short on the live CD with slow machines.
dbus (1.2.16-2) unstable; urgency=low
* Rebuild against debhelper (>= 7.2.23) that fixes a regression in
dh_install which did not correctly strip debian/tmp. (Closes: #537125)
* debian/patches/20_kbsd_cmsgcred.patch
- Fix incorrect usage of cmsgcred on kFreeBSD. Thanks to Aurelien Jarno
for the patch.
* debian/patches/30_rt-as-needed.patch
- Fix spurious build failures on alpha and ia64 when using -Wl,--as-needed
by changing the link order of libdbus-convenience.la and -lrt.
dbus (1.2.16-1) unstable; urgency=low
* New upstream release.
* debian/libdbus-1-3.symbols
- Update for API additions.
* debian/rules
- Bump shlibs to 1.2.16.
* Install libdbus to /lib. Upstart requires libdbus before /usr is
mounted. Keep the development files libdbus-1*.{a,so} in /usr/lib.
* Bump Standards-Version to 3.8.2. No further changes.
-- Martin Pitt <email address hidden> Mon, 07 Dec 2009 17:47:06 +0100
-
dbus (1.2.16-0ubuntu9) karmic; urgency=low
* 20_system_conf_limit.patch:
- increase max_match_rules_per_connection for the system
bus to 5000 (LP: #454093)
-- Michael Vogt <email address hidden> Fri, 23 Oct 2009 20:10:26 +0200
