-
dbus (1.14.10-1ubuntu1) mantic; urgency=medium
* Merge with Debian unstable (LP: #2036180). Remaining changes:
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
(LP #1438612)
- Reworked to actually make dbus.service _and_ dbus.socket to not
be part of the shutdown transaction. And yet make it possible
to still stop/kill/restart dbus.service if one really
wants to, because it is stuck and stopped responding to any
commands. This allows allows to restart dbus.service with
needrestart. However a finalrd hook might still be needed, to kill
dbus-daemon for good, once we pivot off rootfs.
- Reworked to avoid a deadlock during boot (LP #1936948)
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Prevent dbus from being restarted on upgrade (LP #1962036)
-- Olivier Gayot <email address hidden> Fri, 15 Sep 2023 11:42:11 +0200
-
dbus (1.14.8-2ubuntu1) mantic; urgency=medium
* Merge with Debian unstable (LP: #2027991). Remaining changes:
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit
(LP: #1438612)
- Reworked to actually make dbus.service _and_ dbus.socket to not
be part of the shutdown transaction. And yet make it possible
to still stop/kill/restart dbus.service if one really
wants to, because it is stuck and stopped responding to any
commands. This allows allows to restart dbus.service with
needrestart. However a finalrd hook might still be needed, to kill
dbus-daemon for good, once we pivot off rootfs.
- Reworked to avoid a deadlock during boot (LP: #1936948)
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Prevent dbus from being restarted on upgrade (LP #1962036)
* Removed unnecessary delta:
- git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore)
dbus (1.14.8-2) unstable; urgency=high
* dbus-daemon.postinst: Stop trying to take DPKG_ROOT into account.
This unintentionally disabled the code path that would copy systemd's
/etc/machine-id in preference to creating an entirely new machine ID.
(Closes: #1040790)
* d/tests: Add test coverage for #1040790
dbus (1.14.8-1) unstable; urgency=medium
[ Simon McVittie ]
* New upstream stable release
- Fixes a denial of service issue if the root or messagebus user is
monitoring messages on the system bus with the Monitoring interface
(dbus-monitor, busctl monitor, gdbus monitor or similar)
(Closes: #1037151)
[ Helmut Grohne ]
* Mark dbus-daemon and dbus-bin Multi-Arch: foreign (Closes: #1033056)
-- Olivier Gayot <email address hidden> Mon, 17 Jul 2023 18:10:48 +0200
-
dbus (1.14.6-1ubuntu1) mantic; urgency=medium
* Merge with Debian unstable (LP: #2023301). Remaining changes:
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit.
- Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_
dbus.socket to not be part of the shutdown transaction. And yet make
it possible to still stop/kill/restart dbus.service if one really
wants to, because it is stuck and stopped responding to any
commands. This allows allows to restart dbus.service with
needrestart. However a finalrd hook might still be needed, to kill
dbus-daemon for good, once we pivot off rootfs.
- Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot
(LP #1936948)
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Prevent dbus from being restarted on upgrade (LP #1962036)
- git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore)
* Removed obsoleted patches:
- d/p/u/concrete-dbus-socket.patch: Add the "real" path used by the apparmor
autopkgtest to the apparmor profile in the test
[merged upstream in 1.14.6]
- d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common
packages to permit the resolver to use them to satisfy i386 dependencies
[merged in debian in 1.14.6-1]
dbus (1.14.6-1) unstable; urgency=medium
* New upstream stable release
- Fixes a denial of service issue that is not relevant for the way
we compile dbus in Debian
* d/copyright: Update
* Standards-Version: 4.6.2 (no changes required)
* d/control: Mark dbus-*-bus-common as Multi-Arch: foreign.
Thanks to Dave Jones / Ubuntu
* d/upstream/metadata: Update Gitlab URLs to preferred format
* Drop migration path from very old debug symbol packages
* Avoid explicitly specifying -Wl,--as-needed linker flag,
which is the default with Debian 12 toolchains
* Remove version constraints unnecessary since Debian 10
-- Olivier Gayot <email address hidden> Thu, 08 Jun 2023 17:46:03 +0200
-
dbus (1.14.4-1ubuntu1) lunar; urgency=medium
* Merge from Debian unstable (LP: #1999258). Remaining changes:
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit.
- Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_
dbus.socket to not be part of the shutdown transaction. And yet make it
possible to still stop/kill/restart dbus.service if one really wants to,
because it is stuck and stopped responding to any commands. This allows
allows to restart dbus.service with needrestart. However a finalrd hook
might still be needed, to kill dbus-daemon for good, once we pivot off
rootfs.
- Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus on
demand after package installation.
- Prevent dbus from being restarted on upgrade
- git configuration changes for Ubuntu (d/gbp.conf, d/.gitignore)
- d/control: Add M-A: foreign to the new dbus-{session,system}-bus-common
packages to permit the resolver to use them to satisfy i386 dependencies
* Removed patches obsoleted/merged by upstream:
- Make autopkgtests cross-test-friendly.
- SECURITY UPDATE: Assertion failure in dbus-marshal-validate
- debian/patches/CVE-2022-42010.patch: Check brackets in signature nest
correctly
- CVE-2022-42010
- SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate
- debian/patches/CVE-2022-42011.patch: Validate length of arrays of
fixed-length items
- CVE-2022-42011
- SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap
- debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if
needed
- CVE-2022-42012
* d/p/u/concrete-dbus-socket.patch: Add the "real" path used by the apparmor
autopkgtest to the apparmor profile in the test
-- Dave Jones <email address hidden> Fri, 09 Dec 2022 15:00:27 +0000