-
dbus (1.4.18-1ubuntu1.10) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: DoS via file descriptor leak
- debian/patches/CVE-2020-12049.patch: on MSG_CTRUNC, close the fds
we did receive in dbus/dbus-sysdeps-unix.c.
- CVE-2020-12049
-- <email address hidden> (Leonidas S. Barbosa) Mon, 15 Jun 2020 13:17:29 -0300
-
dbus (1.4.18-1ubuntu1.8) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via ActivationFailure signal race
- debian/patches/CVE-2015-0245.patch: prevent forged ActivationFailure
from non-root processes in bus/system.conf.in.
- CVE-2015-0245
* SECURITY UPDATE: arbitrary code execution or denial of service via
format string vulnerability
- debian/patches/format_string.patch: do not use non-literal format
string in bus/activation.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Wed, 12 Oct 2016 08:37:07 -0400
-
dbus (1.4.18-1ubuntu1.7) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via large number of fds
- debian/patches/CVE-2014-7824.patch: raise rlimit and restore it for
activated services in bus/activation.c, bus/bus.*,
dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c,
dbus/dbus-sysdeps.h.
- debian/dbus.init: don't launch daemon as a user so the rlimit can be
raised.
- CVE-2014-7824
* SECURITY REGRESSION: authentication timeout on certain slower systems
- debian/patches/CVE-2014-3639-regression.patch: raise auth_timeout
back up to 30 secs in bus/config-parser.c, add a warning to
bus/connection.c.
- CVE-2014-3639
-- Marc Deslauriers <email address hidden> Tue, 25 Nov 2014 14:46:53 -0500
-
dbus (1.4.18-1ubuntu1.6) precise-security; urgency=medium
* SECURITY UPDATE: buffer overrun via odd max_message_unix_fds
- debian/patches/CVE-2014-3635.patch: do not extra fds in cmsg padding
in dbus/dbus-sysdeps-unix.c, allow using _DBUS_STATIC_ASSERT at a
non-global scope in dbus/dbus-internals.h, dbus/dbus-macros.h.
- CVE-2014-3635
* SECURITY UPDATE: denial of service via large number of fds
- debian/patches/CVE-2014-3636.patch: reduce max number of fds in
bus/config-parser.c, bus/session.conf.in, dbus/dbus-message.c,
dbus/dbus-sysdeps.h.
- CVE-2014-3636
* SECURITY UPDATE: denial of service via persistent file descriptiors
- debian/patches/CVE-2014-3637.patch: add a timeout to expire pending
fds in bus/bus.*, bus/config-parser.c, bus/connection.c,
bus/session.conf.in, cmake/bus/dbus-daemon.xml,
dbus/dbus-connection-internal.h, dbus/dbus-connection.c,
dbus/dbus-message-internal.h, dbus/dbus-message-private.h,
dbus/dbus-message.c, dbus/dbus-transport.*.
- CVE-2014-3637
* SECURITY UPDATE: denial of service via large number of pending replies
- debian/patches/CVE-2014-3638.patch: reduce max_replies_per_connection
to 128 in bus/config-parser.c.
- CVE-2014-3638
* SECURITY UPDATE: denial of service via incomplete connections
- debian/patches/CVE-2014-3639.patch: reduce auth_timeout in
bus/config-parser.c, stop listening on DBusServer sockets when
reaching max_incomplete_connections in bus/bus.*, bus/connection.*,
dbus/dbus-server-protected.h, dbus/dbus-server.c, dbus/dbus-watch.*.
- CVE-2014-3639
-- Marc Deslauriers <email address hidden> Wed, 17 Sep 2014 11:21:20 -0400
-
dbus (1.4.18-1ubuntu1.5) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via activation errors
- debian/patches/CVE-2014-3477.patch: improve error handling in
bus/activation.*, bus/services.c.
- CVE-2014-3477
* SECURITY UPDATE: denial of service via ETOOMANYREFS
- debian/patches/CVE-2014-3532.patch: drop message on ETOOMANYREFS in
dbus/dbus-sysdeps.*, dbus/dbus-transport-socket.c.
- CVE-2014-3532
* SECURITY UPDATE: denial of service via invalid file descriptor
- debian/patches/CVE-2014-3533.patch: fix memory handling in
dbus/dbus-message.c.
- CVE-2014-3533
-- Marc Deslauriers <email address hidden> Thu, 03 Jul 2014 08:39:34 -0400
-
dbus (1.4.18-1ubuntu1.4) precise-security; urgency=low
* SECURITY UPDATE: denial of service via _dbus_printf_string_upper_bound()
length.
- debian/patches/CVE-2013-2168.patch: use a copy of va_list in
dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-win.c, added test to
test/Makefile.am, test/internals/printf.c.
- CVE-2013-2168
-- Marc Deslauriers <email address hidden> Thu, 13 Jun 2013 10:23:58 -0400
-
dbus (1.4.18-1ubuntu1.3) precise-security; urgency=low
* REGRESSION FIX: some applications launched with the activation helper
may need DBUS_STARTER_ADDRESS. (LP: #1058343)
- debian/patches/CVE-2012-3524-regression-fix.patch: hardcode the
starter address to the default system bus address.
* REGRESSION FIX: unclean shutdown after dbus upgrade (LP: #740390)
- debian/libdbus-1-3.postinst: trigger an upstart re-exec before
shutdown or reboot so that it can safely unmount the root
filesystem.
-- Marc Deslauriers <email address hidden> Wed, 03 Oct 2012 06:12:39 -0400
-
dbus (1.4.18-1ubuntu1.1) precise-security; urgency=low
* SECURITY UPDATE: privilege escalation via unsanitized environment
- debian/patches/CVE-2012-3524-dbus.patch: Don't access environment
variables or run dbus-launch when setuid in configure.ac,
dbus/dbus-keyring.c, dbus/dbus-sysdeps*
- CVE-2012-3524
-- Marc Deslauriers <email address hidden> Fri, 14 Sep 2012 09:01:59 -0400
-
dbus (1.4.18-1ubuntu1) precise; urgency=low
* Merge with Debian unstable to pick up the new bug fix release. Remaining
Ubuntu changes:
- Install binaries into / rather than /usr:
+ debian/rules: Set --exec-prefix=/
+ debian/dbus.install, debian/dbus-x11.install: Install from /bin
- Use upstart to start:
+ Add debian/dbus.upstart.
+ debian/control: Add upstart dependency.
+ debian/dbus.postinst: Use upstart call instead of invoking the init.d
script for checking if we are already running.
+ debian/control: versioned dependency on netbase that emits the new
deconfiguring-networking event used in upstart script.
- 20_system_conf_limit.patch: Increase max_match_rules_per_connection for
the system bus to 5000 (LP #454093)
- 81-session.conf-timeout.patch: Raise the service startup timeout from 25
to 60 seconds. It may be too short on the live CD with slow machines.
- Add 0001-activation-allow-for-more-variation-than-just-system.patch,
0002-bus-change-systemd-activation-to-activation-systemd.patch,
0003-upstart-add-upstart-as-a-possible-activation-type.patch,
0004-upstart-add-UpstartJob-to-service-desktop-files.patch,
0005-activation-implement-upstart-activation.patch: Patches from Scott
James Remnant to implement Upstart service activation. Not upstream.
dbus (1.4.18-1) unstable; urgency=low
* New upstream release
* Change dbus and src:dbus from Section: devel to Section: admin
(Closes: #659357)
-- Martin Pitt <email address hidden> Wed, 22 Feb 2012 09:26:02 +0100
-
dbus (1.4.16-1ubuntu4) precise; urgency=low
* debian/rules, debian/dbus-1-dbg.install: Only set --exec-prefix=/ in
the production build. This prevents the debug version of dbus-daemon
from overwriting the non-debug version, which crashes the dbus-python
test suite. This leaves the debug version in a somewhat bogus path,
but we won't worry about that for now. Solution given by Jason Conti.
Also closes https://bugs.freedesktop.org/show_bug.cgi?id=43303
(LP: #913991)
-- Barry Warsaw <email address hidden> Tue, 10 Jan 2012 15:52:43 +0100
-
dbus (1.4.16-1ubuntu3) precise; urgency=low
* Add a post-stop in the upstart script making sure /var/run/dbus/pid
doesn't exist after dbus has been stopped/died. This fixes dbus
not respawning when dying (segfault for example).
-- Stephane Graber <email address hidden> Mon, 09 Jan 2012 15:15:50 +0100
-
dbus (1.4.16-1ubuntu2) precise; urgency=low
* Add debian/patches/02_obsolete_g_thread_api.patch: Port to glib 2.31.x
g_thread API. Bump libglib2.0-dev build dep accordingly. (LP: #911125)
-- Martin Pitt <email address hidden> Tue, 03 Jan 2012 11:08:46 +0100
-
dbus (1.4.16-1ubuntu1) precise; urgency=low
* Merge with Debian testing. Remaining changes:
- Install binaries into / rather than /usr:
+ debian/rules: Set --exec-prefix=/
+ debian/dbus.install, debian/dbus-x11.install: Install from /bin
- Use upstart to start:
+ Add debian/dbus.upstart.
+ debian/control: Add upstart dependency.
+ debian/dbus.postinst: Use upstart call instead of invoking the init.d
script for checking if we are already running.
+ debian/control: versioned dependency on netbase that emits the new
deconfiguring-networking event used in upstart script.
- 20_system_conf_limit.patch: Increase max_match_rules_per_connection for
the system bus to 5000 (LP #454093)
- 81-session.conf-timeout.patch: Raise the service startup timeout from 25
to 60 seconds. It may be too short on the live CD with slow machines.
- Add 0001-activation-allow-for-more-variation-than-just-system.patch,
0002-bus-change-systemd-activation-to-activation-systemd.patch,
0003-upstart-add-upstart-as-a-possible-activation-type.patch,
0004-upstart-add-UpstartJob-to-service-desktop-files.patch,
0005-activation-implement-upstart-activation.patch: Patches from Scott
James Remnant to implement Upstart service activation. Not upstream.
dbus (1.4.16-1) unstable; urgency=low
* New upstream release
* Do not symlink dcop-howto.txt.gz - no longer installed (this is D-Bus,
not DCOP)
* Set the build-dependencies to be enough to run all tests, but don't
run the tests yet
-- Martin Pitt <email address hidden> Tue, 18 Oct 2011 18:10:19 +0200
-
dbus (1.4.14-1ubuntu1) oneiric; urgency=low
* Merge with Debian unstable. Remaining changes:
- Install binaries into / rather than /usr:
+ debian/rules: Set --exec-prefix=/
+ debian/dbus.install, debian/dbus-x11.install: Install from /bin
- Use upstart to start:
+ Add debian/dbus.upstart.
+ debian/control: Add upstart dependency.
+ debian/dbus.postinst: Use upstart call instead of invoking the init.d
script for checking if we are already running.
+ debian/control: versioned dependency on netbase that emits the new
deconfiguring-networking event used in upstart script.
- 20_system_conf_limit.patch: Increase max_match_rules_per_connection for
the system bus to 5000 (LP #454093)
- 81-session.conf-timeout.patch: Raise the service startup timeout from 25
to 60 seconds. It may be too short on the live CD with slow machines.
- Add 0001-activation-allow-for-more-variation-than-just-system.patch,
0002-bus-change-systemd-activation-to-activation-systemd.patch,
0003-upstart-add-upstart-as-a-possible-activation-type.patch,
0004-upstart-add-UpstartJob-to-service-desktop-files.patch,
0005-activation-implement-upstart-activation.patch: Patches from Scott
James Remnant to implement Upstart service activation. Not upstream.
dbus (1.4.14-1) unstable; urgency=low
* New upstream release
- no longer needs workarounds to build or install the documentation
* Remove --disable-gc-sections, unnecessary since 1.4.12
-- Martin Pitt <email address hidden> Fri, 02 Sep 2011 08:42:50 +0200
