touch-packages team mailing list archive

[Launchpad Bug Tracker <1320422@xxxxxxxxxxxxxxxxxx>]

This bug was fixed in the package dbus - 1.8.6-1ubuntu1

---------------
dbus (1.8.6-1ubuntu1) utopic; urgency=low

  * Resynchronize on Debian testing (LP: #1320422). Remaining Ubuntu changes:
    - Install binaries into / rather than /usr:
      + debian/rules: Set --exec-prefix=/
      + debian/dbus.install, debian/dbus-x11.install: Install from /bin
    - Use upstart to start:
      + Add debian/dbus.upstart and dbus.user-session.upstart
      + debian/dbus.postinst: Use upstart call instead of invoking the init.d
        script for checking if we are already running.
      + debian/control: versioned dependency on netbase that emits the new
        deconfiguring-networking event used in upstart script.
    - 20_system_conf_limit.patch: Increase max_match_rules_per_connection for
      the system bus to 5000 (LP #454093)
    - 81-session.conf-timeout.patch: Raise the service startup timeout from 25
      to 60 seconds. It may be too short on the live CD with slow machines.
    - debian/dbus.user-session.upstart, debian/rules: Communicate session bus
      to Upstart Session Init to avoid potential out-of-memory scenario
      triggered by Upstart clients that do not run main loops
      (LP: #1235649, LP: #1252317).
    - debian/control, debian/rules: Build against libapparmor for AppArmor
      D-Bus mediation
    - debian/control: Use logind for session tracking, so that "at_console"
      policies work with logind instead of ConsoleKit. Add "libpam-systemd"
      recommends.
    - debian/rules: Adjust dbus-send path to our changed install layout.
      (LP: #1325364)
    - debian/dbus-Xsession: Don't start a session bus if there already is one,
      i. e. $DBUS_SESSION_BUS_ADDRESS is already set. (Closes: #681241)
  * Dropped changes:
    - debian/control: Drop version bump on the libglib2.0-dev Build-Depends.
      It is no longer needed.
    - debian/control: use "Breaks: unity-services (<< 6.0.0-0ubuntu6)", the
      new dbus eavedropping protection was creating issues with previous
      versions. This can be dropped now since upgrades from Quantal are no
      longer a concern.
    - debian/control, debian/rules: The tests are not run during the build.
      Configure with --disable-tests, drop the build dependencies needed for
      the tests. The tests should now run with the debug build using
      autopkgtest.
    - 00git_logind_check.patch: Fix logind check. This change is present in
      upstream dbus.
    - Add 00git_sd_daemon_update.patch: Update to current sytemd upstream
      sd_booted() to actually check for systemd init. This change is present
      in upstream dbus.
    - debian/patches/aa-build-tools.patch, debian/patches/aa-mediation.patch,
      debian/patches/aa-mediate-eavesdropping.patch: Drop these patches in
      favor of the latest set of patches submitted for upstream inclusion
    - debian/patches/02_obsolete_g_thread_api.patch: This change is present in
      upstream dbus
    - 0001-activation-allow-for-more-variation-than-just-system.patch,
      0002-bus-change-systemd-activation-to-activation-systemd.patch,
      0003-upstart-add-upstart-as-a-possible-activation-type.patch,
      0004-upstart-add-UpstartJob-to-service-desktop-files.patch,
      0005-activation-implement-upstart-activation.patch: These patches have
      been disabled since 12.10 so it should be safe to remove them at this
      point
    - debian/patches/CVE-2014-3477.patch, debian/patches/CVE-2014-3532.patch,
      debian/patches/CVE-2014-3533.patch: These changes are present in
      upstream dbus
  * 0001-Document-AppArmor-enforcement-in-the-dbus-daemon-man.patch,
    0002-Add-apparmor-element-and-attributes-to-the-bus-confi.patch,
    0003-Update-autoconf-file-to-build-against-libapparmor.patch,
    0004-Add-apparmor-element-support-to-bus-config-parsing.patch,
    0005-Initialize-AppArmor-mediation.patch,
    0006-Store-AppArmor-label-of-bus-during-initialization.patch,
    0007-Store-AppArmor-label-of-connecting-processes.patch,
    0008-Mediation-of-processes-that-acquire-well-known-names.patch,
    0009-Do-LSM-checks-after-determining-if-the-message-is-a-.patch,
    0010-Mediation-of-processes-sending-and-receiving-message.patch,
    0011-Mediation-of-processes-eavesdropping.patch,
    0012-New-a-sv-helper-for-using-byte-arrays-as-the-variant.patch,
    0013-Add-AppArmor-support-to-GetConnectionCredentials.patch: Add the
    latest set of AppArmor D-Bus mediation patches. This the v3 patch set from
    the upstream feature inclusion bug.
    - https://bugs.freedesktop.org/show_bug.cgi?id=75113
  * aa-get-connection-apparmor-security-context.patch: Refresh this patch so
    that it compiles with latest AppArmor D-Bus mediation patches. It is not
    intended for upstream inclusion. It implements a bus method
    (GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
    security context but upstream D-Bus has recently added a generic way of
    getting a connection's security credentials (GetConnectionCredentials).
    Ubuntu should carry this patch until packages in the archive are moved
    over to the new, generic method of getting a connection's credentials.

dbus (1.8.6-1) unstable; urgency=high

  * New upstream release
    - fix two local DoS vulnerabilities (CVE-2014-3532, CVE-2014-3533)

dbus (1.8.4-1) unstable; urgency=high

  * New upstream release, fixing a DoS vulnerability (CVE-2014-3477)

dbus (1.8.2-1) unstable; urgency=medium

  * New upstream release

dbus (1.8.0-3) unstable; urgency=medium

  * Improve autopkgtest support
    - use a shell wildcard instead of dpkg-architecture, to avoid stderr spam
      failing the test if gcc is missing
    - wrap each test-case in an arbitrary (5 minute) timeout so that one
      test-case failing won't halt the whole build

dbus (1.8.0-2) unstable; urgency=low

  * debian/rules: look for DEB_BUILD_PROFILES, the new name for
    DEB_BUILD_PROFILE
  * Don't try to install systemd units in a stage1 build (they are
    no longer installed unless libsystemd*-dev are found) (Closes: #738317)
  * Mark dbus-1-doc with Build-Profiles: !stage1
  * Register a dpkg trigger on /usr/share/dbus-1/system-services and
    /etc/dbus-1/system.d that calls ReloadConfig on the system dbus-daemon,
    in case our inotify monitoring isn't completely reliable (see #740139)
  * Clean debian/tmp-udeb in `debian/rules clean`
  * Hook up the installed tests to DEP-8 metadata
  * Add a simple compile/link/run test

dbus (1.8.0-1) unstable; urgency=low

  * New upstream stable release
    - add debian/copyright stanzas for some new BSD-licensed cmake macros

dbus (1.7.10-2) unstable; urgency=low

  * Conditionalize libaudit and libcap-ng build-dependencies to [linux-any]
  * Explicitly enable libaudit, SELinux and systemd on Linux;
    do not enable them elsewhere

dbus (1.7.10-1) unstable; urgency=low

  * Merge from experimental into unstable
  * New upstream release 1.7.10 (1.8 rc1)
  * Generate debian/dbus.install from a generic part and a Linux-specific
    part, since systemd metadata doesn't get installed on non-Linux any more

dbus (1.7.8-1) experimental; urgency=low

  [ Laurent Bigonville ]
  * debian/rules: Re-add udeb_configure_flags that were lost during merge
    (Closes: #727774)

  [ Simon McVittie ]
  * Standards-Version: 3.9.5 (no changes needed)
  * Enable libaudit support so messages that violate SELinux policy go to the
    audit log (Closes: #727771)
  * New upstream release
    - add new dependency on libsystemd-journal-dev for linux-any

dbus (1.7.6-2) experimental; urgency=low

  * debian/rules: FTBFS if new symbols or libraries are added
    without updating the symbols file
  * debian/copyright: list copyright holders and minor licenses
    (Closes: #726000)
  * Merge packaging changes from unstable:
    - Run `update-rc.d dbus defaults` instead of deprecated
      `update-rc.d dbus start ...` (Closes: #725923)
    - Add udeb packages, so the graphical installer can use AT-SPI
      (Closes: #723952)
    - Standards-Version: 3.9.4 (no changes needed)

dbus (1.7.6-1) experimental; urgency=low

  * Standards-Version: 3.9.4 (no changes needed)
  * New upstream development release
    - update symbols

dbus (1.7.4-1) experimental; urgency=low

  * New upstream development release
    - CVE-2013-2168: avoid a user-triggerable crash (denial of services)
      in system services that use libdbus

dbus (1.7.2-1) experimental; urgency=low

  * New upstream development release
  * Do the debug build --with-valgrind on mipsel, too

dbus (1.7.0-1) experimental; urgency=low

  * Branch for experimental
  * New upstream development release
  * On architectures where it's currently supported, do the
    debug build with --with-valgrind for better instrumentation
  * debian/rules: factor out production and debug configure flags
  * Add support for DEB_BUILD_OPTIONS=nodocs, which omits most documentation
    (allowing doxygen and xmlto to be avoided) and the dbus-1-doc package
  * Add support for DEB_BUILD_PROFILE=stage1, which does the same as nodocs
    and additionally makes the debug build not insist on building all tests
  * Make the development and debugging packages Multi-Arch: same,
    since their arch-dependent files are all arch-segregated
    (/usr/lib/TUPLE) or named according to a build-ID (/usr/lib/debug)
    (Closes: #689071). This is not actually useful until pkg-config
    becomes M-A: foreign (#631275).

dbus (1.6.18-2) unstable; urgency=medium

  * Disable valgrind integration in the debug build on armel,
    since valgrind no longer supports armel (Closes: #729136)

dbus (1.6.18-1) unstable; urgency=low

  * Run `update-rc.d dbus defaults` instead of deprecated
    `update-rc.d dbus start ...` (Closes: #725923)
  * debian/rules: FTBFS if new symbols or libraries are added
    without updating the symbols file
  * debian/copyright: list copyright holders and minor licenses
    (Closes: #726000)
  * New upstream release 1.6.18
  * Standards-Version: 3.9.5 (no changes needed)
 -- Tyler Hicks <tyhicks@xxxxxxxxxxxxx>   Fri, 15 Aug 2014 13:37:15 -0500

** Changed in: dbus (Ubuntu)
       Status: Fix Committed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2168

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3477

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3532

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-3533

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to dbus in Ubuntu.
https://bugs.launchpad.net/bugs/1320422

Title:
  Please merge dbus 1.8.6-1 (main) from Debian testing (main)

Status in “dbus” package in Ubuntu:
  Fix Released

Bug description:
  I'm working on a debdiff to resync our dbus package with the current
  version in Debian testing.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/dbus/+bug/1320422/+subscriptions