dbus (1.12.20-2ubuntu4.1) jammy-security; urgency=medium
* SECURITY UPDATE: Assertion failure in dbus-marshal-validate
- debian/patches/CVE-2022-42010.patch: Check brackets in signature nest
correctly
- CVE-2022-42010
* SECURITY UPDATE: Out-of-bound access in dbus-marshal-validate
- debian/patches/CVE-2022-42011.patch: Validate length of arrays of
fixed-length items
- CVE-2022-42011
* SECURITY UPDATE: Out-of-bound access in dbus-marshal-byteswap
- debian/patches/CVE-2022-42012.patch: Byte-swap Unix fd indexes if needed
- CVE-2022-42012
-- Nishit Majithia <nishit.majithia@canonical.com> Tue, 25 Oct 2022 18:45:07 +0530
dbus (1.12.20-2ubuntu4) jammy; urgency=medium
* Prevent dbus from being restarted on upgrade (LP: #1962036)
-- Dave Jones <dave.jones@canonical.com> Fri, 01 Apr 2022 18:02:54 +0100
dbus (1.12.20-2ubuntu3) jammy; urgency=medium
* No-change rebuild to update maintainer scripts, see LP: 1959054
-- Dave Jones <dave.jones@canonical.com> Wed, 16 Feb 2022 16:50:50 +0000
dbus (1.12.20-2ubuntu2) impish; urgency=medium
* Rework d/p/ubuntu/dont-stop-dbus.patch to avoid a deadlock during boot
(LP: #1936948)
-- Lukas Märdian <slyon@ubuntu.com> Thu, 09 Sep 2021 15:45:30 +0200
dbus (1.12.20-2ubuntu1) impish; urgency=medium
* Merge from Debian unstable. Remaining changes:
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit.
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
- Make autopkgtests cross-test-friendly.
- Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_
dbus.socket to not be part of the shutdown transaction. And yet make
it possible to still stop/kill/restart dbus.service if one really
wants to, because it is stuck and stopped responding to any
commands. This allows allows to restart dbus.service with
needrestart. However a finalrd hook might still be needed, to kill
dbus-daemon for good, once we pivot off rootfs.
-- Balint Reczey <rbalint@ubuntu.com> Tue, 18 May 2021 10:59:54 +0200
dbus (1.12.20-2) unstable; urgency=medium
* Add Provides for the split binary packages added in experimental.
Actually splitting up dbus seems too risky for this stage in the
release process, but if we add them as virtual packages in Debian 11,
then switching dependencies during the Debian 12 cycle won't require
alternative dependencies or a flag-day transition.
* dbus-tests: Silence Lintian warnings for breakout-link
* Remove unnecessary Readme.txt from sha1 test data.
This causes Lintian warnings because it isn't UTF-8, and it isn't
actually useful.
* Standards-Version: 4.5.1 (no changes required)
-- Simon McVittie <smcv@debian.org> Sun, 21 Feb 2021 14:02:17 +0000
dbus (1.12.20-1ubuntu3) hirsute; urgency=medium
* Rework ubuntu/dont-stop-dbus.patch to actually make dbus.service _and_
dbus.socket to not be part of the shutdown transaction. And yet make
it possible to still stop/kill/restart dbus.service if one really
wants to, because it is stuck and stopped responding to any
commands. This allows allows to restart dbus.service with
needrestart. However a finalrd hook might still be needed, to kill
dbus-daemon for good, once we pivot off rootfs.
-- Dimitri John Ledkov <xnox@ubuntu.com> Fri, 26 Feb 2021 19:43:15 +0000
dbus (1.12.20-1ubuntu2) hirsute; urgency=medium
* No-change rebuild to drop the udeb package.
-- Matthias Klose <doko@ubuntu.com> Mon, 22 Feb 2021 10:30:40 +0100
dbus (1.12.20-1ubuntu1) groovy; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add dont-stop-dbus.patch: Don't stop D-Bus in the service unit.
- debian/dbus.postinst, debian/rules: Don't start D-Bus on package
installation, as that doesn't work any more with dont-stop-dbus.patch.
Instead, start dbus.socket in postinst, which will then start D-Bus
on demand after package installation.
- Add aa-get-connection-apparmor-security-context.patch: This is not
intended for upstream inclusion. It implements a bus method
(GetConnectionAppArmorSecurityContext) to get a connection's AppArmor
security context but upstream D-Bus has recently added a generic way of
getting a connection's security credentials (GetConnectionCredentials).
Ubuntu should carry this patch until packages in the archive are moved
over to the new, generic method of getting a connection's credentials.
- Make autopkgtests cross-test-friendly.
-- Iain Lane <iain.lane@canonical.com> Thu, 10 Sep 2020 12:25:12 +0100
dbus (1.12.20-1) unstable; urgency=medium
[ Mark Hindley ]
* Fix system-bus autopkgtest detection of systemd as PID1.
The test attempts to detect whether systemd is available by testing for
/run/systemd. However, this path can exist on non-systemd systems.
Look for /run/systemd/system instead. (Closes: #962466)
[ Simon McVittie ]
* New upstream stable release
- Prevent use-after-free if two usernames share a uid
-- Simon McVittie <smcv@debian.org> Thu, 02 Jul 2020 14:19:21 +0100
# For older changelog entries, run 'apt-get changelog libdbus-1-3'
Generated by dwww version 1.14 on Wed Jan 22 09:02:44 CET 2025.