-D-Bus 1.11.18 (UNRELEASED)
+dbus 1.12.20 (2020-07-02)
+=========================
+
+The “temporary nemesis” release.
+
+Maybe security fixes:
+
+• On Unix, avoid a use-after-free if two usernames have the same
+ numeric uid. In older versions this could lead to a crash (denial of
+ service) or other undefined behaviour, possibly including incorrect
+ authorization decisions if <policy group=...> is used.
+ Like Unix filesystems, D-Bus' model of identity cannot distinguish
+ between users of different names with the same numeric uid, so this
+ configuration is not advisable on systems where D-Bus will be used.
+ Thanks to Daniel Onaca.
+ (dbus#305, dbus!166; Simon McVittie)
+
+Other fixes:
+
+• On Solaris and its derivatives, if a cmsg header is truncated, ensure
+ that we do not overrun the buffer used for fd-passing, even if the
+ kernel tells us to.
+ (dbus#304, dbus!165; Andy Fiddaman)
+
+dbus 1.12.18 (2020-06-02)
+=========================
+
+The “telepathic vines” release.
+
+Denial of service fixes:
+
+• CVE-2020-12049: If a message contains more file descriptors than can
+ be sent, close those that did get through before reporting error.
+ Previously, a local attacker could cause the system dbus-daemon (or
+ another system service with its own DBusServer) to run out of file
+ descriptors, by repeatedly connecting to the server and sending fds that
+ would get leaked.
+ Thanks to Kevin Backhouse of GitHub Security Lab.
+ (dbus#294, GHSL-2020-057; Simon McVittie)
+
+Other fixes:
+
+• Fix a crash when the dbus-daemon is terminated while one or more
+ monitors are active (dbus#291, dbus!140; Simon McVittie)
+
+• The dbus-send(1) man page now documents --bus and --peer instead of
+ the old --address synonym for --peer, which has been deprecated since
+ the introduction of --bus and --peer in 1.7.6
+ (fd.o #48816, dbus!115; Chris Morin)
+
+• Fix a wrong environment variable name in dbus-daemon(1)
+ (dbus#275, dbus!122; Mubin, Philip Withnall)
+
+• Fix formatting of dbus_message_append_args example
+ (dbus!126, Felipe Franciosi)
+
+• Avoid a test failure on Linux when built in a container as uid 0, but
+ without the necessary privileges to increase resource limits
+ (dbus!58, Debian #908092; Simon McVittie)
+
+• When building with CMake, cope with libX11 in a non-standard location
+ (dbus!129, Tuomo Rinne)
+
+dbus 1.12.16 (2019-06-11)
+=========================
+
+The “tree cat” release.
+
+Security fixes:
+
+• CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
+ authentication for identities that differ from the user running the
+ DBusServer. Previously, a local attacker could manipulate symbolic
+ links in their own home directory to bypass authentication and connect
+ to a DBusServer with elevated privileges. The standard system and
+ session dbus-daemons in their default configuration were immune to this
+ attack because they did not allow DBUS_COOKIE_SHA1, but third-party
+ users of DBusServer such as Upstart could be vulnerable.
+ Thanks to Joe Vennix of Apple Information Security.
+ (dbus#269, Simon McVittie)
+
+dbus 1.12.14 (2019-05-17)
+=========================
+
+The “reclaimed floorboards” release.
+
+Enhancements:
+
+• Raise soft fd limit to match hard limit, even if unprivileged.
+ This makes session buses with many clients, or with clients that make
+ heavy use of fd-passing, less likely to suffer from fd exhaustion.
+ (dbus!103, Simon McVittie)
+
+Fixes:
+
+• If a privileged dbus-daemon has a hard fd limit greater than 64K, don't
+ reduce it to 64K, ensuring that we can put back the original fd limits
+ when carrying out traditional (non-systemd) activation. This fixes a
+ regression with systemd >= 240 in which system services inherited
+ dbus-daemon's hard and soft limit of 64K fds, instead of the intended
+ soft limit of 1K and hard limit of 512K or 1M.
+ (dbus!103, Debian#928877; Simon McVittie)
+
+• Fix build failures caused by an AX_CODE_COVERAGE API change in newer
+ autoconf-archive versions (dbus#249, dbus!88; Simon McVittie)
+
+• Fix build failures with newer autoconf-archive versions that include
+ AX_-prefixed shell variable names (dbus#249, dbus!86; Simon McVittie)
+
+• Parse section/group names in .service files according to the syntax
+ from the Desktop Entry Specification, rejecting control characters
+ and non-ASCII in section/group names (dbus#208, David King)
+
+• Fix various -Wlogical-op issues that cause build failure with newer
+ gcc versions (dbus#225, dbus!109; David King)
+
+• Don't assume we can set permissions on a directory, for the benefit of
+ MSYS and Cygwin builds (dbus#216, dbus!110; Simon McVittie)
+
+• Don't overwrite PKG_CONFIG_PATH and related environment variables when
+ the pkg-config-based version of DBus1Config is used in a CMake project
+ (dbus#267, dbus!96; Clemens Lang)
+
+dbus 1.12.12 (2018-12-04)
+=========================
+
+The “draconic disciple” release.
+
+dbus version control is now hosted on freedesktop.org's Gitlab
+installation, and bug reports and feature requests have switched from
+Bugzilla bugs (indicated by "fd.o #nnn") to Gitlab issues ("dbus#nnn")
+and merge requests ("dbus!nnn").
+
+Enhancements:
+
+• Reference the freedesktop.org Code of Conduct (Simon McVittie)
+
+Fixes:
+
+• Stop the dbus-daemon leaking memory (an error message) if delivering
+ the message that triggered auto-activation is forbidden. This is
+ technically a denial of service because the dbus-daemon will
+ run out of memory eventually, but it's a very slow and noisy one,
+ because all the rejected messages are also very likely to have
+ been logged to the system log, and its scope is typically limited by
+ the finite number of activatable services available.
+ (dbus#234, Simon McVittie)
+
+• Remove __attribute__((__malloc__)) attribute on dbus_realloc(),
+ which does not meet the criteria for that attribute in gcc 4.7+,
+ potentially leading to miscompilation (fd.o #107741, Simon McVittie)
+
+• Fix some small O(1) memory leaks (fd.o #107320, Simon McVittie)
+
+• Fix printf formats for pointer-sized integers on 64-bit Windows
+ (fd.o #105662, Ralf Habacker)
+
+• Always use select()-based poll() emulation on Darwin-based OSs
+ (macOS, etc.) and on Interix, similar to what libcurl does
+ (dbus#232, dbus!19; Simon McVittie)
+
+• Extend a test timeout to avoid spurious failures in CI
+ (dbus!26, Simon McVittie)
+
+Tests and CI:
+
+• Add Travis-CI builds for 64-bit Windows using mingw-w64
+ (fd.o #105662, Ralf Habacker)
+
+• Add Gitlab-CI integration (fd.o #108177, Simon McVittie)
+
+dbus 1.12.10 (2018-08-02)
+=========================
+
+The “beam deflection” release.
+
+Fixes:
+
+• Prevent reading up to 3 bytes beyond the end of a truncated message.
+ This could in principle be an information leak or denial of service
+ on the system bus, but is not believed to be exploitable to crash
+ the system bus or leak interesting information in practice.
+ (fd.o #107332, Simon McVittie)
+
+• Fix build with gcc 8 -Werror=cast-function-type
+ (fd.o #107349, Simon McVittie)
+
+• Fix warning from gcc 8 about suspicious use of strncpy() when
+ populating struct sockaddr_un (fd.o #107350, Simon McVittie)
+
+• Fix a minor memory leak when a DBusServer listens on a new address
+ (fd.o #107194, Simon McVittie)
+
+• Fix an invalid NULL argument to rmdir() if a nonce-tcp DBusServer
+ runs out of memory (fd.o #107194, Simon McVittie)
+
+• Don't use misleading errno-derived error names if getaddrinfo() or
+ getnameinfo() fails with a code other than EAI_SYSTEM
+ (fd.o #106395, Simon McVittie)
+
+• Skip tests that require working TCP if we are in a container environment
+ where 127.0.0.1 cannot be resolved (fd.o #106812, Simon McVittie)
+
+dbus 1.12.8 (2018-04-30)
+========================
+
+The “golden super-velociraptor” release.
+
+Enhancements:
+
+• The Devhelp documentation index is now in version 2 format
+ (fd.o #106186, Simon McVittie)
+
+• Give the dbus-daemon man page some scarier warnings about
+ <allow_anonymous/> and non-local TCP, which are insecure and should
+ not be used, particularly for the standard system and session buses
+ (fd.o #106004, Simon McVittie)
+
+Fixes:
+
+• Fix installation of Ducktype documentation with newer yelp-build
+ versions (fd.o #106171, Simon McVittie)
+
+dbus 1.12.6 (2018-03-01)
+========================
+
+The “just the one swan, actually” release.
+
+Fixes:
+
+• Increase system dbus-daemon's RLIMIT_NOFILE rlimit before it drops
+ privileges, because it won't have permission afterwards. This fixes a
+ regression in dbus 1.10.18 and 1.11.0 which made the standard system bus
+ more susceptible to deliberate or accidental denial of service.
+ (fd.o #105165, David King)
+
+dbus 1.12.4 (2018-02-08)
+========================
+
+The “Stria Campania 115” release.
+
+Fixes:
+
+• When iterating the DBusConnection while blocking on a pending call,
+ don't wait for I/O if that pending call already has a result; and make
+ sure that whether it has a result is propagated in a thread-safe way.
+ This prevents certain multi-threaded calling patterns from blocking
+ until their timeout even when they should have succeeded sooner.
+ (fd.o #102839; Manish Narang, Michael Searle)
+
+• Report the correct error if OOM is reached while trying to listen
+ on a TCP socket (fd.o #89104, Simon McVittie)
+
+• Fix assertion failures in recovery from OOM while setting up a
+ DBusServer (fd.o #89104, Simon McVittie)
+
+• Add a missing space to a warning message (fd.o #103729, Thomas Zajic)
+
+• Expand ${bindir} correctly when pkg-config is asked for dbus_daemondir
+ (fd.o #104265, Benedikt Heine)
+
+• On Linux systems with systemd < 237, if ${localstatedir}/dbus doesn't
+ exist, create it before trying to create ${localstatedir}/dbus/machine-id
+ (fd.o #104577, Chris Lesiak)
+
+• Fix escaping in dbus-api-design document (fd.o #104925, Philip Withnall)
+
+dbus 1.12.2 (2017-11-13)
+========================
+
+The “spider pumpkin” release.
+
+Enhancements:
+
+• Log a warning if a new connection cannot be accepted due to an
+ out-of-memory condition or failure to identify its AppArmor or
+ SELinux context (fd.o #103592, Simon McVittie)
+
+Fixes:
+
+• Make use of $(MKDIR_P) compatible with install-sh, fixing build when a
+ GNU-compatible `mkdir -p` is not available (fd.o #103521, ilovezfs)
+
+• When building for Windows with Autotools, avoid `echo -e`, fixing
+ cross-compilation on non-GNU platforms like macOS
+ (fd.o #103493, Tony Theodore)
+
+• Fix crashes in the server side of the nonce-tcp: transport under
+ various error conditions. This transport should normally only be used
+ on Windows, where AF_UNIX sockets are unavailable; the unix: transport
+ is the only one recommended for production use on Unix platforms.
+ (fd.o #103597, Simon McVittie)
+
+Internal changes:
+
+• Improve test coverage on Travis-CI (Simon McVittie)
+
+dbus 1.12.0 (2017-10-30)
+========================
+
+The “gingerbread skull” release.
+
+1.12.x is a new stable branch, recommended for use in OS
+distributions.
+
+Summary of major changes between 1.10.x and 1.12.0
+--------------------------------------------------
+
+Dependencies:
+
+• Expat >= 2.1.0 is required.
+• GLib >= 2.40 is required if full test coverage is enabled.
+• [Linux] libselinux >= 2.0.86 is required if SELinux support is
+ enabled.
+• [Unix] dbus now requires an <inttypes.h> that defines C99 constants
+ such as PRId64 and PRIu64, except when building for Windows.
+• [Autotools] Building from git (but not from tarballs) with Autotools
+ now requires macros from the GNU Autoconf Archive.
+• [CMake] Builds done using CMake now require CMake 3.0.2.
+
+Build-time configuration changes:
+
+• Expat is now found using pkg-config. See the release notes for
+ 1.11.14.
+• The --disable-compiler-optimisations and --enable-compiler-coverage
+ options no longer exist. See the release notes for 1.11.4 and 1.11.8.
+• [Unix] The --enable-abstract-sockets and --disable-abstract-sockets
+ options no longer exist. See the release notes for 1.11.20.
+• [Unix] Flag files in /var/run/console/${username} are no longer
+ checked for at_console by default. See the release notes for 1.11.18.
+• [Unix, Cygwin] Init scripts are no longer provided by upstream dbus,
+ and packagers will now need to add these downstream (most already do).
+ See the release notes for 1.11.18.
+• [Unix] The process ID file no longer has a different default location
+ on Red Hat derivatives. See the release notes for 1.11.18.
+• [Unix] ${runstatedir} is now independent of ${localstatedir} with
+ recent Autotools versions. See the release notes for 1.11.16.
+• [Windows] The WINDRES variable is no longer used. See the release
+ notes for 1.11.22.
+
+Deprecations:
+
+• Eavesdropping is officially deprecated in favour of BecomeMonitor.
+ See the release notes for spec version 0.31 (in dbus 1.11.14).
+• [Unix] Flag files in /var/run/console/${username} are deprecated.
+ See the release notes for 1.11.18.
+
+New APIs:
+
+• <allow> and <deny> rules in dbus-daemon configuration can now
+ include send_broadcast="true", send_broadcast="false",
+ max_unix_fds="N", min_unix_fds="N" (for some integer N).
+ See the release notes for 1.11.18.
+• dbus_try_get_local_machine_id() is like
+ dbus_get_local_machine_id(), but returns a DBusError.
+• New APIs around DBusMessageIter to simplify cleanup.
+ See the release notes for 1.11.16.
+• The message bus daemon now implements the standard Introspectable,
+ Peer and Properties interfaces. See the release notes for
+ dbus 1.11.14 and spec version 0.31.
+• DTDs for introspection XML and bus configuration are installed.
+• dbus can be compiled to be relocatable, making it more suitable for
+ binary bundling with other software. On Windows, this is on by
+ default.
+• [Unix] A new unix:dir=… address family resembles unix:tmpdir=… but
+ never uses Linux abstract sockets, which is advantageous for
+ containers. On non-Linux it is equivalent to unix:tmpdir=….
+ See the release notes for dbus 1.11.14 and spec version 0.31.
+• [Unix] New option "dbus-launch --exit-with-x11".
+• [Unix] Session managers can create transient .service files in
+ $XDG_RUNTIME_DIR/dbus-1/services. See the release notes for 1.11.12.
+• [Unix] A sysusers.d snippet can create the messagebus user on-demand.
+
+Miscellaneous behaviour changes:
+
+• [Unix] The session bus now logs to syslog if it was started by
+ dbus-launch.
+• [Unix] Internal warnings are logged to syslog if configured.
+• [Unix] Exceeding an anti-DoS limit is logged to syslog if configured,
+ or to stderr.
+
+Changes since 1.11.22 release candidate
+---------------------------------------
+
+Standard stable-branch changes:
+
+• Disable warnings about use of deprecated functions (Simon McVittie)
+
+Fixes:
+
+• Don't distribute files generated by ./configure in the source tarball
+ (fd.o #103420, Simon McVittie)
+
+Internal changes:
+
+• Remove some unused files from the git repository
+ (fd.o #103420, Simon McVittie)
+
+D-Bus 1.11.22 (2017-10-23)
+==========================
+
+The “fire surface” release.
+
+This is the first release-candidate for the 1.12.0 stable release.
+
+Build-time configuration changes:
+
+• When building for Windows with Autotools, setting the WINDRES variable
+ no longer works to select a non-standard resource compiler. Use
+ libtool's standard RC variable instead, for example
+ "./configure RC=i686-w64-mingw32-windres"
+
+Dependencies:
+
+• Builds done using CMake now require CMake 3.0.2.
+
+Enhancements:
+
+• When building for Windows, improve quality of metadata in
+ libdbus-1-3.dll (fd.o #103015, Ralf Habacker)
+
+Fixes:
+
+• Fix a typo "uint 16" in dbus-send(1) man page
+ (fd.o #103075, David King)
+
+• When building for Windows, libdbus-1-3.dll always includes version
+ information. Previously, this was missing if using CMake and any
+ non-MSVC compiler. (fd.o #103015, Ralf Habacker)
+
+• Fix the build with MSVC, which regressed with the #102558 fix in
+ 1.11.20. (fd.o #102558, Ralf Habacker)
+
+Internal changes:
+
+• Simplify Windows resource embedding
+ (fd.o #103015, Simon McVittie)
+
+D-Bus 1.11.20 (2017-10-03)
==
-...
+The “wraith stun” release.
+
+Build-time configuration changes:
+
+• The --enable-abstract-sockets and --disable-abstract-sockets options
+ no longer exist. Support for Linux's abstract AF_UNIX sockets is now
+ unconditionally enabled on Linux and disabled everywhere else.
+ (fd.o #34905, Simon McVittie)
+
+Enhancements:
+
+• Make slower tests less likely to time out, and improve diagnostics if
+ tests do time out (fd.o #103009, Simon McVittie)
+
+• On Windows, don't compile an unused stub implementation of
+ _dbus_set_signal_handler() (fd.o #103010, Simon McVittie)
+
+Fixes:
+
+• Be more careful to save and restore errno in POSIX async signal
+ handlers (fd.o #103010, Simon McVittie)
+
+• On Windows, embed a manifest in dbus-update-activation-environment.exe
+ so that the heuristics used for UAC do not assume it needs elevated
+ privileges due to its name containing "update"
+ (fd.o #102558, Ralf Habacker)
+
+• On Windows with Automake, embed version information in libdbus-1,
+ as was meant to happen in all versions since 2009
+ (fd.o #103015, Simon McVittie)
+
+D-Bus 1.11.18 (2017-09-25)
+==
+
+The “vampire conquistador” release.
+
+Build-time configuration changes:
+
+• By default, dbus-daemon on Unix no longer checks for flag files
+ /var/run/console/${username} created by the obsolete pam_console and
+ pam_foreground PAM modules when deciding whether ${username} is
+ currently at the console. The old default behaviour can be restored
+ by specifying --with-console-auth-dir=/var/run/console in the
+ recommended Autotools build system, or
+ -DDBUS_CONSOLE_AUTH_DIR=/var/run/console in CMake. This feature is
+ now deprecated, and will be removed in dbus 1.13 unless feedback via
+ fd.o #101629 indicates that this would be problematic.
+ (fd.o #101629, Simon McVittie)
+
+• LSB-style init scripts for Red Hat and Slackware, and a non-LSB init
+ script for Cygwin, are no longer provided in the upstream dbus
+ source. We recommend that distributors who support non-systemd service
+ management should maintain their own init scripts or other service
+ manager integration as part of their downstream packaging, similar to
+ the way Debian distributes a Debian-specific LSB init script for dbus.
+
+ The systemd unit continues to be maintained as part of the upstream
+ dbus source, because it receives regular testing and maintenance.
+
+ (fd.o #101706, Simon McVittie)
+
+• The process ID file created by the system bus is no longer influenced
+ by the --with-init-scripts=redhat configure option or the presence of
+ /etc/redhat-release at build time. If your OS's init script or other
+ service management relies on the Red Hat-style pid file, it can be
+ restored by specifying --with-system-pid-file=/run/messagebus.pid at
+ configure time or using the <pidfile> directive in bus configuration.
+
+ Note that the upstream-supplied systemd unit runs dbus-daemon with
+ the --nopidfile option, so it does not normally write a pid file,
+ regardless of whether the OS is Red-Hat-derived or not.
+
+ (fd.o #101706, Simon McVittie)
+
+Enhancements:
+
+• <allow> and <deny> rules in dbus-daemon configuration can now
+ include send_broadcast="true" or send_broadcast="false", which make
+ the rule only match broadcast signals, or only match messages that
+ are not broadcast signals, respectively.
+ (fd.o #29853, Simon McVittie)
+
+• <allow> and <deny> rules can now be configured to apply only to
+ messages with or without Unix file descriptors attached. This would
+ typically be used in rules like these:
+ <allow send_destination="..." max_unix_fds="0"/>
+ <deny send_destination="..." min_unix_fds="1"/>
+ <deny receive_sender="..." min_unix_fds="1"/>
+ but can also be used to set a nonzero upper limit on the number of
+ file descriptors:
+ <allow send_destination="..." max_unix_fds="4"/>
+ (fd.o #101848, Simon McVittie)
+
+• On Unix platforms, the DBUS_COOKIE_SHA1 authentication mechanism
+ now respects the HOME environment variable on the client side, and
+ on the server side when the uid attempting to connect is the same
+ as the uid of the server. This allows the automated tests to pass in
+ environments where the user's "official" home directory in /etc/passwd
+ is nonexistent, such as Debian autobuilders.
+ (fd.o #101960, Simon McVittie)
+
+Fixes:
+
+• When parsing dbus-daemon configuration, tell Expat not to use
+ cryptographic-quality entropy as a salt for its hash tables: we trust
+ the configuration files, so we are not concerned about algorithmic
+ complexity attacks via hash table collisions. This prevents
+ dbus-daemon --system from holding up the boot process (and causing
+ early-boot system services like systemd, logind, networkd to time
+ out) on entropy-starved embedded systems.
+ (fd.o #101858, Simon McVittie)
+
+• Avoid a -Werror=declaration-after-statement build failure on Solaris
+ (fd.o #102145, Alan Coopersmith)
+
+• On Unix platform, drop DBUS_SYSTEM_LOG_INFO messages from LOG_NOTICE
+ to LOG_INFO, matching how we use this log level in practice
+ (fd.o #102686, Simon McVittie)
D-Bus 1.11.16 (2017-07-27)
==
projects / platform / upstream / dbus.git / blobdiff