+D-Bus 1.10.3 (UNRELEASED)
+==
+
+...
+
+D-Bus 1.10.2 (2015-10-26)
+==
+
+The “worst pies in London” release.
+
+Fixes:
+
+• Correct error handling for activation: if there are multiple attempts
+ to activate the same service and it fails immediately, the first attempt
+ would get the correct reply, but the rest would time out. We now send
+ the same error reply to each attempt. (fd.o #92200, Simon McVittie)
+
+• If BecomeMonitor is called with a syntactically invalid match rule,
+ don't crash with an assertion failure, fixing a regression in 1.9.10.
+ This was not exploitable as a denial of service, because the check
+ for a privileged user is done first. (fd.o #92298, Simon McVittie)
+
+• On Linux with --enable-user-session, add the bus address to the
+ environment of systemd services for better backwards compatibility
+ (fd.o #92612, Jan Alexander Steffens)
+
+• On Windows, fix the logic for replacing the installation prefix
+ in service files' Exec lines (fd.o #83539; Milan Crha, Simon McVittie)
+
+• On Windows, if installed in the conventional layout with ${prefix}/etc
+ and ${prefix}/share, use relative paths between bus configuration files
+ to allow the tree to be relocated (fd.o #92028, Simon McVittie)
+
+• Make more of the regression tests pass in Windows builds (fd.o #92538,
+ Simon McVittie)
+
+D-Bus 1.10.0 (2015-08-25)
+==
+
+The “0x20” release.
+
+This is a new stable branch, recommended for use in OS distributions.
+
+Fixes since 1.9.20:
+
+• distribute test/tap-test.sh.in, even if the tarball was built without
+ tests enabled (fd.o #91684, Simon McVittie)
+• work around a fd leak in libcap-ng < 0.7.7 (fd.o #91684, Simon McVittie)
+
+Summary of major changes since 1.8.0:
+
+• The basic setup for the well-known system and session buses is
+ now done in read-only files in ${datadir} (normally /usr/share).
+ See the NEWS entry for 1.9.18 for details.
+
+• AppArmor integration has been merged, with features similar to the
+ pre-existing SELinux integration. It is mostly compatible with the
+ patches previously shipped by Ubuntu, with one significant change:
+ Ubuntu's GetConnectionAppArmorSecurityContext method has been superseded
+ by GetConnectionCredentials and was not included.
+
+• The --enable-user-session configure option can be enabled
+ by OS integrators intending to use systemd to provide a session bus
+ per user (in effect, treating all concurrent graphical and non-graphical
+ login sessions as one large session).
+
+• The new listenable address mode "unix:runtime=yes" listens on
+ $XDG_RUNTIME_DIR/bus, the same AF_UNIX socket used by the systemd
+ user session. libdbus and "dbus-launch --autolaunch" will connect to
+ this address by default. GLib ≥ 2.45.3 and sd-bus ≥ 209 have a
+ matching default.
+
+• All executables are now dynamically linked to libdbus-1.
+ Previously, some executables, most notably dbus-daemon, were statically
+ linked to a specially-compiled variant of libdbus. This results in
+ various private functions in the _dbus namespace being exposed by the
+ shared library. These are not API, and must not be used outside
+ the dbus source tree.
+
+• On platforms with ELF symbol versioning, all public symbols
+ are versioned LIBDBUS_1_3.
+
+New bus APIs:
+
+• org.freedesktop.DBus.GetConnectionCredentials returns
+ LinuxSecurityLabel where supported
+• org.freedesktop.DBus.Monitoring interface (privileged)
+ · BecomeMonitor method supersedes match rules with eavesdrop=true,
+ which are now deprecated
+• org.freedesktop.DBus.Stats interface (semi-privileged)
+ · now enabled by default
+ · new GetAllMatchRules method
+• org.freedesktop.DBus.Verbose interface (not normally compiled)
+ · toggles the effect of DBUS_VERBOSE
+
+New executables:
+
+• dbus-test-tool
+• dbus-update-activation-environment
+
+New optional dependencies:
+
+• The systemd: pseudo-transport requires libsystemd or libsd-daemon
+• Complete documentation requires Ducktype and yelp-tools
+• Full test coverage requires GLib 2.36 and PyGI
+• AppArmor integration requires libapparmor and optionally libaudit
+
+Dependencies removed:
+
+• dbus-glib
+
+D-Bus 1.9.20 (2015-08-06)
+==
+
+The “Remember Tomorrow” release.
+
+This is a release-candidate for D-Bus 1.10.0. OS distribution vendors
+should test it.
+
+Fixes:
+
+• Don't second-guess what the ABI of poll() is, allowing it to be used
+ on Integrity RTOS and other unusual platforms (fd.o #90314;
+ Rolland Dudemaine, Simon McVittie)
+
+• Don't duplicate audit subsystem integration if AppArmor and SELinux are
+ both enabled (fd.o #89225, Simon McVittie)
+
+• Log audit events for AppArmor/SELinux policy violations whenever
+ we have CAP_AUDIT_WRITE, even if not the system bus
+ (fd.o #83856, Laurent Bigonville)
+
+D-Bus 1.9.18 (2015-07-21)
+==
+
+The “Pirate Elite” release.
+
+Configuration changes:
+
+• The basic setup for the well-known system and session buses is now done
+ in read-only files in ${datadir}, moving a step closer to systems
+ that can operate with an empty /etc directory. In increasing order
+ of precedence:
+
+ · ${datadir}/dbus-1/s*.conf now perform the basic setup such as setting
+ the default message policies.
+ · ${sysconfdir}/dbus-1/s*.conf are now optional. By default
+ dbus still installs a trivial version of each, for documentation
+ purposes; putting configuration directives in these files is deprecated.
+ · ${datadir}/dbus-1/s*.d/ are now available for third-party software
+ to install "drop-in" configuration snippets (any packages
+ using those directories should explicitly depend on at least this
+ version of dbus).
+ · ${sysconfdir}/dbus-1/s*.d/ are also still available for sysadmins
+ or third-party software to install "drop-in" configuration snippets
+ · ${sysconfdir}/dbus-1/s*-local.conf are still available for sysadmins'
+ overrides
+
+ ${datadir} is normally /usr/share, ${sysconfdir} is normally /etc,
+ and "s*" refers to either system or session as appropriate.
+
+ (fd.o #89280, Dimitri John Ledkov)
+
+Fixes:
+
+• Fix a memory leak when GetConnectionCredentials() succeeds
+ (fd.o #91008, Jacek Bukarewicz)
+
+• Ensure that dbus-monitor does not reply to messages intended for others,
+ resulting in its own disconnection (fd.o #90952, Simon McVittie)
+
+D-Bus 1.9.16 (2015-05-14)
+==
+
+The “titanium barns” release.
+
+Dependencies:
+
+• Automake 1.13 is now required when compiling from git or modifying
+ the build system.
+
+Security hardening:
+
+• On Unix platforms, change the default configuration for the session bus
+ to only allow EXTERNAL authentication (secure kernel-mediated
+ credentials-passing), as was already done for the system bus.
+
+ This avoids falling back to DBUS_COOKIE_SHA1, which relies on strongly
+ unpredictable pseudo-random numbers.
+
+ If you are using D-Bus over the (unencrypted!) tcp: or nonce-tcp: transport,
+ in conjunction with DBUS_COOKIE_SHA1 and a shared home directory using
+ NFS or similar, you will need to reconfigure the session bus to accept
+ DBUS_COOKIE_SHA1 by commenting out the <auth> element. This configuration
+ is not recommended.
+
+ (fd.o #90414, Simon McVittie)
+
+• When asked for random numbers for DBUS_COOKIE_SHA1, the nonce-tcp:
+ transport, UUIDs or any other reason, fail if we cannot obtain entropy
+ (from /dev/urandom or CryptGenRandom()) or an out-of-memory condition
+ occurs, instead of silently falling back to low-entropy pseudorandom
+ numbers from rand(). (fd.o #90414; Simon McVittie, Ralf Habacker)
+
+Enhancements:
+
+• Add dbus_message_iter_get_element_count()
+ (fd.o #30350; Christian Dywan, Simon McVittie)
+
+• Introduce new internal DBusSocket and DBusPollable types so we can
+ stop treating the Windows SOCKET type as if it was int. DBusSocket
+ is specifically a socket, cross-platform. DBusPollable is whatever
+ _dbus_poll() can act on, i.e. a fd on Unix or a SOCKET on Windows.
+ (fd.o #89444; Ralf Habacker, Simon McVittie)
+
+• All regression tests now output TAP <https://testanything.org/>
+ (fd.o #89846, Simon McVittie)
+
+• Internal APIs consistently use signed values for timestamps
+ (fd.o #18494, Peter McCurdy)
+
+• Improve diagnostics when UpdateActivationEnvironment calls are rejected
+ (fd.o #88812, Simon McVittie)
+
+• Clean up a lot of compiler warnings
+ (fd.o #17289, fd.o #89284; Ralf Habacker, Simon McVittie)
+
+Fixes:
+
+• Add locking to DBusCounter's reference count and notify function
+ (fd.o #89297, Adrian Szyndela)
+
+• Ensure that DBusTransport's reference count is protected by the
+ corresponding DBusConnection's lock (fd.o #90312, Adrian Szyndela)
+
+• Correctly release DBusServer mutex before early-return if we run out
+ of memory while copying authentication mechanisms (fd.o #90021,
+ Ralf Habacker)
+
+• Make dbus-test-tool and dbus-update-activation-environment portable
+ to Windows (fd.o #90089, Ralf Habacker)
+
+• Correctly initialize all fields of DBusTypeReader (fd.o #90021;
+ Ralf Habacker, Simon McVittie)
+
+• Fix some missing \n in verbose (debug log) messages (fd.o #90004,
+ Ralf Habacker)
+
+• Clean up some memory and fd leaks in test code and tools
+ (fd.o #90021, Ralf Habacker)
+
+• Fix a NULL dereference if the dbus-daemon cannot read a configuration
+ directory for a reason that is not ENOENT (fd.o #90021, Ralf Habacker)
+
+• CMake generates a versioned shared library even if the revision is 0,
+ as it usually is on the development branch. (fd.o #89450, Ralf Habacker)
+
+D-Bus 1.9.14 (2015-03-02)
+==
+
+The “don't stand in the poison cloud” release.
+
+Dependencies:
+
+• dbus-daemon and dbus-daemon-launch-helper now require libdbus. They
+ were previously linked to a static version of libdbus.
+
+• The tests no longer require dbus-glib in order to exercise the libdbus
+ shared library; they are always linked to libdbus now.
+
+Build-time configuration:
+
+• The new --enable-user-session option, off by default, can be enabled
+ by OS integrators intending to use systemd to provide a session bus
+ per user (in effect, treating all concurrent graphical and non-graphical
+ login sessions as one large session)
+
+Enhancements:
+
+• All executables are now linked dynamically to libdbus.
+ (fd.o #83115; Bertrand SIMONNET, Simon McVittie, Ralf Habacker)
+
+• On platforms that support them (GNU libc and possibly others),
+ libdbus now has versioned symbols for its public API.
+ All public symbols (visible in the header files) are currently
+ versioned as LIBDBUS_1_3; private symbols starting with _dbus or
+ dbus_internal have a version that changes with each release, and
+ must not be used by applications. (also fd.o #83115)
+
+• New listenable address mode "unix:runtime=yes" which listens on
+ a real filesystem (non-abstract) socket $XDG_RUNTIME_DIR/bus
+ (fd.o #61303; Colin Walters, Alexander Larsson, Simon McVittie)
+
+• Add optional systemd units for a per-user bus listening on
+ $XDG_RUNTIME_DIR/bus (fd.o #61301; Simon McVittie, Colin Walters)
+
+• On Unix platforms, both libdbus and "dbus-launch --autolaunch"
+ default to connecting to $XDG_RUNTIME_DIR/bus if it is a socket
+ (also fd.o #61301)
+
+• New dbus-update-activation-environment tool uploads environment
+ variables to "dbus-daemon --session" and optionally "systemd --user",
+ primarily as a way to keep the per-user bus compatible with
+ distributions' existing X11 login scripts (also fd.o #61301)
+
+• <includedir/> elements in dbus-daemon configuration are now silently
+ ignored if the directory does not exist. (fd.o #89280, Dimitri John Ledkov)
+
+• Add microsecond-resolution timestamps to the default output of
+ dbus-monitor and dbus-send (fd.o #88896; Ralf Habacker, Simon McVittie)
+
+Fixes:
+
+• Fix a race condition in the 'monitor' test introduced in 1.9.10
+ (fd.o #89222, Simon McVittie)
+
+D-Bus 1.9.12 (2015-02-19)
+==
+
+The “monster lasagna” release.
+
+Dependencies:
+
+• Ducktype and yelp-tools are now required to build complete documentation
+ (they are optional for normal builds).
+
+Enhancements:
+
+• D-Bus Specification version 0.26
+ · GetConnectionCredentials can return LinuxSecurityLabel or WindowsSID
+ · document the BecomeMonitor method
+
+• On Linux, add LinuxSecurityLabel to GetConnectionCredentials
+ (fd.o #89041; Tyler Hicks, Simon McVittie)
+
+• On Linux, add support for AppArmor mediation of message sending and
+ receiving and name ownership (paralleling existing SELinux mediation
+ support), and eavesdropping (a new check, currently AppArmor-specific)
+ (fd.o #75113; John Johansen, Tyler Hicks, Simon McVittie)
+
+• In dbus-send and dbus-monitor, pretty-print \0-terminated bytestrings
+ that have printable ASCII contents; we previously only did this for
+ unterminated bytestrings (fd.o #89109, Simon McVittie)
+
+• Add a guide to designing good D-Bus APIs (fd.o #88994, Philip Withnall)
+
+• On Windows, add WindowsSID to GetConnectionCredentials
+ (fd.o #54445, Ralf Habacker)
+
+• Improve clarity of dbus-monitor --profile output and add more columns
+ (fd.o #89165, Ralf Habacker)
+
+• Add a man page for dbus-test-tool, and build it under CMake as well
+ as Autotools (fd.o#89086, Simon McVittie)
+
+• If dbus-daemon was compiled with --enable-verbose, add a D-Bus API
+ to control it at runtime, overriding the DBUS_VERBOSE environment variable
+ (fd.o #88896, Ralf Habacker)
+
+Fixes:
+
+• Reduce the number of file descriptors used in the fd-passing test,
+ avoiding failure under the default Linux fd limit, and automatically
+ skip it if the rlimit is too small (fd.o #88998, Simon McVittie)
+
+D-Bus 1.9.10 (2015-02-09)
+==
+
+The “sad cyborgs” release.
+
+Security fixes merged from 1.8.16:
+
+• Do not allow non-uid-0 processes to send forged ActivationFailure
+ messages. On Linux systems with systemd activation, this would
+ allow a local denial of service: unprivileged processes could
+ flood the bus with these forged messages, winning the race with
+ the actual service activation and causing an error reply
+ to be sent back when service auto-activation was requested.
+ This does not prevent the real service from being started,
+ so the attack only works while the real service is not running.
+ (CVE-2015-0245, fd.o #88811; Simon McVittie)
+
+Enhancements:
+
+• The new Monitoring interface in the dbus-daemon lets dbus-monitor and
+ similar tools receive messages without altering the security properties
+ of the system bus, by calling the new BecomeMonitor method on a
+ private connection. This bypasses the normal <allow> and <deny> rules
+ entirely, so to preserve normal message-privacy assumptions, only root
+ is allowed to do this on the system bus. Restricted environments,
+ such as Linux with LSMs, should lock down access to the Monitoring
+ interface. (fd.o #46787, Simon McVittie)
+
+• dbus-monitor uses BecomeMonitor to capture more traffic, if the
+ dbus-daemon supports it and access permissions allow it.
+ It still supports the previous approach ("eavesdropping" match rules)
+ for compatibility with older bus daemons. (fd.o #46787, Simon)
+
+• dbus-monitor can now log the message stream as binary data for later
+ analysis, with either no extra framing beyond the normal D-Bus headers,
+ or libpcap-compatible framing treating each D-Bus message
+ as a captured packet. (fd.o #46787, Simon)
+
+Other fixes:
+
+• Fix some CMake build regressions (fd.o #88964, Ralf Habacker)
+
+• On Unix, forcibly terminate regression tests after 60 seconds to
+ prevent them from blocking continuous integration frameworks
+ (fd.o #46787, Simon)
+
D-Bus 1.9.8 (2015-02-03)
==