NEWS 90 KB
Newer Older
Simon McVittie's avatar
Simon McVittie committed
1
dbus 1.10.x end-of-life plans
Simon McVittie's avatar
Simon McVittie committed
2 3
==

Simon McVittie's avatar
Simon McVittie committed
4 5 6 7 8 9 10 11 12
The dbus 1.10.x branch was originally released in 2015. It currently
receives security-fix releases whenever necessary, but it is planned to
reach end-of-life status at the end of Debian 9's official security
support (approximately July 2020). If you are a dbus downstream
maintainer in a long-lived OS distribution and you want to use the
upstream dbus-1.10 git branch as a place to share backported security
fixes with other distributions, please contact the dbus maintainers via
the dbus-security mailing list on lists.freedesktop.org.

Simon McVittie's avatar
Simon McVittie committed
13
dbus 1.10.32 (2020-07-02)
Simon McVittie's avatar
Simon McVittie committed
14 15
==

Simon McVittie's avatar
Simon McVittie committed
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
The “technically a venom” release.

Maybe security fixes:

• On Unix, avoid a use-after-free if two usernames have the same
  numeric uid. In older versions this could lead to a crash (denial of
  service) or other undefined behaviour, possibly including incorrect
  authorization decisions if <policy group=...> is used.
  Like Unix filesystems, D-Bus' model of identity cannot distinguish
  between users of different names with the same numeric uid, so this
  configuration is not advisable on systems where D-Bus will be used.
  Thanks to Daniel Onaca.
  (dbus#305, dbus!166; Simon McVittie)

Other fixes:

• On Solaris and its derivatives, if a cmsg header is truncated, ensure
  that we do not overrun the buffer used for fd-passing, even if the
  kernel tells us to.
  (dbus#304, dbus!165; Andy Fiddaman)
Simon McVittie's avatar
Simon McVittie committed
36

Simon McVittie's avatar
Simon McVittie committed
37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
dbus 1.10.30 (2020-06-02)
==

The “centaur bus” release.

Denial of service fixes:

• CVE-2020-12049: If a message contains more file descriptors than can
  be sent, close those that did get through before reporting error.
  Previously, a local attacker could cause the system dbus-daemon (or
  another system service with its own DBusServer) to run out of file
  descriptors, by repeatedly connecting to the server and sending fds that
  would get leaked.
  Thanks to Kevin Backhouse of GitHub Security Lab.
  (dbus#294, GHSL-2020-057; Simon McVittie)

Other fixes:

• Fix a crash when the dbus-daemon is terminated while one or more
  monitors are active (dbus#291, dbus!140; Simon McVittie)
Simon McVittie's avatar
Simon McVittie committed
57

Simon McVittie's avatar
Simon McVittie committed
58
dbus 1.10.28 (2019-06-11)
Simon McVittie's avatar
Simon McVittie committed
59 60
==

Simon McVittie's avatar
Simon McVittie committed
61 62
The “kitchen slug” release.

Simon McVittie's avatar
Simon McVittie committed
63 64 65 66 67
dbus version control is now hosted on freedesktop.org's Gitlab
installation, and bug reports and feature requests have switched from
Bugzilla bugs (indicated by "fd.o #nnn") to Gitlab issues ("dbus#nnn")
and merge requests ("dbus!nnn").

Simon McVittie's avatar
Simon McVittie committed
68 69 70 71 72 73 74 75 76 77 78 79 80 81
Security fixes:

• CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
  authentication for identities that differ from the user running the
  DBusServer. Previously, a local attacker could manipulate symbolic
  links in their own home directory to bypass authentication and connect
  to a DBusServer with elevated privileges. The standard system and
  session dbus-daemons in their default configuration were immune to this
  attack because they did not allow DBUS_COOKIE_SHA1, but third-party
  users of DBusServer such as Upstart could be vulnerable.
  Thanks to Joe Vennix of Apple Information Security.
  (dbus#269, Simon McVittie)

Other fixes:
Simon McVittie's avatar
Simon McVittie committed
82

Simon McVittie's avatar
Simon McVittie committed
83 84 85 86 87 88
• Prevent reading up to 3 bytes beyond the end of a truncated message.
  This could in principle be an information leak or denial of service
  on the system bus, but is not believed to be exploitable to crash
  the system bus or leak interesting information in practice.
  (fd.o #107332, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
89 90 91 92 93 94 95 96 97
• Stop the dbus-daemon leaking memory (an error message) if delivering
  the message that triggered auto-activation is forbidden. This is
  technically a denial of service because the dbus-daemon will
  run out of memory eventually, but it's a very slow and noisy one,
  because all the rejected messages are also very likely to have
  been logged to the system log, and its scope is typically limited by
  the finite number of activatable services available.
  (dbus#234, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
98 99 100 101
• Remove __attribute__((__malloc__)) attribute on dbus_realloc(),
  which does not meet the criteria for that attribute in gcc 4.7+,
  potentially leading to miscompilation (fd.o #107741, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
102 103 104 105 106 107
• Fix build with gcc 8 -Werror=cast-function-type
  (fd.o #107349, Simon McVittie)

• Fix warning from gcc 8 about suspicious use of strncpy() when
  populating struct sockaddr_un (fd.o #107350, Simon McVittie)

108 109 110
• Fix installation of Ducktype documentation with newer yelp-build
  versions (fd.o #106171, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
111 112 113 114 115 116 117
Tests and CI:

• Add Travis-CI builds for 64-bit Windows using mingw-w64
  (fd.o #105662, Ralf Habacker)

• Add Gitlab-CI integration (fd.o #108177, Simon McVittie)

Simon McVittie's avatar
1.10.26  
Simon McVittie committed
118
D-Bus 1.10.26 (2018-03-01)
Simon McVittie's avatar
Simon McVittie committed
119 120
==

Simon McVittie's avatar
1.10.26  
Simon McVittie committed
121 122
The “village's rustic aesthetic” release.

Simon McVittie's avatar
Simon McVittie committed
123 124 125 126 127 128 129
Fixes:

• Increase system dbus-daemon's RLIMIT_NOFILE rlimit before it drops
  privileges, because it won't have permission afterwards. This fixes a
  regression in dbus 1.10.18 and 1.11.0 which made the standard system bus
  more susceptible to deliberate or accidental denial of service.
  (fd.o #105165, David King)
Simon McVittie's avatar
Simon McVittie committed
130

Simon McVittie's avatar
Simon McVittie committed
131
D-Bus 1.10.24 (2017-09-25)
Simon McVittie's avatar
Simon McVittie committed
132 133
==

Simon McVittie's avatar
Simon McVittie committed
134 135
The “pirate wizard” release.

Simon McVittie's avatar
Simon McVittie committed
136 137 138 139 140 141 142 143 144 145
Fixes:

• When parsing dbus-daemon configuration, tell Expat not to use
  cryptographic-quality entropy as a salt for its hash tables: we trust
  the configuration files, so we are not concerned about algorithmic
  complexity attacks via hash table collisions. This prevents
  dbus-daemon --system from holding up the boot process (and causing
  early-boot system services like systemd, logind, networkd to time
  out) on entropy-starved embedded systems.
  (fd.o #101858, Simon McVittie)
Simon McVittie's avatar
Simon McVittie committed
146

Simon McVittie's avatar
Simon McVittie committed
147 148
• Increase listen() backlog of AF_UNIX sockets to the maximum possible,
  minimizing failed connections under heavy load
149
  (fd.o #95264, Lennart Poettering) (backported from 1.11.4)
Simon McVittie's avatar
Simon McVittie committed
150

Simon McVittie's avatar
Simon McVittie committed
151 152 153
• Avoid a -Werror=declaration-after-statement build failure on Solaris
  (fd.o #102145, Alan Coopersmith)

154
• When using the Monitoring interface, match messages' destinations
Simon McVittie's avatar
Simon McVittie committed
155
  (fd.o #92074, Simon McVittie) (backported from 1.11.0)
156

Simon McVittie's avatar
1.10.22  
Simon McVittie committed
157
D-Bus 1.10.22 (2017-07-27)
Simon McVittie's avatar
Simon McVittie committed
158 159
==

Simon McVittie's avatar
1.10.22  
Simon McVittie committed
160 161
The “roof terrace” release.

Simon McVittie's avatar
Simon McVittie committed
162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178
Fixes:

• dbus_message_iter_append_basic() no longer leaks memory if it fails to
  append a file descriptor to a message. (fd.o #101568, Simon McVittie)

• dbus_message_iter_open_container() no longer leaks memory if it runs out
  of memory. (fd.o #101568, Simon McVittie)

• dbus_message_append_args_valist() no longer leaks memory if given an
  unsupported type. This situation is still considered to be a programming
  error which needs to be corrected by the user of libdbus.
  (fd.o #101568, Simon McVittie)

• Wrap test-pending-call-disconnected with dbus-run-session so that it can
  pass in environments that are not already running a D-Bus session bus,
  fixing a build-time test regression in 1.10.20
  (fd.o #101698, Simon McVittie)
Simon McVittie's avatar
Simon McVittie committed
179

Simon McVittie's avatar
Simon McVittie committed
180 181 182
• Ensure that tests fail if they would otherwise have tried to connect to
  the real session bus (fd.o #101698, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
183 184 185
• Make build-time tests cope with finding Python 3, but not Python 2
  (fd.o #101716, Simon McVittie)

Simon McVittie's avatar
1.10.20  
Simon McVittie committed
186
D-Bus 1.10.20 (2017-06-29)
Simon McVittie's avatar
Simon McVittie committed
187 188
==

Simon McVittie's avatar
1.10.20  
Simon McVittie committed
189 190
The “suggesting a delivery gone horribly wrong” release.

Simon McVittie's avatar
Simon McVittie committed
191 192 193 194 195 196 197 198 199 200 201 202 203 204 205
Fixes:

• Fix a reference leak when blocking on a pending call on a connection
  that has been disconnected (fd.o #101481, Shin-ichi MORITA)

• Don't put timestamps in the Doxygen-generated documentation, for
  closer-to-reproducible builds (fd.o #100692, Simon McVittie)

• Avoid an assertion failure when connecting to a semicolon-separated
  series of addresses, one of which fails (fd.o #101257, Simon McVittie)

Documentation:

• Update git URIs in HACKING document to sync up with cgit.freedesktop.org
  (fd.o #100715, Simon McVittie)
Simon McVittie's avatar
Simon McVittie committed
206

Simon McVittie's avatar
1.10.18  
Simon McVittie committed
207
D-Bus 1.10.18 (2017-04-05)
Simon McVittie's avatar
Simon McVittie committed
208 209
==

Simon McVittie's avatar
1.10.18  
Simon McVittie committed
210 211
The “can't handle a self-referential paradox” release.

Simon McVittie's avatar
NEWS  
Simon McVittie committed
212 213 214 215
Fixes:

• Re-order dbus-daemon startup so that on SELinux systems, the thread
  that reads AVC notifications retains the ability to write to the
Simon McVittie's avatar
Simon McVittie committed
216
  audit log (fd.o #92832, Debian #857660; Laurent Bigonville)
Simon McVittie's avatar
Simon McVittie committed
217

Simon McVittie's avatar
1.10.18  
Simon McVittie committed
218 219 220
• Fix a harmless read overflow and some memory leaks in a unit test
  (fd.o #100568, Philip Withnall)

Simon McVittie's avatar
Simon McVittie committed
221
D-Bus 1.10.16 (2017-02-16)
Simon McVittie's avatar
Simon McVittie committed
222 223
==

Simon McVittie's avatar
Simon McVittie committed
224 225 226 227 228 229
The “super digging powers” release.

The fixes in this release are arguably security fixes, but if they
affect you, please take this opportunity to rethink how you are
configuring dbus.

Simon McVittie's avatar
Simon McVittie committed
230 231 232 233 234 235
Enhancements:

• Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian
  stable and Debian testing in addition to the older Ubuntu that is
  the default (fd.o #98889, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
236 237
Fixes:

Simon McVittie's avatar
Simon McVittie committed
238 239 240 241 242 243 244 245 246
• Prevent symlink attacks in the nonce-tcp transport on Unix that could
  allow an attacker to overwrite a file named "nonce", in a directory
  that the user running dbus-daemon can write, with a random value
  known only to the user running dbus-daemon. This is unlikely to be
  exploitable in practice, particularly since the nonce-tcp transport
  is really only useful on Windows.

  On Unix systems we strongly recommend using only the unix: and systemd:
  transports, together with EXTERNAL authentication. These are the only
Simon McVittie's avatar
Simon McVittie committed
247
  transports and authentication mechanisms enabled by default.
Simon McVittie's avatar
Simon McVittie committed
248 249 250 251 252 253

  (fd.o #99828, Simon McVittie)

• Avoid symlink attacks in the "embedded tests", which are not enabled
  by default and should never be enabled in production builds of dbus.
  (fd.o #99828, Simon McVittie)
Simon McVittie's avatar
Simon McVittie committed
254

Simon McVittie's avatar
Simon McVittie committed
255
D-Bus 1.10.14 (2016-11-28)
Simon McVittie's avatar
NEWS  
Simon McVittie committed
256 257
==

Simon McVittie's avatar
Simon McVittie committed
258 259
The “Well, other bands know more than three chords” release.

Simon McVittie's avatar
NEWS  
Simon McVittie committed
260 261
Fixes:

Simon McVittie's avatar
Simon McVittie committed
262 263 264 265 266 267 268 269 270 271
• Work around an undesired effect of the fix for CVE-2014-3637
  (fd.o #80559), in which processes that frequently send fds, such as
  logind during a flood of new PAM sessions, can get disconnected for
  continuously having at least one fd "in flight" for too long;
  dbus-daemon interprets that as a potential denial of service attack.
  The workaround is to disable that check for uid 0 process such as
  logind, with a message in the system log. The bug remains open while
  we look for a more general solution.
  (fd.o #95263, LP#1591411; Simon McVittie)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
272 273 274 275
• Don't run the test test-dbus-launch-x11.sh if X11 autolaunching
  was disabled at compile time. That test is not expected to work
  in that configuration. (fd.o #98665, Simon McVittie)

Simon McVittie's avatar
1.10.12  
Simon McVittie committed
276
D-Bus 1.10.12 (2016-10-10)
Simon McVittie's avatar
1.10.11  
Simon McVittie committed
277 278
==

Simon McVittie's avatar
1.10.12  
Simon McVittie committed
279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302
The “not excessively inhospitable” release.

Security fixes:

• Do not treat ActivationFailure message received from root-owned systemd
  name as a format string. In principle this is a security vulnerability,
  but we do not believe it is exploitable in practice, because only
  privileged processes can own the org.freedesktop.systemd1 bus name, and
  systemd does not appear to send activation failures that contain "%".

  Please note that this probably *was* exploitable in dbus versions
  older than 1.6.30, 1.8.16 and 1.9.10 due to a missing check which at
  the time was only thought to be a denial of service vulnerability
  (CVE-2015-0245). If you are still running one of those versions,
  patch or upgrade immediately.

  (fd.o #98157, Simon McVittie)

Other fixes:

• Harden dbus-daemon against malicious or incorrect ActivationFailure
  messages by rejecting them if they do not come from a privileged
  process, or if systemd activation is not enabled
  (fd.o #98157, Simon McVittie)
Simon McVittie's avatar
Simon McVittie committed
303

Simon McVittie's avatar
NEWS  
Simon McVittie committed
304 305 306
• Avoid undefined behaviour when setting reply serial number without going
  via union DBusBasicValue (fd.o #98035, Marc Mutz)

Simon McVittie's avatar
Simon McVittie committed
307
• autogen.sh: fail cleanly if autoconf fails (Simon McVittie)
Simon McVittie's avatar
1.10.11  
Simon McVittie committed
308

Simon McVittie's avatar
1.10.10  
Simon McVittie committed
309
D-Bus 1.10.10 (2016-08-15)
Simon McVittie's avatar
1.10.9  
Simon McVittie committed
310 311
==

Simon McVittie's avatar
1.10.10  
Simon McVittie committed
312 313
The “tungsten door” release.

Simon McVittie's avatar
Simon McVittie committed
314 315 316 317 318 319 320 321 322 323 324 325
Fixes:

• On Linux, when dbus-daemon is run with reduced susceptibility to the
  OOM killer (typically via systemd), do not let child processes inherit
  that setting (fd.o #32851; Kimmo Hämäläinen, WaLyong Cho)

• Output valid shell syntax in ~/.dbus/session-bus/ if the bus address
  contains a semicolon (fd.o #94746, Thiago Macieira)

• Fix memory leaks and thread safety in subprocess starting on Windows
  (fd.o #95191, Ralf Habacker)

326 327 328
• Do not require systemd to have a service file if using it for activation
  (fd.o #93194; Simon McVittie; backport from 1.11.0)

Simon McVittie's avatar
Simon McVittie committed
329 330 331 332 333
• Stop test-dbus-daemon incorrectly failing on platforms that cannot
  discover the process ID of clients (fd.o #96653, Руслан Ижбулатов)

• In tests that exercise correct handling of crashing D-Bus services,
  suppress Windows crash handler (fd.o #95155; Yiyang Fei, Ralf Habacker)
Simon McVittie's avatar
1.10.9  
Simon McVittie committed
334

Simon McVittie's avatar
Simon McVittie committed
335 336
• Explicitly check for stdint.h (Ioan-Adrian Ratiu)

Simon McVittie's avatar
Simon McVittie committed
337 338 339 340 341 342
• update-activation-environment: produce better diagnostics on error
  (fd.o #96653, Simon McVittie)

• Don't fail the build with an unused const variable warning under gcc 6
  (fd.o #97282; Thomas Zimmermann, Simon McVittie)

343 344 345 346 347 348 349 350 351 352 353 354 355 356
• Merge dbus-1.10-ci branch, containing backports from 1.11.0 in build/test
  code to support continuous integration (fd.o #93194, Simon McVittie)

  · Avoid -Wunused-label when compiling with libselinux but no libaudit
  · In development builds, allow OOM tests to be disabled as documented
  · Accept and ignore the --tap argument in all "embedded tests", and run
    all automated tests with that argument for better diagnostics
  · Fix the systemd activation test under CMake by installing the required
    files
  · In Automake, fix shell syntax for installcheck-local with no DESTDIR
  · In Automake, don't try to run manual tests in installcheck
  · In CMake, don't run manual-tcp test as an automated test
  · Add travis-ci.org build machinery

Simon McVittie's avatar
1.10.8  
Simon McVittie committed
357
D-Bus 1.10.8 (2016-03-07)
Simon McVittie's avatar
1.10.7  
Simon McVittie committed
358 359
==

Simon McVittie's avatar
1.10.8  
Simon McVittie committed
360 361
The “digestive biscuits” release.

Simon McVittie's avatar
Simon McVittie committed
362 363 364 365 366 367
Fixes:

• Enable "large file support" on systems where it exists: dbus-daemon
  is not expected to open large files, but it might need to stat files
  that happen to have large inode numbers (fd.o #93545, Hongxu Jia)

Simon McVittie's avatar
Simon McVittie committed
368 369 370 371 372 373 374 375
• Eliminate padding inside DBusMessageIter on 64-bit platforms,
  which might result in a pedantic C compiler not copying the entire contents
  of a DBusMessageIter; statically assert that this is not an ABI change
  in practice (fd.o #94136, Simon McVittie)

• Document dbus-test-tool echo --sleep-ms=N instead of incorrect --sleep=N
  (fd.o #94244, Dmitri Iouchtchenko)

Simon McVittie's avatar
Simon McVittie committed
376 377 378 379 380 381 382 383
• Correctly report test failures in C tests from run-test.sh
  (fd.o #93379; amit tewari, Simon McVittie)

• When tests are enabled, run all the marshal-validate tests, not just
  the even-numbered ones (fd.o #93908, Nick Lewycky)

• Correct the expected error from one marshal-validate test, which was
  previously not run due to the above bug (fd.o #93908, Simon McVittie)
Simon McVittie's avatar
1.10.7  
Simon McVittie committed
384

Simon McVittie's avatar
1.10.6  
Simon McVittie committed
385
D-Bus 1.10.6 (2015-12-01)
Simon McVittie's avatar
1.10.5  
Simon McVittie committed
386 387
==

Simon McVittie's avatar
1.10.6  
Simon McVittie committed
388 389
The “marzipan beetles” release.

Simon McVittie's avatar
Simon McVittie committed
390 391 392 393 394 395 396 397 398 399 400 401 402
Fixes:

• On Unix when running tests as root, don't assert that root and
  the dbus-daemon user can still call UpdateActivationEnvironment;
  assert that those privileged users can call BecomeMonitor instead
  (fd.o #93036, Simon McVittie)

• On Windows, fix a memory leak in the autolaunch transport (fd.o #92899,
  Simon McVittie)

• On Windows Autotools builds, don't run tests that rely on
  dbus-run-session and other Unix-specifics (fd.o #92899, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
403
D-Bus 1.10.4 (2015-11-17)
Simon McVittie's avatar
1.10.3  
Simon McVittie committed
404 405
==

Simon McVittie's avatar
Simon McVittie committed
406 407
The “Frostburn Canyon” release.

Simon McVittie's avatar
NEWS  
Simon McVittie committed
408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429
Enhancements:

• GetConnectionCredentials, GetConnectionUnixUser and
  GetConnectionUnixProcessID with argument "org.freedesktop.DBus"
  will now return details of the dbus-daemon itself. This is required
  to be able to call SetEnvironment on systemd.
  (fd.o #92857, Jan Alexander Steffens)

Fixes:

• Make UpdateActivationEnvironment always fail with AccessDenied on the
  system bus. Previously, it was possible to configure it so root could
  call it, but the environment variables were not actually used,
  because the launch helper would discard them.
  (fd.o #92857, Jan Alexander Steffens)

• On Unix with --systemd-activation on a user bus, make
  UpdateActivationEnvironment pass on its arguments to systemd's
  SetEnvironment method, solving inconsistency between the environments
  used for traditional activation and systemd user-service activation.
  (fd.o #92857, Jan Alexander Steffens)

Simon McVittie's avatar
Simon McVittie committed
430 431 432
• On Windows, don't crash if <syslog/> or --syslog is used
  (fd.o #92538, Ralf Habacker)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
433 434 435 436 437 438 439
• On Windows, fix a memory leak when setting a DBusError from a Windows
  error (fd.o #92721, Ralf Habacker)

• On Windows, don't go into infinite recursion if we abort the process
  with backtraces enabled (fd.o #92721, Ralf Habacker)

• Fix various failing tests, variously on Windows and cross-platform:
Simon McVittie's avatar
Simon McVittie committed
440 441 442 443 444 445 446 447 448
  · don't test system.conf features (users, groups) that only make sense
    on the system bus, which is not supported on Windows
  · don't call _dbus_warn() when we skip a test, since it is fatal
  · fix computation of expected <standard_session_servicedirs/>
  · when running TAP tests, translate newlines to Unix format, fixing
    cross-compiled tests under Wine on Linux
  · don't stress-test refcounting under Wine, where it's really slow
  · stop assuming that a message looped-back to the test will be received
    immediately
Simon McVittie's avatar
NEWS  
Simon McVittie committed
449
  · skip some system bus tests on Windows since they make no sense there
Simon McVittie's avatar
Simon McVittie committed
450
  (fd.o #92538, fd.o #92721; Ralf Habacker, Simon McVittie)
Simon McVittie's avatar
1.10.3  
Simon McVittie committed
451

Simon McVittie's avatar
1.10.2  
Simon McVittie committed
452
D-Bus 1.10.2 (2015-10-26)
Simon McVittie's avatar
Simon McVittie committed
453 454
==

Simon McVittie's avatar
1.10.2  
Simon McVittie committed
455 456
The “worst pies in London” release.

Simon McVittie's avatar
NEWS  
Simon McVittie committed
457 458
Fixes:

Simon McVittie's avatar
NEWS  
Simon McVittie committed
459 460 461 462 463
• Correct error handling for activation: if there are multiple attempts
  to activate the same service and it fails immediately, the first attempt
  would get the correct reply, but the rest would time out. We now send
  the same error reply to each attempt. (fd.o #92200, Simon McVittie)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
464 465 466 467 468
• If BecomeMonitor is called with a syntactically invalid match rule,
  don't crash with an assertion failure, fixing a regression in 1.9.10.
  This was not exploitable as a denial of service, because the check
  for a privileged user is done first. (fd.o #92298, Simon McVittie)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
469 470 471 472
• On Linux with --enable-user-session, add the bus address to the
  environment of systemd services for better backwards compatibility
  (fd.o #92612, Jan Alexander Steffens)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
473 474
• On Windows, fix the logic for replacing the installation prefix
  in service files' Exec lines (fd.o #83539; Milan Crha, Simon McVittie)
Simon McVittie's avatar
Simon McVittie committed
475

Simon McVittie's avatar
NEWS  
Simon McVittie committed
476 477 478 479
• On Windows, if installed in the conventional layout with ${prefix}/etc
  and ${prefix}/share, use relative paths between bus configuration files
  to allow the tree to be relocated (fd.o #92028, Simon McVittie)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
480 481 482
• Make more of the regression tests pass in Windows builds (fd.o #92538,
  Simon McVittie)

Simon McVittie's avatar
1.10.0  
Simon McVittie committed
483
D-Bus 1.10.0 (2015-08-25)
Simon McVittie's avatar
1.9.19  
Simon McVittie committed
484 485
==

Simon McVittie's avatar
1.10.0  
Simon McVittie committed
486 487 488 489 490 491 492 493 494 495
The “0x20” release.

This is a new stable branch, recommended for use in OS distributions.

Fixes since 1.9.20:

• distribute test/tap-test.sh.in, even if the tarball was built without
  tests enabled (fd.o #91684, Simon McVittie)
• work around a fd leak in libcap-ng < 0.7.7 (fd.o #91684, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538
Summary of major changes since 1.8.0:

• The basic setup for the well-known system and session buses is
  now done in read-only files in ${datadir} (normally /usr/share).
  See the NEWS entry for 1.9.18 for details.

• AppArmor integration has been merged, with features similar to the
  pre-existing SELinux integration. It is mostly compatible with the
  patches previously shipped by Ubuntu, with one significant change:
  Ubuntu's GetConnectionAppArmorSecurityContext method has been superseded
  by GetConnectionCredentials and was not included.

• The --enable-user-session configure option can be enabled
  by OS integrators intending to use systemd to provide a session bus
  per user (in effect, treating all concurrent graphical and non-graphical
  login sessions as one large session).

• The new listenable address mode "unix:runtime=yes" listens on
  $XDG_RUNTIME_DIR/bus, the same AF_UNIX socket used by the systemd
  user session. libdbus and "dbus-launch --autolaunch" will connect to
  this address by default. GLib ≥ 2.45.3 and sd-bus ≥ 209 have a
  matching default.

• All executables are now dynamically linked to libdbus-1.
  Previously, some executables, most notably dbus-daemon, were statically
  linked to a specially-compiled variant of libdbus. This results in
  various private functions in the _dbus namespace being exposed by the
  shared library. These are not API, and must not be used outside
  the dbus source tree.

• On platforms with ELF symbol versioning, all public symbols
  are versioned LIBDBUS_1_3.

New bus APIs:

• org.freedesktop.DBus.GetConnectionCredentials returns
  LinuxSecurityLabel where supported
• org.freedesktop.DBus.Monitoring interface (privileged)
  · BecomeMonitor method supersedes match rules with eavesdrop=true,
    which are now deprecated
• org.freedesktop.DBus.Stats interface (semi-privileged)
  · now enabled by default
  · new GetAllMatchRules method
539 540
• org.freedesktop.DBus.Verbose interface (not normally compiled)
  · toggles the effect of DBUS_VERBOSE
Simon McVittie's avatar
Simon McVittie committed
541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565

New executables:

• dbus-test-tool
• dbus-update-activation-environment

New optional dependencies:

• The systemd: pseudo-transport requires libsystemd or libsd-daemon
• Complete documentation requires Ducktype and yelp-tools
• Full test coverage requires GLib 2.36 and PyGI
• AppArmor integration requires libapparmor and optionally libaudit

Dependencies removed:

• dbus-glib

D-Bus 1.9.20 (2015-08-06)
==

The “Remember Tomorrow” release.

This is a release-candidate for D-Bus 1.10.0. OS distribution vendors
should test it.

Simon McVittie's avatar
NEWS  
Simon McVittie committed
566 567 568 569 570 571 572 573 574 575 576 577
Fixes:

• Don't second-guess what the ABI of poll() is, allowing it to be used
  on Integrity RTOS and other unusual platforms (fd.o #90314;
  Rolland Dudemaine, Simon McVittie)

• Don't duplicate audit subsystem integration if AppArmor and SELinux are
  both enabled (fd.o #89225, Simon McVittie)

• Log audit events for AppArmor/SELinux policy violations whenever
  we have CAP_AUDIT_WRITE, even if not the system bus
  (fd.o #83856, Laurent Bigonville)
Simon McVittie's avatar
1.9.19  
Simon McVittie committed
578

Simon McVittie's avatar
Simon McVittie committed
579
D-Bus 1.9.18 (2015-07-21)
Simon McVittie's avatar
Simon McVittie committed
580 581
==

Simon McVittie's avatar
Simon McVittie committed
582 583
The “Pirate Elite” release.

Simon McVittie's avatar
NEWS  
Simon McVittie committed
584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608
Configuration changes:

• The basic setup for the well-known system and session buses is now done
  in read-only files in ${datadir}, moving a step closer to systems
  that can operate with an empty /etc directory. In increasing order
  of precedence:

  · ${datadir}/dbus-1/s*.conf now perform the basic setup such as setting
    the default message policies.
  · ${sysconfdir}/dbus-1/s*.conf are now optional. By default
    dbus still installs a trivial version of each, for documentation
    purposes; putting configuration directives in these files is deprecated.
  · ${datadir}/dbus-1/s*.d/ are now available for third-party software
    to install "drop-in" configuration snippets (any packages
    using those directories should explicitly depend on at least this
    version of dbus).
  · ${sysconfdir}/dbus-1/s*.d/ are also still available for sysadmins
    or third-party software to install "drop-in" configuration snippets
  · ${sysconfdir}/dbus-1/s*-local.conf are still available for sysadmins'
    overrides

  ${datadir} is normally /usr/share, ${sysconfdir} is normally /etc,
  and "s*" refers to either system or session as appropriate.

  (fd.o #89280, Dimitri John Ledkov)
Simon McVittie's avatar
Simon McVittie committed
609

Simon McVittie's avatar
NEWS  
Simon McVittie committed
610 611 612 613
Fixes:

• Fix a memory leak when GetConnectionCredentials() succeeds
  (fd.o #91008, Jacek Bukarewicz)
Simon McVittie's avatar
Simon McVittie committed
614

Simon McVittie's avatar
Simon McVittie committed
615 616
• Ensure that dbus-monitor does not reply to messages intended for others,
  resulting in its own disconnection (fd.o #90952, Simon McVittie)
Simon McVittie's avatar
Simon McVittie committed
617

Simon McVittie's avatar
1.9.16  
Simon McVittie committed
618
D-Bus 1.9.16 (2015-05-14)
619 620
==

621 622 623 624 625 626 627
The “titanium barns” release.

Dependencies:

• Automake 1.13 is now required when compiling from git or modifying
  the build system.

Simon McVittie's avatar
1.8.18  
Simon McVittie committed
628 629 630 631 632 633 634
Security hardening:

• On Unix platforms, change the default configuration for the session bus
  to only allow EXTERNAL authentication (secure kernel-mediated
  credentials-passing), as was already done for the system bus.

  This avoids falling back to DBUS_COOKIE_SHA1, which relies on strongly
Simon McVittie's avatar
1.9.16  
Simon McVittie committed
635
  unpredictable pseudo-random numbers.
Simon McVittie's avatar
1.8.18  
Simon McVittie committed
636 637 638 639 640 641 642 643 644

  If you are using D-Bus over the (unencrypted!) tcp: or nonce-tcp: transport,
  in conjunction with DBUS_COOKIE_SHA1 and a shared home directory using
  NFS or similar, you will need to reconfigure the session bus to accept
  DBUS_COOKIE_SHA1 by commenting out the <auth> element. This configuration
  is not recommended.

  (fd.o #90414, Simon McVittie)

Simon McVittie's avatar
1.9.16  
Simon McVittie committed
645 646 647 648 649 650
• When asked for random numbers for DBUS_COOKIE_SHA1, the nonce-tcp:
  transport, UUIDs or any other reason, fail if we cannot obtain entropy
  (from /dev/urandom or CryptGenRandom()) or an out-of-memory condition
  occurs, instead of silently falling back to low-entropy pseudorandom
  numbers from rand(). (fd.o #90414; Simon McVittie, Ralf Habacker)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
651 652 653 654 655 656 657 658 659 660 661
Enhancements:

• Add dbus_message_iter_get_element_count()
  (fd.o #30350; Christian Dywan, Simon McVittie)

• Introduce new internal DBusSocket and DBusPollable types so we can
  stop treating the Windows SOCKET type as if it was int. DBusSocket
  is specifically a socket, cross-platform. DBusPollable is whatever
  _dbus_poll() can act on, i.e. a fd on Unix or a SOCKET on Windows.
  (fd.o #89444; Ralf Habacker, Simon McVittie)

662 663 664 665 666 667 668 669 670 671 672 673
• All regression tests now output TAP <https://testanything.org/>
  (fd.o #89846, Simon McVittie)

• Internal APIs consistently use signed values for timestamps
  (fd.o #18494, Peter McCurdy)

• Improve diagnostics when UpdateActivationEnvironment calls are rejected
  (fd.o #88812, Simon McVittie)

• Clean up a lot of compiler warnings
  (fd.o #17289, fd.o #89284; Ralf Habacker, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
674 675 676 677 678 679 680 681 682
Fixes:

• Add locking to DBusCounter's reference count and notify function
  (fd.o #89297, Adrian Szyndela)

• Ensure that DBusTransport's reference count is protected by the
  corresponding DBusConnection's lock (fd.o #90312, Adrian Szyndela)

• Correctly release DBusServer mutex before early-return if we run out
683
  of memory while copying authentication mechanisms (fd.o #90021,
Simon McVittie's avatar
Simon McVittie committed
684 685
  Ralf Habacker)

Simon McVittie's avatar
Simon McVittie committed
686
• Make dbus-test-tool and dbus-update-activation-environment portable
Simon McVittie's avatar
Simon McVittie committed
687 688
  to Windows (fd.o #90089, Ralf Habacker)

689 690
• Correctly initialize all fields of DBusTypeReader (fd.o #90021;
  Ralf Habacker, Simon McVittie)
Simon McVittie's avatar
Simon McVittie committed
691

Simon McVittie's avatar
Simon McVittie committed
692 693 694
• Fix some missing \n in verbose (debug log) messages (fd.o #90004,
  Ralf Habacker)

Simon McVittie's avatar
Simon McVittie committed
695
• Clean up some memory and fd leaks in test code and tools
Simon McVittie's avatar
Simon McVittie committed
696
  (fd.o #90021, Ralf Habacker)
697

698 699 700 701 702 703
• Fix a NULL dereference if the dbus-daemon cannot read a configuration
  directory for a reason that is not ENOENT (fd.o #90021, Ralf Habacker)

• CMake generates a versioned shared library even if the revision is 0,
  as it usually is on the development branch. (fd.o #89450, Ralf Habacker)

Simon McVittie's avatar
Simon McVittie committed
704
D-Bus 1.9.14 (2015-03-02)
Simon McVittie's avatar
1.9.13  
Simon McVittie committed
705 706
==

Simon McVittie's avatar
Simon McVittie committed
707 708
The “don't stand in the poison cloud” release.

Simon McVittie's avatar
NEWS  
Simon McVittie committed
709 710 711 712 713
Dependencies:

• dbus-daemon and dbus-daemon-launch-helper now require libdbus. They
  were previously linked to a static version of libdbus.

Simon McVittie's avatar
NEWS  
Simon McVittie committed
714 715 716 717 718 719 720 721 722 723
• The tests no longer require dbus-glib in order to exercise the libdbus
  shared library; they are always linked to libdbus now.

Build-time configuration:

• The new --enable-user-session option, off by default, can be enabled
  by OS integrators intending to use systemd to provide a session bus
  per user (in effect, treating all concurrent graphical and non-graphical
  login sessions as one large session)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
724 725 726 727 728 729 730 731 732 733
Enhancements:

• All executables are now linked dynamically to libdbus.
  (fd.o #83115; Bertrand SIMONNET, Simon McVittie, Ralf Habacker)

• On platforms that support them (GNU libc and possibly others),
  libdbus now has versioned symbols for its public API.
  All public symbols (visible in the header files) are currently
  versioned as LIBDBUS_1_3; private symbols starting with _dbus or
  dbus_internal have a version that changes with each release, and
Simon McVittie's avatar
NEWS  
Simon McVittie committed
734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751
  must not be used by applications. (also fd.o #83115)

• New listenable address mode "unix:runtime=yes" which listens on
  a real filesystem (non-abstract) socket $XDG_RUNTIME_DIR/bus
  (fd.o #61303; Colin Walters, Alexander Larsson, Simon McVittie)

• Add optional systemd units for a per-user bus listening on
  $XDG_RUNTIME_DIR/bus (fd.o #61301; Simon McVittie, Colin Walters)

• On Unix platforms, both libdbus and "dbus-launch --autolaunch"
  default to connecting to $XDG_RUNTIME_DIR/bus if it is a socket
  (also fd.o #61301)

• New dbus-update-activation-environment tool uploads environment
  variables to "dbus-daemon --session" and optionally "systemd --user",
  primarily as a way to keep the per-user bus compatible with
  distributions' existing X11 login scripts (also fd.o #61301)

Simon McVittie's avatar
Simon McVittie committed
752 753 754
• <includedir/> elements in dbus-daemon configuration are now silently
  ignored if the directory does not exist. (fd.o #89280, Dimitri John Ledkov)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
755 756
• Add microsecond-resolution timestamps to the default output of
  dbus-monitor and dbus-send (fd.o #88896; Ralf Habacker, Simon McVittie)
Simon McVittie's avatar
1.9.13  
Simon McVittie committed
757

Simon McVittie's avatar
NEWS  
Simon McVittie committed
758 759 760 761 762
Fixes:

• Fix a race condition in the 'monitor' test introduced in 1.9.10
  (fd.o #89222, Simon McVittie)

Simon McVittie's avatar
1.9.12  
Simon McVittie committed
763
D-Bus 1.9.12 (2015-02-19)
Simon McVittie's avatar
1.9.11  
Simon McVittie committed
764 765
==

Simon McVittie's avatar
1.9.12  
Simon McVittie committed
766 767 768 769
The “monster lasagna” release.

Dependencies:

Simon McVittie's avatar
Simon McVittie committed
770 771
• Ducktype and yelp-tools are now required to build complete documentation
  (they are optional for normal builds).
Simon McVittie's avatar
1.9.12  
Simon McVittie committed
772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810

Enhancements:

• D-Bus Specification version 0.26
  · GetConnectionCredentials can return LinuxSecurityLabel or WindowsSID
  · document the BecomeMonitor method

• On Linux, add LinuxSecurityLabel to GetConnectionCredentials
  (fd.o #89041; Tyler Hicks, Simon McVittie)

• On Linux, add support for AppArmor mediation of message sending and
  receiving and name ownership (paralleling existing SELinux mediation
  support), and eavesdropping (a new check, currently AppArmor-specific)
  (fd.o #75113; John Johansen, Tyler Hicks, Simon McVittie)

• In dbus-send and dbus-monitor, pretty-print \0-terminated bytestrings
  that have printable ASCII contents; we previously only did this for
  unterminated bytestrings (fd.o #89109, Simon McVittie)

• Add a guide to designing good D-Bus APIs (fd.o #88994, Philip Withnall)

• On Windows, add WindowsSID to GetConnectionCredentials
  (fd.o #54445, Ralf Habacker)

• Improve clarity of dbus-monitor --profile output and add more columns
  (fd.o #89165, Ralf Habacker)

• Add a man page for dbus-test-tool, and build it under CMake as well
  as Autotools (fd.o#89086, Simon McVittie)

• If dbus-daemon was compiled with --enable-verbose, add a D-Bus API
  to control it at runtime, overriding the DBUS_VERBOSE environment variable
  (fd.o #88896, Ralf Habacker)

Fixes:

• Reduce the number of file descriptors used in the fd-passing test,
  avoiding failure under the default Linux fd limit, and automatically
  skip it if the rlimit is too small (fd.o #88998, Simon McVittie)
Simon McVittie's avatar
1.9.11  
Simon McVittie committed
811

Simon McVittie's avatar
1.9.10  
Simon McVittie committed
812
D-Bus 1.9.10 (2015-02-09)
Simon McVittie's avatar
1.9.9  
Simon McVittie committed
813 814
==

815
The “sad cyborgs” release.
816

Simon McVittie's avatar
1.9.10  
Simon McVittie committed
817
Security fixes merged from 1.8.16:
818 819 820 821 822 823 824 825

• Do not allow non-uid-0 processes to send forged ActivationFailure
  messages. On Linux systems with systemd activation, this would
  allow a local denial of service: unprivileged processes could
  flood the bus with these forged messages, winning the race with
  the actual service activation and causing an error reply
  to be sent back when service auto-activation was requested.
  This does not prevent the real service from being started,
Simon McVittie's avatar
Simon McVittie committed
826
  so the attack only works while the real service is not running.
827 828
  (CVE-2015-0245, fd.o #88811; Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849
Enhancements:

• The new Monitoring interface in the dbus-daemon lets dbus-monitor and
  similar tools receive messages without altering the security properties
  of the system bus, by calling the new BecomeMonitor method on a
  private connection. This bypasses the normal <allow> and <deny> rules
  entirely, so to preserve normal message-privacy assumptions, only root
  is allowed to do this on the system bus. Restricted environments,
  such as Linux with LSMs, should lock down access to the Monitoring
  interface. (fd.o #46787, Simon McVittie)

• dbus-monitor uses BecomeMonitor to capture more traffic, if the
  dbus-daemon supports it and access permissions allow it.
  It still supports the previous approach ("eavesdropping" match rules)
  for compatibility with older bus daemons. (fd.o #46787, Simon)

• dbus-monitor can now log the message stream as binary data for later
  analysis, with either no extra framing beyond the normal D-Bus headers,
  or libpcap-compatible framing treating each D-Bus message
  as a captured packet. (fd.o #46787, Simon)

850
Other fixes:
Simon McVittie's avatar
Simon McVittie committed
851 852 853 854 855 856

• Fix some CMake build regressions (fd.o #88964, Ralf Habacker)

• On Unix, forcibly terminate regression tests after 60 seconds to
  prevent them from blocking continuous integration frameworks
  (fd.o #46787, Simon)
Simon McVittie's avatar
1.9.9  
Simon McVittie committed
857

Simon McVittie's avatar
Simon McVittie committed
858
D-Bus 1.9.8 (2015-02-03)
Simon McVittie's avatar
1.9.5  
Simon McVittie committed
859 860
==

Simon McVittie's avatar
Simon McVittie committed
861 862
The “all the types of precipitation” release.

Simon McVittie's avatar
NEWS  
Simon McVittie committed
863 864
Dependencies:

Simon McVittie's avatar
NEWS  
Simon McVittie committed
865
• full test coverage now requires GLib 2.36
Simon McVittie's avatar
NEWS  
Simon McVittie committed
866 867 868 869
• full test coverage now requires PyGI (PyGObject 3,
  "import gi.repository.GObject") instead of the
  obsolete PyGObject 2 ("import gobject")

Simon McVittie's avatar
NEWS  
Simon McVittie committed
870 871 872 873 874 875 876
Enhancements:

• add GLib-style "installed tests" (fd.o #88810, Simon McVittie)

• better regression test coverage, including systemd activation
  (fd.o #57952, #88810; Simon McVittie)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901
Fixes:

• fatal errors correctly make the dbus-daemon exit even if <syslog/> is
  turned off (fd.o #88808, Simon McVittie)

• TCP sockets on Windows no longer fail to listen approximately 1 time
  in 256, caused by a logic error that should have always made it fail but
  was mitigated by incorrect endianness for the port number
  (fd.o #87999, Ralf Habacker)

• fix some Windows build failures (fd.o #88009, #88010; Ralf Habacker)

• on Windows, allow up to 8K connections to the dbus-daemon instead of the
  previous 64, completing a previous fix which only worked under
  Autotools (fd.o #71297, Ralf Habacker)

• on Windows, if the IP family is unspecified only use IPv4,
  to mitigate IPv6 not working correctly (fd.o #87999, Ralf Habacker)

• fix some unlikely memory leaks on OOM (fd.o #88087, Simon McVittie)

• lcov code coverage analysis works again (fd.o #88808, Simon McVittie)

• fix an unused function error with --disable-embedded-tests (fd.o #87837,
  Thiago Macieira)
Simon McVittie's avatar
1.9.5  
Simon McVittie committed
902

903
D-Bus 1.9.6 (2015-01-05)
Simon McVittie's avatar
1.9.5  
Simon McVittie committed
904 905
==

906
The “I do have a bread knife” release.
Simon McVittie's avatar
Simon McVittie committed
907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932

Security hardening:

• Do not allow calls to UpdateActivationEnvironment from uids other than
  the uid of the dbus-daemon. If a system service installs unsafe
  security policy rules that allow arbitrary method calls
  (such as CVE-2014-8148) then this prevents memory consumption and
  possible privilege escalation via UpdateActivationEnvironment.

  We believe that in practice, privilege escalation here is avoided
  by dbus-daemon-launch-helper sanitizing its environment; but
  it seems better to be safe.

• Do not allow calls to UpdateActivationEnvironment or the Stats interface
  on object paths other than /org/freedesktop/DBus. Some system services
  install unsafe security policy rules that allow arbitrary method calls
  to any destination, method and interface with a specified object path;
  while less bad than allowing arbitrary method calls, these security
  policies are still harmful, since dbus-daemon normally offers the
  same API on all object paths and other system services might behave
  similarly.

Other fixes:

• Add missing initialization so GetExtendedTcpTable doesn't crash on
  Windows Vista SP0 (fd.o #77008, Илья А. Ткаченко)
Simon McVittie's avatar
1.9.5  
Simon McVittie committed
933

Simon McVittie's avatar
1.9.4  
Simon McVittie committed
934
D-Bus 1.9.4 (2014-11-24)
Simon McVittie's avatar
1.8.11  
Simon McVittie committed
935 936
==

Simon McVittie's avatar
1.9.4  
Simon McVittie committed
937 938
The “extra-sturdy caramel” release.

Simon McVittie's avatar
NEWS  
Simon McVittie committed
939 940
Fixes:

Simon McVittie's avatar
1.8.12  
Simon McVittie committed
941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958
• Partially revert the CVE-2014-3639 patch by increasing the default
  authentication timeout on the system bus from 5 seconds back to 30
  seconds, since this has been reported to cause boot regressions for
  some users, mostly with parallel boot (systemd) on slower hardware.

  On fast systems where local users are considered particularly hostile,
  administrators can return to the 5 second timeout (or any other value
  in milliseconds) by saving this as /etc/dbus-1/system-local.conf:

  <busconfig>
    <limit name="auth_timeout">5000</limit>
  </busconfig>

  (fd.o #86431, Simon McVittie)

• Add a message in syslog/the Journal when the auth_timeout is exceeded
  (fd.o #86431, Simon McVittie)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
959 960 961
• Send back an AccessDenied error if the addressed recipient is not allowed
  to receive a message (and in builds with assertions enabled, don't
  assert under the same conditions). (fd.o #86194, Jacek Bukarewicz)
Simon McVittie's avatar
1.8.11  
Simon McVittie committed
962

Simon McVittie's avatar
Simon McVittie committed
963
D-Bus 1.9.2 (2014-11-10)
Simon McVittie's avatar
Simon McVittie committed
964 965
==

Simon McVittie's avatar
NEWS  
Simon McVittie committed
966 967
The “structurally unsound flapjack” release.

968 969 970 971 972 973
Security fixes:

• Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536
  so that CVE-2014-3636 part A cannot exhaust the system bus'
  file descriptors, completing the incomplete fix in 1.8.8.
  (CVE-2014-7824, fd.o #85105; Simon McVittie, Alban Crequy)
Simon McVittie's avatar
1.8.9  
Simon McVittie committed
974

Simon McVittie's avatar
Simon McVittie committed
975 976
Enhancements:

977
• D-Bus Specification version 0.25
Simon McVittie's avatar
NEWS  
Simon McVittie committed
978 979 980 981
  · new value 'const' for EmitsChangedSignal annotation
    (fd.o #72958, Lennart Poettering)
  · new ALLOW_INTERACTIVE_AUTHORIZATION flag, for PolicyKit and similar
    (fd.o #83449; Lennart Poettering, Simon McVittie)
982 983 984
  · annotate table of types with reserved/basic/container, and for
    basic types, fixed/string-like
  · clarify arbitrary limits by quoting them in mebibytes
Simon McVittie's avatar
NEWS  
Simon McVittie committed
985 986 987

• New API: add accessors for the ALLOW_INTERACTIVE_AUTHORIZATION flag
  (fd.o #83449, Simon McVittie)
988

Simon McVittie's avatar
NEWS  
Simon McVittie committed
989 990 991 992 993 994 995
• Add dbus-test-tool, a D-Bus swiss army knife with multiple subcommands,
  useful for debugging and performance testing:
  · dbus-test-tool spam: send repeated messages
  · dbus-test-tool echo: send an empty reply for all method calls
  · dbus-test-tool black-hole: do not reply to method calls
  (fd.o #34140; Alban Crequy, Simon McVittie, Will Thompson)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
996 997 998
• Add support for process ID in credentials-passing on NetBSD
  (fd.o #69702, Patrick Welche)

Simon McVittie's avatar
Simon McVittie committed
999 1000 1001
• Add an example script to find potentially undesired match rules
  (fd.o #84598, Alban Crequy)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1002 1003 1004 1005 1006 1007 1008
• Document the central assumption that makes our use of credentials-passing
  secure (fd.o #83499, Simon McVittie)

• Replace the dbus-glib section of the tutorial with a GDBus recommendation,
  and add some links to GDBus and QtDBus documentation (fd.o #25140,
  Simon McVittie)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1009 1010
Fixes:

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1011 1012 1013
• Use a less confusing NoReply message when disconnected with a reply pending
  (fd.o #76112, Simon McVittie)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1014 1015 1016
• Make the .pc file relocatable by letting pkg-config do all variable
  expansion itself (fd.o #75858, Руслан Ижбулатов)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1017 1018 1019
• Fix a build failure on platforms with kqueue, which regressed in 1.9.0
  (fd.o #85563, Patrick Welche)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1020 1021 1022 1023 1024
• Consistently save errno after socket calls (fd.o #83625, Simon McVittie)

• In dbus-spawn, when the grandchild process exits due to a failed exec(),
  do not lose the exec() errno (fd.o #24821, Simon McVittie)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1025 1026 1027
• Do not fail the tests if a parent process has leaked non-close-on-exec
  file descriptors to us (fd.o #73689, fd.o #83899; Simon McVittie)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1028 1029 1030 1031 1032
• Do not fail the tests on Unix platforms with incomplete
  credentials-passing support, but do fail if we can't pass credentials
  on a platform where it is known to work: Linux, FreeBSD, OpenBSD, NetBSD
  (fd.o #69702, Simon McVittie)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1033 1034 1035 1036
• Detect accept4, dirfd, inotify_init1, pipe2, and Unix fd passing
  when building with cmake, and expand test coverage there
  (fd.o #73689; Ralf Habacker, Simon McVittie)

Simon McVittie's avatar
1.9.0  
Simon McVittie committed
1037
D-Bus 1.9.0 (2014-10-01)
Simon McVittie's avatar
1.8.1  
Simon McVittie committed
1038 1039
==

Simon McVittie's avatar
1.9.0  
Simon McVittie committed
1040 1041
The “tiered cheeses” release.

Simon McVittie's avatar
Simon McVittie committed
1042 1043 1044
Requirements:

• Support for the systemd: (LISTEN_FDS) pseudo-transport on Linux now
Simon McVittie's avatar
Simon McVittie committed
1045 1046
  requires either the libsystemd or libsd-daemon shared library, dropping the
  embedded convenience copy of sd-daemon (fd.o #71818, Simon)
Simon McVittie's avatar
Simon McVittie committed
1047 1048 1049

Build-time configuration changes:

Simon McVittie's avatar
1.9.0  
Simon McVittie committed
1050 1051 1052 1053 1054 1055 1056
• The Stats interface is now enabled by default, and locked-down to
  root-only on the system bus. Configure with --disable-stats
  to disable it altogether on memory- or disk-constrained systems,
  or see ${docdir}/examples/ to open it up to non-root users on the
  system bus or restrict access on the session bus.
  (fd.o #80759; Simon McVittie, Alban Crequy)

Simon McVittie's avatar
Simon McVittie committed
1057 1058 1059 1060 1061 1062 1063 1064 1065 1066
• The CMake build system now builds the same shared library name as Autotools
  on at least Linux and Windows:
  - on Linux (and perhaps other Unix platforms), it previously built
    libdbus-1.so, but now builds libdbus-1.so.3.* with development
    symlink libdbus-1.so and SONAME/symlink libdbus-1.so.3
  - on Windows, it previously built either libdbus-1.dll (release) or
    libdbus-1d.dll (debug), but now builds libdbus-1-3.dll, copied to
    libdbus-1.dll for compatibility with older applications.
  (fd.o #74117, Ralf Habacker)

Simon McVittie's avatar
Simon McVittie committed
1067 1068
Enhancements:

Simon McVittie's avatar
1.9.0  
Simon McVittie committed
1069 1070 1071 1072 1073 1074
• D-Bus Specification version 0.24
  · document how to quote match rules (fd.o #24307, Simon McVittie)
  · explicitly say that most message types never expect a reply
    regardles of whether they have NO_REPLY_EXPECTED
    (fd.o #75749, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
1075 1076 1077
• on Unix platforms, disable Nagle's algorithm on TCP connections to improve
  initial latency (fd.o #75544, Matt Hoosier)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1078 1079 1080
• use backtrace() if it is in -lexecinfo instead of libc, as on NetBSD
  (fd.o #69702, Patrick Welche)

Simon McVittie's avatar
Simon McVittie committed
1081 1082 1083 1084 1085 1086
• in dbus-monitor, print more information about file descriptors
  (fd.o #80603, Alban Crequy)

• do not install system bus configuration if built for Windows
  (fd.o #83583; Ralf Habacker, Simon McVittie)

Simon McVittie's avatar
1.9.0  
Simon McVittie committed
1087 1088 1089 1090 1091
• Add GetAllMatchRules to the Stats interface (fd.o #24307, Alban Crequy)

• Add a regression test for file descriptor passing (fd.o #83622,
  Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102
Fixes:

• fix an incorrect error message if a Unix socket path is too long
  (fd.o #73887, Antoine Jacoutot)

• in an MSYS/Cygwin environment, pass Unix-style filenames to xmlto,
  fixing documentation generation (fd.o #75860, Руслан Ижбулатов)

• in Unix with X11, avoid giving dbus-launch a misleading argv[0]
  in ps(1) (fd.o #69716, Chengwei Yang)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1103 1104 1105
• avoid calling poll() with timeout < -1, which is considered invalid
  on FreeBSD and NetBSD (fd.o #78480, Jaap Boender)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1106 1107 1108 1109
• be portable to BSD-derived platforms where O_CLOEXEC is unavailable in libc
  (like Mac OS X 10.6), or available in libc but unsupported by the kernel
  (fd.o #77032; rmvsxop, OBATA Akio, Patrick Welche)

Simon McVittie's avatar
Simon McVittie committed
1110 1111
• Fix include path for test/internal/*.c with cmake (Ralf Habacker)

Simon McVittie's avatar
1.9.0  
Simon McVittie committed
1112 1113
• Documentation improvements
  (fd.o #80795, #84313; Thomas Haller, Sebastian Rasmussen)
Simon McVittie's avatar
Simon McVittie committed
1114 1115 1116

• in dbus-monitor, do not leak file descriptors that we have monitored
  (fd.o #80603, Alban Crequy)
Simon McVittie's avatar
1.8.9  
Simon McVittie committed
1117

Simon McVittie's avatar
1.9.0  
Simon McVittie committed
1118 1119 1120 1121 1122 1123
• Set the close-on-exec flag for the inotify file descriptor, even
  if built with CMake or older libc (fd.o #73689, Simon McVittie)

• Remove some LGPL code from the Windows dbus-daemon
  (fd.o #57272, Ralf Habacker)

1124
D-Bus 1.8.8 (2014-09-16)
Simon McVittie's avatar
Simon McVittie committed
1125 1126
==

1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165
The "smashy smashy egg man" release.

Security fixes:

• Do not accept an extra fd in the padding of a cmsg message, which
  could lead to a 4-byte heap buffer overrun.
  (CVE-2014-3635, fd.o #83622; Simon McVittie)

• Reduce default for maximum Unix file descriptors passed per message
  from 1024 to 16, preventing a uid with the default maximum number of
  connections from exhausting the system bus' file descriptors under
  Linux's default rlimit. Distributors or system administrators with a
  more restrictive fd limit may wish to reduce these limits further.

  Additionally, on Linux this prevents a second denial of service
  in which the dbus-daemon can be made to exceed the maximum number
  of fds per sendmsg() and disconnect the process that would have
  received them.
  (CVE-2014-3636, fd.o #82820; Alban Crequy)

• Disconnect connections that still have a fd pending unmarshalling after
  a new configurable limit, pending_fd_timeout (defaulting to 150 seconds),
  removing the possibility of creating an abusive connection that cannot be
  disconnected by setting up a circular reference to a connection's
  file descriptor.
  (CVE-2014-3637, fd.o #80559; Alban Crequy)

• Reduce default for maximum pending replies per connection from 8192 to 128,
  mitigating an algorithmic complexity denial-of-service attack
  (CVE-2014-3638, fd.o #81053; Alban Crequy)

• Reduce default for authentication timeout on the system bus from
  30 seconds to 5 seconds, avoiding denial of service by using up
  all unauthenticated connection slots; and when all unauthenticated
  connection slots are used up, make new connection attempts block
  instead of disconnecting them.
  (CVE-2014-3639, fd.o #80919; Alban Crequy)

Other fixes:
Simon McVittie's avatar
Simon McVittie committed
1166

Simon McVittie's avatar
Simon McVittie committed
1167 1168 1169 1170
• Check for libsystemd from systemd >= 209, falling back to
  the older separate libraries if not found (Umut Tezduyar Lindskog,
  Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
1171 1172 1173 1174
• On Linux, use prctl() to disable core dumps from a test executable
  that deliberately raises SIGSEGV to test dbus-daemon's handling
  of that condition (fd.o #83772, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
1175 1176
• Fix compilation with --enable-stats (fd.o #81043, Gentoo #507232;
  Alban Crequy)
Simon McVittie's avatar
Simon McVittie committed
1177

Simon McVittie's avatar
Simon McVittie committed
1178 1179 1180
• Improve documentation for running tests on Windows (fd.o #41252,
  Ralf Habacker)

Simon McVittie's avatar
Simon McVittie committed
1181
D-Bus 1.8.6 (2014-06-02)
Simon McVittie's avatar
Simon McVittie committed
1182 1183
==

Simon McVittie's avatar
Simon McVittie committed
1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199
Security fixes:

• On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, silently drop
  the message. This prevents an attack in which a malicious client can
  make dbus-daemon disconnect a system service, which is a local
  denial of service.
  (fd.o #80163, CVE-2014-3532; Alban Crequy)

• Track remaining Unix file descriptors correctly when more than one
  message in quick succession contains fds. This prevents another attack
  in which a malicious client can make dbus-daemon disconnect a system
  service.
  (fd.o #79694, fd.o #80469, CVE-2014-3533; Alejandro Martínez Suárez,
  Simon McVittie, Alban Crequy)

Other fixes:
Simon McVittie's avatar
NEWS  
Simon McVittie committed
1200 1201 1202 1203

• When dbus-launch --exit-with-session starts a dbus-daemon but then cannot
  attach to a session, kill the dbus-daemon as intended
  (fd.o #74698, Роман Донченко)
Simon McVittie's avatar
Simon McVittie committed
1204

1205
D-Bus 1.8.4 (2014-06-10)
Simon McVittie's avatar
Simon McVittie committed
1206 1207
==

1208 1209 1210 1211 1212 1213 1214 1215
Security fix:

• Alban Crequy at Collabora Ltd. discovered and fixed a denial-of-service
  flaw in dbus-daemon, part of the reference implementation of D-Bus.
  Additionally, in highly unusual environments the same flaw could lead to
  a side channel between processes that should not be able to communicate.
  (CVE-2014-3477, fd.o #78979)

Simon McVittie's avatar
1.8.2  
Simon McVittie committed
1216
D-Bus 1.8.2 (2014-04-30)
Simon McVittie's avatar
1.8.1  
Simon McVittie committed
1217 1218
==

Simon McVittie's avatar
1.8.2  
Simon McVittie committed
1219 1220
The “nobody wants red” release.

Simon McVittie's avatar
Simon McVittie committed
1221 1222 1223 1224 1225 1226
Enhancements:

• in the CMake build system, add some hints for Linux users cross-compiling
  Windows D-Bus binaries to be able to run tests under Wine
  (fd.o #41252, Ralf Habacker)

Simon McVittie's avatar
Simon McVittie committed
1227 1228
• add Documentation key to dbus.service (fd.o #77447, Cameron Norman)

Simon McVittie's avatar
Simon McVittie committed
1229 1230
Fixes:

Simon McVittie's avatar
Simon McVittie committed
1231 1232 1233 1234
• in "dbus-uuidgen --ensure", try to copy systemd's /etc/machine-id
  to /var/lib/dbus/machine-id instead of generating an entirely new ID
  (fd.o #77941, Simon McVittie)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1235 1236 1237
• if dbus-launch receives an X error very quickly, do not kill
  unrelated processes (fd.o #74698, Роман Донченко)

Simon McVittie's avatar
Simon McVittie committed
1238 1239
• on Windows, allow up to 8K connections to the dbus-daemon, instead of the
  previous 64 (fd.o #71297; Cristian Onet, Ralf Habacker)
Simon McVittie's avatar
1.8.1  
Simon McVittie committed
1240

Simon McVittie's avatar
1.8.2  
Simon McVittie committed
1241 1242
• cope with \r\n newlines in regression tests, since on Windows,
  dbus-daemon.exe uses text mode (fd.o #75863, Руслан Ижбулатов)
Simon McVittie's avatar
NEWS  
Simon McVittie committed
1243

Simon McVittie's avatar
Simon McVittie committed
1244
D-Bus 1.8.0 (2014-01-20)
Simon McVittie's avatar
Simon McVittie committed
1245 1246
==

Simon McVittie's avatar
Simon McVittie committed
1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277
The “Wolverine distrusts my printer” release.

This starts a new stable branch. The 1.6.x branch is now considered to be
outdated, and will only receive fixes for serious bugs such as security
flaws. The 1.4.x and 1.2.x branches no longer have upstream support and
are unlikely to get any more releases, but if distributors still need to
support them, please share security patches via upstream.

Summary of changes since 1.6.x:

• libdbus always behaves as if dbus_threads_init_default() had been called
  (thread-safety by default)
• new dbus-run-session tool, replacing certain misuses of dbus-launch
• dbus-monitor can talk to outdated versions of dbus-daemon again
• new org.freedesktop.DBus.GetConnectionCredentials method
• GetConnectionUnixProcessID also works correctly on Windows, returning
  the Windows process ID
• GetConnectionWindowsSID returns the correct SID on Windows
• expat is required, libxml2 can no longer be used as a substitute
• the userDB cache is required, and cannot be disabled
• a 64-bit integer type (either int, long, long long or _int64) is required
• better systemd-journald integration on Linux
• fixed long-standing fd and array leaks when failing to parse a message
• fixed referenced-but-never-freed parent nodes (effectively memory leaks)
  when using certain object-path allocation patterns, notably in Avahi
• better defaults for Windows support
• better CMake support
• better portability to mingw32, FreeBSD, NetBSD, QNX and Hurd
• the source language for the man pages is now Docbook XML

Enhancements since 1.7.10:
Simon McVittie's avatar
NEWS  
Simon McVittie committed
1278 1279

• Enhance the CMake build system to check for GLib and compile/run
Simon McVittie's avatar
Simon McVittie committed
1280
  a subset of the regression tests (fd.o #41252, #73495; Ralf Habacker)
Simon McVittie's avatar
NEWS  
Simon McVittie committed
1281

Simon McVittie's avatar
Simon McVittie committed
1282
Fixes since 1.7.10:
Simon McVittie's avatar
NEWS  
Simon McVittie committed
1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295

• don't rely on va_copy(), use DBUS_VA_COPY() wrapper (fd.o #72840,
  Ralf Habacker)

• fix compilation of systemd journal support on older systemd versions where
  sd-journal.h doesn't include syslog.h (fd.o #73455, Ralf Habacker)

• fix compilation on older MSVC versions by including stdlib.h
  (fd.o #73455, Ralf Habacker)

• Allow <allow_anonymous/> to appear in an included configuration file
  (fd.o #73475, Matt Hoosier)

Simon McVittie's avatar
Simon McVittie committed
1296
Test behaviour changes since 1.7.10:
Simon McVittie's avatar
NEWS  
Simon McVittie committed
1297 1298 1299 1300 1301 1302 1303 1304 1305 1306

• If the tests crash with an assertion failure, they no longer default to
  blocking for a debugger to be attached. Set DBUS_BLOCK_ON_ABORT in the
  environment if you want the old behaviour.

• To improve debuggability, the dbus-daemon and dbus-daemon-eavesdrop tests
  can be run with an external dbus-daemon by setting
  DBUS_TEST_DAEMON_ADDRESS in the environment. Test-cases that require
  an unusually-configured dbus-daemon are skipped.

Simon McVittie's avatar
1.7.10  
Simon McVittie committed
1307
D-Bus 1.7.10 (2014-01-06)
Simon McVittie's avatar
Simon McVittie committed
1308 1309
==

Simon McVittie's avatar
1.7.10  
Simon McVittie committed
1310 1311 1312 1313
The “weighted companion cube” release.

This is a release candidate for D-Bus 1.8.

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1314 1315 1316 1317 1318
D-Bus Specification 0.23:

• don't require messages with no INTERFACE to be dispatched
  (fd.o #68597, Simon McVittie)

Simon McVittie's avatar
1.7.10  
Simon McVittie committed
1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332
• document "tcp:bind=..." and "nonce-tcp:bind=..." (fd.o #72301,
  Chengwei Yang)

• define "listenable" and "connectable" addresses, and discuss
  the difference (fd.o #61303, Simon McVittie)

Enhancements:

• support printing Unix file descriptors in dbus-send, dbus-monitor
  (fd.o #70592, Robert Ancell)

• don't install systemd units if --disable-systemd is given
  (fd.o #71818, Chengwei Yang)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1333 1334
Fixes:

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1335 1336 1337
• don't leak memory on out-of-memory while listing activatable or
  active services (fd.o #71526, Radoslaw Pajak)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1338 1339
• fix undefined behaviour in a regression test (fd.o #69924, DreamNik)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1340 1341
• escape Unix socket addresses correctly (fd.o #46013, Chengwei Yang)

Simon McVittie's avatar
Simon McVittie committed
1342 1343 1344 1345
• on SELinux systems, don't assume that SECCLASS_DBUS, DBUS__ACQUIRE_SVC
  and DBUS__SEND_MSG are numerically equal to their values in the
  reference policy (fd.o #88719, osmond sun)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1346 1347 1348
• define PROCESS_QUERY_LIMITED_INFORMATION if missing from MinGW < 4 headers
  (fd.o #71366, Matt Fischer)

Simon McVittie's avatar
1.7.10  
Simon McVittie committed
1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371
• define WIN32_LEAN_AND_MEAN to avoid conflicts between winsock.h and
  winsock2.h (fd.o #71405, Matt Fischer)

• do not return failure from _dbus_read_nonce() with no error set,
  preventing a potential crash (fd.o #72298, Chengwei Yang)

• on BSD systems, avoid some O(1)-per-process memory and fd leaks in kqueue,
  preventing test failures (fd.o #69332, fd.o #72213; Chengwei Yang)

• fix warning spam on Hurd by not trying to set SO_REUSEADDR on Unix sockets,
  which doesn't do anything anyway on at least Linux and FreeBSD
  (fd.o #69492, Simon McVittie)

• fix use of TCP sockets on FreeBSD and Hurd by tolerating EINVAL from
  sendmsg() with SCM_CREDS (retrying with plain send()), and looking
  for credentials more correctly (fd.o #69492, Simon McVittie)

• ensure that tests run with a temporary XDG_RUNTIME_DIR to avoid
  getting mixed up in XDG/systemd "user sessions" (fd.o #61301,
  Simon McVittie)

• refresh cached policy rules for existing connections when bus
  configuration changes (fd.o #39463, Chengwei Yang)
Simon McVittie's avatar
NEWS  
Simon McVittie committed
1372

Simon McVittie's avatar
1.7.8  
Simon McVittie committed
1373
D-Bus 1.7.8 (2013-11-01)
Simon McVittie's avatar
Simon McVittie committed
1374 1375
==

Simon McVittie's avatar
1.7.8  
Simon McVittie committed
1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392
The “extreme hills” release.

Dependencies:

• If systemd support is enabled, libsystemd-journal is now required.

Enhancements:

• When activating a non-systemd service under systemd, annotate its
  stdout/stderr with its bus name in the Journal. Known limitation:
  because the socket is opened before forking, the process will still be
  logged as if it had dbus-daemon's process ID and user ID.
  (fd.o #68559, Chengwei Yang)

• Document more configuration elements in dbus-daemon(1)
  (fd.o #69125, Chengwei Yang)

Simon McVittie's avatar
1.6.18  
Simon McVittie committed
1393 1394
Fixes:

Simon McVittie's avatar
1.7.8  
Simon McVittie committed
1395 1396 1397 1398 1399 1400 1401
• Don't leak string arrays or fds if dbus_message_iter_get_args_valist()
  unpacks them and then encounters an error (fd.o #21259, Chengwei Yang)

• If compiled with libaudit, retain CAP_AUDIT_WRITE so we can write
  disallowed method calls to the audit log, fixing a regression in 1.7.6
  (fd.o #49062, Colin Walters)

Simon McVittie's avatar
1.6.18  
Simon McVittie committed
1402 1403
• path_namespace='/' in match rules incorrectly matched nothing; it
  now matches everything. (fd.o #70799, Simon McVittie)
Simon McVittie's avatar
Simon McVittie committed
1404

Simon McVittie's avatar
Simon McVittie committed
1405
D-Bus 1.7.6 (2013-10-09)
1406 1407
==

Simon McVittie's avatar
Simon McVittie committed
1408 1409
The “CSI Shrewsbury” release.

1410 1411
Build-time configuration changes:

Simon McVittie's avatar
Simon McVittie committed
1412 1413 1414 1415 1416 1417
• Directory change notification via dnotify on Linux is no longer
  supported; it hadn't compiled successfully since 2010 in any case.
  If you don't have inotify (Linux) or kqueue (*BSD), you will need
  to send SIGHUP to the dbus-daemon when its configuration changes.
  (fd.o #33001, Chengwei Yang)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1418 1419 1420 1421 1422
• Compiling with --disable-userdb-cache is no longer supported;
  it didn't work since at least 2008, and would lead to an extremely
  slow dbus-daemon even it worked. (fd.o #15589, #17133, #66947;
  Chengwei Yang)

1423 1424 1425 1426
• The DBUS_DISABLE_ASSERTS CMake option didn't actually disable most
  assertions. It has been renamed to DBUS_DISABLE_ASSERT to be consistent
  with the Autotools build system. (fd.o #66142, Chengwei Yang)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1427 1428 1429 1430
• --with-valgrind=auto enables Valgrind instrumentation if and only if
  valgrind headers are available. The default is still --with-valgrind=no.
  (fd.o #56925, Simon McVittie)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1431 1432
Dependencies:

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1433 1434 1435
• Platforms with no 64-bit integer type are no longer supported.
  (fd.o #65429, Simon McVittie)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1436 1437
• GNU make is now (documented to be) required. (fd.o #48277, Simon McVittie)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1438 1439 1440 1441
• Full test coverage no longer requires dbus-glib, although the tests do not
  exercise the shared library (only a static copy) if dbus-glib is missing.
  (fd.o #68852, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
1442 1443
Enhancements:

Simon McVittie's avatar
Simon McVittie committed
1444 1445 1446 1447
• D-Bus Specification 0.22
  · Document GetAdtAuditSessionData() and
    GetConnectionSELinuxSecurityContext() (fd.o #54445, Simon)
  · Fix example .service file (fd.o #66481, Chengwei Yang)
Simon McVittie's avatar
NEWS  
Simon McVittie committed
1448 1449 1450
  · Don't claim D-Bus is "low-latency" (lower than what?), just
    give factual statements about it supporting async use
    (fd.o #65141, Justin Lee)
Simon McVittie's avatar
NEWS  
Simon McVittie committed
1451
  · Document the contents of .service files, and the fact that
Simon McVittie's avatar
Simon McVittie committed
1452 1453
    system services' filenames are constrained
    (fd.o #66608; Simon McVittie, Chengwei Yang)
Simon McVittie's avatar
Simon McVittie committed
1454

Simon McVittie's avatar
Simon McVittie committed
1455 1456 1457 1458 1459 1460
• Be thread-safe by default on all platforms, even if
  dbus_threads_init_default() has not been called. For compatibility with
  older libdbus, library users should continue to call
  dbus_threads_init_default(): it is harmless to do so.
  (fd.o #54972, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
1461 1462
• Add GetConnectionCredentials() method (fd.o #54445, Simon)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1463 1464 1465
• New API: dbus_setenv(), a simple wrapper around setenv().
  Note that this is not thread-safe. (fd.o #39196, Simon)

Simon McVittie's avatar
Simon McVittie committed
1466 1467 1468 1469 1470 1471
• Add dbus-send --peer=ADDRESS (connect to a given peer-to-peer connection,
  like --address=ADDRESS in previous versions) and dbus-send --bus=ADDRESS
  (connect to a given bus, like dbus-monitor --address=ADDRESS).
  dbus-send --address still exists for backwards compatibility,
  but is no longer documented. (fd.o #48816, Andrey Mazo)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1472 1473 1474 1475
• Windows-specific:
  · "dbus-daemon --nofork" is allowed on Windows again. (fd.o #68852,
    Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
1476 1477
Fixes:

Simon McVittie's avatar
1.6.14  
Simon McVittie committed
1478 1479 1480
• Avoid an infinite busy-loop if a signal interrupts waitpid()
  (fd.o #68945, Simon McVittie)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1481 1482 1483
• Clean up memory for parent nodes when objects are unexported
  (fd.o #60176, Thomas Fitzsimmons)

Simon McVittie's avatar
Simon McVittie committed
1484 1485 1486 1487
• Make dbus_connection_set_route_peer_messages(x, FALSE) behave as
  documented. Previously, it assumed its second parameter was TRUE.
  (fd.o #69165, Chengwei Yang)

Simon McVittie's avatar
Simon McVittie committed
1488 1489 1490
• Escape addresses containing non-ASCII characters correctly
  (fd.o #53499, Chengwei Yang)

Simon McVittie's avatar
Simon McVittie committed
1491 1492
• Document <servicedir> search order correctly (fd.o #66994, Chengwei Yang)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1493 1494 1495
• Don't crash on "dbus-send --session / x.y.z" which regressed in 1.7.4.
  (fd.o #65923, Chengwei Yang)

Simon McVittie's avatar
Simon McVittie committed
1496 1497
• If malloc() returns NULL in _dbus_string_init() or similar, don't free
  an invalid pointer if the string is later freed (fd.o #65959, Chengwei Yang)
1498

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1499 1500 1501
• If malloc() returns NULL in dbus_set_error(), don't va_end() a va_list
  that was never va_start()ed (fd.o #66300, Chengwei Yang)

Simon McVittie's avatar
Simon McVittie committed
1502 1503
• fix build failure with --enable-stats (fd.o #66004, Chengwei Yang)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1504 1505 1506
• fix a regression test on platforms with strict alignment (fd.o #67279,
  Colin Walters)

Simon McVittie's avatar
Simon McVittie committed
1507 1508 1509 1510 1511
• Avoid calling function parameters "interface" since certain Windows headers
  have a namespace-polluting macro of that name (fd.o #66493, Ivan Romanov)

• Assorted Doxygen fixes (fd.o #65755, Chengwei Yang)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1512 1513 1514 1515 1516
• Various thread-safety improvements to static variables (fd.o #68610,
  Simon McVittie)

• Make "make -j check" work (fd.o #68852, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
1517 1518 1519
• Fix a NULL pointer dereference on an unlikely error path
  (fd.o #69327, Sviatoslav Chagaev)

Simon McVittie's avatar
NEWS  
Simon McVittie committed
1520 1521 1522 1523 1524 1525
• Improve valgrind memory pool tracking (fd.o #69326,
  Sviatoslav Chagaev)

• Don't over-allocate memory in dbus-monitor (fd.o #69329,
  Sviatoslav Chagaev)

Simon McVittie's avatar
Simon McVittie committed
1526 1527 1528
• dbus-monitor can monitor dbus-daemon < 1.5.6 again
  (fd.o #66107, Chengwei Yang)

Simon McVittie's avatar
Simon McVittie committed
1529
• Unix-specific:
Simon McVittie's avatar
Simon McVittie committed
1530 1531 1532 1533 1534