NEWS 89.9 KB
Newer Older
1
dbus 1.10.x end-of-life
Simon McVittie's avatar
Simon McVittie committed
2
3
==

4
5
6
7
8
9
10
11
12
13
14
The dbus 1.10.x branch was originally released in 2015 and reached
end-of-life status in July 2020.

If new security issues are discovered in dbus, they will not be fixed
in the 1.10.x branch.

If you are a dbus downstream maintainer in a long-lived OS distribution
and you want to use the upstream dbus-1.10 git branch as a place
to share backported security fixes with other distributions, please
contact the dbus maintainers via the dbus-security mailing list on
lists.freedesktop.org.
Simon McVittie's avatar
Simon McVittie committed
15

Simon McVittie's avatar
Simon McVittie committed
16
dbus 1.10.32 (2020-07-02)
Simon McVittie's avatar
Simon McVittie committed
17
18
==

Simon McVittie's avatar
Simon McVittie committed
19
20
21
22
23
24
25
26
27
28
29
30
The “technically a venom” release.

Maybe security fixes:

• On Unix, avoid a use-after-free if two usernames have the same
  numeric uid. In older versions this could lead to a crash (denial of
  service) or other undefined behaviour, possibly including incorrect
  authorization decisions if <policy group=...> is used.
  Like Unix filesystems, D-Bus' model of identity cannot distinguish
  between users of different names with the same numeric uid, so this
  configuration is not advisable on systems where D-Bus will be used.
  Thanks to Daniel Onaca.
31
  (dbus#305, dbus!166, CVE-2020-35512; Simon McVittie)
Simon McVittie's avatar
Simon McVittie committed
32
33
34
35
36
37
38

Other fixes:

• On Solaris and its derivatives, if a cmsg header is truncated, ensure
  that we do not overrun the buffer used for fd-passing, even if the
  kernel tells us to.
  (dbus#304, dbus!165; Andy Fiddaman)
Simon McVittie's avatar
Simon McVittie committed
39

Simon McVittie's avatar
Simon McVittie committed
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
dbus 1.10.30 (2020-06-02)
==

The “centaur bus” release.

Denial of service fixes:

• CVE-2020-12049: If a message contains more file descriptors than can
  be sent, close those that did get through before reporting error.
  Previously, a local attacker could cause the system dbus-daemon (or
  another system service with its own DBusServer) to run out of file
  descriptors, by repeatedly connecting to the server and sending fds that
  would get leaked.
  Thanks to Kevin Backhouse of GitHub Security Lab.
  (dbus#294, GHSL-2020-057; Simon McVittie)

Other fixes:

• Fix a crash when the dbus-daemon is terminated while one or more
  monitors are active (dbus#291, dbus!140; Simon McVittie)
Simon McVittie's avatar
Simon McVittie committed
60

Simon McVittie's avatar
Simon McVittie committed
61
dbus 1.10.28 (2019-06-11)
Simon McVittie's avatar
Simon McVittie committed
62
63
==

Simon McVittie's avatar
Simon McVittie committed
64
65
The “kitchen slug” release.

Simon McVittie's avatar
Simon McVittie committed
66
67
68
69
70
dbus version control is now hosted on freedesktop.org's Gitlab
installation, and bug reports and feature requests have switched from
Bugzilla bugs (indicated by "fd.o #nnn") to Gitlab issues ("dbus#nnn")
and merge requests ("dbus!nnn").

Simon McVittie's avatar
Simon McVittie committed
71
72
73
74
75
76
77
78
79
80
81
82
83
84
Security fixes:

• CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
  authentication for identities that differ from the user running the
  DBusServer. Previously, a local attacker could manipulate symbolic
  links in their own home directory to bypass authentication and connect
  to a DBusServer with elevated privileges. The standard system and
  session dbus-daemons in their default configuration were immune to this
  attack because they did not allow DBUS_COOKIE_SHA1, but third-party
  users of DBusServer such as Upstart could be vulnerable.
  Thanks to Joe Vennix of Apple Information Security.
  (dbus#269, Simon McVittie)

Other fixes:
Simon McVittie's avatar
Simon McVittie committed
85

Simon McVittie's avatar
Simon McVittie committed
86
87
88
89
90
91
• Prevent reading up to 3 bytes beyond the end of a truncated message.
  This could in principle be an information leak or denial of service
  on the system bus, but is not believed to be exploitable to crash
  the system bus or leak interesting information in practice.
  (fd.o #107332, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
92
93
94
95
96
97
98
99
100
• Stop the dbus-daemon leaking memory (an error message) if delivering
  the message that triggered auto-activation is forbidden. This is
  technically a denial of service because the dbus-daemon will
  run out of memory eventually, but it's a very slow and noisy one,
  because all the rejected messages are also very likely to have
  been logged to the system log, and its scope is typically limited by
  the finite number of activatable services available.
  (dbus#234, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
101
102
103
104
• Remove __attribute__((__malloc__)) attribute on dbus_realloc(),
  which does not meet the criteria for that attribute in gcc 4.7+,
  potentially leading to miscompilation (fd.o #107741, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
105
106
107
108
109
110
• Fix build with gcc 8 -Werror=cast-function-type
  (fd.o #107349, Simon McVittie)

• Fix warning from gcc 8 about suspicious use of strncpy() when
  populating struct sockaddr_un (fd.o #107350, Simon McVittie)

111
112
113
• Fix installation of Ducktype documentation with newer yelp-build
  versions (fd.o #106171, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
114
115
116
117
118
119
120
Tests and CI:

• Add Travis-CI builds for 64-bit Windows using mingw-w64
  (fd.o #105662, Ralf Habacker)

• Add Gitlab-CI integration (fd.o #108177, Simon McVittie)

Simon McVittie's avatar
1.10.26    
Simon McVittie committed
121
D-Bus 1.10.26 (2018-03-01)
Simon McVittie's avatar
Simon McVittie committed
122
123
==

Simon McVittie's avatar
1.10.26    
Simon McVittie committed
124
125
The “village's rustic aesthetic” release.

Simon McVittie's avatar
Simon McVittie committed
126
127
128
129
130
131
132
Fixes:

• Increase system dbus-daemon's RLIMIT_NOFILE rlimit before it drops
  privileges, because it won't have permission afterwards. This fixes a
  regression in dbus 1.10.18 and 1.11.0 which made the standard system bus
  more susceptible to deliberate or accidental denial of service.
  (fd.o #105165, David King)
Simon McVittie's avatar
Simon McVittie committed
133

Simon McVittie's avatar
Simon McVittie committed
134
D-Bus 1.10.24 (2017-09-25)
Simon McVittie's avatar
Simon McVittie committed
135
136
==

Simon McVittie's avatar
Simon McVittie committed
137
138
The “pirate wizard” release.

Simon McVittie's avatar
Simon McVittie committed
139
140
141
142
143
144
145
146
147
148
Fixes:

• When parsing dbus-daemon configuration, tell Expat not to use
  cryptographic-quality entropy as a salt for its hash tables: we trust
  the configuration files, so we are not concerned about algorithmic
  complexity attacks via hash table collisions. This prevents
  dbus-daemon --system from holding up the boot process (and causing
  early-boot system services like systemd, logind, networkd to time
  out) on entropy-starved embedded systems.
  (fd.o #101858, Simon McVittie)
Simon McVittie's avatar
Simon McVittie committed
149

Simon McVittie's avatar
Simon McVittie committed
150
151
• Increase listen() backlog of AF_UNIX sockets to the maximum possible,
  minimizing failed connections under heavy load
152
  (fd.o #95264, Lennart Poettering) (backported from 1.11.4)
Simon McVittie's avatar
Simon McVittie committed
153

Simon McVittie's avatar
Simon McVittie committed
154
155
156
• Avoid a -Werror=declaration-after-statement build failure on Solaris
  (fd.o #102145, Alan Coopersmith)

157
• When using the Monitoring interface, match messages' destinations
Simon McVittie's avatar
Simon McVittie committed
158
  (fd.o #92074, Simon McVittie) (backported from 1.11.0)
159

Simon McVittie's avatar
1.10.22    
Simon McVittie committed
160
D-Bus 1.10.22 (2017-07-27)
Simon McVittie's avatar
Simon McVittie committed
161
162
==

Simon McVittie's avatar
1.10.22    
Simon McVittie committed
163
164
The “roof terrace” release.

Simon McVittie's avatar
Simon McVittie committed
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
Fixes:

• dbus_message_iter_append_basic() no longer leaks memory if it fails to
  append a file descriptor to a message. (fd.o #101568, Simon McVittie)

• dbus_message_iter_open_container() no longer leaks memory if it runs out
  of memory. (fd.o #101568, Simon McVittie)

• dbus_message_append_args_valist() no longer leaks memory if given an
  unsupported type. This situation is still considered to be a programming
  error which needs to be corrected by the user of libdbus.
  (fd.o #101568, Simon McVittie)

• Wrap test-pending-call-disconnected with dbus-run-session so that it can
  pass in environments that are not already running a D-Bus session bus,
  fixing a build-time test regression in 1.10.20
  (fd.o #101698, Simon McVittie)
Simon McVittie's avatar
Simon McVittie committed
182

Simon McVittie's avatar
Simon McVittie committed
183
184
185
• Ensure that tests fail if they would otherwise have tried to connect to
  the real session bus (fd.o #101698, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
186
187
188
• Make build-time tests cope with finding Python 3, but not Python 2
  (fd.o #101716, Simon McVittie)

Simon McVittie's avatar
1.10.20    
Simon McVittie committed
189
D-Bus 1.10.20 (2017-06-29)
Simon McVittie's avatar
Simon McVittie committed
190
191
==

Simon McVittie's avatar
1.10.20    
Simon McVittie committed
192
193
The “suggesting a delivery gone horribly wrong” release.

Simon McVittie's avatar
Simon McVittie committed
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
Fixes:

• Fix a reference leak when blocking on a pending call on a connection
  that has been disconnected (fd.o #101481, Shin-ichi MORITA)

• Don't put timestamps in the Doxygen-generated documentation, for
  closer-to-reproducible builds (fd.o #100692, Simon McVittie)

• Avoid an assertion failure when connecting to a semicolon-separated
  series of addresses, one of which fails (fd.o #101257, Simon McVittie)

Documentation:

• Update git URIs in HACKING document to sync up with cgit.freedesktop.org
  (fd.o #100715, Simon McVittie)
Simon McVittie's avatar
Simon McVittie committed
209

Simon McVittie's avatar
1.10.18    
Simon McVittie committed
210
D-Bus 1.10.18 (2017-04-05)
Simon McVittie's avatar
Simon McVittie committed
211
212
==

Simon McVittie's avatar
1.10.18    
Simon McVittie committed
213
214
The “can't handle a self-referential paradox” release.

Simon McVittie's avatar
NEWS    
Simon McVittie committed
215
216
217
218
Fixes:

• Re-order dbus-daemon startup so that on SELinux systems, the thread
  that reads AVC notifications retains the ability to write to the
Simon McVittie's avatar
Simon McVittie committed
219
  audit log (fd.o #92832, Debian #857660; Laurent Bigonville)
Simon McVittie's avatar
Simon McVittie committed
220

Simon McVittie's avatar
1.10.18    
Simon McVittie committed
221
222
223
• Fix a harmless read overflow and some memory leaks in a unit test
  (fd.o #100568, Philip Withnall)

Simon McVittie's avatar
Simon McVittie committed
224
D-Bus 1.10.16 (2017-02-16)
Simon McVittie's avatar
Simon McVittie committed
225
226
==

Simon McVittie's avatar
Simon McVittie committed
227
228
229
230
231
232
The “super digging powers” release.

The fixes in this release are arguably security fixes, but if they
affect you, please take this opportunity to rethink how you are
configuring dbus.

Simon McVittie's avatar
Simon McVittie committed
233
234
235
236
237
238
Enhancements:

• Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian
  stable and Debian testing in addition to the older Ubuntu that is
  the default (fd.o #98889, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
239
240
Fixes:

Simon McVittie's avatar
Simon McVittie committed
241
242
243
244
245
246
247
248
249
• Prevent symlink attacks in the nonce-tcp transport on Unix that could
  allow an attacker to overwrite a file named "nonce", in a directory
  that the user running dbus-daemon can write, with a random value
  known only to the user running dbus-daemon. This is unlikely to be
  exploitable in practice, particularly since the nonce-tcp transport
  is really only useful on Windows.

  On Unix systems we strongly recommend using only the unix: and systemd:
  transports, together with EXTERNAL authentication. These are the only
Simon McVittie's avatar
Simon McVittie committed
250
  transports and authentication mechanisms enabled by default.
Simon McVittie's avatar
Simon McVittie committed
251
252
253
254
255
256

  (fd.o #99828, Simon McVittie)

• Avoid symlink attacks in the "embedded tests", which are not enabled
  by default and should never be enabled in production builds of dbus.
  (fd.o #99828, Simon McVittie)
Simon McVittie's avatar
Simon McVittie committed
257

Simon McVittie's avatar
Simon McVittie committed
258
D-Bus 1.10.14 (2016-11-28)
Simon McVittie's avatar
NEWS    
Simon McVittie committed
259
260
==

Simon McVittie's avatar
Simon McVittie committed
261
262
The “Well, other bands know more than three chords” release.

Simon McVittie's avatar
NEWS    
Simon McVittie committed
263
264
Fixes:

Simon McVittie's avatar
Simon McVittie committed
265
266
267
268
269
270
271
272
273
274
• Work around an undesired effect of the fix for CVE-2014-3637
  (fd.o #80559), in which processes that frequently send fds, such as
  logind during a flood of new PAM sessions, can get disconnected for
  continuously having at least one fd "in flight" for too long;
  dbus-daemon interprets that as a potential denial of service attack.
  The workaround is to disable that check for uid 0 process such as
  logind, with a message in the system log. The bug remains open while
  we look for a more general solution.
  (fd.o #95263, LP#1591411; Simon McVittie)

Simon McVittie's avatar
NEWS    
Simon McVittie committed
275
276
277
278
• Don't run the test test-dbus-launch-x11.sh if X11 autolaunching
  was disabled at compile time. That test is not expected to work
  in that configuration. (fd.o #98665, Simon McVittie)

Simon McVittie's avatar
1.10.12    
Simon McVittie committed
279
D-Bus 1.10.12 (2016-10-10)
Simon McVittie's avatar
1.10.11    
Simon McVittie committed
280
281
==

Simon McVittie's avatar
1.10.12    
Simon McVittie committed
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
The “not excessively inhospitable” release.

Security fixes:

• Do not treat ActivationFailure message received from root-owned systemd
  name as a format string. In principle this is a security vulnerability,
  but we do not believe it is exploitable in practice, because only
  privileged processes can own the org.freedesktop.systemd1 bus name, and
  systemd does not appear to send activation failures that contain "%".

  Please note that this probably *was* exploitable in dbus versions
  older than 1.6.30, 1.8.16 and 1.9.10 due to a missing check which at
  the time was only thought to be a denial of service vulnerability
  (CVE-2015-0245). If you are still running one of those versions,
  patch or upgrade immediately.

  (fd.o #98157, Simon McVittie)

Other fixes:

• Harden dbus-daemon against malicious or incorrect ActivationFailure
  messages by rejecting them if they do not come from a privileged
  process, or if systemd activation is not enabled
  (fd.o #98157, Simon McVittie)
Simon McVittie's avatar
Simon McVittie committed
306

Simon McVittie's avatar
NEWS    
Simon McVittie committed
307
308
309
• Avoid undefined behaviour when setting reply serial number without going
  via union DBusBasicValue (fd.o #98035, Marc Mutz)

Simon McVittie's avatar
Simon McVittie committed
310
• autogen.sh: fail cleanly if autoconf fails (Simon McVittie)
Simon McVittie's avatar
1.10.11    
Simon McVittie committed
311

Simon McVittie's avatar
1.10.10    
Simon McVittie committed
312
D-Bus 1.10.10 (2016-08-15)
Simon McVittie's avatar
1.10.9    
Simon McVittie committed
313
314
==

Simon McVittie's avatar
1.10.10    
Simon McVittie committed
315
316
The “tungsten door” release.

Simon McVittie's avatar
Simon McVittie committed
317
318
319
320
321
322
323
324
325
326
327
328
Fixes:

• On Linux, when dbus-daemon is run with reduced susceptibility to the
  OOM killer (typically via systemd), do not let child processes inherit
  that setting (fd.o #32851; Kimmo Hämäläinen, WaLyong Cho)

• Output valid shell syntax in ~/.dbus/session-bus/ if the bus address
  contains a semicolon (fd.o #94746, Thiago Macieira)

• Fix memory leaks and thread safety in subprocess starting on Windows
  (fd.o #95191, Ralf Habacker)

329
330
331
• Do not require systemd to have a service file if using it for activation
  (fd.o #93194; Simon McVittie; backport from 1.11.0)

Simon McVittie's avatar
Simon McVittie committed
332
333
334
335
336
• Stop test-dbus-daemon incorrectly failing on platforms that cannot
  discover the process ID of clients (fd.o #96653, Руслан Ижбулатов)

• In tests that exercise correct handling of crashing D-Bus services,
  suppress Windows crash handler (fd.o #95155; Yiyang Fei, Ralf Habacker)
Simon McVittie's avatar
1.10.9    
Simon McVittie committed
337

Simon McVittie's avatar
Simon McVittie committed
338
339
• Explicitly check for stdint.h (Ioan-Adrian Ratiu)

Simon McVittie's avatar
Simon McVittie committed
340
341
342
343
344
345
• update-activation-environment: produce better diagnostics on error
  (fd.o #96653, Simon McVittie)

• Don't fail the build with an unused const variable warning under gcc 6
  (fd.o #97282; Thomas Zimmermann, Simon McVittie)

346
347
348
349
350
351
352
353
354
355
356
357
358
359
• Merge dbus-1.10-ci branch, containing backports from 1.11.0 in build/test
  code to support continuous integration (fd.o #93194, Simon McVittie)

  · Avoid -Wunused-label when compiling with libselinux but no libaudit
  · In development builds, allow OOM tests to be disabled as documented
  · Accept and ignore the --tap argument in all "embedded tests", and run
    all automated tests with that argument for better diagnostics
  · Fix the systemd activation test under CMake by installing the required
    files
  · In Automake, fix shell syntax for installcheck-local with no DESTDIR
  · In Automake, don't try to run manual tests in installcheck
  · In CMake, don't run manual-tcp test as an automated test
  · Add travis-ci.org build machinery

Simon McVittie's avatar
1.10.8    
Simon McVittie committed
360
D-Bus 1.10.8 (2016-03-07)
Simon McVittie's avatar
1.10.7    
Simon McVittie committed
361
362
==

Simon McVittie's avatar
1.10.8    
Simon McVittie committed
363
364
The “digestive biscuits” release.

Simon McVittie's avatar
Simon McVittie committed
365
366
367
368
369
370
Fixes:

• Enable "large file support" on systems where it exists: dbus-daemon
  is not expected to open large files, but it might need to stat files
  that happen to have large inode numbers (fd.o #93545, Hongxu Jia)

Simon McVittie's avatar
Simon McVittie committed
371
372
373
374
375
376
377
378
• Eliminate padding inside DBusMessageIter on 64-bit platforms,
  which might result in a pedantic C compiler not copying the entire contents
  of a DBusMessageIter; statically assert that this is not an ABI change
  in practice (fd.o #94136, Simon McVittie)

• Document dbus-test-tool echo --sleep-ms=N instead of incorrect --sleep=N
  (fd.o #94244, Dmitri Iouchtchenko)

Simon McVittie's avatar
Simon McVittie committed
379
380
381
382
383
384
385
386
• Correctly report test failures in C tests from run-test.sh
  (fd.o #93379; amit tewari, Simon McVittie)

• When tests are enabled, run all the marshal-validate tests, not just
  the even-numbered ones (fd.o #93908, Nick Lewycky)

• Correct the expected error from one marshal-validate test, which was
  previously not run due to the above bug (fd.o #93908, Simon McVittie)
Simon McVittie's avatar
1.10.7    
Simon McVittie committed
387

Simon McVittie's avatar
1.10.6    
Simon McVittie committed
388
D-Bus 1.10.6 (2015-12-01)
Simon McVittie's avatar
1.10.5    
Simon McVittie committed
389
390
==

Simon McVittie's avatar
1.10.6    
Simon McVittie committed
391
392
The “marzipan beetles” release.

Simon McVittie's avatar
Simon McVittie committed
393
394
395
396
397
398
399
400
401
402
403
404
405
Fixes:

• On Unix when running tests as root, don't assert that root and
  the dbus-daemon user can still call UpdateActivationEnvironment;
  assert that those privileged users can call BecomeMonitor instead
  (fd.o #93036, Simon McVittie)

• On Windows, fix a memory leak in the autolaunch transport (fd.o #92899,
  Simon McVittie)

• On Windows Autotools builds, don't run tests that rely on
  dbus-run-session and other Unix-specifics (fd.o #92899, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
406
D-Bus 1.10.4 (2015-11-17)
Simon McVittie's avatar
1.10.3    
Simon McVittie committed
407
408
==

Simon McVittie's avatar
Simon McVittie committed
409
410
The “Frostburn Canyon” release.

Simon McVittie's avatar
NEWS    
Simon McVittie committed
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
Enhancements:

• GetConnectionCredentials, GetConnectionUnixUser and
  GetConnectionUnixProcessID with argument "org.freedesktop.DBus"
  will now return details of the dbus-daemon itself. This is required
  to be able to call SetEnvironment on systemd.
  (fd.o #92857, Jan Alexander Steffens)

Fixes:

• Make UpdateActivationEnvironment always fail with AccessDenied on the
  system bus. Previously, it was possible to configure it so root could
  call it, but the environment variables were not actually used,
  because the launch helper would discard them.
  (fd.o #92857, Jan Alexander Steffens)

• On Unix with --systemd-activation on a user bus, make
  UpdateActivationEnvironment pass on its arguments to systemd's
  SetEnvironment method, solving inconsistency between the environments
  used for traditional activation and systemd user-service activation.
  (fd.o #92857, Jan Alexander Steffens)

Simon McVittie's avatar
Simon McVittie committed
433
434
435
• On Windows, don't crash if <syslog/> or --syslog is used
  (fd.o #92538, Ralf Habacker)

Simon McVittie's avatar
NEWS    
Simon McVittie committed
436
437
438
439
440
441
442
• On Windows, fix a memory leak when setting a DBusError from a Windows
  error (fd.o #92721, Ralf Habacker)

• On Windows, don't go into infinite recursion if we abort the process
  with backtraces enabled (fd.o #92721, Ralf Habacker)

• Fix various failing tests, variously on Windows and cross-platform:
Simon McVittie's avatar
Simon McVittie committed
443
444
445
446
447
448
449
450
451
  · don't test system.conf features (users, groups) that only make sense
    on the system bus, which is not supported on Windows
  · don't call _dbus_warn() when we skip a test, since it is fatal
  · fix computation of expected <standard_session_servicedirs/>
  · when running TAP tests, translate newlines to Unix format, fixing
    cross-compiled tests under Wine on Linux
  · don't stress-test refcounting under Wine, where it's really slow
  · stop assuming that a message looped-back to the test will be received
    immediately
Simon McVittie's avatar
NEWS    
Simon McVittie committed
452
  · skip some system bus tests on Windows since they make no sense there
Simon McVittie's avatar
Simon McVittie committed
453
  (fd.o #92538, fd.o #92721; Ralf Habacker, Simon McVittie)
Simon McVittie's avatar
1.10.3    
Simon McVittie committed
454

Simon McVittie's avatar
1.10.2    
Simon McVittie committed
455
D-Bus 1.10.2 (2015-10-26)
Simon McVittie's avatar
Simon McVittie committed
456
457
==

Simon McVittie's avatar
1.10.2    
Simon McVittie committed
458
459
The “worst pies in London” release.

Simon McVittie's avatar
NEWS    
Simon McVittie committed
460
461
Fixes:

Simon McVittie's avatar
NEWS    
Simon McVittie committed
462
463
464
465
466
• Correct error handling for activation: if there are multiple attempts
  to activate the same service and it fails immediately, the first attempt
  would get the correct reply, but the rest would time out. We now send
  the same error reply to each attempt. (fd.o #92200, Simon McVittie)

Simon McVittie's avatar
NEWS    
Simon McVittie committed
467
468
469
470
471
• If BecomeMonitor is called with a syntactically invalid match rule,
  don't crash with an assertion failure, fixing a regression in 1.9.10.
  This was not exploitable as a denial of service, because the check
  for a privileged user is done first. (fd.o #92298, Simon McVittie)

Simon McVittie's avatar
NEWS    
Simon McVittie committed
472
473
474
475
• On Linux with --enable-user-session, add the bus address to the
  environment of systemd services for better backwards compatibility
  (fd.o #92612, Jan Alexander Steffens)

Simon McVittie's avatar
NEWS    
Simon McVittie committed
476
477
• On Windows, fix the logic for replacing the installation prefix
  in service files' Exec lines (fd.o #83539; Milan Crha, Simon McVittie)
Simon McVittie's avatar
Simon McVittie committed
478

Simon McVittie's avatar
NEWS    
Simon McVittie committed
479
480
481
482
• On Windows, if installed in the conventional layout with ${prefix}/etc
  and ${prefix}/share, use relative paths between bus configuration files
  to allow the tree to be relocated (fd.o #92028, Simon McVittie)

Simon McVittie's avatar
NEWS    
Simon McVittie committed
483
484
485
• Make more of the regression tests pass in Windows builds (fd.o #92538,
  Simon McVittie)

Simon McVittie's avatar
1.10.0    
Simon McVittie committed
486
D-Bus 1.10.0 (2015-08-25)
Simon McVittie's avatar
1.9.19    
Simon McVittie committed
487
488
==

Simon McVittie's avatar
1.10.0    
Simon McVittie committed
489
490
491
492
493
494
495
496
497
498
The “0x20” release.

This is a new stable branch, recommended for use in OS distributions.

Fixes since 1.9.20:

• distribute test/tap-test.sh.in, even if the tarball was built without
  tests enabled (fd.o #91684, Simon McVittie)
• work around a fd leak in libcap-ng < 0.7.7 (fd.o #91684, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
Summary of major changes since 1.8.0:

• The basic setup for the well-known system and session buses is
  now done in read-only files in ${datadir} (normally /usr/share).
  See the NEWS entry for 1.9.18 for details.

• AppArmor integration has been merged, with features similar to the
  pre-existing SELinux integration. It is mostly compatible with the
  patches previously shipped by Ubuntu, with one significant change:
  Ubuntu's GetConnectionAppArmorSecurityContext method has been superseded
  by GetConnectionCredentials and was not included.

• The --enable-user-session configure option can be enabled
  by OS integrators intending to use systemd to provide a session bus
  per user (in effect, treating all concurrent graphical and non-graphical
  login sessions as one large session).

• The new listenable address mode "unix:runtime=yes" listens on
  $XDG_RUNTIME_DIR/bus, the same AF_UNIX socket used by the systemd
  user session. libdbus and "dbus-launch --autolaunch" will connect to
  this address by default. GLib ≥ 2.45.3 and sd-bus ≥ 209 have a
  matching default.

• All executables are now dynamically linked to libdbus-1.
  Previously, some executables, most notably dbus-daemon, were statically
  linked to a specially-compiled variant of libdbus. This results in
  various private functions in the _dbus namespace being exposed by the
  shared library. These are not API, and must not be used outside
  the dbus source tree.

• On platforms with ELF symbol versioning, all public symbols
  are versioned LIBDBUS_1_3.

New bus APIs:

• org.freedesktop.DBus.GetConnectionCredentials returns
  LinuxSecurityLabel where supported
• org.freedesktop.DBus.Monitoring interface (privileged)
  · BecomeMonitor method supersedes match rules with eavesdrop=true,
    which are now deprecated
• org.freedesktop.DBus.Stats interface (semi-privileged)
  · now enabled by default
  · new GetAllMatchRules method
542
543
• org.freedesktop.DBus.Verbose interface (not normally compiled)
  · toggles the effect of DBUS_VERBOSE
Simon McVittie's avatar
Simon McVittie committed
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568

New executables:

• dbus-test-tool
• dbus-update-activation-environment

New optional dependencies:

• The systemd: pseudo-transport requires libsystemd or libsd-daemon
• Complete documentation requires Ducktype and yelp-tools
• Full test coverage requires GLib 2.36 and PyGI
• AppArmor integration requires libapparmor and optionally libaudit

Dependencies removed:

• dbus-glib

D-Bus 1.9.20 (2015-08-06)
==

The “Remember Tomorrow” release.

This is a release-candidate for D-Bus 1.10.0. OS distribution vendors
should test it.

Simon McVittie's avatar
NEWS    
Simon McVittie committed
569
570
571
572
573
574
575
576
577
578
579
580
Fixes:

• Don't second-guess what the ABI of poll() is, allowing it to be used
  on Integrity RTOS and other unusual platforms (fd.o #90314;
  Rolland Dudemaine, Simon McVittie)

• Don't duplicate audit subsystem integration if AppArmor and SELinux are
  both enabled (fd.o #89225, Simon McVittie)

• Log audit events for AppArmor/SELinux policy violations whenever
  we have CAP_AUDIT_WRITE, even if not the system bus
  (fd.o #83856, Laurent Bigonville)
Simon McVittie's avatar
1.9.19    
Simon McVittie committed
581

Simon McVittie's avatar
Simon McVittie committed
582
D-Bus 1.9.18 (2015-07-21)
Simon McVittie's avatar
Simon McVittie committed
583
584
==

Simon McVittie's avatar
Simon McVittie committed
585
586
The “Pirate Elite” release.

Simon McVittie's avatar
NEWS    
Simon McVittie committed
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
Configuration changes:

• The basic setup for the well-known system and session buses is now done
  in read-only files in ${datadir}, moving a step closer to systems
  that can operate with an empty /etc directory. In increasing order
  of precedence:

  · ${datadir}/dbus-1/s*.conf now perform the basic setup such as setting
    the default message policies.
  · ${sysconfdir}/dbus-1/s*.conf are now optional. By default
    dbus still installs a trivial version of each, for documentation
    purposes; putting configuration directives in these files is deprecated.
  · ${datadir}/dbus-1/s*.d/ are now available for third-party software
    to install "drop-in" configuration snippets (any packages
    using those directories should explicitly depend on at least this
    version of dbus).
  · ${sysconfdir}/dbus-1/s*.d/ are also still available for sysadmins
    or third-party software to install "drop-in" configuration snippets
  · ${sysconfdir}/dbus-1/s*-local.conf are still available for sysadmins'
    overrides

  ${datadir} is normally /usr/share, ${sysconfdir} is normally /etc,
  and "s*" refers to either system or session as appropriate.

  (fd.o #89280, Dimitri John Ledkov)
Simon McVittie's avatar
Simon McVittie committed
612

Simon McVittie's avatar
NEWS    
Simon McVittie committed
613
614
615
616
Fixes:

• Fix a memory leak when GetConnectionCredentials() succeeds
  (fd.o #91008, Jacek Bukarewicz)
Simon McVittie's avatar
Simon McVittie committed
617

Simon McVittie's avatar
Simon McVittie committed
618
619
• Ensure that dbus-monitor does not reply to messages intended for others,
  resulting in its own disconnection (fd.o #90952, Simon McVittie)
Simon McVittie's avatar
Simon McVittie committed
620

Simon McVittie's avatar
1.9.16    
Simon McVittie committed
621
D-Bus 1.9.16 (2015-05-14)
622
623
==

624
625
626
627
628
629
630
The “titanium barns” release.

Dependencies:

• Automake 1.13 is now required when compiling from git or modifying
  the build system.

Simon McVittie's avatar
1.8.18    
Simon McVittie committed
631
632
633
634
635
636
637
Security hardening:

• On Unix platforms, change the default configuration for the session bus
  to only allow EXTERNAL authentication (secure kernel-mediated
  credentials-passing), as was already done for the system bus.

  This avoids falling back to DBUS_COOKIE_SHA1, which relies on strongly
Simon McVittie's avatar
1.9.16    
Simon McVittie committed
638
  unpredictable pseudo-random numbers.
Simon McVittie's avatar
1.8.18    
Simon McVittie committed
639
640
641
642
643
644
645
646
647

  If you are using D-Bus over the (unencrypted!) tcp: or nonce-tcp: transport,
  in conjunction with DBUS_COOKIE_SHA1 and a shared home directory using
  NFS or similar, you will need to reconfigure the session bus to accept
  DBUS_COOKIE_SHA1 by commenting out the <auth> element. This configuration
  is not recommended.

  (fd.o #90414, Simon McVittie)

Simon McVittie's avatar
1.9.16    
Simon McVittie committed
648
649
650
651
652
653
• When asked for random numbers for DBUS_COOKIE_SHA1, the nonce-tcp:
  transport, UUIDs or any other reason, fail if we cannot obtain entropy
  (from /dev/urandom or CryptGenRandom()) or an out-of-memory condition
  occurs, instead of silently falling back to low-entropy pseudorandom
  numbers from rand(). (fd.o #90414; Simon McVittie, Ralf Habacker)

Simon McVittie's avatar
NEWS    
Simon McVittie committed
654
655
656
657
658
659
660
661
662
663
664
Enhancements:

• Add dbus_message_iter_get_element_count()
  (fd.o #30350; Christian Dywan, Simon McVittie)

• Introduce new internal DBusSocket and DBusPollable types so we can
  stop treating the Windows SOCKET type as if it was int. DBusSocket
  is specifically a socket, cross-platform. DBusPollable is whatever
  _dbus_poll() can act on, i.e. a fd on Unix or a SOCKET on Windows.
  (fd.o #89444; Ralf Habacker, Simon McVittie)

665
666
667
668
669
670
671
672
673
674
675
676
• All regression tests now output TAP <https://testanything.org/>
  (fd.o #89846, Simon McVittie)

• Internal APIs consistently use signed values for timestamps
  (fd.o #18494, Peter McCurdy)

• Improve diagnostics when UpdateActivationEnvironment calls are rejected
  (fd.o #88812, Simon McVittie)

• Clean up a lot of compiler warnings
  (fd.o #17289, fd.o #89284; Ralf Habacker, Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
677
678
679
680
681
682
683
684
685
Fixes:

• Add locking to DBusCounter's reference count and notify function
  (fd.o #89297, Adrian Szyndela)

• Ensure that DBusTransport's reference count is protected by the
  corresponding DBusConnection's lock (fd.o #90312, Adrian Szyndela)

• Correctly release DBusServer mutex before early-return if we run out
686
  of memory while copying authentication mechanisms (fd.o #90021,
Simon McVittie's avatar
Simon McVittie committed
687
688
  Ralf Habacker)

Simon McVittie's avatar
Simon McVittie committed
689
• Make dbus-test-tool and dbus-update-activation-environment portable
Simon McVittie's avatar
Simon McVittie committed
690
691
  to Windows (fd.o #90089, Ralf Habacker)

692
693
• Correctly initialize all fields of DBusTypeReader (fd.o #90021;
  Ralf Habacker, Simon McVittie)
Simon McVittie's avatar
Simon McVittie committed
694

Simon McVittie's avatar
Simon McVittie committed
695
696
697
• Fix some missing \n in verbose (debug log) messages (fd.o #90004,
  Ralf Habacker)

Simon McVittie's avatar
Simon McVittie committed
698
• Clean up some memory and fd leaks in test code and tools
Simon McVittie's avatar
Simon McVittie committed
699
  (fd.o #90021, Ralf Habacker)
700

701
702
703
704
705
706
• Fix a NULL dereference if the dbus-daemon cannot read a configuration
  directory for a reason that is not ENOENT (fd.o #90021, Ralf Habacker)

• CMake generates a versioned shared library even if the revision is 0,
  as it usually is on the development branch. (fd.o #89450, Ralf Habacker)

Simon McVittie's avatar
Simon McVittie committed
707
D-Bus 1.9.14 (2015-03-02)
Simon McVittie's avatar
1.9.13    
Simon McVittie committed
708
709
==

Simon McVittie's avatar
Simon McVittie committed
710
711
The “don't stand in the poison cloud” release.

Simon McVittie's avatar
NEWS    
Simon McVittie committed
712
713
714
715
716
Dependencies:

• dbus-daemon and dbus-daemon-launch-helper now require libdbus. They
  were previously linked to a static version of libdbus.

Simon McVittie's avatar
NEWS    
Simon McVittie committed
717
718
719
720
721
722
723
724
725
726
• The tests no longer require dbus-glib in order to exercise the libdbus
  shared library; they are always linked to libdbus now.

Build-time configuration:

• The new --enable-user-session option, off by default, can be enabled
  by OS integrators intending to use systemd to provide a session bus
  per user (in effect, treating all concurrent graphical and non-graphical
  login sessions as one large session)

Simon McVittie's avatar
NEWS    
Simon McVittie committed
727
728
729
730
731
732
733
734
735
736
Enhancements:

• All executables are now linked dynamically to libdbus.
  (fd.o #83115; Bertrand SIMONNET, Simon McVittie, Ralf Habacker)

• On platforms that support them (GNU libc and possibly others),
  libdbus now has versioned symbols for its public API.
  All public symbols (visible in the header files) are currently
  versioned as LIBDBUS_1_3; private symbols starting with _dbus or
  dbus_internal have a version that changes with each release, and
Simon McVittie's avatar
NEWS    
Simon McVittie committed
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
  must not be used by applications. (also fd.o #83115)

• New listenable address mode "unix:runtime=yes" which listens on
  a real filesystem (non-abstract) socket $XDG_RUNTIME_DIR/bus
  (fd.o #61303; Colin Walters, Alexander Larsson, Simon McVittie)

• Add optional systemd units for a per-user bus listening on
  $XDG_RUNTIME_DIR/bus (fd.o #61301; Simon McVittie, Colin Walters)

• On Unix platforms, both libdbus and "dbus-launch --autolaunch"
  default to connecting to $XDG_RUNTIME_DIR/bus if it is a socket
  (also fd.o #61301)

• New dbus-update-activation-environment tool uploads environment
  variables to "dbus-daemon --session" and optionally "systemd --user",
  primarily as a way to keep the per-user bus compatible with
  distributions' existing X11 login scripts (also fd.o #61301)

Simon McVittie's avatar
Simon McVittie committed
755
756
757
• <includedir/> elements in dbus-daemon configuration are now silently
  ignored if the directory does not exist. (fd.o #89280, Dimitri John Ledkov)

Simon McVittie's avatar
NEWS    
Simon McVittie committed
758
759
• Add microsecond-resolution timestamps to the default output of
  dbus-monitor and dbus-send (fd.o #88896; Ralf Habacker, Simon McVittie)
Simon McVittie's avatar
1.9.13    
Simon McVittie committed
760

Simon McVittie's avatar
NEWS    
Simon McVittie committed
761
762
763
764
765
Fixes:

• Fix a race condition in the 'monitor' test introduced in 1.9.10
  (fd.o #89222, Simon McVittie)

Simon McVittie's avatar
1.9.12    
Simon McVittie committed
766
D-Bus 1.9.12 (2015-02-19)
Simon McVittie's avatar
1.9.11    
Simon McVittie committed
767
768
==

Simon McVittie's avatar
1.9.12    
Simon McVittie committed
769
770
771
772
The “monster lasagna” release.

Dependencies:

Simon McVittie's avatar
Simon McVittie committed
773
774
• Ducktype and yelp-tools are now required to build complete documentation
  (they are optional for normal builds).
Simon McVittie's avatar
1.9.12    
Simon McVittie committed
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813

Enhancements:

• D-Bus Specification version 0.26
  · GetConnectionCredentials can return LinuxSecurityLabel or WindowsSID
  · document the BecomeMonitor method

• On Linux, add LinuxSecurityLabel to GetConnectionCredentials
  (fd.o #89041; Tyler Hicks, Simon McVittie)

• On Linux, add support for AppArmor mediation of message sending and
  receiving and name ownership (paralleling existing SELinux mediation
  support), and eavesdropping (a new check, currently AppArmor-specific)
  (fd.o #75113; John Johansen, Tyler Hicks, Simon McVittie)

• In dbus-send and dbus-monitor, pretty-print \0-terminated bytestrings
  that have printable ASCII contents; we previously only did this for
  unterminated bytestrings (fd.o #89109, Simon McVittie)

• Add a guide to designing good D-Bus APIs (fd.o #88994, Philip Withnall)

• On Windows, add WindowsSID to GetConnectionCredentials
  (fd.o #54445, Ralf Habacker)

• Improve clarity of dbus-monitor --profile output and add more columns
  (fd.o #89165, Ralf Habacker)

• Add a man page for dbus-test-tool, and build it under CMake as well
  as Autotools (fd.o#89086, Simon McVittie)

• If dbus-daemon was compiled with --enable-verbose, add a D-Bus API
  to control it at runtime, overriding the DBUS_VERBOSE environment variable
  (fd.o #88896, Ralf Habacker)

Fixes:

• Reduce the number of file descriptors used in the fd-passing test,
  avoiding failure under the default Linux fd limit, and automatically
  skip it if the rlimit is too small (fd.o #88998, Simon McVittie)
Simon McVittie's avatar
1.9.11    
Simon McVittie committed
814

Simon McVittie's avatar
1.9.10    
Simon McVittie committed
815
D-Bus 1.9.10 (2015-02-09)
Simon McVittie's avatar
1.9.9    
Simon McVittie committed
816
817
==

818
The “sad cyborgs” release.
819

Simon McVittie's avatar
1.9.10    
Simon McVittie committed
820
Security fixes merged from 1.8.16:
821
822
823
824
825
826
827
828

• Do not allow non-uid-0 processes to send forged ActivationFailure
  messages. On Linux systems with systemd activation, this would
  allow a local denial of service: unprivileged processes could
  flood the bus with these forged messages, winning the race with
  the actual service activation and causing an error reply
  to be sent back when service auto-activation was requested.
  This does not prevent the real service from being started,
Simon McVittie's avatar
Simon McVittie committed
829
  so the attack only works while the real service is not running.
830
831
  (CVE-2015-0245, fd.o #88811; Simon McVittie)

Simon McVittie's avatar
Simon McVittie committed
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
Enhancements:

• The new Monitoring interface in the dbus-daemon lets dbus-monitor and
  similar tools receive messages without altering the security properties
  of the system bus, by calling the new BecomeMonitor method on a
  private connection. This bypasses the normal <allow> and <deny> rules
  entirely, so to preserve normal message-privacy assumptions, only root
  is allowed to do this on the system bus. Restricted environments,
  such as Linux with LSMs, should lock down access to the Monitoring
  interface. (fd.o #46787, Simon McVittie)

• dbus-monitor uses BecomeMonitor to capture more traffic, if the
  dbus-daemon supports it and access permissions allow it.
  It still supports the previous approach ("eavesdropping" match rules)
  for compatibility with older bus daemons. (fd.o #46787, Simon)

• dbus-monitor can now log the message stream as binary data for later
  analysis, with either no extra framing beyond the normal D-Bus headers,
  or libpcap-compatible framing treating each D-Bus message
  as a captured packet. (fd.o #46787, Simon)

853
Other fixes:
Simon McVittie's avatar
Simon McVittie committed
854
855
856
857
858
859

• Fix some CMake build regressions (fd.o #88964, Ralf Habacker)

• On Unix, forcibly terminate regression tests after 60 seconds to
  prevent them from blocking continuous integration frameworks
  (fd.o #46787, Simon)
Simon McVittie's avatar
1.9.9    
Simon McVittie committed
860

Simon McVittie's avatar
Simon McVittie committed
861
D-Bus 1.9.8 (2015-02-03)
Simon McVittie's avatar
1.9.5    
Simon McVittie committed
862
863
==

Simon McVittie's avatar
Simon McVittie committed
864
865
The “all the types of precipitation” release.

Simon McVittie's avatar
NEWS    
Simon McVittie committed
866
867
Dependencies:

Simon McVittie's avatar
NEWS    
Simon McVittie committed
868
• full test coverage now requires GLib 2.36
Simon McVittie's avatar
NEWS    
Simon McVittie committed
869
870
871
872
• full test coverage now requires PyGI (PyGObject 3,
  "import gi.repository.GObject") instead of the
  obsolete PyGObject 2 ("import gobject")

Simon McVittie's avatar
NEWS    
Simon McVittie committed
873
874
875
876
877
878
879
Enhancements:

• add GLib-style "installed tests" (fd.o #88810, Simon McVittie)

• better regression test coverage, including systemd activation
  (fd.o #57952, #88810; Simon McVittie)

Simon McVittie's avatar
NEWS    
Simon McVittie committed
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
Fixes:

• fatal errors correctly make the dbus-daemon exit even if <syslog/> is
  turned off (fd.o #88808, Simon McVittie)

• TCP sockets on Windows no longer fail to listen approximately 1 time
  in 256, caused by a logic error that should have always made it fail but
  was mitigated by incorrect endianness for the port number
  (fd.o #87999, Ralf Habacker)

• fix some Windows build failures (fd.o #88009, #88010; Ralf Habacker)

• on Windows, allow up to 8K connections to the dbus-daemon instead of the
  previous 64, completing a previous fix which only worked under
  Autotools (fd.o #71297, Ralf Habacker)

• on Windows, if the IP family is unspecified only use IPv4,
  to mitigate IPv6 not working correctly (fd.o #87999, Ralf Habacker)

• fix some unlikely memory leaks on OOM (fd.o #88087, Simon McVittie)

• lcov code coverage analysis works again (fd.o #88808, Simon McVittie)

• fix an unused function error with --disable-embedded-tests (fd.o #87837,
  Thiago Macieira)
Simon McVittie's avatar
1.9.5    
Simon McVittie committed
905

906
D-Bus 1.9.6 (2015-01-05)
Simon McVittie's avatar
1.9.5    
Simon McVittie committed
907
908
==

909
The “I do have a bread knife” release.
Simon McVittie's avatar
Simon McVittie committed
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935

Security hardening:

• Do not allow calls to UpdateActivationEnvironment from uids other than
  the uid of the dbus-daemon. If a system service installs unsafe
  security policy rules that allow arbitrary method calls
  (such as CVE-2014-8148) then this prevents memory consumption and
  possible privilege escalation via UpdateActivationEnvironment.

  We believe that in practice, privilege escalation here is avoided
  by dbus-daemon-launch-helper sanitizing its environment; but
  it seems better to be safe.

• Do not allow calls to UpdateActivationEnvironment or the Stats interface
  on object paths other than /org/freedesktop/DBus. Some system services
  install unsafe security policy rules that allow arbitrary method calls
  to any destination, method and interface with a specified object path;
  while less bad than allowing arbitrary method calls, these security
  policies are still harmful, since dbus-daemon normally offers the
  same API on all object paths and other system services might behave
  similarly.

Other fixes:

• Add missing initialization so GetExtendedTcpTable doesn't crash on
  Windows Vista SP0 (fd.o #77008, Илья А. Ткаченко)
Simon McVittie's avatar
1.9.5    
Simon McVittie committed
936

Simon McVittie's avatar
1.9.4    
Simon McVittie committed
937
D-Bus 1.9.4 (2014-11-24)
Simon McVittie's avatar
1.8.11    
Simon McVittie committed
938
939
==

Simon McVittie's avatar
1.9.4    
Simon McVittie committed
940
941
The “extra-sturdy caramel” release.

Simon McVittie's avatar
NEWS    
Simon McVittie committed
942
943
Fixes:

Simon McVittie's avatar
1.8.12    
Simon McVittie committed
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
• Partially revert the CVE-2014-3639 patch by increasing the default
  authentication timeout on the system bus from 5 seconds back to 30
  seconds, since this has been reported to cause boot regressions for
  some users, mostly with parallel boot (systemd) on slower hardware.

  On fast systems where local users are considered particularly hostile,
  administrators can return to the 5 second timeout (or any other value
  in milliseconds) by saving this as /etc/dbus-1/system-local.conf:

  <busconfig>
    <limit name="auth_timeout">5000</limit>
  </busconfig>

  (fd.o #86431, Simon McVittie)

• Add a message in syslog/the Journal when the auth_timeout is exceeded
  (fd.o #86431, Simon McVittie)

Simon McVittie's avatar
NEWS    
Simon McVittie committed
962
963
964
• Send back an AccessDenied error if the addressed recipient is not allowed
  to receive a message (and in builds with assertions enabled, don't
  assert under the same conditions). (fd.o #86194, Jacek Bukarewicz)
Simon McVittie's avatar
1.8.11    
Simon McVittie committed
965

Simon McVittie's avatar
Simon McVittie committed
966
D-Bus 1.9.2 (2014-11-10)
Simon McVittie's avatar
Simon McVittie committed
967
968
==

Simon McVittie's avatar
NEWS    
Simon McVittie committed
969
970
The “structurally unsound flapjack” release.

971
972
973
974
975
976
Security fixes:

• Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536
  so that CVE-2014-3636 part A cannot exhaust the system bus'
  file descriptors, completing the incomplete fix in 1.8.8.
  (CVE-2014-7824, fd.o #85105; Simon McVittie, Alban Crequy)
Simon McVittie's avatar
1.8.9    
Simon McVittie committed
977

Simon McVittie's avatar
Simon McVittie committed
978
979
Enhancements:

980
• D-Bus Specification version 0.25
Simon McVittie's avatar
NEWS    
Simon McVittie committed
981
982
983
984
  · new value 'const' for EmitsChangedSignal annotation
    (fd.o #72958, Lennart Poettering)
  · new ALLOW_INTERACTIVE_AUTHORIZATION flag, for PolicyKit and similar
    (fd.o #83449; Lennart Poettering, Simon McVittie)
985
986
987
  · annotate table of types with reserved/basic/container, and for
    basic types, fixed/string-like
  · clarify arbitrary limits by quoting them in mebibytes
Simon McVittie's avatar
NEWS    
Simon McVittie committed
988
989
990

• New API: add accessors for the ALLOW_INTERACTIVE_AUTHORIZATION flag
  (fd.o #83449, Simon McVittie)
991

Simon McVittie's avatar
NEWS    
Simon McVittie committed
992
993
994
995
996
997
998
• Add dbus-test-tool, a D-Bus swiss army knife with multiple subcommands,
  useful for debugging and performance testing:
  · dbus-test-tool spam: send repeated messages
  · dbus-test-tool echo: send an empty reply for all method calls
  · dbus-test-tool black-hole: do not reply to method calls
  (fd.o #34140; Alban Crequy, Simon McVittie, Will Thompson)

Simon McVittie's avatar
NEWS    
Simon McVittie committed
999
1000
• Add support for process ID in credentials-passing on NetBSD
  (fd.o #69702, Patrick Welche)
For faster browsing, not all history is shown. View entire blame