dbus 1.12.20 (2020-07-02)
=========================
The “temporary nemesis” release.
Maybe security fixes:
• On Unix, avoid a use-after-free if two usernames have the same
numeric uid. In older versions this could lead to a crash (denial of
service) or other undefined behaviour, possibly including incorrect
authorization decisions if <policy group=...> is used.
Like Unix filesystems, D-Bus' model of identity cannot distinguish
between users of different names with the same numeric uid, so this
configuration is not advisable on systems where D-Bus will be used.
Thanks to Daniel Onaca.
(dbus#305, dbus!166; Simon McVittie)
Other fixes:
• On Solaris and its derivatives, if a cmsg header is truncated, ensure
that we do not overrun the buffer used for fd-passing, even if the
kernel tells us to.
(dbus#304, dbus!165; Andy Fiddaman)
dbus 1.12.18 (2020-06-02)
=========================
The “telepathic vines” release.
Denial of service fixes:
• CVE-2020-12049: If a message contains more file descriptors than can
be sent, close those that did get through before reporting error.
Previously, a local attacker could cause the system dbus-daemon (or
another system service with its own DBusServer) to run out of file
descriptors, by repeatedly connecting to the server and sending fds that
would get leaked.
Thanks to Kevin Backhouse of GitHub Security Lab.
(dbus#294, GHSL-2020-057; Simon McVittie)
Other fixes:
• Fix a crash when the dbus-daemon is terminated while one or more
monitors are active (dbus#291, dbus!140; Simon McVittie)
• The dbus-send(1) man page now documents --bus and --peer instead of
the old --address synonym for --peer, which has been deprecated since
the introduction of --bus and --peer in 1.7.6
(fd.o #48816, dbus!115; Chris Morin)
• Fix a wrong environment variable name in dbus-daemon(1)
(dbus#275, dbus!122; Mubin, Philip Withnall)
• Fix formatting of dbus_message_append_args example
(dbus!126, Felipe Franciosi)
• Avoid a test failure on Linux when built in a container as uid 0, but
without the necessary privileges to increase resource limits
(dbus!58, Debian #908092; Simon McVittie)
• When building with CMake, cope with libX11 in a non-standard location
(dbus!129, Tuomo Rinne)
pkglint --only "https instead of http" -r -F
With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.
This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.
dbus 1.12.16 (2019-06-11)
=========================
The “tree cat” release.
Security fixes:
• CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
authentication for identities that differ from the user running the
DBusServer. Previously, a local attacker could manipulate symbolic
links in their own home directory to bypass authentication and connect
to a DBusServer with elevated privileges. The standard system and
session dbus-daemons in their default configuration were immune to this
attack because they did not allow DBUS_COOKIE_SHA1, but third-party
users of DBusServer such as Upstart could be vulnerable.
Thanks to Joe Vennix of Apple Information Security.
(dbus#269, Simon McVittie)
dbus 1.12.14 (2019-05-17)
=========================
The “reclaimed floorboards” release.
Enhancements:
• Raise soft fd limit to match hard limit, even if unprivileged.
This makes session buses with many clients, or with clients that make
heavy use of fd-passing, less likely to suffer from fd exhaustion.
(dbus!103, Simon McVittie)
Fixes:
• If a privileged dbus-daemon has a hard fd limit greater than 64K, don't
reduce it to 64K, ensuring that we can put back the original fd limits
when carrying out traditional (non-systemd) activation. This fixes a
regression with systemd >= 240 in which system services inherited
dbus-daemon's hard and soft limit of 64K fds, instead of the intended
soft limit of 1K and hard limit of 512K or 1M.
(dbus!103, Debian#928877; Simon McVittie)
• Fix build failures caused by an AX_CODE_COVERAGE API change in newer
autoconf-archive versions (dbus#249, dbus!88; Simon McVittie)
• Fix build failures with newer autoconf-archive versions that include
AX_-prefixed shell variable names (dbus#249, dbus!86; Simon McVittie)
• Parse section/group names in .service files according to the syntax
from the Desktop Entry Specification, rejecting control characters
and non-ASCII in section/group names (dbus#208, David King)
• Fix various -Wlogical-op issues that cause build failure with newer
gcc versions (dbus#225, dbus!109; David King)
• Don't assume we can set permissions on a directory, for the benefit of
MSYS and Cygwin builds (dbus#216, dbus!110; Simon McVittie)
• Don't overwrite PKG_CONFIG_PATH and related environment variables when
the pkg-config-based version of DBus1Config is used in a CMake project
(dbus#267, dbus!96; Clemens Lang)
dbus 1.12.12 (2018-12-04)
=========================
The “draconic disciple” release.
dbus version control is now hosted on freedesktop.org's Gitlab
installation, and bug reports and feature requests have switched from
Bugzilla bugs (indicated by "fd.o #nnn") to Gitlab issues ("dbus#nnn")
and merge requests ("dbus!nnn").
Enhancements:
• Reference the freedesktop.org Code of Conduct (Simon McVittie)
Fixes:
• Stop the dbus-daemon leaking memory (an error message) if delivering
the message that triggered auto-activation is forbidden. This is
technically a denial of service because the dbus-daemon will
run out of memory eventually, but it's a very slow and noisy one,
because all the rejected messages are also very likely to have
been logged to the system log, and its scope is typically limited by
the finite number of activatable services available.
(dbus#234, Simon McVittie)
• Remove __attribute__((__malloc__)) attribute on dbus_realloc(),
which does not meet the criteria for that attribute in gcc 4.7+,
potentially leading to miscompilation (fd.o #107741, Simon McVittie)
• Fix some small O(1) memory leaks (fd.o #107320, Simon McVittie)
• Fix printf formats for pointer-sized integers on 64-bit Windows
(fd.o #105662, Ralf Habacker)
• Always use select()-based poll() emulation on Darwin-based OSs
(macOS, etc.) and on Interix, similar to what libcurl does
(dbus#232, dbus!19; Simon McVittie)
• Extend a test timeout to avoid spurious failures in CI
(dbus!26, Simon McVittie)
Tests and CI:
• Add Travis-CI builds for 64-bit Windows using mingw-w64
(fd.o #105662, Ralf Habacker)
• Add Gitlab-CI integration (fd.o #108177, Simon McVittie)
Fix pkglint warnings while here.
dbus 1.12.10 (2018-08-02)
=========================
The “beam deflection” release.
Fixes:
• Prevent reading up to 3 bytes beyond the end of a truncated message.
This could in principle be an information leak or denial of service
on the system bus, but is not believed to be exploitable to crash
the system bus or leak interesting information in practice.
(fd.o #107332, Simon McVittie)
• Fix build with gcc 8 -Werror=cast-function-type
(fd.o #107349, Simon McVittie)
• Fix warning from gcc 8 about suspicious use of strncpy() when
populating struct sockaddr_un (fd.o #107350, Simon McVittie)
• Fix a minor memory leak when a DBusServer listens on a new address
(fd.o #107194, Simon McVittie)
• Fix an invalid NULL argument to rmdir() if a nonce-tcp DBusServer
runs out of memory (fd.o #107194, Simon McVittie)
• Don't use misleading errno-derived error names if getaddrinfo() or
getnameinfo() fails with a code other than EAI_SYSTEM
(fd.o #106395, Simon McVittie)
• Skip tests that require working TCP if we are in a container environment
where 127.0.0.1 cannot be resolved (fd.o #106812, Simon McVittie)
dbus 1.12.8 (2018-04-30)
========================
The “golden super-velociraptor” release.
Enhancements:
• The Devhelp documentation index is now in version 2 format
(fd.o #106186, Simon McVittie)
• Give the dbus-daemon man page some scarier warnings about
<allow_anonymous/> and non-local TCP, which are insecure and should
not be used, particularly for the standard system and session buses
(fd.o #106004, Simon McVittie)
Fixes:
• Fix installation of Ducktype documentation with newer yelp-build
versions (fd.o #106171, Simon McVittie)
dbus 1.12.6 (2018-03-01)
========================
The “just the one swan, actually” release.
Fixes:
• Increase system dbus-daemon's RLIMIT_NOFILE rlimit before it drops
privileges, because it won't have permission afterwards. This fixes a
regression in dbus 1.10.18 and 1.11.0 which made the standard system bus
more susceptible to deliberate or accidental denial of service.
(fd.o #105165, David King)
dbus 1.12.4 (2018-02-08)
========================
The “Stria Campania 115” release.
Fixes:
• When iterating the DBusConnection while blocking on a pending call,
don't wait for I/O if that pending call already has a result; and make
sure that whether it has a result is propagated in a thread-safe way.
This prevents certain multi-threaded calling patterns from blocking
until their timeout even when they should have succeeded sooner.
(fd.o #102839; Manish Narang, Michael Searle)
• Report the correct error if OOM is reached while trying to listen
on a TCP socket (fd.o #89104, Simon McVittie)
• Fix assertion failures in recovery from OOM while setting up a
DBusServer (fd.o #89104, Simon McVittie)
• Add a missing space to a warning message (fd.o #103729, Thomas Zajic)
• Expand ${bindir} correctly when pkg-config is asked for dbus_daemondir
(fd.o #104265, Benedikt Heine)
• On Linux systems with systemd < 237, if ${localstatedir}/dbus doesn't
exist, create it before trying to create ${localstatedir}/dbus/machine-id
(fd.o #104577, Chris Lesiak)
• Fix escaping in dbus-api-design document (fd.o #104925, Philip Withnall)
The actual fix as been done by "pkglint -F */*/buildlink3.mk", and was
reviewed manually.
There are some .include lines that still are indented with zero spaces
although the surrounding .if is indented. This is existing practice.
dbus 1.12.2 (2017-11-13)
========================
The “spider pumpkin” release.
Enhancements:
• Log a warning if a new connection cannot be accepted due to an
out-of-memory condition or failure to identify its AppArmor or
SELinux context (fd.o #103592, Simon McVittie)
Fixes:
• Make use of $(MKDIR_P) compatible with install-sh, fixing build when a
GNU-compatible `mkdir -p` is not available (fd.o #103521, ilovezfs)
• When building for Windows with Autotools, avoid `echo -e`, fixing
cross-compilation on non-GNU platforms like macOS
(fd.o #103493, Tony Theodore)
• Fix crashes in the server side of the nonce-tcp: transport under
various error conditions. This transport should normally only be used
on Windows, where AF_UNIX sockets are unavailable; the unix: transport
is the only one recommended for production use on Unix platforms.
(fd.o #103597, Simon McVittie)
Internal changes:
• Improve test coverage on Travis-CI (Simon McVittie)
dbus 1.12.0 (2017-10-30)
========================
The “gingerbread skull” release.
1.12.x is a new stable branch, recommended for use in OS
distributions.
Summary of major changes between 1.10.x and 1.12.0
--------------------------------------------------
Dependencies:
• Expat >= 2.1.0 is required.
• GLib >= 2.40 is required if full test coverage is enabled.
• [Linux] libselinux >= 2.0.86 is required if SELinux support is
enabled.
• [Unix] dbus now requires an <inttypes.h> that defines C99 constants
such as PRId64 and PRIu64, except when building for Windows.
• [Autotools] Building from git (but not from tarballs) with Autotools
now requires macros from the GNU Autoconf Archive.
• [CMake] Builds done using CMake now require CMake 3.0.2.
Build-time configuration changes:
• Expat is now found using pkg-config. See the release notes for
1.11.14.
• The --disable-compiler-optimisations and --enable-compiler-coverage
options no longer exist. See the release notes for 1.11.4 and 1.11.8.
• [Unix] The --enable-abstract-sockets and --disable-abstract-sockets
options no longer exist. See the release notes for 1.11.20.
• [Unix] Flag files in /var/run/console/${username} are no longer
checked for at_console by default. See the release notes for 1.11.18.
• [Unix, Cygwin] Init scripts are no longer provided by upstream dbus,
and packagers will now need to add these downstream (most already do).
See the release notes for 1.11.18.
• [Unix] The process ID file no longer has a different default location
on Red Hat derivatives. See the release notes for 1.11.18.
• [Unix] ${runstatedir} is now independent of ${localstatedir} with
recent Autotools versions. See the release notes for 1.11.16.
• [Windows] The WINDRES variable is no longer used. See the release
notes for 1.11.22.
Deprecations:
• Eavesdropping is officially deprecated in favour of BecomeMonitor.
See the release notes for spec version 0.31 (in dbus 1.11.14).
• [Unix] Flag files in /var/run/console/${username} are deprecated.
See the release notes for 1.11.18.
New APIs:
• <allow> and <deny> rules in dbus-daemon configuration can now
include send_broadcast="true", send_broadcast="false",
max_unix_fds="N", min_unix_fds="N" (for some integer N).
See the release notes for 1.11.18.
• dbus_try_get_local_machine_id() is like
dbus_get_local_machine_id(), but returns a DBusError.
• New APIs around DBusMessageIter to simplify cleanup.
See the release notes for 1.11.16.
• The message bus daemon now implements the standard Introspectable,
Peer and Properties interfaces. See the release notes for
dbus 1.11.14 and spec version 0.31.
• DTDs for introspection XML and bus configuration are installed.
• dbus can be compiled to be relocatable, making it more suitable for
binary bundling with other software. On Windows, this is on by
default.
• [Unix] A new unix:dir=… address family resembles unix:tmpdir=… but
never uses Linux abstract sockets, which is advantageous for
containers. On non-Linux it is equivalent to unix:tmpdir=….
See the release notes for dbus 1.11.14 and spec version 0.31.
• [Unix] New option "dbus-launch --exit-with-x11".
• [Unix] Session managers can create transient .service files in
$XDG_RUNTIME_DIR/dbus-1/services. See the release notes for 1.11.12.
• [Unix] A sysusers.d snippet can create the messagebus user on-demand.
Miscellaneous behaviour changes:
• [Unix] The session bus now logs to syslog if it was started by
dbus-launch.
• [Unix] Internal warnings are logged to syslog if configured.
• [Unix] Exceeding an anti-DoS limit is logged to syslog if configured,
or to stderr.
D-Bus 1.10.24 (2017-09-25)
==
The “pirate wizard” release.
Fixes:
• When parsing dbus-daemon configuration, tell Expat not to use
cryptographic-quality entropy as a salt for its hash tables: we trust
the configuration files, so we are not concerned about algorithmic
complexity attacks via hash table collisions. This prevents
dbus-daemon --system from holding up the boot process (and causing
early-boot system services like systemd, logind, networkd to time
out) on entropy-starved embedded systems.
(fd.o #101858, Simon McVittie)
• Increase listen() backlog of AF_UNIX sockets to the maximum possible,
minimizing failed connections under heavy load
(fd.o #95264, Lennart Poettering) (backported from 1.11.4)
• Avoid a -Werror=declaration-after-statement build failure on Solaris
(fd.o #102145, Alan Coopersmith)
• When using the Monitoring interface, match messages' destinations
(fd.o #92074, Simon McVittie) (backported from 1.11.0)
D-Bus 1.10.22 (2017-07-27)
==
The “roof terrace” release.
Fixes:
• dbus_message_iter_append_basic() no longer leaks memory if it fails to
append a file descriptor to a message. (fd.o #101568, Simon McVittie)
• dbus_message_iter_open_container() no longer leaks memory if it runs out
of memory. (fd.o #101568, Simon McVittie)
• dbus_message_append_args_valist() no longer leaks memory if given an
unsupported type. This situation is still considered to be a programming
error which needs to be corrected by the user of libdbus.
(fd.o #101568, Simon McVittie)
• Wrap test-pending-call-disconnected with dbus-run-session so that it can
pass in environments that are not already running a D-Bus session bus,
fixing a build-time test regression in 1.10.20
(fd.o #101698, Simon McVittie)
• Ensure that tests fail if they would otherwise have tried to connect to
the real session bus (fd.o #101698, Simon McVittie)
• Make build-time tests cope with finding Python 3, but not Python 2
(fd.o #101716, Simon McVittie)
D-Bus 1.10.20 (2017-06-29)
==
The “suggesting a delivery gone horribly wrong” release.
Fixes:
• Fix a reference leak when blocking on a pending call on a connection
that has been disconnected (fd.o #101481, Shin-ichi MORITA)
• Don't put timestamps in the Doxygen-generated documentation, for
closer-to-reproducible builds (fd.o #100692, Simon McVittie)
• Avoid an assertion failure when connecting to a semicolon-separated
series of addresses, one of which fails (fd.o #101257, Simon McVittie)
Documentation:
• Update git URIs in HACKING document to sync up with cgit.freedesktop.org
(fd.o #100715, Simon McVittie)
D-Bus 1.10.18 (2017-04-05)
==
The “can't handle a self-referential paradox” release.
Fixes:
• Re-order dbus-daemon startup so that on SELinux systems, the thread
that reads AVC notifications retains the ability to write to the
audit log (fd.o #92832, Debian #857660; Laurent Bigonville)
• Fix a harmless read overflow and some memory leaks in a unit test
(fd.o #100568, Philip Withnall)
D-Bus 1.10.16 (2017-02-16)
==
The “super digging powers” release.
The fixes in this release are arguably security fixes, but if they
affect you, please take this opportunity to rethink how you are
configuring dbus.
Enhancements:
• Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian
stable and Debian testing in addition to the older Ubuntu that is
the default (fd.o #98889, Simon McVittie)
Fixes:
• Prevent symlink attacks in the nonce-tcp transport on Unix that could
allow an attacker to overwrite a file named "nonce", in a directory
that the user running dbus-daemon can write, with a random value
known only to the user running dbus-daemon. This is unlikely to be
exploitable in practice, particularly since the nonce-tcp transport
is really only useful on Windows.
On Unix systems we strongly recommend using only the unix: and systemd:
transports, together with EXTERNAL authentication. These are the only
transports and authentication mechanisms enabled by default,
(fd.o #99828, Simon McVittie)
• Avoid symlink attacks in the "embedded tests", which are not enabled
by default and should never be enabled in production builds of dbus.
(fd.o #99828, Simon McVittie)
D-Bus 1.10.14 (2016-11-28)
==
The “Well, other bands know more than three chords” release.
Fixes:
• Work around an undesired effect of the fix for CVE-2014-3637
(fd.o #80559), in which processes that frequently send fds, such as
logind during a flood of new PAM sessions, can get disconnected for
continuously having at least one fd "in flight" for too long;
dbus-daemon interprets that as a potential denial of service attack.
The workaround is to disable that check for uid 0 process such as
logind, with a message in the system log. The bug remains open while
we look for a more general solution.
(fd.o #95263, LP#1591411; Simon McVittie)
• Don't run the test test-dbus-launch-x11.sh if X11 autolaunching
was disabled at compile time. That test is not expected to work
in that configuration. (fd.o #98665, Simon McVittie)
D-Bus 1.10.12 (2016-10-10)
==
The “not excessively inhospitable” release.
Security fixes:
• Do not treat ActivationFailure message received from root-owned systemd
name as a format string. In principle this is a security vulnerability,
but we do not believe it is exploitable in practice, because only
privileged processes can own the org.freedesktop.systemd1 bus name, and
systemd does not appear to send activation failures that contain "%".
Please note that this probably *was* exploitable in dbus versions
older than 1.6.30, 1.8.16 and 1.9.10 due to a missing check which at
the time was only thought to be a denial of service vulnerability
(CVE-2015-0245). If you are still running one of those versions,
patch or upgrade immediately.
(fd.o #98157, Simon McVittie)
Other fixes:
• Harden dbus-daemon against malicious or incorrect ActivationFailure
messages by rejecting them if they do not come from a privileged
process, or if systemd activation is not enabled
(fd.o #98157, Simon McVittie)
• Avoid undefined behaviour when setting reply serial number without going
via union DBusBasicValue (fd.o #98035, Marc Mutz)
• autogen.sh: fail cleanly if autoconf fails (Simon McVittie)
D-Bus 1.10.10 (2016-08-15)
==
The “tungsten door” release.
Fixes:
• On Linux, when dbus-daemon is run with reduced susceptibility to the
OOM killer (typically via systemd), do not let child processes inherit
that setting (fd.o #32851; Kimmo Hämäläinen, WaLyong Cho)
• Output valid shell syntax in ~/.dbus/session-bus/ if the bus address
contains a semicolon (fd.o #94746, Thiago Macieira)
• Fix memory leaks and thread safety in subprocess starting on Windows
(fd.o #95191, Ralf Habacker)
• Do not require systemd to have a service file if using it for activation
(fd.o #93194; Simon McVittie; backport from 1.11.0)
• Stop test-dbus-daemon incorrectly failing on platforms that cannot
discover the process ID of clients (fd.o #96653, Руслан Ижбулатов)
• In tests that exercise correct handling of crashing D-Bus services,
suppress Windows crash handler (fd.o #95155; Yiyang Fei, Ralf Habacker)
• Explicitly check for stdint.h (Ioan-Adrian Ratiu)
• update-activation-environment: produce better diagnostics on error
(fd.o #96653, Simon McVittie)
• Don't fail the build with an unused const variable warning under gcc 6
(fd.o #97282; Thomas Zimmermann, Simon McVittie)
• Merge dbus-1.10-ci branch, containing backports from 1.11.0 in build/test
code to support continuous integration (fd.o #93194, Simon McVittie)
· Avoid -Wunused-label when compiling with libselinux but no libaudit
· In development builds, allow OOM tests to be disabled as documented
· Accept and ignore the --tap argument in all "embedded tests", and run
all automated tests with that argument for better diagnostics
· Fix the systemd activation test under CMake by installing the required
files
· In Automake, fix shell syntax for installcheck-local with no DESTDIR
· In Automake, don't try to run manual tests in installcheck
· In CMake, don't run manual-tcp test as an automated test
· Add travis-ci.org build machinery
g/c CONFIGURE_ARGS_GROUPS (Unused since PR pkg/50075 point 13) )
D-Bus 1.10.8 (2016-03-07)
==
The "digestive biscuits" release.
Fixes:
* Enable "large file support" on systems where it exists: dbus-daemon
is not expected to open large files, but it might need to stat files
that happen to have large inode numbers (fd.o #93545, Hongxu Jia)
* Eliminate padding inside DBusMessageIter on 64-bit platforms,
which might result in a pedantic C compiler not copying the entire contents
of a DBusMessageIter; statically assert that this is not an ABI change
in practice (fd.o #94136, Simon McVittie)
* Document dbus-test-tool echo --sleep-ms=N instead of incorrect --sleep=N
(fd.o #94244, Dmitri Iouchtchenko)
* Correctly report test failures in C tests from run-test.sh
(fd.o #93379; amit tewari, Simon McVittie)
* When tests are enabled, run all the marshal-validate tests, not just
the even-numbered ones (fd.o #93908, Nick Lewycky)
* Correct the expected error from one marshal-validate test, which was
previously not run due to the above bug (fd.o #93908, Simon McVittie)
-----------------------
D-Bus 1.11.0 (2015-12-02)
==
The "peppermint deer" release.
Dependencies:
- On non-Windows platforms, dbus now requires an <inttypes.h> that defines
C99 constants such as PRId64 and PRIu64.
Enhancements:
- D-Bus Specification version 0.27
Specify that services should not reply if NO_REPLY_EXPECTED was used
(fd.o #75749, Lars Uebernickel)
- Add a script to do continuous-integration builds, and metadata to run it
on travis-ci.org. To use this, clone the dbus git repository on GitHub
and set it up with travis-ci.org; the only special setting needed is
"only build branches with a .travis.yml". (fd.o #93194, Simon McVittie)
- If dbus-daemon is run with --systemd-activation, do not require
org.freedesktop.systemd1.service to exist (fd.o #93194, Simon McVittie)
Fixes:
- Re-order dbus-daemon startup so that on SELinux systems, the thread
that reads AVC notifications retains the ability to write to the
audit log (fd.o #92832, Laurent Bigonville)
- Print 64-bit integers on non-GNU Unix platforms (fd.o #92043, Natanael Copa)
- When using the Monitoring interface, match messages' destinations
(fd.o #92074, Simon McVittie)
- On Linux with systemd, stop installing a reference to the obsolete
dbus.target, and enable dbus.socket statically (fd.o #78412, #92402;
Simon McVittie)
- On Windows, when including configuration files with <include> or
<includedir>, apply the same relocation as for the Exec paths
in .service files (fd.o #92028, Simon McVittie)
- Add support for backtraces on Windows (fd.o #92721, Ralf Habacker)
- Fix many -Wpointer-sign warnings (fd.o #93069, Ralf Habacker)
D-Bus 1.10.6 (2015-12-01)
==
The “marzipan beetles” release.
Fixes:
• On Unix when running tests as root, don't assert that root and
the dbus-daemon user can still call UpdateActivationEnvironment;
assert that those privileged users can call BecomeMonitor instead
(fd.o #93036, Simon McVittie)
• On Windows, fix a memory leak in the autolaunch transport (fd.o #92899,
Simon McVittie)
• On Windows Autotools builds, don't run tests that rely on
dbus-run-session and other Unix-specifics (fd.o #92899, Simon McVittie)
D-Bus 1.10.4 (2015-11-17)
==
The “Frostburn Canyon” release.
Enhancements:
• GetConnectionCredentials, GetConnectionUnixUser and
GetConnectionUnixProcessID with argument "org.freedesktop.DBus"
will now return details of the dbus-daemon itself. This is required
to be able to call SetEnvironment on systemd.
(fd.o #92857, Jan Alexander Steffens)
Fixes:
• Make UpdateActivationEnvironment always fail with AccessDenied on the
system bus. Previously, it was possible to configure it so root could
call it, but the environment variables were not actually used,
because the launch helper would discard them.
(fd.o #92857, Jan Alexander Steffens)
• On Unix with --systemd-activation on a user bus, make
UpdateActivationEnvironment pass on its arguments to systemd's
SetEnvironment method, solving inconsistency between the environments
used for traditional activation and systemd user-service activation.
(fd.o #92857, Jan Alexander Steffens)
• On Windows, don't crash if <syslog/> or --syslog is used
(fd.o #92538, Ralf Habacker)
• On Windows, fix a memory leak when setting a DBusError from a Windows
error (fd.o #92721, Ralf Habacker)
• On Windows, don't go into infinite recursion if we abort the process
with backtraces enabled (fd.o #92721, Ralf Habacker)
• Fix various failing tests, variously on Windows and cross-platform:
· don't test system.conf features (users, groups) that only make sense
on the system bus, which is not supported on Windows
· don't call _dbus_warn() when we skip a test, since it is fatal
· fix computation of expected <standard_session_servicedirs/>
· when running TAP tests, translate newlines to Unix format, fixing
cross-compiled tests under Wine on Linux
· don't stress-test refcounting under Wine, where it's really slow
· stop assuming that a message looped-back to the test will be received
immediately
· skip some system bus tests on Windows since they make no sense there
(fd.o #92538, fd.o #92721; Ralf Habacker, Simon McVittie)
D-Bus 1.10.2 (2015-10-26)
==
The “worst pies in London” release.
Fixes:
• Correct error handling for activation: if there are multiple attempts
to activate the same service and it fails immediately, the first attempt
would get the correct reply, but the rest would time out. We now send
the same error reply to each attempt. (fd.o #92200, Simon McVittie)
• If BecomeMonitor is called with a syntactically invalid match rule,
don't crash with an assertion failure, fixing a regression in 1.9.10.
This was not exploitable as a denial of service, because the check
for a privileged user is done first. (fd.o #92298, Simon McVittie)
• On Linux with --enable-user-session, add the bus address to the
environment of systemd services for better backwards compatibility
(fd.o #92612, Jan Alexander Steffens)
• On Windows, fix the logic for replacing the installation prefix
in service files' Exec lines (fd.o #83539; Milan Crha, Simon McVittie)
• On Windows, if installed in the conventional layout with ${prefix}/etc
and ${prefix}/share, use relative paths between bus configuration files
to allow the tree to be relocated (fd.o #92028, Simon McVittie)
• Make more of the regression tests pass in Windows builds (fd.o #92538,
Simon McVittie)
Problems found with existing digests:
Package memconf distfile memconf-2.16/memconf.gz
b6f4b736cac388dddc5070670351cf7262aba048 [recorded]
95748686a5ad8144232f4d4abc9bf052721a196f [calculated]
Problems found locating distfiles:
Package dc-tools: missing distfile dc-tools/abs0-dc-burn-netbsd-1.5-0-gae55ec9
Package ipw-firmware: missing distfile ipw2100-fw-1.2.tgz
Package iwi-firmware: missing distfile ipw2200-fw-2.3.tgz
Package nvnet: missing distfile nvnet-netbsd-src-20050620.tgz
Package syslog-ng: missing distfile syslog-ng-3.7.2.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
D-Bus 1.10.0 (2015-08-25)
==
The “0x20” release.
This is a new stable branch, recommended for use in OS distributions.
Fixes since 1.9.20:
• distribute test/tap-test.sh.in, even if the tarball was built without
tests enabled (fd.o #91684, Simon McVittie)
• work around a fd leak in libcap-ng < 0.7.7 (fd.o #91684, Simon McVittie)
Summary of major changes since 1.8.0:
• The basic setup for the well-known system and session buses is
now done in read-only files in ${datadir} (normally /usr/share).
See the NEWS entry for 1.9.18 for details.
• AppArmor integration has been merged, with features similar to the
pre-existing SELinux integration. It is mostly compatible with the
patches previously shipped by Ubuntu, with one significant change:
Ubuntu's GetConnectionAppArmorSecurityContext method has been superseded
by GetConnectionCredentials and was not included.
• The --enable-user-session configure option can be enabled
by OS integrators intending to use systemd to provide a session bus
per user (in effect, treating all concurrent graphical and non-graphical
login sessions as one large session).
• The new listenable address mode "unix:runtime=yes" listens on
$XDG_RUNTIME_DIR/bus, the same AF_UNIX socket used by the systemd
user session. libdbus and "dbus-launch --autolaunch" will connect to
this address by default. GLib ≥ 2.45.3 and sd-bus ≥ 209 have a
matching default.
• All executables are now dynamically linked to libdbus-1.
Previously, some executables, most notably dbus-daemon, were statically
linked to a specially-compiled variant of libdbus. This results in
various private functions in the _dbus namespace being exposed by the
shared library. These are not API, and must not be used outside
the dbus source tree.
• On platforms with ELF symbol versioning, all public symbols
are versioned LIBDBUS_1_3.
New bus APIs:
• org.freedesktop.DBus.GetConnectionCredentials returns
LinuxSecurityLabel where supported
• org.freedesktop.DBus.Monitoring interface (privileged)
· BecomeMonitor method supersedes match rules with eavesdrop=true,
which are now deprecated
• org.freedesktop.DBus.Stats interface (semi-privileged)
· now enabled by default
· new GetAllMatchRules method
New executables:
• dbus-test-tool
• dbus-update-activation-environment
New optional dependencies:
• The systemd: pseudo-transport requires libsystemd or libsd-daemon
• Complete documentation requires Ducktype and yelp-tools
• Full test coverage requires GLib 2.36 and PyGI
• AppArmor integration requires libapparmor and optionally libaudit
Dependencies removed:
• dbus-glib
D-Bus 1.9.20 (2015-08-06)
==
The “Remember Tomorrow” release.
This is a release-candidate for D-Bus 1.10.0. OS distribution vendors
should test it.
Fixes:
• Don't second-guess what the ABI of poll() is, allowing it to be used
on Integrity RTOS and other unusual platforms (fd.o #90314;
Rolland Dudemaine, Simon McVittie)
• Don't duplicate audit subsystem integration if AppArmor and SELinux are
both enabled (fd.o #89225, Simon McVittie)
• Log audit events for AppArmor/SELinux policy violations whenever
we have CAP_AUDIT_WRITE, even if not the system bus
(fd.o #83856, Laurent Bigonville)
D-Bus 1.9.18 (2015-07-21)
==
The “Pirate Elite” release.
Configuration changes:
• The basic setup for the well-known system and session buses is now done
in read-only files in ${datadir}, moving a step closer to systems
that can operate with an empty /etc directory. In increasing order
of precedence:
· ${datadir}/dbus-1/s*.conf now perform the basic setup such as setting
the default message policies.
· ${sysconfdir}/dbus-1/s*.conf are now optional. By default
dbus still installs a trivial version of each, for documentation
purposes; putting configuration directives in these files is deprecated.
· ${datadir}/dbus-1/s*.d/ are now available for third-party software
to install "drop-in" configuration snippets (any packages
using those directories should explicitly depend on at least this
version of dbus).
· ${sysconfdir}/dbus-1/s*.d/ are also still available for sysadmins
or third-party software to install "drop-in" configuration snippets
· ${sysconfdir}/dbus-1/s*-local.conf are still available for sysadmins'
overrides
${datadir} is normally /usr/share, ${sysconfdir} is normally /etc,
and "s*" refers to either system or session as appropriate.
(fd.o #89280, Dimitri John Ledkov)
Fixes:
• Fix a memory leak when GetConnectionCredentials() succeeds
(fd.o #91008, Jacek Bukarewicz)
• Ensure that dbus-monitor does not reply to messages intended for others,
resulting in its own disconnection (fd.o #90952, Simon McVittie)
D-Bus 1.9.16 (2015-05-14)
==
The “titanium barns” release.
Dependencies:
• Automake 1.13 is now required when compiling from git or modifying
the build system.
Security hardening:
• On Unix platforms, change the default configuration for the session bus
to only allow EXTERNAL authentication (secure kernel-mediated
credentials-passing), as was already done for the system bus.
This avoids falling back to DBUS_COOKIE_SHA1, which relies on strongly
unpredictable pseudo-random numbers.
If you are using D-Bus over the (unencrypted!) tcp: or nonce-tcp: transport,
in conjunction with DBUS_COOKIE_SHA1 and a shared home directory using
NFS or similar, you will need to reconfigure the session bus to accept
DBUS_COOKIE_SHA1 by commenting out the <auth> element. This configuration
is not recommended.
(fd.o #90414, Simon McVittie)
• When asked for random numbers for DBUS_COOKIE_SHA1, the nonce-tcp:
transport, UUIDs or any other reason, fail if we cannot obtain entropy
(from /dev/urandom or CryptGenRandom()) or an out-of-memory condition
occurs, instead of silently falling back to low-entropy pseudorandom
numbers from rand(). (fd.o #90414; Simon McVittie, Ralf Habacker)
Enhancements:
• Add dbus_message_iter_get_element_count()
(fd.o #30350; Christian Dywan, Simon McVittie)
• Introduce new internal DBusSocket and DBusPollable types so we can
stop treating the Windows SOCKET type as if it was int. DBusSocket
is specifically a socket, cross-platform. DBusPollable is whatever
_dbus_poll() can act on, i.e. a fd on Unix or a SOCKET on Windows.
(fd.o #89444; Ralf Habacker, Simon McVittie)
• All regression tests now output TAP <https://testanything.org/>
(fd.o #89846, Simon McVittie)
• Internal APIs consistently use signed values for timestamps
(fd.o #18494, Peter McCurdy)
• Improve diagnostics when UpdateActivationEnvironment calls are rejected
(fd.o #88812, Simon McVittie)
• Clean up a lot of compiler warnings
(fd.o #17289, fd.o #89284; Ralf Habacker, Simon McVittie)
Fixes:
• Add locking to DBusCounter's reference count and notify function
(fd.o #89297, Adrian Szyndela)
• Ensure that DBusTransport's reference count is protected by the
corresponding DBusConnection's lock (fd.o #90312, Adrian Szyndela)
• Correctly release DBusServer mutex before early-return if we run out
of memory while copying authentication mechanisms (fd.o #90021,
Ralf Habacker)
• Make dbus-test-tool and dbus-update-activation-environment portable
to Windows (fd.o #90089, Ralf Habacker)
• Correctly initialize all fields of DBusTypeReader (fd.o #90021;
Ralf Habacker, Simon McVittie)
• Fix some missing \n in verbose (debug log) messages (fd.o #90004,
Ralf Habacker)
• Clean up some memory and fd leaks in test code and tools
(fd.o #90021, Ralf Habacker)
• Fix a NULL dereference if the dbus-daemon cannot read a configuration
directory for a reason that is not ENOENT (fd.o #90021, Ralf Habacker)
• CMake generates a versioned shared library even if the revision is 0,
as it usually is on the development branch. (fd.o #89450, Ralf Habacker)
D-Bus 1.9.14 (2015-03-02)
==
The “don't stand in the poison cloud” release.
Dependencies:
• dbus-daemon and dbus-daemon-launch-helper now require libdbus. They
were previously linked to a static version of libdbus.
• The tests no longer require dbus-glib in order to exercise the libdbus
shared library; they are always linked to libdbus now.
Build-time configuration:
• The new --enable-user-session option, off by default, can be enabled
by OS integrators intending to use systemd to provide a session bus
per user (in effect, treating all concurrent graphical and non-graphical
login sessions as one large session)
Enhancements:
• All executables are now linked dynamically to libdbus.
(fd.o #83115; Bertrand SIMONNET, Simon McVittie, Ralf Habacker)
• On platforms that support them (GNU libc and possibly others),
libdbus now has versioned symbols for its public API.
All public symbols (visible in the header files) are currently
versioned as LIBDBUS_1_3; private symbols starting with _dbus or
dbus_internal have a version that changes with each release, and
must not be used by applications. (also fd.o #83115)
• New listenable address mode "unix:runtime=yes" which listens on
a real filesystem (non-abstract) socket $XDG_RUNTIME_DIR/bus
(fd.o #61303; Colin Walters, Alexander Larsson, Simon McVittie)
• Add optional systemd units for a per-user bus listening on
$XDG_RUNTIME_DIR/bus (fd.o #61301; Simon McVittie, Colin Walters)
• On Unix platforms, both libdbus and "dbus-launch --autolaunch"
default to connecting to $XDG_RUNTIME_DIR/bus if it is a socket
(also fd.o #61301)
• New dbus-update-activation-environment tool uploads environment
variables to "dbus-daemon --session" and optionally "systemd --user",
primarily as a way to keep the per-user bus compatible with
distributions' existing X11 login scripts (also fd.o #61301)
• <includedir/> elements in dbus-daemon configuration are now silently
ignored if the directory does not exist. (fd.o #89280, Dimitri John Ledkov)
• Add microsecond-resolution timestamps to the default output of
dbus-monitor and dbus-send (fd.o #88896; Ralf Habacker, Simon McVittie)
Fixes:
• Fix a race condition in the 'monitor' test introduced in 1.9.10
(fd.o #89222, Simon McVittie)
D-Bus 1.9.12 (2015-02-19)
==
The “monster lasagna” release.
Dependencies:
• Ducktype and yelp-tools are now required to build complete documentation
(they are optional for normal builds).
Enhancements:
• D-Bus Specification version 0.26
· GetConnectionCredentials can return LinuxSecurityLabel or WindowsSID
· document the BecomeMonitor method
• On Linux, add LinuxSecurityLabel to GetConnectionCredentials
(fd.o #89041; Tyler Hicks, Simon McVittie)
• On Linux, add support for AppArmor mediation of message sending and
receiving and name ownership (paralleling existing SELinux mediation
support), and eavesdropping (a new check, currently AppArmor-specific)
(fd.o #75113; John Johansen, Tyler Hicks, Simon McVittie)
• In dbus-send and dbus-monitor, pretty-print \0-terminated bytestrings
that have printable ASCII contents; we previously only did this for
unterminated bytestrings (fd.o #89109, Simon McVittie)
• Add a guide to designing good D-Bus APIs (fd.o #88994, Philip Withnall)
• On Windows, add WindowsSID to GetConnectionCredentials
(fd.o #54445, Ralf Habacker)
• Improve clarity of dbus-monitor --profile output and add more columns
(fd.o #89165, Ralf Habacker)
• Add a man page for dbus-test-tool, and build it under CMake as well
as Autotools (fd.o#89086, Simon McVittie)
• If dbus-daemon was compiled with --enable-verbose, add a D-Bus API
to control it at runtime, overriding the DBUS_VERBOSE environment variable
(fd.o #88896, Ralf Habacker)
Fixes:
• Reduce the number of file descriptors used in the fd-passing test,
avoiding failure under the default Linux fd limit, and automatically
skip it if the rlimit is too small (fd.o #88998, Simon McVittie)
D-Bus 1.9.10 (2015-02-09)
==
The “sad cyborgs” release.
Security fixes merged from 1.8.16:
• Do not allow non-uid-0 processes to send forged ActivationFailure
messages. On Linux systems with systemd activation, this would
allow a local denial of service: unprivileged processes could
flood the bus with these forged messages, winning the race with
the actual service activation and causing an error reply
to be sent back when service auto-activation was requested.
This does not prevent the real service from being started,
so the attack only works while the real service is not running.
(CVE-2015-0245, fd.o #88811; Simon McVittie)
Enhancements:
• The new Monitoring interface in the dbus-daemon lets dbus-monitor and
similar tools receive messages without altering the security properties
of the system bus, by calling the new BecomeMonitor method on a
private connection. This bypasses the normal <allow> and <deny> rules
entirely, so to preserve normal message-privacy assumptions, only root
is allowed to do this on the system bus. Restricted environments,
such as Linux with LSMs, should lock down access to the Monitoring
interface. (fd.o #46787, Simon McVittie)
• dbus-monitor uses BecomeMonitor to capture more traffic, if the
dbus-daemon supports it and access permissions allow it.
It still supports the previous approach ("eavesdropping" match rules)
for compatibility with older bus daemons. (fd.o #46787, Simon)
• dbus-monitor can now log the message stream as binary data for later
analysis, with either no extra framing beyond the normal D-Bus headers,
or libpcap-compatible framing treating each D-Bus message
as a captured packet. (fd.o #46787, Simon)
Other fixes:
• Fix some CMake build regressions (fd.o #88964, Ralf Habacker)
• On Unix, forcibly terminate regression tests after 60 seconds to
prevent them from blocking continuous integration frameworks
(fd.o #46787, Simon)
D-Bus 1.9.8 (2015-02-03)
==
The “all the types of precipitation” release.
Dependencies:
• full test coverage now requires GLib 2.36
• full test coverage now requires PyGI (PyGObject 3,
"import gi.repository.GObject") instead of the
obsolete PyGObject 2 ("import gobject")
Enhancements:
• add GLib-style "installed tests" (fd.o #88810, Simon McVittie)
• better regression test coverage, including systemd activation
(fd.o #57952, #88810; Simon McVittie)
Fixes:
• fatal errors correctly make the dbus-daemon exit even if <syslog/> is
turned off (fd.o #88808, Simon McVittie)
• TCP sockets on Windows no longer fail to listen approximately 1 time
in 256, caused by a logic error that should have always made it fail but
was mitigated by incorrect endianness for the port number
(fd.o #87999, Ralf Habacker)
• fix some Windows build failures (fd.o #88009, #88010; Ralf Habacker)
• on Windows, allow up to 8K connections to the dbus-daemon instead of the
previous 64, completing a previous fix which only worked under
Autotools (fd.o #71297, Ralf Habacker)
• on Windows, if the IP family is unspecified only use IPv4,
to mitigate IPv6 not working correctly (fd.o #87999, Ralf Habacker)
• fix some unlikely memory leaks on OOM (fd.o #88087, Simon McVittie)
• lcov code coverage analysis works again (fd.o #88808, Simon McVittie)
• fix an unused function error with --disable-embedded-tests (fd.o #87837,
Thiago Macieira)
D-Bus 1.9.6 (2015-01-05)
==
The “I do have a bread knife” release.
Security hardening:
• Do not allow calls to UpdateActivationEnvironment from uids other than
the uid of the dbus-daemon. If a system service installs unsafe
security policy rules that allow arbitrary method calls
(such as CVE-2014-8148) then this prevents memory consumption and
possible privilege escalation via UpdateActivationEnvironment.
We believe that in practice, privilege escalation here is avoided
by dbus-daemon-launch-helper sanitizing its environment; but
it seems better to be safe.
• Do not allow calls to UpdateActivationEnvironment or the Stats interface
on object paths other than /org/freedesktop/DBus. Some system services
install unsafe security policy rules that allow arbitrary method calls
to any destination, method and interface with a specified object path;
while less bad than allowing arbitrary method calls, these security
policies are still harmful, since dbus-daemon normally offers the
same API on all object paths and other system services might behave
similarly.
Other fixes:
• Add missing initialization so GetExtendedTcpTable doesn't crash on
Windows Vista SP0 (fd.o #77008, Илья А. Ткаченко)
D-Bus 1.9.4 (2014-11-24)
==
The “extra-sturdy caramel” release.
Fixes:
• Partially revert the CVE-2014-3639 patch by increasing the default
authentication timeout on the system bus from 5 seconds back to 30
seconds, since this has been reported to cause boot regressions for
some users, mostly with parallel boot (systemd) on slower hardware.
On fast systems where local users are considered particularly hostile,
administrators can return to the 5 second timeout (or any other value
in milliseconds) by saving this as /etc/dbus-1/system-local.conf:
<busconfig>
<limit name="auth_timeout">5000</limit>
</busconfig>
(fd.o #86431, Simon McVittie)
• Add a message in syslog/the Journal when the auth_timeout is exceeded
(fd.o #86431, Simon McVittie)
• Send back an AccessDenied error if the addressed recipient is not allowed
to receive a message (and in builds with assertions enabled, don't
assert under the same conditions). (fd.o #86194, Jacek Bukarewicz)
D-Bus 1.9.2 (2014-11-10)
==
The “structurally unsound flapjack” release.
Security fixes:
• Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536
so that CVE-2014-3636 part A cannot exhaust the system bus'
file descriptors, completing the incomplete fix in 1.8.8.
(CVE-2014-7824, fd.o #85105; Simon McVittie, Alban Crequy)
Enhancements:
• D-Bus Specification version 0.25
· new value 'const' for EmitsChangedSignal annotation
(fd.o #72958, Lennart Poettering)
· new ALLOW_INTERACTIVE_AUTHORIZATION flag, for PolicyKit and similar
(fd.o #83449; Lennart Poettering, Simon McVittie)
· annotate table of types with reserved/basic/container, and for
basic types, fixed/string-like
· clarify arbitrary limits by quoting them in mebibytes
• New API: add accessors for the ALLOW_INTERACTIVE_AUTHORIZATION flag
(fd.o #83449, Simon McVittie)
• Add dbus-test-tool, a D-Bus swiss army knife with multiple subcommands,
useful for debugging and performance testing:
· dbus-test-tool spam: send repeated messages
· dbus-test-tool echo: send an empty reply for all method calls
· dbus-test-tool black-hole: do not reply to method calls
(fd.o #34140; Alban Crequy, Simon McVittie, Will Thompson)
• Add support for process ID in credentials-passing on NetBSD
(fd.o #69702, Patrick Welche)
• Add an example script to find potentially undesired match rules
(fd.o #84598, Alban Crequy)
• Document the central assumption that makes our use of credentials-passing
secure (fd.o #83499, Simon McVittie)
• Replace the dbus-glib section of the tutorial with a GDBus recommendation,
and add some links to GDBus and QtDBus documentation (fd.o #25140,
Simon McVittie)
Fixes:
• Use a less confusing NoReply message when disconnected with a reply pending
(fd.o #76112, Simon McVittie)
• Make the .pc file relocatable by letting pkg-config do all variable
expansion itself (fd.o #75858, Руслан Ижбулатов)
• Fix a build failure on platforms with kqueue, which regressed in 1.9.0
(fd.o #85563, Patrick Welche)
• Consistently save errno after socket calls (fd.o #83625, Simon McVittie)
• In dbus-spawn, when the grandchild process exits due to a failed exec(),
do not lose the exec() errno (fd.o #24821, Simon McVittie)
• Do not fail the tests if a parent process has leaked non-close-on-exec
file descriptors to us (fd.o #73689, fd.o #83899; Simon McVittie)
• Do not fail the tests on Unix platforms with incomplete
credentials-passing support, but do fail if we can't pass credentials
on a platform where it is known to work: Linux, FreeBSD, OpenBSD, NetBSD
(fd.o #69702, Simon McVittie)
• Detect accept4, dirfd, inotify_init1, pipe2, and Unix fd passing
when building with cmake, and expand test coverage there
(fd.o #73689; Ralf Habacker, Simon McVittie)
D-Bus 1.9.0 (2014-10-01)
==
The “tiered cheeses” release.
Requirements:
• Support for the systemd: (LISTEN_FDS) pseudo-transport on Linux now
requires either the libsystemd or libsd-daemon shared library, dropping the
embedded convenience copy of sd-daemon (fd.o #71818, Simon)
Build-time configuration changes:
• The Stats interface is now enabled by default, and locked-down to
root-only on the system bus. Configure with --disable-stats
to disable it altogether on memory- or disk-constrained systems,
or see ${docdir}/examples/ to open it up to non-root users on the
system bus or restrict access on the session bus.
(fd.o #80759; Simon McVittie, Alban Crequy)
• The CMake build system now builds the same shared library name as Autotools
on at least Linux and Windows:
- on Linux (and perhaps other Unix platforms), it previously built
libdbus-1.so, but now builds libdbus-1.so.3.* with development
symlink libdbus-1.so and SONAME/symlink libdbus-1.so.3
- on Windows, it previously built either libdbus-1.dll (release) or
libdbus-1d.dll (debug), but now builds libdbus-1-3.dll, copied to
libdbus-1.dll for compatibility with older applications.
(fd.o #74117, Ralf Habacker)
Enhancements:
• D-Bus Specification version 0.24
· document how to quote match rules (fd.o #24307, Simon McVittie)
· explicitly say that most message types never expect a reply
regardles of whether they have NO_REPLY_EXPECTED
(fd.o #75749, Simon McVittie)
• on Unix platforms, disable Nagle's algorithm on TCP connections to improve
initial latency (fd.o #75544, Matt Hoosier)
• use backtrace() if it is in -lexecinfo instead of libc, as on NetBSD
(fd.o #69702, Patrick Welche)
• in dbus-monitor, print more information about file descriptors
(fd.o #80603, Alban Crequy)
• do not install system bus configuration if built for Windows
(fd.o #83583; Ralf Habacker, Simon McVittie)
• Add GetAllMatchRules to the Stats interface (fd.o #24307, Alban Crequy)
• Add a regression test for file descriptor passing (fd.o #83622,
Simon McVittie)
Fixes:
• fix an incorrect error message if a Unix socket path is too long
(fd.o #73887, Antoine Jacoutot)
• in an MSYS/Cygwin environment, pass Unix-style filenames to xmlto,
fixing documentation generation (fd.o #75860, Руслан Ижбулатов)
• in Unix with X11, avoid giving dbus-launch a misleading argv[0]
in ps(1) (fd.o #69716, Chengwei Yang)
• avoid calling poll() with timeout < -1, which is considered invalid
on FreeBSD and NetBSD (fd.o #78480, Jaap Boender)
• be portable to BSD-derived platforms where O_CLOEXEC is unavailable in libc
(like Mac OS X 10.6), or available in libc but unsupported by the kernel
(fd.o #77032; rmvsxop, OBATA Akio, Patrick Welche)
• Fix include path for test/internal/*.c with cmake (Ralf Habacker)
• Documentation improvements
(fd.o #80795, #84313; Thomas Haller, Sebastian Rasmussen)
• in dbus-monitor, do not leak file descriptors that we have monitored
(fd.o #80603, Alban Crequy)
• Set the close-on-exec flag for the inotify file descriptor, even
if built with CMake or older libc (fd.o #73689, Simon McVittie)
• Remove some LGPL code from the Windows dbus-daemon
(fd.o #57272, Ralf Habacker)
D-Bus 1.8.20 (2015-07-21)
==
The “Iguana Vanguard” release.
Fixes:
• Fix a memory leak when GetConnectionCredentials() succeeds
(fd.o #91008, Jacek Bukarewicz)
• Ensure that dbus-monitor does not reply to messages intended for others
(fd.o #90952, Simon McVittie)
in order to be able to use 'xsltproc --nonet' (e.g. empathy, upower, ...)
Update smf files to better deal with creating /var/run/dbus structures on SunOS
update PKGREVISION
D-Bus 1.8.18 (2015-05-14)
==
The “unicorn rifts” release.
Security hardening:
• On Unix platforms, change the default configuration for the session bus
to only allow EXTERNAL authentication (secure kernel-mediated
credentials-passing), as was already done for the system bus.
This avoids falling back to DBUS_COOKIE_SHA1, which relies on strongly
unpredictable pseudo-random numbers; under certain circumstances
(/dev/urandom unreadable or malloc() returns NULL), dbus could
fall back to using rand(), which does not have the desired unpredictability.
The fallback to rand() has not been changed in this stable-branch since
the necessary code changes for correct error-handling are rather intrusive.
If you are using D-Bus over the (unencrypted!) tcp: or nonce-tcp: transport,
in conjunction with DBUS_COOKIE_SHA1 and a shared home directory using
NFS or similar, you will need to reconfigure the session bus to accept
DBUS_COOKIE_SHA1 by commenting out the <auth> element. This configuration
is not recommended.
(fd.o #90414, Simon McVittie)
Other fixes:
• Add locking to DBusCounter's reference count and notify function
(fd.o #89297, Adrian Szyndela)
• Ensure that DBusTransport's reference count is protected by the
corresponding DBusConnection's lock (fd.o #90312, Adrian Szyndela)
• On Windows, listen on the same port for IPv4 and IPv6 (previously
broken by an endianness mistake), and fix a failure to bind TCP
sockets on approximately 1 attempt in 256 (fd.o #87999, Ralf Habacker)
• Correctly release DBusServer mutex before early-return if we run out
of memory while copying authentication mechanisms (fd.o #90004,
Ralf Habacker)
• Fix some missing \n in verbose (debug log) messages (fd.o #90004,
Ralf Habacker)
• Clean up some memory leaks in test code (fd.o #90004, Ralf Habacker)