debian/0000775000000000000000000000000012777427171007207 5ustar debian/libdbus-1-3.lintian-overrides0000664000000000000000000000020112240207265014463 0ustar # false positive: we only say dbus when talking about a package name libdbus-1-3: capitalization-error-in-description dbus D-Bus debian/dbus-1-dbg.lintian-overrides0000664000000000000000000000020012240207265014365 0ustar # false positive: we only say dbus when talking about a package name dbus-1-dbg: capitalization-error-in-description dbus D-Bus debian/dbus-1-doc.links0000664000000000000000000000103512240207265012067 0ustar usr/share/doc/dbus/dbus-faq.html usr/share/doc/dbus-1-doc/html/dbus-faq.html usr/share/doc/dbus/dbus-specification.html usr/share/doc/dbus-1-doc/dbus-specification.html usr/share/doc/dbus/dbus-specification.html usr/share/doc/dbus-1-doc/html/dbus-specification.html usr/share/doc/dbus/dbus-test-plan.html usr/share/doc/dbus-1-doc/dbus-test-plan.html usr/share/doc/dbus/dbus-tutorial.html usr/share/doc/dbus-1-doc/html/dbus-tutorial.html usr/share/doc/dbus/api usr/share/doc/dbus-1-doc/html/api usr/share/doc/dbus usr/share/gtk-doc/html/dbus debian/control0000664000000000000000000001373512265023057010606 0ustar Source: dbus Section: admin Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Utopia Maintenance Team Uploaders: Sjoerd Simons , Sebastian Dröge , Michael Biebl , Loic Minier , Simon McVittie # The following packages can be omitted for bootstrapping, but provide extra # features: # libsystemd-daemon-dev (circular dependency) # libsystemd-login-dev (circular dependency) # The following packages can be omitted for bootstrapping, but improve test # coverage: # libdbus-glib-1-dev (circular dependency) # libglib2.0-dev # python # python-dbus (circular dependency) # python-gobject Build-Depends: automake (>= 1:1.10), autotools-dev, debhelper (>= 9), dh-autoreconf, doxygen, dpkg-dev (>= 1.16.1), libexpat-dev, libdbus-glib-1-dev, libglib2.0-dev (>= 2.31.4), libselinux1-dev [linux-any], libapparmor-dev (>= 2.8.0-0ubuntu38) [linux-any], libsystemd-daemon-dev (>= 32) [linux-any], libsystemd-login-dev (>= 32) [linux-any], libx11-dev, # python (>= 2.6), # python-dbus, # python-gobject, xmlto, xsltproc Standards-Version: 3.9.3 Vcs-Git: git://anonscm.debian.org/pkg-utopia/dbus.git Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-utopia/dbus.git Homepage: http://dbus.freedesktop.org/ Package: dbus Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, adduser, lsb-base (>= 3.2-14), upstart (>= 0.6.3-6), netbase (>= 4.45ubuntu3) Recommends: libpam-systemd Breaks: unity-services (<< 6.0.0-0ubuntu6) Suggests: dbus-x11 Multi-Arch: foreign Description: simple interprocess messaging system (daemon and utilities) D-Bus is a message bus, used for sending messages between applications. Conceptually, it fits somewhere in between raw sockets and CORBA in terms of complexity. . D-Bus supports broadcast messages, asynchronous messages (thus decreasing latency), authentication, and more. It is designed to be low-overhead; messages are sent using a binary protocol, not using XML. D-Bus also supports a method call mapping for its messages, but it is not required; this makes using the system quite simple. . It comes with several bindings, including GLib, Python, Qt and Java. . This package contains the D-Bus daemon and related utilities. . The client-side library can be found in the libdbus-1-3 package, as it is no longer contained in this package. Package: dbus-x11 Architecture: any Section: x11 Depends: ${shlibs:Depends}, ${misc:Depends}, dbus Breaks: x11-common (<< 1:7.5+4) Multi-Arch: foreign Description: simple interprocess messaging system (X11 deps) D-Bus is a message bus, used for sending messages between applications. Conceptually, it fits somewhere in between raw sockets and CORBA in terms of complexity. . This package contains the dbus-launch utility which is necessary for packages using a D-Bus session bus. . See the dbus description for more information about D-Bus in general. Package: libdbus-1-3 Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends} Breaks: kdebase-workspace-bin (<< 4:4.4.5-9), kde-window-manager (<< 4:4.4.5-9) Recommends: dbus Section: libs Description: simple interprocess messaging system (library) D-Bus is a message bus, used for sending messages between applications. Conceptually, it fits somewhere in between raw sockets and CORBA in terms of complexity. . D-Bus supports broadcast messages, asynchronous messages (thus decreasing latency), authentication, and more. It is designed to be low-overhead; messages are sent using a binary protocol, not using XML. D-Bus also supports a method call mapping for its messages, but it is not required; this makes using the system quite simple. . It comes with several bindings, including GLib, Python, Qt and Java. . The daemon can be found in the dbus package. Package: dbus-1-doc Section: doc Architecture: all Depends: ${misc:Depends} Suggests: libdbus-1-dev Description: simple interprocess messaging system (documentation) D-Bus is a message bus, used for sending messages between applications. Conceptually, it fits somewhere in between raw sockets and CORBA in terms of complexity. . This package contains the API documentation for D-Bus, as well as the protocol specification. . See the dbus description for more information about D-Bus in general. Package: libdbus-1-dev Section: libdevel Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: libdbus-1-3 (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends}, pkg-config Description: simple interprocess messaging system (development headers) D-Bus is a message bus, used for sending messages between applications. Conceptually, it fits somewhere in between raw sockets and CORBA in terms of complexity. . See the dbus description for more information about D-Bus in general. Package: dbus-1-dbg Section: debug Priority: extra Architecture: any Pre-Depends: ${misc:Pre-Depends} Depends: libdbus-1-3 (= ${binary:Version}), dbus (= ${binary:Version}), dbus-x11 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Description: simple interprocess messaging system (debug symbols) D-Bus is a message bus, used for sending messages between applications. Conceptually, it fits somewhere in between raw sockets and CORBA in terms of complexity. . This package provides support for debugging programs that use the core D-Bus shared library. . See the dbus package description for more information about D-Bus in general. debian/dbus.dirs0000664000000000000000000000001612240207265011005 0ustar /var/lib/dbus debian/dbus-1-doc.doc-base.specification0000664000000000000000000000030112240207265015236 0ustar Document: dbus-specification Title: D-Bus Specification Section: Programming Format: HTML Index: /usr/share/doc/dbus/dbus-specification.html Files: /usr/share/doc/dbus/dbus-specification.html debian/dbus.install0000664000000000000000000000146612240207265011524 0ustar debian/tmp/etc/dbus-1/ debian/tmp/bin/dbus-daemon debian/tmp/bin/dbus-cleanup-sockets debian/tmp/bin/dbus-send usr/bin debian/tmp/bin/dbus-uuidgen debian/tmp/bin/dbus-monitor usr/bin debian/tmp/usr/lib/dbus-1.0/dbus-daemon-launch-helper debian/tmp/usr/share/man/man1/dbus-daemon.1 debian/tmp/usr/share/man/man1/dbus-cleanup-sockets.1 debian/tmp/usr/share/dbus-1/services debian/tmp/usr/share/dbus-1/system-services debian/tmp/usr/share/man/man1/dbus-send.1 debian/tmp/usr/share/man/man1/dbus-uuidgen.1 debian/tmp/usr/share/man/man1/dbus-monitor.1 debian/tmp/lib/systemd/system/dbus.service debian/tmp/lib/systemd/system/dbus.socket debian/tmp/lib/systemd/system/dbus.target.wants/dbus.socket debian/tmp/lib/systemd/system/multi-user.target.wants/dbus.service debian/tmp/lib/systemd/system/sockets.target.wants/dbus.socket debian/dbus.lintian-overrides0000664000000000000000000000025212240207265013504 0ustar # yes we do want to ship these dbus: package-contains-empty-directory usr/share/dbus-1/services/ dbus: package-contains-empty-directory usr/share/dbus-1/system-services/ debian/dbus-1-doc.lintian-overrides0000664000000000000000000000020012240207265014376 0ustar # false positive: we only say dbus when talking about a package name dbus-1-doc: capitalization-error-in-description dbus D-Bus debian/changelog0000664000000000000000000026434412777426775011107 0ustar dbus (1.6.18-0ubuntu4.4) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via ActivationFailure signal race - debian/patches/CVE-2015-0245.patch: prevent forged ActivationFailure from non-root processes in bus/system.conf.in. - CVE-2015-0245 * SECURITY UPDATE: arbitrary code execution or denial of service via format string vulnerability - debian/patches/format_string.patch: do not use non-literal format string in bus/activation.c. - No CVE number -- Marc Deslauriers Wed, 12 Oct 2016 08:33:44 -0400 dbus (1.6.18-0ubuntu4.3) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via large number of fds - debian/patches/CVE-2014-7824.patch: raise rlimit and restore it for activated services in bus/activation.c, bus/bus.*, dbus/dbus-sysdeps-util-unix.c, dbus/dbus-sysdeps-util-win.c, dbus/dbus-sysdeps.h. - debian/dbus.init: don't launch daemon as a user so the rlimit can be raised. - CVE-2014-7824 * SECURITY REGRESSION: authentication timeout on certain slower systems - debian/patches/CVE-2014-3639-regression.patch: raise auth_timeout back up to 30 secs in bus/config-parser.c, add a warning to bus/connection.c. - CVE-2014-3639 -- Marc Deslauriers Tue, 25 Nov 2014 14:36:43 -0500 dbus (1.6.18-0ubuntu4.2) trusty-security; urgency=medium * SECURITY UPDATE: buffer overrun via odd max_message_unix_fds - debian/patches/CVE-2014-3635.patch: do not extra fds in cmsg padding in dbus/dbus-sysdeps-unix.c, allow using _DBUS_STATIC_ASSERT at a non-global scope in dbus/dbus-internals.h, dbus/dbus-macros.h. - CVE-2014-3635 * SECURITY UPDATE: denial of service via large number of fds - debian/patches/CVE-2014-3636.patch: reduce max number of fds in bus/config-parser.c, bus/session.conf.in, dbus/dbus-message.c, dbus/dbus-sysdeps.h. - CVE-2014-3636 * SECURITY UPDATE: denial of service via persistent file descriptiors - debian/patches/CVE-2014-3637.patch: add a timeout to expire pending fds in bus/bus.*, bus/config-parser.c, bus/connection.c, bus/session.conf.in, cmake/bus/dbus-daemon.xml, dbus/dbus-connection-internal.h, dbus/dbus-connection.c, dbus/dbus-message-internal.h, dbus/dbus-message-private.h, dbus/dbus-message.c, dbus/dbus-transport.*. - CVE-2014-3637 * SECURITY UPDATE: denial of service via large number of pending replies - debian/patches/CVE-2014-3638.patch: reduce max_replies_per_connection to 128 in bus/config-parser.c. - CVE-2014-3638 * SECURITY UPDATE: denial of service via incomplete connections - debian/patches/CVE-2014-3639.patch: reduce auth_timeout in bus/config-parser.c, stop listening on DBusServer sockets when reaching max_incomplete_connections in bus/bus.*, bus/connection.*, dbus/dbus-server-protected.h, dbus/dbus-server.c, dbus/dbus-watch.*. - CVE-2014-3639 -- Marc Deslauriers Wed, 17 Sep 2014 10:16:51 -0400 dbus (1.6.18-0ubuntu4.1) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via activation errors - debian/patches/CVE-2014-3477.patch: improve error handling in bus/activation.*, bus/services.c. - CVE-2014-3477 * SECURITY UPDATE: denial of service via ETOOMANYREFS - debian/patches/CVE-2014-3532.patch: drop message on ETOOMANYREFS in dbus/dbus-sysdeps.*, dbus/dbus-transport-socket.c. - CVE-2014-3532 * SECURITY UPDATE: denial of service via invalid file descriptor - debian/patches/CVE-2014-3533.patch: fix memory handling in dbus/dbus-message.c. - CVE-2014-3533 -- Marc Deslauriers Thu, 03 Jul 2014 08:35:11 -0400 dbus (1.6.18-0ubuntu4) trusty; urgency=medium * Create ~/.cache/upstart if it doesn't already exist. Thanks to Ryan Lovett for the patch. (LP: #1300516) -- Stéphane Graber Tue, 01 Apr 2014 17:53:17 -0400 dbus (1.6.18-0ubuntu3) trusty; urgency=low * aa-mediate-eavesdropping.patch: Query AppArmor when confined applications attempt to eavesdrop on the bus. See the apparmor.d(5) man page for AppArmor syntax details. (LP: #1262440) * debian/control: Depend on the apparmor version containing the new eavesdrop permission -- Tyler Hicks Mon, 13 Jan 2014 11:45:21 -0600 dbus (1.6.18-0ubuntu2) trusty; urgency=low [ James Hunt ] * debian/dbus.user-session.upstart: Communicate session bus to Upstart Session Init to avoid potential out-of-memory scenario triggered by Upstart clients that do not run main loops (LP: #1235649, LP: #1252317). -- Dmitrijs Ledkovs Tue, 19 Nov 2013 11:14:58 +0000 dbus (1.6.18-0ubuntu1) trusty; urgency=low * New upstream version -- Sebastien Bacher Mon, 11 Nov 2013 18:07:24 +0100 dbus (1.6.12-0ubuntu10) saucy; urgency=low * debian/patches/aa-mediation.patch: Attempt to open() the mask file in apparmorfs/features/dbus rather than simply stat() the dbus directory. This is an important difference because AppArmor does not mediate the stat() syscall. This resulted in problems in an environment where dbus-daemon, running inside of an LXC container, did not have the necessary AppArmor rules to access apparmorfs but the stat() succeeded so mediation was not properly disabled. (LP: #1238267) This problem was exposed after dropping aa-kernel-compat-check.patch because the compat check was an additional check that performed a test query. The test query was failing in the above scenario, which did result in mediation being disabled. * debian/patches/aa-get-connection-apparmor-security-context.patch, debian/patches/aa-mediate-eavesdropping.patch: Refresh these patches to accomodate the above change -- Tyler Hicks Thu, 10 Oct 2013 10:40:26 -0700 dbus (1.6.12-0ubuntu9) saucy; urgency=low * debian/patches/aa-mediate-eavesdropping.patch: Fix a regression that caused dbus-daemon to segfault when AppArmor mediation is disabled, or unsupported by the kernel, and an application attempts to eavesdrop (LP: #1237059) -- Tyler Hicks Tue, 08 Oct 2013 17:58:36 -0700 dbus (1.6.12-0ubuntu8) saucy; urgency=low * debian/patches/aa-kernel-compat-check.patch: Drop this patch. It was a temporary compatibility check to paper over incompatibilities between dbus-daemon, libapparmor, and the AppArmor kernel code while AppArmor D-Bus mediation was in development. * debian/patches/aa-mediation.patch: Fix a bug that resulted in all actions denied by AppArmor to be audited. Auditing such actions is the default, but it should be possible to quiet audit messages by using the "deny" AppArmor rule modifier. (LP: #1226356) * debian/patches/aa-mediation.patch: Fix a bug in the code that builds AppArmor queries for the process that is receiving a message. The message's destination was being used, as opposed to the message's source, as the peer name in the query string. (LP: #1233895) * debian/patches/aa-mediate-eavesdropping.patch: Don't allow applications that are confined by AppArmor to eavesdrop. Ideally, this would be configurable with AppArmor policy, but the parser does not yet support any type of eavesdropping permission. For now, confined applications will simply not be allowed to eavesdrop. (LP: #1229280) -- Tyler Hicks Fri, 04 Oct 2013 09:59:21 -0700 dbus (1.6.12-0ubuntu7) saucy; urgency=low * Enable log output in session dbus upstart job. -- Dmitrijs Ledkovs Fri, 04 Oct 2013 10:21:15 +0100 dbus (1.6.12-0ubuntu6) saucy; urgency=low * Specify --fork to dbus-daemon in upstart user-session mode, to get the daemon readiness information and emit started dbus, when dbus is actually ready to operate. (LP: #1234731) -- Dmitrijs Ledkovs Thu, 03 Oct 2013 17:32:15 +0100 dbus (1.6.12-0ubuntu5) saucy; urgency=low * Add support for mediation of D-Bus messages and services. AppArmor D-Bus rules are described in the apparmor.d(5) man page. dbus-daemon will use libapparmor to perform queries against the AppArmor policies to determine if a connection should be able to send messages to another connection, if a connection should be able to receive messages from another connection, and if a connection should be able to bind to a well-known name. - debian/patches/aa-build-tools.patch: Update build files to detect and build against libapparmor - debian/patches/aa-mediation.patch: Support AppArmor mediation of D-Bus messages and services. By default, AppArmor mediation is enabled if AppArmor is available. To disable AppArmor mediation, place '' in each bus configuration file. See the dbus-daemon(1) man page for more details. - debian/patches/aa-get-connection-apparmor-security-context.patch: Add an org.freedesktop.DBus.GetConnectionAppArmorSecurityContext method that takes the unique name of a connection as input and returns the AppArmor label attached to the connection - debian/patches/aa-kernel-compat-check.patch: Perform a compatibility check of dbus, libapparmor, and the AppArmor kernel code during initialization to determine if everything is in place to perform AppArmor mediation. This is a temporary patch to overcome some potential incompatabilities during the Saucy development release and should be dropped prior to Saucy's release. - debian/control: Add libapparmor-dev as a Build-Depends - debian/rules: Specify that D-Bus should be built against libapparmor during the configure stage of the build * debian/patches/aa-mediation.patch: Clean up the AppArmor initialization - Don't treat any errors from aa_is_enabled() as fatal unless the AppArmor D-Bus mode is set to "required". This should fix errors when various test cases need to start dbus-daemon on buildds. (LP: #1217598) - Don't print to stderr during initialization unless an error has occurred (LP: #1217710) - Don't redefine _dbus_warn() to syslog(). A previous comment left in the code suggested that _dbus_warn() caused segfaults. Testing proves that is not the case. * debian/patches/aa-get-connection-apparmor-security-context.patch: Refresh patch to fix offset warnings after modifying aa-mediation.patch -- Tyler Hicks Wed, 28 Aug 2013 13:26:13 -0700 dbus (1.6.12-0ubuntu2) saucy; urgency=low * dump DBUS_SESSION_BUS_ADDRESS into ~/.dbus-session, so we can source it -- Oliver Grawert Tue, 16 Jul 2013 19:56:35 +0200 dbus (1.6.12-0ubuntu1) saucy; urgency=low * New upstream version, drop CVE-2013-2168.patch included in the update -- Sebastien Bacher Wed, 19 Jun 2013 19:04:25 +0200 dbus (1.6.10-0ubuntu2) saucy; urgency=low * SECURITY UPDATE: denial of service via _dbus_printf_string_upper_bound() length. - debian/patches/CVE-2013-2168.patch: use a copy of va_list in dbus/dbus-sysdeps-unix.c, dbus/dbus-sysdeps-win.c, added test to test/Makefile.am, test/internals/printf.c. - CVE-2013-2168 -- Marc Deslauriers Thu, 13 Jun 2013 08:40:01 -0400 dbus (1.6.10-0ubuntu1) saucy; urgency=low * New upstream version -- Sebastien Bacher Mon, 13 May 2013 19:29:40 +0200 dbus (1.6.8-1ubuntu8) saucy; urgency=low * Add 00git_logind_check.patch: Fix logind check. * Add 00git_sd_daemon_update.patch: Update to current sytemd upstream sd_booted() to actually check for systemd init. -- Martin Pitt Mon, 29 Apr 2013 11:42:42 -0700 dbus (1.6.8-1ubuntu7) saucy; urgency=low * Use logind for session tracking, so that "at_console" policies work with logind instead of ConsoleKit. Add "libpam-systemd" recommends. -- Martin Pitt Sun, 10 Mar 2013 13:39:46 +0100 dbus (1.6.8-1ubuntu6) raring; urgency=low * Tweak startup condition of user-job to block xsession-init until it's started. (LP: #1155205) -- Stéphane Graber Mon, 25 Mar 2013 09:52:01 -0400 dbus (1.6.8-1ubuntu5) raring; urgency=low * debian/libdbus-1-3.postinst: Force an upgrade to restart Upstart (to pick up new package version) if the running instance supports it (LP: #1146653). -- James Hunt Thu, 14 Mar 2013 10:32:39 -0400 dbus (1.6.8-1ubuntu4) raring; urgency=low * Add upstart user session job for dbus. -- Stéphane Graber Tue, 12 Mar 2013 15:04:50 -0400 dbus (1.6.8-1ubuntu3) raring; urgency=low * Mark libdbus-1-dev as Multi-Arch same. -- Dmitrijs Ledkovs Mon, 07 Jan 2013 17:36:51 +0000 dbus (1.6.8-1ubuntu2) raring; urgency=low * The tests are not run diring the build. Configure with --disable-tests, drop the build dependencies needed for the tests. -- Matthias Klose Mon, 07 Jan 2013 17:03:23 +0100 dbus (1.6.8-1ubuntu1) raring; urgency=low * Resynchronize on Debian, see 1.6.4-1ubuntu1 and 1.6.4-1ubuntu3 for a summary of the Ubuntu changes -- Sebastien Bacher Wed, 07 Nov 2012 15:31:11 +0100 dbus (1.6.8-1) unstable; urgency=low * Merge from experimental * New upstream stable release 1.6.6 - CVE-2012-3524: mitigates arbitrary code execution in setuid or otherwise privileged binaries that use libdbus without first sanitizing the environment variables inherited from their less-privileged caller (Closes: #689070) * New upstream stable release 1.6.8 - Revert part of 1.6.6 (do not check filesystem capabilities, only setuid/setgid), fixing regressions in certain configurations of gnome-keyring -- Simon McVittie Sat, 29 Sep 2012 13:25:50 +0100 dbus (1.6.4-1ubuntu4) quantal-proposed; urgency=low * debian/patches/CVE-2012-3524-regression-fix.patch: updated to fix test suite. -- Marc Deslauriers Wed, 03 Oct 2012 14:41:36 -0400 dbus (1.6.4-1ubuntu3) quantal-proposed; urgency=low * REGRESSION FIX: some applications launched with the activation helper may need DBUS_STARTER_ADDRESS. (LP: #1058343) - debian/patches/CVE-2012-3524-regression-fix.patch: hardcode the starter address to the default system bus address. * Fix unclean shutdown after dbus upgrade (LP: #740390) - debian/libdbus-1-3.postinst: trigger an upstart re-exec before shutdown or reboot so that it can safely unmount the root filesystem. -- Marc Deslauriers Wed, 03 Oct 2012 07:14:40 -0400 dbus (1.6.4-1ubuntu2) quantal-proposed; urgency=low * SECURITY UPDATE: privilege escalation via unsanitized environment - debian/patches/CVE-2012-3524-dbus.patch: Don't access environment variables or run dbus-launch when setuid in configure.ac, dbus/dbus-keyring.c, dbus/dbus-sysdeps* - CVE-2012-3524 -- Marc Deslauriers Fri, 14 Sep 2012 08:57:33 -0400 dbus (1.6.4-1ubuntu1) quantal-proposed; urgency=low * Upload to quantal (lp: #1014850) * debian/control: - use "Breaks: unity-services (<< 6.0.0-0ubuntu6)", the new dbus eavedropping protection was creating issues with previous versions [ Iain Lane ] * Merge with Debian experimental for the new stable series. Remaining Ubuntu changes: - Install binaries into / rather than /usr: + debian/rules: Set --exec-prefix=/ + debian/dbus.install, debian/dbus-x11.install: Install from /bin - Use upstart to start: + Add debian/dbus.upstart. + debian/control: Add upstart dependency. + debian/dbus.postinst: Use upstart call instead of invoking the init.d script for checking if we are already running. + debian/control: versioned dependency on netbase that emits the new deconfiguring-networking event used in upstart script. - 20_system_conf_limit.patch: Increase max_match_rules_per_connection for the system bus to 5000 (LP #454093) - 81-session.conf-timeout.patch: Raise the service startup timeout from 25 to 60 seconds. It may be too short on the live CD with slow machines. - Add 0001-activation-allow-for-more-variation-than-just-system.patch, 0002-bus-change-systemd-activation-to-activation-systemd.patch, 0003-upstart-add-upstart-as-a-possible-activation-type.patch, 0004-upstart-add-UpstartJob-to-service-desktop-files.patch, 0005-activation-implement-upstart-activation.patch: Patches from Scott James Remnant to implement Upstart service activation. Not upstream. Disable patches since they do not apply and this facility is unused anyway. * Remove systemd BDs; not appropriate for Ubuntu. -- Sebastien Bacher Fri, 03 Aug 2012 12:05:38 +0200 dbus (1.6.4-1) experimental; urgency=low * gbp.conf: switch to experimental branch * New upstream stable release - remove incorrect assertion and have correct default for developer mode (Closes: #680027, differently) -- Simon McVittie Wed, 18 Jul 2012 18:42:52 +0100 dbus (1.6.2-2) unstable; urgency=low * Disable "developer mode", which was intended to be off-by-default, but was incorrectly on-by-default in 1.6.2, causing an incorrect assertion to be hit when starting fcitx before dbus-launch. (Closes: #680027) -- Simon McVittie Tue, 03 Jul 2012 19:33:42 +0100 dbus (1.6.2-1) unstable; urgency=low * New upstream stable release - dbus-launch --exit-with-session no longer monitors its stdin if run under X11 (Closes: #453755) * Remove the workaround for #453755 from dbus-Xsession -- Simon McVittie Wed, 27 Jun 2012 18:22:20 +0100 dbus (1.6.0-1) unstable; urgency=low * Merge from "experimental" (1.5.12 was accidentally uploaded to unstable) * New upstream stable release * debian/watch: only match stable (0.even.x) releases -- Simon McVittie Tue, 05 Jun 2012 14:23:46 +0100 dbus (1.5.12-1) unstable; urgency=low * Merge from unstable * New upstream release - adds new API * Standards-Version: 3.9.3 (no changes) * Remove lintian override for #629648, hopefully the ftpmasters are using lintian 2.5.1 by now * Add lintian overrides for the empty directories we (intentionally) ship * Don't run dh_makeshlibs on dbus-1-dbg, nothing should be linking to its extra-debug-enabled build of the library * Register D-Bus documentation in doc-base -- Simon McVittie Tue, 27 Mar 2012 18:36:38 +0100 dbus (1.4.20-1) unstable; urgency=low * New upstream release - fixes FTBFS with GLib 2.32 (Closes: #665665) -- Simon McVittie Tue, 27 Mar 2012 13:33:33 +0100 dbus (1.5.10-1) experimental; urgency=low * New upstream release * Merge from unstable * Build with systemd console-user-checking support * Use debhelper 9 (mainly for compressed, build-ID-based debug symbols), and dpkg's default.mk instead of hardening-includes -- Simon McVittie Tue, 21 Feb 2012 18:24:14 +0000 dbus (1.4.18-1) unstable; urgency=low * New upstream release * Change dbus and src:dbus from Section: devel to Section: admin (Closes: #659357) -- Simon McVittie Mon, 13 Feb 2012 17:17:43 +0000 dbus (1.5.8-1) experimental; urgency=low * Merge from unstable * New upstream release -- Simon McVittie Wed, 21 Sep 2011 18:32:46 +0100 dbus (1.4.16-1) unstable; urgency=low * New upstream release * Do not symlink dcop-howto.txt.gz - no longer installed (this is D-Bus, not DCOP) * Set the build-dependencies to be enough to run all tests, but don't run the tests yet -- Simon McVittie Wed, 21 Sep 2011 15:32:10 +0100 dbus (1.5.6-1) experimental; urgency=low * Merge from unstable * New upstream release -- Simon McVittie Fri, 29 Jul 2011 16:56:04 +0100 dbus (1.4.14-1) unstable; urgency=low * New upstream release - no longer needs workarounds to build or install the documentation * Remove --disable-gc-sections, unnecessary since 1.4.12 -- Simon McVittie Fri, 29 Jul 2011 16:50:56 +0100 dbus (1.5.4-3) experimental; urgency=low * Merge from unstable -- Simon McVittie Fri, 15 Jul 2011 11:26:08 +0100 dbus (1.4.12-5) unstable; urgency=low * Undo the changed invocation for dbus-launch, which seems to cause more problems than it solves (LP: #807614, LP: #809900, probably also Closes: #633652) * Work around #453755 by just reopening stdin from /dev/null instead, until fd.o #39197 gets fixed -- Simon McVittie Fri, 15 Jul 2011 10:45:56 +0100 dbus (1.4.12-4) unstable; urgency=low * Override missing-pre-dependency-on-multiarch-support for the -dev package, ftp-master doesn't have lintian 2.5.1 yet * Check all Description fields for correct use of dbus (package name) vs. D-Bus (project name), and override lintian false-positives -- Simon McVittie Fri, 01 Jul 2011 07:55:01 +0100 dbus (1.4.12-3) unstable; urgency=low * Mention CVE-2011-2200 in the changelog for 1.4.12-1 now it has a CVE ID * Merge some things from Ubuntu, via experimental: - move libraries into multiarch locations (but don't move binaries from /usr to /, which is not needed on Debian) - run dbus-uuidgen --ensure in postinst - call ReloadConfig with dbus-send in the postinst, since that'll work regardless of whether dbus was started with sysvinit or Upstart; just call it unconditionally, and ignore any failures we might see (in chroots or if dbus-daemon wasn't running) * and more things from experimental: - improve comments in postinst explaining why it behaves as it does * Run dbus-launch for X sessions in a way that doesn't consume characters from startx's stdin, or the stdin of certain display managers' init scripts (known to affect slim, but not xdm or gdm) (Closes: #453755) * Remove the .la file for the debug build, not just the normal build -- Simon McVittie Thu, 30 Jun 2011 17:21:03 +0100 dbus (1.5.4-2) experimental; urgency=low * Merge from unstable -- Simon McVittie Sat, 11 Jun 2011 19:33:40 +0100 dbus (1.4.12-2) unstable; urgency=medium * Don't run tests during build (again), it appears they time out on most of of the buildds * Explicitly build-depend on automake 1.10, so buildds won't try and fail with automake1.9 like kfreebsd-i386 did -- Simon McVittie Sat, 11 Jun 2011 14:11:04 +0100 dbus (1.5.4-1) experimental; urgency=low * Merge from unstable * New(er) upstream version fixing local DoS (Closes: #629938) * Revert some of the changes merged from Ubuntu, which look as though they shouldn't be needed on either distribution: - there's no need to create/chown messagebus' home directory, the sysvinit script and the Upstart job both do that on-demand * Revert changes which are useful in Ubuntu but not Debian: - move everything except the library back into /usr; Debian doesn't have any uses for dbus-daemon in early boot, and if we do later, we'd need to get libexpat moved first - this gets the locations back into sync with what it says in the Xsession hook (Closes: #630011) and the init script (Closes: #629954) * Improve comments in postinst explaining why it behaves as it does -- Simon McVittie Fri, 10 Jun 2011 23:35:51 +0100 dbus (1.4.12-1) unstable; urgency=medium * New upstream release fixes local DoS (Closes: #629938, CVE-2011-2200) * Don't delete jquery.js, no longer installed by recent Doxygen * Build-depend on libglib2.0-dev, libdbus-glib-1-dev for better regression test coverage (dbus-glib is a circular dependency, but both of these dependencies can be dropped if bootstrapping new architectures) -- Simon McVittie Fri, 10 Jun 2011 22:39:14 +0100 dbus (1.5.2-2) experimental; urgency=low * Merge from unstable * Merge and adapt from Ubuntu: - create, chown messagebus' home directory in postinst - run dbus-uuidgen --ensure in postinst - call ReloadConfig with dbus-send in the postinst, since that'll work regardless of whether dbus was started with sysvinit or Upstart; just call it unconditionally, and ignore any failures we might see (in chroots or if dbus-daemon wasn't running) - move dbus-daemon and its helpers from /usr to / - move libraries into multiarch locations * Don't delete jquery.js, no longer installed by recent Doxygen * libdbus-1-dev: explicitly pre-depend on multiarch-support to work around debhelper and lintian disagreeing whether it's necessary -- Simon McVittie Thu, 09 Jun 2011 08:00:24 +0100 dbus (1.4.10-2) unstable; urgency=low * Disable silent rules so we can have useful buildd logs * Update Vcs-Git, Vcs-Browser to the form preferred by the Alioth admins * Disable -Wl,--gc-sections and related flags: the size decrease is negligible, and these options currently segfault ld on armel and mips* (Closes: #628834) * Disable the build-time tests for now, they need more upstream work before they'll pass in a minimal build chroot -- Simon McVittie Thu, 02 Jun 2011 17:08:25 +0100 dbus (1.5.2-1) experimental; urgency=low * Merge from unstable * New(er) upstream version -- Simon McVittie Wed, 01 Jun 2011 16:32:25 +0100 dbus (1.4.10-1) unstable; urgency=low * New upstream version * Use a separate build directory * Explicitly set compiler flags * Don't complain about not installing libdbus-1.la * Don't pass a version to dh_makeshlibs -V - the symbols file gives us exact dependencies, so the legacy shlibs mechanism is just a guard against old systems now, and everyone forgets to update it * Do a second build with tests, verbosity etc. enabled, and install it in /usr/lib/$DEB_HOST_MULTIARCH/dbus-1.0/debug-build in dbus-1-dbg (Closes: #498185) - increase dependencies of dbus-1-dbg to allow for this - run the debug build's regression tests during build, but don't make failures fatal yet - build-depend on xvfb and run the tests under xvfb-run, since one needs a $DISPLAY * Run autoconf during build, and allow parallel building * Don't install dcop-howto.txt - this isn't DCOP -- Simon McVittie Wed, 01 Jun 2011 16:18:45 +0100 dbus (1.5.0-2) experimental; urgency=low * Merge from unstable -- Simon McVittie Wed, 27 Apr 2011 16:41:52 +0100 dbus (1.4.8-3) unstable; urgency=low * libdbus-1-3 Breaks versions of kdebase-workspace-bin and kde-window-manager that suffer from #623492, so partial upgrades don't make KDE unusable (Closes: #624333) * Policy 3.9.2 (no changes required) * De-duplicate short descriptions * Add DEP-3 metadata to 01_no-fatal-warnings.patch -- Simon McVittie Wed, 27 Apr 2011 16:11:18 +0100 dbus (1.4.8-2) unstable; urgency=low * Remove jquery.js at the right location * Re-upload with non-broken .changes file -- Simon McVittie Tue, 19 Apr 2011 09:15:04 +0100 dbus (1.5.0-1) experimental; urgency=low * New upstream development version (targeting experimental) * Remove jquery.js at the right location -- Simon McVittie Mon, 11 Apr 2011 18:04:56 +0100 dbus (1.4.18-1ubuntu1) precise; urgency=low * Merge with Debian unstable to pick up the new bug fix release. Remaining Ubuntu changes: - Install binaries into / rather than /usr: + debian/rules: Set --exec-prefix=/ + debian/dbus.install, debian/dbus-x11.install: Install from /bin - Use upstart to start: + Add debian/dbus.upstart. + debian/control: Add upstart dependency. + debian/dbus.postinst: Use upstart call instead of invoking the init.d script for checking if we are already running. + debian/control: versioned dependency on netbase that emits the new deconfiguring-networking event used in upstart script. - 20_system_conf_limit.patch: Increase max_match_rules_per_connection for the system bus to 5000 (LP #454093) - 81-session.conf-timeout.patch: Raise the service startup timeout from 25 to 60 seconds. It may be too short on the live CD with slow machines. - Add 0001-activation-allow-for-more-variation-than-just-system.patch, 0002-bus-change-systemd-activation-to-activation-systemd.patch, 0003-upstart-add-upstart-as-a-possible-activation-type.patch, 0004-upstart-add-UpstartJob-to-service-desktop-files.patch, 0005-activation-implement-upstart-activation.patch: Patches from Scott James Remnant to implement Upstart service activation. Not upstream. -- Martin Pitt Wed, 22 Feb 2012 09:26:02 +0100 dbus (1.4.16-1ubuntu4) precise; urgency=low * debian/rules, debian/dbus-1-dbg.install: Only set --exec-prefix=/ in the production build. This prevents the debug version of dbus-daemon from overwriting the non-debug version, which crashes the dbus-python test suite. This leaves the debug version in a somewhat bogus path, but we won't worry about that for now. Solution given by Jason Conti. Also closes https://bugs.freedesktop.org/show_bug.cgi?id=43303 (LP: #913991) -- Barry Warsaw Tue, 10 Jan 2012 15:52:43 +0100 dbus (1.4.16-1ubuntu3) precise; urgency=low * Add a post-stop in the upstart script making sure /var/run/dbus/pid doesn't exist after dbus has been stopped/died. This fixes dbus not respawning when dying (segfault for example). -- Stéphane Graber Mon, 09 Jan 2012 15:15:50 +0100 dbus (1.4.16-1ubuntu2) precise; urgency=low * Add debian/patches/02_obsolete_g_thread_api.patch: Port to glib 2.31.x g_thread API. Bump libglib2.0-dev build dep accordingly. (LP: #911125) -- Martin Pitt Tue, 03 Jan 2012 11:08:46 +0100 dbus (1.4.16-1ubuntu1) precise; urgency=low * Merge with Debian testing. Remaining changes: - Install binaries into / rather than /usr: + debian/rules: Set --exec-prefix=/ + debian/dbus.install, debian/dbus-x11.install: Install from /bin - Use upstart to start: + Add debian/dbus.upstart. + debian/control: Add upstart dependency. + debian/dbus.postinst: Use upstart call instead of invoking the init.d script for checking if we are already running. + debian/control: versioned dependency on netbase that emits the new deconfiguring-networking event used in upstart script. - 20_system_conf_limit.patch: Increase max_match_rules_per_connection for the system bus to 5000 (LP #454093) - 81-session.conf-timeout.patch: Raise the service startup timeout from 25 to 60 seconds. It may be too short on the live CD with slow machines. - Add 0001-activation-allow-for-more-variation-than-just-system.patch, 0002-bus-change-systemd-activation-to-activation-systemd.patch, 0003-upstart-add-upstart-as-a-possible-activation-type.patch, 0004-upstart-add-UpstartJob-to-service-desktop-files.patch, 0005-activation-implement-upstart-activation.patch: Patches from Scott James Remnant to implement Upstart service activation. Not upstream. -- Martin Pitt Tue, 18 Oct 2011 18:10:19 +0200 dbus (1.4.8-1) unstable; urgency=low * New upstream version - Use upstream-merged support for installing HTML docs - Use upstream-supplied doxygen_to_devhelp.xsl (the Automake integration is still a bit broken, so we build it ourselves) * Mark dbus, dbus-x11 as Multi-Arch: foreign * Remove the unused copy of jquery.js that doxygen now wants to install * Move HTML and text documentation from /u/s/d/dbus-1-doc to /u/s/d/dbus (see Policy bug #107073 for discussion), leaving behind symlinks to their historical locations; this also results in shipping one copy of dbus-specification.html rather than two * Correctly credit Michael for his changes in the previous changelog entry -- Simon McVittie Mon, 11 Apr 2011 16:22:48 +0100 dbus (1.4.6-1) unstable; urgency=low [ Michael Biebl ] * Switch from cdbs to dh. * Bump debhelper compatibility level to 8. * Remove doxygen call from debian/rules and cleaning up doc/api manually. The upstream build system takes care of that already. [ Simon McVittie ] * New upstream version - remove 00_dbus-quiesce-startup-errors.patch, no longer needed * Ignore changes to generated Doxygen HTML instead of deleting it in clean, for easier use of git-buildpackage * Unapply patches after building from git -- Simon McVittie Thu, 17 Feb 2011 20:12:59 +0000 dbus (1.4.1-2) unstable; urgency=low [ Simon McVittie ] * Move to git; add debian/gbp.conf for git-buildpackage * Replace 00_dbus-quiesce-startup-errors.patch with the version that was merged upstream [ Michael Biebl ] * Upload to unstable. -- Michael Biebl Mon, 07 Feb 2011 01:52:08 +0100 dbus (1.4.1-1) experimental; urgency=low * New upstream release. * Remove pre-lenny upgrade code. - Drop old Breaks/Replaces from debian/control. - Drop debian/dbus.preinst and clean up debian/dbus.postinst. -- Michael Biebl Tue, 21 Dec 2010 02:18:37 +0100 dbus (1.4.0-2) experimental; urgency=low * Install systemd unit files. -- Michael Biebl Tue, 16 Nov 2010 22:02:11 +0100 dbus (1.4.0-1) experimental; urgency=low * New upstream release. - Feature negotiation in the bus daemon. - File descriptor passing on Unix socket transports. - Various portability fixes, in particular to Windows platforms. - Support forking bus services, for compatibility. - New standardized PropertiesChanged signal in the properties interface. - Use of GCC atomic intrinsics for better processor support. - Ability for dbus-send to send to any bus (--address). - systemd hookup. - Fixes reentrancy issue with multi-threaded apps, which affects especially Qt and KDE apps. (Closes: #584522) * debian/control - Bump Standards-Version to 3.9.1. No further changes. * debian/rules - Disable installation of systemd unit files. -- Michael Biebl Tue, 14 Sep 2010 20:43:05 +0200 dbus (1.3.2~git20100715.821f99c-1) experimental; urgency=low * New upstream Git snapshot (up to 821f99c). * Refresh patches to apply cleanly. * debian/libdbus-1-3.symbols - Update for API additions (Unix FD passing). * debian/rules - Bump shlibs to 1.3.1. -- Michael Biebl Sun, 18 Jul 2010 13:41:43 +0200 dbus (1.2.24-3) unstable; urgency=medium * Add patch from upstream to fix segfaults when reloaded on kFreeBSD (Closes: #589662) * Work around FTBFS if dh-buildinfo is installed (Closes: #590594) -- Simon McVittie Tue, 27 Jul 2010 19:56:43 +0100 dbus (1.2.24-2) unstable; urgency=low [ Simon McVittie ] * Merge from experimental - add separate debugging symbols (dbus-1-dbg) [ Michael Biebl ] * Switch to source format 3.0 (quilt) - Add debian/source/format. - Drop Build-Depends on quilt. - Remove /usr/share/cdbs/1/rules/patchsys-quilt.mk from debian/rules. - Remove debian/README.source. * debian/control - Bump Standards-Version to 3.9.0. - Use architecture wildcard linux-any for libselinux1-dev Build-Depends. - Use Breaks instead of Conflicts as recommended by the new policy. - Remove old Conflicts which is no longer relevant. * debian/dbus.init - Simplify check in start_it_up() by using the existing status action. - Stop restarting dependent services. It was an ugly hack anyway and if people want to restart dbus, they need take care of that themselves. (Closes: #540693, #530395) * debian/dbus.postinst - Stop restarting dbus system bus on upgrades as it breaks too many applications and is not supported by upstream in a sensible way. Instead trigger a reboot-required message using update-notifier. (Closes: #530000, #573386) -- Michael Biebl Sat, 17 Jul 2010 14:54:54 +0200 dbus (1.2.24-1+exp1) experimental; urgency=low * Add separate debugging symbols (Closes: #550517) -- Simon McVittie Sun, 27 Jun 2010 17:19:24 +0100 dbus (1.2.24-1) unstable; urgency=low * New upstream release. - Correctly get pointer data from DBusString when creating a syslog message. (Closes: #574697) * debian/dbus-Xsession - Use new "has_option" function from x11-common instead of grepping the option file, to avoid calling an external program. (Closes: #570480) Thanks to Martin Pitt for the patch. * debian/control - Add Breaks: x11-common (<< 1:7.5+4) to dbus-x11 to ensure we have a recent enough version with "has_option" support. * debian/dbus.init - Update LSB header: Remove runlevel 1 from Default-Stop and let killprocs do the job for us. * debian/rules - Update DEB_DH_INSTALLINIT_ARGS accordingly. * debian/dbus.postinst - Remove old stop symlinks from runlevel 1 on upgrades. -- Michael Biebl Wed, 24 Mar 2010 02:04:20 +0100 dbus (1.2.22-1) unstable; urgency=low * New upstream release. * debian/patches/11_kfreebsd_kqueue_build_fix.patch - Removed, merged upstream. * debian/control - Drop Provides: dbus-1-utils, there is no more package depending on it. -- Michael Biebl Thu, 18 Mar 2010 01:06:13 +0100 dbus (1.2.20-2) unstable; urgency=low * debian/patches/11_kfreebsd_kqueue_build_fix.patch - Fix kqueue implementation on GNU/kFreeBSD. (Closes: #568338) Thanks to Cyril Brulebois for the patch. -- Michael Biebl Wed, 03 Feb 2010 23:08:12 +0100 dbus (1.2.20-1) unstable; urgency=low * New upstream release. * debian/control - Drop Build-Depends on docbook-utils, apparently no longer necessary. - Bump Standards-Version to 3.8.4. * debian/rules - Explicitly disable audit support so we don't accidentally pick up a libaudit shlib dependency. - Drop our workaround for the broken binutils and re-enable -pie on mips. (Closes: #533460) - Improve the way we create the symlink from /usr/lib/ → /lib by using readlink. * Remove patches: - debian/patches/02_dbus_monitor_no_sigint_handler.patch (fixed upstream) - debian/patches/20_kbsd_cmsgcred.patch (merged upstream) - debian/patches/30_rt-as-needed.patch (merged upstream) * debian/README.source - Add reference to the quilt patch management system documentation. -- Michael Biebl Wed, 03 Feb 2010 22:49:42 +0100 dbus (1.2.16-2) unstable; urgency=low * Rebuild against debhelper (>= 7.2.23) that fixes a regression in dh_install which did not correctly strip debian/tmp. (Closes: #537125) * debian/patches/20_kbsd_cmsgcred.patch - Fix incorrect usage of cmsgcred on kFreeBSD. Thanks to Aurelien Jarno for the patch. * debian/patches/30_rt-as-needed.patch - Fix spurious build failures on alpha and ia64 when using -Wl,--as-needed by changing the link order of libdbus-convenience.la and -lrt. -- Michael Biebl Thu, 16 Jul 2009 02:03:18 +0200 dbus (1.2.16-1) unstable; urgency=low * New upstream release. * debian/libdbus-1-3.symbols - Update for API additions. * debian/rules - Bump shlibs to 1.2.16. * Install libdbus to /lib. Upstart requires libdbus before /usr is mounted. Keep the development files libdbus-1*.{a,so} in /usr/lib. * Bump Standards-Version to 3.8.2. No further changes. -- Michael Biebl Wed, 15 Jul 2009 00:39:18 +0200 dbus (1.2.14-3) unstable; urgency=low * debian/dbus.postinst - Suppress output from adduser. * debian/dbus.postrm - Cleanup /var/lib/dbus on purge. * debian/rules - Compile dbus-daemon without -pie on mipsen. This is a workaround for a toolchain bug on mipsen (#532821) which causes dbus-daemon to segfault. (Closes: #528145) -- Michael Biebl Wed, 17 Jun 2009 21:03:57 +0200 dbus (1.2.14-2) unstable; urgency=low * debian/dbus.postrm - Add missing whitespace before ']'. -- Michael Biebl Fri, 08 May 2009 23:30:35 +0200 dbus (1.2.14-1) unstable; urgency=low * New upstream release. * Switch patch management system to quilt. * Refresh and update patches. * Remove debian/patches/20-dbus-alpha-unaligned.patch, fixed upstream. * debian/control - Drop dependency on debianutils as we no longer require run-parts. - Demote dbus-x11 from Recommends to Suggests. (Closes: #479341) * debian/libdbus-1-3.symbols - Update for API additions. * debian/rules - Bump shlibs to 1.2.14. - Add "-Wl,--as-needed" to LDFLAGS. This way we don't pick up any spurious X11 dependencies. (Closes: #499650) * debian/dbus.postinst - Remove chown call for /var/run/dbus as the init script will take care of setting the right permissions anyway. This also ensures that we don't fail if /var/run is on tmpfs. (Closes: #508931) * Bump Standards-Version to 3.8.1. No longer ship /var/run/dbus in the package but let the init script create it. * debian/dbus.install - Remove /var/run/dbus directory. * debian/dbus.postrm - Remove /var/run/dbus on purge. -- Michael Biebl Fri, 08 May 2009 14:31:33 +0200 dbus (1.2.12-1) unstable; urgency=low [ Simon McVittie ] * New upstream release * Merge experimental into unstable - Changes in packaging relative to experimental: add myself to Uploaders, and suggest libdbus-1-dev instead of nonexistent dbus-1-dev [ Michael Biebl ] * Drop support for /etc/dbus-1/event.d. This interface has long been deprecated and all affected Debian packages have been fixed for lenny. If your (custom) service needs to be restarted on a dbus restart, add a regular sysv init script and "Required-Start: dbus" to the LSB header. * debian/control - Drop ancient Conflicts/Replaces which are from pre-oldstable (sarge). - Bump debhelper Build-Depends to (>= 7). * debian/compat - Bump to debhelper v7 compat mode. * debian/copyright - Update AFL license to version 2.1. - Make it clear that dbus is released under version 2 of the GPL and refer to the versioned GPL-2 file in /usr/share/common-licenses. -- Michael Biebl Mon, 16 Feb 2009 15:07:46 +0100 dbus (1.2.8-1) experimental; urgency=low [ Sjoerd Simons ] * New upstream release * Fixes CVE-2008-4311 (Closes: #503532, #508032) [ Michael Biebl ] * debian/libdbus-1-3.symbols - Updated, new symbol has been added. * debian/rules - Bump shlibs to 1.2.4. * debian/control - Bump Standards-Version to 3.8.0. No further changes. -- Sjoerd Simons Sun, 07 Dec 2008 13:30:19 +0000 dbus (1.2.4-1) experimental; urgency=low * New upstream release * Remove patches that were merged upstream - debian/patches/15_dbus_group_parsing.patch - debian/patches/CVE-2008-3834.patch -- Sjoerd Simons Sat, 29 Nov 2008 19:16:05 +0100 dbus (1.2.1-5) unstable; urgency=high [ Sjoerd Simons ] * debian/patches/CVE-2008-4311.patch: + Added, Fixes CVE-2008-4311. A mistake in the default configuration for the system bus (system.conf) which made the default policy for both sent and received messages effectively *allow*, and not deny as intended. This patch fixes the send side permissions (Closes: #503532, #508032) * Urgency high for the security fix [ Simon McVittie ] * Rename CVE-*.patch to prefix them with a sequence number so it's clear what order they should apply in * Add 51-CVE-2008-4311-but-allow-signals.patch, cherry-picked from upstream git commit d899734475: after fixing CVE-2008-4311, re-allow emitting signals * debian/patches/3[0-4]*.patch, cherry-picked from upstream git (see patches for commit IDs): add logging when permission to send a message is denied * debian/patches/35-syslog-h.patch: #include to fix compilation with the logging patches applied * Add myself to Uploaders -- Simon McVittie Sat, 10 Jan 2009 21:43:16 +0000 dbus (1.2.1-4) unstable; urgency=high * debian/patches/CVE-2008-3834.patch - The dbus_signature_validate function in the D-bus library allows attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error. (Closes: #501443) Fixes: CVE-2008-3834 - Urgency high for the security fix. * debian/patches/20-dbus-alpha-unaligned.patch - Fix misaligned memory access which causes "unaligned traps" on Alpha. (Closes: #502408) * debian/dbus.init - Add "status" action to init script. (Closes: #470121) * debian/control - Bump Depends on lsb-base to >= 3.2-14, which provides status_of_proc(). -- Michael Biebl Sat, 25 Oct 2008 15:28:05 +0200 dbus (1.2.1-3) unstable; urgency=low * debian/patches/15_dbus_group_parsing.patch - Added. Fixes failure to parse /etc/group when it contains lines with more then 512 chars (Closes: #489738) (From upstream git) -- Sjoerd Simons Thu, 31 Jul 2008 00:04:21 +0100 dbus (1.2.1-2) unstable; urgency=low [ Sjoerd Simons ] * debian/rules: Disable the disabling of the userdb cache. No other distribution disables it and it is somewhat buggy (Thanks to Scott James Remnant for pointing out this issue) -- Sjoerd Simons Sat, 26 Apr 2008 12:41:47 +0200 dbus (1.2.1-1) unstable; urgency=low * New upstream release. * debian/rules, debian/dbus.postinst - Minimize downtime of the system message bus (and dependent D-Bus services) by restarting dbus in postinst instead of stop in prerm and start in postinst. (Closes: #428669) * debian/libdbus-1-3.symbols - Add symbols file for improved shared library dependencies. * debian/shlibs.local - This file has been neglected for quite some time and has been obsoleted by the symbols file so better remove it. -- Michael Biebl Fri, 11 Apr 2008 16:33:42 +0200 dbus (1.1.20-1) unstable; urgency=medium [ Loic Minier ] * Forcefully remove old init script symlinks on upgrades to this version to properly reinstall the init script when using insserv or file-rc; thanks Petter Reinholdtsen; closes: #466503. [ Michael Biebl ] * New upstream release: + SECURITY - CVE-2008-0595: security policy of the type work as an implicit allow for messages sent without an interface bypassing the default deny rules and potentially allowing restricted methods exported on the bus to be executed by unauthorized users. -- Michael Biebl Thu, 28 Feb 2008 09:01:00 +0100 dbus (1.1.4-1) unstable; urgency=low [ Loic Minier ] * Merge patch from Ubuntu to build a devhelp file; thanks Martin Pitt; closes: #454142. - Build-dep on xsltproc. - New patch, dbus-1.0.1-generate-xml-docs, enables generation of XML docs which serve as source for the devhelp generation. - Add a XSLT file from the Fedora package, debian/doxygen_to_devhelp.xsl. - Generate the devhelp file from the XML files thanks to the XSL file via xsltproc in build/dbus-1-doc::. - Install the devhelp index in dbus-1-doc and move the HTML documentation around; add a symlink from the gtk-doc dir. * Misc smallish whitespace cleanups. * Start dbus at runlevel priority 12 and stop at priority 88. This eliminates the race condition of starting the X session before hal is running. Migrate rc?.d symlinks from 20 to 12/88 on upgrades. This need to be kept until after lenny is released. * Set LSB Default-Stop section to 1 and only install a shutdown script for runlevel 1 to only stop dbus when going down to single user mode; dbus can simply be killed like everything else on shutdown or reboot by sendsigs; drop rc0 and rc6.d symlinks on upgrades. * Bump up dbus-x11 conflicts/replaces to << 1.1.2 to match the transition version in Ubuntu and reduce the delta. * Cleanup trailing whitespace. * Drop superfluous exit 0 at the end of dbus' init script which is set -e. * Add ${shlibs:Depends} to libdbus-1-dev. * Simplify dbus.postinst. * Rename patch dbus-1.0.1-generate-xml-docs to 10_dbus-1.0.1-generate-xml-docs to reflect current patch stack order. * Set shlibs via DEB_DH_MAKESHLIBS_ARGS_ALL instead of libdbus-1-3.shlibs and extract libdbus-1-3 package name from control to avoid hardcoding the SONAME and package name. [ Michael Biebl ] * New upstream release. * Deprecate the ENABLED option and remove it from /etc/default/dbus. Print a warning message in the init script if this option is still used. * debian/patches/03_uuid_nul.patch - Removed, merged upstream. * debian/patches/04_dbus_launch.patch - Removed, merged upstream. * debian/control - Bump Standards-Version to 3.7.3. No further changes required. * debian/dbus.init - Fix LSB init header. Use $remote_fs instead of $local_fs as the daemon requires /usr to be mounted. Remove S from Should-Stop. (Closes: #459473) - Use mountpoint to check if /proc is mounted. (Closes: #458392) - Decrease retry-time to 5 secs on stop. (Closes: #462182) -- Michael Biebl Tue, 04 Dec 2007 21:31:12 +0100 dbus (1.1.2-1) unstable; urgency=low [ Michael Biebl ] * New upstream release. * debian/control - Use the new "Homepage:" field to specify the upstream URL. - The Vcs-* fields are now officially supported, so remove the XS- prefix. - Demote dbus-x11 dependency to a Recommends. (Closes: #427932) * debian/dbus.install - Install the dbus-daemon-launch-helper binary. - Install the directory /usr/share/dbus-1/system-services. * debian/dbus.postinst - Install the dbus-daemon-launch-helper binary SUID root and make it executable for the messagebus group. - General cleanup. Remove superfluous addgroup and chgrp call. [ Sjoerd Simons ] * debian/dbus.init - Warn if /proc isn't mounted and refuse to start (Closes: #431101, #447363) * debian/patches/03_uuid_nul.patch - Added. Don't accidentally overwrite the last byte of the uuid with nul while autostarting. (From upstream GIT) * debian/patches/04_dbus_launch.patch - Added. Also save the session bus info in X11 on a normally launched bus. This ensures apps that don't have a session bus address in their environment can still properly connect to a DISPLAY's normal session bus. Making hacks to determine which dbus address belongs to a DISPLAY as used by some obsolete. -- Sjoerd Simons Fri, 23 Nov 2007 11:33:00 +0100 dbus (1.1.1-3) unstable; urgency=low * List arches where the build-dep on libselinux1-dev doesn't apply; thanks Michael Banck; closes: #430821. * Wrap build-deps and deps. * Misc cleanups, including quoting in maintainer scripts. * Add myself as uploader. * Add ${misc:Depends}. -- Loic Minier Wed, 27 Jun 2007 16:42:08 +0200 dbus (1.1.1-2) UNRELEASED; urgency=low * debian/control - Fix small typo in the dbus-x11 package description. (Closes: #430736) -- Michael Biebl Wed, 27 Jun 2007 01:42:38 +0200 dbus (1.1.1-1) unstable; urgency=low [ Michael Biebl ] * debian/patches/02_dbus_monitor_no_sigint_handler.patch + Remove the sigint_handler in dbus-monitor so the application properly terminates on STRG+C. (Closes: #414139) [ Sjoerd Simons ] * New upstream release * debian/libdbus-1-3.shlibs: Bumped shlibs -- Sjoerd Simons Tue, 19 Jun 2007 13:18:12 +0100 dbus (1.1.0-1) unstable; urgency=low [ Sjoerd Simons ] * New upstream release [ Tim Dijkstra ] * Disable userdb cache. If you need a cache, use nscd. (closes: #370569) [ Michael Biebl ] * debian/control + Fix small typo in the dbus-x11 package description. (Closes: #425132) + Replace Source-Version with binary:Version for libdbus-1-dev. * debian/dbus.init + Suppress error messages about nonexistent or unreadable files. (Closes: #426296) + Do not abort on grep errors. (Closes: #423380) + Do not abort if starting a dependent service fails. * debian/control + Add build dependency on autotools-dev for up-to-date config.{guess,sub} files. -- Michael Biebl Wed, 06 Jun 2007 15:39:23 +0200 dbus (1.0.2-5) unstable; urgency=low [ Michael Biebl ] * debian/dbus.init + Add some safety checks and support for file-rc. (Closes: #419984) * Drop dbus-1-utils package and move dbus-monitor into the dbus package. (Closes: #404981) * Create dbus-x11 package and move dbus-launch and the Xsession start script from dbus into this package. This removes the X11 dependency from the dbus package. Add a dependency on dbus-x11 to the dbus package, to not break packages which still depend on dbus but should be updated to depend on dbus-x11 instead if they require a D-Bus session bus. [ Sjoerd Simons ] * debian/control: Add libselinux1-dev to build depends * debian/rules: Clean up some more generated files (From the ubuntu packaging) -- Sjoerd Simons Thu, 03 May 2007 13:28:19 +0200 dbus (1.0.2-4) unstable; urgency=low * debian/dbus.init + Properly quote the runlevel variable $r. (Closes: #419818) * debian/dbus.prerm + Removed empty maintainer script. -- Michael Biebl Wed, 18 Apr 2007 19:16:13 +0200 dbus (1.0.2-3) unstable; urgency=low * debian/dbus.post{inst,rm} + Restart dbus on upgrades again. Might break some applications, but they should be fixed. * debian/dbus.init + Don't return an error, if start is called when there is already a bus running. * debian/dbus.init + Handle errors from /sbin/runlevel. Fixes dbus installation in chroots. (Closes: #419655) -- Sjoerd Simons Tue, 17 Apr 2007 17:55:14 +0200 dbus (1.0.2-2) unstable; urgency=low [ Sebastian Dröge ] * debian/control: + Updated to use my debian.org mail address [ Michael Biebl ] * debian/control + Add XS-Vcs-* fields. + Add myself to Uploaders. + Update description. * debian/watch + Added. Allows to track upstream releases. * debian/dbus.init + Add functionality to start/stop dbus dependent services based on their LSB header. Instead of installing an init script into /etc/dbus-1/event.d, services depending on dbus should from now on install a regular sysv init script and add an LSB header with "Required-Start: dbus". -- Michael Biebl Fri, 13 Apr 2007 00:56:54 +0200 dbus (1.0.2-1) unstable; urgency=high * New upstream release: + Urgency set to high because it fixes a local denial of service exploit involving removal of match rules from other apps. This effects all versions of D-Bus. CVE-2006-6107 https://bugs.freedesktop.org/show_bug.cgi?id=9142 * debian/patches/02_fix_thread_initialisation.patch: + Dropped, merged upstream -- Sebastian Dröge Tue, 12 Dec 2006 23:36:37 +0100 dbus (1.0.1-2) unstable; urgency=medium * There is no need anymore to install a custom session.conf. Also The custom one doesn't include the new directive to look at various standard service dirs. -- Sjoerd Simons Sun, 19 Nov 2006 22:59:17 +0100 dbus (1.0.1-1) unstable; urgency=medium * New bugfix release * Fixes bug where calling dbus_threads_init_default would assert * debian/patches/02_fix_thread_initialisation.patch + Fixes an assertion failure when using pthreads (From upstream CVS) * Urgency medium, fixes two assertion failures. -- Sjoerd Simons Sun, 19 Nov 2006 22:02:16 +0100 dbus (1.0.0-1) unstable; urgency=low [ Sebastian Dröge ] * New upstream release, 1.0.0 aka "Blue Bird" * debian/patches/01_no-fatal-warnings.patch: + Don't abort on fatal warnings now by default. This behaviour can be controlled by the DBUS_FATAL_WARNINGS enviroment variable. This will be set to upstream default again at some point so if you have an application that prints a DBus warning get it fixed. [ Sjoerd Simons ] * Target unstable. Since 0.94 only bugfixes and cleanups went in. * Also generate the machine-id on reload if it doesn't exist and reload the bus on upgrades. (Closes: #357247) * patches/40_dbus_launch_get_uuid.patch + Dropped, fixed upstream -- Sjoerd Simons Tue, 14 Nov 2006 15:35:00 +0100 dbus (0.95-1) experimental; urgency=low * New upstream release (aka 1.0 RC3) * debian/patches/10_dbus_uuid_in_var.patch, debian/patches/20_dbus_uuid_world_readable.patch, debian/patches/30_dbus_send_close_shared_connection.patch: + Dropped, merged upstream * debian/patches/99_rerun_automake.patch: + Not needed anymore because of the above -- Sebastian Dröge Sun, 5 Nov 2006 23:22:01 +0100 dbus (0.94-2) unstable; urgency=medium [ Sebastian Dröge ] * debian/patches/30_dbus_send_close_shared_connection.patch: + Don't close shared connection in dbus-send. (Closes: 395358, 397303) Patch from upstream CVS [ Sjoerd Simons ] * patches/40_dbus_launch_get_uuid.patch + Added. Check if get_machine_uuid() returns NULL before proceeding any further: we can't init the X atoms or create a session file name if there is no machine ID. Solves a dbus-launch crash if there is no machine id. (Closes: 3395938) Patch from upstream CVS * 2 important bugfixes, setting urgency to medium. -- Sjoerd Simons Mon, 6 Nov 2006 22:02:19 +0100 dbus (0.94-1) unstable; urgency=low [ Riccardo Setti ] * Fixed dbus description. (closes: #388186) * Improved dbus.init script. (closes: #384859) - Patch from David Härdeman Wed, 25 Oct 2006 11:26:32 +0200 dbus (0.93-1) unstable; urgency=low * New upstream release * debian/patches/00_expand_bindir.patch - Removed. Fixed upstream * debian/control: Build-depend on libx11-dev, so dbus-launch can monitor X sessions. -- Sjoerd Simons Sat, 16 Sep 2006 23:13:30 +0200 dbus (0.92-2) unstable; urgency=low * Upload to unstable * debian/patches/00_expand_bindir.patch - Added. Ensure the expanded version of $bindir is used for the DBUS_DAEMONDIR define. Fixes useless warning from dbus-launch (From upstream CVS) -- Sjoerd Simons Thu, 7 Sep 2006 20:30:05 +0200 dbus (0.92-1) experimental; urgency=low * New upstream release -- Sjoerd Simons Sat, 19 Aug 2006 22:13:25 +0200 dbus (0.91-1) experimental; urgency=low * New upstream release + First packaged dbus modular release. Bindings are in seperate source packages now. * Bumped libdbus-1 soname * debian/control: Remove all build-depends and definitions for the bindings. * debian/control: Update to use the official D-Bus spelling * debian/rules: Remove everything that was needed to build the bindings. * Remove files not applicable to the D-Bus bus and core libraries: + debian/python-dbus.install + debian/monodoc-dbus-1-manual.postinst + debian/libdbus-qt-1-dev.install + debian/libdbus-qt4-1-1.install + libdbus-1-cil.install + libdbus-qt-1-1c2.install + libdbus-1-cil.installcligac + libdbus-glib-1-2.install + monodoc-dbus-1-manual.install + libdbus-qt4-1-dev.install + libdbus-glib-1-dev.install * Remove all patches not applicable to the D-Bus bus and core libraries: + debian/patches/dbus-update-automake.patch + debian/patches/dbus-monoversion.patch + debian/patches/dbus-no-qt4-examples.patch + debian/patches/dbus-mono-pkgconfig-location.patch + debian/patches/dbus-new-monodoc.patch -- Sjoerd Simons Mon, 31 Jul 2006 14:50:05 +0200 dbus (0.62-5) unstable; urgency=low * Update python-dbus to the new Python Policy * Bump Standards-Version to 3.7.2 -- Sebastian Dröge Sat, 8 Jul 2006 01:25:40 +0200 dbus (0.62-4) unstable; urgency=low [ Sebastian Dröge ] * add ${shlibs:Depends} to Depends of libdbus-glib-1-dev, as it ships dbus-binding-tool to /usr/bin/. This fixes a missing libexpat.so.1.0.0. Thanks to Daniel Holbach for noticing this. [ Michael Biebl ] * debian/libdbus-qt4-1-dev.install: qt/dbus/qdbus.h is only a dummy header file. Install the real one instead. (Closes: #375298) -- Sjoerd Simons Wed, 28 Jun 2006 19:03:23 +0200 dbus (0.62-3) unstable; urgency=low * Make the Qt4 bindings buid-depend on libqt4-dev (>= 4.1.3) (Closes: #374802) * Ensure /etc/dbus-1/system.d is included in the dbus package (Closes: #374930) -- Sjoerd Simons Thu, 22 Jun 2006 18:36:35 +0200 dbus (0.62-2) unstable; urgency=low * debian/libdbus-qt-1-dev.install: Make the wildcard more strict so that it doesn't accidentally pickup qt4 files * debian/libdbus-qt4-1-dev.install: Also install the dbuscpp2xml and dbusidl2cpp utilities * debian/session.conf + Install a custom dbus session.conf. In the generated one some variables aren't expanded, causing the session bus to fail (Closes: #374747) * Move libdbus-1-2 to sections libs * Let libdbus-1-2 recommend dbus. Almost all libdbus-1 using applications really need the dbus to be present so the recommends is justified. (Closes: #374726) * debian/libdbus-qt-1-dev.install: Install all the needed header files. Thanks to Michael Biebl for testing a KDE4 build against these bindings. -- Sjoerd Simons Wed, 21 Jun 2006 10:47:00 +0200 dbus (0.62-1) unstable; urgency=low * New upstream release * Remove Daniel Stone from uploaders on his request. * debian/dbus.init: Remove the sleep 1 when restarting. It's not needed as the start-stop-daemon --retry option is used to shut dbus down * Removed patched that aren't needed anymore: + debian/patches/dbus-reload-usercache.patch + debian/patches/dbus-qt-buildfix.patch + debian/patches/dbus-qt-endianness.patch + debian/patches/dbus-0.60-mono-return-null-fix.diff + debian/patches/dbus-tcp-econreff.patch + debian/patches/dbus-transport-tcp.patch + debian/patches/dbus-pendingcall-deadlock.patch * debian/patches/dbus-update-automake.patch + Updated * debian/patches/dbus-no-qt4-examples.patch + Added. Quick hack to disable the building of the qt4 example binaries. -- Sjoerd Simons Tue, 20 Jun 2006 19:35:46 +0200 dbus (0.61-6) unstable; urgency=low [ Sebastian Dröge ] * debian/patches/dbus-new-monodoc.patch: + Call the new monodoc executables for doc generation to really get docs (Closes: #361541) * debian/patches/dbus-update-automake.patch: + updated for the above change * Add the correct libdbus-glib-1-2 path to the dh_shlibdeps search path to generate correct dependencies on dbus-1-utils. * Update libdbus-1-cil to the new CLI policy and use dh_installcligac for late GAC installation * debian/patches/dbus-mono-pkgconfig-location.patch: + Adjust the location of the .dll in the pkg-config file for the new CLI policy. [ Sjoerd Simons ] * debian/patches/dbus-transport-tcp.patch + Added. Fixes crash when using the tcp transport without an host option (from dbus CVS) (Closes: #368894) * debian/patches/dbus-tcp-econreff.patch + Added. Make the error which is given when the tcp transport gets a connection refused more understandable (from dbus CVS) -- Sjoerd Simons Wed, 31 May 2006 15:00:49 +0200 dbus (0.61-5) unstable; urgency=low * debian/patches/dbus-0.60-mono-return-null-fix.diff: + Added again as this wasn't applied upstream. This makes dbus-sharp useable again as you don't get null anymore when asking for the session bus (see fd.o #5716) -- Sebastian Dröge Sat, 18 Mar 2006 14:40:48 +0100 dbus (0.61-4) unstable; urgency=low * debian/patches/dbus-reload-usercache.patch + Added. Reload the user info cache when reloading the config. * debian/patches/dbus-pendingcall-deadlock.patch + Added. Don't block in a poll if the data we're looking for was already read by another connection. (From dbus CVS) -- Sjoerd Simons Sun, 5 Mar 2006 21:27:16 +0100 dbus (0.61-3) unstable; urgency=low * debian/patches/dbus-monoversion.patch + Added. Dbus mono assembly version is synced with release version, but nothing actually changed. This patch changes the assembly version back to 0.60 to minimize breakage. New version will encode the assembly version in the package name (e.g libdbus-1-cil-0.61). -- Sjoerd Simons Wed, 1 Mar 2006 19:59:47 +0100 dbus (0.61-2) unstable; urgency=low * debian/patches/dbus-qt-endianness.patch + Added. Fix FTBS on big-endian architectures -- Sjoerd Simons Tue, 28 Feb 2006 00:58:05 +0100 dbus (0.61-1) unstable; urgency=medium * New upstream release * debian/patches/dbus-0.60-mono-arguments-fix.diff - Removed. Fixed upstream * debian/patches/dbus-0.60-mono-return-null-fix.diff - Removed. Fixed upstream * debian/patches/dbus-moc-selection.patch - Removed. Fixed upstream * debian/patches/dbus-qdbusmarshall-amd64.patch - Removed. Fixed upstream * Update cli-common depend to >= 0.2.0. Older versions have known bugs * Let binary-predeb/libdbus-1-cil:: depend on common-binary-post-install-arch, so dh_clideps can do it's work correctly. * debian/patches/dbus-qt-buildfix.patch + Added. Fix compilation of the Qt bindings (from CVS) * debian/patches/dbus-update-automake.patch + Added. Do a new autogen run, because the qt patch patches autotools files -- Sjoerd Simons Fri, 24 Feb 2006 22:09:17 +0100 dbus (0.60-6) unstable; urgency=low * Sync relavant changes from ubuntu + dbus-0.60-mono-arguments-fix.diff - Added. 64bit fixes ((fd.o bugzilla #4410) + dbus-0.60-mono-return-null-fix.diff - Added. Don't return null for the session bus (fd.o bugzilla #5716) + Send the update-notifier reboot required notification if it's installed + Build mono bindings as arch indep. -- Sjoerd Simons Thu, 16 Feb 2006 12:32:31 +0100 dbus (0.60-5) unstable; urgency=low * Fix a bashim in the postinst script (Closes: #347453) -- Sjoerd Simons Wed, 11 Jan 2006 20:15:02 +0100 dbus (0.60-4) unstable; urgency=low * Upload to unstable -- Sjoerd Simons Thu, 5 Jan 2006 21:55:49 +0100 dbus (0.60-3) experimental; urgency=low * debian/patches/dbus-qdbusmarshall-amd64.patch + Fix build failure on amd64 (Closes: #343746) * Ignore the exit code of run-parts in the init script. -- Sjoerd Simons Thu, 5 Jan 2006 12:30:26 +0100 dbus (0.60-2) experimental; urgency=low * Let python2.4-dbus depend on python2.4-libxml2 (Closes: #343715) * Changed maintainer address to pkg-utopia-maintainers@lists.alioth.debian.org -- Sjoerd Simons Thu, 15 Dec 2005 20:01:11 +0100 dbus (0.60-1) experimental; urgency=low * New upstream release * Soname of libdbus-1 and libdbus-glib-1 were bumped to 2 * debian/patches/dbus-reloadconfig-reply.patch + Removed. Merged upstream * debian/patches/dbus-monitor.patch + Removed. Merged upstream * debian/patches/dbus-make-libtool-safe.patch + Removed. Fixed upstream * debian/patches/dbus-moc-selection.patch + Added. Enable the Qt moc paths to be specified to configure * Depend on lsb-base >= 3.0 * Let dbus conflicht with libdbus-1-1 and libdbus-1-2 with dbus << 0.60. Some bus changes could result in strange bugs when mixing the old libs with the new bus. -- Sjoerd Simons Wed, 14 Dec 2005 19:53:07 +0100 dbus (0.50-3) experimental; urgency=low * Also move dbus-launch and dbus-send manpages to the dbus package * debian/dbus.init + Make force-reload an alias of reload instead of restart -- Sjoerd Simons Mon, 21 Nov 2005 11:17:57 +0100 dbus (0.50-2) experimental; urgency=low * maintainance is actually spelled "maintenance" (Closes: #332238) * Disable --enable-verbose because of the big performance hit * Move dbus-binding-tool from dbus-1-utils to libdbus-glib-1-dev * Move dbus-launch and dbus-send into the dbus package (Closes: #337212) * Move the /etc/X11/Xsession.d/ script from dbus-1-utils to dbus * Add reload function to the init script * Use log_daemon_msg instead of log_begin_msg in the init script where applicable * debian/patches/dbus-reloadconfig-reply.patch + Added. Send a reply message when org.freedesktop.DBus.ReloadConfig is called * Prefix the long description of monodoc-dubs-1-manual with one space instead of two (Closes: #337032) * Add LSB formatted dependency info in the init script (Closes: #337644) -- Sjoerd Simons Wed, 9 Nov 2005 20:02:09 +0100 dbus (0.50-1) experimental; urgency=low * New upstream release -- Sjoerd Simons Thu, 8 Sep 2005 10:01:21 +0200 dbus (0.36.2-1) experimental; urgency=low * New upstream release * Fix descriptions to refer to dbus rather than dbus-1. * Make dbus-1-utils depend on dbus * debian/patches/dbus-sessionbus-checkuid.patch + Removed. Fixed upstream -- Sjoerd Simons Tue, 6 Sep 2005 09:26:19 +0200 dbus (0.36.1-1) experimental; urgency=low * New upstream release (Closes: #319593, #324016) * debian/patches/dbus_cmsgcred.patch + Removed. Fixed upstream. * debian/patches/dbus-gilstate.patch + Removed. Fixed upstream. * Sync with the ubuntu package + Remove dbus_bindings.{a,la} from python2.4-dbus + debian/patches/dbus-make-libtool-safe.patch - Added. Replace explicit libtool calls with $(LIBTOOL) in glib/Makefile.* + Don't include the .la files in the dev packages. + Don't restart dbus on upgrade. Too many applications don't handle it correctly. + Switched the init script to lsb-base + Ship dbus-binding-tool and dbus-viewer with dbus-1-utils -- Sjoerd Simons Fri, 26 Aug 2005 21:58:42 +0200 dbus (0.34-4) experimental; urgency=low * libdbus-1-cil improvements based on comments from Mirco Bauer + Call dh_clideps before dh_makeclilibs + libdbus-1-cil can be arch all + Use CLI instead of .NET in the package description * Add debian/patches/dbus-sessionbus-checkuid.patch: - bus/session.conf.in: Do not allow any user to connect to any session bus by default. - bus/policy.c: "allowed" now defaults to true if the connecting user id matches the session bus user id. - This stops other users from listening and sending to other user's session dbus instances. - References: CAN-2005-0201 https://bugs.freedesktop.org/show_bug.cgi?id=2436 * debian/patches/dbus-gilstate: Fix segfaults in python bindings. Patch by Anthony Baxter. * Add D-BUS monodoc documentation package * C++ transition -- Sjoerd Simons Mon, 11 Jul 2005 10:22:44 +0200 dbus (0.34-3) experimental; urgency=low * Build-depend on python-pyrex instead of python2.3-pyrex * debian/dbus.postinst + Forgot to rename dbus-1 to dbus in the previous package. * Rename libdbus-cil to libdbus-1-cil -- Sjoerd Simons Wed, 22 Jun 2005 18:53:22 +0200 dbus (0.34-2) experimental; urgency=low * debian/dbus.init + The even.d dir is in /etc/dbus-1 not in /etc/dbus -- Sjoerd Simons Tue, 21 Jun 2005 16:16:43 +0200 dbus (0.34-1) experimental; urgency=low * New upstream release * Build libdbus-cil on amd64 too (Closes: #314247) * Python bindings need python2.4, so build them against python2.4. -- Sjoerd Simons Mon, 20 Jun 2005 13:07:04 +0200 dbus (0.33-1) experimental; urgency=low * New upstream release (Closes: #299049) * Redone the package names to be much more sane. - Based on ubuntu's dbus 0.33 package by Daniel Stone. - dbus deamon goes into the dbus package instead of dbus-1 - glib bindings in libdbus-glib-1-1 instead of dbus-glib-1 - qt bindings in libdbus-qt-1-1 instead of dbus-qt-1 - Library component from dbus-1 goed into libdbus-1-1 * debian/patches/dbus-fixverbose.patch - Removed. Fixed upstream * debian/patches/dbus-getpwname.patch - Removed. Fixed upstream * debian/patches/fix-policy-group.patch - Removed. Not relevant anymore -- Sjoerd Simons Mon, 20 Jun 2005 11:12:12 +0200 dbus (0.23.4-2) unstable; urgency=low * Upload version with QT and Mono bindings to unstable. (Closes: #271895) (Closes: #271896) (Closes: #260044) (Closes: #290622) * debian/patches/dbus_cmsgcred.patch - Added. Fix syntax error on systems where HAVE_CMSGCRED is defined (Thanks to Michael Banck) (Closes: #311726) -- Sjoerd Simons Mon, 6 Jun 2005 22:48:08 +0200 dbus (0.23.4-1bindings0) experimental; urgency=low * Enable Mono and QT bindings. -- Sjoerd Simons Tue, 5 Apr 2005 22:15:29 +0200 dbus (0.23.4-1) unstable; urgency=low * New upstream release * debian/patches/dbus-abi-api.patch - Removed, fixed upstream * debian/patches/dbus-python-fix.patch - Removed, fixed upstream * debian/patches/fix-policy-group.patch - Stop segfaulting at " tags (Closes: #297495) * debian/patches/dbus-fixverbose.patch - Fix inaccurate messages in the debug output of the uid/gid lookup code (Thanks to Tom Parker) (Closes: #297497) * debian/patches/dbus-getpwname.patch * Add .la files in the -dev packages (Closes: #297936) -- Sjoerd Simons Wed, 30 Mar 2005 23:02:00 +0200 dbus (0.23.2-3) unstable; urgency=low * debian/patches/dbus-abi-api.patch - Fix dbus api and abi breakage between 0.23.1 and 0.23.2 (Closes: #297020) -- Sjoerd Simons Mon, 28 Feb 2005 15:05:19 +0100 dbus (0.23.2-2) unstable; urgency=low * debian/patches/dbus-python-fix.patch - Fix python bindings (Based on dbus CVS fix) -- Sjoerd Simons Thu, 24 Feb 2005 11:19:03 +0100 dbus (0.23.2-1bindings0) experimental; urgency=low * debian/patches/dbus-monofixes.patch + Removed. Fixed in this release -- Sjoerd Simons Thu, 17 Feb 2005 13:24:22 +0100 dbus (0.23.2-1) unstable; urgency=low * New upstream release -- Sjoerd Simons Wed, 23 Feb 2005 13:04:21 +0100 dbus (0.23.1-1bindings0) experimental; urgency=low * New upstream release * debian/patches/dbus-monofixes.patch + Added. Some mono fixes from dbus cvs -- Sjoerd Simons Thu, 17 Feb 2005 13:24:22 +0100 dbus (0.23-1mono1) experimental; urgency=low * Enable the qt bindings. Thanks to Kevin Ottens (Closes: #271895) (Closes: #271896) (Closes: #290622) -- Sjoerd Simons Sat, 22 Jan 2005 13:53:27 +0100 dbus (0.23-1mono0) experimental; urgency=low * Enable the mono bindings -- Sjoerd Simons Fri, 14 Jan 2005 17:54:26 +0100 dbus (0.23-1) unstable; urgency=low * New upstream release * Disable the mono bindings for the unstable packages untill mono goes into testing. -- Sjoerd Simons Fri, 14 Jan 2005 15:22:20 +0100 dbus (0.22+cvs.20050104-1) experimental; urgency=low * CVS snapshot * Package the dbus mono bindings for i386, powerpc and s390. Mostly based on patches from Edd Dumbill. (Closes: #260044) -- Sjoerd Simons Wed, 5 Jan 2005 18:20:47 +0100 dbus (0.22-4) unstable; urgency=low * Let the initscript check if the pid in the pidfile actually corresponds to a dbus daemon process (Closes: #285758) -- Sjoerd Simons Wed, 5 Jan 2005 16:55:45 +0100 dbus (0.22-3) unstable; urgency=medium * Actually ship the init script improvements mentioned in the previous upload. (please pass the brown paper bag) * Call run-parts --reverse on the event.d dir when stopping dbus (Closes: #269283) -- Sjoerd Simons Sat, 6 Nov 2004 16:17:40 +0100 dbus (0.22-2) unstable; urgency=medium * debian/patches/dbus-monitor.patch + Updated. Unbreak dbus-monitor when arguments are given. (From the ubuntu dbus package) * Use run-parts --arg instead of -a, which works with woody's run-parts (Closes: #269708) (Closes: #274702) * Use start-stop-daemon --retry when stopping to ensure the system bus stopped. Prevents race conditions with the dbus pidfile (Closes: #277148) * Add myself to Uploaders * Acknowledge my own NMU (Closes: #272862) -- Sjoerd Simons Tue, 02 Nov 2004 12:19:47 +0100 dbus (0.22-1.1) unstable; urgency=high * Non-maintainer upload with maintainers permission * debian/patches/dbus-python-64bit.patch + Added. Taken from dbus cvs. Add support for int64 and uint64 to the python bindings (Closes: #272862) * Urgency high because the hal package depending on this fix fixes RC bugs. -- Sjoerd Simons Sat, 25 Sep 2004 17:45:33 +0200 dbus (0.22-1) unstable; urgency=high * New upstream release. + Urgency high so it slips into sarge before the freeze. -- Daniel Stone Tue, 17 Aug 2004 00:42:56 +0100 dbus (0.21-7) unstable; urgency=low * Created /etc/dbus-1/event.d/ and added support to dbus' init script to run the files in it on stop/start/restart -- Daniel Silverstone Thu, 22 Jul 2004 14:13:44 +0100 dbus (0.21-6) unstable; urgency=low * Add a chown,chgrp to the init script to make sure the pid dir is owned by the messagebus user. * Modify the dbus-1 init script to remove some arguments from the invocation of start-stop-daemon so that it will work when being asked to stop a dbus instance which has a different executable to that installed. -- Daniel Silverstone Mon, 12 Jul 2004 21:56:45 +0100 dbus (0.21-5) unstable; urgency=low * Change debian/control to indicate that dbus is group maintained. * Build-depend on the version of python2.3-pyrex which theoretically has the fixed patch for coping with unsigned long int vs. long unsigned int * Removed the seddery introduced in 0.21-2 because the above build-depend change should ensure we're safe. -- Daniel Silverstone Mon, 5 Jul 2004 17:44:06 +0100 dbus (0.21-4) unstable; urgency=low * Updated debian/copyright to the AFL 2.0 closes: #239332 * Updated debian/dbus-1.init to create /var/run/dbus if it doesn't already exist. closes: #242639 -- Daniel Silverstone Fri, 18 Jun 2004 00:20:27 +0100 dbus (0.21-3) unstable; urgency=low * Add the sed call to Makefile.in too. Damn my forgetfulness. -- Daniel Silverstone Wed, 16 Jun 2004 18:06:28 +0100 dbus (0.21-2) unstable; urgency=low * Add a sed -e's/long unsigned/unsigned long/g' to the python bindings preparation line. This *should* solve the FTBFS on alpha, s390 and ia64 * Also, fix an a-umlaut to 'ae' in the changelog to prevent nasty debian-changelog-file-uses-obsolete-national-charset errors from lintian -- Daniel Silverstone Tue, 15 Jun 2004 19:26:12 +0100 dbus (0.21-1) unstable; urgency=low * New upstream version. + Fixes varargs crap - cleaner patch from David Zeuthen applied. (closes: #229274) * Added provides/replaces/conflicts on dbus-1-utils << 0.20-4, per -4's moving of manpages. -- Daniel Stone Sun, 21 Mar 2004 02:42:53 +1100 dbus (0.20-6) unstable; urgency=low * Add a touch of usage information to the top of the dbus Xsession.d file. Also since we've had confirmation that this file does enough, this version closes: #230835 * Add an extra rm -f $PIDFILE to /etc/init.d/dbus-1 to help on restart. closes: #229609 * Temporarily quiesce error reports in system.d/*.conf files when loading. This breaks the standard that the daemon shouldn't start with malformed configuration files, but at least for now it seems sensible to do. closes: #230231 NOTE: this is likely to be removed in a future version of dbus after the configuration file syntax stabilises. Please report bugs against packages which have configs which fail to parse with the latest dbus package. -- Daniel Silverstone Tue, 10 Feb 2004 00:46:52 +0000 dbus (0.20-5) unstable; urgency=low * Add an /etc/X11/Xsession.d/ entry to launch a session bus. You will need to add 'use-session-dbus' to your /etc/X11/Xsession.options file to enable it. -- Daniel Silverstone Tue, 3 Feb 2004 18:15:48 +0000 dbus (0.20-4) unstable; urgency=low * Ensure the manpages are installed into the right package. * Add /usr/lib/dbus-1.0/services to the dbus-1 package. (closes: #230413) * dbus-glib-1-dev now depends on libglib2.0-dev which is kinda needed in order to get glib-object.h * Removed the dbus-qt-1 and dbus-qt-1-dev packages until upstream actually do something with the binding (like putting some code into it) -- Daniel Silverstone Sun, 1 Feb 2004 22:22:59 +0000 dbus (0.20-3) unstable; urgency=high * Urgency high because the old package was virtually useless. * debian/patches/fix-varargs-usage.diff: + Merged patch from Michel Daenzer (thanks Michel!) to fix varargs usage, so we don't segfault on --system anymore. (closes: #229274, #229005, #229609) -- Daniel Stone Wed, 28 Jan 2004 06:51:07 +1100 dbus (0.20-2) unstable; urgency=low * The "gotta keep the ftpmaster cab^Whappy release". + Hey, I need the overrides ... * debian/python2.3-dbus.install: + Stop installing .a and .la files (thanks Daniel Silverstone). * debian/dbus-qt-1-dev.install: + Install the .la file ... yep, Daniel Silverstone * debian/patches/dbus-monitor.patch: + Patch from Daniel Silverstone to add suport for filters to dbus-monitor: only watch for certain events. * debian/rules: + Add --enable-verbose-mode to make debugging far more easier. - Daniel Silverstone strikes again! -- Daniel Stone Wed, 21 Jan 2004 11:07:37 +1100 dbus (0.20-1) unstable; urgency=low * New upstream release (closes: #223400). + This version includes Qt and Python support. - New packages: dbus-1-qt, python2.3-dbus. * debian/dbus-1.postinst: + Call addgroup with --system so it doesn't get a userspace GID. (closes: #222563) * debian/control, debian/rules: + Start building Qt and Python bindings. * debian/patches/dbus-python-signals-dze.patch: + Merged patch (already applied in HEAD) to enhance signal support in the Python interface; available from http://freedesktop.org/~david/dbus-python-signals-dze.patch. -- Daniel Stone Sat, 6 Dec 2003 00:17:50 +1100 dbus (0.13-1) unstable; urgency=low * New upstream release. * debian/control: + Update Maintainer address to debian.org. + Add Recommends: dbus-glib-1 to dbus-1-utils, for the dbus-monitor program. (closes: #213914) -- Daniel Stone Wed, 22 Oct 2003 13:54:53 +1000 dbus (0.12-4) unstable; urgency=low * debian/control: + Taking over from Colin as maintainer. + Bump debhelper Build-Dep to >=4.1.46, when dh_installlogcheck was first introduced. + Bump Standards-Version to 3.6.1. + Add Replaces/Provides/Conflicts on earlier dbus-1 versions to dbus-1-utils. * debian/dbus-1.init: + Clean up after the daemon's pidfile mess, ensuring smooth upgrades. (closes: #209143) -- Daniel Stone Mon, 22 Sep 2003 12:13:06 +1000 dbus (0.12-3) unstable; urgency=low * debian/control: - Break out utilities into separate dbus-1-utils package. -- Colin Walters Sat, 30 Aug 2003 20:07:28 -0400 dbus (0.12-2) unstable; urgency=low * debian/control: - [dbus-1] Add Depends on adduser (Closes: #204871) -- Colin Walters Sun, 10 Aug 2003 22:23:36 -0400 dbus (0.12-1) unstable; urgency=low * New upstream release. * debian/control: - Bump Standards-Version to 3.6.0, no changes required. -- Colin Walters Wed, 6 Aug 2003 01:50:13 -0400 dbus (0.11+cvs200307017-1) unstable; urgency=low * New upstream CVS snapshot. - Creates services directory (Closes: #198433) -- Colin Walters Thu, 17 Jul 2003 19:05:37 -0400 dbus (0.11+cvs20030528-2) unstable; urgency=low * debian/rules: - Include utils.mk. -- Colin Walters Thu, 29 May 2003 02:14:29 -0400 dbus (0.11+cvs20030528-1) unstable; urgency=low * New upstream CVS snapshot. * debian/control: - Build-Depend on latest cdbs to get some minor fixes. -- Colin Walters Wed, 28 May 2003 16:56:29 -0400 dbus (0.11-2) unstable; urgency=low * debian/control: - Add Build-Depends on cdbs, just because it's so freaking sweet. * debian/rules: - Convert to CDBS. * debian/rocks: - Removed. -- Colin Walters Mon, 19 May 2003 19:21:33 -0400 dbus (0.11-1) unstable; urgency=low * The "Bill Gates Grants Self 18 Dexterity, 20 Charisma" release. * New upstream release. * debian/control: - Bump Standards-Version to 3.5.10, no changes required. * debian/rocks: - No need to create system.d anymore, upstream does it now. -- Colin Walters Thu, 15 May 2003 22:01:23 -0400 dbus (0.10+cvs20030503-2) unstable; urgency=low * The "I've Got To Stop Taking Lives So Seriously" release. * debian/control: - Add Build-Depends on docbook-utils. -- Colin Walters Sat, 3 May 2003 16:58:20 -0400 dbus (0.10+cvs20030503-1) unstable; urgency=low * The "Chimp Study On Human-Evasion Response To Feces-Hurling Nearly Complete" release. * New upstream snapshot. - Includes some of my patches; this will among other things make the system bus go again. * debian/rocks: - Add --enable-docs to DEB_CONFIGURE_EXTRA_FLAGS. * debian/dbus-1-dev.install: - Update to handle new upstream .pc name. * debian/rules: - Update to latest version of Colin's Build System. -- Colin Walters Sat, 3 May 2003 03:58:53 -0400 dbus (0.10-1) unstable; urgency=low * The "West-Wing Tech-Support' Crew Be A Buncha Wack Bitches" release. * New upstream release. * debian/dbus-1.install: - Install all binaries. * debian/dbus-1-dev.install: - Install headers from /usr/lib/dbus-1.0 too. * debian/rocks: - Create etc/dbus-1/system.d. -- Colin Walters Mon, 28 Apr 2003 17:29:50 -0400 dbus (0.9-2) unstable; urgency=low * The "New Fox Reality Show To Determine Ruler Of Iraq" release. * debian/rocks: - Generate API docs via doxygen (Closes: #185470) * debian/control: - Build-Depend on doxygen. * debian/dbus-1-doc.install: - Install docs in correct place. - Install newly generated doxygen docs. * debian/rules: - Update to latest version of Colin's Build System. - Eagerly await ftpmaster installing build-common. -- Colin Walters Wed, 23 Apr 2003 23:40:00 -0400 dbus (0.9-1) unstable; urgency=low * The "Starbucks To Begin Sinister 'Phase Two' Of Operation" release. * New upstream release. * debian/control: - Drop "lib*" prefix from all packages, and change suffix from "0" to "-1". D-BUS isn't technically just a shared library; it also includes a daemon. This could really go either way; I could just put the daemon in the libdbus0 package and be done with it, but I think that's more confusing in the end, since people have been very conditioned to expect libfoo -> just shared library. - Add Conflicts: and Replaces: on older lib* packages. - Remove Provides and Conflicts on libdbus-dev in new dbus-1-dev package, since they are actually parallel installable. - Ditto for libdbus-glib0-dev. - Touch up descriptions. - Update to Standards-Version: 3.5.9; no changes required. - Add libexpat-dev to Build-Depends. * debian/dbus0.init: - New file; runs the D-BUS daemon. * debian/dbus0.default: - New file. * debian/dbus0.postinst: - New file; creates the messagebus user and stuff. * debian/dbus0.install: - Install configuration files. * debian/rocks: - Add --with-xml=expat. - Update to correspond with changes to debian/control. - Make dbus-glib-1 package be built after dbus-1 package. - Add debian/dbus-1/usr/lib to DEB_SHLIBDEPS_INCLUDE_dbus-glib-1 so we pick up the right shlibs. * debian/rules: - Update to latest version of Colin's Build System. -- Colin Walters Sun, 13 Apr 2003 23:40:29 -0400 dbus (0.6-1) unstable; urgency=low * New upstream release. * debian/control: - [libdbus0] Flesh out description somewhat. -- Colin Walters Tue, 18 Mar 2003 10:50:42 -0500 dbus (0.5-2) unstable; urgency=low * debian/libdbus0-dev.install: - Don't include dbus-glib-1.0.pc. - Don't include dbus-glib-1.a or .so. -- Colin Walters Thu, 6 Mar 2003 23:17:53 -0500 dbus (0.5-1) unstable; urgency=low * Initial version (Closes: #183739) -- Colin Walters Thu, 6 Mar 2003 17:58:06 -0500 debian/dbus-1-dbg.NEWS0000664000000000000000000000106212240207265011512 0ustar dbus (1.4.8-4) UNRELEASED; urgency=low Versions of libdbus, dbus-daemon etc. with debugging, verbose output and self-tests enabled are now installed in /usr/lib/`dpkg-architecture -qDEB_HOST_MULTIARCH`/dbus-1.0/debug-build for use in debugging D-Bus-related issues. The debug versions of dbus-daemon etc. can be used by adding the bin directory to the PATH, while the debug version of libdbus can be used via LD_PRELOAD or by adding the lib directory to the LD_LIBRARY_PATH. -- Simon McVittie Wed, 01 Jun 2011 14:18:00 +0100 debian/libdbus-1-3.postinst0000664000000000000000000000412012240207265012714 0ustar #!/bin/sh set -e if [ "$1" = configure ]; then # A dependent library of Upstart has changed, so restart Upstart # such that it can safely unmount the root filesystem (LP: #740390) # Query running version of Upstart, but only when we know # that initctl will work. # # The calculated version string may be the null string if # Upstart is not running (where for example an alternative # init is running outside a chroot environment) or if the # query failed for some reason. However, the version check # below handles a null version string correctly. UPSTART_VERSION_RUNNING=$(initctl version 2>/dev/null |\ awk '{print $3}'|tr -d ')' || :) if ischroot; then # Do not honour re-exec when requested from within a # chroot since: # # (a) The version of Upstart outside might not support it. # (b) An isolated environment such as a chroot should # not be able to modify its containing environment. # # A sufficiently new Upstart will actually handle a re-exec # request coming from telinit within a chroot correctly (by # doing nothing) but it's simple enough to perform the check # here and save Upstart the effort. : elif dpkg --compare-versions "$UPSTART_VERSION_RUNNING" ge 1.6.1; then # We are not running inside a chroot and the running version # of Upstart supports stateful re-exec, so we can # restart immediately. # # XXX: Note that the check on the running version must # remain *indefinitely* since it's the only safe way to # know if stateful re-exec is supported: simply checking # packaged version numbers is not sufficient since # the package could be upgraded multiple times without a # reboot. telinit u || : else # Before we shutdown or reboot, we need to re-exec so that we # can safely remount the root filesystem; we can't just do that # here because we lose state. touch /var/run/init.upgraded || : fi fi #DEBHELPER# debian/dbus.default0000664000000000000000000000045112240207265011473 0ustar # This is a configuration file for /etc/init.d/dbus; it allows you to # perform common modifications to the behavior of the dbus daemon # startup without editing the init script (and thus getting prompted # by dpkg on upgrades). We all love dpkg prompts. # Parameters to pass to dbus. PARAMS="" debian/source/0000775000000000000000000000000012240207265010470 5ustar debian/source/format0000664000000000000000000000001412240207265011676 0ustar 3.0 (quilt) debian/source/options0000664000000000000000000000005412240207265012105 0ustar extend-diff-ignore = "(^|/)doc/[^.]*\.html" debian/compat0000664000000000000000000000000212240207265010366 0ustar 9 debian/libdbus-1-dev.lintian-overrides0000664000000000000000000000020312240207265015101 0ustar # false positive: we only say dbus when talking about a package name libdbus-1-dev: capitalization-error-in-description dbus D-Bus debian/dbus.user-session.upstart0000664000000000000000000000123112316652646014217 0ustar description "DBus Session Bus" author "Stéphane Graber " start on starting xsession-init env DBUS_DEBUG_OUTPUT=1 respawn expect fork pre-start script DBUS_SESSION_BUS_ADDRESS=unix:abstract=$(mktemp -u /tmp/dbus-XXXXXXXXXX) initctl set-env --global DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION_BUS_ADDRESS [ -d "$HOME/.cache/upstart" ] || mkdir -p "$HOME/.cache/upstart" echo "DBUS_SESSION_BUS_ADDRESS=${DBUS_SESSION_BUS_ADDRESS}" >$HOME/.cache/upstart/dbus-session end script exec dbus-daemon --fork --session --address="$DBUS_SESSION_BUS_ADDRESS" post-start exec initctl notify-dbus-address "$DBUS_SESSION_BUS_ADDRESS" || true debian/patches/0000775000000000000000000000000012777426644010642 5ustar debian/patches/0005-activation-implement-upstart-activation.patch0000664000000000000000000001634512240207265022223 0ustar From d713b4bed89486d9c164168517b20223c2bbece5 Mon Sep 17 00:00:00 2001 From: Scott James Remnant Date: Wed, 22 Dec 2010 14:08:14 +0000 Subject: [PATCH 5/5] activation: implement upstart activation Upstart activation is performed by emitting a dbus-activation event within Upstart, and then simply expecting the appropriate bus name to appear. e.g. start on dbus-activation org.freedesktop.UDisks exec /usr/lib/udisks/udsks-daemon --- bus/activation.c | 170 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 170 insertions(+), 0 deletions(-) Index: dbus-1.4.16/bus/activation.c =================================================================== --- dbus-1.4.16.orig/bus/activation.c 2011-10-18 18:11:06.414135027 +0200 +++ dbus-1.4.16/bus/activation.c 2011-10-18 18:11:09.086135156 +0200 @@ -1935,6 +1935,176 @@ if (was_pending_activation) return TRUE; + if (bus_context_get_activation_type (activation->context) == ACTIVATION_UPSTART) + { + BusRegistry *registry; + DBusString service_string; + BusService *service; + + /* Check whether Upstart is connected */ + registry = bus_connection_get_registry (connection); + _dbus_string_init_const (&service_string, "com.ubuntu.Upstart"); + service = bus_registry_lookup (registry, &service_string); + + if (entry->upstart_job + && (service != NULL)) + { + BusTransaction *activation_transaction; + DBusMessageIter iter; + const char *event_name; + int wait_for_event; + DBusMessageIter array_iter; + DBusString entry; + const char *entry_str; + char **e; + + /* Upstart activation is done by event; rather than naming a + job, we name the bus name to be activated; this is included + in the event environment along with the activation environment + so that gets passed correctly to jobs. */ + + /* Create the message */ + message = dbus_message_new_method_call ("com.ubuntu.Upstart", + "/com/ubuntu/Upstart", + "com.ubuntu.Upstart0_6", + "EmitEvent"); + if (!message) + { + _dbus_verbose ("No memory to create activation message\n"); + BUS_SET_OOM (error); + return FALSE; + } + + if (!dbus_message_set_sender (message, DBUS_SERVICE_DBUS)) + { + _dbus_verbose ("No memory to set sender of activation message\n"); + dbus_message_unref (message); + BUS_SET_OOM (error); + return FALSE; + } + + dbus_message_iter_init_append (message, &iter); + + event_name = "dbus-activation"; + if (!dbus_message_iter_append_basic (&iter, DBUS_TYPE_STRING, &event_name)) + { + _dbus_verbose ("No memory to set args of activation message\n"); + dbus_message_unref (message); + BUS_SET_OOM (error); + return FALSE; + } + + if (!dbus_message_iter_open_container (&iter, DBUS_TYPE_ARRAY, DBUS_TYPE_STRING_AS_STRING, + &array_iter)) + { + _dbus_verbose ("No memory to set args of activation message\n"); + dbus_message_unref (message); + BUS_SET_OOM (error); + return FALSE; + } + + if (!_dbus_string_init (&entry)) + { + _dbus_verbose ("No memory to create activation message environment\n"); + dbus_message_unref (message); + BUS_SET_OOM (error); + return FALSE; + } + + if (!_dbus_string_append_printf (&entry, "SERVICE=%s", service_name)) + { + _dbus_verbose ("No memory to create activation message environment\n"); + _dbus_string_free (&entry); + dbus_message_unref (message); + BUS_SET_OOM (error); + return FALSE; + } + + entry_str = _dbus_string_get_data (&entry); + + if (!dbus_message_iter_append_basic (&array_iter, DBUS_TYPE_STRING, &entry_str)) + { + _dbus_verbose ("No memory to set args of activation message\n"); + dbus_message_unref (message); + BUS_SET_OOM (error); + return FALSE; + } + + _dbus_string_free (&entry); + + + envp = bus_activation_get_environment (activation); + + if (envp == NULL) + { + _dbus_verbose ("No memory to get environment for activation message\n"); + BUS_SET_OOM (error); + return FALSE; + } + + for (e = envp; *e; e++) + { + if (!dbus_message_iter_append_basic (&array_iter, DBUS_TYPE_STRING, e)) + { + _dbus_verbose ("No memory to set args of activation message\n"); + dbus_message_unref (message); + dbus_free_string_array (envp); + BUS_SET_OOM (error); + return FALSE; + } + } + + dbus_free_string_array (envp); + + if (!dbus_message_iter_close_container (&iter, &array_iter)) + { + _dbus_verbose ("No memory to set args of activation message\n"); + dbus_message_unref (message); + BUS_SET_OOM (error); + return FALSE; + } + + wait_for_event = FALSE; + if (!dbus_message_iter_append_basic (&iter, DBUS_TYPE_BOOLEAN, &wait_for_event)) + { + _dbus_verbose ("No memory to set args of activation message\n"); + dbus_message_unref (message); + BUS_SET_OOM (error); + return FALSE; + } + + /* Create the transaction */ + activation_transaction = bus_transaction_new (activation->context); + if (activation_transaction == NULL) + { + _dbus_verbose ("No memory to create activation transaction\n"); + dbus_message_unref (message); + BUS_SET_OOM (error); + return FALSE; + } + + retval = bus_dispatch_matches (activation_transaction, NULL, bus_service_get_primary_owners_connection (service), + message, error); + dbus_message_unref (message); + + if (!retval) + { + _DBUS_ASSERT_ERROR_IS_SET (error); + _dbus_verbose ("failed to send activation message: %s\n", error->name); + bus_transaction_cancel_and_free (activation_transaction); + return FALSE; + } + + bus_transaction_execute_and_free (activation_transaction); + + /* Now we just wait for the bus name to appear */ + return TRUE; + } + + /* Configured service without UpstartJob=, fallback to traditional + activation. */ + } + if (bus_context_get_activation_type (activation->context) == ACTIVATION_SYSTEMD) { if (strcmp (service_name, "org.freedesktop.systemd1") == 0) debian/patches/CVE-2014-3638.patch0000664000000000000000000000143112406316327013245 0ustar Description: fix denial of service via large number of pending replies Origin: upstream, http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=6060aaa0ea1e9bbe1dd7a1864c8df52e333a45ee Bug: https://bugs.freedesktop.org/show_bug.cgi?id=81053 Index: dbus-1.6.18/bus/config-parser.c =================================================================== --- dbus-1.6.18.orig/bus/config-parser.c 2014-09-17 10:15:27.914200367 -0400 +++ dbus-1.6.18/bus/config-parser.c 2014-09-17 10:15:40.358200437 -0400 @@ -462,7 +462,7 @@ /* this is effectively a limit on message queue size for messages * that require a reply */ - parser->limits.max_replies_per_connection = 1024*8; + parser->limits.max_replies_per_connection = 128; } parser->refcount = 1; debian/patches/CVE-2014-3637.patch0000664000000000000000000004460712406316123013252 0ustar Description: fix denial of service via persistent file descriptiors Origin: upstream, http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=e17a921be676bcc89373ec1a9f368fe8b36f1073 Origin: upstream, http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=52abb5172f7426bb3f1dbe63a2b3a2d2ea7e7ac2 Origin: upstream, http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=01e32d6ddcfdcbd63cf1c8053f6e5d2ffdfbaa91 Origin: upstream, http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=b027c421de0bc3858cc1139149c613958100c2bd Bug: https://bugs.freedesktop.org/show_bug.cgi?id=80559 Index: dbus-1.6.18/bus/bus.c =================================================================== --- dbus-1.6.18.orig/bus/bus.c 2014-09-17 10:14:10.466199930 -0400 +++ dbus-1.6.18/bus/bus.c 2014-09-17 10:14:20.718199988 -0400 @@ -1244,6 +1244,12 @@ } int +bus_context_get_pending_fd_timeout (BusContext *context) +{ + return context->limits.pending_fd_timeout; +} + +int bus_context_get_max_completed_connections (BusContext *context) { return context->limits.max_completed_connections; Index: dbus-1.6.18/bus/bus.h =================================================================== --- dbus-1.6.18.orig/bus/bus.h 2014-09-17 10:14:10.466199930 -0400 +++ dbus-1.6.18/bus/bus.h 2014-09-17 10:14:20.718199988 -0400 @@ -55,6 +55,7 @@ long max_message_unix_fds; /**< Max number of unix fds of a single message*/ int activation_timeout; /**< How long to wait for an activation to time out */ int auth_timeout; /**< How long to wait for an authentication to time out */ + int pending_fd_timeout; /**< How long to wait for a D-Bus message with a fd to time out */ int max_completed_connections; /**< Max number of authorized connections */ int max_incomplete_connections; /**< Max number of incomplete connections */ int max_connections_per_user; /**< Max number of connections auth'd as same user */ @@ -107,6 +108,7 @@ DBusError *error); int bus_context_get_activation_timeout (BusContext *context); int bus_context_get_auth_timeout (BusContext *context); +int bus_context_get_pending_fd_timeout (BusContext *context); int bus_context_get_max_completed_connections (BusContext *context); int bus_context_get_max_incomplete_connections (BusContext *context); int bus_context_get_max_connections_per_user (BusContext *context); Index: dbus-1.6.18/bus/config-parser.c =================================================================== --- dbus-1.6.18.orig/bus/config-parser.c 2014-09-17 10:14:10.650199931 -0400 +++ dbus-1.6.18/bus/config-parser.c 2014-09-17 10:14:54.758200180 -0400 @@ -429,6 +429,11 @@ * password) is allowed, then potentially it has to be quite long. */ parser->limits.auth_timeout = 30000; /* 30 seconds */ + + /* Do not allow a fd to stay forever in dbus-daemon + * https://bugs.freedesktop.org/show_bug.cgi?id=80559 + */ + parser->limits.pending_fd_timeout = 150000; /* 2.5 minutes */ parser->limits.max_incomplete_connections = 64; parser->limits.max_connections_per_user = 256; @@ -1913,6 +1918,12 @@ must_be_int = TRUE; parser->limits.auth_timeout = value; } + else if (strcmp (name, "pending_fd_timeout") == 0) + { + must_be_positive = TRUE; + must_be_int = TRUE; + parser->limits.pending_fd_timeout = value; + } else if (strcmp (name, "reply_timeout") == 0) { must_be_positive = TRUE; @@ -3121,6 +3132,7 @@ || a->max_message_unix_fds == b->max_message_unix_fds || a->activation_timeout == b->activation_timeout || a->auth_timeout == b->auth_timeout + || a->pending_fd_timeout == b->pending_fd_timeout || a->max_completed_connections == b->max_completed_connections || a->max_incomplete_connections == b->max_incomplete_connections || a->max_connections_per_user == b->max_connections_per_user Index: dbus-1.6.18/bus/connection.c =================================================================== --- dbus-1.6.18.orig/bus/connection.c 2014-09-17 10:14:10.466199930 -0400 +++ dbus-1.6.18/bus/connection.c 2014-09-17 10:15:13.574200286 -0400 @@ -34,6 +34,7 @@ #include #include #include +#include /* Trim executed commands to this length; we want to keep logs readable */ #define MAX_LOG_COMMAND_LEN 50 @@ -104,6 +105,8 @@ int peak_match_rules; int peak_bus_names; #endif + int n_pending_unix_fds; + DBusTimeout *pending_unix_fds_timeout; } BusConnectionData; static dbus_bool_t bus_pending_reply_expired (BusExpireList *list, @@ -270,6 +273,15 @@ dbus_connection_set_dispatch_status_function (connection, NULL, NULL, NULL); + + if (d->pending_unix_fds_timeout) + { + _dbus_loop_remove_timeout (bus_context_get_loop (d->connections->context), + d->pending_unix_fds_timeout); + _dbus_timeout_unref (d->pending_unix_fds_timeout); + } + d->pending_unix_fds_timeout = NULL; + _dbus_connection_set_pending_fds_function (connection, NULL, NULL); bus_connection_remove_transactions (connection); @@ -593,6 +605,42 @@ return FALSE; } +static void +check_pending_fds_cb (DBusConnection *connection) +{ + BusConnectionData *d = BUS_CONNECTION_DATA (connection); + int n_pending_unix_fds_old = d->n_pending_unix_fds; + int n_pending_unix_fds_new; + + n_pending_unix_fds_new = _dbus_connection_get_pending_fds_count (connection); + + _dbus_verbose ("Pending fds count changed on connection %p: %d -> %d\n", + connection, n_pending_unix_fds_old, n_pending_unix_fds_new); + + if (n_pending_unix_fds_old == 0 && n_pending_unix_fds_new > 0) + { + _dbus_timeout_set_interval (d->pending_unix_fds_timeout, + bus_context_get_pending_fd_timeout (d->connections->context)); + _dbus_timeout_set_enabled (d->pending_unix_fds_timeout, TRUE); + } + + if (n_pending_unix_fds_old > 0 && n_pending_unix_fds_new == 0) + { + _dbus_timeout_set_enabled (d->pending_unix_fds_timeout, FALSE); + } + + + d->n_pending_unix_fds = n_pending_unix_fds_new; +} + +static dbus_bool_t +pending_unix_fds_timeout_cb (void *data) +{ + DBusConnection *connection = data; + dbus_connection_close (connection); + return TRUE; +} + dbus_bool_t bus_connections_setup_connection (BusConnections *connections, DBusConnection *connection) @@ -701,6 +749,22 @@ } } + /* Setup pending fds timeout (see #80559) */ + d->pending_unix_fds_timeout = _dbus_timeout_new (100, /* irrelevant */ + pending_unix_fds_timeout_cb, + connection, NULL); + if (d->pending_unix_fds_timeout == NULL) + goto out; + + _dbus_timeout_set_enabled (d->pending_unix_fds_timeout, FALSE); + if (!_dbus_loop_add_timeout (bus_context_get_loop (connections->context), + d->pending_unix_fds_timeout)) + goto out; + + _dbus_connection_set_pending_fds_function (connection, + (DBusPendingFdsChangeFunction) check_pending_fds_cb, + connection); + _dbus_list_append_link (&connections->incomplete, d->link_in_connection_list); connections->n_incomplete += 1; @@ -766,6 +830,13 @@ dbus_connection_set_dispatch_status_function (connection, NULL, NULL, NULL); + if (d->pending_unix_fds_timeout) + _dbus_timeout_unref (d->pending_unix_fds_timeout); + + d->pending_unix_fds_timeout = NULL; + + _dbus_connection_set_pending_fds_function (connection, NULL, NULL); + if (d->link_in_connection_list != NULL) { _dbus_assert (d->link_in_connection_list->next == NULL); Index: dbus-1.6.18/bus/session.conf.in =================================================================== --- dbus-1.6.18.orig/bus/session.conf.in 2014-09-17 10:14:10.650199931 -0400 +++ dbus-1.6.18/bus/session.conf.in 2014-09-17 10:14:20.718199988 -0400 @@ -57,6 +57,7 @@ limit is also relatively low --> 120000 240000 + 150000 100000 10000 100000 Index: dbus-1.6.18/cmake/bus/dbus-daemon.xml =================================================================== --- dbus-1.6.18.orig/cmake/bus/dbus-daemon.xml 2012-08-13 14:08:25.000000000 -0400 +++ dbus-1.6.18/cmake/bus/dbus-daemon.xml 2014-09-17 10:14:20.718199988 -0400 @@ -401,7 +401,11 @@ "auth_timeout" : milliseconds (thousandths) a connection is given to authenticate - "max_completed_connections" : max number of authenticated connections + "pending_fd_timeout" : milliseconds (thousandths) a + fd is given to be transmitted to + dbus-daemon before disconnecting the + connection + "max_completed_connections" : max number of authenticated connections "max_incomplete_connections" : max number of unauthenticated connections "max_connections_per_user" : max number of completed connections from Index: dbus-1.6.18/dbus/dbus-connection-internal.h =================================================================== --- dbus-1.6.18.orig/dbus/dbus-connection-internal.h 2012-08-13 14:08:25.000000000 -0400 +++ dbus-1.6.18/dbus/dbus-connection-internal.h 2014-09-17 10:15:11.270200273 -0400 @@ -44,6 +44,8 @@ /** default timeout value when waiting for a message reply, 25 seconds */ #define _DBUS_DEFAULT_TIMEOUT_VALUE (25 * 1000) +typedef void (* DBusPendingFdsChangeFunction) (void *data); + void _dbus_connection_lock (DBusConnection *connection); void _dbus_connection_unlock (DBusConnection *connection); DBusConnection * _dbus_connection_ref_unlocked (DBusConnection *connection); @@ -100,6 +102,10 @@ DBusMutex **io_path_mutex_loc, DBusCondVar **dispatch_cond_loc, DBusCondVar **io_path_cond_loc); +int _dbus_connection_get_pending_fds_count (DBusConnection *connection); +void _dbus_connection_set_pending_fds_function (DBusConnection *connection, + DBusPendingFdsChangeFunction callback, + void *data); /* if DBUS_ENABLE_STATS */ void _dbus_connection_get_stats (DBusConnection *connection, Index: dbus-1.6.18/dbus/dbus-connection.c =================================================================== --- dbus-1.6.18.orig/dbus/dbus-connection.c 2013-09-13 07:34:53.000000000 -0400 +++ dbus-1.6.18/dbus/dbus-connection.c 2014-09-17 10:15:11.274200273 -0400 @@ -2532,6 +2532,33 @@ dbus_pending_call_unref (pending); } +/** + * Return how many file descriptors are pending in the loader + * + * @param connection the connection + */ +int +_dbus_connection_get_pending_fds_count (DBusConnection *connection) +{ + return _dbus_transport_get_pending_fds_count (connection->transport); +} + +/** + * Register a function to be called whenever the number of pending file + * descriptors in the loader change. + * + * @param connection the connection + * @param callback the callback + */ +void +_dbus_connection_set_pending_fds_function (DBusConnection *connection, + DBusPendingFdsChangeFunction callback, + void *data) +{ + _dbus_transport_set_pending_fds_function (connection->transport, + callback, data); +} + /** @} */ /** Index: dbus-1.6.18/dbus/dbus-message-internal.h =================================================================== --- dbus-1.6.18.orig/dbus/dbus-message-internal.h 2012-06-06 06:45:55.000000000 -0400 +++ dbus-1.6.18/dbus/dbus-message-internal.h 2014-09-17 10:15:11.274200273 -0400 @@ -97,6 +97,10 @@ void _dbus_message_loader_set_max_message_unix_fds(DBusMessageLoader *loader, long n); long _dbus_message_loader_get_max_message_unix_fds(DBusMessageLoader *loader); +int _dbus_message_loader_get_pending_fds_count (DBusMessageLoader *loader); +void _dbus_message_loader_set_pending_fds_function (DBusMessageLoader *loader, + void (* callback) (void *), + void *data); typedef struct DBusInitialFDs DBusInitialFDs; DBusInitialFDs *_dbus_check_fdleaks_enter (void); Index: dbus-1.6.18/dbus/dbus-message-private.h =================================================================== --- dbus-1.6.18.orig/dbus/dbus-message-private.h 2012-06-06 06:45:55.000000000 -0400 +++ dbus-1.6.18/dbus/dbus-message-private.h 2014-09-17 10:15:11.274200273 -0400 @@ -80,6 +80,8 @@ int *unix_fds; /**< File descriptors that have been read from the transport but not yet been handed to any message. Array will be allocated at first use. */ unsigned n_unix_fds_allocated; /**< Number of file descriptors this array has space for */ unsigned n_unix_fds; /**< Number of valid file descriptors in array */ + void (* unix_fds_change) (void *); /**< Notify when the pending fds change */ + void *unix_fds_change_data; #endif }; Index: dbus-1.6.18/dbus/dbus-message.c =================================================================== --- dbus-1.6.18.orig/dbus/dbus-message.c 2014-09-17 10:14:10.650199931 -0400 +++ dbus-1.6.18/dbus/dbus-message.c 2014-09-17 10:15:11.274200273 -0400 @@ -3984,6 +3984,9 @@ loader->n_unix_fds += n_fds; loader->unix_fds_outstanding = FALSE; + + if (n_fds && loader->unix_fds_change) + loader->unix_fds_change (loader->unix_fds_change_data); #else _dbus_assert_not_reached("Platform doesn't support unix fd passing"); #endif @@ -4131,6 +4134,9 @@ message->n_unix_fds_allocated = message->n_unix_fds = n_unix_fds; loader->n_unix_fds -= n_unix_fds; memmove (loader->unix_fds, loader->unix_fds + n_unix_fds, loader->n_unix_fds * sizeof (loader->unix_fds[0])); + + if (loader->unix_fds_change) + loader->unix_fds_change (loader->unix_fds_change_data); } else message->unix_fds = NULL; @@ -4428,6 +4434,40 @@ _DBUS_DEFINE_GLOBAL_LOCK (message_slots); /** + * Return how many file descriptors are pending in the loader + * + * @param loader the loader + */ +int +_dbus_message_loader_get_pending_fds_count (DBusMessageLoader *loader) +{ +#ifdef HAVE_UNIX_FD_PASSING + return loader->n_unix_fds; +#else + return 0; +#endif +} + +/** + * Register a function to be called whenever the number of pending file + * descriptors in the loader change. + * + * @param loader the loader + * @param callback the callback + * @param data the data for the callback + */ +void +_dbus_message_loader_set_pending_fds_function (DBusMessageLoader *loader, + void (* callback) (void *), + void *data) +{ +#ifdef HAVE_UNIX_FD_PASSING + loader->unix_fds_change = callback; + loader->unix_fds_change_data = data; +#endif +} + +/** * Allocates an integer ID to be used for storing application-specific * data on any DBusMessage. The allocated ID may then be used * with dbus_message_set_data() and dbus_message_get_data(). Index: dbus-1.6.18/dbus/dbus-transport.c =================================================================== --- dbus-1.6.18.orig/dbus/dbus-transport.c 2012-08-13 14:08:25.000000000 -0400 +++ dbus-1.6.18/dbus/dbus-transport.c 2014-09-17 10:15:11.278200273 -0400 @@ -1491,6 +1491,33 @@ transport->allow_anonymous = value != FALSE; } +/** + * Return how many file descriptors are pending in the loader + * + * @param transport the transport + */ +int +_dbus_transport_get_pending_fds_count (DBusTransport *transport) +{ + return _dbus_message_loader_get_pending_fds_count (transport->loader); +} + +/** + * Register a function to be called whenever the number of pending file + * descriptors in the loader change. + * + * @param transport the transport + * @param callback the callback + */ +void +_dbus_transport_set_pending_fds_function (DBusTransport *transport, + void (* callback) (void *), + void *data) +{ + _dbus_message_loader_set_pending_fds_function (transport->loader, + callback, data); +} + #ifdef DBUS_ENABLE_STATS void _dbus_transport_get_stats (DBusTransport *transport, Index: dbus-1.6.18/dbus/dbus-transport.h =================================================================== --- dbus-1.6.18.orig/dbus/dbus-transport.h 2012-06-06 06:45:55.000000000 -0400 +++ dbus-1.6.18/dbus/dbus-transport.h 2014-09-17 10:15:11.278200273 -0400 @@ -96,6 +96,10 @@ const char **mechanisms); void _dbus_transport_set_allow_anonymous (DBusTransport *transport, dbus_bool_t value); +int _dbus_transport_get_pending_fds_count (DBusTransport *transport); +void _dbus_transport_set_pending_fds_function (DBusTransport *transport, + void (* callback) (void *), + void *data); /* if DBUS_ENABLE_STATS */ void _dbus_transport_get_stats (DBusTransport *transport, debian/patches/81-session.conf-timeout.patch0000664000000000000000000000135112240207265016161 0ustar # Description: Raise the service startup timeout from 25 to 60 seconds. It may be too short on the live CD with slow machines. # UbuntuSpecific: Debian and upstream are not concerned about live CDs --- dbus-1.2.14.orig/bus/session.conf.in 2006-11-19 23:58:47.378368108 +0100 +++ dbus-1.2.14/bus/session.conf.in 2006-11-19 23:59:13.123835260 +0100 @@ -25,6 +25,10 @@ + + 60000 + session.d debian/patches/00git_sd_daemon_update.patch0000664000000000000000000000305212240207265016136 0ustar From 751f6783c4e185b05765e7217c782dcb6f0df3e9 Mon Sep 17 00:00:00 2001 From: Martin Pitt Date: Thu, 21 Mar 2013 08:37:48 +0000 Subject: Update sd-daemon.[hc] from upstream This fixes sd_booted() to actually mean "have systemd init", which we need for _dbus_init_system_log() to decide whether systemd journal is being used. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=62585 Reviewed-by: Simon McVittie --- Index: dbus-1.6.8/dbus/sd-daemon.c =================================================================== --- dbus-1.6.8.orig/dbus/sd-daemon.c 2013-04-29 11:41:37.876051474 -0700 +++ dbus-1.6.8/dbus/sd-daemon.c 2013-04-29 11:41:37.872051473 -0700 @@ -25,7 +25,7 @@ ***/ #ifndef _GNU_SOURCE -#define _GNU_SOURCE +# define _GNU_SOURCE #endif #include @@ -418,18 +418,15 @@ #if defined(DISABLE_SYSTEMD) || !defined(__linux__) return 0; #else + struct stat st; - struct stat a, b; + /* We test whether the runtime unit file directory has been + * created. This takes place in mount-setup.c, so is + * guaranteed to happen very early during boot. */ - /* We simply test whether the systemd cgroup hierarchy is - * mounted */ - - if (lstat("/sys/fs/cgroup", &a) < 0) - return 0; - - if (lstat("/sys/fs/cgroup/systemd", &b) < 0) + if (lstat("/run/systemd/system/", &st) < 0) return 0; - return a.st_dev != b.st_dev; + return !!S_ISDIR(st.st_mode); #endif } debian/patches/CVE-2014-3636.patch0000664000000000000000000000653312406315453013252 0ustar Description: fix denial of service via large number of fds Origin: upstream, http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=346da99f7620e6901e7c7babd4590fcc5aac32bf Bug: https://bugs.freedesktop.org/show_bug.cgi?id=82820 Index: dbus-1.6.18/bus/config-parser.c =================================================================== --- dbus-1.6.18.orig/bus/config-parser.c 2014-09-17 10:13:48.706199807 -0400 +++ dbus-1.6.18/bus/config-parser.c 2014-09-17 10:14:04.102199894 -0400 @@ -414,9 +414,9 @@ maximum number of file descriptors we can receive. Picking a high value here thus translates directly to more memory allocation. */ - parser->limits.max_incoming_unix_fds = 1024*4; - parser->limits.max_outgoing_unix_fds = 1024*4; - parser->limits.max_message_unix_fds = 1024; + parser->limits.max_incoming_unix_fds = DBUS_DEFAULT_MESSAGE_UNIX_FDS*4; + parser->limits.max_outgoing_unix_fds = DBUS_DEFAULT_MESSAGE_UNIX_FDS*4; + parser->limits.max_message_unix_fds = DBUS_DEFAULT_MESSAGE_UNIX_FDS; /* Making this long means the user has to wait longer for an error * message if something screws up, but making it too short means Index: dbus-1.6.18/bus/session.conf.in =================================================================== --- dbus-1.6.18.orig/bus/session.conf.in 2014-09-17 10:13:48.650199807 -0400 +++ dbus-1.6.18/bus/session.conf.in 2014-09-17 10:14:04.102199894 -0400 @@ -53,7 +53,8 @@ 1000000000 250000000 1000000000 - 4096 + 120000 240000 100000 Index: dbus-1.6.18/dbus/dbus-message.c =================================================================== --- dbus-1.6.18.orig/dbus/dbus-message.c 2014-09-17 10:13:48.830199808 -0400 +++ dbus-1.6.18/dbus/dbus-message.c 2014-09-17 10:14:04.102199894 -0400 @@ -35,6 +35,7 @@ #include "dbus-list.h" #include "dbus-threads-internal.h" #ifdef HAVE_UNIX_FD_PASSING +#include "dbus-sysdeps.h" #include "dbus-sysdeps-unix.h" #endif @@ -3802,7 +3803,7 @@ SCM_RIGHTS works we need to preallocate an fd array of the maximum number of unix fds we want to receive in advance. A try-and-reallocate loop is not possible. */ - loader->max_message_unix_fds = 1024; + loader->max_message_unix_fds = DBUS_DEFAULT_MESSAGE_UNIX_FDS; if (!_dbus_string_init (&loader->data)) { Index: dbus-1.6.18/dbus/dbus-sysdeps.h =================================================================== --- dbus-1.6.18.orig/dbus/dbus-sysdeps.h 2014-09-17 10:13:48.802199808 -0400 +++ dbus-1.6.18/dbus/dbus-sysdeps.h 2014-09-17 10:14:04.102199894 -0400 @@ -537,6 +537,14 @@ const char * _dbus_replace_install_prefix (const char *configure_time_path); +/* Do not set this too high: it is a denial-of-service risk. + * See + * + * (This needs to be in the non-Unix-specific header so that + * the config-parser can use it.) + */ +#define DBUS_DEFAULT_MESSAGE_UNIX_FDS 16 + /** @} */ DBUS_END_DECLS debian/patches/aa-mediate-eavesdropping.patch0000664000000000000000000001440712254441351016502 0ustar Description: Deny eavesdropping privileges to confined applications Hook into the AddMatch backend to mediate eavesdropping. . Confined applications can be granted permission to eavesdrop using AppArmor's eavesdrop permission. See the D-Bus rules section of the apparmor.d(5) man page for more information. Author: Tyler Hicks Bug-Ubuntu: https://launchpad.net/bugs/1229280 Bug-Ubuntu: https://launchpad.net/bugs/1262440 Index: dbus-1.6.18/bus/apparmor.c =================================================================== --- dbus-1.6.18.orig/bus/apparmor.c 2013-11-22 10:52:01.808672166 -0800 +++ dbus-1.6.18/bus/apparmor.c 2013-11-22 10:54:07.484671555 -0800 @@ -849,3 +849,97 @@ bus_apparmor_allows_send (DBusConnection #endif /* HAVE_APPARMOR */ } +/** + * Check if Apparmor security controls allow the connection to eavesdrop on + * other connections. + * + * @param connection the connection attempting to eavesdrop. + * @returns whether to allow the eavesdropping + */ +dbus_bool_t +bus_apparmor_allows_eavesdropping (DBusConnection *connection, + const char *bustype, + DBusError *error) +{ +#ifdef HAVE_APPARMOR + BusAppArmorConfinement *con = NULL; + DBusString auxdata; + dbus_bool_t allow = FALSE, audit = TRUE; + dbus_bool_t string_alloced = FALSE; + unsigned long pid; + int res, serrno = 0; + char *qstr = NULL; + ssize_t qsize; + + if (!apparmor_enabled) + return TRUE; + + con = bus_connection_get_apparmor_confinement (connection); + + if (is_unconfined(con->context, con->mode)) + { + allow = TRUE; + audit = FALSE; + goto out; + } + + qsize = build_query(&qstr, con->context, bustype); + if (qsize == -1) + goto oom; + + res = aa_query_label(AA_DBUS_EAVESDROP, qstr, qsize, &allow, &audit); + free(qstr); + if (res == -1) + { + serrno = errno; + goto audit; + } + + /* Don't fail operations on profiles in complain mode */ + if (modestr_to_complain(con->mode)) + allow = TRUE; + + if (!audit) + goto out; + + audit: + if (!_dbus_string_init (&auxdata)) + goto oom; + string_alloced = TRUE; + + if (bustype && !_dbus_append_pair_str(&auxdata, "bus", bustype ? bustype : "unknown")) + goto oom; + + if (serrno && !_dbus_append_pair_str(&auxdata, "info", strerror(serrno))) + goto oom; + + if (!_dbus_append_pair_str(&auxdata, "mask", "eavesdrop")) + goto oom; + + if (connection && dbus_connection_get_unix_process_id (connection, &pid) && + !_dbus_append_pair_uint(&auxdata, "pid", pid)) + goto oom; + + if (con->context && !_dbus_append_pair_str(&auxdata, "profile", con->context)) + goto oom; + + log_message(allow, "eavesdrop", &auxdata); + + out: + if (con != NULL) + bus_apparmor_confinement_unref (con); + if (string_alloced) + _dbus_string_free (&auxdata); + + return allow; + + oom: + BUS_SET_OOM (error); + allow = FALSE; + goto out; + +#else + return TRUE; +#endif /* HAVE_APPARMOR */ +} + Index: dbus-1.6.18/bus/apparmor.h =================================================================== --- dbus-1.6.18.orig/bus/apparmor.h 2013-11-22 10:52:01.808672166 -0800 +++ dbus-1.6.18/bus/apparmor.h 2013-11-22 10:54:07.484671555 -0800 @@ -61,5 +61,10 @@ bus_apparmor_allows_send (DBusConnection const char *source, DBusError *error); +dbus_bool_t +bus_apparmor_allows_eavesdropping (DBusConnection *connection, + const char *bustype, + DBusError *error); + #endif /* BUS_APPARMOR_H */ Index: dbus-1.6.18/bus/signals.c =================================================================== --- dbus-1.6.18.orig/bus/signals.c 2013-11-22 10:52:01.808672166 -0800 +++ dbus-1.6.18/bus/signals.c 2013-11-22 10:55:19.232671206 -0800 @@ -379,6 +379,15 @@ bus_match_rule_set_client_is_eavesdroppi } dbus_bool_t +bus_match_rule_get_client_is_eavesdropping (BusMatchRule *rule) +{ + if (rule->flags & BUS_MATCH_CLIENT_IS_EAVESDROPPING) + return TRUE; + else + return FALSE; +} + +dbus_bool_t bus_match_rule_set_path (BusMatchRule *rule, const char *path, dbus_bool_t is_namespace) Index: dbus-1.6.18/bus/driver.c =================================================================== --- dbus-1.6.18.orig/bus/driver.c 2013-11-22 10:53:41.000000000 -0800 +++ dbus-1.6.18/bus/driver.c 2013-11-22 10:54:07.484671555 -0800 @@ -957,6 +957,7 @@ bus_driver_handle_add_match (DBusConnect const char *text; DBusString str; BusMatchmaker *matchmaker; + BusContext *context; _DBUS_ASSERT_ERROR_IS_CLEAR (error); @@ -989,6 +990,20 @@ bus_driver_handle_add_match (DBusConnect if (rule == NULL) goto failed; + context = bus_transaction_get_context (transaction); + if (bus_match_rule_get_client_is_eavesdropping (rule) && + !bus_apparmor_allows_eavesdropping (connection, + context ? bus_context_get_type (context) : NULL, + error)) + { + dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, + "Connection \"%s\" is not allowed to eavesdrop due to " + "AppArmor policy", + bus_connection_is_active (connection) ? + bus_connection_get_name (connection) : "(inactive)"); + goto failed; + } + matchmaker = bus_connection_get_matchmaker (connection); if (!bus_matchmaker_add_rule (matchmaker, rule)) Index: dbus-1.6.18/bus/signals.h =================================================================== --- dbus-1.6.18.orig/bus/signals.h 2013-11-22 10:53:41.000000000 -0800 +++ dbus-1.6.18/bus/signals.h 2013-11-22 10:54:07.484671555 -0800 @@ -73,6 +73,8 @@ dbus_bool_t bus_match_rule_set_arg void bus_match_rule_set_client_is_eavesdropping (BusMatchRule *rule, dbus_bool_t is_eavesdropping); +dbus_bool_t bus_match_rule_get_client_is_eavesdropping (BusMatchRule *rule); + BusMatchRule* bus_match_rule_parse (DBusConnection *matches_go_to, const DBusString *rule_text, DBusError *error); debian/patches/format_string.patch0000664000000000000000000000372012777426644014543 0ustar From 67a0d647e88a35f47f46c4f87d74e215eeb1b203 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Fri, 7 Oct 2016 19:13:01 +0100 Subject: dbus_activation_systemd_failure: do not use non-literal format string In principle this could lead to arbitrary memory overwrite via a format string attack in the message received from systemd, resulting in arbitrary code execution. This is not believed to be an exploitable security vulnerability on the system bus in practice: it can only be exploited by the owner of the org.freedesktop.systemd1 bus name, which is restricted to uid 0, so if systemd is attacker-controlled then the system is already doomed. Similarly, if a systemd system unit mentioned in the activation failure message has an attacker-controlled name, then the attacker likely already has sufficient access to execute arbitrary code as root in any case. However, prior to dbus 1.8.16 and 1.9.10, due to a missing check for systemd's identity, unprivileged processes could forge activation failure messages which would have gone through this code path. We thought at the time that this was a denial of service vulnerability (CVE-2015-0245); this bug means that it was in fact potentially an arbitrary code execution vulnerability. Bug found using -Wsuggest-attribute=format and -Wformat-security. Signed-off-by: Simon McVittie Reviewed-by: Colin Walters Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98157 diff --git a/bus/activation.c b/bus/activation.c index b636868..e1b6345 100644 --- a/bus/activation.c +++ b/bus/activation.c @@ -2242,7 +2242,7 @@ dbus_activation_systemd_failure (BusActivation *activation, DBUS_TYPE_STRING, &code, DBUS_TYPE_STRING, &str, DBUS_TYPE_INVALID)) - dbus_set_error(&error, code, str); + dbus_set_error (&error, code, "%s", str); if (unit) -- cgit v0.10.2 debian/patches/CVE-2014-3477.patch0000664000000000000000000001421512355246760013260 0ustar From cab1c56bb9d70469128d2ae1c40539c0d3b30f13 Mon Sep 17 00:00:00 2001 From: Alban Crequy Date: Tue, 20 May 2014 13:37:37 +0000 Subject: CVE-2014-3477: deliver activation errors correctly, fixing Denial of Service How it should work: When a D-Bus message activates a service, LSMs (SELinux or AppArmor) check whether the message can be delivered after the service has been activated. The service is considered activated when its well-known name is requested with org.freedesktop.DBus.RequestName. When the message delivery is denied, the service stays activated but should not receive the activating message (the message which triggered the activation). dbus-daemon is supposed to drop the activating message and reply to the sender with a D-Bus error message. However, it does not work as expected: 1. The error message is delivered to the service instead of being delivered to the sender. As an example, the error message could be something like: An SELinux policy prevents this sender from sending this message to this recipient, [...] member="MaliciousMethod" If the sender and the service are malicious confederates and agree on a protocol to insert information in the member name, the sender can leak information to the service, even though the LSM attempted to block the communication between the sender and the service. 2. The error message is delivered as a reply to the RequestName call from service. It means the activated service will believe it cannot request the name and might exit. The sender could activate the service frequently and systemd will give up activating it. Thus the denial of service. The following changes fix the bug: - bus_activation_send_pending_auto_activation_messages() only returns an error in case of OOM. The prototype is changed to return TRUE, or FALSE on OOM (and its only caller sets the OOM error). - When a client is not allowed to talk to the service, a D-Bus error message is pre-allocated to be delivered to the client as part of the transaction. The error is not propagated to the caller so RequestName will not fail (except on OOM). [fixed a misleading comment -smcv] Bug: https://bugs.freedesktop.org/show_bug.cgi?id=78979 Reviewed-by: Simon McVittie Reviewed-by: Colin Walters --- Index: dbus-1.6.18/bus/activation.c =================================================================== --- dbus-1.6.18.orig/bus/activation.c 2014-07-03 08:28:01.617558968 -0400 +++ dbus-1.6.18/bus/activation.c 2014-07-03 08:28:01.613558968 -0400 @@ -1162,14 +1162,11 @@ dbus_bool_t bus_activation_send_pending_auto_activation_messages (BusActivation *activation, BusService *service, - BusTransaction *transaction, - DBusError *error) + BusTransaction *transaction) { BusPendingActivation *pending_activation; DBusList *link; - _DBUS_ASSERT_ERROR_IS_CLEAR (error); - /* Check if it's a pending activation */ pending_activation = _dbus_hash_table_lookup_string (activation->pending_activations, bus_service_get_name (service)); @@ -1186,6 +1183,9 @@ if (entry->auto_activation && (entry->connection == NULL || dbus_connection_get_is_connected (entry->connection))) { DBusConnection *addressed_recipient; + DBusError error; + + dbus_error_init (&error); addressed_recipient = bus_service_get_primary_owners_connection (service); @@ -1193,8 +1193,22 @@ if (!bus_dispatch_matches (transaction, entry->connection, addressed_recipient, - entry->activation_message, error)) - goto error; + entry->activation_message, &error)) + { + /* If permission is denied, we just want to return the error + * to the original method invoker; in particular, we don't + * want to make the RequestName call fail with that error + * (see fd.o #78979, CVE-2014-3477). */ + if (!bus_transaction_send_error_reply (transaction, entry->connection, + &error, entry->activation_message)) + { + bus_connection_send_oom_error (entry->connection, + entry->activation_message); + } + + link = next; + continue; + } } link = next; @@ -1203,7 +1217,6 @@ if (!add_restore_pending_to_transaction (transaction, pending_activation)) { _dbus_verbose ("Could not add cancel hook to transaction to revert removing pending activation\n"); - BUS_SET_OOM (error); goto error; } Index: dbus-1.6.18/bus/activation.h =================================================================== --- dbus-1.6.18.orig/bus/activation.h 2014-07-03 08:28:01.617558968 -0400 +++ dbus-1.6.18/bus/activation.h 2014-07-03 08:28:01.613558968 -0400 @@ -62,8 +62,7 @@ dbus_bool_t bus_activation_send_pending_auto_activation_messages (BusActivation *activation, BusService *service, - BusTransaction *transaction, - DBusError *error); + BusTransaction *transaction); #endif /* BUS_ACTIVATION_H */ Index: dbus-1.6.18/bus/services.c =================================================================== --- dbus-1.6.18.orig/bus/services.c 2014-07-03 08:28:01.617558968 -0400 +++ dbus-1.6.18/bus/services.c 2014-07-03 08:28:01.613558968 -0400 @@ -611,8 +611,9 @@ activation = bus_context_get_activation (registry->context); retval = bus_activation_send_pending_auto_activation_messages (activation, service, - transaction, - error); + transaction); + if (!retval) + BUS_SET_OOM (error); out: return retval; debian/patches/01_no-fatal-warnings.patch0000664000000000000000000000142712240207265015473 0ustar From: Sebastian Dröge Subject: Don't abort on fatal warnings by default Date: 2006-11-14 15:35:00 +0100 This behaviour can be controlled by the DBUS_FATAL_WARNINGS enviroment variable. This will be set to upstream default again at some point so if you have an application that prints a DBus warning get it fixed. Origin: vendor, Debian Forwarded: no Index: b/dbus/dbus-internals.c =================================================================== --- a/dbus/dbus-internals.c +++ b/dbus/dbus-internals.c @@ -200,7 +200,7 @@ static dbus_bool_t warn_initted = FALSE; static dbus_bool_t fatal_warnings = FALSE; -static dbus_bool_t fatal_warnings_on_check_failed = TRUE; +static dbus_bool_t fatal_warnings_on_check_failed = FALSE; static void init_warnings(void) debian/patches/aa-mediation.patch0000664000000000000000000012642212240207265014177 0ustar Description: Add support for AppArmor mediation of D-Bus AppArmor D-Bus rules are contained in the centralized, system AppArmor policy. See the apparmor.d(5) man page for details. . AppArmor performs mediation of messages and when applications attempt to bind to a well-known connection name. Unconfined applications can generally do as they please. Applications confined by AppArmor will require D-Bus rules in the AppArmor profiles to use D-Bus. To grant all permissions, simply add the following rule to the AppArmor profile: dbus, The apparmor.d(5) man page describes, in detail, the syntax for tightly confining D-Bus communications. Author: John Johansen Author: Tyler Hicks Index: dbus-1.6.12/bus/Makefile.am =================================================================== --- dbus-1.6.12.orig/bus/Makefile.am 2013-10-10 09:52:39.000000000 -0700 +++ dbus-1.6.12/bus/Makefile.am 2013-10-10 09:52:39.000000000 -0700 @@ -68,6 +68,8 @@ BUS_SOURCES= \ activation.c \ activation.h \ activation-exit-codes.h \ + apparmor.h \ + apparmor.c \ bus.c \ bus.h \ config-parser.c \ Index: dbus-1.6.12/bus/apparmor.c =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ dbus-1.6.12/bus/apparmor.c 2013-10-10 10:39:51.177375349 -0700 @@ -0,0 +1,837 @@ +/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- + * apparmor.c AppArmor security checks for D-Bus + * + * Authors: John Johansen + * Tyler Hicks + * Based on: selinux.c by Matthew Rickard + * + * Licensed under the Academic Free License version 2.1 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + * + */ + +#include +#include +#include + +#include "policy.h" +#include "services.h" +#include "utils.h" + + +#ifdef HAVE_APPARMOR + +#ifdef HAVE_ERRNO_H +#include +#endif /* HAVE_ERRNO_H */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "apparmor.h" +#endif /* HAVE_APPARMOR */ +#ifdef HAVE_LIBAUDIT +#include +#include +#endif /* HAVE_LIBAUDIT */ + + +#ifdef HAVE_APPARMOR +/* Store the value telling us if AppArmor is enabled in the kernel. */ +static dbus_bool_t apparmor_enabled = FALSE; + +typedef enum { + APPARMOR_DISABLED, + APPARMOR_ENABLED, + APPARMOR_REQUIRED +} AppArmorConfigMode; + +/* Store the value of the AppArmor mediation mode in the bus configuration */ +static AppArmorConfigMode apparmor_config_mode = APPARMOR_ENABLED; + +#ifdef HAVE_LIBAUDIT +static int audit_fd = -1; +#endif + +struct BusAppArmorConfinement +{ + int refcount; /* Reference count */ + + char *context; /* AppArmor confinement context (label) */ + char *mode; /* AppArmor confinement mode */ +}; + +static BusAppArmorConfinement *bus_con = NULL; + +static BusAppArmorConfinement* +bus_apparmor_confinement_new (char *context, char *mode) +{ + BusAppArmorConfinement *confinement; + + confinement = dbus_new0 (BusAppArmorConfinement, 1); + if (confinement != NULL) + { + confinement->refcount = 1; + confinement->context = context; + confinement->mode = mode; + } + + return confinement; +} + +void +bus_apparmor_audit_init(void) +{ +#ifdef HAVE_LIBAUDIT + audit_fd = audit_open (); + + if (audit_fd < 0) + { + /* If kernel doesn't support audit, bail out */ + if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT) + return; + /* If user bus, bail out */ + if (errno == EPERM && getuid() != 0) + return; + _dbus_warn ("Failed opening connection to the audit subsystem"); + } +#endif /* HAVE_LIBAUDIT */ +} + +static dbus_bool_t +modestr_to_complain(const char *mode) +{ + if (mode && strcmp(mode, "complain") == 0) + return TRUE; + return FALSE; +} + +static void +log_message (dbus_bool_t allow, const char *op, DBusString *data) +{ + const char *mstr; + + if (allow) + mstr = "ALLOWED"; + else + mstr = "DENIED"; + +#ifdef HAVE_LIBAUDIT + if (audit_fd >= 0) + { + capng_get_caps_process(); + if (capng_have_capability(CAPNG_EFFECTIVE, CAP_AUDIT_WRITE)) + { + char buf[PATH_MAX*2]; + + /* FIXME: need to change this to show real user */ + snprintf(buf, sizeof(buf), "apparmor=\"%s\" operation=\"dbus_%s\" %s\n", + mstr, op, _dbus_string_get_const_data(data)); + audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL, + NULL, getuid()); + return; + } + } +#endif /* HAVE_LIBAUDIT */ + + syslog (LOG_USER | LOG_INFO, "apparmor=\"%s\" operation=\"dbus_%s\" %s\n", + mstr, op,_dbus_string_get_const_data(data)); +} + +static dbus_bool_t +_dbus_append_pair_uint(DBusString *auxdata, const char *name, + unsigned long value) +{ + if (!_dbus_string_append (auxdata, " ")) + return FALSE; + if (!_dbus_string_append (auxdata, name)) + return FALSE; + if (!_dbus_string_append (auxdata, "=")) + return FALSE; + if (!_dbus_string_append_uint (auxdata, value)) + return FALSE; + + return TRUE; +} + +static dbus_bool_t +_dbus_append_pair_str(DBusString *auxdata, const char *name, const char *value) +{ + if (!_dbus_string_append (auxdata, " ")) + return FALSE; + if (!_dbus_string_append (auxdata, name)) + return FALSE; + if (!_dbus_string_append (auxdata, "=\"")) + return FALSE; + if (!_dbus_string_append (auxdata, value)) + return FALSE; + if (!_dbus_string_append (auxdata, "\"")) + return FALSE; + + return TRUE; +} + +static dbus_bool_t +_dbus_append_mask(DBusString *auxdata, uint32_t mask) +{ + if (mask & AA_DBUS_SEND) + return _dbus_append_pair_str(auxdata, "mask", "send"); + else if (mask & AA_DBUS_RECEIVE) + return _dbus_append_pair_str(auxdata, "mask", "receive"); + else if (mask & AA_DBUS_BIND) + return _dbus_append_pair_str(auxdata, "mask", "bind"); + + return FALSE; +} + +static dbus_bool_t +aa_supports_dbus (void) +{ + char aa_dbus[PATH_MAX + 1]; + char *aa_securityfs; + int mask_file; + + if (aa_find_mountpoint (&aa_securityfs) != 0) + return FALSE; + + snprintf (aa_dbus, sizeof(aa_dbus), "%s/features/dbus/mask", aa_securityfs); + free(aa_securityfs); + + mask_file = open (aa_dbus, O_RDONLY | O_CLOEXEC); + if (mask_file == -1) + return FALSE; + + close (mask_file); + return TRUE; +} +#endif /* HAVE_APPARMOR */ + +/** + * Do early initialization; determine whether AppArmor is enabled. + */ +dbus_bool_t +bus_apparmor_pre_init (void) +{ +#ifdef HAVE_APPARMOR + apparmor_enabled = (aa_is_enabled () && aa_supports_dbus ()) ? TRUE : FALSE; +#endif + + return TRUE; +} + +dbus_bool_t +bus_apparmor_set_mode_from_config (const char *mode, DBusError *error) +{ +#ifdef HAVE_APPARMOR + if (mode != NULL) + { + if (strcmp (mode, "disabled") == 0) + apparmor_config_mode = APPARMOR_DISABLED; + else if (strcmp (mode, "enabled") == 0) + apparmor_config_mode = APPARMOR_ENABLED; + else if (strcmp (mode, "required") == 0) + apparmor_config_mode = APPARMOR_REQUIRED; + else + { + dbus_set_error (error, DBUS_ERROR_FAILED, + "Mode attribute on must have value " + "\"required\", \"enabled\" or \"disabled\", " + "not \"%s\"", mode); + return FALSE; + } + } + + return TRUE; +#else + if (mode != NULL && strcmp (mode, "required") == 0) + { + dbus_set_error (error, DBUS_ERROR_FAILED, + "Mode attribute \"required\" on is not valid " + "when D-Bus is built without AppArmor support"); + return FALSE; + } + + return TRUE; +#endif +} + +/** + * Initialize user space + */ +dbus_bool_t +bus_apparmor_full_init (void) +{ +#ifdef HAVE_APPARMOR + char *context, *mode; + + if (apparmor_enabled) + { + if (apparmor_config_mode == APPARMOR_DISABLED) + { + apparmor_enabled = FALSE; + return TRUE; + } + + if (bus_con == NULL) + { + if (aa_getcon (&context, &mode) == -1) + { + _dbus_warn ("Error getting AppArmor context of bus: %s\n", + _dbus_strerror (errno)); + return FALSE; + } + + bus_con = bus_apparmor_confinement_new (context, mode); + if (bus_con == NULL) + { + _dbus_warn ("Error allocating bus AppArmor confinement\n"); + free (context); + return FALSE; + } + } + } + else + { + if (apparmor_config_mode == APPARMOR_REQUIRED) + { + _dbus_warn ("AppArmor mediation required but not present\n"); + return FALSE; + } + else if (apparmor_config_mode == APPARMOR_ENABLED) + { + return TRUE; + } + } +#endif + + return TRUE; +} + +void +bus_apparmor_shutdown (void) +{ +#ifdef HAVE_APPARMOR + if (!apparmor_enabled) + return; + + _dbus_verbose ("AppArmor shutdown\n"); + + bus_apparmor_confinement_unref (bus_con); + bus_con = NULL; + +#ifdef HAVE_LIBAUDIT + audit_close (audit_fd); +#endif /* HAVE_LIBAUDIT */ + +#endif /* HAVE_APPARMOR */ +} + +dbus_bool_t +bus_apparmor_enabled (void) +{ +#ifdef HAVE_APPARMOR + return apparmor_enabled; +#endif + return FALSE; +} + +#ifdef HAVE_APPARMOR +static dbus_bool_t +is_unconfined(const char *con, const char *mode) +{ + /* treat con == NULL as confined as it is going to result in a denial */ + if ((!mode && con && strcmp(con, "unconfined") == 0) || + strcmp(mode, "unconfined") == 0) + { + return TRUE; + } + + return FALSE; +} + +static ssize_t (build_query)(char **qstr, const char *con, int count, ...) +{ + va_list ap; + int size, con_size, i; + char *buffer, *to; + + con_size = strlen(con); + size = con_size + 1; + va_start(ap, count); + for (i = 0; i < count; i++) + { + char *s = va_arg(ap, char *); + if (s) + size += strlen(s); + } + va_end(ap); + + buffer = malloc(size + count + 1 + AA_QUERY_CMD_LABEL_SIZE); + if (!buffer) + return -1; + + to = buffer + AA_QUERY_CMD_LABEL_SIZE; + strcpy(to, con); + to += con_size; + *(to)++ = '\0'; + *(to)++ = AA_CLASS_DBUS; + + va_start(ap, count); + for (i = 0; i < count; to++, i++) + { + char *arg = va_arg(ap, char *); + if (!arg) + arg = ""; + to = stpcpy(to, arg); + } + va_end(ap); + *qstr = buffer; + + /* don't include trailing \0 in size */ + return size + count + AA_QUERY_CMD_LABEL_SIZE; +} +#endif /* HAVE_APPARMOR */ + +#define build_query(T, C, X...) \ + (build_query)(T, C, __macroarg_counter(X), X) + +void +bus_apparmor_confinement_unref (BusAppArmorConfinement *confinement) +{ +#ifdef HAVE_APPARMOR + if (!apparmor_enabled) + return; + + _dbus_assert (confinement != NULL); + _dbus_assert (confinement->refcount > 0); + + confinement->refcount -= 1; + + if (confinement->refcount == 0) + { + /** + * Do not free confinement->mode, as libapparmor does a single malloc for + * both confinement->context and confinement->mode. + */ + free (confinement->context); + dbus_free (confinement); + } +#endif /* HAVE_APPARMOR */ +} + +void +bus_apparmor_confinement_ref (BusAppArmorConfinement *confinement) +{ +#ifdef HAVE_APPARMOR + if (!apparmor_enabled) + return; + + _dbus_assert (confinement != NULL); + _dbus_assert (confinement->refcount > 0); + + confinement->refcount += 1; +#endif /* HAVE_APPARMOR */ +} + +BusAppArmorConfinement* +bus_apparmor_init_connection_confinement (DBusConnection *connection, + DBusError *error) +{ +#ifdef HAVE_APPARMOR + BusAppArmorConfinement *confinement; + char *context, *mode; + int fd; + + if (!apparmor_enabled) + return NULL; + + _dbus_assert (connection != NULL); + + if (!dbus_connection_get_socket (connection, &fd)) + { + dbus_set_error (error, DBUS_ERROR_FAILED, + "Failed to get socket file descriptor of connection\n"); + return NULL; + } + + if (aa_getpeercon (fd, &context, &mode) == -1) + { + if (errno == ENOMEM) + BUS_SET_OOM (error); + else + dbus_set_error (error, DBUS_ERROR_FAILED, + "Failed to get AppArmor confinement information of socket peer: %s\n", + _dbus_strerror (errno)); + return NULL; + } + + confinement = bus_apparmor_confinement_new (context, mode); + if (confinement == NULL) + { + BUS_SET_OOM (error); + free (context); + return NULL; + } + + return confinement; +#else + return NULL; +#endif /* HAVE_APPARMOR */ +} + +/** + * Returns true if the given connection can acquire a service, + * using the tasks security context + * + * @param connection connection that wants to own the service + * @param service_sid the SID of the service from the table + * @returns #TRUE if acquire is permitted. + */ +dbus_bool_t +bus_apparmor_allows_acquire_service (DBusConnection *connection, + BusSELinuxID *service_sid, + const char *bustype, + const char *service_name, + DBusError *error) +{ + +#ifdef HAVE_APPARMOR + BusAppArmorConfinement *con = NULL; + DBusString auxdata; + dbus_bool_t string_alloced = FALSE; + dbus_bool_t allow = FALSE, audit = TRUE; + unsigned long pid; + int res, serrno = 0; + char *qstr = NULL; + ssize_t qsize; + + if (!apparmor_enabled) + return TRUE; + + _dbus_assert (connection != NULL); + + con = bus_connection_get_apparmor_confinement (connection); + + if (is_unconfined(con->context, con->mode)) + { + allow = TRUE; + audit = FALSE; + goto out; + } + + qsize = build_query(&qstr, con->context, bustype, service_name); + if (qsize == -1) + goto oom; + + res = aa_query_label(AA_DBUS_BIND, qstr, qsize, &allow, &audit); + free(qstr); + if (res == -1) + { + serrno = errno; + goto audit; + } + + /* Don't fail operations on profiles in complain mode */ + if (modestr_to_complain(con->mode)) + allow = TRUE; + + if (!audit) + goto out; + + audit: + if (!_dbus_string_init (&auxdata)) + goto oom; + string_alloced = TRUE; + + if (bustype && !_dbus_append_pair_str(&auxdata, "bus", bustype ? bustype : "unknown")) + goto oom; + + if (!_dbus_append_pair_str(&auxdata, "name", service_name)) + goto oom; + + if (serrno && !_dbus_append_pair_str(&auxdata, "info", strerror(serrno))) + goto oom; + + if (!_dbus_append_mask(&auxdata, AA_DBUS_BIND)) + goto oom; + + if (connection && dbus_connection_get_unix_process_id (connection, &pid) && + !_dbus_append_pair_uint(&auxdata, "pid", pid)) + goto oom; + + if (con->context && !_dbus_append_pair_str(&auxdata, "profile", con->context)) + goto oom; + + log_message(allow, "bind", &auxdata); + + out: + if (con != NULL) + bus_apparmor_confinement_unref (con); + if (string_alloced) + _dbus_string_free (&auxdata); + return allow; + + oom: + BUS_SET_OOM (error); + allow = FALSE; + goto out; + +#else + return TRUE; +#endif /* HAVE_APPARMOR */ +} + +#include +/** + * Check if Apparmor security controls allow the message to be sent to a + * particular connection based on the security context of the sender and + * that of the receiver. The destination connection need not be the + * addressed recipient, it could be an "eavesdropper" + * + * @param sender the sender of the message. + * @param proposed_recipient the connection the message is to be sent to. + * @returns whether to allow the send + */ +dbus_bool_t +bus_apparmor_allows_send (DBusConnection *sender, + DBusConnection *proposed_recipient, + const char *bustype, + const char *msgtype, + const char *path, + const char *interface, + const char *method, + const char *error_name, + const char *destination, + const char *source, + DBusError *error) +{ +#ifdef HAVE_APPARMOR + BusAppArmorConfinement *scon = NULL, *tcon = NULL; + DBusString auxdata; + dbus_bool_t sallow = FALSE, tallow = FALSE, saudit = TRUE, taudit = TRUE; + dbus_bool_t string_alloced = FALSE; + unsigned long pid; + int len, res, serrno = 0, terrno = 0; + char *qstr = NULL; + ssize_t qsize; + uint32_t sperm = AA_DBUS_SEND, tperm = AA_DBUS_RECEIVE; + + if (!apparmor_enabled) + return TRUE; + + _dbus_assert (sender != NULL); + + scon = bus_connection_get_apparmor_confinement (sender); + + if (proposed_recipient) + tcon = bus_connection_get_apparmor_confinement (proposed_recipient); + else + { + tcon = bus_con; + bus_apparmor_confinement_ref (tcon); + } + + /* map reply messages: "error" and "method_return" to initial send and + * receive. That is permission to receive a message from X grants + * permission to reply to X. And permission to send a message to Y + * grants permission to receive a reply from Y + */ + if (strcmp(msgtype, "error") == 0 || strcmp(msgtype, "method_return") == 0) + { + /* ignore reply messages and let dbus reply mapping handle them + * as the send was already allowed + */ + sallow = TRUE; + tallow = TRUE; + goto out; + } + + /* do we want to include the msgtype in the encoding ??? what of tpid + * so we can do conditional object owner perms + */ + if (is_unconfined(scon->context, scon->mode)) + { + sallow = TRUE; + saudit = FALSE; + } + else + { + qsize = build_query (&qstr, scon->context, bustype, destination, + tcon->context, path, interface, method); + if (qsize == -1) + goto oom; + + res = aa_query_label (sperm, qstr, qsize, &sallow, &saudit); + free(qstr); + if (res == -1) + { + serrno = errno; + goto audit; + } + } + + if (is_unconfined(tcon->context, tcon->mode)) + { + tallow = TRUE; + taudit = FALSE; + } + else + { + qsize = build_query (&qstr, tcon->context, bustype, source, + scon->context, path, interface, method); + if (qsize == -1) + goto oom; + + res = aa_query_label (tperm, qstr, qsize, &tallow, &taudit); + free(qstr); + if (res == -1) + { + terrno = errno; + goto audit; + } + } + + /* Don't fail operations on profiles in complain mode */ + if (modestr_to_complain(scon->mode)) + sallow = TRUE; + if (modestr_to_complain(tcon->mode)) + tallow = TRUE; + + if (!saudit && !taudit) + goto out; + + audit: + if (!_dbus_string_init (&auxdata)) + goto oom; + string_alloced = TRUE; + + if (bustype && !_dbus_append_pair_str(&auxdata, "bus", bustype ? bustype : "unknown")) + goto oom; + + if (path && !_dbus_append_pair_str(&auxdata, "path", path)) + goto oom; + + if (interface && !_dbus_append_pair_str(&auxdata, "interface", interface)) + goto oom; + + if (method && !_dbus_append_pair_str(&auxdata, "member", method)) + goto oom; + + if (error_name && !_dbus_append_pair_str(&auxdata, "error_name", error_name)) + goto oom; + + len = _dbus_string_get_length(&auxdata); + + if (saudit) + { + if (!_dbus_append_mask(&auxdata, sperm)) + goto oom; + + if (destination && !_dbus_append_pair_str(&auxdata, "name", destination)) + goto oom; + + if (sender && dbus_connection_get_unix_process_id (sender, &pid) && + !_dbus_append_pair_uint(&auxdata, "pid", pid)) + goto oom; + + if (scon->context && + !_dbus_append_pair_str(&auxdata, "profile", scon->context)) + goto oom; + + if (proposed_recipient && + dbus_connection_get_unix_process_id (proposed_recipient, &pid) && + !_dbus_append_pair_uint(&auxdata, "peer_pid", pid)) + goto oom; + + if (tcon->context && + !_dbus_append_pair_str(&auxdata, "peer_profile", tcon->context)) + goto oom; + + if (serrno && !_dbus_append_pair_str(&auxdata, "info", strerror(serrno))) + goto oom; + + if (terrno && + !_dbus_append_pair_str(&auxdata, "peer_info", strerror(terrno))) + goto oom; + + log_message(sallow, msgtype, &auxdata); + } + if (taudit) + { + _dbus_string_set_length(&auxdata, len); + + if (source && !_dbus_append_pair_str(&auxdata, "name", source)) + goto oom; + + if (!_dbus_append_mask(&auxdata, tperm)) + goto oom; + + if (proposed_recipient && + dbus_connection_get_unix_process_id (proposed_recipient, &pid) && + !_dbus_append_pair_uint(&auxdata, "pid", pid)) + goto oom; + + if (tcon->context && + !_dbus_append_pair_str(&auxdata, "profile", tcon->context)) + goto oom; + + if (sender && dbus_connection_get_unix_process_id (sender, &pid) && + !_dbus_append_pair_uint(&auxdata, "peer_pid", pid)) + goto oom; + + if (scon->context && + !_dbus_append_pair_str(&auxdata, "peer_profile", scon->context)) + goto oom; + + if (terrno && !_dbus_append_pair_str(&auxdata, "info", strerror(terrno))) + goto oom; + + if (serrno && + !_dbus_append_pair_str(&auxdata, "peer_info", strerror(serrno))) + goto oom; + + log_message(tallow, msgtype, &auxdata); + } + + out: + if (scon != NULL) + bus_apparmor_confinement_unref (scon); + if (tcon != NULL) + bus_apparmor_confinement_unref (tcon); + if (string_alloced) + _dbus_string_free (&auxdata); + + return sallow && tallow; + + oom: + BUS_SET_OOM (error); + sallow = FALSE; + tallow = FALSE; + goto out; + +#else + return TRUE; +#endif /* HAVE_APPARMOR */ +} + Index: dbus-1.6.12/bus/apparmor.h =================================================================== --- /dev/null 1970-01-01 00:00:00.000000000 +0000 +++ dbus-1.6.12/bus/apparmor.h 2013-10-10 10:38:55.000000000 -0700 @@ -0,0 +1,63 @@ +/* -*- mode: C; c-file-style: "gnu"; indent-tabs-mode: nil; -*- + * apparmor.c AppArmor security checks for D-Bus + * + * Authors: John Johansen + * Tyler Hicks + * Based on: selinux.c by Matthew Rickard + * + * Licensed under the Academic Free License version 2.1 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + * + */ + +#ifndef BUS_APPARMOR_H +#define BUS_APPARMOR_H + +void bus_apparmor_audit_init(void); +dbus_bool_t bus_apparmor_pre_init (void); +dbus_bool_t bus_apparmor_set_mode_from_config (const char *mode, + DBusError *error); +dbus_bool_t bus_apparmor_full_init (void); +void bus_apparmor_shutdown (void); +dbus_bool_t bus_apparmor_enabled (void); + +void bus_apparmor_confinement_unref (BusAppArmorConfinement *confinement); +void bus_apparmor_confinement_ref (BusAppArmorConfinement *confinement); +BusAppArmorConfinement* +bus_apparmor_init_connection_confinement (DBusConnection *connection, + DBusError *error); + +dbus_bool_t +bus_apparmor_allows_acquire_service (DBusConnection *connection, + BusSELinuxID *service_sid, + const char *bustype, + const char *service_name, + DBusError *error); +dbus_bool_t +bus_apparmor_allows_send (DBusConnection *sender, + DBusConnection *proposed_recipient, + const char *msgtype, + const char *bustype, + const char *path, + const char *interface, + const char *member, + const char *error_name, + const char *destination, + const char *source, + DBusError *error); + + +#endif /* BUS_APPARMOR_H */ Index: dbus-1.6.12/bus/bus.c =================================================================== --- dbus-1.6.12.orig/bus/bus.c 2012-06-06 03:45:55.000000000 -0700 +++ dbus-1.6.12/bus/bus.c 2013-10-10 09:52:39.000000000 -0700 @@ -34,6 +34,7 @@ #include "config-parser.h" #include "signals.h" #include "selinux.h" +#include "apparmor.h" #include "dir-watch.h" #include #include @@ -897,6 +898,21 @@ bus_context_new (const DBusString *confi bus_context_log (context, DBUS_SYSTEM_LOG_FATAL, "SELinux enabled but AVC initialization failed; check system log\n"); } + if (!bus_apparmor_full_init ()) + { + dbus_set_error (error, DBUS_ERROR_FAILED, + "AppArmor enabled but full initialization failed; check system log\n"); + goto failed; + } + + if (bus_apparmor_enabled ()) + { + /* Only print AppArmor mediation message when syslog support is enabled */ + if (context->syslog) + bus_context_log (context, DBUS_SYSTEM_LOG_INFO, + "AppArmor D-Bus mediation is enabled\n"); + } + if (!process_config_postinit (context, parser, error)) { _DBUS_ASSERT_ERROR_IS_SET (error); @@ -924,6 +940,9 @@ bus_context_new (const DBusString *confi /* FIXME - why not just put this in full_init() below? */ bus_selinux_audit_init (); #endif +#ifdef HAVE_APPARMOR + bus_apparmor_audit_init (); +#endif } dbus_server_free_data_slot (&server_data_slot); @@ -1407,7 +1426,7 @@ bus_context_check_security_policy (BusCo DBusMessage *message, DBusError *error) { - const char *dest; + const char *src, *dest; BusClientPolicy *sender_policy; BusClientPolicy *recipient_policy; dbus_int32_t toggles; @@ -1416,6 +1435,7 @@ bus_context_check_security_policy (BusCo dbus_bool_t requested_reply; type = dbus_message_get_type (message); + src = dbus_message_get_sender (message); dest = dbus_message_get_destination (message); /* dispatch.c was supposed to ensure these invariants */ @@ -1470,6 +1490,32 @@ bus_context_check_security_policy (BusCo } return FALSE; + } + /* next verify AppArmor access controls. If allowed then + * go on with the standard checks. + */ + if (!bus_apparmor_allows_send (sender, proposed_recipient, + bus_context_get_type(context), + dbus_message_type_to_string (dbus_message_get_type (message)), + dbus_message_get_path (message), + dbus_message_get_interface (message), + dbus_message_get_member (message), + dbus_message_get_error_name (message), + dest ? dest : DBUS_SERVICE_DBUS, + src ? src : DBUS_SERVICE_DBUS, + error)) + { + if (error != NULL && !dbus_error_is_set (error)) + { + /* apparmor should have written to audit log or syslog */ + complain_about_message (context, DBUS_ERROR_ACCESS_DENIED, + "An AppArmor policy prevents this sender from sending this " + "message to this recipient", + 0, message, sender, proposed_recipient, FALSE, FALSE, error); + _dbus_verbose ("AppArmor security check denying send to service\n"); + } + + return FALSE; } if (bus_connection_is_active (sender)) Index: dbus-1.6.12/bus/main.c =================================================================== --- dbus-1.6.12.orig/bus/main.c 2013-06-05 09:40:34.000000000 -0700 +++ dbus-1.6.12/bus/main.c 2013-10-10 09:52:39.000000000 -0700 @@ -39,6 +39,7 @@ #include /* for write() and STDERR_FILENO */ #endif #include "selinux.h" +#include "apparmor.h" static BusContext *context; @@ -602,6 +603,12 @@ main (int argc, char **argv) exit (1); } + if (!bus_apparmor_pre_init ()) + { + _dbus_warn ("AppArmor pre-initialization failed\n"); + exit (1); + } + dbus_error_init (&error); context = bus_context_new (&config_file, flags, &print_addr_pipe, &print_pid_pipe, @@ -642,6 +649,7 @@ main (int argc, char **argv) bus_context_shutdown (context); bus_context_unref (context); bus_selinux_shutdown (); + bus_apparmor_shutdown (); return 0; } Index: dbus-1.6.12/bus/services.c =================================================================== --- dbus-1.6.12.orig/bus/services.c 2012-08-13 11:08:25.000000000 -0700 +++ dbus-1.6.12/bus/services.c 2013-10-10 09:52:39.000000000 -0700 @@ -36,6 +36,7 @@ #include "policy.h" #include "bus.h" #include "selinux.h" +#include "apparmor.h" struct BusService { @@ -455,6 +456,28 @@ bus_registry_acquire_service (BusRegistr bus_connection_is_active (connection) ? bus_connection_get_name (connection) : "(inactive)", + _dbus_string_get_const_data (service_name)); + goto out; + } + + if (!bus_apparmor_allows_acquire_service (connection, sid, + (registry->context ? + bus_context_get_type(registry->context) : NULL), + _dbus_string_get_const_data (service_name), error)) + { + + if (dbus_error_is_set (error) && + dbus_error_has_name (error, DBUS_ERROR_NO_MEMORY)) + { + goto out; + } + + dbus_set_error (error, DBUS_ERROR_ACCESS_DENIED, + "Connection \"%s\" is not allowed to own the service \"%s\" due " + "to AppArmor policy", + bus_connection_is_active (connection) ? + bus_connection_get_name (connection) : + "(inactive)", _dbus_string_get_const_data (service_name)); goto out; } Index: dbus-1.6.12/bus/connection.c =================================================================== --- dbus-1.6.12.orig/bus/connection.c 2012-08-13 11:08:25.000000000 -0700 +++ dbus-1.6.12/bus/connection.c 2013-10-10 09:52:39.000000000 -0700 @@ -30,6 +30,7 @@ #include "signals.h" #include "expirelist.h" #include "selinux.h" +#include "apparmor.h" #include #include #include @@ -93,6 +94,7 @@ typedef struct char *cached_loginfo_string; BusSELinuxID *selinux_id; + BusAppArmorConfinement *apparmor_confinement; long connection_tv_sec; /**< Time when we connected (seconds component) */ long connection_tv_usec; /**< Time when we connected (microsec component) */ @@ -404,6 +406,9 @@ free_connection_data (void *data) if (d->selinux_id) bus_selinux_id_unref (d->selinux_id); + + if (d->apparmor_confinement) + bus_apparmor_confinement_unref (d->apparmor_confinement); dbus_free (d->cached_loginfo_string); @@ -637,6 +642,19 @@ bus_connections_setup_connection (BusCon goto out; } + d->apparmor_confinement = bus_apparmor_init_connection_confinement (connection, + &error); + if (dbus_error_is_set (&error)) + { + /* This is a bit bogus because we pretend all errors + * are OOM; this is done because we know that in bus.c + * an OOM error disconnects the connection, which is + * the same thing we want on any other error. + */ + dbus_error_free (&error); + goto out; + } + if (!dbus_connection_set_watch_functions (connection, add_connection_watch, remove_connection_watch, @@ -722,6 +740,10 @@ bus_connections_setup_connection (BusCon if (d->selinux_id) bus_selinux_id_unref (d->selinux_id); d->selinux_id = NULL; + + if (d->apparmor_confinement) + bus_apparmor_confinement_unref (d->apparmor_confinement); + d->apparmor_confinement = NULL; if (!dbus_connection_set_watch_functions (connection, NULL, NULL, NULL, @@ -1107,6 +1129,19 @@ bus_connection_get_selinux_id (DBusConne return d->selinux_id; } +BusAppArmorConfinement* +bus_connection_get_apparmor_confinement (DBusConnection *connection) +{ + BusConnectionData *d; + + d = BUS_CONNECTION_DATA (connection); + + _dbus_assert (d != NULL); + + bus_apparmor_confinement_ref (d->apparmor_confinement); + return d->apparmor_confinement; +} + /** * Checks whether the connection is registered with the message bus. * Index: dbus-1.6.12/bus/bus.h =================================================================== --- dbus-1.6.12.orig/bus/bus.h 2012-06-06 03:45:55.000000000 -0700 +++ dbus-1.6.12/bus/bus.h 2013-10-10 09:52:39.000000000 -0700 @@ -38,6 +38,7 @@ typedef struct BusClientPolicy BusClien typedef struct BusPolicyRule BusPolicyRule; typedef struct BusRegistry BusRegistry; typedef struct BusSELinuxID BusSELinuxID; +typedef struct BusAppArmorConfinement BusAppArmorConfinement; typedef struct BusService BusService; typedef struct BusOwner BusOwner; typedef struct BusTransaction BusTransaction; Index: dbus-1.6.12/bus/connection.h =================================================================== --- dbus-1.6.12.orig/bus/connection.h 2012-06-06 03:45:55.000000000 -0700 +++ dbus-1.6.12/bus/connection.h 2013-10-10 09:52:39.000000000 -0700 @@ -52,6 +52,7 @@ BusActivation* bus_connection_get_activ BusMatchmaker* bus_connection_get_matchmaker (DBusConnection *connection); const char * bus_connection_get_loginfo (DBusConnection *connection); BusSELinuxID* bus_connection_get_selinux_id (DBusConnection *connection); +BusAppArmorConfinement* bus_connection_get_apparmor_confinement (DBusConnection *connection); dbus_bool_t bus_connections_check_limits (BusConnections *connections, DBusConnection *requesting_completion, DBusError *error); Index: dbus-1.6.12/cmake/bus/CMakeLists.txt =================================================================== --- dbus-1.6.12.orig/cmake/bus/CMakeLists.txt 2013-02-05 06:37:48.000000000 -0800 +++ dbus-1.6.12/cmake/bus/CMakeLists.txt 2013-10-10 09:52:39.000000000 -0700 @@ -42,6 +42,8 @@ set (DIR_WATCH_SOURCE ) set (BUS_SOURCES ${BUS_DIR}/activation.c ${BUS_DIR}/activation.h + ${BUS_DIR}/apparmor.h + ${BUS_DIR}/apparmor.c ${BUS_DIR}/bus.c ${BUS_DIR}/bus.h ${BUS_DIR}/config-parser.c Index: dbus-1.6.12/bus/config-parser.c =================================================================== --- dbus-1.6.12.orig/bus/config-parser.c 2013-02-12 03:45:32.000000000 -0800 +++ dbus-1.6.12/bus/config-parser.c 2013-10-10 09:52:39.000000000 -0700 @@ -28,6 +28,7 @@ #include "utils.h" #include "policy.h" #include "selinux.h" +#include "apparmor.h" #include #include #include @@ -1120,6 +1121,27 @@ start_busconfig_child (BusConfigParser return TRUE; } + else if (element_type == ELEMENT_APPARMOR) + { + Element *e; + const char *mode; + + if ((e = push_element (parser, ELEMENT_APPARMOR)) == NULL) + { + BUS_SET_OOM (error); + return FALSE; + } + + if (!locate_attributes (parser, "apparmor", + attribute_names, + attribute_values, + error, + "mode", &mode, + NULL)) + return FALSE; + + return bus_apparmor_set_mode_from_config (mode, error); + } else { dbus_set_error (error, DBUS_ERROR_FAILED, @@ -2052,6 +2074,7 @@ bus_config_parser_end_element (BusConfig case ELEMENT_STANDARD_SESSION_SERVICEDIRS: case ELEMENT_STANDARD_SYSTEM_SERVICEDIRS: case ELEMENT_ALLOW_ANONYMOUS: + case ELEMENT_APPARMOR: break; } @@ -2351,6 +2374,7 @@ bus_config_parser_content (BusConfigPars case ELEMENT_ALLOW_ANONYMOUS: case ELEMENT_SELINUX: case ELEMENT_ASSOCIATE: + case ELEMENT_APPARMOR: if (all_whitespace (content)) return TRUE; else Index: dbus-1.6.12/bus/config-parser-common.c =================================================================== --- dbus-1.6.12.orig/bus/config-parser-common.c 2012-06-06 03:45:55.000000000 -0700 +++ dbus-1.6.12/bus/config-parser-common.c 2013-10-10 09:52:39.000000000 -0700 @@ -127,6 +127,10 @@ bus_config_parser_element_name_to_type ( { return ELEMENT_ALLOW_ANONYMOUS; } + else if (strcmp (name, "apparmor") == 0) + { + return ELEMENT_APPARMOR; + } return ELEMENT_NONE; } @@ -181,6 +185,8 @@ bus_config_parser_element_type_to_name ( return "keep_umask"; case ELEMENT_ALLOW_ANONYMOUS: return "allow_anonymous"; + case ELEMENT_APPARMOR: + return "apparmor"; } _dbus_assert_not_reached ("bad element type"); Index: dbus-1.6.12/bus/config-parser-common.h =================================================================== --- dbus-1.6.12.orig/bus/config-parser-common.h 2012-06-06 03:45:55.000000000 -0700 +++ dbus-1.6.12/bus/config-parser-common.h 2013-10-10 09:52:39.000000000 -0700 @@ -49,7 +49,8 @@ typedef enum ELEMENT_STANDARD_SYSTEM_SERVICEDIRS, ELEMENT_KEEP_UMASK, ELEMENT_SYSLOG, - ELEMENT_ALLOW_ANONYMOUS + ELEMENT_ALLOW_ANONYMOUS, + ELEMENT_APPARMOR, } ElementType; ElementType bus_config_parser_element_name_to_type (const char *element_name); Index: dbus-1.6.12/doc/busconfig.dtd =================================================================== --- dbus-1.6.12.orig/doc/busconfig.dtd 2012-06-06 03:45:55.000000000 -0700 +++ dbus-1.6.12/doc/busconfig.dtd 2013-10-10 09:52:39.000000000 -0700 @@ -11,7 +11,8 @@ include | policy | limit | - selinux)*> + selinux | + apparmor)*> @@ -63,3 +64,7 @@ + + + Index: dbus-1.6.12/doc/dbus-daemon.1.in =================================================================== --- dbus-1.6.12.orig/doc/dbus-daemon.1.in 2012-08-13 11:08:25.000000000 -0700 +++ dbus-1.6.12/doc/dbus-daemon.1.in 2013-10-10 09:52:39.000000000 -0700 @@ -648,6 +648,20 @@ Right now the default will be the securi If two elements specify the same name, the element appearing later in the configuration file will be used. +.TP +.I "" + +.PP +The element is used to configure AppArmor mediation of D\-Bus +messages. It can contain one attibute that specifies if mediation is enabled: +.nf + +.fi +The default mode is is "enabled". In "enabled" mode, AppArmor mediation will be +enabled if AppArmor support is available. In "disabled" mode, AppArmor +mediation is disabled. In "required" mode, AppArmor mediation will be enabled +if AppArmor support is available, otherwise D\-Bus will not start. + .SH SELinux .PP @@ -713,6 +727,36 @@ If a name has no security context associ configuration file, the security context of the bus daemon itself will be used. +.SH AppArmor + +.PP +The AppArmor confinement context is stored when applications connect to D\-Bus. +The confinement context consists of a label and a confinement mode. When a +security decision is required, D\-Bus uses the label to query the AppArmor +policy to determine if the action should be allowed, denied, and/or audited. + +.PP +D\-Bus performs AppArmor security checks in two places. + +.PP +First, any time a message is routed from one connection to another +connection, the bus daemon will check permissions with the label of the first +connection as source, label and/or connection name of the second connection as +target, along with the bus name, the path name, the interface name, and the +member name. Reply messages, such as method_return and error messages, are +implicity allowed if they are in response to a message that has already been +allowed. + +.PP +Second, any time a connection asks to own a name, the bus daemon will check +permissions with the label of the connection as source, the requested name as +target, along with the bus name. + +.PP +AppArmor rules for D\-Bus mediation are not stored in the bus configuration +files. They are stored in the application's AppArmor profile. Please see the +AppArmor documentation for more details. + .SH DEBUGGING .PP Index: dbus-1.6.12/bus/test-main.c =================================================================== --- dbus-1.6.12.orig/bus/test-main.c 2012-06-06 03:45:55.000000000 -0700 +++ dbus-1.6.12/bus/test-main.c 2013-10-10 09:52:39.000000000 -0700 @@ -30,6 +30,7 @@ #include #include #include "selinux.h" +#include "apparmor.h" #ifdef DBUS_BUILD_TESTS static void @@ -65,6 +66,11 @@ test_pre_hook (void) || !bus_selinux_full_init ())) die ("could not init selinux support"); + if (_dbus_getenv ("DBUS_TEST_APPARMOR") + && (!bus_apparmor_pre_init () + || !bus_apparmor_full_init ())) + die ("could not init apparmor support"); + initial_fds = _dbus_check_fdleaks_enter (); } @@ -75,6 +81,10 @@ test_post_hook (void) { if (_dbus_getenv ("DBUS_TEST_SELINUX")) bus_selinux_shutdown (); + + if (_dbus_getenv ("DBUS_TEST_APPARMOR")) + bus_apparmor_shutdown (); + check_memleaks (progname); _dbus_check_fdleaks_leave (initial_fds); debian/patches/0004-upstart-add-UpstartJob-to-service-desktop-files.patch0000664000000000000000000000616312240207265023377 0ustar From 186818fa7a3af63178f68778555c87321505fd34 Mon Sep 17 00:00:00 2001 From: Scott James Remnant Date: Tue, 21 Dec 2010 16:00:42 +0000 Subject: [PATCH 4/5] upstart: add UpstartJob= to service desktop files Add a field to service desktop files to specify that there is an equivalent Upstart job for this service; unlike the systemd stuff, this doesn't need to name that job so it's just a flag. --- bus/activation.c | 20 ++++++++++++++++++++ bus/desktop-file.h | 1 + 2 files changed, 21 insertions(+), 0 deletions(-) Index: dbus-1.4.16/bus/activation.c =================================================================== --- dbus-1.4.16.orig/bus/activation.c 2011-10-18 18:10:55.214134484 +0200 +++ dbus-1.4.16/bus/activation.c 2011-10-18 18:11:06.414135027 +0200 @@ -74,6 +74,7 @@ unsigned long mtime; BusServiceDirectory *s_dir; char *filename; + unsigned int upstart_job : 1; } BusActivationEntry; typedef struct BusPendingActivationEntry BusPendingActivationEntry; @@ -98,6 +99,7 @@ DBusBabysitter *babysitter; DBusTimeout *timeout; unsigned int timeout_added : 1; + unsigned int upstart_job : 1; } BusPendingActivation; #if 0 @@ -260,6 +262,8 @@ DBusError *error) { char *name, *exec, *user, *exec_tmp, *systemd_service; + const char *upstart_job_raw; + int upstart_job; BusActivationEntry *entry; DBusStat stat_buf; DBusString file_path; @@ -275,6 +279,8 @@ exec_tmp = NULL; entry = NULL; systemd_service = NULL; + upstart_job_raw = NULL; + upstart_job = FALSE; dbus_error_init (&tmp_error); @@ -361,6 +367,16 @@ } } + /* upstart job is never required */ + if (bus_desktop_file_get_raw (desktop_file, + DBUS_SERVICE_SECTION, + DBUS_SERVICE_UPSTART_JOB, + &upstart_job_raw)) + { + if (strchr ("YyTt", upstart_job_raw[0])) + upstart_job = TRUE; + } + _DBUS_ASSERT_ERROR_IS_CLEAR (&tmp_error); entry = _dbus_hash_table_lookup_string (s_dir->entries, @@ -389,6 +405,7 @@ entry->exec = exec; entry->user = user; entry->systemd_service = systemd_service; + entry->upstart_job = upstart_job; entry->refcount = 1; /* ownership has been transferred to entry, do not free separately */ @@ -1847,6 +1864,8 @@ } } + pending_activation->upstart_job = entry->upstart_job; + pending_activation->timeout = _dbus_timeout_new (bus_context_get_activation_timeout (activation->context), pending_activation_timed_out, Index: dbus-1.4.16/bus/desktop-file.h =================================================================== --- dbus-1.4.16.orig/bus/desktop-file.h 2011-09-14 17:58:18.000000000 +0200 +++ dbus-1.4.16/bus/desktop-file.h 2011-10-18 18:11:06.414135027 +0200 @@ -36,6 +36,7 @@ #define DBUS_SERVICE_USER "User" #define DBUS_SERVICE_GROUP "Group" #define DBUS_SERVICE_SYSTEMD_SERVICE "SystemdService" +#define DBUS_SERVICE_UPSTART_JOB "UpstartJob" typedef struct BusDesktopFile BusDesktopFile; debian/patches/series0000664000000000000000000000145512777426644012064 0ustar 00git_logind_check.patch 00git_sd_daemon_update.patch 01_no-fatal-warnings.patch 20_system_conf_limit.patch 81-session.conf-timeout.patch #0001-activation-allow-for-more-variation-than-just-system.patch #0002-bus-change-systemd-activation-to-activation-systemd.patch #0003-upstart-add-upstart-as-a-possible-activation-type.patch #0004-upstart-add-UpstartJob-to-service-desktop-files.patch #0005-activation-implement-upstart-activation.patch aa-build-tools.patch aa-mediation.patch aa-get-connection-apparmor-security-context.patch aa-mediate-eavesdropping.patch CVE-2014-3477.patch CVE-2014-3532.patch CVE-2014-3533.patch CVE-2014-3635.patch CVE-2014-3636.patch CVE-2014-3637.patch CVE-2014-3638.patch CVE-2014-3639.patch CVE-2014-7824.patch CVE-2014-3639-regression.patch CVE-2015-0245.patch format_string.patch debian/patches/0003-upstart-add-upstart-as-a-possible-activation-type.patch0000664000000000000000000000513212240207265023724 0ustar From 3decca8e0ac801cf9c5985bfdd9b00e3e56a6643 Mon Sep 17 00:00:00 2001 From: Scott James Remnant Date: Tue, 21 Dec 2010 15:54:32 +0000 Subject: [PATCH 3/5] upstart: add upstart as a possible activation type Add upstart as a possible value for the enum and the command-line option. --- bus/bus.h | 3 ++- bus/main.c | 4 +++- doc/dbus-daemon.1.in | 4 ++++ 3 files changed, 9 insertions(+), 2 deletions(-) Index: dbus-1.4.16/bus/bus.h =================================================================== --- dbus-1.4.16.orig/bus/bus.h 2011-10-18 18:10:55.218134485 +0200 +++ dbus-1.4.16/bus/bus.h 2011-10-18 18:11:03.714134896 +0200 @@ -74,7 +74,8 @@ typedef enum { ACTIVATION_DEFAULT, - ACTIVATION_SYSTEMD + ACTIVATION_SYSTEMD, + ACTIVATION_UPSTART } ActivationType; BusContext* bus_context_new (const DBusString *config_file, Index: dbus-1.4.16/bus/main.c =================================================================== --- dbus-1.4.16.orig/bus/main.c 2011-10-18 18:11:00.010134717 +0200 +++ dbus-1.4.16/bus/main.c 2011-10-18 18:11:03.718134896 +0200 @@ -125,7 +125,7 @@ static void usage (void) { - fprintf (stderr, DBUS_DAEMON_NAME " [--version] [--session] [--system] [--config-file=FILE] [--print-address[=DESCRIPTOR]] [--print-pid[=DESCRIPTOR]] [--fork] [--nofork] [--introspect] [--address=ADDRESS] [--activation=systemd]\n"); + fprintf (stderr, DBUS_DAEMON_NAME " [--version] [--session] [--system] [--config-file=FILE] [--print-address[=DESCRIPTOR]] [--print-pid[=DESCRIPTOR]] [--fork] [--nofork] [--introspect] [--address=ADDRESS] [--activation=systemd|upstart]\n"); exit (1); } @@ -410,6 +410,8 @@ if (strcmp (activation, "systemd") == 0) activation_type = ACTIVATION_SYSTEMD; + else if (strcmp (activation, "upstart") == 0) + activation_type = ACTIVATION_UPSTART; else { fprintf (stderr, "Unknown activation type: %s.\n", activation); Index: dbus-1.4.16/doc/dbus-daemon.1.in =================================================================== --- dbus-1.4.16.orig/doc/dbus-daemon.1.in 2011-10-18 18:11:00.014134716 +0200 +++ dbus-1.4.16/doc/dbus-daemon.1.in 2011-10-18 18:11:03.726134896 +0200 @@ -94,6 +94,10 @@ .I "\-\-activation=systemd" Enable systemd\-style service activation. Only useful in conjunction with the systemd system and session manager on Linux. +.TP +.I "--activation=upstart" +Enable upstart-style service activation. Only useful in conjunction +with the Upstart init daemon on Linux. .SH CONFIGURATION FILE debian/patches/CVE-2015-0245.patch0000664000000000000000000000270612777426635013262 0ustar From f9697e04f1c9871cb54a99f087e97e4bb9e41e06 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 26 Jan 2015 20:09:56 +0000 Subject: CVE-2015-0245: prevent forged ActivationFailure from non-root processes Without either this rule or better checking in dbus-daemon, non-systemd processes can make dbus-daemon think systemd failed to activate a system service, resulting in an error reply back to the requester. This is redundant with the fix in the C code (which I consider to be the real solution), but is likely to be easier to backport. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=88811 Reviewed-by: Alban Crequy Reviewed-by: David King Reviewed-by: Philip Withnall diff --git a/bus/system.conf.in b/bus/system.conf.in index 92f4cc4..851b9e6 100644 --- a/bus/system.conf.in +++ b/bus/system.conf.in @@ -68,6 +68,14 @@ + + + + + + + 5000 debian/patches/CVE-2014-3635.patch0000664000000000000000000001133312406314460013240 0ustar Description: fix buffer overrun via odd max_message_unix_fds Origin: upstream, http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=b1e9a2b4bd858b37c0bc02aa102b97530083a703 Origin: upstream, http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.6&id=94b8d5e7a85bfb6c9a92b8e22e382b2e0ded2b59 Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83622 Index: dbus-1.6.18/dbus/dbus-internals.h =================================================================== --- dbus-1.6.18.orig/dbus/dbus-internals.h 2013-04-22 10:10:32.000000000 -0400 +++ dbus-1.6.18/dbus/dbus-internals.h 2014-09-17 10:13:38.930199752 -0400 @@ -372,7 +372,7 @@ #define _DBUS_PASTE(a, b) _DBUS_PASTE2 (a, b) #define _DBUS_STATIC_ASSERT(expr) \ typedef struct { char _assertion[(expr) ? 1 : -1]; } \ - _DBUS_PASTE (_DBUS_STATIC_ASSERT_, __LINE__) + _DBUS_PASTE (_DBUS_STATIC_ASSERT_, __LINE__) _DBUS_GNUC_UNUSED DBUS_END_DECLS Index: dbus-1.6.18/dbus/dbus-macros.h =================================================================== --- dbus-1.6.18.orig/dbus/dbus-macros.h 2013-04-22 10:10:32.000000000 -0400 +++ dbus-1.6.18/dbus/dbus-macros.h 2014-09-17 10:13:38.930199752 -0400 @@ -69,9 +69,12 @@ __attribute__((__format__ (__printf__, format_idx, arg_idx))) #define _DBUS_GNUC_NORETURN \ __attribute__((__noreturn__)) +#define _DBUS_GNUC_UNUSED \ + __attribute__((__unused__)) #else /* !__GNUC__ */ #define _DBUS_GNUC_PRINTF( format_idx, arg_idx ) #define _DBUS_GNUC_NORETURN +#define _DBUS_GNUC_UNUSED #endif /* !__GNUC__ */ #if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 96) Index: dbus-1.6.18/dbus/dbus-sysdeps-unix.c =================================================================== --- dbus-1.6.18.orig/dbus/dbus-sysdeps-unix.c 2013-09-16 08:57:59.000000000 -0400 +++ dbus-1.6.18/dbus/dbus-sysdeps-unix.c 2014-09-17 10:13:41.986199769 -0400 @@ -315,6 +315,12 @@ m.msg_control = alloca(m.msg_controllen); memset(m.msg_control, 0, m.msg_controllen); + /* Do not include the padding at the end when we tell the kernel + * how much we're willing to receive. This avoids getting + * the padding filled with additional fds that we weren't expecting, + * if a (potentially malicious) sender included them. (fd.o #83622) */ + m.msg_controllen = CMSG_LEN (*n_fds * sizeof(int)); + again: bytes_read = recvmsg(fd, &m, 0 @@ -354,18 +360,49 @@ for (cm = CMSG_FIRSTHDR(&m); cm; cm = CMSG_NXTHDR(&m, cm)) if (cm->cmsg_level == SOL_SOCKET && cm->cmsg_type == SCM_RIGHTS) { - unsigned i; - - _dbus_assert(cm->cmsg_len <= CMSG_LEN(*n_fds * sizeof(int))); - *n_fds = (cm->cmsg_len - CMSG_LEN(0)) / sizeof(int); + size_t i; + int *payload = (int *) CMSG_DATA (cm); + size_t payload_len_bytes = (cm->cmsg_len - CMSG_LEN (0)); + size_t payload_len_fds = payload_len_bytes / sizeof (int); + size_t fds_to_use; + + /* Every non-negative int fits in a size_t without truncation, + * and we already know that *n_fds is non-negative, so + * casting (size_t) *n_fds is OK */ + _DBUS_STATIC_ASSERT (sizeof (size_t) >= sizeof (int)); + + if (_DBUS_LIKELY (payload_len_fds <= (size_t) *n_fds)) + { + /* The fds in the payload will fit in our buffer */ + fds_to_use = payload_len_fds; + } + else + { + /* Too many fds in the payload. This shouldn't happen + * any more because we're setting m.msg_controllen to + * the exact number we can accept, but be safe and + * truncate. */ + fds_to_use = (size_t) *n_fds; + + /* Close the excess fds to avoid DoS: if they stayed open, + * someone could send us an extra fd per message + * and we'd eventually run out. */ + for (i = fds_to_use; i < payload_len_fds; i++) + { + close (payload[i]); + } + } - memcpy(fds, CMSG_DATA(cm), *n_fds * sizeof(int)); + memcpy (fds, payload, fds_to_use * sizeof (int)); found = TRUE; + /* This cannot overflow because we have chosen fds_to_use + * to be <= *n_fds */ + *n_fds = (int) fds_to_use; /* Linux doesn't tell us whether MSG_CMSG_CLOEXEC actually worked, hence we need to go through this list and set CLOEXEC everywhere in any case */ - for (i = 0; i < *n_fds; i++) + for (i = 0; i < fds_to_use; i++) _dbus_fd_set_close_on_exec(fds[i]); break; debian/patches/02_obsolete_g_thread_api.patch0000664000000000000000000001517412240207265016453 0ustar From: Martin Pitt Date: Tue, 3 Jan 2012 10:57:30 +0100 Subject: [PATCH] Port to glib 2.31.x g_thread API g_thread_init() is deprecated since glib 2.24, call g_type_init() instead. g_thread_create is deprecated since 2.31, use g_thread_new() instead. Bump glib requirement accordingly. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=44413 Bug-Ubuntu: https://launchpad.net/bugs/911125 Index: dbus-1.4.16/test/internals/refs.c =================================================================== --- dbus-1.4.16.orig/test/internals/refs.c 2011-09-21 13:16:16.000000000 +0200 +++ dbus-1.4.16/test/internals/refs.c 2012-01-03 11:07:30.714947587 +0100 @@ -26,6 +26,7 @@ #include +#include #include #define DBUS_COMPILATION /* this test uses libdbus-internal */ @@ -277,10 +278,9 @@ for (i = 0; i < N_THREADS; i++) { if ((i % 2) == 0) - f->threads[i] = g_thread_create (ref_thread, &public_api, TRUE, NULL); + f->threads[i] = g_thread_new (NULL, ref_thread, &public_api); else - f->threads[i] = g_thread_create (ref_thread, &internal_api, TRUE, - NULL); + f->threads[i] = g_thread_new (NULL, ref_thread, &internal_api); g_assert (f->threads[i] != NULL); } @@ -290,11 +290,9 @@ for (i = 0; i < N_THREADS; i++) { if ((i % 2) == 0) - f->threads[i] = g_thread_create (cycle_thread, &public_api, TRUE, - NULL); + f->threads[i] = g_thread_new (NULL, cycle_thread, &public_api); else - f->threads[i] = g_thread_create (cycle_thread, &internal_api, TRUE, - NULL); + f->threads[i] = g_thread_new (NULL, cycle_thread, &internal_api); g_assert (f->threads[i] != NULL); } @@ -304,11 +302,9 @@ for (i = 0; i < N_THREADS; i++) { if ((i % 2) == 0) - f->threads[i] = g_thread_create (unref_thread, &public_api, TRUE, - NULL); + f->threads[i] = g_thread_new (NULL, unref_thread, &public_api); else - f->threads[i] = g_thread_create (unref_thread, &internal_api, TRUE, - NULL); + f->threads[i] = g_thread_new (NULL, unref_thread, &internal_api); g_assert (f->threads[i] != NULL); } @@ -361,10 +357,9 @@ for (i = 0; i < N_THREADS; i++) { if ((i % 2) == 0) - f->threads[i] = g_thread_create (ref_thread, &public_api, TRUE, NULL); + f->threads[i] = g_thread_new (NULL, ref_thread, &public_api); else - f->threads[i] = g_thread_create (ref_thread, &internal_api, TRUE, - NULL); + f->threads[i] = g_thread_new (NULL, ref_thread, &internal_api); g_assert (f->threads[i] != NULL); } @@ -374,11 +369,9 @@ for (i = 0; i < N_THREADS; i++) { if ((i % 2) == 0) - f->threads[i] = g_thread_create (cycle_thread, &public_api, TRUE, - NULL); + f->threads[i] = g_thread_new (NULL, cycle_thread, &public_api); else - f->threads[i] = g_thread_create (cycle_thread, &internal_api, TRUE, - NULL); + f->threads[i] = g_thread_new (NULL, cycle_thread, &internal_api); g_assert (f->threads[i] != NULL); } @@ -388,11 +381,9 @@ for (i = 0; i < N_THREADS; i++) { if ((i % 2) == 0) - f->threads[i] = g_thread_create (unref_thread, &public_api, TRUE, - NULL); + f->threads[i] = g_thread_new (NULL, unref_thread, &public_api); else - f->threads[i] = g_thread_create (unref_thread, &internal_api, TRUE, - NULL); + f->threads[i] = g_thread_new (NULL, unref_thread, &internal_api); g_assert (f->threads[i] != NULL); } @@ -427,7 +418,7 @@ for (i = 0; i < N_THREADS; i++) { - f->threads[i] = g_thread_create (ref_thread, &public_api, TRUE, NULL); + f->threads[i] = g_thread_new (NULL, ref_thread, &public_api); g_assert (f->threads[i] != NULL); } @@ -435,7 +426,7 @@ for (i = 0; i < N_THREADS; i++) { - f->threads[i] = g_thread_create (cycle_thread, &public_api, TRUE, NULL); + f->threads[i] = g_thread_new (NULL, cycle_thread, &public_api); g_assert (f->threads[i] != NULL); } @@ -443,7 +434,7 @@ for (i = 0; i < N_THREADS; i++) { - f->threads[i] = g_thread_create (unref_thread, &public_api, TRUE, NULL); + f->threads[i] = g_thread_new (NULL, unref_thread, &public_api); g_assert (f->threads[i] != NULL); } @@ -501,10 +492,9 @@ for (i = 0; i < N_THREADS; i++) { if ((i % 2) == 0) - f->threads[i] = g_thread_create (ref_thread, &public_api, TRUE, NULL); + f->threads[i] = g_thread_new (NULL, ref_thread, &public_api); else - f->threads[i] = g_thread_create (ref_thread, &internal_api, TRUE, - NULL); + f->threads[i] = g_thread_new (NULL, ref_thread, &internal_api); g_assert (f->threads[i] != NULL); } @@ -516,16 +506,14 @@ switch (i % 3) { case 0: - f->threads[i] = g_thread_create (cycle_thread, &public_api, TRUE, - NULL); + f->threads[i] = g_thread_new (NULL, cycle_thread, &public_api); break; case 1: - f->threads[i] = g_thread_create (cycle_thread, &internal_api, TRUE, - NULL); + f->threads[i] = g_thread_new (NULL, cycle_thread, &internal_api); break; default: - f->threads[i] = g_thread_create (cycle_thread, - &unref_and_unlock_api, TRUE, NULL); + f->threads[i] = g_thread_new (NULL, cycle_thread, + &unref_and_unlock_api); } g_assert (f->threads[i] != NULL); @@ -538,16 +526,14 @@ switch (i % 3) { case 0: - f->threads[i] = g_thread_create (unref_thread, &public_api, TRUE, - NULL); + f->threads[i] = g_thread_new (NULL, unref_thread, &public_api); break; case 1: - f->threads[i] = g_thread_create (unref_thread, &internal_api, TRUE, - NULL); + f->threads[i] = g_thread_new (NULL, unref_thread, &internal_api); break; default: - f->threads[i] = g_thread_create (unref_thread, - &unref_and_unlock_api, TRUE, NULL); + f->threads[i] = g_thread_new (NULL, unref_thread, + &unref_and_unlock_api); } g_assert (f->threads[i] != NULL); @@ -596,7 +582,7 @@ main (int argc, char **argv) { - g_thread_init (NULL); + g_type_init (); g_test_init (&argc, &argv, NULL); g_test_bug_base ("https://bugs.freedesktop.org/show_bug.cgi?id="); debian/patches/0002-bus-change-systemd-activation-to-activation-systemd.patch0000664000000000000000000000656612240207265024342 0ustar From f4a24b6062122f324c6cc7c0f33f955f649deb2f Mon Sep 17 00:00:00 2001 From: Scott James Remnant Date: Tue, 21 Dec 2010 15:47:33 +0000 Subject: [PATCH 2/5] bus: change --systemd-activation to --activation=systemd In the same spirit as the previous patch, rather than adding a new command-line option for each activation type, take a parameter to choose between them. The old option has been left in as an undocumented equivalent for compatibility. --- bus/dbus.service.in | 2 +- bus/main.c | 17 ++++++++++++++++- doc/dbus-daemon.1.in | 2 +- 3 files changed, 18 insertions(+), 3 deletions(-) Index: dbus-1.4.16/bus/dbus.service.in =================================================================== --- dbus-1.4.16.orig/bus/dbus.service.in 2011-09-14 17:58:18.000000000 +0200 +++ dbus-1.4.16/bus/dbus.service.in 2011-10-18 18:11:00.010134717 +0200 @@ -6,6 +6,6 @@ [Service] ExecStartPre=@EXPANDED_BINDIR@/dbus-uuidgen --ensure ExecStartPre=-/bin/rm -f @DBUS_SYSTEM_PID_FILE@ -ExecStart=@EXPANDED_BINDIR@/dbus-daemon --system --address=systemd: --nofork --systemd-activation +ExecStart=@EXPANDED_BINDIR@/dbus-daemon --system --address=systemd: --nofork --activation=systemd ExecReload=@EXPANDED_BINDIR@/dbus-send --print-reply --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig OOMScoreAdjust=-900 Index: dbus-1.4.16/bus/main.c =================================================================== --- dbus-1.4.16.orig/bus/main.c 2011-10-18 18:10:55.218134485 +0200 +++ dbus-1.4.16/bus/main.c 2011-10-18 18:11:00.010134717 +0200 @@ -125,7 +125,7 @@ static void usage (void) { - fprintf (stderr, DBUS_DAEMON_NAME " [--version] [--session] [--system] [--config-file=FILE] [--print-address[=DESCRIPTOR]] [--print-pid[=DESCRIPTOR]] [--fork] [--nofork] [--introspect] [--address=ADDRESS] [--systemd-activation]\n"); + fprintf (stderr, DBUS_DAEMON_NAME " [--version] [--session] [--system] [--config-file=FILE] [--print-address[=DESCRIPTOR]] [--print-pid[=DESCRIPTOR]] [--fork] [--nofork] [--introspect] [--address=ADDRESS] [--activation=systemd]\n"); exit (1); } @@ -401,6 +401,21 @@ force_fork = FORK_ALWAYS; else if (strcmp (arg, "--systemd-activation") == 0) activation_type = ACTIVATION_SYSTEMD; + else if (strstr (arg, "--activation=") == arg) + { + const char *activation; + + activation = strchr (arg, '='); + ++activation; + + if (strcmp (activation, "systemd") == 0) + activation_type = ACTIVATION_SYSTEMD; + else + { + fprintf (stderr, "Unknown activation type: %s.\n", activation); + usage (); + } + } else if (strcmp (arg, "--system") == 0) { check_two_config_files (&config_file, "system"); Index: dbus-1.4.16/doc/dbus-daemon.1.in =================================================================== --- dbus-1.4.16.orig/doc/dbus-daemon.1.in 2011-09-20 19:59:20.000000000 +0200 +++ dbus-1.4.16/doc/dbus-daemon.1.in 2011-10-18 18:11:00.014134716 +0200 @@ -91,7 +91,7 @@ Set the address to listen on. This option overrides the address configured in the configuration file. .TP -.I "\-\-systemd\-activation" +.I "\-\-activation=systemd" Enable systemd\-style service activation. Only useful in conjunction with the systemd system and session manager on Linux. debian/patches/00git_logind_check.patch0000664000000000000000000000236612240207265015263 0ustar From e25938d52731e1dc59b4aeaaec186578f8cd16af Mon Sep 17 00:00:00 2001 From: Martin Pitt Date: Thu, 21 Mar 2013 08:24:21 +0000 Subject: Fix test for logind availability sd_booted() is not an appropriate check for whether we should talk to logind, test for /run/systemd/seats/ instead. For details, see: Bug: https://bugs.freedesktop.org/show_bug.cgi?id=62585 [trivial whitespace fix -smcv] Reviewed-by: Simon McVittie --- diff --git a/dbus/dbus-userdb-util.c b/dbus/dbus-userdb-util.c index 16bf229..5af0092 100644 --- a/dbus/dbus-userdb-util.c +++ b/dbus/dbus-userdb-util.c @@ -21,6 +21,7 @@ * */ #include +#include #define DBUS_USERDB_INCLUDES_PRIVATE 1 #include "dbus-userdb.h" #include "dbus-test.h" @@ -29,7 +30,6 @@ #include #if HAVE_SYSTEMD -#include #include #endif @@ -55,7 +55,8 @@ _dbus_is_console_user (dbus_uid_t uid, dbus_bool_t result = FALSE; #ifdef HAVE_SYSTEMD - if (sd_booted () > 0) + /* check if we have logind */ + if (access ("/run/systemd/seats/", F_OK) >= 0) { int r; -- cgit v0.9.0.2-2-gbebe debian/dbus-1-doc.doc-base.tutorial0000664000000000000000000000025512240207265014271 0ustar Document: dbus-tutorial Title: D-Bus Tutorial Section: Programming Format: HTML Index: /usr/share/doc/dbus/dbus-tutorial.html Files: /usr/share/doc/dbus/dbus-tutorial.html debian/dbus-1-doc.doc-base.system-activation0000664000000000000000000000022412240207265016105 0ustar Document: dbus-system-activation Title: D-Bus System Activation Section: Programming Format: Text Files: /usr/share/doc/dbus/system-activation.txt debian/copyright0000664000000000000000000002562612240207265011136 0ustar This package was debianized by Colin Walters on Thu, 6 Mar 2003 18:01:37 -0500 It was downloaded from http://www.freedesktop.org/software/dbus This package is dual-licensed under the Academic Free License version 2.1, and the GPL version 2. For a description of the GPL, see /usr/share/common-licenses/GPL-2 on your Debian system. Portions of the package are only licensed under the GPL (notably tools/dbus-cleanup-sockets.c and test/decode-gcov.c ). The Academic Free License follows: The Academic Free License v. 2.1 This Academic Free License (the "License") applies to any original work of authorship (the "Original Work") whose owner (the "Licensor") has placed the following notice immediately following the copyright notice for the Original Work: Licensed under the Academic Free License version 2.1 1) Grant of Copyright License. Licensor hereby grants You a world-wide, royalty-free, non-exclusive, perpetual, sublicenseable license to do the following: a) to reproduce the Original Work in copies; b) to prepare derivative works ("Derivative Works") based upon the Original Work; c) to distribute copies of the Original Work and Derivative Works to the public; d) to perform the Original Work publicly; and e) to display the Original Work publicly. 2) Grant of Patent License. Licensor hereby grants You a world-wide, royalty-free, non-exclusive, perpetual, sublicenseable license, under patent claims owned or controlled by the Licensor that are embodied in the Original Work as furnished by the Licensor, to make, use, sell and offer for sale the Original Work and Derivative Works. 3) Grant of Source Code License. The term "Source Code" means the preferred form of the Original Work for making modifications to it and all available documentation describing how to modify the Original Work. Licensor hereby agrees to provide a machine-readable copy of the Source Code of the Original Work along with each copy of the Original Work that Licensor distributes. Licensor reserves the right to satisfy this obligation by placing a machine-readable copy of the Source Code in an information repository reasonably calculated to permit inexpensive and convenient access by You for as long as Licensor continues to distribute the Original Work, and by publishing the address of that information repository in a notice immediately following the copyright notice that applies to the Original Work. 4) Exclusions From License Grant. Neither the names of Licensor, nor the names of any contributors to the Original Work, nor any of their trademarks or service marks, may be used to endorse or promote products derived from this Original Work without express prior written permission of the Licensor. Nothing in this License shall be deemed to grant any rights to trademarks, copyrights, patents, trade secrets or any other intellectual property of Licensor except as expressly stated herein. No patent license is granted to make, use, sell or offer to sell embodiments of any patent claims other than the licensed claims defined in Section 2. No right is granted to the trademarks of Licensor even if such marks are included in the Original Work. Nothing in this License shall be interpreted to prohibit Licensor from licensing under different terms from this License any Original Work that Licensor otherwise would have a right to license. 5) This section intentionally omitted. 6) Attribution Rights. You must retain, in the Source Code of any Derivative Works that You create, all copyright, patent or trademark notices from the Source Code of the Original Work, as well as any notices of licensing and any descriptive text identified therein as an "Attribution Notice." You must cause the Source Code for any Derivative Works that You create to carry a prominent Attribution Notice reasonably calculated to inform recipients that You have modified the Original Work. 7) Warranty of Provenance and Disclaimer of Warranty. Licensor warrants that the copyright in and to the Original Work and the patent rights granted herein by Licensor are owned by the Licensor or are sublicensed to You under the terms of this License with the permission of the contributor(s) of those copyrights and patent rights. Except as expressly stated in the immediately proceeding sentence, the Original Work is provided under this License on an "AS IS" BASIS and WITHOUT WARRANTY, either express or implied, including, without limitation, the warranties of NON-INFRINGEMENT, MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY OF THE ORIGINAL WORK IS WITH YOU. This DISCLAIMER OF WARRANTY constitutes an essential part of this License. No license to Original Work is granted hereunder except under this disclaimer. 8) Limitation of Liability. Under no circumstances and under no legal theory, whether in tort (including negligence), contract, or otherwise, shall the Licensor be liable to any person for any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or the use of the Original Work including, without limitation, damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses. This limitation of liability shall not apply to liability for death or personal injury resulting from Licensor's negligence to the extent applicable law prohibits such limitation. Some jurisdictions do not allow the exclusion or limitation of incidental or consequential damages, so this exclusion and limitation may not apply to You. 9) Acceptance and Termination. If You distribute copies of the Original Work or a Derivative Work, You must make a reasonable effort under the circumstances to obtain the express assent of recipients to the terms of this License. Nothing else but this License (or another written agreement between Licensor and You) grants You permission to create Derivative Works based upon the Original Work or to exercise any of the rights granted in Section 1 herein, and any attempt to do so except under the terms of this License (or another written agreement between Licensor and You) is expressly prohibited by U.S. copyright law, the equivalent laws of other countries, and by international treaty. Therefore, by exercising any of the rights granted to You in Section 1 herein, You indicate Your acceptance of this License and all of its terms and conditions. 10) Termination for Patent Action. This License shall terminate automatically and You may no longer exercise any of the rights granted to You by this License as of the date You commence an action, including a cross-claim or counterclaim, against Licensor or any licensee alleging that the Original Work infringes a patent. This termination provision shall not apply for an action alleging patent infringement by combinations of the Original Work with other software or hardware. 11) Jurisdiction, Venue and Governing Law. Any action or suit relating to this License may be brought only in the courts of a jurisdiction wherein the Licensor resides or in which Licensor conducts its primary business, and under the laws of that jurisdiction excluding its conflict-of-law provisions. The application of the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any use of the Original Work outside the scope of this License or after its termination shall be subject to the requirements and penalties of the U.S. Copyright Act, 17 U.S.C. § 101 et seq., the equivalent laws of other countries, and international treaty. This section shall survive the termination of this License. 12) Attorneys Fees. In any action to enforce the terms of this License or seeking damages relating thereto, the prevailing party shall be entitled to recover its costs and expenses, including, without limitation, reasonable attorneys' fees and costs incurred in connection with such action, including any appeal of such action. This section shall survive the termination of this License. 13) Miscellaneous. This License represents the complete agreement concerning the subject matter hereof. If any provision of this License is held to be unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. 14) Definition of "You" in This License. "You" throughout this License, whether in upper or lower case, means an individual or a legal entity exercising rights under, and complying with all of the terms of, this License. For legal entities, "You" includes any entity that controls, is controlled by, or is under common control with you. For purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. 15) Right to Use. You may use the Original Work in all ways not otherwise restricted or conditioned by this License or by law, and Licensor promises not to interfere with or be responsible for such uses by You. This license is Copyright (C) 2003-2004 Lawrence E. Rosen. All rights reserved. Permission is hereby granted to copy and distribute this license without modification. This license may not be modified without the express written permission of its copyright owner. -- END OF ACADEMIC FREE LICENSE. The following is intended to describe the essential differences between the Academic Free License (AFL) version 1.0 and other open source licenses: The Academic Free License is similar to the BSD, MIT, UoI/NCSA and Apache licenses in many respects but it is intended to solve a few problems with those licenses. * The AFL is written so as to make it clear what software is being licensed (by the inclusion of a statement following the copyright notice in the software). This way, the license functions better than a template license. The BSD, MIT and UoI/NCSA licenses apply to unidentified software. * The AFL contains a complete copyright grant to the software. The BSD and Apache licenses are vague and incomplete in that respect. * The AFL contains a complete patent grant to the software. The BSD, MIT, UoI/NCSA and Apache licenses rely on an implied patent license and contain no explicit patent grant. * The AFL makes it clear that no trademark rights are granted to the licensor's trademarks. The Apache license contains such a provision, but the BSD, MIT and UoI/NCSA licenses do not. * The AFL includes the warranty by the licensor that it either owns the copyright or that it is distributing the software under a license. None of the other licenses contain that warranty. All other warranties are disclaimed, as is the case for the other licenses. * The AFL is itself copyrighted (with the right granted to copy and distribute without modification). This ensures that the owner of the copyright to the license will control changes. The Apache license contains a copyright notice, but the BSD, MIT and UoI/NCSA licenses do not. debian/dbus.init0000664000000000000000000000537512435155162011030 0ustar #!/bin/sh ### BEGIN INIT INFO # Provides: dbus # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: # Short-Description: D-Bus systemwide message bus # Description: D-Bus is a simple interprocess messaging system, used # for sending messages between applications. ### END INIT INFO # -*- coding: utf-8 -*- # Debian init.d script for D-BUS # Copyright © 2003 Colin Walters # Copyright © 2005 Sjoerd Simons set -e DAEMON=/usr/bin/dbus-daemon UUIDGEN=/usr/bin/dbus-uuidgen UUIDGEN_OPTS=--ensure NAME=dbus DAEMONUSER=messagebus PIDDIR=/var/run/dbus PIDFILE=$PIDDIR/pid DESC="system message bus" test -x $DAEMON || exit 0 . /lib/lsb/init-functions # Source defaults file; edit that file to configure this script. PARAMS="" if [ -e /etc/default/dbus ]; then . /etc/default/dbus fi create_machineid() { # Create machine-id file if [ -x $UUIDGEN ]; then $UUIDGEN $UUIDGEN_OPTS fi } start_it_up() { if [ ! -d $PIDDIR ]; then mkdir -p $PIDDIR chown $DAEMONUSER $PIDDIR chgrp $DAEMONUSER $PIDDIR fi if ! mountpoint -q /proc/ ; then log_failure_msg "Can't start $DESC - /proc is not mounted" return fi if [ -e $PIDFILE ]; then if $0 status > /dev/null ; then log_success_msg "$DESC already started; not starting." return else log_success_msg "Removing stale PID file $PIDFILE." rm -f $PIDFILE fi fi create_machineid log_daemon_msg "Starting $DESC" "$NAME" start-stop-daemon --start --quiet --pidfile $PIDFILE \ --exec $DAEMON -- --system $PARAMS log_end_msg $? } shut_it_down() { log_daemon_msg "Stopping $DESC" "$NAME" start-stop-daemon --stop --retry 5 --quiet --oknodo --pidfile $PIDFILE \ --user $DAEMONUSER # We no longer include these arguments so that start-stop-daemon # can do its job even given that we may have been upgraded. # We rely on the pidfile being sanely managed # --exec $DAEMON -- --system $PARAMS log_end_msg $? rm -f $PIDFILE } reload_it() { create_machineid log_action_begin_msg "Reloading $DESC config" dbus-send --print-reply --system --type=method_call \ --dest=org.freedesktop.DBus \ / org.freedesktop.DBus.ReloadConfig > /dev/null # hopefully this is enough time for dbus to reload it's config file. log_action_end_msg $? } case "$1" in start) start_it_up ;; stop) shut_it_down ;; reload|force-reload) reload_it ;; restart) shut_it_down start_it_up ;; status) status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $? ;; *) echo "Usage: /etc/init.d/$NAME {start|stop|reload|restart|force-reload|status}" >&2 exit 2 ;; esac debian/watch0000664000000000000000000000013212240207265010215 0ustar version=3 http://dbus.freedesktop.org/releases/dbus/dbus-(\d+\.\d*[02468]\..*)\.tar\.gz debian/dbus-1-doc.doc-base.faq0000664000000000000000000000023112240207265013167 0ustar Document: dbus-faq Title: D-Bus FAQ Section: Programming Format: HTML Index: /usr/share/doc/dbus/dbus-faq.html Files: /usr/share/doc/dbus/dbus-faq.html debian/dbus.postrm0000664000000000000000000000024312240207265011372 0ustar #!/bin/sh set -e if [ "$1" = "purge" ] ; then rmdir /var/run/dbus || true rm -f /var/lib/dbus/machine-id rmdir /var/lib/dbus || true fi #DEBHELPER# exit 0 debian/dbus-x11.install0000664000000000000000000000011712240207265012123 0ustar debian/tmp/bin/dbus-launch usr/bin debian/tmp/usr/share/man/man1/dbus-launch.1 debian/dbus-1-doc.doc-base.api0000664000000000000000000000024012240207265013171 0ustar Document: dbus-api Title: libdbus API Reference Section: Programming/C Format: HTML Index: /usr/share/doc/dbus/api/index.html Files: /usr/share/doc/dbus/api/* debian/dbus-Xsession0000664000000000000000000000056012240207265011662 0ustar # $Id:$ # In order to activate the session bus at X session launch # simply place use-session-dbus into your /etc/X11/Xsession.options file # STARTDBUS= DBUSLAUNCH=/usr/bin/dbus-launch if has_option use-session-dbus; then if [ -x "$DBUSLAUNCH" ]; then STARTDBUS=yes fi fi if [ -n "$STARTDBUS" ]; then STARTUP="$DBUSLAUNCH --exit-with-session $STARTUP" fi debian/dbus.postinst0000664000000000000000000000406612240207265011740 0ustar #!/bin/sh # Copyright © 2003 Colin Walters # Copyright © 2006 Sjoerd Simons set -e MESSAGEUSER=messagebus MESSAGEHOME=/var/run/dbus LAUNCHER=/usr/lib/dbus-1.0/dbus-daemon-launch-helper if [ "$1" = configure ]; then adduser --system \ --quiet \ --home "$MESSAGEHOME" \ --no-create-home \ --disabled-password \ --group "$MESSAGEUSER" if ! dpkg-statoverride --list "$LAUNCHER" >/dev/null 2>&1; then chown root:"$MESSAGEUSER" "$LAUNCHER" chmod 4754 "$LAUNCHER" fi # This is idempotent, so it's OK to do every time. The system bus' init # script does this anyway, but you also have to do this before a session # bus will work, so we do this here for the benefit of people starting # a temporary session bus in a chroot dbus-uuidgen --ensure fi # Remove stop symlinks for runlevel 1 as killprocs already does the job for us. if [ "$1" = configure ] && dpkg --compare-versions "$2" lt-nl 1.2.24-1; then rm -f /etc/rc1.d/K??dbus fi if [ "$1" = configure ] && [ -n "$2" ]; then # On upgrades, we only reload config, and don't restart (restarting the # system bus is not supported by upstream). The code added by # dh_installinit -r creates a start action, below. PID=$(status "dbus" 2>/dev/null | awk '/[0-9]$/ { print $NF }') if [ -n "$PID" ]; then # trigger an update notification which recommends to reboot [ -x /usr/share/update-notifier/notify-reboot-required ] && \ /usr/share/update-notifier/notify-reboot-required || true fi # This is what the init script would do, but it's simpler (and less # dependent on sysvinit vs. Upstart) if we do it directly. # If it's not running (perhaps we're in a chroot) this will just fail # harmlessly, so there's no need to condition on status. dbus-send --print-reply --system --type=method_call \ --dest=org.freedesktop.DBus \ / org.freedesktop.DBus.ReloadConfig > /dev/null || true fi #DEBHELPER# debian/gbp.conf0000664000000000000000000000014312240207265010605 0ustar [DEFAULT] pristine-tar = True debian-branch = experimental upstream-branch = upstream-experimental debian/dbus-1-doc.install0000664000000000000000000000002312240207265012411 0ustar usr/share/doc/dbus debian/libdbus-1-dev.install0000664000000000000000000000031312240207265013113 0ustar debian/tmp/usr/include/dbus*/dbus/dbus*.h debian/tmp/usr/lib/*/dbus-1.0/include/dbus/dbus*.h debian/tmp/usr/lib/*/libdbus-1*.a debian/tmp/usr/lib/*/pkgconfig/dbus-1.pc debian/tmp/usr/lib/*/libdbus-1*.so debian/libdbus-1-3.symbols0000664000000000000000000002201612240207265012525 0ustar libdbus-1.so.3 libdbus-1-3 #MINVER# dbus_address_entries_free@Base 1.0.2 dbus_address_entry_get_method@Base 1.0.2 dbus_address_entry_get_value@Base 1.0.2 dbus_address_escape_value@Base 1.0.2 dbus_address_unescape_value@Base 1.0.2 dbus_bus_add_match@Base 1.0.2 dbus_bus_get@Base 1.0.2 dbus_bus_get_id@Base 1.1.1 dbus_bus_get_private@Base 1.0.2 dbus_bus_get_unique_name@Base 1.0.2 dbus_bus_get_unix_user@Base 1.0.2 dbus_bus_name_has_owner@Base 1.0.2 dbus_bus_register@Base 1.0.2 dbus_bus_release_name@Base 1.0.2 dbus_bus_remove_match@Base 1.0.2 dbus_bus_request_name@Base 1.0.2 dbus_bus_set_unique_name@Base 1.0.2 dbus_bus_start_service_by_name@Base 1.0.2 dbus_connection_add_filter@Base 1.0.2 dbus_connection_allocate_data_slot@Base 1.0.2 dbus_connection_borrow_message@Base 1.0.2 dbus_connection_can_send_type@Base 1.3.1 dbus_connection_close@Base 1.0.2 dbus_connection_dispatch@Base 1.0.2 dbus_connection_flush@Base 1.0.2 dbus_connection_free_data_slot@Base 1.0.2 dbus_connection_free_preallocated_send@Base 1.0.2 dbus_connection_get_adt_audit_session_data@Base 1.2.4 dbus_connection_get_data@Base 1.0.2 dbus_connection_get_dispatch_status@Base 1.0.2 dbus_connection_get_is_anonymous@Base 1.1.1 dbus_connection_get_is_authenticated@Base 1.0.2 dbus_connection_get_is_connected@Base 1.0.2 dbus_connection_get_max_message_size@Base 1.0.2 dbus_connection_get_max_message_unix_fds@Base 1.3.1 dbus_connection_get_max_received_size@Base 1.0.2 dbus_connection_get_max_received_unix_fds@Base 1.3.1 dbus_connection_get_object_path_data@Base 1.0.2 dbus_connection_get_outgoing_size@Base 1.0.2 dbus_connection_get_outgoing_unix_fds@Base 1.3.1 dbus_connection_get_server_id@Base 1.1.1 dbus_connection_get_socket@Base 1.0.2 dbus_connection_get_unix_fd@Base 1.0.2 dbus_connection_get_unix_process_id@Base 1.0.2 dbus_connection_get_unix_user@Base 1.0.2 dbus_connection_get_windows_user@Base 1.1.1 dbus_connection_has_messages_to_send@Base 1.0.2 dbus_connection_list_registered@Base 1.0.2 dbus_connection_open@Base 1.0.2 dbus_connection_open_private@Base 1.0.2 dbus_connection_pop_message@Base 1.0.2 dbus_connection_preallocate_send@Base 1.0.2 dbus_connection_read_write@Base 1.0.2 dbus_connection_read_write_dispatch@Base 1.0.2 dbus_connection_ref@Base 1.0.2 dbus_connection_register_fallback@Base 1.0.2 dbus_connection_register_object_path@Base 1.0.2 dbus_connection_remove_filter@Base 1.0.2 dbus_connection_return_message@Base 1.0.2 dbus_connection_send@Base 1.0.2 dbus_connection_send_preallocated@Base 1.0.2 dbus_connection_send_with_reply@Base 1.0.2 dbus_connection_send_with_reply_and_block@Base 1.0.2 dbus_connection_set_allow_anonymous@Base 1.1.1 dbus_connection_set_change_sigpipe@Base 1.0.2 dbus_connection_set_data@Base 1.0.2 dbus_connection_set_dispatch_status_function@Base 1.0.2 dbus_connection_set_exit_on_disconnect@Base 1.0.2 dbus_connection_set_max_message_size@Base 1.0.2 dbus_connection_set_max_message_unix_fds@Base 1.3.1 dbus_connection_set_max_received_size@Base 1.0.2 dbus_connection_set_max_received_unix_fds@Base 1.3.1 dbus_connection_set_route_peer_messages@Base 1.0.2 dbus_connection_set_timeout_functions@Base 1.0.2 dbus_connection_set_unix_user_function@Base 1.0.2 dbus_connection_set_wakeup_main_function@Base 1.0.2 dbus_connection_set_watch_functions@Base 1.0.2 dbus_connection_set_windows_user_function@Base 1.1.1 dbus_connection_steal_borrowed_message@Base 1.0.2 dbus_connection_try_register_fallback@Base 1.1.4 dbus_connection_try_register_object_path@Base 1.1.4 dbus_connection_unref@Base 1.0.2 dbus_connection_unregister_object_path@Base 1.0.2 dbus_error_free@Base 1.0.2 dbus_error_has_name@Base 1.0.2 dbus_error_init@Base 1.0.2 dbus_error_is_set@Base 1.0.2 dbus_free@Base 1.0.2 dbus_free_string_array@Base 1.0.2 dbus_get_local_machine_id@Base 1.0.2 dbus_get_version@Base 1.1.4 dbus_internal_do_not_use_create_uuid@Base 1.0.2 dbus_internal_do_not_use_get_uuid@Base 1.0.2 dbus_malloc0@Base 1.0.2 dbus_malloc@Base 1.0.2 dbus_message_allocate_data_slot@Base 1.0.2 dbus_message_append_args@Base 1.0.2 dbus_message_append_args_valist@Base 1.0.2 dbus_message_contains_unix_fds@Base 1.3.1 dbus_message_copy@Base 1.0.2 dbus_message_demarshal@Base 1.1.1 dbus_message_demarshal_bytes_needed@Base 1.2.14 dbus_message_free_data_slot@Base 1.0.2 dbus_message_get_args@Base 1.0.2 dbus_message_get_args_valist@Base 1.0.2 dbus_message_get_auto_start@Base 1.0.2 dbus_message_get_data@Base 1.0.2 dbus_message_get_destination@Base 1.0.2 dbus_message_get_error_name@Base 1.0.2 dbus_message_get_interface@Base 1.0.2 dbus_message_get_member@Base 1.0.2 dbus_message_get_no_reply@Base 1.0.2 dbus_message_get_path@Base 1.0.2 dbus_message_get_path_decomposed@Base 1.0.2 dbus_message_get_reply_serial@Base 1.0.2 dbus_message_get_sender@Base 1.0.2 dbus_message_get_serial@Base 1.0.2 dbus_message_get_signature@Base 1.0.2 dbus_message_get_type@Base 1.0.2 dbus_message_has_destination@Base 1.0.2 dbus_message_has_interface@Base 1.0.2 dbus_message_has_member@Base 1.0.2 dbus_message_has_path@Base 1.0.2 dbus_message_has_sender@Base 1.0.2 dbus_message_has_signature@Base 1.0.2 dbus_message_is_error@Base 1.0.2 dbus_message_is_method_call@Base 1.0.2 dbus_message_is_signal@Base 1.0.2 dbus_message_iter_abandon_container@Base 1.2.16 dbus_message_iter_append_basic@Base 1.0.2 dbus_message_iter_append_fixed_array@Base 1.0.2 dbus_message_iter_close_container@Base 1.0.2 dbus_message_iter_get_arg_type@Base 1.0.2 dbus_message_iter_get_array_len@Base 1.0.2 dbus_message_iter_get_basic@Base 1.0.2 dbus_message_iter_get_element_type@Base 1.0.2 dbus_message_iter_get_fixed_array@Base 1.0.2 dbus_message_iter_get_signature@Base 1.0.2 dbus_message_iter_has_next@Base 1.0.2 dbus_message_iter_init@Base 1.0.2 dbus_message_iter_init_append@Base 1.0.2 dbus_message_iter_next@Base 1.0.2 dbus_message_iter_open_container@Base 1.0.2 dbus_message_iter_recurse@Base 1.0.2 dbus_message_lock@Base 1.2.14 dbus_message_marshal@Base 1.1.1 dbus_message_new@Base 1.0.2 dbus_message_new_error@Base 1.0.2 dbus_message_new_error_printf@Base 1.0.2 dbus_message_new_method_call@Base 1.0.2 dbus_message_new_method_return@Base 1.0.2 dbus_message_new_signal@Base 1.0.2 dbus_message_ref@Base 1.0.2 dbus_message_set_auto_start@Base 1.0.2 dbus_message_set_data@Base 1.0.2 dbus_message_set_destination@Base 1.0.2 dbus_message_set_error_name@Base 1.0.2 dbus_message_set_interface@Base 1.0.2 dbus_message_set_member@Base 1.0.2 dbus_message_set_no_reply@Base 1.0.2 dbus_message_set_path@Base 1.0.2 dbus_message_set_reply_serial@Base 1.0.2 dbus_message_set_sender@Base 1.0.2 dbus_message_set_serial@Base 1.2.14 dbus_message_type_from_string@Base 1.0.2 dbus_message_type_to_string@Base 1.0.2 dbus_message_unref@Base 1.0.2 dbus_move_error@Base 1.0.2 dbus_parse_address@Base 1.0.2 dbus_pending_call_allocate_data_slot@Base 1.0.2 dbus_pending_call_block@Base 1.0.2 dbus_pending_call_cancel@Base 1.0.2 dbus_pending_call_free_data_slot@Base 1.0.2 dbus_pending_call_get_completed@Base 1.0.2 dbus_pending_call_get_data@Base 1.0.2 dbus_pending_call_ref@Base 1.0.2 dbus_pending_call_set_data@Base 1.0.2 dbus_pending_call_set_notify@Base 1.0.2 dbus_pending_call_steal_reply@Base 1.0.2 dbus_pending_call_unref@Base 1.0.2 dbus_realloc@Base 1.0.2 dbus_server_allocate_data_slot@Base 1.0.2 dbus_server_disconnect@Base 1.0.2 dbus_server_free_data_slot@Base 1.0.2 dbus_server_get_address@Base 1.0.2 dbus_server_get_data@Base 1.0.2 dbus_server_get_id@Base 1.1.1 dbus_server_get_is_connected@Base 1.0.2 dbus_server_listen@Base 1.0.2 dbus_server_ref@Base 1.0.2 dbus_server_set_auth_mechanisms@Base 1.0.2 dbus_server_set_data@Base 1.0.2 dbus_server_set_new_connection_function@Base 1.0.2 dbus_server_set_timeout_functions@Base 1.0.2 dbus_server_set_watch_functions@Base 1.0.2 dbus_server_unref@Base 1.0.2 dbus_set_error@Base 1.0.2 dbus_set_error_const@Base 1.0.2 dbus_set_error_from_message@Base 1.0.2 dbus_shutdown@Base 1.0.2 dbus_signature_iter_get_current_type@Base 1.0.2 dbus_signature_iter_get_element_type@Base 1.0.2 dbus_signature_iter_get_signature@Base 1.0.2 dbus_signature_iter_init@Base 1.0.2 dbus_signature_iter_next@Base 1.0.2 dbus_signature_iter_recurse@Base 1.0.2 dbus_signature_validate@Base 1.0.2 dbus_signature_validate_single@Base 1.0.2 dbus_threads_init@Base 1.0.2 dbus_threads_init_default@Base 1.0.2 dbus_timeout_get_data@Base 1.0.2 dbus_timeout_get_enabled@Base 1.0.2 dbus_timeout_get_interval@Base 1.0.2 dbus_timeout_handle@Base 1.0.2 dbus_timeout_set_data@Base 1.0.2 dbus_type_is_basic@Base 1.0.2 dbus_type_is_container@Base 1.0.2 dbus_type_is_fixed@Base 1.0.2 dbus_type_is_valid@Base 1.5.0 dbus_validate_bus_name@Base 1.5.12 dbus_validate_error_name@Base 1.5.12 dbus_validate_interface@Base 1.5.12 dbus_validate_member@Base 1.5.12 dbus_validate_path@Base 1.5.12 dbus_validate_utf8@Base 1.5.12 dbus_watch_get_data@Base 1.0.2 dbus_watch_get_enabled@Base 1.0.2 dbus_watch_get_fd@Base 1.0.2 dbus_watch_get_flags@Base 1.0.2 dbus_watch_get_socket@Base 1.1.1 dbus_watch_get_unix_fd@Base 1.1.1 dbus_watch_handle@Base 1.0.2 dbus_watch_set_data@Base 1.0.2 debian/dbus.upstart0000664000000000000000000000075112240207265011554 0ustar # dbus - D-Bus system message bus # # The D-Bus system message bus allows system daemons and user applications # to communicate. description "D-Bus system message bus" start on local-filesystems stop on deconfiguring-networking expect fork respawn pre-start script mkdir -p /var/run/dbus chown messagebus:messagebus /var/run/dbus exec dbus-uuidgen --ensure end script exec dbus-daemon --system --fork post-start exec kill -USR1 1 post-stop exec rm -f /var/run/dbus/pid debian/clean0000664000000000000000000000002112240207265010166 0ustar doc/dbus.devhelp debian/dbus-x11.lintian-overrides0000664000000000000000000000017612240207265014120 0ustar # false positive: we only say dbus when talking about a package name dbus-x11: capitalization-error-in-description dbus D-Bus debian/rules0000775000000000000000000000736212240207265010260 0ustar #!/usr/bin/make -f # Copyright © 2002,2003 Colin Walters # Copyright © 2003 Daniel Stone # Copyright © 2006 Sjoerd Simons # Copyright © 2011 Michael Biebl include /usr/share/dpkg/default.mk %: dh $@ --builddirectory=build --with autoreconf --parallel libdbusN := $(shell sed -rn 's/Package:[[:space:]]*(libdbus-[0-9-]+)[[:space:]]*$$/\1/p' debian/control | head -n 1) libdbus_soname := $(patsubst libdbus-1-%,libdbus-1.so.%,$(libdbusN)) LDFLAGS += -Wl,--as-needed common_configure_flags := \ --disable-silent-rules \ --disable-libaudit \ --enable-apparmor \ --enable-systemd \ --enable-installed-tests \ --libexecdir=\$${prefix}/lib/dbus-1.0 \ --with-systemdsystemunitdir=/lib/systemd/system \ $(NULL) # the stage stuff isn't needed yet, because the testsuite isn't run by default #ifeq ($(DEB_STAGE),stage1) # common_configure_flags += --disable-tests #else # debug_configure_flags = --enable-tests #endif common_configure_flags += --disable-tests #debug_configure_flags = --enable-tests override_dh_auto_configure: dh_auto_configure \ -- \ $(common_configure_flags) \ --exec-prefix=/ \ --enable-xml-docs \ --enable-doxygen-docs \ --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \ $(NULL) dh_auto_configure \ --builddirectory=build-debug \ -- \ $(common_configure_flags) \ $(debug_configure_flags) \ --disable-xml-docs \ --disable-doxygen-docs \ --enable-asserts \ --enable-checks \ --enable-verbose-mode \ --prefix=/usr/lib/$(DEB_HOST_MULTIARCH)/dbus-1.0/debug-build \ --libdir='$${prefix}/lib' \ $(NULL) override_dh_auto_build: dh_auto_build dh_auto_build --builddirectory=build-debug # tests need more environmental setup at the moment override_dh_auto_test: : override_dh_auto_install: dh_auto_install make -C build-debug install-exec DESTDIR=$(CURDIR)/debian/tmp override_dh_link: dh_link -plibdbus-1-dev lib/$(DEB_HOST_MULTIARCH)/$$(basename $$(readlink debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libdbus-1.so)) usr/lib/$(DEB_HOST_MULTIARCH)/libdbus-1.so dh_link --remaining-packages # if bootstrapping (without dbus-glib), no tests will get installed - create # the directory in case that's happened, so the .install file doesn't need # modification override_dh_install: install -d debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/dbus-1.0/test rm -f debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libdbus-1.la rm -f debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/dbus-1.0/debug-build/lib/libdbus-1.la dh_install -p$(libdbusN) \ "usr/lib/$(DEB_HOST_MULTIARCH)/$(libdbus_soname)*" \ lib/$(DEB_HOST_MULTIARCH) dh_install --remaining-packages --list-missing install -m 644 -D debian/dbus-Xsession debian/dbus-x11/etc/X11/Xsession.d/75dbus_dbus-launch install -m 644 -D debian/dbus.user-session.upstart debian/dbus/usr/share/upstart/sessions/dbus.conf override_dh_installinit: dh_installinit -pdbus -r -- start 12 2 3 4 5 . # we don't want docs for the debug symbols, just symlink to the library docs override_dh_installdocs: dh_installdocs -pdbus-1-dbg --link-doc=$(libdbusN) dh_installdocs --remaining-packages --all AUTHORS NEWS README override_dh_strip: dh_strip --dbg-package=dbus-1-dbg override_dh_makeshlibs: dh_makeshlibs -V -Ndbus-1-dbg override_dh_autoreconf: cp INSTALL INSTALL.orig dh_autoreconf mv INSTALL.orig INSTALL override_dh_autoreconf_clean: cp INSTALL INSTALL.orig dh_autoreconf_clean mv INSTALL.orig INSTALL override_dh_auto_clean: dh_auto_clean dh_auto_clean --builddirectory=build-debug rm -f build/test/data/valid-config-files/session.conf rm -f build/test/data/valid-config-files/system.conf rm -f build-debug/test/data/valid-config-files/session.conf rm -f build-debug/test/data/valid-config-files/system.conf rm -f dbus.devhelp debian/dbus-1-dbg.install0000664000000000000000000000017712240207265012412 0ustar debian/tmp/usr/lib/*/dbus-1.0/test debian/tmp/usr/lib/*/dbus-1.0/debug-build/bin debian/tmp/usr/lib/*/dbus-1.0/debug-build/lib