lp://staging/ubuntu/dapper-security/dbus

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

24. By Marc Deslauriers on 2009-07-06

* SECURITY UPDATE: Signature spoofing via incorrect logic
  - debian/patches/84-security-CVE-2009-1189.patch: fix logic in
    dbus/dbus-marshal-validate.c and fix test in
    dbus/dbus-marshal-validate-util.c.
  - CVE-2009-1189

23. By Kees Cook on 2008-10-13

* SECURITY UPDATE: policy bypass with NULL interfaces.
  - Add 82-NULL-policy-bypass.patch: upstream fixes.
  - CVE-2008-0595
* SECURITY UPDATE: application crash via corrupt signatures.
  - Add 83-signature-validation.patch: upstream fixes.
  - CVE-2008-3834

22. By Kees Cook on 2006-12-13

* SECURITY UPDATE: denial of service, dbus can be made to ignore
  registered matches for other local users.
* Add debian/patches/match_removal.patch: fix from upstream CVS.
* References
  http://webcvs.freedesktop.org/dbus/dbus/bus/signals.c?r1=1.14&r2=1.14.2.1&view=patch&pathrev=DBUS_1_0
  CVE-2006-6107

21. By Sebastian Dröge on 2006-05-15

Add a small hack to debian/rules to get us the content for the
monodoc-dbus-1-manual package. (Ubuntu: #44449)

20. By Sebastian Dröge on 2006-05-14

* debian/dbus.preinst:
  - Fix typo to finally really remove the
    /etc/X11/Xsession.d/75dbus-1-utils_dbus-launch duplicate

19. By Sebastian Dröge on 2006-03-29

* debian/patches/dbus-python-service-py-typo.diff:
  + Fix typo in a variable name in service.py (Closes: Malone #30043)
* debian/dbus.preinst:
  + Remove /etc/X11/Xsession.d/75dbus-1-utils_dbus-launch when we update
    from something lower than 0.60-6ubuntu6, not only for updates from below
    0.50-2. (Closes: Malone #31998)

18. By Martin Pitt on 2006-03-15

* debian/dbus.{install,postinst}: Install dbus-foreground-console into
  /usr/lib/dbus-1.0, not into /usr/bin, since it's not supposed (and
  possible) to call as normal user.
* debian/patches/dbus-change-at-console-policy.patch:
  - Change default path of dbus-foreground-console to /usr/lib/dbus-1.0/.
  - Use fork/exec instead of system() to call dbus-foreground-console; this
    avoids invoking the shell and nasty shell errors if it cannot be
    executed (like in the test suite).
  - Do not set a dbus error if dbus-foreground-console could be successfully
    called, but returns 0 (i. e. it could not determine a dbus console).
    This broke dbus clients like hal if there was no foreground console (on
    headless machines, for example).

17. By Martin Pitt on 2006-03-03

* Add debian/patches/dbus-poll-hang.patch:
  - Check to see if our data has already been read off the connection by
    another blocking pending call before we block in poll.
    (check_for_reply_and_update_dispatch_unlocked): Code taken from
    _dbus_connection_block_pending_call - checks for an already read reply and
    updates the dispatch if there is one.
  - This fixes e. g. the long startup hang of hal-device-manager.
    (Malone #31517)
  - Patch taken from upstream CVS.

16. By Sebastian Dröge on 2006-02-28

Remove DEB_AUTO_UPDATE_AUTOCONF line from debian/rules to fix FTBFS

15. By Martin Pitt on 2006-02-28

* Remove unnecessary libgtk-cil build dependency.
* debian/rules: Disable DEB_AUTO_UPDATE_AUTOCONF to fix FTBFS.