head 1.6; access; symbols pkgsrc-2025Q2:1.5.0.66 pkgsrc-2025Q2-base:1.5 pkgsrc-2025Q1:1.5.0.64 pkgsrc-2025Q1-base:1.5 pkgsrc-2024Q4:1.5.0.62 pkgsrc-2024Q4-base:1.5 pkgsrc-2024Q3:1.5.0.60 pkgsrc-2024Q3-base:1.5 pkgsrc-2024Q2:1.5.0.58 pkgsrc-2024Q2-base:1.5 pkgsrc-2024Q1:1.5.0.56 pkgsrc-2024Q1-base:1.5 pkgsrc-2023Q4:1.5.0.54 pkgsrc-2023Q4-base:1.5 pkgsrc-2023Q3:1.5.0.52 pkgsrc-2023Q3-base:1.5 pkgsrc-2023Q2:1.5.0.50 pkgsrc-2023Q2-base:1.5 pkgsrc-2023Q1:1.5.0.48 pkgsrc-2023Q1-base:1.5 pkgsrc-2022Q4:1.5.0.46 pkgsrc-2022Q4-base:1.5 pkgsrc-2022Q3:1.5.0.44 pkgsrc-2022Q3-base:1.5 pkgsrc-2022Q2:1.5.0.42 pkgsrc-2022Q2-base:1.5 pkgsrc-2022Q1:1.5.0.40 pkgsrc-2022Q1-base:1.5 pkgsrc-2021Q4:1.5.0.38 pkgsrc-2021Q4-base:1.5 pkgsrc-2021Q3:1.5.0.36 pkgsrc-2021Q3-base:1.5 pkgsrc-2021Q2:1.5.0.34 pkgsrc-2021Q2-base:1.5 pkgsrc-2021Q1:1.5.0.32 pkgsrc-2021Q1-base:1.5 pkgsrc-2020Q4:1.5.0.30 pkgsrc-2020Q4-base:1.5 pkgsrc-2020Q3:1.5.0.28 pkgsrc-2020Q3-base:1.5 pkgsrc-2020Q2:1.5.0.24 pkgsrc-2020Q2-base:1.5 pkgsrc-2020Q1:1.5.0.4 pkgsrc-2020Q1-base:1.5 pkgsrc-2019Q4:1.5.0.26 pkgsrc-2019Q4-base:1.5 pkgsrc-2019Q3:1.5.0.22 pkgsrc-2019Q3-base:1.5 pkgsrc-2019Q2:1.5.0.20 pkgsrc-2019Q2-base:1.5 pkgsrc-2019Q1:1.5.0.18 pkgsrc-2019Q1-base:1.5 pkgsrc-2018Q4:1.5.0.16 pkgsrc-2018Q4-base:1.5 pkgsrc-2018Q3:1.5.0.14 pkgsrc-2018Q3-base:1.5 pkgsrc-2018Q2:1.5.0.12 pkgsrc-2018Q2-base:1.5 pkgsrc-2018Q1:1.5.0.10 pkgsrc-2018Q1-base:1.5 pkgsrc-2017Q4:1.5.0.8 pkgsrc-2017Q4-base:1.5 pkgsrc-2017Q3:1.5.0.6 pkgsrc-2017Q3-base:1.5 pkgsrc-2017Q2:1.5.0.2 pkgsrc-2017Q2-base:1.5 pkgsrc-2015Q2:1.3.0.10 pkgsrc-2015Q2-base:1.3 pkgsrc-2015Q1:1.3.0.8 pkgsrc-2015Q1-base:1.3 pkgsrc-2014Q4:1.3.0.6 pkgsrc-2014Q4-base:1.3 pkgsrc-2014Q3:1.3.0.4 pkgsrc-2014Q3-base:1.3 pkgsrc-2014Q2:1.3.0.2 pkgsrc-2014Q2-base:1.3 pkgsrc-2013Q2:1.2.0.4 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.2 pkgsrc-2012Q4-base:1.2 pkgsrc-2012Q3:1.1.0.2 pkgsrc-2012Q3-base:1.1; locks; strict; comment @# @; 1.6 date 2025.08.01.20.58.52; author wiz; state dead; branches; next 1.5; commitid ENR6HiaNTzTTp45G; 1.5 date 2017.05.23.15.12.57; author jperkin; state Exp; branches; next 1.4; commitid wYScr4trXe00GwSz; 1.4 date 2015.08.30.15.08.00; author wiz; state dead; branches; next 1.3; commitid Lp42pCws3GZRXizy; 1.3 date 2014.06.14.21.57.34; author wiz; state Exp; branches; next 1.2; commitid iFJX1D98Y8hdrxEx; 1.2 date 2012.10.07.21.35.14; author wiz; state dead; branches; next 1.1; 1.1 date 2012.08.09.10.21.19; author jperkin; state Exp; branches; next ; desc @@ 1.6 log @dbus: update to 1.16.2. Based in wip/dbus, tested by pin@@ dbus 1.16.2 (2025-02-27) ======================== Build system: • The branch used for development releases has been renamed to `main`. Please see CONTRIBUTING.md for details of how to update existing checkouts. (dbus#530, Simon McVittie) Bug fixes: • On Linux, fix build regression with libselinux ≥ 3.8 and verbose mode enabled (Debian#1096212, dbus!511; Simon McVittie) Internal changes: • Documentation updates dbus 1.16.0 (2024-12-16) ======================== The “one hundred pink frogs” release. 1.16.x is a new stable branch, superseding 1.14.x. Summary of major changes between 1.14.x and 1.16.0 -------------------------------------------------- Build system and dependencies: • The Meson build system is the recommended way to build dbus on Unix. This requires Meson 0.56 and Python 3.5. · Projects that depend on libdbus can build it as a Meson subproject. See tests/use-as-subproject/meson.build for suggested build options. • CMake continues to be available as an alternative build system, and is recommended on Windows. This requires CMake 3.10. • A C99 compiler such as gcc, clang, or Visual Studio 2015 is required. A C11 compiler such as gcc, clang, or Visual Studio 2019 is recommended. • On platforms with larger-than-64-bit pointers, a C11 compiler is required Behaviour changes: • As a result of the move from Autotools to Meson as the recommended build system on Unix, the names of all build-time options have changed. Not all Meson options are a 1:1 replacement for their closest equivalent in Autotools, so the options used for a dbus build should be reviewed. • If `meson install` is run as root, and traditional (non-systemd) activation is enabled, the ownership and setuid permission of dbus-daemon-launch-helper are not set automatically. This is not the same as the historical behaviour of the Autotools build system, which would set the ownership and permissions automatically if run as uid 0. The ownership and permissions must now be set by OS distribution packaging, or as a manual post-installation step if dbus is installed directly without going via a packaging system (which is not recommended). • On Unix, the well-known system bus socket is in the runtime state directory by default (normally /run) (see 1.15.4 for more details) • On Linux with systemd, dbus-daemon starts as the target user/group (retaining CAP_AUDIT_WRITE) instead of starting as root and dropping privileges Feature removals: • Autotools build system • pam_console/pam_foreground integration (Autotools --with-console-auth, CMake -DDBUS_CONSOLE_AUTH_DIR) New features and significant bug fixes: • ProcessFD in GetConnectionCredentials() on Linux (see 1.15.8 for more details) • On Unix, the system message bus now loads .service files from /etc and /run • Use close_range() to close unwanted file descriptors or mark them close-on-exec, if available • Use 64-bit timestamps internally on 32-bit platforms, for Y2038 safety • Use APIs that can return 64-bit timestamps and inode numbers on 32-bit glibc • AF_UNIX sockets are available on sufficiently recent Windows • dbus-send can send arrays of variants, variant values in dictionaries, and nested variants • Portability to CPU architectures with larger-than-64-bit pointers Changes since 1.15.92 release candidate --------------------------------------- Dependencies: • Building with CMake now requires CMake ≥ 3.10. Bug fixes: • Avoid deprecation warnings with newer Meson versions (dbus!507, Simon McVittie) • Avoid deprecation warnings with newer CMake versions (dbus#541, Ralf Habacker) Tests and CI enhancements: • When building with CMake, set the same environment variables as Meson. This improves test coverage. (dbus#533, Ralf Habacker) • Remove a remaining reference to Debian 11, which is EOL (dbus!508, Simon McVittie) dbus 1.15.92 (2024-12-11) ========================= The "future flyer" release. This is a second release-candidate for the new dbus 1.16.x stable branch. Build-time configuration changes: • When building with Meson, the embedded_tests option has been renamed to intrusive_tests. This option adds test instrumentation in libdbus and dbus-daemon, which reduces performance and is not secure. For production builds of dbus in OS distributions, it must be false (-Dintrusive_tests=false, which is the default) During development, it should be set true (-Dintrusive_tests=true) for full test coverage. (dbus#537, Simon McVittie) • Similarly, when building with CMake, the DBUS_BUILD_TESTS option no longer enables intrusive test instrumentation. A new option -DDBUS_ENABLE_INTRUSIVE_TESTS=ON is equivalent to the Meson build system's -Dintrusive_tests=true. Bug fixes: • If a DBusWatch callback fails because there is insufficient memory, make sure to retry it within a finite time (dbus#536, Petr Malat) • On macOS with launchd enabled, if the session bus launchd integration is not correctly configured, don't treat that as a fatal error that prevents connecting to the system bus (dbus#510, Mohamed Akram) • If intrusive test instrumentation is enabled, older versions of dbus would simulate an out-of-memory condition once per 2**32 allocations, even if not specifically requested. This is no longer done. (dbus#535, Simon McVittie) • Fix compilation on non-Linux platforms with glibc, such as Debian GNU/Hurd (dbus#539, Simon McVittie) • Avoid test failures with non-trivial NSS modules, similar to dbus#256 (dbus#540, Simon McVittie) • When built with CMake, make paths in DBus1Config relocatable (dbus!499, Ralf Habacker) dbus 1.15.90 (2024-12-06) ========================= The “futuristic flyer” release. This is a release-candidate for the new dbus 1.16.x stable branch. Build-time configuration changes: • The experimental Containers1 interface has been removed from this branch. It is incomplete and not ready for production use, and has been compile-time-disabled and impossible to enable without patching since 1.13.20. To reduce confusion, delete the code completely. It remains present on the git `main` branch for 1.17.x, and will hopefully be reinstated during the 1.17.x cycle. (dbus!488, dbus!490; Simon McVittie) Bug fixes: • Fix the Devhelp index for API documentation (dbus!486, Simon McVittie) • Fix detection of socketpair() on Solaris 10 (dbus#531, Simon McVittie) • Avoid undefined signed integer overflow when calculating hash table indexes (dbus!487, Jami Kettunen) dbus 1.15.12 (2024-10-29) ========================= Enhancements: • D-Bus Specification 0.43: · Recommend loading system services from /etc/dbus-1/system-services and /run/dbus-1/system-services (dbus!467, Luca Boccassi) · Reorganise documentation of the message bus to make it easier to add new interfaces (dbus!472, Simon McVittie) · Document o.fd.DBus.Debug.Stats interface (dbus!472, Simon McVittie) · Document o.fd.DBus.Verbose interface (dbus!472, Simon McVittie) · Formatting improvements (dbus!471, dbus!472; Simon McVittie) · Don't imply that all clients need to support obsolete message bus implementations (dbus!471, Simon McVittie) • API design advice: · Document typical approaches to emulating nullable types in the D-Bus type system (dbus!446, Zeeshan Ali Khan) • On Unix, additionally load system services from: · /etc/dbus-1/system-services, reserved for use by either the local system administrator, or software such as asset managers and configuration management frameworks acting on their behalf · /run/dbus-1/system-services, for ephemeral services (dbus!467, Luca Boccassi) Bug fixes: • Increase file descriptor soft limit to hard limit before testing file descriptor passing, and correctly skip the test for flooding the bus with fds when the limit is too low, fixing test failures on Solaris (dbus#176, Alan Coopersmith) • When building API documentation with Doxygen, always generate a working link in the index HTML page (dbus#519, dbus!470; Ralf Habacker, Simon McVittie) • When building with Meson, add (more) test dependencies so that 'meson test' does not always need to be preceded by 'meson compile' (dbus!468, Simon McVittie) • When installing with Meson, don't fail if we are installing as root but the user/group that will own the setuid dbus-daemon-launch-helper do not yet exist (dbus#492, Jordan Williams) • When building with Meson on Solaris, fix detection and build of Solaris audit API integration (dbus!477, Alan Coopersmith) • Fix service activation timeouts when built with embedded tests (test instrumentation) and run on a platform with a large file descriptor limit (dbus#527, Simon McVittie) • Fix test failures on platforms where deleting the current working directory is not allowed, such as Solaris (dbus!480, Alan Coopersmith) Internal changes: • CI fixes (dbus!474, Simon McVittie) dbus 1.15.10 (2024-09-25) ========================= Build-time configuration changes: • The Autotools build system has been removed. Its replacement is Meson. (dbus#443, Ralf Habacker) Enhancements: • Use 64-bit timestamps internally. This will allow 32-bit builds of libdbus to continue working after 2038 if there is OS-level support for 64-bit time_t, either opt-in (as on 32-bit glibc systems) or by default. (dbus!444, Alexander Kanavin) • When building with CMake, build more HTML documentation (dbus#504, Ralf Habacker) Bug fixes: • Don't crash if configured to watch more than 128 directories with inotify (dbus#481, hongjinghao) • Never add (uid_t) -1, (gid_t) -1 or (pid_t) 0 to credentials (dbus!464, Alyssa Ross) • Fix a regression since 1.15.0 for "autolaunch:" on Windows (dbus#503, Thomas Sondergaard) • When building with Meson, don't use stdatomic.h if it exists but is non-functional, for example under Visual Studio 2022 (dbus#494, Thomas Sondergaard) • When building with Meson, add test dependencies so that 'meson test' does not always need to be preceded by 'meson compile' (dbus!465, Alyssa Ross) • When building with Meson, really enable launchd if appropriate (dbus!463, Alyssa Ross) • In the test suite, use a more widely-implemented group name 'tty' in preference to 'bin' (dbus#514, Alyssa Ross) • Ensure that `dbus-test-tool spam` options cannot leave the payload length uninitialized (dbus!469, Simon McVittie) • Fix compiler warnings with gcc 14 (dbus!469, Simon McVittie) Documentation: • Clarify ownership transfer of pending call in dbus_connection_send_with_reply() (dbus!455, Wiebe Cazemier) • Explicitly document dbus-send exit status (dbus#452, Philip Withnall) • Refer to d-spy in preference to unmaintaned D-Feet (dbus!460, Ludovico de Nittis) • Update URL to Bustle tool (dbus!460, Ludovico de Nittis) Internal changes: • Replace _dbus_string_append_int(), _dbus_string_append_uint() with calls to _dbus_string_append_printf() (dbus!445, Simon McVittie) • Clean up unused macros in CMake build (dbus!463, Alyssa Ross) • Internal CI changes (dbus#487, dbus#488, dbus#489, dbus#509; Ralf Habacker, Simon McVittie) dbus 1.15.8 (2023-08-21) ======================== Build-time configuration changes: • For this version of dbus, Meson is the recommended build system for all Unix platforms. CMake continues to be recommended for Windows, but this recommendation might change to Meson in a future release, so please test the Meson build. See INSTALL for details. • Autotools-generated files are no longer included in the tarball release. The Autotools build system is likely to be removed in a future dbus release, so Autotools users should migrate to Meson as soon as possible. It is still possible to build using Autotools, by following the same procedure as for a git clone (starting with the `./autogen.sh` script). Enhancements: • D-Bus Specification 0.42: · GetConnectionCredentials can return ProcessFD (dbus!420, dbus!398; Luca Boccassi) • On Linux with sufficiently new glibc and kernel headers, report a pinned process file descriptor (pidfd) as the ProcessFD member of the GetConnectionCredentials() result (dbus!420, dbus!398; Luca Boccassi) • On Linux with systemd, start as the target user/group (retaining CAP_AUDIT_WRITE to preserve the ability to write to the audit log), instead of starting as root and dropping privileges (dbus!399, Luca Boccassi) • On 32-bit glibc systems, opt-in to 64-bit timestamps if possible. This will allow 32-bit builds of libdbus to continue working after 2038. (dbus#465, Simon McVittie) • On 32-bit glibc systems when built with CMake, also opt-in to large file sizes, offsets and inode numbers, as was done for Autotools since 1.12.x and Meson since the Meson build was introduced (dbus#465, fd.o #93545; Simon McVittie) • Avoid known dbus-daemon options being interpreted as optional arguments (dbus#467, Xin Shi) • If libdbus is a Meson subproject in a larger project, announce it as an implementation of the dbus-1 dependency (dbus!415, Barnabás Pőcze) • When built with CMake, get the version number from Meson instead of Autotools, in preparation for the Autotools build system being removed (dbus!382, Ralf Habacker) • When built with Meson, disable some unwanted warnings when either assertions or checks is disabled (dbus!412, Simon McVittie) • Use C11 if possible (dbus!431, Simon McVittie) • Expand coverage of SPDX/REUSE copyright/license information (dbus!427, Simon McVittie) • On Linux, let dbus-daemon start up successfully (with a warning) if inotify initialization fails, even if DBUS_FATAL_WARNINGS=1 is present in the environment (dbus#473, Simon McVittie) • On Unix, provide a better error message when looking up a user by name or user ID fails (dbus!442, Simon McVittie) Bug fixes: • Avoid a dbus-daemon crash if re-creating a connection's policy fails. If it isn't possible to re-create its policy (for example if it belongs to a user account that has been deleted or if the Name Service Switch is broken, on a system not supporting SO_PEERGROUPS), we now log a warning, continue to use its current policy, and continue to reload other connections' policies. (dbus#343; Peter Benie, Simon McVittie) • If getting the groups from a user ID fails, report the error correctly, instead of logging "(null)" (dbus#343, Simon McVittie) • Return the primary group ID in GetConnectionCredentials()' UnixGroupIDs field for processes with a valid-but-empty supplementary group list (dbus!422, cptpcrd) • `sudo meson install` without a DESTDIR is now possible, although strongly discouraged on production systems (dbus#436, Simon McVittie) • Fix a Meson deprecation warning (dbus#439, Simon McVittie) Tests and CI enhancements: • Internal CI changes (dbus#455, dbus!414, dbus#468, dbus#469, dbus!424, dbus!430, dbus#436, dbus#470; Ralf Habacker, Simon McVittie) dbus 1.15.6 (2023-06-06) ======================== Denial-of-service fixes: • Fix an assertion failure in dbus-daemon when a privileged Monitoring connection (dbus-monitor, busctl monitor, gdbus monitor or similar) is active, and a message from the bus driver cannot be delivered to a client connection due to rules or outgoing message quota. This is a denial of service if triggered maliciously by a local attacker. (dbus#457; hongjinghao, Simon McVittie) Enhancements: • Special-case reading pseudo-files from Linux /proc to take into account the filesystem's unusual semantics (dbus!401, Luca Boccassi) Other fixes: • Fix compilation on compilers not supporting __FUNCTION__ (dbus!404, Barnabás Pőcze) • Fix some memory leaks on out-of-memory conditions (dbus!403, Barnabás Pőcze) • Documentation: · Update the README to recommend building with Meson (dbus!402, Ahmed Abdelfattah) · Fix syntax of a code sample in dbus-api-design (dbus!396; Yen-Chin, Lee) • CMake build fixes: · Detect presence of (dbus!400, Luca Boccassi) Tests and CI enhancements: • Fix CI pipelines after freedesktop/freedesktop#540 (dbus!405, dbus#456; Simon McVittie) • Ensure the messagebus user is created if necessary (dbus#445, Ralf Habacker) dbus 1.15.4 (2023-02-08) ======================== Dependencies: • Building with CMake now requires CMake ≥ 3.9. Build-time configuration changes: • On Unix platforms, a path in the runtime state directory (often /run) is now used for the well-known system bus socket by default. OS distributors should check that the path used is equivalent to the interoperable path /var/run/dbus/system_bus_socket, especially if running on an OS where /var/run is not guaranteed to be a symbolic link to /run. (dbus#180; Issam E. Maghni, Simon McVittie) · With Autotools, this is controlled by --runstatedir, which defaults to ${localstatedir}/run but is often set to /run by OS distributors. The path to the system bus socket can be overridden with the --with-system-socket option if required. · With CMake, this is controlled by the RUNSTATEDIR option, which has behaviour similar to Autotools. There is no separate option for the path to the system bus socket. · With Meson, this is controlled by the runtime_dir option, which defaults to /run if the installation prefix is set to /usr, or has behaviour similar to Autotools otherwise. The path to the system bus socket can be overridden with the system_socket option if required. Denial of service fixes: • Fix an incorrect assertion that could be used to crash dbus-daemon or other users of DBusServer prior to authentication, if libdbus was compiled with assertions enabled. We recommend that production builds of dbus, for example in OS distributions, should be compiled with checks but without assertions. (dbus#421, Ralf Habacker; thanks to Evgeny Vereshchagin) Enhancements: • D-Bus Specification 0.41: · Clarify handling of /run vs. /var/run on Unix systems (dbus#180, Simon McVittie) • Add dbus_connection_set_builtin_filters_enabled(), intended to be called by tools that use BecomeMonitor() such as dbus-monitor (dbus#301, Kai A. Hiller) • When using the Meson build system, dbus can now be used as a subproject. To avoid colliding with a separate system copy of dbus, building it as a static library with tests, tools and the message bus disabled is strongly recommended. See test/use-as-subproject for sample code. (dbus!368, dbus!388; Daniel Wagner) Other fixes: • When connected to a dbus-broker, stop dbus-monitor from incorrectly replying to Peer method calls that were sent to the dbus-broker with a NULL destination (dbus#301, Kai A. Hiller) • Fix out-of-bounds varargs read in the dbus-daemon's config-parser. This is not attacker-triggerable and appears to be harmless in practice, but is technically undefined behaviour and is detected as such by AddressSanitizer. (dbus!357, Evgeny Vereshchagin) • Avoid a data race in multi-threaded use of DBusCounter (dbus#426, Ralf Habacker) • Fix a crash with some glibc versions when non-auditable SELinux events are logged (dbus!386, Jeremi Piotrowski) • If dbus_message_demarshal() runs out of memory while validating a message, report it as NoMemory rather than InvalidArgs (dbus#420, Simon McVittie) • Use C11 _Alignof if available, for better standards-compliance (dbus!389, Khem Raj) • Stop including an outdated copy of pkg.m4 in the git tree (dbus!365, Simon McVittie) • Meson build fixes: · Use -fvisibility=hidden on Unix if supported, in particular on Linux (dbus!383, dbus#437; Simon McVittie) · Fix build on macOS, and any other platform that has CLOCK_MONOTONIC but not pthread_condattr_setclock() (dbus#419, Jordan Williams) • Documentation: · Consistently use Gitlab bug reporting URL (dbus!372, Marco Trevisan) • Licensing: · Use MIT license for some test files that did not previous specify a license, with permission from their authors (dbus!359, Simon McVittie) · Add more SPDX/REUSE license markers (dbus!311, dbus!369, dbus!370, dbus!371, dbus!375, dbus!376; Ralf Habacker, Simon McVittie) · Correct syntax of some SPDX license markers (dbus!360, Ralf Habacker) • Tests fixes: · Fix an assertion failure in test-autolaunch-win (dbus#422, Ralf Habacker) · Expand test coverage under CMake (dbus!322, Ralf Habacker) · Fix the test-apparmor-activation test after dbus#416 (dbus!380, Dave Jones) Internal changes: • Add static assertions for some things we assume about pointers (dbus!345, Simon McVittie) • Refactoring (dbus!356, dbus#430, dbus#431; Simon McVittie, Xin Shi) • Fix CI builds with recent git versions (dbus#447, Simon McVittie) • Build dbus with clang during CI (dbus!358, Evgeny Vereshchagin) dbus 1.15.2 (2022-10-05) ======================== This development release incorporates the same denial-of-service fixes and security hardening as dbus 1.14.4. Behaviour changes: • On Linux, dbus-daemon and other uses of DBusServer now create a path-based Unix socket, unix:path=..., when asked to listen on a unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to unix:dir=... on all platforms. Previous versions would have created an abstract socket, unix:abstract=..., in this situation. This change primarily affects the well-known session bus when run via dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring dbus with --enable-user-session and running it on a systemd system, already used path-based Unix sockets and is unaffected by this change. This behaviour change prevents a sandbox escape via the session bus socket in sandboxing frameworks that can share the network namespace with the host system, such as Flatpak. This change might cause a regression in situations where the abstract socket is intentionally shared between the host system and a chroot or container, such as some use-cases of schroot(1). That regression can be resolved by using a bind-mount to share either the D-Bus socket, or the whole /tmp directory, with the chroot or container. (dbus#416, Simon McVittie) Denial of service fixes: Evgeny Vereshchagin discovered several ways in which an authenticated local attacker could cause a crash (denial of service) in dbus-daemon --system or a custom DBusServer. In uncommon configurations these could potentially be carried out by an authenticated remote attacker. • An invalid array of fixed-length elements where the length of the array is not a multiple of the length of the element would cause an assertion failure in debug builds or an out-of-bounds read in production builds. This was a regression in version 1.3.0. (dbus#413, CVE-2022-42011; Simon McVittie) • A syntactically invalid type signature with incorrectly nested parentheses and curly brackets would cause an assertion failure in debug builds. Similar messages could potentially result in a crash or incorrect message processing in a production build, although we are not aware of a practical example. (dbus#418, CVE-2022-42010; Simon McVittie) • A message in non-native endianness with out-of-band Unix file descriptors would cause a use-after-free and possible memory corruption in production builds, or an assertion failure in debug builds. This was a regression in version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie) Enhancements: • D-Bus Specification 0.40 (dbus#416, Simon McVittie) · Clarify that unix:tmpdir is not required to use abstract sockets, even where supported · Mention implications of abstract sockets for Linux namespacing dbus 1.15.0 (2022-09-22) ======================== Dependencies: • On platforms where a pointer is larger than 64 bits, dbus requires at least a C11 compiler. On other platforms, dbus now requires either a C99 compiler such as gcc or clang, or Microsoft Visual Studio 2015 or later. Some workarounds for pre-C99 environments are currently still present, but we plan to remove them during this development cycle. • Building with CMake now requires CMake ≥ 3.4. • Building with Meson requires Meson ≥ 0.56 and Python ≥ 3.5. Feature removal: • Remove support for the obsolete pam_console and pam_foreground modules (the Autotools --with-console-auth-dir= and CMake -DDBUS_CONSOLE_AUTH_DIR= options, which have been deprecated since dbus 1.11.18). (dbus#181, fd.o#101629) Build-time configuration changes: • Add a Meson build system. This is currently considered experimental, but the intention is for it to replace Autotools and/or CMake in future releases, preferably both. Please test! (dbus!303, dbus!325; Félix Piédallu, Marc-André Lureau, Simon McVittie) · This requires Meson 0.56 or newer, and Python 3.5 or newer. · Expat can be built as a subproject using Meson's "wrap" mechanism, if desired. This should make it considerably easier to build dbus for Windows or other platforms without a library packaging system. · GLib can also be built as a subproject using Meson's "wrap" mechanism, if desired. This should make it considerably easier to build full test coverage on Windows or other platforms without a library packaging system. • Please note that not all Meson build options correspond 1:1 to how the closest equivalents in Autotools or CMake behave, and the Meson build options are subject to change. Distributors and developers evaluating the Meson build should check that they are configuring dbus the way they intend to. Enhancements: • D-Bus Specification 0.39: · Document how to represent internationalized domain names in D-Bus names (dbus!324, Simon McVittie) · Improve documentation of AF_UNIX sockets (Marc-André Lureau) • On Unix, speed up closing file descriptors for subprocesses by using closefrom() or close_range() where available (dbus#278; rim, Simon McVittie) • On Windows, dbus can now use AF_UNIX sockets, not just TCP. This requires Windows 10 build 17063 or later at runtime, and either Windows 10 SDK 17063 or mingw-w64 version 9.0.0 or later at compile-time. (dbus!249, Marc-André Lureau) • Teach dbus-send to handle variants in containers: arrays of variants, variant values in dictionaries, and nested variants (dbus!206, Frederik Van Bogaert) • Detect programming errors with Windows mutexes if assertions are enabled, similar to what we already did for pthreads mutexes (dbus#369, Ralf Habacker) • Move license text into LICENSES, and start to use SPDX markers (Simon McVittie, Ralf Habacker) Fixes: • Portability to CPU architectures with larger-than-64-bit pointers (dbus!335, dbus!318; Alex Richardson) • Fix build failure on FreeBSD (dbus!277, Alex Richardson) • Fix build failure on macOS with launchd enabled (dbus!287, Dawid Wróbel) • Preserve errno on failure to open /proc/self/oom_score_adj (dbus!285, Gentoo#834725; Mike Gilbert) • Improve dbus-launch --autolaunch so it can pick up an existing bus from Linux XDG_RUNTIME_DIR or macOS launchd, even if X11 autolaunching was disabled (dbus#385, dbus#392; Simon McVittie, Alex Richardson) • Correctly escape AF_UNIX socket paths when converting them to D-Bus address strings (dbus#405, Marc-André Lureau) • On Linux, don't log warnings if oom_score_adj is read-only but does not need to be changed (dbus!291, Simon McVittie) • Slightly improve error-handling for inotify (dbus!235, Simon McVittie) • Don't crash if dbus-daemon is asked to watch more than 128 directories for changes (dbus!302, Jan Tojnar) • Silence various compiler warnings (dbus!275, dbus!289, dbus!305, dbus!307, dbus!312, dbus!315; Ralf Habacker, Simon McVittie, Alex Richardson, Marc-André Lureau) • On Windows, use safer locking patterns for the system-global mutex used to implement autolaunching (dbus#368, dbus#370; Ralf Habacker) • Index dbus-arch-deps.h for API documentation when building out-of-tree (dbus!312, Marc-André Lureau) • Silence xmlto warnings when building man pages (dbus!312, Marc-André Lureau) • Fix build failure when checks are disabled but assertions are enabled (dbus#412, Johannes Kauffmann) • Use C99 flexible arrays in the memory pool implementation for better support for modern compilers (dbus!343, dbus!344; Alex Richardson, Simon McVittie) • Autotools build system fixes: · Don't treat --with-x or --with-x=yes as a request to disable X11, fixing a regression in 1.13.20. Instead, require X11 libraries and fail if they cannot be detected. (dbus!263, Lars Wendler) · When a CMake project uses an Autotools-built libdbus in a non-standard prefix, find dbus-arch-deps.h successfully (dbus#314, Simon McVittie) · Don't include generated XML catalog in source releases (dbus!317, Jan Tojnar) · Improve robustness of detecting gcc __sync atomic builtins (dbus!320, Alex Richardson) • CMake build system fixes: · Detect endianness correctly, fixing interoperability with other D-Bus implementations on big-endian systems (dbus#375, Ralf Habacker) · Fix a race condition generating man pages and HTML documentation (dbus#381, Ralf Habacker) · When building for Unix, install session and system bus setup in the intended locations (dbus!267, dbus!297; Ralf Habacker, Alex Richardson) · Detect setresuid() and getresuid() (dbus!319, Alex Richardson) · Detect backtrace() on FreeBSD (dbus!281, Alex Richardson) · Don't include headers from parent directory (dbus!282, Alex Richardson) · Fix -Wunused-command-line-argument on FreeBSD (dbus!278, Alex Richardson) · Only add warning flags if the compiler supports them (dbus!276, Alex Richardson) · Distinguish between host and target TMPDIR when cross-compiling (dbus!279, Alex Richardson) · Improve compiler warning detection (dbus#387, Ralf Habacker) · Allow TEST_SOCKET_DIR to be overridden (dbus!295, Ralf Habacker) · Fix detection of atomic operations (dbus!306, Alex Richardson) · Use DWARF 2 instead of STABS for debug symbols on Windows, for compatibility with newer gcc versions (dbus!323, Marc-André Lureau) · Fix use of paths relative to the dbus project directory when dbus is vendored into a larger CMake project (dbus!332, Jordan Williams) Tests and CI enhancements: • Add an automated test for Windows autolaunching (dbus#235, Ralf Habacker) • Avoid compiler warnings in test code (dbus#383, dbus!274, dbus!275; Simon McVittie, Ralf Habacker) • Avoid LeakSanitizer warnings in test code (dbus!326, Simon McVittie) • Speed up a particularly slow unit test by a factor of 30 (dbus!328, Simon McVittie) • On Unix, skip tests that switch uid if run in a container that is unable to do so, instead of failing (dbus#407, Simon McVittie) • On Unix, consistently create test sockets in DBUS_TEST_SOCKET_DIR and not the build directory, allowing the build directory to be mounted with a non-POSIX filesystem (dbus!334, Alex Richardson) • Gitlab-CI improvements (dbus#383, dbus#388, dbus!262, dbus!288, dbus!292, dbus!296, dbus!299, dbus!301; Ralf Habacker, Simon McVittie, Alex Richardson) • Added FreeBSD Gitlab-CI build jobs (dbus!280, dbus!347; Alex Richardson) • Use the latest MSYS2 packages for CI (Ralf Habacker, Simon McVittie) @ text @$NetBSD: patch-configure,v 1.5 2017/05/23 15:12:57 jperkin Exp $ Don't blanket define _XOPEN_SOURCE on SunOS, patch where required instead. --- configure.orig 2017-04-05 15:25:13.000000000 +0000 +++ configure @@@@ -23169,7 +23169,7 @@@@ case $host_os in # ... this opt-in to get sockaddr_in6 and sockaddr_storage... CFLAGS="$CFLAGS -D__EXTENSIONS__" # ... and this opt-in to get file descriptor passing support - CFLAGS="$CFLAGS -D_XOPEN_SOURCE=500" + #CFLAGS="$CFLAGS -D_XOPEN_SOURCE=500" ;; esac @ 1.5 log @Fix build on SunOS with GCC 7.1 @ text @d1 1 a1 1 $NetBSD$ @ 1.4 log @Update to 1.10.0: D-Bus 1.10.0 (2015-08-25) == The “0x20” release. This is a new stable branch, recommended for use in OS distributions. Fixes since 1.9.20: • distribute test/tap-test.sh.in, even if the tarball was built without tests enabled (fd.o #91684, Simon McVittie) • work around a fd leak in libcap-ng < 0.7.7 (fd.o #91684, Simon McVittie) Summary of major changes since 1.8.0: • The basic setup for the well-known system and session buses is now done in read-only files in ${datadir} (normally /usr/share). See the NEWS entry for 1.9.18 for details. • AppArmor integration has been merged, with features similar to the pre-existing SELinux integration. It is mostly compatible with the patches previously shipped by Ubuntu, with one significant change: Ubuntu's GetConnectionAppArmorSecurityContext method has been superseded by GetConnectionCredentials and was not included. • The --enable-user-session configure option can be enabled by OS integrators intending to use systemd to provide a session bus per user (in effect, treating all concurrent graphical and non-graphical login sessions as one large session). • The new listenable address mode "unix:runtime=yes" listens on $XDG_RUNTIME_DIR/bus, the same AF_UNIX socket used by the systemd user session. libdbus and "dbus-launch --autolaunch" will connect to this address by default. GLib ≥ 2.45.3 and sd-bus ≥ 209 have a matching default. • All executables are now dynamically linked to libdbus-1. Previously, some executables, most notably dbus-daemon, were statically linked to a specially-compiled variant of libdbus. This results in various private functions in the _dbus namespace being exposed by the shared library. These are not API, and must not be used outside the dbus source tree. • On platforms with ELF symbol versioning, all public symbols are versioned LIBDBUS_1_3. New bus APIs: • org.freedesktop.DBus.GetConnectionCredentials returns LinuxSecurityLabel where supported • org.freedesktop.DBus.Monitoring interface (privileged) · BecomeMonitor method supersedes match rules with eavesdrop=true, which are now deprecated • org.freedesktop.DBus.Stats interface (semi-privileged) · now enabled by default · new GetAllMatchRules method New executables: • dbus-test-tool • dbus-update-activation-environment New optional dependencies: • The systemd: pseudo-transport requires libsystemd or libsd-daemon • Complete documentation requires Ducktype and yelp-tools • Full test coverage requires GLib 2.36 and PyGI • AppArmor integration requires libapparmor and optionally libaudit Dependencies removed: • dbus-glib D-Bus 1.9.20 (2015-08-06) == The “Remember Tomorrow” release. This is a release-candidate for D-Bus 1.10.0. OS distribution vendors should test it. Fixes: • Don't second-guess what the ABI of poll() is, allowing it to be used on Integrity RTOS and other unusual platforms (fd.o #90314; Rolland Dudemaine, Simon McVittie) • Don't duplicate audit subsystem integration if AppArmor and SELinux are both enabled (fd.o #89225, Simon McVittie) • Log audit events for AppArmor/SELinux policy violations whenever we have CAP_AUDIT_WRITE, even if not the system bus (fd.o #83856, Laurent Bigonville) D-Bus 1.9.18 (2015-07-21) == The “Pirate Elite” release. Configuration changes: • The basic setup for the well-known system and session buses is now done in read-only files in ${datadir}, moving a step closer to systems that can operate with an empty /etc directory. In increasing order of precedence: · ${datadir}/dbus-1/s*.conf now perform the basic setup such as setting the default message policies. · ${sysconfdir}/dbus-1/s*.conf are now optional. By default dbus still installs a trivial version of each, for documentation purposes; putting configuration directives in these files is deprecated. · ${datadir}/dbus-1/s*.d/ are now available for third-party software to install "drop-in" configuration snippets (any packages using those directories should explicitly depend on at least this version of dbus). · ${sysconfdir}/dbus-1/s*.d/ are also still available for sysadmins or third-party software to install "drop-in" configuration snippets · ${sysconfdir}/dbus-1/s*-local.conf are still available for sysadmins' overrides ${datadir} is normally /usr/share, ${sysconfdir} is normally /etc, and "s*" refers to either system or session as appropriate. (fd.o #89280, Dimitri John Ledkov) Fixes: • Fix a memory leak when GetConnectionCredentials() succeeds (fd.o #91008, Jacek Bukarewicz) • Ensure that dbus-monitor does not reply to messages intended for others, resulting in its own disconnection (fd.o #90952, Simon McVittie) D-Bus 1.9.16 (2015-05-14) == The “titanium barns” release. Dependencies: • Automake 1.13 is now required when compiling from git or modifying the build system. Security hardening: • On Unix platforms, change the default configuration for the session bus to only allow EXTERNAL authentication (secure kernel-mediated credentials-passing), as was already done for the system bus. This avoids falling back to DBUS_COOKIE_SHA1, which relies on strongly unpredictable pseudo-random numbers. If you are using D-Bus over the (unencrypted!) tcp: or nonce-tcp: transport, in conjunction with DBUS_COOKIE_SHA1 and a shared home directory using NFS or similar, you will need to reconfigure the session bus to accept DBUS_COOKIE_SHA1 by commenting out the element. This configuration is not recommended. (fd.o #90414, Simon McVittie) • When asked for random numbers for DBUS_COOKIE_SHA1, the nonce-tcp: transport, UUIDs or any other reason, fail if we cannot obtain entropy (from /dev/urandom or CryptGenRandom()) or an out-of-memory condition occurs, instead of silently falling back to low-entropy pseudorandom numbers from rand(). (fd.o #90414; Simon McVittie, Ralf Habacker) Enhancements: • Add dbus_message_iter_get_element_count() (fd.o #30350; Christian Dywan, Simon McVittie) • Introduce new internal DBusSocket and DBusPollable types so we can stop treating the Windows SOCKET type as if it was int. DBusSocket is specifically a socket, cross-platform. DBusPollable is whatever _dbus_poll() can act on, i.e. a fd on Unix or a SOCKET on Windows. (fd.o #89444; Ralf Habacker, Simon McVittie) • All regression tests now output TAP (fd.o #89846, Simon McVittie) • Internal APIs consistently use signed values for timestamps (fd.o #18494, Peter McCurdy) • Improve diagnostics when UpdateActivationEnvironment calls are rejected (fd.o #88812, Simon McVittie) • Clean up a lot of compiler warnings (fd.o #17289, fd.o #89284; Ralf Habacker, Simon McVittie) Fixes: • Add locking to DBusCounter's reference count and notify function (fd.o #89297, Adrian Szyndela) • Ensure that DBusTransport's reference count is protected by the corresponding DBusConnection's lock (fd.o #90312, Adrian Szyndela) • Correctly release DBusServer mutex before early-return if we run out of memory while copying authentication mechanisms (fd.o #90021, Ralf Habacker) • Make dbus-test-tool and dbus-update-activation-environment portable to Windows (fd.o #90089, Ralf Habacker) • Correctly initialize all fields of DBusTypeReader (fd.o #90021; Ralf Habacker, Simon McVittie) • Fix some missing \n in verbose (debug log) messages (fd.o #90004, Ralf Habacker) • Clean up some memory and fd leaks in test code and tools (fd.o #90021, Ralf Habacker) • Fix a NULL dereference if the dbus-daemon cannot read a configuration directory for a reason that is not ENOENT (fd.o #90021, Ralf Habacker) • CMake generates a versioned shared library even if the revision is 0, as it usually is on the development branch. (fd.o #89450, Ralf Habacker) D-Bus 1.9.14 (2015-03-02) == The “don't stand in the poison cloud” release. Dependencies: • dbus-daemon and dbus-daemon-launch-helper now require libdbus. They were previously linked to a static version of libdbus. • The tests no longer require dbus-glib in order to exercise the libdbus shared library; they are always linked to libdbus now. Build-time configuration: • The new --enable-user-session option, off by default, can be enabled by OS integrators intending to use systemd to provide a session bus per user (in effect, treating all concurrent graphical and non-graphical login sessions as one large session) Enhancements: • All executables are now linked dynamically to libdbus. (fd.o #83115; Bertrand SIMONNET, Simon McVittie, Ralf Habacker) • On platforms that support them (GNU libc and possibly others), libdbus now has versioned symbols for its public API. All public symbols (visible in the header files) are currently versioned as LIBDBUS_1_3; private symbols starting with _dbus or dbus_internal have a version that changes with each release, and must not be used by applications. (also fd.o #83115) • New listenable address mode "unix:runtime=yes" which listens on a real filesystem (non-abstract) socket $XDG_RUNTIME_DIR/bus (fd.o #61303; Colin Walters, Alexander Larsson, Simon McVittie) • Add optional systemd units for a per-user bus listening on $XDG_RUNTIME_DIR/bus (fd.o #61301; Simon McVittie, Colin Walters) • On Unix platforms, both libdbus and "dbus-launch --autolaunch" default to connecting to $XDG_RUNTIME_DIR/bus if it is a socket (also fd.o #61301) • New dbus-update-activation-environment tool uploads environment variables to "dbus-daemon --session" and optionally "systemd --user", primarily as a way to keep the per-user bus compatible with distributions' existing X11 login scripts (also fd.o #61301) • elements in dbus-daemon configuration are now silently ignored if the directory does not exist. (fd.o #89280, Dimitri John Ledkov) • Add microsecond-resolution timestamps to the default output of dbus-monitor and dbus-send (fd.o #88896; Ralf Habacker, Simon McVittie) Fixes: • Fix a race condition in the 'monitor' test introduced in 1.9.10 (fd.o #89222, Simon McVittie) D-Bus 1.9.12 (2015-02-19) == The “monster lasagna” release. Dependencies: • Ducktype and yelp-tools are now required to build complete documentation (they are optional for normal builds). Enhancements: • D-Bus Specification version 0.26 · GetConnectionCredentials can return LinuxSecurityLabel or WindowsSID · document the BecomeMonitor method • On Linux, add LinuxSecurityLabel to GetConnectionCredentials (fd.o #89041; Tyler Hicks, Simon McVittie) • On Linux, add support for AppArmor mediation of message sending and receiving and name ownership (paralleling existing SELinux mediation support), and eavesdropping (a new check, currently AppArmor-specific) (fd.o #75113; John Johansen, Tyler Hicks, Simon McVittie) • In dbus-send and dbus-monitor, pretty-print \0-terminated bytestrings that have printable ASCII contents; we previously only did this for unterminated bytestrings (fd.o #89109, Simon McVittie) • Add a guide to designing good D-Bus APIs (fd.o #88994, Philip Withnall) • On Windows, add WindowsSID to GetConnectionCredentials (fd.o #54445, Ralf Habacker) • Improve clarity of dbus-monitor --profile output and add more columns (fd.o #89165, Ralf Habacker) • Add a man page for dbus-test-tool, and build it under CMake as well as Autotools (fd.o#89086, Simon McVittie) • If dbus-daemon was compiled with --enable-verbose, add a D-Bus API to control it at runtime, overriding the DBUS_VERBOSE environment variable (fd.o #88896, Ralf Habacker) Fixes: • Reduce the number of file descriptors used in the fd-passing test, avoiding failure under the default Linux fd limit, and automatically skip it if the rlimit is too small (fd.o #88998, Simon McVittie) D-Bus 1.9.10 (2015-02-09) == The “sad cyborgs” release. Security fixes merged from 1.8.16: • Do not allow non-uid-0 processes to send forged ActivationFailure messages. On Linux systems with systemd activation, this would allow a local denial of service: unprivileged processes could flood the bus with these forged messages, winning the race with the actual service activation and causing an error reply to be sent back when service auto-activation was requested. This does not prevent the real service from being started, so the attack only works while the real service is not running. (CVE-2015-0245, fd.o #88811; Simon McVittie) Enhancements: • The new Monitoring interface in the dbus-daemon lets dbus-monitor and similar tools receive messages without altering the security properties of the system bus, by calling the new BecomeMonitor method on a private connection. This bypasses the normal and rules entirely, so to preserve normal message-privacy assumptions, only root is allowed to do this on the system bus. Restricted environments, such as Linux with LSMs, should lock down access to the Monitoring interface. (fd.o #46787, Simon McVittie) • dbus-monitor uses BecomeMonitor to capture more traffic, if the dbus-daemon supports it and access permissions allow it. It still supports the previous approach ("eavesdropping" match rules) for compatibility with older bus daemons. (fd.o #46787, Simon) • dbus-monitor can now log the message stream as binary data for later analysis, with either no extra framing beyond the normal D-Bus headers, or libpcap-compatible framing treating each D-Bus message as a captured packet. (fd.o #46787, Simon) Other fixes: • Fix some CMake build regressions (fd.o #88964, Ralf Habacker) • On Unix, forcibly terminate regression tests after 60 seconds to prevent them from blocking continuous integration frameworks (fd.o #46787, Simon) D-Bus 1.9.8 (2015-02-03) == The “all the types of precipitation” release. Dependencies: • full test coverage now requires GLib 2.36 • full test coverage now requires PyGI (PyGObject 3, "import gi.repository.GObject") instead of the obsolete PyGObject 2 ("import gobject") Enhancements: • add GLib-style "installed tests" (fd.o #88810, Simon McVittie) • better regression test coverage, including systemd activation (fd.o #57952, #88810; Simon McVittie) Fixes: • fatal errors correctly make the dbus-daemon exit even if is turned off (fd.o #88808, Simon McVittie) • TCP sockets on Windows no longer fail to listen approximately 1 time in 256, caused by a logic error that should have always made it fail but was mitigated by incorrect endianness for the port number (fd.o #87999, Ralf Habacker) • fix some Windows build failures (fd.o #88009, #88010; Ralf Habacker) • on Windows, allow up to 8K connections to the dbus-daemon instead of the previous 64, completing a previous fix which only worked under Autotools (fd.o #71297, Ralf Habacker) • on Windows, if the IP family is unspecified only use IPv4, to mitigate IPv6 not working correctly (fd.o #87999, Ralf Habacker) • fix some unlikely memory leaks on OOM (fd.o #88087, Simon McVittie) • lcov code coverage analysis works again (fd.o #88808, Simon McVittie) • fix an unused function error with --disable-embedded-tests (fd.o #87837, Thiago Macieira) D-Bus 1.9.6 (2015-01-05) == The “I do have a bread knife” release. Security hardening: • Do not allow calls to UpdateActivationEnvironment from uids other than the uid of the dbus-daemon. If a system service installs unsafe security policy rules that allow arbitrary method calls (such as CVE-2014-8148) then this prevents memory consumption and possible privilege escalation via UpdateActivationEnvironment. We believe that in practice, privilege escalation here is avoided by dbus-daemon-launch-helper sanitizing its environment; but it seems better to be safe. • Do not allow calls to UpdateActivationEnvironment or the Stats interface on object paths other than /org/freedesktop/DBus. Some system services install unsafe security policy rules that allow arbitrary method calls to any destination, method and interface with a specified object path; while less bad than allowing arbitrary method calls, these security policies are still harmful, since dbus-daemon normally offers the same API on all object paths and other system services might behave similarly. Other fixes: • Add missing initialization so GetExtendedTcpTable doesn't crash on Windows Vista SP0 (fd.o #77008, Илья А. Ткаченко) D-Bus 1.9.4 (2014-11-24) == The “extra-sturdy caramel” release. Fixes: • Partially revert the CVE-2014-3639 patch by increasing the default authentication timeout on the system bus from 5 seconds back to 30 seconds, since this has been reported to cause boot regressions for some users, mostly with parallel boot (systemd) on slower hardware. On fast systems where local users are considered particularly hostile, administrators can return to the 5 second timeout (or any other value in milliseconds) by saving this as /etc/dbus-1/system-local.conf: 5000 (fd.o #86431, Simon McVittie) • Add a message in syslog/the Journal when the auth_timeout is exceeded (fd.o #86431, Simon McVittie) • Send back an AccessDenied error if the addressed recipient is not allowed to receive a message (and in builds with assertions enabled, don't assert under the same conditions). (fd.o #86194, Jacek Bukarewicz) D-Bus 1.9.2 (2014-11-10) == The “structurally unsound flapjack” release. Security fixes: • Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536 so that CVE-2014-3636 part A cannot exhaust the system bus' file descriptors, completing the incomplete fix in 1.8.8. (CVE-2014-7824, fd.o #85105; Simon McVittie, Alban Crequy) Enhancements: • D-Bus Specification version 0.25 · new value 'const' for EmitsChangedSignal annotation (fd.o #72958, Lennart Poettering) · new ALLOW_INTERACTIVE_AUTHORIZATION flag, for PolicyKit and similar (fd.o #83449; Lennart Poettering, Simon McVittie) · annotate table of types with reserved/basic/container, and for basic types, fixed/string-like · clarify arbitrary limits by quoting them in mebibytes • New API: add accessors for the ALLOW_INTERACTIVE_AUTHORIZATION flag (fd.o #83449, Simon McVittie) • Add dbus-test-tool, a D-Bus swiss army knife with multiple subcommands, useful for debugging and performance testing: · dbus-test-tool spam: send repeated messages · dbus-test-tool echo: send an empty reply for all method calls · dbus-test-tool black-hole: do not reply to method calls (fd.o #34140; Alban Crequy, Simon McVittie, Will Thompson) • Add support for process ID in credentials-passing on NetBSD (fd.o #69702, Patrick Welche) • Add an example script to find potentially undesired match rules (fd.o #84598, Alban Crequy) • Document the central assumption that makes our use of credentials-passing secure (fd.o #83499, Simon McVittie) • Replace the dbus-glib section of the tutorial with a GDBus recommendation, and add some links to GDBus and QtDBus documentation (fd.o #25140, Simon McVittie) Fixes: • Use a less confusing NoReply message when disconnected with a reply pending (fd.o #76112, Simon McVittie) • Make the .pc file relocatable by letting pkg-config do all variable expansion itself (fd.o #75858, Руслан Ижбулатов) • Fix a build failure on platforms with kqueue, which regressed in 1.9.0 (fd.o #85563, Patrick Welche) • Consistently save errno after socket calls (fd.o #83625, Simon McVittie) • In dbus-spawn, when the grandchild process exits due to a failed exec(), do not lose the exec() errno (fd.o #24821, Simon McVittie) • Do not fail the tests if a parent process has leaked non-close-on-exec file descriptors to us (fd.o #73689, fd.o #83899; Simon McVittie) • Do not fail the tests on Unix platforms with incomplete credentials-passing support, but do fail if we can't pass credentials on a platform where it is known to work: Linux, FreeBSD, OpenBSD, NetBSD (fd.o #69702, Simon McVittie) • Detect accept4, dirfd, inotify_init1, pipe2, and Unix fd passing when building with cmake, and expand test coverage there (fd.o #73689; Ralf Habacker, Simon McVittie) D-Bus 1.9.0 (2014-10-01) == The “tiered cheeses” release. Requirements: • Support for the systemd: (LISTEN_FDS) pseudo-transport on Linux now requires either the libsystemd or libsd-daemon shared library, dropping the embedded convenience copy of sd-daemon (fd.o #71818, Simon) Build-time configuration changes: • The Stats interface is now enabled by default, and locked-down to root-only on the system bus. Configure with --disable-stats to disable it altogether on memory- or disk-constrained systems, or see ${docdir}/examples/ to open it up to non-root users on the system bus or restrict access on the session bus. (fd.o #80759; Simon McVittie, Alban Crequy) • The CMake build system now builds the same shared library name as Autotools on at least Linux and Windows: - on Linux (and perhaps other Unix platforms), it previously built libdbus-1.so, but now builds libdbus-1.so.3.* with development symlink libdbus-1.so and SONAME/symlink libdbus-1.so.3 - on Windows, it previously built either libdbus-1.dll (release) or libdbus-1d.dll (debug), but now builds libdbus-1-3.dll, copied to libdbus-1.dll for compatibility with older applications. (fd.o #74117, Ralf Habacker) Enhancements: • D-Bus Specification version 0.24 · document how to quote match rules (fd.o #24307, Simon McVittie) · explicitly say that most message types never expect a reply regardles of whether they have NO_REPLY_EXPECTED (fd.o #75749, Simon McVittie) • on Unix platforms, disable Nagle's algorithm on TCP connections to improve initial latency (fd.o #75544, Matt Hoosier) • use backtrace() if it is in -lexecinfo instead of libc, as on NetBSD (fd.o #69702, Patrick Welche) • in dbus-monitor, print more information about file descriptors (fd.o #80603, Alban Crequy) • do not install system bus configuration if built for Windows (fd.o #83583; Ralf Habacker, Simon McVittie) • Add GetAllMatchRules to the Stats interface (fd.o #24307, Alban Crequy) • Add a regression test for file descriptor passing (fd.o #83622, Simon McVittie) Fixes: • fix an incorrect error message if a Unix socket path is too long (fd.o #73887, Antoine Jacoutot) • in an MSYS/Cygwin environment, pass Unix-style filenames to xmlto, fixing documentation generation (fd.o #75860, Руслан Ижбулатов) • in Unix with X11, avoid giving dbus-launch a misleading argv[0] in ps(1) (fd.o #69716, Chengwei Yang) • avoid calling poll() with timeout < -1, which is considered invalid on FreeBSD and NetBSD (fd.o #78480, Jaap Boender) • be portable to BSD-derived platforms where O_CLOEXEC is unavailable in libc (like Mac OS X 10.6), or available in libc but unsupported by the kernel (fd.o #77032; rmvsxop, OBATA Akio, Patrick Welche) • Fix include path for test/internal/*.c with cmake (Ralf Habacker) • Documentation improvements (fd.o #80795, #84313; Thomas Haller, Sebastian Rasmussen) • in dbus-monitor, do not leak file descriptors that we have monitored (fd.o #80603, Alban Crequy) • Set the close-on-exec flag for the inotify file descriptor, even if built with CMake or older libc (fd.o #73689, Simon McVittie) • Remove some LGPL code from the Windows dbus-daemon (fd.o #57272, Ralf Habacker) @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.3 2014/06/14 21:57:34 wiz Exp $ d3 1 a3 5 backtrace() may be in libexecinfo From https://bugs.freedesktop.org/attachment.cgi?id=100403 which is part of https://bugs.freedesktop.org/show_bug.cgi?id=69702 d5 1 a5 1 --- configure.orig 2014-06-05 13:56:49.000000000 +0000 d7 8 a14 70 @@@@ -18860,16 +18860,63 @@@@ if test "x$ac_cv_header_execinfo_h" = xy cat >>confdefs.h <<_ACEOF #define HAVE_EXECINFO_H 1 _ACEOF - for ac_func in backtrace -do : - ac_fn_c_check_func "$LINENO" "backtrace" "ac_cv_func_backtrace" -if test "x$ac_cv_func_backtrace" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_BACKTRACE 1 -_ACEOF + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing backtrace" >&5 +$as_echo_n "checking for library containing backtrace... " >&6; } +if ${ac_cv_search_backtrace+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char backtrace (); +int +main () +{ +return backtrace (); + ; + return 0; +} +_ACEOF +for ac_lib in '' execinfo; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_backtrace=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_backtrace+:} false; then : + break fi done +if ${ac_cv_search_backtrace+:} false; then : + +else + ac_cv_search_backtrace=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_backtrace" >&5 +$as_echo "$ac_cv_search_backtrace" >&6; } +ac_res=$ac_cv_search_backtrace +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +$as_echo "#define HAVE_BACKTRACE 1" >>confdefs.h + +fi fi @ 1.3 log @Also look for backtrace() in libexecinfo. Accepted upstream as part of https://bugs.freedesktop.org/show_bug.cgi?id=69702 @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Update to 1.6.8: D-Bus 1.6.8 (2012-09-28) == The "Fix one thing, break another" release. • Follow up to CVE-2012-3524: The additional hardening work to use __secure_getenv() as a followup to bug #52202 broke certain configurations of gnome-keyring. Given the difficulty of making this work without extensive changes to gnome-keyring, use of __secure_getenv() is deferred. D-Bus 1.6.6 (2012-09-28) == The "Clear the environment in your setuid binaries, please" release. • CVE-2012-3524: Don't access environment variables (fd.o #52202) Thanks to work and input from Colin Walters, Simon McVittie, Geoffrey Thomas, and others. • Unix-specific: · Fix compilation on Solaris (fd.o #53286, Jonathan Perkin) · Work around interdependent headers on OpenBSD by including sys/types.h before each use of sys/socket.h (fd.o #54418, Brad Smith) @ text @d1 1 a1 1 $NetBSD: patch-configure,v 1.1 2012/08/09 10:21:19 jperkin Exp $ d3 5 a7 1 Require _XOPEN_SOURCE=600 on Solaris for sockaddr_in6 and sockaddr_storage. d9 72 a80 10 --- configure.orig Thu Aug 9 09:32:17 2012 +++ configure Thu Aug 9 09:36:08 2012 @@@@ -21706,7 +21706,7 @@@@ # Solaris' C library apparently needs these runes to be threadsafe... CFLAGS="$CFLAGS -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT" # ... and this opt-in to get file descriptor passing support - CFLAGS="$CFLAGS -D_XOPEN_SOURCE=500" + CFLAGS="$CFLAGS -D_XOPEN_SOURCE=500 -D__EXTENSIONS__" ;; esac @ 1.1 log @Fix a couple of compile problems on Solaris. @ text @d1 1 a1 1 $NetBSD$ @