Google Git
Sign in
chromium / chromiumos / third_party / dbus / refs/tags/upstream/dbus-1.14.8 / . / NEWS
blob: 2c3247578a3bd660884e90c74de5d2bf4a20e5dc [file] [log] [blame]
dbus 1.14.8 (2023-06-06)
========================
Denial-of-service fixes:
• Fix an assertion failure in dbus-daemon when a privileged Monitoring
connection (dbus-monitor, busctl monitor, gdbus monitor or similar)
is active, and a message from the bus driver cannot be delivered to a
client connection due to <deny> rules or outgoing message quota. This
is a denial of service if triggered maliciously by a local attacker.
(dbus#457; hongjinghao, Simon McVittie)
Other fixes:
• Fix compilation on compilers not supporting __FUNCTION__
(dbus!404, Barnabás Pőcze)
• Fix some memory leaks on out-of-memory conditions
(dbus!403, Barnabás Pőcze)
• Documentation:
· Fix syntax of a code sample in dbus-api-design
(dbus!396; Yen-Chin, Lee)
Tests and CI enhancements:
• Fix CI pipelines after freedesktop/freedesktop#540
(dbus!405, dbus#456; Simon McVittie)
dbus 1.14.6 (2023-02-08)
========================
Denial of service fixes:
• Fix an incorrect assertion that could be used to crash dbus-daemon or
other users of DBusServer prior to authentication, if libdbus was compiled
with assertions enabled.
We recommend that production builds of dbus, for example in OS distributions,
should be compiled with checks but without assertions.
(dbus#421, Ralf Habacker; thanks to Evgeny Vereshchagin)
Other fixes:
• When connected to a dbus-broker, stop dbus-monitor from incorrectly
replying to Peer method calls that were sent to the dbus-broker with
a NULL destination (dbus#301, Kai A. Hiller)
• Fix out-of-bounds varargs read in the dbus-daemon's config-parser.
This is not attacker-triggerable and appears to be harmless in practice,
but is technically undefined behaviour and is detected as such by
AddressSanitizer. (dbus!357, Evgeny Vereshchagin)
• Avoid a data race in multi-threaded use of DBusCounter
(dbus#426, Ralf Habacker)
• Fix a crash with some glibc versions when non-auditable SELinux events
are logged (dbus!386, Jeremi Piotrowski)
• If dbus_message_demarshal() runs out of memory while validating a message,
report it as NoMemory rather than InvalidArgs (dbus#420, Simon McVittie)
• Use C11 _Alignof if available, for better standards-compliance
(dbus!389, Khem Raj)
• Stop including an outdated copy of pkg.m4 in the git tree
(dbus!365, Simon McVittie)
• Documentation:
· Consistently use Gitlab bug reporting URL (dbus!372, Marco Trevisan)
• Tests fixes:
· Fix the test-apparmor-activation test after dbus#416
(dbus!380, Dave Jones)
Internal changes:
• Fix CI builds with recent git versions (dbus#447, Simon McVittie)
dbus 1.14.4 (2022-10-05)
========================
This is a security update for the dbus 1.14.x stable branch, fixing
denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying
security hardening (dbus#416).
Behaviour changes:
• On Linux, dbus-daemon and other uses of DBusServer now create a
path-based Unix socket, unix:path=..., when asked to listen on a
unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to
unix:dir=... on all platforms.
Previous versions would have created an abstract socket, unix:abstract=...,
in this situation.
This change primarily affects the well-known session bus when run via
dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring
dbus with --enable-user-session and running it on a systemd system,
already used path-based Unix sockets and is unaffected by this change.
This behaviour change prevents a sandbox escape via the session bus socket
in sandboxing frameworks that can share the network namespace with the host
system, such as Flatpak.
This change might cause a regression in situations where the abstract socket
is intentionally shared between the host system and a chroot or container,
such as some use-cases of schroot(1). That regression can be resolved by
using a bind-mount to share either the D-Bus socket, or the whole /tmp
directory, with the chroot or container.
(dbus#416, Simon McVittie)
Denial of service fixes:
Evgeny Vereshchagin discovered several ways in which an authenticated
local attacker could cause a crash (denial of service) in
dbus-daemon --system or a custom DBusServer. In uncommon configurations
these could potentially be carried out by an authenticated remote attacker.
• An invalid array of fixed-length elements where the length of the array
is not a multiple of the length of the element would cause an assertion
failure in debug builds or an out-of-bounds read in production builds.
This was a regression in version 1.3.0.
(dbus#413, CVE-2022-42011; Simon McVittie)
• A syntactically invalid type signature with incorrectly nested parentheses
and curly brackets would cause an assertion failure in debug builds.
Similar messages could potentially result in a crash or incorrect message
processing in a production build, although we are not aware of a practical
example. (dbus#418, CVE-2022-42010; Simon McVittie)
• A message in non-native endianness with out-of-band Unix file descriptors
would cause a use-after-free and possible memory corruption in production
builds, or an assertion failure in debug builds. This was a regression in
version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie)
dbus 1.14.2 (2022-09-26)
========================
Fixes:
• Fix build failure on FreeBSD (dbus!277, Alex Richardson)
• Fix build failure on macOS with launchd enabled
(dbus!287, Dawid Wróbel)
• Preserve errno on failure to open /proc/self/oom_score_adj
(dbus!285, Gentoo#834725; Mike Gilbert)
• On Linux, don't log warnings if oom_score_adj is read-only but does not
need to be changed (dbus!291, Simon McVittie)
• Slightly improve error-handling for inotify
(dbus!235, Simon McVittie)
• Don't crash if dbus-daemon is asked to watch more than 128 directories
for changes (dbus!302, Jan Tojnar)
• Autotools build system fixes:
· Don't treat --with-x or --with-x=yes as a request to disable X11,
fixing a regression in 1.13.20. Instead, require X11 libraries and
fail if they cannot be detected. (dbus!263, Lars Wendler)
· When a CMake project uses an Autotools-built libdbus in a
non-standard prefix, find dbus-arch-deps.h successfully
(dbus#314, Simon McVittie)
· Don't include generated XML catalog in source releases
(dbus!317, Jan Tojnar)
· Improve robustness of detecting gcc __sync atomic builtins
(dbus!320, Alex Richardson)
• CMake build system fixes:
· Detect endianness correctly, fixing interoperability with other D-Bus
implementations on big-endian systems (dbus#375, Ralf Habacker)
· When building for Unix, install session and system bus setup
in the intended locations
(dbus!267, dbus!297; Ralf Habacker, Alex Richardson)
· Detect setresuid() and getresuid() (dbus!319, Alex Richardson)
· Detect backtrace() on FreeBSD (dbus!281, Alex Richardson)
· Don't include headers from parent directory (dbus!282, Alex Richardson)
· Distinguish between host and target TMPDIR when cross-compiling
(dbus!279, Alex Richardson)
· Fix detection of atomic operations (dbus!306, Alex Richardson)
Tests and CI enhancements:
• On Unix, skip tests that switch uid if run in a container that is
unable to do so, instead of failing (dbus#407, Simon McVittie)
• Use the latest MSYS2 packages for CI
(Ralf Habacker, Simon McVittie)
dbus 1.14.0 (2022-02-28)
========================
1.14.x is a new stable branch, superseding 1.12.x.
Summary of major changes between 1.12.x and 1.14.0
--------------------------------------------------
Dependencies:
• dbus now requires at least a basic level of support for C99 variadic
macros, as implemented in gcc >= 3, all versions of Clang, and
MSVC >= 2005. In practice this requirement has existed since version
1.9.2, but it is now official.
• dbus now requires a C99-compatible va_copy() macro (or a __va_copy()
macro with the same behaviour), except when building for Windows using
MSVC and CMake.
• On Unix platforms, if getpwnam_r() and getgrnam_r() are implemented,
they must be POSIX-conformant. The non-POSIX signature seen in ancient
Solaris versions will no longer work.
• All Windows builds now require Windows Vista or later.
(Note that we do not recommend or support use of dbus on operating
systems outside their vendor's security support lifetime, such as Vista.)
• GLib >= 2.38 is required if full test coverage is enabled
(reduced from 2.40 in dbus 1.12.x.)
• Building using CMake now requires CMake 3.4.
• Building documentation using CMake now requires xsltproc, Docbook DTDs
(for example docbook-xml on Debian derivatives), and Docbook XSLT
stylesheets (for example docbook-xsl on Debian derivatives). Using
KDE's meinproc4 documentation processor is no longer supported.
Build-time configuration changes:
• Move CMake build system to top level, matching normal practice for
CMake projects
Deprecations:
• Third-party software should install default dbus policies for the system
bus into ${datadir}/dbus-1/system.d (this has been supported since dbus
1.10, released in August 2015). Installing default dbus policies in
${sysconfdir}/dbus-1/system.d is now considered to be deprecated. Policy
files in ${sysconfdir}/dbus-1/system.d continue to be read, but this
directory should only be used by system administrators wishing to
override the default policies.
The ${datadir} applicable to dbus is usually /usr/share and the
${sysconfdir} is usually /etc.
• A similar pattern applies to the session bus policies in session.d.
• The dbus-send(1) man page now documents --bus and --peer instead of
the old --address synonym for --peer, which has been deprecated since
the introduction of --bus and --peer in 1.7.6
• The dbus-daemon man page now has scarier warnings about
<allow_anonymous/> and non-local TCP, which are insecure and should
not be used, particularly for the standard system and session buses
• DBusServer (and hence the dbus-daemon) no longer accepts usernames
(login names) for the recommended EXTERNAL authentication mechanism,
only numeric user IDs or the empty string. See 1.13.0 release notes
for full details.
New features:
• On Linux 4.13 or later when built against a suitable glibc version,
GetConnectionCredentials() now includes UnixGroupIDs, the effective
group IDs of the initiator of the connection, taken from
SO_PEERGROUPS.
• On Linux 4.13 or later, <policy group="…"> now uses the SO_PEERGROUPS
credentials-passing socket option to get the effective group IDs
of the initiator of the connection. See 1.13.4 release notes for details.
• Add a --sender option to dbus-send, which requests a name and holds it
until the signal has been sent
• dbus-daemon <allow> and <deny> rules can now specify a
send_destination_prefix attribute, which is like a combination of
send_destination and the arg0namespace keyword in match rules.
See 1.13.12 release notes for more details
• The dbus-daemon now filters the messages that it relays, removing
header fields that it does not understand. Clients must not rely on
this behaviour unless they have confirmed that they are connected to
a suitable message bus implementation, for example by querying its
Features property.
• The dbus-daemon now emits a signal, ActivatableServicesChanged, when
the list of activatable services may have changed. Support for this
signal can be discovered by querying the Features property.
• It is now possible to disable traditional (non-systemd) service
activation at build-time (Autotools: --disable-traditional-activation,
CMake: -DENABLE_TRADITIONAL_ACTIVATION=OFF). See 1.13.10 release notes
for details.
• The API reference manual can be built as a Qt compiled help file if
qhelpgenerator(-qt5) is available. See 1.13.16 release notes for details.
Miscellaneous behaviour changes:
• When using the "user bus" (--enable-user-session), put the dbus-daemon
in the session slice
• Several environment variables set by systemd are no longer passed
on to activated services
• If the dbus-daemon is compiled for Linux with systemd support, it
now informs systemd that it is ready for use via the sd_notify()
mechanism
• Tarball releases no longer contain pre-2007 changelogs and are now
compressed with xz, making them around 35% smaller.
Changes since 1.13.22
---------------------
• On Windows, consistently use msvcrt.dll-style printf formats, fixing
builds with mingw-w64 8.0.0 (dbus#380, Simon McVittie)
• Fix some broken links in the API design document
(dbus!257, Michael Nosthoff)
• CI updates
· Enable -Werror for the CMake builds
· Use https to download MSYS packages
· Use Debian 11 for most builds
· Stop testing on Debian 9, which is EOL
· Stop testing on Ubuntu 16.04, which is EOL
· Remove workarounds for missing/outdated packages in Debian 8, Debian 9
and Ubuntu 16.04
(dbus#380, dbus!260; Simon McVittie)
dbus 1.13.22 (2022-02-23)
=========================
This is a release candidate for a new dbus 1.14.x stable branch.
Enhancements:
• D-Bus Specification 0.38:
· Add ActivatableServicesChanged signal and feature flag
(dbus#376, Ralf Habacker)
· Document * as optionally-escaped in D-Bus addresses, matching
the implementation (dbus!248, Kir Kolyshkin)
• Emit the new ActivatableServicesChanged signal when configuration
and/or activatable services are reloaded (dbus#376, Ralf Habacker)
• Add an XML catalog file for the DTDs we install
(dbus!202, Jan Tojnar)
Bug fixes:
• On Linux, when using traditional (non-systemd) service activation,
don't log warnings about failing to reset OOM score adjustment if the
process is already more susceptible to the OOM killer, as user processes
usually are with systemd ≥ 250. (dbus#374, Simon McVittie)
• On Linux, when using traditional (non-systemd) system bus activation,
reset the OOM score adjustment to 0 as intended.
If the system dbus-daemon is protected from the OOM killer, this
avoids that protection unintentionally being inherited by every
system service. (dbus#378, Simon McVittie)
• Fix a code path that could result in a crash on out-of-memory
(dbus#246, Marc-André Lureau)
• Fix compilation if embedded tests are enabled but verbose mode and
stats are both disabled (Marc-André Lureau)
• CMake: Improve support for Windows with MSVC and add CI coverage
(dbus!218, Marc-André Lureau)
• CMake: Improve Docbook documentation-generation
(dbus#377, Ralf Habacker)
• On Linux, fix a race condition in the integration test for transient
services (Debian#1005889, dbus!256; Simon McVittie)
dbus 1.13.20 (2021-12-17)
=========================
The “not how anyone wanted to learn the Greek alphabet” release.
Dependencies:
• Building using CMake now requires CMake 3.4.
Enhancements:
• D-Bus Specification 0.37:
· Update recommendations for DBUS_COOKIE_SHA1 timeouts
(dbus!171, Simon McVittie)
· Clarify padding requirements for arrays and variants
(dbus!203, Zeeshan Ali)
· Describe where the interoperable machine ID comes from
(dbus!198, Thomas Kluyver)
· Clarify use of dictionary (array of dict-entry) types
(dbus#347, Ralf Habacker)
• When using the "user bus" (--enable-user-session), put the dbus-daemon
in the session slice (dbus!219, David Redondo)
Feature removal:
• Disable the experimental Containers1 interface that was added in 1.13.0.
It is incomplete and not ready for production use, so we're disabling it
in preparation for a new 1.14.x stable branch; the code remains present
and will be re-enabled later, but there is no longer a build-time
configuration option to enable it. (dbus!236, Simon McVittie)
Bug fixes:
• Avoid malloc() after fork on non-GNU libc (dbus!181, Jean-Louis Fuchs)
• Don't return successfully from RemoveMatch if the match rule didn't
exist (dbus#351, Simon McVittie)
• On Windows, fix a race condition where dbus-run-session could start the
wrapped application before the dbus-daemon was ready
(dbus#297, Ralf Habacker)
• Fix build with clang 13 by using Standard C offsetof where available
(dbus!237, Simon McVittie)
• Fix build of tests on FreeBSD (dbus!167, Simon McVittie)
• Various CMake build improvements
(dbus#310, dbus!213, dbus#319, dbus!217, dbus#346, dbus#356;
Ralf Habacker)
• Set IMPORTED_IMPLIB property in CMake metadata installed via Autotools
with mingw toolchain
(dbus!172, Julien Schueller)
• Make documentation build more reproducible
(dbus!189, dbus!238; Arnout Engelen, Simon McVittie)
• On Unix, make X11 autolaunch cope with slashes in DISPLAY
(dbus#8, dbus#311; William Earley)
• Don't try to raise RLIMIT_NOFILE beyond OPEN_MAX on macOS
(dbus#309, William Earley)
• Improve SELinux audit messages (dbus!173, Chris PeBenito)
• Validate various strings in dbus-send to avoid client-side assertion
failures on invalid input (dbus#338, Simon McVittie)
• Fix a memory leak in a unit test (dbus!208, David King)
• In Autotools builds, use pkg-config in preference to AC_PATH_XTRA
(dbus!212, Scott Hamilton)
• On Windows, prevent (theoretical?) stack buffer overflow with very
long paths (dbus!221, Ralf Habacker)
• Fix build with newer mingw compilers (dbus#355, Ralf Habacker)
• Various Windows error-handling fixes
(dbus!229, dbus#357, dbus#279, dbus#360, dbus#365;
Ralf Habacker, Simon McVittie)
• Clearer diagnostics when tests are skipped (dbus#363, Simon McVittie)
• CI improvements
(dbus#318, dbus!197, dbus!187, dbus!196, dbus!201, dbus#359;
Simon McVittie, Ralf Habacker, Arnout Engelen, Marc-André Lureau)
• Typo fixes, etc.
(dbus!183, dbus!182; Chigozirim Chukwu, Samy Mahmoudi)
dbus 1.13.18 (2020-07-02)
=========================
The “carnivorous border” release.
Maybe security fixes:
• On Unix, avoid a use-after-free if two usernames have the same
numeric uid. In older versions this could lead to a crash (denial of
service) or other undefined behaviour, possibly including incorrect
authorization decisions if <policy group=...> is used.
Like Unix filesystems, D-Bus' model of identity cannot distinguish
between users of different names with the same numeric uid, so this
configuration is not advisable on systems where D-Bus will be used.
Thanks to Daniel Onaca.
(dbus#305, dbus!166, CVE-2020-35512; Simon McVittie)
Other fixes:
• On Solaris and its derivatives, if a cmsg header is truncated, ensure
that we do not overrun the buffer used for fd-passing, even if the
kernel tells us to.
(dbus#304, dbus!165; Andy Fiddaman)
• When built with CMake, use GNUInstallDirs' special-cases for prefixes
/, /usr and /opt/*
(dbus!155, Ralf Habacker)
• When built with CMake on Linux, allow systemd-specific features to be
enabled, for feature parity with Autotools
(dbus!155, Ralf Habacker)
• When built with CMake, install the same example files as with Autotools
(dbus!155, Ralf Habacker)
• Correct the doc-comment for DBUS_ERROR_SPAWN_NO_MEMORY
(dbus!163, Marc-André Lureau)
dbus 1.13.16 (2020-06-02)
=========================
The “ominous mushroom hat” release.
Denial of service fixes:
• CVE-2020-12049: If a message contains more file descriptors than can
be sent, close those that did get through before reporting error.
Previously, a local attacker could cause the system dbus-daemon (or
another system service with its own DBusServer) to run out of file
descriptors, by repeatedly connecting to the server and sending fds that
would get leaked.
Thanks to Kevin Backhouse of GitHub Security Lab.
(dbus#294, GHSL-2020-057; Simon McVittie)
Enhancements:
• The API reference manual can be built as a Qt compiled help file if
qhelpgenerator(-qt5) is available. This is controlled by
--enable-qt-help and --with-qchdir in the Autotools build, or
-DENABLE_QT_HELP and -DINSTALL_QCH_DIR in CMake.
(dbus!150, Ralf Habacker)
Fixes:
• When built for Windows, return all autolaunch error information in
the DBusError rather than printing some of it to stderr
(dbus#191, dbus!131; Ralf Habacker)
• When built for Windows, don't truncate long log messages
(dbus!134, Ralf Habacker)
• When built using CMake for a Unix platform, dbus-cleanup-sockets and
dbus-uuidgen are now included (dbus!154, Ralf Habacker)
• When built for Windows with verbose mode enabled, don't print debugging
messages related to poll() emulation into a fixed-size buffer that
could overflow (dbus!125, Ralf Habacker)
• Adjust .desktop file parser to avoid a Coverity false positive
(dbus!146, Coverity CID 354884; Ralf Habacker)
• Print shell-test diagnostics to stderr, avoiding warnings or errors
from strict TAP parsers (dbus!157, Félix Piédallu)
Tests and CI enhancements:
• When the CI cross-builds Windows binaries on Linux, run unit tests
using Wine (dbus#296, dbus!158; Ralf Habacker)
• Really build x86_64 Windows binaries in Gitlab-CI, instead of building
i686 binaries a second time (Ralf Habacker)
• When tests will be run using Wine, use STABS debug symbol format so
that Wine can display backtraces (dbus#133, dbus!104; Ralf Habacker)
dbus 1.13.14 (2020-04-21)
=========================
The “mystery allium” release.
Dependencies:
• On Unix platforms, if getpwnam_r() and getgrnam_r() are implemented,
they must be POSIX-conformant. The non-POSIX signature seen in ancient
Solaris versions will no longer work. (dbus!11, Simon McVittie)
Enhancements:
• D-Bus Specification 0.36:
· Fix a typo in an annotated hexdump of part of a message
(dbus!152, Zygmunt Krynicki)
• On Linux, use getrandom(2) in preference to /dev/urandom
(dbus!147, Natanael Copa)
• Add a --sender option to dbus-send, which requests a name and holds it
until the signal has been sent. (dbus!116, Christopher Morin)
Fixes:
• Fix a crash when the dbus-daemon is terminated while one or more
monitors are active (dbus#291, dbus!140; Simon McVittie)
• Fix several test failures if the build-time tests were run as uid 0.
Note that running the tests with elevated privileges is likely to be
insecure, and should only be attempted in an expendable container or
virtual machine. (dbus!117, Simon McVittie)
• Fix an assertion failure if a client encounters an out-of-memory
condition while sending its response to the "OK" authentication
message, and processing of the "OK" message is subsequently retried
when more memory is available (dbus!119, Simon McVittie)
• Don't leak struct addrinfo if we run out of memory during a TCP
connect()
(dbus!143, dbus!144, Coverity CID 354880; Ralf Habacker, Simon McVittie)
• On Linux with SELinux, don't assume that the system policy has the
"dbus" security class or the associated AV
(dbus#198, dbus!128; Laurent Bigonville)
• Handle dbus_connection_set_change_sigpipe() in a thread-safe way
(dbus!132; Simon McVittie, Ralf Habacker)
• On Unix, use POSIX <poll.h> in preference to <sys/poll.h>
(dbus!148, Natanael Copa)
• When building with CMake, cope with libX11 in a non-standard location
(dbus!129, Tuomo Rinne)
• On Windows with verbose mode enabled and outputting to the debug port,
use a dynamically-allocated buffer to avoid potential stack buffer
overflows in long messages (dbus#45, dbus!133; Ralf Habacker)
• The dbus-send(1) man page now documents --bus and --peer instead of
the old --address synonym for --peer, which has been deprecated since
the introduction of --bus and --peer in 1.7.6
(fd.o #48816, dbus!115; Chris Morin)
• Fix a wrong environment variable name in dbus-daemon(1)
(dbus#275, dbus!122; Mubin, Philip Withnall)
• Fix formatting of dbus_message_append_args example
(dbus!126, Felipe Franciosi)
Internal changes:
• Move more test-only code from dbus/ to tests/
(dbus!120, dbus!121, dbus!153; Simon McVittie)
• Improve diagnostics if memory or fd leaks are detected
(dbus!118, dbus!120; Simon McVittie)
• Move from Debian 9 to Debian 10 for most continuous integration jobs
(dbus!151, Simon McVittie)
• On Windows, improve embedded version information
(dbus!136, dbus!138, dbus!139; Ralf Habacker)
• Indentation fixes (dbus!149, Taras Zaporozhets)
dbus 1.13.12 (2019-06-11)
=========================
The “patio squirrel” release.
Security fixes:
• CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
authentication for identities that differ from the user running the
DBusServer. Previously, a local attacker could manipulate symbolic
links in their own home directory to bypass authentication and connect
to a DBusServer with elevated privileges. The standard system and
session dbus-daemons in their default configuration were immune to this
attack because they did not allow DBUS_COOKIE_SHA1, but third-party
users of DBusServer such as Upstart could be vulnerable.
Thanks to Joe Vennix of Apple Information Security.
(dbus#269, Simon McVittie)
Enhancements:
• dbus-daemon <allow> and <deny> rules can now specify a
send_destination_prefix attribute, which is like a combination of
send_destination and the arg0namespace keyword in match rules: a rule
with send_destination_prefix="com.example.Foo" matches messages sent to
any destination that is in the queue to own well-known names like
com.example.Foo or com.example.Foo.A.B (but not com.example.Foobar).
(dbus!85, Adrian Szyndela)
dbus 1.13.10 (2019-05-13)
=========================
The “engineering brick” release.
Dependencies:
• GLib >= 2.38 is required if full test coverage is enabled
(reduced from 2.40 in dbus 1.12.x.)
Deprecations:
• Third-party software should install default dbus policies for the system
bus into ${datadir}/dbus-1/system.d (this has been supported since dbus
1.10, released in August 2015). Installing default dbus policies in
${sysconfdir}/dbus-1/system.d is now considered to be deprecated. Policy
files in ${sysconfdir}/dbus-1/system.d continue to be read, but this
directory should only be used by system administrators wishing to
override the default policies.
The ${datadir} applicable to dbus is usually /usr/share and the
${sysconfdir} is usually /etc.
• A similar pattern applies to the session bus policies in session.d.
Enhancements:
• D-Bus Specification 0.35:
· Add UnixGroupIDs to GetConnectionCredentials()
(dbus#196, dbus!105; Matthijs van Duin)
· Remove some redundancies from the spec for interface names
(dbus!102, Felipe Gasper)
• Raise soft fd limit to match hard limit, even if unprivileged.
This makes session buses with many clients, or with clients that make
heavy use of fd-passing, less likely to suffer from fd exhaustion.
(dbus!103, Simon McVittie)
• On Linux 4.13 or later when built against a suitable glibc version,
GetConnectionCredentials() now includes UnixGroupIDs, the effective
group IDs of the initiator of the connection, taken from
SO_PEERGROUPS. (dbus#196, dbus!105; Matthijs van Duin)
• Embedded/special-purpose builds of dbus can now be configured with
--disable-traditional-activation, to disable services being launched
as a subprocess of the dbus-daemon. This allows the system dbus-daemon
to be run in a more tightly restricted security profile (an example
"drop-in" for systemd is provided).
If systemd support is enabled, then services with a SystemdService
configured can still be activated in these builds, via IPC to systemd.
Otherwise, services will not be activatable at all.
Please note that this option is not suitable for general-purpose
Linux distributions that are intended to support running third-party
D-Bus services.
(dbus!107, Topi Miettinen)
• Move CMake build system to top level, matching normal practice for
CMake projects (dbus!84, Ralf Habacker)
• Reformat CMake files (dbus#252, dbus!82, dbus!91; Ralf Habacker)
• Avoid GLib 2.40 dependencies (dbus!79, Ralf Habacker)
• Officially deprecate packaged XML policies in ${sysconfdir}, and
document how to install system services correctly
(dbus!76, Simon McVittie)
• Add AddressSanitizer and ubsan support (dbus!57, Simon McVittie)
Fixes:
• If a privileged dbus-daemon has a hard fd limit greater than 64K, don't
reduce it to 64K, ensuring that we can put back the original fd limits
when carrying out traditional (non-systemd) activation. This fixes a
regression with systemd >= 240 in which system services inherited
dbus-daemon's hard and soft limit of 64K fds, instead of the intended
soft limit of 1K and hard limit of 512K or 1M.
(dbus!103, Debian#928877; Simon McVittie)
• Fix build failures caused by an AX_CODE_COVERAGE API change in newer
autoconf-archive versions (dbus#249, dbus!88; Simon McVittie)
• Fix build failures with newer autoconf-archive versions that include
AX_-prefixed shell variable names (dbus#249, dbus!86; Simon McVittie)
• Avoid possible memory corruption in certain DBusHashTableIter use
patterns, which in practice were never used (dbus!44, Simon McVittie)
• Avoid a test failure on Linux when built in a container as uid 0, but
without the necessary privileges to increase resource limits
(dbus!58, Debian #908092; Simon McVittie)
• Don't overwrite PKG_CONFIG_PATH and related environment variables when
the pkg-config-based version of DBus1Config is used in a CMake project
(dbus#267, dbus!96; Clemens Lang)
• In CMake builds, respect GNUInstallDirs variables
(dbus!77, Ralf Habacker)
• In CMake builds, don't rebuild documentation every time
(dbus!94, Ralf Habacker)
• In CMake builds for Windows, don't require libiconv
(dbus#262, dbus!100; Ralf Habacker)
• Fix intermittent build failures with parallel CMake
(dbus#266, dbus!113; Simon McVittie)
• Don't assume we can set permissions on a directory, for the benefit of
MSYS and Cygwin builds (dbus#216, dbus!110; Simon McVittie)
• Avoid test failures with non-trivial NSS modules
(dbus#256, dbus!93; Simon McVittie)
• Fix test failures in test-syslog and test-sysdeps under Windows
(dbus#238, dbus#243, dbus!61, dbus!62; Simon McVittie)
• Ensure that CTest build-time tests on Windows use the just-built
libdbus-1-3.dll (dbus!83, Ralf Habacker)
• Don't take so long to run test-refs on Windows
(dbus#244, dbus!65; Ralf Habacker)
• Fix memory leaks in tests (dbus!68, Simon McVittie)
• Avoid casting user-supplied pointers to DBusBasicValue *, which is
formally undefined behaviour (dbus!69, Simon McVittie)
• Fix a non-exploitable stack array overrun in dbus-run-session on Windows
(Ralf Habacker)
Tests and CI enhancements:
• Verify that the result of an Autotools `make dist` can be used for a
successful CMake build (dbus#255, dbus!87; Simon McVittie)
• Rewrite Python tests into C to reduce circular dependencies and
facilitate use of AddressSanitizer (dbus!37, Simon McVittie)
• Refactor tests to extract most of their code from the bus/ and dbus/
directories, and break them up into smaller modules
(dbus#223, dbus#240, dbus!1, dbus!99, dbus!73, dbus!74, dbus!75;
Simon McVittie, Ralf Habacker)
• Do CI builds in a more minimal environment (dbus!63, Simon McVittie)
• Improve test coverage with CMake (dbus#135, dbus!23; Ralf Habacker)
• Avoid firewall exception requests when running build-time tests on
Windows (dbus!64, Ralf Habacker)
• Allow use of Wine to run cross-compiled Windows tests on Linux
(dbus!60, Ralf Habacker)
Internal changes:
• Rename DBusSocketSet to the more accurate DBusPollableSet
(dbus!81, Ralf Habacker)
• Refactor Windows implementation of dbus-spawn
(dbus!80; Ralf Habacker, Simon McVittie)
• Delete unused code from userdb module (dbus!92, Simon McVittie)
• Remove unnecessary _dbus_threads_init_debug() (dbus!72, Simon McVittie)
dbus 1.13.8 (2018-12-04)
========================
The “demanding dragon” release.
dbus version control is now hosted on freedesktop.org's Gitlab
installation, and bug reports and feature requests have switched from
Bugzilla bugs (indicated by "fd.o #nnn") to Gitlab issues ("dbus#nnn")
and merge requests ("dbus!nnn"). See README and CONTRIBUTING.md for
more details.
Dependencies:
• dbus now requires at least a basic level of support for C99 variadic
macros, as implemented in gcc >= 3, all versions of Clang, and
MSVC >= 2005. In practice this requirement has existed since version
1.9.2, but it is now official.
• dbus now requires a C99-compatible va_copy() macro (or a __va_copy()
macro with the same behaviour), except when building for Windows using
MSVC and CMake.
• Building documentation using CMake now requires xsltproc, Docbook DTDs
(for example docbook-xml on Debian derivatives), and Docbook XSLT
stylesheets (for example docbook-xsl on Debian derivatives). Using
KDE's meinproc4 documentation processor is no longer supported.
Enhancements:
• Rewrite CONTRIBUTING.md to reflect the current setup
(dbus!8, Simon McVittie)
• D-Bus Specification v0.34:
· Fix an incorrect AddMatch() call in sample code
(dbus#221, dbus!56; Philip Withnall)
• Tarball releases no longer contain pre-2007 changelogs and are now
compressed with xz, so they should be somewhat smaller
(fd.o #107630; Francesco Turco, Simon McVittie)
• Reference the freedesktop.org Code of Conduct (Simon McVittie)
• Build an implementation of dbus-run-session for Windows
(dbus#135, dbus!22; Ralf Habacker)
• On Linux with SELinux, use avc_open() and monitor the AVC netlink fd
in the main event loop, instead of using the deprecated avc_init()
and a thread (dbus#134, dbus!31; Laurent Bigonville)
• On Linux with SELinux, use the SELINUX_CB_POLICYRELOAD callback
to detect policy reloads, instead of monitoring the access vector
cache with AVC_CALLBACK_RESET
(dbus#134, dbus!31; Laurent Bigonville)
• Avoid double slashes in pkg-config paths (dbus!30, Ralf Habacker)
• Improve test coverage and clean up dead code
(fd.o #107739, dbus#222; Simon McVittie)
• Allow --enable-relocation in combination with absolute paths for
--exec-prefix, --libdir (fd.o #107662, Simon McVittie)
• Don't run a test program to check how to copy a va_list, which is
awkward for cross-compiling; instead require that va_copy() or
__va_copy() exists, except in older MSVC versions where we already
know that simple assignment is enough (dbus!35, Simon McVittie)
• Simplify configure checks (dbus!10, Simon McVittie)
• Improve CMake build system parity with Autotools, including:
· Detect inotify, prctl() and getpwnam_r() correctly on Linux
· Use xsltproc instead of meinproc4 for documentation
(dbus#57, dbus#117, dbus#193, dbus#227, dbus!18, dbus!39;
Ralf Habacker, Simon McVittie)
Fixes:
• Stop the dbus-daemon leaking memory (an error message) if delivering
the message that triggered auto-activation is forbidden. This is
technically a denial of service because the dbus-daemon will
run out of memory eventually, but it's a very slow and noisy one,
because all the rejected messages are also very likely to have
been logged to the system log, and its scope is typically limited by
the finite number of activatable services available.
(dbus#234, Simon McVittie)
• Remove __attribute__((__malloc__)) attribute on dbus_realloc(),
which does not meet the criteria for that attribute in gcc 4.7+,
potentially leading to miscompilation (fd.o #107741, Simon McVittie)
• Parse section/group names in .service files according to the syntax
from the Desktop Entry Specification:
· reject control characters and non-ASCII in section/group names
· backslash escapes are not interpreted in section/group names
(dbus#208; David King, Simon McVittie)
• Always use select()-based poll() emulation on Darwin-based OSs
(macOS, etc.) and on Interix, similar to what libcurl does
(dbus#232, dbus!19; Simon McVittie)
• Avoid undefined integer shifts when generating random tokens for
the DBUS_COOKIE_SHA1 mechanism (dbus!45, Simon McVittie)
• Document the max-connections-per-user limit as unimplemented on
Windows, and don't fail tests when it isn't enforced there
(dbus!54, Simon McVittie)
• Avoid unnecessary file descriptors being inherited by dbus-daemon and
dbus-launch subprocesses (dbus!50, Simon McVittie)
• Fix some minor memory leaks
(fd.o #107320, dbus!41, dbus!42; Simon McVittie)
• Don't fail tests if GetConnectionUnixProcessID() succeeds on Windows,
which it normally will since 1.7.x
(dbus#239, dbus!55; Simon McVittie)
• Extend a test timeout to avoid spurious failures in CI
(dbus!26, Simon McVittie)
• Avoid undefined signed integer operations when generating random
message content during regression tests (dbus!46, Simon McVittie)
• Fix build warnings with recent gcc (dbus#208, dbus#225; David King)
• Fix build warnings without libX11 (dbus#228, Simon McVittie)
• Fix whitespace and error behaviour for _dbus_command_from_pid()
(dbus#222, dbus!28; Simon McVittie)
• Fix a race condition in the containers test
(dbus!47, Simon McVittie)
• When built with CMake, install dbus-daemon-launch-helper to
${CMAKE_INSTALL_LIBEXECDIR}, analogous to ${libexecdir} in
Autotools (dbus!9, Simon McVittie)
• When built with CMake and disabling tests, still install
dbus-daemon-launch-helper (dbus!9, Simon McVittie)
Tests and CI:
• Add Travis-CI builds for 64-bit Windows using mingw-w64
(fd.o #105662, Ralf Habacker)
• Add Gitlab-CI integration (fd.o #108177, Simon McVittie)
dbus 1.13.6 (2018-08-02)
========================
The “vine cutting” release.
Fixes:
• Prevent reading up to 3 bytes beyond the end of a truncated message.
This could in principle be an information leak or denial of service
on the system bus, but is not believed to be exploitable to crash
the system bus or leak interesting information in practice.
(fd.o #107332, Simon McVittie)
• Fix build with gcc 8 -Werror=cast-function-type
(fd.o #107349, Simon McVittie)
• Fix warning from gcc 8 about suspicious use of strncpy() when
populating struct sockaddr_un (fd.o #107350, Simon McVittie)
• Fix a minor memory leak when a DBusServer listens on a new address
(fd.o #107194, Simon McVittie)
• Fix an invalid NULL argument to rmdir() if a nonce-tcp DBusServer
runs out of memory (fd.o #107194, Simon McVittie)
• Fix various memory leaks during unit tests
(fd.o #107194, Simon McVittie)
• Don't use misleading errno-derived error names if getaddrinfo() or
getnameinfo() fails with a code other than EAI_SYSTEM
(fd.o #106395, Simon McVittie)
• Skip tests that require working TCP if we are in a container environment
where 127.0.0.1 cannot be resolved (fd.o #106812, Simon McVittie)
dbus 1.13.4 (2018-04-30)
========================
The “parsimonious topping” release.
Dependencies:
• All Windows builds now require Windows Vista or later.
(Note that we do not recommend or support use of dbus on operating
systems outside their vendor's security support lifetime, such as Vista.)
Enhancements:
• D-Bus Specification v0.33
· Be clearer about the security properties of TCP transports, which
have no integrity or confidentiality protection and so should not
normally be used, except via the loopback interface on Windows
(fd.o #106004, Simon McVittie)
• On Linux 4.13 or later, <policy group="…"> now uses the SO_PEERGROUPS
credentials-passing socket option to get the effective group IDs
of the initiator of the connection. On platforms where that socket
option is not available, dbus-daemon continues to look up the
connection's user ID in the system user and group databases and
assume that it has the groups that would have been granted by
initgroups(). (fd.o #103737, #97821; Simon McVittie)
• If the dbus-daemon is compiled for Linux with systemd support, it
now informs systemd that it is ready for use via the sd_notify()
mechanism. (fd.o #104641; Michal Sekletar, Simon McVittie)
• Several environment variables set by systemd are no longer passed
on to activated services (fd.o #104641, Simon McVittie)
• Failing to bind a TCP socket to an address produces better error
messages. (fd.o #61922; Simon McVittie, Ralf Habacker)
• Windows builds now set the SO_REUSEADDR and TCP_NODELAY options on
TCP sockets (as Unix builds already did), which should improve
robustness and performance (fd.o #61922, Ralf Habacker)
• Windows executables built with cmake have version information.
When building for Windows with Autotools, only libdbus-1-3.dll
has version information, matching previous behaviour with cmake.
(fd.o #103387, Ralf Habacker)
• The Devhelp documentation index is now in version 2 format
(fd.o #106186, Simon McVittie)
• Give the dbus-daemon man page some scarier warnings about
<allow_anonymous/> and non-local TCP, which are insecure and should
not be used, particularly for the standard system and session buses
(fd.o #106004, Simon McVittie)
Fixes:
• Listening on TCP sockets copes better with IPv6 being disabled
(fd.o #61922; Ralf Habacker, Simon McVittie)
• Fix installation of Ducktype documentation with newer yelp-build
versions (fd.o #106171, Simon McVittie)
• Fix printf formats for pointer-sized integers on 64-bit Windows
(fd.o #105662, Ralf Habacker)
Internal changes:
• The _DBUS_GNUC_WARN_UNUSED_RESULT macro has been replaced with
_DBUS_WARN_UNUSED_RESULT, which is effective with gcc, clang and MSVC
(with cl.exe /analyze). Note that for MSVC compatibility, it must
appear before the return type in function declarations, whereas the
older macro could also have appeared after the arguments.
(fd.o #105460; Daniel Wendt, Ralf Habacker)
dbus 1.13.2 (2018-03-01)
========================
The “can break a man's arm” release.
Enhancements:
• When a container manager creates an extra server at runtime, services
can now request that messages from connections to that server are
tagged with the container instance ID, providing a fast-path for
identifying such connections. (fd.o #101899, Simon McVittie)
Fixes:
• Increase system dbus-daemon's RLIMIT_NOFILE rlimit before it drops
privileges, because it won't have permission afterwards. This fixes a
regression in dbus 1.10.18 and 1.11.0 which made the standard system bus
more susceptible to deliberate or accidental denial of service.
(fd.o #105165, David King)
dbus 1.13.0 (2018-02-08)
========================
The “Citispeed Eco 75” release.
This is a new development branch for the adventurous, and comes with a
risk of regressions. OS distributions should stay with the 1.12.x branch,
unless they can commit to following the 1.13.x branch until it reaches
a 1.14.0 stable release at an unspecified point in the future.
In particular, the new Containers API is subject to change and shouldn't
be enabled in distributions yet, even those aimed at early adopters
(hello, Arch Linux).
Behaviour changes:
• DBusServer (and hence the dbus-daemon) no longer accepts usernames
(login names) for the recommended EXTERNAL authentication mechanism,
only numeric user IDs or the empty string. This is not believed to
affect real D-Bus clients in practice, because most D-Bus clients
send numeric user IDs: the only known client implementation that
sends usernames is dbus-java, and that only when run on a system
where the com.sun.security.auth.module.UnixSystem.getUid() method is
not available. (fd.o #104588, Simon McVittie)
Enhancements:
• D-Bus Specification v0.32
· Deprecate hyphen/minus in reversed domain names, recommending
underscores instead. Recommend prepending an underscore to domain
components that start with a digit, which would not be allowed.
(fd.o #103914, Simon McVittie)
· Clarify how the SASL authentication handshake works
(fd.o #104224, Simon McVittie)
· Recommend that the message bus should remove message header fields
that it does not understand. The new item "HeaderFiltering" in the
message bus' Features property indicates that it promises to do so.
(fd.o #100317, Simon McVittie)
• Add experimental support for creating extra servers at runtime, to
be used by app containers like Flatpak or Snap. This API is still
subject to change and is not compiled in by default.
(fd.o #101354, Simon McVittie)
• Improve automated test logging (fd.o #103601, Simon McVittie)
• The dbus-daemon now filters the messages that it relays, removing
header fields that it does not understand. Clients must not rely on
this behaviour unless they have confirmed that they are connected to
a suitable message bus implementation, for example by querying its
Features property. (fd.o #100317, Simon McVittie)
Fixes:
• When iterating the DBusConnection while blocking on a pending call,
don't wait for I/O if that pending call already has a result; and make
sure that whether it has a result is propagated in a thread-safe way.
This prevents certain multi-threaded calling patterns from blocking
until their timeout even when they should have succeeded sooner.
(fd.o #102839; Manish Narang, Michael Searle)
• Do not look up client-supplied strings in the system user database
(NSS or equivalent) when using the recommended EXTERNAL auth mechanism.
This could previously lead to a deadlock or timeout in the presence of
slow or network-dependent NSS modules. (fd.o #104588, Simon McVittie)
• Report the correct error if OOM is reached while trying to listen
on a TCP socket (fd.o #89104, Simon McVittie)
• Fix a crash and an assertion failure in the server side of the
nonce-tcp: transport under error conditions
(fd.o #89104, Simon McVittie)
• Fix assertion failures in recovery from OOM while setting up a
DBusServer (fd.o #89104, Simon McVittie)
• Don't leak a file descriptor if setting up a launchd server fails
(fd.o #89104, Simon McVittie)
• Add a missing space to a warning message (fd.o #103729, Thomas Zajic)
• Fix some memory leaks in automated tests
(fd.o #103600, Simon McVittie)
• Expand ${bindir} correctly when pkg-config is asked for dbus_daemondir
(fd.o #104265, Benedikt Heine)
• On Linux systems with systemd < 237, if ${localstatedir}/lib/dbus doesn't
exist, create it before trying to create ${localstatedir}/lib/dbus/machine-id
(fd.o #104577, Chris Lesiak)
• Fix escaping in dbus-api-design document (fd.o #104925, Philip Withnall)
Internal changes:
• Harden the nonce-tcp: transport against resource leaks and
use-after-free (fd.o #103597, Simon McVittie)
• Make _DBUS_STRING_DEFINE_STATIC more consistent with
_dbus_string_init_const() (fd.o #89104, Simon McVittie)
• Add _DBUS_STRING_INIT_INVALID, analogous to NULL, and use it to
simplify error unwinding code paths (fd.o #89104, Simon McVittie)
• Make the behaviour of _dbus_string_init_const()/_dbus_string_free()
consistent with _dbus_string_init()/_dbus_string_free(): it now clears
the string to _DBUS_STRING_INIT_INVALID, whereas previously it left
the string untouched (fd.o #89104, Simon McVittie)
• Remove automated test data for wire protocol version 0, which has not
been supported since 2005 (fd.o #103758, Simon McVittie)
• Simplify method calls in automated tests
(fd.o #103600, Simon McVittie)
dbus 1.12.2 (2017-11-13)
========================
The “spider pumpkin” release.
Enhancements:
• Log a warning if a new connection cannot be accepted due to an
out-of-memory condition or failure to identify its AppArmor or
SELinux context (fd.o #103592, Simon McVittie)
Fixes:
• Make use of $(MKDIR_P) compatible with install-sh, fixing build when a
GNU-compatible `mkdir -p` is not available (fd.o #103521, ilovezfs)
• When building for Windows with Autotools, avoid `echo -e`, fixing
cross-compilation on non-GNU platforms like macOS
(fd.o #103493, Tony Theodore)
• Fix crashes in the server side of the nonce-tcp: transport under
various error conditions. This transport should normally only be used
on Windows, where AF_UNIX sockets are unavailable; the unix: transport
is the only one recommended for production use on Unix platforms.
(fd.o #103597, Simon McVittie)
Internal changes:
• Improve test coverage on Travis-CI (Simon McVittie)
dbus 1.12.0 (2017-10-30)
========================
The “gingerbread skull” release.
1.12.x is a new stable branch, recommended for use in OS
distributions.
Summary of major changes between 1.10.x and 1.12.0
--------------------------------------------------
Dependencies:
• Expat >= 2.1.0 is required.
• GLib >= 2.40 is required if full test coverage is enabled.
• [Linux] libselinux >= 2.0.86 is required if SELinux support is
enabled.
• [Unix] dbus now requires an <inttypes.h> that defines C99 constants
such as PRId64 and PRIu64, except when building for Windows.
• [Autotools] Building from git (but not from tarballs) with Autotools
now requires macros from the GNU Autoconf Archive.
• [CMake] Builds done using CMake now require CMake 3.0.2.
Build-time configuration changes:
• Expat is now found using pkg-config. See the release notes for
1.11.14.
• The --disable-compiler-optimisations and --enable-compiler-coverage
options no longer exist. See the release notes for 1.11.4 and 1.11.8.
• [Unix] The --enable-abstract-sockets and --disable-abstract-sockets
options no longer exist. See the release notes for 1.11.20.
• [Unix] Flag files in /var/run/console/${username} are no longer
checked for at_console by default. See the release notes for 1.11.18.
• [Unix, Cygwin] Init scripts are no longer provided by upstream dbus,
and packagers will now need to add these downstream (most already do).
See the release notes for 1.11.18.
• [Unix] The process ID file no longer has a different default location
on Red Hat derivatives. See the release notes for 1.11.18.
• [Unix] ${runstatedir} is now independent of ${localstatedir} with
recent Autotools versions. See the release notes for 1.11.16.
• [Windows] The WINDRES variable is no longer used. See the release
notes for 1.11.22.
Deprecations:
• Eavesdropping is officially deprecated in favour of BecomeMonitor.
See the release notes for spec version 0.31 (in dbus 1.11.14).
• [Unix] Flag files in /var/run/console/${username} are deprecated.
See the release notes for 1.11.18.
New APIs:
• <allow> and <deny> rules in dbus-daemon configuration can now
include send_broadcast="true", send_broadcast="false",
max_unix_fds="N", min_unix_fds="N" (for some integer N).
See the release notes for 1.11.18.
• dbus_try_get_local_machine_id() is like
dbus_get_local_machine_id(), but returns a DBusError.
• New APIs around DBusMessageIter to simplify cleanup.
See the release notes for 1.11.16.
• The message bus daemon now implements the standard Introspectable,
Peer and Properties interfaces. See the release notes for
dbus 1.11.14 and spec version 0.31.
• DTDs for introspection XML and bus configuration are installed.
• dbus can be compiled to be relocatable, making it more suitable for
binary bundling with other software. On Windows, this is on by
default.
• [Unix] A new unix:dir=… address family resembles unix:tmpdir=… but
never uses Linux abstract sockets, which is advantageous for
containers. On non-Linux it is equivalent to unix:tmpdir=….
See the release notes for dbus 1.11.14 and spec version 0.31.
• [Unix] New option "dbus-launch --exit-with-x11".
• [Unix] Session managers can create transient .service files in
$XDG_RUNTIME_DIR/dbus-1/services. See the release notes for 1.11.12.
• [Unix] A sysusers.d snippet can create the messagebus user on-demand.
Miscellaneous behaviour changes:
• [Unix] The session bus now logs to syslog if it was started by
dbus-launch.
• [Unix] Internal warnings are logged to syslog if configured.
• [Unix] Exceeding an anti-DoS limit is logged to syslog if configured,
or to stderr.
Changes since 1.11.22 release candidate
---------------------------------------
Standard stable-branch changes:
• Disable warnings about use of deprecated functions (Simon McVittie)
Fixes:
• Don't distribute files generated by ./configure in the source tarball
(fd.o #103420, Simon McVittie)
Internal changes:
• Remove some unused files from the git repository
(fd.o #103420, Simon McVittie)
D-Bus 1.11.22 (2017-10-23)
==========================
The “fire surface” release.
This is the first release-candidate for the 1.12.0 stable release.
Build-time configuration changes:
• When building for Windows with Autotools, setting the WINDRES variable
no longer works to select a non-standard resource compiler. Use
libtool's standard RC variable instead, for example
"./configure RC=i686-w64-mingw32-windres"
Dependencies:
• Builds done using CMake now require CMake 3.0.2.
Enhancements:
• When building for Windows, improve quality of metadata in
libdbus-1-3.dll (fd.o #103015, Ralf Habacker)
Fixes:
• Fix a typo "uint 16" in dbus-send(1) man page
(fd.o #103075, David King)
• When building for Windows, libdbus-1-3.dll always includes version
information. Previously, this was missing if using CMake and any
non-MSVC compiler. (fd.o #103015, Ralf Habacker)
• Fix the build with MSVC, which regressed with the #102558 fix in
1.11.20. (fd.o #102558, Ralf Habacker)
Internal changes:
• Simplify Windows resource embedding
(fd.o #103015, Simon McVittie)
D-Bus 1.11.20 (2017-10-03)
==
The “wraith stun” release.
Build-time configuration changes:
• The --enable-abstract-sockets and --disable-abstract-sockets options
no longer exist. Support for Linux's abstract AF_UNIX sockets is now
unconditionally enabled on Linux and disabled everywhere else.
(fd.o #34905, Simon McVittie)
Enhancements:
• Make slower tests less likely to time out, and improve diagnostics if
tests do time out (fd.o #103009, Simon McVittie)
• On Windows, don't compile an unused stub implementation of
_dbus_set_signal_handler() (fd.o #103010, Simon McVittie)
Fixes:
• Be more careful to save and restore errno in POSIX async signal
handlers (fd.o #103010, Simon McVittie)
• On Windows, embed a manifest in dbus-update-activation-environment.exe
so that the heuristics used for UAC do not assume it needs elevated
privileges due to its name containing "update"
(fd.o #102558, Ralf Habacker)
• On Windows with Automake, embed version information in libdbus-1,
as was meant to happen in all versions since 2009
(fd.o #103015, Simon McVittie)
D-Bus 1.11.18 (2017-09-25)
==
The “vampire conquistador” release.
Build-time configuration changes:
• By default, dbus-daemon on Unix no longer checks for flag files
/var/run/console/${username} created by the obsolete pam_console and
pam_foreground PAM modules when deciding whether ${username} is
currently at the console. The old default behaviour can be restored
by specifying --with-console-auth-dir=/var/run/console in the
recommended Autotools build system, or
-DDBUS_CONSOLE_AUTH_DIR=/var/run/console in CMake. This feature is
now deprecated, and will be removed in dbus 1.13 unless feedback via
fd.o #101629 indicates that this would be problematic.
(fd.o #101629, Simon McVittie)
• LSB-style init scripts for Red Hat and Slackware, and a non-LSB init
script for Cygwin, are no longer provided in the upstream dbus
source. We recommend that distributors who support non-systemd service
management should maintain their own init scripts or other service
manager integration as part of their downstream packaging, similar to
the way Debian distributes a Debian-specific LSB init script for dbus.
The systemd unit continues to be maintained as part of the upstream
dbus source, because it receives regular testing and maintenance.
(fd.o #101706, Simon McVittie)
• The process ID file created by the system bus is no longer influenced
by the --with-init-scripts=redhat configure option or the presence of
/etc/redhat-release at build time. If your OS's init script or other
service management relies on the Red Hat-style pid file, it can be
restored by specifying --with-system-pid-file=/run/messagebus.pid at
configure time or using the <pidfile> directive in bus configuration.
Note that the upstream-supplied systemd unit runs dbus-daemon with
the --nopidfile option, so it does not normally write a pid file,
regardless of whether the OS is Red-Hat-derived or not.
(fd.o #101706, Simon McVittie)
Enhancements:
• <allow> and <deny> rules in dbus-daemon configuration can now
include send_broadcast="true" or send_broadcast="false", which make
the rule only match broadcast signals, or only match messages that
are not broadcast signals, respectively.
(fd.o #29853, Simon McVittie)
• <allow> and <deny> rules can now be configured to apply only to
messages with or without Unix file descriptors attached. This would
typically be used in rules like these:
<allow send_destination="..." max_unix_fds="0"/>
<deny send_destination="..." min_unix_fds="1"/>
<deny receive_sender="..." min_unix_fds="1"/>
but can also be used to set a nonzero upper limit on the number of
file descriptors:
<allow send_destination="..." max_unix_fds="4"/>
(fd.o #101848, Simon McVittie)
• On Unix platforms, the DBUS_COOKIE_SHA1 authentication mechanism
now respects the HOME environment variable on the client side, and
on the server side when the uid attempting to connect is the same
as the uid of the server. This allows the automated tests to pass in
environments where the user's "official" home directory in /etc/passwd
is nonexistent, such as Debian autobuilders.
(fd.o #101960, Simon McVittie)
Fixes:
• When parsing dbus-daemon configuration, tell Expat not to use
cryptographic-quality entropy as a salt for its hash tables: we trust
the configuration files, so we are not concerned about algorithmic
complexity attacks via hash table collisions. This prevents
dbus-daemon --system from holding up the boot process (and causing
early-boot system services like systemd, logind, networkd to time
out) on entropy-starved embedded systems.
(fd.o #101858, Simon McVittie)
• Avoid a -Werror=declaration-after-statement build failure on Solaris
(fd.o #102145, Alan Coopersmith)
• On Unix platform, drop DBUS_SYSTEM_LOG_INFO messages from LOG_NOTICE
to LOG_INFO, matching how we use this log level in practice
(fd.o #102686, Simon McVittie)
D-Bus 1.11.16 (2017-07-27)
==
The “south facing garden” release.
Build-time configuration changes:
• The Autotools build system now supports varying ${runstatedir}
independently of ${localstatedir}, if using an Autoconf version
that has that feature; version 2.70 will eventually have this, but
many Linux distributions add it to version 2.69 as a patch.
A typical use is to set prefix=/usr, sysconfdir=/etc, localstatedir=/var
and runstatedir=/run. (fd.o #101569, Simon McVittie)
Enhancements:
• New APIs DBUS_MESSAGE_ITER_INIT_CLOSED, dbus_message_iter_init_closed()
and dbus_message_iter_abandon_container_if_open() simplify the
single-exit-point ("goto out") style of resource cleanup. The API
documentation around DBusMessageIter and containers has also been
clarified. (fd.o #101568, Simon McVittie)
Fixes:
• Fix the implementation of re-enabling a timeout (again) so that its
countdown is always restarted as intended. (fd.o #95619,
Michal Koutný)
• Make the dbus-daemon's Properties interface, as introduced in 1.11.14,
available to all users on the system bus (fd.o #101700, Simon McVittie)
• dbus_message_iter_append_basic() no longer leaks memory if it fails to
append a file descriptor to a message. (fd.o #101568, Simon McVittie)
• dbus_message_iter_open_container() no longer leaks memory if it runs out
of memory. (fd.o #101568, Simon McVittie)
• dbus_message_append_args_valist() no longer leaks memory if given an
unsupported type. This situation is still considered to be a programming
error which needs to be corrected by the user of libdbus.
(fd.o #101568, Simon McVittie)
• dbus_message_iter_append_basic() and dbus_message_iter_open_container()
will no longer report that their arguments were invalid if they run out
of memory at exactly the wrong time. (fd.o #101568, Simon McVittie)
• Ensure that tests fail if they would otherwise have tried to connect to
the real session bus (fd.o #101698, Simon McVittie)
• Make build-time tests cope with finding Python 3, but not Python 2
(fd.o #101716, Simon McVittie)
Internal changes relevant to dbus developers:
• DBusVariant is a new mechanism to copy single values from a message into
a buffer without copying the entire message (fd.o #101568, Simon McVittie)
• DBUS_SYSTEM_LOG_FATAL has been replaced by DBUS_SYSTEM_LOG_ERROR.
Logging an ERROR message does not make the process exit; the caller
is responsible for calling abort() or exit(), whichever is more appropriate.
(fd.o #101568, Simon McVittie)
• Better test coverage (fd.o #101568, Simon McVittie)
D-Bus 1.11.14 (2017-06-29)
==
The “irrational fear of bees” release.
Dependencies:
• Expat >= 2.1.0 is always required
• libselinux >= 2.0.86 is required if SELinux support is enabled
• GLib >= 2.40 is required if full test coverage is enabled
Build-time configuration changes:
• We now use pkg-config to find libexpat in Autotools builds. This requires
Expat 2.1.0 (March 2012) or later. In particular, this should remove the
need to configure with LDFLAGS=-L/usr/local/lib on OpenBSD, which can
itself cause compilation failures.
As with all pkg-config-based configure checks, you can use
PKG_CONFIG_PATH=/whatever/lib/pkgconfig to find expat.pc in a
non-standard prefix, or EXPAT_CFLAGS="-I/whatever/include" and
EXPAT_LIBS="-L/whatever/lib -lexpat" to avoid needing a .pc file
at all.
(fd.o #69801, Simon McVittie)
• Similarly, we now use pkg-config to find libselinux. Version 2.0.86
is required due to the removal of explicit refcounting for SIDs.
(fd.o #100912, Laurent Bigonville)
Behaviour changes:
• Previously, /etc/machine-id could be copied to /var/lib/dbus/machine-id
as a side-effect of a sufficiently privileged process merely reading the
machine ID. It is no longer copied as a side-effect of reading.
Running dbus-uuidgen --ensure, which should be done after installing dbus,
continues to copy /etc/machine-id to /var/lib/dbus/machine-id if the
former exists and the latter does not.
(fd.o #101257, Simon McVittie)
• The undocumented Verbose interface, and the GetAllMatchRules method on
the undocumented Stats interface, must now be used via the object path
/org/freedesktop/DBus. Previously, they existed on all object paths.
(fd.o #101257, Simon McVittie)
• AddMatch() with a match rule containing eavesdrop='true' will now fail
unless called by either the same user as the dbus-daemon, or Unix uid 0
(root), matching the restrictions applied to the newer BecomeMonitor()
method. On the session bus this has no practical effect. On the system
bus this will prevent certain configurations that already did not
work well in practice. (fd.o #101567, Simon McVittie)
Enhancements:
• D-Bus Specification version 0.31
· Don't require implementation-specific search paths to be lowest
priority
· Correct regex syntax for optionally-escaped bytes in addresses so it
includes hyphen-minus, forward slash and underscore as intended
· Describe all message bus methods in the same section
· Clarify the correct object path for method calls to the message bus
(/org/freedesktop/DBus, DBUS_PATH_DBUS in the reference implementation)
· Document that the message bus implements Introspectable, Peer and
Properties
· Add new Features and Interfaces properties for message bus
feature-discovery
· Add unix:dir=..., which resembles unix:tmpdir=... but never uses
abstract sockets
· Don't require eavesdrop='true' to be accepted from connections not
sufficiently privileged to use it successfully
· Formally deprecate eavesdropping in favour of BecomeMonitor
(fd.o #99825, #100686, #100795, #101256, #101257, #101567;
Simon McVittie, Tom Gundersen)
• Implement the Properties and Peer interfaces in dbus-daemon
(fd.o #101257, Simon McVittie)
• New function dbus_try_get_local_machine_id() is like
dbus_get_local_machine_id(), but returning a DBusError. Other code
that needs the machine ID will now report a recoverable error (instead
of logging to stderr and aborting) if no machine ID is available.
Generating a machine ID is still considered to be a required part of
installing dbus correctly. (fd.o #13194, Simon McVittie)
• Implement GetConnectionSELinuxSecurityContext("org.freedesktop.DBus")
(fd.o #101315, Laurent Bigonville)
• Avoid deprecated API calls when using SELinux
(fd.o #100912, Laurent Bigonville)
• Switch a test from the deprecated g_test_trap_fork() to
g_test_trap_subprocess(), for Windows support and better robustness
on Unix (fd.o #101362, Simon McVittie)
• On systemd systems, if ${localstatedir}/lib/dbus/machine-id doesn't exist,
instruct systemd-tmpfiles to make it a symbolic link to /etc/machine-id.
This prevents the two files from going out of sync on stateless or live
images without needing to run dbus-uuidgen, and supports older D-Bus
implementations that do not necessarily read /etc/machine-id themselves.
(fd.o #101570, Simon McVittie)
• Implement unix:dir=..., which resembles unix:tmpdir=... but never uses
abstract sockets. This is preferable when used with Linux containers.
(fd.o #101567, Simon McVittie)
Fixes:
• Fix a reference leak when blocking on a pending call on a connection
that has been disconnected (fd.o #101481, Shin-ichi MORITA)
• Don't put timestamps in the Doxygen-generated documentation,
or hard-code the build directory into builds with embedded tests,
for reproducible builds (fd.o #100692, Simon McVittie)
• Fix some integration test issues (fd.o #100686, Simon McVittie)
• Fix memory leaks in the tests (fd.o #101257, Simon McVittie)
• If we somehow get an autolaunch address with multiple semicolon-separated
components, and they don't work, don't invalidly "pile up" errors
(fd.o #101257, Simon McVittie)
Documentation:
• Update git URIs in HACKING document to sync up with cgit.freedesktop.org
(fd.o #100715, Simon McVittie)
D-Bus 1.11.12 (2017-04-07)
==
The “it's something humans do” release.
Enhancements:
• The session dbus-daemon now supports transient .service files
in $XDG_RUNTIME_DIR/dbus-1/services. Unlike the other standard
service directories, this directory is not monitored with inotify
or similar, and the service files must be named exactly
${bus_name}.service. (fd.o #99825, Simon McVittie)
• dbus can be configured with --enable-relocation when building with
Autotools, or with -DDBUS_RELOCATABLE=ON when building with cmake,
to make the pkg-config metadata relocatable. This is useful for
non-standard prefixes, and in particular for Windows installations.
However, it is not recommended for system-wide installations into
/usr, because it interferes with pkg-config's ability to filter out
compiler default linker directories.
With Autotools, the default is --enable-relocation when building
for Windows or --disable-relocation otherwise. With CMake, the default
is -DDBUS_RELOCATABLE=ON.
(fd.o #99721; Ralf Habacker, Simon McVittie)
• Users of CMake ≥ 2.6 can now link to libdbus without providing their
own FindDBus.cmake macros, whether dbus was compiled with Autotools
or with CMake. See the end of README.cmake for more information.
(fd.o #99721; Ralf Habacker, Simon McVittie)
Fixes:
• Always read service file directories in the intended order
(fd.o #99825, Simon McVittie)
• When tests are skipped, don't try to kill nonexistent process 0
(fd.o #99825, Simon McVittie)
• Avoid valgrind false positives (fd.o #88808, Philip Withnall)
• Fix a harmless read overflow and some memory leaks in a unit test
(fd.o #100568, Philip Withnall)
• Fix some typos in test code
(fd.o #99999, Coverity #141876, #141877; Philip Withnall)
• Clarify the roles of /etc/dbus-1/s*.d and /usr/share/dbus-1/s*.d
in documentation (fd.o #99901, Philip Withnall)
• Fix and enable compiler warnings related to -Wswitch
(fd.o #98191; Thomas Zimmermann, Simon McVittie)
• Fix writing off the end of a fd_set when testing with valgrind
(fd.o #99839, Philip Withnall)
D-Bus 1.11.10 (2017-02-16)
==
The “purple hair gives you telekinesis?” release.
Dependencies:
• AppArmor support requires at least libapparmor 2.8.95, reduced
from 2.10 in previous versions. One test requires 2.10 and is
skipped if building with an older version.
Enhancements:
• Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian
stable and Debian testing in addition to the older Ubuntu that is
the default (fd.o #98889, Simon McVittie)
• Avoid some deprecated CMake functions (fd.o #99586, Ralf Habacker)
• Silence many -Wswitch-enum and -Wswitch-default warnings
(fd.o #98191; Thomas Zimmermann, Simon McVittie)
• Install a sysusers.d snippet so `dbus-daemon --system` can be used
with an unpopulated /etc (fd.o #99162, Lennart Poettering)
• Install pkg-config metadata on Unix even if building with CMake
(fd.o #99752, Ralf Habacker)
• Exclude auth mechanisms from REJECTED message if they are supported
in the code but but configured to be disallowed (fd.o #99621,
Ralf Habacker)
Fixes:
• Prevent symlink attacks in the nonce-tcp transport on Unix that could
allow an attacker to overwrite a file named "nonce", in a directory
that the user running dbus-daemon can write, with a random value
known only to the user running dbus-daemon. This is unlikely to be
exploitable in practice, particularly since the nonce-tcp transport
is really only useful on Windows.
On Unix systems we strongly recommend using only the unix: and systemd:
transports, together with EXTERNAL authentication. These are the only
transports and authentication mechanisms enabled by default.
(fd.o #99828, Simon McVittie)
• Avoid symlink attacks in the "embedded tests", which are not enabled
by default and should never be enabled in production builds of dbus.
(fd.o #99828, Simon McVittie)
• Fix the implementation of re-enabling a timeout so that its
countdown is restarted as intended, instead of continually
decreasing. (fd.o #95619; Michal Koutný, Simon McVittie)
• When receiving a message with file descriptors, do not start reading
the beginning of the next message, so that only one such message
is processed at a time. In conjunction with the fix for #95619
this means that processes sending many file descriptors, such as
systemd-logind on a system that receives very rapid ssh connections,
are not treated as abusive and kicked off the bus. Revert the previous
workaround that special-cased uid 0.
(fd.o #95263, LP#1591411; Simon McVittie)
• Do not require TMPDIR, TEMP or TMP to be set when cross-compiling
for Windows with CMake (fd.o #99586, Ralf Habacker)
• Do not set Unix-specific variables when targeting Windows
(fd.o #99586, Ralf Habacker)
• Install Unix executables to ${CMAKE_INSTALL_PREFIX}/bin as intended,
not ${CMAKE_INSTALL_PREFIX}/lib (fd.o #99752, Ralf Habacker)
• Use relative install locations in CMake on Unix to respect DESTDIR,
and use GNU-style install layout (fd.o #99721, #99752; Ralf Habacker)
• Install dbus-arch-deps.h correctly when using CMake
(fd.o #99586, #99721; Ralf Habacker)
• Improve argument validation for `dbus-test-tool spam`
(ffd.o #99693, Coverity #54759; Philip Withnall)
• Don't shift by a negative integer if a hash table becomes monstrously
large (fd.o #99641, Coverity #54682; Philip Withnall)
• Don't leak LSM label if dbus-daemon runs out of memory when dealing with
a new connection (fd.o #99612, Coverity #141058; Philip Withnall)
• Remove an unnecessary NULL check
(fd.o #99642, Coverity #141062; Philip Withnall)
• Improve error handling in unit tests and dbus-send
(fd.o #99643, #99694, #99712, #99722, #99723, #99724, #99758,
#99759, #99793, Coverity #54688, #54692, #54693, #54697, #54701,
#54710, #54711, #54714, #54715, #54718, #54721, #54724, #54726,
#54730, #54740, #54822, #54823, #54824, #54825; Philip Withnall)
• Do not print verbose messages' timestamps to stderr if the actual message
has been redirected to the Windows debug port (fd.o #99749, Ralf Habacker)
D-Bus 1.11.8 (2016-11-28)
==
The “panics in the face of breakfast foods” release.
Build-time configuration:
• The new --enable-debug configure option provides an easy way to
enable debug symbols, disable optimization and/or enable profiling.
• The --enable-compile-warnings configure option can be used to control
compiler warnings.
• The --disable-compiler-optimisations configure option is no longer
supported. Use --enable-debug=yes or CFLAGS=-O0 instead.
Enhancements:
• D-Bus Specification version 0.30
· Define the jargon term "activation" more clearly
· Define the jargon term "auto-starting", which is one form of activation
· Document the optional SystemdService key in service files
· Use versioned interface and bus names in most examples
· Clarify intended behaviour of Properties.GetAll
(fd.o #36190, fd.o #98671; Philip Withnall, Simon McVittie)
• Fix and enable a lot of compiler warnings to improve future code
quality. This might incidentally also fix some environment variable
accesses on OS X.
· In particular, printf-style functions in the libdbus API are now annotated
with __attribute__((__format__(__printf__, *, *))) when compiling with
gcc or clang. This might make printf bugs in other software visible
at compile time.
(fd.o #97357, fd.o #98192, fd.o #98195, fd.o #98658;
Thomas Zimmermann, Simon McVittie)
• When running with AppArmor mediation (for example using Ubuntu's patched
Linux kernel), clients can no longer auto-start services unless they would
have been able to send the auto-starting message to the service after it
starts. StartServiceByName() is unaffected, and continues to be allowed by
default in AppArmor's <abstractions/dbus-strict> and
<abstractions/dbus-session-strict>. (fd.o #98666, Simon McVittie)
Fixes:
• Work around an undesired effect of the fix for CVE-2014-3637
(fd.o #80559), in which processes that frequently send fds, such as
logind during a flood of new PAM sessions, can get disconnected for
continuously having at least one fd "in flight" for too long;
dbus-daemon interprets that as a potential denial of service attack.
The workaround is to disable that check for uid 0 process such as
logind, with a message in the system log. The bug remains open while
we look for a more general solution.
(fd.o #95263, LP#1591411; Simon McVittie)
• Don't run the test test-dbus-launch-x11.sh if X11 autolaunching
was disabled at compile time. That test is not expected to work
in that configuration. (fd.o #98665, Simon McVittie)
D-Bus 1.11.6 (2016-10-10)
==
The “darkly whimsical” release.
Security fixes:
• Do not treat ActivationFailure message received from root-owned systemd
name as a format string. In principle this is a security vulnerability,
but we do not believe it is exploitable in practice, because only
privileged processes can own the org.freedesktop.systemd1 bus name, and
systemd does not appear to send activation failures that contain "%".
Please note that this probably *was* exploitable in dbus versions
older than 1.6.30, 1.8.16 and 1.9.10 due to a missing check which at
the time was only thought to be a denial of service vulnerability
(CVE-2015-0245). If you are still running one of those versions,
patch or upgrade immediately.
(fd.o #98157, Simon McVittie)
Enhancements:
• D-Bus Specification version 0.29
· Recommend not using '/' for object paths (fd.o #37095, Philip Withnall)
· Allow <annotation> in <arg> elements (fd.o #86162, Philip Withnall)
• Log to syslog when we exceed various anti-DoS limits, and add test
coverage for them (fd.o #86442, Simon McVittie)
• Improve syslog handling so that _dbus_warn() and similar warnings
go to syslog, add dbus-daemon --syslog|--nosyslog|--syslog-only options,
and log to syslog (instead of /dev/null) when dbus-daemon is started by
dbus-launch. (fd.o #97009, Simon McVittie)
• Install introspect.dtd and busconfig.dtd to ${datadir}/xml/dbus-1
(fd.o #89011, Philip Withnall)
• When logging messages about service activation, mention which peer
requested the activation (fd.o #68212, Philip Withnall)
• On Linux, mention the LSM label (if available) whenever we print
debug information about a peer (fd.o #68212, Philip Withnall)
Other fixes:
• Harden dbus-daemon against malicious or incorrect ActivationFailure
messages by rejecting them if they do not come from a privileged
process, or if systemd activation is not enabled
(fd.o #98157, Simon McVittie)
• Avoid undefined behaviour when setting reply serial number without going
via union DBusBasicValue (fd.o #98035, Marc Mutz)
• Fix CMake build for Unix platforms that do not have -lrt, such as Android,
or that do need -lsocket, such as QNX (fd.o #94096, Ralf Habacker)
• autogen.sh: fail cleanly if autoconf fails (Simon McVittie)
D-Bus 1.11.4 (2016-08-15)
==
The “copper pickaxe” release.
Dependencies:
• Building from git (but not from tarballs) now requires
macros from the GNU Autoconf Archive, for example the autoconf-archive
package in Debian or Fedora derivatives.
Build-time configuration:
• The option to enable coverage instrumentation has changed from
--enable-compiler-coverage to --enable-code-coverage.
Enhancements:
• D-Bus Specification version 0.28
· Clarify some details of serialization (fd.o #93382, Philip Withnall)
• Increase listen() backlog of AF_UNIX sockets to the maximum possible,
minimizing failed connections under heavy load
(fd.o #95264, Lennart Poettering)
• Add a new dbus-launch --exit-with-x11 option (fd.o #39197, Simon McVittie)
• Use the same regression tests for subprocess starting on Unix and Windows
(fd.o #95191, Ralf Habacker)
• Print timestamps and thread IDs in verbose messages
(fd.o #95191, Ralf Habacker)
• On Unix, unify the various places that reopen stdin, stdout and/or stderr
pointing to /dev/null (fd.o #97008, Simon McVittie)
• Use AX_CODE_COVERAGE instead of our own COMPILER_COVERAGE
(fd.o #88922, Thomas Zimmermann)
Fixes:
• On Windows, fix a memory leak in replacing the installation prefix
(fd.o #95191, Ralf Habacker)
• On Linux, when dbus-daemon is run with reduced susceptibility to the
OOM killer (typically via systemd), do not let child processes inherit
that setting (fd.o #32851; Kimmo Hämäläinen, WaLyong Cho)
• On Unix, make dbus-launch and dbus-daemon --fork work as intended
even if a parent process incorrectly starts them with stdin, stdout
and/or stderr closed (fd.o #97008, Simon McVittie)
• Output valid shell syntax in ~/.dbus/session-bus/ if the bus address
contains a semicolon (fd.o #94746, Thiago Macieira)
• Fix memory leaks and thread safety in subprocess starting on Windows
(fd.o #95191, Ralf Habacker)
• Stop test-dbus-daemon incorrectly failing on platforms that cannot
discover the process ID of clients (fd.o #96653, Руслан Ижбулатов)
• In tests that exercise correct handling of crashing D-Bus services,
suppress Windows crash handler (fd.o #95155; Yiyang Fei, Ralf Habacker)
• Explicitly check for stdint.h (Ioan-Adrian Ratiu)
• In tests, add an invalid DBusAuthState to avoid undefined behaviour
in some test cases (fd.o #93909, Nick Lewycky)
• Add assertions to reassure a static analysis tool
(fd.o #93210, Deepika Aggarwal)
• Be explicit about enum comparison when loading XML
(fd.o #93205, Deepika Aggarwal)
• update-activation-environment: produce better diagnostics on error
(fd.o #96653, Simon McVittie)
• Avoid various compiler warnings with gcc 6
(fd.o #97282; Thomas Zimmermann, Simon McVittie)
• On Unix when configured to use the system log, report as "dbus-daemon",
not as "dbus" (fd.o #97009, Simon McVittie)
• During unit tests, reduce the amount we write to the system log
(fd.o #97009, Simon McVittie)
D-Bus 1.11.2 (2016-03-07)
==
The “pneumatic drill vs. Iron Maiden” release.
Fixes:
• Enable "large file support" on systems where it exists: dbus-daemon
is not expected to open large files, but it might need to stat files
that happen to have large inode numbers (fd.o #93545, Hongxu Jia)
• Eliminate padding inside DBusMessageIter on 64-bit platforms,
which might result in a pedantic C compiler not copying the entire contents
of a DBusMessageIter; statically assert that this is not an ABI change
in practice (fd.o #94136, Simon McVittie)
• Document dbus-test-tool echo --sleep-ms=N instead of incorrect --sleep=N
(fd.o #94244, Dmitri Iouchtchenko)
• Correctly report test failures in C tests from run-test.sh
(fd.o #93379; amit tewari, Simon McVittie)
• When tests are enabled, run all the marshal-validate tests, not just
the even-numbered ones (fd.o #93908, Nick Lewycky)
• Correct the expected error from one marshal-validate test, which was
previously not run due to the above bug (fd.o #93908, Simon McVittie)
• Fix compilation under CMake when embedded tests are disabled
(fd.o #94094, eric.hyer)
Internal changes:
• Fix all -Wpointer-sign (signed/unsigned mismatch) warnings, and enable the
warning (fd.o #93069; Ralf Habacker, Simon McVittie)
• When building with CMake, use the same gcc/clang warnings as under Autotools,
or MSVC warnings that are broadly similar (fd.o #93069, Ralf Habacker)
• test/name-test: make C tests produce TAP output and run them directly, not
via run-test.sh (fd.o #92899, Simon McVittie)
• Under CMake when cross-compiling for Windows on Unix, run the tests
under Wine even if binfmt_misc support is not available
(fd.o #88966, Ralf Habacker)
• The DBUS_USE_TEST_BINARY environment variable is no longer used by builds with
embedded tests; DBUS_TEST_DBUS_LAUNCH replaces it (fd.o #92899, Simon McVittie)
• Factor out some functions that will be needed in future for a Windows
implementation of dbus-run-session (fd.o #92899, Ralf Habacker)
D-Bus 1.11.0 (2015-12-02)
==
The “peppermint deer” release.
Dependencies:
• On non-Windows platforms, dbus now requires an <inttypes.h> that defines
C99 constants such as PRId64 and PRIu64.
Enhancements:
• D-Bus Specification version 0.27
· Specify that services should not reply if NO_REPLY_EXPECTED was used
(fd.o #75749, Lars Uebernickel)
• Add a script to do continuous-integration builds, and metadata to run it
on travis-ci.org. To use this, clone the dbus git repository on GitHub
and set it up with travis-ci.org; the only special setting needed is
"only build branches with a .travis.yml". (fd.o #93194, Simon McVittie)
• If dbus-daemon is run with --systemd-activation, do not require
org.freedesktop.systemd1.service to exist (fd.o #93194, Simon McVittie)
Fixes:
• Re-order dbus-daemon startup so that on SELinux systems, the thread
that reads AVC notifications retains the ability to write to the
audit log (fd.o #92832, Laurent Bigonville)
• Print 64-bit integers on non-GNU Unix platforms (fd.o #92043, Natanael Copa)
• When using the Monitoring interface, match messages' destinations
(fd.o #92074, Simon McVittie)
• On Linux with systemd, stop installing a reference to the obsolete
dbus.target, and enable dbus.socket statically (fd.o #78412, #92402;
Simon McVittie)
• On Windows, when including configuration files with <include> or
<includedir>, apply the same relocation as for the Exec paths
in .service files (fd.o #92028, Simon McVittie)
• Add support for backtraces on Windows (fd.o #92721, Ralf Habacker)
• Fix many -Wpointer-sign warnings (fd.o #93069, Ralf Habacker)
D-Bus 1.10.6 (2015-12-01)
==
The “marzipan beetles” release.
Fixes:
• On Unix when running tests as root, don't assert that root and
the dbus-daemon user can still call UpdateActivationEnvironment;
assert that those privileged users can call BecomeMonitor instead
(fd.o #93036, Simon McVittie)
• On Windows, fix a memory leak in the autolaunch transport (fd.o #92899,
Simon McVittie)
• On Windows Autotools builds, don't run tests that rely on
dbus-run-session and other Unix-specifics (fd.o #92899, Simon McVittie)
D-Bus 1.10.4 (2015-11-17)
==
The “Frostburn Canyon” release.
Enhancements:
• GetConnectionCredentials, GetConnectionUnixUser and
GetConnectionUnixProcessID with argument "org.freedesktop.DBus"
will now return details of the dbus-daemon itself. This is required
to be able to call SetEnvironment on systemd.
(fd.o #92857, Jan Alexander Steffens)
Fixes:
• Make UpdateActivationEnvironment always fail with AccessDenied on the
system bus. Previously, it was possible to configure it so root could
call it, but the environment variables were not actually used,
because the launch helper would discard them.
(fd.o #92857, Jan Alexander Steffens)
• On Unix with --systemd-activation on a user bus, make
UpdateActivationEnvironment pass on its arguments to systemd's
SetEnvironment method, solving inconsistency between the environments
used for traditional activation and systemd user-service activation.
(fd.o #92857, Jan Alexander Steffens)
• On Windows, don't crash if <syslog/> or --syslog is used
(fd.o #92538, Ralf Habacker)
• On Windows, fix a memory leak when setting a DBusError from a Windows
error (fd.o #92721, Ralf Habacker)
• On Windows, don't go into infinite recursion if we abort the process
with backtraces enabled (fd.o #92721, Ralf Habacker)
• Fix various failing tests, variously on Windows and cross-platform:
· don't test system.conf features (users, groups) that only make sense
on the system bus, which is not supported on Windows
· don't call _dbus_warn() when we skip a test, since it is fatal
· fix computation of expected <standard_session_servicedirs/>
· when running TAP tests, translate newlines to Unix format, fixing
cross-compiled tests under Wine on Linux
· don't stress-test refcounting under Wine, where it's really slow
· stop assuming that a message looped-back to the test will be received
immediately
· skip some system bus tests on Windows since they make no sense there
(fd.o #92538, fd.o #92721; Ralf Habacker, Simon McVittie)
D-Bus 1.10.2 (2015-10-26)
==
The “worst pies in London” release.
Fixes:
• Correct error handling for activation: if there are multiple attempts
to activate the same service and it fails immediately, the first attempt
would get the correct reply, but the rest would time out. We now send
the same error reply to each attempt. (fd.o #92200, Simon McVittie)
• If BecomeMonitor is called with a syntactically invalid match rule,
don't crash with an assertion failure, fixing a regression in 1.9.10.
This was not exploitable as a denial of service, because the check
for a privileged user is done first. (fd.o #92298, Simon McVittie)
• On Linux with --enable-user-session, add the bus address to the
environment of systemd services for better backwards compatibility
(fd.o #92612, Jan Alexander Steffens)
• On Windows, fix the logic for replacing the installation prefix
in service files' Exec lines (fd.o #83539; Milan Crha, Simon McVittie)
• On Windows, if installed in the conventional layout with ${prefix}/etc
and ${prefix}/share, use relative paths between bus configuration files
to allow the tree to be relocated (fd.o #92028, Simon McVittie)
• Make more of the regression tests pass in Windows builds (fd.o #92538,
Simon McVittie)
D-Bus 1.10.0 (2015-08-25)
==
The “0x20” release.
This is a new stable branch, recommended for use in OS distributions.
Fixes since 1.9.20:
• distribute test/tap-test.sh.in, even if the tarball was built without
tests enabled (fd.o #91684, Simon McVittie)
• work around a fd leak in libcap-ng < 0.7.7 (fd.o #91684, Simon McVittie)
Summary of major changes since 1.8.0:
• The basic setup for the well-known system and session buses is
now done in read-only files in ${datadir} (normally /usr/share).
See the NEWS entry for 1.9.18 for details.
• AppArmor integration has been merged, with features similar to the
pre-existing SELinux integration. It is mostly compatible with the
patches previously shipped by Ubuntu, with one significant change:
Ubuntu's GetConnectionAppArmorSecurityContext method has been superseded
by GetConnectionCredentials and was not included.
• The --enable-user-session configure option can be enabled
by OS integrators intending to use systemd to provide a session bus
per user (in effect, treating all concurrent graphical and non-graphical
login sessions as one large session).
• The new listenable address mode "unix:runtime=yes" listens on
$XDG_RUNTIME_DIR/bus, the same AF_UNIX socket used by the systemd
user session. libdbus and "dbus-launch --autolaunch" will connect to
this address by default. GLib ≥ 2.45.3 and sd-bus ≥ 209 have a
matching default.
• All executables are now dynamically linked to libdbus-1.
Previously, some executables, most notably dbus-daemon, were statically
linked to a specially-compiled variant of libdbus. This results in
various private functions in the _dbus namespace being exposed by the
shared library. These are not API, and must not be used outside
the dbus source tree.
• On platforms with ELF symbol versioning, all public symbols
are versioned LIBDBUS_1_3.
New bus APIs:
• org.freedesktop.DBus.GetConnectionCredentials returns
LinuxSecurityLabel where supported
• org.freedesktop.DBus.Monitoring interface (privileged)
· BecomeMonitor method supersedes match rules with eavesdrop=true,
which are now deprecated
• org.freedesktop.DBus.Stats interface (semi-privileged)
· now enabled by default
· new GetAllMatchRules method
• org.freedesktop.DBus.Verbose interface (not normally compiled)
· toggles the effect of DBUS_VERBOSE
New executables:
• dbus-test-tool
• dbus-update-activation-environment
New optional dependencies:
• The systemd: pseudo-transport requires libsystemd or libsd-daemon
• Complete documentation requires Ducktype and yelp-tools
• Full test coverage requires GLib 2.36 and PyGI
• AppArmor integration requires libapparmor and optionally libaudit
Dependencies removed:
• dbus-glib
D-Bus 1.9.20 (2015-08-06)
==
The “Remember Tomorrow” release.
This is a release-candidate for D-Bus 1.10.0. OS distribution vendors
should test it.
Fixes:
• Don't second-guess what the ABI of poll() is, allowing it to be used
on Integrity RTOS and other unusual platforms (fd.o #90314;
Rolland Dudemaine, Simon McVittie)
• Don't duplicate audit subsystem integration if AppArmor and SELinux are
both enabled (fd.o #89225, Simon McVittie)
• Log audit events for AppArmor/SELinux policy violations whenever
we have CAP_AUDIT_WRITE, even if not the system bus
(fd.o #83856, Laurent Bigonville)
D-Bus 1.9.18 (2015-07-21)
==
The “Pirate Elite” release.
Configuration changes:
• The basic setup for the well-known system and session buses is now done
in read-only files in ${datadir}, moving a step closer to systems
that can operate with an empty /etc directory. In increasing order
of precedence:
· ${datadir}/dbus-1/s*.conf now perform the basic setup such as setting
the default message policies.
· ${sysconfdir}/dbus-1/s*.conf are now optional. By default
dbus still installs a trivial version of each, for documentation
purposes; putting configuration directives in these files is deprecated.
· ${datadir}/dbus-1/s*.d/ are now available for third-party software
to install "drop-in" configuration snippets (any packages
using those directories should explicitly depend on at least this
version of dbus).
· ${sysconfdir}/dbus-1/s*.d/ are also still available for sysadmins
or third-party software to install "drop-in" configuration snippets
· ${sysconfdir}/dbus-1/s*-local.conf are still available for sysadmins'
overrides
${datadir} is normally /usr/share, ${sysconfdir} is normally /etc,
and "s*" refers to either system or session as appropriate.
(fd.o #89280, Dimitri John Ledkov)
Fixes:
• Fix a memory leak when GetConnectionCredentials() succeeds
(fd.o #91008, Jacek Bukarewicz)
• Ensure that dbus-monitor does not reply to messages intended for others,
resulting in its own disconnection (fd.o #90952, Simon McVittie)
D-Bus 1.9.16 (2015-05-14)
==
The “titanium barns” release.
Dependencies:
• Automake 1.13 is now required when compiling from git or modifying
the build system.
Security hardening:
• On Unix platforms, change the default configuration for the session bus
to only allow EXTERNAL authentication (secure kernel-mediated
credentials-passing), as was already done for the system bus.
This avoids falling back to DBUS_COOKIE_SHA1, which relies on strongly
unpredictable pseudo-random numbers.
If you are using D-Bus over the (unencrypted!) tcp: or nonce-tcp: transport,
in conjunction with DBUS_COOKIE_SHA1 and a shared home directory using
NFS or similar, you will need to reconfigure the session bus to accept
DBUS_COOKIE_SHA1 by commenting out the <auth> element. This configuration
is not recommended.
(fd.o #90414, Simon McVittie)
• When asked for random numbers for DBUS_COOKIE_SHA1, the nonce-tcp:
transport, UUIDs or any other reason, fail if we cannot obtain entropy
(from /dev/urandom or CryptGenRandom()) or an out-of-memory condition
occurs, instead of silently falling back to low-entropy pseudorandom
numbers from rand(). (fd.o #90414; Simon McVittie, Ralf Habacker)
Enhancements:
• Add dbus_message_iter_get_element_count()
(fd.o #30350; Christian Dywan, Simon McVittie)
• Introduce new internal DBusSocket and DBusPollable types so we can
stop treating the Windows SOCKET type as if it was int. DBusSocket
is specifically a socket, cross-platform. DBusPollable is whatever
_dbus_poll() can act on, i.e. a fd on Unix or a SOCKET on Windows.
(fd.o #89444; Ralf Habacker, Simon McVittie)
• All regression tests now output TAP <https://testanything.org/>
(fd.o #89846, Simon McVittie)
• Internal APIs consistently use signed values for timestamps
(fd.o #18494, Peter McCurdy)
• Improve diagnostics when UpdateActivationEnvironment calls are rejected
(fd.o #88812, Simon McVittie)
• Clean up a lot of compiler warnings
(fd.o #17289, fd.o #89284; Ralf Habacker, Simon McVittie)
Fixes:
• Add locking to DBusCounter's reference count and notify function
(fd.o #89297, Adrian Szyndela)
• Ensure that DBusTransport's reference count is protected by the
corresponding DBusConnection's lock (fd.o #90312, Adrian Szyndela)
• Correctly release DBusServer mutex before early-return if we run out
of memory while copying authentication mechanisms (fd.o #90021,
Ralf Habacker)
• Make dbus-test-tool and dbus-update-activation-environment portable
to Windows (fd.o #90089, Ralf Habacker)
• Correctly initialize all fields of DBusTypeReader (fd.o #90021;
Ralf Habacker, Simon McVittie)
• Fix some missing \n in verbose (debug log) messages (fd.o #90004,
Ralf Habacker)
• Clean up some memory and fd leaks in test code and tools
(fd.o #90021, Ralf Habacker)
• Fix a NULL dereference if the dbus-daemon cannot read a configuration
directory for a reason that is not ENOENT (fd.o #90021, Ralf Habacker)
• CMake generates a versioned shared library even if the revision is 0,
as it usually is on the development branch. (fd.o #89450, Ralf Habacker)
D-Bus 1.9.14 (2015-03-02)
==
The “don't stand in the poison cloud” release.
Dependencies:
• dbus-daemon and dbus-daemon-launch-helper now require libdbus. They
were previously linked to a static version of libdbus.
• The tests no longer require dbus-glib in order to exercise the libdbus
shared library; they are always linked to libdbus now.
Build-time configuration:
• The new --enable-user-session option, off by default, can be enabled
by OS integrators intending to use systemd to provide a session bus
per user (in effect, treating all concurrent graphical and non-graphical
login sessions as one large session)
Enhancements:
• All executables are now linked dynamically to libdbus.
(fd.o #83115; Bertrand SIMONNET, Simon McVittie, Ralf Habacker)
• On platforms that support them (GNU libc and possibly others),
libdbus now has versioned symbols for its public API.
All public symbols (visible in the header files) are currently
versioned as LIBDBUS_1_3; private symbols starting with _dbus or
dbus_internal have a version that changes with each release, and
must not be used by applications. (also fd.o #83115)
• New listenable address mode "unix:runtime=yes" which listens on
a real filesystem (non-abstract) socket $XDG_RUNTIME_DIR/bus
(fd.o #61303; Colin Walters, Alexander Larsson, Simon McVittie)
• Add optional systemd units for a per-user bus listening on
$XDG_RUNTIME_DIR/bus (fd.o #61301; Simon McVittie, Colin Walters)
• On Unix platforms, both libdbus and "dbus-launch --autolaunch"
default to connecting to $XDG_RUNTIME_DIR/bus if it is a socket
(also fd.o #61301)
• New dbus-update-activation-environment tool uploads environment
variables to "dbus-daemon --session" and optionally "systemd --user",
primarily as a way to keep the per-user bus compatible with
distributions' existing X11 login scripts (also fd.o #61301)
• <includedir/> elements in dbus-daemon configuration are now silently
ignored if the directory does not exist. (fd.o #89280, Dimitri John Ledkov)
• Add microsecond-resolution timestamps to the default output of
dbus-monitor and dbus-send (fd.o #88896; Ralf Habacker, Simon McVittie)
Fixes:
• Fix a race condition in the 'monitor' test introduced in 1.9.10
(fd.o #89222, Simon McVittie)
D-Bus 1.9.12 (2015-02-19)
==
The “monster lasagna” release.
Dependencies:
• Ducktype and yelp-tools are now required to build complete documentation
(they are optional for normal builds).
Enhancements:
• D-Bus Specification version 0.26
· GetConnectionCredentials can return LinuxSecurityLabel or WindowsSID
· document the BecomeMonitor method
• On Linux, add LinuxSecurityLabel to GetConnectionCredentials
(fd.o #89041; Tyler Hicks, Simon McVittie)
• On Linux, add support for AppArmor mediation of message sending and
receiving and name ownership (paralleling existing SELinux mediation
support), and eavesdropping (a new check, currently AppArmor-specific)
(fd.o #75113; John Johansen, Tyler Hicks, Simon McVittie)
• In dbus-send and dbus-monitor, pretty-print \0-terminated bytestrings
that have printable ASCII contents; we previously only did this for
unterminated bytestrings (fd.o #89109, Simon McVittie)
• Add a guide to designing good D-Bus APIs (fd.o #88994, Philip Withnall)
• On Windows, add WindowsSID to GetConnectionCredentials
(fd.o #54445, Ralf Habacker)
• Improve clarity of dbus-monitor --profile output and add more columns
(fd.o #89165, Ralf Habacker)
• Add a man page for dbus-test-tool, and build it under CMake as well
as Autotools (fd.o#89086, Simon McVittie)
• If dbus-daemon was compiled with --enable-verbose, add a D-Bus API
to control it at runtime, overriding the DBUS_VERBOSE environment variable
(fd.o #88896, Ralf Habacker)
Fixes:
• Reduce the number of file descriptors used in the fd-passing test,
avoiding failure under the default Linux fd limit, and automatically
skip it if the rlimit is too small (fd.o #88998, Simon McVittie)
D-Bus 1.9.10 (2015-02-09)
==
The “sad cyborgs” release.
Security fixes merged from 1.8.16:
• Do not allow non-uid-0 processes to send forged ActivationFailure
messages. On Linux systems with systemd activation, this would
allow a local denial of service: unprivileged processes could
flood the bus with these forged messages, winning the race with
the actual service activation and causing an error reply
to be sent back when service auto-activation was requested.
This does not prevent the real service from being started,
so the attack only works while the real service is not running.
(CVE-2015-0245, fd.o #88811; Simon McVittie)
Enhancements:
• The new Monitoring interface in the dbus-daemon lets dbus-monitor and
similar tools receive messages without altering the security properties
of the system bus, by calling the new BecomeMonitor method on a
private connection. This bypasses the normal <allow> and <deny> rules
entirely, so to preserve normal message-privacy assumptions, only root
is allowed to do this on the system bus. Restricted environments,
such as Linux with LSMs, should lock down access to the Monitoring
interface. (fd.o #46787, Simon McVittie)
• dbus-monitor uses BecomeMonitor to capture more traffic, if the
dbus-daemon supports it and access permissions allow it.
It still supports the previous approach ("eavesdropping" match rules)
for compatibility with older bus daemons. (fd.o #46787, Simon)
• dbus-monitor can now log the message stream as binary data for later
analysis, with either no extra framing beyond the normal D-Bus headers,
or libpcap-compatible framing treating each D-Bus message
as a captured packet. (fd.o #46787, Simon)
Other fixes:
• Fix some CMake build regressions (fd.o #88964, Ralf Habacker)
• On Unix, forcibly terminate regression tests after 60 seconds to
prevent them from blocking continuous integration frameworks
(fd.o #46787, Simon)
D-Bus 1.9.8 (2015-02-03)
==
The “all the types of precipitation” release.
Dependencies:
• full test coverage now requires GLib 2.36
• full test coverage now requires PyGI (PyGObject 3,
"import gi.repository.GObject") instead of the
obsolete PyGObject 2 ("import gobject")
Enhancements:
• add GLib-style "installed tests" (fd.o #88810, Simon McVittie)
• better regression test coverage, including systemd activation
(fd.o #57952, #88810; Simon McVittie)
Fixes:
• fatal errors correctly make the dbus-daemon exit even if <syslog/> is
turned off (fd.o #88808, Simon McVittie)
• TCP sockets on Windows no longer fail to listen approximately 1 time
in 256, caused by a logic error that should have always made it fail but
was mitigated by incorrect endianness for the port number
(fd.o #87999, Ralf Habacker)
• fix some Windows build failures (fd.o #88009, #88010; Ralf Habacker)
• on Windows, allow up to 8K connections to the dbus-daemon instead of the
previous 64, completing a previous fix which only worked under
Autotools (fd.o #71297, Ralf Habacker)
• on Windows, if the IP family is unspecified only use IPv4,
to mitigate IPv6 not working correctly (fd.o #87999, Ralf Habacker)
• fix some unlikely memory leaks on OOM (fd.o #88087, Simon McVittie)
• lcov code coverage analysis works again (fd.o #88808, Simon McVittie)
• fix an unused function error with --disable-embedded-tests (fd.o #87837,
Thiago Macieira)
D-Bus 1.9.6 (2015-01-05)
==
The “I do have a bread knife” release.
Security hardening:
• Do not allow calls to UpdateActivationEnvironment from uids other than
the uid of the dbus-daemon. If a system service installs unsafe
security policy rules that allow arbitrary method calls
(such as CVE-2014-8148) then this prevents memory consumption and
possible privilege escalation via UpdateActivationEnvironment.
We believe that in practice, privilege escalation here is avoided
by dbus-daemon-launch-helper sanitizing its environment; but
it seems better to be safe.
• Do not allow calls to UpdateActivationEnvironment or the Stats interface
on object paths other than /org/freedesktop/DBus. Some system services
install unsafe security policy rules that allow arbitrary method calls
to any destination, method and interface with a specified object path;
while less bad than allowing arbitrary method calls, these security
policies are still harmful, since dbus-daemon normally offers the
same API on all object paths and other system services might behave
similarly.
Other fixes:
• Add missing initialization so GetExtendedTcpTable doesn't crash on
Windows Vista SP0 (fd.o #77008, Илья А. Ткаченко)
D-Bus 1.9.4 (2014-11-24)
==
The “extra-sturdy caramel” release.
Fixes:
• Partially revert the CVE-2014-3639 patch by increasing the default
authentication timeout on the system bus from 5 seconds back to 30
seconds, since this has been reported to cause boot regressions for
some users, mostly with parallel boot (systemd) on slower hardware.
On fast systems where local users are considered particularly hostile,
administrators can return to the 5 second timeout (or any other value
in milliseconds) by saving this as /etc/dbus-1/system-local.conf:
<busconfig>
<limit name="auth_timeout">5000</limit>
</busconfig>
(fd.o #86431, Simon McVittie)
• Add a message in syslog/the Journal when the auth_timeout is exceeded
(fd.o #86431, Simon McVittie)
• Send back an AccessDenied error if the addressed recipient is not allowed
to receive a message (and in builds with assertions enabled, don't
assert under the same conditions). (fd.o #86194, Jacek Bukarewicz)
D-Bus 1.9.2 (2014-11-10)
==
The “structurally unsound flapjack” release.
Security fixes:
• Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536
so that CVE-2014-3636 part A cannot exhaust the system bus'
file descriptors, completing the incomplete fix in 1.8.8.
(CVE-2014-7824, fd.o #85105; Simon McVittie, Alban Crequy)
Enhancements:
• D-Bus Specification version 0.25
· new value 'const' for EmitsChangedSignal annotation
(fd.o #72958, Lennart Poettering)
· new ALLOW_INTERACTIVE_AUTHORIZATION flag, for PolicyKit and similar
(fd.o #83449; Lennart Poettering, Simon McVittie)
· annotate table of types with reserved/basic/container, and for
basic types, fixed/string-like
· clarify arbitrary limits by quoting them in mebibytes
• New API: add accessors for the ALLOW_INTERACTIVE_AUTHORIZATION flag
(fd.o #83449, Simon McVittie)
• Add dbus-test-tool, a D-Bus swiss army knife with multiple subcommands,
useful for debugging and performance testing:
· dbus-test-tool spam: send repeated messages
· dbus-test-tool echo: send an empty reply for all method calls
· dbus-test-tool black-hole: do not reply to method calls
(fd.o #34140; Alban Crequy, Simon McVittie, Will Thompson)
• Add support for process ID in credentials-passing on NetBSD
(fd.o #69702, Patrick Welche)
• Add an example script to find potentially undesired match rules
(fd.o #84598, Alban Crequy)
• Document the central assumption that makes our use of credentials-passing
secure (fd.o #83499, Simon McVittie)
• Replace the dbus-glib section of the tutorial with a GDBus recommendation,
and add some links to GDBus and QtDBus documentation (fd.o #25140,
Simon McVittie)
Fixes:
• Use a less confusing NoReply message when disconnected with a reply pending
(fd.o #76112, Simon McVittie)
• Make the .pc file relocatable by letting pkg-config do all variable
expansion itself (fd.o #75858, Руслан Ижбулатов)
• Fix a build failure on platforms with kqueue, which regressed in 1.9.0
(fd.o #85563, Patrick Welche)
• Consistently save errno after socket calls (fd.o #83625, Simon McVittie)
• In dbus-spawn, when the grandchild process exits due to a failed exec(),
do not lose the exec() errno (fd.o #24821, Simon McVittie)
• Do not fail the tests if a parent process has leaked non-close-on-exec
file descriptors to us (fd.o #73689, fd.o #83899; Simon McVittie)
• Do not fail the tests on Unix platforms with incomplete
credentials-passing support, but do fail if we can't pass credentials
on a platform where it is known to work: Linux, FreeBSD, OpenBSD, NetBSD
(fd.o #69702, Simon McVittie)
• Detect accept4, dirfd, inotify_init1, pipe2, and Unix fd passing
when building with cmake, and expand test coverage there
(fd.o #73689; Ralf Habacker, Simon McVittie)
D-Bus 1.9.0 (2014-10-01)
==
The “tiered cheeses” release.
Requirements:
• Support for the systemd: (LISTEN_FDS) pseudo-transport on Linux now
requires either the libsystemd or libsd-daemon shared library, dropping the
embedded convenience copy of sd-daemon (fd.o #71818, Simon)
Build-time configuration changes:
• The Stats interface is now enabled by default, and locked-down to
root-only on the system bus. Configure with --disable-stats
to disable it altogether on memory- or disk-constrained systems,
or see ${docdir}/examples/ to open it up to non-root users on the
system bus or restrict access on the session bus.
(fd.o #80759; Simon McVittie, Alban Crequy)
• The CMake build system now builds the same shared library name as Autotools
on at least Linux and Windows:
- on Linux (and perhaps other Unix platforms), it previously built
libdbus-1.so, but now builds libdbus-1.so.3.* with development
symlink libdbus-1.so and SONAME/symlink libdbus-1.so.3
- on Windows, it previously built either libdbus-1.dll (release) or
libdbus-1d.dll (debug), but now builds libdbus-1-3.dll, copied to
libdbus-1.dll for compatibility with older applications.
(fd.o #74117, Ralf Habacker)
Enhancements:
• D-Bus Specification version 0.24
· document how to quote match rules (fd.o #24307, Simon McVittie)
· explicitly say that most message types never expect a reply
regardles of whether they have NO_REPLY_EXPECTED
(fd.o #75749, Simon McVittie)
• on Unix platforms, disable Nagle's algorithm on TCP connections to improve
initial latency (fd.o #75544, Matt Hoosier)
• use backtrace() if it is in -lexecinfo instead of libc, as on NetBSD
(fd.o #69702, Patrick Welche)
• in dbus-monitor, print more information about file descriptors
(fd.o #80603, Alban Crequy)
• do not install system bus configuration if built for Windows
(fd.o #83583; Ralf Habacker, Simon McVittie)
• Add GetAllMatchRules to the Stats interface (fd.o #24307, Alban Crequy)
• Add a regression test for file descriptor passing (fd.o #83622,
Simon McVittie)
Fixes:
• fix an incorrect error message if a Unix socket path is too long
(fd.o #73887, Antoine Jacoutot)
• in an MSYS/Cygwin environment, pass Unix-style filenames to xmlto,
fixing documentation generation (fd.o #75860, Руслан Ижбулатов)
• in Unix with X11, avoid giving dbus-launch a misleading argv[0]
in ps(1) (fd.o #69716, Chengwei Yang)
• avoid calling poll() with timeout < -1, which is considered invalid
on FreeBSD and NetBSD (fd.o #78480, Jaap Boender)
• be portable to BSD-derived platforms where O_CLOEXEC is unavailable in libc
(like Mac OS X 10.6), or available in libc but unsupported by the kernel
(fd.o #77032; rmvsxop, OBATA Akio, Patrick Welche)
• Fix include path for test/internal/*.c with cmake (Ralf Habacker)
• Documentation improvements
(fd.o #80795, #84313; Thomas Haller, Sebastian Rasmussen)
• in dbus-monitor, do not leak file descriptors that we have monitored
(fd.o #80603, Alban Crequy)
• Set the close-on-exec flag for the inotify file descriptor, even
if built with CMake or older libc (fd.o #73689, Simon McVittie)
• Remove some LGPL code from the Windows dbus-daemon
(fd.o #57272, Ralf Habacker)
D-Bus 1.8.8 (2014-09-16)
==
The "smashy smashy egg man" release.
Security fixes:
• Do not accept an extra fd in the padding of a cmsg message, which
could lead to a 4-byte heap buffer overrun.
(CVE-2014-3635, fd.o #83622; Simon McVittie)
• Reduce default for maximum Unix file descriptors passed per message
from 1024 to 16, preventing a uid with the default maximum number of
connections from exhausting the system bus' file descriptors under
Linux's default rlimit. Distributors or system administrators with a
more restrictive fd limit may wish to reduce these limits further.
Additionally, on Linux this prevents a second denial of service
in which the dbus-daemon can be made to exceed the maximum number
of fds per sendmsg() and disconnect the process that would have
received them.
(CVE-2014-3636, fd.o #82820; Alban Crequy)
• Disconnect connections that still have a fd pending unmarshalling after
a new configurable limit, pending_fd_timeout (defaulting to 150 seconds),
removing the possibility of creating an abusive connection that cannot be
disconnected by setting up a circular reference to a connection's
file descriptor.
(CVE-2014-3637, fd.o #80559; Alban Crequy)
• Reduce default for maximum pending replies per connection from 8192 to 128,
mitigating an algorithmic complexity denial-of-service attack
(CVE-2014-3638, fd.o #81053; Alban Crequy)
• Reduce default for authentication timeout on the system bus from
30 seconds to 5 seconds, avoiding denial of service by using up
all unauthenticated connection slots; and when all unauthenticated
connection slots are used up, make new connection attempts block
instead of disconnecting them.
(CVE-2014-3639, fd.o #80919; Alban Crequy)
Other fixes:
• Check for libsystemd from systemd >= 209, falling back to
the older separate libraries if not found (Umut Tezduyar Lindskog,
Simon McVittie)
• On Linux, use prctl() to disable core dumps from a test executable
that deliberately raises SIGSEGV to test dbus-daemon's handling
of that condition (fd.o #83772, Simon McVittie)
• Fix compilation with --enable-stats (fd.o #81043, Gentoo #507232;
Alban Crequy)
• Improve documentation for running tests on Windows (fd.o #41252,
Ralf Habacker)
D-Bus 1.8.6 (2014-06-02)
==
Security fixes:
• On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, silently drop
the message. This prevents an attack in which a malicious client can
make dbus-daemon disconnect a system service, which is a local
denial of service.
(fd.o #80163, CVE-2014-3532; Alban Crequy)
• Track remaining Unix file descriptors correctly when more than one
message in quick succession contains fds. This prevents another attack
in which a malicious client can make dbus-daemon disconnect a system
service.
(fd.o #79694, fd.o #80469, CVE-2014-3533; Alejandro Martínez Suárez,
Simon McVittie, Alban Crequy)
Other fixes:
• When dbus-launch --exit-with-session starts a dbus-daemon but then cannot
attach to a session, kill the dbus-daemon as intended
(fd.o #74698, Роман Донченко)
D-Bus 1.8.4 (2014-06-10)
==
Security fix:
• Alban Crequy at Collabora Ltd. discovered and fixed a denial-of-service
flaw in dbus-daemon, part of the reference implementation of D-Bus.
Additionally, in highly unusual environments the same flaw could lead to
a side channel between processes that should not be able to communicate.
(CVE-2014-3477, fd.o #78979)
D-Bus 1.8.2 (2014-04-30)
==
The “nobody wants red” release.
Enhancements:
• in the CMake build system, add some hints for Linux users cross-compiling
Windows D-Bus binaries to be able to run tests under Wine
(fd.o #41252, Ralf Habacker)
• add Documentation key to dbus.service (fd.o #77447, Cameron Norman)
Fixes:
• in "dbus-uuidgen --ensure", try to copy systemd's /etc/machine-id
to /var/lib/dbus/machine-id instead of generating an entirely new ID
(fd.o #77941, Simon McVittie)
• if dbus-launch receives an X error very quickly, do not kill
unrelated processes (fd.o #74698, Роман Донченко)
• on Windows, allow up to 8K connections to the dbus-daemon, instead of the
previous 64 (fd.o #71297; Cristian Onet, Ralf Habacker)
• cope with \r\n newlines in regression tests, since on Windows,
dbus-daemon.exe uses text mode (fd.o #75863, Руслан Ижбулатов)
D-Bus 1.8.0 (2014-01-20)
==
The “Wolverine distrusts my printer” release.
This starts a new stable branch. The 1.6.x branch is now considered to be
outdated, and will only receive fixes for serious bugs such as security
flaws. The 1.4.x and 1.2.x branches no longer have upstream support and
are unlikely to get any more releases, but if distributors still need to
support them, please share security patches via upstream.
Summary of changes since 1.6.x:
• libdbus always behaves as if dbus_threads_init_default() had been called
(thread-safety by default)
• new dbus-run-session tool, replacing certain misuses of dbus-launch
• dbus-monitor can talk to outdated versions of dbus-daemon again
• new org.freedesktop.DBus.GetConnectionCredentials method
• GetConnectionUnixProcessID also works correctly on Windows, returning
the Windows process ID
• GetConnectionWindowsSID returns the correct SID on Windows
• expat is required, libxml2 can no longer be used as a substitute
• the userDB cache is required, and cannot be disabled
• a 64-bit integer type (either int, long, long long or _int64) is required
• better systemd-journald integration on Linux
• fixed long-standing fd and array leaks when failing to parse a message
• fixed referenced-but-never-freed parent nodes (effectively memory leaks)
when using certain object-path allocation patterns, notably in Avahi
• better defaults for Windows support
• better CMake support
• better portability to mingw32, FreeBSD, NetBSD, QNX and Hurd
• the source language for the man pages is now Docbook XML
Enhancements since 1.7.10:
• Enhance the CMake build system to check for GLib and compile/run
a subset of the regression tests (fd.o #41252, #73495; Ralf Habacker)
Fixes since 1.7.10:
• don't rely on va_copy(), use DBUS_VA_COPY() wrapper (fd.o #72840,
Ralf Habacker)
• fix compilation of systemd journal support on older systemd versions where
sd-journal.h doesn't include syslog.h (fd.o #73455, Ralf Habacker)
• fix compilation on older MSVC versions by including stdlib.h
(fd.o #73455, Ralf Habacker)
• Allow <allow_anonymous/> to appear in an included configuration file
(fd.o #73475, Matt Hoosier)
Test behaviour changes since 1.7.10:
• If the tests crash with an assertion failure, they no longer default to
blocking for a debugger to be attached. Set DBUS_BLOCK_ON_ABORT in the
environment if you want the old behaviour.
• To improve debuggability, the dbus-daemon and dbus-daemon-eavesdrop tests
can be run with an external dbus-daemon by setting
DBUS_TEST_DAEMON_ADDRESS in the environment. Test-cases that require
an unusually-configured dbus-daemon are skipped.
D-Bus 1.7.10 (2014-01-06)
==
The “weighted companion cube” release.
This is a release candidate for D-Bus 1.8.
D-Bus Specification 0.23:
• don't require messages with no INTERFACE to be dispatched
(fd.o #68597, Simon McVittie)
• document "tcp:bind=..." and "nonce-tcp:bind=..." (fd.o #72301,
Chengwei Yang)
• define "listenable" and "connectable" addresses, and discuss
the difference (fd.o #61303, Simon McVittie)
Enhancements:
• support printing Unix file descriptors in dbus-send, dbus-monitor
(fd.o #70592, Robert Ancell)
• don't install systemd units if --disable-systemd is given
(fd.o #71818, Chengwei Yang)
Fixes:
• don't leak memory on out-of-memory while listing activatable or
active services (fd.o #71526, Radoslaw Pajak)
• fix undefined behaviour in a regression test (fd.o #69924, DreamNik)
• escape Unix socket addresses correctly (fd.o #46013, Chengwei Yang)
• on SELinux systems, don't assume that SECCLASS_DBUS, DBUS__ACQUIRE_SVC
and DBUS__SEND_MSG are numerically equal to their values in the
reference policy (fd.o #88719, osmond sun)
• define PROCESS_QUERY_LIMITED_INFORMATION if missing from MinGW < 4 headers
(fd.o #71366, Matt Fischer)
• define WIN32_LEAN_AND_MEAN to avoid conflicts between winsock.h and
winsock2.h (fd.o #71405, Matt Fischer)
• do not return failure from _dbus_read_nonce() with no error set,
preventing a potential crash (fd.o #72298, Chengwei Yang)
• on BSD systems, avoid some O(1)-per-process memory and fd leaks in kqueue,
preventing test failures (fd.o #69332, fd.o #72213; Chengwei Yang)
• fix warning spam on Hurd by not trying to set SO_REUSEADDR on Unix sockets,
which doesn't do anything anyway on at least Linux and FreeBSD
(fd.o #69492, Simon McVittie)
• fix use of TCP sockets on FreeBSD and Hurd by tolerating EINVAL from
sendmsg() with SCM_CREDS (retrying with plain send()), and looking
for credentials more correctly (fd.o #69492, Simon McVittie)
• ensure that tests run with a temporary XDG_RUNTIME_DIR to avoid
getting mixed up in XDG/systemd "user sessions" (fd.o #61301,
Simon McVittie)
• refresh cached policy rules for existing connections when bus
configuration changes (fd.o #39463, Chengwei Yang)
D-Bus 1.7.8 (2013-11-01)
==
The “extreme hills” release.
Dependencies:
• If systemd support is enabled, libsystemd-journal is now required.
Enhancements:
• When activating a non-systemd service under systemd, annotate its
stdout/stderr with its bus name in the Journal. Known limitation:
because the socket is opened before forking, the process will still be
logged as if it had dbus-daemon's process ID and user ID.
(fd.o #68559, Chengwei Yang)
• Document more configuration elements in dbus-daemon(1)
(fd.o #69125, Chengwei Yang)
Fixes:
• Don't leak string arrays or fds if dbus_message_iter_get_args_valist()
unpacks them and then encounters an error (fd.o #21259, Chengwei Yang)
• If compiled with libaudit, retain CAP_AUDIT_WRITE so we can write
disallowed method calls to the audit log, fixing a regression in 1.7.6
(fd.o #49062, Colin Walters)
• path_namespace='/' in match rules incorrectly matched nothing; it
now matches everything. (fd.o #70799, Simon McVittie)
D-Bus 1.7.6 (2013-10-09)
==
The “CSI Shrewsbury” release.
Build-time configuration changes:
• Directory change notification via dnotify on Linux is no longer
supported; it hadn't compiled successfully since 2010 in any case.
If you don't have inotify (Linux) or kqueue (*BSD), you will need
to send SIGHUP to the dbus-daemon when its configuration changes.
(fd.o #33001, Chengwei Yang)
• Compiling with --disable-userdb-cache is no longer supported;
it didn't work since at least 2008, and would lead to an extremely
slow dbus-daemon even it worked. (fd.o #15589, #17133, #66947;
Chengwei Yang)
• The DBUS_DISABLE_ASSERTS CMake option didn't actually disable most
assertions. It has been renamed to DBUS_DISABLE_ASSERT to be consistent
with the Autotools build system. (fd.o #66142, Chengwei Yang)
• --with-valgrind=auto enables Valgrind instrumentation if and only if
valgrind headers are available. The default is still --with-valgrind=no.
(fd.o #56925, Simon McVittie)
Dependencies:
• Platforms with no 64-bit integer type are no longer supported.
(fd.o #65429, Simon McVittie)
• GNU make is now (documented to be) required. (fd.o #48277, Simon McVittie)
• Full test coverage no longer requires dbus-glib, although the tests do not
exercise the shared library (only a static copy) if dbus-glib is missing.
(fd.o #68852, Simon McVittie)
Enhancements:
• D-Bus Specification 0.22
· Document GetAdtAuditSessionData() and
GetConnectionSELinuxSecurityContext() (fd.o #54445, Simon)
· Fix example .service file (fd.o #66481, Chengwei Yang)
· Don't claim D-Bus is "low-latency" (lower than what?), just
give factual statements about it supporting async use
(fd.o #65141, Justin Lee)
· Document the contents of .service files, and the fact that
system services' filenames are constrained
(fd.o #66608; Simon McVittie, Chengwei Yang)
• Be thread-safe by default on all platforms, even if
dbus_threads_init_default() has not been called. For compatibility with
older libdbus, library users should continue to call
dbus_threads_init_default(): it is harmless to do so.
(fd.o #54972, Simon McVittie)
• Add GetConnectionCredentials() method (fd.o #54445, Simon)
• New API: dbus_setenv(), a simple wrapper around setenv().
Note that this is not thread-safe. (fd.o #39196, Simon)
• Add dbus-send --peer=ADDRESS (connect to a given peer-to-peer connection,
like --address=ADDRESS in previous versions) and dbus-send --bus=ADDRESS
(connect to a given bus, like dbus-monitor --address=ADDRESS).
dbus-send --address still exists for backwards compatibility,
but is no longer documented. (fd.o #48816, Andrey Mazo)
• Windows-specific:
· "dbus-daemon --nofork" is allowed on Windows again. (fd.o #68852,
Simon McVittie)
Fixes:
• Avoid an infinite busy-loop if a signal interrupts waitpid()
(fd.o #68945, Simon McVittie)
• Clean up memory for parent nodes when objects are unexported
(fd.o #60176, Thomas Fitzsimmons)
• Make dbus_connection_set_route_peer_messages(x, FALSE) behave as
documented. Previously, it assumed its second parameter was TRUE.
(fd.o #69165, Chengwei Yang)
• Escape addresses containing non-ASCII characters correctly
(fd.o #53499, Chengwei Yang)
• Document <servicedir> search order correctly (fd.o #66994, Chengwei Yang)
• Don't crash on "dbus-send --session / x.y.z" which regressed in 1.7.4.
(fd.o #65923, Chengwei Yang)
• If malloc() returns NULL in _dbus_string_init() or similar, don't free
an invalid pointer if the string is later freed (fd.o #65959, Chengwei Yang)
• If malloc() returns NULL in dbus_set_error(), don't va_end() a va_list
that was never va_start()ed (fd.o #66300, Chengwei Yang)
• fix build failure with --enable-stats (fd.o #66004, Chengwei Yang)
• fix a regression test on platforms with strict alignment (fd.o #67279,
Colin Walters)
• Avoid calling function parameters "interface" since certain Windows headers
have a namespace-polluting macro of that name (fd.o #66493, Ivan Romanov)
• Assorted Doxygen fixes (fd.o #65755, Chengwei Yang)
• Various thread-safety improvements to static variables (fd.o #68610,
Simon McVittie)
• Make "make -j check" work (fd.o #68852, Simon McVittie)
• Fix a NULL pointer dereference on an unlikely error path
(fd.o #69327, Sviatoslav Chagaev)
• Improve valgrind memory pool tracking (fd.o #69326,
Sviatoslav Chagaev)
• Don't over-allocate memory in dbus-monitor (fd.o #69329,
Sviatoslav Chagaev)
• dbus-monitor can monitor dbus-daemon < 1.5.6 again
(fd.o #66107, Chengwei Yang)
• Unix-specific:
· If accept4() fails with EINVAL, as it can on older Linux kernels
with newer glibc, try accept() instead of going into a busy-loop.
(fd.o #69026, Chengwei Yang)
· If socket() or socketpair() fails with EINVAL or EPROTOTYPE,
for instance on Hurd or older Linux with a new glibc, try without
SOCK_CLOEXEC. (fd.o #69073; Pino Toscano, Chengwei Yang)
· Fix a file descriptor leak on an error code path.
(fd.o #69182, Sviatoslav Chagaev)
· dbus-run-session: clear some unwanted environment variables
(fd.o #39196, Simon)
· dbus-run-session: compile on FreeBSD (fd.o #66197, Chengwei Yang)
· Don't fail the autolaunch test if there is no DISPLAY (fd.o #40352, Simon)
· Use dbus-launch from the builddir for testing, not the installed copy
(fd.o #37849, Chengwei Yang)
· Fix compilation if writev() is unavailable (fd.o #69409,
Vasiliy Balyasnyy)
· Remove broken support for LOCAL_CREDS credentials passing, and
document where each credential-passing scheme is used (fd.o #60340,
Simon McVittie)
· Make autogen.sh work on *BSD by not assuming GNU coreutils functionality
(fd.o #35881, #69787; Chengwei Yang)
· dbus-monitor: be portable to NetBSD (fd.o #69842, Chengwei Yang)
· dbus-launch: stop using non-portable asprintf (fd.o #37849, Simon)
· Improve error reporting from the setuid activation helper (fd.o #66728,
Chengwei Yang)
• Windows-specific:
· Remove unavailable command-line options from 'dbus-daemon --help'
(fd.o #42441, Ralf Habacker)
· Add support for looking up local TCPv4 clients' credentials on
Windows XP via the undocumented AllocateAndGetTcpExTableFromStack
function (fd.o #66060, Ralf Habacker)
· Fix insufficient dependency-tracking (fd.o #68505, Simon McVittie)
· Don't include wspiapi.h, fixing a compiler warning (fd.o #68852,
Simon McVittie)
• Internal changes:
· add DBUS_ENABLE_ASSERT, DBUS_ENABLE_CHECKS for less confusing
conditionals (fd.o #66142, Chengwei Yang)
· improve verbose-mode output (fd.o #63047, Colin Walters)
· consolidate Autotools and CMake build (fd.o #64875, Ralf Habacker)
· fix various unused variables, unusual build configurations
etc. (fd.o #65712, #65990, #66005, #66257, #69165, #69410, #70218;
Chengwei Yang, Vasiliy Balyasnyy)
D-Bus 1.7.4 (2013-06-13)
==
The “but is your thread-safety thread-safe?” release.
Security fixes:
• CVE-2013-2168: Fix misuse of va_list that could be used as a denial
of service for system services. Vulnerability reported by Alexandru Cornea.
(Simon)
Dependencies:
• The Windows version of libdbus now contains a C++ source file, used
to provide global initialization when the library is loaded.
gcc (mingw*) users should ensure that g++ is also installed.
• The libxml2-based configuration reader (which hasn't worked for 2.5 years,
and was never the recommended option) has been removed. Expat is now a
hard dependency.
Enhancements:
• It should now be safe to call dbus_threads_init_default() from any thread,
at any time. Authors of loadable modules and plugins that use libdbus
should consider doing so during initialization.
(fd.o #54972, Simon McVittie)
• Improve dbus-send documentation and command-line parsing (fd.o #65424,
Chengwei Yang)
Unix-specific:
· dbus-run-session: experimental new tool to start a temporary D-Bus
session, e.g. for regression tests or a text console, replacing
certain uses of dbus-launch which weren't really correct
(fd.o #39196, Simon)
Other fixes:
• In dbus-daemon, don't crash if a .service file starts with key=value
(fd.o #60853, Chengwei Yang)
• Unix-specific:
· Fix a crash similar to CVE-2013-2168 the first time we try to use syslog
on a platform not defining LOG_PERROR, such as Solaris or QNX.
This regressed in 1.7.0. (Simon)
· Fix an assertion failure if we try to activate systemd services before
systemd connects to the bus (fd.o #50199, Chengwei Yang)
· Avoid compiler warnings for ignoring the return from write()
(Chengwei Yang)
• Windows-specific:
· Under cmake, install runtime libraries (DLLs) into bin/ instead of lib/
so that Windows finds them (fd.o #59733, Ralf Habacker)
D-Bus 1.7.2 (2013-04-25)
==
The “only partially opaque” release.
Configuration changes:
• On non-QNX Unix platforms, the default limit on fds per message in the
session bus configuration has reduced from 4096 to 1024. The default
limit used on the system bus was already 1024. On QNX, both limits are
reduced further, to 128.
Enhancements:
• D-Bus Specification 0.21
· Following Unicode Corrigendum #9, the noncharacters U+nFFFE, U+nFFFF,
U+FDD0..U+FDEF are allowed in UTF-8 strings again. (fd.o #63072,
Simon McVittie)
Fixes:
• Diagnose incorrect use of dbus_connection_get_data() with negative slot
(i.e. before allocating the slot) rather than returning junk
(fd.o #63127, Dan Williams)
• Fix a cmake build regression since 1.7.0 (fd.o #63682; Ralf Habacker,
Simon McVittie)
• Unix-specific:
· On Linux, link successfully with glibc 2.17 (fd.o #63166, Simon McVittie)
  · Under systemd, log to syslog only, not stderr, avoiding duplication
(fd.o #61399, #39987; Colin Walters, Dagobert Michelsen)
· Under systemd, remove unnecessary dependency on syslog.socket
(fd.o #63531, Cristian Rodríguez)
· Include alloca.h for alloca() if available, fixing compilation on
Solaris 10 (fd.o #63071, Dagobert Michelsen)
· Allow use of systemd-logind without the rest of systemd
(fd.o #62585, Martin Pitt)
· When built with CMake, link to librt and use the right path for
meinproc's XSLT stylesheets (fd.o #61637, Ralf Habacker)
· Reduce the default limit on number of fds per message to 128 under
QNX, working around an arbitrary OS limit (fd.o #61176, Matt Fischer)
• Windows-specific:
· Do not claim that all bus clients have the dbus-daemon's credentials;
pick up local TCPv4 clients' credentials (process ID and security
identifier, i.e. user) using GetExtendedTcpTable() (fd.o #61787,
Ralf Habacker)
D-Bus 1.7.0 (2013-02-22)
==
The "Disingenuous Assertions" release.
This is a new development release, starting the 1.7.x branch. D-Bus 1.6
remains the recommended version for long-term-supported distributions
or the upcoming GNOME 3.8 release.
Build-time configuration changes:
• The --with-dbus-session-bus-default-address configure option is no longer
supported. Use the new --with-dbus-session-bus-connect-address and
--with-dbus-session-bus-listen-address options instead. On Windows, you
usually want them to have the same argument; on Unix, the defaults are
usually correct.
• Similarly, the DBUS_SESSION_BUS_DEFAULT_ADDRESS CMake variable is no longer
supported; use the new DBUS_SESSION_BUS_LISTEN_ADDRESS and
DBUS_SESSION_BUS_CONNECT_ADDRESS variables instead.
• cmake/cross-compile.sh has been removed. Instead, please use a
cross-toolchain file (-DCMAKE_TOOLCHAIN_FILE) as documented at
<http://www.vtk.org/Wiki/CMake_Cross_Compiling>; or use Autotools
as documented in "info automake Cross-Compilation", and set
PKG_CONFIG_PATH appropriately.
Requirements:
• Man pages now require xmlto (or either xmlto or meinproc, if using CMake).
• man2html is no longer used.
Enhancements:
• D-Bus Specification 0.20
· actually say that /org/freedesktop/DBus is the object that
implements o.fd.DBus (fd.o #51865, Colin Walters)
· various reorganisation for better clarity (fd.o #38252, Simon McVittie)
· stop claiming that all basic types work just like INT32 (strings don't!)
• The "source code" for the man pages is now Docbook XML, eliminating
the outdated duplicate copies used when building with CMake.
(fd.o #59805; Ralf Habacker, Simon McVittie)
Fixes:
• In the activation helper, when compiled for tests, do not reset the system
bus address, fixing the regression tests. (fd.o #52202, Simon)
• Fix building with Valgrind 3.8, at the cost of causing harmless warnings
with Valgrind 3.6 on some compilers (fd.o #55932, Arun Raghavan)
• Merge <servicehelper> from system-local.conf if necessary (fd.o #51560,
Krzysztof Konopko)
• Under CMake, prefer xmlto over meinproc (fd.o #59733, Ralf Habacker)
• Stop duplicating CMake's own logic to find libexpat
(fd.o #59733, Ralf Habacker)
• Don't assume CMake host and build system are the same (fd.o #59733,
Ralf Habacker)
• Avoid deprecation warnings for GLib 2.35 (fd.o #59971, Simon McVittie)
• Unix-specific:
· Check for functions in libpthread correctly, fixing compilation on
(at least) OpenBSD (fd.o #47239, Simon)
· Don't leak temporary fds pointing to /dev/null (fd.o #56927,
Michel HERMIER)
· Update sd-daemon.[ch] from systemd (fd.o #60681)
· Add partial support for QNX (fd.o #60339, fd.o #61176; Matt Fischer)
• Windows-specific:
· The default session bus listening and connecting address is now
"autolaunch:", which makes D-Bus on Windows interoperate with itself
and GDBus "out of the box". Use the configure options and cmake variables
described above if you require a different autolaunch scope.
(fd.o #38201, Simon McVittie)
· Avoid a CMake warning under Cygwin (fd.o #59401, Ralf Habacker)
• Create session.d, system.d directories under CMake (fd.o #41319,
Ralf Habacker)
D-Bus 1.6.8 (2012-09-28)
==
The "Fix one thing, break another" release.
• Follow up to CVE-2012-3524: The additional hardening
work to use __secure_getenv() as a followup to bug #52202
broke certain configurations of gnome-keyring. Given
the difficulty of making this work without extensive
changes to gnome-keyring, use of __secure_getenv() is
deferred.
D-Bus 1.6.6 (2012-09-28)
==
The "Clear the environment in your setuid binaries, please" release.
• CVE-2012-3524: Don't access environment variables (fd.o #52202)
Thanks to work and input from Colin Walters, Simon McVittie,
Geoffrey Thomas, and others.
• Unix-specific:
· Fix compilation on Solaris (fd.o #53286, Jonathan Perkin)
· Work around interdependent headers on OpenBSD by including sys/types.h
before each use of sys/socket.h (fd.o #54418, Brad Smith)
D-Bus 1.6.4 (2012-07-18)
==
• Detect that users are "at the console" correctly when configured with
a non-default path such as --enable-console-auth-dir=/run/console
(fd.o #51521, Dave Reisner)
• Remove an incorrect assertion from DBusTransport (fd.o #51657,
Simon McVittie)
• Make --enable-developer default to "no" (regression in 1.6.2;
fd.o #51657, Simon McVittie)
• Windows-specific:
· Launch dbus-daemon correctly if its path contains a space
(fd.o #49450, Wolfgang Baron)
D-Bus 1.6.2 (2012-06-27)
==
The "Ice Cabbage" release.
• Change how we create /var/lib/dbus so it works under Automake >= 1.11.4
(fd.o #51406, Simon McVittie)
• Don't return from dbus_pending_call_set_notify with a lock held on OOM
(fd.o #51032, Simon McVittie)
• Disconnect "developer mode" (assertions, verbose mode etc.) from
Automake maintainer mode. D-Bus developers should now configure with
--enable-developer. Automake maintainer mode is now on by default;
distributions can disable it with --disable-maintainer-mode.
(fd.o #34671, Simon McVittie)
• Automatically define DBUS_STATIC_BUILD in static-only Autotools builds,
fixing linking when targeting Windows (fd.o #33973; william, Simon McVittie)
• Unix-specific:
· Check for libpthread under CMake on Unix (fd.o #47237, Simon McVittie)
D-Bus 1.6.0 (2012-06-05)
==
The “soul of this machine has improved” release.
This version starts a new stable branch of D-Bus: only bug fixes will
be accepted into 1.6.x. Other changes will now go to the 1.7.x branch.
Summary of changes since 1.4.x:
• New requirements
· PTHREAD_MUTEX_RECURSIVE on Unix
· compiler support for 64-bit integers (int64_t or equivalent)
• D-Bus Specification v0.19
• New dbus-daemon features
· <allow own_prefix="com.example.Service"/> rules allow the service to
own names like com.example.Service.Instance3
· optional systemd integration when checking at_console policies
· --nopidfile option, mainly for use by systemd
· path_namespace and arg0namespace may appear in match rules
· eavesdropping is disabled unless the match rule contains eavesdrop=true
• New public API
· functions to validate various string types (dbus_validate_path() etc.)
· dbus_type_is_valid()
· DBusBasicValue, a union of every basic type
• Bug fixes
· removed an unsafe reimplementation of recursive mutexes
· dbus-daemon no longer busy-loops if it has far too many file descriptors
· dbus-daemon.exe --print-address works on Windows
· all the other bug fixes from 1.4.20
• Other major implementation changes
· on Linux, dbus-daemon uses epoll if supported, for better scalability
· dbus_threads_init() ignores its argument and behaves like
dbus_threads_init_default() instead
· removed the per-connection link cache, improving dbus-daemon performance
• Developer features
· optional Valgrind instrumentation (--with-valgrind)
· optional Stats interface on the dbus-daemon (--enable-stats)
· optionally abort whenever malloc() fails (--enable-embedded-tests
and export DBUS_MALLOC_CANNOT_FAIL=1)
Changes since 1.5.12:
• Be more careful about monotonic time vs. real time, fixing DBUS_COOKIE_SHA1
spec-compliance (fd.o #48580, David Zeuthen)
• Don't use install(1) within the source/build trees, fixing the build as
non-root when using OpenBSD install(1) (fd.o #48217, Antoine Jacoutot)
• Add missing commas in some tcp and nonce-tcp addresses, and remove
an unused duplicate copy of the nonce-tcp transport in Windows builds
(fd.o #45896, Simon McVittie)
D-Bus 1.5.12 (2012-03-27)
==
The “Big Book of Science” release.
• Add public API to validate various string types:
dbus_validate_path(), dbus_validate_interface(), dbus_validate_member(),
dbus_validate_error_name(), dbus_validate_bus_name(), dbus_validate_utf8()
(fd.o #39549, Simon McVittie)
• Turn DBusBasicValue into public API so bindings don't need to invent their
own "union of everything" type (fd.o #11191, Simon McVittie)
• Enumerate data files included in the build rather than using find(1)
(fd.o #33840, Simon McVittie)
• Add support for policy rules like <allow own_prefix="com.example.Service"/>
in dbus-daemon (fd.o #46273, Alban Crequy)
• Windows-specific:
· make dbus-daemon.exe --print-address (and --print-pid) work again
on Win32, but not on WinCE (fd.o #46049, Simon McVittie)
· fix duplicate case value when compiling against mingw-w64
(fd.o #47321, Andoni Morales Alastruey)
D-Bus 1.5.10 (2012-02-21)
==
The "fire in Delerium" release.
On Unix platforms, PTHREAD_MUTEX_RECURSIVE (as specified in POSIX 2008 Base
and SUSv2) is now required.
• D-Bus Specification 0.19:
· Formally define unique connection names and well-known bus names,
and document best practices for interface, bus, member and error names,
and object paths (fd.o #37095, Simon McVittie)
· Document the search path for session and system services on Unix, and
where they should be installed by build systems (fd.o #21620, fd.o #35306;
Simon McVittie)
· Document the systemd transport (fd.o #35232, Lennart Poettering)
• Make dbus_threads_init() use the same built-in threading implementation
as dbus_threads_init_default(); the user-specified primitives that it
takes as a parameter are now ignored (fd.o #43744, Simon McVittie)
• Allow all configured auth mechanisms, not just one (fd.o #45106,
Pavel Strashkin)
• Improve cmake build system (Ralf Habacker):
· simplify XML parser dependencies (fd.o #41027)
· generate build timestamp (fd.o #41029)
· only create batch files on Windows
· fix option and cache syntax
· add help-options target
· share dbus-arch-deps.h.in with autotools rather than having our
own version (fd.o #41033)
• Build tests successfully with older GLib, as found in e.g. Debian 6
(fd.o #41219, Simon McVittie)
• Avoid use of deprecated GThread API (fd.o #44413, Martin Pitt)
• Build documentation correctly if man2html doesn't support filenames on
its command-line (fd.o #43875, Jack Nagel)
• Improve test coverage. To get even more coverage, run the tests with
DBUS_TEST_SLOW=1 (fd.o #38285, #42811; Simon McVittie)
• Reduce the size of the shared library by moving functionality only used
by dbus-daemon, tests etc. into their internal library and deleting
unused code (fd.o #34976, #39759; Simon McVittie)
• Add dbus-daemon --nopidfile option, overriding the configuration, for
setups where the default configuration must include <pidfile/> to avoid
breaking traditional init, but the pid file is in fact unnecessary; use
it under systemd to improve startup time a bit (fd.o #45520,
Lennart Poettering)
• Optionally (if configured --with-valgrind) add instrumentation to debug
libdbus and associated tools more meaningfully under Valgrind
(fd.o #37286, Simon McVittie)
• Improve the dbus-send(1) man page (fd.o #14005, Simon McVittie)
• Make dbus-protocol.h compatible with C++11 (fd.o #46147, Marc Mutz)
• If tests are enabled and DBUS_MALLOC_CANNOT_FAIL is set in the environment,
abort on failure to malloc() (like GLib does), to turn runaway memory leaks
into a debuggable core-dump if a resource limit is applied (fd.o #41048,
Simon McVittie)
• Don't crash if realloc() returns NULL in a debug build (fd.o #41048,
Simon McVittie)
• Unix-specific:
· Replace our broken reimplementation of recursive mutexes, which has
been broken since 2006, with an ordinary pthreads recursive mutex
(fd.o #43744; Sigmund Augdal, Simon McVittie)
· Use epoll(7) for a more efficient main loop in Linux; equivalent patches
welcomed for other OSs' equivalents like kqueue, /dev/poll, or Solaris
event ports (fd.o #33337; Simon McVittie, Ralf Habacker)
· When running under systemd, use it instead of ConsoleKit to check
whether to apply at_console policies (fd.o #39609, Lennart Poettering)
· Avoid a highly unlikely fd leak (fd.o #29881, Simon McVittie)
· Don't close invalid fd -1 if getaddrinfo fails (fd.o #37258, eXeC001er)
  · Don't touch ~/.dbus and ~/.dbus-keyrings when running 'make installcheck'
(fd.o #41218, Simon McVittie)
· Stop pretending we respect XDG_DATA_DIRS for system services: the launch
helper doesn't obey environment variables to avoid privilege escalation
attacks, so make the system bus follow the same rules
(fd.o #21620, Simon McVittie)
• Windows-specific:
· Find the dbus-daemon executable next to the shared library (fd.o #41558;
Jesper Dam, Ralf Habacker)
· Remove the faulty implementation of _dbus_condvar_wake_all (fd.o #44609,
Simon McVittie)
D-Bus 1.5.8 (2011-09-21)
==
The "cross-metering" release.
In addition to dead code removal and refactoring, this release contains all
of the bugfixes from 1.4.16.
• Clean up dead code, and make more warnings fatal in development builds
(fd.o #39231, fd.o #41012; Simon McVittie)
• If full test coverage is requested via --enable-tests, strictly require
Python, pygobject and dbus-python, which are required by some tests; if not,
and Python is missing, skip those tests rather than failing
(fd.o #37847, Simon McVittie)
• When using cmake, provide the same version-info API in the installed headers
as for autotools (DBUS_VERSION, etc.) (fd.o #40905, Ralf Habacker)
• Add a regression test for fd.o #38005 (fd.o #39836, Simon McVittie)
• Make "NOCONFIGURE=1 ./autogen.sh" not run configure (Colin Walters)
• Add _DBUS_STATIC_ASSERT and use it to check invariants (fd.o #39636,
Simon McVittie)
• Fix duplicates in authors list (Ralf Habacker)
• Fix broken links from dbus-tutorial.html if $(htmldir) != $(docdir)
(fd.o #39879, Chris Mayo)
• Fix a small memory leak, and a failure to report errors, when updating
a service file entry for activation (fd.o #39230, Simon McVittie)
• Unix-specific:
· Clean up (non-abstract) Unix sockets on bus daemon exit (fd.o #38656;
Brian Cameron, Simon McVittie)
· On systems that use libcap-ng but not systemd, drop supplemental groups
when switching to the daemon user (Red Hat #726953, Steve Grubb)
· Make the cmake build work again on GNU platforms (fd.o #29228,
Simon McVittie)
· Fix compilation on non-C99 systems that have inttypes.h but not stdint.h,
like Solaris (fd.o #40313, Dagobert Michelsen)
· Define CMSG_ALIGN, CMSG_LEN, CMSG_SPACE on Solaris < 10
(fd.o #40235, Simon McVittie)
· Cope with Unixes that don't have LOG_PERROR, like Solaris 10
(fd.o #39987, Simon McVittie)
· Cope with platforms whose vsnprintf violates both POSIX and C99, like
Tru64, IRIX and HP-UX (fd.o #11668, Simon McVittie)
• Windows-specific:
· Fix compilation on MSVC, which doesn't understand "inline" with its
C99 meaning (fd.o #40000; Ralf Habacker, Simon McVittie)
· Fix misuse of GPid in test/dbus-daemon.c (fd.o #40003, Simon McVittie)
· Fix cross-compilation to Windows with Automake (fd.o #40003, Simon McVittie)
D-Bus 1.5.6 (2011-07-29)
==
The "weird, gravy-like aftertaste" release.
In addition to new features and refactoring, this release contains all of the
bugfixes from 1.4.14.
Potentially incompatible (Bustle and similar debugging tools will need
changes to work as intended):
• Do not allow match rules to "eavesdrop" (receive messages intended for a
different recipient) by mistake: eavesdroppers must now opt-in to this
behaviour by putting "eavesdrop='true'" in the match rule, which will
not have any practical effect on buses where eavesdropping is not allowed
(fd.o #37890, Cosimo Alfarano)
Other changes:
• D-Bus Specification version 0.18 (fd.o #37890, fd.o #39450, fd.o #38252;
Cosimo Alfarano, Simon McVittie)
· add the "eavesdrop" keyword to match rules
· define eavesdropping, unicast messages and broadcast messages
· stop claiming that match rules are needed to match unicast messages to you
· promote the type system to be a top-level section
• Use DBUS_ERROR_OBJECT_PATH_IN_USE if dbus_connection_try_register_object_path
or dbus_connection_try_register_fallback fails, not ...ADDRESS_IN_USE,
and simplify object-path registration (fd.o #38874, Jiří Klimeš)
• Consistently use atomic operations on everything that is ever manipulated
via atomic ops, as was done for changes to DBusConnection's refcount in
1.4.12 (fd.o #38005, Simon McVittie)
• Fix a file descriptor leak when connecting to a TCP socket (fd.o #37258,
Simon McVittie)
• Make "make check" in a clean tree work, by not running tests until
test data has been set up (fd.o #34405, Simon McVittie)
• The dbus-daemon no longer busy-loops if it has a very large number of file
descriptors (fd.o #23194, Simon McVittie)
• Refactor message flow through dispatching to avoid locking violations if
the bus daemon's message limit is hit; remove the per-connection link cache,
which was meant to improve performance, but now reduces it (fd.o #34393,
Simon McVittie)
• Some cmake fixes (Ralf Habacker)
• Remove dead code, mainly from DBusString (fd.o #38570, fd.o #39610;
Simon McVittie, Lennart Poettering)
• Stop storing two extra byte order indicators in each D-Bus message
(fd.o #38287, Simon McVittie)
• Add an optional Stats interface which can be used to get statistics from
a running dbus-daemon if enabled at configure time with --enable-stats
(fd.o #34040, Simon McVittie)
• Fix various typos (fd.o #27227, fd.o #38284; Sascha Silbe, Simon McVittie)
• Documentation (fd.o #36156, Simon McVittie):
· let xsltproc be overridden as usual: ./configure XSLTPROC=myxsltproc
· install more documentation automatically, including man2html output
· put dbus.devhelp in the right place (it must go in ${htmldir})
• Unix-specific:
· look for system services in /lib/dbus-1/system-services in addition to all
the other well-known locations; note that this should always be /lib,
even on platforms where shared libraries on the root FS would go in /lib64,
/lib/x86_64-linux-gnu or similar (fd.o #35229, Lennart Poettering)
· opt-in to fd passing on Solaris (fd.o #33465, Simon McVittie)
• Windows-specific (Ralf Habacker):
· fix use of a mutex for autolaunch server detection
· don't crash on malloc failure in _dbus_printf_string_upper_bound
D-Bus 1.5.4 (2011-06-10)
==
Security (local denial of service):
• Byte-swap foreign-endian messages correctly, preventing a long-standing
local DoS if foreign-endian messages are relayed through the dbus-daemon
(backporters: this is git commit c3223ba6c401ba81df1305851312a47c485e6cd7)
(CVE-2011-2200, fd.o #38120, Debian #629938; Simon McVittie)
New things:
• The constant to use for an infinite timeout now has a name,
DBUS_TIMEOUT_INFINITE. It is numerically equivalent to 0x7fffffff (INT32_MAX)
which can be used for source compatibility with older versions of libdbus.
• If GLib and DBus-GLib are already installed, more tests will be built,
providing better coverage. The new tests can also be installed via
./configure --enable-installed-tests
for system integration testing, if required. (fd.o #34570, Simon McVittie)
Changes:
• Consistently use atomic operations for the DBusConnection's refcount,
fixing potential threading problems (fd.o #38005, Simon McVittie)
• Don't use -Wl,--gc-sections by default: in practice the size decrease is
small (300KiB on x86-64) and it frequently doesn't work in unusual
toolchains. To optimize for minimum installed size, you should benchmark
various possibilities for CFLAGS and LDFLAGS, and set the best flags for
your particular toolchain at configure time. (fd.o #33466, Simon McVittie)
• Use #!/bin/sh for run-with-tmp-session-bus.sh, making it work on *BSD
(fd.o #35880, Timothy Redaelli)
• Use ln -fs to set up dbus for systemd, which should fix reinstallation
when not using a DESTDIR (fd.o #37870, Simon McVittie)
• Windows-specific changes:
· don't try to build dbus-daemon-launch-helper (fd.o #37838, Mark Brand)
D-Bus 1.5.2 (2011-06-01)
==
The "Boar Hunter" release.
Notes for distributors:
This version of D-Bus no longer uses -fPIE by default. Distributions wishing
to harden the dbus-daemon and dbus-launch-helper can re-enable this if their
toolchain supports it reliably, via something like:
./configure CFLAGS=-fPIE LDFLAGS="-pie -Wl,-z,relro"
or by using distribution-specific wrappers such as Debian's hardening-wrapper.
Changes:
• D-Bus Specification v0.17
· Reserve the extra characters used in signatures by GVariant
(fd.o #34529, Simon McVittie)
· Define the ObjectManager interface (fd.o #34869, David Zeuthen)
• Don't force -fPIE: distributions and libtool know better than we do whether
it's desirable (fd.o #16621, fd.o #27215; Simon McVittie)
• Allow --disable-gc-sections, in case your toolchain offers the
-ffunction-sections, -fdata-sections and -Wl,--gc-sections options
but they're broken, as seen on Solaris (fd.o #33466, Simon McVittie)
• Install dbus-daemon and dbus-daemon-launch-helper in a more normal way
(fd.o #14512; Simon McVittie, loosely based on a patch from Luca Barbato)
• Ensure that maintainers upload documentation with the right permissions
(fd.o #36130, Simon McVittie)
• Don't force users of libdbus to be linked against -lpthread, -lrt
(fd.o #32827, Simon McVittie)
• Log system-bus activation information to syslog (fd.o #35705,
Colin Walters)
• Log messages dropped due to quotas to syslog (fd.o #35358,
Simon McVittie)
• Make the nonce-tcp transport work on Unix (fd.o #34569, Simon McVittie)
• On Unix, if /var/lib/dbus/machine-id cannot be read, try /etc/machine-id
(fd.o #35228, Lennart Poettering)
• In the regression tests, don't report fds as "leaked" if they were open
on startup (fd.o #35173, Simon McVittie)
• Make dbus-monitor bail out if asked to monitor more than one bus,
rather than silently using the last one (fd.o #26548, Will Thompson)
• Clarify documentation (fd.o #35182, Simon McVittie)
• Clean up minor dead code and some incorrect error handling
(fd.o #33128, fd.o #29881; Simon McVittie)
• Check that compiler options are supported before using them (fd.o #19681,
Simon McVittie)
• Windows:
• Remove obsolete workaround for winioctl.h (fd.o #35083, Ralf Habacker)
D-Bus 1.5.0 (2011-04-11)
==
The "you never know when you need to tow something from your giant
flying shark" release.
• D-Bus Specification v0.16
· Add support for path_namespace and arg0namespace in match rules
(fd.o #24317, #34870; Will Thompson, David Zeuthen, Simon McVittie)
· Make argNpath support object paths, not just object-path-like strings,
and document it better (fd.o #31818, Will Thompson)
• Let the bus daemon implement more than one interface (fd.o #33757,
Simon McVittie)
• Optimize _dbus_string_replace_len to reduce waste (fd.o #21261,
Roberto Guido)
• Require user intervention to compile with missing 64-bit support
(fd.o #35114, Simon McVittie)
• Add dbus_type_is_valid as public API (fd.o #20496, Simon McVittie)
• Raise UnknownObject instead of UnknownMethod for calls to methods on
paths that are not part of the object tree, and UnknownInterface for calls
to unknown interfaces in the bus daemon (fd.o #34527, Lennart Poettering)
D-Bus 1.4.8 (2011-04-08)
==
The "It's like the beginning of a lobster" release.
• Rename configure.in to configure.ac, and update it to modern conventions
(fd.o #32245; Javier Jardón, Simon McVittie)
• Correctly give XDG_DATA_HOME priority over XDG_DATA_DIRS (fd.o #34496,
Anders Kaseorg)
• Prevent X11 autolaunching if $DISPLAY is unset or empty, and add
--disable-x11-autolaunch configure option to prevent it altogether
in embedded environments (fd.o #19997, NB#219964; Simon McVittie)
• Install the documentation, and an index for Devhelp (fd.o #13495,
Debian #454142; Simon McVittie, Matthias Clasen)
• If checks are not disabled, check validity of string-like types and
booleans when sending them (fd.o #16338, NB#223152; Simon McVittie)
• Add UnknownObject, UnknownInterface, UnknownProperty and PropertyReadOnly
errors to dbus-shared.h (fd.o #34527, Lennart Poettering)
• Break up a huge conditional in config-parser so gcov can produce coverage
data (fd.o #10887, Simon McVittie)
• List which parts of the Desktop Entry specification are applicable to
.service files (fd.o #19159, Sven Herzberg)
• Don't suppress service activation if two services have the same Exec=
(fd.o #35750, Colin Walters)
• Windows:
· Avoid the name ELEMENT_TYPE due to namespace-pollution from winioctl.h
(Andre Heinecke)
· Include _dbus_path_is_absolute in libdbus on Windows, fixing compilation
(fd.o #32805, Mark Brand)
D-Bus 1.4.6 (2010-02-17)
==
The "1, 2, miss a few, 99, 100" release.
• Remove unfinished changes intended to support GTest-based tests,
which were mistakenly included in 1.4.4
D-Bus 1.4.4 (2010-02-17)
==
• Switch back to using even micro versions for stable releases; 1.4.1
should have been called 1.4.2, so skip that version number
• Don't leave bad file descriptors being watched when spawning processes,
which could result in a busy-loop (fd.o #32992, NB#200248; possibly
also LP#656134, LP#680444, LP#713157)
• Check for MSG_NOSIGNAL correctly
• Fix failure to detect abstract socket support (fd.o #29895)
• Make _dbus_system_logv actually exit with DBUS_SYSTEM_LOG_FATAL
(fd.o #32262, NB#180486)
• Improve some error code paths (fd.o #29981, fd.o #32264, fd.o #32262,
fd.o #33128, fd.o #33277, fd.o #33126, NB#180486)
• Avoid possible symlink attacks in /tmp during compilation (fd.o #32854)
• Tidy up dead code (fd.o #25306, fd.o #33128, fd.o #34292, NB#180486)
• Improve gcc malloc annotations (fd.o #32710)
• If the system bus is launched via systemd, protect it from the OOM killer
• Documentation improvements (fd.o #11190)
• Avoid readdir_r, which is difficult to use correctly (fd.o #8284,
fd.o #15922, LP#241619)
• Cope with invalid files in session.d, system.d (fd.o #19186,
Debian #230231)
• Don't distribute generated files that embed our builddir (fd.o #30285,
fd.o #34292)
• Raise the system bus's fd limit to be sufficient for its configuration
(fd.o #33474, LP#381063)
• Fix syslog string processing
• Ignore -Waddress
• Remove broken gcov parsing code and --enable-gcov, and replace them
with lcov HTML reports and --enable-compiler-coverage (fd.o #10887)
• Windows:
· avoid live-lock in Windows CE due to unfair condition variables
• OpenBSD:
· support credentials-passing (fd.o #32542)
• Solaris:
· opt-in to thread safety (fd.o #33464)
D-Bus 1.4.1 (20 December 2010)
==
• Fix for CVE-2010-4352: sending messages with excessively-nested variants can
crash the bus. The existing restriction to 64-levels of nesting previously
only applied to the static type signature; now it also applies to dynamic
nesting using variants. Thanks to Rémi Denis-Courmont for discoving this
issue.
• OS X portability fixes, including launchd support.
• Windows autolaunch improvements.
• Various bug fixes.
D-Bus 1.4.0 (6 Sep 2010)
==
- systemd hookup
D-Bus 1.3.1 (23 June 2010)
==
- New standardized PropertiesChanged signal in the properties interface
- Various portability fixes, in particular to Windows platforms
- Support forking bus services, for compatibility
D-Bus 1.3.0 (29 July 2009)
==
- ability for dbus-send to send to any bus (--address)
- file descriptor passing on Unix socket transports
- use of GCC atomic intrinsics for better processor support
(requires -march=i486 or above for x86 compilation)
- thread-safe FD_CLOEXEC setting on recent Linux kernels (2.6.24-27 and up)
and glibc (2.9 for pipe2 and 2.10 for accept4)
- feature negotiation in the bus daemon