4350 lines
167 KiB
Plaintext
4350 lines
167 KiB
Plaintext
LADI dbus 1.15.4.2 (2023-06-01)
|
||
========================
|
||
|
||
• seat support is now also possible via elogind
|
||
|
||
LADI dbus 1.15.4.1 (2023-05-24)
|
||
========================
|
||
|
||
Behaviour changes:
|
||
|
||
• Reverse switch removal of abstract socket support
|
||
that happened in release 1.15.2
|
||
https://gitea.ladish.org/LADI/dbus/issues/1
|
||
https://gitlab.freedesktop.org/dbus/dbus/-/issues/416
|
||
|
||
dbus 1.15.4 (2023-02-08)
|
||
========================
|
||
|
||
Dependencies:
|
||
|
||
• Building with CMake now requires CMake ≥ 3.9.
|
||
|
||
Build-time configuration changes:
|
||
|
||
• On Unix platforms, a path in the runtime state directory (often /run)
|
||
is now used for the well-known system bus socket by default. OS
|
||
distributors should check that the path used is equivalent to the
|
||
interoperable path /var/run/dbus/system_bus_socket, especially if
|
||
running on an OS where /var/run is not guaranteed to be a symbolic
|
||
link to /run.
|
||
(dbus#180; Issam E. Maghni, Simon McVittie)
|
||
· With Autotools, this is controlled by --runstatedir, which defaults
|
||
to ${localstatedir}/run but is often set to /run by OS distributors.
|
||
The path to the system bus socket can be overridden with the
|
||
--with-system-socket option if required.
|
||
· With CMake, this is controlled by the RUNSTATEDIR option, which has
|
||
behaviour similar to Autotools. There is no separate option for the
|
||
path to the system bus socket.
|
||
· With Meson, this is controlled by the runtime_dir option, which
|
||
defaults to /run if the installation prefix is set to /usr, or has
|
||
behaviour similar to Autotools otherwise. The path to the system bus
|
||
socket can be overridden with the system_socket option if required.
|
||
|
||
Denial of service fixes:
|
||
|
||
• Fix an incorrect assertion that could be used to crash dbus-daemon or
|
||
other users of DBusServer prior to authentication, if libdbus was compiled
|
||
with assertions enabled.
|
||
We recommend that production builds of dbus, for example in OS distributions,
|
||
should be compiled with checks but without assertions.
|
||
(dbus#421, Ralf Habacker; thanks to Evgeny Vereshchagin)
|
||
|
||
Enhancements:
|
||
|
||
• D-Bus Specification 0.41:
|
||
· Clarify handling of /run vs. /var/run on Unix systems
|
||
(dbus#180, Simon McVittie)
|
||
|
||
• Add dbus_connection_set_builtin_filters_enabled(), intended to be called
|
||
by tools that use BecomeMonitor() such as dbus-monitor
|
||
(dbus#301, Kai A. Hiller)
|
||
|
||
• When using the Meson build system, dbus can now be used as a subproject.
|
||
To avoid colliding with a separate system copy of dbus, building it as a
|
||
static library with tests, tools and the message bus disabled is
|
||
strongly recommended. See test/use-as-subproject for sample code.
|
||
(dbus!368, dbus!388; Daniel Wagner)
|
||
|
||
Other fixes:
|
||
|
||
• When connected to a dbus-broker, stop dbus-monitor from incorrectly
|
||
replying to Peer method calls that were sent to the dbus-broker with
|
||
a NULL destination (dbus#301, Kai A. Hiller)
|
||
|
||
• Fix out-of-bounds varargs read in the dbus-daemon's config-parser.
|
||
This is not attacker-triggerable and appears to be harmless in practice,
|
||
but is technically undefined behaviour and is detected as such by
|
||
AddressSanitizer. (dbus!357, Evgeny Vereshchagin)
|
||
|
||
• Avoid a data race in multi-threaded use of DBusCounter
|
||
(dbus#426, Ralf Habacker)
|
||
|
||
• Fix a crash with some glibc versions when non-auditable SELinux events
|
||
are logged (dbus!386, Jeremi Piotrowski)
|
||
|
||
• If dbus_message_demarshal() runs out of memory while validating a message,
|
||
report it as NoMemory rather than InvalidArgs (dbus#420, Simon McVittie)
|
||
|
||
• Use C11 _Alignof if available, for better standards-compliance
|
||
(dbus!389, Khem Raj)
|
||
|
||
• Stop including an outdated copy of pkg.m4 in the git tree
|
||
(dbus!365, Simon McVittie)
|
||
|
||
• Meson build fixes:
|
||
· Use -fvisibility=hidden on Unix if supported, in particular on Linux
|
||
(dbus!383, dbus#437; Simon McVittie)
|
||
· Fix build on macOS, and any other platform that has
|
||
CLOCK_MONOTONIC but not pthread_condattr_setclock()
|
||
(dbus#419, Jordan Williams)
|
||
|
||
• Documentation:
|
||
· Consistently use Gitlab bug reporting URL (dbus!372, Marco Trevisan)
|
||
|
||
• Licensing:
|
||
· Use MIT license for some test files that did not previous specify a
|
||
license, with permission from their authors (dbus!359, Simon McVittie)
|
||
· Add more SPDX/REUSE license markers
|
||
(dbus!311, dbus!369, dbus!370, dbus!371, dbus!375, dbus!376;
|
||
Ralf Habacker, Simon McVittie)
|
||
· Correct syntax of some SPDX license markers (dbus!360, Ralf Habacker)
|
||
|
||
• Tests fixes:
|
||
· Fix an assertion failure in test-autolaunch-win
|
||
(dbus#422, Ralf Habacker)
|
||
· Expand test coverage under CMake (dbus!322, Ralf Habacker)
|
||
· Fix the test-apparmor-activation test after dbus#416
|
||
(dbus!380, Dave Jones)
|
||
|
||
Internal changes:
|
||
|
||
• Add static assertions for some things we assume about pointers
|
||
(dbus!345, Simon McVittie)
|
||
|
||
• Refactoring (dbus!356, dbus#430, dbus#431; Simon McVittie, Xin Shi)
|
||
|
||
• Fix CI builds with recent git versions (dbus#447, Simon McVittie)
|
||
|
||
• Build dbus with clang during CI (dbus!358, Evgeny Vereshchagin)
|
||
|
||
dbus 1.15.2 (2022-10-05)
|
||
========================
|
||
|
||
This development release incorporates the same denial-of-service fixes and
|
||
security hardening as dbus 1.14.4.
|
||
|
||
Behaviour changes:
|
||
|
||
• On Linux, dbus-daemon and other uses of DBusServer now create a
|
||
path-based Unix socket, unix:path=..., when asked to listen on a
|
||
unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to
|
||
unix:dir=... on all platforms.
|
||
Previous versions would have created an abstract socket, unix:abstract=...,
|
||
in this situation.
|
||
This change primarily affects the well-known session bus when run via
|
||
dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring
|
||
dbus with --enable-user-session and running it on a systemd system,
|
||
already used path-based Unix sockets and is unaffected by this change.
|
||
This behaviour change prevents a sandbox escape via the session bus socket
|
||
in sandboxing frameworks that can share the network namespace with the host
|
||
system, such as Flatpak.
|
||
This change might cause a regression in situations where the abstract socket
|
||
is intentionally shared between the host system and a chroot or container,
|
||
such as some use-cases of schroot(1). That regression can be resolved by
|
||
using a bind-mount to share either the D-Bus socket, or the whole /tmp
|
||
directory, with the chroot or container.
|
||
(dbus#416, Simon McVittie)
|
||
|
||
Denial of service fixes:
|
||
|
||
Evgeny Vereshchagin discovered several ways in which an authenticated
|
||
local attacker could cause a crash (denial of service) in
|
||
dbus-daemon --system or a custom DBusServer. In uncommon configurations
|
||
these could potentially be carried out by an authenticated remote attacker.
|
||
|
||
• An invalid array of fixed-length elements where the length of the array
|
||
is not a multiple of the length of the element would cause an assertion
|
||
failure in debug builds or an out-of-bounds read in production builds.
|
||
This was a regression in version 1.3.0.
|
||
(dbus#413, CVE-2022-42011; Simon McVittie)
|
||
|
||
• A syntactically invalid type signature with incorrectly nested parentheses
|
||
and curly brackets would cause an assertion failure in debug builds.
|
||
Similar messages could potentially result in a crash or incorrect message
|
||
processing in a production build, although we are not aware of a practical
|
||
example. (dbus#418, CVE-2022-42010; Simon McVittie)
|
||
|
||
• A message in non-native endianness with out-of-band Unix file descriptors
|
||
would cause a use-after-free and possible memory corruption in production
|
||
builds, or an assertion failure in debug builds. This was a regression in
|
||
version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie)
|
||
|
||
Enhancements:
|
||
|
||
• D-Bus Specification 0.40 (dbus#416, Simon McVittie)
|
||
· Clarify that unix:tmpdir is not required to use abstract sockets,
|
||
even where supported
|
||
· Mention implications of abstract sockets for Linux namespacing
|
||
|
||
dbus 1.15.0 (2022-09-22)
|
||
========================
|
||
|
||
Dependencies:
|
||
|
||
• On platforms where a pointer is larger than 64 bits, dbus requires at
|
||
least a C11 compiler.
|
||
On other platforms, dbus now requires either a C99 compiler such as
|
||
gcc or clang, or Microsoft Visual Studio 2015 or later. Some workarounds
|
||
for pre-C99 environments are currently still present, but we plan to
|
||
remove them during this development cycle.
|
||
|
||
• Building with CMake now requires CMake ≥ 3.4.
|
||
|
||
• Building with Meson requires Meson ≥ 0.56 and Python ≥ 3.5.
|
||
|
||
Feature removal:
|
||
|
||
• Remove support for the obsolete pam_console and pam_foreground modules
|
||
(the Autotools --with-console-auth-dir= and CMake -DDBUS_CONSOLE_AUTH_DIR=
|
||
options, which have been deprecated since dbus 1.11.18).
|
||
(dbus#181, fd.o#101629)
|
||
|
||
Build-time configuration changes:
|
||
|
||
• Add a Meson build system. This is currently considered experimental,
|
||
but the intention is for it to replace Autotools and/or CMake in future
|
||
releases, preferably both. Please test!
|
||
(dbus!303, dbus!325; Félix Piédallu, Marc-André Lureau, Simon McVittie)
|
||
· This requires Meson 0.56 or newer, and Python 3.5 or newer.
|
||
· Expat can be built as a subproject using Meson's "wrap" mechanism,
|
||
if desired. This should make it considerably easier to build dbus
|
||
for Windows or other platforms without a library packaging system.
|
||
· GLib can also be built as a subproject using Meson's "wrap" mechanism,
|
||
if desired. This should make it considerably easier to build full
|
||
test coverage on Windows or other platforms without a library
|
||
packaging system.
|
||
|
||
• Please note that not all Meson build options correspond 1:1 to how
|
||
the closest equivalents in Autotools or CMake behave, and the Meson
|
||
build options are subject to change.
|
||
Distributors and developers evaluating the Meson build should check
|
||
that they are configuring dbus the way they intend to.
|
||
|
||
Enhancements:
|
||
|
||
• D-Bus Specification 0.39:
|
||
· Document how to represent internationalized domain names in D-Bus
|
||
names (dbus!324, Simon McVittie)
|
||
· Improve documentation of AF_UNIX sockets (Marc-André Lureau)
|
||
|
||
• On Unix, speed up closing file descriptors for subprocesses by using
|
||
closefrom() or close_range() where available
|
||
(dbus#278; rim, Simon McVittie)
|
||
|
||
• On Windows, dbus can now use AF_UNIX sockets, not just TCP.
|
||
This requires Windows 10 build 17063 or later at runtime,
|
||
and either Windows 10 SDK 17063 or mingw-w64 version 9.0.0 or later
|
||
at compile-time. (dbus!249, Marc-André Lureau)
|
||
|
||
• Teach dbus-send to handle variants in containers: arrays of variants,
|
||
variant values in dictionaries, and nested variants
|
||
(dbus!206, Frederik Van Bogaert)
|
||
|
||
• Detect programming errors with Windows mutexes if assertions are
|
||
enabled, similar to what we already did for pthreads mutexes
|
||
(dbus#369, Ralf Habacker)
|
||
|
||
• Move license text into LICENSES, and start to use SPDX markers
|
||
(Simon McVittie, Ralf Habacker)
|
||
|
||
Fixes:
|
||
|
||
• Portability to CPU architectures with larger-than-64-bit pointers
|
||
(dbus!335, dbus!318; Alex Richardson)
|
||
|
||
• Fix build failure on FreeBSD (dbus!277, Alex Richardson)
|
||
|
||
• Fix build failure on macOS with launchd enabled
|
||
(dbus!287, Dawid Wróbel)
|
||
|
||
• Preserve errno on failure to open /proc/self/oom_score_adj
|
||
(dbus!285, Gentoo#834725; Mike Gilbert)
|
||
|
||
• Improve dbus-launch --autolaunch so it can pick up an existing bus from
|
||
Linux XDG_RUNTIME_DIR or macOS launchd, even if X11 autolaunching was
|
||
disabled (dbus#385, dbus#392; Simon McVittie, Alex Richardson)
|
||
|
||
• Correctly escape AF_UNIX socket paths when converting them to D-Bus
|
||
address strings (dbus#405, Marc-André Lureau)
|
||
|
||
• On Linux, don't log warnings if oom_score_adj is read-only but does not
|
||
need to be changed (dbus!291, Simon McVittie)
|
||
|
||
• Slightly improve error-handling for inotify
|
||
(dbus!235, Simon McVittie)
|
||
|
||
• Don't crash if dbus-daemon is asked to watch more than 128 directories
|
||
for changes (dbus!302, Jan Tojnar)
|
||
|
||
• Silence various compiler warnings
|
||
(dbus!275, dbus!289, dbus!305, dbus!307, dbus!312, dbus!315;
|
||
Ralf Habacker, Simon McVittie, Alex Richardson, Marc-André Lureau)
|
||
|
||
• On Windows, use safer locking patterns for the system-global mutex used
|
||
to implement autolaunching (dbus#368, dbus#370; Ralf Habacker)
|
||
|
||
• Index dbus-arch-deps.h for API documentation when building out-of-tree
|
||
(dbus!312, Marc-André Lureau)
|
||
|
||
• Silence xmlto warnings when building man pages
|
||
(dbus!312, Marc-André Lureau)
|
||
|
||
• Fix build failure when checks are disabled but assertions are enabled
|
||
(dbus#412, Johannes Kauffmann)
|
||
|
||
• Use C99 flexible arrays in the memory pool implementation for better
|
||
support for modern compilers
|
||
(dbus!343, dbus!344; Alex Richardson, Simon McVittie)
|
||
|
||
• Autotools build system fixes:
|
||
· Don't treat --with-x or --with-x=yes as a request to disable X11,
|
||
fixing a regression in 1.13.20. Instead, require X11 libraries and
|
||
fail if they cannot be detected. (dbus!263, Lars Wendler)
|
||
· When a CMake project uses an Autotools-built libdbus in a
|
||
non-standard prefix, find dbus-arch-deps.h successfully
|
||
(dbus#314, Simon McVittie)
|
||
· Don't include generated XML catalog in source releases
|
||
(dbus!317, Jan Tojnar)
|
||
· Improve robustness of detecting gcc __sync atomic builtins
|
||
(dbus!320, Alex Richardson)
|
||
|
||
• CMake build system fixes:
|
||
· Detect endianness correctly, fixing interoperability with other D-Bus
|
||
implementations on big-endian systems (dbus#375, Ralf Habacker)
|
||
· Fix a race condition generating man pages and HTML documentation
|
||
(dbus#381, Ralf Habacker)
|
||
· When building for Unix, install session and system bus setup
|
||
in the intended locations
|
||
(dbus!267, dbus!297; Ralf Habacker, Alex Richardson)
|
||
· Detect setresuid() and getresuid() (dbus!319, Alex Richardson)
|
||
· Detect backtrace() on FreeBSD (dbus!281, Alex Richardson)
|
||
· Don't include headers from parent directory (dbus!282, Alex Richardson)
|
||
· Fix -Wunused-command-line-argument on FreeBSD
|
||
(dbus!278, Alex Richardson)
|
||
· Only add warning flags if the compiler supports them
|
||
(dbus!276, Alex Richardson)
|
||
· Distinguish between host and target TMPDIR when cross-compiling
|
||
(dbus!279, Alex Richardson)
|
||
· Improve compiler warning detection (dbus#387, Ralf Habacker)
|
||
· Allow TEST_SOCKET_DIR to be overridden (dbus!295, Ralf Habacker)
|
||
· Fix detection of atomic operations (dbus!306, Alex Richardson)
|
||
· Use DWARF 2 instead of STABS for debug symbols on Windows, for
|
||
compatibility with newer gcc versions (dbus!323, Marc-André Lureau)
|
||
· Fix use of paths relative to the dbus project directory when dbus is
|
||
vendored into a larger CMake project (dbus!332, Jordan Williams)
|
||
|
||
Tests and CI enhancements:
|
||
|
||
• Add an automated test for Windows autolaunching
|
||
(dbus#235, Ralf Habacker)
|
||
|
||
• Avoid compiler warnings in test code
|
||
(dbus#383, dbus!274, dbus!275; Simon McVittie, Ralf Habacker)
|
||
|
||
• Avoid LeakSanitizer warnings in test code
|
||
(dbus!326, Simon McVittie)
|
||
|
||
• Speed up a particularly slow unit test by a factor of 30
|
||
(dbus!328, Simon McVittie)
|
||
|
||
• On Unix, skip tests that switch uid if run in a container that is
|
||
unable to do so, instead of failing (dbus#407, Simon McVittie)
|
||
|
||
• On Unix, consistently create test sockets in DBUS_TEST_SOCKET_DIR and
|
||
not the build directory, allowing the build directory to be mounted with
|
||
a non-POSIX filesystem (dbus!334, Alex Richardson)
|
||
|
||
• Gitlab-CI improvements
|
||
(dbus#383, dbus#388, dbus!262, dbus!288, dbus!292, dbus!296, dbus!299,
|
||
dbus!301;
|
||
Ralf Habacker, Simon McVittie, Alex Richardson)
|
||
|
||
• Added FreeBSD Gitlab-CI build jobs
|
||
(dbus!280, dbus!347; Alex Richardson)
|
||
|
||
• Use the latest MSYS2 packages for CI
|
||
(Ralf Habacker, Simon McVittie)
|
||
|
||
dbus 1.14.0 (2022-02-28)
|
||
========================
|
||
|
||
1.14.x is a new stable branch, superseding 1.12.x.
|
||
|
||
Summary of major changes between 1.12.x and 1.14.0
|
||
--------------------------------------------------
|
||
|
||
Dependencies:
|
||
|
||
• dbus now requires at least a basic level of support for C99 variadic
|
||
macros, as implemented in gcc >= 3, all versions of Clang, and
|
||
MSVC >= 2005. In practice this requirement has existed since version
|
||
1.9.2, but it is now official.
|
||
|
||
• dbus now requires a C99-compatible va_copy() macro (or a __va_copy()
|
||
macro with the same behaviour), except when building for Windows using
|
||
MSVC and CMake.
|
||
|
||
• On Unix platforms, if getpwnam_r() and getgrnam_r() are implemented,
|
||
they must be POSIX-conformant. The non-POSIX signature seen in ancient
|
||
Solaris versions will no longer work.
|
||
|
||
• All Windows builds now require Windows Vista or later.
|
||
(Note that we do not recommend or support use of dbus on operating
|
||
systems outside their vendor's security support lifetime, such as Vista.)
|
||
|
||
• GLib >= 2.38 is required if full test coverage is enabled
|
||
(reduced from 2.40 in dbus 1.12.x.)
|
||
|
||
• Building using CMake now requires CMake 3.4.
|
||
|
||
• Building documentation using CMake now requires xsltproc, Docbook DTDs
|
||
(for example docbook-xml on Debian derivatives), and Docbook XSLT
|
||
stylesheets (for example docbook-xsl on Debian derivatives). Using
|
||
KDE's meinproc4 documentation processor is no longer supported.
|
||
|
||
Build-time configuration changes:
|
||
|
||
• Move CMake build system to top level, matching normal practice for
|
||
CMake projects
|
||
|
||
Deprecations:
|
||
|
||
• Third-party software should install default dbus policies for the system
|
||
bus into ${datadir}/dbus-1/system.d (this has been supported since dbus
|
||
1.10, released in August 2015). Installing default dbus policies in
|
||
${sysconfdir}/dbus-1/system.d is now considered to be deprecated. Policy
|
||
files in ${sysconfdir}/dbus-1/system.d continue to be read, but this
|
||
directory should only be used by system administrators wishing to
|
||
override the default policies.
|
||
|
||
The ${datadir} applicable to dbus is usually /usr/share and the
|
||
${sysconfdir} is usually /etc.
|
||
|
||
• A similar pattern applies to the session bus policies in session.d.
|
||
|
||
• The dbus-send(1) man page now documents --bus and --peer instead of
|
||
the old --address synonym for --peer, which has been deprecated since
|
||
the introduction of --bus and --peer in 1.7.6
|
||
|
||
• The dbus-daemon man page now has scarier warnings about
|
||
<allow_anonymous/> and non-local TCP, which are insecure and should
|
||
not be used, particularly for the standard system and session buses
|
||
|
||
• DBusServer (and hence the dbus-daemon) no longer accepts usernames
|
||
(login names) for the recommended EXTERNAL authentication mechanism,
|
||
only numeric user IDs or the empty string. See 1.13.0 release notes
|
||
for full details.
|
||
|
||
New features:
|
||
|
||
• On Linux 4.13 or later when built against a suitable glibc version,
|
||
GetConnectionCredentials() now includes UnixGroupIDs, the effective
|
||
group IDs of the initiator of the connection, taken from
|
||
SO_PEERGROUPS.
|
||
|
||
• On Linux 4.13 or later, <policy group="…"> now uses the SO_PEERGROUPS
|
||
credentials-passing socket option to get the effective group IDs
|
||
of the initiator of the connection. See 1.13.4 release notes for details.
|
||
|
||
• Add a --sender option to dbus-send, which requests a name and holds it
|
||
until the signal has been sent
|
||
|
||
• dbus-daemon <allow> and <deny> rules can now specify a
|
||
send_destination_prefix attribute, which is like a combination of
|
||
send_destination and the arg0namespace keyword in match rules.
|
||
See 1.13.12 release notes for more details
|
||
|
||
• The dbus-daemon now filters the messages that it relays, removing
|
||
header fields that it does not understand. Clients must not rely on
|
||
this behaviour unless they have confirmed that they are connected to
|
||
a suitable message bus implementation, for example by querying its
|
||
Features property.
|
||
|
||
• The dbus-daemon now emits a signal, ActivatableServicesChanged, when
|
||
the list of activatable services may have changed. Support for this
|
||
signal can be discovered by querying the Features property.
|
||
|
||
• It is now possible to disable traditional (non-systemd) service
|
||
activation at build-time (Autotools: --disable-traditional-activation,
|
||
CMake: -DENABLE_TRADITIONAL_ACTIVATION=OFF). See 1.13.10 release notes
|
||
for details.
|
||
|
||
• The API reference manual can be built as a Qt compiled help file if
|
||
qhelpgenerator(-qt5) is available. See 1.13.16 release notes for details.
|
||
|
||
Miscellaneous behaviour changes:
|
||
|
||
• When using the "user bus" (--enable-user-session), put the dbus-daemon
|
||
in the session slice
|
||
|
||
• Several environment variables set by systemd are no longer passed
|
||
on to activated services
|
||
|
||
• If the dbus-daemon is compiled for Linux with systemd support, it
|
||
now informs systemd that it is ready for use via the sd_notify()
|
||
mechanism
|
||
|
||
• Tarball releases no longer contain pre-2007 changelogs and are now
|
||
compressed with xz, making them around 35% smaller.
|
||
|
||
Changes since 1.13.22
|
||
---------------------
|
||
|
||
• On Windows, consistently use msvcrt.dll-style printf formats, fixing
|
||
builds with mingw-w64 8.0.0 (dbus#380, Simon McVittie)
|
||
|
||
• Fix some broken links in the API design document
|
||
(dbus!257, Michael Nosthoff)
|
||
|
||
• CI updates
|
||
· Enable -Werror for the CMake builds
|
||
· Use https to download MSYS packages
|
||
· Use Debian 11 for most builds
|
||
· Stop testing on Debian 9, which is EOL
|
||
· Stop testing on Ubuntu 16.04, which is EOL
|
||
· Remove workarounds for missing/outdated packages in Debian 8, Debian 9
|
||
and Ubuntu 16.04
|
||
(dbus#380, dbus!260; Simon McVittie)
|
||
|
||
dbus 1.13.22 (2022-02-23)
|
||
=========================
|
||
|
||
This is a release candidate for a new dbus 1.14.x stable branch.
|
||
|
||
Enhancements:
|
||
|
||
• D-Bus Specification 0.38:
|
||
· Add ActivatableServicesChanged signal and feature flag
|
||
(dbus#376, Ralf Habacker)
|
||
· Document * as optionally-escaped in D-Bus addresses, matching
|
||
the implementation (dbus!248, Kir Kolyshkin)
|
||
|
||
• Emit the new ActivatableServicesChanged signal when configuration
|
||
and/or activatable services are reloaded (dbus#376, Ralf Habacker)
|
||
|
||
• Add an XML catalog file for the DTDs we install
|
||
(dbus!202, Jan Tojnar)
|
||
|
||
Bug fixes:
|
||
|
||
• On Linux, when using traditional (non-systemd) service activation,
|
||
don't log warnings about failing to reset OOM score adjustment if the
|
||
process is already more susceptible to the OOM killer, as user processes
|
||
usually are with systemd ≥ 250. (dbus#374, Simon McVittie)
|
||
|
||
• On Linux, when using traditional (non-systemd) system bus activation,
|
||
reset the OOM score adjustment to 0 as intended.
|
||
If the system dbus-daemon is protected from the OOM killer, this
|
||
avoids that protection unintentionally being inherited by every
|
||
system service. (dbus#378, Simon McVittie)
|
||
|
||
• Fix a code path that could result in a crash on out-of-memory
|
||
(dbus#246, Marc-André Lureau)
|
||
|
||
• Fix compilation if embedded tests are enabled but verbose mode and
|
||
stats are both disabled (Marc-André Lureau)
|
||
|
||
• CMake: Improve support for Windows with MSVC and add CI coverage
|
||
(dbus!218, Marc-André Lureau)
|
||
|
||
• CMake: Improve Docbook documentation-generation
|
||
(dbus#377, Ralf Habacker)
|
||
|
||
• On Linux, fix a race condition in the integration test for transient
|
||
services (Debian#1005889, dbus!256; Simon McVittie)
|
||
|
||
dbus 1.13.20 (2021-12-17)
|
||
=========================
|
||
|
||
The “not how anyone wanted to learn the Greek alphabet” release.
|
||
|
||
Dependencies:
|
||
|
||
• Building using CMake now requires CMake 3.4.
|
||
|
||
Enhancements:
|
||
|
||
• D-Bus Specification 0.37:
|
||
· Update recommendations for DBUS_COOKIE_SHA1 timeouts
|
||
(dbus!171, Simon McVittie)
|
||
· Clarify padding requirements for arrays and variants
|
||
(dbus!203, Zeeshan Ali)
|
||
· Describe where the interoperable machine ID comes from
|
||
(dbus!198, Thomas Kluyver)
|
||
· Clarify use of dictionary (array of dict-entry) types
|
||
(dbus#347, Ralf Habacker)
|
||
|
||
• When using the "user bus" (--enable-user-session), put the dbus-daemon
|
||
in the session slice (dbus!219, David Redondo)
|
||
|
||
Feature removal:
|
||
|
||
• Disable the experimental Containers1 interface that was added in 1.13.0.
|
||
It is incomplete and not ready for production use, so we're disabling it
|
||
in preparation for a new 1.14.x stable branch; the code remains present
|
||
and will be re-enabled later, but there is no longer a build-time
|
||
configuration option to enable it. (dbus!236, Simon McVittie)
|
||
|
||
Bug fixes:
|
||
|
||
• Avoid malloc() after fork on non-GNU libc (dbus!181, Jean-Louis Fuchs)
|
||
|
||
• Don't return successfully from RemoveMatch if the match rule didn't
|
||
exist (dbus#351, Simon McVittie)
|
||
|
||
• On Windows, fix a race condition where dbus-run-session could start the
|
||
wrapped application before the dbus-daemon was ready
|
||
(dbus#297, Ralf Habacker)
|
||
|
||
• Fix build with clang 13 by using Standard C offsetof where available
|
||
(dbus!237, Simon McVittie)
|
||
|
||
• Fix build of tests on FreeBSD (dbus!167, Simon McVittie)
|
||
|
||
• Various CMake build improvements
|
||
(dbus#310, dbus!213, dbus#319, dbus!217, dbus#346, dbus#356;
|
||
Ralf Habacker)
|
||
|
||
• Set IMPORTED_IMPLIB property in CMake metadata installed via Autotools
|
||
with mingw toolchain
|
||
(dbus!172, Julien Schueller)
|
||
|
||
• Make documentation build more reproducible
|
||
(dbus!189, dbus!238; Arnout Engelen, Simon McVittie)
|
||
|
||
• On Unix, make X11 autolaunch cope with slashes in DISPLAY
|
||
(dbus#8, dbus#311; William Earley)
|
||
|
||
• Don't try to raise RLIMIT_NOFILE beyond OPEN_MAX on macOS
|
||
(dbus#309, William Earley)
|
||
|
||
• Improve SELinux audit messages (dbus!173, Chris PeBenito)
|
||
|
||
• Validate various strings in dbus-send to avoid client-side assertion
|
||
failures on invalid input (dbus#338, Simon McVittie)
|
||
|
||
• Fix a memory leak in a unit test (dbus!208, David King)
|
||
|
||
• In Autotools builds, use pkg-config in preference to AC_PATH_XTRA
|
||
(dbus!212, Scott Hamilton)
|
||
|
||
• On Windows, prevent (theoretical?) stack buffer overflow with very
|
||
long paths (dbus!221, Ralf Habacker)
|
||
|
||
• Fix build with newer mingw compilers (dbus#355, Ralf Habacker)
|
||
|
||
• Various Windows error-handling fixes
|
||
(dbus!229, dbus#357, dbus#279, dbus#360, dbus#365;
|
||
Ralf Habacker, Simon McVittie)
|
||
|
||
• Clearer diagnostics when tests are skipped (dbus#363, Simon McVittie)
|
||
|
||
• CI improvements
|
||
(dbus#318, dbus!197, dbus!187, dbus!196, dbus!201, dbus#359;
|
||
Simon McVittie, Ralf Habacker, Arnout Engelen, Marc-André Lureau)
|
||
|
||
• Typo fixes, etc.
|
||
(dbus!183, dbus!182; Chigozirim Chukwu, Samy Mahmoudi)
|
||
|
||
dbus 1.13.18 (2020-07-02)
|
||
=========================
|
||
|
||
The “carnivorous border” release.
|
||
|
||
Maybe security fixes:
|
||
|
||
• On Unix, avoid a use-after-free if two usernames have the same
|
||
numeric uid. In older versions this could lead to a crash (denial of
|
||
service) or other undefined behaviour, possibly including incorrect
|
||
authorization decisions if <policy group=...> is used.
|
||
Like Unix filesystems, D-Bus' model of identity cannot distinguish
|
||
between users of different names with the same numeric uid, so this
|
||
configuration is not advisable on systems where D-Bus will be used.
|
||
Thanks to Daniel Onaca.
|
||
(dbus#305, dbus!166, CVE-2020-35512; Simon McVittie)
|
||
|
||
Other fixes:
|
||
|
||
• On Solaris and its derivatives, if a cmsg header is truncated, ensure
|
||
that we do not overrun the buffer used for fd-passing, even if the
|
||
kernel tells us to.
|
||
(dbus#304, dbus!165; Andy Fiddaman)
|
||
|
||
• When built with CMake, use GNUInstallDirs' special-cases for prefixes
|
||
/, /usr and /opt/*
|
||
(dbus!155, Ralf Habacker)
|
||
|
||
• When built with CMake on Linux, allow systemd-specific features to be
|
||
enabled, for feature parity with Autotools
|
||
(dbus!155, Ralf Habacker)
|
||
|
||
• When built with CMake, install the same example files as with Autotools
|
||
(dbus!155, Ralf Habacker)
|
||
|
||
• Correct the doc-comment for DBUS_ERROR_SPAWN_NO_MEMORY
|
||
(dbus!163, Marc-André Lureau)
|
||
|
||
dbus 1.13.16 (2020-06-02)
|
||
=========================
|
||
|
||
The “ominous mushroom hat” release.
|
||
|
||
Denial of service fixes:
|
||
|
||
• CVE-2020-12049: If a message contains more file descriptors than can
|
||
be sent, close those that did get through before reporting error.
|
||
Previously, a local attacker could cause the system dbus-daemon (or
|
||
another system service with its own DBusServer) to run out of file
|
||
descriptors, by repeatedly connecting to the server and sending fds that
|
||
would get leaked.
|
||
Thanks to Kevin Backhouse of GitHub Security Lab.
|
||
(dbus#294, GHSL-2020-057; Simon McVittie)
|
||
|
||
Enhancements:
|
||
|
||
• The API reference manual can be built as a Qt compiled help file if
|
||
qhelpgenerator(-qt5) is available. This is controlled by
|
||
--enable-qt-help and --with-qchdir in the Autotools build, or
|
||
-DENABLE_QT_HELP and -DINSTALL_QCH_DIR in CMake.
|
||
(dbus!150, Ralf Habacker)
|
||
|
||
Fixes:
|
||
|
||
• When built for Windows, return all autolaunch error information in
|
||
the DBusError rather than printing some of it to stderr
|
||
(dbus#191, dbus!131; Ralf Habacker)
|
||
|
||
• When built for Windows, don't truncate long log messages
|
||
(dbus!134, Ralf Habacker)
|
||
|
||
• When built using CMake for a Unix platform, dbus-cleanup-sockets and
|
||
dbus-uuidgen are now included (dbus!154, Ralf Habacker)
|
||
|
||
• When built for Windows with verbose mode enabled, don't print debugging
|
||
messages related to poll() emulation into a fixed-size buffer that
|
||
could overflow (dbus!125, Ralf Habacker)
|
||
|
||
• Adjust .desktop file parser to avoid a Coverity false positive
|
||
(dbus!146, Coverity CID 354884; Ralf Habacker)
|
||
|
||
• Print shell-test diagnostics to stderr, avoiding warnings or errors
|
||
from strict TAP parsers (dbus!157, Félix Piédallu)
|
||
|
||
Tests and CI enhancements:
|
||
|
||
• When the CI cross-builds Windows binaries on Linux, run unit tests
|
||
using Wine (dbus#296, dbus!158; Ralf Habacker)
|
||
|
||
• Really build x86_64 Windows binaries in Gitlab-CI, instead of building
|
||
i686 binaries a second time (Ralf Habacker)
|
||
|
||
• When tests will be run using Wine, use STABS debug symbol format so
|
||
that Wine can display backtraces (dbus#133, dbus!104; Ralf Habacker)
|
||
|
||
dbus 1.13.14 (2020-04-21)
|
||
=========================
|
||
|
||
The “mystery allium” release.
|
||
|
||
Dependencies:
|
||
|
||
• On Unix platforms, if getpwnam_r() and getgrnam_r() are implemented,
|
||
they must be POSIX-conformant. The non-POSIX signature seen in ancient
|
||
Solaris versions will no longer work. (dbus!11, Simon McVittie)
|
||
|
||
Enhancements:
|
||
|
||
• D-Bus Specification 0.36:
|
||
· Fix a typo in an annotated hexdump of part of a message
|
||
(dbus!152, Zygmunt Krynicki)
|
||
|
||
• On Linux, use getrandom(2) in preference to /dev/urandom
|
||
(dbus!147, Natanael Copa)
|
||
|
||
• Add a --sender option to dbus-send, which requests a name and holds it
|
||
until the signal has been sent. (dbus!116, Christopher Morin)
|
||
|
||
Fixes:
|
||
|
||
• Fix a crash when the dbus-daemon is terminated while one or more
|
||
monitors are active (dbus#291, dbus!140; Simon McVittie)
|
||
|
||
• Fix several test failures if the build-time tests were run as uid 0.
|
||
Note that running the tests with elevated privileges is likely to be
|
||
insecure, and should only be attempted in an expendable container or
|
||
virtual machine. (dbus!117, Simon McVittie)
|
||
|
||
• Fix an assertion failure if a client encounters an out-of-memory
|
||
condition while sending its response to the "OK" authentication
|
||
message, and processing of the "OK" message is subsequently retried
|
||
when more memory is available (dbus!119, Simon McVittie)
|
||
|
||
• Don't leak struct addrinfo if we run out of memory during a TCP
|
||
connect()
|
||
(dbus!143, dbus!144, Coverity CID 354880; Ralf Habacker, Simon McVittie)
|
||
|
||
• On Linux with SELinux, don't assume that the system policy has the
|
||
"dbus" security class or the associated AV
|
||
(dbus#198, dbus!128; Laurent Bigonville)
|
||
|
||
• Handle dbus_connection_set_change_sigpipe() in a thread-safe way
|
||
(dbus!132; Simon McVittie, Ralf Habacker)
|
||
|
||
• On Unix, use POSIX <poll.h> in preference to <sys/poll.h>
|
||
(dbus!148, Natanael Copa)
|
||
|
||
• When building with CMake, cope with libX11 in a non-standard location
|
||
(dbus!129, Tuomo Rinne)
|
||
|
||
• On Windows with verbose mode enabled and outputting to the debug port,
|
||
use a dynamically-allocated buffer to avoid potential stack buffer
|
||
overflows in long messages (dbus#45, dbus!133; Ralf Habacker)
|
||
|
||
• The dbus-send(1) man page now documents --bus and --peer instead of
|
||
the old --address synonym for --peer, which has been deprecated since
|
||
the introduction of --bus and --peer in 1.7.6
|
||
(fd.o #48816, dbus!115; Chris Morin)
|
||
|
||
• Fix a wrong environment variable name in dbus-daemon(1)
|
||
(dbus#275, dbus!122; Mubin, Philip Withnall)
|
||
|
||
• Fix formatting of dbus_message_append_args example
|
||
(dbus!126, Felipe Franciosi)
|
||
|
||
Internal changes:
|
||
|
||
• Move more test-only code from dbus/ to tests/
|
||
(dbus!120, dbus!121, dbus!153; Simon McVittie)
|
||
|
||
• Improve diagnostics if memory or fd leaks are detected
|
||
(dbus!118, dbus!120; Simon McVittie)
|
||
|
||
• Move from Debian 9 to Debian 10 for most continuous integration jobs
|
||
(dbus!151, Simon McVittie)
|
||
|
||
• On Windows, improve embedded version information
|
||
(dbus!136, dbus!138, dbus!139; Ralf Habacker)
|
||
|
||
• Indentation fixes (dbus!149, Taras Zaporozhets)
|
||
|
||
dbus 1.13.12 (2019-06-11)
|
||
=========================
|
||
|
||
The “patio squirrel” release.
|
||
|
||
Security fixes:
|
||
|
||
• CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
|
||
authentication for identities that differ from the user running the
|
||
DBusServer. Previously, a local attacker could manipulate symbolic
|
||
links in their own home directory to bypass authentication and connect
|
||
to a DBusServer with elevated privileges. The standard system and
|
||
session dbus-daemons in their default configuration were immune to this
|
||
attack because they did not allow DBUS_COOKIE_SHA1, but third-party
|
||
users of DBusServer such as Upstart could be vulnerable.
|
||
Thanks to Joe Vennix of Apple Information Security.
|
||
(dbus#269, Simon McVittie)
|
||
|
||
Enhancements:
|
||
|
||
• dbus-daemon <allow> and <deny> rules can now specify a
|
||
send_destination_prefix attribute, which is like a combination of
|
||
send_destination and the arg0namespace keyword in match rules: a rule
|
||
with send_destination_prefix="com.example.Foo" matches messages sent to
|
||
any destination that is in the queue to own well-known names like
|
||
com.example.Foo or com.example.Foo.A.B (but not com.example.Foobar).
|
||
(dbus!85, Adrian Szyndela)
|
||
|
||
dbus 1.13.10 (2019-05-13)
|
||
=========================
|
||
|
||
The “engineering brick” release.
|
||
|
||
Dependencies:
|
||
|
||
• GLib >= 2.38 is required if full test coverage is enabled
|
||
(reduced from 2.40 in dbus 1.12.x.)
|
||
|
||
Deprecations:
|
||
|
||
• Third-party software should install default dbus policies for the system
|
||
bus into ${datadir}/dbus-1/system.d (this has been supported since dbus
|
||
1.10, released in August 2015). Installing default dbus policies in
|
||
${sysconfdir}/dbus-1/system.d is now considered to be deprecated. Policy
|
||
files in ${sysconfdir}/dbus-1/system.d continue to be read, but this
|
||
directory should only be used by system administrators wishing to
|
||
override the default policies.
|
||
|
||
The ${datadir} applicable to dbus is usually /usr/share and the
|
||
${sysconfdir} is usually /etc.
|
||
|
||
• A similar pattern applies to the session bus policies in session.d.
|
||
|
||
Enhancements:
|
||
|
||
• D-Bus Specification 0.35:
|
||
· Add UnixGroupIDs to GetConnectionCredentials()
|
||
(dbus#196, dbus!105; Matthijs van Duin)
|
||
· Remove some redundancies from the spec for interface names
|
||
(dbus!102, Felipe Gasper)
|
||
|
||
• Raise soft fd limit to match hard limit, even if unprivileged.
|
||
This makes session buses with many clients, or with clients that make
|
||
heavy use of fd-passing, less likely to suffer from fd exhaustion.
|
||
(dbus!103, Simon McVittie)
|
||
|
||
• On Linux 4.13 or later when built against a suitable glibc version,
|
||
GetConnectionCredentials() now includes UnixGroupIDs, the effective
|
||
group IDs of the initiator of the connection, taken from
|
||
SO_PEERGROUPS. (dbus#196, dbus!105; Matthijs van Duin)
|
||
|
||
• Embedded/special-purpose builds of dbus can now be configured with
|
||
--disable-traditional-activation, to disable services being launched
|
||
as a subprocess of the dbus-daemon. This allows the system dbus-daemon
|
||
to be run in a more tightly restricted security profile (an example
|
||
"drop-in" for systemd is provided).
|
||
|
||
If systemd support is enabled, then services with a SystemdService
|
||
configured can still be activated in these builds, via IPC to systemd.
|
||
Otherwise, services will not be activatable at all.
|
||
|
||
Please note that this option is not suitable for general-purpose
|
||
Linux distributions that are intended to support running third-party
|
||
D-Bus services.
|
||
|
||
(dbus!107, Topi Miettinen)
|
||
|
||
• Move CMake build system to top level, matching normal practice for
|
||
CMake projects (dbus!84, Ralf Habacker)
|
||
|
||
• Reformat CMake files (dbus#252, dbus!82, dbus!91; Ralf Habacker)
|
||
|
||
• Avoid GLib 2.40 dependencies (dbus!79, Ralf Habacker)
|
||
|
||
• Officially deprecate packaged XML policies in ${sysconfdir}, and
|
||
document how to install system services correctly
|
||
(dbus!76, Simon McVittie)
|
||
|
||
• Add AddressSanitizer and ubsan support (dbus!57, Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• If a privileged dbus-daemon has a hard fd limit greater than 64K, don't
|
||
reduce it to 64K, ensuring that we can put back the original fd limits
|
||
when carrying out traditional (non-systemd) activation. This fixes a
|
||
regression with systemd >= 240 in which system services inherited
|
||
dbus-daemon's hard and soft limit of 64K fds, instead of the intended
|
||
soft limit of 1K and hard limit of 512K or 1M.
|
||
(dbus!103, Debian#928877; Simon McVittie)
|
||
|
||
• Fix build failures caused by an AX_CODE_COVERAGE API change in newer
|
||
autoconf-archive versions (dbus#249, dbus!88; Simon McVittie)
|
||
|
||
• Fix build failures with newer autoconf-archive versions that include
|
||
AX_-prefixed shell variable names (dbus#249, dbus!86; Simon McVittie)
|
||
|
||
• Avoid possible memory corruption in certain DBusHashTableIter use
|
||
patterns, which in practice were never used (dbus!44, Simon McVittie)
|
||
|
||
• Avoid a test failure on Linux when built in a container as uid 0, but
|
||
without the necessary privileges to increase resource limits
|
||
(dbus!58, Debian #908092; Simon McVittie)
|
||
|
||
• Don't overwrite PKG_CONFIG_PATH and related environment variables when
|
||
the pkg-config-based version of DBus1Config is used in a CMake project
|
||
(dbus#267, dbus!96; Clemens Lang)
|
||
|
||
• In CMake builds, respect GNUInstallDirs variables
|
||
(dbus!77, Ralf Habacker)
|
||
|
||
• In CMake builds, don't rebuild documentation every time
|
||
(dbus!94, Ralf Habacker)
|
||
|
||
• In CMake builds for Windows, don't require libiconv
|
||
(dbus#262, dbus!100; Ralf Habacker)
|
||
|
||
• Fix intermittent build failures with parallel CMake
|
||
(dbus#266, dbus!113; Simon McVittie)
|
||
|
||
• Don't assume we can set permissions on a directory, for the benefit of
|
||
MSYS and Cygwin builds (dbus#216, dbus!110; Simon McVittie)
|
||
|
||
• Avoid test failures with non-trivial NSS modules
|
||
(dbus#256, dbus!93; Simon McVittie)
|
||
|
||
• Fix test failures in test-syslog and test-sysdeps under Windows
|
||
(dbus#238, dbus#243, dbus!61, dbus!62; Simon McVittie)
|
||
|
||
• Ensure that CTest build-time tests on Windows use the just-built
|
||
libdbus-1-3.dll (dbus!83, Ralf Habacker)
|
||
|
||
• Don't take so long to run test-refs on Windows
|
||
(dbus#244, dbus!65; Ralf Habacker)
|
||
|
||
• Fix memory leaks in tests (dbus!68, Simon McVittie)
|
||
|
||
• Avoid casting user-supplied pointers to DBusBasicValue *, which is
|
||
formally undefined behaviour (dbus!69, Simon McVittie)
|
||
|
||
• Fix a non-exploitable stack array overrun in dbus-run-session on Windows
|
||
(Ralf Habacker)
|
||
|
||
Tests and CI enhancements:
|
||
|
||
• Verify that the result of an Autotools `make dist` can be used for a
|
||
successful CMake build (dbus#255, dbus!87; Simon McVittie)
|
||
|
||
• Rewrite Python tests into C to reduce circular dependencies and
|
||
facilitate use of AddressSanitizer (dbus!37, Simon McVittie)
|
||
|
||
• Refactor tests to extract most of their code from the bus/ and dbus/
|
||
directories, and break them up into smaller modules
|
||
(dbus#223, dbus#240, dbus!1, dbus!99, dbus!73, dbus!74, dbus!75;
|
||
Simon McVittie, Ralf Habacker)
|
||
|
||
• Do CI builds in a more minimal environment (dbus!63, Simon McVittie)
|
||
|
||
• Improve test coverage with CMake (dbus#135, dbus!23; Ralf Habacker)
|
||
|
||
• Avoid firewall exception requests when running build-time tests on
|
||
Windows (dbus!64, Ralf Habacker)
|
||
|
||
• Allow use of Wine to run cross-compiled Windows tests on Linux
|
||
(dbus!60, Ralf Habacker)
|
||
|
||
Internal changes:
|
||
|
||
• Rename DBusSocketSet to the more accurate DBusPollableSet
|
||
(dbus!81, Ralf Habacker)
|
||
|
||
• Refactor Windows implementation of dbus-spawn
|
||
(dbus!80; Ralf Habacker, Simon McVittie)
|
||
|
||
• Delete unused code from userdb module (dbus!92, Simon McVittie)
|
||
|
||
• Remove unnecessary _dbus_threads_init_debug() (dbus!72, Simon McVittie)
|
||
|
||
dbus 1.13.8 (2018-12-04)
|
||
========================
|
||
|
||
The “demanding dragon” release.
|
||
|
||
dbus version control is now hosted on freedesktop.org's Gitlab
|
||
installation, and bug reports and feature requests have switched from
|
||
Bugzilla bugs (indicated by "fd.o #nnn") to Gitlab issues ("dbus#nnn")
|
||
and merge requests ("dbus!nnn"). See README and CONTRIBUTING.md for
|
||
more details.
|
||
|
||
Dependencies:
|
||
|
||
• dbus now requires at least a basic level of support for C99 variadic
|
||
macros, as implemented in gcc >= 3, all versions of Clang, and
|
||
MSVC >= 2005. In practice this requirement has existed since version
|
||
1.9.2, but it is now official.
|
||
|
||
• dbus now requires a C99-compatible va_copy() macro (or a __va_copy()
|
||
macro with the same behaviour), except when building for Windows using
|
||
MSVC and CMake.
|
||
|
||
• Building documentation using CMake now requires xsltproc, Docbook DTDs
|
||
(for example docbook-xml on Debian derivatives), and Docbook XSLT
|
||
stylesheets (for example docbook-xsl on Debian derivatives). Using
|
||
KDE's meinproc4 documentation processor is no longer supported.
|
||
|
||
Enhancements:
|
||
|
||
• Rewrite CONTRIBUTING.md to reflect the current setup
|
||
(dbus!8, Simon McVittie)
|
||
|
||
• D-Bus Specification v0.34:
|
||
· Fix an incorrect AddMatch() call in sample code
|
||
(dbus#221, dbus!56; Philip Withnall)
|
||
|
||
• Tarball releases no longer contain pre-2007 changelogs and are now
|
||
compressed with xz, so they should be somewhat smaller
|
||
(fd.o #107630; Francesco Turco, Simon McVittie)
|
||
|
||
• Reference the freedesktop.org Code of Conduct (Simon McVittie)
|
||
|
||
• Build an implementation of dbus-run-session for Windows
|
||
(dbus#135, dbus!22; Ralf Habacker)
|
||
|
||
• On Linux with SELinux, use avc_open() and monitor the AVC netlink fd
|
||
in the main event loop, instead of using the deprecated avc_init()
|
||
and a thread (dbus#134, dbus!31; Laurent Bigonville)
|
||
|
||
• On Linux with SELinux, use the SELINUX_CB_POLICYRELOAD callback
|
||
to detect policy reloads, instead of monitoring the access vector
|
||
cache with AVC_CALLBACK_RESET
|
||
(dbus#134, dbus!31; Laurent Bigonville)
|
||
|
||
• Avoid double slashes in pkg-config paths (dbus!30, Ralf Habacker)
|
||
|
||
• Improve test coverage and clean up dead code
|
||
(fd.o #107739, dbus#222; Simon McVittie)
|
||
|
||
• Allow --enable-relocation in combination with absolute paths for
|
||
--exec-prefix, --libdir (fd.o #107662, Simon McVittie)
|
||
|
||
• Don't run a test program to check how to copy a va_list, which is
|
||
awkward for cross-compiling; instead require that va_copy() or
|
||
__va_copy() exists, except in older MSVC versions where we already
|
||
know that simple assignment is enough (dbus!35, Simon McVittie)
|
||
|
||
• Simplify configure checks (dbus!10, Simon McVittie)
|
||
|
||
• Improve CMake build system parity with Autotools, including:
|
||
· Detect inotify, prctl() and getpwnam_r() correctly on Linux
|
||
· Use xsltproc instead of meinproc4 for documentation
|
||
(dbus#57, dbus#117, dbus#193, dbus#227, dbus!18, dbus!39;
|
||
Ralf Habacker, Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• Stop the dbus-daemon leaking memory (an error message) if delivering
|
||
the message that triggered auto-activation is forbidden. This is
|
||
technically a denial of service because the dbus-daemon will
|
||
run out of memory eventually, but it's a very slow and noisy one,
|
||
because all the rejected messages are also very likely to have
|
||
been logged to the system log, and its scope is typically limited by
|
||
the finite number of activatable services available.
|
||
(dbus#234, Simon McVittie)
|
||
|
||
• Remove __attribute__((__malloc__)) attribute on dbus_realloc(),
|
||
which does not meet the criteria for that attribute in gcc 4.7+,
|
||
potentially leading to miscompilation (fd.o #107741, Simon McVittie)
|
||
|
||
• Parse section/group names in .service files according to the syntax
|
||
from the Desktop Entry Specification:
|
||
· reject control characters and non-ASCII in section/group names
|
||
· backslash escapes are not interpreted in section/group names
|
||
(dbus#208; David King, Simon McVittie)
|
||
|
||
• Always use select()-based poll() emulation on Darwin-based OSs
|
||
(macOS, etc.) and on Interix, similar to what libcurl does
|
||
(dbus#232, dbus!19; Simon McVittie)
|
||
|
||
• Avoid undefined integer shifts when generating random tokens for
|
||
the DBUS_COOKIE_SHA1 mechanism (dbus!45, Simon McVittie)
|
||
|
||
• Document the max-connections-per-user limit as unimplemented on
|
||
Windows, and don't fail tests when it isn't enforced there
|
||
(dbus!54, Simon McVittie)
|
||
|
||
• Avoid unnecessary file descriptors being inherited by dbus-daemon and
|
||
dbus-launch subprocesses (dbus!50, Simon McVittie)
|
||
|
||
• Fix some minor memory leaks
|
||
(fd.o #107320, dbus!41, dbus!42; Simon McVittie)
|
||
|
||
• Don't fail tests if GetConnectionUnixProcessID() succeeds on Windows,
|
||
which it normally will since 1.7.x
|
||
(dbus#239, dbus!55; Simon McVittie)
|
||
|
||
• Extend a test timeout to avoid spurious failures in CI
|
||
(dbus!26, Simon McVittie)
|
||
|
||
• Avoid undefined signed integer operations when generating random
|
||
message content during regression tests (dbus!46, Simon McVittie)
|
||
|
||
• Fix build warnings with recent gcc (dbus#208, dbus#225; David King)
|
||
|
||
• Fix build warnings without libX11 (dbus#228, Simon McVittie)
|
||
|
||
• Fix whitespace and error behaviour for _dbus_command_from_pid()
|
||
(dbus#222, dbus!28; Simon McVittie)
|
||
|
||
• Fix a race condition in the containers test
|
||
(dbus!47, Simon McVittie)
|
||
|
||
• When built with CMake, install dbus-daemon-launch-helper to
|
||
${CMAKE_INSTALL_LIBEXECDIR}, analogous to ${libexecdir} in
|
||
Autotools (dbus!9, Simon McVittie)
|
||
|
||
• When built with CMake and disabling tests, still install
|
||
dbus-daemon-launch-helper (dbus!9, Simon McVittie)
|
||
|
||
Tests and CI:
|
||
|
||
• Add Travis-CI builds for 64-bit Windows using mingw-w64
|
||
(fd.o #105662, Ralf Habacker)
|
||
|
||
• Add Gitlab-CI integration (fd.o #108177, Simon McVittie)
|
||
|
||
dbus 1.13.6 (2018-08-02)
|
||
========================
|
||
|
||
The “vine cutting” release.
|
||
|
||
Fixes:
|
||
|
||
• Prevent reading up to 3 bytes beyond the end of a truncated message.
|
||
This could in principle be an information leak or denial of service
|
||
on the system bus, but is not believed to be exploitable to crash
|
||
the system bus or leak interesting information in practice.
|
||
(fd.o #107332, Simon McVittie)
|
||
|
||
• Fix build with gcc 8 -Werror=cast-function-type
|
||
(fd.o #107349, Simon McVittie)
|
||
|
||
• Fix warning from gcc 8 about suspicious use of strncpy() when
|
||
populating struct sockaddr_un (fd.o #107350, Simon McVittie)
|
||
|
||
• Fix a minor memory leak when a DBusServer listens on a new address
|
||
(fd.o #107194, Simon McVittie)
|
||
|
||
• Fix an invalid NULL argument to rmdir() if a nonce-tcp DBusServer
|
||
runs out of memory (fd.o #107194, Simon McVittie)
|
||
|
||
• Fix various memory leaks during unit tests
|
||
(fd.o #107194, Simon McVittie)
|
||
|
||
• Don't use misleading errno-derived error names if getaddrinfo() or
|
||
getnameinfo() fails with a code other than EAI_SYSTEM
|
||
(fd.o #106395, Simon McVittie)
|
||
|
||
• Skip tests that require working TCP if we are in a container environment
|
||
where 127.0.0.1 cannot be resolved (fd.o #106812, Simon McVittie)
|
||
|
||
dbus 1.13.4 (2018-04-30)
|
||
========================
|
||
|
||
The “parsimonious topping” release.
|
||
|
||
Dependencies:
|
||
|
||
• All Windows builds now require Windows Vista or later.
|
||
(Note that we do not recommend or support use of dbus on operating
|
||
systems outside their vendor's security support lifetime, such as Vista.)
|
||
|
||
Enhancements:
|
||
|
||
• D-Bus Specification v0.33
|
||
· Be clearer about the security properties of TCP transports, which
|
||
have no integrity or confidentiality protection and so should not
|
||
normally be used, except via the loopback interface on Windows
|
||
(fd.o #106004, Simon McVittie)
|
||
|
||
• On Linux 4.13 or later, <policy group="…"> now uses the SO_PEERGROUPS
|
||
credentials-passing socket option to get the effective group IDs
|
||
of the initiator of the connection. On platforms where that socket
|
||
option is not available, dbus-daemon continues to look up the
|
||
connection's user ID in the system user and group databases and
|
||
assume that it has the groups that would have been granted by
|
||
initgroups(). (fd.o #103737, #97821; Simon McVittie)
|
||
|
||
• If the dbus-daemon is compiled for Linux with systemd support, it
|
||
now informs systemd that it is ready for use via the sd_notify()
|
||
mechanism. (fd.o #104641; Michal Sekletar, Simon McVittie)
|
||
|
||
• Several environment variables set by systemd are no longer passed
|
||
on to activated services (fd.o #104641, Simon McVittie)
|
||
|
||
• Failing to bind a TCP socket to an address produces better error
|
||
messages. (fd.o #61922; Simon McVittie, Ralf Habacker)
|
||
|
||
• Windows builds now set the SO_REUSEADDR and TCP_NODELAY options on
|
||
TCP sockets (as Unix builds already did), which should improve
|
||
robustness and performance (fd.o #61922, Ralf Habacker)
|
||
|
||
• Windows executables built with cmake have version information.
|
||
When building for Windows with Autotools, only libdbus-1-3.dll
|
||
has version information, matching previous behaviour with cmake.
|
||
(fd.o #103387, Ralf Habacker)
|
||
|
||
• The Devhelp documentation index is now in version 2 format
|
||
(fd.o #106186, Simon McVittie)
|
||
|
||
• Give the dbus-daemon man page some scarier warnings about
|
||
<allow_anonymous/> and non-local TCP, which are insecure and should
|
||
not be used, particularly for the standard system and session buses
|
||
(fd.o #106004, Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• Listening on TCP sockets copes better with IPv6 being disabled
|
||
(fd.o #61922; Ralf Habacker, Simon McVittie)
|
||
|
||
• Fix installation of Ducktype documentation with newer yelp-build
|
||
versions (fd.o #106171, Simon McVittie)
|
||
|
||
• Fix printf formats for pointer-sized integers on 64-bit Windows
|
||
(fd.o #105662, Ralf Habacker)
|
||
|
||
Internal changes:
|
||
|
||
• The _DBUS_GNUC_WARN_UNUSED_RESULT macro has been replaced with
|
||
_DBUS_WARN_UNUSED_RESULT, which is effective with gcc, clang and MSVC
|
||
(with cl.exe /analyze). Note that for MSVC compatibility, it must
|
||
appear before the return type in function declarations, whereas the
|
||
older macro could also have appeared after the arguments.
|
||
(fd.o #105460; Daniel Wendt, Ralf Habacker)
|
||
|
||
dbus 1.13.2 (2018-03-01)
|
||
========================
|
||
|
||
The “can break a man's arm” release.
|
||
|
||
Enhancements:
|
||
|
||
• When a container manager creates an extra server at runtime, services
|
||
can now request that messages from connections to that server are
|
||
tagged with the container instance ID, providing a fast-path for
|
||
identifying such connections. (fd.o #101899, Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• Increase system dbus-daemon's RLIMIT_NOFILE rlimit before it drops
|
||
privileges, because it won't have permission afterwards. This fixes a
|
||
regression in dbus 1.10.18 and 1.11.0 which made the standard system bus
|
||
more susceptible to deliberate or accidental denial of service.
|
||
(fd.o #105165, David King)
|
||
|
||
dbus 1.13.0 (2018-02-08)
|
||
========================
|
||
|
||
The “Citispeed Eco 75” release.
|
||
|
||
This is a new development branch for the adventurous, and comes with a
|
||
risk of regressions. OS distributions should stay with the 1.12.x branch,
|
||
unless they can commit to following the 1.13.x branch until it reaches
|
||
a 1.14.0 stable release at an unspecified point in the future.
|
||
|
||
In particular, the new Containers API is subject to change and shouldn't
|
||
be enabled in distributions yet, even those aimed at early adopters
|
||
(hello, Arch Linux).
|
||
|
||
Behaviour changes:
|
||
|
||
• DBusServer (and hence the dbus-daemon) no longer accepts usernames
|
||
(login names) for the recommended EXTERNAL authentication mechanism,
|
||
only numeric user IDs or the empty string. This is not believed to
|
||
affect real D-Bus clients in practice, because most D-Bus clients
|
||
send numeric user IDs: the only known client implementation that
|
||
sends usernames is dbus-java, and that only when run on a system
|
||
where the com.sun.security.auth.module.UnixSystem.getUid() method is
|
||
not available. (fd.o #104588, Simon McVittie)
|
||
|
||
Enhancements:
|
||
|
||
• D-Bus Specification v0.32
|
||
· Deprecate hyphen/minus in reversed domain names, recommending
|
||
underscores instead. Recommend prepending an underscore to domain
|
||
components that start with a digit, which would not be allowed.
|
||
(fd.o #103914, Simon McVittie)
|
||
· Clarify how the SASL authentication handshake works
|
||
(fd.o #104224, Simon McVittie)
|
||
· Recommend that the message bus should remove message header fields
|
||
that it does not understand. The new item "HeaderFiltering" in the
|
||
message bus' Features property indicates that it promises to do so.
|
||
(fd.o #100317, Simon McVittie)
|
||
|
||
• Add experimental support for creating extra servers at runtime, to
|
||
be used by app containers like Flatpak or Snap. This API is still
|
||
subject to change and is not compiled in by default.
|
||
(fd.o #101354, Simon McVittie)
|
||
|
||
• Improve automated test logging (fd.o #103601, Simon McVittie)
|
||
|
||
• The dbus-daemon now filters the messages that it relays, removing
|
||
header fields that it does not understand. Clients must not rely on
|
||
this behaviour unless they have confirmed that they are connected to
|
||
a suitable message bus implementation, for example by querying its
|
||
Features property. (fd.o #100317, Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• When iterating the DBusConnection while blocking on a pending call,
|
||
don't wait for I/O if that pending call already has a result; and make
|
||
sure that whether it has a result is propagated in a thread-safe way.
|
||
This prevents certain multi-threaded calling patterns from blocking
|
||
until their timeout even when they should have succeeded sooner.
|
||
(fd.o #102839; Manish Narang, Michael Searle)
|
||
|
||
• Do not look up client-supplied strings in the system user database
|
||
(NSS or equivalent) when using the recommended EXTERNAL auth mechanism.
|
||
This could previously lead to a deadlock or timeout in the presence of
|
||
slow or network-dependent NSS modules. (fd.o #104588, Simon McVittie)
|
||
|
||
• Report the correct error if OOM is reached while trying to listen
|
||
on a TCP socket (fd.o #89104, Simon McVittie)
|
||
|
||
• Fix a crash and an assertion failure in the server side of the
|
||
nonce-tcp: transport under error conditions
|
||
(fd.o #89104, Simon McVittie)
|
||
|
||
• Fix assertion failures in recovery from OOM while setting up a
|
||
DBusServer (fd.o #89104, Simon McVittie)
|
||
|
||
• Don't leak a file descriptor if setting up a launchd server fails
|
||
(fd.o #89104, Simon McVittie)
|
||
|
||
• Add a missing space to a warning message (fd.o #103729, Thomas Zajic)
|
||
|
||
• Fix some memory leaks in automated tests
|
||
(fd.o #103600, Simon McVittie)
|
||
|
||
• Expand ${bindir} correctly when pkg-config is asked for dbus_daemondir
|
||
(fd.o #104265, Benedikt Heine)
|
||
|
||
• On Linux systems with systemd < 237, if ${localstatedir}/lib/dbus doesn't
|
||
exist, create it before trying to create ${localstatedir}/lib/dbus/machine-id
|
||
(fd.o #104577, Chris Lesiak)
|
||
|
||
• Fix escaping in dbus-api-design document (fd.o #104925, Philip Withnall)
|
||
|
||
Internal changes:
|
||
|
||
• Harden the nonce-tcp: transport against resource leaks and
|
||
use-after-free (fd.o #103597, Simon McVittie)
|
||
|
||
• Make _DBUS_STRING_DEFINE_STATIC more consistent with
|
||
_dbus_string_init_const() (fd.o #89104, Simon McVittie)
|
||
|
||
• Add _DBUS_STRING_INIT_INVALID, analogous to NULL, and use it to
|
||
simplify error unwinding code paths (fd.o #89104, Simon McVittie)
|
||
|
||
• Make the behaviour of _dbus_string_init_const()/_dbus_string_free()
|
||
consistent with _dbus_string_init()/_dbus_string_free(): it now clears
|
||
the string to _DBUS_STRING_INIT_INVALID, whereas previously it left
|
||
the string untouched (fd.o #89104, Simon McVittie)
|
||
|
||
• Remove automated test data for wire protocol version 0, which has not
|
||
been supported since 2005 (fd.o #103758, Simon McVittie)
|
||
|
||
• Simplify method calls in automated tests
|
||
(fd.o #103600, Simon McVittie)
|
||
|
||
dbus 1.12.2 (2017-11-13)
|
||
========================
|
||
|
||
The “spider pumpkin” release.
|
||
|
||
Enhancements:
|
||
|
||
• Log a warning if a new connection cannot be accepted due to an
|
||
out-of-memory condition or failure to identify its AppArmor or
|
||
SELinux context (fd.o #103592, Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• Make use of $(MKDIR_P) compatible with install-sh, fixing build when a
|
||
GNU-compatible `mkdir -p` is not available (fd.o #103521, ilovezfs)
|
||
|
||
• When building for Windows with Autotools, avoid `echo -e`, fixing
|
||
cross-compilation on non-GNU platforms like macOS
|
||
(fd.o #103493, Tony Theodore)
|
||
|
||
• Fix crashes in the server side of the nonce-tcp: transport under
|
||
various error conditions. This transport should normally only be used
|
||
on Windows, where AF_UNIX sockets are unavailable; the unix: transport
|
||
is the only one recommended for production use on Unix platforms.
|
||
(fd.o #103597, Simon McVittie)
|
||
|
||
Internal changes:
|
||
|
||
• Improve test coverage on Travis-CI (Simon McVittie)
|
||
|
||
dbus 1.12.0 (2017-10-30)
|
||
========================
|
||
|
||
The “gingerbread skull” release.
|
||
|
||
1.12.x is a new stable branch, recommended for use in OS
|
||
distributions.
|
||
|
||
Summary of major changes between 1.10.x and 1.12.0
|
||
--------------------------------------------------
|
||
|
||
Dependencies:
|
||
|
||
• Expat >= 2.1.0 is required.
|
||
• GLib >= 2.40 is required if full test coverage is enabled.
|
||
• [Linux] libselinux >= 2.0.86 is required if SELinux support is
|
||
enabled.
|
||
• [Unix] dbus now requires an <inttypes.h> that defines C99 constants
|
||
such as PRId64 and PRIu64, except when building for Windows.
|
||
• [Autotools] Building from git (but not from tarballs) with Autotools
|
||
now requires macros from the GNU Autoconf Archive.
|
||
• [CMake] Builds done using CMake now require CMake 3.0.2.
|
||
|
||
Build-time configuration changes:
|
||
|
||
• Expat is now found using pkg-config. See the release notes for
|
||
1.11.14.
|
||
• The --disable-compiler-optimisations and --enable-compiler-coverage
|
||
options no longer exist. See the release notes for 1.11.4 and 1.11.8.
|
||
• [Unix] The --enable-abstract-sockets and --disable-abstract-sockets
|
||
options no longer exist. See the release notes for 1.11.20.
|
||
• [Unix] Flag files in /var/run/console/${username} are no longer
|
||
checked for at_console by default. See the release notes for 1.11.18.
|
||
• [Unix, Cygwin] Init scripts are no longer provided by upstream dbus,
|
||
and packagers will now need to add these downstream (most already do).
|
||
See the release notes for 1.11.18.
|
||
• [Unix] The process ID file no longer has a different default location
|
||
on Red Hat derivatives. See the release notes for 1.11.18.
|
||
• [Unix] ${runstatedir} is now independent of ${localstatedir} with
|
||
recent Autotools versions. See the release notes for 1.11.16.
|
||
• [Windows] The WINDRES variable is no longer used. See the release
|
||
notes for 1.11.22.
|
||
|
||
Deprecations:
|
||
|
||
• Eavesdropping is officially deprecated in favour of BecomeMonitor.
|
||
See the release notes for spec version 0.31 (in dbus 1.11.14).
|
||
• [Unix] Flag files in /var/run/console/${username} are deprecated.
|
||
See the release notes for 1.11.18.
|
||
|
||
New APIs:
|
||
|
||
• <allow> and <deny> rules in dbus-daemon configuration can now
|
||
include send_broadcast="true", send_broadcast="false",
|
||
max_unix_fds="N", min_unix_fds="N" (for some integer N).
|
||
See the release notes for 1.11.18.
|
||
• dbus_try_get_local_machine_id() is like
|
||
dbus_get_local_machine_id(), but returns a DBusError.
|
||
• New APIs around DBusMessageIter to simplify cleanup.
|
||
See the release notes for 1.11.16.
|
||
• The message bus daemon now implements the standard Introspectable,
|
||
Peer and Properties interfaces. See the release notes for
|
||
dbus 1.11.14 and spec version 0.31.
|
||
• DTDs for introspection XML and bus configuration are installed.
|
||
• dbus can be compiled to be relocatable, making it more suitable for
|
||
binary bundling with other software. On Windows, this is on by
|
||
default.
|
||
• [Unix] A new unix:dir=… address family resembles unix:tmpdir=… but
|
||
never uses Linux abstract sockets, which is advantageous for
|
||
containers. On non-Linux it is equivalent to unix:tmpdir=….
|
||
See the release notes for dbus 1.11.14 and spec version 0.31.
|
||
• [Unix] New option "dbus-launch --exit-with-x11".
|
||
• [Unix] Session managers can create transient .service files in
|
||
$XDG_RUNTIME_DIR/dbus-1/services. See the release notes for 1.11.12.
|
||
• [Unix] A sysusers.d snippet can create the messagebus user on-demand.
|
||
|
||
Miscellaneous behaviour changes:
|
||
|
||
• [Unix] The session bus now logs to syslog if it was started by
|
||
dbus-launch.
|
||
• [Unix] Internal warnings are logged to syslog if configured.
|
||
• [Unix] Exceeding an anti-DoS limit is logged to syslog if configured,
|
||
or to stderr.
|
||
|
||
Changes since 1.11.22 release candidate
|
||
---------------------------------------
|
||
|
||
Standard stable-branch changes:
|
||
|
||
• Disable warnings about use of deprecated functions (Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• Don't distribute files generated by ./configure in the source tarball
|
||
(fd.o #103420, Simon McVittie)
|
||
|
||
Internal changes:
|
||
|
||
• Remove some unused files from the git repository
|
||
(fd.o #103420, Simon McVittie)
|
||
|
||
D-Bus 1.11.22 (2017-10-23)
|
||
==========================
|
||
|
||
The “fire surface” release.
|
||
|
||
This is the first release-candidate for the 1.12.0 stable release.
|
||
|
||
Build-time configuration changes:
|
||
|
||
• When building for Windows with Autotools, setting the WINDRES variable
|
||
no longer works to select a non-standard resource compiler. Use
|
||
libtool's standard RC variable instead, for example
|
||
"./configure RC=i686-w64-mingw32-windres"
|
||
|
||
Dependencies:
|
||
|
||
• Builds done using CMake now require CMake 3.0.2.
|
||
|
||
Enhancements:
|
||
|
||
• When building for Windows, improve quality of metadata in
|
||
libdbus-1-3.dll (fd.o #103015, Ralf Habacker)
|
||
|
||
Fixes:
|
||
|
||
• Fix a typo "uint 16" in dbus-send(1) man page
|
||
(fd.o #103075, David King)
|
||
|
||
• When building for Windows, libdbus-1-3.dll always includes version
|
||
information. Previously, this was missing if using CMake and any
|
||
non-MSVC compiler. (fd.o #103015, Ralf Habacker)
|
||
|
||
• Fix the build with MSVC, which regressed with the #102558 fix in
|
||
1.11.20. (fd.o #102558, Ralf Habacker)
|
||
|
||
Internal changes:
|
||
|
||
• Simplify Windows resource embedding
|
||
(fd.o #103015, Simon McVittie)
|
||
|
||
D-Bus 1.11.20 (2017-10-03)
|
||
==
|
||
|
||
The “wraith stun” release.
|
||
|
||
Build-time configuration changes:
|
||
|
||
• The --enable-abstract-sockets and --disable-abstract-sockets options
|
||
no longer exist. Support for Linux's abstract AF_UNIX sockets is now
|
||
unconditionally enabled on Linux and disabled everywhere else.
|
||
(fd.o #34905, Simon McVittie)
|
||
|
||
Enhancements:
|
||
|
||
• Make slower tests less likely to time out, and improve diagnostics if
|
||
tests do time out (fd.o #103009, Simon McVittie)
|
||
|
||
• On Windows, don't compile an unused stub implementation of
|
||
_dbus_set_signal_handler() (fd.o #103010, Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• Be more careful to save and restore errno in POSIX async signal
|
||
handlers (fd.o #103010, Simon McVittie)
|
||
|
||
• On Windows, embed a manifest in dbus-update-activation-environment.exe
|
||
so that the heuristics used for UAC do not assume it needs elevated
|
||
privileges due to its name containing "update"
|
||
(fd.o #102558, Ralf Habacker)
|
||
|
||
• On Windows with Automake, embed version information in libdbus-1,
|
||
as was meant to happen in all versions since 2009
|
||
(fd.o #103015, Simon McVittie)
|
||
|
||
D-Bus 1.11.18 (2017-09-25)
|
||
==
|
||
|
||
The “vampire conquistador” release.
|
||
|
||
Build-time configuration changes:
|
||
|
||
• By default, dbus-daemon on Unix no longer checks for flag files
|
||
/var/run/console/${username} created by the obsolete pam_console and
|
||
pam_foreground PAM modules when deciding whether ${username} is
|
||
currently at the console. The old default behaviour can be restored
|
||
by specifying --with-console-auth-dir=/var/run/console in the
|
||
recommended Autotools build system, or
|
||
-DDBUS_CONSOLE_AUTH_DIR=/var/run/console in CMake. This feature is
|
||
now deprecated, and will be removed in dbus 1.13 unless feedback via
|
||
fd.o #101629 indicates that this would be problematic.
|
||
(fd.o #101629, Simon McVittie)
|
||
|
||
• LSB-style init scripts for Red Hat and Slackware, and a non-LSB init
|
||
script for Cygwin, are no longer provided in the upstream dbus
|
||
source. We recommend that distributors who support non-systemd service
|
||
management should maintain their own init scripts or other service
|
||
manager integration as part of their downstream packaging, similar to
|
||
the way Debian distributes a Debian-specific LSB init script for dbus.
|
||
|
||
The systemd unit continues to be maintained as part of the upstream
|
||
dbus source, because it receives regular testing and maintenance.
|
||
|
||
(fd.o #101706, Simon McVittie)
|
||
|
||
• The process ID file created by the system bus is no longer influenced
|
||
by the --with-init-scripts=redhat configure option or the presence of
|
||
/etc/redhat-release at build time. If your OS's init script or other
|
||
service management relies on the Red Hat-style pid file, it can be
|
||
restored by specifying --with-system-pid-file=/run/messagebus.pid at
|
||
configure time or using the <pidfile> directive in bus configuration.
|
||
|
||
Note that the upstream-supplied systemd unit runs dbus-daemon with
|
||
the --nopidfile option, so it does not normally write a pid file,
|
||
regardless of whether the OS is Red-Hat-derived or not.
|
||
|
||
(fd.o #101706, Simon McVittie)
|
||
|
||
Enhancements:
|
||
|
||
• <allow> and <deny> rules in dbus-daemon configuration can now
|
||
include send_broadcast="true" or send_broadcast="false", which make
|
||
the rule only match broadcast signals, or only match messages that
|
||
are not broadcast signals, respectively.
|
||
(fd.o #29853, Simon McVittie)
|
||
|
||
• <allow> and <deny> rules can now be configured to apply only to
|
||
messages with or without Unix file descriptors attached. This would
|
||
typically be used in rules like these:
|
||
<allow send_destination="..." max_unix_fds="0"/>
|
||
<deny send_destination="..." min_unix_fds="1"/>
|
||
<deny receive_sender="..." min_unix_fds="1"/>
|
||
but can also be used to set a nonzero upper limit on the number of
|
||
file descriptors:
|
||
<allow send_destination="..." max_unix_fds="4"/>
|
||
(fd.o #101848, Simon McVittie)
|
||
|
||
• On Unix platforms, the DBUS_COOKIE_SHA1 authentication mechanism
|
||
now respects the HOME environment variable on the client side, and
|
||
on the server side when the uid attempting to connect is the same
|
||
as the uid of the server. This allows the automated tests to pass in
|
||
environments where the user's "official" home directory in /etc/passwd
|
||
is nonexistent, such as Debian autobuilders.
|
||
(fd.o #101960, Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• When parsing dbus-daemon configuration, tell Expat not to use
|
||
cryptographic-quality entropy as a salt for its hash tables: we trust
|
||
the configuration files, so we are not concerned about algorithmic
|
||
complexity attacks via hash table collisions. This prevents
|
||
dbus-daemon --system from holding up the boot process (and causing
|
||
early-boot system services like systemd, logind, networkd to time
|
||
out) on entropy-starved embedded systems.
|
||
(fd.o #101858, Simon McVittie)
|
||
|
||
• Avoid a -Werror=declaration-after-statement build failure on Solaris
|
||
(fd.o #102145, Alan Coopersmith)
|
||
|
||
• On Unix platform, drop DBUS_SYSTEM_LOG_INFO messages from LOG_NOTICE
|
||
to LOG_INFO, matching how we use this log level in practice
|
||
(fd.o #102686, Simon McVittie)
|
||
|
||
D-Bus 1.11.16 (2017-07-27)
|
||
==
|
||
|
||
The “south facing garden” release.
|
||
|
||
Build-time configuration changes:
|
||
|
||
• The Autotools build system now supports varying ${runstatedir}
|
||
independently of ${localstatedir}, if using an Autoconf version
|
||
that has that feature; version 2.70 will eventually have this, but
|
||
many Linux distributions add it to version 2.69 as a patch.
|
||
A typical use is to set prefix=/usr, sysconfdir=/etc, localstatedir=/var
|
||
and runstatedir=/run. (fd.o #101569, Simon McVittie)
|
||
|
||
Enhancements:
|
||
|
||
• New APIs DBUS_MESSAGE_ITER_INIT_CLOSED, dbus_message_iter_init_closed()
|
||
and dbus_message_iter_abandon_container_if_open() simplify the
|
||
single-exit-point ("goto out") style of resource cleanup. The API
|
||
documentation around DBusMessageIter and containers has also been
|
||
clarified. (fd.o #101568, Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• Fix the implementation of re-enabling a timeout (again) so that its
|
||
countdown is always restarted as intended. (fd.o #95619,
|
||
Michal Koutný)
|
||
|
||
• Make the dbus-daemon's Properties interface, as introduced in 1.11.14,
|
||
available to all users on the system bus (fd.o #101700, Simon McVittie)
|
||
|
||
• dbus_message_iter_append_basic() no longer leaks memory if it fails to
|
||
append a file descriptor to a message. (fd.o #101568, Simon McVittie)
|
||
|
||
• dbus_message_iter_open_container() no longer leaks memory if it runs out
|
||
of memory. (fd.o #101568, Simon McVittie)
|
||
|
||
• dbus_message_append_args_valist() no longer leaks memory if given an
|
||
unsupported type. This situation is still considered to be a programming
|
||
error which needs to be corrected by the user of libdbus.
|
||
(fd.o #101568, Simon McVittie)
|
||
|
||
• dbus_message_iter_append_basic() and dbus_message_iter_open_container()
|
||
will no longer report that their arguments were invalid if they run out
|
||
of memory at exactly the wrong time. (fd.o #101568, Simon McVittie)
|
||
|
||
• Ensure that tests fail if they would otherwise have tried to connect to
|
||
the real session bus (fd.o #101698, Simon McVittie)
|
||
|
||
• Make build-time tests cope with finding Python 3, but not Python 2
|
||
(fd.o #101716, Simon McVittie)
|
||
|
||
Internal changes relevant to dbus developers:
|
||
|
||
• DBusVariant is a new mechanism to copy single values from a message into
|
||
a buffer without copying the entire message (fd.o #101568, Simon McVittie)
|
||
|
||
• DBUS_SYSTEM_LOG_FATAL has been replaced by DBUS_SYSTEM_LOG_ERROR.
|
||
Logging an ERROR message does not make the process exit; the caller
|
||
is responsible for calling abort() or exit(), whichever is more appropriate.
|
||
(fd.o #101568, Simon McVittie)
|
||
|
||
• Better test coverage (fd.o #101568, Simon McVittie)
|
||
|
||
D-Bus 1.11.14 (2017-06-29)
|
||
==
|
||
|
||
The “irrational fear of bees” release.
|
||
|
||
Dependencies:
|
||
|
||
• Expat >= 2.1.0 is always required
|
||
• libselinux >= 2.0.86 is required if SELinux support is enabled
|
||
• GLib >= 2.40 is required if full test coverage is enabled
|
||
|
||
Build-time configuration changes:
|
||
|
||
• We now use pkg-config to find libexpat in Autotools builds. This requires
|
||
Expat 2.1.0 (March 2012) or later. In particular, this should remove the
|
||
need to configure with LDFLAGS=-L/usr/local/lib on OpenBSD, which can
|
||
itself cause compilation failures.
|
||
|
||
As with all pkg-config-based configure checks, you can use
|
||
PKG_CONFIG_PATH=/whatever/lib/pkgconfig to find expat.pc in a
|
||
non-standard prefix, or EXPAT_CFLAGS="-I/whatever/include" and
|
||
EXPAT_LIBS="-L/whatever/lib -lexpat" to avoid needing a .pc file
|
||
at all.
|
||
|
||
(fd.o #69801, Simon McVittie)
|
||
|
||
• Similarly, we now use pkg-config to find libselinux. Version 2.0.86
|
||
is required due to the removal of explicit refcounting for SIDs.
|
||
(fd.o #100912, Laurent Bigonville)
|
||
|
||
Behaviour changes:
|
||
|
||
• Previously, /etc/machine-id could be copied to /var/lib/dbus/machine-id
|
||
as a side-effect of a sufficiently privileged process merely reading the
|
||
machine ID. It is no longer copied as a side-effect of reading.
|
||
Running dbus-uuidgen --ensure, which should be done after installing dbus,
|
||
continues to copy /etc/machine-id to /var/lib/dbus/machine-id if the
|
||
former exists and the latter does not.
|
||
(fd.o #101257, Simon McVittie)
|
||
|
||
• The undocumented Verbose interface, and the GetAllMatchRules method on
|
||
the undocumented Stats interface, must now be used via the object path
|
||
/org/freedesktop/DBus. Previously, they existed on all object paths.
|
||
(fd.o #101257, Simon McVittie)
|
||
|
||
• AddMatch() with a match rule containing eavesdrop='true' will now fail
|
||
unless called by either the same user as the dbus-daemon, or Unix uid 0
|
||
(root), matching the restrictions applied to the newer BecomeMonitor()
|
||
method. On the session bus this has no practical effect. On the system
|
||
bus this will prevent certain configurations that already did not
|
||
work well in practice. (fd.o #101567, Simon McVittie)
|
||
|
||
Enhancements:
|
||
|
||
• D-Bus Specification version 0.31
|
||
· Don't require implementation-specific search paths to be lowest
|
||
priority
|
||
· Correct regex syntax for optionally-escaped bytes in addresses so it
|
||
includes hyphen-minus, forward slash and underscore as intended
|
||
· Describe all message bus methods in the same section
|
||
· Clarify the correct object path for method calls to the message bus
|
||
(/org/freedesktop/DBus, DBUS_PATH_DBUS in the reference implementation)
|
||
· Document that the message bus implements Introspectable, Peer and
|
||
Properties
|
||
· Add new Features and Interfaces properties for message bus
|
||
feature-discovery
|
||
· Add unix:dir=..., which resembles unix:tmpdir=... but never uses
|
||
abstract sockets
|
||
· Don't require eavesdrop='true' to be accepted from connections not
|
||
sufficiently privileged to use it successfully
|
||
· Formally deprecate eavesdropping in favour of BecomeMonitor
|
||
(fd.o #99825, #100686, #100795, #101256, #101257, #101567;
|
||
Simon McVittie, Tom Gundersen)
|
||
|
||
• Implement the Properties and Peer interfaces in dbus-daemon
|
||
(fd.o #101257, Simon McVittie)
|
||
|
||
• New function dbus_try_get_local_machine_id() is like
|
||
dbus_get_local_machine_id(), but returning a DBusError. Other code
|
||
that needs the machine ID will now report a recoverable error (instead
|
||
of logging to stderr and aborting) if no machine ID is available.
|
||
Generating a machine ID is still considered to be a required part of
|
||
installing dbus correctly. (fd.o #13194, Simon McVittie)
|
||
|
||
• Implement GetConnectionSELinuxSecurityContext("org.freedesktop.DBus")
|
||
(fd.o #101315, Laurent Bigonville)
|
||
|
||
• Avoid deprecated API calls when using SELinux
|
||
(fd.o #100912, Laurent Bigonville)
|
||
|
||
• Switch a test from the deprecated g_test_trap_fork() to
|
||
g_test_trap_subprocess(), for Windows support and better robustness
|
||
on Unix (fd.o #101362, Simon McVittie)
|
||
|
||
• On systemd systems, if ${localstatedir}/lib/dbus/machine-id doesn't exist,
|
||
instruct systemd-tmpfiles to make it a symbolic link to /etc/machine-id.
|
||
This prevents the two files from going out of sync on stateless or live
|
||
images without needing to run dbus-uuidgen, and supports older D-Bus
|
||
implementations that do not necessarily read /etc/machine-id themselves.
|
||
(fd.o #101570, Simon McVittie)
|
||
|
||
• Implement unix:dir=..., which resembles unix:tmpdir=... but never uses
|
||
abstract sockets. This is preferable when used with Linux containers.
|
||
(fd.o #101567, Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• Fix a reference leak when blocking on a pending call on a connection
|
||
that has been disconnected (fd.o #101481, Shin-ichi MORITA)
|
||
|
||
• Don't put timestamps in the Doxygen-generated documentation,
|
||
or hard-code the build directory into builds with embedded tests,
|
||
for reproducible builds (fd.o #100692, Simon McVittie)
|
||
|
||
• Fix some integration test issues (fd.o #100686, Simon McVittie)
|
||
|
||
• Fix memory leaks in the tests (fd.o #101257, Simon McVittie)
|
||
|
||
• If we somehow get an autolaunch address with multiple semicolon-separated
|
||
components, and they don't work, don't invalidly "pile up" errors
|
||
(fd.o #101257, Simon McVittie)
|
||
|
||
Documentation:
|
||
|
||
• Update git URIs in HACKING document to sync up with cgit.freedesktop.org
|
||
(fd.o #100715, Simon McVittie)
|
||
|
||
D-Bus 1.11.12 (2017-04-07)
|
||
==
|
||
|
||
The “it's something humans do” release.
|
||
|
||
Enhancements:
|
||
|
||
• The session dbus-daemon now supports transient .service files
|
||
in $XDG_RUNTIME_DIR/dbus-1/services. Unlike the other standard
|
||
service directories, this directory is not monitored with inotify
|
||
or similar, and the service files must be named exactly
|
||
${bus_name}.service. (fd.o #99825, Simon McVittie)
|
||
|
||
• dbus can be configured with --enable-relocation when building with
|
||
Autotools, or with -DDBUS_RELOCATABLE=ON when building with cmake,
|
||
to make the pkg-config metadata relocatable. This is useful for
|
||
non-standard prefixes, and in particular for Windows installations.
|
||
However, it is not recommended for system-wide installations into
|
||
/usr, because it interferes with pkg-config's ability to filter out
|
||
compiler default linker directories.
|
||
|
||
With Autotools, the default is --enable-relocation when building
|
||
for Windows or --disable-relocation otherwise. With CMake, the default
|
||
is -DDBUS_RELOCATABLE=ON.
|
||
|
||
(fd.o #99721; Ralf Habacker, Simon McVittie)
|
||
|
||
• Users of CMake ≥ 2.6 can now link to libdbus without providing their
|
||
own FindDBus.cmake macros, whether dbus was compiled with Autotools
|
||
or with CMake. See the end of README.cmake for more information.
|
||
(fd.o #99721; Ralf Habacker, Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• Always read service file directories in the intended order
|
||
(fd.o #99825, Simon McVittie)
|
||
|
||
• When tests are skipped, don't try to kill nonexistent process 0
|
||
(fd.o #99825, Simon McVittie)
|
||
|
||
• Avoid valgrind false positives (fd.o #88808, Philip Withnall)
|
||
|
||
• Fix a harmless read overflow and some memory leaks in a unit test
|
||
(fd.o #100568, Philip Withnall)
|
||
|
||
• Fix some typos in test code
|
||
(fd.o #99999, Coverity #141876, #141877; Philip Withnall)
|
||
|
||
• Clarify the roles of /etc/dbus-1/s*.d and /usr/share/dbus-1/s*.d
|
||
in documentation (fd.o #99901, Philip Withnall)
|
||
|
||
• Fix and enable compiler warnings related to -Wswitch
|
||
(fd.o #98191; Thomas Zimmermann, Simon McVittie)
|
||
|
||
• Fix writing off the end of a fd_set when testing with valgrind
|
||
(fd.o #99839, Philip Withnall)
|
||
|
||
D-Bus 1.11.10 (2017-02-16)
|
||
==
|
||
|
||
The “purple hair gives you telekinesis?” release.
|
||
|
||
Dependencies:
|
||
|
||
• AppArmor support requires at least libapparmor 2.8.95, reduced
|
||
from 2.10 in previous versions. One test requires 2.10 and is
|
||
skipped if building with an older version.
|
||
|
||
Enhancements:
|
||
|
||
• Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian
|
||
stable and Debian testing in addition to the older Ubuntu that is
|
||
the default (fd.o #98889, Simon McVittie)
|
||
|
||
• Avoid some deprecated CMake functions (fd.o #99586, Ralf Habacker)
|
||
|
||
• Silence many -Wswitch-enum and -Wswitch-default warnings
|
||
(fd.o #98191; Thomas Zimmermann, Simon McVittie)
|
||
|
||
• Install a sysusers.d snippet so `dbus-daemon --system` can be used
|
||
with an unpopulated /etc (fd.o #99162, Lennart Poettering)
|
||
|
||
• Install pkg-config metadata on Unix even if building with CMake
|
||
(fd.o #99752, Ralf Habacker)
|
||
|
||
• Exclude auth mechanisms from REJECTED message if they are supported
|
||
in the code but but configured to be disallowed (fd.o #99621,
|
||
Ralf Habacker)
|
||
|
||
Fixes:
|
||
|
||
• Prevent symlink attacks in the nonce-tcp transport on Unix that could
|
||
allow an attacker to overwrite a file named "nonce", in a directory
|
||
that the user running dbus-daemon can write, with a random value
|
||
known only to the user running dbus-daemon. This is unlikely to be
|
||
exploitable in practice, particularly since the nonce-tcp transport
|
||
is really only useful on Windows.
|
||
|
||
On Unix systems we strongly recommend using only the unix: and systemd:
|
||
transports, together with EXTERNAL authentication. These are the only
|
||
transports and authentication mechanisms enabled by default.
|
||
|
||
(fd.o #99828, Simon McVittie)
|
||
|
||
• Avoid symlink attacks in the "embedded tests", which are not enabled
|
||
by default and should never be enabled in production builds of dbus.
|
||
(fd.o #99828, Simon McVittie)
|
||
|
||
• Fix the implementation of re-enabling a timeout so that its
|
||
countdown is restarted as intended, instead of continually
|
||
decreasing. (fd.o #95619; Michal Koutný, Simon McVittie)
|
||
|
||
• When receiving a message with file descriptors, do not start reading
|
||
the beginning of the next message, so that only one such message
|
||
is processed at a time. In conjunction with the fix for #95619
|
||
this means that processes sending many file descriptors, such as
|
||
systemd-logind on a system that receives very rapid ssh connections,
|
||
are not treated as abusive and kicked off the bus. Revert the previous
|
||
workaround that special-cased uid 0.
|
||
(fd.o #95263, LP#1591411; Simon McVittie)
|
||
|
||
• Do not require TMPDIR, TEMP or TMP to be set when cross-compiling
|
||
for Windows with CMake (fd.o #99586, Ralf Habacker)
|
||
|
||
• Do not set Unix-specific variables when targeting Windows
|
||
(fd.o #99586, Ralf Habacker)
|
||
|
||
• Install Unix executables to ${CMAKE_INSTALL_PREFIX}/bin as intended,
|
||
not ${CMAKE_INSTALL_PREFIX}/lib (fd.o #99752, Ralf Habacker)
|
||
|
||
• Use relative install locations in CMake on Unix to respect DESTDIR,
|
||
and use GNU-style install layout (fd.o #99721, #99752; Ralf Habacker)
|
||
|
||
• Install dbus-arch-deps.h correctly when using CMake
|
||
(fd.o #99586, #99721; Ralf Habacker)
|
||
|
||
• Improve argument validation for `dbus-test-tool spam`
|
||
(ffd.o #99693, Coverity #54759; Philip Withnall)
|
||
|
||
• Don't shift by a negative integer if a hash table becomes monstrously
|
||
large (fd.o #99641, Coverity #54682; Philip Withnall)
|
||
|
||
• Don't leak LSM label if dbus-daemon runs out of memory when dealing with
|
||
a new connection (fd.o #99612, Coverity #141058; Philip Withnall)
|
||
|
||
• Remove an unnecessary NULL check
|
||
(fd.o #99642, Coverity #141062; Philip Withnall)
|
||
|
||
• Improve error handling in unit tests and dbus-send
|
||
(fd.o #99643, #99694, #99712, #99722, #99723, #99724, #99758,
|
||
#99759, #99793, Coverity #54688, #54692, #54693, #54697, #54701,
|
||
#54710, #54711, #54714, #54715, #54718, #54721, #54724, #54726,
|
||
#54730, #54740, #54822, #54823, #54824, #54825; Philip Withnall)
|
||
|
||
• Do not print verbose messages' timestamps to stderr if the actual message
|
||
has been redirected to the Windows debug port (fd.o #99749, Ralf Habacker)
|
||
|
||
D-Bus 1.11.8 (2016-11-28)
|
||
==
|
||
|
||
The “panics in the face of breakfast foods” release.
|
||
|
||
Build-time configuration:
|
||
|
||
• The new --enable-debug configure option provides an easy way to
|
||
enable debug symbols, disable optimization and/or enable profiling.
|
||
|
||
• The --enable-compile-warnings configure option can be used to control
|
||
compiler warnings.
|
||
|
||
• The --disable-compiler-optimisations configure option is no longer
|
||
supported. Use --enable-debug=yes or CFLAGS=-O0 instead.
|
||
|
||
Enhancements:
|
||
|
||
• D-Bus Specification version 0.30
|
||
· Define the jargon term "activation" more clearly
|
||
· Define the jargon term "auto-starting", which is one form of activation
|
||
· Document the optional SystemdService key in service files
|
||
· Use versioned interface and bus names in most examples
|
||
· Clarify intended behaviour of Properties.GetAll
|
||
(fd.o #36190, fd.o #98671; Philip Withnall, Simon McVittie)
|
||
|
||
• Fix and enable a lot of compiler warnings to improve future code
|
||
quality. This might incidentally also fix some environment variable
|
||
accesses on OS X.
|
||
· In particular, printf-style functions in the libdbus API are now annotated
|
||
with __attribute__((__format__(__printf__, *, *))) when compiling with
|
||
gcc or clang. This might make printf bugs in other software visible
|
||
at compile time.
|
||
(fd.o #97357, fd.o #98192, fd.o #98195, fd.o #98658;
|
||
Thomas Zimmermann, Simon McVittie)
|
||
|
||
• When running with AppArmor mediation (for example using Ubuntu's patched
|
||
Linux kernel), clients can no longer auto-start services unless they would
|
||
have been able to send the auto-starting message to the service after it
|
||
starts. StartServiceByName() is unaffected, and continues to be allowed by
|
||
default in AppArmor's <abstractions/dbus-strict> and
|
||
<abstractions/dbus-session-strict>. (fd.o #98666, Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• Work around an undesired effect of the fix for CVE-2014-3637
|
||
(fd.o #80559), in which processes that frequently send fds, such as
|
||
logind during a flood of new PAM sessions, can get disconnected for
|
||
continuously having at least one fd "in flight" for too long;
|
||
dbus-daemon interprets that as a potential denial of service attack.
|
||
The workaround is to disable that check for uid 0 process such as
|
||
logind, with a message in the system log. The bug remains open while
|
||
we look for a more general solution.
|
||
(fd.o #95263, LP#1591411; Simon McVittie)
|
||
|
||
• Don't run the test test-dbus-launch-x11.sh if X11 autolaunching
|
||
was disabled at compile time. That test is not expected to work
|
||
in that configuration. (fd.o #98665, Simon McVittie)
|
||
|
||
D-Bus 1.11.6 (2016-10-10)
|
||
==
|
||
|
||
The “darkly whimsical” release.
|
||
|
||
Security fixes:
|
||
|
||
• Do not treat ActivationFailure message received from root-owned systemd
|
||
name as a format string. In principle this is a security vulnerability,
|
||
but we do not believe it is exploitable in practice, because only
|
||
privileged processes can own the org.freedesktop.systemd1 bus name, and
|
||
systemd does not appear to send activation failures that contain "%".
|
||
|
||
Please note that this probably *was* exploitable in dbus versions
|
||
older than 1.6.30, 1.8.16 and 1.9.10 due to a missing check which at
|
||
the time was only thought to be a denial of service vulnerability
|
||
(CVE-2015-0245). If you are still running one of those versions,
|
||
patch or upgrade immediately.
|
||
|
||
(fd.o #98157, Simon McVittie)
|
||
|
||
Enhancements:
|
||
|
||
• D-Bus Specification version 0.29
|
||
· Recommend not using '/' for object paths (fd.o #37095, Philip Withnall)
|
||
· Allow <annotation> in <arg> elements (fd.o #86162, Philip Withnall)
|
||
|
||
• Log to syslog when we exceed various anti-DoS limits, and add test
|
||
coverage for them (fd.o #86442, Simon McVittie)
|
||
|
||
• Improve syslog handling so that _dbus_warn() and similar warnings
|
||
go to syslog, add dbus-daemon --syslog|--nosyslog|--syslog-only options,
|
||
and log to syslog (instead of /dev/null) when dbus-daemon is started by
|
||
dbus-launch. (fd.o #97009, Simon McVittie)
|
||
|
||
• Install introspect.dtd and busconfig.dtd to ${datadir}/xml/dbus-1
|
||
(fd.o #89011, Philip Withnall)
|
||
|
||
• When logging messages about service activation, mention which peer
|
||
requested the activation (fd.o #68212, Philip Withnall)
|
||
|
||
• On Linux, mention the LSM label (if available) whenever we print
|
||
debug information about a peer (fd.o #68212, Philip Withnall)
|
||
|
||
Other fixes:
|
||
|
||
• Harden dbus-daemon against malicious or incorrect ActivationFailure
|
||
messages by rejecting them if they do not come from a privileged
|
||
process, or if systemd activation is not enabled
|
||
(fd.o #98157, Simon McVittie)
|
||
|
||
• Avoid undefined behaviour when setting reply serial number without going
|
||
via union DBusBasicValue (fd.o #98035, Marc Mutz)
|
||
|
||
• Fix CMake build for Unix platforms that do not have -lrt, such as Android,
|
||
or that do need -lsocket, such as QNX (fd.o #94096, Ralf Habacker)
|
||
|
||
• autogen.sh: fail cleanly if autoconf fails (Simon McVittie)
|
||
|
||
D-Bus 1.11.4 (2016-08-15)
|
||
==
|
||
|
||
The “copper pickaxe” release.
|
||
|
||
Dependencies:
|
||
|
||
• Building from git (but not from tarballs) now requires
|
||
macros from the GNU Autoconf Archive, for example the autoconf-archive
|
||
package in Debian or Fedora derivatives.
|
||
|
||
Build-time configuration:
|
||
|
||
• The option to enable coverage instrumentation has changed from
|
||
--enable-compiler-coverage to --enable-code-coverage.
|
||
|
||
Enhancements:
|
||
|
||
• D-Bus Specification version 0.28
|
||
· Clarify some details of serialization (fd.o #93382, Philip Withnall)
|
||
|
||
• Increase listen() backlog of AF_UNIX sockets to the maximum possible,
|
||
minimizing failed connections under heavy load
|
||
(fd.o #95264, Lennart Poettering)
|
||
|
||
• Add a new dbus-launch --exit-with-x11 option (fd.o #39197, Simon McVittie)
|
||
|
||
• Use the same regression tests for subprocess starting on Unix and Windows
|
||
(fd.o #95191, Ralf Habacker)
|
||
|
||
• Print timestamps and thread IDs in verbose messages
|
||
(fd.o #95191, Ralf Habacker)
|
||
|
||
• On Unix, unify the various places that reopen stdin, stdout and/or stderr
|
||
pointing to /dev/null (fd.o #97008, Simon McVittie)
|
||
|
||
• Use AX_CODE_COVERAGE instead of our own COMPILER_COVERAGE
|
||
(fd.o #88922, Thomas Zimmermann)
|
||
|
||
Fixes:
|
||
|
||
• On Windows, fix a memory leak in replacing the installation prefix
|
||
(fd.o #95191, Ralf Habacker)
|
||
|
||
• On Linux, when dbus-daemon is run with reduced susceptibility to the
|
||
OOM killer (typically via systemd), do not let child processes inherit
|
||
that setting (fd.o #32851; Kimmo Hämäläinen, WaLyong Cho)
|
||
|
||
• On Unix, make dbus-launch and dbus-daemon --fork work as intended
|
||
even if a parent process incorrectly starts them with stdin, stdout
|
||
and/or stderr closed (fd.o #97008, Simon McVittie)
|
||
|
||
• Output valid shell syntax in ~/.dbus/session-bus/ if the bus address
|
||
contains a semicolon (fd.o #94746, Thiago Macieira)
|
||
|
||
• Fix memory leaks and thread safety in subprocess starting on Windows
|
||
(fd.o #95191, Ralf Habacker)
|
||
|
||
• Stop test-dbus-daemon incorrectly failing on platforms that cannot
|
||
discover the process ID of clients (fd.o #96653, Руслан Ижбулатов)
|
||
|
||
• In tests that exercise correct handling of crashing D-Bus services,
|
||
suppress Windows crash handler (fd.o #95155; Yiyang Fei, Ralf Habacker)
|
||
|
||
• Explicitly check for stdint.h (Ioan-Adrian Ratiu)
|
||
|
||
• In tests, add an invalid DBusAuthState to avoid undefined behaviour
|
||
in some test cases (fd.o #93909, Nick Lewycky)
|
||
|
||
• Add assertions to reassure a static analysis tool
|
||
(fd.o #93210, Deepika Aggarwal)
|
||
|
||
• Be explicit about enum comparison when loading XML
|
||
(fd.o #93205, Deepika Aggarwal)
|
||
|
||
• update-activation-environment: produce better diagnostics on error
|
||
(fd.o #96653, Simon McVittie)
|
||
|
||
• Avoid various compiler warnings with gcc 6
|
||
(fd.o #97282; Thomas Zimmermann, Simon McVittie)
|
||
|
||
• On Unix when configured to use the system log, report as "dbus-daemon",
|
||
not as "dbus" (fd.o #97009, Simon McVittie)
|
||
|
||
• During unit tests, reduce the amount we write to the system log
|
||
(fd.o #97009, Simon McVittie)
|
||
|
||
D-Bus 1.11.2 (2016-03-07)
|
||
==
|
||
|
||
The “pneumatic drill vs. Iron Maiden” release.
|
||
|
||
Fixes:
|
||
|
||
• Enable "large file support" on systems where it exists: dbus-daemon
|
||
is not expected to open large files, but it might need to stat files
|
||
that happen to have large inode numbers (fd.o #93545, Hongxu Jia)
|
||
|
||
• Eliminate padding inside DBusMessageIter on 64-bit platforms,
|
||
which might result in a pedantic C compiler not copying the entire contents
|
||
of a DBusMessageIter; statically assert that this is not an ABI change
|
||
in practice (fd.o #94136, Simon McVittie)
|
||
|
||
• Document dbus-test-tool echo --sleep-ms=N instead of incorrect --sleep=N
|
||
(fd.o #94244, Dmitri Iouchtchenko)
|
||
|
||
• Correctly report test failures in C tests from run-test.sh
|
||
(fd.o #93379; amit tewari, Simon McVittie)
|
||
|
||
• When tests are enabled, run all the marshal-validate tests, not just
|
||
the even-numbered ones (fd.o #93908, Nick Lewycky)
|
||
|
||
• Correct the expected error from one marshal-validate test, which was
|
||
previously not run due to the above bug (fd.o #93908, Simon McVittie)
|
||
|
||
• Fix compilation under CMake when embedded tests are disabled
|
||
(fd.o #94094, eric.hyer)
|
||
|
||
Internal changes:
|
||
|
||
• Fix all -Wpointer-sign (signed/unsigned mismatch) warnings, and enable the
|
||
warning (fd.o #93069; Ralf Habacker, Simon McVittie)
|
||
|
||
• When building with CMake, use the same gcc/clang warnings as under Autotools,
|
||
or MSVC warnings that are broadly similar (fd.o #93069, Ralf Habacker)
|
||
|
||
• test/name-test: make C tests produce TAP output and run them directly, not
|
||
via run-test.sh (fd.o #92899, Simon McVittie)
|
||
|
||
• Under CMake when cross-compiling for Windows on Unix, run the tests
|
||
under Wine even if binfmt_misc support is not available
|
||
(fd.o #88966, Ralf Habacker)
|
||
|
||
• The DBUS_USE_TEST_BINARY environment variable is no longer used by builds with
|
||
embedded tests; DBUS_TEST_DBUS_LAUNCH replaces it (fd.o #92899, Simon McVittie)
|
||
|
||
• Factor out some functions that will be needed in future for a Windows
|
||
implementation of dbus-run-session (fd.o #92899, Ralf Habacker)
|
||
|
||
D-Bus 1.11.0 (2015-12-02)
|
||
==
|
||
|
||
The “peppermint deer” release.
|
||
|
||
Dependencies:
|
||
|
||
• On non-Windows platforms, dbus now requires an <inttypes.h> that defines
|
||
C99 constants such as PRId64 and PRIu64.
|
||
|
||
Enhancements:
|
||
|
||
• D-Bus Specification version 0.27
|
||
· Specify that services should not reply if NO_REPLY_EXPECTED was used
|
||
(fd.o #75749, Lars Uebernickel)
|
||
|
||
• Add a script to do continuous-integration builds, and metadata to run it
|
||
on travis-ci.org. To use this, clone the dbus git repository on GitHub
|
||
and set it up with travis-ci.org; the only special setting needed is
|
||
"only build branches with a .travis.yml". (fd.o #93194, Simon McVittie)
|
||
|
||
• If dbus-daemon is run with --systemd-activation, do not require
|
||
org.freedesktop.systemd1.service to exist (fd.o #93194, Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• Re-order dbus-daemon startup so that on SELinux systems, the thread
|
||
that reads AVC notifications retains the ability to write to the
|
||
audit log (fd.o #92832, Laurent Bigonville)
|
||
|
||
• Print 64-bit integers on non-GNU Unix platforms (fd.o #92043, Natanael Copa)
|
||
|
||
• When using the Monitoring interface, match messages' destinations
|
||
(fd.o #92074, Simon McVittie)
|
||
|
||
• On Linux with systemd, stop installing a reference to the obsolete
|
||
dbus.target, and enable dbus.socket statically (fd.o #78412, #92402;
|
||
Simon McVittie)
|
||
|
||
• On Windows, when including configuration files with <include> or
|
||
<includedir>, apply the same relocation as for the Exec paths
|
||
in .service files (fd.o #92028, Simon McVittie)
|
||
|
||
• Add support for backtraces on Windows (fd.o #92721, Ralf Habacker)
|
||
|
||
• Fix many -Wpointer-sign warnings (fd.o #93069, Ralf Habacker)
|
||
|
||
D-Bus 1.10.6 (2015-12-01)
|
||
==
|
||
|
||
The “marzipan beetles” release.
|
||
|
||
Fixes:
|
||
|
||
• On Unix when running tests as root, don't assert that root and
|
||
the dbus-daemon user can still call UpdateActivationEnvironment;
|
||
assert that those privileged users can call BecomeMonitor instead
|
||
(fd.o #93036, Simon McVittie)
|
||
|
||
• On Windows, fix a memory leak in the autolaunch transport (fd.o #92899,
|
||
Simon McVittie)
|
||
|
||
• On Windows Autotools builds, don't run tests that rely on
|
||
dbus-run-session and other Unix-specifics (fd.o #92899, Simon McVittie)
|
||
|
||
D-Bus 1.10.4 (2015-11-17)
|
||
==
|
||
|
||
The “Frostburn Canyon” release.
|
||
|
||
Enhancements:
|
||
|
||
• GetConnectionCredentials, GetConnectionUnixUser and
|
||
GetConnectionUnixProcessID with argument "org.freedesktop.DBus"
|
||
will now return details of the dbus-daemon itself. This is required
|
||
to be able to call SetEnvironment on systemd.
|
||
(fd.o #92857, Jan Alexander Steffens)
|
||
|
||
Fixes:
|
||
|
||
• Make UpdateActivationEnvironment always fail with AccessDenied on the
|
||
system bus. Previously, it was possible to configure it so root could
|
||
call it, but the environment variables were not actually used,
|
||
because the launch helper would discard them.
|
||
(fd.o #92857, Jan Alexander Steffens)
|
||
|
||
• On Unix with --systemd-activation on a user bus, make
|
||
UpdateActivationEnvironment pass on its arguments to systemd's
|
||
SetEnvironment method, solving inconsistency between the environments
|
||
used for traditional activation and systemd user-service activation.
|
||
(fd.o #92857, Jan Alexander Steffens)
|
||
|
||
• On Windows, don't crash if <syslog/> or --syslog is used
|
||
(fd.o #92538, Ralf Habacker)
|
||
|
||
• On Windows, fix a memory leak when setting a DBusError from a Windows
|
||
error (fd.o #92721, Ralf Habacker)
|
||
|
||
• On Windows, don't go into infinite recursion if we abort the process
|
||
with backtraces enabled (fd.o #92721, Ralf Habacker)
|
||
|
||
• Fix various failing tests, variously on Windows and cross-platform:
|
||
· don't test system.conf features (users, groups) that only make sense
|
||
on the system bus, which is not supported on Windows
|
||
· don't call _dbus_warn() when we skip a test, since it is fatal
|
||
· fix computation of expected <standard_session_servicedirs/>
|
||
· when running TAP tests, translate newlines to Unix format, fixing
|
||
cross-compiled tests under Wine on Linux
|
||
· don't stress-test refcounting under Wine, where it's really slow
|
||
· stop assuming that a message looped-back to the test will be received
|
||
immediately
|
||
· skip some system bus tests on Windows since they make no sense there
|
||
(fd.o #92538, fd.o #92721; Ralf Habacker, Simon McVittie)
|
||
|
||
D-Bus 1.10.2 (2015-10-26)
|
||
==
|
||
|
||
The “worst pies in London” release.
|
||
|
||
Fixes:
|
||
|
||
• Correct error handling for activation: if there are multiple attempts
|
||
to activate the same service and it fails immediately, the first attempt
|
||
would get the correct reply, but the rest would time out. We now send
|
||
the same error reply to each attempt. (fd.o #92200, Simon McVittie)
|
||
|
||
• If BecomeMonitor is called with a syntactically invalid match rule,
|
||
don't crash with an assertion failure, fixing a regression in 1.9.10.
|
||
This was not exploitable as a denial of service, because the check
|
||
for a privileged user is done first. (fd.o #92298, Simon McVittie)
|
||
|
||
• On Linux with --enable-user-session, add the bus address to the
|
||
environment of systemd services for better backwards compatibility
|
||
(fd.o #92612, Jan Alexander Steffens)
|
||
|
||
• On Windows, fix the logic for replacing the installation prefix
|
||
in service files' Exec lines (fd.o #83539; Milan Crha, Simon McVittie)
|
||
|
||
• On Windows, if installed in the conventional layout with ${prefix}/etc
|
||
and ${prefix}/share, use relative paths between bus configuration files
|
||
to allow the tree to be relocated (fd.o #92028, Simon McVittie)
|
||
|
||
• Make more of the regression tests pass in Windows builds (fd.o #92538,
|
||
Simon McVittie)
|
||
|
||
D-Bus 1.10.0 (2015-08-25)
|
||
==
|
||
|
||
The “0x20” release.
|
||
|
||
This is a new stable branch, recommended for use in OS distributions.
|
||
|
||
Fixes since 1.9.20:
|
||
|
||
• distribute test/tap-test.sh.in, even if the tarball was built without
|
||
tests enabled (fd.o #91684, Simon McVittie)
|
||
• work around a fd leak in libcap-ng < 0.7.7 (fd.o #91684, Simon McVittie)
|
||
|
||
Summary of major changes since 1.8.0:
|
||
|
||
• The basic setup for the well-known system and session buses is
|
||
now done in read-only files in ${datadir} (normally /usr/share).
|
||
See the NEWS entry for 1.9.18 for details.
|
||
|
||
• AppArmor integration has been merged, with features similar to the
|
||
pre-existing SELinux integration. It is mostly compatible with the
|
||
patches previously shipped by Ubuntu, with one significant change:
|
||
Ubuntu's GetConnectionAppArmorSecurityContext method has been superseded
|
||
by GetConnectionCredentials and was not included.
|
||
|
||
• The --enable-user-session configure option can be enabled
|
||
by OS integrators intending to use systemd to provide a session bus
|
||
per user (in effect, treating all concurrent graphical and non-graphical
|
||
login sessions as one large session).
|
||
|
||
• The new listenable address mode "unix:runtime=yes" listens on
|
||
$XDG_RUNTIME_DIR/bus, the same AF_UNIX socket used by the systemd
|
||
user session. libdbus and "dbus-launch --autolaunch" will connect to
|
||
this address by default. GLib ≥ 2.45.3 and sd-bus ≥ 209 have a
|
||
matching default.
|
||
|
||
• All executables are now dynamically linked to libdbus-1.
|
||
Previously, some executables, most notably dbus-daemon, were statically
|
||
linked to a specially-compiled variant of libdbus. This results in
|
||
various private functions in the _dbus namespace being exposed by the
|
||
shared library. These are not API, and must not be used outside
|
||
the dbus source tree.
|
||
|
||
• On platforms with ELF symbol versioning, all public symbols
|
||
are versioned LIBDBUS_1_3.
|
||
|
||
New bus APIs:
|
||
|
||
• org.freedesktop.DBus.GetConnectionCredentials returns
|
||
LinuxSecurityLabel where supported
|
||
• org.freedesktop.DBus.Monitoring interface (privileged)
|
||
· BecomeMonitor method supersedes match rules with eavesdrop=true,
|
||
which are now deprecated
|
||
• org.freedesktop.DBus.Stats interface (semi-privileged)
|
||
· now enabled by default
|
||
· new GetAllMatchRules method
|
||
• org.freedesktop.DBus.Verbose interface (not normally compiled)
|
||
· toggles the effect of DBUS_VERBOSE
|
||
|
||
New executables:
|
||
|
||
• dbus-test-tool
|
||
• dbus-update-activation-environment
|
||
|
||
New optional dependencies:
|
||
|
||
• The systemd: pseudo-transport requires libsystemd or libsd-daemon
|
||
• Complete documentation requires Ducktype and yelp-tools
|
||
• Full test coverage requires GLib 2.36 and PyGI
|
||
• AppArmor integration requires libapparmor and optionally libaudit
|
||
|
||
Dependencies removed:
|
||
|
||
• dbus-glib
|
||
|
||
D-Bus 1.9.20 (2015-08-06)
|
||
==
|
||
|
||
The “Remember Tomorrow” release.
|
||
|
||
This is a release-candidate for D-Bus 1.10.0. OS distribution vendors
|
||
should test it.
|
||
|
||
Fixes:
|
||
|
||
• Don't second-guess what the ABI of poll() is, allowing it to be used
|
||
on Integrity RTOS and other unusual platforms (fd.o #90314;
|
||
Rolland Dudemaine, Simon McVittie)
|
||
|
||
• Don't duplicate audit subsystem integration if AppArmor and SELinux are
|
||
both enabled (fd.o #89225, Simon McVittie)
|
||
|
||
• Log audit events for AppArmor/SELinux policy violations whenever
|
||
we have CAP_AUDIT_WRITE, even if not the system bus
|
||
(fd.o #83856, Laurent Bigonville)
|
||
|
||
D-Bus 1.9.18 (2015-07-21)
|
||
==
|
||
|
||
The “Pirate Elite” release.
|
||
|
||
Configuration changes:
|
||
|
||
• The basic setup for the well-known system and session buses is now done
|
||
in read-only files in ${datadir}, moving a step closer to systems
|
||
that can operate with an empty /etc directory. In increasing order
|
||
of precedence:
|
||
|
||
· ${datadir}/dbus-1/s*.conf now perform the basic setup such as setting
|
||
the default message policies.
|
||
· ${sysconfdir}/dbus-1/s*.conf are now optional. By default
|
||
dbus still installs a trivial version of each, for documentation
|
||
purposes; putting configuration directives in these files is deprecated.
|
||
· ${datadir}/dbus-1/s*.d/ are now available for third-party software
|
||
to install "drop-in" configuration snippets (any packages
|
||
using those directories should explicitly depend on at least this
|
||
version of dbus).
|
||
· ${sysconfdir}/dbus-1/s*.d/ are also still available for sysadmins
|
||
or third-party software to install "drop-in" configuration snippets
|
||
· ${sysconfdir}/dbus-1/s*-local.conf are still available for sysadmins'
|
||
overrides
|
||
|
||
${datadir} is normally /usr/share, ${sysconfdir} is normally /etc,
|
||
and "s*" refers to either system or session as appropriate.
|
||
|
||
(fd.o #89280, Dimitri John Ledkov)
|
||
|
||
Fixes:
|
||
|
||
• Fix a memory leak when GetConnectionCredentials() succeeds
|
||
(fd.o #91008, Jacek Bukarewicz)
|
||
|
||
• Ensure that dbus-monitor does not reply to messages intended for others,
|
||
resulting in its own disconnection (fd.o #90952, Simon McVittie)
|
||
|
||
D-Bus 1.9.16 (2015-05-14)
|
||
==
|
||
|
||
The “titanium barns” release.
|
||
|
||
Dependencies:
|
||
|
||
• Automake 1.13 is now required when compiling from git or modifying
|
||
the build system.
|
||
|
||
Security hardening:
|
||
|
||
• On Unix platforms, change the default configuration for the session bus
|
||
to only allow EXTERNAL authentication (secure kernel-mediated
|
||
credentials-passing), as was already done for the system bus.
|
||
|
||
This avoids falling back to DBUS_COOKIE_SHA1, which relies on strongly
|
||
unpredictable pseudo-random numbers.
|
||
|
||
If you are using D-Bus over the (unencrypted!) tcp: or nonce-tcp: transport,
|
||
in conjunction with DBUS_COOKIE_SHA1 and a shared home directory using
|
||
NFS or similar, you will need to reconfigure the session bus to accept
|
||
DBUS_COOKIE_SHA1 by commenting out the <auth> element. This configuration
|
||
is not recommended.
|
||
|
||
(fd.o #90414, Simon McVittie)
|
||
|
||
• When asked for random numbers for DBUS_COOKIE_SHA1, the nonce-tcp:
|
||
transport, UUIDs or any other reason, fail if we cannot obtain entropy
|
||
(from /dev/urandom or CryptGenRandom()) or an out-of-memory condition
|
||
occurs, instead of silently falling back to low-entropy pseudorandom
|
||
numbers from rand(). (fd.o #90414; Simon McVittie, Ralf Habacker)
|
||
|
||
Enhancements:
|
||
|
||
• Add dbus_message_iter_get_element_count()
|
||
(fd.o #30350; Christian Dywan, Simon McVittie)
|
||
|
||
• Introduce new internal DBusSocket and DBusPollable types so we can
|
||
stop treating the Windows SOCKET type as if it was int. DBusSocket
|
||
is specifically a socket, cross-platform. DBusPollable is whatever
|
||
_dbus_poll() can act on, i.e. a fd on Unix or a SOCKET on Windows.
|
||
(fd.o #89444; Ralf Habacker, Simon McVittie)
|
||
|
||
• All regression tests now output TAP <https://testanything.org/>
|
||
(fd.o #89846, Simon McVittie)
|
||
|
||
• Internal APIs consistently use signed values for timestamps
|
||
(fd.o #18494, Peter McCurdy)
|
||
|
||
• Improve diagnostics when UpdateActivationEnvironment calls are rejected
|
||
(fd.o #88812, Simon McVittie)
|
||
|
||
• Clean up a lot of compiler warnings
|
||
(fd.o #17289, fd.o #89284; Ralf Habacker, Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• Add locking to DBusCounter's reference count and notify function
|
||
(fd.o #89297, Adrian Szyndela)
|
||
|
||
• Ensure that DBusTransport's reference count is protected by the
|
||
corresponding DBusConnection's lock (fd.o #90312, Adrian Szyndela)
|
||
|
||
• Correctly release DBusServer mutex before early-return if we run out
|
||
of memory while copying authentication mechanisms (fd.o #90021,
|
||
Ralf Habacker)
|
||
|
||
• Make dbus-test-tool and dbus-update-activation-environment portable
|
||
to Windows (fd.o #90089, Ralf Habacker)
|
||
|
||
• Correctly initialize all fields of DBusTypeReader (fd.o #90021;
|
||
Ralf Habacker, Simon McVittie)
|
||
|
||
• Fix some missing \n in verbose (debug log) messages (fd.o #90004,
|
||
Ralf Habacker)
|
||
|
||
• Clean up some memory and fd leaks in test code and tools
|
||
(fd.o #90021, Ralf Habacker)
|
||
|
||
• Fix a NULL dereference if the dbus-daemon cannot read a configuration
|
||
directory for a reason that is not ENOENT (fd.o #90021, Ralf Habacker)
|
||
|
||
• CMake generates a versioned shared library even if the revision is 0,
|
||
as it usually is on the development branch. (fd.o #89450, Ralf Habacker)
|
||
|
||
D-Bus 1.9.14 (2015-03-02)
|
||
==
|
||
|
||
The “don't stand in the poison cloud” release.
|
||
|
||
Dependencies:
|
||
|
||
• dbus-daemon and dbus-daemon-launch-helper now require libdbus. They
|
||
were previously linked to a static version of libdbus.
|
||
|
||
• The tests no longer require dbus-glib in order to exercise the libdbus
|
||
shared library; they are always linked to libdbus now.
|
||
|
||
Build-time configuration:
|
||
|
||
• The new --enable-user-session option, off by default, can be enabled
|
||
by OS integrators intending to use systemd to provide a session bus
|
||
per user (in effect, treating all concurrent graphical and non-graphical
|
||
login sessions as one large session)
|
||
|
||
Enhancements:
|
||
|
||
• All executables are now linked dynamically to libdbus.
|
||
(fd.o #83115; Bertrand SIMONNET, Simon McVittie, Ralf Habacker)
|
||
|
||
• On platforms that support them (GNU libc and possibly others),
|
||
libdbus now has versioned symbols for its public API.
|
||
All public symbols (visible in the header files) are currently
|
||
versioned as LIBDBUS_1_3; private symbols starting with _dbus or
|
||
dbus_internal have a version that changes with each release, and
|
||
must not be used by applications. (also fd.o #83115)
|
||
|
||
• New listenable address mode "unix:runtime=yes" which listens on
|
||
a real filesystem (non-abstract) socket $XDG_RUNTIME_DIR/bus
|
||
(fd.o #61303; Colin Walters, Alexander Larsson, Simon McVittie)
|
||
|
||
• Add optional systemd units for a per-user bus listening on
|
||
$XDG_RUNTIME_DIR/bus (fd.o #61301; Simon McVittie, Colin Walters)
|
||
|
||
• On Unix platforms, both libdbus and "dbus-launch --autolaunch"
|
||
default to connecting to $XDG_RUNTIME_DIR/bus if it is a socket
|
||
(also fd.o #61301)
|
||
|
||
• New dbus-update-activation-environment tool uploads environment
|
||
variables to "dbus-daemon --session" and optionally "systemd --user",
|
||
primarily as a way to keep the per-user bus compatible with
|
||
distributions' existing X11 login scripts (also fd.o #61301)
|
||
|
||
• <includedir/> elements in dbus-daemon configuration are now silently
|
||
ignored if the directory does not exist. (fd.o #89280, Dimitri John Ledkov)
|
||
|
||
• Add microsecond-resolution timestamps to the default output of
|
||
dbus-monitor and dbus-send (fd.o #88896; Ralf Habacker, Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• Fix a race condition in the 'monitor' test introduced in 1.9.10
|
||
(fd.o #89222, Simon McVittie)
|
||
|
||
D-Bus 1.9.12 (2015-02-19)
|
||
==
|
||
|
||
The “monster lasagna” release.
|
||
|
||
Dependencies:
|
||
|
||
• Ducktype and yelp-tools are now required to build complete documentation
|
||
(they are optional for normal builds).
|
||
|
||
Enhancements:
|
||
|
||
• D-Bus Specification version 0.26
|
||
· GetConnectionCredentials can return LinuxSecurityLabel or WindowsSID
|
||
· document the BecomeMonitor method
|
||
|
||
• On Linux, add LinuxSecurityLabel to GetConnectionCredentials
|
||
(fd.o #89041; Tyler Hicks, Simon McVittie)
|
||
|
||
• On Linux, add support for AppArmor mediation of message sending and
|
||
receiving and name ownership (paralleling existing SELinux mediation
|
||
support), and eavesdropping (a new check, currently AppArmor-specific)
|
||
(fd.o #75113; John Johansen, Tyler Hicks, Simon McVittie)
|
||
|
||
• In dbus-send and dbus-monitor, pretty-print \0-terminated bytestrings
|
||
that have printable ASCII contents; we previously only did this for
|
||
unterminated bytestrings (fd.o #89109, Simon McVittie)
|
||
|
||
• Add a guide to designing good D-Bus APIs (fd.o #88994, Philip Withnall)
|
||
|
||
• On Windows, add WindowsSID to GetConnectionCredentials
|
||
(fd.o #54445, Ralf Habacker)
|
||
|
||
• Improve clarity of dbus-monitor --profile output and add more columns
|
||
(fd.o #89165, Ralf Habacker)
|
||
|
||
• Add a man page for dbus-test-tool, and build it under CMake as well
|
||
as Autotools (fd.o#89086, Simon McVittie)
|
||
|
||
• If dbus-daemon was compiled with --enable-verbose, add a D-Bus API
|
||
to control it at runtime, overriding the DBUS_VERBOSE environment variable
|
||
(fd.o #88896, Ralf Habacker)
|
||
|
||
Fixes:
|
||
|
||
• Reduce the number of file descriptors used in the fd-passing test,
|
||
avoiding failure under the default Linux fd limit, and automatically
|
||
skip it if the rlimit is too small (fd.o #88998, Simon McVittie)
|
||
|
||
D-Bus 1.9.10 (2015-02-09)
|
||
==
|
||
|
||
The “sad cyborgs” release.
|
||
|
||
Security fixes merged from 1.8.16:
|
||
|
||
• Do not allow non-uid-0 processes to send forged ActivationFailure
|
||
messages. On Linux systems with systemd activation, this would
|
||
allow a local denial of service: unprivileged processes could
|
||
flood the bus with these forged messages, winning the race with
|
||
the actual service activation and causing an error reply
|
||
to be sent back when service auto-activation was requested.
|
||
This does not prevent the real service from being started,
|
||
so the attack only works while the real service is not running.
|
||
(CVE-2015-0245, fd.o #88811; Simon McVittie)
|
||
|
||
Enhancements:
|
||
|
||
• The new Monitoring interface in the dbus-daemon lets dbus-monitor and
|
||
similar tools receive messages without altering the security properties
|
||
of the system bus, by calling the new BecomeMonitor method on a
|
||
private connection. This bypasses the normal <allow> and <deny> rules
|
||
entirely, so to preserve normal message-privacy assumptions, only root
|
||
is allowed to do this on the system bus. Restricted environments,
|
||
such as Linux with LSMs, should lock down access to the Monitoring
|
||
interface. (fd.o #46787, Simon McVittie)
|
||
|
||
• dbus-monitor uses BecomeMonitor to capture more traffic, if the
|
||
dbus-daemon supports it and access permissions allow it.
|
||
It still supports the previous approach ("eavesdropping" match rules)
|
||
for compatibility with older bus daemons. (fd.o #46787, Simon)
|
||
|
||
• dbus-monitor can now log the message stream as binary data for later
|
||
analysis, with either no extra framing beyond the normal D-Bus headers,
|
||
or libpcap-compatible framing treating each D-Bus message
|
||
as a captured packet. (fd.o #46787, Simon)
|
||
|
||
Other fixes:
|
||
|
||
• Fix some CMake build regressions (fd.o #88964, Ralf Habacker)
|
||
|
||
• On Unix, forcibly terminate regression tests after 60 seconds to
|
||
prevent them from blocking continuous integration frameworks
|
||
(fd.o #46787, Simon)
|
||
|
||
D-Bus 1.9.8 (2015-02-03)
|
||
==
|
||
|
||
The “all the types of precipitation” release.
|
||
|
||
Dependencies:
|
||
|
||
• full test coverage now requires GLib 2.36
|
||
• full test coverage now requires PyGI (PyGObject 3,
|
||
"import gi.repository.GObject") instead of the
|
||
obsolete PyGObject 2 ("import gobject")
|
||
|
||
Enhancements:
|
||
|
||
• add GLib-style "installed tests" (fd.o #88810, Simon McVittie)
|
||
|
||
• better regression test coverage, including systemd activation
|
||
(fd.o #57952, #88810; Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• fatal errors correctly make the dbus-daemon exit even if <syslog/> is
|
||
turned off (fd.o #88808, Simon McVittie)
|
||
|
||
• TCP sockets on Windows no longer fail to listen approximately 1 time
|
||
in 256, caused by a logic error that should have always made it fail but
|
||
was mitigated by incorrect endianness for the port number
|
||
(fd.o #87999, Ralf Habacker)
|
||
|
||
• fix some Windows build failures (fd.o #88009, #88010; Ralf Habacker)
|
||
|
||
• on Windows, allow up to 8K connections to the dbus-daemon instead of the
|
||
previous 64, completing a previous fix which only worked under
|
||
Autotools (fd.o #71297, Ralf Habacker)
|
||
|
||
• on Windows, if the IP family is unspecified only use IPv4,
|
||
to mitigate IPv6 not working correctly (fd.o #87999, Ralf Habacker)
|
||
|
||
• fix some unlikely memory leaks on OOM (fd.o #88087, Simon McVittie)
|
||
|
||
• lcov code coverage analysis works again (fd.o #88808, Simon McVittie)
|
||
|
||
• fix an unused function error with --disable-embedded-tests (fd.o #87837,
|
||
Thiago Macieira)
|
||
|
||
D-Bus 1.9.6 (2015-01-05)
|
||
==
|
||
|
||
The “I do have a bread knife” release.
|
||
|
||
Security hardening:
|
||
|
||
• Do not allow calls to UpdateActivationEnvironment from uids other than
|
||
the uid of the dbus-daemon. If a system service installs unsafe
|
||
security policy rules that allow arbitrary method calls
|
||
(such as CVE-2014-8148) then this prevents memory consumption and
|
||
possible privilege escalation via UpdateActivationEnvironment.
|
||
|
||
We believe that in practice, privilege escalation here is avoided
|
||
by dbus-daemon-launch-helper sanitizing its environment; but
|
||
it seems better to be safe.
|
||
|
||
• Do not allow calls to UpdateActivationEnvironment or the Stats interface
|
||
on object paths other than /org/freedesktop/DBus. Some system services
|
||
install unsafe security policy rules that allow arbitrary method calls
|
||
to any destination, method and interface with a specified object path;
|
||
while less bad than allowing arbitrary method calls, these security
|
||
policies are still harmful, since dbus-daemon normally offers the
|
||
same API on all object paths and other system services might behave
|
||
similarly.
|
||
|
||
Other fixes:
|
||
|
||
• Add missing initialization so GetExtendedTcpTable doesn't crash on
|
||
Windows Vista SP0 (fd.o #77008, Илья А. Ткаченко)
|
||
|
||
D-Bus 1.9.4 (2014-11-24)
|
||
==
|
||
|
||
The “extra-sturdy caramel” release.
|
||
|
||
Fixes:
|
||
|
||
• Partially revert the CVE-2014-3639 patch by increasing the default
|
||
authentication timeout on the system bus from 5 seconds back to 30
|
||
seconds, since this has been reported to cause boot regressions for
|
||
some users, mostly with parallel boot (systemd) on slower hardware.
|
||
|
||
On fast systems where local users are considered particularly hostile,
|
||
administrators can return to the 5 second timeout (or any other value
|
||
in milliseconds) by saving this as /etc/dbus-1/system-local.conf:
|
||
|
||
<busconfig>
|
||
<limit name="auth_timeout">5000</limit>
|
||
</busconfig>
|
||
|
||
(fd.o #86431, Simon McVittie)
|
||
|
||
• Add a message in syslog/the Journal when the auth_timeout is exceeded
|
||
(fd.o #86431, Simon McVittie)
|
||
|
||
• Send back an AccessDenied error if the addressed recipient is not allowed
|
||
to receive a message (and in builds with assertions enabled, don't
|
||
assert under the same conditions). (fd.o #86194, Jacek Bukarewicz)
|
||
|
||
D-Bus 1.9.2 (2014-11-10)
|
||
==
|
||
|
||
The “structurally unsound flapjack” release.
|
||
|
||
Security fixes:
|
||
|
||
• Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536
|
||
so that CVE-2014-3636 part A cannot exhaust the system bus'
|
||
file descriptors, completing the incomplete fix in 1.8.8.
|
||
(CVE-2014-7824, fd.o #85105; Simon McVittie, Alban Crequy)
|
||
|
||
Enhancements:
|
||
|
||
• D-Bus Specification version 0.25
|
||
· new value 'const' for EmitsChangedSignal annotation
|
||
(fd.o #72958, Lennart Poettering)
|
||
· new ALLOW_INTERACTIVE_AUTHORIZATION flag, for PolicyKit and similar
|
||
(fd.o #83449; Lennart Poettering, Simon McVittie)
|
||
· annotate table of types with reserved/basic/container, and for
|
||
basic types, fixed/string-like
|
||
· clarify arbitrary limits by quoting them in mebibytes
|
||
|
||
• New API: add accessors for the ALLOW_INTERACTIVE_AUTHORIZATION flag
|
||
(fd.o #83449, Simon McVittie)
|
||
|
||
• Add dbus-test-tool, a D-Bus swiss army knife with multiple subcommands,
|
||
useful for debugging and performance testing:
|
||
· dbus-test-tool spam: send repeated messages
|
||
· dbus-test-tool echo: send an empty reply for all method calls
|
||
· dbus-test-tool black-hole: do not reply to method calls
|
||
(fd.o #34140; Alban Crequy, Simon McVittie, Will Thompson)
|
||
|
||
• Add support for process ID in credentials-passing on NetBSD
|
||
(fd.o #69702, Patrick Welche)
|
||
|
||
• Add an example script to find potentially undesired match rules
|
||
(fd.o #84598, Alban Crequy)
|
||
|
||
• Document the central assumption that makes our use of credentials-passing
|
||
secure (fd.o #83499, Simon McVittie)
|
||
|
||
• Replace the dbus-glib section of the tutorial with a GDBus recommendation,
|
||
and add some links to GDBus and QtDBus documentation (fd.o #25140,
|
||
Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• Use a less confusing NoReply message when disconnected with a reply pending
|
||
(fd.o #76112, Simon McVittie)
|
||
|
||
• Make the .pc file relocatable by letting pkg-config do all variable
|
||
expansion itself (fd.o #75858, Руслан Ижбулатов)
|
||
|
||
• Fix a build failure on platforms with kqueue, which regressed in 1.9.0
|
||
(fd.o #85563, Patrick Welche)
|
||
|
||
• Consistently save errno after socket calls (fd.o #83625, Simon McVittie)
|
||
|
||
• In dbus-spawn, when the grandchild process exits due to a failed exec(),
|
||
do not lose the exec() errno (fd.o #24821, Simon McVittie)
|
||
|
||
• Do not fail the tests if a parent process has leaked non-close-on-exec
|
||
file descriptors to us (fd.o #73689, fd.o #83899; Simon McVittie)
|
||
|
||
• Do not fail the tests on Unix platforms with incomplete
|
||
credentials-passing support, but do fail if we can't pass credentials
|
||
on a platform where it is known to work: Linux, FreeBSD, OpenBSD, NetBSD
|
||
(fd.o #69702, Simon McVittie)
|
||
|
||
• Detect accept4, dirfd, inotify_init1, pipe2, and Unix fd passing
|
||
when building with cmake, and expand test coverage there
|
||
(fd.o #73689; Ralf Habacker, Simon McVittie)
|
||
|
||
D-Bus 1.9.0 (2014-10-01)
|
||
==
|
||
|
||
The “tiered cheeses” release.
|
||
|
||
Requirements:
|
||
|
||
• Support for the systemd: (LISTEN_FDS) pseudo-transport on Linux now
|
||
requires either the libsystemd or libsd-daemon shared library, dropping the
|
||
embedded convenience copy of sd-daemon (fd.o #71818, Simon)
|
||
|
||
Build-time configuration changes:
|
||
|
||
• The Stats interface is now enabled by default, and locked-down to
|
||
root-only on the system bus. Configure with --disable-stats
|
||
to disable it altogether on memory- or disk-constrained systems,
|
||
or see ${docdir}/examples/ to open it up to non-root users on the
|
||
system bus or restrict access on the session bus.
|
||
(fd.o #80759; Simon McVittie, Alban Crequy)
|
||
|
||
• The CMake build system now builds the same shared library name as Autotools
|
||
on at least Linux and Windows:
|
||
- on Linux (and perhaps other Unix platforms), it previously built
|
||
libdbus-1.so, but now builds libdbus-1.so.3.* with development
|
||
symlink libdbus-1.so and SONAME/symlink libdbus-1.so.3
|
||
- on Windows, it previously built either libdbus-1.dll (release) or
|
||
libdbus-1d.dll (debug), but now builds libdbus-1-3.dll, copied to
|
||
libdbus-1.dll for compatibility with older applications.
|
||
(fd.o #74117, Ralf Habacker)
|
||
|
||
Enhancements:
|
||
|
||
• D-Bus Specification version 0.24
|
||
· document how to quote match rules (fd.o #24307, Simon McVittie)
|
||
· explicitly say that most message types never expect a reply
|
||
regardles of whether they have NO_REPLY_EXPECTED
|
||
(fd.o #75749, Simon McVittie)
|
||
|
||
• on Unix platforms, disable Nagle's algorithm on TCP connections to improve
|
||
initial latency (fd.o #75544, Matt Hoosier)
|
||
|
||
• use backtrace() if it is in -lexecinfo instead of libc, as on NetBSD
|
||
(fd.o #69702, Patrick Welche)
|
||
|
||
• in dbus-monitor, print more information about file descriptors
|
||
(fd.o #80603, Alban Crequy)
|
||
|
||
• do not install system bus configuration if built for Windows
|
||
(fd.o #83583; Ralf Habacker, Simon McVittie)
|
||
|
||
• Add GetAllMatchRules to the Stats interface (fd.o #24307, Alban Crequy)
|
||
|
||
• Add a regression test for file descriptor passing (fd.o #83622,
|
||
Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• fix an incorrect error message if a Unix socket path is too long
|
||
(fd.o #73887, Antoine Jacoutot)
|
||
|
||
• in an MSYS/Cygwin environment, pass Unix-style filenames to xmlto,
|
||
fixing documentation generation (fd.o #75860, Руслан Ижбулатов)
|
||
|
||
• in Unix with X11, avoid giving dbus-launch a misleading argv[0]
|
||
in ps(1) (fd.o #69716, Chengwei Yang)
|
||
|
||
• avoid calling poll() with timeout < -1, which is considered invalid
|
||
on FreeBSD and NetBSD (fd.o #78480, Jaap Boender)
|
||
|
||
• be portable to BSD-derived platforms where O_CLOEXEC is unavailable in libc
|
||
(like Mac OS X 10.6), or available in libc but unsupported by the kernel
|
||
(fd.o #77032; rmvsxop, OBATA Akio, Patrick Welche)
|
||
|
||
• Fix include path for test/internal/*.c with cmake (Ralf Habacker)
|
||
|
||
• Documentation improvements
|
||
(fd.o #80795, #84313; Thomas Haller, Sebastian Rasmussen)
|
||
|
||
• in dbus-monitor, do not leak file descriptors that we have monitored
|
||
(fd.o #80603, Alban Crequy)
|
||
|
||
• Set the close-on-exec flag for the inotify file descriptor, even
|
||
if built with CMake or older libc (fd.o #73689, Simon McVittie)
|
||
|
||
• Remove some LGPL code from the Windows dbus-daemon
|
||
(fd.o #57272, Ralf Habacker)
|
||
|
||
D-Bus 1.8.8 (2014-09-16)
|
||
==
|
||
|
||
The "smashy smashy egg man" release.
|
||
|
||
Security fixes:
|
||
|
||
• Do not accept an extra fd in the padding of a cmsg message, which
|
||
could lead to a 4-byte heap buffer overrun.
|
||
(CVE-2014-3635, fd.o #83622; Simon McVittie)
|
||
|
||
• Reduce default for maximum Unix file descriptors passed per message
|
||
from 1024 to 16, preventing a uid with the default maximum number of
|
||
connections from exhausting the system bus' file descriptors under
|
||
Linux's default rlimit. Distributors or system administrators with a
|
||
more restrictive fd limit may wish to reduce these limits further.
|
||
|
||
Additionally, on Linux this prevents a second denial of service
|
||
in which the dbus-daemon can be made to exceed the maximum number
|
||
of fds per sendmsg() and disconnect the process that would have
|
||
received them.
|
||
(CVE-2014-3636, fd.o #82820; Alban Crequy)
|
||
|
||
• Disconnect connections that still have a fd pending unmarshalling after
|
||
a new configurable limit, pending_fd_timeout (defaulting to 150 seconds),
|
||
removing the possibility of creating an abusive connection that cannot be
|
||
disconnected by setting up a circular reference to a connection's
|
||
file descriptor.
|
||
(CVE-2014-3637, fd.o #80559; Alban Crequy)
|
||
|
||
• Reduce default for maximum pending replies per connection from 8192 to 128,
|
||
mitigating an algorithmic complexity denial-of-service attack
|
||
(CVE-2014-3638, fd.o #81053; Alban Crequy)
|
||
|
||
• Reduce default for authentication timeout on the system bus from
|
||
30 seconds to 5 seconds, avoiding denial of service by using up
|
||
all unauthenticated connection slots; and when all unauthenticated
|
||
connection slots are used up, make new connection attempts block
|
||
instead of disconnecting them.
|
||
(CVE-2014-3639, fd.o #80919; Alban Crequy)
|
||
|
||
Other fixes:
|
||
|
||
• Check for libsystemd from systemd >= 209, falling back to
|
||
the older separate libraries if not found (Umut Tezduyar Lindskog,
|
||
Simon McVittie)
|
||
|
||
• On Linux, use prctl() to disable core dumps from a test executable
|
||
that deliberately raises SIGSEGV to test dbus-daemon's handling
|
||
of that condition (fd.o #83772, Simon McVittie)
|
||
|
||
• Fix compilation with --enable-stats (fd.o #81043, Gentoo #507232;
|
||
Alban Crequy)
|
||
|
||
• Improve documentation for running tests on Windows (fd.o #41252,
|
||
Ralf Habacker)
|
||
|
||
D-Bus 1.8.6 (2014-06-02)
|
||
==
|
||
|
||
Security fixes:
|
||
|
||
• On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, silently drop
|
||
the message. This prevents an attack in which a malicious client can
|
||
make dbus-daemon disconnect a system service, which is a local
|
||
denial of service.
|
||
(fd.o #80163, CVE-2014-3532; Alban Crequy)
|
||
|
||
• Track remaining Unix file descriptors correctly when more than one
|
||
message in quick succession contains fds. This prevents another attack
|
||
in which a malicious client can make dbus-daemon disconnect a system
|
||
service.
|
||
(fd.o #79694, fd.o #80469, CVE-2014-3533; Alejandro Martínez Suárez,
|
||
Simon McVittie, Alban Crequy)
|
||
|
||
Other fixes:
|
||
|
||
• When dbus-launch --exit-with-session starts a dbus-daemon but then cannot
|
||
attach to a session, kill the dbus-daemon as intended
|
||
(fd.o #74698, Роман Донченко)
|
||
|
||
D-Bus 1.8.4 (2014-06-10)
|
||
==
|
||
|
||
Security fix:
|
||
|
||
• Alban Crequy at Collabora Ltd. discovered and fixed a denial-of-service
|
||
flaw in dbus-daemon, part of the reference implementation of D-Bus.
|
||
Additionally, in highly unusual environments the same flaw could lead to
|
||
a side channel between processes that should not be able to communicate.
|
||
(CVE-2014-3477, fd.o #78979)
|
||
|
||
D-Bus 1.8.2 (2014-04-30)
|
||
==
|
||
|
||
The “nobody wants red” release.
|
||
|
||
Enhancements:
|
||
|
||
• in the CMake build system, add some hints for Linux users cross-compiling
|
||
Windows D-Bus binaries to be able to run tests under Wine
|
||
(fd.o #41252, Ralf Habacker)
|
||
|
||
• add Documentation key to dbus.service (fd.o #77447, Cameron Norman)
|
||
|
||
Fixes:
|
||
|
||
• in "dbus-uuidgen --ensure", try to copy systemd's /etc/machine-id
|
||
to /var/lib/dbus/machine-id instead of generating an entirely new ID
|
||
(fd.o #77941, Simon McVittie)
|
||
|
||
• if dbus-launch receives an X error very quickly, do not kill
|
||
unrelated processes (fd.o #74698, Роман Донченко)
|
||
|
||
• on Windows, allow up to 8K connections to the dbus-daemon, instead of the
|
||
previous 64 (fd.o #71297; Cristian Onet, Ralf Habacker)
|
||
|
||
• cope with \r\n newlines in regression tests, since on Windows,
|
||
dbus-daemon.exe uses text mode (fd.o #75863, Руслан Ижбулатов)
|
||
|
||
D-Bus 1.8.0 (2014-01-20)
|
||
==
|
||
|
||
The “Wolverine distrusts my printer” release.
|
||
|
||
This starts a new stable branch. The 1.6.x branch is now considered to be
|
||
outdated, and will only receive fixes for serious bugs such as security
|
||
flaws. The 1.4.x and 1.2.x branches no longer have upstream support and
|
||
are unlikely to get any more releases, but if distributors still need to
|
||
support them, please share security patches via upstream.
|
||
|
||
Summary of changes since 1.6.x:
|
||
|
||
• libdbus always behaves as if dbus_threads_init_default() had been called
|
||
(thread-safety by default)
|
||
• new dbus-run-session tool, replacing certain misuses of dbus-launch
|
||
• dbus-monitor can talk to outdated versions of dbus-daemon again
|
||
• new org.freedesktop.DBus.GetConnectionCredentials method
|
||
• GetConnectionUnixProcessID also works correctly on Windows, returning
|
||
the Windows process ID
|
||
• GetConnectionWindowsSID returns the correct SID on Windows
|
||
• expat is required, libxml2 can no longer be used as a substitute
|
||
• the userDB cache is required, and cannot be disabled
|
||
• a 64-bit integer type (either int, long, long long or _int64) is required
|
||
• better systemd-journald integration on Linux
|
||
• fixed long-standing fd and array leaks when failing to parse a message
|
||
• fixed referenced-but-never-freed parent nodes (effectively memory leaks)
|
||
when using certain object-path allocation patterns, notably in Avahi
|
||
• better defaults for Windows support
|
||
• better CMake support
|
||
• better portability to mingw32, FreeBSD, NetBSD, QNX and Hurd
|
||
• the source language for the man pages is now Docbook XML
|
||
|
||
Enhancements since 1.7.10:
|
||
|
||
• Enhance the CMake build system to check for GLib and compile/run
|
||
a subset of the regression tests (fd.o #41252, #73495; Ralf Habacker)
|
||
|
||
Fixes since 1.7.10:
|
||
|
||
• don't rely on va_copy(), use DBUS_VA_COPY() wrapper (fd.o #72840,
|
||
Ralf Habacker)
|
||
|
||
• fix compilation of systemd journal support on older systemd versions where
|
||
sd-journal.h doesn't include syslog.h (fd.o #73455, Ralf Habacker)
|
||
|
||
• fix compilation on older MSVC versions by including stdlib.h
|
||
(fd.o #73455, Ralf Habacker)
|
||
|
||
• Allow <allow_anonymous/> to appear in an included configuration file
|
||
(fd.o #73475, Matt Hoosier)
|
||
|
||
Test behaviour changes since 1.7.10:
|
||
|
||
• If the tests crash with an assertion failure, they no longer default to
|
||
blocking for a debugger to be attached. Set DBUS_BLOCK_ON_ABORT in the
|
||
environment if you want the old behaviour.
|
||
|
||
• To improve debuggability, the dbus-daemon and dbus-daemon-eavesdrop tests
|
||
can be run with an external dbus-daemon by setting
|
||
DBUS_TEST_DAEMON_ADDRESS in the environment. Test-cases that require
|
||
an unusually-configured dbus-daemon are skipped.
|
||
|
||
D-Bus 1.7.10 (2014-01-06)
|
||
==
|
||
|
||
The “weighted companion cube” release.
|
||
|
||
This is a release candidate for D-Bus 1.8.
|
||
|
||
D-Bus Specification 0.23:
|
||
|
||
• don't require messages with no INTERFACE to be dispatched
|
||
(fd.o #68597, Simon McVittie)
|
||
|
||
• document "tcp:bind=..." and "nonce-tcp:bind=..." (fd.o #72301,
|
||
Chengwei Yang)
|
||
|
||
• define "listenable" and "connectable" addresses, and discuss
|
||
the difference (fd.o #61303, Simon McVittie)
|
||
|
||
Enhancements:
|
||
|
||
• support printing Unix file descriptors in dbus-send, dbus-monitor
|
||
(fd.o #70592, Robert Ancell)
|
||
|
||
• don't install systemd units if --disable-systemd is given
|
||
(fd.o #71818, Chengwei Yang)
|
||
|
||
Fixes:
|
||
|
||
• don't leak memory on out-of-memory while listing activatable or
|
||
active services (fd.o #71526, Radoslaw Pajak)
|
||
|
||
• fix undefined behaviour in a regression test (fd.o #69924, DreamNik)
|
||
|
||
• escape Unix socket addresses correctly (fd.o #46013, Chengwei Yang)
|
||
|
||
• on SELinux systems, don't assume that SECCLASS_DBUS, DBUS__ACQUIRE_SVC
|
||
and DBUS__SEND_MSG are numerically equal to their values in the
|
||
reference policy (fd.o #88719, osmond sun)
|
||
|
||
• define PROCESS_QUERY_LIMITED_INFORMATION if missing from MinGW < 4 headers
|
||
(fd.o #71366, Matt Fischer)
|
||
|
||
• define WIN32_LEAN_AND_MEAN to avoid conflicts between winsock.h and
|
||
winsock2.h (fd.o #71405, Matt Fischer)
|
||
|
||
• do not return failure from _dbus_read_nonce() with no error set,
|
||
preventing a potential crash (fd.o #72298, Chengwei Yang)
|
||
|
||
• on BSD systems, avoid some O(1)-per-process memory and fd leaks in kqueue,
|
||
preventing test failures (fd.o #69332, fd.o #72213; Chengwei Yang)
|
||
|
||
• fix warning spam on Hurd by not trying to set SO_REUSEADDR on Unix sockets,
|
||
which doesn't do anything anyway on at least Linux and FreeBSD
|
||
(fd.o #69492, Simon McVittie)
|
||
|
||
• fix use of TCP sockets on FreeBSD and Hurd by tolerating EINVAL from
|
||
sendmsg() with SCM_CREDS (retrying with plain send()), and looking
|
||
for credentials more correctly (fd.o #69492, Simon McVittie)
|
||
|
||
• ensure that tests run with a temporary XDG_RUNTIME_DIR to avoid
|
||
getting mixed up in XDG/systemd "user sessions" (fd.o #61301,
|
||
Simon McVittie)
|
||
|
||
• refresh cached policy rules for existing connections when bus
|
||
configuration changes (fd.o #39463, Chengwei Yang)
|
||
|
||
D-Bus 1.7.8 (2013-11-01)
|
||
==
|
||
|
||
The “extreme hills” release.
|
||
|
||
Dependencies:
|
||
|
||
• If systemd support is enabled, libsystemd-journal is now required.
|
||
|
||
Enhancements:
|
||
|
||
• When activating a non-systemd service under systemd, annotate its
|
||
stdout/stderr with its bus name in the Journal. Known limitation:
|
||
because the socket is opened before forking, the process will still be
|
||
logged as if it had dbus-daemon's process ID and user ID.
|
||
(fd.o #68559, Chengwei Yang)
|
||
|
||
• Document more configuration elements in dbus-daemon(1)
|
||
(fd.o #69125, Chengwei Yang)
|
||
|
||
Fixes:
|
||
|
||
• Don't leak string arrays or fds if dbus_message_iter_get_args_valist()
|
||
unpacks them and then encounters an error (fd.o #21259, Chengwei Yang)
|
||
|
||
• If compiled with libaudit, retain CAP_AUDIT_WRITE so we can write
|
||
disallowed method calls to the audit log, fixing a regression in 1.7.6
|
||
(fd.o #49062, Colin Walters)
|
||
|
||
• path_namespace='/' in match rules incorrectly matched nothing; it
|
||
now matches everything. (fd.o #70799, Simon McVittie)
|
||
|
||
D-Bus 1.7.6 (2013-10-09)
|
||
==
|
||
|
||
The “CSI Shrewsbury” release.
|
||
|
||
Build-time configuration changes:
|
||
|
||
• Directory change notification via dnotify on Linux is no longer
|
||
supported; it hadn't compiled successfully since 2010 in any case.
|
||
If you don't have inotify (Linux) or kqueue (*BSD), you will need
|
||
to send SIGHUP to the dbus-daemon when its configuration changes.
|
||
(fd.o #33001, Chengwei Yang)
|
||
|
||
• Compiling with --disable-userdb-cache is no longer supported;
|
||
it didn't work since at least 2008, and would lead to an extremely
|
||
slow dbus-daemon even it worked. (fd.o #15589, #17133, #66947;
|
||
Chengwei Yang)
|
||
|
||
• The DBUS_DISABLE_ASSERTS CMake option didn't actually disable most
|
||
assertions. It has been renamed to DBUS_DISABLE_ASSERT to be consistent
|
||
with the Autotools build system. (fd.o #66142, Chengwei Yang)
|
||
|
||
• --with-valgrind=auto enables Valgrind instrumentation if and only if
|
||
valgrind headers are available. The default is still --with-valgrind=no.
|
||
(fd.o #56925, Simon McVittie)
|
||
|
||
Dependencies:
|
||
|
||
• Platforms with no 64-bit integer type are no longer supported.
|
||
(fd.o #65429, Simon McVittie)
|
||
|
||
• GNU make is now (documented to be) required. (fd.o #48277, Simon McVittie)
|
||
|
||
• Full test coverage no longer requires dbus-glib, although the tests do not
|
||
exercise the shared library (only a static copy) if dbus-glib is missing.
|
||
(fd.o #68852, Simon McVittie)
|
||
|
||
Enhancements:
|
||
|
||
• D-Bus Specification 0.22
|
||
· Document GetAdtAuditSessionData() and
|
||
GetConnectionSELinuxSecurityContext() (fd.o #54445, Simon)
|
||
· Fix example .service file (fd.o #66481, Chengwei Yang)
|
||
· Don't claim D-Bus is "low-latency" (lower than what?), just
|
||
give factual statements about it supporting async use
|
||
(fd.o #65141, Justin Lee)
|
||
· Document the contents of .service files, and the fact that
|
||
system services' filenames are constrained
|
||
(fd.o #66608; Simon McVittie, Chengwei Yang)
|
||
|
||
• Be thread-safe by default on all platforms, even if
|
||
dbus_threads_init_default() has not been called. For compatibility with
|
||
older libdbus, library users should continue to call
|
||
dbus_threads_init_default(): it is harmless to do so.
|
||
(fd.o #54972, Simon McVittie)
|
||
|
||
• Add GetConnectionCredentials() method (fd.o #54445, Simon)
|
||
|
||
• New API: dbus_setenv(), a simple wrapper around setenv().
|
||
Note that this is not thread-safe. (fd.o #39196, Simon)
|
||
|
||
• Add dbus-send --peer=ADDRESS (connect to a given peer-to-peer connection,
|
||
like --address=ADDRESS in previous versions) and dbus-send --bus=ADDRESS
|
||
(connect to a given bus, like dbus-monitor --address=ADDRESS).
|
||
dbus-send --address still exists for backwards compatibility,
|
||
but is no longer documented. (fd.o #48816, Andrey Mazo)
|
||
|
||
• Windows-specific:
|
||
· "dbus-daemon --nofork" is allowed on Windows again. (fd.o #68852,
|
||
Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• Avoid an infinite busy-loop if a signal interrupts waitpid()
|
||
(fd.o #68945, Simon McVittie)
|
||
|
||
• Clean up memory for parent nodes when objects are unexported
|
||
(fd.o #60176, Thomas Fitzsimmons)
|
||
|
||
• Make dbus_connection_set_route_peer_messages(x, FALSE) behave as
|
||
documented. Previously, it assumed its second parameter was TRUE.
|
||
(fd.o #69165, Chengwei Yang)
|
||
|
||
• Escape addresses containing non-ASCII characters correctly
|
||
(fd.o #53499, Chengwei Yang)
|
||
|
||
• Document <servicedir> search order correctly (fd.o #66994, Chengwei Yang)
|
||
|
||
• Don't crash on "dbus-send --session / x.y.z" which regressed in 1.7.4.
|
||
(fd.o #65923, Chengwei Yang)
|
||
|
||
• If malloc() returns NULL in _dbus_string_init() or similar, don't free
|
||
an invalid pointer if the string is later freed (fd.o #65959, Chengwei Yang)
|
||
|
||
• If malloc() returns NULL in dbus_set_error(), don't va_end() a va_list
|
||
that was never va_start()ed (fd.o #66300, Chengwei Yang)
|
||
|
||
• fix build failure with --enable-stats (fd.o #66004, Chengwei Yang)
|
||
|
||
• fix a regression test on platforms with strict alignment (fd.o #67279,
|
||
Colin Walters)
|
||
|
||
• Avoid calling function parameters "interface" since certain Windows headers
|
||
have a namespace-polluting macro of that name (fd.o #66493, Ivan Romanov)
|
||
|
||
• Assorted Doxygen fixes (fd.o #65755, Chengwei Yang)
|
||
|
||
• Various thread-safety improvements to static variables (fd.o #68610,
|
||
Simon McVittie)
|
||
|
||
• Make "make -j check" work (fd.o #68852, Simon McVittie)
|
||
|
||
• Fix a NULL pointer dereference on an unlikely error path
|
||
(fd.o #69327, Sviatoslav Chagaev)
|
||
|
||
• Improve valgrind memory pool tracking (fd.o #69326,
|
||
Sviatoslav Chagaev)
|
||
|
||
• Don't over-allocate memory in dbus-monitor (fd.o #69329,
|
||
Sviatoslav Chagaev)
|
||
|
||
• dbus-monitor can monitor dbus-daemon < 1.5.6 again
|
||
(fd.o #66107, Chengwei Yang)
|
||
|
||
• Unix-specific:
|
||
· If accept4() fails with EINVAL, as it can on older Linux kernels
|
||
with newer glibc, try accept() instead of going into a busy-loop.
|
||
(fd.o #69026, Chengwei Yang)
|
||
· If socket() or socketpair() fails with EINVAL or EPROTOTYPE,
|
||
for instance on Hurd or older Linux with a new glibc, try without
|
||
SOCK_CLOEXEC. (fd.o #69073; Pino Toscano, Chengwei Yang)
|
||
· Fix a file descriptor leak on an error code path.
|
||
(fd.o #69182, Sviatoslav Chagaev)
|
||
· dbus-run-session: clear some unwanted environment variables
|
||
(fd.o #39196, Simon)
|
||
· dbus-run-session: compile on FreeBSD (fd.o #66197, Chengwei Yang)
|
||
· Don't fail the autolaunch test if there is no DISPLAY (fd.o #40352, Simon)
|
||
· Use dbus-launch from the builddir for testing, not the installed copy
|
||
(fd.o #37849, Chengwei Yang)
|
||
· Fix compilation if writev() is unavailable (fd.o #69409,
|
||
Vasiliy Balyasnyy)
|
||
· Remove broken support for LOCAL_CREDS credentials passing, and
|
||
document where each credential-passing scheme is used (fd.o #60340,
|
||
Simon McVittie)
|
||
· Make autogen.sh work on *BSD by not assuming GNU coreutils functionality
|
||
(fd.o #35881, #69787; Chengwei Yang)
|
||
· dbus-monitor: be portable to NetBSD (fd.o #69842, Chengwei Yang)
|
||
· dbus-launch: stop using non-portable asprintf (fd.o #37849, Simon)
|
||
· Improve error reporting from the setuid activation helper (fd.o #66728,
|
||
Chengwei Yang)
|
||
|
||
• Windows-specific:
|
||
· Remove unavailable command-line options from 'dbus-daemon --help'
|
||
(fd.o #42441, Ralf Habacker)
|
||
· Add support for looking up local TCPv4 clients' credentials on
|
||
Windows XP via the undocumented AllocateAndGetTcpExTableFromStack
|
||
function (fd.o #66060, Ralf Habacker)
|
||
· Fix insufficient dependency-tracking (fd.o #68505, Simon McVittie)
|
||
· Don't include wspiapi.h, fixing a compiler warning (fd.o #68852,
|
||
Simon McVittie)
|
||
|
||
• Internal changes:
|
||
· add DBUS_ENABLE_ASSERT, DBUS_ENABLE_CHECKS for less confusing
|
||
conditionals (fd.o #66142, Chengwei Yang)
|
||
· improve verbose-mode output (fd.o #63047, Colin Walters)
|
||
· consolidate Autotools and CMake build (fd.o #64875, Ralf Habacker)
|
||
· fix various unused variables, unusual build configurations
|
||
etc. (fd.o #65712, #65990, #66005, #66257, #69165, #69410, #70218;
|
||
Chengwei Yang, Vasiliy Balyasnyy)
|
||
|
||
D-Bus 1.7.4 (2013-06-13)
|
||
==
|
||
|
||
The “but is your thread-safety thread-safe?” release.
|
||
|
||
Security fixes:
|
||
|
||
• CVE-2013-2168: Fix misuse of va_list that could be used as a denial
|
||
of service for system services. Vulnerability reported by Alexandru Cornea.
|
||
(Simon)
|
||
|
||
Dependencies:
|
||
|
||
• The Windows version of libdbus now contains a C++ source file, used
|
||
to provide global initialization when the library is loaded.
|
||
gcc (mingw*) users should ensure that g++ is also installed.
|
||
|
||
• The libxml2-based configuration reader (which hasn't worked for 2.5 years,
|
||
and was never the recommended option) has been removed. Expat is now a
|
||
hard dependency.
|
||
|
||
Enhancements:
|
||
|
||
• It should now be safe to call dbus_threads_init_default() from any thread,
|
||
at any time. Authors of loadable modules and plugins that use libdbus
|
||
should consider doing so during initialization.
|
||
(fd.o #54972, Simon McVittie)
|
||
|
||
• Improve dbus-send documentation and command-line parsing (fd.o #65424,
|
||
Chengwei Yang)
|
||
|
||
Unix-specific:
|
||
· dbus-run-session: experimental new tool to start a temporary D-Bus
|
||
session, e.g. for regression tests or a text console, replacing
|
||
certain uses of dbus-launch which weren't really correct
|
||
(fd.o #39196, Simon)
|
||
|
||
Other fixes:
|
||
|
||
• In dbus-daemon, don't crash if a .service file starts with key=value
|
||
(fd.o #60853, Chengwei Yang)
|
||
|
||
• Unix-specific:
|
||
· Fix a crash similar to CVE-2013-2168 the first time we try to use syslog
|
||
on a platform not defining LOG_PERROR, such as Solaris or QNX.
|
||
This regressed in 1.7.0. (Simon)
|
||
· Fix an assertion failure if we try to activate systemd services before
|
||
systemd connects to the bus (fd.o #50199, Chengwei Yang)
|
||
· Avoid compiler warnings for ignoring the return from write()
|
||
(Chengwei Yang)
|
||
|
||
• Windows-specific:
|
||
· Under cmake, install runtime libraries (DLLs) into bin/ instead of lib/
|
||
so that Windows finds them (fd.o #59733, Ralf Habacker)
|
||
|
||
D-Bus 1.7.2 (2013-04-25)
|
||
==
|
||
|
||
The “only partially opaque” release.
|
||
|
||
Configuration changes:
|
||
|
||
• On non-QNX Unix platforms, the default limit on fds per message in the
|
||
session bus configuration has reduced from 4096 to 1024. The default
|
||
limit used on the system bus was already 1024. On QNX, both limits are
|
||
reduced further, to 128.
|
||
|
||
Enhancements:
|
||
|
||
• D-Bus Specification 0.21
|
||
· Following Unicode Corrigendum #9, the noncharacters U+nFFFE, U+nFFFF,
|
||
U+FDD0..U+FDEF are allowed in UTF-8 strings again. (fd.o #63072,
|
||
Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• Diagnose incorrect use of dbus_connection_get_data() with negative slot
|
||
(i.e. before allocating the slot) rather than returning junk
|
||
(fd.o #63127, Dan Williams)
|
||
|
||
• Fix a cmake build regression since 1.7.0 (fd.o #63682; Ralf Habacker,
|
||
Simon McVittie)
|
||
|
||
• Unix-specific:
|
||
· On Linux, link successfully with glibc 2.17 (fd.o #63166, Simon McVittie)
|
||
· Under systemd, log to syslog only, not stderr, avoiding duplication
|
||
(fd.o #61399, #39987; Colin Walters, Dagobert Michelsen)
|
||
· Under systemd, remove unnecessary dependency on syslog.socket
|
||
(fd.o #63531, Cristian Rodríguez)
|
||
· Include alloca.h for alloca() if available, fixing compilation on
|
||
Solaris 10 (fd.o #63071, Dagobert Michelsen)
|
||
· Allow use of systemd-logind without the rest of systemd
|
||
(fd.o #62585, Martin Pitt)
|
||
· When built with CMake, link to librt and use the right path for
|
||
meinproc's XSLT stylesheets (fd.o #61637, Ralf Habacker)
|
||
· Reduce the default limit on number of fds per message to 128 under
|
||
QNX, working around an arbitrary OS limit (fd.o #61176, Matt Fischer)
|
||
|
||
• Windows-specific:
|
||
· Do not claim that all bus clients have the dbus-daemon's credentials;
|
||
pick up local TCPv4 clients' credentials (process ID and security
|
||
identifier, i.e. user) using GetExtendedTcpTable() (fd.o #61787,
|
||
Ralf Habacker)
|
||
|
||
D-Bus 1.7.0 (2013-02-22)
|
||
==
|
||
|
||
The "Disingenuous Assertions" release.
|
||
|
||
This is a new development release, starting the 1.7.x branch. D-Bus 1.6
|
||
remains the recommended version for long-term-supported distributions
|
||
or the upcoming GNOME 3.8 release.
|
||
|
||
Build-time configuration changes:
|
||
|
||
• The --with-dbus-session-bus-default-address configure option is no longer
|
||
supported. Use the new --with-dbus-session-bus-connect-address and
|
||
--with-dbus-session-bus-listen-address options instead. On Windows, you
|
||
usually want them to have the same argument; on Unix, the defaults are
|
||
usually correct.
|
||
|
||
• Similarly, the DBUS_SESSION_BUS_DEFAULT_ADDRESS CMake variable is no longer
|
||
supported; use the new DBUS_SESSION_BUS_LISTEN_ADDRESS and
|
||
DBUS_SESSION_BUS_CONNECT_ADDRESS variables instead.
|
||
|
||
• cmake/cross-compile.sh has been removed. Instead, please use a
|
||
cross-toolchain file (-DCMAKE_TOOLCHAIN_FILE) as documented at
|
||
<http://www.vtk.org/Wiki/CMake_Cross_Compiling>; or use Autotools
|
||
as documented in "info automake Cross-Compilation", and set
|
||
PKG_CONFIG_PATH appropriately.
|
||
|
||
Requirements:
|
||
|
||
• Man pages now require xmlto (or either xmlto or meinproc, if using CMake).
|
||
• man2html is no longer used.
|
||
|
||
Enhancements:
|
||
|
||
• D-Bus Specification 0.20
|
||
· actually say that /org/freedesktop/DBus is the object that
|
||
implements o.fd.DBus (fd.o #51865, Colin Walters)
|
||
· various reorganisation for better clarity (fd.o #38252, Simon McVittie)
|
||
· stop claiming that all basic types work just like INT32 (strings don't!)
|
||
|
||
• The "source code" for the man pages is now Docbook XML, eliminating
|
||
the outdated duplicate copies used when building with CMake.
|
||
(fd.o #59805; Ralf Habacker, Simon McVittie)
|
||
|
||
Fixes:
|
||
|
||
• In the activation helper, when compiled for tests, do not reset the system
|
||
bus address, fixing the regression tests. (fd.o #52202, Simon)
|
||
|
||
• Fix building with Valgrind 3.8, at the cost of causing harmless warnings
|
||
with Valgrind 3.6 on some compilers (fd.o #55932, Arun Raghavan)
|
||
|
||
• Merge <servicehelper> from system-local.conf if necessary (fd.o #51560,
|
||
Krzysztof Konopko)
|
||
|
||
• Under CMake, prefer xmlto over meinproc (fd.o #59733, Ralf Habacker)
|
||
|
||
• Stop duplicating CMake's own logic to find libexpat
|
||
(fd.o #59733, Ralf Habacker)
|
||
|
||
• Don't assume CMake host and build system are the same (fd.o #59733,
|
||
Ralf Habacker)
|
||
|
||
• Avoid deprecation warnings for GLib 2.35 (fd.o #59971, Simon McVittie)
|
||
|
||
• Unix-specific:
|
||
· Check for functions in libpthread correctly, fixing compilation on
|
||
(at least) OpenBSD (fd.o #47239, Simon)
|
||
· Don't leak temporary fds pointing to /dev/null (fd.o #56927,
|
||
Michel HERMIER)
|
||
· Update sd-daemon.[ch] from systemd (fd.o #60681)
|
||
· Add partial support for QNX (fd.o #60339, fd.o #61176; Matt Fischer)
|
||
|
||
• Windows-specific:
|
||
· The default session bus listening and connecting address is now
|
||
"autolaunch:", which makes D-Bus on Windows interoperate with itself
|
||
and GDBus "out of the box". Use the configure options and cmake variables
|
||
described above if you require a different autolaunch scope.
|
||
(fd.o #38201, Simon McVittie)
|
||
· Avoid a CMake warning under Cygwin (fd.o #59401, Ralf Habacker)
|
||
|
||
• Create session.d, system.d directories under CMake (fd.o #41319,
|
||
Ralf Habacker)
|
||
|
||
D-Bus 1.6.8 (2012-09-28)
|
||
==
|
||
|
||
The "Fix one thing, break another" release.
|
||
|
||
• Follow up to CVE-2012-3524: The additional hardening
|
||
work to use __secure_getenv() as a followup to bug #52202
|
||
broke certain configurations of gnome-keyring. Given
|
||
the difficulty of making this work without extensive
|
||
changes to gnome-keyring, use of __secure_getenv() is
|
||
deferred.
|
||
|
||
D-Bus 1.6.6 (2012-09-28)
|
||
==
|
||
|
||
The "Clear the environment in your setuid binaries, please" release.
|
||
|
||
• CVE-2012-3524: Don't access environment variables (fd.o #52202)
|
||
Thanks to work and input from Colin Walters, Simon McVittie,
|
||
Geoffrey Thomas, and others.
|
||
• Unix-specific:
|
||
· Fix compilation on Solaris (fd.o #53286, Jonathan Perkin)
|
||
· Work around interdependent headers on OpenBSD by including sys/types.h
|
||
before each use of sys/socket.h (fd.o #54418, Brad Smith)
|
||
|
||
D-Bus 1.6.4 (2012-07-18)
|
||
==
|
||
|
||
• Detect that users are "at the console" correctly when configured with
|
||
a non-default path such as --enable-console-auth-dir=/run/console
|
||
(fd.o #51521, Dave Reisner)
|
||
|
||
• Remove an incorrect assertion from DBusTransport (fd.o #51657,
|
||
Simon McVittie)
|
||
|
||
• Make --enable-developer default to "no" (regression in 1.6.2;
|
||
fd.o #51657, Simon McVittie)
|
||
|
||
• Windows-specific:
|
||
· Launch dbus-daemon correctly if its path contains a space
|
||
(fd.o #49450, Wolfgang Baron)
|
||
|
||
D-Bus 1.6.2 (2012-06-27)
|
||
==
|
||
|
||
The "Ice Cabbage" release.
|
||
|
||
• Change how we create /var/lib/dbus so it works under Automake >= 1.11.4
|
||
(fd.o #51406, Simon McVittie)
|
||
|
||
• Don't return from dbus_pending_call_set_notify with a lock held on OOM
|
||
(fd.o #51032, Simon McVittie)
|
||
|
||
• Disconnect "developer mode" (assertions, verbose mode etc.) from
|
||
Automake maintainer mode. D-Bus developers should now configure with
|
||
--enable-developer. Automake maintainer mode is now on by default;
|
||
distributions can disable it with --disable-maintainer-mode.
|
||
(fd.o #34671, Simon McVittie)
|
||
|
||
• Automatically define DBUS_STATIC_BUILD in static-only Autotools builds,
|
||
fixing linking when targeting Windows (fd.o #33973; william, Simon McVittie)
|
||
|
||
• Unix-specific:
|
||
· Check for libpthread under CMake on Unix (fd.o #47237, Simon McVittie)
|
||
|
||
D-Bus 1.6.0 (2012-06-05)
|
||
==
|
||
|
||
The “soul of this machine has improved” release.
|
||
|
||
This version starts a new stable branch of D-Bus: only bug fixes will
|
||
be accepted into 1.6.x. Other changes will now go to the 1.7.x branch.
|
||
|
||
Summary of changes since 1.4.x:
|
||
|
||
• New requirements
|
||
· PTHREAD_MUTEX_RECURSIVE on Unix
|
||
· compiler support for 64-bit integers (int64_t or equivalent)
|
||
|
||
• D-Bus Specification v0.19
|
||
|
||
• New dbus-daemon features
|
||
· <allow own_prefix="com.example.Service"/> rules allow the service to
|
||
own names like com.example.Service.Instance3
|
||
· optional systemd integration when checking at_console policies
|
||
· --nopidfile option, mainly for use by systemd
|
||
· path_namespace and arg0namespace may appear in match rules
|
||
· eavesdropping is disabled unless the match rule contains eavesdrop=true
|
||
|
||
• New public API
|
||
· functions to validate various string types (dbus_validate_path() etc.)
|
||
· dbus_type_is_valid()
|
||
· DBusBasicValue, a union of every basic type
|
||
|
||
• Bug fixes
|
||
· removed an unsafe reimplementation of recursive mutexes
|
||
· dbus-daemon no longer busy-loops if it has far too many file descriptors
|
||
· dbus-daemon.exe --print-address works on Windows
|
||
· all the other bug fixes from 1.4.20
|
||
|
||
• Other major implementation changes
|
||
· on Linux, dbus-daemon uses epoll if supported, for better scalability
|
||
· dbus_threads_init() ignores its argument and behaves like
|
||
dbus_threads_init_default() instead
|
||
· removed the per-connection link cache, improving dbus-daemon performance
|
||
|
||
• Developer features
|
||
· optional Valgrind instrumentation (--with-valgrind)
|
||
· optional Stats interface on the dbus-daemon (--enable-stats)
|
||
· optionally abort whenever malloc() fails (--enable-embedded-tests
|
||
and export DBUS_MALLOC_CANNOT_FAIL=1)
|
||
|
||
Changes since 1.5.12:
|
||
|
||
• Be more careful about monotonic time vs. real time, fixing DBUS_COOKIE_SHA1
|
||
spec-compliance (fd.o #48580, David Zeuthen)
|
||
|
||
• Don't use install(1) within the source/build trees, fixing the build as
|
||
non-root when using OpenBSD install(1) (fd.o #48217, Antoine Jacoutot)
|
||
|
||
• Add missing commas in some tcp and nonce-tcp addresses, and remove
|
||
an unused duplicate copy of the nonce-tcp transport in Windows builds
|
||
(fd.o #45896, Simon McVittie)
|
||
|
||
D-Bus 1.5.12 (2012-03-27)
|
||
==
|
||
|
||
The “Big Book of Science” release.
|
||
|
||
• Add public API to validate various string types:
|
||
dbus_validate_path(), dbus_validate_interface(), dbus_validate_member(),
|
||
dbus_validate_error_name(), dbus_validate_bus_name(), dbus_validate_utf8()
|
||
(fd.o #39549, Simon McVittie)
|
||
|
||
• Turn DBusBasicValue into public API so bindings don't need to invent their
|
||
own "union of everything" type (fd.o #11191, Simon McVittie)
|
||
|
||
• Enumerate data files included in the build rather than using find(1)
|
||
(fd.o #33840, Simon McVittie)
|
||
|
||
• Add support for policy rules like <allow own_prefix="com.example.Service"/>
|
||
in dbus-daemon (fd.o #46273, Alban Crequy)
|
||
|
||
• Windows-specific:
|
||
· make dbus-daemon.exe --print-address (and --print-pid) work again
|
||
on Win32, but not on WinCE (fd.o #46049, Simon McVittie)
|
||
· fix duplicate case value when compiling against mingw-w64
|
||
(fd.o #47321, Andoni Morales Alastruey)
|
||
|
||
D-Bus 1.5.10 (2012-02-21)
|
||
==
|
||
|
||
The "fire in Delerium" release.
|
||
|
||
On Unix platforms, PTHREAD_MUTEX_RECURSIVE (as specified in POSIX 2008 Base
|
||
and SUSv2) is now required.
|
||
|
||
• D-Bus Specification 0.19:
|
||
· Formally define unique connection names and well-known bus names,
|
||
and document best practices for interface, bus, member and error names,
|
||
and object paths (fd.o #37095, Simon McVittie)
|
||
· Document the search path for session and system services on Unix, and
|
||
where they should be installed by build systems (fd.o #21620, fd.o #35306;
|
||
Simon McVittie)
|
||
· Document the systemd transport (fd.o #35232, Lennart Poettering)
|
||
|
||
• Make dbus_threads_init() use the same built-in threading implementation
|
||
as dbus_threads_init_default(); the user-specified primitives that it
|
||
takes as a parameter are now ignored (fd.o #43744, Simon McVittie)
|
||
|
||
• Allow all configured auth mechanisms, not just one (fd.o #45106,
|
||
Pavel Strashkin)
|
||
|
||
• Improve cmake build system (Ralf Habacker):
|
||
· simplify XML parser dependencies (fd.o #41027)
|
||
· generate build timestamp (fd.o #41029)
|
||
· only create batch files on Windows
|
||
· fix option and cache syntax
|
||
· add help-options target
|
||
· share dbus-arch-deps.h.in with autotools rather than having our
|
||
own version (fd.o #41033)
|
||
|
||
• Build tests successfully with older GLib, as found in e.g. Debian 6
|
||
(fd.o #41219, Simon McVittie)
|
||
|
||
• Avoid use of deprecated GThread API (fd.o #44413, Martin Pitt)
|
||
|
||
• Build documentation correctly if man2html doesn't support filenames on
|
||
its command-line (fd.o #43875, Jack Nagel)
|
||
|
||
• Improve test coverage. To get even more coverage, run the tests with
|
||
DBUS_TEST_SLOW=1 (fd.o #38285, #42811; Simon McVittie)
|
||
|
||
• Reduce the size of the shared library by moving functionality only used
|
||
by dbus-daemon, tests etc. into their internal library and deleting
|
||
unused code (fd.o #34976, #39759; Simon McVittie)
|
||
|
||
• Add dbus-daemon --nopidfile option, overriding the configuration, for
|
||
setups where the default configuration must include <pidfile/> to avoid
|
||
breaking traditional init, but the pid file is in fact unnecessary; use
|
||
it under systemd to improve startup time a bit (fd.o #45520,
|
||
Lennart Poettering)
|
||
|
||
• Optionally (if configured --with-valgrind) add instrumentation to debug
|
||
libdbus and associated tools more meaningfully under Valgrind
|
||
(fd.o #37286, Simon McVittie)
|
||
|
||
• Improve the dbus-send(1) man page (fd.o #14005, Simon McVittie)
|
||
|
||
• Make dbus-protocol.h compatible with C++11 (fd.o #46147, Marc Mutz)
|
||
|
||
• If tests are enabled and DBUS_MALLOC_CANNOT_FAIL is set in the environment,
|
||
abort on failure to malloc() (like GLib does), to turn runaway memory leaks
|
||
into a debuggable core-dump if a resource limit is applied (fd.o #41048,
|
||
Simon McVittie)
|
||
|
||
• Don't crash if realloc() returns NULL in a debug build (fd.o #41048,
|
||
Simon McVittie)
|
||
|
||
• Unix-specific:
|
||
· Replace our broken reimplementation of recursive mutexes, which has
|
||
been broken since 2006, with an ordinary pthreads recursive mutex
|
||
(fd.o #43744; Sigmund Augdal, Simon McVittie)
|
||
· Use epoll(7) for a more efficient main loop in Linux; equivalent patches
|
||
welcomed for other OSs' equivalents like kqueue, /dev/poll, or Solaris
|
||
event ports (fd.o #33337; Simon McVittie, Ralf Habacker)
|
||
· When running under systemd, use it instead of ConsoleKit to check
|
||
whether to apply at_console policies (fd.o #39609, Lennart Poettering)
|
||
· Avoid a highly unlikely fd leak (fd.o #29881, Simon McVittie)
|
||
· Don't close invalid fd -1 if getaddrinfo fails (fd.o #37258, eXeC001er)
|
||
· Don't touch ~/.dbus and ~/.dbus-keyrings when running 'make installcheck'
|
||
(fd.o #41218, Simon McVittie)
|
||
· Stop pretending we respect XDG_DATA_DIRS for system services: the launch
|
||
helper doesn't obey environment variables to avoid privilege escalation
|
||
attacks, so make the system bus follow the same rules
|
||
(fd.o #21620, Simon McVittie)
|
||
|
||
• Windows-specific:
|
||
· Find the dbus-daemon executable next to the shared library (fd.o #41558;
|
||
Jesper Dam, Ralf Habacker)
|
||
· Remove the faulty implementation of _dbus_condvar_wake_all (fd.o #44609,
|
||
Simon McVittie)
|
||
|
||
D-Bus 1.5.8 (2011-09-21)
|
||
==
|
||
|
||
The "cross-metering" release.
|
||
|
||
In addition to dead code removal and refactoring, this release contains all
|
||
of the bugfixes from 1.4.16.
|
||
|
||
• Clean up dead code, and make more warnings fatal in development builds
|
||
(fd.o #39231, fd.o #41012; Simon McVittie)
|
||
|
||
• If full test coverage is requested via --enable-tests, strictly require
|
||
Python, pygobject and dbus-python, which are required by some tests; if not,
|
||
and Python is missing, skip those tests rather than failing
|
||
(fd.o #37847, Simon McVittie)
|
||
|
||
• When using cmake, provide the same version-info API in the installed headers
|
||
as for autotools (DBUS_VERSION, etc.) (fd.o #40905, Ralf Habacker)
|
||
|
||
• Add a regression test for fd.o #38005 (fd.o #39836, Simon McVittie)
|
||
|
||
• Make "NOCONFIGURE=1 ./autogen.sh" not run configure (Colin Walters)
|
||
|
||
• Add _DBUS_STATIC_ASSERT and use it to check invariants (fd.o #39636,
|
||
Simon McVittie)
|
||
|
||
• Fix duplicates in authors list (Ralf Habacker)
|
||
|
||
• Fix broken links from dbus-tutorial.html if $(htmldir) != $(docdir)
|
||
(fd.o #39879, Chris Mayo)
|
||
|
||
• Fix a small memory leak, and a failure to report errors, when updating
|
||
a service file entry for activation (fd.o #39230, Simon McVittie)
|
||
|
||
• Unix-specific:
|
||
· Clean up (non-abstract) Unix sockets on bus daemon exit (fd.o #38656;
|
||
Brian Cameron, Simon McVittie)
|
||
· On systems that use libcap-ng but not systemd, drop supplemental groups
|
||
when switching to the daemon user (Red Hat #726953, Steve Grubb)
|
||
· Make the cmake build work again on GNU platforms (fd.o #29228,
|
||
Simon McVittie)
|
||
· Fix compilation on non-C99 systems that have inttypes.h but not stdint.h,
|
||
like Solaris (fd.o #40313, Dagobert Michelsen)
|
||
· Define CMSG_ALIGN, CMSG_LEN, CMSG_SPACE on Solaris < 10
|
||
(fd.o #40235, Simon McVittie)
|
||
· Cope with Unixes that don't have LOG_PERROR, like Solaris 10
|
||
(fd.o #39987, Simon McVittie)
|
||
· Cope with platforms whose vsnprintf violates both POSIX and C99, like
|
||
Tru64, IRIX and HP-UX (fd.o #11668, Simon McVittie)
|
||
|
||
• Windows-specific:
|
||
· Fix compilation on MSVC, which doesn't understand "inline" with its
|
||
C99 meaning (fd.o #40000; Ralf Habacker, Simon McVittie)
|
||
· Fix misuse of GPid in test/dbus-daemon.c (fd.o #40003, Simon McVittie)
|
||
· Fix cross-compilation to Windows with Automake (fd.o #40003, Simon McVittie)
|
||
|
||
D-Bus 1.5.6 (2011-07-29)
|
||
==
|
||
|
||
The "weird, gravy-like aftertaste" release.
|
||
|
||
In addition to new features and refactoring, this release contains all of the
|
||
bugfixes from 1.4.14.
|
||
|
||
Potentially incompatible (Bustle and similar debugging tools will need
|
||
changes to work as intended):
|
||
|
||
• Do not allow match rules to "eavesdrop" (receive messages intended for a
|
||
different recipient) by mistake: eavesdroppers must now opt-in to this
|
||
behaviour by putting "eavesdrop='true'" in the match rule, which will
|
||
not have any practical effect on buses where eavesdropping is not allowed
|
||
(fd.o #37890, Cosimo Alfarano)
|
||
|
||
Other changes:
|
||
|
||
• D-Bus Specification version 0.18 (fd.o #37890, fd.o #39450, fd.o #38252;
|
||
Cosimo Alfarano, Simon McVittie)
|
||
· add the "eavesdrop" keyword to match rules
|
||
· define eavesdropping, unicast messages and broadcast messages
|
||
· stop claiming that match rules are needed to match unicast messages to you
|
||
· promote the type system to be a top-level section
|
||
|
||
• Use DBUS_ERROR_OBJECT_PATH_IN_USE if dbus_connection_try_register_object_path
|
||
or dbus_connection_try_register_fallback fails, not ...ADDRESS_IN_USE,
|
||
and simplify object-path registration (fd.o #38874, Jiří Klimeš)
|
||
|
||
• Consistently use atomic operations on everything that is ever manipulated
|
||
via atomic ops, as was done for changes to DBusConnection's refcount in
|
||
1.4.12 (fd.o #38005, Simon McVittie)
|
||
|
||
• Fix a file descriptor leak when connecting to a TCP socket (fd.o #37258,
|
||
Simon McVittie)
|
||
|
||
• Make "make check" in a clean tree work, by not running tests until
|
||
test data has been set up (fd.o #34405, Simon McVittie)
|
||
|
||
• The dbus-daemon no longer busy-loops if it has a very large number of file
|
||
descriptors (fd.o #23194, Simon McVittie)
|
||
|
||
• Refactor message flow through dispatching to avoid locking violations if
|
||
the bus daemon's message limit is hit; remove the per-connection link cache,
|
||
which was meant to improve performance, but now reduces it (fd.o #34393,
|
||
Simon McVittie)
|
||
|
||
• Some cmake fixes (Ralf Habacker)
|
||
|
||
• Remove dead code, mainly from DBusString (fd.o #38570, fd.o #39610;
|
||
Simon McVittie, Lennart Poettering)
|
||
|
||
• Stop storing two extra byte order indicators in each D-Bus message
|
||
(fd.o #38287, Simon McVittie)
|
||
|
||
• Add an optional Stats interface which can be used to get statistics from
|
||
a running dbus-daemon if enabled at configure time with --enable-stats
|
||
(fd.o #34040, Simon McVittie)
|
||
|
||
• Fix various typos (fd.o #27227, fd.o #38284; Sascha Silbe, Simon McVittie)
|
||
|
||
• Documentation (fd.o #36156, Simon McVittie):
|
||
· let xsltproc be overridden as usual: ./configure XSLTPROC=myxsltproc
|
||
· install more documentation automatically, including man2html output
|
||
· put dbus.devhelp in the right place (it must go in ${htmldir})
|
||
|
||
• Unix-specific:
|
||
· look for system services in /lib/dbus-1/system-services in addition to all
|
||
the other well-known locations; note that this should always be /lib,
|
||
even on platforms where shared libraries on the root FS would go in /lib64,
|
||
/lib/x86_64-linux-gnu or similar (fd.o #35229, Lennart Poettering)
|
||
· opt-in to fd passing on Solaris (fd.o #33465, Simon McVittie)
|
||
|
||
• Windows-specific (Ralf Habacker):
|
||
· fix use of a mutex for autolaunch server detection
|
||
· don't crash on malloc failure in _dbus_printf_string_upper_bound
|
||
|
||
D-Bus 1.5.4 (2011-06-10)
|
||
==
|
||
|
||
Security (local denial of service):
|
||
|
||
• Byte-swap foreign-endian messages correctly, preventing a long-standing
|
||
local DoS if foreign-endian messages are relayed through the dbus-daemon
|
||
(backporters: this is git commit c3223ba6c401ba81df1305851312a47c485e6cd7)
|
||
(CVE-2011-2200, fd.o #38120, Debian #629938; Simon McVittie)
|
||
|
||
New things:
|
||
|
||
• The constant to use for an infinite timeout now has a name,
|
||
DBUS_TIMEOUT_INFINITE. It is numerically equivalent to 0x7fffffff (INT32_MAX)
|
||
which can be used for source compatibility with older versions of libdbus.
|
||
|
||
• If GLib and DBus-GLib are already installed, more tests will be built,
|
||
providing better coverage. The new tests can also be installed via
|
||
./configure --enable-installed-tests
|
||
for system integration testing, if required. (fd.o #34570, Simon McVittie)
|
||
|
||
Changes:
|
||
|
||
• Consistently use atomic operations for the DBusConnection's refcount,
|
||
fixing potential threading problems (fd.o #38005, Simon McVittie)
|
||
|
||
• Don't use -Wl,--gc-sections by default: in practice the size decrease is
|
||
small (300KiB on x86-64) and it frequently doesn't work in unusual
|
||
toolchains. To optimize for minimum installed size, you should benchmark
|
||
various possibilities for CFLAGS and LDFLAGS, and set the best flags for
|
||
your particular toolchain at configure time. (fd.o #33466, Simon McVittie)
|
||
|
||
• Use #!/bin/sh for run-with-tmp-session-bus.sh, making it work on *BSD
|
||
(fd.o #35880, Timothy Redaelli)
|
||
|
||
• Use ln -fs to set up dbus for systemd, which should fix reinstallation
|
||
when not using a DESTDIR (fd.o #37870, Simon McVittie)
|
||
|
||
• Windows-specific changes:
|
||
· don't try to build dbus-daemon-launch-helper (fd.o #37838, Mark Brand)
|
||
|
||
D-Bus 1.5.2 (2011-06-01)
|
||
==
|
||
|
||
The "Boar Hunter" release.
|
||
|
||
Notes for distributors:
|
||
|
||
This version of D-Bus no longer uses -fPIE by default. Distributions wishing
|
||
to harden the dbus-daemon and dbus-launch-helper can re-enable this if their
|
||
toolchain supports it reliably, via something like:
|
||
|
||
./configure CFLAGS=-fPIE LDFLAGS="-pie -Wl,-z,relro"
|
||
|
||
or by using distribution-specific wrappers such as Debian's hardening-wrapper.
|
||
|
||
Changes:
|
||
|
||
• D-Bus Specification v0.17
|
||
· Reserve the extra characters used in signatures by GVariant
|
||
(fd.o #34529, Simon McVittie)
|
||
· Define the ObjectManager interface (fd.o #34869, David Zeuthen)
|
||
• Don't force -fPIE: distributions and libtool know better than we do whether
|
||
it's desirable (fd.o #16621, fd.o #27215; Simon McVittie)
|
||
• Allow --disable-gc-sections, in case your toolchain offers the
|
||
-ffunction-sections, -fdata-sections and -Wl,--gc-sections options
|
||
but they're broken, as seen on Solaris (fd.o #33466, Simon McVittie)
|
||
• Install dbus-daemon and dbus-daemon-launch-helper in a more normal way
|
||
(fd.o #14512; Simon McVittie, loosely based on a patch from Luca Barbato)
|
||
• Ensure that maintainers upload documentation with the right permissions
|
||
(fd.o #36130, Simon McVittie)
|
||
• Don't force users of libdbus to be linked against -lpthread, -lrt
|
||
(fd.o #32827, Simon McVittie)
|
||
• Log system-bus activation information to syslog (fd.o #35705,
|
||
Colin Walters)
|
||
• Log messages dropped due to quotas to syslog (fd.o #35358,
|
||
Simon McVittie)
|
||
• Make the nonce-tcp transport work on Unix (fd.o #34569, Simon McVittie)
|
||
• On Unix, if /var/lib/dbus/machine-id cannot be read, try /etc/machine-id
|
||
(fd.o #35228, Lennart Poettering)
|
||
• In the regression tests, don't report fds as "leaked" if they were open
|
||
on startup (fd.o #35173, Simon McVittie)
|
||
• Make dbus-monitor bail out if asked to monitor more than one bus,
|
||
rather than silently using the last one (fd.o #26548, Will Thompson)
|
||
• Clarify documentation (fd.o #35182, Simon McVittie)
|
||
• Clean up minor dead code and some incorrect error handling
|
||
(fd.o #33128, fd.o #29881; Simon McVittie)
|
||
• Check that compiler options are supported before using them (fd.o #19681,
|
||
Simon McVittie)
|
||
• Windows:
|
||
• Remove obsolete workaround for winioctl.h (fd.o #35083, Ralf Habacker)
|
||
|
||
D-Bus 1.5.0 (2011-04-11)
|
||
==
|
||
|
||
The "you never know when you need to tow something from your giant
|
||
flying shark" release.
|
||
|
||
• D-Bus Specification v0.16
|
||
· Add support for path_namespace and arg0namespace in match rules
|
||
(fd.o #24317, #34870; Will Thompson, David Zeuthen, Simon McVittie)
|
||
· Make argNpath support object paths, not just object-path-like strings,
|
||
and document it better (fd.o #31818, Will Thompson)
|
||
• Let the bus daemon implement more than one interface (fd.o #33757,
|
||
Simon McVittie)
|
||
• Optimize _dbus_string_replace_len to reduce waste (fd.o #21261,
|
||
Roberto Guido)
|
||
• Require user intervention to compile with missing 64-bit support
|
||
(fd.o #35114, Simon McVittie)
|
||
• Add dbus_type_is_valid as public API (fd.o #20496, Simon McVittie)
|
||
• Raise UnknownObject instead of UnknownMethod for calls to methods on
|
||
paths that are not part of the object tree, and UnknownInterface for calls
|
||
to unknown interfaces in the bus daemon (fd.o #34527, Lennart Poettering)
|
||
|
||
D-Bus 1.4.8 (2011-04-08)
|
||
==
|
||
|
||
The "It's like the beginning of a lobster" release.
|
||
|
||
• Rename configure.in to configure.ac, and update it to modern conventions
|
||
(fd.o #32245; Javier Jardón, Simon McVittie)
|
||
• Correctly give XDG_DATA_HOME priority over XDG_DATA_DIRS (fd.o #34496,
|
||
Anders Kaseorg)
|
||
• Prevent X11 autolaunching if $DISPLAY is unset or empty, and add
|
||
--disable-x11-autolaunch configure option to prevent it altogether
|
||
in embedded environments (fd.o #19997, NB#219964; Simon McVittie)
|
||
• Install the documentation, and an index for Devhelp (fd.o #13495,
|
||
Debian #454142; Simon McVittie, Matthias Clasen)
|
||
• If checks are not disabled, check validity of string-like types and
|
||
booleans when sending them (fd.o #16338, NB#223152; Simon McVittie)
|
||
• Add UnknownObject, UnknownInterface, UnknownProperty and PropertyReadOnly
|
||
errors to dbus-shared.h (fd.o #34527, Lennart Poettering)
|
||
• Break up a huge conditional in config-parser so gcov can produce coverage
|
||
data (fd.o #10887, Simon McVittie)
|
||
• List which parts of the Desktop Entry specification are applicable to
|
||
.service files (fd.o #19159, Sven Herzberg)
|
||
• Don't suppress service activation if two services have the same Exec=
|
||
(fd.o #35750, Colin Walters)
|
||
• Windows:
|
||
· Avoid the name ELEMENT_TYPE due to namespace-pollution from winioctl.h
|
||
(Andre Heinecke)
|
||
· Include _dbus_path_is_absolute in libdbus on Windows, fixing compilation
|
||
(fd.o #32805, Mark Brand)
|
||
|
||
D-Bus 1.4.6 (2010-02-17)
|
||
==
|
||
|
||
The "1, 2, miss a few, 99, 100" release.
|
||
|
||
• Remove unfinished changes intended to support GTest-based tests,
|
||
which were mistakenly included in 1.4.4
|
||
|
||
D-Bus 1.4.4 (2010-02-17)
|
||
==
|
||
|
||
• Switch back to using even micro versions for stable releases; 1.4.1
|
||
should have been called 1.4.2, so skip that version number
|
||
• Don't leave bad file descriptors being watched when spawning processes,
|
||
which could result in a busy-loop (fd.o #32992, NB#200248; possibly
|
||
also LP#656134, LP#680444, LP#713157)
|
||
• Check for MSG_NOSIGNAL correctly
|
||
• Fix failure to detect abstract socket support (fd.o #29895)
|
||
• Make _dbus_system_logv actually exit with DBUS_SYSTEM_LOG_FATAL
|
||
(fd.o #32262, NB#180486)
|
||
• Improve some error code paths (fd.o #29981, fd.o #32264, fd.o #32262,
|
||
fd.o #33128, fd.o #33277, fd.o #33126, NB#180486)
|
||
• Avoid possible symlink attacks in /tmp during compilation (fd.o #32854)
|
||
• Tidy up dead code (fd.o #25306, fd.o #33128, fd.o #34292, NB#180486)
|
||
• Improve gcc malloc annotations (fd.o #32710)
|
||
• If the system bus is launched via systemd, protect it from the OOM killer
|
||
• Documentation improvements (fd.o #11190)
|
||
• Avoid readdir_r, which is difficult to use correctly (fd.o #8284,
|
||
fd.o #15922, LP#241619)
|
||
• Cope with invalid files in session.d, system.d (fd.o #19186,
|
||
Debian #230231)
|
||
• Don't distribute generated files that embed our builddir (fd.o #30285,
|
||
fd.o #34292)
|
||
• Raise the system bus's fd limit to be sufficient for its configuration
|
||
(fd.o #33474, LP#381063)
|
||
• Fix syslog string processing
|
||
• Ignore -Waddress
|
||
• Remove broken gcov parsing code and --enable-gcov, and replace them
|
||
with lcov HTML reports and --enable-compiler-coverage (fd.o #10887)
|
||
• Windows:
|
||
· avoid live-lock in Windows CE due to unfair condition variables
|
||
• OpenBSD:
|
||
· support credentials-passing (fd.o #32542)
|
||
• Solaris:
|
||
· opt-in to thread safety (fd.o #33464)
|
||
|
||
D-Bus 1.4.1 (20 December 2010)
|
||
==
|
||
|
||
• Fix for CVE-2010-4352: sending messages with excessively-nested variants can
|
||
crash the bus. The existing restriction to 64-levels of nesting previously
|
||
only applied to the static type signature; now it also applies to dynamic
|
||
nesting using variants. Thanks to Rémi Denis-Courmont for discoving this
|
||
issue.
|
||
• OS X portability fixes, including launchd support.
|
||
• Windows autolaunch improvements.
|
||
• Various bug fixes.
|
||
|
||
D-Bus 1.4.0 (6 Sep 2010)
|
||
==
|
||
- systemd hookup
|
||
|
||
D-Bus 1.3.1 (23 June 2010)
|
||
==
|
||
- New standardized PropertiesChanged signal in the properties interface
|
||
- Various portability fixes, in particular to Windows platforms
|
||
- Support forking bus services, for compatibility
|
||
|
||
D-Bus 1.3.0 (29 July 2009)
|
||
==
|
||
- ability for dbus-send to send to any bus (--address)
|
||
- file descriptor passing on Unix socket transports
|
||
- use of GCC atomic intrinsics for better processor support
|
||
(requires -march=i486 or above for x86 compilation)
|
||
- thread-safe FD_CLOEXEC setting on recent Linux kernels (2.6.24-27 and up)
|
||
and glibc (2.9 for pipe2 and 2.10 for accept4)
|
||
- feature negotiation in the bus daemon
|