From 955db66c27dbf6c47cf75330f95b35b6a3535f95 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 28 Oct 2024 19:26:01 +0000 Subject: [PATCH] Move old NEWS into separate files, one per stable release The main NEWS file continues to document all changes since 1.12.0, including the entire 1.13.x/1.14.x series. Signed-off-by: Simon McVittie --- NEWS | 2791 ------------------------------------------------- NEWS.pre-1-10 | 748 +++++++++++++ NEWS.pre-1-12 | 986 +++++++++++++++++ NEWS.pre-1-4 | 15 + NEWS.pre-1-6 | 458 ++++++++ NEWS.pre-1-8 | 579 ++++++++++ 6 files changed, 2786 insertions(+), 2791 deletions(-) create mode 100644 NEWS.pre-1-10 create mode 100644 NEWS.pre-1-12 create mode 100644 NEWS.pre-1-4 create mode 100644 NEWS.pre-1-6 create mode 100644 NEWS.pre-1-8 diff --git a/NEWS b/NEWS index b6033414..b1b89a83 100644 --- a/NEWS +++ b/NEWS @@ -1811,2794 +1811,3 @@ Internal changes: • Remove some unused files from the git repository (fd.o #103420, Simon McVittie) - -D-Bus 1.11.22 (2017-10-23) -========================== - -The “fire surface” release. - -This is the first release-candidate for the 1.12.0 stable release. - -Build-time configuration changes: - -• When building for Windows with Autotools, setting the WINDRES variable - no longer works to select a non-standard resource compiler. Use - libtool's standard RC variable instead, for example - "./configure RC=i686-w64-mingw32-windres" - -Dependencies: - -• Builds done using CMake now require CMake 3.0.2. - -Enhancements: - -• When building for Windows, improve quality of metadata in - libdbus-1-3.dll (fd.o #103015, Ralf Habacker) - -Fixes: - -• Fix a typo "uint 16" in dbus-send(1) man page - (fd.o #103075, David King) - -• When building for Windows, libdbus-1-3.dll always includes version - information. Previously, this was missing if using CMake and any - non-MSVC compiler. (fd.o #103015, Ralf Habacker) - -• Fix the build with MSVC, which regressed with the #102558 fix in - 1.11.20. (fd.o #102558, Ralf Habacker) - -Internal changes: - -• Simplify Windows resource embedding - (fd.o #103015, Simon McVittie) - -D-Bus 1.11.20 (2017-10-03) -== - -The “wraith stun” release. - -Build-time configuration changes: - -• The --enable-abstract-sockets and --disable-abstract-sockets options - no longer exist. Support for Linux's abstract AF_UNIX sockets is now - unconditionally enabled on Linux and disabled everywhere else. - (fd.o #34905, Simon McVittie) - -Enhancements: - -• Make slower tests less likely to time out, and improve diagnostics if - tests do time out (fd.o #103009, Simon McVittie) - -• On Windows, don't compile an unused stub implementation of - _dbus_set_signal_handler() (fd.o #103010, Simon McVittie) - -Fixes: - -• Be more careful to save and restore errno in POSIX async signal - handlers (fd.o #103010, Simon McVittie) - -• On Windows, embed a manifest in dbus-update-activation-environment.exe - so that the heuristics used for UAC do not assume it needs elevated - privileges due to its name containing "update" - (fd.o #102558, Ralf Habacker) - -• On Windows with Automake, embed version information in libdbus-1, - as was meant to happen in all versions since 2009 - (fd.o #103015, Simon McVittie) - -D-Bus 1.11.18 (2017-09-25) -== - -The “vampire conquistador” release. - -Build-time configuration changes: - -• By default, dbus-daemon on Unix no longer checks for flag files - /var/run/console/${username} created by the obsolete pam_console and - pam_foreground PAM modules when deciding whether ${username} is - currently at the console. The old default behaviour can be restored - by specifying --with-console-auth-dir=/var/run/console in the - recommended Autotools build system, or - -DDBUS_CONSOLE_AUTH_DIR=/var/run/console in CMake. This feature is - now deprecated, and will be removed in dbus 1.13 unless feedback via - fd.o #101629 indicates that this would be problematic. - (fd.o #101629, Simon McVittie) - -• LSB-style init scripts for Red Hat and Slackware, and a non-LSB init - script for Cygwin, are no longer provided in the upstream dbus - source. We recommend that distributors who support non-systemd service - management should maintain their own init scripts or other service - manager integration as part of their downstream packaging, similar to - the way Debian distributes a Debian-specific LSB init script for dbus. - - The systemd unit continues to be maintained as part of the upstream - dbus source, because it receives regular testing and maintenance. - - (fd.o #101706, Simon McVittie) - -• The process ID file created by the system bus is no longer influenced - by the --with-init-scripts=redhat configure option or the presence of - /etc/redhat-release at build time. If your OS's init script or other - service management relies on the Red Hat-style pid file, it can be - restored by specifying --with-system-pid-file=/run/messagebus.pid at - configure time or using the directive in bus configuration. - - Note that the upstream-supplied systemd unit runs dbus-daemon with - the --nopidfile option, so it does not normally write a pid file, - regardless of whether the OS is Red-Hat-derived or not. - - (fd.o #101706, Simon McVittie) - -Enhancements: - -• and rules in dbus-daemon configuration can now - include send_broadcast="true" or send_broadcast="false", which make - the rule only match broadcast signals, or only match messages that - are not broadcast signals, respectively. - (fd.o #29853, Simon McVittie) - -• and rules can now be configured to apply only to - messages with or without Unix file descriptors attached. This would - typically be used in rules like these: - - - - but can also be used to set a nonzero upper limit on the number of - file descriptors: - - (fd.o #101848, Simon McVittie) - -• On Unix platforms, the DBUS_COOKIE_SHA1 authentication mechanism - now respects the HOME environment variable on the client side, and - on the server side when the uid attempting to connect is the same - as the uid of the server. This allows the automated tests to pass in - environments where the user's "official" home directory in /etc/passwd - is nonexistent, such as Debian autobuilders. - (fd.o #101960, Simon McVittie) - -Fixes: - -• When parsing dbus-daemon configuration, tell Expat not to use - cryptographic-quality entropy as a salt for its hash tables: we trust - the configuration files, so we are not concerned about algorithmic - complexity attacks via hash table collisions. This prevents - dbus-daemon --system from holding up the boot process (and causing - early-boot system services like systemd, logind, networkd to time - out) on entropy-starved embedded systems. - (fd.o #101858, Simon McVittie) - -• Avoid a -Werror=declaration-after-statement build failure on Solaris - (fd.o #102145, Alan Coopersmith) - -• On Unix platform, drop DBUS_SYSTEM_LOG_INFO messages from LOG_NOTICE - to LOG_INFO, matching how we use this log level in practice - (fd.o #102686, Simon McVittie) - -D-Bus 1.11.16 (2017-07-27) -== - -The “south facing garden” release. - -Build-time configuration changes: - -• The Autotools build system now supports varying ${runstatedir} - independently of ${localstatedir}, if using an Autoconf version - that has that feature; version 2.70 will eventually have this, but - many Linux distributions add it to version 2.69 as a patch. - A typical use is to set prefix=/usr, sysconfdir=/etc, localstatedir=/var - and runstatedir=/run. (fd.o #101569, Simon McVittie) - -Enhancements: - -• New APIs DBUS_MESSAGE_ITER_INIT_CLOSED, dbus_message_iter_init_closed() - and dbus_message_iter_abandon_container_if_open() simplify the - single-exit-point ("goto out") style of resource cleanup. The API - documentation around DBusMessageIter and containers has also been - clarified. (fd.o #101568, Simon McVittie) - -Fixes: - -• Fix the implementation of re-enabling a timeout (again) so that its - countdown is always restarted as intended. (fd.o #95619, - Michal Koutný) - -• Make the dbus-daemon's Properties interface, as introduced in 1.11.14, - available to all users on the system bus (fd.o #101700, Simon McVittie) - -• dbus_message_iter_append_basic() no longer leaks memory if it fails to - append a file descriptor to a message. (fd.o #101568, Simon McVittie) - -• dbus_message_iter_open_container() no longer leaks memory if it runs out - of memory. (fd.o #101568, Simon McVittie) - -• dbus_message_append_args_valist() no longer leaks memory if given an - unsupported type. This situation is still considered to be a programming - error which needs to be corrected by the user of libdbus. - (fd.o #101568, Simon McVittie) - -• dbus_message_iter_append_basic() and dbus_message_iter_open_container() - will no longer report that their arguments were invalid if they run out - of memory at exactly the wrong time. (fd.o #101568, Simon McVittie) - -• Ensure that tests fail if they would otherwise have tried to connect to - the real session bus (fd.o #101698, Simon McVittie) - -• Make build-time tests cope with finding Python 3, but not Python 2 - (fd.o #101716, Simon McVittie) - -Internal changes relevant to dbus developers: - -• DBusVariant is a new mechanism to copy single values from a message into - a buffer without copying the entire message (fd.o #101568, Simon McVittie) - -• DBUS_SYSTEM_LOG_FATAL has been replaced by DBUS_SYSTEM_LOG_ERROR. - Logging an ERROR message does not make the process exit; the caller - is responsible for calling abort() or exit(), whichever is more appropriate. - (fd.o #101568, Simon McVittie) - -• Better test coverage (fd.o #101568, Simon McVittie) - -D-Bus 1.11.14 (2017-06-29) -== - -The “irrational fear of bees” release. - -Dependencies: - -• Expat >= 2.1.0 is always required -• libselinux >= 2.0.86 is required if SELinux support is enabled -• GLib >= 2.40 is required if full test coverage is enabled - -Build-time configuration changes: - -• We now use pkg-config to find libexpat in Autotools builds. This requires - Expat 2.1.0 (March 2012) or later. In particular, this should remove the - need to configure with LDFLAGS=-L/usr/local/lib on OpenBSD, which can - itself cause compilation failures. - - As with all pkg-config-based configure checks, you can use - PKG_CONFIG_PATH=/whatever/lib/pkgconfig to find expat.pc in a - non-standard prefix, or EXPAT_CFLAGS="-I/whatever/include" and - EXPAT_LIBS="-L/whatever/lib -lexpat" to avoid needing a .pc file - at all. - - (fd.o #69801, Simon McVittie) - -• Similarly, we now use pkg-config to find libselinux. Version 2.0.86 - is required due to the removal of explicit refcounting for SIDs. - (fd.o #100912, Laurent Bigonville) - -Behaviour changes: - -• Previously, /etc/machine-id could be copied to /var/lib/dbus/machine-id - as a side-effect of a sufficiently privileged process merely reading the - machine ID. It is no longer copied as a side-effect of reading. - Running dbus-uuidgen --ensure, which should be done after installing dbus, - continues to copy /etc/machine-id to /var/lib/dbus/machine-id if the - former exists and the latter does not. - (fd.o #101257, Simon McVittie) - -• The undocumented Verbose interface, and the GetAllMatchRules method on - the undocumented Stats interface, must now be used via the object path - /org/freedesktop/DBus. Previously, they existed on all object paths. - (fd.o #101257, Simon McVittie) - -• AddMatch() with a match rule containing eavesdrop='true' will now fail - unless called by either the same user as the dbus-daemon, or Unix uid 0 - (root), matching the restrictions applied to the newer BecomeMonitor() - method. On the session bus this has no practical effect. On the system - bus this will prevent certain configurations that already did not - work well in practice. (fd.o #101567, Simon McVittie) - -Enhancements: - -• D-Bus Specification version 0.31 - · Don't require implementation-specific search paths to be lowest - priority - · Correct regex syntax for optionally-escaped bytes in addresses so it - includes hyphen-minus, forward slash and underscore as intended - · Describe all message bus methods in the same section - · Clarify the correct object path for method calls to the message bus - (/org/freedesktop/DBus, DBUS_PATH_DBUS in the reference implementation) - · Document that the message bus implements Introspectable, Peer and - Properties - · Add new Features and Interfaces properties for message bus - feature-discovery - · Add unix:dir=..., which resembles unix:tmpdir=... but never uses - abstract sockets - · Don't require eavesdrop='true' to be accepted from connections not - sufficiently privileged to use it successfully - · Formally deprecate eavesdropping in favour of BecomeMonitor - (fd.o #99825, #100686, #100795, #101256, #101257, #101567; - Simon McVittie, Tom Gundersen) - -• Implement the Properties and Peer interfaces in dbus-daemon - (fd.o #101257, Simon McVittie) - -• New function dbus_try_get_local_machine_id() is like - dbus_get_local_machine_id(), but returning a DBusError. Other code - that needs the machine ID will now report a recoverable error (instead - of logging to stderr and aborting) if no machine ID is available. - Generating a machine ID is still considered to be a required part of - installing dbus correctly. (fd.o #13194, Simon McVittie) - -• Implement GetConnectionSELinuxSecurityContext("org.freedesktop.DBus") - (fd.o #101315, Laurent Bigonville) - -• Avoid deprecated API calls when using SELinux - (fd.o #100912, Laurent Bigonville) - -• Switch a test from the deprecated g_test_trap_fork() to - g_test_trap_subprocess(), for Windows support and better robustness - on Unix (fd.o #101362, Simon McVittie) - -• On systemd systems, if ${localstatedir}/lib/dbus/machine-id doesn't exist, - instruct systemd-tmpfiles to make it a symbolic link to /etc/machine-id. - This prevents the two files from going out of sync on stateless or live - images without needing to run dbus-uuidgen, and supports older D-Bus - implementations that do not necessarily read /etc/machine-id themselves. - (fd.o #101570, Simon McVittie) - -• Implement unix:dir=..., which resembles unix:tmpdir=... but never uses - abstract sockets. This is preferable when used with Linux containers. - (fd.o #101567, Simon McVittie) - -Fixes: - -• Fix a reference leak when blocking on a pending call on a connection - that has been disconnected (fd.o #101481, Shin-ichi MORITA) - -• Don't put timestamps in the Doxygen-generated documentation, - or hard-code the build directory into builds with embedded tests, - for reproducible builds (fd.o #100692, Simon McVittie) - -• Fix some integration test issues (fd.o #100686, Simon McVittie) - -• Fix memory leaks in the tests (fd.o #101257, Simon McVittie) - -• If we somehow get an autolaunch address with multiple semicolon-separated - components, and they don't work, don't invalidly "pile up" errors - (fd.o #101257, Simon McVittie) - -Documentation: - -• Update git URIs in HACKING document to sync up with cgit.freedesktop.org - (fd.o #100715, Simon McVittie) - -D-Bus 1.11.12 (2017-04-07) -== - -The “it's something humans do” release. - -Enhancements: - -• The session dbus-daemon now supports transient .service files - in $XDG_RUNTIME_DIR/dbus-1/services. Unlike the other standard - service directories, this directory is not monitored with inotify - or similar, and the service files must be named exactly - ${bus_name}.service. (fd.o #99825, Simon McVittie) - -• dbus can be configured with --enable-relocation when building with - Autotools, or with -DDBUS_RELOCATABLE=ON when building with cmake, - to make the pkg-config metadata relocatable. This is useful for - non-standard prefixes, and in particular for Windows installations. - However, it is not recommended for system-wide installations into - /usr, because it interferes with pkg-config's ability to filter out - compiler default linker directories. - - With Autotools, the default is --enable-relocation when building - for Windows or --disable-relocation otherwise. With CMake, the default - is -DDBUS_RELOCATABLE=ON. - - (fd.o #99721; Ralf Habacker, Simon McVittie) - -• Users of CMake ≥ 2.6 can now link to libdbus without providing their - own FindDBus.cmake macros, whether dbus was compiled with Autotools - or with CMake. See the end of README.cmake for more information. - (fd.o #99721; Ralf Habacker, Simon McVittie) - -Fixes: - -• Always read service file directories in the intended order - (fd.o #99825, Simon McVittie) - -• When tests are skipped, don't try to kill nonexistent process 0 - (fd.o #99825, Simon McVittie) - -• Avoid valgrind false positives (fd.o #88808, Philip Withnall) - -• Fix a harmless read overflow and some memory leaks in a unit test - (fd.o #100568, Philip Withnall) - -• Fix some typos in test code - (fd.o #99999, Coverity #141876, #141877; Philip Withnall) - -• Clarify the roles of /etc/dbus-1/s*.d and /usr/share/dbus-1/s*.d - in documentation (fd.o #99901, Philip Withnall) - -• Fix and enable compiler warnings related to -Wswitch - (fd.o #98191; Thomas Zimmermann, Simon McVittie) - -• Fix writing off the end of a fd_set when testing with valgrind - (fd.o #99839, Philip Withnall) - -D-Bus 1.11.10 (2017-02-16) -== - -The “purple hair gives you telekinesis?” release. - -Dependencies: - -• AppArmor support requires at least libapparmor 2.8.95, reduced - from 2.10 in previous versions. One test requires 2.10 and is - skipped if building with an older version. - -Enhancements: - -• Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian - stable and Debian testing in addition to the older Ubuntu that is - the default (fd.o #98889, Simon McVittie) - -• Avoid some deprecated CMake functions (fd.o #99586, Ralf Habacker) - -• Silence many -Wswitch-enum and -Wswitch-default warnings - (fd.o #98191; Thomas Zimmermann, Simon McVittie) - -• Install a sysusers.d snippet so `dbus-daemon --system` can be used - with an unpopulated /etc (fd.o #99162, Lennart Poettering) - -• Install pkg-config metadata on Unix even if building with CMake - (fd.o #99752, Ralf Habacker) - -• Exclude auth mechanisms from REJECTED message if they are supported - in the code but but configured to be disallowed (fd.o #99621, - Ralf Habacker) - -Fixes: - -• Prevent symlink attacks in the nonce-tcp transport on Unix that could - allow an attacker to overwrite a file named "nonce", in a directory - that the user running dbus-daemon can write, with a random value - known only to the user running dbus-daemon. This is unlikely to be - exploitable in practice, particularly since the nonce-tcp transport - is really only useful on Windows. - - On Unix systems we strongly recommend using only the unix: and systemd: - transports, together with EXTERNAL authentication. These are the only - transports and authentication mechanisms enabled by default. - - (fd.o #99828, Simon McVittie) - -• Avoid symlink attacks in the "embedded tests", which are not enabled - by default and should never be enabled in production builds of dbus. - (fd.o #99828, Simon McVittie) - -• Fix the implementation of re-enabling a timeout so that its - countdown is restarted as intended, instead of continually - decreasing. (fd.o #95619; Michal Koutný, Simon McVittie) - -• When receiving a message with file descriptors, do not start reading - the beginning of the next message, so that only one such message - is processed at a time. In conjunction with the fix for #95619 - this means that processes sending many file descriptors, such as - systemd-logind on a system that receives very rapid ssh connections, - are not treated as abusive and kicked off the bus. Revert the previous - workaround that special-cased uid 0. - (fd.o #95263, LP#1591411; Simon McVittie) - -• Do not require TMPDIR, TEMP or TMP to be set when cross-compiling - for Windows with CMake (fd.o #99586, Ralf Habacker) - -• Do not set Unix-specific variables when targeting Windows - (fd.o #99586, Ralf Habacker) - -• Install Unix executables to ${CMAKE_INSTALL_PREFIX}/bin as intended, - not ${CMAKE_INSTALL_PREFIX}/lib (fd.o #99752, Ralf Habacker) - -• Use relative install locations in CMake on Unix to respect DESTDIR, - and use GNU-style install layout (fd.o #99721, #99752; Ralf Habacker) - -• Install dbus-arch-deps.h correctly when using CMake - (fd.o #99586, #99721; Ralf Habacker) - -• Improve argument validation for `dbus-test-tool spam` - (ffd.o #99693, Coverity #54759; Philip Withnall) - -• Don't shift by a negative integer if a hash table becomes monstrously - large (fd.o #99641, Coverity #54682; Philip Withnall) - -• Don't leak LSM label if dbus-daemon runs out of memory when dealing with - a new connection (fd.o #99612, Coverity #141058; Philip Withnall) - -• Remove an unnecessary NULL check - (fd.o #99642, Coverity #141062; Philip Withnall) - -• Improve error handling in unit tests and dbus-send - (fd.o #99643, #99694, #99712, #99722, #99723, #99724, #99758, - #99759, #99793, Coverity #54688, #54692, #54693, #54697, #54701, - #54710, #54711, #54714, #54715, #54718, #54721, #54724, #54726, - #54730, #54740, #54822, #54823, #54824, #54825; Philip Withnall) - -• Do not print verbose messages' timestamps to stderr if the actual message - has been redirected to the Windows debug port (fd.o #99749, Ralf Habacker) - -D-Bus 1.11.8 (2016-11-28) -== - -The “panics in the face of breakfast foods” release. - -Build-time configuration: - -• The new --enable-debug configure option provides an easy way to - enable debug symbols, disable optimization and/or enable profiling. - -• The --enable-compile-warnings configure option can be used to control - compiler warnings. - -• The --disable-compiler-optimisations configure option is no longer - supported. Use --enable-debug=yes or CFLAGS=-O0 instead. - -Enhancements: - -• D-Bus Specification version 0.30 - · Define the jargon term "activation" more clearly - · Define the jargon term "auto-starting", which is one form of activation - · Document the optional SystemdService key in service files - · Use versioned interface and bus names in most examples - · Clarify intended behaviour of Properties.GetAll - (fd.o #36190, fd.o #98671; Philip Withnall, Simon McVittie) - -• Fix and enable a lot of compiler warnings to improve future code - quality. This might incidentally also fix some environment variable - accesses on OS X. - · In particular, printf-style functions in the libdbus API are now annotated - with __attribute__((__format__(__printf__, *, *))) when compiling with - gcc or clang. This might make printf bugs in other software visible - at compile time. - (fd.o #97357, fd.o #98192, fd.o #98195, fd.o #98658; - Thomas Zimmermann, Simon McVittie) - -• When running with AppArmor mediation (for example using Ubuntu's patched - Linux kernel), clients can no longer auto-start services unless they would - have been able to send the auto-starting message to the service after it - starts. StartServiceByName() is unaffected, and continues to be allowed by - default in AppArmor's and - . (fd.o #98666, Simon McVittie) - -Fixes: - -• Work around an undesired effect of the fix for CVE-2014-3637 - (fd.o #80559), in which processes that frequently send fds, such as - logind during a flood of new PAM sessions, can get disconnected for - continuously having at least one fd "in flight" for too long; - dbus-daemon interprets that as a potential denial of service attack. - The workaround is to disable that check for uid 0 process such as - logind, with a message in the system log. The bug remains open while - we look for a more general solution. - (fd.o #95263, LP#1591411; Simon McVittie) - -• Don't run the test test-dbus-launch-x11.sh if X11 autolaunching - was disabled at compile time. That test is not expected to work - in that configuration. (fd.o #98665, Simon McVittie) - -D-Bus 1.11.6 (2016-10-10) -== - -The “darkly whimsical” release. - -Security fixes: - -• Do not treat ActivationFailure message received from root-owned systemd - name as a format string. In principle this is a security vulnerability, - but we do not believe it is exploitable in practice, because only - privileged processes can own the org.freedesktop.systemd1 bus name, and - systemd does not appear to send activation failures that contain "%". - - Please note that this probably *was* exploitable in dbus versions - older than 1.6.30, 1.8.16 and 1.9.10 due to a missing check which at - the time was only thought to be a denial of service vulnerability - (CVE-2015-0245). If you are still running one of those versions, - patch or upgrade immediately. - - (fd.o #98157, Simon McVittie) - -Enhancements: - -• D-Bus Specification version 0.29 - · Recommend not using '/' for object paths (fd.o #37095, Philip Withnall) - · Allow in elements (fd.o #86162, Philip Withnall) - -• Log to syslog when we exceed various anti-DoS limits, and add test - coverage for them (fd.o #86442, Simon McVittie) - -• Improve syslog handling so that _dbus_warn() and similar warnings - go to syslog, add dbus-daemon --syslog|--nosyslog|--syslog-only options, - and log to syslog (instead of /dev/null) when dbus-daemon is started by - dbus-launch. (fd.o #97009, Simon McVittie) - -• Install introspect.dtd and busconfig.dtd to ${datadir}/xml/dbus-1 - (fd.o #89011, Philip Withnall) - -• When logging messages about service activation, mention which peer - requested the activation (fd.o #68212, Philip Withnall) - -• On Linux, mention the LSM label (if available) whenever we print - debug information about a peer (fd.o #68212, Philip Withnall) - -Other fixes: - -• Harden dbus-daemon against malicious or incorrect ActivationFailure - messages by rejecting them if they do not come from a privileged - process, or if systemd activation is not enabled - (fd.o #98157, Simon McVittie) - -• Avoid undefined behaviour when setting reply serial number without going - via union DBusBasicValue (fd.o #98035, Marc Mutz) - -• Fix CMake build for Unix platforms that do not have -lrt, such as Android, - or that do need -lsocket, such as QNX (fd.o #94096, Ralf Habacker) - -• autogen.sh: fail cleanly if autoconf fails (Simon McVittie) - -D-Bus 1.11.4 (2016-08-15) -== - -The “copper pickaxe” release. - -Dependencies: - -• Building from git (but not from tarballs) now requires - macros from the GNU Autoconf Archive, for example the autoconf-archive - package in Debian or Fedora derivatives. - -Build-time configuration: - -• The option to enable coverage instrumentation has changed from - --enable-compiler-coverage to --enable-code-coverage. - -Enhancements: - -• D-Bus Specification version 0.28 - · Clarify some details of serialization (fd.o #93382, Philip Withnall) - -• Increase listen() backlog of AF_UNIX sockets to the maximum possible, - minimizing failed connections under heavy load - (fd.o #95264, Lennart Poettering) - -• Add a new dbus-launch --exit-with-x11 option (fd.o #39197, Simon McVittie) - -• Use the same regression tests for subprocess starting on Unix and Windows - (fd.o #95191, Ralf Habacker) - -• Print timestamps and thread IDs in verbose messages - (fd.o #95191, Ralf Habacker) - -• On Unix, unify the various places that reopen stdin, stdout and/or stderr - pointing to /dev/null (fd.o #97008, Simon McVittie) - -• Use AX_CODE_COVERAGE instead of our own COMPILER_COVERAGE - (fd.o #88922, Thomas Zimmermann) - -Fixes: - -• On Windows, fix a memory leak in replacing the installation prefix - (fd.o #95191, Ralf Habacker) - -• On Linux, when dbus-daemon is run with reduced susceptibility to the - OOM killer (typically via systemd), do not let child processes inherit - that setting (fd.o #32851; Kimmo Hämäläinen, WaLyong Cho) - -• On Unix, make dbus-launch and dbus-daemon --fork work as intended - even if a parent process incorrectly starts them with stdin, stdout - and/or stderr closed (fd.o #97008, Simon McVittie) - -• Output valid shell syntax in ~/.dbus/session-bus/ if the bus address - contains a semicolon (fd.o #94746, Thiago Macieira) - -• Fix memory leaks and thread safety in subprocess starting on Windows - (fd.o #95191, Ralf Habacker) - -• Stop test-dbus-daemon incorrectly failing on platforms that cannot - discover the process ID of clients (fd.o #96653, Руслан Ижбулатов) - -• In tests that exercise correct handling of crashing D-Bus services, - suppress Windows crash handler (fd.o #95155; Yiyang Fei, Ralf Habacker) - -• Explicitly check for stdint.h (Ioan-Adrian Ratiu) - -• In tests, add an invalid DBusAuthState to avoid undefined behaviour - in some test cases (fd.o #93909, Nick Lewycky) - -• Add assertions to reassure a static analysis tool - (fd.o #93210, Deepika Aggarwal) - -• Be explicit about enum comparison when loading XML - (fd.o #93205, Deepika Aggarwal) - -• update-activation-environment: produce better diagnostics on error - (fd.o #96653, Simon McVittie) - -• Avoid various compiler warnings with gcc 6 - (fd.o #97282; Thomas Zimmermann, Simon McVittie) - -• On Unix when configured to use the system log, report as "dbus-daemon", - not as "dbus" (fd.o #97009, Simon McVittie) - -• During unit tests, reduce the amount we write to the system log - (fd.o #97009, Simon McVittie) - -D-Bus 1.11.2 (2016-03-07) -== - -The “pneumatic drill vs. Iron Maiden” release. - -Fixes: - -• Enable "large file support" on systems where it exists: dbus-daemon - is not expected to open large files, but it might need to stat files - that happen to have large inode numbers (fd.o #93545, Hongxu Jia) - -• Eliminate padding inside DBusMessageIter on 64-bit platforms, - which might result in a pedantic C compiler not copying the entire contents - of a DBusMessageIter; statically assert that this is not an ABI change - in practice (fd.o #94136, Simon McVittie) - -• Document dbus-test-tool echo --sleep-ms=N instead of incorrect --sleep=N - (fd.o #94244, Dmitri Iouchtchenko) - -• Correctly report test failures in C tests from run-test.sh - (fd.o #93379; amit tewari, Simon McVittie) - -• When tests are enabled, run all the marshal-validate tests, not just - the even-numbered ones (fd.o #93908, Nick Lewycky) - -• Correct the expected error from one marshal-validate test, which was - previously not run due to the above bug (fd.o #93908, Simon McVittie) - -• Fix compilation under CMake when embedded tests are disabled - (fd.o #94094, eric.hyer) - -Internal changes: - -• Fix all -Wpointer-sign (signed/unsigned mismatch) warnings, and enable the - warning (fd.o #93069; Ralf Habacker, Simon McVittie) - -• When building with CMake, use the same gcc/clang warnings as under Autotools, - or MSVC warnings that are broadly similar (fd.o #93069, Ralf Habacker) - -• test/name-test: make C tests produce TAP output and run them directly, not - via run-test.sh (fd.o #92899, Simon McVittie) - -• Under CMake when cross-compiling for Windows on Unix, run the tests - under Wine even if binfmt_misc support is not available - (fd.o #88966, Ralf Habacker) - -• The DBUS_USE_TEST_BINARY environment variable is no longer used by builds with - embedded tests; DBUS_TEST_DBUS_LAUNCH replaces it (fd.o #92899, Simon McVittie) - -• Factor out some functions that will be needed in future for a Windows - implementation of dbus-run-session (fd.o #92899, Ralf Habacker) - -D-Bus 1.11.0 (2015-12-02) -== - -The “peppermint deer” release. - -Dependencies: - -• On non-Windows platforms, dbus now requires an that defines - C99 constants such as PRId64 and PRIu64. - -Enhancements: - -• D-Bus Specification version 0.27 - · Specify that services should not reply if NO_REPLY_EXPECTED was used - (fd.o #75749, Lars Uebernickel) - -• Add a script to do continuous-integration builds, and metadata to run it - on travis-ci.org. To use this, clone the dbus git repository on GitHub - and set it up with travis-ci.org; the only special setting needed is - "only build branches with a .travis.yml". (fd.o #93194, Simon McVittie) - -• If dbus-daemon is run with --systemd-activation, do not require - org.freedesktop.systemd1.service to exist (fd.o #93194, Simon McVittie) - -Fixes: - -• Re-order dbus-daemon startup so that on SELinux systems, the thread - that reads AVC notifications retains the ability to write to the - audit log (fd.o #92832, Laurent Bigonville) - -• Print 64-bit integers on non-GNU Unix platforms (fd.o #92043, Natanael Copa) - -• When using the Monitoring interface, match messages' destinations - (fd.o #92074, Simon McVittie) - -• On Linux with systemd, stop installing a reference to the obsolete - dbus.target, and enable dbus.socket statically (fd.o #78412, #92402; - Simon McVittie) - -• On Windows, when including configuration files with or - , apply the same relocation as for the Exec paths - in .service files (fd.o #92028, Simon McVittie) - -• Add support for backtraces on Windows (fd.o #92721, Ralf Habacker) - -• Fix many -Wpointer-sign warnings (fd.o #93069, Ralf Habacker) - -D-Bus 1.10.6 (2015-12-01) -== - -The “marzipan beetles” release. - -Fixes: - -• On Unix when running tests as root, don't assert that root and - the dbus-daemon user can still call UpdateActivationEnvironment; - assert that those privileged users can call BecomeMonitor instead - (fd.o #93036, Simon McVittie) - -• On Windows, fix a memory leak in the autolaunch transport (fd.o #92899, - Simon McVittie) - -• On Windows Autotools builds, don't run tests that rely on - dbus-run-session and other Unix-specifics (fd.o #92899, Simon McVittie) - -D-Bus 1.10.4 (2015-11-17) -== - -The “Frostburn Canyon” release. - -Enhancements: - -• GetConnectionCredentials, GetConnectionUnixUser and - GetConnectionUnixProcessID with argument "org.freedesktop.DBus" - will now return details of the dbus-daemon itself. This is required - to be able to call SetEnvironment on systemd. - (fd.o #92857, Jan Alexander Steffens) - -Fixes: - -• Make UpdateActivationEnvironment always fail with AccessDenied on the - system bus. Previously, it was possible to configure it so root could - call it, but the environment variables were not actually used, - because the launch helper would discard them. - (fd.o #92857, Jan Alexander Steffens) - -• On Unix with --systemd-activation on a user bus, make - UpdateActivationEnvironment pass on its arguments to systemd's - SetEnvironment method, solving inconsistency between the environments - used for traditional activation and systemd user-service activation. - (fd.o #92857, Jan Alexander Steffens) - -• On Windows, don't crash if or --syslog is used - (fd.o #92538, Ralf Habacker) - -• On Windows, fix a memory leak when setting a DBusError from a Windows - error (fd.o #92721, Ralf Habacker) - -• On Windows, don't go into infinite recursion if we abort the process - with backtraces enabled (fd.o #92721, Ralf Habacker) - -• Fix various failing tests, variously on Windows and cross-platform: - · don't test system.conf features (users, groups) that only make sense - on the system bus, which is not supported on Windows - · don't call _dbus_warn() when we skip a test, since it is fatal - · fix computation of expected - · when running TAP tests, translate newlines to Unix format, fixing - cross-compiled tests under Wine on Linux - · don't stress-test refcounting under Wine, where it's really slow - · stop assuming that a message looped-back to the test will be received - immediately - · skip some system bus tests on Windows since they make no sense there - (fd.o #92538, fd.o #92721; Ralf Habacker, Simon McVittie) - -D-Bus 1.10.2 (2015-10-26) -== - -The “worst pies in London” release. - -Fixes: - -• Correct error handling for activation: if there are multiple attempts - to activate the same service and it fails immediately, the first attempt - would get the correct reply, but the rest would time out. We now send - the same error reply to each attempt. (fd.o #92200, Simon McVittie) - -• If BecomeMonitor is called with a syntactically invalid match rule, - don't crash with an assertion failure, fixing a regression in 1.9.10. - This was not exploitable as a denial of service, because the check - for a privileged user is done first. (fd.o #92298, Simon McVittie) - -• On Linux with --enable-user-session, add the bus address to the - environment of systemd services for better backwards compatibility - (fd.o #92612, Jan Alexander Steffens) - -• On Windows, fix the logic for replacing the installation prefix - in service files' Exec lines (fd.o #83539; Milan Crha, Simon McVittie) - -• On Windows, if installed in the conventional layout with ${prefix}/etc - and ${prefix}/share, use relative paths between bus configuration files - to allow the tree to be relocated (fd.o #92028, Simon McVittie) - -• Make more of the regression tests pass in Windows builds (fd.o #92538, - Simon McVittie) - -D-Bus 1.10.0 (2015-08-25) -== - -The “0x20” release. - -This is a new stable branch, recommended for use in OS distributions. - -Fixes since 1.9.20: - -• distribute test/tap-test.sh.in, even if the tarball was built without - tests enabled (fd.o #91684, Simon McVittie) -• work around a fd leak in libcap-ng < 0.7.7 (fd.o #91684, Simon McVittie) - -Summary of major changes since 1.8.0: - -• The basic setup for the well-known system and session buses is - now done in read-only files in ${datadir} (normally /usr/share). - See the NEWS entry for 1.9.18 for details. - -• AppArmor integration has been merged, with features similar to the - pre-existing SELinux integration. It is mostly compatible with the - patches previously shipped by Ubuntu, with one significant change: - Ubuntu's GetConnectionAppArmorSecurityContext method has been superseded - by GetConnectionCredentials and was not included. - -• The --enable-user-session configure option can be enabled - by OS integrators intending to use systemd to provide a session bus - per user (in effect, treating all concurrent graphical and non-graphical - login sessions as one large session). - -• The new listenable address mode "unix:runtime=yes" listens on - $XDG_RUNTIME_DIR/bus, the same AF_UNIX socket used by the systemd - user session. libdbus and "dbus-launch --autolaunch" will connect to - this address by default. GLib ≥ 2.45.3 and sd-bus ≥ 209 have a - matching default. - -• All executables are now dynamically linked to libdbus-1. - Previously, some executables, most notably dbus-daemon, were statically - linked to a specially-compiled variant of libdbus. This results in - various private functions in the _dbus namespace being exposed by the - shared library. These are not API, and must not be used outside - the dbus source tree. - -• On platforms with ELF symbol versioning, all public symbols - are versioned LIBDBUS_1_3. - -New bus APIs: - -• org.freedesktop.DBus.GetConnectionCredentials returns - LinuxSecurityLabel where supported -• org.freedesktop.DBus.Monitoring interface (privileged) - · BecomeMonitor method supersedes match rules with eavesdrop=true, - which are now deprecated -• org.freedesktop.DBus.Stats interface (semi-privileged) - · now enabled by default - · new GetAllMatchRules method -• org.freedesktop.DBus.Verbose interface (not normally compiled) - · toggles the effect of DBUS_VERBOSE - -New executables: - -• dbus-test-tool -• dbus-update-activation-environment - -New optional dependencies: - -• The systemd: pseudo-transport requires libsystemd or libsd-daemon -• Complete documentation requires Ducktype and yelp-tools -• Full test coverage requires GLib 2.36 and PyGI -• AppArmor integration requires libapparmor and optionally libaudit - -Dependencies removed: - -• dbus-glib - -D-Bus 1.9.20 (2015-08-06) -== - -The “Remember Tomorrow” release. - -This is a release-candidate for D-Bus 1.10.0. OS distribution vendors -should test it. - -Fixes: - -• Don't second-guess what the ABI of poll() is, allowing it to be used - on Integrity RTOS and other unusual platforms (fd.o #90314; - Rolland Dudemaine, Simon McVittie) - -• Don't duplicate audit subsystem integration if AppArmor and SELinux are - both enabled (fd.o #89225, Simon McVittie) - -• Log audit events for AppArmor/SELinux policy violations whenever - we have CAP_AUDIT_WRITE, even if not the system bus - (fd.o #83856, Laurent Bigonville) - -D-Bus 1.9.18 (2015-07-21) -== - -The “Pirate Elite” release. - -Configuration changes: - -• The basic setup for the well-known system and session buses is now done - in read-only files in ${datadir}, moving a step closer to systems - that can operate with an empty /etc directory. In increasing order - of precedence: - - · ${datadir}/dbus-1/s*.conf now perform the basic setup such as setting - the default message policies. - · ${sysconfdir}/dbus-1/s*.conf are now optional. By default - dbus still installs a trivial version of each, for documentation - purposes; putting configuration directives in these files is deprecated. - · ${datadir}/dbus-1/s*.d/ are now available for third-party software - to install "drop-in" configuration snippets (any packages - using those directories should explicitly depend on at least this - version of dbus). - · ${sysconfdir}/dbus-1/s*.d/ are also still available for sysadmins - or third-party software to install "drop-in" configuration snippets - · ${sysconfdir}/dbus-1/s*-local.conf are still available for sysadmins' - overrides - - ${datadir} is normally /usr/share, ${sysconfdir} is normally /etc, - and "s*" refers to either system or session as appropriate. - - (fd.o #89280, Dimitri John Ledkov) - -Fixes: - -• Fix a memory leak when GetConnectionCredentials() succeeds - (fd.o #91008, Jacek Bukarewicz) - -• Ensure that dbus-monitor does not reply to messages intended for others, - resulting in its own disconnection (fd.o #90952, Simon McVittie) - -D-Bus 1.9.16 (2015-05-14) -== - -The “titanium barns” release. - -Dependencies: - -• Automake 1.13 is now required when compiling from git or modifying - the build system. - -Security hardening: - -• On Unix platforms, change the default configuration for the session bus - to only allow EXTERNAL authentication (secure kernel-mediated - credentials-passing), as was already done for the system bus. - - This avoids falling back to DBUS_COOKIE_SHA1, which relies on strongly - unpredictable pseudo-random numbers. - - If you are using D-Bus over the (unencrypted!) tcp: or nonce-tcp: transport, - in conjunction with DBUS_COOKIE_SHA1 and a shared home directory using - NFS or similar, you will need to reconfigure the session bus to accept - DBUS_COOKIE_SHA1 by commenting out the element. This configuration - is not recommended. - - (fd.o #90414, Simon McVittie) - -• When asked for random numbers for DBUS_COOKIE_SHA1, the nonce-tcp: - transport, UUIDs or any other reason, fail if we cannot obtain entropy - (from /dev/urandom or CryptGenRandom()) or an out-of-memory condition - occurs, instead of silently falling back to low-entropy pseudorandom - numbers from rand(). (fd.o #90414; Simon McVittie, Ralf Habacker) - -Enhancements: - -• Add dbus_message_iter_get_element_count() - (fd.o #30350; Christian Dywan, Simon McVittie) - -• Introduce new internal DBusSocket and DBusPollable types so we can - stop treating the Windows SOCKET type as if it was int. DBusSocket - is specifically a socket, cross-platform. DBusPollable is whatever - _dbus_poll() can act on, i.e. a fd on Unix or a SOCKET on Windows. - (fd.o #89444; Ralf Habacker, Simon McVittie) - -• All regression tests now output TAP - (fd.o #89846, Simon McVittie) - -• Internal APIs consistently use signed values for timestamps - (fd.o #18494, Peter McCurdy) - -• Improve diagnostics when UpdateActivationEnvironment calls are rejected - (fd.o #88812, Simon McVittie) - -• Clean up a lot of compiler warnings - (fd.o #17289, fd.o #89284; Ralf Habacker, Simon McVittie) - -Fixes: - -• Add locking to DBusCounter's reference count and notify function - (fd.o #89297, Adrian Szyndela) - -• Ensure that DBusTransport's reference count is protected by the - corresponding DBusConnection's lock (fd.o #90312, Adrian Szyndela) - -• Correctly release DBusServer mutex before early-return if we run out - of memory while copying authentication mechanisms (fd.o #90021, - Ralf Habacker) - -• Make dbus-test-tool and dbus-update-activation-environment portable - to Windows (fd.o #90089, Ralf Habacker) - -• Correctly initialize all fields of DBusTypeReader (fd.o #90021; - Ralf Habacker, Simon McVittie) - -• Fix some missing \n in verbose (debug log) messages (fd.o #90004, - Ralf Habacker) - -• Clean up some memory and fd leaks in test code and tools - (fd.o #90021, Ralf Habacker) - -• Fix a NULL dereference if the dbus-daemon cannot read a configuration - directory for a reason that is not ENOENT (fd.o #90021, Ralf Habacker) - -• CMake generates a versioned shared library even if the revision is 0, - as it usually is on the development branch. (fd.o #89450, Ralf Habacker) - -D-Bus 1.9.14 (2015-03-02) -== - -The “don't stand in the poison cloud” release. - -Dependencies: - -• dbus-daemon and dbus-daemon-launch-helper now require libdbus. They - were previously linked to a static version of libdbus. - -• The tests no longer require dbus-glib in order to exercise the libdbus - shared library; they are always linked to libdbus now. - -Build-time configuration: - -• The new --enable-user-session option, off by default, can be enabled - by OS integrators intending to use systemd to provide a session bus - per user (in effect, treating all concurrent graphical and non-graphical - login sessions as one large session) - -Enhancements: - -• All executables are now linked dynamically to libdbus. - (fd.o #83115; Bertrand SIMONNET, Simon McVittie, Ralf Habacker) - -• On platforms that support them (GNU libc and possibly others), - libdbus now has versioned symbols for its public API. - All public symbols (visible in the header files) are currently - versioned as LIBDBUS_1_3; private symbols starting with _dbus or - dbus_internal have a version that changes with each release, and - must not be used by applications. (also fd.o #83115) - -• New listenable address mode "unix:runtime=yes" which listens on - a real filesystem (non-abstract) socket $XDG_RUNTIME_DIR/bus - (fd.o #61303; Colin Walters, Alexander Larsson, Simon McVittie) - -• Add optional systemd units for a per-user bus listening on - $XDG_RUNTIME_DIR/bus (fd.o #61301; Simon McVittie, Colin Walters) - -• On Unix platforms, both libdbus and "dbus-launch --autolaunch" - default to connecting to $XDG_RUNTIME_DIR/bus if it is a socket - (also fd.o #61301) - -• New dbus-update-activation-environment tool uploads environment - variables to "dbus-daemon --session" and optionally "systemd --user", - primarily as a way to keep the per-user bus compatible with - distributions' existing X11 login scripts (also fd.o #61301) - -• elements in dbus-daemon configuration are now silently - ignored if the directory does not exist. (fd.o #89280, Dimitri John Ledkov) - -• Add microsecond-resolution timestamps to the default output of - dbus-monitor and dbus-send (fd.o #88896; Ralf Habacker, Simon McVittie) - -Fixes: - -• Fix a race condition in the 'monitor' test introduced in 1.9.10 - (fd.o #89222, Simon McVittie) - -D-Bus 1.9.12 (2015-02-19) -== - -The “monster lasagna” release. - -Dependencies: - -• Ducktype and yelp-tools are now required to build complete documentation - (they are optional for normal builds). - -Enhancements: - -• D-Bus Specification version 0.26 - · GetConnectionCredentials can return LinuxSecurityLabel or WindowsSID - · document the BecomeMonitor method - -• On Linux, add LinuxSecurityLabel to GetConnectionCredentials - (fd.o #89041; Tyler Hicks, Simon McVittie) - -• On Linux, add support for AppArmor mediation of message sending and - receiving and name ownership (paralleling existing SELinux mediation - support), and eavesdropping (a new check, currently AppArmor-specific) - (fd.o #75113; John Johansen, Tyler Hicks, Simon McVittie) - -• In dbus-send and dbus-monitor, pretty-print \0-terminated bytestrings - that have printable ASCII contents; we previously only did this for - unterminated bytestrings (fd.o #89109, Simon McVittie) - -• Add a guide to designing good D-Bus APIs (fd.o #88994, Philip Withnall) - -• On Windows, add WindowsSID to GetConnectionCredentials - (fd.o #54445, Ralf Habacker) - -• Improve clarity of dbus-monitor --profile output and add more columns - (fd.o #89165, Ralf Habacker) - -• Add a man page for dbus-test-tool, and build it under CMake as well - as Autotools (fd.o#89086, Simon McVittie) - -• If dbus-daemon was compiled with --enable-verbose, add a D-Bus API - to control it at runtime, overriding the DBUS_VERBOSE environment variable - (fd.o #88896, Ralf Habacker) - -Fixes: - -• Reduce the number of file descriptors used in the fd-passing test, - avoiding failure under the default Linux fd limit, and automatically - skip it if the rlimit is too small (fd.o #88998, Simon McVittie) - -D-Bus 1.9.10 (2015-02-09) -== - -The “sad cyborgs” release. - -Security fixes merged from 1.8.16: - -• Do not allow non-uid-0 processes to send forged ActivationFailure - messages. On Linux systems with systemd activation, this would - allow a local denial of service: unprivileged processes could - flood the bus with these forged messages, winning the race with - the actual service activation and causing an error reply - to be sent back when service auto-activation was requested. - This does not prevent the real service from being started, - so the attack only works while the real service is not running. - (CVE-2015-0245, fd.o #88811; Simon McVittie) - -Enhancements: - -• The new Monitoring interface in the dbus-daemon lets dbus-monitor and - similar tools receive messages without altering the security properties - of the system bus, by calling the new BecomeMonitor method on a - private connection. This bypasses the normal and rules - entirely, so to preserve normal message-privacy assumptions, only root - is allowed to do this on the system bus. Restricted environments, - such as Linux with LSMs, should lock down access to the Monitoring - interface. (fd.o #46787, Simon McVittie) - -• dbus-monitor uses BecomeMonitor to capture more traffic, if the - dbus-daemon supports it and access permissions allow it. - It still supports the previous approach ("eavesdropping" match rules) - for compatibility with older bus daemons. (fd.o #46787, Simon) - -• dbus-monitor can now log the message stream as binary data for later - analysis, with either no extra framing beyond the normal D-Bus headers, - or libpcap-compatible framing treating each D-Bus message - as a captured packet. (fd.o #46787, Simon) - -Other fixes: - -• Fix some CMake build regressions (fd.o #88964, Ralf Habacker) - -• On Unix, forcibly terminate regression tests after 60 seconds to - prevent them from blocking continuous integration frameworks - (fd.o #46787, Simon) - -D-Bus 1.9.8 (2015-02-03) -== - -The “all the types of precipitation” release. - -Dependencies: - -• full test coverage now requires GLib 2.36 -• full test coverage now requires PyGI (PyGObject 3, - "import gi.repository.GObject") instead of the - obsolete PyGObject 2 ("import gobject") - -Enhancements: - -• add GLib-style "installed tests" (fd.o #88810, Simon McVittie) - -• better regression test coverage, including systemd activation - (fd.o #57952, #88810; Simon McVittie) - -Fixes: - -• fatal errors correctly make the dbus-daemon exit even if is - turned off (fd.o #88808, Simon McVittie) - -• TCP sockets on Windows no longer fail to listen approximately 1 time - in 256, caused by a logic error that should have always made it fail but - was mitigated by incorrect endianness for the port number - (fd.o #87999, Ralf Habacker) - -• fix some Windows build failures (fd.o #88009, #88010; Ralf Habacker) - -• on Windows, allow up to 8K connections to the dbus-daemon instead of the - previous 64, completing a previous fix which only worked under - Autotools (fd.o #71297, Ralf Habacker) - -• on Windows, if the IP family is unspecified only use IPv4, - to mitigate IPv6 not working correctly (fd.o #87999, Ralf Habacker) - -• fix some unlikely memory leaks on OOM (fd.o #88087, Simon McVittie) - -• lcov code coverage analysis works again (fd.o #88808, Simon McVittie) - -• fix an unused function error with --disable-embedded-tests (fd.o #87837, - Thiago Macieira) - -D-Bus 1.9.6 (2015-01-05) -== - -The “I do have a bread knife” release. - -Security hardening: - -• Do not allow calls to UpdateActivationEnvironment from uids other than - the uid of the dbus-daemon. If a system service installs unsafe - security policy rules that allow arbitrary method calls - (such as CVE-2014-8148) then this prevents memory consumption and - possible privilege escalation via UpdateActivationEnvironment. - - We believe that in practice, privilege escalation here is avoided - by dbus-daemon-launch-helper sanitizing its environment; but - it seems better to be safe. - -• Do not allow calls to UpdateActivationEnvironment or the Stats interface - on object paths other than /org/freedesktop/DBus. Some system services - install unsafe security policy rules that allow arbitrary method calls - to any destination, method and interface with a specified object path; - while less bad than allowing arbitrary method calls, these security - policies are still harmful, since dbus-daemon normally offers the - same API on all object paths and other system services might behave - similarly. - -Other fixes: - -• Add missing initialization so GetExtendedTcpTable doesn't crash on - Windows Vista SP0 (fd.o #77008, Илья А. Ткаченко) - -D-Bus 1.9.4 (2014-11-24) -== - -The “extra-sturdy caramel” release. - -Fixes: - -• Partially revert the CVE-2014-3639 patch by increasing the default - authentication timeout on the system bus from 5 seconds back to 30 - seconds, since this has been reported to cause boot regressions for - some users, mostly with parallel boot (systemd) on slower hardware. - - On fast systems where local users are considered particularly hostile, - administrators can return to the 5 second timeout (or any other value - in milliseconds) by saving this as /etc/dbus-1/system-local.conf: - - - 5000 - - - (fd.o #86431, Simon McVittie) - -• Add a message in syslog/the Journal when the auth_timeout is exceeded - (fd.o #86431, Simon McVittie) - -• Send back an AccessDenied error if the addressed recipient is not allowed - to receive a message (and in builds with assertions enabled, don't - assert under the same conditions). (fd.o #86194, Jacek Bukarewicz) - -D-Bus 1.9.2 (2014-11-10) -== - -The “structurally unsound flapjack” release. - -Security fixes: - -• Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536 - so that CVE-2014-3636 part A cannot exhaust the system bus' - file descriptors, completing the incomplete fix in 1.8.8. - (CVE-2014-7824, fd.o #85105; Simon McVittie, Alban Crequy) - -Enhancements: - -• D-Bus Specification version 0.25 - · new value 'const' for EmitsChangedSignal annotation - (fd.o #72958, Lennart Poettering) - · new ALLOW_INTERACTIVE_AUTHORIZATION flag, for PolicyKit and similar - (fd.o #83449; Lennart Poettering, Simon McVittie) - · annotate table of types with reserved/basic/container, and for - basic types, fixed/string-like - · clarify arbitrary limits by quoting them in mebibytes - -• New API: add accessors for the ALLOW_INTERACTIVE_AUTHORIZATION flag - (fd.o #83449, Simon McVittie) - -• Add dbus-test-tool, a D-Bus swiss army knife with multiple subcommands, - useful for debugging and performance testing: - · dbus-test-tool spam: send repeated messages - · dbus-test-tool echo: send an empty reply for all method calls - · dbus-test-tool black-hole: do not reply to method calls - (fd.o #34140; Alban Crequy, Simon McVittie, Will Thompson) - -• Add support for process ID in credentials-passing on NetBSD - (fd.o #69702, Patrick Welche) - -• Add an example script to find potentially undesired match rules - (fd.o #84598, Alban Crequy) - -• Document the central assumption that makes our use of credentials-passing - secure (fd.o #83499, Simon McVittie) - -• Replace the dbus-glib section of the tutorial with a GDBus recommendation, - and add some links to GDBus and QtDBus documentation (fd.o #25140, - Simon McVittie) - -Fixes: - -• Use a less confusing NoReply message when disconnected with a reply pending - (fd.o #76112, Simon McVittie) - -• Make the .pc file relocatable by letting pkg-config do all variable - expansion itself (fd.o #75858, Руслан Ижбулатов) - -• Fix a build failure on platforms with kqueue, which regressed in 1.9.0 - (fd.o #85563, Patrick Welche) - -• Consistently save errno after socket calls (fd.o #83625, Simon McVittie) - -• In dbus-spawn, when the grandchild process exits due to a failed exec(), - do not lose the exec() errno (fd.o #24821, Simon McVittie) - -• Do not fail the tests if a parent process has leaked non-close-on-exec - file descriptors to us (fd.o #73689, fd.o #83899; Simon McVittie) - -• Do not fail the tests on Unix platforms with incomplete - credentials-passing support, but do fail if we can't pass credentials - on a platform where it is known to work: Linux, FreeBSD, OpenBSD, NetBSD - (fd.o #69702, Simon McVittie) - -• Detect accept4, dirfd, inotify_init1, pipe2, and Unix fd passing - when building with cmake, and expand test coverage there - (fd.o #73689; Ralf Habacker, Simon McVittie) - -D-Bus 1.9.0 (2014-10-01) -== - -The “tiered cheeses” release. - -Requirements: - -• Support for the systemd: (LISTEN_FDS) pseudo-transport on Linux now - requires either the libsystemd or libsd-daemon shared library, dropping the - embedded convenience copy of sd-daemon (fd.o #71818, Simon) - -Build-time configuration changes: - -• The Stats interface is now enabled by default, and locked-down to - root-only on the system bus. Configure with --disable-stats - to disable it altogether on memory- or disk-constrained systems, - or see ${docdir}/examples/ to open it up to non-root users on the - system bus or restrict access on the session bus. - (fd.o #80759; Simon McVittie, Alban Crequy) - -• The CMake build system now builds the same shared library name as Autotools - on at least Linux and Windows: - - on Linux (and perhaps other Unix platforms), it previously built - libdbus-1.so, but now builds libdbus-1.so.3.* with development - symlink libdbus-1.so and SONAME/symlink libdbus-1.so.3 - - on Windows, it previously built either libdbus-1.dll (release) or - libdbus-1d.dll (debug), but now builds libdbus-1-3.dll, copied to - libdbus-1.dll for compatibility with older applications. - (fd.o #74117, Ralf Habacker) - -Enhancements: - -• D-Bus Specification version 0.24 - · document how to quote match rules (fd.o #24307, Simon McVittie) - · explicitly say that most message types never expect a reply - regardles of whether they have NO_REPLY_EXPECTED - (fd.o #75749, Simon McVittie) - -• on Unix platforms, disable Nagle's algorithm on TCP connections to improve - initial latency (fd.o #75544, Matt Hoosier) - -• use backtrace() if it is in -lexecinfo instead of libc, as on NetBSD - (fd.o #69702, Patrick Welche) - -• in dbus-monitor, print more information about file descriptors - (fd.o #80603, Alban Crequy) - -• do not install system bus configuration if built for Windows - (fd.o #83583; Ralf Habacker, Simon McVittie) - -• Add GetAllMatchRules to the Stats interface (fd.o #24307, Alban Crequy) - -• Add a regression test for file descriptor passing (fd.o #83622, - Simon McVittie) - -Fixes: - -• fix an incorrect error message if a Unix socket path is too long - (fd.o #73887, Antoine Jacoutot) - -• in an MSYS/Cygwin environment, pass Unix-style filenames to xmlto, - fixing documentation generation (fd.o #75860, Руслан Ижбулатов) - -• in Unix with X11, avoid giving dbus-launch a misleading argv[0] - in ps(1) (fd.o #69716, Chengwei Yang) - -• avoid calling poll() with timeout < -1, which is considered invalid - on FreeBSD and NetBSD (fd.o #78480, Jaap Boender) - -• be portable to BSD-derived platforms where O_CLOEXEC is unavailable in libc - (like Mac OS X 10.6), or available in libc but unsupported by the kernel - (fd.o #77032; rmvsxop, OBATA Akio, Patrick Welche) - -• Fix include path for test/internal/*.c with cmake (Ralf Habacker) - -• Documentation improvements - (fd.o #80795, #84313; Thomas Haller, Sebastian Rasmussen) - -• in dbus-monitor, do not leak file descriptors that we have monitored - (fd.o #80603, Alban Crequy) - -• Set the close-on-exec flag for the inotify file descriptor, even - if built with CMake or older libc (fd.o #73689, Simon McVittie) - -• Remove some LGPL code from the Windows dbus-daemon - (fd.o #57272, Ralf Habacker) - -D-Bus 1.8.8 (2014-09-16) -== - -The "smashy smashy egg man" release. - -Security fixes: - -• Do not accept an extra fd in the padding of a cmsg message, which - could lead to a 4-byte heap buffer overrun. - (CVE-2014-3635, fd.o #83622; Simon McVittie) - -• Reduce default for maximum Unix file descriptors passed per message - from 1024 to 16, preventing a uid with the default maximum number of - connections from exhausting the system bus' file descriptors under - Linux's default rlimit. Distributors or system administrators with a - more restrictive fd limit may wish to reduce these limits further. - - Additionally, on Linux this prevents a second denial of service - in which the dbus-daemon can be made to exceed the maximum number - of fds per sendmsg() and disconnect the process that would have - received them. - (CVE-2014-3636, fd.o #82820; Alban Crequy) - -• Disconnect connections that still have a fd pending unmarshalling after - a new configurable limit, pending_fd_timeout (defaulting to 150 seconds), - removing the possibility of creating an abusive connection that cannot be - disconnected by setting up a circular reference to a connection's - file descriptor. - (CVE-2014-3637, fd.o #80559; Alban Crequy) - -• Reduce default for maximum pending replies per connection from 8192 to 128, - mitigating an algorithmic complexity denial-of-service attack - (CVE-2014-3638, fd.o #81053; Alban Crequy) - -• Reduce default for authentication timeout on the system bus from - 30 seconds to 5 seconds, avoiding denial of service by using up - all unauthenticated connection slots; and when all unauthenticated - connection slots are used up, make new connection attempts block - instead of disconnecting them. - (CVE-2014-3639, fd.o #80919; Alban Crequy) - -Other fixes: - -• Check for libsystemd from systemd >= 209, falling back to - the older separate libraries if not found (Umut Tezduyar Lindskog, - Simon McVittie) - -• On Linux, use prctl() to disable core dumps from a test executable - that deliberately raises SIGSEGV to test dbus-daemon's handling - of that condition (fd.o #83772, Simon McVittie) - -• Fix compilation with --enable-stats (fd.o #81043, Gentoo #507232; - Alban Crequy) - -• Improve documentation for running tests on Windows (fd.o #41252, - Ralf Habacker) - -D-Bus 1.8.6 (2014-06-02) -== - -Security fixes: - -• On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, silently drop - the message. This prevents an attack in which a malicious client can - make dbus-daemon disconnect a system service, which is a local - denial of service. - (fd.o #80163, CVE-2014-3532; Alban Crequy) - -• Track remaining Unix file descriptors correctly when more than one - message in quick succession contains fds. This prevents another attack - in which a malicious client can make dbus-daemon disconnect a system - service. - (fd.o #79694, fd.o #80469, CVE-2014-3533; Alejandro Martínez Suárez, - Simon McVittie, Alban Crequy) - -Other fixes: - -• When dbus-launch --exit-with-session starts a dbus-daemon but then cannot - attach to a session, kill the dbus-daemon as intended - (fd.o #74698, Роман Донченко) - -D-Bus 1.8.4 (2014-06-10) -== - -Security fix: - -• Alban Crequy at Collabora Ltd. discovered and fixed a denial-of-service - flaw in dbus-daemon, part of the reference implementation of D-Bus. - Additionally, in highly unusual environments the same flaw could lead to - a side channel between processes that should not be able to communicate. - (CVE-2014-3477, fd.o #78979) - -D-Bus 1.8.2 (2014-04-30) -== - -The “nobody wants red” release. - -Enhancements: - -• in the CMake build system, add some hints for Linux users cross-compiling - Windows D-Bus binaries to be able to run tests under Wine - (fd.o #41252, Ralf Habacker) - -• add Documentation key to dbus.service (fd.o #77447, Cameron Norman) - -Fixes: - -• in "dbus-uuidgen --ensure", try to copy systemd's /etc/machine-id - to /var/lib/dbus/machine-id instead of generating an entirely new ID - (fd.o #77941, Simon McVittie) - -• if dbus-launch receives an X error very quickly, do not kill - unrelated processes (fd.o #74698, Роман Донченко) - -• on Windows, allow up to 8K connections to the dbus-daemon, instead of the - previous 64 (fd.o #71297; Cristian Onet, Ralf Habacker) - -• cope with \r\n newlines in regression tests, since on Windows, - dbus-daemon.exe uses text mode (fd.o #75863, Руслан Ижбулатов) - -D-Bus 1.8.0 (2014-01-20) -== - -The “Wolverine distrusts my printer” release. - -This starts a new stable branch. The 1.6.x branch is now considered to be -outdated, and will only receive fixes for serious bugs such as security -flaws. The 1.4.x and 1.2.x branches no longer have upstream support and -are unlikely to get any more releases, but if distributors still need to -support them, please share security patches via upstream. - -Summary of changes since 1.6.x: - -• libdbus always behaves as if dbus_threads_init_default() had been called - (thread-safety by default) -• new dbus-run-session tool, replacing certain misuses of dbus-launch -• dbus-monitor can talk to outdated versions of dbus-daemon again -• new org.freedesktop.DBus.GetConnectionCredentials method -• GetConnectionUnixProcessID also works correctly on Windows, returning - the Windows process ID -• GetConnectionWindowsSID returns the correct SID on Windows -• expat is required, libxml2 can no longer be used as a substitute -• the userDB cache is required, and cannot be disabled -• a 64-bit integer type (either int, long, long long or _int64) is required -• better systemd-journald integration on Linux -• fixed long-standing fd and array leaks when failing to parse a message -• fixed referenced-but-never-freed parent nodes (effectively memory leaks) - when using certain object-path allocation patterns, notably in Avahi -• better defaults for Windows support -• better CMake support -• better portability to mingw32, FreeBSD, NetBSD, QNX and Hurd -• the source language for the man pages is now Docbook XML - -Enhancements since 1.7.10: - -• Enhance the CMake build system to check for GLib and compile/run - a subset of the regression tests (fd.o #41252, #73495; Ralf Habacker) - -Fixes since 1.7.10: - -• don't rely on va_copy(), use DBUS_VA_COPY() wrapper (fd.o #72840, - Ralf Habacker) - -• fix compilation of systemd journal support on older systemd versions where - sd-journal.h doesn't include syslog.h (fd.o #73455, Ralf Habacker) - -• fix compilation on older MSVC versions by including stdlib.h - (fd.o #73455, Ralf Habacker) - -• Allow to appear in an included configuration file - (fd.o #73475, Matt Hoosier) - -Test behaviour changes since 1.7.10: - -• If the tests crash with an assertion failure, they no longer default to - blocking for a debugger to be attached. Set DBUS_BLOCK_ON_ABORT in the - environment if you want the old behaviour. - -• To improve debuggability, the dbus-daemon and dbus-daemon-eavesdrop tests - can be run with an external dbus-daemon by setting - DBUS_TEST_DAEMON_ADDRESS in the environment. Test-cases that require - an unusually-configured dbus-daemon are skipped. - -D-Bus 1.7.10 (2014-01-06) -== - -The “weighted companion cube” release. - -This is a release candidate for D-Bus 1.8. - -D-Bus Specification 0.23: - -• don't require messages with no INTERFACE to be dispatched - (fd.o #68597, Simon McVittie) - -• document "tcp:bind=..." and "nonce-tcp:bind=..." (fd.o #72301, - Chengwei Yang) - -• define "listenable" and "connectable" addresses, and discuss - the difference (fd.o #61303, Simon McVittie) - -Enhancements: - -• support printing Unix file descriptors in dbus-send, dbus-monitor - (fd.o #70592, Robert Ancell) - -• don't install systemd units if --disable-systemd is given - (fd.o #71818, Chengwei Yang) - -Fixes: - -• don't leak memory on out-of-memory while listing activatable or - active services (fd.o #71526, Radoslaw Pajak) - -• fix undefined behaviour in a regression test (fd.o #69924, DreamNik) - -• escape Unix socket addresses correctly (fd.o #46013, Chengwei Yang) - -• on SELinux systems, don't assume that SECCLASS_DBUS, DBUS__ACQUIRE_SVC - and DBUS__SEND_MSG are numerically equal to their values in the - reference policy (fd.o #88719, osmond sun) - -• define PROCESS_QUERY_LIMITED_INFORMATION if missing from MinGW < 4 headers - (fd.o #71366, Matt Fischer) - -• define WIN32_LEAN_AND_MEAN to avoid conflicts between winsock.h and - winsock2.h (fd.o #71405, Matt Fischer) - -• do not return failure from _dbus_read_nonce() with no error set, - preventing a potential crash (fd.o #72298, Chengwei Yang) - -• on BSD systems, avoid some O(1)-per-process memory and fd leaks in kqueue, - preventing test failures (fd.o #69332, fd.o #72213; Chengwei Yang) - -• fix warning spam on Hurd by not trying to set SO_REUSEADDR on Unix sockets, - which doesn't do anything anyway on at least Linux and FreeBSD - (fd.o #69492, Simon McVittie) - -• fix use of TCP sockets on FreeBSD and Hurd by tolerating EINVAL from - sendmsg() with SCM_CREDS (retrying with plain send()), and looking - for credentials more correctly (fd.o #69492, Simon McVittie) - -• ensure that tests run with a temporary XDG_RUNTIME_DIR to avoid - getting mixed up in XDG/systemd "user sessions" (fd.o #61301, - Simon McVittie) - -• refresh cached policy rules for existing connections when bus - configuration changes (fd.o #39463, Chengwei Yang) - -D-Bus 1.7.8 (2013-11-01) -== - -The “extreme hills” release. - -Dependencies: - -• If systemd support is enabled, libsystemd-journal is now required. - -Enhancements: - -• When activating a non-systemd service under systemd, annotate its - stdout/stderr with its bus name in the Journal. Known limitation: - because the socket is opened before forking, the process will still be - logged as if it had dbus-daemon's process ID and user ID. - (fd.o #68559, Chengwei Yang) - -• Document more configuration elements in dbus-daemon(1) - (fd.o #69125, Chengwei Yang) - -Fixes: - -• Don't leak string arrays or fds if dbus_message_iter_get_args_valist() - unpacks them and then encounters an error (fd.o #21259, Chengwei Yang) - -• If compiled with libaudit, retain CAP_AUDIT_WRITE so we can write - disallowed method calls to the audit log, fixing a regression in 1.7.6 - (fd.o #49062, Colin Walters) - -• path_namespace='/' in match rules incorrectly matched nothing; it - now matches everything. (fd.o #70799, Simon McVittie) - -D-Bus 1.7.6 (2013-10-09) -== - -The “CSI Shrewsbury” release. - -Build-time configuration changes: - -• Directory change notification via dnotify on Linux is no longer - supported; it hadn't compiled successfully since 2010 in any case. - If you don't have inotify (Linux) or kqueue (*BSD), you will need - to send SIGHUP to the dbus-daemon when its configuration changes. - (fd.o #33001, Chengwei Yang) - -• Compiling with --disable-userdb-cache is no longer supported; - it didn't work since at least 2008, and would lead to an extremely - slow dbus-daemon even it worked. (fd.o #15589, #17133, #66947; - Chengwei Yang) - -• The DBUS_DISABLE_ASSERTS CMake option didn't actually disable most - assertions. It has been renamed to DBUS_DISABLE_ASSERT to be consistent - with the Autotools build system. (fd.o #66142, Chengwei Yang) - -• --with-valgrind=auto enables Valgrind instrumentation if and only if - valgrind headers are available. The default is still --with-valgrind=no. - (fd.o #56925, Simon McVittie) - -Dependencies: - -• Platforms with no 64-bit integer type are no longer supported. - (fd.o #65429, Simon McVittie) - -• GNU make is now (documented to be) required. (fd.o #48277, Simon McVittie) - -• Full test coverage no longer requires dbus-glib, although the tests do not - exercise the shared library (only a static copy) if dbus-glib is missing. - (fd.o #68852, Simon McVittie) - -Enhancements: - -• D-Bus Specification 0.22 - · Document GetAdtAuditSessionData() and - GetConnectionSELinuxSecurityContext() (fd.o #54445, Simon) - · Fix example .service file (fd.o #66481, Chengwei Yang) - · Don't claim D-Bus is "low-latency" (lower than what?), just - give factual statements about it supporting async use - (fd.o #65141, Justin Lee) - · Document the contents of .service files, and the fact that - system services' filenames are constrained - (fd.o #66608; Simon McVittie, Chengwei Yang) - -• Be thread-safe by default on all platforms, even if - dbus_threads_init_default() has not been called. For compatibility with - older libdbus, library users should continue to call - dbus_threads_init_default(): it is harmless to do so. - (fd.o #54972, Simon McVittie) - -• Add GetConnectionCredentials() method (fd.o #54445, Simon) - -• New API: dbus_setenv(), a simple wrapper around setenv(). - Note that this is not thread-safe. (fd.o #39196, Simon) - -• Add dbus-send --peer=ADDRESS (connect to a given peer-to-peer connection, - like --address=ADDRESS in previous versions) and dbus-send --bus=ADDRESS - (connect to a given bus, like dbus-monitor --address=ADDRESS). - dbus-send --address still exists for backwards compatibility, - but is no longer documented. (fd.o #48816, Andrey Mazo) - -• Windows-specific: - · "dbus-daemon --nofork" is allowed on Windows again. (fd.o #68852, - Simon McVittie) - -Fixes: - -• Avoid an infinite busy-loop if a signal interrupts waitpid() - (fd.o #68945, Simon McVittie) - -• Clean up memory for parent nodes when objects are unexported - (fd.o #60176, Thomas Fitzsimmons) - -• Make dbus_connection_set_route_peer_messages(x, FALSE) behave as - documented. Previously, it assumed its second parameter was TRUE. - (fd.o #69165, Chengwei Yang) - -• Escape addresses containing non-ASCII characters correctly - (fd.o #53499, Chengwei Yang) - -• Document search order correctly (fd.o #66994, Chengwei Yang) - -• Don't crash on "dbus-send --session / x.y.z" which regressed in 1.7.4. - (fd.o #65923, Chengwei Yang) - -• If malloc() returns NULL in _dbus_string_init() or similar, don't free - an invalid pointer if the string is later freed (fd.o #65959, Chengwei Yang) - -• If malloc() returns NULL in dbus_set_error(), don't va_end() a va_list - that was never va_start()ed (fd.o #66300, Chengwei Yang) - -• fix build failure with --enable-stats (fd.o #66004, Chengwei Yang) - -• fix a regression test on platforms with strict alignment (fd.o #67279, - Colin Walters) - -• Avoid calling function parameters "interface" since certain Windows headers - have a namespace-polluting macro of that name (fd.o #66493, Ivan Romanov) - -• Assorted Doxygen fixes (fd.o #65755, Chengwei Yang) - -• Various thread-safety improvements to static variables (fd.o #68610, - Simon McVittie) - -• Make "make -j check" work (fd.o #68852, Simon McVittie) - -• Fix a NULL pointer dereference on an unlikely error path - (fd.o #69327, Sviatoslav Chagaev) - -• Improve valgrind memory pool tracking (fd.o #69326, - Sviatoslav Chagaev) - -• Don't over-allocate memory in dbus-monitor (fd.o #69329, - Sviatoslav Chagaev) - -• dbus-monitor can monitor dbus-daemon < 1.5.6 again - (fd.o #66107, Chengwei Yang) - -• Unix-specific: - · If accept4() fails with EINVAL, as it can on older Linux kernels - with newer glibc, try accept() instead of going into a busy-loop. - (fd.o #69026, Chengwei Yang) - · If socket() or socketpair() fails with EINVAL or EPROTOTYPE, - for instance on Hurd or older Linux with a new glibc, try without - SOCK_CLOEXEC. (fd.o #69073; Pino Toscano, Chengwei Yang) - · Fix a file descriptor leak on an error code path. - (fd.o #69182, Sviatoslav Chagaev) - · dbus-run-session: clear some unwanted environment variables - (fd.o #39196, Simon) - · dbus-run-session: compile on FreeBSD (fd.o #66197, Chengwei Yang) - · Don't fail the autolaunch test if there is no DISPLAY (fd.o #40352, Simon) - · Use dbus-launch from the builddir for testing, not the installed copy - (fd.o #37849, Chengwei Yang) - · Fix compilation if writev() is unavailable (fd.o #69409, - Vasiliy Balyasnyy) - · Remove broken support for LOCAL_CREDS credentials passing, and - document where each credential-passing scheme is used (fd.o #60340, - Simon McVittie) - · Make autogen.sh work on *BSD by not assuming GNU coreutils functionality - (fd.o #35881, #69787; Chengwei Yang) - · dbus-monitor: be portable to NetBSD (fd.o #69842, Chengwei Yang) - · dbus-launch: stop using non-portable asprintf (fd.o #37849, Simon) - · Improve error reporting from the setuid activation helper (fd.o #66728, - Chengwei Yang) - -• Windows-specific: - · Remove unavailable command-line options from 'dbus-daemon --help' - (fd.o #42441, Ralf Habacker) - · Add support for looking up local TCPv4 clients' credentials on - Windows XP via the undocumented AllocateAndGetTcpExTableFromStack - function (fd.o #66060, Ralf Habacker) - · Fix insufficient dependency-tracking (fd.o #68505, Simon McVittie) - · Don't include wspiapi.h, fixing a compiler warning (fd.o #68852, - Simon McVittie) - -• Internal changes: - · add DBUS_ENABLE_ASSERT, DBUS_ENABLE_CHECKS for less confusing - conditionals (fd.o #66142, Chengwei Yang) - · improve verbose-mode output (fd.o #63047, Colin Walters) - · consolidate Autotools and CMake build (fd.o #64875, Ralf Habacker) - · fix various unused variables, unusual build configurations - etc. (fd.o #65712, #65990, #66005, #66257, #69165, #69410, #70218; - Chengwei Yang, Vasiliy Balyasnyy) - -D-Bus 1.7.4 (2013-06-13) -== - -The “but is your thread-safety thread-safe?” release. - -Security fixes: - -• CVE-2013-2168: Fix misuse of va_list that could be used as a denial - of service for system services. Vulnerability reported by Alexandru Cornea. - (Simon) - -Dependencies: - -• The Windows version of libdbus now contains a C++ source file, used - to provide global initialization when the library is loaded. - gcc (mingw*) users should ensure that g++ is also installed. - -• The libxml2-based configuration reader (which hasn't worked for 2.5 years, - and was never the recommended option) has been removed. Expat is now a - hard dependency. - -Enhancements: - -• It should now be safe to call dbus_threads_init_default() from any thread, - at any time. Authors of loadable modules and plugins that use libdbus - should consider doing so during initialization. - (fd.o #54972, Simon McVittie) - -• Improve dbus-send documentation and command-line parsing (fd.o #65424, - Chengwei Yang) - -Unix-specific: - · dbus-run-session: experimental new tool to start a temporary D-Bus - session, e.g. for regression tests or a text console, replacing - certain uses of dbus-launch which weren't really correct - (fd.o #39196, Simon) - -Other fixes: - -• In dbus-daemon, don't crash if a .service file starts with key=value - (fd.o #60853, Chengwei Yang) - -• Unix-specific: - · Fix a crash similar to CVE-2013-2168 the first time we try to use syslog - on a platform not defining LOG_PERROR, such as Solaris or QNX. - This regressed in 1.7.0. (Simon) - · Fix an assertion failure if we try to activate systemd services before - systemd connects to the bus (fd.o #50199, Chengwei Yang) - · Avoid compiler warnings for ignoring the return from write() - (Chengwei Yang) - -• Windows-specific: - · Under cmake, install runtime libraries (DLLs) into bin/ instead of lib/ - so that Windows finds them (fd.o #59733, Ralf Habacker) - -D-Bus 1.7.2 (2013-04-25) -== - -The “only partially opaque” release. - -Configuration changes: - -• On non-QNX Unix platforms, the default limit on fds per message in the - session bus configuration has reduced from 4096 to 1024. The default - limit used on the system bus was already 1024. On QNX, both limits are - reduced further, to 128. - -Enhancements: - -• D-Bus Specification 0.21 - · Following Unicode Corrigendum #9, the noncharacters U+nFFFE, U+nFFFF, - U+FDD0..U+FDEF are allowed in UTF-8 strings again. (fd.o #63072, - Simon McVittie) - -Fixes: - -• Diagnose incorrect use of dbus_connection_get_data() with negative slot - (i.e. before allocating the slot) rather than returning junk - (fd.o #63127, Dan Williams) - -• Fix a cmake build regression since 1.7.0 (fd.o #63682; Ralf Habacker, - Simon McVittie) - -• Unix-specific: - · On Linux, link successfully with glibc 2.17 (fd.o #63166, Simon McVittie) -  · Under systemd, log to syslog only, not stderr, avoiding duplication - (fd.o #61399, #39987; Colin Walters, Dagobert Michelsen) - · Under systemd, remove unnecessary dependency on syslog.socket - (fd.o #63531, Cristian Rodríguez) - · Include alloca.h for alloca() if available, fixing compilation on - Solaris 10 (fd.o #63071, Dagobert Michelsen) - · Allow use of systemd-logind without the rest of systemd - (fd.o #62585, Martin Pitt) - · When built with CMake, link to librt and use the right path for - meinproc's XSLT stylesheets (fd.o #61637, Ralf Habacker) - · Reduce the default limit on number of fds per message to 128 under - QNX, working around an arbitrary OS limit (fd.o #61176, Matt Fischer) - -• Windows-specific: - · Do not claim that all bus clients have the dbus-daemon's credentials; - pick up local TCPv4 clients' credentials (process ID and security - identifier, i.e. user) using GetExtendedTcpTable() (fd.o #61787, - Ralf Habacker) - -D-Bus 1.7.0 (2013-02-22) -== - -The "Disingenuous Assertions" release. - -This is a new development release, starting the 1.7.x branch. D-Bus 1.6 -remains the recommended version for long-term-supported distributions -or the upcoming GNOME 3.8 release. - -Build-time configuration changes: - -• The --with-dbus-session-bus-default-address configure option is no longer - supported. Use the new --with-dbus-session-bus-connect-address and - --with-dbus-session-bus-listen-address options instead. On Windows, you - usually want them to have the same argument; on Unix, the defaults are - usually correct. - -• Similarly, the DBUS_SESSION_BUS_DEFAULT_ADDRESS CMake variable is no longer - supported; use the new DBUS_SESSION_BUS_LISTEN_ADDRESS and - DBUS_SESSION_BUS_CONNECT_ADDRESS variables instead. - -• cmake/cross-compile.sh has been removed. Instead, please use a - cross-toolchain file (-DCMAKE_TOOLCHAIN_FILE) as documented at - ; or use Autotools - as documented in "info automake Cross-Compilation", and set - PKG_CONFIG_PATH appropriately. - -Requirements: - -• Man pages now require xmlto (or either xmlto or meinproc, if using CMake). -• man2html is no longer used. - -Enhancements: - -• D-Bus Specification 0.20 - · actually say that /org/freedesktop/DBus is the object that - implements o.fd.DBus (fd.o #51865, Colin Walters) - · various reorganisation for better clarity (fd.o #38252, Simon McVittie) - · stop claiming that all basic types work just like INT32 (strings don't!) - -• The "source code" for the man pages is now Docbook XML, eliminating - the outdated duplicate copies used when building with CMake. - (fd.o #59805; Ralf Habacker, Simon McVittie) - -Fixes: - -• In the activation helper, when compiled for tests, do not reset the system - bus address, fixing the regression tests. (fd.o #52202, Simon) - -• Fix building with Valgrind 3.8, at the cost of causing harmless warnings - with Valgrind 3.6 on some compilers (fd.o #55932, Arun Raghavan) - -• Merge from system-local.conf if necessary (fd.o #51560, - Krzysztof Konopko) - -• Under CMake, prefer xmlto over meinproc (fd.o #59733, Ralf Habacker) - -• Stop duplicating CMake's own logic to find libexpat - (fd.o #59733, Ralf Habacker) - -• Don't assume CMake host and build system are the same (fd.o #59733, - Ralf Habacker) - -• Avoid deprecation warnings for GLib 2.35 (fd.o #59971, Simon McVittie) - -• Unix-specific: - · Check for functions in libpthread correctly, fixing compilation on - (at least) OpenBSD (fd.o #47239, Simon) - · Don't leak temporary fds pointing to /dev/null (fd.o #56927, - Michel HERMIER) - · Update sd-daemon.[ch] from systemd (fd.o #60681) - · Add partial support for QNX (fd.o #60339, fd.o #61176; Matt Fischer) - -• Windows-specific: - · The default session bus listening and connecting address is now - "autolaunch:", which makes D-Bus on Windows interoperate with itself - and GDBus "out of the box". Use the configure options and cmake variables - described above if you require a different autolaunch scope. - (fd.o #38201, Simon McVittie) - · Avoid a CMake warning under Cygwin (fd.o #59401, Ralf Habacker) - -• Create session.d, system.d directories under CMake (fd.o #41319, - Ralf Habacker) - -D-Bus 1.6.8 (2012-09-28) -== - -The "Fix one thing, break another" release. - -• Follow up to CVE-2012-3524: The additional hardening - work to use __secure_getenv() as a followup to bug #52202 - broke certain configurations of gnome-keyring. Given - the difficulty of making this work without extensive - changes to gnome-keyring, use of __secure_getenv() is - deferred. - -D-Bus 1.6.6 (2012-09-28) -== - -The "Clear the environment in your setuid binaries, please" release. - -• CVE-2012-3524: Don't access environment variables (fd.o #52202) - Thanks to work and input from Colin Walters, Simon McVittie, - Geoffrey Thomas, and others. -• Unix-specific: - · Fix compilation on Solaris (fd.o #53286, Jonathan Perkin) - · Work around interdependent headers on OpenBSD by including sys/types.h - before each use of sys/socket.h (fd.o #54418, Brad Smith) - -D-Bus 1.6.4 (2012-07-18) -== - -• Detect that users are "at the console" correctly when configured with - a non-default path such as --enable-console-auth-dir=/run/console - (fd.o #51521, Dave Reisner) - -• Remove an incorrect assertion from DBusTransport (fd.o #51657, - Simon McVittie) - -• Make --enable-developer default to "no" (regression in 1.6.2; - fd.o #51657, Simon McVittie) - -• Windows-specific: - · Launch dbus-daemon correctly if its path contains a space - (fd.o #49450, Wolfgang Baron) - -D-Bus 1.6.2 (2012-06-27) -== - -The "Ice Cabbage" release. - -• Change how we create /var/lib/dbus so it works under Automake >= 1.11.4 - (fd.o #51406, Simon McVittie) - -• Don't return from dbus_pending_call_set_notify with a lock held on OOM - (fd.o #51032, Simon McVittie) - -• Disconnect "developer mode" (assertions, verbose mode etc.) from - Automake maintainer mode. D-Bus developers should now configure with - --enable-developer. Automake maintainer mode is now on by default; - distributions can disable it with --disable-maintainer-mode. - (fd.o #34671, Simon McVittie) - -• Automatically define DBUS_STATIC_BUILD in static-only Autotools builds, - fixing linking when targeting Windows (fd.o #33973; william, Simon McVittie) - -• Unix-specific: - · Check for libpthread under CMake on Unix (fd.o #47237, Simon McVittie) - -D-Bus 1.6.0 (2012-06-05) -== - -The “soul of this machine has improved” release. - -This version starts a new stable branch of D-Bus: only bug fixes will -be accepted into 1.6.x. Other changes will now go to the 1.7.x branch. - -Summary of changes since 1.4.x: - -• New requirements - · PTHREAD_MUTEX_RECURSIVE on Unix - · compiler support for 64-bit integers (int64_t or equivalent) - -• D-Bus Specification v0.19 - -• New dbus-daemon features - · rules allow the service to - own names like com.example.Service.Instance3 - · optional systemd integration when checking at_console policies - · --nopidfile option, mainly for use by systemd - · path_namespace and arg0namespace may appear in match rules - · eavesdropping is disabled unless the match rule contains eavesdrop=true - -• New public API - · functions to validate various string types (dbus_validate_path() etc.) - · dbus_type_is_valid() - · DBusBasicValue, a union of every basic type - -• Bug fixes - · removed an unsafe reimplementation of recursive mutexes - · dbus-daemon no longer busy-loops if it has far too many file descriptors - · dbus-daemon.exe --print-address works on Windows - · all the other bug fixes from 1.4.20 - -• Other major implementation changes - · on Linux, dbus-daemon uses epoll if supported, for better scalability - · dbus_threads_init() ignores its argument and behaves like - dbus_threads_init_default() instead - · removed the per-connection link cache, improving dbus-daemon performance - -• Developer features - · optional Valgrind instrumentation (--with-valgrind) - · optional Stats interface on the dbus-daemon (--enable-stats) - · optionally abort whenever malloc() fails (--enable-embedded-tests - and export DBUS_MALLOC_CANNOT_FAIL=1) - -Changes since 1.5.12: - -• Be more careful about monotonic time vs. real time, fixing DBUS_COOKIE_SHA1 - spec-compliance (fd.o #48580, David Zeuthen) - -• Don't use install(1) within the source/build trees, fixing the build as - non-root when using OpenBSD install(1) (fd.o #48217, Antoine Jacoutot) - -• Add missing commas in some tcp and nonce-tcp addresses, and remove - an unused duplicate copy of the nonce-tcp transport in Windows builds - (fd.o #45896, Simon McVittie) - -D-Bus 1.5.12 (2012-03-27) -== - -The “Big Book of Science” release. - -• Add public API to validate various string types: - dbus_validate_path(), dbus_validate_interface(), dbus_validate_member(), - dbus_validate_error_name(), dbus_validate_bus_name(), dbus_validate_utf8() - (fd.o #39549, Simon McVittie) - -• Turn DBusBasicValue into public API so bindings don't need to invent their - own "union of everything" type (fd.o #11191, Simon McVittie) - -• Enumerate data files included in the build rather than using find(1) - (fd.o #33840, Simon McVittie) - -• Add support for policy rules like - in dbus-daemon (fd.o #46273, Alban Crequy) - -• Windows-specific: - · make dbus-daemon.exe --print-address (and --print-pid) work again - on Win32, but not on WinCE (fd.o #46049, Simon McVittie) - · fix duplicate case value when compiling against mingw-w64 - (fd.o #47321, Andoni Morales Alastruey) - -D-Bus 1.5.10 (2012-02-21) -== - -The "fire in Delerium" release. - -On Unix platforms, PTHREAD_MUTEX_RECURSIVE (as specified in POSIX 2008 Base -and SUSv2) is now required. - -• D-Bus Specification 0.19: - · Formally define unique connection names and well-known bus names, - and document best practices for interface, bus, member and error names, - and object paths (fd.o #37095, Simon McVittie) - · Document the search path for session and system services on Unix, and - where they should be installed by build systems (fd.o #21620, fd.o #35306; - Simon McVittie) - · Document the systemd transport (fd.o #35232, Lennart Poettering) - -• Make dbus_threads_init() use the same built-in threading implementation - as dbus_threads_init_default(); the user-specified primitives that it - takes as a parameter are now ignored (fd.o #43744, Simon McVittie) - -• Allow all configured auth mechanisms, not just one (fd.o #45106, - Pavel Strashkin) - -• Improve cmake build system (Ralf Habacker): - · simplify XML parser dependencies (fd.o #41027) - · generate build timestamp (fd.o #41029) - · only create batch files on Windows - · fix option and cache syntax - · add help-options target - · share dbus-arch-deps.h.in with autotools rather than having our - own version (fd.o #41033) - -• Build tests successfully with older GLib, as found in e.g. Debian 6 - (fd.o #41219, Simon McVittie) - -• Avoid use of deprecated GThread API (fd.o #44413, Martin Pitt) - -• Build documentation correctly if man2html doesn't support filenames on - its command-line (fd.o #43875, Jack Nagel) - -• Improve test coverage. To get even more coverage, run the tests with - DBUS_TEST_SLOW=1 (fd.o #38285, #42811; Simon McVittie) - -• Reduce the size of the shared library by moving functionality only used - by dbus-daemon, tests etc. into their internal library and deleting - unused code (fd.o #34976, #39759; Simon McVittie) - -• Add dbus-daemon --nopidfile option, overriding the configuration, for - setups where the default configuration must include to avoid - breaking traditional init, but the pid file is in fact unnecessary; use - it under systemd to improve startup time a bit (fd.o #45520, - Lennart Poettering) - -• Optionally (if configured --with-valgrind) add instrumentation to debug - libdbus and associated tools more meaningfully under Valgrind - (fd.o #37286, Simon McVittie) - -• Improve the dbus-send(1) man page (fd.o #14005, Simon McVittie) - -• Make dbus-protocol.h compatible with C++11 (fd.o #46147, Marc Mutz) - -• If tests are enabled and DBUS_MALLOC_CANNOT_FAIL is set in the environment, - abort on failure to malloc() (like GLib does), to turn runaway memory leaks - into a debuggable core-dump if a resource limit is applied (fd.o #41048, - Simon McVittie) - -• Don't crash if realloc() returns NULL in a debug build (fd.o #41048, - Simon McVittie) - -• Unix-specific: - · Replace our broken reimplementation of recursive mutexes, which has - been broken since 2006, with an ordinary pthreads recursive mutex - (fd.o #43744; Sigmund Augdal, Simon McVittie) - · Use epoll(7) for a more efficient main loop in Linux; equivalent patches - welcomed for other OSs' equivalents like kqueue, /dev/poll, or Solaris - event ports (fd.o #33337; Simon McVittie, Ralf Habacker) - · When running under systemd, use it instead of ConsoleKit to check - whether to apply at_console policies (fd.o #39609, Lennart Poettering) - · Avoid a highly unlikely fd leak (fd.o #29881, Simon McVittie) - · Don't close invalid fd -1 if getaddrinfo fails (fd.o #37258, eXeC001er) -  · Don't touch ~/.dbus and ~/.dbus-keyrings when running 'make installcheck' - (fd.o #41218, Simon McVittie) - · Stop pretending we respect XDG_DATA_DIRS for system services: the launch - helper doesn't obey environment variables to avoid privilege escalation - attacks, so make the system bus follow the same rules - (fd.o #21620, Simon McVittie) - -• Windows-specific: - · Find the dbus-daemon executable next to the shared library (fd.o #41558; - Jesper Dam, Ralf Habacker) - · Remove the faulty implementation of _dbus_condvar_wake_all (fd.o #44609, - Simon McVittie) - -D-Bus 1.5.8 (2011-09-21) -== - -The "cross-metering" release. - -In addition to dead code removal and refactoring, this release contains all -of the bugfixes from 1.4.16. - -• Clean up dead code, and make more warnings fatal in development builds - (fd.o #39231, fd.o #41012; Simon McVittie) - -• If full test coverage is requested via --enable-tests, strictly require - Python, pygobject and dbus-python, which are required by some tests; if not, - and Python is missing, skip those tests rather than failing - (fd.o #37847, Simon McVittie) - -• When using cmake, provide the same version-info API in the installed headers - as for autotools (DBUS_VERSION, etc.) (fd.o #40905, Ralf Habacker) - -• Add a regression test for fd.o #38005 (fd.o #39836, Simon McVittie) - -• Make "NOCONFIGURE=1 ./autogen.sh" not run configure (Colin Walters) - -• Add _DBUS_STATIC_ASSERT and use it to check invariants (fd.o #39636, - Simon McVittie) - -• Fix duplicates in authors list (Ralf Habacker) - -• Fix broken links from dbus-tutorial.html if $(htmldir) != $(docdir) - (fd.o #39879, Chris Mayo) - -• Fix a small memory leak, and a failure to report errors, when updating - a service file entry for activation (fd.o #39230, Simon McVittie) - -• Unix-specific: - · Clean up (non-abstract) Unix sockets on bus daemon exit (fd.o #38656; - Brian Cameron, Simon McVittie) - · On systems that use libcap-ng but not systemd, drop supplemental groups - when switching to the daemon user (Red Hat #726953, Steve Grubb) - · Make the cmake build work again on GNU platforms (fd.o #29228, - Simon McVittie) - · Fix compilation on non-C99 systems that have inttypes.h but not stdint.h, - like Solaris (fd.o #40313, Dagobert Michelsen) - · Define CMSG_ALIGN, CMSG_LEN, CMSG_SPACE on Solaris < 10 - (fd.o #40235, Simon McVittie) - · Cope with Unixes that don't have LOG_PERROR, like Solaris 10 - (fd.o #39987, Simon McVittie) - · Cope with platforms whose vsnprintf violates both POSIX and C99, like - Tru64, IRIX and HP-UX (fd.o #11668, Simon McVittie) - -• Windows-specific: - · Fix compilation on MSVC, which doesn't understand "inline" with its - C99 meaning (fd.o #40000; Ralf Habacker, Simon McVittie) - · Fix misuse of GPid in test/dbus-daemon.c (fd.o #40003, Simon McVittie) - · Fix cross-compilation to Windows with Automake (fd.o #40003, Simon McVittie) - -D-Bus 1.5.6 (2011-07-29) -== - -The "weird, gravy-like aftertaste" release. - -In addition to new features and refactoring, this release contains all of the -bugfixes from 1.4.14. - -Potentially incompatible (Bustle and similar debugging tools will need -changes to work as intended): - -• Do not allow match rules to "eavesdrop" (receive messages intended for a - different recipient) by mistake: eavesdroppers must now opt-in to this - behaviour by putting "eavesdrop='true'" in the match rule, which will - not have any practical effect on buses where eavesdropping is not allowed - (fd.o #37890, Cosimo Alfarano) - -Other changes: - -• D-Bus Specification version 0.18 (fd.o #37890, fd.o #39450, fd.o #38252; - Cosimo Alfarano, Simon McVittie) - · add the "eavesdrop" keyword to match rules - · define eavesdropping, unicast messages and broadcast messages - · stop claiming that match rules are needed to match unicast messages to you - · promote the type system to be a top-level section - -• Use DBUS_ERROR_OBJECT_PATH_IN_USE if dbus_connection_try_register_object_path - or dbus_connection_try_register_fallback fails, not ...ADDRESS_IN_USE, - and simplify object-path registration (fd.o #38874, Jiří Klimeš) - -• Consistently use atomic operations on everything that is ever manipulated - via atomic ops, as was done for changes to DBusConnection's refcount in - 1.4.12 (fd.o #38005, Simon McVittie) - -• Fix a file descriptor leak when connecting to a TCP socket (fd.o #37258, - Simon McVittie) - -• Make "make check" in a clean tree work, by not running tests until - test data has been set up (fd.o #34405, Simon McVittie) - -• The dbus-daemon no longer busy-loops if it has a very large number of file - descriptors (fd.o #23194, Simon McVittie) - -• Refactor message flow through dispatching to avoid locking violations if - the bus daemon's message limit is hit; remove the per-connection link cache, - which was meant to improve performance, but now reduces it (fd.o #34393, - Simon McVittie) - -• Some cmake fixes (Ralf Habacker) - -• Remove dead code, mainly from DBusString (fd.o #38570, fd.o #39610; - Simon McVittie, Lennart Poettering) - -• Stop storing two extra byte order indicators in each D-Bus message - (fd.o #38287, Simon McVittie) - -• Add an optional Stats interface which can be used to get statistics from - a running dbus-daemon if enabled at configure time with --enable-stats - (fd.o #34040, Simon McVittie) - -• Fix various typos (fd.o #27227, fd.o #38284; Sascha Silbe, Simon McVittie) - -• Documentation (fd.o #36156, Simon McVittie): - · let xsltproc be overridden as usual: ./configure XSLTPROC=myxsltproc - · install more documentation automatically, including man2html output - · put dbus.devhelp in the right place (it must go in ${htmldir}) - -• Unix-specific: - · look for system services in /lib/dbus-1/system-services in addition to all - the other well-known locations; note that this should always be /lib, - even on platforms where shared libraries on the root FS would go in /lib64, - /lib/x86_64-linux-gnu or similar (fd.o #35229, Lennart Poettering) - · opt-in to fd passing on Solaris (fd.o #33465, Simon McVittie) - -• Windows-specific (Ralf Habacker): - · fix use of a mutex for autolaunch server detection - · don't crash on malloc failure in _dbus_printf_string_upper_bound - -D-Bus 1.5.4 (2011-06-10) -== - -Security (local denial of service): - -• Byte-swap foreign-endian messages correctly, preventing a long-standing - local DoS if foreign-endian messages are relayed through the dbus-daemon - (backporters: this is git commit c3223ba6c401ba81df1305851312a47c485e6cd7) - (CVE-2011-2200, fd.o #38120, Debian #629938; Simon McVittie) - -New things: - -• The constant to use for an infinite timeout now has a name, - DBUS_TIMEOUT_INFINITE. It is numerically equivalent to 0x7fffffff (INT32_MAX) - which can be used for source compatibility with older versions of libdbus. - -• If GLib and DBus-GLib are already installed, more tests will be built, - providing better coverage. The new tests can also be installed via - ./configure --enable-installed-tests - for system integration testing, if required. (fd.o #34570, Simon McVittie) - -Changes: - -• Consistently use atomic operations for the DBusConnection's refcount, - fixing potential threading problems (fd.o #38005, Simon McVittie) - -• Don't use -Wl,--gc-sections by default: in practice the size decrease is - small (300KiB on x86-64) and it frequently doesn't work in unusual - toolchains. To optimize for minimum installed size, you should benchmark - various possibilities for CFLAGS and LDFLAGS, and set the best flags for - your particular toolchain at configure time. (fd.o #33466, Simon McVittie) - -• Use #!/bin/sh for run-with-tmp-session-bus.sh, making it work on *BSD - (fd.o #35880, Timothy Redaelli) - -• Use ln -fs to set up dbus for systemd, which should fix reinstallation - when not using a DESTDIR (fd.o #37870, Simon McVittie) - -• Windows-specific changes: - · don't try to build dbus-daemon-launch-helper (fd.o #37838, Mark Brand) - -D-Bus 1.5.2 (2011-06-01) -== - -The "Boar Hunter" release. - -Notes for distributors: - - This version of D-Bus no longer uses -fPIE by default. Distributions wishing - to harden the dbus-daemon and dbus-launch-helper can re-enable this if their - toolchain supports it reliably, via something like: - - ./configure CFLAGS=-fPIE LDFLAGS="-pie -Wl,-z,relro" - - or by using distribution-specific wrappers such as Debian's hardening-wrapper. - -Changes: - - • D-Bus Specification v0.17 - · Reserve the extra characters used in signatures by GVariant - (fd.o #34529, Simon McVittie) - · Define the ObjectManager interface (fd.o #34869, David Zeuthen) - • Don't force -fPIE: distributions and libtool know better than we do whether - it's desirable (fd.o #16621, fd.o #27215; Simon McVittie) - • Allow --disable-gc-sections, in case your toolchain offers the - -ffunction-sections, -fdata-sections and -Wl,--gc-sections options - but they're broken, as seen on Solaris (fd.o #33466, Simon McVittie) - • Install dbus-daemon and dbus-daemon-launch-helper in a more normal way - (fd.o #14512; Simon McVittie, loosely based on a patch from Luca Barbato) - • Ensure that maintainers upload documentation with the right permissions - (fd.o #36130, Simon McVittie) - • Don't force users of libdbus to be linked against -lpthread, -lrt - (fd.o #32827, Simon McVittie) - • Log system-bus activation information to syslog (fd.o #35705, - Colin Walters) - • Log messages dropped due to quotas to syslog (fd.o #35358, - Simon McVittie) - • Make the nonce-tcp transport work on Unix (fd.o #34569, Simon McVittie) - • On Unix, if /var/lib/dbus/machine-id cannot be read, try /etc/machine-id - (fd.o #35228, Lennart Poettering) - • In the regression tests, don't report fds as "leaked" if they were open - on startup (fd.o #35173, Simon McVittie) - • Make dbus-monitor bail out if asked to monitor more than one bus, - rather than silently using the last one (fd.o #26548, Will Thompson) - • Clarify documentation (fd.o #35182, Simon McVittie) - • Clean up minor dead code and some incorrect error handling - (fd.o #33128, fd.o #29881; Simon McVittie) - • Check that compiler options are supported before using them (fd.o #19681, - Simon McVittie) - • Windows: - • Remove obsolete workaround for winioctl.h (fd.o #35083, Ralf Habacker) - -D-Bus 1.5.0 (2011-04-11) -== - -The "you never know when you need to tow something from your giant -flying shark" release. - - • D-Bus Specification v0.16 - · Add support for path_namespace and arg0namespace in match rules - (fd.o #24317, #34870; Will Thompson, David Zeuthen, Simon McVittie) - · Make argNpath support object paths, not just object-path-like strings, - and document it better (fd.o #31818, Will Thompson) - • Let the bus daemon implement more than one interface (fd.o #33757, - Simon McVittie) - • Optimize _dbus_string_replace_len to reduce waste (fd.o #21261, - Roberto Guido) - • Require user intervention to compile with missing 64-bit support - (fd.o #35114, Simon McVittie) - • Add dbus_type_is_valid as public API (fd.o #20496, Simon McVittie) - • Raise UnknownObject instead of UnknownMethod for calls to methods on - paths that are not part of the object tree, and UnknownInterface for calls - to unknown interfaces in the bus daemon (fd.o #34527, Lennart Poettering) - -D-Bus 1.4.8 (2011-04-08) -== - -The "It's like the beginning of a lobster" release. - - • Rename configure.in to configure.ac, and update it to modern conventions - (fd.o #32245; Javier Jardón, Simon McVittie) - • Correctly give XDG_DATA_HOME priority over XDG_DATA_DIRS (fd.o #34496, - Anders Kaseorg) - • Prevent X11 autolaunching if $DISPLAY is unset or empty, and add - --disable-x11-autolaunch configure option to prevent it altogether - in embedded environments (fd.o #19997, NB#219964; Simon McVittie) - • Install the documentation, and an index for Devhelp (fd.o #13495, - Debian #454142; Simon McVittie, Matthias Clasen) - • If checks are not disabled, check validity of string-like types and - booleans when sending them (fd.o #16338, NB#223152; Simon McVittie) - • Add UnknownObject, UnknownInterface, UnknownProperty and PropertyReadOnly - errors to dbus-shared.h (fd.o #34527, Lennart Poettering) - • Break up a huge conditional in config-parser so gcov can produce coverage - data (fd.o #10887, Simon McVittie) - • List which parts of the Desktop Entry specification are applicable to - .service files (fd.o #19159, Sven Herzberg) - • Don't suppress service activation if two services have the same Exec= - (fd.o #35750, Colin Walters) - • Windows: - · Avoid the name ELEMENT_TYPE due to namespace-pollution from winioctl.h - (Andre Heinecke) - · Include _dbus_path_is_absolute in libdbus on Windows, fixing compilation - (fd.o #32805, Mark Brand) - -D-Bus 1.4.6 (2010-02-17) -== - -The "1, 2, miss a few, 99, 100" release. - - • Remove unfinished changes intended to support GTest-based tests, - which were mistakenly included in 1.4.4 - -D-Bus 1.4.4 (2010-02-17) -== - - • Switch back to using even micro versions for stable releases; 1.4.1 - should have been called 1.4.2, so skip that version number - • Don't leave bad file descriptors being watched when spawning processes, - which could result in a busy-loop (fd.o #32992, NB#200248; possibly - also LP#656134, LP#680444, LP#713157) - • Check for MSG_NOSIGNAL correctly - • Fix failure to detect abstract socket support (fd.o #29895) - • Make _dbus_system_logv actually exit with DBUS_SYSTEM_LOG_FATAL - (fd.o #32262, NB#180486) - • Improve some error code paths (fd.o #29981, fd.o #32264, fd.o #32262, - fd.o #33128, fd.o #33277, fd.o #33126, NB#180486) - • Avoid possible symlink attacks in /tmp during compilation (fd.o #32854) - • Tidy up dead code (fd.o #25306, fd.o #33128, fd.o #34292, NB#180486) - • Improve gcc malloc annotations (fd.o #32710) - • If the system bus is launched via systemd, protect it from the OOM killer - • Documentation improvements (fd.o #11190) - • Avoid readdir_r, which is difficult to use correctly (fd.o #8284, - fd.o #15922, LP#241619) - • Cope with invalid files in session.d, system.d (fd.o #19186, - Debian #230231) - • Don't distribute generated files that embed our builddir (fd.o #30285, - fd.o #34292) - • Raise the system bus's fd limit to be sufficient for its configuration - (fd.o #33474, LP#381063) - • Fix syslog string processing - • Ignore -Waddress - • Remove broken gcov parsing code and --enable-gcov, and replace them - with lcov HTML reports and --enable-compiler-coverage (fd.o #10887) - • Windows: - · avoid live-lock in Windows CE due to unfair condition variables - • OpenBSD: - · support credentials-passing (fd.o #32542) - • Solaris: - · opt-in to thread safety (fd.o #33464) - -D-Bus 1.4.1 (20 December 2010) -== - - • Fix for CVE-2010-4352: sending messages with excessively-nested variants can - crash the bus. The existing restriction to 64-levels of nesting previously - only applied to the static type signature; now it also applies to dynamic - nesting using variants. Thanks to Rémi Denis-Courmont for discoving this - issue. - • OS X portability fixes, including launchd support. - • Windows autolaunch improvements. - • Various bug fixes. - -D-Bus 1.4.0 (6 Sep 2010) -== - - systemd hookup - -D-Bus 1.3.1 (23 June 2010) -== - - New standardized PropertiesChanged signal in the properties interface - - Various portability fixes, in particular to Windows platforms - - Support forking bus services, for compatibility - -D-Bus 1.3.0 (29 July 2009) -== - - ability for dbus-send to send to any bus (--address) - - file descriptor passing on Unix socket transports - - use of GCC atomic intrinsics for better processor support - (requires -march=i486 or above for x86 compilation) - - thread-safe FD_CLOEXEC setting on recent Linux kernels (2.6.24-27 and up) - and glibc (2.9 for pipe2 and 2.10 for accept4) - - feature negotiation in the bus daemon diff --git a/NEWS.pre-1-10 b/NEWS.pre-1-10 new file mode 100644 index 00000000..4ae9915a --- /dev/null +++ b/NEWS.pre-1-10 @@ -0,0 +1,748 @@ +D-Bus 1.9.20 (2015-08-06) +== + +The “Remember Tomorrow” release. + +This is a release-candidate for D-Bus 1.10.0. OS distribution vendors +should test it. + +Fixes: + +• Don't second-guess what the ABI of poll() is, allowing it to be used + on Integrity RTOS and other unusual platforms (fd.o #90314; + Rolland Dudemaine, Simon McVittie) + +• Don't duplicate audit subsystem integration if AppArmor and SELinux are + both enabled (fd.o #89225, Simon McVittie) + +• Log audit events for AppArmor/SELinux policy violations whenever + we have CAP_AUDIT_WRITE, even if not the system bus + (fd.o #83856, Laurent Bigonville) + +D-Bus 1.9.18 (2015-07-21) +== + +The “Pirate Elite” release. + +Configuration changes: + +• The basic setup for the well-known system and session buses is now done + in read-only files in ${datadir}, moving a step closer to systems + that can operate with an empty /etc directory. In increasing order + of precedence: + + · ${datadir}/dbus-1/s*.conf now perform the basic setup such as setting + the default message policies. + · ${sysconfdir}/dbus-1/s*.conf are now optional. By default + dbus still installs a trivial version of each, for documentation + purposes; putting configuration directives in these files is deprecated. + · ${datadir}/dbus-1/s*.d/ are now available for third-party software + to install "drop-in" configuration snippets (any packages + using those directories should explicitly depend on at least this + version of dbus). + · ${sysconfdir}/dbus-1/s*.d/ are also still available for sysadmins + or third-party software to install "drop-in" configuration snippets + · ${sysconfdir}/dbus-1/s*-local.conf are still available for sysadmins' + overrides + + ${datadir} is normally /usr/share, ${sysconfdir} is normally /etc, + and "s*" refers to either system or session as appropriate. + + (fd.o #89280, Dimitri John Ledkov) + +Fixes: + +• Fix a memory leak when GetConnectionCredentials() succeeds + (fd.o #91008, Jacek Bukarewicz) + +• Ensure that dbus-monitor does not reply to messages intended for others, + resulting in its own disconnection (fd.o #90952, Simon McVittie) + +D-Bus 1.9.16 (2015-05-14) +== + +The “titanium barns” release. + +Dependencies: + +• Automake 1.13 is now required when compiling from git or modifying + the build system. + +Security hardening: + +• On Unix platforms, change the default configuration for the session bus + to only allow EXTERNAL authentication (secure kernel-mediated + credentials-passing), as was already done for the system bus. + + This avoids falling back to DBUS_COOKIE_SHA1, which relies on strongly + unpredictable pseudo-random numbers. + + If you are using D-Bus over the (unencrypted!) tcp: or nonce-tcp: transport, + in conjunction with DBUS_COOKIE_SHA1 and a shared home directory using + NFS or similar, you will need to reconfigure the session bus to accept + DBUS_COOKIE_SHA1 by commenting out the element. This configuration + is not recommended. + + (fd.o #90414, Simon McVittie) + +• When asked for random numbers for DBUS_COOKIE_SHA1, the nonce-tcp: + transport, UUIDs or any other reason, fail if we cannot obtain entropy + (from /dev/urandom or CryptGenRandom()) or an out-of-memory condition + occurs, instead of silently falling back to low-entropy pseudorandom + numbers from rand(). (fd.o #90414; Simon McVittie, Ralf Habacker) + +Enhancements: + +• Add dbus_message_iter_get_element_count() + (fd.o #30350; Christian Dywan, Simon McVittie) + +• Introduce new internal DBusSocket and DBusPollable types so we can + stop treating the Windows SOCKET type as if it was int. DBusSocket + is specifically a socket, cross-platform. DBusPollable is whatever + _dbus_poll() can act on, i.e. a fd on Unix or a SOCKET on Windows. + (fd.o #89444; Ralf Habacker, Simon McVittie) + +• All regression tests now output TAP + (fd.o #89846, Simon McVittie) + +• Internal APIs consistently use signed values for timestamps + (fd.o #18494, Peter McCurdy) + +• Improve diagnostics when UpdateActivationEnvironment calls are rejected + (fd.o #88812, Simon McVittie) + +• Clean up a lot of compiler warnings + (fd.o #17289, fd.o #89284; Ralf Habacker, Simon McVittie) + +Fixes: + +• Add locking to DBusCounter's reference count and notify function + (fd.o #89297, Adrian Szyndela) + +• Ensure that DBusTransport's reference count is protected by the + corresponding DBusConnection's lock (fd.o #90312, Adrian Szyndela) + +• Correctly release DBusServer mutex before early-return if we run out + of memory while copying authentication mechanisms (fd.o #90021, + Ralf Habacker) + +• Make dbus-test-tool and dbus-update-activation-environment portable + to Windows (fd.o #90089, Ralf Habacker) + +• Correctly initialize all fields of DBusTypeReader (fd.o #90021; + Ralf Habacker, Simon McVittie) + +• Fix some missing \n in verbose (debug log) messages (fd.o #90004, + Ralf Habacker) + +• Clean up some memory and fd leaks in test code and tools + (fd.o #90021, Ralf Habacker) + +• Fix a NULL dereference if the dbus-daemon cannot read a configuration + directory for a reason that is not ENOENT (fd.o #90021, Ralf Habacker) + +• CMake generates a versioned shared library even if the revision is 0, + as it usually is on the development branch. (fd.o #89450, Ralf Habacker) + +D-Bus 1.9.14 (2015-03-02) +== + +The “don't stand in the poison cloud” release. + +Dependencies: + +• dbus-daemon and dbus-daemon-launch-helper now require libdbus. They + were previously linked to a static version of libdbus. + +• The tests no longer require dbus-glib in order to exercise the libdbus + shared library; they are always linked to libdbus now. + +Build-time configuration: + +• The new --enable-user-session option, off by default, can be enabled + by OS integrators intending to use systemd to provide a session bus + per user (in effect, treating all concurrent graphical and non-graphical + login sessions as one large session) + +Enhancements: + +• All executables are now linked dynamically to libdbus. + (fd.o #83115; Bertrand SIMONNET, Simon McVittie, Ralf Habacker) + +• On platforms that support them (GNU libc and possibly others), + libdbus now has versioned symbols for its public API. + All public symbols (visible in the header files) are currently + versioned as LIBDBUS_1_3; private symbols starting with _dbus or + dbus_internal have a version that changes with each release, and + must not be used by applications. (also fd.o #83115) + +• New listenable address mode "unix:runtime=yes" which listens on + a real filesystem (non-abstract) socket $XDG_RUNTIME_DIR/bus + (fd.o #61303; Colin Walters, Alexander Larsson, Simon McVittie) + +• Add optional systemd units for a per-user bus listening on + $XDG_RUNTIME_DIR/bus (fd.o #61301; Simon McVittie, Colin Walters) + +• On Unix platforms, both libdbus and "dbus-launch --autolaunch" + default to connecting to $XDG_RUNTIME_DIR/bus if it is a socket + (also fd.o #61301) + +• New dbus-update-activation-environment tool uploads environment + variables to "dbus-daemon --session" and optionally "systemd --user", + primarily as a way to keep the per-user bus compatible with + distributions' existing X11 login scripts (also fd.o #61301) + +• elements in dbus-daemon configuration are now silently + ignored if the directory does not exist. (fd.o #89280, Dimitri John Ledkov) + +• Add microsecond-resolution timestamps to the default output of + dbus-monitor and dbus-send (fd.o #88896; Ralf Habacker, Simon McVittie) + +Fixes: + +• Fix a race condition in the 'monitor' test introduced in 1.9.10 + (fd.o #89222, Simon McVittie) + +D-Bus 1.9.12 (2015-02-19) +== + +The “monster lasagna” release. + +Dependencies: + +• Ducktype and yelp-tools are now required to build complete documentation + (they are optional for normal builds). + +Enhancements: + +• D-Bus Specification version 0.26 + · GetConnectionCredentials can return LinuxSecurityLabel or WindowsSID + · document the BecomeMonitor method + +• On Linux, add LinuxSecurityLabel to GetConnectionCredentials + (fd.o #89041; Tyler Hicks, Simon McVittie) + +• On Linux, add support for AppArmor mediation of message sending and + receiving and name ownership (paralleling existing SELinux mediation + support), and eavesdropping (a new check, currently AppArmor-specific) + (fd.o #75113; John Johansen, Tyler Hicks, Simon McVittie) + +• In dbus-send and dbus-monitor, pretty-print \0-terminated bytestrings + that have printable ASCII contents; we previously only did this for + unterminated bytestrings (fd.o #89109, Simon McVittie) + +• Add a guide to designing good D-Bus APIs (fd.o #88994, Philip Withnall) + +• On Windows, add WindowsSID to GetConnectionCredentials + (fd.o #54445, Ralf Habacker) + +• Improve clarity of dbus-monitor --profile output and add more columns + (fd.o #89165, Ralf Habacker) + +• Add a man page for dbus-test-tool, and build it under CMake as well + as Autotools (fd.o#89086, Simon McVittie) + +• If dbus-daemon was compiled with --enable-verbose, add a D-Bus API + to control it at runtime, overriding the DBUS_VERBOSE environment variable + (fd.o #88896, Ralf Habacker) + +Fixes: + +• Reduce the number of file descriptors used in the fd-passing test, + avoiding failure under the default Linux fd limit, and automatically + skip it if the rlimit is too small (fd.o #88998, Simon McVittie) + +D-Bus 1.9.10 (2015-02-09) +== + +The “sad cyborgs” release. + +Security fixes merged from 1.8.16: + +• Do not allow non-uid-0 processes to send forged ActivationFailure + messages. On Linux systems with systemd activation, this would + allow a local denial of service: unprivileged processes could + flood the bus with these forged messages, winning the race with + the actual service activation and causing an error reply + to be sent back when service auto-activation was requested. + This does not prevent the real service from being started, + so the attack only works while the real service is not running. + (CVE-2015-0245, fd.o #88811; Simon McVittie) + +Enhancements: + +• The new Monitoring interface in the dbus-daemon lets dbus-monitor and + similar tools receive messages without altering the security properties + of the system bus, by calling the new BecomeMonitor method on a + private connection. This bypasses the normal and rules + entirely, so to preserve normal message-privacy assumptions, only root + is allowed to do this on the system bus. Restricted environments, + such as Linux with LSMs, should lock down access to the Monitoring + interface. (fd.o #46787, Simon McVittie) + +• dbus-monitor uses BecomeMonitor to capture more traffic, if the + dbus-daemon supports it and access permissions allow it. + It still supports the previous approach ("eavesdropping" match rules) + for compatibility with older bus daemons. (fd.o #46787, Simon) + +• dbus-monitor can now log the message stream as binary data for later + analysis, with either no extra framing beyond the normal D-Bus headers, + or libpcap-compatible framing treating each D-Bus message + as a captured packet. (fd.o #46787, Simon) + +Other fixes: + +• Fix some CMake build regressions (fd.o #88964, Ralf Habacker) + +• On Unix, forcibly terminate regression tests after 60 seconds to + prevent them from blocking continuous integration frameworks + (fd.o #46787, Simon) + +D-Bus 1.9.8 (2015-02-03) +== + +The “all the types of precipitation” release. + +Dependencies: + +• full test coverage now requires GLib 2.36 +• full test coverage now requires PyGI (PyGObject 3, + "import gi.repository.GObject") instead of the + obsolete PyGObject 2 ("import gobject") + +Enhancements: + +• add GLib-style "installed tests" (fd.o #88810, Simon McVittie) + +• better regression test coverage, including systemd activation + (fd.o #57952, #88810; Simon McVittie) + +Fixes: + +• fatal errors correctly make the dbus-daemon exit even if is + turned off (fd.o #88808, Simon McVittie) + +• TCP sockets on Windows no longer fail to listen approximately 1 time + in 256, caused by a logic error that should have always made it fail but + was mitigated by incorrect endianness for the port number + (fd.o #87999, Ralf Habacker) + +• fix some Windows build failures (fd.o #88009, #88010; Ralf Habacker) + +• on Windows, allow up to 8K connections to the dbus-daemon instead of the + previous 64, completing a previous fix which only worked under + Autotools (fd.o #71297, Ralf Habacker) + +• on Windows, if the IP family is unspecified only use IPv4, + to mitigate IPv6 not working correctly (fd.o #87999, Ralf Habacker) + +• fix some unlikely memory leaks on OOM (fd.o #88087, Simon McVittie) + +• lcov code coverage analysis works again (fd.o #88808, Simon McVittie) + +• fix an unused function error with --disable-embedded-tests (fd.o #87837, + Thiago Macieira) + +D-Bus 1.9.6 (2015-01-05) +== + +The “I do have a bread knife” release. + +Security hardening: + +• Do not allow calls to UpdateActivationEnvironment from uids other than + the uid of the dbus-daemon. If a system service installs unsafe + security policy rules that allow arbitrary method calls + (such as CVE-2014-8148) then this prevents memory consumption and + possible privilege escalation via UpdateActivationEnvironment. + + We believe that in practice, privilege escalation here is avoided + by dbus-daemon-launch-helper sanitizing its environment; but + it seems better to be safe. + +• Do not allow calls to UpdateActivationEnvironment or the Stats interface + on object paths other than /org/freedesktop/DBus. Some system services + install unsafe security policy rules that allow arbitrary method calls + to any destination, method and interface with a specified object path; + while less bad than allowing arbitrary method calls, these security + policies are still harmful, since dbus-daemon normally offers the + same API on all object paths and other system services might behave + similarly. + +Other fixes: + +• Add missing initialization so GetExtendedTcpTable doesn't crash on + Windows Vista SP0 (fd.o #77008, Илья А. Ткаченко) + +D-Bus 1.9.4 (2014-11-24) +== + +The “extra-sturdy caramel” release. + +Fixes: + +• Partially revert the CVE-2014-3639 patch by increasing the default + authentication timeout on the system bus from 5 seconds back to 30 + seconds, since this has been reported to cause boot regressions for + some users, mostly with parallel boot (systemd) on slower hardware. + + On fast systems where local users are considered particularly hostile, + administrators can return to the 5 second timeout (or any other value + in milliseconds) by saving this as /etc/dbus-1/system-local.conf: + + + 5000 + + + (fd.o #86431, Simon McVittie) + +• Add a message in syslog/the Journal when the auth_timeout is exceeded + (fd.o #86431, Simon McVittie) + +• Send back an AccessDenied error if the addressed recipient is not allowed + to receive a message (and in builds with assertions enabled, don't + assert under the same conditions). (fd.o #86194, Jacek Bukarewicz) + +D-Bus 1.9.2 (2014-11-10) +== + +The “structurally unsound flapjack” release. + +Security fixes: + +• Increase dbus-daemon's RLIMIT_NOFILE rlimit to 65536 + so that CVE-2014-3636 part A cannot exhaust the system bus' + file descriptors, completing the incomplete fix in 1.8.8. + (CVE-2014-7824, fd.o #85105; Simon McVittie, Alban Crequy) + +Enhancements: + +• D-Bus Specification version 0.25 + · new value 'const' for EmitsChangedSignal annotation + (fd.o #72958, Lennart Poettering) + · new ALLOW_INTERACTIVE_AUTHORIZATION flag, for PolicyKit and similar + (fd.o #83449; Lennart Poettering, Simon McVittie) + · annotate table of types with reserved/basic/container, and for + basic types, fixed/string-like + · clarify arbitrary limits by quoting them in mebibytes + +• New API: add accessors for the ALLOW_INTERACTIVE_AUTHORIZATION flag + (fd.o #83449, Simon McVittie) + +• Add dbus-test-tool, a D-Bus swiss army knife with multiple subcommands, + useful for debugging and performance testing: + · dbus-test-tool spam: send repeated messages + · dbus-test-tool echo: send an empty reply for all method calls + · dbus-test-tool black-hole: do not reply to method calls + (fd.o #34140; Alban Crequy, Simon McVittie, Will Thompson) + +• Add support for process ID in credentials-passing on NetBSD + (fd.o #69702, Patrick Welche) + +• Add an example script to find potentially undesired match rules + (fd.o #84598, Alban Crequy) + +• Document the central assumption that makes our use of credentials-passing + secure (fd.o #83499, Simon McVittie) + +• Replace the dbus-glib section of the tutorial with a GDBus recommendation, + and add some links to GDBus and QtDBus documentation (fd.o #25140, + Simon McVittie) + +Fixes: + +• Use a less confusing NoReply message when disconnected with a reply pending + (fd.o #76112, Simon McVittie) + +• Make the .pc file relocatable by letting pkg-config do all variable + expansion itself (fd.o #75858, Руслан Ижбулатов) + +• Fix a build failure on platforms with kqueue, which regressed in 1.9.0 + (fd.o #85563, Patrick Welche) + +• Consistently save errno after socket calls (fd.o #83625, Simon McVittie) + +• In dbus-spawn, when the grandchild process exits due to a failed exec(), + do not lose the exec() errno (fd.o #24821, Simon McVittie) + +• Do not fail the tests if a parent process has leaked non-close-on-exec + file descriptors to us (fd.o #73689, fd.o #83899; Simon McVittie) + +• Do not fail the tests on Unix platforms with incomplete + credentials-passing support, but do fail if we can't pass credentials + on a platform where it is known to work: Linux, FreeBSD, OpenBSD, NetBSD + (fd.o #69702, Simon McVittie) + +• Detect accept4, dirfd, inotify_init1, pipe2, and Unix fd passing + when building with cmake, and expand test coverage there + (fd.o #73689; Ralf Habacker, Simon McVittie) + +D-Bus 1.9.0 (2014-10-01) +== + +The “tiered cheeses” release. + +Requirements: + +• Support for the systemd: (LISTEN_FDS) pseudo-transport on Linux now + requires either the libsystemd or libsd-daemon shared library, dropping the + embedded convenience copy of sd-daemon (fd.o #71818, Simon) + +Build-time configuration changes: + +• The Stats interface is now enabled by default, and locked-down to + root-only on the system bus. Configure with --disable-stats + to disable it altogether on memory- or disk-constrained systems, + or see ${docdir}/examples/ to open it up to non-root users on the + system bus or restrict access on the session bus. + (fd.o #80759; Simon McVittie, Alban Crequy) + +• The CMake build system now builds the same shared library name as Autotools + on at least Linux and Windows: + - on Linux (and perhaps other Unix platforms), it previously built + libdbus-1.so, but now builds libdbus-1.so.3.* with development + symlink libdbus-1.so and SONAME/symlink libdbus-1.so.3 + - on Windows, it previously built either libdbus-1.dll (release) or + libdbus-1d.dll (debug), but now builds libdbus-1-3.dll, copied to + libdbus-1.dll for compatibility with older applications. + (fd.o #74117, Ralf Habacker) + +Enhancements: + +• D-Bus Specification version 0.24 + · document how to quote match rules (fd.o #24307, Simon McVittie) + · explicitly say that most message types never expect a reply + regardles of whether they have NO_REPLY_EXPECTED + (fd.o #75749, Simon McVittie) + +• on Unix platforms, disable Nagle's algorithm on TCP connections to improve + initial latency (fd.o #75544, Matt Hoosier) + +• use backtrace() if it is in -lexecinfo instead of libc, as on NetBSD + (fd.o #69702, Patrick Welche) + +• in dbus-monitor, print more information about file descriptors + (fd.o #80603, Alban Crequy) + +• do not install system bus configuration if built for Windows + (fd.o #83583; Ralf Habacker, Simon McVittie) + +• Add GetAllMatchRules to the Stats interface (fd.o #24307, Alban Crequy) + +• Add a regression test for file descriptor passing (fd.o #83622, + Simon McVittie) + +Fixes: + +• fix an incorrect error message if a Unix socket path is too long + (fd.o #73887, Antoine Jacoutot) + +• in an MSYS/Cygwin environment, pass Unix-style filenames to xmlto, + fixing documentation generation (fd.o #75860, Руслан Ижбулатов) + +• in Unix with X11, avoid giving dbus-launch a misleading argv[0] + in ps(1) (fd.o #69716, Chengwei Yang) + +• avoid calling poll() with timeout < -1, which is considered invalid + on FreeBSD and NetBSD (fd.o #78480, Jaap Boender) + +• be portable to BSD-derived platforms where O_CLOEXEC is unavailable in libc + (like Mac OS X 10.6), or available in libc but unsupported by the kernel + (fd.o #77032; rmvsxop, OBATA Akio, Patrick Welche) + +• Fix include path for test/internal/*.c with cmake (Ralf Habacker) + +• Documentation improvements + (fd.o #80795, #84313; Thomas Haller, Sebastian Rasmussen) + +• in dbus-monitor, do not leak file descriptors that we have monitored + (fd.o #80603, Alban Crequy) + +• Set the close-on-exec flag for the inotify file descriptor, even + if built with CMake or older libc (fd.o #73689, Simon McVittie) + +• Remove some LGPL code from the Windows dbus-daemon + (fd.o #57272, Ralf Habacker) + +D-Bus 1.8.8 (2014-09-16) +== + +The "smashy smashy egg man" release. + +Security fixes: + +• Do not accept an extra fd in the padding of a cmsg message, which + could lead to a 4-byte heap buffer overrun. + (CVE-2014-3635, fd.o #83622; Simon McVittie) + +• Reduce default for maximum Unix file descriptors passed per message + from 1024 to 16, preventing a uid with the default maximum number of + connections from exhausting the system bus' file descriptors under + Linux's default rlimit. Distributors or system administrators with a + more restrictive fd limit may wish to reduce these limits further. + + Additionally, on Linux this prevents a second denial of service + in which the dbus-daemon can be made to exceed the maximum number + of fds per sendmsg() and disconnect the process that would have + received them. + (CVE-2014-3636, fd.o #82820; Alban Crequy) + +• Disconnect connections that still have a fd pending unmarshalling after + a new configurable limit, pending_fd_timeout (defaulting to 150 seconds), + removing the possibility of creating an abusive connection that cannot be + disconnected by setting up a circular reference to a connection's + file descriptor. + (CVE-2014-3637, fd.o #80559; Alban Crequy) + +• Reduce default for maximum pending replies per connection from 8192 to 128, + mitigating an algorithmic complexity denial-of-service attack + (CVE-2014-3638, fd.o #81053; Alban Crequy) + +• Reduce default for authentication timeout on the system bus from + 30 seconds to 5 seconds, avoiding denial of service by using up + all unauthenticated connection slots; and when all unauthenticated + connection slots are used up, make new connection attempts block + instead of disconnecting them. + (CVE-2014-3639, fd.o #80919; Alban Crequy) + +Other fixes: + +• Check for libsystemd from systemd >= 209, falling back to + the older separate libraries if not found (Umut Tezduyar Lindskog, + Simon McVittie) + +• On Linux, use prctl() to disable core dumps from a test executable + that deliberately raises SIGSEGV to test dbus-daemon's handling + of that condition (fd.o #83772, Simon McVittie) + +• Fix compilation with --enable-stats (fd.o #81043, Gentoo #507232; + Alban Crequy) + +• Improve documentation for running tests on Windows (fd.o #41252, + Ralf Habacker) + +D-Bus 1.8.6 (2014-06-02) +== + +Security fixes: + +• On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, silently drop + the message. This prevents an attack in which a malicious client can + make dbus-daemon disconnect a system service, which is a local + denial of service. + (fd.o #80163, CVE-2014-3532; Alban Crequy) + +• Track remaining Unix file descriptors correctly when more than one + message in quick succession contains fds. This prevents another attack + in which a malicious client can make dbus-daemon disconnect a system + service. + (fd.o #79694, fd.o #80469, CVE-2014-3533; Alejandro Martínez Suárez, + Simon McVittie, Alban Crequy) + +Other fixes: + +• When dbus-launch --exit-with-session starts a dbus-daemon but then cannot + attach to a session, kill the dbus-daemon as intended + (fd.o #74698, Роман Донченко) + +D-Bus 1.8.4 (2014-06-10) +== + +Security fix: + +• Alban Crequy at Collabora Ltd. discovered and fixed a denial-of-service + flaw in dbus-daemon, part of the reference implementation of D-Bus. + Additionally, in highly unusual environments the same flaw could lead to + a side channel between processes that should not be able to communicate. + (CVE-2014-3477, fd.o #78979) + +D-Bus 1.8.2 (2014-04-30) +== + +The “nobody wants red” release. + +Enhancements: + +• in the CMake build system, add some hints for Linux users cross-compiling + Windows D-Bus binaries to be able to run tests under Wine + (fd.o #41252, Ralf Habacker) + +• add Documentation key to dbus.service (fd.o #77447, Cameron Norman) + +Fixes: + +• in "dbus-uuidgen --ensure", try to copy systemd's /etc/machine-id + to /var/lib/dbus/machine-id instead of generating an entirely new ID + (fd.o #77941, Simon McVittie) + +• if dbus-launch receives an X error very quickly, do not kill + unrelated processes (fd.o #74698, Роман Донченко) + +• on Windows, allow up to 8K connections to the dbus-daemon, instead of the + previous 64 (fd.o #71297; Cristian Onet, Ralf Habacker) + +• cope with \r\n newlines in regression tests, since on Windows, + dbus-daemon.exe uses text mode (fd.o #75863, Руслан Ижбулатов) + +D-Bus 1.8.0 (2014-01-20) +== + +The “Wolverine distrusts my printer” release. + +This starts a new stable branch. The 1.6.x branch is now considered to be +outdated, and will only receive fixes for serious bugs such as security +flaws. The 1.4.x and 1.2.x branches no longer have upstream support and +are unlikely to get any more releases, but if distributors still need to +support them, please share security patches via upstream. + +Summary of changes since 1.6.x: + +• libdbus always behaves as if dbus_threads_init_default() had been called + (thread-safety by default) +• new dbus-run-session tool, replacing certain misuses of dbus-launch +• dbus-monitor can talk to outdated versions of dbus-daemon again +• new org.freedesktop.DBus.GetConnectionCredentials method +• GetConnectionUnixProcessID also works correctly on Windows, returning + the Windows process ID +• GetConnectionWindowsSID returns the correct SID on Windows +• expat is required, libxml2 can no longer be used as a substitute +• the userDB cache is required, and cannot be disabled +• a 64-bit integer type (either int, long, long long or _int64) is required +• better systemd-journald integration on Linux +• fixed long-standing fd and array leaks when failing to parse a message +• fixed referenced-but-never-freed parent nodes (effectively memory leaks) + when using certain object-path allocation patterns, notably in Avahi +• better defaults for Windows support +• better CMake support +• better portability to mingw32, FreeBSD, NetBSD, QNX and Hurd +• the source language for the man pages is now Docbook XML + +Enhancements since 1.7.10: + +• Enhance the CMake build system to check for GLib and compile/run + a subset of the regression tests (fd.o #41252, #73495; Ralf Habacker) + +Fixes since 1.7.10: + +• don't rely on va_copy(), use DBUS_VA_COPY() wrapper (fd.o #72840, + Ralf Habacker) + +• fix compilation of systemd journal support on older systemd versions where + sd-journal.h doesn't include syslog.h (fd.o #73455, Ralf Habacker) + +• fix compilation on older MSVC versions by including stdlib.h + (fd.o #73455, Ralf Habacker) + +• Allow to appear in an included configuration file + (fd.o #73475, Matt Hoosier) + +Test behaviour changes since 1.7.10: + +• If the tests crash with an assertion failure, they no longer default to + blocking for a debugger to be attached. Set DBUS_BLOCK_ON_ABORT in the + environment if you want the old behaviour. + +• To improve debuggability, the dbus-daemon and dbus-daemon-eavesdrop tests + can be run with an external dbus-daemon by setting + DBUS_TEST_DAEMON_ADDRESS in the environment. Test-cases that require + an unusually-configured dbus-daemon are skipped. diff --git a/NEWS.pre-1-12 b/NEWS.pre-1-12 new file mode 100644 index 00000000..0e2f2eba --- /dev/null +++ b/NEWS.pre-1-12 @@ -0,0 +1,986 @@ +D-Bus 1.11.22 (2017-10-23) +========================== + +The “fire surface” release. + +This is the first release-candidate for the 1.12.0 stable release. + +Build-time configuration changes: + +• When building for Windows with Autotools, setting the WINDRES variable + no longer works to select a non-standard resource compiler. Use + libtool's standard RC variable instead, for example + "./configure RC=i686-w64-mingw32-windres" + +Dependencies: + +• Builds done using CMake now require CMake 3.0.2. + +Enhancements: + +• When building for Windows, improve quality of metadata in + libdbus-1-3.dll (fd.o #103015, Ralf Habacker) + +Fixes: + +• Fix a typo "uint 16" in dbus-send(1) man page + (fd.o #103075, David King) + +• When building for Windows, libdbus-1-3.dll always includes version + information. Previously, this was missing if using CMake and any + non-MSVC compiler. (fd.o #103015, Ralf Habacker) + +• Fix the build with MSVC, which regressed with the #102558 fix in + 1.11.20. (fd.o #102558, Ralf Habacker) + +Internal changes: + +• Simplify Windows resource embedding + (fd.o #103015, Simon McVittie) + +D-Bus 1.11.20 (2017-10-03) +== + +The “wraith stun” release. + +Build-time configuration changes: + +• The --enable-abstract-sockets and --disable-abstract-sockets options + no longer exist. Support for Linux's abstract AF_UNIX sockets is now + unconditionally enabled on Linux and disabled everywhere else. + (fd.o #34905, Simon McVittie) + +Enhancements: + +• Make slower tests less likely to time out, and improve diagnostics if + tests do time out (fd.o #103009, Simon McVittie) + +• On Windows, don't compile an unused stub implementation of + _dbus_set_signal_handler() (fd.o #103010, Simon McVittie) + +Fixes: + +• Be more careful to save and restore errno in POSIX async signal + handlers (fd.o #103010, Simon McVittie) + +• On Windows, embed a manifest in dbus-update-activation-environment.exe + so that the heuristics used for UAC do not assume it needs elevated + privileges due to its name containing "update" + (fd.o #102558, Ralf Habacker) + +• On Windows with Automake, embed version information in libdbus-1, + as was meant to happen in all versions since 2009 + (fd.o #103015, Simon McVittie) + +D-Bus 1.11.18 (2017-09-25) +== + +The “vampire conquistador” release. + +Build-time configuration changes: + +• By default, dbus-daemon on Unix no longer checks for flag files + /var/run/console/${username} created by the obsolete pam_console and + pam_foreground PAM modules when deciding whether ${username} is + currently at the console. The old default behaviour can be restored + by specifying --with-console-auth-dir=/var/run/console in the + recommended Autotools build system, or + -DDBUS_CONSOLE_AUTH_DIR=/var/run/console in CMake. This feature is + now deprecated, and will be removed in dbus 1.13 unless feedback via + fd.o #101629 indicates that this would be problematic. + (fd.o #101629, Simon McVittie) + +• LSB-style init scripts for Red Hat and Slackware, and a non-LSB init + script for Cygwin, are no longer provided in the upstream dbus + source. We recommend that distributors who support non-systemd service + management should maintain their own init scripts or other service + manager integration as part of their downstream packaging, similar to + the way Debian distributes a Debian-specific LSB init script for dbus. + + The systemd unit continues to be maintained as part of the upstream + dbus source, because it receives regular testing and maintenance. + + (fd.o #101706, Simon McVittie) + +• The process ID file created by the system bus is no longer influenced + by the --with-init-scripts=redhat configure option or the presence of + /etc/redhat-release at build time. If your OS's init script or other + service management relies on the Red Hat-style pid file, it can be + restored by specifying --with-system-pid-file=/run/messagebus.pid at + configure time or using the directive in bus configuration. + + Note that the upstream-supplied systemd unit runs dbus-daemon with + the --nopidfile option, so it does not normally write a pid file, + regardless of whether the OS is Red-Hat-derived or not. + + (fd.o #101706, Simon McVittie) + +Enhancements: + +• and rules in dbus-daemon configuration can now + include send_broadcast="true" or send_broadcast="false", which make + the rule only match broadcast signals, or only match messages that + are not broadcast signals, respectively. + (fd.o #29853, Simon McVittie) + +• and rules can now be configured to apply only to + messages with or without Unix file descriptors attached. This would + typically be used in rules like these: + + + + but can also be used to set a nonzero upper limit on the number of + file descriptors: + + (fd.o #101848, Simon McVittie) + +• On Unix platforms, the DBUS_COOKIE_SHA1 authentication mechanism + now respects the HOME environment variable on the client side, and + on the server side when the uid attempting to connect is the same + as the uid of the server. This allows the automated tests to pass in + environments where the user's "official" home directory in /etc/passwd + is nonexistent, such as Debian autobuilders. + (fd.o #101960, Simon McVittie) + +Fixes: + +• When parsing dbus-daemon configuration, tell Expat not to use + cryptographic-quality entropy as a salt for its hash tables: we trust + the configuration files, so we are not concerned about algorithmic + complexity attacks via hash table collisions. This prevents + dbus-daemon --system from holding up the boot process (and causing + early-boot system services like systemd, logind, networkd to time + out) on entropy-starved embedded systems. + (fd.o #101858, Simon McVittie) + +• Avoid a -Werror=declaration-after-statement build failure on Solaris + (fd.o #102145, Alan Coopersmith) + +• On Unix platform, drop DBUS_SYSTEM_LOG_INFO messages from LOG_NOTICE + to LOG_INFO, matching how we use this log level in practice + (fd.o #102686, Simon McVittie) + +D-Bus 1.11.16 (2017-07-27) +== + +The “south facing garden” release. + +Build-time configuration changes: + +• The Autotools build system now supports varying ${runstatedir} + independently of ${localstatedir}, if using an Autoconf version + that has that feature; version 2.70 will eventually have this, but + many Linux distributions add it to version 2.69 as a patch. + A typical use is to set prefix=/usr, sysconfdir=/etc, localstatedir=/var + and runstatedir=/run. (fd.o #101569, Simon McVittie) + +Enhancements: + +• New APIs DBUS_MESSAGE_ITER_INIT_CLOSED, dbus_message_iter_init_closed() + and dbus_message_iter_abandon_container_if_open() simplify the + single-exit-point ("goto out") style of resource cleanup. The API + documentation around DBusMessageIter and containers has also been + clarified. (fd.o #101568, Simon McVittie) + +Fixes: + +• Fix the implementation of re-enabling a timeout (again) so that its + countdown is always restarted as intended. (fd.o #95619, + Michal Koutný) + +• Make the dbus-daemon's Properties interface, as introduced in 1.11.14, + available to all users on the system bus (fd.o #101700, Simon McVittie) + +• dbus_message_iter_append_basic() no longer leaks memory if it fails to + append a file descriptor to a message. (fd.o #101568, Simon McVittie) + +• dbus_message_iter_open_container() no longer leaks memory if it runs out + of memory. (fd.o #101568, Simon McVittie) + +• dbus_message_append_args_valist() no longer leaks memory if given an + unsupported type. This situation is still considered to be a programming + error which needs to be corrected by the user of libdbus. + (fd.o #101568, Simon McVittie) + +• dbus_message_iter_append_basic() and dbus_message_iter_open_container() + will no longer report that their arguments were invalid if they run out + of memory at exactly the wrong time. (fd.o #101568, Simon McVittie) + +• Ensure that tests fail if they would otherwise have tried to connect to + the real session bus (fd.o #101698, Simon McVittie) + +• Make build-time tests cope with finding Python 3, but not Python 2 + (fd.o #101716, Simon McVittie) + +Internal changes relevant to dbus developers: + +• DBusVariant is a new mechanism to copy single values from a message into + a buffer without copying the entire message (fd.o #101568, Simon McVittie) + +• DBUS_SYSTEM_LOG_FATAL has been replaced by DBUS_SYSTEM_LOG_ERROR. + Logging an ERROR message does not make the process exit; the caller + is responsible for calling abort() or exit(), whichever is more appropriate. + (fd.o #101568, Simon McVittie) + +• Better test coverage (fd.o #101568, Simon McVittie) + +D-Bus 1.11.14 (2017-06-29) +== + +The “irrational fear of bees” release. + +Dependencies: + +• Expat >= 2.1.0 is always required +• libselinux >= 2.0.86 is required if SELinux support is enabled +• GLib >= 2.40 is required if full test coverage is enabled + +Build-time configuration changes: + +• We now use pkg-config to find libexpat in Autotools builds. This requires + Expat 2.1.0 (March 2012) or later. In particular, this should remove the + need to configure with LDFLAGS=-L/usr/local/lib on OpenBSD, which can + itself cause compilation failures. + + As with all pkg-config-based configure checks, you can use + PKG_CONFIG_PATH=/whatever/lib/pkgconfig to find expat.pc in a + non-standard prefix, or EXPAT_CFLAGS="-I/whatever/include" and + EXPAT_LIBS="-L/whatever/lib -lexpat" to avoid needing a .pc file + at all. + + (fd.o #69801, Simon McVittie) + +• Similarly, we now use pkg-config to find libselinux. Version 2.0.86 + is required due to the removal of explicit refcounting for SIDs. + (fd.o #100912, Laurent Bigonville) + +Behaviour changes: + +• Previously, /etc/machine-id could be copied to /var/lib/dbus/machine-id + as a side-effect of a sufficiently privileged process merely reading the + machine ID. It is no longer copied as a side-effect of reading. + Running dbus-uuidgen --ensure, which should be done after installing dbus, + continues to copy /etc/machine-id to /var/lib/dbus/machine-id if the + former exists and the latter does not. + (fd.o #101257, Simon McVittie) + +• The undocumented Verbose interface, and the GetAllMatchRules method on + the undocumented Stats interface, must now be used via the object path + /org/freedesktop/DBus. Previously, they existed on all object paths. + (fd.o #101257, Simon McVittie) + +• AddMatch() with a match rule containing eavesdrop='true' will now fail + unless called by either the same user as the dbus-daemon, or Unix uid 0 + (root), matching the restrictions applied to the newer BecomeMonitor() + method. On the session bus this has no practical effect. On the system + bus this will prevent certain configurations that already did not + work well in practice. (fd.o #101567, Simon McVittie) + +Enhancements: + +• D-Bus Specification version 0.31 + · Don't require implementation-specific search paths to be lowest + priority + · Correct regex syntax for optionally-escaped bytes in addresses so it + includes hyphen-minus, forward slash and underscore as intended + · Describe all message bus methods in the same section + · Clarify the correct object path for method calls to the message bus + (/org/freedesktop/DBus, DBUS_PATH_DBUS in the reference implementation) + · Document that the message bus implements Introspectable, Peer and + Properties + · Add new Features and Interfaces properties for message bus + feature-discovery + · Add unix:dir=..., which resembles unix:tmpdir=... but never uses + abstract sockets + · Don't require eavesdrop='true' to be accepted from connections not + sufficiently privileged to use it successfully + · Formally deprecate eavesdropping in favour of BecomeMonitor + (fd.o #99825, #100686, #100795, #101256, #101257, #101567; + Simon McVittie, Tom Gundersen) + +• Implement the Properties and Peer interfaces in dbus-daemon + (fd.o #101257, Simon McVittie) + +• New function dbus_try_get_local_machine_id() is like + dbus_get_local_machine_id(), but returning a DBusError. Other code + that needs the machine ID will now report a recoverable error (instead + of logging to stderr and aborting) if no machine ID is available. + Generating a machine ID is still considered to be a required part of + installing dbus correctly. (fd.o #13194, Simon McVittie) + +• Implement GetConnectionSELinuxSecurityContext("org.freedesktop.DBus") + (fd.o #101315, Laurent Bigonville) + +• Avoid deprecated API calls when using SELinux + (fd.o #100912, Laurent Bigonville) + +• Switch a test from the deprecated g_test_trap_fork() to + g_test_trap_subprocess(), for Windows support and better robustness + on Unix (fd.o #101362, Simon McVittie) + +• On systemd systems, if ${localstatedir}/lib/dbus/machine-id doesn't exist, + instruct systemd-tmpfiles to make it a symbolic link to /etc/machine-id. + This prevents the two files from going out of sync on stateless or live + images without needing to run dbus-uuidgen, and supports older D-Bus + implementations that do not necessarily read /etc/machine-id themselves. + (fd.o #101570, Simon McVittie) + +• Implement unix:dir=..., which resembles unix:tmpdir=... but never uses + abstract sockets. This is preferable when used with Linux containers. + (fd.o #101567, Simon McVittie) + +Fixes: + +• Fix a reference leak when blocking on a pending call on a connection + that has been disconnected (fd.o #101481, Shin-ichi MORITA) + +• Don't put timestamps in the Doxygen-generated documentation, + or hard-code the build directory into builds with embedded tests, + for reproducible builds (fd.o #100692, Simon McVittie) + +• Fix some integration test issues (fd.o #100686, Simon McVittie) + +• Fix memory leaks in the tests (fd.o #101257, Simon McVittie) + +• If we somehow get an autolaunch address with multiple semicolon-separated + components, and they don't work, don't invalidly "pile up" errors + (fd.o #101257, Simon McVittie) + +Documentation: + +• Update git URIs in HACKING document to sync up with cgit.freedesktop.org + (fd.o #100715, Simon McVittie) + +D-Bus 1.11.12 (2017-04-07) +== + +The “it's something humans do” release. + +Enhancements: + +• The session dbus-daemon now supports transient .service files + in $XDG_RUNTIME_DIR/dbus-1/services. Unlike the other standard + service directories, this directory is not monitored with inotify + or similar, and the service files must be named exactly + ${bus_name}.service. (fd.o #99825, Simon McVittie) + +• dbus can be configured with --enable-relocation when building with + Autotools, or with -DDBUS_RELOCATABLE=ON when building with cmake, + to make the pkg-config metadata relocatable. This is useful for + non-standard prefixes, and in particular for Windows installations. + However, it is not recommended for system-wide installations into + /usr, because it interferes with pkg-config's ability to filter out + compiler default linker directories. + + With Autotools, the default is --enable-relocation when building + for Windows or --disable-relocation otherwise. With CMake, the default + is -DDBUS_RELOCATABLE=ON. + + (fd.o #99721; Ralf Habacker, Simon McVittie) + +• Users of CMake ≥ 2.6 can now link to libdbus without providing their + own FindDBus.cmake macros, whether dbus was compiled with Autotools + or with CMake. See the end of README.cmake for more information. + (fd.o #99721; Ralf Habacker, Simon McVittie) + +Fixes: + +• Always read service file directories in the intended order + (fd.o #99825, Simon McVittie) + +• When tests are skipped, don't try to kill nonexistent process 0 + (fd.o #99825, Simon McVittie) + +• Avoid valgrind false positives (fd.o #88808, Philip Withnall) + +• Fix a harmless read overflow and some memory leaks in a unit test + (fd.o #100568, Philip Withnall) + +• Fix some typos in test code + (fd.o #99999, Coverity #141876, #141877; Philip Withnall) + +• Clarify the roles of /etc/dbus-1/s*.d and /usr/share/dbus-1/s*.d + in documentation (fd.o #99901, Philip Withnall) + +• Fix and enable compiler warnings related to -Wswitch + (fd.o #98191; Thomas Zimmermann, Simon McVittie) + +• Fix writing off the end of a fd_set when testing with valgrind + (fd.o #99839, Philip Withnall) + +D-Bus 1.11.10 (2017-02-16) +== + +The “purple hair gives you telekinesis?” release. + +Dependencies: + +• AppArmor support requires at least libapparmor 2.8.95, reduced + from 2.10 in previous versions. One test requires 2.10 and is + skipped if building with an older version. + +Enhancements: + +• Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian + stable and Debian testing in addition to the older Ubuntu that is + the default (fd.o #98889, Simon McVittie) + +• Avoid some deprecated CMake functions (fd.o #99586, Ralf Habacker) + +• Silence many -Wswitch-enum and -Wswitch-default warnings + (fd.o #98191; Thomas Zimmermann, Simon McVittie) + +• Install a sysusers.d snippet so `dbus-daemon --system` can be used + with an unpopulated /etc (fd.o #99162, Lennart Poettering) + +• Install pkg-config metadata on Unix even if building with CMake + (fd.o #99752, Ralf Habacker) + +• Exclude auth mechanisms from REJECTED message if they are supported + in the code but but configured to be disallowed (fd.o #99621, + Ralf Habacker) + +Fixes: + +• Prevent symlink attacks in the nonce-tcp transport on Unix that could + allow an attacker to overwrite a file named "nonce", in a directory + that the user running dbus-daemon can write, with a random value + known only to the user running dbus-daemon. This is unlikely to be + exploitable in practice, particularly since the nonce-tcp transport + is really only useful on Windows. + + On Unix systems we strongly recommend using only the unix: and systemd: + transports, together with EXTERNAL authentication. These are the only + transports and authentication mechanisms enabled by default. + + (fd.o #99828, Simon McVittie) + +• Avoid symlink attacks in the "embedded tests", which are not enabled + by default and should never be enabled in production builds of dbus. + (fd.o #99828, Simon McVittie) + +• Fix the implementation of re-enabling a timeout so that its + countdown is restarted as intended, instead of continually + decreasing. (fd.o #95619; Michal Koutný, Simon McVittie) + +• When receiving a message with file descriptors, do not start reading + the beginning of the next message, so that only one such message + is processed at a time. In conjunction with the fix for #95619 + this means that processes sending many file descriptors, such as + systemd-logind on a system that receives very rapid ssh connections, + are not treated as abusive and kicked off the bus. Revert the previous + workaround that special-cased uid 0. + (fd.o #95263, LP#1591411; Simon McVittie) + +• Do not require TMPDIR, TEMP or TMP to be set when cross-compiling + for Windows with CMake (fd.o #99586, Ralf Habacker) + +• Do not set Unix-specific variables when targeting Windows + (fd.o #99586, Ralf Habacker) + +• Install Unix executables to ${CMAKE_INSTALL_PREFIX}/bin as intended, + not ${CMAKE_INSTALL_PREFIX}/lib (fd.o #99752, Ralf Habacker) + +• Use relative install locations in CMake on Unix to respect DESTDIR, + and use GNU-style install layout (fd.o #99721, #99752; Ralf Habacker) + +• Install dbus-arch-deps.h correctly when using CMake + (fd.o #99586, #99721; Ralf Habacker) + +• Improve argument validation for `dbus-test-tool spam` + (ffd.o #99693, Coverity #54759; Philip Withnall) + +• Don't shift by a negative integer if a hash table becomes monstrously + large (fd.o #99641, Coverity #54682; Philip Withnall) + +• Don't leak LSM label if dbus-daemon runs out of memory when dealing with + a new connection (fd.o #99612, Coverity #141058; Philip Withnall) + +• Remove an unnecessary NULL check + (fd.o #99642, Coverity #141062; Philip Withnall) + +• Improve error handling in unit tests and dbus-send + (fd.o #99643, #99694, #99712, #99722, #99723, #99724, #99758, + #99759, #99793, Coverity #54688, #54692, #54693, #54697, #54701, + #54710, #54711, #54714, #54715, #54718, #54721, #54724, #54726, + #54730, #54740, #54822, #54823, #54824, #54825; Philip Withnall) + +• Do not print verbose messages' timestamps to stderr if the actual message + has been redirected to the Windows debug port (fd.o #99749, Ralf Habacker) + +D-Bus 1.11.8 (2016-11-28) +== + +The “panics in the face of breakfast foods” release. + +Build-time configuration: + +• The new --enable-debug configure option provides an easy way to + enable debug symbols, disable optimization and/or enable profiling. + +• The --enable-compile-warnings configure option can be used to control + compiler warnings. + +• The --disable-compiler-optimisations configure option is no longer + supported. Use --enable-debug=yes or CFLAGS=-O0 instead. + +Enhancements: + +• D-Bus Specification version 0.30 + · Define the jargon term "activation" more clearly + · Define the jargon term "auto-starting", which is one form of activation + · Document the optional SystemdService key in service files + · Use versioned interface and bus names in most examples + · Clarify intended behaviour of Properties.GetAll + (fd.o #36190, fd.o #98671; Philip Withnall, Simon McVittie) + +• Fix and enable a lot of compiler warnings to improve future code + quality. This might incidentally also fix some environment variable + accesses on OS X. + · In particular, printf-style functions in the libdbus API are now annotated + with __attribute__((__format__(__printf__, *, *))) when compiling with + gcc or clang. This might make printf bugs in other software visible + at compile time. + (fd.o #97357, fd.o #98192, fd.o #98195, fd.o #98658; + Thomas Zimmermann, Simon McVittie) + +• When running with AppArmor mediation (for example using Ubuntu's patched + Linux kernel), clients can no longer auto-start services unless they would + have been able to send the auto-starting message to the service after it + starts. StartServiceByName() is unaffected, and continues to be allowed by + default in AppArmor's and + . (fd.o #98666, Simon McVittie) + +Fixes: + +• Work around an undesired effect of the fix for CVE-2014-3637 + (fd.o #80559), in which processes that frequently send fds, such as + logind during a flood of new PAM sessions, can get disconnected for + continuously having at least one fd "in flight" for too long; + dbus-daemon interprets that as a potential denial of service attack. + The workaround is to disable that check for uid 0 process such as + logind, with a message in the system log. The bug remains open while + we look for a more general solution. + (fd.o #95263, LP#1591411; Simon McVittie) + +• Don't run the test test-dbus-launch-x11.sh if X11 autolaunching + was disabled at compile time. That test is not expected to work + in that configuration. (fd.o #98665, Simon McVittie) + +D-Bus 1.11.6 (2016-10-10) +== + +The “darkly whimsical” release. + +Security fixes: + +• Do not treat ActivationFailure message received from root-owned systemd + name as a format string. In principle this is a security vulnerability, + but we do not believe it is exploitable in practice, because only + privileged processes can own the org.freedesktop.systemd1 bus name, and + systemd does not appear to send activation failures that contain "%". + + Please note that this probably *was* exploitable in dbus versions + older than 1.6.30, 1.8.16 and 1.9.10 due to a missing check which at + the time was only thought to be a denial of service vulnerability + (CVE-2015-0245). If you are still running one of those versions, + patch or upgrade immediately. + + (fd.o #98157, Simon McVittie) + +Enhancements: + +• D-Bus Specification version 0.29 + · Recommend not using '/' for object paths (fd.o #37095, Philip Withnall) + · Allow in elements (fd.o #86162, Philip Withnall) + +• Log to syslog when we exceed various anti-DoS limits, and add test + coverage for them (fd.o #86442, Simon McVittie) + +• Improve syslog handling so that _dbus_warn() and similar warnings + go to syslog, add dbus-daemon --syslog|--nosyslog|--syslog-only options, + and log to syslog (instead of /dev/null) when dbus-daemon is started by + dbus-launch. (fd.o #97009, Simon McVittie) + +• Install introspect.dtd and busconfig.dtd to ${datadir}/xml/dbus-1 + (fd.o #89011, Philip Withnall) + +• When logging messages about service activation, mention which peer + requested the activation (fd.o #68212, Philip Withnall) + +• On Linux, mention the LSM label (if available) whenever we print + debug information about a peer (fd.o #68212, Philip Withnall) + +Other fixes: + +• Harden dbus-daemon against malicious or incorrect ActivationFailure + messages by rejecting them if they do not come from a privileged + process, or if systemd activation is not enabled + (fd.o #98157, Simon McVittie) + +• Avoid undefined behaviour when setting reply serial number without going + via union DBusBasicValue (fd.o #98035, Marc Mutz) + +• Fix CMake build for Unix platforms that do not have -lrt, such as Android, + or that do need -lsocket, such as QNX (fd.o #94096, Ralf Habacker) + +• autogen.sh: fail cleanly if autoconf fails (Simon McVittie) + +D-Bus 1.11.4 (2016-08-15) +== + +The “copper pickaxe” release. + +Dependencies: + +• Building from git (but not from tarballs) now requires + macros from the GNU Autoconf Archive, for example the autoconf-archive + package in Debian or Fedora derivatives. + +Build-time configuration: + +• The option to enable coverage instrumentation has changed from + --enable-compiler-coverage to --enable-code-coverage. + +Enhancements: + +• D-Bus Specification version 0.28 + · Clarify some details of serialization (fd.o #93382, Philip Withnall) + +• Increase listen() backlog of AF_UNIX sockets to the maximum possible, + minimizing failed connections under heavy load + (fd.o #95264, Lennart Poettering) + +• Add a new dbus-launch --exit-with-x11 option (fd.o #39197, Simon McVittie) + +• Use the same regression tests for subprocess starting on Unix and Windows + (fd.o #95191, Ralf Habacker) + +• Print timestamps and thread IDs in verbose messages + (fd.o #95191, Ralf Habacker) + +• On Unix, unify the various places that reopen stdin, stdout and/or stderr + pointing to /dev/null (fd.o #97008, Simon McVittie) + +• Use AX_CODE_COVERAGE instead of our own COMPILER_COVERAGE + (fd.o #88922, Thomas Zimmermann) + +Fixes: + +• On Windows, fix a memory leak in replacing the installation prefix + (fd.o #95191, Ralf Habacker) + +• On Linux, when dbus-daemon is run with reduced susceptibility to the + OOM killer (typically via systemd), do not let child processes inherit + that setting (fd.o #32851; Kimmo Hämäläinen, WaLyong Cho) + +• On Unix, make dbus-launch and dbus-daemon --fork work as intended + even if a parent process incorrectly starts them with stdin, stdout + and/or stderr closed (fd.o #97008, Simon McVittie) + +• Output valid shell syntax in ~/.dbus/session-bus/ if the bus address + contains a semicolon (fd.o #94746, Thiago Macieira) + +• Fix memory leaks and thread safety in subprocess starting on Windows + (fd.o #95191, Ralf Habacker) + +• Stop test-dbus-daemon incorrectly failing on platforms that cannot + discover the process ID of clients (fd.o #96653, Руслан Ижбулатов) + +• In tests that exercise correct handling of crashing D-Bus services, + suppress Windows crash handler (fd.o #95155; Yiyang Fei, Ralf Habacker) + +• Explicitly check for stdint.h (Ioan-Adrian Ratiu) + +• In tests, add an invalid DBusAuthState to avoid undefined behaviour + in some test cases (fd.o #93909, Nick Lewycky) + +• Add assertions to reassure a static analysis tool + (fd.o #93210, Deepika Aggarwal) + +• Be explicit about enum comparison when loading XML + (fd.o #93205, Deepika Aggarwal) + +• update-activation-environment: produce better diagnostics on error + (fd.o #96653, Simon McVittie) + +• Avoid various compiler warnings with gcc 6 + (fd.o #97282; Thomas Zimmermann, Simon McVittie) + +• On Unix when configured to use the system log, report as "dbus-daemon", + not as "dbus" (fd.o #97009, Simon McVittie) + +• During unit tests, reduce the amount we write to the system log + (fd.o #97009, Simon McVittie) + +D-Bus 1.11.2 (2016-03-07) +== + +The “pneumatic drill vs. Iron Maiden” release. + +Fixes: + +• Enable "large file support" on systems where it exists: dbus-daemon + is not expected to open large files, but it might need to stat files + that happen to have large inode numbers (fd.o #93545, Hongxu Jia) + +• Eliminate padding inside DBusMessageIter on 64-bit platforms, + which might result in a pedantic C compiler not copying the entire contents + of a DBusMessageIter; statically assert that this is not an ABI change + in practice (fd.o #94136, Simon McVittie) + +• Document dbus-test-tool echo --sleep-ms=N instead of incorrect --sleep=N + (fd.o #94244, Dmitri Iouchtchenko) + +• Correctly report test failures in C tests from run-test.sh + (fd.o #93379; amit tewari, Simon McVittie) + +• When tests are enabled, run all the marshal-validate tests, not just + the even-numbered ones (fd.o #93908, Nick Lewycky) + +• Correct the expected error from one marshal-validate test, which was + previously not run due to the above bug (fd.o #93908, Simon McVittie) + +• Fix compilation under CMake when embedded tests are disabled + (fd.o #94094, eric.hyer) + +Internal changes: + +• Fix all -Wpointer-sign (signed/unsigned mismatch) warnings, and enable the + warning (fd.o #93069; Ralf Habacker, Simon McVittie) + +• When building with CMake, use the same gcc/clang warnings as under Autotools, + or MSVC warnings that are broadly similar (fd.o #93069, Ralf Habacker) + +• test/name-test: make C tests produce TAP output and run them directly, not + via run-test.sh (fd.o #92899, Simon McVittie) + +• Under CMake when cross-compiling for Windows on Unix, run the tests + under Wine even if binfmt_misc support is not available + (fd.o #88966, Ralf Habacker) + +• The DBUS_USE_TEST_BINARY environment variable is no longer used by builds with + embedded tests; DBUS_TEST_DBUS_LAUNCH replaces it (fd.o #92899, Simon McVittie) + +• Factor out some functions that will be needed in future for a Windows + implementation of dbus-run-session (fd.o #92899, Ralf Habacker) + +D-Bus 1.11.0 (2015-12-02) +== + +The “peppermint deer” release. + +Dependencies: + +• On non-Windows platforms, dbus now requires an that defines + C99 constants such as PRId64 and PRIu64. + +Enhancements: + +• D-Bus Specification version 0.27 + · Specify that services should not reply if NO_REPLY_EXPECTED was used + (fd.o #75749, Lars Uebernickel) + +• Add a script to do continuous-integration builds, and metadata to run it + on travis-ci.org. To use this, clone the dbus git repository on GitHub + and set it up with travis-ci.org; the only special setting needed is + "only build branches with a .travis.yml". (fd.o #93194, Simon McVittie) + +• If dbus-daemon is run with --systemd-activation, do not require + org.freedesktop.systemd1.service to exist (fd.o #93194, Simon McVittie) + +Fixes: + +• Re-order dbus-daemon startup so that on SELinux systems, the thread + that reads AVC notifications retains the ability to write to the + audit log (fd.o #92832, Laurent Bigonville) + +• Print 64-bit integers on non-GNU Unix platforms (fd.o #92043, Natanael Copa) + +• When using the Monitoring interface, match messages' destinations + (fd.o #92074, Simon McVittie) + +• On Linux with systemd, stop installing a reference to the obsolete + dbus.target, and enable dbus.socket statically (fd.o #78412, #92402; + Simon McVittie) + +• On Windows, when including configuration files with or + , apply the same relocation as for the Exec paths + in .service files (fd.o #92028, Simon McVittie) + +• Add support for backtraces on Windows (fd.o #92721, Ralf Habacker) + +• Fix many -Wpointer-sign warnings (fd.o #93069, Ralf Habacker) + +D-Bus 1.10.6 (2015-12-01) +== + +The “marzipan beetles” release. + +Fixes: + +• On Unix when running tests as root, don't assert that root and + the dbus-daemon user can still call UpdateActivationEnvironment; + assert that those privileged users can call BecomeMonitor instead + (fd.o #93036, Simon McVittie) + +• On Windows, fix a memory leak in the autolaunch transport (fd.o #92899, + Simon McVittie) + +• On Windows Autotools builds, don't run tests that rely on + dbus-run-session and other Unix-specifics (fd.o #92899, Simon McVittie) + +D-Bus 1.10.4 (2015-11-17) +== + +The “Frostburn Canyon” release. + +Enhancements: + +• GetConnectionCredentials, GetConnectionUnixUser and + GetConnectionUnixProcessID with argument "org.freedesktop.DBus" + will now return details of the dbus-daemon itself. This is required + to be able to call SetEnvironment on systemd. + (fd.o #92857, Jan Alexander Steffens) + +Fixes: + +• Make UpdateActivationEnvironment always fail with AccessDenied on the + system bus. Previously, it was possible to configure it so root could + call it, but the environment variables were not actually used, + because the launch helper would discard them. + (fd.o #92857, Jan Alexander Steffens) + +• On Unix with --systemd-activation on a user bus, make + UpdateActivationEnvironment pass on its arguments to systemd's + SetEnvironment method, solving inconsistency between the environments + used for traditional activation and systemd user-service activation. + (fd.o #92857, Jan Alexander Steffens) + +• On Windows, don't crash if or --syslog is used + (fd.o #92538, Ralf Habacker) + +• On Windows, fix a memory leak when setting a DBusError from a Windows + error (fd.o #92721, Ralf Habacker) + +• On Windows, don't go into infinite recursion if we abort the process + with backtraces enabled (fd.o #92721, Ralf Habacker) + +• Fix various failing tests, variously on Windows and cross-platform: + · don't test system.conf features (users, groups) that only make sense + on the system bus, which is not supported on Windows + · don't call _dbus_warn() when we skip a test, since it is fatal + · fix computation of expected + · when running TAP tests, translate newlines to Unix format, fixing + cross-compiled tests under Wine on Linux + · don't stress-test refcounting under Wine, where it's really slow + · stop assuming that a message looped-back to the test will be received + immediately + · skip some system bus tests on Windows since they make no sense there + (fd.o #92538, fd.o #92721; Ralf Habacker, Simon McVittie) + +D-Bus 1.10.2 (2015-10-26) +== + +The “worst pies in London” release. + +Fixes: + +• Correct error handling for activation: if there are multiple attempts + to activate the same service and it fails immediately, the first attempt + would get the correct reply, but the rest would time out. We now send + the same error reply to each attempt. (fd.o #92200, Simon McVittie) + +• If BecomeMonitor is called with a syntactically invalid match rule, + don't crash with an assertion failure, fixing a regression in 1.9.10. + This was not exploitable as a denial of service, because the check + for a privileged user is done first. (fd.o #92298, Simon McVittie) + +• On Linux with --enable-user-session, add the bus address to the + environment of systemd services for better backwards compatibility + (fd.o #92612, Jan Alexander Steffens) + +• On Windows, fix the logic for replacing the installation prefix + in service files' Exec lines (fd.o #83539; Milan Crha, Simon McVittie) + +• On Windows, if installed in the conventional layout with ${prefix}/etc + and ${prefix}/share, use relative paths between bus configuration files + to allow the tree to be relocated (fd.o #92028, Simon McVittie) + +• Make more of the regression tests pass in Windows builds (fd.o #92538, + Simon McVittie) + +D-Bus 1.10.0 (2015-08-25) +== + +The “0x20” release. + +This is a new stable branch, recommended for use in OS distributions. + +Fixes since 1.9.20: + +• distribute test/tap-test.sh.in, even if the tarball was built without + tests enabled (fd.o #91684, Simon McVittie) +• work around a fd leak in libcap-ng < 0.7.7 (fd.o #91684, Simon McVittie) + +Summary of major changes since 1.8.0: + +• The basic setup for the well-known system and session buses is + now done in read-only files in ${datadir} (normally /usr/share). + See the NEWS entry for 1.9.18 for details. + +• AppArmor integration has been merged, with features similar to the + pre-existing SELinux integration. It is mostly compatible with the + patches previously shipped by Ubuntu, with one significant change: + Ubuntu's GetConnectionAppArmorSecurityContext method has been superseded + by GetConnectionCredentials and was not included. + +• The --enable-user-session configure option can be enabled + by OS integrators intending to use systemd to provide a session bus + per user (in effect, treating all concurrent graphical and non-graphical + login sessions as one large session). + +• The new listenable address mode "unix:runtime=yes" listens on + $XDG_RUNTIME_DIR/bus, the same AF_UNIX socket used by the systemd + user session. libdbus and "dbus-launch --autolaunch" will connect to + this address by default. GLib ≥ 2.45.3 and sd-bus ≥ 209 have a + matching default. + +• All executables are now dynamically linked to libdbus-1. + Previously, some executables, most notably dbus-daemon, were statically + linked to a specially-compiled variant of libdbus. This results in + various private functions in the _dbus namespace being exposed by the + shared library. These are not API, and must not be used outside + the dbus source tree. + +• On platforms with ELF symbol versioning, all public symbols + are versioned LIBDBUS_1_3. + +New bus APIs: + +• org.freedesktop.DBus.GetConnectionCredentials returns + LinuxSecurityLabel where supported +• org.freedesktop.DBus.Monitoring interface (privileged) + · BecomeMonitor method supersedes match rules with eavesdrop=true, + which are now deprecated +• org.freedesktop.DBus.Stats interface (semi-privileged) + · now enabled by default + · new GetAllMatchRules method +• org.freedesktop.DBus.Verbose interface (not normally compiled) + · toggles the effect of DBUS_VERBOSE + +New executables: + +• dbus-test-tool +• dbus-update-activation-environment + +New optional dependencies: + +• The systemd: pseudo-transport requires libsystemd or libsd-daemon +• Complete documentation requires Ducktype and yelp-tools +• Full test coverage requires GLib 2.36 and PyGI +• AppArmor integration requires libapparmor and optionally libaudit + +Dependencies removed: + +• dbus-glib diff --git a/NEWS.pre-1-4 b/NEWS.pre-1-4 new file mode 100644 index 00000000..883fe0bf --- /dev/null +++ b/NEWS.pre-1-4 @@ -0,0 +1,15 @@ +D-Bus 1.3.1 (23 June 2010) +== + - New standardized PropertiesChanged signal in the properties interface + - Various portability fixes, in particular to Windows platforms + - Support forking bus services, for compatibility + +D-Bus 1.3.0 (29 July 2009) +== + - ability for dbus-send to send to any bus (--address) + - file descriptor passing on Unix socket transports + - use of GCC atomic intrinsics for better processor support + (requires -march=i486 or above for x86 compilation) + - thread-safe FD_CLOEXEC setting on recent Linux kernels (2.6.24-27 and up) + and glibc (2.9 for pipe2 and 2.10 for accept4) + - feature negotiation in the bus daemon diff --git a/NEWS.pre-1-6 b/NEWS.pre-1-6 new file mode 100644 index 00000000..53f005f1 --- /dev/null +++ b/NEWS.pre-1-6 @@ -0,0 +1,458 @@ +D-Bus 1.5.12 (2012-03-27) +== + +The “Big Book of Science” release. + +• Add public API to validate various string types: + dbus_validate_path(), dbus_validate_interface(), dbus_validate_member(), + dbus_validate_error_name(), dbus_validate_bus_name(), dbus_validate_utf8() + (fd.o #39549, Simon McVittie) + +• Turn DBusBasicValue into public API so bindings don't need to invent their + own "union of everything" type (fd.o #11191, Simon McVittie) + +• Enumerate data files included in the build rather than using find(1) + (fd.o #33840, Simon McVittie) + +• Add support for policy rules like + in dbus-daemon (fd.o #46273, Alban Crequy) + +• Windows-specific: + · make dbus-daemon.exe --print-address (and --print-pid) work again + on Win32, but not on WinCE (fd.o #46049, Simon McVittie) + · fix duplicate case value when compiling against mingw-w64 + (fd.o #47321, Andoni Morales Alastruey) + +D-Bus 1.5.10 (2012-02-21) +== + +The "fire in Delerium" release. + +On Unix platforms, PTHREAD_MUTEX_RECURSIVE (as specified in POSIX 2008 Base +and SUSv2) is now required. + +• D-Bus Specification 0.19: + · Formally define unique connection names and well-known bus names, + and document best practices for interface, bus, member and error names, + and object paths (fd.o #37095, Simon McVittie) + · Document the search path for session and system services on Unix, and + where they should be installed by build systems (fd.o #21620, fd.o #35306; + Simon McVittie) + · Document the systemd transport (fd.o #35232, Lennart Poettering) + +• Make dbus_threads_init() use the same built-in threading implementation + as dbus_threads_init_default(); the user-specified primitives that it + takes as a parameter are now ignored (fd.o #43744, Simon McVittie) + +• Allow all configured auth mechanisms, not just one (fd.o #45106, + Pavel Strashkin) + +• Improve cmake build system (Ralf Habacker): + · simplify XML parser dependencies (fd.o #41027) + · generate build timestamp (fd.o #41029) + · only create batch files on Windows + · fix option and cache syntax + · add help-options target + · share dbus-arch-deps.h.in with autotools rather than having our + own version (fd.o #41033) + +• Build tests successfully with older GLib, as found in e.g. Debian 6 + (fd.o #41219, Simon McVittie) + +• Avoid use of deprecated GThread API (fd.o #44413, Martin Pitt) + +• Build documentation correctly if man2html doesn't support filenames on + its command-line (fd.o #43875, Jack Nagel) + +• Improve test coverage. To get even more coverage, run the tests with + DBUS_TEST_SLOW=1 (fd.o #38285, #42811; Simon McVittie) + +• Reduce the size of the shared library by moving functionality only used + by dbus-daemon, tests etc. into their internal library and deleting + unused code (fd.o #34976, #39759; Simon McVittie) + +• Add dbus-daemon --nopidfile option, overriding the configuration, for + setups where the default configuration must include to avoid + breaking traditional init, but the pid file is in fact unnecessary; use + it under systemd to improve startup time a bit (fd.o #45520, + Lennart Poettering) + +• Optionally (if configured --with-valgrind) add instrumentation to debug + libdbus and associated tools more meaningfully under Valgrind + (fd.o #37286, Simon McVittie) + +• Improve the dbus-send(1) man page (fd.o #14005, Simon McVittie) + +• Make dbus-protocol.h compatible with C++11 (fd.o #46147, Marc Mutz) + +• If tests are enabled and DBUS_MALLOC_CANNOT_FAIL is set in the environment, + abort on failure to malloc() (like GLib does), to turn runaway memory leaks + into a debuggable core-dump if a resource limit is applied (fd.o #41048, + Simon McVittie) + +• Don't crash if realloc() returns NULL in a debug build (fd.o #41048, + Simon McVittie) + +• Unix-specific: + · Replace our broken reimplementation of recursive mutexes, which has + been broken since 2006, with an ordinary pthreads recursive mutex + (fd.o #43744; Sigmund Augdal, Simon McVittie) + · Use epoll(7) for a more efficient main loop in Linux; equivalent patches + welcomed for other OSs' equivalents like kqueue, /dev/poll, or Solaris + event ports (fd.o #33337; Simon McVittie, Ralf Habacker) + · When running under systemd, use it instead of ConsoleKit to check + whether to apply at_console policies (fd.o #39609, Lennart Poettering) + · Avoid a highly unlikely fd leak (fd.o #29881, Simon McVittie) + · Don't close invalid fd -1 if getaddrinfo fails (fd.o #37258, eXeC001er) +  · Don't touch ~/.dbus and ~/.dbus-keyrings when running 'make installcheck' + (fd.o #41218, Simon McVittie) + · Stop pretending we respect XDG_DATA_DIRS for system services: the launch + helper doesn't obey environment variables to avoid privilege escalation + attacks, so make the system bus follow the same rules + (fd.o #21620, Simon McVittie) + +• Windows-specific: + · Find the dbus-daemon executable next to the shared library (fd.o #41558; + Jesper Dam, Ralf Habacker) + · Remove the faulty implementation of _dbus_condvar_wake_all (fd.o #44609, + Simon McVittie) + +D-Bus 1.5.8 (2011-09-21) +== + +The "cross-metering" release. + +In addition to dead code removal and refactoring, this release contains all +of the bugfixes from 1.4.16. + +• Clean up dead code, and make more warnings fatal in development builds + (fd.o #39231, fd.o #41012; Simon McVittie) + +• If full test coverage is requested via --enable-tests, strictly require + Python, pygobject and dbus-python, which are required by some tests; if not, + and Python is missing, skip those tests rather than failing + (fd.o #37847, Simon McVittie) + +• When using cmake, provide the same version-info API in the installed headers + as for autotools (DBUS_VERSION, etc.) (fd.o #40905, Ralf Habacker) + +• Add a regression test for fd.o #38005 (fd.o #39836, Simon McVittie) + +• Make "NOCONFIGURE=1 ./autogen.sh" not run configure (Colin Walters) + +• Add _DBUS_STATIC_ASSERT and use it to check invariants (fd.o #39636, + Simon McVittie) + +• Fix duplicates in authors list (Ralf Habacker) + +• Fix broken links from dbus-tutorial.html if $(htmldir) != $(docdir) + (fd.o #39879, Chris Mayo) + +• Fix a small memory leak, and a failure to report errors, when updating + a service file entry for activation (fd.o #39230, Simon McVittie) + +• Unix-specific: + · Clean up (non-abstract) Unix sockets on bus daemon exit (fd.o #38656; + Brian Cameron, Simon McVittie) + · On systems that use libcap-ng but not systemd, drop supplemental groups + when switching to the daemon user (Red Hat #726953, Steve Grubb) + · Make the cmake build work again on GNU platforms (fd.o #29228, + Simon McVittie) + · Fix compilation on non-C99 systems that have inttypes.h but not stdint.h, + like Solaris (fd.o #40313, Dagobert Michelsen) + · Define CMSG_ALIGN, CMSG_LEN, CMSG_SPACE on Solaris < 10 + (fd.o #40235, Simon McVittie) + · Cope with Unixes that don't have LOG_PERROR, like Solaris 10 + (fd.o #39987, Simon McVittie) + · Cope with platforms whose vsnprintf violates both POSIX and C99, like + Tru64, IRIX and HP-UX (fd.o #11668, Simon McVittie) + +• Windows-specific: + · Fix compilation on MSVC, which doesn't understand "inline" with its + C99 meaning (fd.o #40000; Ralf Habacker, Simon McVittie) + · Fix misuse of GPid in test/dbus-daemon.c (fd.o #40003, Simon McVittie) + · Fix cross-compilation to Windows with Automake (fd.o #40003, Simon McVittie) + +D-Bus 1.5.6 (2011-07-29) +== + +The "weird, gravy-like aftertaste" release. + +In addition to new features and refactoring, this release contains all of the +bugfixes from 1.4.14. + +Potentially incompatible (Bustle and similar debugging tools will need +changes to work as intended): + +• Do not allow match rules to "eavesdrop" (receive messages intended for a + different recipient) by mistake: eavesdroppers must now opt-in to this + behaviour by putting "eavesdrop='true'" in the match rule, which will + not have any practical effect on buses where eavesdropping is not allowed + (fd.o #37890, Cosimo Alfarano) + +Other changes: + +• D-Bus Specification version 0.18 (fd.o #37890, fd.o #39450, fd.o #38252; + Cosimo Alfarano, Simon McVittie) + · add the "eavesdrop" keyword to match rules + · define eavesdropping, unicast messages and broadcast messages + · stop claiming that match rules are needed to match unicast messages to you + · promote the type system to be a top-level section + +• Use DBUS_ERROR_OBJECT_PATH_IN_USE if dbus_connection_try_register_object_path + or dbus_connection_try_register_fallback fails, not ...ADDRESS_IN_USE, + and simplify object-path registration (fd.o #38874, Jiří Klimeš) + +• Consistently use atomic operations on everything that is ever manipulated + via atomic ops, as was done for changes to DBusConnection's refcount in + 1.4.12 (fd.o #38005, Simon McVittie) + +• Fix a file descriptor leak when connecting to a TCP socket (fd.o #37258, + Simon McVittie) + +• Make "make check" in a clean tree work, by not running tests until + test data has been set up (fd.o #34405, Simon McVittie) + +• The dbus-daemon no longer busy-loops if it has a very large number of file + descriptors (fd.o #23194, Simon McVittie) + +• Refactor message flow through dispatching to avoid locking violations if + the bus daemon's message limit is hit; remove the per-connection link cache, + which was meant to improve performance, but now reduces it (fd.o #34393, + Simon McVittie) + +• Some cmake fixes (Ralf Habacker) + +• Remove dead code, mainly from DBusString (fd.o #38570, fd.o #39610; + Simon McVittie, Lennart Poettering) + +• Stop storing two extra byte order indicators in each D-Bus message + (fd.o #38287, Simon McVittie) + +• Add an optional Stats interface which can be used to get statistics from + a running dbus-daemon if enabled at configure time with --enable-stats + (fd.o #34040, Simon McVittie) + +• Fix various typos (fd.o #27227, fd.o #38284; Sascha Silbe, Simon McVittie) + +• Documentation (fd.o #36156, Simon McVittie): + · let xsltproc be overridden as usual: ./configure XSLTPROC=myxsltproc + · install more documentation automatically, including man2html output + · put dbus.devhelp in the right place (it must go in ${htmldir}) + +• Unix-specific: + · look for system services in /lib/dbus-1/system-services in addition to all + the other well-known locations; note that this should always be /lib, + even on platforms where shared libraries on the root FS would go in /lib64, + /lib/x86_64-linux-gnu or similar (fd.o #35229, Lennart Poettering) + · opt-in to fd passing on Solaris (fd.o #33465, Simon McVittie) + +• Windows-specific (Ralf Habacker): + · fix use of a mutex for autolaunch server detection + · don't crash on malloc failure in _dbus_printf_string_upper_bound + +D-Bus 1.5.4 (2011-06-10) +== + +Security (local denial of service): + +• Byte-swap foreign-endian messages correctly, preventing a long-standing + local DoS if foreign-endian messages are relayed through the dbus-daemon + (backporters: this is git commit c3223ba6c401ba81df1305851312a47c485e6cd7) + (CVE-2011-2200, fd.o #38120, Debian #629938; Simon McVittie) + +New things: + +• The constant to use for an infinite timeout now has a name, + DBUS_TIMEOUT_INFINITE. It is numerically equivalent to 0x7fffffff (INT32_MAX) + which can be used for source compatibility with older versions of libdbus. + +• If GLib and DBus-GLib are already installed, more tests will be built, + providing better coverage. The new tests can also be installed via + ./configure --enable-installed-tests + for system integration testing, if required. (fd.o #34570, Simon McVittie) + +Changes: + +• Consistently use atomic operations for the DBusConnection's refcount, + fixing potential threading problems (fd.o #38005, Simon McVittie) + +• Don't use -Wl,--gc-sections by default: in practice the size decrease is + small (300KiB on x86-64) and it frequently doesn't work in unusual + toolchains. To optimize for minimum installed size, you should benchmark + various possibilities for CFLAGS and LDFLAGS, and set the best flags for + your particular toolchain at configure time. (fd.o #33466, Simon McVittie) + +• Use #!/bin/sh for run-with-tmp-session-bus.sh, making it work on *BSD + (fd.o #35880, Timothy Redaelli) + +• Use ln -fs to set up dbus for systemd, which should fix reinstallation + when not using a DESTDIR (fd.o #37870, Simon McVittie) + +• Windows-specific changes: + · don't try to build dbus-daemon-launch-helper (fd.o #37838, Mark Brand) + +D-Bus 1.5.2 (2011-06-01) +== + +The "Boar Hunter" release. + +Notes for distributors: + + This version of D-Bus no longer uses -fPIE by default. Distributions wishing + to harden the dbus-daemon and dbus-launch-helper can re-enable this if their + toolchain supports it reliably, via something like: + + ./configure CFLAGS=-fPIE LDFLAGS="-pie -Wl,-z,relro" + + or by using distribution-specific wrappers such as Debian's hardening-wrapper. + +Changes: + + • D-Bus Specification v0.17 + · Reserve the extra characters used in signatures by GVariant + (fd.o #34529, Simon McVittie) + · Define the ObjectManager interface (fd.o #34869, David Zeuthen) + • Don't force -fPIE: distributions and libtool know better than we do whether + it's desirable (fd.o #16621, fd.o #27215; Simon McVittie) + • Allow --disable-gc-sections, in case your toolchain offers the + -ffunction-sections, -fdata-sections and -Wl,--gc-sections options + but they're broken, as seen on Solaris (fd.o #33466, Simon McVittie) + • Install dbus-daemon and dbus-daemon-launch-helper in a more normal way + (fd.o #14512; Simon McVittie, loosely based on a patch from Luca Barbato) + • Ensure that maintainers upload documentation with the right permissions + (fd.o #36130, Simon McVittie) + • Don't force users of libdbus to be linked against -lpthread, -lrt + (fd.o #32827, Simon McVittie) + • Log system-bus activation information to syslog (fd.o #35705, + Colin Walters) + • Log messages dropped due to quotas to syslog (fd.o #35358, + Simon McVittie) + • Make the nonce-tcp transport work on Unix (fd.o #34569, Simon McVittie) + • On Unix, if /var/lib/dbus/machine-id cannot be read, try /etc/machine-id + (fd.o #35228, Lennart Poettering) + • In the regression tests, don't report fds as "leaked" if they were open + on startup (fd.o #35173, Simon McVittie) + • Make dbus-monitor bail out if asked to monitor more than one bus, + rather than silently using the last one (fd.o #26548, Will Thompson) + • Clarify documentation (fd.o #35182, Simon McVittie) + • Clean up minor dead code and some incorrect error handling + (fd.o #33128, fd.o #29881; Simon McVittie) + • Check that compiler options are supported before using them (fd.o #19681, + Simon McVittie) + • Windows: + • Remove obsolete workaround for winioctl.h (fd.o #35083, Ralf Habacker) + +D-Bus 1.5.0 (2011-04-11) +== + +The "you never know when you need to tow something from your giant +flying shark" release. + + • D-Bus Specification v0.16 + · Add support for path_namespace and arg0namespace in match rules + (fd.o #24317, #34870; Will Thompson, David Zeuthen, Simon McVittie) + · Make argNpath support object paths, not just object-path-like strings, + and document it better (fd.o #31818, Will Thompson) + • Let the bus daemon implement more than one interface (fd.o #33757, + Simon McVittie) + • Optimize _dbus_string_replace_len to reduce waste (fd.o #21261, + Roberto Guido) + • Require user intervention to compile with missing 64-bit support + (fd.o #35114, Simon McVittie) + • Add dbus_type_is_valid as public API (fd.o #20496, Simon McVittie) + • Raise UnknownObject instead of UnknownMethod for calls to methods on + paths that are not part of the object tree, and UnknownInterface for calls + to unknown interfaces in the bus daemon (fd.o #34527, Lennart Poettering) + +D-Bus 1.4.8 (2011-04-08) +== + +The "It's like the beginning of a lobster" release. + + • Rename configure.in to configure.ac, and update it to modern conventions + (fd.o #32245; Javier Jardón, Simon McVittie) + • Correctly give XDG_DATA_HOME priority over XDG_DATA_DIRS (fd.o #34496, + Anders Kaseorg) + • Prevent X11 autolaunching if $DISPLAY is unset or empty, and add + --disable-x11-autolaunch configure option to prevent it altogether + in embedded environments (fd.o #19997, NB#219964; Simon McVittie) + • Install the documentation, and an index for Devhelp (fd.o #13495, + Debian #454142; Simon McVittie, Matthias Clasen) + • If checks are not disabled, check validity of string-like types and + booleans when sending them (fd.o #16338, NB#223152; Simon McVittie) + • Add UnknownObject, UnknownInterface, UnknownProperty and PropertyReadOnly + errors to dbus-shared.h (fd.o #34527, Lennart Poettering) + • Break up a huge conditional in config-parser so gcov can produce coverage + data (fd.o #10887, Simon McVittie) + • List which parts of the Desktop Entry specification are applicable to + .service files (fd.o #19159, Sven Herzberg) + • Don't suppress service activation if two services have the same Exec= + (fd.o #35750, Colin Walters) + • Windows: + · Avoid the name ELEMENT_TYPE due to namespace-pollution from winioctl.h + (Andre Heinecke) + · Include _dbus_path_is_absolute in libdbus on Windows, fixing compilation + (fd.o #32805, Mark Brand) + +D-Bus 1.4.6 (2010-02-17) +== + +The "1, 2, miss a few, 99, 100" release. + + • Remove unfinished changes intended to support GTest-based tests, + which were mistakenly included in 1.4.4 + +D-Bus 1.4.4 (2010-02-17) +== + + • Switch back to using even micro versions for stable releases; 1.4.1 + should have been called 1.4.2, so skip that version number + • Don't leave bad file descriptors being watched when spawning processes, + which could result in a busy-loop (fd.o #32992, NB#200248; possibly + also LP#656134, LP#680444, LP#713157) + • Check for MSG_NOSIGNAL correctly + • Fix failure to detect abstract socket support (fd.o #29895) + • Make _dbus_system_logv actually exit with DBUS_SYSTEM_LOG_FATAL + (fd.o #32262, NB#180486) + • Improve some error code paths (fd.o #29981, fd.o #32264, fd.o #32262, + fd.o #33128, fd.o #33277, fd.o #33126, NB#180486) + • Avoid possible symlink attacks in /tmp during compilation (fd.o #32854) + • Tidy up dead code (fd.o #25306, fd.o #33128, fd.o #34292, NB#180486) + • Improve gcc malloc annotations (fd.o #32710) + • If the system bus is launched via systemd, protect it from the OOM killer + • Documentation improvements (fd.o #11190) + • Avoid readdir_r, which is difficult to use correctly (fd.o #8284, + fd.o #15922, LP#241619) + • Cope with invalid files in session.d, system.d (fd.o #19186, + Debian #230231) + • Don't distribute generated files that embed our builddir (fd.o #30285, + fd.o #34292) + • Raise the system bus's fd limit to be sufficient for its configuration + (fd.o #33474, LP#381063) + • Fix syslog string processing + • Ignore -Waddress + • Remove broken gcov parsing code and --enable-gcov, and replace them + with lcov HTML reports and --enable-compiler-coverage (fd.o #10887) + • Windows: + · avoid live-lock in Windows CE due to unfair condition variables + • OpenBSD: + · support credentials-passing (fd.o #32542) + • Solaris: + · opt-in to thread safety (fd.o #33464) + +D-Bus 1.4.1 (20 December 2010) +== + + • Fix for CVE-2010-4352: sending messages with excessively-nested variants can + crash the bus. The existing restriction to 64-levels of nesting previously + only applied to the static type signature; now it also applies to dynamic + nesting using variants. Thanks to Rémi Denis-Courmont for discoving this + issue. + • OS X portability fixes, including launchd support. + • Windows autolaunch improvements. + • Various bug fixes. + +D-Bus 1.4.0 (6 Sep 2010) +== + - systemd hookup diff --git a/NEWS.pre-1-8 b/NEWS.pre-1-8 new file mode 100644 index 00000000..26c797ab --- /dev/null +++ b/NEWS.pre-1-8 @@ -0,0 +1,579 @@ +D-Bus 1.7.10 (2014-01-06) +== + +The “weighted companion cube” release. + +This is a release candidate for D-Bus 1.8. + +D-Bus Specification 0.23: + +• don't require messages with no INTERFACE to be dispatched + (fd.o #68597, Simon McVittie) + +• document "tcp:bind=..." and "nonce-tcp:bind=..." (fd.o #72301, + Chengwei Yang) + +• define "listenable" and "connectable" addresses, and discuss + the difference (fd.o #61303, Simon McVittie) + +Enhancements: + +• support printing Unix file descriptors in dbus-send, dbus-monitor + (fd.o #70592, Robert Ancell) + +• don't install systemd units if --disable-systemd is given + (fd.o #71818, Chengwei Yang) + +Fixes: + +• don't leak memory on out-of-memory while listing activatable or + active services (fd.o #71526, Radoslaw Pajak) + +• fix undefined behaviour in a regression test (fd.o #69924, DreamNik) + +• escape Unix socket addresses correctly (fd.o #46013, Chengwei Yang) + +• on SELinux systems, don't assume that SECCLASS_DBUS, DBUS__ACQUIRE_SVC + and DBUS__SEND_MSG are numerically equal to their values in the + reference policy (fd.o #88719, osmond sun) + +• define PROCESS_QUERY_LIMITED_INFORMATION if missing from MinGW < 4 headers + (fd.o #71366, Matt Fischer) + +• define WIN32_LEAN_AND_MEAN to avoid conflicts between winsock.h and + winsock2.h (fd.o #71405, Matt Fischer) + +• do not return failure from _dbus_read_nonce() with no error set, + preventing a potential crash (fd.o #72298, Chengwei Yang) + +• on BSD systems, avoid some O(1)-per-process memory and fd leaks in kqueue, + preventing test failures (fd.o #69332, fd.o #72213; Chengwei Yang) + +• fix warning spam on Hurd by not trying to set SO_REUSEADDR on Unix sockets, + which doesn't do anything anyway on at least Linux and FreeBSD + (fd.o #69492, Simon McVittie) + +• fix use of TCP sockets on FreeBSD and Hurd by tolerating EINVAL from + sendmsg() with SCM_CREDS (retrying with plain send()), and looking + for credentials more correctly (fd.o #69492, Simon McVittie) + +• ensure that tests run with a temporary XDG_RUNTIME_DIR to avoid + getting mixed up in XDG/systemd "user sessions" (fd.o #61301, + Simon McVittie) + +• refresh cached policy rules for existing connections when bus + configuration changes (fd.o #39463, Chengwei Yang) + +D-Bus 1.7.8 (2013-11-01) +== + +The “extreme hills” release. + +Dependencies: + +• If systemd support is enabled, libsystemd-journal is now required. + +Enhancements: + +• When activating a non-systemd service under systemd, annotate its + stdout/stderr with its bus name in the Journal. Known limitation: + because the socket is opened before forking, the process will still be + logged as if it had dbus-daemon's process ID and user ID. + (fd.o #68559, Chengwei Yang) + +• Document more configuration elements in dbus-daemon(1) + (fd.o #69125, Chengwei Yang) + +Fixes: + +• Don't leak string arrays or fds if dbus_message_iter_get_args_valist() + unpacks them and then encounters an error (fd.o #21259, Chengwei Yang) + +• If compiled with libaudit, retain CAP_AUDIT_WRITE so we can write + disallowed method calls to the audit log, fixing a regression in 1.7.6 + (fd.o #49062, Colin Walters) + +• path_namespace='/' in match rules incorrectly matched nothing; it + now matches everything. (fd.o #70799, Simon McVittie) + +D-Bus 1.7.6 (2013-10-09) +== + +The “CSI Shrewsbury” release. + +Build-time configuration changes: + +• Directory change notification via dnotify on Linux is no longer + supported; it hadn't compiled successfully since 2010 in any case. + If you don't have inotify (Linux) or kqueue (*BSD), you will need + to send SIGHUP to the dbus-daemon when its configuration changes. + (fd.o #33001, Chengwei Yang) + +• Compiling with --disable-userdb-cache is no longer supported; + it didn't work since at least 2008, and would lead to an extremely + slow dbus-daemon even it worked. (fd.o #15589, #17133, #66947; + Chengwei Yang) + +• The DBUS_DISABLE_ASSERTS CMake option didn't actually disable most + assertions. It has been renamed to DBUS_DISABLE_ASSERT to be consistent + with the Autotools build system. (fd.o #66142, Chengwei Yang) + +• --with-valgrind=auto enables Valgrind instrumentation if and only if + valgrind headers are available. The default is still --with-valgrind=no. + (fd.o #56925, Simon McVittie) + +Dependencies: + +• Platforms with no 64-bit integer type are no longer supported. + (fd.o #65429, Simon McVittie) + +• GNU make is now (documented to be) required. (fd.o #48277, Simon McVittie) + +• Full test coverage no longer requires dbus-glib, although the tests do not + exercise the shared library (only a static copy) if dbus-glib is missing. + (fd.o #68852, Simon McVittie) + +Enhancements: + +• D-Bus Specification 0.22 + · Document GetAdtAuditSessionData() and + GetConnectionSELinuxSecurityContext() (fd.o #54445, Simon) + · Fix example .service file (fd.o #66481, Chengwei Yang) + · Don't claim D-Bus is "low-latency" (lower than what?), just + give factual statements about it supporting async use + (fd.o #65141, Justin Lee) + · Document the contents of .service files, and the fact that + system services' filenames are constrained + (fd.o #66608; Simon McVittie, Chengwei Yang) + +• Be thread-safe by default on all platforms, even if + dbus_threads_init_default() has not been called. For compatibility with + older libdbus, library users should continue to call + dbus_threads_init_default(): it is harmless to do so. + (fd.o #54972, Simon McVittie) + +• Add GetConnectionCredentials() method (fd.o #54445, Simon) + +• New API: dbus_setenv(), a simple wrapper around setenv(). + Note that this is not thread-safe. (fd.o #39196, Simon) + +• Add dbus-send --peer=ADDRESS (connect to a given peer-to-peer connection, + like --address=ADDRESS in previous versions) and dbus-send --bus=ADDRESS + (connect to a given bus, like dbus-monitor --address=ADDRESS). + dbus-send --address still exists for backwards compatibility, + but is no longer documented. (fd.o #48816, Andrey Mazo) + +• Windows-specific: + · "dbus-daemon --nofork" is allowed on Windows again. (fd.o #68852, + Simon McVittie) + +Fixes: + +• Avoid an infinite busy-loop if a signal interrupts waitpid() + (fd.o #68945, Simon McVittie) + +• Clean up memory for parent nodes when objects are unexported + (fd.o #60176, Thomas Fitzsimmons) + +• Make dbus_connection_set_route_peer_messages(x, FALSE) behave as + documented. Previously, it assumed its second parameter was TRUE. + (fd.o #69165, Chengwei Yang) + +• Escape addresses containing non-ASCII characters correctly + (fd.o #53499, Chengwei Yang) + +• Document search order correctly (fd.o #66994, Chengwei Yang) + +• Don't crash on "dbus-send --session / x.y.z" which regressed in 1.7.4. + (fd.o #65923, Chengwei Yang) + +• If malloc() returns NULL in _dbus_string_init() or similar, don't free + an invalid pointer if the string is later freed (fd.o #65959, Chengwei Yang) + +• If malloc() returns NULL in dbus_set_error(), don't va_end() a va_list + that was never va_start()ed (fd.o #66300, Chengwei Yang) + +• fix build failure with --enable-stats (fd.o #66004, Chengwei Yang) + +• fix a regression test on platforms with strict alignment (fd.o #67279, + Colin Walters) + +• Avoid calling function parameters "interface" since certain Windows headers + have a namespace-polluting macro of that name (fd.o #66493, Ivan Romanov) + +• Assorted Doxygen fixes (fd.o #65755, Chengwei Yang) + +• Various thread-safety improvements to static variables (fd.o #68610, + Simon McVittie) + +• Make "make -j check" work (fd.o #68852, Simon McVittie) + +• Fix a NULL pointer dereference on an unlikely error path + (fd.o #69327, Sviatoslav Chagaev) + +• Improve valgrind memory pool tracking (fd.o #69326, + Sviatoslav Chagaev) + +• Don't over-allocate memory in dbus-monitor (fd.o #69329, + Sviatoslav Chagaev) + +• dbus-monitor can monitor dbus-daemon < 1.5.6 again + (fd.o #66107, Chengwei Yang) + +• Unix-specific: + · If accept4() fails with EINVAL, as it can on older Linux kernels + with newer glibc, try accept() instead of going into a busy-loop. + (fd.o #69026, Chengwei Yang) + · If socket() or socketpair() fails with EINVAL or EPROTOTYPE, + for instance on Hurd or older Linux with a new glibc, try without + SOCK_CLOEXEC. (fd.o #69073; Pino Toscano, Chengwei Yang) + · Fix a file descriptor leak on an error code path. + (fd.o #69182, Sviatoslav Chagaev) + · dbus-run-session: clear some unwanted environment variables + (fd.o #39196, Simon) + · dbus-run-session: compile on FreeBSD (fd.o #66197, Chengwei Yang) + · Don't fail the autolaunch test if there is no DISPLAY (fd.o #40352, Simon) + · Use dbus-launch from the builddir for testing, not the installed copy + (fd.o #37849, Chengwei Yang) + · Fix compilation if writev() is unavailable (fd.o #69409, + Vasiliy Balyasnyy) + · Remove broken support for LOCAL_CREDS credentials passing, and + document where each credential-passing scheme is used (fd.o #60340, + Simon McVittie) + · Make autogen.sh work on *BSD by not assuming GNU coreutils functionality + (fd.o #35881, #69787; Chengwei Yang) + · dbus-monitor: be portable to NetBSD (fd.o #69842, Chengwei Yang) + · dbus-launch: stop using non-portable asprintf (fd.o #37849, Simon) + · Improve error reporting from the setuid activation helper (fd.o #66728, + Chengwei Yang) + +• Windows-specific: + · Remove unavailable command-line options from 'dbus-daemon --help' + (fd.o #42441, Ralf Habacker) + · Add support for looking up local TCPv4 clients' credentials on + Windows XP via the undocumented AllocateAndGetTcpExTableFromStack + function (fd.o #66060, Ralf Habacker) + · Fix insufficient dependency-tracking (fd.o #68505, Simon McVittie) + · Don't include wspiapi.h, fixing a compiler warning (fd.o #68852, + Simon McVittie) + +• Internal changes: + · add DBUS_ENABLE_ASSERT, DBUS_ENABLE_CHECKS for less confusing + conditionals (fd.o #66142, Chengwei Yang) + · improve verbose-mode output (fd.o #63047, Colin Walters) + · consolidate Autotools and CMake build (fd.o #64875, Ralf Habacker) + · fix various unused variables, unusual build configurations + etc. (fd.o #65712, #65990, #66005, #66257, #69165, #69410, #70218; + Chengwei Yang, Vasiliy Balyasnyy) + +D-Bus 1.7.4 (2013-06-13) +== + +The “but is your thread-safety thread-safe?” release. + +Security fixes: + +• CVE-2013-2168: Fix misuse of va_list that could be used as a denial + of service for system services. Vulnerability reported by Alexandru Cornea. + (Simon) + +Dependencies: + +• The Windows version of libdbus now contains a C++ source file, used + to provide global initialization when the library is loaded. + gcc (mingw*) users should ensure that g++ is also installed. + +• The libxml2-based configuration reader (which hasn't worked for 2.5 years, + and was never the recommended option) has been removed. Expat is now a + hard dependency. + +Enhancements: + +• It should now be safe to call dbus_threads_init_default() from any thread, + at any time. Authors of loadable modules and plugins that use libdbus + should consider doing so during initialization. + (fd.o #54972, Simon McVittie) + +• Improve dbus-send documentation and command-line parsing (fd.o #65424, + Chengwei Yang) + +Unix-specific: + · dbus-run-session: experimental new tool to start a temporary D-Bus + session, e.g. for regression tests or a text console, replacing + certain uses of dbus-launch which weren't really correct + (fd.o #39196, Simon) + +Other fixes: + +• In dbus-daemon, don't crash if a .service file starts with key=value + (fd.o #60853, Chengwei Yang) + +• Unix-specific: + · Fix a crash similar to CVE-2013-2168 the first time we try to use syslog + on a platform not defining LOG_PERROR, such as Solaris or QNX. + This regressed in 1.7.0. (Simon) + · Fix an assertion failure if we try to activate systemd services before + systemd connects to the bus (fd.o #50199, Chengwei Yang) + · Avoid compiler warnings for ignoring the return from write() + (Chengwei Yang) + +• Windows-specific: + · Under cmake, install runtime libraries (DLLs) into bin/ instead of lib/ + so that Windows finds them (fd.o #59733, Ralf Habacker) + +D-Bus 1.7.2 (2013-04-25) +== + +The “only partially opaque” release. + +Configuration changes: + +• On non-QNX Unix platforms, the default limit on fds per message in the + session bus configuration has reduced from 4096 to 1024. The default + limit used on the system bus was already 1024. On QNX, both limits are + reduced further, to 128. + +Enhancements: + +• D-Bus Specification 0.21 + · Following Unicode Corrigendum #9, the noncharacters U+nFFFE, U+nFFFF, + U+FDD0..U+FDEF are allowed in UTF-8 strings again. (fd.o #63072, + Simon McVittie) + +Fixes: + +• Diagnose incorrect use of dbus_connection_get_data() with negative slot + (i.e. before allocating the slot) rather than returning junk + (fd.o #63127, Dan Williams) + +• Fix a cmake build regression since 1.7.0 (fd.o #63682; Ralf Habacker, + Simon McVittie) + +• Unix-specific: + · On Linux, link successfully with glibc 2.17 (fd.o #63166, Simon McVittie) +  · Under systemd, log to syslog only, not stderr, avoiding duplication + (fd.o #61399, #39987; Colin Walters, Dagobert Michelsen) + · Under systemd, remove unnecessary dependency on syslog.socket + (fd.o #63531, Cristian Rodríguez) + · Include alloca.h for alloca() if available, fixing compilation on + Solaris 10 (fd.o #63071, Dagobert Michelsen) + · Allow use of systemd-logind without the rest of systemd + (fd.o #62585, Martin Pitt) + · When built with CMake, link to librt and use the right path for + meinproc's XSLT stylesheets (fd.o #61637, Ralf Habacker) + · Reduce the default limit on number of fds per message to 128 under + QNX, working around an arbitrary OS limit (fd.o #61176, Matt Fischer) + +• Windows-specific: + · Do not claim that all bus clients have the dbus-daemon's credentials; + pick up local TCPv4 clients' credentials (process ID and security + identifier, i.e. user) using GetExtendedTcpTable() (fd.o #61787, + Ralf Habacker) + +D-Bus 1.7.0 (2013-02-22) +== + +The "Disingenuous Assertions" release. + +This is a new development release, starting the 1.7.x branch. D-Bus 1.6 +remains the recommended version for long-term-supported distributions +or the upcoming GNOME 3.8 release. + +Build-time configuration changes: + +• The --with-dbus-session-bus-default-address configure option is no longer + supported. Use the new --with-dbus-session-bus-connect-address and + --with-dbus-session-bus-listen-address options instead. On Windows, you + usually want them to have the same argument; on Unix, the defaults are + usually correct. + +• Similarly, the DBUS_SESSION_BUS_DEFAULT_ADDRESS CMake variable is no longer + supported; use the new DBUS_SESSION_BUS_LISTEN_ADDRESS and + DBUS_SESSION_BUS_CONNECT_ADDRESS variables instead. + +• cmake/cross-compile.sh has been removed. Instead, please use a + cross-toolchain file (-DCMAKE_TOOLCHAIN_FILE) as documented at + ; or use Autotools + as documented in "info automake Cross-Compilation", and set + PKG_CONFIG_PATH appropriately. + +Requirements: + +• Man pages now require xmlto (or either xmlto or meinproc, if using CMake). +• man2html is no longer used. + +Enhancements: + +• D-Bus Specification 0.20 + · actually say that /org/freedesktop/DBus is the object that + implements o.fd.DBus (fd.o #51865, Colin Walters) + · various reorganisation for better clarity (fd.o #38252, Simon McVittie) + · stop claiming that all basic types work just like INT32 (strings don't!) + +• The "source code" for the man pages is now Docbook XML, eliminating + the outdated duplicate copies used when building with CMake. + (fd.o #59805; Ralf Habacker, Simon McVittie) + +Fixes: + +• In the activation helper, when compiled for tests, do not reset the system + bus address, fixing the regression tests. (fd.o #52202, Simon) + +• Fix building with Valgrind 3.8, at the cost of causing harmless warnings + with Valgrind 3.6 on some compilers (fd.o #55932, Arun Raghavan) + +• Merge from system-local.conf if necessary (fd.o #51560, + Krzysztof Konopko) + +• Under CMake, prefer xmlto over meinproc (fd.o #59733, Ralf Habacker) + +• Stop duplicating CMake's own logic to find libexpat + (fd.o #59733, Ralf Habacker) + +• Don't assume CMake host and build system are the same (fd.o #59733, + Ralf Habacker) + +• Avoid deprecation warnings for GLib 2.35 (fd.o #59971, Simon McVittie) + +• Unix-specific: + · Check for functions in libpthread correctly, fixing compilation on + (at least) OpenBSD (fd.o #47239, Simon) + · Don't leak temporary fds pointing to /dev/null (fd.o #56927, + Michel HERMIER) + · Update sd-daemon.[ch] from systemd (fd.o #60681) + · Add partial support for QNX (fd.o #60339, fd.o #61176; Matt Fischer) + +• Windows-specific: + · The default session bus listening and connecting address is now + "autolaunch:", which makes D-Bus on Windows interoperate with itself + and GDBus "out of the box". Use the configure options and cmake variables + described above if you require a different autolaunch scope. + (fd.o #38201, Simon McVittie) + · Avoid a CMake warning under Cygwin (fd.o #59401, Ralf Habacker) + +• Create session.d, system.d directories under CMake (fd.o #41319, + Ralf Habacker) + +D-Bus 1.6.8 (2012-09-28) +== + +The "Fix one thing, break another" release. + +• Follow up to CVE-2012-3524: The additional hardening + work to use __secure_getenv() as a followup to bug #52202 + broke certain configurations of gnome-keyring. Given + the difficulty of making this work without extensive + changes to gnome-keyring, use of __secure_getenv() is + deferred. + +D-Bus 1.6.6 (2012-09-28) +== + +The "Clear the environment in your setuid binaries, please" release. + +• CVE-2012-3524: Don't access environment variables (fd.o #52202) + Thanks to work and input from Colin Walters, Simon McVittie, + Geoffrey Thomas, and others. +• Unix-specific: + · Fix compilation on Solaris (fd.o #53286, Jonathan Perkin) + · Work around interdependent headers on OpenBSD by including sys/types.h + before each use of sys/socket.h (fd.o #54418, Brad Smith) + +D-Bus 1.6.4 (2012-07-18) +== + +• Detect that users are "at the console" correctly when configured with + a non-default path such as --enable-console-auth-dir=/run/console + (fd.o #51521, Dave Reisner) + +• Remove an incorrect assertion from DBusTransport (fd.o #51657, + Simon McVittie) + +• Make --enable-developer default to "no" (regression in 1.6.2; + fd.o #51657, Simon McVittie) + +• Windows-specific: + · Launch dbus-daemon correctly if its path contains a space + (fd.o #49450, Wolfgang Baron) + +D-Bus 1.6.2 (2012-06-27) +== + +The "Ice Cabbage" release. + +• Change how we create /var/lib/dbus so it works under Automake >= 1.11.4 + (fd.o #51406, Simon McVittie) + +• Don't return from dbus_pending_call_set_notify with a lock held on OOM + (fd.o #51032, Simon McVittie) + +• Disconnect "developer mode" (assertions, verbose mode etc.) from + Automake maintainer mode. D-Bus developers should now configure with + --enable-developer. Automake maintainer mode is now on by default; + distributions can disable it with --disable-maintainer-mode. + (fd.o #34671, Simon McVittie) + +• Automatically define DBUS_STATIC_BUILD in static-only Autotools builds, + fixing linking when targeting Windows (fd.o #33973; william, Simon McVittie) + +• Unix-specific: + · Check for libpthread under CMake on Unix (fd.o #47237, Simon McVittie) + +D-Bus 1.6.0 (2012-06-05) +== + +The “soul of this machine has improved” release. + +This version starts a new stable branch of D-Bus: only bug fixes will +be accepted into 1.6.x. Other changes will now go to the 1.7.x branch. + +Summary of changes since 1.4.x: + +• New requirements + · PTHREAD_MUTEX_RECURSIVE on Unix + · compiler support for 64-bit integers (int64_t or equivalent) + +• D-Bus Specification v0.19 + +• New dbus-daemon features + · rules allow the service to + own names like com.example.Service.Instance3 + · optional systemd integration when checking at_console policies + · --nopidfile option, mainly for use by systemd + · path_namespace and arg0namespace may appear in match rules + · eavesdropping is disabled unless the match rule contains eavesdrop=true + +• New public API + · functions to validate various string types (dbus_validate_path() etc.) + · dbus_type_is_valid() + · DBusBasicValue, a union of every basic type + +• Bug fixes + · removed an unsafe reimplementation of recursive mutexes + · dbus-daemon no longer busy-loops if it has far too many file descriptors + · dbus-daemon.exe --print-address works on Windows + · all the other bug fixes from 1.4.20 + +• Other major implementation changes + · on Linux, dbus-daemon uses epoll if supported, for better scalability + · dbus_threads_init() ignores its argument and behaves like + dbus_threads_init_default() instead + · removed the per-connection link cache, improving dbus-daemon performance + +• Developer features + · optional Valgrind instrumentation (--with-valgrind) + · optional Stats interface on the dbus-daemon (--enable-stats) + · optionally abort whenever malloc() fails (--enable-embedded-tests + and export DBUS_MALLOC_CANNOT_FAIL=1) + +Changes since 1.5.12: + +• Be more careful about monotonic time vs. real time, fixing DBUS_COOKIE_SHA1 + spec-compliance (fd.o #48580, David Zeuthen) + +• Don't use install(1) within the source/build trees, fixing the build as + non-root when using OpenBSD install(1) (fd.o #48217, Antoine Jacoutot) + +• Add missing commas in some tcp and nonce-tcp addresses, and remove + an unused duplicate copy of the nonce-tcp transport in Windows builds + (fd.o #45896, Simon McVittie)