1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
|
D-Bus 1.4.28 (UNRELEASED)
==
...
D-Bus 1.4.26 (2013-06-13)
==
The “tiny pottery tortoise” release.
• CVE-2013-2168: Fix misuse of va_list that could be used as a denial
of service for system services. Vulnerability reported by Alexandru Cornea.
(Simon)
• In the activation helper, when compiled for tests, do not reset the system
bus address, fixing the regression tests. (fd.o #52202, Simon)
• Don't leak temporary fds pointing to /dev/null (fd.o #56927, Michel HERMIER)
D-Bus 1.4.24 (2012-09-28)
==
• CVE-2012-3524: Don't access environment variables (fd.o #52202)
Thanks to work and input from Colin Walters, Simon McVittie,
Geoffrey Thomas, and others.
• Be more careful about monotonic time vs. real time, fixing DBUS_COOKIE_SHA1
spec-compliance (fd.o #48580, David Zeuthen)
• Don't use install(1) within the source/build trees, fixing the build as
non-root when using OpenBSD install(1) (fd.o #48217, Antoine Jacoutot)
DBus 1.4.22 (never released as a tarball)
==
D-Bus 1.4.20 (2012-03-27)
==
The “Nikolai Tesla and You” release.
Dependencies:
• The version of GLib required for some of the regression tests has
increased to 2.24.
Changes:
• Make dbus-protocol.h compatible with C++11 (fd.o #46147, Marc Mutz)
• Use GLib 2.31.x thread API, with backwards compatibility to 2.24,
fixing compiler warnings and link failure when using 2.32
(fd.o #44413, Debian #665665; Martin Pitt)
• Enumerate data files included in the build rather than using find(1)
(fd.o #33840, Simon McVittie)
• Windows-specific:
· fix duplicate case value when compiling against mingw-w64
(fd.o #47321, Andoni Morales Alastruey)
D-Bus 1.4.18 (2012-02-13)
==
The "snow in Brussels" release
• Allow all configured auth mechanisms, not just one (fd.o #45106,
Pavel Strashkin)
• Improve cmake build system (Ralf Habacker):
· simplify XML parser dependencies (fd.o #41027)
· generate build timestamp (fd.o #41029)
· only create batch files on Windows
· fix option and cache syntax
· add help-options target
· share dbus-arch-deps.h.in with autotools rather than having our
own version (fd.o #41033)
• Build tests successfully with older GLib, as found in e.g. Debian 6
(fd.o #41219, Simon McVittie)
• Build documentation correctly if man2html doesn't support filenames on
its command-line (fd.o #43875, Jack Nagel)
• Unix-specific:
· Avoid a highly unlikely fd leak (fd.o #29881, Simon McVittie)
· Don't close invalid fd -1 if getaddrinfo fails (fd.o #37258, eXeC001er)
· Don't touch ~/.dbus and ~/.dbus-keyrings when running 'make installcheck'
(fd.o #41218, Simon McVittie)
• Windows-specific:
· Find the dbus-daemon executable next to the shared library (fd.o #41558;
Jesper Dam, Ralf Habacker)
D-Bus 1.4.16 (2011-09-21)
==
The "this answerphone fails to answer the phone" release.
• If full test coverage is requested via --enable-tests, strictly require
Python, pygobject and dbus-python, which are required by some tests; if not,
and Python is missing, skip those tests rather than failing
(fd.o #37847, Simon McVittie)
• When using cmake, provide the same version-info API in the installed headers
as for autotools (DBUS_VERSION, etc.) (fd.o #40905, Ralf Habacker)
• Add a regression test for fd.o #38005 (fd.o #39836, Simon McVittie)
• Make "NOCONFIGURE=1 ./autogen.sh" not run configure (Colin Walters)
• Add _DBUS_STATIC_ASSERT and use it to check invariants (fd.o #39636,
Simon McVittie)
• Fix duplicates in authors list (Ralf Habacker)
• Fix broken links from dbus-tutorial.html if $(htmldir) != $(docdir)
(fd.o #39879, Chris Mayo)
• Fix a small memory leak, and a failure to report errors, when updating
a service file entry for activation (fd.o #39230, Simon McVittie)
• Unix-specific:
· Clean up (non-abstract) Unix sockets on bus daemon exit (fd.o #38656;
Brian Cameron, Simon McVittie)
· On systems that use libcap-ng but not systemd, drop supplemental groups
when switching to the daemon user (Red Hat #726953, Steve Grubb)
· Make the cmake build work again on GNU platforms (fd.o #29228,
Simon McVittie)
· Fix compilation on non-C99 systems that have inttypes.h but not stdint.h,
like Solaris (fd.o #40313, Dagobert Michelsen)
· Define CMSG_ALIGN, CMSG_LEN, CMSG_SPACE on Solaris < 10
(fd.o #40235, Simon McVittie)
· Cope with Unixes that don't have LOG_PERROR, like Solaris 10
(fd.o #39987, Simon McVittie)
· Cope with platforms whose vsnprintf violates both POSIX and C99, like
Tru64, IRIX and HP-UX (fd.o #11668, Simon McVittie)
• Windows-specific:
· Fix compilation on MSVC, which doesn't understand "inline" with its
C99 meaning (fd.o #40000; Ralf Habacker, Simon McVittie)
· Fix misuse of GPid in test/dbus-daemon.c (fd.o #40003, Simon McVittie)
D-Bus 1.4.14 (2011-07-29)
==
The "Puny receptacle!" release.
Changes:
• Use DBUS_ERROR_OBJECT_PATH_IN_USE if dbus_connection_try_register_object_path
or dbus_connection_try_register_fallback fails, not ...ADDRESS_IN_USE
(fd.o #38874, Jiří Klimeš)
• Consistently use atomic operations on everything that is ever manipulated
via atomic ops, as was done for changes to DBusConnection's refcount in
1.4.12 (fd.o #38005, Simon McVittie)
• Fix a file descriptor leak when connecting to a TCP socket (fd.o #37258,
Simon McVittie)
• Make "make check" in a clean tree work, by not running tests until
test data has been set up (fd.o #34405, Simon McVittie)
• Fix various typos (fd.o #27227, fd.o #38284; Sascha Silbe, Simon McVittie)
• Documentation (fd.o #36156, Simon McVittie):
· let xsltproc be overridden as usual: ./configure XSLTPROC=myxsltproc
· install more documentation automatically, including man2html output
· put dbus.devhelp in the right place (it must go in ${htmldir})
• Unix-specific:
· look for system services in /lib/dbus-1/system-services in addition to all
the other well-known locations; note that this should always be /lib,
even on platforms where shared libraries on the root FS would go in /lib64,
/lib/x86_64-linux-gnu or similar (fd.o #35229, Lennart Poettering)
· opt-in to fd passing on Solaris (fd.o #33465, Simon McVittie)
• Windows-specific (Ralf Habacker):
· fix use of a mutex for autolaunch server detection
· don't crash on malloc failure in _dbus_printf_string_upper_bound
D-Bus 1.4.12 (2011-06-10)
==
Security (local denial of service):
• Byte-swap foreign-endian messages correctly, preventing a long-standing
local DoS if foreign-endian messages are relayed through the dbus-daemon
(backporters: this is git commit c3223ba6c401ba81df1305851312a47c485e6cd7)
(CVE-2011-2200, fd.o #38120, Debian #629938; Simon McVittie)
New things:
• The constant to use for an infinite timeout now has a name,
DBUS_TIMEOUT_INFINITE. It is numerically equivalent to 0x7fffffff (INT32_MAX)
which can be used for source compatibility with older versions of libdbus.
• If GLib and DBus-GLib are already installed, more tests will be built,
providing better coverage. The new tests can also be installed via
./configure --enable-installed-tests
for system integration testing, if required. (fd.o #34570, Simon McVittie)
Changes:
• Consistently use atomic operations for the DBusConnection's refcount,
fixing potential threading problems (fd.o #38005, Simon McVittie)
• Don't use -Wl,--gc-sections by default: in practice the size decrease is
small (300KiB on x86-64) and it frequently doesn't work in unusual
toolchains. To optimize for minimum installed size, you should benchmark
various possibilities for CFLAGS and LDFLAGS, and set the best flags for
your particular toolchain at configure time. (fd.o #33466, Simon McVittie)
• Use #!/bin/sh for run-with-tmp-session-bus.sh, making it work on *BSD
(fd.o #35880, Timothy Redaelli)
• Use ln -fs to set up dbus for systemd, which should fix reinstallation
when not using a DESTDIR (fd.o #37870, Simon McVittie)
• Windows-specific changes:
· don't try to build dbus-daemon-launch-helper (fd.o #37838, Mark Brand)
D-Bus 1.4.10 (2011-06-01)
==
The "Ape Ale" release.
Notes for distributors:
This version of D-Bus no longer uses -fPIE by default. Distributions wishing
to harden the dbus-daemon and dbus-launch-helper can re-enable this if their
toolchain supports it reliably, via something like:
./configure CFLAGS=-fPIE LDFLAGS="-pie -Wl,-z,relro"
or by using distribution-specific wrappers such as Debian's hardening-wrapper.
Changes:
• Don't force -fPIE: distributions and libtool know better than we do whether
it's desirable (fd.o #16621, fd.o #27215; Simon McVittie)
• Allow --disable-gc-sections, in case your toolchain offers the
-ffunction-sections, -fdata-sections and -Wl,--gc-sections options
but they're broken, as seen on Solaris (fd.o #33466, Simon McVittie)
• Install dbus-daemon and dbus-daemon-launch-helper in a more normal way
(fd.o #14512; Simon McVittie, loosely based on a patch from Luca Barbato)
• Ensure that maintainers upload documentation with the right permissions
(fd.o #36130, Simon McVittie)
• Log system-bus activation information to syslog (fd.o #35705,
Colin Walters)
• Log messages dropped due to quotas to syslog (fd.o #35358,
Simon McVittie)
• Make the nonce-tcp transport work on Unix (fd.o #34569, Simon McVittie)
• On Unix, if /var/lib/dbus/machine-id cannot be read, try /etc/machine-id
(fd.o #35228, Lennart Poettering)
• In the regression tests, don't report fds as "leaked" if they were open
on startup (fd.o #35173, Simon McVittie)
• Make dbus-monitor bail out if asked to monitor more than one bus,
rather than silently using the last one (fd.o #26548, Will Thompson)
• Clarify documentation (fd.o #35182, Simon McVittie)
• Clean up minor dead code and some incorrect error handling
(fd.o #33128, fd.o #29881; Simon McVittie)
• Check that compiler options are supported before using them (fd.o #19681,
Simon McVittie)
• Windows:
• Remove obsolete workaround for winioctl.h (fd.o #35083, Ralf Habacker)
D-Bus 1.4.8 (2011-04-08)
==
The "It's like the beginning of a lobster" release.
• Rename configure.in to configure.ac, and update it to modern conventions
(fd.o #32245; Javier Jardón, Simon McVittie)
• Correctly give XDG_DATA_HOME priority over XDG_DATA_DIRS (fd.o #34496,
Anders Kaseorg)
• Prevent X11 autolaunching if $DISPLAY is unset or empty, and add
--disable-x11-autolaunch configure option to prevent it altogether
in embedded environments (fd.o #19997, NB#219964; Simon McVittie)
• Install the documentation, and an index for Devhelp (fd.o #13495,
Debian #454142; Simon McVittie, Matthias Clasen)
• If checks are not disabled, check validity of string-like types and
booleans when sending them (fd.o #16338, NB#223152; Simon McVittie)
• Add UnknownObject, UnknownInterface, UnknownProperty and PropertyReadOnly
errors to dbus-shared.h (fd.o #34527, Lennart Poettering)
• Break up a huge conditional in config-parser so gcov can produce coverage
data (fd.o #10887, Simon McVittie)
• List which parts of the Desktop Entry specification are applicable to
.service files (fd.o #19159, Sven Herzberg)
• Don't suppress service activation if two services have the same Exec=
(fd.o #35750, Colin Walters)
• Windows:
· Avoid the name ELEMENT_TYPE due to namespace-pollution from winioctl.h
(Andre Heinecke)
· Include _dbus_path_is_absolute in libdbus on Windows, fixing compilation
(fd.o #32805, Mark Brand)
D-Bus 1.4.6 (2010-02-17)
==
The "1, 2, miss a few, 99, 100" release.
• Remove unfinished changes intended to support GTest-based tests,
which were mistakenly included in 1.4.4
D-Bus 1.4.4 (2010-02-17)
==
• Switch back to using even micro versions for stable releases; 1.4.1
should have been called 1.4.2, so skip that version number
• Don't leave bad file descriptors being watched when spawning processes,
which could result in a busy-loop (fd.o #32992, NB#200248; possibly
also LP#656134, LP#680444, LP#713157)
• Check for MSG_NOSIGNAL correctly
• Fix failure to detect abstract socket support (fd.o #29895)
• Make _dbus_system_logv actually exit with DBUS_SYSTEM_LOG_FATAL
(fd.o #32262, NB#180486)
• Improve some error code paths (fd.o #29981, fd.o #32264, fd.o #32262,
fd.o #33128, fd.o #33277, fd.o #33126, NB#180486)
• Avoid possible symlink attacks in /tmp during compilation (fd.o #32854)
• Tidy up dead code (fd.o #25306, fd.o #33128, fd.o #34292, NB#180486)
• Improve gcc malloc annotations (fd.o #32710)
• If the system bus is launched via systemd, protect it from the OOM killer
• Documentation improvements (fd.o #11190)
• Avoid readdir_r, which is difficult to use correctly (fd.o #8284,
fd.o #15922, LP#241619)
• Cope with invalid files in session.d, system.d (fd.o #19186,
Debian #230231)
• Don't distribute generated files that embed our builddir (fd.o #30285,
fd.o #34292)
• Raise the system bus's fd limit to be sufficient for its configuration
(fd.o #33474, LP#381063)
• Fix syslog string processing
• Ignore -Waddress
• Remove broken gcov parsing code and --enable-gcov, and replace them
with lcov HTML reports and --enable-compiler-coverage (fd.o #10887)
• Windows:
· avoid live-lock in Windows CE due to unfair condition variables
• OpenBSD:
· support credentials-passing (fd.o #32542)
• Solaris:
· opt-in to thread safety (fd.o #33464)
D-Bus 1.4.1 (20 December 2010)
==
• Fix for CVE-2010-4352: sending messages with excessively-nested variants can
crash the bus. The existing restriction to 64-levels of nesting previously
only applied to the static type signature; now it also applies to dynamic
nesting using variants. Thanks to Rémi Denis-Courmont for discoving this
issue.
• OS X portability fixes, including launchd support.
• Windows autolaunch improvements.
• Various bug fixes.
D-Bus 1.4.0 (6 Sep 2010)
==
- systemd hookup
D-Bus 1.3.1 (23 June 2010)
==
- New standardized PropertiesChanged signal in the properties interface
- Various portability fixes, in particular to Windows platforms
- Support forking bus services, for compatibility
D-Bus 1.3.0 (29 July 2009)
==
- ability for dbus-send to send to any bus (--address)
- file descriptor passing on Unix socket transports
- use of GCC atomic intrinsics for better processor support
(requires -march=i486 or above for x86 compilation)
- thread-safe FD_CLOEXEC setting on recent Linux kernels (2.6.24-27 and up)
and glibc (2.9 for pipe2 and 2.10 for accept4)
- feature negotiation in the bus daemon
|