./sysutils/dbus, Message bus system

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.10.16, Package name: dbus-1.10.16, Maintainer: pkgsrc-users

D-BUS is a message bus, used for sending messages between applications.
Conceptually, it fits somewhere in between raw sockets and CORBA in terms
of complexity.

D-BUS supports broadcast messages, asynchronous messages (thus decreasing
latency), authentication, and more. It is designed to be low-overhead;
messages are sent using a binary protocol, not using XML. D-BUS also
supports a method call mapping for its messages, but it is not required;
this makes using the system quite simple.

This package provides the D-BUS core library and daemon, as well as
some utilities that complement it.

DEINSTALL [+/-]
MESSAGE.launchd [+/-]

Required to build:
[textproc/xmlto] [pkgtools/x11-links] [pkgtools/cwrappers]

Package options: kqueue, x11

Master sites:

SHA1: 8749b63ad911436f116182a321fa06c68070c19d
RMD160: 2cea27c18634487942dee32a94df87820272fe89
Filesize: 1939.515 KB

Version history: (Expand)


CVS history: (Expand)


   2017-03-14 16:34:56 by Thomas Klausner | Files touched by this commit (1)
Log message:
Add missing '+'.
Noted by Dennis Lindroos in 52071.
Only affected builds with 'x11' option turned off (non-default).
   2017-03-08 17:09:15 by Jonathan Perkin | Files touched by this commit (1)
Log message:
Use local Docbook DTDs.  Fixes issue where xmllint --nonet doesn't actually
work.
   2017-02-16 17:07:05 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Updated dbus to 1.10.16.

D-Bus 1.10.16 (2017-02-16)
==

The “super digging powers” release.

The fixes in this release are arguably security fixes, but if they
affect you, please take this opportunity to rethink how you are
configuring dbus.

Enhancements:

• Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian
  stable and Debian testing in addition to the older Ubuntu that is
  the default (fd.o #98889, Simon McVittie)

Fixes:

• Prevent symlink attacks in the nonce-tcp transport on Unix that could
  allow an attacker to overwrite a file named "nonce", in a directory
  that the user running dbus-daemon can write, with a random value
  known only to the user running dbus-daemon. This is unlikely to be
  exploitable in practice, particularly since the nonce-tcp transport
  is really only useful on Windows.

  On Unix systems we strongly recommend using only the unix: and systemd:
  transports, together with EXTERNAL authentication. These are the only
  transports and authentication mechanisms enabled by default,

  (fd.o #99828, Simon McVittie)

• Avoid symlink attacks in the "embedded tests", which are not enabled
  by default and should never be enabled in production builds of dbus.
  (fd.o #99828, Simon McVittie)
   2016-12-12 14:57:44 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Updated dbus to 1.10.14.

D-Bus 1.10.14 (2016-11-28)
==

The “Well, other bands know more than three chords” release.

Fixes:

• Work around an undesired effect of the fix for CVE-2014-3637
  (fd.o #80559), in which processes that frequently send fds, such as
  logind during a flood of new PAM sessions, can get disconnected for
  continuously having at least one fd "in flight" for too long;
  dbus-daemon interprets that as a potential denial of service attack.
  The workaround is to disable that check for uid 0 process such as
  logind, with a message in the system log. The bug remains open while
  we look for a more general solution.
  (fd.o #95263, LP#1591411; Simon McVittie)

• Don't run the test test-dbus-launch-x11.sh if X11 autolaunching
  was disabled at compile time. That test is not expected to work
  in that configuration. (fd.o #98665, Simon McVittie)
   2016-11-02 20:57:04 by Jonathan Perkin | Files touched by this commit (2) | Package updated
Log message:
Remove broken and incorrect DEINSTALL script, these directories are
correctly handled by OWN_DIRS.  Bump PKGREVISION.
   2016-10-10 15:16:44 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Updated dbus to 1.10.12.

D-Bus 1.10.12 (2016-10-10)
==

The “not excessively inhospitable” release.

Security fixes:

• Do not treat ActivationFailure message received from root-owned systemd
  name as a format string. In principle this is a security vulnerability,
  but we do not believe it is exploitable in practice, because only
  privileged processes can own the org.freedesktop.systemd1 bus name, and
  systemd does not appear to send activation failures that contain "%".

  Please note that this probably *was* exploitable in dbus versions
  older than 1.6.30, 1.8.16 and 1.9.10 due to a missing check which at
  the time was only thought to be a denial of service vulnerability
  (CVE-2015-0245). If you are still running one of those versions,
  patch or upgrade immediately.

  (fd.o #98157, Simon McVittie)

Other fixes:

• Harden dbus-daemon against malicious or incorrect ActivationFailure
  messages by rejecting them if they do not come from a privileged
  process, or if systemd activation is not enabled
  (fd.o #98157, Simon McVittie)

• Avoid undefined behaviour when setting reply serial number without going
  via union DBusBasicValue (fd.o #98035, Marc Mutz)

• autogen.sh: fail cleanly if autoconf fails (Simon McVittie)
   2016-08-22 15:35:36 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
Updated dbus to 1.10.10.

D-Bus 1.10.10 (2016-08-15)
==

The “tungsten door” release.

Fixes:

• On Linux, when dbus-daemon is run with reduced susceptibility to the
  OOM killer (typically via systemd), do not let child processes inherit
  that setting (fd.o #32851; Kimmo Hämäläinen, WaLyong Cho)

• Output valid shell syntax in ~/.dbus/session-bus/ if the bus address
  contains a semicolon (fd.o #94746, Thiago Macieira)

• Fix memory leaks and thread safety in subprocess starting on Windows
  (fd.o #95191, Ralf Habacker)

• Do not require systemd to have a service file if using it for activation
  (fd.o #93194; Simon McVittie; backport from 1.11.0)

• Stop test-dbus-daemon incorrectly failing on platforms that cannot
  discover the process ID of clients (fd.o #96653, Руслан Ижбулатов)

• In tests that exercise correct handling of crashing D-Bus services,
  suppress Windows crash handler (fd.o #95155; Yiyang Fei, Ralf Habacker)

• Explicitly check for stdint.h (Ioan-Adrian Ratiu)

• update-activation-environment: produce better diagnostics on error
  (fd.o #96653, Simon McVittie)

• Don't fail the build with an unused const variable warning under gcc 6
  (fd.o #97282; Thomas Zimmermann, Simon McVittie)

• Merge dbus-1.10-ci branch, containing backports from 1.11.0 in build/test
  code to support continuous integration (fd.o #93194, Simon McVittie)

  · Avoid -Wunused-label when compiling with libselinux but no libaudit
  · In development builds, allow OOM tests to be disabled as documented
  · Accept and ignore the --tap argument in all "embedded tests", and run
    all automated tests with that argument for better diagnostics
  · Fix the systemd activation test under CMake by installing the required
    files
  · In Automake, fix shell syntax for installcheck-local with no DESTDIR
  · In Automake, don't try to run manual tests in installcheck
  · In CMake, don't run manual-tcp test as an automated test
  · Add travis-ci.org build machinery
   2016-06-08 12:16:57 by Jonathan Perkin | Files touched by this commit (89)
Log message:
Remove the stability entity, it has no meaning outside of an official context.