1. 06 Oct, 2014 4 commits
  2. 30 Sep, 2014 1 commit
  3. 22 Sep, 2014 1 commit
  4. 15 Sep, 2014 4 commits
    • Simon McVittie's avatar
    • Simon McVittie's avatar
      New upstream release fixes several security issues · 9faacc93
      Simon McVittie authored
        - CVE-2014-3635: do not accept an extra fd in cmsg padding,
          avoiding a buffer overrun in dbus-daemon or system services
        - CVE-2014-3636: reduce maximum number of file descriptors
           per message from 1024 to 16, to avoid two separate denial-of-service
           attacks that could cause system services to be dropped from the bus
        - CVE-2014-3637: time out connections that have a
           partially-sent message containing a file descriptor, so that
           malicious processes cannot use self-referential file descriptors
           to make a connection that will never close
        - CVE-2014-3638: reduce maximum number of pending replies
          per connection to avoid algorithmic complexity DoS
        - CVE-2014-3639: reduce timeout for authentication and
          do not accept() new connections when all unauthenticated connection
          slots are in use, so that malicious processes cannot prevent new
          connections to the system bus
      9faacc93
    • Simon McVittie's avatar
      Merge tag 'upstream/1.8.8' · 29f7b361
      Simon McVittie authored
      Upstream version 1.8.8
      29f7b361
    • Simon McVittie's avatar
      Imported Upstream version 1.8.8 · 403920f7
      Simon McVittie authored
      403920f7
  5. 12 Sep, 2014 1 commit
  6. 21 Aug, 2014 1 commit
  7. 13 Aug, 2014 2 commits
  8. 30 Jun, 2014 3 commits
  9. 05 Jun, 2014 3 commits
  10. 30 Apr, 2014 7 commits
    • Simon McVittie's avatar
      New upstream release · 99879a84
      Simon McVittie authored
      99879a84
    • Simon McVittie's avatar
      Merge tag 'upstream/1.8.2' · 97990536
      Simon McVittie authored
      Upstream version 1.8.2
      97990536
    • Simon McVittie's avatar
      Imported Upstream version 1.8.2 · 56b80e48
      Simon McVittie authored
      56b80e48
    • Simon McVittie's avatar
      1.8.2 · 789800af
      Simon McVittie authored
      789800af
    • Руслан Ижбулатов's avatar
      Handle 0x0d0a EOLs in spawn_dbus_daemon() · 28812c88
      Руслан Ижбулатов authored
      On W32 dbus daemon will print output in text mode, with 0x0d0a EOLs instead
      of just 0x0a. Be able to handle that.
      
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=75863
      Reviewed-by: Simon McVittie
      28812c88
    • Simon McVittie's avatar
      NEWS · c02ac705
      Simon McVittie authored
      c02ac705
    • Роман Донченко's avatar
      Avoid killing all available processes if an X error arrives early on · 3be60637
      Роман Донченко authored
      The timeline of events in dbus-launch's main process goes something like this:
      
      * do initial X calls
      [1]
      * do some other stuff
      * fork
          (child process starts doing some other stuff)
      * return "intermediate parent" pid from fork()
      * obtain bus daemon pid from bus_pid_to_launcher_pipe
      [2]
      * do things that might include X11 calls or killing the dbus-daemon
      
      Meanwhile, the "babysitter" child goes like this:
      
      * return 0 from fork()
      [3]
      * obtain bus daemon pid from parent process via bus_pid_to_babysitter_pipe
      [4]
      * do things that might include X11 calls or killing the bus daemon
      
      Before [1] or [3], the right thing to do about an X error is to just
      exit. The current implementation called kill(-1) first, which is
      undesirable: it kills unrelated processes. With this change, we
      just exit.
      
      After [2] or [4], the right thing to do is to kill the dbus-daemon,
      and that's what the existing code did.
      
      Between [1] and [2], or between [3] and [4], there is no correct thing
      that we can do immediately: we would have to wait for the end of the
      "critical section", *then* kill the dbus-daemon. This has not yet been
      implemented, so this patch relies for its correctness on the fact that
      there are no libX11 calls between those points, so we cannot receive
      an X error between them.
      
      dbus-launch deserves more comments, or a reimplementation that is easier to
      understand, but this change is certainly better than nothing.
      
      [Commit message added, summarizing reviewers' comments -smcv]
      Bug: https://bugs.freedesktop.org/show_bug.cgi?id=74698
      Reviewed-by: Simon McVittie
      Reviewed-by: Thiago Macieira
      3be60637
  11. 28 Apr, 2014 4 commits
  12. 26 Mar, 2014 1 commit
    • Simon McVittie's avatar
      Improve autopkgtest support · 30b92e7a
      Simon McVittie authored
        - use a shell wildcard instead of dpkg-architecture, to avoid stderr spam
          failing the test if gcc is missing
        - wrap each test-case in an arbitrary (5 minute) timeout so that one
          test-case failing won't halt the whole build
      30b92e7a
  13. 13 Mar, 2014 1 commit
  14. 06 Mar, 2014 1 commit
  15. 03 Mar, 2014 1 commit
  16. 26 Feb, 2014 5 commits