-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 02 Jun 2020 19:48:04 +0100 Source: dbus Architecture: source Version: 1.12.18-1 Distribution: unstable Urgency: medium Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers@lists.alioth.debian.org> Changed-By: Simon McVittie <smcv@debian.org> Closes: 783321 857678 932105 945201 958289 Changes: dbus (1.12.18-1) unstable; urgency=medium . [ Simon McVittie ] * New upstream stable release - CVE-2020-12049: Prevent a denial of service attack in which a local user can make the system dbus-daemon run out of file descriptors - d/p/dbus-daemon-test-Don-t-test-fd-limits-if-in-an-unprivileg.patch: Drop patch, applied upstream. * Switch to debhelper-compat 12 - Don't restart systemd units on upgrade. Previously, this was handled by the dh_installinit override. - Add ${misc:Pre-Depends} to all binary packages. This is required for dbus for dh_installsystemd under dh compat level 12, and is harmless for the others. * dbus: Remove an unused Lintian override. Lintian used to warn twice for the statically-enabled dbus.service unit, but now only warns once. * dbus-tests: Silence package-contains-documentation-outside-usr-share-doc Lintian tag. The tests contain some READMEs that describe what is in their directory. * d/tests: Remove compatibility with deprecated ADTTMP. autopkgtest has supported AUTOPKGTEST_TMP long enough to use it unconditionally. * Introduce noinsttest build profile. This disables dbus-tests, and when combined with nocheck it disables the circular GLib dependency. * Remove non-standard pkg.dbus.minimal build profile. It was not a "safe" build profile (it altered the contents of binary packages, notably dropping LSM and systemd support, which could result in dependent packages being broken), and the combination of nocheck, nodoc and noinsttest achieves most of the same build-dependency reductions. * Explicitly build-depend on pkg-config. Previously, this was pulled in by libglib2.0-dev. (Closes: #945201) * d/upstream/metadata: Distinguish between Bug-Submit and Bug-Database * Change system bus socket to /run/dbus/system_bus_socket. The interoperable cross-distro path is /var/run/dbus/system_bus_socket, so this remains the upstream default for the benefit of distributions where /var/run and /run are (problematically) not guaranteed to be equivalent. However, Debian Policy since at least v4.1.5 guarantees that /var/run is a symlink to /run, and this has been implemented for several stable releases (since at least initscripts 2.88dsf-29 in 2012, in the sysvinit case), so it is harmless to prefer the path in /run, which has advantages in a few corner cases (ability to unmount /var is the main one) and avoids warnings from systemd. (Closes: #783321, #857678, #932105, #958289) * Standards-Version: 4.5.0 - Note that the user for `dbus-daemon --system` is still named 'messagebus' for historical reasons. If it was added today, we'd call it _dbus as per Policy §9.2.1, but this is not the right package to be experimenting with renaming system users. * d/dbus-udeb.postinst: Remove #DEBHELPER# token. debhelper doesn't actually substitute this in udebs, making it just an ordinary comment. . [ Debian Janitor ] * Remove trailing whitespace in d/changelog. * Use secure URI in Homepage field. * Re-export upstream signing key without extra signatures. * Set upstream metadata fields: Bug-Submit (from ./configure), Repository, Repository-Browse. Checksums-Sha1: 35c64d9cd9aec85bcd0a537bf6b90c88d156e18f 3663 dbus_1.12.18-1.dsc 06a8faeb4c3c2c9739fda04f81c6ccdb1a0e5f77 2094453 dbus_1.12.18.orig.tar.gz c73ec1e0ab00bbe830b8535a273586bf9c1743de 833 dbus_1.12.18.orig.tar.gz.asc fc5fca8764bf14cd68fa42f6a984b198f18b2961 57760 dbus_1.12.18-1.debian.tar.xz e654b898ad396030fa66fefa5736c13d5682b350 7345 dbus_1.12.18-1_source.buildinfo Checksums-Sha256: e5109a754a7e3d8309a9f0804584042e736dbfad1cc8babfb97c956880a67641 3663 dbus_1.12.18-1.dsc 64cf4d70840230e5e9bc784d153880775ab3db19d656ead8a0cb9c0ab5a95306 2094453 dbus_1.12.18.orig.tar.gz 0daddfcc8e30facf66c1a79a1d0fd776e18a180f9a6fe634874f404f9972ce30 833 dbus_1.12.18.orig.tar.gz.asc 8489045f2a5b85b739882a102d044dfa7b204b1cb5796c987970eb2fb1153d7a 57760 dbus_1.12.18-1.debian.tar.xz 9a0f53b764944c9c2721541e62a19d35e55722a6b5a139cc2fb44958ee5235e3 7345 dbus_1.12.18-1_source.buildinfo Files: bd6945b46d10bd5434d25b0533f25d9f 3663 admin optional dbus_1.12.18-1.dsc 4ca570c281be35d0b30ab83436712242 2094453 admin optional dbus_1.12.18.orig.tar.gz 0a724430ba9292ee0a8ea4862b72471d 833 admin optional dbus_1.12.18.orig.tar.gz.asc 096ada6aef1507c03d7f0f227519cbd6 57760 admin optional dbus_1.12.18-1.debian.tar.xz 9f2d65a2956a1d5926962c0020e47a83 7345 admin optional dbus_1.12.18-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAl7WrroQHHNtY3ZAZGVi aWFuLm9yZwAKCRDgWuFHj4FMTzKsEACNNPKnKNVZ8crw2wOLfmvXmaf7+r4xLYDS UqV5hVfpaIsbzKjMltLcyCMns+tjhvMUSGJbY98xVcNC8X5bFWoiqaYRJ8HexoT+ k1sFcFuWnRZqwuwsaiUV/A+5pnhcaqWXjpx8REuMWFnpVC2P8GH0mfqoX5TuanUa FuJXDmyFNxF4Hq2c5JsF+SpJRaYWEwxzP+ZjtjL4PnbzhDucVRokwJPfeavL3NOi 6xtUG5gV5iJ5NJtEa9Ow/Z6M97pERHujMOga8R1QfWtN2OUCdRMnM8EKQA6pSd3L Fyb2rRYfgglVk8+DfCBLAAP5hmvyhwCawq7k3IlxmclB3ys9Tlsm0fQOGAtPnVxe uBAForEhUS67vIlLm6QNd9K8d3fW1Gwr39eSS1Ouf0WmmzjgZj/xYc5t0s0XuVQv 2COoW3Qxr/8loXu5ldIId2J/XjgQDZkE5equ9pOHVGtjLf+4ODbNc4XHyFXQK4AQ HH3X1wq9nJ4byhbknhVsTwlVaO3ArSM76ihSMT7x8zu3i5qas/g5BijS/sbDagrS ewalukowqxGDvJO5CmX4ZVd5y3VjoXXoyrwYSpnDwIEfi5qP3OHFygQCcbpU1P8W AsXGX4OLN4fdE1ub/iO625AJWbrhPxo5Na/svMKdRTdSsNmJFMVrMAfXzpguQAIL agFh2ZP+7A== =CPKy -----END PGP SIGNATURE-----