Releases: bus1/dbus-broker
Releases · bus1/dbus-broker
dbus-broker-26
# dbus-broker - Linux D-Bus Message Broker
## CHANGES WITH 26:
* Improve the service activation tracking of the compatibility
launcher. We now track spawned systemd units for their entire
lifetime, so we can properly detect when activations fail.
* Work around a kernel off-by-one error in the socket queue accounting
to fix a race-condition where dbus clients might not be dispatched.
* Support running without `shmem` configured in the kernel. This will
make the broker run better on limited embedded devices.
Contributions from: Chris Paulson-Ellis, David Rheinsberg, Tim Gates
- Dußlingen, 2021-01-20
dbus-broker-25
# dbus-broker - Linux D-Bus Message Broker
## CHANGES WITH 25:
* Fix an assertion failure when disconnecting monitors with active
unique-name matches.
* Fix the selinux error-handling to no longer mark all errors as
auditable by default.
* Minor improvements to the test-suite for better debugging.
Contributions from: Chris PeBenito, David Rheinsberg
- Tübingen, 2020-12-03
dbus-broker-24
# dbus-broker - Linux D-Bus Message Broker
## CHANGES WITH 24:
* Improve log messages for invalid configuration files, as well as
early start-up errors.
* Make audit-events properly typed and prevent non-auditable events
from being forwarded to the linux audit system.
Contributions from: Chris PeBenito, David Rheinsberg
- Tübingen, 2020-09-04
dbus-broker-23
# dbus-broker - Linux D-Bus Message Broker
## CHANGES WITH 23:
* Expose supplementary groups as `UnixGroupIDs` as defined by the dbus
specification in 0.53.
* Fix an issue where the launcher incorrectly reported success even
though it could not parse the bus configuration.
* Fix an issue where the launcher was unnecessarily verbose about trying
to start masked units. It will now only log once per unit.
* Fix an issue where transient systemd unit names were not correctly
escaped.
* The broker now uses the peer-pid from `SO_PEERCRED` on the controller
socket, rather than relying on `getppid()`. This allows creating the
broker from intermediate processes without having any credentials of
the intermediate leak into the broker.
Contributions from: David Rheinsberg
- Tübingen, 2020-05-11
dbus-broker-22
# dbus-broker - Linux D-Bus Message Broker
## CHANGES WITH 22:
* Implement org.freedesktop.DBus.Debug.Stats in the driver. This
interface is defined by dbus-daemon and we use it similarly to expose
internal state of the broker. For now, only the GetStats() call is
supported, and it dumps the full accounting state to the caller.
This will hopefully aid resource-debugging in the future.
* Support no-op activation files. If neither a binary to execute, nor a
service to activate, is specified, the service is expected to spawn
via its own means (for instance spawned automatically during bootup,
or activated via side-channels).
* The new configuration option `linux-4-17`, if set to true (default is
false), makes dbus-broker assume it runs on linux-v4.17 or newer. It
will make use of features introduced up to linux-v4.17. This allows
to forcibly disable workarounds for old kernels, where a feature
detection at runtime is not possible.
This option is meant to allow distributions to circumvent the
workarounds, in case their setup does not work with them. Unless you
have reason to set this option, it is safe to keep the default.
Once the mandatory required kernel version of dbus-broker is bumped
to v4.17, this option will default to `true` (an override to `false`
will then no longer be allowed).
* The `BecomeMonitor()` call now allows `eavesdrop={true|false}`
attributes. This is required for compatibility with `dbus-monitor`,
which always forcibly sets this attribute. Note that the attribute
has no effect (nor meaning) when specified with `BecomeMonitor()`. It
is completely ignored by dbus-broker.
* The SELinux configuration parser is fixed regarding some wrongly
placed assertions.
* DBus socket handling is fixed to no longer fault on `MSG_CTRUNC`.
Without this, clients can DoS dbus-broker, if, and only if, they can
make the active LSM drop file-descriptors in a transmitted message
due to policy denials. This has no effect if LSMs are not used.
* Minor bugfixes all over the place, including fixes to build under
musl libc.
Contributions from: David Rheinsberg, Luca Boccassi, Tom Gundersen
- Tübingen, 2020-02-17
dbus-broker-21
# dbus-broker - Linux D-Bus Message Broker
## CHANGES WITH 21:
* A handful of bugfixes for the launcher.
Contributions from: David Rheinsberg, Tom Gundersen
- Tübingen, 2019-05-02
dbus-broker-20
# dbus-broker - Linux D-Bus Message Broker
## CHANGES WITH 20:
* Major improvements in the logging infrastructure of the launcher.
Messages are now directly forwarded to the journal and amended with
additional fields. The journal-catalog now contains entries with
background information on runtime log messages. Lastly, many of the
log-messages were overhauled to be more descriptive.
* The `c-sundry` submodule was dropped and replaced by `c-stdaux`. This
is a much smaller project with a clearly stated goal. The old dumping
gound `c-sundry` is no longer needed (remaining bits were moved into
the dbus-broker codebase).
Contributions from: David Herrmann, Tom Gundersen
- Tübingen, 2019-04-10
dbus-broker-19
# dbus-broker - Linux D-Bus Message Broker
## CHANGES WITH 19:
* Fix a possible integer overflow in resource quota calculations.
Before this, it was possible to exceed the assigned resource limits
by crafting messages that trigger this integer overflow. This
effectively allows machine-local resource exhaustion.
* Fix the resource limit calculation. Previously, resource limits were
incorrectly calculated, leading too limits that were higher than
intended.
Contributions from: David Herrmann, Tom Gundersen
- Tübingen, 2019-03-28
dbus-broker-18
dbus-broker - Linux D-Bus Message Broker
CHANGES WITH 18:
* The handling of configuration parsing errors of the compatibility
launcher is now aligned with dbus-daemon. This means, non-existant
service files and file-system errors are now ignored and do not cause
the launcher to refuse to start.
* The compatibility launcher is no longer isolated in its own network
namespace, since the SELinux APIs require access to the root network
namespace. If you package the launcher with SELinux disabled, you can
get back the old behavior by using `PrivateNetwork=true` in your dbus
service file.
Contributions from: David Herrmann, Tom Gundersen, Yanko Kaneti
- Tübingen, 2019-02-20
dbus-broker-17
dbus-broker - Linux D-Bus Message Broker
CHANGES WITH 17:
* The `g_shell` subsystem of glib was replaced with a new submodule
from the c-util suite, called `c-shquote`. It is a small project that
implements POSIX-Shell compatible quoting. This is required by the
dbus compatibility launcher to parse activation files.
Furthermore, the `g_key_file` subsystem of glib was replaced with a
submodule called `c-ini`, which implements a key-value file-parser.
Both submodules need to be added if you compile from git. With this
change, dbus-broker no longer requires glib.
* The new configuration options introduced in dbus-1.12 are now
recognized by the compatibility launcher and will no longer trigger
warnings.
* The systemd units shipped with dbus-broker now put the broker into
more isolated environments, hopefully reducing the impact of possible
security breaches. This requires semi-recent systemd releases to have
an effect. Older systemd release will ignore these new sandboxing
features.
* In case of forced client disconnects, the broker will now be a lot
more verbose and specific in its log-messages, describing exactly why
a client was disconnected. This hopefully aids debugging of
misbehaving clients.
* Messages with file-descriptors will now be refused if the client did
not negotiate file-descriptor passing before. This aligns the
behavior of the broker with the reference implementation. Before, all
clients were treated as if they support file-desciptor passing. This
is no longer the case.
Contributions from: David Herrmann, Jacob Alzén, Tom Gundersen
- Tübingen, 2019-01-01