Commit abbbf449 authored by Simon McVittie's avatar Simon McVittie

Prepare release for Monday

parent eec885de
D-Bus 1.8.14 (UNRELEASED)
D-Bus 1.8.14 (2015-01-05)
The “40lb of roofing nails” release.
Security hardening:
• Do not allow calls to UpdateActivationEnvironment from uids other than
the uid of the dbus-daemon. If a system service installs unsafe
security policy rules that allow arbitrary method calls
(such as CVE-2014-8148) then this prevents memory consumption and
possible privilege escalation via UpdateActivationEnvironment.
We believe that in practice, privilege escalation here is avoided
by dbus-daemon-launch-helper sanitizing its environment; but
it seems better to be safe.
• Do not allow calls to UpdateActivationEnvironment or the Stats interface
on object paths other than /org/freedesktop/DBus. Some system services
install unsafe security policy rules that allow arbitrary method calls
to any destination, method and interface with a specified object path;
while less bad than allowing arbitrary method calls, these security
policies are still harmful, since dbus-daemon normally offers the
same API on all object paths and other system services might behave
Other fixes:
• Add missing initialization so GetExtendedTcpTable doesn't crash on
Windows Vista SP0 (fd.o #77008, Илья А. Ткаченко)
D-Bus 1.8.12 (2014-11-24)
......@@ -3,7 +3,7 @@ AC_PREREQ([2.63])
m4_define([dbus_major_version], [1])
m4_define([dbus_minor_version], [8])
m4_define([dbus_micro_version], [13])
m4_define([dbus_micro_version], [14])
......@@ -37,7 +37,7 @@ LT_CURRENT=11
## increment any time the source changes; set to
## 0 if you increment CURRENT
## increment if any interfaces have been added; set to 0
## if any interfaces have been changed or removed. removal has
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment