Commit 1788e8f9 authored by Simon McVittie's avatar Simon McVittie


parent d9ab8931
D-Bus 1.8.18 (UNRELEASED)
D-Bus 1.8.18 (2015-05-14)
The “unicorn rifts” release.
Security hardening:
• On Unix platforms, change the default configuration for the session bus
to only allow EXTERNAL authentication (secure kernel-mediated
credentials-passing), as was already done for the system bus.
This avoids falling back to DBUS_COOKIE_SHA1, which relies on strongly
unpredictable pseudo-random numbers; under certain circumstances
(/dev/urandom unreadable or malloc() returns NULL), dbus could
fall back to using rand(), which does not have the desired unpredictability.
The fallback to rand() has not been changed in this stable-branch since
the necessary code changes for correct error-handling are rather intrusive.
If you are using D-Bus over the (unencrypted!) tcp: or nonce-tcp: transport,
in conjunction with DBUS_COOKIE_SHA1 and a shared home directory using
NFS or similar, you will need to reconfigure the session bus to accept
DBUS_COOKIE_SHA1 by commenting out the <auth> element. This configuration
is not recommended.
(fd.o #90414, Simon McVittie)
Other fixes:
• Add locking to DBusCounter's reference count and notify function
(fd.o #89297, Adrian Szyndela)
......@@ -3,7 +3,7 @@ AC_PREREQ([2.63])
m4_define([dbus_major_version], [1])
m4_define([dbus_minor_version], [8])
m4_define([dbus_micro_version], [17])
m4_define([dbus_micro_version], [18])
......@@ -37,7 +37,7 @@ LT_CURRENT=11
## increment any time the source changes; set to
## 0 if you increment CURRENT
## increment if any interfaces have been added; set to 0
## if any interfaces have been changed or removed. removal has
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment