Commit 655b3e61 authored by Simon McVittie's avatar Simon McVittie

Release 1.11.6 and spec 0.29

Signed-off-by: default avatarSimon McVittie <smcv@debian.org>
parent 12720d6e
D-Bus 1.11.6 (UNRELEASED)
D-Bus 1.11.6 (2016-10-10)
==
The darkly whimsical release.
Security fixes:
Do not treat ActivationFailure message received from root-owned systemd
name as a format string. In principle this is a security vulnerability,
but we do not believe it is exploitable in practice, because only
privileged processes can own the org.freedesktop.systemd1 bus name, and
systemd does not appear to send activation failures that contain "%".
Please note that this probably *was* exploitable in dbus versions
older than 1.6.30, 1.8.16 and 1.9.10 due to a missing check which at
the time was only thought to be a denial of service vulnerability
(CVE-2015-0245). If you are still running one of those versions,
patch or upgrade immediately.
(fd.o #98157, Simon McVittie)
Enhancements:
D-Bus Specification version 0.29
......@@ -24,7 +42,12 @@ Enhancements:
On Linux, mention the LSM label (if available) whenever we print
debug information about a peer (fd.o #68212, Philip Withnall)
Fixes:
Other fixes:
Harden dbus-daemon against malicious or incorrect ActivationFailure
messages by rejecting them if they do not come from a privileged
process, or if systemd activation is not enabled
(fd.o #98157, Simon McVittie)
Avoid undefined behaviour when setting reply serial number without going
via union DBusBasicValue (fd.o #98035, Marc Mutz)
......
......@@ -3,7 +3,7 @@ AC_PREREQ([2.63])
m4_define([dbus_major_version], [1])
m4_define([dbus_minor_version], [11])
m4_define([dbus_micro_version], [5])
m4_define([dbus_micro_version], [6])
m4_define([dbus_version],
[dbus_major_version.dbus_minor_version.dbus_micro_version])
AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus])
......@@ -37,7 +37,7 @@ AC_DEFINE_UNQUOTED(DBUS_DAEMON_NAME,"dbus-daemon",[Name of executable])
#
## increment if the interface has additions, changes, removals.
LT_CURRENT=18
LT_CURRENT=19
## increment any time the source changes; set to
## 0 if you increment CURRENT
......@@ -46,7 +46,7 @@ LT_REVISION=2
## increment if any interfaces have been added; set to 0
## if any interfaces have been changed or removed. removal has
## precedence over adding, so set to 0 if both happened.
LT_AGE=15
LT_AGE=16
AC_SUBST(LT_CURRENT)
AC_SUBST(LT_REVISION)
......
......@@ -6,7 +6,7 @@
<article id="index">
<articleinfo>
<title>D-Bus Specification</title>
<releaseinfo>Version 0.28</releaseinfo>
<releaseinfo>Version 0.29</releaseinfo>
<date>2016-08-15</date>
<authorgroup>
<author>
......@@ -70,6 +70,15 @@
</author>
</authorgroup>
<revhistory>
<revision>
<revnumber>0.29</revnumber>
<date>2016-10-10</date>
<authorinitials>PW</authorinitials>
<revremark>
Introspection arguments may contain annotations; recommend against
using the object path '/'
</revremark>
</revision>
<revision>
<revnumber>0.28</revnumber>
<date>2016-08-15</date>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment