Announcing dbus 1.7.4

Simon McVittie simon.mcvittie at collabora.co.uk
Thu Jun 13 04:54:25 PDT 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The “but is your thread-safety thread-safe?” release.

This is a development release on the branch that will eventually
produce dbus 1.8. It also fixes the same security vulnerability as the
1.6.12 and 1.4.26 stable releases.

http://dbus.freedesktop.org/releases/dbus/dbus-1.7.4.tar.gz
http://dbus.freedesktop.org/releases/dbus/dbus-1.7.4.tar.gz.asc

Security fixes:

• CVE-2013-2168: Fix misuse of va_list that could be used as a denial
  of service for system services. Vulnerability reported by Alexandru
  Cornea. (Simon)

Dependencies:

• The Windows version of libdbus now contains a C++ source file, used
  to provide global initialization when the library is loaded.
  gcc (mingw*) users should ensure that g++ is also installed.

• The libxml2-based configuration reader (which hasn't worked for 2.5
  years, and was never the recommended option) has been removed. Expat
  is now a hard dependency.

Enhancements:

• It should now be safe to call dbus_threads_init_default() from any
  thread, at any time. Authors of loadable modules and plugins that use
  libdbus should consider doing so during initialization. (fd.o #54972,
  Simon McVittie)

• Improve dbus-send documentation and command-line parsing (fd.o #65424,
  Chengwei Yang)

Other fixes:

• In dbus-daemon, don't crash if a .service file starts with key=value
  (fd.o #60853, Chengwei Yang)

• Unix-specific:
  · Fix a crash similar to CVE-2013-2168 the first time we try to use
    syslog on a platform not defining LOG_PERROR, such as Solaris or
    QNX. This regressed in 1.7.0. (Simon)
  · Fix an assertion failure if we try to activate systemd services
    before systemd connects to the bus (fd.o #50199, Chengwei Yang)
  · Avoid compiler warnings for ignoring the return from write()
    (Chengwei Yang)

• Windows-specific:
  · Under cmake, install runtime libraries (DLLs) into bin/ instead of
    lib/ so that Windows finds them (fd.o #59733, Ralf Habacker)
-----BEGIN PGP SIGNATURE-----

iQIVAwUBUbmy8U3o/ypjx8yQAQgXhw/+LHWVRr4MPl9U9rKvcRFLNULLmiMLZl7I
6Z+JcFWbKCdGV4im+cT9I/XtBA0EkeqPRF2JOWRjGN1Z+aXbWUj/B6nr0ACxGOLJ
CJ4QH05d4K/jwBTpkWj0BOqF1I5G6hGc5KD1IlHr8EQk/FHBAoKJIL5J2WKCTXyv
HV3T92MnwpX5uqugJyN66p5JHQ0+GZ16ZIot9pt1NNoS80AnndIWnAYNp1UJu+/x
rymEKuXIQ8qo4prS6galmpt7peneNdy9QpHtLf7PcSoHJBIIkpbmL5eoOdBRHB1K
pWh+2PyGTDIYah/cqVwqqYoH0FhbTY5dCEGcecQNoi2lFotlDZh5WjvJGCMqj/kK
2q5DYD97EN33Eiev8GHdi98DG29c5Mtvp7pVdzfPUbtaoA9Os5p51RRyy1p9YRkV
uS8C7kI9EZyw6hX5JeMG2DPo7X8hy+L4KTDY+15BHCMhx9y9B+YfsueSFUZyBvGI
OMCiux0SN4/ZDLwjNXDeBxj85R7OCmChhGeqOHT5zcJUom1stczBEIuLkPtbAt6o
g16Q5tptos4zB09MgB/kDI6MAxH4Cg6ojM+tFjx0UUZZnVKqG6X5qLUlC6Hn2Lgs
5FxCVRVHbIzEd54rxXokqPATeIcECG3LJ2MA2X/LW8v+IxBOg2HIaZ4/FL5C3Ni0
bRyc9GiVKdU=
=CacJ
-----END PGP SIGNATURE-----


More information about the dbus mailing list