Announcing D-Bus 1.11.10

Simon McVittie simon.mcvittie at collabora.co.uk
Thu Feb 16 22:28:34 UTC 2017 

The “purple hair gives you telekinesis?” release.

1.11.x is a development branch for the adventurous, which will
eventually lead to a 1.12.x stable branch.

http://dbus.freedesktop.org/releases/dbus/dbus-1.11.10.tar.gz
http://dbus.freedesktop.org/releases/dbus/dbus-1.11.10.tar.gz.asc
git tag: dbus-1.11.10
git branch: master

Dependencies:

• AppArmor support requires at least libapparmor 2.8.95, reduced
  from 2.10 in previous versions. One test requires 2.10 and is
  skipped if building with an older version.

Enhancements:

• Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian
  stable and Debian testing in addition to the older Ubuntu that is
  the default (fd.o #98889, Simon McVittie)

• Avoid some deprecated CMake functions (fd.o #99586, Ralf Habacker)

• Silence many -Wswitch-enum and -Wswitch-default warnings
  (fd.o #98191; Thomas Zimmermann, Simon McVittie)

• Install a sysusers.d snippet so `dbus-daemon --system` can be used
  with an unpopulated /etc (fd.o #99162, Lennart Poettering)

• Install pkg-config metadata on Unix even if building with CMake
  (fd.o #99752, Ralf Habacker)

• Exclude auth mechanisms from REJECTED message if they are supported
  in the code but but configured to be disallowed (fd.o #99621,
  Ralf Habacker)

Fixes:

• Prevent symlink attacks in the nonce-tcp transport on Unix that could
  allow an attacker to overwrite a file named "nonce", in a directory
  that the user running dbus-daemon can write, with a random value
  known only to the user running dbus-daemon. This is unlikely to be
  exploitable in practice, particularly since the nonce-tcp transport
  is really only useful on Windows.

  On Unix systems we strongly recommend using only the unix: and systemd:
  transports, together with EXTERNAL authentication. These are the only
  transports and authentication mechanisms enabled by default.

  (fd.o #99828, Simon McVittie)

• Avoid symlink attacks in the "embedded tests", which are not enabled
  by default and should never be enabled in production builds of dbus.
  (fd.o #99828, Simon McVittie)

• Fix the implementation of re-enabling a timeout so that its
  countdown is restarted as intended, instead of continually
  decreasing. (fd.o #95619; Michal Koutný, Simon McVittie)

• When receiving a message with file descriptors, do not start reading
  the beginning of the next message, so that only one such message
  is processed at a time. In conjunction with the fix for #95619
  this means that processes sending many file descriptors, such as
  systemd-logind on a system that receives very rapid ssh connections,
  are not treated as abusive and kicked off the bus. Revert the previous
  workaround that special-cased uid 0.
  (fd.o #95263, LP#1591411; Simon McVittie)

• Do not require TMPDIR, TEMP or TMP to be set when cross-compiling
  for Windows with CMake (fd.o #99586, Ralf Habacker)

• Do not set Unix-specific variables when targeting Windows
  (fd.o #99586, Ralf Habacker)

• Install Unix executables to ${CMAKE_INSTALL_PREFIX}/bin as intended,
  not ${CMAKE_INSTALL_PREFIX}/lib (fd.o #99752, Ralf Habacker)

• Use relative install locations in CMake on Unix to respect DESTDIR,
  and use GNU-style install layout (fd.o #99721, #99752; Ralf Habacker)

• Install dbus-arch-deps.h correctly when using CMake
  (fd.o #99586, #99721; Ralf Habacker)

• Improve argument validation for `dbus-test-tool spam`
  (ffd.o #99693, Coverity #54759; Philip Withnall)

• Don't shift by a negative integer if a hash table becomes monstrously
  large (fd.o #99641, Coverity #54682; Philip Withnall)

• Don't leak LSM label if dbus-daemon runs out of memory when dealing with
  a new connection (fd.o #99612, Coverity #141058; Philip Withnall)

• Remove an unnecessary NULL check
  (fd.o #99642, Coverity #141062; Philip Withnall)

• Improve error handling in unit tests and dbus-send
  (fd.o #99643, #99694, #99712, #99722, #99723, #99724, #99758,
  #99759, #99793, Coverity #54688, #54692, #54693, #54697, #54701,
  #54710, #54711, #54714, #54715, #54718, #54721, #54724, #54726,
  #54730, #54740, #54822, #54823, #54824, #54825; Philip Withnall)

• Do not print verbose messages' timestamps to stderr if the actual message
  has been redirected to the Windows debug port (fd.o #99749, Ralf Habacker)

-- 
Simon McVittie, Collabora Ltd.

More information about the dbus mailing list