dbus-glib 0.88

Brian Cameron brian.cameron at oracle.com
Fri Aug 13 09:23:12 PDT 2010 

Colin:

Thanks for doing this.  Do you have any information when the security
issue was introduced into dbus-glib, or has this security issue existed
with every previous release of dbus-glib?   Looking at the Red Hat bug
you provide doesn't seem to provide any details about this.

Thanks,

Brian


On 08/12/10 10:15 AM, Colin Walters wrote:
> dbus-glib 0.88 is now available:
> http://dbus.freedesktop.org/releases/dbus-glib/dbus-glib-0.88.tar.gz
>
> First note, and most importantly, this fixes a security issue:
> https://bugzilla.redhat.com/show_bug.cgi?id=585394
> Note that affected system services will need to be rebuilt (but not
> necessarily patched).  One other thing; I made a "rhel5" branch
> upstream which has a backport to that version (along with other misc
> backported patches) which other people may find useful.
>
> Second note: this release increases the GLib dependency to 2.24 (for
> dbus_gvalue_to_variant).  If you just want the security fix, the patch
> in the above bug applies to 0.86 too.
>
> Astone Lin (1):
>        Allow duplicate object path registrations for different connections
>
> Christian Dywan (1):
>        Refer to dbus_g_connection_flush rather than the plain dbus call
>
> Colin Walters (3):
>        Disable test-profile on win32 for now
>        Respect property access flags for writing, allow disabling for reads
>        configure: Release 0.88
>
> Dan Williams (2):
>        core: don't pass malformed error interface to dbus (rh#581794)
>        Fix lookup of regular properties when shadow properties are used
>
> Danielle Madeley (6):
>        Bumping required GLib to 2.24 for GVariant
>        fd.o #28715: Add dbus_g_value_build_g_variant()
>        Tests for GValue-to-GVariant
>        Write a recursive equivalence function for testing the
> equivalence of GVariants
>        Test test_g_variant_equivalent itself
>        Support DBUS_TYPE_G_SIGNATURE
>
> Fridrich Strba (2):
>        Use AC_CANONICAL_HOST, not _TARGET
>        Don't use the identifier "interface" in public headers
>
> Fridrich Štrba (3):
>        Use EXEEXT so that we satisfy dependencies when cross-compiling
>        Fix linking of tests. On windows, undefined symbols are not
> allowed and symbol lookup is sequencial
>        Put the G_OS_WIN32 check where it can be defined.
>
> Guillaume Desmottes (1):
>        add mising DBUS_TYPE_G_* to the doc
>
> Simon McVittie (6):
>        Bug 14579: remove pending call from hash table before cancelling it
>        Merge branch '14579-remove-before-cancel'
>        fd.o #27958: dbus_g_error_domain_register: rewrite the documentation
>        Add Libtool m4 to .gitignore
>        Add various tests etc. to .gitignore
>        Consolidate LDADD variables in tests/examples and make them more complete
>
> Will Thompson (1):
>        Merge remote branch 'danni/gvalue-to-gvariant'
> _______________________________________________
> dbus mailing list
> dbus at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/dbus

More information about the dbus mailing list