Announcing dbus 1.4.12

Simon Mcvittie simon.mcvittie at collabora.co.uk
Fri Jun 10 15:09:27 PDT 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

A new stable release of dbus is now available. This release fixes a local
denial of service (sorry, no CVE number yet). 1.2.28 and 1.5.4 releases to
follow soon.

http://dbus.freedesktop.org/releases/dbus/dbus-1.4.12.tar.gz
http://dbus.freedesktop.org/releases/dbus/dbus-1.4.12.tar.gz.asc

D-Bus 1.4.12 (2011-06-10)
==

Security (local denial of service):

• Byte-swap foreign-endian messages correctly, preventing a long-standing
  local DoS if foreign-endian messages are relayed through the dbus-daemon
  (backporters: this is git commit c3223ba6c401ba81df1305851312a47c485e6cd7)
  (fd.o #38120, Debian #629938, no CVE number yet; Simon McVittie)

New things:

• The constant to use for an infinite timeout now has a name,
  DBUS_TIMEOUT_INFINITE. It is numerically equivalent to 0x7fffffff (INT32_MAX)
  which can be used for source compatibility with older versions of libdbus.

• If GLib and DBus-GLib are already installed, more tests will be built,
  providing better coverage. The new tests can also be installed via
      ./configure --enable-installed-tests
  for system integration testing, if required. (fd.o #34570, Simon McVittie)

Changes:

• Consistently use atomic operations for the DBusConnection's refcount,
  fixing potential threading problems (fd.o #38005, Simon McVittie)

• Don't use -Wl,--gc-sections by default: in practice the size decrease is
  small (300KiB on x86-64) and it frequently doesn't work in unusual
  toolchains. To optimize for minimum installed size, you should benchmark
  various possibilities for CFLAGS and LDFLAGS, and set the best flags for
  your particular toolchain at configure time. (fd.o #33466, Simon McVittie)

• Use #!/bin/sh for run-with-tmp-session-bus.sh, making it work on *BSD
  (fd.o #35880, Timothy Redaelli)

• Use ln -fs to set up dbus for systemd, which should fix reinstallation
  when not using a DESTDIR (fd.o #37870, Simon McVittie)

• Windows-specific changes:
  · don't try to build dbus-daemon-launch-helper (fd.o #37838, Mark Brand)
-----BEGIN PGP SIGNATURE-----

iQIVAwUBTfKWDk3o/ypjx8yQAQghrw/9H4j3V1rzlSHIFs5qIztYi4E1bzNgy/ec
R7e2aiJ5+hzb67oifjLa4gPchAlCWnxXh2YJgnyUR2v0FTssX9VO3a4K4MF9uZME
onjNV/zk0ZcduseSJXifetm0Pra9HLJkaumYJMyBaLClM2ut07msl9MgV4aZESQI
85fp+UjNiDMZe/ahiZcBOh/c1s8H+kMJIN6F4WI7oCuFszWQGd/52Ompd00480rV
IBYZHtK6gQb6C/bb4ACEqrN8zdaySYYLWCFqdobPJ4KrOrq/uRCWrGjAvkzi0Vk+
gbF6AmgEhC7TWjQoUtfgw48B2Za9sMNeXLQiyQt/BPe1V1RSY06iCRvCnjgAv2DU
rXltIbdgoY0T+T7Ev+6YXYWRFBHfAHtEhdNk5CfY9Ku2yXExqON3GRy2Ky/N22U6
HmI95tYAdJO+PPlfy6SZn740jZt47iT3IccS9F5++QTu+Rt8VzK8aNRY3kjwfCjq
x3ZccekfcDJykbvtZIYPnoTiv2+2Ep/RqKKGm0V0/vjSN3lU0JXoTRfkv2E3sm2m
lLwXOSJ56rEFdsFXsD2SjuvGHHk5JigG0bTy5EFCOW6df4wx5IafK84pM4V/mGzU
QDLcDXWbAjpn6aWMEhqX3rcOIpqlUQrVH3vDx/08G1P4GpMCXhM/sVgT8H86OUYJ
mQNU5d7Ib0E=
=ZWWA
-----END PGP SIGNATURE-----

More information about the dbus mailing list