Announcing D-Bus 1.9.10

Simon McVittie simon.mcvittie at collabora.co.uk
Mon Feb 9 07:28:30 PST 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

The “sad cyborgs” release.

As with all the 1.odd.x releases, this is a development release for
people who live in the future. Stable distributions should use the 1.8
branch instead.

http://dbus.freedesktop.org/releases/dbus/dbus-1.9.10.tar.gz
http://dbus.freedesktop.org/releases/dbus/dbus-1.9.10.tar.gz.asc
git tag: dbus-1.9.10

Security fixes merged from 1.8.16:

• Do not allow non-uid-0 processes to send forged ActivationFailure
  messages. On Linux systems with systemd activation, this would
  allow a local denial of service: unprivileged processes could
  flood the bus with these forged messages, winning the race with
  the actual service activation and causing an error reply
  to be sent back when service auto-activation was requested.
  This does not prevent the real service from being started,
  so the attack only works while the real service is not running.
  (CVE-2015-0245, fd.o #88811; Simon McVittie)

Enhancements:

• The new Monitoring interface in the dbus-daemon lets dbus-monitor and
  similar tools receive messages without altering the security
  properties of the system bus, by calling the new BecomeMonitor method
  on a private connection. This bypasses the normal <allow> and <deny>
  rules entirely, so to preserve normal message-privacy assumptions,
  only root is allowed to do this on the system bus. Restricted
  environments, such as Linux with LSMs, should lock down access to the
  Monitoring interface. (fd.o #46787, Simon McVittie)

• dbus-monitor uses BecomeMonitor to capture more traffic, if the
  dbus-daemon supports it and access permissions allow it.
  It still supports the previous approach ("eavesdropping" match rules)
  for compatibility with older bus daemons. (fd.o #46787, Simon)

• dbus-monitor can now log the message stream as binary data for later
  analysis, with either no extra framing beyond the normal D-Bus
  headers, or libpcap-compatible framing treating each D-Bus message
  as a captured packet. (fd.o #46787, Simon)

Other fixes:

• Fix some CMake build regressions (fd.o #88964, Ralf Habacker)

• On Unix, forcibly terminate regression tests after 60 seconds to
  prevent them from blocking continuous integration frameworks
  (fd.o #46787, Simon)

- -- 
Simon McVittie, Collabora Ltd.
-----BEGIN PGP SIGNATURE-----

iQIVAwUBVNjSHE3o/ypjx8yQAQg+Eg//cNgKp+w5ljb71KSsHG1UR8/8iyRjY6vx
O/POt0fBOyrh+lo7IyrwQh0SXqX2ktax+ht9gevCSjaHg7U/yFT/fwEUdz0nBrb/
lb7HpWhder88SRU75uZiWlPr/T+CelJbxwaob5cXRGfMs//Hc8+y0pdfQEopG2uv
rgrAj1W/4SOYFmbXr/UVg7AvxBHYqWXJDPB0uG8Z/qZMCp6Do4tekmmHWtLISnzs
kcXIdOnmsl/VIUdHY0+IsDkQyJXrpe42/TUzt1X3c2jROEfxcH3oNy3mhx4dlj8W
afPG4Kru6Pzv0OYfrLsYW6f4mKLi7IjF/KELvU+J1DWGIcU+9cHCcM+2+UA6uAyP
02neFse1x1nb+OOlEO+2h5AAYcrOMiQonj293kERIR43IUBbsm9KmpAlpZIQW7lb
z+uD2nxs4XgEBy+NaeuaHgzhz9SqKj52cowB1URgDixGYT7btySvqHvDffB1NMtQ
ukwad+DiP2c7FS1OGpK3BJhcv0xuXTfOar5fXGG3LZBnjZ5cfDfrsjCmBYB3hOpa
Ajl6nWWg9bgnb7ZtPQQvNi1Jq0/Wb/Z4NPZx3H4zMrCOQd5qU61j8S3CdUaF5rC6
detw02hmOerB3KeSa3G/y5TcdMA76dJly2DuADW2g+1zEXpeuEAQWpdVK0yn808w
eTsNjlD2HLk=
=MMaU
-----END PGP SIGNATURE-----

More information about the dbus mailing list