Announcing dbus 1.13.18
Simon McVittie
smcv at collabora.com
Thu Jul 2 15:09:57 UTC 2020
This is a development branch for the adventurous, and comes with a risk
of regressions. OS distributions should stay with the 1.12.x branch,
unless they can commit to following the 1.13.x branch until it reaches
a 1.14.0 stable release at an unspecified point in the future.
<http://dbus.freedesktop.org/releases/dbus/dbus-1.13.18.tar.xz>
<http://dbus.freedesktop.org/releases/dbus/dbus-1.13.18.tar.xz.asc>
git tag: dbus-1.13.18
The “carnivorous border” release.
Maybe security fixes:
• On Unix, avoid a use-after-free if two usernames have the same
numeric uid. In older versions this could lead to a crash (denial of
service) or other undefined behaviour, possibly including incorrect
authorization decisions if <policy group=...> is used.
Like Unix filesystems, D-Bus' model of identity cannot distinguish
between users of different names with the same numeric uid, so this
configuration is not advisable on systems where D-Bus will be used.
Thanks to Daniel Onaca.
(dbus#305, dbus!166; Simon McVittie)
Other fixes:
• On Solaris and its derivatives, if a cmsg header is truncated, ensure
that we do not overrun the buffer used for fd-passing, even if the
kernel tells us to.
(dbus#304, dbus!165; Andy Fiddaman)
• When built with CMake, use GNUInstallDirs' special-cases for prefixes
/, /usr and /opt/*
(dbus!155, Ralf Habacker)
• When built with CMake on Linux, allow systemd-specific features to be
enabled, for feature parity with Autotools
(dbus!155, Ralf Habacker)
• When built with CMake, install the same example files as with Autotools
(dbus!155, Ralf Habacker)
• Correct the doc-comment for DBUS_ERROR_SPAWN_NO_MEMORY
(dbus!163, Marc-André Lureau)
--
Simon McVittie, Collabora Ltd.
on behalf of the dbus maintainers
_______________________________________________
dbus mailing list
dbus at lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/dbus
More information about the dbus
mailing list