udisks 1.0.1 released

David Zeuthen david at fubar.dk
Fri Apr 9 09:16:19 PDT 2010 

Hey,

Here's a new release of udisks:

 http://hal.freedesktop.org/releases/udisks-1.0.1.tar.gz

Vendors shipping 1.0.0 (or earlier git snapshots) are encouraged to
update to this release immediately as it contains a fix for
CVE-2010-1149.

Thanks,
David

------------
udisks 1.0.1
------------

udisks provides a daemon, D-Bus API and command line tools
for managing disks and storage devices.

All releases in the udisks 1.0 series will retain ABI compatibility at
the D-Bus interface level. This means that any application built
against udisks 1.0.x will work with udisks 1.0.y provided that y >=
x. At this point we do not provide any ABI guarantees for the
udisks(1) command-line tool (neither options nor the name). See the
README file for more discussion of ABI guarantees.

ATTENTION: This release fixes a local information disclosure: The
device-mapper udev prober exposed the plaintext password of encrypted
LUKS devices as an udev property "UDISKS_DM_TARGETS_PARAMS", which all
local users can read without restriction. (CVE-2010-1149) The only
affected version is udisks 1.0.0 (it was introduced in commit 2f0154);
No release of DeviceKit-Disks is affected. See fdo #27494 for more
details.

Changes from udisks 1.0.0:

David Zeuthen (3):
      Update NEWS for release
      Post-release version bump to 1.0.1
      Update NEWS for release

Martin Pitt (11):
      Set multimedia-player-ipod icon for iPod media players
      Allow other rules to set a more specific presentation icon
      Fix exit code of umount.udisks
      testsuite: Check that our udev probers do not leak key information
      testsuite: Test detection of kpartx LVM partitions
      Bug 27494 — publicly exports dm key information
      testsuite: Check presence and properties of loop devices
      part-id: Fix DM partition table detection
      job-drive-benchmark.c: Fix data types in error messages
      Hide Sony E-Book launcher partition
      add information about CVE-2010-1149 to NEWS

Thanks to all our contributors.

David Zeuthen,
April 9, 2010

More information about the devkit-devel mailing list