[Ftp-release] Announcing D-Bus 1.8.12
Simon McVittie
simon.mcvittie at collabora.co.uk
Mon Nov 24 13:02:12 PST 2014
The “days of fuchsia passed” release.
This is a bugfix release for the current stable branch, 1.8.x, fixing a
regression introduced in 1.8.8. Please upgrade unless you have a reason
to keep using an older branch.
http://dbus.freedesktop.org/releases/dbus/dbus-1.8.12.tar.gz
http://dbus.freedesktop.org/releases/dbus/dbus-1.8.12.tar.gz.asc
git tag: dbus-1.8.12
git branch: dbus-1.8
Fixes:
• Partially revert the CVE-2014-3639 patch by increasing the default
authentication timeout on the system bus from 5 seconds back to 30
seconds, since this has been reported to cause boot regressions for
some users, mostly with parallel boot (systemd) on slower hardware.
On fast systems where local users are considered particularly hostile,
administrators can return to the 5 second timeout (or any other value
in milliseconds) by saving this as /etc/dbus-1/system-local.conf:
<busconfig>
<limit name="auth_timeout">5000</limit>
</busconfig>
(fd.o #86431, Simon McVittie)
• Add a message in syslog/the Journal when the auth_timeout is exceeded
(fd.o #86431, Simon McVittie)
• Send back an AccessDenied error if the addressed recipient is not
allowed to receive a message (and in builds with assertions enabled,
don't assert under the same conditions). (fd.o #86194,
Jacek Bukarewicz)
--
Simon McVittie, Collabora Ltd.
More information about the Ftp-release
mailing list