[Ftp-release] Announcing D-Bus 1.8.12

Simon McVittie simon.mcvittie at collabora.co.uk
Mon Nov 24 13:02:12 PST 2014


The “days of fuchsia passed” release.

This is a bugfix release for the current stable branch, 1.8.x, fixing a
regression introduced in 1.8.8. Please upgrade unless you have a reason
to keep using an older branch.

http://dbus.freedesktop.org/releases/dbus/dbus-1.8.12.tar.gz
http://dbus.freedesktop.org/releases/dbus/dbus-1.8.12.tar.gz.asc
git tag: dbus-1.8.12
git branch: dbus-1.8

Fixes:

• Partially revert the CVE-2014-3639 patch by increasing the default
  authentication timeout on the system bus from 5 seconds back to 30
  seconds, since this has been reported to cause boot regressions for
  some users, mostly with parallel boot (systemd) on slower hardware.

  On fast systems where local users are considered particularly hostile,
  administrators can return to the 5 second timeout (or any other value
  in milliseconds) by saving this as /etc/dbus-1/system-local.conf:

  <busconfig>
    <limit name="auth_timeout">5000</limit>
  </busconfig>

  (fd.o #86431, Simon McVittie)

• Add a message in syslog/the Journal when the auth_timeout is exceeded
  (fd.o #86431, Simon McVittie)

• Send back an AccessDenied error if the addressed recipient is not
  allowed to receive a message (and in builds with assertions enabled,
  don't assert under the same conditions). (fd.o #86194,
  Jacek Bukarewicz)

-- 
Simon McVittie, Collabora Ltd.


More information about the Ftp-release mailing list