[Ftp-release] Announcing dbus 1.12.26 (maintenance update)

Simon McVittie smcv at collabora.com
Wed Feb 8 17:16:48 UTC 2023

dbus is the reference implementation of D-Bus, a message bus for
communication between applications and system services.

This is a maintenance update for the dbus 1.12.x old-stable branch, fixing
the same denial-of-service issue as 1.14.6 and a possible test regression
in 1.12.24.

In most cases the OS distributions that use this branch will not need to
update to this version, because they do not compile dbus with assertions
enabled for production use.

The recommended production branch of dbus is 1.14.x. 1.12.x remains
supported for the benefit of long-term-stable distributions that have
chosen to stay on the 1.12.x branch, such as Debian 11 and Ubuntu 22.04.

The 1.12.x branch will cease to be supported when Debian 11 reaches EOL
(expected to happen in mid 2024).

git tag: dbus-1.12.26

Denial of service fixes:

• Fix an incorrect assertion that could be used to crash dbus-daemon or
  other users of DBusServer prior to authentication, if libdbus was compiled
  with assertions enabled.
  We recommend that production builds of dbus, for example in OS distributions,
  should be compiled with checks but without assertions.
  (dbus#421, Ralf Habacker; thanks to Evgeny Vereshchagin)

Other fixes:

• Documentation:
  · Consistently use Gitlab bug reporting URL (dbus!372, Marco Trevisan)

• Tests fixes:
  · Fix the test-apparmor-activation test after dbus#416
    (dbus!380, Dave Jones)

Simon McVittie, Collabora Ltd. / Debian
on behalf of the dbus maintainers

More information about the Ftp-release mailing list