diff options
author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2014-06-30 14:18:03 +0100 |
---|---|---|
committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2014-06-30 14:18:03 +0100 |
commit | 194f6f758983aacad4ea32dc0038ef19d23c6e21 (patch) | |
tree | d95f815ef9c6d30c6083210a9cd744fbedb75e81 | |
parent | 9ca90648fc870c24d852ce6d7ce9387a9fc9a94a (diff) |
Prepare 1.8.6 in advancedbus-1.8.6
-rw-r--r-- | NEWS | 19 | ||||
-rw-r--r-- | configure.ac | 4 |
2 files changed, 19 insertions, 4 deletions
@@ -1,7 +1,22 @@ -D-Bus 1.8.6 (UNRELEASED) +D-Bus 1.8.6 (2014-06-02) == -Fixes: +Security fixes: + +• On Linux ≥ 2.6.37-rc4, if sendmsg() fails with ETOOMANYREFS, silently drop + the message. This prevents an attack in which a malicious client can + make dbus-daemon disconnect a system service, which is a local + denial of service. + (fd.o #80163, CVE-2014-3532; Alban Crequy) + +• Track remaining Unix file descriptors correctly when more than one + message in quick succession contains fds. This prevents another attack + in which a malicious client can make dbus-daemon disconnect a system + service. + (fd.o #79694, fd.o #80469, CVE-2014-3533; Alejandro Martínez Suárez, + Simon McVittie, Alban Crequy) + +Other fixes: • When dbus-launch --exit-with-session starts a dbus-daemon but then cannot attach to a session, kill the dbus-daemon as intended diff --git a/configure.ac b/configure.ac index 13d0aa94..8ffbb5c3 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [8]) -m4_define([dbus_micro_version], [5]) +m4_define([dbus_micro_version], [6]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) @@ -37,7 +37,7 @@ LT_CURRENT=11 ## increment any time the source changes; set to ## 0 if you increment CURRENT -LT_REVISION=5 +LT_REVISION=6 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has |