diff options
| author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2017-02-16 13:37:46 +0000 |
|---|---|---|
| committer | Simon McVittie <smcv@debian.org> | 2017-02-16 14:12:01 +0000 |
| commit | 8b582cb10d7cf00af7a70496aec48af24edc542b (patch) | |
| tree | 6567e72ee302a12a8f3264e5463ce565ca8af59b | |
| parent | 1488f02d9e34a3ef0710dace2b1e92cbc30cd99d (diff) | |
Prepare 1.10.16dbus-1.10.16
| -rw-r--r-- | NEWS | 25 | ||||
| -rw-r--r-- | configure.ac | 4 |
2 files changed, 25 insertions, 4 deletions
@@ -1,6 +1,12 @@ -D-Bus 1.10.16 (UNRELEASED) +D-Bus 1.10.16 (2017-02-16) == +The “super digging powers” release. + +The fixes in this release are arguably security fixes, but if they +affect you, please take this opportunity to rethink how you are +configuring dbus. + Enhancements: • Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian @@ -9,7 +15,22 @@ Enhancements: Fixes: -... +• Prevent symlink attacks in the nonce-tcp transport on Unix that could + allow an attacker to overwrite a file named "nonce", in a directory + that the user running dbus-daemon can write, with a random value + known only to the user running dbus-daemon. This is unlikely to be + exploitable in practice, particularly since the nonce-tcp transport + is really only useful on Windows. + + On Unix systems we strongly recommend using only the unix: and systemd: + transports, together with EXTERNAL authentication. These are the only + transports and authentication mechanisms enabled by default, + + (fd.o #99828, Simon McVittie) + +• Avoid symlink attacks in the "embedded tests", which are not enabled + by default and should never be enabled in production builds of dbus. + (fd.o #99828, Simon McVittie) D-Bus 1.10.14 (2016-11-28) == diff --git a/configure.ac b/configure.ac index 2af08ba3..9ad52fff 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [10]) -m4_define([dbus_micro_version], [15]) +m4_define([dbus_micro_version], [16]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) @@ -38,7 +38,7 @@ LT_CURRENT=17 ## increment any time the source changes; set to ## 0 if you increment CURRENT -LT_REVISION=9 +LT_REVISION=10 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has |