1.6.28dbus-1.6.28

2 files changed, 22 insertions, 4 deletions

diff --git a/NEWS b/NEWS
index e9046d46..0f7af531 100644
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,25 @@
-D-Bus 1.6.28 (UNRELEASED)
+D-Bus 1.6.28 (2014-11-24)
 ==
 
-...
+Regression fix backported from 1.8.12:
+
+• Partially revert the CVE-2014-3639 patch by increasing the default
+  authentication timeout on the system bus from 5 seconds back to 30
+  seconds, since this has been reported to cause boot regressions for
+  some users, mostly with parallel boot (systemd) on slower hardware.
+
+  On fast systems where local users are considered particularly hostile,
+  administrators can return to the 5 second timeout (or any other value
+  in milliseconds) by saving this as /etc/dbus-1/system-local.conf:
+
+  <busconfig>
+    <limit name="auth_timeout">5000</limit>
+  </busconfig>
+
+  (fd.o #86431, Simon McVittie)
+
+• Add a message in syslog/the Journal when the auth_timeout is exceeded
+  (fd.o #86431, Simon McVittie)
 
 D-Bus 1.6.26 (2014-11-10)
 ==
diff --git a/configure.ac b/configure.ac
index fb98da36..24f02a7a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3,7 +3,7 @@ AC_PREREQ([2.63])
 
 m4_define([dbus_major_version], [1])
 m4_define([dbus_minor_version], [6])
-m4_define([dbus_micro_version], [27])
+m4_define([dbus_micro_version], [28])
 m4_define([dbus_version],
           [dbus_major_version.dbus_minor_version.dbus_micro_version])
 AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus])
@@ -37,7 +37,7 @@ LT_CURRENT=10
 
 ## increment any time the source changes; set to
 ##  0 if you increment CURRENT
-LT_REVISION=10
+LT_REVISION=11
 
 ## increment if any interfaces have been added; set to 0
 ## if any interfaces have been changed or removed. removal has