diff options
| author | Simon McVittie <smcv@debian.org> | 2015-05-14 13:28:38 +0100 |
|---|---|---|
| committer | Simon McVittie <smcv@debian.org> | 2015-05-14 13:28:38 +0100 |
| commit | 1788e8f93d80007ead16490b54e15000a89ecff1 (patch) | |
| tree | 56aef49da1bd98c0d7b4ca393fd8e6baf4072b88 | |
| parent | d9ab8931822999336b84cac0499a12e11c11e298 (diff) | |
1.8.18dbus-1.8.18
| -rw-r--r-- | NEWS | 27 | ||||
| -rw-r--r-- | configure.ac | 4 |
2 files changed, 27 insertions, 4 deletions
@@ -1,7 +1,30 @@ -D-Bus 1.8.18 (UNRELEASED) +D-Bus 1.8.18 (2015-05-14) == -Fixes: +The “unicorn rifts” release. + +Security hardening: + +• On Unix platforms, change the default configuration for the session bus + to only allow EXTERNAL authentication (secure kernel-mediated + credentials-passing), as was already done for the system bus. + + This avoids falling back to DBUS_COOKIE_SHA1, which relies on strongly + unpredictable pseudo-random numbers; under certain circumstances + (/dev/urandom unreadable or malloc() returns NULL), dbus could + fall back to using rand(), which does not have the desired unpredictability. + The fallback to rand() has not been changed in this stable-branch since + the necessary code changes for correct error-handling are rather intrusive. + + If you are using D-Bus over the (unencrypted!) tcp: or nonce-tcp: transport, + in conjunction with DBUS_COOKIE_SHA1 and a shared home directory using + NFS or similar, you will need to reconfigure the session bus to accept + DBUS_COOKIE_SHA1 by commenting out the <auth> element. This configuration + is not recommended. + + (fd.o #90414, Simon McVittie) + +Other fixes: • Add locking to DBusCounter's reference count and notify function (fd.o #89297, Adrian Szyndela) diff --git a/configure.ac b/configure.ac index 60e1b344..eb803af3 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [8]) -m4_define([dbus_micro_version], [17]) +m4_define([dbus_micro_version], [18]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) @@ -37,7 +37,7 @@ LT_CURRENT=11 ## increment any time the source changes; set to ## 0 if you increment CURRENT -LT_REVISION=11 +LT_REVISION=12 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has |