diff options
| author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2015-01-01 23:42:41 +0000 |
|---|---|---|
| committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2015-01-01 23:42:41 +0000 |
| commit | abbbf449f17e0a74a5d9a50fb5b074e96e9b7030 (patch) | |
| tree | 6b1fad41d0f233eb3090acb81e04b30908d918d6 | |
| parent | eec885de3b4b9559a2f28be7c17bf21ca8d2382f (diff) | |
Prepare release for Mondaydbus-1.8.14
| -rw-r--r-- | NEWS | 30 | ||||
| -rw-r--r-- | configure.ac | 4 |
2 files changed, 30 insertions, 4 deletions
@@ -1,7 +1,33 @@ -D-Bus 1.8.14 (UNRELEASED) +D-Bus 1.8.14 (2015-01-05) == -... +The “40lb of roofing nails” release. + +Security hardening: + +• Do not allow calls to UpdateActivationEnvironment from uids other than + the uid of the dbus-daemon. If a system service installs unsafe + security policy rules that allow arbitrary method calls + (such as CVE-2014-8148) then this prevents memory consumption and + possible privilege escalation via UpdateActivationEnvironment. + + We believe that in practice, privilege escalation here is avoided + by dbus-daemon-launch-helper sanitizing its environment; but + it seems better to be safe. + +• Do not allow calls to UpdateActivationEnvironment or the Stats interface + on object paths other than /org/freedesktop/DBus. Some system services + install unsafe security policy rules that allow arbitrary method calls + to any destination, method and interface with a specified object path; + while less bad than allowing arbitrary method calls, these security + policies are still harmful, since dbus-daemon normally offers the + same API on all object paths and other system services might behave + similarly. + +Other fixes: + +• Add missing initialization so GetExtendedTcpTable doesn't crash on + Windows Vista SP0 (fd.o #77008, Илья А. Ткаченко) D-Bus 1.8.12 (2014-11-24) == diff --git a/configure.ac b/configure.ac index 05b58f76..4bd17b7b 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [8]) -m4_define([dbus_micro_version], [13]) +m4_define([dbus_micro_version], [14]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) @@ -37,7 +37,7 @@ LT_CURRENT=11 ## increment any time the source changes; set to ## 0 if you increment CURRENT -LT_REVISION=9 +LT_REVISION=10 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has |