diff options
-rw-r--r-- | NEWS | 25 | ||||
-rw-r--r-- | configure.ac | 4 |
2 files changed, 25 insertions, 4 deletions
@@ -1,6 +1,12 @@ -D-Bus 1.10.16 (UNRELEASED) +D-Bus 1.10.16 (2017-02-16) == +The “super digging powers” release. + +The fixes in this release are arguably security fixes, but if they +affect you, please take this opportunity to rethink how you are +configuring dbus. + Enhancements: • Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian @@ -9,7 +15,22 @@ Enhancements: Fixes: -... +• Prevent symlink attacks in the nonce-tcp transport on Unix that could + allow an attacker to overwrite a file named "nonce", in a directory + that the user running dbus-daemon can write, with a random value + known only to the user running dbus-daemon. This is unlikely to be + exploitable in practice, particularly since the nonce-tcp transport + is really only useful on Windows. + + On Unix systems we strongly recommend using only the unix: and systemd: + transports, together with EXTERNAL authentication. These are the only + transports and authentication mechanisms enabled by default, + + (fd.o #99828, Simon McVittie) + +• Avoid symlink attacks in the "embedded tests", which are not enabled + by default and should never be enabled in production builds of dbus. + (fd.o #99828, Simon McVittie) D-Bus 1.10.14 (2016-11-28) == diff --git a/configure.ac b/configure.ac index 2af08ba3..9ad52fff 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [10]) -m4_define([dbus_micro_version], [15]) +m4_define([dbus_micro_version], [16]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) @@ -38,7 +38,7 @@ LT_CURRENT=17 ## increment any time the source changes; set to ## 0 if you increment CURRENT -LT_REVISION=9 +LT_REVISION=10 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has |