dbus 1.13.18 (UNRELEASED)
=========================
-...
+The “carnivorous border” release.
+
+Maybe security fixes:
+
+• On Unix, avoid a use-after-free if two usernames have the same
+ numeric uid. In older versions this could lead to a crash (denial of
+ service) or other undefined behaviour, possibly including incorrect
+ authorization decisions if <policy group=...> is used.
+ Like Unix filesystems, D-Bus' model of identity cannot distinguish
+ between users of different names with the same numeric uid, so this
+ configuration is not advisable on systems where D-Bus will be used.
+ Thanks to Daniel Onaca.
+ (dbus#305, dbus!166; Simon McVittie)
+
+Other fixes:
+
+• On Solaris and its derivatives, if a cmsg header is truncated, ensure
+ that we do not overrun the buffer used for fd-passing, even if the
+ kernel tells us to.
+ (dbus#304, dbus!165; Andy Fiddaman)
+
+• When built with CMake, use GNUInstallDirs' special-cases for prefixes
+ /, /usr and /opt/*
+ (dbus!155, Ralf Habacker)
+
+• When built with CMake on Linux, allow systemd-specific features to be
+ enabled, for feature parity with Autotools
+ (dbus!155, Ralf Habacker)
+
+• When built with CMake, install the same example files as with Autotools
+ (dbus!155, Ralf Habacker)
+
+• Correct the doc-comment for DBUS_ERROR_SPAWN_NO_MEMORY
+ (dbus!163, Marc-André Lureau)
dbus 1.13.16 (2020-06-02)
=========================
projects / thirdparty / dbus.git / commitdiff
