From: Simon McVittie Date: Thu, 2 Jul 2020 09:24:55 +0000 (+0100) Subject: Update NEWS X-Git-Tag: dbus-1.13.18~1 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=00e7beaac2e0fe662edb74793f5b708833b66b97;p=thirdparty%2Fdbus.git Update NEWS Signed-off-by: Simon McVittie --- diff --git a/NEWS b/NEWS index 52db9a4e4..839e6109d 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,40 @@ dbus 1.13.18 (UNRELEASED) ========================= -... +The “carnivorous border” release. + +Maybe security fixes: + +• On Unix, avoid a use-after-free if two usernames have the same + numeric uid. In older versions this could lead to a crash (denial of + service) or other undefined behaviour, possibly including incorrect + authorization decisions if is used. + Like Unix filesystems, D-Bus' model of identity cannot distinguish + between users of different names with the same numeric uid, so this + configuration is not advisable on systems where D-Bus will be used. + Thanks to Daniel Onaca. + (dbus#305, dbus!166; Simon McVittie) + +Other fixes: + +• On Solaris and its derivatives, if a cmsg header is truncated, ensure + that we do not overrun the buffer used for fd-passing, even if the + kernel tells us to. + (dbus#304, dbus!165; Andy Fiddaman) + +• When built with CMake, use GNUInstallDirs' special-cases for prefixes + /, /usr and /opt/* + (dbus!155, Ralf Habacker) + +• When built with CMake on Linux, allow systemd-specific features to be + enabled, for feature parity with Autotools + (dbus!155, Ralf Habacker) + +• When built with CMake, install the same example files as with Autotools + (dbus!155, Ralf Habacker) + +• Correct the doc-comment for DBUS_ERROR_SPAWN_NO_MEMORY + (dbus!163, Marc-André Lureau) dbus 1.13.16 (2020-06-02) =========================