From: Simon McVittie Date: Tue, 2 Jun 2020 11:18:05 +0000 (+0100) Subject: Prepare 1.13.16 X-Git-Tag: dbus-1.13.16^0 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fc2ee9f73bf3c14f2320f17fd907390ad3b96b54;p=thirdparty%2Fdbus.git Prepare 1.13.16 Signed-off-by: Simon McVittie --- diff --git a/NEWS b/NEWS index b9a60226d..fff361d75 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,19 @@ -dbus 1.13.16 (UNRELEASED) +dbus 1.13.16 (2020-06-02) ========================= +The “ominous mushroom hat” release. + +Denial of service fixes: + +• CVE-2020-12049: If a message contains more file descriptors than can + be sent, close those that did get through before reporting error. + Previously, a local attacker could cause the system dbus-daemon (or + another system service with its own DBusServer) to run out of file + descriptors, by repeatedly connecting to the server and sending fds that + would get leaked. + Thanks to Kevin Backhouse of GitHub Security Lab. + (dbus#294, GHSL-2020-057; Simon McVittie) + Enhancements: • The API reference manual can be built as a Qt compiled help file if diff --git a/configure.ac b/configure.ac index e8522f646..110dcd817 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [13]) -m4_define([dbus_micro_version], [15]) +m4_define([dbus_micro_version], [16]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus], [dbus_version], [https://gitlab.freedesktop.org/dbus/dbus/issues], [dbus]) @@ -38,7 +38,7 @@ AC_DEFINE_UNQUOTED(DBUS_DAEMON_NAME,"dbus-daemon",[Name of executable]) # ## increment if the interface has additions, changes, removals. -LT_CURRENT=30 +LT_CURRENT=31 ## increment any time the source changes; set to ## 0 if you increment CURRENT @@ -47,7 +47,7 @@ LT_REVISION=0 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has ## precedence over adding, so set to 0 if both happened. -LT_AGE=27 +LT_AGE=28 AC_SUBST(LT_CURRENT) AC_SUBST(LT_REVISION)