-D-Bus 1.10.16 (UNRELEASED)
+D-Bus 1.10.16 (2017-02-16)
==
+The “super digging powers” release.
+
+The fixes in this release are arguably security fixes, but if they
+affect you, please take this opportunity to rethink how you are
+configuring dbus.
+
Enhancements:
• Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian
Fixes:
-...
+• Prevent symlink attacks in the nonce-tcp transport on Unix that could
+ allow an attacker to overwrite a file named "nonce", in a directory
+ that the user running dbus-daemon can write, with a random value
+ known only to the user running dbus-daemon. This is unlikely to be
+ exploitable in practice, particularly since the nonce-tcp transport
+ is really only useful on Windows.
+
+ On Unix systems we strongly recommend using only the unix: and systemd:
+ transports, together with EXTERNAL authentication. These are the only
+ transports and authentication mechanisms enabled by default,
+
+ (fd.o #99828, Simon McVittie)
+
+• Avoid symlink attacks in the "embedded tests", which are not enabled
+ by default and should never be enabled in production builds of dbus.
+ (fd.o #99828, Simon McVittie)
D-Bus 1.10.14 (2016-11-28)
==
m4_define([dbus_major_version], [1])
m4_define([dbus_minor_version], [10])
-m4_define([dbus_micro_version], [15])
+m4_define([dbus_micro_version], [16])
m4_define([dbus_version],
[dbus_major_version.dbus_minor_version.dbus_micro_version])
AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus])
## increment any time the source changes; set to
## 0 if you increment CURRENT
-LT_REVISION=9
+LT_REVISION=10
## increment if any interfaces have been added; set to 0
## if any interfaces have been changed or removed. removal has
projects / thirdparty / dbus.git / commitdiff
