Prepare 1.12.18

Signed-off-by: Simon McVittie <smcv@collabora.com>

diff --git a/NEWS b/NEWS
index 0ddddfd3f297f4ab36aca17ab1d22cba94b67ed5..a38c5992efeb035b2473b695191839c71975f313 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,20 @@
-dbus 1.12.18 (UNRELEASED)
+dbus 1.12.18 (2020-06-02)
 =========================
 
-Fixes:
+The “telepathic vines” release.
+
+Denial of service fixes:
+
+• CVE-2020-12049: If a message contains more file descriptors than can
+  be sent, close those that did get through before reporting error.
+  Previously, a local attacker could cause the system dbus-daemon (or
+  another system service with its own DBusServer) to run out of file
+  descriptors, by repeatedly connecting to the server and sending fds that
+  would get leaked.
+  Thanks to Kevin Backhouse of GitHub Security Lab.
+  (dbus#294, GHSL-2020-057; Simon McVittie)
+
+Other fixes:
 
 • Fix a crash when the dbus-daemon is terminated while one or more
   monitors are active (dbus#291, dbus!140; Simon McVittie)

diff --git a/configure.ac b/configure.ac
index a1ba877af05c9c4983e7f590002fe5e3990d938f..0601c4213347a9b1613f057be20a8d2e3e82445d 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -3,7 +3,7 @@ AC_PREREQ([2.63])
 
 m4_define([dbus_major_version], [1])
 m4_define([dbus_minor_version], [12])
-m4_define([dbus_micro_version], [17])
+m4_define([dbus_micro_version], [18])
 m4_define([dbus_version],
           [dbus_major_version.dbus_minor_version.dbus_micro_version])
 AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus])
@@ -42,7 +42,7 @@ LT_CURRENT=22
 
 ## increment any time the source changes; set to
 ##  0 if you increment CURRENT
-LT_REVISION=11
+LT_REVISION=12
 
 ## increment if any interfaces have been added; set to 0
 ## if any interfaces have been changed or removed. removal has