From: Simon McVittie Date: Thu, 14 May 2015 13:41:06 +0000 (+0100) Subject: Merge branch 'dbus-1.8' X-Git-Tag: dbus-1.9.16~3 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1c4f87ca2849ae49d6083a5a279d870aee52b5a3;p=thirdparty%2Fdbus.git Merge branch 'dbus-1.8' Conflicts: NEWS cmake/CMakeLists.txt configure.ac --- 1c4f87ca2849ae49d6083a5a279d870aee52b5a3 diff --cc NEWS index c57b7b3c9,308c6953e..e44d4a1a8 --- a/NEWS +++ b/NEWS @@@ -1,18 -1,35 +1,39 @@@ -D-Bus 1.8.20 (UNRELEASED) +D-Bus 1.9.16 (UNRELEASED) == -... - -D-Bus 1.8.18 (2015-05-14) -== - -The “unicorn rifts” release. - + Security hardening: + + • On Unix platforms, change the default configuration for the session bus + to only allow EXTERNAL authentication (secure kernel-mediated + credentials-passing), as was already done for the system bus. + + This avoids falling back to DBUS_COOKIE_SHA1, which relies on strongly + unpredictable pseudo-random numbers; under certain circumstances + (/dev/urandom unreadable or malloc() returns NULL), dbus could + fall back to using rand(), which does not have the desired unpredictability. + The fallback to rand() has not been changed in this stable-branch since + the necessary code changes for correct error-handling are rather intrusive. + + If you are using D-Bus over the (unencrypted!) tcp: or nonce-tcp: transport, + in conjunction with DBUS_COOKIE_SHA1 and a shared home directory using + NFS or similar, you will need to reconfigure the session bus to accept + DBUS_COOKIE_SHA1 by commenting out the element. This configuration + is not recommended. + + (fd.o #90414, Simon McVittie) + -Other fixes: +Enhancements: + +• Add dbus_message_iter_get_element_count() + (fd.o #30350; Christian Dywan, Simon McVittie) + +• Introduce new internal DBusSocket and DBusPollable types so we can + stop treating the Windows SOCKET type as if it was int. DBusSocket + is specifically a socket, cross-platform. DBusPollable is whatever + _dbus_poll() can act on, i.e. a fd on Unix or a SOCKET on Windows. + (fd.o #89444; Ralf Habacker, Simon McVittie) + +Fixes: • Add locking to DBusCounter's reference count and notify function (fd.o #89297, Adrian Szyndela)