From: Simon McVittie Date: Wed, 12 Jun 2013 13:49:37 +0000 (+0100) Subject: Merge branch 'dbus-1.6' X-Git-Tag: dbus-1.7.4~6 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=51fe1c05aceaf058907007a25a2d46f30a9c83a6;p=thirdparty%2Fdbus.git Merge branch 'dbus-1.6' Conflicts: NEWS configure.ac --- 51fe1c05aceaf058907007a25a2d46f30a9c83a6 diff --cc NEWS index 75641f0a5,46cf8b323..5491e6635 --- a/NEWS +++ b/NEWS @@@ -1,28 -1,17 +1,34 @@@ -D-Bus 1.6.14 (UNRELEASED) +D-Bus 1.7.4 (UNRELEASED) == -... - -D-Bus 1.6.12 (2013-06-13) -== - -Fixes: ++Security fixes: + + • CVE-2013-2168: Fix misuse of va_list that could be used as a denial + of service for system services. Vulnerability reported by Alexandru Cornea. + (Simon) + +Dependencies: + +• The Windows version of libdbus now contains a C++ source file, used + to provide global initialization when the library is loaded. + gcc (mingw*) users should ensure that g++ is also installed. + +• The libxml2-based configuration reader (which hasn't worked for 2.5 years, + and was never the recommended option) has been removed. Expat is now a + hard dependency. + +Enhancements: + +• It should now be safe to call dbus_threads_init_default() from any thread, + at any time. Authors of loadable modules and plugins that use libdbus + should consider doing so during initialization. + (fd.o #54972, Simon McVittie) + +• Improve dbus-send documentation and command-line parsing (fd.o #65424, + Chengwei Yang) + - Fixes: ++Other fixes: + • In dbus-daemon, don't crash if a .service file starts with key=value (fd.o #60853, Chengwei Yang)