+2008-02-26 John (J5) Palmieri <johnp@redhat.com>
+
+ * CVE-2008-0595 - security policy of the type <allow send_interface=
+ "some.interface.WithMethods"/> work as an implicit allow for
+ messages sent without an interface bypassing the default deny rules
+ and potentially allowing restricted methods exported on the bus to be
+ executed by unauthorized users. This patch fixes the issue.
+ * bus/policy.c (bus_client_policy_check_can_send,
+ bus_client_policy_check_can_receive): skip messages without an
+ interface when evaluating an allow rule, and thus pass it to the
+ default deny rules
+
+2008-02-26 John (J5) Palmieri <johnp@redhat.com>
+
+ * correctly unref connections without guids during shutdown
+ * dbus/dbus-connection.c (close_connection_on_shutdown): new method
+ split out from shared_connections_shutdown
+ (shared_connections_shutdown): shutdown all shared connections
+ without guids
+ (_dbus_connection_ref_unlocked): handle OOM when prepending no guid
+ connections to the shared_connections_no_guid list
+ * Patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+2008-02-21 John (J5) Palmieri <johnp@redhat.com>
+
+ * fix build against the latest gcc/glibc
+ * dbus/dbus-sysdeps-unix.c: define _GNU_SOURCE
+ * bus/selinux.c: include limits.h
+ * Patch by Matthias Clasen <mclasen at redhat.com>
+
+2008-02-21 John (J5) Palmieri <johnp@redhat.com>
+
+ * fixes dbus-launch so the bus goes away when X does
+ (Red Hat Bug #430412)
+ * tools/dbus-launch.c (main): set xdisplay = NULL
+ * Patch by Matthias Clasen <mclasen at redhat.com>
+
+2008-01-17 John (J5) Palmieri <johnp@redhat.com>
+
+ * Released 1.1.4
+
+2008-01-17 Timo Hoenig <thoenig@suse.de>
+ * fix inotify support
+ * bus/dir-watch-inotify.c (_handle_inotify_watch): fix reading of the
+ inotify events. Also, use ssize_t not size_t for 'ret'.
+ * bus/dir-watch-inotify.c (bus_watch_directory): watch not only for
+ IN_MODIFY but also for IN_CREATE and IN_DELETE
+ * bus/dir-watch-inotify.c (bus_drop_all_directory_watches): drop the
+ inotify watches more elegantly by closing inotify:_fd, set inotify_fd to
+ -1 after dropping the watches
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * configure.in: post-release version bump
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * Released 1.1.3 (1.2.0RC1)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * fix hacking to say git instead of cvs
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Sébastien Couret <10function at gmail dot com>
+
+ * dbus/dbus-marshal-recursive.c (all_reader_classes[]): wrap in
+ #ifndef DBUS_DISABLE_ASSERT since it is only used in asserts which
+ are noop
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Magnus Henoch <henoch plus bfdo at dtek dot chalmers dot se>
+
+ * dbus/dbus-auth.c (handle_server_data_external_mech): handle SASL
+ EXTERNAL's inital empty responce (FDO Bug #9945)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * bus/messagebus.in: add lsb headers (FDO Bug #11491)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Peter O'Gorman <pogma at thewrittenword dot com>
+
+ * dbus/dbus-spawn.c (babysit_signal_handler): check write return value
+ so we don't hang (FDO Bug #11665)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Peter O'Gorman <pogma at thewrittenword dot com>
+
+ * dbus/dbus-sysdeps.h: support for AIX poll implementation (FDO Bug
+ #11666)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * tests/name-test/run-test.sh: make more portable (FDO Bug #11667)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * dbus/dbus-connection.c (_dbus_connection_get_next_client_serial):
+ don't check for < 0 on an unsigned variable (FDO Bug #12924)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * bus/bus.c (setup_server): check failed allocation (FDO Bug #12920)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * dbus/dbus-spawn.c (_dbus_spawn_async_with_babysitter): the API
+ contract says sitter_p can be NULL, so let's check it (FDO Bug #12919)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * dbus/dbus-spawn.c (read_ints, read_pid): use correct ssize_t type
+ instead of size_t (FDO Bug #12862)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * dbus/dbus-errors.c (dbus_set_error): make sure to call va_end if we
+ hit an OOM error inside va_start (FDO Bug #12846)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * dbus/dbus-connection.c (dbus_connection_send_with_reply):
+ fix possible crash if pending_return is NULL (FDO Bug #12673)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * portions of patch submitted by Tim Mooney
+ <enchanter at users dot sourceforge dot net>
+
+ * configure.in: never auto-select libxml (FDO Bug #12479)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patches by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * dbus/dbus-sysdeps-unix (_dbus_get_autolaunch_address): handle OOM
+ (FDO Bug #12945)
+
+ * dbus/dbus-uuidgen.c (return_uuid): handle OOM (FDO Bug #12928)
+
+ * dbus/dbus-misc.c (dbus_get_local_machine_id): handle OOM, fix return
+ value to return NULL not FALSE (FDO Bug #12946)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * bus/bus.c (bus_context_check_security_policy): rewrite selinux error
+ handling to not abort due to a NULL read and to set the error only if
+ it is not already set (Based off of FDO Bug #12430)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * dbus/dbus-internals.c (_dbus_read_uuid_file_without_creating,
+ _dbus_create_uuid_file_exclusively): add OOM handling (FDO Bug #12952)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * dbus/dbus-spawn.c (babysit, babysitter_iteration): add error
+ handling when polling (FDO Bug #12954)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * bus/config-parser.c (locate_attributes): remove dead code which
+ always evaluated to TRUE
+
+ * dbus/dbus-shell.c (_dbus_shell_quote): remove unused code
+
+2008-01-14 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * bus/connection.c (bus_connection_complete): plug a possible
+ BusClientPolicy leak (FDO Bug #13242)
+
+2008-01-14 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Frederic Crozat <fcrozat at mandriva dot com> (FDO Bz#
+ 13268)
+
+ * add inotify support
+
+ * bus/Makefile.am: add inotify module to the build
+
+ * bus/dir-watch-inotify.c: inotify module based off the dnotify and
+ kqueue modules
+
+ * configure.in: add checks and switch for inotify
+ also add a printout at the end of configure if inotify and kqueue
+ support is being built in (dnotify already had this)
+
+2008-01-14 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Frederic Crozat <fcrozat at mandriva dot com>
+
+ * bus/dir-watch-dnotify.c (bus_watch_directory): watch for file
+ creates also
+
+2008-01-14 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * dbus/dbus-transport-socket.c(do_reading): return message
+ loader buffer in case of OOM (FDO Bug#12666)
+
+2008-01-14 John (J5) Palmieri <johnp@redhat.com>
+
+ * configure.in: add warning to output when libxml is selected since
+ we don't have a libxml maintainer and expat works perfectly fine
+ for what we need an xml parser for
+
+2008-01-14 John (J5) Palmieri <johnp@redhat.com>
+
+ * Patch by Andrea Luzzardi <scox at sig11 dot org>: creates a
+ _dbus_geteuid function to fix EXTERNAL authentication in setuid
+ applications
+
+ * dbus/dbus-sysdeps-unix.c (_dbus_geteuid): used to get the effective
+ uid of the running program
+ (_dbus_credentials_add_from_current_process): use geteuid instead of
+ getuid
+ (_dbus_append_user_from_current_process): use geteuid instead of
+ getuid
+
+ * dbus/dbus-sysdeps-util-unix.c (_dbus_change_to_daemon_user): use
+ geteuid instead of getuid
+ (_dbus_unix_user_is_at_console): use geteuid instead of getuid
+
+ * dbus/dbus-sysdeps-win.c (_dbus_geteuid): add a windows equivilant
+ that returns DBUS_UID_UNSET
+
+2007-12-18 Havoc Pennington <hp@redhat.com>
+
+ * dbus/dbus-connection.c (_dbus_connection_block_pending_call):
+ fix location of curly braces
+
+2007-11-23 Sjoerd Simons <sjoerd@luon.net>
+
+ * tools/dbus-launch.c: let both a normal dbus-launch and an
+ autolaunched bus save their parameters in X11 if possible. This makes
+ the autolaunch and non-autolaunch behaviour more similar. With the
+ exception that on a normal launch there will always be a new session
+ bus and not being able to save parameters is not fatal. This also
+ enables to launch programs directly with autolaunch (not very usefull
+ though).
+
+2007-10-31 Havoc Pennington <hp@redhat.com>
+
+ * bus/selinux.c (log_audit_callback): rewrite to use
+ _dbus_string_copy_to_buffer_with_nul()
+
+ * dbus/dbus-string.c (_dbus_string_copy_to_buffer): change to NOT
+ nul-terminate the buffer; fail an assertion if there is not enough
+ space in the target buffer. This fixes two bugs where
+ copy_to_buffer was used to copy the binary bytes in a UUID, where
+ nul termination did not make sense. Bug reported by David Castelow.
+ (_dbus_string_copy_to_buffer_with_nul): new function that always
+ nul-terminates the buffer, and fails an assertion if there is not
+ enough space in the buffer.
+
+2007-10-23 Havoc Pennington <hp@redhat.com>
+
+ * bus/bus.c (bus_context_new): use the new name here
+
+ * bus/selinux.c (bus_selinux_audit_init): rename from audit_init()
+ to avoid possible libc conflict, and declare it in .h file to
+ avoid a warning
+
+2007-10-19 Havoc Pennington <hp@redhat.com>
+
+ * bus/bus.c (bus_context_new): put audit_init() in HAVE_SELINUX
+
+2007-10-19 Havoc Pennington <hp@redhat.com>
+
+ * bus/bus.c (bus_context_new): put the audit_init() in here
+ instead, which I believe ends up being the same as where it was
+ before, though I'm not sure I understand why it goes here.
+
+ * dbus/dbus-sysdeps-util-unix.c (_dbus_change_to_daemon_user):
+ remove audit_init() from here, this file can't depend on code in
+ bus/ directory
+
+2007-10-16 Simon McVittie <simon.mcvittie@collabora.co.uk>
+
+ * configure.in: *Actually* fix detection of i486 atomic ops -
+ my previous attempt at a fix would always enable them due to wrong
+ quoting. Patch from Colin Walters <walters@verbum.org>
+
2007-10-11 Simon McVittie <simon.mcvittie@collabora.co.uk>
* configure.in: enable Autoconf's AC_C_INLINE to avoid compilation