+2008-02-26 John (J5) Palmieri <johnp@redhat.com>
+
+ * CVE-2008-0595 - security policy of the type <allow send_interface=
+ "some.interface.WithMethods"/> work as an implicit allow for
+ messages sent without an interface bypassing the default deny rules
+ and potentially allowing restricted methods exported on the bus to be
+ executed by unauthorized users. This patch fixes the issue.
+ * bus/policy.c (bus_client_policy_check_can_send,
+ bus_client_policy_check_can_receive): skip messages without an
+ interface when evaluating an allow rule, and thus pass it to the
+ default deny rules
+
+2008-02-26 John (J5) Palmieri <johnp@redhat.com>
+
+ * correctly unref connections without guids during shutdown
+ * dbus/dbus-connection.c (close_connection_on_shutdown): new method
+ split out from shared_connections_shutdown
+ (shared_connections_shutdown): shutdown all shared connections
+ without guids
+ (_dbus_connection_ref_unlocked): handle OOM when prepending no guid
+ connections to the shared_connections_no_guid list
+ * Patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+2008-02-21 John (J5) Palmieri <johnp@redhat.com>
+
+ * fix build against the latest gcc/glibc
+ * dbus/dbus-sysdeps-unix.c: define _GNU_SOURCE
+ * bus/selinux.c: include limits.h
+ * Patch by Matthias Clasen <mclasen at redhat.com>
+
+2008-02-21 John (J5) Palmieri <johnp@redhat.com>
+
+ * fixes dbus-launch so the bus goes away when X does
+ (Red Hat Bug #430412)
+ * tools/dbus-launch.c (main): set xdisplay = NULL
+ * Patch by Matthias Clasen <mclasen at redhat.com>
+
+2008-01-17 John (J5) Palmieri <johnp@redhat.com>
+
+ * Released 1.1.4
+
+2008-01-17 Timo Hoenig <thoenig@suse.de>
+ * fix inotify support
+ * bus/dir-watch-inotify.c (_handle_inotify_watch): fix reading of the
+ inotify events. Also, use ssize_t not size_t for 'ret'.
+ * bus/dir-watch-inotify.c (bus_watch_directory): watch not only for
+ IN_MODIFY but also for IN_CREATE and IN_DELETE
+ * bus/dir-watch-inotify.c (bus_drop_all_directory_watches): drop the
+ inotify watches more elegantly by closing inotify:_fd, set inotify_fd to
+ -1 after dropping the watches
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * configure.in: post-release version bump
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * Released 1.1.3 (1.2.0RC1)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * fix hacking to say git instead of cvs
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Sébastien Couret <10function at gmail dot com>
+
+ * dbus/dbus-marshal-recursive.c (all_reader_classes[]): wrap in
+ #ifndef DBUS_DISABLE_ASSERT since it is only used in asserts which
+ are noop
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Magnus Henoch <henoch plus bfdo at dtek dot chalmers dot se>
+
+ * dbus/dbus-auth.c (handle_server_data_external_mech): handle SASL
+ EXTERNAL's inital empty responce (FDO Bug #9945)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * bus/messagebus.in: add lsb headers (FDO Bug #11491)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Peter O'Gorman <pogma at thewrittenword dot com>
+
+ * dbus/dbus-spawn.c (babysit_signal_handler): check write return value
+ so we don't hang (FDO Bug #11665)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Peter O'Gorman <pogma at thewrittenword dot com>
+
+ * dbus/dbus-sysdeps.h: support for AIX poll implementation (FDO Bug
+ #11666)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * tests/name-test/run-test.sh: make more portable (FDO Bug #11667)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * dbus/dbus-connection.c (_dbus_connection_get_next_client_serial):
+ don't check for < 0 on an unsigned variable (FDO Bug #12924)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * bus/bus.c (setup_server): check failed allocation (FDO Bug #12920)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * dbus/dbus-spawn.c (_dbus_spawn_async_with_babysitter): the API
+ contract says sitter_p can be NULL, so let's check it (FDO Bug #12919)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * dbus/dbus-spawn.c (read_ints, read_pid): use correct ssize_t type
+ instead of size_t (FDO Bug #12862)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * dbus/dbus-errors.c (dbus_set_error): make sure to call va_end if we
+ hit an OOM error inside va_start (FDO Bug #12846)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * dbus/dbus-connection.c (dbus_connection_send_with_reply):
+ fix possible crash if pending_return is NULL (FDO Bug #12673)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * portions of patch submitted by Tim Mooney
+ <enchanter at users dot sourceforge dot net>
+
+ * configure.in: never auto-select libxml (FDO Bug #12479)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patches by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * dbus/dbus-sysdeps-unix (_dbus_get_autolaunch_address): handle OOM
+ (FDO Bug #12945)
+
+ * dbus/dbus-uuidgen.c (return_uuid): handle OOM (FDO Bug #12928)
+
+ * dbus/dbus-misc.c (dbus_get_local_machine_id): handle OOM, fix return
+ value to return NULL not FALSE (FDO Bug #12946)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * bus/bus.c (bus_context_check_security_policy): rewrite selinux error
+ handling to not abort due to a NULL read and to set the error only if
+ it is not already set (Based off of FDO Bug #12430)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * dbus/dbus-internals.c (_dbus_read_uuid_file_without_creating,
+ _dbus_create_uuid_file_exclusively): add OOM handling (FDO Bug #12952)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * dbus/dbus-spawn.c (babysit, babysitter_iteration): add error
+ handling when polling (FDO Bug #12954)
+
+2008-01-15 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * bus/config-parser.c (locate_attributes): remove dead code which
+ always evaluated to TRUE
+
+ * dbus/dbus-shell.c (_dbus_shell_quote): remove unused code
+
+2008-01-14 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
+
+ * bus/connection.c (bus_connection_complete): plug a possible
+ BusClientPolicy leak (FDO Bug #13242)
+
+2008-01-14 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Frederic Crozat <fcrozat at mandriva dot com> (FDO Bz#
+ 13268)
+
+ * add inotify support
+
+ * bus/Makefile.am: add inotify module to the build
+
+ * bus/dir-watch-inotify.c: inotify module based off the dnotify and
+ kqueue modules
+
+ * configure.in: add checks and switch for inotify
+ also add a printout at the end of configure if inotify and kqueue
+ support is being built in (dnotify already had this)
+
+2008-01-14 John (J5) Palmieri <johnp@redhat.com>
+
+ * patch by Frederic Crozat <fcrozat at mandriva dot com>
+
+ * bus/dir-watch-dnotify.c (bus_watch_directory): watch for file
+ creates also
+
2008-01-14 John (J5) Palmieri <johnp@redhat.com>
* patch by Kimmo Hämäläinen <kimmo dot hamalainen at nokia dot com>
- * dbus-1.0.2/dbus/dbus-transport-socket.c(do_reading): return message
+ * dbus/dbus-transport-socket.c(do_reading): return message
loader buffer in case of OOM (FDO Bug#12666)
2008-01-14 John (J5) Palmieri <johnp@redhat.com>