-D-Bus 1.8.10 (UNRELEASED)
+D-Bus 1.9.0 (UNRELEASED)
==
-...
+Requirements:
+
+• Support for the systemd: (LISTEN_FDS) pseudo-transport on Linux now
+ requires either the libsystemd or libsd-daemon shared library, dropping the
+ embedded convenience copy of sd-daemon (fd.o #71818, Simon)
+
+Build-time configuration changes:
+
+• The CMake build system now builds the same shared library name as Autotools
+ on at least Linux and Windows:
+ - on Linux (and perhaps other Unix platforms), it previously built
+ libdbus-1.so, but now builds libdbus-1.so.3.* with development
+ symlink libdbus-1.so and SONAME/symlink libdbus-1.so.3
+ - on Windows, it previously built either libdbus-1.dll (release) or
+ libdbus-1d.dll (debug), but now builds libdbus-1-3.dll, copied to
+ libdbus-1.dll for compatibility with older applications.
+ (fd.o #74117, Ralf Habacker)
+
+Enhancements:
+
+• on Unix platforms, disable Nagle's algorithm on TCP connections to improve
+ initial latency (fd.o #75544, Matt Hoosier)
+
+• use backtrace() if it is in -lexecinfo instead of libc, as on NetBSD
+ (fd.o #69702, Patrick Welche)
+
+• in dbus-monitor, print more information about file descriptors
+ (fd.o #80603, Alban Crequy)
+
+• do not install system bus configuration if built for Windows
+ (fd.o #83583; Ralf Habacker, Simon McVittie)
+
+Fixes:
+
+• fix an incorrect error message if a Unix socket path is too long
+ (fd.o #73887, Antoine Jacoutot)
+
+• in an MSYS/Cygwin environment, pass Unix-style filenames to xmlto,
+ fixing documentation generation (fd.o #75860, Руслан Ижбулатов)
+
+• in Unix with X11, avoid giving dbus-launch a misleading argv[0]
+ in ps(1) (fd.o #69716, Chengwei Yang)
+
+• avoid calling poll() with timeout < -1, which is considered invalid
+ on FreeBSD and NetBSD (fd.o #78480, Jaap Boender)
+
+• be portable to BSD-derived platforms where O_CLOEXEC is unavailable in libc
+ (like Mac OS X 10.6), or available in libc but unsupported by the kernel
+ (fd.o #77032; rmvsxop, OBATA Akio, Patrick Welche)
+
++• Fix include path for test/internal/*.c with cmake (Ralf Habacker)
++
++• Change DBUS_TYPE_G_BYTE_ARRAY reference in dbus-tutorial.xml
++ to the correct DBUS_TYPE_G_UCHAR_ARRAY (fd.o #80795, Thomas Haller)
++
++• in dbus-monitor, do not leak file descriptors that we have monitored
++ (fd.o #80603, Alban Crequy)
+
+ D-Bus 1.8.8 (2014-09-16)
+ ==
+
+ The "smashy smashy egg man" release.
+
+ Security fixes:
+
+ • Do not accept an extra fd in the padding of a cmsg message, which
+ could lead to a 4-byte heap buffer overrun.
+ (CVE-2014-3635, fd.o #83622; Simon McVittie)
+
+ • Reduce default for maximum Unix file descriptors passed per message
+ from 1024 to 16, preventing a uid with the default maximum number of
+ connections from exhausting the system bus' file descriptors under
+ Linux's default rlimit. Distributors or system administrators with a
+ more restrictive fd limit may wish to reduce these limits further.
+
+ Additionally, on Linux this prevents a second denial of service
+ in which the dbus-daemon can be made to exceed the maximum number
+ of fds per sendmsg() and disconnect the process that would have
+ received them.
+ (CVE-2014-3636, fd.o #82820; Alban Crequy)
+
+ • Disconnect connections that still have a fd pending unmarshalling after
+ a new configurable limit, pending_fd_timeout (defaulting to 150 seconds),
+ removing the possibility of creating an abusive connection that cannot be
+ disconnected by setting up a circular reference to a connection's
+ file descriptor.
+ (CVE-2014-3637, fd.o #80559; Alban Crequy)
+
+ • Reduce default for maximum pending replies per connection from 8192 to 128,
+ mitigating an algorithmic complexity denial-of-service attack
+ (CVE-2014-3638, fd.o #81053; Alban Crequy)
+
+ • Reduce default for authentication timeout on the system bus from
+ 30 seconds to 5 seconds, avoiding denial of service by using up
+ all unauthenticated connection slots; and when all unauthenticated
+ connection slots are used up, make new connection attempts block
+ instead of disconnecting them.
+ (CVE-2014-3639, fd.o #80919; Alban Crequy)
+
+ Other fixes:
+
• Check for libsystemd from systemd >= 209, falling back to
the older separate libraries if not found (Umut Tezduyar Lindskog,
Simon McVittie)