Release 1.11.6 and spec 0.29

Signed-off-by: Simon McVittie <smcv@debian.org>

diff --git a/NEWS b/NEWS
index 86833f4..ffd9a7f 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,24 @@
-D-Bus 1.11.6 (UNRELEASED)
+D-Bus 1.11.6 (2016-10-10)
 ==
 
+The “darkly whimsical” release.
+
+Security fixes:
+
+• Do not treat ActivationFailure message received from root-owned systemd
+  name as a format string. In principle this is a security vulnerability,
+  but we do not believe it is exploitable in practice, because only
+  privileged processes can own the org.freedesktop.systemd1 bus name, and
+  systemd does not appear to send activation failures that contain "%".
+
+  Please note that this probably *was* exploitable in dbus versions
+  older than 1.6.30, 1.8.16 and 1.9.10 due to a missing check which at
+  the time was only thought to be a denial of service vulnerability
+  (CVE-2015-0245). If you are still running one of those versions,
+  patch or upgrade immediately.
+
+  (fd.o #98157, Simon McVittie)
+
 Enhancements:
 
 • D-Bus Specification version 0.29
@@ -24,7 +42,12 @@ Enhancements:
 • On Linux, mention the LSM label (if available) whenever we print
   debug information about a peer (fd.o #68212, Philip Withnall)
 
-Fixes:
+Other fixes:
+
+• Harden dbus-daemon against malicious or incorrect ActivationFailure
+  messages by rejecting them if they do not come from a privileged
+  process, or if systemd activation is not enabled
+  (fd.o #98157, Simon McVittie)
 
 • Avoid undefined behaviour when setting reply serial number without going
   via union DBusBasicValue (fd.o #98035, Marc Mutz)

diff --git a/configure.ac b/configure.ac
index 460b32b..36ff67a 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -3,7 +3,7 @@ AC_PREREQ([2.63])
 
 m4_define([dbus_major_version], [1])
 m4_define([dbus_minor_version], [11])
-m4_define([dbus_micro_version], [5])
+m4_define([dbus_micro_version], [6])
 m4_define([dbus_version],
           [dbus_major_version.dbus_minor_version.dbus_micro_version])
 AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus])
@@ -37,7 +37,7 @@ AC_DEFINE_UNQUOTED(DBUS_DAEMON_NAME,"dbus-daemon",[Name of executable])
 #
 
 ## increment if the interface has additions, changes, removals.
-LT_CURRENT=18
+LT_CURRENT=19
 
 ## increment any time the source changes; set to
 ##  0 if you increment CURRENT
@@ -46,7 +46,7 @@ LT_REVISION=2
 ## increment if any interfaces have been added; set to 0
 ## if any interfaces have been changed or removed. removal has
 ## precedence over adding, so set to 0 if both happened.
-LT_AGE=15
+LT_AGE=16
 
 AC_SUBST(LT_CURRENT)
 AC_SUBST(LT_REVISION)

diff --git a/doc/dbus-specification.xml b/doc/dbus-specification.xml
index ca4f869..64f561b 100644 (file)
--- a/doc/dbus-specification.xml
+++ b/doc/dbus-specification.xml
@@ -6,7 +6,7 @@
 <article id="index">
   <articleinfo>
     <title>D-Bus Specification</title>
-    <releaseinfo>Version 0.28</releaseinfo>
+    <releaseinfo>Version 0.29</releaseinfo>
     <date>2016-08-15</date>
     <authorgroup>
       <author>
@@ -71,6 +71,15 @@
     </authorgroup>
    <revhistory>
      <revision>
+       <revnumber>0.29</revnumber>
+       <date>2016-10-10</date>
+       <authorinitials>PW</authorinitials>
+       <revremark>
+         Introspection arguments may contain annotations; recommend against
+         using the object path '/'
+       </revremark>
+     </revision>
+     <revision>
        <revnumber>0.28</revnumber>
        <date>2016-08-15</date>
        <authorinitials>PW</authorinitials>