-D-Bus 1.8.14 (UNRELEASED)
+D-Bus 1.8.14 (2015-01-05)
==
-...
+The “40lb of roofing nails” release.
+
+Security hardening:
+
+• Do not allow calls to UpdateActivationEnvironment from uids other than
+ the uid of the dbus-daemon. If a system service installs unsafe
+ security policy rules that allow arbitrary method calls
+ (such as CVE-2014-8148) then this prevents memory consumption and
+ possible privilege escalation via UpdateActivationEnvironment.
+
+ We believe that in practice, privilege escalation here is avoided
+ by dbus-daemon-launch-helper sanitizing its environment; but
+ it seems better to be safe.
+
+• Do not allow calls to UpdateActivationEnvironment or the Stats interface
+ on object paths other than /org/freedesktop/DBus. Some system services
+ install unsafe security policy rules that allow arbitrary method calls
+ to any destination, method and interface with a specified object path;
+ while less bad than allowing arbitrary method calls, these security
+ policies are still harmful, since dbus-daemon normally offers the
+ same API on all object paths and other system services might behave
+ similarly.
+
+Other fixes:
+
+• Add missing initialization so GetExtendedTcpTable doesn't crash on
+ Windows Vista SP0 (fd.o #77008, Илья А. Ткаченко)
D-Bus 1.8.12 (2014-11-24)
==
m4_define([dbus_major_version], [1])
m4_define([dbus_minor_version], [8])
-m4_define([dbus_micro_version], [13])
+m4_define([dbus_micro_version], [14])
m4_define([dbus_version],
[dbus_major_version.dbus_minor_version.dbus_micro_version])
AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus])
## increment any time the source changes; set to
## 0 if you increment CURRENT
-LT_REVISION=9
+LT_REVISION=10
## increment if any interfaces have been added; set to 0
## if any interfaces have been changed or removed. removal has
projects / platform / upstream / dbus.git / commitdiff