From: Simon McVittie Date: Mon, 24 Nov 2014 13:05:09 +0000 (+0000) Subject: Merge branch 'dbus-1.8' X-Git-Tag: dbus-1.10.6~324 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=2bc75daa2c4ae11d038b1ce576ef2ca63f26fb19;p=platform%2Fupstream%2Fdbus.git Merge branch 'dbus-1.8' Conflicts: NEWS configure.ac --- 2bc75daa2c4ae11d038b1ce576ef2ca63f26fb19 diff --cc NEWS index 2e4bd82,c0d2fa2..2a42467 --- a/NEWS +++ b/NEWS @@@ -1,8 -1,28 +1,26 @@@ -D-Bus 1.8.12 (2014-11-24) +D-Bus 1.9.4 (UNRELEASED) == -The “days of fuchsia passed” release. - Fixes: + • Partially revert the CVE-2014-3639 patch by increasing the default + authentication timeout on the system bus from 5 seconds back to 30 + seconds, since this has been reported to cause boot regressions for + some users, mostly with parallel boot (systemd) on slower hardware. + + On fast systems where local users are considered particularly hostile, + administrators can return to the 5 second timeout (or any other value + in milliseconds) by saving this as /etc/dbus-1/system-local.conf: + + + 5000 + + + (fd.o #86431, Simon McVittie) + + • Add a message in syslog/the Journal when the auth_timeout is exceeded + (fd.o #86431, Simon McVittie) + • Send back an AccessDenied error if the addressed recipient is not allowed to receive a message (and in builds with assertions enabled, don't assert under the same conditions). (fd.o #86194, Jacek Bukarewicz)