"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "NEWS" between
dbus-1.13.12.tar.xz and dbus-1.13.14.tar.xz

About: D-Bus is an inter-process communication (IPC) system, allowing multiple, concurrently-running applications to communicate with one another. D-Bus supplies both a system daemon and a per-user-login-session daemon. Development version.

NEWS  (dbus-1.13.12.tar.xz):NEWS  (dbus-1.13.14.tar.xz)
dbus 1.13.14 (2020-04-21)
The “mystery allium” release.
• On Unix platforms, if getpwnam_r() and getgrnam_r() are implemented,
they must be POSIX-conformant. The non-POSIX signature seen in ancient
Solaris versions will no longer work. (dbus!11, Simon McVittie)
• D-Bus Specification 0.36:
· Fix a typo in an annotated hexdump of part of a message
(dbus!152, Zygmunt Krynicki)
• On Linux, use getrandom(2) in preference to /dev/urandom
(dbus!147, Natanael Copa)
• Add a --sender option to dbus-send, which requests a name and holds it
until the signal has been sent. (dbus!116, Christopher Morin)
• Fix a crash when the dbus-daemon is terminated while one or more
monitors are active (dbus#291, dbus!140; Simon McVittie)
• Fix several test failures if the build-time tests were run as uid 0.
Note that running the tests with elevated privileges is likely to be
insecure, and should only be attempted in an expendable container or
virtual machine. (dbus!117, Simon McVittie)
• Fix an assertion failure if a client encounters an out-of-memory
condition while sending its response to the "OK" authentication
message, and processing of the "OK" message is subsequently retried
when more memory is available (dbus!119, Simon McVittie)
• Don't leak struct addrinfo if we run out of memory during a TCP
(dbus!143, dbus!144, Coverity CID 354880; Ralf Habacker, Simon McVittie)
• On Linux with SELinux, don't assume that the system policy has the
"dbus" security class or the associated AV
(dbus#198, dbus!128; Laurent Bigonville)
• Handle dbus_connection_set_change_sigpipe() in a thread-safe way
(dbus!132; Simon McVittie, Ralf Habacker)
• On Unix, use POSIX <poll.h> in preference to <sys/poll.h>
(dbus!148, Natanael Copa)
• When building with CMake, cope with libX11 in a non-standard location
(dbus!129, Tuomo Rinne)
• On Windows with verbose mode enabled and outputting to the debug port,
use a dynamically-allocated buffer to avoid potential stack buffer
overflows in long messages (dbus#45, dbus!133; Ralf Habacker)
• The dbus-send(1) man page now documents --bus and --peer instead of
the old --address synonym for --peer, which has been deprecated since
the introduction of --bus and --peer in 1.7.6
(fd.o #48816, dbus!115; Chris Morin)
• Fix a wrong environment variable name in dbus-daemon(1)
(dbus#275, dbus!122; Mubin, Philip Withnall)
• Fix formatting of dbus_message_append_args example
(dbus!126, Felipe Franciosi)
Internal changes:
• Move more test-only code from dbus/ to tests/
(dbus!120, dbus!121, dbus!153; Simon McVittie)
• Improve diagnostics if memory or fd leaks are detected
(dbus!118, dbus!120; Simon McVittie)
• Move from Debian 9 to Debian 10 for most continuous integration jobs
(dbus!151, Simon McVittie)
• On Windows, improve embedded version information
(dbus!136, dbus!138, dbus!139; Ralf Habacker)
• Indentation fixes (dbus!149, Taras Zaporozhets)
dbus 1.13.12 (2019-06-11) dbus 1.13.12 (2019-06-11)
========================= =========================
The “patio squirrel” release. The “patio squirrel” release.
Security fixes: Security fixes:
• CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1 • CVE-2019-12749: Do not attempt to carry out DBUS_COOKIE_SHA1
authentication for identities that differ from the user running the authentication for identities that differ from the user running the
DBusServer. Previously, a local attacker could manipulate symbolic DBusServer. Previously, a local attacker could manipulate symbolic
 End of changes. 1 change blocks. 
0 lines changed or deleted 86 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)