From 4afb7a7412bee7934e532cd33ed10634314c247f Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 24 Nov 2014 13:01:40 +0000 Subject: 1.8.12 --- NEWS | 22 +++++++++++++++++++++- configure.ac | 4 ++-- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/NEWS b/NEWS index 0bf18707..c0d2fa2b 100644 --- a/NEWS +++ b/NEWS @@ -1,8 +1,28 @@ -D-Bus 1.8.12 (UNRELEASED) +D-Bus 1.8.12 (2014-11-24) == +The “days of fuchsia passed” release. + Fixes: +• Partially revert the CVE-2014-3639 patch by increasing the default + authentication timeout on the system bus from 5 seconds back to 30 + seconds, since this has been reported to cause boot regressions for + some users, mostly with parallel boot (systemd) on slower hardware. + + On fast systems where local users are considered particularly hostile, + administrators can return to the 5 second timeout (or any other value + in milliseconds) by saving this as /etc/dbus-1/system-local.conf: + + + 5000 + + + (fd.o #86431, Simon McVittie) + +• Add a message in syslog/the Journal when the auth_timeout is exceeded + (fd.o #86431, Simon McVittie) + • Send back an AccessDenied error if the addressed recipient is not allowed to receive a message (and in builds with assertions enabled, don't assert under the same conditions). (fd.o #86194, Jacek Bukarewicz) diff --git a/configure.ac b/configure.ac index 3727b1b3..cd4542a1 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [8]) -m4_define([dbus_micro_version], [11]) +m4_define([dbus_micro_version], [12]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) @@ -37,7 +37,7 @@ LT_CURRENT=11 ## increment any time the source changes; set to ## 0 if you increment CURRENT -LT_REVISION=8 +LT_REVISION=9 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has -- cgit v1.2.1