summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn (J5) Palmieri <johnp@redhat.com>2008-02-26 14:32:57 -0500
committerJohn (J5) Palmieri <johnp@redhat.com>2008-02-26 14:32:57 -0500
commit3252e713c52f80831080c4e0bb25543f3746e3de (patch)
treeeee7a511baf4548e5e0b6f1a7e0723004e98a75a
parentf8eeb881ffd4c84af53d6360ee689f21b0b10597 (diff)
Released 1.0.3DBUS_1_0_3
-rw-r--r--ChangeLog4
-rw-r--r--NEWS18
2 files changed, 22 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 4f6ee7c6..416c1a86 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
2008-02-26 John (J5) Palmieri <johnp@redhat.com>
+ * Released 1.0.3
+
+2008-02-26 John (J5) Palmieri <johnp@redhat.com>
+
* CVE-2008-0595 - security policy of the type <allow send_interface=
"some.interface.WithMethods"/> work as an implicit allow for
messages sent without an interface bypassing the default deny rules
diff --git a/NEWS b/NEWS
index f73619dd..39134606 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,21 @@
+D-Bus 1.0.3 (27 Febuary 2008)
+==
+- Fixed CVE-2008-0595 - security policy of the type <allow send_interface=
+ "some.interface.WithMethods"/> work as an implicit allow for
+ messages sent without an interface bypassing the default deny rules and
+ potentially allowing restricted methods exported on the bus to be executed
+ by unauthorized users.
+- correctly unref connections without guids during shutdown
+- don't mess with message from message cache outside of the cache lock
+- avoid trying to protect individual bits in a word with different locks
+- fix to allow a server to use port=0 or omit port so the port can be
+ auto-selected by the OS
+- add session.d for the session bus, so security policy can be extended
+- capture the dbus-launch stderr output and add it to the DBusError message we
+ return.
+- add option --close-stderr to close stderr before starting dbus-daemon
+- session bus now has higher limits by default
+
D-Bus 1.0.2 (12 December 2006)
==
- Fix security bug CVE-2006-6107 match rules can be removed by apps that did