Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Ximi1970:Toolchains:MinGW
mingw32-dbus-1-1.10.22
mingw32-dbus-1.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File mingw32-dbus-1.changes of Package mingw32-dbus-1-1.10.22
------------------------------------------------------------------- Jul 27 12:00:00 UTC 2017 - ralf.habacker@freenet.de D-Bus 1.10.22 (2017-07-27) The “roof terrace” release. This is a bugfix release for the current stable branch, 1.10.x. Please upgrade unless you have a reason to keep using an older branch. Fixes: • dbus_message_iter_append_basic() no longer leaks memory if it fails to append a file descriptor to a message. (fd.o #101568, Simon McVittie) • dbus_message_iter_open_container() no longer leaks memory if it runs out of memory. (fd.o #101568, Simon McVittie) • dbus_message_append_args_valist() no longer leaks memory if given an unsupported type. This situation is still considered to be a programming error which needs to be corrected by the user of libdbus. (fd.o #101568, Simon McVittie) • Wrap test-pending-call-disconnected with dbus-run-session so that it can pass in environments that are not already running a D-Bus session bus, fixing a build-time test regression in 1.10.20 (fd.o #101698, Simon McVittie) • Ensure that tests fail if they would otherwise have tried to connect to the real session bus (fd.o #101698, Simon McVittie) • Make build-time tests cope with finding Python 3, but not Python 2 (fd.o #101716, Simon McVittie) ------------------------------------------------------------------- Jun 30 12:00:00 UTC 2017 - ralf.habacker@freenet.de D-Bus 1.10.20 (2017-06-30) == The “suggesting a delivery gone horribly wrong” release. This is a bugfix release for the current stable branch, 1.10.x. Please upgrade unless you have a reason to keep using an older branch. Fixes: • Fix a reference leak when blocking on a pending call on a connection that has been disconnected (fd.o #101481, Shin-ichi MORITA) • Don't put timestamps in the Doxygen-generated documentation, for closer-to-reproducible builds (fd.o #100692, Simon McVittie) • Avoid an assertion failure when connecting to a semicolon-separated series of addresses, one of which fails (fd.o #101257, Simon McVittie) Documentation: • Update git URIs in HACKING document to sync up with cgit.freedesktop.org (fd.o #100715, Simon McVittie) ------------------------------------------------------------------- Apr 06 12:00:00 UTC 2017 - ralf.habacker@freenet.de D-Bus 1.10.18 (2017-04-06) == The “can't handle a self-referential paradox” release. This is a bugfix release for the current stable branch, 1.10.x. Please upgrade unless you have a reason to keep using an older branch. Fixes: • Re-order dbus-daemon startup so that on SELinux systems, the thread that reads AVC notifications retains the ability to write to the audit log (fd.o #92832, Debian #857660; Laurent Bigonville) • Fix a harmless read overflow and some memory leaks in a unit test (fd.o #100568, Philip Withnall) ------------------------------------------------------------------- Feb 16 12:00:00 UTC 2017 - ralf.habacker@freenet.de D-Bus 1.10.16 (2017-02-16) == The “super digging powers” release. The fixes in this release are arguably security fixes, but if they affect you, please take this opportunity to rethink how you are configuring dbus. Enhancements: • Do the Travis-CI build in Docker containers for Ubuntu LTS, Debian stable and Debian testing in addition to the older Ubuntu that is the default (fd.o #98889, Simon McVittie) Fixes: • Prevent symlink attacks in the nonce-tcp transport on Unix that could allow an attacker to overwrite a file named "nonce", in a directory that the user running dbus-daemon can write, with a random value known only to the user running dbus-daemon. This is unlikely to be exploitable in practice, particularly since the nonce-tcp transport is really only useful on Windows. On Unix systems we strongly recommend using only the unix: and systemd: transports, together with EXTERNAL authentication. These are the only transports and authentication mechanisms enabled by default. (fd.o #99828, Simon McVittie) • Avoid symlink attacks in the "embedded tests", which are not enabled by default and should never be enabled in production builds of dbus. (fd.o #99828, Simon McVittie) ------------------------------------------------------------------- Nov 28 12:00:00 UTC 2016 - ralf.habacker@freenet.de D-Bus 1.10.14 (2016-11-28) == The “Well, other bands know more than three chords” release. Fixes: • Work around an undesired effect of the fix for CVE-2014-3637 (fd.o #80559), in which processes that frequently send fds, such as logind during a flood of new PAM sessions, can get disconnected for continuously having at least one fd "in flight" for too long; dbus-daemon interprets that as a potential denial of service attack. The workaround is to disable that check for uid 0 process such as logind, with a message in the system log. The bug remains open while we look for a more general solution. (fd.o #95263, LP#1591411; Simon McVittie) • Don't run the test test-dbus-launch-x11.sh if X11 autolaunching was disabled at compile time. That test is not expected to work in that configuration. (fd.o #98665, Simon McVittie) ------------------------------------------------------------------- Oct 10 12:00:00 UTC 2016 - ralf.habacker@freenet.de D-Bus 1.10.12 (2016-10-10) == The “not excessively inhospitable” release. Security fixes: • Do not treat ActivationFailure message received from root-owned systemd name as a format string. In principle this is a security vulnerability, but we do not believe it is exploitable in practice, because only privileged processes can own the org.freedesktop.systemd1 bus name, and systemd does not appear to send activation failures that contain "%". Please note that this probably *was* exploitable in dbus versions older than 1.6.30, 1.8.16 and 1.9.10 due to a missing check which at the time was only thought to be a denial of service vulnerability (CVE-2015-0245). If you are still running one of those versions, patch or upgrade immediately. (fd.o #98157, Simon McVittie) Other fixes: • Harden dbus-daemon against malicious or incorrect ActivationFailure messages by rejecting them if they do not come from a privileged process, or if systemd activation is not enabled (fd.o #98157, Simon McVittie) • Avoid undefined behaviour when setting reply serial number without going via union DBusBasicValue (fd.o #98035, Marc Mutz) • autogen.sh: fail cleanly if autoconf fails (Simon McVittie) ------------------------------------------------------------------- Aug 15 12:00:00 UTC 2016 - ralf.habacker@freenet.de D-Bus 1.10.10 (2016-08-15) == The “tungsten door” release. Fixes: • On Linux, when dbus-daemon is run with reduced susceptibility to the OOM killer (typically via systemd), do not let child processes inherit that setting (fd.o #32851; Kimmo Hämäläinen, WaLyong Cho) • Output valid shell syntax in ~/.dbus/session-bus/ if the bus address contains a semicolon (fd.o #94746, Thiago Macieira) • Fix memory leaks and thread safety in subprocess starting on Windows (fd.o #95191, Ralf Habacker) • Do not require systemd to have a service file if using it for activation (fd.o #93194; Simon McVittie; backport from 1.11.0) • Stop test-dbus-daemon incorrectly failing on platforms that cannot discover the process ID of clients (fd.o #96653, Руслан Ижбулатов) • In tests that exercise correct handling of crashing D-Bus services, suppress Windows crash handler (fd.o #95155; Yiyang Fei, Ralf Habacker) • Explicitly check for stdint.h (Ioan-Adrian Ratiu) • update-activation-environment: produce better diagnostics on error (fd.o #96653, Simon McVittie) • Don't fail the build with an unused const variable warning under gcc 6 (fd.o #97282; Thomas Zimmermann, Simon McVittie) • Merge dbus-1.10-ci branch, containing backports from 1.11.0 in build/test code to support continuous integration (fd.o #93194, Simon McVittie) · Avoid -Wunused-label when compiling with libselinux but no libaudit · In development builds, allow OOM tests to be disabled as documented · Accept and ignore the --tap argument in all "embedded tests", and run all automated tests with that argument for better diagnostics · Fix the systemd activation test under CMake by installing the required files · In Automake, fix shell syntax for installcheck-local with no DESTDIR · In Automake, don't try to run manual tests in installcheck · In CMake, don't run manual-tcp test as an automated test · Add travis-ci.org build machinery ------------------------------------------------------------------- Mar 07 12:00:00 UTC 2016 - ralf.habacker@freenet.de D-Bus 1.10.8 (2016-03-07) == The “digestive biscuits” release. Fixes: • Enable "large file support" on systems where it exists: dbus-daemon is not expected to open large files, but it might need to stat files that happen to have large inode numbers (fd.o #93545, Hongxu Jia) • Eliminate padding inside DBusMessageIter on 64-bit platforms, which might result in a pedantic C compiler not copying the entire contents of a DBusMessageIter; statically assert that this is not an ABI change in practice (fd.o #94136, Simon McVittie) • Document dbus-test-tool echo --sleep-ms=N instead of incorrect --sleep=N (fd.o #94244, Dmitri Iouchtchenko) • Correctly report test failures in C tests from run-test.sh (fd.o #93379; amit tewari, Simon McVittie) • When tests are enabled, run all the marshal-validate tests, not just the even-numbered ones (fd.o #93908, Nick Lewycky) • Correct the expected error from one marshal-validate test, which was previously not run due to the above bug (fd.o #93908, Simon McVittie) ------------------------------------------------------------------- Tue Jan 26 13:27:54 UTC 2016 - ralf.habacker@freenet.de - Update to dbus 1.10.6 Configured to run and connect to a install path related session dbus connect to public session bus only as fallback
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor