[arch-dev-public] [signoff] dbus-core 1.4.12-1
Dave Reisner
d at falconindy.com
Fri Jun 24 11:45:14 EDT 2011
On Fri, Jun 24, 2011 at 05:09:16PM +0300, Ionut Biru wrote:
> Hi,
>
> please signoff
>
> D-Bus 1.4.12 (2011-06-10)
> ==
>
> Security (local denial of service):
>
> • Byte-swap foreign-endian messages correctly, preventing a long-standing
> local DoS if foreign-endian messages are relayed through the dbus-daemon
> (backporters: this is git commit
> c3223ba6c401ba81df1305851312a47c485e6cd7)
> (fd.o #38120, Debian #629938, no CVE number yet; Simon McVittie)
>
> D-Bus 1.4.10 (2011-06-01)
> ==
>
> The "Ape Ale" release.
>
> Notes for distributors:
>
> This version of D-Bus no longer uses -fPIE by default.
> Distributions wishing
> to harden the dbus-daemon and dbus-launch-helper can re-enable
> this if their
> toolchain supports it reliably, via something like:
>
> ./configure CFLAGS=-fPIE LDFLAGS="-pie -Wl,-z,relro"
>
> for more read them from:
> http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4
>
> --
> Ionuț
systemd still boots and systemctl is happy.
Signoff i686 and x86_64
More information about the arch-dev-public
mailing list