[arch-dev-public] [signoff] dbus-core 1.4.12-1
Tom Gundersen
teg at jklm.no
Fri Jun 24 19:18:33 EDT 2011
On Fri, Jun 24, 2011 at 5:45 PM, Dave Reisner <d at falconindy.com> wrote:
> On Fri, Jun 24, 2011 at 05:09:16PM +0300, Ionut Biru wrote:
>> Hi,
>>
>> please signoff
>>
>> D-Bus 1.4.12 (2011-06-10)
>> ==
>>
>> Security (local denial of service):
>>
>> • Byte-swap foreign-endian messages correctly, preventing a long-standing
>> local DoS if foreign-endian messages are relayed through the dbus-daemon
>> (backporters: this is git commit
>> c3223ba6c401ba81df1305851312a47c485e6cd7)
>> (fd.o #38120, Debian #629938, no CVE number yet; Simon McVittie)
>>
>> D-Bus 1.4.10 (2011-06-01)
>> ==
>>
>> The "Ape Ale" release.
>>
>> Notes for distributors:
>>
>> This version of D-Bus no longer uses -fPIE by default.
>> Distributions wishing
>> to harden the dbus-daemon and dbus-launch-helper can re-enable
>> this if their
>> toolchain supports it reliably, via something like:
>>
>> ./configure CFLAGS=-fPIE LDFLAGS="-pie -Wl,-z,relro"
>>
>> for more read them from:
>> http://cgit.freedesktop.org/dbus/dbus/tree/NEWS?h=dbus-1.4
>>
>> --
>> Ionuț
>
> systemd still boots and systemctl is happy.
KDE is happy too.
Signoff both.
-t
More information about the arch-dev-public
mailing list