diff options
author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2014-11-24 13:05:09 +0000 |
---|---|---|
committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2014-11-24 13:05:09 +0000 |
commit | 2bc75daa2c4ae11d038b1ce576ef2ca63f26fb19 (patch) | |
tree | bd2d28369b4e42618974fac44d16cacbc220549b /NEWS | |
parent | 1f1649eadaabd61e1b5a38516ac6c3e72e36ef44 (diff) | |
parent | 4afb7a7412bee7934e532cd33ed10634314c247f (diff) | |
download | dbus-2bc75daa2c4ae11d038b1ce576ef2ca63f26fb19.tar.gz |
Merge branch 'dbus-1.8'
Conflicts:
NEWS
configure.ac
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 18 |
1 files changed, 18 insertions, 0 deletions
@@ -3,6 +3,24 @@ D-Bus 1.9.4 (UNRELEASED) Fixes: +• Partially revert the CVE-2014-3639 patch by increasing the default + authentication timeout on the system bus from 5 seconds back to 30 + seconds, since this has been reported to cause boot regressions for + some users, mostly with parallel boot (systemd) on slower hardware. + + On fast systems where local users are considered particularly hostile, + administrators can return to the 5 second timeout (or any other value + in milliseconds) by saving this as /etc/dbus-1/system-local.conf: + + <busconfig> + <limit name="auth_timeout">5000</limit> + </busconfig> + + (fd.o #86431, Simon McVittie) + +• Add a message in syslog/the Journal when the auth_timeout is exceeded + (fd.o #86431, Simon McVittie) + • Send back an AccessDenied error if the addressed recipient is not allowed to receive a message (and in builds with assertions enabled, don't assert under the same conditions). (fd.o #86194, Jacek Bukarewicz) |