diff options
author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2014-11-24 13:01:40 +0000 |
---|---|---|
committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2014-11-24 13:01:40 +0000 |
commit | 4afb7a7412bee7934e532cd33ed10634314c247f (patch) | |
tree | 9ef20fbe871df0210069b5d3851fc7b8608fea71 /NEWS | |
parent | 02e1ddf91e27405c0b88303bb49f5bf5c56306f8 (diff) | |
download | dbus-4afb7a7412bee7934e532cd33ed10634314c247f.tar.gz |
1.8.12dbus-1.8.12
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 22 |
1 files changed, 21 insertions, 1 deletions
@@ -1,8 +1,28 @@ -D-Bus 1.8.12 (UNRELEASED) +D-Bus 1.8.12 (2014-11-24) == +The “days of fuchsia passed” release. + Fixes: +• Partially revert the CVE-2014-3639 patch by increasing the default + authentication timeout on the system bus from 5 seconds back to 30 + seconds, since this has been reported to cause boot regressions for + some users, mostly with parallel boot (systemd) on slower hardware. + + On fast systems where local users are considered particularly hostile, + administrators can return to the 5 second timeout (or any other value + in milliseconds) by saving this as /etc/dbus-1/system-local.conf: + + <busconfig> + <limit name="auth_timeout">5000</limit> + </busconfig> + + (fd.o #86431, Simon McVittie) + +• Add a message in syslog/the Journal when the auth_timeout is exceeded + (fd.o #86431, Simon McVittie) + • Send back an AccessDenied error if the addressed recipient is not allowed to receive a message (and in builds with assertions enabled, don't assert under the same conditions). (fd.o #86194, Jacek Bukarewicz) |