From 2c9d7a66578a512402d5eb9d4c018a6b3276c698 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 15 Jan 2018 14:53:30 +0000 Subject: [PATCH] NEWS for #104588 Signed-off-by: Simon McVittie --- NEWS | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/NEWS b/NEWS index 865099f3..b7915c9b 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,17 @@ risk of regressions. OS distributions should stay with the 1.12.x branch, unless they can commit to following the 1.13.x branch until it reaches a 1.14.0 stable release at an unspecified point in the future. +Behaviour changes: + +• DBusServer (and hence the dbus-daemon) no longer accepts usernames + (login names) for the recommended EXTERNAL authentication mechanism, + only numeric user IDs or the empty string. This is not believed to + affect real D-Bus clients in practice, because most D-Bus clients + send numeric user IDs: the only known client implementation that + sends usernames is dbus-java, and that only when run on a system + where the com.sun.security.auth.module.UnixSystem.getUid() method is + not available. (fd.o #104588, Simon McVittie) + Enhancements: • D-Bus Specification v0.32 @@ -35,6 +46,11 @@ Enhancements: Fixes: +• Do not look up client-supplied strings in the system user database + (NSS or equivalent) when using the recommended EXTERNAL auth mechanism. + This could previously lead to a deadlock or timeout in the presence of + slow or network-dependent NSS modules. (fd.o #104588, Simon McVittie) + • Report the correct error if OOM is reached while trying to listen on a TCP socket (fd.o #89104, Simon McVittie)