New changelog entries:
* SECURITY UPDATE: fix DoS with too deeply nested messages
- debian/patches/99-CVE-2010-4352.patch: Limit nesting to 64 for dynamic
message variants. Backported from upstream.
- CVE-2010-4352
- LP: #688992
* debian/control: Build-Depends on libexpat1-dev instead of libexpat-dev
New changelog entries:
* Add debian/patches/11_timeout_handling.patch:
- Fix timeout accounting. The elapsed_milliseconds contains the time
from the start, so subtracting it on every iteration means that the
timeout is much less than what is requested. Instead compare the
absolute values, but pass the difference to calls which want a timeout
so that the correct remaining time is used. (LP: #376145)
Thanks to Chris Coulson for his help in tracking this down.
New changelog entries:
* Use --exec-prefix='', not --exec-prefix=/, so that we get libdir=/lib
instead of libdir=//lib - avoiding the incorrect setting of rpath in the
dbus helper utils. LP: #432718.
New changelog entries:
* 82_link-order.patch: If libdbus-convenience needs symbols from any
system library (e.g. clock_gettime from -lrt on ia64) then the system
libraries need to go after libdbus-convenience.la on the link line.
New changelog entries:
* debian/dbus.upstart:
- Have to start on local-filesystems rather than virtual-filesystems
since the UUID file is under /var/lib. We can't wait for network
filesystems though since we may need NM (which needs D-Bus) to bring
those up.
New changelog entries:
* Drop consolekit to a recommends, you almost certainly want it installed
but it's ok to remove it if you don't want libx11 on your system.
LP: #326613.
