Log message:
Update to 1.8.20:

D-Bus 1.8.20 (2015-07-21)
==

The “Iguana Vanguard” release.

Fixes:

• Fix a memory leak when GetConnectionCredentials() succeeds
  (fd.o #91008, Jacek Bukarewicz)

• Ensure that dbus-monitor does not reply to messages intended for others
  (fd.o #90952, Simon McVittie)

Log message:
Build manpages and xml docs, adding introspect files needed in other packages
in order to be able to use 'xsltproc --nonet' (e.g. empathy, upower, ...)
Update smf files to better deal with creating /var/run/dbus structures on SunOS
update PKGREVISION

Log message:
Update to 1.8.18:

D-Bus 1.8.18 (2015-05-14)
==

The “unicorn rifts” release.

Security hardening:

• On Unix platforms, change the default configuration for the session bus
  to only allow EXTERNAL authentication (secure kernel-mediated
  credentials-passing), as was already done for the system bus.

  This avoids falling back to DBUS_COOKIE_SHA1, which relies on strongly
  unpredictable pseudo-random numbers; under certain circumstances
  (/dev/urandom unreadable or malloc() returns NULL), dbus could
  fall back to using rand(), which does not have the desired unpredictability.
  The fallback to rand() has not been changed in this stable-branch since
  the necessary code changes for correct error-handling are rather intrusive.

  If you are using D-Bus over the (unencrypted!) tcp: or nonce-tcp: transport,
  in conjunction with DBUS_COOKIE_SHA1 and a shared home directory using
  NFS or similar, you will need to reconfigure the session bus to accept
  DBUS_COOKIE_SHA1 by commenting out the <auth> element. This configuration
  is not recommended.

  (fd.o #90414, Simon McVittie)

Other fixes:

• Add locking to DBusCounter's reference count and notify function
  (fd.o #89297, Adrian Szyndela)

• Ensure that DBusTransport's reference count is protected by the
  corresponding DBusConnection's lock (fd.o #90312, Adrian Szyndela)

• On Windows, listen on the same port for IPv4 and IPv6 (previously
  broken by an endianness mistake), and fix a failure to bind TCP
  sockets on approximately 1 attempt in 256 (fd.o #87999, Ralf Habacker)

• Correctly release DBusServer mutex before early-return if we run out
  of memory while copying authentication mechanisms (fd.o #90004,
  Ralf Habacker)

• Fix some missing \n in verbose (debug log) messages (fd.o #90004,
  Ralf Habacker)

• Clean up some memory leaks in test code (fd.o #90004, Ralf Habacker)

Log message:
Remove more references to python-2.6.

Log message:
Update to 1.8.16:

D-Bus 1.8.16 (2015-02-09)
==

The “poorly concealed wrestlers” release.

Security fixes:

• Do not allow non-uid-0 processes to send forged ActivationFailure
  messages. On Linux systems with systemd activation, this would
  allow a local denial of service: unprivileged processes could
  flood the bus with these forged messages, winning the race with
  the actual service activation and causing an error reply
  to be sent back when service auto-activation was requested.
  This does not prevent the real service from being started,
  so it only works while the real service is not running.
  (CVE-2015-0245, fd.o #88811; Simon McVittie)

Other fixes:

• fix a Windows build failure (fd.o #88009, Ralf Habacker)

• on Windows, allow up to 8K connections to the dbus-daemon instead of the
  previous 64, completing a previous fix which only worked under
  Autotools (fd.o #71297, Ralf Habacker)

Log message:
PR 49591: Make launchd integration a package option, disabled by default for now.

launchd integration currently requires manual steps as described in \ 
MESSAGE.launchd. We may want to make it default once we have a framework for \ 
automatic launchd support.

Log message:
PR 49591: Add MESSAGE.launchd to let Darwin users know about the launchd agent \ 
configuration file.

Log message:
Install launchd script on Darwin.
From Youri Mouton in PR 49591.

Bump PKGREVISION.

Log message:
Update to 1.8.14:

D-Bus 1.8.14 (2015-01-05)
==

The “40lb of roofing nails” release.

Security hardening:

• Do not allow calls to UpdateActivationEnvironment from uids other than
  the uid of the dbus-daemon. If a system service installs unsafe
  security policy rules that allow arbitrary method calls
  (such as CVE-2014-8148) then this prevents memory consumption and
  possible privilege escalation via UpdateActivationEnvironment.

  We believe that in practice, privilege escalation here is avoided
  by dbus-daemon-launch-helper sanitizing its environment; but
  it seems better to be safe.

• Do not allow calls to UpdateActivationEnvironment or the Stats interface
  on object paths other than /org/freedesktop/DBus. Some system services
  install unsafe security policy rules that allow arbitrary method calls
  to any destination, method and interface with a specified object path;
  while less bad than allowing arbitrary method calls, these security
  policies are still harmful, since dbus-daemon normally offers the
  same API on all object paths and other system services might behave
  similarly.

Other fixes:

• Add missing initialization so GetExtendedTcpTable doesn't crash on
  Windows Vista SP0 (fd.o #77008, Илья А. \ 
Ткаченко)

Log message:
make this less embarrassing: "fedora core" is no longer a thing.