This update for dbus-1 to version 1.8.22 fixes one security issue and bugs. The following security issue was fixed: - bsc#1003898: Do not treat ActivationFailure message received from root-owned systemd name as a format string. The following upstream changes are included: - Change the default configuration for the session bus to only allow EXTERNAL authentication , as was already done for the system bus. - Fix a memory leak when GetConnectionCredentials succeeds - Ensure that dbus-monitor does not reply to messages intended for others - Add locking to DBusCounter"s reference count and notify function - Ensure that DBusTransport"s reference count is protected by the corresponding DBusConnection"s lock - Correctly release DBusServer mutex before early-return if we run out of memory while copying authentication mechanisms - Correctly initialize all fields of DBusTypeReader - Fix some missing \n in verbose messages - Clean up some memory leaks in test code