Opened 3 years ago

Closed 3 years ago

#11410 closed enhancement (fixed)

dbus-1.12.12 (Wait for LFS)

Reported by: Bruce Dubbs Owned by: Douglas R. Reno
Priority: high Milestone: 8.4
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (3)

comment:1 by Douglas R. Reno, 3 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 3 years ago

Priority: normalhigh
The “draconic disciple” release.

dbus version control is now hosted on freedesktop.org's Gitlab
installation, and bug reports and feature requests have switched from
Bugzilla bugs (indicated by "fd.o #nnn") to Gitlab issues ("dbus#nnn")
and merge requests ("dbus!nnn").

Enhancements:

• Reference the freedesktop.org Code of Conduct (Simon McVittie)

Fixes:

• Stop the dbus-daemon leaking memory (an error message) if delivering
  the message that triggered auto-activation is forbidden. This is
  technically a denial of service because the dbus-daemon will
  run out of memory eventually, but it's a very slow and noisy one,
  because all the rejected messages are also very likely to have
  been logged to the system log, and its scope is typically limited by
  the finite number of activatable services available.
  (dbus#234, Simon McVittie)

• Remove __attribute__((__malloc__)) attribute on dbus_realloc(),
  which does not meet the criteria for that attribute in gcc 4.7+,
  potentially leading to miscompilation (fd.o #107741, Simon McVittie)

• Fix some small O(1) memory leaks (fd.o #107320, Simon McVittie)

• Fix printf formats for pointer-sized integers on 64-bit Windows
  (fd.o #105662, Ralf Habacker)

• Always use select()-based poll() emulation on Darwin-based OSs
  (macOS, etc.) and on Interix, similar to what libcurl does
  (dbus#232, dbus!19; Simon McVittie)

• Extend a test timeout to avoid spurious failures in CI
  (dbus!26, Simon McVittie)

Tests and CI:

• Add Travis-CI builds for 64-bit Windows using mingw-w64
  (fd.o #105662, Ralf Habacker)

• Add Gitlab-CI integration (fd.o #108177, Simon McVittie)

This is classified as a security release, without a CVE. It's got a network-exploitable DoS vulnerability leading to out-of-memory/out-of-space conditions.

comment:3 by Douglas R. Reno, 3 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r20806

Note: See TracTickets for help on using tickets.