Opened 2 weeks ago

Closed 3 days ago

#5663 closed enhancement (fixed)

dbus-1.16.2

Reported by: Bruce Dubbs Owned by: lfs-book
Priority: normal Milestone: 12.4
Component: Book Version: git
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (3)

comment:1 by Bruce Dubbs, 3 days ago

dbus 1.16.2 (2025-02-27)

Build system:

  • The branch used for development releases has been renamed to main. Please see CONTRIBUTING.md for details of how to update existing checkouts.

Bug fixes:

  • On Linux, fix build regression with libselinux ≥ 3.8 and verbose mode enabled

Internal changes:

  • Documentation updates

comment:2 by Bruce Dubbs, 3 days ago

Security fixes:

  • CVE-2024-8176 -- Fix crash from chaining a large number of entities caused by stack overflow by resolving use of recursion, for all three uses of entities:
    • general entities in character data ("<e>&g1;</e>")
    • general entities in attribute values ("<e k1='&g1;'/>")
    • parameter entities ("%p1;") Known impact is (reliable and easy) denial of service: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C (Base Score: 7.5, Temporal Score: 7.2) Please note that a layer of compression around XML can significantly reduce the minimum attack payload size.

Other changes:

  • Autotools: Make generated CMake files look for libexpat.@SO_MAJOR@.dylib on macOS
  • Autotools: Sync CMake templates with CMake 3.29
  • CMake: Drop support for CMake <3.13
  • CMake: Small fuzzing related improvements
  • docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4
  • docs: Document need for C++11 compiler for use from C++
  • tests/benchmark: Fix a (harmless) TOCTTOU
  • Windows: Fix installer target location of file xmlwf.xml for CMake
  • Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW
  • Address Cppcheck warnings
  • Mass-migrate links from http:// to https://

Document changes since the previous release

  • Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do

Infrastructure:

  • tests: Increase robustness
  • tests: Increase test coverage
  • Fuzzing: Add new fuzzer "xml_lpm_fuzzer" based on Google's libprotobuf-mutator ("LPM")
  • Fuzzing|CI: Start producing fuzzing code coverage reports
  • CI: Pass -q -q for LCOV >=2.1 in coverage.sh
  • CI: Small fuzzing related improvements
  • CI: Make GitHub Actions build using MSVC on Windows and produce 32bit and 64bit Windows binaries
  • CI: Get off of about-to-be-removed Ubuntu 20.04
  • CI: Start uploading to Coverity Scan for static analysis
  • CI: Stop loading DTD from the internet to address flaky CI
  • CI: Adapt to breaking changes in Cppcheck
Version 0, edited 3 days ago by Bruce Dubbs (next)

comment:3 by Bruce Dubbs, 3 days ago

Resolution: fixed
Status: newclosed

Fixed at commit 461741b243.

Note: See TracTickets for help on using tickets.