[Ftp-release] Announcing dbus 1.12.10

Simon McVittie smcv at collabora.com
Fri Aug 3 00:00:18 UTC 2018


dbus is the reference implementation of D-Bus, a message bus for
communication between applications and system services.

This is a stable-branch bugfix release. Upgrading is recommended,
unless you are following an older security-fix-only stable branch
(1.10.x or 1.8.x).

<http://dbus.freedesktop.org/releases/dbus/dbus-1.12.10.tar.gz>
<http://dbus.freedesktop.org/releases/dbus/dbus-1.12.10.tar.gz.asc>
git tag: dbus-1.12.10

The “beam deflection” release.

Fixes:

• Prevent reading up to 3 bytes beyond the end of a truncated message.
  This could in principle be an information leak or denial of service
  on the system bus, but is not believed to be exploitable to crash
  the system bus or leak interesting information in practice.
  (fd.o #107332, Simon McVittie)

• Fix build with gcc 8 -Werror=cast-function-type
  (fd.o #107349, Simon McVittie)

• Fix warning from gcc 8 about suspicious use of strncpy() when
  populating struct sockaddr_un (fd.o #107350, Simon McVittie)

• Fix a minor memory leak when a DBusServer listens on a new address
  (fd.o #107194, Simon McVittie)

• Fix an invalid NULL argument to rmdir() if a nonce-tcp DBusServer
  runs out of memory (fd.o #107194, Simon McVittie)

• Don't use misleading errno-derived error names if getaddrinfo() or
  getnameinfo() fails with a code other than EAI_SYSTEM
  (fd.o #106395, Simon McVittie)

• Skip tests that require working TCP if we are in a container environment
  where 127.0.0.1 cannot be resolved (fd.o #106812, Simon McVittie)


More information about the Ftp-release mailing list