[Ftp-release] Announcing dbus 1.12.10
Simon McVittie
smcv at collabora.com
Fri Aug 3 00:00:18 UTC 2018
dbus is the reference implementation of D-Bus, a message bus for
communication between applications and system services.
This is a stable-branch bugfix release. Upgrading is recommended,
unless you are following an older security-fix-only stable branch
(1.10.x or 1.8.x).
<http://dbus.freedesktop.org/releases/dbus/dbus-1.12.10.tar.gz>
<http://dbus.freedesktop.org/releases/dbus/dbus-1.12.10.tar.gz.asc>
git tag: dbus-1.12.10
The “beam deflection” release.
Fixes:
• Prevent reading up to 3 bytes beyond the end of a truncated message.
This could in principle be an information leak or denial of service
on the system bus, but is not believed to be exploitable to crash
the system bus or leak interesting information in practice.
(fd.o #107332, Simon McVittie)
• Fix build with gcc 8 -Werror=cast-function-type
(fd.o #107349, Simon McVittie)
• Fix warning from gcc 8 about suspicious use of strncpy() when
populating struct sockaddr_un (fd.o #107350, Simon McVittie)
• Fix a minor memory leak when a DBusServer listens on a new address
(fd.o #107194, Simon McVittie)
• Fix an invalid NULL argument to rmdir() if a nonce-tcp DBusServer
runs out of memory (fd.o #107194, Simon McVittie)
• Don't use misleading errno-derived error names if getaddrinfo() or
getnameinfo() fails with a code other than EAI_SYSTEM
(fd.o #106395, Simon McVittie)
• Skip tests that require working TCP if we are in a container environment
where 127.0.0.1 cannot be resolved (fd.o #106812, Simon McVittie)
More information about the Ftp-release
mailing list