NEWS for #101858

author Simon McVittie <smcv@debian.org>

Fri, 28 Jul 2017 10:21:07 +0000 (11:21 +0100)

committer Simon McVittie <smcv@debian.org>

Fri, 28 Jul 2017 10:21:07 +0000 (11:21 +0100)
author Simon McVittie <smcv@debian.org>
Fri, 28 Jul 2017 10:21:07 +0000 (11:21 +0100)
committer Simon McVittie <smcv@debian.org>
Fri, 28 Jul 2017 10:21:07 +0000 (11:21 +0100)
diff --git a/NEWS b/NEWS

index bef6193..37fcd42 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,16 @@
  D-Bus 1.10.24 (UNRELEASED)
  ==
  
-...
+Fixes:
+
+• When parsing dbus-daemon configuration, tell Expat not to use
+  cryptographic-quality entropy as a salt for its hash tables: we trust
+  the configuration files, so we are not concerned about algorithmic
+  complexity attacks via hash table collisions. This prevents
+  dbus-daemon --system from holding up the boot process (and causing
+  early-boot system services like systemd, logind, networkd to time
+  out) on entropy-starved embedded systems.
+  (fd.o #101858, Simon McVittie)
  
  D-Bus 1.10.22 (2017-07-27)
  ==
author	Simon McVittie <smcv@debian.org>
	Fri, 28 Jul 2017 10:21:07 +0000 (11:21 +0100)
committer	Simon McVittie <smcv@debian.org>
	Fri, 28 Jul 2017 10:21:07 +0000 (11:21 +0100)