From: Simon McVittie <smcv@debian.org>
Date: Fri, 28 Jul 2017 10:21:07 +0000 (+0100)
Subject: NEWS for #101858
X-Git-Tag: dbus-1.12.0~47^2~7
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=3cf2d6a1ca43253e5be916b8cfa30fd9ba1a2ef0;p=platform%2Fupstream%2Fdbus.git

NEWS for #101858
---

diff --git a/NEWS b/NEWS
index bef6193..37fcd42 100644
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,16 @@
 D-Bus 1.10.24 (UNRELEASED)
 ==
 
-...
+Fixes:
+
+• When parsing dbus-daemon configuration, tell Expat not to use
+  cryptographic-quality entropy as a salt for its hash tables: we trust
+  the configuration files, so we are not concerned about algorithmic
+  complexity attacks via hash table collisions. This prevents
+  dbus-daemon --system from holding up the boot process (and causing
+  early-boot system services like systemd, logind, networkd to time
+  out) on entropy-starved embedded systems.
+  (fd.o #101858, Simon McVittie)
 
 D-Bus 1.10.22 (2017-07-27)
 ==