From 3cf2d6a1ca43253e5be916b8cfa30fd9ba1a2ef0 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Fri, 28 Jul 2017 11:21:07 +0100 Subject: [PATCH] NEWS for #101858 --- NEWS | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index bef6193..37fcd42 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,16 @@ D-Bus 1.10.24 (UNRELEASED) == -... +Fixes: + +• When parsing dbus-daemon configuration, tell Expat not to use + cryptographic-quality entropy as a salt for its hash tables: we trust + the configuration files, so we are not concerned about algorithmic + complexity attacks via hash table collisions. This prevents + dbus-daemon --system from holding up the boot process (and causing + early-boot system services like systemd, logind, networkd to time + out) on entropy-starved embedded systems. + (fd.o #101858, Simon McVittie) D-Bus 1.10.22 (2017-07-27) == -- 2.7.4