cpdb-libs 2.0b5
In the fifth beta release for cpdb-libs 2.0.0 we have made sure frontend/backend communication is pure D-Bus so that everything works also with sandboxed packaging and we have fixes several bugs, including a security issue.
- Removed browsing for backends via file system
The frontend should only shout into the D-Bus to find out which backends are available and to communicate with them. Depending on the way (for example sandboxed packaging, like Snap) how the frontend and backand are installed the frontend cannot access the host's or the backend's file systems (PR #27). - Limit scanned string length in
scanf()
/fscanf()
functions
cpdb-libs uses thefscanf()
andscanf()
functions to parse command lines and configuration files, dropping the read string components into fixed-length buffers, but does not limit the length of the strings to be read byfscanf()
andscanf()
causing buffer overflows when a string is longer than 1023 characters (CVE-2023-34095). - Fixed memory bugs leading to leaks and crashes (PR #26)
- Build system: Removed unnecessary lines in
tools/Makefile.am
Removed theTESTdir
andTEST_SCRIPTS
entries intools/Makefile.am
. They are not needed and letmake install
try to installrun-tests.sh
in the source directory, where it already is, causing an error.