BDE 4.12.0 Release¶
Schedule¶
The BDE team announces that the BDE 4.12.0 production release was completed on Monday, August 12, 2024.
BDE 4.12.0 Release Highlights¶
Security Improvement to bdls::FilesystemUtil::remove¶
This release fixes CVE-2022-21658, which is a
time-of-check/time-of-use (TOCTOU) vulnerability that had affected bdls::FilesystemUtil::remove.
An attacker could replace a directory with a symbolic link after remove checked that it was a
directory, causing remove to delete the files pointed to by the attacker-controlled symlink. The
fix for this issue relies on the availability of ::unlinkat and ::openat, both of which are
available since POSIX-1-2008 to address exactly this kind of
TOCTOU issue.
bdlde_base64decoder Now 3-7x faster on Linux¶
This release adds vectorization to bdlde_base64decoder resulting in a 3-7x speedup in the common case
on Linux.
Thanks to Cameron Desrochers for the contribution!
baltzo TimeZone Support Updated for RHEL8¶
The baltzo time zone components have been updated to support the time zone data file format distributed
by default on Linux RHEL8.
The IANA Timezone data files on RHEL8 have an updated format containing a special sentinel transition that is
added by the timezone compiler with a timestamp of -(2**59) — a very large negative value. These datafiles
previously could not be loaded by the baltzo time zone components because the sentinel transition was outside
of the representable range of bdlt::Datetime.
baltzo::DataFileLoader::loadTimeZone() and baltzo::ZoneinfoBinaryReader::read() methods have been updated
to handle this new sentinel transition, replacing it with the sentinel transition at “Jan 01, 0001 00 00.000”
(i.e., the first representable BDE datetime value, bdlt::Datetime(1, 1, 1)). The original data file transitions
can still be obtained, for informational purposes, using baltzo::DataFileLoader::loadTimeZoneRaw() and
baltzo::ZoneinfoBinaryReader::readRaw() methods respectively.
Fixed DRQSs:¶
Summary |
|---|
bdls::FilesystemUtil::remove – fix security vulnerabilty |
balst_stacktraceresolverimpl_elf: DWARF (line #, file name) information failing |
Mismatch between bsls::AlignmentUtil::BSLS_MAX_ALIGNMENT and std::max_align_t |
Confirm contract for BlobUtilHexDumper |
baltzo: Errors when loading NY TZ record from RHEL8 environment |
Add operator<< to bslma::TestAllocator |
Optimize base64 decoder slightly for 3-7x speedup |
Ensure atomic operations are 2-s complement |
UBSAN: bdlbb_blobutil |
Address UBSAN issues in bdlsb_fixedmemoutput |
Address UBSAN issues in bslma_bslallocator |
Address UBSAN issues in bsls_atomic |
Reduce bdl clang-15 td warnings |
Reduce sim_cpp11_features spam |
Please correct lambda capture warning in bdlc_hashtable |
Further reduce bdl clang-15 td warnings |
BALM_METRICS_TIME_BLOCK macros incorrectly handle default MetricsManager replacement |
Reduce non-bsl nb warnings |
unsigned long type BALL log attributes not appearing in logged JSON |
bdls_FilesystemUtil::remove add ‘O_NONBLOCK’ to ::openat for balb_pipecontrolchannel.t.cpp |
Correct warnings introduced by bdlde_base64decoder.h line 991 |
Reduce bsl clang-15 warnings |
Please fix bdlcc_objectpool nightly test failures |
Please fix bslstl_function_invokerutil nightly failure |
please update bslstl_function_invokerutil_cpp03.t.cpp |
Reduce bsl clang-15 nb warnings |
Clean bdl nightly td warnings |
bdls::FilesystemUtil::remove – fails on Unix sockets |
Address UB in bslma_allocator.t |
Add MemorySanitizer annotation for backtrace |
Fix lifetime of stack array in ball_attributecontext.t.cpp |
Reduce bsl td warnings |
Correct bslma_polymorphicallocator.t.cpp deprecation warning |
‘dbg_asan_32’ is not build with Address Sanitizer on Windows with Visual Studio |