Simon McVittie [Fri, 5 Apr 2013 11:47:07 +0000 (12:47 +0100)]
NEWS for 1.6
Dan Williams [Thu, 4 Apr 2013 15:49:18 +0000 (10:49 -0500)]
Don't access random memory if data slot isn't allocated yet
If DBUS_DISABLE_ASSERTS was turned on, and a buggy program called
dbus_connection_get_data() with a slot number less than zero (eg,
before even allocating the data slot), random memory would be
accessed and a random value returned. Anything less than zero
is not a valid slot number and should be rejected by libdbus.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=63127
Signed-off-by: Dan Williams <dcbw@redhat.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Wed, 3 Apr 2013 11:20:57 +0000 (12:20 +0100)]
NEWS for 1.6
Dagobert Michelsen [Wed, 3 Apr 2013 08:38:51 +0000 (10:38 +0200)]
If alloca.h is available it is required (e.g. on Solaris 10)
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=63071
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Tue, 12 Feb 2013 11:44:11 +0000 (11:44 +0000)]
NEWS for 1.6
Ralf Habacker [Wed, 5 Sep 2012 03:07:20 +0000 (05:07 +0200)]
Create missing directories in cmake <build-root>/bus/session.d and <build-root>/bus/system.d
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=41319
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Fri, 9 Nov 2012 16:02:53 +0000 (16:02 +0000)]
NEWS
Michel HERMIER [Fri, 9 Nov 2012 15:44:43 +0000 (15:44 +0000)]
Don't leak temporary fds pointing to /dev/null
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=56927
[commit message added -smcv]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Arun Raghavan [Fri, 12 Oct 2012 16:22:03 +0000 (21:52 +0530)]
Fix building with newer Valgrind
Newer valgrind (tried with 3.8.0) defines macros so that a terminating
semi-colon is required. This fixes usage to follow that convention.
[edited to remove comments that are no longer useful -smcv]
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=55932
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Tue, 2 Oct 2012 08:34:48 +0000 (09:34 +0100)]
activation helper: when compiled for tests, do not reset system bus address
Otherwise, the tests try to connect to the real system bus, which will
often fail - particularly if you run the tests configured for the default
/usr/local (with no intention of installing the result), in which case
the tests would try to connect to /usr/local/var/run/dbus/system_bus_socket.
Reviewed-by: Colin Walters <walters@verbum.org>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=52202
Simon McVittie [Tue, 2 Oct 2012 08:47:20 +0000 (09:47 +0100)]
Post-release version bump
Colin Walters [Fri, 28 Sep 2012 19:44:59 +0000 (15:44 -0400)]
Release 1.6.8
Colin Walters [Fri, 28 Sep 2012 19:31:47 +0000 (15:31 -0400)]
Revert "hardening: Use __secure_getenv() in *addition* to _dbus_check_setuid()"
Follow to reverting
a556443757b19fee67ef4441141246dd9cfed4f.
See https://bugs.freedesktop.org/show_bug.cgi?id=52202#c24
This reverts commit
d7ffad72146c2329692e0cf32eb1ac1dbb4fb51c.
Colin Walters [Fri, 28 Sep 2012 19:31:05 +0000 (15:31 -0400)]
Revert "hardening: Use __secure_getenv if available"
It breaks gnome-keyring-daemon at least in some
configurations; see
https://bugs.freedesktop.org/show_bug.cgi?id=52202#c24
This reverts commit
1a556443757b19fee67ef4441141246dd9cfed4f.
Colin Walters [Fri, 28 Sep 2012 17:20:14 +0000 (13:20 -0400)]
Resume development
Colin Walters [Fri, 28 Sep 2012 17:08:42 +0000 (13:08 -0400)]
Release 1.6.6
Geoffrey Thomas [Fri, 28 Sep 2012 05:02:06 +0000 (22:02 -0700)]
activation-helper: Ensure DBUS_STARTER_ADDRESS is set correctly
The fix for CVE-2012-3524 filters out all environment variables if
libdbus is used from a setuid program, to prevent various spoofing
attacks.
Unfortunately, the activation helper is a setuid program linking
libdbus, and this creates a regression for launched programs using
DBUS_STARTER_ADDRESS, since it will no longer exist.
Fix this by hardcoding the starter address to the default system bus
address.
Signed-off-by: Geoffrey Thomas <gthomas@mokafive.com>
Signed-off-by: Colin Walters <walters@verbum.org>
Colin Walters [Fri, 28 Sep 2012 16:01:56 +0000 (12:01 -0400)]
hardening: Remove activation helper handling for DBUS_VERBOSE
It's not really useful.
See https://bugs.freedesktop.org/show_bug.cgi?id=52202#c17
Colin Walters [Fri, 28 Sep 2012 14:05:59 +0000 (10:05 -0400)]
hardening: Use __secure_getenv() in *addition* to _dbus_check_setuid()
This is a further security measure for the case of Linux/glibc
when we're linked into a binary that's using filesystem capabilities
or SELinux domain transitions (i.e. not plain old setuid).
In this case, _dbus_getenv () will return NULL because it will
use __secure_getenv(), which handles those via AT_SECURE.
https://bugs.freedesktop.org/show_bug.cgi?id=52202
Colin Walters [Fri, 28 Sep 2012 01:35:22 +0000 (21:35 -0400)]
hardening: Ensure _dbus_check_setuid() is initialized threadsafe manner
This is a highly theoretical concern, but we might as well.
https://bugs.freedesktop.org/show_bug.cgi?id=52202
Colin Walters [Fri, 28 Sep 2012 01:29:29 +0000 (21:29 -0400)]
hardening: Use __secure_getenv if available
This helps us in the case where we were executed via filesystem
capabilities or a SELinux domain transition, not necessarily a plain
old setuid binary.
https://bugs.freedesktop.org/show_bug.cgi?id=52202
Colin Walters [Wed, 22 Aug 2012 14:03:34 +0000 (10:03 -0400)]
CVE-2012-3524: Don't access environment variables or run dbus-launch when setuid
This matches a corresponding change in GLib. See
glib/gutils.c:g_check_setuid().
Some programs attempt to use libdbus when setuid; notably the X.org
server is shipped in such a configuration. libdbus never had an
explicit policy about its use in setuid programs.
I'm not sure whether we should advertise such support. However, given
that there are real-world programs that do this currently, we can make
them safer with not too much effort.
Better to fix a problem caused by an interaction between two
components in *both* places if possible.
How to determine whether or not we're running in a privilege-escalated
path is operating system specific. Note that GTK+'s code to check
euid versus uid worked historically on Unix, more modern systems have
filesystem capabilities and SELinux domain transitions, neither of
which are captured by the uid comparison.
On Linux/glibc, the way this works is that the kernel sets an
AT_SECURE flag in the ELF auxiliary vector, and glibc looks for it on
startup. If found, then glibc sets a public-but-undocumented
__libc_enable_secure variable which we can use. Unfortunately, while
it *previously* worked to check this variable, a combination of newer
binutils and RPM break it:
http://www.openwall.com/lists/owl-dev/2012/08/14/1
So for now on Linux/glibc, we fall back to the historical Unix version
until we get glibc fixed.
On some BSD variants, there is a issetugid() function. On other Unix
variants, we fall back to what GTK+ has been doing.
Reported-by: Sebastian Krahmer <krahmer@suse.de>
Signed-off-by: Colin Walters <walters@verbum.org>
Simon McVittie [Mon, 3 Sep 2012 09:19:29 +0000 (10:19 +0100)]
NEWS
Brad Smith [Mon, 3 Sep 2012 09:12:02 +0000 (10:12 +0100)]
Detect MSG_NOSIGNAL and SCM_RIGHTS on OpenBSD
On OpenBSD, sys/socket.h requires sys/types.h to be included first.
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54418
Simon McVittie [Mon, 13 Aug 2012 19:13:16 +0000 (20:13 +0100)]
Revert "cmake: use the same default system bus address as for autotools"
This reverts commit
05b0b9e65b6a58f0b0cb56d6ee8cf100061250b3.
Simon McVittie [Mon, 13 Aug 2012 19:12:59 +0000 (20:12 +0100)]
Revert "Split DBUS_SESSION_BUS_DEFAULT_ADDRESS into listen, connect addresses and set better defaults"
This reverts commit
b5d36dc27d1905d4d46ad7f0097f0ea0e0776adb.
On second thoughts, this is too big a change for a stable branch.
Simon McVittie [Mon, 13 Aug 2012 18:57:13 +0000 (19:57 +0100)]
Split DBUS_SESSION_BUS_DEFAULT_ADDRESS into listen, connect addresses and set better defaults
On Unix, the connect address should basically always be "autolaunch:"
but the listen address has to be something you can listen on.
On Windows, you can listen on "autolaunch:" or
"autolaunch:scope=*install-path", for instance, and the dbus-daemon is
involved in the auto-launching process.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=38201
Reviewed-by: David Zeuthen <davidz@redhat.com>
[default address changed to autolaunch: for interop with GDBus -smcv]
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Wed, 4 Jan 2012 19:39:54 +0000 (19:39 +0000)]
cmake: use the same default system bus address as for autotools
The system bus is unsupported (and rather meaningless) on Windows anyway,
so we can use anything. Also, make it clear that it has to be a
"specific" address that can be listened on *and* connected to,
like unix:path=/xxx - a listen-only address like unix:tmpdir=/xxx or
nonce-tcp: would not be suitable.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=38201
Reviewed-by: David Zeuthen <davidz@redhat.com>
Simon McVittie [Thu, 9 Aug 2012 11:31:48 +0000 (12:31 +0100)]
NEWS
Jonathan Perkin [Thu, 9 Aug 2012 11:26:06 +0000 (12:26 +0100)]
Define __EXTENSIONS__ on Solaris to get sockaddr_in6 and sockaddr_storage
[smcv: comments updated, commit message added]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=53286
Jonathan Perkin [Thu, 9 Aug 2012 11:25:02 +0000 (12:25 +0100)]
Check HAVE_DECL_LOG_PERROR with #if, not #ifdef
It's always defined.
[smcv: commit message added]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=53286
Simon McVittie [Wed, 18 Jul 2012 18:30:23 +0000 (19:30 +0100)]
1.6.5
Simon McVittie [Wed, 18 Jul 2012 17:11:49 +0000 (18:11 +0100)]
Prepare 1.6.4 release
Wolfgang Baron [Wed, 18 Jul 2012 17:09:44 +0000 (18:09 +0100)]
Fix launching of dbus-daemon on Windows in paths containing spaces
If dbus is installed in a path, which contains a space, dbus-launch will
not launch the daemon. That is so, because a command line is built from
just the path to the daemon and a parameter. The path has to be
surrounded with quotes. This can be done unconditionally, because the
quotes do not cause any trouble even if they are not needed.
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=49450
Simon McVittie [Tue, 3 Jul 2012 19:12:10 +0000 (20:12 +0100)]
NEWS
Simon McVittie [Tue, 3 Jul 2012 14:53:31 +0000 (15:53 +0100)]
Set enable-developer default to 'no'
Misplaced [] and () led to enable_developer=no being part of the
option's documentation instead of actually being the default value.
Regression in 1.6.2, caused by #34671.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51657
Bug-Debian: http://bugs.debian.org/680027
Reviewed-by: David Zeuthen <davidz@redhat.com>
Simon McVittie [Tue, 3 Jul 2012 08:26:27 +0000 (09:26 +0100)]
DBusTransport: do not assert that autolaunch address is non-empty
dbus-launch can apparently return an empty address under certain
circumstances, and dbus_parse_address() in the next line will return
a nice DBusError for an empty address rather than aborting the process.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51657
Bug-Debian: http://bugs.debian.org/680027
Reviewed-by: David Zeuthen <davidz@redhat.com>
Simon McVittie [Thu, 28 Jun 2012 15:49:01 +0000 (16:49 +0100)]
NEWS
Dave Reisner [Thu, 28 Jun 2012 14:50:46 +0000 (15:50 +0100)]
Properly concat DBUS_CONSOLE_AUTH_DIR with username
This removes the assumption that DBUS_CONSOLE_AUTH_DIR ends with a
trailing /.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51521
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Wed, 27 Jun 2012 17:52:53 +0000 (18:52 +0100)]
Resume development
Simon McVittie [Wed, 27 Jun 2012 16:48:33 +0000 (17:48 +0100)]
Second go at 1.6.2
Simon McVittie [Wed, 27 Jun 2012 10:33:29 +0000 (11:33 +0100)]
Revise NEWS to not mention --exit-with-x11
Simon McVittie [Wed, 27 Jun 2012 10:32:29 +0000 (11:32 +0100)]
Still recommend --exit-with-session in documentation, --exit-with-x11 was reverted
Simon McVittie [Wed, 27 Jun 2012 10:31:22 +0000 (11:31 +0100)]
Revert "dbus-launch: add --exit-with-x11 option"
This reverts commit
fcc656d430f53ad62c25e41d7e7bd880cbb726a0.
Simon McVittie [Mon, 25 Jun 2012 19:54:56 +0000 (20:54 +0100)]
Stop release preparation, --exit-with-x11 doesn't work
Simon McVittie [Mon, 25 Jun 2012 14:27:05 +0000 (15:27 +0100)]
Prepare 1.6.2
Simon McVittie [Mon, 25 Jun 2012 12:26:35 +0000 (13:26 +0100)]
Create /var/lib/dbus explicitly rather than as a side-effect
Since Automake 1.11.4, an empty localstatelib_DATA variable will not
create $(localstatelibdir) as a side-effect.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51406
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Lennart Poettering <lennart@poettering.net>
Simon McVittie [Mon, 25 Jun 2012 11:20:45 +0000 (12:20 +0100)]
dbus_pending_call_set_notify: don't leave the connection locked on OOM
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51032
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Lennart Poettering <lennart@poettering.net>
Simon McVittie [Mon, 25 Jun 2012 12:16:53 +0000 (13:16 +0100)]
NEWS
Simon McVittie [Fri, 10 Feb 2012 12:09:48 +0000 (12:09 +0000)]
Enable Automake maintainer mode by default, but let distros disable it
See http://blogs.gnome.org/desrt/2011/09/08/am_maintainer_mode-is-not-cool/
for more information.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=34671
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Mon, 25 Jun 2012 10:55:22 +0000 (11:55 +0100)]
Set configure defaults from --enable-developer, not Automake maintainer mode
Automake maintainer mode isn't about whether you're a maintainer or not
(although its name would suggest that), it's about whether files that are
normally distributed in the tarball get regenerated. As such, it's
not really appropriate to use it to drive defaults for things like
assertions and extra test code.
The desired effect is that developers building from git normally get
tests and assertions, while distribution packagers don't.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=34671
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Colin Walters <walters@verbum.org>
Simon McVittie [Fri, 15 Jun 2012 15:03:39 +0000 (16:03 +0100)]
NEWS
Simon McVittie [Mon, 12 Mar 2012 15:40:30 +0000 (15:40 +0000)]
On Unix, link libdbus to a platform-specific threading library
On Linux, this is libpthread; on other Unixes, in principle it might be
called libpthreads or libthreads or something.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=47237
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Simon McVittie [Mon, 12 Mar 2012 14:15:48 +0000 (14:15 +0000)]
When not producing a dynamic library, define DBUS_STATIC_BUILD
When targeting Windows, linking against the static library requires
special effort to turn off DLL import/export processing. We normally
link some things against the dynamic library, but if we're not building
that, we'll have to link everything statically.
Based on patches from 'william' on fd.o #46367.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=33973
Tested-by: René Berber <Rene.Berber gmail com>
Simon McVittie [Fri, 15 Jun 2012 12:22:16 +0000 (13:22 +0100)]
NEWS
Simon McVittie [Tue, 7 Feb 2012 17:43:28 +0000 (17:43 +0000)]
Document that dbus-launch is not dbus-run-session
Architectural assumptions inside dbus-launch mean that it is unsuitable
for use in contexts where a particular process's lifetime defines the
session, unless there is an out-of-band mechanism (like the X server)
which can signal the end of the session.
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39197
Simon McVittie [Tue, 7 Feb 2012 17:00:46 +0000 (17:00 +0000)]
dbus-launch: revise recommendations and put them in an EXAMPLES section
The first thing we should talk about is how to get a D-Bus session in
your X session - that's the common case.
Secondarily, we can tell command-line addicts how to have a D-Bus session.
Do not recommend --exit-with-session here, since that polls (and reads
from) stdin, which is harmful to precisely those command-line users!
Until we have some better tool, the best we can do here is note that
the dbus-daemon is not automatically terminated.
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39197
Simon McVittie [Tue, 7 Feb 2012 16:58:01 +0000 (16:58 +0000)]
dbus-launch: add --exit-with-x11 option
This is more suitable for distributions' Xsession scripts: it verifies
that X is already available, and so never results in an attempt to poll
stdin.
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39197
Simon McVittie [Tue, 7 Feb 2012 16:55:05 +0000 (16:55 +0000)]
dbus-launch: if using X to define the session lifetime, do not poll stdin
dbus-launch --exit-with-session attempts to scope the session length
to various things:
- if DISPLAY points to an X server, exit when the X session ends
- if stdin is a terminal, exit when end-of-file is reached
- if both are true, exit when one of them happens, whichever is first
- if neither is true, fail
These are not particularly useful semantics: if the session is scoped to
the X session, then the terminal from which dbus-launch was launched
is irrelevant. This also causes practical problems when dbus-launch
consumes characters from the terminal from which it happens to have
been launched (some display managers, like slim and nodm, run users' X
sessions with stdin pointing to the terminal from which the init daemon
happens to have started the display manager during boot, usually tty1
on Linux).
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39197
Simon McVittie [Thu, 16 Jun 2011 10:56:30 +0000 (11:56 +0100)]
document how the various processes in dbus-launch interact
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39197
Simon McVittie [Tue, 5 Jun 2012 14:03:58 +0000 (15:03 +0100)]
Start 1.6.2 development
Simon McVittie [Tue, 5 Jun 2012 12:29:11 +0000 (13:29 +0100)]
Fix distcheck with newer Doxygen: remove *.js, too, during uninstall
Simon McVittie [Tue, 5 Jun 2012 12:27:23 +0000 (13:27 +0100)]
Fix distcheck: remove potentially-read-only files from builddir
During distcheck, the srcdir is read-only. During "make all", cp may
preserve the read-only status of the file copied from the srcdir,
resulting in failure to overwrite it with an identical file during
"make check" (which depends on all-local).
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Tue, 5 Jun 2012 12:14:07 +0000 (13:14 +0100)]
Prepare version 1.6.0 (new stable branch)
Simon McVittie [Fri, 24 Feb 2012 11:15:21 +0000 (11:15 +0000)]
_dbus_transport_new_for_tcp_socket: add missing commas to address
Ralf pointed out that the address doesn't round-trip correctly.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=45896
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Tested-by: Ralf Habacker <ralf.habacker@freenet.de>
Simon McVittie [Fri, 10 Feb 2012 15:22:16 +0000 (15:22 +0000)]
Remove duplicate nonce-tcp (service-side) transport on Windows
Turns out this was duplicated too. We can just use the
platform-independent version, which uses the same code.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=45896
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Tested-by: Ralf Habacker <ralf.habacker@freenet.de>
Simon McVittie [Fri, 10 Feb 2012 15:20:42 +0000 (15:20 +0000)]
Remove duplicate nonce-tcp (client side) transport on Windows
_dbus_transport_open_socket is called before
_dbus_transport_open_platform_specific, and now handles nonce-tcp, so
this version is no longer useful.
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=45896
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Tested-by: Ralf Habacker <ralf.habacker@freenet.de>
Simon McVittie [Wed, 25 Apr 2012 18:24:55 +0000 (19:24 +0100)]
Merge branch 'dbus-1.4'
Conflicts:
NEWS
dbus/dbus-internals.c
dbus/dbus-mainloop.c
dbus/dbus-sysdeps-unix.c
dbus/dbus-sysdeps-win.c
dbus/dbus-sysdeps.c
dbus/dbus-sysdeps.h
Simon McVittie [Wed, 25 Apr 2012 18:12:15 +0000 (19:12 +0100)]
NEWS
Antoine Jacoutot [Wed, 25 Apr 2012 18:04:07 +0000 (19:04 +0100)]
use cp and mkdir -p instead of install within source tree
$(INSTALL) and $(INSTALL_DATA) try to change ownerships to root:bin when
copying tests to builddir. Presumably this is a difference in behaviour
between GNU and BSD install(1): the one in GNU coreutils doesn't try-and-fail
to change ownership if you're not root.
[Commit message added by smcv]
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=48127
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
David Zeuthen [Thu, 12 Apr 2012 15:16:48 +0000 (11:16 -0400)]
Avoid using monotonic time in the DBUS_COOKIE_SHA1 authentication method
When libdbus-1 moved to using monotonic time support for the
DBUS_COOKIE_SHA1 authentication was broken, in particular
interoperability with non-libdbus-1 implementations such as GDBus.
The problem is that if monotonic clocks are available in the OS,
_dbus_get_current_time() will not return the number of seconds since
the Epoch so using it for DBUS_COOKIE_SHA1 will violate the D-Bus
specification. If both peers are using libdbus-1 it's not a problem
since both ends will use the wrong time and thus agree. However, if
the other end is another implementation and following the spec it will
not work.
First, we change _dbus_get_current_time() back so it always returns
time since the Epoch and we then rename it _dbus_get_real_time() to
make this clear. We then introduce _dbus_get_monotonic_time() and
carefully make all current users of _dbus_get_current_time() use it,
if applicable. During this audit, one of the callers,
_dbus_generate_uuid(), was currently using monotonic time but it was
decided to make it use real time instead.
Signed-off-by: David Zeuthen <davidz@redhat.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=48580
David Zeuthen [Thu, 12 Apr 2012 03:05:33 +0000 (23:05 -0400)]
Avoid using monotonic time in the DBUS_COOKIE_SHA1 authentication method
When libdbus-1 moved to using monotonic time support for the
DBUS_COOKIE_SHA1 authentication was broken, in particular
interoperability with non-libdbus-1 implementations such as GDBus.
The problem is that if monotonic clocks are available in the OS,
_dbus_get_current_time() will not return the number of seconds since
the Epoch so using it for DBUS_COOKIE_SHA1 will violate the D-Bus
specification. If both peers are using libdbus-1 it's not a problem
since both ends will use the wrong time and thus agree. However, if
the other end is another implementation and following the spec it will
not work.
First, we change _dbus_get_current_time() back so it always returns
time since the Epoch and we then rename it _dbus_get_real_time() to
make this clear. We then introduce _dbus_get_monotonic_time() and
carefully make all current users of _dbus_get_current_time() use it,
if applicable. During this audit, one of the callers,
_dbus_generate_uuid(), was currently using monotonic time but it was
decided to make it use real time instead.
Signed-off-by: David Zeuthen <davidz@redhat.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=48580
Simon McVittie [Tue, 27 Mar 2012 18:18:23 +0000 (19:18 +0100)]
1.5.13
Simon McVittie [Tue, 27 Mar 2012 16:25:25 +0000 (17:25 +0100)]
Prepare dbus 1.5.12
Simon McVittie [Tue, 27 Mar 2012 16:19:44 +0000 (17:19 +0100)]
Build _dbus_string_starts_with_c_str even if not building tests
It's used by the own_prefix implementation.
Simon McVittie [Tue, 27 Mar 2012 14:05:51 +0000 (15:05 +0100)]
Merge remote-tracking branch 'alban/own_prefix2'
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46273
Simon McVittie [Tue, 27 Mar 2012 13:52:24 +0000 (14:52 +0100)]
Merge branch 'dbus-1.4'
Conflicts:
NEWS
configure.ac
Simon McVittie [Tue, 27 Mar 2012 13:25:49 +0000 (14:25 +0100)]
Start 1.4.21
Simon McVittie [Tue, 27 Mar 2012 12:00:19 +0000 (13:00 +0100)]
Prepare version 1.4.20
Andoni Morales Alastruey [Wed, 14 Mar 2012 20:59:04 +0000 (21:59 +0100)]
Fix duplicate case value compiling with mingw-w64
In mingw-w64 both ESOMETHING and WSASOMETHING are defined,
leading to a duplicate case in the switch.
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=47321
Martin Pitt [Mon, 23 Jan 2012 11:11:24 +0000 (11:11 +0000)]
Port to glib 2.31.x g_thread API
g_thread_init() is deprecated since glib 2.24, call g_type_init() instead.
Bump glib requirement accordingly.
g_thread_create is deprecated since 2.31, use g_thread_new() instead. When
building with a glib earlier than 2.31, provide a backwards compatibility shim.
[Added a comment about why we're using g_type_init() in a test that
doesn't otherwise use GObject -smcv]
[Applied to 1.4 despite just being a deprecation fix because it also fixes
linking with GLib 2.32, in which gthread has been removed from gobject's
Requires and moved to Requires.private, Debian #665665 -smcv]
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=44413
Bug-Debian: http://bugs.debian.org/665665
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Alban Crequy [Wed, 21 Mar 2012 19:05:42 +0000 (19:05 +0000)]
test: enforce own_prefix policy rules
After parsing [allow|deny] rules with own_prefix, check they are enforced
correctly.
https://bugs.freedesktop.org/show_bug.cgi?id=46886
Alban Crequy [Sun, 4 Mar 2012 15:11:45 +0000 (15:11 +0000)]
test: parse own_prefix policy rules
Just check that the parser accept [allow|deny] rules with own_prefix
https://bugs.freedesktop.org/show_bug.cgi?id=46886
Alban Crequy [Wed, 21 Mar 2012 17:55:18 +0000 (17:55 +0000)]
policy: remove unused parameter
Alban Crequy [Sun, 4 Mar 2012 15:18:38 +0000 (15:18 +0000)]
doc: update documentation with own_prefix policy rules
https://bugs.freedesktop.org/show_bug.cgi?id=46886
Lennart Poettering [Fri, 11 Mar 2011 21:35:16 +0000 (22:35 +0100)]
transport: add new unixexec transport on Unix
The "unixexec:" transport will create a local AF_UNIX socket with
socketpair(), then fork and execute a binary on one side with STDIN and
STDOUT connected to it and then use the other side.
This is useful to implement D-Bus tunneling schemes, for example to get
a D-Bus connection to the system bus on a different host, similar how
udisks is already doing it. (udisks uses SSH TCP tunneling for this,
which is a bit ugly and less secure than this solution).
Suggested use is with connection strings like the following:
unixexec:path=ssh,argv1=foobar,argv2=system-bus-bridge
or:
unixexec:path=pkexec,argv1=system-bus-bridge
or even:
unixexec:path=sudo,argv1=system-bus-bridge
The first line would execute the binary 'system-bus-bridge' on host
'foobar' and then pass D-Bus traffic to it. This (hypothetical) bridge
binary would then forward the information to the local system bus.
The second and third line use this scheme locally to acquire a
privileged connection through pkexec resp. sudo: instead of connecting
directly to the bus, they use the same bridge binary which will forward
all information to the system bus.
The arguments of the protocol are 'path' for the first execlp()
argument, and argv0, argv1, and so on for the following arguments. argv0
can be left out in which case path will be used.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35230
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Lennart Poettering [Thu, 28 Jul 2011 03:33:46 +0000 (05:33 +0200)]
sysdeps-unix: introduce dbus_close_all() and make use of it where appropriate
This is optimized on Linux and enumerates through /proc/self/fd with a
fallback on brute-force closing of fds, in case /proc is not available.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35230
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Lennart Poettering [Thu, 2 Feb 2012 04:46:09 +0000 (05:46 +0100)]
spec: document unixexec transports
This adds a specification text for the new unixexec: transport.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=35230
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
John Bradshaw [Mon, 12 Mar 2012 13:53:05 +0000 (13:53 +0000)]
Fix spelling errors in dbus-launch(1)
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=47076
Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=675491
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Mon, 12 Mar 2012 11:55:27 +0000 (11:55 +0000)]
Merge branch 'dbus-1.4'
Simon McVittie [Mon, 26 Sep 2011 10:20:41 +0000 (11:20 +0100)]
Enumerate data files used in the build rather than using find(1)
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=33840
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
Alban Crequy [Sun, 4 Mar 2012 14:56:02 +0000 (14:56 +0000)]
policy: enforce policy on "allow own_prefix"
https://bugs.freedesktop.org/show_bug.cgi?id=46886
Alban Crequy [Sun, 4 Mar 2012 14:36:56 +0000 (14:36 +0000)]
config parser: add own_prefix
https://bugs.freedesktop.org/show_bug.cgi?id=46882
Simon McVittie [Tue, 28 Feb 2012 12:51:26 +0000 (12:51 +0000)]
Update NEWS
Simon McVittie [Mon, 13 Feb 2012 19:54:52 +0000 (19:54 +0000)]
Make dbus-daemon.exe --print-address work under Windows
The DBusPipe code was broken by commit
6e214b5b3c2837, which switched
from C runtime API to Win32 API for WinCE's benefit. In a DBusPipe,
fd_or_handle is in fact always a C runtime file descriptor, which can't
be used with the Win32 API (which expects a HANDLE).
This commit goes back to the C runtime API. It might cause WinCE support
to regress, but at least dbus-daemon.exe --print-address works again.
This is enough to make a few tests work under Wine when cross-compiling
from Linux to mingw-w64: in particular, this now works:
DBUS_TEST_DAEMON=bus/dbus-daemon.exe DBUS_TEST_DATA=test/data \
wine test/test-dbus-daemon.exe -p /echo/session
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=46049
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Simon McVittie [Fri, 24 Feb 2012 12:44:14 +0000 (12:44 +0000)]
Add a regression test for validating various string types with the public API
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39549
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
Simon McVittie [Fri, 24 Feb 2012 12:43:55 +0000 (12:43 +0000)]
Add dbus-syntax.[ch]
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=39549
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
Simon McVittie [Tue, 15 Nov 2011 13:11:03 +0000 (13:11 +0000)]
DBusBasicValue: add bool_val and fd members to complete the set
dbus_bool_t is the same as dbus_uint32_t, but if we have a separate
bool_val member, it's more obvious that people are getting it right.
It's not called bool because that's a keyword in C++.
int (for file descriptors) doesn't appear in the D-Bus message wire
format, but then again neither does char *, and
dbus_message_iter_get_basic() and friends can return an int (due to
internal index-into-array-of-fds -> fd remapping in libdbus).
In theory int might not be the same size as any of the dbus_intNN_t
types, and anyway it's easier to see that people are getting it right
if we make it explicit.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=11191
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
Simon McVittie [Mon, 10 Oct 2011 10:20:31 +0000 (11:20 +0100)]
Promote DBusBasicValue and DBus8ByteStruct to be API
In practice, D-Bus bindings end up reinventing DBusBasicValue anyway,
so it might as well be API.
Also stop claiming that all basic-typed values are guaranteed to fit in
8 bytes - this is not true if your platform has more than 8-byte pointers
(I'm not aware of any such platform now, but let's not rule it out).
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=11191
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Will Thompson <will.thompson@collabora.co.uk>
Simon McVittie [Tue, 21 Feb 2012 20:23:55 +0000 (20:23 +0000)]
Development version