Patrick McCarty [Mon, 7 Oct 2013 19:39:15 +0000 (12:39 -0700)]
packaging: enable Smack support
Change-Id: Ib400feec8193bb5c98347b778e0aa92a30d954c3
Signed-off-by: Patrick McCarty <patrick.mccarty@linux.intel.com>
Chengwei Yang [Tue, 10 Sep 2013 10:26:16 +0000 (18:26 +0800)]
Install dbus directories
At previous, these directories owned by libdbus. However, the previous
commit 8eeae5f split libdbus into a separate .spec and doesn't install
these directoris.
These directoris are critical to dbus, for example, without
/etc/dbus-1/{system.d,session.d}, the dbus-daemon system bus and session
bus can not launch.
Change-Id: Ia98bd56171492c90e4a078b39adf08cc802cb955
Adrian Negreanu [Tue, 6 Aug 2013 12:02:04 +0000 (15:02 +0300)]
fix systemd->dbus->systemd circular dependency
extract libdbus and dbus-devel as separate packages
Change-Id: Ia097a2b3fee2911ee89000dd2d5762a112bf17f6
Signed-off-by: Adrian Negreanu <adrian.m.negreanu@intel.com>
Michael Leibowitz [Mon, 22 Jul 2013 12:56:06 +0000 (05:56 -0700)]
updating changelog
Brian McGillion [Mon, 6 Feb 2012 16:48:30 +0000 (18:48 +0200)]
Enforce smack policy from conf file
Brian McGillion [Mon, 6 Feb 2012 16:46:05 +0000 (18:46 +0200)]
Enable checking of smack context from DBus interface
Alexandru Cornea [Fri, 28 Jun 2013 20:42:49 +0000 (23:42 +0300)]
resetting manifest requested domain to floor
Anas Nashif [Wed, 19 Jun 2013 10:16:37 +0000 (06:16 -0400)]
Update to dbus 1.6.12
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Simon McVittie [Wed, 19 Jun 2013 14:31:03 +0000 (15:31 +0100)]
update changelog
- TZPC-3044, CVE-2013-2168: fix local denial of service (backport from 1.6.12)
- TZPC-1971: make libdbus thread-safe by default (backport from 1.7.4/1.7.6)
Simon McVittie [Tue, 16 Apr 2013 15:48:11 +0000 (16:48 +0100)]
Add a statically-initialized implementation of _dbus_lock() on glibc systems
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54972
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk>
Reviewed-by: Anas Nashif <anas.nashif@intel.com>
Bug-Tizen: TZPC-1971
Applied-upstream: 1.7.6, commit:
83aaa9f359e90d3b8cae5d17f6d9ba4600cff68b
Change-Id: Iee8ec5e2138ad8398efbe1cd16b46e61cee08670
Simon McVittie [Tue, 16 Apr 2013 15:37:51 +0000 (16:37 +0100)]
Always initialize threading before allocating a dynamic mutex
Dynamic allocation of mutexes can fail anyway, so this is easy.
Justification for not keeping the dummy mutex code-paths, even as an
opt-in thing for processes known to be high-performance and
single-threaded: real mutexes only cut the throughput of
test/dbus-daemon.c by a couple of percent on my laptop (from around
6700 to around 6600 messages per second), and libdbus crashes caused
by not calling dbus_threads_init_default() are sufficiently widespread
that they're wasting a lot of everyone's time.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54972
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk>
Reviewed-by: Anas Nashif <anas.nashif@intel.com>
Bug-Tizen: TZPC-1971
Applied-upstream: 1.7.6, commit:
08391b14616c248458e838691d068aa48dc70d18
Change-Id: I62e4fc541f6868ef44dc0654337b895e5392c16e
Simon McVittie [Tue, 16 Apr 2013 15:28:44 +0000 (16:28 +0100)]
Make taking a global lock automatically initialize locking if needed
This lets them be thread-safe by default, at the cost that they can
now fail.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54972
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk>
Reviewed-by: Anas Nashif <anas.nashif@intel.com>
Applied-upstream: 1.7.6, commit:
2b3272c75ae48c93911bd6f656965cf77d6de3e8
Bug-Tizen: TZPC-1971
Change-Id: I7e547e5776d37051ec8b6eccc2c8bd34b8d1996b
Simon McVittie [Tue, 16 Apr 2013 14:39:54 +0000 (15:39 +0100)]
Replace individual global-lock variables with an array of DBusRMutex *
This means we can use a much simpler code structure in data-slot
allocators: instead of giving them a DBusRMutex ** at first-allocation,
we can just give them an index into the array, which can be done
statically.
It doesn't make us any more thread-safe-by-default - the mutexes will
only actually be used if threads were already initialized - but it's
substantially better than nothing.
These locks really do have to be recursive: for instance,
internal_bus_get() calls dbus_bus_register() under the bus lock,
and dbus_bus_register() can call _dbus_connection_close_possibly_shared(),
which takes the bus lock.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54972
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Anas Nashif <anas.nashif@intel.com>
Applied-upstream: 1.7.6, commit:
c80c20af46c5f43dcbe672f2c6d8aec0e7f2bbd6
Bug-Tizen: TZPC-1971
Change-Id: I22a31a9278b5f9c88557c54723f86827a91de818
Simon McVittie [Tue, 16 Apr 2013 11:14:14 +0000 (12:14 +0100)]
Turn a runtime assertion into a compile-time assertion
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54972
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Applied-upstream: 1.7.4, commit:
24a9b93021908b6f2b20eaacc1b36fa8fb24edb4
Bug-Tizen: TZPC-1971
Reviewed-by: Anas Nashif <anas.nashif@intel.com>
Change-Id: I2784b0aa9046fba5a83065d32305c127a2a2dc78
Simon McVittie [Tue, 16 Apr 2013 11:14:02 +0000 (12:14 +0100)]
Remove unused global mutexes for win_fds, sid_atom_cache
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54972
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Applied-upstream: 1.7.4, commit:
d35f64339e401a7a47c1b088ef26e3dcb202cb9d
Bug-Tizen: TZPC-1971
Reviewed-by: Anas Nashif <anas.nashif@intel.com>
Change-Id: I9619eaf477eaf1763133772b95e3845dd7c2b62e
Simon McVittie [Tue, 16 Apr 2013 11:07:23 +0000 (12:07 +0100)]
dbus_threads_init_default, dbus_threads_init: be safe to call at any time
On Unix, we use a pthreads mutex, which can be allocated and
initialized in global memory.
On Windows, we use a CRITICAL_SECTION, together with a call to
InitializeCriticalSection() from the constructor of a global static
C++ object (thanks to Ralf Habacker for suggesting this approach).
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54972
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Applied-upstream: 1.7.4, commit:
17a23d08b51cf21a2110047649a86445e99e2b3f
Bug-Tizen: TZPC-1971
Reviewed-by: Anas Nashif <anas.nashif@intel.com>
Change-Id: Id6aa81b7d553965c4c6f511e2410673c2f222a66
Simon McVittie [Mon, 15 Apr 2013 12:54:39 +0000 (13:54 +0100)]
dbus_threads_init: call _dbus_threads_init_platform_specific()
This reverses the relationship between these two functions.
Previously, dbus_threads_init() wouldn't allocate dbus_cond_event_tls
on Windows, call check_monotonic_clock on Unix, or call
_dbus_check_setuid on Unix.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54972
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Applied-upstream: 1.7.4, commit:
eabf6c42a1b779f57f2c08d35772035788657579
Bug-Tizen: TZPC-1971
Change-Id: Ice70cf1f3e2202b72016daf619c89206b96aac47
Simon McVittie [Mon, 15 Apr 2013 12:51:19 +0000 (13:51 +0100)]
DBusAtomic: on Unix, use pthreads mutexes for fallback
On pthreads platforms, POSIX guarantees that we can "allocate" mutexes
as library-global variables, without involving malloc. This means we
don't need to error-check their allocation - if the dynamic linker
succeeds, then we have enough memory for all our globals - which is an
important step towards being thread-safe by default. In particular,
making atomic operations never rely on DBusMutex means that we are free
to implement parts of DBusMutex in terms of DBusAtomic, if it would help.
We do not currently support any non-Windows platform that does not have
pthreads. This is unlikely to change.
On Windows, we already used real atomic operations; we can just
delete the unused global variable.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54972
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Applied-upstream: 1.7.4, commit:
c36f21a2e91730e9ae52e8945305aa3072f0e508
Bug-Tizen: TZPC-1971
Change-Id: I91d99a86f25d49d63d79eebfe85767bb8cc66170
Simon McVittie [Mon, 15 Apr 2013 19:40:21 +0000 (20:40 +0100)]
Add _DBUS_GNUC_WARN_UNUSED_RESULT, similar to GLib's
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54972
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk>
Applied-upstream: 1.7.4, commit:
7ac9b68220a2f48bc2942aaa909d6ba1f4605f73
Bug-Tizen: TZPC-1971
Change-Id: I9944ae3a1e9901728bbc3bedbcc6474022db586f
Patrick McCarty [Fri, 7 Jun 2013 22:53:20 +0000 (15:53 -0700)]
packaging: ensure ownership for /var/lib/dbus
For x86_64 builds, %{_localstatedir}%{_libdir}/dbus expands to
/var/usr/lib64/dbus, which is incorrect.
This commit fixes the path in the spec to make sure the intended
directory, /var/lib/dbus, is created and owned by this package.
Change-Id: I60947c4e2c221ad2f83d01bd87dc76fc8f5e4433
Anas Nashif [Mon, 27 May 2013 03:43:02 +0000 (23:43 -0400)]
Update to 1.6.10
Anas Nashif [Sun, 26 May 2013 18:52:43 +0000 (14:52 -0400)]
update to 1.6.10
Simon McVittie [Tue, 16 Apr 2013 17:34:16 +0000 (18:34 +0100)]
Adapt for rebase onto upstream dbus-1.6.8 git tag
When building from git we need a BuildRequires on xmlto, since we can
no longer rely on the pre-generated HTML documentation from the tarball.
That pulls in libxslt-tools, which means dbus.devhelp is generated, so
the build fails because we weren't accounting for that; so explicitly
require libxslt-tools too (dbus uses it both via xmlto, and directly),
and package dbus.devhelp.
Change-Id: I7505fc6fd1e7c4fc23a53f349a4fdd18d88237ec
Anas Nashif [Thu, 28 Mar 2013 13:15:58 +0000 (06:15 -0700)]
Cleanup lib name in spec
Anas Nashif [Thu, 28 Mar 2013 13:15:12 +0000 (06:15 -0700)]
use libname directly
Anas Nashif [Fri, 22 Mar 2013 18:36:11 +0000 (11:36 -0700)]
Fixed package groups
Anas Nashif [Wed, 16 Jan 2013 03:13:39 +0000 (19:13 -0800)]
No OOMScoreAdjust for user session
Anas Nashif [Mon, 31 Dec 2012 15:56:22 +0000 (07:56 -0800)]
add user session units
Anas Nashif [Mon, 31 Dec 2012 15:50:37 +0000 (07:50 -0800)]
add user session units
Simon McVittie [Fri, 30 Nov 2012 16:52:54 +0000 (16:52 +0000)]
initial changelog
Simon McVittie [Thu, 29 Nov 2012 11:10:36 +0000 (11:10 +0000)]
regenerate packaging/dbus-x11.spec with ( cd packaging && sh pre_checkin.sh )
Otherwise, local builds with 'gbs build' try to apply the nonexistent
patch 0001-fix-sba-for-dbus-activation.patch, and fail.
Anas Nashif [Fri, 16 Nov 2012 18:45:18 +0000 (10:45 -0800)]
fixed splitting
Anas Nashif [Fri, 16 Nov 2012 18:25:40 +0000 (10:25 -0800)]
fixed splitting
Anas Nashif [Fri, 16 Nov 2012 18:24:32 +0000 (10:24 -0800)]
fixed splitting
Anas Nashif [Fri, 16 Nov 2012 17:26:26 +0000 (09:26 -0800)]
Fixed package splitting
split dbus-x11 correctly
Anas Nashif [Fri, 16 Nov 2012 01:50:16 +0000 (17:50 -0800)]
spec cleanup and removed patches
Simon Peeters [Sun, 7 Oct 2012 14:59:30 +0000 (16:59 +0200)]
Set correct address when using --address=systemd:
When dbus gets launched through systemd, we need to create an address
string based on the sockets passed.
The _dbus_append_addres_from_socket() function is responsible for
extracting the address information from the file-descriptor and
formatting it in a dbus friendly way.
This fixes bus activation when running dbus under a systemd session.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=50962
Signed-off-by: Simon Peeters <peeters.simon@gmail.com>
Applied-upstream: 1.7.0, commit:
d728fdc655f17031da3bb129ab2fd17dadf0fe3a
Anas Nashif [Tue, 30 Oct 2012 23:28:05 +0000 (16:28 -0700)]
add packaging
Simon McVittie [Wed, 12 Jun 2013 13:02:31 +0000 (14:02 +0100)]
Prepare embargoed release for tomorrow
Simon McVittie [Wed, 12 Jun 2013 12:56:39 +0000 (13:56 +0100)]
Add a test-case for CVE-2013-2168
Reviewed-by: Thiago Macieira <thiago@kde.org>
[build system adjusted to compile it even if we don't have GLib -smcv]
Simon McVittie [Mon, 10 Jun 2013 17:06:47 +0000 (18:06 +0100)]
CVE-2013-2168: _dbus_printf_string_upper_bound: copy the va_list for each use
Using a va_list more than once is non-portable: it happens to work
under the ABI of (for instance) x86 Linux, but not x86-64 Linux.
This led to _dbus_printf_string_upper_bound() crashing if it should
have returned exactly 1024 bytes. Many system services can be induced
to process a caller-controlled string in ways that
end up using _dbus_printf_string_upper_bound(), so this is a denial of
service.
Reviewed-by: Thiago Macieira <thiago@kde.org>
Simon McVittie [Wed, 12 Jun 2013 12:42:58 +0000 (13:42 +0100)]
NEWS for 1.6.x
Chengwei Yang [Thu, 6 Jun 2013 05:25:10 +0000 (13:25 +0800)]
Fix dbus-daemon crash due to invalid service file
dbus-daemon will crash due to invalid service file which key/value
starts before section. In that situation, new_line() will try to access
invalid address.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=60853
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Chengwei Yang [Fri, 31 May 2013 07:02:45 +0000 (15:02 +0800)]
Fix build error: unused-result
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Chengwei Yang [Wed, 29 May 2013 12:50:21 +0000 (20:50 +0800)]
When "activating" systemd, handle its special case better
When dbus-daemon receives a request to activate a systemd service before
systemd has connected to it, it enqueues a fake request to "activate"
systemd itself (as a way to get a BusPendingActivationEntry to track the
process of waiting for systemd). When systemd later joins the bus,
dbus-daemon sends the actual activation message; any future activation
messages are sent directly to systemd.
In the "pending" code path, the activation messages are currently
dispatched as though they had been sent by the same process that sent
the original activation request, which is wrong: the bus security
policy probably doesn't allow that process to talk to systemd directly.
They should be dispatched as though they had been sent by the
dbus-daemon itself (connection == NULL), the same as in the non-pending
code path.
In the worst case, if the attempt to activate systemd timed out, the
dbus-daemon would crash with a (fatal) warning, because in this special
case, activation_message is a signal with no serial number, whereas the
code to send an error reply is expecting a method call with a serial
number.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=50199
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com>
Tested-by: Ma Yu <yu.ma@intel.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Wed, 24 Apr 2013 19:30:00 +0000 (20:30 +0100)]
development version
Simon McVittie [Wed, 24 Apr 2013 11:14:57 +0000 (12:14 +0100)]
Prepare release 1.6.10
Simon McVittie [Mon, 22 Apr 2013 15:15:34 +0000 (16:15 +0100)]
NEWS for 1.6
Simon McVittie [Mon, 22 Apr 2013 14:36:32 +0000 (15:36 +0100)]
Accept non-characters when validating Unicode
Unicode Corrigendum #9 clarifies that the non-characters U+nFFFE
(for n in the range 0 to 0x10), U+nFFFF (for n in the same range),
and U+FDD0..U+FDEF are valid for interchange, and their presence
does not make a string ill-formed.
GLib 2.36 made the corresponding change in its definition of UTF-8
as used by g_utf8_validate() and similar functions.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=63072
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Fri, 5 Apr 2013 11:54:57 +0000 (12:54 +0100)]
Allow use of GLib 2.32 functionality, which we do conditionally
Simon McVittie [Mon, 18 Feb 2013 14:27:48 +0000 (14:27 +0000)]
Don't warn for functions deprecated since GLib 2.26
Also warn if we inadvertently use a function introduced since then.
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=59971
Reviewed-by: Colin Walters <walters@verbum.org>
Simon McVittie [Fri, 5 Apr 2013 11:47:07 +0000 (12:47 +0100)]
NEWS for 1.6
Dan Williams [Thu, 4 Apr 2013 15:49:18 +0000 (10:49 -0500)]
Don't access random memory if data slot isn't allocated yet
If DBUS_DISABLE_ASSERTS was turned on, and a buggy program called
dbus_connection_get_data() with a slot number less than zero (eg,
before even allocating the data slot), random memory would be
accessed and a random value returned. Anything less than zero
is not a valid slot number and should be rejected by libdbus.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=63127
Signed-off-by: Dan Williams <dcbw@redhat.com>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Wed, 3 Apr 2013 11:20:57 +0000 (12:20 +0100)]
NEWS for 1.6
Dagobert Michelsen [Wed, 3 Apr 2013 08:38:51 +0000 (10:38 +0200)]
If alloca.h is available it is required (e.g. on Solaris 10)
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=63071
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Tue, 12 Feb 2013 11:44:11 +0000 (11:44 +0000)]
NEWS for 1.6
Ralf Habacker [Wed, 5 Sep 2012 03:07:20 +0000 (05:07 +0200)]
Create missing directories in cmake <build-root>/bus/session.d and <build-root>/bus/system.d
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=41319
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Fri, 9 Nov 2012 16:02:53 +0000 (16:02 +0000)]
NEWS
Michel HERMIER [Fri, 9 Nov 2012 15:44:43 +0000 (15:44 +0000)]
Don't leak temporary fds pointing to /dev/null
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=56927
[commit message added -smcv]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Arun Raghavan [Fri, 12 Oct 2012 16:22:03 +0000 (21:52 +0530)]
Fix building with newer Valgrind
Newer valgrind (tried with 3.8.0) defines macros so that a terminating
semi-colon is required. This fixes usage to follow that convention.
[edited to remove comments that are no longer useful -smcv]
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=55932
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Tue, 2 Oct 2012 08:34:48 +0000 (09:34 +0100)]
activation helper: when compiled for tests, do not reset system bus address
Otherwise, the tests try to connect to the real system bus, which will
often fail - particularly if you run the tests configured for the default
/usr/local (with no intention of installing the result), in which case
the tests would try to connect to /usr/local/var/run/dbus/system_bus_socket.
Reviewed-by: Colin Walters <walters@verbum.org>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=52202
Simon McVittie [Tue, 2 Oct 2012 08:47:20 +0000 (09:47 +0100)]
Post-release version bump
Colin Walters [Fri, 28 Sep 2012 19:44:59 +0000 (15:44 -0400)]
Release 1.6.8
Colin Walters [Fri, 28 Sep 2012 19:31:47 +0000 (15:31 -0400)]
Revert "hardening: Use __secure_getenv() in *addition* to _dbus_check_setuid()"
Follow to reverting
a556443757b19fee67ef4441141246dd9cfed4f.
See https://bugs.freedesktop.org/show_bug.cgi?id=52202#c24
This reverts commit
d7ffad72146c2329692e0cf32eb1ac1dbb4fb51c.
Colin Walters [Fri, 28 Sep 2012 19:31:05 +0000 (15:31 -0400)]
Revert "hardening: Use __secure_getenv if available"
It breaks gnome-keyring-daemon at least in some
configurations; see
https://bugs.freedesktop.org/show_bug.cgi?id=52202#c24
This reverts commit
1a556443757b19fee67ef4441141246dd9cfed4f.
Colin Walters [Fri, 28 Sep 2012 17:20:14 +0000 (13:20 -0400)]
Resume development
Colin Walters [Fri, 28 Sep 2012 17:08:42 +0000 (13:08 -0400)]
Release 1.6.6
Geoffrey Thomas [Fri, 28 Sep 2012 05:02:06 +0000 (22:02 -0700)]
activation-helper: Ensure DBUS_STARTER_ADDRESS is set correctly
The fix for CVE-2012-3524 filters out all environment variables if
libdbus is used from a setuid program, to prevent various spoofing
attacks.
Unfortunately, the activation helper is a setuid program linking
libdbus, and this creates a regression for launched programs using
DBUS_STARTER_ADDRESS, since it will no longer exist.
Fix this by hardcoding the starter address to the default system bus
address.
Signed-off-by: Geoffrey Thomas <gthomas@mokafive.com>
Signed-off-by: Colin Walters <walters@verbum.org>
Colin Walters [Fri, 28 Sep 2012 16:01:56 +0000 (12:01 -0400)]
hardening: Remove activation helper handling for DBUS_VERBOSE
It's not really useful.
See https://bugs.freedesktop.org/show_bug.cgi?id=52202#c17
Colin Walters [Fri, 28 Sep 2012 14:05:59 +0000 (10:05 -0400)]
hardening: Use __secure_getenv() in *addition* to _dbus_check_setuid()
This is a further security measure for the case of Linux/glibc
when we're linked into a binary that's using filesystem capabilities
or SELinux domain transitions (i.e. not plain old setuid).
In this case, _dbus_getenv () will return NULL because it will
use __secure_getenv(), which handles those via AT_SECURE.
https://bugs.freedesktop.org/show_bug.cgi?id=52202
Colin Walters [Fri, 28 Sep 2012 01:35:22 +0000 (21:35 -0400)]
hardening: Ensure _dbus_check_setuid() is initialized threadsafe manner
This is a highly theoretical concern, but we might as well.
https://bugs.freedesktop.org/show_bug.cgi?id=52202
Colin Walters [Fri, 28 Sep 2012 01:29:29 +0000 (21:29 -0400)]
hardening: Use __secure_getenv if available
This helps us in the case where we were executed via filesystem
capabilities or a SELinux domain transition, not necessarily a plain
old setuid binary.
https://bugs.freedesktop.org/show_bug.cgi?id=52202
Colin Walters [Wed, 22 Aug 2012 14:03:34 +0000 (10:03 -0400)]
CVE-2012-3524: Don't access environment variables or run dbus-launch when setuid
This matches a corresponding change in GLib. See
glib/gutils.c:g_check_setuid().
Some programs attempt to use libdbus when setuid; notably the X.org
server is shipped in such a configuration. libdbus never had an
explicit policy about its use in setuid programs.
I'm not sure whether we should advertise such support. However, given
that there are real-world programs that do this currently, we can make
them safer with not too much effort.
Better to fix a problem caused by an interaction between two
components in *both* places if possible.
How to determine whether or not we're running in a privilege-escalated
path is operating system specific. Note that GTK+'s code to check
euid versus uid worked historically on Unix, more modern systems have
filesystem capabilities and SELinux domain transitions, neither of
which are captured by the uid comparison.
On Linux/glibc, the way this works is that the kernel sets an
AT_SECURE flag in the ELF auxiliary vector, and glibc looks for it on
startup. If found, then glibc sets a public-but-undocumented
__libc_enable_secure variable which we can use. Unfortunately, while
it *previously* worked to check this variable, a combination of newer
binutils and RPM break it:
http://www.openwall.com/lists/owl-dev/2012/08/14/1
So for now on Linux/glibc, we fall back to the historical Unix version
until we get glibc fixed.
On some BSD variants, there is a issetugid() function. On other Unix
variants, we fall back to what GTK+ has been doing.
Reported-by: Sebastian Krahmer <krahmer@suse.de>
Signed-off-by: Colin Walters <walters@verbum.org>
Simon McVittie [Mon, 3 Sep 2012 09:19:29 +0000 (10:19 +0100)]
NEWS
Brad Smith [Mon, 3 Sep 2012 09:12:02 +0000 (10:12 +0100)]
Detect MSG_NOSIGNAL and SCM_RIGHTS on OpenBSD
On OpenBSD, sys/socket.h requires sys/types.h to be included first.
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54418
Simon McVittie [Mon, 13 Aug 2012 19:13:16 +0000 (20:13 +0100)]
Revert "cmake: use the same default system bus address as for autotools"
This reverts commit
05b0b9e65b6a58f0b0cb56d6ee8cf100061250b3.
Simon McVittie [Mon, 13 Aug 2012 19:12:59 +0000 (20:12 +0100)]
Revert "Split DBUS_SESSION_BUS_DEFAULT_ADDRESS into listen, connect addresses and set better defaults"
This reverts commit
b5d36dc27d1905d4d46ad7f0097f0ea0e0776adb.
On second thoughts, this is too big a change for a stable branch.
Simon McVittie [Mon, 13 Aug 2012 18:57:13 +0000 (19:57 +0100)]
Split DBUS_SESSION_BUS_DEFAULT_ADDRESS into listen, connect addresses and set better defaults
On Unix, the connect address should basically always be "autolaunch:"
but the listen address has to be something you can listen on.
On Windows, you can listen on "autolaunch:" or
"autolaunch:scope=*install-path", for instance, and the dbus-daemon is
involved in the auto-launching process.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=38201
Reviewed-by: David Zeuthen <davidz@redhat.com>
[default address changed to autolaunch: for interop with GDBus -smcv]
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Wed, 4 Jan 2012 19:39:54 +0000 (19:39 +0000)]
cmake: use the same default system bus address as for autotools
The system bus is unsupported (and rather meaningless) on Windows anyway,
so we can use anything. Also, make it clear that it has to be a
"specific" address that can be listened on *and* connected to,
like unix:path=/xxx - a listen-only address like unix:tmpdir=/xxx or
nonce-tcp: would not be suitable.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=38201
Reviewed-by: David Zeuthen <davidz@redhat.com>
Simon McVittie [Thu, 9 Aug 2012 11:31:48 +0000 (12:31 +0100)]
NEWS
Jonathan Perkin [Thu, 9 Aug 2012 11:26:06 +0000 (12:26 +0100)]
Define __EXTENSIONS__ on Solaris to get sockaddr_in6 and sockaddr_storage
[smcv: comments updated, commit message added]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=53286
Jonathan Perkin [Thu, 9 Aug 2012 11:25:02 +0000 (12:25 +0100)]
Check HAVE_DECL_LOG_PERROR with #if, not #ifdef
It's always defined.
[smcv: commit message added]
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=53286
Simon McVittie [Wed, 18 Jul 2012 18:30:23 +0000 (19:30 +0100)]
1.6.5
Simon McVittie [Wed, 18 Jul 2012 17:11:49 +0000 (18:11 +0100)]
Prepare 1.6.4 release
Wolfgang Baron [Wed, 18 Jul 2012 17:09:44 +0000 (18:09 +0100)]
Fix launching of dbus-daemon on Windows in paths containing spaces
If dbus is installed in a path, which contains a space, dbus-launch will
not launch the daemon. That is so, because a command line is built from
just the path to the daemon and a parameter. The path has to be
surrounded with quotes. This can be done unconditionally, because the
quotes do not cause any trouble even if they are not needed.
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=49450
Simon McVittie [Tue, 3 Jul 2012 19:12:10 +0000 (20:12 +0100)]
NEWS
Simon McVittie [Tue, 3 Jul 2012 14:53:31 +0000 (15:53 +0100)]
Set enable-developer default to 'no'
Misplaced [] and () led to enable_developer=no being part of the
option's documentation instead of actually being the default value.
Regression in 1.6.2, caused by #34671.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51657
Bug-Debian: http://bugs.debian.org/680027
Reviewed-by: David Zeuthen <davidz@redhat.com>
Simon McVittie [Tue, 3 Jul 2012 08:26:27 +0000 (09:26 +0100)]
DBusTransport: do not assert that autolaunch address is non-empty
dbus-launch can apparently return an empty address under certain
circumstances, and dbus_parse_address() in the next line will return
a nice DBusError for an empty address rather than aborting the process.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51657
Bug-Debian: http://bugs.debian.org/680027
Reviewed-by: David Zeuthen <davidz@redhat.com>
Simon McVittie [Thu, 28 Jun 2012 15:49:01 +0000 (16:49 +0100)]
NEWS
Dave Reisner [Thu, 28 Jun 2012 14:50:46 +0000 (15:50 +0100)]
Properly concat DBUS_CONSOLE_AUTH_DIR with username
This removes the assumption that DBUS_CONSOLE_AUTH_DIR ends with a
trailing /.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51521
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Simon McVittie [Wed, 27 Jun 2012 17:52:53 +0000 (18:52 +0100)]
Resume development
Simon McVittie [Wed, 27 Jun 2012 16:48:33 +0000 (17:48 +0100)]
Second go at 1.6.2
Simon McVittie [Wed, 27 Jun 2012 10:33:29 +0000 (11:33 +0100)]
Revise NEWS to not mention --exit-with-x11
Simon McVittie [Wed, 27 Jun 2012 10:32:29 +0000 (11:32 +0100)]
Still recommend --exit-with-session in documentation, --exit-with-x11 was reverted
Simon McVittie [Wed, 27 Jun 2012 10:31:22 +0000 (11:31 +0100)]
Revert "dbus-launch: add --exit-with-x11 option"
This reverts commit
fcc656d430f53ad62c25e41d7e7bd880cbb726a0.
Simon McVittie [Mon, 25 Jun 2012 19:54:56 +0000 (20:54 +0100)]
Stop release preparation, --exit-with-x11 doesn't work
Simon McVittie [Mon, 25 Jun 2012 14:27:05 +0000 (15:27 +0100)]
Prepare 1.6.2
Simon McVittie [Mon, 25 Jun 2012 12:26:35 +0000 (13:26 +0100)]
Create /var/lib/dbus explicitly rather than as a side-effect
Since Automake 1.11.4, an empty localstatelib_DATA variable will not
create $(localstatelibdir) as a side-effect.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51406
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Lennart Poettering <lennart@poettering.net>
Simon McVittie [Mon, 25 Jun 2012 11:20:45 +0000 (12:20 +0100)]
dbus_pending_call_set_notify: don't leave the connection locked on OOM
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=51032
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Lennart Poettering <lennart@poettering.net>
Simon McVittie [Mon, 25 Jun 2012 12:16:53 +0000 (13:16 +0100)]
NEWS