platform/upstream/dbus.git
4 years agoactivation: fix indentation upgrade-to-1.12.16
Adrian Szyndela [Tue, 7 Apr 2020 15:19:58 +0000 (17:19 +0200)]
activation: fix indentation

4 years agodbus-transport: stop using orig_len outside its context
Adrian Szyndela [Tue, 7 Apr 2020 07:05:04 +0000 (09:05 +0200)]
dbus-transport: stop using orig_len outside its context

4 years agopackaging: update packaging for dbus-1.12.16
Adrian Szyndela [Tue, 7 Apr 2020 06:37:34 +0000 (08:37 +0200)]
packaging: update packaging for dbus-1.12.16

- spec: drop deprecated option --with-init-scripts
- spec: package new, installed files
- spec: acknowledge removing of dbus.socket from dbus.target.wants
- spec: add autoconf-archive build dependency
- acknowledge renaming HACKING to CONTRIBUTING.md
- spec: bump version to 1.12.16

4 years agoMerge dbus-1.12.16 into tizen
Adrian Szyndela [Tue, 7 Apr 2020 06:00:23 +0000 (08:00 +0200)]
Merge dbus-1.12.16 into tizen

dbus 1.12.16

4 years agoRevert "Add dependency to security-manager.socket" 09/229109/1 accepted/tizen/unified/20200406.133221 submit/tizen/20200402.112144
INSUN PYO [Mon, 30 Mar 2020 01:45:41 +0000 (10:45 +0900)]
Revert "Add dependency to security-manager.socket"

This reverts commit 8d7fa32af68f2ba1f5da3494ce6d50e8e7c2c034.

Change-Id: Iaf3890e804b87b7c6751237e0ef93b3ad5db9ceb

4 years agoRevert "Remove DefaultDependencies=no from dbus.socket" 52/228752/2
INSUN PYO [Wed, 25 Mar 2020 07:42:30 +0000 (07:42 +0000)]
Revert "Remove DefaultDependencies=no from dbus.socket"

This reverts commit 873bad7e9515fbafb8682fa6cdadfee629762e0d.

Change-Id: I642e8ca08d551320b56d97e682c969689640700f

4 years agopolicy: print policy denied complaint log for signal broadcasting 85/227485/1
sanghyeok.oh [Thu, 12 Mar 2020 06:13:44 +0000 (15:13 +0900)]
policy: print policy denied complaint log for signal broadcasting

Debugging is difficult due to lack of error information:
When the broadcast signal is blocked by dbus policy,
unlike other types of dbus messages,
dbus-daemon does not print any error logs,
it just passes an error message to the bus monitor.

Change-Id: I9c6c55530d64451403664ea1eee4b703360691eb

4 years agoauth: Reject DBUS_COOKIE_SHA1 for users other than the server owner 59/222259/1
Simon McVittie [Thu, 30 May 2019 11:53:03 +0000 (12:53 +0100)]
auth: Reject DBUS_COOKIE_SHA1 for users other than the server owner

The DBUS_COOKIE_SHA1 authentication mechanism aims to prove ownership
of a shared home directory by having the server write a secret "cookie"
into a .dbus-keyrings subdirectory of the desired identity's home
directory with 0700 permissions, and having the client prove that it can
read the cookie. This never actually worked for non-malicious clients in
the case where server uid != client uid (unless the server and client
both have privileges, such as Linux CAP_DAC_OVERRIDE or traditional
Unix uid 0) because an unprivileged server would fail to write out the
cookie, and an unprivileged client would be unable to read the resulting
file owned by the server.

Additionally, since dbus 1.7.10 we have checked that ~/.dbus-keyrings
is owned by the uid of the server (a side-effect of a check added to
harden our use of XDG_RUNTIME_DIR), further ruling out successful use
by a non-malicious client with a uid differing from the server's.

Joe Vennix of Apple Information Security discovered that the
implementation of DBUS_COOKIE_SHA1 was susceptible to a symbolic link
attack: a malicious client with write access to its own home directory
could manipulate a ~/.dbus-keyrings symlink to cause the DBusServer to
read and write in unintended locations. In the worst case this could
result in the DBusServer reusing a cookie that is known to the
malicious client, and treating that cookie as evidence that a subsequent
client connection came from an attacker-chosen uid, allowing
authentication bypass.

This is mitigated by the fact that by default, the well-known system
dbus-daemon (since 2003) and the well-known session dbus-daemon (in
stable releases since dbus 1.10.0 in 2015) only accept the EXTERNAL
authentication mechanism, and as a result will reject DBUS_COOKIE_SHA1
at an early stage, before manipulating cookies. As a result, this
vulnerability only applies to:

* system or session dbus-daemons with non-standard configuration
* third-party dbus-daemon invocations such as at-spi2-core (although
  in practice at-spi2-core also only accepts EXTERNAL by default)
* third-party uses of DBusServer such as the one in Upstart

Avoiding symlink attacks in a portable way is difficult, because APIs
like openat() and Linux /proc/self/fd are not universally available.
However, because DBUS_COOKIE_SHA1 already doesn't work in practice for
a non-matching uid, we can solve this vulnerability in an easier way
without regressions, by rejecting it early (before looking at
~/.dbus-keyrings) whenever the requested identity doesn't match the
identity of the process hosting the DBusServer.

Change-Id: I04d70bf97d78d25551e9adc217a4dd7652d428b6
Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: https://gitlab.freedesktop.org/dbus/dbus/issues/269
Closes: CVE-2019-12749

5 years agoRevert "tizen: Add additional unit for "unified" user session" 19/212319/2 accepted/tizen_5.5_unified_mobile_hotfix tizen_5.5_mobile_hotfix tizen_5.5_tv accepted/tizen/5.5/unified/20191031.005930 accepted/tizen/5.5/unified/mobile/hotfix/20201027.063100 accepted/tizen/unified/20190822.045457 submit/tizen/20190820.090809 submit/tizen_5.5/20191031.000006 submit/tizen_5.5_mobile_hotfix/20201026.185106 tizen_5.5.m2_release
Yunmi Ha [Tue, 20 Aug 2019 08:09:07 +0000 (08:09 +0000)]
Revert "tizen: Add additional unit for "unified" user session"

This reverts commit 662187a7597aaf9c9ad2a635944951e6174a36da.

We've optimized systemd-user without unified system/session.
So, we revert the patch for unified system/session.

Change-Id: I70ee37ebeda65e549c5f544d37d511cb6d54b757

5 years agopolicy: modify complaint log to print out matched rule 91/211091/1 accepted/tizen/unified/20190816.112439 submit/tizen/20190812.022819
sanghyeok.oh [Tue, 30 Jul 2019 03:01:33 +0000 (12:01 +0900)]
policy: modify complaint log to print out matched rule

Reconstruct rule with xml format.

Change-Id: I760f5c89f519672743a10fa15b66ac14b7e819a1
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
5 years agopolicy: change complaint log format of bus_client_policy_check_can_own() to print... 11/210611/1
sanghyeok.oh [Tue, 23 Jul 2019 02:43:40 +0000 (11:43 +0900)]
policy: change complaint log format of bus_client_policy_check_can_own() to print out connection log

Change-Id: Ib0fc3be8b07577da687a024f5c39178dad387644
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
5 years agokdbus: fix computing bloom filters 65/210465/1 accepted/tizen/unified/20190722.074825 submit/tizen/20190719.104741
Adrian Szyndela [Fri, 19 Jul 2019 08:23:27 +0000 (10:23 +0200)]
kdbus: fix computing bloom filters

The bloom filters computing had been implemented in the past, basing
on systemd. However, the reimplementation introduced two bugs:
- no clearing of 'p' variable;
- clearing of hash_index variable in a wrong place.

This fixes the bugs.

The same applies to glib.

Change-Id: Ie7c602c6bc881e38c62f41d482ab3785b03c5503

5 years agoRevert "Fix for smack error when dbus-daemon(session) accesses proc/cmdline" 37/210237/2 accepted/tizen/unified/20190717.220434 submit/tizen/20190717.061730
Hyotaek Shim [Wed, 17 Jul 2019 06:11:50 +0000 (06:11 +0000)]
Revert "Fix for smack error when dbus-daemon(session) accesses proc/cmdline"

This reverts commit c7fbfc743059b3e9988a359106ad459511b5ea78.

Change-Id: I86742a428f372ff6988a13df12694c550e2a53c2

5 years agogvariant: fix UBSan related code 24/208924/1 accepted/tizen/unified/20190702.114943 submit/tizen/20190701.095512
sanghyeok.oh [Mon, 1 Jul 2019 08:42:36 +0000 (17:42 +0900)]
gvariant: fix UBSan related code

fix Undefined Behavior Sanitizer error.

Change-Id: If3b68e68d4de753d0e66c0eeb07f626431057cbf
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
5 years agopolicy: add complaint log for bus_client_policy_check_can_own() 34/208234/3
sanghyeok.oh [Thu, 20 Jun 2019 07:11:01 +0000 (16:11 +0900)]
policy: add complaint log for bus_client_policy_check_can_own()

Change-Id: I4e67ff2258b11bab764f51cfe7e2ae01f2a11d49
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
5 years agoMerge "Remove unused DbusError to avoid memory leak." into tizen accepted/tizen/unified/20190624.115337 submit/tizen/20190624.005319
sanghyeok oh [Mon, 24 Jun 2019 00:52:11 +0000 (00:52 +0000)]
Merge "Remove unused DbusError to avoid memory leak." into tizen

5 years agoremove unused DBusError in kdbus_read_message() 89/207789/2
Himanshu Maithani [Tue, 28 May 2019 08:48:27 +0000 (14:18 +0530)]
remove unused DBusError in kdbus_read_message()

The function defines and initializes  local DBusError.
It is not used in kdbus_decode_msg() and function relies on assert for error.
So, remove the DBusError variable in kdbus_decode_msg().

Change-Id: Ic726f2a161f06766b081f1a98e83ff4f3834f75b
Signed-off-by: Himanshu Maithani <himanshu.m@samsung.com>
Signed-off-by: Gaurav Gupta <g.gupta@samsung.com>
5 years agoRemove unused DbusError to avoid memory leak. 80/207880/1
Gaurav Gupta [Thu, 13 Jun 2019 10:57:07 +0000 (16:27 +0530)]
Remove unused DbusError to avoid memory leak.

Pass NULL as error argument to avoid setting error string in dbus_validate_bus_name(), thus avoid possible memory leak.
We expect the name to be valid bus name (utf8) as it is fetched from the connection.
It will also optimize stack usage as "local_error" variable & dbus_error_init() function are called in for loop.

Other fix could be to check free "error" if it is set.
Signed-off-by: Gaurav Gupta <g.gupta@samsung.com>
Reviewed-by: Himanshu Maithani <himanshu.m@samsung.com>
Change-Id: I773211edd76b6591369bbaae5464971894481a28

5 years agofix: missing dbus_error_free in kdbus_write_msg_internal 88/207788/1 submit/tizen/20190624.001018
himanshu.m@samsung.com [Tue, 28 May 2019 06:31:55 +0000 (12:01 +0530)]
fix: missing dbus_error_free in kdbus_write_msg_internal

free message/name from the error in kdbus_write_msg_internal

Change-Id: I7f03abc0fc3f7c81e3725b3325f9e15209906e35
Signed-off-by: Himanshu Maithani <himanshu.m@samsung.com>
Signed-off-by: Gaurav Gupta <g.gupta@samsung.com>
5 years agoPrepare version 1.12.16 dbus-1.12.16
Simon McVittie [Sun, 9 Jun 2019 11:28:03 +0000 (12:28 +0100)]
Prepare version 1.12.16

Signed-off-by: Simon McVittie <smcv@collabora.com>
5 years agotest: Add basic test coverage for DBUS_COOKIE_SHA1
Simon McVittie [Thu, 30 May 2019 11:58:28 +0000 (12:58 +0100)]
test: Add basic test coverage for DBUS_COOKIE_SHA1

We don't actually complete successful authentication, because that
would require us to generate a cookie and compute the correct SHA1,
which is difficult to do in a deterministic authentication script.
However, we do assert that dbus#269 (CVE-2019-12749) has been fixed.

Signed-off-by: Simon McVittie <smcv@collabora.com>
5 years agoauth: Reject DBUS_COOKIE_SHA1 for users other than the server owner
Simon McVittie [Thu, 30 May 2019 11:53:03 +0000 (12:53 +0100)]
auth: Reject DBUS_COOKIE_SHA1 for users other than the server owner

The DBUS_COOKIE_SHA1 authentication mechanism aims to prove ownership
of a shared home directory by having the server write a secret "cookie"
into a .dbus-keyrings subdirectory of the desired identity's home
directory with 0700 permissions, and having the client prove that it can
read the cookie. This never actually worked for non-malicious clients in
the case where server uid != client uid (unless the server and client
both have privileges, such as Linux CAP_DAC_OVERRIDE or traditional
Unix uid 0) because an unprivileged server would fail to write out the
cookie, and an unprivileged client would be unable to read the resulting
file owned by the server.

Additionally, since dbus 1.7.10 we have checked that ~/.dbus-keyrings
is owned by the uid of the server (a side-effect of a check added to
harden our use of XDG_RUNTIME_DIR), further ruling out successful use
by a non-malicious client with a uid differing from the server's.

Joe Vennix of Apple Information Security discovered that the
implementation of DBUS_COOKIE_SHA1 was susceptible to a symbolic link
attack: a malicious client with write access to its own home directory
could manipulate a ~/.dbus-keyrings symlink to cause the DBusServer to
read and write in unintended locations. In the worst case this could
result in the DBusServer reusing a cookie that is known to the
malicious client, and treating that cookie as evidence that a subsequent
client connection came from an attacker-chosen uid, allowing
authentication bypass.

This is mitigated by the fact that by default, the well-known system
dbus-daemon (since 2003) and the well-known session dbus-daemon (in
stable releases since dbus 1.10.0 in 2015) only accept the EXTERNAL
authentication mechanism, and as a result will reject DBUS_COOKIE_SHA1
at an early stage, before manipulating cookies. As a result, this
vulnerability only applies to:

* system or session dbus-daemons with non-standard configuration
* third-party dbus-daemon invocations such as at-spi2-core (although
  in practice at-spi2-core also only accepts EXTERNAL by default)
* third-party uses of DBusServer such as the one in Upstart

Avoiding symlink attacks in a portable way is difficult, because APIs
like openat() and Linux /proc/self/fd are not universally available.
However, because DBUS_COOKIE_SHA1 already doesn't work in practice for
a non-matching uid, we can solve this vulnerability in an easier way
without regressions, by rejecting it early (before looking at
~/.dbus-keyrings) whenever the requested identity doesn't match the
identity of the process hosting the DBusServer.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: https://gitlab.freedesktop.org/dbus/dbus/issues/269
Closes: CVE-2019-12749

5 years agoStart 1.12.16 development
Simon McVittie [Fri, 17 May 2019 14:48:14 +0000 (15:48 +0100)]
Start 1.12.16 development

Signed-off-by: Simon McVittie <smcv@collabora.com>
5 years agoRelease 1.12.14 dbus-1.12.14
Simon McVittie [Fri, 17 May 2019 09:41:10 +0000 (10:41 +0100)]
Release 1.12.14

5 years agoapply default deny own policy 94/206094/1 accepted/tizen/unified/20190602.221846 submit/tizen/20190530.011453
sanghyeok.oh [Tue, 14 May 2019 07:38:22 +0000 (16:38 +0900)]
apply default deny own policy

Change default own policy from allow to deny.

Change-Id: Ifde07a31ea3e6b8c97a6b7aee093ff9bf67c301c
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
5 years agoUpdate NEWS
Simon McVittie [Mon, 13 May 2019 10:59:03 +0000 (11:59 +0100)]
Update NEWS

Signed-off-by: Simon McVittie <smcv@collabora.com>
5 years agobus: Try to raise soft fd limit to match hard limit
Simon McVittie [Mon, 11 Mar 2019 09:03:39 +0000 (09:03 +0000)]
bus: Try to raise soft fd limit to match hard limit

Linux systems have traditionally set the soft limit to 1024 and the hard
limit to 4096. Recent versions of systemd keep the soft fd limit at
1024 to avoid breaking programs that still use select(), but raise the
hard limit to 512*1024, while in recent Debian versions a complicated
interaction between components gives a soft limit of 1024 and a hard
limit of 1024*1024. If we can, we might as well elevate our soft limit
to match the hard limit, minimizing the chance that we will run out of
file descriptor slots.

Unlike the previous code to raise the hard and soft limits to at least
65536, we do this even if we don't have privileges: privileges are
unnecessary to raise the soft limit up to the hard limit.

If we *do* have privileges, we also continue to raise the hard and soft
limits to at least 65536 if they weren't already that high, making
it harder to carry out a denial of service attack on the system bus on
systems that use the traditional limit (CVE-2014-7824).

As was previously the case on the system bus, we'll drop the limits back
to our initial limits before we execute a subprocess for traditional
(non-systemd) activation, if enabled.

systemd activation doesn't involve us starting subprocesses at all,
so in both cases activated services will still inherit the same limits
they did previously.

This change also fixes a bug when the hard limit is very large but
the soft limit is not, for example seen as a regression when upgrading
to systemd >= 240 (Debian #928877). In such environments, dbus-daemon
would previously have changed its fd limit to 64K soft/64K hard. Because
this hard limit is less than its original hard limit, it was unable to
restore its original hard limit as intended when carrying out traditional
activation, leaving activated subprocesses with unintended limits (while
logging a warning).

Reviewed-by: Lennart Poettering <lennart@poettering.net>
[smcv: Correct a comment based on Lennart's review, reword commit message]
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 7eacbfece70f16bb54d0f3ac51f87ae398759ef5)
[smcv: Mention that this also fixes Debian #928877]

5 years agocmake: Avoid overwriting PKG_CONFIG_PATH env var
Clemens Lang [Fri, 8 Feb 2019 14:48:15 +0000 (15:48 +0100)]
cmake: Avoid overwriting PKG_CONFIG_PATH env var

The CMake config file installed by DBus will run in the context of other
projects. Consequently, changing the value of the PKG_CONFIG_DIR,
PKG_CONFIG_PATH or PKG_CONFIG_LIBDIR environment variables will affect
any further calls to pkg-config made by such projects, which can cause
problems.

A common case of this happening are pkg-config files installed in
usr/share/pkgconfig for .pc files that are architecture-independent, as
for example systemd does.

Avoid clobbering the environment variables by saving and restoring their
values. Note that for some of the variables, setting them to an empty
string is different from not setting them at all.

Signed-off-by: Clemens Lang <clemens.lang@bmw-carit.de>
(cherry picked from commit 3525cc045d4c683dfc6048f5be795cc372c323a3)
Closes: dbus#267

5 years agocoverity fix 13/205813/6
sanghyeok.oh [Thu, 9 May 2019 08:57:53 +0000 (17:57 +0900)]
coverity fix

Change-Id: Iac35795aaa9a0640c83b59ddb6fb5dc18435746f
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
5 years agotizen: Add additional unit for "unified" user session 32/204132/4 accepted/tizen/unified/20190510.111111 submit/tizen/20190509.015828
Mateusz Moscicki [Fri, 19 Apr 2019 10:53:02 +0000 (12:53 +0200)]
tizen: Add additional unit for "unified" user session

The unified user session is about moving user session units, managed by
systemd --user, to main systemd, where it's managed as part of newly
created user@.target.

user@.target will contain same units as previously available in user/,
with same UID and environment setup.  systemd instance is used for unit
to be able to specify UID (inherited from user@.target).

The rationale behind this work is following:

* VD requirement to remove user session support
* boot time optimization requirements, due to:

   + 'systemd --user' taking 1s its own startup that could be used for
     unit startup
   + ability to better rearrange units if these managed by one systemd
     instance

Unit installed by this commit will not be used till user login mechanism
will be changed in systemd package (via changing pam_systemd to start
user@.target, rather than user@.service).

Change-Id: I524768f116ca91d812ae0884adbb300e52817975

5 years agoRemove DefaultDependencies=no from dbus.socket 32/205132/1 accepted/tizen/unified/20190503.075041 submit/tizen/20190502.044443
INSUN PYO [Mon, 29 Apr 2019 09:59:33 +0000 (18:59 +0900)]
Remove DefaultDependencies=no from dbus.socket

Change-Id: I1f1b72c237451aa04da92195c696a0387cad9e18

5 years agodbus-daemon: Don't create /tmp/dbus_launch 52/204852/2 accepted/tizen/unified/20190430.113428 submit/tizen/20190429.043102
INSUN PYO [Mon, 29 Apr 2019 00:33:16 +0000 (09:33 +0900)]
dbus-daemon: Don't create /tmp/dbus_launch

VD only uses /tmp/dbus_launch
- VD target: use /tmp/dbus_launch generated by systemd in kdbus
- VD emulator: use /tmp/dbus_launch generated by dbus-daemon that uses VD plugin drop-in

Change-Id: If2120a016015ee76c589416dab7cc6c96ee21b05

5 years agoAdd dependency to security-manager.socket 51/204351/2 accepted/tizen/unified/20190429.103648 submit/tizen/20190426.023004
INSUN PYO [Tue, 23 Apr 2019 08:07:39 +0000 (17:07 +0900)]
Add dependency to security-manager.socket

dbus-daemon connect to security-manager.service to get getgrouplist.

(gdb) bt
0  security_manager_groups_get_for_user (uid=0, groups=groups@entry=0xfffef754, groups_count=groups_count@entry=0xfffef758) at /usr/src/debug/security-manager-1.5.3/src/client/client-security-manager.cpp:1391
1  0xf71faa14 in _nss_securitymanager_initgroups_dyn (user=0x443f70 "root", group_gid=<optimized out>, start=0xfffef7cc, size=0xfffef800, groupsp=0xfffef804, limit=-1, errnop=0xf77ea11c)
    at /usr/src/debug/security-manager-1.5.3/src/nss/nss_securitymanager.cpp:109
2  0xf759f204 in internal_getgrouplist (user=0x1 <error: Cannot access memory at address 0x1>, user@entry=0x443f70 "root", group=124, group@entry=0, size=0xfffef800, size@entry=0xfffef7f8, groupsp=0xfffef804, groupsp@entry=0xfffef7fc,
    limit=limit@entry=-1) at initgroups.c:112
3  0xf759f45c in getgrouplist (user=user@entry=0x443f70 "root", group=0, groups=groups@entry=0x443f90, ngroups=ngroups@entry=0xfffef834) at initgroups.c:170
4  0xf778d940 in fill_user_info (info=info@entry=0x442ce0, uid=uid@entry=0, username=username@entry=0x0, error=0x1c, error@entry=0xfffef8b0) at dbus-sysdeps-unix.c:2410
5  0xf778db24 in _dbus_user_info_fill_uid (info=info@entry=0x442ce0, uid=uid@entry=0, error=error@entry=0xfffef8b0) at dbus-sysdeps-unix.c:2534
6  0xf7790b24 in _dbus_user_database_lookup (db=db@entry=0x4424c0, uid=<optimized out>, username=username@entry=0x0, error=error@entry=0xfffef8b0) at dbus-userdb.c:176
7  0xf7790d64 in _dbus_user_database_get_uid (db=db@entry=0x4424c0, uid=<optimized out>, info=0xfffef8ac, info@entry=0xfffef8a4, error=error@entry=0xfffef8b0) at dbus-userdb.c:662
8  0xf7790dc8 in init_system_db () at dbus-userdb.c:247
9  0xf7790f4c in init_system_db () at dbus-userdb.c:238
10 _dbus_user_database_get_system () at dbus-userdb.c:340
11 0x00421e58 in _dbus_get_user_id_and_primary_group (username=0xfffef928, uid_p=0x442584, gid_p=0x0) at dbus-userdb-util.c:210
12 0x0040f344 in start_busconfig_child (error=0xfffef9b8, attribute_values=0x0, attribute_names=0x4404f8, element_name=0x4399e0 "\250\230\003", parser=0x440d08) at config-parser.c:1048
13 bus_config_parser_start_element (parser=0x440d08, element_name=element_name@entry=0x442478 "policy", attribute_names=attribute_names@entry=0x4404f8, attribute_values=attribute_values@entry=0x442568, error=0xfffefc08) at config-parser.c:1919
14 0x0041ecc8 in expat_StartElementHandler (userData=0xfffefb18, name=0x442478 "policy", atts=0x440710) at config-loader-expat.c:107
15 0xf76c84a0 in doContent (parser=parser@entry=0x440518, startTagLevel=startTagLevel@entry=0, enc=enc@entry=0xf76e8a50 <utf8_encoding>,
    s=s@entry=0x4414d0 "<busconfig>\n\n  <type>accessibility</type>\n\n<servicedir>/usr/share/dbus-1/accessibility-services</servicedir>\n  <auth>EXTERNAL</auth>\n\n  <listen>unix:tmpdir=/tmp</listen>\n\n  <policy user=\"owner\">\n    <"...,
    end=end@entry=0x441957 "", nextPtr=nextPtr@entry=0x440530, haveMore=haveMore@entry=0 '\000') at xmlparse.c:2890
16 0xf76c8ca0 in contentProcessor (parser=parser@entry=0x440518,
    start=start@entry=0x4414d0 "<busconfig>\n\n  <type>accessibility</type>\n\n<servicedir>/usr/share/dbus-1/accessibility-services</servicedir>\n  <auth>EXTERNAL</auth>\n\n  <listen>unix:tmpdir=/tmp</listen>\n\n  <policy user=\"owner\">\n    <"..., end=end@entry=0x441957 "", endPtr=endPtr@entry=0x440530) at xmlparse.c:2552
17 0xf76c9d9e in doProlog (parser=parser@entry=0x440518, enc=0xf76e8a50 <utf8_encoding>,
    s=0x4414d0 "<busconfig>\n\n  <type>accessibility</type>\n\n<servicedir>/usr/share/dbus-1/accessibility-services</servicedir>\n  <auth>EXTERNAL</auth>\n\n  <listen>unix:tmpdir=/tmp</listen>\n\n  <policy user=\"owner\">\n    <"...,
    s@entry=0x441440 "<!DOCTYPE busconfig PUBLIC \"-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN\" \"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd\">\n<busconfig>\n\n  <type>accessibility</type>\n\n<servicedir>/"...,
    end=0x441957 "", tok=<optimized out>, next=<optimized out>,
    next@entry=0x441449 " busconfig PUBLIC \"-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN\" \"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd\">\n<busconfig>\n\n  <type>accessibility</type>\n\n<servicedir>/usr/share"...,
    nextPtr=nextPtr@entry=0x440530, haveMore=haveMore@entry=0 '\000') at xmlparse.c:4579
18 0xf76ca2da in prologProcessor (parser=0x440518,
    s=0x441440 "<!DOCTYPE busconfig PUBLIC \"-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN\" \"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd\">\n<busconfig>\n\n  <type>accessibility</type>\n\n<servicedir>/"...,
    end=<optimized out>, nextPtr=0x440530) at xmlparse.c:4293
19 0xf76cb678 in XML_ParseBuffer (parser=0x440518, len=<optimized out>, isFinal=1) at xmlparse.c:1988
20 0x0041eebc in bus_config_load (file=file@entry=0xfffefc18, is_toplevel=is_toplevel@entry=1, parent=parent@entry=0x0, error=0xfffefc08, error@entry=0x406824 <main+960>) at config-loader-expat.c:245
21 0x0040a890 in bus_context_new (config_file=0xfffefc18, flags=(BUS_CONTEXT_FLAG_FORK_NEVER | BUS_CONTEXT_FLAG_WRITE_PID_FILE), print_addr_pipe=0xfffefc00, print_pid_pipe=0xfffefc04, address=0x0, error=0xfffefc08) at bus.c:797
22 0x00406824 in main (argc=<optimized out>, argv=<optimized out>) at main.c:634

Change-Id: Ic1ee03c3e760506e72032247da36b2567d903ba3

5 years agoMerge branch 'cherry-pick-14f46d14' into 'dbus-1.12'
Simon McVittie [Thu, 18 Apr 2019 16:09:06 +0000 (16:09 +0000)]
Merge branch 'cherry-pick-14f46d14' into 'dbus-1.12'

build: Don't assume we can set permissions on a directory

See merge request dbus/dbus!112

5 years agobuild: Don't assume we can set permissions on a directory
Simon McVittie [Wed, 17 Apr 2019 15:32:01 +0000 (15:32 +0000)]
build: Don't assume we can set permissions on a directory

MSYS2 has enough of a Unixish environment to run Autotools, but
apparently not enough of a Unixish environment to have functional
permissions.

Closes: dbus#216

(cherry picked from commit 14f46d14a0526f137f81a3fff5d32f26733323cd)

5 years agoMerge branch '1-12-logical-op' into 'dbus-1.12'
Simon McVittie [Wed, 17 Apr 2019 15:19:01 +0000 (15:19 +0000)]
Merge branch '1-12-logical-op' into 'dbus-1.12'

Backport -Wlogical-op fixes to 1.12.x

See merge request dbus/dbus!109

5 years agoMerge branch '1-12-code-coverage' into 'dbus-1.12'
Simon McVittie [Wed, 17 Apr 2019 15:18:42 +0000 (15:18 +0000)]
Merge branch '1-12-code-coverage' into 'dbus-1.12'

Adapt to API change in AX_CODE_COVERAGE version 28

See merge request dbus/dbus!108

5 years ago_dbus_get_is_errno_eagain_or_ewouldblock: Avoid warning
David King [Fri, 12 Oct 2018 15:20:39 +0000 (16:20 +0100)]
_dbus_get_is_errno_eagain_or_ewouldblock: Avoid warning

EAGAIN and EWOULDBLOCK are documented to possibly be numerically equal,
for instance in errno(3), and a simple logical OR check will trigger the
-Wlogical-op warning of GCC. The GCC developers consider the warning to
work as-designed in this case:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69602

Avoid such a warning by explicitly checking if the values are identical.

Fixes: https://gitlab.freedesktop.org/dbus/dbus/issues/225
Signed-off-by: David King <dking@redhat.com>
Reviewed-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit a65319134209d39f5eb6e5425ec6a35fad05bcd7)

5 years agodbus-send: Avoid duplicated-branches warning
David King [Wed, 17 Oct 2018 07:33:25 +0000 (08:33 +0100)]
dbus-send: Avoid duplicated-branches warning

Switch the order of the argument checks to avoid the
-Wduplicated-branches warning.

Signed-off-by: David King <dking@redhat.com>
Reviewed-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit c0bf0d185d72e20e70da9a98e13f69e19f2a87d5)

5 years agodesktop-file: Justify implementation of is_valid_section_name()
Simon McVittie [Thu, 18 Oct 2018 14:34:09 +0000 (15:34 +0100)]
desktop-file: Justify implementation of is_valid_section_name()

Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 99580298f305e1e2426f0c016d797a1ff9ea0b79)

5 years agois_valid_section_name: Fix logical expression
David King [Fri, 12 Oct 2018 12:58:43 +0000 (13:58 +0100)]
is_valid_section_name: Fix logical expression

Group names in desktop files may contain all ASCII characters, except
control characters and '[' and ']'. Rather than accepting all values,
thanks to a logical operator confusion found by GCC warning
-Wlogical-op, instead explicitly reject the invalid values.

Signed-off-by: David King <dking@redhat.com>
Fixes: https://gitlab.freedesktop.org/dbus/dbus/issues/208
(cherry picked from commit 3ef9e789c1b99f420078f4debabd4f5c4fa0a748)

5 years agoAdapt to API change in AX_CODE_COVERAGE version 28
Simon McVittie [Mon, 21 Jan 2019 17:51:07 +0000 (17:51 +0000)]
Adapt to API change in AX_CODE_COVERAGE version 28

AX_CODE_COVERAGE recently changed the way it embedded its Makefile rules
in the output file: instead of using @CODE_COVERAGE_RULES@, users
are now meant to include aminclude_static.am.

The new AX_CODE_COVERAGE is only in the latest autoconf-archive release,
version 2019.01.06, which is inconveniently new, so bundle everything
we need for the moment.

This requires us to stop using the deprecated CODE_COVERAGE_LDFLAGS
(which we still used to support older versions of autoconf-archive)
and replace them with CODE_COVERAGE_LIBS.

Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 2938c2125ebcd001e470aeac1ffac45b6b1ebe89)
Closes: dbus#265

5 years agokdbus: share fd and pool with libdbuspolicy 72/201472/6 accepted/tizen/unified/20190322.075523 submit/tizen/20190321.094448
Adrian Szyndela [Wed, 13 Mar 2019 15:39:26 +0000 (16:39 +0100)]
kdbus: share fd and pool with libdbuspolicy

This uses new functionality of libdbuspolicy: using client's pool and fd.
This way libdbuspolicy doesn't have to create its own connection,
and what is more important it doesn't have to create its own 1MB pool.
This is at the cost of using client's pool for receiving responses
to ioctl(KDBUS_CMD_GET_CONN_INFO), which are small.

Change-Id: I183a91196fead179a9fba22fa6418680305d3558

5 years agokdbus: add assert for non-NULL member 69/201669/2
Adrian Szyndela [Mon, 18 Mar 2019 14:05:19 +0000 (15:05 +0100)]
kdbus: add assert for non-NULL member

Trying to call an unnammed method on org.freedesktop.DBus is considered
a programming error.
This detects such errors.

Change-Id: Ic341df0eef0e7ef5ab8234aacc2c256c295327c3

5 years agokdbus: move dbuspolicy init to bus_register_kdbus 71/201471/2
Adrian Szyndela [Fri, 8 Mar 2019 11:33:02 +0000 (12:33 +0100)]
kdbus: move dbuspolicy init to bus_register_kdbus

This changes the moment of checking if user is allowed to connect to
the bus. Now, it reflects standard process a bit more.

The standard process is:
- open fd (e.g. socket);
- check authentication, if needed and possible;
- connect to the bus (say hello).

In kdbus, we have only:
- open kdbus fd;
- connect to the bus (ioctl KDBUS_CMD_HELLO).
Calling libdbuspolicy for authentication fits between the two.

Additionally, and most importantly, this is required to share
the connection between libdbus and libdbuspolicy in the future.

Change-Id: Id6fe1dbc1cdc6ec774316e13fe5d60d862949476

5 years agokdbus: Fix memory leakage in capture_org_freedesktop_DBus_StartServiceByName() 50/199750/3 accepted/tizen/unified/20190219.154258 submit/tizen/20190215.045528
sanghyeok.oh [Thu, 14 Feb 2019 11:04:56 +0000 (20:04 +0900)]
kdbus: Fix memory leakage in capture_org_freedesktop_DBus_StartServiceByName()

Change-Id: If4b04d0f287e199e809cdf183ce4ce779c0f4dd4
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
5 years agoDBusMessage: bugfix for wrong type specifier 14/199614/1 accepted/tizen/unified/20190214.154123 submit/tizen/20190213.080620
sanghyeok.oh [Wed, 13 Feb 2019 07:40:26 +0000 (16:40 +0900)]
DBusMessage: bugfix for wrong type specifier

Change-Id: I0743a3d67e3d6d58acc605ded013eedb6b0af9c5
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
5 years agodbus_message_iter_open_container: Don't leak signature on failure 22/199022/1 submit/tizen/20190211.015911
Simon McVittie [Tue, 4 Jul 2017 14:38:57 +0000 (15:38 +0100)]
dbus_message_iter_open_container: Don't leak signature on failure

If we run out of memory while calling _dbus_type_writer_recurse()
(which is impossible for most contained types, but can happen for
structs and dict-entries), then the memory we allocated in the call to
_dbus_message_iter_open_signature() will still be allocated, and we
have to free it in order to return to the state of the world prior to
calling open_container().

One might reasonably worry that this change can break callers that use
this (incorrect) pattern:

    if (!dbus_message_iter_open_container (outer, ..., inner))
      {
        dbus_message_iter_abandon_container (outer, inner);
        goto fail;
      }
    /* now we know inner is open, and we must close it later */

However, testing that pattern with _dbus_test_oom_handling()
demonstrates that it already dies with a DBusString assertion failure
even before this commit.

This is all concerningly fragile, and I think the next step should be
to zero out DBusMessageIter instances when they are invalidated, so
that a "double-free" is always detected.

Change-Id: I2ccd4b516c7714f64c4543dd8d2e5c99633733a5
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101568

5 years agodbus_message_append_args_valist: Don't leak memory on inappropriate type 21/199021/1
Simon McVittie [Tue, 4 Jul 2017 12:31:38 +0000 (13:31 +0100)]
dbus_message_append_args_valist: Don't leak memory on inappropriate type

Found by source code inspection while trying to debug an unrelated
leak.

Change-Id: I0726c57bb4b0ccdadee2263b14f9fe3fe4ebc99a
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101568

5 years agoDBusMessage: Fix UB (misaligned access) in call to _dbus_header_set_field_basic() 20/199020/1
Marc Mutz [Mon, 3 Oct 2016 20:19:45 +0000 (22:19 +0200)]
DBusMessage: Fix UB (misaligned access) in call to _dbus_header_set_field_basic()

The const void* 'value' pointer that is passed the address of a
uint32_t here eventually ends up in _dbus_marshal_write_basic(), which
casts it to a DBusBasicValue, a union type that has an alignment of
eight on 64-bit platforms and is therefore more-aligned than the
uint32.

The read of a value of a more-aligned type through a pointer to a less
-aligned type is undefined behaviour.

Fix by storing the uint32 in a DBusBasicValue and passing that instead.

Found by UBSan:

  dbus/dbus/dbus-marshal-basic.c:832:14: runtime error: member access within misaligned address 0x7fdb8dac3a04 for type 'const union DBusBasicValue', which requires 8 byte alignment
  0x7fdb8dac3a04: note: pointer points here
    4a 87 b5 71 01 00 00 00  40 7d 01 00 00 61 00 00  10 3b ac 8d db 7f 00 00  2c 2a 3e 94 db 7f 00 00
                ^
    #0 0x7fdb9444a2c3 in _dbus_marshal_write_basic dbus/dbus/dbus-marshal-basic.c:832
    #1 0x7fdb943d22fb in _dbus_type_writer_write_basic_no_typecode dbus/dbus/dbus-marshal-recursive.c:1605
    #2 0x7fdb943d64e9 in _dbus_type_writer_write_basic dbus/dbus/dbus-marshal-recursive.c:2327
    #3 0x7fdb943c52a6 in write_basic_field dbus/dbus/dbus-marshal-header.c:318
    #4 0x7fdb943c919e in _dbus_header_set_field_basic dbus/dbus/dbus-marshal-header.c:1321
    #5 0x7fdb943e1349 in dbus_message_set_reply_serial dbus/dbus/dbus-message.c:1173

Change-Id: I0149da4ebbead9b4b38c8c62af1ea892e24ec95e
Signed-off-by: Marc Mutz <marc@kdab.net>
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98035

5 years agodbus_message_iter_append_basic: Don't leak signature if appending fd fails 19/199019/1
Simon McVittie [Tue, 4 Jul 2017 13:13:15 +0000 (14:13 +0100)]
dbus_message_iter_append_basic: Don't leak signature if appending fd fails

Change-Id: I37ac4d243832476772ffbd822bbf4598e6f8f9a5
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101568

5 years agodbus-hash: Fix a potential shift by a negative integer 18/199018/1
Philip Withnall [Thu, 2 Feb 2017 10:14:55 +0000 (10:14 +0000)]
dbus-hash: Fix a potential shift by a negative integer

As a hash table becomes unbelievably large and full, the down_shift
tends towards 0. The overflow detection code in rebuild_table() does not
prevent down_shift becoming negative, which then causes undefined
behaviour in RANDOM_INDEX for int-keyed tables.

Note that this can only happen with approaching INT_MAX entries in the
hash table, at which point we’ve almost certainly hit OOM somewhere, so
this is vanishingly unlikely to happen. This is why I can’t add a test
for the bug.

As always, thanks to Coverity.

Coverity ID: 54682
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99641
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Change-Id: Iac3047fc0bff11b3d08c2938c0fda292bddb1466

5 years agoDisplay thread id in _dbus_verbose to be able to see threading issues. 17/199017/1
Ralf Habacker [Tue, 10 May 2016 14:51:25 +0000 (16:51 +0200)]
Display thread id in _dbus_verbose to be able to see threading issues.

Bug: https://bugs.freedesktop.org/show_bug.cgi?id=95191
Change-Id: I16b39c8c3123436d54655a67f9d00aa090933aba
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
5 years agotools: modify execute label of dbus-monitor 56/198756/1 accepted/tizen/unified/20190201.061340 submit/tizen/20190131.021840 submit/tizen/20190131.080207
sanghyeok.oh [Tue, 29 Jan 2019 07:13:19 +0000 (16:13 +0900)]
tools: modify execute label of dbus-monitor

Unable to read 'fd passing messages' due to permission.
Set execute label as "System"

Change-Id: I765081a58cc285951216fdb63f8cf9a5c68e39de
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
5 years agoconfigure.ac: Forbid AX_-prefixed patterns more selectively
Simon McVittie [Mon, 21 Jan 2019 14:28:24 +0000 (14:28 +0000)]
configure.ac: Forbid AX_-prefixed patterns more selectively

We want to make autoconf fail early and with a user-comprehensible
message if autoconf-archive isn't installed, rather than generating
a configure script with syntax errors, or a configure script that runs
successfully but doesn't do what we intended.

However, autoconf-archive doesn't actually guarantee not to use
AX_-prefixed shell variable names without m4_pattern_allow'ing them
(unlike Autoconf, Automake, Libtool and pkg-config, which explicitly use
m4_pattern_allow for variables with AC_, AM_, LT_ and PKG_ prefixes), so
it isn't safe to assume that they won't be used. In particular, recent
versions of AX_CHECK_GNU_MAKE appear to be using
$AX_CHECK_GNU_MAKE_HEADLINE as a shell variable.

Instead, specifically forbid the names of the finite list of macros
that we actually use.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Resolves: dbus#249
(cherry picked from commit ee09cc0acdc1c34e8ae999adf9922f3d0d66f407)

5 years agodbus-connection: Add _dbus_string_free to deallocate memory 23/197923/1 accepted/tizen/unified/20190128.061345 submit/tizen/20190117.090745 submit/tizen/20190121.055508
sanghyeok.oh [Thu, 17 Jan 2019 07:08:51 +0000 (16:08 +0900)]
dbus-connection: Add _dbus_string_free to deallocate memory

The string must eventually be freed with _dbus_string_free().

Change-Id: I4041940684dd1dc7099bf823b22fabc357f17901
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
5 years agoFix missing dbus_message_unref() in error reply path 15/197915/1
Shin-ichi MORITA [Sat, 17 Jun 2017 11:35:30 +0000 (20:35 +0900)]
Fix missing dbus_message_unref() in error reply path

The error message was leaked when blocking on a pending call after
the connection was disconnected.

Change-Id: Icc95bcef32b2fd1d2b4d4a7db3bdf2936579c52c
Reviewed-by: Philip Withnall <withnall@endlessm.com>
[smcv: re-word commit message]
Reviewed-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101481

5 years agodbus-connection: Remove a duplicate _dbus_list_clear() call 14/197914/1
Philip Withnall [Tue, 17 Jan 2017 08:35:07 +0000 (08:35 +0000)]
dbus-connection: Remove a duplicate _dbus_list_clear() call

This was doing no harm (clearing an already-cleared list is a no-op),
but it was also pointless.

Change-Id: I21b580f01439ef2113183a116f208bf91e09ac76
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99435

5 years agodbus-daemon: add send_destination_prefix support 68/194868/3 accepted/tizen/unified/20190110.060340 submit/tizen/20190109.021130
Adrian Szyndela [Wed, 28 Nov 2018 14:15:16 +0000 (15:15 +0100)]
dbus-daemon: add send_destination_prefix support

Change-Id: Iaa1eff400c045ec46465f248e8460c97bb183e5b

5 years agokdbus: fixed memory leak in process_connection_info_cmd() 84/196684/1 accepted/tizen/unified/20190105.054101 submit/tizen/20190104.021452
sanghyeok.oh [Thu, 3 Jan 2019 12:31:45 +0000 (21:31 +0900)]
kdbus: fixed memory leak in process_connection_info_cmd()

Change-Id: I67e577761e7596eac400bc8c35386f4c0cbf840a
Signed-off-by: sanghyeok.oh <sanghyeok.oh@samsung.com>
5 years agoStart working on dbus 1.12.14
Simon McVittie [Tue, 4 Dec 2018 17:26:06 +0000 (17:26 +0000)]
Start working on dbus 1.12.14

Signed-off-by: Simon McVittie <smcv@collabora.com>
5 years ago1.12.12 dbus-1.12.12
Simon McVittie [Tue, 4 Dec 2018 13:57:58 +0000 (13:57 +0000)]
1.12.12

Signed-off-by: Simon McVittie <smcv@collabora.com>
5 years agoCI: Start supporting Debian 10 'buster', currently under development
Simon McVittie [Mon, 3 Dec 2018 19:45:46 +0000 (19:45 +0000)]
CI: Start supporting Debian 10 'buster', currently under development

This gives us a way to build on a more recent host OS if we want to.
For Gitlab-CI it's disabled by default.

Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 28c27349e252e33215e21b570d41853badd770ef)

5 years agoCI: Exercise maintainer-only documentation build
Simon McVittie [Tue, 4 Dec 2018 11:25:21 +0000 (11:25 +0000)]
CI: Exercise maintainer-only documentation build

Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit bcc34caa43d8e5dba8266cf163d8a24e4fb55dce)

5 years agoCI: Stop building on Ubuntu 14.04 'trusty'
Simon McVittie [Mon, 3 Dec 2018 19:44:47 +0000 (19:44 +0000)]
CI: Stop building on Ubuntu 14.04 'trusty'

The version of gcc in trusty is too old for AddressSanitizer, which we
want to be able to start using, and Travis-CI finally supports Ubuntu
16.04 'xenial' now. This lets us remove some workarounds, but we need
to update others.

Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 0c553afcd9c79bc19ffdad67980f421def5d0613)

5 years agoci-build.sh: Show file size in list of files to be able to compare generated file...
Ralf Habacker [Mon, 19 Nov 2018 19:29:33 +0000 (20:29 +0100)]
ci-build.sh: Show file size in list of files to be able to compare generated file size

(cherry picked from commit bac2fd3aa458c7dfd002f7ec96a245d630c5830f)

5 years agoCI: Remove unimplemented --with-glib option
Simon McVittie [Tue, 4 Dec 2018 11:29:12 +0000 (11:29 +0000)]
CI: Remove unimplemented --with-glib option

dbus has never actually had this option.

Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit e0a1bfb26a9f72e8fe59af770d394a90810a7cea)

5 years agoCI: List attributes, sizes etc. of installed files, not just names
Simon McVittie [Tue, 4 Dec 2018 11:25:02 +0000 (11:25 +0000)]
CI: List attributes, sizes etc. of installed files, not just names

Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit d71049799a3f87de95151e00c667c05dd0b5386c)

5 years agodoc: Remove obsolete message about man2html
Simon McVittie [Tue, 4 Dec 2018 11:41:11 +0000 (11:41 +0000)]
doc: Remove obsolete message about man2html

We no longer run man2html.

Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit f134e2d2c7ae53965dfba0c85bf76ad38fb7fa4c)

5 years agoCONTRIBUTING.md: Update and rewrite
Simon McVittie [Tue, 16 Oct 2018 14:44:59 +0000 (15:44 +0100)]
CONTRIBUTING.md: Update and rewrite

This file hadn't kept up with reality, and needs updating for Gitlab.
Take the opportunity to rewrite it.

Much of the text, particularly about commit messages, was taken from
Wayland's contributing guide (thanks to Ander Conselvan de Oliveira,
Bryce Harrington, Eric Engestrom, Pekka Paalanen and Daniel Stone).

Signed-off-by: Simon McVittie <smcv@collabora.com>
5 years agoCONTRIBUTING: Reformat as Markdown
Simon McVittie [Tue, 16 Oct 2018 14:02:29 +0000 (15:02 +0100)]
CONTRIBUTING: Reformat as Markdown

Signed-off-by: Simon McVittie <smcv@collabora.com>
5 years agoCONTRIBUTING: Remove all trailing whitespace
Simon McVittie [Tue, 16 Oct 2018 14:01:04 +0000 (15:01 +0100)]
CONTRIBUTING: Remove all trailing whitespace

Signed-off-by: Simon McVittie <smcv@collabora.com>
5 years agoRename HACKING to CONTRIBUTING
Simon McVittie [Wed, 22 Aug 2018 16:48:34 +0000 (17:48 +0100)]
Rename HACKING to CONTRIBUTING

Signed-off-by: Simon McVittie <smcv@collabora.com>
5 years agoMerge "Revert "Add RequiresMountsFor=/opt to dbus.service"" into tizen accepted/tizen/unified/20181205.063348 submit/tizen/20181204.070128
Hyotaek Shim [Tue, 4 Dec 2018 04:14:22 +0000 (04:14 +0000)]
Merge "Revert "Add RequiresMountsFor=/opt to dbus.service"" into tizen

5 years agoNEWS: Refer to Gitlab
Simon McVittie [Mon, 3 Dec 2018 16:34:55 +0000 (16:34 +0000)]
NEWS: Refer to Gitlab

Signed-off-by: Simon McVittie <smcv@collabora.com>
5 years agoUpdate NEWS
Simon McVittie [Mon, 3 Dec 2018 16:31:07 +0000 (16:31 +0000)]
Update NEWS

Signed-off-by: Simon McVittie <smcv@collabora.com>
5 years agoactivation: Don't leak if delivering activation message is forbidden
Simon McVittie [Fri, 17 Aug 2018 14:42:17 +0000 (15:42 +0100)]
activation: Don't leak if delivering activation message is forbidden

This is technically a denial of service because the dbus-daemon will
run out of memory eventually, but it's a very slow and noisy one,
because all the rejected messages are also very likely to have
been logged to the system log.

Detected by AddressSanitizer.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Resolves: https://gitlab.freedesktop.org/dbus/dbus/issues/234
Reviewed-by: pwithnall
5 years agospec: fixed compilation options to reduce warnings 50/194150/1
Adrian Szyndela [Thu, 29 Nov 2018 09:23:44 +0000 (10:23 +0100)]
spec: fixed compilation options to reduce warnings

If -mimplicit-it option is set to thumb while compiling to ARM,
then it shows lots of:
Warning: conditional outside an IT block for Thumb.

This commit removes -mimplicit-it from the compilation options on ARM32 arch.

Change-Id: I6eea9ef65e61b8ec7afa16035d4a14d6d7f870e4

5 years agoRevert "Add RequiresMountsFor=/opt to dbus.service" 75/193975/1
Hyotaek Shim [Wed, 28 Nov 2018 04:54:15 +0000 (04:54 +0000)]
Revert "Add RequiresMountsFor=/opt to dbus.service"

This reverts commit 1c9ed8666fcbae5076022fdf6d0f177d7e464ce4.

Change-Id: Ic15fcd3ace518c180910f43cc18b40c6de478d92

5 years agoUpdate NEWS
Simon McVittie [Fri, 16 Nov 2018 15:09:39 +0000 (15:09 +0000)]
Update NEWS

Signed-off-by: Simon McVittie <smcv@collabora.com>
5 years agodbus-daemon test: Allow much longer for pending fd timeout
Simon McVittie [Tue, 23 Oct 2018 10:43:23 +0000 (11:43 +0100)]
dbus-daemon test: Allow much longer for pending fd timeout

The timeout we're using here is 0.5s (500ms), but the actual time taken
is unbounded, because the OS scheduler might not schedule our process
for an arbitrary length of time after we become runnable.

We previously allowed up to 1 second, but in the CI jobs for dbus!9
and dbus!18 we've seen this take up to 3.4 seconds (presumably
because other tests, or other jobs running on the same shared
infrastructure, starved this process). Allow up to 10 seconds to guard
against spurious failures.

The timeout used in the production system.conf is 150 seconds (2½
minutes), and we're only using the shorter 500ms timeout here to make
the test complete more quickly, so ±10 seconds is relatively
insignificant: the main thing is that it's finite.

Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 20e6eb7cd1f9c2ad941bd62c8f1f71712377a96e)

5 years agobuild: Never use poll() on Darwin family (macOS, etc.) or Interix
Simon McVittie [Mon, 22 Oct 2018 10:45:45 +0000 (11:45 +0100)]
build: Never use poll() on Darwin family (macOS, etc.) or Interix

Doing a runtime check in configure.ac (AC_RUN_IFELSE) has several
disadvantages:

* It doesn't work when cross-compiling. For example, if we build macOS
  binaries on a Linux system, we'd assume that poll() works, but in
  fact it won't.

* It checks the build system capabilities, but that is not necessarily
  appropriate if (for example) a macOS 10.10 user builds binaries that
  could be used by macOS 10.12 or macOS 10.9 users.

* It checks for one specific failure mode, but macOS seems to have a
  history of various implementation issues in poll().

* If we want it to work in CMake, we have to duplicate it in the CMake
  build system.

None of these is a showstopper on its own, but the combination of all
of them makes the current approach to avoiding the broken poll() on
macOS look unreliable. libcurl, a widely-portable library making
extensive use of sockets, specifically doesn't use poll() on Darwin
(macOS, iOS, etc.) or on Interix; let's follow their example here.

See also https://bugzilla.gnome.org/show_bug.cgi?id=302672 and
https://daniel.haxx.se/blog/2016/10/11/poll-on-mac-10-12-is-broken/
for some relevant history.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Resolves: https://gitlab.freedesktop.org/dbus/dbus/issues/232
(cherry picked from commit 0414ea65ca8196e328da09c3a2324d7765fba8c4)

5 years agoDo not auto-activate services if we could not send a message 07/193007/2 accepted/tizen/unified/20181115.151616 submit/tizen/20181115.015729
Simon McVittie [Mon, 21 Nov 2016 20:56:55 +0000 (20:56 +0000)]
Do not auto-activate services if we could not send a message

We specifically do not check recipient policies, because
the recipient policy is based on properties of the
recipient process (in particular, its uid), which we do
not necessarily know until we have already started it.

In this initial implementation we do not check LSMs either,
because we cannot know what LSM context the recipient process
is going to have. However, LSM support will need to be added
to make this feature useful, because StartServiceByName is
normally allowed in non-LSM environments, and is more
powerful than auto-activation anyway.

The StartServiceByName method does not go through this check,
because if access to that method has been granted, then
it's somewhat obvious that you can start arbitrary services.

Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98666

Change-Id: I53ff4f6d02e631fcd09bf1c5c306b8828f075963

5 years agoAdd tests for activation when message send/receive is denied 06/193006/2
Simon McVittie [Fri, 16 Oct 2015 16:33:36 +0000 (17:33 +0100)]
Add tests for activation when message send/receive is denied

Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=98666

Change-Id: I7339c1a6de69a751cbe0b9047c980c4aea53750b

5 years agodbus-daemon: prepare activation for async security checks 05/193005/2
Adrian Szyndela [Wed, 7 Nov 2018 10:26:11 +0000 (11:26 +0100)]
dbus-daemon: prepare activation for async security checks

This commit prepares activation function (bus_activation_acivate_service())
for returning BUS_RESULT_LATER from security check introduced
in next commits.

Change-Id: I5b37d06fc5f7e563d52ed7207b5e416bedd666e6

6 years agoRemove kdbus interface header 47/192447/1 accepted/tizen/unified/20181107.082204 submit/tizen/20181106.112838
Michal Bloch [Mon, 5 Nov 2018 15:18:55 +0000 (16:18 +0100)]
Remove kdbus interface header

kdbus.h is now provided with other linux kernel headers.

Change-Id: Ida7d06aa1f27d88040f949fffd73f0d6cfd5f244
Signed-off-by: Michal Bloch <m.bloch@samsung.com>
6 years agoUpdate NEWS
Simon McVittie [Fri, 5 Oct 2018 11:29:56 +0000 (12:29 +0100)]
Update NEWS

6 years agoci: Use a separate ccache for each CI job
Simon McVittie [Thu, 4 Oct 2018 17:41:29 +0000 (18:41 +0100)]
ci: Use a separate ccache for each CI job

This should avoid them overwriting each other.

Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit e3fb085886d26aa84a0ce1bfe441244206c87e6f)

6 years agoci: Mark many Gitlab jobs to be run manually
Simon McVittie [Thu, 4 Oct 2018 16:26:42 +0000 (17:26 +0100)]
ci: Mark many Gitlab jobs to be run manually

freedesktop.org Gitlab doesn't currently have enough test runners
available to run all of this every time. For higher-risk changes
(for example those that change the build system) we can run the
complete set through the web UI.

Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit a2f416c2896062755c285f2d1fe4a2dc03455aa1)

6 years agoci: Reshuffle mingw jobs so we test different combinations
Simon McVittie [Thu, 4 Oct 2018 16:04:41 +0000 (17:04 +0100)]
ci: Reshuffle mingw jobs so we test different combinations

We test the combinations that we don't test on Travis-CI.

Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit a6d926b805a1a38567a70490b3e8d7d6c932d1f5)

6 years agoci: Use ccache to speed up repeated builds
Simon McVittie [Thu, 4 Oct 2018 09:50:37 +0000 (10:50 +0100)]
ci: Use ccache to speed up repeated builds

Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit d0728fd06e5a2302e7596e3df56b68b0a0834fd7)

6 years agoci: Add Gitlab-CI configuration
Simon McVittie [Wed, 3 Oct 2018 16:25:43 +0000 (17:25 +0100)]
ci: Add Gitlab-CI configuration

This uses the same shell scripts as Travis-CI, with slightly different
settings. We use Docker containers for all our Gitlab-CI runs, so take
the opportunity to use Debian 9 'stretch' as our baseline, and
relegate Ubuntu 14.04 'trusty' to to a secondary build.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=108177
Acked-by: Philip Withnall <withnall@endlessm.com>
(cherry picked from commit 60933c09e9e891f74f0102fabe22d29a1a7ae5c5)

6 years agoci: Explicitly install cmake
Simon McVittie [Wed, 3 Oct 2018 16:51:35 +0000 (17:51 +0100)]
ci: Explicitly install cmake

Travis-CI workers have cmake preinstalled, but Gitlab-CI Docker images
typically don't.

Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=108177
Acked-by: Philip Withnall <withnall@endlessm.com>
(cherry picked from commit 907832e00849ca454322052981dbb122ea537506)

6 years agoci: Teach ci-install.sh to install wine on Debian 9 'stretch'
Simon McVittie [Wed, 3 Oct 2018 16:51:49 +0000 (17:51 +0100)]
ci: Teach ci-install.sh to install wine on Debian 9 'stretch'

Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=108177
Acked-by: Philip Withnall <withnall@endlessm.com>
(cherry picked from commit 408b222a9fc61327cd7be385b6705f30f0c38802)

6 years agotravis-ci: Add cross building support for mingw 64 bit compiler
Ralf Habacker [Wed, 21 Mar 2018 10:48:52 +0000 (11:48 +0100)]
travis-ci: Add cross building support for mingw 64 bit compiler

Signed-off-by: Ralf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105662
(cherry picked from commit d22e7901b555a0bfb5e06fb2463d839a276c7482)

6 years agosysdeps-win: Print word-size-dependent offset correctly
Ralf Habacker [Thu, 22 Mar 2018 14:05:48 +0000 (15:05 +0100)]
sysdeps-win: Print word-size-dependent offset correctly

AddrPC.Offset is the same size as a pointer, but previously
we printed it as though it was the same size as a long,
which is 32 bits on 64-bit Windows.

Reviewed-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105662
(cherry picked from commit 577813cf3a89df804efa6d85a1c5415ba12806ec)

6 years agodbus-transport-socket: Correctly print DBusSocket with DBUS_SOCKET_FORMAT
Ralf Habacker [Wed, 21 Mar 2018 18:29:44 +0000 (19:29 +0100)]
dbus-transport-socket: Correctly print DBusSocket with DBUS_SOCKET_FORMAT

Previously, on 64-bit Windows we were passing a 32-bit int where the
format string expects a 64-bit SOCKET.

Reviewed-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=105662
(cherry picked from commit 18d4ff664491c17664b9f88c06d9338cd3750120)

6 years agoRemove build warnings 53/189353/3 accepted/tizen/5.0/unified/20181102.025209 accepted/tizen/unified/20180919.061631 submit/tizen/20180918.043057 submit/tizen_5.0/20181101.000006
pr.jung [Mon, 17 Sep 2018 07:09:50 +0000 (16:09 +0900)]
Remove build warnings

Change-Id: Ia1676731696d446a3511efb700dd89c1a1100b08
Signed-off-by: pr.jung <pr.jung@samsung.com>
6 years agoSet the smack label of executable binary tools 90/188490/2 accepted/tizen/unified/20180906.144209 submit/tizen/20180906.020620
Hyotaek Shim [Wed, 5 Sep 2018 09:20:00 +0000 (18:20 +0900)]
Set the smack label of executable binary tools

Apps (3rd party and even in-house Apps) are not permitted to run dbus tools directly.
User System::Tools rx
User::Shell System::Tools rx
System::TEF System::Tools rx
System::Privileged System::Tools rx
System System::Tools rx

Change-Id: Ica6d587d2516da8241590f3cf090a91ed8d3ff75
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
6 years agoUpdate NEWS
Simon McVittie [Thu, 30 Aug 2018 16:35:36 +0000 (17:35 +0100)]
Update NEWS