From b299a226b33e46338a7d3a5d7ab710075446bd80 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 30 Oct 2017 14:49:59 +0000 Subject: [PATCH 01/14] Bump version for 1.12.x branch Signed-off-by: Simon McVittie --- NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index de8c304c..998e4c33 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,8 @@ +dbus 1.12.1 (UNRELEASED) +======================== + +... + dbus 1.12.0 (2017-10-30) ======================== diff --git a/configure.ac b/configure.ac index 43918344..440e4e79 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [12]) -m4_define([dbus_micro_version], [0]) +m4_define([dbus_micro_version], [1]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) From c416bb37dde948e65aae29e92149c0da546e6d22 Mon Sep 17 00:00:00 2001 From: ilovezfs Date: Tue, 31 Oct 2017 11:36:05 +0000 Subject: [PATCH 02/14] build: Use $(MKDIR_P) syntax suitable for install-sh This fixes the build when a GNU-compatible `mkdir -p` is not available. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103521 [smcv: Add commit message] Reviewed-by: Simon McVittie (cherry picked from commit c7d8b723eb53848f9a86f36d640ea5f564d34590) --- test/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/Makefile.am b/test/Makefile.am index bb64e453..bc5bc185 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -543,7 +543,7 @@ EXTRA_DIST += $(static_data) ## copy tests to builddir so that generated tests and static tests ## are all in one place. all-local: copy-config-local uninstalled-config-local - $(AM_V_at)$(MKDIR_P) -m700 XDG_RUNTIME_DIR + $(AM_V_at)$(MKDIR_P) -m 700 XDG_RUNTIME_DIR copy-config-local: $(AM_V_at)$(MKDIR_P) data/valid-config-files/session.d From d6eb0039c11055099f50022031c06264909360c6 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Tue, 31 Oct 2017 11:40:29 +0000 Subject: [PATCH 03/14] Update NEWS Signed-off-by: Simon McVittie --- NEWS | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/NEWS b/NEWS index 998e4c33..683154c1 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,11 @@ dbus 1.12.1 (UNRELEASED) ... +Fixes: + +• Make use of $(MKDIR_P) compatible with install-sh, fixing build when a + GNU-compatible `mkdir -p` is not available (fd.o #103521, ilovezfs) + dbus 1.12.0 (2017-10-30) ======================== From 47d2e5a34536b97f174d337f4b06aa437a1dcf1f Mon Sep 17 00:00:00 2001 From: Tony Theodore Date: Tue, 31 Oct 2017 13:02:37 +0000 Subject: [PATCH 04/14] build: Avoid using `echo -e` `echo -e` is a GNU extension, and in particular not available on Darwin. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103493 [smcv: Added commit message] Reviewed-by: Simon McVittie (cherry picked from commit 216ae1adfcf9ce9274019b3c29b8f1245c26dec1) --- tools/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/Makefile.am b/tools/Makefile.am index 25092011..cfce4348 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -123,7 +123,7 @@ SUFFIXES = .rc nodist_dbus_update_activation_environment_SOURCES = disable-uac.rc disable-uac.rc: Win32.Manifest - echo -e "1 24 \"$<\"" > $@ + echo '1 24 "$<"' > $@ endif EXTRA_DIST = run-with-tmp-session-bus.sh strtoll.c strtoull.c Win32.Manifest From b5d1585b0f9c301ee11336a47396fcd6e539e8eb Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Tue, 31 Oct 2017 13:06:48 +0000 Subject: [PATCH 05/14] Update NEWS Signed-off-by: Simon McVittie --- NEWS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/NEWS b/NEWS index 683154c1..e10315dd 100644 --- a/NEWS +++ b/NEWS @@ -8,6 +8,10 @@ Fixes: • Make use of $(MKDIR_P) compatible with install-sh, fixing build when a GNU-compatible `mkdir -p` is not available (fd.o #103521, ilovezfs) +• When building for Windows with Autotools, avoid `echo -e`, fixing + cross-compilation on non-GNU platforms like macOS + (fd.o #103493, Tony Theodore) + dbus 1.12.0 (2017-10-30) ======================== From 208af9a447f3960db08083e1127d7389bdb711f2 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 6 Nov 2017 19:09:51 +0000 Subject: [PATCH 06/14] do_check_nonce: Don't free uninitialized memory on OOM If _dbus_string_init() fails, it doesn't guarantee that the string is initialized to anything in particular. Worse, if _dbus_string_init (&buffer) fails, p would never have been initialized at all, due to the use of the short-circuiting || operator. Signed-off-by: Simon McVittie Reviewed-by: Philip Withnall Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103597 (cherry picked from commit 0ea0e4b0fddd1109835b8b9f7a8319d59c8d9303) --- dbus/dbus-nonce.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/dbus/dbus-nonce.c b/dbus/dbus-nonce.c index bc3286cc..49f87369 100644 --- a/dbus/dbus-nonce.c +++ b/dbus/dbus-nonce.c @@ -43,6 +43,20 @@ do_check_nonce (DBusSocket fd, const DBusString *nonce, DBusError *error) nleft = 16; + /* This is a trick to make it safe to call _dbus_string_free on these + * strings during error unwinding, even if allocating memory for them + * fails. A constant DBusString is considered to be valid to "free", + * even though there is nothing to free (of course the free operation + * is trivial, because it does not own its own buffer); but + * unlike a mutable DBusString, initializing a constant DBusString + * cannot fail. + * + * We must successfully re-initialize the strings to be mutable before + * writing to them, of course. + */ + _dbus_string_init_const (&buffer, ""); + _dbus_string_init_const (&p, ""); + if ( !_dbus_string_init (&buffer) || !_dbus_string_init (&p) ) { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); From d0008916245a74402272e7f490343acb579a7bbf Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 6 Nov 2017 19:10:42 +0000 Subject: [PATCH 07/14] do_noncefile_create: Avoid freeing uninitialized memory on error We could free all of these without having ever successfully initialized them. Signed-off-by: Simon McVittie Reviewed-by: Philip Withnall Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103597 (cherry picked from commit 6d08f5c04e601f16ef4ee2126a90c924b7e26df0) --- dbus/dbus-nonce.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/dbus/dbus-nonce.c b/dbus/dbus-nonce.c index 49f87369..7f3118cd 100644 --- a/dbus/dbus-nonce.c +++ b/dbus/dbus-nonce.c @@ -280,6 +280,12 @@ do_noncefile_create (DBusNonceFile *noncefile, _dbus_assert (noncefile); + /* Make it valid to "free" these even if _dbus_string_init() runs + * out of memory: see comment in do_check_nonce() */ + _dbus_string_init_const (&randomStr, ""); + _dbus_string_init_const (&noncefile->dir, ""); + _dbus_string_init_const (&noncefile->path, ""); + if (!_dbus_string_init (&randomStr)) { dbus_set_error (error, DBUS_ERROR_NO_MEMORY, NULL); From a208e0242177ea2d0a57591d8abbc6367b672d9a Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 6 Nov 2017 19:11:32 +0000 Subject: [PATCH 08/14] _dbus_accept_with_noncefile: Don't leak nonce This was always leaked, both on success and on error. Signed-off-by: Simon McVittie Reviewed-by: Philip Withnall Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103597 (cherry picked from commit 37d5af203c0fc22c9ae746b2ae4781ff648a792f) --- dbus/dbus-nonce.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/dbus/dbus-nonce.c b/dbus/dbus-nonce.c index 7f3118cd..eab23f64 100644 --- a/dbus/dbus-nonce.c +++ b/dbus/dbus-nonce.c @@ -165,24 +165,36 @@ _dbus_read_nonce (const DBusString *fname, DBusString *nonce, DBusError* error) DBusSocket _dbus_accept_with_noncefile (DBusSocket listen_fd, const DBusNonceFile *noncefile) { - DBusSocket fd; + DBusSocket fd = _dbus_socket_get_invalid (); DBusString nonce; _dbus_assert (noncefile != NULL); + + /* Make it valid to "free" this even if _dbus_string_init() runs + * out of memory: see comment in do_check_nonce() */ + _dbus_string_init_const (&nonce, ""); + if (!_dbus_string_init (&nonce)) - return _dbus_socket_get_invalid (); + goto out; + //PENDING(kdab): set better errors if (_dbus_read_nonce (_dbus_noncefile_get_path(noncefile), &nonce, NULL) != TRUE) - return _dbus_socket_get_invalid (); + goto out; + fd = _dbus_accept (listen_fd); + if (!_dbus_socket_is_valid (fd)) - return fd; + goto out; + if (do_check_nonce(fd, &nonce, NULL) != TRUE) { _dbus_verbose ("nonce check failed. Closing socket.\n"); _dbus_close_socket(fd, NULL); - return _dbus_socket_get_invalid (); + _dbus_socket_invalidate (&fd); + goto out; } +out: + _dbus_string_free (&nonce); return fd; } From b672a683becb6fd2b74821c766f656e723be72fa Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Tue, 25 Jul 2017 12:43:01 +0100 Subject: [PATCH 09/14] travis-ci: Enable/disable more features in various builds In the debug build, enable features that are off by default. In the reduced build, explicitly disable features, some of which are on by default. In the legacy build, check that we can compile the default feature-set without inotify, dnotify, systemd, etc. Reviewed-by: Philip Withnall [smcv: Rebase onto 1.13.x branch, fix minor conflicts] Signed-off-by: Simon McVittie Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101354 (cherry picked from commit 3c031ef5aa1f7f53c6344781cb38b78abe44dc96) --- tools/ci-build.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tools/ci-build.sh b/tools/ci-build.sh index 71529662..d0938ee2 100755 --- a/tools/ci-build.sh +++ b/tools/ci-build.sh @@ -125,6 +125,10 @@ case "$ci_buildsys" in # Full developer/debug build. set _ "$@" set "$@" --enable-developer --enable-tests + # Enable optional features that are off by default + if [ "$ci_host" != mingw ]; then + set "$@" --enable-user-session + fi shift # The test coverage for OOM-safety is too # verbose to be useful on travis-ci. @@ -147,6 +151,10 @@ case "$ci_buildsys" in set "$@" --disable-launchd --disable-systemd # No libaudit or valgrind set "$@" --disable-libaudit --without-valgrind + # Disable optional features, some of which are on by + # default + set "$@" --disable-stats + set "$@" --disable-user-session shift ;; @@ -178,6 +186,8 @@ case "$ci_buildsys" in # Re-enable the deprecated pam_console support to make # sure it still builds set "$@" --with-console-auth-dir=/var/run/console + # Leave stats, user-session, etc. at default settings + # to check that the defaults can compile on an old OS shift ;; From 35238ed567a2f4328e9a5fa00985abf58f6a9000 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Fri, 10 Nov 2017 16:20:02 +0000 Subject: [PATCH 10/14] Update NEWS for 1.12.x Signed-off-by: Simon McVittie --- NEWS | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index e10315dd..2311967d 100644 --- a/NEWS +++ b/NEWS @@ -1,4 +1,4 @@ -dbus 1.12.1 (UNRELEASED) +dbus 1.12.2 (UNRELEASED) ======================== ... @@ -12,6 +12,16 @@ Fixes: cross-compilation on non-GNU platforms like macOS (fd.o #103493, Tony Theodore) +• Fix crashes in the server side of the nonce-tcp: transport under + various error conditions. This transport should normally only be used + on Windows, where AF_UNIX sockets are unavailable; the unix: transport + is the only one recommended for production use on Unix platforms. + (fd.o #103597, Simon McVittie) + +Internal changes: + +• Improve test coverage on Travis-CI (Simon McVittie) + dbus 1.12.0 (2017-10-30) ======================== From 1a29dc8544c6e5704f341203a5db47de54eaa17d Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 6 Nov 2017 16:16:31 +0000 Subject: [PATCH 11/14] bus_connections_setup_connection: If we can't set it up, log why While reviewing fd.o#101354, Philip Withnall pointed out that if we rejected a connection in the new code there, we didn't log why. It turns out we didn't log that in the more normal code path either. Redo the error handling so that failure to set up a connection is logged. Signed-off-by: Simon McVittie Reviewed-by: Philip Withnall Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103592 (cherry picked from commit 56847ae818e8c144b9c7a8102efd1c926ead2f62) --- bus/bus.c | 3 +-- bus/connection.c | 58 +++++++++++++++++++++++------------------------- 2 files changed, 29 insertions(+), 32 deletions(-) diff --git a/bus/bus.c b/bus/bus.c index 27a13ec9..f0f07f6c 100644 --- a/bus/bus.c +++ b/bus/bus.c @@ -172,10 +172,9 @@ new_connection_callback (DBusServer *server, { BusContext *context = data; + /* If this fails it logs a warning, so we don't need to do that */ if (!bus_connections_setup_connection (context->connections, new_connection)) { - _dbus_verbose ("No memory to setup new connection\n"); - /* if we don't do this, it will get unref'd without * being disconnected... kind of strange really * that we have to do this, people won't get it right diff --git a/bus/connection.c b/bus/connection.c index 3fc62c78..53605fa3 100644 --- a/bus/connection.c +++ b/bus/connection.c @@ -725,15 +725,13 @@ bus_connections_setup_connection (BusConnections *connections, DBusConnection *connection) { - BusConnectionData *d; - dbus_bool_t retval; + BusConnectionData *d = NULL; DBusError error; - d = dbus_new0 (BusConnectionData, 1); if (d == NULL) - return FALSE; + goto oom; d->connections = connections; d->connection = connection; @@ -747,39 +745,35 @@ bus_connections_setup_connection (BusConnections *connections, connection_data_slot, d, free_connection_data)) { + /* We have to free d explicitly, because this is the only code + * path where it's non-NULL but dbus_connection_set_data() hasn't + * taken responsibility for freeing it. */ dbus_free (d); - return FALSE; + d = NULL; + goto oom; } dbus_connection_set_route_peer_messages (connection, TRUE); - - retval = FALSE; dbus_error_init (&error); d->selinux_id = bus_selinux_init_connection_id (connection, &error); if (dbus_error_is_set (&error)) { - /* This is a bit bogus because we pretend all errors - * are OOM; this is done because we know that in bus.c - * an OOM error disconnects the connection, which is - * the same thing we want on any other error. - */ + bus_context_log (connections->context, DBUS_SYSTEM_LOG_WARNING, + "Unable to set up new connection: %s", error.message); dbus_error_free (&error); - goto out; + goto error; } d->apparmor_confinement = bus_apparmor_init_connection_confinement (connection, &error); if (dbus_error_is_set (&error)) { - /* This is a bit bogus because we pretend all errors - * are OOM; this is done because we know that in bus.c - * an OOM error disconnects the connection, which is - * the same thing we want on any other error. - */ + bus_context_log (connections->context, DBUS_SYSTEM_LOG_WARNING, + "Unable to set up new connection: %s", error.message); dbus_error_free (&error); - goto out; + goto error; } if (!dbus_connection_set_watch_functions (connection, @@ -788,14 +782,14 @@ bus_connections_setup_connection (BusConnections *connections, toggle_connection_watch, connection, NULL)) - goto out; + goto oom; if (!dbus_connection_set_timeout_functions (connection, add_connection_timeout, remove_connection_timeout, NULL, connection, NULL)) - goto out; + goto oom; /* For now we don't need to set a Windows user function because * there are no policies in the config file controlling what @@ -813,18 +807,18 @@ bus_connections_setup_connection (BusConnections *connections, d->link_in_connection_list = _dbus_list_alloc_link (connection); if (d->link_in_connection_list == NULL) - goto out; + goto oom; /* Setup the connection with the dispatcher */ if (!bus_dispatch_add_connection (connection)) - goto out; + goto oom; if (dbus_connection_get_dispatch_status (connection) != DBUS_DISPATCH_COMPLETE) { if (!_dbus_loop_queue_dispatch (bus_context_get_loop (connections->context), connection)) { bus_dispatch_remove_connection (connection); - goto out; + goto oom; } } @@ -833,12 +827,12 @@ bus_connections_setup_connection (BusConnections *connections, pending_unix_fds_timeout_cb, connection, NULL); if (d->pending_unix_fds_timeout == NULL) - goto out; + goto oom; _dbus_timeout_disable (d->pending_unix_fds_timeout); if (!_dbus_loop_add_timeout (bus_context_get_loop (connections->context), d->pending_unix_fds_timeout)) - goto out; + goto oom; _dbus_connection_set_pending_fds_function (connection, (DBusPendingFdsChangeFunction) check_pending_fds_cb, @@ -861,10 +855,14 @@ bus_connections_setup_connection (BusConnections *connections, * stop accept()ing any more, to avert a DoS. See fd.o #80919 */ bus_context_check_all_watches (d->connections->context); - retval = TRUE; + return TRUE; - out: - if (!retval) +oom: + bus_context_log (connections->context, DBUS_SYSTEM_LOG_WARNING, + "No memory to set up new connection"); + /* fall through */ +error: + if (d != NULL) { d->selinux_id = NULL; @@ -916,7 +914,7 @@ bus_connections_setup_connection (BusConnections *connections, /* "d" has now been freed */ } - return retval; + return FALSE; } void From 06c105545fcb59ff33bfd1c67d0ca4079ab5778c Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Fri, 10 Nov 2017 16:24:59 +0000 Subject: [PATCH 12/14] Update NEWS for 1.12.x Signed-off-by: Simon McVittie --- NEWS | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/NEWS b/NEWS index 2311967d..c47f6525 100644 --- a/NEWS +++ b/NEWS @@ -3,6 +3,12 @@ dbus 1.12.2 (UNRELEASED) ... +Enhancements: + +• Log a warning if a new connection cannot be accepted due to an + out-of-memory condition or failure to identify its AppArmor or + SELinux context (fd.o #103592, Simon McVittie) + Fixes: • Make use of $(MKDIR_P) compatible with install-sh, fixing build when a From 0f0968336b9711349023e1d41f075b2bccf7c20b Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 13 Nov 2017 13:35:55 +0000 Subject: [PATCH 13/14] 1.12.2 Signed-off-by: Simon McVittie --- NEWS | 4 ++-- configure.ac | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index c47f6525..bf672fff 100644 --- a/NEWS +++ b/NEWS @@ -1,7 +1,7 @@ -dbus 1.12.2 (UNRELEASED) +dbus 1.12.2 (2017-11-13) ======================== -... +The “spider pumpkin” release. Enhancements: diff --git a/configure.ac b/configure.ac index 440e4e79..9d254d75 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [12]) -m4_define([dbus_micro_version], [1]) +m4_define([dbus_micro_version], [2]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus]) @@ -42,7 +42,7 @@ LT_CURRENT=22 ## increment any time the source changes; set to ## 0 if you increment CURRENT -LT_REVISION=3 +LT_REVISION=4 ## increment if any interfaces have been added; set to 0 ## if any interfaces have been changed or removed. removal has From 7f92c3cfcf70ad6546c1e3423702907569e3f776 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 13 Nov 2017 17:11:27 +0000 Subject: [PATCH 14/14] Start 1.12.4 Signed-off-by: Simon McVittie --- NEWS | 5 +++++ configure.ac | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index bf672fff..abdfe38c 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,8 @@ +dbus 1.12.4 (UNRELEASED) +======================== + +... + dbus 1.12.2 (2017-11-13) ======================== diff --git a/configure.ac b/configure.ac index 9d254d75..aebf3a5c 100644 --- a/configure.ac +++ b/configure.ac @@ -3,7 +3,7 @@ AC_PREREQ([2.63]) m4_define([dbus_major_version], [1]) m4_define([dbus_minor_version], [12]) -m4_define([dbus_micro_version], [2]) +m4_define([dbus_micro_version], [3]) m4_define([dbus_version], [dbus_major_version.dbus_minor_version.dbus_micro_version]) AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus])