Similar to #256, NSS plugins might open file descriptors the first time
they look up a system group, and leave them open. To avoid detecting
this as a leak, do one group lookup (which we expect to fail) before
starting testing, so that the fd is already open the first time we
call _dbus_check_fdleaks_enter(), and therefore is not considered to
have been leaked in _dbus_check_fdleaks_leave().
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/540
Signed-off-by: Simon McVittie <smcv@collabora.com>
This is a placeholder for the first release in the 1.17.x branch, which
is not yet ready, but is intended to be labelled as 1.17.0-alpha when
it is released.
Helps: dbus#530
Signed-off-by: Simon McVittie <smcv@collabora.com>
Some distributions are known to have shipped dbus 1.15.x as though it
was a stable release, and it isn't clear whether they knew that we use
the odd/even versioning convention like GLib does.
If we add a -alpha, -beta, -rc suffix to development versions starting
from 1.17.0, then distros that know we use odd/even versioning will
know that our development versions are not a stable-branch, and so will
distros that mistakenly think we use the "semantic versioning"
versioning convention popularized by <https://semver.org/>.
(We intentionally do not use semver, because semver would require us to
ship a new minor version every time we add new API, and we do not have
the resources to provide security support for an unlimited number of
minor versions in parallel: we need to be able to nominate a subset of
our releases as having longer-term security support, in a way that signals
to distros that these are the releases they should prefer to ship.)
CMake's `project()` doesn't allow this version number format[1], but
we intend to use version numbers where the (major, minor, micro) tuple
is enough to uniquely identify a release, so we can just tell CMake our
version number without the suffix and there will be no ambiguity.
Similarly, the dash is not allowed in GNU ld version scripts, so use
the form of the version number without the suffix there.
[1] https://gitlab.kitware.com/cmake/cmake/-/issues/16716
Helps: dbus#530
Signed-off-by: Simon McVittie <smcv@collabora.com>
If we set the countdown to simulating a failed allocation to
_DBUS_INT_MAX, then it will decrement every time we allocate memory,
eventually reaching 0 and triggering a simulated malloc failure.
In practice this does not happen during unit testing, because all of
our tests are (intentionally!) short enough that this can't happen,
but it can happen if a build of dbus with embedded tests enabled is
used for the "real" dbus-daemon or a "real" D-Bus service, either
during debugging or unintentionally, as noted on dbus/dbus!493.
We cannot simply special-case `_DBUS_INT_MAX` to never be decremented,
because _dbus_test_oom_handling() relies on the counter being
decremented even while we are not simulating malloc failure, as a way
to count the number of allocations as an upper bound for how long to
set the countdown during subsequent test runs.
Instead, reserve all negative numbers to represent the absence of
malloc failure simulation, while still being able to count allocations
by comparing two different negative numbers.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/535
Signed-off-by: Simon McVittie <smcv@collabora.com>
Previously, the CMake build enabled tests by default, and enabled both
modular and intrusive (embedded) tests with a single option. This is
a really bad idea if anyone is using CMake-built binaries in production.
DBUS_BUILD_TESTS now enables only the modular tests, which are safe to
enable in production builds.
A new DBUS_ENABLE_INTRUSIVE_TESTS option enables the intrusive test
instrumentation.
To preserve existing test coverage, explicitly enable the intrusive
tests in most CMake-based Gitlab-CI jobs (Debian native, openSUSE native,
Windows).
In jobs that have a mirrored pair of production/debug builds (openSUSE
and Debian mingw32/mingw64 cmake), instead we leave the production
build as-is and only build full test coverage in the debug build.
Co-authored-by: Philip Withnall <philip@tecnocode.co.uk>
Signed-off-by: Simon McVittie <smcv@collabora.com>
This hopefully helps to get across the point that enabling these tests
adds instrumentation to libdbus and dbus-daemon, with a potentially
significant impact on code size, performance and security.
To avoid a huge diffstat which would be difficult to review, the cpp
macro that is checked by most of the C code is still
DBUS_ENABLE_EMBEDDED_TESTS, which is defined or undefined under exactly
the same conditions as the new DBUS_ENABLE_INTRUSIVE_TESTS.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/537
Co-authored-by: Philip Withnall <philip@tecnocode.co.uk>
Signed-off-by: Simon McVittie <smcv@collabora.com>
The DBus1_xxx variables defined in DBusConfig.cmake for Windows builds
are currently hard-coded values and independent of those of the underlying
cmake target.
To avoid this, these values are retrieved from the corresponding cmake
target. In addition, the cmake allows the construction of the resulting
relocatable runtime paths.
This function is already inside `#ifdef DBUS_ENABLE_EMBEDDED_TESTS`
and doesn't need a second layer of the same guard.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Commit 4ebb275ab7 disabled deprecation warnings in the Autotools build
system, which we no longer have. Future stable-branches will want to
disable deprecation warnings in Meson instead.
Signed-off-by: Simon McVittie <smcv@collabora.com>
`meson dist` requires the version you intend to release to have been
committed already, and does not create any generated files in the
`${srcdir}` that are intended to be committed to git.
Signed-off-by: Simon McVittie <smcv@collabora.com>
If there is a pending OOM watch and at the same time there is no
timeout, poll is entered with infinite timeout, because infinite
is expressed with a negative number, which is smaller than any
actual timeout.
Introduce min_poll_timeout(), which returns the smaller non-negative
number of the two, or the larger negative number if both numbers
are negative.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/536
Signed-off-by: Petr Malat <oss@malat.biz>
[smcv: adjust whitespace]
Signed-off-by: Simon McVittie <smcv@collabora.com>
We're not going to replace deprecated functions here, similar to commit
88e0ccb2 in the dbus-1.10 branch.
Signed-off-by: Simon McVittie <smcv@collabora.com>
On older Solaris, these functions exist in -lsocket rather than in the
standard C library. If we can't find them immediately, try again with
-lsocket added to the dependencies.
Later, use network_libs when checking for optional functions like
socketpair(), so that we will detect it correctly. If socketpair() is
not found, dbus compiles successfully without it, but dbus-daemon will
not start because it cannot set up reload signalling.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/531
Signed-off-by: Simon McVittie <smcv@collabora.com>
Found by compiling with clang -fsanitize=signed-integer-overflow etc and
running dbus-daemon on armv7.
Signed-off-by: Jami Kettunen <jami.kettunen@protonmail.com>
This interface is still not ready for production use. To minimize
confusion, let's remove it from the 1.16.x stable branch. We can have
another try during the 1.17.x cycle, via dbus/dbus!449.
Signed-off-by: Simon McVittie <smcv@collabora.com>
The `Containers1` interface is not stable or production-ready, and is
compile-time-optional behind a build option, which in fact currently
cannot be enabled (it intentionally provokes a compiler `#error` if
enabled). If it isn't enabled, this directory won't be useful, so
there's no reason to create it.
As discussed in <https://github.com/systemd/mkosi/issues/3189>, if we
use the `@DBUS_USER@` here, it makes `tmpfiles.d/dbus.conf` dependent
on having created the `@DBUS_USER@` via `sysusers.d` or some
appropriate distro-specific mechanism. This is problematic in distros
that split up the functionality of dbus into several layers, such as
Debian: the `@DBUS_USER@` conceptually belongs to the same layer as
the well-known system bus, but `/etc/machine-id` and
`/var/lib/dbus/machine-id` are also used by the well-known session bus,
which is orthogonal to the system bus; so we want `dbus.conf` to be in a
lower layer than the `@DBUS_USER@`.
Signed-off-by: Simon McVittie <smcv@collabora.com>
We can no longer upload to specifications.freedesktop.org directly.
Instead, that area of the freedesktop.org web space is updated by
sending merge requests to the xdg/xdg-specs> project.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Now that we're installing the Doxygen documentation in a subdirectory,
the Devhelp index needs to reflect that.
Fixes: 522633b4 "cmake: install api docs in html subdir"
Fixes: f546ddd9 "meson: Install Doxygen docs as api/html/*.html"
Signed-off-by: Simon McVittie <smcv@debian.org>
The main NEWS file continues to document all changes since 1.12.0,
including the entire 1.13.x/1.14.x series.
Signed-off-by: Simon McVittie <smcv@collabora.com>
On recent Linux systems, systemd sets the hard limit on the number of
file descriptors extremely high (about 1e9, compared with about 1e6 in
previous systemd versions or 4096 in the kernel's historical defaults),
and dbus raises its soft limit to match the hard limit. The result of
sysconf(_SC_OPEN_MAX) is based on the fd limit, and iterating linearly
through that many fds takes long enough for activation to time out.
This particular piece of code is just test instrumentation, which aims to
log (possibly fatal) warnings if any file descriptor is not close-on-exec
as it should be. In practice the test suite doesn't use anywhere near
a thousand fds, so it's sufficient to run this check against a much
smaller number of fds.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/527
Bug-Debian: https://bugs.debian.org/1086148
Signed-off-by: Simon McVittie <smcv@collabora.com>
