We no longer have an Autotools build system, but Meson sets the same
environment variables that Autotools used to set. CMake does not, yet,
but ideally should.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/538
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 229e48f549)
init_connections_unlocked() is called when connecting to any of the
well-known buses, and it initializes all of the well-known addresses:
session, system and starter. This means that a failure here causes
failure to connect to any one of the well-known buses, even if the
failure is actually only relevant to a different well-known bus.
As such, it should only fail on genuinely fatal errors, for example
an out-of-memory condition. It calls init_session_address() and
indirectly _dbus_lookup_session_address(), which therefore need to
have similar behaviour.
Previously, _dbus_lookup_session_address() would fail with a
fatal error whenever the macOS session bus was not correctly set up,
but that breaks the ability to connect to the system bus on macOS,
even though the system bus is not directly related to the session bus.
Instead, we should report a missing session bus as "not supported",
reserving an unsuccessful result for fatal situations like
out-of-memory. This brings _dbus_lookup_session_address_launchd()
into line with the error behaviour of _dbus_lookup_user_bus().
Closes: #510
(cherry picked from commit 827e952793)
We no longer have an Autotools build system, but Meson sets the same
environment variables that Autotools used to set. CMake does not, yet,
but ideally should.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/538
Signed-off-by: Simon McVittie <smcv@collabora.com>
init_connections_unlocked() is called when connecting to any of the
well-known buses, and it initializes all of the well-known addresses:
session, system and starter. This means that a failure here causes
failure to connect to any one of the well-known buses, even if the
failure is actually only relevant to a different well-known bus.
As such, it should only fail on genuinely fatal errors, for example
an out-of-memory condition. It calls init_session_address() and
indirectly _dbus_lookup_session_address(), which therefore need to
have similar behaviour.
Previously, _dbus_lookup_session_address() would fail with a
fatal error whenever the macOS session bus was not correctly set up,
but that breaks the ability to connect to the system bus on macOS,
even though the system bus is not directly related to the session bus.
Instead, we should report a missing session bus as "not supported",
reserving an unsuccessful result for fatal situations like
out-of-memory. This brings _dbus_lookup_session_address_launchd()
into line with the error behaviour of _dbus_lookup_user_bus().
Closes: #510
Similar to #256, NSS plugins might open file descriptors the first time
they look up a system group, and leave them open. To avoid detecting
this as a leak, do one group lookup (which we expect to fail) before
starting testing, so that the fd is already open the first time we
call _dbus_check_fdleaks_enter(), and therefore is not considered to
have been leaked in _dbus_check_fdleaks_leave().
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/540
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 7cbb7b75dd)
If we set the countdown to simulating a failed allocation to
_DBUS_INT_MAX, then it will decrement every time we allocate memory,
eventually reaching 0 and triggering a simulated malloc failure.
In practice this does not happen during unit testing, because all of
our tests are (intentionally!) short enough that this can't happen,
but it can happen if a build of dbus with embedded tests enabled is
used for the "real" dbus-daemon or a "real" D-Bus service, either
during debugging or unintentionally, as noted on dbus/dbus!493.
We cannot simply special-case `_DBUS_INT_MAX` to never be decremented,
because _dbus_test_oom_handling() relies on the counter being
decremented even while we are not simulating malloc failure, as a way
to count the number of allocations as an upper bound for how long to
set the countdown during subsequent test runs.
Instead, reserve all negative numbers to represent the absence of
malloc failure simulation, while still being able to count allocations
by comparing two different negative numbers.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/535
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 0735c401a7)
Previously, the CMake build enabled tests by default, and enabled both
modular and intrusive (embedded) tests with a single option. This is
a really bad idea if anyone is using CMake-built binaries in production.
DBUS_BUILD_TESTS now enables only the modular tests, which are safe to
enable in production builds.
A new DBUS_ENABLE_INTRUSIVE_TESTS option enables the intrusive test
instrumentation.
To preserve existing test coverage, explicitly enable the intrusive
tests in most CMake-based Gitlab-CI jobs (Debian native, openSUSE native,
Windows).
In jobs that have a mirrored pair of production/debug builds (openSUSE
and Debian mingw32/mingw64 cmake), instead we leave the production
build as-is and only build full test coverage in the debug build.
Co-authored-by: Philip Withnall <philip@tecnocode.co.uk>
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 41c7570e1e)
This hopefully helps to get across the point that enabling these tests
adds instrumentation to libdbus and dbus-daemon, with a potentially
significant impact on code size, performance and security.
To avoid a huge diffstat which would be difficult to review, the cpp
macro that is checked by most of the C code is still
DBUS_ENABLE_EMBEDDED_TESTS, which is defined or undefined under exactly
the same conditions as the new DBUS_ENABLE_INTRUSIVE_TESTS.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/537
Co-authored-by: Philip Withnall <philip@tecnocode.co.uk>
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 9c5b5838f5)
Similar to #256, NSS plugins might open file descriptors the first time
they look up a system group, and leave them open. To avoid detecting
this as a leak, do one group lookup (which we expect to fail) before
starting testing, so that the fd is already open the first time we
call _dbus_check_fdleaks_enter(), and therefore is not considered to
have been leaked in _dbus_check_fdleaks_leave().
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/540
Signed-off-by: Simon McVittie <smcv@collabora.com>
This is a placeholder for the first release in the 1.17.x branch, which
is not yet ready, but is intended to be labelled as 1.17.0-alpha when
it is released.
Helps: dbus#530
Signed-off-by: Simon McVittie <smcv@collabora.com>
Some distributions are known to have shipped dbus 1.15.x as though it
was a stable release, and it isn't clear whether they knew that we use
the odd/even versioning convention like GLib does.
If we add a -alpha, -beta, -rc suffix to development versions starting
from 1.17.0, then distros that know we use odd/even versioning will
know that our development versions are not a stable-branch, and so will
distros that mistakenly think we use the "semantic versioning"
versioning convention popularized by <https://semver.org/>.
(We intentionally do not use semver, because semver would require us to
ship a new minor version every time we add new API, and we do not have
the resources to provide security support for an unlimited number of
minor versions in parallel: we need to be able to nominate a subset of
our releases as having longer-term security support, in a way that signals
to distros that these are the releases they should prefer to ship.)
CMake's `project()` doesn't allow this version number format[1], but
we intend to use version numbers where the (major, minor, micro) tuple
is enough to uniquely identify a release, so we can just tell CMake our
version number without the suffix and there will be no ambiguity.
Similarly, the dash is not allowed in GNU ld version scripts, so use
the form of the version number without the suffix there.
[1] https://gitlab.kitware.com/cmake/cmake/-/issues/16716
Helps: dbus#530
Signed-off-by: Simon McVittie <smcv@collabora.com>
If we set the countdown to simulating a failed allocation to
_DBUS_INT_MAX, then it will decrement every time we allocate memory,
eventually reaching 0 and triggering a simulated malloc failure.
In practice this does not happen during unit testing, because all of
our tests are (intentionally!) short enough that this can't happen,
but it can happen if a build of dbus with embedded tests enabled is
used for the "real" dbus-daemon or a "real" D-Bus service, either
during debugging or unintentionally, as noted on dbus/dbus!493.
We cannot simply special-case `_DBUS_INT_MAX` to never be decremented,
because _dbus_test_oom_handling() relies on the counter being
decremented even while we are not simulating malloc failure, as a way
to count the number of allocations as an upper bound for how long to
set the countdown during subsequent test runs.
Instead, reserve all negative numbers to represent the absence of
malloc failure simulation, while still being able to count allocations
by comparing two different negative numbers.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/535
Signed-off-by: Simon McVittie <smcv@collabora.com>
Previously, the CMake build enabled tests by default, and enabled both
modular and intrusive (embedded) tests with a single option. This is
a really bad idea if anyone is using CMake-built binaries in production.
DBUS_BUILD_TESTS now enables only the modular tests, which are safe to
enable in production builds.
A new DBUS_ENABLE_INTRUSIVE_TESTS option enables the intrusive test
instrumentation.
To preserve existing test coverage, explicitly enable the intrusive
tests in most CMake-based Gitlab-CI jobs (Debian native, openSUSE native,
Windows).
In jobs that have a mirrored pair of production/debug builds (openSUSE
and Debian mingw32/mingw64 cmake), instead we leave the production
build as-is and only build full test coverage in the debug build.
Co-authored-by: Philip Withnall <philip@tecnocode.co.uk>
Signed-off-by: Simon McVittie <smcv@collabora.com>
This hopefully helps to get across the point that enabling these tests
adds instrumentation to libdbus and dbus-daemon, with a potentially
significant impact on code size, performance and security.
To avoid a huge diffstat which would be difficult to review, the cpp
macro that is checked by most of the C code is still
DBUS_ENABLE_EMBEDDED_TESTS, which is defined or undefined under exactly
the same conditions as the new DBUS_ENABLE_INTRUSIVE_TESTS.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/537
Co-authored-by: Philip Withnall <philip@tecnocode.co.uk>
Signed-off-by: Simon McVittie <smcv@collabora.com>
The DBus1_xxx variables defined in DBusConfig.cmake for Windows builds
are currently hard-coded values and independent of those of the underlying
cmake target.
To avoid this, these values are retrieved from the corresponding cmake
target. In addition, the cmake allows the construction of the resulting
relocatable runtime paths.
(cherry picked from commit 29c2e9141a)
This function is already inside `#ifdef DBUS_ENABLE_EMBEDDED_TESTS`
and doesn't need a second layer of the same guard.
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 6e61173d64)
The DBus1_xxx variables defined in DBusConfig.cmake for Windows builds
are currently hard-coded values and independent of those of the underlying
cmake target.
To avoid this, these values are retrieved from the corresponding cmake
target. In addition, the cmake allows the construction of the resulting
relocatable runtime paths.
This function is already inside `#ifdef DBUS_ENABLE_EMBEDDED_TESTS`
and doesn't need a second layer of the same guard.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Commit 4ebb275ab7 disabled deprecation warnings in the Autotools build
system, which we no longer have. Future stable-branches will want to
disable deprecation warnings in Meson instead.
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit f651834427)
`meson dist` requires the version you intend to release to have been
committed already, and does not create any generated files in the
`${srcdir}` that are intended to be committed to git.
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit b97b083f9a)
Commit 4ebb275ab7 disabled deprecation warnings in the Autotools build
system, which we no longer have. Future stable-branches will want to
disable deprecation warnings in Meson instead.
Signed-off-by: Simon McVittie <smcv@collabora.com>
`meson dist` requires the version you intend to release to have been
committed already, and does not create any generated files in the
`${srcdir}` that are intended to be committed to git.
Signed-off-by: Simon McVittie <smcv@collabora.com>
If there is a pending OOM watch and at the same time there is no
timeout, poll is entered with infinite timeout, because infinite
is expressed with a negative number, which is smaller than any
actual timeout.
Introduce min_poll_timeout(), which returns the smaller non-negative
number of the two, or the larger negative number if both numbers
are negative.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/536
Signed-off-by: Petr Malat <oss@malat.biz>
[smcv: adjust whitespace]
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit a6023f49ac)
If there is a pending OOM watch and at the same time there is no
timeout, poll is entered with infinite timeout, because infinite
is expressed with a negative number, which is smaller than any
actual timeout.
Introduce min_poll_timeout(), which returns the smaller non-negative
number of the two, or the larger negative number if both numbers
are negative.
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/536
Signed-off-by: Petr Malat <oss@malat.biz>
[smcv: adjust whitespace]
Signed-off-by: Simon McVittie <smcv@collabora.com>
