Even though GetStartupInfo() in g_win32_run_session_bus() would
tell us that STARTF_FORCEONFEEDBACK flag is not set, it still
affects the rundll32 process for some reason.
This means that Windows WM changes mouse cursor to IDC_APPSTARTING for
a few seconds when rundll32 runs g_win32_run_session_bus(). Since
g_win32_run_session_bus() never satisfies the conditions set by
STARTF_FORCEONFEEDBACK, the busy cursor only goes away after a
timeout.
Fix this by explicitly running GetMessage(). To ensure that GetMessage()
doesn't block, post a quit message immediately before calling it.
https://bugzilla.gnome.org/show_bug.cgi?id=760694
... from glib-gen-srcs.[vsprops|props].in to
glib-version-paths.[vsprops|props].in, and instead let autotools generate
glib-version-paths.[vsprops|props] rather than
glib-gen-srcs.[vsprops|props], as this will need to be referenced for
other items as well, namely generating the .pc files which will become
useful for introspection builds.
Apparently whoever made the last tarball didn't have `--enable-systemtap`.
Disted files shouldn't depend on build flags.
Also, it is cathartic for me to say tarballs are dumb and we should
just be pulling from git which is what's canonically tracking what's
source code and what's not and we don't need to repeat ourself in
`Makefile.am`.
https://bugzilla.gnome.org/show_bug.cgi?id=762637
The scanning to find the end of a positional parameter designator in
GVariant text format (e.g. '%i') is currently broken in case the 'end'
pointer is not specified.
The scan is controlled by a somewhat complicated loop that needs to deal
properly with cases like (123, %(ii)) [where '%(ii)' is to be taken
together, but the final ')' not].
This loop missed the case where a format string passed to
g_variant_new_parsed() ended immediately after such a conversion, with a
nul character. In this case the 'end' pointer is NULL, so the only way
we can find the end is by scanning for nul in the string.
In case of g_variant_new_parsed() [which is what this code was designed
to be used for], the bug is somewhat unlikely in practice: the only way
that a valid text-form GVariant could ever contain a positional
parameter replacement at the end of the string is if this positional
parameter were the only thing being returned. In that case, the user
would likely have opted for a more direct approach.
Unfortunately, this code is also active in the tokenisation phase of
g_variant_parse(), before positional parameters are rejected as invalid
for that case. Anyone who calls this function with a nul-terminated
string (and no end pointer) is vulnerable to a crash from malicious user
input. This can be seen, at the very least with many commandline tools:
$ dconf write /x '%i'
Segmentation fault
We fix this problem by searching for the nul character in this case, in
addition to comparing the end pointer.
This problem is almost certainly limited to being able to cause crashes.
The loop in question only performs reads and, in the security-sensitive
case, the token will be quickly rejected after the loop is finished
(since it starts with '%' and the 'app' pointer is unset). This is
further mitigated by the fact that there are no known cases of GVariant
text format being used as part of a protocol at a privilege barrier.
Some applications support running in a mode where they present
themselves as a different application to the user (for example web
browsers or terminals).
To facilitate this, add an option --gapplication-app-id which allows
users to override an application's id from desktop files or similar.
Applications need to opt-in to this by setting the
G_APPLICATION_CAN_OVERRIDE_APP_ID flag.
https://bugzilla.gnome.org/show_bug.cgi?id=743933