Commit Graph

23975 Commits

Author SHA1 Message Date
Matej Urbančič
58619b6609 Update Slovenian translation 2022-01-30 20:58:24 +00:00
sicklylife
cd6add1a3c Update Japanese translation 2022-01-30 15:25:02 +00:00
sicklylife
2667381e80 Update Japanese translation 2022-01-30 15:12:46 +00:00
Piotr Drąg
49c377c61f Update Polish translation 2022-01-29 14:08:42 +00:00
Yuri Chornoivan
33e9d70110 Update Ukrainian translation 2022-01-27 14:36:39 +00:00
Simon McVittie
e01a71bf13 Merge branch 'backport-2461-memory-leak-glib-2-70' into 'glib-2-70'
Backport !2461 “Fix memory leak in gio/gdbusauthmechanismsha1.c” to glib-2-70

See merge request GNOME/glib!2462
2022-01-27 12:18:12 +00:00
Loic Le Page
554db5f8ae Fix memory leak in gio/gdbusauthmechanismsha1.c 2022-01-27 11:06:21 +00:00
Aleksandr Melman
2d32f88433 Update Russian translation 2022-01-27 10:50:23 +00:00
Anders Jonsson
4a6bd94d90 Update Swedish translation 2022-01-26 20:27:00 +00:00
Rafael Fontenelle
22e9237d02 Update Brazilian Portuguese translation 2022-01-26 19:22:25 +00:00
Philip Withnall
7049535a06 2.70.3
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-01-26 14:52:28 +00:00
Hugo Carvalho
a3c6948099 Update Portuguese translation 2022-01-26 14:34:29 +00:00
Philip Withnall
62b800c51e Merge branch 'backport-2454-security-fixes-glib-2-70' into 'glib-2-70'
Backport !2454 gdbusmessage and gvariant fixes to glib-2-70

See merge request GNOME/glib!2455
2022-01-26 14:31:42 +00:00
Sebastian Wilhelmi
48750feaac gdbusmessage: Disallow zero-length elements in arrays
They are not allowed in the specification, and can lead to infinite
loops when parsing.

That’s a security issue if your application is accepting D-Bus messages
from untrusted peers (perhaps in a peer-to-peer connection). It’s not
exploitable when your application is connected to a bus (such as the
system or session buses), as the bus daemons (dbus-daemon or
dbus-broker) filter out such broken messages and don’t forward them.

Arrays of zero-length elements are disallowed in the D-Bus
specification: https://dbus.freedesktop.org/doc/dbus-specification.html#container-types

oss-fuzz#41428, #41435
Fixes: #2557
2022-01-26 13:10:05 +00:00
Sebastian Wilhelmi
0d64ae771e gdbusmessage: Disallow empty structures/tuples in D-Bus messages
They are disallowed in the specification:
https://dbus.freedesktop.org/doc/dbus-specification.html#container-types

Helps: #2557
2022-01-26 13:10:05 +00:00
Sebastian Wilhelmi
1ce8a0abb7 gvariant-serialiser: Prevent unbounded recursion in is_normal()
This fixes a bug in 7c4e6e9fbe.

The original approach in that commit accidentally only checked the depth
at the leaf nodes in the variant tree, whereas actually the depth should
be checked before recursing to avoid stack overflow.

It neglected to consider that `g_variant_serialised_is_normal()` would
be recursed into by some of the `DISPATCH(_is_normal)` cases. When that
happened, the depth check was after the recursion so couldn’t prevent a
stack overflow.

Fixes: #2572
2022-01-26 13:10:05 +00:00
Kukuh Syafaat
3fb62e4984 Update Indonesian translation 2022-01-26 01:48:57 +00:00
Milo Casagrande
5d5d5b04ea Update Italian translation 2022-01-23 14:07:16 +00:00
Yuri Chornoivan
a1a754a872 Update Ukrainian translation 2022-01-22 16:29:40 +00:00
Piotr Drąg
7e1048d450 Update Polish translation 2022-01-22 10:46:23 +00:00
Anders Jonsson
4b2d9f509f Update Swedish translation 2022-01-22 10:30:57 +00:00
Daniel Mustieles
0c000b97f0 Updated Spanish translation 2022-01-21 10:26:53 +01:00
Hugo Carvalho
9e1fabd601 Update Portuguese translation 2022-01-19 15:31:17 +00:00
Sebastian Dröge
2bc689268a Merge branch 'backport-2435-spawn-close-range-glib-2-70' into 'glib-2-70'
Backport !2435 “gspawn: Report errors with closing file descriptors between fork/exec” to glib-2-70

See merge request GNOME/glib!2444
2022-01-19 13:46:37 +00:00
Philip Withnall
9dabc7c5ac gspawn: Report errors with closing file descriptors between fork/exec
If a seccomp policy is set up incorrectly so that it returns `EPERM` for
`close_range()` rather than `ENOSYS` due to it not being recognised, no
error would previously be reported from GLib, but some file descriptors
wouldn’t be closed, and that would cause a hung zombie process. The
zombie process would be waiting for one half of a socket to be closed.

Fix that by correctly propagating errors from `close_range()` back to the
parent process so they can be reported correctly.

Distributions which aren’t yet carrying the Docker fix to correctly
return `ENOSYS` from unrecognised syscalls may want to temporarily carry
an additional patch to fall back to `safe_fdwalk()` if `close_range()`
fails with `EPERM`. This change will not be accepted upstream as `EPERM`
is not the right error for `close_range()` to be returning.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2580
2022-01-19 13:12:52 +00:00
Sebastian Dröge
dfc43aedec Merge branch 'backport-2425-btrfs-optimisation-glib-2-70' into 'glib-2-70'
Backport !2425 “gfileutils: Remove outdated BTRFS fsync optimization from set_contents” to glib-2-70

See merge request GNOME/glib!2437
2022-01-18 08:51:32 +00:00
Sebastian Keller
fa4b0e431e gfileutils: Remove outdated BTRFS fsync optimization from set_contents
This code was skipping fsync on BTRFS because of an old guarantee about
the overwrite-by-rename behavior that no longer holds true. This has
been confirmed by the BTRFS developers to no longer be guaranteed since
Kernel 3.17 (August 2014), but it was guaranteed when this optimization
was first introduced in 2010.

This could result in empty files after crashes in applications using
g_file_set_contents(). Most prominently this might have been the cause
of dconf settings getting lost on BTRFS after crashes due to the
frequency with which such writes can happen in dconf.

See: https://gitlab.gnome.org/GNOME/dconf/-/issues/73
2022-01-17 20:08:54 +00:00
Marek Černocký
9404a7b5d3 Updated Czech translation 2022-01-14 12:03:42 +01:00
Sebastian Dröge
e1bbfdbcd5 Merge branch 'backport-2412-paramspec-annotation-glib-2-70' into 'glib-2-70'
Backport !2412 “paramspec: fix unref annotation” to glib-2-70

See merge request GNOME/glib!2415
2022-01-05 13:45:24 +00:00
Bilal Elmoussaoui
2812798347 paramspec: fix unref annotation 2022-01-05 13:13:03 +00:00
Мирослав Николић
12d77beb94 Update Serbian translation 2021-12-29 17:57:25 +00:00
Matej Urbančič
19badb2434 Update Slovenian translation 2021-12-19 21:27:53 +00:00
Emin Tufan Çetin
b787683dcc Update Turkish translation 2021-12-17 14:59:22 +00:00
Philip Withnall
8c6b44d40c Merge branch 'backport-1968-spawn-fds-fix-glib-2-70' into 'glib-2-70'
Backport !1968 “gspawn: Fix file descriptor conflation issues” to glib-2-70

See merge request GNOME/glib!2394
2021-12-15 14:21:39 +00:00
Michael Catanzaro
75dd51b86f gspawn: fix fd remapping conflation issue
We currently dup all source fds to avoid possible conflation with the
target fds, but fail to consider that the result of a dup might itself
conflict with one of the target fds. Solve this the easy way by duping
all source_fds to values that are greater than the largest fd in
target_fds.

Fixes #2503
2021-12-15 08:21:07 +00:00
Michael Catanzaro
28fde86522 gspawn: fix hangs when duping child_err_report_fd
In case child_err_report_fd conflicts with one of the target_fds, the
code here is careful to dup child_err_report_fd in order to avoid
conflating the two. It was a good idea, but evidently was not tested,
because the newly-created fd is not created with CLOEXEC set. This means
it stays open in the child process, causing the parent to hang forever
waiting to read from the other end of the pipe. Oops!

The fix is simple: just set CLOEXEC. This removes our only usage of the
safe_dup() function, so it can be dropped.

Fixes #2506
2021-12-15 08:21:07 +00:00
Michael Catanzaro
7663664c0a gspawn: use close_and_invalidate more 2021-12-15 08:21:07 +00:00
Aurimas Černius
134da2a55b Updated Lithuanian translation 2021-12-11 21:08:28 +02:00
Daniel Șerbănescu
409326e1d4 Update Romanian translation 2021-12-10 10:19:36 +00:00
Andika Triwidada
ad3fc660ea Update Indonesian translation 2021-12-05 04:07:24 +00:00
Philip Withnall
979da1da48 2.70.2
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-12-03 09:59:15 +00:00
Sebastian Dröge
c72917b37f Merge branch 'backport-2382-ossfuzz-41563-canonical-triple-slash-dot-dot-glib-2-70' into 'glib-2-70'
Backport !2382 “gfileutils: Correctly reset start value when canonicalising paths” to glib-2-70

See merge request GNOME/glib!2383
2021-12-02 19:49:54 +00:00
Philip Withnall
149e5c5159 gfileutils: Correctly reset start value when canonicalising paths
If a path starts with more than two slashes, the `start` value was
previously incorrect:
 1. As per the `g_path_skip_root()` call, `start` was set to point to
    after the final initial slash. For a path with three initial
    slashes, this is the character after the third slash.
 2. The canonicalisation loop to find the first dir separator sets
    `output` to point to the character after the first slash (and it
    overwrites the first slash to be `G_DIR_SEPARATOR`).
 3. At this point, with a string `///usr`, `output` points to the second
    `/`; and `start` points to the `u`. This is incorrect, as `start`
    should point to the starting character for output, as per the
    original call to `g_path_skip_root()`.
 4. For paths which subsequently include a `..`, this results in the
    `output > start` check in the `..` loop below not skipping all the
    characters of a preceding path component, which is then caught by
    the `G_IS_DIR_SEPARATOR (output[-1])` assertion.

Fix this by resetting `start` to `output` after finding the final slash
to keep in the output, but before starting the main parsing loop.

Relatedly, split `start` into two variables: `after_root` and
`output_start`, since the variable actually has two roles in the two
parts of the function.

Includes a test.

This commit is heavily based on suggestions by Sebastian Wilhemi and
Sebastian Dröge.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

oss-fuzz#41563
2021-12-02 18:47:39 +00:00
Philip Withnall
96bccb89df gfileutils: Add a comment in g_canonicalize_filename()
Clarify the code a little. This introduces no functional changes.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-12-02 18:47:39 +00:00
Quentin PAGÈS
711efa507b Update Occitan translation 2021-12-02 15:05:45 +00:00
Sebastian Dröge
541114846d Merge branch 'backport-2265-unregistration-race-glib-2-70' into 'glib-2-70'
Backport !2265 “gdbusconnection: Fix race between method calls and object unregistration” to glib-2-70

See merge request GNOME/glib!2312
2021-12-02 10:12:20 +00:00
Philip Withnall
e8228314e1 Merge branch 'backport-2374-canonicalize-filename-glib-2-70' into 'glib-2-70'
Backport !2374 “gfileutils: Improve performance of g_canonicalize_filename()” to glib-2-70

See merge request GNOME/glib!2375
2021-11-30 10:08:11 +00:00
Sebastian Wilhelmi
28a15f95c4 gfileutils: Improve performance of g_canonicalize_filename()
Improve the performance of canonicalising filenames with many `..` or
`.` components, by modifying the path inline rather than calling
`memmove()`.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2541
2021-11-30 09:42:38 +00:00
Aleksandr Melman
b7cec3d9f0 Update Russian translation 2021-11-28 15:20:58 +00:00
Piotr Drąg
816d4c3000 Update Polish translation 2021-11-28 13:54:06 +00:00