Commit Graph

7940 Commits

Author SHA1 Message Date
Philip Withnall
8a60c22bb4 Merge branch '861-dbus-menu-model-robustness' into 'main'
gmenumodel: disallow exporting large menus on the bus

Closes #861

See merge request GNOME/glib!3133
2022-12-14 16:18:07 +00:00
Lars Uebernickel
89a7bbcf6e gmenumodel: disallow exporting large menus on the bus
This solves problems with validating untrusted inputs from D-Bus, where
invalid numbers of added and removed menu entries, and positions, could
be specified.

Original patch from
https://bugzilla.gnome.org/show_bug.cgi?id=728733#c7, tweaked by Philip
Withnall to add a few code comments and make
`G_MENU_EXPORTER_MAX_SECTION_SIZE` public so callers can check their
inputs against it if they want. Also tweaked to use `g_warning()` instead
of the nonexistent `g_dbus_warning()`.

Fixes: #861
2022-12-14 15:42:14 +00:00
Philip Withnall
a2c8a8c630 tests: Release GApplication a little later to avoid assertion failures
If it takes one more `GMainContext` cycle than expected for the
`activate` signals to be handled, the `GApplication` under test can be
released too early, and the test will fail due to not seeing a high
enough value of `n_activations`.

Hopefully avoid that by moving the release to a low priority idle
callback.

This fix is only hopeful because I’ve only been able to reproduce the
failure on FreeBSD CI and not locally.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2835
2022-12-14 09:33:18 +00:00
Marco Trevisan
a9e8b3f7e4 Merge branch '2837-test-timeouts' into 'main'
tests: Increase a timeout in contexts test

Closes #2837

See merge request GNOME/glib!3122
2022-12-13 14:57:44 +00:00
Philip Withnall
cad9256c3d tests: Increase a timeout in contexts test
The timeout is just to stop the test hanging forever, so there’s no need
for it to be so short. It’s caused at least one spurious CI failure:
https://gitlab.gnome.org/GNOME/glib/-/jobs/2445023.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2837
2022-12-13 14:07:58 +00:00
Philip Withnall
3c15df01c8 Merge branch 'wip/3v1n0/desktop-app-info-fail-on-not-existent' into 'main'
gdesktopappinfo: Fail early if trying to launch an invalid executable and always use desktop Path and context $PATH

See merge request GNOME/glib!3042
2022-12-13 13:01:09 +00:00
Marco Trevisan (Treviño)
511d1cad02 gdesktopappinfo: Fail early if trying to launch an invalid executable
GDesktopAppInfo never failed in the most simple of the cases: when a
desktop file or a command line app info was pointing to an invalid
executable (for the context).

The reason for this is that we're launching all the programs using
gio-launch-desktop which will always exist in a sane GLib installation,
and thus our call to execvp won't ever fail on failure.

This was partially mitigated by not allowing to create a desktop app
icon using a non-existent executable (even if not fully correctly) but
still did not work in case a custom PATH was provided in the launch
context.

To avoid this, use g_find_program_for_path() to find early if a program
that we're about to launch is available, and if it's not the case return
the same error that g_spawn_async_with_fds() would throw in such cases.

While this is slowing a bit our preparation phase, would avoid to leave
to the exec function the job to find where our program is.

Add tests simulating this behavior.
2022-12-12 15:58:13 +01:00
Marco Trevisan (Treviño)
da8aa0b66d desktop-app-info: Use launch context PATH and desktop Path to find terminals
We used to launch applications with terminals using the normal program
finder logic that did not consider the context path nor the desktop file
working dir. Switch to g_find_program_for_path() to find terminals so we
can ensure that both conditions are true.

Update tests to consider this case too.
2022-12-12 15:58:13 +01:00
Marco Trevisan (Treviño)
e41e3dc601 gdesktopappinfo: Take in account the desktop Path to find executables
Desktop files can provide the executable working path and that can be
used to pick the file to launch.

So take it in account.
2022-12-12 15:58:13 +01:00
Philip Withnall
191e89878d tests: Add basic GApplicationCommandLine unit tests
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-12-09 10:45:21 +00:00
Philip Withnall
c0eef5e226 gapplication: Validate types of well-known platform data keys
The platform data comes from the parent process, which should normally
be considered trusted (if we don’t trust it, it can do all sorts of
other things to mess this process up, such as setting
`LD_LIBRARY_PATH`).

However, it can also come from any process which calls `CommandLine`
over D-Bus, so always has to be able to handle untrusted input. In
particular, `v`-typed `GVariant`s must always have their dynamic type
validated before having values of a static type retrieved from them.

Includes unit tests.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1904
2022-12-09 10:45:21 +00:00
Philip Withnall
eb0d9e709a gapplication: Document that command line options must be validated
They come from an external process, so they must be validated.

In particular, it’s always easy to forget to validate the type of a
`GVariant`, and just try to get the stored value using a well-known
type; but that’s a programming error if the `GVariant` actually stores a
different type. Always check the variant type first if loading from a
`v`.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1904
2022-12-09 10:45:21 +00:00
Philip Withnall
83c11637ba gfdonotificationbackend: Validate actions before activating them
These actions are activated as a result of receiving the `ActionInvoked`
signal from `org.freedesktop.Notifications`. As that’s received from
another process over D-Bus, it’s feasible that it could be malformed.
Without validating the action and its parameter, assertions will be hit
within the `GAction` code.

While we should be able to trust whatever process owns
`org.freedesktop.Notifications`, it’s possible that’s not the case, so
best validate what we receive.

Includes unit tests.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1904
2022-12-09 10:45:21 +00:00
Philip Withnall
08012bd3e0 tests: Add stub tests for GFdoNotificationBackend
This test is fairly pointless, but puts the infrastructure in place for
adding more tests for `GFdoNotificationBackend` in upcoming commits.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1904
2022-12-09 10:45:21 +00:00
Philip Withnall
3987f41f8c gfdonotificationbackend: Don’t remove notification if invoking action fails
Invoking an action on a notification should remove it (by default,
unless the `resident` hint is set, but GLib doesn’t currently support
that).

If, somehow, an invalid action is invoked on the notification, that
shouldn’t cause it to be removed though, because no action has taken
place. So change the code to do that.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-12-09 10:45:21 +00:00
Philip Withnall
da634e7a25 gapplication: Validate actions activated over D-Bus
As with the previous commit, the arguments to `ActivateAction` have to
be validated before being passed to `g_action_group_activate_action()`.
As they come over D-Bus, they are coming from an untrusted source.

Includes unit tests for all D-Bus methods on `GApplication`.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1904
2022-12-09 10:45:21 +00:00
Philip Withnall
dbe4531e86 gactiongroupexporter: Validate actions activated or changed over D-Bus
The action name, parameter and new state are all controlled by an
external process, so can’t be trusted. Ensure they are validated before
being passed to functions which assert that they are correctly typed and
extant.

Add unit tests.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1904
2022-12-09 10:45:21 +00:00
Philip Withnall
5fd101eccc tests: Move a helper function around in the actions test
This will be used in an upcoming commit.

This introduces no functional changes.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1904
2022-12-09 10:45:21 +00:00
Philip Withnall
c27b02ace7 Merge branch 'gio-thumbnail-sizes' into 'main'
file-info: Add a set of attributes for large thumbnails

Closes #621

See merge request GNOME/glib!2918
2022-12-08 09:04:45 +00:00
Matthias Clasen
f0606d5421 file-info: Add a set of attributes for large thumbnails
Some applications (eg., gnome-photos) really want a large thumbnail,
if one can be created. Simply falling back to a smaller one (probably
created by an old nautilus), without giving the application a chance
to create a bigger thumbnail, is undesirable because they will appear
fuzzy.

Therefore, at separate attribute sets for all the thumbnail sizes
that are supported in the spec: normal/large/x-large/xx-large.

The old attribute will now return by default the biggest available, as
it used to be, but also including the x-large and xx-large cases.

Co-Authored-by: Marco Trevisan <mail@3v1n0.net>

Fixes: #621
2022-12-08 05:21:19 +01:00
Chris Talbot
eb12afed6f gsimpleproxyresolver: Make explicit that a port is needed for HTTP/HTTPS 2022-12-06 13:37:47 +00:00
Marco Trevisan
6599cf95ae Merge branch 'wip/pwithnall/dbus-system-bus-address' into 'main'
gdbusaddress: Use runstatedir rather than localstatedir

See merge request GNOME/glib!3101
2022-12-06 00:24:17 +00:00
Philip Withnall
7b9dcb70c4 gunixmounts: Include configured localstatedir+runstatedir in system FS list
In case they differ from the defaults, we probably want to ignore them
when listing filesystems which are interesting to the user.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-12-02 21:53:18 +00:00
Philip Withnall
b7b9f89417 gdbusaddress: Use runstatedir rather than localstatedir
This reworks commit 20e1508e6e, for two
reasons:
 - Upstream dbus.git now does the same (although this isn’t yet reflected
   in the online version of the D-Bus Specification); see
   https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/209.
 - It allows local-prefix (e.g. jhbuild) builds of GLib to build in a
   custom prefix while still interacting with system services using the
   system-wide `/run` directory. To do so, pass `-Druntime_dir=/run` to
   meson configure.

As documented in the `NEWS` file in
https://gitlab.freedesktop.org/dbus/dbus/-/merge_requests/209, it’s only
valid to use `/run` – rather than `/var/run` – for D-Bus if the two
paths are interoperable. i.e. `/var/run` should be a symlink to `/run`,
and the D-Bus daemon should be configured to put its socket there.

This commit deliberately doesn’t introduce a special `system_socket`
configure option for specifying where the D-Bus system socket lives, as
that would only be useful for a distribution which sets `runstatedir` to
something other than `/var/run` or `/run`, which seems unlikely. We
could add such an option in future, though, if a distribution comes
forward with such a requirement.

See discussion on
https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3095#note_1605502.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-12-02 21:53:18 +00:00
Philip Withnall
f4c9b42084 Merge branch 'use-socklen-t' into 'main'
gsocket: use socklen_t in more places to fix build under cygwin

See merge request GNOME/glib!3105
2022-12-02 21:24:52 +00:00
Christoph Reiter
60ab0737df gsocket: fix -Wsign-compare warnings when socklen_t is signed
under cygwin socklen_t is signed which leads to warnings like:

warning: comparison of integer expressions of different signedness:
‘long unsigned int’ and ‘socklen_t’ {aka ‘int’} [-Wsign-compare]

In both cases we compare against some small fixed sizes, so cast them
to socklen_t.
2022-12-02 21:17:42 +01:00
Christoph Reiter
e31c6accc5 gsocket: use socklen_t in more places to fix build under cygwin
cygwin defines socklen_t as int, unlike everywhere else where it is uint32_t (afaics),
so signed vs unsigned.

The recently added -Werror=pointer-sign in 4353813058
makes the build fail under cygwin now with something like:

error: pointer targets in passing argument 5 of ‘getsockopt’ differ in signedness [-Werror=pointer-sign]

This changes guint to socklen_t where needed for getsockname, getpeername and getsockopt.
2022-12-02 21:17:22 +01:00
Alynx Zhou
6dd5f2515f gdesktopappinfo: Use strstr instead of g_str_has_prefix for search
Fixes: #1152
2022-12-02 19:19:47 +00:00
Jason Francis
acfeb65633
gsocketcontrolmessage: add nullable annotation to deserialize return 2022-11-29 17:46:16 -05:00
Philip Withnall
5218765de2 Merge branch 'form-default-gdbusaddress' into 'main'
gdbusaddress: Form default system dbus path using meson definitions

See merge request GNOME/glib!3095
2022-11-28 18:36:47 +00:00
Roman Stratiienko
20e1508e6e gdbusaddress: Form default system dbus path using meson definitions
This is useful for systems where rootfs doesn't contain /var directory,
e.g. on Android.

Signed-off-by: Roman Stratiienko <r.stratiienko@gmail.com>
2022-11-28 19:57:59 +02:00
Sonny Piers
29da935c28 Fix doc typo in g_dbus_connection_signal_subscribe 2022-11-28 11:33:09 +00:00
Philip Withnall
24e1bfba16 Merge branch 'snap-portal-support' into 'main'
portal: Check for snap plugs before accessing portals

See merge request GNOME/glib!3020
2022-11-24 19:49:07 +00:00
Marco Trevisan (Treviño)
92fae633a0 gio/tests: Add tests for flatpak infos
Support testing flatpak infos, we do it by faking /.flatpak-info file in
case we're building in test mode.
2022-11-24 20:03:39 +01:00
Marco Trevisan (Treviño)
e6eebfd9c3 gportalsupport: Force use /usr/bin/snapctl to get snap connection status
Do not search in path for snapctl to avoid it to be potentially
overridden by changing the PATH env variable.

Still allow testing by using an ifdef to check if we're building for the
test files or not.
2022-11-24 20:03:39 +01:00
Marco Trevisan (Treviño)
94ebd9f041 gio/tests/sandbox: Use test portal utils to create fake snap.yaml 2022-11-24 20:03:39 +01:00
Marco Trevisan (Treviño)
b1a2b64e94 gio/tests: Add tests for portal support functions
Test all the snap cases and the unknown sandbox one.

We need to use different test processes as we initialize the portal
type early enough that it can't be changed later.
2022-11-24 20:03:39 +01:00
Robert Ancell
216d7ba042 portal: Check for snap plugs before accessing portals
This is of particular use in the gsettings backend, which is currently using
dconf for all snaps.
Fully confined snaps should use the keyfile backend, as Flatpaks do.

Co-Authored-by: Marco Trevisan <mail@3v1n0.net>
2022-11-24 20:00:18 +01:00
Marco Trevisan (Treviño)
0e4dff445f gsandbox: Mark classic snaps as UNKNOWN sandbox type
Classic snaps are just a kind of packages with no sandbox at all, so
there's no point to mark them as sandboxed.

In this way we can just do IO checks once without having to multiply
them.

Co-Authored-by: Robert Ancell <robert.ancell@canonical.com>
2022-11-24 20:00:18 +01:00
Philip Withnall
66499d2199 Revert "build: Don’t define redundant built-in variables in pkgconfig calls"
This reverts commit 7e3e591d43.

The freedesktop SDK, which is used by gnome-build-meta, only has Meson
0.63. Bumping GLib’s Meson dependency to 0.64 means that, at the moment,
GLib is not buildable in gnome-build-meta and hence can’t be tested in
nightly pipelines against other projects, etc.

That’s bad for testing GLib.

It’s arguably bad that we’re restricted to using an older version of
Meson than shipped by Debian Testing, but that’s a separate discussion
to be had.

Revert the Meson 0.64 dependency until the freedesktop SDK ships Meson ≥
0.64. This also means reverting the simplifications to use of
`gnome.mkenum_simple()`.

See https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3077#note_1601064
2022-11-24 12:10:03 +00:00
Philip Withnall
b4231844a2 Revert "build: Use fs.copyfile() instead of configure_file()"
This reverts commit 19353017a7.

The freedesktop SDK, which is used by gnome-build-meta, only has Meson
0.63. Bumping GLib’s Meson dependency to 0.64 means that, at the moment,
GLib is not buildable in gnome-build-meta and hence can’t be tested in
nightly pipelines against other projects, etc.

That’s bad for testing GLib.

It’s arguably bad that we’re restricted to using an older version of
Meson than shipped by Debian Testing, but that’s a separate discussion
to be had.

Revert the Meson 0.64 dependency until the freedesktop SDK ships Meson ≥
0.64. This also means reverting the simplifications to use of
`gnome.mkenum_simple()`.

See https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3077#note_1601064
2022-11-24 12:09:55 +00:00
Philip Withnall
b646b1cab7 Revert "meson: Use gnome.mkenum_simple()"
This reverts commit 756b424cce.

The freedesktop SDK, which is used by gnome-build-meta, only has Meson
0.63. Bumping GLib’s Meson dependency to 0.64 means that, at the moment,
GLib is not buildable in gnome-build-meta and hence can’t be tested in
nightly pipelines against other projects, etc.

That’s bad for testing GLib.

It’s arguably bad that we’re restricted to using an older version of
Meson than shipped by Debian Testing, but that’s a separate discussion
to be had.

Revert the Meson 0.64 dependency until the freedesktop SDK ships Meson ≥
0.64. This also means reverting the simplifications to use of
`gnome.mkenum_simple()`.

See https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3077#note_1601064
2022-11-24 12:06:10 +00:00
Marco Trevisan (Treviño)
660242af07 tests/sandbox: Use isolated-directories
So we don't have to bother to manually remove the created artifacts.
2022-11-24 05:38:32 +01:00
Robert Ancell
4ba188c906 portal: Rename function to not be flatpak specific
It will also read snap information
2022-11-24 05:38:32 +01:00
Simon McVittie
a241226f2e Merge branch 'gdbus-tests-isolate-dirs' into 'main'
tests: Add G_TEST_OPTION_ISOLATE_DIRS to almost all gdbus tests

See merge request GNOME/glib!3088
2022-11-23 17:20:44 +00:00
Xavier Claessens
756b424cce meson: Use gnome.mkenum_simple()
Meson now uses find_program() to get glib-mkenum from glib instead of
from system. That was already fixed at least in >=0.60 which is our
current minimum requirement.
2022-11-23 08:02:34 -05:00
Xavier Claessens
6dd5c5002a Merge branch 'wip/pwithnall/meson-0.64' into 'main'
build: Bump Meson dependency to 0.64.0

See merge request GNOME/glib!3077
2022-11-23 11:48:51 +00:00
Philip Withnall
fd27c8dc6e tests: Add G_TEST_OPTION_ISOLATE_DIRS to almost all gdbus tests
This is a spiritual follow-up to commit 8cff531520, which
added `G_TEST_OPTION_ISOLATE_DIRS` to the `gdbus-connection-flush` test
to avoid its D-Bus cookie lock file from being erroneously deleted by
other tests running in parallel.

The same failure mode could affect any of the other D-Bus tests which
connect to a bus. As an easy fix, enable `G_TEST_OPTION_ISOLATE_DIRS`
for all of them.

The only test it’s not (yet) enabled for is `gdbus-address-get-session`
as that messes around with `XDG_RUNTIME_DIR` to test finding the session
bus. It might be possible to use `G_TEST_OPTION_ISOLATE_DIRS` with it,
but that would take longer than I have right now.

In any case, the more tests (which try to connect to a bus) that this is
enabled for, the lower the chances of spurious test failure due to them
conflicting over shared resources.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-11-23 11:15:20 +00:00
Philip Withnall
19353017a7 build: Use fs.copyfile() instead of configure_file()
Because Meson complains about using `configure_file(copy: true)`.

Includes improvements by Xavier Claessens.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-11-23 10:40:32 +00:00
Philip Withnall
7e3e591d43 build: Don’t define redundant built-in variables in pkgconfig calls
This is deprecated since Meson 0.62.0, since Meson does this
automatically for us.

This fixes a Meson configure warning.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2022-11-23 10:39:58 +00:00