Commit Graph

25707 Commits

Author SHA1 Message Date
Simon McVittie
8157668eac gdesktopappinfo: Don't trust $GIO_LAUNCH_DESKTOP if setuid
gio-launch-desktop was removed before checking GIO for potentially
unsafe environment variable references, so reverting its removal brought
this one back. If a setuid program is using GAppInfo then something is
probably already horribly wrong, but let's be careful anyway.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2022-07-25 01:00:53 +02:00
Simon McVittie
e4e21f20e2 gio-launch-desktop: Fix a compiler warning
Signed-off-by: Simon McVittie <smcv@collabora.com>
2022-07-25 01:00:53 +02:00
Simon McVittie
6620d28333 gio-launch-desktop: Add SPDX-License-Identifier
Signed-off-by: Simon McVittie <smcv@collabora.com>
2022-07-25 01:00:53 +02:00
Simon McVittie
6751392934 tests: Avoid using deprecated meson.build_root
Signed-off-by: Simon McVittie <smcv@collabora.com>
2022-07-25 01:00:53 +02:00
Simon McVittie
d0967c1d4a Revert "gdesktopappinfo: Use sh rather than gio-launch-desktop"
A shell one-liner was enough to set GIO_LAUNCHED_DESKTOP_FILE_PID,
but ideally we also want to do the equivalent of sd_journal_stream_fd()
to set up its standard output and standard error streams.

Ideally we would call sd_journal_stream_fd() in a process that will
exec the real program, otherwise it will report the wrong process ID
in the Journal, but we can't easily do that in a forked child when
using posix_spawn() for subprocesses.

This reverts commit 2b533ca99a.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2022-07-25 01:00:53 +02:00
Philip Withnall
206be0a8a1 Merge branch 'wip/smcv/multiarch-triggers' into 'main'
gio: Optionally install trigger executables to architecture-specific paths

See merge request GNOME/glib!2818
2022-07-24 22:57:34 +00:00
Philip Withnall
196e3605aa Merge branch 'wip/smcv/gdbus-cross-namespace' into 'main'
GDBus: Use namespace-friendly protocol for Linux message buses, and optionally other connections

See merge request GNOME/glib!2832
2022-07-24 22:55:08 +00:00
Philip Withnall
101be84d2f Merge branch 'wip/smcv/installed-tests' into 'main'
Fix installed-tests failures

See merge request GNOME/glib!2833
2022-07-24 18:44:11 +00:00
Simon McVittie
72868c026d gobject/tests/performance: Only run a quick version as installed-tests
ginsttest-runner defaults to timing out each test after 5 minutes,
but gobject/tests/performance/performance.c defaults to running each
of 18 tests for 15 seconds. The result is close enough to 5 minutes
that the setup overhead is enough to make it time out.

We're only running these tests to prove that they still work, not to
get meaningful performance numbers, so cut them down to 1 second per
test-case (the result of which is that performance.c takes about a
minute).

Signed-off-by: Simon McVittie <smcv@collabora.com>
2022-07-24 17:34:55 +01:00
Simon McVittie
0714bcb7f4 gobject/tests/performance: Use the other installed-tests template
These are not GTest tests, and don't output TAP.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2022-07-24 17:15:47 +01:00
Simon McVittie
a4135b9652 assert-msg-test.py: Look for assert-msg-test relative to this script
When run as an installed-test, assert-msg-test generally won't be in
the PATH, but it will be in the same directory as the installed copy
of this script, so we can find it that way.

This fixes an installed-tests failure in Debian's autopkgtest
environment.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2022-07-24 16:33:12 +01:00
Simon McVittie
32b226d1b1 gdbus: Allow cross-namespace connections to Linux session and system buses
The dominant implementations of the well-known session and system
message buses are the reference implementation from the dbus project
(dbus-daemon) and the sd-bus-based reimplementation dbus-broker, both
of which have correct implementations for EXTERNAL authentication with
an unspecified authorization identity.

This makes it reasonably safe to assume that the well-known message
buses can cope with the unspecified authorization identity, even if we
cannot make the same assumption for custom servers such as the ones
used in ibus and gvfs (which might have been started with an older
GLib version before upgrading GLib in-place).

Signed-off-by: Simon McVittie <smcv@collabora.com>
2022-07-24 14:07:02 +01:00
Simon McVittie
e0a0749268 gdbusauthmechanismexternal: Optionally send empty authorization identity
When using a GDBus client in a non-trivial user namespace, the result of
geteuid() can differ from the uid in the namespace where the server is
running. This would result in connection attempts being rejected, because
the identity that the client claims to have does not match the identity
that the server derives from its credentials.

RFC 4422 allows us to send an empty authorization identity, which means we
want to authenticate as whatever identity the server can derive from our
out-of-band credentials. In particular, this resolves the authentication
failure when crossing between different Linux user namespaces.

Because D-Bus does not have a way to represent an empty initial response
as distinct from the absence of an initial response, we cannot use the
initial-response optimization (RFC 4422 §4.3.a) in this case, and must
fall back to waiting for the server to send a challenge.

Unfortunately, GDBus versions older than glib!2826 did not implement
the server side of this protocol correctly, and would respond to the
missing initial response in a way that breaks the SASL state machine
(expecting a response without sending a challenge), causing client and
server to deadlock with each waiting for the other to respond. Until
fixed versions of GDBus are widespread, we can't rely on having a server
that can cope with this, so gate it behind a flag, which can be set for
connections that are known to cross non-trivial namespace boundaries.

Originally inspired by
<1ed4723d38>,
and based on earlier work by Giuseppe Scrivano (in which the
cross-namespace behaviour was unconditional, rather than gated by a
flag).

Co-authored-by: Giuseppe Scrivano <giuseppe@scrivano.org>
Signed-off-by: Simon McVittie <smcv@collabora.com>
2022-07-24 13:46:26 +01:00
Simon McVittie
552328b8c9 NEWS: Add an entry for multiarch trigger executables 2022-07-24 11:53:08 +01:00
Simon McVittie
0c087d121f gio: Optionally install trigger executables to architecture-specific paths
In Debian-style multiarch (libdir = lib/x86_64-linux-gnu or similar),
Red-Hat-style multilib (libdir = lib64 or lib) and Arch-style multilib
(libdir = lib or lib32), we have to run a separate version of
gio-querymodules to discover 32- or 64-bit modules on x86. Installing
modules in the directory used for each word size needs to trigger
recompilation of the correct modules list.

Debian, Fedora and Arch currently all have patches to facilitate this:
Debian moves gio-querymodules into ${libdir}/glib-2.0 and provides a
compat symlink in ${bindir}, while Fedora and Arch rename one or both
of the gio-querymodules executables to give it a -32 or -64 suffix.

We can avoid the need for these patches by making this a build option.
Doing this upstream has the advantage that the pkg-config metadata for
each architecture points to the correct executable and is in sync with
reality.

I'm using Debian's installation scheme with a separate directory here,
because the word-size suffix used in Fedora and Arch only works for the
common case of 32- and 64-bit multilib, and does not cover scenarios
where there can be more than one ABI with the same word size, such as
multiarch cross-compilation or alternative ABIs like x32.

Now that we have this infrastructure, it's also convenient to use it for
glib-compile-schemas. This works with /usr/share, so it only needs to
be run for one architecture (typically the system's primary
architecture), but using /usr/bin/glib-compile-schemas for the trigger
would result in either primary and secondary architectures trying to
overwrite each other's /usr/bin/glib-compile-schemas binaries, or a
circular dependency (the GLib library would have to depend on a
common package that contains glib-compile-schemas, but
glib-compile-schemas depends on the GLib library). Installing a
glib-compile-schemas binary in an architecture-specific location
alongside each GLib library bypasses this problem.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2022-07-24 11:19:37 +01:00
Zurab Kargareteli
e9c8070bfd Update Georgian translation 2022-07-24 05:58:13 +00:00
Marco Trevisan
58172a92bf Merge branch 'flag-reverse-docs' into 'main'
goption: Slightly improve the documentation for G_OPTION_FLAG_REVERSE

See merge request GNOME/glib!2830
2022-07-23 17:39:29 +00:00
Philip Withnall
55928d6ac0 Merge branch 'more-atomic-ops' into 'main'
Use atomic exchange operations more

See merge request GNOME/glib!2759
2022-07-23 11:35:08 +00:00
Philip Withnall
5094c342d1 Merge branch 'rybalkin-gregex-message-instead-of-warning' into 'main'
gregex: use g_debug instead of g_warning in case JIT is not available

See merge request GNOME/glib!2829
2022-07-22 18:43:20 +00:00
Aleksei Rybalkin
2c2e059cd3 gregex: use g_debug instead of g_warning in case JIT is not available
In case JIT is not available in pcre2 we printed warning about it. This
warning broke tests on systems which don't have JIT support in pcre2
(e.g. macos).
2022-07-22 20:29:07 +02:00
Emin Tufan Çetin
029e90afb7 Update Turkish translation 2022-07-22 14:48:34 +00:00
Aleksandr Melman
46744b9d8b Update Russian translation 2022-07-21 10:09:58 +00:00
Yuri Chornoivan
9f2e01d6c5 Update Ukrainian translation 2022-07-21 06:22:04 +00:00
Philip Withnall
b12e031f5e Merge branch 'rybalkin-gregex-jit-compilation' into 'main'
gregex: use G_REGEX_OPTIMIZE flag to enable JIT compilation

Closes #566

See merge request GNOME/glib!2817
2022-07-20 20:48:17 +00:00
Aleksei Rybalkin
bcd8cb3e14 gregex: use G_REGEX_OPTIMIZE flag to enable JIT compilation
Since we ported gregex to pcre2, the JIT compiler is now available to be
used. Let's undeprecate G_REGEX_OPTIMIZE flag to control whether the JIT
compilation is requested, since using JIT is itself an optimization.
See [1] for details on its implementation in pcre2.

[1] http://pcre.org/current/doc/html/pcre2jit.html

Fixes: #566
2022-07-20 20:48:17 +00:00
Philip Withnall
34e5bb8b43 Merge branch 'gregex-match-info-leak-fix' into 'main'
gregex: Free match info if offset matching recalc failed

See merge request GNOME/glib!2827
2022-07-20 13:56:23 +00:00
Philip Withnall
8d3dac8f83 Merge branch 'wip/smcv/gdbus-sasl' into 'main'
GDBus: improve interoperability of SASL handshake

See merge request GNOME/glib!2826
2022-07-20 13:01:49 +00:00
Marco Trevisan (Treviño)
6c93ac876f gregex: Free match info if offset matching recalc failed
It's not probably ever happening in practice, but coverity found it and
it's easy enough to fix it.

Coverity CID: #1490730
2022-07-20 06:32:30 +02:00
Simon McVittie
6abda14dc9 Merge branch 'wip/smcv/no-such-device' into 'main'
gioenums: G_IO_ERROR_NO_SUCH_DEVICE is new in 2.74

See merge request GNOME/glib!2825
2022-07-20 04:28:36 +00:00
Simon McVittie
0c24039874 tests: Add a test for GDBusServer with various simulated clients
Instead of using a GDBusConnection, this does the handshake at a lower
level using specific strings in the SASL handshake, to verify that we
will interoperate with various clients including sd-bus, libdbus and
older versions of GDBus.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2022-07-18 19:39:41 +01:00
Simon McVittie
3f532af65c gdbusauth: Represent empty data block as DATA\r\n, with no space
This is an interoperability fix. The reference implementation of D-Bus
treats "DATA\r\n" as equivalent to "DATA \r\n", but sd-bus does not,
and only accepts the former.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2022-07-18 17:53:40 +01:00
Giuseppe Scrivano
b51e3ab09e GDBusServer: Accept empty authorization identity for EXTERNAL mechanism
RFC 4422 appendix A defines the empty authorization identity to mean
the identity that the server associated with its authentication
credentials. In this case, this means whatever uid is in the
GCredentials object.

In particular, this means that clients in a different Linux user
namespace can authenticate against our server and will be authorized
as the version of their uid that is visible in the server's namespace,
even if the corresponding numeric uid returned by geteuid() in the
client's namespace was different. systemd's sd-bus has relied on this
since commit
1ed4723d38.

[Originally part of a larger commit; commit message added by smcv]

Signed-off-by: Simon McVittie <smcv@collabora.com>
2022-07-18 17:53:32 +01:00
Giuseppe Scrivano
a7d2e727ee GDBusServer: If no initial response for EXTERNAL, send a challenge
Sending an "initial response" along with the AUTH command is meant
to be an optional optimization, and clients are allowed to omit it.
We must reply with our initial challenge, which in the case of EXTERNAL
is an empty string: the client responds to that with the authorization
identity.

If we do not reply to the AUTH command, then the client will wait
forever for our reply, while we wait forever for the reply that we
expect the client to send, resulting in deadlock.

D-Bus does not have a way to distinguish between an empty initial
response and the absence of an initial response, so clients that want
to use an empty authorization identity, such as systed's sd-bus,
cannot use the initial-response optimization and will fail to connect
to a GDBusServer that does not have this change.

[Originally part of a larger commit; commit message added by smcv.]

Signed-off-by: Simon McVittie <smcv@collabora.com>
2022-07-18 16:26:24 +01:00
Giuseppe Scrivano
764f071909 gdbusauth: empty DATA does not need a trailing space
This is an interoperability fix. If the line is exactly "DATA\r\n",
the reference implementation of D-Bus treats this as equivalent to
"DATA \r\n", meaning the data block consists of zero hex-encoded bytes.
In practice, D-Bus clients send empty data blocks as "DATA\r\n", and
in fact sd-bus only accepts that, rejecting "DATA \r\n".

[Originally part of a larger commit; commit message added by smcv]

Signed-off-by: Giuseppe Scrivano <giuseppe@scrivano.org>
Co-authored-by: Simon McVittie <smcv@collabora.com>
Signed-off-by: Simon McVittie <smcv@collabora.com>
2022-07-18 16:11:20 +01:00
Simon McVittie
937f9a61cd gioenums: G_IO_ERROR_NO_SUCH_DEVICE is new in 2.74
This attribute will produce "deprecation" warnings when using it in
code that does not want dependencies on newer GLib versions.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2022-07-18 12:02:12 +01:00
Danial Behzadi
edcedd86d7 Update Persian translation 2022-07-17 19:42:47 +00:00
Danial Behzadi
37efb8c229 Update Persian translation 2022-07-16 14:21:04 +00:00
Philip Withnall
32e1c2f91a Merge branch 'dist-job-fix' into 'main'
ci: Setup submodules and subprojects before building on dist

See merge request GNOME/glib!2812
2022-07-15 22:09:42 +00:00
Philip Withnall
b33ba73532 Merge branch 'gsignal-threading-cleanup' into 'main'
gsignal: Perform signal unlocked handlers block, unblock and disconnect ops

See merge request GNOME/glib!2823
2022-07-15 21:36:28 +00:00
Philip Withnall
c3a80a7142 Merge branch 'non-registered-extension-point' into 'main'
Add missing extension point register for various settings backends

See merge request GNOME/glib!2813
2022-07-15 21:25:58 +00:00
Philip Withnall
bdaf1ffa67 Merge branch 'c-only' into 'main'
meson: fix build without cpp toolchain

See merge request GNOME/glib!2822
2022-07-15 21:23:03 +00:00
Ryan Hope
7c4e6032c6 Add tests for GMemorySettingsBackend and GNullSettingsBackend 2022-07-15 22:07:03 +02:00
Ryan Hope
924da751c2 gio: Ensure extension points are registered when creating Settings backends
Add missing call to _g_io_modules_ensure_extension_points_registered() to
GRegistryBackend, GNullSettingsBackend, and GNextstepSettingsBackend
2022-07-15 21:36:09 +02:00
Ryan Hope
04255e4565 Add missing extension point register for for GMemorySettingsBackend
Using GMemorySettingsBackend before any other GSettingsBackend would
cause the following error: "Tried to implement non-registered extension
point gsettings-backend". This is due to a missing call to
_g_io_modules_ensure_extension_points_registered() in the GMemorySettingsBackend
type definition which registers the gsettings-backend extension point.
2022-07-15 21:36:03 +02:00
James Hilliard
d0b9ebbaac meson: fix build without cpp toolchain
We don't need a cpp toolchain for building glib so lets just
automatically disable tests requiring one when not available.

Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
2022-07-15 12:58:41 -06:00
Marco Trevisan (Treviño)
42d52033db gsignal: Do not try to lookup the signal id and work on unlocked node
In g_signal_parse_name we were looking up for the signal from the name
keeping the mutex locked, but we then retrieved and checked the node
data without keeping the lock, so with another thread potentially
changing that.
2022-07-15 16:09:14 +02:00
Marco Trevisan (Treviño)
ae14f3219a gsignal: Perform signal unlocked handlers block, unblock and disconnect ops
We used to perform unneeded lock/unlock dances to perform block, unblock
and disconnect actions, and these were potentially unsafe because we
might have looped in data that could be potentially be changed by other
threads.

We could have also done the same by saving the handlers ids in a
temporary array and eventually remove them, but I don't see a reason for
that since we can just keep all locked without the risk of creating
deadlocks.

Coverity CID: #1474757, #1474771, #1474429
2022-07-15 16:05:35 +02:00
Philip Withnall
28c07dc966 Merge branch 'regex-do-not-assert-on-compile-error' into 'main'
gregex: Ensure we translate the errcode without asserting on G_REGEX_ERROR_COMPILE

Closes #2694

See merge request GNOME/glib!2821
2022-07-15 11:26:55 +00:00
Hugo Carvalho
28fd2e4e67 Update Portuguese translation 2022-07-15 11:20:50 +00:00
Marco Trevisan (Treviño)
c05d09044f gregex: Ensure we translate the errcode without asserting on G_REGEX_ERROR_COMPILE
Since commit 8d5a44dc in order to ensure that we were setting the errcode in
translate_compile_error(), we did an assert checking whether it was a
valid value, but we assumed that 0 was not a valid error, while it is as
it's the generic G_REGEX_ERROR_COMPILE.

So, set errcode and errmsg to invalid values before translating and
ensure we've change them.

Fixes: #2694
2022-07-15 01:46:11 +02:00