Commit Graph

13038 Commits

Author SHA1 Message Date
Piotr Drąg
1a8f413555 Updated Polish translation 2012-09-14 00:53:20 +02:00
Colin Walters
d6cbb29f59 CVE-2012-3524: Hardening for being run in a setuid environment
Some programs attempt to use libglib (or even libgio) when setuid.
For a long time, GTK+ simply aborted if launched in this
configuration, but we never had a real policy for GLib.

I'm not sure whether we should advertise such support.  However, given
that there are real-world programs that do this currently, we can make
them safer with not too much effort.

Better to fix a problem caused by an interaction between two
components in *both* places if possible.

This patch adds a private function g_check_setuid() which is used to
first ensure we don't run an external dbus-launch binary if
DBUS_SESSION_BUS_ADDRESS isn't set.

Second, we also ensure the local VFS is used in this case.  The
gdaemonvfs extension point will end up talking to the session bus
which is typically undesirable in a setuid context.

Implementing g_check_setuid() is interesting - whether or not we're
running in a privilege-escalated path is operating system specific.
Note that GTK+'s code to check euid versus uid worked historically on
Unix, more modern systems have filesystem capabilities and SELinux
domain transitions, neither of which are captured by the uid
comparison.

On Linux/glibc, the way this works is that the kernel sets an
AT_SECURE flag in the ELF auxiliary vector, and glibc looks for it on
startup.  If found, then glibc sets a public-but-undocumented
__libc_enable_secure variable which we can use.  Unfortunately, while
it *previously* worked to check this variable, a combination of newer
binutils and RPM break it:
http://www.openwall.com/lists/owl-dev/2012/08/14/1

So for now on Linux/glibc, we fall back to the historical Unix version
until we get glibc fixed.

On some BSD variants, there is a issetugid() function.  On other Unix
variants, we fall back to what GTK+ has been doing.

Reported-By: Sebastian Krahmer <krahmer@suse.de>
Signed-off-by: Colin Walters <walters@verbum.org>
2012-09-13 18:34:29 -04:00
William Jon McCann
cc3238a9c9 Add api to get the generic icon name for a mime type
https://bugzilla.gnome.org/show_bug.cgi?id=683744
2012-09-13 12:50:02 -04:00
Mario Blättermann
8d362a14e4 Updated German translation 2012-09-13 11:05:59 +02:00
Alexander Larsson
c99acf51d0 Fix regression in g_shell_parse_argv()
The commit in 6e4acf44b3 broke
the fallthrough case for '\\' when it changed the '#' case.

This caused issues like this:
  https://bugzilla.gnome.org/show_bug.cgi?id=683821

https://bugzilla.gnome.org/show_bug.cgi?id=562907
2012-09-13 10:20:27 +02:00
Sandeep Sheshrao Shedmake
d6b9df6949 Updated Marathi Translations 2012-09-12 15:49:27 +05:30
Matthias Clasen
47a3b76ac5 Move GIO-specific information to the GIO docs 2012-09-11 23:15:03 -04:00
Matthias Clasen
fc7dc33113 Add a section about writing GLib applications
For now, this includes some information about threads and security.
2012-09-11 22:41:18 -04:00
Matthias Clasen
6a50dc511b Drop GVFS_INOTIFY_DIAG debug feature
Just not a good idea to have this in production code.
2012-09-11 20:24:30 -04:00
Nilamdyuti Goswami
7a0c47843f Assamese translation updated 2012-09-11 18:55:54 +05:30
Thomas Bechtold
c9a3cd6d8b Fix gdbus connection annotations
g_dbus_connection_call_with_unix_fd_list_sync () and
g_dbus_connection_call_sync () should allow None for the
bus_name parameter.

https://bugzilla.gnome.org/show_bug.cgi?id=683771

Signed-off-by: Richard Hughes <richard@hughsie.com>
2012-09-11 13:16:32 +01:00
Claude Paroz
3a7d89a414 Updated French translation by Alexandre Franke and Claude Paroz 2012-09-10 11:01:39 +02:00
LRN
59ad2acfc5 gwin32mount.c: Fix syntax error
Signed-off-by: Colin Walters <walters@verbum.org>

https://bugzilla.gnome.org/show_bug.cgi?id=683641
2012-09-09 10:49:45 -04:00
Duarte Loreto
1a99d0eb99 Updated Portuguese translation 2012-09-09 01:30:24 +01:00
Martin Srebotnjak
a9720d1497 Updated Slovenian translation 2012-09-08 20:40:24 +02:00
Ryan Lortie
73a100d2ef G_DEFINE_QUARK: fix up some implementation issues
https://bugzilla.gnome.org/show_bug.cgi?id=683360
2012-09-08 14:08:01 -04:00
Marek Černocký
986405c37a Updated Czech translation 2012-09-08 11:17:27 +02:00
Ihar Hrachyshka
fcbc30451e Updated Belarusian translation. 2012-09-07 18:27:47 +03:00
Yaron Shahrabani
0c582a0cfc Updated Hebrew translation. 2012-09-07 16:52:28 +03:00
Мирослав Николић
e2ca8f1df1 Updated Serbian translation 2012-09-06 22:34:36 +02:00
Colin Walters
e6df67abe6 tests/gvariant: Fix test on big endian architectures
We need to ensure we get the exact same byte-level GVariant, so
byteswap on big endian architectures.

https://bugzilla.gnome.org/show_bug.cgi?id=683384
2012-09-06 09:23:06 -04:00
Martin Pitt
02f143c2d9 Box GTimeZone to make it introspectable
https://bugzilla.gnome.org/show_bug.cgi?id=683167
2012-09-06 06:18:42 +02:00
Bruce Cowan
f4980c6295 Updated British English translation 2012-09-05 13:13:54 +01:00
Chao-Hsiung Liao
54fa6a0bcf Updated Traditional Chinese translation(Hong Kong and Taiwan) 2012-09-05 19:52:32 +08:00
Dirgita
9ecbb2dfd3 Updated Indonesian translation 2012-09-04 19:47:46 +07:00
Matthias Clasen
dad25c4819 Bump version 2012-09-03 16:27:19 -04:00
Matthias Clasen
626abfdc10 2.33.10 2012-09-03 15:14:18 -04:00
Daniel Mustieles
5d915a4a77 Revert "Updated Spanish translation"
This reverts commit bc036bf978.
2012-09-03 16:18:23 +02:00
Daniel Mustieles
bc036bf978 Updated Spanish translation 2012-09-03 16:15:35 +02:00
Dan Winship
d68609f9fd Revert "xdgmime: plug a small leak"
This reverts commit 4e7031f073.

The string actually does get freed somewhere else, at least in some
cases. Can be looked at again later if this reintroduces a leak.

https://bugzilla.gnome.org/show_bug.cgi?id=683270
2012-09-03 10:07:31 -04:00
Daniel Mustieles
857ac29c1f Updated Spanish translation 2012-09-03 16:06:57 +02:00
Dan Winship
4d1b0d46db update .gitignore 2012-09-03 08:56:10 -04:00
Dan Winship
beb0f9c150 gio/tests: fix leaks
https://bugzilla.gnome.org/show_bug.cgi?id=682560
2012-09-03 08:41:23 -04:00
Dan Winship
17bb9d542c gio/tests/cancellable: fix to still work when running slowly
The test was assuming that all cancelled ops would finish within a
certain amount of time, but this often failed under valgrind. Instead,
just run the loop until all of the ops have actually finished.

https://bugzilla.gnome.org/show_bug.cgi?id=682560
2012-09-03 08:40:14 -04:00
Dan Winship
568f737708 gio/tests: port some stuff to g_test_expect_message()
https://bugzilla.gnome.org/show_bug.cgi?id=682560
2012-09-03 08:40:14 -04:00
Dan Winship
039ecf2bc6 g_file_copy: plug a leak
The fallback copy code was leaking the GFileInfo if it didn't have
G_FILE_ATTRIBUTE_STANDARD_TYPE.

https://bugzilla.gnome.org/show_bug.cgi?id=682560
2012-09-03 08:40:14 -04:00
Dan Winship
fa58cef826 GDesktopAppInfo: fix leaks
g_desktop_app_info_ensure_saved() was leaking the file contents.

_g_desktop_app_info_launch_uris_internal() was leaking the session bus
on error.

https://bugzilla.gnome.org/show_bug.cgi?id=682560
2012-09-03 08:36:10 -04:00
Dan Winship
4e7031f073 xdgmime: plug a small leak
https://bugzilla.gnome.org/show_bug.cgi?id=682560
2012-09-03 08:36:10 -04:00
Dan Winship
03be681e08 gobject/tests: plug leaks
https://bugzilla.gnome.org/show_bug.cgi?id=682560
2012-09-03 08:36:10 -04:00
Dan Winship
e0cba35d41 gobject/tests: use g_test_expect_messages()
https://bugzilla.gnome.org/show_bug.cgi?id=682560
2012-09-03 08:36:10 -04:00
Yuri Kozlov
7972485ca1 Updated Russian translation 2012-09-03 10:16:21 +04:00
Piotr Drąg
7662dbe82b Updated Polish translation 2012-09-03 01:20:56 +02:00
Matthias Clasen
a30f6a6eb8 Add new api to symbol lists and docs
https://bugzilla.gnome.org/show_bug.cgi?id=682849
2012-09-02 15:10:20 -04:00
Matthias Clasen
d80d70458a Add a threaded test for g_object_replace_data
This is the threaded atomic add test from glib/tests/atomic.c,
redone using qdata instead of an atomic int to store the values.
2012-09-02 15:10:20 -04:00
Matthias Clasen
2fa77fb76c Add some tests for new object data api
These are non-threaded, but the do test dup and destroy somewhat.

https://bugzilla.gnome.org/show_bug.cgi?id=682849
2012-09-02 15:09:13 -04:00
Matthias Clasen
1254ca716b Add an atomic compare-and-exchange operation for object data
This is useful when using object data in thread-safe libraries.

https://bugzilla.gnome.org/show_bug.cgi?id=682849
2012-09-02 15:09:13 -04:00
Matthias Clasen
06e3a1d71a Add compare-and exchange for data lists
Also, make it possible to get a 'new ref' on a datalist member
in a race-free way.
This is useful when using object data in thread-safe libraries.

https://bugzilla.gnome.org/show_bug.cgi?id=682849
2012-09-02 15:09:12 -04:00
Rūdolfs Mazurs
18e49c30f0 Updated Latvian translation 2012-09-02 16:04:37 +03:00
Aurimas Černius
b3beac08f5 Updated Lithuanian translation 2012-09-02 15:39:16 +03:00
Paolo Borelli
2d85894bc5 Fix gtk-doc for g_app_info_get_supported_types 2012-09-02 12:25:50 +02:00