Commit Graph

6892 Commits

Author SHA1 Message Date
Philip Withnall
ac505e88c4 glocalfileoutputstream: Add a missing O_CLOEXEC flag to replace()
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-03-10 17:55:51 +00:00
Philip Withnall
87e19535fe glocalfileoutputstream: Fix CREATE_REPLACE_DESTINATION with symlinks
The `G_FILE_CREATE_REPLACE_DESTINATION` flag is equivalent to unlinking
the destination file and re-creating it from scratch. That did
previously work, but in the process the code would call `open(O_CREAT)`
on the file. If the file was a dangling symlink, this would create the
destination file (empty). That’s not an intended side-effect, and has
security implications if the symlink is controlled by a lower-privileged
process.

Fix that by not opening the destination file if it’s a symlink, and
adjusting the rest of the code to cope with
 - the fact that `fd == -1` is not an error iff `is_symlink` is true,
 - and that `original_stat` will contain the `lstat()` results for the
   symlink now, rather than the `stat()` results for its target (again,
   iff `is_symlink` is true).

This means that the target of the dangling symlink is no longer created,
which was the bug. The symlink itself continues to be replaced (as
before) with the new file — this is the intended behaviour of
`g_file_replace()`.

The behaviour for non-symlink cases, or cases where the symlink was not
dangling, should be unchanged.

Includes a unit test.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2325
2021-03-10 17:55:51 +00:00
Philip Withnall
a5f1f1e47c glocalfileoutputstream: Factor out a flag check
This clarifies the code a little. It introduces no functional changes.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-03-10 16:05:55 +00:00
Philip Withnall
5f2eae1156 tests: Stop using g_test_bug_base() in file tests
Since a following commit is going to add a new test which references
Gitlab, so it’s best to move the URI bases inside the test cases.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-03-10 16:02:35 +00:00
Philip Withnall
d523ed4543 glocalfileoutputstream: Fix a typo in a comment
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-03-10 16:02:35 +00:00
Sebastian Dröge
0dc86cded2 Merge branch 'machine-id-test' into 'master'
Validate D-Bus machine ID after loading

See merge request GNOME/glib!1962
2021-03-09 12:49:51 +00:00
Philip Withnall
05ff2f877c gdbusprivate: Stop hard-coding path to /var/lib
This will require distributions to ensure they pass
`--localstatedir=/var` correctly to Meson, but they should be doing that
already.

See https://mesonbuild.com/Builtin-options.html#directories for details
about how Meson treats `localstatedir` differently from most other `dir`
variables.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-03-01 13:44:20 +00:00
Philip Withnall
daa62a35e1 gdbusprivate: Validate machine ID after loading it
It’s unlikely that the machine ID will be invalid (it’s system
configuration), but it would be helpful to not propagate invalid IDs
further, since a lot of things rely on it.

It’s not easy to test this (it requires factoring out the code so it can
be used from a test program, or allowing it to load a machine ID from a
custom path), so I haven’t added unit tests. I’ve tested manually by
overriding the loaded machine ID.

Coverity CID: #1430944

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-03-01 13:44:20 +00:00
Philip Withnall
ea19358039 gdbusprivate: Simplify some variable initialisations
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-03-01 13:44:20 +00:00
Luca Bacci
00e848fbc3
Use the right permissions for directory watching on Win32
Using FILE_GENERIC_READ | FILE_GENERIC_WRITE access rights for directory monitoring
might cause problems, as noted in https://gitlab.gnome.org/GNOME/gimp/-/issues/4594.

ReadDirectoryChanges only needs FILE_LIST_DIRECTORY, so use that.

Fixes: https://gitlab.gnome.org/GNOME/gimp/-/issues/4594
2021-03-01 11:41:12 +01:00
Chun-wei Fan
cf02c280ff gio/tests/pollable.c: Fix build on non-Linux UNIX
For non-Linux UNIX systems, the label 'close_libutil:' in
'test_pollable_unix_pty()' will have no statement that goes with that
label.  Just do a 'return' on non-Linux UNIX systems.
2021-02-27 10:53:53 +08:00
Sebastian Dröge
81c4f4de4d Merge branch 'gio/gfileinfo/g_file_info_get_size/documentation' into 'master'
Improving documentation for g_file_info_get_size, fixing #2333

Closes #2333

See merge request GNOME/glib!1964
2021-02-26 08:29:19 +00:00
Uwe Scholz
429ccbd6d3 Improved the description of g_file_info_get_content_type function 2021-02-25 21:46:59 +01:00
Simon McVittie
f443144091 Merge branch 'pollable-test-dlopen-leak' into 'master'
tests: Fix leak of dlopened module in pollable test

See merge request GNOME/glib!1936
2021-02-25 18:26:57 +00:00
Uwe Scholz
73182528fa Improving documentation for g_file_info_get_size, fixing #2333 2021-02-24 23:13:27 +01:00
Michael Catanzaro
26f6e3db9e gkeyfilesettingsbackend: check for errors when creating file monitors
File monitor creation may fail. We should check for this, rather than
ignoring it and then spewing criticals upon improperly assuming that we
have a valid GFileMonitor rather than NULL.

In practice, creating the GFileMonitors here fail when opening a large
number of tabs in Epiphany. I'm still investigating to see why, but it
doesn't matter for the purposes of this commit.
2021-02-23 16:31:26 -06:00
Sebastian Dröge
7b0ac98afe Merge branch '2332-subprocess-launcher-oops' into 'master'
gsubprocesslauncher: Don’t close target FDs in close() method

Closes #2332

See merge request GNOME/glib!1958
2021-02-20 10:07:03 +00:00
Philip Withnall
50cf90dc56 tests: Test g_subprocess_launcher_close() doesn’t close too many FDs
Expand an existing unit test to check that the target FD of a
`g_subprocess_launcher_take_fd()` call doesn’t get closed when
`g_subprocess_launcher_close()` is called. Only the source FD should be
closed by the parent process.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #2332
2021-02-19 18:27:00 +00:00
Philip Withnall
55a75590d0 gsubprocesslauncher: Don’t close target FDs in close() method
This is a regression introduced in commit 67a589e505. Previously, the
source/target FD pairs were stored in `needdup_fd_assignments`, in
consecutive entries, so source FDs had even indices and target FDs had
odd indices.

I didn’t notice that the array index was being incremented by 2 when
closing FDs, when porting from the old code. So previously the code was
only closing the source FDs; after the port, it was closing source and
target FDs.

That’s incorrect, as the target FDs are just integers in the parent
process. It’s only in the child process where they are actually FDs —
and `g_subprocess_launcher_close()` is never called in the child
process.

This resulted in some strange misbehaviours in any process which used
`g_subprocess_launcher_take_fd()` with target FDs which could have
possibly aliased with other FDs in the parent process (and which weren’t
equal to their mapped source FDs).

Thanks to Olivier Fourdan for the detailed bug report.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2332
2021-02-19 18:27:00 +00:00
Philip Withnall
1e74c52a63 gsubprocesslauncher: Improve documentation formatting slightly
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-02-19 18:27:00 +00:00
Emmanuel Fleury
23dad977d8 Change SkipAsyncData fields to be gsize (and not gssize) 2021-02-19 18:10:30 +01:00
Sebastian Dröge
b41147dfc9 The ETag returned by various GFile functions is nullable
This was correctly annotated for proper return values but in case of out
parameters it was only annotated as (optional) and not additionally as
(nullable).
2021-02-17 10:01:36 +02:00
Philip Withnall
51e964849b Merge branch '2097-spawn-fd-rewriting' into 'master'
Resolve "GSubprocessLauncher with FD assignment can clash with g_spawn_async internal pipe"

Closes #2097

See merge request GNOME/glib!1690
2021-02-16 14:04:39 +00:00
Philip Withnall
67a589e505 gsubprocess: Use new source/target FD mapping functionality in g_spawn()
This improves performance by eliminating the use of a
`GSpawnChildSetupFunc` in the common case (since that setup code has now
moved into `g_spawn*()` itself), and enables the use of the fix to avoid
the child error reporting FD being overwritten by target FD mappings,
introduced via `g_spawn_async_with_pipes_and_fds()`.

It reworks how the source/target FD mapping is stored within
`GSubprocessLauncher` to match what `g_spawn*()` uses. The two
approaches are equivalent.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2097
2021-02-16 13:44:00 +00:00
Emmanuel Fleury
0dde9f3744 Fix signedness warning in gio/gmemoryoutputstream.c
gio/gmemoryoutputstream.c: In function ‘g_memory_output_stream_seek’:
gio/gmemoryoutputstream.c:792:44: error: comparison of integer expressions of different signedness: ‘goffset’ {aka ‘long int’} and ‘gsize’ {aka ‘long unsigned int’}
  792 |   if (priv->realloc_fn == NULL && absolute > priv->len)
      |                                            ^
2021-02-16 13:32:26 +01:00
Emmanuel Fleury
e939550cad Fix signedness warning in gio/gdummyfile.c
gio/gdummyfile.c: In function ‘unescape_string’:
gio/gdummyfile.c:485:32: error: comparison of integer expressions of different signedness: ‘long int’ and ‘size_t’ {aka ‘long unsigned int’}
  485 |   g_warn_if_fail (out - result <= strlen (escaped_string));
      |                                ^~
2021-02-16 13:32:26 +01:00
Emmanuel Fleury
18097c8acb Fix signedness warning in gio/gbufferedinputstream.c:g_buffered_input_stream_seek()
gio/gbufferedinputstream.c: In function ‘g_buffered_input_stream_seek’:
gio/gbufferedinputstream.c:899:18: error: comparison of integer expressions of different signedness: ‘goffset’ {aka ‘long int’} and ‘gsize’ {aka ‘long unsigned int’}
  899 |       if (offset <= priv->end - priv->pos && offset >= -priv->pos)
      |                  ^~
gio/gbufferedinputstream.c:899:53: error: comparison of integer expressions of different signedness: ‘goffset’ {aka ‘long int’} and ‘gsize’ {aka ‘long unsigned int’}
  899 |       if (offset <= priv->end - priv->pos && offset >= -priv->pos)
      |                                                     ^~
2021-02-16 13:32:26 +01:00
Emmanuel Fleury
ebb3427f22 Fix signedness warnings in gio/gapplication-tool.c
gio/gapplication-tool.c: In function ‘app_help’:
glib/gmacros.h:806:26: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘size_t’ {aka ‘long unsigned int’}
gio/gapplication-tool.c:121:26: note: in expansion of macro ‘MAX’
  121 |               maxwidth = MAX(maxwidth, strlen (_(substvars[i].var)));
      |                          ^~~
gio/gapplication-tool.c: In function ‘app_help’:
glib/gmacros.h:806:26: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘size_t’ {aka ‘long unsigned int’}
gio/gapplication-tool.c:140:20: note: in expansion of macro ‘MAX’
  140 |         maxwidth = MAX(maxwidth, strlen (topics[i].command));
      |                    ^~~
2021-02-16 13:32:26 +01:00
Emmanuel Fleury
02126e0a07 Fix missing initializer warnings in gio/gapplication-tool.c
gio/gapplication-tool.c:51:3: error: missing initializer for field ‘synopsis’ of ‘const struct help_topic’
   51 |   },
      |   ^
gio/gapplication-tool.c:54:3: error: missing initializer for field ‘synopsis’ of ‘const struct help_topic’
   54 |   },
      |   ^
2021-02-16 13:32:26 +01:00
Emmanuel Fleury
e89bd4cc15 Fix several signedness warnings in gio/gapplication-tool.c
gio/gapplication-tool.c: In function ‘app_help’:
gio/gapplication-tool.c:90:21: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘long unsigned int’
   90 |       for (i = 0; i < G_N_ELEMENTS (topics); i++)
      |                     ^
gio/gapplication-tool.c:117:25: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘long unsigned int’
  117 |           for (i = 0; i < G_N_ELEMENTS (substvars); i++)
      |                         ^
gio/gapplication-tool.c:121:25: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘long unsigned int’
  121 |           for (i = 0; i < G_N_ELEMENTS (substvars); i++)
      |                         ^
gio/gapplication-tool.c:137:21: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘long unsigned int’
  137 |       for (i = 0; i < G_N_ELEMENTS (topics); i++)
      |                     ^
gio/gapplication-tool.c:140:21: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘long unsigned int’
  140 |       for (i = 0; i < G_N_ELEMENTS (topics); i++)
      |                     ^
2021-02-16 13:32:25 +01:00
Emmanuel Fleury
80e2dc3a7a Fix signedness warning in gio/gdbus-tool.c
gio/gdbus-tool.c:1183:95: error: comparison of integer expressions of different signedness: ‘guint’ {aka ‘unsigned int’} and ‘int’
 1183 |           if ((fd_id = g_unix_fd_list_append (fd_list, g_variant_get_handle (value), &error)) == -1)
      |                                                                                               ^~
2021-02-16 13:32:25 +01:00
Philip Withnall
8323997f3f glocalfileinputstream: Drop custom skip vfunc implementation
Since the previous commit, the generic `GInputStream` implementation of
`skip()` is now equivalent, and results in the same calls to `lseek()`.

Heavily based on an approach by Dan Winship in
https://bugzilla.gnome.org/show_bug.cgi?id=681374.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #587
2021-02-15 23:10:41 +00:00
Philip Withnall
58c6e0e5d4 ginputstream: Don’t skip off the end of resizable streams
The default implementation of `g_input_stream_skip()` can skip off the
end of resizable streams, as that’s the behaviour of `g_seekable_seek()`
for that type of stream.

This has previously been fixed for local file input streams (commit
89f9615835), and a unit test added there.
However, the fix should be more generally made in `GInputStream`.

This commit reworks an old patch by Dan Winship on
https://bugzilla.gnome.org/show_bug.cgi?id=681374, which took that
approach.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #587
2021-02-15 23:10:41 +00:00
Philip Withnall
1e21abf0c4 gtestdbus: Flush stdout and stderr before forking a monitor process
This is a workaround for the fact that forking without execing is not
easy to do correctly, and `GTestDBus` doesn’t do it correctly. However,
`GTestDBus` is de-facto deprecated and so putting any more effort in is
a waste.

This fixes an issue where a test would print duplicate output when
outputting to a fully-buffered FD, such as a pipe. This is because the
buffer is non-empty before the `fork()`, and ends up duplicated in the
parent and child processes, both of which later flush the duplicated
buffer contents.

Diagnosed and fix suggested by Simon McVittie.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2322
2021-02-15 10:33:32 +00:00
Simon McVittie
ee53840fa6 tests: Use a more realistic language code than sv_SV
Swedish as spoken in El Salvador is not listed in
/usr/share/i18n/SUPPORTED, and in any case is probably not what we meant.
A more plausible language code would be Swedish as spoken in Sweden.

Prompted by improving the Debian packaging of GLib to generate most of
the language codes mentioned in the tests, so that we can have better
test coverage.

Signed-off-by: Simon McVittie <smcv@collabora.com>
2021-02-14 14:43:12 +00:00
Philip Withnall
2f91caf77e tests: Add a basic test for require-same-user D-Bus auth flag
It’s not feasible to test that the require-same-user flag can cause
authentication to fail, as that would require the build environment to
have two users available. We can, however, test that it passes when
authenticating a client and server running under the same user account.

I have manually tested that the new flag works, by running the following
as user A:
```
`$prefix/gdbus-daemon --print-env &`
gdbus call --session --dest org.freedesktop.DBus --object-path /org/freedesktop/DBus --method org.freedesktop.DBus.ListNames
```

And then running the `gdbus call` command again as user B (with the same
value for `DBUS_SESSION_BUS_ADDRESS` in the environment), which
produces:
```
Error connecting: Unexpected lack of content trying to read a line
```
(an authentication rejection)

Commenting out the use of
`G_DBUS_SERVER_FLAGS_AUTHENTICATION_REQUIRE_SAME_USER` from
`gdbusdaemon.c`, the `gdbus call` command succeeds for both users.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-02-11 16:12:40 +00:00
Philip Withnall
5d0ffe73b7 gdbusdaemon: Use require-same-user flag to avoid auth observer signal
This doesn’t change the `GDBusDaemon` behaviour, but does simplify the
code a little.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Helps: #1804
2021-02-11 16:12:40 +00:00
Philip Withnall
1a6aa9a493 gdbus: Add flags to require authentication as the same user
This eliminates a common use case for the
`GDBusAuthObserver::authorize-authenticated-peer` signal, which is often
implemented incorrectly by people.

Suggested by Simon McVittie.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #1804
2021-02-11 16:12:40 +00:00
Philip Withnall
137a9bdcc2 gdbusauth: Use g_clear_object() to simplify the code a little
Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-02-11 16:06:27 +00:00
Philip Withnall
a1db705bc2 Merge branch 'wip/gdbus-flags-from-the-future' into 'master'
gdbus: Reject attempts to set future connection or server flags

See merge request GNOME/glib!1934
2021-02-11 11:53:13 +00:00
Sebastian Dröge
90d34b3078 Merge branch 'keyfile-settings-fix-again' into 'master'
gkeyfilesettingsbackend: Fix basename handling when group is unset

See merge request GNOME/glib!1941
2021-02-11 08:00:00 +00:00
Philip Withnall
68ce7a28e1 tests: Add tests for key name handling in the keyfile backend
This tests the two recent commits.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-02-10 22:10:00 +00:00
Philip Withnall
a59247608f gkeyfilesettingsbackend: Disallow empty key or group names
These should never have been allowed; they will result in precondition
failures from the `GKeyFile` later on in the code.

A test will be added for this shortly.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-02-10 21:20:11 +00:00
Philip Withnall
9d27c57f70 gkeyfilesettingsbackend: Fix basename handling when group is unset
Fix an effective regression in commit
7781a9cbd2, which happens when
`convert_path()` is called with a `key` which contains no slashes. In
that case, the `key` is entirely the `basename`.

Prior to commit 7781a9cb, the code worked through a fluke of `i == -1`
cancelling out with the various additions in the `g_memdup()` call, and
effectively resulting in `g_strdup (key)`.

Spotted by Guido Berhoerster.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>
2021-02-10 21:16:39 +00:00
Emmanuel Fleury
bdcd7eca3b Fix missing initializer warning in gio/glib-compile-resources.c
gio/glib-compile-resources.c: In function ‘parse_resource_file’:
gio/glib-compile-resources.c:553:3: error: missing initializer for field ‘passthrough’ of ‘GMarkupParser’ {aka ‘struct _GMarkupParser’}
  553 |   GMarkupParser parser = { start_element, end_element, text };
      |   ^~~~~~~~~~~~~
2021-02-10 20:44:21 +01:00
Emmanuel Fleury
7c7aec9b31 Fix several signedness warnings in gio/gio-tool-tree.c
gio/gio-tool-tree.c: In function ‘do_tree’:
gio/gio-tool-tree.c:124:22: error: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’
  124 |        for (n = 0; n < level; n++)
      |                      ^
gio/gio-tool-tree.c:197:21: error: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’
  197 |       for (n = 0; n < level; n++)
      |                     ^
2021-02-10 20:43:58 +01:00
Emmanuel Fleury
a54ebd6860 Fix missing initializer warning in gio/gio-tool-monitor.c
gio/gio-tool-monitor.c:48:3: error: missing initializer for field ‘description’ of ‘GOptionEntry’ {aka ‘const struct _GOptionEntry’}
   48 |   { G_OPTION_REMAINING, 0, 0, G_OPTION_ARG_FILENAME_ARRAY, &watch_default },
      |   ^
2021-02-10 20:41:16 +01:00
Emmanuel Fleury
85f2492111 Fix signedness warning in gio/gio-tool.c:attribute_flags_to_string()
gio/gio-tool.c: In function ‘attribute_flags_to_string’:
gio/gio-tool.c:171:17: error: comparison of integer expressions of different signedness: ‘int’ and ‘long unsigned int’
  171 |   for (i = 0; i < G_N_ELEMENTS (flag_descr); i++)
      |                 ^
2021-02-10 20:41:16 +01:00
Emmanuel Fleury
6b3e39fafd Fix several missing initializer warnings in gio/glib-compile-schemas.c
gio/glib-compile-schemas.c: In function ‘parse_gschema_files’:
gio/glib-compile-schemas.c:1773:3: error: missing initializer for field ‘passthrough’ of ‘GMarkupParser’ {aka ‘struct _GMarkupParser’}
 1773 |   GMarkupParser parser = { start_element, end_element, text };
      |   ^~~~~~~~~~~~~
gio/glib-compile-schemas.c: In function ‘main’:
gio/glib-compile-schemas.c:2176:5: error: missing initializer for field ‘arg_description’ of ‘GOptionEntry’ {aka ‘struct _GOptionEntry’}
 2176 |     { "allow-any-name", 0, 0, G_OPTION_ARG_NONE, &allow_any_name, N_("Do not enforce key name restrictions") },
      |     ^
2021-02-10 20:41:16 +01:00
Emmanuel Fleury
93f3831ed3 Fix several signedness warnings in gio/glib-compile-schemas.c
gio/glib-compile-schemas.c: In function ‘key_state_set_range’:
gio/glib-compile-schemas.c:376:17: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘long unsigned int’
  376 |   for (i = 0; i < G_N_ELEMENTS (table); i++)
      |                 ^
gio/glib-compile-schemas.c: In function ‘key_state_serialise’:
gio/glib-compile-schemas.c:714:29: error: comparison of integer expressions of different signedness: ‘gint’ {aka ‘int’} and ‘long unsigned int’
  714 |               for (i = 0; i < size / sizeof (guint32); i++)
      |                             ^
2021-02-10 20:41:16 +01:00