Commit Graph

24536 Commits

Author SHA1 Message Date
Sebastian Wilhelmi
c74177337d gdbusmessage: Disallow zero-length elements in arrays
They are not allowed in the specification, and can lead to infinite
loops when parsing.

That’s a security issue if your application is accepting D-Bus messages
from untrusted peers (perhaps in a peer-to-peer connection). It’s not
exploitable when your application is connected to a bus (such as the
system or session buses), as the bus daemons (dbus-daemon or
dbus-broker) filter out such broken messages and don’t forward them.

Arrays of zero-length elements are disallowed in the D-Bus
specification: https://dbus.freedesktop.org/doc/dbus-specification.html#container-types

oss-fuzz#41428, #41435
Fixes: #2557
2022-01-26 13:04:49 +00:00
Sebastian Wilhelmi
6499ad5356 gdbusmessage: Disallow empty structures/tuples in D-Bus messages
They are disallowed in the specification:
https://dbus.freedesktop.org/doc/dbus-specification.html#container-types

Helps: #2557
2022-01-26 13:04:49 +00:00
Sebastian Wilhelmi
77233f6f07 gvariant-serialiser: Prevent unbounded recursion in is_normal()
This fixes a bug in 7c4e6e9fbe.

The original approach in that commit accidentally only checked the depth
at the leaf nodes in the variant tree, whereas actually the depth should
be checked before recursing to avoid stack overflow.

It neglected to consider that `g_variant_serialised_is_normal()` would
be recursed into by some of the `DISPATCH(_is_normal)` cases. When that
happened, the depth check was after the recursion so couldn’t prevent a
stack overflow.

Fixes: #2572
2022-01-26 13:04:49 +00:00
Philip Withnall
5ca038cf57 Merge branch 'windows-static-build-core' into 'main'
Enable full-static build on Windows

Closes #692

See merge request GNOME/glib!2438
2022-01-26 11:38:44 +00:00
Loïc Le Page
097cd3a16b Add Windows native static build using msvc to CI 2022-01-26 12:07:46 +01:00
Loic Le Page
42c77c7ac7 Enable full-static build on Windows
Glib cannot be built statically on Windows because glib, gobject and gio
modules need to perform specific initialization when DLL are loaded and
cleanup when unloaded. Those initializations and cleanups are performed
using the DllMain function which is not called with static builds.

Issue is known for a while and solutions were already proposed but never
merged (see: https://gitlab.gnome.org/GNOME/glib/-/issues/692). Last
patch is from version 2.36.x and since then the
"constructor/destructor" mechanism has been implemented and used in
other part of the system.

This patch takes back the old idea and updates it to the last version of
glib to allow static compilation on Windows.

WARNING: because DllMain doesn't exist anymore in static compilation
mode, there is no easy way of knowing when a Windows thread finishes.
This patch implements a workaround for glib threads created by calling
g_thread_new(), so all glib threads created through glib API will behave
exactly the same way in static and dynamic compilation modes.
Unfortunately, Windows threads created by using CreateThread() or
_beginthread/ex() will not work with glib TLS functions. If users need
absolutely to use a thread NOT created with glib API under Windows and
in static compilation mode, they should not use glib functions within
their thread or they may encounter memory leaks when the thread finishes.

This should not be an issue as users should use exclusively the glib API
to manipulate threads in order to be cross-platform compatible and this
would be very unlikely and cumbersome that they may mix up Windows native
threads API with glib one.

Closes #692
2022-01-26 10:14:02 +01:00
Loic Le Page
2ff2c9eb5b Refactor glib/glib-init.c to isolate init/deinit steps in isolated functions 2022-01-26 10:08:20 +01:00
Loic Le Page
4fdbfcc9b7 Uniformize G_PLATFORM_WIN32 and G_OS_WIN32 in glib-init.c
According to build system (meson.build file), G_PLATFORM_WIN32 and G_OS_WIN32
are synonym. This commit just unify the usage of this define to prepare
for the static build conditional compilation code.
2022-01-26 10:08:20 +01:00
Loic Le Page
98880b9f99 Add license disclaimer and header guards to gconstructor.h 2022-01-26 10:08:20 +01:00
Loic Le Page
bfa46bd98a Fix gconstructor.h header to include gslist functions
Macros defined in gconstructor.h header are using g_slist_find()
function but the gslist.h corresponding header was not included.
2022-01-26 10:08:20 +01:00
Kukuh Syafaat
71d2b66f34 Update Indonesian translation 2022-01-26 01:51:36 +00:00
Philip Withnall
01628f95b5 Merge branch 'random-fixes' into 'main'
Reduce the amount of compile-time warnings

See merge request GNOME/glib!2441
2022-01-25 19:45:03 +00:00
Pablo Correa Gómez
6406217f50
gsequence: Fix variable maybe uninitialized warning
../glib/gsequence.c: In function 'g_sequence_move_range':
../glib/gsequence.c:640:24: warning:
 'dest_seq' may be used uninitialized in this function [-Wmaybe-uninitialized]
  640 |   if (dest && dest_seq == src_seq &&
      |               ~~~~~~~~~^~~~~~~~~~
2022-01-25 20:18:41 +01:00
Pablo Correa Gómez
c2ff12ced5
glib/tests: Fix variable maybe uninitialized warning 2022-01-25 20:18:41 +01:00
Pablo Correa Gómez
d4cbe9ce4e
xdgmime: Fix unused-variable warning
../gio/xdgmime/xdgmimemagic.c:489:24: warning:
unused variable 'i' [-Wunused-variable]
  489 |           unsigned int i;
      |                        ^
2022-01-25 20:18:41 +01:00
Philip Withnall
e00069010e Merge branch 'win32-mem-monitor' into 'main'
gio/win32: add GMemoryMonitorWin32

See merge request GNOME/glib!2452
2022-01-25 18:11:53 +00:00
Marc-André Lureau
bb1b9d90ec gio/win32: add GMemoryMonitorWin32
Windows has CreateMemoryResourceNotification() API:

https://docs.microsoft.com/en-us/windows/win32/api/memoryapi/nf-memoryapi-creatememoryresourcenotification

It only notifies whether "Available physical memory is running low."

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2022-01-25 20:55:57 +04:00
Marc-André Lureau
0ed621e905 gio/tests: use g_message to print --watch result
g_debug() isn't printed by default.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2022-01-25 16:31:10 +04:00
Marc-André Lureau
06160facf3 gio/tests: simplify enum to string in memory-monitor
Also results in more robust handling, since it can get a NULL eclass.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2022-01-25 16:31:10 +04:00
Philip Withnall
0ea10bf904 Merge branch 'array-length-annotation-tls-certificate-new-from-pkcs12' into 'main'
Add `(array length)` annotation to `g_tls_certificate_new_from_pkcs12()`

See merge request GNOME/glib!2453
2022-01-25 11:15:31 +00:00
Sebastian Dröge
1979bfed4b Add (array length) annotation to g_tls_certificate_new_from_pkcs12() 2022-01-25 12:39:18 +02:00
Fran Dieguez
3b58e8547d Update Galician translation 2022-01-25 01:47:35 +00:00
Aleksandr Melman
b26c463039 Update Russian translation 2022-01-24 13:03:21 +00:00
Yuri Chornoivan
d41282f7a8 Update Ukrainian translation 2022-01-22 16:27:56 +00:00
Hugo Carvalho
78a2e4d84d Update Portuguese translation 2022-01-22 15:55:03 +00:00
Piotr Drąg
ce8505be41 Update Polish translation
(cherry picked from commit 7e1048d450)
2022-01-22 10:46:43 +00:00
Emmanuele Bassi
89c1ab2cce Merge branch 'ebassi/gdbus-codegen-rst' into 'main'
Add reStructuredText documentation generator for gdbus-codegen

See merge request GNOME/glib!2448
2022-01-22 02:08:39 +00:00
Emmanuele Bassi
ba2725f263 tests: Check "gdbus-codegen --generate-docbook"
Verify that the command line argument works, by checking it's not writing
to stdout/stderr, and that the generated file isn't empty.
2022-01-22 01:30:16 +00:00
Emmanuele Bassi
4db9d43f1a tests: Check "gdbus-codegen --generate-rst"
Verify that the command line argument works, by checking it's not writing
to stdout/stderr, and that the generate file isn't empty.
2022-01-22 01:30:16 +00:00
Emmanuele Bassi
1437be8049 docs: Add --generate-rst to the gdbus-codegen docs 2022-01-22 01:30:16 +00:00
Emmanuele Bassi
e2fe3aa0e7 Build the reStructuredText docs for the object-manager example
Just like we build them for the DocBook. We are not including them in the
API reference, for now.
2022-01-22 01:30:16 +00:00
Emmanuele Bassi
66e4ba806a Add reStructuredText generator to gdbus-codegen
The gdbus-codegen tool generates documentation from the XML introspection
description of a D-Bus interface. Currently, only DocBook is supported at
the moment, but not every modern documentation generator can handle that
format. The reStructuredText format is a bit more well-supported,
especially in documentation generators for non-C languages.

Unlike DocBook, we get to make our own structure and conventions for how
we structure the documentation when using reStructuredText.
2022-01-22 01:30:16 +00:00
Emmanuele Bassi
5013d08315 codegen: Do not add extra paragraph elements while parsing
When parsing a comment we're adding <para> elements ourselves, but the
DocBook generator already wraps any block of text that does not start
with a <para> element with one.
2022-01-22 01:30:16 +00:00
Jordi Mas
c6a9113da6 Update Catalan translation 2022-01-21 22:36:41 +01:00
Philip Withnall
aad2cbd2db Merge branch 'nacho/off_t' into 'main'
giowin32: use gint64 and _lseeki64

See merge request GNOME/glib!2447
2022-01-21 13:00:25 +00:00
Daniel Mustieles
5439806d7e Updated Spanish translation 2022-01-21 11:34:44 +01:00
Philip Withnall
c2a56a0252 Merge branch 'nacho/creditals-local-peerpid-macos' into 'main'
credentials: support the local peerpid on macos

See merge request GNOME/glib!2362
2022-01-20 12:52:20 +00:00
Ignacio Casal Quinteiro
1a34988296 _g_stat_size: return goffset
Otherwise on windows we would be capped at 32bit off_t.
2022-01-20 12:22:18 +01:00
Ignacio Casal Quinteiro
08017c0d6c giowin32: use gint64 and _lseeki64
off_t on windows is 32bit which means that it will not be able
to handle big offsets
2022-01-20 12:22:18 +01:00
Ignacio Casal Quinteiro
1848905a99 credentials: support the local peerpid on macos
xucred does not provide the peer pid id, but this can be fetched
from the socket LOCAL_PEERPID option. Note that we only support
it when creating the credentials from a local socket, if
the credential comes from a message over a socket the peer
pid id will not be set and -1 will be returned when trying
to get the pid for the credential.
2022-01-20 10:52:01 +01:00
Simon McVittie
cc2b28b68c Merge branch 'dbus-external-sid' into 'main'
gdbus: make client work with EXTERNAL on Windows

See merge request GNOME/glib!2429
2022-01-19 18:38:20 +00:00
Philip Withnall
ce45b88b90 Merge branch 'unicode_caseconv_tests' into 'main'
Merge test/unicode-caseconv.c into glib/tests/unicode.c

See merge request GNOME/glib!2432
2022-01-19 15:54:19 +00:00
Emmanuel Fleury
b9f07a458a Merge test/unicode-caseconc.c into glib/tests/unicode.c
Related to issue #1434
2022-01-19 16:21:01 +01:00
Philip Withnall
90b40ee3d2 Merge branch '2580-spawn-close-range-errors' into 'main'
gspawn: Report errors with closing file descriptors between fork/exec

Closes #2580

See merge request GNOME/glib!2435
2022-01-19 12:43:57 +00:00
Philip Withnall
ce04a12404 gspawn: Report errors with closing file descriptors between fork/exec
If a seccomp policy is set up incorrectly so that it returns `EPERM` for
`close_range()` rather than `ENOSYS` due to it not being recognised, no
error would previously be reported from GLib, but some file descriptors
wouldn’t be closed, and that would cause a hung zombie process. The
zombie process would be waiting for one half of a socket to be closed.

Fix that by correctly propagating errors from `close_range()` back to the
parent process so they can be reported correctly.

Distributions which aren’t yet carrying the Docker fix to correctly
return `ENOSYS` from unrecognised syscalls may want to temporarily carry
an additional patch to fall back to `safe_fdwalk()` if `close_range()`
fails with `EPERM`. This change will not be accepted upstream as `EPERM`
is not the right error for `close_range()` to be returning.

Signed-off-by: Philip Withnall <pwithnall@endlessos.org>

Fixes: #2580
2022-01-19 12:01:08 +00:00
Philip Withnall
8ec5dca0fe Merge branch '2564-zerowidth-jungseong' into 'main'
guniprop: Set jungseong and jongseong points to zero-width for Old Korean

Closes #2564

See merge request GNOME/glib!2418
2022-01-19 11:20:35 +00:00
Philip Withnall
3be0fc867e Merge branch 'wip/hash-table-from' into 'main'
ghash: Add g_hash_table_new_similar

See merge request GNOME/glib!2405
2022-01-19 11:19:07 +00:00
Kukuh Syafaat
c4b055c7a4 Update Indonesian translation 2022-01-19 09:35:10 +00:00
Philip Withnall
d83c7b8699 Merge branch 'ascii-formatd-libc-dep' into 'main'
Improve g_ascii_formatd docs and preconditions

See merge request GNOME/glib!2440
2022-01-19 00:14:55 +00:00
Matthias Clasen
6749b343fe Improve g_ascii_formatd docs and preconditions 2022-01-19 00:14:55 +00:00